Monday, December 5, 2016
Friday, December 2, 2016
IT Security For Cloud Deployment - Why?
Cloud is great : it gives you compute, storage, and networking for your development (write the app), stage (test the app), and deployment (release the app to the public) needs. Cloud is everyone's friend. The cloud is flexible, too. You (development, test, deploy) can scale, provision, shift needed resources to make sure you can do your job - all from the comfort of a push of a few buttons.
But there is also a burden on this flexibility. Sky rocketing cost with uncontrolled access to this cloud resource. Worse yet, hackers might also join your party - and ruin it! What to do???
The answer is : Cloud IT Policy Compliance & Security
Yup. Sounds boring. I would rather write Swift code that interfaces with a popular social media site via a Restful API, sell ads, and drink martinis. But your finance department (hey, maybe even your IT boss) will breathe down your neck to make sure you reign in control - and security.
How do you do this? Easy. Add a near invisible layer to your "stack". A quiet little daemon that helps you manage all this. And it won't tax your existing resources because the heavy lifting is done in our cloud.
I know of a few vendors who are proven in this arena. Give me a gingle and we can talk!
But there is also a burden on this flexibility. Sky rocketing cost with uncontrolled access to this cloud resource. Worse yet, hackers might also join your party - and ruin it! What to do???
The answer is : Cloud IT Policy Compliance & Security
 |
| IT Security, Compliance, Policies : this thin layers ensures that the right people (Joe in dev) gets his resources will the look-loos (Sally in Finance) does not. Also it prevents Hacker from hijacking your resource, and worse yet, DATA! |
Yup. Sounds boring. I would rather write Swift code that interfaces with a popular social media site via a Restful API, sell ads, and drink martinis. But your finance department (hey, maybe even your IT boss) will breathe down your neck to make sure you reign in control - and security.
How do you do this? Easy. Add a near invisible layer to your "stack". A quiet little daemon that helps you manage all this. And it won't tax your existing resources because the heavy lifting is done in our cloud.
 |
Cloud IT Policy Compliance & Security allows you to secure and control your precious resources. It is done silently (won't tax your resources), smartly (analytics done separately in the cloud). So simultaneously can met your SECURITY & FINANCIAL goals!
|
I know of a few vendors who are proven in this arena. Give me a gingle and we can talk!
Wednesday, October 5, 2016
Shopping Recommendation System - Using Apriori Algorithm To Find Association
An application of Big Data in the marketing world is to 1) find out what customers usually buy together 2) use that as a recommendation to the customer. In order to build a recommendation system, data from previous purchases need to be collected and analyzed so that a recommendation system can be created.
Let's say you own a grocery store Al's Local Mart (ALM). You want to increase sales. You read that big data can bring big sales. You are willing to re-shuffle product placement in your grocery store to do that. But how should products be re-shuffled to increase sales.
One way to re-shuffle product is put items close to each other - items that are often purchased together. A common example is cereal and milk. Now you want to implement this for other products.
You start to collect data on grocery sales in your mart. You write down on a piece of paper what was bought : (M)ilk, (O)ranges, (N)ectarines, (K)ola, (E)thiopian Coffee, (Y)ellow Banana.
In addition to the raw data of what was bought together, you will also need to define what Minimum Support Threshold to use to create the recommendation system. The higher the number, the more obvious the association has to be for it to be recognized.
It the first table on the right, the number of times an item is purchased is listed. Those that don't occur often (in accordance with the threshold) are eliminated. I made this number high so that I can reduce the number of hand iterations. In the 2nd table on the right, combinations of items are tallied, and those below the threshold are eliminated. The last table factorizes all of the remaining associations. The most common association is : (O)ranges, (K)ola, and (E)thiopian Coffee are usually bought together.
As a grocer, you can now place (O)range, (K)ola, (E)thiopian Coffee close together. Or you can make a recommendation at the check out counter. Either way, your chance of increasing sales is good.
Let's say you own a grocery store Al's Local Mart (ALM). You want to increase sales. You read that big data can bring big sales. You are willing to re-shuffle product placement in your grocery store to do that. But how should products be re-shuffled to increase sales.
One way to re-shuffle product is put items close to each other - items that are often purchased together. A common example is cereal and milk. Now you want to implement this for other products.
You start to collect data on grocery sales in your mart. You write down on a piece of paper what was bought : (M)ilk, (O)ranges, (N)ectarines, (K)ola, (E)thiopian Coffee, (Y)ellow Banana.
 | ||
| Hand implementation of the Apriori Algorithm to find association of items in Market Basket Analysis. |
In addition to the raw data of what was bought together, you will also need to define what Minimum Support Threshold to use to create the recommendation system. The higher the number, the more obvious the association has to be for it to be recognized.
It the first table on the right, the number of times an item is purchased is listed. Those that don't occur often (in accordance with the threshold) are eliminated. I made this number high so that I can reduce the number of hand iterations. In the 2nd table on the right, combinations of items are tallied, and those below the threshold are eliminated. The last table factorizes all of the remaining associations. The most common association is : (O)ranges, (K)ola, and (E)thiopian Coffee are usually bought together.
As a grocer, you can now place (O)range, (K)ola, (E)thiopian Coffee close together. Or you can make a recommendation at the check out counter. Either way, your chance of increasing sales is good.
VMWare Overview - By Personas
Find VMWare original virtualization software products and suites a bit confusing? Here is one that looks at "not what it does", but rather "who can use it".
 |
| Starting with "who are you", this diagram shows you which VMWare suite is for you. |
Monday, September 19, 2016
Tradeshift : A Buyer To Seller ECommerce Document Sharing Platform
The cloud has enabled a platform for software modules and people network to connect and transaction.
A particular application of a cloud platform is for sellers of parts and buyers of parts (B2B) to transaction much more easily (e-commerce). Reducing transaction cost has always been a harbinger of greater trade (much like reducing tax or barriers).
While Alibaba (NYSE:BABA) receives much credit for revolutionizing the B2B e-commerce world, connecting China manufactures with buyers around the planet - other smaller companies are also playing in adjacent space. One such example is Tradeshift.
Tradeshift has a cloud platform that allows for e-commerce documents to be shared easily between sellers and buyers. You might think "e-commerce document sharing" is boring, but anything that streamlines mundane transactions deserves a drink of coffee.
In the scenario below, you have a seller of tires "Parts Producer", and you have buyer of tires "Factory". In step 1, the Factory orders 100 tires. Step 2, the Parts Producer recognizes that Factory is a known customer with good credit and ships 100 tires. Step 3, Parts Producer sends an Invoice to Factory to pay up for the 100 tires. Step 4, Factory checks to make sure that the tires did arrive and wires funds to Part Producer.
Now, wouldn't be nice if all of this was automated - so that no paper needs to be shuffled around, found, updated, be kept consistent between Parts Producer and Factory (if the order changes, for example).
With Tradeshift, all this is automated!
A particular application of a cloud platform is for sellers of parts and buyers of parts (B2B) to transaction much more easily (e-commerce). Reducing transaction cost has always been a harbinger of greater trade (much like reducing tax or barriers).
While Alibaba (NYSE:BABA) receives much credit for revolutionizing the B2B e-commerce world, connecting China manufactures with buyers around the planet - other smaller companies are also playing in adjacent space. One such example is Tradeshift.
Tradeshift has a cloud platform that allows for e-commerce documents to be shared easily between sellers and buyers. You might think "e-commerce document sharing" is boring, but anything that streamlines mundane transactions deserves a drink of coffee.
In the scenario below, you have a seller of tires "Parts Producer", and you have buyer of tires "Factory". In step 1, the Factory orders 100 tires. Step 2, the Parts Producer recognizes that Factory is a known customer with good credit and ships 100 tires. Step 3, Parts Producer sends an Invoice to Factory to pay up for the 100 tires. Step 4, Factory checks to make sure that the tires did arrive and wires funds to Part Producer.
Now, wouldn't be nice if all of this was automated - so that no paper needs to be shuffled around, found, updated, be kept consistent between Parts Producer and Factory (if the order changes, for example).
With Tradeshift, all this is automated!
 |
| Tradeshift has a platform (cloud software and database) and a network (buyers and sellers) so that a document tracking orders, shipment, invoice, and payment can be put in one place for all to see. Thanks cloud! |
Monday, September 12, 2016
IT Security - A Quick Introduction
You Information And Laptop Under Constant Attack
Your information (username, password, social security number) is needed for you to do business on the web (shopping, paying bills, check status of work). But it is also a piece of information highly valued by internet bad people. So they will do anything they can to steal it. From the comfort of their living rooms.
 |
| The internet bad people want to steal your 1. information 2. resource such as your laptop. |
Steal Your Information:
There are multiple ways for internet bad people to steal your information. I have broken it down to how you might fall pray - by the first point of contact.
1. Email spear phishing via social engineering
The internet bad people will look up your public information (Facebook, Google+, LinkedIn, ...), find out who your friends and family might be, then write you a convincing email to get you to respond or click.
2. Visiting website that are malicious
You might be led to enter a malicious website created by the internet bad people to look like a legitimate web site - so that you will enter your private information (username, password, SSN).
3. Malware
Malware is a bad program created by the internet bad people. It is some how downloaded on your laptop or mobile device (accidentally or through trickery). Once the bad program is installed, it can do many bad things. It can spy on your keystrokes to steal your username and password. It can turn on your laptop camera to peek at your. It can turn on the microphone to record you. It can even sabotage your laptop by draining your battery or overheat your laptop and potential start a fire.
4. Fake App
Perhaps a close cousin of the malware - a fake app is an app that you download that appears to be legitimate (a free game downloaded directly from a website instead of downloading from Apple iTunes Store or Google Play Store). During the fake app installation, it will ask you for permission into your personal information stored on your device. Once you give it permission, the fake app can siphon your personal information as you are using the fake app (games, etc).
Hijack Your Laptop:
1. Ransomware
Ransomware is a program that you accidentally or was tricked into downloading into your laptop or mobile device. Rather than stealing your information, the ransomware locks you out of your device. The only way to unlock your device is to pay the internet bad guys. Once payment is received, you will receive a passcode to unlock your device.
2. Virus, Bot
The internet bad people need resources (free laptops) to help them carry on their bad deed. One way they obtain resources is to somehow trick laptop owners to download a virus (email attachment that looks legitimate, download a file from a website). Once the virus is installed in a laptop, it will 1. find ways to plant itself in another laptop 2. wait for commands from the internet bad people. One of the common commands is to jam a website with infinite web requests from millions of virus infected laptop. The web server under attacked won't be able to handle the requests and the web server will be disabled. This is called Denial of Service (DoS) attack.
What To Do?
What can you do to reduce the likely of being impacted by these attacks? One method is to use a firewall to watch and block potential threats from the internet bad people.
Firewall comes in two flavors : in software and in hardware.
Software Firewall
Built into most operating systems is the ability to setup simple firewalls. Here is an example of the MacOS firewall:
 |
| MacOS firewall gives your program (Microsoft Excel) and service level (File Sharing) control. |
Hardware Firewall
Hardware firewalls are usually physically included in a router. There are different approaches to how firewalls are implemented in hardware.
1. Stateless packet filtering (flow based)
As packet flows through the router, the firewall inspects the packets individually, without regard to the bigger picture of what is happening. So this is a good start, but not very effective.
2. State packet filtering (flow based)
As packets flow through the router, the firewall determines the connection state before inspecting the packets. The connection state is based on TCP state.
3. Application (proxy based)
This approach takes all the packets, build up the final data view (document, picture, message, etc) and examines the data from the application point of view.
Identity As A Service (IdAAS) & Single Sign On (SSO) Introduction
Why Do You (A Normal User) Need IdAAS & SSO
You have 100 of logins (laptop, gmail, Munchery, Atlasssia/Jira/Confluece, Concur , Box, SFDC…). Which means : You need to remember 100 usernames. You need to remember 100 passwords.
This is a pain - to remember 100 usernames & passwords.
And can be a security breach - if you start to get lazy and only use one usernames & passwords for all 100 accounts, a breach into one account is a breach into 100 accounts. Worse yet - if you keep your usernames and passwords on the bottom of your laptop, anyone with access to your laptop can steal all of your identities!
 |
| Gave up on tracking multiple passwords? A stickynote comes in handy. :( |
Wouldn't It Be Nice :
If you can use one central neutral login - to login into all 100 web apps.
Now you can - using a service called Single Sign On (SSO). And the service is provided by Identity As A Service (IAAS) vendors (such as Okta or Centrify).
Now you can - using a service called Single Sign On (SSO). And the service is provided by Identity As A Service (IAAS) vendors (such as Okta or Centrify).
How IdAAS and SSO Works:
There are three principles in a IdAAS system : 1. User (you!) 2. Identity Provider (your company, let's call it Acme) 3. Service Provider (web apps such as Salesforce, Box, Jira,...)
It Not Only Helps You - IT Benefits, Too:
IT
can also keep its data, network, and end-points (laptops, mobile devices) secure. How? By keeping tabs on who accesses their network, apps and data with
1)
identity - you are who you claim to be via authentication
2) access
management tools - once we know who you are, what are you allowed to do.
These tools allow IT to verify a user’s identity through security and authentication capabilities, including LDAP AND multi factor authentication (MFA). IT can also define data access rules (engineering should not be able to see finance data) and application access rules (finance should not need to access Jira app).
Who Is In the IdAAS Market?
Who Is In the IdAAS Market?
Okta, Centrify, and Microsoft examples that provide IdAAS.
Friday, September 9, 2016
Explaining A Secure Web Browser Session Through the OSI Networking Layer
(This is from my MBA Networking class project paper focusing on use case approach of looking at IT networking. I bolded key terms that should make this easier to look up terms.)
Let’s examine how the OSI 7 network layers works with a very popular internet application - the web browser! Pretend that you want to browse cnn.com on Firefox browser. You are on a laptop that we can call a client. Starting from the top of the network layer, let's see how the layers work together to provide you with a web browser application.
Using an (7) APPLICATION such as Mozilla Firefox web browser to visit the Universal Resource Locator (URL) http://www.cnn.com, where a URL is a type of Universal Resource Identifier (URI). Firefox browser knows that you are using Hypertext Transport Protocol (HTTP) because your prefaced the request with http, not other URI such as FTP (ftp://ftp.synopsys.com) or FILE (file:///yourpc). Another application example is Spotify music streaming.
To ensure a secure web browsing connection, Hypertext Transport Protocol Secure (HTTPS) is used instead of HTTP. HTTP uses Transport Layer Security (TLS) or the older Secure Socket Layer (SSL) to encrypt data between your browser and the web server. The data is encrypted by using using session keys (keys that expire after browsing is done). The encryption uses X.509 Public Key Infrastructure (PKI). Transport Layer Security (TLS) allows the client (your browser) and the server (the web server ... let's say BankOfBits) to talk to each other securely. Using X.509 Public Key Infrastructure, the client connects to the server first, and the server provides a certificate. The client checks that the server certification is authentic by checking on its own trusted roots (sources that can look at the server certificate and give the ok that it is BankOfBits). Once the client knows that the server is safe, the client creates a SESSION KEY, encrypt it using the server’s public key, then sends the encrypted session key to the server. The server will use its private key to decode the encrypted session key. The client will start sending encrypted data using the session key, which the server will decrypt with the same session key.
The (5) SESSION and (6) PRESENTATION layers are not germane to discussion. Some of the functionality might be shifted into the APPLICATION layer (such as TLS/SSL).
The (4) TRANSPORT layer uses Transmission Control Protocol (TCP), which is a connection based protocol (as opposed to User Datagram Protocol (UDP), a connectionless protocol). TCP is responsible for taking the email data from the application and keep trying until the email is sent reliably (CRC, checksum) and in order (flow control), or not sent via the network layer. TCP keeps track of the packets sent, numbers them so that it can keep the packets in order on the receiving side, as for a packet resend if packets are dropped, checks that the packets are not corrupted (using checksum, hashing). UDP is more simple than TCP because it does not track sequence of the packets nor the corruptness of the packets. UDP is used for streaming of music or video - where dropping some packets is ok. A TCP segment consists of a TCP header and a TCP payload. A TCP header contains information such as source port, destination port, sequence number (to support connection based protocol). Many common services deploys fixed port numbers. For example, FTP uses port 20 or 21, Secure Shell (SSH) uses port 22, telnet uses port 23, Simple Mail Transfer Protocol (SMTP) uses port 25. New services such as Spotify (streaming music) uses port 4047, either TCP (connection) or UDP (connection-less). Port numbers will be relevant in the firewall section.
In the (3) NETWORK layer, the email server uses Internet Protocol (IP) to try to forward the email data by finding the best route to the next most available server/hop. Internet Protocol Security (IPSec) is used to encrypt data at the IP/network layer. Once the next network node (forwarding address) is known, the email data is broken down into little frames defined by the data link layer. The IP dictates how many individual devices can be addressed. IPv4 can address 32-bit of range, equating to about 4 billion addresses. That is not enough for the new age of IOT. So IPv6 was introduced, which has an address range of 128 bits. An IP Packet is comprised of a packet header and packet data. The packet header contains information such as source IP address, destination IP address, time-to-live, etc.
The (2) DATA LINK layer is serves two basic functionality : Logic Link Control (LLC) and Media Access Control (MAC). In the LLC, data is encapsulated into Ethernet Frames. Each Ethernet Frame contains a SFD, source MAC address, destination MAC address, payload, FCD, etc. The MAC is responsible for ensuring that the frames are sent, is correct (check sum), and controls access to the media (CSMA/CD). The little frames of data is finally passed to the real world via the physical layer.
The (1) PHYSICAL layer, which can be wired (Ethernet, USB, Optical, …) or wireless (Wifi, GSM, Blutooth, …). Most of us are probably reading this over a Wifi wireless network that is adopting IEEE 802.11g/n/ac protocol.
Let’s examine how the OSI 7 network layers works with a very popular internet application - the web browser! Pretend that you want to browse cnn.com on Firefox browser. You are on a laptop that we can call a client. Starting from the top of the network layer, let's see how the layers work together to provide you with a web browser application.
Using an (7) APPLICATION such as Mozilla Firefox web browser to visit the Universal Resource Locator (URL) http://www.cnn.com, where a URL is a type of Universal Resource Identifier (URI). Firefox browser knows that you are using Hypertext Transport Protocol (HTTP) because your prefaced the request with http, not other URI such as FTP (ftp://ftp.synopsys.com) or FILE (file:///yourpc). Another application example is Spotify music streaming.
To ensure a secure web browsing connection, Hypertext Transport Protocol Secure (HTTPS) is used instead of HTTP. HTTP uses Transport Layer Security (TLS) or the older Secure Socket Layer (SSL) to encrypt data between your browser and the web server. The data is encrypted by using using session keys (keys that expire after browsing is done). The encryption uses X.509 Public Key Infrastructure (PKI). Transport Layer Security (TLS) allows the client (your browser) and the server (the web server ... let's say BankOfBits) to talk to each other securely. Using X.509 Public Key Infrastructure, the client connects to the server first, and the server provides a certificate. The client checks that the server certification is authentic by checking on its own trusted roots (sources that can look at the server certificate and give the ok that it is BankOfBits). Once the client knows that the server is safe, the client creates a SESSION KEY, encrypt it using the server’s public key, then sends the encrypted session key to the server. The server will use its private key to decode the encrypted session key. The client will start sending encrypted data using the session key, which the server will decrypt with the same session key.
The (5) SESSION and (6) PRESENTATION layers are not germane to discussion. Some of the functionality might be shifted into the APPLICATION layer (such as TLS/SSL).
The (4) TRANSPORT layer uses Transmission Control Protocol (TCP), which is a connection based protocol (as opposed to User Datagram Protocol (UDP), a connectionless protocol). TCP is responsible for taking the email data from the application and keep trying until the email is sent reliably (CRC, checksum) and in order (flow control), or not sent via the network layer. TCP keeps track of the packets sent, numbers them so that it can keep the packets in order on the receiving side, as for a packet resend if packets are dropped, checks that the packets are not corrupted (using checksum, hashing). UDP is more simple than TCP because it does not track sequence of the packets nor the corruptness of the packets. UDP is used for streaming of music or video - where dropping some packets is ok. A TCP segment consists of a TCP header and a TCP payload. A TCP header contains information such as source port, destination port, sequence number (to support connection based protocol). Many common services deploys fixed port numbers. For example, FTP uses port 20 or 21, Secure Shell (SSH) uses port 22, telnet uses port 23, Simple Mail Transfer Protocol (SMTP) uses port 25. New services such as Spotify (streaming music) uses port 4047, either TCP (connection) or UDP (connection-less). Port numbers will be relevant in the firewall section.
In the (3) NETWORK layer, the email server uses Internet Protocol (IP) to try to forward the email data by finding the best route to the next most available server/hop. Internet Protocol Security (IPSec) is used to encrypt data at the IP/network layer. Once the next network node (forwarding address) is known, the email data is broken down into little frames defined by the data link layer. The IP dictates how many individual devices can be addressed. IPv4 can address 32-bit of range, equating to about 4 billion addresses. That is not enough for the new age of IOT. So IPv6 was introduced, which has an address range of 128 bits. An IP Packet is comprised of a packet header and packet data. The packet header contains information such as source IP address, destination IP address, time-to-live, etc.
The (2) DATA LINK layer is serves two basic functionality : Logic Link Control (LLC) and Media Access Control (MAC). In the LLC, data is encapsulated into Ethernet Frames. Each Ethernet Frame contains a SFD, source MAC address, destination MAC address, payload, FCD, etc. The MAC is responsible for ensuring that the frames are sent, is correct (check sum), and controls access to the media (CSMA/CD). The little frames of data is finally passed to the real world via the physical layer.
The (1) PHYSICAL layer, which can be wired (Ethernet, USB, Optical, …) or wireless (Wifi, GSM, Blutooth, …). Most of us are probably reading this over a Wifi wireless network that is adopting IEEE 802.11g/n/ac protocol.
Saturday, September 3, 2016
SSD - Upgrade from AHCI to NVMe to Extract Gains From Flash
On my Macbook Air, the built in SSD flash drive uses the AHCI protocol, not the more advanced NVMe protocol that was designed for SSD flash drive. Why did Apple do this? Traditional computer systems read and write data to hard disk drives (HDD) using ATA or Advanced Host Controller Interface (AHCI) protocol. AHCI was designed for the physical behavior of a HDD - need time to spool up the platter, to find the first valid data on the platter, need time go to another place on the platter if the data is not stored contiguously on the platter.
But with the advent of solid state drives (SSD), the original ways of talking to storage using AHCI is outmoded. That's why a new interface, designed for SSD, is needed. That is called Non Volatile Memory Express (NVMe). It eliminates the overhead of the older protocol - spooling up a platter, find first valid data on a platter - and focuses on the strengths of SSD through lower latency and higher throughput.
There is also the PHYSICAL connection to consider. The traditional IDE/SATA/SATA Express physical connector interface is now replaced by PCIe.
 |
| Even with storage upgrades (HDD to SSD), other upgrades are needed as well. First, upgrade the HW interface (SATA->PCIe). Next, upgrade the SW interfaces (AHCI -> NVMe). Early Apple MacBooks had SSD drives, had PCIe interfaces, but didn't support NVMe yet. |
In the world of high-speed storage, the conversation has shifted from hard disk drives (HDDs) versus solid-state drives (SSDs) to the protocols that govern them. When it comes to SSDs running on the PCIe interface, two acronyms dominate the discussion: NVMe and AHCI. While both serve as communication protocols between the storage device and the rest of your computer, they are far from equal. Think of it as the difference between a winding country road and a multi-lane superhighway – both get you to your destination, but one is significantly faster and more efficient.
This blog post will delve into the key differences between NVMe and AHCI, exploring why NVMe has become the undisputed champion for PCIe SSDs.
A Tale of Two Protocols: Understanding the Basics
At its core, the protocol determines how your SSD communicates with your computer's CPU. This "language" dictates the speed and efficiency of data transfer.
AHCI (Advanced Host Controller Interface) was developed in 2004, a time when HDDs with their spinning platters were the primary form of storage. It was a significant improvement over its predecessor, IDE, but its design is fundamentally rooted in the mechanics of traditional hard drives.
NVMe (Non-Volatile Memory Express), on the other hand, was designed from the ground up for flash-based storage like SSDs. Introduced in 2011, it was created to take full advantage of the low latency and high parallelism of modern solid-state technology.
The key takeaway here is the design philosophy: AHCI was built for spinning disks, while NVMe was tailor-made for the flash memory in your SSD.
The Performance Gap: Why NVMe Reigns Supreme
The architectural differences between NVMe and AHCI translate into a significant performance disparity, especially on the high-bandwidth PCIe interface. Here's a breakdown of the key areas where NVMe excels:
Command Queuing and Depth
This is arguably the most significant advantage of NVMe. Imagine a single-lane road versus a massive highway.
AHCI: Supports only one command queue with a depth of up to 32 commands. This means it can only handle a limited number of data requests at a time, creating a bottleneck.
NVMe: Blows AHCI out of the water with support for up to 65,536 command queues, each with a queue depth of up to 65,536 commands. This massive parallelism allows for a far greater number of simultaneous read and write operations, leading to dramatically higher IOPS (Input/Output Operations Per Second).
Latency
Latency is the delay before a transfer of data begins. Lower latency means a more responsive system.
AHCI: Has a latency of around 6 microseconds. This is due to a more complex communication path that involves more register reads.
NVMe: Boasts a much lower latency of approximately 2.8 microseconds. This is because it communicates more directly with the CPU, streamlining the data transfer process.
Direct Communication with the CPU
AHCI: Data has to pass through a SATA controller before reaching the CPU, adding an extra step and increasing latency.
NVMe: On a PCIe SSD, NVMe communicates directly with the CPU, eliminating the middleman and further reducing latency and improving efficiency.
Real-World Impact: What Does This Mean for You?
These technical advantages translate into tangible benefits for the end-user:
Blazing Fast Speeds: NVMe SSDs can achieve read and write speeds that are multiples of their AHCI counterparts. While a SATA SSD using AHCI tops out at around 550 MB/s, a high-end NVMe SSD can easily surpass 7,000 MB/s.
Quicker Boot Times: While both AHCI and NVMe SSDs offer a massive improvement over HDDs, NVMe can shave off a few more precious seconds from your system's startup time.
Faster Application and Game Loading: For gamers and professionals working with large files (video editors, 3D artists, etc.), the difference is night and day. Games and applications load significantly faster, and large files are transferred in a fraction of the time.
Improved Multitasking: The superior command queuing of NVMe makes for a much smoother experience when running multiple applications simultaneously.
Is AHCI Still Relevant for PCIe SSDs?
While NVMe is the clear winner, some older motherboards with M.2 slots might only support AHCI over PCIe. In such cases, you can still use a PCIe SSD, but you'll be leaving a significant amount of performance on the table. It's like putting a sports car engine in a family sedan – you won't be able to utilize its full potential.
The Verdict: NVMe is the Clear Choice
For anyone building a new PC or upgrading their storage, the choice is clear. If your motherboard supports it, an NVMe SSD is the way to go. The performance benefits over an AHCI-based drive are substantial and will result in a faster, more responsive, and more enjoyable computing experience. AHCI served its purpose well in the era of mechanical hard drives, but for the lightning-fast world of PCIe SSDs, NVMe is the undisputed king.Here you can see that a SW protocol can be mated with different HW protocol. For example, PCIe can support both AHCI and NVMe. On some of the Macbook Airs that I have used, the SSD is already connected to the SSD, but it is still using the older AHCI SW protocol. Apple has started to updated MacOS to support NVMe in the high end Macbooks. Hope to see this in Macbook Airs soon!
Why I Will Still Buy HDD - A Harsh Change From Microsoft OneDrive
How many of us signed up for free online cloud storage, but only to have the terms change on us years later. That's what happened with Microsoft OneDrive - we were promised 15GB of storage, but now that is being cut down to 5GB. Most of us understand the freemium pricing model, but to have the rules change on us is unfair.
I want my storage to under my control. As a result, I went to buy a WD 4T Network Attached Storage (NAS) to build my own private cloud storage. It supports DLNA - which means if I store movies, music, or pictures on it - I can view it on any TV or app that can receive DLNA streaming.
Conjoint Analysis - An analytic framework for deciding trade-offs between features
I did this a while back while scoping out trades offs between price versus hardware inside a tablet. Hardware features looked at are often focused on "CPU" and screen size.
Application Processor (AP) is the CPU brains inside of a tablet. Why called application processor? Because the AP often not contains a traditional CPU, but it often also includes a separate graphics processing unit (GPU) - needed to make streaming video more smooth and makes games more realistic. There are two major AP architectures : ARM and Intel. ARM has been licensed by most AP design companies : Apple, Qualcomm (which then is sold to Samsung, Apple, ...), Samsung, Mediatek (then sold to HTC, ...), etc. Intel's Atom has been used in less brand known tablets such as Acer. Indirectly tied to the AP is the size of the local memory (DDR).
Screen size is the other dominate hardware feature used to make a tablet purchase decision. Some consumers look at the absolute size (diagonal measure, pixel count) as opposed to pixel density (how share the display will be).
Here is an quick of a conjoint analysis.
 |
| S(N) denotes screen size. P(N) denotes # of processor cores and RAM. The conjoint (crossing of the S(N)xP(N)) denotes segments - and targets personas/use cases/budget. |
Friday, July 15, 2016
Monday, July 4, 2016
Evernote Basic - Freemium And Change In Business Model
Evernote is a fantastic way to capture notes - typed, drawn, picture, web URL.
The notes are stored in their cloud, and I currently access it on my Macbook Pro, iPhone, iPad, and an Android tablet.
Evernote Basic plan is a freemium plan (basic features free, upgrade will cost money).
This is all free. But for only another 27 days. I first saw this on my Macbook Pro:
An Evernote blog also talk about this (it is closed and refers readers to its forum):
Evernote forum announcing the price change and opportunities for users to vent:
What will be the ramifications of Evernote changing its Freemium business model - from supporting lots (?) of devices to now only supporting two devices?
"Thumbs Down" from dottotech.
Will users economize and find ways to work around this? For example, on the Macbook Pro, use the web version instead of the Evernote app?
Will users be turned off and switch to an alternative such as Microsoft One?
The notes are stored in their cloud, and I currently access it on my Macbook Pro, iPhone, iPad, and an Android tablet.
Evernote Basic plan is a freemium plan (basic features free, upgrade will cost money).
This is all free. But for only another 27 days. I first saw this on my Macbook Pro:
An Evernote blog also talk about this (it is closed and refers readers to its forum):
Evernote forum announcing the price change and opportunities for users to vent:
What will be the ramifications of Evernote changing its Freemium business model - from supporting lots (?) of devices to now only supporting two devices?
"Thumbs Down" from dottotech.
Will users economize and find ways to work around this? For example, on the Macbook Pro, use the web version instead of the Evernote app?
 |
| Macbook Pro App (don't use this because counts as a device) |
Will users be turned off and switch to an alternative such as Microsoft One?
Monday, May 23, 2016
REST beats SOAP
 |
| SOAP (old) and RESTful (new) do the same thing - enables clients to access web services. SOAP relies on XML, which can be clunky. RESTful, on the other hand, only needs an URL and JSON/CSV/RSS. |
Friday, May 6, 2016
2-Step (Multi-Factor) Authentication : A Simple Explanation
Quick Introduction To Multi-Factor Authentication
In security, knowing who you are (identify) and proving that you are who you are (authentication) is CRITICAL in blocking unwanted access to secret data. Here is an overall picture of Identity and Access Management (IAM).
 |
| Identity is authenticated via Knowledge, Ownership, or Inherent Factors. Notice that Multi-Factor Authentication uses two of these (Knowledge of a passkey and Ownership of a pre-designated mobile phone) |
For authentication (prove that you are who you are), there are three major methods :
- Knowledge Factor (something you know in your head, like a username, password, your first car)
- Ownership Factor (a security key fob, a mobile phone with an security app installed, etc) and
- Inherent Factor (something that's always on you and unique only to you, such as your voice, finger print, etc).
Multi-factor means MORE THAN ONE of these Factors are used to authenticate you.
A Common Use Case Of MFA
Two-Step Multi-Factor authentication typically uses 2 factors (see above) to authenticate you. The 2 factors are:
- Knowledge Factor (such as a secrete passcode) and
- Ownership Factor (a pre-designated mobile phone with a security app installed) to double ensure that you are you! Below is a another good explanation of MFA:
 |
| A screen shot from installing Google Authenticator app on an iPhone. |
The two-step processes means that having just the secrete passcode (knowledge factor) is not enough to log into your account. You need to also have the iPhone (ownership factor).
Sunday, April 10, 2016
Mish Mash of IT Storge and On-Demand -> Human On-Demand Deep Storage
IT Storage deals with the storage of your data (customer list, sales orders, customer orders, product photos from 20 years ago, etc). Storing data costs money. It can be "slow & cheap" or "fast & expensive". Often used data (customer list, recent customer transactions) should be fast, but old data (sales orders from five years ago, pictures you took 20 years ago) can be slower. Here is a chart:
Why are tape drives the cheapest? Because they are mechanical/physical, and the slowest! Tape drives are usually buried in a warehouse of a third party archival vendor (you don't store the data in your own building). Retrieving data from a tape archive will have long latency (time between asking for the data and receiving the data). But that's ok because you are not asking for critical data.
Wedding dress - do you really need to store it in expensive local storage?
Applying IT storage hierarchy to home storage.
Solution: https://www.beomni.com/
 | |||||
| Storage Hierarchy - SSD (solid state drive) is "fast & expensive", where as tape is "slow & cheap" |
Why are tape drives the cheapest? Because they are mechanical/physical, and the slowest! Tape drives are usually buried in a warehouse of a third party archival vendor (you don't store the data in your own building). Retrieving data from a tape archive will have long latency (time between asking for the data and receiving the data). But that's ok because you are not asking for critical data.
 | ||||
| A robot is deployed to find and retrieve the tape. A very long process. But cheap! |
Wedding dress - do you really need to store it in expensive local storage?
Applying IT storage hierarchy to home storage.
 |
| Why have store a wedding dress in your precious closet space (akin to SSD)? |
Solution: https://www.beomni.com/
Tuesday, March 1, 2016
Android Studio Has Light Weight Formal?
 |
| Infinite loop caught a compile (not run) time |
Static checking of code can find structural mistakes. But to catch dynamic mistakes, there needs to be a little formal analysis of the code to determine run time conditions that can lead to problems. In this example, an infinite loop ( while(1) ) was caught at compile time!
If the while(1) was changed to while(myTrue), the compiler misses it. So maybe no so formal after all!
Tuesday, February 9, 2016
Make Unappreciated HR Feel Empowered
 |
| HR is seen as operational... no more! With analytics, they can perform strategic tasks... predict who will quit, find out if money or promotion or new job motivates a employee, detecting low performance employee. |
Saturday, February 6, 2016
Linux Apache MySQL Python PHP (LAMPP) Stack
Websites are great for sharing information with others around you.
But a website needs to be "hosted" - that is, a machine needs to be able to run a program that makes the website work.
If you want to have a small scale web server running, the LAMPP Linux, Apache, MySQL, PHP, Python LAMPP stack (building blocks of software, starting from the Linux Operating System to the Apache Web Server) is a very popular solution.
 |
| Windows is the host OS. Ubuntu is the guest OS. VMWare Player virtualizes the guest OS on the host OS. The guest OS is running the LAMPP stack. Here I am logging into the M component of the LAMPP stack (MySQL). |
Subscribe to:
Comments
(
Atom
)