« Reading List: The Bush Betrayal | Main | Reading List: Double-Edged Secrets »

Friday, December 17, 2004

Valve and Venting

I've just posted the initial release of Valve, a Unix (Linux/etc.) program which copies binary data while adaptively inserting pauses between blocks to enforce a specified limit on the data transfer rate in bytes per second. This can be used to keep bulk data transfers (for example, mirroring a large filesystem on a remote backup site) from eating your disc or network bandwidth alive. You can think of valve as nice for I/O.

This is something I've been thinking of doing for some time, but the immediate motivation was as a means of working around the catastrophic "bulk data transfer hang" in the "3Con" 3CR16110-95 firewalls used at this site. Installing these devices was the worst technology purchasing decision I have made in the last decade, which I redoubled down by buying two of them (for about CHF 7000 a pop--USD 6000 now, although 'twas less when I bought 'em) to run in "high availability" mode--yeah, right.

It turns out that this ill-engineered pile of crap can repeatably be made to cease doing what I paid a fortune to have it do and instead, go into a snit, stand in the corner, and suck its thumb simply by asking it to copy a large amount of data at the network's maximum transfer rate. Even worse, catastrophically so, is that this failure does not cause the active firewall to cease sending heartbeats, which would cause the backup firewall to preempt it and take over. So, this CHF 14,000 investment in "high-availability", "lifetime guaranteed" firewall hardware becomes an emulator for a cut network cable between the local network (LAN) and the private network on which the servers live (DMZ). Now, perhaps, one of the firmware updates issued since I purchased these junk network appliances may have corrected this design deficiency, but I know not, because notwithstanding the "lifetime warranty" (which they no longer mention to present-day victims-to-be), they refuse to provide these firmware updates to victims past unless they pay for a "support contract" which they make almost impossible to purchase, as if I'd send these crooks and morons any more of my money. After reporting this problem, with complete documentation, compiled at the cost of dozens of firewall reboots with attendant downtime to my site, a 3Con employee based in the United Kingdom with minimal competency in the English language called me to claim that since the new firmware was an "upgrade" and not a "fix", it was not available to me. Since that conversation, I vowed never to buy another 3Con product, and I never have.

Posted at December 17, 2004 22:14