tag:blogger.com,1999:blog-83536966050634262512024-03-14T08:03:32.934+03:00Techy Title HereTechnology related stuffMBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.comBlogger161125tag:blogger.com,1999:blog-8353696605063426251.post-3732364080639478092022-12-31T19:56:00.000+03:002022-12-31T19:56:33.772+03:00Solution Engineering Training Opportunity<p> If you're following me on Twitter, you've probably seen <a href="https://twitter.com/mbhbox/status/1608495185922764807">my announcement</a> a few days ago, about me offering to train 1-2 people to become competent IT Infrastructure Solution Engineers (SEs). I wanted to announce this during <a href="https://barcampkw.wordpress.com/2022/11/15/barcamp-kuwait-ten-registration/" target="_blank">BarCamp Kuwait 10</a> two weeks ago, but didn't to prepare things in time.</p><p><br /></p><h2 style="text-align: left;">SE Basics: What, How and Why</h2><h3 style="text-align: left;">What is a 'Solution Engineer'?</h3><p>A solution engineer is someone typically working at System Integrators in the IT industry, or at IT companies (vendors) directly. IT vendors are the like of Microsoft, Red Hat, VMware, IBM, Oracle, and so on. System Integrators are companies that leverage solutions from multiple companies to bring over a complete solution to a problem their customer has.</p><p>A competent SE must be able to look at the big picture, a solution that fits this company's needs and not necessarily cater for a quick itch that it may have. The SE must have exposure to multiple technologies on various levels of infrastructure and applications, in order to have a valuable & trustworthy opinion of a proposed solution.</p><p>This does not cover technology alone, but also needs to cater for the customer's budget, purchasing cycle, existing investments, and future growth.</p><p>At the end, the SE has to also present the solution in an easy to understand matter to various people, some technical, some financial and some are high level executives. A competent SE needs to know how and when to create a presentation catering to each type/group of business people at the customer in order to secure their trust, their budget and the deal.</p><p><br /></p><h3 style="text-align: left;">How Does One Become a SE?</h3><p>The typical path is that a fresh graduate would work at a company's IT department as an administrator for a few years and gain knowledge of various systems, either by immediate assignment to each of these systems or out of curiosity.</p><p>After that, good IT people are picked up by System Integrators (SIs), to implement specific solutions that they already know well. Often, this involves pushing them to get certifications on the solutions being implemented from the vendors to showcase their qualification and this is also often a requirement for each SI when submitting formal documents for a tender/request for proposals (RFPs).</p><p>After a few years at SIs, exceptional SEs are picked up by vendors, and are either given the role of a generalist (core) solution engineering, or become specialized in a very specific product.<br />A generalist, like myself, is someone who's the first point of contact for their customers, and gathers information on their current issues, then decides whether s/he can devise the solution on their own or needs to involve specialists.<br />A specialist is someone who has deep knowledge of select products belonging to one business unit. For example, someone who knows how to implement VMware's Horizon virtual desktop solutions and architect solutions around it.</p><p>As you have guessed, this process takes many years, and apart from the technological aspect of learning, there's also a big learning curve on social skills and presentation skills.</p><p><br /></p><h3 style="text-align: left;">Why Become a SE?</h3><p>So why bother? Why not stay an administrator managing software, networks, storage, servers, or some systems and be happy with the routine work?</p><p>To each their own, and some of us have minds that are tuned to routine work and are happy with routine work. Others, like myself, would be bored to death with routine work and prefer to spend time solving problems and dealing with various industries and customers to help them get better: reduce their costs of operations, enhance their response to emergencies, help them launch new services faster, secure their infrastructure, applications and data on various levels, ...etc.</p><p>If you find yourself to be as the latter, then being an IT SE is the road to feed your hunger for problem solving.</p><p><br /></p><h2 style="text-align: left;">My Conditions and Limitations</h2><p>Before going further and to not waste your time, I'm instating certain limitations and conditions for this training opportunity.</p><p></p><ol style="text-align: left;"><li>This offer is limited to citizens and children of citizen women of the Gulf Cooperation Council (GCC) countries: Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and United Arab Emirates.</li><li>The priority of selection is:</li><ol><li>Kuwaitis and Kuwaiti women's children (if the children don't hold Kuwaiti citizenship)</li><li>Other GCC nationals and their children similarly to Kuwaitis.</li></ol><li>Age must be between 23 and 35 years old. Though older people may have more experience, the purpose of this training is to provide as much information as possible to save on the time spent to gain knowledge. At least 2 years of working experience (in any sector) is needed, even if not IT related.<br />Non-IT work can be useful to build one's soft skills (conversational, presentation, sales skills).</li><li>Male or female. Both will be treated equally and comparison will be done based on personality traits and ability to self-learn.</li><li>There will be a push for a lot of self-learning and you need to invest time in it. If you slack off, I'll give 2 warnings, and then discontinue the training if you keep slacking off.</li><li>I work long hours during the week, but I'll try to provide at least 2 hours per week for a year. We'll see how it goes for 3 months, then decide what times and days of the week work best for both you and I.</li><li>Our meetings will be a mix of emails exchanges/messaging, phone calls, Zoom meetings, and in-person meetings, depending on the time of day and the topics, as some topics would require meeting in person and practicing technical & non-technical aspects.</li><ol><li>If you're unable to do any of these due to certain conditions beyond your control, such as a strict family, I'm happy to meet them, introduce myself and how this training can help you grow.</li><li>All meeting options above have to be accessible, and if not, then unfortunately this won't work for you and you shouldn't apply.</li></ol><li>You must have good command on English, both written and spoken and be able to write long coherent paragraphs. Having similarly good command on Arabic is even better and would definitely weigh in during evaluations.</li></ol><div><br /></div><h3 style="text-align: left;">Why am I Doing This?</h3><p style="text-align: left;">The reason I've put such conditions is that I'm seeing a huge lack of skilled people in our region, and an even bigger demand for them. Governments and companies wanting to keep up with technological advancement MUST have such skilled people, either as solution designers, or as administrators and operators.</p><p style="text-align: left;">My initiative is to help more people get into the field of Solution Engineering, and feed this dry market, and the priority is to feed the markets with locals who'll stay in the country, rather than fellow expats who are likely to move out after a few years.</p><p style="text-align: left;">This is a personal initiative and will be based on giving up my free time. My past, present and future employers have no involvement in this initiative.</p><p style="text-align: left;"><br /></p><h2 style="text-align: left;">Who am I and Why do I Qualify to Give Such an Initiative?</h2><p style="text-align: left;">I like to segregate work from personal life and as such, I kept my online presence with low personal information, however, almost everyone in the IT industry in Kuwait knows me, in the Banking & Finance industry, Government, Oil & Gas, Logistics, Retail and others.</p><p style="text-align: left;"></p><ol style="text-align: left;"><li>I have 10+ years of experience as a SE and solution architecture for IT infrastructure solutions.</li><li>I have a unique experience combining knowledge of multiple systems & solutions:</li><ol><li>IBM Mainframes</li><li>IBM POWER Unix systems and Sun/Oracle Solaris Unix systems</li><li>AMD/Intel based systems (Dell, Lenovo, Cisco, Nutanix)</li><li>Performance comparison, capacity planning and platform selection between all the above systems</li><li>Linux & Windows operating systems</li><li>C++, Java, Python, & JavaScript programming languages</li><li>Hyper-V, and VMware virtualization hypervisors</li><li>Hyper-converged Storage Infrastructure (HCI) with VMware vSAN and Nutanix</li><li>Private Cloud/Hybrid Cloud solutions from VMware</li><li>Layer 2/Layer3 networking, and VPN</li><li>Securing operating systems, data, applications, whether on-premises or remote</li><li>Data recovery</li><li>Soft skills, such as public speaking, solution sales cycle management, presentation preparations for C-level executives as well as technical staff, requirements gathering from business people, and more.</li></ol><li>I've worked with</li><ol><li>4+ banks on full infrastructure overhaul/upgrade projects</li><li>2+ investment companies</li><li>2 logistics companies</li><li>2+ retail companies</li><li>Military, Defense and Police</li><li>Government ministries</li><li>Telco IT (not telco ops)</li></ol></ol><div><br /></div><h2 style="text-align: left;">How to Apply?</h2><div>First, read everything above, and if you feel hesitant even a little bit, it's OK and you should still apply. Some people shy away from such opportunities or big job positions as they think they're not up to the task; you should disregard these feelings and apply anyway. I'll work with you to assess whether we can go on or not.</div><div><br /></div><div>You can find the <a href="https://docs.google.com/forms/d/e/1FAIpQLSe7EmRu-gAtCbUj02GxxOWGxSt9NmUX2EHAeNep7dY3psrlWA/viewform?usp=sf_link&hl=en" target="_blank">application form here</a>. Its results are saved privately on my account and no one else will get access to your information.</div><div><br /></div><h3 style="text-align: left;">What is the commitment needed and duration of this training?</h3><div>As mentioned in the Conditions section, I'll try to provide 2 hours every week for a year's time. We'll assess our availability and what works for both of us in terms of timing and adjust every month or 3 months.</div><p></p><p></p>MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com0tag:blogger.com,1999:blog-8353696605063426251.post-50413141527677071092022-07-09T21:45:00.000+03:002022-07-10T02:16:58.654+03:00Kuwait Data Bank<h2 style="text-align: left;">Introduction</h2><p> I've been pitching the idea of Kuwait National Datacenter to government officials and parliament members since 2017, in a holistic manner, covering migration of applications, learning center, audit requirements, security, ...etc. -- unfortunately, those efforts fell on deaf ears.</p><p>Fast forward to 2021, and I got the chance to work with a fantastic group of volunteers for Kuwait Foundation for the Advancement of Science (KFAS) to create something more specific: Kuwait Data Bank -- an entity that would hold data from all of Kuwait's government entities and government-owned companies, to do Data Analytics and Data Science.</p><p>The group of volunteers comprised of multiple disciplines; experts in law, business management, organizational structure, information technology and security. A friend of mine & I were covering the information technology (IT) and security aspects.</p><p>KFAS gave us 1.5 months, that we extended to 2.5 months max to get the initial draft out, and we were done in Oct or Nov 2021. We're now in discussion with KFAS to see how to proceed & hopefully we get to see this project go live at some point!</p><p><br /></p><h2 style="text-align: left;">Project Scope and Goals</h2><p>We've checked regional and international open data projects, and almost all had very limited sets of samples of data, over inconsistent timespans, and sometimes one time shot kind of data only. Our project's aims are ambitious and exceed anything we've checked.</p><p></p><ol style="text-align: left;"><li>Initially, we'll focus on 1-5 critical reports to the Council of Ministers for decision making support.</li><li>Gradually, as we sanitize data, and find a source with the most truthful data (or combined sources), then we aim to make data pulling and reporting mainstream and real-time.</li><li>Data and reports will be available/accessible in this order:</li><ol><li>Council of Ministers</li><li>Expand access slowly to government entities in need of help in accurate decision making</li><li>Universities in Kuwait</li><li>Public access inside of Kuwait</li><li>International access to data and/or reports or reporting services</li></ol><li>Leverage latest technologies of graphics card acceleration and Massive Parallel Processing (MPP) databases in software (non-appliance) to keep things agile and portable.</li></ol><div><br /></div><h2 style="text-align: left;">Data Access & Analysis Methodology</h2><div><ol style="text-align: left;"><li>Start slow with as few sources of data as possible to deliver the critical reports</li><li>Deploy data masking & replication connectors to the various databases at the sources</li><li>Anonymize data at the source, then replicate to our organization's repository/repositories</li><li>Sanitize data and compare accuracy with help from people at each data source, initally</li><li>Run Machine Learning models on highly parallelized data access databases</li><li>Produce reports or dashboards with results of multiple ML models and compare results</li><li>Initially, those reports will be private and delivered only to the Council of Ministers or KFAS, but gradually, the platform will expand to allow real-time access to reports, and then later, our anonymized data sources</li><li>Data access & reporting may be monetized to help the platform grow and become self-sustaining, in addition to providing services for companies to run analytics on their data, or using our data sets.</li><li>Legal aspects of data access, anonymization & privacy, and cooperation from government entities have been addressed in our report/proposal, but I'll not get into that here.</li></ol><div><br /></div></div><h2 style="text-align: left;">Privacy & Anonymity</h2><div><ol style="text-align: left;"><li>A primary design aspect is to respect privacy and anonymize data at the source, before it's sent to our repositories/databases</li><li>Example: if we're to take everyone's full address, we'd remove the house number, but keep the area, and area's block number</li><li>If our systems get compromised, there will be no personally identifiable information (PII) that would cause personal risks</li><li>We believe that leaving the data masking (anonymization) in the hands of each government entity giving us access is probably the best approach, so that we will never be able to make changes to what data we receive, without manual intervention from the data sources (government entities)</li></ol><div><br /></div></div><div>There's a lot more to the project, but I'll stop here and then maybe revise things once we see how the project will move later.</div><div><br /></div><div>It's an ambitious project, which is why we need to grow gradually and cater for specific needs that help the country's decision makers in making critical decisions and answering crucial questions, before making a decision.</div><p></p>MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com0tag:blogger.com,1999:blog-8353696605063426251.post-74698689647846821192021-08-06T05:38:00.002+03:002021-08-06T05:38:46.304+03:00Conceptual Work-Life Balance<h2 style="text-align: left;"> Introduction</h2><p>I've always worked in the (IT) private sector since graduating from college, as opposed to the majority who prefer to go for government jobs, as they work less hours and have a guaranteed position/job. Working in the private sector is rewarding, but exhausting. 9 AM - 6 PM, or longer, depending on the projects at hand and time of year. There's little time for personal recreation after work, and the weekend is mostly spent on sleep to recoup from the exhausting work-week or running personal errands. No time for personal hobbies or skill growth in non-work related subjects.</p><p>Why stay in private sector then? The pay is higher. Much higher. If one does manage to grow their skillset to be of unique coverage, many doors open and with that, high compensation comes along. There's still little time for personal hobbies, unfortunately.</p><p>This post is just a thought that came to mind on creating balance, from someone like myself who gets burnt-out from work every now & then and it's difficult to try many things of what I want to do in life, other than work, such as learning diving, visiting museums (they close in weekends here), and other things on my growing list of things I don't have time for.</p><p><br /></p><h2 style="text-align: left;">Conceptual Corporate Work Options</h2><p>I had the thought that assuming I run my own business & have employees, I'd give the following options:</p><p></p><ol style="text-align: left;"><li>Employee gets full salary.<br />Works 9 AM to 5 PM (8 hours a day, 40 hours a week).</li><li>Employee gets 20% of salary deducted & it's put into a corporate-managed investment fund. The company takes 25% of profits as management fees.<br />Works 9 AM to 5 PM (8 hours a day, 40 hours a week).</li><li>Employee gets 20% of salary deducted & it's put into a corporate-managed investment fund. The company takes 40% of profits as management fees.<br />Works 9 AM to 2 PM (5 hours a day, 25 hours a week).</li></ol><div>I thought of these options, because as an employee currently, I wish there was such an option, especially option 3. Benefits:</div><div><ol style="text-align: left;"><li>Each employee gets the choice of time vs money, and having an investment option available for those not savvy enough to do it on their own (banks here are terrible in such options).</li><li>Not rely on country-owned pension funds that cap the retirement salary & usually not enough to fight inflation by the time of retirement.</li><li>Option 3 would provide the employees the luxury of extra time per day, reducing burn out episodes, increasing productivity, and forces the corporate & the investment fund to choose the right investments to maximize profits to hire more people to compensate for the needed time to finish tasks/projects.</li></ol></div><div><br /></div><h2 style="text-align: left;">Employee and Corporate Restrictions</h2><p style="text-align: left;"></p><ol style="text-align: left;"><li>All employees, including management, are limited to withdraw a maximum of 20% of investment per year, to guarantee stability of investment fund.</li><li>Employees will take 100% of their investment when leaving the company (fired or quitting).</li><li>The investment fund must be operated by certified investors, or an investment company, and all withdrawals, partial or full employee exit ones, must be approved and audited by the government to prevent theft or manipulation.</li><li>Corporate cannot withdraw or touch the fund without full disclosure to all employees.</li><li>Corporate management does not receive incentives nor bonuses from the fund. It's purely voluntary for employees to join the fund (out of the work options above).</li><li>The corporate's profit cut is fed back into the fund and is owned by the shareholders of the corporate (if a publicly listed company) or the founders (if privately owned). The same 20% cap applies on withdrawing any profits from the fund.</li><li>Work options 2 & 3 encourage employees to stay longer in the company, as their investment profits would grow larger with time.<br />Kuwait suffers from people who frequently hop between jobs, because Human Resources (HR) here have a practice of increasing an applicant's salary by 5-10% based on their previous job's salary, not part of a package dedicated to the available job function! This results in having employees jumping from one company to another every 1-2 years to keep getting a raise, as the companies don't increase employee salaries often (sometimes not at all for 10 years!).</li></ol><p></p><div><br /></div><div>These are probably just late night/early morning ramblings of someone who longs for short work hours, a good pay, and big list of things to try in this life...</div><p></p>MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com0tag:blogger.com,1999:blog-8353696605063426251.post-78509937469985238392020-12-15T15:01:00.001+03:002020-12-15T15:01:02.002+03:00Setting Up My Home Cinema<h2 style="text-align: left;">Introduction</h2><p>I have a 4x6 meter room in the basement that I intended to make a cozy cinema room, and started to look into parts in 2017.</p><p>The initial intention was to use <a href="https://www.optoma.com/us/product/cinemax-p2/#">Optoma's 4k laser ultra-short throw (UST) projector</a>, (<a href="https://www.youtube.com/watch?v=MqX6febigwY">good short review here</a>) however, looking at best viewing distances and the room size, the projector idea wasn't that suitable in my opinion, in addition to overall costs involved, since the projector will need an Ambient Light Rejection (ALR) screen to make sure the picture is crisp and clear.</p><p><br /></p><h2 style="text-align: left;">Table of Contents</h2><p></p><ul style="text-align: left;"><li>Room Dimensions and Final Layout</li><li>Items</li><ul><li>TV</li><li>Surround System</li><li>Recliner Seats</li><li>Speaker Stands</li><li>Cable Management</li><li>TV Table</li><li>Carpet</li><li>Multimedia Player for Transcoding</li><li>Keyboard</li><li>HDMI Cables</li><li>Paint</li><li>Power Transformer</li><li>Sleeved Blankets</li><li>Wireless Access Point</li></ul><li>Costs</li><li>Pictures</li></ul><p></p><p><br /></p><h2 style="text-align: left;">Room Dimensions and Final Layout</h2><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-FDpqIAASOzE/X9eVh3_EonI/AAAAAAAAC_Y/gSSAgtym3VYemutjnS3q0DWzyAhBvbsPgCLcBGAsYHQ/s851/cinema-room-sidesetup-00.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="851" data-original-width="699" height="320" src="https://1.bp.blogspot.com/-FDpqIAASOzE/X9eVh3_EonI/AAAAAAAAC_Y/gSSAgtym3VYemutjnS3q0DWzyAhBvbsPgCLcBGAsYHQ/s320/cinema-room-sidesetup-00.PNG" /></a></div><div><br /></div>I used the free service from <a href="http://floorplanner.com">floorplanner.com</a> to create the above layout, and experiment with multiple possible layouts.<br /><p>Initially, I wanted to have 6 recliner seats, 3 in each row and have the 2nd row raised on a wooden platform, but when considering the surround systems' recommended distance for the speakers, I changed the layout to the one above and shifted the TV to be on the side rather than at the bottom.</p><p>It's important to understand the available distances in your room to choose the correct TV/projector resolution, and understand the surround system's best placement for the speakers, whether you're going with a soundbar or a dedicated sound receiver and speakers.</p><p>Originally, I thought I might have bean bags around as extra chairs, but the space is actually tight and won't be suitable to have a bean bag in front of the TV (kept behind when not in use).</p><p><br /></p><h2 style="text-align: left;">Items</h2><h3 style="text-align: left;">TV</h3><p>In late 2019, I bought a <a href="https://www.lg.com/us/tvs/lg-OLED65B9PUA-oled-4k-tv">LG B9 65" 4K OLED TV</a>. I spent a few months looking at reviews and forums before purchasing it and reasons behind my purchase are:</p><p></p><ul style="text-align: left;"><li>LG is a top leader in OLED panel manufacturing. OLED screens are FREAKING AMAZING when having the right content played. The colors are beyond fantastic. The best benchmark is Planet Earth 4K content.</li><li>LG keeps its TVs up to date along with the store, unlike Samsung</li><li>LG's B9/C9 models scored highest scores (as well as their latest CX) on <a href="http://rtings.com">rtings.com</a></li><li>RTings website offers excellent & unbiased comparisons</li><li>I used RTings' <a href="https://www.rtings.com/tv/reviews/by-size/size-to-distance-relationship">distance calculator</a> to see which resolution works for my layout. Scroll down to mid of the page to see their "Optimal viewing distance by size of TV and resolution" -- also pasted below for ease of reading.</li><li>I intentionally bought the US version rather than a local one, to make sure I have access to US apps and firmware updates. A friend who had a UAE version didn't have the latest firmware on it until he used a magic remote to enter engineering mode and change the region of the TV.</li><li>This model cannot handle TrueHD 7.1 surround sound decoding or some video codecs, so I got a Shield Pro. More details below.</li><li>The TV's ethernet port is limited to 100 Mbps, so if you plan to stream 4K content (from Internet or from a media player in your house), get an access point that supports 802.11ac or newer.</li></ul><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-O1Fih87IknU/X9eU27c0tiI/AAAAAAAAC_Q/QoW4RwOXX7Mv79kcUfter0Fw4gqcP_eqQCLcBGAsYHQ/s547/optimal-viewing-distance-television-graph-size.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Optimal viewing distance by size of TV and resolution - rtings.com" border="0" data-original-height="461" data-original-width="547" height="270" src="https://1.bp.blogspot.com/-O1Fih87IknU/X9eU27c0tiI/AAAAAAAAC_Q/QoW4RwOXX7Mv79kcUfter0Fw4gqcP_eqQCLcBGAsYHQ/w320-h270/optimal-viewing-distance-television-graph-size.png" title="Optimal viewing distance by size of TV and resolution - rtings.com" width="320" /></a></div><br /><div style="text-align: center;">copyright to <a href="https://www.rtings.com/tv/reviews/by-size/size-to-distance-relationship">rtings.com</a></div><div><br /></div><div>I should note that the LG TV was shipped from Amazon USA, and its electricity is 120 volts. There are many forum posts that state it can handle 240v, but there's nothing from the official documents nor LG's website mentioning that, so I used a transformer to convert our 240v electricity to 120v.</div><div><br /></div><div>It's difficult to find sellers on Amazon USA who ship to Kuwait directly, and you should NEVER use shipping forwarding services, because your warranty will be dropped from the seller. The other alternative is buying from <a href="https://www.bhphotovideo.com/">BHphotovideo</a>. Multiple people I know have bought the newer models from them and shipped successfully to Kuwait.</div><div><br /></div><div>In the following months, I got busy and didn't finish the room in one shot, so I took my time to put the pieces together.</div><div><br /></div><h3 style="text-align: left;">Surround System</h3><p></p><p>Again, thanks to <a href="http://rtings.com">rtings.com</a>, I ended up choosing the <a href="https://www.rtings.com/soundbar/tools/compare/samsung-hw-q90r-vs-nakamichi-shockwafe-ultra-9-2ch/866/1645">9.2.4 Nakamichi surround system soundbar and speakers over the Samsung HW-Q90R</a>. The Nakamichi made more sense for these reasons:</p><p></p><ul style="text-align: left;"><li>I got the <a href="https://www.nakamichi-usa.com/shockwafe-ultra-92-dolby-atmos">9.2.4 Spatial Surround Elevation</a> (SSE) edition.</li><li>I intend to use it for movies and TV shows, rather than music, and it offered better surround system experience.</li><li>Nakamichi has an <a href="https://www.nakamichi-usa.com/shockwafe-soundbars-global-shipping-program">international shipping option</a>, while Samsung was almost impossible to find anywhere online that can ship to Kuwait.</li><li>Nakamichi's powersupplies accept 120-240 volt electricity, so I wouldn't need to worry about using a transformer.</li><li>I opted for a soundbar rather than a full receiver system and speakers to keep the cost down and the setup simple.</li><li>The Nakamichi setup is brilliant: a soundbar that connects via ARC/eARC, and 2 subwoofers that connect to the soundbar wirelessly. The 4 surround/ATMOS speakers connect to the subwoofers through RCA cables. Every 2 ATMOS speakers connect to one subwoofer.</li><li>I contacted their "Ninja Support" team to ask questions about the system, options, best layouts, and so on, and they were extremely helpful!</li></ul><div><br /></div><p></p><h3 style="text-align: left;">Recliner Seats</h3><p>I got 3 recliner seats from <a href="https://midasfurniture.com/en/rosia-recliner-7955.html">Midas Kuwait</a>. Each has 2 cup holders. The reclining mechanism is manual through a handle on the side. This keeps things simple and no need for extra electricity and wiring for each chair.</p><p><br /></p><h3 style="text-align: left;">Speaker Stands</h3><p>I got my speaker stands from BHphotovideo: <a href="https://www.bhphotovideo.com/c/product/1134491-REG/auray_tms_135_studio_monitor_stand.html">Auray TMS-135</a>. Each item has 2 stands in it. I chose these because I wanted a flat surface to put the ATMOS speakers on. It has foam pads stuck on the surface to help with sound/shock dampening so the speakers won't move or vibrate.</p><p><br /></p><h3 style="text-align: left;">Cable Race Tracks</h3><p>The cables from the speakers were sprawling everywhere, along with the power cables, so I found these race tracks from <a href="https://www.amazon.com/gp/product/B07FFN2HN6/">Stageek</a> on Amazon. I like them for these reasons:</p><p></p><ul style="text-align: left;"><li>Black color. No need to paint the raceway and blends in well in the dark.</li><li>Has cable entry points from up and down sides, so no need to cut the pieces to let cables in and out.</li><li>The tracks are easy to pull in and out and the back has double-sided glue. I've had them for 2 weeks now and they're doing good.</li><li>One downside to it is that the accessories included are not enough for corners or proper alignment, and you cannot buy them separately, but I bought multiple packs, so that helped.</li><li>Each pack contains 9 raceway tracks, each is 38 cm long.</li></ul><p></p><p><br /></p><h3 style="text-align: left;">TV Table</h3><p>I bought mine locally from <a href="https://www.best.com.kw/webapp/wcs/stores/servlet/SearchDisplay?categoryId=&storeId=10001&catalogId=10101&langId=-1&sType=SimpleSearch&resultCatEntryType=2&showResultsPage=true&searchSource=Q&pageView=&beginIndex=0&pageSize=12&searchTerm=tv+stand">Best Yousifi</a>. It had to be a table with a VESA mount at the back that can handle a 65" TV and allow me to flexibly move the TV up or down from the VESA mount brackets.</p><p><br /></p><h3 style="text-align: left;">Carpet</h3><p>I had a thick carpet installed with long and soft fibers, as shoes are not allowed into the room, and the carpet helped reduce the echo in the room tremendously. I had normal Persian house carpets that I borrowed from my mom when I first got the TV, but I suffered from lots of echo.</p><p>I don't know the specific carpet brand, but it's Swedish, and I got it from Bukhamseen carpet shop in Dhajeej area.</p><p><br /></p><h3 style="text-align: left;">Transcoding Content</h3><p>I bought the <a href="https://www.amazon.com/gp/product/B07YP9FBMM/">NVIDIA Shield TV Pro</a> for these reasons:</p><p></p><ul style="text-align: left;"><li>Supports 4K HDR decoding</li><li>Supports Dolby TrueHD 7.1 surround sound decoding</li><li>I installed Plex Media Server on it, and connected and configured it to my Synology NAS, so I download content on the Synology, and then watch the content on the TV via Plex.</li><li>The seller didn't ship directly to Kuwait, so I shipped using my forwarding box in USA. I didn't check at the time with BHphotovideo.</li></ul><p></p><p><br /></p><h3 style="text-align: left;">Keyboard</h3><p>Typing passwords, IPs, and anything else with the Shield Pro's magic remote is a huge pain, so I bought a <a href="https://www.amazon.com/gp/product/B07C6LXYHL/">Logitech bluetooth</a> keyboard. It allows connecting to multiple devices, but a downside is that it's not illuminated.</p><p><br /></p><h3 style="text-align: left;">HDMI Cables</h3><p>Latest specs for proper high throughput 4K content require high spec cables. Those can be quite expensive, so I got mine from Amazon. I got 2 different brands and both have served me quite well for the past year. One downside to the longer one is that the cable is too stiff, so it's not easy to tidy the place.</p><p></p><ul style="text-align: left;"><li><a href="https://www.amazon.com/gp/product/B07KNRXGW4/">SecurOMAX 8K 48 Gbps 6 ft cable</a></li><li><a href="https://www.amazon.com/gp/product/B07S196T4Z/">Zeskit 8K 48 Gbps 2 meter/6 ft cable</a> (this is the stiff one)</li></ul><p></p><p><br /></p><h3 style="text-align: left;">Paint</h3><p>I had a painter we've been known for a long time do the matte dark paint for walls and ceiling. I didn't see the brand as I left it for him to make the choice. I only chose the color.</p><p><br /></p><h3 style="text-align: left;">Power Transformer</h3><p>Converting 240v to 120v for the TV was through a 750 Watts transformer. Even though the TV doesn't consume more than 300 Watts, I went for 750 Watts to give it enough room and avoid over heating. I bought my transformer from <a href="https://www.google.com/maps/place/RTC/@29.3692242,47.9892492,17z/data=!3m1!4b1!4m5!3m4!1s0x3fcf84bbee028595:0x19e62bec9523871d!8m2!3d29.3692195!4d47.9870659">RTC shop in Mirqab</a> (they have <a href="https://www.google.com/maps/place/%D8%A7%D8%B1+%D8%AA%D9%8A+%D8%B3%D9%8A+%D9%84%D9%84%D8%A7%D9%84%D9%83%D8%AA%D8%B1%D9%88%D9%86%D9%8A%D8%A7%D8%AA%E2%80%AD/@29.3362242,48.0188591,17z/data=!3m1!4b1!4m5!3m4!1s0x3fcf9c8dcc14de8b:0x9e480386bf870099!8m2!3d29.3362195!4d48.0166758">another branch in Hawally</a>), but I later found the same transformer being sold in <a href="https://www.google.com/maps/place/%D9%84%D9%88%D8%A7%D8%B2%D9%85+%D8%A7%D9%84%D8%B9%D8%A7%D8%A6%D9%84%D8%A9+-+%D9%85%D8%B4%D8%B1%D9%81%E2%80%AD/@29.2785359,48.0716194,18.5z/data=!4m8!1m2!2m1!1smishrif+co-ip!3m4!1s0x3fcf9e2df71cde35:0x9c072b32423dd394!8m2!3d29.2773451!4d48.0706291">Mishrif co-op family utilities branch</a>.</p><p><br /></p><h3 style="text-align: left;">Sleeved Blankets</h3><p>A hotel we went to last year in winter had these <a href="https://www.amazon.com/gp/product/B078DXX9YC/">Pavilia fleece blankets</a> available for outside seatings and I loved how soft, light and warm they were, especially that they had pockets and sleeves! I was happy to find them on Amazon.</p><p><br /></p><h3 style="text-align: left;">Wireless Access Point</h3><p>As part of my home setup, I already use Ubiquiti access points (APs) along with the central controller and switches, so I was adding just another component into an existing stack here. I bought the <a href="https://www.amazon.com/gp/product/B01NAAWOGO/">Mesh AP</a> for some other purpose, so it got repurposed for this room. Do <b>NOT</b> buy a single Ubiquiti AP, if you don't have a full home setup. (you should move everything to Ubiquiti, though. Easier overall management of your home network).</p><p>The AP supports 1167 Mbps throughput on 5 GHz frequency, and the TV supports 802.11ac, which is compatible with these high speeds. Useful to stream 4K Ultra HD content.</p><p><br /></p><h2 style="text-align: left;">Costs</h2><p></p><ol style="text-align: left;"><li><b>TV: LG 65" B9 OLED</b></li><ol><li>Item: $2,296.99</li><li>Shipping: $693.82</li><li>Import fees (customs fees in Kuwait): $161.06</li><li>Total: $3,151.87</li></ol><li><b>Surround System: Nakamichi 9.2 SSE</b></li><ol><li>Item: $1,399.99</li><li>Shipping: $298.48</li><li>Import fees: $147.72</li><li>Total: $1,846.19</li></ol><li><b>Recliner Seats: Rosia Recliner</b></li><ol><li>Item: 85 KWD (inclusive of delivery and installation in Kuwait)</li><li>Total: 3x 85 = 255 KWD ($835)</li></ol><li><b>Speaker Stands: Auray TMS-135</b></li><ol><li>Item: 2x $49.99 (2 pieces) = $99.98</li><li>Shipping: $159.21</li><li>Import fees: unknown (paid cash upon arrival)</li><li>Total: $259.19</li></ol><li><b>Cable Raceway Tracks: Stageek Cable Management Kit</b></li><ol><li>Item: 5x $24.99 = $124.95</li><li>Shipping: $95.94 (package included other items, but mostly were lite)</li><li>Import fees: $49.82 (should be lower for someone ordering only these, as this includes tax for other items purchased in the same order)</li><li>Total: $270.71</li></ol><li><b>TV Table: Bismut brand</b></li><ol><li>Item: 69.99 KWD (inclusive of delivery and assembly in Kuwait) ($230)</li></ol><li><b>Carpet: Swedish brand</b></li><ol><li>Item: I think it was 24 KWD per meter square</li><li>Installation: 40 KWD</li><li>Total: 640 KWD ($2,100)</li></ol><li><b>Transcoding: NVIDIA Shield TV Pro 4K HDR Streaming Device</b></li><ol><li>Item: $199.99</li><li>Shipping and import fees: unknown. bundled with other stuff through forwarding box.</li></ol><li><b>Bluetooth Keyboard: Logitech K600 TV Keyboard</b></li><ol><li>Item: $59.96</li><li>Shipping: $67.29 (included other stuff that were heavy)</li><li>Import fees: $71.31</li><li>Total: $403.92, but Amazon refunded $25.31 = $378.61. (Refunds usually happen after customs clearance fees are finalized a few months later)</li></ol><li><b>TV Cable: 8K 48 Gbps HDMI 2.1</b></li><ol><li>Item1: SecurOmax = $14.95</li><li>Item2: Zeskit = $25.99</li><li>Shipping: $40.62 (included other heavy items in the same package)</li><li>Import fees: $16.97 (inclusive of the heavy and expensive items in same package)</li><li>Total: $98.53</li></ol><li><b>Paint</b></li><ol><li>Item: 250 KWD inclusive of paint material and labor. ($820)</li></ol><li><b>Transformer: No brand name</b></li><ol><li>Item: 9 KWD ($30)</li></ol><li><b>Sleeved Blankets: Pavilia Fleece Blanket with Sleeves</b></li><ol><li>Item: 6x $21.99 = $131.94</li><li>Shipping: $166.26</li><li>Import fees: $34.26</li><li>Total: $332.6, but Amazon refunded $10.88 = $321.58</li></ol><li><b>Wireless AP: Ubiquiti Unifi AC Mesh</b></li><ol><li>Item: $99</li><li>Shipping: part of the same package as the HDMI cables</li><li>Import fees: part of the same package as the HDMI cables</li></ol></ol><p></p><p><br /></p><p><b>Total: $10,639.68 (3,250.00 KWD)</b></p><p><br /></p><h2 style="text-align: left;">Pictures</h2><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-jMpOELv9hzs/X9fceAjxSjI/AAAAAAAAC_k/5AAk2jzKmW47eKteYV3-_VGXYCYOfiD7wCLcBGAsYHQ/IMG_20200328_162813.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="Initial setup. Nothing but painted walls and a TV." data-original-height="1536" data-original-width="2048" height="240" src="https://lh3.googleusercontent.com/-jMpOELv9hzs/X9fceAjxSjI/AAAAAAAAC_k/5AAk2jzKmW47eKteYV3-_VGXYCYOfiD7wCLcBGAsYHQ/w320-h240/IMG_20200328_162813.jpg" title="Initial setup. Nothing but painted walls and a TV." width="320" /></a></div><div class="separator" style="clear: both; text-align: center;">Initial setup: nothing but painted walls and a TV!</div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-Ub3zefAbqjM/X9fc0EvHoYI/AAAAAAAAC_s/1GFfToR3FKUQra4HSH1JFz7TE4YgXh4dQCLcBGAsYHQ/IMG_20200328_163005.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="Blanket with pockets and sleeves" data-original-height="2048" data-original-width="1536" height="320" src="https://lh3.googleusercontent.com/-Ub3zefAbqjM/X9fc0EvHoYI/AAAAAAAAC_s/1GFfToR3FKUQra4HSH1JFz7TE4YgXh4dQCLcBGAsYHQ/w240-h320/IMG_20200328_163005.jpg" title="Blanket with pockets and sleeves" width="240" /></a></div><div class="separator" style="clear: both; text-align: center;">Blanket with pockets and sleeves</div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-ji9GgQPN6OU/X9fdCN3j02I/AAAAAAAAC_w/tse6GoLiRAsdrjS5ufBoiSPPx-QeIum7wCLcBGAsYHQ/IMG_20200407_210143.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="Streaming corruption because TV couldn't handle Dolby TrueHD" data-original-height="1533" data-original-width="2048" height="240" src="https://lh3.googleusercontent.com/-ji9GgQPN6OU/X9fdCN3j02I/AAAAAAAAC_w/tse6GoLiRAsdrjS5ufBoiSPPx-QeIum7wCLcBGAsYHQ/w320-h240/IMG_20200407_210143.jpg" title="Streaming corruption because TV couldn't handle Dolby TrueHD" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;">Streaming corruption because TV couldn't handle Dolby TrueHD<br />Fixed by using the NVIDIA Shield TV Pro for streaming<br /></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-_JqjFGD9fFw/X9fdjdKVudI/AAAAAAAAC_8/YNa833qHLz8q6RsJ5iY2eSh4SaoKPyfjwCLcBGAsYHQ/IMG_20200408_122152.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="Unboxing the Nakamichi 9.2 SSE" data-original-height="1536" data-original-width="2048" height="240" src="https://lh3.googleusercontent.com/-_JqjFGD9fFw/X9fdjdKVudI/AAAAAAAAC_8/YNa833qHLz8q6RsJ5iY2eSh4SaoKPyfjwCLcBGAsYHQ/w320-h240/IMG_20200408_122152.jpg" title="Unboxing the Nakamichi 9.2 SSE" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;">Unboxing the Nakamichi 9.2 SSE</div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-Y4hrmxe7rSg/X9feAHb39fI/AAAAAAAADAI/OJXn24cw0f8EPwhDrcSy2HKFDdwSZWTcQCLcBGAsYHQ/IMG_20201023_225345.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="The layout before cable management and TV table" data-original-height="1536" data-original-width="2048" height="240" src="https://lh3.googleusercontent.com/-Y4hrmxe7rSg/X9feAHb39fI/AAAAAAAADAI/OJXn24cw0f8EPwhDrcSy2HKFDdwSZWTcQCLcBGAsYHQ/w320-h240/IMG_20201023_225345.jpg" title="The layout before cable management and TV table" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;">The layout before cable management and TV table</div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-4usPzm5DheE/X9fea_UtZRI/AAAAAAAADAU/x4O7WdijKtMjFZhextbK4-Bliucy_tfRQCLcBGAsYHQ/IMG_20201023_231539.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="How the TV looks when sitting on the recliners" data-original-height="1536" data-original-width="2048" height="240" src="https://lh3.googleusercontent.com/-4usPzm5DheE/X9fea_UtZRI/AAAAAAAADAU/x4O7WdijKtMjFZhextbK4-Bliucy_tfRQCLcBGAsYHQ/w320-h240/IMG_20201023_231539.jpg" title="How the TV looks when sitting on the recliners" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-Ac9QVARYnEQ/X9fea2WYzbI/AAAAAAAADAQ/cNrhvUrm6qs4omvAWCny0bec48xWzfiswCLcBGAsYHQ/IMG_20201023_231458.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="How the TV looks when sitting on the recliners" data-original-height="1536" data-original-width="2048" height="240" src="https://lh3.googleusercontent.com/-Ac9QVARYnEQ/X9fea2WYzbI/AAAAAAAADAQ/cNrhvUrm6qs4omvAWCny0bec48xWzfiswCLcBGAsYHQ/w320-h240/IMG_20201023_231458.jpg" title="How the TV looks when sitting on the recliners" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;">How the TV looks when sitting on the recliners.<br />The 65" is perfect for the selected distance.</div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-E9IolM2Ed6k/X9fexeAhX2I/AAAAAAAADAk/vdMCSYEYEKonvD0kWHdtGh6XVyCIhoM9gCLcBGAsYHQ/IMG_20201023_233406.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="The Matrix 4K 7.1 streamed through the Shield Pro" data-original-height="1536" data-original-width="2048" height="240" src="https://lh3.googleusercontent.com/-E9IolM2Ed6k/X9fexeAhX2I/AAAAAAAADAk/vdMCSYEYEKonvD0kWHdtGh6XVyCIhoM9gCLcBGAsYHQ/w320-h240/IMG_20201023_233406.jpg" title="The Matrix 4K 7.1 streamed through the Shield Pro" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;">The Matrix 4K 7.1 streamed through the Shield Pro</div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-NlJCsP2xjYw/X9fexbOcIgI/AAAAAAAADAo/5a7ZvP9xQdQ8tohNOfdFP0mKA3I4QCCagCLcBGAsYHQ/IMG_20201023_232911.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="Black Hawk Down 4K 7.1 streamed through the Shield Pro" data-original-height="1536" data-original-width="2048" height="240" src="https://lh3.googleusercontent.com/-NlJCsP2xjYw/X9fexbOcIgI/AAAAAAAADAo/5a7ZvP9xQdQ8tohNOfdFP0mKA3I4QCCagCLcBGAsYHQ/w320-h240/IMG_20201023_232911.jpg" title="Black Hawk Down 4K 7.1 streamed through the Shield Pro" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;">Black Hawk Down 4K 7.1 streamed through the Shield Pro</div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-uByoJaFe2gw/X9fexN71KGI/AAAAAAAADAg/aHSKLHVG8hYHUTTox3f47KsvFpSKghCkQCLcBGAsYHQ/IMG_20201105_211118.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="Playing music on Pandora app to abuse the surround system with Dark Electrica tracks" data-original-height="1536" data-original-width="2048" height="240" src="https://lh3.googleusercontent.com/-uByoJaFe2gw/X9fexN71KGI/AAAAAAAADAg/aHSKLHVG8hYHUTTox3f47KsvFpSKghCkQCLcBGAsYHQ/w320-h240/IMG_20201105_211118.jpg" title="Playing music on Pandora app to abuse the surround system with Dark Electrica tracks" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;">Playing music on Pandora app to abuse the surround system with Dark Electrica tracks<br />(Julian Winding's tracks are amazing)</div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-CqJWRF2c5wE/X9ffTMQn-5I/AAAAAAAADA4/kvzNfxIakgYddKwd7xh2KczxjM34HcP5QCLcBGAsYHQ/IMG_20201127_235629.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="Unboxing the cable raceway tracks" data-original-height="2048" data-original-width="1536" height="240" src="https://lh3.googleusercontent.com/-CqJWRF2c5wE/X9ffTMQn-5I/AAAAAAAADA4/kvzNfxIakgYddKwd7xh2KczxjM34HcP5QCLcBGAsYHQ/IMG_20201127_235629.jpg" title="Unboxing the cable raceway tracks" width="180" /></a></div><div class="separator" style="clear: both; text-align: center;">Unboxing the cable raceway tracks</div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-96tfYc1_sM4/X9ffv5sP_xI/AAAAAAAADBI/km3C7_Bh2GgIWt9O5zf8GJyKox-5VhQjQCLcBGAsYHQ/IMG_20201205_215759.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="Final layout after cable management and TV stand" data-original-height="1536" data-original-width="2048" height="240" src="https://lh3.googleusercontent.com/-96tfYc1_sM4/X9ffv5sP_xI/AAAAAAAADBI/km3C7_Bh2GgIWt9O5zf8GJyKox-5VhQjQCLcBGAsYHQ/w320-h240/IMG_20201205_215759.jpg" title="Final layout after cable management and TV stand" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;">Final layout after cable management and TV stand</div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-abXsvpwttR0/X9ffvxh7P0I/AAAAAAAADBE/INHxZ8JT4PA88-SaMFHdrVz5ksuZIQYtQCLcBGAsYHQ/IMG_20201205_215718.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="Final layout after cable management and TV stand" data-original-height="1536" data-original-width="2048" height="240" src="https://lh3.googleusercontent.com/-abXsvpwttR0/X9ffvxh7P0I/AAAAAAAADBE/INHxZ8JT4PA88-SaMFHdrVz5ksuZIQYtQCLcBGAsYHQ/w320-h240/IMG_20201205_215718.jpg" title="Final layout after cable management and TV stand" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;">Final layout after cable management and TV stand</div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-nDVyyZctKck/X9ffvl1b9-I/AAAAAAAADBA/fF0rrzqpts4lCYm91vRs_XcJDPiCWfLKwCLcBGAsYHQ/IMG_20201205_215642.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="Final layout after cable management and TV stand" data-original-height="1536" data-original-width="2048" height="240" src="https://lh3.googleusercontent.com/-nDVyyZctKck/X9ffvl1b9-I/AAAAAAAADBA/fF0rrzqpts4lCYm91vRs_XcJDPiCWfLKwCLcBGAsYHQ/w320-h240/IMG_20201205_215642.jpg" title="Final layout after cable management and TV stand" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;">Final layout after cable management and TV stand</div><br /><br /><p></p><p>The subwoofers are down-firing, so the bass comes from all directions, and no need to worry about placing their direction. I did experiment with their locations to see the different effects of bass around. I opted for one front and another in the rear to feel the vibrations from both directions, and to make cable management easier, too.</p>MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com0tag:blogger.com,1999:blog-8353696605063426251.post-89867721994121660332020-07-04T05:37:00.000+03:002020-07-04T05:37:14.766+03:00OnePlus 8 Pro and Software Restrictions<h1 style="text-align: left;">Introduction</h1>OnePlus released its new phone: OnePlus 8 Pro, and the 4 cameras on the phone are quite superb. One of the cameras is capable of doing Photochromic picture filters.<div><br /></div><div>A rumor spread out that this filter allows to see inside plastic devices, and maybe under clothes. You can <a href="https://www.youtube.com/watch?v=cOsylGr2_h4">see a video here</a> showing the feature. It seems like the Chinese government took an extreme approach to this rumor, though it's false, and asked OnePlus to block the feature on the phones.</div><div><br /></div><h1 style="text-align: left;">TL;DR Summary</h1><div>The Chinese model variant IN2020 has some features locked based on the hardware model. Do not buy the IN2020. Changing the software won't help.</div><div><br /></div><h1 style="text-align: left;">Details</h1><div>Even if you buy the variant that has the international firmware/operating system (OS), the feature is checked against the hardware model, so it will not work.</div><div><br /></div><div>If you do not care about the Photochromic picture filter, then this will not be an issue for you. There's no telling if other feature would be blocked in the future, if asked by the Chinese government, on the Chinese variant IN2020.</div><div><br /></div><div>Other OnePlus 8 Pro variants: IN2021 (India), IN2023 (Europe), IN2025 (Global). These variants are not affected by the feature lock on the camera.</div><div><br /></div><div>Also, the IN2020 Chinese variant comes in 2 flavors: either with OxygenOS (global OS) or HydrogenOS (China OS only).</div><div><br /></div><div>You can grab any OS build and flash it on the phone. <a href="https://forum.xda-developers.com/oneplus-8-pro/how-to/oneplus-8-pro-repo-oxygen-os-builds-t4084315">Check this guide [Repo of Oxygen OS Builds]</a>. Remember, flashing a different OS will NOT remove the feature restrictions on the China variant. It's locked by checking the hardware model, which cannot be modified. You might need <a href="https://forum.xda-developers.com/oneplus-8-pro/how-to/op8pro-unbrick-tool-to-restore-device-t4084953">this guide [Unbrick tool to restore your device to OxygenOS]</a> to unbrick your phone, if you did something wrong.</div><div><br /></div><h1 style="text-align: left;">Where to Buy</h1><div>I have sold back the Chinese variant that I bought, and instead ordered the <a href="https://www.amazon.de/OnePlus-Smartphone-Speicher-Wireless-Charging/dp/B086KC734X/ref=sr_1_3?crid=3CB0Y4CRWAZQQ&dchild=1&keywords=oneplus+8+pro&qid=1593829994&sprefix=OnePlus+8%2Caps%2C267&sr=8-3">EU variant (IN2023) from Amazon Germany</a> as they offer global shipping and delivered directly to my house.</div>MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com0tag:blogger.com,1999:blog-8353696605063426251.post-55746477219058306292020-01-27T21:48:00.002+03:002020-01-27T21:48:39.387+03:00Blockchain Council: Not Worth It<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="text-align: left;">
Introduction</h2>
Some time last year, I was seeing a lot of people talking about blockchain certification and others claiming to be certified experts. Being someone who's seen the start of it all since 2008, almost all these certifications smelled like scam.<br />
<br />
I looked around and saw Blockchain Council being touted. I paid them to see what they're actually offering.<br />
<br />
<h2 style="text-align: left;">
TL;DR Summary</h2>
The site is run by a single person who's showing off as an entrepreneur, but has no real product to show. The study material is very basic, filled with typos and mistakes, and the final exam has almost no relationship to the material and many of the questions weren't even part of the material; a trick to have you take the exam multiple times (and pay more).<br />
<br />
Additionally, the site owner shoves his own product into the material to promote it, but doesn't include other competing products. That's quite unprofessional.<br />
<br />
Even though the certificate says "Certified Blockchain Expert", the end result is that you're not an expert in any form. You'd only learn basics, that are available for free on the internet already.<br />
<br />
<h2 style="text-align: left;">
Registration and Education Sites</h2>
The main site used to register is <a href="https://www.blockchain-council.org/">www.blockchain-council.org</a> but after registration, you're redirected to another one <a href="https://www.toshacademy.com/">www.toshacademy.com</a> -- What is Tosh? Or better yet, Who is Tosh?<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-_DfoO-BAmbU/Xi8s-EAbtLI/AAAAAAAACx4/GhWTf2qY8xE7PUMmE4FEp544TutZzNPiACLcBGAsYHQ/s1600/05.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1017" data-original-width="1063" height="306" src="https://1.bp.blogspot.com/-_DfoO-BAmbU/Xi8s-EAbtLI/AAAAAAAACx4/GhWTf2qY8xE7PUMmE4FEp544TutZzNPiACLcBGAsYHQ/s320/05.PNG" width="320" /></a></div>
<br />
<h2 style="text-align: left;">
Self-Promotion and Ownership</h2>
Looking around for what and who owns the site, I found this: <a href="https://www.toshendra.com/">www.toshendra.com</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-UQj1RmjkxbA/Xi8tLqd-YNI/AAAAAAAACx8/o88z5o0u3-454CLOZiQOFpPy-CBl0VULQCLcBGAsYHQ/s1600/07.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1156" data-original-width="1547" height="239" src="https://1.bp.blogspot.com/-UQj1RmjkxbA/Xi8tLqd-YNI/AAAAAAAACx8/o88z5o0u3-454CLOZiQOFpPy-CBl0VULQCLcBGAsYHQ/s320/07.PNG" width="320" /></a></div>
<br />
Looking around for who Toshendra Sharma is, I found this article on Forbes India promoting him, even though there was no product to show for at the time, so what was the promotion and hyping the person for?!<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-K51ZYAPF-ZY/Xi8t4cAAPrI/AAAAAAAACyE/016KZVrAsyQFQOfcEcLvVamWkU33fZRzwCLcBGAsYHQ/s1600/08.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1049" data-original-width="878" height="320" src="https://1.bp.blogspot.com/-K51ZYAPF-ZY/Xi8t4cAAPrI/AAAAAAAACyE/016KZVrAsyQFQOfcEcLvVamWkU33fZRzwCLcBGAsYHQ/s320/08.PNG" width="267" /></a></div>
Link: <a href="http://www.forbesindia.com/article/30-under-30/30-under-30-toshendra-sharma-a-messiah-for-cyber-security/42329/1">http://www.forbesindia.com/article/30-under-30/30-under-30-toshendra-sharma-a-messiah-for-cyber-security/42329/1</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-dKlbTry8KXc/Xi8uciV_iOI/AAAAAAAACyQ/ntgNgcjKIMwC_qtfiPD4Kq_597SnknDygCLcBGAsYHQ/s1600/09.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="601" data-original-width="704" height="273" src="https://1.bp.blogspot.com/-dKlbTry8KXc/Xi8uciV_iOI/AAAAAAAACyQ/ntgNgcjKIMwC_qtfiPD4Kq_597SnknDygCLcBGAsYHQ/s320/09.PNG" width="320" /></a></div>
Link: <a href="https://www.forbes.com/profile/toshendra-kumar-sharma/">https://www.forbes.com/profile/toshendra-kumar-sharma/</a><br />
<br />
So what are his companies to deserve a mention on Forbes? The companies are defunct and dead. 2 sites are dead and no product was actually delivered and finished.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-cdwIr-037DQ/Xi8vYtju4hI/AAAAAAAACyY/20pPiy1IauIXBYSQkQdpoGNgW8RjLxllACLcBGAsYHQ/s1600/10.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="944" data-original-width="892" height="320" src="https://1.bp.blogspot.com/-cdwIr-037DQ/Xi8vYtju4hI/AAAAAAAACyY/20pPiy1IauIXBYSQkQdpoGNgW8RjLxllACLcBGAsYHQ/s320/10.PNG" width="302" /></a></div>
Link: <a href="https://www.crunchbase.com/organization/wegilant#section-overview">https://www.crunchbase.com/organization/wegilant#section-overview</a><br />
<br />
<h2 style="text-align: left;">
Typos</h2>
The typos are scattered across many slides, that it looks obvious the whole thing was cooked on a haste and not taken seriously nor professionally.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-C1ShYPy_B0E/Xi8nety3PUI/AAAAAAAACxE/QiB101-6w8EIqaOSQuakVA1JHosXbBR7gCLcBGAsYHQ/s1600/00.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="784" data-original-width="1463" height="171" src="https://1.bp.blogspot.com/-C1ShYPy_B0E/Xi8nety3PUI/AAAAAAAACxE/QiB101-6w8EIqaOSQuakVA1JHosXbBR7gCLcBGAsYHQ/s320/00.PNG" width="320" /></a></div>
"Sierra Leone was among the first country" should've been "Sierra Leon was among the first countries"<br />
<br />
"to conduct the same" -- the phrase "the same" is often used by people from from India. Not that there's anything wrong with Indians, but shows that the content was made by one individual, and he's likely to be Indian.<br />
<br />
Notice the bullet points. The first one ends with a full-stop, but the others are left without one. No consistency.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-DI9Yal2tx1U/Xi8p3X4Y4QI/AAAAAAAACxQ/dLym2NNoQOIfYKgVb8zA7GnHhpQ95vK9gCLcBGAsYHQ/s1600/01.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="818" data-original-width="1463" height="178" src="https://1.bp.blogspot.com/-DI9Yal2tx1U/Xi8p3X4Y4QI/AAAAAAAACxQ/dLym2NNoQOIfYKgVb8zA7GnHhpQ95vK9gCLcBGAsYHQ/s320/01.PNG" width="320" /></a></div>
"minor node" should've been "miner node."<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-eXvLEoAgFC0/Xi8qH6VQvrI/AAAAAAAACxY/HsK1IV3AeDwtzelU7Kmzgw-VQA85ksmMACLcBGAsYHQ/s1600/02.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="766" data-original-width="1463" height="167" src="https://1.bp.blogspot.com/-eXvLEoAgFC0/Xi8qH6VQvrI/AAAAAAAACxY/HsK1IV3AeDwtzelU7Kmzgw-VQA85ksmMACLcBGAsYHQ/s320/02.PNG" width="320" /></a></div>
"%tage" should've been written as "percentage" -- the fact it was written that way shows the level of unprofessional work.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/--dn3FgWIr9o/Xi8qdTEnmVI/AAAAAAAACxg/lWoccKtdrj01aFTI9AQ_tmCCWiGw2hMkwCLcBGAsYHQ/s1600/03.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="765" data-original-width="1463" height="167" src="https://1.bp.blogspot.com/--dn3FgWIr9o/Xi8qdTEnmVI/AAAAAAAACxg/lWoccKtdrj01aFTI9AQ_tmCCWiGw2hMkwCLcBGAsYHQ/s320/03.PNG" width="320" /></a></div>
"RecordsKeeper" is the product the creator of the site is trying to promote throughout the material.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-r5MbJeC9ZJ8/Xi8rPffAKlI/AAAAAAAACxs/uTPRfAN2FgARajATLllNcKpZpdKjciaTwCLcBGAsYHQ/s1600/04.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="769" data-original-width="1463" height="168" src="https://1.bp.blogspot.com/-r5MbJeC9ZJ8/Xi8rPffAKlI/AAAAAAAACxs/uTPRfAN2FgARajATLllNcKpZpdKjciaTwCLcBGAsYHQ/s320/04.PNG" width="320" /></a></div>
In the blockchain architecture, one layer is shown as "insensitive layer" where it should be "incentive layer" -- I wasn't whether to laugh or cry when I was going over the material.<br />
<br />
<h2 style="text-align: left;">
Worthless Certificate</h2>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-14tfb2Uufcc/Xi8v5UinczI/AAAAAAAACyk/b6DkJVLJyEgIQR2PbHYGwz2wWvvx4jDygCLcBGAsYHQ/s1600/06.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1243" data-original-width="1463" height="271" src="https://1.bp.blogspot.com/-14tfb2Uufcc/Xi8v5UinczI/AAAAAAAACyk/b6DkJVLJyEgIQR2PbHYGwz2wWvvx4jDygCLcBGAsYHQ/s320/06.PNG" width="320" /></a></div>
<br />
I totally do not recommend wasting money on this nor fueling this terrible "business." -- I wouldn't label it as scam, but it's certainly not an "expert" body to judge people, and definitely not teach them.</div>
MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com0tag:blogger.com,1999:blog-8353696605063426251.post-17842687834467141182019-08-30T14:13:00.000+03:002019-08-30T14:13:51.527+03:00Event: BarCamp Kuwait 7<div dir="ltr" style="text-align: left;" trbidi="on">
Looks like we're able to bring you another barcamp event this year, and we're very excited as we already have speakers lining up!<br />
<br />
Barcamp is an "unconference" where people gather and share projects/talks at no prior specific times. First come, first serve, time slots and each talk is limited to 10 minutes followed by 5 minutes of Questions and Answers.<br />
<br />
Join us in this open community event: <a href="https://barcampkw.wordpress.com/2019/08/30/barcamp-kuwait-seven-registration/">https://barcampkw.wordpress.com/2019/08/30/barcamp-kuwait-seven-registration/</a><br />
<br />
This event is hosted by and at <a href="https://www.joincoded.com/">Coded</a>'s place. They're an awesome company providing programming bootcamps, and host many talks with startup founders over the years.</div>
MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com0Ghazali Rd, Argan Business Park, Building 7, First Floor, Free Trade Zone 70050, Kuwait29.3581075 47.906993899999975-21.208016000000004 -34.710193600000025 79.924231 130.52418139999997tag:blogger.com,1999:blog-8353696605063426251.post-73113499410642371632019-08-01T21:42:00.000+03:002019-08-03T01:35:03.316+03:00KOC Cyber Security Summit<div dir="ltr" style="text-align: left;" trbidi="on">
Kuwait Oil Company (KOC) has <a href="https://www.instagram.com/p/B0nnQYzh7IK/">announced</a> a 2-day event around online security with awesome speakers who are well known in the industry:<br />
<br />
<ul style="text-align: left;">
<li>Mohammad Al-Doub (a.k.a <a href="https://twitter.com/voulnet">Voulnet</a>)</li>
<li>Chris Roberts of <a href="https://attivonetworks.com/">Attivo</a></li>
<li>Robert M. Lee of <a href="https://dragos.com/">Dragos</a></li>
<li>Maher Yamout of <a href="https://www.kasperskyc.om/">Kaspersky</a></li>
</ul>
<div>
<br /></div>
<div>
The event will be on August 24th and 25th (Saturday and Sunday), and consists of 2 talks per day followed by a Capture The Flag (CTF) competition. <a href="https://www.kockw.com/KCSS/SiteAssets/index.html">Event details here</a>.</div>
<div>
<br /></div>
<div>
The talks and the CTF competition are free and open to the public, and I highly encourage every student, fresh graduate, and employee to attend. The talks will not be too technical, and should appeal to the general public.</div>
<div>
<br /></div>
<div>
The CTF is open to everyone, both locals and expats, as long as they're already in Kuwait. Winners of the CTF will qualify to compete in the regional competition in Egypt later, and winners will qualify for the international CTF competition in Japan.<br />
<br />
If you're trying to register and your school or educational organization isn't listed, pick anything, then email support "at" cybertalents.com and tell them which school your chose, and the name of your actual school for them to add it to the list.<br />
<br /></div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-uUKDl5jValg/XUMvz5B1rQI/AAAAAAAACvA/HznfuaAIM_MyIJge6vjiljCxuDV8VFIcgCLcBGAs/s1600/koc_sec_summit_2019.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="" border="0" data-original-height="576" data-original-width="1024" height="225" src="https://1.bp.blogspot.com/-uUKDl5jValg/XUMvz5B1rQI/AAAAAAAACvA/HznfuaAIM_MyIJge6vjiljCxuDV8VFIcgCLcBGAs/s400/koc_sec_summit_2019.jpg" title="KOC Cyber Security Summit 2019 banner" width="400" /></a></div>
<div>
<br /></div>
<div>
Location: <a href="https://goo.gl/maps/c9b645Qi6sS8n9Lp8">KOC Tent</a>, Ahmadi. Don't let the name fool you. The tent is massive and is well ventilated.<br />
<br />
<br />
<b>Updates:</b><br />
<br />
<ul style="text-align: left;">
<li>Update 0 - Aug 3: Added email contact for CTF.</li>
</ul>
</div>
</div>
MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com0KOC Tent29.0909375 48.0678124999999453.5689029999999988 6.7592184999999461 54.612972 89.376406499999945tag:blogger.com,1999:blog-8353696605063426251.post-31038238528035086572019-06-05T00:02:00.002+03:002019-06-05T00:02:49.206+03:00Windows 10 Shares Data with Microsoft Insecurely<div dir="ltr" style="text-align: left;" trbidi="on">
Apart from the fact Windows 10 (Win10) is sending search data, even though I had disabled Cortana, it's also sending the data to Microsoft using certificates whose authenticity aren't proven.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-nS6R4CfIsHk/XPbaVn2TM7I/AAAAAAAACtk/gtXw7JgTOLYxziVMfZHevlFfTNpbFczWACLcBGAs/s1600/00-kaspersky.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="350" data-original-width="403" height="277" src="https://1.bp.blogspot.com/-nS6R4CfIsHk/XPbaVn2TM7I/AAAAAAAACtk/gtXw7JgTOLYxziVMfZHevlFfTNpbFczWACLcBGAs/s320/00-kaspersky.PNG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
First, Kaspersky intercepted this traffic going to: dubaivm1.uaenorth.cloudapp.azure.com</div>
<div class="separator" style="clear: both; text-align: left;">
It's obviously owned by Microsoft. Details about its usage are in the Detailed Report below.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
There's an additional connection that goes to: exo-ring.msedge.net</div>
<div class="separator" style="clear: both; text-align: left;">
This is also related to Cortana search. (which is disabled)</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-lmCoAD7eKQw/XPbatBMv_0I/AAAAAAAACts/G_dZYtk0P9s495ld1CyeJzX9POxn7G7BgCLcBGAs/s1600/01-kaspersky-details.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="631" data-original-width="1098" height="182" src="https://1.bp.blogspot.com/-lmCoAD7eKQw/XPbatBMv_0I/AAAAAAAACts/G_dZYtk0P9s495ld1CyeJzX9POxn7G7BgCLcBGAs/s320/01-kaspersky-details.PNG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-tKdLo2s_kCc/XPbbAkWElyI/AAAAAAAACt0/XR1z2zqAElEGZqH1gOwaPfuLrln3VlFkwCLcBGAs/s1600/02-kaspersky-details2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="626" data-original-width="1098" height="182" src="https://1.bp.blogspot.com/-tKdLo2s_kCc/XPbbAkWElyI/AAAAAAAACt0/XR1z2zqAElEGZqH1gOwaPfuLrln3VlFkwCLcBGAs/s320/02-kaspersky-details2.PNG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
These are details of the certificate. It's signed by DigiCert to Microsoft CA, then to: azwanp.trafficmanager.net</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-JI7L1QgCqbU/XPbbWhDXmDI/AAAAAAAACt8/IUtBoqMjqh8MWR_3DV8yrqseMI6k64fIgCLcBGAs/s1600/06-certinfo4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="510" data-original-width="405" height="320" src="https://1.bp.blogspot.com/-JI7L1QgCqbU/XPbbWhDXmDI/AAAAAAAACt8/IUtBoqMjqh8MWR_3DV8yrqseMI6k64fIgCLcBGAs/s320/06-certinfo4.PNG" width="254" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
As extra precaution, I have Kaspersky set to use Mozilla's certificate store rather than Microsoft's. At least I can trust that Mozilla won't inject stuff behind my back.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-mBbfbwFPp10/XPbbxSU93VI/AAAAAAAACuI/F7zLt38djiQvD1KzO0dpPmkgWdpqUWGGwCLcBGAs/s1600/08-kaspersky-settings.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="575" data-original-width="772" height="238" src="https://1.bp.blogspot.com/-mBbfbwFPp10/XPbbxSU93VI/AAAAAAAACuI/F7zLt38djiQvD1KzO0dpPmkgWdpqUWGGwCLcBGAs/s320/08-kaspersky-settings.PNG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
</div>
MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com0tag:blogger.com,1999:blog-8353696605063426251.post-59741931664695589402019-03-02T15:41:00.000+03:002019-03-02T15:41:02.892+03:00Oracle Licensing and Virtualization Restrictions<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="text-align: left;">
Disclaimer</h2>
The information here represents my personal findings using published documents from Oracle. It doesn't represent my legal opinion. I am not a lawyer. Take this information and fight for your right as a consumer/customer and demand an official response from Oracle by email, not verbal.<br />
<br />
<h2 style="text-align: left;">
Introduction</h2>
I've had numerous encounters with customers citing Oracle sales people stating that virtualizing Oracle DB on VMware is not supported, and that the licensing of the entire physical host's cores, or even the entire cluster's cores is mandatory, and in a nut shell: this is NOT entirely true and can be circumvented.<br />
<br />
The information below is based on Oracle's legal documents and licensing documents and guidelines. Check the references for the links and details.<br />
<br />
References are denoted with numbers. When you see #1 it means see reference number 1 at the end of this post.<br />
<br />
<h2 style="text-align: left;">
Executive Summary (TL;DR)</h2>
The Oracle partitioning guide is not a contractual document and Oracle strictly states it's for educational purposes only. Therefore it cannot use it to impose how customers should partition their environments or systems.<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://2.bp.blogspot.com/-c3LffHcuZV0/XDesZB3PkQI/AAAAAAAACrs/AMgr5_7ASqApJbSPLCbYxMQ0YcosQt0awCLcBGAs/s1600/oracle-licensing-00.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="78" data-original-width="942" height="33" src="https://2.bp.blogspot.com/-c3LffHcuZV0/XDesZB3PkQI/AAAAAAAACrs/AMgr5_7ASqApJbSPLCbYxMQ0YcosQt0awCLcBGAs/s400/oracle-licensing-00.png" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Excerpt from Oracle's "Oracle Partitioning Policy" document</td></tr>
</tbody></table>
<br />
<h3>
Details and Resources</h3>
The only contractually obligating documents from Oracle are:<br />
<br />
<ul style="text-align: left;">
<li>Technical Support Policy document</li>
<li>Processor Core Factor table</li>
<li>Oracle License and Service Agreement (OLSA) / Oracle Master Agreement(OMA)</li>
</ul>
<br />
<br />
<h2 style="text-align: left;">
Terminology and Concepts</h2>
Alright, let's get into details, and one step at a time to provide a full picture. First things first:<br />
<br />
<h3 style="text-align: left;">
License Types</h3>
Oracle DB is licensed in different ways, depending on its edition:<br />
<br />
<ul style="text-align: left;">
<li>By number of users using the connected application or whose data are saved in the DB</li>
<li>By number of CPU sockets. A socket is a full physical processor, regardless of the number of cores inside it.</li>
<li>By number of CPU cores. This is the case for the Enterprise edition of the DB. Cores refer to the number of physical cores in every CPU socket installed in the server. Threads are considered logical cores, and you do not license those; only the physical cores.</li>
</ul>
<br />
<h3 style="text-align: left;">
Audit Compliance</h3>
Before moving forward, let's discuss audit compliance. Oracle audit team can request to audit your environment. You have the choice of not allowing them, but they might come back later with government officials to enforce it, or if you open a support ticket, they'd do an inspection anyway to see whether you're eligible for support or not.<br />
<br />
If/When you do allow Oracle's audit team to run an audit, it's essential to agree on a scope and limited time to do the activity: i.e., clusters 1, 2 and 3 and the activity is to not exceed 2 weeks maximum. This is to be stated in the legal document you'll be signing prior to them starting the audit activity.<br />
<br />
Oracle will ask you extract virtual machine (VM) activity logs, where they've been and where they've moved for X number for months. It's also important to limit the period: 1-3 months should be sufficient for any audit activity.<br />
<br />
If you do not impose such limits, Oracle can keep asking for extended periods to run their scripts, and try to find at least 1 case of deviation to impose penalties on you.<br />
<br />
Some sales people will scare you that you're violating Oracle terms and will be subject to penalties of millions of USD.<br />
As long as you're complying with the rules below, and have done the settings properly and have full log of all VM activity (in vCenter) to prove that the VMs haven't moved beyond the licensed hosts and cores, no one can penalize you.<br />
<br />
If they continue to harass you, ask them to send you an official email, and once you receive it, send it to Oracle's USA legal team. You'll receive a note from them acknowledging that you're in full compliance.<br />
<br />
Feel free to reach out to me and I'll help you reach the right people within Oracle. For planning and designing help with your setup to make sure you're compliant prior to deploying the Oracle workloads, I can offer this within Kuwait only. If you're outside of Kuwait or the Arabian Gulf region, I suggest you contact a vendor selling x86, another selling IBM POWER and let both give you 5-year Total Cost of Ownership (TCO) studies including Oracle software license costing.<br />
<br />
<h3>
License Core Factor</h3>
Oracle applies different ratios of licenses needed for each core depending on the processor/CPU being used in the servers [#1]. This is called Core Ratio, and usually for Intel mid-range processors (Intel E5-2400, E5-2600, Xeon Silver and Xeon Gold), the core factor is 0.5.<br />
<br />
For Oracle's own SPARC CPU, the core facor for M5, M6, M7 and M8 CPUs is 0.5. This is in bid to push for its own hardware and provide a full solution.<br />
<br />
For higher-end processors (Intel E7-4800, E7-8800, Xeon Platinum, and IBM POWER), the core factor is 1.0.<br />
<br />
<h3 style="text-align: left;">
Processor Choices and License Calculation</h3>
If your application vendor says they need 10 cores, you have to ask them to specify which processor and model have they benchmarked their database workload on.<br />
It's unfortunate that many software vendors benchmark their workload once (say 2012 for example), and then keep using the same hardware requirements on newer systems, which means customers (you) end up with an extremely over-sized solution.<br />
<br />
Why? Because 10 Intel Xeon E5 cores in 2012 are equal to about 6 Intel Xeon Gold cores now (rough estimate). The same applies to any processor brand, such as IBM POWER and Oracle/Sun/Fujitsu SPARC. The enhancements vary, but the idea is the same: do not believe the software vendor's requirements unless they tell you which hardware was used to do the benchmark.<br />
<br />
If the application vendor says you need 10 cores on Intel Xeon Gold, then you need to purchase 10 (cores) x 0.5 (Xeon Gold core factor) = 5 Oracle Enterprise DB core licenses.<br />
<br />
If the application vendor says you need 10 cores on IBM POWER9, then you need to purchase 10 (cores) x 1.0 (IBM P9 core factor) = 10 Oracle Enterprise DB core licenses.<br />
<br />
The above does NOT mean that POWER core factor is more expensive than Intel, because <span style="color: red;"><u><b>the performance of 10 cores on Intel is less than 10 cores on POWER</b></u>. <u><b>That's why Oracle assigned POWER processors a higher core factor</b></u></span>. However, I will NOT discuss which processor to choose in this post, to not derail from the topic of licensing.<br />
<br />
The advice I give all my clients is: Choose the platform that gives you the best Return on Investment (most cost effective) and reliability. Make sure to always factor in cost of software and hardware for 5 years for your solutions, including maintenance, support and subscription costs.<br />
<br />
<h3 style="text-align: left;">
Virtualization/Partitioning Types</h3>
Virtualization allows you to simultaneously run multiple virtual machines (VMs), each with its own operating system (OS), on the same physical server.<br />
<br />
Oracle treats hypervisors (virtualization engines/software) differently, mainly as a sales tactic (politics) and not for technical differentiating factors (though some technical factors exist, but the main drive remains to push sales into their direction).<br />
<br />
Oracle's list of supported virtualization and partitioning technologies, VMware's vSphere is not listed, for political reasons, but it's fully technically functional and support is provided as follows:<br />
<br />
<ul style="text-align: left;">
<li>If the problem is already known, Oracle will provide support.</li>
<li>If the problem is unknown, Oracle require you to reproduce the issue on a physical server.</li>
<li>Some of my customers said they've had tickets open on supported platforms for months, while Oracle support engineers threw the blame on Microsoft Windows, and Windows support engineers threw the blame on Oracle. So you can imagine how this might turn on an unsupported platform.</li>
<li>VMware openly states that it will provide full support for Oracle software running on VMware's platform, so you contact VMware and they'll use their in-house Oracle certified support engineers. See the links in references for details on what VMware covers. [#4]</li>
<li>Oracle sales people might tell you you'll never get support, but that's a lie. Ask them to email you their claim, and then you can escalate that. 99.99% they won't dare email you since it's illegal to make such claims.</li>
</ul>
<div>
<br /></div>
<div>
Licensing types based on virtualization: Oracle licensing states that you need to license every CPU core that's used by the database. That's easy to do on Unix platforms, but requires additional configurations on x86 (AMD/Intel) platforms.</div>
<div>
<br /></div>
<h4 style="text-align: left;">
<span style="color: yellow;">
x86 (AMD/Intel) systems</span></h4>
<div>
As x86 systems are considered commodity servers, they don't offer a function to isolate specific cores for specific workloads/VMs. However, with VMware vSphere or Microsoft Hyper-V hypervisors, you can assign specific processor cores to always be used by a specific VM. Hyper-V calls it CPU Pinning. vSphere calls it CPU Affinity.</div>
<div>
<br /></div>
<div>
Keep in mind, you need to also restrict which hosts are able to run these virtual machines, in addition to the CPU core affinity. On VMware vSphere, when enabling High Availability, a VM will restart on a different host if the original host lost power, therefore you need to set cluster policies to have the VMs run on specific hosts only, even in cases of host failures.<br />
<br />
Remember the audit section above? This is why you need to setup such restrictions here.<br />
<br />
<b><span style="color: orange;">Example</span></b>: You have a VMware cluster of 4 hosts, each host has 2x 14-core Intel processors (28 total). You have/need Oracle Enterprise Edition DB effective licenses for 8 cores = 16 Intel cores licensed (0.5 core factor license for Intel mid-range CPUs).<br />
You want to run 2 instances of Oracle DB as virtual machines, each with 8 cores (4 effective core licenses).<br />
<br />
You can easily create a Host Affinity rule in VMware's Distributed Resource Scheduler to restrict the DB VMs to specific 2 hosts in the cluster, and edit the VM settings to specify 8 cores in each host as part of the CPU Affinity settings. This way you lock the 2 VMs to 2 specific hosts in the cluster, and each VM to specific CPU cores.<br />
<br />
There is no need to buy dedicated servers for Oracle with the CPU cores matching the license. You do need to license any host cores that will run Oracle instances (2 hosts to have high availability -- if one VM goes offline, the other is still functional. Do not power on the other one.<br />
<br />
If you need to do maintenance on one physical server: power off one of the 2 VMs, and carry on your maintenance, then power it on when the host is ready.<br />
<br /></div>
<div>
<h4 style="text-align: left;">
<span style="color: yellow;">Unix (POWER/SPARC) systems</span></h4>
<div>
Such systems allow cores to be pooled/grouped and specific workloads can be restricted to certain cores. This is known as Hard Partitioning.<br />
<br />
I am not very familiar with SPARC systems, so my example(s) will be for POWER: if you have a machine with 2 CPUs, 10 cores each, for a total of 20 cores, you can create a Shared Processor Pool of 6 cores and restrict all Oracle DB VMs/LPARs to run on that pool only. This allows you to license only 6 cores, and the VMs will share those 6 cores.<br />
<br />
It's often that customers buy dedicated core licenses for each DB they create, however, in many times when we did utilization analysis of those VMs and DBs, the CPU utilization was much lower than the assigned values, however the customer had a huge number of total cores licensed for Oracle DB!<br />
<br />
A better approach is to create a pool for the DBs, and let the VMs use the cores from that pool. Additionally, on POWER, it's possible to allow a VM to have 2 cores, but increase number of cores if needed, then scale back. In such a scenario, it will never exceed the restriction impose by the pool, so you always remain within the license boundries.</div>
</div>
<div>
<br />
The above setup helps with one part of the audit, but when it comes to moving VMs/LPARs around different physical hosts, the same rules apply: you have to license the physical cores where the VMs run. So, if you have 2 physical hosts for High Availability, there are few ways to do the setup:<br />
<br />
<h2 style="text-align: left;">
License Options</h2>
<h3 style="text-align: left;">
Licensing One VM only</h3>
Oracle licenses per installed instance. If you create a VM with an OS and install Oracle DB on it, you have to license it, even if it's offline/powered off.<br />
<br />
To license one VM only in HA setup, you have to use storage replication, or connect both hosts to the same storage, such that at any time, only one VM instance exists on the servers. When you need to failover to your 2nd site or host, you do the job manually and import/power on the VM on the 2nd host, as long as it's powered off and removed from the 1st host.<br />
<br />
Additionally, you have to disable Live Partition Mobility, vMotion or any function that allows VMs to move between hosts in the same cluster.<br />
<br />
This is true for both x86 and Unix.<br />
<br />
<h3 style="text-align: left;">
Licensing Multiple VMs</h3>
If you wish to use Oracle DataGuard or Real Active Cluster (RAC) to guarantee data consistency using application/DB-level replication, then you need to license at least 2 instances and setup the replication scheme on the DB level.</div>
<div>
<br />
Additionally, you have to disable Live Partition Mobility, vMotion or any function that allows VMs to move between hosts in the same cluster. You license cores on physical hosts that have the VMs running. If you do want the VMs to move to other hosts, you'll need to license all hosts permissible for movement.<br />
<br />
This is true for both x86 and Unix.</div>
<div>
<br />
As you can see, these legal restrictions are not technical limitations, but only to enforce customers to pay more licenses and/or enforce Oracle's own ecosystem onto the customer to further leverage more purchases in the future.</div>
<br />
<h2 style="text-align: left;">
Pitfalls</h2>
As you can see above, when using x86 systems, there's some added overhead on the operations team to make sure the VMs always remain in compliance when doing daily operations and maintenance jobs. It's easier to do things when having Unix systems and maintain compliance, but then you need operations people with Unix skills.<br />
<br />
A mistake of 1 person in operations could put you out of compliance. If you run a small company, you may be better off with buying dedicated physical servers for Oracle workloads (but end up with many physical boxes). If you're an enterprise with many Oracle workloads, I suggest moving away from them if possible, and if not, go with a Unix environment that gives you flexibility and is able to reduce your overall cost on software licenses.<br />
<br />
<h2 style="text-align: left;">
References</h2>
<ol style="text-align: left;">
<li><a href="http://www.oracle.com/us/corporate/contracts/processor-core-factor-table-070634.pdf">Oracle Processor Core Factor Table</a></li>
<li><a href="https://www.oracle.com/assets/partitioning-070609.pdf">Oracle Partitioning Policy</a></li>
<li><a href="https://www.oracle.com/technetwork/database/virtualizationmatrix-172995.html">Supported Virtualization and Partitioning Technologies for Oracle DB and RAC</a></li>
<li><a href="https://blogs.vmware.com/apps/2017/01/oracle-vmware-vsan-dispelling-licensing-myths.html">VMware Support for Oracle on vSphere</a></li>
<li><a href="https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/whitepaper/solutions/oracle/understanding_oracle_certification_support_licensing_vmware_environments-white-paper.pdf">Understanding Oracle Certification, Support and Licensing on VMware Products</a></li>
<li><a href="https://www.beaconize.com/2016/05/19/vmware-oracle-misinformation/">Oracle Misinformation on VMware</a></li>
</ol>
</div>
MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com0tag:blogger.com,1999:blog-8353696605063426251.post-50341922274449640592019-01-08T23:31:00.000+03:002019-01-08T23:37:09.700+03:00Eco Block Design: Reshaping Kuwait City<div dir="ltr" style="text-align: left;" trbidi="on">
This is a project I started in August 2016 out of sheer hate and disgust to driving and driving conditions in Kuwait. If you're unfamiliar with Kuwait, it's a tiny country that's 18,000 km^2 (an island), however, the majority of the area is not available for use and the livable area is on the sea side.<br />
<br />
I had initially made this as a presentation and reached out to some parliament members in Kuwait, but alas, the words fell on deaf ears. I figured I might as well post this here for anyone willing to take this forward. Though this is for Kuwait, the concept is applicable to any city in any country.<br />
<br />
I was inspired by a piece I read about <a href="https://www.vox.com/2016/8/4/12342806/barcelona-superblocks">Barcelona's city design, known as Superblock</a>. (This is not the original article, but similar content).<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://4.bp.blogspot.com/-0l1WZX6RI8E/XDT5WzxBhTI/AAAAAAAACrg/Tm_tz3KS3dUWxeiCX6cRyDXDCgkn7nd9gCLcBGAs/s1600/eco-00.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="Kuwait borders and livable areas" border="0" data-original-height="487" data-original-width="518" height="300" src="https://4.bp.blogspot.com/-0l1WZX6RI8E/XDT5WzxBhTI/AAAAAAAACrg/Tm_tz3KS3dUWxeiCX6cRyDXDCgkn7nd9gCLcBGAs/s320/eco-00.png" title="Kuwait borders and livable areas" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Kuwait's borders in red. Livable areas marked in green.</td></tr>
</tbody></table>
<br />
<h2 style="text-align: left;">
The Problem</h2>
<br />
<ol style="text-align: left;">
<li>Kuwait City is too congested as it’s a main hub for businesses and government offices. Kuwait City is the capital, and is a tiny area at the middle-top of the green marked area.</li>
<li>Air pollution is very high.</li>
<li>Temperature within the city is 2-8° higher than outside (especially in summer).</li>
<li>A lot of time is wasted to get from Point A to B within the city:</li>
<ol>
<li>It takes 20-30 minutes to drive a 3 kilometer distance within the city!</li>
<li>It takes 20 minutes to exit the city from airport road (or anywhere else). Only to exit it! You still need to drive the rest of the distance to wherever you want to go.</li>
</ol>
</ol>
<br />
<br />
<h2 style="text-align: left;">
The Cause</h2>
<br />
<ol style="text-align: left;">
<li>Too many street lights and intersections within the city.</li>
<li>Small roads.</li>
<li>Irresponsible driving and parking habits.</li>
<li>Badly placed entrances of buildings on main roads, rather than internal roads.</li>
<li>Concentration of businesses in the city, rather than distribute them to multiple areas.</li>
<li>Inefficient and insufficient parking:</li>
<ol>
<li>Kuwait Municipality still uses archaic regulations allowing skyscrapers with little/no parking. A 30 floor tower, where each floor could have 90 employees, would have parking for 100-150 cars only. Not even considering tower visitors.</li>
<li>Most parking spots are unused lands, an ever shrinking "resource."</li>
</ol>
</ol>
<br />
<br />
<h2 style="text-align: left;">
The Symptoms</h2>
<br />
<ol style="text-align: left;">
<li>People park illegally, especially on road sides.</li>
<li>Roads are blocked/shrunk availability.</li>
<li>Higher-than-needed congestion.</li>
<li>Stressful daily driving.</li>
</ol>
<div>
Below are pictures depicting the symptoms and daily struggles.</div>
<div>
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><img height="141" src="https://lh3.googleusercontent.com/1Y8Gi2u73458ifhdmMLnwmOfbhm-DmA_dkN5VQubYfuogOZFRsehhAR25KevzEcpRquE1e9NwJSAw5rH2Rp1USmJAep4VKaKm1aOyK4yywKksm2Ti5udGu85cJBNUrl2VfiuYReQVBo" style="margin-left: auto; margin-right: auto;" width="400" /></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Empty area in the back used as parking</td></tr>
</tbody></table>
<div style="text-align: center;">
<span id="docs-internal-guid-7f10a9ad-7fff-7cfc-cf77-8334a437351b"></span></div>
<div>
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><img height="260" src="https://lh5.googleusercontent.com/X5LbXO3y_4OzSIHEoTVwVCtPT0_N6DVgS9tSNV8R-YKzB5IiIFfN22mNtRuD7eeYGCAdvzYvHqZJ2VEaVsXdjgEtrzA8X4fVfwY8qz7fb-2uAPu1IA2X9sOMKlnTuIQsYmZX6bcF23o" style="margin-left: auto; margin-right: auto;" width="400" /></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Congestion. The reason is in the next picture</td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: center;">
<span id="docs-internal-guid-cdceee3f-7fff-83dd-20b1-db42463783a8" style="margin-left: 1em; margin-right: 1em;"></span></div>
<div>
</div>
<div>
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><img height="217" src="https://lh3.googleusercontent.com/tlEIEnbQSEF9BgDVpBu3i7iFeza038KnFKfH6Ht65CruWvQzbIqqrxT-zTgKzQAab-6fKOzwUVsBCgZJs_vrVVtOZsndfjfwUYc-aZKEALS2K_Q04UMLH1A0CPtsT4zHvXk3IS1EBWg" style="margin-left: auto; margin-right: auto;" width="400" /></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Illegally parked cars on the right side of the road. Entrance to the building on the main road!</td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: center;">
<span id="docs-internal-guid-4890606b-7fff-10c9-a726-ddc9321915f3" style="margin-left: 1em; margin-right: 1em;"></span></div>
<div>
</div>
<div>
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><img height="241" src="https://lh4.googleusercontent.com/7RRrREvHPxi6qjFXuMfdJm_TpiE4yHGRId8l6JmzB-0znknaytEzQpVLJR0qJUIRYo5E4wOyJQ6fhD3_J3mrPZUNobMPSI6q5TxpWG6Gw9GU77oIm1Eehh6hiM-PwxkasE7XGbn_lXA" style="margin-left: auto; margin-right: auto;" width="400" /></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Another day, same congestion. Same irresponsibility by drivers.</td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: center;">
<span id="docs-internal-guid-8a0a6724-7fff-cdeb-a583-a6814976c39d" style="margin-left: 1em; margin-right: 1em;"></span></div>
<div>
</div>
<div>
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><img height="192" src="https://lh5.googleusercontent.com/ai98LhNpSqSms5MY-WBleUERsJq66zkBMWo8OZgo8PKMNA8iU8beUHoV9ZUeu1tGMLC0xB314O1Wpvj1W7T23uFuxfi_Dguz_VmSkWiQkSe6dDR5sSg79pzy6sVkfdn4jZyoyCe1rzU" style="margin-left: auto; margin-right: auto;" width="400" /></td></tr>
<tr><td class="tr-caption" style="text-align: center;">All it takes is 1 car to cause chaos</td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: center;">
<span id="docs-internal-guid-f7de3615-7fff-97d8-6687-c54ff7eae8c5" style="margin-left: 1em; margin-right: 1em;"></span></div>
<div>
</div>
<div>
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><img height="340" src="https://lh4.googleusercontent.com/A8w1a5-PB_GeIPbOKMly_v86GjZJS_RUZLEI2cHUY4NWEGJLwuOUiKuV0LgBWyIDqT3KR8WyrXjIFM60rwJlHAdOpZy-oyEWYd8R_FnHrSiClCDreP4TYdYOncqgATigEUTnDR4-A0Y" style="margin-left: auto; margin-right: auto;" width="400" /></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Illegal parking at the back of the same building</td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: center;">
<span id="docs-internal-guid-14038bce-7fff-7c2b-f792-b5043dcf0f49" style="margin-left: 1em; margin-right: 1em;"></span></div>
<div>
</div>
<div>
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><img height="282" src="https://lh6.googleusercontent.com/OXQ5NK8PF5KFNse-RhR4O3IZBTp4xtdRtPof3WnQbzdG57zuRdOROcHwGTbUKoQYB5Uqj9-aY8w6ozprpN3mFVmqaDspcRNXpON7q22wfdpbEhTFrVKR0FuCCAhTIHDpNdqJEph6VFE" style="margin-left: auto; margin-right: auto;" width="400" /></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Illegal parking blocking access to the handicapped ramp inside the parking</td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: center;">
<span id="docs-internal-guid-0ff1fa77-7fff-5102-3c2e-38cb6e008a6c" style="margin-left: 1em; margin-right: 1em;"></span></div>
<div>
</div>
<div>
<br /></div>
<h2 style="text-align: left;">
The Solution</h2>
<br />
<div>
Build a super-block of the entire city where people enter from specific sides only (edges).</div>
<div>
<br /></div>
<div>
City parking survey (brief) -- Total highlighted area=347,525 m^2:</div>
<br />
<div>
<ol style="text-align: left;">
<li>Green spots: legal parking</li>
<li>Red spots: illegal parking (empty land)</li>
</ol>
</div>
<div>
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><img height="335" src="https://lh5.googleusercontent.com/V9AoNnFen-I2CLU6toNe5Su3opbIfgayyuHZIGzFSvQnMD5iAK8wLFuIxlVs_AVEIEi7gbtx2_NsXc5Nt3ROKLGQYri8eh1x3vcnv_uIpKG_O0Vyw-xfUjSnPU7DJyjiOWcg7X6JFnE" style="margin-left: auto; margin-right: auto;" width="400" /></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Map of Kuwait City showing green and red areas of parking</td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: center;">
<span id="docs-internal-guid-be790711-7fff-1f6d-e611-6ea2098d300b" style="margin-left: 1em; margin-right: 1em;"></span></div>
<div>
</div>
<div>
<br /></div>
<h3 style="text-align: left;">
Eco Block</h3>
<div>
An economic block of a city, or convert a city into multiple blocks.</div>
<div>
<ul style="text-align: left;">
<li>Build robotic parking complexes @ city edges</li>
<ul>
<li>Road 30 Entrance (Shamiya Gate)</li>
<li>Road 35 Entrance (Shaab Gate)</li>
<li>Road 40 Entrance (PIFSS intersection)</li>
<li>Road 50 Entrance (Government Mall intersection)</li>
<li>Road 80 Entrance (Jahra Gate)</li>
<li>Each robotic complex can have 5000+ cars</li>
<li>A 15-floor robo complex of 2,972 m^2 area can fit 3,400 cars</li>
<li>Wait time to fetch a car: 2-3 minutes tops</li>
<li>Multiple entry-exit ports</li>
<li>Concurrent robo pallets</li>
</ul>
</ul>
</div>
<div>
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><img alt="robo parking example" height="220px;" src="https://lh4.googleusercontent.com/v6KKjaDtLkXy9uf8P8XC_AA4kvvYaepYNRaKFXcly5SioxXyLk8-eGnHFNmPXHGLPTNconQFrD2jc083Gzh2oIHdCvUcaIW6lVqJAaVR4THHpUdIDgTdmE3tFa5pR6Aw4f8ZsXbe69I" style="margin-left: auto; margin-right: auto;" title="robo parking example" width="293px;" /></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Ibn Batoota mall in UAE providing robo parking</td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: center;">
<span id="docs-internal-guid-32966d7f-7fff-4f3b-42ca-482d7ac815ac" style="margin-left: 1em; margin-right: 1em;"></span></div>
<div>
</div>
<div>
Image source: <a href="https://www.roboticparking.com/robotic_parking_photo_gallery.htm">https://www.roboticparking.com/robotic_parking_photo_gallery.htm</a></div>
<div>
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><img alt="multi entry and exit ports" height="234px;" src="https://lh5.googleusercontent.com/mnR80TftfuN96XZYSnNRQaeAvOPal-hT7Ae4eyluAn6zuIxNB6H6UjVzFiPEszHdk_1ZnzKvA60qf5Fk7sAV0lEiUM-WgbSWWVSwcF6sSghcb1JGGDcTGbNuEdCmJf-MHOVcGmEktks" style="margin-left: auto; margin-right: auto;" title="multi entry and exit ports" width="244px;" /></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Wire frame diagram showing multiple entry and exit ports to the parking</td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: center;">
<span id="docs-internal-guid-8b50c852-7fff-54dc-c556-d0a951c459ae" style="margin-left: 1em; margin-right: 1em;"></span></div>
<div>
</div>
<div>
Image source: <a href="https://www.roboticparking.com/robotic_parking_rps_1000.htm">https://www.roboticparking.com/robotic_parking_rps_1000.htm</a></div>
<div>
<br /></div>
<h3 style="text-align: left;">
Phase 1</h3>
<div>
<ol style="text-align: left;">
<li>Build robo parking complexes @ city edges</li>
<li>Block the entry roads to the city</li>
<li>Use mini-buses to transport people within the city</li>
<li>Demolish parking areas/buildings inside the city and create gardens</li>
<li>Remove street way separators</li>
<li>Use a single lane for mini-buses</li>
</ol>
</div>
<div>
<br /></div>
<h3 style="text-align: left;">
Phase 2</h3>
<div>
<ol style="text-align: left;">
<li>Build metro railway or high-speed motorized walking track</li>
<li>Eliminate mini-buses</li>
<li>Reduce street sizes</li>
<li>Plant more greenery</li>
</ol>
</div>
<div>
<br /></div>
<h2 style="text-align: left;">
Benefits</h2>
<div>
<ol style="text-align: left;">
<li>No more congestion</li>
<li>Fixed and low time of entry/exit in/out of the city</li>
<li>Robo parking eliminates possible theft in parking spaces</li>
<li>Robo parking eliminates high risk of people slamming your car</li>
<li>Robo parking eliminates need for low-wage security guards</li>
<li>Higher greenery and reshaping the city into a massive garden area</li>
<li>Boosting economy by allowing more businesses to open w/o worrying about parking + greenery attracts people</li>
</ol>
</div>
<div>
<br /></div>
<h2 style="text-align: left;">
Future Plans</h2>
<div>
Upon validating the implementation for the city, expand the idea to other major areas:</div>
<div>
<ul style="text-align: left;">
<li>Hawally</li>
<li>Salmiya</li>
<li>Farwaniya</li>
<li>Free Zone</li>
<li>Universities (private and public)</li>
<li>Hospital areas (private and public)</li>
</ul>
</div>
<div>
<br /></div>
<h2 style="text-align: left;">
Frequently Asked Questions</h2>
<h3 style="text-align: left;">
0) Is there any prior work for this?</h3>
<div>
<div>
Ibn Batoota Mall in Dubai, new Rigae Ministry of Justice in Kuwait and many other global references. None has it on a city-wide scale, though.</div>
<div>
<br /></div>
<div>
Closing Mubarkiya market and Salem Al-Mubarak st. are good examples to how this project expands greenery and boosts economics for shops.</div>
</div>
<div>
<br /></div>
<h3 style="text-align: left;">
1) Why not build a suspended metro and suspended walk-ways?</h3>
<div>
The construction will take 3-5 years, during which it’ll cause severe obstruction to the streets, which are already reaching their limits. It’s unrealistic and impractical. The timeline of the construction assumes that everything goes smooth, which to anyone knowing Kuwait, is hilarious and impossible.</div>
<div>
<br /></div>
<h3 style="text-align: left;">
2) Why not use empty areas and let people park by themselves or use valet?</h3>
<div>
<div>
Valet = employing a lot of low-wage foreigners, which hurts the country on the long run.</div>
<div>
Allowing people to park by themselves is a logistical nightmare. Improper parking, banged doors, and blocked exists are a few common issues.</div>
</div>
<div>
<br /></div>
<h3 style="text-align: left;">
3) Are people going to pay fees for using the mini-buses or the metro once operational?</h3>
<div>
Currently people pay for the public and private parking, so the fee to be paid should be for the parking only. The parking ticket should allow for free all-day movement within the city, using mini-buses (initially) and the metro (when built).</div>
<div>
<br /></div>
<h3 style="text-align: left;">
4) Is this a public project or private?</h3>
<div>
It can be a public project owned by Public Utilities Management Company (المرافق العمومية) or privatized. If privatized, entrances should have a different contractor to avoid monopolies and distribute chance to multiple contractors.</div>
<div>
<br /></div>
<h3 style="text-align: left;">
5) Some people will refuse to share mini-buses or metro carts with low-wage workers. This idea won’t work.</h3>
<div>
<div>
Instead of shutting down the idea, it’s best to find ways to make it work:</div>
<div>
<ul style="text-align: left;">
<li>It’s possible to have male/female segregated buses/carts.</li>
<li>It’s possible to have buses for separate destinations, and since most workers go to specific spots, it’ll reduce clashes.</li>
<li>Make separate standing and sitting carts with higher cost for sitting ones. Another form of segregation and preference to those who want some extra space.</li>
</ul>
</div>
</div>
<div>
<br /></div>
<h3 style="text-align: left;">
6) Why not allow cars to enter the city, but put a high entrance fee (road tax)?</h3>
<div>
No. Easy access is a right, not a privilege. People must not use this to brag about paying more, getting Wasta* exemptions and what not. Everyone should be treated equally and cars must be banned from accessing the city (apart from emergency vehicles).</div>
<div>
<br /></div>
<div>
* Wasta: An Arabic term referring to getting access to something you weren't supposed to by asking people you know/higher ups.</div>
<div>
<br /></div>
<h3 style="text-align: left;">
7) Instead of all this solution and cost, why not force remote work, different working hours, or move companies to another place?</h3>
<div>
<div>
<ul style="text-align: left;">
<li>Remote Work: Most daily routines involve physical paperwork, thus forcing people to be physically present. Currently impractical in current times.</li>
<li>Different Working Hours: Tried and failed. It’ll affect parents who will be forced to have 2-4 trips per day for jobs, schools, and other things.</li>
<li>Move Companies: The city is the financial district (banks, stock exchange, ...etc.) and around this, other businesses thrive: IT companies, insurance, investment, restaurants, cafes, hotels, gov offices.<br />It’s unrealistic to shift all of this “ecosystem” out, and chopping it (moving specific type of companies) will hurt the ecosystem and probably cause more congestion in Kuwait’s roads as people will have to go drive now to reach the city for meetings and other business requirements.</li>
</ul>
</div>
</div>
<div>
<br /></div>
<div>
Feel free to reach out privately, or publicly in comments or on <a href="https://twitter.com/mbhbox">Twitter</a>, to discuss and share ideas. Also, feel free to push this idea with the government. I honestly don't care to have credit, as long as the idea is implemented, though I'd appreciate being involved in the project.</div>
</div>
MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com0tag:blogger.com,1999:blog-8353696605063426251.post-31280634419783875052018-10-27T20:36:00.000+03:002018-10-27T20:41:41.134+03:00Ransomware Attacks: Pre and Post Attack Protection<div dir="ltr" style="text-align: left;" trbidi="on">
I was contacted by a company that had been infected with <a href="https://en.wikipedia.org/wiki/Ransomware">ransomware</a> that encrypted their servers' files and demanded money to provide decryption. The company's entire infrastructure was infected, including the backup server which backed files onto internal disks, so the backup was encrypted and inaccessible as well.<br />
<br />
Below is a screenshot of the display showed on every server, instructing the victim of the situation and how to reach the attacker for decryption "services." I've masked the code so the victim wouldn't be identified and prone to revenge attack again.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-FTb9znsQ2rw/W9SROUNrBZI/AAAAAAAACF8/-V02gC4Sa10npTYNqB3xP2BZgJGpo-sbgCLcBGAs/s1600/ransomware-instructions.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="610" data-original-width="1130" height="172" src="https://3.bp.blogspot.com/-FTb9znsQ2rw/W9SROUNrBZI/AAAAAAAACF8/-V02gC4Sa10npTYNqB3xP2BZgJGpo-sbgCLcBGAs/s320/ransomware-instructions.jpg" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-jXkhS81WW5M/W9SRgSc8FBI/AAAAAAAACGE/be8DVTaWQtU2GXlCnu0DcmVzA2lCskcVACLcBGAs/s1600/ransomware-note.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="215" data-original-width="869" height="78" src="https://1.bp.blogspot.com/-jXkhS81WW5M/W9SRgSc8FBI/AAAAAAAACGE/be8DVTaWQtU2GXlCnu0DcmVzA2lCskcVACLcBGAs/s320/ransomware-note.jpg" width="320" /></a></div>
<br />
The company that was attacked did have an antivirus in place, a firewall and some security measures, but that didn't prevent the attack. The attack occurred after the attackers <a href="https://en.wikipedia.org/wiki/Phishing#Spear_phishing">spear-phished</a> one of the admins and when the admin opened the attachment, the infection spread like wildfire.<br />
<br />
Though an encrypted file sample was submitted to the <a href="https://id-ransomware.malwarehunterteam.com/">ID Ransomware</a> free service, unfortunately, it wasn't detected. When submitting your sample, give screenshots, emails and other related info. Even if it's not identified, it helps block such attacks in the future. The victim in this case ended up paying to decrypt 1 server (the backup) and didn't decrypt others. Wiped out all systems and started restoring.<br />
<br />
<h2 style="text-align: left;">
Mistakes</h2>
<br />
<ol style="text-align: left;">
<li>Servers ran unpatched Windows OSs. They were vulnerable to an old vulnerability that Microsoft had patched earlier this year in network sharing protocol <a href="https://www.us-cert.gov/ncas/current-activity/2017/03/16/Microsoft-SMBv1-Vulnerability">SMBv1</a> that caused many malwares to spread via network.</li>
<li>The backup software stores backups as files (which is fine), and those were stored on the internal disks only.</li>
</ol>
<div>
<br /></div>
<h2 style="text-align: left;">
Positive Actions</h2>
<div>
<ol style="text-align: left;">
<li>The owner contacted friends who were techies, who knew techies or who had been victims of similar incidents in the past.</li>
<li>Did not touch any of the systems and left them as is. This is important, as some infections can be reversed if the server isn't rebooted (encryption key stays in memory sometimes).</li>
<li>Contacted a local ISP that provided on-site security consultation. The person who attended there knew what to look for and that greatly helped identify the infection method.<br />It's important to contact an external entity to look at your systems. Sometimes your admins will hide info to protect themselves and this does more damage than good for everyone: the company and the admins themselves.</li>
<li>Contacted the attackers and act desperate (even if you aren't) to buy some time, and sometimes you can buy sympathy from your case handler (attacker replying to your email) and offer reduced price for decryption instead of paying full amount.</li>
</ol>
<div>
<br /></div>
</div>
<h2 style="text-align: left;">
Protections and Precautions</h2>
<div>
<ol style="text-align: left;">
<li>If you do pay to decrypt your data, fully understand that you're still infected, but now have access to your files. This does not mean you're safe, as the ransomware is still on your systems. You need to disinfect or completely wipe everything after getting your data out, and only the data without OS files.</li>
<li>Always keep your systems up to date. Always. Force the business units or management to allocate suitable downtime for regularly patching all systems. Have procedures for critical patches that need to be applies ASAP and cannot wait for the usual schedule.</li>
<li>Avoid running old operating systems. If you have software that must run on an archaic OS, find an alternative. Investing in migrating from old software that keeps you crippled is a lot cheaper than falling victim due to attacks on legacy systems, and running maintenance costs of legacy systems.</li>
<li>When discovering an infection in the infrastructure, alert management immediately. Also, collect as many logs from as many systems as possible:</li>
<ol>
<li>Firewall logs</li>
<li>VPN logs</li>
<li>Server hardware logs</li>
<li>Operating System events and logs</li>
<li>Antivirus logs</li>
</ol>
<li>If the servers are running in your own datacenter in your building, disconnect everything from network, but keep the servers running. At least this prevents further spread or reinfection.</li>
<li>Use latest version of an antivirus, not only updated signatures. You must always have the latest version of the application itself to make use of better self-defense mechanisms and detection methods.</li>
<li>Use an antivirus on servers and PCs that has Application Control and <a href="https://support.kaspersky.com/13669">Trusted Application Mode</a> modules. I know Kaspersky and Bitdefender offer these, but some others sure do.<br />Trusted Application Mode is most important to only allow verified and known applications to work, while blocking everything else. This way, should a malware reach a server, it won't be able to run there.</li>
<li>Have an offline/off-site backup, either on some backup service, such as Veeam Cloud Backup, or on tape cartridges.<br />If you decide to ship your tape cartridges abroad or take them outside of your building, make sure you place them in an anti magnet compartment to prevent metal detectors or Explosive Detection Systems (EDS) from damaging the tape. X-Ray is completely safe and does not emit any magnetic field, so it's safe to carry cartridges in your carry-on, but not your checked-in luggage that is subject to EDS, and not when in your pockets, as you go through metal detectors.</li>
<li>Linux is also susceptible to ransomware, not only Windows. Keep your *nix systems patched.</li>
</ol>
<div>
<br /></div>
</div>
<div>
It's important that one plans for worst case scenarios. Don't protect the perimeter from the outside, and leave the inside vulnerable. Live under the assumption that your internal systems can, and will, be infected one day, so plan accordingly.</div>
<div>
<br /></div>
<div>
Feel free to leave a comment to share your story, or an insight to help others, if you've been in a similar situation before.</div>
<div>
<br /></div>
<div>
Be paranoid. Be safe.</div>
</div>
MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com0tag:blogger.com,1999:blog-8353696605063426251.post-72168183558941519892018-10-09T22:28:00.000+03:002018-10-09T22:28:06.189+03:00Unlock The Hidden Data: Enterprise Microservices Seminar<div dir="ltr" style="text-align: left;" trbidi="on">
IBM is organizing a technical event to show use cases of containers, API consumption and micro-services in enterprise environments.<br />
<br />
The event will have live demos and the speaking/presenting panel consists of technical engineers, and the though the agenda is brief, the audience is free to ask for specific demos of use cases or features.<br />
<br />
The event will hold place at Sirdab Lab on Sunday Oct 14th, 5 PM to 8 PM. Attendance is free, but registration is required to provide sufficient seating and catering.<br />
<br />
Event Information & Registration Link: <a href="https://www.eventbrite.com/e/unlock-the-hidden-data-enterprise-microservices-tickets-51119341326">https://www.eventbrite.com/e/unlock-the-hidden-data-enterprise-microservices-tickets-51119341326</a></div>
MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com0tag:blogger.com,1999:blog-8353696605063426251.post-27872170233919227472018-09-07T21:57:00.002+03:002018-09-07T21:57:18.184+03:00Migrating Windows Fileservers: Preserving NTFS and Domain Controller Permissions<div dir="ltr" style="text-align: left;" trbidi="on">
A client was running a Windows 2008 fileserver. Share folders have been created and used for years, and permissions were set per group or per user over the many folders, linked to Active Directory domain controller.<br />
<br />
For this particular case, the shares were on a dedicated drive that is a storage mapped volume. Reassigning the volume from the old server to a new one is quite easy, but the tricky part was preserving the share settings and the NTFS permissions along with the active directory domain controller security permissions.<br />
<br />
After much digging around, the <a href="https://social.technet.microsoft.com/wiki/contents/articles/408.how-to-back-up-and-restore-ntfs-and-share-permissions.aspx">solution was a builtin command line</a> that can backup the permissions, and exporting a registry key to backup the configurations of the shares and their paths. Make sure you test this on a test machine first before applying to production! This will save both local users and domain controller security permissions.<br />
<br />
Pay attention to back slashes (\) as it makes a difference to the tool.<br />
<br />
<h2 style="text-align: left;">
Step 0: Backup and Restore Shares and their Permissions</h2>
<br />
<ul style="text-align: left;">
<li>Run regedit with administrator permission: search for regedit then right click and choose "Run as Administrator"</li>
<li>Go to this location: <span style="font-family: "courier new" , "courier" , monospace;">HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares</span><br />
Note: HKLM = HKey_Local_Machine</li>
<li>Right click the Shares registry key and export. The key that looks like a folder in the left pane, not the content inside on the right pane.</li>
</ul>
<div>
To restore the shares and their permissions, double click the saved exported file.</div>
<div>
<br /></div>
<h2 style="text-align: left;">
Step 1: Backup and Restore NTFS and Active Directory Security Permissions</h2>
<div>
<ul style="text-align: left;">
<li>Open the command prompt (cmd.exe) with administrator permission.</li>
<li>To backup: <span style="font-family: "courier new" , "courier" , monospace;">icacls "path to folder" /save ntfsperms.txt /t /c 2> errors.txt</span><br />
Example: <span style="font-family: "courier new" , "courier" , monospace;">icacls d:\data /save ntfsperms.txt /t /c 2> errors.txt</span><br />
/t for recursion to include subfolders of the main one.<br />
/c to continue even when errors occur, but they'll printed and written to the errors text file.<br />
<br />
Note: If you put multiple folders directly on the root of the drive, the command should look like this: <span style="font-family: "courier new" , "courier" , monospace;">icacls d:\* /save ntfsperms.txt /t /c 2> errors.txt</span></li>
</ul>
<div>
<div>
To restore: <span style="font-family: "courier new" , "courier" , monospace;">icacls d:\ /restore ntfsperms.txt</span></div>
<div>
<br /></div>
<div>
Yes, there's a difference in the way you restore the permissions and the path. Even if you had backed up d:\data, you restore to the root directory/folder d:\. That's how the tool works.<br />
<br />
Keep in mind that the text file you'll save the permissions to will exist in the same place where it's showing the command prompt. If you run the cmd as Admin, you'll be in C:\Windows\System32 by default.</div>
</div>
</div>
</div>
MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com0tag:blogger.com,1999:blog-8353696605063426251.post-66544262755062850672018-08-30T22:32:00.002+03:002018-08-30T22:35:45.039+03:00Kuwait Game Jam 2018<div dir="ltr" style="text-align: left;" trbidi="on">
Once again, <a href="https://twitter.com/q8geek">Q8Geek</a> is organizing Kuwait Game Jam, where people gather to create games over a weekend based on a theme decided on the first day.<br />
<br />
Date: September 6 - September 8<br />
Location: <a href="https://goo.gl/maps/4zFJNDwbC8m">Niu - Business District One</a><br />
Details: <a href="https://bit.ly/kgj_18">https://bit.ly/kgj_18</a><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://4.bp.blogspot.com/-_MatIUVM-nM/W4hEvJ2adVI/AAAAAAAACFg/1P-Osn2JmUYDeDl-7RFYbw85sVQvm9AKACEwYBhgL/s1600/kgj00.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="Kuwait Game Jam 2018 - Poster 1" border="0" data-original-height="602" data-original-width="358" height="320" src="https://4.bp.blogspot.com/-_MatIUVM-nM/W4hEvJ2adVI/AAAAAAAACFg/1P-Osn2JmUYDeDl-7RFYbw85sVQvm9AKACEwYBhgL/s320/kgj00.PNG" title="Kuwait Game Jam 2018 - Poster 1" width="189" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><a href="https://www.instagram.com/p/Bm-u0QzBtnm/?taken-by=q8geek">https://www.instagram.com/p/Bm-u0QzBtnm/?taken-by=q8geek</a></td></tr>
</tbody></table>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://2.bp.blogspot.com/-cyY4-5Q7g_8/W4hE1GBQ0jI/AAAAAAAACFc/qO6O2T20lowK1QRvrc8r4l23CCZGV8dXACLcBGAs/s1600/kgj01.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="Kuwait Game Jam 2018 - Poster 2" border="0" data-original-height="601" data-original-width="358" height="320" src="https://2.bp.blogspot.com/-cyY4-5Q7g_8/W4hE1GBQ0jI/AAAAAAAACFc/qO6O2T20lowK1QRvrc8r4l23CCZGV8dXACLcBGAs/s320/kgj01.PNG" title="Kuwait Game Jam 2018 - Poster 2" width="190" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><a href="https://www.instagram.com/p/BnD2cpCncmT/?taken-by=q8geek">https://www.instagram.com/p/BnD2cpCncmT/?taken-by=q8geek</a></td></tr>
</tbody></table>
</div>
MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com0tag:blogger.com,1999:blog-8353696605063426251.post-1068483296067471362018-08-25T22:31:00.001+03:002018-08-26T19:17:43.185+03:00High CPU Utilization on Live Streams<div dir="ltr" style="text-align: left;" trbidi="on">
While watching a <a href="https://steam.tv/dota2/">live stream of Dota2</a>, I noticed my CPU utilization on Firefox (Fx) is going 50%-60% after a minute of watching the stream. I did some comparison against Chrome and Brave and both were using less than 3%.<br />
<br />
The live stream website of Steam TV uses Akamai's HTTP Live Streaming, which <a href="https://learn.akamai.com/en-us/webhelp/media-services-live/media-services-live-stream-packaging-rtmp-ingest-hds-and-hls-outputs-user-guide/GUID-F3F3D4FB-8152-48C7-A8C4-1D0AE130B932.html">according to Akamai</a>, uses H264 video codec and AAC audio codec. Specifically:<br />
<blockquote class="tr_bq">
Video: H.264 Baseline Profile Level 3.0, Main Profile Level 3.1, High Profile Level 4.1, and MPEG-4 Simple Profile<br />
Audio: HE-AAC or AAC-LC up to 48 kHz</blockquote>
In all cases below, there's only one private/incognito tab open, each browser was launched without the other loading the same site, and left to stream for 2 minutes minimum.<br />
<br />
I did the same comparison against YouTube & Vimeo, and all browsers had very low CPU utilization.<br />
<br />
<h2 style="text-align: left;">
Computer Specs</h2>
CPU: i7-6700k<br />
GPU: nVidia GTX 1080<br />
OS: Windows 10 Pro - Build 17134<br />
<br />
<h2 style="text-align: left;">
Firefox Browser</h2>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-bzl0fEkPzS0/W4GpXAhwUmI/AAAAAAAACEc/jEXSMNp2tnkRrLeoKcAXYEbj8-J06EWywCEwYBhgL/s1600/firefox-mod.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="firefox cpu and gpu utilization" border="0" data-original-height="921" data-original-width="1600" height="184" src="https://3.bp.blogspot.com/-bzl0fEkPzS0/W4GpXAhwUmI/AAAAAAAACEc/jEXSMNp2tnkRrLeoKcAXYEbj8-J06EWywCEwYBhgL/s320/firefox-mod.png" title="firefox cpu and gpu utilization" width="320" /></a></div>
CPU utilization: 60.9%<br />
GPU utilization: 5.4%<br />
Memory utilization: 788 MB<br />
Browser version: 61.0.2<br />
<br />
Note: There's only one tab open, but you see 6 processes launched. This is probably using multiple processes for video or other content the site has loaded.<br />
<br />
I have disabled <a href="https://www.ghostery.com/">Ghostery addon</a> intentionally to make sure the spike in CPU wasn't caused due to blocked scripts, ads or anything else.<br />
<br />
Firefox GPU options: I checked the "Performance" under General options and when unchecking the Optimum check mark, it does show that it uses hardware acceleration when available.<br />
<br />
<h3 style="text-align: left;">
GPU Options</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-RrDXBeFqMDE/W4Gr3rhhQLI/AAAAAAAACEs/vpSqNsP38yEPIWTrMRR-ALM_KjjhSiYkgCLcBGAs/s1600/firefox-gpu-options.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="443" data-original-width="635" height="223" src="https://4.bp.blogspot.com/-RrDXBeFqMDE/W4Gr3rhhQLI/AAAAAAAACEs/vpSqNsP38yEPIWTrMRR-ALM_KjjhSiYkgCLcBGAs/s320/firefox-gpu-options.PNG" width="320" /></a></div>
<br />
<h3 style="text-align: left;">
H264 Options</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-81XkTGubRAA/W4Gr_RQ54NI/AAAAAAAACEw/66VAEcvaBd8F6_1zXr4AO5OCJCNjFB5YQCLcBGAs/s1600/firefox-h264-options.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="321" data-original-width="703" height="146" src="https://1.bp.blogspot.com/-81XkTGubRAA/W4Gr_RQ54NI/AAAAAAAACEw/66VAEcvaBd8F6_1zXr4AO5OCJCNjFB5YQCLcBGAs/s320/firefox-h264-options.PNG" width="320" /></a></div>
<br />
<h2 style="text-align: left;">
Brave Browser</h2>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-ZxHf4-NyIX4/W4GpVltgeHI/AAAAAAAACEk/1km7qj-AEywF4kOfHf2pu2ZgSc1yoJdoACEwYBhgL/s1600/brave-mod.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="brave cpu and gpu utilization" border="0" data-original-height="918" data-original-width="1600" height="183" src="https://1.bp.blogspot.com/-ZxHf4-NyIX4/W4GpVltgeHI/AAAAAAAACEk/1km7qj-AEywF4kOfHf2pu2ZgSc1yoJdoACEwYBhgL/s320/brave-mod.png" title="brave cpu and gpu utilization" width="320" /></a></div>
CPU utilization: 1.9%<br />
GPU utilization: 12.3%<br />
Memory utilization: 634 MB<br />
Browser version: <span style="background-color: #fafafa; color: #3b3b3b; font-family: "Helvetica Neue", Arial, sans-serif; font-size: 16px;">0.23.79</span><br />
<br />
Browser left to its default settings.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<h2 style="text-align: left;">
Chrome Browser</h2>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-89uC5rh7KQc/W4GpV3-vs4I/AAAAAAAACEk/DP2a7Db0xYMZ_g_kNpGYT7sg_hfolIACQCEwYBhgL/s1600/chrome-mod.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="chrome cpu and gpu utilization" border="0" data-original-height="925" data-original-width="1600" height="184" src="https://3.bp.blogspot.com/-89uC5rh7KQc/W4GpV3-vs4I/AAAAAAAACEk/DP2a7Db0xYMZ_g_kNpGYT7sg_hfolIACQCEwYBhgL/s320/chrome-mod.png" title="chrome cpu and gpu utilization" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
CPU utilization: 1.4%<br />
GPU utilization: 3.7%<br />
Memory utilization: 271 MB<br />
Browser version: 68.0.3440.106<br />
<br />
Browser left to its default settings.<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
Oddly enough, it's using the least GPU, but still manages to keep CPU utilization low.<br />
<br />
<h2 style="text-align: left;">
Summary</h2>
I still don't know what's the cause. Be mindful of what you use and your resources, as more CPU utilization can quickly eat your device's battery (laptop).<br />
<br />
Update 1: Aug 26th, 2018 - 19:17. Added system info and browsers' version.</div>
MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com0tag:blogger.com,1999:blog-8353696605063426251.post-84735056105370558122018-08-21T02:11:00.001+03:002018-08-21T02:20:05.924+03:00Banking App Comparison: Boubyan Bank vs NBK<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="text-align: left;">
Introduction</h2>
The purpose of this post is to compare functionality and usability of banking applications from <a href="http://www.bankboubyan.com/en/">Boubyan Bank</a> (<span style="color: red;">BB</span>) and <a href="https://www.nbk.com/kuwait.html">National Bank of Kuwait</a> (<span style="color: #3d85c6;">NBK</span>).<br />
<br />
I will ignore any banking service not provided in the app, and provided in the branch or on the web portal, as that will drag the post much longer than I'd like (with one exception: login process).<br />
<br />
<h2>
Image Quality</h2>
Some banking apps have enabled an Android security flag in their apps that prevents taking screenshots (which is dumb). NBK has enabled that, but BB didn't. I was able to take clean screenshots of BB, but for NBK, I had to take pics with another phone, so the output isn't clean.<br />
<br />
<h2 style="text-align: left;">
Background</h2>
The reason I'm writing this comparison is because I'm fed up with NBK. This is not a vindictive post, but a series of issues have happened throughout years that have pushed me into looking elsewhere, after being with NBK for <b>23 years</b>.<br />
<br />
Whenever I wanted to do transactions, I had to go to the branch, because the phone support couldn't touch my account. Getting out of office and driving to the bank is not something I want to do, as I hate driving, and it's a huge waste of time to get the simplest of things done by forcing me to go to the branch.<br />
<br />
I've had friends try BB and show me their banking app, and I was quite shocked to how much can be accomplished from the app itself, without the need to ever go to the branch. This is what drove me to finally move all my funds and my salary to BB: Easy of use of services, and using applications that are made for humans, not a clump of features thrown together and is up to the consumer to figure things out, as you'll see with the NBK app.<br />
<br />
For the sake of completeness: My account type in NBK is "<a href="https://www.nbk.com/kuwait/personal/packages/premium/thahabi.html">Thahabi</a>" (Gold) and its equivalent in BB is "<a href="https://boubyan.bankboubyan.com/en/platinum/">Platinum</a>" which is the one I have now. So, both accounts have almost similar privileges, mainly that you get a dedicated account manager that you can contact directly (if needed), in addition to account perks.<br />
<br />
<h2 style="text-align: left;">
On-Boarding Process</h2>
This is first time you enroll into the banking app.<br />
<b><span style="color: red;">BB</span></b>: You can enroll from the app directly.<br />
<br />
<b><span style="color: #3d85c6;">NBK</span></b>: You cannot enroll from the app directly. You have to login to their web portal and grab some validation code to do the enrolling process. Their web portal is not mobile friendly.<br />
<br />
Here's the BB process:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-9E2l4zD6-4s/W3m45QyuEVI/AAAAAAAAB7w/UjSXcOC7MrYbb-H9V87NZY4Tozk4uhOjgCLcBGAs/s1600/Screenshot_20180811-170849.jpg" imageanchor="1"><img alt="onboarding - unlink existing device" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://4.bp.blogspot.com/-9E2l4zD6-4s/W3m45QyuEVI/AAAAAAAAB7w/UjSXcOC7MrYbb-H9V87NZY4Tozk4uhOjgCLcBGAs/s320/Screenshot_20180811-170849.jpg" title="onboarding - unlink existing device" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: 12.8px;">Removing my existing phone data to do a fresh setup</span></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-o4U6H3O_krY/W3m44rHPNfI/AAAAAAAAB7s/Eya8JVaBvLEEnw0feC4-63OFX-Dle9qlACLcBGAs/s1600/Screenshot_20180811-173114.jpg" imageanchor="1"><img alt="onboarding - creating a new account" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://2.bp.blogspot.com/-o4U6H3O_krY/W3m44rHPNfI/AAAAAAAAB7s/Eya8JVaBvLEEnw0feC4-63OFX-Dle9qlACLcBGAs/s320/Screenshot_20180811-173114.jpg" title="onboarding - creating a new account" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: 12.8px;">Creating new account. Notice you need both username and a few civil ID digits.</span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: 12.8px;"><br />
</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-eRMBXvGASYw/W3m44suG2wI/AAAAAAAAB7o/Lht9z_M2MQ4dapEYuO99VILkCKKGygMzQCLcBGAs/s1600/Screenshot_20180811-173128.jpg" imageanchor="1"><img alt="onboarding - answering a secret question" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://2.bp.blogspot.com/-eRMBXvGASYw/W3m44suG2wI/AAAAAAAAB7o/Lht9z_M2MQ4dapEYuO99VILkCKKGygMzQCLcBGAs/s320/Screenshot_20180811-173128.jpg" title="onboarding - answering a secret question" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: 12.8px;">Answering the secret question. This is only done once to enroll this device/phone.</span></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-qEmqzCoVFiA/W3m46cwMzZI/AAAAAAAAB8E/SQH2PZcVLTwSjyxb4DubHt6aTDJJcvsjwCEwYBhgL/s1600/Screenshot_20180811-173145.jpg" imageanchor="1"><img alt="onboarding - finally typing the password" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://1.bp.blogspot.com/-qEmqzCoVFiA/W3m46cwMzZI/AAAAAAAAB8E/SQH2PZcVLTwSjyxb4DubHt6aTDJJcvsjwCEwYBhgL/s320/Screenshot_20180811-173145.jpg" title="onboarding - finally typing the password" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: 12.8px;">Typing the password while also showing an image and some text that you've previously selected to guarantee the site isn't fake</span></div>
<br />
As you can see here, you can do everything from the app itself, whether it's creating a new user or enrolling/adding a new device to access your account(s). No need for a web portal, like NBK requires.<br />
<br />
<h3 style="text-align: left;">
Score</h3>
<b><span style="color: red;">BB</span></b>: 1<br />
<b><span style="color: #3d85c6;">NBK</span></b>: 0<br />
<br />
<h2 style="text-align: left;">
Login Process</h2>
Recently NBK moved away from logging into the account using the debit card number on their web portal, and instead did as BB: use a username.<br />
<br />
This introduced one very important element: <a href="https://online.bankboubyan.com/ASWeb/appmanager/BoubyanPortal/RetailLogin">to login</a> to BB, you need to know some digits of the civil ID, else you cannot proceed.<br />
<br />
In NBK,<a href="https://online.nbk.com.kw/WOLWebUI/PMlogin.aspx"> to login</a>, it only asks for the username, which allows for Denial of Service (DoS) attacks, either by malicious intent or by unknowing users who forgot their actual user and entered yours by mistake a few times, which leads to locking YOUR account.<br />
<br />
<h3 style="text-align: left;">
BB</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-KcyAIQlzcGs/W3m-yDdKz0I/AAAAAAAAB8Q/YRqcebMzauEnG1ZoDYaucm2nR6Vt6nYFwCLcBGAs/s1600/Screenshot_20180811-171018.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB login drag to right side for normal login or left for Musaed chat bot" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://4.bp.blogspot.com/-KcyAIQlzcGs/W3m-yDdKz0I/AAAAAAAAB8Q/YRqcebMzauEnG1ZoDYaucm2nR6Vt6nYFwCLcBGAs/s320/Screenshot_20180811-171018.jpg" title="BB login drag to right side for normal login or left for Musaed chat bot" width="180" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-LLguZUIFNrk/W3m-yMrpPbI/AAAAAAAAB8M/4Qn7mr8FYX0VPA0L10XmAVE1nauvGJRywCLcBGAs/s1600/Screenshot_20180811-171029.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB login enter password" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://1.bp.blogspot.com/-LLguZUIFNrk/W3m-yMrpPbI/AAAAAAAAB8M/4Qn7mr8FYX0VPA0L10XmAVE1nauvGJRywCLcBGAs/s320/Screenshot_20180811-171029.jpg" title="BB login enter password" width="180" /></a></div>
<br />
In the first picture, you can see 2 options to login: drag to the right for the normal app login, or drag to the left for "Msa3ed" (pronounced Musaed) which is a chat bot to do your typical tasks faster by telling the bot what you want.<br />
<br />
Your full name shows under the avatar icon. Drag to any side, and then you're prompted to enter your password. After that, you're inside your account.<br />
<br />
<h3 style="text-align: left;">
NBK</h3>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-gy-jxdVtupA/W3m_-PZ8g3I/AAAAAAAAB8c/QmEcnAqHlIY8v3BZTaFB6NKV-e105O_zwCEwYBhgL/s1600/IMG_20180811_230528.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK login press button to start login process" border="0" data-original-height="1061" data-original-width="631" height="320" src="https://4.bp.blogspot.com/-gy-jxdVtupA/W3m_-PZ8g3I/AAAAAAAAB8c/QmEcnAqHlIY8v3BZTaFB6NKV-e105O_zwCEwYBhgL/s320/IMG_20180811_230528.jpg" title="NBK login press button to start login process" width="190" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-7DBe3ClThag/W3m__4oVaII/AAAAAAAAB8s/cPrUQ6G-lpAZYXZzouiAXEjKsAdhQ1WSwCEwYBhgL/s1600/IMG_20180811_230538.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK login answer secret question" border="0" data-original-height="436" data-original-width="655" height="213" src="https://1.bp.blogspot.com/-7DBe3ClThag/W3m__4oVaII/AAAAAAAAB8s/cPrUQ6G-lpAZYXZzouiAXEjKsAdhQ1WSwCEwYBhgL/s320/IMG_20180811_230538.jpg" title="NBK login answer secret question" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-m7UDgFexNdA/W3nAAV5GR9I/AAAAAAAAB8w/YltM2eUO3GIhfkz91hBbgEsV_22DDPUnACEwYBhgL/s1600/IMG_20180811_230600.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK login enter password or fingerprint" border="0" data-original-height="754" data-original-width="752" height="320" src="https://1.bp.blogspot.com/-m7UDgFexNdA/W3nAAV5GR9I/AAAAAAAAB8w/YltM2eUO3GIhfkz91hBbgEsV_22DDPUnACEwYBhgL/s320/IMG_20180811_230600.jpg" title="NBK login enter password or fingerprint" width="319" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
Here you see the main login page of NBK showing your username which you chose during the initial sign up process. You click a button to start the login process, which asks you a random question that you have to answer based on your signup process, then enter the password or your fingerprint.<br />
<br />
It's inconvenient to have to answer a secret question every time. I have already enrolled my device, so you know it's me, why ask me every time?<br />
<br />
The fingerprint use case is nice, but I don't personally use it. Also, I don't know if the app ditches the secret question if you enroll a fingerprint, but it shouldn't ask for one anyway after enrolling your device.<br />
<br />
Assuming you added your fingerprint, you still have to remember answers to all 3+ questions, as you'll be asked every time, so the convenience of the fingerprint is overridden.<br />
<br />
<h3 style="text-align: left;">
Score</h3>
<b><span style="color: red;">BB</span></b>: 1<br />
<b><span style="color: #3d85c6;">NBK</span></b>: 0<br />
<br />
<h2 style="text-align: left;">
App Main Page and Info Access</h2>
Here we'll explore what info or functions are available from the screen.<br />
<br />
<h3 style="text-align: left;">
BB</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-NBp1ev0ww1Y/W3nCTKth9RI/AAAAAAAAB84/GkKfJA7CjKAsLijYVBFNIi_aIZObGs8_gCLcBGAs/s1600/Screenshot_20180811-170807.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB contacts and social media accounts" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://1.bp.blogspot.com/-NBp1ev0ww1Y/W3nCTKth9RI/AAAAAAAAB84/GkKfJA7CjKAsLijYVBFNIi_aIZObGs8_gCLcBGAs/s320/Screenshot_20180811-170807.jpg" title="BB contacts and social media accounts" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-RNFbu0cfXCo/W3nCU1tOFVI/AAAAAAAAB88/hdjZrobB0_0AR3tnTctHeiHh7zG0F5JlACLcBGAs/s1600/Screenshot_20180811-170837.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB notifications" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://3.bp.blogspot.com/-RNFbu0cfXCo/W3nCU1tOFVI/AAAAAAAAB88/hdjZrobB0_0AR3tnTctHeiHh7zG0F5JlACLcBGAs/s320/Screenshot_20180811-170837.jpg" title="BB notifications" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-1dZK_MX5mF4/W3nCW_FVPqI/AAAAAAAAB9A/7dd7lZk7cao6EFaeX28Vnq5uEByoXZmcgCLcBGAs/s1600/Screenshot_20180811-170901.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB apps" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://1.bp.blogspot.com/-1dZK_MX5mF4/W3nCW_FVPqI/AAAAAAAAB9A/7dd7lZk7cao6EFaeX28Vnq5uEByoXZmcgCLcBGAs/s320/Screenshot_20180811-170901.jpg" title="BB apps" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-tNCzu8c99dw/W3nCeXXqTnI/AAAAAAAAB9E/nZ8M1nozf1EOds5TR8Mq6SkIF0UAsuo1QCLcBGAs/s1600/Screenshot_20180811-170912.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB branches" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://3.bp.blogspot.com/-tNCzu8c99dw/W3nCeXXqTnI/AAAAAAAAB9E/nZ8M1nozf1EOds5TR8Mq6SkIF0UAsuo1QCLcBGAs/s320/Screenshot_20180811-170912.jpg" title="BB branches" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
Social media icons, and contact info. They provide WhatsApp in addition to live chat. Both very useful for when you're abroad and don't want to incur international calls for generic questions that don't require your personal info. If you do need to call to access your account, you can call the local hot number or the international number (the hot number is not possible to dial from outside of Kuwait).<br />
<br />
Push Notifications are visible from the main app page without needing to login. This might be a privacy issue for some people, but then that's why you should pin-lock your phone. The notifications shows the transactions and remaining amounts in the debit or credit account/card.<br />
<br />
Boubyan Apps offer some quick tools: Demonstration (demo) mode, Branch and ATM Locator, Currency Exchange, Prayer Times, Qibla Location/Direction, Discounts, Tutorials and Brochures. The Discounts part shows a list of shops/companies that BB has offers with and provide discounts to their clients. Conveniently, it has a search function to easily find a shop you're looking for.<br />
<br />
Finally, the branch/ATM locator shows both a map of ATMs and Branches and a list based function. When clicking on the phone icon, you get to call that branch, or click on the location icon and you open your maps app to navigate there. It also shows the working hours of the branch.<br />
<br />
Sadly, the branch list doesn't have a search function and it doesn't show which branches have <a href="https://boubyan.bankboubyan.com/en/banking-solutions/boubyan-services/boubyan-direct/">Boubyan Direct ATMs</a>.<br />
<br />
<h3 style="text-align: left;">
NBK </h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-sV6ClKDBL2M/W3nH12ANY-I/AAAAAAAAB9o/TRe22PEDV8sz6yOUC9z9ITu6s_kFnNpkwCLcBGAs/s1600/IMG_20180811_231719.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK main page tell friend" border="0" data-original-height="1037" data-original-width="613" height="320" src="https://4.bp.blogspot.com/-sV6ClKDBL2M/W3nH12ANY-I/AAAAAAAAB9o/TRe22PEDV8sz6yOUC9z9ITu6s_kFnNpkwCLcBGAs/s320/IMG_20180811_231719.jpg" title="NBK main page tell friend" width="189" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-cV01EvTDxKE/W3nH2Nrm2II/AAAAAAAAB9s/C2PtLs2c1-A-X4NkqWnkFA2N0q9BvuwtgCLcBGAs/s1600/IMG_20180811_231729.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK main page side menu" border="0" data-original-height="1007" data-original-width="593" height="320" src="https://3.bp.blogspot.com/-cV01EvTDxKE/W3nH2Nrm2II/AAAAAAAAB9s/C2PtLs2c1-A-X4NkqWnkFA2N0q9BvuwtgCLcBGAs/s320/IMG_20180811_231729.jpg" title="NBK main page side menu" width="188" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-85MUGX5PmLY/W3nHzqY5O3I/AAAAAAAAB9c/Y08GR3V-_YwoaWzUNk8yHNYYhQgs-f86QCLcBGAs/s1600/IMG_20180811_231558.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK contact us info" border="0" data-original-height="971" data-original-width="562" height="320" src="https://1.bp.blogspot.com/-85MUGX5PmLY/W3nHzqY5O3I/AAAAAAAAB9c/Y08GR3V-_YwoaWzUNk8yHNYYhQgs-f86QCLcBGAs/s320/IMG_20180811_231558.jpg" title="NBK contact us info" width="185" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-TbMeS2uXd64/W3nH040uY5I/AAAAAAAAB9k/zKUEf5yjS5s0p928uS8ATqAm9oDvMQVHACLcBGAs/s1600/IMG_20180811_231605.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK contact us info continued" border="0" data-original-height="1022" data-original-width="623" height="320" src="https://1.bp.blogspot.com/-TbMeS2uXd64/W3nH040uY5I/AAAAAAAAB9k/zKUEf5yjS5s0p928uS8ATqAm9oDvMQVHACLcBGAs/s320/IMG_20180811_231605.jpg" title="NBK contact us info continued" width="195" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-AzXshMZ1lqE/W3nHzpkslFI/AAAAAAAAB9g/vZ5vpnsp_qc4-uC4aA2IX2YbL_RMrkZ1QCLcBGAs/s1600/IMG_20180811_231537.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK branch map" border="0" data-original-height="1043" data-original-width="614" height="320" src="https://3.bp.blogspot.com/-AzXshMZ1lqE/W3nHzpkslFI/AAAAAAAAB9g/vZ5vpnsp_qc4-uC4aA2IX2YbL_RMrkZ1QCLcBGAs/s320/IMG_20180811_231537.jpg" title="NBK branch map" width="188" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-Hqrq3vYArNM/W3nHzYJ6hlI/AAAAAAAAB9Y/ZvqTfYzgU58380P8YVdBeRqDKwM8NjqYgCLcBGAs/s1600/IMG_20180811_231513.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK branch list" border="0" data-original-height="878" data-original-width="670" height="320" src="https://2.bp.blogspot.com/-Hqrq3vYArNM/W3nHzYJ6hlI/AAAAAAAAB9Y/ZvqTfYzgU58380P8YVdBeRqDKwM8NjqYgCLcBGAs/s320/IMG_20180811_231513.jpg" title="NBK branch list" width="244" /></a></div>
<br />
On the top right, a "Tell a Friend" button to send an SMS to a friend to download the NBK app. Useless feature. The other button shows the version of the app (might be useful for debugging/helping a customer on the phone but using an old version).<br />
<br />
Side menu offers Demo mode, NBK Rewards, Travel Tips, Products and Services, Common Questions, Map of Branches, and Contact Us info.<br />
<br />
Rewards, Map and Contact are already available as buttons on the main page without accessing the side menu, so why add them there again?<br />
<br />
Contact info lists social media accounts, one on each line, then the phone numbers for Kuwait and outside of Kuwait as it has operations internationally. NBK offers contact via WhatsApp for generic questions, but no dedicated live chat, so those without WhatsApp (like myself) cannot chat and will have to call.<br />
<br />
Rewards list provide list by category, but no search function. Horrible usability.<br />
<br />
The maps show the map view, but for some reason the list is empty for me.<br />
<br />
The map view offers a filter option that shows Branches, ITMs and ATMs. ITMs are equivalent to Boubyan Direct. However, the search feature is "Google wide" so if you type "Abdullah" hoping it'd show Abdullah Al-Salem area, you'd be mistaken, and instead it jumps to some location 3000 km away on Google Maps.<br />
When you do find the branch/ATM you want manually, you get its name and the area. No extra info, such as branch phone number, nor working hours. Semi-useless.<br />
<br />
So much wasted space here in the main page and redundant items, in addition to putting the contact list as a long side list, instead of a clear big page. Also, why put each social media link in a separate line, rather than just put icons and keep it simple and consume smaller area?<br />
<br />
No notifications quick access or view.<br />
<br />
<h3 style="text-align: left;">
Score</h3>
<b><span style="color: red;">BB</span></b>: 6<br />
<b><span style="color: #3d85c6;">NBK</span></b>: 2<br />
<br />
WhatsApp, Live chat, usable map list, branch info, searchable branch names, contacts, searchable discounts/rewards/offers<br />
<br />
<h2 style="text-align: left;">
Account Summary</h2>
First thing you see after you login. Accessing your account info, history and some other stuff.<br />
<br />
<h3 style="text-align: left;">
BB</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-s03g1lDmCaQ/W3nSXtRhF_I/AAAAAAAAB-A/CyAfM9MW3lM63efp5y8e8lySuvWSMbECACLcBGAs/s1600/Screenshot_20180811-171050.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB account summary" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://3.bp.blogspot.com/-s03g1lDmCaQ/W3nSXtRhF_I/AAAAAAAAB-A/CyAfM9MW3lM63efp5y8e8lySuvWSMbECACLcBGAs/s320/Screenshot_20180811-171050.jpg" title="BB account summary" width="180" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-g-zPM0SP6eY/W3nSY1KdCuI/AAAAAAAAB-I/MJUIV-Pk79cR2jYCFkhOZe8TmYvdhatoQCLcBGAs/s1600/Screenshot_20180811-171106.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB account history" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://2.bp.blogspot.com/-g-zPM0SP6eY/W3nSY1KdCuI/AAAAAAAAB-I/MJUIV-Pk79cR2jYCFkhOZe8TmYvdhatoQCLcBGAs/s320/Screenshot_20180811-171106.jpg" title="BB account history" width="180" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-HZL0iEPapbQ/W3nSYHmfeII/AAAAAAAAB-E/bXtOVQ4WIl4mBmj5gtzoRLaDm4jqKV5-gCLcBGAs/s1600/Screenshot_20180811-171113.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB account info and IBAN copy" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://3.bp.blogspot.com/-HZL0iEPapbQ/W3nSYHmfeII/AAAAAAAAB-E/bXtOVQ4WIl4mBmj5gtzoRLaDm4jqKV5-gCLcBGAs/s320/Screenshot_20180811-171113.jpg" title="BB account info and IBAN copy" width="180" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-gYPvZ8BR-a0/W3nSZaUzJZI/AAAAAAAAB-M/dM9asZCKoPMLRqK7sRzGXgY05jJyqoCkgCLcBGAs/s1600/Screenshot_20180811-171151.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB credit card info" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://1.bp.blogspot.com/-gYPvZ8BR-a0/W3nSZaUzJZI/AAAAAAAAB-M/dM9asZCKoPMLRqK7sRzGXgY05jJyqoCkgCLcBGAs/s320/Screenshot_20180811-171151.jpg" title="BB credit card info" width="180" /></a></div>
<br />
You can put nicknames for your accounts and credit cards, to know which one is for what/whom. I have 2 accounts: my salary account and a savings account where I dump extra money to get some profit off of it at the end of the month. I have 2 credit cards: one is mine and the other is for a family member. VISA Signature allows for 2 free for life complimentary cards for a card holder (VISA feature, not the bank).<br />
<br />
If you click on the account itself, you'll see the transaction history, which is searchable. Search options are: Date range, period (last month-12 months), amount, description or cash back. Clicking on "Last 3 months" in period, it auto fills the date range. I tried the description search to find name of a cafe I bought some stuff from, but it didn't show. Only amount worked. Usability not properly tested here.<br />
<br />
Back to the summary page, if you click on the very obvious red 3 dots, you get some settings for that account/card: edit account/card name, copy IBAN number, print statement, transfer money, make a payment, or view transaction history, along with some other info.<br />
For the credit card, it's nice to see the expiration date there, and how many days are remaining for the expiration.<br />
Adding the transaction history button there is redundant since you already get that when you click on the account/card.<br />
<br />
<h3 style="text-align: left;">
NBK </h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-R8_DkEVeQtg/W3nWU52wJaI/AAAAAAAAB-g/t5D76YcPJuAwhXbTpeVVXR54Jk54k4mRwCLcBGAs/s1600/IMG_20180811_230711.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK account summary" border="0" data-original-height="1412" data-original-width="809" height="320" src="https://2.bp.blogspot.com/-R8_DkEVeQtg/W3nWU52wJaI/AAAAAAAAB-g/t5D76YcPJuAwhXbTpeVVXR54Jk54k4mRwCLcBGAs/s320/IMG_20180811_230711.jpg" title="NBK account summary" width="183" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-RU7FZB-tcLU/W3nWU-sejVI/AAAAAAAAB-k/5q_1Du7Cbe0DcmRu-fAgFhlCc7WqFkE-QCLcBGAs/s1600/IMG_20180811_230724.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK account history" border="0" data-original-height="1392" data-original-width="797" height="320" src="https://4.bp.blogspot.com/-RU7FZB-tcLU/W3nWU-sejVI/AAAAAAAAB-k/5q_1Du7Cbe0DcmRu-fAgFhlCc7WqFkE-QCLcBGAs/s320/IMG_20180811_230724.jpg" title="NBK account history" width="183" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-nrIo9ToYGOM/W3nWZ8Lz7II/AAAAAAAAB-s/GPzENGavFg8ZIm_hAK2X3G1WfXxPqUOLwCLcBGAs/s1600/IMG_20180811_230809.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK account details/info" border="0" data-original-height="1436" data-original-width="827" height="320" src="https://4.bp.blogspot.com/-nrIo9ToYGOM/W3nWZ8Lz7II/AAAAAAAAB-s/GPzENGavFg8ZIm_hAK2X3G1WfXxPqUOLwCLcBGAs/s320/IMG_20180811_230809.jpg" title="NBK account details/info" width="184" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-cFw8_NLPEQI/W3nWVJpnRGI/AAAAAAAAB-o/uGraHN3SPeMJbbeF4lFq7LuymE-xIGoCwCLcBGAs/s1600/IMG_20180811_230741.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK account extra functions menu" border="0" data-original-height="1436" data-original-width="877" height="320" src="https://4.bp.blogspot.com/-cFw8_NLPEQI/W3nWVJpnRGI/AAAAAAAAB-o/uGraHN3SPeMJbbeF4lFq7LuymE-xIGoCwCLcBGAs/s320/IMG_20180811_230741.jpg" title="NBK account extra functions menu" width="195" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-Tk0u1ysRDmc/W3nWZ7dk1iI/AAAAAAAAB-w/cvDKBonzeSoV8XmHeTtCRIZx-d1HY2GZwCLcBGAs/s1600/IMG_20180811_230747.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK account extra functions" border="0" data-original-height="1436" data-original-width="853" height="320" src="https://3.bp.blogspot.com/-Tk0u1ysRDmc/W3nWZ7dk1iI/AAAAAAAAB-w/cvDKBonzeSoV8XmHeTtCRIZx-d1HY2GZwCLcBGAs/s320/IMG_20180811_230747.jpg" title="NBK account extra functions" width="190" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
No account nicknames. Clicking on the account number shows the history. On the top there is a filter and a search function. The filter shows: Transaction Type (Debit, Credit, All), and Date Range list. The search field allows you to search in existing history and works well. I searched for a place I visited and paid there, and it showed it in the list.<br />
<br />
There's a Details pane that you can click and it shows your account type and its number, below it you get the account number (again), IBAN and balance.<br />
<br />
Back at the summary page, there's a tiny obscure arrow that if you manage to click, you get an extended menu for the account: History, Details and Operations. History and Details take you to the respective pages discussed above, and clicking Operations gives you the menu to Transfer, print statement, copy account number and copy IBAN.<br />
<br />
Consider the fact that History and Details are very obvious and easy to access by clicking on the account, why waste more space in this hidden menu, and why make it difficult to notice and click in the first place!?<br />
<br />
Also, isn't it easier to simply put a copy button (or make the IBAN/account numbers clickable to copy) in the Details page/pane?!<br />
<br />
<h3 style="text-align: left;">
Score</h3>
<b><span style="color: red;">BB</span></b>: 4<br />
<b><span style="color: #3d85c6;">NBK</span></b>: 3<br />
<br />
account and card nicknames, easy access to copy IBAN, access to history, searching for description, and statement access.<br />
<br />
<h2 style="text-align: left;">
Notifications</h2>
<h3 style="text-align: left;">
BB</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-UnHKDQ6Y2v8/W3npagFcgtI/AAAAAAAAB_U/iuJMdGfV2A03DkNmjv-GIp6OuWYHG-5pgCLcBGAs/s1600/Screenshot_20180804-150721.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB push notifications" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://1.bp.blogspot.com/-UnHKDQ6Y2v8/W3npagFcgtI/AAAAAAAAB_U/iuJMdGfV2A03DkNmjv-GIp6OuWYHG-5pgCLcBGAs/s320/Screenshot_20180804-150721.jpg" title="BB push notifications" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-s_lk5AuUNm8/W3npc3cfTYI/AAAAAAAAB_Y/WtRX-jUYeHMeSIhVww9r9k_36HQlDHYQwCLcBGAs/s1600/Screenshot_20180811-173235.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB notifications settings" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://3.bp.blogspot.com/-s_lk5AuUNm8/W3npc3cfTYI/AAAAAAAAB_Y/WtRX-jUYeHMeSIhVww9r9k_36HQlDHYQwCLcBGAs/s320/Screenshot_20180811-173235.jpg" title="BB notifications settings" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
BB offers multiple options on how to receive notifications, either SMS or Push or both (in some cases). One thing not shown here, is when you enter the notifications list, you can delete all notifications or one by one. Delete function is not available when accessing the notifications from the main app page before logging in, which is excellent in terms of privacy (to prevent someone close to you from buying with your card and deleting notifications).<br />
<br />
<h3 style="text-align: left;">
NBK</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-Uc_a0ZQRlsQ/W3nyi6RPsTI/AAAAAAAAB_o/ML8KQX69_u43KDfwe1mQkv_WR7iXpxcDQCLcBGAs/s1600/IMG_20180811_231626.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK notifications options" border="0" data-original-height="843" data-original-width="681" height="320" src="https://3.bp.blogspot.com/-Uc_a0ZQRlsQ/W3nyi6RPsTI/AAAAAAAAB_o/ML8KQX69_u43KDfwe1mQkv_WR7iXpxcDQCLcBGAs/s320/IMG_20180811_231626.jpg" title="NBK notifications options" width="258" /></a></div>
<br />
NBK doesn't offer options to choose from SMS or Push, but provides what to receive in Push notifications. If you've subscribed to their SMS service, you'll receive SMS for debit and credit transactions.<br />
<br />
As of this writing, Kuwait's Central Bank has mandated that all banks in Kuwait, local or foreign, enable SMS notifications for all transactions for free for all their clients, starting from September 1st, 2018.<br />
<br />
From NBK's list above, it's not clear whether account/card transactions would be considered "events" or not, so if you're traveling and have removed your SIM card, you may not receive a notification via Push. If it's otherwise, please let me know.<br />
<br />
For lack of granularity on SMS, while milking the Push option for promotions and campaigns. I.e., NBK put its own needs over the client's needs.<br />
<br />
<h3 style="text-align: left;">
Score</h3>
<b><span style="color: red;">BB</span></b>: 1<br />
<b><span style="color: #3d85c6;">NBK</span></b>: 0<br />
<br />
<h2 style="text-align: left;">
Travel Notice</h2>
Banks request their clients to notify them when traveling so that they input into their fraud detection systems the countries the client will travel to, to avoid false positives.<br />
<br />
Previously with NBK, I used to call the support line to notify them. Now both banks offer this in their apps, but at varying degrees.<br />
<br />
<h3 style="text-align: left;">
BB</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-2fS1y6UbwQ8/W3n09KIeeVI/AAAAAAAAB_4/dZKbrPPjPdEk7USlU5w9Va7pZMJGI99RQCLcBGAs/s1600/Screenshot_20180811-171927.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB travel notice options" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://3.bp.blogspot.com/-2fS1y6UbwQ8/W3n09KIeeVI/AAAAAAAAB_4/dZKbrPPjPdEk7USlU5w9Va7pZMJGI99RQCLcBGAs/s320/Screenshot_20180811-171927.jpg" title="BB travel notice options" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-MtbV4e7xj74/W3n08TDxV2I/AAAAAAAAB_0/86rQaeQyOLYmdf07gtB-mdP3BE_OIgMMQCLcBGAs/s1600/Screenshot_20180811-172034.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB travel notice return" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://3.bp.blogspot.com/-MtbV4e7xj74/W3n08TDxV2I/AAAAAAAAB_0/86rQaeQyOLYmdf07gtB-mdP3BE_OIgMMQCLcBGAs/s320/Screenshot_20180811-172034.jpg" title="BB travel notice return" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
Everything in one page. Simple and intuitive, and after selecting one, or more debit and credit cards, along with multiple destinations and the duration of the trip, you get another screen where you can end the trip after you come back, in case you decided to extend your stay.<br />
<br />
No more calling and waiting for support.<br />
<br />
<h3 style="text-align: left;">
NBK</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-ytLxKF_Y-CI/W3oClhe_KJI/AAAAAAAACAI/AjPzGCxYa4UqR3wsOumZLvOocrVqs3WxgCLcBGAs/s1600/IMG_20180811_231209.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK travel notice card selection" border="0" data-original-height="1068" data-original-width="619" height="320" src="https://4.bp.blogspot.com/-ytLxKF_Y-CI/W3oClhe_KJI/AAAAAAAACAI/AjPzGCxYa4UqR3wsOumZLvOocrVqs3WxgCLcBGAs/s320/IMG_20180811_231209.jpg" title="NBK travel notice card selection" width="185" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-8Ih22t_lr2k/W3oClwB74AI/AAAAAAAACAM/KLy5TYl_P_kaIcJOtPXASZSJ3NQ02GeigCLcBGAs/s1600/IMG_20180811_231227.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK travel notice country selection" border="0" data-original-height="1069" data-original-width="625" height="320" src="https://1.bp.blogspot.com/-8Ih22t_lr2k/W3oClwB74AI/AAAAAAAACAM/KLy5TYl_P_kaIcJOtPXASZSJ3NQ02GeigCLcBGAs/s320/IMG_20180811_231227.jpg" title="NBK travel notice country selection" width="187" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-vD78iWheCtw/W3oCmIB9AnI/AAAAAAAACAQ/8kSAr_DdAmkKs_qTuMktETYXtW8j4c9TACLcBGAs/s1600/IMG_20180811_231256.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK travel notice date selection" border="0" data-original-height="1028" data-original-width="711" height="320" src="https://3.bp.blogspot.com/-vD78iWheCtw/W3oCmIB9AnI/AAAAAAAACAQ/8kSAr_DdAmkKs_qTuMktETYXtW8j4c9TACLcBGAs/s320/IMG_20180811_231256.jpg" title="NBK travel notice date selection" width="221" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-CE9SlMieQLA/W3oCm_LMUUI/AAAAAAAACAU/54Mxs8NtLIk_qiytXwYQU_UyGGfbvLFlACLcBGAs/s1600/IMG_20180811_231323.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK travel notice summary" border="0" data-original-height="845" data-original-width="668" height="320" src="https://1.bp.blogspot.com/-CE9SlMieQLA/W3oCm_LMUUI/AAAAAAAACAU/54Mxs8NtLIk_qiytXwYQU_UyGGfbvLFlACLcBGAs/s320/IMG_20180811_231323.jpg" title="NBK travel notice summary" width="252" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
Something so simple needlessly turned into an essay. What's worse, after the final submission, you get a prompt stating "your requested has been submitted" but there's no way to validate or show that they received it or how to cancel it upon your return.<br />
<br />
<h3 style="text-align: left;">
Score</h3>
<b><span style="color: red;">BB</span></b>: 3<br />
<b><span style="color: #3d85c6;">NBK</span></b>: 0<br />
<br />
Simplicity, visual confirmation of canceling or ending trip, and end trip option.<br />
<br />
<h2 style="text-align: left;">
Money Transfer</h2>
This section is a bit lengthy, as it involves multiple categories: Self transfer (between accounts), same bank transfers (other people using same bank), local transfers (others using other banks), international transfers, collecting payments from others, and finally, remittance.<br />
<br />
<h3 style="text-align: left;">
BB </h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-dR15ouh2WIM/W3oElzcEMkI/AAAAAAAACAo/_uEA86w13eEwXnQSJHqn7LGiPmoQk4bzQCLcBGAs/s1600/Screenshot_20180811-171254.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB adding same bank beneficiary" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://1.bp.blogspot.com/-dR15ouh2WIM/W3oElzcEMkI/AAAAAAAACAo/_uEA86w13eEwXnQSJHqn7LGiPmoQk4bzQCLcBGAs/s320/Screenshot_20180811-171254.jpg" title="BB adding same bank beneficiary" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-CJ6zaH4XMj0/W3oEmG_WhNI/AAAAAAAACAs/KuNk01huYgkHllQ-DHdbdDXTO3UgZE7FwCLcBGAs/s1600/Screenshot_20180811-171306.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB listing local bank beneficiary" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://3.bp.blogspot.com/-CJ6zaH4XMj0/W3oEmG_WhNI/AAAAAAAACAs/KuNk01huYgkHllQ-DHdbdDXTO3UgZE7FwCLcBGAs/s320/Screenshot_20180811-171306.jpg" title="BB listing local bank beneficiary" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-WzvfjrNWvs4/W3oEoDxYilI/AAAAAAAACAw/B_WNOz8ofMQkCzIXIH5iaDGl9hkyCDm7wCLcBGAs/s1600/Screenshot_20180811-171313.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB adding local bank beneficiary" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://2.bp.blogspot.com/-WzvfjrNWvs4/W3oEoDxYilI/AAAAAAAACAw/B_WNOz8ofMQkCzIXIH5iaDGl9hkyCDm7wCLcBGAs/s320/Screenshot_20180811-171313.jpg" title="BB adding local bank beneficiary" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-4dErd0-lCAo/W3oEoFpZ3GI/AAAAAAAACA0/zSz5XagjLuk3m46PLZgZWaBnfHV3Z5oHACLcBGAs/s1600/Screenshot_20180811-171329.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB adding international bank beneficiary" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://4.bp.blogspot.com/-4dErd0-lCAo/W3oEoFpZ3GI/AAAAAAAACA0/zSz5XagjLuk3m46PLZgZWaBnfHV3Z5oHACLcBGAs/s320/Screenshot_20180811-171329.jpg" title="BB adding international bank beneficiary" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-6DzB2ROaSmI/W3oErxRSfAI/AAAAAAAACA4/SRRn3AW1_OU33bot9EtlBYwkFOXj7hDbACLcBGAs/s1600/Screenshot_20180811-171351.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB payment collection via knet" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://4.bp.blogspot.com/-6DzB2ROaSmI/W3oErxRSfAI/AAAAAAAACA4/SRRn3AW1_OU33bot9EtlBYwkFOXj7hDbACLcBGAs/s320/Screenshot_20180811-171351.jpg" title="BB payment collection via knet" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-mWtk8Hg53eE/W3oEu6CC6zI/AAAAAAAACBA/XSYBZtju0-Ezva-sFD5zT0o4oGebtausACLcBGAs/s1600/Screenshot_20180816-201020.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB western union money remittance" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://2.bp.blogspot.com/-mWtk8Hg53eE/W3oEu6CC6zI/AAAAAAAACBA/XSYBZtju0-Ezva-sFD5zT0o4oGebtausACLcBGAs/s320/Screenshot_20180816-201020.jpg" title="BB western union money remittance" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-tsFFn9ddCOE/W3oEsnWmBmI/AAAAAAAACA8/nCDg1sfzfPk-US__tffIZYXxSSePhJjfgCLcBGAs/s1600/Screenshot_20180816-193323.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB western union money remittance continued" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://1.bp.blogspot.com/-tsFFn9ddCOE/W3oEsnWmBmI/AAAAAAAACA8/nCDg1sfzfPk-US__tffIZYXxSSePhJjfgCLcBGAs/s320/Screenshot_20180816-193323.jpg" title="BB western union money remittance continued" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-SMwIa8zjkCI/W3oE6jLPlxI/AAAAAAAACBM/8Pha3-TEfwQuPwV6An3lIteMT1qcaSVMACLcBGAs/s1600/IMG_20180819_111204__01__01.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Comparing western union remittance to a local remittance company" border="0" data-original-height="1600" data-original-width="1249" height="320" src="https://2.bp.blogspot.com/-SMwIa8zjkCI/W3oE6jLPlxI/AAAAAAAACBM/8Pha3-TEfwQuPwV6An3lIteMT1qcaSVMACLcBGAs/s320/IMG_20180819_111204__01__01.jpg" title="Comparing western union remittance to a local remittance company" width="249" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-R4qYU4ezE-g/W3oTJUi_DLI/AAAAAAAACCE/vZgBM1KNTe0vl8lwHXZob7_0LbnGmvKiwCLcBGAs/s1600/Screenshot_20180811-171614.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB cardless cash withdrawal with civil id" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://4.bp.blogspot.com/-R4qYU4ezE-g/W3oTJUi_DLI/AAAAAAAACCE/vZgBM1KNTe0vl8lwHXZob7_0LbnGmvKiwCLcBGAs/s320/Screenshot_20180811-171614.jpg" title="BB cardless cash withdrawal with civil id" width="180" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-I1L1ThiyaFo/W3oTJAUz8NI/AAAAAAAACCA/uXX78RdeDngsuHsSMKQO3UVTPs0_BFZ-QCLcBGAs/s1600/Screenshot_20180811-171600.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB cardless cash withdrawal with temp code" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://4.bp.blogspot.com/-I1L1ThiyaFo/W3oTJAUz8NI/AAAAAAAACCA/uXX78RdeDngsuHsSMKQO3UVTPs0_BFZ-QCLcBGAs/s320/Screenshot_20180811-171600.jpg" title="BB cardless cash withdrawal with temp code" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<b>Same bank transfers</b>: BB offers 2 options, either add a beneficiary by account number, or by their mobile number, if they had allowed being added by it in their privacy settings. This is a great convenient function!<br />
<br />
<b>Local bank transfers</b>: You can add a local beneficiary in a different bank by their IBAN as it's required by all banks, but notice the excellent touch of adding the local bank's logo to easily identify the account. Those could be your own accounts in different banks, so this is far easier to find the right account instead of reading text.<br />
<br />
<b>International transfers</b>: First you choose where the bank is located , then the currency, then you fill the rest of the information. When I added a company in EU using the web portal (it was easier to copy/paste stuff from email and notes), it automatically filled the SWIFT code information, bank name and address! I checked the same function in the app and it worked! Super convenient!<br />
<br />
<b>Payment Collection</b>: BB was the first to introduce this feature, as far as I know, and it basically creates a link to KNet for you to send to someone to pay you, or you can do it in-app and have someone fill in the information on your phone directly (no need to send a link).<br />
This makes group gatherings easy as we won't need to collect money from everyone and waste time dividing the remainder, for example.<br />
There are <a href="https://boubyan.bankboubyan.com/en/banking-solutions/boubyan-services/pay-me/">daily and monthly limits</a>, however, they're not shown in the app. Definitely loses points for the missing crucial info.<br />
<br />
<b>Remittance</b>: I can't state how happy I am to finally find something that works properly and free me from driving to remittance companies and waiting in queues!<br />
Our housekeeper is from Philippines and I had made a transfer for her the other day, then decided to add the same person as Western Union (WU) beneficiary int the app and check the fees.<br />
It turns out WU dropped their fees to match Cebuana (another remittance company) = 1 KD per transfer, and WU's/BB's currency exchange fees are even better than the remittance company.<br />
<br />
The transaction above and the WU quote in the app were done on the same day with only 40 minutes of time difference between them.<br />
<br />
Added bonus: in a later menu you'll see a clock icon near certain items, including WU. This means you can set this transaction to be recurring automatically.<br />
<br />
<b>Cardless Cash Withdrawal</b>: This feature is available from Boubyan Direct ATMs only, but allows one to have others withdraw cash from one's account without handing over the card or its pin code.<br />
Example: you want your driver to take some money and buy groceries, then you have him use his civil ID and withdraw the allocated amount from the app.<br />
Notice the "cash for me" option? This is useful in case you had lost your debit card or forgot it. Still requires using your civil ID.<br />
<br />
<h3 style="text-align: left;">
NBK</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-EgjTOcZrd58/W3oMv5itfmI/AAAAAAAACBs/2pdBPfFCno0Y-VAIzzOWy1VSWC3yOMDUgCLcBGAs/s1600/IMG_20180811_230919.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK transfers page" border="0" data-original-height="1360" data-original-width="794" height="320" src="https://4.bp.blogspot.com/-EgjTOcZrd58/W3oMv5itfmI/AAAAAAAACBs/2pdBPfFCno0Y-VAIzzOWy1VSWC3yOMDUgCLcBGAs/s320/IMG_20180811_230919.jpg" title="NBK transfers page" width="186" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-A-8MHCuC9GI/W3oMuJUm6eI/AAAAAAAACBk/qzblKo_cdysPZtQ1ilnUTpnI_FvSZU4XwCLcBGAs/s1600/IMG_20180811_230839.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK KNet payment collection option" border="0" data-original-height="1353" data-original-width="835" height="320" src="https://1.bp.blogspot.com/-A-8MHCuC9GI/W3oMuJUm6eI/AAAAAAAACBk/qzblKo_cdysPZtQ1ilnUTpnI_FvSZU4XwCLcBGAs/s320/IMG_20180811_230839.jpg" title="NBK KNet payment collection option" width="197" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-sfj2Api9W4w/W3oMuBLQiHI/AAAAAAAACBo/suFdGdx4c0M5AWou0BlkCxNszO6DiGoNwCLcBGAs/s1600/IMG_20180811_230854.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK KNet payment collection option - details" border="0" data-original-height="1436" data-original-width="847" height="320" src="https://2.bp.blogspot.com/-sfj2Api9W4w/W3oMuBLQiHI/AAAAAAAACBo/suFdGdx4c0M5AWou0BlkCxNszO6DiGoNwCLcBGAs/s320/IMG_20180811_230854.jpg" title="NBK KNet payment collection option - details" width="188" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-txrxrjWZ_Jw/W3oMtynRDpI/AAAAAAAACBg/mhojx9Lo6zQGUhLpCo4kkQf7cCFGhCTqwCLcBGAs/s1600/IMG_20180811_230900.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK KNet payment collection option - details2" border="0" data-original-height="1436" data-original-width="799" height="320" src="https://2.bp.blogspot.com/-txrxrjWZ_Jw/W3oMtynRDpI/AAAAAAAACBg/mhojx9Lo6zQGUhLpCo4kkQf7cCFGhCTqwCLcBGAs/s320/IMG_20180811_230900.jpg" title="NBK KNet payment collection option - details2" width="178" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
All payments are lumped into one page. What's worse? You cannot add beneficiaries using the app. You have to use the web portal, which is not mobile friendly at all, to add them the first time.<br />
<br />
As you can see from the list, the names are listed alphabetically and no image/icon to differentiate banks from each other, be it your accounts or someone else's. A salad.<br />
<br />
The payment collection option is there and does what it needs to do, but also shows daily and monthly limits. A bonus point for NBK.<br />
<br />
<h3 style="text-align: left;">
Score</h3>
<b><span style="color: red;">BB</span></b>: 7<br />
<b><span style="color: #3d85c6;">NBK</span></b>: 2<br />
<br />
Categorization of beneficiaries, simplicity of adding same bank beneficiaries, simplicity of adding and differentiating local beneficiaries, simplicity of adding international beneficiaries, payment collection option, remittance option, clarity of payment collection limits, and cardless cash withdrawal.<br />
<br />
<h2 style="text-align: left;">
App Service Menus</h2>
Menus to access other app functions.<br />
<br />
<h3 style="text-align: left;">
BB </h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-kWFWhRYLGNQ/W3oU8jyRYvI/AAAAAAAACCU/Lxmqj1KhT78NkAcmH3a7OC2XTj8e1NrfACLcBGAs/s1600/Screenshot_20180811-171212.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB service menu - transfers" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://4.bp.blogspot.com/-kWFWhRYLGNQ/W3oU8jyRYvI/AAAAAAAACCU/Lxmqj1KhT78NkAcmH3a7OC2XTj8e1NrfACLcBGAs/s320/Screenshot_20180811-171212.jpg" title="BB service menu - transfers" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-tUjnqYsuijc/W3oU9Bes2uI/AAAAAAAACCY/eBOyatkGjPAMGCQhR-AkB48-mJTrv1VHACLcBGAs/s1600/Screenshot_20180811-171217.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB service menu - payments" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://3.bp.blogspot.com/-tUjnqYsuijc/W3oU9Bes2uI/AAAAAAAACCY/eBOyatkGjPAMGCQhR-AkB48-mJTrv1VHACLcBGAs/s320/Screenshot_20180811-171217.jpg" title="BB service menu - payments" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-RW5uclqPOQs/W3oU9Y6PKBI/AAAAAAAACCc/PSQSbCX7X28B_aVI-z2CBJqzHK9HZYFEQCLcBGAs/s1600/Screenshot_20180811-171223.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB service menu - eServices" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://4.bp.blogspot.com/-RW5uclqPOQs/W3oU9Y6PKBI/AAAAAAAACCc/PSQSbCX7X28B_aVI-z2CBJqzHK9HZYFEQCLcBGAs/s320/Screenshot_20180811-171223.jpg" title="BB service menu - eServices" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
At the top of the menu, you can see the account type "Platinum" and then next to it is the full name of my account manager (I redacted his last name), and a phone icon to call the account manager. This shows careful understanding and catering to clients with the smallest details.<br />
<br />
There are 3 main menus: Transfers, Payments and eServices.<br />
<br />
The human icon takes you to the beneficiaries list directly. The clock icon takes you to the recurring transaction menu of that function directly.<br />
<br />
I've already described most of these functions, so I'll skip to one that I didn't: opening accounts. You can open a a savings account, a premium savings account, or a fixed deposit (many types are available). Additionally, it calculates the profits of your money for the fixed deposit option you choose right there in the same place you're opening the account. Instant and less time wasted interacting with a human who might give wrong info.<br />
<br />
Above the 3 categories, you can see 4 icons: inbox/messages, promotions, notifications/alerts, rate an employee, and settings.<br />
<br />
<h3 style="text-align: left;">
NBK</h3>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-KZrjZiq_VE4/W3tMIM90DhI/AAAAAAAACEA/Lc1rX9Az-t4r9MrPIlV3CGwTTqHOiEp9gCLcBGAs/s1600/IMG_20180811_230639.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK service menu" border="0" data-original-height="1436" data-original-width="871" height="320" src="https://2.bp.blogspot.com/-KZrjZiq_VE4/W3tMIM90DhI/AAAAAAAACEA/Lc1rX9Az-t4r9MrPIlV3CGwTTqHOiEp9gCLcBGAs/s320/IMG_20180811_230639.jpg" title="NBK service menu" width="194" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-3SEXmyuWBuc/W3tMQi-EnoI/AAAAAAAACEE/ks41shTfCRQ3gpQSFDUPhJwI246dJJ7XACLcBGAs/s1600/IMG_20180811_230650.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK service menu - continued" border="0" data-original-height="1424" data-original-width="843" height="320" src="https://4.bp.blogspot.com/-3SEXmyuWBuc/W3tMQi-EnoI/AAAAAAAACEE/ks41shTfCRQ3gpQSFDUPhJwI246dJJ7XACLcBGAs/s320/IMG_20180811_230650.jpg" title="NBK service menu - continued" width="189" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
Most of the menu is wasted on NBK's promotional stuff or brochures and campaigns. Everything lumped into one long menu. No quick-access icons to certain functions.<br />
<br />
You can open an account with NBK from the app, but is limited to either a Current Account or a foreign currency account. No fixed deposit options. A term deposit calculator is provided under a different menu: NBK Tools, but no option to open a deposit account.<br />
<br />
<h3 style="text-align: left;">
Score</h3>
<b><span style="color: red;">BB</span></b>: 7<br />
<b><span style="color: #3d85c6;">NBK</span></b>: 0<br />
<br />
Name of account manager and contact, proper use of screen space, categorization of functions, account opening options, quick access icons, recurring transaction option, and messaging within the app.<br />
<br />
<h2 style="text-align: left;">
Card Management</h2>
Managing your existing debit and credit cards.<br />
<br />
<h3 style="text-align: left;">
BB</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-8QGCRIVMkAI/W3svwkbr0DI/AAAAAAAACDA/RybHp9MhWLYv3K381QDXSbSyXn_Og6HHgCLcBGAs/s1600/Screenshot_20180811-171638.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB card management" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://2.bp.blogspot.com/-8QGCRIVMkAI/W3svwkbr0DI/AAAAAAAACDA/RybHp9MhWLYv3K381QDXSbSyXn_Og6HHgCLcBGAs/s320/Screenshot_20180811-171638.jpg" title="BB card management" width="180" /></a></div>
<br />
You can request issuing a new card, renew an expiring one, block and replace a card, and change the pin code of a current debit or credit card. The change of a pin code is instant.<br />
<br />
When issuing a new card, you can receive/print the card instantly from any <a href="https://boubyan.bankboubyan.com/en/personal/cards/cards-issuance/">Boubyan Direct</a> ATM. These machines are accessible 24/7 (when inside the bank's building).<br />
<br />
When I opened my account, I received my debit card on the spot, and my credit card was issued first on the spot, and then the account manager called me on the same day when he got the approval to activate it. This meant you get the card, and then deal with approvals, so you won't have to go to the branch twice.<br />
<br />
<h3 style="text-align: left;">
NBK</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-l-2EXKMxTA4/W3s25gK-s0I/AAAAAAAACDs/T-vHAyK5EWYuGpuXLavNJhvxEJuFAEdngCLcBGAs/s1600/IMG_20180811_231117.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="NBK card management" border="0" data-original-height="956" data-original-width="661" height="320" src="https://2.bp.blogspot.com/-l-2EXKMxTA4/W3s25gK-s0I/AAAAAAAACDs/T-vHAyK5EWYuGpuXLavNJhvxEJuFAEdngCLcBGAs/s320/IMG_20180811_231117.jpg" title="NBK card management" width="221" /></a></div>
<br />
You can only restrict a card and report it as either lost or stolen.<br />
<br />
<h3 style="text-align: left;">
Score</h3>
<b><span style="color: red;">BB</span></b>: 4<br />
<b><span style="color: #3d85c6;">NBK</span></b>: 1<br />
<br />
Issue card, renew, block and replace and change pin code.<br />
<br />
<h2 style="text-align: left;">
Life-Style Integration</h2>
See how the bank understands its audience and stay up to date with new tech and gadgets.<br />
<br />
<h3 style="text-align: left;">
BB</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-CriWXZHNHa0/W3szlbjf6HI/AAAAAAAACDM/57CsVJPMAtk7mYcSIA3l8cI4zsK4Kg-MACLcBGAs/s1600/Screenshot_20180811-171230.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB enable UTap and Android watch integration" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://1.bp.blogspot.com/-CriWXZHNHa0/W3szlbjf6HI/AAAAAAAACDM/57CsVJPMAtk7mYcSIA3l8cI4zsK4Kg-MACLcBGAs/s320/Screenshot_20180811-171230.jpg" title="BB enable UTap and Android watch integration" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-NpCjnA-w3i8/W3sz1ficuwI/AAAAAAAACDQ/ZzHH8P0PdYw4E-CH5ZZIlybhYWI72naowCLcBGAs/s1600/Screenshot_20180811-172414.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB Msa3ed - 1" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://2.bp.blogspot.com/-NpCjnA-w3i8/W3sz1ficuwI/AAAAAAAACDQ/ZzHH8P0PdYw4E-CH5ZZIlybhYWI72naowCLcBGAs/s320/Screenshot_20180811-172414.jpg" title="BB Msa3ed - 1" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-UdQpyAazpQ8/W3sz2Ma52II/AAAAAAAACDY/04QryzAgTDQHP50t8jjFH76q12K7OwYwgCEwYBhgL/s1600/Screenshot_20180811-172944.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB Msa3ed - 2" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://4.bp.blogspot.com/-UdQpyAazpQ8/W3sz2Ma52II/AAAAAAAACDY/04QryzAgTDQHP50t8jjFH76q12K7OwYwgCEwYBhgL/s320/Screenshot_20180811-172944.jpg" title="BB Msa3ed - 2" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-igBIg34UgDk/W3sz2cdeehI/AAAAAAAACDc/_8OWHUI4c4QFgW7vCDBwxnCiwSKcpEwgwCEwYBhgL/s1600/Screenshot_20180811-172957.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BB Msa3ed - 3" border="0" data-original-height="1600" data-original-width="900" height="320" src="https://1.bp.blogspot.com/-igBIg34UgDk/W3sz2cdeehI/AAAAAAAACDc/_8OWHUI4c4QFgW7vCDBwxnCiwSKcpEwgwCEwYBhgL/s320/Screenshot_20180811-172957.jpg" title="BB Msa3ed - 3" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
First, UTap. As new cards have wireless/NFC support, where you can tap the card onto a Point of Sale (PoS) machine rather than insert it, it also adds risk, as someone could scan your card while it's in your wallet. UTap feature allows you to use your Android phone to tap into a PoS as if it's a card you've previously chosen, as Android supports NFC.<br />
<br />
This is also useful in case you forgot your wallet, or prefer not to give your card to a waiter who's going to wander off with it and can take a picture of it and use it to scam you later. Obviously, only works when the PoS supports NFC/cardless/wireless cards as well.<br />
<br />
Second, Android Wear, is basically supporting payment by tapping/scanning smart watches. This is similar to Apple Pay with Apple Watch, but as that requires the company to pay apple a foot and a kidney, choosing Android is a free option. Who knows, maybe they'll add Apple support if there's sufficient demand to subsidize the fees.<br />
<br />
Last but not least, is Msa3ed, the chat bot. You type what you want and it executes commands for you as seen above where I list my credit card history. In case you don't bother remembering where a function is located, you could simply type and it'll show/execute what you need. It can save time, and it can waste it, depending on your usage, I guess.<br />
<br />
<h3 style="text-align: left;">
NBK</h3>
Apart from providing discounts at more shops, there's nothing in the "banking experience" to show for it.<br />
<br />
<h3 style="text-align: left;">
Score</h3>
<b><span style="color: red;">BB</span></b>: 3<br />
<b><span style="color: #3d85c6;">NBK</span></b>: 0<br />
<br />
Use phone for payment, use watch for payment, and chat bot.<br />
<br />
<h2 style="text-align: left;">
Summary</h2>
Boubyan Bank's consumer services team understands what the people want and delivers on that. Cardless withdrawals, pin code change, issuing cards on the spot, ease of adding beneficiaries, ease of transfers, and many other functions.<br />
<br />
The team behind deciding the user interface elements and usage is also worthy of praise, as they know how to make use of a phone's limited space in a very practical and effective way.<br />
<br />
NBK on the other hand is unfortunately still dealing with banking and services' consumers as it was in 1995. I've been with NBK for 23 years and have used their "online" services when they first launched it by dialing in via modems in the late '90s. I have seen their web portals, and believe me, the improvement is minuscule, especially for a bank the size of NBK (one of the largest in the Middle East).<br />
<br />
Also, from observing the multiple portals and services that NBK delivered over the years, it seems that management is completely disconnected from its consumers. Whatever banking services being delivered, are delivered based on necessity only. I presume this happens because management doesn't use the application (nor portal) itself, and instead rely on personal account managers to do everything for them.<br />
<br />
As for the team(s) behind the application, it feels as if a bunch of engineers and coders were forced to deliver a feature, but no User Experience (UX) or User Interface (UI) person was involved to properly do a layout design to make things accessible and easy to use.<br />
<br />
NBK needs to shift its mindset to treat banking as an instant service, rather than a service that revolves around a branch (a building), tellers and account managers. Consumers don't care about these things and simply want fastest way to consume a service, and fastest way to reach answers, should they have any.<br />
<br />
I know this post seems harsh towards NBK, but I wanted to highlight feature differences, hoping NBK would finally put enough effort into catching up and exceeding its clients' expectations, assuming it cares about clients such as myself and my friends: the so called millennials, rather than focus on private banking and multi-million KWD clients *only*.<br />
<br />
<h3 style="text-align: left;">
Score</h3>
<b><span style="color: red;">BB total score</span></b>: 37<br />
<b><span style="color: #3d85c6;">NBK total score</span></b>: 8<br />
<br />
What does this score mean? It means Boubyan Bank has 37 advantages over NBK, and NBK has only 8 advantages against Boubyan.</div>
MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com1tag:blogger.com,1999:blog-8353696605063426251.post-28433589921025564012018-08-15T13:02:00.000+03:002018-08-18T19:35:07.276+03:00Hyperthreading Mitigation Security Warnings<div dir="ltr" style="text-align: left;" trbidi="on">
13 hours ago <a href="https://www.vmware.com/security/advisories/VMSA-2018-0020.html">VMware issued critical security patches</a> for VMware vCenter, ESXi, Fusion and Workstation products as part of advisory <b>VMSA-2018-0020</b> to fix the <a href="https://www.engadget.com/2018/08/14/intel-discloses-processor-vulnerability-l1tf/">new CPU vulnerabilities Intel disclosed</a> as well.<br />
<br />
After applying the patches (Aug 14, 2018), a warning message showed on patched ESXi hosts: esx.problem.hyperthreading.unmitigated<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-5A-FEf2q8XE/W3P5a8lygrI/AAAAAAAAB7I/TtI7stzVWncNSQmeI8e8M2KkFtN-LzclwCLcBGAs/s1600/hyperthreading00-b.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="host summary showing hyperthreading unmitigated error" border="0" data-original-height="465" data-original-width="851" height="174" src="https://3.bp.blogspot.com/-5A-FEf2q8XE/W3P5a8lygrI/AAAAAAAAB7I/TtI7stzVWncNSQmeI8e8M2KkFtN-LzclwCLcBGAs/s320/hyperthreading00-b.png" title="host summary showing hyperthreading unmitigated error" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
According to the <a href="https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-670d-release-notes.html">release notes</a>, VMware introduced a new Advanced Configuration on the hosts to mitigate the new hyperthreading attacks, however, it states there's a performance hit that cannot be ignored.<br />
<br />
After applying the patches, you have to manually enable the Hyperthreading mitigation setting in the advanced functions to enable the security fix, otherwise the exclamation mark on the host and the warning above will persist. It's set to manual modification due to the performance impact.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-n2thkwNx9LM/W3P5v07FlHI/AAAAAAAAB7Q/fsN3dMUAuWgoQzTKTFhUqIUx5FPg-OcRwCLcBGAs/s1600/hyperthreading01-b.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="hyperthreading mitigation advanced setting" border="0" data-original-height="405" data-original-width="1600" height="81" src="https://4.bp.blogspot.com/-n2thkwNx9LM/W3P5v07FlHI/AAAAAAAAB7Q/fsN3dMUAuWgoQzTKTFhUqIUx5FPg-OcRwCLcBGAs/s320/hyperthreading01-b.PNG" title="hyperthreading mitigation advanced setting" width="320" /></a></div>
<br />
Change the value of "VMKernel.Boot.hyperthreadingMitigation" to true, then reboot the host for changes to take effect.<br />
<br />
<h3 style="text-align: left;">
Update 1: Aug 15, 2018 - 14:29 UTC+3</h3>
After enabling hyperthreading mitigation, some virtual machines that were running HTTPS/443 services weren't accessible anymore. The VM is accessible, but not services on port 443 TCP. After undoing the configuration and rebooting the host, the services functioned again.<br />
<br />
Approach this setting and the security vulnerability with caution and do proper testing for every service you have deployed.</div>
MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com3tag:blogger.com,1999:blog-8353696605063426251.post-75172390154849373122018-08-13T19:49:00.000+03:002018-08-13T19:49:51.964+03:00RFID and NFC Blocking Wallets<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="text-align: left;">
Introduction</h2>
I've been on the lookout for a new wallet that blocks RFID/NFC frequencies to protect against scanners from people walking by you and <a href="https://www.youtube.com/results?search_query=contactless+card+theft">scanning your cards' data</a>.<br />
<br />
Even though<a href="https://en.wikipedia.org/wiki/Contactless_payment#Floor_limit"> contactless cards have a limit</a> set to allow payment without needing the pin, and if the limit is exceeding, a pin will be required, this limit varies from one country to another, and is enforced per transaction, not as a daily cap. So, if your card is cloned, the scammers can use it at different places throughout the day multiple times until you cancel/block the card with your bank.<br />
<br />
<b>Note</b>: The pictures are taken with my OnePlus 5 phone's camera and are in no an indication of any product's quality. The camera isn't as good as that of Samsung or iPhone.<br />
<br />
<h2 style="text-align: left;">
Finding The Right Wallet</h2>
My first attempt was to find one from mainstream wallet makers such as Mont Blanc and Prada, however, Prada didn't have any that block RFID/NFC and Mont Blanc only had one, but was bulky due to the big coin pouch in it.<br />
<br />
My criteria:<br />
<br />
<ol style="text-align: left;">
<li>Minimalistic: thin & no coins.</li>
<li>Fit big bank notes (height of 76 mm & length of 160 mm). I travel to Europe and Japan, and they have big bank notes.</li>
<li>Fit at least 6 cards.</li>
<li>Block RFIC/NFC.</li>
<li>Don't bend cards.</li>
<li>Look professional (not childish or cheap knockoff).</li>
</ol>
<br />
<br />
<h3 style="text-align: left;">
Attempt 0</h3>
Initially I found one on Amazon by Travando: <a href="https://travando-wallets.com/collections/alle-produkte/products/kreditkartenetui-mit-geldklammer-rio">Travando Money Clip RIO</a> wallet. After using it for sometime, I wasn't really comfortable with it.<br />
<br />
Pros:<br />
<br />
<ul style="text-align: left;">
<li>Slim</li>
<li>Fits 6 internal cards & 1 external for quick access</li>
<li>Blocks RFID/NFC</li>
<li>Fits big money notes</li>
</ul>
<div>
<br /></div>
<div>
Cons:</div>
<div>
<ul style="text-align: left;">
<li>I never used a money clip approach before & I didn't like it at all. The money felt very exposed, so if you carry a lot of cash, you'd expose yourself in public when opening the wallet.</li>
<li>The wallet is lengthy and the cards get bent over time.</li>
<li>It didn't look professional enough, but this is a personal preference.</li>
<li>Because it's lengthy, it would sometimes bend one half away from the other, so over time, it'll damage the mid-section joining the two halves.</li>
<li>The money clip can't handle too much cash, so I had to slide in only half side and leave the other half out. This also helps getting specific bills out.</li>
</ul>
<div>
<br /></div>
</div>
<div>
One thing as well: they're eco-friendly and use fake leather (faux leather), which is basically synthetic plastic/polymer material that feels like leather. It doesn't age, smell or scratch in a similar way, though. It also looks a bit different. This may or may not be to your liking.</div>
<div>
<br /></div>
<h3 style="text-align: left;">
Attempt 1</h3>
<div>
I kept looking and finally settled on <a href="https://bellroy.com/products/hide-and-seek-wallet/leather_rfid_hi/charcoal#image-0">Bellroy's Hide and Seek</a> wallet (HI size for big bank notes). So far, I like it.</div>
<div>
<br /></div>
<div>
Pros:</div>
<div>
<ul style="text-align: left;">
<li>Slim</li>
<li>Fits 4 quick use cards & 5+ cards in a group slot for stuff you don't use often</li>
<li>Blocks RFID/NFC</li>
<li>Fits lots of money</li>
<li>Has a hidden bank note/money section in addition to the main one</li>
<li>Hidden coin slot inside the hidden money section (a slot not a pouch)</li>
<li>Looks professional & smells good</li>
<li>Many options for colors</li>
<li>Cards don't bend and align properly when the wallet is pressed</li>
</ul>
</div>
<div>
<br /></div>
<div>
Cons:</div>
<div>
<ul style="text-align: left;">
<li>None so far. Will update if I face any.</li>
</ul>
<div>
<br /></div>
</div>
<div>
<h2 style="text-align: left;">
Pictures</h2>
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-UKY3PBoTdrk/W3GzC5_VFUI/AAAAAAAAB5U/79oZWHaxLw8e7n3PovrFKJ3OK5eDdVQwwCLcBGAs/s1600/IMG_20180813_122202__01.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="473" data-original-width="1600" height="94" src="https://3.bp.blogspot.com/-UKY3PBoTdrk/W3GzC5_VFUI/AAAAAAAAB5U/79oZWHaxLw8e7n3PovrFKJ3OK5eDdVQwwCLcBGAs/s320/IMG_20180813_122202__01.jpg" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-hf-fvi_FCMM/W3GzDgIzdeI/AAAAAAAAB5Y/hF24K9Y7xJkQTmXwl1bnd3Kwhle7Mih2wCLcBGAs/s1600/IMG_20180813_122206__01.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="680" data-original-width="1600" height="136" src="https://4.bp.blogspot.com/-hf-fvi_FCMM/W3GzDgIzdeI/AAAAAAAAB5Y/hF24K9Y7xJkQTmXwl1bnd3Kwhle7Mih2wCLcBGAs/s320/IMG_20180813_122206__01.jpg" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-OydqkRifNZQ/W3G0L35zrYI/AAAAAAAAB5s/iRGbFLfAQlgxDZ2eHUWYyi19_6CaPgsowCLcBGAs/s1600/IMG_20180813_122225__01.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="541" data-original-width="1600" height="108" src="https://4.bp.blogspot.com/-OydqkRifNZQ/W3G0L35zrYI/AAAAAAAAB5s/iRGbFLfAQlgxDZ2eHUWYyi19_6CaPgsowCLcBGAs/s320/IMG_20180813_122225__01.jpg" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-qxQlXGCOm2c/W3G0LwIJ-3I/AAAAAAAAB5o/Hu8VRwx-7isGDgxMtiXtSC3cErN1KFWuwCLcBGAs/s1600/IMG_20180813_122251__01.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="473" data-original-width="1600" height="94" src="https://1.bp.blogspot.com/-qxQlXGCOm2c/W3G0LwIJ-3I/AAAAAAAAB5o/Hu8VRwx-7isGDgxMtiXtSC3cErN1KFWuwCLcBGAs/s320/IMG_20180813_122251__01.jpg" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-Ibv6cSMZ_D8/W3G0H999jNI/AAAAAAAAB5k/vX8llhDJz44M7EhmBHdbKirmgAtAc7h-QCLcBGAs/s1600/IMG_20180813_122929__01.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1600" data-original-width="565" height="320" src="https://2.bp.blogspot.com/-Ibv6cSMZ_D8/W3G0H999jNI/AAAAAAAAB5k/vX8llhDJz44M7EhmBHdbKirmgAtAc7h-QCLcBGAs/s320/IMG_20180813_122929__01.jpg" width="113" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-idZkja77yfg/W3G0MrfyLpI/AAAAAAAAB5w/fSvApsHUmyY2UPcGE9cVXnnN3GoW08LDQCLcBGAs/s1600/IMG_20180813_123001__01.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="361" data-original-width="1600" height="72" src="https://1.bp.blogspot.com/-idZkja77yfg/W3G0MrfyLpI/AAAAAAAAB5w/fSvApsHUmyY2UPcGE9cVXnnN3GoW08LDQCLcBGAs/s320/IMG_20180813_123001__01.jpg" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-c-tSpCNdayw/W3G0-5ri8sI/AAAAAAAAB6Y/g5uqj7NnrmgQmLaUgnYDeWGmRkftI5buQCLcBGAs/s1600/IMG_20180813_121542__01.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="993" data-original-width="1600" height="198" src="https://2.bp.blogspot.com/-c-tSpCNdayw/W3G0-5ri8sI/AAAAAAAAB6Y/g5uqj7NnrmgQmLaUgnYDeWGmRkftI5buQCLcBGAs/s320/IMG_20180813_121542__01.jpg" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-q8JF-O1MAVA/W3G06-Ayh-I/AAAAAAAAB6M/bMnapWwhH9Ip46RgGbGfip5pOsPXKmiXgCLcBGAs/s1600/IMG_20180813_121756__01.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1600" data-original-width="1425" height="320" src="https://4.bp.blogspot.com/-q8JF-O1MAVA/W3G06-Ayh-I/AAAAAAAAB6M/bMnapWwhH9Ip46RgGbGfip5pOsPXKmiXgCLcBGAs/s320/IMG_20180813_121756__01.jpg" width="285" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-wLFUnqmL4j4/W3G0lPNtzdI/AAAAAAAAB6A/DOplDFe0AjsjsIVPKmkOYqOXwleQBonDgCLcBGAs/s1600/IMG_20180813_123512__01.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1600" data-original-width="689" height="320" src="https://4.bp.blogspot.com/-wLFUnqmL4j4/W3G0lPNtzdI/AAAAAAAAB6A/DOplDFe0AjsjsIVPKmkOYqOXwleQBonDgCLcBGAs/s320/IMG_20180813_123512__01.jpg" width="137" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-jroPEXcbKxQ/W3G0tRh997I/AAAAAAAAB6E/3_WOXZyj6HUo0948oEVvMS15jv4QTuU8wCLcBGAs/s1600/IMG_20180813_124448__01.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1035" data-original-width="1311" height="252" src="https://3.bp.blogspot.com/-jroPEXcbKxQ/W3G0tRh997I/AAAAAAAAB6E/3_WOXZyj6HUo0948oEVvMS15jv4QTuU8wCLcBGAs/s320/IMG_20180813_124448__01.jpg" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-0VsN8bhTAgA/W3G09KH2-kI/AAAAAAAAB6Q/epydW8UqgzchqtJO8g9WyohS7lTGqBeXwCLcBGAs/s1600/IMG_20180813_151750__01.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1024" data-original-width="1600" height="204" src="https://1.bp.blogspot.com/-0VsN8bhTAgA/W3G09KH2-kI/AAAAAAAAB6Q/epydW8UqgzchqtJO8g9WyohS7lTGqBeXwCLcBGAs/s320/IMG_20180813_151750__01.jpg" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-Gx4h2oIt9T0/W3G0_x1_EmI/AAAAAAAAB6c/xhenhy4wLAg7RmPlr8bbZVaKXNELOJ9XACLcBGAs/s1600/IMG_20180813_151757__01.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1600" data-original-width="646" height="320" src="https://4.bp.blogspot.com/-Gx4h2oIt9T0/W3G0_x1_EmI/AAAAAAAAB6c/xhenhy4wLAg7RmPlr8bbZVaKXNELOJ9XACLcBGAs/s320/IMG_20180813_151757__01.jpg" width="129" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-b5HN8VtSek8/W3G1A91fuyI/AAAAAAAAB6g/7Vh9ixm59eYhTITfI3Vp6Ayfb3Cp14dTACLcBGAs/s1600/IMG_20180813_151809__01.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1224" data-original-width="953" height="320" src="https://1.bp.blogspot.com/-b5HN8VtSek8/W3G1A91fuyI/AAAAAAAAB6g/7Vh9ixm59eYhTITfI3Vp6Ayfb3Cp14dTACLcBGAs/s320/IMG_20180813_151809__01.jpg" width="249" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-gZwGQo5j6r4/W3G1D-9aDhI/AAAAAAAAB6k/XsbULFTcMSwdCllAN6IJa119ndf5-DYgACLcBGAs/s1600/IMG_20180813_192455__01.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="809" data-original-width="1600" height="161" src="https://2.bp.blogspot.com/-gZwGQo5j6r4/W3G1D-9aDhI/AAAAAAAAB6k/XsbULFTcMSwdCllAN6IJa119ndf5-DYgACLcBGAs/s320/IMG_20180813_192455__01.jpg" width="320" /></a></div>
<div>
<br /></div>
<div>
In the pictures above, I have 4 cards for quick access visible, and 4 others in the group pouch above the card on the left. There are many more slots available in the Bellroy. Check the link to their site to see more pictures.</div>
</div>
MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com0tag:blogger.com,1999:blog-8353696605063426251.post-4643291628112276202018-08-03T01:15:00.000+03:002018-08-03T01:15:14.473+03:00Scam Alert: Thorium Molten Salt Reactor ICO Is A Scam<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="text-align: left;">
Introduction</h2>
The following conversation(s) happened back in May 2018, but I had a lot on my plate at the time and didn't get to post here. It took place in the <a href="https://t.me/cryptoMENA">CryptoMENA Telegram group</a> where I lurk and contribute to the community and have discussions with various people.<br />
<br />
<h2 style="text-align: left;">
TL;DR</h2>
It's a scam. Those posting about it refer to some videos that talk about how great Thorium is and it being an untapped source of energy. When asked for details, they refer to old research (1968) which didn't even include Thorium and only discussed Molten Salt Reactors (MSRs). At the end, when they have no more excuses, they start a conspiracy theory that countries insist on using nuclear reactors for weaponization purposes.<br />
<br />
<h2>
Warning</h2>
I have kept all links as-is and did not remove their links. The ones to the PDF files and YouTube videos are safe, but click anything else at your own risk.<br />
<br />
<h2 style="text-align: left;">
Details</h2>
Below is the full conversation that happened in the group. I have masked the person's name because I don't want to smear them in person, and only focus on the ICO scam itself. I have also omitted the name of a person I had asked on nuclear reactors as I didn't get his permission prior to publishing this post. If he agrees to have it included, I'll add it later.<br />
<br />
I'm pasting both images (first) then text to allow for the conversation to be indexed by search engines, in hope to save anyone who's looking for evidence or proof.<br />
<br />
<h3 style="text-align: left;">
Picture-Captured Conversation</h3>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://1.bp.blogspot.com/-NwQGS0O4x90/W2N3DEH4VpI/AAAAAAAAB4M/bBsbrUn8WnUGosvhE2TfmiwjRRaEalebACLcBGAs/s1600/msr-thorium-convo-00.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="conversation - part 0" border="0" data-original-height="1600" data-original-width="145" height="320" src="https://1.bp.blogspot.com/-NwQGS0O4x90/W2N3DEH4VpI/AAAAAAAAB4M/bBsbrUn8WnUGosvhE2TfmiwjRRaEalebACLcBGAs/s320/msr-thorium-convo-00.jpg" title="conversation - part 0" width="29" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Part 0</td></tr>
</tbody></table>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://2.bp.blogspot.com/-dkTVjxBOaos/W2N4l2jtyHI/AAAAAAAAB4Y/RcmrGesKAycfaI2zX7pCW5KyAMz5xWG_QCLcBGAs/s1600/msr-thorium-convo-01.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="conversation - part 1" border="0" data-original-height="1600" data-original-width="148" height="320" src="https://2.bp.blogspot.com/-dkTVjxBOaos/W2N4l2jtyHI/AAAAAAAAB4Y/RcmrGesKAycfaI2zX7pCW5KyAMz5xWG_QCLcBGAs/s320/msr-thorium-convo-01.jpg" title="conversation - part 1" width="29" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Part 1</td></tr>
</tbody></table>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><img alt="conversation - part 2" border="0" data-original-height="1600" data-original-width="264" height="320" src="https://3.bp.blogspot.com/-ITsFtfgf0Lk/W2N47SYyZkI/AAAAAAAAB4g/l6rkfhcaxqQmjfkL0L6l5MBopx_xX1RTgCLcBGAs/s320/msr-thorium-convo-02.jpg" style="margin-left: auto; margin-right: auto;" title="conversation - part 2" width="52" /></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Part 2</td></tr>
</tbody></table>
<br />Links to the 2 PDF files the person had shared:<div>
<a href="http://moltensalt.org/references/static/downloads/pdf/ORNL-TM-2316.pdf">ORNL-TM-2316.pdf</a> : "Physical Properties of Molten-Salt Reactor Fuel, Coolant, and Flush Salts"</div>
<div>
<a href="https://info.ornl.gov/sites/publications/files/Pub20808.pdf">Pub20808.pdf</a> : "An Account of Oak Ridge National Laboratory’s Thirteen Nuclear Reactors"</div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-ITsFtfgf0Lk/W2N47SYyZkI/AAAAAAAAB4g/l6rkfhcaxqQmjfkL0L6l5MBopx_xX1RTgCLcBGAs/s1600/msr-thorium-convo-02.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"></a><br /><a href="https://3.bp.blogspot.com/-ITsFtfgf0Lk/W2N47SYyZkI/AAAAAAAAB4g/l6rkfhcaxqQmjfkL0L6l5MBopx_xX1RTgCLcBGAs/s1600/msr-thorium-convo-02.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<h3 style="clear: both; text-align: left;">
Text Conversation</h3>
<div class="separator" style="clear: both; text-align: left;">
The conversation is between 1 person and myself. I will add my name and color my text in red to differentiate it from the person.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<b>Person</b>: Make an impact - on your future and your children's, children's future: join our early blockchain project and contribute to clean transparent energy production. Now is our Private Token Sale. Watch these videos for more... The tech: https://goo.gl/WKDfsY; The story: https://goo.gl/7vwmkF</div>
<div class="separator" style="clear: both;">
Register for the PTS document: https://goo.gl/XWTLe8. </div>
<div class="separator" style="clear: both;">
Let's build our future together.</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><b>MBH</b>: Someone mentioned this last month, and as I warned before: Thorium reactors are inefficient on an industrial scale and that's why they weren't done decades ago.</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">You're free to invest into any coin you like, but don't do it based on false information and false promises.</span></div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
<b>Person</b>: Thanks for your comments , but I am sure the Danish nuclear group Copenhagen Atomics has other point of view. They are partner in this project which I assume if it such project won't be feasible they would not invested and have dedicated team, nor would 100 other companies be developing molten salt technology, including a Chinese team with 700 engineers. Oak Ridge laboratory was forced to shut down their working molten salt loop in 1974 by the FBI because the reactor burns highly efficently and does not product plutonium - that means a thorium LFTR in thermal spectrum can't be used to make material for nuclear weapons. There's a great interview with two of the original engineers somewhere on youtube. Anyhow Denmark and other parts of world are long ahead of us in such subjects. </div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
Also your point that this group is related to the Crypto is valid too. The blockchain for thorium is going to be the first ever transparent nuclear energy source tracking and management system ever in the world. Backed by thorium, each token will trace all energy production from this amazing fuel source. However I saw there are many related discussions to ICO therefore I thought this can be relevant too, perhaps my misunderstanding.</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><b>MBH</b>: Show me a valid research paper for mass produced Thorium reactors, please.</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">All what I saw were a bunch of videos, but the papers I saw indicated inefficiencies in production.</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">And yes, I understand it's an ICO and related to this group, which is why I didn't question that :)</span></div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
<b>Person</b>: It's a proven technology - just forgotten - on purpose ;o)</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
Here's the research paper you ask for (the pdf)</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
And a video based on the paper:</div>
<div class="separator" style="clear: both;">
https://www.youtube.com/watch?v=tyDbq5HRs0o</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
Wikipedia is an easier read, though not as accurate as the actual paper:</div>
<div class="separator" style="clear: both;">
https://en.wikipedia.org/wiki/Molten-Salt_Reactor_Experiment</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
Here's an interview in 2012 with two of the engineers from Oak Ridge who actually worked on the molten salt reactor. They add much more context to the paper:</div>
<div class="separator" style="clear: both;">
https://www.youtube.com/watch?v=ENH-jd6NhRc</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
Here's the reactor now:</div>
<div class="separator" style="clear: both;">
https://www.youtube.com/watch?v=knofNX7HCbg</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><b>MBH</b>: I don't want videos and interviews. I want a research paper for a production ready reactor.</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">Why would the energy industry leave such a lucrative energy source untapped? Especially in Germany and France.</span></div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
<b>Person</b>: <a href="http://moltensalt.org/references/static/downloads/pdf/ORNL-TM-2316.pdf">ORNL-TM-2316.pdf</a></div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><b>MBH</b>: I mention these 2 countries specifically because they're heavy on nuclear reactors, and if something exists that's cheaper and cleaner, then they would've used it.</span></div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
<b>Person</b>: <a href="https://info.ornl.gov/sites/publications/files/Pub20808.pdf">Pub20808.pdf</a></div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
This TSN blockchain aims to put the power of decentralisation, transparency and accountability of a vitally important energy technology back into the control of the people, and not governments. For civilian owned and managed power generation.</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
Here's one of our ICO members, Thomas Jam Pedersen, talking about the technology:</div>
<div class="separator" style="clear: both;">
https://www.youtube.com/watch?v=tHO1ebNxhVI</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
Thomas just got back from presenting in China at a nuclear energy conference. Once the private token sale is over some of that footage will be used for the preICO.</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
I shared you the research papers</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
France wanted nuclear weapons</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
one of their representative is here in Kuwait if anyone wants to know more about the technology and their current stage and process just register in this link https://goo.gl/XWTLe8 .</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><b>MBH</b>: This talks about salt mixtures & plainly says it hopes for nuclear reactor design engineers to make use of it at some point. This is dating to 1968, yet we still don't have a single molten salt reactor...</span></div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
<b>Person</b>: You have not read it, it was a working molten reactor for 5 years</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><b>MBH</b>: (inserted picture showing an excerpt of the first document searching for the word "Thorium")</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-SPfhxnsiZCQ/W2OACnwKc0I/AAAAAAAAB4s/5nv1jHq7Kig7dpC1E2uV369JUcV7pguCwCLcBGAs/s1600/IMG_20180803_005913_985.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="excerpt from first PDF" border="0" data-original-height="720" data-original-width="1280" height="180" src="https://1.bp.blogspot.com/-SPfhxnsiZCQ/W2OACnwKc0I/AAAAAAAAB4s/5nv1jHq7Kig7dpC1E2uV369JUcV7pguCwCLcBGAs/s320/IMG_20180803_005913_985.jpg" title="excerpt from first PDF" width="320" /></a></div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
<span style="color: red;">It talks about molten salt reactors, and then clearly states thorium was never used in the reactors (was part of the concept but never used in practice).</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">Let me ask: 5 years of a working *Thorium* MSRE? Or just a MSRE?</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">Why haven't there ever been any mass produced Thorium MSREs since 1950s?!?</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">All claims for Thorium MSREs are reducing cost of the nuclear reactors and the fuel, yet not a single mass produced one exists. All existed in experiments, if ever.</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">Germany is pushing hard for renewables & last year generated 30% of its need from them in one of the months, but that's not sustainable throughout the year, so nuclear is still needed throughout the year for sustainable energy.</span></div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
<b>Person</b>: You have a point, but you are missing the big one: why isn't thorium mainstream? </div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
Because you can't make weapons out of it. </div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
It was bluntly shelved for this reason </div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
(In fact staff at ORL were told to destroy their research. They didn't thankfully...)</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
There's a huge misconception in "nuclear" energy.</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
The way of obtaining electrical energy using uranium is totally different to getting it from it's cousin, thorium.</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
It's like comparing apples with oranges. They just ain't the same.</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
The hugely expensive nuclear facilities of present day are like they are not to produce the energy - the energy comes out easy - way too easy.</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
The huge money in present nuclear is spent in-case things go wrong: spent to prevent a meltdown - a very bad thing; and spent to contain explosions from spreading radioactive material in the area - like Fukushima or Chernobyl....</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
Thorium doesn't need such high costs: 1) it can not "melt down", the technical reason is neutron density reduces as the fuel gets hotter, it cools, so it self regulates. No intervention needed, and 2) there is no high pressure cooling fluid pummelled with neutrons to either produce hydrogen (that goes bang) or create a rapidly expanding radioactive water vapour (steam explosion). So no massive containment building or complex safety shut down systems are needed. The costs are much, much less.</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
Speaking of waste: less than 0.5% of the same volume of a uranium machine is produced in a thorium machine and this 0.5% only needs to be stored for 300 years... </div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
So, comparing apples with oranges is what is happening here between uranium and thorium. You can't, and shouldn't once you know the science.</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
(yes, for present nuclear it is in the billions to produce electricity at 20 cents per kWh and above - when you include the environmental costs. The thorium target is 5 cents per MWh, matching that with nuclear energy produced in France. Thorium doesn't have any significant environmental costs). </div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
Let's compare thorium as an energy source to the crypto market directly.</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
Here's the main reason why the bitcoin and crypto market is coming alive - rigging the gold and silver markets - traditional safe havens amid economic turbulence:</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
(see the chart...)</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
But! -Why- has gold been flat for the last five years? </div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
Because of futures contracts, rigged, fraudulent paper contracts issued mainly by the bullion banks themselves to control the market and avoid bank runs. The coverage ratio in the chart tells all. The ratio is now above 500 to 1.</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
500 to 1.....</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
500 imaginary bars of gold to 1, actual, physical, real bar of gold...</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
Basel 3 set the asset (cash) to debt ratio of 8 to 1 for the debt banking system....</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
Bullion banks and the futures markets operate outside Basel 3....</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
A -scam- pure and simple of the highest order.</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
https://www.moneymetals.com/news/2016/05/16/silver-gold-futures-market-000868</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><b>MBH</b>: If weapon manufacturing is the reason: why are the following renewable energy technologies being invested into heavily especially by Europe?</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">- Wind</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">- Batteries</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">- Geothermal</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">- Solar panels</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">None of these are used for weapon manufacturing. Also, a nuclear bomb is very tiny in comparison to a reactor.</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">Yes, a lot of money goes into maintenance and safety procedures and construction, but that's a very well known issue with nuclear reactors.</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">Thorium research wasn't asked to be destroyed. They were asked to decommission the facility, just like any tech that's no longer funded. It's mentioned in the report you sent about Oak Ridge Lab.</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">I'm glad you mentioned the ICO.</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">I don't understand why someone who found a solution to make Thorium MSREs finally feasible, isn't patenting and getting VC/gov funding directly?</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">Why do an ICO? No regulation here and can easily run off with money.</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">Why not establish a legitimate company and go through funding?</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">Where are the patents?</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">Nothing makes sense in a scientific approach nor a business approach.</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">I'm not familiar with nuclear fission requirements, but I'm free in Ramadhan and can read about it and debate this, or I can ask a cousin who is a nuclear power engineer.</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">However, I don't need to know those to answer my other obvious questions about mass production of a thorium msre and the business plan and getting gov funding for a working demo of a mass produced design, rather than ask people to give money.</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">I think my cousin has a PhD in nuclear power now.</span></div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
<b>Person</b>: This is a following chart to my earlier text abt the gold and comparison with thorium , see this chart</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
(inserts chart showing Comex Gold Cover ration [Open Interest/Registered Gold]. Y-Axis: 0x to 600x and X-Axis: 2000 to 2016)</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-vI5w5taLcFg/W2OBH40UlRI/AAAAAAAAB40/Kqkv5WekXVUFi6Jv6QY1k3ZChMBEbMyjQCLcBGAs/s1600/IMG_20180803_005918_969.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Comex Gold Cover ration [Open Interest/Registered Gold]" border="0" data-original-height="362" data-original-width="600" height="193" src="https://4.bp.blogspot.com/-vI5w5taLcFg/W2OBH40UlRI/AAAAAAAAB40/Kqkv5WekXVUFi6Jv6QY1k3ZChMBEbMyjQCLcBGAs/s320/IMG_20180803_005918_969.jpg" title="Comex Gold Cover ration [Open Interest/Registered Gold]" width="320" /></a></div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
Yes, thorium is heavily financed by the governments of Russia, China and India. The congress of US recently made a new law allowing research into thorium energy, hence opening up government funding in that country also</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
We are very confident that with transparency and legitimacy brought to the table of the nuclear industry. We'll start a similar run as Bitcoin did in 2009. Bitcoin revolutionised money. The Thorium network will revolutionise nuclear energy.</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
Are we going to face opposition: we sure are! But again it's a project worth pursuing because the benefits of transparency drives innovation faster and this drives price discovery, for the entire world to see, watch, monitor and report upon.</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
Get into the tech, it's complicated, but it's worth it.</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
Poor Thorium suffered a similar fate, and continues to do so.</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
Fortunately the technology to bring it to life is nearing completion with Copenhagen Atomics, They have developed cutting edge monitoring and control systems.</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
Plus there are another 100 or more companies busy working on LFTR technology. </div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
China is scheduling 2024 for a working commercial LFTR machine.</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
From an engineering point of view, the physical technology required for LFTR is actually less sophisticated than that required to extract nickel from nickel laterite ores. Something that pioneers in Australia at Anaconda Nickel did in the early 2000's. </div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
They took a huge technical risk and almost broke the company - it cost $1.6b to build when they budgeted only $1b. </div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
@ Murrin Murrin Ni-Co: High pressure, high temperature acidic slurry - really hard to deal with, but the plant has been successfully producing high grade nickle since 2005.</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
(a member of the ICO team was close to this nickel project, so has first hand knowledge of it)</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><b>MBH</b>: I spoke to [redacted]. Neither of us is convinced. He mentioned power generated from Thorium is far less than that from Uranium.</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">He also directed me to look at International Atomic Energy Agency (iaea.org) and see if I can find a list of thorium based reactors. There are none that I could find listed there, and the agency lists ALL reactors around the world.</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">Research by IAEA members on Thorium dates to 2001, by member countries: France, Germany, India, Japan & Russia.</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">An article dating to 2016 titled "Advanced Nuclear Fuels and Fuel Cycles" stated the following countries are collaborating in seeing a long term research in using Thorium: Canada, China, Czech, Germany, India, Israel, Italy & USA. No output from this yet.</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">Finally, I still don't see how an ICO/coin is related to building thorium reactors, when country-level budgets are spent in early research phases.</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">So if anything, this whole ICO is nothing but a scam.</span></div>
<div class="separator" style="clear: both;">
<span style="color: red;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="color: red;">If you want to discuss great possibilities of Thorium as a fuel, we can do that in a separate place. Feel free to discuss the ICO itself and how it relates, as long as you provide solid proof and not long statements with scattered scientific jargon without proof.</span></div>
</div>
</div>
MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com0tag:blogger.com,1999:blog-8353696605063426251.post-16437116725249380372017-12-09T21:07:00.000+03:002017-12-09T21:07:33.907+03:00Vulnerability in Wickr: Bypassing Password on Android<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="text-align: left;">
Summary</h2>
I have reported this issue directly to Wickr on Sep 12th to the Wickr team. Within few hours, they escalated the ticket to the devs and confirmed my findings & that they're fixing it.<br />
<br />
The bug has been fixed for a while now, and you're urged to make sure you have the latest version.<br />
<br />
<h2 style="text-align: left;">
Vulnerability Description</h2>
I have enabled the auth option to require a password. However, as soon as I switch to another app, it requires a lock immediately.<br />
<br />
To bypass the lock, first I open recent apps context menu in Android and select Wickr. The lock screen shows. Then, I click on a Wickr message notification from the notification drop menu. It immediately opens the message itself and if I click the back button, it opens the main chat list and I can browse other chats. No password needed.<br />
<br />
I also noticed that if I click the notification first, it does ask for a password, so first Wickr has to be selected from the recent apps, then click on the notification.<br />
<br />
<br />
<h2 style="text-align: left;">
Bonus</h2>
The Wickr team was super friendly and offered me some freebies: tshirts, a hoodie, and stickers. The app is free and open source, and I'm quite happy to have been able to give back to the community, so the bonus stuff made me feel extra special.<br />
<br />
Big thumbs up the Wickr team for their extremely fast response and fix to the issue.</div>
MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com0tag:blogger.com,1999:blog-8353696605063426251.post-2680726508424856922017-11-15T10:08:00.000+03:002017-12-09T20:40:11.579+03:00Blockchain & Crypto Currency Introduction Seminar<div dir="ltr" style="text-align: left;" trbidi="on">
In collaboration with <a href="http://sirdab-lab.com/" rel="nofollow">Sirdab Lab</a>, I'll be talking about something that I should've since 2010: Crypto currencies.<br />
<br />
The introduction's title is: 'Intro to Crypto Currencies: Blockchain, Bitcoin & Other Bits' on Monday December 4th, 2017 at 6 PM (1800).<br />
<br />
The content will be suitable for newbies, traders, bankers, investors, law makers and the generally curious.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-nQT8JpCr700/WgvmmqN_jDI/AAAAAAAAB1s/4YZy131TWoAxzqv4zfJAnnD5Lv3PBvAmQCLcBGAs/s1600/SL_Bitcoin%2BSeminar.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="640" data-original-width="640" height="320" src="https://3.bp.blogspot.com/-nQT8JpCr700/WgvmmqN_jDI/AAAAAAAAB1s/4YZy131TWoAxzqv4zfJAnnD5Lv3PBvAmQCLcBGAs/s320/SL_Bitcoin%2BSeminar.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Sirdab Lab's location: Dasman Complex Ground floor, Jaber Al-Mubarak St, Sharq, Kuwait City. (<a href="https://goo.gl/maps/Pwhg69HjnD42">Google Maps</a>).</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Update:</div>
<div class="separator" style="clear: both; text-align: left;">
The session was recorded and the slides & audio were merged into a video that's available now online: <a href="https://www.youtube.com/watch?v=_Mu9_PcyJi0">https://www.youtube.com/watch?v=_Mu9_PcyJi0</a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
The description has links to the slides and the raw mp3 file, for those who want to listen to the audio online. The slides have notes under each slide for added discussion and elaboration.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Link to the slides: <a href="https://goo.gl/bcZFmi">https://goo.gl/bcZFmi</a></div>
<div class="separator" style="clear: both; text-align: left;">
Link to the mp3 audio file: <a href="https://goo.gl/bHTRmC">https://goo.gl/bHTRmC</a></div>
<div>
<br /></div>
</div>
MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com0Jaber Al-Mubarak St, Kuwait City, Kuwait29.3832241 47.98963709999998213.3526786 27.335340099999982 45.413769599999995 68.643934099999981tag:blogger.com,1999:blog-8353696605063426251.post-42027312030650987882016-02-29T11:59:00.002+03:002016-03-01T13:02:41.949+03:00Freeing Disk from VMware Virtual Flash Read Cache (vFRC)<div dir="ltr" style="text-align: left;" trbidi="on">
I was toying with vFRC in my lab and when I was done, I deleted the volume from the vSphere web client, but the local flash disk had retained its GPT partition format and was still claimed as a VMFS volume. I was unable to use that disk for other applications.<br />
<br />
Try deleting using the web client:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-oRUHLmhCs4M/VtVosFJ1rsI/AAAAAAAAAxE/HBPsWL1lpcs/s1600/vFRC-partition-delete.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="133" src="https://1.bp.blogspot.com/-oRUHLmhCs4M/VtVosFJ1rsI/AAAAAAAAAxE/HBPsWL1lpcs/s400/vFRC-partition-delete.png" width="400" /></a></div>
<br />
Select the host then go to Manage tab then select Storage option and from there choose the Storage Devices entry. Select the disk, then click on the gear icon and choose Erase Partitions. Make sure you selected the right disk because this will wipe everything.<br />
<a href="https://www.blogger.com/blogger.g?blogID=8353696605063426251" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><br />
<br />
Via CLI: To delete the disk partition, first enable SSH on the host, then login and list all disks:<br />
<span style="color: orange;"> ls -l /vmfs/devices/disks/</span><br />
<br />
Sample output:<br />
<span style="color: orange;">ls -l /vmfs/devices/disks/<br />total 495867432<br />-rw------- 1 root root 8004304896 Feb 29 08:45 mpx.vmhba32:C0:T0:L0<br />-rw------- 1 root root 4161536 Feb 29 08:45 mpx.vmhba32:C0:T0:L0:1<br />-rw------- 1 root root 262127616 Feb 29 08:45 mpx.vmhba32:C0:T0:L0:5<br />-rw------- 1 root root 262127616 Feb 29 08:45 mpx.vmhba32:C0:T0:L0:6<br />-rw------- 1 root root 115326976 Feb 29 08:45 mpx.vmhba32:C0:T0:L0:7<br />-rw------- 1 root root 299876352 Feb 29 08:45 mpx.vmhba32:C0:T0:L0:8<br />-rw------- 1 root root 2684354560 Feb 29 08:45 mpx.vmhba32:C0:T0:L0:9<br />-rw------- 1 root root 128035676160 Feb 29 08:45 t10.ATA_____ADATA_SP600_____________________________7F1820011415________<br />-rw------- 1 root root 128033579008 Feb 29 08:45 t10.ATA_____ADATA_SP600_____________________________7F1820011415________:1<br />-rw------- 1 root root 120034123776 Feb 29 08:45 t10.ATA_____KINGSTON_SV300S37A120G__________________50026B7255068D61____<br />-rw------- 1 root root 120032591872 Feb 29 08:45 t10.ATA_____KINGSTON_SV300S37A120G__________________50026B7255068D61____:1<br />lrwxrwxrwx 1 root root 20 Feb 29 08:45 vml.0000000000766d68626133323a303a30 -> mpx.vmhba32:C0:T0:L0<br />lrwxrwxrwx 1 root root 22 Feb 29 08:45 vml.0000000000766d68626133323a303a30:1 -> mpx.vmhba32:C0:T0:L0:1<br />lrwxrwxrwx 1 root root 22 Feb 29 08:45 vml.0000000000766d68626133323a303a30:5 -> mpx.vmhba32:C0:T0:L0:5<br />lrwxrwxrwx 1 root root 22 Feb 29 08:45 vml.0000000000766d68626133323a303a30:6 -> mpx.vmhba32:C0:T0:L0:6<br />lrwxrwxrwx 1 root root 22 Feb 29 08:45 vml.0000000000766d68626133323a303a30:7 -> mpx.vmhba32:C0:T0:L0:7<br />lrwxrwxrwx 1 root root 22 Feb 29 08:45 vml.0000000000766d68626133323a303a30:8 -> mpx.vmhba32:C0:T0:L0:8<br />lrwxrwxrwx 1 root root 22 Feb 29 08:45 vml.0000000000766d68626133323a303a30:9 -> mpx.vmhba32:C0:T0:L0:9<br />lrwxrwxrwx 1 root root 72 Feb 29 08:45 vml.010000000035303032364237323535303638443631202020204b494e475354 -> t10.ATA_____KINGSTON_SV300S37A120G______________ ____50026B7255068D61____<br />lrwxrwxrwx 1 root root 74 Feb 29 08:45 vml.010000000035303032364237323535303638443631202020204b494e475354:1 -> t10.ATA_____KINGSTON_SV300S37A120G____________ ______50026B7255068D61____:1<br />lrwxrwxrwx 1 root root 72 Feb 29 08:45 vml.01000000003746313832303031313431352020202020202020414441544120 -> t10.ATA_____ADATA_SP600_________________________ ____7F1820011415________<br />lrwxrwxrwx 1 root root 74 Feb 29 08:45 vml.01000000003746313832303031313431352020202020202020414441544120:1 -> t10.ATA_____ADATA_SP600_______________________ ______7F1820011415________:1</span><br />
<br />
<br />
Find your disk there, and then list its partitions:<br />
<span style="color: orange;">partedUtil getptbl /vmfs/devices/disks/<disk></disk></span><br />
<br />
Sample output:<br />
<span style="color: orange;"> partedUtil getptbl /vmfs/devices/disks/vml.010000000035303032364237323535303638443631202020204b494e475354<br />gpt<br />14593 255 63 234441648<br /><span style="color: cyan;">1</span> 2048 234440703 AA31E02A400F11DB9590000C2911D1B8 vmfs 0</span><br />
<br />
You can see above that there's one partition labeled as "vmfs" which we need to get rid of. The leading number (in blue) is the partition number.<br />
<br />
To delete the partition:<br />
<span style="color: orange;">partedUtil delete /vmfs/devices/disks/<disk> <partition number=""></partition></disk></span><br />
<br />
Sample output:<br />
<span style="color: orange;">partedUtil delete /vmfs/devices/disks/vml.010000000035303032364237323535303638443631202020204b494e475354 1</span><br />
<br />
Done. Look in vSphere web client and it should now report 0 primary partitions on that disk and you're free to use it for something else.<br />
<br />
Check the partition table:<br />
<span style="color: orange;">partedUtil getptbl /vmfs/devices/disks/vml.010000000035303032364237323535303638443631202020204b494e475354<br />gpt<br />14593 255 63 234441648</span></div>
MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com0tag:blogger.com,1999:blog-8353696605063426251.post-78821753636156348542016-02-06T23:16:00.000+03:002016-03-04T01:27:31.774+03:00NGINX with High Security Ciphers and LetsEncrypt<div dir="ltr" style="text-align: left;" trbidi="on">
I want to move away from the bloated Apache web server and NGINX meets my requirements, but this time I want to use SSL/TLS with signed certificates with the highest security ciphers that support Perfect Forward Secrecy, because why not?<br />
<br />
Sadly, the information was scattered and not everything is there in the manuals, so this is a documentation of what I've found and done in my setup.<br />
<br />
The <a href="https://letsencrypt.org/">Let's Encrypt project</a> provides authenticated and validated domain certificates for free! The catch? They expire every 90 days and their official client requires root access & dependencies, but you can (auto)renew and avoid these. Read on to know more.<br />
<br />
<h2 style="text-align: left;">
Article Updates</h2>
<ol style="text-align: left;">
<li>Mar 3rd</li>
<ol>
<li>Corrected root's crontab entry.</li>
<li>Corrected headers' content and location</li>
<li>Added more info about security and privacy headers</li>
</ol>
</ol>
<br />
<h2 style="text-align: left;">
Environment</h2>
<div>
My setup consists of the stuff below. This post will presume Debian & NGINX are already installed. In the steps below, a line starting with "#" means it's a command you should type. Type the command without the "#" character (not necessarily as root).</div>
<br />
<ol style="text-align: left;">
<li>Debian Jessie (8)</li>
<ol>
<li><span style="color: orange;">#cat /etc/issue</span></li>
</ol>
<li>NGINX version 1.6.2, installed from nginx-full package.</li>
<ol>
<li><span style="color: orange;">#nginx -v</span></li>
</ol>
<li>OpenSSL 1.0.1k</li>
<ol>
<li><span style="color: orange;">#openssl version</span></li>
</ol>
<li>Python 2.7.9</li>
<ol>
<li><span style="color: orange;">python --version</span></li>
</ol>
<li><a href="https://github.com/diafygi/acme-tiny/">acme-tiny</a> Dec 29, 2015</li>
</ol>
<div>
If you have an older version of openssl or nginx, you're likely to face problems and failures since new ciphers have been introduced in recent versions of OpenSSL only (1.0.1h) and the same for NGINX's settings. Make sure your distro supports the latest versions, otherwise you'll be leaving yourself and your visitors vulnerable.</div>
<div>
<br /></div>
<h3 style="text-align: left;">
Why acme-tiny?</h3>
<div>
The official <a href="https://letsencrypt.org/">letsencrypt</a> client requires installing some dependencies such as gcc (GNU C Compiler) and some other things, in addition to requiring it being run as root, not only once, but as a daemon or in a cronjob as it requires to renew the certificate every 90 days!</div>
<div>
<br /></div>
<div>
As much as I appreciate the Let's Encrypt initiative, I'm not granting their software root access to my machines, nor installing gcc on a production machine. That's where acme-tiny comes in: a small (200 lines) client that is using Let's Encrypt API calls and you can (and should) audit the client's code before using it, since it's only 200 lines of human-readable Python code.</div>
<div>
<br /></div>
<h2 style="text-align: left;">
Configuring NGINX for TLS/PFS</h2>
<div>
SSL is dead. You should be using TLS only, and if you don't have to service old devices (Android 4.x, old IE browsers, Windows XP), then you should be using TLS v1.2 only with a strict set of ciphers.</div>
<div>
<br /></div>
<div>
Perfect Forward Secrecy (PFS) is an old standard but hasn't been widely adopted until after Snowden revealed the amount of encrypted data being stored for later decryption. PFS cycles the encryption key during the session, so even when a session is captured, decryption will be possible only for a small portion as the key changes.</div>
<div>
<br /></div>
<h3 style="text-align: left;">
TLS Config</h3>
<div>
If you're going to configure a wildcard certificate, place the config in /etc/nginx/nginx.conf. Otherwise if the certificate is unique to a specific domain/subdomain, you'll need to place the config in a virtual host config file.</div>
<div>
<br /></div>
<div>
In my case, I started with a wildcard but it self a self-signed certificate and was rejected by browsers, which is normal. Later when I made a Let's Encrypt certificate, I moved it to the specific subdomain.</div>
<div>
Note: Let's Encrypt doesn't support wildcard certs as of this writing, however, they allow you up to 100 domains/subdomains.</div>
<div>
<br /></div>
<div>
Edit <span style="color: red;">/etc/nginx/nginx.conf</span></div>
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #6ab825; font-weight: bold;">user</span> <span style="color: #ed9d13;">www-data</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">worker_processes</span> <span style="color: #3677a9;">4</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">pid</span> <span style="color: #ed9d13;">/run/nginx.pid</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">events</span> <span style="color: #d0d0d0;">{</span>
<span style="color: #6ab825; font-weight: bold;">worker_connections</span> <span style="color: #3677a9;">256</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">multi_accept</span> <span style="color: #40ffff;">on</span><span style="color: #d0d0d0;">;</span>
<span style="color: #d0d0d0;">}</span>
<span style="color: #6ab825; font-weight: bold;">http</span> <span style="color: #d0d0d0;">{</span>
<span style="color: #999999; font-style: italic;">##</span>
<span style="color: #999999; font-style: italic;"># Basic Settings</span>
<span style="color: #999999; font-style: italic;">##</span>
<span style="color: #6ab825; font-weight: bold;">sendfile</span> <span style="color: #40ffff;">on</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">tcp_nopush</span> <span style="color: #40ffff;">on</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">tcp_nodelay</span> <span style="color: #40ffff;">on</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">keepalive_timeout</span> <span style="color: #3677a9;">65</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">types_hash_max_size</span> <span style="color: #3677a9;">2048</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">server_tokens</span> <span style="color: #40ffff;">off</span><span style="color: #d0d0d0;">;</span>
<span style="color: #999999; font-style: italic;"># server_names_hash_bucket_size 64;</span>
<span style="color: #6ab825; font-weight: bold;">server_name_in_redirect</span> <span style="color: #40ffff;">off</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">include</span> <span style="color: #ed9d13;">/etc/nginx/mime.types</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">default_type</span> <span style="color: #ed9d13;">application/octet-stream</span><span style="color: #d0d0d0;">;</span>
<span style="color: #999999; font-style: italic;">##</span>
<span style="color: #999999; font-style: italic;"># SSL Settings</span>
<span style="color: #999999; font-style: italic;">##</span>
<span style="color: #6ab825; font-weight: bold;">ssl_protocols</span> <span style="color: #ed9d13;">TLSv1.2</span><span style="color: #d0d0d0;">;</span> <span style="color: #999999; font-style: italic;"># Dropping SSLv3, ref: POODLE</span>
<span style="color: #6ab825; font-weight: bold;">ssl_prefer_server_ciphers</span> <span style="color: #40ffff;">on</span><span style="color: #d0d0d0;">;</span>
<span style="color: #999999; font-style: italic;"># Change the cache name. Read the manual for more info.</span>
<span style="color: #6ab825; font-weight: bold;">ssl_session_cache</span> <span style="color: #ed9d13;">shared:YourSSLCacheNameHere:10m</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">ssl_session_timeout</span> <span style="color: #3677a9;">10m</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">ssl_session_tickets</span> <span style="color: #40ffff;">off</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">ssl_stapling</span> <span style="color: #40ffff;">on</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">ssl_stapling_verify</span> <span style="color: #40ffff;">on</span><span style="color: #d0d0d0;">;</span>
<span style="color: #999999; font-style: italic;"># contains CBC AES algs which I do not like</span>
<span style="color: #999999; font-style: italic;">#ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";</span>
<span style="color: #999999; font-style: italic;"># AES256 GCM is not yet supported on most browsers</span>
<span style="color: #999999; font-style: italic;">#ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384';</span>
<span style="color: #999999; font-style: italic;"># TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 & TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</span>
<span style="color: #6ab825; font-weight: bold;">ssl_ciphers</span> <span style="color: #ed9d13;">"EECDH+AESGCM"</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">ssl_ecdh_curve</span> <span style="color: #ed9d13;">secp384r1</span><span style="color: #d0d0d0;">;</span>
<span style="color: #999999; font-style: italic;"># self-generated 4096 DH key range</span>
<span style="color: #6ab825; font-weight: bold;">ssl_dhparam</span> <span style="color: #ed9d13;">/etc/nginx/ssl/dhparam.pem</span><span style="color: #d0d0d0;">;</span>
<span style="color: #999999; font-style: italic;"># Put IPs of your hosting provider here, or a trusted DNS provider. These are Google's.</span>
<span style="color: #6ab825; font-weight: bold;">resolver</span> <span style="color: #ed9d13; line-height: 125%;">8</span><span style="color: #ed9d13; line-height: 125%;">.8.8.8</span><span style="line-height: 125%;"> </span><span style="color: #ed9d13; line-height: 125%;">8</span><span style="color: #ed9d13; line-height: 125%;">.8.4.4</span><span style="line-height: 125%;"> </span><span style="color: #ed9d13; line-height: 125%;">[2001:4860:4860::8888]</span><span style="line-height: 125%;"> </span><span style="color: #ed9d13; line-height: 125%;">valid=300s</span><span style="color: #d0d0d0; line-height: 125%;">;</span>
<span style="color: #6ab825; font-weight: bold;">resolver_timeout</span> <span style="color: #ed9d13;">5s</span><span style="color: #d0d0d0;">;</span>
<span style="color: #999999; font-style: italic;"># wildcard cert config should go here, if any</span>
<span style="color: #999999; font-style: italic;">#ssl_certificate /etc/nginx/ssl/;</span>
<span style="color: #999999; font-style: italic;">#ssl_certificate_key /etc/nginx/ssl/;</span>
<span style="color: #999999; font-style: italic;">##</span>
<span style="color: #999999; font-style: italic;"># Logging Settings</span>
<span style="color: #999999; font-style: italic;">##</span>
<span style="color: #6ab825; font-weight: bold;">access_log</span> <span style="color: #ed9d13;">/var/log/nginx/access.log</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">error_log</span> <span style="color: #ed9d13;">/var/log/nginx/error.log</span><span style="color: #d0d0d0;">;</span>
<span style="color: #999999; font-style: italic;">##</span>
<span style="color: #999999; font-style: italic;"># Gzip Settings</span>
<span style="color: #999999; font-style: italic;">##</span>
<span style="color: #6ab825; font-weight: bold;">gzip</span> <span style="color: #40ffff;">on</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">gzip_disable</span> <span style="color: #ed9d13;">"msie6"</span><span style="color: #d0d0d0;">;</span>
<span style="color: #999999; font-style: italic;"># gzip_vary on;</span>
<span style="color: #999999; font-style: italic;"># gzip_proxied any;</span>
<span style="color: #999999; font-style: italic;"># gzip_comp_level 6;</span>
<span style="color: #999999; font-style: italic;"># gzip_buffers 16 8k;</span>
<span style="color: #999999; font-style: italic;"># gzip_http_version 1.1;</span>
<span style="color: #999999; font-style: italic;"># gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;</span>
<span style="color: #999999; font-style: italic;">##</span>
<span style="color: #999999; font-style: italic;"># Virtual Host Configs </span>
<span style="color: #999999; font-style: italic;">##</span>
<span style="color: #6ab825; font-weight: bold;">include</span> <span style="color: #ed9d13;">/etc/nginx/conf.d/*.conf</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">include</span> <span style="color: #ed9d13;">/etc/nginx/sites-enabled/*</span><span style="color: #d0d0d0;">;</span>
<span style="color: #d0d0d0;">}</span>
</pre>
</div>
<div>
<br /></div>
<div>
Make sure you correct the line breaks if you paste. Due to styling on my blog, you may have one line spilling to multiple lines in the config, and this will break your config.<br />
<br />
Don't worry about non-existing directories. We'll come to those later as we finish the setup.<br />
<br />
<h3 style="text-align: left;">
Default Virtual Host Config</h3>
I don't use a default domain (www, for example) as mine are hidden from public. If you're like me, then this config fits you, otherwise move to the step below.<br />
<br />
Edit <span style="color: red;">/etc/nginx/sites-enabled/default</span></div>
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #999999; font-style: italic;"># Default server configuration</span>
<span style="color: #6ab825; font-weight: bold;">server</span> <span style="color: #d0d0d0;">{</span>
<span style="color: #999999; font-style: italic;"># change IP to match yours</span>
<span style="color: #6ab825; font-weight: bold;">listen</span> <span style="color: #d0d0d0;">127.0.0.1:</span><span style="color: #3677a9;">80</span> <span style="color: #ed9d13;">default_server</span><span style="color: #d0d0d0;">;</span>
<span style="color: #999999; font-style: italic;"># uncomment to enable IPv6</span>
<span style="color: #999999; font-style: italic;">#listen [::1]:80 default_server;</span>
<span style="color: #999999; font-style: italic;"># uncomment to enable ssl on IPv4</span>
<span style="color: #6ab825; font-weight: bold;">listen</span> <span style="color: #d0d0d0;">127.0.0.1:</span><span style="color: #3677a9;">443</span> <span style="color: #ed9d13;">ssl</span> <span style="color: #ed9d13;">default_server</span><span style="color: #d0d0d0;">;</span>
<span style="color: #999999; font-style: italic;"># uncomment to enable ssl on IPv6</span>
<span style="color: #999999; font-style: italic;">#listen [::1]:443 ssl default_server;</span>
<span style="color: #6ab825; font-weight: bold;">server_name</span> <span style="color: #ed9d13;">_</span><span style="color: #d0d0d0;">;</span> <span style="color: #999999; font-style: italic;">#default server</span>
<span style="color: #6ab825; font-weight: bold;">ssl_certificate</span> <span style="color: #ed9d13;">/etc/nginx/ssl/default_wild.crt</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">ssl_certificate_key</span> <span style="color: #ed9d13;">/etc/nginx/ssl/default_wild.key</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">root</span> <span style="color: #ed9d13;">/var/www/html</span><span style="color: #d0d0d0;">;</span>
<span style="color: #999999; font-style: italic;"># Add index.php to the list if you are using PHP</span>
<span style="color: #999999; font-style: italic;">#index index.html index.htm index.nginx-debian.html;</span>
<span style="color: #6ab825; font-weight: bold;">index</span> <span style="color: #ed9d13;">index.html</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">location</span> <span style="color: #ed9d13;">/</span> <span style="color: #d0d0d0;">{</span>
<span style="color: #999999; font-style: italic;"># First attempt to serve request as file, then</span>
<span style="color: #999999; font-style: italic;"># as directory, then fall back to displaying a 404.</span>
<span style="color: #6ab825; font-weight: bold;">try_files</span> <span style="color: #40ffff;">$uri</span> <span style="color: #40ffff;">$uri/</span> <span style="color: #d0d0d0;">=</span><span style="color: #3677a9;">404</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">autoindex</span> <span style="color: #40ffff;">off</span><span style="color: #d0d0d0;">;</span>
<span style="color: #d0d0d0;">}</span>
<span style="color: #d0d0d0;">}</span>
</pre>
</div>
<br />
<br />
<div>
This config will load when someone visits the IP(s) NGINX is configured at.<br />
<br />
<h3 style="text-align: left;">
Virtual Host Config</h3>
This is where your subdomain config goes. In my case, the certificate belongs to this specific subdomain, so the certificate lines are added here. If you were using a wildcard cert, you should move them to nginx.conf above.<br />
<br />
Create a file for your subdomain <span style="color: red;">/etc/nginx/sites-available/mysubdom</span><br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #6ab825; font-weight: bold;">server</span> <span style="color: #d0d0d0;">{</span>
<span style="color: #6ab825; font-weight: bold;">listen</span> <span style="color: #d0d0d0;">127.0.0.1:</span><span style="color: #3677a9;">80</span><span style="color: #d0d0d0;">;</span>
<span style="color: #999999; font-style: italic;"># uncomment if you want IPv6</span>
<span style="color: #999999; font-style: italic;">#listen [::1]:80;</span>
<span style="color: #999999; font-style: italic;">#listen 127.0.0.1:443 ssl;</span>
<span style="color: #999999; font-style: italic;">#listen [::1]:443 ssl;</span>
<span style="color: #6ab825; font-weight: bold;">server_name</span> <span style="color: #ed9d13;">subdomain.domain.com</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">keepalive_timeout</span> <span style="color: #3677a9;">70</span><span style="color: #d0d0d0;">;</span>
<span style="color: #999999; font-style: italic;"># The certificate is for subdomain.domain.com only</span>
<span style="color: #999999; font-style: italic;">#ssl_certificate /var/www/challenge/subdomain_chained.crt;</span>
<span style="color: #999999; font-style: italic;">#ssl_certificate_key /etc/nginx/ssl/subdomain.key;</span>
<span style="color: #6ab825; font-weight: bold;">root</span> <span style="color: #ed9d13;">/var/www/subdomain</span><span style="color: #d0d0d0;">;</span>
<span style="color: #999999; font-style: italic;"># Add index.php to the list if you are using PHP</span>
<span style="color: #999999; font-style: italic;">#index index.html index.htm index.nginx-debian.html;</span>
<span style="color: #6ab825; font-weight: bold;">index</span> <span style="color: #ed9d13;">index.html</span><span style="color: #d0d0d0;">;</span>
<span style="color: #999999; font-style: italic;"># letsencrypt challenge directory to verify domain</span>
<span style="color: #6ab825; font-weight: bold;">location</span> <span style="color: #ed9d13;">/.well-known/acme-challenge/</span> <span style="color: #d0d0d0;">{</span>
<span style="color: #6ab825; font-weight: bold;">alias</span> <span style="color: #ed9d13;">/var/www/challenge/</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">try_files</span> <span style="color: #40ffff;">$uri</span> <span style="color: #d0d0d0;">=</span><span style="color: #3677a9;">404</span><span style="color: #d0d0d0;">;</span>
<span style="color: #d0d0d0;">}</span>
<span style="color: #6ab825; font-weight: bold;">location</span> <span style="color: #ed9d13;">/</span> <span style="color: #d0d0d0;">{</span>
<span style="color: #999999; font-style: italic;"># First attempt to serve request as file, then</span>
<span style="color: #999999; font-style: italic;"># as directory, then fall back to displaying a 404.</span>
<span style="color: #6ab825; font-weight: bold;">try_files</span> <span style="color: #40ffff;">$uri</span> <span style="color: #40ffff;">$uri/</span> <span style="color: #d0d0d0;">=</span><span style="color: #3677a9;">404</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">autoindex</span> <span style="color: #40ffff;">off</span><span style="color: #d0d0d0;">;</span> <span style="color: #999999; font-style: italic;">#enable if you want file listing</span>
<span style="color: #d0d0d0;">}</span>
<span style="color: #d0d0d0;">}</span>
</pre>
</div>
<br />
<br />
Notice that listening for SSL/TLS is not yet enabled and the ssl_certificate line and the one below have a hash to comment it. This is required for the initial setup since we'll need to reload nginx and it'll fail since the files are not there yet. We'll enable these lines once everything is done.<br />
<br />
To make this config file active by NGINX, you need to link it to <span style="color: red;">sites-enabled</span>:<br />
<div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #d0d0d0;">ln</span> <span style="color: #d0d0d0;">-s</span> <span style="color: #d0d0d0;">/etc/nginx/sites-available/mysubdom</span> <span style="color: #d0d0d0;">/etc/nginx/sites-enabled/mysubdom</span>
</pre>
</div>
<br />
Create the directory for your subdomain to serve files:<br />
<div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #d0d0d0;">mkdir</span> <span style="color: #d0d0d0;">/var/www/subdomain</span>
<span style="color: #d0d0d0;">mkdir -p /var/www/challenge/.well-known/acme-challenge</span>
<span style="color: #d0d0d0;">chown -R www-data:www-data /var/www/subdomain</span>
<span style="color: #d0d0d0;">chmod</span> <span style="color: #3677a9;">775</span> <span style="color: #d0d0d0;">/var/www/subdomain</span>
<span style="color: #d0d0d0;">chmod</span> <span style="color: #3677a9;">771</span> <span style="color: #d0d0d0;">/var/www/challenge</span>
</pre>
</div>
<br />
www-data is the user that NGINX runs as, as shown in the first NGINX config above. Don't worry about the challenge directory owner for now. It'll be taken care of later.<br />
<br />
<h3 style="text-align: left;">
Private Keys and Certificates</h3>
The overall config is done. What's left is generating private keys, deriving a certificate for the subdomain, then finally working with Let's Encrypt client.<br />
<br />
Create the directory <span style="color: red;">/etc/nginx/ssl</span> to place the subdomain private keys and other things in there:<br />
<div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #d0d0d0;">mkdir</span> <span style="color: #d0d0d0;">/etc/nginx/ssl</span>
</pre>
</div>
<br />
Modify its permissions to be restricted to root and only those who know exactly which file to use:<br />
<div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #d0d0d0;">chmod</span> <span style="color: #3677a9;">751</span> <span style="color: #d0d0d0;">/etc/nginx/ssl</span>
</pre>
</div>
<br />
Now <b>inside the <span style="color: red;">ssl</span> directory</b>, generate a 4096 bit Diffie-Hellman parameters file (prime numbers) to act as seeds for the PFS/TLS sessions (this will take a VERY LONG time):<br />
<div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #d0d0d0;">openssl</span> <span style="color: #d0d0d0;">dhparam</span> <span style="color: #d0d0d0;">-out</span> <span style="color: #d0d0d0;">dhparam.pem</span> <span style="color: #3677a9;">4096</span>
</pre>
</div>
<br />
Generate a self-signed certificate to be used for the default virtual host (i.e., not the one you care about). This will be served to anyone accessing the IP or any subdomain other than the one you specifically define in the virtual host:<br />
<div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #d0d0d0;">openssl</span> <span style="color: #d0d0d0;">req</span> <span style="color: #d0d0d0;">-x509</span> <span style="color: #d0d0d0;">-nodes</span> <span style="color: #d0d0d0;">-days</span> <span style="color: #3677a9;">3650</span> <span style="color: #d0d0d0;">-newkey</span> <span style="color: #d0d0d0;">rsa:</span><span style="color: #3677a9;">4096</span> <span style="color: #d0d0d0;">-sha512</span> <span style="color: #d0d0d0;">-keyout</span> <span style="color: #d0d0d0;">/etc/nginx/ssl/default_wild.key</span> <span style="color: #d0d0d0;">-out</span> <span style="color: #d0d0d0;">/etc/nginx/ssl/default_wild.crt</span>
</pre>
</div>
<br />
If you don't configure this, users will be served your legitimate certificate and they'll be able to find your "hidden" subdomain. Only do the above if you want your domain/subdomain hidden.<br />
<br />
Generate a subdomain private key and a certificate request:<br />
<div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #d0d0d0;">openssl</span> <span style="color: #d0d0d0;">genrsa</span> <span style="color: #3677a9;">4096</span> <span style="color: #d0d0d0;">></span> <span style="color: #d0d0d0;">subdomain.key</span>
<span style="color: #d0d0d0;">openssl</span> <span style="color: #d0d0d0;">req</span> <span style="color: #d0d0d0;">-</span><span style="color: #6ab825; font-weight: bold;">new</span> <span style="color: #d0d0d0;">-sha512</span> <span style="color: #d0d0d0;">-key</span> <span style="color: #d0d0d0;">subdomain.key</span> <span style="color: #d0d0d0;">-subj</span> <span style="color: #ed9d13;">"/CN=subdomain.domain.com"</span> <span style="color: #d0d0d0;">></span> <span style="color: #d0d0d0;">subdomain.csr</span>
</pre>
</div>
<br />
This one is the domain/subdomain that will be valid to the world. it can also be "domain.com" if you like.<br />
<br />
<h2 style="text-align: left;">
Let's Encrypt and ACME-Tiny</h2>
For security purposes, it's best to have the client run as a separate user. Should anything go wrong in the future, its access would be quite isolated.<br />
<br />
<h3 style="text-align: left;">
Environment Setup</h3>
Create a user for it:<br />
<div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #d0d0d0;">useradd</span> <span style="color: #d0d0d0;">-m</span> <span style="color: #d0d0d0;">letsencrypt</span>
</pre>
</div>
<br />
Copy the subdomain csr file and set home directory permissions:<br />
<div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #d0d0d0;">chmod</span> <span style="color: #3677a9;">751</span> <span style="color: #d0d0d0;">/home/letsencrypt</span>
<span style="color: #d0d0d0;">cp /etc/nginx/ssl/subdomain.csr /home/letsencrypt/</span>
<span style="color: #d0d0d0;">chown -R letsencrypt:letsencrypt /home/letsencrypt</span>
<span style="color: #d0d0d0;">chown -R letsencrypt:letsencrypt /var/www/challenge</span>
</pre>
</div>
<br />
Now switch user to become the letsencrypt user for the rest of the commands:<br />
<div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #d0d0d0;">su</span> <span style="color: #d0d0d0;">-</span> <span style="color: #d0d0d0;">letsencrypt</span>
<span style="color: #d0d0d0;">openssl</span> <span style="color: #d0d0d0;">genrsa</span> <span style="color: #3677a9;">4096</span> <span style="color: #d0d0d0;">> account.key</span>
<span style="color: #d0d0d0;">wget</span> <span style="color: #d0d0d0;">https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py</span>
<span style="color: #d0d0d0;">chmod</span> <span style="color: #3677a9;">400</span> <span style="color: #d0d0d0;">account.key</span>
<span style="color: #d0d0d0;">chmod</span> <span style="color: #3677a9;">400</span> <span style="color: #d0d0d0;">acme_tiny.py</span>
<span style="color: #d0d0d0;">chmod</span> <span style="color: #3677a9;">400</span> <span style="color: #d0d0d0;">subdomain.csr</span>
</pre>
</div>
<br />
The account.key is your private key to identify you to Let's Encrypt. Keep it safe!:<br />
<div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #d0d0d0;">ls</span> <span style="color: #d0d0d0;">-l</span>
<span style="color: #d0d0d0;">-r--------</span> <span style="color: #3677a9;">1</span> <span style="color: #d0d0d0;">letsencrypt</span> <span style="color: #d0d0d0;">letsencrypt</span> <span style="color: #3677a9;">9150</span> <span style="color: #d0d0d0;">Feb</span> <span style="color: #3677a9;">6</span> <span style="color: #3677a9;">12</span><span style="color: #d0d0d0;">:</span><span style="color: #3677a9;">13</span> <span style="color: #d0d0d0;">acme_tiny.py</span>
<span style="color: #d0d0d0;">-r--------</span> <span style="color: #3677a9;">1</span> <span style="color: #d0d0d0;">letsencrypt</span> <span style="color: #d0d0d0;">letsencrypt</span> <span style="color: #3677a9;">3247</span> <span style="color: #d0d0d0;">Feb</span> <span style="color: #3677a9;">6</span> <span style="color: #3677a9;">12</span><span style="color: #d0d0d0;">:</span><span style="color: #3677a9;">44</span> <span style="color: #d0d0d0;">private.key</span>
<span style="color: #d0d0d0;">-r--------</span> <span style="color: #3677a9;">1</span> <span style="color: #d0d0d0;">letsencrypt</span> <span style="color: #d0d0d0;">letsencrypt</span> <span style="color: #3677a9;">1594</span> <span style="color: #d0d0d0;">Feb</span> <span style="color: #3677a9;">6</span> <span style="color: #3677a9;">12</span><span style="color: #d0d0d0;">:</span><span style="color: #3677a9;">38</span> <span style="color: #d0d0d0;">subdomain.csr</span>
</pre>
</div>
<br />
Now exit to be root (or you can use sudo) and restart nginx:<br />
<div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #d0d0d0;">service nginx restart</span>
</pre>
</div>
<br />
If there are no errors here, it's all good, otherwise look into <span style="color: red;">/var/log/nginx/error.log</span> for hints.<br />
<br />
<h3 style="text-align: left;">
Script Execution</h3>
Now that NGINX is functioning on port 80, it will be used to verify the subdomain ownership. acme-tiny writes to LetsEncrypt.org via APIs and they reply with a random hash that is written to the challenge directory, which is accessible via NGINX on port 80, and then LetsEncrypt.org checks that this hash actually exists at the subdomain you supplied and then verifies you.<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #d0d0d0;">su</span> <span style="color: #d0d0d0;">-</span> <span style="color: #d0d0d0;">letsencrypt</span>
<span style="color: #d0d0d0;">python</span> <span style="color: #d0d0d0;">acme_tiny.py</span> <span style="color: #d0d0d0;">--account-key</span> <span style="color: #d0d0d0;">account.key</span> <span style="color: #d0d0d0;">--csr</span> <span style="color: #d0d0d0;">subdomain.csr</span> <span style="color: #d0d0d0;">--acme-dir</span> <span style="color: #d0d0d0;">/var/www/challenge/</span> <span style="color: #d0d0d0;">></span> <span style="color: #d0d0d0;">/var/www/challenge/subdomain.crt</span>
</pre>
</div>
<br />
All should go OK without errors. If any, verify directory paths and file and directory permissions. Make sure the username "letsencrypt" has access to the files private.key, subdomain.csr and the challenge directory.<br />
<br />
NGINX requires concatenating the intermediate certificate to the freshly signed certificate from Let's Encrypt:<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #d0d0d0;">wget -O /var/www/challenge/lets-encrypt-x1-cross-signed.pem https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem</span>
<span style="color: #d0d0d0;">cat /var/www/challenge/subdomain.crt /var/www/challenge/lets-encrypt-x1-cross-signed.pem > /var/www/challenge/subdomain_chained.crt</span>
</pre>
</div>
<br />
That's it! It should now work after enabling the SSL/TLS settings in NGINX.<br />
<br />
<h3 style="text-align: left;">
Enable TLS in NGINX</h3>
Modify the file <span style="color: red;">/etc/nginx/sites-enabled/mysubdom</span> to make it look like this:<br />
<div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #6ab825; font-weight: bold;">server</span> <span style="color: #d0d0d0;">{</span>
<span style="color: #6ab825; font-weight: bold;">listen</span> <span style="color: #d0d0d0;">127.0.0.1:</span><span style="color: #3677a9;">80</span><span style="color: #d0d0d0;">;</span>
<span style="color: #999999; font-style: italic;"># uncomment if you want IPv6</span>
<span style="color: #999999; font-style: italic;">#listen [::1]:80;</span>
<span style="color: #6ab825; font-weight: bold;">server_name</span> <span style="color: #ed9d13;">subdomain.domain.com</span><span style="color: #d0d0d0;">;</span>
<span style="color: #999999; font-style: italic;"># force all traffic to go to HTTPS instead of HTTP</span>
<span style="color: #6ab825; font-weight: bold;">return</span> <span style="color: #3677a9;">301</span> <span style="color: #ed9d13;">https://subdomain.domain.com</span><span style="color: #40ffff;">$request_uri</span><span style="color: #d0d0d0;">;</span>
<span style="color: #d0d0d0;">}</span>
<span style="color: #6ab825; font-weight: bold;">server</span> <span style="color: #d0d0d0;">{</span>
<span style="color: #6ab825; font-weight: bold;">listen</span> <span style="color: #d0d0d0;">127.0.0.1:</span><span style="color: #3677a9;">443</span> <span style="color: #ed9d13;">ssl</span><span style="color: #d0d0d0;">;</span>
<span style="color: #999999; font-style: italic;">#listen [::1]:443 ssl;</span>
<span style="color: #6ab825; font-weight: bold;">server_name</span> <span style="color: #ed9d13;">subdomain.domain.com</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">keepalive_timeout</span> <span style="color: #3677a9;">70</span><span style="color: #d0d0d0;">;</span>
<span style="color: #999999; font-style: italic;"># The certificate is for subdomain.domain.com only</span>
<span style="color: #6ab825; font-weight: bold;">ssl_certificate</span> <span style="color: #ed9d13;">/var/www/challenge/subdomain_chained.crt</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">ssl_certificate_key</span> <span style="color: #ed9d13;">/etc/nginx/ssl/subdomain.key</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">add_header</span> <span style="color: #ed9d13;">Strict-Transport-Security "max-age=63072000</span><span style="color: #d0d0d0;">;</span> <span style="color: #6ab825; font-weight: bold;">includeSubdomains</span><span style="color: #d0d0d0;">;</span> <span style="color: #6ab825; font-weight: bold;">preload"</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">add_header</span> <span style="color: #ed9d13;">X-Frame-Options DENY</span><span style="color: #d0d0d0;">;</span> <span style="color: #999999; font-style: italic;">#or "SAMEORIGIN" always;</span>
<span style="color: #6ab825; font-weight: bold;">add_header</span> <span style="color: #ed9d13;">X-Content-Type-Options nosniff</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">add_header</span> <span style="color: #ed9d13;">Content-Security-Policy 'default-src https://subdomain.domain.com:443'</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">add_header</span> <span style="color: #ed9d13;">X-Xss-Protection '1</span><span style="color: #d0d0d0;">;</span> <span style="color: #6ab825; font-weight: bold;">mode=block'</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">root</span> <span style="color: #ed9d13;">/var/www/subdomain</span><span style="color: #d0d0d0;">;</span>
<span style="color: #999999; font-style: italic;"># Add index.php to the list if you are using PHP</span>
<span style="color: #999999; font-style: italic;">#index index.html index.htm index.nginx-debian.html;</span>
<span style="color: #6ab825; font-weight: bold;">index</span> <span style="color: #ed9d13;">index.html</span><span style="color: #d0d0d0;">;</span>
<span style="color: #999999; font-style: italic;"># letsencrypt challenge directory to verify domain</span>
<span style="color: #6ab825; font-weight: bold;">location</span> <span style="color: #ed9d13;">/.well-known/acme-challenge/</span> <span style="color: #d0d0d0;">{</span>
<span style="color: #6ab825; font-weight: bold;">alias</span> <span style="color: #ed9d13;">/var/www/challenge/</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">try_files</span> <span style="color: #40ffff;">$uri</span> <span style="color: #d0d0d0;">=</span><span style="color: #3677a9;">404</span><span style="color: #d0d0d0;">;</span>
<span style="color: #d0d0d0;">}</span>
<span style="color: #6ab825; font-weight: bold;">location</span> <span style="color: #ed9d13;">/</span> <span style="color: #d0d0d0;">{</span>
<span style="color: #999999; font-style: italic;"># First attempt to serve request as file, then</span>
<span style="color: #999999; font-style: italic;"># as directory, then fall back to displaying a 404.</span>
<span style="color: #6ab825; font-weight: bold;">try_files</span> <span style="color: #40ffff;">$uri</span> <span style="color: #40ffff;">$uri/</span> <span style="color: #d0d0d0;">=</span><span style="color: #3677a9;">404</span><span style="color: #d0d0d0;">;</span>
<span style="color: #6ab825; font-weight: bold;">autoindex</span> <span style="color: #40ffff;">off</span><span style="color: #d0d0d0;">;</span> <span style="color: #999999; font-style: italic;">#enable if you want file listing</span>
<span style="color: #d0d0d0;">}</span>
<span style="color: #d0d0d0;">}</span>
</pre>
</div>
<br />
Notice how listening on port 80 (HTTP) has been shifted to its own segment while the rest uses HTTPS exclusively. Future certificate renewals can also go over HTTPS as long as the certificate is still valid. If not, revert the config to be as it was at the beginning.<br />
<br />
Reload NGINX to read the certificates and make the settings active:<br />
<div style="background: rgb(32, 32, 32); border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 16.25px;"><span style="color: #d0d0d0;">service nginx reload</span>
</pre>
</div>
<br />
Note: Reload reads the settings again without dropping connections. It's advised for live websites.<br />
<br />
<h3 style="text-align: left;">
About Headers</h3>
Previously, I had the security headers in the main nginx.conf file, but that will apply the same headers to all websites, and that's not scalable nor correct. According to Igor Sysoev (NGINX's creator), he created the config in NGINX to not inherit so that troubleshooting becomes simpler. Duplicating code is good because it makes life easy in finding the problem when things go wrong. See the link for his talk below in the references.<br />
<br />
This means that headers (and other configs) should be repeated for every virtual host you configure. If you configure a header in the main block in nginx.conf then define another (or modified) header in the subdomain block, the latter will take over and the first one will be ignored.<br />
<br />
<h3 style="text-align: left;">
About Security Headers</h3>
The SecurityHeaders service recommends using HTTP Public-Key Pinning (Stapling) or HPKP for short, but there are privacy and performance concerns with that: Pinning means the public key of your own certificate is sent in the header and is sent to your certificate issuer to validate it. This prevents a Man-in-the-Middle attack, but exposes your visit(s) to the certificate issuer! Additionally, it puts a huge burden on the certificate issuer to scale their own performance to reply to every single site visit. If they don't (and why should they?), your site visiting experience will suffer great delays.<br />
<br />
The headers also tell the browser to cache your public keys for a very long period (3+ months) to protect you against forged certificates that could come during that period, but since we're using Let's Encrypt certificates which expire every 3 months, it'll become hectic to manage the headers, aging and other aspects.<br />
<br />
With all these concerns, I decided against adding Public-Key Pinning headers in my config. It is up to you to evaluate your case. See the references below for more details about the available options for HPKP in addition to the Content-Protection policies and the XSS protection policies, as they may affect your site when you want to load media/material external to your website.<br />
<br />
<h2 style="text-align: left;">
Auto-Renewing The Certificate</h2>
LetsEncrypt issues certificates valid for 90 days only to combat spam and fraudulent uses of domains that have been neglected. That means the certificate needs to be renewed before 90 days expire.<br />
<br />
As the user "letsencrypt" put the following in a shell script <span style="color: red;">letsencrypt_renew.sh</span>:<br />
<div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #cd2828; font-weight: bold;">#!/bin/bash</span>
<span style="color: #d0d0d0;">python acme_tiny.py --account-key /home/letsencrypt/account.key --csr /home/letsencrypt/subdomain.csr --acme-dir /var/www/challenge/ > /var/www/challenge/subdomain.crt || exit</span></pre>
<pre style="line-height: 125%; margin: 0;"><span style="color: #d0d0d0;">wget -O /var/www/challenge/lets-encrypt-x1-cross-signed.pem https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem</span>
<span style="color: #d0d0d0;">
</span></pre>
<pre style="line-height: 125%; margin: 0;"><span style="color: #d0d0d0;">cat /var/www/challenge/subdomain.crt /var/www/challenge/lets-encrypt-x1-cross-signed.pem > /var/www/challenge/subdomain_chained.crt</span>
</pre>
</div>
<br />
Make sure every command is complete and on its own line. The styling here could break them into multiple lines.<br />
<br />
This should be run as a cron job so set the permissions:<br />
<div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #d0d0d0;">chmod</span> <span style="color: #3677a9;">744</span> <span style="color: #d0d0d0;">letsencrypt_renew.sh</span>
</pre>
</div>
<br />
Now run <span style="color: orange;"># crontab -e</span> and add this line:<br />
<div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #cd2828; font-weight: bold;"># LetsEncrypt cert renewal -- nginx will be reloaded by root in another cron job</span>
<span style="color: #3677a9;">1 1 27</span> <span style="color: #d0d0d0;">* * test</span> <span style="background-color: #e3d2d2; color: #a61717;">$</span><span style="color: #d0d0d0;">((</span><span style="background-color: #e3d2d2; color: #a61717;">$</span><span style="color: #d0d0d0;">(date</span> <span style="color: #d0d0d0;">+</span><span style="background-color: #e3d2d2; color: #a61717;">\</span><span style="color: #d0d0d0;">%m)</span><span style="background-color: #e3d2d2; color: #a61717;">\</span><span style="color: #d0d0d0;">%</span><span style="color: #3677a9;">2</span><span style="color: #d0d0d0;">))</span> <span style="color: #d0d0d0;">-eq</span> <span style="color: #3677a9;">0</span> <span style="color: #d0d0d0;">&&</span> <span style="color: #d0d0d0;">/home/letsencrypt/letsencrypt_renew.sh</span>
</pre>
</div>
<br />
This will run the job every 2 months on the 27th day at 01:01 AM (even months of the year). Basically, every 60 days.<br />
<br />
Now exit the user "letsencrypt" and as root, run <span style="color: orange;"># crontab -e</span> and add this line:<br />
<div style="background: #202020; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #cd2828; font-weight: bold;"># m h dom mon dow command</span>
<span style="color: #3677a9;">2 1 27</span> <span style="color: #d0d0d0;">* * test</span> <span style="background-color: #e3d2d2; color: #a61717;">$</span><span style="color: #d0d0d0;">((</span><span style="background-color: #e3d2d2; color: #a61717;">$</span><span style="color: #d0d0d0;">(date</span> <span style="color: #d0d0d0;">+</span><span style="background-color: #e3d2d2; color: #a61717;">\</span><span style="color: #d0d0d0;">%m)</span><span style="background-color: #e3d2d2; color: #a61717;">\</span><span style="color: #d0d0d0;">%</span><span style="color: #3677a9;">2</span><span style="color: #d0d0d0;">))</span> <span style="color: #d0d0d0;">-eq</span> <span style="color: #3677a9;">0</span> <span style="color: #d0d0d0;">&& `/usr/sbin/service nginx reload`</span>
</pre>
</div>
<br />
This will reload nginx at 01:02 AM, a minute after the certificate has been refreshed by the previous job.<br />
<br />
<h2 style="text-align: left;">
Test Site Security and Settings</h2>
Now go to <a href="https://www.ssllabs.com/ssltest/">SSL Labs</a> and test your website (https://subdomain.domain.com)<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-wg3TJSz7zYo/VrZPMaUWzkI/AAAAAAAAAws/2z81ydoL-s8/s1600/mbh-blogs-06.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="157" src="https://4.bp.blogspot.com/-wg3TJSz7zYo/VrZPMaUWzkI/AAAAAAAAAws/2z81ydoL-s8/s320/mbh-blogs-06.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Then go to <a href="https://securityheaders.io/">Security Headers</a> and test your website (https://subdomain.domain.com)</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-Mn5qjT8JUOg/Vti3gyUBy8I/AAAAAAAAAxc/Foz1lbM_fec/s1600/mbh-blogs-07.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="66" src="https://1.bp.blogspot.com/-Mn5qjT8JUOg/Vti3gyUBy8I/AAAAAAAAAxc/Foz1lbM_fec/s320/mbh-blogs-07.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<br />
<h2 style="text-align: left;">
References</h2>
<div>
I highly recommend visiting the sites below from bottom to top. I added them last to first in the order of pages I had on my tabs.</div>
<br />
<ol style="text-align: left;">
<li><a href="https://github.com/diafygi/acme-tiny/">ACME-Tiny client</a></li>
<li><a href="http://serverfault.com/questions/633264/cronjob-run-every-two-weeks-on-saturday-starting-on-this-saturday">Cronjobs Every 2 Weeks</a></li>
<li><a href="http://man7.org/linux/man-pages/man5/crontab.5.html">Crontab Manual</a></li>
<li><a href="http://hilite.me/">Code Beautifier</a></li>
<li><a href="https://www.digicert.com/csr-creation-nginx.htm">OpenSSL CSR for NGINX</a></li>
<li><a href="http://nginx.org/en/docs/http/configuring_https_servers.html">Configuring HTTPS Servers</a></li>
<li><a href="http://nginx.org/en/docs/http/converting_rewrite_rules.html">Converting Rewrite Rules</a></li>
<li><a href="https://www.digitalocean.com/community/questions/http-https-redirect-positive-ssl-on-nginx">HTTP to HTTPS Redirection</a></li>
<li><a href="http://www.cyberciti.biz/faq/linux-unix-nginx-redirect-all-http-to-https/">HTTPS Forced Redirection with Proxies</a></li>
<li><a href="https://www.ssllabs.com/ssltest/viewClient.html?name=Android&version=5.0.0">Android 5.0 Supported Cipher Suites</a></li>
<li><a href="http://wiki.alpinelinux.org/wiki/Lighttpd_Https_access">LightHttpd HTTPS Access</a></li>
<li><a href="https://gist.github.com/mtigas/6177424">Self-Signed Certificates</a></li>
<li><a href="https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-nginx-for-ubuntu-14-04">Self-Signed Certificates on Ubuntu</a></li>
<li><a href="https://serversforhackers.com/video/self-signed-ssl-certificates-for-development">Self-Signed Certificates for Development</a></li>
<li><a href="http://blog.rlove.org/2013/12/strong-ssl-crypto.html">Strong SSL/TLS Crypto in Apache and NGINX</a></li>
<li><a href="http://blog.rlove.org/2014/04/the-end-of-life-of-windows-xp-and.html">End of Life for Windows XP and SSL/TLS Configurations</a></li>
<li><a href="http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers">NGINX SSL Module</a></li>
<li><a href="https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/">Hardening Your Web Server's Ciphers</a></li>
<li><a href="https://blog.celogeek.com/201209/209/how-to-create-a-self-signed-wildcard-certificate/">How to Create a Self-Signed Cert</a></li>
<li><a href="https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html">Strong SSL Security on NGINX</a></li>
<li><a href="https://cipherli.st/">Pre-made Config for Strong Ciphers for Many Applications</a></li>
<li><a href="https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/">OCSP Stapling in Firefox</a></li>
<li><a href="https://raymii.org/s/articles/OpenSSL_Manually_Verify_a_certificate_against_an_OCSP.html">Verifying a Certificate Against an OCSP</a></li>
<li><a href="https://www.youtube.com/watch?v=YWRYbLKsS0I">NGINX Creator Talk About Scalable NGINX Config</a></li>
</ol>
</div>
</div>
MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com0tag:blogger.com,1999:blog-8353696605063426251.post-6376029253224052592016-01-23T03:39:00.000+03:002016-01-23T03:39:41.113+03:0016 Gb Brocade SAN Fabric Merge<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="text-align: left;">
Introduction</h2>
A customer with an existing setup from HP with HP-branded Brocade switches wanted to connect those switches to the newly acquired IBM setup (also using Brocade switches). The HP switches are the 24-port 8 Gb switches, and the IBM ones are 48-port 16 Gb switches. The final goal is to virtualize the HP storage behind the V7000 storage, but this will not be discussed in this post.<br />
<br />
The HP SAN switches had existing configurations & were in production. The IBM switches also had configurations for an ongoing implementation.<br />
<br />
To merge the SAN fabrics, there are 2 ways:<br />
<br />
<ol style="text-align: left;">
<li>Wipe one of them (clear the config), disable it, then enable it. The config of the other switch will be written to this empty one.</li>
<li>Merge 2 different fabrics without wiping any data.</li>
</ol>
<div>
This post will address point (2), because I didn't want to re-do all the zoning from scratch. That's a waste of time. The steps will be done in command line (CLI), because I hate java.</div>
<div>
<br /></div>
<h2 style="text-align: left;">
Why Write This Post?</h2>
<div>
I was reading Brocade's forums and many were talking about using fabric merge tools and that the two fabrics must have different names, and there was a lot of wrong or outdated information that no longer applies to the new Fabric OS 7.x (new switch firmware).</div>
<div>
<br /></div>
<h2 style="text-align: left;">
Status</h2>
<div>
<ol style="text-align: left;">
<li>HP switches had Fabric OS (FOS) 7.1.</li>
<li>IBM switches had FOS 7.4.</li>
<li>HP switches had full fabric license.</li>
<li>IBM 48-port switches include "Full Fabric" license by default, but doesn't show with "licenseshow" command. It's bundled & enabled by default.</li>
<li>HP switches had domain ID: 11 & 12.</li>
<li>IBM switches had default domain ID: 1.</li>
<li>Switch configuration name on HP was different from the one on IBM.</li>
<li>IBM switch 1 connected to HP switch 1 using 1 FC cable. switch 2 connected to switch 2 using 1 FC cable.</li>
<li>IBM switches had 16 Gb SFPs. HP had 8 Gb SFPs. Speed of IBM SFP used for SAN connection was fixed to 8 Gb (no auto negotiate).</li>
</ol>
<div>
<br /></div>
</div>
<h2 style="text-align: left;">
Requirements</h2>
<div>
<ol style="text-align: left;">
<li>Fabric OS has to be 6.x or 7.x on all switches connecting to each other. The minor version ".x" does not have to match, but it's recommended to keep the switches on the same level, if possible.</li>
<li>Full Fabric license must be available on 24-port switches. It's available by default on 48-port switches.</li>
<li>Change Domain ID from default value to a unique value. The 2 switches connecting to each other must have different Domain IDs.</li>
<li>Switch configuration names must be the same for the fabric to merge. If they are different, "Zone Conflict" error will show on the secondary switch.</li>
<li>If you have a lot of traffic going from one switch to another switch, it's advised to purchase the "Trunking License" to allow aggregating multiple FC ports/links together.</li>
<li>Aliases and zone names must be unique before merging the fabric. If you have similar alias names on the 2 different switches, you have to rename the aliases/zones on the secondary switch (the one that you can disable to merge the fabric).</li>
<li>Aliases that have the same WWN on both secondary and primary switches, must have the same name on both fabrics. This is a very unique case, but possible if you're virtualizing the WWNs of your servers.</li>
<li>Make sure switch date, timezone & time are all correct before you merge the switches. Changing the timezone requires a switch restart, so plan for the downtime.</li>
<li>Default user is 'admin' and default password is 'password'.</li>
<li>Do not connect any FC cables between the HP/IBM (different switches) until you're told to do so. Follow the steps exactly as shown below.</li>
</ol>
<div>
<br /></div>
<h2 style="text-align: left;">
Steps</h2>
</div>
<div>
In the steps below, a line starting with "#" means it's a command you should type. Type the command without the "#" character.</div>
<div>
<br /></div>
<div>
Some steps will require rebooting the switch. Some will require disabling the switch more than one time, which makes it offline, and stops all storage access traffic. It's better to change the paths from the servers to the 2nd switch manually, or if you're sure the multipath drivers are working properly, you can disable server ports.</div>
<div>
<br /></div>
<div>
The primary switch is the one that will remain operational. The secondary switch is the one where we are making all these changes & can afford downtime.</div>
<div>
<br /></div>
<h3 style="text-align: left;">
Disable Ports</h3>
<div>
It's better to disable server ports, to prevent multipath driver from using the paths again when they're online, but before you finish your activity. Do this on ONE switch only! After you successfully merge fabrics on this switch, enable ports, then move to the 2nd switch. Do NOT disable ports on both switches at the same time, if you have active servers connected to the SAN switches.</div>
<div>
<br /></div>
<div>
<ol style="text-align: left;">
<li>List available ports and WWNs: # <span style="color: orange;">switchshow</span></li>
<li># portdisable <span style="color: orange;"><port number></span><br />
Example: # <span style="color: orange;">portdisable 15</span><br />
This will disable the 16th port (port numbering starts from zero)</li>
</ol>
</div>
<br />
<br />
<li>Repeat this for all ports.</li>
<br />
<br />
<div>
<br /></div>
<h3 style="text-align: left;">
Change the Timezone</h3>
<div>
<ol style="text-align: left;">
<li># <span style="color: orange;">date</span><br />
This will show current time, date & timezone. Example: Tue Jan 12 09:00:03 AST 2016. AST = Arab Standard Time timezone.</li>
<li># <span style="color: orange;">tstimezone --interactive</span></li>
<li>Follow the prompts. Choose the continent, then the country.</li>
<li>After finishing, a message will say: "<span style="color: red;">System Time Zone change will take effect at next reboot</span>"</li>
<li>If time is not correct, change it before you reboot. See the steps below.<br />
If the time is correct, you can now reboot the switch: # <span style="color: orange;">reboot</span></li>
</ol>
<h3 style="text-align: left;">
<div style="text-align: left;">
<br /></div>
Change the Time and Date</h3>
</div>
<div>
<ol style="text-align: left;">
<li>date [MMDDhhmm[[CC]YY]]<br />
MM = Month = 01, 02, ..., 12<br />
DD = Day = 01, 02, ..., 31<br />
hh = Hour = 00, 01, 02, ..., 23<br />
mm = Minute = 00, 01, 02, ..., 59<br />
CC = First two digits of the year = 20 for 2016<br />
YY = Last two digits of the year = 16 for 2016</li>
<li>To change the time & date to Jan 23 2016 21:43:00 (9:43 PM)<br />
# <span style="color: orange;">date 012321432016</span></li>
<li>Time change does not require a reboot. If you changed the timezone, you should reboot now.</li>
</ol>
<div>
<br /></div>
</div>
<h3 style="text-align: left;">
Display Current Domain ID</h3>
<div>
<ol style="text-align: left;">
<li># <span style="color: orange;">switchshow</span></li>
<li>Top of the output will show a line: <span style="color: red;">switchDomain: 1</span><br />
1 is the default value.</li>
</ol>
</div>
<div>
<br /></div>
<h3 style="text-align: left;">
Change Domain ID</h3>
<div>
<ol style="text-align: left;">
<li>To change the Domain ID of a switch, the switch must be disabled first:<br />
# <span style="color: orange;">switchdisable</span><br />
This will take the switch offline and stop all traffic.</li>
<li>Start the configuration process to change switch parameters:<br />
# <span style="color: orange;">configure</span></li>
<li>Fabric parameters (yes, y, no, n): [no] <span style="color: red;">yes</span><br />
Domain: (1..239) [1] <span style="color: red;"><Unique ID must be different from the switch you will connect to></span></li>
<li>Press Enter for all other parameters to use default values. No need to change any of them.</li>
<li># <span style="color: orange;">switchenable</span></li>
</ol>
</div>
<h3 style="text-align: left;">
<br />
Rename Zone Configuration</h3>
<div>
You should rename the zone config to match the primary switch. The primary switch is the one that will remain operational. The secondary switch is the one where we are making all these changes.</div>
<div>
<ol style="text-align: left;">
<li># <span style="color: orange;">cfgshow</span></li>
<li>This will print current aliases, zones and zone config information. At the top, you'll see the config name:<br />
<span style="color: red;">Defined configuration:<br />
cfg: HO_SANSW1_Top</span></li>
<li>The config must be disabled before you can rename it: # <span style="color: orange;">cfgdisable</span></li>
<li>Now, rename the config to be the same as the primary switch: # <span style="color: orange;">zoneobjectrename <current name>, <new name></span><br />
Example: # <span style="color: orange;">zoneobjectrename HO_SANSW1_Top, Production_SAN1</span></li>
<li>Remember, both primary (HP switch in my case) and secondary (IBM in my case) must have the same config name to be able to merge the fabrics.</li>
<li>Save the new config changes: # <span style="color: orange;">cfgsave</span></li>
<li>Run the command again to see the new config name: # <span style="color: orange;">cfgshow</span></li>
<li>Now activate the config: # <span style="color: orange;">cfgenable <config name></span></li>
</ol>
</div>
<div>
<br /></div>
<h3 style="text-align: left;">
Change Port Speed</h3>
<div>
All ports are disabled. We need to change the speed of the port to make it fixed instead of using auto negotiate. This must be done on both primary and secondary switches.</div>
<div>
<ol style="text-align: left;">
<li># <span style="color: orange;">portcfgspeed <port number> <speed></span><br />
Example: # <span style="color: orange;">portcfgspeed 35 16</span><br />
This will fix the speed of port 35 to 16 Gbps. Auto negotiation will be disabled.</li>
<li>Do this on the port that will connect each primary SAN switch to each secondary SAN switch.</li>
<li>Keep the port <b><u>disabled on the secondary</u></b> switch.</li>
<li><b><u>Enable</u></b> the port on the <b><u>primary switch</u></b>: # <span style="color: orange;">portenable <port number></span></li>
<li>Connect your Fiber Channel cables into the ports.</li>
</ol>
</div>
<div>
<br /></div>
<h3 style="text-align: left;">
Merging The Fabrics</h3>
<div>
<ol style="text-align: left;">
<li>First, save the current zone names of the secondary switch in a text file. We will need them after this step: # <span style="color: orange;">cfgshow</span><br />
Copy the output and save it in a text/word file.</li>
<li>On the secondary switch, disable the config: # <span style="color: orange;">cfgdisable</span></li>
<li>Now enable the port connecting the secondary & primary switches: # <span style="color: orange;">portenable 35</span></li>
<li>Wait 10-30 seconds before proceeding to give enough time for the link to establish and the 2 switches to talk.</li>
<li>Disable the secondary switch to make it the slave and to add the config from the primary:<br />
# <span style="color: orange;">switchdisable</span></li>
<li>Enable the secondary switch: # <span style="color: orange;">switchenable</span></li>
<li>Wait 10-50 seconds, then check the switch: # <span style="color: orange;">switchshow</span><br />
You should see in the line of the port connecting the switches something like this:<br />
<span style="color: red;">35 35 1f2300 id 8G Online FC E-Port 10:00:00:xx:xx:xx:xx:xx "" (upstream)</span></li>
<li>Wait some time and the name of the primary switch will appear between the double quotes.</li>
<li>You should also see both switches in the same fabric now: # <span style="color: orange;">fabricshow</span>This should show the names of the primary & secondary switches.</li>
<li>If you type # <span style="color: orange;">cfgshow</span> it will show all zones and aliases from both switches, but only those from the primary are in the active config.</li>
</ol>
</div>
<div>
<br /></div>
<h3 style="text-align: left;">
Enabling Zones of Secondary Switch</h3>
<div>
The fabrics are now merged, but the zones of the secondary switch are not in the active config yet. We need to add them to the config and enable the config.</div>
<div>
<ol style="text-align: left;">
<li>Open the text file of the zone names (cfgshow output) from the previous step.</li>
<li>To add the zones, type the command: # <span style="color: orange;">cfgadd "<zone name>", "zone1; zone2; zone3"</span><br />
Notice it's a semicolon between the zone names. You can add multiple zones at the same time to the active config.<br />
If you're lazy and java works for you, you can use the graphical interface to select the zones and add them to the config.</li>
<li>When done, type: # <span style="color: orange;">cfgsave</span><br />
press "y" to save it.<br />
Then type: # <span style="color: orange;">cfgenable <config name></span></li>
</ol>
</div>
<div>
Congratulations! Now all zones are active from both switches. The ports are still disabled, though, so let's enable them.</div>
<div>
<br /></div>
<h3 style="text-align: left;">
Enable Ports</h3>
<div>
<ol>
<li>List available ports and WWNs: # <span style="color: orange;">switchshow</span></li>
<li># portenable <port number=""><br />
Example: # <span style="color: orange;">portdisable 0</span><br />
This will enable the 1st port (port numbering starts from zero)</port></li>
<li>Repeat this for all ports.</li>
<li>You can now check your servers and storage and all links should be operational.</li>
</ol>
</div>
<div>
Congratulations! You're now done with the first switch connectivity. Make sure your links are stable, then move on to the remaining switches.</div>
<div>
<br /></div>
<h2 style="text-align: left;">
Errors</h2>
<h3 style="text-align: left;">
Zone Conflicts and Segmentation</h3>
<div>
For some reason, the switch showed "segmented" and "zone conflict" messages and upon a reboot, all ports were disabled. Trying to enable a specific port gave the error: "<span style="color: red;">Port 35: Port enable failed due to unknown system error</span>"</div>
<div>
<br /></div>
<div>
I rebooted the SAN switch again and the ports (and switch) became online again. Looks like it froze at some point and needed another reboot. If this happens often, upgrade the FOS to latest stable version. For me, it only happened once.</div>
<div>
<br /></div>
<div>
If you still get "zone conflict" after finishing all the steps, then you have an alias with the same WWN but different names. To fix it, rename the alias using the "zoneobjectrename" command as shown above.</div>
<div>
<br /></div>
<h3 style="text-align: left;">
Unstable Ports</h3>
<div>
I was unlucky to have the ports being unstable. The link kept going online & offline, flapping many times and sometimes it connects at 16 Gbps and sometimes at 8 Gbps (before I fixed the speed to 8 Gbps). Also, it prevented the switches from creating a fabric connection.</div>
<div>
<br /></div>
<div>
First clear the stats to not carry any old data: # <span style="color: orange;">portstatsclear <port number></span>, then you can check your port statistics by issuing the command: # <span style="color: orange;">portshow <port number></span></div>
<div>
In the output, if you have very large numbers in any of these parameters:</div>
<div>
<ul style="text-align: left;">
<li>Unknown</li>
<li>Parity_err</li>
<li>2_parity_err</li>
<li>Link failure</li>
<li>Loss_of_sync</li>
<li>Loss_of_sig</li>
<li>Invalid_word</li>
<li>Invalid_crc</li>
</ul>
</div>
<div>
In my case, I had to change 2 SFPs, one on the old HP SAN switch and one on the new IBM SAN switch. I also had to change the port slot on the old HP switch because the port slot itself had problems. I'm glad the FC cable was good.</div>
<div>
<br /></div>
<h2 style="text-align: left;">
References</h2>
<div>
<ul style="text-align: left;">
<li>Implementing IBM b-Type SAN with 8 Gbps Directors and Switches: <a href="http://www.redbooks.ibm.com/abstracts/sg246116.html?Open">http://www.redbooks.ibm.com/abstracts/sg246116.html?Open</a><br />
Fabric merge is section 13.2 - page 636 (pdf) / 608 (redbook)</li>
</ul>
</div>
</div>
MBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.com5