Author: Mark Coughlan

The First Refusal: When “Good Enough” Isn’t Enough

Lately, I’ve been taking on more work after a period of downtime. And a few days ago, I experienced something new – my first refusal. Someone approached me with an opportunity, and I simply turned it down with a polite “thanks, but no thanks.” It wasn’t a tough decision, but I found myself reflecting on why I said no.

I’ve worked with this company before. They’re just 10 minutes from my home, and with the flexibility of remote work, I could do the job from anywhere. Still, my instinct told me it wasn’t the right fit. So, why the sudden refusal? After some thought, I think I’ve figured it out.

A ‘Favour’ vs. a True Partnership

One of the first things that didn’t sit right with me was the tone of the request. The person I spoke with seemed to have the attitude that they were “doing me a favor” by offering the work. It’s a subtle but significant shift in perspective. It didn’t make me feel valued, and that always raises a red flag for me.

But there was a more fundamental reason for my refusal. Although the company is fairly large—around 6,000 employees across multiple countries—their approach to technology felt stuck in a “good enough” mindset. On the surface, that might sound fine. After all, many companies aim to deliver just what’s needed to move forward. But my experience with this company made it clear that this was more than just a strategy; it was a way of operating that left me frustrated and unfulfilled.

“Good Enough” Doesn’t Cut It

I’ve often said that I struggle to know when something is truly “done.” It’s a fine balance between perfection and completion, and I sometimes lean too far into perfection. It’s not a humble brag—anyone who’s seen my dial plans will understand.

This company, however, had an organisational mindset that leaned far too heavily on “done but not perfect.” It wasn’t just an occasional occurrence; it was the norm. The approach was one of constant compromise, and that’s not a place where I thrive. What made it worse was their frequent boast about being under-budget on projects. Yet, they had large product support teams that seemed to go unnoticed—a case of neglecting the quality of the output while claiming to save money perhaps?

The result? A lot of patching over previous decisions that were made too hastily, leading to more work down the line. For an architecture role, it felt more like 60% architecture and 40% cleaning up past mistakes. Much of my time was spent deciphering old PowerShell scripts that were meant to “quickly resolve” issues. I remember the first time I used ChatGPT to summarise a script—it felt like I had found a godsend.

The “Test System” Debacle

One particularly memorable example was a core business platform upgrade. The team had run out of VMWare capacity, and they couldn’t wait for the upgrade timelines. So what did they do? They dropped the requirement for a Test System. While that might sound like a small change, the reality was that they had actually dropped the need for a live system. All users were now effectively working in the test environment. As you can imagine, chaos ensued.

This situation raises an interesting question: when do we hit the point of diminishing returns in terms of effort versus value? When is something “good enough”? We all set our own boundaries in these matters, but within organisations, some people have more influence over where those boundaries lie than others.

For me, that drive to finish things properly is essential. It’s not about making something “work”—it’s about making something work right. A job well done leads to a deeper understanding of the platform I’m working with, and it’s far more satisfying than merely “making it do stuff”.

The Impact of Mediocrity

The real issue with a “good enough” culture is that it leads to mediocrity. If you’re constantly being asked to deliver work that’s average, you start to deliver average work. This affects motivation and, over time, can feel demoralising. Mediocre work starts to feel like a norm, and it’s easy to slip into that mindset across a wider array of tasks. It feels defeating.

Another practical issue I encountered at this company was the constant requirement for unexpected, unplanned work outside regular hours. Incident management calls at odd hours were the norm. Now, I know correlation doesn’t equal causation, but after experiencing this regularly, I couldn’t help but notice the pattern.

The Hidden Costs of “Good Enough”

When we talk about the point of diminishing returns, most people focus on the practical side of things—the time, effort, and resources required to finish a task. I however think we often overlook the broader impact. What about the toll it takes on our work culture, our personal time, and even our self-esteem? Delivering “good enough” feels like accepting mediocrity, and who wants to settle for that?

Over time, this affects your confidence in your abilities, and that, in turn, shapes how much influence and success you can achieve in your career. Constantly being asked to settle for less doesn’t just impact the work—it impacts the worker.

In Conclusion

After some reflection, I can see why I turned down that opportunity. It wasn’t just about the work itself, but the company’s approach to delivering quality and the impact it had on their team. I’ve learned that striving for more than “good enough” isn’t just beneficial for the projects I work on—it’s essential for my own growth, motivation, and satisfaction.

Now, I think I’ll go have an argument with a PowerShell script. It’s been a while.

Toward the end of 2022 I was finishing up a reasonably sized global project in Unified Comms – one that I’d been involved in (or around) since its inception. Looking back, I think earlier in 2022 I was feeling fairly burnt out by this project. I cover most timezones as I’m fortunate enough to be one of those people who doesn’t sleep that much, so I’d happily pick up the things I knew others would find difficult to accommodate. There was also a lot of detailed – but very cool – stuff that had to be done. Most tasks required input from several areas, all with shared but different priorities. Nothing new there – that’s just how mid to large businesses are, and knowing how to negotiate them is part of the experience.

You know that phase you go through – the stage where the cool stuff is done (The why, how, what with, what’s our dangers/risks, how do we mitigate etc.) …you’re now just focusing on finishing up the project control items, and those less interesting but yet part of your deliverable elements. They’re important – I’m not suggesting anything else – but it’s the clear up after a job well done. It doesn’t feel quite as satisfying. 

I’ve experienced this throughout my career, so have personal mechanisms to deal with it and keep things interesting. I do so by considering what I’m doing today and then thinking about how I could do it better. Also, I try and think how can I make this reusable. In this particular project I’ve ended up writing a few tools that I’ll certainly be using elsewhere. I’ve a decent library of reusable stuff stretching all the way back to …Netware. Wow. Automated Netware 4.11 Server Deployment anyone? Even has login scripts. That’s not really the point of this blog though.

I’d decided that when this project finished toward the end of the 2022 I was going to give myself a few months off. I don’t mean a few months off doing nothing, I just mean stepping back from the usual level of effort and intensity to give myself some time to regroup, and to get ready for The Next Cool Thing. There’s always more cool things.

It’s the bit that happens after the project completion, when you’ve finished those line items. It’s the post-project ‘just one more thing’. I’ve realised how immensely rewarding it can be. I’ve always been aware of this, but never really given it a lot of thought – until now.

Those ‘just one more thing’ items tend to be advice and sometimes interesting left field bits of work. How would you deal with this? We have this weird issue any ideas? Hey, have you some pointers how we can get started with ….? Could you give us a hand with…?

I think I’ve worked out why I like that part of a project so much; it’s because it makes you feel valued. Now, I’m sure many of you have already come to this conclusion however for people like me it’s a little bit of a surprise. I’ve never really been one to need positive affirmations or feedback at work – I’m freelance after all, and you’re judged by your work and I suppose by how much work you have. I prefer the delegation element of situational leadership rather than the supporting (as a team-worker) – tell me what you need, I’ll get it done. Negative stuff of course feedback is welcome – it helps us work better, and it gets us both better results. I may even agree with you. If I’m honest about such things however, I am the worst critic of my own work. The struggle between ‘perfect but not done’ or ‘done but not perfect’ is real – and perhaps a subject for another day. I’ve re-written that sentence several times as it sounds like a humble-brag – it’s genuinely not. I like things to be accurate. Anyone who has seen my dial-plans will understand this. There’s ‘works’ and there’s ‘right’. Sometimes ‘works’ is enough. 

Paradoxically I can find the 3 months or so post the closure of a larger project thoroughly enjoyable and rewarding. It’s the ‘just one more thing’. 

That one more thing is ‘we value your input’. 

I’ve been involved with companies that are so invested in their feedback cycle and reviews that they don’t often see that they could do all that stuff – and get better results – by working on their day to day, rather than formal reviews. That isn’t my area however, so I’ll not offer much of an opinion there. I’m sure those formal reviews have their place, I just think those same companies are missing a trick by thinking they’re all there is.

Anyway, I’m getting to the end of January and I’m now looking forward to The Next Cool Thing. My couple of months off didn’t really materialise although I did get a decent amount of down-time to regroup. I even got half-way through sorting out the hallway cupboard.

I recently made the mistake of having the opportunity to play with some enterprise storage – lots of glorious NVMe etc. – and it got me eyeing my main storage NAS with disdain. WHY. I was happy with it before I started playing with the enterprise stuff….Anyway, I’ve got my hands on a Synology DS923+ unit with the following specifications:

-> Synology DS923+

-> 32GB RAM (Non-Synology)

-> 4 x 16TB Toshiba ENT Drives

-> 2 x Crucial 2TB NVMe SSD (Configured as a storage pool – more on that in a minute)

-> 10Gbe NIC

I’ve had some time with the unit and have now been able to test its performance, and assess its power usage. I’ve put it all together in a spreadsheet (because of course I have), and you can see that spreadsheet at the following link, including costs (and links to suppliers), performance, and power consumption.

2023-01-03_Synology_DS923.xlsx

The performance matrix is below.

There are no great surprises in there – the unit nearly maxes out the 10Gbe connection on reads, and is about 80% of the way there on writes – that’s on both the NVMe Storage Pool and the spinning drives. On my previous QNAP unit over 10Gbe I was getting in the region of 3-400MB/s mainly due to the PCIe interface on the QNAP being a slower type than that on the Synology. So the performance is a fab upgrade for my usage scenarios. Even if you don’t have a 10Gbe connection, the units will easily max out the cheaper 2.5Gbe interfaces. It’s a little disappointing I think that even in today’s market Synology are providing the units as default with 2 x 1Gbe connections. You’d imagine 2.5Gbe would be becoming the norm now? The added E10G22-T1-Mini RJ45 10Gbe E (catchy name) adapter is another 150-200GBP but it does perform, and it supports 2.5Gbe & 10Gbe over RJ45. Note it’s a proprietary slot too so you can’t just pick up any 10Gbe Interface.

I also tested the encrypted shares – as you can see, write performance is significantly impacted with an encrypted folder. Roughly there’s a 45-50% performance penalty when writing to encrypted shares. That doesn’t bother me too much, however bear that in mind if you want to encrypt everything.

Another surprise was the support for storage pools on NVMe. There is however a huge catch – it’s only properly supported on Synology provided NVMe drives. I don’t have any of those, and they’re expensive and small, so wasn’t getting any either! Fortunately, there’s a way of configuring the storage pool with non-Synology NVMe via SSH. It’s not that hard, and I’ll write up shortly how to do it. The only downside I have seen so far is that if you lose a SSD to failure you have to reconfigure the whole RAID again via the command line. That’s one of the reasons I’m using RAID 0 (with no protection) – I figure if I’m going to do it anyway in a failure scenario then I’ll just recreate. I protect the contents by using snapshot replication to the spinning drives anyway, and there’s nothing time-critical on those units, so it’s all good. One thing to be aware of though! 

Similar with the RAM – I’ve used third-party Kingston RAM as it’s cheaper than Synology (and I could get hold of some). It works just fine, however you do get a warning that you’re using non-Synology RAM. A little annoying but hardly earth shattering. It’s interesting that they’re now going with the ‘supported’ devices approach – the drives I have aren’t on their list either, but of course work just fine.

So far I’m impressed with the unit. It’s quiet, fast, and the power usage is acceptable. Spin down on the Toshiba units works as expected – I’ve moved most apps that would be ‘live’ to the SSD to reduce dependency on the spinners unless I’m using them.

How much do they cost to run? Well, I’ve worked that out for you too. Have a look in the spreadsheet above on the ‘Operational Costs’ sheet. Snapshot below – click on it for a bigger version.

Based on my usage profile and electricity tariff the unit costs about GBP14/month to run, or GBP168 a year. Considering everything I get the unit to do – it’s got a ton of apps on including a couple of virtual machines, my media storage, cloud sync and my backups – that’s pretty reasonable. You can adjust the percentage spun down, idle and under load to get figures nearer what you’d expect for a consumer unit – from what I’ve read, consumer numbers are nearer 40% spin down, 40% idle, and 20% load. Apparently – that sounds low to me? If your usage is that low why would you have one?!

Anyway, any issues? Well, transcoding Plex is problematic on these due to the lack of hardware encoding and Quicksync. Fortunately I don’t do that – my Plex is on an older Mac mini that does several other things and that handles Plex just fine. If you have a dependency on Plex, perhaps consider a unit more suitable.

So far however, this unit is an absolute flyer. Fast, and that DSM OS is a joy to use. It is annoying you have to pay extra for the faster ports (10Gbe), the lack of support for storage pools unless you’re using Synology SSD, and the annoying message about the drives not being on the supported list….The ports they definitely should address – 1Gbe in today’s market just doesn’t cut it in my opinion.

Anyway, some nerd info for you.

Happy New Year and all that!

I got asked something the other day, that while a simple question, took me some time to ponder and fully answer. Why do I produce so much documentation for stuff?

First, some context. I spend most of my time designing, deploying and even sometimes – operating – mid-market IT systems. Mostly Office365 and Unified Communications areas, as I find them the most interesting. By mid-market I tend to focus on the up to 10k seats area. Mainly as I find that’s a size that’s manageable and you spend most of your time actually doing the interesting technical stuff rather than lots of incremental minor things due to risk management. I have worked on big stuff – some of it properly big (400K+ users) – and while that has it’s own attraction and interest, the mid-market I find more interesting.

Over the years I’ve developed a solid strategy for dealing with complex systems, and managing change. I don’t mean the formal change management processes – they of course have their place – I mean how *I* manage what I’m doing, how I establish the outcomes I want, and how I get there. This is the bit that tends to produce a lot of documentation.

Let’s imagine we have a requirement to implement a reasonable amount of change for a system on a remote site. My documentation process will follow this methodology:

• The why and the what. Here it’s a brief to ensure that everyone understands what’s being asked for, why it’s being done, and what the expected outcomes are. This has been vital in catching some misconceptions/differences between people.
• The how. This details how I’m going to achieve what is being asked. All touch points, impacts, expected outcomes etc. Also includes how we roll back. This is often included in the change management process.
• The doing. What happened when we implemented? This is great for lessons learned and for future similar projects.
• The final state. Sometimes referred to ‘as is’ documentation.

This feels like a lot doesn’t it? It really isn’t in the real world. I’ve been following this process for so long that it’s second nature to me. It has some very specific pay offs too. I have a complete audit trail of what was asked for, what was agreed, and what happened when we did The Thing. That’s come in very useful in the past.

Do you know what’s really important about the process though, that I think is often missed? This process helps me vastly reduce risk in increasingly highly complex systems. This has been a developing area in the world of technology (Complexity Theory), with a key part of it being Systems Theory. Understanding how one system is dependant on another, and affects several others – it’s challenging. 

This documentary process then – for me – is a lot more than just the documentation. It’s a process of fully understanding a requirement, establishing how we get there, and then helping the people running the systems also have a handle on it after we’re done. The process is arguably just as important – if not more so – than the documentation itself.

This is the bit I find interesting, and it took me some time to explain. 

The pay offs from this process are several. From a freelancer perspective, this makes me reliable. Typically I achieve what I am being asked to achieve, and usually in the manner we’ve planned and agreed. Another key pay off, is that it makes me look at the technology I deal with in a lot more detail than is perhaps necessary for specific items. That always aids understanding, and that is never a bad thing in technology.

Anyway, a simple question, not such a simple answer. Writing good documentation is also challenging in the technical space as you have a wide range of readership to consider, but that’s a subject perhaps for another day.

I’ve been thinking about approaches to technical issues recently – large issues rather than small ‘my laptop is broken’ type ones, and it’s got me thinking about people’s approaches to complex problems. There seems to be two types (I’m sure there’s many more, but I’m going with two for this).

1. Keen to work a way to a solution.

2. Nope. Too hard. Risk. Nope.

The former one – people like that I enjoy working with. Working out the correct way to address problems and actually getting things done is a skill in itself. One I’ve spent a lot of focus on personally, as I think it’s one of those things that separates techs. It’s not just about the technology, it’s about getting a business requirement done. Knowing the correct balance between perfect/not done, and done but not perfect…..well, it’s a skill.

What about the second type? Well, I find these groups incredibly difficult to work with – but it always ends up the same way. Let’s consider what I’m talking about with an example:

We have three blocks, numbered 1, 2 and 3. The requirement is at least ONE of those blocks has to be in that box over there. Let’s look at how this goes:

-> OK – let’s put block 1 in the box!

—> NOPE! I need that, I like its colour.

-> OK – 2?

—> NOPE! Thursday.

-> 3?

—> We couldn’t POSSIBLY do that.

So we have a defined requirement, and yet that requirement you have made impossible. What tends to happen is this goes around and around for a bit until somebody gets thrown off the roundabout in frustration. Typically, it then gets escalated to somebody who has some say in stuff.

• BOSS: Right, we’re putting block 1 in the box. There are some issues to fix and some pain, but it’s less pain than not having the stuff in the box.
• Everyone: OK, let’s do that.

Tech – Facepalm

The thing is with this approach is it damages relationships as it’s so exhausting. It’s why I much prefer working with your Type 1s. They work through things, they get stuff done. Type 2s? They just end up being told they’re wrong. Pretty much whatever they do, they’re going to be wrong. How people work like that is beyond me, it must be utterly ruinous.

I’ve seen of a couple of instances of phone number hijacking again recently – typically WhatsApp – but you can also see it with services like Skype (Consumer) and the like. What am I talking about?

Well, let’s consider Skype (Consumer). When I make a call from my Skype client it actually appears on the remote end as to be from my mobile. When I set this up, I have to enter my mobile no. I then get a code on my mobile which I have to enter to show that I own that number. When I do, I can then make calls with an outgoing number of my mobile.

Spotted the hack yet? Get that code, and you can make phone calls appearing from my mobile.

Imagine you’re selling something and the buyer is reasonably wary. Conversation goes like this:

Buyer: I want to make sure you are who you say you are. I’m going to text you a code and if you can tell me what code is we can continue.

Innocent: Sure! 

Innocent: Gets code, sends it to buyer.

*BOOM* buyer now can make phone calls appearing to be from your mobile.

It’s a similar hack with WhatsApp. Just replace being able to make calls to owning your WhatsApp account.

Be very wary of telling people these codes. Make sure you trust the service asking for a start. Here’s a real example:

A friend was after some general advice on storage/availability and backups for home stuff so rather than just reply specifically to him I thought I’d put my general thoughts together on non-professional data protection. The stuff in my day job is generally focused on 99.999% (5 nines) availability so the backup and availability strategy is usually beyond what you’d want to do for home.

The questions are usually around should I implement RAID? How do I backup? What should I backup? Where to…? To answer these questions you really need to look at fundamental aspects of your data protection strategy, and they are:

• Recovery Time Objective (RTO). How long would it take to restore you data, and how much of a pain would it be not having that data for that recovery time? There’s also the question of effort to restore data, but that’s a softer consideration – if you’re busy, this can be a significant added burden to any potential restoration process – arguably this massively increases the pain of not having your data for that recovery time.
• Recovery Point Objective (RPO). How much data can you accommodate losing between backups? For static stuff that doesn’t change often for example you may only backup once a week or so.

From a general data protection point of view, the 3-2-1 backup strategy is the one most talked about. What this means is:

• You have three copies of your data at any one time.
• Two of them are on physical different devices.
• One of them is away from the main premises you use – I.e. Off-site storage. 

Considering the above is how I would come to a backup & data protection strategy. A couple of quick points:

• RAID is not a backup. Using RAID is a strategy that affects your RTO and RPO. Lose a RAID array and you’re in trouble aren’t you? Having RAID does not affect the 3-2-1 strategy, it is an availability technology, nothing more. It vastly reduces your RTO & RPO. Lose the array with no backup then your RT & RP become infinite….
• Automation is key to a good-backup strategy. If you have to do something manually, the one time you think you’ll be fine is the one time you’ll be crying in to your soup.
• You may want to consider have a second off-site copy. Why? Well, consider ransomware protection. If your backup solutions are automated to the cloud for example, there is a (albeit remote) possibility that your off-site backups also get encrypted with Ransomware. To see what I mean in a bit more detail, have a look at my video here. RansomWare – Protect Your Stuff!

So, in reality, what would a backup solution look like?

• One device with live data.
• One device with a copy of your live data.
• One off-site copy.

So where does the RTO and RPO come in to it? Well, it comes down to how quickly you need your data backup, and how much you can lose. Traditionally, most systems would backup every evening (often using a Grandfather, Father, Son scheme) and this will probably be enough for most home systems. What’s the worse case here?

Let’s say you backup at 23:00 overnight. One lovely Friday at 22:59 your main storage blows up/gets flooded with milk (don’t ask). Well, you’ll have lost all of your data from 23:00 the previous night to 22:59 on the day of the milk issue. That’s your Recovery Point.

Next, you need to consider how long it takes to restore your data – that’s your recovery time.

Where does RAID come in to this? Like I say, this is an availability consideration, not a backup. If you:

• Have a good backup system that’s automated and backs up to another device every night.
• Would be OK with losing 24 hours of data.
• Would be OK with the time it takes to get access to your data….

…. Then what will you gain from RAID? Not a lot really. However consider that you may want everything to just carry on working even in the event of a drive failure – that scenario RAID is a great help. You can take a drive failure and carry on as you are and replace the drive. Note you’re still backing up at this point.

When considering your backups from device one to device two, do you just want them to be exact replicas? There’s danger in this. Imagine corrupting some stuff and not realising. You’ll end up with the corruption duplicated on to the other devices, and your off-site backup. This is where having the Grandfather, Father, Son mode of historical backups come from – this takes more automation to achieve, and you may of course consider it well beyond the requirements for home. 

So…do I need RAID? It’s not as simple a question to answer as may first appear is it? Personally I think that anything keeps your data available, and avoids me having to resort to backup systems is absolutely worth it. You really want your backup system to be a ‘last resort’ type thing, so in reality I always tend to RAID my stuff. This is where NAS devices come in by the way – not just for their RAID systems but also for their in-built backup solutions. Let’s take how I used to use my Synology stuff (I’ve upgraded now for 10Gbe and I have a ridiculous internet connection so rely on Azure stuff a lot more now):

Primary Device

Synology 918 with 4 x 12TB drives giving about 36TB available.

Secondary

Synology 416 (I think) with 4 x 12TB drives giving about 36TB available.

Overnight the primary device is backed up to the secondary, and it has a 12 month retention – I.e I can go back up to  pretty much any point in the previous 12 months. In addition to that, live data that changed often was snapshotted from the primary to the secondary about 4 times an hour.

Finally, the secondary Synology also sync’d those backups to an off-site hosted solution. 

Probably way over the top however the principle can be easily replicated without all that expensive gear.

Primary Device

2 x 6TB drives, mirrored, so 6TB available. If you get a drive failure your data is still available, and you can replace the drive.

Your primary device also replicates your data to cloud storage.

Secondary Device

A 6Tb or larger hard disk with point in time incremental backups of the primary.

Far smaller, but with the same principle, and you get the same range of dates for your recovery point (I.e. You can restore back to a point in time.

Told you the question isn’t as simple as you’d imagine.

I’ve noticed recently that whether online or in real stores like PCWorld/Currys, I’m being asked a lot more whether my purchase is for business use or not. 

“Is this a business purchase, Sir?”.

They laughably refer to ‘giving you a VAT receipt’ which of course you should be entitled to anyway.

The cynic in me thinks there is only one possible reason this is happening more and more – to get out of consumer protection laws – distance selling rights for example. Here’s the thing – if you say it’s a business purchase very few of these rights then apply. How crafty is that?

Anyway, here’s the point – if you ever get asked if it’s a business purchase always say no. You’ll retain far better consumer rights, and lose nothing in the process.

When is plain old storage not plain old storage? When it’s Network Attached Storage (NAS) that’s when. 

I don’t tend to delete stuff, as storage is relatively cheap and I usually find that if I delete something I, at some point in the near future, will be irritated that I’d deleted said thing. I have my email archives going back to 1999 for example. Yes, yes I know. 

I’ve always shied away from network attached storage. Every time I’ve looked at it I’ve been caught by the network transfer rate bottleneck and the fact that locally attached storage has for the most part been a lot quicker. Most of my kit is SSD driven, and volume storage was fast Thunderbolt type. Typically I’d have a tiered storage approach:

• Fast SSD for OS/Apps/normal day to day stuff.
• Thunderbolt 3 connected SSD to my virtualisation stuff.
• Spinney ‘volume’ storage.

The thing is, my storage was getting into a mess. I had loads of stuff connected. About 12Tb off the back of my iMac#1 (My virtualisation machine, for stuff that’s running all the time), and about another 15Tb off the back of my everyday iMac Pro. That’s a lot of spinner stuff. Trying to ensure important stuff was backed up was becoming more and more of a headache. 

So, I finally gave in, mainly due to the rage around cabling more than anything else, so I started investigating a small server type setup, but then it occurred to me I’d just be moving things about a bit, and I’d still have a ton of ad-hoc storage….So I started investigating the Network Attached Storage devices from the likes of Synology and QNAP.

Oh my, how wrong was I about NAS units. They’re so capable it’s ridiculous, and they’re not just raw storage. I have a few of them now, and they’re doing things like:

• Storage because storage because I needed storage
• A couple of virtual machines that run some specific scripts that I use constantly.
• Some SFTP sites.
• A VPN host.
• Plex for home media.
• Volume snapshots for my day to day work areas.
• Cloud-Sync with my DropBox/OneDrive accounts.
• Backup to another unit.
• Backup to another remote unit over the Internet (this is more of a replica for stuff I use elsewhere really).
• Backup to a cloud service.

I did run in to some performance issues as you can’t transfer to/from them faster than the 1Gbps connection – which is effectively around 110MB/s (Megabytes per second) – so 9-10 seconds per Gigabyte. My issue was that I had other stuff trying to run over the 1Gbps link to my main switch, so if I started copying up large files over the single 1Gbps links from my laptops or iMac(s) then of course everything would slow down.

That was fairly simple to fix as the Synology units I purchased support link aggregation – so I setup a number of ports using LACP link aggregation (Effectively multiple 1Gbps links) and configured my main iMac machines with two 1Gbps link-aggregated ports. Now, I can copy up/from the Synology NAS units at 110MB/s and be running other network loads to other destinations, and not really experience any slow downs.

Just to be clear – as I think there’s some confusion out there on link aggregation – aggregating 2 x 1Gbps connections will not allow you transfer between two devices at speeds >1Gbps as it doesn’t really load balance. It doesn’t for example send 1 packet down 1 link, and the next packet down the next. What it does is works out which is the least busy link and *uses that link for the operation you’re working on*.

If I transfer to two targets however – like two different Synology NAS units with LACP – I can get circa 110MB/s to both of them. Imagine widening a motorway – it doesn’t increase the speed, but what it does do is allow you to send more cars down that road. (Ok, so that often kills the speed, and my analogy falls apart but I’m OK with that).

I can’t imagine going back to traditional local attached storage for volume storage now. I do still have my fast SSD units attached however they’re tiny, and don’t produce a ton of cabling requirements.

I regularly transfer 70-100Gb virtual machines up and down to these units, and even over 1Gbps this is proving to be acceptable. It’s not that far off locally attached spinning drives. It’s just taken about 15 minutes (I didn’t time it explicitly) to copy up an 80Gb virtual machine for example – that’s more than acceptable.

The units also encrypt data at rest if you want – why would you not want that? I encrypt everything just because I can. Key management can be a challenge if you want to power off the units or reboot them as the keys for the encryption must either be:

• Available locally on the NAS unit via a USB stick or similar so that the volumes can be auto-mounted.
• or you have to type in your encryption passphrase to mount the volumes manually.

It’s not really an issue as the units I have have been up for about 80 days now. It’s not like they’re rebooting every few days.

The Synology units have an App Store with all kinds of stuff in there – properly useful things too:

Anyway, I’m sure you can see where I’m going with this. These units are properly useful, and are certainly not just for storage – they are effectively small servers in their own right. I’ve upgraded the RAM in mine – some are easier to do than others – and also put some SSD read/write cache in my main unit. Have to say I wouldn’t bother with the SSD read/write cache as it’s not really made any difference to anything beyond some benchmarking boosts. I’d not know if they weren’t there.

I’m completely sold. Best tech purchase and restructure of the year. Also, I’m definitely not now eyeing up 10Gbps connectivity. Oh no.

As a quick side-note on the 1Gbps/10Gbps thing – does anyone else remember trying 1Gbps connectivity for the first time over say 100Mbps connectivity? I remember being blown away by it. Now, not so much. Even my Internet connection is 1Gbps. 10Gbps here I come. Probably.

Faster Internet – for FREE! Can you really get something for nothing? Well perhaps not, but there are things you can do to both optimise your Internet connection and protect your usage.

What do I mean? Well, given most of my readership tends to be techy in nature, I’m not going to go in to massive amounts of detail, but in effect every Internet Provider tends to assign you their DNS servers…and these are usually far from optimal. A lot of techs I know then default to switching to Google’s DNS (8.8.8.8 and 8.8.4.4) because they’re pretty quick.

Yes, they’re pretty quick…But you’re gifting Google with the ability to know every URL you resolve to an IP address. If you’re comfortable with that then fair enough – I’m not, however. Google makes me uncomfortable from a privacy perspective.

So, let’s look at Cloudflare. Many of you will be familiar with them with their Web Caching technologies, but few seem to be aware they also have DNS servers available – 1.1.1.1 and 1.0.0.1. Cool addresses hey? Forgetting the cool addressing, just look at the performance – they’re properly fast.

There’s various DNS benchmarking tools out there – OK, they’re not the most interesting of tools but they do give you decent information. Consider the performance difference between the Google servers and Cloudflare:

As you can see, in other than localised cached versions CloudFlare nails the performance – and the reliability – in all the required areas. I know it doesn’t look like much, but the differences add up, and you can feel the difference.

What about the privacy thing about the provider knowing everything you do? Well, I suppose there is an element of me just not trusting Google – any company that needed a tag line of ‘don’t be evil‘ has issues – CloudFlare do seem to have a defined policy of never storing your queries on disk, and being audited to ensure this is true. Apparently. I have no proof this is true, beyond stated policy.

Anyway, you can read the launch blog here:

Announcing 1.1.1.1: the fastest, privacy-first consumer DNS service

I’ve been using the service for a while, and it is faster than the ones I was using previously, and by some margin. The privacy element is a nice cherry on the cake.

The future expansion plans to cache more can only provide better response times you’d hope.

Oh, as a funny and slightly bizarre side-note, some ISPs won’t actually be able to route to 1.1.1.1. I’m sure they’re working on resolving that – it’s easy to check if you can use the system simply by firing up nslookup (whether in Windows/Linux/MacOS) and then selecting the server with ‘server 1.1.1.1’ and seeing if you can resolve any addresses:

How you implement this for your Internet connection varies – on my platform for example I have my own DNS server that caches stuff, so I just CloudFlare as a resolver to that. You can also update your DHCP on your router to issue 1.1.1.1 and 1.0.0.1 – that’s probably the simplest way of doing it for most people I imagine.

It really does make a difference.

Honest.

2018-05-25 Wow, fastest disagreement ever on a blog post. Some of the pricing below (like Spotify for example) are student pricing as apart from my day job of not being Batman I’m also a student. Also this year’s Prime will drop in price because of that too.

====

It’s no secret that a lot of tech industries have moved to a subscription models where you pay a monthly fee to access their product and services. So much of not a secret that it’s dull, so I’m not going to talk about that too much.

What I’m going to talk about however is how cheap things can all of a sudden make you realise you’re paying a ton of money for things that previously you didn’t pay a ton of money for. All the small things add up don’t they? 

I’ve been trying to rationalise my subscription services as I’ve got a lot of cross-over in some areas, and it’s made me realise how much I’m actually paying for stuff. Things like:

For the sake of transparency of highlighted my work stuff in green – slightly differing cost there as no VAT, and they’re tax deductible expenses (I think). 

Anyway, they do add up don’t they?! I’m going through the process of rationalising stuff as there are some obvious cross overs there. Audible for example I’ve now got enough credits to listen to audio-books until my ears bleed, and yet I keep amassing more. 

Cancelling Audible is always interesting – here, have it for half price! What I actually read is that they’ve been over-charging me since day 1.

The cloud backup service, dropbox and Offic365 all have cloud storage in them, and more than enough, so why do I have all 3? I suspect when you see the low monthly cost combined with the effort involved you think meh, what the hell. Then you’re invested. They’ve got you.

Zwift I don’t use in the summer either, I go outside like a normal person. So why am I paying for that?

The push to subscription services can really alienate me as a consumer. Take two companies I used to have a lot of time for – now, I wouldn’t touch their products if you gave them away with a free alpaca:

• 1Password
• TomTom

What did they do that was so terrible? Well, they tried to force me to dump my initial capital investment and switch to their subscription model. 1Password for example I had invested fairly significantly in – multiple clients, MacOS, Windows, phones etc. and I liked their product. Then a push to the subs and a lack of updates to the normal capital purchase clients. It felt like a complete stitch up. Like I say, now, whenever anyone asks about password managers instead of recommending a company the first thing I say is ‘don’t use 1Password’.

Same for TomTom. I paid a fair amount of money for their product on my phone. Next thing I know is oh, we won’t be updating that any more, you have to buy a subscription to get access to ‘miles’. Yeah, how about no? I’ve already bought a product I expected to work.

Just to be clear, I understand that products have a life-cycle. I expect to pay to upgrade when necessary. I also expect however to have the opportunity to make a choice on whether to upgrade based on a balance of costs against new functionality. What I don’t expect is the products I’ve purchased to not have the functionality I originally procured unless I then upgrade to their subscription. Yes TomTom, I’m looking at you.

Some services of course I think are an absolute bargain. The core Office365 offering (I use multiple E3 for my work) and I think for what you get it’s an utter bargain. The phone system….not so much. It’s expensive for what it is.

Aaaanway, monthly subs. Look cheap, and they’re not.

I live in Central London, and one of the benefits of living here is that the Internet connectivity has always been relatively good. I’ve had 200Mbps down/20+Mbps up for quite a while, and you get used to such performance. The upload speed always seems to be the restrictor though, doesn’t it? Makes things like uploading YouTube videos, and online backups (for example) something you set off, and leave to it. 

Anyway, I got the opportunity to upgrade to 1Gbps Fibre connectivity from a company called HyperOptic. That’s 1Gbps up and down. I saw it was available, and given the cost at circa GBP50/month, I thought it was a no-brainer. I also kept my existing provider, as something so cutting edge may perhaps not be reliable. I tend to adopt stuff early, and sometimes that can cause some headaches – I couldn’t afford any issues with my Internet as I rely on it so much. So much so I’ve had more than one provider for as long as I can remember. In fact, I wrote about load-balancing multiple connections here:

Load Balancing Broadband Connections

So I’ve had the service for a good few months now, so thought I’d share my views. 

My opinion is a simple one – just wow. It’s been rock-steady from a reliability point of view, and the performance just changes the way you use things. Uploading/download stuff feels much the same as it would as if I were operating over a local network. Just simple things like Windows Insider Preview updates come down in no time at all. It just makes my remote working life far, far easier.

Online backups now are far more tenable than they were. I use BackBlaze, and I’ve found their service very fast, and utterly reliable. You add in a decent connection and all of a sudden I can now backup all of my important stuff and not give too much thought as to how much I backup off-site. I wonder with the advent of such Internet connections whether services like BackBlaze, who offer unlimited backup, may have to reconsider the price point/offer? Mozy went through that pain, and I believe Crashplan has now pulled out of the consumer market? I shall watch that space. I’ve a ton of cloud storage with my Office365 tenancy and my DropBox area so was considering jumping to that, but the BackBlaze service is just such a configure-and-forget platform it’s well worth the money. Backups you have to do sometimes just don’t happen. Automating those backups is the winner here.

Anyway, performance. Below is the current performance I’m seeing using the DSL Reports Speedtest. I’m connected over 1Gbps wired-Ethernet at this point. 

Seriously, how impressive is that? For comparison, this is the same test but over WiFi.

In this case, it’s my WiFi not keeping up with the connection – which is fair enough. I use a Netgear R8000 AC3200 router and am in general very happy with the performance.

Anyways, want to see this stuff working? There are a couple of videos below you may find interesting. I’m incredibly satisfied with the service. Fantastic performance, and a very reasonable price – what more can you ask for?

Oh – as a quick side note – if you do consider the service remember they use Carrier Grade NAT (CGN). CGN can cause issues with stuff like VPNs and the like. My work VPN won’t work through it for example. They can give you a static IP address too – I spoke to them online about it, and it was sorted in minutes.

I’ve today had to spend time moving my password management solution from 1Password to another vendor. I won’t say which vendor I’ve moved to, as the idea makes me a bit uncomfortable. Anyway, the reason I’ve moved got me thinking about other vendors I’ve used – and loved – in the past, but then ended up really, really disliking. The process is usually a similar one, and it goes this way:

• Vendor produces a GREAT product. 
• I invest in it.
• I tell people to invest in it, as it’s great. 
• Vendor basks in its success.
• Vendor has idea to get more money out of that love.
• That vendor implements things that annoys.
• Vendor refuses to listen to its long term users.
• Users get rage, move on.

The critical part of this seems to be that vendors almost get arrogant in their success – once they have that arrogance, things start to go wrong.

So what has 1Password done? Why has it annoyed me so much I’ve binned my investment in them, and re-invested in one of their competitors? Well – at a high level – they’ve got very arrogant in their position. Specifically, they’re pushing their user population to a subscription service, and yet seem to be completely disregarding their existing customers. Customers who have invested in their success. Firstly, one of the things I liked about 1Password was its ability to use local vaults that did not require uploading my stuff to someone else’s cloud in a way that that vendor could read your data. Other things I liked were it’s multi-platform support, and the fact that it in general worked well.

What’s so wrong with the subscription service? Well…not that much I guess. It moves the financial model from a platform related one – I.e. Paid version, then you pay to upgrade – to a regular monthly cost. Of course they say it’s ‘the cost of a couple of cups of coffee a month!’.. Sure, that’s true, but it adds up to a lot more over time than the investments in platform/version type investments. In addition, 1Password have made no effort to smooth the journey for people who have already bought the client on (in my case) Mac OS, Windows, iOS and Android. I’ve effectively just burned that investment – so hell, I’ll burn it and invest again elsewhere. 

WAIT, you think – this doesn’t of course mean the existing clients will stop working does it? No, it doesn’t. In addition 1Password has stated they’ve ‘no plans’ to remove the support for local vaults. They shout about that, and the words they use tell me one thing – that they’re ignoring the key question most people like me are asking: Will the existing non-subscription client continue to be updated? The silence on that question, from multiple people, speaks volumes. I’ve spent way, way too much time getting them to answer this question today. They’ve answered everything except this specific question. Make your own conclusions from that. A lot of users – me included – feel betrayed by them as a vendor. 

So, it’s goodbye 1Password. I’ll take my investment elsewhere, and I’ll also advise everyone I talk to of exactly the same thing. This bit is interesting – as somebody who works in tech I get asked a lot about what to buy/use etc. I wonder what the effect of that is?

Just for clarity, I don’t expect to buy one product and expect upgrades for free forever. I’ve no issue re-investing in new versions etc. This method of pushing to subscription though just bugs me. I have to pay again, for something I already have, and that uses a sync methodology I don’t want to use, and the platform I’ve already purchased will no longer get any updates. 

So who else have I dealt with that have gone this route? Well, let’s think:

• MOZY – the backup service. Initially a great service, at a great price. Gets you invested, and then they whack the price up. Mine went up nearly 1200% for example. So bye then.
• Crashplan – same thing, attractive buy in, then the service got massively over-subscribed, and plummeted.
• TomTom – pushing everyone to their subscription model, negating my fairly substantial investment in the existing apps from multiple countries.

It just bothers me that companies get this success behind them, and then they go and crap all over the people that got them the success in the first place!

Professionally I come across this too. How many times have I worked with customers where existing providers, vendors, and partners have just taken that customer for granted? Margins start to go up, response times go up, the vendor/partners ‘want’ of that business seems to assume that they’ve already won the business. Then along comes a hungrier partner, keen to get some good stuff going, and boom, that original partner is now sidelined and struggling to get back in the door.

It’s a difficult thing to try and keep that hunger I think, in some respects anyway.

The push to subscription services is a golden opportunity for a lot of companies. A golden opportunity to turn business into a nice annuity – few vendors have done it well in my experience. Who has done it well? Well, Office365 I think is an utter bargain for what you get. Same with the Adobe stuff. TomTom? Nah. It’s WAVE or Google Maps for me now. 

Such is life I guess. Become arrogant in your success, and your success will become a lot more difficult to maintain. Annoy one of your customers – whether consumer or business – and it’s not just that customer you’ll lose, it’s everyone else that customer gets to influence too.

Haven’t blogged for a while. I’ve been busy with the day job, doing some properly interesting stuff. Without boring you all to tears I’ve moved back from being constantly in a sale/pre-sales environment and gone back to actually doing stuff. It’s what I enjoy, it’s what I’m good at – I think.. and it produces defined actual outcomes. Mac is in a happy place.

Anyways, that’s not the point of this blog. I’m sure by now you’re all sick to death reading about the recent ransomware attack. Now, in the press it was all about the NHS – the UK’s National Health Service for my overseas readers. FREE DOCTORS for my American friends. The actual scope of the attack was far wider of course – lots and lots of people got hit by it.

I’m not going to delve into that attack too much – like I say, you’re probably sick of hearing about it – but I did have an interesting conversation about how to protect your stuff against such things. It set me thinking about how I protect my data. 

I’ll be honest and say I’m quite paranoid about my data. Why? Well, I’ve experienced losing some important things – think photos and some videos. Stuff you cannot reproduce. It’s utterly gutting. Some stuff would just be a pain in the backside to lose – but you can reproduce it. Documents and the like. Others – irreplaceable. 

This paranoia has led me to have a really robust backup system – I think. So I thought I’d share my thoughts on how you make your stuff resilient to such attacks.

There’s more to just protecting your data by having a copy of it – you need to protect against corruption too, regardless of whether that corruption is accidental or malicious. The malicious bit may take some explaining – let’s say for example you have a weeks worth of backups of your stuff. Now, you get infected by some pesky ransomware that slowly sits in the background encrypting your data….and in week three pops up the dreaded ‘Give us ONE MEEEELION DOLLAARS’ for your data. You’re utterly stuffed. It’s outside your backup window – all the stuff in your backups will already be infected with that crappy malware.

Now I’m not going to preach to you about how to protect your stuff, but I thought some of you may find it interesting to see how *I* protect my data.

For perspective, my typical active data is about 50Gb of work stuff, and about 200Gb of personal video/photos etc. I generate, on average, about 1Gb of work data a month (email and documents), and around 5Gb of personal stuff. I will point out that I archive and keep everything however, so your data production will likely be lower. Personally, storage is cheaper than my time to go through deleting emails I will never need. I just keep everything.

If you’re not very techy, or don’t have the inclination, I’ve ordered the below stuff in a list of importance and ease to do.

So, how do I do stuff? See below. Just to be clear – before I get a kicking in the comments – there are other things you need to do: Anti-Virus, keeping updates…updated etc. I’m specifically talking about how I handle backups.

Automate your backups

Firstly, and a really, really important point, is make your backups automatic. Why? Well, stuff that takes effort does not get done as often as it should. Also, it’s an effort. You have to do stuff. Both Windows and Mac OSX can fully automate backups for you:

Apple Mac OS TimeMachine

Windows 10 Backup

I will honestly say that Apple’s TimeMachine absolutely knocks the socks off Microsoft in this area. You setup TimeMachine, and it backs up every hour for you. That’s it. You never need to do anything else. Windows – sure, you can do it, but it seems a lot more involved.

Anyway, make the point of it automatic and you’ll *always* have backups of stuff. If I had one single recommendation, this would be it,

Backup Media

I have two backup media sets of 20Tb (Yer, I know – you probably won’t need anything like that) that I swap out once a month. What do I mean? Well, imagine in my setup that TimeMachine backs up my main machine every hour, on the hour, to that backup set. Let’s call it SetA. At the end of the month, I physically disconnect that backup set and stick it in a drawer – don’t panic…we’ll get to offsite in a minute – and then I connect another drive called ‘SetB’.

Why? Well, it does numerous things: It protects against a failure of my backup drive(s), lengthens my backup window, and also provides a longer backup set and will protect against such ransomware encryption attacks. Perhaps not totally – more on that in a second.

So how could you use this? Well, 2Tb drives are cheap. Let’s imagine you have a reasonable amount of data that a 2Tb drive could accommodate – buy two, and on the 1st of the month swap them over. Stick the other one in a drawer. If you want to be really fancy then stick it in a draw at your office.

Offsite Backups

Due to where I live, I’m blessed with a very good internet connection. I use this to backup up all of my stuff to an online service. Now, I use BackBlaze. It’s on my main machine, and it just sits there uploading my stuff to the BackBlaze service. OMG THEY’VE GOT ALL YOUR DATA! Calm your boots. I encrypt everything. Not the subject of this blog but if anyone’s interested happy to write about how I protect my own data when it hits the cloud? Let me know in the comments and I’ll sort something.

I’ve the best part of a couple of Tb up in BackBlaze now and it works really well. It also keeps an archive of up to 30 days for each file so you have an archival history of each file backed up too. It’s a good service. NOTE: With any backup service, make sure you test restoring!

Point-In-Time-Backups

The other thing I do is take snapshot or point in time backups. What do I mean by this? Well, in addition to the automated stuff above – the regular TimeMachine backups, and the backup to BackBlaze – I also take ZIP (Well, RAR, but people know what ZIP is) backups of my changed data, usually weekly. I put these into a folder that:

• Gets backed up to BackBlaze
• Gets backed up to my normal hard disk regular backups

Why do I do this? Well, simply to give me a point of time roll-back. I.e. I can go back and find all of my photos/documents etc. at a particular date. WAIT. Isn’t this covered above in the Offsite/Auto-stuff?? Well, yes, it is, but it enables one more thing……

Non-Syncronised Offsite Backups

This bit is key to protecting against ransomware. What I do is I take those point in time backups above, and I put them somewhere that isn’t synchronised anywhere on any of my machines. Think about this. I have a backup archive dated say 1st May 2017. I put it in a folder in DropBox that is *only* in DropBox. It’s not synchronised to any of my machines. How could any ransomware possible encrypt that and block me access? It can’t is the answer.

It’s an incredibly simple thing to do. On DropBox for example you can do selective synchronisation. I create a folder on DropBox, and ensure it isn’t synchronised to any of my kit – all using that selective synchronisation. If you’ve already uploaded the stuff you can use the DropBox web site to copy the stuff to the folder too – you don’t need to upload it twice. This is important as if you’ve got a ton of data up there you don’t want to be uploading it again.

So what does this give me? Well, it gives me a copy of all my stuff that my end-points (I.e. PCs, Macs etc.) can’t access to encrypt. It’s a simple solution to a complex issue.

Summary

Protecting your stuff shouldn’t be that hard, and it shouldn’t take very much technical know-how really. It would utterly break my heart to lose some of the photos, videos, content that I have – stuff that isn’t reproducible. So with some effort, I do my best to avoid that happening. As a side-result of that I protect other reproducible stuff in the same way……I don’t like having to re-do stuff.

Anyways, it’s an interesting subject. As data-sets get bigger this is going to become more challenging, not less. I’m sure technology will keep up however.