Gil Tene's "usual suspects" to reduce system-level hiccups/latency jitters in a Linux system
Based on empirical evidence (across many tens of sites thus far) and note-comparing with others, I use a list of "usual suspects" that I blame whenever they are not set to my liking and system-level hiccups are detected. Getting these settings right from the start often saves a bunch of playing around (and no, there is no "priority" to this - you should set them all right before looking for more advice...).
(tags: performance latency hiccups gil-tene tuning mechanical-sympathy hyperthreading linux ops)
-
I think that materiality means what it says, and if people or algorithms do dumb things with trivial information that's their problem. But markets are a lot faster and more literal than they were when the materiality standard was created, and I wonder whether regulators or courts will one day decide that materiality is too reasonable a standard for modern markets. The materiality standard depends on the reasonable investor, and in many important contexts the reasonable investor has been replaced by a computer.
(tags: algorithms trading stock stock-market sec materiality april-fools-day tesla investing jokes)
Time Series Metrics with Cassandra
slides from Chris Maxwell of Ubiquiti Networks describing what he had to do to get cyanite on Cassandra handling 30k metrics per second; an experimental "Date-tiered compaction" mode from Spotify was essential from the sounds of it. Very complex :(
(tags: cassandra spotify date-tiered-compaction metrics graphite cyanite chris-maxwell time-series-data)
-
you can use 2-liter carbonated drink bottles to build an inexpensive, reusable water rocket. The thrill factor is surprisingly high, and you can fly them all day long for the cost of a little air and water. It’s the perfect thing for those times when you just want to head down to the local soccer field and shoot off some rockets!
Category: Uncategorized
Outages, PostMortems, and Human Error 101
Good basic pres from John Allspaw, covering the basics of tier-one tech incident response -- defining the 5 severity levels; root cause analysis techniques (to Five-Whys or not); and the importance of service metrics
(tags: devops monitoring ops five-whys allspaw slides etsy codeascraft incident-response incidents severity root-cause postmortems outages reliability techops tier-one-support)
Twitter’s new anti-harassment filter
Twitter is calling it a “quality filter,” and it’s been rolling out to verified users running Twitter’s iOS app since last week. It appears to work much like a spam filter, except instead of hiding bots and copy-paste marketers, it screens “threats, offensive language, [and] duplicate content” out of your notifications feed.
via Nelson(tags: via:nelson harassment spam twitter gamergame abuse ml)
5% of Google visitors have ad-injecting malware installed
Ad injectors were detected on all operating systems (Mac and Windows), and web browsers (Chrome, Firefox, IE) that were included in our test. More than 5% of people visiting Google sites have at least one ad injector installed. Within that group, half have at least two injectors installed and nearly one-third have at least four installed.
via Nelson.(tags: via:nelson ads google chrome ad-injectors malware scummy)
-
The horrors of monkey-patching:
I call out the Honeybadger gem specifically because was the most recent time I'd been bit by a seemingly good thing promoted in the community: monkey patching third party code. Now I don't fault Honeybadger for making their product this way. It provides their customers with direct business value: "just require 'honeybadger' and you're done!" I don't agree with this sort of practice. [....] I distrust everything [in Ruby] but a small set of libraries I've personally vetted or are authored by people I respect. Why is this important? Without a certain level of scrutiny you will introduce odd and hard to reproduce bugs. This is especially important because Ruby offers you absolutely zero guarantee whatever the state your program is when a given method is dispatched. Constants are not constants. Methods can be redefined at run time. Someone could have written a time sensitive monkey patch to randomly undefined methods from anything in ObjectSpace because they can. This example is so horribly bad that no one should every do, but the programming language allows this. Much worse, this code be arbitrarily inject by some transitive dependency (do you even know what yours are?).
(tags: ruby monkey-patching coding reliability bugs dependencies libraries honeybadger sinatra)
Science is in crisis and scientists have lost confidence in Government policy
Excellent op-ed from Dr David McConnell, fellow emeritus of TCD's Smurfit Institute of Genetics: 'Ireland should once again foster, by competition, a good number of experienced, reputable people, of all ages, who have ideas about solving major scientific questions. These people are an essential part of the foundation of our science-based economy and society. Too many of them are no longer eligible for funding by SFI; too few are being appointed by the universities; and fewer PhDs are being awarded. The writing is on the wall.'
Salutin' Putin: inside a Russian troll house | World news | The Guardian
file under grim meathook future
(tags: grim-meathook-future guardian russia trolls social-media media censorship livejournal ideology social-control)
-
As a result of a joint investigation of the events surrounding this incident by Google and CNNIC, we have decided that the CNNIC Root and EV CAs will no longer be recognized in Google products.
(tags: cnnic certs ssl tls security certificates pki chrome google)
Llamasoft 8-bit game images now available for download
legal! go Jeff Minter
(tags: jeff-minter llamasoft yaks games history c=64 commodore vic-20 emulation via:shane)
Cassandra remote code execution hole (CVE-2015-0225)
Ah now lads.
Under its default configuration, Cassandra binds an unauthenticated JMX/RMI interface to all network interfaces. As RMI is an API for the transport and remote execution of serialized Java, anyone with access to this interface can execute arbitrary code as the running user.
The Definitive Guide to the Music of The Big Lebowski | LA Weekly
definitive! (via Shero)
(tags: via:shero music the-big-lebowski la-weekly the-dude movies soundtracks)
Reactive Programming for a demanding world
"building event-driven and responsive applications with RxJava", slides by Mario Fusco. Good info on practical Rx usage in Java
(tags: rxjava rx reactive coding backpressure streams observables)
Chinese authorities compromise millions in cyberattacks
"[The] Great Firewall [of China] has switched from being a passive, inbound filter to being an active and aggressive outbound one."
(tags: china great-firewall censorship cyberwarfare github ddos baidu future)
Avro, mail # dev - bytes and fixed handling in Python implementation - 2014-09-04, 22:54
More Avro trouble with "bytes" fields! Avoid using "bytes" fields in Avro if you plan to interoperate with either of the Python implementations; they both fail to marshal them into JSON format correctly. This is the official "avro" library, which produces UTF-8 errors when a non-UTF-8 byte is encountered
tebeka / fastavro / issues / #11 - fastavro breaks dumping binary fixed [4] — Bitbucket
The Python "fastavro" library cannot correctly render "bytes" fields. This is a bug, and the maintainer is acting in a really crappy manner in this thread. Avoid this library
(tags: fastavro fail bugs utf-8 bytes encoding asshats open-source python)
A Team of Biohackers Has Figured Out How to Inject Your Eyeballs With Night Vision
Did it work? Yes. It started with shapes, hung about 10 meters away. "I'm talking like the size of my hand," Licina says. Before long, they were able to do longer distances, recognizing symbols and identifying moving subjects against different backgrounds. "The other test, we had people go stand in the woods," he says. "At 50 meters, we could figure out where they were, even if they were standing up against a tree." Each time, Licina had a 100% success rate. The control group, without being dosed with Ce6, only got them right a third of the time.
Well, that's some risky biohacking. wow(tags: biohacking scary night-vision eyes chlorin-e6 infravision sfm)
Tim Bray on one year as an xoogler
Seems pretty insightful; particularly "I do think the Internet economy would be better and more humane if it didn’t have a single white-hot highly-overprivileged center. Also, sooner or later that’ll stop scaling. Can’t happen too soon."
(tags: google tim-bray via:nelson xoogler funding tech privacy ads internet)
How I doubled my Internet speed with OpenWRT
File under "silly network hacks":
Comcast has an initiative called Xfinity WiFi. When you rent a cable modem/router combo from Comcast (as one of my nearby neighbors apparently does), in addition to broadcasting your own WiFi network, it is kind enough to also broadcast “xfinitywifi,” a second “hotspot” network metered separately from your own.
By using his Buffalo WZR-HP-AG300H router's extra radio, he can load-balance across both his own paid-for connection, and the XFinity WiFi free one. ;)(tags: comcast diy networking openwrt routing home-network hacks xfinity-wifi buffalo)
Unlocking the Power of Stable Teams with Twitter’s SVP of Engineering - First Round Review
Huh. we do this in Swrve -- we call them "feature teams"
(tags: feature-team culture development teams coding twitter work teamwork)
How We Scale VividCortex's Backend Systems - High Scalability
Excellent post from Baron Schwartz about their large-scale, 1-second-granularity time series database storage system
(tags: time-series tsd storage mysql sql baron-schwartz ops performance scalability scaling go)
-
if (creation && object of art && algorithm && one's own algorithm) { include * an algorist * } elseif (!creation || !object of art || !algorithm || !one's own algorithm) { exclude * not an algorist * }(tags: algorism algorithm art algorists via:belongio)
Nelson's advice on basic stock option questions
Good advice, and short
(tags: stock share-options shares stock-options via:nelson employment jobs compensation)
-
Race conditions, and errors at startup, seem to be particularly problematic
(tags: race-conditions startup bugs failure fault-tolerance hbase redis reliability ops papers concurrency exception-handling cassandra hdfs mapreduce)
You Cannot Have Exactly-Once Delivery
Cut out and keep:
Within the context of a distributed system, you cannot have exactly-once message delivery. Web browser and server? Distributed. Server and database? Distributed. Server and message queue? Distributed. You cannot have exactly-once delivery semantics in any of these situations.
(tags: distributed distcomp exactly-once-delivery networking outages network-partitions byzantine-generals reference)
What's confusing about Kafka: a list
At a recent call, Neha said “The most confusing behavior we have is how producing to a topic can return errors for few seconds after the topic was already created”. As she said that, I remembered that indeed, this was once very confusing, but then I got used to it. Which got us thinking: What other things that Kafka does are very confusing to new users, but we got so used to them that we no longer even see the issue?
-
This is the second part of our guide on streaming data and Apache Kafka. In part one I talked about the uses for real-time data streams and explained our idea of a stream data platform. The remainder of this guide will contain specific advice on how to go about building a stream data platform in your organization.
tl;dr: limit the number of Kafka clusters; use Avro.(tags: architecture kafka storage streaming event-processing avro schema confluent best-practices tips)
The Four Month Bug: JVM statistics cause garbage collection pauses (evanjones.ca)
Ugh, tying GC safepoints to disk I/O? bad idea:
The JVM by default exports statistics by mmap-ing a file in /tmp (hsperfdata). On Linux, modifying a mmap-ed file can block until disk I/O completes, which can be hundreds of milliseconds. Since the JVM modifies these statistics during garbage collection and safepoints, this causes pauses that are hundreds of milliseconds long. To reduce worst-case pause latencies, add the -XX:+PerfDisableSharedMem JVM flag to disable this feature. This will break tools that read this file, like jstat.
Gradle Team Perspective on Bazel
interesting.
(tags: gradle bazel build dependencies compilation coding java)
(SDD401) Amazon Elastic MapReduce Deep Dive and Best Practices
good slides for EMR tuning from re:Invent 2014
-
LOL. grepping commit logs for /bug|fix/ does the job, apparently:
In the literature, Rahman et al. found that a very cheap algorithm actually performs almost as well as some very expensive bug-prediction algorithms. They found that simply ranking files by the number of times they've been changed with a bug-fixing commit (i.e. a commit which fixes a bug) will find the hot spots in a code base. Simple! This matches our intuition: if a file keeps requiring bug-fixes, it must be a hot spot because developers are clearly struggling with it.
(tags: bugs rahman-algorithm heuristics source-code-analysis coding algorithms google static-code-analysis version-control)
Build in the Cloud: Accessing Source Code
Google reinvented ClearCase
Cross-Region Replication for Amazon S3
Amazing it took so long
(tags: s3 replication cross-region inter-region aws storage)
ECJ case debates EU citizens' right to privacy
The US wields secretive and indiscriminate powers to collect data, he said, and had never offered Brussels any commitments to guarantee EU privacy standards for its citizens’ data. On the contrary, said [Max Schrems' counsel] Mr Hoffmann, “Safe Harbour” provisions could be overruled by US domestic law at any time. Thus he asked the court for a full judicial review of the “illegal” Safe Harbour principles which, he said, violated the essence of privacy and left EU citizens “effectively stripped of any protection”. [Irish] DPC counsel Paul Anthony McDermott SC suggested that Mr Schrems had not been harmed in any way by the status quo. “This is not surprising, given that the NSA isn’t currently interested in the essays of law students in Austria,” he said. Mr Travers for Mr Schrems disagreed, saying “the breach of the right to privacy is itself the harm”.
(tags: ireland dpc data-protection privacy eu ec ecj law rights safe-harbour)
EU-US data pact skewered in court hearing
A lawyer for the European Commission told an EU judge on Tuesday (24 March) he should close his Facebook page if he wants to stop the US snooping on him, in what amounts to an admission that Safe Harbour, an EU-US data protection pact, doesn’t work.
(tags: safe-harbour privacy data-protection ecj eu ec surveillance facebook nsa gchq)
devbook/README.md at master · barsoom/devbook
How to avoid the shitty behaviour of ActiveRecord wrt migration safety, particularly around removing/renaming columns. ugh, ActiveRecord
(tags: activerecord fail rails mysql sql migrations databases schemas releasing)
Papa’s Maze 2.0: a father’s beautifully intricate puzzle for his daughter
Working in a similar fashion – drawing small portions each day – it took Mr. Nomura about 2 months to complete his new maze. And in our humble opinion, we think it’s actually just as beautiful, if not more. It’s not quite as dense and the crisper lines make it easier to perceive the interesting patterns that the maze forms. It’s stunning in graphic quality but it’s also a functioning solvable maze, just like its predecessor. Say hello to Papa’s Maze 2.0. It’s available as a print for $30.
The official REST Proxy for Kafka
The REST Proxy is an open source HTTP-based proxy for your Kafka cluster. The API supports many interactions with your cluster, including producing and consuming messages and accessing cluster metadata such as the set of topics and mapping of partitions to brokers. Just as with Kafka, it can work with arbitrary binary data, but also includes first-class support for Avro and integrates well with Confluent’s Schema Registry. And it is scalable, designed to be deployed in clusters and work with a variety of load balancing solutions. We built the REST Proxy first and foremost to meet the growing demands of many organizations that want to use Kafka, but also want more freedom to select languages beyond those for which stable native clients exist today. However, it also includes functionality beyond traditional clients, making it useful for building tools for managing your Kafka cluster. See the documentation for a more detailed description of the included features.
(tags: kafka rest proxies http confluent queues messaging streams architecture)
-
'Caffeine is a Java 8 based concurrency library that provides specialized data structures, such as a high performance cache.'
(tags: cache java8 java guava caching concurrency data-structures coding)
Combining static model checking with dynamic enforcement using the Statecall Policy Language
This looks quite nice -- a model-checker "for regular programmers". Example model for ping(1):
01 automaton ping (int max_count, int count, bool can_timeout) { 02 Initialize; 03 during { 04 count = 0; 05 do { 06 Transmit_Ping; 07 either { 08 Receive_Ping; 09 } or (can_timeout) { 10 Timeout_Ping; 11 }; 12 count = count + 1; 13 } until (count >= max_count); 14 } handle { 15 SIGINFO; 16 Print_Summary; 17 };(tags: ping model-checking models formal-methods verification static dynamic coding debugging testing distcomp papers)
-
good review
(tags: cdt replication distcomp voldemort dynamo riak storage papers)
-
Google open sources a key part of their internal build system (internally called "Blaze" it seems for a while). Very nice indeed!
(tags: blaze bazel build-tools building open-source google coding packaging)
-
a Nix-based continuous build system, released under the terms of the GNU GPLv3 or (at your option) any later version. It continuously checks out sources of software projects from version management systems to build, test and release them. The build tasks are described using Nix expressions. This allows a Hydra build task to specify all the dependencies needed to build or test a project. It supports a number of operating systems, such as various GNU/Linux flavours, Mac OS X, and Windows.
-
"tees" all TCP traffic from one server to another. "widely used by companies in China"!
(tags: testing benchmarking performance tcp ip tcpcopy tee china regression-testing stress-testing ops)
Managing private Nix packages outside the Nixpkgs tree
Useful for private-repo Nix usage
Top 10 AWS Security Best Practices: #6 - Rotate all the Keys Regularly
Good doc on how to perform key rotation in AWS
[Nix-dev] Pulling a programs source code from a git repo
Nix supports building from git sha. excellent
Transparent huge pages implicated in Redis OOM
A nasty real-world prod error scenario worsened by THPs:
jemalloc(3) extensively uses madvise(2) to notify the operating system that it's done with a range of memory which it had previously malloc'ed. The page size on this machine is 2MB because transparent huge pages are in use. As such, a lot of the memory which is being marked with madvise(..., MADV_DONTNEED) is within substantially smaller ranges than 2MB. This means that the operating system never was able to evict pages which had ranges marked as MADV_DONTNEED because the entire page has to be unneeded to allow a page to be reused. Despite initially looking like a leak, the operating system itself was unable to free memory because of madvise(2) and transparent huge pages. This led to sustained memory pressure on the machine and redis-server eventually getting OOM killed.
(tags: oom-killer oom linux ops thp jemalloc huge-pages madvise redis memory)
AllCrypt hacked, via PHP, WordPress, and the marketing director's email
critical flaw: gaining access to the MySQL db let the attacker manipulate account balances. oh dear
-
'inspires kids to explore and learn about science, engineering, and technology—and have fun doing it. Every month, a new crate to help kids develop a tinkering mindset and creative problem solving skills.' aimed at ages 9-14+
(tags: kids gifts tinkering stem education fun engineering science toys)
-
Some nice performance tricks; I particularly like the use of sljit:
Ag uses Pthreads to take advantage of multiple CPU cores and search files in parallel. Files are mmap()ed instead of read into a buffer. Literal string searching uses Boyer-Moore strstr. Regex searching uses PCRE's JIT compiler (if Ag is built with PCRE >=8.21). Ag calls pcre_study() before executing the same regex on every file. Instead of calling fnmatch() on every pattern in your ignore files, non-regex patterns are loaded into arrays and binary searched.
(tags: jit cli grep search ack ag unix pcre sljit boyer-moore tools)
Richard Stallman’s GNU Manifesto Turns Thirty
nice New Yorker profile of rms
-
Thought-provoking article looking back to John Perry Barlow's "A Declaration of the Independence of Cyberspace", published in 1996:
Barlow once wrote that “trusting the government with your privacy is like having a Peeping Tom install your window blinds.” But the Barlovian focus on government overreach leaves its author and other libertarians blind to the same encroachments on our autonomy from the private sector. The bold and romantic techno-utopian ideals of “A Declaration” no longer need to be fought for, because they’re already gone.
(tags: john-perry-barlow 1990s history cyberspace internet surveillance privacy data-protection libertarianism utopian manifestos)
The Terrible Technical Interview
TechCrunch, very down on the traditional big-O-and-whiteboard tech interview. See also https://news.ycombinator.com/item?id=9243169 for some good comments at HN. To be honest I think a good comprehension of data structures and big-O is pretty vital though....
(tags: interviewing jobs management hr hiring techcrunch)
The myopia boom seems to be due to spending too much time indoors
via Tony Finch
(tags: eyes health neuroscience science vision nature myopia short-sightedness)
-
Some neat new features for Mark Fletcher's mailing-lists-as-a-service site: Markdown support, manageable archives (GREAT feature!), subgroups, calendars, files and wiki.
(tags: wiki email mailman mailing-lists mlm markdown mark-fletcher groups.io collaboration)
Stairs to nowhere, trap streets, and other Toronto oddities
'There’s a set of stairs on Greenwood Avenue that lead nowhere. At the top, a wooden fence at the end of someone’s back yard blocks any further movement, forcing the climber to turn around and descend back to the street. What’s remarkable about the pointless Greenwood stairs, which were built in 1959 as a shortcut to a now-demolished brickyard, is that someone still routinely maintains them: in winter, some kindly soul deposits a scattering of salt lest one of the stairs’ phantom users slip; in summer someone comes with a broom to sweep away leaves. These urban leftovers are lovingly called “Thomassons” after Gary Thomasson, a former slugger for the San Francisco Giants, Oakland As, Yankees, Dodgers, and, most fatefully, the Yomiuri Giants in Tokyo.'
(tags: trap-streets maps ip google via:bldgblog mapping copyright thomassons orphaned-roads)
President's message gets lost in (automated) translation
In a series of bizarre translations, YouTube’s automated translation service took artistic licence with the [President's] words of warmth. When the head of state sent St Patrick’s Day greetings to viewers, the video sharing site said US comedian Tina Fey was being “particular with me head”. As President Higgins spoke of his admiration for Irish emigrants starting new communities abroad, YouTube said the President referenced blackjack and how he “just couldn’t put the new iPhone” down. And, in perhaps the most unusual moment, as he talked of people whose hearts have sympathy, the President “explained” he was once on a show “that will bar a gift card”.
(via Daragh O'Brien)(tags: lol president ireland michael-d-higgins automation translation machine-learning via:daraghobrien funny blackjack iphone tina-fey st-patrick fail)
Irish government under fire for turning its back on basic research : Nature News & Comment
Pretty much ALL of Ireland's research scientists have put their names to an open letter to the Irish government, decrying the state of science funding, published this week in "Nature". 'Although total spending on research and development grew through the recession, helped by foreign investments, Ireland’s government has cut state spending on research (see ‘Celtic tiger tamed’). It also prioritized grants in 14 narrow areas — ones in which either large global markets exist, or in which Irish companies are competitive. These include marine renewable energy, smart grids, medical devices and computing. The effect has been to asphyxiate the many areas of fundamental science — including astrophysics, particle physics and areas of the life sciences — that have been deprived of funding, several researchers in Ireland told Nature. “The current policies are having a very significant detrimental effect on the health and viability of the Irish scientific ecosystem,” says Kevin Mitchell, a geneticist who studies the basis of neurological disorders at Trinity College Dublin. “Research that cannot be shoehorned into one of the 14 prioritized areas has been ineligible for most funding,” he says.' That's another fine mess Sean Sherlock has gotten us into :(
(tags: sean-sherlock fail ireland research government funding grants science tcd kevin-mitchell life-sciences nature)
Mars One finalist Dr. Joseph Roche rips into the project
So, here are the facts as we understand them: Mars One has almost no money. Mars One has no contracts with private aerospace suppliers who are building technology for future deep-space missions. Mars One has no TV production partner. Mars One has no publicly known investment partnerships with major brands. Mars One has no plans for a training facility where its candidates would prepare themselves. Mars One’s candidates have been vetted by a single person, in a 10-minute Skype interview. “My nightmare about it is that people continue to support it and give it money and attention, and it then gets to the point where it inevitably falls on its face,” said Roche. If, as a result, “people lose faith in NASA and possibly even in scientists, then that’s the polar opposite of what I’m about. If I was somehow linked to something that could do damage to the public perception of science, that is my nightmare scenario.”
(tags: science space mars-one tcd joseph-roche nasa mars exploration scams)
Stu Hood and Brian Degenhardt, Scala at Twitter, SF Scala @Twitter 20150217
'Stu Hood and Brian Degenhardt talk about the history of Scala at Twitter, from inception until today, covering 2.10 migration, the original Alex Payne’s presentation from way back, pants, and more. The first five years of Scala at Twitter and the years ahead!' Very positive indeed on the monorepo concept.
(tags: monorepo talks scala sfscala stu-hood twitter pants history repos build projects compilation gradle maven sbt)
demonstration of the importance of server-side request timeouts
from MongoDB, but similar issues often apply in many other TCP/HTTP-based systems
(tags: tcp http requests timeout mongodb reliability safety)
-
an open source stream processing software system developed by Mozilla. Heka is a “Swiss Army Knife” type tool for data processing, useful for a wide variety of different tasks, such as: Loading and parsing log files from a file system. Accepting statsd type metrics data for aggregation and forwarding to upstream time series data stores such as graphite or InfluxDB. Launching external processes to gather operational data from the local system. Performing real time analysis, graphing, and anomaly detection on any data flowing through the Heka pipeline. Shipping data from one location to another via the use of an external transport (such as AMQP) or directly (via TCP). Delivering processed data to one or more persistent data stores.
Via feylya on twitter. Looks potentially nifty(tags: heka mozilla monitoring metrics via:feylya ops statsd graphite stream-processing)
Real World Crypto 2015: Password Hashing according to Facebook
Very interesting walkthrough of how Facebook hash user passwords, including years of accreted practices
(tags: facebook passwords authentication legacy web security)
-
My account got hacked, running up over $600 in charges. Here's the conclusion after running through the Sony support gauntlet. They can only refund up to $150. I can dispute the charges with my bank, but that will result in my account being banned. I cannot unban my account, and will thus lose my purchases ("but you only have the Last of Us and some of our free games, so it's not a big deal") Whomever hacked my account deactivated my PS4, and activated their own. Customer support will only permit one activation every 6 months. I'm locked out of logging into my own account on my PS4 for six months.
(tags: games sony psn playstation fail ps4 hacking security customer-support horror-stories)
Goodbye MongoDB, Hello PostgreSQL
Another core problem we’ve faced is one of the fundamental features of MongoDB (or any other schemaless storage engine): the lack of a schema. The lack of a schema may sound interesting, and in some cases it can certainly have its benefits. However, for many the usage of a schemaless storage engine leads to the problem of implicit schemas. These schemas aren’t defined by your storage engine but instead are defined based on application behaviour and expectations.
Well, don't say we didn't warn you ;)(tags: mongodb mysql postgresql databases storage schemas war-stories)
Apple Appstore STATUS_CODE_ERROR causes worldwide service problems
Particularly notable for this horrific misfeature, noted by jgc:
I can't commit code at CloudFlare because we use two-factor auth for the VPN (and everything else) and non-Apple apps on my iPhone are asking for my iTunes password. Tried airplane mode and apps simply don't load at all!
That is a _disastrous_ policy choice by Apple. Does this mean Apple can shut down third-party app operation on iOS devices worldwide should they feel like it?(tags: 2fa authy apps ios apple ownership itunes outages appstore fail jgc)
Correcting YCSB's Coordinated Omission problem
excellent walkthrough of CO and how it affects Yahoo!'s Cloud Storage Benchmarking platform
(tags: coordinated-omission co yahoo ycsb benchmarks performance testing)
Backblaze Vaults: Zettabyte-Scale Cloud Storage Architecture
Backblaze deliver their take on nearline storage: 'Backblaze’s cloud storage Vaults deliver 99.99999% annual durability, horizontal scalability, and 20 Gbps of per-Vault performance, while being operationally efficient and extremely cost effective. Driven from the same mindset that we brought to the storage market with Backblaze Storage Pods, Backblaze Vaults continue our singular focus of building the most cost-efficient cloud storage around.'
(tags: architecture backup storage backblaze nearline offline reed-solomon error-correction)
Ireland accused of weakening data rules
Privacy campaign group Lobbyplag puts Ireland one of top three offenders in pushing for changes to EU privacy law
(tags: privacy data-protection lobbyplag ireland eu germany lobbying)
-
the stock-photo counterpart to "Women Eating Salad" has been found
Can Spark Streaming survive Chaos Monkey?
good empirical results on Spark's resilience to network/host outages in EC2
(tags: ec2 aws emr spark resilience ha fault-tolerance chaos-monkey netflix)
-
Concourse is a CI system composed of simple tools and ideas. It can express entire pipelines, integrating with arbitrary resources, or it can be used to execute one-off builds, either locally or in another CI system.
(tags: ci concourse-ci build deployment continuous-integration continuous-deployment devops)
Epsilon Interactive breach the Fukushima of the Email Industry (CAUCE)
Upon gaining access to an ESP, the criminals then steal subscriber data (PII such as names, addresses, telephone numbers and email addresses, and in one case, Vehicle Identification Numbers). They then use ESPs’ mailing facility to send spam; to monetize their illicit acquisition, the criminals have spammed ads for fake Adobe Acrobat and Skype software. On March 30, the Epsilon Interactive division of Alliance Data Marketing (ADS on NASDAQ) suffered a massive breach that upped the ante, substantially. Email lists of at least eight financial institutions were stolen. Thus far, puzzlingly, Epsilon has refused to release the names of compromised clients. [...] The obvious issue at hand is the ability of the thieves to now undertake targeted spear-phishing problem as critically serious as it could possibly be.
(tags: cauce epsilon-interactive esp email pii data-protection spear-phishing phishing identity-theft security ads)
In Ukraine, Tomorrow’s Drone War Is Alive Today
Drones, hackerspaces and crowdfunding:
The most sophisticated UAV that has come out of the Ukrainian side since the start of the conflict is called the PD-1 from developer Igor Korolenko. It has a wingspan of nearly 10 feet, a five-hour flight time, carries electro-optical and infrared sensors as well as a video camera that broadcasts on a 128 bit encrypted channel. Its most important feature is the autopilot software that allows the drone to return home in the event that the global positioning system link is jammed or lost. Drone-based intelligence gathering is often depicted as risk-free compared to manned aircraft or human intelligence gathering, but, says Korolenko, if the drone isn’t secure or the signature is too obvious, the human coasts can be very, very high. “Russian military sometimes track locations of ground control stations,” he wrote Defense One in an email. “Therefore UAV squads have to follow certain security measures - to relocate frequently, to move out antennas and work from shelter, etc. As far as I know, two members of UAV squads were killed from mortar attacks after [their] positions were tracked by Russian electronic warfare equipment.”
(via bldgblog)(tags: via:bldgblog war drones uav future ukraine russia tech aircraft pd-1 crowdfunding)
-
a 303 and an 808 in your browser. this is deadly
Ubuntu To Officially Switch To systemd Next Monday - Slashdot
Jesus. This is going to be the biggest shitfest in the history of Linux...
-
A project to reduce systemd to a base initd, process supervisor and transactional dependency system, while minimizing intrusiveness and isolationism. Basically, it’s systemd with the superfluous stuff cut out, a (relatively) coherent idea of what it wants to be, support for non-glibc platforms and an approach that aims to minimize complicated design. uselessd is still in its early stages and it is not recommended for regular use or system integration.
This may be the best option to evade the horrors of systemd. Japan's Robot Dogs Get Funerals as Sony Looks Away
in July 2014, [Sony's] repairs [of Aibo robot dogs] stopped and owners were left to look elsewhere for help. The Sony stiff has led not only to the formation of support groups--where Aibo enthusiasts can share tips and help each other with repairs--but has fed the bionic pet vet industry. “The people who have them feel their presence and personality,” Nobuyuki Narimatsu, director of A-Fun, a repair company for robot dogs, told AFP. “So we think that somehow, they really have souls.” While concerted repair efforts have kept many an Aibo alive, a shortage of spare parts means that some of their lives have come to an end.
(tags: sony aibo robots japan dogs pets weird future badiotday iot gadgets)
"Cuckoo Filter: Practically Better Than Bloom"
'We propose a new data structure called the cuckoo filter that can replace Bloom filters for approximate set membership tests. Cuckoo filters support adding and removing items dynamically while achieving even higher performance than Bloom filters. For applications that store many items and target moderately low false positive rates, cuckoo filters have lower space overhead than space-optimized Bloom filters. Our experimental results also show that cuckoo filters outperform previous data structures that extend Bloom filters to support deletions substantially in both time and space.'
(tags: algorithms paper bloom-filters cuckoo-filters cuckoo-hashing data-structures false-positives big-data probabilistic hashing set-membership approximation)
Amazing cutting from Vanity Fair, 1896, for International Women's Day
"The sisters make a pretty picture on the platform ; but it is not women of their type who need to assert themselves over Man. However, it amuses them--and others ; and I doubt if the tyrant has much to fear from their little arrows." Constance Markievicz was one of those sisters, and the other was Eva Gore-Booth.
(tags: markievicz history ireland sligo vanity-fair 19th-century dismissal sexism iwd women)
-
Authy doesn't come off well here: 'Authy should have been harder to break. It's an app, like Authenticator, and it never left Davis' phone. But Eve simply reset the app on her phone using a mail.com address and a new confirmation code, again sent by a voice call. A few minutes after 3AM, the Authy account moved under Eve's control.'
(tags: authy security hacking mfa authentication google apps exploits)
Ask the Decoder: Did I sign up for a global sleep study?
How meaningful is this corporate data science, anyway? Given the tech-savvy people in the Bay Area, Jawbone likely had a very dense sample of Jawbone wearers to draw from for its Napa earthquake analysis. That allowed it to look at proximity to the epicenter of the earthquake from location information. Jawbone boasts its sample population of roughly “1 million Up wearers who track their sleep using Up by Jawbone.” But when looking into patterns county by county in the U.S., Jawbone states, it takes certain statistical liberties to show granularity while accounting for places where there may not be many Jawbone users. So while Jawbone data can show us interesting things about sleep patterns across a very large population, we have to remember how selective that population is. Jawbone wearers are people who can afford a $129 wearable fitness gadget and the smartphone or computer to interact with the output from the device. Jawbone is sharing what it learns with the public, but think of all the public health interests or other third parties that might be interested in other research questions from a large scale data set. Yet this data is not collected with scientific processes and controls and is not treated with the rigor and scrutiny that a scientific study requires. Jawbone and other fitness trackers don’t give us the option to use their devices while opting out of contributing to the anonymous data sets they publish. Maybe that ought to change.
(tags: jawbone privacy data-protection anonymization aggregation data medicine health earthquakes statistics iot wearables)
Pinterest's highly-available configuration service
Stored on S3, update notifications pushed to clients via Zookeeper
A Journey into Microservices | Hailo Tech Blog
Excellent three-parter from Hailo, describing their RabbitMQ+Go-based microservices architecture. Very impressive!
(tags: hailo go microservices rabbitmq amqp architecture blogs)
-
The Large Hadron Migrator is a tool to perform live database migrations in a Rails app without locking.
The basic idea is to perform the migration online while the system is live, without locking the table. In contrast to OAK and the facebook tool, we only use a copy table and triggers. The Large Hadron is a test driven Ruby solution which can easily be dropped into an ActiveRecord or DataMapper migration. It presumes a single auto incremented numerical primary key called id as per the Rails convention. Unlike the twitter solution, it does not require the presence of an indexed updated_at column.
(tags: migrations database sql ops mysql rails ruby lhm soundcloud activerecord)
Biased Locking in HotSpot (David Dice's Weblog)
This is pretty nuts. If biased locking in the HotSpot JVM is causing performance issues, it can be turned off:
You can avoid biased locking on a per-object basis by calling System.identityHashCode(o). If the object is already biased, assigning an identity hashCode will result in revocation, otherwise, the assignment of a hashCode() will make the object ineligible for subsequent biased locking.
(tags: hashcode jvm java biased-locking locking mutex synchronization locks performance)
A Zero-Administration Amazon Redshift Database Loader - AWS Big Data Blog
nifty!
Archie Markup Language (ArchieML)
ArchieML (or "AML") was created at The New York Times to make it easier to write and edit structured text on deadline that could be rendered in web pages, or more specifically, rendered in interactive graphics. One of the main goals was to make it easy to tag text as data, without having type a lot of special characters. Another goal was to allow the document to contain lots of notes and draft text that would not be read into the data. And finally, because we make extensive use of Google Documents's concurrent-editing features — while working on a graphic, we can have several reporters, editors and developers all pouring information into a single document — we wanted to have a format that could survive being edited by users who may never have seen ArchieML or any other markup language at all before.
California Says Motorcycle Lane-Splitting Is Hella Safe
A recent yearlong study by the California Office of Traffic Safety has found motorcycle lane-splitting to be a safe practice on public roads. The study looked at collisions involving 7836 motorcyclists reported by 80 police departments between August 2012 and August 2013. “What we learned is, if you lane-split in a safe or prudent manner, it is no more dangerous than motorcycling in any other circumstance,” state spokesman Chris Cochran told the Sacramento Bee. “If you are speeding or have a wide speed differential (with other traffic), that is where the fatalities came about.”
(tags: lane-splitting cycling motorcycling bikes road-safety driving safety california)
-
Good terminology for this concept:
The try server runs a similar configuration to the continuous integration server, except that it is triggered not on commits but on "try job request", in order to test code pre-commit.
See also https://wiki.mozilla.org/ReleaseEngineering/TryServer for the Moz take on it.(tags: build ci integration try-server jenkins buildbot chromium development)
-
A Dropwizard Metrics extension to instrument JDBC resources and measure SQL execution times.
(tags: metrics sql jdbc instrumentation dropwizard)
HP is trying to patent Continuous Delivery
This is appalling bollocks from HP:
On 1st March 2015 I discovered that in 2012 HP had filed a patent (WO2014027990) with the USPO for ‘Performance tests in a continuous deployment pipeline‘ (the patent was granted in 2014). [....] HP has filed several patents covering standard Continuous Delivery (CD) practices. You can help to have these patents revoked by providing ‘prior art’ examples on Stack Exchange.
In fairness, though, this kind of shit happens in most big tech companies. This is what happens when you have a broken software patenting system, with big rewards for companies who obtain shitty troll patents like these, and in turn have companies who reward the engineers who sell themselves out to write up concepts which they know have prior art. Software patents are broken by design!(tags: cd devops hp continuous-deployment testing deployment performance patents swpats prior-art)
Exponential Backoff And Jitter
Great go-to explainer blog post for this key distributed-systems reliability concept, from the always-solid Marc Brooker
(tags: marc-brooker distsys networking backoff exponential jitter retrying retries reliability occ)
17 Things Everyone Must Eat In Dublin
actually a fairly sane list of lunchy options -- the SMS fish finger butty is a lunch staple for us Swrvers
VividCortex uses K-Means Clustering to discover related metrics
After selecting an interesting spike in a metric, the algorithm can automate picking out a selection of other metrics which spiked at the same time. I can see that being pretty damn useful
(tags: metrics k-means-clustering clustering algorithms discovery similarity vividcortex analysis data)
Alibaba's cloud service launches in US, wants to rain all over Amazon
server-hosting only for now. Interesting!
Alibaba’s cloud platform already competes with the likes of AWS in China. Aliyun’s Chinese data centers are in Beijing, Hangzhou, Qingdao, Hong Kong, and Shenzhen. “For the time being, we are just testing the water,” Yu said today. That means Aliyun will focus first on Chinese companies doing business in the US. “We know well what Chinese clients need, and now it’s time for us to learn what US clients need,” he added.
-
the following guidelines maximize bandwidth usage: Optimizing the sizes of the file parts, whether they are part of a large file or an entire small file; Optimizing the number of parts transferred concurrently. Tuning these two parameters achieves the best possible transfer speeds to [S3].
-
Excellent web-based ASCII-art editor (via Craig)
(tags: via:craig design ascii diagrams editor ascii-art art asciiflow drawing)
Services Engineering Reading List
good list of papers/articles for fans of scalability etc.
(tags: architecture papers reading reliability scalability articles to-read)
-
nice, free-during-beta Mac app to draw ASCII-art diagrams
-
"Open source APM for Java" -- profiling in production, with a demo benchmark showing about a 2% performance impact. Wonder about effects on memory/GC, though
(tags: apm java metrics measurement new-relic profiling glowroot)
"Everything you've ever said to Siri/Cortana has been recorded...and I get to listen to it"
This should be a reminder.
At first, I though these sound bites were completely random. Then I began to notice a pattern. Soon, I realized that I was hearing peoples commands given to their mobile devices. Guys, I'm telling you, if you've said it to your phone, it's been recorded...and there's a damn good chance a 3rd party is going to hear it.
(tags: privacy google siri cortana android voice-recognition outsourcing mobile)
-
Fantastic 1997-era book of interviews with the programmers behind some of the greatest games in retrogaming history:
Halcyon Days: Interviews with Classic Computer and Video Game Programmers was released as a commercial product in March 1997. At the time it was one of the first retrogaming projects to focus on lost history rather than game collecting, and certainly the first entirely devoted to the game authors themselves. Now a good number of the interviewees have their own web sites, but none of them did when I started contacting them in 1995. [...] If you have any of the giddy anticipation that I did whenever I picked up a magazine containing an interview with Mark Turmell or Dan [M.U.L.E.] Bunten, then you want to start reading.
(tags: book games history coding interviews via:walter)
Pub Table Quiz - In Aid of Digital Rights Ireland
Jason Roe is organising a Table Quiz in Dublin on March 26th to support fundraising efforts by Digital Rights Ireland. We will supply tables, questions and a ready supply of beer and maybe finger food.
Why are transhumanists such dicks?
Good discussion from a transhumanist forum (via Boing Boing):
"I’ve been around and interviewed quite a lot of self-identified transhumanists in the last couple of years, and I’ve noticed many of them express a fairly stark ideology that is at best libertarian, and at worst Randian. Very much “I want super bionic limbs and screw the rest of the world”. They tend to brush aside the ethical, environmental, social and political ramifications of human augmentation so long as they get to have their toys. There’s also a common expression that if sections of society are harmed by transhumanist progress, then it is unfortunate but necessary for the greater good (the greater good often being bestowed primarily upon those endorsing the transhumanism). That attitude isn’t prevalent on this forum at all – I think the site tends to attract more practical body-modders than theoretical transhumanists – but I wondered if anyone else here had experienced the same attitudes in their own circles? What do you make of it?"
(tags: transhumanism evolution body-modding surgery philosophy via:boingboing libertarianism society politics)
Release Protocol Buffers v3.0.0-alpha-2 · google/protobuf
New major-version track for protobuf, with some interesting new features: Removal of field presence logic for primitive value fields, removal of required fields, and removal of default values. This makes proto3 significantly easier to implement with open struct representations, as in languages like Android Java, Objective C, or Go. Removal of unknown fields. Removal of extensions, which are instead replaced by a new standard type called Any. Fix semantics for unknown enum values. Addition of maps. Addition of a small set of standard types for representation of time, dynamic data, etc. A well-defined encoding in JSON as an alternative to binary proto encoding.
(tags: protobuf binary marshalling serialization google grpc proto3 coding open-source)
RIPQ: Advanced photo caching on flash for Facebook
Interesting priority-queue algorithm optimised for caching data on SSD
(tags: priority-queue algorithms facebook ssd flash caching ripq papers)
-
Performance-diagnosis-as-a-service. Cool.
Users download and install an Illuminate Daemon using a simple installer which starts up a small stand alone Java process. The Daemon sits quietly unless it is asked to start gathering SLA data and/or to trigger a diagnosis. Users can set SLA’s via the dashboard and can opt to collect latency measurements of their transactions manually (using our library) or by asking Illuminate to automatically instrument their code (Servlet and JDBC based transactions are currently supported). SLA latency data for transactions is collected on a short cycle. When the moving average of latency measurements goes above the SLA value (e.g. 150ms), a diagnosis is triggered. The diagnosis is very quick, gathering key data from O/S, JVM(s), virtualisation and other areas of the system. The data is then run through the machine learned algorithm which will quickly narrow down the possible causes and gather a little extra data if needed. Once Illuminate has determined the root cause of the performance problem, the diagnosis report is sent back to the dashboard and an alert is sent to the user. That alert contains a link to the result of the diagnosis which the user can share with colleagues. Illuminate has all sorts of backoff strategies to ensure that users don’t get too many alerts of the same type in rapid succession!
(tags: illuminate jclarity java jvm scala latency gc tuning performance)
-
Binary message marshalling, client/server stubs generated by an IDL compiler, bidirectional binary protocol. CORBA is back from the dead! Intro blog post: http://googledevelopers.blogspot.ie/2015/02/introducing-grpc-new-open-source-http2.html Relevant: Steve Vinoski's commentary on protobuf-rpc back in 2008: http://steve.vinoski.net/blog/2008/07/13/protocol-buffers-leaky-rpc/
(tags: http rpc http2 netty grpc google corba idl messaging)
Bloom Cookies: web search personalization without user tracking
Interesting paper
(tags: bloom-cookies bloom-filters data-structures cookies privacy personalization user-tracking http)
Why we run an open source program - Walmart Labs
This is a great exposition of why it's in a company's interest to engage with open source. Not sure I agree with 'engineers are the artists of our generation' but the rest are spot on
(tags: development open-source walmart node coding via:hn hiring)
-
MQTT definitely has a smaller size on the wire. It’s also simpler to parse (let’s face it, Huffman isn’t that easy to implement) and provides guaranteed delivery to cater to shaky wireless networks. On the other hand, it’s also not terribly extensible. There aren’t a whole lot of headers and options available, and there’s no way to make custom ones without touching the payload of the message. It seems that HTTP/2 could definitely serve as a reasonable replacement for MQTT. It’s reasonably small, supports multiple paradigms (pub/sub & request/response) and is extensible. Its also supported by the IETF (whereas MQTT is hosted by OASIS). From conversations I’ve had with industry leaders in the embedded software and chip manufacturing, they only want to support standards from the IETF. Many of them are still planning to support MQTT, but they’re not happy about it. I think MQTT is better at many of the things it was designed for, but I’m interested to see over time if those advantages are enough to outweigh the benefits of HTTP. Regardless, MQTT has been gaining a lot of traction in the past year or two, so you may be forced into using it while HTTP/2 catches up.
(tags: http2 mqtt iot pub-sub protocols ietf embedded push http)
Automatically Deploy from GitHub Using AWS CodeDeploy - Application Management Blog
I like this
(tags: github aws ec2 codedeploy deployment ops)
Programmer IS A Career Path, Thank You
Well said -- Amazon had a good story around this btw
(tags: programming coding career work life)
how Curator fixed issues with the Hive ZooKeeper Lock Manager Implementation
Ugh, ZK is a bear to work with.
Apache Curator is open source software which is able to handle all of the above scenarios transparently. Curator is a Netflix ZooKeeper Library and it provides a high-level API, CuratorFramework, that simplifies using ZooKeeper. By using a singleton CuratorFramework instance in the new ZooKeeperHiveLockManager implementation, we not only fixed the ZooKeeper connection issues, but also made the code easy to understand and maintain.
(tags: zookeeper apis curator netflix distributed-locks coding hive)
Advanced cryptographic ratcheting
Forward secrecy and in-session key "ratcheting"
(tags: crypto privacy key-management forward-secrecy pfs key-ratcheting key-rotation)
-
What a mess.
What's faster: PV, HVM, HVM with PV drivers, PVHVM, or PVH? Cloud computing providers using Xen can offer different virtualization "modes", based on paravirtualization (PV), hardware virtual machine (HVM), or a hybrid of them. As a customer, you may be required to choose one of these. So, which one?
(tags: ec2 linux performance aws ops pv hvm xen virtualization)
Proving that Android’s, Java’s and Python’s sorting algorithm is broken (and showing how to fix it)
Wow, this is excellent work. A formal verification of Tim Peters' TimSort failed, resulting in a bugfix:
While attempting to verify TimSort, we failed to establish its instance invariant. Analysing the reason, we discovered a bug in TimSort’s implementation leading to an ArrayOutOfBoundsException for certain inputs. We suggested a proper fix for the culprit method (without losing measurable performance) and we have formally proven that the fix actually is correct and that this bug no longer persists.
(tags: timsort algorithms android java python sorting formal-methods proofs openjdk)
-
"Cheap SSL certs from $4.99/yr" -- apparently recommended for cheap, low-end SSL certs
-
Erasure codes, such as Reed-Solomon (RS) codes, are increasingly being deployed as an alternative to data-replication for fault tolerance in distributed storage systems. While RS codes provide significant savings in storage space, they can impose a huge burden on the I/O and network resources when reconstructing failed or otherwise unavailable data. A recent class of erasure codes, called minimum-storage-regeneration (MSR) codes, has emerged as a superior alternative to the popular RS codes, in that it minimizes network transfers during reconstruction while also being optimal with respect to storage and reliability. However, existing practical MSR codes do not address the increasingly important problem of I/O overhead incurred during reconstructions, and are, in general, inferior to RS codes in this regard. In this paper, we design erasure codes that are simultaneously optimal in terms of I/O, storage, and network bandwidth. Our design builds on top of a class of powerful practical codes, called the product-matrix-MSR codes. Evaluations show that our proposed design results in a significant reduction the number of I/Os consumed during reconstructions (a 5 reduction for typical parameters), while retaining optimality with respect to storage, reliability, and network bandwidth.
(tags: erasure-coding reed-solomon compression reliability reconstruction replication fault-tolerance storage bandwidth usenix papers)
Everyday I'm Shuffling - Tips for Writing Better Spark Programs [slides]
Two Spark experts from Databricks provide some good tips
Cowen went golfing and officials dithered as country burned in 2008 - Independent.ie
Lest we forget, the sheer bullshitting ineptitude of Fianna Fail as they managed to shamble into destroying Ireland's economy in 2008:
Once that nasty bit of business was done, the Cabinet departed en masse for six weeks on their summer holidays, despite the emerging economic and financial tsunami. Cowen and family famously took up residence in a caravan park in Connemara as opposed to his 'official' residence at the Mannin Bay Hotel nearby. When pressed by our reporter Niamh Horan as to why he was not at his station, he defensively replied: "I don't understand it. First the media have a go at me because I'm taking a holiday with my family and then they come down to see if I'm having a good time!" he exclaimed.
(tags: 2008 meltdown ireland brian-cowen connemara politics history fianna-fail)
How I Became A Minor Celebrity In China (After My Stolen Phone Ended Up There)
Phone is stolen, shipped to China, and winds up being bought by "Brother Orange" -- then the story becomes China's biggest viral hit
-
40 minutes of multi-zone network outage for majority of instances. 'The internal software system which programs GCE’s virtual network for VM egress traffic stopped issuing updated routing information. The cause of this interruption is still under active investigation. Cached route information provided a defense in depth against missing updates, but GCE VM egress traffic started to be dropped as the cached routes expired.' I wonder if Google Pimms fired the alarms for this ;)
(tags: google outages gce networking routing pimms multi-az cloud)
Listen to a song made from data lost during MP3 conversion
Ryan McGuire, a PhD student in Composition and Computer Technologies at the University of Virginia Center for Computer Music, has created the project The Ghost In The MP3 [....] For his first trick, McGuire took Suzanne Vega’s ‘Tom’s Diner’ and drained it into a vaporous piece titled ‘moDernisT.” McGuire chose the track he explains on his site because it was famously used as one of the main controls in the listening tests used to develop the MP3 algorithm.
(tags: mp3 music suzanne-vega compression)
-
A gateway script, now included in PCP
-
System performance metrics framework, plugged by Netflix, open-source for ages
(tags: open-source pcp performance system metrics ops red-hat netflix)
Superfish: A History Of Malware Complaints And International Surveillance - Forbes
Superfish, founded and led by former Intel employee and ex-surveillance boffin Adi Pinhas, has been criticised by users the world over since its inception in 2006.
(tags: superfish lenovo privacy surveillance ads java windows mac firefox pups ssl tls ad-injection komodia)
The Superfish certificate has been cracked, exposing Lenovo users to attack | The Verge
The cracked certificate exposes Lenovo users to man-in-the-middle attacks, similar to those opened up by Heartbleed. Armed with this password and the right software, a coffee shop owner could potentially spy on any Lenovo user on her network, collecting any passwords that were entered during the session. The evil barista could also insert malware into the data stream at will, disguised as a software update or a trusted site.
Amazingly stupid.Police have asked Dropcam for video from people's home cameras -- Fusion
“Like any responsible father, Hugh Morrison had installed cameras in every room in the flat,” is the opening line of Intrusion, a 2012 novel set in the near future. Originally installed so that Hugh and his wife can keep an eye on their kids, the Internet-connected cameras wind up being used later in the novel by police who tap into the feeds to monitor the couple chatting on their couch when they are suspected of anti-societal behavior. As with so many sci-fi scenarios, the novel’s vision was prophetic. People are increasingly putting small Internet-connected cameras into their homes. And law enforcement officials are using the cameras to collect evidence about them.
(tags: privacy dropcam cameras surveillance law-enforcement)
Extracting the SuperFish certificate
not exactly the most challenging reverse I've ever seen ;)
(tags: reverse-engineering security crypto hacking tls ssl superfish lenovo)
The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle
Holy shit. Gemalto totally rooted.
With [Gemalto's] stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt. [...] According to one secret GCHQ slide, the British intelligence agency penetrated Gemalto’s internal networks, planting malware on several computers, giving GCHQ secret access. We “believe we have their entire network,” the slide’s author boasted about the operation against Gemalto.
(tags: encryption security crypto nsa gchq gemalto smartcards sim-cards privacy surveillance spying)
One year of InfluxDB and the road to 1.0
half of the [Monitorama] attendees were employees and entrepreneurs at monitoring, metrics, DevOps, and server analytics companies. Most of them had a story about how their metrics API was their key intellectual property that took them years to develop. The other half of the attendees were developers at larger organizations that were rolling their own DevOps stack from a collection of open source tools. Almost all of them were creating a “time series database” with a bunch of web services code on top of some other database or just using Graphite. When everyone is repeating the same work, it’s not key intellectual property or a differentiator, it’s a barrier to entry. Not only that, it’s something that is hindering innovation in this space since everyone has to spend their first year or two getting to the point where they can start building something real. It’s like building a web company in 1998. You have to spend millions of dollars and a year building infrastructure, racking servers, and getting everything ready before you could run the application. Monitoring and analytics applications should not be like this.
(tags: graphite monitoring metrics tsd time-series analytics influxdb open-source)
-
Sysdig Cloud users have the ability to view and analyze Java Management Extensions (JMX) metrics out of the box with no additional configuration or setup required.
Will the madness never end? Komodia SSL certificates are EVERYWHERE
I think that at this point it is safe to assume that any SSL interception product sold by Komodia or based on the Komodia SDK is going to be using the same method. What does this mean? Well, this means that those dodgy certificates aren’t limited to Lenovo laptops sold over a specific date range. It means that anyone who has come into contact with a Komodia product, or who has had some sort of Parental Control software installed on their computer should probably check to see if they are affected.
(tags: komodia via:jgc ssl lenovo parental-control censorware mitm)
Twitter's Answers architecture
Twitter's mobile-device analytics service architecture, with Kafka and Storm in full Lambda-Architecture mode
(tags: twitter lambda-architecture storm kafka architecture)
-
The argument for the "monorepo" -- ie. lots of projects in a single Git repo. There's lots more discussion pro/con on twitter, e.g.: https://twitter.com/search?q=monorepo&src=typd , https://twitter.com/hivetheory/timelines/449385567982067713
(tags: monorepo git repository dependencies libraries coding)
-
Poor hardware imaging practices, basically:
It looks like all devices with the fingerprint are Dropbear SSH instances that have been deployed by Telefonica de Espana. It appears that some of their networking equipment comes setup with SSH by default, and the manufacturer decided to re-use the same operating system image across all devices.
FreeBSD breaks its kernel RNG for 4 months
If you are running a current kernel r273872 or later, please upgrade your kernel to r278907 or later immediately and regenerate keys. I discovered an issue where the new framework code was not calling randomdev_init_reader, which means that read_random(9) was not returning good random data. This means most/all keys generated may be predictable and must be regenerated.
What every programmer should know about solid-state drives
Lots of good advice here for dealing with SSDs
Azul Zing on Ubuntu on AWS Marketplace
hmmm, very interesting -- the super-low-latency Zing JVM is available as a commercial EC2 instance type, at costs less than the EC2 instance price
Crowdsourcing isn’t broken — Backchannel — Medium
'A great compendium by @harper of techniques for handling trolls and griefers in online communities', via kragen
(tags: via:kragen antispam filtering trolls community crowdsourcing threadless harper griefers abuse tips)
South Korea faces $1bn bill after hackers raid national ID database • The Register
Simon McGarr says: '80% of S.Korea's population have had their ID number stolen, crimewave ongoing. >> Turns out a pot of honey is sweet'
(tags: fail south-korea korea security id-cards ssn id-numbers privacy)
Sign up for Privacy International's anti-surveillance campaign
Have you ever made a phone call, sent an email, or, you know, used the internet? Of course you have! Chances are, at some point over the past decade, your communications were swept up by the U.S. National Security Agency. The NSA then shares information with the UK Government's intelligence agency GCHQ by default. A recent court ruling found that this sharing was unlawful. But no one could find out if their records were collected and then illegally shared between these two agencies… until now! Because of our recent victory against the UK intelligence agency in court, now anyone in the world — yes, ANYONE, including you — can find out if GCHQ illegally received information about you from the NSA. Join our campaign by entering your details below to find out if GCHQ illegally spied on you, and confirm via the email we send you. We'll then go to court demanding that they finally come clean on unlawful surveillance.
(tags: gchq nsa spying surveillance internet phone uk law campaign privacy-international)
How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last
'"Equation Group" ran the most advanced hacking operation ever uncovered.' Mad stuff. The security industry totally failed here
(tags: nsa privacy security surveillance hacking keyloggers malware)
-
decent set of intro slides
Apache Spark: A Delight for Developers | Cloudera Engineering Blog
Another Spark intro blog post
-
'JOL (Java Object Layout) is the tiny toolbox to analyze object layout schemes in JVMs. These tools are using Unsafe, JVMTI, and Serviceability Agent (SA) heavily to decoder the actual object layout, footprint, and references. This makes JOL much more accurate than other tools relying on heap dumps, specification assumptions, etc.' Recommended by Nitsan Wakart, looks pretty useful for JVM devs
(tags: java jvm tools scala memory estimation ram object-layout debugging via:nitsan)
HdrHistogram: A better latency capture method
An excellent intro to HdrHistogram usage
(tags: hdrhistogram hdr histograms statistics latency measurement metrics percentiles quantiles gil-tene nitsan-wakart)
-
Butterfield insists that Slack improves on the basic messaging functionality offered by its predecessors. The company plans to expand from 100 employees to 250 this year, open an office in Dublin, and launch a version that supports large companies with multiple teams.
-
A tool for managing Apache Kafka. It supports the following : Manage multiple clusters; Easy inspection of cluster state (topics, brokers, replica distribution, partition distribution); Run preferred replica election; Generate partition assignments (based on current state of cluster); Run reassignment of partition (based on generated assignments)
Vaurien, the Chaos TCP Proxy — Vaurien 1.8 documentation
Vaurien is basically a Chaos Monkey for your TCP connections. Vaurien acts as a proxy between your application and any backend. You can use it in your functional tests or even on a real deployment through the command-line. Vaurien is a TCP proxy that simply reads data sent to it and pass it to a backend, and vice-versa. It has built-in protocols: TCP, HTTP, Redis & Memcache. The TCP protocol is the default one and just sucks data on both sides and pass it along. Having higher-level protocols is mandatory in some cases, when Vaurien needs to read a specific amount of data in the sockets, or when you need to be aware of the kind of response you’re waiting for, and so on. Vaurien also has behaviors. A behavior is a class that’s going to be invoked everytime Vaurien proxies a request. That’s how you can impact the behavior of the proxy. For instance, adding a delay or degrading the response can be implemented in a behavior. Both protocols and behaviors are plugins, allowing you to extend Vaurien by adding new ones. Last (but not least), Vaurien provides a couple of APIs you can use to change the behavior of the proxy live. That’s handy when you are doing functional tests against your server: you can for instance start to add big delays and see how your web application reacts.
(tags: proxy tcp vaurien chaos-monkey testing functional-testing failures sockets redis memcache http)
Embed-able Computers are a Thing. — February 12, 2015
'If it works, a copy of Burgertime for DOS is now in your browser, clickable from my entry. If it doesn’t… well, no Burgertime for you. (Unless you visit the page.) There’s a “share this” link in the new archive.org interface for sharing these in-browser emulations in web pages, weblogs and who knows what else.'
(tags: sharing embeds html javascript emulation msdos burgertime games archive.org)
-
According to a report posted Thursday to the website of the state-run China Youth Daily, the Cyberspace Administration of China choral group this week unveiled a new song, “Cyberspace Spirit,” glorifying the cleanliness and clarity of China’s uniquely managed Internet. The song, an orchestral march built around a chorus that proclaims China’s ambition to become an “Internet power,” opens with lyrics describing celestial bodies keeping careful watch over the sky. From there, the lyrics conjure more vivid imagery, comparing the Internet to “a beam of incorruptible sunlight” that unites “the powers of life from all creation.”
(tags: china great-firewall censorship music songs cyberspace-spirit omgwtfbbq)
An Algorithm to Extract Looping GIFs From Videos
/r/loopinggifs, automated
(tags: gif python pymovie video algorithms looping animated-gifs)
Samsung's smart TVs are inserting unwanted ads into users' own movies
Amazingly shitty. Never buying a Samsung TV if this is what they think is acceptable
Massive thumbs-down Docker review
extensive.
The Pizza Party Where Everyone Got Fired
The testers at [MAJOR PUBLISHER] had just finished wrapping up testing on a project we'll call "Biolands." And to congratulate them, the man in charge arranged a huge bowling/pizza party for the end of the week. Of course everyone is hyped for the event. So the day finally arrives and all the testers show up. They all start bowling and eating pizza. After a few hours of everyone enjoying themselves, the VP asks for everyone's attention. When he does manage to get the team to listen, he begins to thank them for their hard work and has the leads hand them their termination papers.
And many other horror stories from the worst software industry of all -- games.(tags: games software jobs bowling pizza fired horror-stories hr employment)
Automating Tinder with Eigenfaces
While my friends were getting sucked into "swiping" all day on their phones with Tinder, I eventually got fed up and designed a piece of software that automates everything on Tinder.
This is awesome. (via waxy)(tags: via:waxy tinder eigenfaces machine-learning k-nearest-neighbour algorithms automation ai)
-
Our latest open source release from Swrve Labs: an Apache-licensed, SLF4J-compatible, simple, fluent API for rate-limited logging in Java: 'A RateLimitedLog object tracks the rate of log message emission, imposes an internal rate limit, and will efficiently suppress logging if this is exceeded. When a log is suppressed, at the end of the limit period, another log message is output indicating how many log lines were suppressed. This style of rate limiting is the same as the one used by UNIX syslog; this means it should be comprehensible, easy to predict, and familiar to many users, unlike more complex adaptive rate limits.' We've been using this in production for months -- it's pretty nifty ;) Never fear your logs again!
(tags: logs logging coding java open-source swrve slf4j rate-limiting libraries)
BENCHMARKING THE RASPBERRY PI 2
Retro console emulation! Mario Kart and Ocarina of Time and Conker’s Bad Fur Day! Nobody actually builds stuff with the Raspberry Pi, it’s just an odd form of nostalgic consumerism wrapped up in a faddish ‘making’ trend! The original Raspberry Pi saw a lot of emulator use, but it was limited: the Pi 1 could handle the NES, SNES, Genesis/Mega Drive, and other earlier consoles with ease. Emulator performance for N64 and original Playstation games was just barely unplayable. Now, the Raspi 2 can easily handle N64 and PSX games. [HoZyVN] tried out N64’s Mario Kart and PSX’s Spyro the Dragon. They’re playable, and an entire generation rushed out to Microcenter to relive their glory days of sitting with their faces embedded in a console television drinking Sunny D all day.
(tags: raspberry-pi emulation n64 playstation gaming hardware benchmarks)
"Man vs Machine: Practical Adversarial Detection of Malicious Crowdsourcing Workers" [paper]
"traditional ML techniques are accurate (95%–99%) in detection but can be highly vulnerable to adversarial attacks". ain't that the truth
(tags: security adversarial-attacks machine-learning paper crowdsourcing via:kragen)
-
Nice looking static code validation tool for Java, from Google. I recognise a few of these errors ;)
(tags: google static code-validation lint testing java coding)
Totally Mexico! How the Nathan Barley nightmare came true | Television & radio | The Guardian
Nathan Barley was scarcely less prophetic when it came to TV itself. In one episode Nathan’s friend Claire makes a comically po-faced, self-righteous but secretly rather narcissistic documentary about a choir made up of drug addicts. Nine years later, Channel 4 made Addicts’ Symphony for real.
(tags: nathan-barley well-weapon vice shoreditch drugs charlie-brooker chris-morris sitcoms channel-4)
Google Maps Tenth Anniversary | Re/code
the whole story of GMaps
(tags: google history maps technology mapping recode via:anildash)
0x74696d | Falling In And Out Of Love with DynamoDB, Part II
Good DynamoDB real-world experience post, via Mitch Garnaat. We should write up ours, although it's pretty scary-stuff-free by comparison
South Korean spymaster had a team posting political comments on Twitter and rigging polls
Mad stuff. The South Korean National Intelligence Service directly interfering in a democratic election by posting fake comments and rigging online polls
(tags: web polls twitter social-media psyops korea south-korea nis sock-puppets democracy)
Dept of Education and Primary Online Database
Simon McGarr has a theory -- the indefinite data retention of sensitive data on primary schoolchildren actually has a genesis in the Irish state wishing to protect itself against prosecution from future child abuse cases
(tags: ireland child-abuse schools simon-mcgarr pod)
UK-US surveillance regime was unlawful ‘for seven years’ | UK news | The Guardian
The regime that governs the sharing between Britain and the US of electronic communications intercepted in bulk was unlawful until last year, a secretive UK tribunal has ruled. The Investigatory Powers Tribunal (IPT) declared on Friday that regulations covering access by Britain’s GCHQ to emails and phone records intercepted by the US National Security Agency (NSA) breached human rights law.
Digital Rights Ireland announces its first conference!
Digital Rights Europe, Wednesday, April 15th in Dublin. deadly!
(tags: digital-rights ireland dri privacy data-protection europe eu)
Twitter CEO: 'We suck at dealing with abuse' | The Verge
'We suck at dealing with abuse and trolls on the platform and we've sucked at it for years. It's no secret and the rest of the world talks about it every day. We lose core user after core user by not addressing simple trolling issues that they face every day. I'm frankly ashamed of how poorly we've dealt with this issue during my tenure as CEO. It's absurd. There's no excuse for it. I take full responsibility for not being more aggressive on this front. It's nobody else's fault but mine, and it's embarrassing. We're going to start kicking these people off right and left and making sure that when they issue their ridiculous attacks, nobody hears them. Everybody on the leadership team knows this is vital.'
More like this!(tags: trolls twitter gamergate dickc abuse leaks social-media)
-
nice deep-dive from Adrian Colyer
The DOs and DON'Ts of Blue/Green Deployment - CloudNative
Excellent post -- Delta sounds like a very well-designed product
(tags: blue-green-deployments delta cloudnative ops deploy ec2 elb)
Can we have medical privacy, cloud computing and genomics all at the same time?
Today sees the publication of a report I [Ross Anderson] helped to write for the Nuffield Bioethics Council on what happens to medical ethics in a world of cloud-based medical records and pervasive genomics. As the information we gave to our doctors in private to help them treat us is now collected and treated as an industrial raw material, there has been scandal after scandal. From failures of anonymisation through unethical sales to the care.data catastrophe, things just seem to get worse. Where is it all going, and what must a medical data user do to behave ethically? We put forward four principles. First, respect persons; do not treat their confidential data like were coal or bauxite. Second, respect established human-rights and data-protection law, rather than trying to find ways round it. Third, consult people who’ll be affected or who have morally relevant interests. And fourth, tell them what you’ve done – including errors and security breaches.
(tags: ethics medicine health data care.data privacy healthcare ross-anderson genomics data-protection human-rights)
Comparing Message Queue Architectures on AWS
A good overview -- I like the summary table. tl;dr:
If you are light on DevOps and not latency sensitive use SQS for job management and Kinesis for event stream processing. If latency is an issue, use ELB or 2 RabbitMQs (or 2 beanstalkds) for job management and Redis for event stream processing.
(tags: amazon architecture aws messaging queueing elb rabbitmq beanstalk kinesis sqs redis kafka)
TL;DR: Cassandra Java Huge Pages
Al Tobey does some trial runs of -XX:+AlwaysPreTouch and -XX:+UseHugePages
(tags: jvm performance tuning huge-pages vm ops cassandra java)
Enjoy Bintray and use it as pain-free gateway to Maven Central
ahh, interesting! This looks much easier (via JBaruch)
-
Marc Brooker: 'When it comes to building working software in the long term, the emotional pursuit of craft is not as important as the human pursuit of teamwork, or the intellectual pursuit of correctness. Patterns is one of the most powerful ideas we have. The critics may be right that it devalues the craft, but we would all do well to remember that the craft of software is a means, not an end.'
(tags: marc-brooker design-patterns coding software teamwork)
-
Via Walter, the best description of the appeal of Minecraft I've read:
Minecraft is exceptionally good at intrinsic narrative. It recognises, preserves and rewards everything you do. It presses you to play frontiersman. A Minecraft world ends up dotted with torchlit paths, menhirs, landmarks, emergency caches. Here’s the hole where you dug stone for your first house. Here’s the causeway you built from your spawn point to a handy woodland. Here’s the crater in the landscape where the exploding monster took out you and your wheatfield at once. And, of course, here’s your enormous castle above a waterfall. There’s no utility in building anything bigger than a hut, but the temptations of architecture are irresistible. Minecraft isn’t so much a world generator as a screenshot-generator and a war-story generator. This is what will get the game the bulk of its critical attention, and deservedly so. That’s why I want to call attention to the extrinsic narrative. It’s minimal, implicit, accidental and very powerful. It’s this: you wake alone beside an endless sea in a pristine, infinite wilderness. The world is yours. You can literally sculpt mountains, with time and effort. You’ll die and be reborn on the beach where you woke first. You’ll walk across the world forever and never see another face. You can build a whole empire of roads and palaces and beacon towers, and the population of that empire will only ever be you. When you leave, your towers will stand empty forever. I haven’t seen that surfaced in a game before. It’s strong wine.
Backstage Blog - Prometheus: Monitoring at SoundCloud - SoundCloud Developers
whoa, this is pretty excellent. The major improvement over a graphite-based system would be the multi-dimensional tagging of metrics, which we currently have to do by simply expanding the graphite metric's name to encompass all those dimensions and use searching at query time, inefficiently.
(tags: monitoring soundcloud prometheus metrics service-metrics graphite alerting)
'Prometheus instrumentation library for JVM applications'
Good example of a clean java OSS release, from Soundcloud. will be copying bits of this myself soon...
(tags: prometheus java libraries oss github sonatype maven releases)
-
A good set of basic, controversy-free guidelines for clean java code style
(tags: style java google coding guidelines formatting coding-standards)
A Brief History of NSA Backdoors
from 1946 to present
(tags: nsa security backdoors sigint actel dual_ec_drbg crypto-ag crypto)
Study: You Can't Change an Anti-Vaxxer's Mind
According to a major new study in the journal 'Pediatrics', trying to [persuade anti-vaxxers to vaccinate] may actually make the problem worse. The paper tested the effectiveness of four separate pro-vaccine messages, three of which were based very closely on how the Centers for Disease Control and Prevention (CDC) itself talks about vaccines. The results can only be called grim: Not a single one of the messages was successful when it came to increasing parents' professed intent to vaccinate their children. And in several cases the messages actually backfired, either increasing the ill-founded belief that vaccines cause autism or even, in one case, apparently reducing parents' intent to vaccinate.
(tags: vaccination health measles mmr autism facts via:mrneutron stupidity cdc papers vaccines)
-
“dysaguria” is the perfect noun, and “dysagurian” is the perfect adjective, to describe the eponymous company in Dave Eggers’ The Circle. It’s not in the same league as Orwell, or Huxley, or Bradbury, or Burgess. But it does raise very important questions about what could possibly go wrong if one company controlled all the world’s information. In the novel, the company operates according to the motto “all that happens must be known”; and one of its bosses, Eamon Bailey, encourages everywoman employee Mae Holland to live an always-on (clear, transparent) life according the maxims “secrets are lies”, “sharing is caring”, and “privacy is theft”. Eggers’s debts to dystopian fiction are apparent. But, whereas writers like Orwell, Huxley, Bradbury, and Burgess were concerned with totalitarian states, Eggers is concerned with a totalitarian company. However, the noun “dystopia” and the adjective “dystopian” – perfect though they are for the terror of military/security authoritarianism in 1984, or Brave new World, or Farenheit 451, or A Clockwork Orange – do not to my mind encapsulate the nightmare of industrial/corporate tyranny in The Circle. On the other hand, “dysaguria” as a noun and “dysagurian” as an adjective, in my view really do capture the essence of that “frightening company”.
(tags: dysaguria dystopia future sf authoritarianism surveillance the-circle google facebook)
-
Via negatendo: 'I would like to share my excitement about the fact that after almost a year of development, an instance of my NetHack bot has finally managed to ascend a game for the first time without human interventions, wizard mode cheats or bones stuffing, and did so at the public server at acehack.de.' The bot is written in Clojure. Apparently 'pudding farming' did the trick...
(tags: clojure via:negatendo pudding-farming games nethack bots)
-
lol.
(tags: funny data-science statistics machine-learning hadoop bayes memes image-macros)
NA Server Roadmap Update: PoPs, Peering, and the North Bridge
League of Legends has set up private network links to a variety of major US ISPs to avoid internet weather (via Nelson)
(tags: via:nelson peering games networks internet ops networking)
-
Because there exists no method known to man, more terribly suited to expose the cosmic meaningless of existence than pairing the words of H.P. Lovecraft with seemingly delightful and charming pictures of adorable kittens.
(tags: lovecraft cthulhu horror funny kittens cats images gif)
8 gdb tricks you should know (Ksplice Blog)
These are very good -- bookmarking for the next time I'm using gdb, probably about 3 years from now
EFF’s Game Plan for Ending Global Mass Surveillance
For years, we’ve been working on a strategy to end mass surveillance of digital communications of innocent people worldwide. Today we’re laying out the plan, so you can understand how all the pieces fit together—that is, how U.S. advocacy and policy efforts connect to the international fight and vice versa. Decide for yourself where you can get involved to make the biggest difference. This plan isn’t for the next two weeks or three months. It’s a multi-year battle that may need to be revised many times as we better understand the tools and authorities of entities engaged in mass surveillance and as more disclosures by whistleblowers help shine light on surveillance abuses.
(tags: eff privacy nsa surveillance gchq law policy us-politics)
-
This group aims to consolidate opposition, give clear information and support letter writing and information awareness against the Dept. of Education's Primary Online Database.
(tags: pod ireland privacy data-protection children kids schools)
Apple Pay suffering fraud problems
Fraud in Apple Pay will in time, come to be managed – but the fact that easily available PII can waylay best in class protection should give us all pause.
(tags: fraud apple apple-pay pii identity-theft)
Excellent example of failed "anonymisation" of a dataset
Fred Logue notes how this failed Mayo TD Michelle Mulherin:
From recent reports it mow appears that the Department of Education is discussing anonymisation of the Primary Online Database with the Data Protection Commissioner. Well someone should ask Mayo TD Michelle Mulherin how anonymisation is working for her. The Sunday Times reports that Ms Mulherin was the only TD in the Irish parliament on the dates when expensive phone calls were made to a mobile number in Kenya. The details of the calls were released under the Freedom of Information Act in an “anonymised” database. While it must be said the fact that Ms Mulherin was the only TD present on those occasions does not prove she made the calls – the reporting in the press is now raising the possibility that it was her. From a data protection point of view this is a perfect example of the difficulty with anonymisation. Data protection rules apply to personal data which is defined as data relating to a living individual who is or can be identified from the data or from the data in conjunction with other information. Anonymisation is often cited as a means for processing data outside the scope of data protection law but as Ms Mulherin has discovered individuals can be identified using supposedly anonymised data when analysed in conjunction with other data. In the case of the mysterious calls to Kenya even though the released information was “anonymised” to protect the privacy of public representatives, the phone log used in combination with the attendance record of public representatives and information on social media was sufficient to identify individuals and at least raise evidence of association between individuals and certain phone calls. While this may be well and good in terms of accounting for abuses of the phone service it also has worrying implications for the ability of public representatives to conduct their business in private. The bottom line is that anonymisation is very difficult if not impossible as Ms Mulherin has learned to her cost. It certainly is a lot more complex than simply removing names and other identifying features from a single dataset. The more data that there is and the more diverse the sources the greater the risk that individuals can be identified from supposedly anonymised datasets.
(tags: data anonymisation fred-logue ireland michelle-mulherin tds kenya data-protection privacy)
Publishing from GitHub to Maven Central
A good starting point. This looks bloody complex :(
(tags: maven sonatype gradle jar open-source github release gpg)
-
Nice wrapper for 'tc' and 'netem', for network latency/packet loss emulation
(tags: networking testing linux tc netem latency packet-loss iptables)
Visualizing AWS Storage with Real-Time Latency Spectrogram
ohhhh this is very nice indeed. Great viz!
(tags: dataviz latency io ops sysdig charts graphs commandline linux)
Stop Playing Monopoly With Your Kids (And Play These Games Instead) | FiveThirtyEight
538 apply their numbercrunching skills to the BoardGameGeek ratings index
(tags: boardgames games kids children 538 statistics ratings)
ODROID-C1 - Multicore credit card computer
Pretty amazing specs for a 33 quid SBC.
Amlogic ARM® Cortex®-A5(ARMv7) 1.5Ghz quad core CPUs * Mali™-450 MP2 GPU (OpenGL ES 2.0/1.1 enabled for Linux and Android) * 1Gbyte DDR3 SDRAM * Gigabit Ethernet * 40pin GPIOs * eMMC4.5 HS200 Flash Storage slot / UHS-1 SDR50 MicroSD Card slot * USB 2.0 Host x 4, USB OTG x 1, * Infrared(IR) Receiver * Uses Ubuntu 14.04 or Android KitKat operating systems
Includes HDMI out. (via Conor O'Neill)(tags: via:conoro uk sbc hacking linux hardware odroid gadgets)
How TCP backlog works in Linux
good description of the process
Swiss Authorities Arrest Bot for Buying Drugs and Fake Passport
A bot created by a group of artists spent the last few months selecting items at random from a Silk Road-style darknet marketplace, buying them with Bitcoin, and having them shipped to a gallery in Switzerland. After the it bought some ecstasy pills and a counterfeit passport, we asked: How will authorities deal with the complex legal and moral issue of a piece of artificial intelligence breaking the law? It turns out, the answer was simple: just arrest the computer.
(tags: drugs darknet bitcoin ecstasy art bots law-enforcement switzerland)
-
Java Concurrency Tools for the JVM. This project aims to offer some concurrent data structures currently missing from the JDK: Bounded lock free queues SPSC/MPSC/SPMC/MPMC variations for concurrent queues Alternative interfaces for queues (experimental) Offheap concurrent ring buffer for ITC/IPC purposes (experimental) Executor (planned)
(tags: concurrency lock-free data-structures queues jvm java)
Functional Programming Patterns (BuildStuff '14)
Good, and very accessible even for FP noobs like myself ;)
How to reduce the JVM thread stack size
"-Xss" switch
Maintaining performance in distributed systems [slides]
Great slide deck from Elasticsearch on JVM/dist-sys performance optimization
(tags: performance elasticsearch java jvm ops tuning)
-
Nice trick -- wrap servers with a libc wrapper to intercept bind(2) and accept(2) calls, so that transparent restarts becode possible
(tags: linux ops servers uptime restarting libc bind accept sockets)
How to Catch a Terrorist - The New Yorker
This is spot on --
By flooding the system with false positives, big-data approaches to counterterrorism might actually make it harder to identify real terrorists before they act. Two years before the Boston Marathon bombing, Tamerlan Tsarnaev, the older of the two brothers alleged to have committed the attack, was assessed by the city’s Joint Terrorism Task Force. They determined that he was not a threat. This was one of about a thousand assessments that the Boston J.T.T.F. conducted that year, a number that had nearly doubled in the previous two years, according to the Boston F.B.I. As of 2013, the Justice Department has trained nearly three hundred thousand law-enforcement officers in how to file “suspicious-activity reports.” In 2010, a central database held about three thousand of these reports; by 2012 it had grown to almost twenty-eight thousand. “The bigger haystack makes it harder to find the needle,” Sensenbrenner told me. Thomas Drake, a former N.S.A. executive and whistle-blower who has become one of the agency’s most vocal critics, told me, “If you target everything, there’s no target.”
(tags: terrorism false-positives filtering detection jttf nsa fbi surveillance gchq)
-
'All deleted tweets from politicians'. Great idea
(tags: delete twitter politics politicians ireland social-media news)
Zoë Keating on getting a shitty deal from Google's new Music Key licensing
The Youtube music service was introduced to me as a win win and they don’t understand why I don’t see it that way. “We are trying to create a new revenue stream on top of the platform that exists today.” A lot of people in the music industry talk about Google as evil. I don’t think they are evil. I think they, like other tech companies, are just idealistic in a way that works best for them. I think this because I used to be one of them. The people who work at Google, Facebook, etc can’t imagine how everything they make is not, like, totally awesome. If it’s not awesome for you it’s because you just don’t understand it yet and you’ll come around. They can’t imagine scenarios outside their reality and that is how they inadvertently unleash things like the algorithmic cruelty of Facebook’s yearly review (which showed me a picture I had posted after a doctor told me my husband had 6-8 weeks to live).
(tags: google business music youtube zoe-keating music-key licensing tech)
-
Jacobin Magazine on the revolutionary political allegory in "Snowpiercer": 'If Snowpiercer had merely told the tale of an oppressed working class rising up to seize power from an evil overlord, it would already have been an improvement over most of the political messages in mainstream cinema. There are all sorts of nice touches in its portrayal of a declining capitalism that can maintain its ideological legitimacy even when it literally has no more bullets in its guns. But the story Bong tells goes beyond that. It’s about the limitations of a revolution which merely takes over the existing social machinery rather than attempting to transcend it. '
(tags: dystopia revolution snowpiercer movies marxism sf politics)
Debunking The Dangerous “If You Have Nothing To Hide, You Have Nothing To Fear”
A great resource bookmark from Falkvinge.
There are at least four good reasons to reject this argument solidly and uncompromisingly: The rules may change, it’s not you who determine if you’re guilty, laws must be broken for society to progress, and privacy is a basic human need.
(tags: nsa politics privacy security surveillance gchq rick-falkvinge society)
“I have secrets”: Ross Ulbricht’s private journal shows Silk Road’s birth | Ars Technica
Ross Ulbricht is so screwed if this evidence stands up, and it sounds like it will
(tags: darknet silk-road ross-ulbricht dread-pirate-roberts fbi bitcoin)
Foreign Founders Should Look Beyond Silicon Valley | TechCrunch
'Reasons abound for international entrepreneurs and top technical talent to stay away from Silicon Valley and build their startup somewhere else.' Strongly agreed. This factoid is particularly nuts: 'As Balaji Srinivasan of a16z has observed, roughly 50%+ of the capital allocated for early stage tech investments is actually flowing into Bay Area real estate, directly through office rentals and indirectly via home rentals as a primary driver of skyrocketing salaries.'
(tags: salary bay-area silicon-valley usa tech jobs work real-estate rent startups techcrunch)
-
A much better carbon-relay, written in C rather than Python. Linking as we've been using it in production for quite a while with no problems.
The main reason to build a replacement is performance and configurability. Carbon is single threaded, and sending metrics to multiple consistent-hash clusters requires chaining of relays. This project provides a multithreaded relay which can address multiple targets and clusters for each and every metric based on pattern matches.
Surveillance of social media not way to fight terrorism – Minister
Blanket surveillance of social media is not the solution to combating terrorism and the rights of the individual to privacy must be protected, Data Protection Minister Dara Murphy said on Monday. [He] said Ireland and the European Union must protect the privacy rights of individuals on social media. “Freedom of expression, freedom of movement, and the protection of privacy are core tenets of the European Union, which must be upheld.”
(tags: dara-murphy data-protection privacy surveillance europe eu ireland social-media)
Amazing comment from a random sysadmin who's been targeted by the NSA
'Here's a story for you. I'm not a party to any of this. I've done nothing wrong, I've never been suspected of doing anything wrong, and I don't know anyone who has done anything wrong. I don't even mean that in the sense of "I pissed off the wrong people but technically haven't been charged." I mean that I am a vanilla, average, 9-5 working man of no interest to anybody. My geographical location is an accident of my birth. Even still, I wasn't accidentally born in a high-conflict area, and my government is not at war. I'm a sysadmin at a legitimate ISP and my job is to keep the internet up and running smoothly. This agency has stalked me in my personal life, undermined my ability to trust my friends attempting to connect with me on LinkedIn, and infected my family's computer. They did this because they wanted to bypass legal channels and spy on a customer who pays for services from my employer. Wait, no, they wanted the ability to potentially spy on future customers. Actually, that is still not accurate - they wanted to spy on everybody in case there was a potentially bad person interacting with a customer. After seeing their complete disregard for anybody else, their immense resources, and their extremely sophisticated exploits and backdoors - knowing they will stop at nothing, and knowing that I was personally targeted - I'll be damned if I can ever trust any electronic device I own ever again. You all rationalize this by telling me that it "isn't surprising", and that I don't live in the [USA,UK] and therefore I have no rights. I just have one question. Are you people even human?'
(tags: nsa via:ioerror privacy spying surveillance linkedin sysadmins gchq security)
DRI’s Unchanged Position on Eircode
'Broadly, they are satisfied with what we are doing' versus: 'We have deep concerns about the Eircode initiative… We want to state clearly that we are not at all ‘satisfied’ with the postcode that has been designed or the implementation proposals.'
(tags: dri ireland eircode postcodes privacy data-protection quotes misrepresentation)
-
The young women interns [in one story in this post] worked in a very different way. As I explored their notes, I noticed that ideas were expanded upon, not abandoned. Challenges were identified, but the male language so often heard in Silicon Valley conference rooms - “Well, let me tell you what the problem with that idea is….” - was not in the room. These young women, without men to define the “appropriate business behavior,” used different behaviors and came up with a startling and valuable solution. They showed many of the values that exist outside of dominance-based leadership: strategic thinking, intuition, nurturing and relationship building, values-based decision-making and acceptance of other’s input. Women need space to be themselves at work. Until people who have created their success by worshipping at the temple of male behavior, like Sheryl Sandberg, learn to value alternate behaviors, the working world will remain a foreign and hostile culture to women. And if we do not continuously work to build corporate cultures where there is room for other behaviors, women will be cast from or abandoned in a world not of our making, where we continuously “just do not fit in,” but where we still must go to earn our livings.
(tags: sexism misogyny silicon-valley tech work sheryl-sandberg business collaboration)
Are you better off running your big-data batch system off your laptop?
Heh, nice trolling.
Here are two helpful guidelines (for largely disjoint populations): If you are going to use a big data system for yourself, see if it is faster than your laptop. If you are going to build a big data system for others, see that it is faster than my laptop. [...] We think everyone should have to do this, because it leads to better systems and better research.
(tags: graph coding hadoop spark giraph graph-processing hardware scalability big-data batch algorithms pagerank)
BBC uses RIPA terrorism laws to catch TV licence fee dodgers in Northern Ireland
Give them the power, they'll use that power. 'A document obtained under Freedom of Information legislation confirms the BBC's use of RIPA in Northern Ireland. It states: "The BBC may, in certain circumstances, authorise under the Regulation of Investigatory Powers Act 2000 and Regulation of Investigatory Powers (British Broadcasting Corporation) Order 2001 the lawful use of detection equipment to detect unlicensed use of television receivers... the BBC has used detection authorised under this legislation in Northern Ireland."'
(tags: ripa privacy bbc tv license-fee uk northern-ireland law scope-creep)
Australia tries to ban crypto research – by ACCIDENT • The Register
Researchers are warned off [discussing] 512-bits-plus key lengths, systems “designed or modified to perform cryptanalytic functions, or “designed or modified to use 'quantum cryptography'”. [....] “an email to a fellow academic could land you a 10 year prison sentence”.
https://twitter.com/_miw/status/556023024009224192 notes 'the DSGL 5A002 defines it as >512bit RSA, >512bit DH, >112 bit ECC and >56 bit symmetric ciphers; weak as fuck i say.'
A Case Study of Toyota Unintended Acceleration and Software Safety
I drive a Toyota, and this is scary stuff. Critical software systems need to be coded with care, and this isn't it -- they don't even have a bug tracking system!
Investigations into potential causes of Unintended Acceleration (UA) for Toyota vehicles have made news several times in the past few years. Some blame has been placed on floor mats and sticky throttle pedals. But, a jury trial verdict was based on expert opinions that defects in Toyota's Electronic Throttle Control System (ETCS) software and safety architecture caused a fatal mishap. This talk will outline key events in the still-ongoing Toyota UA litigation process, and pull together the technical issues that were discovered by NASA and other experts. The results paint a picture that should inform future designers of safety critical software in automobiles and other systems.
(tags: toyota safety realtime coding etcs throttle-control nasa code-review embedded)
Group warns of postcode project dangers | Irish Examiner
“We have spoken to the National Consumer Agency, logistics companies and Digital Rights Ireland, with which we have had an indepth conversation to see if there is anything in the proposal that might be considered to have an impact on anyone’s privacy. Broadly, they are satisfied with what we are doing,” [Patricia Cronin, head of the Department of Communications’ postcodes division] told the committee. However in his letter, [DRI's] O’Lachtnain said the group “want to state clearly that we are not at all ‘satisfied’ with the postcode that has been designed or the implementation proposals”.
Some nerve!(tags: dri nca privacy patricia-cronin goverment postcodes eircode dpc ireland)
Of Course 23andMe's Plan Has Been to Sell Your Genetic Data All Along
Today, 23andMe announced what Forbes reports is only the first of ten deals with big biotech companies: Genentech will pay up to $60 million for access to 23andMe's data to study Parkinson's. You think 23andMe was about selling fun DNA spit tests for $99 a pop? Nope, it's been about selling your data all along.
(tags: testing ethics dna genentech 23andme parkinsons diseases health privacy)
-
Really nice time series dashboarding app. Might consider replacing graphitus with this...
(tags: time-series data visualisation graphs ops dashboards facette)
Getting good cancer care through 3D printing
This is pretty incredible.
Balzer downloaded a free software program called InVesalius, developed by a research center in Brazil to convert MRI and CT scan data to 3D images. He used it to create a 3D volume rendering from Scott’s DICOM images, which allowed him to look at the tumor from any angle. Then he uploaded the files to Sketchfab and shared them with neurosurgeons around the country in the hope of finding one who was willing to try a new type of procedure. Perhaps unsurprisingly, he found the doctor he was looking for at UPMC, where Scott had her thyroid removed. A neurosurgeon there agreed to consider a minimally invasive operation in which he would access the tumor through Scott’s left eyelid and remove it using a micro drill. Balzer had adapted the volume renderings for 3D printing and produced a few full-size models of the front section of Scott’s skull on his MakerBot. To help the surgeon vet his micro drilling idea and plan the procedure, Balzer packed up one of the models and shipped it off to Pittsburgh.
(tags: diy surgery health cancer tumours medicine 3d-printing 3d scanning mri dicom)
AWS Tips I Wish I'd Known Before I Started
Some good advice and guidelines (although some are just silly).
Ever liked a film on Facebook? You’ve given the security services a key to your soul
The researchers started with 86,000 subjects who had filled out the 100-question personality profile – and this, of course, was done as another app on Facebook – and whose personality scores had been matched by algorithms with their Facebook likes. They then found 17,000 who were willing to have a friend or family member take the personality test on their behalf, trying to predict the answers they would give. The results, from most humans, were stunningly inaccurate. Friends, family and co-workers were all less able to predict how someone would fill out a personality test than the algorithms that had been primed with the subject’s Facebook likes. With only 10 likes to work on, the computer was more accurate than a work colleague would be. With 150 likes, it described the subject’s personality better than a parent or sibling could. And with 300 likes to work on, it was more accurate than a spouse.
(tags: likes facebook privacy prism surveillance profiling personality)
David Cameron in 'cloud cuckoo land' over encrypted messaging apps ban | Technology | The Guardian
One insider at a major US technology firm told the Guardian that “politicians are fond of asking why it is that tech companies don’t base themselves in the UK” ... “I think if you’re saying that encryption is the problem, at a time when consumers and businesses see encryption as a very necessary part of trust online, that’s a very indicative point of view.”
(tags: business guardian david-cameron uk-politics crypto ripa messaging internet privacy)
Why DNS in OS X 10.10 is broken, and what you can do to fix it | Ars Technica
ffs Apple. (Via Tony Finch)
(tags: via:fanf dns osx mac mdnsresponder discoveryd bugs)
Schneier on Security: Why Data Mining Won't Stop Terror
A good reference URL to cut-and-paste when "scanning internet traffic for terrorist plots" rears its head:
This unrealistically accurate system will generate 1 billion false alarms for every real terrorist plot it uncovers. Every day of every year, the police will have to investigate 27 million potential plots in order to find the one real terrorist plot per month. Raise that false-positive accuracy to an absurd 99.9999 percent and you're still chasing 2,750 false alarms per day -- but that will inevitably raise your false negatives, and you're going to miss some of those 10 real plots.
Also, Ben Goldacre saying the same thing: http://www.badscience.net/2009/02/datamining-would-be-lovely-if-it-worked/(tags: internet scanning filtering specificity statistics data-mining terrorism law nsa gchq false-positives false-negatives)
-
The Prime Minister said today that he would stop the use of methods of communication that cannot be read by the security services even if they have a warrant. He said: “In our country, do we want to allow a means of communication between people which […] we cannot read?” He made the connection between encrypted communications tools and letters and phone conversations, both of which can be read by security services in extreme situations and with a warrant from the home secretary.
Is this key escrow for the UK? 30 Fantastic Irish Beers to try in 2015
this is a great shopping list ;)
Personalization at Spotify using Cassandra
Lots and lots of good detail into the Spotify C* setup (via Bill de hOra)
(tags: via:dehora spotify cassandra replication storage ops)
Global Chilling: The Impact of Mass Surveillance on International Writers | PEN American Center
The report’s revelations, based on a survey of nearly 800 writers worldwide, are alarming. Concern about surveillance is now nearly as high among writers living in democracies (75%) as among those living in non-democracies (80%). The levels of self-censorship reported by writers living in democratic countries are approaching the levels reported by writers living in authoritarian or semi-democratic countries.
(tags: surveillance chilling-effects pen censorship fear)
As Islamists Seek To Silence Cartoonists With Guns, Irish Government Also Says Ciúnas
the urgency of repealing the Irish blasphemy legislation cannot now be overstated. The same cartoons that saw their authors murdered for blasphemy recently, would see Irish authors hauled before our courts. The same nations that execute their citizens for blasphemy, wish to promote the wording of the Irish blasphemy legislation through the UN, in order to expand such provisions to more countries. Ireland is the only European country to recently introduce a new blasphemy law. Following the horrific recent events in Paris, let us be the next country to repeal our blasphemy laws.
(tags: blasphemy censorship free-speech charlie-hebdo law)
Registering children: Ireland’s Primary Online Database
If you haven’t heard about it, it is a compulsory database of the personal information of children, including PPS numbers, ethnicity, race and language skills, to be held for decades and shared across State agencies.
(tags: privacy ppsn databases pod ireland children kids primary-schools)
-
What if Silicon Valley had emerged from a racially integrated community? Would the technology industry be different? Would we? And what can the technology industry do now to avoid repeating the mistakes of the past?
Amazing article -- this is the best thing I've ever read on TechCrunch: the political history of race in Silicon Valley and East Palo Alto.(tags: racism politics history race silicon-valley palo-alto technology us-politics via:burritojustice)
Why we don't use a CDN: A story about SPDY and SSL
All of our assets loaded via the CDN [to our client in Australia] in just under 5 seconds. It only took ~2.7s to get those same assets to our friends down under with SPDY. The performance with no CDN blew the CDN performance out of the water. It is just no comparison. In our case, it really seems that the advantages of SPDY greatly outweigh that of a CDN when it comes to speed.
(tags: cdn spdy nginx performance web ssl tls optimization multiplexing tcp ops)
A World Transfixed by Screens - The Atlantic
Excellent "In Focus" this week -- 'The continued massive growth of connected mobile devices is shaping not only how we communicate with each other, but how we look, behave, and experience the world around us. Smartphones and other handheld devices have become indispensable tools, appendages held at arm's length to record a scene or to snap a selfie. Recent news photos show refugees fleeing war-torn regions holding up their phones as prized possessions to be saved, and relatives of victims lost to a disaster holding up their smartphones to show images of their loved ones to the press. Celebrity selfies, people alone in a crowd with their phones, events obscured by the very devices used to record that event, the brightly lit faces of those bent over their small screens, these are some of the scenes depicted below.'
(tags: mobile photography in-focus alan-taylor the-atlantic phones selfies pictures)
"Incremental Stream Processing using Computational Conflict-free Replicated Data Types" [paper]
'Unlike existing alternatives, such as stream processing, that favor the execution of arbitrary application code, we want to capture much of the processing logic as a set of known operations over specialized Computational CRDTs, with particular semantics and invariants, such as min/max/average/median registers, accumulators, top-N sets, sorted sets/maps, and so on. Keeping state also allows the system to decrease the amount of propagated information. Preliminary results obtained in a single example show that Titan has an higher throughput when compared with state of the art stream processing systems.'
(tags: crdt distributed stream-processing replication titan papers)
-
'Turn websites into structured APIs from your browser in seconds' -- next-generation web scraping, recommended by conoro
(tags: via:conoro scraping web http kimono rss json csv data)
Following Fire Phone Flop, Big Changes At Amazon’s Lab126 | Fast Company | Business + Innovation
as one insider told me, it feels like "Lab126 is in the doghouse" and that "Jeff is taking out his frustration with the failure of the Fire Phone" on upper management.
-
a conceptual model, with accompanying XML schema, that may be used to quantify and exchange complex uncertainties in data. The interoperable model can be used to describe uncertainty in a variety of ways including: Samples Statistics including mean, variance, standard deviation and quantile Probability distributions including marginal and joint distributions and mixture models
(tags: via:conor uncertainty statistics xml formats)
-
How to secure SSH, disabling insecure ciphers etc. (via Padraig)
(tags: via:pixelbeat crypto security ssh ops)
-
Make "Paste and Match Style" the default, as it should be
(tags: paste osx ui ux cut-and-paste)
Introducing practical and robust anomaly detection in a time series
Twitter open-sources an anomaly-spotting R package:
Early detection of anomalies plays a key role in ensuring high-fidelity data is available to our own product teams and those of our data partners. This package helps us monitor spikes in user engagement on the platform surrounding holidays, major sporting events or during breaking news. Beyond surges in social engagement, exogenic factors – such as bots or spammers – may cause an anomaly in number of favorites or followers. The package can be used to find such bots or spam, as well as detect anomalies in system metrics after a new software release. We’re open-sourcing AnomalyDetection because we’d like the public community to evolve the package and learn from it as we have.
(tags: statistics twitter r anomaly-detection outliers metrics time-series spikes holt-winters)
Mantis: Netflix's Event Stream Processing System
Rx/reactive in style, autoscaling, support for queue/broker-based strong consistency as well as TCP-based lossy delivery
(tags: netflix rx reactive autoscaling mantis stream-processing)
-
'I now a man with a wooden leg named sea what was the name of the other leg SAND'
-
Fergal Crehan's new gig -- good idea!
The Hit Team helps you fight back against leaked photos and videos, internet targeting and revenge porn.
(tags: revenge-porn revenge law privacy porn leaks photos videos images selfies)
F1: A Distributed SQL Database That Scales
Beyond the interesting-enough stuff about scalability in a distributed SQL store, there's this really nifty point about avoiding the horrors of the SQL/ORM impedance mismatch:
At Google, Protocol Buffers are ubiquitous for data storage and interchange between applications. When we still had a MySQL schema, users often had to write tedious and error-prone transformations between database rows and in-memory data structures. Putting protocol buffers in the schema removes this impedance mismatch and gives users a universal data structure they can use both in the database and in application code…. Protocol Buffer columns are more natural and reduce semantic complexity for users, who can now read and write their logical business objects as atomic units, without having to think about materializing them using joins across several tables.
This is something that pretty much any store can already adopt. Go protobufs. (or Avro, etc.) Also, I find this really neat, and I hope this idea is implemented elsewhere soon: asynchronous schema updates:Schema changes are applied asynchronously on multiple F1 servers. Anomalies are prevented by the use of a schema leasing mechanism with support for only current and next schema versions; and by subdividing schema changes into multiple phases where consecutive pairs of changes are mutually compatible and cannot cause anomalies.
Avleen Vig on distributed engineering teams
This is a really excellent post on the topic, rebutting Paul Graham's Bay-Area-centric thoughts on the topic very effectively. I've worked in both distributed and non-distributed, as well as effective and ineffective teams ;), and Avleen's thoughts are very much on target.
I've been involved in the New York start up scene since I joined Etsy in 2010. Since that time, I've seen more and more companies there embrace having distributed teams. Two companies I know which have risen to the top while doing this have been Etsy and DigitalOcean. Both have exceptional engineering teams working on high profile products used by many, many people around the world. There are certainly others outside New York, including Automattic, GitHub, Chef Inc, Puppet... the list goes on. So how did this happen? And why do people continue to insist that distributed teams lower performance, and are a bad idea? Partly because we've done a poor job of showing our industry how to be successful at it, and partly because it's hard. Having successful distributed teams requires special skills from management, which arent't easily learned until you have to manage a distributed team. Catch 22.
(tags: business culture management communication work distributed-teams avleen-vig engineering)
Hack workaround to get JVM thread priorities working on Linux
As used in Cassandra ( http://grokbase.com/t/hbase/dev/13bf9kezes/about-xx-threadprioritypolicy-42 )!
if you just set the "ThreadPriorityPolicy" to something else than the legal values 0 or 1, [...] a slight logic bug in Sun's JVM code kicks in, and thus sets the policy to be as if running with root - thus you get exactly what one desire. The operating system, Linux, won't allow priorities to be heightened above "Normal" (negative nice value), and thus just ignores those requests (setting it to normal instead, nice value 0) - but it lets through the requests to set it lower (setting the nice value to some positive value).
(tags: cassandra thread-priorities threads java jvm linux nice hacks)
Amiko Alien2 / Enigma Discussion Thread - boards.ie
Enigma is a Linux based alternative to the default Spark operating system on these boxes. Enigma is a more customisable OS and provides the ability to add plugins which can accomplish many tasks enabling users to have a box which might look and perform like a Sky box, giving a 7 day EPG and an alternative to series link.
Looks like a pretty solid hacker community...Hague reassures MPs on Office 365 data storage as Microsoft ordered to hand over email data
William Hague, the leader of the House of Commons, has responded to concerns raised by an MP about the security of parliamentary data stored on Microsoft’s Cloud-based servers in Europe. “The relevant servers are situated in the Republic of Ireland and the Netherlands, both being territories covered by the EC Data Protection Directive," William Hague wrote in a letter to John Hemming, MP for Birmingham Yardley. "Any access by US authorities to such data would have to be by way of mutual legal assistance arrangements with those countries.” [...] John Hemming MP told Computer Weekly Hague’s reassurances carried little weight in the face of aggressive legal action by the US government. “The Microsoft case makes it clear that, in the end, the fact that Microsoft is a US company legally trumps the European Data Protection Directive [...] and where [the letter says] the US authorities could not exercise a right of search and seizure on an extraterritorial basis, well, they are doing that, in America, today.”
Sounds like they didn't think that through...(tags: mail privacy parliament office-365 microsoft mlat surveillance)
Why Sweden Has the World's Safest Roads
Nearly half the EU-wide average.
Sweden has also created 12,600 safer pedestrian crossings with features such as bridges, flashing lights, and speed bumps. That’s estimated to have halved pedestrian deaths over the past five years. The country has lowered speed limits in urban, crowded areas and built barriers to protect bikers from incoming traffic. A crackdown on drunk driving has also helped.
(tags: sweden safety engineering road-safety pedestrian roads cycling)
Do not use 'YYYY' or '%G' in time format specifiers
Formats the year based on ISO week numbering, which often is not what you want. Both have been responsible for high-profile production bugs (in Apple and Android).
(tags: apple android bugs time date year iso week formatting strftime posix)
Indian Government blocks 32 Sites, including GitHub, Pastebin, Imgur and Vimeo
Spectacularly inept. Pretty much every UGC site there is
(tags: ugc india filtering blocking terrorism isis github vimeo pastebin censorship)
Why Sweden Has the World's Safest Roads
Nearly half the EU-wide average.
Sweden has also created 12,600 safer pedestrian crossings with features such as bridges, flashing lights, and speed bumps. That’s estimated to have halved pedestrian deaths over the past five years. The country has lowered speed limits in urban, crowded areas and built barriers to protect bikers from incoming traffic. A crackdown on drunk driving has also helped.
(tags: sweden safety engineering road-safety pedestrian roads cycling)
Do not use 'YYYY' or '%G' in time format specifiers
Formats the year based on ISO week numbering, which often is not what you want. Both have been responsible for high-profile production bugs (in Apple and Android).
(tags: apple android bugs time date year iso week formatting strftime posix)
Indian Government blocks 32 Sites, including GitHub, Pastebin, Imgur and Vimeo
Spectacularly inept. Pretty much every UGC site there is
(tags: ugc india filtering blocking terrorism isis github vimeo pastebin censorship)
The open-office trend is destroying the workplace
Wow, where has this person been for the past 20 years that they haven't had to encounter this? I can only imagine having a private office, tbh.
my personal performance at work has hit an all-time low. Each day, my associates and I are seated at a table staring at each other, having an ongoing 12-person conversation from 9 a.m. to 5 p.m. It’s like being in middle school with a bunch of adults. Those who have worked in private offices for decades have proven to be the most vociferous and rowdy. They haven’t had to consider how their loud habits affect others, so they shout ideas at each other across the table and rehash jokes of yore. As a result, I can only work effectively during times when no one else is around, or if I isolate myself in one of the small, constantly sought-after, glass-windowed meeting rooms around the perimeter.
The open-office trend is destroying the workplace
Wow, where has this person been for the past 20 years that they haven't had to encounter this? I can only imagine having a private office, tbh.
my personal performance at work has hit an all-time low. Each day, my associates and I are seated at a table staring at each other, having an ongoing 12-person conversation from 9 a.m. to 5 p.m. It’s like being in middle school with a bunch of adults. Those who have worked in private offices for decades have proven to be the most vociferous and rowdy. They haven’t had to consider how their loud habits affect others, so they shout ideas at each other across the table and rehash jokes of yore. As a result, I can only work effectively during times when no one else is around, or if I isolate myself in one of the small, constantly sought-after, glass-windowed meeting rooms around the perimeter.
'Uncertain
: A First-Order Type for Uncertain Data' [paper, PDF] 'Emerging applications increasingly use estimates such as sensor data (GPS), probabilistic models, machine learning, big data, and human data. Unfortunately, representing this uncertain data with discrete types (floats, integers, and booleans) encourages developers to pretend it is not probabilistic, which causes three types of uncertainty bugs. (1) Using estimates as facts ignores random error in estimates. (2) Computation compounds that error. (3) Boolean questions on probabilistic data induce false positives and negatives. This paper introduces Uncertain
, a new programming language abstraction for uncertain data. We implement a Bayesian network semantics for computation and conditionals that improves program correctness. The runtime uses sampling and hypothesis tests to evaluate computation and conditionals lazily and efficiently. We illustrate with sensor and machine learning applications that Uncertain improves expressiveness and accuracy.' (via Tony Finch) (tags: uncertainty estimation types strong-typing coding probability statistics machine-learning sampling via:fanf)
Why Airlines Want to Make You Suffer
'The fee [airline pricing] model comes with systematic costs that are not immediately obvious. Here’s the thing: in order for fees to work, there needs be something worth paying to avoid. That necessitates, at some level, a strategy that can be described as “calculated misery.” Basic service, without fees, must be sufficiently degraded in order to make people want to pay to escape it. And that’s where the suffering begins.'
(tags: travel airlines pricing fees economy consumer jetblue)
-
'Ádám was trying his hand at a problem in Excel, but the official rules prohibit the use of Excel macros. In a daze, he came up with one of the most clever uses of Excel: building an assembly interpreter with the most popular spreadsheet program. This is a virtual Harvard architecture machine without writable RAM; the stack is only lots and lots of IFs.'
(tags: vms excel hacks spreadsheets coding)
-
A causal profiler for C++.
Causal profiling is a novel technique to measure optimization potential. This measurement matches developers' assumptions about profilers: that optimizing highly-ranked code will have the greatest impact on performance. Causal profiling measures optimization potential for serial, parallel, and asynchronous programs without instrumentation of special handling for library calls and concurrency primitives. Instead, a causal profiler uses performance experiments to predict the effect of optimizations. This allows the profiler to establish causality: "optimizing function X will have effect Y," exactly the measurement developers had assumed they were getting all along.
I can see this being a good technique to stochastically discover race conditions and concurrency bugs, too.(tags: optimization c++ performance coding profiling speed causal-profilers)
-
This is the version with the superfast petabyte-sort record:
Spark 1.2 includes several cross-cutting optimizations focused on performance for large scale workloads. Two new features Databricks developed for our world record petabyte sort with Spark are turned on by default in Spark 1.2. The first is a re-architected network transfer subsystem that exploits Netty 4’s zero-copy IO and off heap buffer management. The second is Spark’s sort based shuffle implementation, which we’ve now made the default after significant testing in Spark 1.1. Together, we’ve seen these features give as much as 5X performance improvement for workloads with very large shuffles.
(tags: spark sorting hadoop map-reduce batch databricks apache netty)
The VATMOSS debacle: does the "manual email" loophole work?
As the 1 January deadline gallops towards the EU, microbusinesses desperate to stay open without breaking the law try to find out, "Can I email stuff out instead?" Well... Yes. - No - It depends - and simultaneously yes AND no, according to Schrödinger’s VAT. So that's clear, then.
One artist closing up their Bandcamp site due to new VATMOSS laws
Nice work, EU
(tags: eu law tax vat vatmoss matt-stevens bandcamp music downloads)
Use sshuttle to Keep Safe on Insecure Wi-Fi
I keep forgetting about sshuttle. It's by far the easiest way to get a cheapo IP-over-SSH VPN working with an OSX client, particularly since it's in homebrew
(tags: ssh vpn sshuttle tunnelling security ip wifi networking osx homebrew)
BoardGameGeek's best board games for kids
great list
Warning: Do NOT use my mirrors services until I have reviewed the situation
Things hotting up in TOR-land.
Until I have had the time and information available to review the situation, I am strongly recommending my mirrors are not used under any circumstances. If they come back online without a PGP signed message from myself to further explain the situation, exercise extreme caution and treat even any items delivered over TLS to be potentially hostile.
(tags: tor privacy crackdown anonymity seizures crypto via:hn)
Working Effectively with Unit Tests
$14.99 ebook, recommended by Steve Vinoski, looks good
(tags: unit-testing testing ebooks jay-fields tests steve-vinoski coding)
Fixing tethering on Android KitKat
Google made a change in Android 4.4 which allows operators to know when users are using tethering and conveniently block tethered devices from accessing internet. This can be fixed permanently using the following procedure.
Well this is stupid. (via Tony Finch)Why Ireland must protect privacy of Irish emails and internet usage from surveillance
It’s now over a year since Edward Snowden went public with evidence of mass surveillance and extensive abuses by the NSA, GCHQ and other intelligence agencies. In other countries these revelations prompted parliamentary inquiries, diplomatic representations and legislation. In Ireland the only response was a promise [..] to help extradite Mr Snowden should he land here.
(tags: ireland politics edward-snowden extradition privacy nsa gchq spying surveillance tj-mcintyre)
Final Root Cause Analysis and Improvement Areas: Nov 18 Azure Storage Service Interruption
For the record
(tags: root-cause azure outages postmortem cloud microsoft deployment)
-
To demonstrate that hackers have no interest in suppressing speech, quashing controversy, or being intimidated by vague threats, we ask that Sony allow the hacker community to distribute "The Interview" for them on the 25th of December. Now, we're aware that Sony may refer to this distribution method as piracy, but in this particular case, it may well prove to be the salvation of the motion picture industry. By freely offering the film online, millions of people will get to see it and decide for themselves if it has any redeeming qualities whatsoever - as opposed to nobody seeing it and the studios writing it off as a total loss. Theaters would be free from panic as our servers would become the target of any future vague threats (and we believe Hollywood will be most impressed with how resilient peer-to-peer distribution can be in the face of attacks). Most importantly, we would be defying intimidation, something the motion picture industry doesn't quite have a handle on, which is surprising considering how much they've relied upon it in the past.
(tags: 2600 funny hackers security sony north-korea the-interview movies piracy)
Top 20 Bourbons Around $30 | The Bourbon Review
Need to keep an eye out for a few of these -- will probably be a little more than $30 given the whole import/export carry-on of course
Why You Shouldn’t Use ZooKeeper for Service Discovery
In CAP terms, ZooKeeper is CP, meaning that it’s consistent in the face of partitions, not available. For many things that ZooKeeper does, this is a necessary trade-off. Since ZooKeeper is first and foremost a coordination service, having an eventually consistent design (being AP) would be a horrible design decision. Its core consensus algorithm, Zab, is therefore all about consistency. For coordination, that’s great. But for service discovery it’s better to have information that may contain falsehoods than to have no information at all. It is much better to know what servers were available for a given service five minutes ago than to have no idea what things looked like due to a transient network partition. The guarantees that ZooKeeper makes for coordination are the wrong ones for service discovery, and it hurts you to have them.
Yes! I've been saying this for months -- good to see others concurring.(tags: architecture zookeeper eureka outages network-partitions service-discovery cap partitions)
-
omg, Die Gute Fabrik's game collection featuring the AMAZING Johann Sebastian Joust -- now available on Mac, Linux and (missing JSJ) Windows. Time to buy an assload of Move controllers!
(tags: jsj johann-sebastian-joust games fun die-gute-fabrik sportsfriends gaming linux mac)
Lambda, Javascript Micro-Services on AWS
Nice worked-through Lambda example
'Machine Learning: The High-Interest Credit Card of Technical Debt' [PDF]
Oh god yes. This is absolutely spot on, as you would expect from a Google paper -- at this stage they probably have accumulated more real-world ML-at-scale experience than anywhere else. 'Machine learning offers a fantastically powerful toolkit for building complex systems quickly. This paper argues that it is dangerous to think of these quick wins as coming for free. Using the framework of technical debt, we note that it is remarkably easy to incur massive ongoing maintenance costs at the system level when applying machine learning. The goal of this paper is highlight several machine learning specific risk factors and design patterns to be avoided or refactored where possible. These include boundary erosion, entanglement, hidden feedback loops, undeclared consumers, data dependencies, changes in the external world, and a variety of system-level anti-patterns. [....] 'In this paper, we focus on the system-level interaction between machine learning code and larger systems as an area where hidden technical debt may rapidly accumulate. At a system-level, a machine learning model may subtly erode abstraction boundaries. It may be tempting to re-use input signals in ways that create unintended tight coupling of otherwise disjoint systems. Machine learning packages may often be treated as black boxes, resulting in large masses of “glue code” or calibration layers that can lock in assumptions. Changes in the external world may make models or input signals change behavior in unintended ways, ratcheting up maintenance cost and the burden of any debt. Even monitoring that the system as a whole is operating as intended may be difficult without careful design. Indeed, a remarkable portion of real-world “machine learning” work is devoted to tackling issues of this form. Paying down technical debt may initially appear less glamorous than research results usually reported in academic ML conferences. But it is critical for long-term system health and enables algorithmic advances and other cutting-edge improvements.'
(tags: machine-learning ml systems ops tech-debt maintainance google papers hidden-costs development)
The FBI Used the Web's Favorite Hacking Tool to Unmask Tor Users | WIRED
Since Operation Torpedo [use of a Metasploit side project], there’s evidence the FBI’s anti-Tor capabilities have been rapidly advancing. Torpedo was in November 2012. In late July 2013, computer security experts detected a similar attack through Dark Net websites hosted by a shady ISP called Freedom Hosting—court records have since confirmed it was another FBI operation. For this one, the bureau used custom attack code that exploited a relatively fresh Firefox vulnerability—the hacking equivalent of moving from a bow-and-arrow to a 9-mm pistol. In addition to the IP address, which identifies a household, this code collected the MAC address of the particular computer that infected by the malware. “In the course of nine months they went from off the shelf Flash techniques that simply took advantage of the lack of proxy protection, to custom-built browser exploits,” says Soghoian. “That’s a pretty amazing growth … The arms race is going to get really nasty, really fast.”
(tags: fbi tor police flash security privacy anonymity darknet wired via:bruces)
Digital Rights Ireland files Amicus Brief in Microsoft v USA with Liberty and ORG
Microsoft -v- USA is an important ongoing case, currently listed for hearing in 2015 before the US Federal Court of Appeal of the 2nd Circuit. However, as the case centres around the means by which NY law enforcement are seeking to access data of an email account which resides in Dublin, it is also crucially significant to Ireland and the rest of the EU. For that reason, Digital Rights Ireland instructed us to file an Amicus Brief in the US case, in conjunction with the global law firm of White & Case, who have acted pro bono in their representation. Given the significance of the case for the wider EU, both Liberty and the Open Rights Group in the UK have joined Digital Rights Ireland as amici on this brief. We hope it will be of aid to the US court in assessing the significance of the order being appealed by Microsoft for EU citizens and European states, in the light of the existing US and EU Mutual Legal Assistance Treaty.
(tags: amicus-briefs law us dri microsoft mlats org liberty eu privacy)
-
Hey look, PID 1 segfaulting! I haven't seen that happen since we managed to corrupt /bin/sh on Ultrix in 1992. Nice work Fedora
Operation Socialist: How GCHQ Spies Hacked Belgium’s Largest Telco
Chilling.
GCHQ maintains a huge repository named MUTANT BROTH that stores billions of these intercepted cookies, which it uses to correlate with IP addresses to determine the identity of a person. GCHQ refers to cookies internally as “target detection identifiers.”
(tags: privacy gchq surveillance belgacom regin uk spying belgium isps cookies malware)
-
Generate graphs/flowcharts from text a la Markdown. Pretty much identical to graphviz surely?
(tags: mermaid graphviz markdown cli open-source)
How Etsy Does Continuous Integration for Mobile Apps
Very impressive. I particularly like the use of Tester Dojos to get through a backlog of unwritten tests -- we had a similar problem recently...
(tags: dojos testing ci cd builds etsy mobile ios shenzen trylib jenkins tester-dojos)
-
From 7-8pm on Friday, [RepricerExpress] software, used by third-party sellers to ensure their products are the cheapest on the market, went a bit haywire and reduced prices to as little as 1p.
(tags: 1p amazon resellers repricer-express fail price-cutting automation risks undercutting)
-
Wow, this looks cool. $159
littleBits and Korg have demystified a traditional analog synthesizer, making it super easy for novices and experts alike to create music. connects to speakers, computers and headphones. can be used to make your own instruments. fits into the littleBits modular system for infinite combos of audio, visual and sensory experiences
(tags: diy hardware music littlebits gadgets make analog synths)
Cold, Cough, Flu: Best Medicines For Your Symptoms - Iodine
'Find the best cold & flu meds for your symptoms' -- actually pretty useful, although of course the US-only brandnames aren't available over here...
(tags: cold flu winter sickness medicine symptoms coughs treatment)
Introducing Atlas: Netflix's Primary Telemetry Platform
This sounds really excellent -- the dimensionality problem it deals with is a familiar one, particularly with red/black deployments, autoscaling, and so on creating trees of metrics when new transient servers appear and disappear. Looking forward to Netflix open sourcing enough to make it usable for outsiders
-
Hello! I love satellite imagery and topographic maps so I made several wallpapers with those gorgeous pictures. All wallpapers are iPhone 6 Plus optimized with 1242×2208 pixels, but you can resize for any device you have. The original sources are listed below.
(Via This Is Colossal)(tags: mapping aerial wallpapers phone desktop satellite maps)
Good advice on running large-scale database stress tests
I've been bitten by poor key distribution in tests in the past, so this is spot on: 'I'd run it with Zipfian, Pareto, and Dirac delta distributions, and I'd choose read-modify-write transactions.' And of course, a dataset bigger than all combined RAM. Also: http://smalldatum.blogspot.ie/2014/04/biebermarks.html -- the "Biebermark", where just a single row out of the entire db is contended on in a read/modify/write transaction: "the inspiration for this is maintaining counts for [highly contended] popular entities like Justin Bieber and One Direction."
(tags: biebermark benchmarks testing performance stress-tests databases storage mongodb innodb foundationdb aphyr measurement distributions keys zipfian)
AWS Key Management Service Cryptographic Details
"AWS Key Management Service (AWS KMS) provides cryptographic keys and operations scaled for the cloud. AWS KMS keys and functionality are used by other AWS cloud services, and you can use them to protect user data in your applications that use AWS. This white paper provides details on the cryptographic operations that are executed within AWS when you use AWS KMS."
(tags: white-papers aws amazon kms key-management crypto pdf)
-
some good details of Aurora innards
(tags: mysql databases aurora aws ec2 sql storage transactions replication)
If Eventual Consistency Seems Hard, Wait Till You Try MVCC
ex-Percona MySQL wizard Baron Schwartz, noting that MVCC as implemented in common SQL databases is not all that simple or reliable compared to big bad NoSQL Eventual Consistency:
Since I am not ready to assert that there’s a distributed system I know to be better and simpler than eventually consistent datastores, and since I certainly know that InnoDB’s MVCC implementation is full of complexities, for right now I am probably in the same position most of my readers are: the two viable choices seem to be single-node MVCC and multi-node eventual consistency. And I don’t think MVCC is the simpler paradigm of the two.
(tags: nosql concurrency databases mysql riak voldemort eventual-consistency reliability storage baron-schwartz mvcc innodb postgresql)
-
This is quite interesting/weird -- Stripe's protocol for mass-CCing email as they scale up the company, based around http://en.wikipedia.org/wiki/Civil_inattention
(tags: communication culture email management stripe cc transparency civil-inattention)
Shanley Kane of Model View Culture Challenges a “Corrupt” Silicon Valley | MIT Technology Review
If their interests were better serving the world, using technology as a force for social justice, and equitably distributing technology wealth to enrich society … sure, they’d be acting against their interests. But the reality is that tech companies centralize power and wealth in a small group of privileged white men. When that’s the goal, then exploiting the labor of marginalized people and denying them access to power and wealth is 100 percent in line with the endgame. A more diverse tech industry would be better for its workers and everyone else, but it would be worse for the privileged white men at the top of it, because it would mean they would have to give up their monopoly on money and power. And they will fight that with everything they’ve got, which is why we see barriers to equality at every level of the industry.
(tags: culture feminism tech mit-tech-review shanley-kane privilege vcs silicon-valley)
-
Awesome! I was completely unaware this was coming down the pipeline.
A new, transactionally updated Ubuntu for the cloud. Ubuntu Core is a new rendition of Ubuntu for the cloud with transactional updates. Ubuntu Core is a minimal server image with the same libraries as today’s Ubuntu, but applications are provided through a simpler mechanism. The snappy approach is faster, more reliable, and lets us provide stronger security guarantees for apps and users — that’s why we call them “snappy” applications. Snappy apps and Ubuntu Core itself can be upgraded atomically and rolled back if needed — a bulletproof approach to systems management that is perfect for container deployments. It’s called “transactional” or “image-based” systems management, and we’re delighted to make it available on every Ubuntu certified cloud.
(tags: ubuntu linux packaging snappy ubuntu-core transactional-updates apt docker ops)
Dan McKinley :: Thoughts on the Technical Track
Ouch. I think Amazon did a better job of the Technical Track concept than this, at least
(tags: engineering management technical-track principal-engineer career work)
-
"git for operating system binaries". OSTree is a tool for managing bootable, immutable, versioned filesystem trees. It is not a package system; nor is it a tool for managing full disk images. Instead, it sits between those levels, offering a blend of the advantages (and disadvantages) of both. You can use any build system you like to place content into it on a build server, then export an OSTree repository via static HTTP. On each client system, "ostree admin upgrade" can incrementally replicate that content, creating a new root for the next reboot. This provides fully atomic upgrades. Any changes made to /etc are propagated forwards, and all local state in /var is shared. A key goal of the project is to complement existing package systems like RPM and Debian packages, and help further their evolution. In particular for example, RPM-OSTree (linked below) has as a goal a hybrid tree/package model, where you replicate a base tree via OSTree, and then add packages on top.
(tags: os gnome git linux immutable deployment packaging via:fanf)
State sanctions foreign phone and email tapping
Well, this stinks.
Foreign law enforcement agencies will be allowed to tap Irish phone calls and intercept emails under a statutory instrument signed into law by Minister for Justice Frances Fitzgerald. Companies that object or refuse to comply with an intercept order could be brought before a private “in camera” court. The legislation, which took effect on Monday, was signed into law without fanfare on November 26th, the day after documents emerged in a German newspaper indicating the British spy agency General Communications Headquarters (GCHQ) had directly tapped undersea communications cables between Ireland and Britain for years.
(tags: ireland law gchq surveillance mlats phone-tapping)
"Looks like Chicago PD had a stingray out at the Eric Garner protest last night"
Your tax dollars at work: Spying on people just because they demand that the government's agents stop killing black people. [...] Anonymous has released a video featuring what appear to be Chicago police radio transmissions revealing police wiretapping of organizers' phones at the protests last night the day after Thanksgiving, perhaps using a stingray. The transmissions pointing to real-time wiretapping involve the local DHS-funded spy 'fusion' center.
(tags: imsi-catcher stingray surveillance eric-garner protests privacy us-politics anonymous chicago police wiretapping dhs)
When data gets creepy: the secrets we don’t realise we’re giving away | Technology | The Guardian
Very good article around the privacy implications of derived and inferred aggregate metadata from Ben Goldacre.
We are entering an age – which we should welcome with open arms – when patients will finally have access to their own full medical records online. So suddenly we have a new problem. One day, you log in to your medical records, and there’s a new entry on your file: “Likely to die in the next year.” We spend a lot of time teaching medical students to be skilful around breaking bad news. A box ticked on your medical records is not empathic communication. Would we hide the box? Is that ethical? Or are “derived variables” such as these, on a medical record, something doctors should share like anything else?
(tags: advertising ethics privacy security law data aggregation metadata ben-goldacre)
Stellar/Ripple suffer a failure of their consensus system, resulting in a split-brain failure
Prof. Mazières’s research indicated some risk that consensus could fail, though we were nor certain if the required circumstances for such a failure were realistic. This week, we discovered the first instance of a consensus failure. On Tuesday night, the nodes on the network began to disagree and caused a fork of the ledger. The majority of the network was on ledger chain A. At some point, the network decided to switch to ledger chain B. This caused the roll back of a few hours of transactions that had only been recorded on chain A. We were able to replay most of these rolled back transactions on chain B to minimize the impact. However, in cases where an account had already sent a transaction on chain B the replay wasn’t possible.
(tags: consensus distcomp stellar ripple split-brain postmortems outages ledger-fork payment)
the "Unknown Pleasures" cover, emulated in Mathematica
In July 1967, astronomers at the Cavendish Laboratory in Cambridge, observed an unidentified radio signal from interstellar space, which flashed periodically every 1.33730 seconds. This object flashed with such regularity that it was accurate enough to be used as a clock and only be off by one part in a hundred million. It was eventually determined that this was the first discovery of a pulsar, CP-1919. This is an object that has about the same mass as the Sun, but is the size of the San Francisco Bay at its widest (~20 kilometers) that is rotating so fast that its emitting a beam of light towards Earth like a strobing light house! Pulsars are neutron stars that are formed from the remnants of a massive star when it experiences stellar death. A hand drawn graph plotted in the style of a waterfall plot, in the Cambridge Encyclopedia of Astronomy, later became renown for its use on the cover of the album "Unknown Pleasures" by 1970s English band Joy Division.
The entire blog at http://intothecontinuum.tumblr.com/ is pretty great. Lots of nice mathematical animated GIFs, accompanied by Mathematica source and related ponderings.(tags: maths gifs animation art unknown-pleasures mathematica cp-1919 pulsars astronomy joy-division waterfall-plots cambridge blogs)
-
'Pubs & Bars With Raging Fires in Dublin'. This is important!
-
'Anurag@AWS posts a quite interesting comment on Aurora failover: We asynchronously write to 6 copies and ack the write when we see four completions. So, traditional 4/6 quorums with synchrony as you surmised. Now, each log record can end up with a independent quorum from any other log record, which helps with jitter, but introduces some sophistication in recovery protocols. We peer to peer to fill in holes. We also will repair bad segments in the background, and downgrade to a 3/4 quorum if unable to place in an AZ for any extended period. You need a pretty bad failure to get a write outage.' (via High Scalability)
(tags: via:highscalability mysql aurora failover fault-tolerance aws replication quorum)
-
Nice list -- lots of random toy services
-
actual stats and data on how programming languages affect coding work
(tags: statistics data coding languages static-typing dynamic)
CoreOS is building a container runtime, Rocket
Whoa, trouble at mill in Dockerland!
When Docker was first introduced to us in early 2013, the idea of a “standard container” was striking and immediately attractive: a simple component, a composable unit, that could be used in a variety of systems. The Docker repository included a manifesto of what a standard container should be. This was a rally cry to the industry, and we quickly followed. Brandon Philips, co-founder/CTO of CoreOS, became a top Docker contributor, and now serves on the Docker governance board. CoreOS is one of the most widely used platforms for Docker containers, and ships releases to the community hours after they happen upstream. We thought Docker would become a simple unit that we can all agree on. Unfortunately, a simple re-usable component is not how things are playing out. Docker now is building tools for launching cloud servers, systems for clustering, and a wide range of functions: building images, running images, uploading, downloading, and eventually even overlay networking, all compiled into one monolithic binary running primarily as root on your server. The standard container manifesto was removed. We should stop talking about Docker containers, and start talking about the Docker Platform. It is not becoming the simple composable building block we had envisioned.
(tags: coreos docker linux containers open-source politics rocket)
The Wirecutter’s Best Everyday Things for $50, $100, $200
excellent guide (via JK)
(tags: via:johnke gifts shopping amazon wirecutter gadgets to-get)
-
isn't that curious.
(tags: irish ireland government spying surveillance vodafone gchq)
-
Reading between the lines, it looks like Rails 4 is waaay slower than 3....
(tags: rails ruby performance profiling discourse)
Day 1 - Docker in Production: Reality, Not Hype
Good Docker info from Bridget Kromhout, on their production and dev usage of Docker at DramaFever. lots of good real-world tips
(tags: docker ops boot2docker tips sysadvent)
Lost avant-garde painting found in Stuart Little’s living room
Two years later, he heard from Lisa S., an assistant set designer on [the movie] Stuart Little. She had bought the painting for $500 from an antiques store in Pasadena specifically for the movie because she thought its cool elegance was perfectly suited for the Little’s New York City apartment. Lisa S. had tracked it down in another warehouse and purchased it from Sony just because she liked it so much. When she contacted Barki, she had no idea of the history of the painting hanging on her bedroom wall. After Barki visited the painting in person and confirmed its identity, Lisa sold it to a private collector. That collector has now been persuaded to sell it in Hungary. It will go up for auction at the Virag Judit Art Gallery in Budapest on December 13th with a starting price of 110,000 euros ($160,000). Gergely Barki won’t make a dime off of his discovery, but he will have a great story to tell in his biography of the artist.
(tags: stuart-little art history hungary pasadena movies set-design antiques robert-bereny post-impressionism)
rjbs's rubric: In Soviet Minecraft, server op you!
wow, that is too much effort for a 7-year-old's Minecraft server ;) Very impressive
(tags: minecraft game-servers kids teleport gaming rjbs perl)
-
How Rust avoids GC overhead using it's "borrow" system:
Rust achieves memory safety without GC by using a sophiscated borrow system. For any resource (stack memory, heap memory, file handle and so on), there is exactly one owner which takes care of its resource deallocation, if needed. You may create new bindings to refer to the resource using & or &mut, which is called a borrow or mutable borrow. The compiler ensures all owners and borrowers behave correctly.
(tags: languages rust gc borrow lifecycle stack heap allocation)
-
Actually, I'm really agreeing with a lot of this. Particularly this part:
Programmers will cringe at writing some kind of command dispatch list: if command = "up": up() elif command = "status": status() elif command = "revert": revert() ... so they’ll go off and write some introspecting auto-dispatch cleverness, but that takes longer to write and will surely confuse future readers who’ll wonder how the heck revert() ever gets called. Yet the programmer will incorrectly feel as though he saved himself time. This is the trap of the dynamic language. It feels like you’re being more productive, but aside from the first 10 minutes of a new program, you’re not. Just write the stupid dispatch manually and get on with the real work.
I've also gone right off dynamic languages for any kind of non-toy work. Mind you he needs to get around to ditching Vim for a proper IDE. That's the key thing that makes coding in a statically-typed language really pleasant -- when graphical refactoring becomes easy and usable, and errors are visible as you type them...(tags: java coding static-typing python unit-tests)
Facebook Fabric Networking Deconstructed
whoa, this is incredibly in-depth
(tags: facebook datacenter networking clos-networks infrastructure networks fat-tree)
OS X doesn't support 'ndots' DNS resolution
"ping foo.bar" will not append the "search" domains configured in /etc/resolv.conf. Apparently this has been broken since OS X Lion, no sign of a fix. Nice work Apple
-
a catastrophic TCP throughput collapse that occurs as the number of storage servers sending data to a client increases past the ability of an Ethernet switch to buffer packets. In a clustered file system, for example, a client application requests a data block striped across several storage servers, issuing the next data block request only when all servers have responded with their portion (Figure 1). This synchronized request workload can result in packets overfilling the buffers on the client's port on the switch, resulting in many losses. Under severe packet loss, TCP can experience a timeout that lasts a minimum of 200ms, determined by the TCP minimum retransmission timeout (RTOmin).
(tags: incast networking performance tcp bandwidth buffering switch ethernet capacity)
-
Excellent real-world war story from Facebook -- a long-running mystery bug was eventually revealed to be a combination of edge-case behaviours across all the layers of the networking stack, from L2 link aggregation at the agg-router level, up to the L7 behaviour of the MySQL client connection pool.
Facebook collocates many of a user’s nodes and edges in the social graph. That means that when somebody logs in after a while and their data isn’t in the cache, we might suddenly perform 50 or 100 database queries to a single database to load their data. This starts a race among those queries. The queries that go over a congested link will lose the race reliably, even if only by a few milliseconds. That loss makes them the most recently used when they are put back in the pool. The effect is that during a query burst we stack the deck against ourselves, putting all of the congested connections at the top of the deck.
(tags: architecture debugging devops facebook layer-7 mysql connection-pooling aggregation networking tcp-stack)
"Macaroons" for fine-grained secure database access
Macaroons are an excellent fit for NoSQL data storage for several reasons. First, they enable an application developer to enforce security policies at very fine granularity, per object. Gone are the clunky security policies based on the IP address of the client, or the per-table access controls of RDBMSs that force you to split up your data across many tables. Second, macaroons ensure that a client compromise does not lead to loss of the entire database. Third, macaroons are very flexible and expressive, able to incorporate information from external systems and third-party databases into authorization decisions. Finally, macaroons scale well and are incredibly efficient, because they avoid public-key cryptography and instead rely solely on fast hash functions.
(tags: security macaroons cookies databases nosql case-studies storage authorization hyperdex)
Richard Tynan on Twitter: "GCHQ Tapping Eircom owned cable"
Cable listed as owned by Eircom and Cable and Wireless (now Vodafone?)
(tags: vodafone cables tapping surveillance eircom internet uk)
Hermitage: Testing the "I" in ACID
[Hermitage is] a test suite for databases which probes for a variety of concurrency issues, and thus allows a fair and accurate comparison of isolation levels. Each test case simulates a particular kind of race condition that can happen when two or more transactions concurrently access the same data. Each test can pass (if the database’s implementation of isolation prevents the race condition from occurring) or fail (if the race condition does occur).
(tags: acid architecture concurrency databases nosql)