Skip to content

Justin's Linklog Posts

Links for 2015-12-22

Published December 22, 2015

  • Amazon EC2 Container Registry

    hooray, Docker registry here at last

    (tags: ecs docker registry ops containers aws)

  • How to inspect SSL/TLS traffic with Wireshark 2

    turns out it’s easy enough — Mozilla standardised a debugging SSL session-key logging file format which Wireshark and Chrome support

    (tags: chrome ssl browser firefox wireshark debugging tls)

  • ImperialViolet – Juniper: recording some Twitter conversations

    Adam Langley on the Juniper VPN-snooping security hole:

    … if it wasn’t the NSA who did this, we have a case where a US gov­ern­ment back­door ef­fort (Dual-EC) laid the ground­work for some­one else to at­tack US in­ter­ests. Cer­tainly this at­tack would be a lot eas­ier given the pres­ence of a back­door-friendly RNG al­ready in place. And I’ve not even dis­cussed the SSH back­door. […]

    (tags: primes ecc security juniper holes exploits dual-ec-drbg vpn networking crypto prngs)

  • Excellent post from Matthew Green on the Juniper backdoor

    For the past several years, it appears that Juniper NetScreen devices have incorporated a potentially backdoored random number generator, based on the NSA’s Dual_EC_DRBG algorithm. At some point in 2012, the NetScreen code was further subverted by some unknown party, so that the very same backdoor could be used to eavesdrop on NetScreen connections. While this alteration was not authorized by Juniper, it’s important to note that the attacker made no major code changes to the encryption mechanism — they only changed parameters. This means that the systems were potentially vulnerable to other parties, even beforehand. Worse, the nature of this vulnerability is particularly insidious and generally messed up. [….] The end result was a period in which someone — maybe a foreign government — was able to decrypt Juniper traffic in the U.S. and around the world. And all because Juniper had already paved the road. One of the most serious concerns we raise during [anti-law-enforcement-backdoor] meetings is the possibility that encryption backdoors could be subverted. Specifically, that a back door intended for law enforcement could somehow become a backdoor for people who we don’t trust to read our messages. Normally when we talk about this, we’re concerned about failures in storage of things like escrow keys. What this Juniper vulnerability illustrates is that the danger is much broader and more serious than that. The problem with cryptographic backdoors is not that they’re the only way that an attacker can break intro our cryptographic systems. It’s merely that they’re one of the best. They take care of the hard work, the laying of plumbing and electrical wiring, so attackers can simply walk in and change the drapes.
    (via Tony Finch)

    (tags: via:fanf crypto backdoors politics juniper dual-ec-drbg netscreen vpn)

  • 2016 Wish List for AWS?

    good thread of AWS’ shortcomings — so many services still don’t handle VPC for instance

    (tags: vpc aws ec2 ops wishlist)

Links for 2015-12-18

Published December 18, 2015

Links for 2015-12-16

Published December 16, 2015

Links for 2015-12-15

Published December 15, 2015

Links for 2015-12-14

Published December 14, 2015

  • Files Are Hard

    This is basically terrifying. A catalog of race conditions and reliability horrors around the POSIX filesystem abstraction in Linux — it’s a wonder anything works. ‘Where’s this documented? Oh, in some mailing list post 6-8 years ago (which makes it 12-14 years from today). The fs devs whose posts I’ve read are quite polite compared to LKML’s reputation, and they generously spend a lot of time responding to basic questions, but it’s hard for outsiders to troll [sic] through a decade and a half of mailing list postings to figure out which ones are still valid and which ones have been obsoleted! I don’t mean to pick on filesystem devs. In their OSDI 2014 talk, the authors of the paper we’re discussing noted that when they reported bugs they’d found, developers would often respond “POSIX doesn’t let filesystems do that”, without being able to point to any specific POSIX documentation to support their statement. If you’ve followed Kyle Kingsbury’s Jepsen work, this may sound familiar, except devs respond with “filesystems don’t do that” instead of “networks don’t do that”.I think this is understandable, given how much misinformation is out there. Not being a filesystem dev myself, I’d be a bit surprised if I don’t have at least one bug in this post.’

    (tags: filesystems linux unix files operating-systems posix fsync osdi papers reliability)

  • [LUCENE-6917] Deprecate and rename NumericField/RangeQuery to LegacyNumeric – ASF JIRA

    Interesting performance-related tweak going into Lucene — based on the Bkd-Tree I think: https://users.cs.duke.edu/~pankaj/publications/papers/bkd-sstd.pdf . Being used for all numeric index types, not just multidimensional ones?

    (tags: lucene performance algorithms patches bkd-trees geodata numeric indexing)

  • Kevin Lyda’s mega pension post

    Cutting and pasting from Facebook for posterity… there are some really solid tips in here. ‘Some people plan their lives out and then there are people like me who randomly do things and suddenly, in retrospect, it looks like a grand plan has come together. In reality it’s more like my subconscious pulls in useful info and pokes me to go learn things as required. If you live/work in Ireland, the following “grand plan” might be useful. This year has apparently been “figure out how to retire” year. It started late last year with finally organising all my private Irish pensions (2 from employers, 1 personal). In the process I learned the following: * Many Irish pension plans allow you to start drawing down from them at age 50. There are downsides to this, but if you have several of them it allows you more room to avoid stock market downturns when you purchase annuities. * You can get 25% of each pension as a tax-free lump sum. I also learned a few property things. The key thing is that if you have a buy-to-let property you should *not* pay off its mortgage early. You can deduct 75% of the interest you pay against the taxes you’d owe for rental income. That means the interest you pay will essentially be close to or even under the rate of inflation. A residential mortgage might have a lower interest rate nominally, but the effective interest rate is higher. The Irish state pension is changing. If you are 68 after 2020 the rules have changed – and they’re now much simpler. Work for 10 years and you get the minimum state pension (1/3 of a full pension). Work for 20, you get 2/3 of of a state pension. Work for 30, you get a full pension. But you can’t collect it till you’re 68 and remember that Irish employers can apparently force you to “retire” at 65 (ageism is legal). So you need to bridge those 3 years (or hope they change the law to stop employers from doing that). When I “retired” I kept a part time job for a number of reasons, but one was because I suspected I needed more PRSI credits for a pension. And it turns out this was correct. Part-time work counts as long as you make more than €38/week. And self-employment counts as long as you make more than €5,000/year. You can also make voluntary PRSI contributions (around €500/year but very situation dependent). If you’ve worked in Europe or the US or Canada or a few other countries, you can get credits for social welfare payments in those countries. But if you have enough here and you have enough for some pension in the other country, you can draw a pension from both. Lastly most people I’ve talked to about retirement this year have used the analogy of legs on a stool. Every source of post-retirement income is a leg on the stool – the more legs, the more secure your retirement. There are lots of options for legs: * Rental income. This is a little wobbly as legs go at least for me. But if you have more than one rental property – and better yet some commercial rental property – this leg firms up a bit. Still, it’s a bit more work than most. * Savings. This isn’t very tax-efficient, but it can help fill in blank spots some legs have (like rental income or age restrictions) or maximise another legs value (weathering downturns for stock-based legs). And in retirement you can even build savings up. Sell a house, the private pension lump sum, etc. But remember you’re retired, go have fun. Savings won’t do you much good when you’re dead. * Stocks. I’ve cashed all mine in, but some friends have been more restrained in cashing in stocks they might have gotten from employers. This is a volatile leg, but it can pay off rather well if you know what you’re doing. But be honest with yourself. I know I absolutely don’t know what I’m doing on this so stayed away. * Government pension. This is generally a reliable source of income in retirement. It’s usually not a lot, but it does tend to last from retirement to death and it shows up every month. You apply once and then it just shows up each month. If you’ve worked in multiple countries, you can hedge some bets by taking a pension in each country you qualify from. You did pay into them after all. * Private pension. This can also give you a solid source of income but you need to pay into it. And paying in during your 20s and 30s really pays off later. But you need to make your investments less risky as you get into your late 50s – so make sure to start looking at them then. And you need to provide yourself some flexibility for starting to draw it down in order to survive market drops. The crash in 2007 didn’t fully recover until 2012 – that’s 5 years. * Your home. Pay off your mortgage and your home can be a leg. Not having to pay rent/mortgage is a large expense removed and makes the other legs more effective. You can also “sell down” or look into things like reverse mortgages, but the former can take time and has costs while the latter usually seems to have a lot of fine print you should read up on. * Part-time work. I know a number of people who took part-time jobs when they retired. If you can find something that doesn’t take a huge amount of time that you’d enjoy doing and that people will pay you for, fantastic! Do that. And it gets you out of the house and keeping active. For friends who are geeks and in my age cohort, I note that it will be 2037 around the time we hit 65. If you know why that matters, ka-ching!’ Another particularly useful page about the state pension: “Six things every woman needs to know about the State pension”, Irish Times, Dec 1 2015, https://www.irishtimes.com/business/personal-finance/six-things-every-woman-needs-to-know-about-the-state-pension-1.2448981 , which links to this page to get your state pension contribution record: http://www.welfare.ie/en/pages/secure/ RequestSIContributionRecord.aspx

    (tags: pensions money life via:klyda stocks savings shares property ireland old-age retirement)

  • Big Brother Watch on Twitter: “Anyone can legally have their phone or computer hacked by the police, intelligence agencies, HMRC and others #IPBill https://t.co/3ZS610srCJ”

    As Glynn Moody noted, if UK police, intelligence agencies, HMRC and others call all legally hack phones and computers, that also means that digital evidence can be easily and invisibly planted. This will undermine future court cases in the UK, which seems like a significant own goal…

    (tags: hmrc police gchq uk hacking security law-enforcement evidence law)

  • Why We Chose Kubernetes Over ECS

    3 months ago when we, at nanit.com, came to evaluate which Docker orchestration framework to use, we gave ECS the first priority. We were already familiar with AWS services, and since we already had our whole infrastructure there, it was the default choice. After testing the service for a while we had the feeling it was not mature enough and missing some key features we needed (more on that later), so we went to test another orchestration framework: Kubernetes. We were glad to discover that Kubernetes is far more comprehensive and had almost all the features we required. For us, Kubernetes won ECS on ECS’s home court, which is AWS.

    (tags: kubernetes ecs docker containers aws ec2 ops)

Links for 2015-12-11

Published December 11, 2015

Links for 2015-12-10

Published December 10, 2015

Links for 2015-12-09

Published December 9, 2015

Links for 2015-12-07

Published December 7, 2015

Links for 2015-12-03

Published December 3, 2015

  • Introducing Netty-HTTP from Cask

    netty-http library solves [Netty usability issues] by using JAX-RS annotations to build a HTTP path routing layer on top of netty. In addition, the library implements a guava service to manage the HTTP service. netty-http allows users of the library to just focus on writing the business logic in HTTP handlers without having to worry about the complexities of path routing or learning netty pipeline internals to build the HTTP service.
    We’ve written something very similar, although I didn’t even bother supporting JAX-RS annotations — just a simple code-level DSL.

    (tags: jax-rs netty http cask java services coding)

  • The Locals Xmas Gift Guide 2015

    some nice local gift suggestions from small businesses around Dublin. I’d love to get some of these, but I guess I’ll have to settle for giving them instead ;)

    (tags: gifts dublin ireland shopping xmas christmas the-locals)

Links for 2015-12-02

Published December 2, 2015

  • Topics in High-Performance Messaging

    ‘We have worked together in the field of high-performance messaging for many years, and in that time, have seen some messaging systems that worked well and some that didn’t. Successful deployment of a messaging system requires background information that is not easily available; most of what we know, we had to learn in the school of hard knocks. To save others a knock or two, we have collected here the essential background information and commentary on some of the issues involved in successful deployments. This information is organized as a series of topics around which there seems to be confusion or uncertainty. Please contact us if you have questions or comments.’

    (tags: messaging scalability scaling performance udp tcp protocols multicast latency)

Links for 2015-11-30

Published November 30, 2015

  • Control theory meets machine learning

    ‘DB: Is there a difference between how control theorists and machine learning researchers think about robustness and error? BR: In machine learning, we almost always model our errors as being random rather than worst-case. In some sense, random errors are actually much more benign than worst-case errors. […] In machine learning, by assuming average-case performance, rather than worst-case, we can design predictive algorithms by averaging out the errors over large data sets. We want to be robust to fluctuations in the data, but only on average. This is much less restrictive than the worst-case restrictions in controls. DB: So control theory is model-based and concerned with worst case. Machine learning is data based and concerned with average case. Is there a middle ground? BR: I think there is! And I think there’s an exciting opportunity here to understand how to combine robust control and reinforcement learning. Being able to build systems from data alone simplifies the engineering process, and has had several recent promising results. Guaranteeing that these systems won’t behave catastrophically will enable us to actually deploy machine learning systems in a variety of applications with major impacts on our lives. It might enable safe autonomous vehicles that can navigate complex terrains. Or could assist us in diagnostics and treatments in health care. There are a lot of exciting possibilities, and that’s why I’m excited about how to find a bridge between these two viewpoints.’

    (tags: control-theory interviews machine-learning ml worst-case self-driving-cars cs)

  • The End of Dynamic Languages

    This is my bet: the age of dynamic languages is over. There will be no new successful ones. Indeed we have learned a lot from them. We’ve learned that library code should be extendable by the programmer (mixins and meta-programming), that we want to control the structure (macros), that we disdain verbosity. And above all, we’ve learned that we want our languages to be enjoyable. But it’s time to move on. We will see a flourishing of languages that feel like you’re writing in a Clojure, but typed. Included will be a suite of powerful tools that we’ve never seen before, tools so convincing that only ascetics will ignore.

    (tags: programming scala clojure coding types strong-types dynamic-languages languages)

  • RobustIRC

    ‘IRC without netsplits’ using Raft consensus

    (tags: raft irc netsplits resilience fault-tolerance)

  • Inside China’s Memefacturing Factories, Where The Hottest New Gadgets Are Made – BuzzFeed News

    On a humid afternoon, Zhou went shopping for some of those very parts at a Bao An market. As he pulled his maroon minivan into a crowded parking lot, the full scale of Depu Electronics came into view: a three-story concrete behemoth roughly bigger than a Costco and roughly smaller than the Pentagon. Inside, it looked like the world’s largest Radio Shack going out of business sale: an endless series of booths with cables and circuit boards and plugs and ports and buttons and machines piled so high on tables that the faces of the clerks who were selling them were hidden from view. Each booth seemed to argue: We have exactly what you want and we have enough of it for all of your customers. Short of motorized wheels and molding, the market offered nearly everything an ambitious factory owner would need to build a hoverboard, just waiting to be bought, assembled, and shipped.

    (tags: hoverboards memes china manufacturing future gadgets tat bao-an electronics)

Links for 2015-11-28

Published November 28, 2015

  • One of the Largest Hacks Yet Exposes Data on Hundreds of Thousands of Kids | Motherboard

    VTech got hacked, and millions of parents and 200,000 kids had their privacy breached as a result. Bottom line is summed up by this quote from one affected parent:

    “Why do you need know my address, why do you need to know all this information just so I can download a couple of free books for my kid on this silly pad thing? Why did they have all this information?”
    Quite. Better off simply not to have the data in the first place!

    (tags: vtech privacy data-protection data hacks)

  • Senior Anglo bondholders revealed in department note

    In case you were wondering who Ireland’s economy was wiped out for:

    Among the major holders were a Dutch pension fund, ABP; another Dutch fund, PGGM; LGPI in Finland, which manages local government pensions; and a Swiss public entities pension. A number of major asset managers were also named, including JP Morgan in London; DeKA and ADIG, two German investment managers; and Robeco from the Netherlands. Big insurance companies, including Munich Re, Llmarinen from Finland and German giant Axa were also named, along with big banks such as BNP, SocGen, ING and Deutsche.

    (tags: bondholders anglo economy ireland politics eu senior-bondholders)

  • Is Dublin Busy?

    a bunch of metrics for Dublin xmas-shopping capacity

    (tags: xmas dublin metrics design stats)

Links for 2015-11-26

Published November 26, 2015

  • re:Work – The five keys to a successful Google team

    We learned that there are five key dynamics that set successful teams apart from other teams at Google: Psychological safety: Can we take risks on this team without feeling insecure or embarrassed? Dependability: Can we count on each other to do high quality work on time? Structure & clarity: Are goals, roles, and execution plans on our team clear? Meaning of work: Are we working on something that is personally important for each of us? Impact of work: Do we fundamentally believe that the work we’re doing matters?

    (tags: teams google culture work management productivity hr)

Links for 2015-11-25

Published November 25, 2015

Links for 2015-11-22

Published November 22, 2015

Links for 2015-11-20

Published November 20, 2015

Links for 2015-11-18

Published November 18, 2015

Links for 2015-11-17

Published November 17, 2015

Links for 2015-11-16

Published November 16, 2015

Links for 2015-11-13

Published November 13, 2015

  • The impact of Docker containers on the performance of genomic pipelines [PeerJ]

    In this paper, we have assessed the impact of Docker containers technology on the performance of genomic pipelines, showing that container “virtualization” has a negligible overhead on pipeline performance when it is composed of medium/long running tasks, which is the most common scenario in computational genomic pipelines. Interestingly for these tasks the observed standard deviation is smaller when running with Docker. This suggests that the execution with containers is more “homogeneous,” presumably due to the isolation provided by the container environment. The performance degradation is more significant for pipelines where most of the tasks have a fine or very fine granularity (a few seconds or milliseconds). In this case, the container instantiation time, though small, cannot be ignored and produces a perceptible loss of performance.

    (tags: performance docker ops genomics papers)

Links for 2015-11-12

Published November 12, 2015

Links for 2015-11-11

Published November 11, 2015

  • Dynalite

    Awesome new mock DynamoDB implementation:

    An implementation of Amazon’s DynamoDB, focussed on correctness and performance, and built on LevelDB (well, @rvagg’s awesome LevelUP to be precise). This project aims to match the live DynamoDB instances as closely as possible (and is tested against them in various regions), including all limits and error messages. Why not Amazon’s DynamoDB Local? Because it’s too buggy! And it differs too much from the live instances in a number of key areas.
    We use DynamoDBLocal in our tests — the availability of that tool is one of the key reasons we have adopted Dynamo so heavily, since we can safely test our code properly with it. This looks even better.

    (tags: dynamodb testing unit-tests integration-testing tests ops dynalite aws leveldb)

  • Alarm design: From nuclear power to WebOps

    Imagine you are an operator in a nuclear power control room. An accident has started to unfold. During the first few minutes, more than 100 alarms go off, and there is no system for suppressing the unimportant signals so that you can concentrate on the significant alarms. Information is not presented clearly; for example, although the pressure and temperature within the reactor coolant system are shown, there is no direct indication that the combination of pressure and temperature mean that the cooling water is turning into steam. There are over 50 alarms lit in the control room, and the computer printer registering alarms is running more than 2 hours behind the events. This was the basic scenario facing the control room operators during the Three Mile Island (TMI) partial nuclear meltdown in 1979. The Report of the President’s Commission stated that, “Overall, little attention had been paid to the interaction between human beings and machines under the rapidly changing and confusing circumstances of an accident” (p. 11). The TMI control room operator on the day, Craig Faust, recalled for the Commission his reaction to the incessant alarms: “I would have liked to have thrown away the alarm panel. It wasn’t giving us any useful information”. It was the first major illustration of the alarm problem, and the accident triggered a flurry of human factors/ergonomics (HF/E) activity.
    A familiar topic for this ex-member of the Amazon network monitoring team…

    (tags: ergonomics human-factors ui ux alarms alerts alerting three-mile-island nuclear-power safety outages ops)

  • An Analysis of Reshipping Mule Scams

    We observed that the vast majority of the re-shipped packages end up in the Moscow, Russia area, and that the goods purchased with stolen credit cards span multiple categories, from expensive electronics such as Apple products, to designer clothes, to DSLR cameras and even weapon accessories. Given the amount of goods shipped by the reshipping mule sites that we analysed, the annual revenue generated from such operations can span between 1.8 and 7.3 million US dollars. The overall losses are much higher though: the online merchant loses an expensive item from its inventory and typically has to refund the owner of the stolen credit card. In addition, the rogue goods typically travel labeled as “second hand goods” and therefore custom taxes are also evaded. Once the items purchased with stolen credit cards reach their destination they will be sold on the black market by cybercriminals. […] When applying for the job, people are usually required to send the operator copies of their ID cards and passport. After they are hired, mules are promised to be paid at the end of their first month of employment. However, from our data it is clear that mules are usually never paid. After their first month expires, they are never contacted back by the operator, who just moves on and hires new mules. In other words, the mules become victims of this scam themselves, by never seeing a penny. Moreover, because they sent copies of their documents to the criminals, mules can potentially become victims of identity theft.

    (tags: crime law cybercrime mules shipping-scams identity-theft russia moscow scams papers)

Links for 2015-11-10

Published November 10, 2015

  • No Harm, No Fowl: Chicken Farm Inappropriate Choice for Data Disposal

    That’s a lesson that Spruce Manor Special Care Home in Saskatchewan had to learn the hard way (as surprising as that might sound). As a trustee with custody of personal health information, Spruce Manor was required under section 17(2) of the Saskatchewan Health Information Protection Act to dispose of its patient records in a way that protected patient privacy. So, when Spruce Manor chose a chicken farm for the job, it found itself the subject of an investigation by the Saskatchewan Information and Privacy Commissioner.  In what is probably one of the least surprising findings ever, the commissioner wrote in his final report that “I recommend that Spruce Manor […] no longer use [a] chicken farm to destroy records”, and then for good measure added “I find using a chicken farm to destroy records unacceptable.”

    (tags: data law privacy funny chickens farming via:pinboard data-protection health medical-records)

Links for 2015-11-09

Published November 9, 2015

  • Caffeine cache adopts Window TinyLfu eviction policy

    ‘Caffeine is a Java 8 rewrite of Guava’s cache. In this version we focused on improving the hit rate by evaluating alternatives to the classic least-recenty-used (LRU) eviction policy. In collaboration with researchers at Israel’s Technion, we developed a new algorithm that matches or exceeds the hit rate of the best alternatives (ARC, LIRS). A paper of our work is being prepared for publication.’ Specifically:

    W-TinyLfu uses a small admission LRU that evicts to a large Segmented LRU if accepted by the TinyLfu admission policy. TinyLfu relies on a frequency sketch to probabilistically estimate the historic usage of an entry. The window allows the policy to have a high hit rate when entries exhibit a high temporal / low frequency access pattern which would otherwise be rejected. The configuration enables the cache to estimate the frequency and recency of an entry with low overhead. This implementation uses a 4-bit CountMinSketch, growing at 8 bytes per cache entry to be accurate. Unlike ARC and LIRS, this policy does not retain non-resident keys.

    (tags: tinylfu caches caching cache-eviction java8 guava caffeine lru count-min sketching algorithms)

  • What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.

    The ever-shitty Java serialization creates a security hole

    (tags: java serialization security exploits jenkins)

  • Gallery – Steffen Dam

    Danish glassware artist making wonderful Wunderkammers — cabinets of curiosities — entirely from glass. Seeing as one of his works sold for UKP50,000 last year, I suspect these are a bit out of my league, sadly

    (tags: art glassware steffen-dam wunderkammers museums)

  • London garden bridge users to have mobile phone signals tracked

    If it goes ahead, people’s progress across the structure would be tracked by monitors detecting the Wi-Fi signals from their phones, which show up the device’s Mac address, or unique identifying code. The Garden Bridge Trust says it will not store any of this data and is only tracking phones to count numbers and prevent overcrowding.

    (tags: london surveillance mobile-phones mac-trackers tracking)

  • Red lines and no-go zones – the coming surveillance debate

    The Anderson Report to the House of Lords in the UK on RIPA introduces a concept of a “red line”:

    “Firm limits must also be written into the law: not merely safeguards, but red lines that may not be crossed.” …    “Some might find comfort in a world in which our every interaction and movement could be recorded, viewed in real time and indefinitely retained for possible future use by the authorities. Crime fighting, security, safety or public health justifications are never hard to find.” [13.19]  The Report then gives examples, such as a perpetual video feed from every room in every house, the police undertaking to view the record only on receipt of a complaint; blanket drone-based surveillance; licensed service providers, required as a condition of the licence to retain within the jurisdiction a complete plain-text version of every communication to be made available to the authorities on request; a constant data feed from vehicles, domestic appliances and health-monitoring personal devices; fitting of facial recognition software to every CCTV camera and the insertion of a location-tracking chip under every individual’s skin. It goes on: “The impact of such powers on the innocent could be mitigated by the usual apparatus of safeguards, regulators and Codes of Practice. But a country constructed on such a basis would surely be intolerable to many of its inhabitants. A state that enjoyed all those powers would be truly totalitarian, even if the authorities had the best interests of its people at heart.” [13.20] …   “The crucial objection is that of principle. Such a society would have gone beyond Bentham’s Panopticon (whose inmates did not know they were being watched) into a world where constant surveillance was a certainty and quiescence the inevitable result. There must surely come a point (though it comes at different places for different people) where the escalation of intrusive powers becomes too high a price to pay for a safer and more law abiding environment.” [13.21]

    (tags: panopticon jeremy-bentham law uk dripa ripa surveillance spying police drones facial-recognition future tracking cctv crime)

  • Dublin is a medium-density city

    Comparable to Copenhagen or Amsterdam, albeit without sufficient cycling/public-transport infrastructural investment

    (tags: infrastructure density housing dublin ireland cities travel commuting cycling)

Links for 2015-11-07

Published November 7, 2015

  • Ignoring ESR won’t do anymore

    I’m tired of this shit. Full stop tired. It’s 2015 and these turds who grope their way around conferences and the like can make allegations like this, get a hand wave and an, “Oh, that’s just crazy Raymond!” Fuck that. Fuck it from here to hell and back. Here’s a man who really hasn’t done anything all that special, is a totally crazy gun-toting misogynist of the highest order and, yet, he remains mostly unchallenged after the tempest dies down, time after time. […] I’m sure ESR will still be haunting conferences when your daughters reach their professional years unless you get serious about outing the assholes like him and making the community a lot less toxic than it is now.?
    Amen to that.

    (tags: esr toxic harassment conferences sexism misogyny culture)

Links for 2015-11-05

Published November 5, 2015

Links for 2015-11-04

Published November 4, 2015

  • PICO-8:

    PICO-8 is a fantasy console for making, sharing and playing tiny games and other computer programs. When you turn it on, the machine greets you with a shell for typing in Lua commands and provides simple built-in tools for creating your own cartridges.
    So cute! See also Voxatron, something similar for voxel-oriented 3D gaming

    (tags: consoles games gaming lua coding retro 2d pico-8)

  • Why Static Website Generators Are The Next Big Thing

    Now _this_ makes me feel old. Alternative title: “why static website generators have been a good idea since WebMake, 15 years ago”. WebMake does pretty well on the checklist of “key features of the modern static website generator”, which are: 1. Templating (check); 2. Markdown support (well, EtText, which predated Markdown by several years); 3. Metadata (check); and 4. Javascript asset pipeline (didn’t support this one, since complex front-end DHTML JS wasn’t really a thing at the turn of the century. But I would have if it had ;). So I guess I was on the right track!

    (tags: web html history webmake static-sites bake-dont-fry site-generators cms)

  • Food Trucks Are Great Incubators. Why Don’t We Have More?

    So is that kind of thriving food-truck scene something the city should work to encourage? Theresa Hernandez, one of the owners of K Chido Mexico, thinks so. “There’s a whole market there for a new culture,” she says. “There’s no doubt about it, the appetite is there. It’s just a matter for somebody who is innovative enough in Dublin City Council to say: ‘Right, let’s do this.’”
    Amen to that.

    (tags: k-chido food-trucks dublin food ireland dcc)

  • wangle/Codel.h at master · facebook/wangle

    Facebook’s open-source implementation of the CoDel queue management algorithm applied to server request-handling capacity in their C++ service bootstrap library, Wangle.

    (tags: wangle facebook codel services capacity reliability queueing)

Links for 2015-11-02

Published November 2, 2015

  • Structural and semantic deficiencies in the systemd architecture for real-world service management, a technical treatise

    Despite its overarching abstractions, it is semantically non-uniform and its complicated transaction and job scheduling heuristics ordered around a dependently networked object system create pathological failure cases with little debugging context that would otherwise not necessarily occur on systems with less layers of indirection. The use of bus APIs complicate communication with the service manager and lead to duplication of the object model for little gain. Further, the unit file options often carry implicit state or are not sufficiently expressive. There is an imbalance with regards to features of an eager service manager and that of a lazy loading service manager, having rusty edge cases of both with non-generic, manager-specific facilities. The approach to logging and the circularly dependent architecture seem to imply that lots of prior art has been ignored or understudied.

    (tags: analysis systemd linux unix ops init critiques software logging)

  • How Facebook avoids failures

    Great paper from Ben Maurer of Facebook in ACM Queue.

    A “move-fast” mentality does not have to be at odds with reliability. To make these philosophies compatible, Facebook’s infrastructure provides safety valves.
    This is full of interesting techniques. * Rapidly deployed configuration changes: Make everybody use a common configuration system; Statically validate configuration changes; Run a canary; Hold on to good configurations; Make it easy to revert. * Hard dependencies on core services: Cache data from core services. Provide hardened APIs. Run fire drills. * Increased latency and resource exhaustion: Controlled Delay (based on the anti-bufferbloat CoDel algorithm — this is really cool); Adaptive LIFO (last-in, first-out) for queue busting; Concurrency Control (essentially a form of circuit breaker). * Tools that Help Diagnose Failures: High-Density Dashboards with Cubism (horizon charts); What just changed? * Learning from Failure: the DERP (!) methodology,

    (tags: ben-maurer facebook reliability algorithms codel circuit-breakers derp failure ops cubism horizon-charts charts dependencies soa microservices uptime deployment configuration change-management)

Links for 2015-11-01

Published November 1, 2015

Links for 2015-10-30

Published October 30, 2015

Links for 2015-10-29

Published October 29, 2015

  • Google tears Symantec a new one on its CA failure

    Symantec are getting a crash course in how to conduct an incident post-mortem to boot:

    More immediately, we are requesting of Symantec that they further update their public incident report with: A post-mortem analysis that details why they did not detect the additional certificates that we found. Details of each of the failures to uphold the relevant Baseline Requirements and EV Guidelines and what they believe the individual root cause was for each failure. We are also requesting that Symantec provide us with a detailed set of steps they will take to correct and prevent each of the identified failures, as well as a timeline for when they expect to complete such work. Symantec may consider this latter information to be confidential and so we are not requesting that this be made public.

    (tags: google symantec ev ssl certificates ca security postmortems ops)

  • Google is Maven Central’s New Best Friend

    google now mirroring Maven Central.

    (tags: google maven maven-central jars hosting java packages build)

  • Apache Kafka, Purgatory, and Hierarchical Timing Wheels

    In the new design, we use Hierarchical Timing Wheels for the timeout timer and DelayQueue of timer buckets to advance the clock on demand. Completed requests are removed from the timer queue immediately with O(1) cost. The buckets remain in the delay queue, however, the number of buckets is bounded. And, in a healthy system, most of the requests are satisfied before timeout, and many of the buckets become empty before pulled out of the delay queue. Thus, the timer should rarely have the buckets of the lower interval. The advantage of this design is that the number of requests in the timer queue is the number of pending requests exactly at any time. This allows us to estimate the number of requests need to be purged. We can avoid unnecessary purge operation of the watcher lists. As the result we achieve a higher scalability in terms of request rate with much better CPU usage.

    (tags: algorithms timers kafka scheduling timing-wheels delayqueue queueing)

Links for 2015-10-28

Published October 28, 2015