Blog Archive: October 2014
New DxO version
During a discussion on the German Olympus forum, discovered that there's a new version of DxO Optics Pro. Downloaded and tried to start it: We've seen things like that before, so I tried installing on Chris Bahlo's laptop, not helped by the fact that the thing didn't want to know that our DNS has changed since last time I used it. Same thing, so it's not the same as the problem I had last month. Another support request. To my immense surprise, got a response in a little over two hours.
Another NBN outage
Into the office this morning to find us off the net again. And this time it had been for over 9 hours. The NTD showed the same display as last time: the ODU LED was red. So I power cycled it, which got rid of the red LED, but I still didn't get any traffic. Called Aussie Broadband support and spoke to Abraham. No outage known, ticket taken. And I had just hung up when the connection came up again, at 09:19:40, an outage of almost exactly 10 hours. Called again, got connected to Vincent, who must be new. He took considerably longer to log the fact that the net was up again than Abraham did to log the fault in the first place.
2015 speaking gigs: Boston, Pennsylvania, Baltimore
Three new speaking gigs have been announced. January (BBLISA in Cambridge, MA), February (Bucks County, PA), and March (Baltimore-area). See the "see us live" box at the top of http://EverythingSysadmin.com or subscribe to the RSS feed to learn about any new speaking engagements.
2015 speaking gigs: Boston, Pennsylvania, Baltimore
Three new speaking gigs have been announced. January (BBLISA in Cambridge, MA), February (Bucks County, PA), and March (Baltimore-area). The full list is on http://the-cloud-book.com/book-tour.html or subscribe to the RSS feed to learn about any new speaking engagements. The next 3 speaking gigs is always listed on "see us live" box at the top of http://EverythingSysadmin.com.
More DxO pain
Yesterday's sausage photos required processing to square up the trays. DxO Optics Pro didn't make it easy. The first step is to use the rectangle tool to straighten up the sides: The right-hand image shows the original above and the corrected image below. But it has truncated the top! Went back and tried againand it refused to show me the original image, just the truncated version that I wanted to get rid of.
Preparing for return
It has been clear for a while that the laptop/tablet wasn't for me, though it also showed that Microsoft can still offer tablet operating systems a run for their money. So time to return it. And my private data? Daniel O'Connor found the solution for me. It's relatively easy to reset a modern Microsoft box to its factory defaults, though cleaning the disk took a couple of hours. But now I'm confident that none of my personal data remains. ACM only downloads articles once.
Apple Pay and CurrentC
I predict one year from today CurrentC won't be up and running and, in fact, history will show it was just another attempt to stall and prevent any kind of mobile payment system in the U.S. from being a success. I'm not saying that there won't be NFC payment systems, just that they'll be marginalized and virtually usess as a result.
Apple Pay and CurrentC
I predict one year from today CurrentC won't be up and running and, in fact, history will show it was just another attempt to stall and prevent any kind of mobile payment system in the U.S. from being a success. I'm not saying that there won't be NFC payment systems, just that they'll be marginalized and virtually usess as a result.
Security Problems
The Internet is a dangerous place. We have tools to make it safer, but they go unloved and unused; by ordinary people I mean, the ones who arent geeks. How can we fix that? Lets look through some recent evidence; The conclusion is pretty obvious. Two-factor More generally, multi-factor: Sign-in with more than one piece of evidence. You may have noticed that pretty well any bank in the world will give you cash money when presented with a piece of plastic and a 4-digit number. OK, these days the plastic has an embedded chip, but still. Two-factor is great! Put yourself in the bad guys shoes; not only does he have to steal or guess your password, hes got to get his hands on something you carry around.
Ten MOA Faces
On a recent rainy weekend I took my daughter to MOA, the UBC Museum of Anthropology. I think its maybe Vancouvers single best tourist attraction, and we have plenty of those. The shelves are crowded with objects made by the hands of Homo Sapiens and many of those objects are heads. Here are ten of them. This is in the European Ceramics gallery; not usually my favorite bit of MOA. East-European, 17th-century I think. From the really wonderful Without Masks: Contemporary Afro-Cuban Art exhebition, only running till November 2nd. This is part of the monumental The Raven and the First Men by Bill Reid.
Wait, did you mean Wed the 15th or Thu the 16th?
How many times have you seen this happen? Email goes out that mentioned a date like "Wed, Oct 16". Since Oct 16 is a Thursday, not a Wednesday (this year), there is a flurry of email asking, "Did you mean Wed the 15th or Thu the 16th?" A correction goes out but the damage is done. Someone invariantly "misses the update" and shows up a day early or late, or is otherwise inconvenienced. Either way cognitive processing is wasted for anyone involved. The obvious solution is "people should proofread better" but it is a mistake that everyone makes. I see the mistake at least once a month, and sometimes I'm the guilty party.
Wait, did you mean Wed the 15th or Thu the 16th?
How many times have you seen this happen? Email goes out that mentioned a date like "Wed, Oct 16". Since Oct 16 is a Thursday, not a Wednesday (this year), there is a flurry of email asking, "Did you mean Wed the 15th or Thu the 16th?" A correction goes out but the damage is done. Someone invariantly "misses the update" and shows up a day early or late, or is otherwise inconvenienced. Either way cognitive processing is wasted for anyone involved. The obvious solution is "people should proofread better" but it is a mistake that everyone makes. I see the mistake at least once a month, and sometimes I'm the guilty party.
How to make change when handed a $20... and help democracy
If someone owes you $5.35 and hands you a $20 bill, every reader of this blog can easily make change. You have a calculator, a cash register, or you do it in your head. However there is a faster way that I learned when I was 12. Today it is rare to get home delivery of a newspaper, but if you do, you probably pay by credit card directly to the newspaper company. It wasn't always like that. When I was 12 years old I delivered newspapers for The Daily Record. Back then payments were collected by visiting each house every other week.
How to make change when handed a $20... and help democracy
If someone owes you $5.35 and hands you a $20 bill, every reader of this blog can easily make change. You have a calculator, a cash register, or you do it in your head. However there is a faster way that I learned when I was 12. Today it is rare to get home delivery of a newspaper, but if you do, you probably pay by credit card directly to the newspaper company. It wasn't always like that. When I was 12 years old I delivered newspapers for The Daily Record. Back then payments were collected by visiting each house every other week.
Interview with The Geekcast
I sat down at New York Comic-Con with Aaron from The Geekcast podcast for a long, interesting interview (MP3) on a wide variety of subjects about art, computers, games and justice!
Expanding the Cloud ? Introducing the AWS EU (Frankfurt) Region
Today, Amazon Web Services is expanding its worldwide coverage with the launch of a new AWS region in Frankfurt, Germany. This is our 11th infrastructure region and was built to support the strong demand we are seeing in Europe and to give our customers the option to run infrastructure located in Germany.
Expanding the Cloud Introducing the AWS EU (Frankfurt) Region
Today, Amazon Web Services is expanding its worldwide coverage with the launch of a new AWS region in Frankfurt, Germany. This is our 11th infrastructure region and was built to support the strong demand we are seeing in Europe and to give our customers the option to run infrastructure located in Germany. The new Frankfurt region provides low millisecond latencies to major cities in continental Europe and is also run with carbon neutral power. With the launch of the new Frankfurt region customers now also have the ability to architect across multiple regions within the European Union. Many prominent German, and European, customers have been using AWS for quite some time already, including start-ups such as 6Wunderkinder, EyeEm, mytaxi, Onefootball, Soundcloud and Wooga, mid-market companies such as Airport Nuremburg, Euroforum, and Kärcher, and Enterprise companies such as Axel Springer, Hubert Burda Media, Kempinski Hotels, RTL, SAP, Software AG, and Talanx.
Zoom lenses and extension tubes
I've located some automatic extension tubes for my Olympus OM-D E-M1. I've had extension tubes for my Pentax for decades, but they're useless for Olympus lenses, because the lenses don't have a manual diaphragm: it has to be set electrically. And that's what these new tubes promise. One problem is that there are only two tubes, 10 mm and 16 mm. My old Pentax tubes were a set of 3, 11 mm, 20 mm and 30 mm, double as much as the new tubes, and with them you can get a 1:1 magnification with a 50 mm lens set on .
Catching Faces
Point-and-shoot cameras advertise Face Recognition, a cheap trick that a Serious Photographer using a Real Camera with a Fast Prime Lens would never go near. Oh, wait. What happened was At goto; Aarhus the big first-night party was 007-themed, which gave everyone with flashy duds an excuse to wear them. People were looking good and I wanted to take portraits; it was dim in that room, so I was using a prime lens jammed wide-open. Heres what Fujifilm calls Face detection at work. Kresten Krab Thorup, conference organizer, Erjang guy, smart. Nicky Plant, a beauty therapist with secret desireto be a Bond villainess.
Katherine Daniels (@beerops) interviews Tom Limoncelli
Katherine Daniels (known as @beerops on Twitter) interviewed me about the presentations I'll be doing at the upcoming Usenix LISA '14 conference. Check it out: https://www.usenix.org/blog/interview-tom-limoncelli Register soon! Seating in my tutorials is limited!
Katherine Daniels (@beerops) interviews Tom Limoncelli
Katherine Daniels (known as @beerops on Twitter) interviewed me about the presentations I'll be doing at the upcoming Usenix LISA '14 conference. Check it out: https://www.usenix.org/blog/interview-tom-limoncelli Register soon! Seating in my tutorials is limited!
Im coming to Vancouver, Seattle, Portland, SF/Palo Alto!
As the tour with my graphic novel In Real Life draws to a close, my next tour, with my nonfiction book Information Doesn't Want to Be Free kicks off with stops down the west coast. I've also got stops coming up in Warsaw, London, Stockholm, Ann Arbor, Baltimore, DC, and Denver -- here's the whole … [Read more]
See you tomorrow evening at the Denver DevOps Meetup!
Hey Denver folks! Don't forget that tomorrow evening (Tue, Oct 21) I'll be speaking at the Denver DevOps Meetup. It starts at 6:30pm! Hope to see you there! http://www.meetup.com/DenverDevOps/events/213369602/
See you tomorrow evening at the Denver DevOps Meetup!
Hey Denver folks! Don't forget that tomorrow evening (Tue, Oct 21) I'll be speaking at the Denver DevOps Meetup. It starts at 6:30pm! Hope to see you there! http://www.meetup.com/DenverDevOps/events/213369602/
Watching videos the easy way
The last issue of Heise's Digitale Fotografie included a DVD with some videos on that I thought would be worth watching. OK, found the DVD, tried to put it in the DVD drive in eureka. Wouldn't open. Why not? Nothing mounted, but before I had to power cycle the machine, decided to put it in lagoon instead. === root@lagoon (/dev/pts/3) ~ 400 -> mount /cdrom mount_cd9660: /dev/cd0: Invalid argument What's wrong there? Tried in dischord, my Microsoft box, and it mounted with no difficulties. And it showed that it was a UDF file system. That might at least explain the problems with lagoon.
Gamergate and Bullying
Ive been watching the Gamergate brouhaha with sick fascination. We all know the Internets got ugly corners and suddenly the ugliness came out of the corner. I honor the courage of the women whove been standing up to the creeps. But I was kinda puzzled by who the creeps actually are and why theyre so upset; I know lots of heavy gamers and theyre by and large pleasant well-adjusted people. So I went looking for them. [Disclosure: Im not 100% unbiased: I once spent a couple years in online games. Also, I like Android car-racing games. Also, Im an L11 Ingress agent; L12 soon!]
Another Round of Community Data Science Workshops in Seattle
I am helping coordinate three and a half day-long workshops in November for anyone interested in learning how to use programming and data science tools to ask and answer questions about online communities like Wikipedia, free and open source software, Twitter, civic media, etc. This will be a new and improved version of the workshops […]
My CppCon talks
Also, my CppCon talks are all up on the CppCon YouTube channel. You can find them here: Back to the Basics! Essentials of Modern C++ Style: Loops, pointers and references, smart pointers, variable declarations, and parameter passing Lock-Free Programming (or, Juggling Razor Blades), Part 1: Lazy initialization with DCL vs. call_once vs. function local statics, […]
My CppCon talks
Also, my CppCon talks are all up on the CppCon YouTube channel. You can find them here: Back to the Basics! Essentials of Modern C++ Style: Loops, pointers and references, smart pointers, variable declarations, and parameter passing Lock-Free Programming (or, Juggling Razor Blades), Part 1: Lazy initialization with DCL vs. call_once vs. function local statics, […]
New Interview
While we were both at CppCon last month and had cameras around, Brian Overland interviewed me for InformIT. The video just went up a couple of days ago. You can find it here. If you’ve seen my interviews before, the first 14 minutes is stuff you’ve heard before, but I think you’ll find the last […]
New Interview
While we were both at CppCon last month and had cameras around, Brian Overland interviewed me for InformIT. The video just went up a couple of days ago. You can find it here. If you’ve seen my interviews before, the first 14 minutes is stuff you’ve heard before, but I think you’ll find the last […]
Computers anonymous
The lens wasn't the only thing I picked up at Napoleons. There was also a saddle blanket and a small box, also from Queensland. What was it? I wasn't expecting anything like that, and the description on the box just said A GIFT!: Opening it was even more confusing: a Raspberry Pi B+, the latest version, in a plastic enclosure. There was also an SD card with NOOBS on it. And that was all. The only documentation pointed me at http://www.element14.com/community/community/raspberry-pi, a community site.
Friday Squid Blogging: 1,057 Squid T-Shirts
That's a lot. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. And commenting was broken for a couple of days. It's fixed now, I hope....
Vancouver Photowalk
October 11th was World Photowalk Day. I attended the Vancouver edition, which was in a place Id never go looking for pictures; but I got some anyhow. We started at the Convention Centre and walked to Gastown, which is to say through Vancouvers maximal white-hot tourist density, where you dont need to be on a photowalk to be pointing a camera at everything. Which is why normally I wouldnt take my camera there. But you know, going somewhere to take pictures puts your eyes in looking-for-pictures mode. Which isnt my default; I normally lean back in my skull, waiting for something I see to exhort the camera out of the bag.
Usenix LISA early registration discount expires soon!
Register by Mon, October 20 and take advantage of the early bird pricing. I'll be teaching tutorials on managing oncall, team-driven sysadmin tools, upgrading live services and more. Please register soon and save! https://www.usenix.org/conference/lisa14
Usenix LISA early registration discount expires soon!
Register by Mon, October 20 and take advantage of the early bird pricing. I'll be teaching tutorials on managing oncall, team-driven sysadmin tools, upgrading live services and more. Please register soon and save! https://www.usenix.org/conference/lisa14
Hacking a Video Poker Machine
Kevin Poulsen has written an interesting story about two people who successfully exploited a bug in a popular video poker machine....
Using Ashampoo optimizer
Since Ashampoo have broken the optimization function of their Photo Commander version 11, and they haven't responded to my error report, it looks like I'll have to move to Photo Optimizer, which has the same functionality, currently not broken. But it works completely differently. The most amazing thing is the display while it's processing photos: The only thing in focus is a completely useless image suggesting printed photos scattered at random on a cork pinboard.
Results of the PuppetConf 2014 Raffle
If you recall, the fine folks at Puppet Labs gave me a free ticket to PuppetConf 2014 to give away to a reader of this blog. Here's a report from our lucky winner! Conference Report: PuppetConf 2014 by Anastasiia Zhenevskaia You never know when you will be lucky enough to win a ticket to the PuppetConf, one of the greatest conferences of this year. My "moment" happened just 3 weeks before the conference and let me dive into things I've never thought about. Being a person who worked mostly with the front-end development, I was always a little bit scared and puzzled by more complicated things.
Results of the PuppetConf 2014 Raffle
If you recall, the fine folks at Puppet Labs gave me a free ticket to PuppetConf 2014 to give away to a reader of this blog. Here's a report from our lucky winner! Conference Report: PuppetConf 2014 by Anastasiia Zhenevskaia You never know when you will be lucky enough to win a ticket to the PuppetConf, one of the greatest conferences of this year. My "moment" happened just 3 weeks before the conference and let me dive into things I've never thought about. Being a person who worked mostly with the front-end development, I was always a little bit scared and puzzled by more complicated things.
NSA Classification ECI = Exceptionally Controlled Information
ECI is a classification above Top Secret. It's for things that are so sensitive they're basically not written down, like the names of companies whose cryptography has been deliberately weakened by the NSA, or the names of agents who have infiltrated foreign IT companies. As part of the Intercept story on the NSA's using agents to infiltrate foreign companies and...
Tutorial: Evil Genius 101
I'm teaching a tutorial at Usenix LISA called "Evil Genius 101: Subversive Ways to Promote DevOps and Other Big Changes". Whether you are trying to bring "devops culture" to your workplace, or just get approval to purchase a new machine, convincing and influencing people is a big part of a system administrator's time. For the last few years I've been teaching this class called "Evil Genius 101" where I reveal my tricks for understanding people and swaying their opinion. None of these are actually evil, nor do I teach negotiating techniques. I simply list 3-4 techniques I've found successful for each of these situations: talking to executives, talking to managers, talking to coworkers, and talking to users.
DEA Sets Up Fake Facebook Page in Woman's Name
This is a creepy story. A woman has her phone seized by the Drug Enforcement Agency and gives them permission to look at her phone. Without her knowledge or consent, they steal photos off of the phone (the article says they were "racy") and use it to set up a fake Facebook page in her name. The woman sued the...
FOXACID Operations Manual
A few days ago, I saw this tweet: "Just a reminder that it is now *a full year* since Schneier cited it, and the FOXACID ops manual remains unpublished." It's true. The citation is this: According to a top-secret operational procedures manual provided by Edward Snowden, an exploit named Validator might be the default, but the NSA has a variety...
Google image search: improvement needed
What are my mystery flowers? I still have some that I can't identify. But Google images have an image search function. How well does it work? Let's look for this relatively recognizable image: It comes up with no less than 5 direct hits, all of them in this diary or my daily photos page. That's reasonable. But apart from that, none of the images it found looks in the least bit like the original. At least for flowers, it's useless. ACM only downloads articles once.
NBN is here!
A flyer in the dead tree mail today with good news: the National Broadband Network is finally available in Dereel! That's more than 10 months since my service was activated. At first I thought it was Telstra, who so far have been the slowest to report, but no, this is a company called Infinity NBN. What do they have to offer to make up for their tardiness? Nothing obvious. They're more expensive than Aussie Broadband, and it seems you have to commit for at least 12 months. Still, I like their concept of how we live and work in the bush.
Multiple network pain
Lately I've been having dropouts with communication between here and my external web server in Raleigh, NC. Occasionally there'll be a few minutes disconnection, but more often it's just high packet loss. traceroute points at Telstra's net infrastructure on the US West Coast: === grog@eureka (/dev/pts/22) ~ 66 -> traceroute www traceroute to www.lemis.com (208.86.226.86), 64 hops max, 52 byte packets 1 radiation-tower.aussiebb.net (180.150.4.1) 33.162 ms 29.931 ms 30.013 ms 2 gi6-4-19.core1.portmel.aussiebb.net (202.142.143.65) 30.991 ms 39.812 ms 29.972 ms 3 gi0-0-2.bdr1.portmel.aussiebb.net (180.150.0.145) 29.015 ms 29.766 ms 30.009 ms 4 TenGigabitEthernet8-4.lon55.melbourne.telstra.net (165.228.138.149) 31.008 ms 28.842 ms 39.937 ms 5 bundle-ether3-100.exi-core1.melbourne.telstra.net (203.50.80.1) 41.012 ms 43.785 ms 39.967 ms 6 bundle-ether12.chw-core10.sydney.telstra.net (203.50.11.124) 40.974 ms 39.787 ms 41.014 ms 7 Bundle-ether17.oxf-gw2.sydney.telstra.net (203.50.13.70) 38.980 ms 39.800 ms 40.060 ms 8 bundle-ether1.sydo-core01.sydney.reach.com (203.50.13.38) 43.898 ms 36.946 ms 52.957 ms 9 i-0-6-0-6.sydo-core02.bi.telstraglobal.net (202.84.223.38) 46.029 ms i-0-4-0-3.paix-core01.bx.telstraglobal.net (202.84.140.70) 198.774 ...
Ashampoo bug discovered
Yesterday's problems with Ashampoo Photo Commander were clearly worth entering a bug report, so did so today. One of the things they wanted was the build version, sensibly enough. And that was interesting: version 11.1.8 of 10 September 2014. Clearly something they need to fix quickly. ACM only downloads articles once. It's possible that this article has changed since being downloaded, but the only way you can find out is by looking at the original article.
Come hear me speak in Denver next week!
On Tuesday, Oct 21st, I'll be speaking at the Denver DevOps Meetup. It is short notice, but if you happen to be in the area, please come! I'll be talking about the new book and how DevOps principles can make the world a better place. I'll have a copy or two to give away, and special discount codes for everyone. The meeting is at the Craftsy Offices, 999 18th St., Suite 240, Denver, CO. For more information and to RSVP, please go to http://www.meetup.com/DenverDevOps/events/213369602/
Tutorial: How To Not Get Paged
Step 1: turn off your pager. Step 2: disable the monitoring system. Or.... you can run oncall using modern methodologies that constantly improve the reliability of your system. I'm teaching a tutorial at Usenix LISA called "How To Not Get Paged: Managing Oncall to Reduce Outages". I'm excited about this class because I'm going to explain a lot of the things I learned at Google about how to turn oncall from a PITA to a productive use of time that improves the reliability of the systems you run. Most of the material is from our new book, The Practice of Cloud System Administration, but the Q&A always leads me to say things I couldn't put in print.
Surveillance in Schools
This essay, "Grooming students for a lifetime of surveillance," talks about the general trends in student surveillance. Related: essay on the need for student privacy in online learning....
Investigating GPS navigators
I've given up hope of finding a usable Android GPS navigation app, so I'll probably buy a new GPS navigator. But why stick with the el cheapo navigators? I can afford a Big Name one. Spent some time looking around the web, and found that Garmin has some that don't look bad. But how easy are they to use? Watched a number of eBay clips, none of which really answered my questions. The biggest is: how accurate are the maps? While I was at JB HiFi, looked for their GPS navigators. Mounted vertically on a column. Yes, there's power to them, and you can try them out if you don't mind kneeling in the aisle to do so.
Interview on SpiceWorks.com: Demystifying DevOps with Tom Limoncelli
Holly from SpiceWorks interviewed me while I was in Austin for the SpiceWorld '14 conference. We talked about DevOps from the SMB "IT guy" perspective, Lord of the Rings, Chef vs. Puppet, and my secret desire start a podcast what would be "the Stephen Colbert of DevOps." The interview has been published on their community website: Demystifying DevOps: Q&A with Tom Limoncelli Enjoy!
Tutorial: Live Upgrades on Running Systems
I'm teaching a tutorial at Usenix LISA called "Live Upgrades on Running Systems: 8 Ways to Upgrade a Running Service With Zero Downtime". Ever notice that Google, Facebook and other website aren't down periodically for software upgrades? That's because they're upgrading software on their service while it is live. As a result, they can push new features continuously. In this tutorial I'll describe 8 techniques they use... and so can you. Oh, and here's a secret: I'll have a 9th way to upgrade software... but it requires down-time. That said, it might not require down-time that is visible to users! I'm excited about this tutorial because it covers a lot of the unique topics we cover in The Practice of Cloud System Administration that I haven't talked about publicly before.
How James Bamford Came to Write The Puzzle Palace
Interesting essay about James Bamford and his efforts to publish The Puzzle Palace over the NSA's objections. Required reading for those who think the NSA's excesses are somehow new....
Ashampoo problems
I've been postprocessing my photos with Ashampoo Photo Optimizer on a regular basis for over 6 years, and it's good enough that I actually bought another package from them, Photo Commander, which does other stuff as well. Only in the course of time did I discover that the other stuff isn't worth it, and that the GUI makes normal optimization more difficult. But now it seems to be suffering from bit rot. Lately all the optimized images have had a distinctly brown tinge to them. Here before and after. How did that happen? To investigate, downloaded a trial version of the current Optimizer and tried again.
Making Android Crypto-friendly
Google could tweak Android, in a pretty simple way, and make it immensely easier for anyone, not just geeks, to do cryptography with a nice user experience. All the pieces are there ready to go. [Note: I posted this first over on Google+ because I was trying to reach the Android group, and theres some useful discussion. But I thought I should replicate it here where I can stretch out a bit and show examples. Some of the material here assumes you know Android-API basics.] If you look at my screencasts showing off sending and receiving an encrypted message using the OpenKeychain Android app, youll notice they share an irritant: The stupid useless-to-humans encrypted text is visible; it looks like this: -----BEGIN PGP MESSAGE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org hQIMAwkuBalYH40qAQ/+J5NzcRNBdhcfipIzDal4cFEgvtfjFLvrEHMaWZn51h5m EceX+ittkZNwOsDcTacyp2dnIzduqjShFN9Um7eLdkc1G1zENyyvasreB5G2IIMn IRBCBxPC0nfnFpk+M/KrUCU3yl3oiBebtSwbIKhXsO9ujcWWp5x8uOfM4NcROKVa HibbtE6YI+t0oZc9+BvidkiCQIZnwbG7Vojg8cNgXQXaFHLYsIS5dXQwVcfG5g4P fI8qTcFtWNe6x4C3gE25Ztt5xim9JGOrYDpP1jy3FOKfVv7kp9qSz3+69cEFZLG3 1J7hznY4HxHiv0J+TtNtZvPNPs1zq4KDwtZxPA7/qCsayFYBGF2ivw6d6kPOuZZV E0kMHfSVSygSIkd2FAeLfVWCdPQaWvJr/diahu0+B1Bg6xmt7uqPccaiZ043Kmf3 q/KLADE5e9FDLVs6rOSfwnR7szDUxCUWQBxCzLTH6aZKQSzf3LG/nJkSUOrWUXiO eHRcujIgjsXDRS8KyVCLMdpcd4za3ndcGxcHbH8eIEik1GjmyoxMYRxIAOw7Cqj0 STLFqHmB0pXKhx23iUrKC0+ivAOVpMEtbjWxeEE1HkV8u5sNkA9d4OHyjuoMLpaW aa0rsD6LTRF2lsEMtSM5WBHbeplMYinv7fPnFGjM19flc5loFX6SuhnfUxOJ5D3S SQFdX9omfQWrmGnI/8zv9/z4zkRswv0pD6qGepFaTrcFTieHnnieYogH7E3/n0eW UIFZkbw/3thlwZ4b6uwDro/26y5ovCayB80= =9CtG -----END PGP ...
Where's my mail?
Yvonne told me today that various people have complained (on Facebook, of course), that they haven't received mail from her. On checking, yes, indeed: after upgrading lagoon I had forgotten to configure postfix, and she had mail backed up for days. Why didn't she notice earlier? And are there other misconfigurations lurking somewhere? ACM only downloads articles once. It's possible that this article has changed since being downloaded, but the only way you can find out is by looking at the original article.
NSA Has Undercover Operatives in Foreign Companies
The latest Intercept article on the Snowden NSA documents talks about their undercover operatives working in foreign companies. There are no specifics, although the countries China, Germany, and South Korea are mentioned. It's also hard to tell if the NSA has undercover operatives working in companies in those countries, or has undercover contractors visiting those companies. The document is dated...
Tutorial: Work Like a Team, not a group of individuals
I'm teaching a tutorial at Usenix LISA called "Work Like a Team: Best Practices for Team Coordination and Collaborations So You Aren't Acting Like a Group of Individuals". I'm excited about this class because I'm going to demo a lot of the Google Apps tricks I've accumulated over the years, and combine them with stories about successes (and failures) related to bringing teams together to work on projects. I also get to explain a lot of DevOps culture in ways that make sense to non-DevOps shops (mostly stuff I've been advocating for since before "devops" was a thing). A lot of the material will overlap with our new book, The Practice of Cloud System Administration.
Friday Squid Blogging: Flash-Fried Squid Recipe
Recipe from Tom Douglas. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
Online Activism and the Computer Fraud and Abuse Act
Good essay by Molly Sauter: basically, there is no legal avenue for activism and protest on the Internet. Also note Sauter's new book, The Coming Swarm....
Is TPOCSA a DevOps book?
Quoting from a community forum post on SpiceWorks: It doesn't have "DevOps" in the name, but the new The Practice of Cloud System Administration ... covers a lot of the same concepts, more as "here's some things that have emerged as best practices in the modern world of system administration." Textbook-thick but destined to be a classic like his previous The Practice of System and Network Administration. Thanks to Ernest Mueller for the kind words!
Calling all students and women!
Apply now for a grant to attend LISA14. Submissions are due by Monday, October 13. https://www.usenix.org/conference/lisa14/students-and-grants Are you a student? There are grants available for the general conference and the tutorial program. Are you a woman? As part of its ongoing commitment to encourage women to excel in this field, Usenix is pleased to announce the return of the Google Grants for Women to support female computer scientists interested in attending the LISA14 conference. All female computer scientists from academia or industry are encouraged to apply. Applications are due by October 13. https://www.usenix.org/conference/lisa14/students-and-grants
Dynamic Encryption for Voice
This article reads like snake oil. But the company was founded by Lars Knudsen, so it can't possibly be. I'm curious....
Photo processing problems
Yvonne came to me with a problem processing her photos. The contact print page showed the image names, but not the images themselves. Looking at her screen, I saw: === yvonne@lagoon (/dev/pts/1) ~/Photos/20141004 10 -> make contacts Converting PA042709.jpg to /home/yvonne/public_html/localtmp/contacts/20141004/PA042709.jpg /Photos/Tools/mkcontacts: line 179: [: : integer expression expected Converting PA042710.jpg to /home/yvonne/public_html/localtmp/contacts/20141004/PA042710.jpg /Photos/Tools/mkcontacts: line 179: [: : integer expression expected OK, a bug in my mkcontacts script? Took a look, added some debugging echos, and finally discovered that identify (another of these namespace-polluting programs that come with ImageMagick) was dying with an illegal instruction exception and not even mentioning it on the screen.
Android: Give up?
On IRC today, Peter Jeremy mentioned Google Drive. What's that? To quote: <peter> groggy: It's also the green/gold/blue triangle on your Android tablet. OK, I'll bite. Where? I suppose some Android tablets do display them, but if mine does, it's very discreet about it. Looking around, though, I found a tulip at top left: That proved to be a microphone symbol. Touched it and got a voice non-recognition service that competes with the best of them.
Theres no back door that only works for good guys
My latest Guardian column, Crypto wars redux: why the FBI's desire to unlock your private life must be resisted, explains why the US government's push to mandate insecure back-doors in all our devices is such a terrible idea -- the antithesis of "cyber-security." As outgoing Attorney General Eric Holder invokes child kidnappers and terrorists, it's … [Read more]
Android GPS: Give up?
My old GPS navigator (only three years old) has worn-out batteries. How do I repair it? No idea. But then, I don't need a dedicated navigator, right? My Android tablet can do that too. Well, it could, and better, if I could find a useful app to do it. Tried again with GPS Navgiation & Maps - light, which is apparently a trial version of GPS Navgiation & Maps, which costs $1. Once again an app that seems to be completely useless. Like OsnAnd, it's based on OpenStreetMap, which is completely inadequate in our area. And once again the functionality appears to be minimal.
USB Cufflinks
Just the thing for smuggling data out of secure locations....
Concerning PICC
Today, Wednesday, October 8, 2014, we, Matt Simmons and Thomas Limoncelli, resigned from the board of Professional IT Community Conferences, Inc. also known as "PICC". PICC is the New Jersey non-profit business entity that has backed LOPSA-East and Cascadia since 2011. Those two conferences should be unaffected as it was already agreed that they would find new organization(s) to work with for their 2015 conferences. As of June 10, 2014, PICC, Inc. had voted to and was in the process of being dissolved. However we feel this process has become impossible due to the remaining board member's foot-dragging and at times outright deceptive actions.
BadUSB Code Has Been Published
In July, I wrote about an unpatchable USB vulnerability called BadUSB. Code for the vulnerability has been published....
Document Model Support in DynamoDB: Flexibility, Availability, Performance, and Scale...Together at last
Today, I?m thrilled to announce several major features that significantly enhance the development experience on DynamoDB. We are introducing native support for document model like JSON into DynamoDB, the ability to add / remove global secondary indexes, adding more flexible scaling options, and increasing the item size limit to 400KB. These improvements have been sought by many applications developers, and we are happy to be bringing them to you.
I'm coming to Europe in November!
I'm honored to be a keynote at NLUUG's Autumn Conference, 20-Nov-2014, in The Netherlands. I don't get to Europe often, so this may be the last chance to see me there for a while. I'm also trying to arrange a book-signing while I'm there. For more info, visit https://www.nluug.nl/events/nj14/ Register now! Registration is limited! Even though the registration page is in Dutch, the talk will be in English. Google translate is your friend.
Document Model Support in DynamoDB: Flexibility, Availability, Performance, and Scale...Together at last
Today, Im thrilled to announce several major features that significantly enhance the development experience on DynamoDB. We are introducing native support for document model like JSON into DynamoDB, the ability to add / remove global secondary indexes, adding more flexible scaling options, and increasing the item size limit to 400KB. These improvements have been sought by many applications developers, and we are happy to be bringing them to you. The best part is that we are also significantly expanding the free tier many of you already enjoy by increasing the storage to 25 GB and throughput to 200 million requests per month.
Completing the move to Victoria
Seven years ago I moved from South Australia to Victoria, and currently I'm planning the next move. But as Jürgen Lock pointed out, I haven't completely finished the move here: === grog@eureka (/dev/pts/1) ~ 3 -> finger [email protected] Login: grog Name: Greg Lehey Directory: /home/grog Shell: /usr/local/bin/bash Office: Echunga South Australia Office Phone: +61-8-8388-8286 Home Phone: +61-8-8388-8250 Why does finger still show the old address and phone number?
Tom speaking at NYC DevOps meetup Wednesday!
I'll be the speaker at the Wed, October 8th meeting of the NYCDEVOPS Meetup which meets (I kid you not) at the office of MeetUp, Inc. in New York City. I'll be talking about our new book, The Practice of Cloud System Administration. For more info: http://www.meetup.com/nycdevops/events/208856642/
Data and Goliath Is Finished
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World is finished. I submitted it to my publisher, Norton, this morning. In a few weeks, I'll get the copyedited manuscript back, and a few weeks after that, it'll go into production. Stacks of printed books will come out the other end in February, and the book...
Reinstalling SML
A few days ago I reinstalled smlnj on lagoon, my (finally!) up-to-date FreeBSD box, for a programming language course I'm doing. And that went much more smoothly than before. But that's not all the software I needed. For Emacs I needed the sml-mode package. That wasn't as smooth: === root@eureka (/dev/pts/15) /usr/ports/lang/sml-mode.el 156 -> make install ===> sml-mode-3.9.5_5 is marked as broken: Not staged.. *** [install] Error code 1 Stop in /home/src/FreeBSD/svn/ports/lang/sml-mode.el.
Is Encrypting Phones OK?
Starting now, more and more phones will have their data encrypted, so nobody but the phones owner can peek. Apple just started and Androids following suit. Now we hear howls of outrage from government officials claiming this will protect criminals, doom victims, and so on. But theyre completely wrong. The pushback A particularly shrill shriek came from former FBI Assistant Director Ronald T. Hosko in the Washington Post. I could disagree with him here, but instead Ill point you at the essential Marcy Wheeler; in Former FBI Assistant Director Makes a Compelling Case to Eliminate the Corporation she pretty well reduces him to quivering blobs of protoplasm.
iPhone Encryption and the Return of the Crypto Wars
Last week Apple announced that it is closing a serious security vulnerability in the iPhone. It used to be that the phone's encryption only protected a small amount of the data, and Apple had the ability to bypass security on the rest of it. From now on, all the phone's data is protected. It can no longer be accessed by...
Recovering Cryogenic Refrigeration Energy
Waste heat reclamation in datacenters has long been viewed as hard because the heat released is low grade. What this means is that rather than having a great concentration of heat, it is instead spread out and, in fact, only warm. The more concentrated the heat, the easier it is to use. In fact, that is exactly how many power plants work. When the temperature of the cooling medium is several orders of magnitude cooler than burning fuels such LNG, Petroleum, or Coal, extracting useful energy becomes challenging. However, data center heat reclamation si clearly a problem well worth solving since just about 100% of the power that enters each facility is released as heat into the environment.
Recovering Cryogenic Refrigeration Energy
Waste heat reclamation in datacenters has long been viewed as hard because the heat released is low grade. What this means is that rather than having a great concentration of heat, it is instead spread out and, in fact, only warm. The more concentrated the heat, the easier it is to use. In fact, that...
Kathys Gone Again
I mean Kathy Sierra, on the Web at seriouspony.com, in Wikipedia, and formerly on Twitter; but as of now @SeriousPony is gone. Heres why. Over the years shes had loads of smart, eloquent things to say about Java and tech education and community-building and, in general, Life Online. Recently, Ive been entranced by the awesome Icelandic-pony pix that used to be on that tweetstream. So Im sad. There was a kerfuffle on Twitter saying Kathy had been forced offline by misogynist trolls. Which would be shocking, because its happened before, her primary attacker back then being Weev, always a troll, now with a brand-new Swastika tattoo.
Mitchells Marinus Books
Mitchell as in David Mitchell who wrote Cloud Atlas. Books as in The Thousand Autumns of Jacob de Zoet and The Bone Clocks, which Ive spent an unreasonable number of hours reading this last month. Marinus is a character in both. They are huge, beautifully written novels that will take you places you never could imagine and introduce you to people youll never forget. Theyre also kind of flawed and sloppy; but youll have a hard time finding a better read among recent publications. Thousand Autumns Its the turn of the nineteenth century in Dejima, the Dutch trading-post in Nagasaki harbor that Imperial Japan just barely tolerated for a couple of hundred years starting in 1643.
Use our software!
Participating in an online survey today, was rejected for a strange reason: OK, I'll bite. If it's not a PC, a Mac, a tablet, a smart phone or a netbook, what is it that they think I'm running? Restarted running Microsoft, and that seemed to be OK, but the survey software was so broken that I had to give up in the end. ACM only downloads articles once.
More tablet thoughts
Somehow I've opened a can of worms with this Medion ¥ tablet. It's getting me thinking about issues that hadn't previously interested me. But the more I look at it, the more problems crop up. Andy Snow read my article comparing Microsoft and Android, and came up with a couple of comments. Firstly, he pointed out that I wasn't comparing Microsoft and Android at all, just the specific tablets I had. Correct, and I've changed the article to make that clearer. More interestingly, though, he showed me a way to stop an Android process without going through the force stop procedure: click on the double rectangle icon, which displays all apps except the current one, and swipe the icon to one side.
Friday Squid Blogging: Squid Burger
McDonald's has a Halloween-themed burger with a squid-ink bun. Only in Japan. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
Lake Leaves
Herewith two pictures of leafy branches dipping into Sankt Jørgens Sø, one of what in English are called The Lakes in Copenhagen. This is at the northeast, near where Vester Søgade crosses Gyldenløvesgade. (OK, I admit it, I love typing Ø even though I cant pronounce it). The two pictures are almost identical, and to be honest werent that interesting the way they came out of the camera. But I decided to try injecting postprocessing drama and enjoyed what I got. You have to look pretty closely to tell which of the leaves and branches are seen in reflection. Heres the other treatment; admittedly a little extreme.
Cleaning Up Stack Exchange's Puppet Environment
Shane Madden, a coworker of mine, recently re-engineered our Stack Exchange's Puppet environment. It is now full of win. Read about it here: http://shanemadden.net/stackexchange-puppet-cleanup.html
Why women leave tech... because they have good taste
Fortune Magazine published an article called Why women leave tech: It's the culture, not because 'math is hard' TL;DR version: We treat them like shit and are surprised when they leave. So, basically women leave tech because they have self-respect. Good for them. Shame on our industry. A few weeks ago I suggested that there aren't many women in tech because "women have good taste". Every woman that I've said this to has agreed... or at least laughed. However it is an uncomfortable laugh. A laugh that indicates that it is something we all know, but don't know how to talk about.
William Binney Explains NSA Surveillance Using Snowden's Documents
Former NSA employee -- not technical director, as the link says -- explains how NSA bulk surveillance works, using some of the Snowden documents. Very interesting....
Upgrading lagoon, day 2
Upgrading lagoon, Yvonne's computer, had the usual hiccups, but things haven't been too bad. The good news is: === root@lagoon (/dev/pts/3) ~ 60 -> pkg install smlnj Updating FreeBSD repository catalogue... FreeBSD repository is up-to-date. All repositories are up-to-date. The following 1 packages will be affected (of 0 checked): New packages to be INSTALLED: smlnj: 110.76_1 The process will require 34 MB more space. 7 MB to be downloaded. Proceed with this action? [y/N]: y Fetching smlnj-110.76_1.txz: 100% 7 MB 692.2k/s 00:11 Checking integrity... done (0 conflicting) [1/1] Installing smlnj-110.76_1: 100% === root@lagoon (/dev/pts/3) ~ 61 -> sml Standard ML of New Jersey v110.76 [built: Wed Sep 10 09:31:40 2014] - ^D === root@lagoon (/dev/pts/3) ~ 62 -> That seems normal enough, but this time last year I had ...
Microsoft tablet experience
One of the last things for which I still found Android useful was playing streaming audio from the web. As I have discovered, Android apps can do this, but badly. How about Microsoft? Select http://www.radioswissclassic.ch/live/aacp.m3u in firefox, and it Just Works. Of course, without a connection to my Bluetooth adapter, it plays on the internal tinny loudspeakers (which, however, aren't quite as tinny as on my Android tablet). Still, the thing has Bluetooth support. Just associate it and we should be OK, right? Ah, but this is Microsoft. Go to Control Panel and select Add a device. Off it goes, finds the device, and starts installing a driver.
Mac + Android = Screencast
If you want to show off your Android goodies and you have a Mac, its absurdly easy to make a decent-quality screencast; the tooling will cost you $29.99. I made a couple for my recent Open Keychain 3 piece; you can see them on YouTube, Sending a message with OpenKeychain and Receiving a message with OpenKeychain. If you need better production values than that, stop reading now and go elsewhere. Tl;dr (for experts) Buy QuickTime Pro from Apple. Grab the screen with adb shell screenrecord and the audio with QuickTime. Use QuickTime 7s Edit/Add to Movie thing to paste the audio onto the video.
The NSA's Private Cloud
The NSA is building a private cloud with its own security features: As a result, the agency can now track every instance of every individual accessing what is in some cases a single word or name in a file. This includes when it arrived, who can access it, who did access it, downloaded it, copied it, printed it, forwarded it,...
Microsoft tablet
Yvonne came back from shopping with a Medion ¥ tablet (or is that a laptop?) running Microsoft Windows 8.1, that was on special at ALDI today. Physically it's a very big tablet (11.6") with a docking station. That's rather like what I mused about three years ago. But what do I want with a Windows device? I was driven to it by Android. At least with Microsoft you have access to normal software, even if the implementation is dubious. But with Android you don't. I went through the first year's experience with Android a month ago. Here's how things compare: Normal computer functionality, including word processing, web browsing, social networking and all those things you used to need a computer for.
System upgrade: doing it
It's been nearly 10 months since I bought new hardware for eureka and started my upgrade to FreeBSD release 10. And it's still not done! Part of the problem was the migration to pkgng, which was somewhat rocky, but which now seems to work. And then there's my fear of painting myself into a corner and not having a machine to work with. But I'm coming up to my second time round the Coursera course on programming languages, and I need to run smlnj. And I could no longer find that on eureka. eureka is running 9.2-STABLE, and it's impractical to upgrade anything on it any more.
Firechat
Firechat is a secure wireless peer-to-peer chat app: Firechat is theoretically resistant to the kind of centralized surveillance that the Chinese government (as well as western states, especially the US and the UK) is infamous for. Phones connect directly to one another, establish encrypted connections, and transact without sending messages to servers where they can be sniffed and possibly decoded....
Nine of Denmark
I spent a week in Denmark, doing conferences and of course taking pictures. Its not the most visually dramatic place but you can find good shots anywhere when youre in tourist mode with fresh eyes. Its really hard to arrive in Copenhagen without going through the Central Station, which is very efficient. Its not a standout among Europes steel-and-glass train temples, but theyre all fun to look at. The city is kinda flat and grey and sensible; but theres water everywhere and you gotta love that. The goto; conference ran twice; Thursday-Friday in Copenhagen and then Monday-Tuesday in Aarhus; more or less the same speakers.
OpenKeychain 3
Release 3.0 of the OpenKeychain Android app is out today. Im super-proud to have been a (minor) contributor. Its getting pretty slick, if I say so myself; maybe almost civilian-ready. Read on for an explanation, with screencasts and geek notes too! What it does Your mobile device comes with a lot of different ways to exchange messages with other people over the Net. OpenKeychain can do three things: Encrypt the messages, so only the The Right Person can read them. Sign them, so that The Right Person knows who sent them. Decrypt them for The Right Person to read, while checking the signature.
Tom on DevOps Cafe Podcast
I'm excited to announce that I'm interviewed on the new episode of DevOps Cafe. We talk about the history of system administration leading up to DevOps, recent changes, how the Usenix LISA conference has changed this year, and more.
Apple's livesteam outage was easily preventable: here's how!
The live stream of Apple's announcement of the Apple Watch was marred by technical problems. Users saw messages about "could not load movie" and "you don't have permission to access". As we read Dan Rayburn's excellent technical analysis of what went wrong, we couldn't help but think how easily preventable their problems were. The problem was that Apple introduced a new feature that had unknown resource requirements and (oops!) they didn't have enough resources. For example, suppose a thousand website visitors requires a certain number of computers (resources) to serve the website. Some websites are "heavier" and require the same work to be spread over more computers, others require fewer resources per thousand users.
Security Theater in China
The Chinese government checked ten thousand pigeons for "dangerous materials." Because fear....