Archive for December, 2011

Mission AWS: Complete

Posted in default on December 21st, 2011 at 06:53:39

Yesterday, I finished my first deployment of a real service into AWS.

Along the way, I learned some things:
– Overall, the growth of the Amazon service offering is rapid and huge. I’ve said for a long time that much of the net today runs on software that was pioneered within LiveJournal — I think that what LiveJournal did for the web at large, Amazon is really doing for people who are moving to the cloud. Having things like S3 and EC2 available really changes the entire game as far as these things go, and the rapid growth of their service offering is continuing to change the way a lot of key websites around the world do things.
– This makes it really hard to keep up with everything that Amazon is offering!
– There really isn’t a good ‘medium memory’ sized instance; your next jump after 1.7GB is 7.5GB (at 4x the price). For some people that probably doesn’t matter, but it felt a bit frustrating to me.

Overall, our transition has (so far) gone as well as I could possibly have hoped. Here’s hoping it stays that way. 🙂

Back in Mac

Posted in default on December 15th, 2011 at 02:07:40

Well, not quite yet, but next week.

After using Linux for a month, and being relatively okay with it in general, I have, in the end, decided to go back to Mac — not for any reason related to what I do at home, but simply because using wireless internet in our office on Linux is a gigantic pain in the ass. (Note that using wireless internet on Mac is only *slightly* less of a pain in the ass, but it’s at least usable.)

The various solutions for wireless in the office I work in are:

  • WPA login with certificate stored on secure token — This one might, in theory, be possible to get working under Linux, but it’s not trivial, and not something that I have any knowledge for. Basically, using a Windows based UI, I was able to export a personal cert, which then gets stored on a third party token (where I can’t get the cert back out); I can then use this to authenticate to the wireless. This solution is the best in terms of latency, limited login pain, etc., and breaks less often than the other solutions we have. (Only about once every 2-3 weeks instead of once every 2-3 days.) Practically speaking, this option is Mac or Windows only — and even there, the Mac support is only in a very beta trial. (I may be the only one in the company with it.)
  • Juniper SSL/VPN: There’s a juniper-networks provided SSL/VPN that requires a login through the browser, and is then able to start up a Java client. However, to use it on Linux requires some magic that my particular install doesn’t seem to have, and I haven’t heard particularly good things about its Linux support in general. This option only introduces 120ms of latency to local machines, so it is the best option of the VPN based options.
  • Cisco VPN Client/vpnc: This is the solution that exists in a reasonable form on Linux. This is essentially no worse on Linux than it is on Mac, but it has serious problems if you’re actually moving around an office with limited wireless connectivity in some parts of it: if I move from one conference room to another and hop between Wireless APs, the Cisco VPN/vpnc connection will usually drop, and is not reconnect in any way. (Even worse, unless I’m actively looking at the screen and notice the OSD message, I usually don’t even notice.) This is somewhat exacerbated in Linux by overall somewhat poorer Wireless reception with the particular hardware that I have (“Intel Corporation Ultimate N WiFi Link 5300” in a Dell Precision M2400). It’s possible (even plausible) that other Linux hardware could either get better reception for any number of reasons, or be better at managing transitions between wireless APs (which this model seems to try very hard not to do), but rather than experiment with a dozen different laptops, I’m falling back to what I know.
  • IPSec VPN connection built into OS X: It would be nice if this actually worked as well as the vpnc connection, but this is actually even worse, in my experience, than the vpnc connection: It requires re-passwording every hour (which no other solution that exists seems to, so I assume it’s the client doing something different), doesn’t handle reconnects any better, etc.

Of these solutions #1 and #2 do not appear to work at all on Linux, and the #4 fallback isn’t available on Linux. Given how often these services fall over – as I said, some form of VPN probably falls over on an almost-daily basis – in order to have ‘working’ wireless, I really need to have the largest set of options available to me. Other than this, the only issues I’ve run into on Linux at all are some very minor hardware issues around power management, trackpad drivers, and the size of the laptop I currently have — all of which would likely be fixed by the upgrade to an X220 that I was considering before I decided to go back to Mac.

It will be a bit of a shame to switch back to Mac after being on Linux and actually being able to work locally for a while, but overall, I think I won’t mind it as much as I expected: it seems a lot more of my work is done on remote hosts as of late anyway, since a lot of the data I work with has grown in size by 2-3 orders of magnitude over the past year. Still, I really wish that I could have stuck it out — being one of ‘those people’ using a mac in our office just feels wrong.

News of the Week

Posted in default on December 5th, 2011 at 09:00:22

* Water Pump hacking: A water pump in Illinois was alleged to have been hacked and broken by Russian hackers over the past couple weeks by various news sources, including the BBC. The real story? The tech consultant who helps to maintain the pump was, at the time the pump broke, at a conference in Russia — so when the pump broke, he got a call to look into it, and logged into the control system from… you guessed it, Russia. The pump just burnt out, and tying the ‘attack’ to a Russian IP was just because that’s where the consultant happened to be at the time. (Via On The Media’s Cyber Warfare piece)

* In ‘not news’: Teens are generally more aware of and conscious of their privacy than adults, taking care to limit their postings, limit their friend groups, etc. (Via On The Media)

* Heard an interview with the founder of “Is Anyone Up”, probably the most scummy person I have ever had the ‘pleasure’ of listening to on the radio. “I can do whatever I want with photos people send me, because the law protects me”… and because I have no decency. (Is Anyone Up is a ‘porn/revenge’ site, where anyone can submit nude photos of people, and they’ll be posted along with a Facebook link.) I … yeah. This report made me angry enough to want to turn off the radio, because the guy being interviewed clearly had no positive intentions: “This keeps me in beer money and lets me keep throwing parties, why *wouldn’t* I embarrass people this way?” (Via Revenge Porn’s Latest Frontier)

Just a few clips I thought were interesting that I heard this weekend.

Software Fail: Photo Tagging

Posted in default on December 4th, 2011 at 08:37:38

I use Flickr as my primary image hosting. I like the Flickr UI, I like their tagging, I like pretty much everything about it. However, after years of using Flickr, I got sort of tired of always seeing “Photos of You (2)” on Facebook: The fact that there was some indication that there were no pictures of me always kinda peeved me for no sane/logical reason.

So, a couple years back, I wrote some software that let me copy photos from Flickr to Facebook. Over the years, I had been relatively consistent in tagging my photos with the names of people who were in them, so I was able to map tagged photos on Flickr to people tags on Facebook. There were some limitations to this, of course: flickr tags are whole-photo tags, while Facebook tags are a specific spot in an image. To get around this, I just tag the middle of the photo.

Generally speaking, this works relatively well — it’s certainly not perfect, but it works well enough that I haven’t run into serious problems… until last night, when I uploaded a few pictures of Alicia to Facebook.. and realized that because of how the pictures were taken, every picture was centered on her breasts. It’s a bit weird to visit your daughter’s Facebook profile and find that the person posting suggestive pictures of her on Facebook is… you.

I quickly retagged the photos, and now know to be more careful when uploading pictures of females — with an automated selection of tagging, it’s easy to have… unintended consequences when uploading pictures.

Caturday Hacking

Posted in default on December 3rd, 2011 at 22:19:48

Today, at cjb’s for Caturday Hacking: Uploading photos from Grendel’s last week, and pushing my flickr2facebook scripts for copying photosets from Flickr to Facebook to github so that people could theoretically look at it and possibly re-use it. Though I’m not really convinced that’s very likely, given that apparently I’m using a two-generations old facebook API to do the stuff it does. 🙂