Geoff Arnold

I’ve been at the OpenStack Summit in Portland, OR this week. I’ve posted a couple of blog pieces on the topic of interoperability and governance over at my other blog.

I wound up getting an Apple MacBook Pro Retina 13-inch, 2.6GHz Core i5, 8GB RAM, 256GB SSD. Half a dozen of my colleagues had chosen the 13″ rMBP with various sizes of SSD, and it feels like the perfect compromise between power and weight. Normally I’d have bought an extra power supply, but since I have several perfectly serviceable spares, I saved a little money by picking up a MagSafe to MagSafe 2 Converter.

My first tasks when I got home were to upgrade to OS X 10.8.3 (it shipped with 10.8.2) and install Microsoft Office. In the past, this was an expensive and niggling procedure, picking just the right version to get the features I wanted. But Office 365 has made all that a thing of the past. $99 a year lets me install pretty much everything I need on up to five of my machines – Windows or Mac. I added Microsoft Lync and a Citrix Web Client, turned on FileVault, and I’m good to go.

I few weeks ago I started work at Vyatta, which had been recently acquired by Brocade. On my first day, I was handed a Brocade corporate laptop. It’s a Dell: 13″ screen, 4GB, 128GB SSD, Windows 7. As corporate laptops go, it’s perfectly nice, but I’ve been a Mac user for many years now, and Windows Just. Feels. Wrong. The first time I tried to send a reply to a meeting invitation in Outlook and found that I couldn’t navigate back to look at another email message, I realized that (a) Outlook still had many of the bugs we first encountered 15 years ago, and (b) I was damned if I was going to use that crap to run my work.

As I wandered around Vyatta and Brocade, I noticed many MacBooks in use. Apparently many others felt the same way that I did. As an experiment, I configured my personal MacBook Air as a work machine – (guest) wireless network, Exchange, Lync for IM, Office, etc. – and apart from a few corporate functions it all seemed to work just fine. However, as a matter of policy I don’t want to mix work and personal stuff – certificates, passwords, email, browser settings – on one machine. So I’m planning to go out and get myself a MacBook for dedicated work use, and I would like some help in making the choice. (And yes, I’ll keep the Dell laptop, chained to my desk, for those occasions when I need to log in to Oracle or other corporate systems.)

Weight is important. Today I love my 11-inch MacBook Air: it’s as light as a feather. On the other hand, putting together a complicated PowerPoint or Keynote presentation is challenging on such a small screen. And power is also important: I want enough RAM and CPU to run DevStack or CloudStack under VirtualBox. And of course I don’t want to spend too much…

So the choices seem to be:

• MacBook Air: 13-inch screen, 2.0GHz Dual Core i7, 8GB RAM, 256GB SSD, 2.96 lbs. – $1,599
• MacBook Pro: 13-inch Retina screen, 2.9GHz Dual Core i7, 8GB RAM, 128GB SSD, 3.57 lbs. – $1,699
• MacBook Pro: 15-inch Retina screen, 2.4GHz Quad Core i7, 8GB RAM, 256GB SSD, 4.46 lbs. – $2,199

There are pros and cons for each. Reviews are all over the map. Thoughts?

I’m pretty much out of ports on my TV. I’ve got a Motorola set-top box/DVR from ComcastXfinity (a crappy early model with hardly any disk space), a PlayStation 3, an Apple TV, and a Roku 2XS. I need the ATV for AirPlay from my iPad or MacBook Air, plus YouTube; I need the Roku because I watch a lot of Amazon streaming video. I can get Netflix and Hulu on any of the devices. For recent pay-per-view movies, I prefer Amazon to the alternatives (Comcast or Apple), simply because of price and variety. I’d love to dump one of these devices, which would have to be the Roku, but that would mean using the PS3 for Amazon Video, and the PS3 UI is utter crap.

So I’m stuck with this device setup. Unfortunately the Roku 2XS has been a disaster. I bought it 18 months ago to replace an original Roku which had fried, and it’s always been glitchy. It becomes catatonic about once a week, requiring a power cycle to fix it. But this evening the power cycle failed to produce the normal startup screen of bouncing purple letters. I unplugged and replugged it a couple of times, then tried a factory reset by sticking a paperclip in the “reset” hole for the officially-recommended 15 seconds (and then some). Nothing.

In frustration I grabbed my MBA and started to browse reviews on Amazon.com, looking for alternatives to the Roku. About 15 minutes later, the Roku 2XS suddenly came to life, and displayed a white (not purple) logo. I re-paired the remote, configured the Roku and all of my services (really strong passwords are great until you have to enter them repeatedly using an on-screen keyboard!), and I was back in business.

That weird 15 minute delay suggests to me that the Roku 2XS has some kind of hardware problem, probably heat-sensitive. Since it only has a 90-day warranty (what kind of nonsense is that?), I’m going to have to replace it. I wish I could find another device which would do the job, but I guess I’ll be going for a Roku 3. Hopefully we’ll be getting an official YouTube app for it soon.

The tl;dr version: Arguably all interesting advances in computer science and software engineering occur when a resource that was previously scarce or expensive becomes cheap and plentiful.

The longer version:

This particular thought was provoked by a series of exchanges on blogs and in Twitter yesterday. It started with a piece at Information Week in which Joe Emison bemoaned the fact that Netflix was holding back progress in cloud computing. The Clouderati jumped all over this, and Adrian put together a detailed response which he also posted to his blog. By the time I got around to responding, IW had closed comments on the original piece, and so I followed up on Adrian’s blog.

Joe’s criticism was based on two points:

Netflix’s cloud architecture[...] is fundamentally (a) so intertwined with AWS as to be essentially inseparable, and (b) significantly behind the best *general* open options for configuration management and orchestration.

Point (a) is pretty silly: Netflix is a business, not a charity. Of course they’re going to work with the best of breed. But it was Joe’s second point that really bugged me. I responded (and here’s where the “Thought for the day” comes in):

Amazon and Netflix are dramatically ahead of the curve, not behind it. The configuration management pattern you seem to prefer – just-in-time customization using Chef or Puppet – was pretty old school when Sun acquired CenterRun and built out N1 and Grid Engine. It’s incredibly inefficient compared with early-bound EBS-backed AMIs.

Arguably all interesting advances in computer science and software engineering occur when a resource that was previously scarce or expensive becomes cheap and plentiful. We’ve seen it with graphical user interfaces, interpreted languages, distributed storage, and SOA. Traditional late-bound configuration management treats machine images and VM instances as expensive; AWS and Netflix invite you to imagine the possibilities if they’re effectively free. Welcome to the real Cloud 2.0…

In a subsequent Twitter exchange, I said:

@adrianco We used to talk about “specific excess MIPS” driving change. Now it’s “specific excess VMs”

… to which Adrian replied:

@geoffarnold with SSD excess IOPS can be used in interesting ways

I’m composing this while surrounded by Ethernet cables, sitting on the (raised) floor of the Layer 42 colo in Mountain View. This is the new home of the box (grommit) that hosts email, blogs, and various stuff for me, friends and family. Steve Lau and I (but mostly Steve) are working to sort out the kinks that are introduced by changing the IP addresses of the various zones running in this OpenSolaris server. As always, DNS propagation means that cause and effect are temporally vague, but eventual consistency is being achieved.

I spent several hours today disinfecting my other website (Speaking of Clouds, also reachable as GeoffArnoldConsulting.com) after a WordPress hack attack. As is often the case, I was saved by the incompetence of the hackers, who had modified my .htaccess files in such a way that it created an infinite redirection loop. (Hint: you’re not going to get far if your URL begins with “htttp:”.) This loop meant that the site became inaccessible, which was immediately noticed by Montastic, the service I use to monitor all of my sites. (Highly recommended.)

Unlike this blog, Speaking of Clouds is hosted at DreamHost. This is not particularly significant: DreamHost has always provided excellent service, and their customer service guys were immediately responsive when I contacted them. However I’m running on a multiuser system, rather than in my own virtual machine or zone, which meant that certain diagnostic and troubleshooting tools weren’t available. I couldn’t restart the Apache process, or compare logs across multiple websites.

The eventual cleanup was relatively straightforward. Ssh in to the host. Take a recursive listing of the entire filespace, so that I could tell what was changed when. Back up everything. Examine logs. Clean up all of the .htaccess files. Change the keys. Log in to the dashboard. Reinstall WordPress 3.4.1. Identify all of the bogus PHP and HTML files (made easier by the atrocious spelling and grammar of the hackers). Change all the passwords. Reinstall all the plugins and themes. Delete (rather than disabling) everything I’m not actually using. And then back everything up. And all the while, I had three terminal windows tailing the relevant log files.

I must say that I would rather been slogging through the mud at Silverstone, though….

UPDATE July 12, 2012:
This story continues to develop. Yesterday I received an email from a Russian Lithuanian company (evuln.com), advising me that my site appeared to be hacked, and providing a little bit of more-or-less accurate advice on cleaning it up. The email concluded:

If you are not able to fix this “redirect” problem on your own then we will be glad to help you for a reasonable price.

Oddly, the description that they gave of how I was hacked was slightly inaccurate, and so I ssh’d back into speakingofclouds.com to check. Sure enough, it had been hacked again. I cleaned up as before; this time I touched every file in my WordPress subtree, so that any changes would be immediately apparent.

This morning, I logged back in, and found that my .htaccess files had been changed again. This time I was able to match the modification time to the exact HTTP log entries, and this is what I saw:

94.23.116.27 - - [12/Jul/2012:05:45:44 -0700] "POST /wp-content/uploads/.cache_000.php HTTP/1.1" 200 365 "-" "Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0"

So somehow an executable PHP file had been hidden away in my uploads directory, and was being used to inject stuff into my WordPress configuration. I quarantined the file, then looked around to see if this was a known exploit. I only came across one blog reference, here.

It seems like one really obvious security fix for PHP would be to prevent it from executing hidden files. A quick check suggests that this hasn’t been implemented, though.

UPDATE December 11, 2012:
I’ve received several emails from eVuln.com complaining about this blog piece:

I am concerned about your blog post. It influence our online reputation. I’m sorry about our letter, we just wanted to inform you about security issues in your website.

Since I did no more than state the facts, accurately, I’m not sure what they’re complaining about. In the unlikely event that anyone actually reads this piece and cares about what I wrote, I encourage you to visit the eVuln Labs website and draw your own conclusions.

More anon.

On Monday, I had a conversation with Derrick Harriss of GigaOM, which he published here. I’ve followed up with a piece on my tech blog, adding a few thoughts and ripping the naivety of certain analysts…

After years of work by many people, we’ve finally published my mother’s memoirs. “My Short Century” by Lorna Arnold is now available from Lulu. A Kindle version is on the way, and both of them should show up on Amazon quite soon.

Yesterday I had an unrecoverable file system error on my MacBook Air running 10.8 Preview 2. Disk Utility instructed me to back up what files I could and then reformat. Since I had an up-to-date Time Machine backup, I wasn’t worried. I reformatted, and reinstalled the OS. However, I discovered that the OS installation had left me with a copy of 10.7. Would I be able to successfully restore all of my 10.8 files onto 10.7? Probably not. (Many of the settings have changed a lot.) So I decided to complete the installation first, upgrade to 10.8, and then recover my files.

Here’s the tip – something I forgot to do which caused me to waste time. While I was reinstalling 10.7, I created my normal “Geoff Arnold” user account. That was silly, because eventually I wanted to restore that account (apps, settings, files) from Time Machine. I should have set up a disposable account called something like “Super User”, performed the upgrade to 10.8 as this user, and then restored “Geoff Arnold” from Time Machine. As it was, I had to juggle accounts before running Migration Assistant: create “Super User”, log out, log in as “Super User”, delete the “Geoff Arnold” account, etc.

I actually ran into one more problem: trying to restore across the LAN didn’t work, because Migration Assistant hung while looking for computers. So I copied the backup sparsebundle to a USB HD, and restored from that. From checking the Apple Support discussions, it appears that using Migration Assistant with Time Machine is (still) mostly broken.