The life and times of Jeffrey Forman.

Tagged: Internet Toggle Comment Threads | Keyboard Shortcuts

• 

  Jeff Forman 7:13 am on April 10, 2011 Permalink
  Tags: Boston ( 6 ), Internet, linux ( 9 ), ops   

  Barcamp Boston 6, Day One 

  Having never been to a Barcamp before, I knew the overall structure of the conference, but was curious if I would actually like it. Truth be told, I found it full of content, without a lot of fluff, even for the talks I sat in on where I had no prior knowledge. My notes follow, thanks to the great OSX app Notational Velocity hooked up to Simplenote. My overall thoughts in italic after each post.:

  how to give a presentation people love and learn from
  break presentation into 7-10 minute chunks
  then transition 7 minutes into the talk to another topic, to keep people’s attention
  insert emotion, a story. rather than just X happened.
  (For a talk to be this meta, a presentation about giving presentations, I was not hooked. There weren’t any real nuggets of information here that made me sit up and say “Wow, I haven’t been doing this in the presentation I make.”)

  how to run a startup like genghis khan, by @wufoo

  • work like a nomad
  • build an audience first. protect your audience. make the audience part of the show.
  • make developers handle support requests. once devs get same question two or three times, they go in and fix the code so they dont get the question again.

  (Presenter absolutely killed it. Engaging, fast talking (without mumbling), great slides that presented the information in clear and sometimes humorous ways. Made me think more about engaging the people I am trying to convince to my way of thinking)

  android developer: war stories and antipatterns
  yoni, lead android dev at scavngr

  • dont code splashscreens. more of an iOS thing. if you have to preload data, show a progress bar in the app already open
  • dont force orientation (landscape/portrait). support both
  • dont assume their screen size. use relative layouts

  (I went into this talk curious and with no prior experience or knowledge of writing an Android app. I don’t even own an Android phone. This was much more a round table, with those devs in the room very willing to share their experiences and war stories. I found they really had good experiential tips, rather than “This is the best practice” and moving on.)

  ask a plasma physics grad student anything
  (I must say this was completely over my head. The student at the front of the room, from MIT’s Plasma Science and Fusion Center, seemed to know his stuff and was genuienly interested in challenging the audience. What blew me away was the knowledge of the audience, asking very pointed questions with what sounded like real science to back it up.)

  building fast websites, making users happy (@jonathanklein)

  • google injected 400ms delay into search page, dropped 0.76% searches/users over time.
  • phpied.com/the-performance-business-pitch
  • faster sites rank better in google. site speed is part of search ranking.
  • what’s load time? server side generation time, client side render time. 80-90% of load time takes place on the client.
  • best practices:
  • reduce http requests: combine css/js, use image sprites (one download and cut up into multiple images).
  • minify css/jss: strip comments out and white space. (yuy, java library). will rename variables into shortest name possible
  • gzip all text: html, css, js
  • for graphics, use png8 (restricts you to 256 different colors in the image)
  • jpegs can be saved at 75% quality
  • image compressor: smush.it (from yahoo dev network), lossless compression.
  • measuring performance
  • google webmaster tools, http://www.webpagetest.org
  • yotta, firebug, yslow, page speed, dynatrace ajax edition

  (For an ops guy, I was really interested in this talk. Jonathan blew through his material at break-neck speed, but covered the topics and answered questions without feeling like the talk was broken up. Some really good information through his experiences, and things I would like to dig into more myself.)
  

  nosql round table

  • some are relational, others are key value
  • redis, redis + resque
  • cassandra
  • mongodb
  • why nosql over mysql? no schema, lack of migrations from version to version. being able to store different things. replication (single threaded)
  • keeping mysql in sync with nosql layer about: broadcast updates from mysql over rapidmq(?).  nosql service grabs update from mysql.
  • solutions that they discarded:
  • cassandra: v0.6, latency spikes between nodes. node would get flagged as awol. cascading failure because data gets rebalanced. use “hinted handoff” to prefer the direction of the failover. supposedly better in v0.7. documentation is messy.
  • in the cloud or in a dc? mostly EC2. local storage with evs slave.
  • search via solr

  (Another one where I went in having nothing but curiosity, since noSQL is one of the popular buzz words these days. Very engaged audience who shared war stories, both good and bad, implementing noSQL solutions in their workplaces. Left me with a stalk of websites to dig into.)

  agile development war stories

  • problems it tries to solve: waste. business approach.
  • more collab between business and engineering. dont just throw the ‘stories’ from biz over the wall.
  • focus on testable behavior. how can we test each iteration? should be part of the original story.
  • be smaller, quicker, more iterative. ex// dont go off for 18 months planning your solution. business might change underneath you
  • people do “agile but..” and tend to modify the methodology.
  • burn down?
  • should tasks stay <1 day? sounds a bit unreasonable, since “speeding up the server by 20%” is unable to be done in one day. task size should have a reason.
  • average sprint time: 2 weeks
  • do a code review before the planning meeting. so estimations on a piece of work can be completed in the meeting. ex// dont trace the code for the 1st time in a meeting.
  • software to track scrums/managing stories: soft2, scrum ninja, team foundations studio (windows), white boards, index cards on a wall, ibm rational, pivotal tracker (good for distributed teams), mingle from softworks.

  (Another highly-concentrated buzzword round table where I was more curious than anything. Some real good information about what works and what doesn’t when it comes to managing time and projects. Lots to read up on here, and see if I can apply it to my daily work life.)

   
• 

  Jeff Forman 7:31 pm on February 28, 2011 Permalink
  Tags: dhcp, dns, Internet   

  You go here, you go there. Bending DHCP to your will. 

  TL;DR: How to hand out DNS servers in different orders to different clients based upon MAC address.

  Background: I was connected into my office’s VPN a few months ago and was noticed some very slow DNS resolution of host names back at the office. I would attempt to ssh into another host, and the connection would sit there for more than a few seconds before finally proceeding. This didn’t happen for just ssh, but also for making http requests. I dug into my resolv.conf locally and tried sending a few DNS queries via dig to the two DNS servers I was provided. The first one failed, the second one returned immediately with the correct response. I swapped the two entries and DNS resolution locally was back to where I would expect it, very fast. I alerted our IT group and the issue was fixed (the first DNS server had become hung, and needed a process restart).

  Curiosity: This got me thinking, was everyone suffering my issue? Did the two DNS servers handed out always come in that same order? If so, DNS would have been slow for everyone. We’d all be timing out trying to query the first server, waiting for our local resolvers to query the second operational server. Could I get a DHCP server to randomize the list of DNS servers to its querying clients?

  Assumptions: I am ignoring the fact that our VPN concentrator might not be running the ISC DHCPD, which my examples are based upon. I will split up each DHCP subnet into two groups, in a binary fashion.

  How I did it: After doing some Google searches, I came across a post on the mailing list for ISC DHCPD users. It explained that you could do some logic on the incoming MAC address, and based upon that, hand out unique information, among it, DNS, routers, domain names, etc.I was curious to see if I could actually get this working.

  I figure the easiest way to do this is paste some config data and go from there.

  dhcpd.conf:
  class "binary-group-0" {
      match if suffix(binary-to-ascii(2, 8, "", substring(hardware, 6, 1)), 1) = "0";
  }
  
  class "binary-group-1" {
      match if suffix(binary-to-ascii(2, 8, "", substring(hardware, 6, 1)), 1) = "1";
  }
  
  subnet 10.30.0.0 netmask 255.255.255.0 {
      option routers 10.30.0.1;
      option domain-name "vmtest.jeffreyforman.net";
  
      pool {
          allow members of "binary-group-0";
          range 10.30.0.20 10.30.0.30;
          option domain-name-servers 1.1.1.1, 2.2.2.2;
          on commit {
              execute("/bin/echo", "GROUP ZERO");
          }
      }
      pool {
          allow members of "binary-group-1";
          range 10.30.0.200 10.30.0.210;
          option domain-name-servers 4.4.4.4, 5.5.5.5;
          on commit {
              execute("/bin/echo", "GROUP ONE");
          }
      }
  }
  

  Configuration explination:
  On lines 2-8, each named class is populated by clients whose MAC address corresponds to the appropriate ‘match’ line. These match do the following: Starting from the 6th byte of the client’s MAC address, grab one byte of data. Once we have that data, convert the binary data to ascii characters, without a separator using base two, each bit of data being eight bits long. With that data, take a string onecharacter from the end. We have created two classes here, one where the last character is 0 (zero), and the other is 1 (one).

  On lines 10-30,we have a standard subnet declaration, with two pools. Each pool (lines 14-20, 21-29) uses the ‘allow members of’ to control which class of users from above the pool applies to. In this instance, we hand out two different ranges and sets of domain name servers depending on what class a user belongs. For my own debugging, I stick an ‘on commit’ execution in each pool. This outputs in the log when a lease is acquired for a particular client, and gave me some explanation about where I was in the config. These ‘on commit’ lines are purely for debugging, and can be removed for production. Clients whose MAC address ends in a binary ’0′, are placed in the 10.30.0.20-30 range with DNS servers 1.1.1.1 and 2.2.2.2. Those whose MAC address ends in a binary ’1′ are given an address in the 10.30.0.200-210 pool, with DNS servers 4.4.4.4, 5.5.5.5. You could easily put your own DNS servers in this section, modifying the order in any way you please.

  Log Output:
  Using a couple of VM’s on an isolated network at home (and playing with the MAC address of the client), I was able to test my above configuration. Notice on each they are given IP’s from each appropriate range, with the correct ‘echo’ statement being executed.

  DHCPDISCOVER from 52:54:00:4c:f3:d4 (testvm1) via re1
  DHCPOFFER on 10.30.0.21 to 52:54:00:4c:f3:d4 (testvm1) via re1
  execute_statement argv[0] = /bin/echo
  execute_statement argv[1] = GROUP ZERO
  GROUP ZERO
  DHCPREQUEST for 10.30.0.21 (10.30.0.1) from 52:54:00:4c:f3:d4 (testvm1) via re1
  DHCPACK on 10.30.0.21 to 52:54:00:4c:f3:d4 (testvm1) via re1
  
  DHCPDISCOVER from 52:54:00:4c:f3:d3 via re1
  DHCPOFFER on 10.30.0.201 to 52:54:00:4c:f3:d3 (testvm1) via re1
  execute_statement argv[0] = /bin/echo
  execute_statement argv[1] = GROUP ONE
  GROUP ONE
  DHCPREQUEST for 10.30.0.201 (10.30.0.1) from 52:54:00:4c:f3:d3 (testvm1) via re1
  DHCPACK on 10.30.0.201 to 52:54:00:4c:f3:d3 (testvm1) via re1
  

  Appendix:
  For those curious about how I came to breaking up the MAC address of the client, I became painfully familiar with the dhcp-eval man page. I honestly would not wish that man page on anyone, it is woefully confusing for someone who does not dabble in DHCPD configuration on a daily basis.

  MAC Address: 52:54:00:4c:f3:d3
  
  binary-to-ascii(2, 8, ":", hardware);
  1:1010010:1010100:0:1001100:11110011:11010011
  
  binary-to-ascii(2,8,".", substring(hardware,6,1));
  11010011
  
  suffix(binary-to-ascii(2, 8, ":", hardware), 1);
  1
  

  There you have it. Now you can break up your clients into binary groups, handing them different network information depending on where they fall. Obviously if you want to split them up into more than two groups, the match statements become a bit more verbose for each condition. Ultimately this would not have solved my problem of being given a ‘bad’ DNS server first in line for my request (since my MAC address would always be the same), but it does spread the load among DNS servers over local clients. I am now curious, when I get the free time, to play around with creating an on-commit-like command that based upon its execution (generate a random number for example), changes the order of DNS servers handed out to clients.

  References:

  • http://easycalculation.com/hex-converter.php
  • http://www.linuxmanpages.com/man5/dhcpd.conf.5.php
  • https://lists.isc.org/pipermail/dhcp-users/2011-February/012784.html
   
• 

  Jeff Forman 12:03 pm on December 13, 2008 Permalink
  Tags: Facebook, Internet, Security   

  Oops I lost my phone, Facebook Edition 

  Everyone on Facebook has seen it. The groups your friends join that have to do with someone losing their cell phone. Whether it’s in the toilet, left in a cab after a night of alcoholic debauchery, or just plain forgetfulness. Being the curious people we are, we click on the name of the group, to see who lost their phone this time. What is then listed is a bunch of random people you probably don’t know, listing their phone numbers. One I saw lately, listed a person’s phone number, and their boyfriend’s phone number, people I had no connection to. Just like we don’t want telemarketers calling us at home, which has brought about the existance of the ‘Do Not Call’ list, why do we want people getting your cell phone number who don’t have our conscious approval. Sooner or later, a malicious person will write a program scanning Facebook for events with the names of “I lost my cell phone” and scrape the numbers from the Event Wall, on sale to any one of the world’s nefarious buyers.

  Being the security conscious person I am, my first thought is “Are you kidding me? You’re posting your cell phone number for anyone on Facebook too see.”  I figured there must be options in creating an event that prevent the whole world from reading your, and your friends’ business.

  So I went and created a test event, just to see how much you can secure the event and all it’s related content.

  Step 1, Event Info: This means you can corral the event to a network you are part of, whether that be your city, job, or current/past place of education. Problem 1, if your network happens to be a large city such as New York City or Boston, that’s quite a lot of people. People you know, and a lot of people you don’t know. My suggestion, keep the network selection optional. From the start, I think an organizer should have the ability to select exactly what people can see your event, regardless of who you are inviting.

  Step 2, Customize: This is where the meat of the privacy options present themselves. Under options you can choose to display, or hide, a host of information:

  • Enable the guest list (if invitees and/or the public, can see othre people you’ve invited)
  • The Wall (Like a bulletin-board for the event. Short notes of congratulations, transportation planning, or any other random things)
  • Photos (Embarassing pictures of you shotgunning a beer at an old fraternity event, baby pictures, etc).
  • Access: Open Event, Closed Event, or Secret Event.
    • Open Event: Pretty obvious. Anyone can see all the information, add themselves to the guest list.  Invitees can invite other people.
    • Closed Event: Only the location and time are disclosed, where the administrator of the event controls the guest list.
    • Secret Event: This event will not show up anywhere other than on the people you invite’s list (jsf: bingo!)
  • Publicize: Whether the event will show up in people’s search results.

  These are pretty good options admittedly. If I were creating an event, I’d personally go with the ‘Secret Event.’ We all can relate to seeing some one’s created event, and not being on the invite list. “Hey, I should have been invited!” It’s the equivalent of publicly de-friending someone. You want to do it, but you don’t want the other person to know.

  If I were creating an event where I lost my phone, that’s the way I’d go if I weren’t going to use a blanket private message. I’d create the event, and invite only people whose phone numbers I wanted. Using this method, the random Facebook user doesn’t see your event and go poking around for any personal information: phone numbers, addresses of events (and who will be there), etc.

  ---

  But with all the logic Facebook can put into their event creation, it comes down to people being smart. Do you normally just give out your cell phone number, or write it on the bathroom wall in a bar? Because that’s what you’ve just done.

  Be smart. If you’re invited to a Facebook event like this, private message your cell number to the person and write on the event wall, “Hey, I sent you my cell number in private message, find it there!” It’s not ignoring your friend, but it’s being a concious and intelligent consumer of Facebook.

  Happy (and smart) Facebook eventing.