The Guru College http://gurucollege.net/ Recent content on The Guru College Hugo -- gohugo.io en-us Wed, 23 Mar 2016 20:27:04 -0400 Job Transitions and Loadbalancers http://gurucollege.net/post/2016-03-22-job-transitions/ Wed, 23 Mar 2016 20:27:04 -0400 http://gurucollege.net/post/2016-03-22-job-transitions/ <p>The most recent Practical Operations Podcast episodes are about <label for="mn-example" class="margin-toggle">&#8853;</label> <input type="checkbox" id="mn-example" class="margin-toggle"/> <span class="marginnote"><a href="http://operations.fm/episodes/11">http://operations.fm/episodes/11</a></span> job transitions and load balancers,<label for="mn-example" class="margin-toggle">&#8853;</label> <input type="checkbox" id="mn-example" class="margin-toggle"/> <span class="marginnote"><a href="http://operations.fm/episodes/12">http://operations.fm/episodes/12</a></span> both things near and dear to our hearts. Give a listen, let me know what you think! We&rsquo;d like to know what we should cover better - so topic ideas are always welcome - and what we&rsquo;ve covered poorly, so comments are encouraged.</p> XML feed http://gurucollege.net/post/2016-03-22-feed/ Tue, 22 Mar 2016 15:59:04 -0400 http://gurucollege.net/post/2016-03-22-feed/ <p>With the move from Wordpress to Hugo, the RSS feed for this site has changed to something more universally understood and common place: <a href="http://gurucollege.net/index.xml">http://gurucollege.net/index.xml</a> The old address of <a href="http://gurucollege.net/blog/?feed=rss2">http://gurucollege.net/blog/?feed=rss2</a> will still work for some time, but should go away soon.</p> Hugo http://gurucollege.net/post/2016-03-22-hugo/ Tue, 22 Mar 2016 14:44:27 -0400 http://gurucollege.net/post/2016-03-22-hugo/ <p>Switching this site from WordPress to Hugo,<label for="mn-example" class="margin-toggle">&#8853;</label> <input type="checkbox" id="mn-example" class="margin-toggle"/> <span class="marginnote"><a href="https://github.com/spf13/hugo">https://github.com/spf13/hugo</a></span> a static site generator written in Go. This is the first post written entirely in hugo and not imported from wordpress.</p> <p>The benefits of using a static site generator include not needing a database or complicated caching, as static files can be cached very effectively, and there are no round trips to a database for content. It also removes the two biggest security issues with WordPress - attacks on the database and on PHP functions on the pages. It is, however, more complicated to setup initially, and changing things means regenerating all the static pages in the site.</p> The Moment http://gurucollege.net/technology/the-moment/ Sat, 02 Jan 2016 00:00:00 +0000 http://gurucollege.net/technology/the-moment/ <p>I know the exact moment I decided to leave the job before last. I didn&rsquo;t know it at the time. It took months to figure it out. But I happened. Reading an article on Rands In Repose <label for="mn-example" class="margin-toggle">&#8853;</label> <input type="checkbox" id="mn-example" class="margin-toggle"/> <span class="marginnote"><a href="http://randsinrepose.com/archives/shields-down/">http://randsinrepose.com/archives/shields-down/</a></span> made me remember how distinctly that moment stands out as <em>the</em> moment. I was sitting in a 3 hour meeting with the senior management, and I was told that I wasn&rsquo;t part of the group that was making decisions. Even more so, my group was being explicitly excluded from that process. There was another team that was driving decisions, and we were simply there to implement and support them.</p> <p>In reflection, the next job I left was for a similar reason. At the time, I was happy with the work, my boss and my coworkers, but when an old colleague asked if I was interested in something bigger&#8230; I responded that I was interested. It wasn&rsquo;t until I was sitting in the interview itself with my new employer that I realized what it was about my current job that I was unhappy with &#8211; again, I was not being consulted on architecture and other forward-looking aspects of the stack. The work we were doing was fascinating and full of technology I was delighted to be learning more about. However, there were lots of legacy bits we held onto for Reasons, and the folks in charge of leading the platform had no context on how to production-ize the code they wrote.</p> <p>These are both jobs I loved. I learned a lot at them, I worked with amazing people, and I did what I felt was important work &#8211; not just helping post cat pictures to the internet. In the end, not having a sense of ownership of the stack can be a very discouraging thing to deal with &#8211; just as bad in many ways as having abusive coworkers, being underpaid or being bored.</p> The Practical Operations Podcast http://gurucollege.net/general/the-practical-operations-podcast/ Mon, 30 Nov 2015 00:00:00 +0000 http://gurucollege.net/general/the-practical-operations-podcast/ <p>Myself, Jack Neely and Jarod Watkins have started a podcast about system operations and engineering topics, called the <a href="http://operations.fm">Practical Operations Podcast</a>. It&rsquo;s a weekly show where the three of us discuss pragmatic and practical topics in the field of operations. With the Thanksgiving holiday we were a little delayed releasing <a href="http://operations.fm/episodes/2/">the second episode</a> about the best approaches to get monitoring and alerting under control, and we&rsquo;ve already recorded episode 3.</p> <p>We are currently trying to do a weekly show, and we are trying to keep it to about 30 minutes per show.</p> <p>If you have questions or comments about the show, or would like to ask us to cover specific topics, please let us know via twitter <a href="http://twitter.com/operationsfm">@operationsfm</a> or <a href="mailto:feedback@operations.fm">feedback@operations.fm</a></p> ttytter is dead, long live oysttyer! http://gurucollege.net/general/ttytter-is-dead-long-live-oysttyer/ Sun, 29 Nov 2015 00:00:00 +0000 http://gurucollege.net/general/ttytter-is-dead-long-live-oysttyer/ <p>My favorite command-line twitter client is dead. It&rsquo;s been replaced by the open source <a href="https://github.com/oysttyer/oysttyer">oysttyer</a>, as the original author lost interest in twitter as a platform and decided to let the community run with it.</p> iCloud Photo Library http://gurucollege.net/technology/home-network/icloud-photo-library/ Sat, 27 Jun 2015 00:00:00 +0000 http://gurucollege.net/technology/home-network/icloud-photo-library/ <p><strong>An exciting tale about what happens when you max out your asymmetric upload.</strong></p> <p>A few weeks ago I decided to enable iCloud Photo Library and start using Photos for OS X. In the past, I&rsquo;ve had a patchy history with Apple&rsquo;s cloud services, especially the ones that shuffle photos from your device to your &#8220;real&#8221; computer and vice versa. After enabling the iCloud Photo Library on my phone and desktop, my internet connection crawled to a halt. I was uploading photos to Apple at a good clip, but nothing else worked. In the entire house. We couldn&rsquo;t stream Netflix, couldn&rsquo;t load reddit and couldn&rsquo;t use FaceTime while on WiFi. What had happened: due to the asymmetrical nature of most residential internet connections, the upload connection was saturated with photo uploads. This prevented any other inbound connection from ack&rsquo;ing traffic to it&rsquo;s source, which in plain terms meant nothing else worked.</p> <p>Luckily, I run a decent router, so I was able to put traffic limiting in place, and put in rules that no host could use more than 3mbps of the 5.5mbps we get from our provider. This kept part of the upstream open, and life went back to normal. Until last night, when I turned on iCloud Photo Library for my wife. And then imported a large chunk of photos from the DSLR on my computer. Each computer happily started using 3mbps of the connection, and all other traffic became unreasonably slow &#8211; bordering on failure conditions again.</p> <p>As I love data, here&rsquo;s the graph of my connection, and it&rsquo;s pretty clear when I started my DSLR import/upload and when I updated the traffic limiter:</p> <p><a href="http://gurucollege.net/uploads/2015/06/bandwidth-graph.jpg"><img src="http://gurucollege.net/uploads/2015/06/bandwidth-graph-300x293.jpg" alt="bandwidth-graph" width="300" height="293" class="aligncenter size-medium wp-image-3294" /></a></p> <p>Inside Photos for OS X, the only control you have is &#8220;Disable uploads for 24 hours&#8221;. Which is another way of saying &#8220;Please wait until this time tomorrow to destroy my connection once again.&#8221; I like iCloud Photo Library and Photos for OS X&#8230; but Apple needs to address this. A simple internal rate limiter, like the ones used by every other cloud sync or cloud backup provider would be sufficient.</p> A Great Week For the NSA http://gurucollege.net/general/a-great-week-for-the-nsa/ Fri, 20 Feb 2015 00:00:00 +0000 http://gurucollege.net/general/a-great-week-for-the-nsa/ <p>It&rsquo;s been a great week for the NSA. First, we get the news that they are (effectively) behind the hacker collective known as the Equation Group (which does insane things, like deploy malware into the firmware of hard drives, so it survives drive formatting). <a href="https://firstlook.org/theintercept/2015/02/19/great-sim-heist/">Now we learn that they&rsquo;ve essentially pwned all cell phone SIM cards</a>.</p> <blockquote cite=""> <p>The bottom line is that people around the world, regardless of their nationality, should know that the United States is not spying on ordinary people who don’t threaten our national security and that we take their privacy concerns into account in our policies and procedures.</p> <footer>Barack Obama, Jan 17, 2014</footer> </blockquote> <p>Between this and the fact that the private key for the Lenovo adware/malware was cracked in 3 hours by a single man&#8230;</p> Superfish, or how to MITM everyone http://gurucollege.net/technology/superfish-or-how-to-mitm-everyone/ Thu, 19 Feb 2015 00:00:00 +0000 http://gurucollege.net/technology/superfish-or-how-to-mitm-everyone/ <p>Lenovo was just added to the list of companies I&rsquo;m hesitant to ever buy anything from ever again, in any capacity. As Ars Technica <a href="http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/">reports</a>, the Superfish adware that was installed by default on Lenovo machines presents a self-signed root CA certificate in the Trusted Roots for the system&rsquo;s SSL keys. This certificate was also trivially cracked. This means, if you are running Windows as shipped on a Lenovo machine, you may well be subject to insane security breaches.</p> <p>Best bet: backup your personal data, return the Lenovo, and get a new laptop from a different vendor. And when you get the new machine, wipe the drive and reinstall your OS of choice from a vendor-supplied DVD. Only then should you put your data back on the machine.</p> <p>Oh, yeah, and never trust OEM supplied OS images, ever again.</p> Changes http://gurucollege.net/work/changes/ Tue, 30 Dec 2014 00:00:00 +0000 http://gurucollege.net/work/changes/ <p>New Year News: I will be posting more here and on <a href="https://github.com/bwdezend">GitHub</a> in 2015. I have taken a new job, due to start in late January, which encourages open source project work. I will be working for a company called <a href="https://www.42lines.net">42 Lines</a>, doing systems administration and Operations work.</p> FreeNAS http://gurucollege.net/technology/freenas/ Tue, 18 Nov 2014 00:00:00 +0000 http://gurucollege.net/technology/freenas/ <p>FreeNAS is becoming more and more unusable for me. Part of the reason for using it was access to the jails and plugins &#8211; notably CrashPlan and OwnCloud. Due to the moving target nature of the system, I have had to repeatedly login and restart processes, manage memory, kill zombies, and deal with other issues in the jail setup. Further, the performance of AFP in FreeNAS (for me) has not been something to write home about, even with the newer bits (3.1.x branch, last I looked). The last straw is that the ZPOOL version is 5000 with a number of feature flags that nobody else has implemented yet. This means that the pools on my system are unreadable without the very newest releases of FreeNAS or FreeBSD.</p> <p>I&rsquo;m backing up now, headed for the better understood lands of <a href="http://zfsonlinux.org">ZFS on Linux</a>. It looks stable enough to keep me afloat, and I know how to keep CrashPlan from spawning 65000 zombies in the background.</p> Dropbox Pro Quota Levels http://gurucollege.net/technology/dropbox-pro-quota-levels/ Wed, 27 Aug 2014 00:00:00 +0000 http://gurucollege.net/technology/dropbox-pro-quota-levels/ <p>I was just notified that Dropbox Pro is <a href="https://blog.dropbox.com/2014/08/introducing-more-powerful-dropbox-pro/">10x&rsquo;ing their paid storage plans</a> &#8211; this is good news for my family and I. I had been thinking of moving off Dropbox and over to iCloud Drive this fall when Mac OS X Yosemite ships (assuming it works), but I&rsquo;m less likely to move now.</p> <p>Which is probably exactly the reason Dropbox is doing this.</p> Motorola Surfboard Metrics http://gurucollege.net/technology/3257/ Sat, 12 Jul 2014 00:00:00 +0000 http://gurucollege.net/technology/3257/ <p>Announcing another quick-and-dirty perl script today: <a href="https://github.com/bwdezend/surfboard-metrics">surfboard-metrics</a></p> <p>I have been having a lot of trouble with my ISP over the last few weeks &#8211; constant disconnects triggered by a modem reboot &#8211; which were taking us offline for 3-5 minutes at a time (or longer). This would be a mere annoyance, other than the fact that I work from home pretty frequently, and the reboot takes the connection out long enough to drop VPN and ssh sessions. The longest outage to date is 4 hours. I finally decided to start collecting data to see if I needed to add a powered amplifier to my cable system.</p> <p>I&rsquo;m using a <a href="http://www.motorola.com/us/SURFboard-eXtreme-SB6121-DOCSIS-3.0-Cable-Modem/SURFboard+eXtreme+SB6121+DOCSIS+3.0+Cable+Modem.html">Motorola Surfboard 6121</a>, and while the spec sheet lists SNMP v2 and v3, they appear to only allow SNMP access over the coax interface. It&rsquo;s for the ISP to use, not for the end user. This means screen-scraping the web interfaces, which by default live at <a href="http://192.168.100.1/cmSignal.htm">http://192.168.100.1/cmSignal.htm</a>. There is also a log event page at <a href="http://192.168.100.1/cmLogs.htm">http://192.168.100.1/cmLogs.htm</a> but I&rsquo;m not dealing with that yet.</p> <p>The important thing to watch for are power levels and the signal-to-noise ratios for the upstream and downstream channels. If upstream goes above 55dBvM, or if downstream gets much above 40dB, performance will go to crap, and you will start seeing <code>No Ranging Response received - T3 time-out</code> or <code>Unicast Ranging Received Abort Response - initializing MAC</code> and the modem will eventually reboot itself.</p> <p>The script I wrote screen scrapes the pages, and outputs to a graphite/carbon server all the various metrics. I&rsquo;ve tried to make it reasonably flexible &#8211; if you have a higher speed connection and have multiple bonded upstream or downstream channels, the script should be able to create a metric for each channel &#8211; but as I only have my modem for reference, I can&rsquo;t verify some of that. As it might be helpful, I&rsquo;ve put it on github. If you have a Motorola Surfboard, give it a spin. I welcome pull reuquests that add support for ohter modems or other outputs to metric engines.</p> <p>Here&rsquo;s a screen capture of my local grafana instance, looking at recent data:</p> <p><a href="http://gurucollege.net/uploads/2014/07/Screen-Shot-2014-07-12-at-12.15.51-PM.png"><img src="http://gurucollege.net/uploads/2014/07/Screen-Shot-2014-07-12-at-12.15.51-PM-1024x439.png" alt="Screen Shot 2014-07-12 at 12.15.51 PM" width="1024" height="439" class="alignright size-large wp-image-3256" /></a></p> <p>You can see a reboot at <sup>7</sup>&frasl;<sub>11</sub>, around 14:30, and again on <sup>7</sup>&frasl;<sub>12</sub> at 11:30. I think the next step is to correlate temperature and humidity readings, as well as internet traffic levels, and see if any patterns emerge.</p> Aperture is Dead http://gurucollege.net/technology/aperture-is-dead/ Sun, 29 Jun 2014 00:00:00 +0000 http://gurucollege.net/technology/aperture-is-dead/ <p>Apple has decided to <a href="http://www.wired.com/2014/06/apple-kills-aperture/">kill Aperture</a>. I left Aperture years ago due to performance issues when the library got large enough. Now, it will be time to get my wife off of it. I hope that &#8220;Photos for OS X&#8221;, coming in the spring, is good enough. I loathe the idea of giving Adobe any money for <a href="http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html">Creative Cloud</a>, but I don&rsquo;t think that <a href="http://www.darktable.org">DarkTable</a> is friendly enough for my wife to use every day.</p> FreeNAS: First Impressions http://gurucollege.net/technology/freenas-first-impressions/ Wed, 25 Jun 2014 00:00:00 +0000 http://gurucollege.net/technology/freenas-first-impressions/ <p>I&rsquo;ve been &#8220;production&#8221; on my new FreeNAS based file server for a few days now. I finished the data migration over the weekend. I&rsquo;m still drinking in the differences, and trying to get a handle on all the ways FreeNAS (and recent FreeBSD builds) are different than an years-old install of OpenSolaris. I am mostly impressed. I am going to miss FMA on Solaris and a few of those sort of features that made the OS so incredibly good (cfgadm comes to mind), and I&rsquo;m not sure how FreeNAS handles drive failures and removals &#8211; I&rsquo;m sure I will find out over the next weeks, months and years.</p> <p>The cautionary tale I have for today is using &#8220;AFP&#8221; shares in FreeNAS, which I assume is netatalk. My photo library lives on the NAS, and has for years. One of the things I was looking forward to moving off OpenSolaris for was a better stack for CIFS/AFP file services. This evening, I finally settled down to get some image editing done &#8211; and the system was so incredibly slow as to be unusable. Going into the Finder, pulling a directory listing was taking 20-30 seconds. I was starting to lose my mind, but I decided to fall back to NFS, which I had been using to move data around, and had seemed quick for bulk transfers. Everything was lightning fast.</p> <p>I don&rsquo;t have anything conclusive yet, but it seems that NFS is an order of magnitude faster than AFP, out of the box, on FreeNAS. I&rsquo;ll look into this further, but I&rsquo;m tired, and I don&rsquo;t want to try to dig up numbers tonight.</p>