Skip to main content

Posts

Showing posts from June, 2013

What is Erlang on Xen good for?

The tradeoffs are severe and at this point it is not interesting enough to risk a project.

EOX is providing the real guest OS even though it's not a complete or real OSThe filesystem is only a fraction of traditional servicesI'm not sure whether or not filesystem snapshotting is possibleYou're stuck with erlangthey are even using BEAM filesthere is still a host OSit's not open source yetit's a commercial project first and foremostyou should checkout docker.io first. At least you'll have more choices before getting locked in.

"Truley Elastic"

"With Erlang on Xen, in less than 100 milliseconds after the launch a new node starts to run the application code." -- erlang on xenOne cannot argue that EOX (erlang on xen) launches the application quickly and it's certainly faster than launching an entire guest OS. But surely there are a number of technical reasons why and possibly related to the number of sacrifices that were made in order to get the response time to that level.

Linux containers in the form of docker.io is achieving numbers that are even better and that are not limited to erlang and EVM languages. Additionally your apps do not give up the filesystem which you are used to.

UPDATE: The equivalent hello world running on a rackspace server took 20ms. (2013-06-30)

"Hard to break in" -- erlang on zen

"Erlang on Xen drastically limits options of a malicious attacker". Well, this from the maybe factory. Actually the supporting justification is that the instance does not open any ports that the application running in the VM does not open.  Also, since it's erlang and it's compiled in their special sandbox it's also reasonable to assume that code injection is not likely too unless it's a passthru to a backend DB.
But there are a few problems with their claims. (a) erlang on xen does not run on bare metal. The system still requires a host OS. And that host OS is still vulnerable. (b) While any other system might be connected to the web... it is very likely protected by a firewall in all but the basic rackspace, peer1, linode, etc... cloud installations.
So frankly erlang on xen is no more or less secure.

I new that buying an iPhone 5 was the wrong thing to do

I have been very unhappy with Apple for a very long time. Sadly and coincidentally this began around the time that Steve Jobs was reported ill for the second time. My Airport Express had to be replaced, my MacBook's battery swelled and had to be replaced, my MacBook Air was behaving strangely and my iPhone was also on the fritz.

About 6 months ago I did some very basic math.  For $1000 (one thousand) I can buy a Nexus 7, Nexus 10 and a Nexus 4. And optionally swapping one for a Samsung ChromeBook. And one can not come anywhere near that with Apple.

Last weekend I decided to upgrade our iPhones. Partly because my wife's phone had been seriously problematic and mostly because Best Buy had a great trade-in program. As it turns out my wife's phone had a corrupt backup which could not be repaired.  That meant a complete restore, however, the only reliable way to keep her notes and other important docs sync'd was to backup to the iCloud. And that's where the fun began.

Her …

Resolving iPhone settings badge issues

The iPhone settings badge is triggered by one of three possible causes. 1) The iPhone operating system requires an upgrade. 2) The cellular provider has a pending upgrade. 3) Or there is a corrupt parameter in the operating system or one of the other features on the phone.
The first two were easily remedied by traditional methods, however, the third is just disturbing. 
The corrective action for the third problem is a) backup your photos to iPhoto. b) backup everything else to iCloud. c) restore factory settings. d) restore from iCloud.  
The reason this sucks as a solution is because apple could have published this solution instead of forcing me to visit a Genius Bar. What an amazing waste of time and justification for my desire to convert to android.

Startup roadmap

At what point does a startup stop building new products and shift to incremental changes? And at what point do they swing back? Is it ever too late?

ClosureScript and JavaScript

One complaint that the ClosureScript domain makes of JavaScript is the hoisting of variables. I do not disagree that it can be complicated and that there are other deep challenges. However, ClosureScript has its own warts. a) it compiles or translates to JavaScript so one needs to know both regardless. b) ClosureScript has its own idioms which are no less bothersome. At the end of the day there are more people that are effective with JavaScript than ClosureScript.

Transcribing your every phone call

As I become more comfortable with voice dictation on my iPhone I wonder whether it would be useful to Transcribe every phone call or technical discussion for the purpose of having an accurate record of the discussion.

GOLANG switch fallthrough behavior

GO implements the switch instruction as a hodgepodge of different languages. For example:

switch test_variable {case 'A':   . . .default:  . . .}and then there is:

switch  {case test_variable == 'A':   . . .default:  . . .}Both of the above are identical. I suppose that under the hood there may be an optimization or two.
When comparing the execution to the C model. When GO reaches the end of the case or default block the code continues execution with the command immediately following the end of the switch. C, on the other hand, requires a "break" command in order to get the same behavior.
A nearly opposite is also true. If one omits the "break" statement then the C executable will continue to the next case or break statement until either a break, continue or the end of the switch is reached. By comparison the GO switch statement implements a "fallthrough" statement which tells the GO program to continue to the next case or default statement. O…

One considerable advantage of continuous deployment

As your years of experience advance the cost of the minutia portion of your day-to-day operations gets more and more expensive for the organization. Continuous deployment allows you to offset the cost and allows you to concentrate on your main function of developing code and product. When implemented properly it allows the decision-makers to perform the task of deploying or promoting to production without requiring the expensive developers just to babysit that operation. Clearly a Devops team would augment or perform the actual function for the promotion of the code.

Garbageman and postal workers

Garbageman and postal workers traverse just about every road every city in United States. This in itself is an amazing feat. Why doesn't Google outfit these machines trucks with their cameras in order to collect Street view data.

The cost of a complete cloud development environment

You can certainly build a custom development environment but if you want to implement a standardized development to deployment structure using off the shelf tools is a viable solution.

The following image describes the many stacks that CodeEnvy supports. Many of the elements are free and free-as-in-beer. But the truth is that you're going to get to a point where these services are going to cost some real money.
Languages - FREE
Frameworks - FREE
PaaS - varies greatly, none offer "private hobbyist" options.
Repository - public is FREE, private is not (about $12/yr per project for GitHub)
Continuous Integration - Jenkins is FREE to use but requires a server. Could cost $7/mo
Agile - ???
IDE - CodeEnvy is going to charge $149/yr

The current state of the Cloud development environment is just too expensive and too much of an unknown. The better alternative is going to be a hybrid of a desktop environment with a simple cloud server and some basic tools that let you perform some basic c…

How do cloud IDEs work in the enterprise or private consultancy?

If the decision is "yours" to make then how do you make the decision or present to the decision makers all the information that would be necessary?

In recent months there have been a number of topic blooms discussing the T&C and Privacy information of services like DropBox, Box, Google Drive and so on... The questions I ask are 1) just how secure are these IDEs? 2) what are the licensing issues for my code? 3) what rights am I giving up? Since many of these IDEs are commercial then what insurance and assurance do I have?

This line of reasoning begs one overarching question:  What is the highest rated IP stored on GitHub or Bitbucket; and the online IDEs?

Lua and JavaScript

Choosing between Lua and JavaScript is a constant struggle. Both languages provide a number of features/functions that make them strong contenders for mindshare and actual deployment. Each have plenty of warts too.

For Lua, I like that it has a small footprint, it's fast, cross platform and embeddable. And finally I like that it's used by Adobe and many game developers.

JavaScript, on the other hand. Has tremendous mindshare, executables are reaching for JVM speeds, Dart translations are performing better than native JavaScript, number of libraries.

GOLANG concat two arrays of strings

You have two arrays of strings, 'a' and 'b'... and you want to concatenate them. Easy enough see here.
// assign the values
a := strings.Split("a,b,c", ",")
b := strings.Split("c,d,f", ",")

This will result in:
a = ["a", "b", "c"]
b = ["c", "d", "f"]

Now to concatenate the two arrays:
c := append(a, b...)

That's all there is to it. GO will return:
c = ["a", "b", "c", "c", "d", "f"]

Notice that "c" is duplicated because it's in both arrays. Merging without duplicates is a different task.

social fitness could be hazardous to your health insurance

If you're capturing you fitness levels and other health metrics with devices like Jawbone's UP, Nike FuelBand, or any number of similar devices; and then you are posting the results online (or not if there is a backdoor). Then there is a possibility that your health insurance company may deny coverage based on your voluntary and very public disclosure.

Getting to Zero Downtime

Minimizing Disruptions triggered an immediate reaction; "inconceivable" (Princess Bride). What I'm reacting to is the realization that removing 100% of all possible disruptions is impossible. From the power grid to the first instruction of the first application or service there is a deep stack that we assume is always there and functioning.

As I further consider erlang's mantra of "no defensive code" I realize that everything from the moment the power is turned on, network ready, through to the launching of the application; none of it has a "defensive state". And so I recant my position on erlang's mantra. Now I will "start with nothing and add it as needed (as observed in the fractal dimension) as a defensive layer rather than defensive state".

As for minimizing disruptions as it applies to deploying applications and new features. That simply depends on the complexity of what is being deployed. (yet another fractal dimension).

Minimum Storage - SSD - MacBook Air

This is a quick post. My MBA came with 64GB of SSD space. This is not enough to do basic programming tasks after a year. Specially without a virtual filesystem in the cloud. With just a few iPhoto imports, some music, a movie or two, and a couple of iPhone backups and the drive is full before the first year is over. If I were not already conscious of the challenge I would have filled it up months ago. DaisyDisk save me for sure.

Nuclear PDP 11

Recent posts indicate the end of life for the PDP 11 which controls most nuclear reactors is being extended. What is amazing is that most smartphones contain more power and computational capability Then the original PDP 11. The idea that it is possible to control the machine the size of a nuclear reactor with something as small as a smartphone is both compelling and daunting.

The supermoon

Wouldn't it be interesting if we had a picture of the Supermoon at the exact same time from each of the 50 states? Weather permitting, of course.

NSA versus the web

I'm not sure how I feel about the government listening to my calls or even recording them for a future that will permit listening or listening my robot. However, in my opinion this is completely different from the topic of monitoring the CDR (call data records) of the calls being made.

First of all. Who owns the communication infrastructure? Well, I think that used to be the government. And if not directly that own it by granting licensing for spectrum, right of way, and in some cases funding for R&D that lead to the ventures. The same is/was true for the postal network.

Secondly, we voluntarily give buckets of information to the various commercial companies. Search, smartphone telemetry, any website you access, cookies, advertisers, photos with GPS. The bigger advertisers know more about you than you realize. And then there is concept of six degrees -- added to LinkedIn, Facebook, Google and so on... Not much privacy there.

Third. The Call Data Record, by my definition, is no di…

iCloud what's it all about

Having just purchased my new iPhone 5 decided that I wanted to give iCloud a second look since I'm a big Google drive user and it's general-purpose virtual drive approach to storing my data is very appealing. Also noting that Apple released a beta version of iCloud for iWork. What I discovered immediately is that the data is partitioned by application therefore you're locked in to accessing your data via the application that created it. In some cases this could be considered a feature I consider this a bug. From what I can tell it's just not possible to use iCloud storage for general-purpose files. Dropbox box.com Google Drive sugar sync these vendors are still years ahead of iCloud.

Size still matters

After 60 some years of modernization current computers still crash when they run out of disk space. One would think with the explosion of data in today's society and personal computing software would be more resilient  The current cost of cloud storage will not offset the cost of system failure network failure and running out of disc space.

Jobs - the movie

I saw the trailer today looks pretty good. My guess that is the a lot of apple aficionados are going to be disappointed whether it's factual or fiction or just plain entertaining nobody is going to be completely satisfied. Either way it's a must see movie for me this summer.

From the 'its not free dept.'

'Current AT&T customers who are upgrading to iPhone will pay a $36 upgrade fee and new AT&T customers will pay the standard $36 activation fee.'  -- http://www.att.com/esupport/article.jsp?sid=61027&cv=820#fbid=MZWc4RVprIL

The Best Buy free upgrade

The Best Buy free upgrade is not as free as one would think initially. There are plenty of accessories to purchase in order to move from an iPhone 4 to an iPhone 5. 
The base price of your iPhone will be based on your carriers eligibility for an upgrade.  For me that was $150. Once Best Buy gives you $150 in a trade allowance the net cost is zero, however, AT&T charges $36 for the upgrade processing fee and you probably need an extra power cable or two and if you need a new case and even a screen protector it adds up very quickly. 
Free is not so free. But it is somewhat cheaper. Especially if you are in the market.

GOLANG - method chaining

I built a sample method call chain example in GO. It was simple to implement after I squeezed out the bugs and syntax errors. But it works. I think the only thing it's missing is some basic protection on entry and exit.

"Fail Fast and Noisily, Fail Politely"

I believe that there is a deeper implication than documented in Joe Armstrongs PragProg book. To me it means that there is a perimeter of code that layers the inner function, behavior or action. This layer acts to validate incoming data per the requirements and handle the exceptions from the inner layer(s). All of which masks the intent that the closer to the center of the innermost layer the more reliable the task or operation is.
For example... 
This function does not require much error checking... or does it. The only bac thing that can happen might be an arithmetic overflow. But if the layer above restricted the range of numeric values then this would be perfectly fine.
add(A, B) -> A + B.
However, in this case the consequences are much more serious. In many systems and languages a divide by zero will cause a processor fault and that is a completely different error although it may bubble up the callstack in the same way that the previous arithmetic overflow does
divide(A, B) -> A…

speed kills

Erlang is the incarnation of "speed kills" as it professes that crashing software is ok and that defensive programming is not to be avoided.

Erlang/Elixir - let it crash

The biggest problem with erlang's let it crash philosophy is that it's going to leave things in an unreproducible and nondeterminate state as there is an impedance mismatch between most storage engines and the EVM(beam) itself.

Some interesting facts:

Joe Armstrong - says that erlang is not appropriate for solving all problemsIf you're going to use hot-plugging to suggest you have zero downtime then you'd be wrong. Crashing during a module hotplug is still a crash.most erlang programmers do not completely grok OTP and that's where the power of the EVM is really locatedAs I started to read the Elixer book from PragProg I realized that while erlang is a BCB (bell curve baby) the chances that I'll write another application with it is slim and none. Business owners do not want the expense and risk. I'm starting to get comfortable with the fact that NodeJS and GO are the probable future for the next 5 to 10 years.

My latest Apple shopping list

2x 15" MacBook Pro w/Retina (max ram and SSD)
1x 13" MacBook Air w/12 hour Battery (max ram and SSD)
The latest Airport express and 3TB drive for TimeMachine
2x iPhone 5 or 6
1x iPad w/Retina

That's only about seven thousand bucks. WTF was I thinking.

Effective Dating Code and JavaScript

The idea that data might have an effective date is nothing new, however, using effective dating on code fragments is interesting but when you add zero downtime with complete code and data synchronicity it is something completely different; possibly evolutionary.

I had initially thought of using C, C#, Java, perl, Ruby, Python, Go, erlang, and elixir. As I went back and forth I skimming away the many fractal dimensions and with every generation I found myself back where I started.
First of all there are two major strategies and a potential hybrid.
The first approach is a router with a synchronized clock which routes transactions to an green/blue server instances. Blue/green is a typical model and in most cases is implemented in an HA scenario... but the key point is that a) the code is staged in advance; b) the switch is instantaneous; c) the system is always known to be in a particular state and transactions are always reproducible (audit-able).
The second approach is effectively a hot-pl…

WWDC felt like a double

The highlights were the AI car demo and the 12hr battery on the MBR. But that was about it. 
They changed the cat theme to I don't know what but the name is a popular surfer location in California. The presentation was less than smooth. 
The design of the iOS 7 logo is kinda weak. 
Everything else was just par for apple. Not stellar.

Chromium Security on OSX

It would have been nice if Chromium was recognized by Apple as an Apple developer instead of prompting me to reduce the security settings in order to get the first run.

A new view on double secret encryption

There was a time when I thought that encrypting my entire harddrive and then encrypting a folder was a stupid thing to do.  The compression experts have made it clear that double compression does not work so I was already biased.

Encrypting the entire harddrive makes perfect sense because with few or any exceptions the harddrive is linked to the CPU an therefore cannot be removed from the computer and connected to a USB without a lot of low-level knowledge... even is at all possible.

And so for the most part, most operating systems, are not likely to leak any confidential data into the swap or sleep partitions as non- encrypted systems commonly do.

But the advantage of encrypting a folder with "Espionage" or "DocWallet" has the added benefit that your sysadmin and the people you share your computer with are not likely to be able to access these doubly encrypted folders.

As a side note... If your concerned about PRISM-like attempts to hack your data then I have no idea …

The new formula for learning things and impact on project planning

I just watched a TEDxCSU video. It has forced me to think about how I estimate projects and deliverable dates. As the presenter describes it in order to learn a new task or skill:

10,000 hours to be an expert (5yrs working fulltime)20 hours to be good enough (45 minutes a day will take a month)(he is careful to say that 20 hours is qualified with all barriers removed)
For me the number are interesting when planning a new project or assignment and presumably the numbers shift based on complementary skills and knowledge. And you have to ask yourself how much do you need to know in order to be that expert. And what about relearning so you can make changes.
(how is pairing going to effect these numbers)
For me that even the smallest assignments are going to take anywhere from 8 to 16 hours just to get back up to speed before the actual work begins. Except in the rarest cases when the assignment dovetails with the last assignment.

This past weekend I started working with the Amazon ItemSearch A…

"where is NodeJS malware"

The author of this article did not have comments turned on so I will respond here. The challenge ahead of open source programmers is the same FUD that has always been there. When you incorporate a 3rd party library you have to perform a risk assessment and decide for yourself, employer or client whether the risk is acceptable.

In recent weeks I have started to perform code reviews of the projects I want to integrate with and then I fork their code so that I'm working from my version of the code.  This has several side effects.

The first side effect of forking code is that I do not need to follow the main project and review every commit. Therefore it's unlikely that any malware will enter into my ecosystem.

And secondly. If I make changes to the code I can use them immediately instead of waiting for them to make it into the main project via a pull request.

The only real side effect is that I am now programmer and reviewer/librarian. Which I kinda was anyway.

futures and promises look and behave like elixir's "amazing" pipe operator.

Here is the Elixir version (snapped from pragprog):
And here is the Dart version:

And then there is no surprise that the JavaScript (functionality provided by 'Q', 'Deferred', 'Promises' and a number of other libraries) version is nearly identical to the Dart version.

It's a fantastic structure as it makes the code so much more compartmentalized and easy to grok.

System Architecture by Fractal Construction

In recent days I've had various conversations that lead me back to this point "System Architecture by Fractal Construction". And to clarify what I mean I'll take some hints from wikipedia's description.



Proper system architecture is implemented by using a fractal dimension construction technique. For example when you look at the Unix filesystem from the root directory you'll see:

. ├── bin ├── dev ├── etc ├── home ├── sbin ├── tmp ├── usr └── var
But then in my home directory you'll find a similar structure:
. ├── bin ├── etc ├── tmp ├── usr └── var
And then you'll find the same thing in you applications too (those that were not part of the base distro might be located in /usr/local/Cellar/<appname> or the like.

What makes the "fractal dimension" awesome is that it also applies to application design and architecture. Think about the "design of the UNIX operating system". What's amazing is that there are many more layers; many of which are i…

Multi user tablets

Apple did not deploy multiuser iPads because its hard. And harder based on their design. And a less captive feature. 
Google, trying to enter the market needed a differentiator. But their design was also more conducive to multi user. 
The next coming months will determine which tablet I buy for myself.