Monday, October 26, 2015

Where did this ship from?

According to Amazon, I placed the order Oct 18, it was shipped Oct 19 and it is going to take 3 weeks to arrive. Is this a punishment for not getting Amazon Prime? If the item was sold and shipped from anywhere in the US it should not take longer that 3-4 days using the regular postal service. Amazon should be ashamed of itself! I cannot wait for their class action lawsuit to begin.

I've previously commented that Amazon prime does offer free shipping, music an video, however, it is so filled with Amazon advertising that it's hardly worth the expense.

Thursday, October 22, 2015

Get Marshmallow now?

I'm not sure what the right way to install Android 6 but this is the broad outline of the steps I performed. Also I have no idea what the long term repercussions are. Good luck to me.
WARNING you are on your own if you decide to do anything I describe here
Google's instructions make certain recommendations:

  • latest Android SDK
  • means installing the Android Developer Studio; and if you're like me and you refuse to install Java then you'll need version 7 or better
  • Latest Android Image
Now for the phone:
  1. put the Nexus 6 in developer mode
  2. enable OEM unlock
  3. power-off the phone
  4. connect the phone to your computer
  5. quick boot the phone (volume down+power)
  6. OEM unlock
  7. select YES; then press the power button (WARNING; going to delete everything and reboot)
  8. once the phone reboots you'll have to 
  9. unzip the Android 6 image
  10. make sure fastboot is in the path
  11. run
  12. (I had run out of the house before this step finished so I do not know if there was a reboot. I imagine there was)
  13. now do a normal init.
So now things are wonky. And have me bothered.
  • the phone would not lock without a purge
  • the phone remained in developer mode (turning it off was ok, but still squirrely)
  • the phone also had OEM unlock enabled (could not disable without a purge)
  • I'm pretty certain everything restored ok... it took almost 60 minutes to restore my apps. Seemed kinda long.
  • I think my biggest concern is that the ATT splash page is still running and the dancing balls is still booting the firmware instead of the spinning circles.
So I do not know if I've created a franken-phone or if it's ready for primetime.

Monday, October 19, 2015

is a 16GB ChromeOS device sensible

I do not intend to brag but I have 4 Chromeboxes and 6 Chromebooks. One Chromebook, a Pixel i7, and one Chromebox, an ASUS, have 16GB of RAM. I opted for the extra RAM because of the work I do but maybe I've gone too far? I've been having second thoughts about the Pixel anyway. And now my concerns feel more real.

I've been wondering why Google and the other hardware brands have not just loaded these machines up. The great RAM famine of 2007 and others are long since over and since the configurations appear a few generations back, why not? This is particularly interesting since Google is competing to enter the school system. In that role it's less about the hardware than the software.  To be frank the extra ram is only useful for offline work and lots of open tabs.

However, recently I have been working on a client's SQL Server database. The default query timeout is 90 seconds; meaning that if I cannot complete a query in 90 seconds the request will abort and there is nothing I can do about it. But what I have discovered is that there is nothing I cannot query that cannot be satisfied in 90 seconds. And so I'm asking myself, do I really need 16GB of RAM when not everyone else is going to have that much?

Sunday, October 11, 2015

NCAA Football Ranking

Last night Florida State University's football team(Seminoles) beat the University of Miami (Hurricanes), however, it was not an assured victory before the opening kickoff. While the Seminoles had the lead going into halftime it was not decisive and the third quarter was dominated by the Hurricanes. I was not until the last 5 minutes and then the last minute of play when the Noles took the lead and held it. But it was never a lock.

At the time time; the broadcasters were showing other scores from around the country. That included TCU(2) vs Kansas St. Late in the 4th quarter it also appeared as if Kansas might upset TCU and while that sort of upset would be great for FSU it also points to how awkward and unreasonable the ranking system is.

Both Kansas St. and U of M are unranked teams, and if history is a teacher than, a victory would have severely damaged the ranked teams they played. It seems to me that a team can be a spoiler by merely preparing for the one game... It has been rumored that U of M may fire it's coach. So it seems odd that his team would pull out such a strong performance against such a strong team. I suppose there are a number of factors from the coaches perspective... if he's a conservative coach and with his job on the line makes some unexpected choices... then I get it.

But I doubt it.

A system that favors the spoiler is not an equitable system. Especially when not all teams play each other. I suppose it's better than nothing but it could certainly be better.

Another note... strength of schedule is only an estimate before and during the season. It's not until the last game has been played that the actual strength is known.

Thursday, October 8, 2015

labstack echo - nice http server in go

The echo http server is pretty nice even though it's missing a feature or two.

  • I would like to be able to serve assets directly from go-bindata's assetfs
  • setting a root path without it being a path substitution
  • missing ServeContent()

func main() {

        // Echo instance
        e := echo.New()

        // Middleware

        e.Static("/public", "www/public")
        // Routes
        e.ServeFile("/welcome", "welcome.html")
        e.ServeFile("/styles.css", "styles.css")
        e.Get("/a", hello)

        // Start server
        log.Printf("Listening to port: %v", *bindto)

Some good stuff
  • fast
  • zero stack
  • websockets
  • JWT (even though I do not trust it)
  • graceful shutdown

Tuesday, October 6, 2015

Latitude and Longitude notes

I'm working on a map that contains incomplete lat/long and while adding the missing locations I've made some mistakes. In particular when I found the lat/long on Google for Guam I was not sure if I was suppose add a negative sign or not.

Turns out NOT. So I was wrong and I had to correct my map. is awesome.

Chromecast Audio

It's a pretty cool idea and for the price it might make a good stocking stuffer but I do have a few observations.

While the image above is reasonable it's missing the power cable. When I initially discovered the Chromecast audio I was under the misconception that it might be battery powered. (looking back at the Chromecast I should have realized that).

The main use-case requires a WiFi connection for all of the devices to communicate. There is a "guest mode", however, I do not know if the device needs to be connected to a WiFi network to enable that mode.  In other words is there a "hotel mode" so that I can bring it with me on the road.

In the meantime it's just fine around the house but it's main use-case might be statically connected to the home stereo.

Saturday, October 3, 2015

better documentation for vulcand

The banner on the Vulcand documentation reads:
Warning Status: Under active development. Used at Mailgun on moderate workloads.
I've read through parts of the docs several times and I'm basically disappointed. I've finally come to the realization that Vulcand is meant to be run inside a proper firewall so that means don't try to use it at digital ocean as they do not provide a proper firewall. And remember to add the necessary ports when forwarding 443 and 80 etc.

My concern is that ports 8181 and 8182 in the examples:
docker run -p 8182:8182 -p 8181:8181 mailgun/vulcand:v0.8.0-beta.2 /go/bin/vulcand -apiInterface= --etcd=
will be exposed to the public and private network. This is not the sort of thing that one guesses at. I would hope that they would be more clear.  The API interface is also bothersome.

El Capitan -

I have a plasitic unibody MacBook.

It had been my go to computer for a year or two. I handed it down to my wife after her previous Generation MacBook failed and was end of life.

Two nights ago I updated her OS from Yosemite to El Capitan. Even though her computer has 16GB of RAM and 2TB of disk it's performance is awful! Given that Moore's Law suggests that CPU density doubles every year and by extension increased performance there is no justification for why her MacBook is so slow.

Occam's Razor suggests something completely different. Since operating systems are so very complex and thus standardizing hardware designs to make use of commodity manufacturing economics there must be a black ops department with Apple that intentionally breaks backward performance and speeds up end of life. As an example look at any of the popular Linux variants, Windows and ChromeOS. With few exceptions edge to edge versions do not suffer the sorts of performance issues that Apple consistently demonstrates.

UPDATE: In a way I feel vindicated. This writer asks the right questions although I'm not sure where he gets the answers but they are inline with my hypothesis.

Friday, October 2, 2015

moving a project from a single dedicated host to a CoreOS installation

After all that complaining I'm still going to try to move a project of mine from Rackspace to Digital Ocean and from Ubuntu to CoreOS.

Right now I have a single etcd server and a single worker. The worker will run three containers; database data volume container, postgres database container, wepapp container (python 2.7).

Get a discovery tokey


Create the etcd server:


    # generate a new token for each unique cluster from
    # specify the initial size of your cluster with ?size=X
    # multi-region and multi-cloud deployments need to use $public_ipv4
    advertise-client-urls: http://$private_ipv4:2379,http://$private_ipv4:4001
    initial-advertise-peer-urls: http://$private_ipv4:2380
    # listen on both the official ports and the legacy ports
    # legacy ports can be omitted if your application doesn't depend on them
    listen-peer-urls: http://$private_ipv4:2380
    metadata: "role=services"
    - name: etcd2.service
      command: start
    - name: fleet.service
      command: start
    reboot-strategy: etcd-lock

Create the worker:


    # use the same discovery token for the central service machines
    # make sure you have used the discovery token to bootstrap the 
    # central service successfully
    # this etcd will fallback to proxy automatically
    # listen on both the official ports and the legacy ports
    # legacy ports can be omitted if your application doesn't depend on them
    metadata: "role=worker"
    etcd_servers: "http://localhost:2379"
    endpoint: "http://localhost:2379"
    - name: etcd2.service
      command: start
    - name: fleet.service
      command: start
    reboot-strategy: etcd-lock

Create the data volume

docker run --name local-postgres9.4 -e POSTGRES_PASSWORD=password -d --volumes-from postgres9.4-data postgres:9.4

Create the database container

docker run -it --link local-postgres9.4:postgres --rm postgres:9.4 sh -c 'exec psql -h "$POSTGRES_PORT_5432_TCP_ADDR" -p "$POSTGRES_PORT_5432_TCP_PORT" -U postgres'

Create the psql container

docker run -it --link local-postgres9.4:postgres --rm postgres:9.4 sh -c 'exec psql -h "$POSTGRES_PORT_5432_TCP_ADDR" -p "$POSTGRES_PORT_5432_TCP_PORT" -U postgres'

What's next?

  • backup and restore the data from the original server
  • create a webapp container and connect to the db
  • create a vulcand container
  • create fleetctl service files and run

Could the Docker bet be wrong? "The mythical man-month applied to sysadmins too."

What would happen if the Docker bet was wrong? First of all companies like VMware and OpenStack support Docker as a "me too" as far as that does. Beside rkt(Rocket) there isn't much competition. (Ubuntu has something called LXD and NixOS, Systemd, and a few other teams have wrappers around LXC. Docker is also trying to wrap itself in legal armor and it's moving from free/open to pay for play.) It's clearly all too confusing. So many companies are wrapping themselves in the multicolored robes of docker and the rest are simply hedging their pets.

Let's do a little shoestring and paper napkin analysis:

  • Docker claims to remove the duplicate features in running a proper OS per application by sharing the kernel with the host. Thus reducing the overhead and energy spent. So I ask the question: "If you're running a vannila Ubuntu in a Docker container just what is the savings? Phusion has already made certain claims about the number of daemons running and why their distros are better. Unless you are running a Scratch or possible Busybox guest you're not saving all that much compared to ESX which really does not have a host OS although it is a shim of sorts.
  • Docker security. Non existent and has a very high dependency on single source and 3rd party sourcing of dependencies and tools. It's simply nothing that can be audited. Apcera does some things right but it's too expensive and has not competition. I cannot get locked in that one trick pony.
  • Docker dumped the free boot2docker in favor of the not so free toolbox. 'nuff said.
  • While all this chroot and jail stuff is fun to play with can I really save my company money? fleet is a nice orchestration tool. Now that I have my apps written in go they port and schedule nicely. I could do more with my app and less with my containers.
  • Disaster Recover
  • lights out bootstraping
  • rkt, nspawn (said that already)
  • backups, shared volumes, hosted volumes
What am I forgetting?

Oh yeah, there are way too many sysadmins and devops that are good enough at their jobs that for all but the most seasoned paper dragons would probably rather spend their time hardening their current environment rather than rebuilding it from scratch.  The mythical man-month applied to sysadmins too.

UPDATE: if you really want to go bare metal you gotta try erlang on xen or elixir on xen. But one other advantage that I really didn't cover is that VMware and it's competition already have a class of tools that Docker is trying to attain. Trading chef, puppet, ansible orchestration for Dockerfiles or appc is ok but again why. You can do the same thing with simple perl, python and bash. Installers have been around a long time. And bootstraping too.

Apple Upgrade Heiku

El Capitan; 30 minutes to download
El Capitan; 45 minutes to install
iCloud Photo Library crashes routers
ChromeOS, priceless

Thursday, October 1, 2015

Google OnHub Review

WiFi was never as complicated as it is today and the ignorance of the hardwired lifestyle is to be appreciated. Personally I have owned a number of different firewall-routers going back to an Intel 56KB modem router; through many d-Link, TP-Link, Linksys, Apple. Now I'm the owner of a Google firewall router that is manufactured by TP-Link.

I'm not certain who did what part of the package, however, I recently read an article where Google is no happy with it's Nexus vendor(s) which is why they brought the Pixel-C under Google manufacturing. Who knows?

I watched a demo of the OnHub and I was immediately impressed. Not because the packaging looked like it was from Tiffany's but because it was said to have 16 antennas and one high performance directional. (My house is concrete and steel with metal studs. It's practically a Faraday cage. Second the software was described as advanced and feature-full... or some such.

While all that seems kitsch there are still plenty of warts:

  • The packaging is nice compared to current standards. I suppose it's meant for housewives(color recognition) or the less technical as techies might not care much about it. I don't.
  • The box indicates that there are setup instructions. There were none, however, once the app is installed all was revealed.
  • Since I was replacing an existing installation I decided to use my existing cables. Normal flex/tension gaskets around the typical Ethernet cable make it difficult or impossible to install the cover.
  • The documentation indicates that one should put the OnHub in a prominent place. On the one hand that makes sense so you can see the status color ring. On the otherhand it's stupid because most of the problems that the OnHub is supposed to solve are related to placement, power, and performance. Placement requires, access to power, the wired internal network, the external modem. None of these things are going to be in the "prominent" place in the home.
  • When the placement of OnHub is above eye-level it's impossible to see the status ring.
That was just the physical stuff. Now comes the software.
  • The setup was pretty painless
  • missing some features
  • couple of miscues but nothing terrible
  • some of the more complicated or edge case features have weaker interfaces
Customer Support:
  • on the phone within 2 minutes
  • answered all of my questions
  • she was just a little distracted in her environment
  1. guest networks are in the project plan
  2. directional antenna is opposite of the wiring
  3. actually 13 antennas
  4. cover is not required for airflow
I also offered a feature request: What about a Chromecast puck-like device that would provide a remote OnHub status. I suppose this could also be a WiFi bridge but my place is not that big.

UPDATE: One thing that is missing... MAC white and black lists so that you do not have to change your password in order to recover your network. Actually having dual passwords for the primary network would be very useful so I could rotate passwords without disrupting all of the users.

UPDATE:  I'd like to be able to name a device that did not provide a proper DHCP hostname. And guess what... no static IP addresses or set DHCP addresses.

UPDATE: my Tivo did not work. It uses the wired network but would not change it's DHCP address. I remember that there was a menu option but could not find it.  There was also an option to RESTART the Tivo but that too was absent (it's in HD mode now with a different menu tree). So I just unplugged the Tivo an all was good when it restarted.

UPDATE: This morning when I woke up the internet was down. I know that because the OnHub android app told me so, however, the status ring on the device was teal indicating that things were ok. This is essentially the same problem I was having with my Apple extreme router. I'm not sure when things went south but they did. My internet was fine when I went to sleep the night before and most of our devices were sleeping except one.  The family MacBook running a sync process for the new iCloud Photo Library. I rebooted the hub and put the mac to sleep... the OnHub app indicated that the macbook was consuming about 1.1GB per hour. The conclusion is that there is something that iPhoto is doing that is corrupting the network at a very basic level. There is a post on the apple discussion boards.

another bad day for open source

One of the hallmarks of a good open source project is just how complicated it is to install, configure and maintain. Happily gitlab and the ...