Planet Kristof

LWN: Bruce Perens: Addressing the failure of open source

Most of my readers utilize SSH keys to access remote systems. The security benefits are well known, and key-based authentication makes automating remote tasks a whole lot easier. When you use key-based authentication it becomes imperative to protect your private key, since a third party could access your systems if they were able to gain [...]

Jennifer Granick: Megaupload: A Lot Less Guilty Than You Think:

Suing them is one thing, but putting ‘em in jail is harder.

PetaPixel: Why Wedding Photographers Prices are “Wack”:

You lost me at the “I work four months a year” part.

The Verge: Netflix bows to Warner Brothers, creates four week delay before allowing new releases in your queue:

Ugh, evil. The more likely outcome is that I’ll forget to watch these movies completely.

“There are only three hard problems in Computer Science: cache invalidation, naming things, off-by-one errors and pedantry.”

- wlll

ACTA (Anti-Counterfeiting Trade Agreement) was called "more dangerous than SOPA" by US Sen. Ron Wyden (D-OR), as ars technica reports. "Kader Arif, a French member of the European Parliament from the Socialist Party, had been assigned to be a rapporteur on ACTA, meaning that he was asked to study the issue and deliver a report on the subject. But he resigned in protest on Thursday. ”I want to denounce in the strongest possible manner the entire process that led to the signature of this agreement," he said, according to one translation. "No inclusion of civil society organisations, a lack of transparency from the start of the negotiations, repeated postponing of the signature of the text without an explanation being ever given, exclusion of the EU Parliament's demands that were expressed on several occasions in our assembly.”"

Debian has updated libxml2 (code execution/denial of service) and wireshark (multiple vulnerabilities).

Fedora has updated F15: php (denial of service and information disclosure), F15: php-eaccelerator (denial of service and information disclosure), and F15: maniadrive (denial of service and information disclosure).

Gentoo has updated ktsuss (privilege escalation).

openSUSE will be updating the certificates for all openSUSE hosts located Nuremberg. Click below for details.

If you’ve got the time, we’ve got the HighScalability:

• 9nm : IBM's carbon nanotube transistor that outperforms silicon; YouTube: 4 Billion Views/Day; 864GB RAM: 37signals Memcache, $12K
• Quotable Quotes:
  • Chad Dickerson: You can only get growth by feeding opportunities.
  • @launchany: It amazes me how many NoSQL database vendors spend more time detailing their scalability and no time detailing the data model and design
  • Google: Let's make TCP faster.
  • WhatsApp: we are now able to easily push our systems to over 2 million tcp connections!
  • Sidney Dekker: In a complex system…doing the same thing twice will not predictably or necessarily lead to the same results.
  • @Rasmusfjord: Just heard about an Umbraco site running on Azure that handles 20.000 requests /*second*
• Herb Sutter with an epic post, Welcome to the Jungle, touching on a lot of themes we've explored on HighScalability, only in a dramatically more competent way. What's after the current era of multi-core CPUs has played out? Mainstream computers from desktops to ‘smartphones’ are being permanently transformed into heterogeneous supercomputer clusters. Henceforth, a single compute-intensive application will need to harness different kinds of cores, in immense numbers, to get its job done. Different parts of even the same application naturally want to run on different kinds of cores. Applications will need to be at least massively parallel, and ideally able to use non-local cores and heterogeneous cores. Programming languages and systems will increasingly be forced to deal with heterogeneous distributed parallelism. Perhaps our most difficult mental adjustment, however, will be to learn to think of the cloud as part of the mainstream machine – to view all these local and non-local cores as being equally part of the target machine that executes our application, where the network is just another bus that connects us to more cores. If you haven’t done so already, now is the time to take a hard look at the design of your applications, determine what existing features – or, better still, what potential and currently-unimaginable demanding new features – are CPU-sensitive now or are likely to become so soon, and identify how those places could benefit from local and distributed parallelism. Now is also the time for you and your team to grok the requirements, pitfalls, styles, and idioms of hetero-parallel (e.g., GPGPU) and cloud programming.

There's so much more the Internet has to say on Scalability. Click below to be in on all the secrets...

The Verge: Debate rages as Spotify, MOG, and Rdio kill / save the music industry:

Are we replacing download dimes with streaming pennies or streaming quarters?

GigaOM: Hey Silicon Valley, Nest isn’t the only smart thermostat around:

But, but… the iPod!

Ordinarily I focus this blog on areas of computing where I spend most of my time from high performance computing to database internals and cloud computing. An area that interests me greatly  but I’ve seldom written about is entrepreneurship and startups.

 

One of the Seattle areas startups with which I stay in touch is Socrata. They are focused on enabling federal, state, and local governments to improve the reach, usability and social utility of their public information assets.  Essentially making public information available and useful to their constituents. They are used by: the World Bank, the United Nations, the World Economic Forum, the US Data.Gov, Health & Human Services, Centers for Disease Control, several most major cities including NYC, Seattle, Chicago, San Francisco and Austin and many county and state governments. Even foreign governments like the Country of Kenya have adopted Socrata.

 

I first met Kevin Merritt, the founder and CEO of Socrata, back in 2005 when I was doing technical diligence for the Microsoft acquisition of the LA-based Frontbridge Technologies. I love doing diligence on startups because it’s an opportunity to dive in and spend a day or more digging deeply and understanding what smart people have produced, where things worked really well, and areas where things didn’t pan out as well as they could have. I’ve learned a lot in these roles and I’m  lucky to have been able to do many of them first at IBM, later at Microsoft, and now at Amazon.

 

What made this one a bit different is I got a call shortly after the deal closed asking if I wanted to be the General Manager of the Microsoft subsidiary that was formed in the acquisition. An opportunity to run mid-sized business in its entirety. Development, test, operations, and customer support. Absolutely! I’ve never learned so much as I did in the first year or so at what would become Microsoft Exchange Hosted Services.

 

It was a great experience and I’ve been 100% focused on cloud services since that time. And, as a consequence of leading Frontbridge, I got to know Kevin Merritt well. He is an excellent strategic thinker and an even better operator. Whenever Kevin was involved, customers were happy and the service was rapidly improving and expanding.  Kevin eventually left to form Socrata and he and I have stayed in touch since then. He knows I’m a sucker for a beer and some wings :-).

 

Based in Seattle, Socrata is venture-backed with a small and talented engineering team.  They are enjoying strong customer demand and their market success is fueling growth in the engineering team. They are currently looking for a CTO and, if I didn’t already have one of the best job out there, I would seriously considering joining Kevin and the team.  If you are a technology leader interested in big data, cloud computing, architecture of distributed systems, ops automation, and the user experience of making data easy to find and use, you should send Kevin, their founder and CEO, a note at kevin.merritt@socrata.com.

 

                                                                --jrh

 

James Hamilton

e: jrh@mvdirona.com

w: http://www.mvdirona.com

b: http://blog.mvdirona.com / http://perspectives.mvdirona.com

---

From Perspectives.

Lennart Poettering has announced the posting of a summary of the motivations for merging several root-level directories into /usr. "A unified filesystem layout (as it results from the /usr merge) is more compatible with UNIX than Linux’ traditional split of /bin vs. /usr/bin. Unixes differ in where individual tools are installed, their locations in many cases are not defined at all and differ in the various Linux distributions. The /usr merge removes this difference in its entirety, and provides full compatibility with the locations of tools of any Unix via the symlink from /bin to /usr/bin."

Fedora has updated rubygem-actionpack (F15; F16: cross-site scripting).

Oracle has updated kernel (OL6: privilege escalation) and kernel-uek (OL5; OL6: privilege escalation and improved CVE-2010-2962 fix).

Scientific Linux has updated kernel (SL6: privilege escalation), glibc (SL6: multiple vulnerabilities), openssl (SL6: multiple vulnerabilities), t1lib (SL6: multiple vulnerabilities), and qemu-kvm (SL6: privilege escalation).

SUSE has updated java-1_4_2-ibm (SLE 10 SP4: multiple vulnerabilities).

Ubuntu has updated evince (code execution), linux-lts-backport-oneiric (privilege escalation), icu (code execution), and xorg (access restriction bypass).

GigaOM: IBM and NEC team up to take on Cisco

The 2.6.32.55, 3.0.18, and 3.2.2 stable updates have been released; each contains the usual long list of important fixes

The LWN.net Weekly Edition for January 26, 2012 is available.

Brad Hedlund: Construct a Leaf Spine design with 40G or 10G? An observation in scaling the fabric.:

And if you’re feeling radical, jellyfish have no spine at all…