Book Review: Web Operations: Keeping the Data on Time

Uncategorized
For my kickoff of systems engineering book reviews I have chosen this book. While not being technical in the strict sense of the term (if you are looking for code snippets or ready-to-use architecture ideas, look elsewhere), this collection of 17 essays provides a birds-eye view of the relatively new principle of Web Operations. As you will see from the short TOC below, no stone is left unturned and broad coverage is given to a range of subject ranging from NoSQL databases to community management (and all the points in between). This is what you will be getting: Web Operations: The career How Picnik Uses Cloud Computing: Lessons Learned Infrastructure and Application Metrics Continuous Deployment Infrastructure As Code Monitoring How Complex Systems Fail Community Management and Web Operations Dealing with…
Read More

Coming up on Commodity

Uncategorized
For the past few months I have been silent, with the last entry being a re-blog from xorl's (defunct?) blog. That is quite a long time for a writer's block, eh? Well, here is some insight: professionally I have somewhat moved away from security to towards a systems engineering paradigm. While security still plays an important part both professionally and on my personal time, it is not the dominant focus. Building systems engineering skills is hard work, especially of focus on the engineering part as opposed to the systems part (e.g. systems administrator and systems engineer should not be interchangeable terms). My plan is to publish reviews of books and other resources that I found helpful during my journey, as well as some original hacks that I have made. I…
Read More

Rediscovery and Security News

metablogging, Rants, Uncategorized
First things first: Happy 2012 everyone. So, this blog has been silent for a little while now. More astute readers might argue along the lines of "hey man! This is supposed to be a technical blog - where are all them technical articles? Have you ran out of material?". Take a deep breath, the dreaded, almost compulsory metablogging block after a long pause is coming ... The answer is a big NO! There is an abundance of material that I am proud of BUT a lot of this research has been done while solving problems for paying clients. The problem can be refined as "how do you tip-tap-toe around NDAs and do you choose to do so?". Smart money says not to do it, so I am not. Keep this…
Read More

P For Paranoia OR a quick way of overwriting a partition with random-like data

Hacking, Uncategorized
(General Surgeon's warning: The following post contains doses of paranoia which might exceed your recommended daily dosage. Fnord!). A lot of the data sanitisation literature around advises overwriting partitions with random data (btw, SANS Institute research claims that even a pass with /dev/zero is enough to stop MFM but YPMV). So leaving Guttman-like techniques aside, in practice, generation of random data will take a long time in your average system which does not contain a cryptographic accelerator. In order to speed up things, /dev/urandom can be used in lieu of /dev/random, noting that when read, the non-blocking /dev/urandom device will return as many bytes as are requested, even if the entropy pool is depleted . As a result, the result stream is not as cryptographically sound as /dev/random but is…
Read More

Hello world demystified

Hacking, Uncategorized
Hello all, in the finest programming tradition, I take it that every time one took a programming course or decided to have a quick look into a programming language, writing a "Hello World" program was one of the first things done. However, even in such a small program, do you really know what it does behind the scenes? Yiannis blogged about it here, giving a Java test case (and by the way, allow me to extend my welcome!) and Dimitris provided a C equivalent there. However, let's do a roundup. After whacking some Perl code, I got the following results Let's start with the old workhorse, Perl: ################################################################################ The Perl version ################################################################################ strace -c -f -q perl hello.pl % time seconds usecs/call calls errors syscall ------ ----------- ----------- --------- ---------…
Read More

CPython threading vs multiprocessing – the 5 minute introduction

Hacking, Uncategorized
MJC brought to my attention the following piece of code which attempts to provide some empirical data comparing the use of threads vs processes in CPython. This code, which I understand that it is stored for historical purposes, has some bugs, which I have pointed out in the comment section, but this is not the point of this article (something like this would be not constructive). I believe that a far better contribution would be to write a short piece attempting to point out a few "gotchas". Bit rot took hold and the post above has disappeared but the rest of the article still applies ... For the rest of this small article, I assume that you are familiar with how threads work in CPython, especially the GIL "issue". If…
Read More

Some random thoughts on Greek startups

Rants, Startups, Uncategorized
[The article below is somewhat of a rant, read it at your own peril and yes I know this is not the proper way to resume blogging after months and months of inactivity] So it seems that the Greek IT market lately has seen an influx of "startups". Their implied cause appears to be quite a noble one, "be not what is traditionally associated with the words "Greek IT" (or "get-rich-quick-or-die-trying" for the more pragmatic amongst you). However, the whole thing reeks of the "Johnny-come-lately" syndrome, at least for me. Below is a partial list of my pet-peeves: 1) i-somethings will NOT make you a millionaire. Sure, there are more than enough success stories doing the rounds but the whole market is rather hit-n-miss, with the miss part taking the…
Read More