Joe’s Amazing Technicolor Weblog

Update: Vermonster has a nice recount, chock full of code & explanations.

A fine time was had the other night in the offices of Boston’s Vermonster, when a few Vermonsters generously helped some folks from Boston.rb get up to speed on the use of some NoSQL projects from Ruby.

Up until now, I’ve been a little leery of NoSQL. Probably due to painful past experience with ZODB failing to keep up with moderate loads, and reading too many Philip Greenspun essays at an impressionable age. Happily, it appears that the projects collected under the NoSQL banner can actually walk and chew gum at the same time, without rendering your data unreasonably inconsistent.

The whole question of the Consistency of one’s data is addressed by the CAP theory, which I understand to roughly say

Consistency, Availability, Partitionability: pick (at most) two, particularly under certain challenging conditions such as running Google or Amazon.

Even if you aren’t running something quite that big, there seem to be some situations where you’d want to think about this stuff — for example, running an app on Google’s App Engine (right? Haven’t yet myself.) Plus, all the cool kids are into it.

We worked with the locally-written Riak (looks like it’s the topic of the April Boston.rb meeting!) and with CouchDB. Both are ridiculously easy to get running locally, have Ruby client libraries, and are powered mainly by Erlang, with javascript Map/Reduce. For the latter, we used the couch_potato library, which seems to do a nice job of writing your javascript for you in the most common cases.

We wrapped the evening up with a coding challenge. My brain was fried & I gave up 2/3rds of the way through, but still had a blast & learned plenty. As a side benefit, beyond the exposure to the NoSQL, my state-of-the-art-circa-2008 Ruby habits got challenged by working with RSpec, 1.9.1, and RVM, all of which will should prove handy for future things.

Big ups to Vermonster for hosting, feeding, and educating us. They are good guys, skilled teachers, and have excellent taste in beverages.

I spent part of last Wednesday at the Boston Tech-Security Conference, held at lovely UMass Boston. Getting me there was a triumph of email marketing by hosts Data Connectors, as I hadn’t heard of this series and couldn’t really find any 3rd party accounts on the web. That, and it was free. Since I’m newly back in a higher-level IT administrative capacity after years of just focusing on web application security, I decided to give the conference a try.

First impressions (after noting how unfriendly the UMass campus is to bicycles) were of an absence of buzz. Many vendors hanging around in one room, and then a vendor representative giving a traditional one-way presentation in the next room. After attending a few barcamps, it really seems to me that a more interactive format would benefit everyone involved. This conference was clearly driven by the vendors, but it seems to me that it’d be in their best interests to learn more about their potential customers’  interests and concerns, rather than broadcasting a sales message.

Despite the one-to-manyness, the presentations I made it to varied quite a bit. A few did a good survey of some aspect of security, and then tied that discussion into the vendor’s offerings right at the end. Others were basically just sales pitches. Guess which kind lost more of the audience?

new concepts to me

NAC - Network Admission Control. Folks will sell you systems that go beyond requiring just a username / password combo to get on a given network, by combining checks on device MAC / IP, allowed hours of operation, and presence and activity of specified software. Packetfence looks like a promising open source NAC.

IPS - Intrusion Prevention System. If I’m understanding correctly, these go beyond IDSes by taking some action such as updating firewall rules when naughtiness is detected. It looks like Snort has been able to do this sort of thing for a while, also PF has some related capabilities.

notable speakers

Ming Fu of Lumension introduced me to the concept of thumbsucking — apparently the new hotness in social engineering attacks is to leave USB drives with said software lying about in parking lots, expecting that some percentage will be picked up & plugged in… nasty! Lumension’s tie-in is that they have a product that allows strictly defined device access controls for windows boxes, so you could set up rules that would prevent employee accounts from mounting any USB devices, and only allow admins to mount USB devices already encrypted with your organization’s key.

Ken Pappas of Top Layer Networks gave a high-level rundown on the overall tech security situation, and managed to do it with not an ounce of sales pitch. Authentic confidence is an excellent marketing tool, and Ken’s got that. His early remarks included a shout-out to the Boston chapter of the possibly shooting-to-kill InfraGard. He then went on to summarize the state of security in ‘08, which is basically: not that great. Incidence rates are going up, the range of attackers is increasing in professionalism and skill at the top end and becoming even less sophisticated (i.e. lower barrier to entry) on the low-end with easily available point-and-click tools for launching mail bombs, etc. Those of us responsible for computers attached to networks definitely need to be budgeting some of our time to keep up with the evolving threats, regardless of whether we’re aware of any particular adversary that’s out to get us or our data.

takeaway

It’s important to get away from the daily stream of projects periodically, to think about things from a higher level. Vendory as this conference was, it did give me that opportunity, and I did re-prioritize my TODO list at the end of the day.

The downside: I hadn’t thought through how many calls & emails I was setting myself up for receiving from the conference vendors. FYI, I am 100% of the time never going to spend money with someone who calls me out of the blue and interrupts whatever I’m working on. Send me an email, and I’ll file it for processing at an appropriate time.

BarCampBoston 3 is where I spent much of this past weekend, and it was a great time. The event had a very relaxed feel, and was full of interesting & friendly folks. Had the experience a number of times of sitting and chatting with some random person about real estate or gardening, and then find out that they played key roles in some major software project that I use every day. This did not happen so much when I lived in Minnesota.

(that’s my laptop, hand, and water bottle in the foreground of the photo. Nice shots of the event, Justin.)

Saturday

Sessions this year were only 30 minutes long (a bit short without downtime between most of them), so it was easy to see lots of different things:

• many-eyes.com an IBM research project, for making a number of interesting data visualization tools easily available for anybody to upload arbitrary data into. Lots of neat examples.
• John Resig ran through the basics of processing.js. Awesome.
• a session on git basics, which was pretty handy for me being at my current point on the learning curve (which is not too far)
• “Rails War Stories” ended up mostly being a “testing lets you develop faster” vs. “testing makes you develop slower” discussion. Great example of how smart, well informed people [which I believe the participants to have been] can hold diametrically opposed views on a topic.
• Although I’ve heard a bit about Amazon Web Services, in particular S3 and EC2, the intro presentation was pretty handy in terms of walking through pixily’s use, and some of the related issues.

Talking Backups

This year, the session organization process felt more open. In particular, there was a dedicated sheet of paper to stick potential sessions onto, which could then get check marks or other feedback from interested people. Since one of my major projects at work these days is putting together a new backup system, I proposed a discussion about open source backup & recovery. Enough folks expressed interest that I went ahead and scheduled it for later in the day, and sure enough we ended up with over a dozen folks.

While I’d worried that backup was a potentially boring subject given the other things going on, folks ended up having plenty to say. It was certainly helpful for me to put my thoughts together for the occasion, and to get feedback on some of the stuff I’ve done and am considering. It was also really interesting to hear about other backup scenarios people had experience with, and some of the other classes of tools that I haven’t really considered for my current purposes.

Sunday

Less people showed up, giving things even more of a laid back feel. We still ate a ton of pizza.

• The topic of hosting email came up a number of times, and the consensus seems to be that there’s generally not much sense in going to the trouble of doing it yourself anymore. No objections here.
• Seeing a demo of fogbugz was pretty interesting, having heard lots about it. Doesn’t sound like a fit for anything I’m working on now, but I can see how it would work for certain orgs. Heard a bit about using trac with distributed VC, which I can more easily imagine, and was interested to hear about the trac fork drproject.
• Really interesting hallway conversation about cloud computing and the end of the relational database. Got turned onto ThruDB, which I hadn’t heard about, and heroku which I had, but hadn’t realized how far along it’s come.
• Hadn’t really been aware of OpenWrt’s progress. Their supported hardware list will now be a research stop before making wifi purchases.

Adam at Universal Hub has a comprehensive post on Tuesday’s city council election.

Boston.com has two year old articles.

Score one for the bloggers!

Update: Brighton Centered posts scans of Globe sidebar on candidates. Bloggers 2, boston.com 0.

Hey, what do you know — Boston’s having a bicycle summit, starting in 3 days. The town-hall meeting in Copley on Monday & community open houses on Tuesday both look good to me; it’s also interesting to see stuff for planners, public health people, etc. Maybe this is what having a bike coordinator for the city will be like?

Update: an hour after posting this, what do I see but a new zine on Boston cycling: the Reflector (nothing online yet, but they’ve got plans). It’s interesting to read the opening essay about cycling-related developments in City Hall, in light of the above announcement of the summit. Maybe Boston’s pent-up cycling energies are finally going to get somewhere.

I was able to make it to a good chunk of Barcamp Boston 2 this weekend, and learned some good stuff. Hats off to the organizers for putting everything together, especially considering the challenging weather conditions. Some of the things I picked up:

• OpenID is threatening to pick up enough adoption to be hard to ignore. Still looks like there are more producers than consumers, and I’m not comfortable yet that I understand the trade offs of delegating my ability to log into a wide swath of services (maybe YADIS could be helpful here?).
• Mapping has come a long way. In particular, OpenLayers is being used for some very interesting stuff, for example at the Open Guide to Boston. Advantages over the Google Maps API include openness and ability to do non-point features (like a bike path). Recommended tools also include Quantum GIS, described as something like photoshop on top of a mapping database. Massachusetts, it turns out, is a leader among states in terms of sharing mapping info (other good local resources include Harvard and the metropolitan planning council).
• New respect for the things that can be done with javascript. Including Alan Taylor’s encryption-in-your-browser project, John Resig’s jQuery presentation, the Open Layers stuff, and the guy in the CakePHP session who salvaged some laughs from Nate’s “starts with java” joke. jQuery seems like it’s worth a closer look - I like what I saw of the selector syntax, the ($document).ready(function) hook, and the fact that there’s a lively community and seemingly robust plugin system. Also some good pointers at the end of John’s session to the Selenium IDE, test.simple and Firebug Lite.
• Seems like there’s good potential for some kind of coworking arrangement in Boston. In the meantime, I’ll have to check out Sweet Finnish again.
• The Stata center is a fine place for this kind of gathering. It didn’t even leak!