OSCON 2013: The Source Must Flow

July 29, 2013 at 12:59 am (No Comments)

OSCON 2013It’s summer in Texas, which means one thing: It’s time to get away.  Last week I got away to OSCON, O’Reilly’s annual Open Source conference, in lovely, Portland, Oregon.  Herein is the account of that trip.

OSCON is a two and a half day conference preceded by two days of related tutorial sessions.  HP was a Diamond sponsor this year, so I finagled a free badge, and decided to go to the whole thing.  We didn’t have extra travel budget in my team, though, so I paid hotel and airfare out of my own pocket.  More on whether that was a worthwhile expense or not at the end of this post.

OSCON takes place at the lovely Oregon Convention Center across the river from downtown Portland, Oregon.  I lived in Portland for a year when I was in elementary school, and took a turn on the stage as Mr. Tumnus in Hinson Memorial Baptist Church’s production of The Lion, the Witch, and the Wardrobe.  I remember it being a lot larger than it apparently was.  That was a long time ago, and Portland’s a very different city now.

OSCON Networking RibbonsOSCON is a pan-technology conference.  As long as the project is Open Source, it’s welcome at OSCON.  Therefore you get a lot of variety, which is evidenced by the gigantic array of networking ribbons.  I didn’t stick one on, but I saw a few people with displays that would have made a Texas High School homecoming corsage maker jealous.

When I was picking tutorials I tried to focus on things I hadn’t gotten into before, but things I’d heard of, and wanted to know more about.  I ended up going for the R Predictive Analytics Workshop, Introduction to Go, Building a Distributed Sensor Network (with Arduino and XBee), and Erlang 101.  Some weren’t so great, some had unfortunate supply issues with parts.

Arduino AssemblyThe Distributed Sensor Network tutorial seemed really promising, but unfortunately we were missing the micro USB cables we needed to power our Arduinos.  Oh, and the Adafruit XBee Adapters we got were supposed to be pre-soldered, but weren’t.  Not an easy problem to solve when you have no soldering irons and only two and a half hours to do the whole tutorial.

The intent was to have an Arduino based sensor mote with temperature, humidity, IR-based movement and volume (sound pressure) sensors, which transmitted its data to a remote computer via the wireless XBee system.  Unfortunately we didn’t have the XBee adapters, and until half way through the class we couldn’t even power our Arduinos.  Fortunately one of the volunteers managed to run to Radio Shack and get us USB cables, but by then half the class was over.  We did manage to rig up a sensor to our Arduinos and get the data appearing via serial, and we have all the parts and the book with instructions to finish the project, but it was feeling like two and a half strikes in a row before I went to the Erlang talk…

Which was awesome!  Erlang is the weird friend you never knew you needed.  She does all the things that your other friends are terrible at, and after a long heart to heart at the local brewery, you totally get her.  Conference saved.  If multi-actor, highly scalable, multi-core programming is interesting to you, there are some great resources on its page, including Francesco Cesarini’s slides.

Erlang and Go seem to be two different implementations of similar ideas, trying to solve the massive concurrency problem in a structured, production-ready, robust way.  Go’s the hot new kid on the block, while Erlang has been in production for nearly 20 years.  Erlang seems to be a more interesting solution to me, though if you really like writing Java, C or C++, you might prefer Go.

You might have used Erlang if you’ve used CouchDB, Couchbase, Riak, Facebook Chat, Chef, RabbitMQ, voted in any of the UK Big Brother style SMS voting events, or ever sent data over a mobile phone network.  It grows across cores beautifully, and seems like it’ll be a really great solution when 64+ core processors hit the big time.  So, Erlang = Awesome, Conference Tutorials = Very Risky, Arduino Sensor Motes = Someday.

OSCON Space Party

Thursday’s opening party was space themed (I heard that last year it was Camp OSCON with merit badge activities and the like).  They had a jumpy balloon rig, space themed arcade games, interactive art, an indoor inflatable planetarium, a make your own space helmet craft table, and laser tag.  It was fun and loud, but the food options were limited for those on a diet, and as a non-social person, I soon wandered back to my hotel.

Every year OSCON has a nerd-oriented competitive activity.  Beat the game, win a prize.  This year the game was to collect 20 puzzle pieces (which you got from visiting booths, attending keynotes, having lunch, etc), and the prize was an OSCON 15th anniversary hoodie.  As a puzzle oriented and easily obsessed person I got my hoodie Wednesday morning, a few hours after the last piece had been made available.  I was somewhat disappointed to see that there were still hoodies available the last day, but I guess it’s good that those slackers were able to win, too.

Juju on HP Cloud at OSCONWednesday morning kicked off with keynotes, which were presented in an interesting, 10-20 minutes per speaker format.  One of the opening talks was by the president of Canonical, the company that produces Ubuntu and the cloud-oriented app orchestration system Juju.  He demoed Juju’s graphical cluster creation system running on top of HP Cloud, which was nice for us.  Juju looks like a neat system that compliments the existing solutions well, and it’s high on my list of things to look into.  There was also a great keynote about ‘My Robot Friend’ by Carin Meier, where she bravely did live hardware demos on stage, including a Clojure controlled quadcopter.

The most interesting keynote, though, was from Numenta.  Numenta’s keynote was presented by Jeff Hawkins, one of their founders and the guy who started Palm and Handspring.  Their technology simulates the neocortex, the part of your brain that remembers things and predicts patterns (specifically in their software, a 64,000 synapse slice of one of the layers).  They call it the Cortical Learning Algorithm, and they’ve open sourced it in the form of NuPIC (Numenta Platform for Intelligent Computing).  You feed data into this thing, and over time it builds up a map of the patterns in the data and can start to predict what will happen next.  The science is beyond me, but the demo and keynote was great, and you can (should) watch it on YouTube.  I went to their panel later, and they recommended Jeff’s book On Intelligence as a primer for those interested.  There are code samples (in Python!) with the NuPIC library up on their github account.

HP MoonshotThe keynote was impressive, and provided a nice start to the real meat of the conference.  While walking in I also happened to run into Pete Johnson, formerly of HP Cloud and now with ProfitBricks.  It was nice to see a friendly face.  HP also happened to have a booth in the trade show, doing demos of HP Cloud and showing off the oh-so-drool-worthy Moonshot Server.  (Drool worthy server shown at right.)

HP covered lunch for everybody on Wednesday, but I can’t remember what it was.  (I started doing a DietBet last week, so I only ate salads the entire conference.)  The conversations at lunch, though, were great.  On Wednesday I sat at a table with a Wisconsin lo-power FM radio and wholesale ISP guy, someone doing Hadoop at Disney (who’d previously worked at AWS), someone running a private cloud in Vancouver doing simulation-based pharmaceutical discovery, some guys from BlueHost (one of Code for America’s biggest sponsors) in Orem, and a guy who worked for an Apple accessory manufacturer in Portland.

The other panels I went to on Wednesday were one on the temporary cell phone network they setup up during Burning Man, a walkthrough of the parts and software needed to build your own cell phone with an Arduino (did you know that cell phone brains like the SIMCom SIM900 operate with an AT-command derived control setup, like your old 28.8 modem, including AT+HTTP commands to fetch web urls?), a talk on discreet math, and then one on getting kids to code (check out drtechniko.com, a robot language for kids to ‘program’ people, and Alice, a programmable machinima generator).  The last panel of the day was An Overview of Open Source in East Asia, with some really interesting insights into the Open Source community in China, Korea and Japan (and they gave us all free fans!).

OSCON OpenStack 3rd Birthday Bash

OpenStack Birthday Bash3 years ago at OSCON the OpenStack project made its debut, so that means it was time for a 3rd birthday bash.  Fellow HP Cloud-er Rajeev Pandey and I walked over, enjoyed some gazpacho shots, picked up a t-shirt or two, and marveled at their giant paella (seriously, they were like 3 feet wide).  We ran into a few other HP Cloud folks there, including Monty Taylor.  There was a cute birthday cake and lots of cupcakes, but after nibbling and conversing and drinking lots of water (it was surprisingly warm in Portland), soon it was time to go.  Happy Birthday, OpenStack, in software years you’ve almost hit puberty.

The Thursday morning crowd was a bit more subdued, with a fair number of attendees probably partying a little too hearty the night before.  Keynotes were good, with a great talk about Technology diversity by Laura Weidman Powers, co-founder of CODE2040. Licenses were a hot topic as well, including a talk about licenses effecting communities from HP’s own Eileen Evans.  It’s hard to top brain simulation and flying robots, though.

Docker StickerThursday I attended Tim O’Reilly’s talk on Creating More Value Than You Capture (and as an aside, I felt both sorry for Tim in only getting 30-40 attendees, but also better about the 15 my talk pulled in at SXSW), and a great intro to Docker from dotCloud.  If you haven’t looked at Docker, check it out.  The way they bundle up app binaries on top of base machines is awesome.  Then came lunch, with another great group of folks including someone managing DevOps for Disney.com (the entire thing on 60 VMs!).

After lunch was a really great talk on Kicking Impostor Syndrome in the Head by Denise Paolucci.  If you ever feel insecure about your skills, dig up a video of her giving that talk, it was really great.  After that was Designing the Internet of Things with the 3 Laws of Robotics, and then From Maker to China, where Brady Forrest described the challenges and pitfalls of taking a concept from prototype to small-scale manufacturing in China.  One book he recommended for those interested in the product design and manufacturing process was From Concept to Consumer, which now rests on my Amazon wishlist.  After that it was Hardware Hacking with Your Kids, with some funny slides and interesting anecdotes from Dave Neary, and then we were done for the day.  That night I worked on my SXSW panel proposal, and went to bed early.

Trade Show Caterpillar Head

OSCON SwagThe trade show went on Wednesday and Thursday, and had a good mix of big companies, lots of non-profits, and some interestingly unexpected exhibitors (League of Legends maker Riot Games).  There were some great shirts, including this Cloudera one: Data is the New Bacon, and its sister, Data is the New Tofu, one from the Kenyan data mapping non-profit Ushahidi, and plenty of other knicknacks and stickers for the kids back home.  PyLadies was there, Wikimedia was there, Craigslist was there, FSF, EFF, and the Linux Foundation were there.  Everyone was hiring.  The Tizen folks are giving away $4,040,000 (that’s four, count em four… million…) dollars in app development prizes.  There were more hosting and big data software companies than I have fingers and toes.  It’s a good time to be in technology.

Friday was only a half day, so after a keynote exhorting us to join the ACM, one noting that everything important has already been invented, and some group singing, we settled down to business.  First up was Cryptography Pitfalls with John Downey of Braintree.  That was a great talk, and though I knew a lot of the gotchas he mentioned, it was still nice to hear them laid out by a professional.  In short: Use a slow one-way hasher for passwords, don’t build your own crypto implementations, and always check SSL cert validity in your application code.  The slides are up, you should take a look at them.

OSCON ChalkboardAfter a break we headed into Open Source Social Coding for Good, with Benetech.  I’d run into the folks from Benetech in the trade show the day before, and was really excited to learn that they were doing hackathons already with HP’s Office of Global Social Innovation through their SocialCoding4Good project.  I’m really hoping to connect both of them to HP Cloud and do a hackathon in Austin.  The panel was great, and it was good to hear about nonprofits getting traction from corporate hackathons and volunteers.  We need to do more of that.  After that it was Polyglot Application Persistence, and then the conference was over.

So, back to my original question, was it worth it?  Would I go again?

If you’re in Portland, or the Portland area, I think it’s a no-brainer.  It’s a great conference, the attendees are sharp, it covers a ton of stuff, the keynotes are good, and I’m sure there’s something interesting every year.  The trade show’s great.  If you can’t snag a speaking slot or a super-discounted badge, you could get a lot of the value by getting an expo badge and watching the keynotes online.  If you’re paying for it yourself, and traveling to do it, it becomes a much murkier question.  So many conferences are putting everything online these days, what you’re really paying for are the networking opportunities and the experience: That conference euphoria of anything is possible.  That has a lot of value, but if you’re on a budget, maybe local conferences, hackathons, or meetups are good enough.  I hope I’ll be back at OSCON next year, but if I’m not, you’ll all just have to have fun without me.

Book Review: Neptune’s Brood by Charles Stross

July 23, 2013 at 10:50 am (No Comments)

Neptune's Brood CoverCharles Stross has another space opera, a sequel of sorts to his 2008 novel Saturn’s Children.  This one’s called Neptune’s Brood, and it’s all about money.

Perhaps a little introduction is in order.  The world that Saturn’s Children and Neptune’s Brood are set in is a hard sci-fi space opera universe.  It’s thousands of years in the future, humanity has died out, but our assistants, the humanioid bots we built in our image, kept on trucking.  They populated the galaxy (in the first book) and now, some thousands of years later, they have expanded by very slow means to other star systems.  Of course, humanoids aren’t optimized for every environment, so the essential components of synthetic life take lots of forms, little bat creatures, mermaids, squid, worms, etc.  Everything that used to be biological is now biomechanical, but still simulates multi-cell life.

Neptune’s Brood is a find-the-macguffin novel, the heroine Krina Alizond-114 is the forked prodigy of an intergalactic banker.  In order to expand her reach, her mother forks 8 or 16 copies of herself into new bodies every so often.  These copies are born with a debt-load (I told you this book was about money, right?), and if they manage to survive the years of indentured servitude to become real people, they may still be laboring under a giant debt load for their initial construction or housing.  Our heroine is a specialist in a certain type of intergalactic banking fraud, and is trying to track down one of her fork-sisters who seems to be in trouble, and who might know the location of said macguffin.

Before Charles Stross wrote Neptune’s Brood, he read a book called Debt: The First 5,000 Years, and in order to understand how Neptune’s Brood formed, you should have at least a passing interest in money and debt.  In trying to find her fork-sister, Krina is also trying to find a certain financial instrument, one that becomes clear as the story unfolds.  Along the way she encounters religious zealots (spreading the flesh of humanity to the stars), pirates, Queens and cops, and more.

As I finished Neptune’s Brood, I had a real sneaking suspicion that I’d read the book before, which is either me pushing my impressions upon it, or a real reflection of Stross’s tendency to mash things up.  It finally struck me that Neptune’s Brood felt a lot like Neil Gaiman’s Stardust in pacing, complete with pirates who are more than they initially appear.  The pirates are almost like… well, the closest comparison I can come up with is Morpheus and his crew from The Matrix.  It’s a bad comparison, but I think it relays tone.

This isn’t Stross’s first rodeo, and the book is well written, tightly paced and generally well built.  The heroine is likable and relatable, and although she narrates the story largely from her perspective (so we know she gets through these scrapes), there’s still some tension.  The ending is satisfying, though it leaves the reader wondering about its impact on the greater galaxy and the characters we’ve met.

If you like space operas, and especially if you like finance, Neptune’s Brood is easy to recommend.  I’d probably read Saturn’s Children first (ignore the cover), because I think it’s probably a bit more ambitious and sets up the rules of the world more completely.  They aren’t really connected beyond sharing the same galaxy, though, so feel free to jump in here.

Developer Resources: Programming & Computer Science Books

June 27, 2013 at 10:35 am (2 Comments)

One of the things those of us who don’t go through a traditional computer science program miss is a strong foundation in the hard science of computers.  I don’t have a really strong algorithm, programming language design, or compiler background, but I want to learn.  A few months ago I was geeking out with Rajeev Pandey, one of our Distinguished Technologists at HP Cloud (and all-around great guy), about how programming languages are like human languages and how they color our perceptions of the world.  Rajeev mentioned that he could probably come up with a list of the top 5 programming language design books he’d read, and I jumped on it.  I got that list from him a few weeks ago, he said it was fine for me to share it, so here it is on Amazon.  I’m especially interested in reading The Recursive Universe and The New Turing Omnibus.  Enjoy!

Dropping Up: A Life in Tech Without a Degree

June 27, 2013 at 10:22 am (2 Comments)

I never went to college. I wish I could say that it was entirely intentional, that I knew exactly what I was going to do after I graduated and followed that plan, but that isn’t how it happened. The real story is a lot less romantic. For those thinking about switching careers, or standing at the threshold of ‘real life’ and unsure what to do, it might hold some lessons, so let’s get started…

What really happened was that I was exhausted by school, terrible at working on things that didn’t have an immediate impact, and didn’t really get how the college application thing worked. My family has never been big on debt, and with the grades I had (from being terrible at things that didn’t have an immediate impact, like homework), I certainly wasn’t getting a free ride. I wanted a break, I wanted a chance to do real, practical things. The only problem was that I didn’t know what those real things were, and didn’t know anyone doing them.

Find an Open Door

Scanner SelfieIn 1995 when I graduated high school the most exciting things were happening on the Internet. I’d learned a little HTML after getting online in 1994, but the web was still very much a “We’re trying to figure things out” space. Spaces like this are great, because even if you don’t have tons of experience, there isn’t a huge pool of best practices already to get up to speed on. I connected with some folks who were starting an Internet Service Provider in late 1995. This connection was something of a fluke, someone I knew from church. These days there are much better networking options for technology, but never turn down an opportunity.

Fortunately I had some useful knowledge about how to get MacOS machines online. It wasn’t a lot, but along with the HTML skills it got me in the door. These days the equivalent of that knowledge might be Photoshop skills from making LOLcat gifs, video editing skills from making meme mashups, some hardware skills due to school MindStorms programming, linux administration from running a Minecraft server, or social marketing skills from running a popular Twitter account, Tumblr blog or Facebook page. Anything that’s hard to master in a few days can get you in.

Don’t Expect it to Pay

When I first started doing Mac tech support for that little ISP in San Marcos I made a little over $200 a month. That isn’t much money, but it put gas in the car and put me in a position where I could play with the toys. Your job, once you have toys to play with, is to play the heck out of them.

iTouch.net NewsletterIn the first 6 months after I got my ‘job’ at the ISP, I built them a web site (you can still see it here) setup San Marcos’s first quake server, created Austin’s first streaming radio station (I registered mix947.com in February of 1996, and got the streaming working with a demo license of Real Media Server for BSDI and an old shop boombox), created a weekly user newsletter, started weekly user meetups at the shop, and even got involved with the local Internet Users Group at the library (which I ended up running).

You only do those kind of things if you’re in a space where there are no conventions or expectations. When there aren’t any streaming audio stations, setting one up with a 5 stream limit isn’t a deal-breaker. When all your users are early adopters you don’t need a marketing expert to write a user group email. You just do it. Luckily the ISP was run by Chad Neff, a great artist and stalwart defender of the user. He encouraged me to try things, and was my first great mentor in technology.

Hold on Passionately, but Loosely

I Fight for the UsersAn early, hard lesson to learn is when to let go. I didn’t let go of that job well, and though there were extenuating circumstances, and more people than just me were caught up in it, it made my life really messy for a few years. When you’re in the middle of the job, fight for the users as hard and as passionately as you can. If you aren’t creating things for someone, it’s a waste. Whether you’re knitting hats or writing tweets, you’re doing it for someone. Strive to make them as happy as possible.

Conversely, you have to know when it’s time to go. All things come to an end, and being able to sense that end and depart gracefully is a skill. Learn it. If you’re going into tech, read founder stories, especially the stories from founders who get kicked out. There’s a shift at each phase of a project or company life-cycle, from startup to growth and growth to long-term maturity. Finding out which phase you fit into best is important, as is being able to sense when that shift is coming.

Aside: Do you like to experiment, throw things together and see what sticks, with little heed for long term consequences? You’re probably startup minded. Do you like some stability, but enjoy seeing success build, working long nights to land the next client? Maybe growth is your bag. Are you risk-averse? Do you like long-term stability, dependable processes and maybe even enjoy corporate politics and intrigue? Then maybe you want a project in its mature phase.

Also, strive to recognize when things are heading for the toilet. There’s some honor in being the last one to turn off the lights and lock the door, and I’ve done it more than once, but it’s rarely the best thing for a career. Try and step back once in a while and assess things from the outside. Get some opinions from people you trust. Do right by your users, but recognize that not every situation is salvageable.

It’ll Be Embarrassing

Not a German design school

Not a German Design School

For a long time I had a vision for starting a web design firm like Vivid Studios, a bay area web design shop that had the mid-90’s Wired techno-punk aesthetic nailed. It was a techno rebellious company producing amazingly creative, cutting edge work for great clients, and I wanted to be just like that. Unfortunately I was in San Marcos, Texas, not San Francisco, California, and I didn’t know anything about running a business, much less a hip design business. I didn’t know Bauhaus from an outhouse, if you know what I mean.

I carried that dream around for a lot of years, wanting to belong in a group of smart, forward thinking creatives. The dream took a lot of different shapes, and matured as I did. The first attempts were… laughable. In 1997 I started doing business as 57th Street Productions (yes, we apparently offered ‘innovative thinking’ as a service), which in 1999 became 57th Street, Inc. 57th Street lasted a year and a half before ceasing to be.

Aside: A while ago I’d read something that said you can find a lot out about a person by how they view their youthful mistakes. People who think ‘look at me, I was so stupid’ versus people who think ‘look at me, I was so cute’. People who realize that youth and inexperience is a perfectly valid excuse for shortcomings are more likely to grow and be happy than people who judge themselves harshly. Don’t be down on your past. Everyone has been the fool. Don’t settle for that being the whole story, though.

When you read stories about Bill Gates or other tech luminaries starting companies in their 20’s and being wildly successful, what you don’t read is about the support networks they had that made it possible. You don’t hear about the people they knew who had business experience, the years they’d had access to computers in their teens, the contracts they’d gotten due to flukes. When you don’t know how to get from point A to point B in business, don’t assume you can just muddle through. Go out and read some business books. Realize that if you don’t know people who need your services/product/etc, you can’t make money. Realize that if you only have one of these clients and don’t have any way to find a second, your business isn’t really a business, it’s just a relationship. Go find people who run real businesses, and get them to teach you the ropes. Ask them how they find clients, especially if they’re in a business similar to yours (say, physical engineering services to technology consulting). If you can’t sell your product for more than it costs to make, again, no business. You don’t need an MBA, but you need to know how to balance a checkbook, forecast earnings, pitch a client, close a deal, and make a profit.

I ended up doing some things I’m not really proud of at 57th Street in the hope of forcing that Vivid Studios dream into reality. I made some bad decisions (hiring people for personal reasons, not diversifying the client base, not making enough connections), and the only reason we made it as long as we did was that it was hard not to make money in technology in the late 90’s. If you’d like to get a taste for my embarrassing phase, you can check out these two tours, one from my ISP days at itouch.net, and one from my days as 57th Street, Inc.

You’ll Get a Break

Cory and JonWhat seems to happen is that eventually, if you keep plugging along, you’ll get a break. It will almost always be a result of some risk you’ve taken, or avenue you’ve explored. If you’re well connected, I guess it could be a connection your parents or buddies have, but that wasn’t my experience. In 1997, after joining The WELL, I met Jon Lebkowsky. We got into an online discussion about FreeNets, something I was interested in from my connection with the San Marcos Internet Users Group, and ended up having lunch at the Waterloo Ice House. We ate at the Ice House because it was next door to Jon’s gig at the time, Internet Guy at Whole Foods Market.

Nearly everything that has happened since, I can trace back to meeting Jon. Jon was having some trouble with Whole Foods in-store kiosk system. They were Windows NT Workstation based PCs with touch screens that browsed an internal web site in a locked-down browser. They were always breaking, stores shipped them back to WFM Central, and they had to be fixed. Jon needed someone to do the fixing, and I took the job. Your break may not be glorious. For me it was a windowless room fixing and re-imaging Windows NT machines, but it was a foot in the door at a company that had real enterprise-level problems, and even better, I got in at a very unique time.

Don’t Be Afraid to Go Up

My time at Whole Foods, in retrospect, was very strange. I’m sure some people have had similar experiences in other places, but now that I look back on it, it was kind of crazy. I think, though my memory is a little foggy, when I started working contract for Jon on the kiosk project I was making about $15/hour doing run-of-the-mill PC maintenance. Over the next 3 years my rate ended up peaking at something like $150/hour, and I was on a 40 hour a week retainer. Somewhere near the end the CIO of Whole Foods Market asked me into her office and offered me the chance to rebuild their programming team, hiring whoever I wanted. I was… 22. So, it’s a weird story.

Whole Foods SelfieI think my experience at Whole Foods comes down to two things. One, the luck to be in the right place at the right time, and two, never saying no to a problem. When I started on the kiosk project I was just re-imaging systems, fixing ones that were broken, and shipping out the replacements. That’s $15/hour work. Eventually the vendor that was supplying our keyblock software (so you couldn’t get out of the browser and break the machine) disappeared, so I offered to write a new one. I’d never written Windows NT device drivers before (or really any C code), but you don’t know you can’t till you try. Once you’re maintaining source code you’ve suddenly become more than an IT tech, and I think my rate bumped to $35/hour.

Now comes the right place/right time side of the story. This was in 1998. The Internet was hot, E-Commerce was boiling hot, and all the sharp programmers who’d toiled away for years on awk scripts and maintenance software wanted to go do the hot new thing. Whole Foods Market started WholeFoods.com, and nearly all the programmers from inside of Whole Foods left to join it. This left a gaping hole in the company that was being filled by one person.

Simultaneous to this exodus I, too, was exploring the job opportunities at WholeFoods.com. They made me an offer for $35k a year, and after verbally accepting it, I drove over to Whole Foods to get some dinner. In the parking lot I ran into Mark Mills, that one guy holding closed the gaping hole in internal development. While swinging around a pole in the parking lot, Mark gave me my next big break. Come to work for me, he said, and I’ll pay you $85/hour contract full time. You don’t have to be great at math to know that’s a lot better than $35k/year, so I declined WholeFoods.com’s offer, and went to work for Mark. Sometimes the opportunities are obvious.

You Have Potential in Others Eyes

When I joined Mark on the programming team, I was not a great programmer. I wasn’t even an ok programmer, but Mark, like Jon and Chad, must have seen potential, so he gave me problems to solve, and let me solve them. He gave me advice, showed me some tricks, and let me do things how I needed to do them. Mentors like this are great, seek them out, cleave to them, and strive to be like that when you’re in a position of authority.

After a few months of building data exports, Mark left Whole Foods as well. And then there was one.

Again, this is a right place, right time story. I had web skills, sys-admin skills, network skills and programming skills, and was in a large company with no internal programmers. Over the next few years I was able to build a suite of web applications (job posting, CMS, inventory management, document management, etc), working directly with the teams who would be using them, without any real technical oversight. I like to think that I did a good job, but I suppose that isn’t for me to judge. I just know that they were still using some of those applications years later, and the people I worked with always seemed happy to see me.

WFM TMNOnce you get an opportunity to work on projects, it’s a chance to prove yourself and get experience shipping real product. During this phase I never had a project cancelled, I always delivered them on time, and I supported them myself. Strive to be the best, work professionally, and treat your users and customers how you’d want to be treated. You’ll make mistakes (always compress uploaded documents in a document storage system, your network storage admins will thank you later), but you learn from them.

Surprisingly, during this phase I even got called back in to WholeFoods.com (and later WholePeople.com) by Jon to build some integration software with Yahoo! Store, and managed to deliver in a few weeks what another consulting firm said wasn’t possible. This is your ‘don’t know it isn’t possible’ phase, enjoy it. Work your butt off, learn as much as you can, try new things. Responsibility comes next, and it’s a bear.

Out of the Garden

Eventually the gravy train ends. Whole Foods Market’s CIO offered me the job as lead developer, and the opportunity to hire anyone I wanted to rebuild the programming team. My life would have been completely different if I’d accepted, but I couldn’t in good conscience. I was 22. I didn’t really know what I was doing, but I knew I didn’t know what I was doing. I didn’t really want an employee gig. I turned her down.

The next few years heralded the popping of the dot-com bubble. I drifted away from Whole Foods Market as they hired programmers internally, though I kept maintaining the systems that ran the WholeFoodsMarket.com web site until they replaced the entire thing in the late 2008. From the time we launched it (on time) in 2000 to 2008, it was powered by the same Apache Server-Side Include based architecture, running on a single Sun machine.

Polycot PieAfter WholePeople.com imploded with the dot-com bubble, Jon Lebkowsky and I started talking about starting a web consulting company. Visions of Vivid Studios started dancing in my head. I even managed to rope my buddy Matt Sanders into joining us. Together we founded Polycot Consulting, and started learning all those business lessons the hard way.

Remember how I said that a business with only one customer and no way to find more isn’t a business? That was us at Polycot. We spent a lot of time in the wilderness, trying to find work in the post-dot-com rubble. It wasn’t easy. We learned a lot of lessons the hard way. A few of them:

  • You can’t pay your rent with leads, you can only pay your rent with paid invoices.
  • There’s a difference between the things you want to get the job done and the things you need to get the job done.
  • Doing cheap jobs for ‘exposure’ is a trap. You will end up just doing cheap jobs, and your customers will expect the world.  Our CPA once told us that Pro Bono work was a great way to get other work, but the other work will always be Pro Bono.
  • Corporations view the world differently than non-profits and mom-and-pops. Don’t ask a Fortune 500 if they want to pay $100 extra for a life-time license of some software you’re using, that isn’t real money to them.
  • You need someone who knows how to sell. You can evangelize a product, but you have to sell consulting.
  • Make a product, and make sure that everyone’s willing to put the time into it. Better yet, make a bunch of products. When you’re scraping by on hourly work it’s easy to say ‘this doesn’t pay, I’m not going to do it’, but look at it this way: Each of those products is a learning opportunity, and in consulting, if you don’t learn you die. One might even make some money.
  • Evangelize your successes. Write up each project that you do. Publicize the heck out of it. If you did something awesome and no one knows, it doesn’t matter.
  • Recurring income is what keeps consulting businesses afloat. Just because you, as a scrappy developer, think that support contracts are a ripoff doesn’t mean they are, and if they didn’t exist, most of the things you like wouldn’t, either.
  • Running a business is crazy hard, most of them fail, if yours doesn’t, good for you, but be open to the possibility that it should have.
  • Realize that you could very well be doing work in technology for the rest of your life. Take every opportunity to learn a new thing. The more you know, the more valuable you are, and in the end…
  • You are your product.

The Soft, Cozy Womb of Corporate Life

One upside to doing a bunch of projects for a bunch of people is that we met a bunch of other technology people. I did a few projects for Mitch Kapor (of Lotus fame), we had Matt Mullenweg in our office before WordPress got huge, I worked with the guy who designed Google+ on a project, and some guys we worked with are behind SB Nation, The Verge and Polygon. Once you meet smart people and show them you’re a decent sort of person, other doors start to open. These doors are sometimes soft, inviting, and open onto worlds of bureaucracy and 401k plans.

TechConOne of the last projects we did at Polycot before the founders went their separate ways was MindBites. MindBites is a video commerce platform, and after we built the prototype, we migrated the customer to a company called Squeejee for ongoing development work. A few years later, some folks from Squeejee would end up at Hewlett-Packard, brought in to spearhead HP’s push into the public cloud space. They would bring on Matt Sanders, and thanks to the good impression I apparently made, me.

I’ve been at HP for two and a half years, and I’m finding that a lot of the lessons I learned earlier still stand. Namely:

  • Look for a space where people believe in forgiveness over permission. Then do what you feel needs to be done.
  • Look for smart people and learn from them. Communicate. Converse. Network, even if it’s hard.
  • The people above you want solutions, so when you’re presented with a problem, come up with one, and do it.
  • People in the corporate world are used to passing the buck and bureaucracy They are impressed by responsibility and rapidly delivered solutions.
  • Take credit when it’s due, share it when it should be, make sure contributions aren’t overlooked.
  • Don’t let yourself get stuck. Corporate life can be a trap. A slow moving, slow progressing trap. Always be on the lookout for the next spot, the way to gracefully exit, the new problem. This counts double if you’re a startup phase person.
  • Many (most?) corporate projects get the axe eventually, some before they even ship. Don’t take it personally. Try to lead the inevitable downturn. Play from a position of innovation. If they want to kill it, be the person proposing the exciting new possibility.
  • Take every opportunity the company offers to learn, present, meet, train, etc. Just because you got a job doesn’t mean you get to stop hustling. Again, the cardinal rule is…
  • You are still your product.

Fill in the Gaps

One thing I’ve come to realize, the longer I’ve worked in tech, is that the knowledge space is huge. Enormous. There’s no way to know everything. There are entire fields you haven’t heard of, entire ecosystems that have existed for years that you know nothing about. Your job in improving your product (yourself) is to fill in those gaps as much as you can. It’s better to be a generalist than a specialist. It’s better to know two programming languages than one, and better to know three than two, especially ones that compliment each other, like Python, Javascript and Go or Ruby, Javascript and Node.

If you’ve focused on the frontend, do some backend tutorials. If you’ve done HTML and CSS, try Drupal or Django or Rails. If you’ve done databases and integration projects, do some front end stuff. Look at jQuery. If you’ve done just web stuff try loading up a server, setting up backups, and installing software. If you’ve done server stuff, try creating some HTML5 Twitter mashups. If you’ve only done sites for a small set of users, go big, pull down some giant Twitter datasets and start playing with R and Hadoop. If you’ve used imperative scripting languages, try functional ones. If you’ve mainly done P-languages or Ruby, try Lua or Go or TCL or LISP. Write a compiler. Do some computer vision projects. Hack on Arduino or the Raspberry Pi. Write an Android app. Go outside your comfort zone.

As to how deep you get with these things, here’s an arbitrary rule of thumb I just made up: Learn enough that you could give a 45 minute talk about it. If you’re single, learn a major new thing every quarter. If you’re married, every 6 months. If you have kids, especially little ones, every year. Adjust as you see fit.

Above all, don’t beat yourself up if you find yourself behind some imaginary curve. If you’re 35 and only know Java, that’s fine. That’s great! There’s tons to learn, and it’s going to be crazy and exciting and you’re going to look at technology in an entirely different way. If you’re 50 and think you’d really enjoy this, there’s never been a better time to learn, and it’s never been easier to get from nothing to a working product. Try one thing. Pick one of these things that interests you, and spend a weekend on it, if you can. Commit to just getting one thing working. If you can relate it to your job and do it on company time, all the better. If you enjoy it, keep going.

Life Without College

So, I may have strayed from my original point about college. There’s a maxim I’ve heard that goes like this: Your degree gets you your first job, and after that it’s all about the work you’ve done. For people who don’t go to college, the trick is getting that first job, and filling in anything you may have missed by not going to school.

Look for under-saturated specialties. It isn’t a great time to get into small business web design. That ship has sailed to custom WordPress themes.  If the web really floats your boat, get into Drupal, but don’t stay there forever.  Technology moves, albeit sometimes slowly.  Mobile development was ripe a few years ago, but making a profit in it is really hard.  It’s a good skill to have, but a hard market to compete in.  Look at things like RubyMotion, to get your feet wet.  There are opportunities in DevOps (a fancy word for programmers who deploy their own code into production), big data, personal and business clouds, personal analytics, and integrated Internet enabled devices.  There are always jobs to be had in enterprise software.  Tech companies introduce software to solve new problems, so look at the announcements that are getting a lot of buzz.  CloudFoundry had a lot of buzz, and now Docker is really hot.

Getting your first job:

  • Find something you feel excited about (programming, networks, server administration, HTML, design) and do a bunch of it. If you’re a lecture-learner, watch videos. If you need practical applications, ask people for ideas of projects. If you have collaboration skills, pair program.
  • Meet people. Go to Meetups. Join online groups. Listen a lot. Don’t be afraid to ask questions. Follow the rabbit hole down. Don’t be afraid of not understanding. The pieces will fit with time. You have to practice, though. You have to actually write code, create graphics, code web pages.
  • Share what you’ve learned. If you can teach it, maybe you’ve learned it.
  • If you’re programming, share your code on GitHub. If you’re creating videos, post them to YouTube and Vimeo (I partied with those guys once, they’re cool, but New York-trendy).
  • Ask for feedback, don’t expect it to be glowing. Don’t try and change everything, but internalize what you get. You’ve created something, don’t doubt yourself. The goal is to get better, not to be perfect.
  • Talk at meetups with people from companies you respect. Look for open doors, even if they aren’t exactly what you want. Expect to do a lot of hard work that isn’t glamorous and isn’t fun. It’s better to do less fun work at a company you love than cutting edge work at a place you hate.
  • Get some experience doing contract jobs, say, on oDesk. It will suck. You will hate it, but it will teach you about shipping code, supporting code, and dealing with clients.
  • Technology managers rarely care about the jobs you’ve had, and almost never care about what school you went to. They care about the work you’ve done. When I’m hiring now, education is nearly irrelevant. How you spent 4 years as an immature post-20-something is nothing compared to how you spent the next 5 or 10. Google seems to agree. Google has teams where 14 percent of the folks never went to college… Google!
  • Hierarchical academic environments still exist (HP Labs is really oriented that way, I’ve heard), and are probably places you want to avoid. Most places like this have a reputation for being so. If you ask around, you can probably get the skinny.
  • If the opportunity appears, jump on it.

Once You’re In:

  • Never turn down an opportunity to do something that excites you.
  • Find a mentor, someone who shares your interests and has experience. Don’t go crazy with their time, but don’t underutilize them. People who’ve been around for a while want to share what they’ve learned, but they want you to show initiative.
  • Find excited, cool people. If you’re in a corporate environment it can be easy to get depressed. Don’t be an antagonist. Be the person you want to hang out with. The future is wide-open and unknown. The present is temporary. Always be dreaming.
  • Take advantage of learning resources and your newfound credibility.
  • Watch for the phase changes. Be sure you’re where you’re most productive. Seek out managers who understand that personality fit, and strive to keep you there.
  • If you get hired with no prior tech experience, you probably aren’t going to make much money. Work on your skill set, network, and realize that you may need to join a different company to work your way up the salary ladder quickly. Learn to negotiate salary. Google it. It’s important.

Once You’re an Old Hand:

  • Share your knowledge.
  • Protect those below you.  You’re experienced and have tough skin, sometimes they don’t.  They need to know the realities, but they may not need to know how the sausage gets made.
  • Look for people who need mentors. Encourage them. Connect them with things you think will help them.
  • Take the time to learn about the people you work with. Everyone has a story. Maybe they didn’t get a CS degree. Maybe they’ve had similar challenges. Maybe they have an amazing background or skill you knew nothing about.
  • People come into technology with different skill sets There is no such thing as the complete programmer. Look for your own gaps and those in others, and figure out ways to fill them.
  • Lead by example. Do good work, don’t be a jerk, and treat everyone with respect.

A Few Last Notes

Getting Started EarlyIf I’ve learned anything in the last 15 years of being in technology, it’s that patterns repeat. I’m sure there will be changes in the future. Once you have kids, your desire to really jump on those transitions may start to slow down, but in the end they’re what a career is about. I’ve been fortunate to meet some very smart people inside HP who’ve been there for 30 years or more. They started out on calculators and are now in cloud. Maybe I’ll start in the web and end up in synaptic AI. Maybe that’ll be at HP, maybe it’ll be somewhere else. There’s always something new to learn, and there’s always that product of ‘you’ to work on.

If anyone reading this is looking for specific advice, needs a mentor, or would like some feedback, let me know. A lot of very gracious people have given me a lot over the years, and I want to pay it forward.

Dwarf Fortress, Facebook, Big Data and the Search for Story

June 14, 2013 at 11:00 am (5 Comments)

Last night after driving home from the Austin PyLadies meetup, my wife sat in our driveway for 20 minutes listening to the end of an episode of WNYC’s Radiolab.  Later, after we’d headed to bed, she spent another 20 minutes retelling the story to me, minus Radiolab’s flourish and production.  The story was still interesting second hand, and comes down to this (I’ll wait if you’d like to go listen to the episode of Radiolab, I’m sure it’s excellent):

Two people discover hundreds of letters from WWII on the side of Route 101.  They’re from soldiers replying to a woman on the homefront.  The soldiers call her mom, but she isn’t their mother.  The two ask around, no one knows anything about them.  One of them, a creative writing professor, ends up using the letters as projects for his students.  He gives them a letter, and their task is to create a story around it.  A soldier, a woman stateside, an unlikely connection.  The other discoverer wants to track down relatives, she wants to uncover the truth.  She ends up discovering it, but he’d rather not know.  He wants the possibilities.

Even told second hand, the story stuck with me on a meta-level.  There aren’t a lot of things that would make my wife sit in the car in the driveway for 20 minutes listening to the radio, but a good story is one.  We love stories, we love it when they’re well crafted and well told.  But we also love the possibilities of them.  Sometimes we don’t want the truth, we want magic, we want to dream the dream of what could be.  Sometimes the truth can’t exist, and the closest we can get is a dim outline of it.  Sometimes the dream is better.

The Promise: Stories that Tell Themselves

A few days ago I ran across a blog post by Tynan Sylvester, a designer on the game Bioshock Infinite.  It’s all about the dream of simulations for game designers, how we think that by creating more and more complex systems, we might eventually build a system that is complex enough to manifest stories.  Austin Grossman’s latest novel, YOU, is about that, in a way.  The protagonist is a game designer and the antagonist is just a manifestation of some long-running game rules.  As game designers, we want to design games that surprise us.  That’s the ultimate payoff, to build a game that entertains you, and not just a twitch game that is enjoyable for its mechanics, but a game with stories compelling enough to sit in the car in the driveway for 20 minutes at 9 o’clock at night.

Lots of game designers have tried to do this. Tynan talks specifically about systems in early versions of Bioshock where the player would have to play autonomous bots (splicers, gatherers and protectors) off each other to progress.  They hoped that amazing, emergent gameplay would be the result.  In the end it didn’t work, and the game moments that they’d hoped would happen spontaneously ended up being heavily scripted.  Players crave story, but that story can’t be left up to their persistence and chance, especially when creating a commercial title.  In that environment, a great story has to be guaranteed.

Dwarf Fortress: Madness in Text Mode

There are a few notable exceptions to this principle, and they’re mainly smaller games driven by singular minded creators.  The best example of this is Dwarf Fortress, a massive and inscrutable simulation game where the the player takes on the role of an overseer, and the titular dwarves are simulated autonomous entities inhabiting the world.  Dwarves have names and hair colors, what Tynan calls Hair Complexity, things that add perceived simulation depth without effecting anything else.  (When was the last time you played an RPG where a plot point hinged on your hair style?)  They also have more integrated systems like hunger and social needs.  They have personalities, they get sad, and sometimes they go crazy.  The dwarves live in a randomly generated world, so your game isn’t like my game, and even my second game won’t be like my first.

Dwarf FortressDwarf Fortress has a very dedicated core following, and one of the reasons is that it really lives at the edge of apophneia, the experience of seeing meaningful patterns emerge from random data.  At the core of Dwarf Fortress is a collection of rules governing behavior.  A dwarf without food will eventually starve.  A dwarf without personal interaction may eventually go crazy.  Dwarves are scared of wolves.  Dwarves exist in a world generated fractally, a world that feels real because it mirrors patterns in nature.  Therefor, as more and more rules get layered on, and more and more people play more and more games and get better and better at creating experimental mazes for these digital rats to play in, stories begin to appear, or so we perceive.

Two of the most famous stories to come out of Dwarf Fortress games are Boatmurdered, the tale of an epic game played out by members of the Something Awful forums in 2007, and Bronzemurder, a beautiful infographic-style tale of a dwarf fortress and a terrible monster.  Go read it, it’s great.

Dwarf Fortress didn’t generate these stories, though.  People played the game, sometimes hundreds or thousands of times, and while gazing into the mandala of the game, they nudged and pulled the threads of the world and created stories based on the events that occurred there.  Dwarf Fortress isn’t a windup toy, it’s a god-game, and the players impact on the game world is more than negligible.  The stories generated there are as much created by the players as by the game.

I Fight For the Users

While my wife was out at PyLadies last night, I coincidentally watched TRON: Legacy.  It occurred to me as I was thinking about writing this post, that it’s a movie about this possibility: The dream of a world inside a computer, a world created by a brilliant programmer, a world that once set in motion can create stories, unexpected events and enthralling narrative.  The creator steps aside, and no longer controls the game from the top-down.  The creator becomes a god among men, watching things unfold from their level.

Tron: Legacy - Quorra

In TRON: Legacy, the magic of digital life comes in the form of Quorra, the last of the ISOs, Isometric entities that appear spontaneously from the wasteland of the computer.  Digital DNA, digital life.  Enough rules, enough circuitry, enough care and magic happens.  That premise is exciting, and to programmers it’s intoxicating.  For those of us in the digital generation, that’s the dream we live with.  That’s what we keep trying to make happen wherever we go and whatever project we work on, be it big data or software bots.

But the lone programmer, no matter how brilliant, and working for no matter how long, can only produce so much code.  Stories from one person only grow so far, only change so much, and rarely surprise and enthrall.  Dwarf Fortress as a dwarf isn’t a game most people would play.  It’s hard to see the overall story, and the game isn’t good at presenting it.  But if there were more players…

EVE Online: More Interesting to Read About Than to Play

If it’s possible (albeit insanely difficult) to have stories appear in a single player game, it must be easier for stories to manifest in a multi-player game, right?  Games like World of Warcraft have largely fixed, planned out stories.  It comes back to the challenge that Bioshock had, complex systems are exciting to designers, but players want immediate story gratification.  Complex systems take dedication to understand, dedication most players don’t have.  When new multiplayer games are announced they sometimes hint at players making a real impact on the world, but those systems usually fail to live up to the hype.  The latest game to promise this is The Elder Scrolls Online.  We’ll see if they can do it.

One game that does this and thrives is EVE Online.  EVE is a massively multiplayer online space combat simulation, one that spans an entire universe.  It’s possible to play EVE as a loner, but it’s also possible to align yourself with a faction, and have your small efforts merge with hundreds or even thousands of others to build armadas and giant dreadnaught ships, to control entire solar systems and even galaxies.  The designers and administrators of EVE take a largely hands-off approach.  They don’t want to kill the golden goose, so they design the game for balanced conflict, and let the players sort it out.

EVE-Online-Battle-of-Asakai-3Every once in a while something epic happens in EVE, either a massive fraud, an invasion a faction planned for months, or a random accident that led to a game-rebalancing war.  There are battlefield reports, and once the space dust settles, people start to put together a history, and an accessible storyline appears.  Here are a few great EVE stories.  More people probably enjoy the reports of epic battles in EVE through these stories than actually play the game.  To quote a MetaFilter comment thread: “This game sounds stressing as hell if you really play it and not just dither around. Fascinating to read about, however, almost like news from a parallel universe.

You could say that EVE is a computer program for generating stories, and in fact the’ve even made a deal to do a TV show based on player stories from the EVE universe.  Except again we find that that EVE isn’t the thing generating the stories, EVE is just a place where the stories happen.  To a player only experiencing the events inside the game it may seem mysterious and amazing, and it certainly is to those of us who read about the events afterwards, but it’s really just a sandbox.  People play pretend with enforceable rules, but you can’t separate a story that happens inside of EVE with the real life stories that happen outside of it: The scheming that happens on IRC or in forums, the personal vendettas, the flexible allegiances  and the real-world money that flows through the system.  There’s no way to watch something occur inside of EVE, and even if you had perfect clarity on everything that happened inside, have any way of knowing for sure what really caused it.  If you take away the players, the legions of dedicated fans scheming and plotting, you just have an empty universe.

Facebook and the Timeline of Truth

I think a lot of web developers secretly wanted to be game designers.  Becoming a game designer is difficult, there aren’t as many jobs and the hours are terrible.  Instead we build web sites, but we’re building systems too, and we want to tell stories.

I joined Facebook back in April of 2006.  I had a @swt.edu address from Southwest Texas State (now Texas State University) from an extremely brief stint (sub 1 day) as an IT staff-member, so I got in a few months before they opened it for everyone.  Getting into a new, exclusive social network is a bit like finding a new simulation.  We hope the software can tell us new stories, that it can make some sense of the data it has.  With Facebook the promise was that if it collected enough information about us, it could tell us that magical story.  That’s what Timeline was supposed to do.  Give Facebook enough photos, enough checkins, enough friend connections, enough tagged posts and it would be able to tell the story of our lives.

Facebook Timeline

In the end, though, Timeline doesn’t tell you a real story.  It reminds you of stories you’ve heard and experienced, but Facebook is only a dumb algorithm working with imperfect data.  It’s smart enough to target ads, but it can’t understand the meaning, and it can’t remix the data in really compelling ways.  It can’t be Radiolab.  Most of the time the prioritization it comes up with I just want to turn off.  Its attempts at story are so bad I’d rather use my own organic cognitive story filters.

With every new Facebook feature announcement, with Google+ or the next thing that processes all your activity, the promise is that the system can get better at telling those stories.  We want to believe it will happen.  We want to believe that a couple thousand web developers and a couple billion dollars could create a story machine, but I’m not sure it can.  I was reading an article about HP’s R&D budget the other day that said Facebook invests 27.5% of revenue in R&D, a larger percentage than any other company they tracked.  You can bet a good chunk of that is going towards the search for story, in some form or another.

Weaving a Web

I’d be remiss if I didn’t mention Weavrs at this point, since they are essentially digital actors that derive stories from the mess of social media.  Weavrs are designed specifically for apophneia, they produce content one step up from random, and rely on our desire for patterns to throw away the things that don’t fit.  We project stories on to them, and for a project with the limited resources that it had, it’s exceedingly good at it.

My weavr twin is posting about HP Moonshot servers.  That’s almost eerie, but it’s also posting about hockey tickets.  The story makes sense if I’m picky about the things I include, but it isn’t an internally consistent narrative.  The narrative is impressed on it by the people who see it, like reading digital tea leaves.  Your story of my weavr is different than mine.

With enough resources and time, weavrs might become a real story machine.  That’s a moonshot program, though, and I don’t know who’s going to step forward and make that happen.  Investment follows money, and right now the money is racing towards big data.

Autonomy: Billions and Billions

The lure of story, the promise of meaning from the chaos of data isn’t limited to games or the social web.  It’s the romantic beating heart of big data.  It’s the stories about Target knowing you’re pregnant before you do.  It’s what lured HP to spend $8.8 billion dollars more than it was worth to acquire Autonomy.

Autonomy’s main product is called the Intelligent Data Operating Layer, or IDOL (symbology, ahoy!).  They call the processing of information with it Meaning-Based Computing.  From what I’ve heard it’s certainly good at what it does, but while it promises Meaning from Data, and that promise separated HP from 9 Instagrams or 2,500 Flickrs, there has to be some apophenia at work here.  Just like watching solar system battles inside of EVE gives you a piece of the story and playing hundreds of games of Dwarf Fortress will result in games worth telling stories about, the system data is never the entire picture.

Screenshot_6_13_13_11_52_PMI really like Stephen Wolfram.  Stephen believes in the fundamental computability of everything.  While I love reading his blog posts, and I am interested in and admire his idea, I have to wonder how far the hyperbole is from actual execution.  Given enough computable facts and enough understanding about the structure of narrative, a perfect Wolfram|Alpha should be able to tell me stories about the real world.  But it can’t.  They aren’t even trying to approach that.  Wolfram|Alpha isn’t creating Radiolab.  They want answers, not stories.  You know what tells stories? Dirty, messy, all-too-human Wikipedia.

A Different Kind of Magic

My friend Matt Sanders works for a bay area company called Librato.  Librato is a big data startup, having pivoted from some other work to running a service that collects vast amounts of metrics and provides dashboards on top of it.  With Librato Metrics you can feed data points, set alert triggers, create graphs, and watch activity.  It’s big data without the prediction.  It promises no magic, but relies on our own.  It optimizes data for processing by human eyeballs.

The 3 pounds of grey matter between your ears is still the best computer we have, running the best software for deriving stories and making sense of data.  Librato works because it doesn’t try to be what it can’t.  Google Analytics tries to offer Intelligence Events, but more often than not, it can’t offer anything more helpful than that visits are up from Germany 34%.  You would think that by combining traffic source analysis with content changes and deep data understanding Google would be able to tell you why visits are up from Germany, but most of the time that basic percentage is the best it can offer.  It still takes that 3 pounds of meat to pull together the data and interpret it into a story.  While computers may be generating articles on company reports or sports games, they’re not creating Radiolab.

Wrapping Up

I think there’s still a lot of room for innovation here.  The Archive Project I dreamed of long ago is essentially a system for telling stories and discovering meta-stories.  Maybe someone will finally build it.  Maybe the next Dwarf Fortress will be a world that runs persistently in the cloud, a world where our games interact with other people’s games, where crowdsourced Hair Complexity snowballs until you can get lost in the story if you want to. A game where if you want to turn off a random path and follow it down to the river you’ll find a fisherman who will tell you a tale interesting enough to make you sit in your car for 20 minutes, enthralled by a narrative.

Maybe the framing of a story is what big data needs to become personally relevant.  Maybe that’s its magic trick.  Maybe narrative is the next great big data frontier.

Future Past


I sometimes wonder about the generation of kids growing up today, in this big data, analytic-driven, always-on world.  I wonder how they will embrace it, like we embraced computers and connectivity.  I wonder if they’ll have the ability to hear the prognostications of the computer, to listen to the story from the machine, and consider it a kind of truth.  To internalize it, but also keep it separate.  To know the machine knows a truth, but not necessarily the absolute truth.  Maybe that will be their power, the thing they can do that those of us from the generation before can’t. Maybe that is where the dream finally comes true.

Means of Prod-Sumption: The Samsung Chromebook

June 10, 2013 at 10:33 am (3 Comments)

Four years ago I bought a Toshiba Portege M200 off eBay.  The Portege was a neat little machine, one of the early twist-and-flip Windows tablets.  It was relatively light, relatively fast, and was well built.  Unfortunately it didn’t have a CD-ROM drive, would only boot from certain select external USB CD-ROM drives (which I didn’t have) and needed a specific Windows disc (which I didn’t have either).  After a while I ended up wiping it and loading Ubuntu on it.  I wanted to use it as a simple Web terminal, especially for National Novel Writing Month.  It was passable, but difficult to use and maintain, and eventually was lost underneath a pile of junk.

The Samsung Chromebook on an 8.5" x 11" sheet of paper.

The Samsung Chromebook on an 8.5″ x 11″ sheet of paper.

Ever since, I’ve been looking for a simple, lightweight machine to write blog posts with.  I use a MacBook Pro for my workhorse computer, but it lives tethered to a big monitor and big keyboard on my desk.  Disconnecting all those cables, dealing with a half dozen app windows that suddenly resize and are in the wrong place is enough of a pain that I just don’t do it.  I wanted something lightweight, something with a great keyboard, ok screen, wifi, easy maintainability and great battery life.

Fast forward a couple of years, and Google has introduced Chrome OS, a managed Linux OS built specifically for running Chrome and accessing Google services.  It’s designed to run on minimal hardware, and a couple of manufacturers have put together stripped down machines with Chrome OS on them.

Samsung put out one last year, an 11.6″ machine that runs $249.  It’s designed to be disposable, but it’s been the best selling laptop on Amazon since it came out.  A month ago I broke down and bought the first one off the truck at my local Fry’s.

The Hardware

Samsung ChromebookThe 11.6″ Samsung Chromebook weighs in at a svelte 2.5 lbs, and looks like a plastic MacBook Air.  It uses the same dual core ARM processor that powers the Nexus 10 tablet.  It seems snappy enough for web browsing, which is essentially all the machine does.  It boots from a 16 gig SSD, which means there aren’t any moving parts.  The machine has 2 gig of built in RAM, with no expansion option.

The screen is… not good.  It’s a matte 16×9 LCD, and has a crazy low resolution.  The pixels are so big that it’s almost… retro, and you can see faint lines between them.  It makes me feel like I’m living in a late 90’s romantic comedy when I use it, which has a cool vintage sensibility, in a way.

The keyboard is where this machine really shines.  It may not be as good as the keyboard on my Macbook Pro, but it’s big enough and good enough for serious typing.  This is the third blog post I’ve written on it, and haven’t had any complaints or issues at all with 2,500 word posts.  The caps lock key has been replaced by a search key, but you can apparently switch it back in the OS control panel.

Samsung Chromebook SD Card Slot, Headphone Jack and KeyboardThe sound isn’t great, it has some small speaker vents under the palm rests, but that isn’t what you buy this machine for.  The chipset’s graphics are fast enough to decode high def video, so YouTube works just fine.  I haven’t watched any TV episodes or movies on it, but since you have Chrome OS you won’t be running Quicktime or VideoLAN Client.  It’s only going to support HTML5 video.  No Flash.  There’s a combo microphone/headphone jack on the left side, so streaming video and audio should work just fine.  There’s a simple webcam above the LCD, but the machine doesn’t really have enough horsepower to run it.  It would work for a simple Google Hangout, but in the little testing I did, the frame rate is low.

Samsung Chromebook RearThe computer also has a pair of USB ports (one USB 3, one USB 2), and an HDMI port, though I’m not sure why you’d use it.  It has an SD card slot, so theoretically I suppose you could plug your camera’s memory card in and upload the photos to Picassa.  It has built-in WiFi, and there’s a slot for a SIM card, as the laptop comes in a model with 3G wireless.

The Experience

It’s a strange thing, using a computer that only runs a web browser.  Most people would consider me a power user.  I have a pretty customized setup, I use Terminal on my Mac all the time, I write little shell scripts to test things, I’m regularly in Photoshop or Illustrator tweaking this or that.  I use a lot of non-web applications, and I’m always flipping between them.  Not so with the Chromebook.

Samsung Chromebook Google HomepageWhen you startup the machine it asks you to login to your Google account.  That’s it.  You can login as a guest, and access the web, but it’s very, very, very tied to your Google account.  The mail button opens Gmail, the files button opens Google Drive, you get the picture.  The integration if you’ve bought into the Google ecosystem is pretty amazing.  Just type in your email address and password and voila, all your stuff is there.

You can’t install Apps on it that don’t come from the Chrome store.  There are options for installing an entire chrooted xwindows environment with something called crouton, but you have to switch the machine over to development mode.  Using development mode isn’t as simple as a key press.  When you switch from managed to development mode the entire machine is wiped and the development image is downloaded.  Any tweaks you’ve made, gone.  You have to hold down a special key combo when you start the machine, and I’d be leery of just handing the machine to someone else.  I want the Chromebook to be essentially disposable, so no dev mode for me.

Samsung Chromebook SSHThere’s a pretty decent SSH client in the Chrome OS store, so you can open multiple SSH tabs, and do whatever development work you need to do on a server elsewhere.  It’d be nice to have a really limited shell to test bits of python code, but I see how that’s a slippery slope.  Give them an inch, and suddenly it isn’t a fully managed experience anymore.  The SSH client is nice, supports colors, and is supplied directly by Google.

The machine comes pre-loaded with a cloud-syncing Google Drive app, and you can run Gmail offline.  It’s really built to be connected, though, so this isn’t a machine you’d want to take on a long trip with no internet access.  The WiFi seems good in my limited testing around the house.

As a web browser, the machine works well.  The 16×9 screen isn’t really well suited for reading long articles, but two finger scrolling with the trackpad works well enough.  You can run Chrome full-screen, which gives you enough space that it doesn’t feel cramped.  I’ve heard that if you open more than 20 or so tabs the machine will run out of RAM and you’ll need to reload those tabs when you go back to them.  I haven’t run into this problem, but I’ve read that they’re considering turning on disk-swap, which will help alleviate those issues.

The Competition

This particular model runs a dual-core ARM processor, while other models come with Intel chips.  HP, in particular, makes a 14″ model with a Celeron.  I played with one, and it feels much more like a real laptop.  In the end I wanted an ultraportable, so the Samsung was the obvious choice.

When comparing the Chromebook to other computing experiences you inevitably end up looking at cheap Windows 8 laptops, Android tablets and iPads.  When I was standing in Fry’s there were 3 options under $300, one an AMD 15″ Windows 8 laptop, one an Intel-based HP Chromebook, and then this ARM based Chromebook.  The Nexus 7 is the same price, the iPad Mini’s less than a $100 more, and the iPad Retina and Nexus 10 run $200 more.

I’ve found tablets to really shine as media consumption devices.  That’s what I use my iPad for.  The retina screen is great for reading articles and news.  For my money, you can’t really beat it for that purpose.  Windows 8 machines, and the cheaper OS X machines higher up the price ladder are way better at media production.  You can run Word, or Google Docs, or Write.  You can install software on them, you can customize your experience.  You can run databases, instant messenger apps, chat clients.  Switching between apps is easy, as is pounding out an essay or blog post.

The Chromebook really sits in the middle.  It’s way easier to write a blog post on than an iPad.  Web browsing and tab switching is probably faster, if not as fluid.  Copy and paste is a little easier.  There aren’t nearly as many native Apps as the other two options, but if you just want an ultraportable machine to write with, something that forces you to focus on the writing, and minimizes the distractions, it’s a $249 dream.

I was really hoping that Samsung would update the 11.6″ Chromebook at Google I/O, maybe bump it to a quad-core processor, but that didn’t happen.  In the end I decided that for $249, I could deal with obsolescence.  If something better comes out that I just have to have, I can easily pass this machine down to a cousin or kid.  It’s the kind of machine I’d give my mom.  There just isn’t much you can break, and it’s great at what it does.  Plus, at $249 I don’t feel like it’s a sacred object, like my Macbook Pro.  In fact, I fully intend to plaster stickers all over it.

The Personal Cloud: Innovation Happens at the Edges

June 3, 2013 at 8:19 am (2 Comments)

Personal CloudA couple of days ago I was cleaning up my recently migrated server, and ran across a directory filled with a couple thousand text files and some perl scripts.  The directory wasn’t obviously named, but after some poking around I realized I was looking at the remains of a small consulting gig from 4 years ago.  It was a pretty straightforward data mining job: There was a bunch of information on a public web site that an organization needed.  Filings or grants applications or something like that.  I needed to download it and remix it into a spreadsheet.  What should have been a really easy spider and collate job ended up being complicated by the fact that said web host had a rate limiting module setup, so no IP address could grab more than 10-20 pages every hour.  There were thousands of them.

If this problem sounds familiar, it’s similar to what Aaron Swartz was doing, and the problem that he was trying to overcome when he snuck that laptop into an MIT closet.  In my case there was no login or private, privileged access, and I was running all this stuff in the middle of the night as to not inconvenience anyone else, but the problem remained: If I’d followed the rate limiters desires, it would have taken weeks or months to grab the data.

I ended up getting around the rate limiter by using something called Tor, The Onion Router.  Tor works by sending your traffic through a distributed network of hundreds of other participants computers, anonymizing your physical and digital location in the process.  For me, that meant that I could download all the files in 15 minutes or so in the middle of the night.  For other people it means posting to Twitter or accessing dissident web sites from Syria or China or where-ever.

Running across these files reminded me of something I’ve been thinking about for a while: That what the Personal Cloud really needs to take off is an immediate problem-solving use case, and to find useful examples, we might want to look in the grayer areas of the internet.  We can talk about companies bidding for our orders VRM style or Internet of Things devices dumping metrics into our personal data warehouses, but both of those things are going to require a lot of supporting infrastructure before they’re really viable.  If you want to get a lot of people excited about something today, you solve a problem they have today, today.  And that brings me to the edges…

The Edge: Where Innovation Happens

One common aphorism shared by those in technology or innovation is that new things develop at the boundaries.  Change and chaos happens at the edges, it happens at the borders, where things mix and intermingle.  Here’s the MIT Media Lab’s Joi Ito talking about it, for instance.  MIT is a large, stable organization.  Businesses are large, stable organizations.  The Media Lab is where they meet, where they cross-populate and where the friction in developing new ideas is reduced as much as possible.  The same can be said about border towns.  New York City is an American border town.  It’s the edge between our country and a whole bunch of immigrants, both old and new.  The mix of ideas and talents and experiences creates new things.

Joi Ito: Innovate on the Edges and Embrace… by FORAtv

A lot of the innovation that happens on the edge happens in the gray area outside the strictly legal, or deep in the illegal.  Across our southern border we have very advanced drug and gun smuggling tunnels, complete with ventilation and electricity.  Neal Stephenson’s last book REAMDE was largely about northern border smuggling.  Chocolate, toy filled Kinder Eggs are illegal in this country, so people smuggle those in.  I brought some back the last time I went to Mexico, and some friends brought back a whole carton when they went to Germany recently.  In Gaza they even have KFC delivered by tunnel:

Given that innovation happens at the edges, that people solve their problems at the edges using interesting methods, and that the Personal Cloud needs some need-driven use cases in order to flourish, I think it’s useful to look at some of the ways people are using things like the Personal Cloud already for dubiously legal purposes (though the legality they’re avoiding isn’t always our own).  Perhaps by digging into what makes them compelling, and how their developers have solved those problems, we can learn something about developing Personal Clouds for everybody.

Some Personal Cloud Definitions

When looking for products that fit the Personal Cloud mold, I’m specifically looking for interesting uses of on-demand computing and networking.  Especially things that don’t inherently scale beyond the individual, either due to privacy concerns, the need to be distributed, or some other unique aspect of the approach.

A job that only takes 10% more time to run for another person isn’t a good candidate for a personal cloud, because the economy of scale is going to keep it expensive.  Running your own mail server is a bad idea these days, because your data and address can be portable (with IMAP and a personal domain) and running the spam filtering and staying on whitelists is hard.  It’s a lot better to register your own domain and let a trustworthy third party do it.  I should mention that Phil Windley has a good post about IMAP being a proto-Personal Cloud protocol, if you haven’t read it.

So, with that said, let’s look at some examples…

Tor: Anonymize All the Things

Tor OnionSo back to Tor.  Tor is built as a distributed, self-organizing network.  There are Tor nodes that you connect to, the address for which you get either by getting passed an IP address on the side, or by looking one up publicly where that won’t get you thrown in prison.  Once connected to the Tor network your public internet traffic is bounced through the network of Tor nodes in a randomized, encrypted way, and eventually finds its way onto the public internet through Tor Bridges.

The people who run Tor Bridges are paying for your traffic twice, because your connections come into their machine and then out again.  Running Tor Bridge is a labor of love, done by people who believe in anonymity and freedom of speech.  It doesn’t pay, but knowing that a political dissident somewhere can speak freely about an oppressive regime has a karmic payoff.

A few years ago Amazon’s EC2 cloud computing service started offering a free micro level of service.  You could sign up and run a really small cloud server for development or testing without paying.  It didn’t cost Amazon much to run them, performance wasn’t really great, but it got people onto their platform.  Usually people start up Amazon provided server instances to install software and play around on, but the folks behind Tor realized that they could create a pre-configured server image with the Tor Bridge on it, and let people spin those up in Amazon’s free usage tier.  They call it the Tor cloud.  You still pay for bandwidth, but if you bridge 15 Gig of bandwidth a month, your bill will only be around $3.  It’s less than the price of a latte, and you do something good for internet freedom.   You don’t have to know a lot about the cloud to set it up, you just register for Amazon Web Services, pick the image, and hit Start.  The images are pre-configured to download software updates and patches, so there’s virtually no maintenance work.  Just the kind of simplicity you need for a Personal Cloud feature.

Back It Up Or Lose It: The Archive Team

Archive TimeI’ve harped on our tendency to not take care of the things we create before.  Web sites get acquired and shutter within months.  Promises are made that users will be able to export their data, but promises are made to be broken.  Fortunately for us, there’s a group of archivists led by Jason Scott called Archive Team.  Archive Team scrapes sites that are destined for the Internet trash heap, and uploads the data to the Internet Archive.  So far they’ve archived sites like Apple’s MobileMe homepages, Yahoo Groups, and are currently trying to grab as much of Posterous as they can before Twitter drops the axe.  This may sound pointless till a few years after a company acquires and then shutters the site your mom or sister blogs at or posts family photos to, and you realize there’s no way for you to get that stuff back.

Archive Team runs into a lot of the same issues I had around rate limiters.  Yahoo! and Twitter don’t want them slurping down the whole site, they want to take the engineering resources off those projects and let them die a quiet, cost-cutting death.  To get around this, Archive Team offers a virtual machine, the Archive Team Warrior.

The Archive Team Warrior is a distributed but centrally managed web spider.  The Archive Team central server slices the archiving work up into little chunks, and the Warrior on your computer asks the server for some work to do.  The central server gives it a small to-do list of URLs to fetch, and the Warrior starts downloading those until it hits the sites rate limit.  Any data it can download, it sends back to the Archive Team server for bundling and uploading into the Internet Archive.  Then it waits and retries until the site will let it back in.

Warrior ScreenshotThe Archive Team manages the projects, and the Warrior presents a simple web interface where you can tweak a few settings and track how you’re doing.  Most importantly, it’s hands-off.  You can set it up once, and let it run in the background forever.  It manages its own software updates, and you can tell it to work on whatever the Archive Teams priorities are, and ignore it from then on.  If you have a PC sitting around that you don’t use a lot, running the Warrior is a nice way to give back to the Internet that’s given us so much.  It’s good karma, and it’s easy.

Pirate All the Things: Seedboxes

So far we’ve talked primarily about projects which give good karma, now let’s talk about a project that is often used for… not so good karma.  In 2001 the BitTorrent protocol was introduced, allowing for a (then) secure way to share lots of files in a bandwidth-optimized fashion.  Users get pieces of a file, trackers know who’s downloading the file at any one time, and clients cooperate to distribute the pieces as widely as possible.  When you’re downloading a file from BitTorrent it’s entirely likely you’ll be downloading chunks of it from people who don’t have the entire file yet, and likewise you’ll be sharing parts of the files you’ve downloaded with other people who don’t have those pieces yet.  By working this way everyone gets it faster.

Not Sure if Network Is Busy Or If They're On To MeWhile BitTorrent might have been secure once, it’s now entirely likely that your ISP knows what you’re downloading, who you’re downloading it from, and what you’re sharing back.  They can look at payload sizes, the trackers you’re talking to, traffic bursts, and pretty reasonably reconstruct your activity.  If they’re the MPAA or other pirate-hunting groups they can even run their own clients and integrate themselves into the network.  Running a BitTorrent client from your home computer and downloading anything remotely illegal is like asking the bagger at the grocery store to help you out with your shoplifted goodies.

So let’s say you’re sharing something that you think should be legal but isn’t, or you’re trying to use BitTorrent for a legal end, like sharing a bundle of book materials or distributing an Operating System or a big chunk of GeoCities and don’t have the bandwidth at home to support it.  (Or, sure, you could be downloading Iron Man 3.)  This is where something called Seedboxes come into play.  A Seedbox is a server at an ISP somewhere that just runs a BitTorrent client.  You can use them to get your torrents out to a bunch of people really fast, or you can use them to download files that you wouldn’t be comfortable with downloading to your home IP.  You can even buy them in another country, increasing the difficulty of tracing the traffic back to you.

Seedboxes are managed servers, you don’t install software updates on them, the provider does that, but they likely won’t give you much in the way of customer support.  Lots of them use a Web UI called ruTorrent, an open source frontend for the rTorrent BitTorrent client.  You don’t SSH into these machines, you probably don’t even have a server login, but you can use the web UI, and conduct your business in the cloud.

In this way ruTorrent Seedboxes are a perfect prototype for our Personal Cloud.  The providers don’t watch the servers or monitor their quality.  Privacy is implicit when you’re doing something at the edge of legality.  What they don’t know won’t hurt them as much when Interpol comes calling.  The web UIs are built for self-service.  You have a login, but the web UI is your entire management plane.  rTorrent has an Android front-end, but most people likely manage them through the web.  There isn’t any software on your home computer, just a username and password to a web site somewhere.  The data’s yours, and if you wanted to shove it sideways into a cloud storage provider, you probably could.

Points of Presence: The Personal VPN

SpoilersAs an addendum to these offerings, a sort of post-script on the idea of exploiting technologies at the edges for personal gain, I’d be remiss if I didn’t mention personal VPNs.  Tor’s good for anonymity, but what if you just want to appear like you’re somewhere else.  Say, for instance, somewhere the new season of Sherlock, Doctor Who or Downton Abbey is available for streaming 6 months or a year before it comes to your country.  (Or vice versa, where we get new episodes of Mad Men a year before they do.)  What do you do then?

The same technology that your company uses to securely connect you to your corporate network can be used to make you appear to be in the UK, or the US Midwest, or Japan, or wherever else the content is region-limited.  You run the software (likely built-in to your Operating System), and connect somewhat securely to a computer in some other country or even continent, and all your internet traffic appears to come from there.

A few years ago I was in Mexico over Christmas, and there were some really good deals on Steam’s Holiday Sale.  I have a US account, with a US billing address and a US credit card, but I couldn’t buy anything because my computer was with me in Mexico.  I ended up installing a bunch of software on one of my servers and setting up a VPN to it, just to buy some cheap games.  These days I could just plunk down a few bucks and be good to go, and a lot of people do.

A Few Learnings Lessons Learned

Users have problems, and will go to considerable lengths to solve them.  None of these services are as easy as they could be, either because they’re niche offerings (Tor and Archive Team) or because of their dubious legality (Seedboxes).  ruTorrent is a lot easier to use than it probably was, but it still isn’t as easy as using the Netflix or iPlayer iPad apps.  The Warrior is a 174 meg download that requires installing Virtualbox on your computer.  The Tor Cloud Bridge requires signing up for Amazon Web Services, and navigating their UI.  To get a VPN provider or Seedbox requires research, dealing with a company that might not be entirely legit, and really falls in the class of early adopter technologies.

Even though all this stuff is hard to use, people do it.  Seedboxes and private VPNs give people things they want.  You may not have known that you wanted to watch the new season of Dr. Who before it comes out in the US, but once you know you can, you’ll go to some pretty extreme lengths to make that happen.  Motivation can be powerful, and people will overcome serious technical hurdles if they’re properly motivated.

So looking at these examples, we can see that a Personal Cloud app really needs to offer 3 things:

1. Motivation: It needs to solve a real, immediate problem.

2. Self-Service: It needs to be super-easy to start using and offer a familiar, understandable interface.

3. Hands-Off: It needs to have software updates and easy maintenance built-in.

Any Personal Cloud offerings that don’t check these boxes may get some niche use, and may excite developers, but they aren’t going to start climbing up the adoption curve.  As you build your Personal Cloud app, keep these things in mind.  Users have needs we can solve, and we can empower them, but our solutions need to be compelling, simple to use, and simple to maintain.

Security Through Isolation

May 21, 2013 at 9:54 am (One Comment)

Yellow SubmarineThey say no good deed goes unpunished.  In internet hosting, that’s almost always the case.  For the last fifteen years I’ve had servers that I’ve given friends accounts on.  At first they were co-located machines I built by hand, then leased servers, and now cloud VMs.  I hosted friends and family’s blogs, sites for activism causes that I or friends believed in.  I’ve even had a web site of a well known Silicon Valley venture capitalist on there.

Unfortunately whenever you do that, especially whenever you hand out accounts or host web applications that people were once enthusiastic about but then moved on from, security is going to become a problem.  A few months ago while doing maintenance on the machine I noticed that an account for someone had been logging in, except it shouldn’t have been, since I created the account while trying to troubleshoot a problem that we solved another way.  But there it was, in the last login log.  Digging into that directory I realized that the password had been simple (in the heat of troubleshooting you don’t always make the best decisions for security), and someone had brute forced the SSH login.  The machine had been compromised and used as an IRC bot host.  How very 1997.

Today I decided to migrate between cloud providers.  While I could host all this stuff for free at HP Cloud, but I do some dangerous stuff in the context of my account, and it’s nice to have a stable VM elsewhere.  It’s also nice to see what the competition are up to.  I’d been hosting this VM at Rackspace ever since they bought my preferred VM provider, Slicehost, but while poking around pricing I realized I could cut my monthly bill in half if I migrated to Linode.  I’ve admired Linode’s geek-friendly control panel, ever since I tried it while designing the beta versions of HP Cloud’s.  I was also on an ancient Ubuntu 9 version at Rackspace, and this would be a good opportunity to upgrade the OS and software.

After copying all the home directories and web sites over, I did a last pass to pick up any straggler processes.  These usually live in cron jobs, so that’s where I went looking.  Lo and behold, an account I’d setup for a friends mom to host her business web site had been compromised at some point.  Another bot.  Joy.

Fortunately her web sites had long since been migrated off the server, so I was able to disable her account (and remove the stashed authorized_keys file with a bot installer in them) and a bunch of others I knew wouldn’t be used, but it really goes to show how vulnerable these machines can be.  Who knows how they got her password.  It might have been an easily crackable password, it might have been a web script compromise, it might have been an email exploit.  More than a few of these usernames and passwords are sitting in mailboxes or in saved FTP connection files on easily crackable machines.

Two weeks ago I got an email from a former client.  We built a pretty complex web site for her in 2003, lots of bells and whistles.  It’s held up pretty well, but it hasn’t had any serious maintenance work in a lot of years.  She’d gotten a call from the FBI, saying that data from her web site was circulating in Russia.  Fortunately it was just an exported mailing list, not encrypted passwords or other secure data.  In her case I think one of her employees had either an easily guessable password, or a trojan was installed on her computer that logged her keystrokes.  How do you guard against the guardians?  Nobody was thinking of two-factor authentication for small business web sites in 2003, but the next time I build one, I sure will be.

Sharing accounts on a machine, or having admin accounts into a web based system is an inherently insecure thing.  The more keys there are to a lock, the more likely someone you don’t want to have one will get one.  I created user accounts on our shared server because that’s how you did it, back in the day.  Create a user account, setup a directory for the web site, add a database for them, and let them go.  Now we have linux kernel exploits that let anyone with user level privileges become superusers.  Adding random accounts to systems and handing out the passwords is an insane thing to do.

So the only hope we can have of having any kind of security is by shrinking the permissions scope down.  When everyone has user accounts on a machine, that entire machine is vulnerable.  When everybody has a small VM, only that VM is vulnerable (usually).  Even better, give them a single-process Linux Container, like those managed by docker.io, and suddenly they don’t even necessarily need to manage dependencies anymore.

I’m sure docker has its own set of security issues, but hopefully we’re more cognizant of them now.  Don’t create unnecessary user accounts.  Use password protected SSH keys.  Don’t re-use ssh keys.  Keep your dependencies up to date.  Watch the security mailing lists.  It really starts to sound like something the hosting provider should be doing…

So I think there’s a real opportunity here for a trusted IaaS operator to create a generic Linux Containers As A Service offering.  Push down one level from VM into Process.  Bring your own docker image, buy a set amount of RAM (say, 128 meg for a big PHP or Python process) and bill by the minute. Route them inside of the machine through some kind of nginx or go based proxy, like CloudFoundry does, but a little less specialized.  Something between CloudFoundry and an IaaS VM.  Upgrades in CloudFoundry are a pain.  If I could just shuffle a docker.io image around, that’d be way easier.  Oh, and don’t sign up for too many hosted services.  Each one of those you use is like another shared account, and the more you share your data with, the more likely it is it’ll be exposed.  Build small, build focused.

So back to security.  This is a plea to all those who have friends who’ve given them accounts on servers, or people who run servers and create accounts for friends.  I know the complex password requirements are a pain at work or on bank web sites, but they’re really even more important in less maintained environments.  Nobody’s watching that shared server, keeping it water tight is a shared responsibility.  If someone creates an account for you, change the password immediately.  They won’t remember to go delete it if you end up not using it, and if they set it to something simple, there’s a good chance someone will be able to brute force it.  Don’t store passwords in plain text anywhere.  Don’t email them to people, or have people email them to you.  You’ll be happier in the long run if you don’t.  Use best practices, and save us all some heartache.

Book Review: The Rapture of the Nerds by Cory Doctorow and Charles Stross

May 10, 2013 at 9:22 pm (No Comments)

The Rapture of the Nerds, CoverI hate to admit it, but The Rapture of the Nerds is a book I thought I wouldn’t like.  It should have been a must read for me, but I waited quite a few months before picking up a copy.  It’s by two of my favorite authors, Charles Stross, creator of the Laundry books and the excellent Accelerando, and Cory Doctorow, author of Little Brother and generally good guy.  Cory’s even shown the good humor to let me bot-ify him, which is a project I need to get back to.  I was just… worried.

It may just be my religious upbringing, but the title of Rapture of the Nerds carried a ton of baggage with it.  When you couple the singularity, which has gotten beaten up a lot lately, with a religious concept like the rapture, from these specific authors, it seems like a recipe for some lets-make-fun-of-the-utopian-nerds riffing.  That’s kind of in vogue these days, so it isn’t too much of a stretch to think you could make a novel out of it.  Reading a whole novel of that really didn’t appeal to me, but it turns out the book isn’t about that.

While there’s undoubtedly a subtle undercurrent of it in The Rapture of the Nerds, what we really have is a tale of a luddite’s gonzo journey to the heart of the post-singularity, complete with mommy/daddy issues.  You could call it Boy Meets Post-Singularity World, and that would probably be more accurate.  There’s some gender morphing, militant deep south isolationist conservatism, hyper-intelligent ant farms, and bio-tech viruses.  There are also a lot of scenes in courtrooms.  All in all, par for the course for a world where technology makes anything that can be imagined happen.

The Rapture of the Nerds really reads like a looser Charles Stross novel.  His space opera titles like Saturn’s Children are usually really tight, this one’s more loosey goosey like a Laundry novel, probably the result of bouncing back and forth with Cory.  If Cory’s written much beyond-the-horizon sci-fi, I haven’t read it, so this novel seems more Strossian than Doctorowian to me.  I think some of the flavor may have bled from or to The Apocalypse Codex, as well, given that novel’s bad guy.  This book seems more brainstormed over lots of pints down at the pub than carefully planned.

There’s a lot of the third act of Accelerando here, or the first bits of The Quantum Theif, if that makes sense.  A good chunk of the novel takes place in… well… cyberspace.  There’s a love story, and a happy ending, both things I appreciate (I’m looking at you, Paolo Bacigalupi.).  It’s a lot better than I was worried it would be, though it probably isn’t either of their best.  There’s a post-singularity Lovecraftian dread throughout this book that Stross has really nailed with the Laundry novels.  In this book it isn’t so much defeated as just… survived.

If this sounds like something you’d enjoy (and I’d certainly recommend it if you like gonzo post-singularity fiction), you can pick up a copy at the usual suspects.

HP Tech Con `13: The Magic Kingdom

May 9, 2013 at 3:33 pm (No Comments)

After I joined HP two and a half years ago I started to hear tales of a magical event.  Tech Con, a technical conference for the top technologists in the company, showing off the best and brightest innovations of the year.  Moonshot servers, 3D displays, that kind of thing.  One guy on our team had gotten in on an honorable mention a few years before.  Nobody ever went to present.  Not from our small corner of HP, anyway.  But we could always dream.

To get in to Tech Con you have to write up an innovation you created, and then compete against nearly two thousand other proposals for one of less than 150 poster slots.  Out of those poster slots, fewer than 50 get speaking slots.  To put this in perspective, HP has 320,000 employees, more than 70,000 technologists, less than 1,000 get to go to the conference and fewer than 50 get to stand up on stage and talk.  HP Labs is always well represented, innovation is their lifeblood.  HP Cloud… had never sent anyone.

PodiumLast year I started working on something pretty cool, so a logical step while applying for a patent was to submit the innovation to the conference.  Fast forward a few months to late February.  While sitting on the couch at the end of a long day, I was checking my email on my phone and a message popped up.  It was an invitation to Tech Con.  Even more mind boggling, after I re-read the email for the third time, I realized I’d been invited to speak.  Queue the montage of presentation creation, practice, tweaking, throwing the entire presentation away, starting from scratch, practicing, tweaking, etc.

You can read about what other HP People higher in the company than me have to say about Tech Con: HP’s CTO Martin Fink highlighted it on the HP Next blog, and HP Fellow Charlie Bess has posted about it.  For those who haven’t had a chance to go to an event like Tech Con, a big, technical company event, I’d like to give a brief rundown of what it’s like, since it can be a once in a career experience.

Room KeyTech Con this year was in Anaheim.  The location is a closely guarded secret before the conference, because it’s chock-full of company trade secrets and unreleased products.  We were at a hotel a few minutes from Disneyland, and HP had booked nearly the entire thing for the conference.  There were a few vacationers, but pretty much everyone you saw was wearing the HP Tech Con lanyard.  Even our room keys had the conference logo on them.

LunchTech Con is a conference where you work hard and play hard, in as compressed an amount of time as possible.  We all flew in Sunday afternoon, and then had a reception and dinner that evening.  Being a teleworker I don’t get to see HP at it’s most mind-bogglingly huge, but this conference went all out.  HP logos on the walls, HP banners, even HP napkins.  When you work in a little 350 person department in the cloud it’s easy to forget that the company makes paper, ink and printers of all kinds.  (Not to mention servers, PCs, storage, networking, software, services…)

The conference is a mix of formal presentations and academic style poster sessions.  During the poster sessions my co-authors from HP Cloud and I got to stand in front of our poster and talk to technologists and executives from all over HP, discussing how we could work together, explaining our product and getting some really great feedback.  HP’s COO (and our boss’s boss’s boss’s boss) even dropped by our poster and talked with us for about 20 minutes.  It was amazing to get that level of recognition, and I think I managed to not completely embarrass myself.  Meg Whitman was on the poster hall floor, but unfortunately didn’t get to where we were.  She did talk to all of us, though, which was great for those of us who aren’t from the bay area and don’t see her regularly.

Tech Con Dinner

There were two blocks of scheduled activities, the first an outing to the Queen Mary that I missed to spend more time with some fellow HP Cloud folks (though everyone I talked to said it was really fun), and second an activities slot with things like whale watching, art walks, and the Warner Brothers studio tour, which I went on.

Nerd Herder

The highlight of that tour might have been seeing a real Nerd Herder from the TV show Chuck, but we also got to see the main set for The Mentalist, which was really cool.

Speaking at Tech ConI gave my talk Wednesday morning to a nice, big crowd, had some great QA, and then talked to a bunch more people at our final poster session.  It was great to hear from people who’d had 30 year careers at HP working on amazing products that they totally got our thing and thought we were on the right track.  That’s the kind of affirmation that can only come from a smart, diverse group of people like those at Tech Con.

Tech Con Room

Tech Con is a highly confidential conference, and they take IP violations really seriously.  I wanted to bring my poster home, since it was really pretty, and would go really well with my Whole Foods Market Milk poster.  I had some people ask about the possibility on my behalf, but apparently after the last session they were going to lock the door, ship them all back to Palo Alto, show them for a few days, then cut them up, boil them in acid, burn them, and bury them in the desert.  Oh well.

The conference wound down Wednesday afternoon, but I managed to walk over to Disneyland with one of my coworkers from HP Cloud to get souvenirs for the family, having a nice chat on the way.  The highlight of the conference is really those times, getting to talk to people you work with, or people from other parts of HP that you never have contact with.  I had conversations with people from Australia, the UK, Germany, India, China, Italy, Israel and Brazil.  It was really, really cool.