My MacBook Air Kicks Your Laptop's Ass

2010-12-16 22:45:43 by jdixon

I recently found myself in need of a new laptop. I've been using some version of Apple PowerBook or MacBook Pro over the last seven years. I've had a couple Thinkpads mixed in for good measure, but those were always as a secondary computing device, mainly for playing around with OpenBSD. Suffice it to say that I'm a big fan of Apple systems design (XServe and XServe RAID, not so much).

My last portable was a previous generation 15" MacBook Pro with the glossy screen. I won't miss the reflective display but the rest of the unit was solid. My only real gripe was the slow-as-molasses base hard drive (5400rpm, if I remember correctly). There's simply no way Apple should offer that in their premium laptops, especially since they market them as a premium product. Anyways, it was still faster than thin air, which is what I found myself holding after my last day at work.

The new MacBook Air lineup was something that caught my eye recently, particularly the 13" model. The price is a bit much for a "netbook", but one look at the top-of-the-line Air's specs and it compares favorably with most of the MacBook Pro line. Its 1440x900 resolution doesn't hurt either. But one thing that made me hesitate was the CPU... an Intel 2.13GHz Core 2 Duo. I work with VMware Fusion a lot so I was naturally concerned about any sort of performance issues. Hell, we can't even run Flash games on my daughter's Dell Mini 10v. So yeah, I was a little concerned.

Nevertheless, I took the plunge. And Oh [Your] God, was it worth it. This is my first experience with a real SSD drive. And let me tell you, it makes ALL the difference in the world. This Air runs VMware faster than my old MacBook Pro by an order of magnitude. I can suspend or resume Windows XP images in under 5 seconds. The same actions used to take upwards of 30 seconds on the Pro. It's pretty obvious by now that desktop virtualization is heavily I/O bound. The CPU just doesn't have much to do by comparison.

Everything else about the MacBook Air was as expected. It's a very lightweight form-factor with a great redesign of the port locations (and availability). I haven't had the opportunity to try out the mini-display-port external output yet, but enjoy having a USB on each side. The SD slot is also a nice touch but is pretty standard across laptops these days. Sleep and resume are almost instantaneous. The keyboard is full-sized and roomy.

In summary, I'm thrilled with my purchase. I've managed to shave off some old unused VMs to make room for my music collection, which used to exist on an external drive. I hate the idea of lugging around an external drive with such a petite portable, so I managed to find enough space on the 256GB SSD. This is quite literally the perfect laptop for me right now. I fully expect my OpenBSD friends to give me shit over it, and it's almost worth it.

A Little Time Off

2010-12-16 07:36:01 by jdixon

I always wondered what I could accomplish with a few weeks of free time. Never thought I'd have the chance to find out. Yeah, funny thing about that...

I've been Product Manager for an online monitoring service over the past 15 months. I've learned a lot about the full product cycle, building up all the components of a startup web company: cranking out a business plan, analyzing the competition, defining the roadmap, performing QA, etc. It's been a ton of fun, growing an Open Source trending application into a full-blown ECA/BSM suite. Now is the right time for me to hand it off to a full-blown sales organization and see it thrive. Which means I'm taking some time off to look for my next challenge.

I'm happy to report that the job market looks very strong right now. I'd love to believe that all the interest I'm getting is a byproduct of my years of experience and varied skillset, but I'm too self-loathing for that. Regardless, I'm still interviewing and haven't made up my mind yet. So if your startup/Web/SaaS/DevOps company is looking for a seasoned ops/network/security/engineering/product-managing type, drop me a line and let's chat. My CV/resume is available online.

Working with the Mojolicious Framework

Thanks to my reorganized shed-yule, I have the chance to catch up on some side projects. The first one is the evolution of NetFlow Dashboard as a SaaS service. Devon O'Dell has been doing some nifty stuff with the collector, while I've been focusing on the user-facing web and API stuff. I stumbled across the Mojolicious framework, and zomg, you can color me impressed. Compared to Catalyst, "Mojo" is a breath of fresh air. The syntax is actually quite similar to Dancer, but it goes a few steps further, adding placeholders (with optional regex constraints) and named routes. Take for example, the following snippet:

use Mojolicious::Lite;

    # Route with placeholder
    get '/:foo' => sub {
        my $self = shift;
        redirect_to('login') unless ($self->session('username'));
        my $foo  = $self->param('foo');
        $self->render(text => "Hello from $foo!");

    # Defaults to login.html.ep
    get '/login' => 'login';

    post '/login' => sub {
        my $self = shift;
        redirect_to('login') unless (
            $self->param('username') && $self->param('password')
        # [ ... some code to authenticate user ... ]
        $self->render(text => "Welcome!");

    # Start the Mojolicious command system


    @@ login.html.ep
    <!doctype html><html>
            <%= content header => begin %>
            <% end %>
            <%= content body => begin %>
                <form action="post">
                <input name="username">
                <input name="password" type="password">
                <input name="login" type="submit">
            <% end %>

This epitomizes everything I enjoy about Perl code. TMTOWTDI, but without all the crufty framework directories and files that remind me of Ruby on Rails. Mojolicious::Lite is easy to read, easier to write, with all the shortcuts a strapping young web hacker might want. It's smart enough to inject common sense where it should (e.g. searching for templates by named route and format) but powerful enough to let me extend any of the underlying Mojolicious classes (like Catalyst). Good stuff.

Updates on the OpenBSD IPsec Gossip

2010-12-15 15:22:57 by jdixon

As expected, news of a possible ten-year-old collusion to introduce backdoors in the OpenBSD IPsec stack have spread like wildfire. ArsTechnica, The Register, CNET, Forbes are among a long list of mainstream news outlets to chime in on these allegations.

Dag-Erling Smørgrav adds one point to my original commentary; that is, the action of introducing backdoor code into OpenBSD by the FBI would not fall under a "recently expired NDA", as Greg Perry claims. I think Dag is probably correct here. Even if Greg's claims are eventually proven true, something like this would more likely fall under a TOP SECRET (or even as high as TS/SCI) classification, which is typically declassified after a 25-year period. Releasing this information prematurely would land Greg in a steaming lake of hot water.

At least two of the named parties have already stepped forward to refute Greg's story. Scott Lowe posted to the openbsd-tech mailing list, stating that he does not, nor has he ever, had any affiliation or employment with the FBI or the OpenBSD project. Jason Wright followed up a short while later, demanding an apology from Greg Perry and detailing which parts of the code base he worked on during the affected period.

" I will point out that Greg did not even work at NETSEC while the OCF development was going on. Before January of 2000 Greg had left NETSEC. The timeline for my involvement with IPSec can be clearly demonstrated by looking at the revision history of:
	src/sys/dev/pci/hifn7751.c (Dec 15, 1999)
	src/sys/crypto/cryptosoft.c (March 2000)
The real work on OCF did not begin in earnest until February 2000."

I'm personally relieved to see the accused parties step up and assert their innocence. Unfortunately, the story won't end here. The mere possibility of impropriety by these developers or the FBI means the OpenBSD project will have to work long and hard to regain its tarnished reputation. A thorough code audit is the only sure-fire way (and even then, is not guaranteed) to clear these charges.

If you'd like to help with the audit, please consider matching Dag-Erling Smørgrav's triple bounty, or better yet, donating directly to the OpenBSD project.

Deconstructing the OpenBSD IPsec Rumors

2010-12-14 21:58:01 by jdixon

Theo de Raadt posted an email to the openbsd-tech mailing list Tuesday evening which contained details of alleged backdoors added to the OpenBSD IPsec code by government contractors some ten years ago. Subsequent posts from Bob Beck and Damien Miller add further commentary, but neither confirm nor deny the allegations. Damien goes so far as to propose a number of possible avenues as the most likely places to begin a new audit.

One of the purported conspirators is Jason Wright, a cryptology expert at the Idaho National Laboratory, who committed a significant amount of crypto and sparc64 code to the OpenBSD project. Although I haven't seen Jason in years, I consider "Wookie" a good friend and hope these accusations are false. If Damien's hypothesis is correct, it seems highly unlikely that Jason (or any US developers) introduced backdoors directly into the crypto code. A more likely scenario would be the malicious reuse of mbufs in the network stack.

As Brian T. Merritt suggests, it seems even more likely that Linux would be similarly "exploited". Lest we forget that while these claims against OpenBSD revolve around FBI involvement, Linux has had significant portions of its security code infiltrated by the NSA. Between these two code bases you're talking about an enormous portion of the networking infrastructure that powers the Internet.

As a former OpenBSD committer, this saddens me. Not just because of the possibility that this might be true, but that regardless of whether or not this could be true, it means that developer and community resources will be swallowed into the rumor vacuum for untold weeks and possibly months. This results in less innovation, fewer bugfixes, and worst of all, a growing distrust among everyone involved.

This story has all the characteristics of being newsworthy for a long while. It has already made major headlines across Twitter, Slashdot, Reddit and OSNews. Most articles and tweets imply that the claims are fact, without any investigation of the source claim or the actual code in question. I hope that all parties involved are cleared of any wrongdoing. Either way, the cat is out of the proverbial bag. These claims will undermine a significant portion of goodwill and trust among all Free Software / Open Source projects. In the end, nobody wins.