My MacBook Air Kicks Your Laptop's Ass

2010-12-16 22:45:43 by jdixon

I recently found myself in need of a new laptop. I've been using some version of Apple PowerBook or MacBook Pro over the last seven years. I've had a couple Thinkpads mixed in for good measure, but those were always as a secondary computing device, mainly for playing around with OpenBSD. Suffice it to say that I'm a big fan of Apple systems design (XServe and XServe RAID, not so much).

My last portable was a previous generation 15" MacBook Pro with the glossy screen. I won't miss the reflective display but the rest of the unit was solid. My only real gripe was the slow-as-molasses base hard drive (5400rpm, if I remember correctly). There's simply no way Apple should offer that in their premium laptops, especially since they market them as a premium product. Anyways, it was still faster than thin air, which is what I found myself holding after my last day at work.

The new MacBook Air lineup was something that caught my eye recently, particularly the 13" model. The price is a bit much for a "netbook", but one look at the top-of-the-line Air's specs and it compares favorably with most of the MacBook Pro line. Its 1440x900 resolution doesn't hurt either. But one thing that made me hesitate was the CPU... an Intel 2.13GHz Core 2 Duo. I work with VMware Fusion a lot so I was naturally concerned about any sort of performance issues. Hell, we can't even run Flash games on my daughter's Dell Mini 10v. So yeah, I was a little concerned.

Nevertheless, I took the plunge. And Oh [Your] God, was it worth it. This is my first experience with a real SSD drive. And let me tell you, it makes ALL the difference in the world. This Air runs VMware faster than my old MacBook Pro by an order of magnitude. I can suspend or resume Windows XP images in under 5 seconds. The same actions used to take upwards of 30 seconds on the Pro. It's pretty obvious by now that desktop virtualization is heavily I/O bound. The CPU just doesn't have much to do by comparison.

Everything else about the MacBook Air was as expected. It's a very lightweight form-factor with a great redesign of the port locations (and availability). I haven't had the opportunity to try out the mini-display-port external output yet, but enjoy having a USB on each side. The SD slot is also a nice touch but is pretty standard across laptops these days. Sleep and resume are almost instantaneous. The keyboard is full-sized and roomy.

In summary, I'm thrilled with my purchase. I've managed to shave off some old unused VMs to make room for my music collection, which used to exist on an external drive. I hate the idea of lugging around an external drive with such a petite portable, so I managed to find enough space on the 256GB SSD. This is quite literally the perfect laptop for me right now. I fully expect my OpenBSD friends to give me shit over it, and it's almost worth it.

A Little Time Off

2010-12-16 07:36:01 by jdixon

I always wondered what I could accomplish with a few weeks of free time. Never thought I'd have the chance to find out. Yeah, funny thing about that...

I've been Product Manager for an online monitoring service over the past 15 months. I've learned a lot about the full product cycle, building up all the components of a startup web company: cranking out a business plan, analyzing the competition, defining the roadmap, performing QA, etc. It's been a ton of fun, growing an Open Source trending application into a full-blown ECA/BSM suite. Now is the right time for me to hand it off to a full-blown sales organization and see it thrive. Which means I'm taking some time off to look for my next challenge.

I'm happy to report that the job market looks very strong right now. I'd love to believe that all the interest I'm getting is a byproduct of my years of experience and varied skillset, but I'm too self-loathing for that. Regardless, I'm still interviewing and haven't made up my mind yet. So if your startup/Web/SaaS/DevOps company is looking for a seasoned ops/network/security/engineering/product-managing type, drop me a line and let's chat. My CV/resume is available online.

Working with the Mojolicious Framework

Thanks to my reorganized shed-yule, I have the chance to catch up on some side projects. The first one is the evolution of NetFlow Dashboard as a SaaS service. Devon O'Dell has been doing some nifty stuff with the collector, while I've been focusing on the user-facing web and API stuff. I stumbled across the Mojolicious framework, and zomg, you can color me impressed. Compared to Catalyst, "Mojo" is a breath of fresh air. The syntax is actually quite similar to Dancer, but it goes a few steps further, adding placeholders (with optional regex constraints) and named routes. Take for example, the following snippet:

use Mojolicious::Lite;

    # Route with placeholder
    get '/:foo' => sub {
        my $self = shift;
        redirect_to('login') unless ($self->session('username'));
        my $foo  = $self->param('foo');
        $self->render(text => "Hello from $foo!");
    };

    # Defaults to login.html.ep
    get '/login' => 'login';

    # 
    post '/login' => sub {
        my $self = shift;
        redirect_to('login') unless (
            $self->param('username') && $self->param('password')
        );
        # [ ... some code to authenticate user ... ]
        $self->render(text => "Welcome!");
    };

    # Start the Mojolicious command system
    app->start;

    __DATA__

    @@ login.html.ep
    <!doctype html><html>
        <head>
            <%= content header => begin %>
                <title>Login</title>
            <% end %>
        </head>
        <body>
            <%= content body => begin %>
                <form action="post">
                <input name="username">
                <input name="password" type="password">
                <input name="login" type="submit">
                </form>
            <% end %>
        </body>
    </html>

This epitomizes everything I enjoy about Perl code. TMTOWTDI, but without all the crufty framework directories and files that remind me of Ruby on Rails. Mojolicious::Lite is easy to read, easier to write, with all the shortcuts a strapping young web hacker might want. It's smart enough to inject common sense where it should (e.g. searching for templates by named route and format) but powerful enough to let me extend any of the underlying Mojolicious classes (like Catalyst). Good stuff.

Updates on the OpenBSD IPsec Gossip

2010-12-15 15:22:57 by jdixon

As expected, news of a possible ten-year-old collusion to introduce backdoors in the OpenBSD IPsec stack have spread like wildfire. ArsTechnica, The Register, CNET, Forbes are among a long list of mainstream news outlets to chime in on these allegations.

Dag-Erling Smørgrav adds one point to my original commentary; that is, the action of introducing backdoor code into OpenBSD by the FBI would not fall under a "recently expired NDA", as Greg Perry claims. I think Dag is probably correct here. Even if Greg's claims are eventually proven true, something like this would more likely fall under a TOP SECRET (or even as high as TS/SCI) classification, which is typically declassified after a 25-year period. Releasing this information prematurely would land Greg in a steaming lake of hot water.

At least two of the named parties have already stepped forward to refute Greg's story. Scott Lowe posted to the openbsd-tech mailing list, stating that he does not, nor has he ever, had any affiliation or employment with the FBI or the OpenBSD project. Jason Wright followed up a short while later, demanding an apology from Greg Perry and detailing which parts of the code base he worked on during the affected period.

" I will point out that Greg did not even work at NETSEC while the OCF development was going on. Before January of 2000 Greg had left NETSEC. The timeline for my involvement with IPSec can be clearly demonstrated by looking at the revision history of:
	src/sys/dev/pci/hifn7751.c (Dec 15, 1999)
	src/sys/crypto/cryptosoft.c (March 2000)
The real work on OCF did not begin in earnest until February 2000."

I'm personally relieved to see the accused parties step up and assert their innocence. Unfortunately, the story won't end here. The mere possibility of impropriety by these developers or the FBI means the OpenBSD project will have to work long and hard to regain its tarnished reputation. A thorough code audit is the only sure-fire way (and even then, is not guaranteed) to clear these charges.

If you'd like to help with the audit, please consider matching Dag-Erling Smørgrav's triple bounty, or better yet, donating directly to the OpenBSD project.

Deconstructing the OpenBSD IPsec Rumors

2010-12-14 21:58:01 by jdixon

Theo de Raadt posted an email to the openbsd-tech mailing list Tuesday evening which contained details of alleged backdoors added to the OpenBSD IPsec code by government contractors some ten years ago. Subsequent posts from Bob Beck and Damien Miller add further commentary, but neither confirm nor deny the allegations. Damien goes so far as to propose a number of possible avenues as the most likely places to begin a new audit.

One of the purported conspirators is Jason Wright, a cryptology expert at the Idaho National Laboratory, who committed a significant amount of crypto and sparc64 code to the OpenBSD project. Although I haven't seen Jason in years, I consider "Wookie" a good friend and hope these accusations are false. If Damien's hypothesis is correct, it seems highly unlikely that Jason (or any US developers) introduced backdoors directly into the crypto code. A more likely scenario would be the malicious reuse of mbufs in the network stack.

As Brian T. Merritt suggests, it seems even more likely that Linux would be similarly "exploited". Lest we forget that while these claims against OpenBSD revolve around FBI involvement, Linux has had significant portions of its security code infiltrated by the NSA. Between these two code bases you're talking about an enormous portion of the networking infrastructure that powers the Internet.

As a former OpenBSD committer, this saddens me. Not just because of the possibility that this might be true, but that regardless of whether or not this could be true, it means that developer and community resources will be swallowed into the rumor vacuum for untold weeks and possibly months. This results in less innovation, fewer bugfixes, and worst of all, a growing distrust among everyone involved.

This story has all the characteristics of being newsworthy for a long while. It has already made major headlines across Twitter, Slashdot, Reddit and OSNews. Most articles and tweets imply that the claims are fact, without any investigation of the source claim or the actual code in question. I hope that all parties involved are cleared of any wrongdoing. Either way, the cat is out of the proverbial bag. These claims will undermine a significant portion of goodwill and trust among all Free Software / Open Source projects. In the end, nobody wins.

Impressions From NYCBSDCon 2010

2010-11-14 13:33:04 by jdixon

I was invited to give another talk at this year's NYCBSDCon. Motivated by Adam Jacob's Choose Your Own Adventure presentation at Velocity, I tried to include together a series of smaller talks into one session. Unfortunately, I funny thing happened on the way to the forum. A week before the event, I fat-fingered some commands on my laptop and blew away the slides. The recreated version was quite a bit different than originally advertised, but I think it went pretty well. Comments went from "your best talk ever" to "good, but the pacing on BSD is Dying was better".

Worried that the main presentation would be too short, I threw in a bonus CYOA-style web story. This went over better than expected, so I've put it online if you want to see it for yourself.

Will Backman (of BSDTalk fame) was kind enough to provide me with the audio from my talk already. I'm going to start syncing it up with the slides this week and then perhaps later on with the video taken by Patrick (awesome A/V guy at the event).

My initial impressions from the event:

  • Nice building, so-so location. Cooper Union is hard to find at first (Google Maps has no idea) but it's an attractive facility. Complicating matters is that it isn't near a subway station, so I had to take a taxi from Penn Station. And apparently the stations that are close were closed due to construction.
  • Good social. They had a room reserved at the B Bar, which seems to be a hopping place. It got pretty loud inside once the native crowds rolled in, so quite a few of us rolled outside and had a very interesting discussion on the future of BSD innovation. My only complant would be the lack of quality beer offerings. The choice of craft beers in your typical Maryland/DC establishment blows away what I saw in a couple places in New York.
  • Great turnout. I think George mentioned that they broke 200 registrations this year. That's a big jump up from the 130-or-so from 2008. Glad to see the conference growing, especially with the bi-annual scheduling.
  • Good talks, nothing mind-blowing. One of the themes I'd really like to hear more about is where BSD might be going with regards to virtualization and scalability. It's nice to hear about finished or ongoing development efforts, but I'd also like to hear what sort of roadmap the BSDs are working on (if it exists at all). Many BSD developers readily dismiss The Cloud as marketing buzz-speak, but the fact is that virtualization, scalability challenges and resource oversubscription are here to stay. I'm very happy to see FreeBSD adopt DTrace and ZFS from OpenSolaris (which start to get us there), but there's so much more to do.

As mentioned in my presentation, I fully expect this year's talk will be my last. Consider it the last chapter of my "BSD trilogy", as it were. I'm glad that so many people came out to hear me talk and seemed to enjoy themselves. I look forward to being just another attendee next year, waiting to see where the BSD movement takes us.

An Exit Strategy

2010-03-31 08:24:35 by jdixon

News broke recently that Oracle would begin enforcing old-school licensing policies on Solaris. The future of OpenSolaris has been in question for some time now. The writing is on the wall, in this geek's opinion. Oracle is a revenue-generating monster with blinders towards open source. The product manager in me appreciates the directness of it. The hacker in me despises them for raping Sun Microsystems and pulling the rug out under from the rest of us.

This will almost certainly renew interest in BSD distributions. Sure, Linux will get plenty of (re-)adopters migrating off Solaris. But keep in mind that many Solaris users left Linux for greener (read: more stable) pastures. They've tasted the delicacies of ZFS, Dtrace, project Crossbow and zones. Linux is a big bitter pill to swallow after you've tried those.

Fortunately, users have a choice. Although I'm not a big user of FreeBSD myself, I appreciate the work they've put into porting ZFS and Dtrace. They have OpenBSD's PF packet filter and experimental support for Valgrind. There are plenty of reasons to love FreeBSD right now. Suffice it to say that I'll be testing my alternatives and looking for an exit strategy from Oracle.

New Year's Resolutions

2010-01-01 22:28:02 by jdixon

I'm not sure how effective it is to post these here, but I'm hopeful that having them in cyberspace will help keep me motivated. I'm hereafter calling these goals rather than resolutions The latter, to me, implies something that you begin immediately. This cold-turkey approach virtually guarantees failure. The moment you trip up, the subconscious immediately considers them a lost cause and reverts to the old behavior. As goals, I think it sets a more optimistic tone and allows me to gradually adapt the preferred conduct.

Without further ado, my personal list of goals for this year (in no particular order)...

Read the rest of this story...