Warning: Creating default object from empty value in /home/jared/public_html/wp-content/themes/canvas/functions/admin-hooks.php on line 160

Archive | Technology RSS feed for this section

Product Registrations: A great way to get robbed

Product registrations have been around forever. Typically they provide extra benefits to the consumer such as an extended warranty or premium support. If you don’t register, you don’t get these benefits.

Last week I purchased a safe for my house. Having been burglarized before, I wanted a big, freakin’ heavy safe to hold my valuables. I ended up purchasing a SentrySafe model, which weighs a couple hundred pounds. After all, whats the point of having a safe if a burglar can just walk out with it in hand?

After moving the safe into the house I saw the product registration card. Seems innocent enough right?


SentrySafe Product Registration Card

The cards states that you should register for a number of benefits, including “for insurance purposes in case it’s lost of stolen”. Instead of mailing this card in, I decided to visit their online registration website.

Screen Shot 2013-09-14 at 1.49.20 PM

SentrySafe Online Registration

After reading into it the details, I learned that unless I register my safe AND provide an itemized list of everything in my safe, then I am not covered by their insurance policy of $10-50,000.

A list of all my valuables entered into an online database? Seriously? NO THANKS

Consider this very real life scenario based on this process:

  1. Tens (hundreds?) of thousands of people register their SentrySafe Safes, providing the model, itemized list of valuables and their address (where the safe is likely located).
  2. All of this data is stored in a database, with unknown levels of security in place.
  3. Hackers breach the network and servers owned by SentrySafe. This is pretty common, just ask the companies with the 15 worst security breaches in history
  4. Using the data, hackers/burglars can create a map of everyone who owns a safe, it’s model and list of valuables.
  5. Burglars can target the models that are known to be easily opened, or target the largest models knowing they likely contain more valuables.
  6. $$$$

Pretty scary to think about. Think twice before registering your products.

Comments { 0 }

A discussion with the AWS team on my experience with RDS

I was recently contacted by Amazon Web Services to provide feedback on their relational database-as-a-service (RDS). I took the opportunity to outline my usage and suggestions for improvements. As there is so much “black magic” behind the scenes as AWS, I was really happy to receive an in-depth response from an executive there (shown below my response) 

Overview of My RDS Usage

I manage the infrastructure for a consumer website offering games, trivia, surveys and other content. We have hundreds of thousands of users and rely on RDS for all our relational DB needs.

  • Full stack running on EC2
  • One master DB and one read-replica
  • 100-200GB of data
  • 350GB disk allotted (due to rumors on StackOverflow that 300gb+ drives have striping)
  • Not utilizing Multi-AZ. Due to large cost increase, and not sure that I can trust it will work. Last major outage from that storm hitting VA showed that even. Multi-AZ doesn’t help if none of the infrastructure is available.
  • Memcache (via Elasticache) utilized
  • MongoDB used for unstructured data requiring heavy writes

Suggestions for Service Improvements and New Features

  • Direct URL to Cloudwatch graphs with public access. This would allow me to distribute bookmarks to my developers and other staff without giving them access to AWS. There is no private data shown on the graphs, so it should be quite safe to do.
  • Access to bin logs for forensic dives into issues. I.E. how was all data dropped from every table? We recently had an outage where our entire database was wiped. We had no log of queries, and therefore couldn’t find out if it was a bug in our code, or a failure with MySQL that corrupted all the data. I had to do a “restore to point in time”, which took 2.5 hours to complete. During this time I had no idea how long it would take to come back online, or if the database would just empty again.
  • Feedback in the GUI or API as to how far along (%) a DB Restore is. Currently there is no information and I can’t ever give anyone an ETA on when service might return.
  • When creating a database, could you explicitly tell me at what disk size I will get higher performance from striping. I read on StackOverflow that it is enabled on disks larger than 300GB.
  • I have setup a DB using the new PiOPs environment and began testing the load time. It seems that even with the largest instances available and best practices, it will still mean at-least 5 hours of downtime for us. For this reason we’ll like have to wait to take advantage of it. Do you have any idea when the ability to boot standard snapshots into PiOPS will become available?

Response from AWS

October 3rd 2012

Thanks Jared,

I’ve passed this doc to our development team and documented these requests into a requirements doc that we maintain for them. Some of the items are already on their radar, so your input will influence their priority. One point you raise (in both your configuration detail and in one question towards the end of the doc) is in regards to scaling storage:

You will realize improvements with RDS throughput by scaling storage as high as 500GB, and this effect starts at a level well under 100GB (ie: striping occurs at a far lower level than 300GB).

The most important factor in realizing this throughput potential is the instance class. Specifically, the following instance classes are considered High I/O instances:

  • m1.xlarge
  • m2.2xlarge
  • m2.4xlarge

These instances have large network bandwidth available to them, so the upgrade that you mentioned on stackoverflow (to the m2.2xlarge instance) was likely the main reason you saw a leap in throughput. If you stripe your current storage as high as 500GB, this will continue to increase. With provisioned IOPS support for RDS (PIOPS-announced last night), throughput will now scale linearly all the way to 1TB.

With PIOPS, the throughput rate you can expect is currently associated with the amount of allocated storage. For Oracle and MySQL databases, you will realize a very consistent 1,000 IOPS for each 100GB you allocate – resulting in a potential throughput max of 10K IOPS. The (current, temporary) downside is that you will need to unload/load data to migrate an existing app to the PIOPS RDS.

Loading snapshots into PIOPS instances is still a few months away, but the team is committed to delivering this as quickly as possible. We understand the downtime impact and recommend that PIOPS instances be used for testing, benchmarking and new workloads. Existing workloads that need PIOPS are mostly sensitive to downtime, so we don’t anticipate a lot of migration until we can provide a more seamless transition.

Regarding Multi-AZ deployment… we’re constantly improving the back-plane of RDS to ensure that MAZ is failure-proof. Until we’re at 100% protection, however, the work continues – to the point that it often pushes back more visible roadmap features.



My Thoughts on the AWS response

The AWS team is very sharp. The speed at which they iterate their products with customer demand is incredible. Their response to my concerns with the RDS product clearly demonstrate this.

RDS has been a huge success for me. Though there have been a couple periods of downtime due to EC2 apocalypse like events, the ability to focus on product development instead of mundane DB/sysadmin tasks is priceless. Even more important is the peace of mind I can have as a sysadmin. Typically database backup, storage, rotation, testing and recovery is an arduous process requiring constant attention. Giving up a couple control knobs for all this automation is absolutely the right decision for any startup.

I’m excited to see what the AWS team comes out with next.

Comments { 0 }

Facebook Dis-Connect

It’s getting to the point where Facebook’s developers should just include a “Give My Life Away” button for Facebook Connect. What percentage of people actually click through and allow an untrusted app ALL of this information? The conversion rates must be awful.

From my experience with CampusLIVE – asking for this many permissions from the user typically puts the Allow button below the fold so it’s not even click-able. This happened to us with 8 requests. RockMelt has an amazing 11 requests for information.

Rockmelt Facebook Dis-Connect

Comments { 1 }

Simple solution to a huge problem

Finding adequate amounts of potable water is a huge problem, especially in sub-Saharan Africa. I stumbled on this video introducing “Play Pumps” – in my opinion one of the most creative solutions to this problem that I’ve ever seen.


What do you think?

Comments { 0 }

Why I’ve grown to hate my Treo 700w

My current Treo 700w seemed perfect when I bought it, but my opinion has changed. There are a few very fundamental things that have pushed me to switch to a Blackberry for my next phone.

The Alarm / Snooze Functionality

Setting an alarm for the morning is quite easy. They even have a visual clock that you can drag the hands around on. Very nice for a visual person like me. Unfortunately when my alarm goes off in the morning and I want to hit snooze, I only have two options. 5 minutes or 1 hour. This is can’t understand. I can’t fall back asleep in 5 minutes and snoozing for an hour just ends up killing the day. Please Micro$oft – an update with 20 or 30 minute snooze would be great

Add New Contact

A very basic feature of any phone (or so you would think) is to be able to click on a call you received and add that number as a contact. The Treo gives no such option. This means for the past year i’m stuck writing down a number in my received calls and entering it into the contacts. Lame.

ActiveSync Connection

Since I used to love Outlook, I bought the Treo thinking it would be an awesome way to sync daily tasks, calendars and email. They advertise it as a simple plug in. It worked occasionally but the connection on the plug is such a crazy design that it started to fail consistently. A regular USB mini plug anyone?

Ok so there are a couple Pro’s: 

Battery life is excellent. I’m still using the original battery after a year and typically don’t have to recharge for 4 days.

Solitaire also works well anytime i have a few minutes to kill.

Comments { 0 }