Stickybit Blog

The virtue of sharing

Mon, 28 Nov 2011 11:23:00 +0100

Wikipedia does makes the world a little more complex by pulling us all out of the comfort zones of our pet beliefs. I won't pretend that this isn't a bit annoying.

As a kid I spent hours every week in the library in Lyckeby reading comics or selecting novels and hoping some friend would show up for a game of chess. The real fascination though were the plentitude of all these books with facts, stories or descriptions about almost anything in the world. They where just there. I could look in them, read bits or bring some home. All and everything were there for me. Imagine the thought that I one day could bring an entire reference library in my pocket on Hitchhiker's Guide to the Galaxy like devices.

Skip forward a couple of decades.

Whatever that has been added to me as an individual beyond who I am and my personal experiences has been brought to me by means of information. Wikipedia has helped me to build knowledge, skills and a career. It enriches my everyday life. Hopefully I manage to pass some of that on to people around me and the society I live in.

Fredrick Rybarczyk, CEO @ Stickybit and life long reader

Tribute to the great one

Thu, 25 Aug 2011 12:10:00 +0200

Steven P Jobs. What to say? IMHO he won't be remembered for all that long due to the nature of his achievements. After all, who remembers the guy that made the steam engine feasible for wide use? Technology changes with time and so does our appreciation of the people behind it. Centuries from now, he is hardly likely to be known at all. But he would deserve to be. He belongs among the likes of Shakespeare and Michelangelo as one of the true greats of western civilization. It's been a privilege.

The future of Internet

Mon, 07 Feb 2011 10:31:00 +0100

We are very pleased to welcome Patrik Fältström to Stickybit for an evening on Monday the 21:th of Mars at 16.00. Mr Fältström a.k.a. paf works for Cisco where he reports to the CTO office. He's a member of an advisory board to the Swedish Government and advisor to the United Nations' Multistakeholder Advisory group. He chairs the ICANN:s Security and Stability Committee of which he's been a member since 2005. The conversation will revolve around Internet challenges in the light cast by recent events such as the shutdown in Egypt, that the world recently ran out of IPv4 addresses and how to meet those challenges with policies and - of course - technology. Please send an email to fredrick@stickybit.se if you want to come. While most of the conversation will be held in Swedish, everyone will be happy to accommodate to people fluent in other forms of human communication though without warranty.

War Game - A Linux hacking contest!

Wed, 17 Mar 2010 10:59:00 +0100

A Stickybit War Game is all about letting your creativity excersise your knowledge of security and your skills with Linux to the extreme. Participate as a team or play it the hard way on your own but remember only one can be the winner.

When: 25/3 17.00
Where: Stickybit's office, Gustav Adolfs torg 10a, Malmö
How: Friendly help is provided as the doors open at 16.00

While this first and foremost is about fun, there is a reminder of something important in this. The War Game challenges proves how bugs can turn in to serious security flaws to escalate user access. In your day job, it is your duty to avoid these mistakes. On this night, it is your task is to find these flaws and exploit them.

It is also a social activity and interaction with other contestants is not only allowed, we actively encourage it and we will provide ample supplies of bewerages and Pizza to make sure that this happens. In this sense, your skills as a collaborator, deal maker or perhaps shadier and more deceitful aspects of your persona may come in handy in addition to good knowledge in Linux, C programming and scripting.

You will hack around in Linux shells and play with unknown binaries so common debugging skills and tools like strace, gdb or anything else on a Linux client machine that you can think of will likely make a huge difference. And there's the Internet..

We will have a lot of fun and we hope that you will join us. Please contact christoffer@stickybit.se and book a seat!

Load balancing PostgreSQL in the Amazon cloud

Tue, 02 Feb 2010 15:23:00 +0100

We've been working on an internal project for quite some time that among other things involves a ReSTful web service backed by a PostgreSQL database.

Our "production" installation is deployed in the Amazon EC2 cloud, with the idea that this gives us maximum flexibility to scale up resource investment dynamically with demand. However, in such a deployment PostgreSQL becomes both a potential bottleneck and SPOF (Single Point of Failure). While at its current phase in development we don't see any indication that we will be reaching a performance ceilings any time soon, this is still a concern for any large-scale roll out.

During our development we looked into a number of tools / methods to remove or at least reduce the potential bottleneck and SPOF aspects of a PostgreSQL backend. These included many options from the well established myriad of solutions out there, such as bucardo, pgcluster, pgpool-II, and slony-I. We had a pretty good idea of our requirements:

No requirements or major constraints on application/schema design.
No SPOF for write operations (asynchronous replication would be okay though).
Load-balanced read operations.
Support for recent (8.3, 8.4) versions of PostgreSQL and PostGIS.
Authentication and encryption support.
Open Source.

Unfortunately, most of the tools we evaluated failed at least one of the above criteria. Most notably, many made assumptions about a having secure local physical network for the "clustering". This would
allow for various low-level networking techniques to perform load balancing, and also be necessary for the lax security requirements that many of the solutions have. For example, not all solutions allow for encryption between nodes, and others even require passwordless (i.e. "trust") authentication! Others require configuration of shared block devices or use of other utilities that impose their own set of problems for a cloud environment (like memcached).

We felt that pgpool-II came the closest in this regard, and additionally the application was quite simple conceptually. It didn't, however, have support for the built-in OpenSSL features found in PostgreSQL, but otherwise we were quite happy with its featureset. However, after conferring with the upstream authors it was indicated that this was a feature they wanted to have in a future release, so we decided to continue evaluating it.

In our first deployment, as a proof of concept, we set up a rather complicated system of SSH tunnels (maintained active via upstart jobs spawning autossh sessions) to secure the node-to-node communications. While quite complicated and a pain to administer, it worked and did not produce any noticiable degradation in performance.

So after returning from vacation, I sat down and spent a couple days hacking together a basic implementation and sent it to the pgpool developers' mailing list. After a bit of back and forth and some peer review, the patches have now been committed and the feature will be included in the next release.

I'm now putting the finishing touches and a fairly detailed "how-to" document for setting up an EC2/PostgreSQL/pgpool-II deployment. In the process a few other ideas for new features to pgpool-II have come up (and a I've even found a bug or two!)--but in any event the next release of pgpool-II should be good news for anyone wanting to deploy a scalable PostgreSQL implementation in the cloud.

Even old dogs can still learn about TCP and UDP stacks...

Fri, 11 Dec 2009 15:33:00 +0100

Besides netstat, lsof and tcpdump I've not got a new tool in the collection. Christoffer showed me the ss command the other day while we were trying to understand the load on the DesignSync server.

Slightly different than netstat and seems to be considerably faster, ss can provide information about:

All TCP sockets.
All UDP sockets.
All established ssh / ftp / http / https connections.
All local processes connected to X server.
All the tcp sockets in state FIN-WAIT-1 and much more.

See http://www.cyberciti.biz/tips/linux-investigate-sockets-network-connections.html for more info and examples.

patch-tracking.debian.net

Tue, 09 Sep 2008 15:40:00 +0200

way back in june there were some discussions on the debian-devel mailing lists about more effectively visualizing the changes made by debian developers to the packaged software distributed in debian.

the idea was that there should be a way for not just debian developers, but also users and upstream authors to review all the changes made to the "pristine" original version. ideally this should be provided in a way that does not require knowledge of debian-specific tools, version control systems, or methodology. over the next couple weeks i hacked out a small python based system that did just this, which went online just before i left for vacation. some example links:

home page:
http://patch-tracking.debian.net

currently tracked versions of the php5 package:
http://patch-tracking.debian.net/package/php5

extended information for php5 version 5.2.6-3:
http://patch-tracking.debian.net/package/php5/5.2.6-3

viewing a specific patch in the cacti package:
http://patch-tracking.debian.net/patch/series/view/cacti/0.8.7b-2.1/01_config.php.patch

there's still a few bugs lurking in it, and a long list of "oh hey, X would be cool" (bug tracker integration, commenting, etc) features, but it's useful enough that people are already referring to it on teh internets.

Adventures in Copenhagen

Wed, 26 Sep 2007 15:44:00 +0200

a little more than a week ago, i was invited down by a friend of a friend to give a quick 15 minute talk in copenhagen about package management in debian. the talk was to be part of a larger "package management deathmatch" being hosted by the european BSD users' conference (euroBSDcon), where developers from different OS distributions would pitch why their system was the greatest thing since sliced bread and so much cooler than those other guys' system.

of course there was a catch or two, or three: the audience was fully authorized to give their feedback during the talks, be it via applause or heckling. the judges would ultimately decide the winner, based largely on the audience feedback, but they were not above (and in fact encouraged) bribery to help influence there decisions. and as i mentioned, the venue was a BSD users' conference. need i remind you that the attitudes that are held between "linux users" and "BSD users" range between friendly antagonism and outright enmity depending on the person/topic; so i was suspecting at best a really tough crowd and at worst a horrible, horrible trap.

fortunately it was mostly the former. the crowd was pretty tough, but thanks to a combination of a good talk, some healthy pandering to the audience, and a tasty fresh-baked kladkaka for the judges i managed to escape mostly unscathed. i had the good luck of going second-to-last, so i was able to watch and learn from my predecessors. the poor gentoo devs (the only other gnu/linux folk at the conference) didn't have this luck, and went second. i think it's only fair to admit that they ended up taking a lot of what could have otherwise been aimed at me, so thanks, guys :)

surprisingly, i ended up winning the talk by a slim margin, largely thanks to annika's recipe, no doubt. and to the victor, the spoils: a box of delicious handmade danish chocolates. after the talk i was approached by a number of people who were in the crowd, who either wanted to congratulate me for the talk, to give me props for having the guts to even show up for the talk, or to privately admit to me that they ran debian too (sssshh)...

after the conference, i went to a brewpub (which is named, imaginatively, "brewpub") downtown with a bunch of the other conference folks (and met up with Clint, who was passing through on business). the rest of the evening i spent most of my focus on the "cole porter" and trying not to embarass myself with my rusty french in front of some french freeBSD devs, and went home happy and exhausted. the chocolates didn't last very long.

for those interested, the talk can be found here (openoffice impress format)