Another look at IFTTT

In March 2012 (that’s a while ago) I wrote this article about a new service I’d discovered called IF-This-Then-That.

Now, almost five years on, IFTTT has come a long way. Just looking at the channels (they now call them services) it is amazing how far they’ve come. Quite amazing.

Time to go revisit IFTTT. It still amazes me that they are a free service.

Facebook at a Crossroads

Interesting article in MIT Technology review at

More than half of the 3.4 billion people with Internet access log on to Facebook each month. Revenue in the first nine months of 2016 jumped 36 percent to $19 billion; profit nearly tripled, to $6 billion. Yet the company’s founder has spent the year talking up his plans to become something much larger and more meaningful.

With the election now over, the coming crackdown on fake news, and getting mired in the censorship controversy after blocking the video stream of Philando Castile after he was shot in Minnesota surely didn’t help.

I wonder how much all these things will affect Facebook, and how much that is driving the urge to do unnatural things.

Drones, Virtual Reality, get a grip …

The case(s) for and against PGP

When I read I’m throwing in the towel on PGP, and I work in security, which appeared as an Op-ed in ArsTechnica, I felt that it certainly deserved a response. While Filippo Valsorda makes some valid points about PGP/GPG, I felt that they were less about shortcomings in the scheme and rather usability issues that have been unfortunately ignored.

Then I read “Why I’m not giving up on PGP“,  an excellent article, also in ArsTechnica, and it does a much better job of refuting the article than I could ever have done.

Both are well worth the read.

May I please get whatever Windows version powers the Dreamliner?

It is being widely reported that the FAA has issued an Airworthiness Directive (AD) requiring that Boeing 787 Dreamliners must be rebooted every 21 or so days.dreamliner

This is not a hoax.

This is the AD issued by the FAA 0n 2016-09-24, I obtained a copy of this AD from here.

The AD states:

This AD requires repetitive cycling of either the airplane electrical power or the power to the three flight control modules (FCMs). This AD was prompted by a report indicating that all three FCMs might simultaneously reset if continuously powered on for 22 days. We are issuing this AD to address the unsafe condition on these products.
A little investigation indicates that this isn’t the first time the FAA has had to do this. The last time they had to do something like this was in 2015-09 when they issued this AD which I obtained from here. That AD was more specific about the reason for the problem, stating
This condition is caused by a software counter internal to the GCUs that will overflow after 248 days of continuous power.
It has been widely rumored that the present AD about the 21 day action is similarly motivated, and the logic is that a timer with millisecond precision which will overflow at about 24 days.
This is all very droll, and I hope to hell that they power cycle their planes on the ground regularly and all that. My only question is this, since they are in fact running Windows under the covers, how on earth are they able to keep the thing going for 21 days?
With Windows 7 that was a piece of cake but this new Windows 10 that I have wants to reboot every night and I don’t have any say in the matter.
So whatever Boeing did to keep the damn thing going 21 days, it would be great if they shared that with the world.

The Monty Hall problem

I’ve long wanted a simple explanation of the Monty Hall problem and I’ve never found one that I liked. Some I really detested like one that tried to make some lame analogy to baseball pitchers.

Anyway, here is what I’ve found to be the simplest explanation yet. First, what’s the problem.

In a game show, the contestant is shown into a room with three identical closed doors. He is informed that behind one door is a prize and behind the other two doors, there is nothing.

He is then asked to pick a door. Once he has picked a door, the host proceeds to open one of the other two doors (that he had not picked) and shows the contestant that there is nothing behind that door.

The host then offers the contestant the option of either changing his selection (picking the third remaining door), or sticking with his initial choice.

What should the contestant do?

The simplistic answer is that once the contestant has been shown that there is nothing behind one door, the problem reduces to two doors and therefore the odds are 50-50 and the contestant has no motivation to switch.

In reality, this is not the case, and the contestant would be wise to switch. Here is why.

image1Three doors, behind one of them is the prize, behind the other two, there is nothing.

The contestant now picks a door. For the purposes of this illustration, let’s assume that the contestant picks the door in the middle as shown below.

image2Since the prize is behind one of the three doors, the odds that the prize is behind the door that the contestant has picked is 1/3. By extension therefore the probability that it is behind one of the other two doors is 2/3 (1/3 for each of the doors).

So far, we’re all likely on solid footing, so let’s now bring in the twist. The game show host can always find a door behind which there is nothing. And as shown below, he does.

image3The game show host has picked the third door and there’s nothing there.

However, nothing has changed the fact that the probability that the prize was behind the door that the contestant chose is 1/3 and the probability that it is behind one of the other two doors is 2/3. What has changed is that the host has revealed that it is not behind the door at the far right. If then the probability that it is behind the far left door and the far right door (the two doors that the contestant did not pick) is 2/3, we can say that the probability that it is behind the far left door has to be 2/3.

With this new information therefore, the contestant would be wise to switch his choice.

Defining Success in OpenStack (With Heisenberg in Mind)

This article first appeared at

I recently read Thierry Carrez’s blog post where he references a post by Ed Leafe. Both reminded me that in the midst of all this hand wringing about whether the Big Tent was good or bad, at fault or not at fault, and whether companies were gaming the system (or not), the much bigger issue is being ignored.

We don’t incentivize people and organizations to do the things that will make OpenStack successful, and this shortcoming poses a real and existential threat to OpenStack.

Werner Heisenberg observed that the act of measuring the position of a sub-atomic particle affected its momentum and vice-versa. In exactly the same way(s) that Heisenberg said, the act of measuring an individuals (or organizations) performance in some area impacts that performance itself.

By measuring commits, lines of code, reviews and other such metrics that are not really measures of OpenStack’s success, we are effectively causing individuals and organizations to do the things that make them appear “good” on those metrics. They aren’t “gaming the system”, they are trying to look good on the measures that you have established for “success”.

At Tesora, we have always had a single-minded focus on a single project: Trove. We entered OpenStack as the DBaaS company, and have remained true to that. All the changes we have submitted to OpenStack, and the reviews and participation by Tesora have been focused on the advancement of DBaaS. We have contributed code, documentation, tests, and reviews that have helped improve Trove. To us, this single minded focus is a good thing because it has helped us advance the project, and to make it easier for people to deploy and use it in practice. And to us, that is the only thing that really matters.

The same thing(s) are, true for all of OpenStack. Actual adoption is all that matters. What we need from the Technical Committee and the community at large is a concerted effort to drive adoption, and to make it easier for prospects to deploy and bring into production, a cloud based on OpenStack. And while I am a core-reviewer, and I am the Trove PTL, and I wrote a book about Trove, and our sales and marketing team do mention that in customer engagements, we do that only because they are the “currency” in OpenStack. To us, the only things that really matter are ease-of-use, adoption, a superlative user experience, and a feature rich product. Without that, all this talk about contribution, and the number of cores and PTL’s is as completely meaningless as whether the Big Tent approach resulted in a loss of focus in OpenStack.

But, remember Heisenberg! Knowing that what one measures changes how people act means that it would be wise for the Technical Committee to take the leadership in defining success in terms of things that are surrogates for ease of installation, ease of deployment, the number of actual deployments, and things that would truly indicate the success of OpenStack.

Let’s stop wasting time defending the Big Tent. It was done for good reasons, it had consequences. Realize what these consequences are, perceive the reality, and act accordingly.

10 ways to make Windows computers safer

These days everyone knows someone whose computer was hacked; everyone has heard of others who have been hit by ransomware, and who have suffered significant losses as a result. The losses are sometimes financial, but often they are non-monetary, like losing all family photographs, music, files, and so on.

While it is not possible to entirely prevent these kinds of things, there are some easy steps that we can all take to considerably minimize the likelihood of this kind of thing. It is however equally the case that the majority of these things also make it a little harder to use our computers, and this is by design.

The primary reason why people fall victim to these attacks is complacency, or letting one’s guard down for just a moment. The simple tips below try to prevent that by making it just a little bit harder for you do yourself harm in this way. So here are some tips that I believe we can all take to improve our computers security. I write them from the perspective of a Windows user; if you are a user of a Mac, similar things apply to you but I don’t use a Mac so I don’t know what they are. And, if you are one of those few Linux users, you are likely a nerd anyway and probably can figure this stuff out for yourself.

There used to be a time when the #1 way to make Windows computers safer was to move to a Mac. That is unfortunately not true any longer. Macs are also vulnerable to many of the exploits that we see these days.

  1. Don’t login as an Administrator user; restrict administrator privileges

One of the horrible things that Windows does on initial installation is to ask you for your name, and setup an account for you. And it makes that user an Administrator. In my experience, most home computer users regularly login using that account.

When setting up a computer, always create a user who will be an administrator, and after the computer is setup, create a regular user who is a standard user. It should look something like this when you look at the users settings.

If the account(s) that are commonly used on your computer are Administrators, do this:

  • Create a new user on your machine with a name like “MyComputerAdministratorDingDong” and make that user an Administrator.
  • Login as “MyComputerAdministratorDingDong” and change the accounts that you regularly use to be a Standard User. If this is a shared computer, this means all users become Standard Users.
  • Ensure that the password MyComputerAdministratorDingDong is long and different from your own password; and don’t tell everyone what it is.
  • Update Windows User Account Control (UAC) to be paranoid and prompt you on all changes to the computer.

What have you accomplished here?

By making all common users Standard Users, you have made it harder for exploits which typically require Administrator privilege to, well, exploit.

When someone wants to install software, make changes to your computer, and so on they will need to be the Administrator, and will need the password to the “MyComputerAdministratorDingDong” account. This does make it mildly harder to use the computer, but it is a worthwhile safeguard.

  1. Look at all the software on your machine and uninstall things that you don’t recognize

Over time, computers accumulate cruft. And if your computer wasn’t secured as described above, you are likely to find lots of cruft. Uninstall anything that you don’t recognize, or don’t use now.

What have you accomplished here?

In addition to potentially making your computer quicker, you have also removed all potentially suspicious software from your machine. Should you need one of them later, you can certainly add it back.

  1. Get yourself a good Anti-Virus software package

It is amazing that this is still something one has to list. Most ISP’s offer Anti-Virus free, download and install one. If your ISP doesn’t purchase one and install it.

Windows 8 and 10 come with Defender. In my experience they are not quite as good as commercial Anti-Virus software packages. While Defender is free, it is worth getting something else at this stage; maybe someday soon Defender will be better.

What have you accomplished here?

Anti-virus software is an essential part of your protection plan.  Make sure you have one; and Windows Defender isn’t (today) the answer.

  1. Change your WiFi password and make it something that is hard to guess, preferably obscene

This should be self-explanatory but passwords like “password”, “homewifi”, and “xfinity” are just too easy to guess! Make it something that is hard to pronounce, uses numbers and punctuation.

My preference is to make it something obscene, that way you won’t be yelling it out to people you meet.

That last thing is something I advocate for all passwords, make them words that you will not utter in public; does wonders for password security.

What have you accomplished here?

Getting on a network with other computers is one of the ways in which a bad actor could infect your computers. By making it harder to get on your network, you have added a layer of protection to your network.

  1. Only allow secure computers on your homegroup, and your home WiFi network

Most households with more than one computer likely share a homegroup and share files, music, and pictures on the homegroup.

If you are not able to secure a computer (as described above) kick that computer off your homegroup, move them to a Guest WiFi network.

So, what do I do about my internet connected TV’s, phones, and other devices which I can’t secure in this way. You could do one of two things, either get another cheap WiFi access point for those, or put them on the Guest WiFi network as well.

What have you accomplished here?

Your homegroup should be a safe space. By eliminating all potentially unsafe actors from the homegroup, you have improved the level of safety there.

  1. No matter how you read email, don’t click on links that you don’t recognize

Phishing, link highjacking, and numerous other nasty things that cause harm to your computer are caused by clicking on links. So if you receive email that includes links, buttons, and other calls to action, think before you click. Hovering over a link or a button will typically reveal what the action will be.

There is no easy way to tell someone how to recognize a fake email message; scammers are quite sophisticated these days. So just be safe and don’t click on things unless you are really sure you know what you are doing.

But, you can remember these simple tips:

  • Banks, Financial Institutions, and most legitimate businesses will address emails to you by name; not “Dear Customer”. If the email does not address you by name, it is likely bogus.
  • If you get an email saying your account has been terminated, will be terminated, has been compromised and you need to take immediate action, don’t click on the link provided. Instead find the link to login to whatever account, institution, or website and login directly. If the link is real, that’s fine, you at least know where you are going. And if it is a fake, you will realize it very quickly when you find that your account is fine!
  • If you get email saying “someone in your contact list has shared a document with you” it is a fake; services like Dropbox will tell you who shared the file with you.

What have you accomplished here?

Many exploits require you to take an action that triggers the installation of the bad software. By taking these steps, you have made it harder for this to happen.

  1. Disable automatic downloads, disable automatic showing of images

Web browsers and email clients allow you to set these privacy options. And they are well worth setting.

Search for directions for your specific browser and email client and make these changes.

What have you accomplished here?

Many exploits require you to take an action that triggers the installation of the bad software. Automatic downloads and infection buried in some image file formats are one way in which bad actors get around this. By taking the steps described here, you have made it harder for this to happen.

  1. Enable a screen-saver (with a lock and a timeout)

This is particularly important for laptops and computers in shared areas. Enable a timeout and a lock screen. When you step away from the keyboard, lock the computer (Windows Key-L). Require a password to unlock the computer.

What have you accomplished here?

An unlocked computer is an invitation for someone to meddle. A locked computer (with a good password) is significantly harder for one to damage.

  1. Disable autoplay USB

One of the most common sources of malware, viruses, and other nasty stuff is shared USB drives. Disabling autoplay along with the steps above can significantly improve the security of your machine.

If you are given a USB drive, consider the source carefully. I prefer to just say “No” and ask people to email the document(s) to me, or to put them on a shared drive like Dropbox.

What have you accomplished here?

Recently a new breed of exploits merely require someone to plug in a rogue USB stick into your machine and the malware gets automatically installed because of autoplay. By disabling autoplay, you make this harder (not impossible).

  1. Disable USB ports

And if you want to be truly sure, here’s what I do with my laptop when I travel. Reboot the machine to BIOS and disable the USB ports.

That way, when the friendly gentleman comes along and gives you a document on a USB stick, you can safely say it doesn’t work (then blame your IT department for it). If the person insists that he can fix it, you are still safe because no matter how much he jiggles the USB stick in the port, it won’t work.

On one occasion, a particularly persistent (read: pesky) individual said he knew what was wrong, that the port was disabled in the BIOS. And he went to reboot the computer to BIOS and sure enough “My IT Department” had set a password on that and damn them because I don’t know what it is.

What have you accomplished here?

Similar to the earlier step, you make it much harder for bad actors to infect your computer using the USB port as the attack vector.

As you can likely see, each of these steps will make it just a little bit harder to use, and enjoy your computer. But as the adage goes, “no pain, no gain”.

The saga of the mixed up email continues

In May 2015, I wrote about the risks of handing out your email address and making a mistake. (That post appeared on facebook at the time).

Well, it appears that the person handing out my gmail address isn’t just one person; we now have a second.

Someone handed out my email address and applied for life insurance. And the agent promptly emailed the entire application packet to me!

This time, it had a phone number so I called the guy. After explaining (what seemed like an eternity) that I had his application packet, I asked him what his email address was.

His answer “amrith something dot com”.

Oh boy!

Google-Funded Free Wi-Fi Kiosks Are Scrapping Web Browsing Because Too Many People Were Using it For Porn 

Google-Funded Free Wi-Fi Kiosks Are Scrapping Web Browsing Because Too Many People Were Using it For Porn 

Really? They can’t put simple Web filtering in place? This is lame.

Memory regained

When I resurrected this blog, I lamented the loss of history and old posts from the time when this blog was and

Well, thanks to the wonders of the internet (and help from my friend Daniel Senie) I was able to recover all of the old posts and add them back to this blog!

History going all the way back to sometime in 2009 is now back online.

VizEat, a startup that lets you dine in a local’s own home, gobbles up €3.8M 

Really? Uber for your kitchen? Will they be regulated like restaurants? 

VizEat, a startup that lets you dine in a local’s own home, gobbles up €3.8M funding

SETI has observed a “strong” signal that may originate from a Sun-like star

SETI has observed a “strong” signal that may originate from a Sun-like star

Continue reading “SETI has observed a “strong” signal that may originate from a Sun-like star”

VMware says, “We’re not dead,” updates Fusion and Workstation for free

VMware says, “We’re not dead,” updates Fusion and Workstation for free

An old blog returns

See an update to the content of this post at

This isn’t my ‘new’ blog.

This blog actually started in ~2009 (it was at that time). The page history on the “about” page indicates that it was about July 2009. For several years, it was quite active; through about 2012 when I moved it to a different hosting location and it was then called

Then, it went mostly dormant and about a year ago I shut it down. Unfortunately at that point, I didn’t bother to save the old posts and things so all of that is gone.


I use a service from and that has enabled me to go back and look at some of this history. I enabled statcounter in ~October 2009 on and the graph below shows daily traffic to the sites over time (through today).

So, in a sense this is the rebirth of an old blog. With a new URL (

Why you really should be careful when you hand out your email address

About three years ago I received an email from the large Indian Cell phone provider AIRTEL with the subject “Your airtel Bill for airtel number: 0444*******”. Now, I don’t have an AIRTEL phone number, and I figured this was odd but it looked like a real bill. I still have the email, billing period 11/4 to 10/5/2012. And that was the start of my saga.

It said my airtel ebill was protected with a unique password and all that so I couldn’t do much so I ignored it.

But I called the number and spoke with some dude. His name is also Amrith. And I told him that he must have accidentally given Airtel my email address so would he please fix it. He muttered something and hung up.

Shortly thereafter I received email from ICICI with a life insurance policy for “BEENA P”. There was some link which took me to their online site and I’d have to login and register and stuff which I didn’t have any way of doing.

Over the past three years I have received numerous emails from Airtel asking for payment on the landline which I replied to and said I wasn’t the person. Later I replied and said they should cancel the telephone line. They sent me email saying they were sorry to see me go. I called Airtel support and told them what was up and the dweeb I spoke with couldn’t figure out what to do with me so they said they’d email the customer. And yes, I got that email.

Over the years, I have canceled the phone service numerous times, it gets reactivated. I have received numerous statements for Beena’s insurance policy but now they send encrypted PDF’s with a password. The password is the first four letters of Beena’s name (BEEN) presumably and the date of birth as DDMM. OK, I’m bored but not that bored and I didn’t have the patience to try the 366 possible combinations to figure out what the right one was so I ignored it.

And each time this dipshit gives ICICI and Airtel my email address.

Today I got an email from ICICI wishing Beena P a happy birthday!

Would someone who knows someone at ICICI who has a slightly non-trivial job title please put me in touch with that person?

Oh, the PDFs which are all sitting in my GMAIL (we all know google never deletes anything) contain a policy number and all you need to create an online profile with ICICI is a policy number and a date of birth.

Waste water in your water bottle

Texas Town Turns To Treated Sewage For Drinking Water

Not a very high bar …

“He said there have been few complaints so far. A glass of the finished product, sampled at a downtown restaurant, tasted about average for West Texas.”

Web Browsing, Cookies and Privacy!

What with things like HeartBleed, keyloggers and other exploits that are possible on your machine, web browsing is inherently risk prone. When you choose to do something like “Online Banking”, you just brought these risks very close to your money. So you had things like passwords to keep you safe.

So here’s where I think Banks are going stupid, or they are being advised by imbeciles.

My bank:

  • requires me to login with my account number
  • and provide a password, which they never require me to change
  • and if they find a cookie on my machine, they log me right in!
  • and if they don’t find a cookie, I must answer three questions correctly before being allowed to login.

They are changing this as follows:

  • requires me to login with my account number
  • and provide a password, which they never require me to change
  • and if they find a cookie on my machine, they log me right in!
  • and if they don’t, they will send me an email, an SMS or a phone call and give me a one time use passcode.

In the old way of doing things, I effectively had four passwords and someone would have to compromise all four before he or she could login. And my browser deleted all cookies on exit, and only retained cookies for the session. With the new mechanism, someone who wanted to hack my account only need access to one password and either my telephone or the password to my email account.

How, pray, is this more secure?

Say no to pay-to-pitch schemes!

The dust-up yesterday in the Lean-Startup-Circle-Boston mailing list about yet another pay-to-pitch scheme is pretty distressing to me personally. I think it is unfortunate that these schemes are actually allowed to continue because they prey on the entrepreneur. Kudos to all who voiced their objections to this spam, and thanks to Abby for putting a stop to it.

I believe that pay-to-pitch schemes are a shame, and I continue to be appalled by them.

Not long ago I was a rookie entrepreneur, all wet behind the ears and looking for my first investor to fund ParElastic. And one of these “pay-to-pitch” schemes found their way into my mailbox. Naive as I was I asked for more details. Here’s part of an email I got in October 2011,

Wanted to confirm you received my previous email with the details you requested regarding the opportunity to have ParElastic recognized as one of the Top Innovators presenting to our leading group of investors at The New England Venture Summit, as well as make sure you’re aware that the first round deadline to apply is this Wednesday, October 26th. (Final deadline is November 9th).

Let me know if you’d like to submit ParElastic for a Top Innovator slot and I’ll send you the summary outline to fill out for our review.

I have also included below, an updated list of VCs confirmed to speak (more to be announced shortly).

So I sent off for the summary outline and here’s a part of the email that I got in response.

Fee to present: $1,485 (there is no fee to apply)

The deadline for company submissions is November 9th, 2011.

OK, I never pitched at NEVS 2011. I think it is a shame for people to actually attempt to gouge an entrepreneur almost $1,500 for the opportunity to pitch a bunch of potential investors. (The gall of it, to say it is $1,485, no fee to apply). I heard also of an angel group near Boston that charged entrepreneurs to have the opportunity to pitch. I swore not to pitch to such folks and I did not have to (luckily).

Many have written about the scourge of pay-to-pitch. From the Foundry Group blog, an article by Jason Mendelson, from Sajad Ghanizada’s blog, from the Driven Forward blog, from Fred Wilson’s blog,

I know the feeling of desperation at wanting to get funded and I’m thankful that there are plenty of things that one should consider first.

  1. If you, as an entrepreneur spend any money on a pay-to-pitch scheme, that is money that you don’t have available for what really matters; building a product, identifying customers, and building revenue. If you have a product, you have customers and some revenue and you wish to treat this “fee” as a cost of doing business, that’s one thing. But if you are not yet at that point, don’t waste your money on pay-to-pitch schemes.
  2. The value of an introduction to a potential investor is only as good as the person from whom the introduction comes. Build your network and get introduced to potential investors through your own network.
  3. There are many organizations in the Boston area (and the same can be said in most tech communities) that can help you much more than a pay-to-pitch scheme can. A list of some that I know of are provided below. If you know of others, please post a comment.
  4. There are any number of entrepreneur focused events in the Boston area each week, find one in a topic area that is best suited for your own interests and attend a couple. You’ll find not only a lot of fellow entrepreneurs but also many opportunities to grow your own network and meet potential investors and customers. They are also a great place to hire people to join your new enterprise.

Organizations that may be able to help you!

I’m proud to be associated with organizations like TiE Boston and in particular the TiE Challenge initiative.

Local groups like MassTLC organize an unConference (the next one is November 1st) and there are tons of opportunities for mentoring and networking. Yes, I realize that the unConference is not free but if you are a 1-3 person start-up, a $180 entry fee that gives you a one year membership to MassTLC is a whole lot more reasonable than a $1,500 entry fee for a single chance to pitch.

I have not (personally) been part of the many incubators in the Boston area but my company was for over a year a resident of Dogpatch Labs in Cambridge. Techstars  used to be in the same location as well.

There are many business plan contests in the Boston area. They are a great opportunity to pitch and all of the ones that I know of have been free. If you went to one of the many fine educational institutions in the Boston area, check whether your school has one of these. Maybe there’s a “venture forum” that is part of your business school?

I was incredibly fortunate to have been introduced to Foley Hoag LLP and I know that they have helped me and many first-time entrepreneurs in the Boston area.

My experience

My own experience has been that in the Boston area there are many very successful entrepreneurs who are willing and able to help, and they do this in many ways. And most of them participate in mentoring and angel investing as a way to give back to the community.

There are many benefits to building your own network and connecting with people through that network. Yes, I agree that it is frustrating and hard for many of us introverted engineer types to actually go out there and hang out with other people and try and make connections. And the pay-to-pitch schemes prey on this frustration and desperation.

There are many things should be much higher on your list of things to pursue, before you go fritter away good money on a pay-to-pitch scheme.


Say no to pay-to-pitch!




/* Style Definitions */
{mso-style-name:”Table Normal”;
mso-padding-alt:0in 5.4pt 0in 5.4pt;

Is this the end of NoSQL?

If it is, you read it here first!

I posted this article on my other (work related) blog.

I think the future for NoSQL isn’t as bright as a lot of pundits would have you believe. Yes, Yes, I know that MongoDB got a $1.2 billion valuation. Some other things to keep in mind.
  1. In the heyday of OODBMS, XML DB, and OLAP/MDX, there was similar hype about those technologies.
  2. Today, more and more NoSQL vendors are trying to build “SQL’isms” into their products. I often hear of people who want a product that has the scalability of NoSQL with transactions and a standard query language. Yes, we have that; it is called a horizontally scalable RDBMS!

Technologies come and technologies go but the underlying trends are worth understanding.

And the trends don’t favor NoSQL.

Ingesting data at over 1,000,000 rows/second with MySQL in Amazon’s cloud!

I just posted this article on my other (work related) blog.

Just to be clear, this was with standard MySQL, InnoDB, and with machines in Amazon’s cloud (AWS).

The data was inserted using standard SQL INSERT statements and can be queried immediately using SQL as well. All standard database stuff, no NoSQL tomfoolery going on.

This kind of high ingest rate has long been considered to be out of the reach of traditional databases; not at all true.


It turns out that not a lot of people attempt to program against the AWS REST API in C. I discovered this the hard way when I needed to do it.

You’d have thought that there would be some libraries for it; turns out that this isn’t the case.

libs3 is one but it isn’t particularly general purpose. And S3 turns out to be surprisingly unlike EC2 and other services. Also, Amazon’s own documentation is surprisingly bad.

So if you end up here because you want to interact with AWS in C, the tips below may help you.

I used libcurl; I’m sure you could do the same thing some other way …

The trick is in computing the signature of the request.

Assume that you want to execute the DescribeInstances API call.

You need to construct a signing request which must basically include an unambiguous representation of the API request. Since you may have many parameters to the API request, you must sort the parameters into alphabetical order first.

1. Construct the timestamp this way:

 411     static char * __aws_api_get_timestamp (char * buffer, int sz)
 412     {
 413         time_t t = time(NULL);
 414         struct tm * gmttime = gmtime (&t);
 416         strftime (buffer, sz, "%FT%H:%M:%SZ", gmttime);
 417         return buffer;
 418    }

2. Every signing request must have 5 AUTHPARAMS; the documentation talks about 4 but there are 5 …

Version: This is the API Version. I've used 2013-08-15
SignatureVersion: I use 2
SignatureMethod: I use HmacSHA256
Timestamp: As computed above.
AWSAccessKeyId: Your AWS Access Key

While it isn’t an AUTHPARAM, you also need the Action in a signing request. That is the API name.

3. Construct the signing request.

The signing request takes the following format.


where the four strings are (in order)

(a) The submission method (POST or GET)

(b) The endpoint

(c) The path

(d) The request URL.

So, for my DescribeInstances request, the signing request is.


Note that the method is POST.

The end point is

The path is “/”

The request with the sorted attributes starts with my AWSAccessKeyId (no, that’s not my access key …) the Action which is DescribeInstances, and the other AUTHPARAMS.

Note that the string was escaped the way a URL would be escaped; you can see that in the timestamp.

You can now compute the signature for this; I used HMAC. Once you compute the signature for the request, you base64 encode the signature.

4. Construct the Request URL

This is nothing more than the request URL in the signing request with the base64 encoded signature tacked on. Of course, there’s no requirement that in the API parameters in the final request URL be alphabetically sorted.

That’s all there is to it!

Samsung Galaxy Note 8″ now $299 at Staples

I’m not sure whether this is a mistake or not but Staples stores are selling the Samsung Galaxy Note 8″ for $299.

The Web site still has the $359 price but stores are willing to honor the price for an online order.

I just got Best Buy to match the price 😉

Experts say facebook while driving more dangerous than DUI!

From an article in the Connecticut Post, see complete article here.

Really, we need a study by experts to tell us this?

In addition to the new law in Massachusetts, here are some other tough laws about distracted driving.

New Jersey: the “Kulesh, Kubert and Bolis Law,” after three distracted-driving victims.

The bill allows prosecutors to charge drivers who kill or injure someone with vehicular cellphone or assault by auto. It makes driving while illegally using the phone “reckless” instead of “careless” driving, a necessary change to allow for vehicular homicide, a felony, to be charged.


Utah law treats driving while intoxicated with a .08 blood-alcohol level and driving while using a handheld cellphone the same.

Penalties can be as harsh as 15 years in prison.


Personal VPN How-To: PPTP

I’ve been annoyed by the fact that public internet providers are slipstreaming content, and also that accessing public internet access points is a potential security risk. I refer, for example to this earlier post on my blog. For some time now I have been muttering about a personal VPN and some months ago I setup one for myself. It has worked well and over the past several months I have occasionally tweaked it a bit to make it more useful. Others may have a similar interest so here is a simple how-to that will give you an inexpensive personal VPN.


There is a wealth of information about VPN’s and PPTP on the web. I refer you to the Wikipedia articles in particular, this one on the subject of VPN’s and this one on the subject of PPTP. A good article about another kind of VPN called OpenVPN is found here. For my purposes, I have found PPTP to be satisfactory and have resisted the urge to upgrade to OpenVPN.

Platform choice

I implemented my VPN solution two ways. The first was using my home Ubuntu machine as the VPN server. The second was using an instance in the Amazon EC2 cloud. I will describe below the mechanism for implementing a VPN in the EC2 cloud and provide a small addendum on how you could do this with a server at home.


Price per hour of t1.micro (click on picture for larger image)

If you run the VPN the way I suggest, on a micro instance in Amazon’s EC2 cloud, the cost is very low. I run my instances as spot priced instances and invariably a t1.micro at spot price is less than a penny an hour.

Here is the price graph for some months, I’ve carefully cut the data for the last couple of days off because the power outages in the Amazon us-east AZ caused the price to jump to a dollar and that makes the graph less attractive 😉 Seriously, that is an aberration, my VPN server is setup with a price cap of $0.02 per hour and it died when then price shot up. I restarted it manually at the standard price when that happened.

In addition, depending on how much data you send over the VPN, you will also be assessed a charge for data transfer. I have found that to be minimal. Since I run my VPN on my personal Amazon account (we also use EC2 for work), I get the benefit of the Free tier for the first year and the VPN hasn’t exceeded the free tier usage at any time.

Of course, if you run the VPN on a server in your house, you don’t have to worry about these costs; all you have to ensure is that you can reach the VPN server from any place. More about that later.

The How-To

Step 1: Launch EC2 instance to customize VPN AMI

I launched an EC2 instance based on the stock 12.04 LTS AMI provided by Amazon. A t1.micro instance is more than sufficient for this purpose. If you are using some other cloud provider or are planning to do this on a machine at home, get yourself access to a machine that has some recent flavor of Ubuntu or Linux and to which you have root access.

If you are doing this in Amazon, you must first setup the security group for this instance, before you launch the instance. Skip forward to step 6 in this how-to and setup a security group as described there and launch your EC2 instance using that security group.

Step 2: Install and configure the VPN Software

sudo apt-get update
sudo apt-get install pptpd

The configuration itself is quite straightforward.

First you need to identify the range of IP addresses that will be used by your VPN. This includes the IP address that your VPN Gateway will use, and the IP addresses for the hosts that connect to the VPN Gateway. For a variety of reasons, I chose to set my VPN Gateway at and the IP Addresses it gave out at This setting is in/etc/pptpd.conf, edit using your favorite text editor, remember you must be root to do this.


Your PPTP Server will hand out IP Addresses and DNS settings to clients. It is a good idea to set DNS Server settings in the PPTP Server so that clients can do name resolution. This is done in /etc/ppp/pptpd-options, edit using your favorite text editor, remember you must be root to do this.


I chose to specify above that the PPTP Server should hand out the addresses of the Google public DNS Servers and the Amazon public DNS Server. You can use any servers you want.

Finally, configure the PPTP Server with login credentials. You can setup as many users as you want on the PPTP Server, I chose to setup three. For simplicity, let me call them user01, user02 and user03. I use a random password generation script to make up the passwords, something similar to the one described here.

User name and password are stored in the file /etc/ppp/chap-secrets. Edit it with a text editor and add lines line these into it, one per user that you wish to setup.


So, I added the following three lines:

user01 pptpd osvCylQX *
user02 pptpd TIRUssa3 *
user03 pptpd nJ6ljIBf *

Using this handy little script

echo "user01 pptpd osvCylQX *" | sudo tee -a /etc/ppp/chap-secrets
echo "user02 pptpd TIRUssa3 *" | sudo tee -a /etc/ppp/chap-secrets
echo "user03 pptpd nJ6ljIBf *" | sudo tee -a /etc/ppp/chap-secrets

At this point, your PPTP Server is mostly ready to go. Just a couple of more things to take care of.

Step 3: Enable IP Forwarding and NAT

IP Forwarding is not enabled by default on Ubuntu. You can do that by editing /etc/sysctl.conf and then updating the system. Uncomment this line in /etc/sysctl.conf:


and update system configuration

sudo sysctl -p

Update /etc/rc.local and add the following two lines to make NAT work properly. Update the interface name to suit; I used eth0, you may have to use something else.

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

Step 4: Making your server accessible remotely.

If you are using a server in the cloud, or if you are using a home machine, there is a chance that it’s public IP address will change from time to time. For example, your server in EC2 may be restarted, your home ISP may reassign your IP Address etc., I use a Dynamic DNS system to make my servers always accessible. Personally, I have had good luck with the DDNS service provided by Dyn. Even if you choose to use their free trial to begin with, if you use your VPN at all, you will have no problem spending the $20 per year for this very good service.

sudo aptitude install ddclient

Most of the configuration you need will be done during the installation but just to be sure, go and look at the file /etc/ddclient.conf.

You can use the handy-dandy configurator at Dyn to get the right incantations.

My /etc/ddclient.conf file has the following in it.

## ddclient configuration file
# check every 3600 seconds
# log update msgs to syslog
mail-failure=<my email address> # Mail failed updates to user
# record PID in file.
## Detect IP with our CheckIP server
use=web,, web-skip='IP Address'
## DynDNS username and password here
login=<dyn user name>
password='<dyn password>'
## Default options
## Dynamic DNS hosts

Step 5: Restart the PPTP server

This is the final step to get the things all up and running.

sudo service pptpd restart

And you should be up and running!

Step 6:Setting up your firewall for remote access.

Irrespective of whether you are using an Amazon EC2 instance of a machine in your own house, you will likely need to tweak your firewall to make things work correctly. Amazon calls the firewall a security group, configure it to allow incoming connections on TCP Ports 1723 (and 22 for SSH). I also open ICMP so I can ping it to make sure it is responsive. On Amazon I also tend to leave all ports open for loopback.

TCP 22 (SSH)
TCP 0-65535 (this security group)
TCP 1723 (PPTP)
UDP 0-65536 (this security group)

Note regarding in-home setup: You can ignore the last two for your in-home configuration. Depending on the router of network access device you have, you may have to setup port forwarding rules. See the documentation for your router/access point for details.


First, attempt to ping your server from a client machine. Shown here from my Windows PC.


Pinging [] with 32 bytes of data:
Reply from bytes=32 time=23ms TTL=46
Reply from bytes=32 time=23ms TTL=46

Ping statistics for
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 23ms, Average = 23ms

As you can see, my Dynamic DNS entry has worked and the name resolution is working correctly.

Then attempt to connect to the VPN. On Windows and Android this is relatively straightforward.I had a little trouble with Ubuntu. My Ubuntu machine is running 10.04 LTS, note that machines running versions of Ubuntu prior to 10.04 require additional configuration before you can make PPTP work properly.

Note for Ubuntu Users:

You may find that your VPN works properly from Windows and Android (for example) but it doesn’t work on Ubuntu. This is what happened for me.

You need to perform one additional configuration step on Ubuntu clients and that is to add a line into the chap-secrets file.

Here is what I have in my /etc/ppp/chap-secrets file on one of my Ubuntu client machines.

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
user01 pptpd osvCylQX *

It is basically the same line as you used in step 2 above.

With this line, connection from Ubuntu was effortless.

Finalizing your configuration

The setup above will come up automatically when the machine is restarted, it will automatically register with Dynamic DNS and should work well for you. For users of Amazon EC2, one final step remains.

Step 7: Make an image of your VPN Server

Use either the GUI or the ec2- CLI and make yourself an AMI. Then you can setup a script that will launch a persistent spot request for a t1.micro server using that AMI.

Once you make an AMI, shutdown the VPN server you created above and launch your AMI, I use this script.


ec2-request-spot-instances -t t1.micro ami-<id goes here> --price 0.02 --instance-count 1 -r persistent -k my-ec2-keypair -g vpn-security-group

As you can see, I launch a t1.micro instance and am willing to pay no more than 0.02 (2 cents) per hour and I want this request to be persistent. It has worked well for me.

Common problems

1. Some sites don’t work, others do.

I used to have this problem and tracked it down to an issue with packet sizing. You should not have this problem if you correctly followed step 3 above. The two commands for iptables (the second in particular) was something I added to fix this problem.

2. Problems connecting from Ubuntu.

I used to have this problem and the “Note for Ubuntu Users” in the Testing section was the response. If you are using Ubuntu prior to 10.04, you will need to follow the additional instructions here. It would be much easier if you upgraded 😉

3. After rebooting my VPN, I cannot access it OR

4. From time to time I am unable to access my VPN.

The first thing to do is to make sure that you are able to ping your VPN server. If you configured your firewall the way I proposed above, you should be able to do this. Use the same name that you are providing to your VPN connection. If you are unable to ping the server, you know to start looking outside your VPN server, if you are able to ping your VPN server, attempt to SSH to it and make sure you are able to connect to it. This latter step is important because you want to make sure that you are in-fact pingingyour VPN server, not one that happens to be responding to the name you provided.

If you are able to SSH to the VPN server but not connect to it using a VPN client, it is time to start looking at the log files from the VPN server (/var/log/syslog) and troubleshooting your configuration.

I’ve generally found that if the initial AMI you setup works well, it is easiest to just restart the VPN server and go from there.

%d bloggers like this: