MTA’s Fail Whale

Apparently the Fail Whale in tech is a disease lately. The latest obvious occurrence has been New York’s MTA with their MetroCard vending machines. I noticed on Monday walking into the station, the lines in front of the vending machines were insanely long (normally 2 people max, now 15+) and presumed just a large group of tourists. Then saw it when I got off at my stop (hmm… two stations overloaded with customers? Strange). This morning it was less but still crowded (I guess some people gave up), and learned the problem myself. Apparently they can’t process credit cards lately.

Many New Yorkers purchase an $81 30-Day Unlimited Ride MetroCard,a s opposed to putting a fixed amount on a card. I suspect many do not carry $81 cash on them because we are a society that uses credit cards for convenience. So those people just pulled a couple dollars out of their wallet and bought a regular fare card with the intent to come back later. At $2.00 a fare this could provide a nice bump for the MTA, who I might add is cash strapped and looking to raise the fees after just cutting the bonuses from 20-15%.

Now regarding that bonus cut, that creates a whole new can of worms. For those who don’t know: if you purchase more than $7, you get a bonus. 20% always leaves a nice even number. 15% on the other hand leaves you with spare change. Leaving room for things like the MetroCard Bonus Calculator. What a mess. You could always put a few dollars on the card to clean it up, but then you loose the 15% bonus on that money. Over time that adds up. I’m sure many people just throw away the cards with change on it, but I find that somewhat silly.

Twitter seemed to survive the Chino Hills earthquake, so the MTA wins the Fail Whale award for today.

Zimbra Desktop

Yahoo owned Zimbra released the latest Zimbra Desktop today. At a glance it seems pretty nice. Essentially Yahoo Mail running on Mozilla Prism. It does seem somewhat of a large download for what it is. But maybe they still have some fat to trim. What is now Firefox was pretty hefty when it first split from Mozilla App Suite. It takes time. The installer is also very slow. I see it has jetty, so looks like there’s a Java backend.

It supports any POP3 or IMAP account similar to Thunderbird, with options for Gmail and Yahoo Plus in the wizard (for those who don’t know what type of email account those are).

My general impression is pretty neat, but the UI needs work. It often has scroll bars to view the contents of a window (just like a webpage). This is normal in a browser, but just feels strange in what is designed to be like a client side application. Even setup has this problem.

So far I still think Thunderbird and Apple Mail provide a better desktop experience. But Zimbra’s the new kid on the block, so I wouldn’t underestimate it. It is Open Source. It will be interesting to see who contributes to it.

If anyone else tried it, I’m curious to know what you thought of it.

Firefox Tablet

TechCrunch popped the idea of creating a Web tablet based on Linux and Firefox. The idea is interesting and something I wanted to pick apart (and reassemble) a bit. It’s a novel idea and I’m very interested in watching it. Success or failure, I think important things will be learned in the industry of open source hardware. Here’s how it’s described:

The machine is as thin as possible, runs low end hardware and has a single button for powering it on and off, headphone jacks, a built in camera for video, low end speakers, and a microphone. It will have Wifi, maybe one USB port, a built in battery, half a Gigabyte of RAM, a 4-Gigabyte solid state hard drive. Data input is primarily through an iPhone-like touch screen keyboard. It runs on linux and Firefox. It would be great to have it be built entirely on open source hardware, but including Skype for VOIP and video calls may be a nice touch, too.

Overall it’s pretty sound though a few things jump out at me.

  • Battery LifeThe screen for something like this looks like it will be a decent size (9-12″), meaning it will need a decent battery. Getting a slim and light enough battery with enough battery life to allow for WiFi browsing (since that’s what the device is dedicated to) could be difficult. Your going to need more than an iPhone battery. I suspect under 4hrs will never go. 6-8 for any real adoption.
  • Resolution – If it doesn’t hit 1024×768 it’s going to have a tough time being popular. That’s pretty much the standard most sites are made for.
  • RAM – 512MB should be enough for a product that’s just a web browser / VoIP terminal, but if it left the ability to add up to 1GB (even if no easy access door) it may do better in terms of getting adoption.
  • PC Card – The major criticism of the MacBook Air was the lack of a PC Card slot for a wireless card. You know that will be a case here. This could be tricky.
  • Durability – Gadgets tend to last 2-4 years. We’ll go with 2 for the sake of this discussion. The front is a giant screen. It’s shaped like a book. Many people will want to carry it ina backpack or other bag containing other items. The iPhone is somewhat unique for using glass rather than plastic. The iPhone is tough as nails. If this screen gets scratched easily, it’s going to become a crappy experience overnight. If glass isn’t an affordable option, perhaps a low cost alternative is to make a cheap and easily replaceable plastic cover. So if it gets scratched up beyond the users threshold they can order another cover and just replace it.
  • Software – I agree with the slim idea, but this runs into the same issues as Apple had with the iPhone. Web Apps don’t always cut it. The ability to hit the OS should be there (at your own risk) with an easy way to restore your device to factory condition (perhaps by connecting to the desktop and running some application). I know I’d like an SSH client (openSSH will be fine). Pidgin perhaps? Skype would be cool too. Easily hackable would be a major plus. Especially considering the nature of the early adopters.
  • Stand – A stand with a built in USB hub and charger would be a very good accessory (keep cost of actual tablet low). It could be designed like a monitor so when you put the tablet in place, you can have a keyboard in front of it… and use it as a terminal with mouse/keyboard. Or just use the touch screen by tilting it back. All while it charges.

The ability to adopt some or all of these ideas needs to take into account price. But these are what I think will likely gauge it’s success or failure, assuming it reaches the market. The benchmark is the iPhone, love it or hate it. Being as user friendly, flexible, and durable is important. Taking advantage of the form factor, and a reasonable price is what will set it apart.

What will we call it? The best name I can think of is the Firefox Tablet, but that will take a round of discussions with Mozilla.

With the modifications to Firefox, that’s not likely. Get ready for IceWeasel Tablet.

Now that I gave my $0.02, I’d be curious to know what others think of the idea.

Amazon S3 Outage

The buzz around the web today was the outage of Amazon’s S3. It shows what websites are “doing it right”, and who fails. This is a great follow up to my “Reliability On The Grid” post the other day.

Amazon S3 is cloud based computing. Essentially when you send them a file using their REST or SOAP interface Amazon stores it on multiple nodes in their infrastructure. This provides redundancy and security (in case a data center catches fire for example). Because of this design it’s often though that cloud based computing is invincible to problems. This is hardly the fact. Just like any large system, it’s complicated and full of hazards. It takes only a small software glitch, or an unaccounted for issue to cause the entire thing to grind to a halt. More complexity = more things that can fail.

Amazon S3 is popular because it’s cheap and easy to scale. It’s pay-per-use based on bandwidth, disk storage, and requests. Because that allows for websites to grow without having to make a large infrastructure investment, it’s popular for “Web 2.0” companies trying to keep their budgets tight. Notably sites like Twitter, WordPress.com, SmugMug and Amazon.com themselves all use Amazon S3 to host things like images.

Many sites, notably Twitter, and SmugMug didn’t have a good day today. WordPress.com and Amazon.com operated like normal. The obvious reason for this is WordPress.com and Amazon.com are much better in terms of infrastructure and design.

WordPress.com uses S3, but proxies that with Varnish. There’s a brief description here, and a more detailed breakdown here. According to Barry Abrahamson, WordPress.com does 1500 image requests per second across and 80-100 are served through S3. They have (slower) back up’s in house for when S3 is down and can failover if S3 has a problem. This means they can leverage S3 to their advantage, but aren’t down because of S3. Using Varnish allows them to keep the S3 bill down by using their own bandwidth (likely cheaper since they are a large site and can get better rates on bandwidth). This also and lets them have this have a good level of redundancy. Awesome job.

Amazon.com uses S3 themselves. If you look at images on the site, they are actually served from g-ecx.images-amazon.com. Which is actually:

g-ecx.images-amazon.com. 38     IN      CNAME   ant.mii.instacontent.net.

instacontent.net is actually part of Mirror Image, a CDN. This is essentially outsourcing what WordPress.com is doing in terms of caching. It’s similar to Akamai’s services. A CDN’s biggest advantage is lowering latency by using servers closer to the customer, which are generally going to feel faster. The other benefit is that they cache content for when the origin is having problems. Because Amazon has a layer on top of S3, they have an added level of protection and remained up and images loaded.

Twitter serves most images such as avatars right off of S3. This means when S3 went down, there were thousands of dead images on their pages. No caching, not even a CNAME in place. Image hosting is the least of their concerns. Keeping the service up and running is their #1 concern right now. The service was still usable, just ugly. Many users take advantage of third party clients anyway.

Using a CDN or having the infrastructure in house is obviously more expensive (it makes S3 more of a luxury than a cost savings measure), but it means your not depending on one third party for your uptime.

Jared Lives

Jared - Butcherer Of SongsI didn’t even realize that this is still around. Back in the mid 90’s Jared was iconic for Mac users, distributed through the crazy folks at Freeverse. Apparently they kept it going for a decade. There’s a Mac OS X version, a Dashboard widget, and even a new iPhone Application.

That brought back some memories. The iPhone’s CPU even underclocked to 412Mhz is way faster than the PPC 603e @ 75MHz I used when I first damaged my ear drums listening to Jared. And that was a full desktop.

To see something this silly last so long is funny itself. I hope Jared has a job that’s not in the music industry. I wonder if he served as insporation for William Hung?

Bonus: You can find the lyrics, english translation, and a brief history of the song Luna de Xelajú on wikipedia!

Sesame Street Fun

The Internet Is For Porn - Cookie Monster

In my opinion, this is the best parody of Avenue Q’s “The Internet is For Porn”. Using Cookie Monster and Prairie Dawn is awesome (not to mention Prairie Dawn is a one of the more obscure characters).

If you find this stuff amusing, here’s Bert and Ernie tries Gangsta-Rap, Bert and Ernie – Ernie I’m horny and Bert and Ernie – Where the f*** are by gag balls.

Warning: All of the above have either foul language, or suggestive content and shouldn’t be played in an office environment without headphones, or by those too young to listen (you know who you are).

Unobstructed HTTPS

There’s an interesting discussion on Slashdot about SSL certificates. It brings up two valid points:

  1. Invalid certificates, while providing a secure mechanism between the client/server are extremely annoying to use in Firefox 3 for many people because of the multi-step process. Previously it was just a warning dialog.
  2. There are no free SSL certificates that are really “usable” (not throwing up warnings in a many browsers). CAcert.org has likely gotten the most inclusion, but it’s barely anywhere.

Certificates not signed by a trusted certificate authority (CA) give up a warning because of the idea that a certificate authority verifies the certificate belongs to the person whose name is on the certificate. This concept was busted a while back as CA’s started doing “domain validation” to offer lower prices. To “remedy” this, they created EV SSL. EV SSL requires more background checking, but at a higher cost. This means there are three tiers of SSL:

  1. Untrusted/Self Signed – Free – The user is strongly discouraged from visiting a site with one of these. Indicates the technologically the channel is secure only.
  2. Signed By CA – Variable Pricing – The user is told this is secure.
  3. EV SSL – Expensive – The user is told these sites are super awesomely amazing and can cure cancer.

Essentially EV SSL is nothing more than a scheme to charge more. EV SSL is supposed to do what a signed certificate should have been doing all along. By 2012 I’d bet there will be a SEV SSL(Super Extended Validation Certificate). Maybe that would require a DNA and fingerprints to prove identity.

The Problem

It’s 2008 (actually more than half way through it). I still can’t use a secure https connection without either throwing up an error to users (who are always confused by it), or paying a fee? It seems right to me it should be free to use https without any barrier for a technical level of security.

Why is “trust” bound so tightly to encryption? Why can’t a medium be encrypted without being trusted? The technology shouldn’t be tied the way it is to the business side of things.

Trust should be bound to encryption, but encryption should not be bound to trust. Trust is the “needy” individual in this relationship. Encryption is strong and confident. At least it should be…

A modest proposal

I propose that browsers should allow for self signed certificates to be used without any dialog, interstitial or other obstruction provided they are properly formed and not expired. The user interface should indicate that the channel is encrypted and communication is unlikely to be intercepted between the user and the server. It should note if there is any change (just like SSH notifies the user if the signature is changed between sessions). Other than that it should be transparent.

SSL certificates and EV SSL certificates should indicate in the user interface the the site being browsed is not only encrypted, but trusted by a third party the browser trusts. These are suitable for ecommerce, banking etc.

This would allow for things like intranets and other places where encryption is desired, paying for a CA to verify identity is overkill, and “domain verification” is just pointless.

Trust should be bound to encryption. Encryption shouldn’t be bound to trust. Encryption shouldn’t require verification. Encryption should be self-serve.

I’d be curious to know what others thought of the issue.

Reliability On The Grid

There’s been a lot of discussion lately (in particular NYTimes, Data Center Knowledge) regarding both reliability of web applications which users are becoming more and more reliant on, as well as the security of such applications. It’s a pretty interesting topic considering there are so many things that ultimately have an impact on these two metrics. I call them metrics since that’s what they really are.

Continue reading