October 15, 2007

When good security goes bad

My new job with StubHub came with a host of excellent benefits, including a shiny, new 401K with Charles Schwab. Schwab is generally known as a good, stable company with a strong online presence, so I was shocked by what arrived in the mail today. About a week after signing up for my 401K, I received a letter from Schwab titled “Confirmation of Personal Identification Number Change,” and right below the subject line is the password I had chosen for the website! To make matters worse, the letter came in an envelope from Charles Schwab labeled “Personal and Confidential,” ie. “STEAL ME.”

This letter got me thinking about all the supposedly strong security mechanisms employed by various online companies that I deal with that just make matters worse. The schwabplan.com PIN # confirmation is just one example. I used one of my common passwords expecting Schwab would treat it with the utmost care. To me, this would mean storing it in an encrypted, non-human readable form. Ideally, the password itself would not be stored at all. Instead, a hash of the password would be stored, and any time I entered my password, the hash of what I entered would be compared to the stored hash. This would protect my password from unscrupulous Schwab insiders, since statistics show that approximately 70% of security breaches occur from the inside. (read more…)

          Comments (5)

October 4, 2007

Hannah Montana is my new best friend!

Two months ago, I had no idea who Hannah Montana was. My daughter is too young, thankfully, to care about Hannah and my nieces had not yet introduced me to the phenom. Now, she is my best friend. I love her! she rocks!

I should probably admit that I still really don’t have any idea who she is, and have never heard her music. The reason for my new found respect for Hannah is that two months ago, I changed my day job. I am now running technical operations for www.stubhub.com, a subsidiary of eBay.

If you’ve never heard of StubHub, click the banner on the left. StubHub is the leading secondary marketplace for concerts, sports events, and theater. If you want tickets to the World Series, the Super Bowl, or a sold-out concert, there is no better place than StubHub. And right now, Hannah Montana and Baseball Playoffs are the hot tickets.

People are going nuts for Hannah. As I write this, floor seats in Oakland, right in front of the stage are going for $1,500. There is also a luxury box with 20 tickets for over $11,000! This is the gotta have, must see, take me PLEEEAAASSSEEE!!!!! concert of the year. I love it!

I joined StubHub because it is truly my kind of company. First, it is a company with a solid foundation in the bricks-and-mortar world. People have been “scalping” tickets for a long time. By creating a neutral online marketplace, and backing it up with solid logistics and world class customer service, StubHub became the dominant player in the secondary ticket market. Second, it is a company that values its technology and its technologists. As such, it is a great place for an IT guy to work. Lastly, it is growing exponentially. The opportunity to design and build a highly-scalable, highly-available technical architecture was one I could not pass up.

Conceptually, I also love the free-market approach to ticket sales. StubHub does not take inventory of the tickets. We offer a secure place where fans can buy and sell tickets, and let the free market, not the ticket promoters set the market price. Hannah is a great example. The news is full of articles this week on parents complaining of being “gouged” by the ticket brokers. The Attorney General of Arkansas is investigating! What the people crying about the price seem to forget is the old laws of supply and demand. If they weren’t so desperate for the tickets, the price would fall.

I’ve neglected the blog lately, trying to get up to speed with the new gig. In the coming months, I have a bunch of articles planned based on the scalability challenges I am now facing. They should be worth the wait. In the mean time, visit StubHub, buy some tickets and go see Hannah. Let me know how you like the show.

PS> If you simply must see Hannah (in other words, you have a daughter), follow the StubHub advice for buying Hannah tickets. It may save you some money.

          Comments (0)

June 5, 2007

It’s Still the Latency, Stupid…pt.2

Buy this book!In part 1 of this series, I established the problem latency can cause in high speed networks. What one reader correctly referred to as “big long pipes.” To summarize, in large bandwidth networks that span long distances, network latency becomes the bottleneck that retards performance. The reason for this the impact of network delays on TCP windowing. In part, 2 I will discuss what to do about it.

Dealing with latency can be tricky business. The methods used to mitigate the impact of distance depends on many factors including the services being accessed, the protocols being used, and the amount of money you want to spend. What works for a home user does not work for a multi-national corporation. In general, there are 4 approaches one can take to deal with latency:

  1. Tweak the host TCP settings
  2. Change the protocol
  3. Move the service closer to the user
  4. Use a network accelerator

The first and least effective method is to tweak the TCP settings on your hosts. I say least effective for several reasons: It is hard to determine the correct TCP window size; not all operating systems support the RFC 1323 extensions; you may not have control of all the hosts; available bandwidth may change due to network congestion. Most importantly, some time sensitive applications such as VOIP will still exhibit problems in high latent networks, even if you tweak TCP. Still, if you are a home user on a big long pipe, this is the only option for you. Changing TCP is OS specific. Slaptijack.com has an excellent series on TCP tuning operating systems. Below are links to his specific guides as well as other sources: (read more…)

          Comments (18)

May 31, 2007

It’s Still the Latency, Stupid…pt.1

Buy This Book!One concept that continues to elude many IT managers is the impact of latency on network design. 11 years ago, Stuart Cheshire wrote a detailed analysis on the difference between bandwidth and latency ISP links. Over a decade later, his writings are still relevant. Latency, not bandwidth, is often the key to network speed (or lack thereof).

I was reminded of Cheshire’s article and the underlying principles recently when working on an international WAN design. What Cheshire noted was that light signals pass through fibre optics at roughly 66% of the speed of light, or 200*10^6 m/s. Regardless of the equipment or protocols you use, your data cannot exceed that theoretical limit. This limit equals the delay between when a packet is sent, and when it is received, aka latency.

In the US, we tend to focus on bandwidth and carrier technology when ordering circuits, completely ignoring latency. For instance, when choosing between cable and DSL for your house do you ever ask the carrier for its latency SLA? Maybe you should. Using a cable connection a ping to www.google.com in Mountain View, CA from my house (137 KM) yields an average ping time (aka round-trip time or RTT) of 73ms. The theoretical latency for this distance (round trip) is 1.37ms meaning my cable connection is roughly 50 times worse than the theoretical limit. No surprise that Comcast focuses on bandwidth and not latency in its marketing. (read more…)

          Comments (50)

May 30, 2007

500GB/Month of bandwidth. How fast is that, really?

Gimmee Bandwidth Bumper StickerRecently, I was evaluating ISP’s for my hosting requirements. If you take a gander at 1-and-1, or most of the providers on the Personal Colocation site (and almost every other hosting provider in the world) they apportion your bandwidth in GB per month. Exactly what does this mean to people that are more familiar with buying bandwidth by the circuit? Exactly how much bandwidth is 500GB/Month? Is that equivalent to T1 internet (DS1 or E1 for you euros?) (read more…)

          Comments (5)

March 7, 2007

Microsoft Releases Updated Mobile DST Fix

Microsoft has released an updated daylight saving time fix for Windows Mobile. Nice of them to wait until 5 days before the change! I am recommending everyone use the official patch found here: http://www.microsoft.com/windowsmobile/daylightsaving/default.mspx, but I will leave my unoffical patch online.

I’m noticing a trend that many vendors are releasing last minute patches to fix DST issues with their 1st round of patches. If you have patched your systems already, I HIGHLY recommend you recheck with all your vendors to make sure they haven’t released an update. Good luck to all for this weekend.

-Bill

          Comments (2)

February 10, 2007

Cingular BlackJack For Free!!!

Amazon is now selling the BlackJack for FREE!!!CLICK HERE. Amazon changes its specials frequently, so I would not expect this deal to last. As we’ve discussed, this is a great phone.

With a 100% rebate, how can you lose? Order today.

          Comments Off on Cingular BlackJack For Free!!!

January 15, 2007

Daylight Saving Time – Windows Mobile Fix

Daylight Saving TimeAs discussed here, the Daylight Saving Time change for 2007 is going to cause problems for unpatched technologies. Most vendors, including Microsoft, have released patches. One big area that is lacking is Windows Mobile smartphones & PDAs. Microsoft release a registry fix and instructed the carriers to push out a patch. Most of the carriers, in their infinite wisdom, have neglected to do so. If you rely on your Windows smartphone, you need this fix. Microsoft published the registry fix here. This fix requires you to build a CAB file and then install it. To save you the trouble, I have bundled the CAB file for you:

Microsoft Windows Mobile Daylight Saving Time Patch

You can either download the CAB file directly to your cell phone, or download to your PC, copy it via activesync to your phone, and then run it. (read more…)

          Comments (87)

January 11, 2007

Daylight Saving Time – The Year 2007 Problem

Daylight Saving TimeThis March, Daylight Saving Time (DST) changes for the United States, starting the time change 4 weeks early. Congress in its infinite wisdom changed DST in the Energy Policy Act of 2005. Other countries such as Australia have followed suit. For most people, this will come as an early relief from winter doldrums, but for IT, the DST change is a major headache. After Year 2000, IT vendors were smart enough to start using 4-digit date codes, but DST changes are still hard-coded for the 1st Sunday of April and the last Sunday of October.

To accommodate the DST change, most IT systems must be patched. Otherwise, timestamps will be off, and some applications my fail to work. For instance, if you synchronize your Windows Smartphone with Microsoft Exchange, and you want your calendar reminders to work, plan on applying patches or fixes to Windows XP, Windows 2003, Exchange 2003 & Windows Mobile. Otherwise, you may be late for that all-important TPS meeting. (read more…)

          Comments (34)

December 11, 2006

e-Tipping – How To Keep Your Favorite Blogger Blogging

100.jpgWriting a blog is hard work! Having spent the past four months working on this site, and scanning the blogosphere looking for useful articles, I’m convinced that most bloggers do not get enough credit for the incredible information they provide. One of the stated goals for edgeblog is to provide useful, original content as a way of giving something back to the Internet community, rather than just linking to content found elsewhere. Creating new content every week is a tough job, but we welcome the challenge.

With that said, I want to actively promote the concept of e-Tipping. e-Tipping is a way to pay the blogger back for the hard work they have put into their blog, similar to leaving a tip at a restaurant. There are several ways to leave an “e-Tip”:

  1. Click the ads!!! – Most blogs these days have ads. If you like the article you just read, visit the site’s sponsors. The blogger will make, on average, about $.05 per click…not much of a tip, but it adds up when a lot of people are reading your blog. UPDATE 06/01/2007: It is against Google’s terms and conditions to directly ask people to click your ad links. I respect Google and their terms, and would not want to circumvent their business model. Most Google ads are contextually related to the blog article. So, if you find an article valuable, take the time to look at the ads. If you are interested in any of the products, by all means click the ad, but please do not click ads soley for the purpose of driving up click revenue for the blogger.
  2. Donate – Many blogs offer paypal links. If you find the articles especially useful, make a small cash donation. This is often the best way to support a blogger if you want him to provide you with specific additional information.
  3. Leave a Comment – Blogging can be a lonely business. Comments show you care. They also make articles seem more relevant to the next reader.
  4. Digg/Slashdot/Link the article – Bloggers want traffic. The more the better. Also, Google ads pay for page views, as well as clicks. Help the blogger promote their site, and they will continue to create great content.
  5. Read the rest of the blog – Chances are you found the blog from a link aggregator. If you find the article useful, click out to the parent site, and scan some of the other articles. You’ll probably find other articles of interest, worthy of your time and e-Tips. (read more…)
          Comments (10)
« Previous Page« Previous entries « Previous Page · Next Page » Next entries »Next Page »