Cloud detente founder and CEO Tim Prendergast wondered on Twitter why other cloud service providers aren’t taking marketing advantage of the Xen vulnerability that lead Amazon and Rackspace to reboot a large number of cloud instances over a few-day period. Digital Ocean, Azure, and Google Compute Engine all use other hypervisors, so isn’t this an opportunity for them to brag about their security? Amazon is the clear market leader, so pointing out this vulnerability is a great differentiator.

Except that it isn’t. It’s a matter of chance that Xen is The hypervisor facing an apparently serious and soon-to-be-public exploit. Next week it could be Mircosoft’s Hyper-V. Imagine the PR nightmare if Microsoft bragged about how much more secure Azure is only to see a major exploit strike Hyper-V next week. It would be even worse if the exploit was active in the wild before patches could be applied.

“Choose us because of this Xen issue” is the cloud service provider equivalent of an airline running a “don’t fly those guys, they just had a plane crash” ad campaign. Just because your competition was unlucky this time, there’s no guarantee that you won’t be the lower next time.

I’m all for companies touting legitimate security features. Amazon’s handling of this incident seems pretty good, and I think they generally do a good job of giving users the ability to secure their environment. That doesn’t mean someone can’t come along and do it better. If there’s anything 2014 has taught us, it’s that we have a long road ahead of us when it comes to the security of computing.

It’s to the credit of Amazon’s competition that they’ve remained silent. It shows a great degree of professionalism. Digital Ocean’s Chief Technology Evangelist John Edgar had the best explanation for the silence: “because we’re not assholes mostly.”

FAQs are not the place to vent

I’ve spent a lot of my professional life explaining technical concepts to not-necessarily-very-technical people. Most of the time (but sadly not all of it), it’s because the person doesn’t need to fully understand the technology, they just need to know enough to effectively do their job. I understand how frustrating it can be to answer what seems like an obvious question, and how the frustration compounds when the question is repeated. That’s why we maintain FAQ pages, so we can give a consistently friendly answer to a question.

You can imagine my dismay when my friend Andy shared an FAQ entry he found recently. A quantum chemistry application’s FAQ page includes this question: “How do I choose the number of processors/How do I setup my parallel calculation?” It’s a very reasonable question to ask. Unfortunately, the site answers it thusly: “By asking this question, you demonstrate your lack of basic understanding of how parallel machines work and how parallelism is implemented in Quantum ESPRESSO. Please go back to the previous point.”

The previous question is similar and has an answer of of “See Section 3 of the User Guide for an introduction to how parallelism is implemented in Quantum ESPRESSO”. Now that’s a pretty good answer. Depending on the depth of information in Section 3, it might be possible to answer the question directly on the FAQ page with an excerpt, but at least pointing the visitor to the information is a good step.

I don’t understand getting frustrated with a repeated FAQ. If the answers are so similar, copy and paste them. Or combine the questions. FAQs, user guides, and the like are great because you can compose them in a detached manner and edit them to make sure they’re correct, approachable, and not jerkish. FAQs are an opportunity to prevent frustration, not to express it.

Who’s competing with whom?

In Sunday’s Lafayette Journal & Courier, the USA Today section included an article by Matt Krantz comparing Microsoft and Apple. He treats the two companies as arch rivals, comparing them to the Cola War participants and to the longstanding animosity between fans of Ford and Chevy pickups. And he wasn’t wrong 20 years ago, but he is now. The OS wars are, if not entirely over, at least in a state of permanent cease-fire. Microsoft has very clearly won in volume; Apple turns a handsome profit. With the move toward a browser-based world, the OS on desktops and laptops is becoming increasingly irrelevant to mainstream consumers.

Indeed, the desktop and laptop are becoming less relevant (though not irrelevant, despite the slower sales in recent years). Over half of Apple’s Q3 2014 revenue came from iPhone sales. Macs (and the attendant Mac OS X) were a mere 15% of revenue. Apple could completely abandon the PC market tomorrow and still be fine. They’re clearly in the mobile device (and services) business today. Sure, Microsoft has a mobile offering. I’ve used a recent Windows Phone and it was pretty nice. But Microsoft is competing with Apple in the mobile space the same way that Apple is competing with Microsoft in the desktop OS space. As a hint, it’s the same way that this blog competes with Ars Technica.

If Apple is a mobile company, then who are they competing with? The obvious answer is Google. While Google doesn’t really do devices, they control the Android ecosystem (although the degree of control is debatable). Steve Jobs was willing to declare “thermonuclear war” on Android. I’m not aware of him harboring a similar hatred for the Windows Mobile devices that existed many years before.

I mentioned this on Twitter, and Krantz argued that Google is an ad company, whereas Apple and Microsoft are “technology companies”. The distinction is lost on me. Technology is such a broad term that it is effectively meaningless. And while Google may derive most of its revenue from advertising, it’s only capable of generating that revenue because of the technology it produces and acquires.

There’s just not much meaningful competition between Apple and Microsoft these days. Both of these companies compete with Google, but in different spaces. The recently-announced partnership between Apple and IBM may bring Apple back into competition with Microsoft, but that remains to be seen.

So what are the lessons here? First: just because a guy has a money column in USA Today, that doesn’t mean he understands the technology (overly-broad term used intentionally) industry. Second: just because you were once bitter rivals with a company (or a person), you may not stay that way forever. Third: it is very important to be aware of who is in the space you want to be in so you can do it better than they do.


American Broadcasting Companies v. Aereo

The Internet is abuzz with discussion in the wake of today’s ruling in American Broadcasting Companies v. Aereo, but I can’t let it go by without offering my own opinion. As a “cord cutter” who lives an hour away from most of the over-the-air broadcasters, I have a personal interest in an Aereo-like service. I’d much rather pay $8/month to receive local television broadcasts over the Internet than to pay to install and maintain an aerial antenna. So it was with much dismay (but little surprise) that I read that the Supreme Court ruled 6-3 against Aereo.

I won’t presume to say that I know the law better than six justices of the nation’s highest court. Indeed, I’m not convinced that the ruling is incorrect from a legal standpoint. It’s certainly true, as the majority held, that Congress acted in 1976 to prevent the retransmission of broadcasts by community antenna TV (CATV) systems. Aereo, according to the majority, is similar to the old CATV systems. The fact that the underlying technology is substantially different from CATV (particularly in that there’s a 1:1 correspondence between receiver and customer as opposed to the one-to-many of CATV) is irrelevant, only the customer-facing experience matters.

As Justice Scalia noted in his dissent, that’s a lousy argument. I’ll grant that Aereo was slavishly devoted to the strict letter of the law (a less generous description is “exploiting the hell out of loopholes”), but the technical implementation matters. Aereo subscribers have their own antenna (ephemerally-assigned, as I understand it) and their recordings are stored in their own account. It’s not much of a leap (except in the cost) to provide an antenna and run a coaxial cable directly from the antenna to the customer’s television. At that point, it would be very difficult to argue that the service provider is “performing”, even by the ludicrously broad definition in the 1976 update to the Copyright Act.

Even if the Court’s ruling today is technically correct for this specific case, I worry about the impact it will have on technological advances in general. While the majority took care to say that “those who act as owners or possessors of the relevant product”, you have to imagine that some enterprising entertainment lawyer is looking to step up the attack on services like Slingbox. Just as rulings against Napster, Grokster, and others have failed to end file sharing, consumers will still be able to find content they want online. It’s just a matter of whether or not the creators and distributors get paid for it. The content industry has shown to be remarkably out of tune with the consumer, and the Aereo ruling only delays the inevitable.

Of course, Aereo isn’t exactly being forced to shutter. They can stay in business by paying retransmission fees to the broadcasters (assuming such an option is economically viable for them). This is probably the outcome that would make the broadcasters happiest. The real money these days is in retransmission fees, not advertising, so broadening the viewer base without broadening the pool of people paying for content they’re entitled to (by virtue of living within the broadcast range of the station) isn’t nearly as lucrative. Alternately, if Aereo provided a specific antenna to each user (such that the user owned the antenna and Aereo just housed it), that might be sufficient to meet the conditions established in today’s ruling.

It’s unlikely that Aereo will do anything but shut down. Aereo’s CEO has said “there is no plan B”. While the Court’s ruling today may have been correct, it is wrong.

Mario Marathon 7 begins today

Can you believe it’s been a year already? The Mario Marathon returns at 11 AM Eastern, once again raising money for Child’s Play Charity. The previous six Mario Marathons (plus a Zelda Marathon) have raised over $400,000 from donors around the globe. This weekend is your chance to support a worthy cause. You can donate through the widget on your right or directly at I hope to see you around. I’ll be on the stream from 6 PM Sunday until 6 AM Monday.

Introducing redacted horoscopes

On Sunday,  I was sitting down with the newspaper. The crossword puzzle was proving to be more of a challenge than I particularly cared to tackle. My eyes wandered to the horoscopes. I started redacting words and realized that they became funny. Channeling my inner Yossarian, I ran my pen through the rest.

The horoscopes were short enough to tweet, so I did. They got a good reception, and I decided this should be A Thing [tm]. Thus, a new Twitter account (@RedactedHoros) and finally some content in the fun & games section. Redacted Horoscopes
will update most Sundays and also on the occasional weekday.

If you never test it, it doesn’t exist

Did you hear the one about the Texas couple who spent seven years paying for an alarm system that never worked? It’s easy to blame the vendor (especially since it’s Comcast) since 1) the system was not correctly installed and 2) when the homeowner noticed, the customer support agent said the system hadn’t reported in since 2007. Certainly Comcast shoulders a lot of the blame. After some pressure, they agreed to refund the full seven years worth of payments. However, the Leeson family is responsible as well. In seven years of paying for an alarm system, they apparently never tested it themselves.

A service that is never tested does not exist. If you don’t test it when you don’t need it, you can’t count on it being available when you do. It’s why emergency managers test outdoor warning sirens. It’s why hospitals test their generators. It’s why sysadmins test their backups. So here’s my challenge to you, dear reader: think about systems you rely on and test them — before you need them.

New entry in the Forecast Discussion Hall of Fame

You have probably already seen an early-morning AFD from Juneau making the rounds on the Internet. The forecaster compares selecting a model to speed dating. Although the bulk of the humor is in the first paragraph, the theme persists through the rest. Certainly this is a cultural touchstone worthy of enshrining in the Forecast Discussion Hall of Fame.

Hands-on with the Roku Streaming Stick

Two years ago, my wife and I decided that we didn’t really watch enough TV to justify a cable subscription. With a baby in the house, we tended to have the music channels on more than anything else. A Pandora subscription (that I already had) was more than a suitable replacement and Netflix could provide enough video to keep us entertained. So I bought a Boxee Box and we cut the cord. The Boxee Box was more expensive than other options, but it had the ability to stream from local media, which I thought would be a critical feature. As it turns out, we never used that.

It wasn’t too long after we bought the Boxee Box that Boxee decided to go in a different direction. The Boxee continued to work, but no more updates were coming. This meant not getting Netflix profiles. It meant that some streaming websites (particularly ESPN) no longer worked in the browser. And as I discovered at the beginning of baseball season, it meant no more

That was the last straw. Since Roku had recently released their streaming stick, I decided to order one. At $50, it was far less than I had paid for the Boxee Box, and it supported everything we used on Boxee, plus additional content. I was pretty excited when I set it up. The excitement didn’t last long. I apparently got a lemon. Fortunately, the Roku technical support folks were helpful, and I had a replacement unit sent. The replacement has worked well for the last two weeks.

There was no particular reason I went for the streaming stick over other form factors. My TV can’t provide power directly, so I still have to plug it in to the wall. But it was cheap and relatively novel, so I figured “why not?” The streaming stick is a little under-powered; it takes considerably longer for Netflix to load than the Boxee Box did. It also lacks the QWERTY keyboard that was an excellent (albeit un-lit) feature of the Boxee Box’s remote. However, that’s the sum of my dislikes.

Roku has a large variety of apps, but unlike the Boxee, they aren’t all pre-installed. That means you only have to wade through the apps you want to use. Unlike Boxee’s apps, there are more than two that we use on the Roku. PBS and PBS Kids were immediate additions, as was NASA TV (my daughter is really into space right now). Weather Underground’s app is nice, when we bother to use it. The Pandora and Netflix apps work quite well. And, of course, allows me to get my fix of Orioles baseball. Since we got the Roku, the Boxee Box has remained off. This means no more loud fan noises, no more sudden jumps in Netflix volume, and no more having to manually shut it off when the shutdown menu doesn’t work. Clearly the Roku streaming stick was the right decision.

The right way to do release notes

Forever ago (in Internet time), the developer(s?) of Pocket Casts released an update with some really humorous release notes:

Release notes for Pocket Casts 3.6.

As I do, I got thinking about how I felt about it. While my initial reaction was to be amused, I quickly turned to finding it unhelpful. In fact, most apps have awful release notes. My least favorite phrase, which seems to appear in the release notes of every updated app on my phone, is “and bug fixes.”

Despite the title of this post, there’s no one right way to write release notes. The “right” way depends on what you’re releasing, for one. In a Linux distribution like Fedora, release notes could be composed of the release notes for every component package. However, that would be monumentally unwieldy. Even the Fedora Technical Notes — which report only the changed packages, not the notes for those packages — is not likely to be ready by too many people. The Release Notes are a condensed view, which highlight prominent features. The Release Announcement is even further condensed, and is useful for media and public announcements. This hierarchy is a good example of the importance of the audience.

I’ve seen arguments that release notes are unnecessary if the source code repository is accessible. Who needs release notes when you can just look at the commit log? This is a pretty lousy argument. A single change may be composed of many commits and a single commit may represent multiple changes (though it shouldn’t). Not to mention that commit messages are often poorly written. I’ve made far too many of those myself. Even if the commit log is a beautiful representation of what happened, it’s a lot to ask a consumer of your software to scour every commit since the last release.

My preference for release notes includes, in no particular order, a list of new features, bugs fixed, and known issues. The HTCondor team does a particularly good job in that regard. One thing I’d add to their release notes is an explicit listing of the subsystem(s) affected for each point. The exact format doesn’t particularly matter. All I’m looking for is an explanation as to why I should or should not care about a particular release. And “fixed some bugs” doesn’t tell me that.