Very often I have a hard time explaining to people not very familiar with distributed systems how hard it is to provide consistency guarantees in face of node failures and network partitions.
Today I read an emails posted to Riak users list that gives good examples on why this is a non-trivial problem:
http://lists.basho.com/pipermail/riak-users_lists.basho.com/2012-January/007157.html
Definitely worth reading if you're into distributed systems.
Monday, January 16, 2012
Wednesday, December 28, 2011
The parable of the sadhu
Yesterday I read this Harvard Business Review called "The parable of the sadhu", by Bowen McCoy.
This is a very popular HBR article where the author faces a moral dilemma in Nepal. When climbing the mountains, his group finds an Indian holy man - a sadhu - lying on the ice, suffering from hypothermia. The dilemma between taking or not care of the man and their own needs ends when they give him some aid and comfort, but carry and leave him close to a hut, not knowing for sure whether he makes to the hut and, for that matter, if he lived after that.
The discussion that comes up after that is what is limit of their responsibility in a situation like that.
PS: Photo from Flickr (Creative Commons).
This is a very popular HBR article where the author faces a moral dilemma in Nepal. When climbing the mountains, his group finds an Indian holy man - a sadhu - lying on the ice, suffering from hypothermia. The dilemma between taking or not care of the man and their own needs ends when they give him some aid and comfort, but carry and leave him close to a hut, not knowing for sure whether he makes to the hut and, for that matter, if he lived after that.
And after analyzing the situation, the author understand that..."'Where, in your opinion', I asked, 'is the limit of our responsibility in a situation like this? We had our own well-being to worry about.'"
"One of our problems was that as a group we had no process for developing a consensus. We had no sense of purpose or plan. […] Because the group did not have a set of preconditions that could guide its action to an acceptable resolution, we reacted instinctively as individuals. […] We had no leader with whom we could all identify and in whose purpose we believed."I don't to give away the entire article, but I must quote these paragraphs that summarize the lesson:
It is interesting to analyze our own corporations and if we provide the foundation for a corporate culture, if any. Do we encourage freedom of inquiry? Do we support personal values? Do we have a focused sense of direction? Oftentimes I think that "the individual is lost" in many corporate environments, like the author says above. And this is harmful to the company."Individuals who operate from a thoughtful set of personal values provide the foundation for a corporate culture. A corporate tradition that encourages freedom of inquiry, supports personal values, and reinforces a focused sense of direction can fulfill the need to combine individuality with the prosperity and success of the group. Without such corporate support, the individual is lost.""That is the lesson of the sadhu. In a complex corporate situation, the individual requires and deserves the support of the group. When people cannot find such support in their organizations, they don't know how to act. If such support is forthcoming, a person has a stake in the success of the group and can add much to the process of establishing and maintaining a corporate culture. Management's challenge is to be sensitive to individual needs, to shape them, and to direct and focus them for the benefit of the group as a whole."
PS: Photo from Flickr (Creative Commons).
Java: how can a 1Gbit/s attack keep up to 100K i7 CPUs busy?
This is a hash table vulnerability found in many web application platforms, like PHP, ASP.NET, Ruby, and Java (but not only Java). In one of the cases, 1Gbit/s can keep up to 1 million CPUs busy!
Microsoft has already posted an advisory on this issue. The video has more information about other platforms.
The video below was published today and contains more details on the vulnerability. It is quite interesting, especially if you're into security.
And here you can find a blog post with more details on the talk:
http://cryptanalysis.eu/blog/2011/12/28/effective-dos-attacks-against-web-application-plattforms-hashdos/Monday, December 19, 2011
StackOverflow clone with RavenDB
Today I watched the video below on how to build a StackOverflow with RavenDB. This was my first video on a document store database, and it was amazing to show show interesting and easy it is to use it for a site like StackOverflow.
I was surprised to know that RavenDB supports transactions and by its integration with Linq. Although it's a .NET solution only and requires a commercial license if you're not working on an open source project, it was good to start learning the benefits of a document store.
It also supports full text search, which is implemented under the hood using Lucene.NET.
If you're interested in getting your StackOverflow running, do the following:
The original post by the presenter can be found here.
I was surprised to know that RavenDB supports transactions and by its integration with Linq. Although it's a .NET solution only and requires a commercial license if you're not working on an open source project, it was good to start learning the benefits of a document store.
It also supports full text search, which is implemented under the hood using Lucene.NET.
If you're interested in getting your StackOverflow running, do the following:
- Download RavenDB from RavenDB website
- Extract RavenDB into a directory and run Server\Raven.Server.exe
- Download RavenOverflow from its GitHub repository
- Extract RavenOverflow in a directory and open RavenOverflow.sln in Visual Studio
- Right-click on "RavenOverflow.Web" and click on "Set as StartUp Project"
- Hit F5 in Visual Studio
Friday, December 09, 2011
DNS domain names: 253 or 255 bytes/octets?
The question of whether DNS domain names are 253 or 255 is something that is hard to find a good confirmation on, but I hope to be able to provide the answer here in this post.
Let's start taking a look at some RFCs:
So it seems that the domain names should be up to 255 octets, right? That is not what Wikipedia says:
There is even a long discussion on Wikipedia about the right value here.
And even an RFC mentions 253 octets:
Then you start playing with Microsoft DNS or BIND, and tools on both Windows and Linux and see some interesting behaviors. For instance, nslookup on Windows times out when domain name is 255 characters against a BIND server. The version on Linux, however, you get an explicit error for anything longer than 253 characters (ASCII, hence 253 octets):
host <255-char domain name>
<255-char domain name> is not a legal name (ran out of space)
The answer lies actually in the good old RFC 1035 - thanks to a colleague for finding this definitive answer:
The answer is that, over the wire, the domain name uses 255 octets. The first one is used to indicate the length, and there's a last byte that is a terminator. So what is left for the actual domain name is 253 octets - which can represent different numbers of characters depending on your domain.
Let's start taking a look at some RFCs:
- "Host software MUST handle host names of up to 63 characters and SHOULD handle host names of up to 255 characters." http://www.ietf.org/rfc/rfc1123.txt
- "To simplify implementations, the total length of a domain name (i.e., label octets and label length octets) is restricted to 255 octets or less." http://www.ietf.org/rfc/rfc1035.txt
- "A full domain name is limited to 255 octets (including the separators)." http://tools.ietf.org/rfc/rfc2181.txt
So it seems that the domain names should be up to 255 octets, right? That is not what Wikipedia says:
- "The full domain name may not exceed a total length of 253 characters" http://en.wikipedia.org/wiki/Domain_name
There is even a long discussion on Wikipedia about the right value here.
And even an RFC mentions 253 octets:
- "When the result of macro expansion is used in a domain name query, if the expanded domain name exceeds 253 characters (the maximum length of a domain name) [...]" http://www.ietf.org/rfc/rfc4408.txt
Then you start playing with Microsoft DNS or BIND, and tools on both Windows and Linux and see some interesting behaviors. For instance, nslookup on Windows times out when domain name is 255 characters against a BIND server. The version on Linux, however, you get an explicit error for anything longer than 253 characters (ASCII, hence 253 octets):
host <255-char domain name>
<255-char domain name> is not a legal name (ran out of space)
The answer lies actually in the good old RFC 1035 - thanks to a colleague for finding this definitive answer:
- "Each label is represented as a one octet length field followed by that number of octets. Since every domain name ends with the null label of the root, a domain name is terminated by a length byte of zero." http://www.ietf.org/rfc/rfc1035.txt
The answer is that, over the wire, the domain name uses 255 octets. The first one is used to indicate the length, and there's a last byte that is a terminator. So what is left for the actual domain name is 253 octets - which can represent different numbers of characters depending on your domain.
Sunday, December 04, 2011
Microsoft Visual Studio Tips and Tricks
As I am trying to become more productive using Visual Studio - even after some months at Microsoft, I still think I am more productive with Eclipse, I came across this good TechEd talk on Channel 9 on tips and tricks that taught me a bunch of nice things about Visual Studio:
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2011/DEV305
I hope it helps you too.
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2011/DEV305
I hope it helps you too.
Saturday, December 03, 2011
Visual Studio add-ins for pasting XML
I compiled and installed a couple of Visual Studio add-ins
that I thought quite useful for those dealing with XML, in particular pasting them into VS.
SmartPaster 2010
In my case, I had to paste a long XML from my API document and did not want to escape everything.
o Binary
version did not load in Visual Studio 2010 64-bit (exception was thrown), so I recompiled it and it worked just fine.
Paste XML as Type
This add-in is really cool for REST APIs. You
copy a XML (like from our MSDN documentation) and it paste it as a serializable
type. All classes are automatically generated.
It was included in Microsoft WCF REST Starter Kit Preview
2: http://aspnet.codeplex.com/releases/view/24644
o It
doesn’t have a binary version, so I compiled this add-in and made it available
too
Sunday, November 20, 2011
Silverlight, cross-domain issues, and self-signed certificates
I've been meaning to post this for quite sometime now as I haven't seen others with exactly the same issue.
First, some context: when running a Silverlight application, it has some special security measures in place to avoid Cross-Site Request Forgery (CSRF). By default, Silverlight only allows site-of-origin communication - for instance, "http://blog.sacaluta.com/test.aspx" will be able to access "http://blog.sacaluta.com/myservice.svc", but not "http://www.example.com". In order to allow more than site-of-origin communication, a service owner must have a clientaccesspolicy.xml file in the root configuring which domains are allowed to access that service. If you're interested, this is explained in greater detail on this MSDN site.
The issue I ran into is that I had a Silverlight application and also a service, both running locally. My service had a proper clientaccesspolicy.xml configured to allow access from anywhere. And still my Silverlight would fail with the message:
"An error occurred while trying to make a request to URI 'https://MYDOMAIN/MYSERVICE.svc'. This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for SOAP services. You may need to contact the owner of the service to publish a cross-domain policy file and to ensure it allows SOAP-related HTTP headers to be sent. This error may also be caused by using internal types in the web service proxy without using the InternalsVisibleToAttribute attribute. Please see the inner exception for more details. ---> System.Security.SecurityException ---> System.Security.SecurityException: Security error..."
After debugging the issue further, the problem was that my service had only a secure endpoint (SSL) and its certificate was self-signed (or did not match the domain, can't remember now). In that case, my Silverlight application would not download the service's clientaccesspolicy.xml and therefore declined access to it. Since I was running code within another larger application that I did not have control of, I did not investigate further whether one can configure to allow self-signed or mismatched certificates to be accepted during development. (In case you know if these are possible, please let me know!)
How did I get it solved? If you're running in Internet Explorer:
Simple trick, and effective. I'd love to know if other browsers work the same. By the way, this was tested in Internet Explorer 9.
The issue I ran into is that I had a Silverlight application and also a service, both running locally. My service had a proper clientaccesspolicy.xml configured to allow access from anywhere. And still my Silverlight would fail with the message:
"An error occurred while trying to make a request to URI 'https://MYDOMAIN/MYSERVICE.svc'. This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for SOAP services. You may need to contact the owner of the service to publish a cross-domain policy file and to ensure it allows SOAP-related HTTP headers to be sent. This error may also be caused by using internal types in the web service proxy without using the InternalsVisibleToAttribute attribute. Please see the inner exception for more details. ---> System.Security.SecurityException ---> System.Security.SecurityException: Security error..."
After debugging the issue further, the problem was that my service had only a secure endpoint (SSL) and its certificate was self-signed (or did not match the domain, can't remember now). In that case, my Silverlight application would not download the service's clientaccesspolicy.xml and therefore declined access to it. Since I was running code within another larger application that I did not have control of, I did not investigate further whether one can configure to allow self-signed or mismatched certificates to be accepted during development. (In case you know if these are possible, please let me know!)
How did I get it solved? If you're running in Internet Explorer:
- Before loading your Silverlight application, first access the clientaccesspolicy.xml file. IE will alert about being self-signed or mismatched cert, but you can opt to proceed with it.
- In the same tab, access then your Silverlight application. It will be able to access your clientaccesspolicy.xml at that point, and the call will go through.
Simple trick, and effective. I'd love to know if other browsers work the same. By the way, this was tested in Internet Explorer 9.
ReadyNas, WebDav, and "Method Not Allowed"
I have a ReadyNas Duo network-attached storage, which I access via WebDAV only due to some permission conflicts if I use different protocols to write files to it. Given that Windows does not support WebDav properly in my case, I installed a WebDav client called BitKinex. I configured it to point to my share and guess what: "HTTP: Method Not Allowed (/)" error. This is the dialog:
The problem is that BitKinex, by default, points to the root of your server. In ReadyNas case, it has different shares, and you must point to the right share to get it fixed. In order to do that, right click on the WebDav connection and select "Properties". Go to "Site Map" and update "/" with your share name (in my case, "/documents").
Then it works fine.
The problem is that BitKinex, by default, points to the root of your server. In ReadyNas case, it has different shares, and you must point to the right share to get it fixed. In order to do that, right click on the WebDav connection and select "Properties". Go to "Site Map" and update "/" with your share name (in my case, "/documents").
Then it works fine.
Subscribe to:
Posts (Atom)