July 15, 2014

Ditch Agile, Go With Common Sense

I am so sick of "Agile" I could puke. Agile "methods" and "processes" are often used as a bludgeon to enforce the great speedup, doing more, faster, with fewer resources. I see estimations forced into the PM or manager's demanded hard deadline, hours getting longer because of wasted time in meetings, and "rapid" deployment of garbage code that needs to be rolled back because no integration testing was done (eliminating QA does that to you.)

Here's a new proposal: Use the Common Sense™ Method. In this method:
1) The user requirements are gathered (user, not marketing) and set down
2) Which requirements to include in that version are decided by a small group of technical professionals
3) Application or changes are designed (roughly) by an architect or senior programmer
4) Requirements get split up along functional lines among the participating teams
5) A common api/interface between the parts is documented by the architect. Operability and scalability issues are addressed first in this phase
6) Teams take a guess on how long it will take to come up with a first pass.
7) The architect applies a Murphy factor and communicates the result to management as the likely alpha release date
8) The coding starts, with progress checks with the architect and teammates, and unit tests for each section. People keep track of their tasks with simple to do lists, like adults.
9) The lower order, foundational stuff is done before the bells and whistles, and is handed off to an independent QA group.
10) Each group addresses the bugs found in its previous commits before coding new stuff. Maintenance and bug fixes (tech debt) is addressed before new features (and bugs) are added.
11) Alpha is tested and released as a beta, along with solicitation of comments from users.
12) The next major iteration is planned with the feedback from the users and stakeholders

This glosses over a lot of the daily iterative development concepts, like "code, compile, test, repeat until it works and is complete." (seriously, this should be a mantra for programmers, completely aside from any methodologies and processes.

Most "Agile" methods these days are used as another method for command and control micromanagement by multiple levels of manager. Seriously, at one place I worked had a Product Manager, a Program Manager, a Scrum Master, a Group Manager and a Team Lead to preside over four (4!) individual contributors. What a steaming pile of horseshit.

If your company has gone whole hog for "Agile", complete with removing your privacy to "encourage collaboration", sell your stock. They will go the way of the dodo within 2 to 5 years, and be a hell hole to work in in the meantime.

Go with pragmatism and common sense. Do iterative development while listening to your users and fixing your tech debt. You will outlast the fad followers who go with Cargo Cult Agile and Management by Guru.

Posted by ljl at 09:40 AM | Comments (0)

How To ***REALLY*** Advocate for the Customer

I occasionally see job ads for "customer advocates" or "customer evangelists". They all turn out to be sales and marketing, that is, advocating or evangelizing stuff to the would-be user.

That is so ass-backwards that it makes me foam at the mouth.

A truly useful and inspiring product is something that people seek out, that before it came along is something people say "I wish there was a way I could..." and when they discover it they often are ecstatic with delight.

Anything else has to be sold, often with lots of expensive propaganda.

So, what then should a user advocate do, especially in an established company with an established product line?

Certainly not marketing. There's a whole department for that already, with slick ads and all.

A true "user advocate" works for the customer. This means that they listen to the users, feel their pain, understand their needs and use cases, and then bring those pains, needs and uses back to the business as requirements!! They are the people who yell on internal mailing lists when your stuff breaks and screws up the customer's day. They are the ones who file bug after bug because your redesign served 95% of your users, but screwed the hell out of the 5% power users who bring the other 95% to the product or use 95% of the product (I'm looking at you, Microsoft "ribbon".)

But no one hires for this. They all look for slavish yes-men who will work within the guru driven flavor of the week to churn out poorly designed, half-assed software on short deadlines (the Agile fallacy) and compete bitterly with each other for a few crumbs in the stack-ranked corporate hunger games.

So, why don't companies want real user advocates? Don't they want to delight their users with products that do things for them? Or is their real customer a schlock advertiser who tries to sell them more useless stuff, crap diets, dubious supplements, or sleazy sex? Even then, most advertisers aren't happy either.

A real user advocate needs to be willing to dig in and become an actual power user of the product. They need to hang out on the user forums and support groups, but not "taking calls" and be measured by issues "resolved" per hour. They need to go to trade shows, job fairs, and other places that users congregate, then ask questions about pain points and wishes and listen to the answers. But only marketing even tries to do this, and they are too busy talking about the product to listen to the users!

So, to paraphrase TRON, who fights for the users? Will your company hire someone to do this, and give them the power and influence to accomplish it? Or will you let a bunch of "evangelists" who have no listening skills tell you what they think the users want? Which product will be better in the long run?

Posted by ljl at 09:32 AM | Comments (0)

June 08, 2014

Do's and Don'ts for Startup Operations

I've been at several mid-sized companies, post-startup acquisitions, or startups trying to grow and scale. All of them have had issues that could be prevented by thinking big while starting small. If you think about what your system will look like at hundreds of servers, you quickly realize that setting things up right to start with will save you effort if and when you grow and scale.

Here are the first 20 of these recommendations that I have come up with:

  1. Set up all production servers on UTC time. This will save you grief in your logging around daylight savings and multiple colos. You won't ever wonder what logs coincide with what time in different locations.

  2. Have a sane and enforced naming scheme. Do this for hostnames, data center naming scheme, and clustering. Do not start hosts foo1, foo2, ... foo10, foo11. Try foo001-sfo, foo002-sfo, ..., foo010-sfo, foo011-sfo. Then you can add foo001-aws... or foo001-nyc? Then later you won't have sorting issues, or have to rename hundreds of servers. Remember, if you want to grow, you need to think of management by many.

  3. Separate prod and non-prod. Keep your development and testing out of prod. Then no one will run an unauthorized test on your early adopters (the people whose trust and recommendations you need.) The idea is that production should be stable and solid, and only well tested code should go there.

  4. Plan for redundancy and graceful failover from the start. Make developers build it in to the software. Your customers will have fewer things to complain about down the road. From their viewpoint, any failover or server glitch should be invisible.

  5. Cluster for scalability and expansion. Even if you only have 5 servers now, plan for 500. If your venture goes well, you won't have to redesign your server farm every 6 months. This also means thinking about load and database sharing. Plan for load balancing and firewalling from the start. After all, your goal isn't hundreds of users, it's millions. You need to be able to recover quickly from a slashdotting.

  6. Start with reproducible system builds. Use kickstart, configuration management, putting system configs into source control, documenting system setup per class of server. No special snowflakes. Someone should be able to rebuild your entire stack from documentation and your source code repo.

  7. Set up your files and filesystems sanely. Don't pile all your stuff in one directory, and expect it to scale. Partition your hosts, whether you use LVM or hard partitions, even if you use RAID. Don't let your software write lots of little files. Plan for growth in your data and applications.

  8. Set up with an eye to having multiple DCs or POPs worldwide. Plan to be able to expand your data centers or cloud installations. If you do cloud, use a strategy that allows for multiple hosting firms, multiple stacks, and rapid failover between regions. That way you aren't dependent on some other company's business plan for your success.

  9. No SPOFs No single point of failure, either machine or, more importantly, people. If you have people whose death would severely damage your company, they are your Achilles heel. Document or die, and protect your data. One person told me of the startup that he and another guy were doing that died when his partner was killed in an accident - his partner kept all of his technical "secret sauce" in his head.

  10. Don't put your crown jewels in the public cloud. Keep your corporate LDAP, source code repository, personnel data, company wikis, bug tracking, etc on site, under your close control. Don't be an easy mark for hacking and theft of your intellectual property. Sure, it's convenient and cheap, but when you are a small company, you don't have a lot of time and cash for lawsuits when your stuff gets stolen.

  11. Monetize early, even if you plan to be acquired. A company with a realistic solid path to profit has much more negotiating leverage and value. Note: The ad supported model is not as lucrative as you think. Plus, advertisers sometimes demand control over content.

  12. Don't allow 'quick' spaghetti coding! Don't let overworked developers throwing half-assed bits of code at the wall customer to see what sticks. No cowboys. Don't "build fast, fix later". Later never comes, mistakes can cost you customer confidence early when it counts most, and the mess is still embedded in your code years later. Don't do "agile" fallacies. Write it right to start with, and grow with a solid foundation.

  13. Test, test, test!! Anything that has customer data, test the hell out of it for security vulnerabilities and unwanted behavior. Being agile, doing rapid development is not an excuse for lack of quality and refusal to test. Invest in a test/QA group early, and don't make it subordinate to development.

  14. Build your application stacks wide, not deep. Don't build them one to one, one to many, but many to many. Be able to separate and recombine application layers as needed. The flexibility means you can operate small to large. Keep like with like, but be able to split out intensive pieces onto specialized hardware.

  15. Plan for big data handling while you're still small. Don't envision hundreds or thousands of users, but millions. Plan how you will store, back up, protect and analyze that data. It should not be an afterthought, but an asset.

  16. If you use open source, plan to give back improvements and bug fixes. It helps attract talent and pays back the community that made your company possible. Don't be like some big companies that run on 90% open source, but forbid their employees to contribute bug fixes and infrastructure tools.

  17. Use best practices in both development and operations Write sensible logs, to sensible locations - system level logs to /var/log, application logs to /application/directory/log. Don't write logs to /tmp. Make your logs rotatable by logrotate - no need for hand pruning or roll-your-own scripts. Don't re-implement standard Linux utilities with "custom" local tools that do half as much and are buggy as hell. "Not invented here" is the wrong way to do operations. Your secret sauce should be your application, not your proprietary packaging and deployment system. Unless your business is writing tools and utilities, don't re-implement what's already out there.

  18. Code smart software. Build monitoring, alerting and performance metrics into your application stack from the start. Expose performance times either by log, snmp, or scoreboard. Don't make it so you have to run in debug mode to get metrics. Your software should tell you how it's doing.

  19. Plan to be able to deploy and roll back rapidly to clusters at scale. If it takes you 4 hours at 20 servers, how long will it take at 2000 servers? Modularize, separate and package. You should be able to deploy to just one part, adjust config, and go, then roll it back just as fast. Might take longer to design and code, but preventing outages is actually important when you're small. When you get larger this plus good automated testing makes CI/CD possible. Plan for it from the start.

  20. Make developers carry pagers. They built it, they need to maintain and fix it. They should be called for on-call escalation. Operations is the HW and OS layer. Developers should start out shadowing Ops for a week before they write a line of code.

There are more discrete examples of many of these. I'll be writing those up in subsequent entries, along with some contributions from other seasoned veterans who've seen the mess that lack of planning and understanding this stuff can make.

Posted by ljl at 06:38 PM | Comments (0)

August 09, 2013

More Cloud Fallacy

Check out Your Ninja 10X Rockstar Developer is Force-Feeding Bacon to Your Lean Startup

Specifically see the diatribe on why you should "outsource" everything but your core competency, specifically:

...so they outsourced, for example, to Amazon Web Services (server + network administration).

BZZZZT!!! Wrong!! You do not escape "server + network administration".

All you escape is buying, racking and maintaining the hardware and the infrastructure.

  • You still have to administer each virtual instance,
  • you still have to load your application on every instance, and
  • you still have to monitor the function and performance of each instance.
If you don't, then you are not ready for prime time, because you are neither redundant, fault tolerant, or even aware of what is happening with your own stuff!

These idiots think that the cloud is a magical "plug and play" device that they just have to spin up an instance and it will configure, administer and monitor itself. That's just bullshit.

If they expect the developers to administer their infrastructure and production systems, then they are wasting developer time and expertise. Very few developers have clues about systems and network admin.

A good systems/network administrator will save even the "lean" startup a fortune in headache, lost productivity, downtime and client ill will. Just the simple act of having intelligent deployment and monitoring can possibly save your company from embarrassment or even failure.

Don't neglect it. Also, don't expect a Windows admin to effectively run a pile of Linux instances along with keeping your desktops virus free. Very few know how. Hire a real sysadmin.

Posted by ljl at 03:51 PM | Comments (0)

May 30, 2012

When The Only Tool You're Allowed...

I keep getting pitches for "Agile" this and "Agile" that. It's baloney. When the only tool you allowed is a hammer, and that hammer is pitched as the golden solution to all your problems, you are in serious trouble when it comes to installing screws or putting on nuts, nevermind polishing your work. When the only workflow a company will allow it's people to use is "agile" development, even in non-development arenas, you are just a slave to a management guru who sold you a bill of goods and your company will sink.

You can't do sales in an agile framework - some contacts and contracts take months to develop, and don't fit on a sprint and scrum cycle. You can't run HR or accounting as an "agile" development group - they are steady state, not change driven. Their whole goal is to maintain a steady strem of work, keeping the company on an even keel.

If you put your operations team in with your developers on the development cycle, you will constantly have nothing but crap on your systems, and your customers will vanish about as fast as your operations people. They will constantly be fixing the crap that got broken in your developers' "agile" rush to produce, with inadequate testing, because development will be under pressure in your little "scrum" to slap code on it and move on to the next "sprint", with inadequate testing or thought. And the goals for operations people will look like development, and that will fail, when your operations group needs to make sure things change little, in a controlled, considered and safe manner - the opposite of "agile" development which is synonymous with "constant churn" development.

"Agile" is not a one size fits all tool, and many of the things associated with it are detrimental to serious, intensive programming - daily meetings, constant interruptions, task switching - all of which contribute to crap code and a crap work environment. Breaking down tasks into small steps? Good. Trying to "have 9 women make a baby in a month" - 5 people do in a day what one person does in a week? Bad. Letting programmers get in "the zone"? Good. Strapping a bunch of meetings into their workday? Bad. Cross-functional teams? Good. Letting the wrong side of the team/task drive? Bad.

I find "Agile" is just as overhyped and full of baloney as the whole "Cloud" hype. It's just another way to let trainers and gurus make money out of making the working stiff's life suck anew. I know lots of managers who say it's "great" (just like the emperor's new clothes), but not many who have to live under it who like it.

Posted by ljl at 06:55 PM | Comments (0)

July 20, 2011

Linux, Non-profits, and Health Insurance

Last month, a retired volunteer for an Linux-based charity had a stroke. See this: When "minor" and "devestating" are used in the same sentence. Because of brutal, inhumane state and federal policies dictated by Wall Street, she is ineligible for Medicare, and naturally can't afford an individual policy on a fixed social security income (at over 60 it's prohibitively expensive). So, she's screwed.

The work she and her colleague, now caregiver, have been doing has been helping the young gain access to technology where our broken educational system has let them down, again. The HeliOS Project provides rebuilt or refurbished computers to disadvantaged Austin kids. These systems would not be able to run current Windows OS's, but run Linux just fine.

Working for a non-profit is not financially rewarding - usually you are lucky to be able to afford to pay to feed yourself, and all the rest goes into the cause. It rarely has benefits like health insurance or sick leave, and usually any pay at all is a token stipend.

Because our economy is organized around wage work for corporations, both entrepreneurs and non-profit volunteers end up in the same boat when it comes to health care if something major happens: they sink, and lose every they have due to an accident, or accident of biology.

Here is where America can redeem itself, in a small way. There is a PayPal link in the article. If you are working, and have insurance, toss some money her way to help pay for her treatment. I did. Spread the word, about the project, and the problem, too.

Posted by ljl at 06:18 PM | Comments (0)

June 12, 2011

Cloud Schadenfreude

By now it's been over a month since Amazon AWS East went down, hard, for five days and pulled the shine off of the cloud hype. Now that I'm not working again, I have time to comment on the stupidity.

Amazon was probably the top cloud provider, and it was very obvious that some companies bet their business, in entirety, on Amazon being up all the time.

That's dumb. Five days hard outage, nobody home at their url, data lost, and all because many of these companies did not have any redundancy, fail-over or back-up provider. The miracle of "The Cloud" would provide everything they needed - including a kick in the teeth.

Several people didn't go down, as cited this Computer World article because they had good disaster recovery plans.

Heck, this CW blog by Sharon Machlis put even more of a point on it:

But here are two lessons I'd take away from last week's outage. Moving to the cloud doesn't eliminate the need for skilled IT professionals to architect your application properly. And if you don't follow your provider's advice, expect to get burned.

Which is kind of the point: "The Cloud" is just a fancy-schmancy way of saying 'virtualized hosting in a pretty wrapper' which charges a premium for the name. If you want a fault tolerant operation, you need to set it up to allow for Murphy's law, not expect the Cloud fairies to magically make it happen. You need to do your own disaster planning, and even consider that your cloud provider may not be perfect!

Cloud computing means that someone else pays for the space, hardware, fiber, and power, throws a glossy management interface on it, then rents it to you at a premium. If your business is at a place on its growth curve where this makes sense (rent vs capital plus operations cost), fine. But don't get suckered by the salesguy's hype, and figure that "The Cloud" will spare you the need for good IT people and good planning. It won't.

Just like outsourcing being seen as the "magic bullet" to profits (it isn't), 'The Cloud' is seen as a panacea for all infrastructure requirements. It isn't either. It's just another form of hosting, and you still have to plan for redundancy and failures.


(Disclosure: I'm a smaaall stockholder in Amazon. This didn't help my share price, IMO.)

Posted by ljl at 04:42 PM | Comments (0)

May 26, 2011

Open Source Contributions

You know, it's really cool to work for a company that contributes stuff to open source, like this: zeromq input and output modules for rsyslog.

Posted by ljl at 03:04 PM | Comments (0)

November 04, 2010

Age and Treachery

There is a tendency in the Silicon Valley to only hire "Recent College Grads" - this means young people, under 30, but with a politically correct gloss on it. This is enforced at the phone screen level by the trivia question, game-show quiz approach, which assumes that you excel at the type of pop-quiz buzzword query-response on the latest and greatest systems. It also screens out people with any sort of memory related disability. How nice.

This is foolish. Again and again, I see the young cowboys reinvent the wheel, make the same types of mistakes with new names (but claiming "it's different now" or "it's a new paradigm"), or other stuff that could be avoided by a little bit of BTDT (been there, done that). How much money do these "new, young, agile" companies waste making the same types of mistakes that have been made again and again by every "new" company and "new" business model that thinks it is so "unique" that the basic rules of good business and good process don't apply to them? The entire dot-bomb was due to the "new paradigm" delusion.

Yes, think out of the box, look for improved ways to do things. But you have to know what has been tried before to avoid spinning your wheels on stuff that has already failed. This is where the ten-plus year computer pro who actually was around before GUIs can help you. Sure, they will flunk your memory for trivia tests. But they will know where to look up five prior versions on three different OS's, and remember the tendency for manufacturer $foo to produce buggy drivers for product $bar.

What I've noticed most often with your experienced sysadmins is that the real value comes not just with the breadth of experiences, but the validity of the "gut check". Failing "gut check" is when you propose to do something, and their eyebrows shoot up, they get a concerned look on their face, and they say something like "Why would you want to do that?" in a dubious voice - and that's if they are being polite. More than nine times out of ten when a senior sysadmin has been shouted down after something failed their gut check, it turned out that they were right (and not listening cost you lots of money.)

I recently saw a job ad that wanted a sysadmin to be able to build a system from scratch - bare metal, including configs, without looking anything up. I wouldn't want to work there. Even if I thought I had everything "memorized" (which I don't and won't), I would still look various configs up in the installed or sample files to be sure that I included all the options, didn't make any typos, and (most importantly) that the key/values in the configs hadn't changed between the version I'd memorized and what was current!! When you work with two or more different distros of Linux, plus occasional forays into BSDs and Solaris, this matters.

If you are a manager of sysadmins, cherish your "grey hairs" (even if their hair isn't really grey). The fact that they have stayed in the field for more than ten years, in spite of the bias against them and the abuse they get for not being "recent" grads or "fresh and hip" or whatever buzzword salad masks the bias against those over 35, say a lot for them and their tenacity and love for their field.

Posted by ljl at 06:47 PM | Comments (0)

June 18, 2010

Peaking at "The Cloud"

OK, so "Cloud Computing" is a fancy way of saying hosted data storage, servers or applications. Your stuff on someone else's hardware, for a fee. They do the drudge work, you do the thinking and rake in the money, right? Or not, as the case may be, as cloud resources still need to be managed by your own in-house team, but they just have less control and more constraints.

I went to the Web 2.0 conference a couple months back, and this year was very encouraged to see some of the pure BS hype from last year being dialed back. Plus, there were people actively promoting security and best security practices in the "cloud" space.

I have spent a lot of time trying to figure out what the heck I would really recommend that companies use "cloud" computing resources for. What is actually my idea of the "killer app" for "cloud computing"? It eluded me for a while, until one day I went to that venerated geek haven, Slashdot.

Who in the high tech industry hasn't heard of the "Slashdot Effect", when an article is written about your company or website, and the attention and resulting web traffic it gathers crashes your site? The Slashdot Effect exceeds all planned peak load (if you ever planned for such a thing), and gives systems people gray hair overnight. Thing is, not just Slashdot causes this - as Amazon found out with the Harry Potter releases.

The killer app, then, becomes the ability to handle those peak loads - seamless peaking - without having to have a large number of expensive machines idle 95% of the time. It must be cheaper than provisioning a bunch of machines and leaving them to run; it must come on-line rapidly, and it must be responsive to the demand. We are talking about dynamic peaking of web services.

IMO, this type of application would be a virtualization specialty, with load balancing and network allocation in the mix. Dynamic allocation of compute resources is a must. While the initial set up and configuration would be done under non-load conditions, the actual engagement of the resources would be based on demand, and automated to happen in near-realtime.

Automation is key, here. The Slashdot Effect happens rapidly, often faster than you can page a sysadmin out of bed at three am. Yet it is not so rapid that the traffic chart is a complete right angle. The key here is monitoring, and smart enough monitoring to discern between a DDOS attack and a genuine demand peak. The idea is to bring enough resources on line rapidly enough to respond to the trend without going too far, and then scaling them back when the peak is over (most peak scenarios neglect this.)

The cost-effectiveness of this is obvious. A base fee would be charged for the configuration of the various resources and the ability to "peak" up to a certain level. Above that, only the actual peaking usage brought on line and used would be charged for, by bandwidth, CPU, and disk space metrics. This, of course, is another reason why the ability to automatically de-provision resources has to be part of this.

So there you have it - dynamic peaking - what I see as the basic outline for the killer "cloud" application, something that would let more sysadmin's sleep at night, secure in the knowledge that the cloud would handle that surge in popularity that marketing has been promising "...any day now.".

Posted by ljl at 06:54 PM | Comments (0)

Unemployment Issues

Silly companies, has no one told you that we are in a deprerecession? When you hire an H1(b) for a US job, you hamper the recovery. When you refuse to consider an unemployed applicant, you shoot yourself in the face.

... firms that hire unemployed job seekers could also benefit from a recently-passed tax break that essentially exempts them from paying the 6.2% of the new hire's wages in Social Security taxes for the rest of this year. - Out-of-work job applicants told unemployed need not apply
Yes, people, you are losing out on a tax break if you pass over the unemployed.

Oh, by the way, lifting and carrying are not IT skills. They really aren't. They are just excuses not to hire women, older people, and/or the disabled. I don't care how you try to spin it, how you try to justify it, but it's just discrimination. All you'll end up with if you want your expensive systems people to lift and haul stuff is geeks with bad backs and expensive workman's comp bills. Get carts or hire cheap people for the grunt labor, don't risk your expensive equipment on some geek trying to be macho. Flat screen monitors don't weight 50 pounds.

Lose the bias against older folks, seriously. I don't know how many times I have had to clean up after the young cowboy or reinvent the wheel type because the company only wanted "new, fresh" recent college grads (read that as "people under 30"). Don't expect a really experienced person to answer trivia questions on a phone screen, either. The petty details and file names? We look those up, because they change over the years, and move from distro/variant to distro/variant. I don't keep the syntax for every type of config file that I've ever touched in my head. Even standards like Apache, or Kickstart, have changed over the last 8 years. That may seem like slow change, but to an experienced person, that rate of change is a ridiculous amount of memorization for the purpose of passing phone screens every three years. Cut it out.

I realize that there are so many fakers out there that you actually have to ask "What is a man page?" I laughed when one interviewer told me that. (I didn't get the job because they *assumed* I couldn't lift 50 pounds - I can, but shouldn't need to.) If you're going to fake knowing about Unix/Linux, do your frigging homework. Know what RTFM means. But interviewers need to realize that those of us that do RTFM don't need to memorize - that's why we RTFM.

Oh, and for those of you who say "just get a job, any job" - go screw yourselves. Most sensible employers will not hire overqualified people because they will leave for their regular career as soon as they can. This means that not only can I not be considered for an entry level NOC job (which I would gladly take at this point, just to beef up the networking side of my resume), I will never be considered for a clerk, waitress, fast food, warehouse or even clerical job again, except maybe as a temp - and then only for a one or two day "day labor" gig, not a real job. So no, I really can't go work at MacDonalds or WalMart. Stop suggesting that I apply.

Posted by ljl at 02:37 AM | Comments (0)

November 28, 2009

Clouded Thinking

"Cloud Computing" is supposedly the next big thing in computing. "Everybody is looking to develop a cloud strategy", blah, blah.

It's ninety-five percent hype. That's the nicest thing I have to say about it.

Don't get me wrong, there are things that the cloud is very good at. One is backup strategies - provided attention is paid to encryption, compression, bandwidth and ToS and provided it isn't your only backup strategy. Also, it is very good for peak scaling of compute needs, so that you don't need to expand your own infrastructure investment for peak loads. Again, you need to pay attention to security, load balancing, and what the cloud vendor will host.

But if you brag to me that your entire development, intranet and application service will be done "in the cloud", I will try to politely lie and deny any knowledge of the area, because you are an idiot to bet your entire business and intellectual property on someone else's hardware, network, security and terms of service, especially if you are only going with a single vendor. If they decide they are tired of the cloud, you are finished, in an instant if they decide to just turn it off, and with no recourse if the lawyers who wrote their ToS are any good. I could not in good conscience help you waste your investors money that way. If I'm not in a good mood, I'll laugh at you.

To me, cloud computing is a fancy name for hosting. You put data, applications or whatnot on some else's network and hardware, usually on virtual machines. You don't have to deal with the network configuration issues, but it's much like having a remote data center, just not as expensive. I can see why it is so attractive to the "something for nothing" beancounter types, who don't really get the real business risks.

Take Amazon's EC2 & S3 (part of their AWS group). Amazon is a big, stable and well established company. I know, I used to work for a subsidiary of theirs. EC2 lets you rent a virtual machine. This is great for expansion and service peak scaling. S3 is storage maintained by someone else. Very nice and stable. If I wanted to use either of these type of cloud services, I would go with AWS.

BUT, if they needed the hardware and network capacity to serve their core business of selling stuff, and couldn't bring additional capacity online any other way, guess who would get the short end of the stick? Yep, the cloud. They do their best to plan for both, but natural disasters happen, and data centers go down. So don't have your entire business in the damn cloud!

Then there are the cloud service startups. Maybe they would be one of several cloud vendors that I would work with, but not the only one. If their entire business model is selling an over-hyped service, stay away. They will be another dot bomb.

If you need remote network locations on the startup trail, find an ordinary hosting company that offers virtual machines. Find two of them, at separate data centers. Your terms of service may well be better than cloud services.

Have a server in your own shop that is running virtualization software, and have a person who knows how to work with it. Do your development builds on this machine. Keep all of your development in house, not in the cloud, or on the web. Yes, back up off site, but encrypt it, or take the physical media off site. Protect your intellectual property.

Essentially, you should focus on your business service/application, not the infrastructure by which it is delivered. If they say "We're developing for The Cloud", their emphasis is in the wrong place - the Cloud infrastructure. If they say "We're developing 3-D CAD for web users", you know their focus is on the CAD software and the web UI.

So, go ahead, hire me as a sysadmin. But don't ask me to set up an entire company in the cloud - I couldn't ethically do it. I won't help you load a gun against your own company.

Posted by ljl at 03:50 PM | Comments (0)

May 12, 2009

Wanted: A New Conservative Party

OK, we know that the Republican party has become the party of religious conservatives, corporate pandering and bellicose foreign relations. No longer fiscally responsible, they say "No" to any spending or tax cut for the middle class, and "Yes" to any and all spending and tax cuts for huge corporations and the wealthy. They want to get all up in people's private business, and push their pseudo-religious agenda onto everyone by force of law, but don't want a single regulation to touch their precious corporations and how they do business with the public.

That's not a true conservative, IMO. It's a parody owned and operated by corporate and religious interests (that are often in bed together, too.)

What's a true conservative? They believe in:

  • The constitution, including the Bills of Rights. Also protecting citizens from excesses in government power overruling those rights. This includes the First *and* Second Amendments. They oppose government involvement in religion as a threat to religion, and would rather see religion stripped completely from the public square than forced down anyone's throat.
  • Personal responsibility and personal freedom. They don't care what you believe, or who you do things with, as long as you don't force anyone else to do it too. Want to marry someone of your own gender? Whatever, as long as you don't ban heterosexual marriage. Want to post a copy of the Ten Commandments or the words of Buddha? It'll look fine over your mantle, not in a government building.
  • Fair dealing. They want to engage in honest commerce, without the deck stacked in favor of large corporations versus small companies and individuals. To have a competitive advantage, you have to have real competition. They oppose letting companies screw over individuals. They also oppose monopolies and oligarchies as being bad for business and innovation. They hate fraudulent dealing and artificial assets, and know that corporations aren't people and don't have the same rights. True success is earned, not gained by lying, cheating, and confidence games.
  • Limiting government. They want the government to do what it should - handle matters that are a) in the general public interest and b) are too big or critical to be completely entrusted to private firms. Infrastructure, civic services (police, fire, ambulance), defense, education, courts, health, pensions, regulation of public lands (including air, ground and water) and regulation of public services in the public interest. For things that can be privatized, they believe in oversight, keeping the trust of the public.
  • A strong defense and good foreign relations. They know that good relations and honorable actions mean that fewer of our soldiers and dollars need to be spent on war. While not shirking from battle, they don't want to start it, and would rather finish it decisively and quickly.
  • A respect for the rule of law, and a distaste for personal regulation. How can you expect someone to respect the law when it doesn't respect them? They are willing to undo petty laws that create victimless crimes. They also understand that prohibition just doesn't work. Better to regulate it and tax it than let crime gangs run rampant.
  • Public policy based on sound science. No relying on "studies" published by companies or interest with an agenda, but real, peer reviewed and repeatable science. They also oppose publicly funding any education based on religion or superstition. They encourage innovation as the engine of economic growth, yet understand that inhibiting cross fertilization of ideas with excessive patents, copyrights and DRM ultimately are detrimental to the evolution of new businesses.
  • Rational immigration policies. They know that this nation was built by immigrants, and that an overhaul of our system needs to judge based onm merit, not color of skin or ration by country of origin. They also oppose "guest workers" of any sort because guest workers have no investment in the country. They would rather a level playing field and true competition for jobs, with the workers having as much choice as employers do.
  • Environmental stewardship. They know that we didn't just inherit the Earth, we are taking care of it for our children and grandchildren. They wish to conserve our natural resources, and make the most efficient use of them.

Needless to say, this isn't the Libertarian party, which is in the process of being hijacked by the religious nuts, just like the GOP has. The Democrats, while living up to some of this, are also beholden to big business, and like to regulate personal behavior as well. Plus, they have just as selective a reading of the Bill of Rights as the Republicans do, they just omit of twist different amendments. The other third parties are either ultra leftist, are religious cults, are racists, are one trick ponies, or are just plain not based in reality.

How about calling the new conservative/moderate party the Foundation Party, because they respect the principles that were involved in the nation's founding (equality, freedom of religion and the press, opportunity, public stewardship, independence, and rebellion against corporate power backed by government arms.)

Too bad no one reads this blog...

Posted by ljl at 07:50 PM | Comments (0)

May 11, 2009

Amazon Should Implement Granular "Safe Search"

Amazon recently got hammered over someone assigning any and all books with positive outlooks on homosexuality to the "adult" category, effectively stripping their page ranks. This was very scattershot, and seemed to have been happening "quietly" for a while. Needless to say, it hit both Twitter (#amazonfail) and various blogs and exploded.

Now, I am a former employee of an Amazon subsidiary. I can tell you straight up that a) Amazon is not a homophobic company - they offer DP benefits, and no one bats an eyelash about people bringing their same-sex partner to company family events - and b) they want people to actually be able to find and buy what they are looking for! The whole idea of providing the "long tail" of uncommon stuff is part of what makes Amazon work.

The problem comes in the somewhat naive way they handle the "adult" designation. Apparently some sales guy got a complaint about gay stuff, so he blithely marked a whole bunch of it as adult. Apparently that happens a lot - some group with an agenda complains, it gets shoved into the adult ghetto by customer service or an automatic complaint handling script.

Now, this pisses off gay activists and just ordinary readers, because all that was left when searching on "homosexual" was those abominable psuedoscience books on "ex-gay" and "de-gaying" that cause more harm than good. Also, it catches stuff that is merely reportage, not advocacy at all!

On the other side, you have the folks that don't want the search to turn up *anything* that *they* determine is not good for kids to see. These people abrogate their responsibility as parents to supervise their kids, or make judgments about what they see and just not look farther, and want Amazon to do it for them. Hence, the oversimplified "adult" pigeonhole and categorization.

Now, I can see an advantage to making the default, not logged-in search very vanilla. It makes it safe to allow in schools without causing parents with sheltered kids heart attacks. But these same parents should be able to control what their kid sees, not just all or boring. Hell, they may not want to see certain kinds of stuff themselves, or may be searching on an office computer and logged in.

So, I suggest (since I'm not working there, that's all I can do) a nice, granular "safe search" methodology for logged in users, with the default search having several of the categories left out. None of the page ranks would be touched, even for the raunchiest porn (hey, the makers need to know what the market wants).

Account holders would get a list of letter codes for stuff they *wanted* to allow in their results, with check boxes, and then could pick what they see. A future version could even have location browsing profiles (work vs home). Amazon would then apply the filters to the search results, and everyone is happy.

Propsed letter codes for what it contains:
S = Sex
X = Explicit
V = Violence
P = Profanity
G = Gay
H = Hate
C = Controversial

Let's take these one at a time. First, the no-brainers, the standard (even obvious) categories. These items would be applied to the default, not signed in, search. They substitute for the rather overbroad "adult" category:

Sex (S): Dildos, butt plugs, penis pills, pouch masturbators, the Kama Sutra, basic porn, nude calendars. This is the garden variety sex stuff, but a lot of people are still uncomfortable with it.

Explicit (X): This is the "over the top" graphic porn, fetish, bodily fluids, BDSM and other stuff. Think "Two Girls, One Cup" explicit. Very NSFW.

Violence (V): Slasher flicks, news archives, FPS video games would fall in here. Again, mostly an issue for parents, but also pacifists.

Profanity (P): Rock and rap with grown up lyrics, George Carlin's 7 Dirty Words, books and graphic novels with swearing, movies with swearing. There are still people who get their knickers in a twist over profanity and obscenity, and don't want their kids to see/hear it.

Now, here are the ones that the knee-jerk "protect the children from the world" would demand as well. These filters would *not* be part of the default filter set, but could be selected by those who felt they needed to be protected from the ideas.

Gay (G): Anything from children's literature, biographies and porn can fall in here. Some people want to be sheltered from the realities that exist, and want their kids kept away from it as well, so let them filter it out.

Hate (H): Stormfront, Mein Kampf, de-gaying ministries, anti-semitism, various forms of blatant bigotry. This is stuff that would outrage the SPLC and other hate-watch organization. Again, some folks don't want their kids exposed, and would rather not see it themselves, but the rest of us adults can cope (we just don't buy it). Besides, some of this stuff is actually illegal in places like France and Germany.

Controversial (C): This is for all the stuff that social conservatives consider unsafe for reading or seeing because it violates their worldview. Books on evolution, alternative religions and other stuff they want to put their blinders on for would go here.

So, even a children's book like "Heather Has Two Mommies" would be rated "G" and "C".

With this in place, people would be able to decide what types of thing they considered "adult" and didn't want to see. The page ranks would still be present, and people could still search for whatever they wanted to buy, even raunchy, violent gay porn filled with cussing and non-standard fluid exchanges. Amazon could have a sanitized default search, without cutting off its ability to sell what buyers want.

So think about it, Amazon. I know you have the talent to implement this, and it would eliminate some of the tug of war between conservatives, regionally restricted content, and people who don't just buy vanilla.

[P.S.: Hey Werner, do you still care about search and buying things, or is your head in the "cloud".]

Posted by ljl at 01:42 PM | Comments (0)

November 25, 2008

Tax Spend Borrow Repay

The last 8 years of disastrous Republican fiscal policy can be best described as Borrow and Spend

The next 8 or more years will have to be Tax and Repay.

People will whine about tax increases, or, more precisely, the elimination of tax cuts for the wealth and loopholes for corporations. But it's still fair - we allowed the Republicans to borrow against our future earnings and blow it on wars, pork and corporate welfare - and the debt has come due. It's time for the nation to repay it.

We do need to be sure that we don't allow our profligate relatives politicians to run up our debts again, however.

The demonization of Democrats and liberals as "Tax and Spend" types is fallacious. It is the movement Republicans who have become the party of bloated government, wasteful expenditures and crushing debt - the "Borrow and Spend Like the Bill Never Comes Due" phenomenon that has left our economy in ruin and our nation is individual and collective debt up to our eyeballs.

It is the Democrats who now must be the voice of fiscal responsibility, and raise the shouts of "Repay the Debt", "Pay as You Go", and "TANSTAAFL!".

Expect higher taxes, and don't whine about it. We let the Republicans get away with it, now we need to clean their messes. That costs money, and we can't leave it to the next generation to repay with even more interest.

Posted by ljl at 10:01 AM | Comments (0)

November 19, 2008

I Love Amazon's Fernley Facility!!

Order placed 11/18 @ 11:30 am with 2 day Prime shipping:

Items shipped on November 18, 2008:
Delivery estimate: November 19, 2008
1 package via UPS

* 1 of: Sony Stamina Platinum Alkaline D Batteries (4 Pack)
Sold by: Amazon.com, LLC

I got it at 11:20 am on 11/19 here in Palo Alto.

Can you say Wow!! 1 day!

Now, with the holidays the hardworking folks at the warehouse won't be able to do this all the time, but Wow!!!

IMO, under promise and over deliver are a good way to run a business.

Good job, folks!

Posted by ljl at 12:24 PM | Comments (0)

May 16, 2007

Amazon Does the Right Thing™

Amazon.com to Launch DRM-Free MP3 Music Download Store with Songs and Albums from EMI Music and More Than 12,000 Other Labels. Amazon's long awaited music download service is not laden with useless, crippling, and insulting DRM. Yes, Apple iTunes finally woke up and smelled the roses and is shedding the DRM albatross, but Amazon waited until it could do it without the DRM crap from the start.

Now I can, and will, buy downloadable music. Thank you, Amazon. I'll buy from you, not from DRM slave Apple.

I have not bought even CDs in the last several years because of the DRM idiocy. I have also not downloaded anything that was not expressly made available for download by the artists, without DRM.

I still won't buy DRM encumbered CDs or DVDs. My roomies do, but they are too wedded to their video addiction to forgo DVD movies and TV shows on a basis of principle.

To all of those who want to sell stuff to people like me, take this as a hint: I will not buy DRM encumbered media. I will not buy the devices required to play DRM crap, and that won't play anything but DRM crap.

(Disclaimer: I work for an Amazon subsidiary. I'm still thrilled on a personal and ethical level.)

Posted by ljl at 12:58 PM | Comments (0)

March 05, 2007

Truth in Labeling - When "Zero" ("0") ISN'T!

Dear Jerk Food Producers,

If I get a hold of one of your single serving containers of crap, and it says "0 grams of trans fat", I expect it to really be Zero. Yet if I read the ingredients list, and the top item is "liquid and partially hydrogenated soybean oil", and a few down the list is "hydrogenated soybean oil", I know that you are LIARS!!

You see, if you have a vat of stuff, say 10 Kg (10,000 g) worth, and one of the ingredients is 45 g of trans fats, the trans fats in the resultant concoction are not 0 grams, regardless of "serving size"!! Simply subdividing the servings until the trans fats are less than one gram per serving does not make it "0 grams of trans fat". It just doesn't work that way. Yes, it has "less than 1 gram", or even "less than 0.5 grams" of trans fats, but it is still not zero!!

So don't try to tell me that anything with partially or fully hydrogenated crap in it has "zero", "0" or "no" grams of trans fat. Because you are lying, deceiving, and scum. If I had thought to grab the container of poison, I'd have grumbled to weights and measures, or the FDA, or whoever.

Water has 0 grams of trans fat per serving. "Butter" flavored "Spread" made with hydrogenated (partially or fully) soybean oils does not, and can not.

Now quit lying. "< 1" is not the same as "0". While "0" is "< 1", "< 1" is not "0". This is basic chemical analysis, set theory, and horse sense.

Posted by ljl at 04:18 PM | Comments (0)

January 02, 2007

Compact Flourescents and Other Energy Tricks - Ten Years of Saving

I've been fighting a losing battle with my energy usage for a good 20 years. With over 4 computers, three TVs and attendant recorders, two printers, a fax, two freezers, two fridges, two A/C units and two microwaves, my electric bill is routinely astronomical.

I have found ways to save. The biggest savings has come from efficiency, not reducing equipment. Buying more efficient electric appliances and light bulbs is why my utility bill (PG&E, among the most expensive in the nation) does not equal or exceed my rent (in Silicon Valley, also among the most expensive in the nation).


I can't convince my roomies that the extraneous TVs and recording devices should be turned off. Same with certain computers and monitors. So I have to save elsewhere.

I started with "CFL"s - compact fluorescent lights. Egad, did I get resistance - "they buzz", "they hurt my eyes", "they don't fit", blah, blah, blah. So I started with the porch light, which was a PITA to have to always replace. Then my bedroom, and the bathroom. The kitchen was next, then I snuck one in on the stove hood - it was always on. The clip lamps and other spot sources got them next, because I stopped buying anything else!!! Now the one die hard roomie uses adapters and 15 watt incandescent bulbs to supply his "low light" addiction. The rest are "squiggle bulbs".

Next came the computer monitors. A CRT monitor uses twice to 3 times what a comparable screen area LCD uses. A CRT also weights more, and eats up more desk space. So when I started digging out of the dot bomb slump, the first thing I started doing was "upgrading" my monitors, and downgrading my energy use.

Finally, I got really spendy. When I moved recently, I went ahead and bought new air conditioners, with really good energy ratings. While they didn't get installed until the height of the heat wave this last summer, they still are a savings over the previous ones. Now, some will say "you don't need A/C", but with my physical limitations, yes, I do, or I get a really nasty rash under my bad arm. Cooling the bedroom to 75 degrees so I can sleep without stewing in my own juices is a good idea.


I am infamous for scoping out sales. I bought CFLs by the dozen, when they were on sale, or clearance. When a light fixture takes 4 bulbs, swapping in squiggle bulbs for all of them saves a chunk. But it requires lots of bulbs.

Finding LCD monitors on sale was a bit harder. Some of the brands that are available cheaply aren't very reliable. So I watch the ads, and will even do the rebate go 'round. That process is still somewhat slow, but getting there.

The newer A/C units were on an off-season clearance. I bought them in February, not July. You can save up to $50 per unit that way.

The biggest cost was time to convince people to change, and the time to find the sales. Since I do a lot of online price monitoring now anyway, the costs have reduced significantly from when I first started.

Posted by ljl at 04:29 PM | Comments (0)

November 14, 2006

Nowhere to Hang your Hat


Without Housing: Decades of Federal Housing Cutbacks, Massive Homelessness, and Policy Failures

Western Regional Advocacy Project (WRAP), a coalition of west coast social justice-based homelessness organizations, has released a report that documents how more than 25 years of federal funding trends for affordable housing have created the contemporary crisis of homelessness and near-homelessness. The report was released in San Francisco on November 14, 2006 at 12 noon, at the Philip Burton Federal Building, 450 Golden Gate Avenue, in conjunction with release events in 7 other cities ranging from Seattle, Washington to San Juan, Puerto Rico.

Thoroughly documented using federal budget data and other sources, Without Housing presents this data with passion and vitality, and uses artwork to give life to the words and data to express the pain and frustration experienced by real human beings abandoned by a federal government more concerned with the profits of corporations than with the well-being of its poorest people.


When I was growing up, there was a safety net for housing, and a planned balance of the types of housing available in a city. There were places where the government mandated and made sure that the people who held lower paying jobs could afford to live, near their work.

The idea that a mixture of inexpensive apartments and snazzy condos can co-exist seems to have been lost by even the most "liberal" or "progressive" communities. The idea that we just might want our grocery clerks, janitors, assembly line workers, and government employees seems to have been swept away by the "conservative" revolution and the "I got mine" generation that came to power 25 years ago.

Now we are paying the price, and our friends, coworkers and kids are homeless, or suffer from overcrowding and food insecurity. You see, the "homeless" are not just "winos" and "crazies". Often they are the working poor, the disabled, and, increasingly, young adults.

How does this affect businesses? Lots - by reducing the pool of qualified employees due to impossible housing needs, by causing current employees additional stress due to lack of affordable housing, and therefore financial distress, by increased security costs associated with the perception of the "homeless menace".

So download the report, and read it(the artwork alone is worth the time). Then decide what we as a society should do about it, and get your representative in government to work on it.

Also, see just the artwork of the critical graphs. Now I get to save up to buy the posters...

Posted by ljl at 09:50 PM | Comments (0)