Back to top

Technology

Broadly defined "technology" e.g. software, water pumps

Warning: 100% uptime (or 99.9%) is a marketing trick - don't fall for it

We recently were reviewing proposals from two vendors. One vendor claimed 100% uptime. Another vendor claimed 99.95% uptime. Our SLA to customers is below both of those numbers, but 100% feels better than 99.95% right? So we should go with 100% right?

My experience is that the uptime number in an SLA is purely for marketing purposes. Pure. Marketing. Purposes. If you read 100% and think the service will be online for 100% of the time? Shame on you.

The really important thing is the detail behind the SLA. Here are a few tricks I've seen that make a 99.999% SLA roughly worth nothing.

  • What are the exclusions? Most service providers are hosted somewhere (Amazon? Physical space?) that has it's own uptime guarantee. If that provider goes down is your SLA still in effect? Many SLAs exclude acts of nature like a hurricane that can take down a single provider.
  • What do you get when the number is broken? Some contracts give you a credit. Some give you cash. Some give you a credit that is worth your monthly cost multiplied by the percent of time they were offline. Is that worth much to you?
  • Do you get more if the outage is persistent? If a service dies for an hour that's a problem. If it dies for a day that is horrible. I want to be compensated more if the outage is prolonged.
  • Whose monitoring counts? What kind of monitoring? I've had times where my monitoring (Pingdom) showed a site was offline for hours, but internal monitoring showed it was fine. I got no credits.
  • What counts as "down" - if the service is online but taking 10 times longer than normal to process requests, is that OK? What if the service is online but network connectivity is degraded?
  • How are periods of downtime calculated? An SLA I read only counted a full hour of continuous downtime as real downtime. Many outages are 10 minutes here, 20 minutes there. I want to be compensated for those as well.
Category: 
People Involved: 

Setting up OpenSWAN for Site-to-Site VPN - Ubuntu 12.04 and Cisco ASA 5520

I recently had to setup OpenSWAN on Ubuntu to be part of a site-to-site VPN with a Cisco ASA 5520. There are a few resources I used to get me there. It was hard to find these resources so I'm keeping track of them for myself and in the hopes it helps someone else.

My requirements were:

  • local ike peer IP address: 89.76.54.321
  • remote ike peer IP address: 123.45.67.89
  • remote: also want all addresses in 123.45.0/24 to be addressable

  • Authentication: pre shared key

  • Encryption Scheme IKE
  • Diffie Hellman Group: Group 2
  • Encryption Algorithm: AES-256
  • Hashing Algorithm: SHA1
  • IKE Negotiation Mode: Main mode
  • Lifetime (for renegotation): 480 minutes

  • Phase 2 Encapsulation: ESP

  • Phase 2 Encryption Algirithm: AES-256
  • Phase 2 Hashing Algorithm: SHA1
  • Perfect Forward Secrecy: No PFS
  • Lifetime (for renegotiation): 480m

And here is roughly what my /etc/ipsec.d/connection.conf looks like:


conn i2c

Category: 
People Involved: 

Super Simple - Embed your form into facebook pages

Today I needed to embed (iframe) a web page into facebook. Pretty simple idea, really - doing so should help improve conversion rates for visitors who are landing from Facebook. And, of course I want to do it as simply as possible so we can test the idea before investing more time into fancier features this might have (a facebook-like theme, facebookconnect to pre-fill user data, etc.)

So...I did a ton of searches for how to create embed a page in a very simple way. I don't want to use an SDK. I don't want to have any OAUTH or interactions. Just show my page inside the facebook header and sidebar! But...how to do it.

Facebook Static HTML Iframe App

Well, several tutorials and videos recommended using a third party app that would insert my iframe inside of the Facebook page.

This is indeed a very popular path to take. There are dozens of apps in use by tens of millions of people each month. WAT?

Of course, Facebook Canvas apps are just iframes...so...why do I need an APP to iframe my iframe? And how safe is your data when a 3rd party iframe is around your site? No, this solution simply will not do.

Make your own super simple Facebook App

Here's what you want to do.

  1. Go to Facebook Apps site. You might need to agree to some terms of service or something.
  2. Click "Create New App"
  3. Fill in the basic info - skip hosting.
  4. Fill in the "Basic Info" section. If you are unsure, leave it blank or read the help blurb. All you really need is a Display Name and Contact Email.
  5. Check the green box for "App on Facebook"
  6. Input your site URL for the Canvas URL and Secure Canvas URL. On October 1, 2013 all apps will be required to have https.
Category: 
People Involved: 

11 wonderfully horrible modern productivity anti-patterns

You are a modern web-worker. When the internet in your office goes offline, it is a major drain on your productivity. Here are some things you may do or see in your daily life that are "anti-patterns" or behaviors which are counter to productivity. Please, don't do them! If someone else does one of them, maybe send them this post (it includes solutions).

When people break these rules (especially via email) it just makes me feel like Billy Sorrels: DELETE, DELETE, DELETE.

1. Putting Screenshots into Microsoft Word Documents

You make a screenshot using the "PrtScr" key and want to share it. How do you do this? You open Microsoft Word, paste the screenshot into the document, and send it via e-mail. It's an image, not a document. Save it that way.

The Problem: Bloat and speed meaning fewer people read the message. It takes way longer to open a document than to open an image. It also takes up more space in my inbox. I mostly don't care about e-mail/inbox size these days, but when I'm on a slow connection (via phone, via internet in a foreign country) it can be an issue.

The Solution: This depends on the operating system you use. Windows users: take the screen shot, open "Paint" (or another graphics program like Gimp) and paste the screenshot there. Save it as an image. If you are going to do it often I humbly suggest Skitch or AwesomeScreenshot.

Category: 
People Involved: 
timeline: 

Installing Jenkins - Quick, Easy, Somewhat secure

Step 1: firewall off port 8080

Jenkins, by default, launches on port 8080 and anonymous users have full rights. This would let anonymous users run arbitrary code on your server. That's great for usability for a tool that's usually launched inside firewalls, but if you have a machine without a firewall...derp.

So, my recipe that provides some flexibility and some security was:

sudo ufw allow 22
sudo ufw allow 80
sudo ufw allow 443
sudo ufw default deny
sudo ufw enable

That lets http, https, and ssh traffic from anywhere on the net get into the box, but denies all other traffic. Defaults of ufw also allow all outbound traffic (which is handy for apt-get and other similar stuff). To be ideal you'd lock down specific outbound connections and also only allow 22 (i.e. ssh) from known good IP addresses. I'm not into managing that closely for this particular server. Read more docs on ufw.

But then...how do you connect to port 8080 for Jenkins access? You use an ssh tunnel:

ssh -qNf -L8080:localhost:8080 [email protected]

Then you fire up a browser to http://localhost:8080 and it's being tunneled over ssh to the server. But...nothing is running there yet...step 2.

2. Install Jenkins on Ubuntu

I was installing this on an Ubuntu 11.10 server (Oneiric) but I think this is probably a good guide: Jenkins Wiki on Installing Jenkins on Ubuntu. They use their own package outside Ubuntu's repository so you have to add the key, but I found it to be much more user friendly than the default Jenkins that comes with Ubuntu. So, I'm using it!

3. Securing jenkins (basics)

Category: 
People Involved: 

Pages

Subscribe to RSS - Technology