Nathaniel Eliot

The Brain Candy monkeys have been a joy to work with, and we've just finished launching their site:

It's been 2 years in the making, but my latest project, Runes of Gallidon,
is officially online. You can enter the world at: www.runesofgallidon.com.

Runes of Gallidon is the first offering from Brain Candy, LLC
(www.braincandyllc.com), a company I co-founded with two other friends, Tony
Graham and Andy Underwood.

Here's the summary:

User speak:
An original, online fantasy world where users create new multi-media content
for posting on the site. Users retain ownership of their Works, but they
share the Ideas in their Works, allowing the world to be integrated,
dynamic, and collaborative.

Business speak:
An online publishing site of user-generated, multimedia content set in a
branded fictional universe where users are legally allowed to create
derivative works of other users without breaking copyright laws.

Computer speak:
01010111 01101111 01110101 01101100 01100100 00100000 01111001 01101111
01110101 00100000 01101100 01101001 01101011 01100101 00100000 01110100
01101111 00100000 01110000 01101100 01100001 01111001 00100000 01100001
00100000 01100111 01100001 01101101 01100101 00111111

In conjunction with Runes of Gallidon, I am starting a blog and signing up
for twitter (yes, I'm truly stepping into the digital age):

   Blog: www.thismonkeycantype.com
   Twitter: scott_walker

PLEASE forward to anyone you think might be interested; we're trying to get
the word out as quickly as possible.

Thanks to everyone who provided support during this journey - see you in
Gallidon!

Best,


Scott Walker
President/CEO
Brain Candy, LLC - Official Steward for Runes of Gallidon
---------------------------------------------------------
www.runesofgallidon.com
"Discover a world, forge its future."

Their credit for my work also makes me extra happy:

We honestly don't understand anything about how Nathan does what he does, but the end result is that our servers and code migrations work really, really well. We have no idea what he looks like or what he's up to when we're not bothering him, but we suspect he only uses his technical powers for good.

Publicly referenced as a mysterious guru on a gaming site? Really cool. Public admission that they trusted me sight-unseen, and are happy with the results? Approaching single-digits Kelvin, especially from a marketing standpoint.

The Greenfield Geeks Guild (working name) will band together IT consultants, apprentices, and support staff, and provide them with the legal, managerial, and infrastructural resources necessary to build *fully* open source solutions for small businesses. This will give us the flexibility and pricing to compete well in this economic downturn, benefiting not only ourselves, but our chosen clients, and the whole open source community.

I will be running a series of explanatory/exploratory meetings on Wednesday nights this month:

6PM, 01/07 @ Epoch Coffee
7PM, 01/14 @ Tek Republic
7PM, 01/21 @ TBA (Burner Warehouse?)

If you're interested, please attend. If you cannot, but would like further information anyway, please let me know.

I'm starting to get a fairly large amount of demand for Drupal work. Several clients have expressed interest in my bringing on a junior developer/apprentice, to bring down their costs while maintaining overall quality.

If you are interested in learning how to build and maintain Drupal CMS systems, or know someone who is, please let me know. I'll want to know relevant experience, expected hourly rate, and availability. Candidates will need to demonstrate critical thinking and communication skills: other skills are valuable, but not required.

One of the side benefits of an overfull todo list is that sometimes you don't notice you've achieved a long-term goal until you're swimming in the consequences. I've been drafted into lead developer on a Drupal project, a "local information" site with some interesting stuff under the hood. We're going to try to soft-launch tomorrow.

"Establish sustainable contract work" - check.

So I stayed in an Extended Stay Hotel the last time I was visiting Dylan. I got a bunch of strange bounces for my email, which I traced back to their service provider, Global Suite, spoofing my SMTP server.

I switched to an encrypted SMTP connection with a mix of anger and embarrassment. I submitted a complaint to Global Suite and Extended Stay, and received no response. Evidently, they find nothing wrong with spoofing servers and causing service failures in doing so. I probably signed away my right to legal complaint in their "Terms and Conditions". The only place left is the court of public opinion.

Don't trust Extended Stay's network. Right now, they hijack email. Tomorrow, they might sniff your HTTP. If you must use it when you travel, please remember to encrypt, because it's not just hackers who want to molest your data.

Excuse me for a moment. I have to collect myself.

. . .

Google is releasing a web browser.

An open source, speed and security optimized web browser.

A web browser that a deserves a superhero comic about it.

I haven't booted Windows in almost two years.
If that's what it takes to run Chrome today, I'll do it.

. . .

I'm so excited, all six of my nipples are tingling.

---

Edit: Thanks to Gonzo_Dark for instructions on how to run Chrome under Wine. Less than two days from "Not On Linux Yet" to a work-around . . . well done, everyone.

Couldn't have the whole day filled with joy: assume all your unencrypted internet traffic is being read, because there are published ways to do so without even breaking the rules. And like IPv6 (built to address IPv4 address exhaustion), the corporate world will ignore this until after the problem's costs dwarf the costs to switch.

On the plus side, this makes the whole telecom spying program an expensive public-relations disaster, for little added benefit. Geeks can achieve quietly, and with an only slightly bent protocol, what it takes large (and easily noticed) installation for the government to do. Granted, geeks caused the problem by being too generally trusting, but the same could be said of Americans and the current run-away government. At least the geeks fessed up and are trying to fix the problem publicly.

Encrypt your traffic, folks: HTTPS, GPG, SSH, etc. It's not a panacea (traffic analysis can still say lots about you), but it's a start. Encrypt early, encrypt often, encrypt for fun and profit (or at least, less no-fun and no-profit).

There have been numerous attempts to accomplish an open-source bounty system, but precious few are still in operation. There are good arguments that bounty hunting crowds out donated development time.

I still think micro-patronage is the right way to fund development, however. The trick is to make it seek out and reward the people who are active contributors, rather than ambulance chasers. There are plenty of places to find bounties, but the work of finding them and executing them often isn't worth the ($5 to $100) reward. A system which found bounties, connected them to feature requests or bug reports, and notified both sides when the request was completed would go a long way; one that provided flexible escrow could go further yet. I've suggested some of this as brainstorming on a proposed Ubuntu donation system, but ultimately it may make more sense as an independent system.

Unfortunately, unless somebody decides to track me down and fund this, I've got more pressing projects. Take my brain crack, please: I'd just like to work on open source projects, and occasionally get tips. Though if you do start working on this, let me know . . .

Amazon EC2 + UltraMonkey + MySQL Cluster + OpenLDAP + Gluster + AppArmor + fastcgi + OpenVPN + Varnish + OpenNMS + Capistrano = Clustered Linux, Apache, MySQL, & PHP/Perl/Python

Or, in lay-men's terms: websites that never crash, even if the entire planet visits them at once.

Now, to make it all work . . .

In Debian Security Advisory 1571 (New openssl packages fix predictable random number generator), the Debian Security Team disclosed a vulnerability in the openssl package that makes many cryptographic keys that are used for authentication (e.g. through SSH) or signing (e.g. web server certificates) potentially vulnerable.

End User Summary

The scope of the problem includes:

• weak keys for both clients and servers (see section "Identifying Weak Keys below")
• all key types that were generated using openssl (this includes RSA and DSA keys)
• compromise of other keys or passwords that were transmitted over an encrypted link that was set up using weak keys. Note that this last point means that passwords transmitted over ssh to a server with a weak dsa server key could be compromised too.

Read more here . . .

In another example of why I don't often plan more than a week ahead, one of my long-term projects just floated to the bubbling surface, years ahead of schedule:

A client of mine just asked for a lot of PHP work, on a code-base that manages to push all my "run away" buttons; I can (and will) handle it, but oy do I not want to. Coincidentally, a former co-worker from India just contacted me looking for work. His English communication isn't 100%, but his resume is passable, and I've got him collecting references that I will check on. The difference in hourly rate means that if his code is largely passable, I can set him on the easier tasks, review his work, and net my client a savings over my rates. However, my client might prefer to manage the coder directly, despite the potential language collision (neither speaks English natively). Rather than cut myself out entirely, I proposed a finder's fee as an alternative, which led me to do some research on how they work.

Once I got that, the last piece of the answer fell into place: how do I build a network of computer geeks that encourages amateur and apprentice-based entry into professional computing, to balance the flow of greedy but talentless CS graduates? Subcontracting can easily handle apprentices and foreign outsourcing, but in situations of equal pay balloons costs with the management fees. Finder's fees reward professionals who have an opportunity they're not suited for, and a trusted associate who is, without making them get more involved. With a proper boilerplate agreement, geeks could profit from their ability to judge technical skill, something non-geeks are often poor at. Using personal links between the geeks themselves, rather than centralized recruiters, keeps everyone a bit more honest. Buyers, benefiting from a well-vetted selection pool, would hopefully jump to pay any reasonable fee.

With that all in mind: my contact info is on my profile page. If you're looking for contract work, send me your resume, references, rates, and any special preferences (e.g. - telecommute only, no client-facing, etc.). I still have to work up fee structure, and I can't promise results, but I click past many more opportunities than I'm qualified for, every day.

And if the same is true of you, let me know and I'll send you my info.

My oh my, but social engineering is an interesting technical field. This is all my old economics professor's fault, I swear . . .

One of the things I try to avoid in my professional life is bias. The computer world is crawling with people for whom Perl is better than PHP, or Lisp better than C++, or Linux is better than Windows. Holy wars are spawned because two people decide that their tool preferences are the whole of a value judgment, and then run into one another in conversation. This blocks out lateral thinking, one of the most valuable tools in this industry; with such a profusion of tools, it's well worth your time to see if there's a more appropriate one, before you start work.

However, I've also decided that for my own personal purposes, open source is the way to go. Work with no replication cost should be essentially free: this is the long-term consequence of plugging that zero into wholly capitalist equations, lest I be accused of the commie leanings I'm guilty of. Much to the lament of businessmen who would like it to be a license to print money, software is actually a service industry, not a product industry. Getting one payment for every thousand users is fine, if you've got an install base of millions; conversely, getting a thousand up front payments isn't so great, if five hundred of them feel gypped and never come back. The brightest OS companies already know this, and make bank each year on custom setups and service contracts. Using only open source seems to be just keeping ahead of the pack; the market's got to go that way, anyway.

The thing that drew me to computers was how easily I could tell I was right: testing a theory took relatively little time, and had results that weren't open to interpretation. That simple success button is still a large weapon in my arsenal against existential dread. Unfortunately, many of the more important questions (like "what's the right way do software in a capitalist system") have no such simple answers; truly testing the theory I espouse above will take most of a lifetime.

Until recently, a convincing counter argument was that open source projects were stuck in the UI ghetto, unable to appeal to the non-geeky because they were made by and for hackers. So its nice to see the occasional indication that's no longer true, such as a glowing review from a fashionable dame of her new Linux laptop. Although I would caution her (and you all): syntactic sugar isn't meant to be eaten . . .

Nana-nana-nana-nana
Nana-nana-nana-nana
B.A.T.M.A.N.

(My home wireless network is now running an experimental German mesh routing protocol. The amount of happy this makes me would require diagrams to fully explain.)

Your LiveJournal is in Russian hands now; back up, because you never know what those sneaky Russkies could be up to. Some options:

• LiveJournal Backup / Search Utility is a .NET application; I couldn't get it to work correctly (read: ran out of interest) with Mono, but it should do just fine for Windows. todfox recommends LJ Archive, which is built much the same way (i.e. - effectively Windows only).
• ljdump is a fairly simple Python program that dumps your posts and comments into XML files. Like Python, it runs most anywhere; it's a command line utility, so there's a bit more of a learning curve.
• Wordpress LJ Import and LJ Crossposter lets you sync your LJ to your WordPress installation. In theory, anyway; I've not tested either yet.

This public service message message brought to you by paranoid hackers, the Red Scare, and the number 23. The Council of Nathan disavows all complicity for this action: we can't be asked to vet everything peons write in our name, after all.

It's nice to know that all of my work swimming out into the deep waters is starting to pay off. Amazon just opened their Elastic Compute Cloud (EC2) to limited beta. I was alerted to this by a bid request on RentACoder; deeper investigation reveals that EC2 runs on Xen . . . which I'm already running on my rented server.

Which means that I've officially beat a path out onto a breaking wave.

Thursday at 7PM at Epoch Coffee, I will be running an informal "meet and greet" about mesh networking. Come discuss possible projects/uses for the Meraki mesh router and other wireless mesh technologies; a working demonstration of a Meraki network is possible, if there is sufficient interest and time.

RVSP not necessary, but appreciated. If you know of someone who would be interested, please pass this on.

I've been playing with various Linux virtualization and clustering technologies. The end goal is a minor grail for ghetto geeks: a shared nothing architecture that can be built with consumer-grade commodity hardware (i.e. - desktop PCs and home routers) and Free and Open Source Software (FOSS). "Shared nothing" is a bit of a misnomer: the aim is to build a unified high availability system that lacks any Single Point of Failure (SPOF), not just a grab-bag of isolated systems.

Of the parts that need to be found and included, the toughest is the storage. Most of the work on making storage more reliable has been focused on Redundant Arrays of Inexpensive Discs (RAID). Unfortunately, that just moves the SPOF from the drive (as it now has backup) to the computer (or storage area network (SAN)) that contains them. A better ideal solution is to produce a Redundant Array of Inexpensive Nodes (RAIN) which mirror their shared files, so that powering down a given computer to fix a broken drive (or other component) can't hurt the system.

I've investigated all manner of FOSS distributed file systems, and they're all frustratingly close:

• Coda promises a lot, including some wonderful network fault tolerance, but hasn't be developed for a while.
• OpenAFS is in heavy development, isn't 100% POSIX compatible, and has subsystems that require work to keep from being SPOFs.
• Gluster has a lot of neat ideas that approximate what I want, but it's a new system, with primitive configuration, and doesn't do data replication robustly enough for my tastes.
• Red Hat's Cluster Suite (RHCS) is one of the few with truly distributed servers, but it assumes that all nodes are connected to (expensive) SAN hardware; Distributed Network Block Device (the best FOSS SAN replacement I can find) is still in beta, and limited to two servers. Better solutions may hide in the native RHCS components; although it's open-source, good documentation would make copying (and thus competing with) that portion of the RHEL Advanced Platform much easier.
• Enterprise Volume Management System (EVMS) + Oracle Cluster File System (OCFS) + Heartbeat (aka Linux HA) is SUSE's slightly older approach to the above. Heartbeat v2 can manage more than two nodes, but EVMS's clustering plugin appears to depend on V1's two-node-only setup. SUSE seems to have fixed that, but the documentation of how is again somewhat absent . . .

Although an amalgam of the last two is tempting, I think I should ultimately just build off of the SUSE method. It's the best fit to my needs, goals, and proclivities, and unlike a hand-rolled solution, it's less likely to produce unexpected failures; as I've obviously skipped easy on the pick-list, I might as well take as much of the other two as I can get . . .

YOU FOOLS! SOON, MY CREATION WILL BE FINISHED! THEN YOU'LL ALL SEE!!!!!

---

This is a test of the Emergency Mad Science Broadcast System. The bloggers of your area, in voluntary cooperation with federal, state and local authorities, have developed this system to keep you informed in the event of an epiphany. If this had been actual Mad Science, the Attention Signal you just heard would have been followed by officious ranting, news of your impending doom, or instructions on how to surrender.

temujin9 serves the greater LiveJournal metropolitan area. This concludes this test of the Emergency Mad Science Broadcast System.

The hard drive on my laptop politely waited my paycheck came today, and then promptly (and audibly) ground to a halt. I could rush it to expensive technicians, but it almost certainly wouldn't be worth the cost; I've got backups, albeit badly out of date.

As a consolation prize, when I got the new hard drive in and reinstalled everything, I had Kubuntu and QEMU make Windows their bitch. When life gives you platter crashes, make platter-crash-aide!

Still, that's yet another source of stress I could have done without . . .

My laptop just suspended, because it ran out of power; it restarted from that just fine (a new thing, for Linux). When I logged back in, however, I found two things:

1) My SSH shell hadn't timed out, and was still working when I went back to it.
2) The ssh-agent, which keeps all my login keys secure, had locked itself.

Quite slick, OpenBSD. I may have to play around with you up close, instead of just appreciating your work through my SSH stacks. Pity that all the Debian/BSD ports are immature . . . but since the "apt" package system seems inspired by your "ports" system, perhaps that will not be such a loss.

On the gripping hand, there's the temptation of pioneering some Ubuntu/OpenBSD crossbreed with the hopes of finally breeding that elusive creature: the *nix Windows killer . . . (Edit: Okay, so Ubuntu/kFreeBSD would be a bit more likely to succeed . . . )