The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.
Of course they did. Assholes.
I’m with Joel Housman on this one. Obama’s campaign was so unbelievably full of shit that I regret ever having supported it. I thought I was voting against Bush-era principles, but I was foolish to believe that I was being presented with any real choice.
It’s a shame that the American people are so easily distracted by media fads and planted political non-stories to understand the real ways that our actual rights, our actual freedom, and our actual national security are being destroyed by our own government while the idiots are all kept busy arguing about which minorities they want to persecute next.
If an organized hacker ring sabotaged security standards and major tech infrastructure for years, compromising the security of hundreds of millions of people and many governments including our own (and potentially causing billions of dollars in damages when these exploits were found by others), and exploited any flaws they found or created to spy on millions of people in the world including our own citizens, what should they be charged with?
Mass criminal sabotage, cybercrime, cyberwarfare, and computer fraud? Obviously.
Terrorism? Maybe, but not quite.
At what point do the NSA’s actions qualify as treason?
I’ve been assuming that everyone heard about this yesterday, but it’s still news to many, so it’s good to yell about it. If you’re responsible for any servers or VPSes at all, and they run any of the affected versions of OpenSSL, you need to patch them ASAP. Many Linux distributions, including the very conservative Red Hat Enterprise Linux and CentOS 6.5, are affected.
This bug is particularly severe: it allows anyone to get your private SSL key and certificate by simply making malformed TLS requests. Effectively, this completely defeats the benefits of SSL.
Test your vulnerability with Heartbleeder. It’s pretty shocking how many services, including many hosted by cloud providers that manage this for them, are still vulnerable a day after most Linux distributions had patches available — part of the problem is that this will also affect any load-balancer or other hardware that decrypts SSL for you before proxying unencrypted traffic to your webservers.
After you’ve patched, since your private key may have been compromised, you should regenerate your SSL certificate from scratch. (Don’t just use the same key and CSR.) Most SSL issuers will allow you to reissue or re-key certificates for free.
Microsoft officially ended Windows XP support today, including security updates.
Despite advanced notice of the decision, the 13-year-old XP is still used on almost a third of all personal computers worldwide.
What could possibly go wrong?
Rosemayre Barry of London-based business, The Pet Chip Company, is one manager who is puzzled and more than a little annoyed that she has been faced with the XP dilemma.
“XP has been excellent,” she says. “I’m very put out. When you purchase a product you don’t expect it to be discontinued, especially when it’s one of [Microsoft’s] most used products.”
Microsoft has the best customers.
When Windows XP was released in 2001, I was 19 years old. I had just started my second year of college and was learning C, carrying a Palm Vx, and playing Max Payne on my brand new, self-built Windows PC with a 1.33 GHz Athlon, GeForce 3, and two of IBM’s notorious Deathstar drives in RAID-0 (which turned out as you’d expect). I was even still fruitlessly using Rogaine rather than accepting my hair’s fate (it was pretty bad even at 19), which was almost as stupid as having two Deathstars in RAID-0 with minimal backups. Weezer had only released one terrible album so far, while American Hi-Fi and Jimmy Eat World were brand new.
That was a long time ago. We’ve all moved on. Microsoft should be allowed to move on, too.
I don’t know how they can, though. I still see the even older Windows 2000 in widespread use, usually in government and big, boring businesses like banks and hospitals. (Windows 2000 was fantastic at the time, but to give you an idea of what that time was, the first computer I ran it on had approximately the same CPU power, and exactly the same amount of RAM, as the first iPhone.)
People just don’t care to upgrade. Windows XP still “works” for them, and the upgrades are different, which is bad. Can Microsoft really stop issuing security patches? I guess they have to at some point, but this is how botnets start.
While Tonx gets Blue Bottle’s sourcing and roasting, and the ability to do more online and in store, it’s surrendering control to do that. “We are going to work with them to make sure they maintain the profile of coffee we’ve worked on,” said Konecny, “but it will be a Blue Bottle sourced and roasted product.”
Presumably, there will now be a 25-minute line between you and each box of Tonx beans that arrives in your mailbox.
This article is a product of my years of research and anecdotal evidence I gathered in the hundreds of Genius Bar appointments I took during my time as a Genius and iOS technician, as well as testing on my personal devices and the devices of my friends. …
This is not one of those “Turn off every useful feature of iOS” posts that grinds my gears. My goal is to deliver practical steps to truly solve your iOS battery woes.
Great tips. The low-reception-areas tip is especially good — I learned that many years ago when we’d travel to very rural places in upstate New York.
Last time I flew cross-country, the two passengers next to me both left their iPhones in fully-on normal mode. I put mine in airplane mode.1 All three of us used our phones periodically during the flight. When we landed, their batteries were both nearly dead (which they loudly complained about for 20 minutes) and mine was still over 70% charged.
Now that so many flights have Wi-Fi, does it really make sense to name a feature “airplane mode” that turns off all radios? Even though you can turn on Wi-Fi and Bluetooth in airplane mode, as Scotty writes, most people don’t know that.
Maybe modern airplane modes should turn off only the cellular radio, leaving you to disable Wi-Fi and Bluetooth separately if you wish. The toggles are all right next to each other on most smartphones anyway. ↩
Great article by Florian Mueller about the challenges Apple faces in its “thermonuclear war” of patent lawsuits against Android OEMs, particularly Samsung.
I have had discussions on Twitter and email with Apple fans who find it hard to believe that Apple, after revolutionizing the market, can’t prevent companies like Google and Samsung from providing some of the same functionality. But Apple, like everyone else in this field of incremental innovations, is standing on the shoulders of giants. A smartphone or tablet is a mobile computer, but Apple does not own all computing technology. Apple achieved key breakthroughs for those product categories. … But Apple didn’t create all of this singlehandedly on a green field.
People often ask me, accusingly, why I criticize the patent system yet support Apple enforcing their patents offensively. The short answer is that I don’t. As you can see from these trials, the patent system really isn’t serving its purpose even for huge companies, let alone small businesses and individuals who can’t afford $40,000 to get a patent and millions more to enforce it.
The idea of the patent system is sold to gullible people as a necessary protector of small inventors — which is a nice fairy tale, and nothing more — and it reinforces the destructive but all-too-common fallacy that great ideas are rare, novel, unique, and immediately so valuable that simply having a great idea will suddenly cause somebody, somewhere, somehow to make you rich and you’ll never have any problems again.
We therefore value ideas above their execution, and that’s exactly how the patent system is designed, despite history showing that good execution is far more important and provides far more value to society in almost every instance regardless of who filed the first patent on the underlying idea. (Not to mention the value to society of a vibrant market of diverse, competing alternatives.)
Like most laws and policies that chiefly benefit lawyers and big business, our voters, lobbyists, and politicians will keep supporting the patent fairy tale indefinitely as the rest of us get taxed, shaken down, or bankrupted by its reality.
None of them are ever going to agree, within any of our lifetimes, that the dysfunction in the patent system is inherent to the entire concept of patents. Trolls, NPEs, and East Texas aren’t the problem — they’re just distractions. No “reform” will ever really fix patents because it’s just not possible to.
As for Apple and Samsung, while it probably isn’t legally possible to protect innovative UI — and that’s a net win for society — the best we can do is hold ourselves to high ethical standards. Samsung is institutionally and permanently tasteless, shameless, and crass to its core. They are, and always have been, professional rip-offs. If you want to support them, that’s on you.
Personally, while I don’t believe patents should legally protect this sort of thing (or anything), I value originality enough to vote with my publicly stated opinions and buying choices.
If we are about intimidating the free speech of others, we are no better than the anti-gay bullies who came before us.
His right to free speech entitles him to express any opinion he pleases.1 But it does not shield him from the personal and professional repercussions of what he says.
Our right to free speech entitles us to be vocally outraged, to encourage others to boycott Firefox,2 or to call for his firing. What Mozilla pressures or forces him to do as a result is solely their decision and their problem, and has nothing to do with anyone’s free speech — it’s a business decision.
So let’s knock that argument right out. This is not a free speech issue, period, and it’s incorrect, misleading, and naive to attempt to make it one. Such distortions are the fastest way to pervert and derail an argument, as we often see from our politicians, and I expect better from intelligent people like Andrew Sullivan.
Let’s move on to “political views”.
Suppose, rather than fund an anti-gay-marriage bill, Eich had instead funded a fringe bill that prohibited black people from getting married. Or suppose he said during a press conference that he believed women shouldn’t have the right to vote.
Would it be reasonable for the public to be outraged and call for his firing then?
Assuming your answer is yes (I don’t think I can really help you if it’s not), why is that different from funding an anti-gay-marriage bill?
Opponents of gay marriage (and other equal rights and anti-discrimination protections for LGBTQ people) consider their opposition a valid “political view”, appealing to the already completely wrong and extremely destructive idea that all opinions on an issue are equally valid and deserve equal time and representation in media and public discourse.
“Beliefs” and “views” deserve no inherent protection, validity, or value to the rest of society simply because they’re political or religious. They’re just opinions, and just as many opinions are worth considering and discussing, many others are offensive, crazy, ignorant, or bigoted.
A hundred years ago, saying that women shouldn’t be allowed to vote was a “political view”. Now, that would be a ridiculous and highly offensive opinion regardless of what any religion or political party said on the topic. Most discriminating “political views” of this sort eventually become widely recognized as unacceptable, barbaric bigotry with no place in civilized society — it’s just a matter of time.
As much as gay-rights opponents would like to believe otherwise, that time has come for their “political views”.
Unless they caused him to do something that is illegal, such as hiring discrimination. (There are many more exceptions and limitations to “free speech” that actual lawyers can tell you about.) ↩
People keep sending me this article and its derivatives, looking down on Keurig and other single-cup one-button brew systems that serve mediocre, stale coffee to people who don’t care about coffee quality to the ridiculous degree that “we” do.
While throwing away a little plastic cup for each brewed cup of coffee from these systems is indeed wasteful and should be an environmental concern, let’s not rush to judge.
We’re the ones who have made drip coffee, something that was cheap, easy, and available to everyone, everywhere, immediately for decades, into an ever fancier, more time-consuming, more expensive, and more exclusive obsession over gear and technique.
We’re the ones who keep creating, replacing, Kickstarting, and spending top dollar on ever-more-specialized equipment, even when it differs from established products only in arbitrary or purely decorative ways that have no discernable effect on the actual coffee (except maybe prolonging the process of making it).
We’re the ones who obsess over every little detail of brewing technique as if they matter much more than they really do, making good coffee ever more alienating and confusing to casual coffee drinkers who don’t have time to study and fuss over it as much as we do.
We certainly pay for it. Not only is our fancy coffee much more expensive than regular automatic drip at retail, but we also pay massively in our time, and we ask the public to do the same. That’s why specialty coffee shops often have a huge line: it takes much longer to make an individual pour-over cup than almost any other well-known method of making hot coffee except a siphon brew.
Our methods aren’t environmentally sound, either. We’re not throwing away a little plastic cartridge with each cup we brew, but we’re often throwing away big paper filters with each one. We’re almost certainly heating the water less efficiently, and often to a higher temperature, than any automatic brewer.
And then our fancy coffeeshops brew our fancy coffee into a disposable paper cup, usually wrapped in a disposable paper insulator, and topped with a disposable plastic lid — but not before many customers add sugar from a paper packet and stir it with a disposable stick of plastic or wood.
Maybe we’d get some of the Keurig fans to use our methods if we weren’t so pretentious, wasteful, expensive, and inaccessible ourselves.
Maybe we need to tone down our obsession on the hand-crafted, hand-made, artisanal, and ritual. Sorry, your coffee isn’t an artisanal ritual. Making great coffee is not inherently romantic, noble, or even difficult. There’s nothing wrong with using a $30 French press, a $25 plastic plunger, or a $35 cold-brew basin in the boring, simple, as-directed ways. Plenty of people don’t have burr grinders and are perfectly fine with the spinning-blade ones. Your kettle doesn’t even need to look like a beehive.
Our obsession with gear and “rituals” is only distracting them — and us — from the real problem: old, mediocre, or badly roasted beans.
We’ll only fix the real problem and get more people back to our side if we drop the pretention, ritualization, and gear obsession and recognize why so many people opt out of our fancy coffee methods and into Keurig’s.
To continue the ongoing blog conversations between Brent Simmons and me, I’d like to point out that the system he describes here is extremely similar to my open-source FCModel.
In response to some of the notes at the bottom:
FCModel supports primitive (non-object) properties for exactly the reason Brent describes: internally, it’s using setValue:forKey:.
FCModel supports custom serialization of any property via serializedDatabaseRepresentationOfValue:..., as documented in the header. (Too much of the documentation is still just in the header.) By default, like in FMDB, NSDate values are converted to/from Unix timestamps for storage. (I recognize that isn’t a perfect translation, but it’s a reasonable default.)
FCModel does use property introspection. See here: after opening the database and performing any needed schema migrations, FCModel reads all of the tables and object properties, does some basic checks, tracks things like default values and whether NULL is allowed, and warns if there’s anything weird in the schema.
If anyone’s curious about FCModel, I encourage you to read the brief README, FCModel.h, and maybe even FCModel.m if you want to see the inner workings. I’ve intentionally kept FCModel small, as a design goal, for this purpose. Core Data offers much more functionality but much more complexity and opaqueness — FCModel is for people who want the opposite, and would rather just write SELECT queries (and occasional bulk UPDATEs) in compact, readable SQL.
As an aside, I’m immensely proud of FCModel so far. It’s my most useful open-source contribution to date by far (in my opinion), we’ve gotten many great contributions, and a handful of people are already using it to build and ship apps. (I’m building Overcast with it, of course.)
By the authors of Threes, a truly excellent, Letterpress-quality iOS game that was quickly and brutally ripped off en masse.
Ripoffs are very hard to deal with, emotionally. I talked a lot about my battles with my own emotions over being ripped off in my XOXO talk last fall, but I still haven’t won those battles — it still bothers me how much The Magazine and especially Instapaper were shamelessly ripped off by their competitors.
I’d make something original, and as soon as I released it, it would be rebranded by the press and public as a generic category of apps such as mine. Read-later apps such as Instapaper. It frustrated me deeply, but it happens all the time. Remember how quickly the iPad became “tablets such as the iPad”, years before there was any real competition?
Once your product is perceived as a generic category and competitors start rushing in, the value of original innovation is lost. If you actually bother to create something original of value in a hot business, everyone will rip you off so quickly that you get very little advantage from it, with zero repercussions to the clones, because nobody cares except you.
And I was never ripped off as rapidly as Threes or any popular iOS game these days. The modern App Store game environment is brutal. The biggest, realistic solution to the problem would be for Apple to remove the Top charts from the App Store, but I think it’s clear at this point that Apple doesn’t care enough about encouraging quality software on the App Store to make such a move.
Even if the Top charts were gone, there would still be clones — it just wouldn’t be as profitable. I don’t think a good solution to this problem really exists, except to try not to care as much next time.
[Home-hosting] works fine because at the end of it all, this is here as a way of me learning things. It’s taught me more about virtual machines than I could have picked up from reading. It’s taught me how to configure Apache (well, I try!) and it’s taught me how to install Pelican as well as pick up some basic PHP skills to boot. And it’s cost me nothing except the electricity the host machine uses. But that’s on anyway because it’s where all my backups live, so there’s that.
I’m sure Marco meant to qualify his comment, and that he meant that people are doing it wrong if they’re running a business, or that they’re getting hundreds of thousands of hits a day.
Nope. I would have qualified it like that 10 years ago, and maybe even 5 years ago, although it’s less about daily pageviews and more about how much it matters to you if your site goes down for a few hours or days. I did run a home-hosted server for a while, and it was terrible — I always stressed out about my site being down whenever there was a power outage, ISP downtime, or a flaky hardware issue.
All of the learning benefits Oliver lists are identical to running a VPS. And when you can get a professionally hosted VPS for just $5 per month with most of the snapshotting and rollback conveniences of hosting it yourself, the argument for home-hosting even for tinkering and learning becomes pretty weak. That’s less expensive, in many places, than the electricity to host it in your house, and even less if you don’t actually use it for an entire month. And when writing to app developers, $5 per month is not a deal-breaking amount of money — that’s significantly less than the cost of listing an app in Apple’s store at all.
My fear is that people will read Marco’s comments and not try things out because they were told not to. I’ve nothing but respect for Marco - how many businesses have I built and sold? - but I do hope that his semi-elitest slant on things doesn’t stop someone from playing, someone from learning or someone from honing new skills because they can’t afford to get a host elsewhere. After all, VPSes etc can be daunting when starting out, too.
Calling my suggestions for app developers to use cheap VPSes “elitist” is baffling and completely off-base. And when did I tell people not to try things out? On the contrary, I’m encouraging developers to teach themselves Linux server administration because it’s easier than they think.
The easiest way to try it out isn’t to tell people to set up a home server (virtualized or not), find and download the right ISO for their distribution to run on it, install it, make the many decisions that the installer presents, figure out networking configuration, set up port forwarding… that’s too high of a barrier for many. That’s enough to make them say “Forget it, I’ll just run this on App Engine.”
It’s much more convincing, and much more productive to the goal of getting more people into this, to say, “You can start up a Linux VPS in five minutes by going here, paying a very small amount of money, and clicking three buttons.”
The quick and obvious answer is that this site should be on my own server. But it’s more complicated than that.
Read both links.
Brent has run servers before, but mostly in the Bad Old Days when running servers was a lot more finicky. (Also, while I know Brent knows this, to be perfectly clear to everyone else: if you’re running a public-facing server in your house, office, or anywhere except a datacenter, you’re doing it wrong. Start over.)1
Modern Linux running on modern VPS services is a whole new world. People running servers just 10 years ago couldn’t even dream of how easy we have it today.
To answer some of Brent’s questions:
Or I could could get a VM — say the $5/month plan from Digital Ocean. For a static site I’d just need Apache or Nginx and a hard drive for my files. Sounds simple, and a gentle way to dip my toes into running my own server.
But would that actually be fast enough to handle a Marco-spike?
Definitely. This is a static site, and I host it with a basic, non-“tuned” Apache configuration on a 2 GB Linode. I bet I could get away with less.
There’s a limit to how much Apache can serve off a VPS, but I haven’t found it. Earlier this month, I had a traffic spike that brought about 55,000 pageviews in 24 hours and the server didn’t even blink. My highest-traffic day ever on this VPS was 113,000 pageviews, and again, no issues at all.
In fact, I’ve never heard of anyone’s static site being legitimately overloaded. But that wasn’t Brent’s problem, because I remember noticing a slow page-load when I first loaded the page, before I retweeted it. Dreamhost runs hundreds or thousands of sites on each server, so it’s anyone’s guess what else may have been happening on Brent’s server at the time.
And what happens if — again — I’m asleep, on a plane, or otherwise away from my computer?
The cheapest play, and best for me in terms of learning new things (which is not nothing), is the VM.
But could I sleep?
Mostly. And that’s the same answer I’d give for being the sole person responsible for any web service hosted on any platform.
Things go wrong on every platform. But the higher-level and more abstracted it is, the less you can do when things go wrong (which really annoys your customers), and the more you rely on opening support tickets and hoping the people on the other end do their job properly. (In my experience, across all hosts I’ve ever used, that happens about 50% of the time.)
For people venturing into VPSes or dedicated servers, use a decent external monitoring service that can alert you when your site is down (I use Pingdom). See how often it actually happens — it’s much less than you may assume.
If the reality of occasional freak downtime becomes bothersome, buy your host’s lowest monitoring plan that includes some kind of proactive response (e.g. they’ll reboot the server if it stops responding to HTTP checks). Find the level of host interaction that works for you. Their staff can’t scale your site for you if you’re growing like crazy, but the causes of most outages are much more boring and can be fixed with a reboot.
13 years ago, for a few months, Marco.org was hosted on an old computer with a Rubbermaid tub for a case (I had all of the parts necessary to build a second computer except a case), secretly running headless in my friend’s bedroom closet in his parents’ house while we were away at college. I don’t have a picture of the completed system, but this is how it looked running in a cardboard box before I got the Rubbermaid. I was an idiot. (Bet you haven’t seen another Pentium II motherboard with ISA slots.) ↩
Ignoring the cloud or web services because they are out of your comfort zone is no longer an option.
But we need to sit down and have a talk about web hosting. Seeing well-meaning developers get burned, abandoned, or ripped off by unexpected changes, limitations, and costs in the cloud-service landscape is too painful for me to watch in silence.
The common wisdom, which Justin suggests, is to go directly to a highly abstracted, proprietary cloud service or a higher-level hosted back-end — the kind that are so high in the clouds that they call themselves “solutions”. But the “BaaS” landscape is still very unstable with frequent acquisitions and shutdowns likely, and hosting on VPS-plus-proprietary-services clouds like Amazon Web Services or higher-level services like Heroku or App Engine can get prohibitively expensive very quickly.1 Developers who build everything on these services by default would probably be shocked at how cheaply and easily they could run on dedicated servers or unmanaged VPSes.
Running your own servers really isn’t hard. Most developers reject the idea outright without even trying because it’s unfamiliar and intimidating. It’s considered an extreme, horrible, unfathomable situation that must be avoided at all costs, usually by people who have never tried it.
But that’s a fallacy. There’s a learning curve and necessary integration work for every back-end option, from iCloud and Dropbox to your own colocated servers. AWS, Azure, Heroku, App Engine, Parse, and similar services aren’t free, easy, or automatic. (Neither is “scaling” with them, regardless of what you’ve heard.) Hosted infrastructure is like sync: it has a minimum, unavoidable level of complexity to accommodate. You can’t just check a box or set a BOOL and have it all taken care of for you.
If you’re going to invest your time into learning any of these options, you might as well learn the timeless one that’s most likely to survive every acquisition, language, trend, and paradigm shift: basic Linux server administration.2
Wait! Don’t leave! Hang in there.
Modern Linux server administration is much easier than you think. If you can write a halfway decent app, you can manage a Linux VPS in your sleep.
You don’t need to compile kernels, build anything from source code, partition any disks, or deal with iptables in most cases. The defaults of good distributions and packages are almost always very secure. And once you set everything up, you can leave it running largely untouched indefinitely. You’ll probably never be woken up at 3 AM to reboot anything or delete log files.
Take the weekend to open a Linode account, create the cheapest instance ($20/month, billed hourly), and plow through initial setup of something substantial, like your own basic Ruby, Python, PHP, or Node app with a boring old database (MySQL or Postgres) and webserver (nginx or Apache) if necessary.3 If you mess up so badly that Google can’t help you, just delete or restore the instance and start over. Cheap VPSes have made it easier than ever to experiment and learn.
Want a scalable setup? Make three ($60/month). Two are your webservers and one is your database.4 Put a virtual load balancer in front of the two webservers ($20/month).5 At any time, you can then easily take either of the webservers down for a few minutes to upgrade to a higher-powered instance without taking the whole service down. If you get an influx of traffic one day, just clone a few more webservers behind the load balancer. After the load subsides, delete the ones you don’t need anymore.
Self-managed VPSes are the best option today for most developers hosting web apps. Good VPS services provide many of the benefits and easier scaling of higher-level services, like easy cloning, easy backups, fast upgrades and downgrades, and elimination of most tedious hardware management.
If you end up getting so big that you need more horsepower than VPSes can practically or affordably offer, you can switch from standard Linux VPSes to cheaper, faster dedicated or colocated servers very easily using most of the skills and tools you already have. You can even mix and match VPSes and dedicated servers at some hosts.
If any particular host starts going downhill or is no longer price-competitive, you can take all of your skills, tools, and infrastructure and move them to another host. Unlike proprietary cloud platforms, regular VPSes and servers are a competitive commodity market. Linode sucks? Try DigitalOcean, which offers effectively the same product at similar prices. Rackspace too expensive? Try SoftLayer or Limestone Networks. Simply avoid all hosts’ proprietary, hard-to-replace products and stick to their standard VPSes and servers, and your service and knowledge become portable and resilient.6
Tumblr taught me by necessity, especially in the early days when we had no staff and very little money, how to develop and host a high-traffic web service cheaply, easily, and sanely. I couldn’t let the servers require too much maintenance because server administration wasn’t my main job — we didn’t have a dedicated server administrator for the first few years, so I just had to set things up such that they didn’t need much administration.
In 2006, that was a rarely-needed specialty. Even when I launched Instapaper in 2008, hardly anyone making consumer apps needed those skills. But if I hadn’t learned them at Tumblr, Instapaper could never have grown independently, The Magazine wouldn’t exist, and Overcast would be much more limited.
Today, the ability to sanely and economically run a web back-end is a basic requirement for a lot more developers, and it’s only going to become more necessary in the future. Many apps are already expected to have sync, connectivity, and web features, and those expectations will only spread to more categories in the future. Refusing to embrace this shift will severely limit your apps and may cost you your business.
Start building those skills now.
“Cloud” is such a buzzword these days because cloud hosts, continuing the web-hosting tradition, have very fat margins, low barriers to entry, and high barriers for customers to leave.
Virtualized cloud services are web hosts’ dream: there’s much more opportunity for branding and hand-wavy products with ambiguous benefits and unverifiable claims, less focus on numbers that could be comparison-shopped (what, exactly, is “4 CPU”?), highly profitable usage of old hardware (often running an undifferentiated mix of hardware up to 5 years old or more), and more room for proprietary lock-in. And they can still price their services as if RAM was expensive: the biggest con in the history of web hosting. It’s high-profit wins all around. ↩
Linux distributions are an unfortunate oversupply of paralyzing choices. The easiest path is to learn one major distribution very well and use it everywhere. You want conservative, slow-moving, and very popular: that way, updates almost never break anything and it’s all very stable (conservative), you don’t need to re-learn the basics and tools constantly (slow-moving), and there are tons of Google results and tutorials for every question you’ll have (very popular). I chose CentOS in 2005 with no regrets: it’s basically a free version of Red Hat Enterprise Linux that exceptionally satisfies all three conditions. I’ve heard Debian is also a solid choice. Always deploy the latest official (stable) 64-bit release. ↩
Boring old is the key to server-administration happiness. Stick to the boring and the old, and you’ll rarely need to deal with anything. The lower down the stack, the more important that becomes.
This is why I still very happily use MySQL (InnoDB-only) instead of a trendier, newer database: it’s very fast when used properly, and I’ve never seen it crash, corrupt data, or perform irregularly. And I’ve run a lot of heavily-used MySQL servers. Not a single crash, ever. The only other heavily used server tool I can say that about is HAProxy. ↩
Don’t forget to schedule automatic database backups, since the host’s backups probably won’t be consistent for the database files. For MySQL, mysqldump is fine until your database gets huge, at which point you should consider xtrabackup.
My favorite option: make a replicating slave database server (another $20/month) whose sole responsibility is backups. Every day, have it shut down MySQL, tar-gz the entire /var/lib/mysql data directory with the binlog number and position in the filename, encrypt it, upload it to a S3 account dedicated to this purpose, and restart MySQL. This is by far the most reliable and fastest-to-recover MySQL backup method that I’ve ever used.
(Bonus points: between backups, every few minutes, rsync the binlogs somewhere. Then you have point-in-time, query-level recovery to any point up to a few minutes ago.) ↩
If a virtual load balancer isn’t available at your host or you don’t want to use one, just use a software one, like the excellent HAProxy, running on the cheapest VPS available. (They’re very low-needs.) ↩
I also maintain a giant shell script that configures everything I need on a clean install of CentOS. Once you’re comfortable with the basics, I suggest doing this, as it makes it easier to set up new servers or switch hosts.
Making such a script is much easier with VPSes, where you can start a new one, test it out, change it as needed, delete the instance, and try again on a clean one.
Ideally, your servers should be disposable and easily recreated. The only backups you should need are your source code (which should include any required server-setup scripts) and your database’s data. ↩
We got an amazing response from our huge baby stuff review last year. Adam is now almost 2 years old, and these are some of our favorite and most useful products that we recommend for toddlers and their parents.
Britax Pavilion car seat (newer version): We wish we switched to this earlier — we didn’t realize that we didn’t need to wait for our kid to outgrow the mediocre, frustrating Graco SnugRide infant seat. In practice, the convertible seat wasn’t very useful after about 6 months because carrying our kid in it became prohibitively heavy. The Britax Pavilion is a noticeable step up in quality — it’s very nicely padded, it’s easy to move between cars (much easier than removing the Graco bases), the straps hardly ever get tangled in use, and it adjusts to child growth without needing to be taken apart. The “Click and Safe” ratchet on the main tightness strap is very nice, too.
OXO Tot plate and silverware set, divided plate, and bowl set: All of these are great. The fork and spoon are very easy for the kid to hold, with thick, rubberized handles and intuitive curves. The fork is almost spoon-shaped, but it still has useful enough tines to pick up food. All of the plates and bowls have rubbery bottoms to prevent sliding, so they stay in place on high-chair tables until your kid learns to pick them up. The curved lip on the plates is nice for certain foods, but it’s detachable for when it’s not needed. The bowl lids snap tightly for transporting snacks in diaper bags or storing leftovers in the fridge. All of this stuff is dishwasher-safe, and also easy to clean by hand.
OXO screw-top snack cup: Great for Cheerios or the overly natural Cheerio alternative that we buy at Whole Foods (of course). Kids can reach in and grab a handful, but they can’t easily spill the whole cup — at worst, they lose a handful at a time. We previously used the Munchkin snack catchers, which we loved until our son figured out how to remove the friction-fit lids. He hasn’t figured out the Oxo screw-on lid yet, and the Oxo also has a nice sealed lid to attach when you want to bring this in a diaper bag or stroller pack.
Green Sprouts Eva plastic bibs: These are much easier to clean than cloth bibs once your toddler starts using silverware unassisted. Compared to fancier rigid plastic bibs, these are flexible, foldable, easily packed, and nearly weightless. You don’t need many — we’ve been fine with just one 5-pack for over a year without wearing any out yet. Pro tip: Turn the pocket inside-out. This makes the pocket stay open wider, so it catches more food.
Planet Wise and Itzy Ritzy small/large wet/dry bags: A washable, reusable alternative to using a million plastic bags. We’ve used ours for transporting snacks, diapers, and wet or dirty clothes inside bigger bags to keep them separate. The lining is waterproof, but the zippers aren’t — moisture won’t soak through the bag, but they will leak if you spill a drink inside and turn it over.
Petunia Picklebottom Weekender diaper bag: We wanted a larger diaper bag when our toddler started needing more clothes changes, snacks, and toy diversions, and stopped breastfeeding. Tiff wanted “a girly bag that looked less like I was just lugging baby stuff all the time”. This one is very useful, has tons of pockets, and is very spacious — it opens very widely, and some sections expand, so you can see the entire interior when packing, and you can always find what you need without much digging. It’s also still fashionable enough that it’s not just a “diaper bag” — it’s just a really nice bag, and it will be useful long after we stop needing it for this role. Go see one in a store if you can. Some of them have a “wipeable exterior”, but ours doesn’t, and it hasn’t been a problem.
Fisher Price Music Parade ride-on car: This thing looks so cheesy, we didn’t think he’d like it. But he loves it. He pulls it all around the house and has been consistently amused by it for almost a year so far. He can push, pull, or ride on it. The seat opens and can store stuff. There’s lots of buttons that play music and sounds. It’s a 1-year-old’s paradise. This might be his favorite toy.
Melissa and Doug cardboard blocks (or a bigger set): You’ve probably seen these in every preschool (including your own). We got our set at a yard sale for $2, thinking it was a risky purchase that our son might not like. The moment we brought them home, he was hooked and started instinctively building towers. They’re exactly how you remember: strong, light, harmless, and cheap (even if you pay more than yard-sale prices).
Radio Flyer Walker Wagon: We got this to help our kid learn to walk. It’s very sturdy and worked well for its purpose: since the wheels don’t swivel, it only goes straight, making it easier to keep control. Now, over a year later, he still plays with it, sits in it, and pulls it around. And whenever other kids come over, they all want to play with it, too. The sides are easily removed, as they’re only held in by gravity, so it’s very versatile.
Step2 Whisper Ride push car: A fun alternative to a stroller for short walks: up and down the driveway, or at most, around the block. The handle folds down for easy transportation. The adult and kid each get a cup holder, and the kid loves opening the hood and putting stuff inside. And as he turns the wheel and squeaks the horn, he might feel like he’s driving — whatever he thinks, he sure likes it.
Uppababy G-Lite portable stroller: Extremely lightweight collapsible stroller. We got it as a more portable alternative to our big Bugaboo, but most umbrella strollers didn’t feel sturdy enough, and we’re very happy with this choice. It collapses very small (although long), and it’s easy and quick to open, yet it has most of the nice features of other large strollers, including a full sun-shade, a mesh carrying basket underneath, and a cup holder. In its folded position, it can stand upright, which is convenient when unpacking it. It’s very maneuverable, and with the attached carrying strap, you can carry it on your back if you need to. Its many well-thought-out functions and its light, sturdy construction made this stand out from other similar models. We also got the optional case to keep our car trunks clean when the stroller wheels get dirty, and it’s nice and very functional.
“i play” plastic summer shoes: These look like Crocs, but more stylish and with a full back. (We tried baby Crocs, too, but our son was able to walk in these more easily.) Socks are optional: they can be used like regular sneakers or water shoes. These were great all summer, as he loved playing with the hose in the front yard, and always found every puddle available for stomping while walking. We plan to get another pair this summer. We also recommend the Crocs rain boots for springtime puddle-stomping: they have no seams so water can’t get in, they’re very easy to put on, and the sole isn’t too thick so they’re easy for toddlers to walk in.
Zoli BOT sippy cup: When they’re clean and fully sealed, these are the best sippy cups we’ve found. We’ve had a few of these (and many others), and unlike others, these have never broken or snapped open when they’ve been thrown or dropped. The clever weighted-end straw is also great: liquid comes up through the straw at nearly any orientation that the cup’s being held in. And the straw’s valve-like tip won’t leak when tipped over. But it’s not perfect: the straws are hard to clean and eventually need to be expensively replaced, it’s very unforgiving if the lid’s not screwed on perfectly straight, and there’s a weird issue with fluid dynamics: if there’s a large temperature difference between the liquid and the surrounding air, the pressure change as the temperatures equalize often forces some of the liquid out of the straw in a slow leak. So they’re imperfect, but they’re the best we’ve found in an otherwise miserable category.
JJ Cole Urban Bundleme: Effectively, a sleeping bag for strollers so you can walk in cold weather and your kid stays warm. It’s much easier than wrapping a blanket around your kid and hoping it stays in place, doesn’t get kicked off, and doesn’t drag on the ground or get caught in the wheels. The Bundleme has slits in the back for passing the straps through, which keep everyone and everything securely in place, and it can completely unzip for easy removal of accumulated lint and Cheerios at the bottom. (It even unzips entirely if you want to only use the back half.) The outside is water-resistant and there’s a little pocket on the side. We chose the Toddler size, which also fits our friend’s 6-month-old perfectly well, so it’s probably worth skipping the Infant size.
Safety 1st pinch/door-slam preventer: We don’t know if all kids love closing doors, but ours sure does. These are surprisingly good: they can go on either the outside or inside of the door to protect against slams or hinge-pinches, they’re small and subtle, and they hang nicely on the doorknob when not in use.
Skip Hop big animal bath towels: Bigger and better than most baby or toddler towels. Our kid quickly outgrew most others, but these still wrap completely around him. The hood is both adorable and convenient for alignment and hair-drying. They dry quickly, and they’ve held together through almost two years of heavy use so far — they haven’t faded at all, and not a single animal piece has fallen off in the wash. The included washcloth-mitts are just as good, too.
Aden + Anais big washcloths: Big, thick bath washcloths that hold a lot of water. They’re much softer than terrycloth (great for face-washing), and they’ve proven extremely durable. Highly recommended.
Pampers Cruisers diapers: We’ve tried most diaper types (including a brief cloth attempt), and these have always worked best for us. They’re soft, they fit well without much bulk, and they hardly ever leak (as long as you don’t forget to pull out the leg ruffles). The Extra Protection overnights are especially great, too. Our strategy for sizing is simple and has served us extremely well: if there’s ever a leak, especially at night, we go up to the next size.
North States “Superyard” (jail): This wooden jail is great-looking, heavy, sturdy, and secure. We always get compliments on it. The wood is high-quality and hasn’t chipped or cracked at all, and it was extremely well-packaged on arrival. Our kid was able to climb out of his crib at its lowest setting, but still can’t climb out of this because there aren’t any horizontal foot supports: it’s all smooth vertical bars. (He also just likes being in it, so he doesn’t usually try.) The door is a great feature, although you’ll need a toy-clip rope if you want to hold it open. It’s not portable, and is for semi-permanent setups: it’s heavy and doesn’t collapse easily. (This plastic one is portable and lightweight, but not nearly as good. Suitable for leaving at grandparents’ houses.) And we recommend the 2-panel extension: it gives much more room inside.
Once again, if you have any questions about what we liked and didn’t like about these or any other baby or toddler products, you can email Tiff and she’ll be happy to help.