chitchcock

Stevey's Google Platforms Rant

I was at Amazon for about six and a half years, and now I've been at Google for that long. One thing that struck me immediately about the two companies -- an impression that has been reinforced almost daily -- is that Amazon does everything wrong, and Google does everything right. Sure, it's a sweeping generalization, but a surprisingly accurate one. It's pretty crazy. There are probably a hundred or even two hundred different ways you can compare the two companies, and Google is superior in all but three of them, if I recall correctly. I actually did a spreadsheet at one point but Legal wouldn't let me show it to anyone, even though recruiting loved it.

I mean, just to give you a very brief taste: Amazon's recruiting process is fundamentally flawed by having teams hire for themselves, so their hiring bar is incredibly inconsistent across teams, despite various efforts they've made to level it out. And their operations are a mess; they don't real

jclulow

So, to get something like /etc/rc.local you can use the custom SMF import facility. (See the source for more information about how this actually works.)

/opt is mounted out of zones/opt by default. You can create a directory /opt/custom/smf and populate it with SMF manifests. Any manifests you put in there will be imported by SmartOS when it boots. Below is an example SMF manifest that simply starts /opt/custom/bin/postboot, a self-explanatory shell script that you can use like /etc/rc.local.

Note that it would likely be better to customise and respin your own images, as putting a bunch of platform state in the zones pool undoes some of the benefits of the ramdisk platform architecture that SmartOS has.

jboner

Latency Comparison Numbers (~2012)
----------------------------------
L1 cache reference                           0.5 ns
Branch mispredict                            5   ns
L2 cache reference                           7   ns                      14x L1 cache
Mutex lock/unlock                           25   ns
Main memory reference                      100   ns                      20x L2 cache, 200x L1 cache
Compress 1K bytes with Zippy             3,000   ns        3 us
Send 1K bytes over 1 Gbps network       10,000   ns       10 us
Read 4K randomly from SSD*             150,000   ns      150 us          ~1GB/sec SSD

rnapier

#!/usr/bin/python

# fix-xcode
# 	Rob Napier <robnapier@gmail.com>

# Script to link in all your old SDKs every time you upgrade Xcode
# Create a directory called /SDKs (or modify source_path).
# Under it, put all the platform directories:
# 	MacOSX.platform          iPhoneOS.platform        iPhoneSimulator.platform
# Under those, store the SDKs:

angel333

Installing and configuring dwm on OS X (tested on Mountain Lion, Mavericks)

1. Install XQuartz.

2. Install dwm using Homebrew (or whatever):

   brew install dwm
   

3. Create a xinitrc.d script for dwm:

mattconnolly

# zonecfg -z <uuid>
zonecfg:uuid> add attr 
zonecfg:uuid:attr> set name=resolvers
zonecfg:uuid:attr> set type=string
zonecfg:uuid:attr> set value=8.8.8.8,8.8.4.4
zonecfg:uuid:attr> end
zonecfg:uuid> verify
zonecfg:uuid> commit
zonecfg:uuid> exit
# vmadm reboot <uuid>

CodesInChaos

While visiting 30c3, I attended the You-broke-the-Internet workshop on NaCl.

One thing mentioned in the talk was that auditing crypto code is a lot of work, and that this is one of the reasons why Ed25519 isn't included in NaCl yet (they promised a version including it for 2014). The speakers mentioned a bug in the amd64 assembly implementation of Ed25519 as an example of a bug that can only be found by auditing, not by randomized tests. This bug is caused by a carry being added in the wrong place, but since that carry is usually zero, the bug is hard to fint (occurs with probability 2^{-60} or so).

The TweetNaCl paper briefly mentions this bug as well:

Partial audits have revealed a bug in this software (r1 += 0 + carry should be r2 += 0 + carry in amd64-64-24k) that would not be caught by random tests; this illustrates the importance of audits.

grugq

Operational PGP

This is a guide on how to email securely.

There are many guides on how to install and use PGP to encrypt email. This is not one of them. This is a guide on secure communication using email with PGP encryption. If you are not familiar with PGP, please read another guide first. If you are comfortable using PGP to encrypt and decrypt emails, this guide will raise your security to the next level.

joepie91

Don't use VPN services.

No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.

• A Russian translation of this article can be found here, contributed by Timur Demin.
• A Turkish translation can be found here, contributed by agyild.
• There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.

rys

# this assumes WAN is eth0 and LAN is switch0. Please adjust for your own setup

configure

# Tunnel first
edit interfaces tunnel tun0
set encapsulation sit
set local-ip xxx.xxx.xxx.xxx # your WAN IP
set remote-ip xxx.xxx.xxx.xxx # HE.net Server IPv4 Address
set address xxxx:xxxx:xxxx:xxxx::2/64 # Client IPv6 Address