Recently Reading

Posted on by lhl

I’ve long been a fan of Andrew Leonard’s blog (my favorite on Salon by far) but lately I’ve been especially enjoying his posts (it’s a shame there isn’t a public feed reader that really takes into account the ebb and flow of post-level reading patterns), which have focused on the economic meltdown. Here’s a list for example of the posts I particularly dug from this past week:

And that’s just the standouts since last Wednesday.

For those of you who have even a passing interest in the economipocalypse, PBS’s Business Desk w/ Paul Solman has also been quite interesting. Here’s a great piece on how the collapse has affected trade (via):

Currently Diggin’

Posted on by lhl

It’s been a while, but while I’ve been busy, I’ve also been enjoying a steady stream of great new (to me) music. Thought I’d share a couple tracks.

Also, while I haven’t really dug the new album as much, I thought it’d be fitting, to put up a Telefon Tel Aviv track w/ Charles Cooper’s (half of the duo) untimely death. Here’s one of my favorite tracks from their 2004 release, Map of What Is Effortless:

Infrastructure for Modern Web Sites

Posted on by lhl

One of the things that I did when I wrapping up at Yahoo! was to begin to take a look at the current state of web frameworks. I ended up picking Django, but I have to say, I was disappointed with the state of what’s out there. Friends will have heard me bemoaning this sad state of affairs – that while Rails and Django might make CRUD easier, that the ORMs weren’t suitable for scaling beyond “toy” sizes, and that more importantly, they didn’t seem to address almost any of the pain points of building and maintaining a modern website.

A couple recent posts, most notably Krow’s Scaling, Systems Required list, but also Tom Kleinpeter’s post asking Where Are the AB Testing Frameworks? reminded me that I had made my own list. I was originally going to start working on these, but since I’ve now been side-tracked by a few projects, I thought I’d put it out there before it gets too completely irrelevant.

I’ve split this into two sections. The first I call “below the line,” which are more system level (some things straddle the line):

  • API Metering
  • Backups & Snapshots
  • Counters
  • Cloud/Cluster Management Tools
    • Instrumentation/Monitoring (Ganglia, Nagios)
    • Failover
    • Node addition/removal and hashing
    • Autoscaling for cloud resources
  • CSRF/XSS Protection
  • Data Retention/Archival
  • Deployment Tools
    • Multiple Devs, Staging, Prod
    • Data model upgrades
    • Rolling deployments
    • Multiple versions (selective beta)
    • Bucket Testing
    • Rollbacks
    • CDN Management
  • Distributed File Storage
  • Distributed Log storage, analysis
  • Graphing
  • HTTP Caching
  • Input/Output Filtering
  • Memory Caching
  • Non-relational Key Stores
  • Rate Limiting
  • Relational Storage
  • Queues
  • Rate Limiting
  • Real-time messaging (XMPP)
  • Search
    • Ranging
    • Geo
  • Sharding
  • Smart Caching
    • dirty-table management

The second section, which I call “above the line” are common application level components that typically depend on one or more of the components above. There are of course a huge list of features for any component, but I’ve highlighted some that either aren’t commonly implemented or are particularly important:

  • AuthX (AuthN + AuthZ)
    • Capabilities
    • Multifactor Auth
    • Rate Limiting
    • Signup
    • OpenID
    • OAuth
    • External import
  • Groups
  • Invites
  • Lists
  • Notifications
    • Spam filtering
    • Multi-protocol routing
    • Fine-grained controls/rules
  • Presence
  • Social Activity Log (Newsfeed)
    • Filtering
  • Social Model
    • Connectivity (uni/bidi)
    • Privacy (private, reciprocal, public)
    • Views
    • Traversal
  • Social Object
    • Privacy, Social Scoping
    • Voting
    • Sharing
    • Publishing
    • Comments
    • Favoriting
    • Social editing
    • Permissions
  • Tagging
    • Combinations
    • Relatedness
  • User
    • Achievements/Awards
    • Activity Log
    • External User ID Mapping
    • Permissions (see AuthX)
    • Deletion/Archival
    • Flagging
    • Direct Messaging
    • User Cards

This list is by no means complete, but maybe a good starting point. I’d be interested to hear what other people have had to build/would most miss if they had to start anew.

(What seems the biggest shame to me is that everyone is currently rebuilding this stuff over and over again and rationalizing it as some sort of secret sauce competitive advantage when it’s really infrastructure – stuff that really should be standardized so you can actually get around to doing the new and interesting stuff.)

Update: For those of you who feel the urge to comment about not needing this functionality: if existing frameworks work for you, that’s great. Also, if you’re not building a site that provides a service to users and have or are planning on being able to grow it, then you’ve likely not faced these pain points. Feel free to move along.

Now, I would like to hear from others working on similar problems, although I understand that most of those people remain under the corporate veil where this sort of information remains “competitive advantage.” Hopefully putting this list out there helps people realize that everyone’s building the same stuff over and over again (to varying levels of quality).

On Application Development

Posted on by lhl

The other day, Jeff Atwood posted a piece entitled A Scripter at Heart that distinguished programming vs scripting. Simon Willison had a strong (negative) reaction to that, and proposed distinguishing by the term “dynamic languages”. Yesterday Matt Biddulph posted a bit about some of his experiences as a web developer working with Objective-C and the iPhone (some more discussion), and since I’ve been doing something similar this month, I thought I’d throw in my 2-cents (my experience so far has differed from Matt’s), since it also relates to how I veiw the divide of two very different types of programming (systems vs application?).

To preface, like Matt, my background is also primarily as a web developer, although not exclusively – I’ve written my share of Lingo, Java Applets, OpenGL, Shake scripting, Max/MSP and Processing and other stuff. These days I hang my “expertise” hat on web architecture and systems, but I’ve done a fair amount of just about everything on the web side of things including some lower level things like working on Apache modules.

This isn’t to brag (you’ll note no accomplishments of merit mentioned above :), but simply to give some context of where I’m coming from. Learning Cocoa has been interesting. Of course, first and foremost, there’s the unique feeling of being a newbie again – that awful confusion, but also the excitement and then that somewhat retroactively forgetful feeling of incomprehension at not understanding how something works…

This learning phase may have maybe been more painful that it could or should have been. “Learning Cocoa” encompasses, not just a language (Objective-C) tied intimately to multiple very large sets of libraries (collectively Cocoa, but also CoreFoundation, AppKit, and in my case Quartz, Core Image and CoreAnimation as well as an inscrutable third party API), but also XCode and Interface Builder, each with a myriad number of settings, plists, etc.

While I think that a further discussion of the total lack of context and the bits and pieces of documentation/tutorials that did help me get my bearings may be the topic of another post, I did want to mention that the Apple Developer Documentation did not help me as I would have hoped in terms of orientating myself.

Some more observations:

  • It’s sort amazing how much more work seems to go into accomplishing very little, and how your ambitions scale along with that. I’ve spent more time working on looping some animations and making sure it doesn’t leak memory for example than say the Event SRP, or heck, the entire offline-task system on MyBO. Maybe it’s just my experience so far (biased say with spending a solid week fighting a certain third party SDK while learning the fundamentals), but I can see now why desktop apps haven’t seem to evolved as quickly as web services have. There’s just a lot of slog involved.
  • Note: PyObjc doesn’t make things easier – it’s just … hideous
  • Although… it would avoid Objective-C 2.0’s ridiculous memory handling – there’s garbage collection on the RunLoop, but only in some cases (for explicitly init’d, alloc’d and retain’d objects) but the AutoRelease doesn’t happen in threads, which by the way NSTimer launches, so make some subpools, but be sure not to over-CFRelease lest you cause an ecxeption (and crash) down the line, but good luck w/ MallocDebug if you missed anything and need to track it down… Don’t I have better things to do with my brain cells?
  • Casting through contexts is just out of control. NSImage, CGImage, and CIImage? Really?
  • Get used to writing at least 10 LoC to do what seemingly should be a single easy action (or declaring something in at least two if not more files and sections). Coming from scripting languages, the amount of boiler plate is mind boggling
  • Also, as someone used to CPAN, PEAR, and PyPI, it’s also been interesting discovering how spoiled by the ease of third party libraries and how much less common and more effort it takes. Maybe I just haven’t gotten quite that far yet…
As a web developer, I’ve often complained about the crudity and lack of development and debugging tools, but having dipped my toe on the flip, I guess it’s tough all around. Application development seems to be dense, convoluted and, well, sometimes just plain masochistic.
It’s also interesting that for as many (and there are many) calls there are in the standard Frameworks, how equivalently difficult it seems to be to do anything that you *want* to do (this will be another near-future post where I talk at length about the current state of web “frameworks”).
But, who knows, maybe in a few months I’ll at this post and shake my head and wonder how I could ever be so confused.

Macro 101? Financial Stimulus Within A Credit Economy

Posted on by lhl

While I’m not the biggest fan of the Fed (and their infinite money printing machine), Brad DeLong’s description of monetary circulation is a clear and simple rebuttal for anyone who might be nodding along to John Cochrane‘s recent paper, Fiscal Stimulus, Fiscal Inflation, or Fiscal Fallacies?

Actually, Brad DeLong’s post is worth reading if you have any interest in why stimulus works. To sum up, Cochrane argues that stimulus creates public debt that offsets private spending, but DeLong describes exactly how this flow will create the same amount of debt, but gets people that would otherwise be sitting around doing nothing to do something (the definition of recession basically being underutilized capacity).

What surprised me this morning was reading Krugman’s followup this morning. Not that he agrees with DeLong, but rather I hadn’t known that Eugene Fama (yes, the Fama-French Fama) apparently also voiced the same thoughts as Cochrane did.

Now, I’m not a business genius, so it puzzles me how Fama and Cochrane can believe what they’re saying when it’s so obviously (and easily proven) wrong, even to a layperson like myself (and even without Krugman’s mathy deconstruction).

Recently Reading

Posted on by lhl

The middle of last year was pretty much completely dominated by politics for me. Memeorandum replaced Techmeme as my starting page, and TPM and FiveThirtyEight were at the top of my reading list. Since then, my attention has started floating back. Here are some of my recent faves (blogs that have been intersecting well with some of my current interests):

  • aaronland – for whatever reason (having more spare time? 🙂 I noticed myself reading more of Aaron’s excellent (and lengthy) essays this year. (geo, maps, photos)
  • tecznotes – another one of the blogs that I’ve been following for a while that I’ve been digging a lot more – probably also has to do w/ being able to get back into doing cool stuff. Mike’s everyoneiknowisdoingawesomeshit tag seems apt to mention here (visualization, maps)
  • Duke Listens! – there are a couple music technology blogs I’ve been following, but this one, by Sun researcher Paul Lamere I think has been the most consistently interesting (music, recommendations)
  • SmugBlog: Don MacAskill – I’ve spent more than my share of time the past couple years thinking about scaling, and it was nice to find a blog/community of people talking about some of the nuts and bolts (mysql, hardware, scaling)
  • Perspectives – James Hamilton (AWS) has also been publishing some great stuff along those lines, mostly around data center efficiency (data center, hardware, scaling)

I also now have a pretty reliable stream of AV stimulation through my Vimeo channels and groups. Not that there’s any shortage of interesting things – it always amazes me when people talk about being bored online – attention continues to be what’s in short supply for me, even now being able to set my own schedule.

I’ve been cranking away for the past few weeks on a new project, but hopefully I’ll have a chance this week to catch up w/ some posts, including some of the stuff I’ve been working on.

New NSA Surveillance Revelations

Posted on by lhl

New information on targets for domestic surveillance on tonight’s Countdown with Keith Olbermann:

Visit msnbc.com for Breaking News, World News, and News about the Economy

Interestingly, so far, Google News is showing only 3 stories following up on this, which is surprisingly since the implications… are disturbing to say the least.

From Russell Tice’s Wikipedia entry:

In a press release issued by the National Security Whistleblowers Coalition on December 22, 2005, Tice explained the public aspect of his charges, stating that:

“As a Signals Intelligence (SIGINT) officer it is continually drilled into us that the very first law chiseled in the SIGINT equivalent of the Ten Commandments (USSID-18) is that Thou shall not spy on American persons without a court order from FISA. This law is continually drilled into each NSA intelligence officer throughout his or her career. The very people that lead the National Security Agency have violated this holy edict of SIGINT.”

In a letter dated January 10, 2006, Renee Seymour, Director of the NSA Special Access Programs Central Office, warned Tice that members of neither the House Permanent Select Committee on Intelligence, nor of the Senate Select Committee on Intelligence had clearance to receive the classified information about the SAP’s that Tice was prepared to provide.

On February 14, 2006, UPI reports Tice testified to the House Government Reform Subcommittee on National Security, Emerging Threats and International Relations that the Special Access Program might have violated millions of Americans’ Constitutional rights, but that neither the committee members nor the NSA inspector general had clearance to review the program.

There’s some more background at SourceWatch. I’ve got to simultaneously admire Tice’s patriotism and bravery, and also, well, hope for the best for him. Heck, I wonder if he’s been able to get another job since? Also, just thinking about the ramifications of how he, or really any citizen’s communications being completely monitored… just reflecting on that sort of information asymmetry is corrosive to any idea of how a democracy could function.

The Ground Shifting

Posted on by lhl

A powerful speech, well delivered. Too many too pick out just one.. well, OK, here’s one:

Our Founding Fathers, faced with perils we can scarcely imagine, drafted a charter to assure the rule of law and the rights of man, a charter expanded by the blood of generations. Those ideals still light the world, and we will not give them up for expedience’s sake.

The full transcript w/ video (single page).