Wednesday, May 28, 2014

Texas Armchair Geology Research -- Lunatia Pedernalis



I have the privilege of living on a couple of acres of a beautiful limestone canyon just outside of Austin, Texas (the very canyon you see in the banner across the top of my blog and G+ page).  My wife, Kim, and I built a trail down to the very bottom of the canyon, where there's a serene little creek.  I try to take a daily walk down the canyon, to appreciate its beauty and get a breath of fresh air.

A few months ago, on one such walk, I stumbled across an unmistakable fossil, just barely poking through the very thin layer of top soil, and a little bigger than a tennis ball.


 I collected it, admired it a bit, and set it in a terrarium of air plants (Tillandsia) that graces our kitchen counter.


It has made for a nice conversation piece, though I knew very little about it until very recently.


Just yesterday, my and wife and daughters took another walk down the canyon, and while I was chasing my oldest around, I noticed another fossil jutting up above some recently exposed soil!


I found this one several hundred meters away from the first.  I can't help but wonder how many more there are littered about the canyon...


Last night, I became curious about their age and origin.  I looked around at Google images of "snail fossils Austin Texas", and spotted a few familiar lookers.


From there, I was able to chase down a likely species name -- Lunatia pedernalis, a type of moon snail  (Naticidae).
Lunatia is a genus of predatory sea snailsmarine gastropod mollusks in the family Naticidae, the moon snails.

Predatory!  That sounds awesome.  Unless you're the prey.  These salt water snails dig through sand, to find clams, drill a hole through the clam's shell, and suck the meat out of it.  Wow!  Circle of life, indeed.

Evidence of northern moon snail predation is usually much easier to find than the snails themselves:The powerful foot enables this gastropod to plow under the sand in search of other mollusks. Upon finding one, it "drills" a hole into the shell with its radula, releases digestive enzymes, and sucks out the somewhat predigested contents.[5]When empty shells of clams and snails, including other moon snails, are seen to have a neat "countersunk" hole drilled in them, this is evidence of predation by a moon snail.


I also wondered how old a fossil like this might be.  I stumbled across this 133 page gem of a PDF, Texas Fossils An Amateur Collectors Handbook, (first published in 1960, I just added it to my Kindle, and then actually ordered a print copy).  Page 62 has a couple of familiar looking images, specifically of Lunatia and perhaps Tylostoma for the second fossil.


What I found most interesting there was the classification of Createous Gastropod.  Placing these in the Createous period puts these fossils between 145 million - 66 million years old!  Holy smokes!

I found a bit more information in the 1947 publication, Studies of Some Comanche Pelecypods and Gastropods.  It specifically talks about a slightly different species, Lunatia Praegrandis, as being more prevalent in the Glen Rose Formation.


Looking a bit more into the Austin hill country's geologic history, it seems that at least some of our limestone is part of the Glen Rose Formation.
The Glen Rose Formation is a shallow marine to shoreline geological formation from the lower Cretaceous period exposed over a large area from South Central to North Central Texas. The formation is most widely known for the dinosaur footprints and trackways found in the Dinosaur Valley State Park near the town of Glen Rose, Texas, southwest of Fort Worth and at other localities in Central Texas.
If these fossils are indeed part of the Glen Rose Formation, then they're likely 115 million to 105 million years old.

And it was a about that time that I stumbled on this article from Excerpts from Jim Conrad's Naturalist Newsletter, about a Lunatia fossil snail.  And it more or less confirms what I found.  Createous, Glen Rose formation, mean gastropod that eats other mollusks.  113 million to 108 million years old.  His fossil looks like this:


Finally, while I'm rather partial to my fossils, it seems you can own your piece of 100 million year old Texas for a mere $8 on eBay.

:-Dustin

Monday, May 26, 2014

Influx by Daniel Suarez

An old friend of mine finally got around to reading Daemon, years after I sent him the recommendation, and that reminded me to dust off this post I've had in my drafts folder for 6 months.
On a whim in September 2008, I blogged a review of perhaps the best techno-thriller I had read in almost a decade -- Daemon, by Leinad Zeraus.

I had no idea that innocuous little blog post would result in a friendship with the author, Daniel Suarez, himself.  Daniel, and his publicist, Michelle, would send me an early preview print of the sequel to Daemon, Freedom™, as well as his next two books, Kill Decision and Influx over the subsequent 6 years.

I read Influx in December 2013, a couple of months before its official release, on a very long flight to Helsinki, Finland.

Predictably, I thoroughly enjoyed it as much as each of Daniel's previous 3 books.  One particular story arch pays an overt homage to one of my favorite books of all time -- Alexandre Dumas' Count of Monte Cristo.  Influx succeeded in generating even more tension, for me.  While it's natural for me to know, intuitively, the line between science and fiction for the artificial intelligence, robotics, and computer technology pervasive in DaemonFreedom™, and Kill Decision, Influx is in a different category entirely.  There's an active, working element of new found thrills and subconscious tension not found in the others, built on the biotechnology and particle physics where I have no expertise whatsoever.  I found myself constantly asking, "Whoa shit man -- how much of that is real?!?"  All in all, it makes for another fantastic techno-thriller.

After 5+ years of email correspondence, I actually had the good fortune to meet Daniel in person in Austin during SxSW.  My friend, Josh (who was the person that originally game me my first copy of Daemon back in 2008), and I had drinks and dinner with Daniel and his wife.

It was fun to learn that Daniel is actually quite a fan of Ubuntu (which made a brief cameo on the main character's computer in Kill Decision).  Actually, Daniel shared the fact the he wrote the majority of Influx on a laptop running Ubuntu!


Cheers,
Dustin

Tuesday, May 13, 2014

The Orange Box: Cloud for the Free Man

It was September of 2009.  I answered a couple of gimme trivia questions and dropped my business card into a hat at a Linux conference in Portland, Oregon.  A few hours later, I received an email...I had just "won" a developer edition HTC Dream -- the Android G1.  I was quite anxious to have a hardware platform where I could experiment with Android.  I had, of course, already downloaded the SDK, compiled Android from scratch, and fiddled with it in an emulator.  But that experience fell far short of Android running on real hardware.  Until the G1.  The G1 was the first device to truly showcase the power and potential of the Android operating system.

And with that context, we are delighted to introduce the Orange Box!


The Orange Box


Conceived by Canonical and custom built by TranquilPC, the Orange Box is a 10-node cluster computer, that fits in a suitcase.

Ubuntu, MAAS, Juju, Landscape, OpenStack, Hadoop, CloudFoundry, and more!

The Orange Box provides a spectacular development platform, showcasing in mere minutes the power of hardware provisioning and service orchestration with Ubuntu, MAAS, Juju, and Landscape.  OpenStack, Hadoop, CloudFoundry, and hundreds of other workloads deploy in minutes, to real hardware -- not just instances in AWS!  It also makes one hell of a Steam server -- there's a charm for that ;-)


OpenStack deployed by Juju, takes merely 6 minutes on an Orange Box

Most developers here certainly recognize the term "SDK", or "Software Development Kit"...  You can think of the Orange Box as a "HDK", or "Hardware Development Kit".  Pair an Orange Box with MAAS and Juju, and you have yourself a compact cloud.  Or a portable big data number cruncher.  Or a lightweight cluster computer.


The underside of an Orange Box, with its cover off


Want to get your hands on one?

Drop us a line, and we'd be delighted to hand-deliver an Orange Box to your office, and conduct 2 full days of technical training, covering MAAS, Juju, Landscape, and OpenStack.  The box is yours for 2 weeks, as you experiment with the industry leading Ubuntu ecosystem of cloud technologies at your own pace and with your own workloads.  We'll show back up, a couple of weeks later, to review what you learned and discuss scaling these tools up, into your own data center, on your own enterprise hardware.  (And if you want your very own Orange Box to keep, you can order one from our friends at TranquilPC.)


Manufacturers of the Orange Box

Gear head like me?  Interested in the technical specs?


Remember those posts late last year about Intel NUCs?  Someone took notice, and we set out to build this ;-)


Each Orange Box chassis contains:
  • 10x Intel NUCs
  • All 10x Intel NUCs contain
    • Intel HD Graphics 4000 GPU
    • 16GB of DDR3 RAM
    • 120GB SSD root disk
    • Intel Gigabit ethernet
  • D-Link DGS-1100-16 managed gigabit switch with 802.1q VLAN support
    • All 10 nodes are internally connected to this gigabit switch
  • 100-240V AC/DC power supply
    • Adapter supplied for US, UK, and EU plug types
    • 19V DC power supplied to each NUC
    • 5V DC power supplied to internal network switch


Intel NUC D53427RKE board

That's basically an Amazon EC2 m3.xlarge ;-)

The first node, node0, additionally contains:
  • A 2TB Western Digital HDD, preloaded with a full Ubuntu archive mirror
  • USB and HDMI ports are wired and accessible from the rear of the box

Most planes fly in clouds...this cloud flies in planes!


In aggregate, this micro cluster effectively fields 40 cores, 160GB of RAM, 1.2TB of solid state storage, and is connected over an internal gigabit network fabric.  A single fan quietly cools the power supply, while all of the nodes are passively cooled by aluminum heat sinks spanning each side of the chassis. All in a chassis the size of a tower PC!

It fits in a suit case, and can travel anywhere you go.


Pelican iM2875 Storm Case

How are we using them at Canonical?

If you're here at the OpenStack Summit in Atlanta, GA, you'll see at least a dozen Orange Boxes, in our booth, on stage during Mark Shuttleworth's keynote, and in our breakout conference rooms.


Canonical sales engineer, Ameet Paranjape,
demonstrating OpenStack on the Orange Box in the Ubuntu booth
at the OpenStack Summit in Atlanta, GA
We are also launching an update to our OpenStack Jumpstart program, where we'll deliver and Orange Box and 2 full days of training to your team, and leave you the box while you experiment with OpenStack, MAAS, Juju, Hadoop, and more for 2 weeks.  Without disrupting your core network or production data center workloads,  prototype your OpenStack experience within a private sandbox environment. You can experiment with various storage alternatives, practice scaling services, destroy and rebuild the environment repeatedly. Safe. Risk free.


This is Cloud, for the Free Man.

:-Dustin

Thursday, May 1, 2014

Double Encryption, for the Win!


Upon learning about the Heartbleed vulnerability in OpenSSL, my first thoughts were pretty desperate.  I basically lost all faith in humanity's ability to write secure software.  It's really that bad.

I spent the next couple of hours drowning in the sea of passwords and certificates I would personally need to change...ugh :-/

As of the hangover of that sobering reality arrived, I then started thinking about various systems over the years that I've designed, implemented, or was otherwise responsible for, and how Heartbleed affected those services.  Another throbbing headache set in.

I patched DivItUp.com within minutes of Ubuntu releasing an updated OpenSSL package, and re-keyed the SSL certificate as soon as GoDaddy declared that it was safe for re-keying.

Likewise, the Ubuntu entropy service was patched and re-keyed, along with all Ubuntu-related https services by Canonical IT.  I pushed an new package of the pollinate client with updated certificate changes to Ubuntu 14.04 LTS (trusty), the same day.

That said, I did enjoy a bit of measured satisfaction, in one controversial design decision that I made in January 2012, when creating Gazzang's zTrustee remote key management system.

All default network communications, between zTrustee clients and servers, are encrypted twice.  The outer transport layer network traffic, like any https service, is encrypted using OpenSSL.  But the inner payloads are also signed and encrypted using GnuPG.

Hundreds of times, zTrustee and I were questioned or criticized about that design -- by customers, prospects, partners, and probably competitors.

In fact, at one time, there was pressure from a particular customer/partner/prospect, to disable the inner GPG encryption entirely, and have zTrustee rely solely on the transport layer OpenSSL, for performance reasons.  Tried as I might, I eventually lost that fight, and we added the "feature" (as a non-default option).  That someone might have some re-keying to do...

But even in the face of the Internet-melting Heartbleed vulnerability, I'm absolutely delighted that the inner payloads of zTrustee communications are still protected by GnuPG asymmetric encryption and are NOT vulnerable to Heartbleed style snooping.

In fact, these payloads are some of the very encryption keys that guard YOUR health care and financial data stored in public and private clouds around the world by Global 2000 companies.

Truth be told, the insurance against crypto library vulnerabilities zTrustee bought by using GnuPG and OpenSSL in combination was really the secondary objective.

The primary objective was actually to leverage asymmetric encryption, to both sign AND encrypt all payloads, in order to cryptographically authenticate zTrustee clients, ensure payload integrity, and enforce key revocations.  We technically could have used OpenSSL for both layers and even realized a few performance benefits -- OpenSSL is faster than GnuPG in our experience, and can leverage crypto accelerator hardware more easily.  But I insisted that the combination of GPG over SSL would buy us protection against vulnerabilities in either protocol, and that was worth any performance cost in a key management product like zTrustee.

In retrospect, this makes me wonder why diverse, backup, redundant encryption, isn't more prevalent in the design of security systems...

Every elevator you have ever used has redundant safety mechanisms.  Your car has both seat belts and air bags.  Your friendly cashier will double bag your groceries if you ask.  And I bet you've tied your shoes with a double knot before.

Your servers have redundant power supplies.  Your storage arrays have redundant hard drives.  You might even have two monitors.  You're might be carrying a laptop, a tablet, and a smart phone.

Moreover, important services on the Internet are often highly available, redundant, fault tolerant or distributed by design.

But the underpinnings of the privacy and integrity of the very Internet itself, is usually protected only once, with transport layer encryption of the traffic in motion.

At this point, can we afford the performance impact of additional layers of security?  Or, rather, at this point, can we afford not to use all available protection?

Dustin

p.s. I use both dm-crypt and eCryptFS on my Ubuntu laptop ;-)