Joe Auricchio

I’ve had a Dreamhost account for just over a year. I was lucky to catch one of their one-day promos, so I got a deeply discounted rate for the first year. But now the second year is starting, so they sent me a brief email to let me know that it was time to pay them. I signed in to the account control panel and checked my billing info. It said I owed them $114 or so for 2008-9. So I poked around the billing section a little more, and I saw an option to change the contract length. The longer the contract, the cheaper it is, to the tune of $1/mo less per additional year. So I switched my plan to three years, since I’m content with DH so far. To my surprise, I now owe them $0. In 2011 I’ll have to pay them $286, but for now my account is clear. That’s right, I asked for more service and they are giving it to me without being paid. Interesting. That’s not usually how business works.

My only guess is that their business model is predicated on a sufficient percentage of customers’ bills coming due each month; given that certain revenue, it doesn’t matter when any given customer actually pays. They have virtually zero marginal cost per customer and virtually zero recurring cost per customer-month. Their capital is servers and disk arrays, which are divided among a few hundred customers per cluster; they build a new cluster every month or so (week?), to accommodate incoming customers, but once a cluster is built it costs almost nothing to maintain. Power, cooling, salaries, office supplies, rent, and fiber connectivity are amortized over all their thousands of customers. So, as long as some bills come due every month, they’ll make salaries and rent. It doesn’t particularly matter when any single customer pays. They probably can’t even make good use of a surplus… it just goes into the bank account until it’s time to build the next cluster.

This makes me several intellectual kinds of happy. Patent application #20070078663

Why are my most productive days in terms of code also the days I read the most interesting blogs & news?

I’ve always wanted a Trac for the world. Rwanda: wontfix. China: worksforme.

Apple just “fixed” CVE-2007-4703.

The “Set access for specific services and applications” setting for the Application Firewall allows any process running as user “root” (UID 0) to receive incoming connections, even if its executable is specifically added to the list of programs and its entry in the list is marked as “Block incoming connections”. This could result in the unexpected exposure of network services.

I am utterly speechless. Shouldn’t the firewall have been built by a security team? Not a bunch of monkeys smashing their keyboards with a femur then committing?

I’m not sorry if I’ve offended you. If you work for Apple, and the Firewall code passed through your hands, YOU DESERVE TO LOSE YOUR JOB.

Letting any root process listen no matter what is like a bank security guard letting nobody except ex-convicts in after hours. The history of Unix security from Robert Morris up to today is that a single chink in any root daemon’s armor means your entire system is laid bare to anyone who knows what Metasploit is. It is inconceivable to me that someone being paid to write security code in 2007 would turn off all firewalling for any root process—and make it impossible for users to specifically request it.

There are those who say firewalls and network security are solving the wrong problem. At DefCon 15, Bruce Potter made the compelling argument that the right way to improve security is to fix the buggy code, and that “defense in depth” is just a band-aid. That may be, but for today, we still have buggy daemons, and sometimes we want to hide them from the world.

Again: I hope someone at Apple lost his or her goddamned career for this.

Or, a brief exercise in physics for those who still remember it (I don’t)

Yesterday at work I had to solve the following problem.

There is an FPGA chip that dissipates 5.7 Watts under full computation load. The chip is in an enclosure whose walls have effectively zero capacity to absorb heat. At one end of the enclosure, there is an aperture 11 mm tall and 11 cm wide, through which air flows at a rate of 40 LFM (linear feet per minute); the temperature of this air is 60 C. All the air exits at the rear of the enclosure through a similarly-shaped aperture. Assume the air becomes thoroughly mixed and thus homogeneous in temperature. Find the temperature of the exiting air.

Today, Kyle said to me:

So, you know that whole hd dvd key thing? Everyone and their grandmother knows it now, or knows where to find it. But I don’t think anyone knows what the heck to do with it.

Why did the HD-DVD key become such an issue?

Content providers: Takedown letters are not the way to stop piracy. Still less are they the way to squelch people with an agenda.

Bloggers, Diggers, etc: Copying and pasting a couple dozen bytes does not equate to taking to the streets in glorious revolution. The key’s been public for months. Those who needed it to do business (software developers and pirates) had it long ago.

Forgive me if I sound reactionary. I’m on the bloggers’ side on the whole. Certainly I’m no friend to the MPAA and RIAA. I just thought we’d been through all of this back in 2002 when DVD-Jon went to trial. It’s the same DMCA, same technology (video DRM), same fair use and anticircumvention issues. Of course, none of these issues actually came up in Johansen’s trial; they were just discussed to death on the net. I’m annoyed that this all came back a few days ago, but glad everybody shut up at the end of the day.

TMBO had a photo (sorry, no link) of a guy who tattooed the key to his chest. He’s going to feel really silly next year when nobody remembers or cares anymore, and even sillier in five when the next-next-gen formats arrive with the same folks backing them.

(I hope he feels silly already because back when we had the export restrictions fifteen years ago people did the same with strong crypto algorithms.)

The code name for the next major Debian release after etch is lenny.

Lenny? That just sounds silly. Join me in boycotting it. I shall only refer to it as “testing”.

Speakeasy, the last insanely great national ISP, just got bought out by Best Buy.

Speakeasy is known in the community for giving the speeds they promise, not throttling on the last mile nor unreasonably overselling their middle mile, for not blocking any inbound or outbound traffic, and encouraging users to run personal and game servers. These are things no other ISP really does. We’d be with them today, on 6×768 DSL, if we were closer to our CO. I can personally attest to their excellent customer support: the couple of problems I had were both resolved in a ten minute phone call to actual employees (not call centers). Not bad for a company of only 300 people.

And now they’ve been bought out by Best Buy for barely a year’s revenue.

At least it’s the Best Buy business division. That means we won’t have salesdrones pressing DSL on top of service agreements. And business-facing people seem to have their stuff together, on the whole. So I’m not completely without hope. I guess we’ll know in a year or so if Best Buy nukes the management.

I need a name for my Creative Zen Nano Plus, which I love ever-so-much (thanks T! <3)

Currently, I’m naming computers after Chinese and Japanese dynasties. My new laptop is heian, the older one is nara, and Aaron’s SGI Octane received the network name shang when it was running under my care.

The names of my mobile devices have no real rhyme or reason. The old Palm IIIxe didn’t have a name. I forget what the IIIc was called. The Tungsten|T was tungsten (wow). The Treo is molybdenum (sits below Tungsten in the periodic table).

Any suggestions for a cool name?

I love visceral examples of how far computer technology has come. My Compilers professor Scott Baden, on the first computer he used in college:

We had a computer that had 16 K of memory. That was it. And… 6 megabyte disks. Now my camera takes 6 megabyte pictures.

What used to be larger than a washing machine is now of no consequence. In the course of an afternoon we can create vastly more data than machine rooms could hold even a few decades ago. Do we ever stop and give thought to how much data we truly create?