Linked List: April 11, 2014

Friday, 11 April 2014

Brent Simmons:

The cloud is more than just a file system. It’s data plus code.

Jason Snell, writing for TechHive:

Comic fans may groan about the sale — it’s always sad when a plucky, groundbreaking start-up is bought out by a corporate giant — but Amazon’s track record with purchases is actually pretty good. The company has bought Zappos, Goodreads, Woot, and Audible, all of which continue to operate more or less as they did before, rather than being integrated into Amazon.com.

Atelier Playing Cards ★

Sweet typography-centric playing card design by Robert Padbury. The Kickstarter project is just a few days old, but already fully-funded. I say we all pile on and make this project a big hit. (Bonus: the t-shirts are being printed by my pal Brian Jaramillo, who’s handled all DF t-shirts for many years.)

Friday Afternoon Taste of My Own Claim Chowder ★

Yours truly, three years ago:

Second, how is Flipboard an example of a web app? It’s a native iOS app in the App Store. It uses HTML5 and web content views, sure, but it’s still a native iPad app.

As I wrote in my headline this week, I’ve rethought what it means to be a web app. Flipboard is a great example of a native app that is all about the web.

Samsung Misled Investors About 2011 Galaxy Tab Sales ★

Philip Elmer-DeWitt:

This week we learned, thanks to a February 2012 internal Samsung document marked “top secret” and unearthed by Apple as part of its ongoing patent infringement proceedings, that we were right and those more credulous news outlets were wrong.

When Strategy Analytics was telling the world that Samsung sold 2 million Galaxy Tabs in six weeks, the truth was that it took Samsung all of 2011 to sell half that many.

Shocker. But as Elmer-DeWitt points out, the blame doesn’t lie solely with Samsung or even Strategy Analytics — it lies also with the news outlets that gleefully passed along the report as fact. The reason: they wanted it to be true. iPad Continues to Dominate Tablet Sales is a boring story.

Bloomberg: NSA Said to Exploit Heartbleed Bug for Intelligence for Years ★

And now, some bad (but unsurprising) Heartbleed news, reported by Michael Riley for Bloomberg:

The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.

The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts.

For what it’s worth, the NSA Public Affairs Office tweeted a denial:

Statement: NSA was not aware of the recently identified Heartbleed vulnerability until it was made public.

Update: Full statement from the NSA here. Doesn’t seem to leave any wiggle room.

Escape From XP ★

Yet another sign that Microsoft has turned a corner.

‘Steve Expected Excellence. Which Is Why He So Often Got It.’ ★

Wonderful remembrance of Steve Jobs from Don Melton

So Steve started the rehearsal, going through slides on the “Switcher” ad campaign and then the Apple Stores.

At the end of the retail update, he was supposed to conclude with something like “1.4 million visitors in the month of December alone,” but he added, “so to all of you in the press who doubted us…”

And then clicked to reveal his special slide — poster art I’m sure everyone has seen before — a 1940’s-style rendering of a grinning man holding a big mug of coffee next to his face with this text alongside like a world balloon:

“How about a nice cup of shut the fuck up.”

And then the best part — the part we didn’t know was coming — Steve paused, turned to his V.P. of Marketing and deadpanned, “What do you think, Phil? Too much?”

Can You Get Private SSL Keys Exploiting Heartbleed? ★

Some potentially good news on the OppenSSL Heartbleed vulnerability front, from CloudFlare:

While the vulnerability seems likely to put private key data at risk, to date there have been no verified reports of actual private keys being exposed. At CloudFlare, we received early warning of the Heartbleed vulnerability and patched our systems 12 days ago. We’ve spent much of the time running extensive tests to figure out what can be exposed via Heartbleed and, specifically, to understand if private SSL key data was at risk.

Here’s the good news: after extensive testing on our software stack, we have been unable to successfully use Heartbleed on a vulnerable server to retrieve any private key data. Note that is not the same as saying it is impossible to use Heartbleed to get private keys. We do not yet feel comfortable saying that. However, if it is possible, it is at a minimum very hard. And, we have reason to believe based on the data structures used by OpenSSL and the modified version of NGINX that we use, that it may in fact be impossible.

And now, back to changing passwords on a slew of my accounts around the web.

Update: Sadly, the answer is yes, the vulnerability does put private key data at risk.

Scaling the Facebook Data Warehouse to 300 PB ★

Pamela Vagata and Kevin Wilfong, writing for the Facebook Engineering Blog:

At Facebook, we have unique storage scalability challenges when it comes to our data warehouse. Our warehouse stores upwards of 300 PB of Hive data, with an incoming daily rate of about 600 TB. In the last year, the warehouse has seen a 3× growth in the amount of data stored. Given this growth trajectory, storage efficiency is and will continue to be a focus for our warehouse infrastructure.

600 TB of incoming data per day is mind-blowing. I can’t fathom it. And it’s great that they’re sharing this information. There can’t be that many entities dealing with this scale of data storage, and the others likely aren’t sharing what they’ve learned. This is the cutting edge of computer science.

Meet the Bag Man ★

Eye-opening feature by Steven Godfrey for SBNation on the stream of money paid to college football recruits and players:

Remember, your job as a bag man isn’t to hide the benefit. It’s to hide the proof. In a region as passionate about college football as the American South, there’s no real moral outrage when new cars or clothes or jobs for relatives appear.

“We can only get away with whatever’s considered reasonable by the majority of the folks in our society. That’s why it’s different in the SEC. Maybe that’s why we’re able to be more active in what we do. Because no one ever looks at the car or the jewelry and says, ‘How did you get that, poor football player?’ They say, ‘How did they get you that and not get caught, poor football player?’”