Colin Charles Agenda

I caught Facebook - Needle in a Haystack: Efficient Storage of Billions of Photos on Flowgram. First up, I’m not a big fan of Flowgrams - the format is sensible, slide and voice, is excellent, but the delivery in a web browser isn’t optimal… make downloadable videos!

The talk however, was excellent. Do watch it, and learn a bit more about Facebook’s infrastructure. Anyway, some notes I took from the talk:

• “We’re one of the largest MySQL installations in the world”
• Use memcache - “We have memcache because databases aren’t fast” (later on in the questions)
• Separate team focusing on APE (Apache, PHP and Extensions that they work on)
• 6.5 billion total images, 4-5 sizes stored for each, so 30 billion files, of about 540TB total… During peak? 475,000 images served per second, and growing by 100 million uploads per week
• Images are usually pulled from a Content Delivery Network (CDN), so it reduces the request rate on their servers
• They use NetApp Storage, but basically their upload servers speak NFS to write to NetApp.
• Cachr (evhttp based) and File Handle Cache use memcache as a backing store… FHC is based on lighttpd!
• Makes use of a “haystack” - user-level abstraction, storing a separate index file that has more efficient metadata (to reduce disk seeks - 1 disk seek or less for any workload). Pretty deep in the discussion of the haystack server architecture, also evhttp-based
• MySQL use? Very few transactions, very few joins
• Video is a very different beast, and the design is a little different

If you’re into information about photo storage sites, don’t hesitate to also read my previous notes on Flickr.

Its the Firefox Download Day. That not only means Firefox 3 is out, it also means that they’re trying to set a world record, by getting the most downloads of a software package in 24-hours. There’s a nice world map, similar to the kind you might have seen in presentations by Jonathan Schwartz (ok, I prefer seeing the dots per region, rather than the Firefox one :P).

The pending general availability of MySQL 5.1 was announced in April at the MySQL Conference. While I’ve seen 1,400+ attendees (a pleasant problem for the event organisers, as they scurried to get people into overflow rooms, and herd the crowd during food times) show up at the Tech Days in the Philippines, I’m wondering if we can achieve 3 million downloads (the current Firefox counter) within 24-hours? Database software just isn’t as sexy as a web browser… Thats not to say we cannot aim high.

How would you celebrate the release of MySQL 5.1 GA? Worldwide release parties (ala Ubuntu)? Set an aim for “n-number of downloads” in 24-hours?

P/S: Like live stats? Look at the Mozilla Download Counter. Its live, and very cool

Finding out that Adobe is the latest to jump on the online office bandwagon, I decided I need to try their service out. Working together, anywhere, is their tag line.

First impressions? They provide a few fonts that look nice. There is document sharing built-in. You can also add comments on parts of documents - and this is a killer feature with the built-in sharing, I love how the way comments are displayed (they’re in your face).

Comments being displayed in a Buzzword document (click for larger image)

What am I disappointed with? File formats. Not supporting ODF out of the box, is really silly. Exporting to PDF is nice, RTF is standard, .txt (so you lose the fonts), a zipped up HTML document, and Word (.doc), Word 2003 XML (.xml), and Word 2007 (.docx), only? Open standards, FAIL!

Buzzword, not supporting a wide variety of common file format (click for larger image)

I’d try out the rest of the services, but I’m sent to Acrobat Health, as it seems like they’re just a little overloaded now…

Do you use mod_auth_mysql, the Apache module that allows authentication of users to happen through a MySQL database?

If so, the nice folk at Automattic (makers of fine blogging software like Wordpress) have released a patched version that works with phpass.

With this, you can now have single sign on (SSO), with authentication against a WordPress blog (or bbPress forum). Note that WordPress (in 2.5 and later), doesn’t use MD5 hashes to store passwords any longer; instead they are salted and hashed with the phpass library. The Automattic folk use this to provide SSO for Trac and Subversion.

Read Barry’s announcement, and grab the patched mod_auth_mysql.

Its worth noting some website changes. First, I dropped Skribit. The widget has been sitting there unused for weeks, so I’m thinking that’s software that no one, besides its founders use. “Is Skribit proving useful?” is the question they ask - no.

Next up, I’ve stopped using Technorati tags, and have decided to use Wordpress tags. I’ll still be using categories, as well as tags to complement the categories. Why? Wordpress has the feature… Technorati still gets updates/pings from my blog, and creates its own “tags” (largely from what I can see, from ways I categorise my post) that it sees my blog represents.

Besides, now I can add tags for relevant events, and RSS feeds can be generated from it. Good for people just wanting to follow notes from a certain event, and aggregations of the specific feed for said events.

Talk was given by Jaana Majakangas, from Nokia Corporation. I’ve been interested in NFC ever since I heard about it, as its something Maxis has been trialling for a while in Malaysia. It reminds me of rewinding back many years (maybe a decade ago?) when Celcom was trying to allow people to purchase a Coke from select vending machines, using SMS (no cash!). That never took off, but maybe NFC will be right, soon… Current limitation? Lack of devices - one in market (Nokia 6131) and another announced, but not in market. Also, the standard (JSR 257) has been extended by Nokia, which is always an issue for other implementers.

Some quick notes:

• JSR 257 is what this is all about.
• Simple wireless protocol between NFC compliant tags and devices in close proximity. New business opportunities for mobile operators, banks, retailers, transport operators, etc.
• You can share content between phones/pair devices like Bluetooth. You can get further information by “touching” smart posters. Your phone can be your credit card for payment… it can also be your travel card.
• Service discovery. Nokia has got extensions to the JSR 257 standard for this in their implementations.
• Think outside of the box, be innovative, the technology is there, there are many use cases
• Contactless communication API has been around since 2004. RFID tag, smart card, visual tags. Java applications to access the hardware capabilities (RFID for instance).
  - NDEF tag (RFID tag, with NFC standard)
• There is a dedicated Connection interface for different targets. You will get a notification when a transaction has happened.
• When you discover a target, the application will get a notification. It has the URL that you will open the connection with. Communicate… then close connection.
• Nokia 6131 NFC has extensions to JSR 257: get the SDK at Forum Nokia. The extension also includes the peer-to-peer communication framework. In a modified version of JSR 257, the P2P communication will exist soon as well.
• Business cards that go to NFC devices and contact details are there? Wow, this is Business Card 2.0 :)
• NFC works within less than 10cm. Its pretty “near”.
• “Touch to share bookmark”… touch two devices together, and voila! there is instant sharing. I’m reminded of old Palm ads when they were pushing their IR technology and beaming business cards across trains between a man and a woman!
• NFC enables new consumer services with mobile devices. Take away that you should just be creative, and lots can happen.

Dunno if this is a new feature, but Facebook has integrated instant messaging (IM) to folk that are on Facebook. This is like Google doing their Google Talk chats inside GMail. More and more reason why the web browser replaces the traditional desktop application?

Facebook IM

Do I like being able to only talk to folk that are my friends? Naturally. One wonders though why we have so many different identities, on different services. The one that consolidates them all, is the one that enables ease of use, is the one that will “win”.

Me? I’m old fashioned. I like my IM client. I like my email client. All desktop clients I might add. The kids of today? They’re happy with everything web-based. Besides, the concept of syncing stuff offline is slowly becoming more popular with web-based applications, so maybe eventually, I too might like these new web applications…

Technorati Tags: web, communications, IM, facebook, in-browser, browser experience, history, thoughts

Eli White from Digg presented. It was an interesting talk… He covered:

You are going to get hacked…
- SQL injection
- XSS
- CSRF (cross site request forgery)
- Session Hijacking

Slides (PDF, ODP) have SQL injection/XSS example, with the hole, the attack, and the prevention.

Technorati Tags: mysqlconf, mysql, mysqluc08, mysqluc2008, eli white, digg, hacked, security, sql injection, xss, csrf, slides