Archive
Geek Dinner in Redmond, WA on April 9th?
photo by: Shay Stephens
I’ll be up in Redmond (first time!) for business next week (sorry sweetie!), and have no plans Wednesday evening, the 9th. Anyone wanna get some food, play some games, or just hang out?
Post in the comments.
Nasty Bug: Safari doesn't cache stuff.
photo by: Simon Barnes
I swear I’m not making this up.
I couldn’t believe my eyes when I found it. Safari is one of our favorite browsers, and we love their work on standards compliance and speed, particularly JavaScript, but this particular bug is really driving us crazy. I’ve logged it with Apple (#5786274), and a fix is promised, but in case you’re getting hit with this and are as baffled as I was, here are the details:
- If your computer has less than 1GB of RAM, Safari fails to cache items larger than 104,857 bytes.
- If your computer has more than 1GB of RAM, Safari failes to cache items larger than 209,715 bytes.
- JPEGs, at least, are temporarily cached in RAM. Whew. But upon browser restart, you’ll see they didn’t make it to the disk cache, so you have to get them again.
- Other objects, like SWFs or videos, though, don’t even make it to the RAM cache, let alone disk. Load the same SWF back-to-back, and you’ve just transfered the bytes twice. Ugh.
Very easy to reproduce yourself from the comfort of your own home, so go for it. Just fire up HTTP Scoop or Wireshark or tail your server’s HTTP logs and start hitting stuff. Marvel at the # of excess bytes transferred across the wire that you didn’t need. 😦
Here are a couple of test URLs so you can see for yourself:
As a self-professed Apple fanboy, I can’t wait for a fix. In the meantime, we’ve had to jump through all sorts of hoops to ‘dumb down’ some of our most exciting new features. 😦
UPDATE: Yes, I’ve tried with every Cache-Control and Expires header known to man. No, it doesn’t make a difference. Try it yourself.
My conference schedule for the rest of 2008
A few of you have been asking when/where I’ll be this year, conference-wise. Since Audrey was born, I’ve tried to keep my travel and speaking gigs to a bare minimum so I could help with my three kids and keep my wife sane. If you’d like me to speak or otherwise help out your conference this year, being local (Silicon Valley) is almost your only bet, I’m afraid. 😦
That being said, there are a few things that are ‘must attend’ for me, and a few local California shows, too. I’m sorry if I had to turn down your conference this year, but please ask again in future years – especially those of you with foreign events. 🙂
Here’s what’s on my calendar so far:
- MySQL User’s Conference – A must-attend for me. Helps that it’s local, too.
- D6 – A must-attend for me. Best business conference there is, imho.
- foo camp – Must-attend *if* I’m lucky enough to get an invite. No hard feelings if I don’t.
- Velocity – New conference around operations & scalability (finally!). Local, too.
- Web2Open – Speaking on a business hacks session. Local, too.
I wish I could go to OSCON this year, and wish I could have gone to ETech, too, but I just can’t & couldn’t.
And while I have your attention, I’d just like the mourn the death of the Web 2.0 Summit for me. I’ve enjoyed going all the previous years, but I just really didn’t get anything out of it last year. It’s turned into a massively popular event, but one that’s mobbed with VCs and bankers – almost no startups or entrepreneurs to be found. I have nothing against VCs or bankers, but that’s just not why I attended. So I think I’ll pass this year. Might come up to the city to hang out or get lunch, though, so ping me if you’re in town then.
If you are an entrepreneur with a hot startup, I suspect TechCrunch50 is going to be the place to be this year, btw. Get your demos ready!
UPDATE:  Jesse just posted a 20% discount code in the comments:  vel08js  Thanks Jesse!
iPhone, SDK, SmugMug
Been getting lots of questions about the iPhone SDK in general, and a SmugMug app in specific. Unfortunately, I think we’re covered by all kinds of NDAs so I can’t say much, but here are some of my thoughts:
- The iPhone SDK is a monster, huge, awesome thing. It once again leapfrogs Apple’s phone way way ahead of all of the competition. Just watch – the scope and breadth of the apps that’ll be available is going to take your breath away. And they can’t run anywhere else, because all the other phone companies have been ignoring us developers for years. They’re all scrambling around, now, though.
- The iPhone Apps Store is a bigger deal even than the SDK. Yes, you heard me right. Currently all the buzz is coming from developers, but since I wear both developer and CEO hats, I can tell you the deployment and business side is at least as critical. Being able to easily and rapidly get software and updates to your customers is a nasty problem, and the fact that Apple’s solved it for all of us is a huge, huge win.
- The combination of the two is where the real magic happens, obviously. I can’t imagine anyone else doing something quite as integrated anytime soon.
- We are building a SmugMug app. It’s already in the works. Of course, it’ll be free. And of course, it’ll be awesome. I don’t think we can say anything else, though.
- No, this doesn’t mean the end of our iPhone interface for on-phone Safari web browsing. We’ll keep developing it, and we’ll keep integrating your feature suggestions.
If you have any suggestions as to what you’d like to see in a SmugMug native iPhone app, here’s your chance. Leave me a comment. 🙂
SmugBunker on LifeHacker! Vote!
At SmugMug, we give every employee a healthy office decoration budget – and we only hire expressive people. So we’ve got a Tiki shack, and some sort of a treefort, and all sorts of other stuff going on.
Two of our employees decided to create the SmugBunker (above) complete with grenades and cammo netting – and it’s up for an award from LifeHacker!
We need your help though – go vote for ‘Cubes of War’ (aka the SmugBunker) is the best! Vote!
Tripit totally rocks.
photo by: Steven Le Vourc’h
I’ve been telling everyone I know just how great Tripit is, but realized I hadn’t told all of my readers.
It’s the most useful web service I’ve seen in years.  It’s drop-dead easy to use (just forward your email confirmations) and just plain works.  I’m learning a lot about ease-of-use from these guys, and  I can’t imagine traveling without it anymore.
If you haven’t checked it out, go. Â Now.
New blog design
photo by: Mom4squirrels
Ok, heard you all loud and clear. The old design was too tough to read. Plus I couldn’t post big photos and videos, which I’m obviously pre-disposed to do. 🙂
So thanks to GreenJimmy, I have a fun new design to play around with. Is this the final design? I doubt it, so you may see it change over the new few days or weeks. Knowing us, it may never be done…
I dig how it’s got old-school darkroom photos clothespinned up top, too. Reminds me of the days of chemicals and film… can’t say I miss them, but they were fun. 🙂
Like it? Don’t like it? Let me know in the comments.
Thanks Jimmy!
EC2 isn't 50% slower
I don’t want to start a nerdfight here, but it might be inevitable. 🙂
Valleywag ran a story today about how Amazon’s EC2 instances are running at 50% of their stated speed/capacity. They based the story on a blog post by Ted Dziuba, of Persai and Uncov fame, whose writing I really love.
Problem is, this time, he’s just wrong. Completely full of FAIL.
I’ll get to that in a minute, but first, let me explain what I think is happening: Amazon’s done a poor job at setting user expectations around how much compute power an instance has. And, to be fair, this really isn’t their fault – both AMD and Intel have been having a hard time conveying that very concept for a few years now.
All of the other metrics – RAM, storage, etc – have very fixed numbers. A GB of RAM is a GB of RAM. Ditto storage. And a megabit of bandwidth is a megabit of bandwidth. But what on earth is a GHz? And how do you compare a 2006 Xeon GHz to a 2007 Opteron GHz? In reality, for mere mortals, you can’t. Which sucks for you, me, and Amazon – not to mention AMD and Intel.
Luckily, there’s an answer – EC2 is so cheap, you can spin up an instance for an hour or two and run some benchmarks. Compare them yourself to your own hardware, and see where they match up. This is exactly what I did, and why I was so surprised to see Ted’s post. It sounded like he didn’t have any empirical data.
Admittedly, we’re pretty insane when it comes to testing hardware out. Rather than trust the power ratings given by the manufacturers, for example, we get our clamp meters out and measure the machines’ power draw under full load. You’d be surprised how much variance there is.
There was one data point in a thread linked from Ted’s post that had me scratching my head, though, and I began to wonder if the Small EC2 instances actually had some sort of problem. (We only use the XLarge instance sizes) This guy had written a simple Ruby script and was seeing a 2X performance difference between his local Intel Core 2 Duo machine and the Small EC2 instance online. Can you spot the problem? I missed it, so I headed over to IRC to find Ted and we proceeded to benchmark a bunch of machines we had around, including all three EC2 instance sizes.
Bottom line? EC2 is right on the money. Ted’s 2.0GHz Pentium 4 performed the benchmark almost exactly as fast as the Small (aka 1.7GHz old Xeon) instance. My 866MHz Pentium 3 was significantly slower, and my modern Opteron was significantly faster.
So what about that guy with the Ruby benchmark? Can you see what I missed, now? See, he’s using a Core 2 Duo. The Core line of processors has completely revolutionized Intel’s performance envelope, and thus, the Core processors preform much better for each clock cycle than the older Pentium line of CPUs. This is akin to AMD, which long ago gave up the GHz race, instead choosing to focus on raw performance (or, more accurately, performance per watt).
Whew. So, what have we learned?
- All GHz aren’t created equal.
- CPU architecture & generation matter, too, not just GHz
- AMD GHz have, for years, been more effective than Intel GHz. Recently, Intel GHz have gotten more effective than older Intel GHz.
- Comparing old pre-Core Intel numbers with new Intel Core numbers is useless.
- “top” can be confusing at best, and outright lie at worst, in virtualized instances. Either don’t look at it, or realize the “steal %” column is other VMs on your same hardware doing their thing – not idle CPU you should be able to use
- Benchmark your own apps yourself to see exactly what the price per compute unit is. Don’t rely on GHz numbers.
- Don’t believe everything you read online (threads, blogs, etc) – including here! People lie and do stupid things (I’m dumb more often than I’m not, for example). Data is king – get your own.
Hope that clears that up. And if I’m dumb, I fully expect you to tell me so in the comments – but you’d better have the data to back it up!
(And yes, I’m still prepping a monster EC2 post about how we’re using it. Sorry I suck!)
Last Photographer Standing I
photo by: Vandana
Choosing Vandana’s gorgeous photo (above) as the winner of Digital Grin’s Last Photographer Standing I must have been tough – just look at all the amazing entries – but man, oh man, talk about stunning! Vandana wins the $7500 grand prize plus a lifetime free SmugMug Pro account. Congrats!
Overall, there were $25K in total prizes given out during the year-long Last Photographer Standing I competition. I can’t wait to see what happens with LPS II. Bring it on!
On so-called 'holes' in our new privacy scheme
Sûnnet Beskerming is out with a blog post claiming that we left some privacy holes open with our new scheme. I’m almost 100% positive we did leave some holes open, because this is a new release and we’re bound to have bugs, but they’re just dead wrong about this one. They clearly have an axe to grind (they would like us to hire them, and sound like they’re now pissed that we haven’t).
Since their original post, we’ve been tossing around the idea of hiring someone to periodically review our security & privacy policies/implementation, and they were on the list for consideration. It looks like we probably will hire someone, but given how poorly researched this new article is, it’s clearly not going to be them. I’ll bet we end up going with the brilliant experts over at OmniTI instead.
They made two bad assumptions:
- They somehow assume just because you know the ImageID and ImageKey, you can get the Original image. As all of our customers know, we let them lock down the Original so that no-one can get it.
- They then went on to explain that you could see a photo without providing the proper ImageKey simply by using an ImageKey from another photo in lightBox. Um, no. Apparently the concept of grandfathering older photos is beyond their comprehension. Our customers understood and appreciated it, but this so-called security firm doesn’t. Go figure.
Craziest part of this whole thing is that they chose to blog about their ignorance instead of just emailing us. We could have politely and privately researched the issue, discovered that things were working as designed, and set them straight. Instead they felt like they had to publicly attack and damage our business with a poorly researched story. (Nice way to drum up business, guys. Attack your potential customer AND get it wrong!)
To be clear: If you try their so-called exploit on a ‘new’ photo or video (one uploaded after our privacy changes on February 8th), it just won’t work. If you try it on an ‘old’ photo or video, it will – just like we designed it.
We’re currently adding just added a little logic to change that behavior so that other people who jump to conclusions with no basis in fact will get an error, rather than silently working.
We’re also certainly not claiming our site is perfectly secure (and I can’t imagine we ever will). We think it’s *very* secure, but we’re still combing through all the dark corners of our codebase looking for areas where we can tighten things up. We still haven’t totally fixed a few of the issues brought up during our contest, even, though I can assure you we’re working on them. I’m sure we’ll continue to find more things, and that the community will as well.
Speaking of our wonderful community, now that our release is out and tested, we’re starting to pay the security bounties. Those of you who reported issues should have gotten, or will shortly be getting, an email from Markham. A few people refused their winnings, and refused to even let us donate to any charities in their name, so we’re donating the bounties to a charity of our choice instead.
SmugMug's Don MacAskill 