Tag: technology

Posted on

Changing this site’s tagline

Previously, my site tagline was “News, technology, life, and more.”

As of today, it is now “Technology, law, life, and more.”

When I first started this blog in 2008, I labelled it “A blog discussing current events, news, politics, technology, law and more.” Even then, as a high schooler, I was interested in the law—and in the intersection of law and technology.

I distanced myself from law for a while, enticed by opportunities in engineering and medicine, right around the time I was applying to university and completing my first year of undergrad. Mirroring this stage of my life, I removed the keywords “politics” and “law”. I blogged about healthcare-related issues.

As I now decide between two fantastic law schools to attend next year, I’ve realized that my entire path has been leading me to this intersection of law & technology. But no matter where I go, I will always be a technologist first; the order of words in “Technology, law, life, and more” reflects that (and the deliberate Oxford comma).

It was time to update my blog to publicly acknowledge my choice of path in life—indeed, my return to my true passions.

Posted on

How should Internet regulation of content work?

I first published the following query in a closed discussion forum for CIS 125/LAW 613 (Technology & Policy) at Penn Law. It is reposted here with minor edits.

Understanding the layers of the Internet (TCP/IP, etc) helps us to think about Internet governance in terms of allocating scarce resources, such as IP addresses and domain names. There is another layer to regulating the Internet that has little to do with scarcity or technical concerns: content on the World Wide Web. While people around the world effectively must agree to the same technical standards and the same mechanisms of allocating scarce resources in order for the Internet to function, there seems to be disagreement on which laws relating to speech and content apply, the geographic boundaries (if any) within which they apply, and to what extent foreign entities must comply. These concerns are obvious when we talk about the “Great Firewall of China”, highlighted by Google’s pull-out from mainland China, but less so evident when talking about countries that don’t use technical measures to censor citizens’ Web access.

This week, the issue became topical when Russia’s media/telecom regulator clarified existing rules on use of an individual’s image, seeming to outlaw certain forms of the Internet phenomenon known as memes.[1] The clarification came on the heels of a Russian court ruling in favour of a singer whose likeness was used without his permission in various Internet memes, some of which were unflattering. According to the Roskomnadzor—the agency that issued the clarification—as reported by the Washington Post, it is illegal in Russia to depict a public figure in a way that is unrelated to their “personality”, whatever that should mean. As expected, American media quickly seized on this act as part of a broader effort to control dialogue on the Web, at least within the Web as seen in Russia; noncompliance with the agency’s rules can result in a website being blacklisted in all of Russia.[2]

Setting aside any immediate visceral reaction that categorizes this as censorship, we might pause to consider Roskomnadzor’s justification, which pointed to the offence to celebrities’ “honor, dignity and business.”[3] But this is not some novel argument to protect celebrities at the expense of open expression; after all, even US law, which is weaker than European regimes that acknowledge a dignitary right in privacy, protects one’s likeness and privacy to some extent in tort, for very similar reasons.[4] And even if we disagree with the application of this principle in the agency’s rule, protecting individuals’ privacy and identity is still a legitimate state interest.

The real question, I think, is not whether Russia’s rule accomplishes the right balance of priorities, between privacy/control-of-likeness and open expression. After all, the extent to which the rule can even be enforced is dubious. (It would be a waste of resources for the Russian government to go after every meme of Putin on horseback.)

The much more interesting question for us is, to what extent should geopolitical nations be able to control content on the global Web according to their own sovereign laws? Moreover, given the borderless (by default) accessibility of websites and the diverse origins of Web publishers, is it reasonable to burden companies across the world with the task and cost of complying with a patchwork of nation-by-nation rules and judicial orders lest they allow their site to go dark in Pakistan or Russia or China?

In other contexts, like inconsistent cybersecurity laws across US states, companies have found it easiest to follow the strictest set of rules, hence simplifying their task. Maybe an image host like 9gag, catering to meme-makers, would find it technically easiest to comply with these inconsistent rules by deleting content whenever any nation complains. But then free speech everywhere is constrained to the narrowest rules among jurisdictions, so this is an unacceptable outcome. What is the alternative? Does the company have to add technical complexity to its systems to block Russian visitors only from accessing a picture of Putin? Isn’t this option economically inefficient?

Looking to a historical example, even a company that wants to stand up for human rights and free speech principles might find a weighty cost of defiance. In 2010, Google withdrew from operating the mainland Chinese edition of its search engine so as to relieve itself of the burden of obeying mainland Chinese regulations.[5] Reportedly frustrated with complying with strict censorship, and probably having small market share in the shadow of China’s Baidu, Google decided to redirect all mainland Chinese visitors to its Hong Kong edition, which operates under more lax rules. The cost of doing so? Losing relevance in the Chinese market.[6]

Many other companies lacking Google’s backbone and cash would likely roll over when requested to avoid losing their audience. Does this give too much influence to countries like the United States, China, and the UK, over what citizens can see on the Web? Is the Web any better under the rules of the superpowers than under the patchwork of nation-by-nation restrictions on free speech?

Footnotes

Footnotes
1 Megan Geuss, Russia’s Internet censor reminds citizens that some memes are illegal, Ars Technica (Apr. 11, 2015), http://arstechnica.com/tech-policy/2015/04/russias-internet-censor-reminds-citizens-that-some-memes-are-illegal/; Caitlin Dewey, Russia just made a ton of Internet memes illegal, Wash. Post Intersect Blog (Apr. 10, 2015), http://www.washingtonpost.com/news/the-intersect/wp/2015/04/10/russia-just-made-a-ton-of-internet-memes-illegal/.
2 See Caitlin Dewey, supra note 1.
3 Id.
4 Restatement (Second) of Torts § 652A-E (1977).
5 Jemima Kiss, Roundup: Google pulls out of China, Guardian (Mar. 23, 2010), http://www.theguardian.com/media/pda/2010/mar/23/google-china.
6 See Kaylene Hong, Google’s steady decline in China continues, now ranked fifth with just 2% of search traffic, Next Web (Jul. 5, 2013), http://thenextweb.com/asia/2013/07/05/googles-steady-decline-in-china-continues-now-ranked-fifth-with-just-2-of-search-traffic/.
Posted on

Installing a Puppet master on CentOS 7 with nginx and Unicorn

Puppet master node successful test

I was experimenting with configuration management tools, and wanted to set up a Puppet master node for my virtualized machines.

It is unfortunate that most guides out there today are tailored specifically for Ubuntu, or rely on prepackaged DEBs that do all the work (which, obviously, don’t really help on CentOS/Fedora/RedHat). This guide on DigitalOcean for setting up a Puppet master on Ubuntu 14.04 is pretty solid, but my own preferences are for CentOS and Fedora. Furthermore, I have completely migrated to using nginx in all my servers, though many deployment guides for Puppet still use Apache and Passenger. And the closest I could find in a guide for CentOS 6, nginx, and Unicorn used SysVinit and God… which are unnecessary now that systemd has been adopted.

(If you’re not as picky, just use Foreman Installer. It’ll take care of everything… even on CentOS 7.)

This guide will use:

  • CentOS 7 (at the time of writing, latest release)
    • systemd
  • nginx 1.7.x (mainline, from official nginx repository)
  • Unicorn
  • Puppet open source 3.7.x

Continue reading “Installing a Puppet master on CentOS 7 with nginx and Unicorn”

Posted on

Fedora 21 on XenServer

Fedora

In this post:

  1. Prebuilt Fedora Cloud images for XenServer
  2. Kickstart scripts for Fedora Server on XenServer

Fedora
Fedora 21 was just released earlier this week on December 9, 2014. The biggest change was the separation of the distribution into three “products”:

  • Fedora Cloud, a lightweight optimized distribution for public/private clouds, containerization with Docker and Project Atomic.
  • Fedora Server, the traditional platform for running services, usually on a headless host whether virtualized or on baremetal.
  • Fedora Workstation, a developer-friendly desktop running a cutting edge OS.

Of course, as always, OpenStack/KVM and Docker get a lot of love, but Xen and XenServer are once again ignored. This post is my solution. With the prebuilt images distributed here and the kickstart scripts below, you can deploy Fedora 21 on your own XenServer (6.2+).
Continue reading “Fedora 21 on XenServer”

Posted on

Found some old screenshots…

When I first came to Penn, the website for the Nominations & Elections Committee looked like this:

Old NEC site circa 2011
No, this wasn’t the year 1999… this was in 2011.

NEC website redesign

I set out to redevelop and redesign this, upgrading it from a static HTML site edited over SFTP to a WordPress CMS on Canvas. More importantly, the website redesign in 2012 needed to fit the rebranding that Penn underwent that academic year. In other words, I wanted it to look more like the university’s design. (An email to the Communications office responsible for web assets clarified that we could, in fact, do this.)

Continue reading “Found some old screenshots…”

Posted on

Google, you should know better

Gmail doesn't recognize YYYY-MM-DD format
Google doesn’t recognize YYYY-MM-DD format in contacts.

The YYYY-MM-DD format (%Y-%m-%d) is an internationally accepted, and standardized (ISO 8601) date format. The entire ISO 8601 system is based on big-endian ordering (greatest-to-least units) within the string, so… year, month, day, hour, minute, second. It makes a hell lot more sense than the American traditional MM/DD/YY format. So much so, in fact, that ANSI and the National Institute of Standards and Technology (NIST) have both adopted it. In some countries, like China, the traditional format in the language follows the same big-endianness: 2006年1月29日, which spells out 2006-01-29.

The advantage of this format isn’t just for programmers, where sorting dates and times requires no special logic (i.e. 2014-01-31 unambiguously precedes 2014-02-01, even if they were both written without delimiter symbols).

The format also eliminates any confusion between the fields. For instance, though colloquial American 11/12/13 should be interpreted as November 12, __13, it could just as easily pass for December 13, 2011. There is no room for confusion in 2013-11-12.

XKCD says it best:

XKCD reminds us of ISO 8601
xkcd: ISO 8601

Now, it’s understandable that maybe Google needs to recognize people’s different formats of entering dates in their colloquial formats, like MM/DD/YY. But there is no excuse not to recognize the YYYY-MM-DD format.

Even more so, because the date in my screenshot, 1995-09-24, has no possible misinterpretation. To any rational human being, there’s no way to think that this is the 9th day of the 24th month (!) of 1995.

Posted on

PVHVM CentOS 7 on XenServer

In this post:

  1. Benchmarks
  2. Prebuilt image
  3. Kickstart script

Following my previous post on running CentOS 7 and Ubuntu 14.04 as fully-paravirtualized guests on XenServer, I ran some benchmarks to compare the relative performance of fully-paravirtualized (henceforth abbreviated PV) domUs against HVM guests using paravirt drivers and interrupts/timers (henceforth PVHVM).

The performance differences between the two types has been studied for some time. Once upon a time, PV was undoubtedly faster, free of the overhead associated with full hardware emulation. With newer hardware features that have been supported for the last few years, PVHVM, which takes advantage of features in the processor as well as a Linux kernel that recognizes that it is operating as a virtual guest, has surpassed PV performance in most arenas.

Benchmarks

Benchmarks have severe limitations. The statistics here are only meant to be compared relatively among themselves—between the PV and PVHVM guests running exactly the same specs and software. It would be a futile exercise to compare them against VMs running on other servers, which might have better SANs, lighter workloads, or faster CPUs and RAM. The specific test profiles in the Phoronix software are also based on outdated versions of Apache httpd and nginx, which makes them unreliable for assessing real-world performance.

Some of the relevant comparisons:

It’s worth noting that CentOS 7 with a 3.10 kernel performed poorly compared to other distributions—both Fedora 20 (kernel 3.15) and Ubuntu 14.04 (kernel 3.13) outperformed CentOS on web serving workloads (not shown). But the evidence pretty conclusively showed that PVHVM generally performed better than PV on all of the operating systems.

Prebuilt image

Update (2017-04-28): Because these images are now out of date and insecure, the .xva images have been deleted. You should instead use the distribution’s latest cloud images in .qcow2 format, converted for XenServer.

To that end, I’d like to offer a prebuilt CentOS 7.0.1406 image that runs in PVHVM on XenServer. You should feel free to choose between this and the PV version from my previous post, depending on your needs. (If you need to accommodate higher density on your server, you might be better off with PV. Run benchmarks yourself to decide what you should use.)

As before, you can decompress (xz -d ___.xvz.xz or use your GUI of choice) then import through XenCenter (File – Import…) or the command line (xe vm-import filename=___.xva).

This image is provided with no guarantees. Please let me know in the comments if you find an issue with it.

  • CentOS 7.0.1406 (as of 2014-07-31)
    Filename: centos-7.0.1406-20140731-pvhvm-template.xva.xz
    Size: 325 MB xz-compressed; 1.4 GB decompressed
    Specs: 2 vCPUs, 2 GB RAM, 8 GB disk without swap, installed software, with XenServer Tools 6.4.93
    SHA256 hash: c3ef221ae886cea4c3be09996d0cb2049dc2ac8f10dd5323f85beee25ce9d4cd
    MD5 hash: 44583aa3cdbf1db1c62b2db05530ce6f
    Username: centos
    Password: Asdfqwerty

Kickstart script

A PVHVM system requires no special accommodations when installing, except that UEFI and GPT are not certain to be supported. Merely select the “Other install media” option in XenCenter, and use a standard installer ISO/DVD. Do NOT use any of the CentOS or RHEL templates! Those will create PV guests.

An automated kickstart like the one used to create the image above may help you build a generic template. Hit <Tab> at the CentOS DVD menu and append a ks=__ parameter to use a kickstart script hosted at an HTTP location.

The image above was built with the cent70-server-pvhvm.ks script at revision e278f2a8139fb624bc2cdcd9a80d8b51b7910de3, embedded below. If there are any updates to this script, they will be added to the develop branch on GitHub. You can also edit it yourself before deploying.

[github file=/frederickding/xenserver-kickstart/blob/e278f2a8139fb624bc2cdcd9a80d8b51b7910de3/centos-7.0/cent70-server-pvhvm.ks][/github]

Did this help you?

If you were able to use this image or the kickstart, I’d appreciate a brief comment to let me know it worked for you. I’d hope that the bandwidth costs are going to good use!

Disclosures Proudly powered by WordPress