It’s begining to look a lot like a catapult :)

August 13th, 2011 by Chris No comments »

Some house keeping things first. While I’m a Subaru guy, I have to say that I’m extremely impressed with my wife’s S4. Not only is it pushing close to 400 horses, but it easily transports 10′ PVC.

I have found the perfect beverage for catapult building. Try it and you’ll see why.

Completed the throwing arm basket and I’m not happy. Its a bit heavy, not curved well and just overall is suckage. Here’s how it came out:

Decided to scrap the design and go for something a bit more slimline. Think this will work out much better but only testing will tell for sure.

Had a friend ask if the catapult would fit through the double doors. Here’s the proof:

So I’m now completing the project on the patio as I need to work on the upper supports. Could almost reach them from the next level up but decided a ladder would be safer.

One problem I ran into is how to glue the parts 10′ up and still get good connections. I ended up making sure everything properly fit, gave myself some alignment lines, and did the glue work at ground level.

Bit of final assembly work once its daylight and it’ll be time to try a test firing. Neighbors beware!

C

No comments »

Posted in Uncategorized

Return of the beast

August 12th, 2011 by Chris No comments »

In the process of putting the catapult back together. I’m at a point where nearly every joint is either glued or fastened. The original thought was to bolt the joints that don’t receive glue. Upon checking alignment, my fear was I would end up removing too much material and weaken the structural integrity of the joint. I opted to go for #10 sheet metal screws instead.

 

I wanted to make sure that pipes were fully inserted prior to applying glue or inserting screws. Since you can’t see the inside of the pipe on many of the joints, I simply marked a 5/8″ depth as a guide.

 

Had a bit of an assembly line going.

 

I know it does not look like much progress was made, but I’m back to where I started only all the joints are properly locked in.

Next step is to build the rear 10′ supports as well as the throwing arm. For the basket of the throwing arm, I thought I would use a similar joint to the one I used for the pivot point, only this time I’ll use caps instead of adapters on the sides. Here are the parts:

Next step is to glue the parts together, and then go it at with my table saw to cut out the top. :)

 

More to come,

C

No comments »

Posted in Uncategorized

Oh Wait I have another good idea! :)

August 11th, 2011 by Chris No comments »

Thinking if I show up at my wife’s family gathering with a 10′ catapult that throws fire, that might not be enough to convince them I’m a bit over the edge. With this in mind, I’ll also be building a potato cannon. Usually not all that insane, but I’ve decided to build it out of clear PVC so that I can get a good light show going when its ignited.    :)   :)   :)

Of course I have to finish the current project first…

Progress goes well. Here’s where we are at:

 

 

Since a 10′ catapult will not fit in the workshop, I have to improvise.  That top most crossbar will eventually be 10′ off the ground. For now I’m using shorter side pieces so that it is only 6.5′ above the ground. This will let me continue to work on the catapult inside. I still need to glue some critical joints and bolt up the remaining components (remember I need to be able to tear this thing down to transport it, so the bolted joints will let me break the catapult down into smaller pieces).

Soooo, I need to tear it all down, glue certain joints, then put it all back together to be bolted. I’m numbering the joints to help remind me where all the parts go.

 

More to come shortly,

C

No comments »

Posted in Uncategorized

What’s in a name?

August 10th, 2011 by Chris 2 comments »

My wife mentioned that I should consider naming the device. I think I have to agree. She wants to name it “Bob The Catapult” but personally I think any device that will be capable of throwing fire over 500 ft needs to have a female name. Thoughts? Could use some suggestions.

One of the things I had to think through was how to make the pivot point for the throwing arm. Bit of time staring at the shelves in Home Depot did the trick (TIP: Home Depot employees get *really* confused when they ask if they can help you find something and you tell them “catapult parts”).

 

Here’s what I came up with:

 

The pivot needs to fit snugly over 2″ PVC but provide a 90 degree adapter to throwing arm. The pivot also needs to rotate freely but without so much slop that it blows itself up. I ended up taking a 3″x3″x2″ T (middle of pic) as well as two 3″ to 2″ adapters (shown on each end of the “T”). I then dremeled out the adapters till the 2″ pipe could slide easily through it. The result is what you see above. I just need to glue the adapters into the “T” and this should work out quite nicely.

Device is getting taller and has more supports added in. I moved the winch to the other side so that the remote controls are easily accessible. I don’t want to be anywhere near this thing the first time I go for maximum thrust. ;-)

More later,

C

 

2 comments »

Posted in Uncategorized

The saga continues

August 9th, 2011 by Chris No comments »

First let me say I have the coolest wife! I mention building a 10′ catapult to drag up to her family gathering and she does not even bat an eye. ;-)

Starting to get the basics laid out. Going to use a 12V winch to load the device. Spring with be 10 lsb/ft bungee cord. If my math is right, this should get the initial escape velocity for small loads (a pound or so) up into the range of 150 MPH. Wahoo!

 

Here’s the layout of the base structure. The electric winch to load it is in the foreground:

 

Little more progress and here’s the front side of the unit. That horizontal bar will be a pivot point for the bungee cords as the winch draws them in. Figured I better brace that against the rear month point. Newton’s third law and all of that.

More as it happens,

C

No comments »

Posted in Uncategorized

What happens when geeks get bored

August 8th, 2011 by Chris No comments »

Hey all,

 

Not security related but wanted to share, so figured I would post this here.

 

I have two kids in their tween years so I love to leverage the opportunity to do crazy science projects under the guise of “furthering their education”. Posted a bit in the past about the Van Der Graaf generator and the Plasma based speakers we built. Both were cool projects.

 

My wife’s family has a place up in northern NH which they gather at each August. Its in the middle of no where with an awesome lake out back. Over the years I’ve been dragging up some esoteric weaponry like throwing stars, pistol crossbows and even a blowdart gun. While these were cool, they lacked the massive destructive effect I was looking for.

 

With this in mind, last year we built and brought up a trebuchet. Here’s a pic from when we were testing it:

 

It may look small but properly tuned it can throw a golf ball 2/3 the length of a soccer field. With some practice, we got pretty good at hitting a 5′ round target.

We brought the trebuchet out to the family gathering last summer and had a lot of fun with it. Staring at that huge lake behind the property however, we just HAD to try throwing flaming objects. Turns out the treb was not very good at that due to all of the flammable parts. Decided that was something I needed to rectify for this year. Of course as the months ticked by, I also starting thinking that it would be even cooler if I could throw the objects further. With this in mind, I’ve come up with this rough design:

 

Thinking of using 2″ PVC for a majority of the parts. It will give the structure rigidity, is an easy medium to work with, and most importantly, it will resist burning. :)

 

So that’s the plan, we’ll see how this project goes. Stay tuned for the results.

C

No comments »

Posted in Uncategorized

Blog revised with cloudy goodness

May 20th, 2011 by Chris 2 comments »

Greets all,

First, I want to apologize for being dark for so long. To make a loooong story short I was doing work for one of those huge organizations who’s lawyers can’t sleep at night if they don’t own every damn thought and neuron spark in your head. So while I was able to keep writing within the organization, it made public side blogging problematic. A resolution was always just around the corner, but alas it became obvious that it was never going to happen.

I’m happy to say that problem has been resolved. I’m now working for an extremely cool startup that doesn’t try to stifle the free exchange of ideas, but rather encourages it. My god what a crazy concept, eh? :D

With that said, going forward there will be a couple of changes:

  1. I’m a strong believer that hybrid cloud is poised to take over the world, so my writing will be primarily focused on this discipline.
  2. Rather than post entries here, I’ll be posting them at my new employer, CloudPassage.Just click on the “Blog” link at the top right of the page.

 

See you there,

Chris

 

2 comments »

Posted in Site Related, Uncategorized

Does Profitability Kill Innovation?

September 2nd, 2010 by Chris 1 comment »

Paul Graham has an excellent write up on why Yahoo went bust. The full article is worth the read, but here are two choice quotes:

I remember telling David Filo in late 1998 or early 1999 that Yahoo should buy Google, because I and most of the other programmers in the company were using it instead of Yahoo for search. He told me that it wasn’t worth worrying about. Search was only 6% of our traffic, and we were growing at 10% a month. It wasn’t worth doing better.

And later Paul goes on to say:

If circumstances had been different, the people running Yahoo might have realized sooner how important search was. But they had the most opaque obstacle in the world between them and the truth: money. As long as customers were writing big checks for banner ads, it was hard to take search seriously. Google didn’t have that to distract them.

First, a disclaimer: The opinions I am about to express are my own. They do not represent, or have any association with any organization I have worked with in the past, present or future. If you see a lack of innovation within your organization, know I’ve done work for you, and think these opinions are about your organization, I can assure you they are not. They are observations regarding a completely different organization.

Paul’s article really hit home for me. Thinking back over the years I’ve spent consulting for different organizations, I noticed a distinctive pattern. The Internet space is littered with companies that had some cool innovation, made inroads into their market share, but then lost their way in pursuit of higher profits. You could see it within the organization’s internal culture as well as their front facing interaction with the public. Once the focus changed from long term technology development to short term profitability, the organization began a downward spiral.

Probably one of the earliest most public examples was Lotus. For the folks with as much gray hair as myself, you probably remember that programs like 1-2-3 and Notes put the PC on the map as the choice business class system. In the early 90′s everyone was running Lotus software. For that time in history it was extremely innovative and functional. There was a number of years where literally every company I did work for had a large deployment of Lotus software.

Then around the mid 90′s it all changed. New releases fixed bugs rather than pushed the technology forward. A draconian copy protection system was implemented. Costs for phone support and patches went through the roof. I remember the exact moment I decided I would do what ever I could to get away from Lotus software. I was sitting on hold for cc:Mail support (the datastore had corrupted itself again) and realized they had hired a disk jockey to play music and announce queue wait times (usually 30-60 minutes). This said to me that Lotus knew they had support problems, but rather than address the root cause they took the cheap way out and hired an entertainer. While I’m sure this increased their short term profitability, it sent folks like myself running into the Microsoft camp.

Of course Louts was not the last. We even watched Microsoft grow in leaps and bounds till the focus changed from innovation to copy protection and marketing slicks. SCO changed their business model from being an SMB solution to being litigators, and quickly slid into oblivion. We may even be seeing it again with Oracle. Some are claiming that Oracle purchased Sun not to forward their innovation, but specifically to litigate against Google. Hard to argue this point as from the outside it appears that the only other thing they’ve done with Sun is kill OpenSolaris, thus cutting off a wealth of innovation provided by outside programmers.

In Paul’s article he blames the root cause on Yahoo not hiring the best programmers. In my experience the problem goes deeper than that. When a company enters this self destructive phase they focus less on hiring innovators (like programmers) and more on hiring bean counters. The focus changes from fostering new ideas to squeezing out every last penny for short term gain. The first sign is usually absurd policy changes. Cubes can only be decorated in some cookie cutter fashion, engineers must empty their own trash, you spend more of your day accounting for our time rather than actually accomplishing anything, etc. etc.

While I’m sure some accountant can show on a pretty bar chart that these kinds of policy changes increase profitability, they miss a very important point. The changes create an environment that is detrimental to innovative thinking. The culture shift all but guarantees that innovative ideas are going to fail, and innovative thinkers are going to move on to other opportunities. Paul’s interaction with Yahoo is an excellent example. Think of it as being synonymous to investing in food at the grocery store. Buying cheap food will result in short term profitability, but long term it will probably dramatically increase your healthcare costs. When you are counting pennies it is easy to loose sight of the long term goal (like living a long healthy life).

So is the problem big business? Is the mantra that only small hungry companies can innovate while large companies are destine to fail? Personally, I do not think this is true. I have seen large companies that are smart enough to create internal think tanks to foster innovation. Mechanisms are put in place so that new ideas get floated to the top and failure does not become synonymous with termination. While profitability is still important (and IMHO it should be), creative risk taking into potential technology verticals are supported by upper management. A great example of this is probably Apple. Moving from computers to phones was a major change in their vertical market but it paid off in spades.

In the end, I think it really comes down to the corporate culture. What kills a company is not its size, but its ability to foster long term instead of short term thinking. Quick sanity check, if you notice your organization hiring more bean counters than innovators, you may already be on the downward spiral.


1 comment »

Posted in General IT

VMware Fast Path Versus Slow Path Firewalls

August 30th, 2010 by Chris No comments »

Many of us are now working with virtual firewalls. I did an earlier post regarding the strengths and weaknesses of security within the virtual realm, but today I want to talk about the firewalling possibilities with VMware. There has been a lot of excitement regarding VMware’s relatively new VMsafe API. Specifically, everybody is scrambling to create/deploy fast path firewalls. But are all fast path implementations created equal? Are there security concerns with going with a fast path solution? Let’s dive in and see.

Breakdown of VMsafe

With the release of the VMsafe security API, VMware has enhanced the options available for implementing security within a vSphere environment by permitting vendors to plug directly into the hypervisor at ring 0. VMsafe consists of three components:

  • VDDK – Disk block inspection. API has been publically released.
  • vCompute – CPU and memory API. Has not been publicly released. Unknown which third parties have access, if any.
  • vNetwork – API to monitor/filter between the vNIC and vSwitch. Has not been publicly released. To the best of my knowledge, only  Altor Networks & Reflex Systems have access (two vendors who assisted in the development of the API).

Specifically, I want to speak to the vNetwork API. When controlling network traffic flow within an ESX host, there are two possible implementation, “slow path” and “fast path”.

Slow Path

Slow path is the simplest implementation and the one we have been using for years. Effectively this is just a VM guest, similar to any other VM guest, running on the ESX host. Typically each guest is connected to a unique vSwitch, and each of these vSwitches is connected to a unique vNIC on the firewall. This is similar to a legacy firewall setup, but implemented virtually. The benefit of executing in slow path is that you can run a full blow OS with any libraries or services required to support the firewall.

Fast Path

Fast path is effectively a ring 0 driver that plugs directly into the hypervisor kernel. This allows a third party vendor to leverage the hypervisor for insertion between each vNIC/vSwitch connection. Because a fast path driver is running in kernel context, it adds minimal overhead to the system. The result is code execution within fast path is substantially faster than the same code being executed within slow path (thus the VMware naming convention for each context). Load on the ESX host is minimized, so the end result is you can run far more virtual guests.

Fast Vs Slow

So it sounds like you would want to do everything within fast path, but there are a number of issues. Fast path is a kernel driver plugging into a minimized hypervisor, not a full blow operating system. This limits the libraries and services the firewall has available for controlling traffic flow.  Further, we are plugging in a kernel driver so there needs to be assurances that it does not bloat the hypervisor, increase the attack surface or interfere with other hypervisor functions. VMware performs a code review on all fast path drivers prior to release. So if I could theoretically implement all my code in fast path, I would need VMware approval prior to every patch or feature release.

With this in mind, a vendor claiming “fast path” support is actually going to end up implementing a portion of their code as fast path, a portion as slow path, and then create a connector between the two. How much load is placed on the system will depend on how much of this code is implemented in fast path and how much of it is executed in slow path.

Possible Fast Path Deployments

For example, a vendor could choose to write a fast path driver that simply tunnels all packets back to a slow path implemented firewall. The slow path code then determines if the traffic should be passed or dropped, with passed packets being sent back to the fast path code for insertion into the hypervisor control channel. While this would be the easiest method of deploying fast path, and arguably the safest and most secure, it would provide the least performance benefits. System load would probably not be much better than a full slow path implementation. I see this option as being very attractive to legacy firewall vendors, as it would require the least amount of modification to their existing code while still being able to claim “fast path support”.

Another option would be to use the slow path space for administrative functions with the fast path driver acting as the firewall engine. So for example the firewall administrator would create the policy using an interface running on a slow path VM, which would then push the policy down to a fast path driver. In this setup the fast path driver has a copy of the policy so traffic control can be implemented immediately.  The result is faster traffic handling with minimal system load. The trade off is bulkier code at ring 0.

It is also possible to implement a mixture of the two. For example I could use the fast path driver to implement the firewall policy, but then pass all “accepted” packets back to the slow path system for intrusion checking, virus scanning, or whatever is needed. Acceptable packets are then passed back to the fast path driver for insertion. So in this setup all “dropped” packets are handled via fast path, while accepted packets interact with a slow path component.

As a side note, you need to keep the above info in mind when considering all vNetwork implementations, not just firewalls. The vNetwork API can also be used for policy enforcement, QoS, gathering of network statistics, etc. For example the very first vNetwork implementation was actually VMWare’s Lab Manager. This tool is used for self service provisioning and does not contain a firewall component (this is implemented via vShield).

Summary

While a VMware product that integrates with VMsafe can strictly be a “slow path” implementation, it is highly unlikely that any product can be considered solely a “fast path” implementation. Any fast path product is most likely going to be a hybrid. It is just a matter of how much code exists in the “fast path” space versus the “slow path” space. When a product claims fast path support, you need to dig a bit deeper to analyze the implementation in order to identify any real performance benefits.

No comments »

Posted in Virtualization

The Comcast Scam

August 25th, 2010 by Chris No comments »

Completely unrelated to security, but was surprised when this happened to me so I thought I would throw out a heads up.

When you pay your credit card or mortgage, there are laws in place to (try) keep the creditors from gouging you. For example if you make a credit card payment, the creditor has to apply that payment to the oldest purchase. If they didn’t, they could easily whack you with higher interest and penalties by only paying off recent purchases. The law is designed to provide some level of consumer protection.

Apparently the same rules do not apply to Comcast. Back in June I went into the local Comcast office and picked up two new cable boxes. These made it onto my June bill, which I completely missed due to travel. I have my bank setup to make auto-payments, but the June auto-payment ended up being $18 short. Jump to July and I had the same problem. Didn’t look at the bill and just let auto-pay do its thing. Except now it is not just $18 short, it is $18 plus fees and penalties.

So here we are in August. Less than 30 days since I last made a payment and Comcast killed my service. Phone, TV and Internet all offline. When I called to find out the problem, I was told my account was 60 days overdue. After speaking with three different people I was told that Comcast has no such requirement to apply payments to oldest debts. So while my July bill was considered current, my June bill was considered 60 days overdue. Thus the interruption in service, as well as multiple fees to straighten the while thing out. If Comcast was held to the same standards as most creditors, I would still owe them $18. Because they are not, with their fee structure I now owe $47 and that number is still climbing (apparently their Tivo service cannot be turned back on without a service tech).

Postmortem

  • Bundling home services can save money but makes for a nasty single point of failure
  • Be careful using a Bank based auto-pay for bills that can vary
  • Comcast fee structure permits them to earn an annual rate of return of 967% if you are so much as $1 overdue and miss it the following month

No comments »

Posted in Life