Friday, 24 August 2012

Simple Script to test Sharding on MongoDB

Sharding, eh? There's so many questions on a daily basis about sharding -
  • What is sharding?
  • How do I do shard?
  • When do I do shard?
    • How do I know I need to shard?
  • How many shards do I need?
  • What shard key should I use?
  • Can I change my shard key?
  • What's a hotspot?
  • How many shards do I need?
  • Do I have a replica set within a shard?
  • etc
 and everyone is unique with a different use-case so the answer isn't always the same.

Here's the official documents page (on sharding) and Kristina's blog, which is simply excellent on so many levels - I recommend reading both links (btw, it'll take a while :). Kristina uses some awesome analogies to explain sharding.

This blog post isn't about the technicalities of sharding, there are much more intelligent people than me who can explain that. I wrote a simple script to learn a bit more sharding and for reproducing issues and I thought I'd share it. It's written in bash because I didn't want to worry about dependencies :)

After you run the script, you should be able to run 
 $ mongo twitter --eval 'sh.status()'  
from your local shell and you should see something like the following indicating that you have now created a sharded cluster with a sharded database "twitter", a sharded collection "tweets"
 MongoDB shell version: 2.0.6  
 connecting to: twitter  
 --- Sharding Status ---  
  sharding version: { "_id" : 1, "version" : 3 }  
   { "_id" : "shard0000", "host" : "localhost:10000" }  
   { "_id" : "shard0001", "host" : "localhost:10001" }  
   { "_id" : "shard0002", "host" : "localhost:10002" }  
   { "_id" : "admin", "partitioned" : false, "primary" : "config" }  
   { "_id" : "twitter", "partitioned" : true, "primary" : "shard0000" }  
     twitter.tweets chunks:  
         shard0000  1  
       { "query" : { $minKey : 1 }, "max_id" : { $minKey : 1 } } -->> { "query" : { $maxKey : 1 }, "max_id" : { $maxKey : 1 } } on : shard0000 { "t" : 1000, "i" : 0 }  

Hopefully it's of interest or help to someone :)

Sunday, 19 August 2012

Killer Kettlebell Workout

Since starting kettlebells (3 months ago) my fitness, strength and flexibility have definitely improved. My hips have a strong tendency to lock, meaning that my gluteal muscles don't fire so the hamstrings are over-compensating.

I've noticed a definite improvement on the bike when climbing (legs have more power and less restriction at the top of the motion) whilst body fat and overall weight has dropped.

I did this workout on Friday past and although I'm biased, I think it was pretty cool and so thought I'd share -

  • 7 minutes run
  • Half-Planks * 10 L/R
  • Backward leg-lunges with stretch * 10 L/R 
  • Front squats, toes touching the wall * 10
  • Skipping * 50
  • Bridge * 10
  • Single-Leg Bridge * 10 L/R
  • Skipping * 50
  • Reverse-Curls * 10

  • Ladder
    • 3 * {Pull-Ups (1, 2 3) & Push-Ups (2, 4, 6)
  • Countdown
    • Swings/Squats (35/5, 30/10, 25/15, 20/15, 15/20, 10/25, 10/30, 5/35)
    •  All the swings were with 24kg; Squats (24kg all sets for first 15 reps, then 20kg)
  • 7 minutes run
  • Stretch

Friday, 17 August 2012

Help, someone's trying to hack my Facebook account!

So I received a phone call with a friend saying the exact words in the title.

This friend suddenly started receiving password notifications for several of their social networking sites (Facebook, Twitter etc) and other applications. The more interesting aspect is that this friend has an upcoming legal case so the multiple password notifications from independent applications and sites was a little more than conincidental. Given all the incorrect uses of the word "hacker", I refuse to call this person or people "hacker(s)" and really, what he/she/they did is not that subtle.

I had some advice for my friend, which I first bounced off another good friend, Brian Honan, who was extremely helpful as always and had some awesome additions.

So this post is not intended to tell you how to be safe on the Internet or how to harden your laptop/destop/phone. I simply thought I'd publicise this advice in case anyone-else ran into the same scenario (bear in mind that this advice is primarily intended for a non-technical person, who may have to contact law enforcement -
  • Record everything. Using a bound notepad (not the type you can tear a page from), note every event with date and time of each incident, as well as the actual details of the incident.
  • Print out all emails, messgaes, screen shots etc that relating to every incident encountered. 
    • Date each incident and link it back to the record in the notebook.
  • Report it to law enforcement, they may not be able to do anything but at least it will be reported to them and they will have a record to go back on if it becomes serious. 
    • The notebook and printed evidence will obviously help with initial report and any subsequent reports.
  • Likewise report to the provider's security team (e.g. Facebook, Twitter, LinkedIn [I could only find a link to the hack, not their Security Team :(], Google etc - they all have their own security team and they should be pro-active in helping). Some companies have a "security team" in name but not in reality so your email will go to trash essentially or in geek terms "/dev/null". However, again, there is a record.
  • Report every incident to both bodies. Do not leave anything out.
  • Change passwords and use enhanced security of any service they are using, e.g. Gmail and Facebook have advanced security settings. Use two-factor authentication where possible. As we all know, nothing is infallible but raising the bar helps and tends to discourage the vast majority of attackers onto an easier target.
  • Run regular AV scans on all your machines (do not flame me for recommending AV, I know the many short-comings, however, for all its failings, it does have a place for many end-users and it will catch the "known" stuff.
  • Decouple any applications from their social network profiles. If you log into any site "with Google" or "with Facebook" etc, remove that facility from the site and set up a unique password that is complex, difficult to guess but that you can remember.
  • If required (given the many unique passwords that you now have), use a password manager. Some folk like them, others don't. I feel that most users have a tendency to use simple, common passwords or simply re-use the one complex password, both of which have been shown to be the case in multiple hacking stories this year, and ultimately password managers strongly discourage this behaviour. Overwall (imho) the advantages outweighing the negatives (such as single point of failure), although I prefer not to have my password managers in the "cloud", rather on local systems that I have physical access to. For a much more detailed discussion check this link out.
This list is not perfect, nor is it endless and I'm happy to modify it based on valuable suggestions.

The blog post is intended to help others (non-technical, not as Internet savvy as many techies) who believe their Internet accounts are being attacked for whatever reason.

Just my 0.02c and I thought I'd share.....