markofu’s blog

Receiving mails via LinkedIn is an interesting experience. For example, how many folk actually personalise "contact requests" - from what I see, less than 1%. I typically try to because I think it shows some thought has gone into the request and it's friendly, but then "manners" on the Internet is a very different thing to the real world, right ;-) Anyway, to the point of the blog post. In early November (2012), whilst I was preparing my Security Onion presentation for IrissCon  (why did I bother when my MBP died on-stage), I received a very interesting and personal email via LinkedIn. The email came from a "Senior International Belief Instigator" (let's call him the SIBI - to save me typing) at Riot Games and the email was literally awesome, it hit many of the key points that you'd hope for in a recruiter email but it also had a wonderful tone. In my ignorance, I knew of League of Legends but not Riot (yes, I am embarrassed by that). I r...

Introduction Having answered numerous questions on the new and old authori(s|z)ation within MongoDB, I thought I'd write a short blog post explaining how things work as there seems to be some confusion. What's New Prior to version 2.4 , there was a very basic sense of "Role Based Access Controls" (RBAC) within MongoDB as there were only two roles - read readWrite which is quite limited. For example, if the user has "readWrite", that user is essentially "root" and the user can add/remove users as well as inserting data into the database, i.e. there is no role segregation. Version 2.4 added in the following 3 core roles - userAdmin dbAdmin clusterAdmin with a notable extension such that there are now 4 roles that apply across all databases - readAnyDatabase readWriteAnyDatabase userAdminAnyDatabase dbAdminAnyDatabase This increased RBAC is a significant improvement from a security perspective in MongoDB. It is imp...

I'm just back from a superb (or in "American" : super exciting) MongoDB London conference. I've been told there were over 500 attendees and as you can see below, the venue was sweet :) I have uploaded my slides to SpeakerDeck, I'm no longer using Slideshare as a repository for my presentations (I just don't think it's as good visually or in terms of a usage experience). Using the MongoDB Monitoring Service (MMS) Securing your MongoDB Implementation Thankfully the two presentations went well and I received great feedback (hey @rozza, no yellow discs buddy - yellow discs indicated a sub-par presentation, blue = good and green = excellent :) ). More importantly, there was no "Black Screen of Death" on the MBP unlike at IrissCon ! Please have a look at the slides and if there are any questions or mistakes, please let me know. Thanks to the whole 10gen team (especially the community folk) for organising such an awesome event and more i...

In my last post , I showed how you can set up MongoDB v2.2 to syslog its logs off to a remote syslog server. As my `tcpdump` snippets show, the syslog messages hit the syslog server tagged as "user.info", which means that they're assigned to the "user" facility with a severity level of "info". I've received a few questions regarding the possiblity of splitting out syslog messages by facility, however, as everything is currently sent to a "user.info" bucket, so-to-speak, this is not possibility. There is a current feature request for this capability and work will be done on this but if this is important for you, I'd strongly encourage you to vote for this feature. In the meantime, however, (whilst not ideal) you can still do some host filtering with rsyslog as outlined here .

As per the MongoDB 2.2 release notes , log output for MongoDB can now be redirected to a remote syslog server. Here is an example configuration. MongoDB Instance MongoDB is started as follows (note the extra `syslog` switch): $ mongod --dbpath=/data/db/syslog --fork --syslog The local "/etc/syslog.conf" file (i.e. on the `mongod` instance) is configured to send everything to the syslog server (10.7.100.20): @10.7.100.20:514 Syslog Server I ran my Syslog server on Ubuntu 12.04. There are a tonne of links out there describing how to install syslog on Ubuntu - see here . The syslog "facilities" are configured in the server's `/etc/syslog.conf` file (I left this as default): ################################################################################# # # First some standard logfiles.  Log by facility. # auth,authpriv.*            /var/log/auth.log *.*;auth,authpriv.none        -/var/lo...

So last night I spoke at the Dublin Google Development Group , which is held in the Google Offices in Barrow Street . For all the times I've passed those offices, either by foot or train, I've never actually been in there and usually looked enviously upon their facilities (I believe they've now got a 25m pool, which for me would be, well, awesome). I was invited by Eoin Bailey (from Trinity), who up until last night (I believe), has been running the group and interestingly, the "head" of the group cannot be a Google employee. Apart from the slick, professional set-up there's also food and non-alcoholic drinks beforehand with a potential retirement to the Schoolhouse afterwards. The facilities were obviously excellent, sweet theatre ("What's up Doc" was the name I believe) with excellent seating, screens etc as you'd expect. The group were seemed interested in my talk but I think I lost most folk when I began talking about sharding, possib...

So back in July, I wrote a blog post talking about my experiences being a so-called "phone jockey", i.e. a support engineer, for 10gen. For those cynics out there, it wasn't written by HR, modified by marketing or requested by management or anyone in our recruiting team - I wrote it off my own back because I've a tendency to do things off my own back I wanted to explain what being a "support engineer" actually meant and more specifically, what it entailed in a small, innovative, fun company like 10gen I now have somewhere to point people too when they ask my what life as a "support engineer" in 10gen is like to get kudos within 10gen and please management When I wrote the blog post, I intended it to be a once-off (why would anyone agree to writing a multi-part blog series) but I was encouraged to at least write a second post by @francium and she's very cool so I let it slide and agreed!!! One of the ideas that I had was talking ...

Sharding, eh? There's so many questions on a daily basis about sharding - What is sharding? How do I do shard? When do I do shard? How do I know I need to shard? How many shards do I need? What shard key should I use? Can I change my shard key? What's a hotspot? How many shards do I need? Do I have a replica set within a shard? etc  and everyone is unique with a different use-case so the answer isn't always the same. Here's the official documents page (on sharding) and Kristina's blog , which is simply excellent on so many levels - I recommend reading both links (btw, it'll take a while :). Kristina uses some awesome analogies to explain sharding. This blog post isn't about the technicalities of sharding, there are much more intelligent people than me who can explain that. I wrote a simple script to learn a bit more sharding and for reproducing issues and I thought I'd share it. It's written in bash beca...

There's a mis-conception around the role of a "Support Engineer".  As a clue, it's not what Urban Dictionary   says   - A person whose job is to answer calls from customers of a small- to large-sized company...... They are teathered to a their desk all day via phone headset........ phone jockeys usually hate their jobs.......they are are paid well enough..........until they completely burn out, and hate everyone.   and doesn't always involve this - Image Source: http://half-bakedbaker.blogspot.ie/2009/11/cannoli-and-broken-computer.html As you can see  here , there's lots of open roles in  10gen  and more specifically with 10gen, in  Dublin . I thought I'd write this quick blog to explain what Support Engineers actually do and why I joined 10gen as a "Support Engineer". I could be wrong but didn't Google come up with term " Site Reliability Engineer " to do away with the stigma associated with being a...