Interesting Internet Usage and Social Networking Statistics

Over the weekend I took some notes from a presentation and did some research from various sources. The result was a blog post about Internet trends that I posted on my personal blog. There are some very interesting statistics about Internet usage and social networking. Also, Facebook fans will find some interesting facts as well.

Solaris 10 User Group Part X

Tomorrow I will be attending the Solaris 10 User Group Part X at the offices of Sun Microsystems, 101 Park Ave., New York, NY. This is an all day event and there is even a MySQL talk by Philip Antoniades. Other presenters include Ambreesh Khanna, Isaac Rozenfeld, Neal Weiss, Sunay Tripathi, Amjad Khan, Damien Farnham and Dave Teszler.

Unfortunately, the event registration is now closed, but if you're attending I look forward to meeting you.

Sun's exciting technologies

It's exciting to see how many technologies Sun is working on.

On May 1, I took a few members of our operations and database team to meet with Vasu Prakash who is an Engagement Architect with Global Systems Engineering division of Sun Microsystems. Vasu generously let us pick his brain regarding a wide range of exciting technologies Sun is working on and to see how they may potentially address our needs and challenges.

The following notes are my personal notes expanded with some articles from my bookmark collection.

Thumper
- Thumper (X4500) offers 48TB (SATA HDD) in a 4U at around $1.30/GB, runs Solaris OS and ZFS and supports RAID 0, 1, 0+1, 5, 6 enabled by RAID-Z and Raid Z2. X4500 supports 16GB RAM and needs 200-220 V AC for power. For non-Solaris users, other operating systems are supported as well.
- We initially evaluated Thumper as our backup storage solution but then ended up going with Sun Storage Tek. I am, however, interested in evaluating it further.
- Robert Milkowski wrote a post benchmarking Thumper and found that he was able to get more than 2GB/s aggregate write throughput using raid-5 volumes! He concludes with "Woooha! It can write more data to disks than most (all?) Intel servers can read or write to memory"
- Jason Hoffman also seems pretty pleased with Thumper
- Jonathan Schwartz's blog post announcing Thumper

ZFS
- ZFS, for those who need an introduction, is a 128-bit transactional file system offering self-healing capabilities and useful if you are running into limitations of 64-bit file systems. It is 18 billion billion times larger than 64-bit file systems.
- ZFS pooled storage can grow and shrink automaticaly.
- One of the questions I am most often asked by people is that if ZFS is really what it is then why hasn't it replaced UFS as default file system for Solaris. I would love to see a blog post by a Sun insider addressing this question.
- ZFS Best Practices Guide
- ZFS Learning Center

Solaris Containers
- For a really interesting project, I may need to create a couple hundred zones on a server (no this is not for a production system as we are a Redshift application). I was surprised to learn that more than 8000 zones (8191 non-global zones to be precise) can be created within a single operating system instance. Of course, if you do create a very high number of zones, don't benchmark boot time as it will take a very long time to boot up:)

SAM-FS
SAM-FS is short for Sun StorageTek Storage Archive Manager and it is a very exciting policy based file system by Sun. According to Sun website (it is marketing lingo but saves me the hassle):

"SAM software provides data classification, centralized meta-data management, policy based data placement, protection, migration, long-term retention, and recovery to help organizations effectively manage and utilize data according to business requirements. SAM enables users to reduce the cost of storing vast data repositories by providing a powerful, easily managed, cost-effective way to access, retain, and protect business data over its entire lifecycle. This self-protecting file system offers continuous backup and fast recovery features to help enhance productivity and improve resource utilization."

In a nutshell, if I understand correctly, SAM allows you to specify policies and then based on those policies it can move your data around from a fast-but-expensive storage to inexpensive-but-slower storage to give you the most bang for the buck. All data migration and transfer is transparent to the application. MLB is a major user of SAM. There is also an interesting case study on how MLB uses SAM.

QFS:
If NFS is your headache then QFS may provide a solution. QFS provides "nearly raw device access to information and data consolidation for read/write file sharing," according to Sun. My understanding is that using QFS requires a fibre channel to connect application servers to storage (if that's not true, can someone please correct me).

A maximum of 128 systems running QFS can share access to the same data without compromising file integrity. QFS volumes can scale up to 4PB. More QFS features are available on Sun site.

The main limitation to note: Mixed architecture (SPARC with x64) metadata servers are not supported for failover purposes. Neither are mixed architecture multi-reader configurations supported.

More Sun technologies I want to write about: Sun Cluster implementations in local (node to node), metro (run a fibre :) ) and global (global load balancer) modes. Sun cluster requires common storage that should be either direct attached or attached through a SAN switch. In addition, failure fencing, memory mirroring and vertical threading in M4000, Sun's Victoria falls processors (T5140 and T5240), PNFS and last but not least, Greenplum (claiming to be world's best database for BI and built upon PostgreSQL). Hopefully, I will talk about them in my future posts.

New Responsibilities

During my university days when I was working towards a dual degree in Accounting and CIS, I co-founded a small managed hosting company which I ran for four years along with two other co-founders. Then I started a consulting company and eventually moved into online publishing. Things changed and after nearly nine years of being self employed, I took over the very challenging responsibility of single handedly managing and scaling databases of a top 50 site (in 2006). It was definitely not an easy journey and I feel ecstatic to have helped my employer handle 6x growth and rise to being a top 13 site (using same Alexa algorithm).

While I enjoy working with MySQL, Solaris and technology a lot, I really missed being part of business side. Those of you who know me outside my database role, know how much I crave problem solving related to day to day business operations especially strategic decisions, financial, product architecture, monetization, marketing, advertising and SEO etc. For me databases and scalability are very important part of running a successful business in today's environment and I am so happy to have been a key player for my employer in that area.

In short, I wanted to be more involved in both business side and technology side. So I recently accepted a new role with my current employer as Director of Business Operations and Technical Strategy. In addition, I will still be leading and training our database team.

This new role will allow me to get involved with much more than just databases at my job, something I am really looking forward to. Big thanks to my management team for recognizing my skills and giving me a chance to help my company reach new levels.

Sun loses 23% market capital

Sun missed its earnings and sales estimates and as a result it lost approximately 23% of its market capital. Even more disturbing news is the announcement that Sun will be cutting 1500 to 2500 jobs. Eric Day raised his concerns as to whether this job cut will affect MySQL hiring to which Marten replied and pointed to several open positions within MySQL.

Sun has an array of very interesting and useful technologies under its hood. The amount of care Sun takes for its customers is truly impressive and I hope MySQL will follow in Sun's foot steps. Yesterday, I met with a Sun engagement architect and the amount of interest he showed in the technical challenges my team faces was unmatched. I am already working on a blog post to highlight some of the technologies my team discussed with Sun's representative.

With Sun's stock now down, I think it is an excellent time to buy some JAVA stocks which closed at 12.64. I may actually put a small order myself.

Yahoo! Mail Bug? Emails disappearing upon reaching 65,535 emails in one of the folders

I am very confused.

I subscribe to several email lists including MySQL and Ruby on Rails lists. Generally, I keep my mailbox clean except for a folder in which I was archiving messages Ruby on Rails.

A few days ago I noticed that my Ruby on Rails folder reached 65535 messages. Today, I was looking to reply to an email from Keith Murphy (to which I had previously replied as well) and was surprised to find that the particular message didn't show up in my search. This particular message was sent on April 30 so I started scanning all my emails received on that day.

Surprisingly, I didn't find it even after a careful visual scan. Not only that, I noticed several of emails I received in the last 2 weeks missing. My initial reply to Keith was still sitting in my Sent mail folder. My trash folder also had several emails that I had deleted but not the ones that were missing.

For the life of me I cannot figure out where these emails went. Then suddenly I noticed that the Ruby on Rails folder still has 65535. Which is very weird as this is an active list.

I decided to send an email with criteria that would make it land in Ruby on Rails folder. After 6 hours, the email is still isn't in my inbox.

With 65,535 being a magical number representing a limitation of 65,536 objects, I believe this is a limit of a Yahoo! folder. Not only that, it seems that once you hit that limit, all sort of weird things start happening. Like, in my case, random missing emails.

This is pretty upsetting as I am not sure how many of my emails are missing. As soon as I deleted a few emails to bring the count down to 65,535, new emails from Ruby on Rails list started arriving (although not the one I had sent myself earlier today).

Now, unfortunately, I feel paranoid, not knowing how many important emails I have lost.

So, I have decided to open a new email account fmashraqi at yahoo and will be updating my contacts to start sending me email on that address.

My reason for posting it on this blog is to ask the community members if they have noticed anything like this? I know 65,535 emails is an insane number of emails but at one point I was interested in archiving the list. With Yahoo! offering unlimited storage, I wonder why isn't this limit documented?

MySQL / Linux swap problem doesn't exist on Solaris 10

Right now there is a discussion on Planet MySQL regarding MySQL / Linux swap problem. Peter Zaitsev originally brought the problem of MySQL swapping to light. Recently, Dathan Pattishall also wrote about it in his post Linux 64-bit, MySQL, Swap and Memory. Don McAskill followed up with his post, MySQL and the Linux Swap problem, and an interesting way to get around the issue: "make swap partitions out of RAM disks." Don also points to another article by Kevin regarding using O_DIRECT to fix the swap issue.

To get to the point, some time ago, I experienced a similar issue on few of my old servers running Solaris V210, UFS with plenty of memory available. My initial thinking was that I am experiencing similar issue so during my presentation at MySQL Conference, Optimizing MySQL and InnoDB on Solaris 10, I pointed that this *may* exist in Solaris 10. Luckily a Sun representative (I believe it was Matt Ingenthron) corrected me towards the end of my session and pointed that UFS and Solaris 10 kernel have features built to avoid just that. That confirmation from a Sun representative was authoritative. We have already decommissioned the affected servers from production so it may be some time before I can find the precise reason why we experienced the swapping issue. Note that I haven't seen this issue on any of our other V210, V440 and T5120s in production.

Optimizing MySQL and InnoDB on Solaris 10 for World's Largest Photo Blogging Community - Video

The video of one of my three sessions, "Optimizing MySQL and InnoDB on Solaris 10 for World's Largest Photo Blogging Community", presented at MySQL Conference & Expo 2008 has been uploaded by Sheeri. I am very thankful to her for doing all the hard work and making it available.

There are a few slides that were edited out of video because of reasons beyond my control. However, you should still be able to enjoy most of the video.

There is one point related to this video that I would like to make: Based on my particular experience I was leading to believe that Solaris 10 Kernel had the same issue as Linux Kernel related to swappiness and swapping where the kernel will start putting more importance on maintaining file system cache than the mysqld process. However, towards the end of the session, it was pointed out by a Sun engineer (thanks!) that there must be something else going on as UFS on Solaris 10 shouldn't depict this behavior and a process shouldn't swap in favor of maintaining file system cache. I am having this issue on 3 of my servers and I am currently working with Sun engineers to get to the bottom of the issue.

Velocity Conference -- Web Performance and Operations Conference

I just made my reservations to attend Velocity Conference in Burlingame, CA. Velocity is a new two day conference being organized by O'Reilly. I was happy to learn at Lunch today that one of my good friends from CafeMom will also be attending. Over at Facebook I see Don McAskill has RSVP'd for the event as well.

Jesse Robbins, chair for Velocity conference graciously provided a 20% discount coupon as a comment on my blog post.

The early registration is about to end, but I find it really interesting that many slots still mention TBC (to be confirmed). I would have expected the schedule to be fully determined by now, however, I still believe this should be a great conference to attend.

Earlier I wrote about my proposed session being rejected at Velocity Conference which was a big disappointment especially since my presentation was about a top 13 website in the world. Wasn't that the point of this conference to begin with? There are several sessions at this conference that have been presented several times at other conferences including MySQL and a little Google search turns up the slides. So some company's 'secret sauce' is worth repeating and others not? Oh well, no hard feelings. As I said, I still think there would be some interesting sessions.

Let me know if you are planning to attend the conference. I will be flying to SFO on Sunday evening and flying back on Wednesday afternoon.

Don McAskill - People I met at MySQL Conference

"The two metrics that are most important to me are first customer satisfaction and second growth." - Don McAskill

Today, I noticed Don is featured on Sun's customer success stories page:


Don McAskill is the CEO and Chief Geek of Smugmug, a photo and now hi-def video (using H.264) sharing site with a successful business model behind it.

I initially met Don last year at the MySQL Conference when my then boss told me that he is interested in meeting him. That was my introduction to Smugmug. I was impressed by SmugMug's presentation of photos and the care they took to make your photos and galleries look awesome.

This year, as a member of Smugmug, me and my wife got to interact with Don on a personal level.

We had several suggestions related to how our Smugmug experience could be improved and Don listened very carefully. One of the things I was most interested in seeing implemented was blocking Smugmug subdomains from being indexed if a customer is hosting them on their own subdomain.

I was truly impressed by how much Don thinks and cares about his members. It isn't a surprise that he runs a very successful site. From my conversations with Don, It seems there are many interesting projects Don and his team are working on and I can't wait to see them implemented. Almost all of the projects we heard about were focused towards customers. No wonder Smugmug has a high customer retention rate.

Technology wise, I am a fan of decisions Don has made to run Smugmug. He uses MySQL, S3, EC2 for processing and video conversion, Solaris 10 and Sun hardware.

Despite being the CEO, Don is the MySQL guy at Smugmug. His latest blog post, Death of MySQL read replication high exaggerated, was a good natured jab at discussion Brian Aker started with Arjen Lentz and me jumping in.

In the following video, Don Grantham interviews Don McAskill (yup, two Dons together) about Smugmug's relationship with Sun and the challenges of running a successful Web 2.0 business with more than 350,000 paying customers and more than 300,000,000 photos. As you can see in the video, customer satisfaction is more important than growth to Smugmug.


Since I joined Smugmug, several of my friends including Ronald Bradford have also joined. You can view my galleries by clicking on the image below and Ronald's photos from the MySQL conference by clicking on the image underneath:





If you use Smugmug as well, drop your Smugmug URL as a comment (of course, only if you want to share).

To stay up to date with exciting stuff happening at Smugmug checkout Don's blog.

People I met at the conference

Every year I meet a lot of new and old friends at the MySQL conference. To highlight their involvement in the MySQL community and at the conference I have decided to start a new series: "People I met at the MySQL conference."

I probably won't be able to cover everyone I met (sorry about that) but I intend to cover as many as possible. There will be no order in which I cover people. Also, there is no secret agenda and of course whatever I say is just my personal opinion. Just whenever I have a few thoughts ready about someone, they will pop out :)

Disaster is Inevitable -- SQL Injection: Poorly Written Code and No Backups!

Let me start out by saying: the best response to a disaster is backup you can count on.

Found a scary story today about hundreds of thousands of websites using Microsoft IIS and SQL Servers being affected by Internet-wide SQL injection attacks. The story originally reported by F-Secure is now on Slashdot as well.

On the IIS forum, panic is visible. Those who had backups are breathing a sigh of relief like one administrator who commented, "We have been hit by this as well. Lucky backup ran last night just prior to the attack."

Others without backups are just screwed.

F-secure reports in an update to the story, "Do note that this attack doesn't use any vulnerabilities in any of those two applications. What makes this attack possible is poorly written ASP and ASPX (.net) code."

Although this attack is targeted towards IIS and SQL Server, there are lessons to be learned for sites using other servers and databases. There are several guides available on the Internet that will show you how to secure your application against SQL Injection attacks, like http://www.blogger.com/img/gl.link.gifthis one that is focused on securing PHP and MySQL applications.

In this year's "Disaster is Inevitable--Are you Ready" presentation at the MySQL Conference (Yes, I have read Baron's post), I covered a few types of disasters. However, I missed an important kind of disaster: ones that are caused by SQL Injection. My next presentation on this topic will certainly cover this. BTW, if you missed my presentation, you can thank Artem Russakovskii, who took meticulous notes that you can read.

What saddens me is comments like, "but we have all patches applied to the version we are using." There is of course, a disconnect here as far as understanding the problem is concerned.

Patches don't secure you against SQL injection attacks; Properly written code does. Sanity check is very important!

Replication as a backup method won't help against SQL Injection
Based on my survey, a disturbingly high number of sites use replication as their backup strategy. If replication is your sole method of backup, then beware, SQL injection based disasters aren't going to help. Unless, of course, you have time delayed slaves and are able to stop replication before the slaves are affected.

Every year there are a number of backup related presentations at MySQL Conference. All, except one of the following, were presented this year!:

- What do you mean there's no backup? -- A timeless presentation by Mike Kruckenberg and Jay Pipes originally presented in 2006.
- Backup and Recovery Basics by Kai Voigt
- MySQL Backups go near continous by David Wartell
- MySQL Online Backup: An In-depth presentation by Chuck Bell
- Online Backup, Open Replication and a world of contribution by Lars Thalmann and Chuck Bell
- Performing MySQL Backups using LVM Snapshots by Lenz Grimmer
- Top 5 Considerations While Setting Up Your MySQL Backups

MySQL on Solaris 10 -- Buffer Overflow and Security Bypass Vulnerabilities

So found some recently discovered buffer overflow and security bypass vulnerabilities when running MySQL on Solaris 10. According to FrSIRT, these vulnerabilities "could be exploited by attackers or malicious users to bypass security restrictions, gain knowledge of sensitive information, cause a denial of service, or execute arbitrary code." A final resolution for these vulnerabilities is pending completion according to their website.

Unfortunately, I do not have a FrSIRT account currently (need to get one ASAP) so I couldn't dig this vulnerability further. However, I am dying to learn more about this.

Java getting fully Open Source

The big news coming from Java One is that Sun is removing the last licensing hurdles in Java. What this means is Java is becoming fully Open Source.

Java users can especially thank Sun now. Also this supports Sun's vision of Open Source.

"We've been engaging with the open-source community for Java to finish off the OpenJDK project, and the specific thing that we've been working on with them is clearing the last bits that we didn't have the rights," to distribute, Sands said.

"Over the past year, we have pretty much removed most of those encumbrances," Sands said. Work still needs to be done to offer the Java sound engine and SNMP code via open source; that effort is expected to be completed this year. Developers, though, may be able to proceed without a component like the sound engine, Sands said.

Source: Yahoo News

I think Monty found the right environment to work in.

Update: Original post mentioned "Java now fully Open Source" however as the article points, Java is expected to become fully open source later this year. I wonder how much role MySQL conference played in this announcement coming earlier.

Mashable Party at Webster Hall

I will be at the Mashable Party at Webster Hall on May 16, 2008. The party starts at 8PM and goes till 4 AM although I won't be staying till 4.

There are less than 100 tickets left. If you are attending and use MySQL, Solaris 10 or Sun hardware in your environment, I would love to chat with you.

And, there are no presentations :)

------ EVENT DETAILS ----

What: MashBash NYC : Mashable’s NYC Spring Party!
Who: 2,500 Sold Out Crowd, 400 Mashable VIP Tickets on Balcony, Grandmaster Flash starts the night off
When: Friday, May 16th, 2008
Drinks: Open Bar, 8 - 10 pm sponsored by Kluster
Where: Webster Hall, 125 East 11th Street, New York, NY

Schedule for the Evening: 8 - 10 pm: Mashable is hosting an exclusive 400 person VIP event on the 2nd Floor Balcony of Webster Hall’s Grand Ballroom. There will be an open bar sponsored by Kluster.com.
10:00 pm: Doors open to the public, a 2500 person sold out crowd
10:15 pm: Opening for Mashable’s VIP guests is none other than the legendary Grandmaster Flash.
Midnight till 4 am+: Mashable’s VIP guests are welcome to stay in the VIP area all night for music from acts including MSTRKRFT, L.A. Riots and more.

Back from the MySQL conference

This morning I landed back at my home airport, EWR, after spending a fun-filled week and a half at the MySQL Conference 2008.

This year's conference was the best ever for me. I have a lot of people to thank and a lot to blog about. The number of pings I have received about lack of my blogging during conference is truly humbling. However, I did have a good reason for not being able to blog.

First, I was presenting three sessions, with two on the final day of the conference. Since I have the habit of continuously revising my presentations, that put a little bit of pressure on me. A big thanks to all those who came to my sessions.

Second, I was given a great opportunity to be a keynote panelist at the "Scaling up or out" session at the MySQL Conference. If you missed the keynote, you can watch the full video of the keynote posted by Sheeri.

Third, me, my wife and a few friends were invited to a trip of the lifetime by hardcore community evangelists at Proven Scaling (Jeremy Cole, Eric Bergen and Mike Griffiths). We had a great time visiting Yosemite National Park (more on this later). This was my first time without checking email or being on the Internet in nine years.

Now that I am back, I intend to put all my thoughts regarding the conference and the trip as blog posts in the coming days so stay tuned.

Heading to MySQL conference in Santa Clara

I am leaving in a few hours from Monterey for Santa Clara, the home of MySQL conference. I should be in the Hyatt Regency Lobby at 5:45 PM. I still have one more space in my car so if you haven't found a ride yet to go to the pre-conference dinner, you can reserve the spot by calling me or sending me a text message at 5/5/1/6/5/5/5/5/9/0.

Facebook Scary Message

A friend emailed me a message he had received when attempting to login to Facebook:

The message reads,

Warning: Facebook detected a potential scam to steam your account!
To prevent future problems, please reset your password.

Also, I was hearing in news today that a significant percentage of scams are now targeted towards social networking sites.

Of course, it goes without saying that one should not use their "important" passwords with social networking sites.

On my way to MySQL conference

Later today around 5PM EST both me and my wife will be flying to San Jose to attend MySQL Conference happening next week. We will be staying the first two nights in Burlingame to meet family and friends.

Then on Friday evening we will be going to visit more family in Monterey. We will arrive at Hyatt Regency, Santa Clara, on Sunday afternoon.

Once at Hyatt, I will be happy to give a ride to anyone going to the Pre-Conference dinner.

After the conference, my plan is to spend time with a few friends. I will be flying red-eye, Sunday night, back to home.

Like previous conferences, I can't wait to see all my old and new friends.

My passions include InnoDB, memcached, BLOBs, Latent Semantic Analysis, Ruby on Rails (why won't it scale), SEO, monetization, Solaris 10, Sun hardware, Hadoop, Lucene, replication and Blue Moon :), I would love to meet/talk with other users passionate about similar stuff.

Can backup really kill performance?

Yes, if you are running backing on a large database that is also handling production traffic (not a very smart idea to begin with). This is especially important for backups created using snapshots based on copy-on-write algorithm.

Brian makes an important point in a comment to my post regarding backup. He points out "Backups are always onerous on IO" and that a better way to backup is to use slaves or a standby master (if using multi master replication).

If you *must* run backups on a production server, then ibbackup becomes very important as it doesn't affect performance as much as the evil snapshots created by snapshot tools like fssnap and LVM. I have found that in our case purchasing ibbackup licenses were worth every penny.

In our environment, running backups using copy-on-write snapshots was killing performance. Writes would start stalling several hours into the backup process. It didn't help that backups would take 27 hours to finish. I moved most systems to using ibbackup and for those systems running backups hasn't been an issue at all.

Of course, if you must backup production servers, take snapshots to backup everything except the databases. That way the snapshots will be held for a much smaller period and you can continue backing up databases using ibbackup.

What about mysqldump? I don't consider mysqldump an appropriate tool for periodic backups. I can see it working for small databases but running it on enterprise level databases for daily backups is just not going to be feasible.

I would love to discuss backups more at the conference. I also would like to evaluate some of the backup vendors exhibiting at the conference.