Thursday, July 17, 2014

Swift (Not TSwift)

Swift is a new language developed for iOS and Mac OS applications. In this presentation, VM Farms Inc.'s Anarosa Paredes outlines some of its major features, for the company's Friday Tech Demo series.

Tuesday, June 24, 2014

All About DNS

Do not unplug this cable.

DNS, the system that translates domain names into IP addresses, is deceptively simple. In this deck, VM Farms Inc. CEO Hany Fahim outlines why it matters and how it works.

Friday, June 20, 2014

Client Case Study: Wave HQ

Wave HQ is one of our oldest and (now) larger customers.  Over the years, we’ve worked closely with their team, so much so that we consider them part of the VM Farms family.  Wave’s continual growth over the years has allowed us to build and refine many of the products and features that we roll out to each of our customers.  It’s been a great relationship and a wild ride.  





Wave started as a small team with a big dream.  As its customer base grew, Wave added new features and products and within two years, grew from a team of 7 to over 70.


With rapid growth and a customer base of more than 2 million users, Wave’s development team faced the enormous challenge of constantly monitoring and managing a rapidly growing application. Because of this, their developers were spending more time dealing with server issues, and less time building their product.


“When we first got started, our footprint was pretty small and we got away with doing all of the operations work ourselves.  Even as we grew bigger, my staff and I could still keep up, but it was beginning to take up increasing amounts of our time.  We finally reached a point where we were losing our focus on product development, because we were constantly interrupted by operations issues.  Eventually we had to stop and ask ourselves ‘even though we’re capable of doing this, does it mean that we should be the ones doing it?’  We had to find a solution.”
- James Lochrie, Co-Founder and CMO of Wave HQ


Knowing that their developers were their most valuable asset, and that their time was better spent writing great code - Wave decided to work with VM Farms. This allowed them to free up their developers, but also to keep lean and avoid costly headcount additions.


We worked with the Wave team to standardize to a single platform, and assisted them with migrating into to our hosted infrastructure.  Wave is now able to reap the benefits of a largely automated system and a fully staffed operations team that would work vigilantly around the clock to ensure that Wave’s servers were always running at their best.


“We immediately found that by moving to OaaS through VM Farms’ hosted cloud platform, that our application performance had increased, our downtime was dramatically reduced, and our developers could focus purely on building better products and services.  The transition was so smooth and the delivery seamless, that we consider VM Farms as much a part of our family as we do a part of our continued success!”

- James Lochrie, Co-Founder and CMO of Wave HQ

Monday, June 16, 2014

Self-Documenting Architectures

a.k.a.: How to perpetuate laziness.

In this talk, VM Farms Inc. CEO and Founder, Hany Fahim, outlines some key techniques for effectively establishing documentation practices to manage client architectures.

Monday, June 9, 2014

Building a Manhole For Your App

Situation: Your software is acting up. Your software is not a web app, but rather a daemon process (like a worker of some sort). How do you debug?

Hany Fahim, VM Farms Inc. Founder and CEO, gave this talk to the Django Toronto Meetup on October 16, 2014. It highlights some common tools used to debug a process while running.

Monday, June 2, 2014

MongoDB (Or: How I learned to stop worrying, and love the meshuggah DB)

Jeff Hickson, the author of this talk, has worked extensively with MongoDB in the past, and shares his expertise through a high-level overview, a discussion of its sharding capabilities, and some common gotchas.
 

Friday, May 30, 2014

Perfect Forward Secrecy: A love story

heartbleed.png

The fragile state of web application security has grabbed our attention in recent months with cryptography libraries in the forefront. The fallout from software defects with nicknames like GOTO FAIL and Heartbleed have led technologists to reconsider how they approach encrypting private information in transit. These bugs have also illuminated how difficult it is for the average user to understand modern information security.

As a systems administrator or a developer, one comes to dread catastrophic vulnerability disclosures, as rare as they are today. Whether it's on Microsoft's infamous Patch Tuesday or any other day in the open source world, brows are furrowed onto the first words of a disclosure through until they've assured themselves and their clients are not affected.

Our brows were not furrowed long when it came to Heartbleed. We took care of it immediately, notifying and patching all customers across our cluster by 9am the morning after. As we finished up the job, more than 50% of the top 1000 websites were still vulnerable.

We were grateful for our existing automation and tools, as well as the skills of our ops team. They enabled us to confidently move on with business as usual.

"Et, bien sur!" - because the very next day, we set off to Pycon 2014 in Montreal!

BlOK0zUIMAA9uBl.jpg

The event's timing was a great opportunity to see and contribute to the Python community's reaction to the recent Heartbleed disclosure and I was personally excited to grab beers with friends in the security community there. These discussions were certainly echoed around the world that week and in the months since, proving the need to take up new best practices and adopt more prudent safeguards on implementations.

In particular, Hynek Schlawack presented an excellent talk on The Sorry State of SSL- you can watch it, as well as other talks from the event, at pyvideo.org. The VM Farms team had already read about Hynek's recommendations for cipher suite best practices. Heartbleed motivated us to act decisively:

An attack against a server may also reveal the server's private master key, which would enable attackers to decrypt communications (future or past stored traffic captured via passive eavesdropping, unless perfect forward secrecy is used, in which case only future traffic can be decrypted if intercepted via man-in-the-middle attacks). -- Wikipedia

So, soon after we returned, our team enabled perfect forward secrecy across all our customers' servers. You can see the results of third party SSL testing yourself.

But for failings in Internet Explorer 9 & 10, it'd be an A+.

On the client side, if you'd like to learn more about the state of SSL/TLS at the sites you browse most frequently, these browser tools will help you remain vigilant.

SSL Observatory - The Electronic Freedom Foundation has a crowdsourced project to scrutinize the certificates used to secure all of the sites encrypted with HTTPS on the Web for potential fraud and attacks.
HTTPS everywhere - also by the EFF - will default your browser to use secure connections whenever they are available.

Calomel SSL Verification Plugin will validate SSL connection strength as you browse. The toolbar button will change color depending on the strength of encryption from red (weak) to green (strong).

VM Farms provides expert advice and smart operations on our own Canadian cloud. We've been glad to help our customers understand and mitigate risk. If you need an ops team, visit http://vmfarms.com to learn more about why we're a different kind of hosting company.