Wednesday, May 27, 2009

Postdoc openings in my group

I am looking for postdocs to work in my group on projects related on sensor networks, wireless networking, and distributed systems. Funding will come through the NSF Computing Innovation Fellows program, which has an application deadline of June 9. If you are U.S.-based Ph.D. student who is about to graduate, and are interested in a postdoc in my group, please contact me! Be sure to attach your CV and mention that this is about the CIFellows program.

Thursday, May 21, 2009

HotOS 2009, Day Three


HotOS wrapped up yesterday. (I'm now in Trento, giving a talk at the University of Trento tomorrow, meeting with colleagues at ArsLogica, and driving back to Milan on Saturday before heading home.)

Click here for some photos from HotOS 2009.

A few highlights from the last day:

Maysam Yabandeh from EPFL talked about Simplifying Distributed System Development, by using a dynamic controller that predicts a distributed system's behavior (based on code analysis) and automatically tuning its operation. This seems closely related to work on Dicrete Control Theory and Yin Wang's paper in Eurosys 2007.

Emre Kıcıman (note typographically-correct use of Turkish ı glyph) gave a talk on Fluxo, a "service complier" that takes a high-level description of an Internet service and maps it down onto an implementation with caching, replication, and service partitioning performed automatically. This seems like a fantastic idea to me, in line with the use of other "service frameworks" such as Rails and Turbogears, but going much further. The challenge I see is debugging and performance tuning the resulting system.

Finally, Vijay Vasudevan from CMU have my second-favorite talk of the workshop on FAWN, a design for compute clusters based on extremely power efficient nodes (ALIX boards with CF drives) that are intended to yield the highest number of operations per joule. The design space was well presented and I like how Vijay did not present this as the best solution for all possible workloads. I'd like to see what the total cost of ownership involves when you factor in wearout of the flash drives and MTTF of the hardware itself.

Overall I think this was the best HotOS that I have been to. The talks were generally very good and on interesting topics. The location was superb -- remote enough to keep people together, but with a decent town nearby. The level of interaction was extremely high, although I would have liked to see shorter talks and a bit more discussion and less requests to "please save your questions until the end." I wonder if they shouldn't have disabled the WiFi during the sessions, although I think most people were pretty engaged and asked good questions. Armando, Ellie, Mothy, and the rest did a great job pulling it together.

Wednesday, May 20, 2009

HotOS 2009, Day Two

Some highlights from Day Two of HotOS 2009...

Michael Kozuch from Intel Research Pittsburgh described an approach to load-balancing computation within a datacenter that involves migrating the running operating system (and the applications running on top of it) from one physical machine to another. One approach is to shut down the OS and reboot it on the new hardware, but Michael is going further by looking at migrating a running OS instance and its device driver state -- even across nodes with different physical hardware. Ballsy.

Don Porter from UT Austin made the claim that operating systems should expose a transactional interface, allowing applications to describe a set of system calls as occurring within a transaction. Although there is a lot of related work in this area Don's point is that the interface should be very simple and general enough to capture essentially any set of system calls within a transaction (rather than being limited to filesystem calls, for example).

Andrew Baumann from ETH Zurich gave perhaps the best and most exciting talk of the workshop (so far) on "Your computer is already a distributed system. Why isn't your OS?" He pointed out that multicore systems already have a wide range of access latencies across processors and caches. Rather than relying on shared memory for communication, why not use asynchronous messaging between cores for everything? The proposed approach is called a multikernel and they are working on a prototype called Barrelfish. One nice aspect of this work is that they are doing a clean-slate design and throwing out support for legacy applications. Right now, the work is very much focused on performance; I'd like to see them look at the reliability and robustness issues that arise when running multiple OS kernels on your machine. (They do make a good argument that it is much easier to reason about a message-passing system than a shared memory system.)

Jeffrey Mogul from HP Labs made the case that we should be using a combination of flash and DRAM (which he calls FLAM) instead of only DRAM for main memory. The idea is to exploit the properties of flash memories in terms of high density and low price (compared to DRAM) to optimize a memory system -- he is not even concerned with the nonvolatile aspect of flash. The idea is to migrate pages between DRAM and flash; I'm not sure why this is so different than having less DRAM and using an SSD as your swap device. One thing you have to worry about is the high latency for flash access and the fact that it wears out over time.

This year we held a (sober) "Big Ideas" session in addition to the traditional (non-sober) "Outrageous Opinions" session. Some Big Ideas:
  • Michael Scott argued that we need to rethink how we teach concurrency to undergraduates, using top-down rather than bottom-up examples.
  • John Wilkes and Kim Keaton proposed that "Quality of Information" is at least as important -- if not more important -- than "Quality of Service" in big systems, and that we need explicit metrics to capture the information quality impact of optimizations in a system.
  • Geoffrey Werner Challen opened up a wide-ranging discussion on the environmental impact of computing technology.
  • Armando Fox argued that e-mail is dead as a communication medium due to the huge volume of spam. He claimed that social networks are far more effective since you cannot even contact someone whom you are not already connected with. Some folks not in the Facebook Generation bristled at this idea, of course. I don't agree that existing social networks are right for this -- for example, most of them do not allow you to maintain separate groups of contacts (such as "friends", "family", or "colleagues").
At the end of the day the beers came out and we had some silly presentations on topics as diverse as the broken conference reviewing system (Dan Wallach), the need for systems to simply predict the future and do that (Steve Hand), and the need for better venues for publishing longer works than just 14-page conference papers (Michael Scott). I made the case that systems conferences should be more like the Ancient Greek Συμπόσιον (Symposium) which was essentially a baudy drinking party. There was a lengthy discussion on ways to improve the conference reviewing process, whether reviews should be made public, and the role of blogs and online forums.

Monday, May 18, 2009

HotOS 2009, Day One

The Twelfth Workshop on Hot Topics in Operating Systems (HotOS) is under way this week in Ascona, Switzerland, at a former nudist colony called Monte Verità. (Sadly, this aspect of the locale has not had much influence on the attendees.) HotOS is about pushing the boundaries of our field and defining new research agendas. It is typically held in a remote, beautiful location and involves an unhealthy amount of alcohol. It's also by invitation only and you usually have to get a paper accepted to attend. This year there were 84 paper submissions and 22 papers accepted.

A few highlights from Day One...

Adam Greenfield, Nokia gave a keynote talk on The Elements of Networked Urbanism. Adam painted a very broad picture of the impact of new technologies on how people in cities connect, share information, and learn about their environment. Of course, this topic is near and dear to my heart since one of my projects is building a city-scale wireless sensor network. Adam's premise is that every physical object in a city (fire hydrants, streetlights, slabs of pavement) will be networked and addressable, turning them into networked and interactive resources, not just passive objects. (Personally, I think this a bit off mark --the fact that you can give every physical object an IPv6 address doesn't mean it makes any sense to talk to it. The real issue is the protocol, not the addressing.) Adam touched on many issues -- technical, legal, social, and economic -- tying into this vision. I wish he had said more about how this will impact the poorest denizens of the world's cities, and though he mentioned the slums of Mexico City, Manila, and Nairobi, it wasn't clear how "networked urbanism" help these people very much.

Margo Seltzer got the technical sessions off to a great start with a talk on Hierarchical Filesystems are Dead. She probably made it through two slides before the ornery audience started peppering her with questions - exactly what I like to see at HotOS. Her basic argument is that files are objects with multiple attributes and forcing them into a hierarchical namespace conflates naming and storage. The proposed approach is to allow users to build their own personalized namespaces for objects (in any structure they see fit) and apply well-established techniques from the Web (like bookmarks and search).

Colin Dixon argued that we should banish network middleboxes as too expensive, complex, and difficult to manage. The talk was focused on enterprise networks (Cisco middleboxes cost several thousand dollars) and ignored the prevalance of cheap (essentially free) middleboxes in home networks. He argued that end hosts are overprovisioned so it's better to run middlebox services at the edge where they are easier to manage. (I'm not sure I buy this. It seems easier to manage a single middlebox than a bunch of possibly misconfigured end hosts.) Also, the assumption of overprovisioned hardware doesn't necessarily hold for smartphones, which are increasingly important as network clients. (Colin's response to my question on this was that you should run a proxy for smartphones. But that's a middlebox. This probably deserves a bit more thought.)

Bingsheng He from Microsoft Research Asia talked about a new apporach for optimizing dataflow queries in clouds, called wave computing. The basic idea is to co-optimize multiple concurrent queries running within a framework like DryadLINQ or MapReduce to reduce redundant computation and I/O. It wasn't clear to me how this relates to conventional multiquery optimization in database systems; Bingsheng's response was that this is a hybrid approach between conventional query optimization and streaming query optimization.

Byung-Gon Chun from Intel Research Berkeley made the case for automatic partitioning of smart phone apps between the phone and a back-end cloud. The idea is to run a "clone" of the phone image in the cloud and use it to do things like background processing, verification, and running heavyweight computations that you can't do on a phone. The proposed approach involves partitioning and migration of process state between the phone and the cloud. This strikes me as unnecessarily complex. After all, most smartphone apps are already partitioned between the phone and a back-end service -- Byung-Gon suggested that this was painful and complex for programmers, but thousands of iPhone apps and hundreds of millions of users of services like Facebook suggest otherwise.

Prabal Dutta from Berkeley made the case that mobility changes everything in sensor networks. He focused on "mobiscopes" involving mobile sensors that collect data from their environment and exchange messages opportunistically. The key idea is that if a sensor can detect and characterize its own mobility, the networking stack can use this information to do a better job at link estimation, routing, and so forth. He described some cool new hardware that has a hardware vibration detection circuit that can wake itself up when it starts moving.

Jason Waterman gave the talk for our paper on Peloton. He got a lot of good questions, mostly dealing with concerns about the overhead of our proposed global tuple space for sharing resource state across nodes. Michael Scott made the point that a "one size fits all" approach probably won't work well. That's undoubtedly true, just as it is true for the wide range of services we have built up in more conventional distributed systems (RPC, shared memory, you name it). The question is whether the overhead of our underlying mechanisms can be recouped through better coordination between nodes in managing their resources.

Over dinner, I got a chance to gab with Mothy, Dave Anderson, Garth Gibson, Prabal, George Candea, Michael Kaminsky, and Shivnath Babu on a wide range of topics, including my wacky idea about "The Next Billion Programmers". I'll blog on that one later.

Friday, May 15, 2009

Tracking Hulu's viewership

The NY Times is running a piece on the difficulty of counting the number of unique visitors to streaming video sites, like Hulu. Apparently, Nielsen's estimates of the total viewership for Hulu are far lower than that of other measurement firms.

Nielsen seems to be extending the model they use for tracking TV viewership to online video. In this case, they monitor the online viewing habits of some 200,000 users and weight them to extrapolate the total viewership of the site. This is clearly error-prone and potentially leads to substantial bias in the reported results.

I don't understand why Hulu does not simply track the number of unique users to their site directly, using IP addresses and cookies -- just like most other websites. Hulu should have all of the information it needs at its fingertips; why get Nielsen in the loop? I recognize that tracking IPs and cookies not a perfect approach, but I am surprised that Hulu needs to rely on a third party ratings company for its metrics when there are well-established technical solutions out there. The only guess I have is that it's to ensure that the ratings numbers can be independently verified, but there must be a better way than tracking viewership of a relatively tiny slice of the population. Can someone explain this?

Wednesday, May 13, 2009

Peloton: Coordinated Resource Management for Sensor Networks

I have posted the camera-ready PDF of our forthcoming paper to be presented at HotOS 2009, entitled Peloton: Coordinated Resource Management for Sensor Networks. This paper describes a distributed operating system for sensor nets that is intended to provide the right abstractions to permit coordinated resource-management decisions to be made across multiple nodes. The key idea is that to get the best energy efficiency, it is often necessary for multiple nodes to orchestrate their roles.

The canonical example arises in a simple data-collection application, where each node locally samples data, perhaps performing some local processing, and forwards the data to a base station along a multihop spanning tree. To achieve long lifetimes, each node needs to determine how to mete out its limited energy reserves for sampling, computation, transmission, listening for and forwarding packets for other nodes, and other overheads such as maintaining time synchronization. Today this is generally done in an ad hoc manner, using manually-tuned, static schedules that fail to react to changes in the network load and energy availability over time. As a result, existing systems are typically very energy-inefficient and there is a lot of room for improvement.

Our Pixie operating system provides a node-level abstractions for reasoning about resource availability and giving applications the opportunity to adapt their behavior accordingly. The idea in Peloton is to extend this model across the network. (We named the system after the peloton in a road cycling race, in which cyclists draft each other closely to reduce wind drag and increase efficiency.)

There are three basic mechanisms in Peloton. First, nodes share information on their resource state using a global but weakly-consistent tuple space in order to promote informed decision-making. Second, we extend Pixie's resource ticket abstraction to support distributed resource allocations, called vector tickets. Third, we decouple the allocation of resources from use through a distributed ticket agent model. Nodes can delegate responsibility for resource allocation to a ticket agent operating centrally, remotely, or collectively.

In the paper we describe three application vignettes that would benefit from the abstractions in Peloton. My Ph.D. student Jason Waterman will be giving the talk at HotOS and we hope to have a prototype released this summer.

[Image credit John Spooner.]

Thursday, May 7, 2009

Spread of the Torpig Flu

The Computer Security Group at UCSB recently released a report, "Your Botnet is My Botnet: Analysis of a Botnet Takeover", in which the authors hijacked the Torpig botnet for 10 days (basically by registering a fake command and control server that the infected machines contacted). This is a fascinating read and highly recommended.

The report is downright scary. The sophistication and reach of the Torpig botnet is remarkable. It installs modules into many common applications (Web browsers, email clients, IM clients) and steals information including passwords, email account information, credit card numbers, and the content of any Web form filled out by a user. This latter is noteworthy as it includes a tremendous amount of sensitive information, including the content of emails that have been sent by users on infected hosts. The authors of the report went so far as to inspect some of the content captured by the botnet and found nearly 300,000 username/password pairs; credentials for some 8,000 bank accounts; and 1,600 credit card accounts. This information was captured from 180,000 infected machines, and it's worth keeping in mind this is only in the span of ten days.

Another remarkable aspect of Torpig is that in most cases the user would have no idea this information was being captured. Since the botnet hides itself deep into the lowest levels of the system software, even information sent to trusted websites over secure SSL connections can be stolen by the botnet.

I don't tend to follow malware developments very closely, but this is a pretty big departure from the days of Code Red -- defacing websites seems fairly pedestrian compared to Torpig, which is capable of global scale information theft (not to mention financial mayhem). Should I feel safe because I only use Mac and Linux machines?



Startup Life: Three Months In

I've posted a story to Medium on what it's been like to work at a startup, after years at Google. Check it out here.