Have all of y’all been hoarding toilet roll over recent weeks in an inexplicable response to the global pandemic, or is that just a quirk here in the UK? Well, the most inventive use of the essential household item we’ve ever seen is this musical project by Max Björverud.
Ahh, the dulcet tones of wall-mounted toilet roll holders, hey? This looks like one of those magical ‘how do they do that?’ projects but, rest assured, it’s all explicable.
Max explains that Singing Toilet is made possible with a Raspberry Pi running Pure Data. The invention also comprises a HiFiBerry Amp, an Arduino Mega, eight hall effect sensors, and eight magnets. The toilet roll holders are controlled with the hall effect sensors, and the magnets connect to the Arduino Mega.
In this video, you can see the hall effect sensor and the 3D-printed attachment that holds the magnet:
Max measures the speed of each toilet roll with a hall effect sensor and magnet. The audio is played and sampled with a Pure Data patch. In the comments on his original Reddit post, he says this was all pretty straight-forward but that it took a while to print a holder for the magnets, because you need to be able to change the toilet rolls when the precious bathroom tissue runs out!
Max began prototyping his invention last summer and installed it at creative agency Snask in his hometown of Stockholm in December.
Reddit was alive with the sound of retro gaming this weekend.
First out to bat is this lovely minimalist, wall-mounted design built by u/sturnus-vulgaris, who states:
I had planned on making a bar top arcade, but after I built the control panel, I kind of liked the simplicity. I mounted a frame of standard 2×4s cut with a miter saw. Might trim out in black eventually (I have several panels I already purchased), but I do like the look of wood.
Next up, a build with Lego bricks, because who doesn’t love Lego bricks?
Just completed my mini arcade cabinet that consists of approximately 1,000 [Lego bricks], a Raspberry Pi, a SNES style controller, Amazon Basics computer speakers, and a 3.5″ HDMI display.
u/RealMagicman03 shared the build here, so be sure to give them an upvote and leave a comment if, like us, you love Raspberry Pi projects that involve Lego bricks.
CM3+Lite cartridge for GPi case. I made this cartridge for fun at first, and it works as all I expected. Now I can play more games l like on this lovely portable stuff. And CM3+ is as powerful as RPi3B+, I really like it.
Do you have a spare Raspberry Pi lying around? And a Bluetooth games controller? Do you have access to boom lifts or other heavy machinery?
Well, then we most certainly (do not) have the project for you.
Allow us to introduce what is (possibly, probably, hopefully) the world’s first Raspberry Pi–controlled boom lift. Weighing in at 13,000lb, this is the epitome of DON’T try this at home.
Raspberry Pi-controlled boom lift
Shared on Reddit over the weekend, u/Ccundiff12’s project received many an upvote and concerned comment, but, as the poster explains, hacking the boom is a personal project for personal use to fix a specific problem — thankfully not something built for the sake of having some fun.
Meet STRETCH. Circa 1989 Genie Boom that I bought (cheap) from a neighbor. I use it to trim trees around my property. Its biggest problem was that it always got stuck. It’s not really an off-road vehicle. It used to take two people to move it around… one to drive the lift, and the other to push it with the tractor when it lost traction. The last time it got stuck, I asked my wife to assist by driving one of the two…….. the next day I started splicing into the control system. Now I can push with the tractor & run the boom via remote!
The Reddit users among you may already be aware of the Shower Thoughts subreddit. For those of you who aren’t, Shower Thoughts is where people go to post the random epiphanies they’ve had about life, the universe, and everything. For example:
YouTuber ACROBOTIC is a fan of the Shower Thoughts subreddit. So much so that they decided to program their Raspberry Pi to update an e-paper HAT with the subreddit’s top posts from the last hour.
$2 for PCB prototype (any color): https://jlcpcb.com/ ========== * Your support helps me post videos more frequently: https://www.patreon.com/acrobotic https://www.paypal.me/acrobotic https://buymeacoff.ee/acrobotic BTC: 1ZpLvgETofMuzCaKoq5XJZKSwe5UNkwLM ========== * Find me on: https://twitter.com/acrobotic https://facebook.com/acrobotic https://instagram.com/acrobotic ========== * Parts & supplies: https://acrobotic.com/shop https://amazon.com/shops/acrobotic ========== In another video we setup a Raspberry Pi to control an e-Paper/e-Ink HAT and running demo code.
For their build, they used a three-colour e-paper display, but you can use any e-paper add-on for Raspberry Pi to recreate the project. They also used Raspberry Pi 4, but again, this project will work with other models — even Raspberry Pi Zero W.
ACROBOTIC created an image to frame the Shower Thoughts posts, which they uploaded to their Raspberry Pi as a .bmp file. They altered prewritten code for using the e-paper display to display this frame image and the various posts.
Adding .json to the URL of the appropriate Shower Thoughts page allows access to the posts in JSON format. Then a request can be set up to pull the data from this URL.
ACROBOTIC goes into far more detail in their video, and it’s a great resource if you’re looking to try out working with JSON files or to learn how to pull data from Reddit.
Find more projects using e-paper displays for you to recreate in our handy guide.
I have a soft spot for Raspberry Pi word clocks. True, they may not be as helpful as your standard clock face if you need to tell the time super quickly, but at least they’re easier to read than this binary clock built by engineerish.
“But Alex,” I hear you cry, “word clocks are so done. We’re over them. They’re so 2018. What’s so special about a word clock that you feel it to be worthy of a blog post?”
And the answer, dear reader, is Snake, the best gosh darn game to ever grace the screen of a mobile phone, ever — sorry, Candy Crush.
This isn’t the first mineral oil bath we’ve seen for the Raspberry Pi, but it’s definitely the first we’ve seen with added fish tank decorations.
Using the see-through casing of an old Apple PowerMac G4, Reddit user u/mjh2901 decided to build a mineral oil tank for their Raspberry Pi, and it looks fabulous. Renamed Apple Pi, this use of mineral oil is a technique used by some to manage the heat produced by tech. Oil is able to transfer heat up to five times more efficiently than air, with some mineral oil projects using a separate radiator to dissipate the heat back into the air.
So, how did they do it?
“Started with a PowerMac G4 case I previously used as a fish tank, then a candy dish. I had cut a piece of acrylic and glued it into the bottom.”
They then placed a Raspberry Pi 3 attached to a 2-line 16 character LCD into the tank, along with various decorations, and began to fill with store-bought mineral oil. Once full, the project was complete, the Raspberry Pi forever submerged.
You can find more photos here. But, one question still remains…
Not one for rising with the sun, and getting more and more skilled at throwing their watch across the room to snooze their alarm, Reddit user ravenspired decided to hook up a physical bell to a Raspberry Pi and servo motor to create the ultimate morning wake-up call.
This has to be the harshest thing to wake up to EVER!
Wake up, Boo
“I have difficulty waking up in the morning” admits ravenspired, who goes by the name Darks Pi on YouTube. “My watch isn’t doing its job.”
Therefore, ravenspired attached a bell to a servo motor, and the servo motor to a Raspberry Pi. Then they wrote Python code in Raspbian’s free IDE software Thonny that rings the bell when it’s time to get up.
“A while loop searches for what time it is and checks it against my alarm time. When the alarm is active, it sends commands to the servo to move.”
While I’d be concerned about how securely attached the heavy brass bell above my head is, this is still a fun project, and an inventive way to address a common problem.
The program I made lets me bind “actions” (strobe white, flash blue, disable all colors, etc.) to any input and any input type (hold, knob, trigger, etc.). And each action type has a set of parameters that I bind to the input. For example, I have a knob that changes a strobe’s intensity, and another knob that changes its speed.
The program updates each action, pulls its resulting color, and adds them together, then sends that to the LEDs. I’m using rtmidi for reading the midi device and pigpio for handling the LED output.
When Dave shared his Raspberry Pi Zero–powered model of the Trinity Buoy Wharf Lighthouse on Reddit, we fell a little bit in love.
Hello from the Trinity Buoy Wharf Lighthouse
Dave was getting married inside London’s only lighthouse, situated at Trinity Buoy Wharf across the water from the O2 Arena.
The Trinity Buoy Wharf Lighthouse
The Trinity Buoy Wharf lighthouse sits at the confluence of the River Thames (the big ol’ river running through London) and Bow Creek, a tidal estuary of the River Lea (the river Adele sings about in her song River Lea*!). When the wharf was closed in 1988, the lighthouse was put out of commission.
Dave is wonderful, and so are his lighthouses
On Reddit, Dave goes by the username Lame_Dave, but considering how wonderful and thoughtful his project for his lighthouse wedding is, we hereby rename him Wonderful_Thoughtful_Dave. Don’t put yourself down, Dave. You’re brilliant!
“I knew I wanted to make something involving electronics and 3D printing,” explains Wonderful_Thoughtful_Dave in an imgur post. “So I decided to make working model lighthouses as the table centrepieces.”
Designing and building ten tabletop lighthouses
Dave designed the 3D model in Autodesk 123D, with a plethora of photographs of the lighthouse as reference points. And many hours later, he began 3D printing ten lighthouse shells using his Prusa MK2.5.
With Samsung 18650 batteries and a 18650 shield for power, Dave hooked up Raspberry Pi Zeros to 6×2 LCD displays, LEDs, and stepper motors. With these components, each lighthouse to gives off a rather lovely light while also showing table number and meal status to guests. Neat!
“Each lighthouse has a JSON file on the Pi that tells it what messages to display when, so each table is personalised.”
The final result is beautiful and would look at home anywhere from a model town to a toy shop, or indeed the entrance of the Trinity Buoy Wharf Lighthouse itself.
We love how Dave put different maker skills to use here, from 3D design and printing, to constructing and coding. Hopefully, we’ll see more projects from him in the future!
Remaking classic landmarks
Here in the UK, people have a thing for iconic buildings. And at Pi Towers, we adore it when you recreate historic landmarks like this with the help of our humble board.
Why not try creating your own reimagining, such as the Project Arthur ISS tracker, a papercraft and Pi build that pays homage to Arthur, the first satellite dish at the Cornish Goonhilly Earth Satellite Station?
Or come up with something completely new! We’d love to see, say, a working model of London’s Tower Bridge, or a light-up King’s College Chapel. Whatever landmark makes your day, why not build a scale model using your maker skills and electronics?
The physical set up of the automated Etch A Sketch is pretty simple: motors attached to couplers replace the original plastic nobs, and a connected Raspberry Pi 3 controls the motors as directed by the code.
For stability, Sunny attached a wooden block to the plastic housing that keeps the motors in place.
Coding new life into an Etch A Sketch
There’s a few different ways to go about this portion of the project. When I started out, I googled to see if anyone had done things like this before. A few projects popped up. They seemed to approach the drawing in one of two ways. I wanted to do it in a fully automated way where the only input is a picture and the output is a cleanly drawn image.
The code Sunny ended up using first takes an image and simplifies it into a line drawing using Canny edge detection. It then turns each pixel to a node and draws a path between the nodes, connecting them one by one. So that the Etch A Sketch draws the picture, the Raspberry Pi then directs the motors to follow the connections and create uncannily precise sketches.
With this automated Etch A Sketch, and this talking Fisher Price Chatter Telephone, the Raspberry Pi community is well on the way to recreating the entire Toy Story cast, and we are fully on board with that!
So what’s next? A remote-controlled Slinky? A falling with style flying Buzz Lightyear? What would you build?
I just searched online for night vision goggles, and the prices seem to vary between £600 and £27000. That’s a little bit higher than my budget of ‘as cheap as humanly possible’, but lucky for me (and you!), Redditor Mtnbikerdunn has created a set of Raspberry Pi Zero–powered night vision goggles that come in at around $100. Nice. Finally my Silence of the Lambs cosplay is complete!
“They came to be in a dream.” begins Redditor mtnbikerdunn in his r/raspberrry_pi post. “I woke up to my idea whiteboard full of notes and diagrams drawn by a half-asleep version of myself”
A view through the night vision goggles
A Raspberry Pi Zero and…
mtnbikerdunn goes on to explain how the few pieces of tech required to build the goggles came in at less than $100/£78. The results are impressive!
It’s basically a first-person viewdrone headset with a Raspberry Pi Zero mounted within, some infrared LED lights, an infrared camera, and a few 18650 Lithium-ion batteries to power it all. Charges with a standard micro USB cable and doesn’t require anything to get it running except an on/off switch.
The headset in this project is the Yuneec SkyView FPV HDMI, used by drone pilots to gain a first-person view while flying. And since the headset has HDMI connectivity, mtnbikerdunn was able to hook it up directly to the Pi Zero. The camera is a third-party Raspberry Pi fisheye camera, while the rest of the tech consists of the standard gubbins any maker should have lying around, such as a micro SD card, a $5 Raspberry Pi Zero, and a button.
The power pack contains two 18650 Lithium-ion batteries, providing the goggles with roughly three hours of runtime. To make the charge last longer, mtnbikerdunn stripped down Raspbian Stretch Lite, removing any unnecessary programs that could run in the background and eat up juice.
All that’s left is for me to sit and hope that mtnbikerdunn has a dream about how to make a working TARDIS using a Pi Zero, and then I’ll be the talk of the town at next year’s London Film and Comic Con!
Before Easter, we asked you to tell us your questions for a live Q & A with Raspberry Pi Trading CEO and Raspberry Pi creator Eben Upton. The variety of questions and comments you sent was wonderful, and while we couldn’t get to them all, we picked a handful of the most common to grill him on.
You can watch the video below — though due to this being the first pancake of our live Q&A videos, the sound is a bit iffy — or read Eben’s answers to the first five questions today. We’ll follow up with the rest in the next few weeks!
Get your questions to us now using #AskRaspberryPi on Twitter
Any plans for 64-bit Raspbian?
Raspbian is effectively 32-bit Debian built for the ARMv6 instruction-set architecture supported by the ARM11 processor in the first-generation Raspberry Pi. So maybe the question should be: “Would we release a version of our operating environment that was built on top of 64-bit ARM Debian?”
And the answer is: “Not yet.”
When we released the Raspberry Pi 3 Model B+, we released an operating system image on the same day; the wonderful thing about that image is that it runs on every Raspberry Pi ever made. It even runs on the alpha boards from way back in 2011.
That deep backwards compatibility is really important for us, in large part because we don’t want to orphan our customers. If someone spent $35 on an older-model Raspberry Pi five or six years ago, they still spent $35, so it would be wrong for us to throw them under the bus.
So, if we were going to do a 64-bit version, we’d want to keep doing the 32-bit version, and then that would mean our efforts would be split across the two versions; and remember, we’re still a very small engineering team. Never say never, but it would be a big step for us.
For people wanting a 64-bit operating system, there are plenty of good third-party images out there, including SUSE Linux Enterprise Server.
Given that the 3B+ includes 5GHz wireless and Power over Ethernet (PoE) support, why would manufacturers continue to use the Compute Module?
Very large numbers of people are using the bigger product in an industrial context, and it’s well engineered for that: it has module certification, wireless on board, and now PoE support. But there are use cases that can’t accommodate this form factor. For example, NEC displays: we’ve had this great relationship with NEC for a couple of years now where a lot of their displays have a socket in the back that you can put a Compute Module into. That wouldn’t work with the 3B+ form factor.
An NEC display with a Raspberry Pi Compute Module
What are some industrial uses/products Raspberry is used with?
The NEC displays are a good example of the broader trend of using Raspberry Pi in digital signage.
A Raspberry Pi running the wait time signage at The Wizarding World of Harry Potter, Universal Studios. Image c/o thelonelyredditor1
If you see a monitor at a station, or an airport, or a recording studio, and you look behind it, it’s amazing how often you’ll find a Raspberry Pi sitting there. The original Raspberry Pi was particularly strong for multimedia use cases, so we saw uptake in signage very early on.
Los Alamos Raspberry Pi supercomputer
Another great example is the Los Alamos National Laboratory building supercomputers out of Raspberry Pis. Many high-end supercomputers now are built using white-box hardware — just regular PCs connected together using some networking fabric — and a collection of Raspberry Pi units can serve as a scale model of that. The Raspberry Pi has less processing power, less memory, and less networking bandwidth than the PC, but it has a balanced amount of each. So if you don’t want to let your apprentice supercomputer engineers loose on your expensive supercomputer, a cluster of Raspberry Pis is a good alternative.
Why is there no power button on the Raspberry Pi?
“Once you start, where do you stop?” is a question we ask ourselves a lot.
There are a whole bunch of useful things that we haven’t included in the Raspberry Pi by default. We don’t have a power button, we don’t have a real-time clock, and we don’t have an analogue-to-digital converter — those are probably the three most common requests. And the issue with them is that they each cost a bit of money, they’re each only useful to a minority of users, and even that minority often can’t agree on exactly what they want. Some people would like a power button that is literally a physical analogue switch between the 5V input and the rest of the board, while others would like something a bit more like a PC power button, which is partway between a physical switch and a ‘shutdown’ button. There’s no consensus about what sort of power button we should add.
So the answer is: accessories. By leaving a feature off the board, we’re not taxing the majority of people who don’t want the feature. And of course, we create an opportunity for other companies in the ecosystem to create and sell accessories to those people who do want them.
We have this neat way of figuring out what features to include by default: we divide through the fraction of people who want it. If you have a 20 cent component that’s going to be used by a fifth of people, we treat that as if it’s a $1 component. And it has to fight its way against the $1 components that will be used by almost everybody.
Do you think that Raspberry Pi is the future of the Internet of Things?
Absolutely, Raspberry Pi is the future of the Internet of Things!
In practice, most of the viable early IoT use cases are in the commercial and industrial spaces rather than the consumer space. Maybe in ten years’ time, IoT will be about putting 10-cent chips into light switches, but right now there’s so much money to be saved by putting automation into factories that you don’t need 10-cent components to address the market. Last year, roughly 2 million $35 Raspberry Pi units went into commercial and industrial applications, and many of those are what you’d call IoT applications.
So I think we’re the future of a particular slice of IoT. And we have ten years to get our price point down to 10 cents 🙂
Starting on March 8th you might have seen AWS Quest popping up in different places. Now that we are a bit over halfway through the game, we thought it would be a great time give everyone a peek behind the curtain.
The whole idea started about a year ago during an casual conversation with Jeff when I first joined AWS. While we’re usually pretty good at staying focused in our meetings, he brought up that he had just finished a book he really enjoyed and asked me if I had read it. (A book that has since been made into a movie.) I don’t think there was a way for him to even imagine that as a huge fan of games, both table top and video games, how stoked I would be about the idea of bringing a game to our readers.
We got to talking about how great it would be to attempt a game that would involve the entiresuite of AWS products and our various platforms. This idea might appear to be easy, but it has kept us busy with Lone Shark for about a year and we haven’t even scratched the surface of what we would like to do. Being able to finally share this first game with our customers has been an absolute delight.
From March 8-27th, each day we have been and will be releasing a new puzzle. The clues for the puzzles are hidden somewhere all over AWS, and once customers have found the clues they can figure out the puzzle which results in a word. That word is the name of a component to rebuild Ozz, Jeff’s robot buddy.
We wanted to try make sure that anyone could play and we tried to surround each puzzle with interesting Easter eggs. So far, it seems to be working and we are seeing some really cool collaborative effort between customers to solve the puzzles. From tech talks to women who code, posts both recent and well in the past, and to Twitter and podcasts, we wanted to hide the puzzles in places our customers might not have had a chance to really explore before. Given how much Jeff enjoyed doing a live Twitch stream so much I won’t be surprised when he tells me he wants to do a TV show next.
The learnings we have already gathered as we are just a little past halfway in the quest are mind boggling. We have learned that there will be a guy who figures out how to build a chicken coop in 3D to solve a puzzle, or build a script to crawl a site looking for any reply to a blog post that might be a clue. There were puzzles we completely expected people to get stuck on that they have solved in a snap. They have really kept us on our toes, which isn’t a bad thing. It really doesn’t hurt that the players are incredibly adept at thinking outside the box, and we can’t wait to tell you how the puzzles were solved at the end.
We still have a little under a week of puzzles to go, before you can all join Jeff and special guests on a live Twitch stream to reassemble Ozz 2.0! And you don’t have to hold off for the next time we play, as there are still many puzzles to be solved and every player matters! Just keep an eye out for new puzzles to appear everyday until March 27th, join the Reddit, come to the AMA, or take a peek into the chat and get solving!
Time to wipe off your brow, and get back into solving the last of the puzzles! I am going to try to go explain to my mother and father what exactly I am doing with those two masters degrees and how much fun it really is…
I won’t repeat everything here, so please go and read those articles. You can really shoot yourself in the foot with JWT, it’s complex to get to know it well and it has little benefits for most of the usecases. I guess for API calls it makes sense, especially if you reuse the same API in a single-page application and for your RESTful clients, but I’ll focus on the user session usecase.
Having all this criticism, I’ve gone against what the articles above recommend, and use JWT, navigating through their arguments and claiming I’m in a sweet spot. I can very well be wrong.
I store the user ID in a JWT token stored as a cookie. Not local storage, as that’s problematic. Not the whole state, as I don’t need that may lead to problems (pointed out in the linked articles). In fact, I don’t have any session state apart from the user data, which I think is a good practice.
What I want to avoid in my setup is sharing sessions across nodes. And this is a very compelling reason to not use the session mechanism of your web server/framework. No, you don’t need to have millions of users in order to need your application to run on more than one node. In fact, it should almost always run on (at least) two nodes, because nodes die and you don’t want downtime. Sticky sessions at the load balancer are a solution to that problem but you are just outsourcing the centralized session storage to the load balancer (and some load balancers might not support it). Shared session cache (e.g. memcached, elasticache, hazelcast) is also an option, and many web servers (at least in Java) support pluggable session replication mechanisms, but that introduces another component to the archtecture, another part of the stack to be supported and that can possibly break. It is not necessarily bad, but if there’s a simple way to avoid it, I’d go for it.
In order to avoid shared session storage, you need either the whole session state to be passed in the request/response cycle (as cookie, request parameter, header), or to receive a userId and load the user from the database or a cache. As we’ve learned, the former might be a bad choice. Despite that fact that frameworks like ASP.NET and JSF dump the whole state in the HTML of the page, it doesn’t intuitively sound good.
As for the latter – you may say “ok, if you are going to load the user from the database on every request this is going to be slow and if you use a cache, then why not use the cache for the sessions themselves?”. Well, the cache can be local. Remember we have just a few application nodes. Each node can have a local, in-memory cache for the currently active users. The fact that all nodes will have the same user loaded (after a few requests are routed to them by the load balancer in a round-robin fashion) is not important, as that cache is small. But you won’t have to take any care for replicating it across nodes, taking care of new nodes coming and going from the cluster, dealing with network issues between the nodes, etc. Each application node will be an island not caring about any other application node.
So here goes my first objection to the linked articles – just storing the user identifier in a JWT token is not pointless, as it saves you from session replication.
What about the criticism for the JWT standard and the security implications of its cryptography? Entirely correct, it’s easy to shoot yourself in the foot. That’s why I’m using JWT only with MAC, and only with a particular algorithm that I verify upon receiving the token, thus (allegedly) avoiding all the pitfalls. In all fairness, I’m willing to use the alternative proposed in one of the articles – PASETO – but it doesn’t have a Java library and it will take some time implementing one (might do in the future). To summarize – if there was another easy to use way for authenticated encryption of cookies, I’d use it.
So I’m basically using JWT in “PASETO-mode”, with only one operation and only one algorithm. And that should be fine as a general approach – the article doesn’t criticize the idea of having a user identifier in a token (and a stateless application node), it criticizes the complexity and vulnerabilities of the standard. This is sort of my second objection – “Don’t use JWT” is widely understood to mean “Don’t use tokens”, where that is not the case.
Have I introduced some vulnerability in my strive for architectural simplicity and lack of shared state? I hope not.
Use the Join button above to receive notification of new posts in this series.
In 2009, Google disclosed that they had 400 recruiters on staff working to hire nearly 10,000 people. Someday, that might be your challenge, but most companies in their early days are looking to hire a handful of people — the right people — each year. Assuming you are closer to startup stage than Google stage, let’s look at who you need to hire, when to hire them, where to find them (and how to help them find you), and how to get them to join your company.
Who Should Be Your First Hires
In later stage companies, the roles in the company have been well fleshed out, don’t change often, and each role can be segmented to focus on a specific area. A large company may have an entire department focused on just cubicle layout; at a smaller company you may not have a single person whose actual job encompasses all of facilities. At Backblaze, our CTO has a passion and knack for facilities and mostly led that charge. Also, the needs of a smaller company are quick to change. One of our first hires was a QA person, Sean, who ended up being 100% focused on data center infrastructure. In the early stage, things can shift quite a bit and you need people that are broadly capable, flexible, and most of all willing to pitch in where needed.
That said, there are times you may need an expert. At a previous company we hired Jon, a PhD in Bayesian statistics, because we needed algorithmic analysis for spam fighting. However, even that person was not only able and willing to do the math, but also code, and to not only focus on Bayesian statistics but explore a plethora of spam fighting options.
When To Hire
If you’ve raised a lot of cash and are willing to burn it with mistakes, you can guess at all the roles you might need and start hiring for them. No judgement: that’s a reasonable strategy if you’re cash-rich and time-poor.
If your cash is limited, try to see what you and your team are already doing and then hire people to take those jobs. It may sound counterintuitive, but if you’re already doing it presumably it needs to be done, you have a good sense of the type of skills required to do it, and you can bring someone on-board and get them up to speed quickly. That then frees you up to focus on tasks that can’t be done by someone else. At Backblaze, I ran marketing internally for years before hiring a VP of Marketing, making it easier for me to know what we needed. Once I was hiring, my primary goal was to find someone I could trust to take that role completely off of me so I could focus solely on my CEO duties
Where To Find the Right People
Finding great people is always difficult, particularly when the skillsets you’re looking for are highly in-demand by larger companies with lots of cash and cachet. You, however, have one massive advantage: you need to hire 5 people, not 5,000.
People You Worked With
The absolutely best people to hire are ones you’ve worked with before that you already know are good in a work situation. Consider your last job, the one before, and the one before that. A significant number of the people we recruited at Backblaze came from our previous startup MailFrontier. We knew what they could do and how they would fit into the culture, and they knew us and thus could quickly meld into the environment. If you didn’t have a previous job, consider people you went to school with or perhaps individuals with whom you’ve done projects previously.
People You Know
Hiring friends, family, and others can be risky, but should be considered. Sometimes a friend can be a “great buddy,” but is not able to do the job or isn’t a good fit for the organization. Having to let go of someone who is a friend or family member can be rough. Have the conversation up front with them about that possibility, so you have the ability to stay friends if the position doesn’t work out. Having said that, if you get along with someone as a friend, that’s one critical component of succeeding together at work. At Backblaze we’ve hired a number of people successfully that were friends of someone in the organization.
Friends Of People You Know
Your network is likely larger than you imagine. Your employees, investors, advisors, spouses, friends, and other folks all know people who might be a great fit for you. Make sure they know the roles you’re hiring for and ask them if they know anyone that would fit. Search LinkedIn for the titles you’re looking for and see who comes up; if they’re a 2nd degree connection, ask your connection for an introduction.
People You Know About
Sometimes the person you want isn’t someone anyone knows, but you may have read something they wrote, used a product they’ve built, or seen a video of a presentation they gave. Reach out. You may get a great hire: worst case, you’ll let them know they were appreciated, and make them aware of your organization.
Other Places to Find People
There are a million other places to find people, including job sites, community groups, Facebook/Twitter, GitHub, and more. Consider where the people you’re looking for are likely to congregate online and in person.
A Comment on Diversity
Hiring “People You Know” can often result in “Hiring People Like You” with the same workplace experiences, culture, background, and perceptions. Some studies have shown [1, 2, 3, 4] that homogeneous groups deliver faster, while heterogeneous groups are more creative. Also, “Hiring People Like You” often propagates the lack of women and minorities in tech and leadership positions in general. When looking for people you know, keep an eye to not discount people you know who don’t have the same cultural background as you.
Helping People To Find You
Reaching out proactively to people is the most direct way to find someone, but you want potential hires coming to you as well. To do this, they have to a) be aware of you, b) know you have a role they’re interested in, and c) think they would want to work there. Let’s tackle a) and b) first below.
I started writing our blog before we launched the product and talked about anything I found interesting related to our space. For several years now our team has owned the content on the blog and in 2017 over 1.5 million people read it. Each time we have a position open it’s published to the blog. If someone finds reading about backup and storage interesting, perhaps they’d want to dig in deeper from the inside. Many of the people we’ve recruited have mentioned reading the blog as either how they found us or as a factor in why they wanted to work here. [BTW, this is Gleb’s 200th post on Backblaze’s blog. The first was in 2008. — Editor]
Your Email List
In addition to the emails our blog subscribers receive, we send regular emails to our customers, partners, and prospects. These are largely focused on content we think is directly useful or interesting for them. However, once every few months we include a small mention that we’re hiring, and the positions we’re looking for. Often a small blurb is all you need to capture people’s imaginations whether they might find the jobs interesting or can think of someone that might fit the bill.
Your Social Involvement
Whether it’s Twitter or Facebook, Hacker News or Slashdot, your potential hires are engaging in various communities. Being socially involved helps make people aware of you, reminds them of you when they’re considering a job, and paints a picture of what working with you and your company would be like. Adam was in a Reddit thread where we were discussing our Storage Pods, and that interaction was ultimately part of the reason he left Apple to come to Backblaze.
Convincing People To Join
Once you’ve found someone or they’ve found you, how do you convince them to join? They may be currently employed, have other offers, or have to relocate. Again, while the biggest companies have a number of advantages, you might have more unique advantages than you realize.
Why Should They Join You
Here are a set of items that you may be able to offer which larger organizations might not:
Role: Consider the strengths of the role. Perhaps it will have broader scope? More visibility at the executive level? No micromanagement? Ability to take risks? Option to create their own role?
Compensation: In addition to salary, will their options potentially be worth more since they’re getting in early? Can they trade-off salary for more options? Do they get option refreshes?
Benefits: In addition to healthcare, food, and 401(k) plans, are there unique benefits of your company? One company I knew took the entire team for a one-month working retreat abroad each year.
Location: Most people prefer to work close to home. If you’re located outside of the San Francisco Bay Area, you might be at a disadvantage for not being in the heart of tech. But if you find employees close to you you’ve got a huge advantage. Sometimes it’s micro; even in the Bay Area the difference of 5 miles can save 20 minutes each way every day. We located the Backblaze headquarters in San Mateo, a middle-ground that made it accessible to those coming from San Jose and San Francisco. We also chose a downtown location near a train, restaurants, and cafes: all to make it easier and more pleasant. Also, are you flexible in letting your employees work remotely? Our systems administrator Elliott is about to embark on a long-term cross-country journey working from an RV.
Environment: Open office, cubicle, cafe, work-from-home? Loud/quiet? Social or focused? 24×7 or work-life balance? Different environments appeal to different people.
Team: Who will they be working with? A company with 100,000 people might have 100 brilliant ones you’d want to work with, but ultimately we work with our core team. Who will your prospective hires be working with?
Market: Some people are passionate about gaming, others biotech, still others food. The market you’re targeting will get different people excited.
Product: Have an amazing product people love? Highlight that. If you’re lucky, your potential hire is already a fan.
Mission: Curing cancer, making people happy, and other company missions inspire people to strive to be part of the journey. Our mission is to make storing data astonishingly easy and low-cost. If you care about data, information, knowledge, and progress, our mission helps drive all of them.
Culture: I left this for last, but believe it’s the most important. What is the culture of your company? Finding people who want to work in the culture of your organization is critical. If they like the culture, they’ll fit and continue it. We’ve worked hard to build a culture that’s collaborative, friendly, supportive, and open; one in which people like coming to work. For example, the five founders started with (and still have) the same compensation and equity. That started a culture of “we’re all in this together.” Build a culture that will attract the people you want, and convey what the culture is.
Writing The Job Description
Most job descriptions focus on the all the requirements the candidate must meet. While important to communicate, the job description should first sell the job. Why would the appropriate candidate want the job? Then share some of the requirements you think are critical. Remember that people read not just what you say but how you say it. Try to write in a way that conveys what it is like to actually be at the company. Ahin, our VP of Marketing, said the job description itself was one of the things that attracted him to the company.
Much can be said about interviewing well. I’m just going to say this: make sure that everyone who is interviewing knows that their job is not only to evaluate the candidate, but give them a sense of the culture, and sell them on the company. At Backblaze, we often have one person interview core prospects solely for company/culture fit.
Hiring success shouldn’t be defined by finding and hiring the right person, but instead by the right person being successful and happy within the organization. Ensure someone (usually their manager) provides them guidance on what they should be concentrating on doing during their first day, first week, and thereafter. Giving new employees opportunities and guidance so that they can achieve early wins and feel socially integrated into the company does wonders for bringing people on board smoothly
Our Director of Production Systems, Chris, said to me the other day that he looks for companies where he can work on “interesting problems with nice people.” I’m hoping you’ll find your own version of that and find this post useful in looking for your early and critical hires.
Of course, I’d be remiss if I didn’t say, if you know of anyone looking for a place with “interesting problems with nice people,” Backblaze is hiring. 😉
Another thing they have in common is that they are useful. All of them have some pretty good applications that are definitely worth the time and investment.
Yet another thing they have in common is that they are far from universally applicable. I’ve argued that monoliths are often still the better approach and that microservices introduce too much complexity for the average project. Big Data is something very few organizations actually have; AI/machine learning can help a wide variety of problems, but it is just a tool in a toolbox, not the solution to all problems. Single page applications are great for, yeah, applications, but most websites are still websites, not feature-rich frontends – you don’t need an SPA for every type of website. NoSQL has solved niche issues, and issues of scale that few companies have had, but nothing beats a good old relational database for the typical project out there. “The cloud” is not always where you want your software to be; and SOA just means everything (ESBs, direct integrations, even microservices, according to some). And the blockchain – it seems to be having limited success beyond cryptocurrencies.
And finally, another trait many of them share is that the hype has settled down. Only yesterday I read an article about the “death of the microservices madness”. I don’t see nearly as many new NoSQL databases as a few years ago, some of the projects that have been popular have faded. SOA and “the cloud” are already “boring”, and we’ve realized we don’t actually have big data if it fits in an Excel spreadsheet. SPAs and AI are still high in popularity, but we are getting a good understanding as a community why and when they are useful.
But it seems that nuanced reality has never stopped us from hyping a particular technology or approach. And maybe that’s okay in order to get a promising, though niche, technology, the spotlight and let it shine in the particular usecases where it fits.
But countless projects have and will suffer from our collective inability to filter through these hypes. I’d bet millions of developer hours have been wasted in trying to use the above technologies where they just didn’t fit. It’s like that scene from Idiocracy where a guy tries to fit a rectangular figure into a circular hole.
And the new one is not “the blockchain”. I won’t repeat my rant, but in summary – it doesn’t solve many of the problems companies are trying to solve with it right now just because it’s cool. Or at least it doesn’t solve them better than existing solutions. Many pilots will be carried out, many hours will be wasted in figuring out why that thing doesn’t work. A few of those projects will be a good fit and will actually bring value.
Do you need to reach multi-party consensus for the data you store? Can all stakeholder support the infrastructure to run their node(s)? Do they have the staff to administer the node(s)? Do you need to execute distributed application code on the data? Won’t it be easier to just deploy RESTful APIs and integrate the parties through that? Do you need to store all the data, or just parts of it, to guarantee data integrity?
“If you have is a hammer, everything looks like a nail” as the famous saying goes. In the software industry we repeatedly find new and cool hammers and then try to hit as many nails as we can. But only few of them are actual nails. The rest remain ugly, hard to support, “who was the idiot that wrote this” and “I wasn’t here when the decisions were made” types of projects.
If the answer is really “yes”, then great, go ahead and deploy the multi-organization permissioned blockchain, or fork Ethereum, or whatever. If not, you can still do a project a home that you can safely abandon. And if you need some pilot project to figure out whether the new piece of technology would be beneficial – go ahead and try it. But have a baseline – the fact that it somehow worked doesn’t mean it’s better than old, tested models of doing the same thing.
I play Pokémon Go. (There, I’ve admitted it.) One of the interesting aspects of the game I’ve been watching is how the game’s publisher, Niantec, deals with cheaters.
There are three basic types of cheating in Pokémon Go. The first is botting, where a computer plays the game instead of a person. The second is spoofing, which is faking GPS to convince the game that you’re somewhere you’re not. These two cheats are often used together — and you see the results in the many high-level accounts for sale on the Internet. The third type of cheating is the use of third-party apps like trackers to get extra information about the game.
None of this would matter if everyone played independently. The only reason any player cares about whether other players are cheating is that there is a group aspect of the game: gym battling. Everyone’s enjoyment of that part of the game is affected by cheaters who can pretend to be where they’re not, especially if they have lots of powerful Pokémon that they collected effortlessly.
Niantec has been trying to deal with this problem since the game debuted, mostly by banning accounts when it detects cheating. Its initial strategy was basic — algorithmically detecting impossibly fast travel between physical locations or super-human amounts of playing, and then banning those accounts — with limited success. The limiting factor in all of this is false positives. While Niantec wants to stop cheating, it doesn’t want to block or limit any legitimate players. This makes it a very difficult problem, and contributes to the balance in the attacker/defender arms race.
Recently, Niantic implemented twonewanti-cheating measures. The first is machine learning to detect cheaters. About this, we know little. The second is to limit the functionality of cheating accounts rather than ban them outright, making it harder for cheaters to know when they’ve been discovered.
“This is may very well be the beginning of Niantic’s machine learning approach to active bot countering,” user Dronpes writes on The Silph Road subreddit. “If the parameters for a shadowban are constantly adjusted server-side, as they can now easily be, then Niantic’s machine learning engineers can train their detection (classification) algorithms in ever-improving, ever more aggressive ways, and botters will constantly be forced to re-evaluate what factors may be triggering the detection.”
One of the expected future features in the game is trading. Creating a market for rare or powerful Pokémon would add a huge additional financial incentive to cheat. Unless Niantec can effectively prevent botting and spoofing, it’s unlikely to implement that feature.
Cheating detection in virtual reality games is going to be a constant problem as these games become more popular, especially if there are ways to monetize the results of cheating. This means that cheater detection will continue to be a critical component of these games’ success. Anything Niantec learns in Pokémon Go will be useful in whatever games come next.
Mystic, level 39 — if you must know.
And, yes, I know the game tracks works by tracking your location. I’m all right with that. As I repeatedly say, Internet privacy is all about trade-offs.
Use the Join button above to receive notification of new posts in this series.
Perhaps your business is competing in a brand new space free from established competitors. Most of us, though, start companies that compete with existing offerings from large, established companies. You need to come up with a better mousetrap — not the first mousetrap.
That’s the challenge Backblaze faced. In this post, I’d like to share some of the lessons I learned from that experience.
Backblaze vs. Giants
Competing with established companies that are orders of magnitude larger can be daunting. How can you succeed?
I’ll set the stage by offering a few sets of giants we compete with:
When we started Backblaze, we offered online backup in a market where companies had been offering “online backup” for at least a decade, and even the newer entrants had raised tens of millions of dollars.
When we built our storage servers, the alternatives were EMC, NetApp, and Dell — each of which had a market cap of over $10 billion.
When we introduced our cloud storage offering, B2, our direct competitors were Amazon, Google, and Microsoft. You might have heard of them.
What did we learn by competing with these giants on a bootstrapped budget? Let’s take a look.
Determine What Success Means
For a long time Apple considered Apple TV to be a hobby, not a real product worth focusing on, because it did not generate a billion in revenue. For a $10 billion per year revenue company, a new business that generates $50 million won’t move the needle and often isn’t worth putting focus on. However, for a startup, getting to $50 million in revenue can be the start of a wildly successful business.
Lesson Learned: Don’t let the giants set your success metrics.
The Advantages Startups Have
The giants have a lot of advantages: more money, people, scale, resources, access, etc. Following their playbook and attacking head-on means you’re simply outgunned. Common paths to failure are trying to build more features, enter more markets, outspend on marketing, and other similar approaches where scale and resources are the primary determinants of success.
But being a startup affords many advantages most giants would salivate over. As a nimble startup you can leverage those to succeed. Let’s breakdown nine competitive advantages we’ve used that you can too.
1. Drive Focus
It’s hard to build a $10 billion revenue business doing just one thing, and most giants have a broad portfolio of businesses, numerous products for each, and targeting a variety of customer segments in multiple markets. That adds complexity and distributes management attention.
Startups get the benefit of having everyone in the company be extremely focused, often on a singular mission, product, customer segment, and market. While our competitors sell everything from advertising to Zantac, and are investing in groceries and shipping, Backblaze has focused exclusively on cloud storage. This means all of our best people (i.e. everyone) is focused on our cloud storage business. Where is all of your focus going?
Lesson Learned: Align everyone in your company to a singular focus to dramatically out-perform larger teams.
2. Use Lack-of-Scale as an Advantage
You may have heard Paul Graham say “Do things that don’t scale.” There are a host of things you can do specifically because you don’t have the same scale as the giants. Use that as an advantage.
When we look for data center space, we have more options than our largest competitors because there are simply more spaces available with room for 100 cabinets than for 1,000 cabinets. With some searching, we can find data center space that is better/cheaper.
When a flood in Thailand destroyed factories, causing the world’s supply of hard drives to plummet and prices to triple, we started drive farming. The giants certainly couldn’t. It was a bit crazy, but it let us keep prices unchanged for our customers.
Our Chief Cloud Officer, Tim, used to work at Adobe. Because of their size, any new product needed to always launch in a multitude of languages and in global markets. Once launched, they had scale. But getting any new product launched was incredibly challenging.
Lesson Learned: Use lack-of-scale to exploit opportunities that are closed to giants.
3. Build a Better Product
This one is probably obvious. If you’re going to provide the same product, at the same price, to the same customers — why do it? Remember that better does not always mean more features. Here’s one way we built a better product that didn’t require being a bigger company.
All online backup services required customers to choose what to include in their backup. We found that this was complicated for users since they often didn’t know what needed to be backed up. We flipped the model to back up everything and allow users to exclude if they wanted to, but it was not required. This reduced the number of features/options, while making it easier and better for the user.
This didn’t require the resources of a huge company; it just required understanding customers a bit deeper and thinking about the solution differently. Building a better product is the most classic startup competitive advantage.
Lesson Learned: Dig deep with your customers to understand and deliver a better mousetrap.
4. Provide Better Service
How can you provide better service? Use your advantages. Escalations from your customer care folks to engineering can go through fewer hoops. Fixing an issue and shipping can be quicker. Access to real answers on Twitter or Facebook can be more effective.
A strategic decision we made was to have all customer support people as full-time employees in our headquarters. This ensures they are in close contact to the whole company for feedback to quickly go both ways.
Having a smaller team and fewer layers enables faster internal communication, which increases customer happiness. And the option to do things that don’t scale — such as help a customer in a unique situation — can go a long way in building customer loyalty.
Lesson Learned: Service your customers better by establishing clear internal communications.
5. Remove The Unnecessary
After determining that the industry standard EMC/NetApp/Dell storage servers would be too expensive to build our own cloud storage upon, we decided to build our own infrastructure. Many said we were crazy to compete with these multi-billion dollar companies and that it would be impossible to build a lower cost storage server. However, not only did it prove to not be impossible — it wasn’t even that hard.
One key trick? Remove the unnecessary. While EMC and others built servers to sell to other companies for a wide variety of use cases, Backblaze needed servers that only Backblaze would run, and for a single use case. As a result we could tailor the servers for our needs by removing redundancy from each server (since we would run redundant servers), and using lower-performance components (since we would get high-performance by running parallel servers).
What do your customers and use cases not need? This can trim costs and complexity while often improving the product for your use case.
Lesson Learned: Don’t think “what can we add” to what the giants offer — think “what can we remove.”
6. Be Easy
How many times have you visited a large company website, particularly one that’s not consumer-focused, only to leave saying, “Huh? I don’t understand what you do.” Keeping your website clear, and your product and pricing simple, will dramatically increase conversion and customer satisfaction. If you’re able to make it 2x easier and thus increasing your conversion by 2x, you’ve just allowed yourself to spend ½ as much acquiring a customer.
Providing unlimited data backup wasn’t specifically about providing more storage — it was about making it easier. Since users didn’t know how much data they needed to back up, charging per gigabyte meant they wouldn’t know the cost. Providing unlimited data backup meant they could just relax.
Customers love easy — and being smaller makes easy easier to deliver. Use that as an advantage in your website, marketing materials, pricing, product, and in every other customer interaction.
Lesson Learned: Ease-of-use isn’t a slogan: it’s a competitive advantage. Treat it as seriously as any other feature of your product
7. Don’t Be Afraid of Risk
Obviously unnecessary risks are unnecessary, and some risks aren’t worth taking. However, large companies that have given guidance to Wall Street with a $0.01 range on their earning-per-share are inherently going to be very risk-averse. Use risk-tolerance to open up opportunities, and adjust your tolerance level as you scale. In your first year, there are likely an infinite number of ways your business may vaporize; don’t be too worried about taking a risk that might have a 20% downside when the upside is hockey stick growth.
Using consumer-grade hard drives in our servers may have caused pain and suffering for us years down-the-line, but they were priced at approximately 50% of enterprise drives. Giants wouldn’t have considered the option. Turns out, the consumer drives performed great for us.
Lesson Learned: Use calculated risks as an advantage.
8. Be Open
The larger a company grows, the more it wants to hide information. Some of this is driven by regulatory requirements as a public company. But most of this is cultural. Sharing something might cause a problem, so let’s not. All external communication is treated as a critical press release, with rounds and rounds of editing by multiple teams and approvals. However, customers are often desperate for information. Moreover, sharing information builds trust, understanding, and advocates.
I started blogging at Backblaze before we launched. When we blogged about our Storage Pod and open-sourced the design, many thought we were crazy to share this information. But it was transformative for us, establishing Backblaze as a tech thought leader in storage and giving people a sense of how we were able to provide our service at such a low cost.
Over the years we’ve developed a culture of being open internally and externally, on our blog and with the press, and in communities such as Hacker News and Reddit. Often we’ve been asked, “why would you share that!?” — but it’s the continual openness that builds trust. And that culture of openness is incredibly challenging for the giants.
Lesson Learned: Overshare to build trust and brand where giants won’t.
9. Be Human
As companies scale, typically a smaller percent of founders and executives interact with customers. The people who build the company become more hidden, the language feels “corporate,” and customers start to feel they’re interacting with the cliche “faceless, nameless corporation.” Use your humanity to your advantage. From day one the Backblaze About page listed all the founders, and my email address. While contacting us shouldn’t be the first path for a customer support question, I wanted it to be clear that we stand behind the service we offer; if we’re doing something wrong — I want to know it.
To scale it’s important to have processes and procedures, but sometimes a situation falls outside of a well-established process. While we want our employees to follow processes, they’re still encouraged to be human and “try to do the right thing.” How to you strike this balance? Simon Sinek gives a good talk about it: make your employees feel safe. If employees feel safe they’ll be human.
If your customer is a consumer, they’ll appreciate being treated as a human. Even if your customer is a corporation, the purchasing decision-makers are still people.
Lesson Learned: Being human is the ultimate antithesis to the faceless corporation.
Build Culture to Sustain Your Advantages at Scale
Presumably the goal is not to always be competing with giants, but to one day become a giant. Does this mean you’ll lose all of these advantages? Some, yes — but not all. Some of these advantages are cultural, and if you build these into the culture from the beginning, and fight to keep them as you scale, you can keep them as you become a giant.
Tesla still comes across as human, with Elon Musk frequently interacting with people on Twitter. Apple continues to provide great service through their Genius Bar. And, worst case, if you lose these at scale, you’ll still have the other advantages of being a giant such as money, people, scale, resources, and access.
Of course, some new startup will be gunning for you with grand ambitions, so just be sure not to get complacent. 😉
Today we’re launching support for multiple TLS/SSL certificates on Application Load Balancers (ALB) using Server Name Indication (SNI). You can now host multiple TLS secured applications, each with its own TLS certificate, behind a single load balancer. In order to use SNI, all you need to do is bind multiple certificates to the same secure listener on your load balancer. ALB will automatically choose the optimal TLS certificate for each client. These new features are provided at no additional charge.
If you’re looking for a TL;DR on how to use this new feature just click here. If you’re like me and you’re a little rusty on the specifics of Transport Layer Security (TLS) then keep reading.
TLS? SSL? SNI?
People tend to use the terms SSL and TLS interchangeably even though the two are technically different. SSL technically refers to a predecessor of the TLS protocol. To keep things simple I’ll be using the term TLS for the rest of this post.
TLS is a protocol for securely transmitting data like passwords, cookies, and credit card numbers. It enables privacy, authentication, and integrity of the data being transmitted. TLS uses certificate based authentication where certificates are like ID cards for your websites. You trust the person that signed and issued the certificate, the certificate authority (CA), so you trust that the data in the certificate is correct. When a browser connects to your TLS-enabled ALB, ALB presents a certificate that contains your site’s public key, which has been cryptographically signed by a CA. This way the client can be sure it’s getting the ‘real you’ and that it’s safe to use your site’s public key to establish a secure connection.
With SNI support we’re making it easy to use more than one certificate with the same ALB. The most common reason you might want to use multiple certificates is to handle different domains with the same load balancer. It’s always been possible to use wildcard and subject-alternate-name (SAN) certificates with ALB, but these come with limitations. Wildcard certificates only work for related subdomains that match a simple pattern and while SAN certificates can support many different domains, the same certificate authority has to authenticate each one. That means you have reauthenticate and reprovision your certificate everytime you add a new domain.
One of our most frequent requests on forums, reddit, and in my e-mail inbox has been to use the Server Name Indication (SNI) extension of TLS to choose a certificate for a client. Since TLS operates at the transport layer, below HTTP, it doesn’t see the hostname requested by a client. SNI works by having the client tell the server “This is the domain I expect to get a certificate for” when it first connects. The server can then choose the correct certificate to respond to the client. All modern web browsers and a large majority of other clients support SNI. In fact, today we see SNI supported by over 99.5% of clients connecting to CloudFront.
Smart Certificate Selection on ALB
ALB’s smart certificate selection goes beyond SNI. In addition to containing a list of valid domain names, certificates also describe the type of key exchange and cryptography that the server supports, as well as the signature algorithm (SHA2, SHA1, MD5) used to sign the certificate. To establish a TLS connection, a client starts a TLS handshake by sending a “ClientHello” message that outlines the capabilities of the client: the protocol versions, extensions, cipher suites, and compression methods. Based on what an individual client supports, ALB’s smart selection algorithm chooses a certificate for the connection and sends it to the client. ALB supports both the classic RSA algorithm and the newer, hipper, and faster Elliptic-curve based ECDSA algorithm. ECDSA support among clients isn’t as prevalent as SNI, but it is supported by all modern web browsers. Since it’s faster and requires less CPU, it can be particularly useful for ultra-low latency applications and for conserving the amount of battery used by mobile applications. Since ALB can see what each client supports from the TLS handshake, you can upload both RSA and ECDSA certificates for the same domains and ALB will automatically choose the best one for each client.
ALB Access Logs now include the client’s requested hostname and the certificate ARN used. If the “hostname” field is empty (represented by a “-“) the client did not use the SNI extension in their request.
You can use any of your certificates in ACM or IAM.
You can bind multiple certificates for the same domain(s) to a secure listener. Your ALB will choose the optimal certificate based on multiple factors including the capabilities of the client.
If the client does not support SNI your ALB will use the default certificate (the one you specified when you created the listener).
There are three new ELB API calls: AddListenerCertificates, RemoveListenerCertificates, and DescribeListenerCertificates.
You can bind up to 25 certificates per load balancer (not counting the default certificate).
Overall, I will personally use this feature and I’m sure a ton of AWS users will benefit from it as well. I want to thank the Elastic Load Balancing team for all their hard work in getting this into the hands of our users.
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.