Visiting the Tech Model Railroad Club at MIT

Last night I experienced the privilege of visiting the Tech Model Railroad Club on MIT’s campus.  As an avid model railroader, computer science major, and great admirer of books like Hackers and Accidental Empires, I’ve heard of the TMRC for most of my life.  As a kid, my parents bought the 1986 edition of World Book, which underneath the entry “Model Railroads” included a picture of the TMRC layout, something I’ve never forgotten.

tmrc station

The first chapter of the book Hackers tells how some of the earliest computer science pioneers were involved in the TMRC .  A few of the notable members were Alan Kotok from DEC, Richard Greenblatt the coinventor of the MIT LISP machine (which is housed next door in the MIT Museum), John McCarthy who coined the term Artificial Intelligence and helped developed the LISP language, and Jack Dennis who was one of the founders of the Multics Project (the precursor to Unix).  These members along with others helped coin the term “Hacker”, and inscribed within the “Dictionary of the TMRC language” was the (now immortal to all computer scientists) phrase “Information wants to be free.”  These guys were budding computer scientists, brilliant minds, mischievous hackers, and they were serious about controlling model railroads.

The first chapter of Hackers describes the interplay between trains, their control, and what the TMRC meant to different students:

tmrc-overpass

“There were two factions of TMRC. Some members loved the idea of spending their time building and painting replicas of certain trains with historical and emotional value, or creating realistic scenery for the layout. This was the knife-and-paintbrush contingent, and it subscribed to railroad magazines and booked the club for trips on aging train lines. The other faction centered on the Signals and Power Subcommittee of the club, and it cared far more about what went on under the layout. This was The System, which worked something like a collaboration between Rube Goldberg and Wernher von Braun, and it was constantly being improved, revamped, perfected, and sometimes “gronked”—in club jargon, screwed up. S&P people were obsessed with the way The System worked, its increasing complexities, how any change you made would affect other parts, and how you could put those relationships between the parts to optimal use.”

tram system

For model railroaders, the TMRC is probably in the top 10 most famous layouts in the world along with names like John Allen’s Gorre & Daphetid, George Sellios’ Franklin & South Manchester, and famous club layouts like the San Diego Model Railroad Museum.  For techies, there is no other layout in the world of interest that’s anywhere in the TMRC’s league.

It shouldn’t surprise anyone that model railroading and computers have always been bedfellows – even today model railroading has led the way in developing standards around Digital Command Control, interfacing locomotives, signalling, and other controls to a computer, and the Java Model Railroad Interface has provided us the world’s first successful test case of the Gnu Public License (the GPL), the open source software license that Linux and much of open source code relies on!

card operating schemeWith all of this background, I probably undersold the importance of the whole thing to my college roommate and his wife who live in Boston.   When they asked me what I wanted to do during our afternoon together it struck them as a bit odd that I’d already emailed the club from Scotland, had the phone number, and was anxious to make sure we didn’t miss the window.

Walking into the layout room we were met by the wonderful MIT alumnus and club member John Purbrick. He proceeded to give us an hour long tour showing us the various control systems, buildings, car card operating scheme, points of interest on the layout, and description of future plans.

custom built throttleTMRC uses a home grown software system (written in Java with the fronted in Python, all running on Linux) to run the trains.  The layout is still using DC block control, and trains can be run via the main computer system, or engines can be assigned to one of the many hand-built walk around throttles.  All turnouts are computer controlled and electronically operated, none are hand thrown.  For each yard or town area, there’s a diagram of the track layout with numbers on the left and right hand sides.  By keying in the number 0 on the left, and the number 5 on the right for example, the turnouts are all automatically thrown to present a route between the two points.  It’s simple, elegant, and impressive for a home built system.  As Mr. Purbrick put it, “We use a home built system on this layout because here at MIT, we have some experience with software.” Trains are detected by the software using electrical resistance, so operators can see from the software whether a train is on a siding, train with engine, or no train at all.

The main level of the layout is mostly complete, but there are plans for additional levels, and the layout features several huge helixes.  All visible mainline track is Code 83, sidings are Code 70, and there is some Code 55, and all visible turnouts are hand built.  There’s also a tram system that runs on one part of the layout.  Rolling stock varies but includes locomotives from Atlas, Athearn, and Kato. The president of Kato has visited from Japan and brought with him a gift of a few locomotives and some passenger cars.

soda machine

The TMRC receives no financial support from MIT other than free use of the space.  Just like in the late 50s (and covered in the book Hackers), the TMRC is supported from the proceeds that are made by selling soda from a machine in the hallway, and they turn a tidy profit according to Purbrick. A hand scrawled note affixed to the machine explains where the profits go and encourages patrons to email soda suggestions to the club for inclusion on the menu.

These days there aren’t many members left, apparently.  Maybe a dozen or so, although anyone can join. There was only one other member there while we visited, and the club struggles to get enough people together for operating sessions. Apparently there are several other thriving clubs in the area, but I wondered if there wouldn’t be a population of students out there who might not know of the TMRC’s heritage, it’s incredibly complex computer control system, and its delightful layout?

playing tetris on a buildingAs we made our way out at the end of the tour, Mr. Purbrick told us that we couldn’t leave without seeing the Tetris building.  From the hallway looking through the windows onto the layout, there is a control box.  When activated, the iconic tetris music begins to play, and the windows of the skyscraper light up to represent tetris blocks, which descend.  You can play a game of tetris represented on the windows of a building modelled by the TMRC, all powered by custom software and hardware components.  The creator of Tetris himself has been by to see this particular implementation, and while it wasn’t quite finished, he is said to have given it his approval.

“It’s one of our better hacks,” said John Purbrick, and I couldn’t agree more.

I’ve Never Wished I Was Less Technical

I got an early-ish start with computers when I was about 6 or 7 years old.  My dad created an MS-DOS boot disk that got me to a DOS prompt on the one of the hard diskless IBM clones in his office.  Once I had booted to the command line, I’d put another floppy disk (these were 5.25 inch floppies, the ones that really flopped) in the B drive, type in the commands which I quickly memorised, and my six year old self would be ready for some hardcore word processing.  Using Multimate at first, but then moving on to PC Write, I penned a few short stories and would love to visit the office and use the computers.  My Dad’s staff even gave me access to the holy of holies – the one real IBM PC (not a clone) which had a 5 megabyte hard disk, and was protected by a password.  I was solemnly lectured to never disclose the password, not to anyone, and I never have, even to this day.

And so it was against this backdrop that I became interested in computers.  When I was nine my family bought our first computer from a back alley vendor in the Philippines.  It was an IBM compatible XT Turbo, which was technically an 8088, with a twenty megabyte hard disk and a monochrome CGA monitor.  It was outdated when we bought it, as the 386 had just been released, but I loved it.  I spent hours learning different software packages like Norton Commander, PC-Tools, and playing games like the Commander Keen trilogy.  We kept it until I was twelve, and then gave it to a Chinese friend when we replaced it with a 486 DX-33 we picked up in Hong Kong.  Built like a tank, it is probably still in operation somewhere.

Despite this early introduction to computers, I didn’t get started programming until I was sixteen.  It was harder then – we had just got the internet but the tutorials and blogs and wealth of easy information we have now didn’t exist.  It was also difficult to get the necessary software you needed – thanks to living in China I could buy a pirated copy of Borland C++ or Microsoft Visual C++ for about a dollar, but they were a bit overwhelming to setup.  I finally found someone who knew how to program and begged him into giving me a few sessions.  He had a book, helped me setup my compiler, and agreed to meet with me once a week to teach me.  I even managed to get these sessions accepted as school credit during my junior and senior year.  I still keep in touch with Erik now, and he was one of the groomsmen in my wedding.  Together we even managed to cobble together two “junk systems” from spare parts and after a few weeks of constant trial and error, we got Slackware running in 1998, still one of my proudest technical achievements.

Every American college bound student knows that their junior year of high school is crucial for getting accepted into their university of choice, and I began targeting computer science as my major.  I was heavily advised that I should focus on a business degree instead.  At the forefront of that group were several of my math teachers, who knew that I didn’t do well in that subject, but there were also many others who thought that I shouldn’t “waste” my people skills in a technical role.

But I was really enjoying programming!  My first real project was a string indexing program which could accept a block of text (much like this blog) and then create an alphabetical index of all the strings (words) and the number of times they appeared.  Written in C, I had to learn about memory management, debugging, data structures, file handling, functions, and a whole lot more.  It was way more mentally taxing than anything I’d ever done in school, and it required a ton of concentration.  I wasn’t bored like I often was in classes.  It was hard.  Erik would constantly challenge, berate, laugh at me, and most importantly, accurately assess me using an instructional style that I’d never been exposed to before – he only cared about the results, not the trying.

Although I was dead set on computer science, I really liked making money too.  My parents noticed this and for one semester during that crucial junior year they offered me financial rewards for grades achieved.  After I’d hosed my dad for over a hundred bucks due to my abnormally high grades that semester, he announced that “grades should be my own reward” and immediately discontinued the program.  There were plenty of people telling me that a degree in business would better suit these talents of mine, and if I was honest, at the time I knew they were probably right.  I was great in my non-science subjects, I could mail it in on papers and still get an A, and I knew that diligence, attention to detail, and math were weaknesses.  Getting a business degree would be stupidly easy.  Getting a computer science degree would be pretty hard, at least for me.

I was close to changing my mind when Erik mentioned, “You know, I’ve never wished I was less technical.”

This is advice that I really took to heart.  It rung true when I was seventeen.  It’s even more true today.

For me, the advantage that I incurred by getting a computer science degree meant that I could start my own consulting company and be one of the technical contributors while also being responsible for the business stuff.  It helped me obtain positions of leadership because I didn’t need technical middle men to explain things to me.  If things were going poorly, I could help manage the crisis effectively, and when things were going well I could explain why and point out the technical decisions that had carried us to success.

Guess what?  I got to do all the business stuff too!  Having a technical background has never limited my business acumen or hampered me in any way.  I haven’t coded for money since 2007, but I use my knowledge and experience every day, and I stay up to date with technology as much as possible.  I love it when our technical lead shows me the code behind the latest feature.  If anything, having an appreciation for complexity, code, and systems design has only helped me design and implement better budgets, business models, and pricing schemes.  I’ve never met any “business person” who is better than me at Excel, the language of business, and much of that stems from just knowing how to program.  This has made me the goto guy in almost every planning or budget meeting I’ve ever been in.

Unfortunately, it doesn’t work the other way.  People who aren’t technical will always struggle in any technically related environment.  I’ve met so many people who have struggled and struggled to make their great idea a reality chiefly because they weren’t technical, couldn’t contribute, couldn’t cut through the bullshit, and therefore couldn’t effectively manage their way to success.  Sometimes, they’ll try to fake it and just lose the respect of the programmers.  As many times as I’ve thought to myself how glad I am that I have a technical background, I’ve had others voice to me the frustration that they just wish they knew more about technology.

If you’re reading this, and you’re trying to figure out which way to go in life, make sure you get technical first.  If you didn’t choose that path, there’s still plenty of time – get out there and learn to code.  There are so many resources.

This is what the “everyone should learn to code” movement is really saying – not that everyone should be a coder, but that everyone could benefit from understanding the environment, pressures, and disciplines that drive a huge part of our economy.  It’s not just business either – artists can benefit from more creative displays and better performing websites, not-for-profits could benefit from volunteers who know how to help out in technical areas, and it’s just nice sometimes to be the guy who can get the projector working in a foreign country!

So get technical.  You’ll never regret it.  And if you’re a programmer and you ever see a kid who wants to learn, help them out, you may just find a friend for life.

We Consistently Underestimate Kids

I’ve long believed that we seriously underestimate kids.  Hanging around with my friend’s daughters who were 2, 3, and 5 when I was in college was really illuminating as I found myself interacting and conversing with his (admittedly smart) 2 year old daughter on a level that we often wouldn’t even attempt with highschoolers.

I have a very clear memory of being nine years old, reading an autobiography about a family who adopted several kids.  At some point they became stranded in an airport.  Don’t worry though!  It was no problem the author (and mother) helpfully pointed out, because nothing fascinates a nine year old like riding the elevator up and down for hours.  What a load of crap, I thought to my nine year old self.  It’s like that mom thinks we’re mentally disabled or something.

As a parent (I have very little additional advice and zero experience in this area) don’t be afraid to expose your kids to things that might seem advanced for a child.  Check out this video of 7 year old Philip explaining how he programmed his first video game on a Raspberry Pi computer his dad bought and helped him configure.  I guarantee you there are huge portions of the adult population who couldn’t follow his instructions or achieve what he’s completed.  There’s nothing quite like a curious kid who sets their mind to something.  Nice job Philip and well done by his parents!

Simplify Everything

There’s a lot of abstract advice about employing simplicity when building great products or writing great code.  However, life and products (particularly in the Enterprise software market, where I’ve spent most of my career) are complicated.  It’s often hard to gleen concrete examples of what these maxims are trying to communicate.

The other day I was in a pub waiting for a lunch meeting to start and I got to witness the week’s beer delivery.  This is a fairly hard problem to solve efficiently if you’re in a city where parking is difficult (or nonexistent), buildings were constructed hundreds of years before accessibility laws (meaning stairs and tight doorways), kegs are very heavy (over 200 pounds when full), and where a lot of beer is consumed requiring frequent deliveries.

If you or I were designing a solution to this problem, we might come up with this solution:

  • 1 truck
  • 2 employees (1 driver, 1 loader/unloader)
  • 1 automatic lift at the rear or on the side of the truck
  • 1 appliance dolly that can move up or down stairs

We’d be pretty happy with that.  Not the worst solution in the world.  It’s possible we could reduce to one employee but the automatic lift will take enough time setting up and lifting that we’ll probably exceed our very short “stop with flashers on” window.  We’d therefore need to park and have someone stay with the truck, or make several “fly byes” to stay within the unloading time limit.  This will really limit how many delivers we could make in a day, possibly requiring a lot of delivery crews.

Here’s how they actually do it:

  • 1 truck
  • 1 driver / unloader
  • 1 airbag

The driver pulls up, parks the truck right outside the entrance of the pub with the flashers on, whips out his airbag from the passenger seat, rolls up the side of the truck, pulls off the keg and lets it fall right on the airbag.  He then rolls it into the pub (for those with cellar keg storage, they have their own airbag) and after about 20 kegs and less than 5 minutes, he’s out of there.

A lot less cost, a lot faster, and no expensive equipment.  

Simple.

Img_0871

I’ll Probably Never Hire Another Pure SysAdmin

NOTE: Updated Oct 17, See Below

This is a thought that’s been percolating around in my head for the last year or so, but has recently become even more crystalized: I’ll probably never hire another Systems Administrator.  A corollary to this thought would be: if you are currently a Systems Administrator or want to be one, you need to seriously begin planning on how to manage a career that will be mostly deprecated within the next 10 years.

Take a look at the current state of the art in cloud computing:

  • Spin up a server at your favor cloud provider (AWS, Rackspace, etc.), then use Puppet or Chef to deploy your software stack.  Now you’re done.
  • OR, Spin up an App at your favorite cloud platform provider, then push your code out using Git.  Now you’re done.
  • For both solutions, plug in some off-the-shelf monitoring, and you’re operating.

What’s missing here is the configuration, setup, provisioning, doc writing, black magic and/or prayer of setting up the software, hardware, and getting the code running that used to be the domain of the Systems Administrator.  In just a couple of years, deploying a web application has now become almost identical to deploying a desktop application – instead of an installer we’re using Git or Puppet/Chef. Instead of a customer’s computer we’re using a cloud platform or cloud server.

There’s plenty still to do on the networking side, but that’s headed in the same exact direction due to the same exact reasons: we want to be able to clearly define and programmatically execute the deployment of complex networks, just like we can with complex server offerings.

All of this falls under yet another buzzword: Dev/Ops.  Just like the cloud, we’re seeing this being adopted by smaller, nimbler organizations that are focused on web products, but the trend is clear, and there’s really no benefit in doing things the Old Way.  Even if you’re still running your own physical metal servers, you’re going to want to make sure that your own datacenter can leverage this type of workflow.  Now, the watchword to the development team is: it’s not done until I can one-click deploy it.

The laggards on this will be those industries that have regulatory or legal hurdles to overcome with using cloud services (read: healthcare) or the very large companies with services and technology that’s dozens of years old with no migration plan.

SysAdmins and future SysAdmins, you need to figure out where you’ll live in this new workflow.  Probably in the margins around monitoring or desktop support.  Possibly serving as the gatekeeper in a sort of “operations Q/A” role.  Expect small companies to have SysAdmin openings dry up over the next 5-10 years and get prepared.

Updated October 17: Hello Reddit/r/programming and Hacker News!  I wanted to take a few minutes and respond to a few themes that seemed to pop up in comments on HN and Reddit.

  1. I’m not saying Sysadminning is dead – just that the role is quickly changing.  Seems like a lot of people (anecdotally, many Sysadmins) thought I was saying the entire profession is dead.  Yes of course we’ll still need Sysadmins on some level, but the crucial difference is that for many areas of a business these needs will be less and much much different.
  2. Software development is changing too.  On complex deployments, developers can’t absolve themselves of the responsibility to design infrastructure considerations into the solution they’re building on the front end.  It’s a scary thought to think that organizations are out there that don’t have this level of partnership between ops and the devs.  This is why the puppet scripts should be written first and deployed on a test environment that’s identical in as many ways as possible to the ultimate operating environment (another benefit of using the cloud).
  3. Of course, any more complex deployment will need devoted SysAdmins, but like I said above, the skillset and day-to-day job will be dramatically different when wrestling with hundreds of servers instead of dozens.  More and more programming will become the norm and more and more upfront input into the solution will be an absolute requirement.
  4. I received a very thoughtful email from a former SysAdmin of mine (previous company) who pointed out that the job is much more along “system integrator” lines now, and that the internal vs. external network distinction is essentially going away.  I agree.
  5. Whenever your’e generalizing, counter examples abound.  Sure big companies and certain computing environments will still do things the Old Way but I’d challenge readers to objectively think if most business decision makers really want to hire someone and run their email server internally or just pay Rackspace/Google/Whomever to do it and worry instead about their money-making applications.  Even those organizations that need their clusters in house will invest in tech that allows them to mimic cloud operations on their own bare metal infrastructure.
  6. A couple of amusing anecdotes – the comments on HN immediately became more positive after a well known commenter defended the post, and a Googler chimed in as well.  That’s when the upvotes really started coming it seems.  On Reddit, the story was quickly downvoted!  Most users chose either a “genius” or “idiot” assessment of the post.  No real middle ground.

 

Web Development on Mac OS X (Lion)

Others have written about this before,  but I’ll underscore the sentiment that managing a local development environment on OS X where that environment requires Open Source Software is a royal pain.  At the companies I’ve been involved with, we generally eschewed local development environments and instead gave everyone access to a development server that included the requisite databases and web servers and vhost entries.  It worked OK, but there are some significant drawbacks.  Namely, unit testing, environment experimentation, single point of failure if the dev environment goes down, and the needs of a developer to refresh their own copy of a dev database or make other similar changes tend to suffer.As a hobbyist with a simpler environment, or as a developer that’s deploying to Heroku or other cloud platform, local development is the way to go, and here is where Mac OS X makes life difficult.  There are several package management systems out there that tend to step on each others’ toes (and it seems language and framework ecosystems always prefer the one that you’re not using).  Mac OS X also tends to haphazardly ship versions of Python or Ruby or whatever that are a couple of versions behind, then not upgrade them until they do an OS refresh.  That refresh (cough, Lion) will fail to mention it’s upending your world until you try to use your environment that’s always worked.Here’s my solution: just use VirtualBox.  Deploy an Ubuntu or Debian server, link that server to your local development directory and you’re done.  Then use the excellent package management that Linux affords to setup your environment in about ten seconds.  This has another advantage in that you can also use all your deployment hooks (Chef or Puppet) that you’re using on your production servers.Once you’re up and running, here’s how I work: I edit and run git from outside the virtual machine, and run the environment and web browser from within the machine.  Still todo: see if I can use my OS X browser to hit the virtual machine’s private IP so that all my tools are running externally (a little easier for workflow) so the virtual machine is just acting like an external server.Now you have a fully fledged (free, and always available) server, and you can still retain your Mac toolchain when and where you want it without worrying about Apple and OS X pulling the rug out from under you.  Remember: encapsulation of a work environment is just as important as encapsulation of code.

Some Thoughts on Two Factor Security

Awhile ago I wrote an Open Letter to Mint.com laying out some major concerns I have with their service and their security implementation.  Almost all comments both here and on Hacker News and Reddit were divided into three categories:

  • From non-Americans: How is a service like Mint.com even possible or legal? US Banks don’t have two factor security?
  • I totally agree that Mint.com and their service is insecure and I don’t use them!
  • I agree that Mint.com needs better security, but their service is great and anyway, it would be too time consuming/too expensive/too hard/too impractical to implement these security improvements.

Between the time I wrote that letter and now, we’ve seen RSA (the only major token based two factor security provider) have all of its hardware tokens compromised to much public uproar. At Sentry Data Systems, we’ve had two factor security implemented for years using time based cookies and additional security questions to challenge users when they were logging in from a device that hadn’t been previously authorized.  This is similar to how many banks in the US do two factor security if they choose to implement it.  While not a HIPAA requirement, we felt that it was a great feature to offer that provided an additional layer of protection.  We’d originally offered RSA SecurID tokens to customers but found that most customers balked at the price, and even if they did use the tokens, many would simply tape it to their computer monitor or keyboard, or they’d forget the token at home which would cause quite the contentious support call. This experience brought to the forefront several issues that I had with hardware based tokens:

  • Casual users or those who didn’t value the two factor security benefit would simply leave the token lying around or affix it somewhere – it wasn’t natural to expect a user to carry one more thing with them day-to-day.
  • If there was a compromise, you have to replace all of your hardware, for everyone, everywhere.
  • They were expensive.
  • They were highly recognizable and screamed to informed observers that you had access to a system that was considered high-value by someone.

I even went so far as to start sketching out an iPhone app that we could deploy for our customers but it seemed like quite a lift to do it well (a correct implementation is key in cryptography systems) and it was with much delight that I ran across an outfit called DuoSecurity based in Michigan. They have really put together a fantastic service that provides both SMS based (challenge/response) and one-time password (via an iPhone or Android app) options for two factor security.  I signed up for the service, installed their package on my Ubuntu Linux server, and within about 15 minutes, I had a very strong two factor solution that avoids all the drawbacks of the hardware token approach…for free.  Yes – they provide up to 10 users for free to let you get your feet wet and see how the system works.  With the token being my phone, I’m not going to forget it, it doesn’t draw attention to itself, I can’t tape it to my workstation, and they can update the software if they need to. If their service goes down, you can configure it to not require the second factor (the default) or you can choose to prevent logins and keep a private key around for last-ditch logins.  Of course, for those of us running cloud based servers, there is still the risk that your hosting account could get compromised giving an attacker shell based access to the machine – hopefully Slicehost and other services will implement this type of additional security soon (Amazon’s EC2 cloud already implements two factor security as an option). Duosecurity can be easily implemented with any web application, a lot of VPNs, and on your Unix/Linux servers quickly and easily.  If you’re doing anything with medical, financial, or other sensitive data you should definitely check them out.  If you just like additional protection for your own servers and services, they’re a great option as well.  Just in case you’re curious: Duosecurity put up a great blog post about the steps they’ve taken to prevent compromise if they came under the same attack as RSA. A few thoughts on improvement:

  • Give me an apt package please!  I don’t want to compile things, and I don’t want to edit configuration files.  These things make it hard to deploy on lots of servers.  I talked with a support rep from Duosecurity and they told me this is in the works already.
  • Put a login form on your website!  They email the login URL to you but I shouldn’t have to remember it.
  • It’s a little unclear to me if the pricing scales well- if I’ve got the same 35 users access 100 machines, does that mean I pay 35x100x$3?  That seems expensive.  Course, it’s still way cheaper than RSA but at least you could bind an account to a token and not worry how many servers you were accessing.  It’s possible that a single user crosses the server boundary, but again, I’m unclear on that.

Bringing it all back to the original point – there is simply no excuse why a service like Mint.com doesn’t use Duosecurity to protect its own user’s logins.  But the second issue still exists – how do banks provide consumers of financial data access without compromising the entire account? A poor man’s solution of sorts could be taken by banks providing read-only accounts for customers that use generated, revokable passwords.  Google takes this approach with its own two factor implementation for Gmail.  You get texted when logging in normally, but for other applications, you generate a password that can be revoked at any point.  It seems like a decent compromise – you can’t control the account from that login, and the password is of sufficient length and complexity that it’s unlikely to be brute forced.  My initial suggestion of using Oauth is essentially the same thing. Congratulations to the guys/gals at Duo Security on providing a really great set of tools for developers and users.  I really hope it catches on and more and more providers begin offering two factor as an option.