GoogleMini Search Appliance Fails to Boot

Security screwA sinking feeling washes over as the network monitor alerts you to a lost server, a bit like loosing contact with one of the fleet at sea. Today it is the GoogleMini, purchased to quickly give us good, familiar search results to our externally facing websites a couple of years ago.

Support Policy

The GoogleMini comes with a maximum of two years support. After that time, if support renewal is required then you must accept a new GoogleMini to go with it. A free box with your support contract is better way of thinking of the way Google run the support and less painful than thinking about how every two years another 1U sever is going to be scrapped. The typical response to cries for help from Google on older boxes is;

Hello **********,

Thank you for writing to Google.

The technical support and hardware warranty for the Google Mini can be extended to up to a maximum of two years. Since your device is past the two year mark, you would need to purchase a new Google Mini if you wanted to be under support again.

However, you can still use the Google Mini to provide the most relevant search results in the industry to your users. The Google search technology comes under a perpetual license, so you are free to keep using it for the life of the hardware.

This support arrangement makes the total cost of ownership high for this solution, but the solution in a box is attractive and hard to resist as it leaves the development and IT infrastructure teams free to concentrate on innovation.

Broken GoogleMini

So what of the alert, you ask? It turns out that our faithful server that has ran without restart for two years has stopped working. On reboot it makes a lot of noise from the fans but shows a blank, black screen on the monitor and no beeps or any BIOS screen.

Although the server is out of warranty the licence terms probably prevent us from continuing to use once it has been opened up. Hence for us the only option is to buy a new GoogleMini or find another solution to serving search results.

Curiosity and opening up the GoogleMini

ATTENTION: Do not open your GoogleMini if you intend to keep using it and/or it is covered still by your support contract.

Inside GoogleMiniCuriosity reigned and off came the rack mount cheeks, out came the tamper proof screws. The all covering blue Google sticker was peeled off the top of the unit to allow the top to slide off.

A quick note on the two screws in the back. The tamper proof screws can be opened by sawing a slot into them for a normal flat head screwdriver to use (gentle use of hacksaw), or alternatively some claim that a small flat head screwdriver wedged into the screw will allow it to be undone.

Broken memory bank on motherboard

Inside you find a familiar server layout. thanks to a post on the internet, the memory was removed and now the server started doing POST beeping, ah-ha, not so dead! Putting memory back into memory bank 1 alone allowed the server to start booting. Putting any memory into the memory bank 2 caused it to not boot again. Looks like a broken mother board. New memory was loaded into the first bank only. After doing a lot of file system checking and some half an hour later, it is running.

Apparently the hardware inside does vary a little, this one was a P8SCT motherboard, marketed by SuperMicro. I guess in order to regain faith in the server, ordering a new motherboard would allow breathe some life into it.

Repurpose the hardware

So challenge of fixing the server hardware problem is resolved but it must now be repurposed for a new life as a Linux server for other uses as it has been opened. There are a few postings people who have very successfully done this with the GoogleMini, seems like the right thing to do from an environmental point of view. The kit is a dual Pentium 3 so should have plenty to give to other deployments, and importantly it looks cool in blue.

To do anything with it, you must get into the BIOS, that is normally protected with a Google owned password, the following snippets help get around that one;

[4]

Step 3 — Resetting the BIOS
Different Google Minis come with different internals. This one happened to have a single processor Super Micro ComputerSUPERO P8SCT motherboard. Other Minis have come with dual processor Pentium 3 boards. In our case, to clear the CMOS and eliminate the BIOS password requirement, I had to bridge two contact pads with a screwdriver. Close everything up, power on the machine, hit the DEL key and straight into the BIOS we go.

[5]

clear the BIOS by jumping the JBT1 pins according to the motherboard manual page 2-19, chapter 2-7 (Jumper Settings). Remove Power and AC coard, short-circuit a few seconds with a small screwdriver, job done.

Cloud based search

So where from here? There may be cloud based search solutions now offered, however the cost of bandwidth in and out of the data centre would be unbearable to support external indexing, for the very large sites this box was indexing. The Mini, sat next to the webserver in the same rack at the Co-Lo seems to make sense.

References:

[1] How do I salvage an old Google search appliance after an apparently failed BIOS update

[2] How to Turn a Google Mini into a Home Server

[3] AnandTech Search goes Google -This post provides some great photographs and information on how to get into your GoogleMini.

[4] Google Mini – Can’t Boot Wont Boot 

[5] HACKING THE GOOGLE MINI

[6] Support Policy

The Google Mini is offered as a perpetual license, including one year of support and hardware replacement coverage, for a total price of $1995 for search across 50,000 documents. Additional versions deliver search across 100,000 documents for $2,995, 200,000 documents for $5,995, and 300,000 documents for $8,995. A second year of support and hardware replacement coverage is available for $995.

Google Mini Front

Dynamically fetching column names and meta descriptions TSQL

Some time ago I made to some large width SQL server tables providing for lots of spare fields consisting of various data types. These tables could be used for system stakeholders to add new things they needed to store against products in our ERP system over time without disturbing me for more fields. The SQL server description property for the column was used to populate the labels on the GUI forms dynamically with the meaning of the field. Thus there is no need for a separate table to hold the label information and that also means that the information is at hand when working in SQL.

At the time I used a TSQL snippet from the web to grab the descriptions. The snippet used the sys.columns, sys.extended_properties to gather the info required to for the GUI labels. The query has been causing problems over the years, running for up to 2 seconds is not uncommon. After finally getting a reason to revisit the forms, I went to look at the query plan for and uncovered the cause. A scan due to the where clause that contained WHERE OBJECT_NAME(c.object_id)=@TableName

To avoid calling the OBJECT_NAME function for each comparison row in the DB, I added the sys.objects table to create a lookup join that fetches the object id for the table owning the columns and now the query is running in sub-second time spans. This is a great improvement, resulting in a snappy GUI form open, unlike the sluggish experience the users were getting previously. This points out again how you have to take care calling functions for each row as it expensive, set operations almost always are the way to go!

The resulting improved stored procedure containing the optimised query for my reference is below. I wish I could reference and acknowledge the originator of this query, but it was in the days before I grew wise enough to retain references to the origin of code snippets in my TSQL comments.

TSQL  to retrieve table column names and meta description for a SQL server table

 
CREATE PROCEDURE [SY_GetTableFields]
(@TableName as varchar(255))
AS
 
IF CAST(SUBSTRING(CAST(SERVERPROPERTY('productversion') 
  as varchar),1,1) as int) >= 9
BEGIN      -- This is a SQL 2005 machine      
SELECT    [Table Name] = OBJECT_NAME(c.object_id),      
        [Column Name] = c.name, 
        [Description] = ex.value, c.object_id
        FROM  sys.objects sobj
            JOIN sys.columns c 
                ON c.object_id = sobj.object_id       
            LEFT JOIN   sys.extended_properties ex
                ON ex.major_id = c.object_id           
            AND ex.minor_id = c.column_id 
            AND OBJECTPROPERTY(c.object_id, 'IsMsShipped')=0 
            AND ex.name = 'MS_Description' 
        WHERE  sobj.name= @TableName
        ORDER  BY  c.column_id
END
ELSE
BEGIN
SELECT 
    [Table Name] = i_s.TABLE_NAME, 
    [Column Name] = i_s.COLUMN_NAME, 
    [Description] = s.value 
FROM 
    INFORMATION_SCHEMA.COLUMNS i_s 
    LEFT OUTER JOIN 
    sysproperties s 
ON 
    s.id = OBJECT_ID(i_s.TABLE_SCHEMA+'.'+i_s.TABLE_NAME) 
    AND s.smallid = i_s.ORDINAL_POSITION 
    AND s.name = 'MS_Description' 
WHERE 
    OBJECTPROPERTY(OBJECT_ID(i_s.TABLE_SCHEMA+'.'+i_s.TABLE_NAME),
   'IsMsShipped')=0 
    AND i_s.TABLE_NAME = @TableName 
ORDER BY 
    i_s.TABLE_NAME, i_s.ORDINAL_POSITION
 
END

Upgrade from Team Foundation Sever 2005 to 2010 (TFS)

 

What a pleasant surprise I had upgrading our Team foundation server 2005 to 2010.

What I did, this was me stumbling through the process so if you want a more formal approach follow the many documents online:

  • Took a VM ware snapshot of the server (SQL and Application Tier)
  • Ran uninstaller for from Add/Remove programs of the server for anything TFS
  • Ran installer for windows share point 3.0 and allowed it to upgrade in place
  • Upgraded SQL server 2005 to 2008 in place
  • Moved the virtual server to ESX from VMWare Server for 2G memory requirement at install
  • Ran installer for Team Foundation Server
  • Ran configuration wizard for Team Foundation Server

 

Now I have a super fast TFS 2010 server! I do so thank everyone who worked to make this so painless. In my mind I had set aside a week of pain to get this job done, as it happened it all took about a day, most of which was waiting for installers and converting the VM machine (needed a disk resize).

OpenID for B2B websites

About OpenIDopenid-logo-wordmark

OpenID provides a mechanism by which a user may be authenticated by using a third party. This means the site consuming the Open ID does not have to maintain tables with user ID and password hashes (although providing parallel support is advisable). When a user chooses to login, they are redirected to the third party site, Google for instance, in order to authenticate themselves and come back to the originating site on a call back URL. Similar to the way card payment providers send the browser to the bank to enter the verified by Visa or Mastercard secure code authentication. The call back will contain a valid authentication token if the authentication was a success. The newer versions of Open ID also allow details of the user stored by the third party to be retrieved from their profile. Details such as email address may be requested or required to be sent. This information may then be used to pre-fill registration forms or wipe out the need for registration forms in extreme examples.

Most internet users already have an Open ID, even though most don’t know it. This is courtesy of large internet players such as Google and Yahoo. Account holders on these services and many others automatically create an Open ID for users. The appeal of OpenID to the website owner is that the user will find it easy to authenticate themselves with a registration process that is minimised or eliminated. The attraction to the user is that they finally do not have to manage hundreds of passwords for all the sites they visit because everyone uses a unique password every time -right?

Implementing OpenIDOpenID Selector Login Icons

I considered OpenID a while back but dismissed it as too geeky for a mainstream eCommerce site to use. The integration was painful at the time and the user experience was poor. Now times have moved on and there are libraries that can be included in a project that provide for easy integration of OpenID such as DotNet OpenAuth. There are also javascript projects that address some of the clunky user interface issues experienced in the early days. They present the OpenID login as familiar service icons, see Openid Selector Project. There are variants that give graphical drop down boxes for the available services too.

Using OpenID for B2B

I am in no doubt that for consumer sites such as Kmartin the US and for personal sites like blogs. they can benefit from allowing users to login using OpenID. The question is should we use OpenID today for a business to business website? It is appealing that people can click on familiar Facebook or Google icons to login to the site but the fear is that by doing so, all too often the captured identity of the person would be domestic, not their professional work identity.

As time goes on the way identities are managed by individuals may converge but at the moment there is too much risk of fragmenting database marketing activity data with these  personal profiles. It is not unreasonable to think that a customer logging into a site with Facebook will end up, through ignorance, providing their home account details. Domestic email addresses are an inappropriate channel to communicate with them through for order confirmations, marketing initiatives, etc.

Is there no work around?

Perhaps when a new OpenID is authenticated and comes back into the site we could ask if the email address of the OpenID is the same email address they want to correspond with us on and allow the user to add a correspondence address. The only problem is that we have not authenticated against that address if they do this that sort of feels like a bad idea. Certainly this does not help us with say rules that automatically map domain names of email addresses to account numbers as we can not allow this person to place an order on an account for which we cannot guarantee they are authorised to do so. It would be interesting if readers have found ways to work around this issue.

Security concerns

A college raised the concern of what if the OpenID password is compromised by a key logger or similar? Would this make a site using OpenID open to fraud? It does, although in reality most people use the same passwords across most sites, thus the risk is not greatly increased, but it is certainly present. It is a concern and a better understanding of the risks before committing to any OpenID scheme would be required. There is a lack of awareness as to how important protecting these big portal logins is amongst the internet population. Many are not aware the amplitude of damage that may be caused by compromising, say a Google identity. Think of how many site could be accessed in that user’s name.

Another related question regards customers with many branch offices or larger teams of people. It is possible to for a suitably privileged user in that organisation to create and manage user accounts for their staff on our site for those other workers. OpenID would not change this as the association between an account created with an email address can be picked up when a user logs in as the OpenID provider will return an email address for the user logging in. This is assuming we have got the same email address as the OpenID provider, bit assumption given what we are saying about domestic logins earlier.

Conclusion

It is disappointing that we will not be implementing OpenID as it would clearly provide benefits to users that understand how to manage their identities in that framework. Unfortunately for B2B websites I don’t think the paradigm is well enough understood by the end users and hence confusion may ensue leading to long telephone support calls with customers.

It is reasonable to assume that non IT workers have not created the appropriate professional and domestic identities with the authenticating sites. One exception is Linkedin , promoted as a professional network here people are more likely to have set up accounts in the context of their employment. Unfortunately as far as I am aware Linkedin does not support OpenID yet.

References