Liudvikas Bukys

OK, while my left brain tells me that yet another social networking system is not much of an aid to real relationships (and it gets worse with every new yet-another), I’m still feeling curious and sorely left out.
Groucho Marx aside,
would anyone care to invite
me
in?

Next: Orkut[1]: In with the in crowd

Martin Geddes:
Why NAT Isn’t As Bad As You Thought:

Please do sit down. Should the shock cause you to suddenly lose consciousness, I hereby disclaim all responsibility for any subsequent loss or injury. I’m about to defend the anthrax of the Internet: NAT.

…

Moaning that NAT is the devil’s technology doesn’t help you. Skype made the technology easy to use through an overlay network. Speak Freely didn’t, because that was seen as an impure thought. The real world clearly values usability over ideological correctness. The day may come when the NATted user of Skype can determine that they receive worse service (e.g. worse voice quality, or a slower frame rate on a video version of Skype.) They will then upgrade to a more expensive Internet connection with more IP addresses for all their proliferating gizmos.

IPv6 doesn’t solve this. The existence of a gazillion unused addresses doesn’t force your limited choice of suppliers to hand any of them over to you. They can simply refuse to route ones they didn’t allocate. Tough luck.

With my Internet architect hat on, I, as much as anyone,
deplore NAT and the present and future mistakes it makes. Same for my futurist hat on. With my security-conscious hat on, I have to say that NAT is the right choice for Joe Average. Preserving the choice in some form is important. I guess I should be inventing NAT-unfriendly protocols so that the price between NATted and unNATed service won’t diverge too much.

LA Times (requires regsitration):
China Authorities Battle Hard to Tighten the Web:

…The second approach uses technology to limit citizens’ ability to view what the government considers objectionable.

In recent months, China has become far savvier in this area, experts say. It wasn’t too long ago that it had to block an entire overseas website containing objectionable material, with questionable results. While blocking the Massachusetts Institute of Technology’s site prevented Chinese citizens from accessing encryption programs, for instance, it also frustrated future government engineers trying to apply to the institution.

Now Beijing can block access to a single page, or to links it finds objectionable.

“It sounds easy, but it’s been a deep technological problem,” said Ben Edelman with Harvard Law School’s Berkman Center for Internet and Society.

The firewalls around China require users seeking access to the rest of the Internet to go through a limited number of gateways controlled and monitored by Beijing. China also has improved its ability to divert or hijack requests for sensitive information, redirecting them to harmless sites or “timing out” the request. It’s also better able to block sites that constantly change their Web addresses, a tool used in the past to keep one step ahead of censors.

“With new technology, they’re now upgrading their system within a couple of months,” said Bill Xia, president of Dynamic Internet Technology, a U.S. company that develops technology to circumvent China’s filters. “They probably have to go through approvals, but I’m rather impressed by their speed.”

…

There are limits to the technology, however. You can’t block everything. So China has invested heavily in an expanded cyber police force that scours the Web looking for new sites to block, monitoring bulletin boards and identifying “undesirables.” Online rumor puts China’s cyber police at 30,000.

“That’s just a number,” said Michael Iannini, Beijing-based general manager with Nicholas International Consulting Services. “The point is they have a lot of people doing what they do to make sure you can’t do it.”

Luca Deri, in Improving Passive Packet Capture: Beyond Device Polling (pdf) shows
radical (and appalling) differences in packet capture performance among Windows, FreeBSD, and Linux machines, due to
differences in device drivers. The paper recommends use of device polling, and the author also implemented a ring-buffer version of libpcap.

[via TaoSecurity]

This might be affecting the University of Rochester (I’m looking into it):
Trouble with Chinese applicants/customers reaching your web site?
Maybe your DNS server is blocked.

See the excellent summary of the situation from Zittrain and Edelman:
Empirical Analysis of Internet Filtering in China.

Caltech, Columbia, MIT, and U.Virginia are known victims. NorthWestern U
is also affected.

Did this problem increase in November?
See notes in interesting-people
and
Politech.

Interestingly, as of today, only one (Columbia) of the five .edu zones listed above has off-site secondary DNS servers.

Andrew Odlyzko: Pricing and architecture of the Internet: Historical perspectives from telecommunications and transportation:

The general conclusion then is that the historical record of the transportation industry does demonstrate the importance and prevalence of disciminatory policies that are incompatible with the basic architecture of the current Internet. This probably accounts for much of the push to build new networks, or modify the current ones so as to provide more control for service providers over what customers do. However, the Internet is special, in its importance as an enabler for the rest of the economy, in its migration of costs and capabilities to the edges, in its primary value being in connectivity and low transaction latency, and in its pervasiveness and frequency of use. Hence in spite of the strong push from the industry, there are good prospects that the open architecture of the Internet will survive.

Robert Moskowitz (ICSA Labs) on WiFi SSID hiding (PDF):

Contrary to a common belief that the SSID is a WLAN security feature and its exposure a security risk, the SSID is nothing more than a wireless-space group label. It cannot be successfully hidden. Attempts to hide it will not only fail, but will negatively impact WLAN performance, and may result in additional exposure of the SSID to passive scanning. The performance impact of this misguided effort will be felt in multiple WLAN scenarios, including simple operations like joining a WLAN, and in significantly longer roaming times.

Trying to hide the SSID does not strengthen security in WLANs. The scarce resources of today s WLAN administrator are better spent tuning WLAN performance and operations with full SSID usage, and enhancing WLAN security by deploying modern security technology, such as link-layer encryption, and IEEE 802.1X authentication.

Figby.com: Michael Moncur’s Weblog:

The Quotations Page offers RSS feeds to syndicate daily quotes. My logs show 74,257 requests for these files on a single day last week. Most downloaded the entire file despite the fact that it changes only once every 24 hours. Based on this, the RSS feeds use 157 MB of bandwidth per day. This is negligible to me (the rest of this busy site uses almost 5 GB per day) but I’ve had to do quite a bit of tweaking over the years to keep the sheer number of RSS requests from overwhelming the server.

In my case, a large part of the problem is Ximian Evolution, an information manager for the GNOME linux desktop. My feeds are included by default in every installation, which resulted in an effective distributed DOS attack against my site until I took measures against it. Thousands of sites using this software poll my site every 5 minutes.

Nearly 65% of my RSS requests are from Evolution. I have configured Apache to return a 403 error  code to these requests. I hate to make the feed useless for these clients, but I had no other choice since my bug reports to the Evolution coders have been consistently ignored, and it will cut my RSS bandwidth in half.