Saturday, December 25, 2010

Happy Christmas, ladies and gentlecats...

'Twas the night before Christmas, when all through the house
Not a computer was stirring, neither keyboard nor mouse;
The packages were updated, each one with care,
In hopes that St. Linus soon would be there;

The daemons were idle using no CPU,
The firewall working left them nothing to do;
And I with emerge, and Akira with apt-get,
Had just settled down for a long winter's fetch,

When out on the net there arose such a clatter,
I sprang to to see what was the matter.
Away to my browser I flew like a flash,
Opened a new tab and clicked the link mighty fast.

The words on my screen with release notes just so
Gave the lustre of mid-day to source code below,
When, what would make my wondering eyes smile,
But a official release in a gzipped tar file,

"Now, Red Hat! now, S.u.S.E.! now, Ubuntu and Knoppix!
On, Slackware! on Debian! on Gentoo and Gnoppix!
To the nearest mirror! to the next major release!
Now build away! build away! build away all!"

As dry leaves that before the wild hurricane fly,
When they meet with an obstacle, mount to the sky,
So up to the mirrors the hackers they flew,
To see their new toys, and thank St. Linus too.

He sprang to his keyboard, to his team sent a note,
And away they all flew to 2.7, new features they wrote,
But I heard him exclaim, ere make config was gone,

Friday, December 10, 2010

Privacy Policy Updated

Upon a lot of contemplative reflection, I've come to the realization that privacy on-line isn't what it used to be. I saw this post about the "The first truly honest privacy policy" and it really made a lot of sense to me. So much, so, that I have decided to adopt it here, as well. Behold, the new privacy policy for and any other sites in my little network.

At we value your privacy a great deal. Almost as much as we value the ability to take the data you give us and slice, dice, julienne, mash, puree and serve it to our business partners, which may include third-party advertising networks, data brokers, networks of affiliate sites, parent companies, subsidiaries, and other entities, none of which we’ll bother to list here because they can change from week to week and, besides, we know you’re not really paying attention.

We’ll also share all of this information with the government. We’re just suckers for guys with crew cuts carrying subpoenas.

Remember, when you visit our Web site, our Web site is also visiting you. And we’ve brought a dozen or more friends with us, depending on how many ad networks and third-party data services we use. We’re not going to tell which ones, though you could probably figure this out by carefully watching the different URLs that flash across the bottom of your browser as each page loads or when you mouse over various bits. It’s not like you’ve got better things to do.

Each of these sites may leave behind a little gift known as a cookie -- a text file filled with inscrutable gibberish that allows various computers around the globe to identify you, including your preferences, browser settings, which parts of the site you visited, which ads you clicked on, and whether you actually purchased something. Those same cookies may let our advertising and data broker partners track you across every other site you visit, then dump all of your information into a huge database attached to a unique ID number, which they may sell ad infinitum without ever notifying you or asking for permission.

Also: We collect your IP address, which might change every time you log on but probably doesn’t. At the very least, your IP address tells us the name of your ISP and the city where you live; with a legal court order, it can also give us your name and billing address (see guys with crew cuts and subpoenas, above).

Besides your IP, we record some specifics about your operating system and browser. Amazingly, this information (known as your user agent string) can be enough to narrow you down to one of a few hundred people on the Webbernets, all by its lonesome. Isn’t technology wonderful?

The data we collect is strictly anonymous, unless you’ve been kind enough to give us your name, email address, or other identifying information. And even if you have been that kind, we promise we won’t sell that information to anyone else, unless of course our impossibly obtuse privacy policy says otherwise and/or we change our minds tomorrow.

We store this information an indefinite amount of time for reasons even we don’t fully understand. And when we do eventually get around to deleting it, you can bet it’s still kicking around on some network backup drives in somebody’s closet. So once we have it, there’s really no getting it back. Hell, we can’t even find our keys half the time -- how do you expect us to keep track of this stuff?

Not to worry, though, because we use the very bestest security measures to protect your data against hackers and identity thieves, though no one has actually ever bothered to verify this. You’ll pretty much just have to take our word for it.

So just to recap: Your information is extremely valuable to us. Our business model would totally collapse without it. No IPO, no stock options; all those 80-hour weeks and bupkis to show for it. So we’ll do our very best to use it in as many potentially profitable ways as we can conjure, over and over, while attempting to convince you there’s nothing to worry about.

(Hey, Did somebody hold a gun to your head and force you to visit this site? No, they did not. Did you run into a pay wall on the home page demanding your Visa number? No, you did not. You think we just give all this stuff away because we’re nice guys? Bet you also think every roomful of manure has a pony buried inside.)

This privacy policy may change at any time. In fact, it’s changed three times since we first started typing this. Good luck figuring out how, because we’re sure as hell not going to tell you. But then, you probably stopped reading after paragraph three.

Tuesday, October 19, 2010

What's in a G?

What's in a G? In today's modern world, many people's lifestyles depend on 3 of them, but few understand what makes one up. Around 2001, the first true 3G standard surfaced: UMTS, by the 3GPP. This was followed quickly by CDMA2000, in 2002, by the 3GPP2, and both are considered part of the International Mobile Telecommunications-2000 (IMT-2000) standards for mobile phones and data services, under the International Telecommunication Union chartered by the United Nations. 3G is a world-wide standard, similar to how a kilogram is the same in England as it is in Japan. Standards are important, and guarantee specific services from products claiming to be compatible with them.

Taylor over at recently blew the whistle on T-Mobile's Project Emerald, which will bring up the marketing hype behind their nation-wide HSPA+ rollout behind the 4G moniker. Why are they making this obviously false claim? HSPA+ is still a 3G technology, after all. Sometimes, the only way to fight misinformation is with misinformation.

T-Mobile is obviously responding in kind to Sprint and Verizon, who are touting their new 4G networks. Sprint has turned up its WiMAX solution to cover over 40 million users already, while Verizon has not been shy about announcing their plans to blanket the nation with their LTE solution starting at the end of 2010. T-Mobile's planned HSPA+ network is capable of matching or exceeding the speeds of both Sprint's planned WiMAX network and Verizon's planned LTE network. How can 3G and 4G be equal, though? Somebody's obviously playing dirty pool. T-Mobile's network isn't 4G as defined by ITU-R's IMT-Advanced specification, which requires 1 Gbps of throughput between stationary objects, and 100 Mbps to objects in motion, with tower to tower handoffs. Technically, HSPA+ isn't capable of even half those speeds, and certainly doesn't meet the rest of the IMT Advanced specification, which is why HSPA+ isn't a 4G technology. Sprint's WiMAX deployment, however, isn't a 4G technology either, nor is Verizon's LTE. They're 3G Transitional, or, 3.9G. HSPA+ is a 3.75G - both are above the straight 3G specification, but all of them fall way short of the 4G standard.

Looking even deeper into the IMT-2000 specification, it's worth noting that while CDMA2000 is a 3G technology, for a network to be classified as 3G-capable, it must support simultaneous voice and data service usage, something that neither Sprint nor Verizon can claim across their CDMA deployment. Even though they're touting a 4G network, they don't even have a 3G one that spans 100 feet, let alone coast to coast. Sprint's WiMAX solution meets all the criteria for a 3G network, allowing simultaneous voice and data, and Verizon is in the testing stages of a new CDMA standard called SVDO, which will allow for simultaneous voice + data over their existing network (which is currently EVDO Rev A), but until that goes live in 2011, they may be the largest national carrier but they're a G short of everybody else, anywhere.

With every provider lying about standards, network types, and coverage offered, the entire American mobile industry seems to be misrepresenting something or other, and the consumers are left out in the cold. Marketing has confused many, and any semblance of standards has been pushed aside. Maybe I'm splitting hairs, here, but it feels like I'm paying for a kilogram, being told I'm getting a kilogram, and when I get home, I'm a pound short.

Tuesday, September 21, 2010

Halo, halo, halo, is there anybody in there?

Wednesday, June 23, 2010

Android device saturation: Is competition really such a good thing?

I've been reading a lot about Android recently. Well, by recently, I guess I mean the past year and a half. Having attended Google's IO 2010 conference in person, and being a big Android fan since the original G1, I have become a bit involved in the community, especially the Cyanogenmod AOSP project. I have to admit that my software experience with Android comes more from that of a User's perspective, rather than a Developer's - I've never compiled AOSP from scratch before, and though I do have one application on the marketplace (Digital Rain - Live Wallpaper) it's honestly a lot more my roommate's work than my own. I'm certainly technically sufficient when it comes to a lot of things, including Android, but I'm not a code poet. So that's where my experience as a developer stands.

As a user, I've been employing the use of Cyanogenmod since it debuted for the Nexus One. For the two months or so prior to that, I was using stock 2.1 that came on my Nexus (I think the first version of 5.0 came out the first week of February, so that was almost exactly 2 months after I got my Nexus in mid-December). Prior to my Nexus, however, I had an HTC Dream, and a Google ION from IO 2009, both running Cyanogenmod 4.x. Long story short, I've been a user of Cyanogen's stuff since Android 1.5. In my experience (and opinion, of course), there's really only two reasons a person has to not run Cyanogenmod (or similarly compiled AOSP code), and that is isolated into three categories:

  1. Warranty
  2. Technical Incompetence
  3. Custom Interfaces

Lets examine them in order - not everybody wants to root, as it voids their warranty. Obviously, phones that are released in a locked state are voided by this procedure, but even the only phone ever sold to consumers, the Nexus One, has a nice "warranty void" screen when you attempt to unlock it, and it officially supports replacing the firmware on the unit. While HTC has honored every request so far (We haven't heard otherwise) for replacing defective units due to hardware issues, even if the device is rooted, how far are they willing to go? Those are waters that some aren't willing to test with their $500+ device.

There's also the geek factor, as I like to call it. First off, the process of rooting a phone has gone from fairly easy and straight forward to exploiting race conditions that are inconsistent across the device causing the same procedure to work on some, but fail on other devices, making me think of attempting to kill a fly with a shotgun. My roommate's mother has an Android device - a myTouch 3G 1.2 (with the headphone jack), and I can't honestly see her rooting the device at all, even if she wanted to. She's computer savvy, and knows enough basics to put her in the top echelon of her generation (who don't have jobs programming or similar), but rooting her phone isn't something that appeals to her. Could she figure it out? Yes, most likely, but it would be a lot of effort, and a lot of risk in case she doesn't do something properly, or, can't figure out the full process by herself. Her phone works well enough for her as-is, so that's the bottom line.

Lastly, running AOSP code produces a stock version of Android. It is, after all, Google's open source project. Sense UI, MotoBlur, Sony's MediaScape, and all the other ones out there, aren't part of the official Android project, so, if you're partial to one of them over the stock vanilla Android, rooting won't get you anything good (unless you download a ROM with the custom interface "baked in" which is legally questionable, even if your phone came with that interface originally).

So given those three reasons for not wanting to root, anybody who doesn't fall into those has most likely rooted their device. I certainly fall into that category. So since I have no reason not to run the latest and greatest Cyanogenmod, I do. But enough about the software for now. What about the hardware?

We have some fairly nice devices from which to choose from. The HTC EVO is a very large screen, very nice fully-touch screen device, front facing camera, but, no physical keyboard, and it runs Sense UI. I suppose Sense can be replaced by AOSP though. And it only runs on Sprint. That's a bummer. There's the Motorola Droid, and it has a keyboard and runs vanilla Android. But, that D-pad is useless, I much much much prefer a trackball. The processor is also underpowered. And Verizon is a deal-breaker, too. I much prefer my devices be able to navigate using Google Maps and talk to the party I'm navigating to via bluetooth at the same time. So that rules out CDMA. Motorola Milestone? Same as the Droid only a lot harder to root (have these things even been rooted yet?), and too hard to get a hold of in the US. Samsung Galaxy S is supposed to be on all 4 Tier-1 carriers, but, no physical keyboard, and it isn't running stock Android either. In short, of all 60+ Android devices that are on the market, there isn't a single one that I think is "perfect" as it is, even from a hardware point of view. With so many options available, on so many carriers, it's also becoming a pain in the rear end to stay up to date with this, that, and the other thing. A small part of me wants one of everything, which of course isn't feasible, but the other part of me would settle on a single device that fit nicely in the palm of my hand (The EVO is too wide, the Nexus One is a tad too short), had a physical slide out keyboard with staggered rows of keys (Like the HTC Dream), had a scroll wheel that lit up (like the Nexus One), had physical buttons (like the Droid X) rather than soft ones, and didn't run a non-stock Android build, based on FroYo, with 8 or 16 gigs of internal storage in addition to the SDCard. I don't care much about battery life, as I'm never with out my charger, and I'm quite used to charging my Nexus One twice a day as it is. I'll take what I can get, happily. I'm sure my desire for a device that is not available, but combines elements from the 60+ in-production devices is not unique. While others may not agree this is the EXACT device they want, I'm sure others have their own ideas on what they'd like in a device that doesn't currently exist.

With all the different devices running different versions of Android, it's just really difficult for the consumer to find what they want. Do I want one Android device, akin to the Apple iPhone, where all hardware is created equal? Oh hell no, it'd be like everybody driving the same model car. Some people truly do need a truck. Others, a van. But when there's 60+ devices, and none of them are what I consider to be "perfect", it's more than a little frustrating. Still, I live in hope. Here's hoping the Nexus Two can deliver.

Friday, June 11, 2010

On Censorship and the Internet: China's I-Root

I found a blog entry today that made me stop and think. It made me question all the freedoms I have, and wonder about all the hard work that goes into maintaining them. In a blog post I am stealing from Earl Zmijewski, he provides a very interesting perspective on Chinese internet censorship, and, how it affects me. Apparently, it does. I encourage you to comment on his blog, rather than mine. I just wanted the content on mine (with full credit going to Mr. Zmijewski, I didn't write any of this), as I don't particularly like it when my linked to content gets relocated and then I can't find it years later. I should also point out that this issue below is one of the reasons I hate politics...

Earl Zmijewski wrote:

Here we go again. In March we wrote a blog entitled Accidentally Importing Censorship which described how incorrect DNS answers were returned in response to certain queries to the I-root. The problem was tracked down to a single instance of the I-root located in China. Queries to this server for domains blocked in China, such as Facebook, would return seemingly arbitrary answers. As we noted, countries, and even companies, can impose their own standards on the Internet and block anything they want. This story was only noteworthy because those blocks (via bad DNS answers) became visible outside of China. Well, guess what? We are once again seeing the Beijing I-root from outside of China.


Let's start with a few disclaimers and some background. First and foremost, the sky is not falling. Getting the wrong DNS answer, even when querying the Chinese I-root instance is an extremely rare event. Go back and read our earlier blog to see the exact alignment of the stars that would be necessary. The fact that it is so rare is what kept the problem from being detected for weeks. However, as we noted in that earlier blog, given the broad swath of the Internet potentially querying the Chinese I-root instance, someone was bound to stumble on a bad DNS answer and, as a result, not be able to friend their pals. This is exactly what happened and is what brought the problem to light.

Second, the fine folks at Netnod, who provide the exceptional and free I-root service, vigorously defended their services in China, asserting they provide the same DNS answers regardless of location. We have no reason to think otherwise.

Third, it's quite easy to see incorrect answers from DNS servers in China yourself, whether or not you happen to live there. This has nothing to do with any of the root name servers. Just pick your favorite DNS server based in China and ask it about Facebook. Here is an example of repeated queries from the Linux command line from a US-based machine to a China Telecom DNS server.

... 11556 IN A 24055 IN A 38730 IN A

None of these IP addresses has anything to do with Facebook. In fact, addresses starting with 37 haven't even been allocated by IANA as of this writing.

Of course, if you don't live in China, you probably don't use a Chinese DNS server directly. The problem is that we all use the root name servers and they are spread throughout the world. Thanks to the vagaries of Internet routing, you may end up querying any of them, regardless of where you live and where they are hosted. Thus, if you live outside of China and just happen to query a root name server hosted in China, your queries will pass through what is known as the The Great Firewall, and hence will be subject to any restrictions it imposes.

Details, Details

While doing some research for next week's NANOG meeting in San Francisco, we revisited the time line for the March I-root announcements from China and couldn't help but notice the problem resurfacing on June 3rd. The I-root resolves to, which is announced by AS 29216 (which is dedicated to the I-root) as both and From there, these prefixes travel via Netnod's AS 8674 and then onto the general Internet. Since Netnod anycasts these prefixes from dozens of locations around the world, we expect to see them via any number of BGP adjacencies to AS 8674 and, in fact, we do. Around 80 different ASes adjacent to Netnod's AS 8674 see the two I-root prefixes and, in turn, propagate them onward.

What we do not expect to see are mainland Chinese ASes adjacent to AS 8674 propagating these prefixes outside of China. This is what we did see in March 2010 and it implies Internet users outside of China could be directed to the I-root instance inside of China. Unfortunately, this problem has returned. We see AS 8674 passing just off to AS 24151 and then AS 7497, both of which are associated with the China Internet Network Information Center. From there, the prefix travels via Pacnet (AS 10026), formerly Asia Netcom, and PCCW (AS 3491) out to the general Internet. This started just before 10:20 UTC on June 3rd and is still ongoing as of the date of this blog.

As we noted last time, to get a bogus DNS response outside of China, you not only have to query the I-root, you have to query the Chinese instance of it. To measure potential impact, we looked at the originating country of all prefixes downstream of any provider selecting the Chinese I-root. We then computed the percentage of these relative to the total number of prefixes in the country. A graph of the top dozen from the March incident is shown below, followed by those from this current (and ongoing) incident.



Not surprisingly, most of the affected countries are in Asia, as before, but there are important differences from the last event. Russia, India and Taiwan all entered the top twelve, while Pakistan, New Zealand and Bangladesh have dropped out. The impact on the countries in both lists is roughly similar, except that US impact went up by a factor of 10. Potentially impacted US states include Florida and California, making up approximately half of the US total. In addition, Singapore increased from 73% to 96%.


Censorship is a fact of life on the Internet today. But unfortunately, given the open, trust-based nature of the network, such censorship can easily spread beyond its intended boundaries. While individuals can do little to avoid such issues, there are actions network and system administrators can take. Filtering root name server announcements with Chinese ASes on the path is one approach. Never querying the I-root is another. Such actions would guard against this particular problem, but probably not the next one — whatever it might be. Ultimately, we are all in this together. We depend on each country or organization not to inadvertently or intentionally interfere with any other. All other paths lead down a very slippery slope.

Tuesday, June 08, 2010


What is a friend? I think a lot of people forget, or maybe never even know just what a friend is. To me, a friend is someone that you don't need to lie to, in order to develop a bond with. After all, a relationship built on lies is like a house built on sand. It may appear sturdy in the short term, but the first rain, wind storm, or earthquake, and the foundation shifts right out from under it, leaving the entire structure in danger of collapse. I don't believe that you need to change who you are just to please your friends, either. It shouldn't matter how much, or how little each person has physically, only what they bring to the table emotionally.

I think a true friend is someone who cares about how you feel, and who wants you to share that with them. They're someone who will listen to your plans in life, and help you achieve them. They won't selfishly ask you to listen to their issues only, but give and take, in an ebb and flow. A real friend is someone you share everything with and not hold back because you feel they are hurt because of something you have while they don't. Friendship is earned, and not taken. A friend is someone you can trust to be there for you, and in return, you're there for them as much as you can be. Even if it is just to listen to them talk because things are bothering them, or they are excited and just want to tell someone something thats important to them. An acquaintance will hear what you say. A friend will listen to what you say. A best friend will listen to what you don't say.