Monthly Archives: March 2008

Captchas

Posted on by
Reply

For those not aware, “captcha” is the name given to the little images with distorted text. The premise is that a human can figure out what they say, but that a computerized “bot” cannot. Thus they’re used to keep people from writing scripts to sign up for hundreds of accounts, or to prevent spammers from leaving comments. (Incidentally, there are some clever ways to defeat captchas. The most creative was a group of people that apparently started a “free” porn site, where users only had to complete a captcha to sign up. Except that the captcha actually came from another site: they were essentially getting hundreds of porn-starved people to help them bulk-register for various accounts!)

Anyway, besides causing major problems for the visually-impaired, there’s another problem with captchas… Consider the one I got the first time I tried to sign up for Hulu:

The Most Awesome Thing…

Posted on by
Reply

…Ever.

Hulu. You can watch TV shows online. In (seemingly, I don’t know the exact resolution) high def. That’s pretty cool. Plus, it’s legal. Oh, and, the most important part: there’s no catch… It’s free. You sign up and watch TV shows.

With shows like Arrested Development, The Office (only 9 episodes right now), House (only 2 episodes), Psych (5), Monk (6), Journeyman (13), I Dream of Jeannie, National Geographic Presents, and…

Alright, you know what? I started listing the cool shows to write a nice, proper review. But the truth is, I really don’t want to write this anymore. I have 8 episodes of The Office, and an episode each of House and Psych to watch. And that’s just of the first four series I’ve listed. Paging through the list of shows to list the ones I love, I realized that I’d much rather be watching Hulu than writing about it.

So sign up and come join me in what might be the single biggest blow ever dealt to American productivity.

Yes we can… win Texas

Posted on by
Reply

Quoth the votemaster:

Texas finally got the votes counted. The net result is that Obama actually won Texas. Clinton got four delegates more than he did in the primary but he beat her by nine delegates in the caucus. Between Texas, Wyoming, and Mississippi, he now has a bigger lead in delegates than he had before March 4.

As an armchair (business) strategist, I have to say that Hillary’s attempt to claim him as her VP was a clever, if hilariously transparent, attempt to draw attention away from the fact that he is winning no matter how you slice it. Let me be sappy and quote the Yes We Can Song (which itself quotes Obama). It seems quite apropos here:

We know the battle ahead will be long, but always remember that no matter what obstacles stand in our way, nothing can stand in the way of the power of millions of voices calling for change.

We have been told we cannot do this by a chorus of cynics… They will only grow louder and more dissonant.

PayPal

Posted on by
Reply

PayPal’s really been getting on my nerves.

About a month ago, they froze my account, citing protecting my security. They said someone had attempted to access my account, they said. I performed the first two verification steps, but now I’m waiting on mail at home with a “security code” I have to enter to confirm it. Of course, it’s been almost two weeks with no mail from them.

So, through the PayPal site, I sent them a message asking what was up. I should clarify that I’m absolutely positive it was the “real” PayPal site. The certificate matches, and I initiated the access, so it’s not like I’m getting e-mail asking me to click a link (to paypal.com.this.is.a.scam.geocities.com)

It just bounced back to me, citing an unknown user on their end.

So I’m now approaching a month with no access to my account. I am not impressed, especially by their internal contact form bouncing back to me.

Professionalism

Posted on by
1

I frequent WebHostingTalk.com, a really good forum for people in the web hosting industry. There are lots of really knowledgeable people on there, but there are also sorts of people without so much technical knowledge….

There was one guy a while back who announced that he was starting a video sharing site (a la Youtube) and that he’d need 450 petabytes of transfer a month. No one was quite sure how to respond, since this is orders of magnitude more than anyone measures anything in. I calculated that he’d be using about 1,400 Gbps. (And that’s an average… Real traffic patterns for big sites are more of a sine wave, so you’d probably want about 2,000 Gbps aggregate capacity, which you’d be filling at peak hours.) I’m fairly certain that even a site like Google doesn’t use anything like that. In fact, I’m fairly certain that even if a site like Google called up their providers and asked for 1,400 Gbps, they’d be laughed at. No one out there can provide that.

But some are just distressing. One guy posted, maybe a year ago, that he was getting a “private room” and didn’t know what he’d need for equipment. Did he need a router? Switches? A “private room” in a data center, by the way, is to host your many racks of servers, walled off from others for maximum security. You’ve got to be a very big place, with a very big budget, to be doing that. This is kind of like asking, “I’m buying a 500,000 square foot warehouse. What do I need? Do I need a forklift? Lights?” (A lot of answers were basically, “What do you need? You need an IT department, and someone who doesn’t have to ask this question.” Although my favorite answer was, “Padded walls.” Normally it annoys me when people give rude answers online, but I couldn’t help but burst out laughing.)

Today’s post is from a guy who seems to have about 30 servers with one company, running what I can only assume is a successful hosting company. He’ll fill one server and order another, but he’s having difficulty “managing” the traffic–he wanted to pool all of the bandwidth together. This is something that most big companies will do for you if you ask, since you’re a huge customer and they know that their competitors will do it if they don’t.

If you buy a dedicated server, you’re usually given a bandwidth allocation in GB/month. I’m allowed 1,000 GB a month, for example. (And I don’t use 5% of it.) This comes out to using about 3 Mbps 24/7, but it’s much more convenient for me since I don’t have to worry about momentary usage, just the net amount of transfer moved. There are also subtleties here: I have 1,000 GB over a 10 Mbps line. 1,000 GB means that my average use can be up to 3 Mbps. But, in real life, as I mentioned, traffic patterns ebb and flow. If I were using 3 Mbps average (I’m not), I might be using 5 Mbps during the day, and 1 Mbps at night. So just giving me a 3 Mbps line wouldn’t cut it, since it’d be really crappy during the day.

But this guy’s host quoted him a price in Mbps. He was very confused by this. He was used to his GB/month, and didn’t know what to make of these foreign “Mbps” measurements.

Someone else just posted about how some guy with the IP 0.0.0.0 keeps connecting to him, and wondering if he should ban that IP, which he thinks is awfully suspicious. (It’s not as bad as the guy who was getting people with “blank IPs” connecting to him, and wondering if he could ban a null IP in his firewall… It turned out that he was running some random command which was returning way more than just IPs, hence a number of blank lines…)

Who are these people? I wouldn’t post a blog making fun of people who didn’t know otherwise obscure things, except that these should be basic little tasks for people in these positions. It’d be like a certified (not certifiable, but certified) sysadmin for Windows systems posting and saying, “I need to change my desktop background? How can I do this?” Or a car mechanic, who’s gone on and opened his third garage, posting and saying, “The oil in my car is old and dirty. Is it possible to somehow drain the old oil and put new oil in?” Or, for the more absurd requests we see, someone posting on a financial forum about how they’re starting a lemonade stand and think they need $750 billion in startup capital, wondering what bank will give them a better interest rate. It just shocks me that these people are successful and yet so clueless.

BitTorrent is Cool

Posted on by
Reply

Having recently pulled down some updates via BitTorrent, I discovered a cool neat thing about the protocol. Obviously, it’s basically a peer-to-peer filesharing tool. But it has some neat things that keep it working well. Files are split up into many pieces, and each of those chunks can be downloaded from anyone. (Apparently, various file-integrity provisions exist, too, to help guard against people injecting garbage.)

The first neat thing is the concept of “choking” selfish systems. As I download chunks, my torrent client will automatically start sharing the completed chunks. If my client detects that you’re downloading completed pieces I have, but not sharing the completed pieces you have, you get “choked,” or banned. I stop sharing with you. (Periodically, an “optimistic unban” will kick in, giving you another chance.) This greatly increases the incentive for you to share files: otherwise, everyone would want to download only, meaning that very few people had the file.

The obvious problem is that the file, if one piece is missing, is useless. If you take a random 1MB chunk out of the middle of Microsoft Office, the whole program will fail to work. (Not that I condone downloading MS Office via BitTorrent. After all, it’s free from school!) So it’s important to make sure that no pieces become unavailable. So most clients implement a neat algorithm, called “rarest first.” The name sums it up pretty well: as clients go out advertising what pieces of the file it has, it will go out and grab the least-available pieces first. And after I finish that piece (and, by necessity, begin advertising that piece to peers), I go and get the next-rarest piece. Since the whole is useless without all the parts (the whole point of the rarest-first system), it doesn’t matter what order I acquire them in, thus permitting each client to help raise availability.

Overall, the more I read about the inner workings, the more impressed I am.

BitTorrent

Posted on by
Reply

A few tips, in the hopes that it’ll help someone else. (Aside: don’t download illegal stuff with BitTorrent. Do download the many awesome, legal things on BitTorrent, such as Ubuntu torrents.)

  • You can encrypt your BitTorrent traffic, which is meant at circumventing ISPs that feel like being pains and blocking traffic. However, “Enabled” isn’t the value you want. You want “Forced.” In uTorrent, this is under Preferences -> BitTorrent.
  • If you don’t upload at all, other nodes will “choke” you by refusing to talk to you. It doesn’t seem to me like it has to be entirely equitable; I’ve capped my upload at a pretty small number, but am downloading around 100 kB/second (800 kbps).
  • You’ll have a port number for incoming connections. If this port isn’t coming through (such as if you have a “default-deny” policy), things will work, but they’ll be unbearably slow. As an aside, if you’re behind an OpenBSD firewall (using pf), have a local IP of 192.168.1.79, and use the randomly-selected port 26689 as your local port for BitTorrent, the firewall rule looks like rdr on $ext_if proto tcp from any to any port 26689 -> 192.168.1.79 port 26689. Remember to flush the rules (pfctl -F rules) and then (possibly required? possibly done automatically with the flush?) load them back in (pfctl -f /etc/pf.conf).

With these three principals in mind, my (legitimate) download went from 0.8 kB/sec to 145 kB/sec.

Huh, a neat tip… If you pick a torrent from one site, but it’s something identical to what other sites have, add the additional trackers in to the first download, which will give you more peers!

Oh, another tip: don’t arbitrarily set a download limit! My downloads wouldn’t break 145 kB/sec or so, until I realized that I’d set a limit of 150 kB/sec. I removed the limit and am suddenly at 400 kB/sec. (Incidentally, our available bandwidth has suddenly plunged to nothing…)

One final note: Peer Guardian is good, but don’t run it unnecessarily, since it blocks a lot of legitimate traffic. Including, oddly, Steam’s servers (for games like Counter-Strike and TF2), apparently because they use Limelight’s CDN, and they’ve dubbed Limelight bad?

Security Forces

Posted on by
Reply

I just finished a show on “NatGeo” about the private security firms working in Iraq. It was a really interesting watch. They’re not there to engage in combat, but they’re there for “security,” such as escorting construction materials for a new police station (something insurgents are eager to stop), and transporting VIPs around.

IEDs are apparently a huge problem, moreso than the news portrays. One of the guys brought back his SUV, with the whole side blown in and full of bullet holes. The SUV was “reinforced,” meaning that it had bullet-proof glass and huge steel plates over it, and yet it was still in terrible shape. He made it out alright, although the driver, an Iraqi, died. “That was my seventh IED,” he mentioned casually.

Most are apparently set on desolate roads, and are basically just tripped by any car. There are often just tripwires that set them off, versus manually being tripped. Which got me thinking of an old idea…

I want to build an “RC Car,” something radio-controlled. Except I don’t mean a little RC car. I mean an actual car that’s driven remotely. With GPS and a set of video cameras (plus a high-speed, low-latency data link), you could be pretty accurate. It probably wouldn’t be a good idea to remotely drive one of these down Route 3 (although I think you could design it to work pretty accurately). But I think they might rock in Iraq. You send one out a quarter-mile in front of your “real” convoy. No one’s in it, but its main purpose would be to trip IEDs, and do some scouting for you. From the back of a van in tow, or from a remote headquarters, people could watch for anything suspicious. And, “worst case,” it trips an IED, effectively wasting the IED on blowing up a van with no one in it. The real people behind could either divert their course, or plow on through, knowing that the bomb had been detonated.

I’ve also thought RC planes would be interesting. These days they’re “UAVs,” unmanned aerial vehicles. What I have in mind is isn’t the military UAV, a “real” airplane remotely controlled, but something a couple feet long with some cameras. Outfit it with GPS and various data links, such that it can stream video real-time, or even capture higher-resolution still images and transmit those. (Heck, fit a high-end camera on it, but have it transmit a 640×480 image, and just store the full-res to an 8GB Flash drive…)

I always thought it’d be cool to have as a pet project. Fly it around and go “sight-seeing” from your room, with what’s essentially a wireless webcam in the sky. I think they’d also be popular with places doing mapping / “satellite” imagery, as you could send these little things up and just have them run autonomously, snapping photos of an area until the batteries / gas ran low, at which point they’d return “home.”

But these things would rock in combat, too. Send these out over areas you’ve got to travel. (And areas you’re not travelling, to keep them guessing.) At a remote command post, someone can spot potential threats and identify them long before they become a problem. (You could even try grazing them with your mini RC plane.)

I don’t know what sort of radio infrastructure over there (well, I know they’re running CDM1250s and HT1250s, but I mean, I don’t know if they run repeaters / what power they run), but you might even fit a portable repeater on the little UAV, ensuring that their portable radios could still keep in touch with their post miles away.

As an aside, the radios I saw them with in the show don’t support encryption, meaning that it really wouldn’t be hard for insurgents to tune in. Their bombs keep getting more and more complex, showing that they’ve got some technically-minded people on board. It seems like a pretty bad idea to me to not encrypt your radio traffic in those circumstances.

Activation

Posted on by
Reply

My debit card expires this month, so I just got a new one in the mail. It has a number you have to call to activate it. So I dialed, and it rang twice. (I’m used to auto-answer systems picking up on the first ring, but whatever.)

I expected something like, “Thanks for calling Visa! To activate a card, press 1…”

Instead, I got:

“November 8, 2007!!!”

[awkward pause]

[lengthy message in Spanish directing Spanish speakers to press 2]

“Here’s how I can help you.”

[awkward pause]

[To activate a card, say “Activate a card.” To report a lost or stolen card…]

Me: “Activate a card.”

“Okay.”

[awkward pause]

“Please say the last four digits of the card.”

Me: [does so]

“All cards associated with this account have been activated. Goodbye.”

It was the strangest thing. And while “normal people” may like it, I find it extremely awkward to speak to computers on the phone. I’d think it would be less error-prone if I was asked to dial the last four digits. And it would certainly feel less awkward than me sitting in the living room saying, “Activate a card! 1-2-3-4!”

The worst is the greeting. Especially when it comes to credit cards, it’s important to at least pretend you’re a real company. Shouting (excitedly) a date and then having a couple seconds go by doesn’t inspire too much confidence.