Cyde Weys Musings

I’m angrier than a bull in a Communist china shop over a recent trend amongst ISPs towards metered payment schemes (use BugMeNot for access). I wouldn’t mind so much if they were charging market rates, which would be between 5 and 10 cents a gigabyte, but instead they’re going for outright extortion and charging one dollar per gigabyte. So instead of using their current revenue and building out their infrastructure to handle expected increases in traffic in the future, which is what they should be doing, they’re hoping to cut utilization by charging more, and thus ramp up profits while slowly choking our Internet to death.

This stupid pricing scheme has the potential to deal long-term damage to the Internet. There’s so much potential for over-the-net distribution of content (including high-def video and video games) that hasn’t quite materialized yet, and won’t ever if customers are charged so much for Internet access. The cost of “renting” a DVD-quality movie over the Internet doubles at $1/GB pricing levels. It’s obscene. The United States was the world leader in Internet adoption for so long, but now we are falling hopelessly behind. ISPs in many nations (including Finland and South Korea) now offer connections that absolutely put ours to shame, like 50 Mbps symmetric for less than what 8/1.5 Mbps costs here. And we only have our money-grubbing, monopolistic communications companies to blame.

If you find yourself stuck with metered Internet access that charges unrealistic bandwidth rates, don’t put up with it. Complain. Loudly. Change your service to anything else that’s available in your area. And if you’re a big torrent user like I am, you may find it cheaper to buy a business-level unlimited connection than to pay $1/GB. To bring the costs down a good bit, share it with your neighbors over WiFi. Just don’t let them pillage the future of the Internet for the sake of making a quick buck.

I feel obligated to report on this story because many people of my Internet generation don’t know about the rich history of Usenet, and thus will not appreciate what is being lost. Usenet is the original Internet discussion system. It’s been around a lot longer than the World Wide Web. Prior to 1992, there was email, for private correspondence between small numbers of people, and then there was Usenet, for larger discussions amongst huge groups of people.

Usenet is still around in its original form, though it has long since been eclipsed by web-based discussion forums. It still has a certain appeal to it though, and in high school, I was a very active participant on the newsgroup talk.origins, which is a newsgroup devoted to the discussion and debate of biological and physical origins. I was also rather active in rec.arts.sf.written and rec.arts.sf.composition, the former of which deals with professional speculative fiction (aka science fiction and fantasy) and the latter of which is a resource for people writing their own speculative fiction. Alt.atheism was fun too, although it naturally had quite a few trolls.

Nowadays, many ISPs no longer offer direct newsgroup access. It used to be that your ISP would run newsgroup servers (for instance, news.comcast.com), and you would use newsgroup clients such as Xnews (which feels sort of like an email client such as Mozilla Thunderbird, which can also read newsgroups) to connect to Usenet. Nowadays many people just access newsgroups directly on the web through services such as Google Groups — which I will point out is a rather confusing service because Google doesn’t make much distinction between the Usenet hierarchy, which they are merely displaying messages for, and user-created groups that only exist in the Google Groups service and that Google has full control over. As a result, a lot of people using Google Groups think they’re just chatting away in a Google discussion group, when in reality they are merely using Google’s web portal to something much larger.

I have lots of fond memories of Usenet, and I still check up on some of my favorite groups to this day. There’s a certain camaraderie that develops there that’s unlike the other kinds of social interactions you run across on the Internet. The users have generally been on the Internet forever (many from the pre-Web era), they trend toward academic types, and the discussions are fascinating. I met up with regulars from talk.origins a couple times in Washington D.C.; these events were scheduled every so often in areas with a large concentration of participants, and people would even come down from New York City to the DC meet-ups! Hell, I believe a large part in what helped me earn my full scholarship to University to Maryland was my education on evolution through talk.origins. One of the professors on my scholarship interview panel was a biologist, and I floored him with my knowledge of the rather complex topic of evolution and impressed him with my firm stance in favor of science over ignorance. So you can definitely say I have a soft spot in my heart for Usenet.

Now that you know what Usenet is and what it means to me, perhaps you will understand why I am so saddened that Verizon has removed the entire alt hierarchy from its Usenet servers. Verizon is a huge Internet Service Provider, and this will affect millions of their customers (including me!). The alt hierarchy was by far the largest hierarchy in all of Usenet; in web-equivalent terms, it’d be like if your ISP blocked access to all websites with the .com Top Level Domain. Their excuse is that there may have been some child porn on some of the alt.binaries groups (groups that are used for trading files, as opposed to discussions). Be that as it may, it doesn’t address at all why they blocked access to the non-binary parts of alt, including, say, alt.atheism and thousands of other groups. And to extend our Web analogy, child porn is available on .com sites as well, so by their logic, shouldn’t they be blocking all .com sites on the Web?

Read the rest of this entry »

Your mission, should you choose to accept it, is to download and install Firefox 3. It was just released today and it’s awesome. I can say that with some certainty because I’ve been using and marveling at the version 3 Release Candidate for a week and a half now. One of Firefox 3’s new features, the Awesome Bar is a large part of what makes Firefox 3 so awesome (what, you didn’t think I was merely being hyperbolic, did you?). The Awesome Bar is the replacement for the old-school Location Bar, with a lot more features that make browsing even more convenient.

And I don’t want to rush you or anything, but you really should download Firefox 3 as soon as you read this. The Mozilla Foundation is trying to set a World Record for most software downloads in 24 hours, and the clock runs out at 13:00 EDT on June 18. Having the World Record for most software downloads belonging to a Free Software project would be an amazing argument in favor of Free Software, so please, pitch in!

So, whether you’re upgrading from Firefox 2 (a painless process), or making the switch from the evil and nefarious Internet Explorer, there’s never been a better time to download the latest version of Firefox.

Are you ever ashamed of your code? Don’t be! Being ashamed of your code is harmful, as artfully explained by Ben Collins-Sussman. It’s better to make your mistakes in the open where they can be quickly corrected than in private where they can fester for months, even years. Note that we aren’t necessarily talking about open source code here. Being ashamed of your code could also mean not sharing code with other people at your company.

Ben uses some anecdotes to illustrate just how badly situations can get when programmers (or small groups of programmers) sit on their code for months on end without any outside sanity checking whatsoever. But these anecdotes are more humorous than necessary, as it’s pretty much a truism in computer science that coding off on your own in secret is a bad idea. The people who are doing it know it’s bad, and the only reason they persist is because they are ashamed. Oftentimes they’ll rationalize it by saying “I’ll just clean it up before I let others see it” — which, when combined with procrastination, can mean no one else sees it for months or even years. And if poor architecture decisions have been made, as they often are, the problem is too large for a simple clean up; a partial or full rewrite is necessary. This is not the situation you want to find yourself in.

Luckily, I can’t say I’ve ever felt ashamed of my code. And that’s not for lack of writing some truly terrible programs, either. I just value the feedback I get from others more than any personal attachment I might have to my code. In other words, I don’t take it personally. And to demonstrate that, I’m going to post a truly terrible program I wrote back in high school. My only excuse is that I was young and ignorant.

The program in question is “makeSite”, a program I wrote to create my blog-like website before the word “blog” even existed and before any real blogging software had been developed. I was writing what was effectively a blog at the time (you can see an archive of it here), but I got tired of having to hand-edit the HTML to copy over a previous entry and modify it each time I wrote a new entry. So, naturally enough, I wrote a C++ program to statically compile a bunch of text “data” files containing my own custom pseudo-HTML-like syntax into a website. I won’t defend the decision to do it this way, other than to say that I didn’t know any better. What this effectively meant was that every time I updated any part of my site, even to fix a one-character typo, my entire site had to be re-compiled by re-running the program, a task that, because my program wasn’t very efficient, was taking minutes after my site grew to be rather big. I toyed with the idea of some sort of incremental site compilation, only updating the pages corresponding to the changed data files, but I never got that working.

I think it’ll help to illustrate how bad this program truly is by individually discussing some of the more egregious parts of it.

#include "apstring.h"

For those of you who aren’t familiar with the “apstring” string library, here’s a hint: ap stands for Advanced Placement. That’s right, instead of using a standard, widely used string library (like “string.h”), I used the apstring library (by the College Board), because that’s what we were taught in class. It was just like a real string library, only it didn’t have as many features. Frankly, there’s no excuse for its existence, as tests should conform to reality and not the other way around. If you ever see it in production code, you should run like hell.

	headFile.open("pages.dat");
	output.open("pages2.dat");
	while (headFile.get(ch))
		output << ch;
	output.close();
	headFile.close();

Yes, you really are looking at a character-by-character copy of a file. Never mind that there’s an OS function to do this in one line (and much more efficiently, I might add). But the reason I did it this way is even worse than the way I did it, if that’s possible: I wanted a second copy of the file so I could parse through the original string-by-string, and then when I hit upon a page that was a subpage of another page, I would consult this copy to find out what its parent page was. This was to get around the problem of not being able to have two file handles open to the same file. I suppose the concept of just loading the whole file into memory and parsing through that didn’t occur to me. And notice the hard-coded file names; that’s a nice touch.

Read the rest of this entry »

Five days ago, I noticed that the number of hits coming to this blog decreased drastically. Specifically, the WordPress.com Stats plugin showed that my incoming hits from search engines had decreased to nearly zero. And since Google is this blog’s front page, that represented a rather drastic drop in traffic. I was down to just the regulars, those faithful readers who either refresh this blog regularly or are subscribed to the RSS feed (you know who you are). I wondered if I had pissed off the Google gods, and tried to wrack my brain for any bad SEO juju I could have employed.

Two days later, my traffic still hadn’t improved. My visitor numbers were in the doldrums for three straight days. You can imagine how disheartening it is to spend a year and a half working on building up a blog, only to slip backwards by over a year’s worth in traffic numbers. I was starting to foster an irrational hatred of Google. Then I randomly ran across a new WordPress vulnerability in the wild thanks to a link on Reddit. Here’s the description from the linked blog post:

Many sites that are running WordPress blogs have been hacked by a very clever and hidden PHP Injection which is redirecting all requests from Google, MSN, Live, Altavista, Ask, Yahoo, and other search engines and redirecting it to ‘anyresults.net’ a site filled with pay-per-click ads and redirects to other landing pages. This is a very clever trick as visiting a web site either through a direct navigation type in or a bookmark does not display the problem. Only search engine visits are redirected and many site owners are delayed at discovering this problem until they notice huge dips in traffic or revenue stats.

Wow, did that ever sound familiar! And after a quick check, what do you know, my site had been hit by the 0-day WordPress vulnerability described in the linked post. The fix was very simple: remove the offending code from my wp-blog-header.php file. How in the hell it got in there is still unknown. Hopefully WordPress fixes this soon. In the mean time, I’m just keeping a very close eye on my visitor statistics, and I have a pre-exploit backup I can revert to if absolutely necessary. Very thankfully, my visitor numbers have returned to what they were from before the exploit, so it looks like I won’t face any permanent damage.

As you can imagine, I’m a bit peeved at the WordPress folks right now. I’ve complained about the security problems in their software before, and new problems are always being discovered. If you don’t keep on top of WordPress upgrades very regularly — or even if you do, as I have discovered — you can be hit with all sorts of bad stuff. It’s more proof of that ancient pearl of wisdom in computer science: truly secure programs are designed with security in mind from the ground up. You can’t possibly make a program secure by trying to play whack-a-mole with all of the security holes in insecure software. If security wasn’t front and center in your mind from the get go, you can’t fix it later on, as security drives major architecture decisions that are much harder to revisit in mature codebases than simply dashing out another stop-gap security patch.

By recommendation from my friend Grokmoo, allow me to introduce you to TypeRacer. The site uses the basic “type the given passage without any errors and we’ll calculate your words per minute metric” mechanic, with a twist: each passage you type is in a race against other users to see who is fastest. This makes it very addictive, which is the single-most important quality you want in a learning tool. If you need to work on your typing skills (and in this electronic era, typing skills are incredibly important), definitely check it out. My best typing speed so far today was 127wpm; anyone care to try to best me? :-P

The hardest part of going for really high speeds is not making any typos. When I’m typing so furiously quickly, typos are nearly inevitable, and having to backspace and fix them is very costly. The only way I got that 127wpm score was through sheer luck: I made no typos at all. Also, at really high speeds, I find that I’m not typing individual letters anymore, but rather, entire words and phrases (it’s the same principle as speed reading, except in reverse). Passages that contain lots of unfamiliar words (and the site does have them) have me slowing down to around 90wpm, because I’m back to processing them on a per-letter basis. There’s one particularly villainous passage on the site that’s full of biochemistry terms. Good luck making iwpmt through that one at any reasonable speed.

This is one helluva ad for Seagate. What you are looking at is a 400 MB Seagate hard drive that survived the Space Shuttle Columbia’s break-up upon re-entry. Not only that, the data, which was for a microgravity xenon shear thinning experiment, was recovered and has yielded an important scientific research paper.

If I was Seagate, I would make this story into a magazine ad yesterday. It would also make a good ad for Ontrack Data Recovery, the folks who salvaged the data off the disk.

Tor (The Onion Router) is an incredibly useful large scale automatic proxy network that is mainly used for anonymous web browsing. Tor has taken a lot of heat from critics alleging that it facilitates criminal activities and that no one who isn’t doing anything illegal has any valid need for it (boy, does that argument sound curiously familiar). Well, here’s a good reason to reconsider. A U.S. District Judge has ruled that merely clicking on a hyperlink set up as part of a sting operation is probable cause for the FBI to bust down your door and confiscate all of your computer-related equipment.

That’s right, merely being unfortunate enough to click on the wrong hyperlink can now merit an FBI raid. Heaven help you if one of your online enemies has knowledge of such a link and tricks you into clicking it, kind of like a Rick’Rolling except with a SWAT team in place of a fresh-faced, carrot-topped, trenchcoated British crooner. Using Tor could protect you from the FBI intruding into your home when you’re doing absolutely nothing wrong. Still think there are no legitimate uses for it?

The Internet is nearing the magical number of 256K routes in forwarding tables of routers in the Default Free Zone. If that’s meaningless to you (it was previously to me), allow me to explain.

The Default Free Zone is the top level of Internet routing. There are millions, maybe even billions, of computers attached to the Internet, but the vast majority of them aren’t connected to the top level of the Internet; rather, they are aggregated into subnets by upstream providers. The Default Free Zone is where all of the upstream providers exchange traffic at the highest level. Depending on your perspective of the Internet, the Default Free Zone may have a different number of routes. The most noticeable reason for this is that some networks do not filter routes more specific than /24, but there are other reasons as well. Just note that the majority of top level routers still see fewer than 256K routes.

A fair number of Internet backbone routers (mostly older ones, and especially older ones made by Cisco) only support a forwarding table with a maximum size of 256K entries. Beyond that point, they either cannot add new entries or end up wiping older entries. This poses a huge problem, potentially leading to a cascading catastrophic failure of Internet routing. Even a single additional route above 256K could cause widespread failures if it caused an important route to get overwritten in some forwarding tables. And as the number of routes in the Default Free Zone exceeds 256K by more and more, just forget about it.

Nobody has really undertaken a comprehensive survey of the Internet to figure out how much older routing hardware is out there, but a quick Google search reveals that used 256K routers are still being sold, and presumably put into service. It will be interesting to watch the Internet over the coming months as the average number of routes in the Default Free Zone exceeds 256K. Forwarding tables may start spontaneously failing, and upstream providers that failed to anticipate the 256K crossover will be in a panic to replace all of their suddenly obsoleted hardware.

Read the rest of this entry »

Back in January, there was a big furor over Microsoft’s announcement that Internet Explorer 8 would have three rendering modes. There were a lot of details, but all you really need to know is that Microsoft expected web developers to add a special non-standard meta tag to their sites that would instruct IE8 to render in true standards mode. Sites without that tag would continue rendering in IE7 “standards mode”, which doesn’t actually conform to standards completely. Free software advocates were up in arms, because they’ve been coding standards-compliant web pages for a long time and couldn’t believe Microsoft had the gall to request the addition of an extra non-standard tag just to get their web pages rendering properly. The general consensus was that since Microsoft’s proposed meta tag wasn’t in the standard, they wouldn’t use it, and if IE8 failed to render pages properly, that just meant that IE8 was broken.

Thankfully, Microsoft has made an about-face in their plans and will no longer require a non-standard meta tag to render standards-compliant web pages properly. Instead, if you want to render something in IE7’s “standards” mode, you need to specifically add a meta tag saying so. This has the disadvantage of breaking some websites that relied on the peculiarities of IE7 (if they don’t add the new tag, anyway), but it will be good for the web as a whole and especially for other browsers. Microsoft has long made a mess of the web with their refusal to follow standards (just ask any web designer who’s spent an equal amount of time designing an entire site as just getting the damn thing to render properly in IE), so it’s good for everyone that they are finally on the right track to true standards compliance.

Microsoft may be the evil empire, but they do occasionally do some good.