Net Neutrality

Ed Felten has a wonderful blog entry on Net Neutrality, unsurprisingly. Also no shock is that he totally agrees with me. That's how we know he's a smart guy.

To sum up, net neutrality sounds like a good thing and I believe it is, but I fear that many are too quick to rush to legislate it. I mean, this is Congress we're talking about. That's who you want controlling your Internet? Seriously?

The far better solution is competition. The more players in the game, the better the service will be for the customer. There's no doubt about that in my mind. I think a much better use of tax dollars would be to build municipal fiber networks and allow one and all to offer services on it. I see a lot of benefits and few drawbacks to a model like that. Well, few drawbacks unless you're a mega-ISP who hates its customers. Which is a pretty good benefit too.


IIS Is Paranoid

Back in July I went to the Idaho Department of Transportation's website with the intent to renew my car registration. I was rather surprised that the connection was "reset by peer". OK, their site is having trouble. I'll just come back later, right? Next day, same thing. That's when I got suspicious. I played around for a while and discovered that by changing the browser identification string, I could get in. Well, that was good because I was rather uninterested in getting arrested for driving illegally.

Once things settled down, I wrote to their webmaster and complained. I was a little rude the first time, yammering on about tax dollars and discriminating. I knew that would get their panties in a wad, and it worked. They responded and asked for clarification. I provided them with quite detailed info (maybe too detailed) and offered to work with them to get it resolved. They never wrote back and I forgot about it.

Well flash forward to this evening when the same thing happened again, this time on Idaho Public Television's website. I knew it couldn't be a fluke that I'd get the same reaction with the same workaround. One difference is that I've been to Idaho PTV's website on this computer before, using this same browser, so they must have changed something on their end to cause it.

First I eliminated Cold Fusion which Idaho PTV is using but IDT isn't. Then I looked at the web servers, Idaho PTV is IIS 5.0 and IDT is IIS 6.0. Well I had assumed they must be running IIS because what other crack pot web server out there would do something so inane?

Finally I stumbled upon the perfect test: grab a capture of the headers that Firefox sent and make slight alterations until I figured out the exact character or combination of characters to break their site. And that is what I did. I saved the headers to a text file and piped them to netcat, that most useful of network tools. Here is the browser string as it appeared unaltered:

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20061201 Firefox/ (Ubuntu-feisty)

Starting from the end, I removed "(Ubuntu-feisty)" from the browser and tried it out. Voilà! That was the offending part. Lucky for me I got it on the first try.

I narrowed it down by process of elimination to the four characters "isty". They can appear anywhere in the User-Agent header and it will immediately cause IIS to send a TCP reset. Not even an HTTP error code, but a RST. I tried it in other headers and there was no problem (e.g. X-Linux-Distro: Ubuntu-feisty).

The only sense I could make out of this behavior is some sort of security setting in IIS. It's doing some sort of content analysis and determining that anybody who uses the letters "i", "s", "t" and "y" in the User-Agent header is a bad guy. With logic like that, you'd think the IIS team was working for the TSA. Hmm, a conspiracy maybe? Anyway, I remember when I was a lowly IIS admin that there was some security lockdown tool that Microsoft recommended. I wonder if that's what's doing it. Or maybe it's an antivirus software. It's hard to say. I think I have a good lead with Idaho PTV since it just started happening. Surely they must remember the changes they've made to their production web server. I might just write to them and find out.

In the mean time, I smell some sort of nefarious hack here but I can't come up with anything good. Somehow you've got to be able to leverage this bug to bring doom upon unsuspecting IIS users. If you've got any ideas, please post them in the comments.


Air Travel

I had the dubious pleasure the other week of flying to Oregon to pick up my wife and drive her home. She was feeling pretty sick and just wasn't up to the drive. The trip was planned at the very last minute and while I'm glad to help out my wife of course, it was a fairly stressful adventure. It's a good thing the TSA was on the job to keep my from relaxing.

Understand that I haven't flown on a plane since 1999. So first I went to the TSA's website and read up on the rules for what I could have in my carry-on. They say to think of "3-1-1" to help you remember the rule. Apparently it means "take 3 things you want to have with you, put them in 1 box, leave them at home and take your 1 sorry self to the airport". I couldn't make heads or tails of the rules, so I didn't take any liquids or gels.

If you look closely at the boarding pass to the right, you'll see at the bottom it says "SSSS". That's code for "we think you're a terrorist". I think between the fact that I booked the night before, that I was flying one way, that I didn't check any baggage, that I'm male, and that I'm not a frequent flier contributed to that assessment.

What annoyed me most wasn't the fact that I had to go through these absurd security checks. If they were done randomly, I would feel a lot better about their use. But mostly it bugged me that I didn't find out about it until after I showed them my ID, a rule I think is totally ridiculous. As if the 9/11 hijackers didn't have valid IDs. As if the no fly list is even a useful tool. At last count it had around 500,000 people. If there were that many terrorists in this country, we'd we be finding bombs on every corner.

Then I hear that the next tool the TSA wants to deploy is forcing everyone to book 3 days in advance! It just defies logic. By their count, they'll inconvenience 7-10% of passengers. The only numbers I could find (I admit I stopped at the first hit) was that in 1997 500 million passengers flew in the US. They seriously think that 35-50 million people are now terrorists? It's mind boggling.

I understand that people want to do something about terrorists, but there's too much doing without thinking. Most of our politicians and bureaucrats are acting based on emotion, which is a poor way to function.


Amazon MP3 Store

I've long been one to complain about the sad state of affairs in the entertainment industry these days. You don't want to get me started, so let's just say that their assessment of digital media is completely out of touch with the reality in the minds of consumers.

When iTunes started selling digital media, I was excited. It was a good step forward. Like when you're standing knee deep in a pool of sewage and you start wading for shore (I'm sure you've been there too). But I refused to ever shop there for a few reasons, namely that I don't use iTunes (no Linux version), I don't own an iPod (Sandisk Sansa) and I absolutely refuse to buy DRM music. Those are all killer features and frankly I can get by without new music. Mostly I listen to podcasts anyway (the local NPR affiliate is lame).

Given that background, you can see why I was excited to hear that had finally launched their mp3 music store. That was one heck of an intro just to tell you that I'm fired up about spending money, but it has been a long time in coming. I've always told myself that if I had an accessible way to purchase DRM-free music online, I would.

So I did. It worked exactly as advertised. There was a little confusion about the downloader software they encourage you to use (and require you to use for album purchases). I tried forcing it to run in Wine, which didn't work and just caused headaches. Their FAQ claims they're working on a Linux version, so hang out for that. In the mean time you're stuck with just single track downloads. Still, not too bad.

As for the music itself, it's a true blue mp3 file. It's tagged perfectly (something you won't typically find on p2p and an endless source of irritation for me). It's encoded at 256kbps and sounds great. I'm completely satisfied with my purchase and would get another in a heart beat, if I could find it.

And that there is the rub. It took me quite a while to find a track to buy. It's only $0.99, but still I didn't want to waste a buck. I searched for Michael Bublé, U2, Pearl Jam, Donny Osmond in Joseph, TMBG, René Aubry, and a bunch more that I can't remember. None of them were available. There is a lot of music, but until all the labels (indie and RIAA alike) can get on-board, it'll be somewhat less useful to me. In the end, if you're curious, I purchased All Along The Watchtower by Jimi Hendrix. Classic, man. Classic.

Here's to the end of DRM. Hip hip, hooray!



Sometime last week I happened upon a handy little shortcut when using the chown command. I mistakenly keyed in the command wrong and it turned out to work, so I investigated. Turns out that by leaving off the group name, but leaving the colon, chown will automatically use the default group of the specified user. That's so handy. What's surprising is how much I really use that trick. Why, I must save literally seconds every other day or so. That's gonna add up, baby.

Here's an example for you impatient, graphical learners:

chown tensai: file.txt


Cheese Experiment

For some time I have wanted to try my hand at making cheese. It's such a varied product and unfortunately, artisan cheesemaking isn't something you see much in the US. It'd be fun someday to create my own type of cheese and have a cheese cellar chock full of the stuff. But that isn't going to happen tomorrow.

Starting with David Fankhauser's wonderful cheese pages, I read a lot about the theory of cheesemaking. So far, so good. I decided to try labneh, which is a yogurt chese. To sum up the recipe, you salt some yogurt and hang it out until it turns cheesey.

The last part is where I had difficulty. Wanting to not waste food, I opted to use a 1/2 pint of yogurt rather than a full quart, as called for in the recipe. I think that's where I went wrong. Normally it should be set after 24 hours, but mine sat for 72 hours and was still pretty gloopy. There just wasn't enough weight to force the whey out.

I did get a bit of cheese out of it, though, and that little bit was good. Really good, actually. I tried it on some tortilla chips and that was delicious too. So I think I'll give it another try sometime soon.


Grudge Match: scp, tar+ssh, rsync+ssh

The question came up today about relative speeds of scp, tar and rsync (the latter two using ssh as a transport mechanism). While anecdotes and rumors are great for defining security policy (think TSA), I wanted some more concrete numbers so I ran a test.

I set up a script to copy a directory 5 times from my laptop to a server on the same subnet. I routinely pull 3MB/s from that server (over wifi), so bandwidth wasn't an issue. I used /var/lib/dpkg as my source directory. It weighed in a 57MB and contained 6896 files. Because rsync will compare changes between source and destination, I made sure to nuke the directory off the server after every run.

Method:            scp  rsync+ssh   tar+ssh
Average Time:  269.75s      33.6s    24.43s
Bandwidth (mbps): 1.69      13.57     18.66

The results are what I expected, at least as far as scp is concerned. It does not do well with large numbers of small files. It copied each file over completely before it started with the next one. Tar of course put the whole thing together and then shipped it off. Rsync read all the files first, then compared them to the server and then shipped them all in one go. Apparently there were some significant I/O savings to be had that way.

One other important item of note is that scp did not handle symlinks the way tar and rsync did. It dereferenced the symlink and copied the contents of that link rather than copying the link itself. That was a problem because I had picked some self-referential directories before I settled on /var/lib/dpkg.

For your reference, here are the commands I ran to test:

for i in 1 2 3 4 5; do time scp -qrp /var/lib/dpkg [server]:/tmp; ssh [server] rm -fr /tmp/dpkg; done
for i in 1 2 3 4 5; do time rsync -ae ssh /var/lib/dpkg [server]:/tmp; ssh [server] rm -fr /tmp/dpkg; done
for i in 1 2 3 4 5; do time tar -cf - /var/lib/dpkg |ssh [server] tar -C /tmp -xf - ; ssh [server] rm -fr /tmp/dpkg; done


Idaho Falls, Old School

I found some great pictures of Idaho Falls on the USGS' website. They didn't know when the pictures were taken, but based on the content it's been a while. I'm sure an avid historian could probably place the photos based on the content but I am not such a person. I can still appreciate them.

So without further ado, here are the pictures. I believe them to be in the public domain. They are about 2.5MB each.


Taste Test: Diet Lemon Lime

For a while, 7UP was running a promotion on their website wherein they would send you a free can of Diet 7UP, Sprite Zero and Sierra Mist Free, so I filled it out and it arrived a few days later. The box came with a cute little instruction card which I found to be a little humorous. Basically they said to chill the drinks, pour them into cups and drink the Diet 7UP last. Well, that's a little less scientific than we do things around here, so we made up our own strategy.

We labeled three cups and filled each with a separate drink, all at room temperature. Then I closed me eyes and mixed them up really good. We tasted each one a few times before making our decisions. Only after we had finished did we look to see which cup was which.

Of the three, we didn't really have a favorite. They were all excessively sweet. Now, let me preface that by saying that neither Karin nor I drink much soda, and in fact sugar products are pretty rare around our house. I'm sure we're not the target audience of these drinks.

The one thing we agreed on was which one we liked the least. Would you believe it was the Diet 7UP? It was the sweetest of the three and the taste was just a bit off balance. It was very hard to discern much difference. The bubbles contributed there. The other two weren't disagreeable, but as I said none of them particularly struck our palates.

After drinking so much pop, I ended up feeling rather sick. I'm not inclined to purchase any of these drinks.


Mindless Eating: Why We Eat More Than We Think

Title: Mindless Eating: Why We Eat More Than We Think
Author: Brian Wansink
Published: 2006 by Bantam Dell
ISBN: 0-553-80434-0

I've heard this guy on KCRW's Good Food before. He's a professor of marketing and nutritional science, and from the sounds of it he's a creative guy with an extremely fun job. He does research on why people eat the way they do and what influences them most. A lot of the time, it's not what you expect.

One of the best experiments he did was with a bottomless bowl of soup. His question was what makes a person decide to stop eating? What makes us stop eating? He rigged up a bowl of soup connected via a tube to a vat of soup. Without slurping down a lot of soup, basically it was impossible to empty the bowl. On average those with the endless bowl at 73% more soup than those with a normal bowl.

Most were still eating when we stopped them, 20 minutes after they began. The typical person at around 15 ounces, but others at more than a quart--more than a quart. When one of these people was asked to comment on the soup, his reply was, "It's pretty good, and it's pretty filling." Sure it is. He had eaten almost three times as much as the guy sitting next to him.

Another of my favorites is the story of a cook on a Navy ship in World War II. Due to some sort of error, the cook took on too much lemon Jell-o and no cherry. When you're out at sea for months at a time, little things like that can be a big deal. Fights were actually breaking out because of it. Well Billy, our fearless cook, thought quick on his feet and colored the lemon Jell-o red. The crew never even guessed what happened. Because they thought it was cherry, they imagined the taste of it.

But to the point of the book. Our body is quite capable of noticing changes in diet, such as eliminating all carbohydrates or eating half as many calories. That's why 90% of dieters regain their former weight. It's just not sustainable, and generally speaking the quicker you lose the weight the quicker you'll put it back on. But the human body can't detect slight changes, such as 100 calories a day. That amount of change over the course of a year works out to about 10 pounds. So if you drink an extra Mountain Dew every day, you'll gain 10 pounds. If you cut one out, you'll lose 10 pounds. In both cases, you won't notice any difference in your diet.

Dr. Wansink offers a number of ways to work 100-200 calories out of your diet, things like serving yourself 20% less (which will still leave you feeling just as full), fill your plate with fruits and veggies (less calorie dense, more vitamins), don't abandon your comfort foods instead rewire them (deprivation rarely works, but comfort foods are not written in stone).

There are plenty more suggestions, and more importantly, funny stories in this book. The author definitely has a good sense of humor and a good wit. It's an easy read that is still well supported by scientific research and more endnotes than you can shake a pastrami at.



Subscribe to RSS Subscribe to - All comments