Mara's weblog

Sniffing in my network (for absolutely different reason, also -- I'm the admin) I found that one of popular online RPG games (third person perspective, lots of graphics, 3D) uses TCP protocol, when UDP was the right choice. What's the result? To transfer approx 20 bytes of data it needs more than 200 bytes. It uses PSH flag in nearly all packets, so most acks are without data. Also, when a packet loss occurs, it causes a re-transmission. In simple words -- lags.

The funny thing is that when programming using sockets (most popular interface for network programming) it's really small change. I'm wondering about marks the person who designed the game's network things got from networking subjects. If every took such class...

Wired has an interesting article about Web future. I don't agree with everything (as usual). The 'description' of future is a simple extrapolation. As time shows, unexpected events and tendencies have a huge imact. Examples? Internet itself, SMSes.

CNN has an article about privacy concerns about Google. We can read that Google, because of its size and new services that store user data, may be a good target to stole user data from.

I don't deny, that there's such risk. Let's think, however, what's more dangerous: possibility that your data is stolen from Google or your bank (especially one of those using only password, no one-time passwords or tokens) or your telecom? The data Google has about you is nothing when you compare it with the later two. Chances are...well...similar.

Scientists from Stanford University have written a tool (browser plugin) that hashes entered password with domain name and sends it in that form. For those people, who don't check certificates it may be a good solution. Well...until the hash function the plugin uses is broken. It requires some work - you need to change you passes on all the sites you wnat to protect this way.

An interesting link was posted to Slashdot. It's about so called Laws of Identity. The idea comes from a place that doesn't connect with privacy and such things, but is worth looking into.

First impression isn't good. The intro text says:

The Internet was built without a way to know who and what you are connecting to. This limits what we can do with it and exposes us to growing dangers. If we do nothing, we will face rapidly proliferating episodes of theft and deception that will cumulatively erode public trust in the Internet.
[...]Taken together, these laws define a unifying identity metasystem that can offer the Internet the identity layer it so obviously requires.

I'm not sure if 'obviously' is a good word here. I don't see such a need. I deal with the current Internet without problems. The thing that worries me is the problem with sites that want too much of my identity. For websites SSL and certificates work OK (if you look inside them).

Then continue the PDF version ('Browser version' doesn't work -- 404 error). It states that the dangers are: phishing, spyware etc.

I must say that those dangers are highly theoretical to me. I have never had a problem with phishing. I have never had a piece of spyware. In my opinion not identity system is the solution to the problem. It's all about user habbits, lack of knowledge and such things.

When I reached the laws...Well. They're logical. They're simple. Just OK. If you assume that such system is needed, you may use them. I don't find the assumption correct, however.

As a bookmark, because the two pieces are hard to find: Strange Attractors and TCP/IP Sequence Number Analysis and Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later. The papers show how good (edit: bad) sequence numbers in many OSes are. Quite old things, but don't know about new version. For people who don't have a clue about sequence numbers - nice pictures.

Polish KDE doc translation is moving and there's KDE Userguide available in Polish. It's also a good time to discover Userguide in your language. It may be a good link for all Linux and KDE newbies.

An idea how to encrypt RSS. Interesting. I'm wondering why there's no encryption build in into such protocols, but maybe it's too early for such things.

The fact, that most hits coming from search engines are from Google is nothing I could be suprised of. What's much more interesting is the most popular search word used. Security? Networking? Linux? No. It's 'torrenta' (more than 10 percent in both May and June). Most people searching for the term come from Poland (they're using google.pl). 'torrenta' doesn't mean 'torrents'. In fact, I don't understand why so many people search for it. It's worth noting that I wrote about torrent site twice.

NSA has published its document from 2002 about methods for network protection. Advanced users won't find anything new. It's rathere for novice users. There are several chapters about protecting firewall, Windows and Unix machines. 38 pages in total.

The document isn't new and no revolution. Also, there's not much about those 60 minutes in the file name. Just a set of guidelines.

I got the link from hacking.pl.

I've just added page for KDevelop tips. For now there's one about creating .so libraries with Automake Manager.

I like browsing my site stats. There are many interesting things which, I think, show some more general tendencies. My site is small, so I need to be careful with generalizations. I will try to be in a number of short pieces about intersting things I found.

Today about browser statistics. in the persiod March-June the site's running, Firefox is no 1. Stats are by hit, not by user. No suprise here, because that's the browser I use. Especially in March and April, when the number of daily hits was low.

When we move to May, things become more interesting. MSIE takes first place. MSIE vs Firefox is approx 50 to 40. At that time I was thinking that it will continue this way. My own visits became less important.

At the beggining of June it was the same. But overall, Firefox won 40 to 35. Also, Opera (don't use it, so no my visits for sure; also not from one IP, but from many) share was 15 percent.

July is similar to June, so far. Firefox-Opera-MSIE ratio is 50:22:20 (yes, that's right, more visits with Opera than MSIE).

The number of visits is not that high so the stats mean something about the real usage. Many hits come from Google. That makes the whole things interesting, because Google's used by general audience. The results are biased by the subjects I write about. There are suprises, but maybe next time...

Today there are two interesting Debian-related issues. First is about management problems with patches applied to the system - Zdnet writes that it's solved and patches will be released on time.

The second one is about Mandriva, Progeny and Turbolinux planning new enterprise Linux distribution. Debian-based. It's interesting especially when seeing Mandriva in the team.

There's a bug in zlib library. It's one of the most popular one - it handles compression. Programs using the library can be also exploited, so the danger is rather high. No official patch, but a number of Linux distributions have already released patched versions. It'll take some time until systems and applications using zlib are updated.

Security Pipeline has a story about removing firewall because, as the author says, they don't give security. When we read the text more carefully we can see that he's still using ACLs (what means, in fact, firewall) and application-level firewalls.

Firewall doesn't guarantee security (well...certain companies advertise something different, but who believes ads?). Instead, it's a tool that can be used to many interesting things. Also Slashdot comments are worth reading in this case.

Many things have been told today about security. The best quote I have comes from Bruce Schneier's blog:

We need to resist the urge to react against the particulars of this particular terrorist plot, and to keep focused on the terrorists' goals. Spending billions to defend our trains and busses at the expense of other counterterrorist measures makes no sense. Terrorists are out to cause terror, and they don't care if they bomb trains, busses, shopping malls, theaters, stadiums, schools, markets, restaurants, discos, or any other collection of 100 people in a small space. There are simply too many targets to defend, and we need to think smarter than protecting the particular targets the terrorists attacked last week.
Smart counterterrorism focuses on the terrorists and their funding -- stopping plots regardless of their targets -- and emergency response that limits their damage.

Simple thing, we know about it, but still, somehow, it doesn't work. We concentrate on things that don't help: id cards etc. Probably that's easier...

The patent directive was rejected today with 648 to 14 votes ratio. It means that (for now) there will be no US-style software patents in Europe. It's clear that new initiative - to push software patents or to clear the curent patent law will come. Maybe this time the issue will be handled in a better way (more democratic, more transparent etc).

My 'patent' index page is moved, but still accessible.

I was thinking about a different news today (like Linux desktop), but there are important things: no epatents. My main page is also changed.

Update: Index page link changed.

It's nota secret, that news are often just translated from another language. Sometimes, however, the translation quality is very poor.

I was browsing chip.pl when found a new about Palm developing version of Palm OS for Linux system. Both Palm OS and Linux anre systems, so they can't run on on another without emulation. After digging more I found that the note was transaltion of Vnunet note about Palm porting their applications from PalmOS to Linux... The difference is big.

New Scientists' running a story about research showing that the number of innovations per milion of people is now lower than it was in 19th century. It's hard to measure 'innovation', so the results are debatable. Still, a refreshing point of view.

The Internet's running rather fine, but there are problems: security, traffic that needs certain quality of service and so on. Thet's why we hear from time to time about an initiative to solve the problems. Wired has an article about a new one. This time - an update, with security and wireless communication in mind. I can imagine a secure Internet. The thing is that the protocols will be more complicated than they're now.

The project if, for now, in planning, no work is done. I'm waiting for the list of proposed upgrades.