Archive for the 'Services' Category

The internet resource bloat

Saturday, July 26th, 2014

Why, oh my, is it necessary to run a 10 MB, 1:11m, 720p (no less) video on the main PayPal website front page background. You know, the page where people go to login, check their balance, and such, …

You wonder the internet is slow? Getting slower and slower? Your monthly “flatrate” (*lol*) volume used up faster and faster?

Wonder no more:

Deduplicating the Internet

Friday, June 27th, 2014

So we learned the NSA, and their FVEY (Five Eyes) friends plus other fellows such as the German BND et al. are effectively making their own copy of all the data going thru their optical fibre splitters and such.

Now all this is of course seriously bad, unconstitutional, and exactly creating the police state Orwell already imaging in the now famous 1984 and we could already see in the East Germany’s (GDR) Stasi.

This anti-democratic setup and questions aside, … they effectively duplicating most (if not all, minus the youtube video streams) data on the internet.

Now, imagine, just for a brief unlikely moment, they would stop doing this. This would effectually freeing up a whole lot of bandwidth, like double the Internet capacity. Make everything fast and snappy. Imagine how many 4k video streams that would be!!!

And, actually, I also wonder how many connection issues all this surveillance cause. Certainly not the optical fibre splitters, but other kind of non-optical duplication law inspection certainly causes some connection drops left and right. And yes, I have seen proprietary commercial firewall code, … ! :-/

Why monolithic kernels are fail

Friday, June 27th, 2014

Yes, there have been long enough flamewars to no end, and we know where Minix and Linux stand today in regards to the installed device base, … however, modern Windows NT, and Mac OS X are a bit micro kernel’ish to some degree, …

In wake of last twelve months (and counting) NSA, GCHQ & Co revelations let’s look at the processes running on a typical network appliance:

PID Uid VmSize Stat Command
1 root 364 S init
2 root SW [keventd]
3 root RWN [ksoftirqd_CPU0]
4 root SW [kswapd]
5 root SW [bdflush]
6 root SW [kupdated]
8 root SW [mtdblockd]
35 root SWN [jffs2_gcd_mtd2]
87 root 364 S logger -s -p 6 -t
89 root 364 S init
96 root 376 S syslogd -C 16
99 root 348 S klogd
230 root 388 S udhcpc -b -p /var/run/udhcpc.eth0.1.pid -i eth0.1
314 root 388 S /usr/sbin/dropbear -g

Hm, ok, so aside the minimal logging, dhcp server and the dropbear SSH server for administration tasks we got nothing separated in the user-mode context. All the networking, packet filtering, firewalling, load balancing, WiFi stack and what not is all running in the kernel context.

Yeah, right, exactly that kernel context where a typo, off-by-one, etc. pp. likely sooner than later crashes (oops) the whole system, or gives you a root login.

Would it not be nice if such a typo, bug, … in the NIC driver, the IPv4 or v6 stack, or firewall, or mostly anywhere else would just segfault, and restart an associated user-space ipv4d, iptabled, hosted?

With more isolated drivers and sub-system we certainly should have rather less security issues, and given Linus’ famous performance quotes - I do rather trade some percent of performance for more security. Besides, nowadays we run most systems virtualized with even more performance overhead, … for security, management and scalability.

Kabel Deutschland vs. IPv6

Sunday, June 22nd, 2014

Da man heutzutage ja nicht mehr wirklich einen Telefon-Anschluss benötigt, teste ich seit einiger Zeit zum ersten Mal Kabel (Deutschland) für Internet. Grundsätzlich hat dieser 20 MBit/s Kabel Anschluss zu Beginn funktioniert - allerdings waren einige Seiten völlig unzuverlässlich und langsam. So im Bereich von 5 Minuten und 7-Mal “Reload” klicken. Betroffen war verschiedenes. Von Slashdot, Semiaccurate, Tagesschau.de, Apple’s iTuens Store, PayPal, etc.

Letzen Dezember war deren internes Routing im Backbone scheinbar so kaputt, dass fast gar nichts ging, und z.B. meine eigene SSH Sessions zu eigenen Servern offensichtlich zu völlig anderen Servern am Ende der Welt gerouted wurden. (Ein Schelm wer da an die NSA und BND denkt, …).

Das grundsätzlich Verbindungproblem mit einigen Servern wurde kürzlich endlich dadurch gelöst, dass ich den Support-ler mal gebeten habe IPv4 für meinen Zugang einzuschalten. Nach den üblichen “nee, das können wir nicht machen” Ausreden hat ein netter Suppler IPv4 doch irgendwann mal eingeschaltet, und siehe da: Seit dem sind alle Verbindungsprobleme verschwunden. Entweder ist deren “Carrier-grade-NAT” einfach zu überlastet, oder hat anderweitige Konfigurations-Probleme - oder einige Webseiten funktionieren schlicht noch immer nicht vollständig mit nativem IPv6, … Whatever, … just ask for ipv4 for now, …

Novel fast JIT

Thursday, April 10th, 2014

I hereby publicly document a novel implementation detail for Just-In-Time compilers. As I am not too motivated to shell out some ton of money for patent process and therefore like to document prior art in case other go and patent this eventually:

AFAIK the state of the art JIT compilers use a tracing technique like in Google’s V8, Mozilla’s SpiderMonkey and Mike Pall’s LuaJIT that first interprets internal byte code representation to collect data for later JIT’ing hot paths.

This has two major drawbacks: Interpreted code is initially slower, and in addition to the actual JIT “backend” an “interpreter” engine needs to be implemented.
(more…)

High-end Android phones

Wednesday, April 9th, 2014

As long as the better Android phones are still shipped with region lock and worse battery exchange / repair than iPhone I say: Thanks but no thanks - and stay with the iPhone. Unless of course future models make battery change even harder as well, … :-/

The bubble waiting to burst 2.0 :-/

Tuesday, January 14th, 2014

Unfortunately there are followups to my precious notes about the current .NET bubble. Google buys Nest Labs for a whopping 3.2 billion $US no less.

Nest has a niche product, currently only operating in the US, and not even with any international sales.

There are profitable, serious, big, decades in business companies that value for significantly less, …

But then again Google Ventures is a previous investor, so my understanding is Google Ventures would get at least a bit of that money back?

German Medical Care

Wednesday, October 23rd, 2013

Уважаемые Клиенты German Medical Care,

1. НОВОСТИ GerMedCare
Время идет, осень совсем скоро сменит зима. В преддверии холодов, смены года и предстоящих праздников хочется
не только начать подводить первые итоги работы, но и напомнить, что так как конец года обычно является активным
временем, когда многие из Вас пользуются возможностью долгих праздников, чтобы не только хорошо отдохнуть,
но и потратить часть пред и после новогоднего отпуска на себя и на заботу о своем здоровье, все это нужно планировать заранее.
Начиная с 10 декабря консульства будут перегружены, срок оформления визы может быть увеличен до нескольких недель.
С 23 декабря консульства будут закрыты на Рождество, а вот с 3 января 2014 года в Германии работа уже продолжится в обычном режиме.

Что касается первых итогов, положительной тенденцией является тот факт, что около половины наших новых клиентов
приходят к нам по рекомендации, что накладывает еще больше ответственности на нашу работу и говорит о Вашем доверии.
Радует, что большинство наших клиентов - это пациенты, которые успешно прошли лечение и регулярно подтверждают,
что здоровы или пациенты, которые проходят регулярный годовой осмотр в превентивных целях, а также пациенты,
которым необходимо то или иное высококвалифицированное лечение.

Мы так же прислушались к Вашим пожеланиям и чаще предлагаем Вам на выбор лечение в исключительно частных
клиниках Германии, помимо государственных. Преимущество исключительно частной клиники - это в первую очередь
время,которое доктор тратит на пациента. В частной клинике у доктора больше времени для детального разговора,
осмотра и ведения лечения, а также возможность привлечь по интересующему Вас вопросу специалиста как
широкого профиля, так и специалиста узкоспециализирующегося именно по Вашему вопросу.

Мы всегда работаем с выбранными докторами с хорошей репутацией и с клиниками, которые предоставляют
самый высокий уровень профессиональных медицинских услуг. Что касается ценовой политики - диагностика в среднем
стоит одинаково везде, стоимость операции может меняться в зависимости от уровня доктора, чем более
узкоспециализируется доктор, тем его услуги дороже, и от уровня комфорта в клинике.
(more…)

What are the PC vendors thinking?

Friday, June 21st, 2013

For some excessive amount of time -as I do not find the last half decade MacBooks perfect- I am looking for a PC laptop. The Samsung Series 9 came pretty close, just that the max 4GB RAM of the 13″ is a little little for a software engineer, …

Yesterday Sammy announced the Haswell based, latest Intel Core generation refresh, and I unfortunately have to say: What the heck?

They managed to ruin the machine for the most part: Gorilla glass touch panel!?!?! Thanks, but no thanks! Most of all I do not want to look in a mirror the whole day. This just hurts the eyes, seriously. Not to mention office lights or sunlight. Thank you very much. Of course the touch panel can mostly be ignored. I mean: Who would want to raise the arm the whole day, and even smearing the screen with natural skin oil??? Definitely not me. I could ignore the touch panel - if there would not be this glossy gorilla glass cover, ieek. And then the screen resolution. Yeah, Retina sounds awesome in product advertisements. But fact is, only Mac OS X scales the UI reliably. Such a display is no fun on Windows, nor Linux. All non-top notch Windows Apps will have scaling issues. Sometimes even the top notch ones, … :-/ And obviously all the added mega pixels just burn vital battery life away, …

So then let’s come to the ATIV Book 9 Lite (why continue to use an established, simple brand name like Series 9, when you can ruin it with something like ATIV -what the heck?- Book, yeah, well, ok …). Finally a nice and light AMD Ultrathin. Awesome! We need more of that!! I would get it immediately, if not, … 1366×768 resolution seriously? Come on, after 3200×1800 at the premium, you want to sell us last millennium 1366×768? How crazy is that? One excessive high-res, the other below the bare minimum. And of course only 4GB of RAM, … when you cripple it, make sure you cripple it for real, … The brave new world of soldered on the board, no user swaps SO-DIMM, …

What are those product managers thinking? Really??

PS: And btw. classic: Other companies (like Apple) would have pretty product pages available on their website at launch time, … Samsung? Nada. Not listed yet (on the US, or German) website; at the time of writing. Yeah, why list the just announced flagship product so people can take a look, and order, …?

These days you really wonder, …

Server side input validation

Thursday, June 13th, 2013

For some time now we had some simple email registration for the free trial of some of our software products. We are aware that some users do not like it, however, we are a small company and also need to think about some trial follow up reminder, questionnaire, etc.

Of course most annoying for us are invalid email addresses, causing bouncing error messages, blocking our email server, support accounts or a combination of those, … So after some week of too many delivery errors we ended up adding some basic input validation. However due to the complex nature of HTML, Javascript, and XML-RPC based AJAX or variants thereof we only, quickly did so in the JavaScript. Just some simply straight forward checking. You certainly get the idea. For normal customers that worked great.

Guess what happened next? Java spam bots eventually found the form and started feeding the usual v1a6ra, and other related medical, drug and other spam thru the form. Of course they where usually sending some random email address for their spam, resulting in the same, and in the end even higher amount of email delivery errors than we wanted to prevent initially.

After too long time the pain became too big. Yesterday we finally moved the input validation into our server backend as it should be. Never trust the client, always validate 100% on your final server side. Of course one shoudl do so from the beginning. Just that Web 2.0, with HTML, Javascript and all the surrounding “technologies” are such a complex, error prone, and not so easy to debug mess, that this is unfortunately a rather complex affair, …

Let’s see what annoying trickery comes next to that simple form, … ;-)