Outstanding!: May 2008 Archives

 

May 27, 2008

I'm in Boston today for the IETF P2P Infrastructure workshop. Anyway, we land and as usual, as soon as we land they tell us that we're allowed to use our cell phones but other electronic devices have to stay off until they open the aircraft doors. So, wait a second. I can't use an iPod, but if it's an iPhone that's totally different and I can use it? Do cell phones emit some sort of protective radiation that I'm blissfully unaware of? Is it different between CDMA and GSM? If I have a laptop and it's got a cell modem in it, is that OK? Does it have to be built in or does a USB cell modem provide the magic safetyfying effect? Would it work if I just duct taped my cell phone to my laptop? Outstanding!
 

May 24, 2008

For some reason I checked out Conservapedia today. Sort of an amazing artifact, if basically insane. It's like—well, it actually is—they want to create a whole alternate reality where the normal rules of intellectual discourse don't apply. Here's the (somewhat famous) article on the kangaroo:
According to the origins theory model used by young earth creation scientists, modern kangaroos are the descendants of the two founding members of the modern kangaroo baramin that were taken aboard Noah's Ark prior to the Great Flood. It has not yet been determined by baraminologists whether kangaroos form a holobaramin with the wallaby, tree-kangaroo, wallaroo, pademelon and quokka, or if all these species are in fact apobaraminic or polybaraminic.

After the Flood, these kangaroos bred from the Ark passengers migrated to Australia. There is debate whether this migration happened over land[6] with lower sea levels during the post-flood ice age, or before the supercontinent of Pangea broke apart[7] The idea that God simply generated kangaroos into existence there is considered by most creation researchers to be contra-Biblical.

Other views on kangaroo origins include the belief of some Australian Aborigines that kangaroos were sung into existence by their ancestors during the "Dreamtime" [8] and the evolutionary view that kangaroos and the other marsupials evolved from a common marsupial ancestor which lived hundreds of millions of years ago.[9] In accordance with their worldviews, a majority of biologists regard evolution as the most likely explanation for the origin of species including the kangaroo.

Uh, yeah. Incidentally, that passage contains links to Baraminology, the study of Biblical kinds. I almost expect there to be a page on the Turtles all the way down theory of cosmology. I was going to try to make a serious argument about this, but it's just laughable.

Incidentally, Mrs. G noted the weird juxtaposition of Pangea and flood theory. Unsurprisingly, there's a footnote pointing to this uh, explanation about how Pangea is compatible with flood theory. In case you're curious, it's that the rate of geologic activity was higher during the flood.

 

May 13, 2008

Lauren Weinstein is rightly concerned about Charter Communications' plans to "enhance" your browsing experience by injecting banner ads into your Web pages based on analysis of your browsing habits.

If this is something you're not that thrilled about, (which I can easily understand), then you might get to thinking what your options are. Charter offers an opt-out but as far as I know there's nothing forcing them to do so, and their opt-out appears to be pretty inconvenient:

Yes. As our valued customer, we want you to be in complete control of your online experience. If you wish to opt out of the enhanced service we are offering, you may do so at any time by visiting www.charter.com/onlineprivacy and following our easy to use opt-out feature. To opt out, it is necessary to install a standard opt-out cookie on your computer. If you delete the opt-out cookie, or if you change computers or web browsers, you will need to opt out again.

You could just change ISPs, of course, if you're lucky enough to live in a non-monopoly area and your other choices don't offer this enhanced feature set.

As Weinstein observers, one possible defense is to do HTTPS connections to every server, but that requires cooperation from all the server operators which has the usual network effect/collective action problems. But there's at least one obvious way to protect yourself unilaterally: set up a VPN to some provider who promises not to mess with your packets. You'd still be getting packet carriage from Charter, but they wouldn't be able to mess with your packets much, other than to drop or delay them. Certainly, they would not be able to inject their own traffic. This technique would probably introduce some latency, but the provider could locate their VPN concentrator near a major exchange point, which would reduce the latency quite a bit. The major obstacle would be finding someone to provide this service; I know there are providers which do IPv6 tunnels, but I don't know if they do v4 tunnels.

The effect of all this is to reduce your local ISP to raw packet carriage. Effectively, you're treating them long a long wire between you and your real ISP, the tunnel provider. Obviously, local ISPs could stop you from doing this, but it's hard to see on what grounds they would do so if they don't block enterprise VPNs.

 

May 8, 2008

Even the most diehard TeXhead has moments when he needs to read some Word document. Tonight was such a night and I have Office 2004 on my machine for just such an eventuality (Please don't write in to tell me that I should run Pages. As I said, I don't want to run either of them, but I also don't want to deal with Pages/Word incompatibility.) Anyway, I boot up Word and the Leopard firewall asks me if I'd like to let Word listen for network connections. I go to click no and either manage to click it or raise some other window or something. The dialog disappears and when I check the firewall it sure does say to block MS Word. So, that's OK, I guess.

And then I get to thinking, "Why is Word opening up TCP listening ports anyway?" So, I run netstat -a | grep LISTEN and get:

[49] /usr/sbin/netstat -a | grep LISTEN
tcp4       0      0  *.3369                 *.*                    LISTEN
...

Hmmm. What's 3369? Google doesn't know, so that's not good. I close Word and the port goes away and lsof confirms it's Word:

[52] /usr/sbin/lsof -i TCP:3369

COMMAND  PID USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
Word    8198  ekr   16u  IPv4 0x6c4d66c      0t0  TCP *:3369 (LISTEN)

I shut down Word and my WiFi and restart it, but it's not listening now. Maybe I need the network on. Sure enough, I bring the WiFi back up and restart Word and now it's listening, but on a different port: 3828 this time. Stranger and stranger. Now ordinarily this would only be about a 4.0 freakout on a scale of 1 to 10, but it turns out that I only recently installed Office on this machine and was unaware of the following delightful property of MS AutoUpdate: it only installs one update at a time, no matter how many updates are pending. So, when you have 10-20 updates to install, and you're just letting update run itself, it takes forever to get uprev. The consequence of this is that I was loading random people's documents with some two year old (and vulnerable) version of Word. Who knows what malware I've had the joy of installing. This jacks things up to a freakout factor of about 6.2.

Next step: compare to another machine. It shows up on my other Mac, which is a little comforting, but of course that machine could be infected too. I double check with Hovav, who is about as paranoid as I am, and his copy of Office is is listening, but on some other random port. That's sort of comforting. This is starting to look a lot less like malware and a lot more like a feature of Word. A little more digging tells us the process name that is actually doing the listening. It's Word (as I knew) but with some wacky argument starting with -psn_0_.... Searching on this, we find out that I'm not the only person who has had this question.

If you close UDP 2222, then no other computers will know which TCP port your copy of word has chosen to listen to (in the 3000-3999 range), because that info is broadcasted in the UDP packets. The protocol is thus: Your copy of word spews it's serial number (encoded) and the TCP port it is listening on in a packed on UDP 2222. Other copies of word on the network get this packet and then respond the your copy of word on the specified TCP port if they have the same serial. Then one copy shuts down.

I guess it was malware after all. Outstanding!