Signal

In an attempt to evaluate different methods for measuring the performance of a TCP/IP connection, I’ve bumped into FreeBSD‘s getsockopt(TCP_INFO) system call, cloned from a similar call invented by Linux, which kindly returns interesting data about the current TCP connection.

I was mainly interested about round-trip time (RTT, called tcpi_rtt) and its standard deviation, mistakenly called tcpi_rttvar even though it’s not a variance.

I’ve written a small proof-of-concept tool accessible at http://eu.org:4500/ to display operating system information retrieved from the current HTTP access. The page currently runs on a FreeBSD 9-CURRENT machine; feel free to try it out, it works either in IPv4 or IPv6. Here’s a sample as of today:

This experimental page displays raw system TCP estimates, in microseconds.

Address: 2a01:e35:8b50:2c40::4
Estimated round-trip time: 15437
Estimated standard deviation: 27937

Note that the measures are very rough. First, the real resolution is about 1 millisecond (one kernel tick), not 1 microsecond. Then, several RTT samples are smoothed into the provided values, with a bigger weight for more recent samples. I left the actual values obtained from the kernel, for clarity, even though giving them up to a 1 microsecond resolution is somewhat misleading.

Then, of course, the results also depend on the number of samples, which tends to be low: the above page waits for the client HTTP headers to be fully received, then emits its own headers in reply, then waits for one second to give some time for the TCP ack(s) to come back, then displays the then-current estimations.

The results are probably sufficient for TCP’s internal needs, but they may differ wildly from real RTT values. Plus, the real RTT value depends on packet size, which TCP doesn’t seem to take into account. The above example is taken from my local network and displays over 15 ms for the RTT, whereas the real RTT is well below 1 ms (0.23 min, 0.4 average with 0.01 standard deviation, according to ping). The results are not always wildly up, I’ve noticed the opposite effect from a remote mobile phone displaying ~100 ms whereas the ping time was more like ~200 ms…

Feel free to use it and add comments below.

EPIC Urges Federal Trade Commission to Investigate Google Buzz.

“EPIC fail“, as Arstechnica nicely puts it.

PDF of the detailed complaint, a must-read IMHO, which is the best summary to date of what the fuss is all about, including point by point discussion of the opt-out issues.

[followup article to Google Buzz privacy debacle, Let the second Buzz effect begin and Google Buzz start-up requesters update]

If you type “google buzz“, “google earth” or “google maps” (and some others, probably) into Google search, you get a live, scrolling search entry in the middle of your results page, including twitter feeds.

Why not, but feels a bit weird, and you have to be fast if you want to catch one of the scrolling links. That’s not for grandma.

Apparently the Google Buzz team is very hard at work (on a week-end break!) to fix some of the more blatant problems with Buzz initialization, see their post titled A new Buzz start-up experience based on your feedback; including a nice apology at the end regarding the panic.

My gut feeling is that there are still way too many opt-out things. List visibility, for one: opt-out still does not feel quite right to me; it is too easy for people to not care at first and regret it only when it’s too late. The obvious fact that leaked information can’t be unleaked should be taken into account.

Also, one of the core problems, clearly separating contacts vs friends, apparently remains. I’ll need to retry Buzz someday to see how it feels after this update.

Update: see also Google Buzz – anatomy of a slow motion train wreck, a very good analysis of what happened and things to expect. I share the feeling about the shift in privacy habits that Google (or should I say, some people at Google, but from where I stand that is irrelevant) are trying to shove down our throats.

Update: the mainstream press is getting angry, too. Furious John Naughton article in The Guardian, quoting:

In the real world, the devil is in the details. In cyberspace, it’s in the defaults. And the default settings in Buzz are so crass that one cannot imagine they are the product of corporate carelessness.

The Google boys are smart and know exactly what they’re doing. They’ve been enviously watching the stupendous growth of Twitter and Facebook and wondering how Google can cut them off at the knees before they become really unstoppable – which brings us back to Microsoft.

Update: another article, Buzz: Google Needs Better ‘People Skills’: (this one I find slightly unfair, albeit not totally undeserved)

Given the option, Google’s choice for default settings were what benefited Google the most, not what best protected its consumers.[...]

Privacy, however, impacts everything Google does. That the company could get Buzz privacy so terribly wrong is reason for serious concern.

Google needs to learn when to put people first and technology second.pdate:

(more…)

Ok, so after Google auto-subscribed about 10 million people to Buzz a few days ago to get traction, sit down and watch real-time mass unsubscription of upset people, including some vocal ones.

So… as I said just 2 days ago, I tried Buzz.

And as I also said, « certainly missed a boatload of things and got some wrong ». Famous last words. How right I was !

I tried Buzz just like half the planet actually, which I didn’t realize until yesterday, when I found my Gmail account spammed by people I never heard about before, replying on my buzzes or writing buzzes I received or subscribing to my stuff.

I was panic-struck, just like the rest of the planet. That was the main theme of the comments I saw: « I’m panicking, are you? » « Oh yes I am, but who are you and how come you write this in my Buzz? ».

It somehow found the feed to this blog. I still haven’t quite figured out how; maybe that’s my fault, maybe not; anyway I validated it. I’m glad I wasn’t using Blogger, sorry but I’ve got enough knives planted in my back at the moment.

I did what everybody did yesterday evening: shut down all the incoming feeds, deleted posts and/or comments (“did I write something to my contacts that’s not for public consumption?”), tried to shut down everything outgoing, checked out all my subscribers, and tried to figure out how the damn thing decides that something should be visible or not visible, by others from me or by me from others. I’m still freaked out.

I still think this stuff makes Facebook look like amateur privacy violators by comparison. Even the quote by Eric Schmidt about privacy looks like a detail now (even though it was right-on).

The major, enormous psychological (not technical) error is that this was placed in the Gmail account; something you typically expect to be private. Putting there stuff that’s geared to be broadcast all over the place, in a opt-out way (second major error: everything is public by default, and you can’t ever revert to private after publishing, your only bet is to delete), is a tragically bad, bad, bad idea. Third error, fuzzy rules (recommendations? I’m not even sure) allowing buzzes to skip over contact boundaries.

By putting Buzz inside of Gmail, Google probably wanted to drive up adoption. Well done, it’s adopted all over the place with posts and comments and blog posts and tweet guts spilled everywhere, aggregated, resent, accessible without your knowledge. What a sorry mess. Evil? Still not sure about that. Ill-considered, that’s for sure.

Fourth, but not least, error — but is that really an error? Looks like a strategy, really –, Google confuses public availability with right-to-broadcast. My buzzes or blog posts being public does not mean that I want Google to spam these to contacts of contacts of contacts.

I’ll have to wait until the dust settles in my mind to know whether I really want to use this stuff. It’ll remain anyway as one of my most creepy experiences of late.

Already we see blog posts everywhere flowing about people who’ve unknowingly leaked private information to bosses, ex-husbands and so on. Too many to mention.

Update: Sixth error, the blocking of followers is not real security over leakage. It’s cleaning up after the fact (see the blog post linked-to above).

Update (21h41): Seventh error, and now (since when? since Buzz? No idea whatsoever, seems new since it also appears on my buzzes now) my Orkut photograph has been imported to my Gmail profile and appears to all my chat contacts. I never asked for that… it’s a photograph of me at the age of 3 months! Never meant to be visible in Gmail.

Eight error: so obvious I missed it… the followers/followee list is public by default “Display the list of people I’m following and people following me”. Which means you have a privacy leak in your contact list, since that’s where the followers come from.

This is insane. I think Google really has jumped the shark, this time. I’m out of Buzz for the foreseeable future.

Update (23h38): additional thoughts in relation to the above… Google apparently doesn’t realize that mail contacts (many kinds of people) are very different from friends in a social network; the contact or chat list may look like a friends list functionally, but they do not contain the same kind of people and do not serve the same purpose. It’s obvious if you look at  who’s in your own respective lists. A lot of confusion stems from that. Google is trying to “Facebookize” the Gmail ecosystem and the fit just can’t be good. Maybe that’s a cultural problem.

Update (0h06): an idea I just got. If the Buzz follower/followee lists actually were new lists, treated like real friends lists starting from zero (i.e. not based on any contact list, not even with a pre-filled checkbox list), with a reciprocal acknowledge just like in social networks, the user would really be more in control, with the actual feeling of starting up his own, separate network.

Okay. I’ve just learned I’m the proud and lucky (thanks to my guardian angel) owner of a Google Buzz account.

What is it? Actually, I’m still trying to figure that out exactly.

Try to imagine Google Talk (chat) extended with bits of Twitter (followers and followees, but that’s not how they’re called) and geolocation, integrated within Google Mail with an interface that’s slightly reminiscent of Google Wave presented in a blogpost-like format (there has to be a RSS feed somewhere underneath, but I didn’t find it); with possible post upvoting as in Digg or Reddit (but no downvoting).

And you can also mix in stuff from Picasa, Google Reader, Twitter itself, Flickr or blogs.

The above looks like a web 2.0 keyword soup; this is a good reflection of my first impression

That’s what I was able to gather after using it for 5 minutes. I certainly missed a boatload of things and got some wrong.

45 seconds of play, ~5 hours of desperate hacking.

A few days ago, my 4 year old daughter was playing with my mobile phone running Android 1.6. To let her play with the screen while avoiding any mishap, I locked the phone. It was obviously not enough, she instantly found the MENU key to unlock it.

So I had the brilliant idea to put on a locking pattern, the pretty method used on Android to really lock the screen.

After 5 unsuccessful tries, which my daughter reached in about 15 seconds, the pattern unlocking incurs a 30-second guard delay. I decided that the game was too risky (I found out later there’s also a 20-try hard limit, but we didn’t reach it) and took my phone back.

There, I had another brilliantly fatal idea: I clicked on the “forgot the unlock pattern” button which just appeared, just out of curiosity to see what would happen next. The phone asked for my Gmail account and password. I filled the requested information, but it didn’t unlock the phone; apparently this is a known Android bug that I didn’t know about. And, contrary to what I naively assumed, there was no way to get back to the unlock pattern screen. I rebooted the phone. No change, no escape.

Then it dawned on me that I was 600 kilometers away from home, for almost a full week, without all my computer tools. And I was locked out of my own phone.

(more…)

It can sometimes be fun to do computer support for your close family (or similar life-having, non-technical people):

- can you have a look at my computer ? It says something new about Sidevski… or some similar polish/russian name.

- Sidevski ? Don’t know what that is. Maybe you mean Kaspersky ? Perhaps an antivirus warning… or ad, or spyware?

- No, that was more like Sidevski. Here, look.

- Oh, the Google Toolbar in your browser. Holly crap, you meant THAT and THAT?!

A good laugh.