WordPress 2.3.3

This is for all you bloggers who use WordPress WordPress 2.3.3 is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. In addition to fixing this security flaw, … Continue reading “WordPress 2.3.3”

This is for all you bloggers who use WordPress

WordPress 2.3.3 is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here.

The security hole allows spammers to infect your site with their crappy ads. When doing my backup I found 40 directories full of images and spam pages in a directory called “img” in my pictures directory and in another place within by wp-content. These freeloaders are a scourge.

On the plus side, my code’s up-to-date.

UPDATE: WordPress 2.5 is now released, and it’s very pretty, but it seems to be much slower.

New and Improved Traffic Shaping

Comcast’s CTO Tony Werner was kind enough to give me a few minutes today on the changes afoot in the cable giant’s Internet access network, and I like what I learned. I’ll do a longer post on this later with some diagrams, but for now I’d like to sketch out the high points. This is … Continue reading “New and Improved Traffic Shaping”

Comcast’s CTO Tony Werner was kind enough to give me a few minutes today on the changes afoot in the cable giant’s Internet access network, and I like what I learned. I’ll do a longer post on this later with some diagrams, but for now I’d like to sketch out the high points. This is just from the Comcast side of the agreement, BitTorrent is also committed to making some changes on their end and I don’t have the details on those yet. BitTorrent will be making a presentation at the P4P Forum on its commitments.

Here’s what Comcast is going to do, pending how well it shakes out in the lab:

* Stop injecting TCP RSTs. This technique has been maligned way more than it deserves to be, because it has such a long history. Middleware devices (of which Sandvine is only one) have been doing this for at least a decade, drawing the ire of the IETF for it all along. It’s not necessary in a DOCSIS network for technical reasons, so they’re going to stop doing it. This should make the “Comcast is Impersonating You and Stealing Your Credit Card Numbers!!!” crowd happy.

* Start using CMTS scheduling to allocate bandwidth fairly among all users of a first-hop segment when the network is heavily loaded. The DOCSIS protocol permits packet scheduling, since every user has to request bandwidth for every upstream transfer, so all the CMTS has to do is implement Fair Scheduling to prevent bandwidth hogs from getting more than a fair share. There may be some limits to the delay the scheduler can impose (my conjecture, not Tony’s,) and that’s why field testing is important.

* Investigate longer-term solutions that will allow users to control how different traffic streams are handled. There are a number of IETF standards that relate to this problem, and their evaluation will be long-term work items for the industry forums.

CMTS scheduling puts Comcast on the same footing as the DSL providers. While Comcast customers share a first hop and DSL doesn’t (most of the time, they actually do if repeaters are used), all of them share a second hop, access to which is mediated by a fair queuing discipline. So Comcast is simply implementing their queuing discipline on the first hop, which makes good sense for their technology. So there’s no need to look at protocols and headers, it’s all just traffic and traffic opportunities can be managed with per-user fairness.

So the bottom line is this: the IETF protocols failed to deliver a scheme for per-user fairness, so Comcast will implement one on their first hop network. That’s what we call progress, and the only question is why it took them so long to do it.

Comcast & BitTorrent Announcement

You may have noticed that BitTorrent and Comcast have agreed to work together to improve co-existence. The Wall St. Journal is reporting the significant detail: Rather than slow traffic by certain types of applications — such as file-sharing software or companies like BitTorrent — Comcast will slow traffic for those users who consume the most … Continue reading “Comcast & BitTorrent Announcement”

You may have noticed that BitTorrent and Comcast have agreed to work together to improve co-existence. The Wall St. Journal is reporting the significant detail:

Rather than slow traffic by certain types of applications — such as file-sharing software or companies like BitTorrent — Comcast will slow traffic for those users who consume the most bandwidth, said Comcast’s Mr. Warner. Comcast hopes to be able to switch to a new policy based on this model as soon as the end of the year, he added. The company’s push to add additional data capacity to its network also will play a role, he said. Comcast will start with lab tests to determine if the model is feasible.

No details are out on the changes to be made on the BitTorrent side so far.

This is a huge announcement as it cuts off FCC chairman Kevin Martin at the knees, and does so in advance of his scheduled lynching in Palo Alto. If Comcast and BitTorrent can work together to resolve their problems with technical solutions (as I advocated at the FCC hearing at Harvard), there’ no predicate for new regulations or enforcement actions.

It’s a setback for the public interest lobby, and they’re taking it pretty hard. Public Knowledge in particular still calls for heavy regulation and increased FCC involvement in network management practices. It’s almost laughable:

Even in the best-case scenario for a Comcast/BitTorrent partnership, Comast is not the only one engaging in this sort of behavior. The FCC must make it clear that these types of practices are unlawful and against public policy, and that they will not be tolerated, now or in the future.

Free Press is also quite upset:

This agreement does nothing to protect the many other peer-to-peer companies from blocking, nor does it protect future innovative applications and services. Finally, it does nothing to prevent other phone and cable companies from blocking. Innovators should not have to negotiate side deals with phone and cable companies to operate without discrimination. The Internet has always been a level playing field, and we need to keep it that way.

You’d think BitTorrent had been bought off by Comcast, and no longer deserves to be adored as an “innovative new application.”

BitTorrent, Inc. is willing to modify their code to make it more manageable, but the pirates who use BitTorrent open source and Vuze won’t be, so the cat-and-mouse game between legal and illegal uses of P2P will continue. BitTorrent, Inc. won’t be affected, however, and that’s progress.

The agreement shows once again that technical solutions to technical problems are better than political ones. It’s unfortunate for the public interest lobby that this issue is no longer a cause for grandstanding, but they’ll recover. And in the meantime, the 60% of American broadband consumers who use cable to connect to the Internet will have a faster pipe that they’ll be able to use without being hogged out by their neighbors.

It’s a win for everybody.

Go to CNet for Declan McCullagh’s detailed interview with Comcast’s Joe Waz.

The FCC commissioners have all issued statements, the best of which is this one from Commissioner McDowell:

The private sector is the best forum to resolve such disputes. Today’s announcement obviates the need for any further government intrusion into this matter.

Amen.

UPDATE: See this post for some detail on what’s afoot.

Nagle’s Answer

Slashdot picked up George Ou’s latest piece on the problems with TCP and Peer-to-Peer congestion that I’ve been writing about lo these many months, attracting one interesting comment in a sea of chaff: As the one who devised much of this congestion control strategy (see my RFC 896 and RFC 970, years before Van Jacobson), … Continue reading “Nagle’s Answer”

Slashdot picked up George Ou’s latest piece on the problems with TCP and Peer-to-Peer congestion that I’ve been writing about lo these many months, attracting one interesting comment in a sea of chaff:

As the one who devised much of this congestion control strategy (see my RFC 896 and RFC 970, years before Van Jacobson), I suppose should say something.

The way this was supposed to work is that TCP needs to be well-behaved because it is to the advantage of the endpoint to be well-behaved. What makes this work is enforcement of fair queuing at the first router entering the network. Fair queuing balances load by IP address, not TCP connection, and “weighted fair queueing” allows quality of service controls to be imposed at the entry router.

The problem now is that the DOCSIS approach to cable modems, at least in its earlier versions, doesn’t impose fair queuing at entry to the network from the subscriber side. So congestion occurs further upstream, near the cable headend, in the “middle” of the network. By then, there are too many flows through the routers to do anything intelligent on a per-flow basis.

We still don’t know how to handle congestion in the middle of an IP network. The best we have is “random early drop”, but that’s a hack. The whole Internet depends on stopping congestion near the entry point of the network. The cable guys didn’t get this right in the upstream direction, and now they’re hurting.

I’d argue for weighted fair queuing and QOS in the cable box. Try hard to push the congestion control out to the first router. DOCSIS 3 is a step in the right direction, if configured properly. But DOCSIS 3 is a huge collection of tuning parameters in search of a policy, and is likely to be grossly misconfigured.

The trick with quality of service is to offer either high-bandwidth or low latency service, but not both together. If you request low latency, your packets go into a per-IP queue with a high priority but a low queue length. Send too much and you lose packets. Send a little, and they get through fast. If you request high bandwidth, you get lower priority but a longer queue length, so you can fill up the pipe and wait for an ACK.

But I have no idea what to do about streaming video on demand, other than heavy buffering. Multicast works for broadcast (non-on-demand) video, but other than for sports fans who want to watch in real time, it doesn’t help much. (I’ve previously suggested, sort of as a joke, that when a stream runs low on buffered content, the player should insert a pre-stored commercial while allowing the stream to catch up. Someone will probably try that.)

John Nagle

.
I actually suggested the technique John proposes directly to Comcast engineering: drop packets before the first hop. They didn’t appear to have considered it before, but it actually is the answer. Unfortunately, the cable modem is not an IP device so it doesn’t understand when and how to do this presently, so it becomes a piece of housekeeping for the DOCSIS 3.0 upgrade.

Fine Kettle of Links

Some interesting reading for you: George Ou tells the story of the unfairness of TCP and offers some suggestions. Adam Thierer takes on Jonathon Zittrain’s paen to programmability The Future of the Internet: And How to Stop It. And finally, Harold Feld explains the 700 MHz auction and what it does and doesn’t mean. Harold … Continue reading “Fine Kettle of Links”

Some interesting reading for you:

George Ou tells the story of the unfairness of TCP and offers some suggestions.

Adam Thierer takes on Jonathon Zittrain’s paen to programmability The Future of the Internet: And How to Stop It.

And finally, Harold Feld explains the 700 MHz auction and what it does and doesn’t mean. Harold is a communist, but he’s a much smarter communist than his comrade Susan Crawford, who tries to read the same tea leaves and doesn’t say much.

Obama: Not a Serious Person

The great Obama speech on race in America impressed a lot of people, but they were already Obama supporters. It left me cold, and more than a little offended. To compare his grandmother’s probably rational fear of black men on the street with the bitter public rhetoric of the bombastic Jeremiah Wright shows a distinct … Continue reading “Obama: Not a Serious Person”

The great Obama speech on race in America impressed a lot of people, but they were already Obama supporters. It left me cold, and more than a little offended. To compare his grandmother’s probably rational fear of black men on the street with the bitter public rhetoric of the bombastic Jeremiah Wright shows a distinct lack of judgment on Obama’s part. Women are often fearful of men on the street at certain times of the day and certain parts of the city, and it’s a fact that black men are more likely to commit violent crimes than other demographics. There are all sorts of reasons for that, but it’s a fact and we’re all aware of it.

Wright has claimed, among other things, that the government of the US created the HIV virus in order to commit genocide against the black race. He has said, in effect, that the KKK rules America. Wright evidently hates white people, and doesn’t feel bashful about saying so from his pulpit. To compare Wright’s racism – and there’s no other way to describe it – to granny’s private fear is simply bizarre.

[added 3/21]

Consider the differences between Obama’s granny and Wright. Granny expressed a private fear to her grandson, perhaps to help him understand attitudes that people have. She didn’t take to a pulpit and denounce all black men as criminals, which is apparently the way Wright would have behaved in her shoes. And moreover, Obama doesn’t get to choose who his granny is, but he does get to choose a pastor. And of all the pastors in the city of Chicago, he just happened to choose the most hateful one.

It’s simply bad judgment, or a lack of intellectual honesty, not to make these distinctions.

[end of addition]
Obama must be so inured to black racism that he can’t even recognize it. And given that the two most significant people in his life in recent years – his wife and his pastor – express anti-white racism with no apparent discomfort, that’s not surprising.

This tells me that Obama is a lightweight, a John Edwards, a pretty face, and not qualified to lead this country. It’s sad for Hillary and for the country that he’s seduced so many Democrats, because a Clinton-McCain contest would have put all the important issues on the table for serious discussion. With Obama the presumptive Democrat nominee, the election will revolve around experience and judgment, much less interesting topics and ones that are easily disposed of.

See the LA Times Op-Ed pages for a similar take on the speech from New York Civil Rights Coalition director Michael Meyers.

FCC Hearing in Lessig Territory

Unsatisfied with the outcome of the FCC hearing on Comcast held in the maw of the Berkman Center, Kevin Martin turns to Larry Lessig for help: FCC Announces Stanford Hearing. When you’re being investigated by Congress, anything to keep the eyes off the ball is helpful. Seriously, this is happening is because the Commission lost … Continue reading “FCC Hearing in Lessig Territory”

Unsatisfied with the outcome of the FCC hearing on Comcast held in the maw of the Berkman Center, Kevin Martin turns to Larry Lessig for help: FCC Announces Stanford Hearing.

When you’re being investigated by Congress, anything to keep the eyes off the ball is helpful.

Seriously, this is happening is because the Commission lost the records of the Cambridge hearing; no, that’s not serious, but it might be.

Bad Time for Silicon Valley IPOs

This can’t be good: Brenon Daly, who tracks IPOs and mergers in the technology and telecom industries for the 451 Group in San Francisco, said both the avenues VCs use to achieve liquidity have been drying up for months. “The IPO market is dead,” Daly said flatly. Acquisitions had been strong through 2007, when big … Continue reading “Bad Time for Silicon Valley IPOs”

This can’t be good:

Brenon Daly, who tracks IPOs and mergers in the technology and telecom industries for the 451 Group in San Francisco, said both the avenues VCs use to achieve liquidity have been drying up for months.

“The IPO market is dead,” Daly said flatly. Acquisitions had been strong through 2007, when big firms spent $476 billion to buy 3,559 smaller firms in Daly’s market, but a good chunk of that activity was buyouts by private-equity firms like the flailing Carlyle Group, now caught in the credit crunch. So that means fewer M&A buyers in 2008, he said.

Having recently left one privately-held firm for another, this is the last thing I wanted to hear, but facts are facts and we all have to face them. It’s a damn shame that the crisis in the mortgage markets would reach out and smack down promising high tech IPOs, but it has.

Japan to Ban P2P Piracy

Net Neutrality folks like to tout Japan as the model of a fine and healthy Internet access ecosystem, despite the VoIP blocking. They’re going to have a major fit when they learn P2P piracy is about to be banned in Japan: The nation’s four Internet provider organizations have agreed to forcibly cut the Internet connection … Continue reading “Japan to Ban P2P Piracy”

Net Neutrality folks like to tout Japan as the model of a fine and healthy Internet access ecosystem, despite the VoIP blocking. They’re going to have a major fit when they learn P2P piracy is about to be banned in Japan:

The nation’s four Internet provider organizations have agreed to forcibly cut the Internet connection of users found to repeatedly use Winny and other file-sharing programs to illegally copy gaming software and music, it was learned Friday.

The move aims to deal with the rise in illegal copying of music, gaming software and images that has resulted in huge infringements on the rights of copyright holders.

Resorting to cutting off the Internet connection of copyright violators has been considered before but never resorted to over fears the practice might involve violations of privacy rights and the freedom of use of telecommunications.

The Internet provider organizations have, however, judged it possible to disconnect specific users from the Internet or cancel provider contracts with them if they are identified as particularly flagrant transgressors in cooperation with copyright-related organizations, according to sources.

How can they do that, you ask? Well, it’s pretty easy. We can’t ban piracy in the US because critics can say “just upgrade the pipes like they’ve done in Japan and it’s not a problem.” That dodge obviously doesn’t fly over there.

Japan has a 100 Mb/s connection to the home that’s over 95% occupied at the busiest times of the time, a completely unacceptable situation. So they’re taking sensible action in the absence of a technical solution to bandwidth-hogging.

They’re not stupid, you see.

UPDATE: Count Sweden in as well:

STOCKHOLM, Sweden (AP) — Swedish courts will soon be able to force the country’s Internet providers to produce information on suspected file-sharers in a move to crackdown on piracy, the culture and justice ministers said Friday.

File-sharing can be traced by tracking the IP addresses of the computers that download or distribute a file.

…along with France and the UK. I’m sensing a trend here, where Kevin Martin is the only opposition.

UPDATE 2: George Ou comments on the story.

World’s Largest 802.11n Network

Trapeze Networks finally has announced their deal with U. of Minnesota to build the world’s largest 802.11n network: PLEASANTON, Calif., March 10, 2008 – Trapeze Networks®, the award-winning provider of Smart Mobileâ„¢ wireless solutions, today announced that the University of Minnesota plans to deploy its Smart Mobileâ„¢ 802.11n wireless network product suite campus-wide, marking the … Continue reading “World’s Largest 802.11n Network”

Trapeze Networks finally has announced their deal with U. of Minnesota to build the world’s largest 802.11n network:

PLEASANTON, Calif., March 10, 2008 – Trapeze Networks®, the award-winning provider of Smart Mobile™ wireless solutions, today announced that the University of Minnesota plans to deploy its Smart Mobile™ 802.11n wireless network product suite campus-wide, marking the largest ever 802.11n deployment to date. Beginning in May and continuing over the next five years, approximately 9,500 access points (APs) will be deployed to serve more than 80,000 people across the university’s two campuses. Students, faculty and staff will have fast and secure wireless access wherever and whenever they want it.

This network features a lot of the code I wrote for Trapeze for 802.11n, 802.11e, and bandwidth management, so I hope Trapeze hasn’t screwed it up too badly in the weeks since I left that company for my current gig.