I’m not asking if we need UDP as a network protocol at all, but if we really need it as a transport protocol? Does it actually provide any real transport layer features? Let’s take a look at the UDP header:

We see a couple port numbers and a checksum. If we look at the TCP header we see a lot more:

It has port numbers and a checksum as well, but there’s also a sequence number, an ack number, control flags, window size, and other goodies. If you want to compare feature lists you can see how disparate they are. UDP provides:

• port numbers
• simple error-checking

So it’s useful, but nothing compared to what TCP offers:

• port numbers
• simple error-checking
• reliable delivery
• in-order delivery
• flow control
• congestion control
• segmentation

But maybe it’s not fair to compare UDP against TCP, the end-all-be-all-get-my-packets-there-or-else of the transport layer protocols. How about some of the others? Here’s a table I stole borrowed from Wikipedia:

 As you can see, UDP is really the runt of the family. So it seems as if our TCP/IP model is a little off:

TCP and the some of the  other transport protocols offer everything that UDP does and more. So why is this redundant functionality in UDP, a sibling protocol? Wouldn’t it make more sense to put it in a layer beneath these other protocols:

Creating a new “Session” layer (term borrowed from the OSI model) seems to fix the problem here. The protocols that don’t need UDP and don’t provide any real transport layer features were moved into this new layer too.

I like this new model a lot more. It better represents the real world and how these protocols are actually used: If you need simple port-to-port connectionless communication you choose UDP. If you need all that, but also a connection-oriented reliable communication stream, you choose TCP. So why hasn’t it been this way all along…

Yesterday I talked about Microsoft’s stealthy updating and what that means to Windows user. This post in the same vein. This is about AT&T and the US government illegally wiretapping Americans. In 2005, it was reported that the NSA has been illegally intercepting communications since about 2001. Shortly after this story broke, the EFF filed a lawsuit against AT&T for these actions. AT&T claimed it was only doing what the gov’t told them to do, but the judge rejected it.

Here is an email I received from the EFF on the case:

At a packed San Francisco hearing today [August 15th], the Electronic Frontier Foundation (EFF) defended your Fourth Amendment rights and urged the 9th U.S. Circuit Court of Appeals to let our class-action lawsuit against AT&T go forward. The case demands that AT&T stop illegally assisting the National Security Agency to snoop on its customers’ telephone and Internet communications.

There’s much more at stake here than stopping the Bush Administration’s illegal spying and holding the telco giant accountable, though. The President is arguing that thin claims of “state secrets” can trump the courts’ constitutional duty to uphold the rule of law.

Without judicial review, there’s no way to protect ordinary citizens against government abuses of power. No president, now or in the future, should be allowed unfettered authority to evade the courts and trample on your freedom. As Judge Vaughn Walker wrote in rejecting the government’s claims at the lower court, “The compromise between liberty and security remains a difficult one. But dismissing this case at the outset would sacrifice liberty for no apparent enhancement of security.”

Privacy and freedom is definitely something we as Americans take for granted and think we’re entitled too. But if we sit idle too long, they might just disappear faster than we think. We need to fight for our freedoms. Call your senator or representative to stop the spying. Or at the very least, donate to EFF so they can fight for us.

Sure it might be cliché to mention it, but think 1984. A world where Big Brother is everywhere. How far are we really from that now?

Everyone panic! You’re getting updates even when you specified not to! I don’t know about you, but I’ve made peace with the fact that Microsoft can get to me whenever they want to. Sure if you specified to download updates but to ask before installing or worse yet not to check for updates at all, and you still get updates, that’s bad. But the fact is that when you configure your update settings, you’re still trusting Microsoft that that’s what they actually do. You may click that radio button, but they still need to honor it. And who really truly trusts Microsoft nowadays anyway?

As Bruce Schneier points out, this is a pretty big hole. He claims that if Microsoft can use this remote install capability to install updates, why can’t anyone else exploit that capability? I would think that Microsoft would have the foresight to lock it down with some good certificate exchanges and encrypted communications, but this is Microsoft we’re talking about.

Either way, what’s to say Microsoft couldn’t do this with XP or 2000 before? We simply don’t know. They wrote the freakin operating system. Who knows what’s in there? When you’re dealing with a closed source operating system, you just really don’t know. Like it or not, you’re trusting Microsoft…

I was planning on writing about TOR sometime in the near future, but Bruce Schneier’s post spurred me on. Anyway, the onion router or TOR works by taking your Internet traffic, encrypting it, and forwarding it from one TOR router to another to another to another until it reaches the final TOR router, or exit node, where it decrypts the data and finally dumps it onto the Internet.

This means that posting to some odd website (or even the fact you visited that website) will be anonymous in the sense that the IP that the website sees will not be your true Internet IP address. And for that matter, anyone who sniffs your traffic will not see it either. However, this does not imply that you have privacy. Anything you send in cleartext like your gmail username and password will still be in cleartext when it gets dumped on the Internet. TOR doesn’t encrypt your traffic from the exit node to its destination.

You also have no guarantee that the TOR routers themselves will play fair. The exit node, since it sees everything right before it goes onto the Internet, can log every packet it sends. And apparently some do that very thing. How embarrasking…

In listening to Net @ Nite episodes, I found out about the latest and greatest social networking site: Pownce (pronounced pounce). It’s the new and improved FaceBook which is of course the new and improved MySpace. Pownce is invite only to avoid the huge onslaught of registrations, but you can always get around that.

Pownce is interesting because you can post text, links, files, and events. The files is especially interesting:

You can post mp3s and other DMCA friendly sorts of things. Only your friends can see these posts so it’s not globally exposed, so that helps the situation a little. Only time will tell what happens with that.

A couple weeks ago I talked about a little problem I had with VeriSign PiP. I thought you had to create a unique PiP account for each OpenID you wanted, but it turned out that PiP lets you use multiple OpenID’s in the same PiP account. So I emailed PiP support and Gary Krall, the technical director of PiP, replied. I explained the situation in which I created the extra PiP account and registered the OpenID. Then I realized my error and removed the OpenID from the new account, so I could add it on to my original PiP account, but PiP kept saying the OpenID was still in use. Here’s Gary’s reply:

The way the system is currently structured is once an identity has been created “claimed” if you will, and then deleted in our database we do not “release it”. The reason behind this is we’ve given some thought to in the future allowing users to reclaim identities they have previously deleted. Also there is a chance that a user may have actually established a trust request with a relying party and we do not want to get into a situation where a user established a trust, deleted it, and then suddenly that persona was claimed by another user. We’re trying to keep accounts bound as close as we can.

I totally agree with Gary. I don’t like letting old email addresses go stale and subsequently get released. I may no longer use them, but they still might have some accounts tied to them and I wouldn’t want that to be vulnerable. This solution the VeriSign guys came up with seems to fix that problem. So I decided to poke and prod Gary a little more to find out some other details.

First I asked him why there is no overall account info that is tied to each of the OpenIDs so that they all use the same info.

He explained that they originally had this feature, but it was dropped in lieu of customization of each OpenID. In this way, each OpenID could serve as a different persona that you may want to present to one website but not another. I can see that argument, but I don’t think I personally would want to be a 29 year old male on some site and a 14 year old female on another… unless I was a creepy guy on myspace… Anyway, they did include a little feature as you can see above where it will copy the data from the right pane to the selected field in the left pane. This means you’d have to update all your OpenIDs if any of your info changes, but this is still a nice shortcut to have.

I also asked Gary about whether you could have multiple security tokens per PiP account. Earlier I mentioned how Steve Gibson talked about this on a recent Security Now! podcast. Well, Gary replied:

Not in the immediate future. It is on the list of possible enhancements but we have more to do than team members to do it.

More enhancements than team members. Don’t we all know how that goes…

I recently got a new laptop. Our previous one was a little dated and missing a few keys (it’s not a good idea to let your dog or your baby near the keyboard), so it was definitely time. I decided to go with an HP dv9428nr laptop. It had a decent Windows Experience Index, 17″ widescreen, and was the right price. The last few computers I’ve bought were all HPs, not because I’m a fan but just because those were the best I could get for the money. They’ve generally been good, so I don’t mind getting another.

However, recently HP started stealing part of your hard drive in order to store the recovery disc data. They partition off part of your C drive and store the recovery data there so that then they don’t need to create and ship the recovery discs with your new computer. You get to make your own! It’s a nice project for you and the kids on a lazy Sunday afternoon.

Anyway, so I fire up the the system recovery disc creation utility. I tell it I want to use DVDs, click next and then come across this gem of a dialog:

As you can see in the third checkbox, the checkbox highlighted when I hovered my mouse over it. It was clickable. It wasn’t disabled. What the heck would happen if I clicked on? As I mentioned yesterday, that is one of my biggest pet peeves. I could have tried clicking on it, but I wouldn’t want it to screw up my recovery discs. And since I can only make one set of recovery discs ever, I may never know:

Anyhow, I see (at least) two things wrong here:

1) Checkboxes are being used to show progress. It’s much better to just use a progress bar instead, so that something like this:

…becomes something like this:

Users don’t really care about seeing the specifics of their progress, they just want to know how much is left to go. A progress bar gives them that.

2) Checkboxes aren’t disabled. Progress is controlled by what stage the application is in, so it’s not clear what would happen if you clicked the checkboxes.

A much better choice here would be to give the dialog two progress bars: one to indicate the current task’s progress and one for overall progress:

…or at the very least remove those darn checkbox controls and put up some non-clickable bitmaps!

That is probably one of my biggest pet peeves. It totally irritates me when I check a checkbox and something wacky happens (since any action or command (other than simple UI control hiding) that is fired off when you check a checkbox is wacky). A checkbox is supposed to represent a state: on/off, true/false, yes/no… or in the case of mixed state checkboxes: yes/no/kinda, true/false/true-for-some-but-not-all-but-you-don’t-know-which. You get the idea:

As the Windows Vista User Experience Guide for Check Boxes explains:

Don’t use the selection of a check box to:

• • Perform commands.
  • Display other windows, such as a dialog box to gather more input.
  • Dynamically display other controls related to the selected control (screen readers cannot detect such events).

What those three points basically sum up to is don’t do anything that isn’t obvious just by looking at the dialog. If you have disabled subordinate controls beneath an unchecked checkbox, it’s pretty obvious that checking that checkbox will enable the subordinate controls.

Now it wouldn’t be obvious if checking that checkbox also popped up a modal dialog, or sent an email to your boss telling him that you’re leaving work early.

Found a couple cool maps showing Internet bandwidth on a global scale. Here is one from 2005:

The striking thing shown here is how much the States are a bottleneck for the rest of the world. We have a nice pipeline to Europe and another to Asia, but there’s no pipeline between Europe and Asia… at least nothing comparable to the one created by the US. And thus we have created a star topology. Probably the worst that could have happened to a global structure, but that’s what we have. Here’s another map (although I don’t believe it’s quite as recent) that shows a similar statistic:

And as an added bonus, here’s a diagram showing peering over the Internet. The US is on the bottom, Europe on the upper right and Asia on the upper left:

Now here’s an interesting product:

The Ironkey doesn’t have multi-factor authentication, but after 10 (assuming sequential) incorrect password attempts, it self-destructs. So it can’t be brute forced. Now that’s something you can’t even get with TrueCrypt. However, you probably don’t want your kid and your computer near it. Another cool feature is that it’s filled with epoxy so any attempt to physically get at the ROM won’t do any good either.

Now if somebody combined this with the fingerprint scanner of this drive:

…then you’d have something to wet yourself over.