20140728-131417-47657711.jpg

Blocked.com: Blind, Incompetent “Security” Software

Over the weekend  I gave myself the task of setting up Glype. Glype is an interesting  PHP script that allows one to create a simple web proxy on any Apache web server.

The purpose of this, primarily for myself is to be able to reach this proxy on my server from a web environment (such as schools or public computers) that is heavily censored or firewalled.

Because everybody knows that the internet just isn’t worth using with all of the “good” sites blocked by over zealous network administrators and politically motivated school administrators.

In my quest to set up the aforementioned HTTP proxy server I figured I would peruse the project’s website for some of their frequently asked questions, guides and other tidbits of information. No problem, right?

Ironically, the Glype project’s website wantonly blocks all proxies and VPNs thanks to the ridiculous “security theater” that is called Blocked.
All of them! Entire IP ranges! Entire ASN’s! Have they lost their mind?

This is thanks to what I am awarding the title of most incompetent website protection software: so-called “Blocked.com”. I am very displeased with the sloppy way this software does it’s thing. Becoming the judge, jury and executioner simply because a potential visitor MAY be from a bad IP neighborhood.

If someone wanted to be as ridiculously paranoid as them, they would have been better off creating an IPtables rule to do the same thing for free.

Granted, I understand that internet spam is a big problem. That’s no understatement. Providers like OVH and the millions of spam robots crawling the web are definitely an issue. I get plenty of these across my web properties every day.

My spat with blocked comes from how they conduct their blocking. Instead of intelligently trying to detect suspicious behavior, patterns or user agent strings that may be reflective of spam (or other shenanigans such as forged packet headers, shady reverse DNS entries) like competitors such as Cloudflare (which provides a really good benefit to security without screwing over honest end users.) they just block entire networks.

This is akin to denying kids the right to an education just because they’re from a certain neighborhood! What? My lousy /32 IP allocation ain’t good enough?

I am incensed by this because I run my own private VPN server. My self hosted OpenVPN and L2TP/IPSec virtual servers allow me to avoid Comcast (and others) deep packet inspection, traffic shaping and other sources of trouble. Internet providers have been known to use deep packet inspection technology to screw with competing services (I’m looking at you, Verizon!) and build personalized advertising profiles of users to sell to marketing companies. For example, instead of seeing me accessing Netlfix, Google etc, they will only see AES-256 encrypted UDP packets. It also gives me the bonus of tunneling the upstream bandwidth provider’s IPv6 connectivity (which Comcast has shamefully still failed to deploy to my southern New Jersey home.)

This is a major benefit to me, as it allows me to take full control over the security and privacy of my internet connectivity. Consequentially, all Internet traffic exiting my devices will terminate at the VPN server, so to the “outside world” my devices have an IP address that comes back to my server provider’s data center.

It’s not like it’s OVH or one of the notoriously bad at handling abuse providers that infest the web with spam and brute force login attempts. The company I use has no history of this sort and enforces their abuse policies excellently. I’m not sending out suspicious user agents or any other activity indicative or spam, and this is not a publicly accessible VPN service (just me!)
And it’s not like this IP of mine is being used as a TOR exit node or other potential source of abuse.

But when I visit any website “protected” by this software, here’s what I’m greeted with:

20140728-130829-47309259.jpg

I refuse or not use my VPN due to those aforementioned privacy concerns. Many people make usage of virtual private servers thanks to the proliferation of technologies such as Xen, OpenVZ and KVM- with VPN servers being one of their most useful applications. This company is simply blocking entire blocks of IP address ranges and providers to provide the illusion of security to its customers.

As a website owner and a website visitor, I am extremely disappointed in Blocked. Discriminating against IP addresses that have had no history of spam is only hurting both the entire internet community.

MicrosoftWindows

Windows: One Mess Of An Operating System

My intense disdain for Microsoft Windows and its cohorts is no secret. Just because it’s the most popular (for now) computer operating system definitely does NOT make it the best, or even close to that. Between the relic that the NTFS filesystem is, the horror that is the error-prone, instability loving Registry and absolute mess that is Microsoft’s new Metro UI.

So where do we even begin? Windows powers the vast majority of personal computers, and I feel that these issues are calling its reliabilty and usability into question when alternatives such as BSD and Linux are becoming more advanced by the day.

First, Windows’ closed-source by nature architecture vastly limits its potential. Proprietary drivers and software don’t allow the end user to see how things work “under the hood”. This is to protect Microsoft’s intellectual property- and give their highly paid team of elite corporate trial lawyers something to do. Granted, the average “Joe The Plumber” isn’t going to want to do things that require permissive access to the underlying source code- but it certainly aids community developers to help build in additional functionality and access the power of newer 64 bit systems more effectively. (Linux and other UNIX-like systems have always dealt with multitasking a bit better.) Open source software not only allows more collaboration and input from the larger user and developer community- it’s also known to be vastly more secure. The majority of websites and other services on the internet, including Google, Facebook and even my own websites all run on two great pieces of open source software, Linux and WordPress. Open Source software is far more extensible, with readily available free and commercial plugins and rapid security updates in addition to a fundamentally more secure theory of operation, such as long-time support for full disk encryption, public key cryptography via solution such as OpenSSL (yes, THAT OpenSSL), and PGP encryption of emails and other files. Linux has support for many of these tools- and more baked right in to popular distributions.

Another area where Linux based operating systems outperforms Windows is scalability. Linux will scale beautifully from a small little 64 MB OpenVZ container instance, all the way on up to almost all of the supercomputers listed on the TOP500 supercomputer ranking list.

Try installing Windows 8 on your grandma’s 256MB ancient grey Dell. At the performance you’ll get on that system, Grandma won’t feel so old after all.

However, the latest version of Puppy Linux, or even LXLE will run perfectly on this rather dated system. And instead of running ancient versions of software due to hardware limitations, such as being stuck with IE8 as the latest version of Internet Explorer that will run under Windows XP, you’ll be able to run a full-featured version of Firefox, or even its lower resource using cousin Midori or Iceweasel. You will NEVER see this level of scalability on Windows, thanks in part to the monster that is the monolithic NT Kernel- a bloated relic of the past.

Another area where Windows falls short is reliability. If you’ve been using Windows based systems for any period of time, you’ll likely have made acquaintances with the fabled “Blue Screen Of Death.” With a mess of third party drivers, incoherent updates and an overall poor architecture, all versions of Windows have been proven to be extremely prone to crashes due to conflicts in software and drivers. In the spirit of fairness, Microsoft isn’t all to blame here for this- we can thank the greedy manufacturers and resellers of computers that shovel piles of crapware, trials and other unnecessary junk onto unsuspecting consumers. You’ll likely find snake oil like Norton Antivirus, trial versions of software you don’t need and other pieces of garbage littering the hard drives of newer store bought Windows PCs.

Quickly becoming one of the most-hated user interfaces on the Desktop is Microsoft’s new “Modern” UI (previously metro). The new user interface introduced from Windows 8 onward has quickly drawn the ire of veteran and new users alike. Why? It makes a desperate attempt at keeping Windows relevant in the age of the iPad and other mobile devices. It was desperately hacked together as a reaction to the iPad and other touch-based computing paradigms. It has no real innovation to stand on its own with. None. Zip. Zilch. Nada! I was one of the first people to purchase a new touch-based Windows 8 system in November of 2012. Even with a touch screen, “Live Tiles” are incredibly gimmicky on both Laptop and Desktop computers. Microsoft is having and identity crisis.

What exactly does Windows want to be when it grows up?

Does it want to be the flashy new mobile OS, to rival the currently dominant Android and iOS? They’ve already tried that, with the massive exercise in futility that was Windows Phone 7, which burned early adopters (such as myself) by denying them an upgrade path to Windows Phone 8 (partially as a result of the chincy processing guts of these devices) , and as a result killed all the early momentum they had going for what could have been a promising new mobile platform.

MSFT blew it again when they had the flop that was the Surface RT. It was such a flop that they canned the VP largely responsible for much of these new efforts, Steven Sinofsky- who himself left for greener pastures. The Surface, again, was another “me-too” product. Instead of offering real value to the marketplace and real innovation, it was another in the long Microsoft lineage of “me-too” copycat products. And the new Windows RT software cut out all backward compatibility (one of the only Windows selling points) in favor of dinkier ARM processors, from NVIDIA, no less. There are almost no popular apps from other platforms on the surface. The ones that are on the platform are often less-functional ports of their respective Android and iOS versions- it’s the red-headed step child of both mobile and desktop operating systems.

The current Windows is a Frankenstein-y mishmash of mobile, touch based paradigms and “old-school” garden variety mouse and keyboard faire. It is a jack of all trades and a master of none, producing a really third rate experience on both ways of using a Windows based computer.

By throwing its users from the griddle and into the flames with this new paradigm, Microsoft is with one fell swoop throwing over 30 years of the “Desktop Metaphor” that many computer users first became accustomed to Windows on. All of this, with no clear instructions of information to help guide users to use the new system. Not everyone is a computer expert, some people need to have their hands held, and Microsoft is not helping them here.

With craziness such as the new Windows “Charms” menu that you have to activate by moving the mouse to the top left corner of the screen, Microsoft has made Windows even less usable and less intuitive, befuddling the minds of many of its users even further.

The poorly placed charms menu has made it difficult for users to even find the hidden “shut down” button on Windows 8 systems. You would think the millions of dollars MSFT spends on usability and quality assurance would have made this a non-issue, but nope!

Don’t like the interface on your Linux system and prefer more traditional taskbars and windows? You are free to choose from hundreds of different Linux distributions, with some coming preinstalled with specialized tools and software, with much more being available for free from the developers. Many free and open source software programs such as GIMP and LibreOffice replicate and even beat many of the commercial software programs used on Windows, such as Adobe Photoshop and Microsoft Office- while not needing to be constantly rebooted and patched like Windows systems.

Sadly, most users will be unwilling to make the change to a Linux desktop despite its advantages due to ingrained habits and fears, and also the barrier of technical incompetence and illiteracy. Fortunately, Linux systems will continue to offer a clear and secure alternative to the zombie that Windows has become. Everything that requires some sense of stability and reliability relies on it (seriously, would you want missile defense systems and nuclear submarines to mess up due to a “blue screen of death”.) Sure, Linux isn’t perfect, or perfect for everyone’s needs, but in many ways it makes up for where Windows slacks off.

This isn’t a comprehensive list of my grievances with Redmond’s operating systems, however it is a good start. I will be sure to “name and shame” some of the additional technical inferiorities of these systems as soon as I manage to muster some more patience.

bitsnbytes2_full

Megabits vs. Megabytes: What’s In A Name?

Internet service providers, network equipment manufacturers and almost any other company that deals in bandwidth and connectivity will need to measure the maximum throughput of their network and equipment.

There is much confusion in regard to Megabits, which are typically used to measure network speed (abbreviated Mb) and how they relate to Megabytes (abbreviated to MB).

The cold truth is, the marketing departments of companies like Comcast, Verizon, T-Mobile or Cisco have found that consumers are more likely to be swayed with larger numbers in advertisements and advertised speeds. That’s why they measure (and advertise) their network speed in what I would call relatively inflated Megabits.

This is an inflated way of measurement, because typically the devices and computers we use measure files in Megabytes (MB). So there is a huge misconception from consumers that end up believing that megabits are the same as megabytes.

They’re not. There are 8 Megabits in 1 Megabyte. Big difference.

Let’s take this into account with Comcast’s new “Blast” internet packages they recently began offering. Their reported “top” speed is 105 Mbps (Megabits per second.)

Since virtually all files are measured in kilo / mega bytes you really are better off just dividing your connection speed by 8 (or multiplying the time it would take to download by 8)

So that 105Mbit connection is actually reall 13.125 Megabytes per second. Not a bad connection at all, but I wanted to dispell this rather large misconception as far as internet speed goes.

Another example we can apply this to is computer hardware. The Serial ATA specification is a group of standards that allow hard drives made from different manufacturers and devices to comply to the same standards to allow for compatibility and interoperability.

The newest specification provides for a maximum data transfer rate of 6 Gigabits per second.

This is actually 750 MB/s.

So what can we take away from this? Manufacturers like to inflate numbers of speeds to impress / woo consumers.

This is akin to measuring the speed of a car in centimeters per hour instead of miles per hour. It grossly inflates numbers, and an uninformed public will eat those claims right from the spoon of the marketing executives. Now you know.

 

Fireworks

Drones + Fireworks = Amazing Video

If you haven’t seen it already, my video of the Lacey Township fireworks is really something to behold.

In the video, I make use of my aerial photography drone equipment to fly above the fireworks display that the township puts on every year in the fields near the school.

Flying it at night, and with the booms of the fireworks was a challenging, yet rewarding task. It required a careful synergy of caution and finesse, allowing me to capture the fireworks in their full glory from above.

My only regret is that due to the noise of propellers, the current generation of drones / unmanned aerial systems cannot practically have a microphone on the aircraft, due to the fact that the only audio it would capture would be the noise of the propellers.

If a company could bring a “quiet” drone to market with USABLE audio recording, the applications of this may be pretty interesting.

But with the current limitations of battery technology and engineering, we may years away from this coming to fruition.

Notably, the fireworks were shorter than previous years, so I was glad to supplement with the drone. Flying it at night is a real crowd-pleaser. At times, more people were watching me fly than they were the fireworks, so I can’t complain there.