Network

The content producers’ lobby is very ancient and powerful in France (it was started by the playwright Beaumarchais in the 18th century). The fact President Sarkozy’s wife is an important rights holder may have something to do with his determination to pass the abject Hadopi law, which would cause Internet users caught illegally downloading content to be cut off from the Internet (while still having to pay their ISP fees).

The law was exceedingly stacked towards the content industry. The burden of proof was on the defendant rather than the prosecution, and an extra-judicial quango named Hadopi was to be set up to enforce these sanctions. The European Parliament, to its credit, had opposed such measures and restated that Internet access is a fundamental right that can only be curtailed by proper judicial authority. The first reading of the law led to a surprise defeat, as the majority UMP legislators were unenthusiastic about supporting a law that would alienate the young, and absenteeism was such that the minority Socialist party managed to overwhelm those few present. This is one of the exceedingly few times I actually agree with the feckless Socialists… The President brought his whip to bear and the law was put back on the agenda and voted in the second time.

Today, the Conseil Constitutionnel ruled on a challenge to the law put by Socialist parliamentarians, and gutted it in line with the European Parliament. In doing so, it affirmed that Internet access is a fundamental human right, drawing all the way back to the original Human Rights declaration of 1789, and that Internet users are innocent until proven guilty.

This is an important decision. In Roman law, judges’ discretion is much more limited than in the Anglo-Saxon Common law tradition. The US Supreme Court found in Roe vs. Wade a right to abortion in the US Constitution that is far from obvious, and such a decision by unelected judges lacked universal legitimacy. In contrast, abortion was legalized by an act of Parliament in France, which is why opposition to it is nowhere near as bitter as in the US. The Conseil Constitutionnel does not invent constitutional principles, it only censures laws or more commonly individual articles (the role of ultimate court of appeals belongs to another institution, the Cour de Cassation). The significance of it finding Internet access a fundamental right cannot be overstated.

I am currently in New Orleans for a friend’s wedding, and staying at the InterContinental. The hotel has wired Internet access, but like all expensive hotels, wants to charge an extortionate fee ($7/hour) for it. This is annoying as the same hotel chains’ budget-priced hotels usually offer it as a complimentary service.

I noticed my email was going through, however. On further inspection, it turns out they only intercept port 80 HTTP traffic, but not on other ports. Security through (very thin) obscurity, in other words.

I tried using Firefox from my home machine over X and SSH port forwarding, but it was painfully slow.

At this point, I was considering setting up a HTTP proxy on my home machine and using it over SSH port forwarding, but I remembered reading something about SSH and SOCKS. I had never used a SOCKS proxy before, but it turns out this is incredibly easy: just add the -D option to ssh with a local port number, e.g. 9999, and set up your browser to use localhost:9999 as the SOCKS proxy. It worked flawlessly with my Mac OS X SSH client and Solaris 10 stock server.

This has applications beyond routing around hotel paywalls. Many public WiFi access points are unsecured. Even if they are legit (many are peer-to-peer vs. infrastructure, and presumably used by thieves to harvest passwords), they can be snooped for passwords trivially easily. Using SSH and SOCKS provides you with security when using an untrusted Internet access point, even for non-SSL sites. My email uses IMAPS and SMTP TLS so I don’t need to reconfigure it to use SOCKS, but that would also be an important protocol to secure.

All in all, a very worthwhile addition to my toolset. I can’t believe I waited so long to try it.

Update (2009-04-12):

To its credit, New Orleans’ Louis Armstrong international airport has free WiFi throughout the terminal. Chic!

Home automation units based on X10/Insteon or proprietary systems like Control4 or Savant start at $100-200. At a time when you can buy a fully functional WiFi router with a 200+MHz processor, a minimum 8M of RAM, 16MB of flash for under $50, why is there not a home automation system that costs $50 and uses standard TCP/IP and WiFi for connectivity?

Some yahoo at Debian found what he thought was a bug in OpenSSL, and decided to comment out some code without having any clue what purpose it served. That purpose was to seed a pseudo-random number generator with entropy from memory, specifically /dev/random. This only broke the cryptographic security of OpenSSL on Debian (and thus Ubuntu) while being mostly undetectable. It’s quite likely attacks of the same ilk were deliberately planted by various spy agencies.

This is just an extreme example of why I prefer to build open-source software from source code myself rather than trust blindly in some packager whose choice of compile-time settings almost certainly doesn’t match mine. I have a framework of makefiles that specify how each package is built from source (meta-makefiles, really). This includes checking for new versions of the package, setting configure options and make environment variables. For instance, to fetch the most recent version of OpenSSL, all I do is make sync-openssl; make openssl then as root run make install-openssl. The maintenance burden is low as I have been assembling these metamakefiles over the last 12 years, targeting Solaris and OS X. The end-result is a deterministic build according to my specifications.

My process would not ward against a malicious attack like Brian Kernighan’s notorious trusting trust attack, but it has served me well over the years.

While reading an article about Brocade/Foundry’s product plans, I learned about Convergent Enhanced Ethernet (CEE), also known as “Data Center Ethernet”. As if Ethernet needed blessing from the price-gouging storage vendor community to enter the data center…

CEE sounds like just one more in a long line of failed “standards” like IsoENET that take Ethernet, find some supposed nit to pick with it, and add all sorts of baggage to address hypothetical requirements. In the case of IsoENET, it was jitter, and in the case of CEE, it is packet loss, never mind that function belongs to TCP at layer 4, not Ethernet at layer 2. It is a predictable result of the Fibre Channel community’s lame attempts to head off iSCSI by putting FCP directly over Ethernet (FCoE).

This basically reflects an attitude of “my traffic is so special, it can’t be allowed to mingle with unwashed Ethernet packets”, and reminds me of how France Telecom Labs circa 1996 was very proud to show a prototype of “World Wide Web without requiring the use of IP”, as if the fact the web uses IP rather than ATM was a barrier to adoption, rather than a success factor…

The reason why Ethernet is so phenomenally successful is that it is simple, easy to implement and cheap. Any attempts to add complexity will only delay time to market, limit economies of scale and add cost, until whatever comes out becomes just as expensive as the Fibre Channel ports and adapters the whole world is trying to ditch in favor of fast, inexpensive vanilla Ethernet. Then again vendors like Brocade grew fat on gouging Fibre Channel customers and hope they can reverse the trend of commodification and keep on with their little racket.

It’s just not going to happen, specially in a tough economic environment where IT expenditures are contracting and any attempt by vendors to foist their overpriced proprietary dead-end marketectures will be treated harshly by buyers.