On Genius

Fools ignore complexity. Pragmatists suffer it. Some can avoid it. Geniuses remove it.

From SIGPLAN Notices Vol. 17, No. 9, September 1982, pages 7-13. Unfortunately The ACM digital library seems to have omitted these pages from their archive, however the full text is available online.

Control Key Intercepted when using Gimp

Today I was trying to use the 'clone' tool in Gimp and couldn't for the life of me get it to accept the source position with the normal 'control-click'. It seemed like it was being intercepted by something, as it turned into a little cross.

Turns out under Gnome you should go Applications -> Desktop Preferences -> Windows -> Movement Key and modify it to be something else other than the control key; then log out and back in.

Using LD_PRELOAD to override a function

For some reason, people seem to get this quite wrong a lot of the time. Certainly one should not be playing with symbols that start with __ unless you really know what you're doing with them.

ianw@lime:~/tmp/override$ cat override.c
#define _GNU_SOURCE 1
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <dlfcn.h>

pid_t getpid(void)
{
        pid_t (*orig_getpid)(void) = dlsym(RTLD_NEXT, "getpid");
        printf("Calling GETPID\n");

        return orig_getpid();
}

ianw@lime:~/tmp/override$ cat test.c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int main(void)
{
        printf("%d\n", getpid());
}

ianw@lime:~/tmp/override$ gcc -shared -fPIC -o liboverride.so override.c -ldl
ianw@lime:~/tmp/override$ gcc -o test test.c
ianw@lime:~/tmp/override$ LD_PRELOAD=./liboverride.so ./test
Calling GETPID
15187

x86 Architecture manuals from Intel

Someone once gave gave me a tip that thanks to some sort of anti-trust agreement, if you go to this site and do a search on "IA-32" by title, you can fill your shopping cart with manuals and Intel ship it out to you free.

moo

ianw@lime:~$ apt-get moo
         (__)
         (oo)
   /------\/
  / |    ||
 *  /\---/\
    ~~   ~~
...."Have you mooed today?"...

huh?

Zeller's Congruence

Here's one for your junkcode if you haven't already come across it (maybe I'm the only one). Zeller's Congruence (or rule, or algorithm, or ...) allows you to find the day of the week for any given date. Most people would probably use mktime(), but it recently came up on a glibc list where a guy was doing millions of calls; it can get pretty slow.

If you're keen, there is an explanation of how to derive (one version of) it. The most trouble free version I could find looks like

/* Zeller's Congruence to determine day of week */
int get_dayofweek(int date)
{

 int d = date % 100;
 int m = (date % 10000) / 100;
 int y = date / 10000;

 if (m < 3)
 {
     m = m + 12 ;
     y = y - 1;
 }

 return ((2 + d + (13*m-2)/5 + y + y/4 - y/100 + y/400) % 7);

}

int main(void)
{

    /* my birthday */
    int bday = get_dayofweek(19800110);
    char *d;

    switch(bday)
    {
    case 0:
        d = "Sunday";
        break;
    case 1:
        d = "Monday";
        break;
    case 2:
        d = "Tuesday";
        break;
    case 3:
        d = "Wednesday";
        break;
    case 4:
        d = "Thursday";
        break;
    case 5:
        d = "Friday";
        break;
    case 6:
        d = "Saturday";
        break;
    }

    printf("%s\n", d);
}

So it looks like I was born on a Thursday. Cool!

Jonathan Schwartz really is a funny guy

We can only hope he was joking suggesting Apple should move to Solaris on x86-64. I'm not sure how SPARC counts as a "volume platform" (whatever that means); maybe his spell checker accidently replaced a mis-spelling of "vacuum" platform, since everything I've read suggests their market is shrinking.

All will be revealed at the keynote, and no one cares what I think. But here's an alternative.

Dear Steve,

Your experiments with Darwin have hopefully started to show you how innovative systems architectures can provide better performance, security and stability.

We've recently shown that Itanium is an excellent architecture for implementing these systems. Why not have a look at some of the latest generation systems and we'll build something that is ready to push us forward for another twenty years or so.

If people think Xen is cool, wait till they see what you'll be able to do. And how much faster and cleaner you'll do it. Oh, and just like SPARC we can switch between big and little endian mode. Better still, the technology exists to run those PowerPC binaries directly. Not only that; we're a first class target for Linux development which means you've got an ecosystem to grow in. As you might say yourself ... "think about it"!

Spectral Analysis of Network Traffic

Professor John Heidemann - Information Sciences Institute University of Southern California

Spectral analysis can help to find information in any sort of periodic data. Some network traffic has periodic data to it; for example a 100Mb connection with 1500MTU should be sending out packets at 7600Hz.

John's group have been looking into a few different areas.

Classification of DOS attacks between single and multiple attackers is possible. Each attacker is sending with a specific frequency. As you add attackers who are slightly out of sync you you tend to see lower frequencies on the FFT graph become more prominent. Musicians would know this from when two notes are slightly out of tune you will hear 'beats' where the two waves re-enforce. Their work was quite reliably able to classify attacks into single or multiple attackers.

To defeat this attackers would either need to be in sync, which entails global clocks, etc, or to vary the packet rate (you need quite a variety of rate to defeat their heuristics). If you are varying the rate then by definition you are not sending as fast as you can, so there may be some benefit there.

Fingerprinting attacks is also possible. They divide up traffic into segments and keep mean and covariance of the frequencies seen in each segment. You can particularly identify "troops" of people attacking you from these fingerprints. This can be useful for reporting cybercrime, as you need to show you are being targeted. Again defeating fingerprinting means varying your frequencies. The limits are one of network limiting, host limiting and tool limiting. Most attacks don't limit themselves, or give a predictable limiting fingerprint. They are usually written badly so are host limited (i.e. they do so much work sending a packet they can't saturate the link). These fingerprints could be detected under with a range background cross-traffic.

Performance analysis is another area the group has started looking into. The main benefit of using spectral analysis is you don't need to analyse individual data flows and the analysis is stateless. You can see where things are network limited by, for example, looking for spikes around 7600Hz on a 100Mb network. You do need to be careful with the FFT windowing to make sure you are seeing decent results.

Questions Do fingerprints look the same when being attacked from LA as from New York, for example? This is an area for future research. Have they studied wireless networks? No, but others are using these techniques. Could you use a vector of packet sizes and do the FFT on that, ameliorating some of the problems with fuzz at different packet sizes? That is possible area for future research. Should networking students take signal processing courses? Maybe!

apps arch badcode c code debian general gnome hacks hosting humor junkcode linux music openstack personal python review talks tips toys web weblog