Showing posts with label Technology. Show all posts
Showing posts with label Technology. Show all posts
Monday, January 4, 2016
Ethernet MTU limits TCP MSS
TCP Maximum segment size (MSS) or payload in TCP packet is typically 1460 bytes only!
Length of IP packet is capped by 16 bytes field in IP header which itself is 20 bytes and so MTU for protocols on top of IP is = 2^16 - 20 = 65515 bytes and it is much larger than 1460 bytes.
TCP implementations want to use lowest mss that can avoid the packet fragmentation over the internet.
Maximum transfer unit (MTU) is the size of the largest payload a packet can contain after subtracting the header and other metadata information needed to transmit the payload.
Ethernet frame size is 1530 bytes, but ethernet MTU is only 1500 bytes. Payload is preceded by ethernet header and is followed by Frame check Sequence(FCS).
* preamble 7 bytes, start frame 1 byte
* header 14 to 18 bytes - source addr, dst addr, optional 802.1 vlan tag and payload type.
* FCS - 4 bytes.
Subtracting 20 bytes for IP header and 20 bytes for TCP header, 1500 - 40 = 1460 bytes.
References
* Ethernet frame
Friday, January 16, 2009
Firefox is not free!
See firefox snippet in Townhall meeting to announce the QDDR.
MS. GREENBERG: Okay. Our next question comes from Jim Finkle:
Can you please let the staff use an alternative web browser called Firefox? I just – (applause) – I just moved to the State Department from the National Geospatial Intelligence Agency and was surprised that State doesn’t use this browser. It was approved for the entire intelligence community, so I don’t understand why State can’t use it. It’s a much safer program. Thank you. (Applause.)
SECRETARY CLINTON: Well, apparently, there’s a lot of support for this suggestion. (Laughter.) I don’t know the answer. Pat, do you know the answer? (Laughter.)
UNDER SECRETARY KENNEDY: The answer is at the moment, it’s an expense question. We can --
QUESTION: It’s free. (Laughter.)
UNDER SECRETARY KENNEDY: Nothing is free. (Laughter.) It’s a question of the resources to manage multiple systems. It is something we’re looking at. And thanks to the Secretary, there is a significant increase in the 2010 budget request that’s pending for what is called the Capital Investment Fund, by which we fund our information technology operations. With the Secretary’s continuing pushing, we’re hoping to get that increase in the Capital Investment Fund. And with those additional resources, we will be able to add multiple programs to it.
Yes, you’re correct; it’s free, but it has to be administered, the patches have to be loaded. It may seem small, but when you’re running a worldwide operation and trying to push, as the Secretary rightly said, out FOBs and other devices, you’re caught in the terrible bind of triage of trying to get the most out that you can, but knowing you can’t do everything at once.
SECRETARY CLINTON: So we will try to move toward that. When the White House was putting together the stimulus package, we were able to get money that would be spent in the United States, which was the priority, for IT and upgrading our system and expanding its reach. And this is a very high priority for me, and we will continue to push the envelope on it. I mean, Pat is right that everything does come with some cost, but we will be looking to try to see if we can extend it as quickly as possible.
It raises another issue with me. If we’re spending money on things that are not productive and useful, let us know, because there are tens of thousands of people who are using systems and office supplies and all the rest of it. The more money we can save on stuff that is not cutting edge, the more resources we’ll have to shift to do things that will give us more tools. I mean, it sounds simplistic, but one of the most common suggestions on the sounding board was having better systems to utilize supplies, paper supplies – I mean, office supplies – and be more conscious of their purchasing and their using.
And it reminded me of what I occasionally sometimes do, which I call shopping in my closet, which means opening doors and seeing what I actually already have, which I really suggest to everybody, because it’s quite enlightening. (Laughter.) And so when you go to the store and you buy, let’s say, peanut butter and you don’t realize you’ve got two jars already at the back of the shelf – I mean, that sounds simplistic, but help us save money on stuff that we shouldn’t be wasting money on, and give us the chance to manage our resources to do more things like Firefox, okay?
Yeah.
MS. GREENBERG: Okay. Our next question comes from Jim Finkle:
Can you please let the staff use an alternative web browser called Firefox? I just – (applause) – I just moved to the State Department from the National Geospatial Intelligence Agency and was surprised that State doesn’t use this browser. It was approved for the entire intelligence community, so I don’t understand why State can’t use it. It’s a much safer program. Thank you. (Applause.)
SECRETARY CLINTON: Well, apparently, there’s a lot of support for this suggestion. (Laughter.) I don’t know the answer. Pat, do you know the answer? (Laughter.)
UNDER SECRETARY KENNEDY: The answer is at the moment, it’s an expense question. We can --
QUESTION: It’s free. (Laughter.)
UNDER SECRETARY KENNEDY: Nothing is free. (Laughter.) It’s a question of the resources to manage multiple systems. It is something we’re looking at. And thanks to the Secretary, there is a significant increase in the 2010 budget request that’s pending for what is called the Capital Investment Fund, by which we fund our information technology operations. With the Secretary’s continuing pushing, we’re hoping to get that increase in the Capital Investment Fund. And with those additional resources, we will be able to add multiple programs to it.
Yes, you’re correct; it’s free, but it has to be administered, the patches have to be loaded. It may seem small, but when you’re running a worldwide operation and trying to push, as the Secretary rightly said, out FOBs and other devices, you’re caught in the terrible bind of triage of trying to get the most out that you can, but knowing you can’t do everything at once.
SECRETARY CLINTON: So we will try to move toward that. When the White House was putting together the stimulus package, we were able to get money that would be spent in the United States, which was the priority, for IT and upgrading our system and expanding its reach. And this is a very high priority for me, and we will continue to push the envelope on it. I mean, Pat is right that everything does come with some cost, but we will be looking to try to see if we can extend it as quickly as possible.
It raises another issue with me. If we’re spending money on things that are not productive and useful, let us know, because there are tens of thousands of people who are using systems and office supplies and all the rest of it. The more money we can save on stuff that is not cutting edge, the more resources we’ll have to shift to do things that will give us more tools. I mean, it sounds simplistic, but one of the most common suggestions on the sounding board was having better systems to utilize supplies, paper supplies – I mean, office supplies – and be more conscious of their purchasing and their using.
And it reminded me of what I occasionally sometimes do, which I call shopping in my closet, which means opening doors and seeing what I actually already have, which I really suggest to everybody, because it’s quite enlightening. (Laughter.) And so when you go to the store and you buy, let’s say, peanut butter and you don’t realize you’ve got two jars already at the back of the shelf – I mean, that sounds simplistic, but help us save money on stuff that we shouldn’t be wasting money on, and give us the chance to manage our resources to do more things like Firefox, okay?
Yeah.
Saturday, August 30, 2008
Video broadcast formats
It is hard to remember and keep track of various media/formats for video. Now a friend of mine gave this link, I see apple's nice page for broadcast formats. As more and more video formats are introduced every year, it is one year old but useful.
Tuesday, August 26, 2008
Flash internals, security and inside look
SWF (Shockwave video files) and FLA (flash video files) are every where now. Adobe/Macromedia provides good software, but was also smart to get their plugins on all most all computers by default now. Most websites are designed in flash format. See flash file internals for the file format and details.
However if I want to do any thing sophisticated like dynamic changes to images or movies, I have no control. The reason claimed is security and sandbox. Well, it is secure (not completely though, see flash problems) from browsing point of view assuming that providers are really careful and not harmful to users. It is very difficult to create secure movies (with no breaches on user computer). Coming to why I looked at flash internals, it is equally difficult for creating private(with ownership and secrecy) flash videos. Solution is not going to some other apple or microsoft technologies, but to have open and secure protocol so that others can extend. It is proprietary and there is no way other than waiting for Adobe to come up with secure extensions.
I see announcements about their new protocol RTMP recently. Common sense says it is no more secure than obscure. It just seems business strategy to keep people locked for some more time and also to buy their new servers. We either need alternatives like open source or corporates with open standard protocols like HTTP and RTSP.
However if I want to do any thing sophisticated like dynamic changes to images or movies, I have no control. The reason claimed is security and sandbox. Well, it is secure (not completely though, see flash problems) from browsing point of view assuming that providers are really careful and not harmful to users. It is very difficult to create secure movies (with no breaches on user computer). Coming to why I looked at flash internals, it is equally difficult for creating private(with ownership and secrecy) flash videos. Solution is not going to some other apple or microsoft technologies, but to have open and secure protocol so that others can extend. It is proprietary and there is no way other than waiting for Adobe to come up with secure extensions.
I see announcements about their new protocol RTMP recently. Common sense says it is no more secure than obscure. It just seems business strategy to keep people locked for some more time and also to buy their new servers. We either need alternatives like open source or corporates with open standard protocols like HTTP and RTSP.
Monday, August 25, 2008
Same origin policy
After reading all those cross domain attacks, I was wondering how the browsers are protecting naive user from the cross domain manipulated page displays from scripts. The reason it works is because all browsers follow same origin policy. The same origin policy prevents document or script loaded from one origin from getting or setting properties of a document from a different origin.
More details on single origin policy on google help pages.
More details on single origin policy on google help pages.
Wednesday, August 13, 2008
Flash cookies - good and bad
I delete my cookies once a month or so. I do not care my session experience for more than month, and also my tastes change over the time. I am watching Olympics and visit sports website frequently now a days, but I do not want to see any ads and popup ads for fitness in coming weeks or after month. I deleted cookies, and visited some other website. I got similar ads after deleting cookies.
It is sure that both the websites are using same advertising company. However there can only be two reasons why I got the same ad. That advertiser has nothing else to show, or he tracked my behavior even after my cookies are cleared. So I did little research and found that there are some other cookies allowed by flash which comes installed in all browsers as part of Adobe's business partnership with HP and Dell computers.
Those cookies may be giving me better user experience in filling forms or giving contextual user experience, but why did it allow the tracking websites without telling me? That is also 100KB per website compared to 4KB browser cookies. Some bloggers were even saying that some websites are using flash cookies and restoring regular cookies from them, since most users are deleting regular cookies. I am not sure how much truth is in those fears, but I deleted all my old websites and allowed only few trusted sites like youtube, amazon and google. I googled around and found that I can change my settings.
Visit the control panel for flash related global storage settings and set the limits or disable all websites to save some information.
Visit the page
Controlling storage for visited websites and see the websites that have already have saved information, delete the ones you do not want or delete all.
Sources:
Flash cookies explained
Local Shared Objects
Local Shared Objects(LSOs) details from wikipedia
Webserver cookies threaten privacy
It is sure that both the websites are using same advertising company. However there can only be two reasons why I got the same ad. That advertiser has nothing else to show, or he tracked my behavior even after my cookies are cleared. So I did little research and found that there are some other cookies allowed by flash which comes installed in all browsers as part of Adobe's business partnership with HP and Dell computers.
Those cookies may be giving me better user experience in filling forms or giving contextual user experience, but why did it allow the tracking websites without telling me? That is also 100KB per website compared to 4KB browser cookies. Some bloggers were even saying that some websites are using flash cookies and restoring regular cookies from them, since most users are deleting regular cookies. I am not sure how much truth is in those fears, but I deleted all my old websites and allowed only few trusted sites like youtube, amazon and google. I googled around and found that I can change my settings.
Visit the control panel for flash related global storage settings and set the limits or disable all websites to save some information.
Visit the page
Controlling storage for visited websites and see the websites that have already have saved information, delete the ones you do not want or delete all.
Sources:
Flash cookies explained
Local Shared Objects
Local Shared Objects(LSOs) details from wikipedia
Webserver cookies threaten privacy
Friday, August 8, 2008
netcat useful examples
a. Transferring file between machines using client and server mode
server machine:
$ cat myfile | nc -l 9898
$client machine:
nc serverip 9898 > myfile
b. Port scanning
$ nc -z 192.168.0.1 80-90
c. Connecting a webserver
$ echo -e "GET http://www.google.com HTTP/1.0\n\n" | nc www.google.com 80
d. TCP proxy logging everything between server and client
$ mknod backpipe p
$ nc -l -p 80 0<backpipe | tee -a inflow | nc localhost 81 | tee -a outflow 1>backpipe
e. remote shell
$ nc -l -p 9898 -e /bin/bash
f. Chat application
my machine
$ netcat -l -p 9898
your machine
$ nc mymachine 9898
References:
http://www.stearns.org/doc/nc-intro.current.html
http://www.g-loaded.eu/2006/11/06/netcat-a-couple-of-useful-examples/
server machine:
$ cat myfile | nc -l 9898
$client machine:
nc serverip 9898 > myfile
b. Port scanning
$ nc -z 192.168.0.1 80-90
c. Connecting a webserver
$ echo -e "GET http://www.google.com HTTP/1.0\n\n" | nc www.google.com 80
d. TCP proxy logging everything between server and client
$ mknod backpipe p
$ nc -l -p 80 0<backpipe | tee -a inflow | nc localhost 81 | tee -a outflow 1>backpipe
e. remote shell
$ nc -l -p 9898 -e /bin/bash
f. Chat application
my machine
$ netcat -l -p 9898
your machine
$ nc mymachine 9898
References:
http://www.stearns.org/doc/nc-intro.current.html
http://www.g-loaded.eu/2006/11/06/netcat-a-couple-of-useful-examples/
Wednesday, December 12, 2007
Shell script code
See Advanced bash scripting guide by Mendal Cooper. In reality, it is simple enough document so that beginners can start.
Things that I recollected today is special exit codes, 1 - catchall for general errors, 126 - command invoked can not execute, permission denied or command can not execute, 127 - command not found, 128 + n - signal number recieved, 255 - exit status out of range.
$ let var=1/0
bash: let: var=1/0: division by 0 (error token is "0")
$echo $?
1
$./directoryname
bash: ./directory: is a directory
$ echo $?
126
$ unknowncommand
bash: unknowncommand: command not found
$ echo $?
127
$ vim somefile
ctrl-z
[1]+ Stopped vim
echo $?
148
Things that I recollected today is special exit codes, 1 - catchall for general errors, 126 - command invoked can not execute, permission denied or command can not execute, 127 - command not found, 128 + n - signal number recieved, 255 - exit status out of range.
$ let var=1/0
bash: let: var=1/0: division by 0 (error token is "0")
$echo $?
1
$./directoryname
bash: ./directory: is a directory
$ echo $?
126
$ unknowncommand
bash: unknowncommand: command not found
$ echo $?
127
$ vim somefile
ctrl-z
[1]+ Stopped vim
echo $?
148
Monday, December 3, 2007
Tuesday, November 6, 2007
Security Tokens
Authorizing systems are of three types, a. what you have (e.g. Identity card) b. What you know (e.g. password) and c. what you are (e.g. Iris patterns).
- From a book I read in library recently.
- From a book I read in library recently.
Subscribe to:
Posts (Atom)
Posts
