802.11i (ie. WPA2) finalized

Looks like the IEEE has finalized the 802.11i standard for wireless security. This is good news. WPA with 802.1x authentication is good, but 802.11i with AES encryption is better.

I first heard about this over at at Slashdot but they only linked to this article that’s rather light on details.

I did some searching and came up with a few links that have some more detail:

• This PDF has a lot of detail about how AES is used in 802.11i.
• This PDF from the Wifi Alliance has a little bit of information about 802.11i, which they call WPA2, near the end of the document.
• This PDF is from a NIST workshop. Looks like it was make from someone’s Powerpoint slides.

I’d love to see the whole standard, but if I understand this page over at the IEEE.org site correctly, IEEE 802 standards aren’t available to the public until 6 months after they are published. Damn!

I certainly haven’t had time to digest all the information in these PDF’s. I’m not an expert on encryption or security protocols and some of these PDF’s are pretty technical, so I’m sure it’ll take me a while just to read through these.

If anyone reading this has links to any other documentation on 802.11i, please email me the URL and I’ll share it on this page. I’d like to learn more about 802.11i, and I think I might need all the help I can get to do so.

OSX GUI/Unix integration

I found these great OSX tips over at this site.

The open command allows you to open files and directories directly from the shell. If you open an HTML file it will open in the default browser, if you open a directory it will open in the Finder.

Use drag-and-drop from the Finder to a Terminal window to have the Terminal paste the full path to the file into the command line at the point where your cursor is.

The pbcopy / pbpaste commands allow you to copy to or from the system clipboard to or from pipes on the command line. This means that you can exchange data between GUI applications and command line tools in both directions.

For example, if you copy some amount of text in a word processor to the clipboard and you would like to know quickly how many words, lines and characters are in the text you copied, you can use the UNIX wc command to do the statistics:

pbpaste | wc

Another example: Check if a snippet of XML code, which you edit in a GUI program like BBEdit and copy to the clibpord, is well-formed by piping it to the xmllint program:

pbpaste | xmllint –noout -

This kind of communication also works the other way around; If you want copy a list all files in your Pictures folder:

ls ~/Pictures | pbcopy

Also note the tip regarding the bbedit command line tool above.

As always, the man command is your friend. Just type man followed by the command you’re interested in to get more information.

This is cool! I never knew you could pipe between the command line and the clipboard!

Network traffic generator.

I’ve trying to test some Cisco IOS Quality of Service (QOS) configurations in the lab. Our exiting test technique has consisted of primitive measures like; start two ftps and a telnet session, test subjectively the responsiveness of the telnet. Obviously this is less than ideal, so I wanted to find a good traffic generator and some means of measuring jitter, loss, bps, pps, etc.

My first idea for a traffic generator was good old NetCat. NetCat is a hell of useful tool, but I quickly realized I really needed something that could generate more than one flow at a time, and that would allow me to control the speed of the flow.

I googled for traffic generators of course, but most of the ones I found could only do UDP. To properly test WRED and FRED configurations, I really needed something that’d be able to generate UDP or TCP traffic.

I think I’ve finally found the program I’ve been looking for. It’s called D-ITG (Distributed Internet Traffic Generator) and it seems pretty good so far. It consists of four programs, a traffic generator, a traffic receiver, a log server, and a log decoder.

For each traffic flow, you can specify destination address, destination port, protocol (tcp,udp, icmp), DS byte, pkts per second, pkt size, etc. The traffic generator can read in a script file. Each line of the script file defines the characteristics of a different traffic flow. Traffic is sent from the generator to one or more hosts running the receiver application. Both the generator and receiver can log information to local log files, or to the remote log server. Either way, the log files produced are in some kind of binary format. You have to use the decoder to read it.

The decoder produces a nice summary that looks like this:

---------------------------------------------------------------
Flow Id : 3
---------------------------------------------------------------
From      192.168.2.2:32769  ---> To       192.168.3.2:25

Total time          = 9.318654 sec
Total packet        = 478
Max delay           = 1305.456000 msec
Min delay           = 1.457000 msec
Average delay       = 1105.976447 msec
Average jitter      = 24.790557 msec
Delay variation     = 319.898237 msec
Byte received       = 61184
Average bitrate     = 52.526041 Kbps
Average packet rate = 51.294962 pkt/sec
packets dropped     = 559
---------------------------------------------------------------
---------------------------------------------------------------
Flow Id : 1
---------------------------------------------------------------
From      192.168.2.2:32879  ---> To       192.168.3.2:23

Total time          = 9.959863 sec
Total packet        = 200
Max delay           = 70.393000 msec
Min delay           = -0.419000 msec
Average delay       = 33.246315 msec
Average jitter      = 36.203322 msec
Delay variation     = 10.186839 msec
Byte received       = 25600
Average bitrate     = 20.562532 Kbps
Average packet rate = 20.080597 pkt/sec
packets dropped     = 0
---------------------------------------------------------------
---------------------------------------------------------------
Flow Id : 2
---------------------------------------------------------------
From      192.168.2.2:32880  ---> To       192.168.3.2:24

Total time          = 9.954186 sec
Total packet        = 200
Max delay           = 55.270000 msec
Min delay           = 8.130000 msec
Average delay       = 29.542540 msec
Average jitter      = 12.684859 msec
Delay variation     = 8.783441 msec
Byte received       = 25600
Average bitrate     = 20.574259 Kbps
Average packet rate = 20.092050 pkt/sec
packets dropped     = 0
---------------------------------------------------------------
Total results
---------------------------------------------------------------
Total number of flows  = 3
Max delay              = 1305.456000 msec
Min delay              = -0.419000 msec
Average delay          = 616.417440 msec
Average jitter         = 24.575127 msec
Delay variation        = 584.943696 msec
Byte received          = 112384
Total time             = 9.318654 sec
Average bitrate        = 96.480887 Kbit/sec
Average packets rate   = 94.219616 pkts/sec
Packets dropped        = 559
Packets wrong          = 0
Total packets received = 878
---------------------------------------------------------------

Unfortunately, the documentation for D-ITG is pretty spartan, and the source code is mostly in Italian, so I haven’t been able to figure out how all of its options work. For example, you’re supposed to be able to output delay, jitter, bitrate,and packet rate information on millisecond windows. But the output when you do that doesn’t have any kind of column numbers and I haven’t been able to make heads or tails of it.

Another weird problem.. To quit the log server you have to ctrl-c or kill it. But when I do, it apparently doesn’t close its socket correctly or something. When I try to restart it I frequently get errors that it’s unable to open a socket. The workaround I found is to leave the log server running all the time. The traffic generator can specify what file the log server should log to, so I just use a different log file for each test without restarting the log server. Took a while to figure that out…

Oh well, at least I can use it generate traffic.

Two cool unix utils

Found out about two great Unix utils from articles over at About Kim . The first is a standard Unix utility that I’ve never noticed before called “rename”. It lets you rename a group of files according to a pattern. I checked, and it’s included already on both OSX and Fedora, although I had to sudo -su to root first on OSX.

I can’t believe I’ve been using shell loops to do the same thing for all this time and never realized there was a standard command to do it. Judging from the comments to Kim’s post, I’m not the only one who failed to notice this one.

The other post I found really useful was about tcpreen. TCPreen is:

TCPreen is a simple tool to monitor and analyze data transmitted between clients and servers through connection-oriented streams data such as a TCP sessions; it supports TCP over either IPv4 or IPv6. This tool focuses on the data stream (software/socket layer), not on the lower level transmission protocol as packet sniffers do.

TCPreen listens on a TCP port and wait for incoming connections to come in. Then, it forwards data sent by the connecting client to another server port (possibly on another computer) and forwards server responses back to the client.

TCPreen can display data on your console in real-time and/or save it to log files for later reference. Various display formats are available.

While it was originally meant to help developers reverse-engineer TCP-based protocols, it can also be very useful to debug network server or client software or for a system administrator to monitor a TCP service

There have been several times in my career I could have really used that. I’m definately bookmarking that one.

Strange posting problem.

I’ve finally figured out the cause of a strange problem I’ve had posting to my blog. I write most of my posts on my PowerBook, then I rsync them over ssh to my server. The problem I’ve been having is that posts I write on my PowerBook haven’t been showing up immediately in Blosxom.

My first thought was that it must be a file ownership or permission problem. So I double checked the Unix permissions on the new post. They were fine. I was stumped by this for a few days *until* I noticed that the *time* on the new posts was about 10 or 20 minutes *ahead* of the time on my web server.

Ah hah! I had found the culprit at last. Blosxom, understandably, doesn’t display posts from the future.

To fix the problem, I installed NTPD on my server to keep the time always synchronized.

State machine macro for “The Swine Before Perl”

Update to the the previous post about Shriram Krishnamurthi’s scheme presentation. I found this post over at 80/20 that has the scheme source for the state machine macro talked about in “The Swine Before Perl”.

PLT Scheme

While reading Finding Lisp I saw an article about Shriram Krishnamurthi’s presentation “The Swine before Perl”. As a sometimes Perl programmer I was sure I’d be offended, but it was actually pretty cool. Shriram is one of the developers of PLT Scheme and the presentation is about how Scheme can be used for some of the “messy” problems, like text parsing, usually associated with Perl. Very enlightening.

Even more interesting, for me, was his mention of PLT Scheme’s continuation based servlet library. Like almost everyone on the net, I’ve been curious about continuation based web-apps ever since reading Paul Graham’s essay Beating the Averages. I’d been planning to look at Uncommon Web, but after taking a look at PLT Scheme, maybe I’ll just use that instead. Not only does it come with a continuations based web-app framework, but it comes with a fairly decent looking non-emacs development environment.

The only downside is that I’ve been reading books on Common Lisp. Scheme’s syntax seems *just* different enough that I think I may need to pick up a book on Scheme. Oh well, I guess I’ll start with Teach Yourself Scheme in Fixnum Days online.

Love Perl – Hate Perl

For the most part, I love Perl. I use it at work constantly to whip up little scripts to automate things, summarize things, etc. But sometimes it drives me crazy with it’s inconsistent syntax. An example:

To find the length of an array, you do:

scalar @array

or

$#array

But to find the length of a hash, you do:

scalar keys %hash

Sigh… just one minor example of the little gotcha’s that IMHO make it impossible to program in Perl without a reference manual.

Wikipedia

I have to admit, when Wikipedia first started I was skeptical that it would ever amount to anything useful.

Looking over it today, I’m forced to admit I was wrong. It’s pretty darn cool. There are a LOT of articles on a very wide variety of subjects. And, at least for those subjects I know anything about, the articles look to be pretty accurate.

Their page on Lisp is definitely one of the clearest, most concise description of Lisp that I’ve seen. I think I’m going to bookmark it to forward to friends and coworkers that ask me why I’m trying to learn Lisp. Or that ask what the hell Lisp is.

Why are there no good LISP IDE’s?

It seems like everyone on the net has been reading Paul Graham lately, and I’m no exception. I’ve been intrigued by his stories of how powerful a language LISP is, and how much it helped him in developing Viaweb.

Paul isn’t the only one singing the praises of Lisp, it’s easy to find plenty of other pages with similar praises for Lisp.

I’ve also seen some descriptions on the internet of some of the IDE’s on the old Lisp machines (see here for a video of someone using InterLisp-D, here for a in depth description of a LISP machine.)

My question is this: Why hasn’t the LISP community made any progress or, from what I can tell, any attempt at recreating the development environment of the old LISP machines? Instead everyone seems to be content using Emacs, but bitching about it a lot.

There is Jabberwocky which looks pretty nice, but it seems to be written in freaking Java!!

The Smalltalk community has done an awesome job, with Squeak Smalltalk, at not only re-creating *their* old IDE, but also improving on it significantly.

If LISP is indeed so powerful then it should be easy to write an IDE, right?