Posted by: Airtower | 2015-07-13

NSA Admins and Privacy

While reading through an Intercept article on the NSA’s XKEYSCORE program (simply put: a search engine for data captured by the NSA), I came across this gem:

When systems administrators log into XKEYSCORE servers to configure them, they appear to use a shared account, under the name “oper.” Adams notes, “That means that changes made by an administrator cannot be logged.” If one administrator does something malicious on an XKEYSCORE server using the “oper” user, it’s possible that the digital trail of what was done wouldn’t lead back to the administrator, since multiple operators use the account.

Behind the Curtain, The Intercept, 2015-07-02

It’s common knowledge that shared accounts are extremely bad practice from a security standpoint. It’s difficult to revoke access for a specific person without causing a fuss for everyone else, or attribute actions to a specific person. And that’s exactly why I would want a shared administrator account if I wanted to avoid responsibility. “Someone ran an illegal query? Wasn’t me, and you can’t prove otherwise!” See, NSA admins know about privacy… They’re just selective about who should have it.🙄

Posted by: Airtower | 2015-01-01

Matsushima Watercolor For New Year’s

Red sun rising over the islands of Matsushima

Happy New Year!

This watercolor painting is based on a photo (see below) I took when I went to Matsushima to see the first sunrise of the year four years ago. The original is 24 by 17 cm, and has been created with watercolor pencils.

A tree and some bushes in the foreground, islands in the middle and a lot of light to the right

Posted by: Airtower | 2014-10-28

New in Java 8: Catching Integer Overflows

I’ve recently discovered a nice new feature in Java 8: methods to properly handle integer overflows. Consider the following example:

public class OverflowTest
{
	public static void main(String[] args)
	{
		int a = Integer.MAX_VALUE;
		int b = 1;

		int c = a + b;
		System.out.println(a + " + " + b + " = " + c);
	}
}

When you compile and run it, this is the result:

$ javac OverflowTest.java
$ java OverflowTest
2147483647 + 1 = -2147483648

Quite obviously, this can’t be mathematically right. The problem occurs because an int has a limited size of 4 byte. When this size is too small to store a number, the value will overflow and wrap around from the largest to the smallest possible value (or vice versa if the number is too small).

If you wanted to catch possible overflows in previous Java versions, you had to write your own checks. In Java 8, java.lang.Math offers new methods that will take care of that for you.

public class OverflowTest
{
	public static void main(String[] args)
	{
		int a = Integer.MAX_VALUE;
		int b = 1;

		int c = Math.addExact(a, b);
		System.out.println(a + " + " + b + " = " + c);
	}
}
$ javac OverflowTest.java
$ java OverflowTest
Exception in thread "main" java.lang.ArithmeticException: integer overflow
	at java.lang.Math.addExact(Math.java:790)
	at OverflowTest.main(OverflowTest.java:8)

If an overflow occurs, Math.addExcact(int,int) throws an ArithmeticException, which you can catch and handle. Similar methods exist for other operations and the long type. What to do in case of an exception depends on your application, and may be quite complicated. This post is just about mentioning these shiny new methods.😉

Anyway, if I want to print the correct result in my example, I can simply fall back to long. At 8 bytes length it can definitely store the result of adding two ints. Note that I have to cast at least one summand to long before adding them, or the intermediate result would still be an int and overflow.

public class OverflowTest
{
	public static void main(String[] args)
	{
		int a = Integer.MAX_VALUE;
		int b = Integer.MAX_VALUE;

		try
		{
			int c = Math.addExact(a, b);
			System.out.println(a + " + " + b + " = " + c);
		}
		catch (ArithmeticException ex)
		{
			System.err.println("int is too small, falling back to long.");
			long c = (long) a + (long) b;
			System.out.println(a + " + " + b + " = " + c);
		}
	}
}
$ javac OverflowTest.java
$ java OverflowTest
int is too small, falling back to long.
2147483647 + 2147483647 = 4294967294

If you need a way to handle numbers of (almost) unlimited length, take a look at java.math.BigInteger. Also note that catching possible overflows influences performance, so using *Exact everywhere instead of simple operators is probably a bad idea. Anyway, this is not one of the biggest news in Java 8 (lambda expressions!), but I think it’s neat, and also about the right scope for a quick blog post.😀

Posted by: Airtower | 2014-05-25

Peculiar Ethernet Timings

Have you ever tried sending one Ethernet packet every 78 microseconds? If not, what would you expect to happen? Actually, I did that kind of experiment (and many others) last year in my graduation thesis “Development of a Scalable and Distributed System for Precise Performance Analysis of Communication Networks“, which is now published. For the thesis I developed a system called the Lightweight Universal Network Analyzer (LUNA), which can generate packets at precise times and record their arrival times, among other things. When I tested it on different hardware, I got some surprising results, as you can see in the figure below.

Graphs of IAT Distributions with Different Ethernet Hardware

IAT distributions from tests with 78 μs IST (Figure 8.12)

The diagram shows packet inter arrival times (IAT) on the x-axis. I had configured the packet source to send a packet every 78 microsecond, and the IAT measurement shows at which intervals they actually arrived. The y-axis shows how frequently a certain IAT occurred, note that it has a logarithmic scale. The differently colored curves are from different measurements:

  • The measurement for the red curve was done between two hosts equipped with Realtek RTL8111/8168B Gigabit Ethernet controllers,
  • the cyan one between two hosts with Intel Gigabit Ethernet controllers (82567LF and 82579LM, to be precise),
  • and the dark blue one via the loopback interface on one of the hosts for reference.

The hosts were sufficiently similar in processing power (for details, see chapter 8 of the thesis).

The loopback measurement looks as expected, with a strong peak at 78 µs IAT and a packets distributed around it. In both measurements with real hardware some packets were transmitted in rapid succession, probably after some of them were stalled. The really interesting thing, however, is the different behavior at and above the intended IAT. The measurement with Intel hardware led to a peak around 78 µs, although much wider than the loopback one. Using the Realtek cards, almost no packet arrived with the intended intervals, instead, there is a very wide peak around approximately 250 µs. All three measurements showed average IATs of 77 µs, though.

If you now think that the Intel hardware followed the timing pattern created by the software much better, well, it’s not that easy. Yes, the distribution looks more like the one I wanted, but the maximum deviation from the intended inter arrival time was actually much larger. For the red curve, representing the measurement with Realtek hardware, the rightmost signal (328 µs IAT) in the graph is indeed the maximum deviation. The largest IAT recorded in the Intel measurement, however, was 1922 µs. These outliers are not shown in the figure because otherwise the peaks would be very difficult to distinguish. You can find the detailed numbers in Table 8.8 in the thesis.

The hardware for this experiment was essentially just what was available at the lab.😉 Nonetheless the results show that networking hardware can have an impressive impact on the timing behavior of packet transmissions. I’d really like to see some studies on other devices! Also, it may be interesting to check in what part the difference is caused by the hardware itself, and what influence the hardware drivers have on the results.

Posted by: Airtower | 2014-03-18

About to Leave Japan

About to Leave Japan

I’m at Centrair Airport, about to board the plane back to Germany. I had a great time in Ise and a few other places around Japan. So long, and thanks for everything! I’ll be back.😉

Posted by: Airtower | 2014-03-15

Quick Update on Kyūbunhama

Sorry to jump from sightseeing in Ise to a serious topic so suddenly, but I’m in Sendai right now, just got back from dinner with friends from the time I spent here as an exchange student, and one of them is the coordinator of the volunteer work I participated in after the tsunami in 2011. Of course, I used the opportunity to ask her about the current situation in Kyūbunhama and the surrounding area.

Heavy machines flattening ground

The gist of what she told me is this: People live mostly in temporary housing, while higher ground is being prepared for permanent buildings. In some places construction of permanent homes might start this year, but she didn’t seem sure about that. Life in the temporary buildings brings some troubles, including lack of space and bad insulation, leading to cold homes in winter and hot ones in summer. A big social issue is that existing neighborhoods have been broken up, which means that people — especially older people — are at risk of getting socially isolated.

They currently try to help by offering tea time with everyone who wants to come to give people an opportunity to talk, and distributing vegetables (I assume to encourage healthy eating, or maybe just to be nice).

Posted by: Airtower | 2014-03-13

Presentation on “Ise and Japan” Experience

Today is the second to last day of the “Ise and Japan” study program at Kogakkan University, and every participant was asked to give a presentation on a topic related to the program. I decided to choose “神仏習合”, or “Shinto-Buddhist syncretism”, because that was the most surprising thing I learned during the program.

Read More…

Posted by: Airtower | 2014-03-12

Tsukemono Factory

Monday (March 10) after lunch, we took a train to 明野 (Akeno), a more rural part of Ise, and visited 林商店 (Hayashi-shōten), a company that makes 伊勢沢庵 (Ise-takuan, Ise style pickled daikon radish) and other 漬物 (tsukemono, Japanese pickled vegetables).

Storage shed in between fields

Inside this shed, tsukemono are ripening in big barrels. Well, some in small barrels, but the big ones are more impressive.😉

Read More…

Posted by: Airtower | 2014-03-11

Yasaka-jinja (Kyoto, Part 2)

After visiting the Nō theater on Sunday morning, we went on to 八坂神社 (Yasaka-jinja), a large shrine in Kyoto’s famous Gion area.

Large red and white temple gate above wide stairs

Entrance gate to 八坂神社 (Yasaka-jinja)

The shrine looks kind of unusual at first glance: Its buildings resemble Buddhist temples, and the entrance we used even has a temple style gate instead of a torii. There are torii inside the shrine and the way we used to exit has one too, but that is still unusual.

Read More…

Posted by: Airtower | 2014-03-11

A Lesson in Noh (Kyoto, Part 1)

On Sunday morning (March 9) we went from our Hotel in Kyoto to 河村能楽堂 (Kawamura Nōgakudō), a 能 (Nō, often written as Noh) theater. Nō has a long tradition since its initial development about 600 years ago, and with its frequent use of music and dance it can be seen as traditional Japanese musical.

Actor in mask and blue/gold robe wielding a naginta on a Nō stage

The Ghost of Tomomori

Read More…

Older Posts »

Categories