Yesterday I read a white paper on something called the Ingate SIParator. I bet whoever came up with that title chuckled for half an hour, thinking he was oh-so-clever. To quote the white paper itself, the SIParator is a firewall specifically for SIP traffic. (SIP - Session Initiation Protocol - is a protocol for initiating media sessions; Voice over IP, video, music, etc. It acts as a wrapper around SDP, which in turn often intiates RTP traffic.) The SIParator is an addon to a company’s existing firewall, which will analyze SIP traffic and correctly convert the external and internal addresses, as well as provide security features against known SIP spoofing methods. It does sound like an excellent product for allowing VoIP in enterprise and company networks, but I’m still not very happy with products like this.
Let’s start at the beginning… NAT and firewall traversal is a major issue these days. Here’s a good summary of the problem, and here are some papers on NAT traversal in combination with SIP. While I’m professionally interested in the SIP and VoIP problem, I’m not overly concerned about this particular issue; after all, there are many products available for solving this. The real problem lies with home users.
Almost everyone has a router of some sort at home; a DSL router, a WLAN router and so on, and the vast majority use internal LAN IP addresses which are translated to the external IP address inside the router. (That’s the NAT part - Network Address Translation.) The main problem with NAT is incoming traffic: how can a router know where to direct an incoming request when several computers share the same external IP? The answer is of course that it’s not possible. IPv4 has a limited amount of addresses, and specific LAN address ranges are necessary. The only simple solution to this is to configure the router so that it directs requests to certain ports to certain LAN computers. This works well for static servers and such, but is a total pain in the nether regions of the back for other applications like games and peer to peer software.
Oh, and there’s another part of the NAT traversal problem as well: protocols that carry IP addresses inside their payload cause a crapload of problems, as they also need translating. But thinking about solutions to this is just depressing, so I’m ignoring that.
Instead, I’ve been looking at some solutions to the basic NAT problem. There’s of course STUN for UDP traffic - but that one has problems, since it won’t work on all NAT implementations. UPnP is another proposed solution to this, used in Gaim for example; but UPnP’s not exactly wide-spread and supported in all cases. Other solutions like TURN include proxies of various kinds, but that’s not exactly feasible for a hobby developer - or even for most companies, due to the relatively unnecessary extra cost of a dedicated server.
The only reasonable solution for an independent developer seems to be a combination of the proxy idea and UDP punching methods. One such UDP traversal method seems to be used by the nat-traverse package; it uses garbage UDP packets to establish NAT entries, and then uses UDP for the actual traffic. This ought to work very well since NAT implementations need to have a relatively long timeout - 30 minutes is the standard on some NATs - since UDP is stateless.
Theoretically, the following ought to work and requires nothing more than a webserver:
- A client sends an HTTP request to a known server, indicating that it wants to connect to another client for a game or a transfer or something.
- The server has a PHP script that processes the request, and places it in a pool of clients waiting for a game/transfer/whatever - possibly with their desired destination client specified as well. The server responds with a “yo, keep it up” message.
- The client repeatedly sends HTTP requests to show that it’s ready. Once the PHP script determines that there’s a match in the pool, it responds with a “yo, here’s your destination’s IP and port” message. This means unnecessary traffic, but possibly affordable if there’s not much data.
- The clients (who hopefully both have received responses with IP/port) start sending 10 garbage UDP packets.
- Allow for some delay and possible delivery problems: resend if no connection is established the first time. A maximum of five attempt sequences ought to be enough.
- If the connection is established, data UDP packets can be sent.
Now all I need is time to implement my various multiplayer game ideas. Dammit, I knew I forgot something!
I sometimes call myself an ambitious slacker; that descriptions seems to fit rather well. After all, I keep myself busy with a heap of projects even if I like to slack off and just spend a week drinking beer while watching anime as well. At the moment I’m feeling rather ambitious, though.
A little while ago I wrote a wee thesis on Lexical-Functional Grammar which enabled me to finally get a degree of sorts. Granted, it’s just a B.A. in Computer Science, so I still fall short compared to everyone I know who’s getting a PhD. It seems to be the fashionable thing to do - everyone’s doing it! Even my sister. The bitch! Well, my ambition has won over my slackiness, and I’ve decided to look into upgrading this degree of mine. Here’s my plan:
- Find an interesting project for a Master’s thesis.
- Write the thesis in my spare time while I’m working.
- Get a Master.
- …
- Profit!
The third point sounds rather kinky, taken out of context. But yeah, I’m working on the first point right now, and I have two ideas:
- I could continue my work with the LFG parser; I have an interesting idea for using case-based reasoning to improve context-free parsing, and it might be adequate for a Master’s thesis.
- Or, I could make an improved version of WinCandide - a program for handling face models. Go check out that link to see more information about the program. (And if you spontaneously think of any desperately needed features, feel free to let me know!)
I really like the first idea, but that would mean a damn lot of work, and I’d have to find a supervisor, and I’d have to discuss my idea to and fro to see if it’s feasible at all, and I’d have to find a suitable grammar, and and and…
The other option is the one I’m leaning toward right now, out of laziness. The project is offered as a possible Master’s thesis and it oughtn’t be all that difficult. Sounds great! If all goes well when I meet up with the supervisor I’ll probably go for this one.
I hope this irrelevant post about my personal life isn’t the beginning of a trend. I’ll have to find something interesting to rant about one of these days.
Yesterday I was reading up a bit on what I’ve missed these last few weeks when I’ve been preoccupied; this included some blogs, some news sites, some forums and so on. I’ve come to the conclusion that nothing particularly exciting happens when I’m away. Anyway, one amusing thing I found was a thread on the Indiegamer forums: in short I can sum it up with “people generally don’t care about what you say unless they know you, or if you offer some evidence that your experiences matter.” This got me thinking about one of the main ideas of this li’l blog o’mine: I gladly flaunt my ideas and my opinions, but I want to keep my professional life completely separate from the blog.
Of course some things are apparent: I work with software development; I have an interest in WLAN technology; I do some low-level programming. And so on. But the rest ought to remain secret. Why?
One possible answer could be that I don’t want my employers to read my musings. That’s one of the things brought up in this meta-blog entry named Blogging Vs. Your Career. The blog mentions a lot more, and goes on to quote a list of dos and don’ts from Intuit’s Scott K. Wilder. Some of these are rather amusing - for example:
Do not post anything you would be embarrassed to see on the front page of the Wall Street Journal
Well. I honestly can’t say that I’ve seen all that many blog posts that look like they belong in the Wall Street Journal. In fact, I think it’s safe to say that the vast majority of blogs have nothing to do in a printed paper - because they’re written by laymen for laymen, and most of the time also by subjective laymen for bored laymen looking for a way to waste five minutes. That’s why we have this wonderful brand of people called journalists who write the printed articles instead.
Anyhoo, the reason I found the blog entry at all was through this blog that I saw on Technorati. I really don’t know what to make of aforementioned blog entry. This Dan Farber kindly quotes the Your Career post…but offers no additional information. No comments; no opinions; nothing more than a brief summary.
Why? Why did he post it at all? In theory, this post o’mine contains nothing new either - it’s all a rehash of other people’s thoughts covered with my generic opinions. But I make an attempt to have an opinion at least. What the hell? A blog entry that consists of 80% (give or take 20%) quotes from another one? I don’t get this compulsive repetition.
But I digress. To sum things up: no, I don’t keep quiet of my work details because of any fear of my employers; I’m relatively confident that I can stand for everything I write. There’s a much greater risk at stake: something that’s also mentioned in the list of dos and don’ts:
Do not post confidential client data
It’s not like I work for the NSA or anything, but I’d feel horrible if I accidentally posted confidential information that led to any kind of problem. And that’s way easier done than one can imagine. A nurse in Sweden recently posted about a patient on an online forum. Of course she tried to make him anonymous: she didn’t mention any names and so on. But the age, the location and the disease was enough for another forum member to guess who it was - which in turn led to a whole truckful of excrement for the nurse in question, once this leak of confidential data was brought to the hospital’s knowledge.
A year ago I accidentally gave out classified information to one person; I’ll be damned if I make the same mistake twice - and on a public blog for that matter!
Sweden has a long tradition of being ruled by left-wing parties, except for a few conservative outbursts now and then. (For the non-Swedes: we are technically a monarchy, but we’re ruled by a government. Our king has other noble tasks keeping him busy - like giving unimpressive speeches, and hiding whenever the question whether or not we need a king arises.) This fall we’re looking at an interesting election: to my layman eyes it appears that the socialist party will have to work pretty hard to remain in majority; siding with the leftish liberals will probably not be enough.
Oh, and just in case some Americans are reading and are wondering what kind of country has socialists and liberals in ruling positions, I have to unnerve them a bit more: US Democrats are about as right-wing as any of our parties. When we talk about socialist and liberal parties, it’s not just in comparison with ultra-right conservatives.
Either way, as interesting as this may or may not be, I have another point to all of this: today I read an article in which <em>Folkpartiet</em> (<em>The People’s Party</em>; yeah, I’m serious) , a rather conservative party here, discusses new demands for immigrants coming to Sweden. The main point seems to be that foreigners above the age of 16 and below the age of 55 are required to attend at least 300 hours of Swedish language education, if they are to remain in Sweden.
This is a very interesting proposition. Spontaneously I am inclined to support it; language is a vital key to fitting in in a society, and essential if immigrants are to become a part of the country itself instead of a segregated minority. But on the other hand there are way too many elements as it is in Sweden that are hostile to foreigners, and enforcing rules like this might give them involuntary support. After all, this might just be the beginning. If there are demands for attending classes, why not enforce language tests as well before they’re allowed in here? And why not cultural tests as well? And why not Swedish history? And why not demand that they all live in red cottages, have a Volvo and behave like good little secular Christians, just like everyone else? And why not demand that they all have fair hair and a whitish complexion?
The idea is ludicrous, of course: they only wish the best for the immigrants, and want them to integrate better. No ulterior motives exist, and it’s doubtful that any demands for cultural knowledge would ever be suggested or enforced. No matter how hard I try, I can’t find a serious fault with the idea.
Except for the fact that I almost unconditionally support diversity, and this is yet another step toward quenching the free spirit. I wish I knew what the immigrants themselves feel.
I guess I could ask my mother.
In the article, there were a few opposing comments; too bad that the people who offered them appear to be complete morons. Freely translated:
“I believe that Lars Leijonborg received his citizenship without being able to speak a single word Swedish - as a newborn. It was assumed that he would learn Swedish.”
Rhetoric bull-excrement from the Minister of Integration. He might have overlooked the fact that children pick up languages like horny teenagers pick up chlamydia, and the fact that this skill disappears in later years. It would be practically impossible for a small child to grow up without learning the language spoken in his surroundings. At the same time, it takes a deliberate effort for a grown person to learn a new language - it’s much easier to give up and decide that it’s not worth the effort.
Agitar Software is a company with a great ambition: provide code analysis tools that not only attempt to locate bugs, but also present optimized alternatives to the current solutions. This is a marvellous example of what I’m desperately missing in software development: more automation. Many tasks can be performed by machines instead of letting developers waste their time.
There’s a problem with code analysis tools, however. Look at this code snippet:
for( socket = sockets; socket; socket = socket->next )
{
if( 0 == strncmp( ip->name, socket->socket.name, strlen( ip->name ) ) )
{
choice = &socket->socket;
}
}
Looks pretty decent, doesn’t it? This is a piece of code I encountered as I investigated a problem with the wrong IP address being used in DHCP relay in certain cases. First I started checking if the sockets were bound correctly - of course they were. Then I investigated the data structures to see if something was omitted - of course it wasn’t. The guy who wrote this code had done a good job, in fact - it all ticked along like clockwork. In most cases. I must have glanced at the code piece above a dozen times without noticing anything strange; it looks okay, doesn’t it? Must be somewhere else that things go wrong.
Well, I’m sure that some of you have noted something fishy about it already. One obvious thing struck me immediately: why is there no break after finding the correct choice? Silly thing, to continue looping. But I didn’t see the main problem for quite some time: what happens if ip->name and socket->socket.name have the same prefix, which incidentally happens to be just as long as ip->name? (For those unfamiliar with C code: strncmp compares two strings and returns 0 if they are equal up to the length specified by the last parameter.)
In a test case where things went wonky, there were three interfaces: Wlan, Wan and Wlan2 (in that order) and the incoming traffic came from Wlan. Yeah, isn’t it stupid? The corrected version is of course:
for( socket = sockets; socket; socket = socket->next )
{
if( 0 == strcmp( ip->name, socket->socket.name ) )
{
choice = &socket->socket;
break;
}
}
My point in telling you this is not to flaunt a coding error, or to let you chuckle at how I didn’t see that error directly when I started investigating the issue; it has to do with automatic bug corrections. What automatic tool can help when the bugs are logic-related instead of simple bugs? I’ve seen a fair share of memory leaks and out-of-bounds memory accessing, but the number of logic errors vastly shadows those. After all, the real bugs leave a greater impact most of the time - these logic errors are more subtle.
And additionally: this may just be a single example, but what would have happened if this code had gone through a code optimizing tool? It probably wouldn’t have noticed the strncmp error, but it might have complained that a break was missing. Then this problem would only have become visible if the interface order was Wlan2, Wan and Wlan, or something similar - not a very intuitive way to configure things, but it might have happened in a real environment. Our test personnel would - with all probability - not have found this error, though.
Quite ironic, eh?
I love automation and I’m all for using automatic tools to a great extent; but the human mind is capable of infinite stupidity, so I’m not prepared to trust them as much as Agitar. “Cut development time while slashing the cost of bugs by 90%” they claim on their webpage. “Paah!” says I.
So, I’m no longer in London, but I still haven’t written something for a while. Time to rectify that! First, I’ll mention an interesting DDJ article concerning ACOs - Ant Colony Algorithms.
The main idea is to combine a greedy short-time search with an evenhanded one, and in combination these two will cancel out each others’ flaws. As an example, the article tests a simple algorithm on the Travelling Salesman Problem, and the results are pretty good: within 100 iterations, a close-to-optimal-as-far-as-we-know-it-solution is found! 100 iterations? Yes, the algorithm depends on using ant-like behaviour, and knowledge from the previous iteration is used in the next one. An ant selects a path based on distance and the amount of pheromones placed on the path by previous ants, and afterwards places an amount of pheromones inversely proportional to the distance of the traversed paths; the pheromones also evaporate with time. Apparently, all this creates a positive feedback loop without the risk of landing at a local maximum.
Somehow I get the feeling that I’ve heard of this algorithm before, but I really can’t put my finger on it. It might simply be the fact that it combines search strategies and machine learning ideas, all of which are commonplace and well-known. Or, it might be the fact that it’s derived from some routing algorithm I’ve read about. Or, it might be the fact that I’ve read about it in some AI book - the author of the article makes no claims to have been overly original. Either way, I get a sudden urge to see this in action - I want to implement a graphical representation of flock behaviour in combination with an ant colony algorithm that doesn’t work in iterations, but continuously instead!
…
Back to the topic of London. In my last update I had had a very haphazard view of the city: pubs, an office, the hotel bar, Trafalgar Square, and so on. I had been a busy little tourist, taking pictures of statues and architecture and arches and whatnot. This continued later that day, when we went to Westminster to watch Big Ben and the lovely lions in front of whatever-that-house-was, and strolled over to the Tower and the Tower Bridge. That’s when disaster struck: one single picture of the Tower caused my digital camera to cough and wheeze, complaining that the memory card was being naughty. All my photos were gone.
This is a serious shame, as London is one of the most beautiful cities I have seen. The streets tell tales of long ago; roads and streets twine in insane ways, showing that the city can’t really have been planned - it must have grown from the old London Town. Beside that, the city is riddled with architectural delights everywhere. I kid you not when I say that there’s something worth watching in every street of the inner city: a statue placed here; magnificent Neoclassicistic pillars there; wonderful churches all over the place. As I walked around, I recalled that Sir Christopher Wren was the architect of many dozens of London’s churches, but to my dismay I couldn’t tell for sure when I actually saw them. “Wren spires” was a term that flowed through my mind, but the only Wren church (well, cathedral) that I could recall with certainity was St Paul’s Cathedral - which certainly didn’t have a spire.
Anyway, after that final day of rest, things got a bit blurred. I was supposed to be in London for a few days, but it turned into 10 days or so. And these days were filled with work from morning to late evening, and then a frantic search for pubs. Thank you God for this liver of steel!
After my last blog entry I got recommended the Oxo Tower restaurant, but since things got so frantic we really didn’t have time to go looking for it. That’s a damn shame. Also, Dan Marshall of Gibbage fame and fortune kindly gave me a nice list of pubs that I ought to visit. (Which I of course forgot to reply to, lazy bastard that I am, so I’ll link to his site instead as a thank-you.) Again, since we were pretty swamped, we only ended up visiting a single one of those: The Pillars of Hercules on Greek Street. Very nice indeed! Still, I think our favourite pub was The Marlborough Head. It had a horror theme, and was located pretty close to our hotel.
Finally, I have to mention something awesome: London is a city of musicals, and I seriously would have killed myself if I hadn’t gone to a single one. I wanted to see Phantom of the Opera, but the tickets were rather pricey. Instead I found a great surprise: Avenue Q has a London show as well as a Broadway one! You know, the show where the Internet is for Porn song comes from. It may not be the highest form of culture, and the jokes may be a bit crude at times, but I seriously loved it. Make sure you watch it as well, given an opportunity!
