2014-10-20
Escape from the Activity Room

Escape from Microsoft

On the morning of September 17, 2014, in the conference room on the 12th floor of Microsoft Research Asia. The boss just returned to Beijing after a month-long international conference, and I nervously reported the unsatisfactory progress of the past month at the group meeting. In the previous few days, my heart was beating wildly, fearing that the boss would see through my nature of not working hard. Unexpectedly, the boss did not scold me after the report, but said that my model has made great progress compared to a month ago. However, we both clearly realized that our work could not catch up with the NSDI conference deadline on September 26.

Microsoft Building in the early morning of September 17 Microsoft Building in the early morning of September 17

Microsoft Building in the early morning of August 25 Microsoft Building in the early morning of August 25

Read More

2014-09-29
The Overlooked Treasure: IPX Protocol

The Trouble with DHCP

The story begins with the update of the network access management device at USTC.

Capture

The reason for the unified allocation of IP addresses in public internet access areas is that the IP address segments scattered and allocated by each building are not enough. A few years ago, the main force of the Internet was desktop computers and laptops, and it was impossible to keep them on all the time; but now everyone has smart terminals, possibly more than one, and will connect to the Wi-Fi wherever they go. Many places that were more than enough with the /24 address segment (256 IPs) have encountered situations where IP addresses cannot be allocated during peak periods. The size of USTC’s IP address pool is limited, and centralized allocation has solved the problem of insufficient addresses.

This was originally a happy event for everyone, but the new equipment brought new problems. The library query machine that uses network booting freezes after a period of time. The reason is that the IP addresses allocated during the startup phase of the parent system and the startup phase of the subsystem are different, and this difference is due to the bug of the BRAS network access management device.

Capture

Read More

2014-07-06
Releasing the 5% Disk Space Eaten by the File System

Those who use the ext file system to store data may have noticed that a 200 G partition can only use 190 G, and a 2000 GB partition can only use 1900 GB. Where did this 5% disk space go? Some people think this is the difference between the decimal system (1000) and the binary system (1024), but this is not the case.

1
2
3
$ df /mnt/sdb/
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sdb 1922860936 1839798972 0 100% /mnt/sdb

The available space of the above-mentioned 2 T disk is 0, which seems to be full. Try to create a directory and find that there is no space left.

1
2
$ mkdir hello
mkdir: cannot create directory `hello': No space left on device

But sudo mkdir hello can succeed! What’s going on? The answer lies in the “reserved space” of the ext file system.

Read More

2014-06-22
Graduation—A Tribute to My Lost Youth

This article was selected for the special issue “See You, 2014”

Looking at the “Network Fee Settlement” section marked “Exempt” on my school departure form, I was filled with mixed emotions. I might be one of the few students who never activated the “Network Pass.” Because in the computer room of the Youth Academy, I didn’t need the Network Pass, and later with the LUG server, I didn’t need it either. Now, sitting in my dorm room, I use a wireless signal amplifier to connect to ustcnet from the East Activity Center. Actually, I don’t really care about the 20 yuan monthly network fee. Not activating the Network Pass is more of a symbol, a connection to fragmented memories, a tribute to the quietly passing youth. Just my personal musings, don’t criticize.

10 Years Ago: Programming Began with Tan Haoqiang

When I first entered junior high, I heard about computer competitions. Somehow, my parents thought computer competitions were about playing games. I didn’t know to check online, so I believed it. A month after the course started, a classmate told me that computer competitions involved many problems like those in math competitions, which I should enjoy. My parents then verified with the class teacher and found out that computer competitions were about programming. At that time, my understanding of programming was like the uncle who fixes computers typing commands in a black box. When I taught a classmate to make a website in college, she also referred to the Windows command prompt as a black box, which made me chuckle. We all started from there.

The first time I attended a computer competition class, the computer room with 40 seats was packed with over 60 people, and I didn’t even have a seat. The teacher was explaining printf on the blackboard, and the students were dozing off. Seeing everyone with a green-covered second edition of “C Programming” by Tan Haoqiang, with “7 million copies sold” on the cover, I felt Tan Haoqiang was a computer god second only to Bill Gates. I heard that a senior even bought “Introduction to Algorithms,” although it was a bit expensive, he still “invited” a copy to worship. The reason for worshiping it was that it didn’t have directly copyable C code. Can a book without code be called a computer science book?

Read More

2014-06-01
Fault-Tolerant Software Architecture for a SDN Router

Traditional routers require a cold reboot if any component of the router software fails or needs to be upgraded. Network traffic is likely to be interrupted for minutes in the meantime. This work designs and implements a fault-tolerant software architecture composed of four components: clients including routing protocols and administrator, the router information base (MiniDB), a daemon to resolve rule conflicts among clients (SyncD) and the SDK for programmable switching chip. This architecture allows any component to fail or upgrade without interrupting the data plane, and the control plane will automatically recover within a predictable time after the component restarts.

Publication

Dissertation of Bachelor’s Degree, 2014. [PDF (Chinese)]

People

  • Bojie Li, 4th year undergraduate in USTC
  • Dr. Kun Tan, Senior Researcher in Microsoft Research Asia
Read More

2014-05-12
Deciphering the RSA Encryption of Renren Network Login Password

There are two types of passwords in the world: one is to prevent your little sister from peeking at your files; the other is to prevent the authorities from reading your files.

—— Bruce Schneier “Applied Cryptography”
The legendary “plaintext password” comes in two forms: plaintext transmission and plaintext storage. A password transmitted in plaintext does not necessarily mean it is stored in plaintext, and a password stored in plaintext does not necessarily mean it is transmitted in plaintext. The plaintext password incident that caused a stir last year was a case of passwords being stored in plaintext. Once the website’s database was stolen, the users’ passwords were also stolen. Transmitting passwords in plaintext is also very dangerous, as many places on the network may have sniffing devices installed. To these sniffers, passwords transmitted in plaintext are no secret at all. This article focuses on the security issues in password transmission.

What is “plaintext”? If a password is sent out directly in ASCII characters, it is plaintext to anyone; if a password is encoded with base64 (for example, 123456 encoded with base64 is MTIzNDU2), it may be ciphertext to most people, but it is plaintext to any professional programmer. Some people think that if the “encryption” algorithm is made more complex and the code is obfuscated, no one will be able to analyze it. This approach is called hiding, not security, and is at the level of preventing little sisters from peeking at files. Real security depends on public, widely used cryptographic algorithms, and relies on keys rather than the algorithm itself to ensure security.

Unfortunately, cryptographic algorithms and protocols are not necessarily secure just because they are cobbled together.

Read More

2014-04-09
Heartbleed in Action: A Buffer Overflow Vulnerability Affecting Countless Websites

Yesterday, a major security vulnerability named Heartbleed (CVE-2014-0160) was exposed in OpenSSL. Through the TLS heartbeat extension, it is possible to read up to 64 KB of memory on servers running HTTPS services, obtaining potentially sensitive information in memory. As this vulnerability has existed for two years, popular distributions such as Debian stable (wheezy) and Ubuntu 12.04 LTS, 13.04, 13.10, etc. are affected, and countless websites deploying TLS (HTTPS) are exposed to this vulnerability.

What is SSL heartbeat

https

Read More

2014-03-31
Andromeda: Google's Network Virtualization Technology

I write this article with mixed feelings, because our SIGCOMM paper, which was rushed to the New Year’s Eve, was considered “nothing new” by the reviewers because it was too similar in architecture to this lecture published on March 5 (in fact, our paper contains many technical details not mentioned in this lecture), and had to be withdrawn. How great it would be if Google published their network virtualization technology two months later!

This lecture was given by Amin Vahdat, Google’s Director of Network Technology, at the Open Networking Summit 2014 (video link), introducing the concept of Google’s network virtualization solution, codenamed Andromeda.

Read More

2014-03-31
CSDN 2014 Open Source Technology Conference Record

Yesterday, I was invited by USTC LUG to attend the 2014 Open Source Technology Conference (OSTC) hosted by CSDN. I would like to share with you the notes I took at the conference and my unreliable memory. If there are any errors or omissions, please point them out in the comments. Some of the pictures in this article are from CSDN’s official live broadcast. I obviously don’t have the speakers’ slides, but I heard that CSDN will release them in the next few days.

IMG_20140330_081339

In the morning, I met the tall and handsome Thomas Yao and Wang Yong from Deepin (I didn’t take a picture).

Read More

2014-03-21
Observations from the IEEE 802 Plenary Session

March 18th was the student open day of the IEEE 802 plenary session held in Beijing. I was invited by MSRA to attend. The participants in the standard-setting process are all professionals, and I was basically like Granny Liu visiting the Grand View Garden, just there for the amusement. Since photography and recording were prohibited at the venue, and the technical documents discussed at the meeting were not public, there are no pictures or solid evidence to share.

First, let me explain what IEEE 802 is. IEEE 802 is a committee under IEEE (Institute of Electrical and Electronics Engineers), responsible for the establishment of local area network and metropolitan area network standards. The physical layer and link layer protocols of computer networks are basically established by this organization. IEEE 802 holds three plenary sessions each year, most of which are held in North America. Voting rights are granted from the third participation in the plenary session.

IEEE 802 has several working groups, for example, 802.3 is responsible for Ethernet, which is the wired network we use; 802.11 is responsible for Wireless Local Area Network (WLAN), commonly known as wifi. Each working group still has a lot to do. For example, Ethernet has 100M, 1G, 10G, 40G, 100G, and the 400G under research. Not only are the speeds different, but the transmission media used are also different; WLAN has 802.11a/b/g/n/ac/ad standards, not only are the speeds different, but the frequency bands used are also different. Therefore, each working group has Task Forces and Study Groups.

Read More
RSS