Bojie Li

This article was selected for the special issue “See You, 2014”

Looking at the “Network Fee Settlement” section marked “Exempt” on my school departure form, I was filled with mixed emotions. I might be one of the few students who never activated the “Network Pass.” Because in the computer room of the Youth Academy, I didn’t need the Network Pass, and later with the LUG server, I didn’t need it either. Now, sitting in my dorm room, I use a wireless signal amplifier to connect to ustcnet from the East Activity Center. Actually, I don’t really care about the 20 yuan monthly network fee. Not activating the Network Pass is more of a symbol, a connection to fragmented memories, a tribute to the quietly passing youth. Just my personal musings, don’t criticize.

10 Years Ago: Programming Began with Tan Haoqiang

When I first entered junior high, I heard about computer competitions. Somehow, my parents thought computer competitions were about playing games. I didn’t know to check online, so I believed it. A month after the course started, a classmate told me that computer competitions involved many problems like those in math competitions, which I should enjoy. My parents then verified with the class teacher and found out that computer competitions were about programming. At that time, my understanding of programming was like the uncle who fixes computers typing commands in a black box. When I taught a classmate to make a website in college, she also referred to the Windows command prompt as a black box, which made me chuckle. We all started from there.

The first time I attended a computer competition class, the computer room with 40 seats was packed with over 60 people, and I didn’t even have a seat. The teacher was explaining printf on the blackboard, and the students were dozing off. Seeing everyone with a green-covered second edition of “C Programming” by Tan Haoqiang, with “7 million copies sold” on the cover, I felt Tan Haoqiang was a computer god second only to Bill Gates. I heard that a senior even bought “Introduction to Algorithms,” although it was a bit expensive, he still “invited” a copy to worship. The reason for worshiping it was that it didn’t have directly copyable C code. Can a book without code be called a computer science book?

Traditional routers require a cold reboot if any component of the router software fails or needs to be upgraded. Network traffic is likely to be interrupted for minutes in the meantime. This work designs and implements a fault-tolerant software architecture composed of four components: clients including routing protocols and administrator, the router information base (MiniDB), a daemon to resolve rule conflicts among clients (SyncD) and the SDK for programmable switching chip. This architecture allows any component to fail or upgrade without interrupting the data plane, and the control plane will automatically recover within a predictable time after the component restarts.

Publication

Dissertation of Bachelor’s Degree, 2014. [PDF (Chinese)]

People

• Bojie Li, 4th year undergraduate in USTC
• Dr. Kun Tan, Senior Researcher in Microsoft Research Asia

There are two types of passwords in the world: one is to prevent your little sister from peeking at your files; the other is to prevent the authorities from reading your files.

—— Bruce Schneier “Applied Cryptography”
The legendary “plaintext password” comes in two forms: plaintext transmission and plaintext storage. A password transmitted in plaintext does not necessarily mean it is stored in plaintext, and a password stored in plaintext does not necessarily mean it is transmitted in plaintext. The plaintext password incident that caused a stir last year was a case of passwords being stored in plaintext. Once the website’s database was stolen, the users’ passwords were also stolen. Transmitting passwords in plaintext is also very dangerous, as many places on the network may have sniffing devices installed. To these sniffers, passwords transmitted in plaintext are no secret at all. This article focuses on the security issues in password transmission.

What is “plaintext”? If a password is sent out directly in ASCII characters, it is plaintext to anyone; if a password is encoded with base64 (for example, 123456 encoded with base64 is MTIzNDU2), it may be ciphertext to most people, but it is plaintext to any professional programmer. Some people think that if the “encryption” algorithm is made more complex and the code is obfuscated, no one will be able to analyze it. This approach is called hiding, not security, and is at the level of preventing little sisters from peeking at files. Real security depends on public, widely used cryptographic algorithms, and relies on keys rather than the algorithm itself to ensure security.

Unfortunately, cryptographic algorithms and protocols are not necessarily secure just because they are cobbled together.

Yesterday, a major security vulnerability named Heartbleed (CVE-2014-0160) was exposed in OpenSSL. Through the TLS heartbeat extension, it is possible to read up to 64 KB of memory on servers running HTTPS services, obtaining potentially sensitive information in memory. As this vulnerability has existed for two years, popular distributions such as Debian stable (wheezy) and Ubuntu 12.04 LTS, 13.04, 13.10, etc. are affected, and countless websites deploying TLS (HTTPS) are exposed to this vulnerability.

What is SSL heartbeat

I write this article with mixed feelings, because our SIGCOMM paper, which was rushed to the New Year’s Eve, was considered “nothing new” by the reviewers because it was too similar in architecture to this lecture published on March 5 (in fact, our paper contains many technical details not mentioned in this lecture), and had to be withdrawn. How great it would be if Google published their network virtualization technology two months later!

This lecture was given by Amin Vahdat, Google’s Director of Network Technology, at the Open Networking Summit 2014 (video link), introducing the concept of Google’s network virtualization solution, codenamed Andromeda.

Yesterday, I was invited by USTC LUG to attend the 2014 Open Source Technology Conference (OSTC) hosted by CSDN. I would like to share with you the notes I took at the conference and my unreliable memory. If there are any errors or omissions, please point them out in the comments. Some of the pictures in this article are from CSDN’s official live broadcast. I obviously don’t have the speakers’ slides, but I heard that CSDN will release them in the next few days.

In the morning, I met the tall and handsome Thomas Yao and Wang Yong from Deepin (I didn’t take a picture).

March 18th was the student open day of the IEEE 802 plenary session held in Beijing. I was invited by MSRA to attend. The participants in the standard-setting process are all professionals, and I was basically like Granny Liu visiting the Grand View Garden, just there for the amusement. Since photography and recording were prohibited at the venue, and the technical documents discussed at the meeting were not public, there are no pictures or solid evidence to share.

First, let me explain what IEEE 802 is. IEEE 802 is a committee under IEEE (Institute of Electrical and Electronics Engineers), responsible for the establishment of local area network and metropolitan area network standards. The physical layer and link layer protocols of computer networks are basically established by this organization. IEEE 802 holds three plenary sessions each year, most of which are held in North America. Voting rights are granted from the third participation in the plenary session.

IEEE 802 has several working groups, for example, 802.3 is responsible for Ethernet, which is the wired network we use; 802.11 is responsible for Wireless Local Area Network (WLAN), commonly known as wifi. Each working group still has a lot to do. For example, Ethernet has 100M, 1G, 10G, 40G, 100G, and the 400G under research. Not only are the speeds different, but the transmission media used are also different; WLAN has 802.11a/b/g/n/ac/ad standards, not only are the speeds different, but the frequency bands used are also different. Therefore, each working group has Task Forces and Study Groups.

Most of the data on the websites we use is stored on servers in plaintext, and server-side programs authenticate users’ identities and grant user access permissions. However, as business logic becomes more complex, there are always various vulnerabilities, even sensitive applications like Alipay are no exception. In addition, more and more websites are being built on public cloud platforms, a major concern is: Will the owner of the cloud platform steal my confidential data?

Therefore, it is best to encrypt data stored on the server, and the decryption key is in the user’s hands, that is, only the user can see the plaintext, and the website owner, cloud service provider, and possible server intruders can only see the ciphertext. Building web applications on top of encrypted data using Mylar, which will be published at the top conference in the network field NSDI 2014, is such a solution.

A few days ago, I gave an internal technical sharing session, and the opinions of my colleagues were diverse, so I decided to discuss it with everyone. This article will discuss Google’s network infrastructure plans—Google Fiber and Google Loon, as well as Google’s exploration in network protocols—QUIC, with the ambition to turn the Internet into its own data center.

Wired Network Infrastructure—Google Fiber

The goal of Google Fiber is to bring gigabit internet into thousands of households. With gigabit speed, downloading a 7G movie only takes one minute (if you are still using a mechanical hard drive, you probably won’t have time to store it). Currently, this project is only piloted in two cities in the United States, Kansas and Provo. Google Fiber in these two cities offers three packages, taking Kansas as an example: [1]

1. Gigabit network + Google TV: $120/month
2. Gigabit network: $70/month
3. Free monthly network: 5Mbps download, 1Mbps upload, free monthly rent, but a $300 initial installation fee is required.
   The third plan is not as fast as the services provided by most telecom operators in the United States, and most households have already purchased TV services from cable TV operators, so for families that can afford it economically, the comparison of the three packages highlights the “value for money” of the second package ($70/month gigabit network).

There are two points worth arguing here:

1. Can everyone have such a fast gigabit network technically?
2. Can the $70/month fee recover the cost of Google building a gigabit network?

Today, I grabbed a router, which took me an hour to get, and I was always in a “crowded” queue before. I couldn’t help but think of the ticketing system I made for Beautiful Encounter last year. Someone asked, why can’t I get a ticket with the script I wrote? The mystery will be revealed in this article.

The conditions that the ticketing system must meet are:

1. One person, one ticket, a person cannot get two tickets;
2. The tickets to be issued every day must be issued exactly, neither more nor less (assuming there are enough people to grab tickets);
3. The probability of successfully grabbing tickets with a program should not be significantly higher than the probability of manually grabbing tickets.