I just got done replacing my iPhone screen, which I shattered over the break. The part was $30 on Amazon, as compared to a $130 third party repair, or probably a $200-300 Apple/AT&T repair. Yes, I am feeling pretty satisfied right now.

There are plenty of good videos and resources out there, so I won’t add my own, but would just like to say—yes, it can be done!

So I learned last night that our submission to NSDI was accepted. It described the methodology for a tool we built which we can Distalyzer. Distalyzer works to help developers diagnose performance problems in their systems. It works by utilizing a minimal amount of structure from the logs, and then doing two kinds of analysis (t-tests and dependency networks) to discover the most relevant and most divergent aspects of groups of log instances. We have used it to find bugs in Transmission and H-Base, and applied it to other another system’s problem (TritonSort) to show reductions in effort needed to diagnose the problem.

Soon there will be a blog post at our research group website which describes it in more detail, but I wanted to go ahead and post about the good news.

So in research progress, we’ve recently published or had accepted two conference papers in the area of distributed system security. The first is a paper called “Removing the Blinders”, with co-authors David Zage and Cristina Nita-Rotaru. The basic insight of the paper is that in many protocols, nodes make decisions about other nodes based on just the last message they got from them. This is a kind of “blinders”, hiding other information the node has about the other nodes, which prevents them from making smart decisions about the peers based on the holistic information available.

However, the effort required in the first paper is totally manual. Discovering the set of attacks, and then finding the defenses for those attacks is takes a smart person thinking about it for a long time. We next set out to solve part of the problem – discovering the attacks. We focused on a restricted set of systems—those implemented in a structured language such as Mace. By applying a greedy state space exploration search strategy, we can discover a class of attacks that cause poor performance in systems. This work was accepted to NDSS 2012, about a tool we call Gatling.

Meanwhile, part of our current research involves further generalizing this work.

So over the last several months, I’ve been working at losing weight. So far, I’ve lost about 26 pounds. My diet?

• Less Soda. I started out by cutting back to 1 every other day. Now it’s more like 1 every once in a while. (i.e. 1-ish a week). If you figure I was having 1-3 in a day, that’s basically a drop of 150-450 calories a day, without replacement. In the place of the Dr Pepper, I’ve been mostly drinking water. I’ve also cut out my morning juice, for the most part, after being convinced that juice provides a lot of sugar/calories and not a lot of nutrition.
• Eating products that are less processed, and more whole. This means reading ingredient lists. If there are a bunch of ingredients I don’t recognize, probably not a good sign. Most recently, this meant buying regular, all-natural sour cream rather than the fat free sour cream. When I stopped to look at the ingredient list of the sour cream, it had many, many ingredients as compared to the regular sour cream, including cellulose, which is basically the same thing as paper or wood pulp as I understand it. We just ate stroganoff made from the regular sour cream, and WOW was it good! So basically, while I’m losing weight, I’m eating richer, tastier foods, and feeling less hungry.
• Accepting that my body had no clue what full and hungry meant. This can be attributed to many things, including the over-eating I was doing and the highly processed foods, especially the “light” foods I was eating which were essentially training my body that food did not correlate with calories. There were nights that I would make dinner portions for Kristina and I, and we would be eating, and she would remark how she was full and should stop. I would have been quite content to keep eating, but would follow her lead, and assume that what I had eaten was enough to fill me, so I would stop. I’m still not quite there, but I have started to be able to recognize sometimes in the evenings when I’m not hungry so that I opt not to snack because I’m not hungry rather than just the fact that intellectually I know I don’t need more food (which is still more common).

On the down side, one of the things we did as part of this movement was to visit our local dairy and buy a set of local cheeses. Tasty, yes. (Not necessarily more whole than what we could get at the store, but buying fresh/local is still something I’ve been doing as part of this general movement). Anyway – this morning we learn that the cheese we ate/bought while there is subject to a voluntary recall due to possible bacterial containment with a 3-70 day incubation period. Oh well.

One resource I have really enjoyed using for this is Fooducate. I enjoy both following their blog, and using their iPhone app to scan products to find out tidbits of things I ought to know.

Since I’ve been doing so much reading about food, I find I may post more about it too, so I’ve created a category for food.

This past week, one of my students presented his first paper at HPDC. There is a more detailed blog entry at the research website by the student, but I wanted to mention it here too. (Post: http://www.macesystems.org/2011/06/incontext-simple-parallelism-for-distributed-applications/)

The very short story: the Mace toolkit has scalability issues since events must run atomically (think a big lock protecting events to run only one at a time). This paper describes the first step towards loosening that restriction, and running different events in parallel as long as they are not both trying to write to global state.

This post was promised some time ago, about our paper published at the conference on Foundations of Software Engineering (2010), a top conference in software engineering. Instead of posting it here, however, Karthik (one of my student co-authors), posted a description of our FSE paper here: http://www.macesystems.org/2011/04/finding-latent-performance-bugs-in-systems-implementations-fse-2010/

The very short description: by building robust systems, we hide some of our correctness bugs, converting them into performance problems. Our paper is about using model checking concepts to discover such bugs with a minimum of developer effort. See the post and paper on the group website.

I got this question from a friend, so thought I would post these thoughts in case they help others too.

Okay – so to VPN or not to VPN on a public wi-fi network….

I guess, in the end, it all comes down to the security concerns you have.

Before discussing details, I’ll start by saying that I do not often personally connect to a VPN when using a public WiFi network, despite having one Purdue hosts that I could use.

The technical difference between VPN and HTTPS comes down to the layer of the network stack where the encryption takes place. A VPN would encrypt all traffic leaving your machine, but moreover, would direct it all to your VPN provider (your desktop, as the article suggests). Once it reaches your desktop, it will travel over the desktop’s normal network path to the rest of the internet. HTTPS, on the other hand, is
applied to a specific and single network connection between your mobile device and a given server.

So, considering only traffic to HTTPS sites, let’s look at what information is leaked.

• With the VPN, all traffic is destined for your desktop. On the one hand, this is good, because no one can tell what sites/services you
  are using. None of your network traffic, except that which was to setup the VPN, is readable on the public network. There are, however,
  two kinds of things which are leaked. (1) the volume and pattern of traffic you use. [There is no solution for this. But you should be
  aware that it is viewable to all, and there may be profiling techniques which can be applied to learn things based on this.] (2) the fact that you have a connection with your VPN provider. From a privacy standpoint, this in fact may be a very serious concern, because if you are using your desktop as your VPN, then it may very precisely identify who you are, where you live (see an article today in Ars Technica on mapping based on an IP, etc.
• With HTTPS, only the web traffic to the given server(s) is encrypted. In particular, other information is leaked. (1) The IP addresses of all the sites you connect to, which may identify who you bank with, who you work for, who your email provider is, etc. (2) The DNS queries you issue, which would make it even easier to identify what sites you are visiting, without having to reverse-map an IP-to-hostname, when the IP may have multiple hostnames. (3) More precise information about your traffic patterns, since it is subdivided by destination rather than being aggregated in the VPN case. (4) Some HTTPS sites will include static content or images from a non-encrypted source (some browsers warn about such things). This information of course would also be unencrypted.

Next, consider the other traffic your mobile device may be sending. For example, if it participates in any convenience networks (i.e. Bonjour
for peer host discovery), this traffic will all be present too, and may or may not be encrypted, based on the service.

Another consideration is the exposure to attack your device has. In both cases, your device is connected to the wireless network. However,
in the VPN case, the default settings of the device may be generally more secure, since the wireless network wouldn’t need to support some of
the extra traffic. It becomes harder to launch an attack, since the machine is mostly looking for traffic from the VPN, and will ignore most
local traffic. HTTPS leaves any such services (e.g. iTunes listening for connections from the Remote.app on the iPhone) listening.

Finally, there is the cost. VPN adds an extra layer of overhead, and an extra layer of places where things can go wrong. Also, all traffic is
going through your desktop, which may significantly reduce the bandwidth you can achieve, and add latency. (And of course, an HTTPS site when using a VPN is being encrypted twice – once at the HTTPS layer, and once at the VPN layer). Further, the choice of a VPN vs HTTPS may have other unpredictable effects – a wireless network provider may block VPN traffic, or possibly deprioritize it. Or they might do the same for HTTPS traffic (though deprioritizing is more likely than blocking in this case).

Okay, one more consideration – which is the quality of the encryption. Both technologies can provide a range of encryption quality, so
vigilance must be used in ensuring effective encryption is used. Some browsers will warn about weak SSL configurations on servers, but VPN
encryption quality is generally less well verified.

Hope this helps,
Chip

Before Christmas, I purchased a Virgin Mobile MiFi as an alternative to the then-weak tethering options for an iPhone. I was particularly excited about the MiFi from VM because I do not need one all the time, but just sometimes while I’m traveling.

Over Christmas, it worked OK. I had a problem keeping it charged in the car because it wouldn’t charge from a normal micro-USB connection, but needed a specialized one (I think it may simply have to do with making the data lines, but for whatever reason it would not charge from a separate USB cable plugged into a car-USB adaptor, despite the fact that it will charge an iPhone and an iPad simultaneously.

But I fixed that by getting a separate car charger. Well, now I cannot download any content at all over the MiFi. It became un-activated, and I had to go back through the activation process. After doing so, I can download content from virginmobileusa.com (I even purchased some bandwidth so I could use it – I’ve been able to use none).

I’ve now tried to use the MiFi 3 times on 3 separate days over 3 weeks. It has failed each time, with the same symptoms. I have rebooted everything, tried to use the reset button on the device, the laptop, etc. I am thoroughly and utterly convinced that it is a VirginMobile problem. (This is obvious from the fact that it can connect to the virgin mobile site).

I also tried to call the support line just now, and sat on hold 5 minutes with frequent apologies from the automated system that they are busier than usual. From what I’m reading on websites, they have been busier than usual for months.

So that’s it. I’m going to give up on my MiFi. I might try to sell it, except that I don’t think I would feel good selling it.

Instead, I’m going to try the new hotspot functionality of my iPhone. It’s disgustingly priced as a tethering plan, but from what I’m reading, I can turn it on and off at will, switching between data plans anytime I want. So if that’s true that may work out well for me.

If VirginMobile wishes to correct this, they can refund my $20 for the data I bought recently, and contact me. Maybe they can unlock the device to use with companies other than VM, or maybe they can make it work. But from what I’m reading on the internet, this infrastructure is just a disaster, and many of us feel like we totally wasted the money we put into it.

Oh well. Live and learn.

I have received a number of requests from people interested in lists of worthwhile Apps for iDevices (iPhone, iPad, etc.). Underlying this is of course a question about whether I like my iPad. I do. I rate it as a “fun toy”. It is good enough that many evenings I do not need to use my computer – because if I am just consuming content (reading news, shopping, etc.), then there is no need for my laptop. It’s only (like tonight), when I’m doing a lot of typing that I need my laptop. As an added bonus, the iPad is easier to use in bed, and never gets hot.

In any case, today I want to focus on one particular kind of App – the GPS app. Around Thanksgiving last year, we (Kristina and I) tested out several GPS Apps on the iPhone. These included Navigon, CoPilot Live, and MotionX GPS Drive (in opposite order).

In rating GPS Apps, we identified a few key factors:

• Maps: downloaded on-the-fly, or as part of the app itself. This impacts map freshness, app size, and mobile data usage. Including the maps in the app means the maps will be more stale, and makes the app around 2GB. Downloading the maps as you go makes the maps more fresh and keeps the app small, but uses more mobile data, and doesn’t work well in areas of poor coverage.
• Live Traffic: Useful for routing around accidents and such.
• Routing: TTS (Test-to-speech), for reading street names aloud. We found this feature very important to avoid looking at the screen too often. Some apps read only street numbers or numbered streets: you actually want one which can synthesize street names.
• Polish. How elegant is the App.
• Price
• Map Data: there are two main map providers NavTeq and TeleAtlas. They have different qualities, strengths, and weaknesses. This turned out not to be a major issue for us (I forget which one we’re using anyway).

The apps rate as follows:

• MotionX GPS: This is the cheapest of the options, but comes with a subscription model instead of a pay-for-the-app model. Maps are downloaded on the fly. The app was reasonably impressive, but in the end we decided we needed the maps included in the app. At the time, it also did not support TTS, though I think that may have changed.
• CoPilot. CoPilot worked just fine – with the features we wanted, but was rather unpolished. However, in exchange it was cheaper.
• Navigon. This was the most expensive app we tried, and in our opinion, you get what you pay for here. It has TTS, live traffic (add on charge), and also includes the maps in the app. All this, and a very polished interface as well.

While I have not tried the newer Garmin App, it downloads the maps as you go, so it doesn’t really fit the criteria we needed. In our opinion, Navigon was the best choice. I do, however, recommend looking for times when the app is on sale. You can use something like AppShopper to see the history of pricing on an app. Note also, with Navigon, you can pay different amounts depending on how much maps you want. If you don’t need Canada – get the US only version, etc.

So I need to add some posts. I don’t have time to write them now, but if I promise them here, maybe I’ll make the time for it.

• More games – pandemic, ticket to ride, etc.
• iPad review
• Research report – FSE paper

BTW, did I mention I now have a son?
He’s doing well – now 5.5 mos old. Now I’ve finally recovered some and am digging out of the hole a bit, hence the new posts.