akrish

Today was my last day of my internship at VMware. If you don’t know what they do, definitely check them out; they are probably one of the coolest tech companies around. My internship experience was pretty amazing and I was surprised that I was kind of sad to leave work for the last time.

I think one of the things that I’ll miss the most is the people that I met, and the conversations that I had with them. Not only did we have technical conversations, on subjects ranging from startup ideas to computer architecture and AVL trees, but we talked about golf, foosball, movies, our homes, our schools, and pretty much everything else you can think of. After spending 12 weeks with the same people, seeing them every day (or every weekday), you end up becoming pretty good friends with them, and then all of sudden work ends and I may never see them again.

But on the other hand, now I have friends all over the US. I met people from North Carolina, New York (a lot from New York), Michigan, Minnesota, and of course other parts of California, and it’s cool because some of us may end up working or going to school in the same place and it would be pretty good to have someone I know wherever I end up.

And of course there was the technical part of my internship. I feel like I learned so much from the experience, but not necessarily about computer science. Rather, I learned what working for a company is like and how being a developer is very different from being a computer science student or researcher. I think there’s enough to talk about here that I’ll leave it for a future post. Actually I think there may be several more posts about my internship, as it was the single most significant thing about my summer.

Anyway, thanks a lot VMware (the company and all of the people that I met). The experience was amazing and I would love to be able to come back later on.

I just figured it out: the reason why I can never get any work done at home (at my family’s home, not my college home… that would be really bad) anymore.

It’s not that I interact with my family so much that I don’t have time to do anything. I do interact with my family, but when I’m at school I spend a lot of time with my friends. And it’s not that I mentally shut down when at home, taking the time to relax rather than think about anything. I have tons of stuff that I’d like to do, I’m just not able to do it.

The reason is that there are so many distractions at home that I can’t focus on anything for a decent period of time. I’m not talking about distractions that I’m really interested in; things like my friends wanting to hang out, etc. I’m talking about my parents talking, cooking, people coming over, the phone ringing… distractions that don’t affect me in any way whatsoever, expect that they kill my focus.

And it’s not that it just prevents me from doing work, these distractions prevent me from doing pretty much anything remotely intellectual at all. Take just now, I was reading a book (or trying to read it) and in the study my dad was on the phone, in the kitchen my mom was not only talking to my grandmother, but also cleaning up after dinner. Her phone went off and she started talking, and since I’m sitting in between these two rooms, I can’t help but pick up these conversations and lose focus on my reading.

Usually, when I’m at school, I tend to do a lot of my work (except reading) to music, which in some senses is similar to this kind of distraction. But for some reason talking always completely ruins me. It’s why I liked having a single last year, it’s why I don’t like studying with other people or in the library. And I finally realized that it’s why I am completely unproductive at home. I can’t stand when other people are talking, moving around, or doing other stuff while I’m trying to focus/study/think.

I think this is partly why teenagers learn to stay up so late in high school. They get distracted by whatever is going on at home until everyone goes to sleep, and then they start studying. Kind of reminds me of this xkcd comic. But I’m in the habit of going to be pretty early, so after my parents go to bed, I’m usually pretty tired and go to bed around an hour later. That doesn’t give me enough time to really get anything done.

Another part of the problem is that I don’t use my room when I’m at home. Aside from actually sleeping, I live in the family room, so although there is a space for me to go when I want it to be quiet, I don’t usually go there. I guess I should start taking advantage of this more, although the room does share a wall with the kitchen and I can always hear whatever is going on in there. I’ll try getting work done in there, but I have my doubts as to how successful I’ll be.

I wrote about this same problem earlier, but then the problem was very different I think. Now I find that I’m very motivated, and have tons of things that I’d like to do, but am too distracted to actually do them. And if you read that article, I mention that my freshman year I was much more productive at home, but now I can’t see how that was even possible. There’s so much going on in my house all the time (my parents wake up at like 5 and go to bed around 11) that it’s just impossible to find a good time to be productive.

I guess all the stuff I want to do will be backlogged until I get back to school…

This article by George Orwell is really interesting and pretty funny.

Orwell talks about how the english language has been polluted through evolution, and how writers tend to be verbose and ambiguous rather than trying to get their point across. He cites a lot of examples which I’ve seen and heard frequently in writing, speeches, and even common language, showing that even though the article is like 50 years old, it’s still very relevant.

One of the funniest parts is when he translates a line from Ecclesiastes into modern English.

Here is a well-known verse from Ecclesiastes:

I returned, and saw under the sun, that the race is not to the swift, nor the battle to the strong, neither yet bread to the wise, nor yet riches to men of understanding, nor yet favour to men of skill; but time and chance happeneth to them all.

Here it is in modern English:

Objective consideration of contemporary phenomena compels the conclusion that success or failure in competitive activities exhibits no tendency to be commensurate with innate capacity, but that a considerable element of the unpredictable must invariably be taken into account.

Seriously… look at that second sentence. First of all it’s really hard to read quickly. Secondly, it doesn’t really say anything. And thirdly, the first sentence provides wonderful imagery while the second sentence is completely abstract. And I’m not kidding, I’ve seen a lot of writing like that (and I’ve even written like that a lot).

One of the problems is that society encourages us to write like that (at least to some extent). I remember that college applications like to see that you have a strong vocabulary, so we include “big” words into our essays when smaller words suffice or are better. Same with the writing I’ve done in college, people don’t seem to argue with you’re writing if it looks like you know what you’re talking about and to do that, you use this cryptic constructs and ambiguous vocabulary.

Orwell continues to talk about politics, and how political writing (including speeches) is complete garbage in terms of language. Since politics is so much about pleasing your audience, phrases that present catastrophes in a “not-so-bad” light are often used. As an example, Orwell writes, “Defenceless villages are bombarded from the air, the inhabitants driven out into the countryside, the cattle machine-gunned, the huts set on fire with incendiary bullets: this is called pacification.” And with the Iraq war, how often have events that would surely be met with public disapproval been covered up with vagaries and euphemisms?

And I hear it a lot in campaign rhetoric, that I don’t even follow that much. Plans and promises on both sides are kept intentionally vague for obvious reasons, but this usage of language promotes itself as politicians are seen as role models. I don’t really know too much about politics so please correct me if I’m wrong. I prefer to stick to my programs, where language is rigid and being ambiguous means being incorrect.

Orwell then suggests how we can work to fix this language, if you’re interested I recommend the read. It’s pretty fascinating.

If you didn’t see this last night, then you really missed out. Watch it right now, it is truly amazing. I think it’s one of the most incredible moments of the olympics so far.

After watching swimming events for the past couple of nights, I’ve developed a new fondness of swimming. I always knew that swimming was pretty insane and I even tried to get into it last summer, by swimming a couple of times a week on top of my running, but I’ve realized that I’m a pretty bad swimmer and should maybe just stick to running.

I’m really excited to watch more swimming, so it’s good that it’s been getting a lot of coverage, thanks to Michael Phelps. At the same time, I can’t wait for the track and field events to start up, because those athletes are also insane.

I started working again on another website which I may talk more about later, and while doing this, I noticed that I’m a lot more paranoid about security vulnerabilities than I used to be. I used to care more about functionality and usability than security, but after watching cs155 lectures and reading a lot of security papers last semester, I find it a lot more interesting to think about attacks and build my site to defend against these attacks.

I don’t want to write a lot about why I’m interested in security, but I probably should and think I will later on. I wanted to present a vulnerability that I heard about yesterday and after thinking about, I’m pretty sure that most rookie web developers (like myself) aren’t aware of the dangers here.

So I think a lot of people are familiar with packet sniffing. A packet sniffer is a tool that can intercept and try to decipher network traffic. With wireless networks, this doesn’t even require any hardware or any modifications to the router firmware. My computer can intercept any packet on the same wireless network using tools like WireShark.

And this is what I can do as a packet sniffer. I can intercept packets on my wireless network, read them and look at them for important information like email addresses, credit card numbers, passwords etc. So lets say that you are logging into some not-secure site; you provide your email account and password, and you notice that you’re logged in. I, the malicious packet sniffer, intercept the packet containing your http request, and now I have your email address and your password. Once I know this, I can try using it (or some permutations of it) to log into your email account, Facebook account, or even your online banking service. Yeah kinda scary…

So how do I prevent this attack? I can’t prevent you from intercepting the packet (at least not without some fundamental change in how wireless works, an area that I’m not familiar with so I won’t talk about it). But I can prevent you from being able to interpret the packet. If I encrypt the packet, then depending on encryption scheme you probably won’t be able to decrypt and read the content of the packet. Which brings us to SSL…

To prevent packet sniffers from stealing information, as a web developer, you need to be serving your pages of SSL. As a consumer, I can tell wether my pages is served over SSL by looking at a bunch of features of browsers. Mozilla has a lock/certificate on some pages, safari has a lock in the url bar etc.

SSL uses public-key encryption, so basically the server gives the client a public key which the client must use to encrypt all data that is sent to the server. The server maintains a private key, that no one else knows about, and it uses this key to decrypt whatever was sent from the client. Since as a packet sniffer, I don’t know the private key, there’s no way for me to decrypt your packet and steal your information.

At the same time, this encryption/decryption process introduces a lot of intense computation in serving what could be fairly simple pages. So not all pages should be served over SSL, just the ones with sensitive information. For example, most online banking systems are server entirely over SSL, but at Facebook, only the login page is.

There are a lot more details about SSL; if you want to know more, there’s plenty of information on wikipedia or you can ask me.

So most large web services do consider security and encrypt their traffic appropriately and that’s not really my concern. My issue is with kids like me (or me a year ago) developing websites without knowing or caring enough about security. These websites are unknowingly compromising my information and I have a serious problem with that. Especially since a lot of people don’t have hard enough passwords and tend to use similar (or even the same) passwords for multiple sites. It wouldn’t be hard to steal your whole online identity just because you made an account at what you thought was a pretty legitimate website.

And the solution to this is just to make sure that people know that security is a serious issue that all web developers need to know about and understand. Awareness about web vulnerabilities needs to be increased (both to developers and users). It’s also important that users know when they’re pages are served over SSL or more importantly when they aren’t (look for the lock).

My intention in writing this was to do my part in increasing awareness; hopefully I’ve saved at least one person from a lot of grief.

Edit 8/10/08: An article got posted yesterday in the new york times that kind of relates to this. It talks more long term solutions to the whole password problem. Something called Identity cards that are maintained on your local machine and of course cryptographic protocols. Read it here.