Archive for October 20, 2015

Tuesday, October 20, 2015

How Both TCP and Ethernet Checksums Fail

Evan Jones (via Hacker News):

At Twitter, a team had a unusual failure where corrupt data ended up in memcache. The root cause appears to have been a switch that was corrupting packets. Most packets were being dropped and the throughput was much lower than normal, but some were still making it through. The hypothesis is that occasionally the corrupt packets had valid TCP and Ethernet checksums. One "lucky" packet stored corrupt data in memcache. Even after the switch was replaced, the errors continued until the cache was cleared.

I was very excited to hear about this error, because it is a real-world example of something I wrote about seven years ago: The TCP checksum is weak. However, the Ethernet CRC is strong, so how could a corrupt packet pass both checks? The answer is that the Ethernet CRC is recalculated by switches. If the switch corrupts the packet and it has the same TCP checksum, the hardware blindly recalculates a new, valid Ethernet CRC when it goes out.

Dropbox Paper

Nathan Ingraham (comments):

For now, Paper is a web-only app that you can access through your Dropbox account, although the company says it’ll have a mobile app ready to go when the product comes out of beta. At first glance, Paper’s UI is reminiscent of the scores of minimalist, lightweight text-editing apps that have come out in the past few years, such as IA Writer. But while IA Writer and its ilk are designed for solo composition, Paper is all about working together. As in Google Docs, multiple users can edit a document at the same time. Each is designated by a colored cursor, and the user’s full name is displayed in the margins, crediting their contributions to the file.

From a text perspective, Paper is quite basic; there’s only one font and three sizes available. You can do your basic bold, italics, underline and strikethrough formatting and format text into a block quote, but that’s about it. Dropbox specifically said that the purpose of Paper was to keep the focus on sharing ideas rather than formatting. In particular, the company made it so that you can use its app to share pretty much anything, regardless of what tools you might be using.

iOS Apps That Collect Users’ Personal Info

Dan Goodin:

The apps, which at most recent count totaled 256, are significant because they expose a lapse in Apple’s vetting process for admitting titles into its highly curated App Store. They also represent an invasion of privacy to the one million people estimated to have downloaded the apps. The data gathering is so surreptitious that even the individual developers of the affected apps are unlikely to know about it, since the personal information is sent only to the creator of the software development kit used to deliver ads.

“This is the first time we’ve found apps live in the App Store that are violating user privacy by pulling data from private APIs,” Nate Lawson, the founder of security analytics startup SourceDNA, told Ars, referring to the application programming interfaces built into iOS. “This is actually an obfuscated toolkit for extracting as much private information as it can. It’s definitely the kind of stuff that Apple should have caught.”

Apple:

We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi's SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.

iOS Diagnostics & Usage Data

Joe Caiati:

Pre-iOS 8, you could have found this is section under Settings → General → About → Diagnostics & Usage, but now it lives in Settings → Privacy → Diagnostics & Usage.

I would liken the Diagnostics & Usage Data section to the Console on the Mac. There is a lot of noise in there, but sometimes you can find important information about issues related to your device. At its most basic definition, the Diagnostics & Usage Data section is a log of system events that happen on your iOS device. This log isn’t tracking your every move, but it is creating entries whenever events like an app crash happens.

My iPhone 6s’s display isn’t wide enough to see many of the full filenames.

String Interfaces

Ted Unangst (via Jeremy W. Sherman):

Although using strings subverts C’s already weak type checking, that’s probably not a major concern. One can screw up bit masks by using || in place of |. Or, as above, one can incorrectly pack the magic array. It’s usually much easier to visually audit a string than the C code used to plaster a dozen option together.

Of course, one should not use a string interface if it doesn’t make sense, but we need not reject the concept out of hand without at least some consideration.

Another example is libclang.