I have probably already told you about my stories with Datak earlier and I guess that's for more than enough. For about a month I was thinking that problems through https are actually Datak's fault of not being able to properly maintain their network and servers (Which wasn't the first time in that case). But that turned out to be quite a different issue as the things are getting clear and I'm getting aware of what government is actually capable of doing.

Of course filtering https contents is not as horrible as restricting people's access to public contents, media, and free flow of information, but it's eventually the second worst act of Islamic Republic ever taken over information censorship.

Censorship is done in pretty much different ways, one is known and rumored to be looking into HTTP headers and comparing "Host" header string with entries available in a certain unified blacklist. Pedram Azimayi is probably the first one to have this method revealed.

After I had several unsuccessful attempts on violating Host headers using ModifyHeaders, AmirMohammad Saied wrote a simple yet handy add-on for firefox which is confirmed to be working and thus you can have access to censored websites. The trick is to violate Host header string with a desired character with an ASCII code lesser than 32. According to RFC977 standards, Host header should be looking like this:

HOST_STR CR LF

So if you somehow managed to violate it to look like something like: HOST_STR\t CR LF, then you are all set. SEPAR won't detect your HOST_STR as a blacklisted entry thus grants you permission to access that website. Apache and IIS however are known to remove these character therefore making HOST_STR in a whole a valid Host header again. Lighttpd however does not take care of such characters in Host header string, so from the stand point of non-technical user, you can't have access to contents serving on a Lighttpd webserver using this method.

But the problem with https is that you cannot sniff into it's traffic, watch it and control it which is probably a good thing. Yet again it's sad to hear that when Islamic Republic is not able to control you, or solve a problem in peace, it decides to wipe you of the map completely. That's exactly the case of https. The rule of the thumb here is, when you are not able to censor traffic through https, block it completely.

Based on my guesses, they are currently keeping a whitelist of allowed websites, all others are blocked and this is not done in a similar way as what they do to HTTP contents. They actually drop all HTTPS requests to all hosts unless otherwise noted. This is completely dumb.

However, not all the routes are affected (at the time in which this is article is being written), but sooner or later when your ISP gets these new rules from TCT for their routes you might as well experience the very same problem with your https and unfortunately it would be strictly impossible to workaround it this time.

Did you know that you are nothing more than a bloody flip-flop? Face it.

I didn't really come up with a better opening dialogue than this one, so I just go through the entire problem right away. Unfortunately these countless amount of issues of mine with Datak are not going to resolve. One problem gets eradicated, another one jumps in.

I mean maybe having problems with electronic systems isn't that rare, but at least we (And by we I mean geeks and those who are a little bit further into details of what actually goes on. e.g. They know what compiling a code means) expect a little amount of respect for they are not dumb. If you contact your ISP support to ask why you have bandwidth issues, the best answer you come close to; If you are lucky is "All right, You probably have lots of viruses and spywares floating around and infecting your system as we speak, try to wipe them out clean with Norton Antivirus" blah blah. And if you are unlucky then you would probably hit a Windows geek who actually tries to help you a little bit with the situation you are struggling with "OK, go to start menu, click run, type cmd, go to My Computer, go to Control Panel" etc. They would find it mind blowing if they hear you are using something other than Windows. They reply like "Hah! No way! Are you using Linux with our services?" Or "Oh, I didn't actually knew there are Linux users in Iran. I mean I know couple of Khaarejis but that's all." Or "That's nearly impossible. You know I'm trying to learn Linux these days thus completing my vast pool of knowledge with everything. Would you help me?" Or "And by the way, We are not supporting Linux in here, it's non of our business if you are using it". I have heard all the above versions.

No seriously, will you tolerate this attitude of not accepting the real cause of problems and what's really underneath? I mean advertising 1500 as mtu for a poor wireless connection over your network is not really a matter of the operating system on the client side nor suffering from bandwidth problems is. It's a ppp standard. I mean lying is a problem, having technical issues is not. It would have been better if they just said "Yeah, we are currently suffering bandwidth issues, thank you for your patience. We would try to find a workaround as soon as possible". And that would have calmed me down. But denying the whole truth in the middle of the day and into direct sunlight and complicating things won't make anything better. But that's the way it is, unfortunately even our beloved Mr. President Dr. Ahmadinejad, follows the exact same pattern according to the fact that from his point of view, there are no "Homosexuals" in Iran which is absolutely an awesome idea, I mean yeah brilliant. After all, we do live in "Mamlekate Gol va Bolbol va Islami", don't we?

I had problems with mtu, bandwidth, filtering, sourceforge, torrent downloading, traffic shaping (low rate of downloading from a single TCP connection), frequent disconnections, unsteady signal level, DIY, game shows, junk food, children, walks in the park, nine to five, good at golf, washing the car, choice of sweaters, family Christmas, indexed pension, tax exemption and finally last but not the best, problems through https. I have a feeling that even if power gets cut and if gcc is not able to compile my shell-script written code it's Datak's fault. Everything is Datak's fault. Anything is Datak's fault. I mean wow, https problems. That would potentially mean not being able to access bunch of valuable services, your project hosts, your daily read list, your preferred source of informations, wikis, launchpad and a growing list of others. After wasting 16 minutes of my time, waiting in the phone support queue and hearing the funny memo "12 nafare digar dar entezaare mokaaleme AST", holding a phone by one hand, *BEEP* by another one, they just told me "OK, we are currently on a shortage of bandwidth. But we don't really know when it's going to solve. It might take a week, a month, a year, a decade, a century or probably even take like forever". So what can you do? Swear at support staffer? yelling at him? No, it's not going to work because he's someone like you who tries to make some money and that's all. He's not responsible for anything happening to you whatsoever. That just reminded me an interesting dialogue between Mark Renton and Tommy in Trainspotting which I'm actually going to quote here:

Tommy: He was going to chib him I tell you. Then I thought he was going to do me. The beggar's fucking psycho, man.
But he's a mate, you know, so what can you do?

Mark: What indeed could one do? Just stand back and watch and try not to get involved.

That's it. One of the moments in which I really need to write useless stuff for public and publicity.

The function of the expert is not to be more right than other people, but to be wrong for more sophisticated reasons.

Dr. David Butler, British psephologist

Ever wondered why smbfs support is about to be removed from kernel source tree? Ever wondered what cifs is and what it's useful for? Ever wondered why algorithms are that important in your daily life? Ever wondered why you have to avoid using deprecated stuff? If you have one these questions in mind, then continue reading the following story which I think you would find the answer to most of the questions which you have in your mind there.

A network file system is any computer file system that supports sharing of files, printers and other resources as persistent storage over a computer network. The first file servers were developed in the 1970s, and in 1985 Sun Microsystems created the file system called "Network File System" (NFS) which became the first widely used network file system. Other notable network file systems are Andrew File System (AFS), NetWare Core Protocol (NCP), and Server Message Block or SMB which is also known as Common Internet File System (CIFS).

Short for Common Internet File System, a protocol that defines a standard for remote file access using millions of computers at a time. With CIFS, users with different platforms and computers can share files without having to install new software.

CIFS runs over TCP/IP but uses the SMB (Server Message Block) protocol found in Microsoft Windows for file and printer access; therefore, CIFS will allow all applications, not just Web browsers, to open and share files across the Internet.

With CIFS, changes made to a file are simultaneously saved on both the client and server side.

The Story

Today I had to copy some files to a laptop, which was running on a Windows over my internal home network so I thought using smbfs as the main protocol behind SMB for interacting with the computer would be the easiest way to do the trick. I had some experiences before with smbfs behind SMB, But when I mounted the remote file system with smbmount I encountered the following message:

smbfs is deprecated and will be removed from the 2.6.27 kernel. Please migrate to cifs.

That was how I got into testing cifs to see how it does in the action. I had to re-compile my kernel first in order to use cifs, so I enabled the nifty kernel feature for cifs and emerged mount-cifs package as well. What I had in mind was to transfer files with medium amount of size and put both of the above into some real tension and stress; then comparing the final results. It was an interesting benchmark and results were even more impressing.

Test Setup

It would be useful if I give you an acceptable in-details information about the environment over which the test was done.

First box running on Windows XP Home Edition, having a National Semiconductor DP83815-Based PCI Fast Ethernet Adapter connected using a normal CAT5-E cable with the length of ~15-20 meters.

Second box running on Gentoo 2008.0 (Linux ws1 2.6.25-gentoo-r6 #16 SMP Thu Jul 17 16:57:30 IRDT 2008 x86_64 AMD Athlon™ 64 X2 Dual Core Processor 4400+ AuthenticAMD GNU/Linux) having an nVidia Corporation CK804 Ethernet Controller also connected using a normal CAT5-E cable with the length of ~3 meters. (forcedeth kernel driver used)

D-Link 10/100 Fast Ethernet Switch, DES-1005D.

The Benchmark

I tried to transfer several files with different sizes to get better and more-reliable results.

After taking a brief look at the final results, I realized why they are insisting on smbfs deprecation and their intention on removing it completely to replace it with cifs as the main protocol behind SMB.

transferring of 14 files with total size of 616469224 bytes took around 1 minute and 51 seconds using smbfs whilst it took only 1 minute and 4 seconds with cifs which was quite an interesting result. Consider all the network supplements and tools where the same. To me it was another proof for the fact that algorithms and protocol improvements and their implementations play an irrefutable role in computing science and that why you have to avoid using deprecated stuff. Thus you can save CPU cycles and time without purchasing new network peripherals and devices.

Benchmark Result Files

simple txt file

open document text file (odt)

pdf file

In the end taking a look at the following documentations wouldn't hurt.

http://samba.anu.edu.au/cifs/docs/what-is-smb.html

http://codefx.com/CIFS_Explained.pdf

But why would I want to do a thing like that? I chose not to choose life. I chose somethin' else. And the reasons? There are no reasons. Who needs reasons when you've got heroin?

-- Mark "Rent-boy" Renton, Trainspotting by Irvine Welsh

Couple of days ago, I accidentally ran into a new twitter-like service named Identi.ca referenced by slashdot news. For those of you who haven't yet experienced microblogging services like twitter I strongly encourage you to read this article and Wikipedia's Link as well.

It’s hard to say anything useful in 140 characters. But it is fun!

Identi.ca is a microblogging service not so very much different from twitter and bunch of others available around the net except for the idea of using an opensource tool called Laconica for it's running engine under the hood. It would be probably worthwhile if you take a brief look at Laconica anyway.

It was the second or the third day of identi.ca when I first registered for an account and started to post notices there to do some investigation and I somehow got the feeling of "Hey! I like this service more than twitter" and that in turn made me think why? If I should give a name to it, Identi.ca is in fact a microblogging service like twitter but in the geeks way. Due to the fact that Identi.ca is passing it's age of preparation you shouldn't expect a fully functional feature-rich system, yet a just-works-fine service as it is. Registration is easy, so scratch your itch. There is also a ping.fm service available which you can post to multiple of your microblogging and other services simultaneously with one update using it's web-interface and instant messaging, so don't worry if you have bunch of services at the same time.

That was how I got familiar with Identi.ca. You might very probably like to get used to microblogging services specially geek styled ones like this. So here it is, my very own profile at Identi.ca.

Also consider reading the following links:

http://rekha6.wordpress.com/2008/05/01/microblogging-is-not-for-losers/

http://mobhappy.com/blog1/2008/04/26/web-20-ui-and-twitter/

As an update, it would be worthy to mention that Identi.ca uses PEAR package (Validate) which AmirMohammad Saied is one of it's lead developers, totally irrelevant to the fact that I really like Identi.ca

--

Choose Life. Choose a job. Choose a career. Choose a family. Choose a fucking big television, choose washing machines, cars, compact disc players and electrical tin openers. Choose good health, low cholesterol, and dental insurance. Choose fixed interest mortage repayments. Choose a starter home. Choose your friends. Choose leisurewear and matching luggage. Choose a three-piece suite on hire purchase in a range of fucking fabrics. Choose DIY and wondering who the fuck you are on a Sunday morning. Choose sitting on that couch watching mind-numbing, spirit-crushing game shows, stuffing fucking junk food into your mouth. Choose rotting away at the end of it all, pishing your last in a miserable home, nothing more than an embarrassment to the selfish, fucked up brats you spawned to replace yourself. Choose your future. Choose life.

-- from Trainspotting by Irvine Welsh