I came across some interesting broadcast traffic today on my network. I had one of my hosts listening on 6514/UDP and saw this come across the wire:

<rumor version="2.0" type="notification" topic="datHint" importance="normal" datVersion="5749" datCabVersion="20090922112722" updateCabVersion="20090413014657" baseURL="http://vs.mcafeeasap.com/MC/ENU/VS47"/>

The source port was 6515/UDP. According to the internets:

mcafee-asap – Used by McAfee antivirus. A broadcast on UDP/6514 is sent by a client without Internet access in order to find another computer, with Internet access to be used as a proxy for Internet antivirus updates.

I can only imagine the amount of fun that can be had with this type of proxy auto-discovery.

I found this informative list of deadly facts about Australia: http://australiaisdeadly.com/

Apparently the deadliest continent in the Universe is coming for you!

I really appreciate the New York Times URL formatting: http://www.nytimes.com/2009/07/24/nyregion/24jersey.html?_r=1&hp

Everything after ? is likely to get stripped off by poorly written URL parsers, but that doesn’t really matter, because going to the URL without those parameters works: http://www.nytimes.com/2009/07/24/nyregion/24jersey.html

…and Twitter killed it.

For example, to subscribe to the RSS feed from BBC News, I could:

  1. Go to the BBC News Homepage: http://news.bbc.co.uk/
  2. Click the RSS feed link.
  3. Add the RSS feed to my favorite RSS reader.
  4. Watch and wait for my RSS reader to refresh the feed.

Or, I could:

  1. Go to http://twitter.com/bbcnews
  2. Click Follow
  3. Use the twitter.com website or whatever twitter client I’ve already got installed to view both friend updates and BBC news updates.

For me the choice is pretty clear.

The idea to consume tcptrace with Splunk came to me after seeing Darren Hoch’s OSCON 2009 presentation Linux System and Network Performance Monitoring. In his talk Darren shows how he diagnosed home networking issues using tcptrace. Here’s his description of tcptrace:

The tcptrace utility provides detailed TCP based information about specific
connections. The utility uses libpcap based files to perform an analysis of
specific TCP sessions. The utility provides information that is sometimes difficult
to catch in a TCP stream. This information includes:
• TCP Retransmissions – the amount of packets that needed to
be sent again and the total data size
• TCP Window Sizes – identify slow connections with small
window sizes
• Total throughput of the connection
• Connection duration

The data coming out of tcptrace looks like this:

TCP connection 1:
        host a:        gba-ubun810-amd64.splunk.com:40739
        host b:        spreader.yandex.net:80
        complete conn: no       (SYNs: 0)  (FINs: 0)
        first packet:  Wed Jul 22 19:58:34.489567 2009
        last packet:   Wed Jul 22 19:58:35.164233 2009
        elapsed time:  0:00:00.674666
        total packets: 395
        filename:      testdump1000
   a->b:                              b->a:
     total packets:           147           total packets:           248
     ack pkts sent:           147           ack pkts sent:           248
<snip>

Complex? Yes. Edible by Splunk? Hell yes.

Read More »

If you commute regularly knowing when and where you’re going to hit traffic is a life saver. We’re lucky enough to live in a state that went broke producing things like the CHP Traffic Incident Information Page. Until now this information was completely web based, rendering it useless to people on the go. That’s why I created the CHP CAD (computer aided dispatch) Twitter bot: http://twitter.com/chpcad

Read More »

This may go without saying, but it’s never a good idea to use identical credentials between private and public, or personal and professional, systems. For example, if you’ve got both a personal email account and a work email account, using the same password is dangerous. On one hand, if your work account is compromised – or worse, if there’s a nefarious administrator at your work – your personal correspondence are at risk. On the other hand, if your personal account is compromised (which is what happened to Twitter in March (cnet)) you put your job and your companies Intellectual Property at risk.

ugr

A screen-cap of a message in my inbox.

When will someone get this right? Is everyone still writing URL parsers from scratch?

I love using bit.lytinyurl.com and is.gd.

I use these URL shortening services for a variety of reasons, but mostly because they allow me to send URLs to people who know little or nothing about the web – specifically people like my mom. Although her and her peers are capable of using email, IM, and other web services, they are incapable of detecting when a URL has been artificially wrapped:

wurl1

A screen-cap of an email about mustard!

Read More »

Friedman’s Saturday Op-Ed post in the NYTimes gives China a really good reason to engage in the the emerging Green ‘Energy Technology’ marketplace: innovate or get left behind.