Architecting WordPress on #AWS
Read more harish11g.blogspot.in
An Anomaly in the μTorrent network
This article is based on observations in the ARAKIS system, which is built on top of a network of honeypots.
1. Introduction
In recent weeks we continued to observe significant increase of uTorrent (uTP based) network activity. Some parts of recorded traffic triggered high-level alerts in the ARAKIS system informing about possible nodes infection. What is more, according to traffic data, among other things, two of the ARAKIS honeypot sensors were involved in a conversation, which is very unlikely. This means that IP adresses that those packet contained were incorrect (or forged). In this report we summarize findings from our analysis of this activity.
OSSTMM 3 methodology gives the following definition of an anomaly:
Anomaly is any unidentifiable or unknown element which has not been controlled and cannot be accounted for in normal operations. [...] An anomaly may be an early sign of a security problem. Since unknowns are elements which cannot be controlled, a proper audit requires noting any and all anomalies.[...]
In PHYSSEC, an anomaly can be dead birds discovered on the roof of a building around communications equipment.
[...]
In COMSEC telecommunications, an anomaly can be a modem response from a number that has no modem.
In SPECSEC, an anomaly can be a local signal that cannot be properly located nor does it do any known harm.
2. What is uTP exactly?
uTP protocol uses UDP protocol for transportation and complements it with connection-oriented features. It encapsulates standard BitTorrent packets. This means, that regular BitTorrent traffic takes place inside a communication channel created in the uTP layer. This channel has some features typical to TCP channels, including connection-orientation and congestion control. Standard BitTorrent packets rely on such TCP facilities as received data acknowledgements, regulation of window size, etc., in this case however these facilities are provided by uTP. Why do we need another protocol for that, when you can use TCP instead? UDP/uTP/BT stack is also responsible for bandwidth congestion control. When user is downloading data from HTTP or FTP server, the download speed is limited on the server side. Distributed BitTorrent network doesn’t have such limitations. That’s why it often happens that when a user downloads large amount of data, BitTorrent traffic consumes a large portion – or whole – of network bandwidth and effectively denies access to other networking applications. One possible solution is to apply built-in restrictions on the client side. These are not very sophisticated functions however and users often forget about them too. uTP on the other hand allows BitTorrent nodes to dynamically adjust bandwith congestion at the protocol level and also provides some additional functions, like support clients using low bandwidth or sharing ADSL line with a web browser.
Read more at cert.pl
--
(c) 2012 Nitido Inc. - Proprietary and Confidential. All rights reserved.
To my surprise, this actually got a response. Someone monitoring the @awscloud account opened a trouble ticket to my email address asking for clarification. The exchange was friendly and hopefully, and I think it’s worth sharing here.
It’s a pretty compelling situation: cloud service offerings and web browser technology have advanced to the point where S3 and CloudFront should be all one needs to deliver an incredibly performant and cost-effective user experience, letting small startups compete in the time-to-first-render game on an even playing field with the likes of Google and Yahoo. Instead, developers are forced to settle for ugly workarounds and outright hacks due to a few crucial shortcomings.
My team at Boundless is has been working on a cutting edge single-page HTML5 app. We are hosting it on S3 and CloudFront, and its underlying API lives on EC2. Without getting into too much detail, the architecture is a lot like #newtwitter.
Despite initial appearences, and without much justification from Amazon, the S3 API severely restricts which headers can be attached to an object.
Cache-ControlExpiresContent-DispositionContent-TypeContent-LanguageContent-EncodingUsers can apply their own metadata, but it will always be prefixed with x-amz-meta. CSS3 brings the ability to embed arbitrary fonts on the web. Fonts are the clothes words wear, and CSS3 is why the web is looking so sharp lately. The difficulty is that W3 puts fonts under a same-origin restriction. Thus, embedding these fonts requires these additional headers:
Access-Control-Allow-HeadersAccess-Control-Allow-OriginAnd the complete CORS specification has yet more headers to contend with:
Access-Control-Max-AgeAccess-Control-Allow-MethodsAccess-Control-Allow-CredentialsThis leaves CloudFront users who wish to embed fonts with a handful of undesirable options.
data: URIs. Now every time you adjust a
Here is a forum post from 2009 bringing this to Amazon’s highly dismissive attention. What really irks me about this is that Amazon chose to bless a few headers instead of letting the end-user decide what is best for our customers.
RFC2616 allows that a client may suggest to a server that it would like to have the response encoded as something other than raw bytes before transmission. One common encoding is gzip, and lots of HTTP traffic includes a header like Accept-Encoding: gzip. Most web servers will comply with this suggestion, reducing plain text like HTML, CSS, and JavaScript by well over 50%.
Two notable exceptions to “most web servers” are S3 and CloudFront. A possible workaround involves Content-Encoding being among the allowed HTTP headers for S3 objects. The image below has been compressed with gzip -9 before uploading, and has Content-Encoding: gzip set in S3.
If you can see Success Kid, this hack will work on your browser.
This exploits the fact that most browsers usually send Accept-Encoding: gzip, or they will handle Content-Encoding: gzip in the response even if they didn’t request it. Users of IE7 and previous versions will see a broken image icon. wget or curl will also result in corruption unless those tools are explicitly configured to always use compression. This is really a quasi-violation of RFC2616 Section 14.3, but it does sort of work.
If you want to be compliant, you most choose between S3 and compression. CloudFront, at least, will cache both compressed and raw versions of each object depending on the clients which have requested it.
I have harped on this issue before, but Amazon CloudFront exhibits one of the smallest initial TCP congestion windows in the CDN marketplace. They’re at 2. Consensus is growing that it should be closer to 10. Rather than making an argument for it here, I’ll let some Googlers do it for me.
An Argument for Increasing TCP’s Initial Congestion Window”, Nandita Dukkipati, Tiziana Refice, Yuchung Cheng, Jerry Chu, Tom Herbert, Amit Agarwal, Arvind Jain, Natalia Sutin, ACM SIGCOMM Computer Communications Review, vol. 40 (2010), pp. 27-33.
[ccr.sigcomm.org] [pdf] [search]
The @awscloud guys are apparently considering my request. If I get any answers back, I will be sure to post them here.
A continuación, el texto del periodista Telmo Almada.
Acerca de "Caracas Ciudad de Despedidas", sólo diré:
1. Muy negativo que se hayan desatado tantas reacciones de indignación. Peor aún la oleada de insultos. "CCDD" no es un documental sobre la emigración de jóvenes venezolanos. Es un video casero, realizado por adolescentes tardíos (muy tardíos), jugando a retratarse a si mismos, en lo que, notablemente, es un círculo muy reducido de amistades ¿Tanta alharaca por tonterías de muchachos?
2. Es también muy negativo que, tras la primera oleada de odio, haya aparecido también una corriente de opiniones en contraflujo, que intenta reivindicar a estos muchachos. Si es cierto que se trata de estudiantes de comunicación audiovisual, demuestran haber adquirido muy poca destreza. Peor aún, son tan inconscientes de sus propias limitaciones, que ni siquiera atinan a percibir, en su verdadera dimensión, el contenido de su propio discurso. Esto explica que no hayan sabido adelantarse a las repercusiones que se desataron. De nuevo, cosas de adolescentes tardíos.
Parece ser que la ola a contracorriente, que ensalza las supuestas virtudes de este "home video", tiene que ver con el hecho de que el llamado sistema nacional de medios públicos ha desatado una feroz ola de agresiones y odio contra los autores y protagonistas del video (cosa rara, tratándose del mencionado sistema). En ese caso, parecería más adecuado un debate sobre uso de los recursos del Estado para promover el odio, en lugar de la defensa de unos mozalbetes que apenas hicieron la tarea.
3. Lo que sería una calamidad, es que este video casero, por haber dado lugar a tan innumerables análisis semánticos, terminara por ser recordado como una especie de testimonio de una generación. Es un error atribuir a este video mayores pretensiones que las que tuvieron sus autores. Pretensiones se ve que tuvo muy pocas. Es posible que no haya tenido ninguna.
Entonces… ¿Tanta alharaca?
Por último: con todos los chistes que se han hecho sobre el asunto, sí estoy de acuerdo.
Telmo Almada
Periodista
