Archive for the ‘Software Development’ Category

« Older Entries

Lack of stream support for yEnc encoding

Tuesday, July 29th, 2008

Jurgen, the creator of yEnc, and I have had discussions regarding the lack of stream support for yEnc encoding.  I’ve even mentioned it on the Wikipedia page for yEnc and also in the yProxy FAQ.  I’m going to cover streaming and pipelining in detail here so that you can better understand the limitations of yEnc and yProxy.  This article will also help you understand some important concepts that are applied elsewhere.

Apparently, the lack of streaming support for yEnc encoding was an oversight, probably stemming from lack of knowledge regarding the general design pattern used for streaming data.

Pipelines

Pipelining relates to streaming, especially with yEnc.  In computing, processes often take data as input, perhaps change the data in some way, and then output the resulting data.  A second process may then take the output of the first process as its input, and so on.  When the output of one process is used as input by another process, this is called pipelining.

This pipelining effect is how proxies work.  The output from your news server is piped through yProxy to your newsreader.  This allows the user to create a pipeline of tools that filter or modify the data in multiple steps.  Connecting pipes allows generation of a specific output, often converting one format or protocol to another.

yProxy Diagram

The pipelining concept is also used when hooking up cable television.  You connect the output from the wall into the input of your cable converter and the output from the cable converter into the input on your television.  Your cable converter unscrambles the TV signals as the data travels from the wall, through the cable converter, and into your TV.  Your cable converter may even be converting coaxial cable input into composite cable, S-Video, or HDMI.

Cable box hookup

Streams

Streaming means that you process data in real time as you receive it, rather than waiting to receive all of the data before you begin processing it.

Streaming movies on the Internet means that you can start watching the movie from the beginning, as soon as it arrives, while the rest of the movie downloads.  You don’t have to wait for the entire movie to download to begin watching it.

Streaming reduces the latency, or wait time, while data is going through the pipeline.  If your cable converter needed to download an entire show before you could begin watching it, you would definitely notice the wait.  However, the cable converter processes the data as it is received and immediately passes it along to the TV, removing the perception of any delay.

While yEnc supports pipelining in both directions (encoding and decoding), yEnc supports streaming only for decoding.

Streaming yEnc

yEnc includes the size of the file in the yEnc header, instead of in the footer.

Imagine if you were the type of person that hated surprises, so you absolutely had to see the ending of a movie before you could watch it.  If that were the case, you could never watch a streaming movie.  You’d have to download the whole movie, skip to the end, then go back to the beginning.  yEnc has a similar problem.  yEnc requires the encoder to describe the end of the data before sending the data.

If yEnc had simply made the “size” information a footer instead of a header, yEnc would support streaming in both directions.  The current process in the pipe doesn’t have the size of the attachment until all of the data has flown through, so the size should be included at the end, not the beginning.

If you piped an attachment from your newsreader to yProxy, in order for yProxy to encode the attachment, yProxy would first have to receive the whole attachment, buffering it in memory or on your hard disk, generate the yEnc header, and then begin uploading the encoded attachment to the news server.  Outlook Express, Windows Mail, Thunderbird, or whichever newsreader you were using would have to wait while yProxy sends the entire attachment to the news server.  The newsreader would very likely timeout while it waits for yProxy to respond with the success message from the news server.  Therefore, yProxy does not support yEnc encoding.

Streaming and pipelining are important paradigms in communications and information technology.  Developers should adhere to both standards when designing protocols or encoding methods.

Tags:
Posted in Software Development, yEnc, yProxy | No Comments »

No news isn’t always good news

Monday, July 14th, 2008

I intentionally downloaded something questionable on the Internet because I thought it might be a useful program.

First, let me say that I don’t encounter too many destructive viruses any more.  Not since infecting computers became profitable have I personally seen any viruses that simply delete your hard drive or corrupt your master boot record or anything like that.

I planned to run the questionable application on my laptop.  I hadn’t yet installed any antivirus software on my laptop, so I installed McAfee’s antivirus and firewall.  After the shields were up, I scanned the EXE.  Nothing was detected by McAfee, so I ran it.  The program seemed to do nothing.  Yet, even more suspcious than the program not doing what was expected–the program actually deleted itself.

Just because your antivirus doesn’t detect a problem doesn’t mean there isn’t a problem.

It turned out to be a Trojan backdoor program, which also installed some Internet Explorer ActiveX add-ons.  Interestingly, when I disabled one of the add-ons through IE, it re-enabled itself before I shut down IE.  Make sure you manage IE’s add-ons through Internet Options in control panel rather than through the Tools menu in IE.

Also, I couldn’t delete the DLLs that were part of the malware because they were loaded by winlogon.exe.  I tried killing the threads and handles using Windows SysInternals Process Explorer.  That didn’t seem to let me delete the DLLs, even though they were killed.

I’ve had good experiences with Avast Antivirus in the past, so I installed that.  To anounce a virus, Avast uses an audio alert, like the ship’s computer on Star Trek, which appeals to me.  Avast also has a simple user interface and a no-hassle install and no-hassle updates.

AvastAvast has a pre-boot scan which can delete viruses before they’re loaded by Windows.  Unfortunately, Avast didn’t even detect the malware DLLs, however it did detect the original EXE, which I tested by re-downloading it.

So, I did some research.  I found an article that actually compared the effectiveness of antivirus programs.  The program that was rated #1 for accuracy was a program called Avira.

AviraAvira has a painless install, an easy user interface, and it detected not only the original EXE, but also each individual malware program that was delivered as payload by the EXE.

When Avira detected the DLLs, it asked what I wanted to do.  I said, “Move to quarantine”, but the files remained, which made sense because they were in use.   But after a reboot, the malware was effectively moved to the quarantine.

My favorite part about Avira’s user interface is that an open umbrella icon in your system tray means you’re protected, and a closed umbrella means you’re not–simple.

So, now I have three anti-viruses installed on my laptop, but they seem to get along.  Avira is free for personal use, like Avast.  However, Avira does nag you to upgrade with a pop-up, which may seem almost as bad as those Internet Explorer add-ons.

Antiviruses should be more clear by always giving an answer.  They should report one of the following: “infected”, “possibly infected (heuristics)”, and “unknown”.

Unfortunately, there is no way for an antivirus to report a program as “safe” unless the program has been digitally signed by a trusted author.  A digital signature identifies where a program came from, and it’s up to you to trust or not trust the program based on that.  It would be nice if an antivirus actually reported “safe”, not just “nothing detected”.

Tags: , , , , ,
Posted in Security, Software Development | 2 Comments »

« Older Entries