Thu Nov 12 05:29:56 CET 2015

Occasionally it is good to pull the plug...

The Internet is everywhere. As educated citizens of the modern information age, we believe we know what we are doing when we sign up for online Internet services. But we (too) often ignore the fact that we also collectively work towards a world where without the Internet, we are nowhere. Back in a day, before the digital revolution, people were buying and thus owning content, nowadays we get content streamed but we do not own it anymore. Or, even more interestingly, we buy (and hence "own") content in formats that can only be accessed if we are online. And it does not stop with just content. Nowadays, people deploy advanced home automation systems and many of them depend on cloud backends for regular operations. Just recently, I prepared a document for a meeting (in which I participated online) and only an unexpected downtime of my Internet uplink revealed that the recommended text formatting tool requires to be online to use it. These often hidden mashups are showing up increasingly in tools where one would not expect them. This is worrying me since these hidden mashups create a complex network of dependencies that lead to new and unknown risks through the possibility of cascading failures. Perhaps it is a good idea to pull the plug occasionally just to see what all stops working if the Internet is not everywhere anymore.

Posted by Jürgen Schönwälder | Permanent link

Fri Jul 31 20:51:42 CEST 2015

Streak-Running Experience

Every runner knows that variations are important; running always the same route at the same pace is not only boring but also ineffective from a physiological point of view. I am neither a fast nor an ambitious runner - I usually run distances around 10 km (sometimes less, sometimes more) and I do three runs per week. I prefer to run a mixture of new routes and well-known routes. I enjoy exploring unknown areas by running through them and I am used to travel with running shoes in my luggage.

During spring this year, I developed the feeling that I need some kind of change and I decided that it is time to try something new. On June 1st, I decided to start a running streak. The definition of streak running is simple: run at least one mile within each calendar day and count the number of days that you manage to do this. Some people apparently manage to do this for more than 40 years - this is amazing, but of course it takes 40 years to get there. I did not have any ambition to do streak running for such a long time; I just wanted to try it out and see how it feels. Since I live in a metric world, I decided to run at least 2 km instead of 1 mile every calendar day (not a big difference and, of course, one can run longer distances anytime).

I finished my running streak today after two months (61 days). I decided already after about 45 days that I will stop my running streak after completing two months. Obviously, streak running is not my favorite running mode. So what happened? Well, at the beginning I felt a bit tired without any days of rest. As a compensation, I started to shorten my longer runs and the runs started to become similar in distance. The feeling of being tired went away but I also observed that I lost running strength since my body got used to run shorter distances. The number of kilometers I run per month did not really change, the only change was more smaller runs compared to fewer longer runs. I started to vary the pace but this did not compensate for the lack of longer runs.

I noticed that the overall time I have spent on running activities per week increased slightly. Before streak running, I have been spending about 3 hours outside a week and perhaps another 90 minutes for cooling down and taking showers, a total of 4.5 hours a week. With streak running, I did spend about the same time outside but the time needed for preparation and taking showers increased to roughly 2 hours, a difference of half an hour per week. Probably not a big deal but I noticed it, perhaps since running every day also requires more coordination with family life. And after a longer run, I often have the feeling of having achieved something. I usually did not get this feeling after the shorter runs; it was more like marking off a routine activity on my daily agenda but nothing that made me feel good. All this made me to conclude after some 45 days that streak running is not really my thing. But I wanted to complete at least two months to be sure, which I did today.

Yes, streak running also leads to some interesting situations. First, you have to take running shoes on almost every trip. For me, this is not something unusual although I often do not do this on short trips with say only one sleepover. During the two months, I did run in London (UK), in Ghent (B), in Hengelo (NL), and in Prague (CZ). I did run in Münster as well because a train connection did not work out and I figured out that I could not reach home before midnight and hence I had to run in Münster while waiting for the next connetion home. On several days, I ended up running close to midnight since I am not really an early morning runner. This is OK during the summer time but scheduling the runs likely gets tricky during winter time. Perhaps streak running is easier for early morning runners; they can bring something home from a bakery and this most likely influences family acceptance of this running mode positively as well. During the IETF meeting in Prague, I also ended up running close to midnight (when it was still close to 30 degree Celsius on some days). After returning from Prague, I got a cold and I continued to run my minimum distance very slowly. I can't say that I did enjoy doing these runs while feeling pretty weak. But all of this is over now and I am happy to have finished my two months of streak running. And I am looking forward now to a day without running and my next 10km run in two days.

Posted by Jürgen Schönwälder | Permanent link

Thu Jan 30 17:40:44 CET 2014

Musings on the Loss of Privacy

I am using computers since the early 1980s and I am 'on the Internet' since the late 1980's. Back then, it was clear that computers had limited character sets and hence I started to write my name in a format that computers could deal with easily. Hence I have two 'names' on the Internet and in fact a couple of additional ones that were created by software doing bad transformations and humans mixing writing styles.

In the 1990s, I believed that with the start of the 21st century, computers would have learned to deal with international character sets. I was wrong. Even today, using international character sets does not always work (although things did improve, no doubt). Interestingly, however, many computer programs have instead learned to correlate the different spellings and major web sites manage to match merge data records they find. This appears to be technically much harder than solving the underlying problem but then data is always to some degree 'buggy' and instead fixing all the buggy data, there is more value in learning to deal with it.

While everything sounds good (except that the matching is not perfect), there is also a certain side effect. It is getting harder to maintain an independent identity since the advancements in matching data records impede your attempts to maintain privacy when desired. In fact, with today's technology, privacy seems to be a dying concept.

Historical Perspective

Disruptive changes in the human history that led to long-term improvements for the civil society have always been associated with certain undesirable side effects. The industrial revolution, for example, caused at the beginning chronic hunger and malnutrition in certain parts of Europe impacting significantly the life expectancy. Furthermore, it brought bad labor conditions and pushed child labor. The society eventually reacted to these undesirable effects by establishing, for example, unions to get the negative impacts of the industrial revolution under control.

Today, we are witnessing what some people call the Digital Revolution moving us into the information age where the economy is to a large extend based on information computerization. The digital revolution enables globalization and brings along effects such as the loss of privacy. From a historic perspective, one can except that it will take some time until the civil society will react to the unwanted side effects of the Digital Revolution. At the moment, however, it seems we are in an early stage since it is not clear yet what the loss of privacy means to the society in general.

Loss of Privacy

We have lost privacy. Average people have not even a slight idea about what is possible with the data collected by today's networked computing systems. People have lost control over their data. It is impossible to know how much data previously innocent devices like TVs collect, to whom this information is reported and how that information is processed and traded. Big industries are spying on people because big money can be made by creating personalized online worlds. This goes already way beyond the placement of matching advertisements and product offers. We already see that online prices for products and services depend on who is the potential buyer. Privacy as a value appears to be old school.

Vint Cerf, one of the fathers of the Internet, made a statement in 2013 that "Privacy may be an Anomaly". While it is certainly correct that, from a historic perspective, privacy is a relatively recent human right, one has to contest that in today's computerized world, where hardly any information is ever 'forgotten', a certain amount of privacy is simply necessity in order to allow human beings to evolve and to not break our social welfare systems.

Glimpse at the Future

If privacy got lost, what are the options?

  1. Pessimist view:
    Give up, we have lost privacy, privacy won't come back...
  2. Technologist view:
    Design special systems like e.g., Tor to hide communication to gain at least some pieces of privacy back
  3. Anarchist view:
    Produce so much data that the correlation systems fail
  4. Evangelist view:
    Educate society, educate programmers, educate organizations, ...
  5. Economist view:
    New business opportunities (Privacy as a Service)

I am confident that society at some point in time will react and find mechanism to regain privacy. But right now, we are witnessing an interesting part of the human history and it remains to be seen when societies will react. It is not predictable what the privacy related incident will be that is big enough to change the societies' sensitivity to the loss of privacy. It likely must be something severe enough that negative consequences directly affect a significant portion of the society. How long will the overall process take to regain privacy? I don't know but I would not be surprised if it takes a generation or even more.

Posted by Jürgen Schönwälder | Permanent link

Fri Jul 20 22:04:51 CEST 2012

Experiments in Computer Science

Research in systems-oriented computer science involves the implementation of prototypes and their experimental evaluation. It is not uncommon, in particular for young researchers (means students), to spent most of their time on the implementation itself, spending little time on the evaluation of the system. Of course, it is then often too late to discover that a proper experimental evaluation of a system takes lots of time and effort. I am writing this in order to help people to avoid falling into this trap.

  1. Experiments need to be repeatable.

    This simple statement has lots of consequences. It means that it is not sufficient to run a program (or system) in a random environment with random inputs producing perhaps random outputs. Instead, everything impacting the experiment must be clearly documented. This usually concerns the execution environment, the input data set, and the output produced. It is good if the input data set is openly available. Ideally, data sets can be used that have already been used in related work since this enabled comparisons. Making the implementation available is a great idea as well since this allows others to followup on your work. Finally, care must be taken that output produced by running the program or system are verified to be correct.

  2. Experiments require proper data analysis.

    As we all know, it is not sufficient to throw a coin once to derive any conclusions about its behavior. The same applies to many experiments in computer science. It is often necessary to repeat experiments and it is insufficient to state that an experiment has been repeated N times and you show average values. You need to explain why N is a reasonable number. Furthermore, an average might hide a large variation, leading to wrong conclusions. Hence, it is necessary to do some basic data analysis (like calculating confidence intervals) to show whether a sufficient number of experiments have been performed and whether the numbers or graphs showing mean values carry any meaning.

  3. Experiments produce data not graphs.

    While plots are often nice to visualize results, it is often more useful to provide numeric results in tables. Have you ever tried to read numbers out of a 3D-plot, e.g., to compare them with your results? Once you try to do this, you will notice that many impressive colorful plots have close to zero value. Think about numbers as the main result of your experiment and graphs just as an additional representation to visualize certain interesting aspects.

  4. Experimental results need an interpretation.

    It is not sufficient to produce a number of tables and plots. It is crucial to interpret them. In particular, any unexpected results need an explanation. Yes, this can often be difficult and usually requires further experimentation in order to understand what is going on. But gaining this further insight into the program or system is crucial for understanding it. In fact, substantial (and often fun) research often starts after the initial data has been collected - you observe something unexpected and you start trying to understand it. (Of course, if you are running late, you will unfortunately often miss the fun of doing this part of research.)

  5. Experiments need to be designed.

    It is not sufficient to run a program (or system) in a random environment with random inputs producing (perhaps random) outputs. Instead, you need to design the experiments you perform. You need to think upfront about the research question you want to answer with the experiment. It is often the case that you start from a rather simple question. But once the results obtained showing surprising (unexpected) behavior (which is often the case), it is crucial to iterate the process by designing new experiments to find answers explaining the surprising behavior observed. Of course, all this requires that you thought about expected results while designing the experiment. Having simple models of the system and a sound analysis of the complexity of the algorithms involved will be helpful to determine what a reasonable expected behavior is.

Posted by Jürgen Schönwälder | Permanent link

Tue Dec 6 11:00:20 CET 2011

Time for the Journal of Opinionated Networking Research?

I have just enjoyed reading a paper where the author reports about a number of measurements he did and draws very clear 'opinionated' conclusions from the facts presented in the paper. This was such a refreshing read and I started to wonder why I found this so refreshing. It turns out that most networking papers I read (or have to read) either have lots of opinion but only a very few facts to support them or the papers have lots of facts but the authors refrain from articulating a clear conclusion and a clear opinion from the facts.

I find well argued 'opinionated networking research papers' much more fun to read and it is kind of a shame that most authors these days either shy away from formulating a clear opinion based on the facts they have observed or simply have an opinion without showing any effort to collect facts supporting their opinion. Perhaps the way our research world is organized simply does not encourage authors to write 'opinionated' research papers. Authors may fear that it is more difficult to get an opinionated paper accepted for publication due to what essentially is a lack of trust in the review system. Perhaps I should consider starting a Journal of Opinionated Networking Research where it is explicitly stated that it will not publish any papers having opinion but lacking supporting facts or papers having facts but lacking an opinion. I am relatively sure there will be quite some readers who will enjoy reading opinionated research papers. The problem might be to find a sufficient number of authors who understand the art of writing well opinionated networking research papers and who are not afraid of doing it.

Posted by Jürgen Schönwälder | Permanent link

Fri Jul 29 18:10:06 CEST 2011

Home Networks of the Future

At the 81st IETF in Quebec, a new working group was formed to work on standards for home networks. During the kickoff meeting, a number of talks were delivered depicting a future where homes have an integrated network infrastructure comprising of several sub-networks (IPv6 of course ;-) interconnected by several routers and supported by multiple uplinks. Furthermore, a number of firewalls will be present to provide separation between the office network, the entertainment network, the kid's network, the utility network, the home automation network, the health monitoring network, etc.

While I am sure that some networking geeks will have such integrated home networks (and apparently some IESG members already enjoy building networks like this), I have some doubts that such highly integrated home networks will become the norm, for simple operational reasons: My utility provider likely does not want to answer support questions that turn out to be a problem in my integrated home network. Similarly, my TV provider likely does not want to deal with issues caused by my game playing kids and improper configuration of network separation (as kids grow up, they might also start playing games with my internal routing protocol). And surely, the organization I am working for wants to ensure proper protection of my home office and likely sees no reason to trust any of the elements of my home network.

I consider it much more likely that we will have a number of mostly isolated networks in the home of the future with relatively few shared elements. These mostly separate networks will run IP (not sure which version) and there is likely little direct communication between then. For example, I can imagine that my utility provider likes to access my meter via my ISP's connection to my home, but I assume that the joint infrastructure ends where the ISP's network enters my home. For example, the ISP might lease a VLAN to the utility provider and a separate utility network starts right at the point where the ISP network ends. But it might also be possible that the utility provider simply hooks in the meanwhile paid and thus cheap GSM network to read my meter, which is even less hassle to deploy and operate.

That said, lets see how the home networking activity proceeds in the IETF. Perhaps the working group manages to come up with solutions how to run an integrated home network in an autonomic way that does not need any management and reliably delivers the services demanded by the different applications.

Posted by Jürgen Schönwälder | Permanent link

Mon Jul 18 16:07:47 CEST 2011

USB Considered Harmful

The Universal Serial Bus (USB) has been a great success. Almost all peripheral devices such as printers, keyboards, cameras, audio devices, disk drives, wireless interfaces can be easily connected using a standard plug. And of course, USB memory sticks have become a standard way of data exchange, replacing CDs and DVDs. But exactly here is the problem. Some companies are rightfully afraid of leaking sensitive data and with the appearance of fast small USB memory sticks, the USB interface has been identified as a problem.

Together with a student, I recently visited a larger company and we carried some development boards with me. The micro-controllers on the boards are conveniently programmable via a USB interface. Unfortunately, the company has a policy that forbids anything with a USB plug to be carried out of the company (and we wanted to take some boards home again). And of course, for people sitting at the registration desk, all that matters is the USB plug form factor. We had to go through a special procedure in order to get an exception to carry our boards into the company. As part of the procedure, questions had to be answered such as whether the development boards can store data. Of course they can store data since you can reprogram the flash memory of the micro-controllers via the USB plug but for the sake of efficiency I said something that sounded like no to them. Once the boards were inside of the company, we faced the next hurdle since all USB ports of the computers were physically locked. This seems to be kind of a second defense line - even if you manage to bring in a USB device, you can't simply connect it. Luckily, there is a person with an impressive keyring and she was able to unlock a USB port so that we could connect a board before things got locked again. We thought we are ready to go now but there was a third defense line - the BIOS had all USB ports disabled and of course the BIOS was protected so that it could not be changed. So once again we had to call someone to establish an exception so we could start with out work. Needless to say, this all took several hours of time to get sorted out.

Posted by Jürgen Schönwälder | Permanent link

Tue Feb 8 22:46:22 CET 2011

Properly citing RFCs and I-Ds...

Today, an Internet-Draft (I-D) was posted with the goal to clarify how to cite Requests for Comments (RFCs). The suggested BiBTeX format is relatively close to what I happen to use for about 15 years. But the final word, of course, has not been spoken about this and there are some interesting questions one can ask. For example, since RFCs fail to represent author names properly (unless your parents were wise enough to give you a name that is 7-bit US ASCII compatible), the question arises whether a citation in publications that do allow the proper representation of names (almost all journals and conferences) MAY use a person's native spelling of his name or whether one MUST use the spelling in the published RFC.

A transition of the RFC format from 7-bit US ASCII to UTF-8 might be a solution to this problem (for all future RFCs), but then this might take even longer than the adoption of IPv6. ;-)

Posted by Jürgen Schönwälder | Permanent link

Thu Nov 11 03:06:35 CET 2010

Homework 2.0

My first contact to the Internet was in the late 1980s ( was our big friend at that time). If someone back then would have told me that in 2010 I will be discussing math homework with my daughter over the Internet, with me being in China and she being at home in Germany, I likely would have called this person crazy. Boy, did the world change during the last 20+ years.

Posted by Jürgen Schönwälder | Permanent link

Tue Oct 26 23:27:58 CEST 2010

NETMOD Working Group

I have accepted an invitation to co-chair the NETMOD working group in the Operations and Management Area of the IETF. Almost exactly five years ago, I have been in a similar situation when I was asked to co-chair the ISMS working group in the Security Area of the IETF. I am still co-chairing ISMS - lets see how long my engagement with NETMOD is going to last...

Posted by Jürgen Schönwälder | Permanent link