Archive for May, 2010

Google owns up and explains fault in WiFi data collection with street view

Google Street View Car in Chinatown Toronto

Recently search engine giant Google has been under fire for unintentionally collecting payload data from unsecured WiFi networks with it’s innovative Google Street View Cars. The reason they are harvesting data is for geo location, the driving force behind apps like Google Maps, Yellow Pages, and my personal favorite TimmyMe. If you are anything like me you love these apps and have incorporated them in to your life by now.

The problem was that those funny looking cars were collecting a little bit more information than they should have, but only from open, unsecured/non passworded WiFi networks. Networks I just so happen to love when going for a walk with my iPod Touch.

They also did not collect too much data as the hardware is designed to rotate through WiFi channels quickly, not stay on a channel and snoop. But snoop they did, but just a little. Google said in their defense on their official blog.

“So how did this happen? Quite simply, it was a mistake. In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data.”

What that breaks down to is that they picked up a piece of code that could do the job, a job that adheres to the informal company slogan “Don’t be evil”. But they didn’t look at the code thoroughly enough to know that it had another function unknown to Google Engineers, who placed the errant code into the current project that ended up collecting small segments of data.

Google admitted that they made a pretty big boo-boo, stopped the collection of WiFi data, and is bringing in 3rd party companies to audit the data, and tweaking their own internal procedures to minimize something like this from happening again. Standard damage control.

Google ends their blog posting with a note of apology that lacks the dusty corporate face one would expect from a company so large.

“The engineering team at Google works hard to earn your trust—and we are acutely aware that we failed badly here. We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake.”
A few things we need to take into consideration here. The data is rather useless and it wont be shared, nor would have been shared with 3rd parties as it would not have been part of the the Geo Location API as you can see in an earlier posting on this issue that was amended due to some factual inaccuracies.

I think it is rather sad that Google makes a mistake and the world lashes out at them. Google has given this world so much, do you honestly think they really had evil intentions with all of this? Looking on the bright side I am happy this lesson was learned with something rather minor, it raised some awareness about not leaving your WiFi open, and it gives the paranoid something to type about.

I will still stand by Google after this, and I hope you do to.

We are about to reach the end of the Internet

NO VACANCY

Over beers and crude jokes about YouPorn, my friends have often humored that I have been to The End of The Internet and back. And the sad part is, they are right. And soon enough, so shall the rest of you, and you wont even notice.

I am not talking about some mythical end where one day all our computers, Blackberries, and iPhones suddenly don’t work. What I am referring to is the end of the 4 octet IP addressing scheme known as IPv4 that was invented in the 1970s.

The End of The Internet

The Problem

By now you have probably heard of IP addresses, to put them in perspective and to sum it up quickly, think of them like a mailing address to your mobile device or modem. A IPv4 Address looks something like 127.0.0.1 in decimal notation, and there is only approximately 4 billion of these to go around… THE WHOLE WORLD! (256 x 256 x 256 x 256) When you go to a website, you are sending a request to them for information. Like any good mailman the internet needs to know where packages/packets are supposed to go. And even then not all of those addresses are publicly usable. They are broken into different classes A-B-C (and more). Explaining IP classification would go beyond the scope of this document.

Now take into perspective all the computers, mobiles, and other nodes attached to the internet, yes sometimes even printers have IPs, and most have a unique number. If your mind is a little small and your thinking 4 billion is a lot, think about Asia, Europe, and North America, and every friend you know with a smart phone. 4 billion should be looking pretty small by now.

Back in the 1970s 4 billion was a massive number considering there was not a lot of internet connected nodes. But people predicted the end of the IPv4 Protocol was near back in the 1980s, and the internet didn’t really start taking off until the mid 1990s. That’s right, even before the big .com bubble we were running out of numbers.

Other than the limitations of how many IPv4 connected devices there are on the internet there was also another flaw in the IPv4 protocol. It was not built with security in mind, though later on it was patched with IPsec.

The Solution

IPv6 Protocol is on the horizon, and has been since 1998. Though adoption of the technology has been slow if else nonexistent, IPv6 will give us a lot more addresses to choose from. And how many is that? Oh lets say about 3.4 x 10 to the 38th power, take 34 and add 37 zeros.

Another great thing is that IPv6 also increases our bandwidth. Today, that might not seem like a big deal as IPv4 on DOCSIS 2.0 can still theoretically give us 42.88 Megabits per second or 5.1ish Megabytes per second if for some strange reason you like to think in data storage size rather than in data transfer speeds, and yes there is a difference. Your ISP will give you speed regulated in Bits not Bytes (8 bits to a Byte).

In theory IPv6 will give us speeds well beyond the scope of IPv4 if you are using a DOCSIS 3.0 compliant network. I say in theory because most ISPs are not giving you a completely unbridled internet. Even with IPv4 I am happy with my 10 down 1 up from Shaw.

A IPv6 address looks nothing like a IPv4 address. This is sad, because for years I have been storing often used IP addresses in my head and pulling them out like phone numbers. But with how IPv6 looks, there is no way I could do this.

Here is an example of IPv4 versus IPv6 in dot decimal notation. All you Network+ people keep in mind I am not talking Hex or Binary to keep this simpler.

IPv4: 127.0.0.1
IPv6: 128.91.45.157.220.40.0.0.0.0.252.87.212.200.31.255

IPv6 also opens the doors to new technologies. You might have noticed certain things in Windows Vista and Windows 7 require IPv6 functionality to operate like Windows Meeting Space. Things like these can not be used securely with IPv4 and Network Address Translation (NAT) as IPsec (That security patch in IPv4) and NAT do not get along well.

What this means to you

As a standard home consumer you really do not have much to worry about. IPv6 has been implemented on all major operating systems in use in commercial, business, and home consumer environments for quite some time. And with a very short life your computer or mobile has compared to a toaster, you probably will have more trouble adopting to HDTV than you will IPv6. In fact you might already be on the IPv6 Bandwagon and not even know it.

You might be given a new modem by your ISP sometime in the near future that is DOCSIS 3.0 or DOCSIS 2.0+IPv6 compliant in the event your ISP runs out of IPv4 addresses and has to assign you a IPv6.

As someone in the IT Industry you may stumble over the concepts at first but it will soon enough become so common you won’t even really care. In fact, you will probably hate working around all the IPv4 stuff eventually.

The end is near

You might be wondering exactly when the IPv4 addresses will run out. Well it is impossible to say exactly, but there have been many scripts made to estimate the end of the IPv4 Internet, And I just so happened to include one in this post for your pleasure. At time of writing the ticker is at 483 days.

There has to be more

Actually, there is a lot more. I left things out and simplified others just for the sake of keeping this within the scope of the average user, and to make this document as short as possible while getting to the point. I left out the parts about how slow ISPs are in adopting IPv6, and I did not touch on DOCSIS too much, or that 4G Phones are all IPv6.

I also did not discuss IP Reclamation Projects going on through out the world, where we are taking back unused blocks of IPs and using existing block more efficiently. There are also many tricks we use everyday with out thinking about it. For example, you might be like me where you have over 7 computers or devices in your house all connected to the internet. By using NAT our home routers are giving our computers behind it IP addresses that are not public while still sharing one public internet accessible IP address from your modem.

If you read this hoping for the Holy Grail of IPv6 information you sure went to the wrong blog. But I do hope this sheds some light on the IPv4 issue.

Wikipedia Links:

IPv4IPv6, DOCSIS, IPsec, IPv4 Address Exhaustion, Chuck Norris, NAT

AN OPEN LETTER TO HOBBYISTS

Here is a old letter by Bill Gates from back in 1976 to hobbyists pirating BASIC. He wasn’t very happy about it back then either. But imagine where computers today would be if people were not boosting BASIC and stealing Windows 3.x. I will admit I have run more than my fair share of pirated Operating Systems, but nowadays I do buy my OS. Though I don’t get retail copies I do buy “Builders Copies” as I build my own PCs.

By William Henry Gates III

February 3, 1976

An Open Letter to Hobbyists

To me, the most critical thing in the hobby market right now is the lack of good software courses, books and software itself. Without good software and an owner who understands programming, a hobby computer is wasted. Will quality software be written for the hobby market?

Almost a year ago, Paul Allen and myself, expecting the hobby market to expand, hired Monte Davidoff and developed Altair BASIC. Though the initial work took only two months, the three of us have spent most of the last year documenting, improving and adding features to BASIC. Now we have 4K, 8K, EXTENDED, ROM and DISK BASIC. The value of the computer time we have used exceeds $40,000.

The feedback we have gotten from the hundreds of people who say they are using BASIC has all been positive. Two surprising things are apparent, however, 1) Most of these “users” never bought BASIC (less than 10% of all Altair owners have bought BASIC), and 2) The amount of royalties we have received from sales to hobbyists makes the time spent on Altair BASIC worth less than $2 an hour.

Why is this? As the majority of hobbyists must be aware, most of you steal your software. Hardware must be paid for, but software is something to share. Who cares if the people who worked on it get paid?

Is this fair? One thing you don’t do by stealing software is get back at MITS for some problem you may have had. MITS doesn’t make money selling software. The royalty paid to us, the manual, the tape and the overhead make it a break-even operation. One thing you do do is prevent good software from being written. Who can afford to do professional work for nothing? What hobbyist can put 3-man years into programming, finding all bugs, documenting his product and distribute for free? The fact is, no one besides us has invested a lot of money in hobby software. We have written 6800 BASIC, and are writing 8080 APL and 6800 APL, but there is very little incentive to make this software available to hobbyists. Most directly, the thing you do is theft.

What about the guys who re-sell Altair BASIC, aren’t they making money on hobby software? Yes, but those who have been reported to us may lose in the end. They are the ones who give hobbyists a bad name, and should be kicked out of any club meeting they show up at.

I would appreciate letters from any one who wants to pay up, or has a suggestion or comment. Just write to me at 1180 Alvarado SE, #114, Albuquerque, New Mexico, 87108. Nothing would please me more than being able to hire ten programmers and deluge the hobby market with good software.

Bill Gates

General Partner, Micro-Soft

Return top