Perfection is death

Being perfect is good. But trying to be perfect is just a death sentence to anyone.

There is no perfection

In the theory world, there is a top for anything, and you can reach perfection just by spending enough. It’s always true that a project’s quality is linearly boosted as time spent. However, it’s not. Just like speed, you can reach a certain speed easily by accelerating for a certain time, but if you want more speed, more accelerating time/energy is just useless. You can never reach c even if you spend an infinite amount of time and an infinite amount of energy. It’s the same in any project. You can get to a certain quality level with a certain amount of time in the beginning. However, no matter how long you spend, it’s never perfect.

We use the backup project as an example to explain it in detail. First, we define the perfect state of a backup project:

  • No one can access the backup data except the owner
  • The owner will never lose any useful data because of the backup

First, it’s something that can be easily done. You write a script to diff the data, divide data into small s3 objects, GPG encrypt it and sign it, then send it to Amazon Glacier. Just some lines of script, easy.

But when you put it into your crontab, you find something is missing. It’s not a perfect backup scheme. The data can be lost if you accidentally deleted it when you are between the backup cycle. It’s not tolerable! But you can still solve it. So you write a service, and then go into your kernel source tree, open the fs/open.c, patch the kernel, restart the system, and find not all calls are good. So change more sources, patch the kernel, restart the system, and again, and again…

You think you have a perfect solution now. Every time you write the file, it will immediately transfer to Glacier; Even before the file reaches the disk from the cache, it has already safely in the cloud. No way to lose data now.

But the problem can always arise. It’s still a long way to perfection. What if Amazon bankrupt? Easy, add the backup to Aliyun; What if your backup GPG key is lost? Print the encrypted version and post it anywhere; What if the network is down? Write another service to do a watchdog job and beep loudly whenever a backup fails. Beep is of course, not perfect. You need to have two private network lines to Amazon and Aliyun just to provide stable networking, so you buy AWS Direct Connect and some fuck network setup for Aliyun. But it can still fail, so you build an automatic program to call Amazon and Aliyun to fix the private line when it finds the line is broken.

Yeah, you have a perfect backup solution. But no?

It’s still far, far away from being perfection.

What if RSA is not secure? You need a private asymmetric encrypt method to make sure it’s safe(I use VXEnc~). What if your important idea is lost when typing in TTY? Patch kernel again and add keystream backup. What if kernel panics? Rewrite the kernel to perfect so that to make it never panic.

But it’s still far away from being perfection.

You still need to write a git-like branch system to manage the backup-restore history, you need to store every object’s travel history, and you need to ensure the network is good once again. Add another several providers. And you need a local offline copy, so you build a service that’s just like Glacier. You need perfection, and Earth has a possibility to nuclear war(0.7% for average given year, it is said), 0.7% data loss rate? Not tolerable! So you need to build the world’s biggest rocket launch station to send out backup copy in real-time as you save a file. But it still needs much more improvement to keep it secure in space.

 

You see, it can never complete.

 

I spent about 2 hours to finish the first step, but much more time has been spent since then, and I have never finished all the things on the list yet. I believe much more can be done, just to make the simple two requirement successful:

  • No one can access the backup data except the owner
  • The owner will never lose any useful data because of the backup

I developed a feeling that even all human beings spend all their life just trying to finish such a simple backup task perfectly, they will fail. Even if all human generations, one after another, spent infinite time on this simple data backup project, they will not achieve perfection.

There is no perfection.

 

There can always be perfection

Though in reality, there is no perfection, you can always find some better ways for anything. You can always find something you can do to make your project better. Since there is the internet, you can receive far more information than your ancestors. They may live in a dreamland that they have done everything perfectly even if they can’t be sure whether or not their house can stand over the next storm, but you can’t. You will always receive information about how to make something better. That information tends to make you believe it’s easy and simple to build a better place. Your knowledge is improved than your ancestors, and your ability enables you to do things that will help your project to perfection. And your brain refuses to believe anything is finished until it is perfection.

The smarter you are, the harder to lie to your brain. If you are good enough, you may find all the things that you have joined are marked as undone.

Modern lifestyle is a helper for this crisis. In the good old time, you can know when you finished work. When you make bottles for sale, you make bottles, even though they are imperfect, you will not spend time to think that you should rob it from your customers to make it more perfect. When the bottles are out of your hand, it has finished, no more headache.

But modern days, you are a worker with multiple projects. You can not finish a part of the project and marked it as done. As you can always make changes to that part, you will always try to make it perfect. As long as you have access to that part, it is never marked as done.

As a human, you will have the Zeigarnik effect whenever there are things undone. When all things are never done, you will be mad. Everyone feels that madness in modern society. People want to do things, but they can’t, as there are many other things to do. They want to do A, but there are BCDEFGHIJ; They want to finish B, but there are ACDEFGHIJ, and much more clearly shined in their brain than B because of Zeigarnik effect. They decide to finish J first, but their brain keeps thinking of ABCDEFGHI. They decide to start a perfect timetable with a perfect J, and J will never finish as there is no perfection.

In the end, they finish nothing.

But still, ABCDEFGHIJ is in their brain. They need to do it. So they browser the internet trying to find something for B and find a good way to solve part of C, they did it, and remember B is not even started. Guiltily, they close the computer, see the To-Do list, and find the H, trying to do it in 5 minutes, and mobile phone rings.

Do you ever have the feeling that you have done nothing after a tiring day?

Don’t you?

Henry Ford invented assembly lines to save the worker from low efficiency. Some textbook says assembly lines improve efficiency by letting everyone do the repeated task. However, it’s not entirely true. Assembly lines improve efficiency by letting workers forget about their previous product and focus on the current one. An experienced car master can easily build a car from raw metals if he wants, but even in every detail he is more experienced than assembly workers, he will never reach 1/5 efficiency of a man in an assembly line. He can build a car in 10000 hours with all the tools a worker has, but 1000 workers can do the same thing in 1 hour.

It’s not because he is not experienced. Even the assembly line is filled with fresh new workers. Everyone can be much more efficient than the lonely car master.

It’s because he can touch his product even when a part is finished.

The only solution to this problem is a Freeze and GTD lifestyle. For every single project, it should be a test, which tells you whether the project is finished. If a test is passed, even your guts tell you the project is in a mess, and you should never touch the project again. It’s finished. Not only so, but it’s also frozen. In a preset period, you shouldn’t do anything to improve the project even if you do want to improve it. Do a new project after the period if you still remember the project. But never think of the project when it is finished, as it will never be on your list again.

Have you heard it somewhere? It seems familiar? Yes, it’s TDD. You write more production code every day (exclude test) in TDD is not because your time is magically doubled, it’s because your code can be anything, ANYTHING, as long as it passes the test. Whenever some code passes the test, you will not and should not review it. It’s a way to fight Zeigarnik effect, just like the assembly line.

If you can always focus on your topic, you will have 5~10 times performance boost. It is verified data. Assembly lines make workers focus, and 10x performance is seen. Good TDD makes programmers focus, and for some programmers, 100x performance is seen. You can also have this performance boost happen in your daily life, just do like you are in an assembly, and you will be fine.

 

danger to HTTPS, doom to SPDY

Since the BREACH attack, it seems that there is no way to transport content securely in the HTTP world.

The BREACH arrack is an HTTP version of CRIME, which recovers encrypted messages by analyzing the compress ratio of different media. It is well-know that people can see distinct pictures from the text by the compress ratio; however, before CRIME, there is no easy way to detect what exactly the information is by the ratio only. But the breach always exists. The word “faster” and “sunoru” have the same length. However, the entropy(binary) of “faster” is 2.58496, and the entropy of “sunoru” is 2.25163. So, if you know the original length(6) of the words, and also get access to the entropy of the words, you can easily obtain rich information from the results. For a “perfect” compress algorithm with an observe-only way to get information, you can get how much time different alpha is included in each word, which, generally, is not so useful(But shouldn’t be public even so). But real-world compress algorithm is NOT perfect, and real-world environment is NOT observed only. You can send a message to the server to determine which real-world compress method the server is using, and you can obtain much more information form the simple ratio if multiple requests are made by the CRIME attack.

For HTTPS, it represents a danger for web pages with simple information. For example, some banks in China using a number in a picture to show how much money you have, when the picture is compressed, it is pretty easy to obtain the real number the picture shows by compress ratio. By using a precomputed table, you can decrypt millions of those “money pictures” per second with a Macbook Air. So if you find your bank is transport money number in the picture, you should be aware it may be a deliberate way to publish that information to the whole net.

However, for SPDY, your app may be cracked even without deliberate setups. SPDY’s speed is based on compressed headers, which include URL, cookie, and authorization token. As the client will send the header wherever people visit the same site, you just need to XSS the client to a static page(e.g., a 404-page ~), then you can obtain all the information in the header without any painful struggle. And when you get the header, you get the URL(so the complete browsing history is public), the cookie and authority token(so the log-in status of the personal), and all the content of the page. So, it’s just like that you are visiting the page using HTTP without S.

Not only HTTPS and SPDY are effected, Tor, which uses gzip as it’s compression algorithm, is also affected. But it may be not so easy to crack Tor as it reuses TCP tunnel… SSH with compress can also be decrypted this way. However, it needs some small skill and luck to do the gzip guess as you cannot easily make the user resend things.
In conclusion, SPDY is just like clear text for a careful attacker, and HTTPS is not so secure anymore…

The good news is that the network working group finally finds the danger in compression, and decides not to support compression any more in TLS 1.3 draft-02. Have I said that is good news? It seems not like a pleasant change for those who only have limited network bandwidth…

HTTPS SNI

SNI means Server Name Indication, which is a technology to let the server know which domain the client is linking to and return the certification correspondingly, which makes a single IP possible to serve multiple HTTPS sites. It is defined in RFC 6066 section 3.

The protocol extension changes the handshake process in the TLS. The client should include a struct array of the DNS name of the server the client wants to link to. And if the server has the certification, the handshake goes on normally. If not, the server should send a fatal level error and drop the connection, or just go on as if nothing happened(and give out the default certification).

The protocol also influenced the session cache of the TLS server. The TLS server which supports the extension will never give out any session to the client if the server_name mismatches. Even if the client has all the outer things qualified.

Some people think that SNI will add security risks as the client will transport the server name in cleartext. However, if a site is a TLS site(without SNI), anyone can know who the client is talking to by linking to the server. Essentially means the IP in traditional TLS servers gives out the information of the domain. Telling the domain will not add security risk to the protocol.

In fact, as the protocol provides another way to check session cache, it actually reduces the risk(though seems impossible&useless already in traditional TLS server) if the server uses the wrong TLS session which is opened by an attacker to send message to the user.