Nerdblog.com

1/30/2007

Hard drives don't multitask

Just so you have a rule of thumb about it:

If your app does disk-bandwidth-bound work in one thread (doing 1MB reads, say), and you brilliantly decide to make it do the same work in two threads, then things overall will go 10x slower. This is one of the things I keep having to remember in Picasa.

People say Windows Vista (which allows bigger reads and some nicer scheduling) and Linux 2.6 (which adjusts the thread quantum based on predicted disk activity) and hard drives with Native Command Queueing can all help this a little bit, but overall I've not seen a situation where you retain even half the single-threaded disk bandwidth.

1/08/2007

Superclick is evil?

I'm on my honeymoon in a hotel in Maui.

In theory the internet costs $15/day here, but due to a deal with Fairmont's "President's Club" I'm getting it for free. Guess I should be more thankful, but I'm not.

A company called "Superclick" provides internet connectivity for the Fairmont Kea Lani (and I just read Marriott and a bunch more have signed on). When you try to use your connection, you'll notice:

1. a lot of redirecting and other weirdness (sometimes with an IP and sometimes with "superclick" in the URL)
2. that every new URL you type ends in "?",
3. and if you look closer, you'll find secret frames around your webpages.

It turns out that Lorna and I both noticed and both got upset about it, so I'm spending a (small) amount of time figuring out how this thing works and what it's after. After all, I'm still on my honeymoon.

If you're running an older browser, I understand you'll get pop-under ads too, but Firefox seems to be mostly taking care of that for me.

I've spent a few minutes sniffing traffic, and Superclick's system appears to work like this:

1. They run a transparent Squid proxy on port 80. (A transparent proxy is one that is implemented for every connection on port 80.) You can verify this by connecting to a host that doesn't respond and getting an error page. Mine is a genuine squid error: "Generated Mon, 08 Jan 2007 11:13:36 GMT by localhost (squid/2.5.STABLE14)"

2. This squid creates a page that hosts a frame with (a) their page, and (b) the page you requested. Their page looks like this:

<html xmlns="http://www.w3.org/1999/xhtml">
<body>
<a href='http://mds.superclick.com/mds/adclick.php?hotelid=1330&bannerid=263
&zoneid=62&source=&dest=http%3A%2F%2Fwww.superclick.com' target='_bl
ank'><img src='http://mds.superclick.com/mds/adimage.php?filename=1pixel_trans_2
.gif&contenttype=gif' width='1' height='1' alt='' title='' border='0'></a><d
iv id="beacon_263" style="position: absolute; left: 0px; top: 0px; visibility: h
idden;"><img src='http://mds.superclick.com/mds/adlog.php?hotelid=1330&banne
rid=263&clientid=115&zoneid=62&source=&amp;block=0&capping=0&
;cb=a6e9a1a491ae0a580b3a1e58db523195' width='0' height='0' alt='' style='width:
0px; height: 0px;'></div></body>
</html>

i.e. their page does some tracking of each new page you visit in your browser, outside what a normal proxy (which would have access to all your cookies and other information it shouldn't have, anyway) would do. This "adlog" hit appears to also track a "hotel ID" and some other data that identifies you more directly.

Notably, I've observed these guys tracking HTTPS URLs, and of course you can't track those through a proxy.

While it is possible for the tech-savvy to establish a VPN to one's home network to avoid all this nastiness, but it suggests a bad trend - a lack of privacy when browsing, even through connections you're paying for?

Superclick advertises that it "allows hoteliers and conference center managers to leverage the investment they have made in their IP infrastructure to create advertising revenue, deliver targeted marketing and brand messages to guests and users on their network. ``Perhaps the most powerful aspect of MDS is that it can be integrated onto any third-party managed network, not just our own proprietary SIMS network,'' Natale added, ``In addition, we have developed MDS Analytics which provides marketers with real-time network performance and usage analysis, thereby enabling them to evaluate the ROI of their marketing efforts.''

Nice stuff. Now back to the honeymoon.