"My best basic law is of no use to me if I have to fear concretely that a bomb goes off in the subway evenings. You have to consider security measurements. These don't have to cut basic laws massively."

Clueless German minister of justice Brigitte Zypries on this week's verdict of Germany's Constitutional Court

(If you think that this entry is about life coaching: no, it's not. Just (very) technical stuff here.)

Quirky technical problems are my daily bread. This one was a toughie and I hope that its solution will help others with similar symptoms. I will first sketch the basic infrastructure, then the problem, our debugging steps and the solution(s).

The affected system consists of two Windows-based W2K3 (Windows 2003) Servers with SP2 installed, running in a NLB cluster with two nodes. Each cluster member hosts an IBM WebSphere 6.0 environment which is controlled by a third Network Deployment server. The Websphere Cell consists of a configured cluster of two nodes (our both servers).

Each server (we're just talking about the cluster here, forget that ND machine) has a Xeon processor at 3 GHz and is packed with 10 GBytes of RAM. The network interfaces (4 in total; each server has a frontend and a backend NIC) are HP NC373F PCIe Multifunc Gig Server Adapters with newest drivers. The load balancing happens at the frontend network interfaces, where the load of the web servers, whose IP addresses are bound to these interfaces, are balanced. The backend interfaces are unclustered and unbalanced, usually they're used for maintenance and administration, here they are also used to send the web server's answers back to the client.

This cluster is connected to a host machine (an IBM system) via Connect Direct (this realizes the connection to a DB2 database on the host) and MQ Series. Our deployed web application (running under WAS 6 and thus a Java app) gets its request from a client application (another Java app running at the user's deskop) and sends messages and also gets / sends data from and to the host.

The client application could be used for approximately one minute (or longer). It crashed with a "socket write error" exception and claimed that the TCP-connection to the web server was lost. In the web server's log we detected a "Socket Timeout Error". Obviously the TCP connection was broken! This behaviour was completely new to us, because previous tests in the test environment were running without problems. The architecture of the test system was identical to that of the productive environment. The only difference was the hardware: the productive servers are HP G5 machines, while the test servers are G3 servers.

After checking the whole application environment and every WebSphere setting available, we finally found the error in the NIC driver configuration. Obviously our very special software setting (Windows 2003 Server SP2, WAS 6) didn't harmonize with the NIC driver settings on this special hardware. It was the "Receive-Side Scaling" option that we found activated. After switching it off the problem disappeared and the TCP connection between client application and web server wasn't interrupted any longer. Since not every NIC does allow this setting to be set manually, there's a registry key where you can configure it on the affected server (after SP2 is installed): start regedit and look for the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters. Now set up a new DWORD value EnableRSS and set it to 0 (zero). If problems persist, you may set up another DWORD value DisableTaskOffload and set it to 1 (one). More detailed instructions.

This error was extremely difficult to detect, because all other network operations worked flawlessly. It was possible to connect and administrate via RDP, to copy huge amounts of data, and all WebSphere handling including deployment and node synchronisation via ND server worked like a charm. The problems occured only while running the application. We suspect some very strange side effects somewhere between driver settings and Java network operations.

Of course, problems didn't stop here. We learned, that the queue wasn't served correctly, because an older version of our software was still running on another (older) server. After stopping this old installation, everything went fine, finally!

Who needs Bundestrojaners? To make personalized advertizing possible, three British Internet providers (BT, Carphone Warehouse and Virgin Media) teamed up with a company called Phorm in order to track Internet user's behaviour and to send ads suiting to their profiles. Phorm promises to establish a new platform called OIX (Open Internet Exchange) that will send ads to a user whose browsing records were accessed by Phorm. This way advertizers can send ads to a user that might suit his 'needs'. The providers give Phorm access to all necessary information to get this job done.

Any objections against this worst case scenario of privacy are hit back by Phorm with shallow arguments like they're clearing their caches often or their privacy policy has been checked by Ernst & Young. I'm not convinced, and so aren't lots of British, because some of them make head against this unfortunate alliance. After having read this NYT article (the providers didn't want to bring their alliance to light, so British media echo was small) they have set up a website and put up resistance. I hope this will shed some light on this obscure business practice where BT denied secret tests with Phorm last summer.

Putting the lid on this affair, Phorm is a successor of 121Media, a supplier of Spy- and Adware. Quite a great alliance! (Source)

Take that, European educational politicians: "The IEEE will recommend that the traditional four-year degree, such as a Bachelor of Science or of Engineering in the United States, remain the first professional degree in engineering." No way for turbo studies. (Source)

As we've been learning, they're just poorly engineered and tend to break a lot," Simons said. "They're also insecure, so it's possible to insert a virus.

I remember the last parlamentary elections and me standing in front of this head-high apparatus with lots of knobs. One of it had a label "Invalid Vote". (Source)

Could the Internet crash? Media rich content like videos, music, online games increase demand of higher bandwidth. According to recent measurements, YouTube is consuming up to 20 percent of HTTP traffic, that is some 10 percent of the overall Internet traffic. In November 2007, Nemertes Research gained attentiveness by its prediction of a bandwidth collapse in 2010, when Internet demand could outpace the overall network capacity. Whether advances in Internet technologies and better hardware will overcome this cloudy prognosis is yet unclear. (Source (Login req'd)).

I wonder if network neutrality opponents will take this opportunity to purport to be saviours of the Internet by narrowing bandwidth capacity for video and BitTorrent hogs. We'll see by no later than in 2011, when TV at the computer screen will be an everyday task and the ever increasing need for speed will outpace the underlying network. In former years, Pop ate itself and video killed the radio star. Will the Internet also kill itself? Or is this just a 'normal' development?

Farewell! It was one of your novels (2001) that introduced me to Science Fiction and made me want to become a scientist eventually. I always enjoyed your stories and nothing makes me more sad that most of your visions are still fiction.

Another important verdict from Germany's Constitutional Court: only weeks after nullifying North Rhine-Westphalia's 'law on protection of the constitution', today the Prime Court strongly limited the newly introduced procedures of data retention. Through provisional order they illegalize usage of collected traffic data without essential reason and without adjucation. Others may be more elaborate on the details, but I just want to say that this is another verdict to strengthen (or defend, as you prefer) civil rights against the greediness of an ever growing autocratic state. Sadly, judges didn't forbid data retention itself. It's just the data access that will be made much more difficult for prosecutors, but I don't complain. A big consequence is that it's no longer that easy for the content industry to get access to server log files without good reason: as far as I know the exchange of mp3 files isn't a terrorist threat yet. Another consequence would be that Germany's minister of justice Zypries has to resign. (Source)

He's right. I had a lot of better rogations to offer, but the old man in Vatican wants us to pray for the 'perfidious Jews'. Things didn't got better by alleviating the formula. Pathetic and embarrasing.

My rant of yesterday about that verbal injury in the Trident Mass would be incomplete if I wouldn't propose at least one rogation instead of the one concerning about the right faith for the Jews, praying for their conversion. How about that:

Let us pray for the forgiveness of our sins and those of our ancestors: for losing our humilty in serving wrong purposes, for the savage persecution of innocent people and those who were not willing to follow us, for the oppression of dissenters, for the past and present anti-semitism of our joint creditors, for the arrogance that emerged from our assumed choiceness.

Just a proposal. I don't want die-hard Catholics ruin my catholic belief. I want them to continue here and to look forward. Digging autocratic prayers from the past out of the relic box is definitely a mistake. Happy Easter, folks!

Maybe they're just talking pretty big, but if CAULDRON (Combinatorial Analysis Utilizing Logical Dependencies Residing on Networks), a piece of software to prevent cyber attacks by identifying possible network vulnerabilities, keeps its promises, it's definitely worth a look. Funded by defense, DHS, the FAA and 'intelligence communities', it's both interesting and amusing that the first public documentation of this system is a Master's Thesis. (Source 1, Source 2 (with more links))

Sequoia Voting Systems' email to Princeton professor Edward Felten, suggesting legal action if he were to test the security of Sequioas e-voting machines sheds light on the idea of security some manufacturers have. Instead of having a detailed review and learning from errors, producers argue with 'intellectual property' and try to prevent a critical analysis of their goods. That's indeed a strange understanding of security, because people willing to circumvent poor security algorithms won't be impressed by Sequioa's threats. Paper and pencil, please. (Source)

In addition to this article: an interesting Popular Mechanics report on recent unmanned fighting robots with impressive pictures. I still find the idea of unmanned armed systems frighting and disturbing.

After Germany's Chaos Computer Club's (CCC) published the fingerprints of the German minister of the Interior, Wolfgang Schäuble, Schäuble said that everybody might know his biometric data, because he has nothing to fear from anybody. (Source)

Obviously, Mr. Schäuble didn't get it. Let's assume there's a burglary in your neighbourhood and Schäuble's fingerprints are widely scattered on the walls, on the furnitures, whatever. Let's assume further that he can't prove he was in bed that night. What would usually happen? The handcuffs would click within seconds. Biometric data don't lie! Nobody will misuse your data! Trust us, trust us...