{"id":37,"date":"2008-07-08T10:57:55","date_gmt":"2008-07-08T08:57:55","guid":{"rendered":"http:\/\/www.ofcourseimright.com\/?p=37"},"modified":"2008-07-08T15:01:58","modified_gmt":"2008-07-08T13:01:58","slug":"lets-get-simple","status":"publish","type":"post","link":"https:\/\/ofcourseimright.com\/?p=37","title":{"rendered":"Let’s Get Simple"},"content":{"rendered":"

\"AIn the summer of 2004 I gave an invited talk at the USENIX Technical Symposium entitled \u201cHow Do I Manage All Of This?\u201d\u00a0 It was a plea to the academics that they ease off of new features and figure out how to manage old ones.\u00a0 Just about anything can be managed if you spend enough time.\u00a0 But if you have enough of those things you won’t have enough time.\u00a0 It’s a simple care and feeding argument.\u00a0 When you have enough pets you need to be efficient about both.\u00a0 Computers, applications, and people all require care and feeding.\u00a0 The more care and feeding, the more chance for a mistake.\u00a0 And that mistake can be costly.\u00a0 According to one Yankee Group study in 2003, between thirty and fifty percent of all outages are due to configuration errors.\u00a0 When asked by a reporter what I believed the answer was to dealing with complexity in the network, I replyed simply, \u201cDon’t introduce complexity in the first place.\u201d<\/p>\n

It’s always fun to play with new toys.\u00a0 New toys sometimes require new network features.\u00a0 And sometimes those features are worth it.\u00a0 For instance, the ability to consolidate voice over data has brought a reduction in the amount of required physical infrastructure.\u00a0 The introduction of wireless has meant an even more drastic reduction.\u00a0 In those two cases, additional configuration complexity was likely warranted.\u00a0 In particular you’d want to have some limited amount of quality-of-service capability in your network.<\/p>\n

Franciscan friar William of Ockham<\/a> first articulated a principle in the 14th century that all other things being equal, the simplest solution is the best.\u00a0 We balance that principle with a quote from Einstein who said, \u201cEverything should be made as simple as possible, but not simpler.\u201d\u00a0 Over the next year I will attempt to highlight examples of where we have violated both of these statements, because they become visible in the public press.<\/p>\n

Until then, ask yourself this: what functionality is running on your computer right now that you neither need nor want?\u00a0 That very same functionality is a potential vulnerability.\u00a0\u00a0 And what tools reduce<\/em> complexity?\u00a0 For instance, here is some netstat<\/em> output:<\/p>\n

% netstat -an|more\r\nActive Internet connections (servers and established)\r\nProto Recv-Q Send-Q Local Address\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Foreign Address\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 State\r\ntcp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0 0 0.0.0.0:993\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0.0.0.0:*\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 LISTEN\r\ntcp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0 0 0.0.0.0:995\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0.0.0.0:*\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 LISTEN\r\ntcp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0 0 0.0.0.0:3306\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0.0.0.0:*\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 LISTEN\r\ntcp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0 0 0.0.0.0:587\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0.0.0.0:*\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 LISTEN\r\ntcp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0 0 0.0.0.0:110\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0.0.0.0:*\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 LISTEN\r\ntcp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0 0 0.0.0.0:111\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0.0.0.0:*\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 LISTEN\r\ntcp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0 0 127.0.0.1:2544\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0.0.0.0:*\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 LISTEN\r\ntcp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0 0 127.0.0.1:817\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0.0.0.0:*\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 LISTEN\r\nudp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0 0 0.0.0.0:32768\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0.0.0.0:*\r\nudp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0 0 127.0.0.1:53\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0.0.0.0:*\r\nudp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0 0 0.0.0.0:69\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0.0.0.0:*\r\nudp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0 0 0.0.0.0:111\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0.0.0.0:*\r\nudp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0 0 0.0.0.0:631\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0.0.0.0:*\r\nudp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0 0 127.0.0.1:123\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0.0.0.0:*\r\nudp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0 0 0.0.0.0:123\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0.0.0.0:*\r\nudp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0 0 :::32769\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 :::*\r\nudp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0 0 fe80::219:dbff:fe31:123 :::*\r\nudp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0 0 ::1:123\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 :::*\r\nudp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0 0 :::123\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 :::*<\/pre>\n
It’s difficult for an expert all of this stuff.\u00a0 Heaven help all of us who aren’t experts.\u00a0 So what do we do?\u00a0 We end up running more programs to identify what we were running.\u00a0 In other words?\u00a0 That’s right.\u00a0 Additional complexity.\u00a0 What would have happened if we simply had the name of the program output with that line?\u00a0 This is what lsof<\/em> does, and why it is an example of reducing complexity through innovation.\u00a0 Here’s a sample:<\/p>\n
COMMAND\u00a0\u00a0\u00a0\u00a0 PID\u00a0\u00a0\u00a0 USER\u00a0\u00a0 FD\u00a0\u00a0 TYPE DEVICE SIZE NODE NAME\r\nxinetd\u00a0\u00a0\u00a0\u00a0 3837\u00a0\u00a0\u00a0 root\u00a0\u00a0\u00a0 5u\u00a0 IPv4\u00a0 10622\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 TCP *:pop3 (LISTEN)\r\nxinetd\u00a0\u00a0\u00a0\u00a0 3837\u00a0\u00a0\u00a0 root\u00a0\u00a0\u00a0 8u\u00a0 IPv4\u00a0 10623\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 TCP *:pop3s (LISTEN)\r\nxinetd\u00a0\u00a0\u00a0\u00a0 3837\u00a0\u00a0\u00a0 root\u00a0\u00a0\u00a0 9u\u00a0 IPv4\u00a0 10624\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 UDP *:tftp\r\nnamed\u00a0\u00a0\u00a0\u00a0\u00a0 3943\u00a0\u00a0 named\u00a0\u00a0 20u\u00a0 IPv4\u00a0 10695\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 UDP localhost:domain\r\nnamed\u00a0\u00a0\u00a0\u00a0\u00a0 3943\u00a0\u00a0 named\u00a0\u00a0 21u\u00a0 IPv4\u00a0 10696\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 TCP localhost:domain (LISTEN)\r\nnamed\u00a0\u00a0\u00a0\u00a0\u00a0 3943\u00a0\u00a0 named\u00a0\u00a0 24u\u00a0 IPv4\u00a0 10699\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 UDP *:filenet-tms\r\nnamed\u00a0\u00a0\u00a0\u00a0\u00a0 3943\u00a0\u00a0 named\u00a0\u00a0 25u\u00a0 IPv6\u00a0 10700\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 UDP *:filenet-rpc\r\nnamed\u00a0\u00a0\u00a0\u00a0\u00a0 3943\u00a0\u00a0 named\u00a0\u00a0 26u\u00a0 IPv4\u00a0 10701\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 TCP localhost:953 (LISTEN)\r\nnamed\u00a0\u00a0\u00a0\u00a0\u00a0 3943\u00a0\u00a0 named\u00a0\u00a0 27u\u00a0 IPv6\u00a0 10702\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 TCP localhost:953 (LISTEN)\r\nntpd\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 4026\u00a0\u00a0\u00a0\u00a0 ntp\u00a0\u00a0 16u\u00a0 IPv4\u00a0 10928\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 UDP *:ntp\r\nntpd\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 4026\u00a0\u00a0\u00a0\u00a0 ntp\u00a0\u00a0 17u\u00a0 IPv6\u00a0 10929\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 UDP *:ntp\r\nntpd\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 4026\u00a0\u00a0\u00a0\u00a0 ntp\u00a0\u00a0 18u\u00a0 IPv6\u00a0 10930\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 UDP localhost:ntp<\/pre>\n","protected":false},"excerpt":{"rendered":"
In the summer of 2004 I gave an invited talk at the USENIX Technical Symposium entitled \u201cHow Do I Manage All Of This?\u201d\u00a0 It was a plea to the academics that they ease off of new features and figure out how to manage old ones.\u00a0 Just about anything can be managed if you spend enough … Continue reading “Let’s Get Simple”<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[50],"tags":[500,496,51],"class_list":["post-37","post","type-post","status-publish","format-standard","hentry","category-complexity","tag-complexity","tag-security","tag-usability"],"_links":{"self":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/37","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=37"}],"version-history":[{"count":0,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/37\/revisions"}],"wp:attachment":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=37"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=37"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=37"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}