Latest Posts:

Cavebear Blog

I have many opinions …

Why I Built KMAX – The World’s Best Network Emulator

I am a human, I am not an AI. I wrote this piece to reflect on the testing of Internet protocols, in particular through the use of devices that tickle the flow of packets going back and forth between devices that speak those protocols.

The term “network emulator” is ambiguous.

Does it refer to a device that affects actual packet traffic or is it a mathematical model about what would happen to real traffic? If real packet traffic, where do those packets come from, the user’s own network or a synthetic traffic generator? Can traffic be classifed into related streams and subjected to different kinds of effects? Is the purpose of the emulator to test protocol implementations for robust and correct operation, or is the purpose to push devices under extreme loads?

I tend to work with actual, running network protocol code. My intent is to test whether devices that contain that code perform acceptably when presented with the kinds of network conditions that can occur on real networks but which are rarely present on the pristine networks used by code developers and QA teams. As a consequence, I am more attuned to network emulation tools that allow the controlled manipulation of actual traffic streams emitted by real devices than with mathematical simulations of hypothetical or synthetic, perfect protocol interactions.

I will not be joining the United States Supreme Court (SCOTUS) Bar

I live far from Washington DC, and my practice in law has never required me to bring a matter before SCOTUS. So, for me, membership in the SCOTUS bar would be a bauble, a nice certificate to add to my office wall.

I used to consider the Supreme Court of the United States (SCOTUS) to be an institution with honor and integrity.

I no longer hold that opinion.

I used to believe that a case before SCOTUS would be decided using clear logic, established precedent, and prudence.

I no longer hold that opinion.

Every now and then I ask myself “Should I petition to become a member of the United States Supreme Court Bar?”

But now I add a second question: “Do I want to debase myself by asking for admission to an institution that is no longer worthy of respect?”

Is The Internet At Risk From Too Much Security?

A Roman Aqueduct - Giuseppe de Nittis

The Internet has become a lifeline grade utility.[1]

Our health, safety, and financial security depend on reliable and consistent availability of Internet services.

Yet over the years we have given relatively little consideration to actually having a reliable and consistently available Internet.

We are to a large extent flying the Internet on good luck and the efforts of unheralded people often working with tools from the 1980s.

As we wrap the Internet with security walls and protective thorns, maintenance and repair work is becoming increasingly difficult to accomplish in a reasonable period of time, or even at all.

With the increasing inter-dependency between the Internet and our other lifeline grade utilities — such as power, water, telephone, and transportation — outages or degradations of any one of these systems can easily propagate and cause problems in other systems. Recovery can be difficult and of long duration; significant human and economic harm may ensue.

Although we can hope that things will improve as the Internet matures, outages, degradations, and attacks can, and will occur. And no matter how much we prepare and no matter how many redundant backup systems we have, equipment failures, configuration errors, software flaws, and security penetrations will still happen.

The oft quoted line, “the Internet will route around failure”, is largely a fantasy.

When we designed the ARPAnet and similar nets in the 1970s we did have in mind that parts of the net would be vaporized and that packet routing protocols would attempt — notice that word “attempt” — to build a pathway around the freshly absent pieces.[2]

Today’s Internet is less dynamic than the old ARPAnet; today’s Internet is more “traffic engineered”, and subject to peering and transit agreements than the old ARPAnet. Although the possibility of dynamically routing around path problems remains, that possibility is constrained.

Today’s Internet is far more intricate than the ARPAnet. Today’s Internet services are often complicated aggregations of inter-dependent pieces. For example, web browsing depends upon more than mere packet routing; it depends upon a well operating domain name service, upon well operating servers for the many side-loads that form a modern web page, and upon compatible levels of cryptographic algorithms. Streaming video or music, and even more so interactive gaming or conversational voice, requires not only packet connectivity but also fast packet delivery with minimal latency, variation of latency (jitter), and packet loss.

As any one today can attest, today’s Internet service quality varies from day to day.

When the Internet was less ingrained into our lives, network service wobbles were tolerable. Today they are not.

Problems must be detected and contained; the causes ascertained and isolated; and proper working order restored.

Individually and as a society we need strong assurance that we have means to monitor the Internet to detect problems, to isolate those problems, and to deploy repairs. Someone is going to need adequate privileges to watch the net; to run diagnostic tests; and to make configuration, software, and hardware changes.

However, we do not have that strong assurance.

And the few assurances we do have are becoming weaker due to the deployment of ever thicker, stronger, and higher security barriers.

Simply put: Our ability to keep the net running is being compromised, impeded, and blocked by the deployment of ever stronger security measures.

This is a big problem. It is a problem that is going to get worse. And solutions are difficult because we can not simply relax security protections.

This paper describes this problem in greater detail, speculates what we might be able to do about it, and offers a few suggestions.[3]

On Banning Books - Again

It seems as if certain states of the USA and certain right-wing political “leaders” are trying to control what people can read, watch, or listen to.

This is often a practice of conservative elements, particularly those espousing fundamentalist or Puritan religious beliefs or advocating neo-apartheid goals.

This kind of thing has been attempted in the past. It has not succeeded.

So let’s look at one such attempt by one of the era’s most dominant and controlling institutions, the Catholic Church before the Reformation.

The Lateran Council was began in 1512 and continued through 1517.

Among its decisions was the following. Books had to be examined by a high officer (a Bishop) of the church before publication. Failure to obtain such permission could result in one of the most draconian of sanctions, ex-communication.

Did it work? No.

Network Operations On A Public Utility Internet

Permanent URL:
Revised: March 3, 2023

I gave one of the two keynote presentations at NANOG (North American Network Operators' Group) in the fall of 2019.

There were two parts to the talk.

The first part deals with the responsibilities, obligations, and liabilities of being an operator of parts of an Internet that was becoming a lifeline grade public utility.

The second part shifts to ways we design and implement the Internet to improve its resiliance to errors, problems, and attacks. I suggest that we look beyond traditional methods of designing and implementing computer systems. In particular I urge that we take a look at the methods used by living things to improve their ability to survive.

Below the break is the textual transcript of the talk.

In case the video does not start at the right place, my presentation begins at 7:43.

Here is the transcript:

Democracy Versus Stakeholderism

Joe Everyman, Mr. Corporate, and Ms. Lawfirm walk into a voting precinct. Each gets a ballot, each marks his/her choices, and each puts the marked ballot into the voting box.

Joe Everyman, believing in the principle of one-man, one-vote, leaves.

But Mr. Corporate and Ms. Lawfirm each walk outside, put a sock puppet onto each of their hands, re-enter the precinct and use ventriloquist voices to demand additional ballots, one for each puppet.

The precinct workers say, “you can’t vote a second and third time!”

But Mr. Corporate and Ms. Lawfirm answer on behalf of their respective sock puppets: “I am not voting again, I am merely accompanying a pair of stakeholders who now want to cast their own votes.”

Huh? You would be quite correct if you were to say “This is not democracy!”

But you would be quite wrong if you were to think that this kind of thing does not happen.

In fact it happens quite often.

It goes by then name “multi-stakeholder” or simply “stakeholders”. These are systems in which some people get to use sock-puppets to multiply their votes and influence.

Reformation of the United States Supreme Court (SCOTUS)

Throughout our country people are talking about the United States Supreme Court (SCOTUS).

There are few alive today who have experienced a more conservative Supreme Court.

And there are few objective observers who would deny that on today’s court that legal principle is often subordinated to fundamentalist religious views, libertarian biases against the Federal government, or hazy notions of “natural law”.

Many of the conversation about SCOTUS ask whether we ought to expand the number of justices (pejoratively called “court packing”) or impose some sort of term or age limits on the justices (which would probably require a Constitutional amendment that would be a practical impossibility in today’s political climate.)

But there is another matter.

It is an important matter. It is overlooked. It is a matter that is fully within the power of Congress (with the President’s signature). And it is a matter that requires no Constitutional amendment.

Our Supreme Court is overworked.

The growth of our government, our regulatory agencies, and the ever ramifying complexity of our lives, economy, and technology have increased the work demanded of the court.

SCOTUS does not have the resources to do a proper job.

This article argues that we ought to reshape our Supreme Court so that it can better deal with the workload.

This article proposes nothing radical. Rather the proposal here builds upon long established practices of US courts, most particularly the United States courts of appeal.

Jay Nova Hoffman

Permanent URL:
Revised: Nobember 23, 2021

My oldest friend died this morning.


Jay Nova Hoffman.

I’ve known him since we met one morning at Hazeltine Elementary School in Van Nuys (California) waiting to get into the first day of Mr. Stone’s 4th grade class.

I doubt that any of us thought that our teacher, Mr. Stone, had a first name, much less knew it.

Jay went on to become a teacher and educator. I suspect that his students knew his first name.

Jay and I somehow managed to both win a Good Citizenship medal from the Daughters of the American Revolution. Had the DAR had any notion of what our political and social views would become they probably would have chosen differently.

Modern Software Recapitulates Greek Mythology

Saturn Devouring His Son by Francisco de Goya y Lucientes

The Titan Kronos (Saturn) ate his children.

Modern software developers are doing the same.

Kronos was afraid being overthrown by his sons. So he eliminated them.

Many modern software developers seem hell bent on devouring the past. But they have less reason to do so than did Kronos.

Few of us remember mainframe computers (although they still exist). During their heyday from the 1950s through the 1990s the unbreakable rule was “backwards compatibility”. It was a great sin to change an API (Application Programming Interface) to an operating system or library in a way that could cause existing software to go awry or fail.

This honoring of the past worked: There are many mainframe financial applications, written (often in the 1959 language Cobol) between 1960 and 1990 that are still in heavy use today.

However, today the concept of backward compatibility is no longer universally respected. Today many software developers and providers do not bother to pause and think of the consequences before racing forward and breaking with the past.

We are forcing people to fix what is not broken. We are forcing people to rewrite working code or abandon working products simply because someone, somewhere has decided to cancel existing, working software foundations, often for no reason more substantial than that those foundations are older and perhaps less “elegant” in the eyes of some.

Vote Yes on the TCAA/RNIS Business Plan

To: The Commissioners of the Santa Cruz County Regional Transportation Commission (RTC)

On May 6, 2021 the RTC Commissioners will once again be voting on the Transit Corridor Alternatives Analysis and Rail Network Integration Study (TCAA/RNIS) Business plan.

That Business Plan deserves your approval.

Santa Cruz County has a traffic problem, a large traffic problem. Most residents and businesses in Santa Cruz County are concentrated in a long, narrow coastal plain between Watsonville at the south end and Santa Cruz at the north.

The principal arteries of transportation are two highways: Highways 1 and 17. Both are aging and designed for an era when Santa Cruz County was more rural. Both congest and clog daily.

Caltrans has widened parts of Highway 1 with almost no long-term benefit. And there’s little chance that the infamous “fishook” or the obsolete on/off ramps (such as Soquel near Dominican) will be remedied.

Today, even in the era of Covid-19 and work-at-home, there is a daily tide of commuter traffic. In the morning much of that tide flows north on Highway 1 from Watsonville to Santa Cruz. Much of that traffic continues over Highway 17 to Silicon Valley. In the evening that tide reverses. Long delays occur every day as thousands of automobiles stop, creep, and stop again.

We have a system of smaller roadways, such as Soquel Drive. But they are mere capillaries.

And yet, right in front of us is a golden resource – The “Santa Cruz Branch Rail Line” (SCBRL), an old rail line that runs from a junction with the Union Pacific (and future Caltrain) line in Watsonville, north through Santa Cruz and on to Davenport. These still functioning tracks run close to the Monterey Bay shoreline and roughly parallel to Highway 1.