Archived posting to the Leica Users Group, 2000/09/30
[Author Prev] [Author Next] [Thread Prev] [Thread Next] [Author Index] [Topic Index] [Home] [Search]Dear LUG people, I've been out of town without easy access to a decent keyboard, so I haven't answered Duane's question. I've read all of the answers that others have posted. As users of the web and the internet we ought to understand this. [The issue here is that Duane Birkey, in Ecuador, had trouble seeing the Leica web site in Germany, but others did not have such trouble.] As an engineer I have a design principle, for myself and that I try to teach others, which I call the "Three Mile Island principle." It is named after the near-catastrophe at the so-named nuclear reactor in Pennsylvania in March 1979. To me this principle is that, in designing something, you should never try to conceal complexity. If you cannot make an mechanism simple, then you must own up to the complexity and make it visible to the customer. A simplified explanation of what went wrong at Three Mile Island was that the operators' console gave them an overly simplistic view of the insides of the reactor, causing them to have a mental model of the reactor mechanism that was not adequate enough to comprehend, or deal with, the problem at hand. There was a lot of complexity in the reactor control system, and the operators' console should have mirrored it. People who use any technological system form mental models of what that system does. The internet is no exception. After a few years of using the internet, most people have a pretty good sense of what's what, and how things are supposed to behave. The internet is, for the most part, deliciously simple, and most of the models that users form are quite accurate. In web browsers, there is always, somewhere, a control panel that lets you specify a 'proxy server'. Usually you can specify different proxies for different protocols, though most people never learn how the protocols differ and just use the same proxy for everything. If you specify a proxy, then when your browser wants to access a certain page at a certain site, it doesn't ask the site for it, it asks the proxy for it. If the proxy has a copy, it just hands it over; if it doesn't have a copy, then it asks on behalf of the browser, saves a copy, and then hands it over. Proxies typically have large short-term storage areas but do not do long-term storage. The most refined proxy technology comes from Australia, New Zealand, and Sweden, which are all high-tech places that are far away from North America. There aren't very many wires to Australia, and it is to everyone's benefit to have only one copy of a web page travel to Australia, and then have multiple copies handed out within the country. Ditto for New Zealand. Or Ecuador. It is very hard to convince the entire population of a country to configure their web browsers to use a certain proxy. And many of them would get it wrong. There needed to be some way to force people in places like Australia and New Zealand and Ecuador to use proxies whether they wanted to or not. So the 'transparent proxy' or 'web interceptor' was invented. This is a device that more or less pretends to be a piece of wire, except that if web requests come through, it won't pass them on, but will intercept them and force them to use a proxy. These things are very popular with ISPs, because it allows you to serve more customers with fewer data circuits. And they are almost universal in long-distance connections to places that are not heavily wired. Ecuador is such a place. There's a good article about transparent proxies in ZDNet news from April, 1998: http://www.zdnet.com/eweek/stories/general/0,11011,310741,00.html The problem with transparent proxies is that they aren't always transparent. If the proxy decides that it has a current copy of a web page, but it doesn't, then a person will see the old one instead of the new one. Proxies also keep copies of name information, as well as of web pages, to avoid having to repeat the name lookup over and over again. I am quite certain that what happened to Duane Birkey is that there is a Web Gateway Interceptor in the data path between Ecuador and Germany, and that this device kept copies both of the Leica web page and of the name-server information for www.leica-camera.com. Leica's ISP likely moved the Leica site to a different server computer (making the corresponding change to the name service) but Ecuador's link was keeping copies of the outdated name information longer than the cached pages themselves, thereby creating a protocol error when the cache went to update itself. These problems will fix themselves as soon as the cached-too-long information expires and is refreshed from the live copy, and there is precious little that anybody can do about it in the interim. Transparent proxies violate the Three Mile Island principle because they are vastly more complex than they admit to being, and create failure situations (such as this one that bit Duane) that are incomprehensible with respect to the standard mental model that internet users form. For many years I maintained a reverse proxy server here at mejac.palo-alto.ca.us, which people could use to bypass web interceptors if they knew how, and I could have offered it to Duane. But I had to turn it off because some people in Slovenia figured out how to use reverse proxy servers to bypass audit controls in some e-Commerce systems, and the US Secret Service asked very politely if I would please turn it off, so I did. Brian Reid