Why does the other lane always seem to go faster?

Because it does go faster. Well, not always, but more often than your own lane is faster.

Before I tell you why this is, let’s consider a simpler scenario for a moment. You’re driving in a congested single lane road. For the sake of this thought experiment, assume that the road is made of two equal parts. Through half of the length of the road the traffic moves relatively fast, but through the rest of the length the traffic moves slower. Let’s call the fast part A and the slow part B. Then you’ll spend more time at part B than at part A. If for example the traffic moves twice as fast in part A than in part B, you’ll spend 1/3 of the driving time in part A and 2/3 of the time at part B.

So even though the slow and the fast parts are equal in length, they are not equal in time. And this is true no matter how the slow and fast parts are distributed throughout the road. The fast and slow parts could be interleaved for example, so that for the first km the traffic goes fast, the second km the traffic is slow, and so on; in the end the result is the same: you spend more time in the slow parts.

Now back to the original question. The road has two lanes (let’s call them X and Y) and they’re both made of “fast” segments and “slow” segments. It’s safe to assume that the lanes are symmetric, in the sense that the total length of segments where X is faster than Y is equal to the total length of segments where Y is faster than X. (Even if the lanes aren’t identical, the probability of you choosing to enter each one of them is 50:50, so statistically speaking the assumption holds).

Let’s say that you only stay in one lane throughout the whole road. Then by the assumption above, the length of the road where your own lane moves faster than the other lane is equal to the length of the road where your lane moves slower. But remember that if you move through a road composed of a slow part and a fast part of equal lengths, you’ll spend more time at the slower part. Consequently, you spend more time at the segments where the other lane is faster! Just like in the first example, even though the two types of segments are equal in length, they’re different in time.

So next time you’re in a traffic jam and wondering why the cars in the other lane go faster, remember that Murphy doesn’t hate you; it’s just that you drove fast through the fast parts.

What happens if you move between lanes? It depends on your timing and on the distribution of the fast and slow segments along the road. For example, it seems to be the case that if a segment along the lane is slow, it says nothing about the probability that the next segments is slow (the events are statistically independent). If the segments are short, then by the time you change the lane the traffic could already move in a different pattern and you gain nothing. In that case, it would seem to you that the lane became slower when you moved to it, when in fact you just experience the same effect as staying in the original lane.

A demo HTTPS server with OpenSSL

In this post I’ll show how to set up a simple HTTPS server with OpenSSL. I needed to learn this in order to research a problem regarding client certificate authentication on .NET. However, the instructions here contain some sub-steps that can be useful to know in other situations. The instructions are for Windows but, again, they may be useful on other platforms.

We’ll be using the openssl utility and ca.pl, supplied with the OpenSSL package. Before you begin, make sure the directory containing OpenSSL binaries is in the system path.

The openssl utility can already serve as a web server. We just need certificates for the server and for the client. We’ll begin by generating a sample Certificate Authority (CA). The certificates will be signed by this CA.

Generating the CA

To generate the CA, type

ca.pl -newca

You can press Enter to use the defaults for all fields except common name (type some identifier you’ll want to use for the CA) and password (must be at least 4 chars). You’ll be asked to enter a password three times; enter the same password at each time.

You now have a demo CA in the folder demoCA. Create an X509 .cer file that can be imported in the Windows trusted root certificates store:

openssl x509 -outform der < demoCA\cacert.pem > cacert.cer

Now import the certificate into the trusted root certificates store. Remember to remove the certificate from the store when you’re done, to reduce security risks.

Creating the server certificate

ca.pl -newreq

Use default values for everything except the common-name. For the common name, type the server name (e.g. http://www.example.com). Make sure that the name resolves to the local machine. You can simply use the local machine’s name, or add an appropriate entry to the hosts file.

ca.pl -sign

Type in the password for the CA key, and accept the certificate. Now you have the certificate in newcert.pem and the private key in newkey.pem. Make a unified PEM file for use with OpenSSL:

copy newcert.pem+newkey.pem server.pem

Creating a user certificate

The first two steps are more or less what the same as when you created the server certificate.

ca.pl -newreq

Use default values for everything except the common-name. For the common name, type a display name for the user. Sign the certificate:

ca.pl -sign

To be able to import the certificate and the associated private key into the Windows personal certificate store, we’ll need to create a pfx file. (The file is PKCS #12 format. Apparently, Firefox can also use this format.)

openssl pkcs12 -export -in newcert.pem -inkey newkey.pem > user.pfx

Import the certificate into the browser, and you’re ready for the big moment.

Running the server

openssl s_server -www -Verify 1 -CAfile demoCA\cacert.pem

You’ll need to enter the password for the server’s private key.

This will start a server on port 4433. Start up IE, and navigate to https://hostname:4433, where hostname is the name you typed earlier into the server certificate’s common name field. If everything was set up correctly, you’ll be prompted for a client certificate. After selecting the client certificate you’ll see a status page sent by OpenSSL.

Troubleshooting

On Windows, you may see an unable to write ‘random state’ error with every command.The commands work nonetheless. I believe it can be safely ignored in this context; it just means the private keys will be less than 100% random, which is OK for our purposes (but probably not for production use).

If you get a TXT_DB error number 2 error message when signing the certificate, it could mean that a certificate with the requested serial number is already registered in the CA database. You can edit the file demoCA/serial to change the next assigned serial number to something else.

How to resize a VMware disk

These instructions worked for me for resizing guest Windows partitions hosted with VMware Workstation 6.5.1.

1. Back up your data. The steps below include messing with the virtual machine files and partitions and could conceivably destroy all your data (although they worked reliably for me so far).
2. Power off the virtual machine. Note: in order to resize Windows NTFS partitions you must shut down Windows properly.
3. The next step won’t work if you have snapshots. If you don’t need older snapshots, delete them using the Snapshot Manager.
4. Resize the disk:

   vmware-vdiskmanager.exe -x 36GB myDisk.vmdk

   The disk is now bigger, but the partitions inside it stay the same. You’ll need to edit the partition table. See next steps…

5. Dowload the GParted live CD. GParted is an open-source partition editor.
6. In the VM Settings dialog box, set the CD drive to use the GParted ISO image file you’ve downloaded.
7. Make sure the CD drive is before the hard drive in the virtual machine’s BIOS boot order. To do this, add the following entry to the VM’s .vmx file:

   bios.forceSetupOnce = "TRUE"

8. Power on the virtual machine. Because of the previous step, you’ll enter the BIOS setup utility.
9. Reorder the boot sequence if necessary so that CD drive will be before the hard drive. Save the settings and exit the setup utility.
10. GParted Live should load now. The main window should appear after pressing Enter at a few prompts. When the main window appears, edit the partitions as necessary.
    (For some reason I have strange problems with the mouse pointer in GParted, so I use the keyboard). When you’re done, choose Edit -> Apply All Operations.
11. Disconnect the ISO image, and restart the VM.