June 2013 archive

Jun 18

What IPv6 Migration Questions Would You Like To Know From App Developers?

Question markWhat questions would you like to ask of developers who have successfully migrated their applications to IPv6? What tips and tricks would you like to learn?

I am planning to update “Migrating Applications to IPv6” this summer to include pointers to some of the newer RFCs and transition tutorials and in doing the update I would like to add in mini-“case studies” of applications that have already made the transition to IPv6. Some of the questions I’m thinking of asking developers include:

  • How easy or difficult was the migration to IPv6 for your application?
  • What was the most challenging aspect of the migration?
  • Were there any specific tools or libraries that proved to be the most helpful?
  • Did you encounter any surprises in terms of IP address dependency? i.e. places in your code where you didn’t realize you depended upon an IP address?
  • Did you have to make any significant changes to the way you store information? i.e. configuration files, databases, etc.
  • How did you test your application in an IPv6 environment?
  • Does your app work in both an IPv6-only and dual-stack environment?
  • Is there anything you wish you’d known before you started the move to IPv6?

Do you have other questions you would like me to ask? If so, please either leave a message for me here on the site or on one of the social networks where I post this message – or send me an email.

I would also be interested to hear which of these questions above are the most important to you. What are your top 2 or 3 concerns about migrating your app to IPv6?

Also, if you are an application developer who has already ported your application to IPv6 and would be interested in being a case study in the updated book, please contact me as I am looking to get started on these updates soon.

On that note, I’m also thinking about perhaps creating some interviews in video and audio form related to these questions above… so if you would be interested in some multimedia exposure for your application please let me know that, too. (Thanks!)

Jun 18

What IPv6 Migration Questions Would You Like To Know From App Developers?

Question markWhat questions would you like to ask of developers who have successfully migrated their applications to IPv6? What tips and tricks would you like to learn?

I am planning to update “Migrating Applications to IPv6” this summer to include pointers to some of the newer RFCs and transition tutorials and in doing the update I would like to add in mini-“case studies” of applications that have already made the transition to IPv6. Some of the questions I’m thinking of asking developers include:

  • How easy or difficult was the migration to IPv6 for your application?
  • What was the most challenging aspect of the migration?
  • Were there any specific tools or libraries that proved to be the most helpful?
  • Did you encounter any surprises in terms of IP address dependency? i.e. places in your code where you didn’t realize you depended upon an IP address?
  • Did you have to make any significant changes to the way you store information? i.e. configuration files, databases, etc.
  • How did you test your application in an IPv6 environment?
  • Does your app work in both an IPv6-only and dual-stack environment?
  • Is there anything you wish you’d known before you started the move to IPv6?

Do you have other questions you would like me to ask? If so, please either leave a message for me here on the site or on one of the social networks where I post this message – or send me an email.

I would also be interested to hear which of these questions above are the most important to you. What are your top 2 or 3 concerns about migrating your app to IPv6?

Also, if you are an application developer who has already ported your application to IPv6 and would be interested in being a case study in the updated book, please contact me as I am looking to get started on these updates soon.

On that note, I’m also thinking about perhaps creating some interviews in video and audio form related to these questions above… so if you would be interested in some multimedia exposure for your application please let me know that, too. (Thanks!)

Jun 17

FIR #708 – 6/17/13 – For Immediate Release

Three new interviews are up, one more and two book reviews coming; Quick News: Upworthy is fastest growing site ever, Line is biggest social network you've never heard of; Ragan promo: News That Fits: IABC update, Michael Netzley's Asia report, Twitter evolves with analytics and FollowMe, the language of social images, Media Monitoring Minute from CustomScoop, listener comments, Deskcamping connects spare desks with freelancers, Dan York's report, WashingtonPost enters sponsored content fray; music from Zac Mac Band; and more.

Jun 14

IPv6hackers Group To Meet In Berlin on July 28, 2013

IPv6 hackersInterested in IPv6 security? Want to see presentations by people working in the field? If so the members of the “ipv6hackers” mailing list are planning to hold their first face-to-face meeting in Berlin on July 28, 2013, the Sunday prior to IETF 87 in Berlin, Germany.  From the announcement email:

We’re planning to have our first in-person meeting on July 28th, 2013, in Berlin (most likely in the afternoon, between lunch and the IETF welcome reception). The venue would be either the IETF venue (InterContinental Berlin), or some nearby hotel/room (to be confirmed soon).

We’re planning to have some presentations (which MUST be accompanied with code :-) ), and might also have an IPv6 mini-hackathon (i.e., work on code, test implementations, try stuff).

Fernando Gont has asked people who are interested in attending to complete a short survey so that he can know how many people are planning to attend.

If you are interested in IPv6 security, I have found the IPv6 hackers mailing list to be a useful list to monitor as a good number of IPv6 security researchers do participate in the list.  You can see from the archives some of the topics that are discussed. It is open for anyone to subscribe.  There is also a LinkedIn group but as Fernando notes he created the group to help people connect on LinkedIn not as a discussion forum – discussion happens on the email list.

Jun 14

InfoWorld Promotes DNSSEC To Boost Internet Security

InfoWorldWe were very pleased to see InfoWorld publishing this week an article by Roger Grimes titled “Boost your Internet security with DNSSec” that lays out the case for implementing DNSSEC and explains the validation side of DNSSEC.  Given the large audience that InfoWorld has it is good to see DNSSEC getting this coverage.

I’d suggest another useful resource for people reading that article would be SURFNet’s white paper about enabling DNSSEC validation in DNS resolvers as that paper provides step-by-step guidance to enabling validation in BIND, Unbound and Windows Server 2012.

I’d also note for people wanting to experiment with DNSSEC validation, Google’s Public DNS servers do now support DNSSEC and so you can at least temporarily point your system to Google’s servers to try out validation.  As we’ve also noted in the past, anyone who is a Comcast subscriber in North America also has DNSSEC validation happening by default, as do people using many of the ISPs in Sweden, Brazil and the Czech Republic.

As I noted at the beginning, the article covers the validation side of DNSSEC, but for that to really work we also need to get more domains signed with DNSSEC.  I would encourage people to look at our tutorials on how to sign your domain using common registrars – and to ask your registrar when they will let you use DNSSEC if they are not on the list of DNSSEC-capable registrars maintained by ICANN.

Again, it’s great to see InfoWorld covering DNSSEC and I do hope they’ll provide more such articles in the future.  If we can get DNSSEC deployed more widely we’ll go very far in upgrading the security of the Internet!

P.S. I was also intrigued by Grimes’ link to this video of a DNSSEC app for Android from back in 2011.  It looks like a basic browser to check the DNSSEC status of sites.  I may have to investigate a bit more..

Jun 13

DNSSEC Test Sites

If you have a new application or service where you want to test how DNSSEC validation works, the sites listed below are ones you can use.  If you want to test validation of the DANE protocol, please see our separate page of DANE test sites.

Note that the sites below are domain names and websites with either good or deliberately mis-configured DNSSEC signatures.  If you are looking for web sites offering tools or services where you can test the status of DNSSEC, please see our list of DNSSEC tools.

Sites With Good DNSSEC Signatures

Today there are millions of domain names out there with valid DNSSEC signatures and so you have many, many options.  Two of the domains you can use to obtain valid signatures are:

  • internetsociety.org
  • ietf.org

If you are testing web validation, the addresses are:

Sites With Bad DNSSEC Signatures

The more interesting tests to perform are with domains that are bad and will generate an error in your application or service.  The following sites have been deliberately mis-configured with bad DNSSEC signatures:

  • dnssec-failed.org   (operated by Comcast)
  • rhybar.cz        (operated by CZ.NIC)

On the web, they are:

The DNSSEC Tools site at http://www.dnssec-tools.org/ also provides a test in that if you connect to the site and do not perform DNSSEC validation you will see an image appear on the page telling you that you are connecting insecurely.

Adding More Sites

If you have a site with an interesting DNSSEC configuration you think would be useful for others to use in testing, please contact us so that we can consider adding it to this list.

Please note that our list of DANE test sites includes sites and domains that are also signed with DNSSEC.

Jun 12

TDYR #016 – The Washington Post Changes Its NSA PRISM Story – How Should They Let Us Know?

When a media site substantially changes a story published on their web site, what is their responsibility to let the readers know? And do we as readers view stories on media sites as "done" or as "works-in-progress" that are updated and changed? This came up in the context of the NSA PRISM story when the Washington Post rather massively changed their lead story on the issue, as chronicled by Ed Bott over on ZDNet: http://www.zdnet.com/the-real-story-in-the-nsa-scandal-is-the-collapse-of-journalism-7000016570/ It's an interesting question. On the one hand, updating the original article is a great way to ensure that readers have the most accurate information. On the other hand, it *is* a change from how we have traditionally viewed news stories out of the media.

Jun 10

Boom! Apple Disrupts Media Coverage of WWDC 2013 By Streaming The Keynote Live

Wwdc2013 live 300This morning I imagine there must have been a round of collective shock going through the tech media community as word spread that... GASP! ... Apple is going to stream the WWDC Keynote today at 10am US Pacific LIVE on the Internet?

Apple?

Streaming a WWDC keynote... LIVE???

HUH?

Given Apple's intense focus on secrecy, and the fact that the WWDC keynotes have NOT been streamed live in the past, an entire mini-industry has grown up around supplying "live" feeds out of the WWDC keynote. Sites like Engadget, Gizmodo, 9to5Mac, MacWorld and a zillion others have maintained "live blogs" posting the latest updates out of WWDC. These sites have been populated by reporters actually in the WWDC room using smartphones, laptops or whatever other tools they can. Photos were posted from phone cameras. Updates went out to social media.

In fact, past WWDC keynotes have been proving grounds for various forms of "live blogging" software and platforms - as many have collapsed under the crushing load of massive numbers of viewers wanting the latest news out of Apple. It's also been interesting in the past to watch the different outlets and their strategies... having one person typing updates while another posts photos, for instance, while yet another is tweeting or updating other social media channels.

The scarcity of information led to truly creating a "spectacle", as Apple is so good at doing. You had to visit these sites and watch the social media streams if you wanted to know in the moment what Apple was announcing.

It's the way we've become used to monitoring WWDC keynotes within the tech community. We expected today's speech to be more of the same. Each tech news site has been focused on providing the best and most comprehensive coverage of WWDC, knowing that doing so would garner them a large number of new visitors and potential subscribers. They were all gearing up for covering today's event.

And then this morning... BOOM! ... Apple just deflated and disrupted an entire way of covering the event.

Watch wwdc liveFirst word started circulating that Apple had rolled out an "Apple Events" icon on Apple TV allowing Apple TV owners to watch the stream live. Then a link appeared on Apple's website where you can watch the WWDC lifestream. And then Apple actually issued a press release stating that they would be live streaming the event.

With one action, Apple just removed the primary need for all of those live blogs by all the major tech sites, as well as the need to follow streams on Twitter and other social networks. Sure, you can still follow them to get analysis or snarky commentary but there is no longer the need to follow them.

One site, 9to5Mac, has already stated they will be adjusting their coverage:

Update: Since Apple will be live streaming the event on the Web, iOS and AppleTV, we will be doing real-time updates only on our Twitter account and posting stories as they become available.

I expect some of the others will do so as well.

Now... will this actually lead to better coverage of the event for us as readers? In the past, these tech media sites have been competing with each other to churn out the live updates as fast as possible. But with the live stream available directly from Apple, will these news sites instead be able to focus on assembling articles about the announcements? (And will there then be even more articles churned out by the sites?)

It will be interesting to see... we'll find out in about two hours... :-)

P.S. This morning I published an audio commentary on this topic at:

I'll note that at the time I recorded this podcast it was not yet known that Apple would be streaming the keynote live on their website.

If you found this post interesting or useful, please consider either:

Jun 10

Seeking DNSSEC Speaking Proposals For ICANN 47 DNSSEC Workshop in Durban, South Africa

ICANN 47 meeting in Durban, South AfricaInterested in sharing your experience implementing DNSSEC?  Have a new tool or service for DNSSEC you would like to demonstrate? Are you experiencing a challenge with getting DNSSEC implemented that you think the larger community should be aware of? Have you found a new and interesting use for DNSSEC?  Or done something new with the DANE protocol?

If so, and if you are planning to attend ICANN 47 in Durban, South Africa, the program committee (of which I am a member) for the DNSSEC Workshop at ICANN 47 is actively seeking proposals to include in the workshop.  As noted in the Call For Participation, we are seeking presentation ideas on topics such as:

  • DNSSEC Activities in Africa
  • The Operation Realities of Running DNSSEC
  • DNSSEC and Enterprise Activities
  • When Unexpected DNSSEC Events Occur
  • Preparing for Root Key Rollover
  • DNSSEC: Regulative, Legislative and Persuasive Approaches to Encouraging Deployment
  • DANE and Other DNSSEC Applications
  • Use of DNSSEC in the Reverse Space

Please see the Call For Participation for more details.

We are also open to presentations related to DNSSEC that don’t fit exactly in one of these listed topics.  We’ve already got a great list of presentations but we still could add a few more.

You can view the program and presentations from the ICANN 46 DNSSEC Workshop in Beijing to understand the kind of presentations we are seeking. I’ll note that we’re changing the format a bit for ICANN 47 to have fewer presentations for longer periods of time. We felt it was a bit rushed in the Beijing workshop.

If you are interested, all you need to do is send a brief description (1-2 sentences) of your proposed presentation to dnssec-durban@shinkuro.com, ideally by today, June 10th, as we are working to finalize the program to publish it on the website.

Thanks – and we’re looking forward to another great event in Durban!  If you are not able to attend in person, the event will be streamed live and also archived for later viewing.

Jun 10

TDYR #015 – Apple WWDC Keynote – The Day The Tech Community’s Productivity Goes Toward Zero

Today the tech community's productivity will take a dive as eyes focus on what happens at the Keynote of Apple's WorldWide Developer Conference (WWDC) happening at 10am US Pacific / 1pm US Eastern. With Apple's maniacal focus on secrecy, they are extremely successful in building anticipation. A few things are believed to be known... but how accurate are the rumors? For the first time I can remember, Apple's WWDC Keynote will be streamed live on Apple TV devices, which should be a change in the coverage. John Gruber also had some great thoughts about how Apple originally needed to get people comfortable with a touchscreen interface, and it's time for something more... http://daringfireball.net/2013/06/wwdc_2013_expectations http://online.wsj.com/article/SB10001424127887324798904578531661685819892.html http://9to5mac.com/2013/06/09/what-ios7-looks-like/ http://9to5mac.com/2013/06/06/wwdc-2013-roundup-ios-7-os-x-10-9-macbooks-genius-like-radio-app-plus-new-tidbits/