February 2012 archive

Government Computer News – Thanks for the Deploy360 Mention!

GovernmentcomputernewsVery nice to see the mention of Deploy360 in the Government Computer News “CyberEye” column: Internet Society launches info hub for DNSSEC, IPv6. Many thanks for the mention! The US Government has been pushing hard on both IPv6 and DNSSEC and we’ve got some statistics on our site about US government DNSSEC and IPv6 adoption. We’ve also got some more sites that we’ll be adding to our list of resources that are specifically government-related. We’re very much looking forward to doing all we can to help government IT professionals from the US and from governments all around the world.

If you are a government IT professional, please do look around our site and see if the resources we have here can help you. And if you still need answers to questions, please let us know and we’ll be glad to help!

US DoD DREN Provides Excellent IPv6 Knowledge Base

DOD High Performance Computing Modernization ProgramIf you are looking to learn more about IPv6 or looking for lists of products and training resources related to IPv6, the folks over at the United States Department of Defense (DOD) High Performance Computing Modernization Program maintain a comprehensive site devoted to sharing information about IPv6 based on the work of the Defense Research and Engineering Network (DREN).

Long names and acronyms aside, some of the many excellent resources to be found within the site include:

The site includes a great amount of information of value not only to US government agencies and employees, but also to anyone working with IPv6.  Kudos to the team at DREN for maintaining the site and we’re pleased to add it to the list of resources we’re promoting here on Deploy360.

Attending O’Reilly’s TOCCON Next Week? Deploy360 Will Be There…

Logo for O'Reilly's Tools of Change for Publishing ConferenceWill you be attending O’Reilly’s “Tools of Change for Publishing 2012” conference (a.k.a. “TOCCON”) in New York from February 13-15, 2012? If so, I (Dan York) will be there and would be delighted to connect with readers of this site. (Just drop me an email or ping me on Twitter.) Given the incredible changes happening within the world of publishing – both online and traditional – I’ll be down at TOCCON  looking at how we can best seize the opportunities presented by these changes to make our Deploy360 content available in even more formats and channels.  Additionally, a number of sessions are about the underlying technology we’re using (WordPress) or have relevance to the kind of platform we’re building – so I’ll be looking forward to picking up any tips and tricks that will help our site work even smoother and better.

If you aren’t familiar with TOCCON, it’s an annual event sponsored by O’Reilly, the well-known technical publisher, that brings together many of the people at the bleeding edge of the disruption happening within the world of content creation.  Here’s the quick intro from their site:

The acceleration of change and innovation in the publishing industry today is dizzying, and the pace can be overwhelming. But this change/forward/fast environment is also ripe with opportunity for those who embrace it and learn to adapt and innovate quickly.

O’Reilly’s TOC Conference is where the publishing and tech industries converge, as practitioners and executives from both camps share what they’ve learned from their successes and failures, explore ideas, and join together to navigate publishing’s ongoing transformation. TOC 2012 delivers a deft mix of the practical and the visionary to give attendees the tools and guidance they need to succeed—and the inspiration to lead change.

On a personal note, attending TOCCON will be a bit unusual for me. It’s the first time I can recall in many years when I am attending an event and not speaking, staffing a booth or reporting on the event (or, more typically, doing all three).   I’m just there to learn about the tools and technologies and to meet people involved… it will be a interesting change!  :-)

Only 4 months to World IPv6 Launch – are you getting ready?

World IPv6 Launch (more info here) is only four months away on June 6, 2012 -

are you getting ready?

If you haven’t started yet, now is a good time to get going!  Here are some resources we have to help you get started:

We are also always publishing new blog posts related to IPv6 covering a wide range of topics.

More than that, please let us know how we can help you get started with IPv6!

DNSSEC Train-The-Trainer From NLnet Labs Feb 9-10 and Feb 16-17

NL Net LabsInterested in teaching DNSSEC or developing your own DNSSEC training courses or courseware? We recently learned that Olaf Kolkman of NLNet Labs will be teaching a “DNSSEC train-the-trainer” class two separate times this month. His first class is this week on Thursday and Friday, February 9th and 10th. His second is next week on February 16th and 17th. The material covered will include:

BLOCK 1 Classic DNS
BLOCK 2: Unbound in practice
BLOCK 3: DNS Security DNSSEC Theory fundamentals
BLOCK 4: DNS Keys: risks and management
BLOCK 5: Introducing DNSSEC in a workflow
BLOCK 6: Software and tools availability and development
PRACTICE 1: Setting up a validating recursive nameserver
PRACTICE 2: Setting up an Authorititive Nameserver
PRACTICE 3: Secure Delegation
PRACTICE 4: KEY Rollover

The class is being taught at the Fastlane training center in De Meern, The Netherlands, and the information we have is that there are still a few remaining openings in each class. Contact information and a full course outline can be found on the NGN.nl page about the DNSSEC training (in Dutch).

Information Week on DNSSEC: Having the keys to your own castle is important

So there I was eating my lunch and reading a treeware version of Information Week (you know, those paper things we called “magazines” before everything went to e-something?).  Having always been interested in encryption, I started reading the “2012 Data Encryption Survey: Progress and Pain” (sadly, free registration is required to read the whole article) expecting it to be, well, all about data encryption…

… and it was – particularly starting off talking about the the challenges of using SSL/TLS with all the attempts to break SSL, and the multiple compromises at SSL certificate companies that have resulted in attackers successfully getting bogus, but valid, certificates asserting they were someone else.

Then all of a sudden I stopped eating my sandwich as the article took a sharp turn into the world of DNSSEC (and yes, I added some emphasis at the end):

Enter DNSSEC. The DNS Security Extension spec provides the capability for a domain owner–the IT team–to place additional encryption validation at the DNS layer. First it will verify that the SSL certificate is valid. But it also will verify that the DNS server that is authoritative for the domain being requested actually belongs to the certificate owner.

In our example, if a user went to the breached Hotmail.com site and got a Hotmail.com certificate, it wouldn’t validate with the DNS server hosting Hotmail.com, because the certificate generated by the attacker using the hacked CA wouldn’t match. The browser could display a big red box telling the user he’s going to an invalid site. Currently, Google’s Chrome supports DNSSEC natively, and there are plug-ins for Firefox. Internet Explorer 9 doesn’t support DNSSEC, but version 10 is expected to.

The other benefit of DNSSEC is that DNS queries are validated by all servers–from the domain’s authoritative server to the local DNS server to the browser–which means that even man-in-the-middle attacks on DNS queries will be caught.

DNSSEC isn’t perfect, and it’s not a complete replacement for SSL/TLS. But it is a step in the right direction to put control of certificate verification into the hands of certificate owners, instead of the CAs. Furthermore, using DNSSEC is a great solution for organizations with their own internal CAs that don’t want to deploy certificates to every possible device. Most of our respondents, 55%, have their own internal CAs; an additional 15% plan to within 24 months.

Having the keys to your own castle is an important step in controlling your encryption destiny, and if you plan to leverage cloud services securely, it may just be a requirement.

Here, in just a few paragraphs, was a great explanation of an important role DNSSEC can play as another layer in the security infrastructure.  In this case, DNSSEC can be used to check the validity of the certificates being used for SSL/TLS.

More importantly, me being the control-freak that I am, the article points out the incredible importance of being in control of your own security.  You, as the domain owner, can be the one inserting the appropriate keys directly into the DNS infrastructure.  Or you can have someone do it on your behalf… but the point is that you are in control.

That’s a powerful capability!

What do you think?  Have you started looking at DNSSEC yet?  If not, check out the DNSSEC resources we’ve listed so far – and if you don’t find exactly what you need, please ask us about it and we’ll see if we can find something to help you.

P.S. For those wondering, the rest of the article provided some interesting discussion and statistics around encryption within cloud computing platforms and with the use of mobile devices such as tablets and smartphones. Oh, and I did eventually finish my sandwich. ;-)

US DoD/DREN IPv6 Knowledge Base

DOD High Performance Computing Modernization ProgramThe United States Department of Defense (DOD) High Performance Computing Modernization Program maintains a comprehensive site devoted to sharing information about IPv6 based on the work of the Defense Research and Engineering Network (DREN). The main IPv6 knowledge base can be found at:

http://www.hpcmo.hpc.mil/cms2/index.php/ipv6-knowledge-base-general-info

There are many excellent resources to be found within the site including:

All in all the site is an outstanding resource for people looking for more IPv6 information.

Martin Geddes Must-Read Piece On "Peak Telecoms"

The Last Days? (Apocalypse)Martin Geddes doesn't hold back! No longer beholden to corporate overlords (he used to work for BT), he is wonderfully free to say exactly what he believes. And he does....

If you are interested in the future of telecommunications / telephony, you really need to go over and read his piece:

Peak Telecoms

A teaser:

The telco voice and messaging business is on the verge of going into meltdown. As this is where the margins come from, the problem is hard to exaggerate. The drip-drip of links about declining voice and messaging volume and revenue is becoming a small stream. Even mobile telephony is losing ground in competition to asynchronous messaging. Twitter and Facebook message volumes are exploding, and SMS is beginning to sink. Termination and roaming are endangered species, hunted by packs of voracious regulators. There is no way back. When I started writing Telepocalypse back in 2003, the only thing I got wrong was the timing.

Cue the song "It's The End Of The World As We Know It"...

Well done, Martin, well done!

Image credit: gmacorig on Flickr


If you found this post interesting or useful, please consider either:


Watching The Colossal PR Train Wreck Of The Susan G. Komen / Planned Parenthood Debacle

This, my friends, is what a truly colossal PR/social media train wreck looks like...

Komen facebook comments

... and the comment count will undoubtedly be higher by the time you all look at the Facebook page.

If you've missed the story that's all over the news, the Susan G. Komen For The Cure organization has got itself into a PR nightmare. Most of us in the USA and many parts of the world are probably aware of the Komen organization. It is a major force in efforts to raise funds for research into a cure for breast cancer and has made the now ubiquitous "pink ribbon" a powerful symbol. My wife and I have donated to Komen and run in multiple Komen-sponsored races and walks, even before my wife wound up fighting breast cancer.

Train wreck at Montparnasse 1895
Today, though, the Komen organization is in a great bit of trouble.

Last year, per the company's story, in an effort to be more accountable and be sure their dollars were making the most impact, they tightened up their eligibility requirements for future grants.

This, in and of itself, is a good thing. Charitable organizations should look at how to be more accountable to their donors and ensure their dollars are going the farthest.

Back in December, Komen notified its longtime partner Planned Parenthood that under the new guidelines they would no longer be able to receive new grants, apparently because Planned Parenthood is under investigation by the US Congress related to its use of federal funds.

Again, one can potentially see the point. If an organization is being investigated about its funding, other donors to that org may want to take a "wait and see" approach until the investigation is resolved.

And if the organization in question were not Planned Parenthood this might all have all been seen as proper fiduciary responsibility on the part of the Komen organization.

Playing With Fire

However, in our hyper-politicized age, and in an election year, an organization like Planned Parenthood is a insanely hot lightning rod. The mere mention of the name can send some crowds into a frenzy.

Anything involving Planned Parenthood is playing with fire.

And so when the AP broke the news on Tuesday, the predictable media frenzy started. Planned Parenthood blamed anti-abortion foes and right-wing groups and was, understandably, quick to stoke the flames and use the issue as a fund-raising tool. Rather smart on their part and last I heard they had already raised nearly as much in donations than Komen granted to Planned Parenthood in 2011.

Komen's position was not helped by the fact that they recently hired a vice president who previously stated her strong opposition to Planned Parenthood. In fact, she clearly stated in a run for Governor of Georgia that if elected she would eliminate state grants to Planned Parenthood.

More wood for the fire.

And then...

... the Internet took over.

A zillion tweets... more and more and more... thousands upon thousands of Facebook comments, posts and shares... more in Google+... more in blog posts... spreading like wildfire all around the globe...

The Response?

And in the face of this insane maelstrom, the Komen organization did...

NOTHING!

As Kivi Leroux Miller writes in her excellent post, "The Accidental Rebranding of Komen for the Cure," the Komen crew was missing in action while all the action was going down.

Komen was not active on their Twitter account nor on their Facebook page.... nor anywhere.

They lost control of the narrative.

They let the story be defined by the media, by pro-choice activists, by critics of Komen, by supporters of Planned Parenthood, by everyone else but them.

Train Wreck, 1905
Many hours later Komen issued a statement in corporate-speak about how their changes had been "mischaracterized" and that "our grant-making decisions are not about politics". They subsequently released a video from founder and CEO Nancy Brinker that I thought at first might be an honest outreach to people who were so upset... but turned out merely to be a visual recitation of that same corporate-speak statement. Similarly, they posted a few tweets and Facebook updates... but just again pointing to their statement or emphasizing key points.

Meanwhile, people all across the Internet are talking about ceasing all their donations to Komen. Sure, some who support the decision are saying that they are glad they can finally donate to Komen, but they are far outweighed by those who are critical of the change.

Komen's Facebook page is filling up with such wall posts and there is a constant stream of tweets directed at them.

They are, right now, pretty thoroughly screwed.

Now What?

So what does Komen do now? They have completely lost any control of the story - and the stories circulating on the Internet are now feeding upon themselves. How do you even remotely start to unmake this mess?

Given that I try to first believe "Never assume malice where stupidity is a far better explanation," I would personally like to believe that the Komen folks are sincere, that they made some changes to their grant-making guidelines and that this whole debacle has caught them unawares. I'd like to believe that, although admittedly the political angle does make that hard.

If they are sincere, though, were they really so clueless from a PR point of view that they didn't think about the political ramifications of their decision? Or if they did, why were they not prepared for the reaction?

As Kivi Leroux Miller writes in her post:

It’s a no-win situation that could have been avoided had they developed a communications strategy on this decision at the start. Sure, they would have still angered many of their supporters, but I believe they could have avoided this huge rift had they communicated upfront, and honestly, about the decision. They should have released it, instead of letting Planned Parenthood own the messaging.

Exactly.

On something as potentially contentious as this, they should have gone out first, rather than letting the AP and Planned Parenthood define the story.

Or, in the event of the AP story blowing up as it did, Komen should have had a plan to get out there and explain their decision in clearer terms.

Instead, as Kavi Leroux Miller writes:

Yet it appears that Komen wants to desperately pretend that this decision is being made in some completely different context. By not responding at all to the overwhelming negativity being thrown their way, and continuing to pretend that this has nothing to do with a red-hot social issue, they are alienating a big part of their constituency.

It seems like they are hoping this will just blow over. It won’t.

Hiding away won't help them.

While they've spent 30 years building up the organization, this past 30 hours may go far in destroying all they've built up.

Their only chance now may be to come out with more information about the changes to their grant-making guidelines, to explain more about why Planned Parenthood no longer qualifies, to explain what other organizations will no longer be able to receive funding.

It may be too late.

Are You Ready?

All of which begs the question...

are you ready for something like this to happen to your organization?
If a media story runs with comments critical of your organization, are you ready to deal with the resulting social media firestorm? What would you suggest for Komen to do from a communications point of view?

The story is still unfolding, but I think this one will definitely be an example for the textbooks in - so far - what not to do...

Image credits: learnscope and jill_carlson on Flickr


If you found this post interesting or useful, please consider either:


O’Reilly Offers 50% Off On Git Ebook And Videos Through Feb 8th

Being a huge fan of the git version control system, I was pleased to see that O’Reilly is offering 50% off on their git-related videos and ebook. I haven’t seen the videos, but the “Version Control with Git” book is quite good. More info on O’Reilly’s site:

Oreilly git offer

P.S. I have no financial motivation to post this info, i.e. I am not being compensated through any kind of referral links or anything else. I just think this is an interesting offer to folks interested in learning more about git.