February 2013 archive

SANS Seeking IPv6 Security Stories/Tools For “IPv6 Focus Month” In March

ISC Diary LogoGot an IPv6 security problem you’d like to share? A solution to an IPv6 security problem that you want to tell others about? If so, the team behind the Internet Storm Center (ISC) would love to share your stories as part of their IPv6 Focus Month they are planning for March 2013.  Johannes Ullrich of the SANS Technology Institute (the organization behind the ISC) wrote that they are seeking articles about:

  • a security problem you ran into with IPv6
  • a solution to a security problem (even better)
  • a tool that works really well (or not at all) with IPv6
  • a way to solve an IPv4 security problem by switching to IPv6

Articles – or just ideas – can be submitted via the ISC contact form or to handlers@sans.edu.

We applaud this initiative from SANS and we look forward to seeing what IPv6 security stories they highlight in March – and we may do what we can to further help spread the news about tools and services they promote.

If you’ve got an idea, please do send it in to the ISC team – it’s great to get more info about IPv6 security out there!

SourceForge Redesigns Itself To Compete With Github

sourceforgeWhen I received an email today telling me that one of my ancient projects was being “upgraded” to the “new” SourceForge developer platform, I had to admit that I had no clue that SourceForge was even launching a new platform.

But sure enough, “The Next SourceForge” is out with a host of redesigned features that do look nice… and do remind me of everything that I currently use over on Github!

Of course, the project being “upgraded” is a small python app called “viewportfolio” that I wrote back in 2000 during the height of the .COM insanity when Red Hat’s stock had exploded and the tech bubble was all around us.

I last touched the code over 12 years ago!

I have no clue if it actually still works – and to be quite honest if I were to do anything with that app today, even to test it and make any fixes, I’d probably move it first to my Github account where I do all my work today.

But back twelve years, SourceForge was THE place where you hosted your project.  Everyone was using “SF” and it was where we all interacted for code.

Then, over time, it became a site so hideously overwhelmed with advertising that it was close to useless to interact with the site. And, well, more and more people started using the git version control system and for quite some time SourceForge seemed to still be wedded to SVN.

So I moved any new projects over to Github, as did many others that I knew, and I left SourceForge behind, only occasionally going in there when I needed to find older projects.  Even today, I’m working with someone who has a project on SF, but he’s moving that to Github in the next few weeks where I can work on it with him and where we’ll publicize it.

I applaud the folks behind SourceForge for launching “The Next SourceForge,” if for no other reason than that I do believe it is healthy to have competition around – and having another competitor for Github (there are several already) is a good thing in that it will continue to encourage innovation among the platforms providing project hosting services.

It’s also great to see the visual redesign of SF – a much cleaner interface and thankfully all the ads that were slathered all over the site seem to be gone.  And these new features do seem to be great improvements for projects hosted on SF.

Will “The Next SourceForge” prompt me to launch new projects on SF?  Or to stop migrating projects away?

Probably NOT.

The reality is that I’m now comfortably ensconced over on Github and I rather like it there. I guess I also trust the people/company behind Github more than I do Dice Holdings, the latest corporate overlord of SourceForge, in terms of being responsive to users and to continuing to improve the user experience.  Now this may be unfair… the folks behind SourceForge may be as equally committed as the folks behind Github… but one is a passionate startup and the other is part of a large publicly-traded company that is ultimately focused on helping connect employers and professionals with each other.

What about you?  Will “The Next SourceForge” get you to open new projects there? (Or to not migrate away?)

Network and Distributed System Security Symposium (NDSS) 2013 Begins Today In San Diego

ndss-2013The 20th Annual Network and Distributed System Security Symposium (NDSS) began today in San Diego, California, with a program packed full of talks that look fascinating to someone like me with a strong security interest. While there are no sessions specifically focused on DNSSEC or IPv6 listed on the program, there are a range of network security and web security sessions where both technologies could play a role.  For routing resiliency/security I noted that there is one “short talk” tomorrow afternoon on the topic of “Updates from the Internet Backbone: An RPKI/RTR Router Implementation, Measurements, and Analysis” that sounds rather interesting.

Check out the schedules for Monday, Tuesday and Wednesday to see what is going on each day.  While there isn’t a live stream of the sessions available right now, the papers from past years have been posted (ex. 2012 NDSS) and so you should be able to see the papers once the event is over.  (And we’ll post an update here when the archive is available.)

Meanwhile, if you are there at NDSS I do hope you enjoy the event – and if you aren’t… watch for the news about next year’s session!

Telemark skiing – and Remembering What It Is Like To Be A Beginner Again

Telemark skiing - and Remembering What It Is Like To Be A Beginner Again by Dan York

FIR #691 – 2/18/13 – For Immediate Release

Schoenberg interview is up; Quick News: Defense contractor releases software to track people via social media, Twitter kills Posterous, American Express enables purchases via hashtag, TD B ank in Google+ local pages; Ragan promo; News That Fits: what do corporate directors and senior managers know about social media?, Dan York's report, European horsemeat scandal widens and deepens, Media Monitoring Minute from CustomScoop, listener comments, is real-time marketing now a requirement?, does Augmented Reality work for PR?; music by Strangefolk; and more.

Ending A Time Of Quiet And Returning To Action

Internet Society Deploy360 ProgrammeAs you’ve perhaps noticed, it’s been basically two weeks since we last posted anything to the Deploy360 site and I thought I’d just take a moment to explain the quiet time. On the afternoon of February 1, 2013, we had a short outage of the site and while it was only offline for a brief period, the experience highlighted a couple of weaknesses we had in our setup both in terms of technology and process. We took some time to analyze the issues and to make some changes, and I’m pleased to report that the site is now running on a new server in a different architecture and we’ve made a number of other changes as well behind the scenes.

As we were working through this analysis and change, we deliberately wanted to not attract large numbers of visitors to the site and so we put a pause on publishing new content.  While we still have a few more changes we may be making in the weeks ahead, we’re ready to get back in action and so you’ll start seeing new posts and resources coming out from us starting today!

FIR #690 – 2/11/13 – For Immediate Release

Schoenberg interview this week, enhancements to FIR Google+ Community page, BBC trials trainee communicators' programme, journalists taking refuge in branded content, new Forrester predictions, site plagiarizes and files DMCA takedown notice, Ragan promo, Technorati's 'State of Digital Influence 2013', Michael Netzley, horsemeat crisis in the UK, Media Monitoring Minute, listener comments, the state of measurement, Dan York, freedom of speech and responsibility and the law, music from Q, and more.

WebRTC Passes Huge Milestone In Rewiring The Web – Video Calls Between Chrome and Firefox

WebrtcThis week the WebRTC/RTCWEB initiative passed a HUGE milestone in adding a real-time communications layer to the Web with achieving interoperability between Google Chrome and Mozilla Firefox. Google and Mozilla celebrated with a pair of blog posts:

They also published the video I've embedded below. On the surface, the video doesn't appear terribly exciting: two guys having a basic conversation over video. But consider this:

  • The video conversation was initiated from within web browsers.
  • There were NO plugins used... no Flash, Java or anything else.
  • The entire conversation was securely encrypted.
  • The call used "wideband audio" (also called "HD audio") to provide a much richer experience that far exceeds any kind of conversation you can have on traditional telecom and mobile networks.
  • The call did not have to involve any external telecom networks or services and could have been initiated directly from one browser to the other. (I don't know exactly how they set up this call.)

And perhaps most importantly:

Any web developer can now create this kind of real-time communication using a few lines of JavaScript and other web programming languages.

As I'm said before, WebRTC will fundamentally disrupt telecommunications and add a real-time communications layer to the Internet that is based on open standards and is interoperable between systems. Creating applications that use voice, video and chat is being removed from the realm of "telecom developers" and made truly accessible to the zillions of "web developers" out there.

Congrats to the Google and Mozilla teams... this is a huge step forward for WebRTC!

You can see the video below... and if you are a developer interested in playing with WebRTC further, both the Google and Mozilla blog posts offer pointers to source code. The team over at Voxeo Labs also released a new version of their Phono SDK yesterday with WebRTC support that may be helpful as well.


UPDATE #1: The discussion threads on Hacker News related to the Google and Chrome blog posts make for quite interesting reading and provide many additional links for exploration:

UPDATE #2: Over at Forbes, Anthony Wing Kosner weighed in with a similar piece and proved he can write far more poetic headlines than mine: Google And Mozilla Strike The Golden Spike On The Tracks Of The Real Time Web

UPDATE #3: And over on No Jitter, Tsahi Levant-Levi gets the "wet blanket" award for dampening enthusiasm with his post: WebRTC Browser Interoperability: Heroic. Important. And...Expected


If you found this post interesting or useful, please consider either:


Oracle Buys Acme Packet For $2 Billion To Gain SIP Session Border Controllers (SBCs) And More

AcmepacketFascinating news today out of Oracle that they have purchased Acme Packet in a transaction estimated to be around $2 billion US. For those of you not really tracking the VoIP security space, Acme Packet is probably the world's largest vendor of "session border controllers (SBCs)", devices that are used to securely and reliable interconnect VoIP networks. SBCs also provide a very important role in helping with interoperability of Session Initiation Protocol (SIP) signaling between the SIP products and networks of different vendors.

As Andy Abramson writes, the fascinating aspect of this acquisition is this:

This is an interesting grab by one of the tech world's true giants because it sqaurly puts Oracle into a game where they begin to compete with the giants of telecom, many of whom run Oracle software to drive things including SBC's, media gateways and firewall technology that's sold.

This acquisition does put Oracle VERY firmly into the telecom sector at a carrier / large enterprise level, as Acme Packet's products are widely used within that tier of companies. As the news release notes:

"The company's solutions are deployed by more than 1,900 service providers and enterprises globally, including 89 of world's top 100 communications companies."

Acme Packet has also long been recognized as a leader by analyst firms such as Gartner. People from Acme Packet, in particular Hadriel Kaplan, have also been extremely involved with industry efforts such as the SIP Forum and standards activity in the IETF.

As far as integration, Oracle already has a wide array of "communications" products, including several unified communications (UC) products that could potentially interact with Acme Packet products extremely well. Beyond all of that, though, this acquisition will have Oracle being a strong player in providing telecom infrastructure as we continue to collectively move to basing all our communications on top of IP.

Congratulations to my friends at Acme Packet and Oracle... and I wish them the best as they proceed down the path to completing this acquisition.

More information here:


If you found this post interesting or useful, please consider either:


FIR #689 – 2/4/13 – For Immediate Release

FIR app issue resolved; Schoenberg interview on hold; Quick News:companies failing to accommodate shift to mobile, IBM security tool can flag disgruntled employees, YouTube introducing paid subscriptions, Swedish bloggers commot to 50,000 posts in 100 days; Ragan promo; News That Fits: closing the gap between social media use and usefulness, Dan York's report, three social media kerfuffles, Media Monitoring Minute from CustomScoop, three social media kerfuffles, Ryanair's comms chief to eschew social media, Quora and others introduce new blogging tools; music from epic; and more.