April 2015 archive

Wire Launches WebRTC Voice/Chat Web App For Windows, Linux, more – Includes High TLS Security

Yesterday the team over at Wire launched a new WebRTC-based "Wire for Web" app that lets people on Windows, Linux or any other platform now communicate with people using Wire on iOS, Android or OS X. You can get to it simply at:
If you already have an account you simply sign in with your credentials. If you don't have an account you can easily create one.

I've been running both the native Mac OS X client and the web client for a bit now (I was part of web beta program for Wire) and it is truly amazing how well the team has made the web experience to be seamless between the web and native client. Here's a screenshot showing both side by side (click/tap for a larger image):

Screenshot wire for web

In the web view on the right you have the browser bars at the top and one of the images did not go the full width of the column, but otherwise the experience and visual display has been essentially identical between the two platforms. The synchronization between the two is nearly instantaneous and all the features work really, really well.

Notifications in the web browser (if you allow them) work great to alert you to new messages.

And the voice calls from within the web browser have the same outstanding audio quality I've come to expect from Wire.

All in all the web implementation is quite excellent.

This new web app also addresses a concern I had from the initial launch of Wire back in December - the lack of a client for users on Microsoft Windows. With this web app Windows users - and Linux users - can now equally participate in communication over Wire. This is all courtesy of WebRTC that allows modern browsers to be able to use voice and chat from directly within the browser. Wire co-founder and CTO Alan Duric published a post about how they use WebRTC.

Alan also clued me in to the strong degree that the Wire team takes security extremely seriously. In fact I would say they take it more seriously than many other similar web apps I've seen. If you go over to Qualys SSL Labs and plug in "app.wire.com" you get a result of an "A+":

Ssllabs app wire com

The same can NOT be said of other similar web interfaces that I tested from similar services.

I've been writing about Wire for a bit now (see my various articles) and I have it running on my Mac all the time, primarily because of the great value I get out of a couple of group chats that I am in. From a chat / messaging perspective it's one of the best I've seen and I find it extremely useful.

Curiously, I don't find myself using Wire as much for actual calls, primarily because I find that much of my interaction has moved to video calls, and Wire doesn't support those yet. When I do use Wire the audio quality is truly amazing, but that has to do with the audio pedigree of the team behind Wire, and the fact that they are using the Opus codec. On a larger level, there is also the continued "directory dilemma" that I've written about, namely that Wire has the same struggle as most other new tools in that you need to gather a strong "directory" of people who are actually using the app for it to be an app that people regularly use. Most of the people with whom I regularly communicate aren't users of Wire ... yet.

Still, the release of this "Wire for Web" gives me hope that Wire may be able to build some momentum now that, for example, Microsoft Windows users can now join in. Time will tell... but this will definitely help!

Kudos to the team at Wire for this very excellent web release?

P.S. If you are using Wire, or try it out, you should be able to find me on Wire as "Dan York".

Note: an audio podcast about this topic is also available:

TDYR 242 – Wire.com Launches WebRTC-based Web App

Yesterday Wire.com launched "Wire for Web" letting anyone with a web browser use chat and voice to communicate with other users of the Wire apps for iOS, Android and Mac OS/X. See http://www.disruptivetelephony.com/2015/04/wire-launches-webrtc-voicechat-web-app-for-windows-linux-more-includes-high-tls-security.html for more info.

nTLDStats Adds DNSSEC Statistics for New Generic Top-Level Domains (newgTLDs)

Hooray! The folks over at nTLDstats have now added a new tab that lets you see which of the 100s of new generic top-level domains (newgTLDs) are seeing the most second-level domains signed with DNSSEC. You can see the stats at:


Here is a view of how it looks right now:

newgTLD DNSSEC stats

The site shows a number of interesting stats, including:

  • the percentage of newgTLDs with signed second-level domains in them (60.80% at the time I write this)
  • the number and percentage of signed zones as it relates to the overall number of registered domains within the newgTLDs
  • the number of zones (of those signed) that failed DNSSEC validation (indicating a configuration issue)
  • a trend line over time
  • the distribution of signed domains across the number of newgTLDs
  • breakdowns of signed domains by both newgTLD and also by registrar

While the overall number of signed domains today within the 5.2 million domains registered in the newgTLDs is a very small 0.95%, we now have a very easy way to see where DNSSEC signing is being actively used – and a way to measure which of the newgTLDs and also registrars are doing the most to support DNSSEC deployment.

I was intrigued to see that the leader of the newgTLDs is the .OVH TLD sponsored by a French hosting provider, OVH, with Afnic providing the back-end registry. According to their site, the OVH domain started as an April Fool’s joke in 2009 and then became a reality due to the interest.  Clicking through to their registrar site (they are apparently the only registrar for the .OVH domain), you can see why they have so many domains signed – they have a “Activate DNSSEC on this extension!” link directly on their registration page!

Looking at the Registrar Breakdown column, the OVH registrar leads in the number of DNSSEC-signed newgTLDs, presumably because they are again offering DNSSEC-signing to anyone who uses them for DNS hosting, regardless of what newgTLD they register under.

I was also curious as to why “.paris” was the second-highest newgTLD with 2,347 signed domains, but the probably answer could be quickly found by clicking through to the .paris page. It shows the top 2 registrars as “Gandi SAS” and “OVH sas”… my guess would be that many/most of the 2,347 signed domains could come from the 4,000 domains registered by OVH, given that they are actively promoting DNSSEC.

Another interesting element of this new page is that you can change the slider underneath the trend line to see more stats over time.  By moving the slider all the way to the left you can get a view of the trend in the newgTLDs:

dnssec signing trend chart

There’s a huge jump in October 2014.  Given the other stats and the information on the OVH web site, my guess would be that this was a result of the launch of the .OVH newgTLD.

Anyway… there’s probably a lot more we can learn from exploring the statistics in this way.  The key point is that now there is a very easy-to-use web interface that lets us track and be able to show which of the newgTLDs are doing the most to provide registrants the security provided by DNSSEC.  I’d note that this is all possible because all of the new gTLDs are required by ICANN to submit their zone files to the Centralized Zone Data Service (CZDS), allowing sites like nTLDstats to query the CZDS and build views such as these.

Kudos to the nTLDstats team for adding this page!  I will be adding it to our DNSSEC Statistics page and look forward to using it over time.

P.S. Want to get started with signing your domain?  Visit our Start Here page to learn how!

TDYR 241 – It Would Have Been Easy To NOT Run Today

TDYR 241 - It Would Have Been Easy To NOT Run Today by Dan York

Internet.nl – A New Site to Easily Test Your Use of IPv6, DNSSEC, TLS and DKIM (Featured Blog)

"Is Your Internet Up-To-Date?" Does your existing Internet connection work with IPv6 and DNSSEC? Do your web sites support IPv6, DNSSEC and TLS? Is there a quick way to find out? Earlier this month a new site, Internet.nl, was launched to make this all easy for anyone to test. All you do is visit the site at en.internet.nl (also available in Dutch) and just follow the very easy links. More...

Internet.nl – A New Site To Easily Test Your Use Of IPv6, DNSSEC, TLS and DKIM (Featured Blog)


Internet.nl Provides An Easy Way To Test Your IPv6, DNSSEC and TLS

“Is Your Internet Up-To-Date?” Does your existing Internet connection work with IPv6 and DNSSEC? Do your web sites support IPv6, DNSSEC and TLS?  Is there a quick way to find out?

Earlier this month a new site, Internet.nl, was launched to make this all easy for anyone to test.  All you do is visit the site at en.internet.nl (also available in Dutch) and just follow the very easy links:

Internet.nl web siteAll you do is click “Test my internet connection” to find out if your current connection supports IPv6 and DNSSEC.  Enter any website address to test whether that site supports IPv6, DNSSEC and TLS.  And enter any email address to find out if it supports IPv6, DNSSEC and DKIM/SPF/DMARC.

Here was the response I received for one of my email accounts:

Internet.nl email test

You then have a link you can follow to get more details.

While there are obviously more detailed tests that can be performed, this site does a nice job giving a high level view of whether your connections are protected.  I also like the fact that it uses “regular” language to explain why someone should care about these tests, rather than using the technical acronyms.

The site is great to have out there and we’ll be adding it to our list of DNSSEC tools and other places within Deploy360.

Congratulations to the various organizations behind Internet.nl on the launch!  May this new site help many more people learn what they need to do to bring their Internet connections and sites up-to-date!

P.S. Please also read Olaf Kolkman’s post providing another perspective on the launch. And yes, both the Internet Society and our Internet Society Netherlands Chapter were involved with the launch.  If you would like to get started with IPv6, DNSSEC or TLS, please visit our Start Here page to begin!



The Hobson & Holtz Report – Podcast #805: April 27, 2015

Neville will be away in Boston next week, Gini Dietrich will guest co-host next week’s episode; FIR Book Review coming from Shel on Jeff Jarvis’s “Geeks Bearing Gifts”;

Quick News: The fewer likes your Facebook page has the better its organic reach, NHL bans media from using Periscope and Meerkat, explosion of mobile messaging apps continues, Twitter sells sports tickets in tweets; the Media Monitoring Minute with CustomScoop;

News That Fits: Twitter begins to embrace its role as a destination for people who will never be active tweeters; Dan York’s Tech Report; the sudden interest in mobile video streaming apps; listener comments in the FIR Podcast Community on Google+; Igloo Software promo; Michael Netzley’s Asia Report: video advocating a day of rest for domestic workers ruffles feathers in Singapore; the past week on the FIR Podcast Network; what journalists have to say about pitches;

Music from Motorama; and more.

For Immediate Release: The Hobson and Holtz Report for April 27, 2015: An 69-minute podcast recorded live from Wokingham, Berkshire, England, and Concord, California, USA.

Links to websites, blog posts and other content we discuss in the show are posted as Delicious bookmarks to facilitate your connection with the discussions and sharing of that content.

The post The Hobson & Holtz Report – Podcast #805: April 27, 2015 appeared first on FIR Podcast Network.

FIR #805 – 4/27/15 – For Immediate Release

Gini Dietrich to guest co-host in two weeks, review of Geeks Bearing Gifts is coming; Quick News: Facebook tweaks its algorithm again, NHL bans media from using Periscope and Meerkat, explosion of mobile messaging apps continues, twittr sells sports tickets in tweets; Media Monitoring Minute from CustomScoop; News That Fits: Twitter embraces its role as a destination for non-active tweeters, Dan York's Tech Report, surge of interest in mobile video streaming apps, listener comments, Igloo Software promo, Michael Netzley's Asia Report, reporters tweet their reactions to PR pitches; music from Motorama; and more.

Facebook News Feeds Load 20-40% Faster Over IPv6

Facebook logoWant to read your Facebook News Feed faster?  Ask your Internet Service Provider (ISP) if you can get IPv6!  That’s one of the key quotes to me in this article published this month on ComputerWorld:

As for the speed boost that may come with IPv6, it’s too early to say whether you’ll see it or not. Facebook says it has seen users’ News Feeds loading 20 percent to 40 percent faster on mobile devices using IPv6. Tests at Time Warner Cable have shown a 15 percent boost.

Now, yes, there is the caveat from Facebook’s Paul Saab that they are “still trying to clarify the data” and understand exactly why IPv6 users are seeing the speed increase. (And Paul explains further starting about 19 minutes into his recent v6 World Congress presentation.)

But to me this is simply a sign of what is coming.

Facebook has been extremely smart about all of this.  As they outlined in a case study last year, they are moving to an IPv6-only network internally. Their developers are already working on an IPv6-only network, as Paul Saab discussed in a presentation last month to the 2015 v6 World Congress. In that presentation he said that 90% of their network was IPv6-only and they expect to move to 100% by the end of this quarter.

They realize that many of the new networks being deployed around the world to bring the next 4 billion people online are going to need to be using IPv6.  And the expansion of mobile networks to accommodate the millions of new devices will need to use IPv6 (as is already happening!).

And the reality is that connections from users on IPv6 networks to services that run over IPv6 are going to be faster than connections to services still on legacy IPv4 networks that have to go through middleboxes such as NAT devices or application-layer gateways (ALGs).

Facebook wants to provide the fastest connectivity to the billions of new users and devices coming on line.  They want to be reached faster than all the other social networks and messaging services.  They’ve already made the move to IPv6 in anticipation of being able to be faster than all their rivals.  Smart on their part!

While we still need to wait for a thorough analysis by Facebook’s team to know exactly why they are seeing the speed increases, the fact is that those increases are happening.

Don’t have IPv6 yet?  Ask your Internet Service Provider (ISP) why not!

And ask yourself this – does your application or service run over IPv6?  Could people perhaps access your services faster if they were available over IPv6?

Visit our Start Here page to learn how you can do more with IPv6. The time is now.