Just a guy in Vermont trying to connect all the dots...
Author's posts
Sep 08
Yea! LinkedIn Joins Facebook And Google In Permanently Enabling IPv6
We were delighted to read today that LinkedIn has now permanently enabled IPv6 for their website. I proved it myself by visiting the LinkedIn site moments ago using a Google Chrome browser with the IPvFoo extension installed:
As my colleague Phil Roberts writes on the Internet Technology Matters blog:
As they say, “The transition to IPv6 is invisible for our members.” So if you’re a member who has looked at your LinkedIn profile today, you did this over IPv6 and probably weren’t aware. I’m also encouraged that in their trial run before the full launch, they saw about 3% of their members using IPv6 to reach them.
Given that I have native IPv6 in my home office, presumably my connections to LinkedIn from my various devices will now start to all be over IPv6… which is excellent for the growth of the Internet!
Personally, given how much I do with social media, I’m pleased because this now means that with one exception the major social networks I use will all work over IPv6:
- Google … both for Google+ and for YouTube
… which just leaves Twitter as the major social media laggard still stuck on legacy IPv4 (of the social networks I use).
When you consider that other major sites like Yahoo, Wikipedia, AOL, Netflix and thousands of other web sites are now available over IPv6, adding LinkedIn to those sites is a great addition.
Particularly when LinkedIn has a major focus right now of aiming to recruit people to publish content on their platform – this move means that all that new content will now be accessible to all the new networks that are coming online via IPv6.
Congratulations to Zaid Ali Kahn and the rest of the LinkedIn team that made this happen! As he notes in his post:
Rolling out IPv6 at scale was not a trivial task. Our IPv6 task force has worked for a year to ensure today’s smooth addition of IPv6 connectivity. We did many code changes and a series of production tests along the way, including a recent 42-hour global test where we saw approximately 3 percent of members visiting LinkedIn services via IPv6. The IPv6 task force was a collective effort of many talented individuals across engineering and operational teams.
Congrats! And we look forward to many other content providers and web sites joining the production version of the Internet running over IPv6!
If you want to get started with making the move to IPv6, please see our Start Here page to find resources most appropriate to your type of organization. If you operate a web site like LinkedIn, you may find our “IPv6 for content providers” page the easiest place to start. And please do let us know if you need more help!
Sep 08
FIR #772 – 9/8/14 – For Immediate Release
Sep 08
Watch UKNOF Today To Learn About IPv6, IXPs, Internet Connectivity
Want to learn about IPv6, Internet Exchange Points (IXPs) and some of the latest connectivity ideas in the United Kingdom? If so, you can watch the live webcast of UKNOF 29 starting today, September 8, 2014, at 13:30 British Summer Time (BST, which is UTC+1). The critical links to know are:
Today’s sessions are mainly focused on network operations and Internet connectivity and include:
- HEAnet’s Optical Backbone & School’s Connectivity
- Watery Wireless
- Options for Metro 100Gig
- Network Function Virtualisation, bringing virtualised network infrastructure into the cloud
- Broadcast editing and delivery over IP (from the BBC)
- LINX’s UK regional peering strategy
- An overview of BT’s network infrastructure in Ireland and Northern Ireland including connectivity to the the rest of the UK
- UKNOF Status Update
Tomorrow, Tuesday, September 9, 2014, the morning sessions include some that may be of interest to our readers and then the afternoon will be our ION Belfast event. Here’s the current UKNOF agenda going from 09:30-12:35 BST:
- Latest Internet Plague: Random Subdomain Attacks (about DNS security)
- Tales of the unexpected – handling unusual DNS client behaviour
- Using 100 Billion DNS Queries to Analyse the Name Collision Problem
- What went wrong with IPv6?
- IPv6-only Data Centres
- Introduction of UK IPv6 Council
In particular I would point your attention to the “What went wrong with IPv6?” talk at 11:30 BST by Dave Wilson from HEAnet. He recently gave a version of this talk at RIPE 68 and both the video and the slides from that talk are available. He asks some great questions and, I think, has some great ideas for we can advance IPv6 deployment – definitely worth listening to!
After a lunch break, our ION Belfast event will then begin with a packed agenda talking about IPv6, DNSSEC and securing BGP. That, too, will be webcast live for all to see!
All in all it will be two days of outstanding sessions talking about the Internet’s infrastructure and how we can make it work better, faster and more secure!
I hope you will join me in tuning in to watch!
Sep 05
New RFC 7344 – Aiming To Solve The DS Upload Issue in DNSSEC
How can we automate the communication between a DNS operator and a registrar when a DNSSEC key has changed?
I saw this issue very starkly myself the other week when I received 4 email messages from one of the DNS hosting operators I use telling me that new Key Signing Keys (KSKs) had been generated for four of my domains. Now, on one level this was good, in that they were automagically rolling the KSKs over without me having to do anything. However… they had no way to tell the registrars for those domains that a new DNSKEY record (and therefore a DS record) had been created. In other words:
The global chain of trust was now broken for those four domains.
Any DNS resolver performing DNSSEC validation would now find a broken chain of trust and would send back a SERVFAIL. People behind a DNSSEC-validating DNS server would not be able to reach my site.
Now, this happens for me because I use a different operator for my DNS servers than my registrar. If you think of the different players involved in the DNSSEC process, very often a registrar is also acting as a DNS hosting operator. In other words, when you register your domain with a registrar, they are also providing the DNS services for you. In that case the DNS hosting side of the company can communicate to the registrar side of the company that there is a new key and all can work well.
However, in my case the company providing DNS services for me is different from my registrar. I am paying a company for DNS hosting – but I could instead be hosting my own authoritative DNS servers. This might be common if I were an enterprise / business that operated my own data centers, for instance.
The key point here is that a registrar needs to pass a Delegation Signer (DS) record (or in some cases a DNSKEY record) up to the registry for the top-level domain (ex., .org, .com, .whatever). This needs to happen in order to have the “global chain of trust” work and to be sure that the DNSSEC signatures are not being falsified.
Within the DNSOP working group in the IETF we’ve been debating a number of proposals about how to fix this for quite some time. One of those proposals has now been issued as an Informational RFC 7344:
http://tools.ietf.org/html/rfc7344
Formally titled “Automating DNSSEC Delegation Trust Maintenance“, the RFC specifies the creation of two new DNS record types that you would use to signal to a parent zone (for example, a top-level domain registry) that you have a new DNSSEC record that the parent zone needs to retrieve. The two records are:
- CDS
- CDNSKEY
Typically you would probably use one or the other depending upon what your TLD registry requires, but both are specified within the RFC 7344.
The RFC goes into much greater detail, but in a nutshell it would work something like this:
- As the DNS operator of EXAMPLE.ORG, I would generate a new DNSKEY record (for the KSK).
- I would also generate a DS record and publish that as a CDS record.
- The parent zone, .ORG in this example, would notice that a new CDS record has been published.
- The .ORG registry would retrieve my CDS record and then publish it as a DS record for my zone.
- Once the DS record has been published I could then stop publishing the CDS record until the next time I made a change.
The global chain of trust would now be intact.
The key challenge of this approach is step #3 – how does the parent zone notice that a new CDS record has been published?
This is a critical point and one that was debated at some length. The primary thinking is that parent zones that want to use this type of approach would create some kind of “parental agent” that would poll zones periodically to see if there are new CDS records out there. RFC 7344 gets into this in section 6.1 and suggests that there could be both polling and pushing mechanisms developed. Such software is not yet out there, but now that the RFC is out it can certainly be developed.
In any event, this RFC 7344 is now out there providing one potential solution to this “DS upload” problem. What do you think? Is this something you can see implementing? Would you like to see your registries, registrars and DNS hosting operators supporting this approach? Do you have another idea?
P.S. Want to get started with DNSSEC? Please visit our “Start Here” page to find appropriate resources…
Sep 05
MarketingPodcasts.com Coming Soon From Jay Baer
Jay Baer is the force behind the site and said last month on Google+ only this:
Soon, I am launching MarketingPodcasts.com the search engine for podcasts about all things marketing and communications.
One of our key features will be podcast reviews (like Pitchfork, for you indie music geeks).
As readers probably know, I am a weekly contributor to the For Immediate Release (FIR) podcast that focuses on the intersection of social media and public relations, business and marketing. I am a huge fan of audio podcasting, and FIR is just one of the podcasts to which I contribute. I also enjoy listening to podcasts... and so I'll be intrigued to see what Jay surfaces through this new site.
Right now you can just provide your email address to be notified when the site goes live. We'll see, hopefully soon, what it is all about!
If you found this post interesting or useful, please consider either:
- following me on Twitter;
- adding me to a circle on Google+;
- following me on App.net;
- subscribing to my email newsletter; or
- subscribing to the RSS feed.
Sep 04
Walk-Through: Skype 5.4 For iPhone Lets You Host Audio Conference Calls
A couple of caveats and thoughts from the testing:
- As Gary Wong noted in his blog post this first release is limited to four people in a group audio call.
- It seems from the testing described below that the "group audio call" is limited to Skype users. I couldn't find a way to add in a call to an external phone number.
- It also seems to be limited to the iPhone and is not yet available on the iPad.
- Image sharing isn't seamless between Skype for iPhone users and Skype desktop users.
- The user interface was a bit troubling when switching between parts of the group call.
With that in mind, here are more details...
An Architecture Change For Audio Conferencing
What's interesting is that this capability is a change from the way that Skype has historically "hosted" audio conferences. With the existing Skype desktop clients, when you launch an audio conference call, your computer does all the mixing of the audio streams.
For this reason, if you want the best quality audio conference (or "group audio call"... I note that Skype is pointedly avoiding using the term "conference call") your smartest plan is usually to find the person with the fastest computer and fastest Internet connection. The combination of those two factors can make your audio call work the best.
Perhaps obviously, as powerful as they are, today's smartphones aren't going to have the CPU or bandwidth to do all the mixing of the audio streams and sending them back out to all participants.
So this new "group audio call" feature from Skype has to be using some audio mixing happening back in servers in Microsoft/Skype's "cloud" (also known as their "central data centers"). Your iPhone then becomes the control center for the group audio call and also sends your audio stream and receives back the mixed audio stream.
Walking Through Group Audio Calls
Naturally I had to try this out and enlisted the help of two long-time fellow testers - Jim Courtney and Phil Wolff.
Part of this new feature is that there is now a "phone" icon at the bottom of every chat window on your iPhone. A simple tap of that phone icon will initiate a group call with "everyone" in that chat. I didn't have Jim and Phil in a group chat smaller than the 4-person limit, so I started out with a regular voice call via Skype to Jim. I then tapped on the "add a person" icon in the lower right and added in Phil. As the call was connecting to Phil, here is what it looked like:
After Phil accepted the call, I could tap on the "multiple person" (or "group") icon at the top and see a list of who was on the call:
Tapping the "star" icon on the bottom would add this to my "Favorites" in the iPhone Skype client. Tapping the "..." button brought up a small set of options:
Choosing to "rename group" let me give it a new name ("Testing Skype") which then appeared at the top of the window:
Now, Jim and I were both using Skype on our iPhones while Phil was connected using Skype on his Mac. Neither Jim nor I could easily figure out how to start a text chat, but as part of the call Phil had a chat open up in his Mac Skype client. Once he typed in that, Jim and I both had a chat window on our iPhone:
Jim and I could then enter in messages in our iPhone clients without any problems. I also had a Mac Skype client open and Jim had a Windows Skype client open and we could see the chat messages there, too, and could type messages in those clients - it all worked fine.
One interesting issue was the support of sharing files or photos across the clients. When Phil dropped a photo into the chat on his Mac desktop client, I was unable to see it in my iPhone:
Tapping the "i" icon next to the message brought me to a page explaining that the iPhone client only used Skype's new "cloud-based" photo sharing service. Curious to explore this more, I tapped the camera icon and shared out an image I had on my iPhone. The result was visible to both Jim and I (and no, that's not me but rather a contractor working on our house):
However, now Phil was not able to see the photo in his Mac desktop client (nor was I) but was instead directed to go to a URL in his browser to see the image:
Phil said on our call that in order to view that photo he had to login to his Skype account. After our 10 minutes or so of testing this, Phil dropped off and navigating back to the "call" screen I could see that he was no longer on the call:
At this point I could have tapped on the green phone icon to bring Phil back in, but we were done.
When this was over, I did now have my new "Testing Skype" chat with Jim and Phil in it - and at the bottom was a phone icon. Jim tapped the phone icon on his iPhone and reconnected all three of us into a call.
Final Thoughts
If I used Skype on my iPhone a great amount, I could see how this feature would be quite useful for initiating group audio calls. I could create a "group" (effectively a "chat") with a group of people and add that to my "favorites". Then I could simply go into my "favorites" on my iPhone client and initiate the call. Obviously the initial four-person restriction limits the usefulness to only small teams/groups right now, but presumably Microsoft/Skype will raise that limit over time as this feature rolls out more.
The audio quality was fine. I didn't see a way to find out the technical details, but the audio sounded high quality, i.e. it was using Silk or another wideband codec to give rich audio.
I did find the navigation to be a bit cumbersome and not intuitive. Switching between the chat window, the "call status" window (showing the participants) and the regular call window was not as easy as I would have liked. It took some poking and tapping to figure out how to move around.
We did wonder why Skype was rolling out this particular feature right now. Phil wondered if there might be competitive pressures with Apple's announcements coming on Tuesday - for example, will we see group audio calls for Apple's Facetime? We'll have to tune in to see!
It also may purely be Skype seeking to reclaim some of the leadership on features for OTT voice apps given that so many other players have entered the market. Whatever the case... the feature is now out there and available for iPhone users.
If you'd like to try this out yourself, you should be able to download an update from the AppStore.
If you have already tried it, what do you think?
An audio commentary on this topic is also available on SoundCloud:
If you found this post interesting or useful, please consider either:
- following me on Twitter;
- adding me to a circle on Google+;
- following me on App.net
- subscribing to my email newsletter; or
- subscribing to the RSS feed
Sep 04
TDYR 172 Testing Skype’s New Audio Conferencing On The iPhone
Sep 04
WordPress 4.0 Provides A MUCH Better Editing Experience!
The other features in WordPress 4.0 are also cool. Being able to more easily work with the media library will be nice. Having the embeds automagically appear in the post without needing to preview will also help save time and let you know how the post will look. Improving the plugin directory is nice, too, although right now I'm pretty set with the plugins I need on my various sites.
It's the improved editing experience that I'm really looking forward to using more. I've already upgraded several of my sites and I like the experience so far. Tomorrow I'll upgrade Deploy360 which is where I expect to reap the biggest benefit.
What about you? Have you upgraded yet? Do you like it? (Keeping in mind that there is nothing special about WordPress "4.0" other than that it is the release between "3.9" and "4.1"... i.e. it's not a "big" release but rather just another "regular" WordPress release.)
Here's the WordPress 4.0 release video showing some of the new features:
If you found this post interesting or useful, please consider either:
- following me on Twitter;
- adding me to a circle on Google+;
- following me on App.net;
- subscribing to my email newsletter; or
- subscribing to the RSS feed.
Sep 04
VoiceOps – Mitigating SIP Threats With SBC Policies, Auto-Blacklisting
There’s a good discussion going on right now (September 2014) in the VoiceOps mailing list about how you can mitigate SIP threats by configuring the policies and settings on your session border controller (SBC). It started out with a detailed question from Robert Nystrom asking about how to configure an Acme Packet SBC in the most secure manner and asking about how best to configure access control lists (ACLs). Several answers can be seen in the VoiceOps archive from folks such as Ryan Delgrosso, Mark Lindsey, Jim Gast and Patrick McNeil, offering commentary and suggestions about how best to proceed.
If you are not already subscribed, the VoiceOps mailing list is a great resource. As stated on the subscription page:
This list is for discussions related to managing voice networks, both traditional and IP.
The VOIP Operators’ Group (VOG) charter is to facilitate the creation, maintenance, and operations of Voice over Internet Protocol (VOIP) related networks, products, and services.
Similar to the North American Network Operators’ Group (NANOG), The Voice Operators’ Group seeks to assist in the creation of a robust, stable and growing VOIP ecosystem.
While the topics are definitely not all about security, I would encourage you to join the list if you do anything with the operation of VoIP networks – or if you are just curious to learn more about such networks.
Sep 03