Just a guy in Vermont trying to connect all the dots...
Dan York
Author's posts
Mar 21
Google Is Now Always Using TLS/SSL for Gmail Connections
We were pleased today to read that Google is now changing their Gmail service to always use TLS-encrypted connections. As they note in their announcement blog post:
Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email. Gmail has supported HTTPS since the day it launched, and in 2010 we made HTTPS the default. Today’s change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers—no matter if you’re using public WiFi or logging in from your computer, phone or tablet.
The key point is the one I emphasized in bold in the text: attackers cannot listen in on your messages as they go between your mail client (which could be your web browser) and Gmail’s servers. Obviously the messages could still be potentially viewed either on your client device or on Gmail’s servers… but this step is removing the ability for the messages to be viewed “on the wire”.
This is a great example of the kind of action we’d like to see to make communication over the Internet more secure- and why we launched our new “TLS for Applications” section of this site. We want to encourage more application providers and developers to make the steps that Google has done here.
Kudos to the Google/Gmail team for taking this step!
Mar 21
Last Day To RSVP For ICANN 49 DNSSEC Implementers Gathering March 26 in Singapore
Will you be at ICANN 49 in Singapore next week? And are you deploying DNSSEC and interested in meeting with others who are also doing so?
As we mentioned earlier this week, there are three sessions at ICANN 49 focused on DNSSEC and one of those is an “informal gathering of DNSSEC implementers” on the evening of March 26 from 19:30-21:30 (or later). This is a time to share experiences, exchange information and just generally interact with other people involved with deploying DNSSEC. As ICANN’s Julie Hedlund wrote in a note to various email lists:
This is a unique opportunity to meet with and talk to key implementers, such as CNNIC, JPRS, NZNIC, CIRA, CZNIC, Nominet UK, SIDN, and others. We do ask that in order to participate you should come prepared to say a few words about your experiences.
It’s a great chance to meet people working with DNSSEC. If you will be in Singapore and interested in joining us, please RSVP by the close of business TODAY (21 March 2014) so that we can have accurate information for the location of the event. Details and location information will be sent via email to all those who have RSVP’d.
See (some of) you in Singapore!
Mar 20
Microsoft Publishes Guide To Deploying DNSSEC In Windows Server 2012
Do you work in an enterprise using Microsoft Windows Server 2012 and are interested in either deploying DNSSEC validation to provide better security to your users – and/or securing your own DNS zones using DNSSEC?
If so, the good folks at Microsoft just recently released a new guide “DNSSEC in Windows Server 2012” that guides you through what you need to do to deploy DNSSEC in Windows Server 2012 and Windows Server 2012 R2. I’d note that it covers both the validation and signing sides of DNSSEC.
The document has four major sections:
- Overview of DNSSEC
- DNSSEC in Windows
- DNSSEC Deployment Planning
- Deploy DNSSEC with Windows Server 2012
as well as few appendices. The document goes into quite a deep level of detail with how DNSSEC is integrated into various aspects of Windows Server 2012. The “Deployment Planning” section seemed quite useful, too, as it explored some of the performance requirements and also suggested a process for staging a deployment.
In reading through the document, I was quite impressed by the “Deploy DNSSEC with Windows Server 2012″ section that includes many different checklists to help administrators know precisely what they need to be doing. While I don’t personally work with a Windows Server 2012, the checklists seemed to be covering the areas that I would want them to cover.
As we look to get more enterprises doing DNSSEC validation and also signing their own zones, it is great to see this document come out of Microsoft! If you work with Microsoft Windows Server 2012, definitely do give it a look – and start deploying DNSSEC today!
Mar 20
Flying Around The Globe (Literally)
As someone who enjoys maps, globes and all things related to geography, I found it kind of cool this morning to realize that my travel this weekend to ICANN 49 in Singapore (to be involved with activities related to DNSSEC (DNS Security)) will take me "around the world" in a somewhat literal manner. I will start off flying east from Boston to London and on to Singapore - and then will return flying east to Hong Kong and then to Chicago and back to Boston.
Of course, as the "Great Circle Mapper" site reminded me, my "circle" may not be quite as round as I was thinking it would be because the flights will probably take the northern route shown on this awesome image below:
Still, it is rather fun to see that this trip will go in some kind of loop around the world.
I talked about this in one of my "The Dan York Report" podcasts this morning:
I mentioned a "write-on" globe that I use to show where I will be traveling for my kids. While I bought it at the headquarters of Delorme Maps up in Freeport, Maine, the globe itself turns out to be made by Replogle as the "Geographer Globe". You can probably find it in stores that sell globes or on various online sites. Here is one link to buy it on Amazon.com[1], although you may be able to find it at other places for less.
It's been fun to use that globe to give my family a sense of where I am going.
It also serves to remind me of just how long I'm going to be in airborne metal tubes! :-(
[1] In full disclosure, this link to Amazon is an "associate" link. If you were to actually purchase the globe, I would make a tiny amount of money for the referral. If you think that has any influence on my writing about it, you obviously don't know me well. :-)
Mar 20
TDYR #133 – Flying A Circle Around The World To/From Singapore
This morning I realized that with my upcoming travel to Singapore I'm going to be traveling completely around the world with my particular flights. Being a lover of maps, globes and geography, I just found this kind of cool...
Here is what I'm doing in Singapore:
http://www.internetsociety.org/deploy360/blog/2014/03/3-dnssec-sessions-at-icann-49-next-week-in-singapore/
And the "write-on" globe I mentioned turns out to be the Replogle "Geographer" Globe that can be found in many online sites. Here is a link to buy it at Amazon: http://amzn.to/1ozAkFU
Mar 19
3 DNSSEC Sessions At ICANN 49 Next Week In Singapore
Next week we’ll be at ICANN 49 in Singapore for several excellent DNSSEC-related sessions, two of which will also be streamed live for those who want to watch remotely.
DNSSEC For Everybody: A Beginner’s Guide
First up on Monday, March 24, 2014, in the late afternoon from 17:00 – 18:30 Singapore time will be the DNSSEC For Everybody: A Beginner’s Guide session where we start at the very basic level of why should anyone care about DNSSEC and get into what kind of problem we are trying to solve. This session includes a skit (seriously!) where we act out DNS and DNSSEC transactions. We even have some newer props this time around… so it will be a bit of fun and our feedback has been that this helps people greatly in understanding what DNSSEC is all about.
You can listen remotely via an audio stream or listen and view the slides via a a virtual meeting room. Details are on the program page.
DNSSEC Workshop
The BIG event of the week is the DNSSEC Workshop on Wednesday, March 26, where we meet from 8:30 – 14:45 Singapore time for this detailed session diving into many different aspects of DNSSEC. I’m on the Program Committee for the workshop and I can tell you that there will be some excellent presentations at this session. The slides and full agenda will be available soon, but the major areas of discussion will include:
- Introduction and DNSSEC Deployment Around the World
- DNSSEC Activities in the Asia Pacific region
- Guidance for Registrars in Supporting DNSSEC
- The Operational Realities of Running DNSSEC
- Preparing for Root Key Rollover
- Implementing DNSSEC Validation At Internet Service Providers (ISPs) DANE and DNSSEC Applications
[UPDATE: The slides and full agenda are now available.]
The workshop continues to attract some of the best technical people involved with DNSSEC and the conversations and discussions that happen there provide outstanding value to those interested in these topics. If you’re interested in DNSSEC and how it can make the Internet more secure, I highly recommend you tuning in!
You can listen remotely via an audio stream or listen and view the slides via a a virtual meeting room. Details are on the program page.
DNSSEC Implementers Gathering
Finally, Wednesday evening from 19:30-21:30 (or later) some of us will join in an “informal gathering of DNSSEC implementers” at a nearby restaurant/bar. This is a time to share experiences, exchange information and just generally interact with other people involved with deploying DNSSEC. As ICANN’s Julie Hedlund wrote in a note to various email lists:
This is a unique opportunity to meet with and talk to key implementers, such as CNNIC, JPRS, NZNIC, CIRA, CZNIC, Nominet UK, SIDN, and others. We do ask that in order to participate you should come prepared to say a few words about your experiences.
It’s been a fun time at past events and generated both good conversations and connections for future work activities after the meetings are over.
It should perhaps be obvious but this event will NOT be available for remote participation. If you will be in Singapore, though, and are interested in interacting with others who are deploying DNSSEC, you are welcome to join us. As Julie requests, please RSVP by close of business on this Friday, March 21, 2014.
Say Hello!
I will be there in Singapore as will Chris Grundemann from our team. Please do say hello – you can find me at any of these events and also around other areas of ICANN. You can also email us at deploy360@isoc.org if you’d like to meet with us. You can also contact us via Twitter, Facebook or Google+.
Mar 19
TDYR #132 – And On The 77th Day, The Streak Endeth …
TDYR #132 - And On The 77th Day, The Streak Endeth ... by Dan York
Mar 18
Dramatic IPv6 Growth Now Visible Via Trend Charts On World IPv6 Launch Measurements
Here’s something very cool… you can now see the dramatic growth in IPv6 usage seen in the World IPv6 Launch measurements by way of new trend charts provided for the top 10 networks. Here’s an example of the chart for Verizon Wireless:
The graphs for Comcast, Time Warner Cable, Deutsche Telekom and others in the top 10 are equally compelling, although a couple do admittedly show less dramatic (or even almost flat) growth. Our colleague Mat Ford announced these new trend graphs in a post to the World IPv6 Launch blog yesterday, along with some other info about some of the growth in individual networks. He also includes a graph showing the strong growth in IPv6 deployment from the Cloudflare CDN.
Keep in mind, as we wrote about last month, that as mentioned on the bottom of the World IPv6 Launch measurements page, the measurements are for the % of IPv6 deployment that is seen from each registered network by the four companies participating in the measurements program: Google, Facebook, Yahoo! and Akamai. The various methodologies used by the four companies are explained at the bottom of that page.
It’s great to see these graphs and to see the ongoing rise of IPv6 deployment! How can we help you get started? (Tip: You may want to start by looking at our IPv6 resources.)
P.S. If any of you will be at the IPv6 World Congress happening in Paris, France, this week, our colleague Phil Roberts will be presenting there tomorrow, Wednesday, March 19, at 5:10pm CET on this topic of measuring IPv6 deployment. You are welcome to meet him there and talk more about these measurements.
Mar 17
TDYR #131 – The Big Fail In Getty Images’ “Free” Embedding
Getty Images recently announced that 35 million of their highly acclaimed images would be available for "free" embedding... the only problem is that the actual implementation doesn't allow social sharing - a major requirement for most people using images today. I wrote more about this on my Disruptive Conversations blog at:
http://www.disruptiveconversations.com/2014/03/one-screenshot-to-show-how-getty-images-free-offer-fails-and-why-i-will-not-use-it.html
Mar 17
One Screenshot To Show How Getty Images’ "Free" Offer FAILS – And Why I Will Not Use It
Much has been made over the past few weeks about Getty Images allowing the free embedding of over 35 million images from Getty's vast library. The Verge ran a glowing piece and Neville Hobson summarized a good bit of the early coverage. While I commend Getty Images on trying to evolve their business model in the era of the Internet, here's the reality:
I will NOT use this service - and I can't imagine why anyone else would who wants their content found via social networks.
Here is one screenshot to show why Getty Image's service fails.. I used a Getty Images embed in my last post here and this is what happened when I tried to share the link on Facebook:
Here's a second screenshot of sharing the post out in Google+:
Do you see the problem?
WHERE IS THE IMAGE FROM GETTY IMAGES???
That's right... IT'S NOT THERE!
The image appears in the post itself, of course, but it doesn't appear when you try to share the image out in social networks.
Which is... often... THE ENTIRE POINT of why I am including an image in a blog post. I want something visual that will illustrate the points I'm making in the post - but also that will be attractive when the post is shared out on social media.
So for me this is a reason why I will pretty much never use this new offer from Getty Images.
There are host of other issues, as well, as outlined by Brian Krogsgard in a recent post, but for me the one that kills the whole deal is the lack of the ability for the image to appear in social sharing.
Again, I commend Getty Images on trying to figure out how to evolve their business in the Internet age, but this implementation needs to evolve before it will be useful for people like me.
What do you think? Are you planning to use this new service?
I recorded an audio commentary on this issue as well:
If you found this post interesting or useful, please consider either:
- following me on Twitter;
- adding me to a circle on Google+;
- following me on App.net;
- subscribing to my email newsletter; or
- subscribing to the RSS feed.
