Dan York

Just a guy in Vermont trying to connect all the dots...

Author's posts

Sep 16

FIR #721 – 9/16/13 – For Immediate Release

By Dan York

FIR app for Windows 8 available; FIR Interview with Chris Muccio is up; FIR on Strategy with Andrea Vascellari is coming soon; Quick News: Mondelez partners with Twitter, Vodaphone's best-practice use of Twitter for customer service, in-bound marketing takes a back seat in agencies, Telegraph hires PBS exec in transition to digital; Ragan promo; News That Fits: the Twitter IPO, Michael Netzley's Asia report, McKinsey study shows execs are bullish on digital, Media Monitoring Minute from CustomScoop, listener comments, don't hide behind a Chief Digital Officer, Dan York's report, companies doing a lousy job explaining social purpose; how to comment; music from Tasherra Project; and more.

Podcasts

Sep 13

Watch LIVE Now – Jan Zorz at UKNOF Talking About Best Current Operational Practices (BCOP)

By Dan York in BCOP

Curious to learn about efforts to capture best current operational practices (BCOPs) from network operators around the world? In the next 15-30 minutes, our colleague Jan Zorz will be speaking on this topic at the UK Network Operators Forum. The live stream can be viewed at:

http://uknof.bogons.net/uknof26.html

Jan’s slides are also available online. From the UKNOF 26 agenda, here is the abstract of what Jan will be speaking about:

There is an opportunity to better identify, capture, and promote best current operational practices documents emerging from various regional network operators’ groups. We believe sharing these documents across the globe would benefit the wider Internet community and help more operators deploy new technologies like IPv6 and DNSSEC faster and easier.

In addition, there is an opportunity to improve communications between the Internet Engineering Task Force (IETF) standards making process and operators around the globe. We believe standards could be better designed and implemented if more operators that actually use them in their real-world networks agreed on what they need and provided more feedback into the RFC process within the IETF.

In this presentation, Jan Zorz from the Internet Society Deploy360 Programme will discuss options on how to start answering three specific questions:

Would operators benefit from documenting the best current operational practices in different regions and globally?

What might be the best path forward to closing these communication gaps and creating such a document repositories?

Do you agree that there is a communication gap between the IETF and real-world network operators?

Many operators need down-to-earth information on how to fix their current issues and how to implement new technologies coming out of the IETF. How can the Internet Society help facilitate this work?

Events

Sep 12

FreeBSD 10 To Include OpenSSH With DNSSEC Support (for SSHFP records)

By Dan York in DANE, DNS, DNSSEC, OpenSSH, ssh

Very cool news out of the FreeBSD team yesterday… the upcoming FreeBSD 10 will include support in OpenSSH for DNSSEC. The key point is this:

This means that OpenSSH will silently trust DNSSEC-signed SSHFP records.

What this means is this: when you go to ssh into an unknown system (i.e. one that is not in your “known_hosts” file), OpenSSH will do a query for a SSHFP record and use DNSSEC validation to ensure that the SSHFP record is indeed the one that the domain operator wants you to use.

This process of using a SSHFP record was defined in RFC 4255 back in 2006. If you are familiar with how ssh (a.k.a. “secure shell“) works, when you connect to an unknown system for the first time you are presented with the “fingerprint” of the public key of the server to which you are connecting. In theory you could verify this fingerprint through some out-of-band mechanism (perhaps seeing it on a web page or having received it separately in an email). In practice, the vast majority of people just hit enter/return or type “yes” or something like that.

In the RFC 4255 mechanism, the operator of the server would publish a SSHFP record in DNS that would have the fingerprint of the SSH public key. This is the same key fingerprint that would normally be presented to a user. By using DNSSEC to sign the DNS zone that includes the SSHFP record, the server operator can provide a method for a DNSSEC-validating SSH client to verify that the SSH fingerprint is in fact the one that should be used to connect to the server.

This creates a higher level of trust and security in SSH connections.

It’s great to see this added to FreeBSD 10, which, according to the FreeBSD Release Engineering page, should be available sometime in November 2013.

For those curious, the SSHFP record is similar to what was defined six years later in RFC 6698 for the DANE protocol, which is really no surprise as they share a common author, Jakob Schlyter. DANE’s TLSA record is a bit more complex and, for instance, allows for the inclusion of a complete SSL/TLS certificate rather than just a fingerprint. In both cases, though, the idea is the same – use a DNS record to provide a means to verify a public key, and use DNSSEC to provide integrity protection so you know that you can trust the DNS record.

Great to see this being rolled out in an enabled state. Kudos to the FreeBSD team for doing this!

FreeBSD

Sep 12

TDYR #035 – WiFi Cafés And Shaking Up The (Home) Office Routine

By Dan York

Do you sometimes need to change your location to break up your work routine? Maybe work from a different place? Or a different part of your office? In this episode I talk about this a bit from my perspective of working out of a home office...

Sep 11

“Impact IPv6″ Aims To Expand IPv6 Usage Throughout Cameroon

By Dan York in grants

How will IPv6 improve Internet capabilities in Cameroon? In a recent post on our main Internet Society blog titled “Preparing Cameroon for the future“, Victor Ndonnang speaks about part of the rationale for the work he and a team of people are doing as part of the “Impact IPv6″ project:

‘Imagine, in the next two, three or five years, when more of the people of Cameroon have the ability to connect to the Internet, and we can’t, because the Internet is “full”!’ says Ndonnang.

With funding from an Internet Society Community Grant, Victor and his colleagues have trained over 100 people and already have several local Internet Service Providers (ISPs) working with IPv6, with more committing to do so soon. As noted in the article:

… engineers and managers from Cameroon’s National ICT Agency have been trained through the project and are now working to activate a National IPv6 Task force transition. If the trend continues, the country will build its new technical infrastructure based on the latest internet protocol technology, making national networks far better prepared for growth.

It is incredibly inspiring to read of the work of the group in the Cameroon and we hope that it will serve as an inspiration for other regions who are looking to bring Internet access to more people. If those new networks can be planned from the start with IPv6, they will be so much more successful in the future!

Congratulations to Victor and his colleagues… and we look forward to hearing of their continued success!

P.S. You, too, can apply for an Internet Society Community Grant - the next deadline is October 1, 2013! Read more about the community grants application process and submit your idea today!

IPv6

Sep 10

TDYR #034 – Initial Thoughts On Apple’s iPhone 5c, 5s Announcement

By Dan York

With Apple's announcement of the iPhone 5c and 5s today, I spoke about my initial thoughts on the news... and desire to play with the fingerprint sensor on the 5s. What do you think about the news? Interesting? Just "meh"? Will you upgrade? More info: http://thenextweb.com/apple/2013/09/10/heres-a-complete-roundup-of-everything-apple-announced-today/ http://gigaom.com/2013/09/10/apple-shows-the-lte-love-going-for-near-global-4g-support-in-the-iphone-5s-and-5c/ http://techcrunch.com/2013/09/10/apples-touch-id-a-500ppi-fingerprint-sensor-built-into-iphone-5s-home-button/

Sep 09

IETF Chair’s Statement On Security, Privacy And Widespread Internet Monitoring (Featured Blog)

By Dan York

This weekend Jari Arkko, Chair of the Internet Engineering Task Force (IETF), and Stephen Farrell, IETF Security Area Director, published a joint statement on the IETF blog titled: "Security and Pervasive Monitoring"... They go on to outline some of the IETF's general principles around security and privacy as well as some of the new developments. They also point out a vigorous (and still ongoing) discussion within the IETF around how to improve the security of the Internet in light of recent disclosures. More...

Sep 09

New DNSSEC Deployment Maps Available

By Dan York in DNSSEC, maps

Curious to see where DNSSEC is being deployed around the world? I’m pleased to note that we’ve updated the DNSSEC deployment maps we have available at:

http://www.internetsociety.org/deploy360/dnssec/maps/

These maps are produced by the team at Shinkuro, Inc. The data on the map should line up with other sources of DNSSEC statistics, such as ICANN’s TLD DNSSEC Report, although the Shinkuro maps do reflect additional information about planned deployments gathered from industry sources and ccTLD operators.

Note that these maps represent signed top-level domains (TLDs), which you need before you can sign your domain using a registrar and DNS hosting provider. Additional sites with statistics about the number of signed domains under various TLDs can be found on our DNSSEC statistics page.

We’re pleased to see the continued growth of DNSSEC around the world. Have you signed your domain and/or set up DNSSEC validation yet? If not, how can we help you get started?

Statistics

Sep 03

Microsoft Buys Nokia – Was There Really Another Choice?

By Dan York in Telecom Industry, Wireless

Techmeme microsoft Microsoft accomplished something today they haven't done for a while (at least in my memory) - they dominated the main page of Techmeme and had a great amount of the tech media talking about them.

The news, of course, is of Microsoft's purchase of Nokia's Devices and Services business and licensing of Nokia's patents and mapping services.

Is anyone truly surprised by this?

Consider:

Microsoft is being beaten in the market by Apple and Google as everything moves to mobile. Their only hope was Nokia, who provided a hardware platform that would run Windows Phone.
Nokia is being beaten in the market by Apple and Google as everything moves to smartphones. Their only hope was Microsoft, who provided a different mobile operating system for their devices that gave them a competitive angle.

Given those conditions, the marriage makes a certain amount of sense.

But... you only have to scroll down that Techmeme page (captured at 1:30pm US ET today) to realize how desperate a situation this is for both companies.

First, news is out that Apple is holding an event one week from today on September 10 where they are widely expected to announce new iPhones, including potentially a lower cost iPhone 5C. They are also expected to announce a release date for iOS 7 ... and who knows what else is in store.

Second, Google announced the next version 4.4 of the Android operating system, named "KitKat", along with a branding deal with Nestle, makers of the KitKat candy. The first link also points to a Google+ post from Google's Sundar Pichai where he states that over 1 billion Android devices have been activated.

Third, Amazon announced the 6th generation of their Kindle, and while it is not a phone, per se, it is a massively used mobile device. Amazon continues to learn and evolve their devices and has been rumored for years to be contemplating entering the smartphone space. Jeff Bezos thinks in the long term and so could easily be biding his time.

Meanwhile, Nokia sold a whopping 7 million Windows phones last quarter (per IDC).

Microsoft and Nokia need each other, if for no other reason then they don't really have a choice. They bet on each other... and it doesn't seem to be working out so well. Their only hope is really the "synergy" or whatever other marketing buzzwords you want to apply to the merged entity.

I agree with much of what Om Malik wrote today, "Why I think the $7.2 billion Microsoft-Nokia deal is a terrible idea", largely for the reasons I wrote earlier... while Microsoft and Nokia work to make this deal happen - and then the actual integration - Apple, Google, Amazon and others will be rolling out the next versions of their massively successful mobile devices.

Microsoft's "Strategic Rationale" document lays out a glowing plan... let's see if they can execute on it - and whether it turns out to be too little, too late. I wouldn't completely count Microsoft out, as they do have great resources and capacity, but they are definitely far behind.

As a consumer, I definitely would like to have a third major ecosystem for mobile devices. The question is whether Microsoft/Nokia can emerge as that third ecosystem...

What do you think? Smart move? A yawn? Or the proverbial rearranging deck chairs on the Titanic?

P.S. The most entertaining take on today's news definitely has to be the "Dear MR NOKIA!" post written in the style of the emails probably all of us have received. :-)

An audio version of this post is available at: