Just a guy in Vermont trying to connect all the dots...
Dan York
Author's posts
Sep 16
Google Confirms Having IPv6 And IPv4 Will NOT Cause Duplicate Content Issues For Search Ranking
Great to see Google’s Matt Cutts formally confirming what many have us have assumed all along – that making a website available over both IPv6 and IPv4 would not bring about a “duplicate content” issue that would incur penalties in search engine ranking. The question Matt answers is:
As we are now closer than ever to switching to IPv6, could you please share info on how Google will evaluate websites. One website being in IPv4, exactly the same one in IPv6 – isn’t it considered duplicate content?
Here’s Matt’s response saying that there won’t be an issue:
If this was a reason you were hearing for NOT moving to IPv6, consider it addressed… why not get started today with making your sites available over IPv6? We’ve got a number of IPv6 resources available for you, including these:
- Tutorial: Making Content Available Over IP
- Video: How To IPv6-Enable ANY Website Using A Content Delivery Network (CDN)
and many more! (And if you can’t find what you need, please let us know! We’re here to help you make the move to IPv6!)
Sep 16
FIR #721 – 9/16/13 – For Immediate Release
FIR app for Windows 8 available; FIR Interview with Chris Muccio is up; FIR on Strategy with Andrea Vascellari is coming soon; Quick News: Mondelez partners with Twitter, Vodaphone's best-practice use of Twitter for customer service, in-bound marketing takes a back seat in agencies, Telegraph hires PBS exec in transition to digital; Ragan promo; News That Fits: the Twitter IPO, Michael Netzley's Asia report, McKinsey study shows execs are bullish on digital, Media Monitoring Minute from CustomScoop, listener comments, don't hide behind a Chief Digital Officer, Dan Yor's report, companies doing a lousy job explaining social purpose; how to comment; music from Tasherra Project; and more.
Sep 16
FIR #721 – 9/16/13 – For Immediate Release
FIR app for Windows 8 available; FIR Interview with Chris Muccio is up; FIR on Strategy with Andrea Vascellari is coming soon; Quick News: Mondelez partners with Twitter, Vodaphone's best-practice use of Twitter for customer service, in-bound marketing takes a back seat in agencies, Telegraph hires PBS exec in transition to digital; Ragan promo; News That Fits: the Twitter IPO, Michael Netzley's Asia report, McKinsey study shows execs are bullish on digital, Media Monitoring Minute from CustomScoop, listener comments, don't hide behind a Chief Digital Officer, Dan York's report, companies doing a lousy job explaining social purpose; how to comment; music from Tasherra Project; and more.
Sep 13
Watch LIVE Now – Jan Zorz at UKNOF Talking About Best Current Operational Practices (BCOP)
Curious to learn about efforts to capture best current operational practices (BCOPs) from network operators around the world? In the next 15-30 minutes, our colleague Jan Zorz will be speaking on this topic at the UK Network Operators Forum. The live stream can be viewed at:
http://uknof.bogons.net/uknof26.html
Jan’s slides are also available online. From the UKNOF 26 agenda, here is the abstract of what Jan will be speaking about:
There is an opportunity to better identify, capture, and promote best current operational practices documents emerging from various regional network operators’ groups. We believe sharing these documents across the globe would benefit the wider Internet community and help more operators deploy new technologies like IPv6 and DNSSEC faster and easier.
In addition, there is an opportunity to improve communications between the Internet Engineering Task Force (IETF) standards making process and operators around the globe. We believe standards could be better designed and implemented if more operators that actually use them in their real-world networks agreed on what they need and provided more feedback into the RFC process within the IETF.
In this presentation, Jan Zorz from the Internet Society Deploy360 Programme will discuss options on how to start answering three specific questions:
- Would operators benefit from documenting the best current operational practices in different regions and globally?
- What might be the best path forward to closing these communication gaps and creating such a document repositories?
- Do you agree that there is a communication gap between the IETF and real-world network operators?
Many operators need down-to-earth information on how to fix their current issues and how to implement new technologies coming out of the IETF. How can the Internet Society help facilitate this work?
Sep 12
FreeBSD 10 To Include OpenSSH With DNSSEC Support (for SSHFP records)
Very cool news out of the FreeBSD team yesterday… the upcoming FreeBSD 10 will include support in OpenSSH for DNSSEC. The key point is this:
This means that OpenSSH will silently trust DNSSEC-signed SSHFP records.
What this means is this: when you go to ssh into an unknown system (i.e. one that is not in your “known_hosts” file), OpenSSH will do a query for a SSHFP record and use DNSSEC validation to ensure that the SSHFP record is indeed the one that the domain operator wants you to use.
This process of using a SSHFP record was defined in RFC 4255 back in 2006. If you are familiar with how ssh (a.k.a. “secure shell“) works, when you connect to an unknown system for the first time you are presented with the “fingerprint” of the public key of the server to which you are connecting. In theory you could verify this fingerprint through some out-of-band mechanism (perhaps seeing it on a web page or having received it separately in an email). In practice, the vast majority of people just hit enter/return or type “yes” or something like that.
In the RFC 4255 mechanism, the operator of the server would publish a SSHFP record in DNS that would have the fingerprint of the SSH public key. This is the same key fingerprint that would normally be presented to a user. By using DNSSEC to sign the DNS zone that includes the SSHFP record, the server operator can provide a method for a DNSSEC-validating SSH client to verify that the SSH fingerprint is in fact the one that should be used to connect to the server.
This creates a higher level of trust and security in SSH connections.
It’s great to see this added to FreeBSD 10, which, according to the FreeBSD Release Engineering page, should be available sometime in November 2013.
For those curious, the SSHFP record is similar to what was defined six years later in RFC 6698 for the DANE protocol, which is really no surprise as they share a common author, Jakob Schlyter. DANE’s TLSA record is a bit more complex and, for instance, allows for the inclusion of a complete SSL/TLS certificate rather than just a fingerprint. In both cases, though, the idea is the same – use a DNS record to provide a means to verify a public key, and use DNSSEC to provide integrity protection so you know that you can trust the DNS record.
Great to see this being rolled out in an enabled state. Kudos to the FreeBSD team for doing this!
Sep 12
TDYR #035 – WiFi Cafés And Shaking Up The (Home) Office Routine
Do you sometimes need to change your location to break up your work routine? Maybe work from a different place? Or a different part of your office? In this episode I talk about this a bit from my perspective of working out of a home office...
Sep 11
“Impact IPv6″ Aims To Expand IPv6 Usage Throughout Cameroon
How will IPv6 improve Internet capabilities in Cameroon? In a recent post on our main Internet Society blog titled “Preparing Cameroon for the future“, Victor Ndonnang speaks about part of the rationale for the work he and a team of people are doing as part of the “Impact IPv6″ project:
‘Imagine, in the next two, three or five years, when more of the people of Cameroon have the ability to connect to the Internet, and we can’t, because the Internet is “full”!’ says Ndonnang.
With funding from an Internet Society Community Grant, Victor and his colleagues have trained over 100 people and already have several local Internet Service Providers (ISPs) working with IPv6, with more committing to do so soon. As noted in the article:
… engineers and managers from Cameroon’s National ICT Agency have been trained through the project and are now working to activate a National IPv6 Task force transition. If the trend continues, the country will build its new technical infrastructure based on the latest internet protocol technology, making national networks far better prepared for growth.
It is incredibly inspiring to read of the work of the group in the Cameroon and we hope that it will serve as an inspiration for other regions who are looking to bring Internet access to more people. If those new networks can be planned from the start with IPv6, they will be so much more successful in the future!
Congratulations to Victor and his colleagues… and we look forward to hearing of their continued success!
P.S. You, too, can apply for an Internet Society Community Grant - the next deadline is October 1, 2013! Read more about the community grants application process and submit your idea today!
Sep 10
TDYR #034 – Initial Thoughts On Apple’s iPhone 5c, 5s Announcement
With Apple's announcement of the iPhone 5c and 5s today, I spoke about my initial thoughts on the news... and desire to play with the fingerprint sensor on the 5s. What do you think about the news? Interesting? Just "meh"? Will you upgrade?
More info:
http://thenextweb.com/apple/2013/09/10/heres-a-complete-roundup-of-everything-apple-announced-today/
http://gigaom.com/2013/09/10/apple-shows-the-lte-love-going-for-near-global-4g-support-in-the-iphone-5s-and-5c/
http://techcrunch.com/2013/09/10/apples-touch-id-a-500ppi-fingerprint-sensor-built-into-iphone-5s-home-button/
Sep 09
IETF Chair’s Statement On Security, Privacy And Widespread Internet Monitoring (Featured Blog)
This weekend Jari Arkko, Chair of the Internet Engineering Task Force (IETF), and Stephen Farrell, IETF Security Area Director, published a joint statement on the IETF blog titled: "Security and Pervasive Monitoring"... They go on to outline some of the IETF's general principles around security and privacy as well as some of the new developments. They also point out a vigorous (and still ongoing) discussion within the IETF around how to improve the security of the Internet in light of recent disclosures. More...
Sep 09
New DNSSEC Deployment Maps Available
Curious to see where DNSSEC is being deployed around the world? I’m pleased to note that we’ve updated the DNSSEC deployment maps we have available at:
http://www.internetsociety.org/deploy360/dnssec/maps/
These maps are produced by the team at Shinkuro, Inc. The data on the map should line up with other sources of DNSSEC statistics, such as ICANN’s TLD DNSSEC Report, although the Shinkuro maps do reflect additional information about planned deployments gathered from industry sources and ccTLD operators.
Note that these maps represent signed top-level domains (TLDs), which you need before you can sign your domain using a registrar and DNS hosting provider. Additional sites with statistics about the number of signed domains under various TLDs can be found on our DNSSEC statistics page.
We’re pleased to see the continued growth of DNSSEC around the world. Have you signed your domain and/or set up DNSSEC validation yet? If not, how can we help you get started?
