Dan York

Just a guy in Vermont trying to connect all the dots...

Author's posts

Jan 24

TED Video: Shawn Achor on the happy secret to better work

I enjoyed this presentation very much... and it's interesting to think about the processes he describes toward the end that relate to "rewiring our brains" to focus on the positive and to move us toward more happiness:

Jan 24

One Image To Show The Incredible Importance Of Sharing Web Pages Versus PDFs

So you have that report, infographic or other document as a PDF, right? And now you want to get that massively shared out in social media, right? So that everyone can see your document and learn from it?

Do you...

  1. Start distributing the link to the PDF and ask people to share it?
  2. Wrap the PDF in a basic web page, share THAT link and ask people to share it?

If you answered #1, read on for why you should think of #2.

This morning the World Economic Forum (happening this week in Davos, Switzerland) published an excellent infographic about the Internet as "The Innovation Engine" outlining a series of recommendations for leaders with regard to key Internet issues.

The only problem was that they only published the document as a PDF file on their site. The link that was being sent around was just for the PDF.

Links to PDF files do not "share" very well in social media!

Thankfully, someone on our (Internet Society, my employer) Communications team was able to put up a simple web page that provided a nicer link for sharing.

Notice the difference in the image of my Facebook NewsFeed this morning:

Sharing a pdf vs a web page

The first link, from LACNIC, was for the PDF-only link. It has a URL you can't understand and just the domain name listed. No preview image. No title. No text. Sure, I can know from the status update text what the link is about... but the "link preview" doesn't grab me in and make me want to click it.

The second link, from the Internet Society Comms Team, is to the web page wrapping the PDF. Note here it has a preview image. It has a title. It has some descriptive text. This "link preview" provides enough information that I may want to click on it right away without even reading the Facebook status update.

Ultimately, both links bring you to the same PDF file. The difference is that the second link is to a web page that provides enough "meta" information that the social network can use that information to build a "link preview". While my example here shows Facebook, it works similarly on Google+ and probably works the same way on other social networks.

Note, too, that the web page wrapping the PDF is nothing special. It's a very basic page with a preview image of the PDF, a couple paragraphs of text, a title and the link to the PDF.

That's it.

But that's all that's needed to provide a much better sharing experience when that link is passed around in social networks.

Something to think about the next time you are looking to share out a PDF of a image, infographic, report or other document. Wrap it in a simple web page and your sharing will be much more effective!

If you found this post interesting or useful, please consider either:

Jan 24

RFC 6841 Outlines How To Write DNSSEC Policies and Practice Statements

Back in July 2012, we wrote about “How To Write a DNSSEC Practice Statement (DPS)” and referenced an Internet-Draft that explained the process.  We’re very pleased to see that that I-D was just published this month as a formal RFC:

RFC 6841 – A Framework for DNSSEC Policies and DNSSEC Practice Statements

As the abstract says:

This document presents a framework to assist writers of DNS Security Extensions (DNSSEC) Policies and DNSSEC Practice Statements, such as domain managers and zone operators on both the top level and secondary level, who are managing and operating a DNS zone with Security Extensions implemented.

In particular, the framework provides a comprehensive list of topics that should be considered for inclusion into a DNSSEC Policy definition and Practice Statement.

It’s well worth a read not only if you are an operator of a Top-Level-Domain (TLD) or one of the newgTLDs (all of whom are mandated to support DNSSEC), but also if you are with an enterprise/company that is considering hosting all the DNSSEC-signing for your domains yourself.

If you want examples of what these DPS documents look like, we maintain a list of DNSSEC Practice Statements that includes documents from many of the major TLDs.  (And we’re always open to adding more if you have a published DPS online.  Just let us know.)

Jan 24

New “Internet Of Things Consortium” Launched

Earlier this month at the Consumer Electronics Show (CES) in Las Vegas, a new “Internet of Things Consortium” was announced bringing together 10 companies with the stated goal of fostering and supporting the growth of Internet-connected devices for consumers.  The consortium has a website now visible at iofthings.org.

The term “Internet of Things” has been around for some time (Wikipedia dates the first use to 1999) and is generally used to refer to the networks of devices and objects that we are connecting to the Internet and that are using the Internet for communication.  Sensor networks are an example.  Another is connected homes where lights, appliances and even power outlets might all be connected.  A number of the companies involved with this consortium make game consoles, televisions and other entertainment devices that would be connected to a home network and on out to the public Internet.

All of these devices are ultimately connected to the Internet – and communicating often amongst themselves in so-called “machine-to-machine” or “m2m” connections.

Now, this new Internet Of Things Consortium is not the first or only such consortium out there.  There are other alliances and groups that are working on promoting open standards for connected homes and devices.  But it’s great to see another group of companies working in this space. The CEO of Ube, one of the participants, was quoted in a TechCrunch article as saying in part this:

“The successful adoption of [machine-to-machine] and connected home technologies is dependent on open standards for the provisioning and control of millions of headless devices.”

Exactly!

Here at Deploy360 we’ve been interested in the “Internet of Things” for a long time because to bring all the billions of devices (and power outlets!) onto the Internet, we’re going to need more IP addresses than what we can get with IPv4.  I queried the new consortium about their IPv6 support and the consortium chairman Jason Johnson came back with this response:

We should absolutely support IPv6 – or there won’t be billions of devices with IP addresses.

That’s exactly right… and I look forward to seeing what they do in this regard and helping them if they need it.

Some out there regard the “Internet Of Things” as marketing hype… but the reality is that we are connecting more and more devices to the Internet.  It is happening today – and we’re going to need IPv6 to make it all work!

 

 

Jan 23

ENISA Report On Secure Routing And Network Resiliency

What is the state of our routing infrastructure and what can be done to make it more secure and resilient?

In July 2010, the European Network and Information Security Agency (ENISA) published a report on this topic called:

It begins with a paragraph that I think will resonate with most of us:

Reliable communications networks and services are now critical for public welfare and economic stability. Intentional attacks on the Internet, disruptions due to physical phenomena, software and hardware failures, and human mistakes all affect the proper functioning of public communications networks. Such disruptions reveal the increased dependence of our society on these networks and their services. A vital part of reliable communication networks is the routing infrastructure.

The report goes on at great length to report on the result of a survey of network operators within the European Union about the use of – or plans to use – secure routing technologies within their networks.  The report is quite useful in the background that it first provides around routing security concerns and some of the proposed solutions.  It then goes into a detailed analysis of the survey results.

While the data is now close to three years old (the interviews were in March/April 2010), many of the points are quite similar to more recent analyses.  A key point I noticed was this:

Overall, the lack of available knowledge and skills in routing security is recognised as a major barrier hindering further improvements in routing security, as became clear both from the online survey and the interviews.

Addressing this point by helping promote more awareness and education around routing security / resiliency is a primary aspect of our new Routing section here on Deploy360!

Overall the report makes for good reading if you are looking to understand more about the topic or “routing resiliency / security.”  There has been a good bit of progress made within some of the working groups mentioned since the time of the report, but the report still provides a solid foundation and background.

Jan 22

Slides: Early DNSSEC Deployment Observations from Ed Lewis

What have we seen in terms of DNSSEC deployment around the world? Are there general trends or themes we can understand? Can we dive a bit deeper into some of the algorithms used in DNSSEC signatures?

In an October 2012 presentation to NANOG 56, Ed Lewis of Neustar dug into all these questions and more.  The slides make for interesting reading, particularly some of the details about which crypto algorithms were used and what key lengths were used.   He also looked at the frequency of key changes, key rollover processes and included a whole section on NSEC/NSEC3 records.

All in all an interesting set of data and some good recommendations around guidance that is needed for the industry.  Well worth your time to scan through the slide deck if you are interested in statistics around DNSSEC deployment.

Jan 21

10 Updated Internet-Drafts Related to IPv6 Security

Fernando Gont of SI6 Networks has been a VERY busy man lately!  He and his colleagues and co-authors have recently updated a whole host of Internet-Drafts related to IPv6 security.  In a post to the full-disclosure mailing list, Fernando provided his list that includes:

Network Reconnaissance in IPv6 Networks

Security Implications of IPv6 on IPv4 Networks

Virtual Private Network (VPN) traffic leakages in dual-stack
hosts/ networks

Security Assessment of Neighbor Discovery (ND) for IPv6

DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers

Security Implications of IPv6 Fragmentation with IPv6
Neighbor Discovery

Security Implications of IPv6 options of Type 10xxxxxx

Security Implications of Predictable Fragment

Processing of IPv6 “atomic” fragments

Recommendations on filtering of IPv4 packets containing IPv4 options

Some of these are broader documents while some dive deep into specific issues or solutions.  Altogether they do represent a great amount of work on IPv6 security issues, which is excellent and definitely needed as we continue to move to using more and more IPv6 in our networks.

Thanks to Fernando and the others involved in the work for getting these updated drafts out.  If you have any comments on these drafts, I know that Fernando is always looking for feedback – his email address and contact info in Argentina can be found at the end of any of the drafts.

Jan 21

PowerDNS Releases Version 3.2 With Increased DNSSEC Support

Congratulations to Bert Hubert and the rest of the team at PowerDNS for their release 3.2 last Thursday that, if you scroll down through the release announcement and changelog is pretty much mostly about improvements to their already strong DNSSEC support!  The list of changes and improvements is rather impressive.

In speaking with Bert last week, he said the team there views DNSSEC as basically “done” now for the authoritative server end and is now moving to focus on what they can do to make DNSSEC easier for deployment in DNS resolvers.  We’re looking forward to seeing what the team does there.

Meanwhile, if you are a PowerDNS user, the new release will give you even more DNSSEC power… time to upgrade!

Jan 21

FIR #687 – 1/21/13 – For Immediate Release

Latest Edelman Trust Barometer released; interview update; Quick News: CEO online sociability has doubled, Starbucks says seismic consumer behavior changes are linked to technology, court rules against news agencies that used photos posted to Twitter, what marketers should learn from Lance Armstrong; Ragan promo; News That Fits: Tesco and the horsemeat kerfuffle, Dan York's report, big trouble in mainstream media, Media Monitoring Minute from CustomScoop, listener comments; Barclays CEO lays it on the line for employees, brands a personal responsibility are trumping politics; music from All Mighty Whispers; and more.

Jan 18

Report: Routing Resiliency Measurements – Where We Are And What Needs To Be Done

What are the actual frequency of routing security incidents? And what are the operational and economic impacts of such security incidents?

We all know that “routing security” incidents happen, but it’s hard to get a grasp on exactly what the situation is.  To that end, our colleagues in the Internet Society Standards and Technology team organized a “Routing Resiliency Measurements Workshop” in November 2012 to bring together participants from network operators, research labs, universities and vendors to explore what we can measure now – and what we need to do to start collecting more accurate measurements.  The team has now published a report:

and our colleague Andrei Robachevsky has published some observations about the workshop.  As Andrei notes, the point of the workshop was to address three main questions:

  1. What level of attack has there been in the past – to what extent do security incidents happen, but go unnoticed, or get dealt with inside a single network, possibly introducing collateral damage?
  2. Are the number and impact of service disruptions and malicious activity stable, increasing, or decreasing?
  3. Can we understand why, and track it collectively?

The report goes into some detail on what was discussed in the workshop and some of the approaches that were outlined.  As Andrei relays in his post, the workshop didn’t magically produce answers to all these questions… but it did lay the foundation for where more work needs to occur.

As we open up the new topic area of Routing Resiliency / Security here on Deploy360, we intend to bring you more information from workshops such as these… and ultimately more of the solutions and best operational practices that can lead to a more resilient and secure Internet.