Just a guy in Vermont trying to connect all the dots...
Dan York
Author's posts
Feb 06
Attending O’Reilly’s TOCCON Next Week? Deploy360 Will Be There…
Will you be attending O’Reilly’s “Tools of Change for Publishing 2012” conference (a.k.a. “TOCCON”) in New York from February 13-15, 2012? If so, I (Dan York) will be there and would be delighted to connect with readers of this site. (Just drop me an email or ping me on Twitter.) Given the incredible changes happening within the world of publishing – both online and traditional – I’ll be down at TOCCON looking at how we can best seize the opportunities presented by these changes to make our Deploy360 content available in even more formats and channels. Additionally, a number of sessions are about the underlying technology we’re using (WordPress) or have relevance to the kind of platform we’re building – so I’ll be looking forward to picking up any tips and tricks that will help our site work even smoother and better.
If you aren’t familiar with TOCCON, it’s an annual event sponsored by O’Reilly, the well-known technical publisher, that brings together many of the people at the bleeding edge of the disruption happening within the world of content creation. Here’s the quick intro from their site:
The acceleration of change and innovation in the publishing industry today is dizzying, and the pace can be overwhelming. But this change/forward/fast environment is also ripe with opportunity for those who embrace it and learn to adapt and innovate quickly.
O’Reilly’s TOC Conference is where the publishing and tech industries converge, as practitioners and executives from both camps share what they’ve learned from their successes and failures, explore ideas, and join together to navigate publishing’s ongoing transformation. TOC 2012 delivers a deft mix of the practical and the visionary to give attendees the tools and guidance they need to succeed—and the inspiration to lead change.
On a personal note, attending TOCCON will be a bit unusual for me. It’s the first time I can recall in many years when I am attending an event and not speaking, staffing a booth or reporting on the event (or, more typically, doing all three). I’m just there to learn about the tools and technologies and to meet people involved… it will be a interesting change! :-)
Feb 06
Only 4 months to World IPv6 Launch – are you getting ready?
World IPv6 Launch (more info here) is only four months away on June 6, 2012 -
are you getting ready?
If you haven’t started yet, now is a good time to get going! Here are some resources we have to help you get started:
We are also always publishing new blog posts related to IPv6 covering a wide range of topics.
More than that, please let us know how we can help you get started with IPv6!
Feb 06
DNSSEC Train-The-Trainer From NLnet Labs Feb 9-10 and Feb 16-17
Interested in teaching DNSSEC or developing your own DNSSEC training courses or courseware? We recently learned that Olaf Kolkman of NLNet Labs will be teaching a “DNSSEC train-the-trainer” class two separate times this month. His first class is this week on Thursday and Friday, February 9th and 10th. His second is next week on February 16th and 17th. The material covered will include:
BLOCK 1 Classic DNS
BLOCK 2: Unbound in practice
BLOCK 3: DNS Security DNSSEC Theory fundamentals
BLOCK 4: DNS Keys: risks and management
BLOCK 5: Introducing DNSSEC in a workflow
BLOCK 6: Software and tools availability and development
PRACTICE 1: Setting up a validating recursive nameserver
PRACTICE 2: Setting up an Authorititive Nameserver
PRACTICE 3: Secure Delegation
PRACTICE 4: KEY Rollover
The class is being taught at the Fastlane training center in De Meern, The Netherlands, and the information we have is that there are still a few remaining openings in each class. Contact information and a full course outline can be found on the NGN.nl page about the DNSSEC training (in Dutch).
Feb 03
Information Week on DNSSEC: Having the keys to your own castle is important
So there I was eating my lunch and reading a treeware version of Information Week (you know, those paper things we called “magazines” before everything went to e-something?). Having always been interested in encryption, I started reading the “2012 Data Encryption Survey: Progress and Pain” (sadly, free registration is required to read the whole article) expecting it to be, well, all about data encryption…
… and it was – particularly starting off talking about the the challenges of using SSL/TLS with all the attempts to break SSL, and the multiple compromises at SSL certificate companies that have resulted in attackers successfully getting bogus, but valid, certificates asserting they were someone else.
Then all of a sudden I stopped eating my sandwich as the article took a sharp turn into the world of DNSSEC (and yes, I added some emphasis at the end):
Enter DNSSEC. The DNS Security Extension spec provides the capability for a domain owner–the IT team–to place additional encryption validation at the DNS layer. First it will verify that the SSL certificate is valid. But it also will verify that the DNS server that is authoritative for the domain being requested actually belongs to the certificate owner.
In our example, if a user went to the breached Hotmail.com site and got a Hotmail.com certificate, it wouldn’t validate with the DNS server hosting Hotmail.com, because the certificate generated by the attacker using the hacked CA wouldn’t match. The browser could display a big red box telling the user he’s going to an invalid site. Currently, Google’s Chrome supports DNSSEC natively, and there are plug-ins for Firefox. Internet Explorer 9 doesn’t support DNSSEC, but version 10 is expected to.
The other benefit of DNSSEC is that DNS queries are validated by all servers–from the domain’s authoritative server to the local DNS server to the browser–which means that even man-in-the-middle attacks on DNS queries will be caught.
DNSSEC isn’t perfect, and it’s not a complete replacement for SSL/TLS. But it is a step in the right direction to put control of certificate verification into the hands of certificate owners, instead of the CAs. Furthermore, using DNSSEC is a great solution for organizations with their own internal CAs that don’t want to deploy certificates to every possible device. Most of our respondents, 55%, have their own internal CAs; an additional 15% plan to within 24 months.
Having the keys to your own castle is an important step in controlling your encryption destiny, and if you plan to leverage cloud services securely, it may just be a requirement.
Here, in just a few paragraphs, was a great explanation of an important role DNSSEC can play as another layer in the security infrastructure. In this case, DNSSEC can be used to check the validity of the certificates being used for SSL/TLS.
More importantly, me being the control-freak that I am, the article points out the incredible importance of being in control of your own security. You, as the domain owner, can be the one inserting the appropriate keys directly into the DNS infrastructure. Or you can have someone do it on your behalf… but the point is that you are in control.
That’s a powerful capability!
What do you think? Have you started looking at DNSSEC yet? If not, check out the DNSSEC resources we’ve listed so far – and if you don’t find exactly what you need, please ask us about it and we’ll see if we can find something to help you.
P.S. For those wondering, the rest of the article provided some interesting discussion and statistics around encryption within cloud computing platforms and with the use of mobile devices such as tablets and smartphones. Oh, and I did eventually finish my sandwich. 
Feb 02
US DoD/DREN IPv6 Knowledge Base
The United States Department of Defense (DOD) High Performance Computing Modernization Program maintains a comprehensive site devoted to sharing information about IPv6 based on the work of the Defense Research and Engineering Network (DREN). The main IPv6 knowledge base can be found at:
http://www.hpcmo.hpc.mil/cms2/index.php/ipv6-knowledge-base-general-info
There are many excellent resources to be found within the site including:
- A case study of DREN’s IPv6 pilot program: presentation and whitepaper.
- An overview of lessons learned with IPv6
- An IPv6 tutorial from 2012
- A long list of many IPv6-related training resources, books and ebooks (the “IPv6 Training and Learning Information” link near the top brings you to a periodically-updated PDF listing all the resources)
- Information about applications that support IPv6 (again with a periodically-updated PDF)
- A list of networking products supporting IPv6
- Suggestions on what to do before you begin your IPv6 deployment
- IPv6 security information
- A FAQ
All in all the site is an outstanding resource for people looking for more IPv6 information.
Feb 02
Martin Geddes Must-Read Piece On "Peak Telecoms"
Martin Geddes doesn't hold back! No longer beholden to corporate overlords (he used to work for BT), he is wonderfully free to say exactly what he believes. And he does....
If you are interested in the future of telecommunications / telephony, you really need to go over and read his piece:
Peak Telecoms
A teaser:
The telco voice and messaging business is on the verge of going into meltdown. As this is where the margins come from, the problem is hard to exaggerate. The drip-drip of links about declining voice and messaging volume and revenue is becoming a small stream. Even mobile telephony is losing ground in competition to asynchronous messaging. Twitter and Facebook message volumes are exploding, and SMS is beginning to sink. Termination and roaming are endangered species, hunted by packs of voracious regulators. There is no way back. When I started writing Telepocalypse back in 2003, the only thing I got wrong was the timing.
Cue the song "It's The End Of The World As We Know It"...
Well done, Martin, well done!
Image credit: gmacorig on Flickr
If you found this post interesting or useful, please consider either:
- following me on Twitter;
- adding me to a circle on Google+;
- subscribing to my email newsletter; or
- subscribing to the RSS feed
Feb 02
Watching The Colossal PR Train Wreck Of The Susan G. Komen / Planned Parenthood Debacle
This, my friends, is what a truly colossal PR/social media train wreck looks like...
Today, though, the Komen organization is in a great bit of trouble.
Many hours later Komen issued a statement in corporate-speak about how their changes had been "mischaracterized" and that "our grant-making decisions are not about politics". They subsequently released a video from founder and CEO Nancy Brinker that I thought at first might be an honest outreach to people who were so upset... but turned out merely to be a visual recitation of that same corporate-speak statement. Similarly, they posted a few tweets and Facebook updates... but just again pointing to their statement or emphasizing key points.
... and the comment count will undoubtedly be higher by the time you all look at the Facebook page.
If you've missed the story that's all over the news, the Susan G. Komen For The Cure organization has got itself into a PR nightmare. Most of us in the USA and many parts of the world are probably aware of the Komen organization. It is a major force in efforts to raise funds for research into a cure for breast cancer and has made the now ubiquitous "pink ribbon" a powerful symbol. My wife and I have donated to Komen and run in multiple Komen-sponsored races and walks, even before my wife wound up fighting breast cancer.
Last year, per the company's story, in an effort to be more accountable and be sure their dollars were making the most impact, they tightened up their eligibility requirements for future grants.
This, in and of itself, is a good thing. Charitable organizations should look at how to be more accountable to their donors and ensure their dollars are going the farthest.
Back in December, Komen notified its longtime partner Planned Parenthood that under the new guidelines they would no longer be able to receive new grants, apparently because Planned Parenthood is under investigation by the US Congress related to its use of federal funds.
Again, one can potentially see the point. If an organization is being investigated about its funding, other donors to that org may want to take a "wait and see" approach until the investigation is resolved.
And if the organization in question were not Planned Parenthood this might all have all been seen as proper fiduciary responsibility on the part of the Komen organization.
Playing With Fire
However, in our hyper-politicized age, and in an election year, an organization like Planned Parenthood is a insanely hot lightning rod. The mere mention of the name can send some crowds into a frenzy.
Anything involving Planned Parenthood is playing with fire.
And so when the AP broke the news on Tuesday, the predictable media frenzy started. Planned Parenthood blamed anti-abortion foes and right-wing groups and was, understandably, quick to stoke the flames and use the issue as a fund-raising tool. Rather smart on their part and last I heard they had already raised nearly as much in donations than Komen granted to Planned Parenthood in 2011.
Komen's position was not helped by the fact that they recently hired a vice president who previously stated her strong opposition to Planned Parenthood. In fact, she clearly stated in a run for Governor of Georgia that if elected she would eliminate state grants to Planned Parenthood.
More wood for the fire.
And then...
... the Internet took over.
A zillion tweets... more and more and more... thousands upon thousands of Facebook comments, posts and shares... more in Google+... more in blog posts... spreading like wildfire all around the globe...
The Response?
And in the face of this insane maelstrom, the Komen organization did...
NOTHING!
As Kivi Leroux Miller writes in her excellent post, "The Accidental Rebranding of Komen for the Cure," the Komen crew was missing in action while all the action was going down.
Komen was not active on their Twitter account nor on their Facebook page.... nor anywhere.
They lost control of the narrative.
They let the story be defined by the media, by pro-choice activists, by critics of Komen, by supporters of Planned Parenthood, by everyone else but them.
Meanwhile, people all across the Internet are talking about ceasing all their donations to Komen. Sure, some who support the decision are saying that they are glad they can finally donate to Komen, but they are far outweighed by those who are critical of the change.
Komen's Facebook page is filling up with such wall posts and there is a constant stream of tweets directed at them.
They are, right now, pretty thoroughly screwed.
Now What?
So what does Komen do now? They have completely lost any control of the story - and the stories circulating on the Internet are now feeding upon themselves. How do you even remotely start to unmake this mess?
Given that I try to first believe "Never assume malice where stupidity is a far better explanation," I would personally like to believe that the Komen folks are sincere, that they made some changes to their grant-making guidelines and that this whole debacle has caught them unawares. I'd like to believe that, although admittedly the political angle does make that hard.
If they are sincere, though, were they really so clueless from a PR point of view that they didn't think about the political ramifications of their decision? Or if they did, why were they not prepared for the reaction?
As Kivi Leroux Miller writes in her post:
It’s a no-win situation that could have been avoided had they developed a communications strategy on this decision at the start. Sure, they would have still angered many of their supporters, but I believe they could have avoided this huge rift had they communicated upfront, and honestly, about the decision. They should have released it, instead of letting Planned Parenthood own the messaging.
Exactly.
On something as potentially contentious as this, they should have gone out first, rather than letting the AP and Planned Parenthood define the story.
Or, in the event of the AP story blowing up as it did, Komen should have had a plan to get out there and explain their decision in clearer terms.
Instead, as Kavi Leroux Miller writes:
Yet it appears that Komen wants to desperately pretend that this decision is being made in some completely different context. By not responding at all to the overwhelming negativity being thrown their way, and continuing to pretend that this has nothing to do with a red-hot social issue, they are alienating a big part of their constituency.
It seems like they are hoping this will just blow over. It won’t.
Hiding away won't help them.
While they've spent 30 years building up the organization, this past 30 hours may go far in destroying all they've built up.
Their only chance now may be to come out with more information about the changes to their grant-making guidelines, to explain more about why Planned Parenthood no longer qualifies, to explain what other organizations will no longer be able to receive funding.
It may be too late.
Are You Ready?
All of which begs the question...
are you ready for something like this to happen to your organization?If a media story runs with comments critical of your organization, are you ready to deal with the resulting social media firestorm? What would you suggest for Komen to do from a communications point of view?
The story is still unfolding, but I think this one will definitely be an example for the textbooks in - so far - what not to do...
Image credits: learnscope and jill_carlson on Flickr
If you found this post interesting or useful, please consider either:
- following me on Twitter;
- adding me to a circle on Google+;
- subscribing to my email newsletter; or
- subscribing to the RSS feed.
Feb 01
O’Reilly Offers 50% Off On Git Ebook And Videos Through Feb 8th
Being a huge fan of the git version control system, I was pleased to see that O’Reilly is offering 50% off on their git-related videos and ebook. I haven’t seen the videos, but the “Version Control with Git” book is quite good. More info on O’Reilly’s site:
P.S. I have no financial motivation to post this info, i.e. I am not being compensated through any kind of referral links or anything else. I just think this is an interesting offer to folks interested in learning more about git.
Feb 01
Are They Crazy? Digium Enters The Phone Game With Asterisk IP Phones
Seriously? Digium is coming out with phones???In a rather fascinating move in an already extremely crowded market, Digium announced today that they will be producing "Digium Phones", a new line of IP phones specifically targeted at users of Asterisk and Switchvox (both Digium products). They tout among the benefits:
- Crystal clear HD Voice
- Simple setup and installation
- Tightest integration with Asterisk
- Built-in & custom applications
- A built-in "app engine" JavaScript API
There will be three models available:
- D40—An entry-level HD IP phone with 2-line keys. Priced at $149.
- D50—A mid-level HD IP phone with 4-line keys and 10 quick dial/BLF keys with paper labels. Priced at $179.
- D70—An executive-level HD IP phone with 6-line keys and 10 quick dial/BLF keys on an additional LCD screen. Priced at $279
The news release indicates they will be available in April and are currently on display at ITEXPO this week down in Miami. A datasheet is available
Application Platform
What is perhaps most interesting to me is the "app engine" included in the phone. From the news release:
Digium phones include an app engine with a simple yet powerful JavaScript API that lets programmers create custom apps that run on the phones. They aren’t simply XML pages; Digium phone apps can interface directly with core phone features.
Many IP phone vendors have tried various systems like this to let developers build more apps into the phone with varying degrees of success. What makes Digium different, though, is that it comes from the developer community. The history of people working with Asterisk is the history of tinkering and hacking away on the systems. In fact, in the early days, that was all you could do. No fancy GUIs... just configuration files and cryptic APIs. As a result, Digium has a very strong developer community (they claim 80,000+ developers) who just may be able to make use of this new API.
What remains to be seen is what kind of applications you can really build with these phones - and how easy it is to install and or use these apps.
Are They Crazy?
But are they crazy for entering the already insanely-crowded IP phone market? Particularly at a time when enterprise smartphone usage is increasing - and may often be the preferred communication medium? And when people are becoming increasingly comfortable with softphones, courtesy largely of Skype and "Unified Communications" desktop apps like Microsoft Lync and similar apps from Cisco, Avaya, Siemens, IBM and more?
I completely understand that Digium would want to make the Asterisk "user experience" much easier and simpler. Particularly as Digium continually seeks to move beyond their traditional more developer-centric audience into businesses and enterprises. Many of those folks want a system that "just works." If they can order a system from Cisco or Avaya that comes complete with the IP PBX, IP Phones, etc. and it all just works, they may choose that over a less-expensive but harder-to-put-together solution using Asterisk.
As these new Digium IP phones are "designed exclusively for Asterisk and Switchvox," they should remove that pain and make it much simpler to get an Asterisk solution up and running. (Side note: Does this "designed exclusively" phrase mean they won't work with other systems? Or just that they work better with Asterisk? UPDATE: Digium's Kevin Fleming answered in the comments - the phones are SIP phones that will work with any system for basic features.)
Still, the IP phone space is incredibly crowded. One vendor of VoIP products, VoIPSupply.com, lists 382 results for IP phones. A quick scan of that list will show you names like Polycom, Snom, Grandstream and Aastra, all of whom have been typical phones used with Asterisk-based systems. (As well as Cisco, Avaya and other more "traditional" telecom players.)
What will these new direct-from-Digium IP phones do to the relationships with those other IP phone vendors?
Much of Digium's early business was with PSTN gateway cards that you could install into your computer. With much of that market moving entirely over to SIP trunking or SIP-based gateways, is the IP phone line designed primarily to replace that fading revenue line? Or to simply provide another revenue source for the company - perhaps at the expense of partners?
And what is the state of the market for IP phones, anyway? Analyst firm Frost and Sullivan says the market for SIP phones will continue growing and NoJitter's Eric Krapf has reported that IP phone vendors are seeing strong growth.
Still, with the "consumerization of IT" and the "bring-your-own-device" movement as people want to use their iPhones, Android phones, iPads, tablets, etc., it seems a curious move to launch a brand new line of IP phones.
However, Digium - and Asterisk - hasn't gotten to where it is by following the conventional wisdom. If anyone can carry off the launch of a new IP phone line, they may be able to do it. It will certainly be interesting to see where this takes them.
A new IP phone line... in 2012?
I would never have thought I'd be writing about that.
What do you think? Crazy move? or smart?
If you found this post interesting or useful, please consider either:
- following me on Twitter;
- adding me to a circle on Google+;
- subscribing to my email newsletter; or
- subscribing to the RSS feed
Jan 30
Node.js Project Leader Ryan Dahl Steps Down To Work On Research Projects
Citing a desire to work on research projects after three years of focused work, Node.js creator and project leader Ryan Dahl sent out a message today that he will be “ceding
my position as gatekeeper to Isaac Schlueter”. He stated:
I am still an employee at Joyent and will advise from the sidelines but I won’t be involved in the day-to-day bug fixes. Isaac has final say over what makes it into the releases. Appeals for new features, changes, and bug fixes should now be directed at him.
I’ve been a huge fan of Node.js and if you look at the tag cloud in the right sidebar you’ll see that “Node.js” stands out with the largest lettering and denoting the most posts written here. My post on “Node.js, Doctor’s Offices and Fast Food Restaurants – Understanding Event-driven Programming” remains one of the most visited posts on this blog. And I continue to routinely find new and interesting ways to work with node.js. I also learned a great bit from the various videos of Ryan’s presentations (such as this presentation).
Kudos to Ryan for creating Node.js and then taking it as far as he has. I can completely understand how after three years of rather intense work he wants and needs to pursue a different path. His departure is also a huge statement about the power of the Node.js community – and also of Joyent as a sponsor and employer of so many key Node.js developers – to continue the development of the language without the creator at the helm.
As just a random developer out there using Node.js, I certainly thank Ryan for all he’s done and wish him all the best in his new role!
UPDATE: Jolie O’Dell over at VentureBeat also has a nice post out about Ryan Dahl’s stepping down.
