Dan York

Just a guy in Vermont trying to connect all the dots...

Author's posts

Jul 27

The fascinating flow of free stuff from in front of our house

442E4587-C31C-477B-9FB3-9A8187133085“FREE” says the sign pinned to the telephone pole in front of our house. And as we put out items, they usually disappear within a few hours. 

It’s been a fascinating aspect of living where we do in Keene, New Hampshire. We live on a fairly busy cross street, and so a good number of people are driving by. 

And they do stop and take the stuff we put on the street. All of it. 

Maybe it is part of being a college town. Maybe it is the huge number of people we see going to yard sales. Maybe it is Yankee frugality. Maybe it is just human nature. 

But it has been fun - and incredibly useful. Just put it out on the grassy strip between the sidewalk and the road... and wait a bit. 

And ALL sorts of things. Just yesterday I put out two plastic shelving units from our shed that had gas and oil stains. I honestly thought I would be bringing them to the dump... but no, I looked an hour or so later and they were gone. 

I will miss this culture of picking up free stuff. Our new home in Vermont is in a quieter neighborhood with very little traffic... so this won’t work. 

Meanwhile, at least for the next few days, I will keep putting stuff out there... 🙂

Jul 26

Revisiting a Not-So-New Rule – No Social Media Usage Until I Have Created Something New

Being a writer not being distracted

I woke up this morning frustrated that I simply haven’t been writing across my various sites. In theory I am a “writer”, but I haven’t been writing! And as I wrote in My 3 Words for 2018: “because if I don't write... the stories build up inside of me until they want to explode like a pressure cooker without a relief valve. Writing is my relief valve. I need to do it.

So I said to myself- I know, I will impose a new rule on myself... no social media usage until I publish something new! A blog post, a podcast episode (such as my The Dan York Report short audio segments), an article on some site (ex CircleID), a longer update on a social site... something.... anything.... BEFORE I get sucked into the vortex of social media updates. 

And I will start with a blog post like this one...

Except... I discovered I WROTE THE EXACT SAME POST TWO YEARS AGO! July 24, 2016, to be precise.

And... I noted that on day #2, July 25, 2016, I had already failed. ☹️

So this morning’s great idea turns out to be nothing new. 

In fact, I can go back 10 years ago, to a post in September 2008, where I wrote about Jeremiah Owyang’s “Pay yourself first” philosophy. Or may many other posts about struggling with consistent writing.

Now, maybe this rule is like the “no sweets today” diet rule that turns out to be an aspiration that just doesn’t happen. And maybe EVERY day is too high a goal. Maybe every other day. But I have to do something, or consumption will win over creation. 

Unless, of course, I want to reframe my own perspective and think of myself as an “occasional writer”... and just accept only writing now and then  

I am not quite ready for that. Let’s see how I do this year!

 

Jul 18

TDYR 353 – Podcasting as a Team-building Exercise?

How can you use podcasting or live online radio as a team-building exercise? What happens when you take 16 people, 10 of whom have never done anything with audio, and tell them that in 4 hours they have to stream an hour of live audio on the public Internet? In this episode, Neville Hobson and I talk about exactly this experience! This segment with Neville was actually my weekly report into the For Immediate Release (FIR) podcast hosted by Shel Holtz. It was part of FIR #146 on July 16, 2018. You can hear the entire show at https://firpodcastnetwork.com/fir-146-is-business-dropping-the-e-in-peso/ You can learn more about Neville at: http://www.nevillehobson.com https://twitter.com/jangles The company that did the exercise we talked about is at http://liveat3.today

Jul 16

TDYR 352 – Excited for the start of IETF 102 in Montreal

The 102nd meeting of the Internet Engineering Task Force (IETF) starts today in Montreal with over 1,000 engineers coming together from around the world to make the Internet work better. It’s an amazing event and I give a preview in this episode. Visit https://www.ietf.org/live to follow along this week.

Jul 13

Rough Guide to IETF 102: DNSSEC, DNS Security and Privacy

DNS privacy will receive a large focus in the latter half of the IETF 102 week with attention in the DPRIVE, DNSSD, and OPSEC working groups. In an interesting bit of scheduling (which is always challenging), most of the DNS sessions are Wednesday through Friday. As part of our Rough Guide to IETF 102, here’s a quick view on what’s happening in the world of DNS.

Given that IETF 102 is in Montreal, Canada, all times below are Eastern Daylight Time (EDT), which is UTC-4.

IETF 102 Hackathon

The “DNS team” has become a regular feature of the IETF Hackathons and the Montreal meeting is no different. The IETF 102 Hackathon wiki outlines the work that will start tomorrow (scroll down to see it). Major security/privacy projects include:

Anyone is welcome to join the DNS team for part or all of that event.

DNS Operations (DNSOP)

The DNS sessions at IETF 102 start on Wednesday morning from 9:30am – 12noon with the DNS Operations (DNSOP) Working Group. Paul Wouters and Ondrej Sury will be speaking about “Algorithm Implementation Requirements and Usage Guidance for DNSSEC“, where they will be offering updated guidance around what cryptographic algorithms should be used for different aspects of DNSSEC.  Shumon Huque will be bringing the latest updates to draft-huque-dnsop-multi-provider-dnssec, exploring how to deploy DNSSEC in environments where multiple DNS providers are in use. Paul Wouters will also bring a new draft, draft-pwouters-powerbind, which introduces a new flag for DNSSEC keys that can address a potential attack. Given the critical role DNS plays, the DNSOP agenda has many other drafts up for discussion and action. The DNSOP working group also has a second meeting block on Thursday from 18:10-19:10.

DNS PRIVate Exchange (DPRIVE)

The DPRIVE working group meets Wednesday afternoon from 13:30-15:00 EDT.  As shown on the agenda, there will be three major blocks of discussion. After some initial discussion of current work on existing DNS privacy policies, there will be a larger discussion about some new work called “Oblivious DNS” that aims to make DNS privacy protection even stronger. This work originated in a paper at Princeton University – https://odns.cs.princeton.edu/ – and now is captured in draft-annee-dprive-oblivious-dns. It should be quite an interesting discussion!

The third major area will continue discussion about how to add privacy to the communication between a DNS recursive resolver and the authoritative DNS server for a given domain.  This is work outside the current  DPRIVE Working Group charter and so the group will be discussing whether to ask to expand their mandate to cover this new work.

Extensions for Scalable DNS Service Discovery (DNSSD)

Privacy will also get attention at the DNSSD Working Group on Thursday morning from 9:30-12:00 EDT.  DNSSD focuses on how to make device discovery easier across multiple networks. For instance, helping you find available printers on not just your own network, but also on other networks to which your network is connected. However in doing so the current mechanisms expose a great deal of information. The agenda allocates 65 minutes to Christian Huitema to guide a discussion around the way forward. Drafts under discussion include:

There are other drafts under discussion at DNSSD, but these are the ones probably most of interest to readers of this article.

DNS Resolver Identification and Use (DRIU)

IETF 102 will feature a number of Birds-of-a-Feather (BOF) sessions, and one in particular relates to DNS security. The quick description is:

The IETF has added additional methods for DNS stub resolvers to get to recursive resolvers (notably DNS-over-TLS, RFC 7858), and is about to add another (DNS-over-HTTPS, from the DOH Working Group). As these have been developed, questions have been raised about how to identify these resolvers from protocols such as DHCP and DHCPv6, what the security properties these transports have in various configurations (such as between strict security and opportunistic security), and what it means for a user who has multiple resolvers configured when the elements of the configured set have different transports and security properties.

The DRIU session will be on Thursday from 15:50-17:50, right before the second DNSOP session (although in a different room).

Operational Security Capabilities for IP Network Infrastructure

In the very last slot on Friday afternoon from 11:50-13:20, the OPSEC working group will feature Benno Overeinder speaking about “Recommendations for DNS Privacy Service Operators. This document outlines things DNS operators should thing about when considering offering “DNS privacy” services. It builds on the work coming out of the DPRIVE working group and the experience gained from the IETF Hackathon and the real-world deployment of these new protocols.

DNSSEC Coordination informal breakfast meeting

As a final note, on Friday morning before the sessions start we are planning an informal gathering of people involved with DNSSEC. We’ve done this at many of the IETF meetings over the past few years and it’s been a good way to connect and talk about various projects. True to the “informal” nature, we’re not sure of the location and time yet (and we are not sure if it will involve food or just be a meeting). If you would like to join us, please drop me an email or join the dnssec-coord mailing list.

Other Working Groups

DANE and DNSSEC will also appear in the TLS Working Group’s Monday meeting. The draft-ietf-tls-dnssec-chain-extension will be presented as a potential way to make DANE work faster by allowing both DANE and DNSSEC records to be transmitted in a single exchange, thus reducing the time involved with DANE transactions. Given the key role DNS plays in the Internet in general, you can also expect DNS to appear in other groups throughout the week.

P.S. For more information about DNSSEC and DANE and how you can get them deployed for your networks and domains, please see our Deploy360 site:

Relevant Working Groups at IETF 102:

DNSOP (DNS Operations) WG
Wednesday, 18 July 2018, 9:30-12:00 EDT, Laurier
Thursday, 19 July 2018, 18:10-19:10 EDT, Place du Canada
Agenda: https://datatracker.ietf.org/meeting/102/agenda/dnsop/
Documents: https://datatracker.ietf.org/wg/dnsop/
Charter: http://tools.ietf.org/wg/dnsop/charters/

DPRIVE (DNS PRIVate Exchange) WG
Wednesday, 18 July 2018, 13:30-15:00 EDT, Place du Canada
Agenda: https://datatracker.ietf.org/meeting/102/agenda/dprive/
Documents: https://datatracker.ietf.org/wg/dprive/
Charter: http://tools.ietf.org/wg/dprive/charters/

DNSSD (Extensions for Scalable DNS Service Discovery) WG
Thursday, 19 July 2018, 9:30-12:00 EDT, Duluth
Agenda: https://datatracker.ietf.org/meeting/102/agenda/dnssd/
Documents: https://datatracker.ietf.org/wg/dnssd/
Charter: http://tools.ietf.org/wg/dnssd/charters/

DRIU (DNS Resolver Identification and Use) BOF
Thursday, 19 July 2018, 15:50-17:50 EDT, Viger
Agenda: https://datatracker.ietf.org/meeting/102/materials/agenda-102-driu

OPSEC (Operational Security Capabilities for IP Network Infrastructure) WG
Friday, 20 July 2018, 11:50-13:20 EDT, Viger
Agenda: https://datatracker.ietf.org/meeting/102/agenda/opsec/
Documents: https://datatracker.ietf.org/wg/opsec/
Charter: http://tools.ietf.org/wg/doh/charters/

Follow Us

It will be a busy week in Montreal, and whether you plan to be there or join remotely, there’s much to monitor. Read the full series of Rough Guide to IETF 102 posts, and follow us on the Internet Society blog, Twitter, or Facebook using #IETF102 to keep up with the latest news.

The post Rough Guide to IETF 102: DNSSEC, DNS Security and Privacy appeared first on Internet Society.

Jun 24

Live On Monday, 25 June – DNSSEC Workshop at ICANN 62 in Panama (Featured Blog)

With the DNSSEC Root Key Rollover coming up on October 11, how prepared are we as an industry? What kind of data can we collect in preparation? What is the cost-benefit (or not) of implementing DANE? What can we learn from an existing rollover of a cryptographic algorithm? All those questions and more will be discussed at the DNSSEC Workshop at the ICANN 62 meeting in Panama City, Panama, on Monday, June 25, 2018. More...

Jun 22

Live On Monday, 25 June – DNSSEC Workshop at ICANN 62 in Panama (Featured Blog)

More...

Jun 22

Watch Live On Monday, 25 June – DNSSEC Workshop at ICANN 62 in Panama

With the DNSSEC Root Key Rollover coming up on October 11, how prepared are we as an industry? What kind of data can we collect in preparation? What is the cost benefit (or not) of implementing DANE? What can we learn from an existing rollover of a cryptographic algorithm?

All those questions and more will be discussed at the DNSSEC Workshop at the ICANN 62 meeting in Panama City, Panama, on Monday, June 25, 2018. The session will begin at 9:00 and conclude at 12:15 EST (UTC-5). [Note: this is one hour different than current US Eastern Daylight Time – Panama does not change to daylight savings time – and so this will begin at 10:00 EDT (UTC-4).]

The agenda includes:

  • DNSSEC Workshop Introduction, Program, Deployment Around the World – Counts, Counts, Counts
  • Panel: DNSSEC Activities and Post Key Signing Key Rollover Preparation
  • DANE: Status, Cost Benefits, Impact from KSK Rollover
  • An Algorithm Rollover  (case study from CZ.NIC)
  • Panel: KSK Rollover Data Collection and Analysis
  • DNSSEC – How Can I Help?
  • The Great DNSSEC/DNS Quiz

It should be an outstanding session!  For those onsite, the workshop will be in Salon 4, the ccNSO room.

Lunch will follow. Thank you to our lunch sponsors: Afilias, CIRA, and SIDN.

The DNSSEC Workshop will be followed by the “Tech Day” set of presentations from 13:30 – 18:30 EST. Many of those may also be of interest. They will also be streamed live at the same URL.

As this is ICANN’s smaller “Policy Forum” schedule, there will not be either the “DNSSEC for Everybody” session nor the “DNSSEC Implementer’s Gathering” as there is at the other two ICANN meetings each year. Also, as I am not able to travel to ICANN 62, I want to thank Jacques Latour for stepping in to help with the usual presenting and emceeing that I do.

Please do join us for a great set of sessions about how we can work together to make the DNS more secure and trusted!

If you would like more information about DNSSEC or DANE, please visit our Start Here page to begin.

Image credit: ICANN

The post Watch Live On Monday, 25 June – DNSSEC Workshop at ICANN 62 in Panama appeared first on Internet Society.

Jun 18

Alert – Web server host migration on June 19, 2018

As you may have noticed, our shiny new website has some speed issues. It is slow for many visitors. Over the past few months we’ve worked on a number of potential changes to improve the site performance. One big change we’re making is to move to a different hosting provider.

That change will happen tomorrowTuesday, 19 June 2018 at 13:00 UTC.

Assuming all goes well, you shouldn’t really notice – except that the site should be faster! But if you happen to be browsing the site around 13:00 UTC, you might see some glitches on pages while the DNS magic happens and we change to pointing to the new server.

Once we’ve made this migration, I’ll write more about what we have done and how it has helped our site’s performance. Meanwhile, I just wanted to give a quick alert about this impending change to anyone viewing our site.

The post Alert – Web server host migration on June 19, 2018 appeared first on Internet Society.

Jun 17

TDYR 351 – Thoughts About WordCamp Europe 2018

I attended my first WordCamp Europe (WCEU) this week in Belgrade, Serbia, and it was an outstanding event. In this episode I talk about some of what I learned.