Categories
CERT Internet

DNSSEC Troubles

I’ve given my share of DNSSEC talks over the last three years. I usually explain what exactly DNSSEC provides and what it does not. One of the downsides I tell ISPs about is that other people’s DNSSEC errors will hit your call-center if you’re doing DNSSEC-validation.

This just happened to Comcast.

I really recommend that anyone enabling DNSSEC validation on their resolvers should be prepared for this case. The report from Comcast is instructive, especially the media fallout they had to cope with.

Categories
Internet

Textbooks on the iPad

Apple announced last week that it wants to change the way textbooks work for US schools: Instead of schools buying books that are given to a succession of pupils, each kid should receive its own copy of the textbook as an ebook on his iPad.

So far, so interesting. I have two observations on this:

a) Richard Stallman wrote once a short story called “The right to read“. Having textbooks solely on DRM-infected ebook readers is yet another step in that direction.

b) This is a huge opportunities for crowd-sourced textbooks. The material that basic textbooks cover have been summarized, prepared for lectures, lessons, books, … by successions of teachers, home-schoolers, students and other people over and over again. This is a market that is pitch-perfect for some sort of Wikipedia-style cooperative editing.

There will be no single common edition for all topics, some are just too controversial. In other cases, there will be different approaches on how to teach a certain subject. Nevertheless, if it is easy enough to share enhancements to copylefted textbooks, we might see that many teachers will enhance the ebook for their class (add some multimedia content, add exercises, provide additional information) and feed all these back into the public pool of ebooks.

Optimally, this would work as a plugin into Apple’s ebook writing software to make it a seamless experience. The economic incentive for Apple is not there, so I doubt that will happen soon. But if someone writes a decent conversion tool that takes a set of pages from Wikipedia (perhaps enhanced with some special tags for this purpose) and builds a textbook from them, this could take off very quickly.

This could do to textbooks what Wikipedia already did to lexica.

(And of course, Amazon will also try to ruin Apple’s plans.)

Categories
CERT Internet

#DigiNotar and paying for an audit

The question Mozilla, Microsoft and Apple should be asking themselves now is:

Which other CA do they trust based on an audit by PwC? Their green light on DigiNotar was so flawed that I have serious doubts about anyone else they certified as a trustworthy CA.

This is a bit like the financial rating agencies at the height of the 2008 banking crisis: why the hell should I trust the audit/rating of someone who is paid by the people they are auditing/rating and who need an “all fine”/AAA result?

Categories
Internet

RIP Semantic Web

How many research grants have been awarded to “Semantic Web” research proposals over the last few years? I always maintained that this is a typical academic solution to a problem that will be solved by very simple additions to the existing web like microformats.

Now the search heavyweights have joined the semantic web for real. But not by doing RDF or any of those full blown perfect solutions developed over the last years by burning research money.

As I see it, most of the research projects are now completely obsolete given the launch of schema.org.

Categories
Internet

Dummheit bei der Telekom

Ametsreiter in der Fuzo:

Der Einsatz von “Deep Packet Inspection” (DPI), mit der der Netzverkehr durchleuchtet werden kann, sei eine Angelegenheit des Betreibers, wird Ametsreiter im “Wall Street Journal” weiter zitiert. Kaufe eine Fluglinie eine Boeing 777, schreibe ihr auch niemand vor, wen sie damit befördern dürfe.

Die Analogie ist super, darf ich die auch mal hernehmen?

Kauft ein Endkunde einen Internet-Zugang, dann schreibe ihm auch niemand vor, welche Applikationen er darüber nutzen dürfe.

Wie wär’s damit, Herr Ametsreiter?

Categories
Internet

YouTube via IPv6

I don’t know whether my still-not-quite-native IPv6 at home is to blame, or whether Google has some capacity problems over v6, but watching youtube videos at home with v6 enabled offers a significantly worse user experience, than via v4.

Categories
Internet

The Facebook Map

An intern working for facebook created a beautilful map based on the relationship graph of facebook users.

So far, so widely blogged about.

One thing is remarkable: you can still see the border between the old west- and east part of Germany:

vs.

I wonder whether this is just the result of more people per square mile in the west, or if this one effect of still differing infrastructure or social structures.

Categories
IETF Internet

Comcast’s congestion managment

A few years ago, Comcast generated a lot of negative PR based on their RST–injecting P2P throttling scheme.

This lead them to adopt a new strategy which is protocol and destination-agnostic and is designed to shift inevitable packet-loss to those users that stress the network.

Comcast has now published their strategy in an informational RFC. It’s longer than it needs to be, but still: recommended reading.

Categories
CERT Internet

Attacking PalPay, Visa, and Mastercard

The story so far: WikiLeaks posted some secrets, the US governments throws a hissy fit and some spineless companies see it as their “patriotic duty” to withheld service from WikiLeaks. This doesn’t especially endear them to the 4chan/Anonymous crowd which then starts to DDoS the pushovers.

So how is a Civil Libertarian and Network Security guy supposed to react to that?

Two bads don’t make a right. There are better ways to show disgust of and punish those electronic money movers. Attacking their operation cannot be the right answer.

But: I’ve been arguing for years now that one of the few ways to actually shut down some of the real menaces (not the imagined ones like WikiLeadks) of the Internet like Spammers, Fake AV Software scams, Viagra/… sellers, and other frauds would be to deny them the credit card payment option.

Thus, MasterCard and Visa: If you are so eager to distance yourself from WikiLeaks, when nobody can even tell you what actual laws they are supposed to have violated, why are you not able to deny service to the frauds when it is absolutely clear that they violate laws and cost the worldwide economy huge sums of money to clean up their crap?

Categories
Internet

The privacy of fonts on the web

Today, heise wrote about Linotype’s offer in the “fonts for webpages” market.

If I’m not mistaken, that’s not the first commercial offering of licensing fonts for the new HTML/CSS font feature. On one hand, this a really good offer, as it allows amateur sites to use professional fonts for free and commercial, high-traffic sites can use these fonts for a reasonable price.

But one thing bugs me about these offers: In order to enforce the pay-per-pagehit business model, these services need to serve the fonts from their own servers. That means:

  • On the plus side, potentially better caching between different sites.
  • But: the font-servers implicitly track all visitors to the website using these fonts.

Given all the privacy implications that embedded ads and social media gizmos (“click here if you like this”) are starting to raise, fonts seem to be the next thing you need to be careful about if you’re conscious about the traces you leave in third-party access-logs.