Category: Internet

Today, heise wrote about Linotype’s offer in the “fonts for webpages” market.

If I’m not mistaken, that’s not the first commercial offering of licensing fonts for the new HTML/CSS font feature. On one hand, this a really good offer, as it allows amateur sites to use professional fonts for free and commercial, high-traffic sites can use these fonts for a reasonable price.

But one thing bugs me about these offers: In order to enforce the pay-per-pagehit business model, these services need to serve the fonts from their own servers. That means:

• On the plus side, potentially better caching between different sites.
• But: the font-servers implicitly track all visitors to the website using these fonts.

Given all the privacy implications that embedded ads and social media gizmos (“click here if you like this”) are starting to raise, fonts seem to be the next thing you need to be careful about if you’re conscious about the traces you leave in third-party access-logs.

At work, we’ve been running IPv6 for a while and back home I’ve also got v6 on my DSL connection (not native, though, silverserver implemented that with a tunnel). My root-server also got v6 connectivity via a Tunnel from the nic.at network (easy enough to do if you’re the router-admin :-), but I never used that for serious stuff.

Now that Hetzner finally provides native IPv6 connectivity, I made the necessary changes to the configuration of my server and now this blog is reachable via IPv6, too.

Next task: Get cacti to graph how many visitors use v4 versus v6.

This years soccer Word Cup seems to be the first one for which streaming video is widely available on the Internet. The Austrian public TV (ORF) is offering a decent livestream (or in the case of parallel games, two streams). So what do the public traffic statistics of the Internet Exchange Points show?

This graph is from the Vienna Internet Exchange. Some notable points:

• Gametime means traffic-peaks. The World Cup schedule is clearly visible in the graphs. Up to the 21th, there were three games per day, two close after each other, then a two hour break and then another game. Starting with the 22nd, there were four games a day, with two running in parallel. (the times in the graph are UTC!)
• Weekend have smaller spikes than workdays: On the 19th and 20th, the games are less visible than on the other days. It looks like watching the stream over the Internet is more popular in offices than at home. This makes sense as at home the TV screen is most likely the better place to watch soccer.
• Regarding traffic levels: from looking at the graphs, the biggest spikes seem to be around 8 Gbit/s. Assuming that this is mostly ORF streams for the Austrian public, one can assume that ORF/APA is pushing more than 10 Gbit/s during Word Cup games.

The Austrian ISP Association (ISPA) had asked me to hold a workshop on DNSSEC as part of their “ISPA Academy” series of events. And as they had complaints that all their events are in Vienna, I agreed to hold it in Salzburg, where I had logistical support from the nic.at headquarter.

I thus spent the Wednesday traveling to Salzburg (actually: I’m usually quite productive in trains, and a good part of the presentation was prepared on the way in), then holding the workshop and riding the train back. Six hours of train for 4 hours of workshop isn’t that bad.

If anyone is interested, here are my slides. My aim was to explain the motivation for DNSSEC, the technical implementation and, most importantly, what introducing DNSSEC means for an ISP. I only touched very briefly on the commercial aspect.

In the end, this room full of techies were not exactly cheering for the adoption of dnssec.

Postscript: Just two days later, we have this: doc.gov, the entity that still has a hand in approving changes to the root zone, messed up their DNSSEC signatures. From http://dnsviz.net/d/doc.gov/dnssec/:

I’ve kept these pages open as tabs in Firefox, meaning to blog about them.

So before I really have to reset Firefox, here are they lest I forget about them:

• Sie kommen, nehmen und gehen wieder
• http://seclists.org/
• Why my books are no longer for sale via Amazon
• Amazon, Macmillan: an outsider’s guide to the fight
• Proposed Strategic Initiatives for Improved DNS SSR and Global DNS-CERT Business Case
• http://www.tmehta.com/regexp/
• MWC: Mobilfunkanbieter wappnen ihre Netze
• Schmidt denies Google wants ‘dumb pipe’ carriers

Hallo,

heute hab ich mal versucht, die Entscheidung des Riesentorlaufes via Livestream auf ORF.at anzusehen, aber bekam die “geht nur in Österreich”-Fehlermeldung.

Ich bin in Österreich, und auch mein Netz ist eindeutig auf Österreich registriert:

inet6num: 2001:858:5:900::/56
netname: SIL-LENDL
descr: SILVER SERVER GmbH
descr: Otmar Lendl #1219171
country: AT

bzw

inet6num: 2001:858::/32
netname: AT-SIL-20020725
descr: SILVER SERVER GmbH
country: AT

Ist halt IPv6 und nicht das klassische IPv4.

Kann es sein, dass dort die Ländererkennung nicht richtig funktioniert?

Wenn ich bei mir v6 abdrehe und via v4 komme, dann geht der livestream auch problemlos.

mfg,

otmar lendl

Update: jetzt bekam ich eine Antwort vom ORF:

Sehr geehrter Herr Lendl!

Ich bedanke mich für Ihre E-Mail und Ihr Interesse an unserem Programm. Manchmal kann es vorkommen, dass Sie obige Meldung angezeigt bekommen, obwohl sie sich in Österreich befinden. Dieser Fehler passiert vor allem bei international tätigen Internetprovidern, deren Firmensitze sich im Ausland befinden. Wenn der Server ihre IP-Adresse nicht als österreichisch erkennt, müssen Sie ihren ISP (Internet Service Provider) kontaktieren.

Auf folgenden Internetseiten können Sie herausfinden, welchem Land ihre IP-Adresse zugeordnet ist.

http://www.wieistmeineip.at
http://www.countryipblocks.net

Sollte sich das von Ihnen beschriebene Problem damit nicht erklären lassen, so geben Sie bitte Bescheid, ich leite Ihre Anfrage dann gerne an die Technik weiter.

Ich verbleibe mit freundlichen Grüßen
Stefanie Steinwender

Seufz.

Update 2 (17.2.2010):

Innerhalb des ORF wurde das entsprechend weitergeleitet und auch prompt gefixt. Wirklich verifizieren konnte ich das aber erst jetzt: Vor Olympia war einfach fast kein Skifahren im Fernsehen.

In their endless quest for world domination Google recently unveiled their public DNS resolver setup. Such a service is nothing new per se, OpenDNS is doing something similar for some time. Based on the FAQ, Google seems to do this right: A sensible privacy policy and no NXDOMAIN rewriting. They even seem to implement some state-of-the-art (except DNSSEC) tricks to harden their system against forgery attempts.

(Quick aside: one of their tricks to speed up the resolution is to pre-fetch records due to expire from the cache. I’ve proposed exactly the same to the BIND folks at the DNS-OARC meeting in Chicago, 2007.)

On one mailing list, the question was raised how widespread use of Google DNS would affect the Content Distribution Networks (CDNs) like Akamai. After all, they take the source IP of the DNS query as “close to the client, network-wise” and return the best CDN node for that IP address. If now an Austrian User ask the Google DNS servers in the US, then the CDN’s nameserver will return the address of an American CDN node leading to a suboptimal choice.

That effect might become less pronounced (but does not go away) once Google deploys their DNS service in a massive anycast infrastructure. Akamai will then see the request coming from at least the same region as where the end-user is.

Actually, the best move Akamai could do is start a rival DNS resolving infrastructure. If they use anycasted recursors at each of their CDN nodes, that would really simplify their CDN algorithm as the node that gets the DNS request is very likely to be the optimal one for the actual content delivery, too.