c’t magazine runs a biweekly column shining some light on the most egregious customer experiences with IT companies. To no-one’s surprise, thing start to get resolved if the company is facing public outrage and public shaming.
So, in the same spirtit: paypal is worst company in the world.
Further opportunities at Naming and Shaming are the Big Brother Awards.
Laut FuZo baut die Türkei ein Zentrum für IP-Verfolgung. Gut für sie.
Aber könnten die bitte statt Zensur für die eigene Bevölkerung was zum Schutz des restlichen Internets vor Spam und script-kiddies mit Testosteron-Überproduktion aus dem türkischen Internet tun?
Danke.
At work, we’ve been running IPv6 for a while and back home I’ve also got v6 on my DSL connection (not native, though, silverserver implemented that with a tunnel). My root-server also got v6 connectivity via a Tunnel from the nic.at network (easy enough to do if you’re the router-admin :-), but I never used that for serious stuff.
Now that Hetzner finally provides native IPv6 connectivity, I made the necessary changes to the configuration of my server and now this blog is reachable via IPv6, too.
Next task: Get cacti to graph how many visitors use v4 versus v6.
This years soccer Word Cup seems to be the first one for which streaming video is widely available on the Internet. The Austrian public TV (ORF) is offering a decent livestream (or in the case of parallel games, two streams). So what do the public traffic statistics of the Internet Exchange Points show?
This graph is from the Vienna Internet Exchange. Some notable points:
The Austrian ISP Association (ISPA) had asked me to hold a workshop on DNSSEC as part of their “ISPA Academy” series of events. And as they had complaints that all their events are in Vienna, I agreed to hold it in Salzburg, where I had logistical support from the nic.at headquarter.
I thus spent the Wednesday traveling to Salzburg (actually: I’m usually quite productive in trains, and a good part of the presentation was prepared on the way in), then holding the workshop and riding the train back. Six hours of train for 4 hours of workshop isn’t that bad.
If anyone is interested, here are my slides. My aim was to explain the motivation for DNSSEC, the technical implementation and, most importantly, what introducing DNSSEC means for an ISP. I only touched very briefly on the commercial aspect.
In the end, this room full of techies were not exactly cheering for the adoption of dnssec.
Postscript: Just two days later, we have this: doc.gov, the entity that still has a hand in approving changes to the root zone, messed up their DNSSEC signatures. From http://dnsviz.net/d/doc.gov/dnssec/:
I’ve kept these pages open as tabs in Firefox, meaning to blog about them.
So before I really have to reset Firefox, here are they lest I forget about them:
Hallo,
heute hab ich mal versucht, die Entscheidung des Riesentorlaufes via Livestream auf ORF.at anzusehen, aber bekam die “geht nur in Österreich”-Fehlermeldung.
Ich bin in Österreich, und auch mein Netz ist eindeutig auf Österreich registriert:
inet6num: 2001:858:5:900::/56
netname: SIL-LENDL
descr: SILVER SERVER GmbH
descr: Otmar Lendl #1219171
country: AT
bzw
inet6num: 2001:858::/32
netname: AT-SIL-20020725
descr: SILVER SERVER GmbH
country: AT
Ist halt IPv6 und nicht das klassische IPv4.
Kann es sein, dass dort die Ländererkennung nicht richtig funktioniert?
Wenn ich bei mir v6 abdrehe und via v4 komme, dann geht der livestream auch problemlos.
mfg,
otmar lendl
Update: jetzt bekam ich eine Antwort vom ORF:
Sehr geehrter Herr Lendl!
Ich bedanke mich für Ihre E-Mail und Ihr Interesse an unserem Programm. Manchmal kann es vorkommen, dass Sie obige Meldung angezeigt bekommen, obwohl sie sich in Österreich befinden. Dieser Fehler passiert vor allem bei international tätigen Internetprovidern, deren Firmensitze sich im Ausland befinden. Wenn der Server ihre IP-Adresse nicht als österreichisch erkennt, müssen Sie ihren ISP (Internet Service Provider) kontaktieren.
Auf folgenden Internetseiten können Sie herausfinden, welchem Land ihre IP-Adresse zugeordnet ist.
http://www.wieistmeineip.at
http://www.countryipblocks.netSollte sich das von Ihnen beschriebene Problem damit nicht erklären lassen, so geben Sie bitte Bescheid, ich leite Ihre Anfrage dann gerne an die Technik weiter.
Ich verbleibe mit freundlichen Grüßen
Stefanie Steinwender
Seufz.
Update 2 (17.2.2010):
Innerhalb des ORF wurde das entsprechend weitergeleitet und auch prompt gefixt. Wirklich verifizieren konnte ich das aber erst jetzt: Vor Olympia war einfach fast kein Skifahren im Fernsehen.
Sometime the timing is just too perfect.
Yesterday I was trying to book a flight on Brussel Airlines and when I was trying to pay via credit card, they insisted on an on-the-fly enrollment to MasterCard SecureCode. I refused and booked via the AMEX Business Service.
Today a security analysis of the whole scheme was published by British scientists, confirming my reservations.
Money quotes:
“Merchants who use it push liability for fraud back to banks, who in turn push it on to cardholders.”
“So this is yet another case where security economics trumps security engineering, but in a predatory way that leaves cardholders less secure.”
In their endless quest for world domination Google recently unveiled their public DNS resolver setup. Such a service is nothing new per se, OpenDNS is doing something similar for some time. Based on the FAQ, Google seems to do this right: A sensible privacy policy and no NXDOMAIN rewriting. They even seem to implement some state-of-the-art (except DNSSEC) tricks to harden their system against forgery attempts.
(Quick aside: one of their tricks to speed up the resolution is to pre-fetch records due to expire from the cache. I’ve proposed exactly the same to the BIND folks at the DNS-OARC meeting in Chicago, 2007.)
On one mailing list, the question was raised how widespread use of Google DNS would affect the Content Distribution Networks (CDNs) like Akamai. After all, they take the source IP of the DNS query as “close to the client, network-wise” and return the best CDN node for that IP address. If now an Austrian User ask the Google DNS servers in the US, then the CDN’s nameserver will return the address of an American CDN node leading to a suboptimal choice.
That effect might become less pronounced (but does not go away) once Google deploys their DNS service in a massive anycast infrastructure. Akamai will then see the request coming from at least the same region as where the end-user is.
Actually, the best move Akamai could do is start a rival DNS resolving infrastructure. If they use anycasted recursors at each of their CDN nodes, that would really simplify their CDN algorithm as the node that gets the DNS request is very likely to be the optimal one for the actual content delivery, too.
Recently, two mails of a conspiracy theorist sneaked past my spam-filter. Pure flashback to the heyday of the good old Usenet kooks. Consider this quote:
The Jewish nazis also continued to send ‘messages’ and ‘feedback’ to me through the media and internet and through the EBL – Electronic Brain Link – whereby, among other things, they ‘invited’and sucked me in to directing my attention and using my amazing power on images in magazines, the internet, TV and other media
I mean, if that doesn’t trigger your kook-detector, nothing will.