gpoul's Out Of Memory Blog

Google announced Google Public DNS a few days ago.

I don’t really understand why I’d want to use it or why this project is a good idea for Google, but now we have one more DNS server for testing purposes that has an IP address that is easy to remember :-)

For the last week we were only getting 4Mb/s to one of our test servers, which was actually supposed to have 100Mb/s rates. Transferring installation media is really a lot of fun that way. After hoping for the last week that the problem would go away on its own, we finally came to the conclusion that this is probably not going to happen any time soon.

So we played with a whole bunch of cables, two switches, one p5 550 with VIO, and a T61p, until we figured out what’s wrong. It just took us a whole day to figure it out, but it feels good that we did.

The root-cause was that auto-negotiation was disabled on the ethernet interface. Usually this is a good thing. This time it was not. Go figure.

I’ve seen quite a few data centers. I don’t really like them most of the time, but some of them might arguably look cool. – But the data center built by Stockholm ISP Bahnhof is just insane.

If photos are not enough for you, you can get more details in an article written about the data center. [via mbaierl.com]

Looks like Amazon will launch a CDN-like offering in the (near?) future. I guess we’ll have to wait a bit to find out if this is really something that can compete with companies like Akamai or not. For everyone who’s not seriously considering a CDN today an Amazon CDN will not be particularly interesting, because why would you use it instead of S3?

Update 11/26: The new CDN launched recently and it’s called CloudFront.

I’m not sure this whole BGP MITM vulnerability hasn’t been blown way out of proportion. A few more details than mentioned in the articles can be found in the defcon presentation. [via arstechnica]

The whole point for the Internet is for communication to work and as mentioned in the article someone who redirects even a portion of the Internet traffic, even for a small prefix, is crazy to begin with. Not only because it will be noticed but more likely because you’re duplicating traffic because you need to resend the outbound packets for people not to notice that you’re intercepting traffic.

We’ve told people for years that their data on the Internet, if unencrypted, is not safe and never will be. The Internet is a dumb network and it will stay that way. I just can’t imagine each router validating a cryptographic signature on a BGP announcement for each AS in the AS-path. How should that work? It would be interesting to measure the impact that would have on the processor time required.

It’s also interesting to think about the trust-chain and information that would be required to not only know if an announcement really originated in a given AS but also if that AS is authorized to announce that network.

If people are not able to configure BGP filtering correctly how do we think they’re going to be able to deploy any cryptographic solution correctly to even get it to work on a global level? – Not to mention that certificates will expire and need to be replaced.

btw: this has also been blogged about by Bruce Schneier and Dan Kaminsky.

Looks like the NSA had some DNS troubles recently. I didn’t know that this also happened to YouTube; I read in IPJ that there was a YouTube problem related to a BGP announcement, but maybe that’s a different incident.

I don’t really get why the article states that it’s embarrassing for the NSA. – After all the most secure server is one that is offline and I hope not too much critical business at the NSA is done using e-mail over the Internet, but it might be annoying to call the next pizza place instead of ordering it online ;-)

“When the Internet Is My Hard Drive, Should I Trust Third Parties?”, by Bruce Schneier.

Please don’t tell me anyone still has their switch ports on auto-negotiate.

Yes, this also goes for ethernet ports on your servers and has already caused too many problems to still keep someone up at night.

Bruce Schneier writes about the open wireless network in his house and why he thinks it’s not a big deal or even “basic politeness”.

In contrast to Bruce I am concerned about other people using my connectivity. Not because I’ll get sued, but because I don’t like to share my connection with everyone. I don’t like debugging why my connection is slow just to find out someone is downloading stuff through my connection.

I configure my network with a WPA2 key that I can provide to guests. Most computers will store this key and remember it next time, so this is kind of a first-time-guest thing. No big deal I guess, but in case I’d run a public venue like a coffee shop, I’d definitely keep the access point open, because that’s the whole point and everything else would just be a support headache. In addition, people will start to complain if they paid for it and it’s not working, so it’s probably cheaper to not charge and have a less reliable solution.

The mobile team at Google released Google Calendar for your iPhone.

Try it. now. :)