After reading a bit more about this on various blogs I now realize that this change might have a negative impact on corporate deployments due to the fact that Firefox will discontinue security patches for those old versions, which makes compatibility testing and large-scale roll-outs a real hassle.

A member of the IE team, Ari Bixhorn, wrote on his blog that Microsoft offers a long-term support strategy for their browser. As much as I would hate going back to IE, because it would mean platform dependency, but is Microsoft now becoming the sane option? I hope Firefox will reconsider and change their release process. For a company to maintain their own Firefox fork is just not really a sustainable – or financially sane – proposition.

Update 6/30: Mozilla starts to think about how to support Enterprises.

Update 1/14/2012: Mozilla announces that it plans to make Firefox 10 the base for an Extended Support Release targeted at corporate users.

Update 2/1/2012: Firefox released its first Extended Support Release (ESR) today.

February 3, 2011: “A critical point in the history of the Internet was reached today with the allocation of the last remaining IPv4 (Internet Protocol version 4) Internet addresses from a central pool. It means the future expansion of the Internet is now dependant on the successful global deployment of the next generation of Internet protocol, called IPv6.” – Available Pool of Unallocated IPv4 Internet Addresses Now Completely Emptied

I don’t really understand why I’d want to use it or why this project is a good idea for Google, but now we have one more DNS server for testing purposes that has an IP address that is easy to remember :-)

So we played with a whole bunch of cables, two switches, one p5 550 with VIO, and a T61p, until we figured out what’s wrong. It just took us a whole day to figure it out, but it feels good that we did.

The root-cause was that auto-negotiation was disabled on the ethernet interface. Usually this is a good thing. This time it was not. Go figure.

If photos are not enough for you, you can get more details in an article written about the data center. [via mbaierl.com]

Update 11/26: The new CDN launched recently and it’s called CloudFront.

The whole point for the Internet is for communication to work and as mentioned in the article someone who redirects even a portion of the Internet traffic, even for a small prefix, is crazy to begin with. Not only because it will be noticed but more likely because you’re duplicating traffic because you need to resend the outbound packets for people not to notice that you’re intercepting traffic.

We’ve told people for years that their data on the Internet, if unencrypted, is not safe and never will be. The Internet is a dumb network and it will stay that way. I just can’t imagine each router validating a cryptographic signature on a BGP announcement for each AS in the AS-path. How should that work? It would be interesting to measure the impact that would have on the processor time required.

It’s also interesting to think about the trust-chain and information that would be required to not only know if an announcement really originated in a given AS but also if that AS is authorized to announce that network.

If people are not able to configure BGP filtering correctly how do we think they’re going to be able to deploy any cryptographic solution correctly to even get it to work on a global level? – Not to mention that certificates will expire and need to be replaced.

btw: this has also been blogged about by Bruce Schneier and Dan Kaminsky.

I don’t really get why the article states that it’s embarrassing for the NSA. – After all the most secure server is one that is offline and I hope not too much critical business at the NSA is done using e-mail over the Internet, but it might be annoying to call the next pizza place instead of ordering it online ;-)