Tuesday, 28 December 2010

Brave and trusting staff

Well, jimi is at his parents this week, and decided that he would try the new FireBrick PPPoE code at home. So upgrading software, remotely by many miles, reconfiguring for PPPoE on FireBrick and then on router and hoping for the best.

What can I say - it worked.

Well, technically it did not quite work, but worked well enough for us to fix a couple of slight buglets. But he is now on-line without having to drive back home.

I think he was very brave! But it does now mean we have the confidence to talk customers through this.

He also has native IPv6 "just working"® now.

Monday, 27 December 2010

Everything you wanted to know about PPPoE but were afraid to ask

PPPoE is a simple concept allowing PPP (point to point protocol) packets to be carried over Ethernet (normal local area networks).

The RFC is refreshingly small, and is largely concerned with how a device (client) discovers and connects to an access controller on the network. Once you have a connection to an access controller, the rest is PPP, which has its own protocols to negotiate IP addresses and carry packets.

PPP itself dates back to the good old days of dialup modems, but is still used today for broadband lines and even high speed fibre to the cabinet and fibre to the premises lines.

The key thing PPPoE does is separate the modem (which converts signals on the line itself) from the router (which decides what to do with IP packets). There are a couple of good reasons to do this. (a) It makes for a good demarcation point for a telco allowing generic termination equipment (the modem) to be part of the service whilst providing choice of actual router, and (b) modem/router manufacturers are notoriously bad at making routers that are any good at routing (note lack of IPv6 support as a good example) and you usually want to have a decent router/firewall from someone that can make routers (like the FireBrick, of course :-) ).

As you probably saw, I wrote the FireBrick PPPoE client on Friday morning, and was well pleased with myself having tested on a Vigor V120 PPPoE/A modem on a BT line. I then spent most of this morning trying to get it working with BT lines using a Zyxel in bridge mode. It is working now with zyxel in bridge mode to BT and Be as well as to the Vigor. Next to test is FTTC and FTTP BT lines.

Whilst the RFC for PPPoE is not bad, there are a few issues:-
  1. PPPoE limits the MTU to 1492 as 8 bytes are used for PPPoE and PPP headers. Fortunately there is a later RFC allowing negotiation of baby jumbo frames (dumbo frames?) to handle full 1500 byte MTU. Unfortunately I have yet to find a router that supports it even though their Ethernet chip-sets can probably do the larger frame. Fortunately BT FTTC and FTTP does support it, apparently.
  2. PPPoE has a range of extensible tagged parameters, but they missed a trick by failing to define a few simple ones such as telephone number for dialup or VPI/VCI/encap mode for DSL. Having these would mean modems need no configuration at all and so not need DHCP, IP and web interfaces - having all parameters using the PPPoE tags would be perfect and should have been encouraged in the original PPPoE spec. Other obvious status parameters, like tx speed and rx speed and so on, in the response from them modem would have been a simple addition. These could have been defined as optional tagged values in the original spec and saved everyone a lot of time.
  3. PPPoE allows for a relay device. This makes perfect sense for a DSL router to relay PPPoE either to PPPoA as raw PPP, or to a remote PPPoE device on the wire whilst appearing as only one device on the local network. This is how it should be done. Sadly it seems almost all routers that do PPPoE work in a bridge mode - bridging the LAN to the far end of the DSL line. This causes serious problems. For a start you have no way to direct traffic to a specific line via a specific router/bridge, if you have more than one, as you only see the far end bridged Ethernet MAC addresses. You also have no way to tell this has happened. You also have to run a separate LAN segment even if you only have one router/bridge as the broadcast traffic on your LAN is bridged and can trip MAC address limits on the DSL service. In short, each PPPoE router/bridge has to be on its own LAN segment which is a pain, and a shame as the spec allowed them to act as relays!
  4. Finally, bugs... It seems our favourite telco do not follow the RFC. There is an "end" tag, id 0x0000, which you can put at the end of the list of tags. It is not required but remains for backwards compatibility. So I dutifully included it, and all was well. Vigor happy. Be happy. Could not get working with our favourite telco. Turns out if you include this completely valid tag then our favourite telco just totally ignore your PADI packets. WTF! RTFRFC guys!
So, the new FireBricks now do PPPoE, including negotiating IPv6, including baby jumbo frames, and including multiple links on separate ports with bonding. They even provide loss/latency graphs for each line from the client end.

There is much more code still to do though...

Saturday, 25 December 2010

Test one unknown at a time

New FB2700s are being shipped and so when a customer could not get tunnels set up properly we spend ages trying to find the cause, assuming it is the FB2700 as it is all new code.

Turns out, having spent all day on this, one of his DSL lines filters some UDP traffic which meant the tunnels did not work. Thankfully the port mapping functions make it easy to work around once we know the problem!

But we got to try about 3 different ways of setting it up which is nice. We even tried PPPoE before discovering the combination of line, provider, and router meant it would not do it!

Oh, and yes, PPPoE is all coded as well now, and is standard in the base model.

All in all a good couple of days development, all the better for some turkey and trifle.

More to do next week! Ho Ho Ho

Thursday, 23 December 2010

Getting there

Well, the FB2700 now has a nice DHCP server, with lots of bells and whistles.
Next is the PPPoE client with bonding.
Should be fun.

Tuesday, 21 December 2010

Ho Ho Horde!

What can I say?!

Sunday, 19 December 2010

Thin end of the wedge

http://www.news.com.au/breaking-news/world/all-internet-porn-will-be-blocked-to-protect-children-under-uk-government-plan/story-e6frfkui-1225973481287

I said the IWF list was just the thin end of the wedge. The objective of stopping people accidentally encountering child porn on the web was a crazy one (IMHO) as it did not even try to stop people that want to access such material, and (as has been shown) has side effects.

The only real reason for IWF blocking list was to get in place a mechanism to allow arbitrary web sites to be blocked. Then the list can be conveniently expanded to other things. Start with something nobody can object to like "child porn", and build from that.

The quote on that article is "Technically we know it can be done because the ISPs are already removing child porn after the government put pressure on them". This kind of shows why the otherwise pointless IWF block list was encouraged so much in the first place - it was a foot in the door.

The latest is to add all porn (completely legal porn) on the basis children might see it, and allow adults to opt-in to access it. It's think of the children mentality. Of course these blocking systems are trivial to get around. There are already plenty of ways for parents to control what their children see on their computer. And, whats to bet that such opt-in systems will be on IP and so mean (with NAT) that the whole house has opt-in, including the kids machines?

You can see where it goes. I am sure terrorist web sites will be next on the list, after all, who can argue with that. Of course, any extreme political web sites will need to be next. Basically any wrong thinking.

Thankfully, due to other oppressive governments around the world, there are already well established and well documented ways to bypass all of this crap to allow people to communicate and access the Internet without trace and without filters.

Utter incompetence on the part of our government, IMHO.

Oh, and they are talking of doing it without legislation. OK, so they want communications for a perfectly legal purpose between two parties via a communications network to be intercepted and blocked without the specific (opt-in) request of either of the parties, and somehow this is legal under RIPA?

Friday, 17 December 2010

For the horde!

Well, I would like to thank Mike for the full size World of Warcraft Orc we now have in our training room. A really novel Christmas present which will make for a real talking point.

Twit!

Well, I have signed up with twitter. I am not feeling too well so not going to a party, but the party is on twitter, and it means I can talk to them and be there virtually so I joined.

I am not sure of the terminology, does that make me a tweeter or a twit or a twat? maybe all three.

First ever tweet:
First tweet - I understand it is protocol for me to say that I am threatening to blow up an airport because of snow...

Thursday, 16 December 2010

Copyright

Well, sounds like my copyright statement might well be valid, especially with rulings like this!
http://zine.openrightsgroup.org/comment/2010/the-long-arm-of-copyright 
This is absolutely crazy!

Cunning plan

Why can't they make mobile phones that have a small compartment that has space for tablets...

The phones themselves are so small now, it would be easy to include a small compartment or two. And it would be ideal for diabetic old fogies like me that now have to take a couple of pills with me to have with meals.

That way I would never forget them as I am never without my phone!

If it has a sensor to tell you opened the compartment, it could have an alarm in the morning if you have not opened it to put pills in, and another at pre-set times to remind you you have not opened it to take pills out. That'll be useful when I get older and start losing my memory!

Tuesday, 14 December 2010

Cool TV

OK, the new Sony TV is quite smart...

My son sat here on his iPad, VNC'd on to his windoze PC that is up in his bedroom...
Selects a video on the PC, and it has "Play to ->" which lists the TV!
Click and TV is playing video!

Cool or what...

Sunday, 12 December 2010

Bah, humbug!

Well, it is that time of year.

TBH, Christmas is a time where customers do not hassle me for days on end and I can get some real work done :-)

But it is also a time for presents. Basically, this means, things you might get for kids because it is nice are delayed until Christmas. Any other time of the year if the kids wanted something or I felt like getting something, that would happen. But in December things are delayed. Kind of odd arrangement. Birthdays are a bit like that too.

I would rather give gifts when I have reason to or can do so, and make any day special. It is more of a surprise. More fun.

Of course Christmas is also a time for finding a fucking huge corporation tax bill, just a month before a nice big personal tax bill. Perfect timing for spending extra on nice things, not! The fact the accountants have dragged their heels for 9 months and so I am not sure what I owe does not help either. Arrrg!

So, Merry Humbug :-)

Thursday, 9 December 2010

Make life difficult, or what!

I think I have the new VAT rate change worked out...

The logic is simple, and always has been simple.
The VAT rate applicable is the one at the tax point.
Suppliers can, optionally, bill in advance and split on the date of VAT change, but they do not have to, and it is the suppliers choice.

So, for 1st January invoices that are for services for all of January, the VAT rate is 17.5%. Simples!

Unfortunately the Finance Act adds some extra confusion. In almost all cases that does not cause us a problem, but I think it does for a few of the invoices.

Basically, if the customer is a connected party (i.e. family member, a related company, etc), and they cannot reclaim VAT, then they have to be charged a supplementary 2.5% VAT on the period after the VAT change. This also applies in some other cases such as invoices over £100,000, but that is not an issue.

So, for the most part the invoices are as normal, and no problem.

However, I expect I'll have to charge my parents a supplementary 2.5% VAT from 4th January until the next full moon (they are invoiced every full moon). I probably should try and work out if employees count as "connected parties" too. That is assuming being parent of director of the company makes them "connected" - I'll have to read another Act to check that, or maybe I'll just email HMRC...

Why the hell make is so damn complicated? Arrrrg!

Wednesday, 8 December 2010

Practical experiences with IPv6

OK, now we finally have boxes that will allow us to deploy IPv6 sensibly in SMEs. (No, not DSL routers with IPv6, but our new FireBricks) - we are keen to start getting some practical experiences. There are some DSL routers on the horizon, but we have seen some very special routers for IPv4 so what they will do with IPv6 and how configurable their firewalls will be is anyone's guess. The FireBrick we can control and we can make it work sensibly!

This is not directly a technical exercise. The technicalities we know pretty well, having used IPv6 ourselves, and sold it to customers, for 8 years or so. It's the experiences of how to tackle the things everyone has forgotten about. How well old machines cope with dual stack. What management think of the problem. Etc, etc.

It is also about the practical experiences of selling the idea to companies. Right now there is not much internet you can't get on IPv4. A NATted connection gets you most things - as an edge connection rather than being part of the internet as such. IPv6 offers more, but in most cases, right now, it is not offering things people know that they need. We are at the start of the problems now, and they will gradually get worse over the years, but at what point does IPvb6 become the obvious solution for people, rather than a contingency?

We do have some technical things like VoIP. I am working on making our SIP server mix IPv4 and IPv6. At present it does IPv6, but only works to other devices that understand IPv6! Once we have that sorted, the plan is to understand how to deploy SNOM phones. Sadly SNOM are being totally thick here as (a) they make a s/w version that is IPv6 only not dual stack, and (b) they do not pick up an address by RA or any other means - you have to manually set some how - arg!

I think non NAT VoIP deployment using IPv6 is a leading application. People are starting to deploy VoIP more. NAT is a pain in the arse for VoIP in many ways. The best way to solve it is non NAT. That will be harder to get on IPv4, so non NAT IPv6 phones on a LAN makes sense. It could make IPv6 a must have when deploying VoIP phones centrex style.

So, fun times ahead.

Sunday, 5 December 2010

Soul of a new machine

Well, FB2700 is racing forward and we have them for sale now. I should have a large pile of the by end of the week :-)

The staff use ones have managed to highlight several opportunities for improvement (as bugs might be called) and they have realised (aka fixed).

Much to do, but the more people we can get using them in anger, the more feedback we get...

Saturday, 4 December 2010

In game pocket money?!

OK, had to post this, sorry.

BT CRM (Ian) has kids (6 & 7) and they play WoW, and they apparently want in-game pocket money, i.e. world of warcraft gold (as well as real life pocket money, obviously).

What is the (virtual) world coming to?

Well done Ian!

Friday, 3 December 2010

Summer time all year? WTF?

OK news on BBC suggesting it is again being considered.

Sorry but that is just crazy. TBH the change of clocks is a pain, but we all cope with it. So some reasons not to fuck about:-
  • Unless we make working days shorter it will be dark one end or other of the day in winter. That is tough. Changing the clocks does not make more daylight. Darkness causes accidents and problems, but tough. This won't be solved be renaming the hours of the day - it will just move the issues around.
  • Changing clocks is a pain. I have spent a lot of time on software development related to this in every system we have in the company. Man months of time spent/wasted to allow for clocks changing. But we cope. We have systems that understand 23 hour days and 25 hour days. We do better than some (BT!) in sending correct times on XML messages. It would all be a lot simple if clocks did not change.
  • But clocks not changing does not mean UTC+1 for the year - that really is fucked up. When the sun is overhead in Greenwich the time is 12:00. That is the way we decided to name the hours of the day. It makes sense - it is the middle between one midnight and the next. Living in UTC+1 in the country that defined the clocks in the first place is just madness.
  • At the end of the day, what we call the hours is not important. If we think there is a benefit in people going to work and school earlier, why not do that. You do not have to change what we call the hours of the day. Yes, it would not be universal. Make schools an hour earlier and some offices and shops will follow and some will not - excellent. It would spread out rush hour on the trains and roads. That alone means fewer accidents and problems.
So my preferrence is UTC all year, and schools starting earlier.

TBH I bet I have a lot of code that will in fact break if we were UTC+1 and no DST. It would cost me to make that work, and I am a small business. Imagine someone the size of BT changing all their systems to handle that. We are lucky we are based on UTC as lots of stuff is hard when not on UTC. DST is a problem, but UTC+1 all year would be a lot more work.

Thursday, 2 December 2010

The end is nigh!

Well, IPv4 is running out as we know. What is interesting is that we are actually going for a bit of a rush at the end with blocks being used up faster than expected. Four blocks in November. We only have 2 more to go before we are at the end and some ceremonial handing over the of the final 5 blocks from IANA to the RIRs. It may even be before Christmas, but will certainly be soon.

The question is, what does this mean, to you and me or the man in the street?

Internet Service Providers
There are people that actually use IP addresses, where they are a day to day resource. ISPs like us. But even in a small organisation like A&A the allocation of IP is some obscure thing done by someone (me) every couple of years and not a day to day issue. The people on the ground can assign IPs using the systems and no problem. The issue is that I will probably not ever get a new block, or at least one of any useful size, from RIPE for IPv4. I might. It is possible we run low in the next few months and RIPE are not on a "last /8" policy, and we can get more, but unlikely. If I don't have a new block of IPs now, my next block will be a /21 at most (2048 IPs) and that will be it, for ever!!!

So ISPs will be hit soon - running out of IPs, and if they have any sense they have a plan for this, but do they?

Hosted servers
People host servers with ISPs (hosting companies) and expect that they get at least "an IP address" as part of that, if not several. That will stop. Well, it will stop being simple. You have a server (with web site, email, whatever) and you may find you cannot get an IPv4 to use with it. What then? IPv6 only servers? Port mapping? Paying through the nose for IPv4s?

Whole countries
Some countries are embracing IPv6 and already have some IPv6 only services. To deal with such countries even now you have to have IPv6. This will get more widespread.

End users?
For most end users the end is not nigh yet. They have IPv4, even if NAT and NAT and NAT (By the way, NAT is evil!). But I foresee problems. They will be all sorts of niggles and annoynaces. Things not quite right. Stuff not working. The big things - google and facebook and twitter - will be fine, but some things won't be. It will gradually get worse and worse. Only once end users have IPv6 as well will there be some light at the end of the tunnel and some things "just work" over IPv6. But when can they get that, by default, from cheap ISPs?

Businesses?
Business will be the ones that actuall need working internet and for which the increasing problems of NAT, and IPv6 only services, will hit them financially. Any business that uses the internet (who doesn't) and does not have a plan for IPv6 will lose out - end of story...

Crime!
There has to be some crime. IPv4 is becoming a valuable and scarse resource. That has to result in some crime. We are not sure what or how yet, but it will happen. What would you do if someone stole your IP addresses?

AAISP
Even we have some bits not quite right. We have done IPv6 for 7 or 8 years but find snags even now. Our VoIP will be sorted over the next few months. But we are committed to making this work. We can support you as a business in moving to IPv6. OK, yeh, shameless plug, but what do you expect...

Wednesday, 1 December 2010

Government meddling

One of the issues that came up today at the ISPA conference was various sorts of government meddling. As I say, I am not convinced MPs have any clue on the technicalities, but it goes deeper than that.

Super-fast broadband
We have an aim to be the best super-fast broadband in EU. But to be honest that is daft as there are countries taking it more seriously (fibre to every home) and smaller countries that can do it more easily. It is probably a good aim to have some level of inclusion in the technology in the UK. It helps if everyone has internet access just as it helps if everyone has a phone or a TV. If we have a sensible minimum level of technological inclusion in the community and it makes it easier for business and government to interact with the population at various levels.

The problem is one of defining a good internet connection in any measurable way. The last government were aiming just for last mile access speed (ADSL sync in effect) of at least 2Mb/s. As I saw today, asking where that 2Mb/s goes to, for how much of the day, and for what cost, just confused people. But you can't just say it is 2Mb/s to BBC iPlayer for example. You have to qualify that. When is it 2Mb/s - all day? or "whenever someone wants it"? If you go for all day then BBC suddenly need population times 2Mb/s links and huge links in to ISPs that will never be used else we have not met the goal.

If you dumb down the goal then you get typical consumer internet access, where 2Mb/s line rate may be anything from 100Kb/s data transfer at peak times to 2Mb/s at 1am and never very quick for bit torrents. Such services have a place though. It is these that are the cheap, entry level, services that allow people to get on line and have email and web pages. But they do not, on their own, achieve the goal of good 2Mb/s internet.

So you have to allow competition. Can everyone get internet? Can anyone that wants good internet get it even if more expensive? For that you need infrastructure that is open to all ISPs and can be un-congested if they ISP is prepared to buy enough interconnect. People like BT will not even agree a target of an un-congested network so would never agree to guarantee one. BE-Wholesale seem happier to consider it a target. Even if not a guarantee, you need carriers that accept congestion as a fault and will take action to increase capacity. Thankfully I was able to make this point to BIS to consider in their specification for super-fast broadband. Who knows if the comments hit home?

Monitoring and blocking
We know the government like to snoop and meddle. We have the last lot endorsing IWF filtering and even considering legislating (even though the IWF block list only aims to stop people accidentally finding illegal content, and only on web pages - it does not aim to stop abuse or people accessing it if they want to). See cleanternet.org

We have the DEA with the possibility of technical measures in the future to restrict or block some or all internet access to someone that has not been convicted and not even directly accused of any crime or civil wrong doing, over copyright violations which may be mistakes or the actions of a third party. As one person made a good point today, legally I am not responsible for other adults in my house - I may have some responsibility for children and pets, but not my wife for example. I cannot be punished in law (criminal or civil) for actions of my wife. But the DEA aims to do just that - with many (most?) internet access having some sharing by people in a household, someone will be punished for the actions of another if technical measures are taken.

The DEA is flawed. It has serious holes that make it easy to bypass, not least of which is the customer simply getting a migration code on recieving the first letter. But it is a stick, which can never work. You need a carrot. People will be able to transfer files covertly - there are some serious innovations in anonymous encrypted mesh networks because of this challenge! If anything this is driving some clever network designs but not stopping copying. No stick can work, but more importantly, even if a stick did stop people copying (or your stats says that has happened as you can't see it now) you don't make more money for the rights holder, and that is what matters. If someone copies a song, or not, is not what is important to an artist, what matters is not being paid for it. Just stopping the copy being made does not help and just means the artist becomes heard less. What you need is a carrot. Make it easy to get media cheaply and simply. Try and change business models to avoid reliance on control of copying, which is fundamentally impossible now. Trying to enforce a concept based on a time when you could control copying is doomed to failure. So media companies, artists, creators of content - find new models. People want what you make so there will be a business model that fits even if not as profitable as the old way.

Of course now this government is also trying to resurrect the interception modernization programme. They want ISPs to log communications data - who you are emailing, including every spam you get or is sent in your name. The concept is flawed. People can get around it. Bad people will. It is well documented how to bypass monitoring and this is necessary for people living in oppressive regimes where the governments snoop on everything and take action without legal process (yes, I know the UK is starting to sound like that). The cost will also be huge. The data will be meaningless (think how much spam you see), and that is before people try to poison the data with fake emails and calls.

Net neutrality
We then have the non story of the end of net neutrality - even though it never existed, and the strange concept that "no service should be blocked or disadvantaged for commercial reasons". But I co-locate my email servers on my network, for commercial reasons, disadvantaging competing email servers. That is how it works. Forcing ISPs to run independent networks to slow down some traffic, and not to peer with other providers but all go via a common neutral transit provision is madness. No, that is not what they are saying, but try and define a law on net neutrality that does not have that implication?

Encouraging growth
All the time we have the complex and expensive and damaging suggestions, the government wants to grow the economy, encourage ISPs and create a digital Britain. They have it backwards. ISPs need freedom from meddling.

It's all messed up, IMHO.

Grr, MPs with no clue

Ok, drives me mad. Politicians with no clue on the technicality.

We have had comments on net neutrality, but not understanding the issues.

And a shadow minister in ISPA today talking about the now defunct idea of 2M minimum broadband.

I asked "where to?". I had to explain, that it may be 2M at the end user, but where is the other end? 2M to germany, to US, to where?
She said to the exchange. Ok, so I said that 10k from the exchange would be ok?
She did not understand as you said show me an exchange with only 10k.
I asked again, what was the commitment?
She said that the smallest link in the chain has to be 2M

Sadly I did not get to debate more. 2M at the smallest link in the chain is meaningless anyway. For a start, does that mean I can run a million 2M lines on one 2M backhaul and that is fine? Does it mean that every web server in the world must have a 2M link, else they are the smallest link in the chain?

They simply do not understand the difference between the speed of one link such as a broadband line, and the usability of the intent as a whole and all of the components. They also do not understand contention or congestion...

Yet they make laws!

Tuesday, 30 November 2010

Where did the internet all go so quickly?

A further 4 /8's have been allocated in November it seems, so we are down to only 7 /8's left. I understand that when we get to 5 the RIRs get one last /8 each.

This could mean we are literally weeks from an empty IANA pool of IPv4s.

Whats the betting IPv4 will run out before Christmas!

Monday, 29 November 2010

LHR arrivals borked

So wife coming from Cologne...

Their departures web site says not left. Now 18:51...

LHR web site still listing arrival scheduled 18:40 !!!!!

WTF. How thick is that?

Come on guys, join the dots... It is after the expected arrival time *now*, so asserting on schedule for a time in the past is pretty brain dead.

At 19:13 LHR still list as expected 18:40. Who wrote that FFS?

Saturday, 27 November 2010

Time for a new DNS system?

What with proposals by SOCA to be able to shut down UK domains without any conviction, we now see this already applies to ICANN based domains. See article.

So, how long before we need a new type of DNS that is somehow designed to avoid any possibility of central control or censorship.

I am sure it must be possible, but it is hard to come up with a way of creating records that are unique without a central body or some sort of delegation. Mind you, we managed it for newsgroups!

I am sure it is possible somehow.

Clearly governments cannot be trusted.

Friday, 26 November 2010

Don't use Nominet .uk domains any more?

[update: my post below is a tad confrontational, and itself somewhat knee jerk. Alex Bligh has produced a much better worded article on why this is so wrong]

Well, we have always been very keen to promote .uk domains managed by Nominet. The contract was always very clear, the domain owner was protected from stupidities of the ISP they were using, the registration process was quick and easy, and the prices were sensible. We liked UK domains and supported Nominet.

But to be honest the extent with which Nominet are colluding with big brother is now making me very concerned.

The latest news suggests proposals that any .uk domain where there are "reasonable grounds to believe they are being used to commit a crime" such as "a request from an identified UK Law Enforcement Agency" could be instantly suspended.

This is mental!

Many popular .uk domains are used to commit a crime. You can guarantee that someone somewhere has used google.co.uk in some way to commit a crime. And of course, hotmail.co.uk will have been used to commit a crime every time anyone sends an email that someone in the country could find menacing (even if the recipient does not).

Bear in mind that many company web sites still fail to include all of the correct details as required by the Companies Act 2009 - that's a crime, so all of those domains could be instantly taken down stopping not only the companies web site but their email and any other services using the domain which could even include their phones these days!

You may think I am being silly here - but when we have a system that can convict someone of a joke on twitter, you realise that perhaps I am not. It's a good thing that twitter don't use a UK domain or proposed laws like this could have taken twitter down completely. You have the crazy situation where someone could complain that an email they got could have been menacing to some hyperthetical older couple and that means the domain used for the email could be suspended as it is used to commit a crime.

Bear in mind the police do not want to investigate and prosecute these frivolous crimes, so requesting Nominet take the domain down would be a quick and easy way of dealing with a complaint from the public.

It is like saying that BT should turn off a whole telephone exchange if anyone uses one of the lines to commit a crime. The implications of suspending a domain can be much more far reaching than just a web page.

Of course some people with no clue (such as many politicians) will wonder why I am ranting on this - surely this is a good thing as it helps stop criminal activity. If they really think that some web site that the establishment don't like will go away because their domain is suspended, they are totally round the bend. The fitwatch example given, using a UK domain to point to a US site would simply be on a .com domain, or a .cx domain or any number of other domains around the world - or better still on a direct IP address URL. I have already said how the whole concept of domain names is diluted now, with people using twitter and facebook namespaces as well as saying "search for xxx". So many people are not using domains now. Changing a web site from one domain to another has effect as fast as the search engines pick it up. So this suggestion is pointless.

Like so many uninformed knee jerk reactions, it has no effect on any crinimals but has huge scope to damage letitimate domain users and companies. Actually, no effect is not true - it creates publicity for the criminals.

If Nominet go ahead with this then we'll stop doing free UK domains with our DSL and start recommending customers use other registries. Nominet should be explaining the complete futility of such proposals not agreeing with them.

I'd love to hear Nominet's side on this one. Lets hope this is just bad reporting and I am wrong about this.

3D WoW?

You can get computer video cards which support 3D. These allow the game to set up two frame buffers for each point of view (left eye and right eye) from the same scene, and alternate frames to the monitor. They also drive 3D shutter glasses.

This does however mean an expensive video card and expensive high frame rate monitor. The good high resolution monitors tend not to have the necessary frame rate.

However, games could do something different. With just a simple software change they could generate a split screen where left and right eye are side by side on the display. This would work with any video card. If they do that, then you can play on your 3D TV. The TV will split the two images and drive the glasses just the same as a feed from Sky or BD. Many games on consoles already do split screen for multi-player - showing a different viewpoints for different players.

WoW, in 3D, on a 55" HD 3D would be moderately cool!
Even if only possible when my wife is away...

So, Blizzard, please can we have a 3D TV mode for WoW? It's a very simple s/w change...

Thursday, 25 November 2010

3D

Hmmm... 3D TV and Sky TV, and now I see how some of it works.

First off, yes, the 3D effect works - there is depth. That is the plus point... I seem to be able to watch live football in 3D! (I don't watch football).

Now for the crap...

1. It appears that there is no signal to tell the TV that the feed is 3D - you have to turn on and off 3D mode on the TV. It is thankfully one button. And to be fair you have to put glasses on, so that is not so hard. I think this is a limitation in the Sky box not telling the TV it is 3D to be honest.

2. It appears that a 3D feed is just a squashed picture and another picture on the same frame. I.e. it is not actually two full HD pictures, but two half resolution pictures. Con or what?

3. It appears there is clearly no standard for that, as the TV has top/bottom or side-by-side modes. Sky seem to send side-by-side. So if you watch Sky 3D on a normal TV it is just two images width squashed, side by side on the screen. Seems you can get 3D for free too, so you can try that on a normal TV for a laugh. Arrg! The TV forgets the setting...

4. The TV, a nice (expensive) 55" Sony, is fine I am sure, but I can see the flicker with the active glasses. I expected that this might happen. I have yet to see if I can get used to that. We'll see.

5. This crazy way of sending two pictures for the price of one does have the side effect that existing kit will just work as it is not aware it is doing 3D, just a rather odd picture. So it will just work with a blue ray player, or whatever, that has 3D.

6. The sky box has no clue it is 3D (see above), which means the menus, and the pause logo, and so on, are all seriously screwed up. The sky box needs to know, and to display its menus half width on both sides. I am sure that would be easy for them to do, but they have not done it. Doh!

So, not entirely impressed yet, and shocked that 3D seems to be technically a bodge on normal HDMI.

Monday, 22 November 2010

Company bike

Well, we may not do company cars, but we do company bikes, and I have a nice new one now...

I have actually gone for the classic with 3 speed as I only use 2 gears anyway, and the 5 speed caused too many problems.

But I have gone for the non standard hub dynamo/brake set on the front as the rim dynamo was a pain.

So, well chuffed.

Wednesday, 17 November 2010

Two speed internet

Sorry, but WTF.

Quotes from BBC "It paves the way for an end to "net neutrality" - with heavy bandwidth users like Google and the BBC likely to face a bill for the pipes they use." make no sense.

I, as an ISP, can, right now, go to the BBC or google and say "we will not pass your packets to our customers unless you pay us". I believe ISPs have tried this before.

I, as an ISP, can, right now, go to the BBC or google and say "if you pay us some money we'll make sure your packets get priority over our network to our customers".

This has always been the case. It is a simple commercial decision.

It is also a simple commercial decision that the likes of BBC and google say "no problem, we'll stop sending packets to you". As an ISP it is simply not sensible for me to try and offer a service to my customers that does not have the BBC or google. They know that. I know that. So simple commerce works and we don't get paid by BBC or google.

Equally, if the likes of BBC or google came to us offering us money for priority access to customers, we could consider it. TBH, the way we run the network it would not help as we aim to have uncongested links, and so "priority access" for be the same as they get now - but that does not mean I would not take their money and mark the packets accordingly.

They say "It paves the way for an end to "net neutrality"", but I am not aware of anything that provides "net neutrality" now? So what is ending?

We already have people that pay money to join peering points, or pay money for direct links to us, and cases where we pay money for direct links to other people, so as to provide a better service for our customers. A prime example is direct links to VoIP providers as we sell VoIP to our customers and want that to work well. Someone doing VoIP with some other provider does not have the benefit of that direct link and so inherently gets a worse link (though not that it matters as we aim not to run any links full).

They say "In the US, President Barack Obama has backed net neutrality - treating all traffic equally - and regulators have threatened possible legal action against ISPs that block or restrict access to sites.". They say "Internet Service Providers (ISPs) are supposed to treat all web traffic equally". But I am not aware of any UK laws which insist on this. It would be interesting if there are such laws, after all, almost all ISPs are "blocking" accesses to all IPv6 only "sites" at present, and if laws say that is not allowed then we have legislation for IPv6! If such laws exist then the IWF would be outlawed for a start!

Maybe I have missed something - I am sure someone will post a reference.

Tuesday, 16 November 2010

NAT Hit Squad

My son suggested that someone should start a fund that can pay for the hit squad to take out anyone that ever suggests NAT for IPv6 :-)

IPv6 and Trading Standards

Well, one of the fun comments at 6::uk launch was the idea that you cannot call yourself an ISP unless you route all IP protocols in use on the Internet, i.e. IPv4 and IPv6.

Well, that got me thinking. Read the box on the average router and it says things like "enables you to access the Internet" (I was reading a ZyXEL router box).

But what is "the Internet"? Well it clearly includes more than just IPv4 hosts now. There are parts of the world you cannot access if you only have IPv4.

One idea was an "IPv6 ready" or "Internet HD" type product marking to get router manufacturers to make it clear they handle IPv6, but maybe we need a stick as well as a carrot.

Would trading standards get involved in telling manufacturers that unless they clearly mark products as only able to access the "old Internet" then they will be taken to court for mis-describing their products?

Just an idea.

Saturday, 13 November 2010

Saturday

Cross with myself today - weekends are one of the few times I can get some work done and I have wasted today watching TV...

Friday, 12 November 2010

Twits, again

OK, I wonder.

The logic is that someone (an "older couple") could happen on twitter the day before they fly, see the suggestion that someone will blow up an airport.

Apparently this theoretical case is enough to get someone convicted and lose an appeal. It is a criminal offence.

So I think I need to make a script to grab the re-tweets of this. After all they meet the criterial for criminal charge, clearly.

Then, putting details of each, I make a letter on a sheet of A4 to local police.

And put 1,000 of them, or maybe 10,000 of them, on the door step. All asking for a reply confirming action will be taken or an explanation of why not action will be taken.

If the original tweet is a criminal offence so I am only doing the right thing by telling local plod of other cases, after all. Being a responsible citizen and all that.

And as it is like a couple of reams of paper and ink, why the fuck not?

...

Actually - are the rules not that if you see a crime happening right now, i.e. in progress, you should call 999? So everyone go to go to twitter and search for the bomb threat (i think #iamsparticus) and if you see one call 999 - "crime happening now - someone is sending a menacing message via communications system".

Stupid software

I have to despair at the state of consumer software these days. Nothing "Just works" any more.

Gone are the days when a car just worked or a toaster just worked or even a fridge.

We have air-con here in the office that is just plain stupid. One has an "auto" mode, i.e. set a temperature and heat or cool as needed - except that (a) it must have huge margins as it will sit there heating until way above the set temperature. You have to manually change hot/cold. (b) It is not bright enough to just turn off when temperature is close enough - it just heats or cools and always blows air. The other has no auto mode, but seems to turn to "hot" even when set to cold some times.

And the alarm system at the office is just mental beyond belief...

The latest really annoying thing is my camera at the house. After a s/w upgrade it is finally recording events and videos properly again (via NFS) but has randomly started emailing me to say storing images is taking too long. Well, it is very comprehensive software and has settings for this - and I turn them off, and yes - it still keeps emailing me every time a cat walks passed the house or some such.

WTF can people not make stuff that "just works"?!?!

Our favourite telco at it again

Well, a warning to other ISPs - check the burst charge billing!

We have a link to our favorite telco which has a "commit" level. I.e. what we agreed to pay. If we go over that level, even once, then we pay extra for the whole month!!! Yeh, fair?!!

So we run shapers to manage the level carefully, and specifically buy more committed capacity when needed. We have complex systems to ensure that if we do ever hit the commit level (as can happen occasionally) services like VoIP work well, and customers paying for premium service get better throughput, and, importantly, that we know it is happening so we can order more. We even publish how well we are doing!

Now, just to be on the safe side, and avoid them shaping traffic in a somewhat cruder way, we also request they cap the service at a level 5% above the commit. They charge if we exceed the commit, and charge an even high rate if we exceed 5% above the commit so setting at 5% seems sensible.

Well, we have have spotted some new incompetance from them. They are charging (quite a lot) for burst traffic. It should not happen, but I suppose if we have a problem one day or a line is on the wrong LNS and uses lots at a peak time, or something, it is just about possible. If that was all it was we would be simply checking all our stats to confirm if we have a mistake.

But the numpties have only gone and charged us thousands for "over 5%" usage even though there is a cap at 5%. I.e. no way we should be able to exceed the 5% ever!

Needless to say this just proves their metering is flawed and we are disputing all the burst charges.

Arrrrg!

... To be fair - they are looking in to it and agreed it should not have happened.

Twits

http://www.theregister.co.uk/2010/11/11/twitter_joke_appeal/
Link
I am appauled at this. Someone makes an obvious non-threat and gets convicted, and now lost on appeal.

The conviction was not even for making the threat but for a telecoms act breach of sending a menacing communication!

It is crazy. I am speechless. I am updating the text on the top of this page "just in case" now.
Maybe twitter can be made safe by adding something like "If you find any words or pictures menacing, read no more." to the top of every page just in case too?

... follow up.

Serious question - thousands of people have and are re-tweeting the same threat. They are not a credible threat, but neither was the original. All suffer from the same "what if some fictitious older couple due to fly from that airport looked at twitter". Exactly what excuse have the CPS got for not prosecuting every one of them?

Thursday, 11 November 2010

Yes NAT is evil

Well, I am at the 6::uk launch and it is really reassuring to have a speaker from RIPE telling us how evil NAT is...

When you consider that RIPE are the people that allocate IP addresses to us, they are exactly the sort of people that would like to reduce how many IPs we need to take from them. Clearly they do, but not at the cost of having NAT..

Ooh, and Vint Cerf is very keen on not using NAT as are Comcast...

Tuesday, 9 November 2010

Toast

I can guarantee not to find this in Vegas...

Thick cut tiger loaf, toasted
Real butter (not some strange stuff like whipped cream)
Marmite XO (ooooh, yes!)
Smoked Applewood Cheddar
Jamaican Jerk seasoning

:-)

DEA under attack!

Looks like the Digital Economy Act is under attack!
Well done BT and Talk Talk and good luck.

Monday, 8 November 2010

RevK TNG

Well work is well under way - my son has been working for us for a while but is now under intensive personal training in s/w development and C coding specifically... We are paying for one-on-one training 3 days a week for him now...

So real soon now he'll be doing some C coding for the company... Be afraid! Be very afraid... :-)

And no, it won't all be javascript and JQuery, honest... Yes, he is to blame for new number management pages and current ordering system, but he is learning... He is getting better... We can build him - we can make him better, stronger, and more gcc friendly... He already reads xkcd and dilbert... Nearly there...

Already he edits his HTML using vim - I mean... what more could a father ask for?

P.S. He met his first computer at the age of about 30 seconds. The nurse could not work out what was the TAB key, so James-in-arms, I was explaining...

Thursday, 4 November 2010

Marmite XO

Unlike my neighbours in unit 4 the yanks seemed to not understand "toast" or critically "marmite" at all... (or how to spell neighbours).

Well, back home, have proper toast. In the hotel it was inch thick bread that was reall heavy "sour do" or is that "sour dough" made a tad crisp each side on a hot plate. FFS

And as for marmite!!! Even Singapore could handle that, but not the yanks...

Anyway, back home, and my lovely wife had got me some marmite-XO. That would blow their minds.

I'll report on what it is like later...

P.S. LOL BBF date Jan 2012. How does it have a BBF date at all.. it would be XXXXO that is all!

Personal information

I know there has been discussion over the idea of an IP address being "personal information" under the DPA (Data Protection Act) and even that a phone number (on its own) could be considered personal information.

It seems a tad odd to me. I understood the idea was that a data controller has to be able to associate the information with a living individual to make it personal information, and to my mind neither of these manage that, generally. Yes, for a phone company, the phone number they allocated, given that they have access to their customer database, is personal information as they can do that association. But to the general public or some other company, a phone number on its own is surely not personal information.

The reason this came up recently was location services for mobiles. It is technically possible to locate a mobile by number. But is that number and location "personal information", i.e. does someone offering such services have to go through hoops to validate that the phone user is happy for the location to be given to someone else? (I know, morally, they should, that is not my point).

I would say the number alone is not personal information, and neither is a location within several hundred metres even when in conjunction with a mobile number. Neither, nor both, allow a living individual to be identified or for other data to be obtained from that information so as to identify a living individual...

But I have a feeling the ICO have a different view on this.

So I wondered...

I could take a list of first names, and a list of surnames, and even a set of dates of birth. A name and date of birth together are usually considered to be "personal information". I could make a table giving every combination of such a unique reference number. This could be expanded to have even more data to make it that a number in my table can link to enough information to relate to a specific living individual.

I then have a database which is no different logically to the database a mobile phone provider has associating a name and a number together.

But the number I use is, say, an 8 digit number.

Now, anyone that happens to have 8 digit numbers in a database of their own has something which I could map to a living individual. Just like a mobile company could make a mobile number to a living individual (bill payer, if not user).

Do does that mean anyone with such numbers have to treat then as personal information now? Just like a phone number? They have as much ability to convert the number to other data, like a name and date of birth, as they do a phone number - i.e. they can't...

Perhaps if I make a list which maps to letter combinations. Could the words in the post now become personal information because somewhere there is a mapping of "the" to "Fred Bloggs, 1st Dec 1947" in some database?

If not, then surley a mobile number, and even an approximate location, cannot count as personal information. As such someone could offer mobile phone lookup services with no DPA implications?

Yes, being devil's advocate here... comments?

Wednesday, 3 November 2010

Interflora are incompetant!

20th wedding anniversary - ordered flowers. Paid extra for morning delivery...

No show!

Now my wife thinks I forgot or something.

I think "time is of the fucking essence" is there by default on things like that.

Not amused.

Saturday, 30 October 2010

Namespaces

We are seeing interesting changes in the namespaces that people use. No, I do not mean XML namespaces (that really would be a bit geeky to post even on my blog). I mean more generally.

On the internet we are familiar with the idea of domain names. They are used for web pages and email and so on.

Domain names have a number of challenges. The fact there are many top level domains and not just one that applies for a specific application. The original concept was to segregate the different uses, e.g. .uk for UK domains, .org for non profit organisations, etc. But the whole think has got complicated. Some countries exploit (why not?) their country code, e.g. .tv for TV shows. Some people get domains in the wrong top levels (e.g. non ISPs using .net domains). And then I even see normal companies with domains within .uk.net which is so wrong I don't know where to start.

What is also interesting is the way domain names have changed from a simple entry in a register and the associated NS record in the DNS system, to a valuable resource which comes to the attention of governments. The UK has recent legislation governing the way domains are managed so that they can, if they wish, step in to manage people like Nominet (who manage most of the .uk space).

But it is moving too quickly for governments, and in fact, government meddling just confuse things more. If the .uk name space gets tinkered with by government it will simply means people will move to other name spaces.

We are seeing them emerge already. People use twitter tags, and facebook names, and so on.

I even saw, today, a TV advert for a car. A Toyota Highlander. The obvious web site name to quote would be something like www.toyota.com/highlander. In fact, it is the right web site for details of that car (I just guessed it). On the TV advert they have youtube.com/highlander. It has a slightly amusing extended advert as a video.

So this shows that the advertisers decided the youtube namespace was the one to use for their advert not the domain name name space. Yes, you have to use domains to get to youtube.com (for now). I have also seen adverts saying to search for X or google for X rather than quoting a web site. The number of people I see typing a URL in to a google search box is scary (I bet google have stats for that).

The government has no control over all of the namespaces. They may legislate to get involved in Nominet, for example, but so what. They cannot control all of the namespaces that will be used, and become important resources for UK industry. So one wonders why they even try...

But then the government want to snoop on our internet traffic anyway and you wonder why they are bothering with that anyway.

How to get ripped off in Vegas

Always check the price...

I managed to lose the eyecup for my camera - it is the bit that fits on the viewfinder. Its a bit of plastic and slightly cushioned surround.

I did not actually look at the price, but as I needed it I paid it anyway even when they rang up $75 (about £50).

I just checked, and as I suspected, in the UK you are looking under £10 for this bit of plastic even with a Canon logo on it!

Grrr.

Friday, 29 October 2010

XML for dummies

Is there an "XML for dummies"? I must get a copy for our favourite telco.

Once again, it seems, they have a simple text substitution in an XML message they pass on where they add our company name and forget to escape the &

How does a big company make such basic errors?

Thursday, 28 October 2010

Fun in Vegas

Well, it was a good start when Sandra put her first bet of $5 on 13 and won... But by 2am, after countless comp drinks, the four of us walk away from the table some $200 up between us. I think that was a good evening entertainment and good value. Viva Las Vegas!

Wednesday, 27 October 2010

I never had a big brother and don't want one now

As the eldest I did not have a big brother. I don't want to get one now. However the new government seem to be trying to resurrect expensive, intrusive and pointless snooping legislation in the Interception Modernisation Programme (IMP).

1. It is very costly to do what they are proposing - and will mean huge investment in equipment to snoop on normal people and to store the data. This has to be paid somehow, either by tax payers or by ISPs and hence ISP customers.

2. It is risky storing all of this data as we have seen both government and private companies finding it increasingly difficult to make data storage secure. To get it right just adds to the costs.

3. It is not just for terrorism and serious crimes - this data can be used for anything, and could be used to seriously invade peoples private lives.

4. It is totally pointless as anyone that actually wants to do bad things will be able to easily avoid the snooping. Encryption is standard on lots of systems from email to chat and criminals already know how to use overseas servers and secure encrypted access.

5. Every spam will be logged, but the content will not be so you won't be able to tell it is spam, so the data will not actually be useful in any court case as it could be spam. It will be difficult if not impossible to sort the meaningful data from the noise. And then there is the very real possibility of people generating huge amounts of fake data for the fun of it and to break the system.

As an ISP we expect to fight this. If the wording is as bad as the data retention directive it will be a doddle to legally bypass it even if that means running the break out to the internet in another country.

Tuesday, 26 October 2010

Really unimpressed with Bellagio now

So the wifi is broken because they appear to be allowing people to send IPv6 RAs on the LAN causing my machine to pick up an IPv6 (2002: prefix) and then having no routing.

What is really annoying is I have complained 3 days in a row now and not one reply!

How can they just ignore complaints from paying guests?

Crap service.

Monday, 25 October 2010

IPv6 vs NAT

There are many ways to make a networking protocol, and one of the key aspects of the protocol definition is the addressing. There are many ways to address the information (typically packets).

1. You can create a system where the data has a locally relevant address which defines some channel of communications. At the next hop there is a pre-set path for that channel to go to the next hop after that via some local channel. The target address in the packet changes as it goes hop to hop to get to the destination. The channel creates an end to end path. You can have many different paths across a network.

These paths could be pre-set or could be created by some other protocol. Examples of this are protocols like ATM and even TDM (phone calls). It is a separate issue of whether the data flows continuously at a pre-defined rate (like a phone call) or has some dynamic bandwidth (as ATM can do). What I am talking of here is the addressing system being used.

2. You can create a system that has some hop by hop local addresses in the original packet. This allows each hop to work out where next to send the packet. Typically the packet changes as it goes to create a reverse path allowing a reply. This has the advantage that you do not have to establish end to end pathways in advance and can send packets ad-hoc. However, it does mean that the addressing is variable length and you have to work out the path needed to make the packet address header which depends where you start from. E.g. using some other protocol to find the path needed from where you are to where you want to get to.

3. You can create a system where packets are addressed based on a globally unique ID that identifies the target. The address stays the same at each hop. Each hop uses this target address to send the packet logically closer to the designation. Usually in this case the source globally unique address is included to allow replies. This has several advantages. Protocols to look up addresses can return the same final unique destination address regardless of where the packet starts. It is a good system and how IP works.


Another key aspect of a protocol definition is the way it works with layers. You have distinct layers that are responsible for different levels of communications. E.g. a low level that gets packets to their destination. Layers above provide session management and reliable communications with retransmission and acknowledgments. Layers above provide more complex protocols like web pages and email and so on. The principle is that you have well defined interfaces between layers and a general hiding of information between layers to some extent.


Internet Protocol uses the third type of addressing I listed. It means that every IP packet contains a globally unique final endpoint destination and source address. Internet Protocol also provides means for communications at higher levels to work (e.g. ICMP, UDP, TCP).

Some people have said that IPv6 is "throwing the baby out with the bathwater". IPv6 is indeed replacing the IPv4 layer. Everyone that looks at IPv6 can find one or other thing that IPv6 could also have done. There are many small niggles and problems that could have been fixed or improved in making IPv6 which is a shame. However it does address the problem with IPv4 running out of space. It is a big change, but gives us a chance to get rid of NAT now.

The alternatives being suggested, which are basically lots more NAT are a problem for a lot of reasons.

NAT breaks the basic principle of globally unique target addresses. It changes to a sort of ad-hoc connection based addressing one side. It also interferes with higher protocols like UDP and TCP. UDP cannot work as designed via NAT! NAT has to understand UDP and TCP and ICMP and make changes to that layer. In some cases NAT has to make changes at the layers above that even. NAT has to understand the way IP is used at various levels to work at all.

NAT breaks almost all innovation in protocol development. Nobody could make a new IP protocol (along side ICMP, UDP, TCP) as it simply would not work through any existing NAT router. You would have to change the software (maybe even the hardware too) for all existing NAT routers in the world to add a new protocol. You can't even rely on UDP and TCP working as they should and make new application level protocols without assuming NAT is in the way, which restricts what you can do or means changes NAT routers. People complaining about IPv6 seem to understand that changing every router is a bad thing, but that is what NAT is forcing when ever anyone makes a new protocol.

Also, the idea you can just NAT more and more for end user connections misses the point. For a start it creates resource issues for ISPs (processing power, memory for session tracking, and limited numbers of sessions due to port number limits). It creates huge traceability issues (history of every session needed). So it will not scale indefinitely.

But also this is not the only issue. What about when hosting companies have no IPv4's left and you want to host a new web server? You can't just NAT that side. You have to create all sorts of bodges. There are ways of doing it, but they create yet new issues.

NAT is an evil bodge that should never have taken off. Are we stuck with it? Probably for IPv4, but we can make a fresh start with IPv6. NAT and RFC1918 can continue to stretch IPv4 so that devices on local networks (printers, etc) can carry on working without change. But new applications can start to rely on proper IP functionality using IPv6.

Now, what will happen is that IPv4 and IPv6 run in parallel. Machines will dual stack with no problem. IPv6 can "just work" as IP was always intended. IPv4 can be carrier grade NAT'd and bodged and get increasingly broken. But we then have the best of both worlds.

We should be concentrating on making that happen. Making it seamless for end users when they next replace their router (typically small routers go bang after a year or two anyway). We need ISPs to handle the IPv6 side too.

We need any moves to create any sort of IPv6 NAT to be stamped on as soon as they are suggested.

Look forward, not back!

Sunday, 24 October 2010

Broken IPv6

OK, hotel wifi assigns an IPv6 address - woohoo!

Except it is:-

(a) a 2002:: address which is a tad silly
(b) not actually working

Arrrg.

I seriously doubt the hotel will have any clue if I complain...

P.S. I've emailed guest relations. I wonder how daft their reply will be. I'll post a follow up.

Saturday, 23 October 2010

Not impressed with Belagio, Vegas

How hard can it be if someone books and pays for rooms months in advance to actually have rooms that they booked when you get there.

No, they have to fuck about. And they are incapable of actually putting two rooms together. It makes me wonder why they bother building rooms with interconnecting doors (as these have) if they are incapable of actually putting two parties next to each other even with months of planning.

And then we have the wrong room keys. Just as well all on my card else that would cause problems. How we find that out is that the hotel wifi needs room number and surname, and surname did not match unless I uses my sister-in-law's surname.

Oh, and the wifi is $15/day extra

Oh, and not tea/coffee making facilities (though that seems to be the norm in US).

Thursday, 21 October 2010

Sticking to IPv4

Well, I am slightly surprised at the views of some people, one of which was a comment on my "Kick starting IPv6" post. Some people want to stick with IPv4!

Perhaps this is just resistance to change or being devil's advocate or trolling. I am not sure.

The reasons for sticking with IPv4 also made no sense - they appeared to be around wanting some basic fire-walling, which applies as much to IPv6 as to IPv4, rather than actually saying there was any problem with IPv6 as such.

Basically, IPv4 runs out. Running out comes in several stages, starting with IANA running out in a few months, the RIRs, then in various degrees ISPs running out.

So there will be no end of bodges and multiple layers of NAT and web sites on odd ports. Things will get less reliable on IPv4. Eventually you will get to the stage that web sites and other "services" start to work better on IPv6 or have less quirks or restrictions, and eventually some will simply "only be available on IPv6". Mapping systems to allow IPv4 users access IPv6 will be a similar level of bodge with limitations.

So sticking with IPv4 is not ultimately an option. Its like sticking with dial-up or sticking with analogue TV. Eventually you have to change, or put up with failing and inferior services.

Kick starting IPv6

One way to kick start IPv6 is to try and convince the likes of google to rank IPv6 accessible web sites higher than IPv4 sites.

They don't have to say how much higher or anything, just make it a published factor in the ranking.

I suggest they give the world a couple of months notice so people do not whinge, though no special reason they have to.

As soon as they do this we will have a mad scrabble to get web sites enabled on IPv6 to increase peoples rankings. There will suddenly be commercial pressure on hosting companies to provide IPv6 access (hence it would be nice to give a bit of notice).

Obviously these hosts would be dual stack for now, but it would make a big chunk of the internet IPv6 accessible, and would push deployment of IPv6 routers and firewalls and servers.

It is not the whole battle - you have to get consumers moved over too, but it is a big step forward. One side will have to move first.

So, google, please rank IPv6 hosted sites higher - simples.

Of course, if google won't do this we just need to start an urban myth / rumour that they already do it or are about to do it and are keeping it secret. The myths and rumours about search engine ranking are mad enough already this would be quite believable.

As someone else said, this close to Y2K we had massive take up and everything was "Y2K compliant" even toasters. We have almost no take up with domestic router manufacturers and are now only a few months away from trouble...

Wednesday, 20 October 2010

Technology testing ground?

Well, I popped over to our neighbours here in the industrial estate. Always good chaps for a chat and they are an excellent place to test technology!

The main things we can test is how well things work if you have a 10 year old computer running (or perhaps that should be "walking") IE6 still. It is also interesting to see how the internet behaves on an old (and slow) machine even when they are plugged to our offices for their connection.

Sadly I think they are finally going to be upgraded their computer systems at last. But they did give me some toast (and a banana) which shows they have one bit of technology we don't in our offices (a toaster). Thanks guys :-)

[Yeh, I did consider getting them linux'd up, honest]

Monday, 18 October 2010

Bastards!

Big rise in VoIP hacking lately. We can usually pick up on it and stop it. This is not automated (yet).

Sadly one of my customers was hacked, and we are charging him hundreds for the calls.

What really pisses me off is that, in an effort to help customers, if a call cannot route via one call carrier we fall back to another. Sadly in this case the other carrier cost us way more.

In fact, whilst we are charging our poor customer a few hundred, we expect to be paying nearer £15,000 for the calls.

I am not a happy bunny :-(

P.S. Nagios is getting quite a few more alerts added.

Saturday, 16 October 2010

Can I ask a question ... ?

OK, why do people do this? They say things like "Can I ask you a question about something?" Typically on irc, but even in real life some times. Worse, some times people just say "Can I ask you a question?" !!!!

I expect part of it is the use of the word can. In my mind that is asking if something is possible, i.e. physically possible, doable, can happen. I.e. "Am I physically able to ask you a question..." which is a daft thing to ask - only you know if you can, or not, and generally, barring having a heart attack just then or suddenly going mute, you can indeed ask the question. After all, you have just shown the ability to ask questions by asking the first question :-)

However, even assuming the more likely meaning "Do you mind if", which makes a lot more sense, you then start to be playing in the realms of etiquette, which is a minefield in itself. If one has to have permission to ask a question surely one needs to have permission to ask the first question, i.e. I may mind being asked "Can I ask you a question?". I suppose this very rant suggest that is the case! So presumably the first question is a break in etiquette (doing something I do mind) in order to avoid breaking etiquette by asking the real question straight off... WTF?

I should probably not be trying to apply my tactless, and mostly logical, mind to any sort of social etiquette really should I? :-)

Friday, 15 October 2010

Your learn something every day - well Mon/Wed/Fri

You know the saying: "you learn something new every day"

Well it seems more likely that it is Monday, Wednesday or Friday. The reason being that XKCD almost always has some deeper meaning or higher maths that involves googling and reading of wikipedia to fully understand.

Even today's - I did not know what a Shibboleth was and now know that Shibboleet is a Shebboleth and a play on words as well. See the wikipedia on it to fully understand.

I should have guessed it was not just a random made up word, but something "clever" too.

XKCD/806 compliance

Its been tricky ensuring we comply with lots of rules and regulations and RFCs, but the latest challenge was XKCD/806 compliance.

I think we managed it. The problem was that whilst there are not that many people on tech support that actually know at least two programming languages, all of them know better than to ask people to click on the "start" button. So we were not sure if calls actually needed transferring or not.

Even so, 07:27 this morning they were all briefed on the new code word just in case, so I think we can say AAISP support is XKCD/806 compliant now.

:-)

Current affairs

Was having a chat the other day about someone watching news and how there is 24 hour news and people watching miners getting rescued at some ungodly hour of the morning.

I hardly watch news at all - what's the point? So I did wonder what was the point?

Obviously there is news that could affect me. Some things have impact because they are local to me or my business or things that affect my family or friends. Some things have impact even if they are world news (like volcanic ash clouds) as they can have impact on me (e.g. people not making meetings because flights cancelled, etc). So there is reason to keep up with relevant current affairs - though generally not an urgent reason (i.e. not to be up watching 24 hour news in the middle of the night).

Then it occurs that the main reason to keep up with current affairs is conversations with other people. People I talk to assume a level of awareness of current affairs, and use them as part of conversation. Even so, it does not require the level of urgency with 24 hour news!

Then it occurred to me - with the people I talk to it is far more critical to have read today's Dilbert and XKCD than know if some miners have been rescued safely or not. Is that sad?

P.S. Glad they got out safely.

WOW broke

Arrrg, patch applied and now does not work - crashes
(under wine, of course).

I'll have to trawl the blogs to find why and what wine patch I need.

Thursday, 14 October 2010

Overtake

It is a sad day when downloading an app or patch takes way less time than installing or applying it.

The latest WoW patch seems that way. Download was not problem, pffff 5GB, no problem. Applying the patch is taking ages!

P.S. I just love the filenames on the WoW patch as it applies.

Wednesday, 13 October 2010

Turning up the wick a bit

Well, there is some good news with our favourite telco. They are upping the targets they have for throughput on broadband lines a bit.

The concept is pretty simple - they sell data, so any point in their network that is full - limiting data - limits what they can sell. The idea of charging for data should allow uncongested networks.

Unlike our other favourite telco, they are not actually stating that they aim for an uncongested network, but the figures for what the do plan are somewhat improved. They work on the basis of of "X Mb/s for 90% of the busiest 3 hours of the day". A tad confusing, but basically for 90% of the busy 3 hours you get a throughput, and obviously the rest of the time you get better than that.

We are pushing for definitions we can measure against - like loss and latency - but that is a tad more long term.

But yes, in some cases they have again doubled their targets for throughput and that should be seen in the network now. Well, apart from some 6 hour period over night...

So, good news.

How to break a network

I have to say that our favorite telco are at it again a little bit...

We are working with them quite well, but some times they just take the biscuit, and this is one of them.

They are, for the third time now over the last few years, taking everyone off line for hours over night. 6 hours in fact. It is one area at a time and there are about 20 areas.

Each one causes everyone in the "metronode", whether 20CN or 21CN, to go off line all night.

Extra catches - when the do the area covering the node we are connected to (Stepney Green), that means all lines we have going down again everywhere. So 95% of people get two outages of 6 hours not just one.

And why? To "add resilience". And this is the third time now. Someone does not understand the word "resilience".

Just to add to the fun, this time, when they take out each node they are shutting down RADIUS so even if not in one of the affected areas, if you go off line, you will not get on line until 6am, tough!

And did they tell us - well technically yes - a notice (one of dozens a day) said they would do this, but unlike other notices it did not list the circuits affected. So kind of missed.

Manchester and Faraday have been done, so many more to go - all going on status pages.

We are not alone in being outraged. There are even some companies offering some interesting alternatives to these links we have to our favorite telco which would avoid this Dent in our service now and then...

I'll try and find more details. It may be that this time they are actually adding resilience and it will be the last time. That would be good news, but I am not holding my breath.

Monday, 11 October 2010

It just works!

OK, this is slightly blowing my own trumpet, well the trumpet of the whole FireBrick team really, but I have been involved in a fun project for the last few weeks to deploy a FireBrick in a completely new environment - mobiles.

An LNS, as this is, handles the endpoint of connections to the internet, typically from broadband lines these days. We have tested from dialup, and broadband. We have tested from BT and Be. We have tested the way things are done in the ISP world and we are selling them (albeit prototypes, technically). They work well.

The mobile world is a challenge though. We are talking to very different kit (A Nokia GGSN) and it is not quite what we expected. The PPP negotiation is faked in the mobile network, and the RADIUS responses were not what we expected, and lots of little snags and differences.

Throughout the work I have ended up making all sorts of changes only to find that, after hours (or days in some cases), what we were doing was right all along and no changes were needed. The end result is a richer set of features on the FireBrick, which is good, but mostly a lot of work for no reason.

The final solution is handling layer 3 termination as well as lots of L2TP relay to all sorts of different manufacturers kit in ISPs.

Basically, "it just works". I should not be surprised, and I know customers using this kit are not surprised, but it is always scary when you are launching any new product. You worry about every little thing - from "is there some subtle bug that will break things?" do "did we design a product people actually want to buy?". When it goes out there in to the world on its own and just works you are always relieved, and it is always a surprise no matter how many times you have done it before with other products that "just work".

So, onwards and upwards - the new smaller FireBrick products are due to launch real soon now, and we have much to do.

Code code code!

Friday, 8 October 2010

I can ping my iPad

OK, this may not seem that hard. After all, it is networking. But the mobile networks make this a nightmare, so finally being able to actually ping my iPad is a huge step forward.

We finally have data SIMs that have unfettered IP connectivity (if only for a single static IPv4 address for now). No session tracking. No firewall. No NAT. Just raw IP. Networking like what it should be, in'it.

What is fun is that even when "turned off" (well, the blank screen mode one normally leaves it in) it seems to maintain the data connection indefinitely. And you can ping it! It does take a few seconds to respond initially so I can only assume the radio side is shut down to something that exchanges data every few seconds at most - though once you get through all the queued pings reply and it works.

Yay!

Wednesday, 6 October 2010

Hiding keys

http://www.bbc.co.uk/news/uk-england-11479831
[Someone jailed for not handing over an encryption key]

I was rather shocked by that. I remember being shocked when RIPA came in and had not caught up with the fact that there have been a few cases now.

It is a fact of life now that information can be hidden and not be accessible if someone wants it to stay hidden. To be honest this has always been the case even without convoluted tricks like Dan Brown's cryptex. People have been able to just keep secrets in their head.

Forcing someone to come up with a password if they do not want to goes against basic ingrained ideas like right to remain silent and right not to incriminate yourself as well as right to privacy. This is eroding civil liberties, IMHO.

It is also so pointless. People can hide information - there are plenty of tricks if you want to hide data in ways that do not look like the data is hidden. The more cases like this happen the more standard, off the shelf (well, downloadable for free), apps will provide this functionality and the concept of asking someone for their encryption keys will vanish.

There are almost certainly legal tricks too, such as the key being held by someone else but you having no right to it or control over them formally and them being in another country, etc. i.e. they happen to log in an unlock your disk for you if you ask, but there is no actual right to compel them to, and they won't if they hear you have been arrested.

I think I'll start putting random data files on my hard disk to prove a point.

Saturday, 2 October 2010

Internet HD

I know how to get people in to using IPv6... Rename it "internet HD". Everyone will upgrade to "HD". I mean, "HD" seems to get everywhere now not just TVs.

We could sell Ethernet cables that are "Internet HD ready"...

:-)

Thursday, 30 September 2010

MYSQL madness

There are occasions when mysql drives me mad!

A classic example is selecting from one table and joining with another table using one or more fields which are unique keys in the second table. In this case first table is some service, like a VoIP number, and second table is the login details relating to the login field in the service. e.g.

SELECT * FROM Service LEFT JOIN Login USING (login) WHERE blah;

Well, that generally works when blah is simple, but if the WHERE is even slightly complicated (referencing Login and Service), even if only looking at fields that have an index, it can break badly inspecting every combination of Service and Login!

The other approach I tried looks much worse. The SQL does not know using a nice syntax like "USING" what I am up to and is having to guess. e.g.

SELECT * FROM Service,Login WHERE Service.login=Login.login AND (blah).

Yet, for some inexplicable reason, MYSQL really likes the second way of doing it. And is lightningly quick. The first way was still going 10 minutes later when I restarted the server.

What is sofa king annoying is that this used to be the other way around in terms of efficiency in a previous release of mysql. Long ago we changed from the WHERE type joining to using USING to speed it up. Now we have to change back.

Arrrg!

Wednesday, 29 September 2010

Dude! where's my SIM

OK, some will assume I am an Apple fanboy. After all I did walk in to a PC World and buy half a dozen of the 64GB 3G iPads a while back.

So you take an iPad in for repair, one of the ones that actually broke rather than being sat on.

They say "can't repair, has to be replacement", but before you know it the old one is sent back to apple. This is an apple approved repair place somewhere Reading way.

Arrrg, save & restore. They claim they did, phew!

Only replacement is brand new - no saved photos or anything, and get this - the SIM card not even moved to the new one FFS!!!

I think I may have to sue for the SIM card back. Grrr.

Copyright

Pondering things that I post on here I think it is time I posted a more formal copyright statement on here, so this is it.

Everything on here, unless otherwise stated, is my copyright, and dated as per the blog posting itself. This means I have rights, and can reserve all sorts of rights to what I say which cover copying and distributing some or all of the postings. I can even reserve the rights covering the download of the blog posts in the first place including this one! The catch is there is a sort of implied right to download a web page and until you see the copyright notice you can't be expected to understand a variation on those implied rights. This is why this is linked in to the title of the blog now.

So, lets get to the point - what rights am I granting and to whom?

In summary:
I want people to read, enjoy, quote, use and like my blog.
However I do not want anything I say to be used against me!

In short I am trying to use copyright law to provide freedom of speech.

1. You have an implied right to access the main page and read what I have said on here up until you see the banner at the top with the link to the copyright. Anything you do after that is subject to the copyright notice here. I consider that implied right enough to read the page only, not to make any further copy or print of the page in any way. All rights are then reserved unless I grant them below, including rights to look at the page in the future having looked at it once and seen a copyright link on the page. You are allowed to read this one post on copyright as much as you like.

2. Anyone I would consider a friend is allowed to download, copy, reference, quote and use what I post on here as much as they like in any way they like. I politely ask that when quoting me you provide a link to the posting and acknowledge who wrote this. If I link to anything external, then check their copyright - I can only grant rights to what I make.

3. You only have the above rights as long as I would consider you a friend, and on condition that if that status ever changes you shall delete all copies and indemnify me against any consequence of your non compliance, or payment of appropriate licence fees.

4. This leaves the definition of those I would consider a friend. By default I would consider anyone reading my blog to be a friend. However, if you are planning, or starting any legal (criminal or civil) action against me, my family or my companies you are not a friend. If you are making any threats of such action, you are not a friend. If you are representing any such person, you are not a friend. If you are identified in and are the adverse subject of any of my blog posts, you are not a friend. If I tell you you are not a friend, you are not a friend. This means that such people have rights to read my blog main page once as an implied right which is then immediately withdrawn and they have no right to save, print, copy or use anything from the site (apart from this one post stating the copyright). That includes using the content in any civil or legal cases.

5. If you not not follow the above rules, and do use a copy, then you must pay a licence fee for your usage. This is not a fine or a penalty, its a licence fee. This is likely to be just slightly more than the amount of damages you have claimed from me or my costs in any action you take. I can make up the fee as I see fit and advise you of it later.

6. (not a copyright issue as such). Anything I say post about any person or company is, unless otherwise stated, only my personal opinion and view at the time.

7. Obviously, if I give you a separate notice saying that you have no rights to access anything on my blog, then doing so, even the first time after you get that notice, is a breach of copyright.

I am not a lawyer, and I require these terms to be read and interpreted such that any doubt on the legal wording is considered in my best interests.

I welcome comments on my posts - you grant me permission to publish your comment when you make the comment. I am more than happy to hear legal discussion and comment on this copyright statement.

acs:law

Well, more on data protection. A few people wondered why I have not blogged on acs:law. Oddly a few of my friends had not heard the story yet either! I was not sure whether to say anything or not - it is pretty well covered already.

For those that are interested there is a lot of underground coverage, but also some mainstream media such as BBC.

The long and short of it is that acs:law appear to be a bunch of wankers that have been exploiting people by sending demands for settlement out of court for alleged copyright infringement. This is the very industry that the recent and controversial Digital Economy Act is there to help. The evidence is often tenuous and the scam works by a major proportion of people paying up. This is helped by the fact that the accusations usually relate to porn or gay porn, which, even as an false accusation, nobody wants to be defending a court case for.

OK, that was all known for a long time - the fact their web site failed under load and coughed up a complete archive of emails and documents is what is the current story. This contains lots of personal information, and details of how the company operate. People can see what sort of scum these people really are now and how the operation works and the money flows.

Porn is an easy target as I bet lots of people have downloaded porn at some time or other (whether legally or not) and do not want the whole issue debated in court even if this specific file was not one they downloaded. Sadly, some people have had some real upset and concern caused by the accusations thoughm as can now be seen from some of the letters that have leaked. Do acs:law care? Well, it seems that if it is some pensioner than has only ever used the new PC to email relatives, they'll drop the matter, though this seems to be linked to the person having no money rather than any real concern for the trauma that has been caused. In one case acs:law apparently accepted and agreed that the person in question was not the infringer (must have been her now ex-husband) but still were happy to accept payment even though no payment was due under civil or criminal law. Paying someone to stop hassling you is the very definition of a protection racket, surely?

There are even web sites now that will take your postcode and see who near you has been accused of downloading what by acs:law!

Good news is A&A have never had to release customer details to acs:law, unlike many of the major ISPs who have had to comply with court orders from them. I am sure if we had have had a court order, and been unable to contest it, we would have had to release details to - we were lucky. The likes of Sky and BT were less fortunate and (it seems) working hard to do all they can for their customers who have had details leaked by acs:law.

Of course, I am just truthfully stating my opinion here, as a matter of fact. I have no proof either way that they are in fact a bunch of wankers or that it is a scam, but it is a true statement that such things are my opinion. To form your own opinion you can now read all of their emails, it seems. Given what has been leaked already, I doubt anything I could say here could be said to defame their character in any way... :-) P.S. acs:law is not a friend, see copyright statement.

Data protection

How the hell does he do it?

My son has managed to sort new insurance and get a refund for the old one that they tried to cancel (still chasing an apology letter), but the latest is a letter from his new insurance saying that they are putting up the price by £800.

Why you may ask? Because he has got insurance quotes done through the likes of money supermarket and such, for insurance with various "modifications" to his car. Well, yes, he wanted to confirm how things like "tinted windows" would affect the insurance, and sees it would add a lot so did not go ahead. That is, surely, one of the reasons you get a "quote"?

But know, his insurance company, sharing data like mad, decide this means he must have got those mods and change his policy unilaterally.

I thought this was what data protection as all about, to stop this sort of crap!.