my web 0.2 website

Internationalisation of DNS continues

Like most original internet standards, the DNS was designed to initially suit the needs of any section of the world that could communicate using 7-bit ASCII and Latin character sets. Then the internet became really popular. Everywhere. The DNS had to evolve to cope with naming schemes that came from alphabets all over the world.

All successful internet protocols are elegant and simple by design. This makes it possible to retro-fit great ideas someone has one. Internationalisation was proposed in 1992, and it eventually became possible to register Internationalised Domain Names (IDNs) in the .com space in 2003. Standards move slowly on the internet!

IDN is up for discussion again at the 31st ICANN meeting on Monday. This time, the world’s registry community are meeting in New Delhi, one of the most significant IT regions of the non-Latin world, to discuss the remaining “glitch” in the IDN system. An IDN might look like this: .com. Therefore any user still needs to be able to type .com in order to reach the resource they request. There is a proposal at the ICANN meeting to add Internationalised top-level domains, actual complimentary TLDs to .com, that will mean that resources can be reached in any supported alphabet.

This is interesting stuff. One school of thought is that this could significantly assist the development of electronic enterprise in many more pockets of the world. The supremacy of Silicon Valley as the web’s main economy would then be broken. I think differently – I think that .com is now too established as the main ecommerce ‘brand’ TLD, and attempts to localise the meaning of .com will be fruitless. .com means “I trade online”. Despite .biz and similar TLDs being equal in technical terms, they are not equal in the eyes of shoppers or traders. .com now has specific global meaning, and can’t be diluted.

Vodafone’s legal challenge to fast porting.

I tried to open some dialogue with colleague members of the ITSPA about Vodafone’s legal challenge to Ofcom’s two-hour number port ruling.  Instead I got a number of offlist replies suggesting Vodafone’s challenge is still news to many in the industry.

Today, if you want to port your number from one service provider to another, it relies on two major coincidences – firstly that your old and new provider have an agreement in place to manage the technical transfer between the two networks, and secondly that your old provider remains fully willing to forward all calls destined from your old number, to your new service provider.

There are several issues with such a system – the first is that your old provider are still very much involved, so their technical or commercial failure causes a problem long after you have ported away, another is that the process is slow and manual, and a third is that not all service providers have agreements to permit number porting (called a Mutual Porting Agreement in the industry).

Vodafone are concerned about the costs of the new system, even though an industry group UKPorting has only just begun to gather information about how the system should work.  I think that it’s a flawed premise to argue that a system is too expensive before a system is selected (and associated costs are announced).  Instead Vodafone should get involved with designing a perfect system.

The UKporting system to facilitate fast, reliable, and simple porting must happen, and must succeed.  We have to protect consumers who port their number from failures caused by their former service provider.

I am concerned that the system may mean all multihomed telephone networks will need to move to any all-call-query model that’s run by one natural monopoly.  If a single entity holds the industry to ransom, we have not moved forward – there’s still a single commercial or technical position that can fail to break your port.  The single All-Call-Query model also lends itself well to governments having access to a single point where recording of most call attempts can be made.

The Network Is The Computer. Again.

Ever since John Gage of Sun first offered the phrase “The Network Is The Computer” to the world, people have been using it as inspiration. Sun use it to explain that they mean Social Networking without actually using the phrase (they prefer the old fashioned “community”).

I think web 2.0 developers are offering a new perspective on the phrase. There was a time that if I wanted my computer to do a job, I would find or buy a piece of software that was engineered to cause that job to be performed. The Internet and the Web 2.0 culture is changing this model completely. Its becoming the case that the computer in front of me is stupid, and some cluster of servers in MarketPost Tower, San Jose actually does all the work.

Enter Mint. Mint is self described as refreshing money management. Sound like what Quicken does if I install it on my computer, but with the word ‘refreshing’ in front? It’s refreshing (well, different) because to use their software I simply need to visit their website and sign up. Mint will learn about your spending via your online banking accounts, and aggregate your personal finance situation into one simple application. It sounds so simple, and solves no problems that weren’t also solved with personal finance software on the ZX Spectrum. And yet on Launch day just a couple of months ago it won $50,000 in the innovation contest, ‘Techcrunch40‘.

There’s two lessons from this. Firstly, there’s a new blueprint for guaranteed success in the web 2.0 world, and that is if you can take all the features of a market leading piece of traditional software, and build that functionality into a website, then you will be heralded an innovator. But you have to be the first person to do that. So hurry.

Secondly, and this is a lesson that wont be learned by the general public for a while, is that putting your private data in a central place that you do not control, is a weak point of attack when someone wants to learn something about you. Maybe someone wants to target your assets. Maybe the government want a nosey in what you’ve been spending. Maybe a consumer profiling company want to run a survey. They only have to get hold of one set of keys to your mint account, and all three of these groups can do what they want with your data. If my computers were stolen, then an expert would be able to find out quite a lot about me. If I put my data online and it gets stolen, the same can happen. And if everyone puts their data online in the same place, then it becomes very attractive to break in and steal it for lots of groups.

If VoIP kills phreaking, who are tomorrow’s engineers?

“Ma Bell is a system I want to explore. It’s a beautiful system, you know, but Ma Bell screwed up. It’s terrible because Ma Bell is such a beautiful system, but she screwed up. I learned how she screwed up from a couple of blind kids who wanted me to build a device. A certain device. They said it could make free calls.”

That’s a paragraph from an article linked to from Steve Wozniak’s website, which Steve describes as “The Article that changed history“. He is one of the most important engineers of our time, and like thousands more, he was driven to learn more and more about how computer systems interact, after snooping around telephone networks. The telephone system has always been a prime target for attack for two reasons – vulnerabilities have historically been well published, and telephony was so expensive that it was worth working out the ways to subvert the system and talk for free.

But what happens when talking across the world is so cheap that its not worth stealing any more? You may think this is an irrelevant point, calls from BT users to France are still 18.5p per minute, to New Zealand are still 31p per minute. But what if these calls to France were a penny a minute? Calls to New Zealand 1.4p a minute?

Well, they are now that price if you are a Localphone user. Does this mean no more Steve Wozniaks, young men driven to explore big networks so that they can use their skills to build something even bigger and better?

The first ‘Phreaks’ – the collective name for people who like to exploit vulnerabilities in the phone system found their skills by accident. A blind eight year old called Josef Carl Engressia discovered that he could stop a phone accounting for a call he was making by whistling a particular note in a long distance call. He’d accidently discovered the 2600Hz tone which signals to long-distance telephony kit that a user had hung the phone up.

The later Phreaks like Steve Wozniak were more methodical, they took this learning and approached the exercise as engineers – phreaking was a learning experience – as Steve puts it, “The blue box year was 1972. Apple started in 1975. The biggest connection was some design tricks and techniques that I honed on the blue box.” Fooling around with the telephone drove innovation and learning for the early Apples.

The telephone system acted as a central point of interest for those interested in information security, and gave the movement focus. Whilst the 2600Hz trick no longer works, the number features in the name of the world’s most popular security journal, 2600 The Hacker Quarterly, which specialises in distributing information to IT personnel about improving their systems by demonstrating weaknesses in flawed systems. Again, without Phreakers would such openness and publicity for information security exist?
I admit that phreaks are not only motivated by the prospect of free telecoms, they are fascinated with the huge telephone network. I only ask if calls were as cheap as they are through services like Localphone, would so many engineers have found value exploring telephone systems, learning techniques to use in their later masterpieces.

I hope that tomorrow’s engineers will still explore telecoms. In fact, its easier today than before – downloading a free PBX like Asterisk means you nolonger need to be a criminal in order to explore how a telephone network interacts. VoIP networks have existed as islands within a corporation, or groups of interested people (e.g. the closed FWD system permitted free calls between friends on their network, no matter where they were in the world, but did not allow calls to route to other telephone networks, such as the one your mobile is connected to). Cheaper telecoms was our drive to build Localphone, so it can still act as a motivator for engineers to create something, its just that today you can have more fun doing this legally!

Disclaimer: the author is an engineer at Localphone.

Net Neutrality debate gets traction

I cited a DoJ statement in a previous article that was destined to stagnate or kill all innovation on the web, by permitting ISPs to end the end-to-end nature of the internet.

I’ve been trying to draw the attention of some other technical people by talking about NN on mailing lists.  Sadly some people have got the wrong end of the stick – they think that the rule simply states that ISPs will be allowed to carry customer Quality of Service preferences to the edge of their ISP networks.  This is not the case – the Net Neutrality debate is about whether an ISP should be permitted to be un-neutral irrespective of, or even against their customers’ wishes.

One company that stands to loose most from an un-neutral net is Google who have been quick to earn column inches supporting the neutral net.

Peter Norvig, Google’s Director of Research speaks from the front cover of this weeks’ Computing arguing that the only reason “the net has grown far beyond the original perception bounds” was in fact ” because it is open, and because services can be launched without being fettered by higher level control.  At Google, we think it is good for competition to try to keep services this way, and that is what we are going to push for.”

I don’t want an internet dominated only by companies with deep pockets.  Google, the archetypal company with the deepest pockets don’t even want an internet dominated only by companies with deep pockets.  The only parties that stand to gain from the NN war as the ISPs that have been the most aggressive at driving down consumer internet charges, to un-sustainable points.  Don’t give them a life line.  Let’s have a fair internet.

A license to do something bad isn’t reason to.

For months, ISPs in Europe have been campaigning to preserve their ‘mere conduit’ status, or in English they have been fighting to prove that they should be able to treat all packets, between customers and the resources that they want to access equally.  This means, no content blocking, monitoring, and fundamentally no commercial favouritism – or as it is referred to Network Neutralism.

At the same time, some ISPs in America have been petitioning to abolish the concept of Net-neutrality on their networks.  These campaigns have not fallen on deaf ears, the US Department of Justice now consider that without legislation permitting ISPs to charge companies who host content for access to the ISP’s customers shifts the “entire burden of implementing costly network expansions and improvements onto consumers“.

This shows a wanton lack of understanding of the model with which internet connectivity is sold.  I, as a consumer, buy connectivity from a company who will try hard to ensure my packets will flow towards their intended recipient.  Someone who wants to host content pays another ISP some money to ensure that their packets flow back towards me when I visit their website, online shop, or use their service.  That’s the model, and its the only one that works.

If I want to set up a shop online, I should only have to pay the companies that I have a direct connectivity relationship with.  It should not be permitted for a company that I do not connect through, to hold their eyeball customers to ransom, demanding money from me, the shopkeeper, to allow me to reach our mutual customers.  Particularly if this customer is selling internet connectivity – there is a strong ‘end to end’ implication with that phrase.

The DoJ are wrong – what they think is a burden to consumers is just the fair market price that internet connectivity is sold for today.  An ISP should charge their customers enough to make sure that they can pay to support their network.  As a consumer, if I want to use MSN, Skype, Hotmail, Google, the BBC, iTunes, or any other online service, I should be able to, because I have paid for my ISP to try their best (without getting in the way) to get data between me and the services I use.

Net-neutrality has been the driving force behind innovation online, and we would not have the wide variety of services online today, if starting to trade online meant you had to pay lots of ransom notes to every ISP in America first.

Why Municipally Provided Wifi Must Never Be Allowed

I have twice now had to defend an unpopular premise – that local governments should not provide free wifi to residents and visitors. A recent thread on the Open Rights Group discussion list almost got pretty out of hand between a few people who thought it was dangerous for the government to be providing IP services, and the majority who wanted it.

To provide “free” wifi to residents, a council must spend our money on many more items than simply wifi access points located in strategic points around the city. They need to provide onward connectivity (expensive), operational support, technical support, security systems, subscriptions to professional groups such as the IWF, monitoring and maintenance and much more. The council can’t afford to fix the pot-holes on my road, despite billing me each April on the promise of doing just that, so where will the money come from in order to pay or this infrastructure?

I also do not want the council competing with my local ISP. Government is not designed to compete with private enterprises. Turfing council tax paying employees out of work by competing with their employers is surely counter-productive.

I also don’t want the general public to be led to believe that internet access is free to provide. Its bad enough that Carphone Warehouse, Orange, and other companies are trying to their best to leave customers of ‘free’ broadband services with that theory without my local government joining in.

Some people believe that free municipal wifi could be a positive externality achieved when a city is ‘wifi’d’ for public sector employees to use when doing their job. I would love to see any cost/benefit analysis that demonstrated that the applications that drive our public sector are cheaper to run over ubiquitous wifi rather than store-and-forward messaging systems that take advantage of wifi at strategic points or 3G data connectivity. I then want to see the figures that suggest opening up a private local government network for public use wont cost any more money.

Then followed the argument that if local government can provide street-lights, then why shouldn’t they provide wifi using the same rationale. The problem with this logic is that streetlights and IP connectivity are not similar enough to compare. Street lighting is a public good; in economic terms, that means that we all are required to pay for it and we all get it, irrespective of our purchase preferences as free economic agents. People wouldn’t ‘buy’ street lighting in normal circumstances, even though there is a compelling reason to deploy it. Internet connectivity is not like this, where IP is useful, it is already widely deployed.

Firms need to fight in order to be the best at providing services, so that they can feed innovation and value. Consumers need to choose which service meets their needs the best. I would wager that you demand very different things from your domestic internet connection than I do. If I had to buy SheffieldCityBroadband (which I do have to buy, if I get taxed for its provision – tax is of course demanding money with menaces), it probably wont do what I need.
Free wifi isn’t free. Someone has to pay. And if that someone is the taxpayer, then why can’t we just pay “the best” private company in our area to provide the service. Perhaps I will be lucky and get two providers to fight it out to be the best!

Lastly, the concept of buying internet access from the Government is extremely frightening to me. Check out the content blocking section of the LINX Public Affairs site if you want some evidence that the government are desperate to filter our internet connections. If everyone buys their state-IP the government have a simple place to block our content!

Mastercard Securecode Rant.

I ranted on the Ecommerce Experts mailing list earlier in the week after canceling an order on a cabling website, after it prompted me to enroll in Mastercard Securecode, with no way out.

My gripes are that

• The general public should NOT be encouraged to enter their secret personal data at a checkout, in random popups.  The commerce community should be sending the opposite signal; that filling in forms requesting private data on a random website is precisely how you get your identity stolen and used fraudulently !
• The form looks like a XSS attack, not something genuine, so I have no way to work out whether it is genuine, or whether I am being phished.
• The card may well be a company card, and not attributable to personal details.

I complained to the retailer and explained that I was not willing to order from them whilst they used and enforced securecode, and the retailer lied to me, explaining that they had no option but to use it, but that I could telephone through an order.  I think they miss the point of e-commerce.

Please do not deploy Securecode or VBV on client sites.  Please abort the transaction if you are prompted to enter your details on an untrustworthy third-party form during checkout online.