How can I put this..? This is quite a novel way of doing it.  I think there’s a reason that more virtualisation systems don’t work in this way.  VNC is not great, but I am sure there is a reason that I can’t use a dummy serial port instead.  I’d have preferred RDP, but perhaps there’s a reason I can’t use that too.

I normally use Chicken of the VNC as a mac osx client, because it has a funny name, and has always worked.  However, it crashes and burns (see screen shot) when trying to install Debian on a KVM guest.  Hopefully I can save someone else an evenings’s worth of trying every other mac vnc client, and offer the fix.  Just use VNCViewer.  I tried this after half a dozen others which all failed in a similar way to Chicken.

Any comments on why RDP or Serial might not have been better welcome.

I installed some new Xen hosts for a customer last week, and used it as an opportunity to catch up with Xen news.  Although I used to use the xensource open source version to build xen hosts, I saw the free ‘xen-on-a-cd’ downloadable ISO as an extremely important project that dropped the barrier for Xen adoption.

This free CD image is now limited to only four guest OSes - need more on this platform ?  Or need to use more than 4GB of ram ?  These features now cost.

I acknowledge that open source free, does not mean costless.  But there have been two business models that are prevalent in the open source world, and Citrix are starting to behave like less like my favourite one.

The good model is like Red Hat’s - lending developers, money, and a strong name into a popular open source project which is largely feature compatible with a commercial version.  The company is backed by licensing the commercial version, and paid for support/training.  I say lending, because the return to the company should be quality feedback, software, and advocation in the community.
The other is more like MySQL’s.  Although the code is published and shared between the community, the company work hard to limit the distribution of simple-to-install binary versions to enterprises who will not pay for it, for example - by their own admission - they withhold features, and essential bug fixes from the community version for an unspecified time.

Limiting features, and specifying the free edition must run on lower grade hardware, might herald a sad death to any project’s status as a free project.  If, like with MySQL, the community editions and enterprise editions embark upon a long drawn out divorce, then pay for the software, or bin it at the beginning of the process.  I don’t know what will happen to the majority of Xen installations if some people need to make the choice .. but look out for some KVM articles in the coming days.

Pakistan Telecom and Youtube are likely to have no commercial relationship in place to carry Youtube traffic - particularly as around two hours ago, according to Yahoo News, the story broke that the Pakistan Government required ISPs operating in the country to block Youtube. Despite this, Pakistan Telecom were able to cause ISPs all over the world to send traffic that should be destined for Youtube to Pakistan instead.

This is because the protocol that determines how to find my network on the internet, is shaped by how “specific” the announcement of my network is. If I make an announcement of a network of 1,024 addresses, and someone else makes a second announcement of 256 addresses within a subset of my 1,024, then the network which announces the smaller subset win the traffic destined to those hosts. This is a feature - fully by design - of the BGP routing protocol. Almost every time a more specific block of addresses is announced, this is because the administrators of those networks intend for the routing to be different for a subset of a large number of addresses.

Sadly, there are accidents from time to time - another network can announce a subset of my addresses without my knowledge or permission, and they win the traffic that should have gone to me. This happened today - it seems that Pakistan Telecom decided to inject a fake route to their network containing Youtube’s webservers, and accidently then leaked that route to the networks they connect to.

Small networks and end sites can limit the chances that they will leak bad routes by explicitly listing the network addresses that they intend to send to their upstream or peered networks. Larger networks may find it harder to stop themselves propagating someone else’s mistake, because they may have a contract to carry forward any announcement that their customers make. Furthermore, the complexities of their own networks mean that an engineer working under pressure after announcements made by government ministers are more likely to make a typo error and do the wrong thing.

Richard Clayton presented a very interesting set of commentaries at the last LINX meeting. He commented that right now its very obvious indeed when someone hijacks some of my network space in this way, because all of my traffic disappears. Youtube were probably aware that something was very wrong within moments of the announcement. What if someone builds an infrastructure to steal my traffic - or at least some of my traffic - but after doing something with it, they send it back to me, it is much harder for me to spot that anything is wrong.

This is a significant risk to ecommerce infrastructures that competitors or e-pirates could seize upon opportunities to steal customer behaviour data. What if a wizard stole the network containing your web server, proxied your shop, but set up a fake checkout? How quickly would you spot?

Because this problem is inherent to the routing protocol, this is the obvious place to fix it. There are attempts to blend PKI with routing information, so that peers can verify the validity of your announcements. S/BGP (secure BGP) requires me to sign my announcements, and gives my peers a method to check in an impartial internet community database that my announcement is valid. It is the sort of technology that would have prevented Youtube from disappearing off the air today.

GMTV are finding they’re already a victim of spam filtering, or customer reluctance to read marketing email.  They’re originating messages that either get binned by the audience, or their audience’s automatic spam filters.  Customers who traditionally would have received emails informing them of new online content are now being encouraged to install a desktop client that alerts them in real time about new content.

I’m pretty worried that in order to stay in touch with suppliers in the future, I’ll be expected to use one particular desktop client.  This means in some cases, I may have to use one particular desktop environment for a start.  Secondly, this makes it more likely that I’ll receive malware - how can I trust the originators of the client?  And as it’s a network service, any desktop alerting system is also potentially at risk of abuse or spam.  So I get realtime spam as well as spam waiting for me when I check my mail.

Instead, I hope that more email clients incorporate RSS systems in the future, as Apple Mail has done in the latest release.  Using Apple Mail, I can subscribe to marketing announcements from the companies that I want to hear from, and have those arrive in a specified area of my mail client, and they’re not inflicted by spam.  As I try to make clear everywhere possible - use open standards and open protocols, if you want to keep your doors open to new business.

All successful internet protocols are elegant and simple by design. This makes it possible to retro-fit great ideas someone has one. Internationalisation was proposed in 1992, and it eventually became possible to register Internationalised Domain Names (IDNs) in the .com space in 2003. Standards move slowly on the internet!

IDN is up for discussion again at the 31st ICANN meeting on Monday. This time, the world’s registry community are meeting in New Delhi, one of the most significant IT regions of the non-Latin world, to discuss the remaining “glitch” in the IDN system. An IDN might look like this: .com. Therefore any user still needs to be able to type .com in order to reach the resource they request. There is a proposal at the ICANN meeting to add Internationalised top-level domains, actual complimentary TLDs to .com, that will mean that resources can be reached in any supported alphabet.

This is interesting stuff. One school of thought is that this could significantly assist the development of electronic enterprise in many more pockets of the world. The supremacy of Silicon Valley as the web’s main economy would then be broken. I think differently - I think that .com is now too established as the main ecommerce ‘brand’ TLD, and attempts to localise the meaning of .com will be fruitless. .com means “I trade online”. Despite .biz and similar TLDs being equal in technical terms, they are not equal in the eyes of shoppers or traders. .com now has specific global meaning, and can’t be diluted.

Today, if you want to port your number from one service provider to another, it relies on two major coincidences - firstly that your old and new provider have an agreement in place to manage the technical transfer between the two networks, and secondly that your old provider remains fully willing to forward all calls destined from your old number, to your new service provider.

There are several issues with such a system - the first is that your old provider are still very much involved, so their technical or commercial failure causes a problem long after you have ported away, another is that the process is slow and manual, and a third is that not all service providers have agreements to permit number porting (called a Mutual Porting Agreement in the industry).

Vodafone are concerned about the costs of the new system, even though an industry group UKPorting has only just begun to gather information about how the system should work.  I think that it’s a flawed premise to argue that a system is too expensive before a system is selected (and associated costs are announced).  Instead Vodafone should get involved with designing a perfect system.

The UKporting system to facilitate fast, reliable, and simple porting must happen, and must succeed.  We have to protect consumers who port their number from failures caused by their former service provider.

I am concerned that the system may mean all multihomed telephone networks will need to move to any all-call-query model that’s run by one natural monopoly.  If a single entity holds the industry to ransom, we have not moved forward - there’s still a single commercial or technical position that can fail to break your port.  The single All-Call-Query model also lends itself well to governments having access to a single point where recording of most call attempts can be made.

Many of the statistics came from Serge at Euro-IX who did the leg work for the raw figures.

The highlight points of the talk were

• Euro-IX identify 103 exchanges in Europe, in 31 countries. (3 in 1993)
• 8 Exchanges in the UK (was 9 until BT’s UK6x closed)
• At the end of 2007 networks publicly peered 1.215Tbit/sec at peak.
• More public peering in EU than US (but it’s cheaper to peer in EU thanks to lower x-connect fees, and cheap ubiquitous mutual exchanges)
• London is #1 for network reach - 601 networks peer publicly, 415 peer exclusively in the UK.
• 22% of LINX members peer exclusively at LINX, 31% of LONAP members peer exclusively at LONAP.
• 577 networks peer at more than one IXP, and one network (Colt) is present at 19 exchanges!
• Last year the good weather in April caused an additional summer-time traffic dips in Europe, in addition to the regular dip in July/August

There’s other stuff in the slides too, such as the usual traffic updates for various major exchanges in Europe.

One silver lining is that the issue of Information Security is now at the front of the minds of IT decision makers everywhere.  If you store any information about customers, suppliers, or any people whatsoever, and you don’t already have a plan for how you will move this data securely, permit access to it by your staff, and destroy the data when it’s nolonger needed or the holding assets are destroyed, then you will be tomorrow’s headline about data loss.

Secondly, this catalogue of failure will contribute to burying the enforced ID card scheme, or rather, the associated single database which is planned to hold all medical, criminal, and financial records about you, for use by civil servants.  Civil liberty concerns aside, if the government show little regard for the safety of our data when it’s in a de-aggregated form, then how will their IT systems and policies cope with the sort of attack that would follow putting everything the government knows about British people in one place?

Unfortunately, the Government have not taken the data loss stories at all seriously. Ruth Kelly is on record explaining that the loss of 1.5 million learner drivers is “not substantial.”  This means that she does not understand the risks of Social Engineering, a process where confidence tricksters use any trivial information that they know about you, to fool an individual into giving more information.  Claiming that the DVLA data loss is unsubstantial because bank details were not included in the data that is lost shows that the department have no understanding whatsoever of the motivations for stealing personal data. If you take a call starting, “Hi, I am calling from the DVLA about the test you took on the 3rd of December in Cardiff, which you failed - would you like to rebook a test?” then following the potential loss of your records as a driving student, you may have been telephoned by a thief.  Further more any con-man could use the data they have stolen as ‘pretext’ - sharing enough data about you with you in order to make you believe the call was genuine.

I think web 2.0 developers are offering a new perspective on the phrase. There was a time that if I wanted my computer to do a job, I would find or buy a piece of software that was engineered to cause that job to be performed. The Internet and the Web 2.0 culture is changing this model completely. Its becoming the case that the computer in front of me is stupid, and some cluster of servers in MarketPost Tower, San Jose actually does all the work.

Enter Mint. Mint is self described as refreshing money management. Sound like what Quicken does if I install it on my computer, but with the word ‘refreshing’ in front? It’s refreshing (well, different) because to use their software I simply need to visit their website and sign up. Mint will learn about your spending via your online banking accounts, and aggregate your personal finance situation into one simple application. It sounds so simple, and solves no problems that weren’t also solved with personal finance software on the ZX Spectrum. And yet on Launch day just a couple of months ago it won $50,000 in the innovation contest, ‘Techcrunch40‘.

There’s two lessons from this. Firstly, there’s a new blueprint for guaranteed success in the web 2.0 world, and that is if you can take all the features of a market leading piece of traditional software, and build that functionality into a website, then you will be heralded an innovator. But you have to be the first person to do that. So hurry.

Secondly, and this is a lesson that wont be learned by the general public for a while, is that putting your private data in a central place that you do not control, is a weak point of attack when someone wants to learn something about you. Maybe someone wants to target your assets. Maybe the government want a nosey in what you’ve been spending. Maybe a consumer profiling company want to run a survey. They only have to get hold of one set of keys to your mint account, and all three of these groups can do what they want with your data. If my computers were stolen, then an expert would be able to find out quite a lot about me. If I put my data online and it gets stolen, the same can happen. And if everyone puts their data online in the same place, then it becomes very attractive to break in and steal it for lots of groups.