Jeber’s

When social networks are one-way streets

Social networks are the latest rage on the internet among the technorati. I’ve joined several; Plurk, identi.ca, Popego, nearly all in beta or early development. The two I enjoy and use the most are Friendfeed and Twitter. These services are used by the people I follow the most, technology insiders like Chris Pirillo, Robert Scoble, Louis Gray, Dave Winer and Leo Laporte, to name just a few. Every day they post comments I like and comment on. But this is primarily a one-way street. The posts I make are rarely liked or commented on by them, even though most of them subscribe to me.

The reason for this is that we inhabit two fundamentally different worlds of interest.

Most of these people are in their 20s and 30s and are employed in technology or closely related fields. As I said, they are techo-insiders; they either work for companies heavily invested in cutting-edge technology or they own a brand identified with that world.

My world is a bit different.

My introduction to bits and bytes was in the 1970s, when I enlisted in the Army and was privileged to be assigned to the National Security Agency as a member of the Army Security Agency. There are two primary types of people employed by the Agency, cryptographers and analysts. Cryptographers write and break codes. They are mathematical wizards, comparable to programmers in the software industry. I was an analyst. We took the decrypted intelligence and studied it for patterns and created estimates based on the data we collected. We didn’t break the codes. We tried to make the intelligence useful to our customers. I used a Cray supercomputer for my work and was trained in Fortran and Cobol even though neither was necessary for analysis.

Shortly after I left the Army I moved to Idaho and was uninvolved with technology for the next 13 years. Those years saw the birth of the internet and the development of the personal computer. I was only vaguely aware of all this. I still loved technology but I was totally out of the loop.

It was around 1997 that I once again found myself in San Diego and around those who were fascinated by this fairly new World Wide Web. I was quickly hooked and it wasn’t long before I bought a shiny new Gateway computer with a massive 500Mhz processor and a membership in AOL. I learned as much as I could about computers and in a couple of years I felt I knew enough to want to share what I’d picked up. I found Chris Pirillo’s newsletter and shortly after that his forum. At the same time I joined Scot Finnie’s forum, also based on technology. There I met people whose interests mirrored mine. They were building their own computers and sharing websites they found interesting and informative. While I had accumulated a reasonable amount of knowledge about hardware and computer security that I could pass along to those in the forum, I realized at heart I was still an analyst. My primary interest was in making sense of the various opinions I encountered. I would read and listen to those with more knowledge than I possessed then try to distill that wisdom into something comprehensible to those just getting started. I truly enjoyed being able to pass along esoteric knowledge to those in need, in a form they could easily grasp. In a way I was performing the same function in the world of technology that a priest plays in the world of theology. I was taking obscure wisdom and attempting to make it intelligible to the common man. But where a priest is deeply involved in the world of theology, in the world of technology I was still an outsider. I had an opportunity to listen to those on the inside, but I was not a member of the club.

Primarily through my association with Chris and Scot I’ve been allowed to eavesdrop on conversations I might otherwise have never been privy to. I’ve learned who the influential are. They are those who have worked at Microsoft since the early days, they own start-ups, they write software, they often determine what will become popular among the rest of us users and what will fail to attract attention. They write for industry magazines or have websites that constantly rank in the top 100 of influential sites.

I’m not one of them.

I’m an analyst, a writer. I enjoy writing humorous commentary. My primary focus is social, not technological. I want to make technology understandable to others less out of a love of technology than a deep concern for people. Where once I had wanted to become a priest to bring god to the masses, now I’m a priest of the internet. I want others to get as much out of this medium as I have. My websites are concerned with the social issues I believe are important to humanity. I espouse social reform and technology plays a major role in that.

As a result, my contributions to social networking sites are seldom noticed and rarely commented on. The movers and shakers are focused on technology, I’m focused on humanity. We live in two different worlds that occasionally overlap. Social networks, for me, are one-way streets. I try to make my voice heard above the chatter about the latest service, the newest shiny gadget. But my input is of little value. They know I’m not one of them. I’m an interested voyeur, a watcher, a listener. I’m a simple techno-priest among the internet gods. My understanding is far below theirs.

Still, I love the networks I inhabit. I enjoy my role, even when I post an insight that’s overlooked but widely commented on when repeated by one of the insiders. I’ve learned to accept my position as a guest in the technorati society. I hope others who often feel left out of the conversational flow in their favorite network take my tale as encouragement to stay involved, keep connected. What you learn is as important as what others might learn from you if they would only listen. We can all drive on this one-way street. Some of us just have to accept that this particular road isn’t leading toward our destination. It’s still a fun ride, though.

More on the DNS problem

From the Internet Systems Consortium:

Summary:

A weakness in the DNS protocol may enable the poisoning of caching recursive resolvers with spoofed data. DNSSEC is the only full solution. New versions of BIND provide increased resilience to the attack.

Description:

Thanks to recent work by Dan Kaminsky of IOActive, ISC has become aware of a potential attack exploiting weaknesses in the DNS protocol itself. (Full details of the vulnerability will be explained by Kaminsky at the Black Hat conference on August 7th.) The weakness is inherent to the DNS protocol and not specific to any single implementation. The DNS protocol uses the Query ID field to match incoming responses to previously sent queries. The Query ID field is only 16 bits, which makes it an easy target to exploit in the particular spoofing scenario described by Kaminsky.

Impact:

ANYONE RUNNING BIND AS A CACHING RESOLVER IS AFFECTED.

Immediate action required:

IF YOU ARE RUNNING BIND AS A CACHING RESOLVER YOU NEED TO TAKE ACTION.

DNSSEC is the only definitive solution for this issue. Understanding that immediate DNSSEC deployment is not a realistic expectation, ISC is releasing patched versions of BIND that improve its resilience against this attack. The method used makes it harder to spoof answers to a resolver by expanding the range of UDP ports from which queries are sent, thereby increasing the variability of parameters in outgoing queries.

YOU ARE ADVISED TO INSTALL EITHER THE PATCHES (9.5.0-P1, 9.4.2-P1, 9.3.5-P1) OR THE NEW BETA RELEASES (9.5.1b1, 9.4.3b2) IMMEDIATELY.

The patches will have a noticeable impact on the performance of BIND caching resolvers with query rates at or above 10,000 queries per second. The beta releases include optimized code that will reduce the impact in performance to non-significant levels.

DNS administrators who operate these servers behind port-restricted firewalls are encouraged to review their firewall policies to allow this protocol-compliant behavior. Restricting the possible use of various UDP ports, for instance at the firewalls, in outgoing queries and the corresponding replies will result in decreased security for the DNS service.

Again, DNSSEC is the definitive solution to this type of attack. ISC strongly encourages DNS administrators to deploy DNSSEC as soon as possible to fully address this problem. DNS domain owners that want their data to be protected against spoofing to the end-user must sign their zones. ISP and Enterprise DNS administrators who provide caching recursive name servers to their users should enable DNSSEC validation.

DNSSEC Lookaside Validation (DLV), offered by ISC and others, is another DNSSEC deployment option.

Check your MTU

If your home network isn’t performing as well as your ISP (Internet Service Provider) says it should, it may be because of one small setting in your router that’s keeping performance throttled.

MTU stands for Maximum Transfer Unit. That setting determines the largest packet or frame that can be sent. An in-depth knowledge of how the MTU setting works isn’t required. What you should know is that if this is set to the wrong number, there may be transmission errors and data loss.

There is no standard setting. Your ISP can tell you the setting that works best on their network. Most, but not all, cable providers prefer a setting of 1500, while most, not all, DSL providers recommend 1492. Use the figure your ISP recommends.

To see what setting you are currently using, enter your router’s configuration utility. Usually this is done by entering the router’s address (often 192.168.0.1 or 192.168.1.1-check your documentation) into a browser’s address bar. There should be a tab in the configuration utility for LAN settings or General settings. Look for an entry called MTU and set it at the number given to you by your ISP. Save your settings and exit the router. Then check your connection speed at a site like BroadbandReports and see if there’s an improvement.