This week’s list of threads starts with a pointer a statement by the International Coalition of Library Consortia on the growing pressure between publishers and libraries over the appropriate rights and permissions for scholarly material. In that same vein, Joe Lucia writes about his vision for libraries and the cultural commons to the Digital Public Library of America mailing list. On the more geeker side is a third link to an article with the experience of content producers creating HTML5-enabled web apps. And finally, on the far geeky side, is a view of what happens when a whole lot of new wireless devices — smartphones, tablets, and the like — show up on a wifi network.
Wandering into public or semi-public wireless networks makes me nervous because I know how my network traffic can be easily watched, and because I’m a geek with control issues I’m even more nervous when using devices that I can’t get to the insides of (like phones and tablets). One way to tamp down my concerns is to use a Virtual Private Network (VPN) to tunnel the device’s network connection through the public wireless network to a trusted end-point, but most of those options require a subscription to a VPN service or a VPN installed in a corporate network. I thought about using one of the open source VPN implementations with an Amazon EC2 instance, but it isn’t possible with the EC2 network configuration judging from the comments on the Amazon Web Services support forums. (Besides, installing one of the open source VPN software implementations looks far from turnkey.) Just before I lost hope, though, I saw a reference to using the open source DD-WRT consumer router firmware to do this. After plugging away at it for an hour or so, I made it work with my home router, a AT&T U-verse internet connection, and iOS devices. It wasn’t easy, so I’m documenting the steps here in case I need to set this up again.
Last week in DLTJ Thursday Threads I posted an entry about running out of IP addresses. Since I posted that, I’ve run across a couple of other stories and websites that bring a little more context to the consequences of last week’s distribution of the last blocks of IP addresses from the world-wide pool of available addresses. The short version: channel any panic you might be feeling into making sure your systems are ready to communicate using both the existing network standard (IPv4) and the new network standard (IPv6).
The Imagined Frequently Asked Questions
This week of DLTJ Thursday Threads covers a wide range of topics. First, from a public policy perspective, is news that the U.S. Senate has a bill proposing the study of an internet “kill-switch” that some are speculating could behave like what happened in Egypt last week. Next, from a technical perspective, is the fact that we’re running out of IP addresses, which is going to make some engineers’ lives pretty messy before it is ultimately fixed. Lastly, from a research perspective, is a paper that characterizes the demographics of users using peer-to-peer for piracy.
Back in the early days of this blog, I had a post on Buzzwords Galore and Bandwidth that May Rival Your Station Wagon. The topic was a “hybrid optical and packet network” being deployed by Internet2 in 2006, and in the tail end of the post text I explained the reference to the station wagon part of the post title:
When you think you have a really zippy network connection, someone will (should?) bring up an old internet adage which says “Never underestimate the bandwidth of a station wagon full of tapes.”
My place of work has installed a VPN that moderates our access to the server network using the OpenVPN protocol. This is a good thing, but in its default configuration it would send all traffic — even that not destined for the machine room network — through the VPN. Since most of what I do doesn’t involve servers in the machine room, I wanted to change the configuration of the OpenVPN client to only send the machine room traffic through the VPN and everything else through the (original) default gateway. As it turns out, this involves tweaking the routing tables.
Image from The Cartoon Bank
The famous 1993 cartoon from The New Yorker has the caption “On the Internet, nobody knows you’re a dog.” The question at the moment is: when you’re on the internet, how do you know you are not talking to a dog? When you ask to connect to a remote service, you expect to connect to that remote service. You probably don’t even think about the possibility that “myspace.com” might not be “myspace.com”. But what if you couldn’t rely on that? How about “mybank.com”? Believe it or not, you may exist in such a world today. Last week, US-CERT issued a “Vulnerability Note” on Multiple DNS implementations vulnerable to cache poisoning. What does that mean? Read on…
Via a weekly wrap-up post by Dion Almaer on the Google Code Blog comes mention of a Google Tech Talk video from their IPv6 Conference 2008. It is a panel discussion called “What will the IPv6 Internet look like?” and it offers insight into the difficulties of transitioning to the next generation IP transport protocol. Although it has been years since I’ve seen the business end of managing an actual IP network, I found the discussion a fascinating look at the issues that are ahead of network engineers and device manufacturers around the world.
Dear future self,
If you are reading this, you are remembering a time when you ran into a really nasty interception proxy1 and you are looking for a way around it. Do you remember when you were sitting in the Denver International Airport using their free wireless service? And remember how it inserted advertising banners in HTML frames at the top of random web pages as you surfed?
A while back we created an LDAP directory to consolidate account information for various back-room services, and when we created it we decided to use the individual’s e-mail address as the account identifier (uid in LDAP-speak). It seemed like the logical thing to do — it is something that the user knows and it is a cheap and easy way to assume that the account identifiers will be unique. This is not uncommon for many internet services, of course.