09 February 2010
New Zealand's Ministry of Economic Development have released from documents on the ongoing ACTA negotations.
http://news.business.govt.nz/news/strategic/article/9761
Smarter people than me have read these, and found nothing new revealed.
The last round of negotiations was in Mexico - the next round of talks is right here in New Zealand.
quick recap:
ACTA (anti counterfeiting trade agreement) is a treaty currently being negotiated by the world's weathiest countries, including New Zealand. It is officially about things like stopping the fake prada handbags trade - but there's also been leaked documents showing that big media have been asked for their wishlist such as 3 strikes internet disconnection that we protested so loudly against in NZ's s92a of the Copyright act.
It would be disastrous to have stopped such New Zealand laws that give out punishment (internet termination) without trial or appeal, like the s92a did, only to have it implemented anyway via a treaty that our parliament ratifies. Now is the time to make noise.
This need to stop fake prada is so important, it's been classed as "National Security", so none of us lowly citizens are allowed to know what's actually being negotiated. This also is not standard practice for treaty negotiations to be secret.
All Official information act requests, in several countries, have been unsuccessful in finding out what they're putting into this treaty - cos, you know, national security.
The next talks are in Wellington in April - standby for more info later on citizen action.
Quotes from the MED release make it clear, this is a internet copyright treaty:
Section 4: Intellectual Property Rights Enforcement in the Digital Environment
This section of the agreement addresses some of the special challenges that new technologies pose for enforcement of intellectual property rights. Elements under discussion in this section include the availability of remedies:
in cases of third party liability, without prejudice to the availablity of exceptions and limitations;
related to infringing material online, including limitations on the application of those remedies to online service providers;
related to the circumvention of technological protection measures, including the availability of exceptions and limitations;
related to the protection of right management information, including the availability of exceptions and limitations.
Some recent press
NZ trade may face closer scrutiny under ACTA - computerworld NZ
Acta talks in 'bits and pieces' - Dominion Post
NZ has no place in anti-democratic ACTA dealings - Tech Liberty
My blog post from last year on the leak of a draft version of this treaty: http://coffee.geek.nz/acta-its-bad-very-bad.html
08 February 2010
I used LGOIMA, the local government equivalent of the Official Information Act, to request details on how much revenue Auckland City council and the Auckland-area collective geospatial body made from geodata sales. Today I got the PDF of their response. Neither Auckland City nor ALGGi have made much from the sales, and I suspect the opportunity cost of the paywalled data far exceeds all their revenue to date.
07 February 2010
Q: why do baby clothes have pockets, but women's clothes do not?
A: bebe can carry my cellphone for me.
If you're going to use Clip Art, you might as well make it open... "This project aims to create an archive of user contributed clip art that can be freely used. All graphics submitted to the project should be placed into the Public Domain according to the statement by the Creative Commons. If you'd like to help out, please join the mailing list, and review the archives. " http://www.openclipart.org/
btw, i won again.. i wouldn't mind being defeated by Jo, but couldn't let myself lose to mauricio.
It was my first evening out on my own since Casey was born - i was mega tired, and i had no time to prepare. basically had to make it up. sadly I missed out a bunch of stuff i wanted to say about OLPC and ACTA.
my summary of the other speakers:
Miraz: apple will take over the world
Mauricio: microsoft will take over the world
Me: robots will take over the world
Jo: non-geeky people will still not take over the world
Phillip: you're all predicting the obvious
this was organised by the ppl at http://up.org.nz, who alas haven't updated their website with anysummary 2 weeks later. there was someone filming the talks, but these never seem to make it to the web either.
so, you'll have to take my word for it
04 February 2010
The verdict is out in the case of numerous media/entertainment companies versus an ISP over in australia.
The entertainment companies wanted a ruling that an ISP is responsible for the actions of their customers - so they sued an ISP for "allowing copyright infringement to occur".
Now, we can't have that. If someone breaks copyright then they should be responsible for their own actions, not their ISP, not the mail service, not the maker of the fax machine, not the people who built a photo sharing website.
Commonsense prevailed, and the judge ruled in favour of the ISP. The entertainment companies now must pay the ISPs legal costs.
I've picked some of that commonsense from within the judge's ruling:
In summary, in this proceeding, the key question is: Did iiNet authorise copyright infringement? The Court answers such question in the negative for three reasons: first because the copyright infringements occurred as a result of the use of the BitTorrent system, not the user of the internet, and the respondent did not create and does not control the BitTorrent system; second because the respondent did not have a relevant power to prevent those infringements occurring; and third because the respondent did not sanction, approve or countenance copyright infringement.
On the incorrect use of the word "theft" to describe copyright infringment:
As an aside, the Court notes that AFACT, the organisation which the applicants use to aid in enforcement of their copyright, itself blurs the distinction between tortuous copyright infringement and criminal acts involving copyright, as seen in its name: Australian Federation Against Copyright _Theft_.
yup, copyright infringment is copyright infringement. Theft is something else. There are many illegal actions that deprive others of income, such as crashing a car into their work vehicle; blocking the entrance to their shop; slander; violence; - many actions that can cause someone to lose income, but that doesn't magically make their actions equal to theft. It's illegal, but theft is a different crime. The language we use to describe copyright infringement is important. We should not let extremist frame the debate in incorrect language. They're not thieves, they're not pirates, they're "copyright infringers".
Scenarios where I firmly believe that copyright infringement is not wrong include: Copying a movie you own on DVD to your ipod touch to view on a long plane flight later; Quoting from a text book to prove a technical point; Circumventing copying restrictions so the visually imparied can access a text/artwork; Backing up your ebook collection;
AFACT is the Australian version of NZFACT, the group who lobby for draconian laws in NZ
The judge also comments on AFACT's unwillingness to even stand behind the accuracy of their accusations in infringement notices, yet they demand ISPs act on them:
The AFACT notifications are not statutory declarations, nor do they have any statutory basis. At no point did [AFACT director Neil Gane] swear to the truth of the allegations contained in such Notices. At no point does he state that he personally had taken reasonable steps to ensure that the information and statements in the notice were true and accurate.
These folks want ISPs to cut off their customer's internet access, based on accusations that they're unwilling to even declare as accurate. This illustrates one big reasons why ISPs are uncomfortable with these "three strikes" laws. Who is liable when the accusations are wrong? The ISP can see you're downloading some data, how are they to know it is a piece of Sony music without permission, or a recording of your nephew playing violin? If they get it wrong, what next? or an even better question: since when was it okay for your ISP to spy on your internet traffic? Is someone's copyright enforcement really more important than everyone's privacy?
New Zealand's own APRA believes that "Without the content industries, the internet would be empty."
The judge in the iiNet comments on this claim:
T]he claim made throughout these proceedings that bandwidth usage or downloading is somehow necessarily, predominantly or even significantly copyright infringing, is simply not established on the evidence. The Court finds the applicants’ attempt to cast a pall over internet usage, such that it is assumed to be infringing, unless otherwise shown, is unjustified.
Creative freedom have a longer transcript of these inflated sense of self that media companies have
quote from AFACT directory Neil Gane
"[W]e believe this decision was based on a technical finding centred on the court's interpretation of how infringements occur and the ISP's ability to control them."
and response from Boingboing:
Ah yes, technical findings, as in, technically, your theory that ISPs have a duty to spy on all their users and shut down anything that you don't like was technically incorrect, because it is a technically insane idea.
via:
http://creativefreedom.org.nz/story.html?id=462
http://www.boingboing.net/2010/02/03/awesomely-awesome-au.html
http://robertcorr.com/2010/02/afact-v-iinet/
http://techdirt.com/articles/20090720/0233385600.shtml
i was late to work today (food poisoning all night, not fun), so it was me that answered the phone at 9am.
background info: plunket is new zealand's non-government community support service for babies/infants.
them> I'm calling from plunket. we have a weekly mothers group starting up at [2 blocks from my house], for mothers with babies the same age as your Casey
me> I'm working fulltime right now, would it be at a time i'm likely to get there?
them> oh, no, it's in the middle of the afternoon. oh well, i can still add you to the mailing list.
me> well, my husband is a fulltime father, is he welcome at this group?
them> oh yes, it's for parents, even though i said mothers. we should change the name. infact i'm changing it right now. it's a parents group, not a mothers groups.
heh.
Yesterday, while preparing my rice noodles, tuna and sweet-chilli sauce for lunch, I realised I had misplaced my fork. And there were no other forks in the lunch room drawers. Blast. "Oh well", I thought; then grabbed a spoon and went and enjoyed the meal. Once finished, I realised that, actually, the spoon hadn't actually been that hard to use. In fact, it had worked well - better than I expected it would. Then it occurred to me; if the fork had not gone missing, I would never have even tried using the spoon - believing it to be 'not suited for purpose' (to use a tech business term, if I may). I made a mental note to blog about this wonderful thought - the inspirational missing fork - completely unaware that Don Christie (President, NZ Open Source Society) would make a similar comment today on the NZOSS Openchat list: "..the idea that there are multiple platforms and options is as important as how to use an inidividual platform." Indeed, how often do we not even think about the possibility of an alternative being completely worthy of performing a given function only because we always had a 'fork' at our disposal. The trick, I guess, is to look around now for an alternative before the proverbial fork goes missing (or becomes unavailable/unusable for some reason)....
02 February 2010
 If you've ever tried to find the batch processing features in The Gimp, you'll probably have worked out that they don't exist. Phatch might be of use for you if you want to edit more than one image at a time. It's a photo batch processing application that could save you quite a bit of time. It includes:
Enjoy: Wikileaks is taken down. Not because of any great free speech or copyright scandal but because they can't pay the bills:
http://news.bbc.co.uk/2/hi/technology/8490867.stm Telecom to pay nearly $5 million compensation to customers affected by last week's XT outage, just as Taranaki has a new outage:
http://www.stuff.co.nz/business/industries/3283981/5m-in-Telecom-XT-compensation As of next year, the Danish Parliament will ditch some Microsoft- based software in favour of ODF standard support:
http://www.theregister.co.uk/2010/01/29/danes_ditch_microsoft/ And finally. Now we know what colour dinosaurs were - or at least their feathers. Reds, blacks, browns & greys in various patterns:
http://scienceblogs.com/notrocketscience/2010/01/what_colours_were_dinosaur_feathers.php Vik :v) Diamond Age Solutions Ltd. http://diamondage.co.nz
So lately i've managed to attend a couple of geek-conferences (Kiwicon late last year, LCA2010 this year) and the appeal of smartphones is starting to wear me down.
I've steered away from the smartphone world, mainly because I was able to get away with a very basic handset and still have access to it while at work.
The rules have changed, I'm basically not allowed my mobile on me at all times now @ work, so that side of things is now moot; i'm left considering my situation when i'm not at work.
Thus i'm currently rocking the Motorola K3:
Which being a Motorola Flip, is fairly reliable. It has 3G, which means i can actually surf the web from it (no javascript support!) and send/receive email (if you can be bothered with using a number pad data entry style). Unfortunately it's not much good for either in any great volume.
It does have a 2MP Camera; it does Bluetooth. And those are the main things I do with it, aside from SMS and Telephony. I also have one of these...
... being the Palm Z22, as my 'current generation' Palm Pilot (i've had PalmOS devices since my Handspring Visor...) - the Z22 basically is a diary and phonebook for the stuff I can't do on my phone. I'm also not meant to have the Z22 at work, either...
(I have a work-issued Blackberry from which I use the calendar (because it tracks my professional appointments as well as the relatively small number of personal ones I use) and because it's permitted to carry it on me in more places - but I rarely use the work phone for personal reasons (I have to refund the cost of doing so) and my personal cell number has been with me a lot longer than my current job.)
So what I'd really like, then...
.. Is a Bigger Screen,
A more flexible web browsing experience via 3G or Wifi,
A QWERTY Keyboard,
read more
In his thoughtful post, The free software way, Richard Fontana (open source licensing and patent counsel at Red Hat) highlights the importance of the bundle of legal rights that make software “free as in freedom”. These are the broad freedoms that users have to view the source, copy, modify and redistribute the software. The four freedoms, embodied in licences such as the GPL, are the foundation on which our rights as users rest. He points out that the term “Open Source” fails to capture the central idea of this bundle of rights.
But are these rights enough?
The Public Sector Remix project, aimed at bringing contestability back to the public sector desktop, highlighted the importance of what I have come to think of as “the fifth freedom”—it’s not enough for the software to be free, the documentation must be free too. On the desktop, this means adopting not just a free software stack, it means adopting open standards in general and ODF in particular.
It is encouraging to read that Danish state administrations will adopt ODF and let’s hope New Zealand follows their lead sooner rather than later.
But why would a business user care about software freedom? For customers, free-as-in-free-speech software delivers free-as-in-free-market software. As a consequence of the 4 software freedoms, customers get 4 business freedoms:
- Choice: freedom to choose software that does not dictate a particular vendor or require a particular infrastructure
- Independence: freedom from lock-in or vendor capture so that we can enter and exit technologies based on business needs
- Flexibility: freedom of action so that choices made today don’t limit our choices tomorrow or require others to make the same choices we have made
- Control: freedom to control the software and use or modify it as we see fit, and to collaborate or share with others
Proprietary software is designed to take away the 4 business freedoms. Buyers considering proprietary alternatives to free software need to be sure that any short term benefits exceed the long term costs.
31 January 2010
thanks to the ninjas who migrated geekspeakr.com from Drupal5 to Drupal 6, and to a happier server during LCA2010
quote from Liz Henry, who really enjoyed the hackfest:
It was like Christmas – I hung out with kick ass open source people all day long, heard great talks, gave a talk and asked for more coding and development with other women, and then got to do that very thing with people I greatly admire!
and thanks to Catalyst for the use of their boardroom and intarwebs.
I’ve just released a new version of Logstalgia, my website access log visualization that looks a bit like Pong if only it had been created by Jeff Minter. Logstalgia is also referred to as ApachePong (referring to both the Apache Web Server and Pong) which is a much better name, but also covered by multiple trademarks.
Here’s a new video to go with it.
The song is ‘Depart’ by Tekno Eddy, which I found on ccmixter.org, which is a good place to find Creative Commons music that people actually want you to use (with attribution) in your Youtube videos.
The new version of Logstalgia adds a bunch of features back-ported from Gource, like being able to seek to a point in the log file, and the much needed PPM output support for making videos that was probably the biggest feature missing originally.
Go get it!
29 January 2010
Metro WDM for the fiscally prudent – Simon Blake
- CWDM – Split into various bands – uncooled lasers -
- Single mode fibre – G.652c ideally – coloured optics – components
- DOM/DDM support (SFF-8472) – query SFP and see what signal level it’s getting (over or under strength )
- 1-8 Channel MUX/demux – 8 channels 1471-1611 over a pair of fibre
- Cisco 8 port mux/demux $6k/end ,
- ebay 8 port mux/demux $800-1000/end
- Direct import 8 port mux/demux $US 550/end
- 2 x 10GE on one pair – 2 channel 1310-1550 CWDW splitter (mux not a splitter) – $40 kit on direct import – vs numbers above
- 1×10GE on single fibre- optical circulators $NZ 1000k , $US14 imported
- 6 node network, 4 dark fibres – $27K
- Trying to solve problem with lots of small hops, upstream building losing power (unpowered gear)
- Pros: Multiprotocol, Perf/Security/reliability
- Cons: Short Haul (sub 120km) , only 18 channels , Doesn’t do >10GE per channel, You need fibre
- Direct Import Pro: cheaper , especially in bulk – design flexability
- Direct Import con: No support except swaps – Freight – Language/Culture chellenges
- traps – Waterpeak , Wideband receivers , Near end reflection , Avaibility of 10GE optics – DOM (ask for it) and untrusted optics – Measurement equipment/Circuits recording – Link Budgets and insertion loss
Monkeying around on the APE – Michael Jager
- Plug in new port at APE and found things very open
- PAcket sniffer + APE – should see boracast and traffic desinted for me
- What did sniffer see – lots of APE for non-APE address space – DHCP
- Borrowing transit – see how many networks will accept packets – 46 out of 75 will accept frame from unknown address detinated for their MAC
- 3 ports provide proxyarp for random address
- How many networks have an interface in your mngt network?
- 6 will accept for 192.168.1.254
- Customer can try and grab as many packaets as possible across cheap APE link rather than expensive transit link
- Possible things untried – ARP spoofing – responding to un-answered ARP requests (old BGP session of removed neighbour ) – respond to DHCP requests
- Speaking OSPF to OSPF-speaker – sending TCP RSTs – sending IPv6 RAs and answering IPv6 RS (like DHCP but for v6)
- Read IM2tubes slide from Jonny and Philip’s slides from Monday
- AMS-IX configuration guide
- Don’t take packet from IXP if you arn’t expecting it
- Don’t announce IXP network from anywhere
Announcement at start of session that Telecom New Zealand now has an official Interconnect/Paid Peering Policy and Contact. Details to be Published. Ask Greg from Telecom for help.
Internetnz Update – Jordan Carter
- General updates and new structure, new CEO
- 4 main areas ( Openness, rights and responsibilities, security)
- IPv6 Task force , replace steering group
- Copyright – replacement policy looks better, but sneaky changes might come back
- ACTA – Key concern , lack of transparency, http://www.acta.net.nz
- DIA filtering – voluntary and uses BGP . Give webpage, can report false alarm
- Filter – only http, erodes end-to-end , privacy concerns , might be later abused (scope creep)
- Filter – Send signal that “The government has made the Internet safe”
- Internet opposed – DIA unhappy with that angle
- Fibre Stuff – “Last day for 1.5 billion lolly scramble”
- Regional Networks or one big National Network
- Hard to tell what will happen – Similar exercise in Aus and Govt went back to drawing board
- What happens to International Bandwidth?
- Please join, followon twitter http://twitter.com/internetnz
APNIC update and much more – Elly Tawhai
- Over 2000 members
- 1400+ monthly helpdesk enquiries ( 55% growth since last year)
- Allocations around 100 per month
- Various Policy changes coming up – Prop-050 (xfering address space ) , Prop-073 (sinple IPv6 allocations – 1 click) , Prop-074 (32 bit ASNs treatment same as 16 bit ones pushed back a year) , Prop-075 (recover historical ASNs)
- Policies under discussion – Prop-78 ( Final /8 , only people deploying ipv6) , Prop-079 (abuse contact info in objects ) , Prop-080 ( Removal of IPv4 prefix exchange policy )
- Several more allocation policies in pipeline
- Recent Survey leading to priorities
- Various my.apnic updates (web services even), support of research
- More DNS root servers (Taiwan , Mongolia)
- Please Participate
RIPE News – Tools and news – George Michaelson
- RIPE used to be a research place and then became a RIR. RIPE labs is a return to the past
- http://labs.ripe.net
- Platform to test and evaluate new tools, feedback cycle
- INRDB – big cloud of assignments, table dumps, dumps
- Resource explainer
- Various measurements , visualisation and links to tools. DNS reply size tester
- Why – fast turnaround, engagement, no service g’tees
IPv6 flow chart – Nathan Ward
- Make decission which IPv6 or IPv4/Ipv4 translation technology you should use
- Tunnel Broker, 6to4, 6RD, Teredo, Dual stack lite, Double NAT, Dual stack
- Other stuff that I wasn’t paying attention two
- IPv6 addressing schemes
- Sparse allocations
- gives a sample which I won’t copy, look at his slides
- Customer assignmesnt. Nathan likes /56s or RFC recomended /48. Take your pick
Andy is Curious – Andy Linton
- Are Universities turning out the right people?
- Good at turning out applications programmers not systems programmers
28 January 2010
DNSSEC at the root zone – Joe Abley
- ICANN – Manges the Ket-signing-key (KSK) – accepts DS records from zone operators – sends update to DoCfor auth and to veriSign for implimentation
- DoC auth changes and Verisign impliments the change
- New process has Verisign signs the keys. V gets a few weeks of of KSKs that Doc signs in batches beforehand
- DNSSEC Practice Statement – describes procedures, currently drafts
- Around 20 Community Trusted Representative ( TCR ) have an active roll in the mangement of the KSK
- 2 copies of the Keys, west coats and east coast. Plus distributed backup
- “ceromony” for each step in procedure, required what you do and how many people and which people are present.
- Similar to what x.509 CAs do
- KSK is 2048 RSA key rolled every 2-5 years ( RFC 5011 but not all have that support) - Signature using SHA-256
- ZSK is 1024 RSA key – signed with NSEC – rolled 4 times year – Signature is SHA-256
- Time cycle every 90 days – ZSK overlap of a couple of weeks
- Root trust Anchor – published in XML document with constant URL – plain DNS record – PKCS#10 cert CSR , as self signed pub key, signable by others if they want
- DO=1 part of EDNS0 – says client wants DNSSEC – many clients set bit even though most won’t really want them right now – will cause all queries to jump in size
- Hard to sign root and then rollback
- Staged deployment – Start servering DNSSEC for 1 root server at a time – L-Root first, then A, then the others with J last
- DURZ – Unverifiable key published as placeholder
- Measurement – Packet captures , diologue with operators – wide range of pre-testing with various software – test with clients that drop large packets
- DS change requests – TLD procedure to be decided – DS requests 1-2 months before zone published
- http://www.root-dnssec.org
- Timeline – Test key signing Dec 2009 – Jan 2010 . Jan – July 2010 roll out signed roots . July 2010 Full Production
- Lots of documentation on website
- Indication of big jump in tcp queries presumably because udpreplies are too big
ENUM – Jay Daley
- Why Doesn’t telephony work like email?
- Email you choose how to published your email record, where to host, what emails to accept, can outsource, totally in control
- So IP telephony should be easy too?
- Unfortunately not
- Non site-local numbers MUST go to telcoto get delivered
- Missing – single , global directory linking telephone nmbers to voip numbers
- This is ENUM . Telephone Number -> Domain Name – Simple Algorithm – e164.arpa – 04 931 6970 -> 0.7.9.6.1.3.9.4.4.6.e164.arpa
- Won’t be typed, Translation done by a device – people still type out over fashon numbers
- Register your number, create zone. Add NAPTOR records to DNS zone. Special records to specifiy endpoints (usually sip records), receive calls
- NAPTO records do interesting stuff . eg “dig +short nsrs.tel naptr”
- how? Option 1- enable on your VOIP PBX that is internet connected
- Option 2 – on session border controller – “enterprise”
- Option 3 – ENUM proxy ( if existing SBC doesn’t handle enum)
- Registration process – not same as for domains since numbers already registered – needs authentication
- Various methods of authentication in different places
- No ENUM in NZ . Available in UK, Holland, Ireland, Germany, Austria but not significant takeup
- Reasons for lack of takeup in those countries – lack of mindshare – hostility from telcos
- Why not in NZ – TCF 2006 report – Privacy issues (but only publish what you like) – Emergancy services access (no idea where callers are) (but all VOIP has problem ) – Polcy/Goverance – “Carrier Issues”
- ENUM isabout control – movingit from carrier to you
- Key users – Call centres , ENUM instead of 0800 – Large supply chains (mandate VOIP ) – Multiple sites , simplyfy provisioning
- Won’t happen without demand
- “On the Internet voice is just another application”
- Significant political and commercial resistence from Telcos
Day in the Life of the Internet – Sabastian Castro
- 4 years of DNS data
- DITL motivation – network measurement – collection of data from DNS root servers – yearly since 2006
- More and more root servers, Alt root servers, gTLDs etc passive traces, 48-72 hours
- concentrate on root server data
- Pick best 24 hours out of total window
- 4-8 billion queries, 3-6 million unique clients – sm5-12% recursive queries
- Mostly A queries, AAAA increasing due to gluerecords being added (why are IPv4 clients sending AAAA queries when they probably won’t/can’t use)
- 70% of clients are EDNS are capable ( 90% of these are D0 enabled )
- However clients sending lots of of queries (probably broken) have good support – But clients that query less have lover level of support
- 10 invalid TLDs represent 10% of queries ( .local , .localdomain , wpad , invalid , home , belkin , corp , lan )
- Impossible to track down
- Most queries from NZgoing to Auckland root and Brisbane root but some going to overseas servers (those might be use simple round-robin picking)
- Lessons – Data collection is hard – clock skew , dat loss , wrong command line options , bad network taps
- Data management – moredat , more participants – more formats – big effortto normalize data , fill gaps , fix clock skew .
Lightning Talk
- Geoff Huston – Stateless TCP and DNS
- TCp limitations – Rough a high load
- UDP Limitations – Requires IP fragmentation
- Problems when response bigger than MTU , Fragments of UDP IPv6 often dropped. Switching to TCP drives up load again
- Simulate UDP with TCP – do minimal crappy respose to fill headers
- Ignore options, server doesn’t retransmit, ignore anything else from client, just closes connection
- No reliability, No Flow Control, bad Idea but seems to work
- Olof Kasselstrant – IXOR
- Small IX in Malmo and Copenhagen (2nd site being looked at)
- DIX only IX in Denmark
- Sponsors for Fibre and Equipment
- Exchange in 2 countries. Does it affect “must peer in 4 countries” agreement.
- Dream to be in 4 sites soon
- CCIP – Barry Brailey
- Getting out of rewriting Microsoft patch notices
- “investigation and analysis” function being dropped
- Infomation and Alerting – website , newsletter, alerts – alerts targetted and highish threshold -
- Outreach and partnering – main function – lease with overseas certs – talk to various groups – Education: presentation, newsletters, exercises (CyberStorm III – volenteers )
- Security Information exchanges – Various groups – traffic light protocol – Looking at some new forums – Maybe ISP SIE
- Cloud Computing for Service Providers – Richard Wade
- As a service provider – should I care?
- Infrastructure Foundation (Cisco, EMC, HP)
- Infrastructure as a service (Amazon , Sun , Savvis )
- Platform as a swervice (Amazon, MS Azure )
- Software as a Service ( Salesforce, Google apps)
- Integrate mngt ( network, servers, hypervisor, storage ) – unified fabric
- Why and Why Should I care
- Customer Ads – Eliminate Capex – Reduce Opex – IT as a utility
- Customer Probs – No LAN apps (overseas often) – WAN now biz critical – Operational relationship with overseas provider – Legal jurisdiction of data
- Service Provider ads – Understand managed services – Existing datacentres and infrastructure – OSS , process staff and contacts – SLAs – Domestic provider
- Sp Probs – Managed cust revenue declining – Race to bottom? – Increase International transit – High expectations of quality and relaibility
- Lame aternative IX Update technique – Simon Blake
- New system to update filter lists for IXs
- Citylink can instead download list of networks from customer URL
- Pulls list daily
- If diff email for confirmation or action it immediately
- ALTO – LLyod
- Helping p2p users select local/nearby peers
- GeoIP and anycasting – rough
- ALTO allows ISP to provide application, localtion, routing information, charging information, performance.
- ISP puts on network some servers (itrackers) that deliver to p2p client the policy information
- p2p caches (very close to edge) can be advertised
- No currently in use in the wild
- IPv6 taskforce – Dean Pemberton
- Internetnz+ MED
- TechSIG – 3 Hui in 2009 – Aimed at CIO/CTO – Went really well
- Looking at more training (session in 2009 already)
- Other things Task Force can do?
Building a Datacentre for less than $1 million – Gerald Creamer
- When it’s your own money you care so much more
- Had to move datacenter to another building
- Short is that you can’t do it for less than $1m
- Significant cost areas – Physical – power – cooling – network – time
- The right building – 18 m search – 100 sites looked at – 7 sites investigated – 4 site due diligence
- Engineers – “consultation” vs “converstaion”
- First culling – all concrete – Not ground , not top floor – Strong 5kPa – high stud – no sprinklers – built between 50 and mid-80s – CBD fringe
- $400 per m2 to strength building
- 2nd culling – close to street transformer – shorter power cables runs in building – shorter pipes for colling – outdoor space – generater space – near data networks
- Useful – friendly landlord – nice bank – recession (kean landlord)
- Save money – quality pre-owned hardware – “free” stuff – Ask experts – do some stuff yourself – Get experts to do others
- Cables up abandoned lift shaft
- 2nd hand generator – not as large as final requirement but bigenough for current build
- Room to upgrade UPS, generator, cables and space spec’d for more
- domestic meters to measure power in each rack
- Process Coolers (cheaper) 28KW each $1500/KW cost – $70k of aircon for $7k – check serial number with manufacter to find product history
- Seismic Bracing – $30k
- Helped corps clear out datacenters they were moving out of rooms ( “make good” on leases) and picked up some equipment
- Citylink and Telstra provisioned fibre. Telecom less helpful.
Enjoy: The evidence for the recent spate of attacks blamed on China appears to be dodgy at best. An algorithm allegedly Chinese is in wide use:
http://www.theregister.co.uk/2010/01/26/aurora_attack_origins/ A free consignment of refurbished OLPCs is going to Haiti to help kids as 75% of the schools have been destroyed:
http://www.eweekeurope.co.uk/news/olpc-sends-refurbished-laptops-to-haiti-3130 The Apple iPad has an optional keyboard dock and will work with existing bluetooth keyboards:
http://www.engadget.com/2010/01/27/ipad-has-optional-keyboard-dock/ Now 3D printers can theoretically print 2D printers that don't depend on expensive consumables, a project starts to build an Open one:
http://openprinter.wikia.com/wiki/Openprinter_Wiki#Welcome_to_the_OpenPrinter_project The Foresight Foundation announces a US$80,000 prize for the design of a better RepRap 3D printer. An interim $20,000 is also on offer:
http://objects.reprap.org/wiki/GadaPrize Telecom's XT phone network goes down South of Taupo again:
http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10622743 LG Show their 19" flexible e-paper screen off. That's an A3 display. An 11.5" version is to go to mass production soon:
http://www.lgblog.co.uk/2010/01/21/lg-display-unveil-worlds-largest-e-paper/ And finally. Now botulism toxins are being produced on the black market, you can mail order very large quantities from China:
http://www.newscientist.com/blogs/shortsharpscience/2010/01/pity-the-biowarrior-starting-i.html Vik :v) Diamond Age Solutions Ltd. http://diamondage.co.nz
IPv6 deployment scenarios – Brian Carpenter
- Assumed v6 deployed by v4 ran out
- change transition model
- More internetworking than original ipv6 design originally anticipated. Assume v6 clients will need to access v4 servers forever
- Tunnels – Dual Stack Lite ( share ipv4 addr amung custs by combining UPv4-in-IPv6 and NAT, Driven by Comcast BB model ) – 6rd ( blend of 6to4 and ISTAP providing atumatic tunning of IPv6-in-IPv4 to ISP subscribers. Deployed by Freenet.fr)
- Older mesh and hub+spoke models also documented.
- NAT64 – old NAT-PT deprecated
- NAT64 – millions of IPv6-only custs needing access to IPv4-only services
- NAT64 only solves 1 problem – cannot be met my dual-stack – DNS64 dns server creates AAAA of site only with A record. Packets to NAT64 box and translated
- Various problems. 7 ietf drafts. Only solving since case
- V6OPS WG- Emerging Service Provider Scenarios for IPv6 Deployment – ID and survey ISPs then publish draft 03/2010
Rapid IPv6 Deployment in ISp Network – Skeeve Stevens
- AIM – Get people to use IPv6
- eintellego runs ISPs
- What stopping ISps implimenting IPv6
- Why not? – Too expensive , bigger ISPs yes, smaller ISPs perhaps not, NOT expensive to do enough to be able to play with it
- Why not? – Too Hard – Lack of internal skills – IPv6 is NOT hard, cisco admin should be basic IPv6 in 2h and IPv6 BGP in under a day – Play now or else you will be overwhelmed later when everybody is yelling
- Why Not? – Don’t know where to start – Start with a external co-lo box in the US – Allocate small amount of time – Get access to a lab – Start at the border
- Why Not? – No one asking for it – True enough – Don’t know about Ipv4 exhaustion, but they will
- Why Not? – Little vendor support – improving – DSL CPE equipment getting better – Carrier Grade NAT ( CGN/LSN)
- Why Not? – What is IPv6? – From Many IT professionals – Integrators have minimal experience
- Why Not? – Who can help me? – commerially, very few people – Some training courses – Community helps
- IPv6 is big, break it down into stages
- Experiment Externally
- Get allocation from APNIC
- Enable your Edge (BGP)
- Enable Core
- Enable desktop
- Enable your hosting
- Enable Operation Support Systems
- One hosting company just took 1 week
- Very rapid training, just a couple of days
- Simplified addressing – short to medium term – rapid deployment – format – 2406:9800::F:203.18.102.99 – Use F0 instead of”F” for next pop – Using /128s will increase routing table – “chazwazza” is ipv6 equiv of “octet”
- We use /64 for all end customer assignments – static routes to make v4-in-v6 work
- NTP might not work
- Some security concerns
- Go through commons OS, Daemons, Hardware ( phones, printers, UPS, gameboys)
- Might have to tunnel
- Hassel carrier if not provided
- Hassel vendors if they don’t work
- Some parts won’t happen overnight
- Predictions – Telstra selling IPv6 mid 2010 – Resource rush to grab IPv4 IPs while they can , surge in APNIC membership – exhaustion brought forward – secondary market will come – APNIC will lose control
Simply allocation of ipv6 addr to ipv4 holders – Elly Tawhai
- Policy 73
- Encourage greater uptake of IPv6
- An APNIC member with IPv4 allocation is eligible /32 . Member with assignment gets a /48
- One-Click IPv6 from my.apnic.net
NZ/IPv6 from (offshore) DNS – GGM (no name)
- Passive tap on DNS servers – spot reverse lookups for in-addr.arpa
- Capture all DNS in 1 day look for NZ IPs
- 1 in 10,000 lookups are doing IPv6
- 1 in 200 queries for DNS using IPv6
- 87.5% active delegattions in 24 hour period
- 45% of V6 networks live in 24 period
- 52% of v6 is Macs
- IPv6 not on the phone
- 6to4 common even with providers that do IPv6 native
Things running late so IPv6 panel skipped.
NZ Internet Task Force – Paul McKitrick
- Out of Cyberstorm planning session – “what to do about botnets?”
- Task Force has Steering Committee
- Trust is essential – New members vetted – slow growth of membership
- Protocol on how widely specific pieces of information can be shared
- Information sharing – networking – training courses ( honeynet, shadow server foundation, team cymru )
- Focus areas – Telecommunications (telecom honeynet, Uni grads seconded to telecom, Walled Gardens) – Research (Botsearch.py , VUW honeynet , data Brokerage ) – Stretegy ( Phishing site takedowns, Nat Cyber Security day 2010 , NZ Computer crime and Secuity project )
- NZ Ips sending 110 million spams per day
- Why – good for “.nz inc” , Opportunities for research, networking, conduit for disclosure
Bits on a Budget – Perry and Jamie
- chellenging the belief that PCs running linux useful only for slow, small, un-important routing jobs
- changes in last few years means this may need to be re-evaluated
- What changed – PC Arch, Intel stopped sucking , Quick Path Interconnect , PCIe , Multicore – Substantial improvement in Linux – Multiqueue RX/TX to take advatage of multicore
- Intel x520 10 GigE cards – Significant hardwareoffload – TCP segmentation, generic receive offload , checksumming , multiple input/output queues, input flow director
- Well over 10Gb/s to hardware from CPU to IOwith PCIe
- Server $9k – Dual intel x5570 – 6 x 4GB DDR3 – SuperMicro X8DTE with 1 io hub – Server grade redundant PSU – NIC $3k , 2x Dual port Intel x520 10GE Nic + optics – Debian Lenny – Linux 3.6.32.5 vanilla
- created traffic generators as test setup – 45 machines
- 1 sender 1 receiver ( 11 boxes to 11 boxes ) – 9.8Gb/s – 1.2Mpps
- 2 senders , 2 receivers – 18Gb/s [ missed getting other stats but saturated links ]
- 3.5Mpps before collapse , PCIe thrashing, NUMA inefficiencies , Young NIC drivers
- Bridging instead of routing – L2 filters – performance approx same as IP routing
- firewalling – Stress box with lots of small TCP connections (hard to create, generator needs to hold up 100s thousands of sessions) – Open, receive 4k data, close – lots of tweaks to create traffic – Conntrack entrydefaults to 65k, upped to 10mil-
- firewalling – 150,000 connections/second reached ( 5Gb/s)
- firewalling – without contrack – saturates 10Gb/s
- Number of Rules in Fw – 10Gb bi-directional , packetloss at 128-256 rules , no tuning – double that for single-direction – test has each packet going through each rule
- Do you need to be an expert ? – If very fast, very cheap, then yes
- Vyatta busy making this very easy – only pay for support, software is free
- GigE (even lots of ports) is pretty easy
- What experts do – Results over 90GB/s ( 40 in , 40 out ) on current hardware – People investigating for commercial reasons
Secure BGP – Geoff Huston
- Anything evil is possible on the Internet
- If I was evil , Through routing I’d attack DNS and forward to interceptor web server. Attack NZ based banks overseas so appears ok here
- Through routing attack – route registry system, DNS root, trust anchors for TLS, critcal public servers, overwhelm routing system
- Large networks advertised ( /8s etc) by various networks with no ovious reasons why. Same with AS numbers – v6 too
- Nobody notices or cares about bogus routes beingoriginated
- today’s networking is very insecure
- Easy to – grab traffic , drop traffic , added false addresses to routing system , isolating or removing router from system . Don’t need to hack router just inject false routing information
- what to do – protect you routers – standard security ( ssh access, maintain filter lists, user accts mngt, access log maintenance, snmp acls , etc )
- what to do – bgp filters, md5 , passwords, prefix limits, watch out for errors causing bgp session to reset or come down – look at Rod Thomas’ BGP config templates
- what to do – Check validity of routes your customers as you to route before adding to access control
- alternatively – can BGP check each update to make sure it reflects the way things actually
- RIRs sign who owns IPs , so routing changes for that network are in turned signed, resource certifcates. sign derivtive certs for sub-delegations of that resource
- “AS 65000 can route 192.2.200.0/24″ signed by the owner of that network.
- What about path validation (signed AS above can just be prepended). A bit harder. – some progress and funding and test implimentations
- Solution must cope with “partial use and deployment” , some good players will not use it any time soon.
- Partially secured enviroment may be more operationally expensive but no more secure than what we have today.
- Trust hierarchy is a “concentrating of vulnerability” – single point of attack
- Only what to achieve useful outcomes?
- Perhaps just anomaly detection to spot a large percentage of the problems
- Will need key management systems and processes within companies like with website SSL certs
Trends in Cybercrime – Marcel van der Berg
- Plenty of bots in NZ
- Few comand and control servers in NZ
- Approx 5000 unique IPs in NZ seen each day – trending up slightly long term
- Increase in http botnets vs IRC botnets more static – around 500 controllers
- C&C servers – IRC based in US and Eu – http based US , China , Russia
- 1 million open recursive DNS servers just used in 1 attack
- Resurgance of “pay per install” business – stable botnet platforms offer lucrative models
- “dumps” – information on magnetic stripe card – reseller network – from ATMs / POS / Payment processors / personally / In transit / Any datbase holding data
- “CVV” – personal data (addresses, names, etc )
- Make credits cards to match info from dump
- “201″ cards with chip on them harder to write/use and numbers are worth less. Perhaps $50 for the blank card
- It’s all about the people. It’s all about the money
Emergence Video Internet EcoSystem – Bill Norton
- Tier 1 ISPs , Teir 2 ISPs and Content Providers
- Recent changes: Big Content companies peering 70%-80% of traffic, agressively pushing out and peering with cable companies. CDNs also disrupting. Big middle
- Video big growth
- Perhaps 80% of Internet traffic is video – > Video Internet
- How hollywood delivers video and how internet delivers video are parallel and clashing
- Hollywood System: creation/production (IP + money + work= movie )
- Hollywood Distribution: Staged, theaters, pay-per-view, dvd, premium tv, commercial cable, broadcast TV
- Hollywood model vs Internet Model clash
- Lots of room for innovation (eg settop boxes, tive, boxeee, hulu) over commodity internet vs over cable infrastructure.
- Hollywood system is 100% push
- Hollywood system adjusting to take account of Internet model
- Worldwide releases all at once
- Download buy and rent available
- Combo packs movie + dvd + soundtrack all in one package
- Mini revolution achienved Vidoe Internet – Cheap cameras + editing software , Free upload and idstrobution (youtube) , dropping CDN/transit prices , broadband to the eyeballs , Home wifi , setop boxes
- SkypeTV – killer App – what happens on mothers day?
- What would purpose built video Internet look like?
- Portable TV, tablet
- Video Internet , innovation at lower end of content ( conference, cheap shows ) since cost of movies and primetime shows expensive to make.
Next 3 years – Philip Smith
- Internet has been grwoing since the start
- “The Long and Windy ROAD”
- Work on next generation of IP since mid-1990s
- Current Situation: Perception IPv6 hasn’t taken hold. Private sector worried about ROI to migrate
- Stauts: Service providers get prefix automaticly. Much discussion about transition about operators, Deployment experience presentations, Many providers made backbones IPv6 compatable.
- OS and Apps getting better
- Content needs to be on IPv4 and IPv6 (not yet)
- Ongoing debates – IPv6 Multhoming – Rigid IpV6 address allocation model “one size fits all” barrier
- Ongoing – Not every device is IPv6 cabable (who cares about local lan devices) – We have enough IPv4 – Migration vs Co-existence (both will exist for years, dual-stck OS makes it trivial)
- What not NAT? Many serious issues
- Is IPv4 running out? Yes!
- IPv4 run-out policiys by RIRs (last /8) – soft landing- keep range for 6/4 NAT
- Issues today – minimum content on Ipv6 , giving Ipv6 to customers might confuse them
- Strategies available – Do Nothing – Extend Ipv4 , push custs to NAT, Buy IPv4 – Deploy Ipv6 , dual stack, Ipv6 and NAT, various others
- Proposals for prolong IPv4, various NAT options – NAT444/SP NAT – Dual Stack lite – NAT64 and IVI
- Many require lage NAT box to translate all traffic v4/v6
- IPv4 address markey – could happen – will addresses need to be registered with RIR to prove buyer has right to advertise them?
- Spare /24s being grabbed and sold could cause routing table growth
- Deaggregation various across the globe
- Large provides marketing dept pointing to high ranking on CIDR report as proof they are “big”. Morons
- Reports people towards top of list tend to feel flacky when you use them
- BGP instabilitu report ( >5 updates per minute) – People towards top tend to be rough service.
- Running low on AS numbers, transition to 32 bit – They are in the wild
- Reasonable software support for 32-bits ASNs
Do your Fruit hang low – Adam Boileau
- Adam is a penertration tester, Kiwicon organiser
- Security guys are Jerks
- Maybe you need better security guys
- Secuity is fundimantally asymmetric – defenders do lots more work than attackers – Hackers only have to find one hole
- completity == insecurity
- 0day can happen happen to anyone
- Full disclosure is dead
- Vulnerabilies are worth money
- Surity is not a product
- Security is a property of the system as a whole
- Why do you care? – Sin’t a network problem any more – Network is getting dumber (passive encryption) – clients arn’t exposed any more
- Virtual everything – consulation changes everything – VLANs, VRFs, MPLS, Virtul servers, virtual hosting , Virtual firewalls, Virtual network segrigation
- Lawful Intercept – Harder to hack 1000 people or 1 telcom LI system? – Vodafone Athens , T-mobile – Google vs China
- The Target is you (again) – You are the management plane- you use crappy IE6 boxes on the corp domain
- Your Desktop – AD, patch management, AV, outloook, TFTP server, IDS, twitter, facebook, outsourced desktop mangement
- Security Metrics . Nobody knows how bad it is and who got hacked , media reporting is useless
- Scanned 6.8 million IPs and put in mongoDB
- data-mined – lots of A records, self-signed certs , specific apps
- Presentened stats of various probably vulnerable boxes
- http://lowhangingkiwifruit.com
- Tried contacting owners , no luck
- Crimes Act very vague, no case law, etc
- what to do? Release? Release the toolchain? Release to some people? Just delete it?
- Companies: Insomnia or Lateral Security
27 January 2010
I'm back at work now, and the "breastfeeding" continues - i'm pumping the boobies 3 times a day, including all the sterilizing everything in the work kitchen. This has resulted in many conversations in the kitchen, with various working fathers and mothers, on the political world of formula versus breastmilk, and some awful first hand stories of how ashamed they were of not doing 100% breastmilk.
I think it would be good to have more public statements from mothers who did less than 100% breastmilk - you do the best you can, and formula is not the evil some people think it is.
Some people can't, because of milk supply, or they have to work to pay the rent, and I'd like to see more support of those that don't achieve 100% breastfeeding.
If you post a question or statement online (like this blog post) on formula you attract comments/replies, including some reasonable and helpful ones, but also including the "you can tell my kids are breastfed because they didn't die from cot death" statements, and other loveliness. Being a new parent is full of worry, so these eat away at anyone's confidence and selfworth.
We've chosen to do as much breastmilk as possible, but there's a choice we've made to use formula. There are government funded campaigns to ensure that any mother who does that feels as much guilt as can be instilled via national advert campaign on multiple media.
For example, it's safer for Casey's dad to take sterialized warm water and a packet of powder with him out of the house, than to take a bottle of breastmilk that will slowly warm up and bacteria multiply.
I also very sure that the statistics on breastfeeding (and studies based on those statistics) are getting it wrong. The midwife, plunket and a GP all recorded Casey as 100% breastfed, and she's not. They are very quick to write that down without asking too much - that coupled with the shame and guilt instilled in parents who use formula means they're less likely to be corrected.
I want actual scientific method studies to reach my own decision. I'm still doing research on what the actual difference is. There are a few studies that show no statistically significant difference between those full breastfed, and those only partically. There are studies that show all manner of advantages to breastmilk, heralding it as the cure all of everything, and then attempts to independant verify those studies have never happened, or show different results. The only thing that appears scientifically proven is easier digestion. Please note i'm still looking for more info, and my primary source is studies published online.
The most commonly repeated claim, is that breastfeeding results in a higher IQ. A study in 2005 in the USA tried to verify these claims using siblings to try and remove other factors that influence the results. Here's a quote from that study
Despite an enormous literature demonstrating better health and cognitive outcomes among breastfed children, the effects of breastfeeding are uncertain. This is because the vast majority of studies share a common weakness: they are nonexperimental. Their Achilles heel is selection bias. If a variable influences both the decision to breastfeed and the child outcome being studied, then omitting it produces a spurious correlation between breastfeeding and the outcome. For example, worse outcomes among children of younger, less educated, lower-income, and African-American mothers may correlate with their lower breastfeeding rates but be owed partly to disadvantages that cannot be captured in the regressions.
In other words: Those mothers that don't breastfeed have many other things in common, such as low income and less education. These factors can correlate with the child's ability to perform well in an IQ test or not. (i'm unconvinced that IQ tests are good measure of intelligence, but i'll save that for another post).
There is the UN/World Health Organisation statement that "breast is best", and New Zealand has signed up to this.
There was a time, long long ago (aka before the 1980s) when breastfeeding in public was not a right, and breastfeeding in the workplace was never tolerated. It became a feminist issue to regain the right to breastfeed. That battle continues and I wholeheartedly support this, especially for those that breastfeed way beyond 6months. We need to not make mothers feel ashamed breastfeeding a 2 year old in a cafe. It's their choice so either support or butt out.
It's also important to remember this is a political and cultural campaign - at some stage it turned into pseudo-science, in which any study that shows a slight benefit in breastmilk was heralded loudly, and any study that was inconclusive or disagreed was left quiet. These selective studies are used well to lobby for the right to breastfeed - but at the cost of shame for those that don't.
We live in New Zealand, and have a some of the cleanest watersupply in the world. This is important as many studies compare breastmilk with formula made from contaminated water - or prepared with less than enough powder because of the high costs of formula.
I am not a medical professional, but i do understand both statistics and the importance of scientific method.
My own conclusion: Breast milk, according to the statistics, is probably better, but not by much.
Please note: comments on this post will be heavily moderated.
I talked about Apple’s latest launch, the state of Telecom’s XT network, Google being hacked in China and ACTA. I didn’t get time for Lieutenant Uhura, but she’s here.
No speaker notes for today – most of it was done off the cuff after the Apple launch. But if you missed it live, you can download the audio as ogg or mp3.
Tonight i defend my claim to a sparkly pink tiara at Bloggers Predict 2010
Thursday 28 January 2010
5:30pm - 8:00pm
Where: Wellington Regional Chamber of Commerce, level 28, The Majestic Centre, 100 Willis Street
The 2010 lineup
Brenda Wallace (@br3nda) Current tiara-holder, Brenda was UP Visionary of the year for 2009, can she defend her title in 2010? The Capital City’s geek girl extraordinaire and queen bee of the software community, Brenda is to mobile technology and open source what honey is to brown bread, she makes it taste better! Brenda blogs on Coffee.geek.nz about coffee, gadgets, opensource, wellington, new zealand, music, and above all things: freedom.
Philip Fierlinger (@skyrize) From Silicon Valley to Silicon Welly, Philip’s web design expertise and has been eagerly sought after by online businesses and conference-goers alike. Currently design chief at Xero, blogger at Turntable Media Philip’s passion for web usability also led him to establish his own consultancy.
Mauricio Freitas (@freitasm) Geekzone head honcho and microblogging enthusiast. If there’s a new gadget being launched you can be sure Mauricio has an opinion about it. Been renovating his kitchen for last 6 months and has forgotten how to cook, however is on first name basis with all the (good) cafe owners in town. Possibly Wellington’s most avid “Tweeter”.
Miraz Jordan (@miraz) From MacTips to community I.T. and other “Oddities”, Miraz must surely be one of Wellington’s most prolific tech bloggers and professional web content authors. From Bach to Buying a Car to Battlestar Galactica Miraz shares the full gamut of cultural experiences.
Joanna McLeod (@JoannaTMcLeod) Editor of Wellintonista, THE blog about Wellington, Joanna has started calling herself the Empress of the Internet because she can. Other parts of her media empire include her beauty blog Pretty Pretty Pretty and her guide to partying You Are So Entertaining.
I'll be posting my predictions up on the blog, just as soon as i finish writing them :-)
Why you should go to LCA, by Selena Deckleman
http://www.chesnok.com/daily/2010/01/27/why-you-should-go-to-lca-2011/
LWN articles (subscription required while the stories are new)
An LCA 2010 overview http://lwn.net/Articles/371044/
LCA: Static analysis with GCC plugins http://lwn.net/Articles/370717/
LCA: Cooperative management of package copyright and licensing data http://lwn.net/Articles/370308/
LCA: How to destroy your community http://lwn.net/Articles/370157/
Another brilliant LCA! by Tridge http://blog.tridgell.net/?p=21
Computer World NZ http://computerworld.co.nz/news.nsf/devt/376AB6C5B174B722CC2576B2007B7F93
75% of Linux code is written by paid devs http://www.fudzilla.com/content/view/17365/1/
Smarter Linux file structure aims to ease software management http://www.techworld.com.au/article/333549/smarter_linux_file_structure_...
Make Meeting Times Inconvenient To Get Better Results http://www.lifehacker.com.au/2010/01/make-meeting-times-inconvenient-to-...
That rather counter-intuitive suggestion came from Leslie Hawthorn, a program manager at Google. during a presentation at linux.conf.au on how to get involved with open source software
Illuminating the elephant in the open source room http://www.linuxworld.com/news/2010/012110-illuminating-the-elephant-in-...
Speaking at the annual Linux.conf.au event, which is being held in Wellington, New Zealand, one of the lead developers for the Samba Team and Google employee, Jeremy Allison, described Microsoft as a real threat to the open source community.
Why There is no Kernel Hacker Sell-Out by Glyn Moody http://www.computerworlduk.com/community/blogs/index.cfm?entryid=2753
and here's a photo of Casey at her first LCA:
I attended the NZNOF 2010 conference in Hamilton. Notes as below.
Opening
- Overview by Dean and Jonny on developments, especially about the trust
National Library Webharvest
- 2nd Harvest planned in 2010
- Harvest planned for April
- Material from 1st harvest not yet online
- Feedback requested on “Notification” , “robots Policy” , “Location of Harvester”
- Would like feedback on the options paper
WAND Group
- PMTUD (Path MTU discovery) in ipv6
- Tested how well this is working
- Sent ICMPv6 PTB message to hosts and see if remote host changes behavour in response to it (drop from >1280 to 1280 byte packets)
- Tested 1647 websites (working ones from Alexa top 1 Million sites)
- Used scamper to test
- 58% PMTU worked, 34% packets too small ( might be working already, unsure)
- 5% PMTU failed or no response
- Working on protocols other than port80
- Multiple vantage points, Other sources of addresses, web interface to toll
- Conclusion – PMTUD mostly works – read RFC 4890
Anomaly detection in Networks – Andreas Loft
- Doing this automaticly is good
- Several existing tools
- Nothing very concrete
WAND AMP Project
- Boxes hosted by ISPs and PCs and sit around pinging each other
- Good coverage of TelstraClear since ISPs use them as upsteeam, less so for Telecom
- 1 ping / minute , 10 minute average posted
- Cute interface to graphs
- http://www.wand.net.nz -> click on “NZ AMP”
- Still under development
Shane Hobson – Velocity – Fibre to the home/premises
- “How to build a Fibre network with a sack full of Government cash”
- Broadband Challenge Fund $25M
- Hamilton had 5 companies with some Fibre – Formed Hamilton Fibre Networks Ltd
- HFN got $3m grant from fund
- HFN partnered with Velocity Networks
- 50-60km of Cable around Hamilton
- Sell layer-2 ethernet services (similar to citylink)
- Govt Ultra fast Broadband fund of $1500
- Aim Ultra Fats BB to 75% of NZers
- 100% of NZers in 25 (or 33) largest towns and cities
- BB today is 25Mbit on ADSL2 contended to perhaps 250kb/s
- UltraFats is 100Mb/s+ (50Mb/s upstream) with zero contention on access network
- Huge amounts of bandwidth potentially ( hundreds of GB/s just for each say Hamilton )
- ISPs need to decide: Buy Layer 2 or buy dark fibre?
- ISPs: Different standards/services in different regions
- ISPs: What content / services ?
- ISPs: Peer at regional exchanges to reduce haul on Nat links?
- ISPs: ISPANZ role?
- ISPs: Caching, CDNs
- ISPs: Zero rated “on net” traffic , Multicast IPTV, software updates
- right now Hamilton provider doing:1/3 Dark Fibre, 1/3 L2 within companies , 1/3 to Internet
- Frustrating to watch City Council digging up ground and not putting down ducts or letting other people do it.
- Some councils are better
 Krita is a creative application for raster images. Whether you want to create from scratch or work with existing images, Krita is for you. You can work with photos, scanned images or start for a blank slate. Krita supports most graphics tablets out of the box.
Albany Senior High School has implemented Open Source from the ground up, running on Linux and using Open Source applications to support their mission to equip the next generation for a technological world. This story in CIO Magazine covers how Albany High School implemented open source in their school. The Blog of the Deputy Principle can be found here.
26 January 2010
It's far from complete and lacking students for a few more days, but here are some photos of Albany Senior High School. People have been asking for photos of the server room, and there's one in the slideshow, but it's a bit of an anticlimax because it's mostly empty. If you look closely you can see less than half a rack of servers in the middle of the shot (4 physical plus a UPS) leaving three and a half racks set aside for servers empty. 2 for switching and 2 for security/CCTV/other stuff completes the array. We've been able to do this through KVM virtualisation and remote hosting of things like backups (we don't have a tape drive, we have a large VPS in a datacentre and back up across fibre every night). We also remotely host Moodle, Mahara, Koha, email, documents, calendar, video server and a few other bits and pieces meaning someone far more qualified looks after them. Anyway, now for the photos:
|
