Bill cheswick’s blog

DNSSEC for cheswick.com

Thu, 28 Aug 2008 12:20:32 -0400

I am running through DNSSEC in Six Minutes (http://www.isc.org/sw/bind/docs/DNSSEC_in_6_minutes.pdf) for cheswick.com and affiliated domains. This is something we have to do to really deal with the recent emergence of DNS cache poisoning.

Alas, it is taking a lot longer than six minutes, and some of the directions aren’t quite clear enough. This zone signing stuff requires automation of DNS master files of the sort I used to do with the makefile back at the Labs 15 years ago. I have been running cheswick.com with a small hand-edited config file, but this has to change.

I wonder if I will break this enough to destroy cheswick.com for Labor Day weekend, coming home to a fun sysadmin problem. In any case, this is good practice to keep my hand in at sysadmin issues. I don’t run research.att.com any more. (This is probably a good thing.)

Do I have to recompile bind 9 in the system? Use the ports version? Google hits are not helping. Time to go to the beach and read something trashy.

Hacked jewels

Thu, 28 Aug 2008 12:09:01 -0400

Wired reports the end of basic physics research at Bell Labs (http://blog.wired.com/gadgets/2008/08/bell-labs-kills.html).

In reality, it has been evaporating for years. The parking lot next to building 1 has been dishearteningly empty for years. In fact, the last Nobel prize work was done at the Labs in the early 80s, before my time.

Best sentence from the article: “Meanwhile, Alcatel-Lucent continues to hack away at its jewels”.

This is not Alcatel-Lucent’s fault, of course. It isn’t easy funding basic research, and justifying it on the shareholders’ dime.

Still, this is one of those basic political problems: how do we fund a variety of basic research programs in our country? We need a thousand flowers blooming, and the soil is different in corporate research compared to government and university efforts.

It still feels a bit like Bell Labs here at AT&T Labs. The corporate environment offers numerous research problems to solve, and often a grateful corporation for those solutions. There are no grant proposals, and it is easy (encouraged!) to walk down the hall and collaborate with experts in other fields. These are the strengths of corporate research that lead me back to it from the startup world.

Beach volleyball signals

Thu, 21 Aug 2008 11:42:09 -0400

My current stump speech is “Rethinking Passwords”, an attempt to get us out of the strong password business. In response to several requests for information on future talks, I built http://web.cheswick.com/ches/speakerinfo.html today, and it includes pointers to the latest version of the talk.

One of the delights of giving talks, and in particular talks around the world, is the feedback I get on the topics that interest me. The audience tends to keep me honest and informed.

The talk in Athens brought a note calling my attention to the signaling used in Finnish baseball, which involves little flags and a very interesting variation on the Great American Pastime. I’ve misplaced the URL, but it was certainly interesting and relevant.

Today I received email from a colleague who had seen the talk, which discusses signaling and covert channels in sports. He pointed me to a URL that lead me to a discussion of beach volleyball signs, and what they mean, at least for one team:

http://www.youtube.com/watch?v=a6v3b2klXSk&NR=1

“Please clean the machine”

Wed, 20 Aug 2008 09:18:54 -0400

A young lady of my acquaintance kept failing the chemical test at airport security. This was inconvenient---she wanted to fly---and inaccurate: she had no recent traffic with explosives, weapons, etc.

She asked them to “clean the machine” and try again. They did, and she passed.

I am not sure that it would occur to me to ask them to clean the machine. In any case, this is a useful thing to know.

The night view from ACK

Tue, 19 Aug 2008 21:09:01 -0400

Let’s try blogging a few photos from Nantucket

Here’s a telephoto of Jupiter, now high in the southern night sky, and especially clear from Nantucket. You can see a couple moons on the left. Sony F818, formerly made of unobtainium:

Jupiter on top, and an aircraft leaving ACK:

A little faint, but Jupiter with Scorpio, one of my favorite constellations. From these latitudes, Scorpio is only up for a couple hours a day. One of the minor surprises of my life occurred during a trip to Australia. I was stargazing and didn’t recognize the oddly-familiar constellation because it was “upside down” and directly overhead.

Quislings?

Wed, 6 Aug 2008 19:42:51 -0400

ATTENTION HOMELAND SECURITY!

To add to your list of potential quislings, turncoats, and terrorists, investigate the authors of all the web pages that show up in the Google searches:

“I for one welcome our new * masters”

“I for one welcome our new * overlords”

My iPhone sucks

Mon, 4 Aug 2008 16:47:18 -0400

That’s quite a statement, especially from someone who has repeated said that the iPhone has exceeded my expectations. In fact, someone in the press last year (http://www.networkworld.com/community/node/19378) wondered out loud whether my enthusiastic mention of the iPhone in my voice mail was a marketing ploy. It wasn’t.

Lorette and I purchased our iPhones on the second day they were available, and the devices exceeded our expectations. They are a masterpiece. And I have continued to be delighted with it ever since, except when traveling overseas, where the connectivity is way too expensive. An iPhone without connectivity has 20% of its usual glory.

I have used the iPhone the way Steve Jobs intended, no jailbreaks, just an Apple fanboy going along for the rise. So I upgraded to 2.0 when it came out.

I upgraded my original iPhone (I don’t need the 3G) to 2.0. 2.0 is badly broken, in subtle ways that make it feel like a five-year old Palm.

It is slow at times. It used to be slow occasionally, but rarely enough, and for just long enough to be slightly annoying. Now it simply freezes. No zooms, no taps. No runs.

It’s the loss of taps that bothers me. In a superb UI, every click, every tap, every keystroke is sacred, and deserves at least instant confirmation, if not action. Slow responses are rookie errors. Lost taps are mainstream software crap, not what one is expecting from Apple these days.

A number of aps crash from time to time. Today, I simply could not get a map of San Jose. I even rebooted the iPhone, a bush-league maneuver that I tolerate if it is rare. I can only use the satellite view of San Jose, not the map. This is not good, but I am willing to live with it, here on the edge. But not the lost taps.

Someone here said that the underlying “radius” (?) implementation is 4.6. He unlocked and went back to 3.6 (?) and life is good for him. This is the first time I have seriously considered jailbreaking this sucker.

I check frequently for the update. While I haven’t researched the details, I assume that Apple knows about the slowness, and can and will fix it.

But this fanboy is concerned. Should I lighten up on my shares of AAPL?

Odd Blog Skins

Mon, 4 Aug 2008 16:07:01 -0400

I’ve been on Nantucket for 48 hours. The van has arrived, shopping is done, and I’ve finished my first book, a retread from way back by Pournelle. The problem with having a poor memory is that you forget that you’ve read the story, but have an odd idea about what is going to happen.

I have been keeping notes in a blog, well, a diary, at http://www.cheswick.com/ches/diary.html This has worked fine, but I realize that RSS feeds really are a useful tool for allowing people to keep up with your thoughts, without polling the web pages, which is a pain.

So I need to set up an actual blog, with RSS capabilities. In fact, I will probably need two, one for personal stuff, and one AT&T Research internal one for company business. If I can tell the difference.

I’ve chatted with Steve Bellovin, Matt Blaze, and Ed Felton, all major bloggers, about the software they use. The issue is this: most blog software is based on PHP, and most compromised BSD machines are compromised by PHP. It has a dangerous design, and is dangerous to use. I wish to sponsor this software on machines I care about, running web servers I want to continue to trust.

My (our) needs are simple: off-line text creation, copy to the web page, RSS feeds available, no comments or other external write capabilities needed. If people want to comment on my blog, they are free to send me email.

User are a pain. I recommend that you avoid them whenever possible.

So now I am typing a blog entry into iWeb using the blog template. I will “publish” to a local folder, rsync that to my web site, and see how it works. And how would RSS fit into this? I actually don’t know: I have never studied this protocol. A month on Nantucket gives a little time for such pursuits. Or, as they said 250 years ago, perfuits.

Well, this seems to work just fine, including the RSS feed. I just publish to a local directory, rsync to the web server, and push it out. This is about right, and presumably as secure as my web server, which will be described in another entry.