![](\"http://www.circleid.com/images/logo_rss.gif\" "\\"\\""){kind=logo} | ");dw(" ");dw("");dw(" | ");dw(" ");dw(" as of Thu, 02 Sep 2010 13:55:52 -0400. ");dw(" ");dw(" | ");dw("
| Dyn Inc. Acquires EditDNS and Launches Dynect SMB | ");dw("|
| ");dw(" | Dynamic Network Services Inc. (Dyn Inc.), today announced the acquisition of EditDNS and the launch of Dynect SMB, offered on its IT services storefront, DynDNS.com, further cementing its position as the world\'s fastest growing provider of managed DNS. The acquisition of EditDNS is Dyn Inc.\'s second in 2010, preceded by January\'s purchase of EveryDNS. Dyn Inc. continues to follow through on its commitment to playing a large part in the consolidation of the DNS space, while improving the Domain Name System, overall. \"There is no doubt in my mind that we are doing the right thing by handing our company off to Dyn,\" said Tyler Hall, Founder of EditDNS, a Phoenix based DNS company. \"Dyn has been the leader in the industry for a very long time and has always stepped up when other competitors, such as us, needed help. They\'re here to make DNS better and that\'s why they are ahead of everyone else,\" Today also marks the formal launch of Dynect SMB, an entry point for small and medium sized businesses and startups in need of rock-solid globally redundant Anycast DNS infrastructure, demanding the lowest possible DNS latency (the Dynect Network delivers sub 30ms DNS lookup times), and seeking robust APIs (SOAP and REST) to tie into cloud services like Amazon AWS, GoGrid, Rackspace Cloud, Heroku or Joyent. \"Alongside the acquisition of EditDNS, Dynect SMB showcases our dedication to servicing customers of all sizes and scopes,\" said Kyle York, Dyn Inc., VP Sales & Marketing. \"We originally built the Dynect Platform for two reasons. One, we did an audit of our consumer network and realized several big companies were using it and wanted more. Two, we realized that the premium Anycast DNS market lacked options and we could offer choice. Dynect SMB is our answer for SMBs and competitively positions us against low-cost providers like DNS Made Easy, Zone Edit, TZO and DNS.com.\" Dynect SMB bridges the gap between their consumer service DynDNS.com\'s Custom DNS ($30/year) and their comprehensive Anycast solution, the Dynect Platform ($195/month and up) for enterprise organizations. Dyn Inc. has developed a reputation as an agile and affordable company that obsessively supports the scalability of its customers, yet to be known startups on Dynect SMB: Etacts, Weedle, Geek Call and Extole, to unprecedented Web success stories on the Dynect Platform: Pandora, GoWalla, Twitter and Zappos. \"Growing quickly can be a real hazard to new businesses, so it made more sense for me to start with something I could grow into, rather than grow out of,\" said Dynect SMB user Peter Combs, Do it Yourself Solar Photovoltaics. \"Dynect SMB is an affordable option that gives my business the competitive edge to grow.\" Dynect SMB offers two packages based on Web traffic (Queries per Month) and number of domain names. With any package, customers will have full access to Dyn Inc.\'s 14 global Anycast datacenters (growing to 17 PoPs by year end), Dynamic DNS, an easy to manage user interface, multiple login capability, REST/SOAP APIs and affordable monthly plans starting at only $30/month. \"Dyn Inc has now positioned itself as an Internet Infrastructure company, providing core technology that is always available to individuals and enterprises,\" said Jeremy Hitchcock, CEO of Dyn Inc. \"Stay tuned for further product launches and acquisition news over the coming months.\" | ");dw("
| ARF is Now an IETF Standard | ");dw("|
| ");dw(" | When a user of a large mail system such as AOL, Yahoo, or Hotmail reports a message as junk or spam, one of the things the system does is to look at the source of the message and see if the source is one that has a feedback loop (FBL) agreement with the mail system. If so, it sends a copy of the message back to the source, so they can take appropriate action, for some version of appropriate. For several years, ARF, Abuse Reporting Format, has been the de-facto standard form that large mail systems use to exchange FBL reports about user mail complaints. Until now, the only documentation for ARF was a draft spec originally written Yakov Shafranovich (CircleID) in 2005, and occasionally updated originally by him and later by other people including myself. Earlier this year, the IETF chartered a working group called MARF which took that draft, brought the references up to date, stripped out a lot of options that seemed useful five years ago but in practice nobody ever used, and this week it was finally published as RFC 5965. ARF (or now MARF) is quite simple, a version of the existing Multipart/Report message format that includes information about the report, such as the address of the recipient, descriptive text for a human reader, and a copy of the offending message. Having a standard format for reports, simple though it is, makes them much easier to process. For my tiny system, for example, nearly all of the trickle of reports are about mailing list messages. When a FBL report arrives, an automated script looks at the report and the message, and in the usual case that it\'s from a mailing list, it creates an unsubscribe request to remove the person from the list. Otherwise, it passes the message along to the human manager so I can decide what, if anything, to do about it. Larger mail systems also use them to collect statistics about their mail-sending customers. The IETF process works particularly well when it standardizes existing practice, and ARF/MARF is an excellent example of that. The differences between the earlier drafts and the final version make it clearer and more precise, and it\'s now a proper standard we can cite: Abuse Reporting Format! Ask for it by name: RFC 5965! Written by John Levine, Author, Consultant & Speaker | ");dw("
| Google Voice: Race to the Bottom for Telephony - or Something Else? | ");dw("|
| ");dw(" | Just when you thought making phone calls couldn\'t get any cheaper, along comes last week\'s news from Google about their latest iteration of Google Voice. There have been several steps along the way for Google to get to this point, and there are a host of reasons why this news is of interest to service providers of all stripes. I often write about how certain technologies and disruptive forces change the business of being a service provider, and this is but the latest example.Ever since Vonage came to market, residential carriers have been faced with declining revenues for landline service, which itself is quickly losing ground to wireless substitution. Then Skype came along and brought desktop VoIP to a whole new level of adoption. Along with that came a new value proposition for voice. Whereas Vonage was offering a lower cost monthly plan, Skype was offering free or near free voice, driving the price down to levels that no conventional service provider could sustain.Google has its own take on voice, which is why this story should be of interest to service providers. Vonage is marketed primarily as a replacement service for POTS, making it a direct competitor to telcos. Nothing complicated there—it\'s really just a price game, but telcos do have more options to bundle telephony with other things—and of course, even more so for cable operators.Skype is primarily a Web-based IM/chat service, on top of which they do voice very well, and at low cost to subscribers. As popular as Skype is, their proprietary technology keeps them a bit inside their own sphere. They are still a major threat to telcos, but when positioned a bit differently, they can be a very good complement.The latest news with Google, though, is something entirely different. Their calling service—Google Voice—is mainly an add-on to Gmail, and works a lot like Skype. As such, it\'s not a pure telephony service like Vonage, and it\'s not really built off IM/chat like Skype; it\'s built around email. Of course, Google has all these other tools, but email is ubiquitous, and Google has been successful building a strong user base here. Gmail binds the user more deeply than IM/chat, making it a great platform for both business and personal usage. I\'m not alone in noticing these days that when you get a personal email address as a backup for someone you\'re working with, more often than not it\'s a Gmail address.Google already has GTalk, which supports free online calls between Google users—and is comparable to the free calling Skype users have among themselves. Google Voice is much bolder and is their answer to Skype Out/In, and gives Gmail users a PSTN interface to make calls to the rest of the world. In the short term, this may take a bite out of Skype in that Google Voice calls within the U.S. and Canada will be free until year end (but maybe longer). Longer term - along with Skype - Google Voice is more of a threat to telcos as they accelerate the race to the bottom, bringing the value of a voice call pretty much down to where email is.Why are they doing this?In my view, it\'s not to put the telcos out of business. They\'re offering domestic PSTN calls for free, in the hopes of subsidizing them by charging two cents a minute for international calls. Fair enough, but I don\'t see that happening, and Google really doesn\'t need to make money with this service. Of course, free beats paid any day—so long as the quality is comparable—and I see them making the voice pie bigger, much the way Skype has. The key for me is more about how Google Voice interacts with Gmail. By escalating an email message to a free phone call, users will stay longer in the Google environment, and the ability to transcribe voicemail will certainly appeal to some.However, I think there\'s more to the story. Am mentioned, Google is coming from a different place than Skype, who depends almost solely on those Skype In/Out minutes for revenues. VoIP service is not expensive to provide, and Google has spent relatively little to get in the game. I would contend that the vast majority of their Google Voice capability comes from three small acquisitions that cost them maybe $150 million. When you think about the annual Capex budget of any incumbent, this really is pocket change. Going back to 2007, they acquired GrandCentral; last year they acquired Gizmo5, and a few months ago, they added Global IP Solutions. Collectively these companies have given them the pieces to offer a very appealing VoIP-to-PSTN service globally, and if they never make a penny from it, so be it.As mentioned, free beats paid, and there\'s no better incentive to get people to use your service. Look how long Vonage has been around, and they barely have two million subscribers. Unlike Skype, Google doesn\'t have to build its user base from scratch, and it won\'t take long for them to start logging millions of calls. Just consider what happens when school resumes next month, and students will be falling over each other to make free calls home from those super-retro red UK phone booths that will be popping up on college campuses (and solar powered to boot).As such, Google Voice will be one more reason to cut the cord, and the race to zero just picked up some speed. Thanks to Gizmo5, Google Voice is SIP-based and works nicely on both softphones and hand-held endpoints. Short term, there will be some cannibalization with Android by competing with voice from data plans, but Google will figure out how to make all these pieces fit. This is actually where the GIPS acquisition comes in, with their ability to support both voice and video over mobile devices, which in turn can make Google Voice a great add-on for businesses.While Google Voice is primarily an outbound telephony service, I think they\'ll be able to take free calling beyond the desktop, and that\'s really what service providers need to be thinking about. Free on the desktop is one thing, but when you push out to mobile devices, things get more complicated. If this isn\'t enough, I think there\'s a separate agenda at work here, and it\'s something I\'ve commented about elsewhere for quite some time.Google is really interested in the voice business, not to make life difficult to telcos, but as a source of raw material—snippets from voicemail and live calls, if you will—that can be harvested for search. I\'m not sure about the regulatory issues around this—and apparently Google has been vague here—but certainly for voicemail, free calls will generate a huge cache of \"content\" that they can apply speech recognition algorithms to and build an archive of audio-based search prompts. Once those audio cues are transcribed into text, they can become hugely valuable for the next frontier—mobile search. This sounds a bit on the dark side (\"do no evil\" as we\'re told), but it\'s a far better way to monetize voice than charging a few cents a minute or a few dollars a month. When viewed from this lens, Google Voice is a very different business than Skype, Vonage, or any telco for that matter. Disruption comes in many forms, and we\'re seeing a new one with Google Voice. Don\'t let the race to zero fool you; I think it\'s just a side-show compared to what Google really has in mind.This article of mine originally ran today on my Service Provider Views column on TMCnet.Written by Jon Arnold, Principal, J Arnold & Associates | ");dw("
| Stopping the Flow of Online Illegal Pharmaceuticals | ");dw("|
| ");dw(" | Reading through Brian Kreb\'s blog last week, he has an interesting post up on the White House\'s call upon the industry on how to formulate a plan to stem the flow of illegal pharmaceuticals:The Obama administration is inviting leaders of the top Internet domain name registrars and registries to attend a three-hour meeting at the White House next month about voluntary ways to crack down on Web sites that are selling counterfeit prescription medications.The invitation, sent via e-mail on Aug 13 by White House Senior Adviser for Intellectual Property Enforcement Andrew J. Klein, urges select recipients to attend a meeting on Sept. 29 with senior White House and cabinet officials, including Victoria Espinel, the Obama administration\'s intellectual property enforcement coordinator.\"The purpose of this meeting is to discuss illegal activity taking place over the internet generally, and more specifically, voluntary protocols to address the illegal sale of counterfeit non-controlled prescription medications on-line,\" the invitation states.Klein did not return calls seeking more information. A spokeswoman for the White House Office of Management and Budget confirmed the event, but declined to offer further details. The meeting appears to be a continuation of the administration\'s Joint Strategic Plan on Intellectual Property Enforcement, an initiative unveiled in June that promised to \"address unlawful activity on the internet, such as illegal downloading and illegal internet pharmacies.\"According to the World Health Organization, approximately 8 percent of the bulk drugs imported into the United States are counterfeit, unapproved, or substandard, and 10 percent of global pharmaceutical commerce—or $21 billion—involves counterfeit drugs. LegitScript.com, a verification service for online pharmacies, is currently tracking more than 45,000 rogue Internet pharmacies.It is unclear to me whether or not the goal of this initiative is to stem the flow of online crime in general or to reduce the flow of illegal pharmaceuticals flowing into the United States (since presumably this cuts into the profits of large pharmaceutical companies… who would naturally want to see their profit margins increased in return for pledging their support for health care reform that was passed earlier this year). Assuming that the target of this are the online pharmaceuticals, there are a few things I can think of. Unfortunately, a three hour meeting really isn\'t enough to get this off the ground because it is a series of interconnected events that would need to take place. Anyhow, here\'s a list of things I\'d do:Stopping illegal pharmaceuticals piggy-backs onto stopping illegal <anything> on the \'net. Spammers who advertise illegal software, or fake degrees, or fake enlargement pills, or fake mortgages are all basically doing the same thing. So, any strategy that is aimed at stopping those other things will extend to stopping fake pharmas as well. My point here is that concentrating only on fake pharmaceuticals may exclude strategies that scale to others.Registrars need to get their act in gear. When a website advertising cheap Viagra goes up, somebody somewhere needs to register that site. Whoever registers is needs to do a better job of verification of the identity who registered it. The problem here is that so many of these sites are registered by registrars in foreign countries which is outside the jurisdiction of the US. However, just like in the Wizard of Oz, there\'s no place like home and the government can pressure domestic ones to do better proactive abuse mitigation.WHOIS protected services are questionable. I don\'t deny the need for WHOIS-protected services in some cases. However, any time I am looking up a suspicious site and the WHOIS registration is protected, that\'s pretty much all I need to make the determination that the site is abusive. It doesn\'t cost much to shield your WHOIS information. If you want to do it, that\'s fine but there should probably be a stricter set of criteria who shielding your information like this requiring you to jump through a couple of more manual hoops.Crack downs on spammers will go a long ways. One of the chief mechanisms of advertising illegal pharmaceuticals is through the use of spam. We all get it in our inboxes. Of course, there are other avenues of advertisement such as black search engine optimization. However, because it is not particularly difficult to send out a lot of spam and make money off of it, and because there is little chance of repercussion, spammers continue to do it. If law enforcement had more resources dedicated to prosecuting spammers such that it became more de-incentivized, then the supply part of the equation would start to dry up. In other words, putting spammers in prison will help in this regards, and this requires a prioritization of law enforcement resources. Whether or not they are willing to divert resources from one area of law enforcement to another is an open question.Perhaps walled gardens are a good idea. In Australia, some ISPs kick infected computers off of their network if the ISP can detect that the machine connecting to it is infected with malware. Or, they redirect them to a sandbox and alert the user that they cannot continue until they clean their system. If more ISPs made this a policy, then maybe we\'d have less malware abuse flowing back and forth in cyber space. I don\'t think I\'d want government to enforce this, but perhaps ISPs might be willing to voluntarily comply with this.This is a small list of things that could be done but by no means it is exhaustive. Running up-to-date software is a good idea, and so is running the latest patched version of one\'s software. What other ideas do you have to cut down on the flow of illegal online pharmaceuticals?Written by Terry Zink, Program Manager | ");dw("
| House of Cards | ");dw("|
| ");dw(" | Time flies. Although it was over 18 months ago, it seems just like yesterday that a small Czech provider, SuproNet, caused global Internet mayhem by making a perfectly valid (but extremely long) routing announcement. Since Internet routing is trust-based, within seconds every router in the world saw this announcement and tried to pass it on. Unfortunately, due to the size of this single message, quite a few routers choked—resulting in widespread Internet instability. Today, over a year later, we were treated to a somewhat different version of the exact same story.First, let\'s review the Czech incident from February 2009. There were many positives to take away.It was precipitated by an honest mistake.It was an extremely unlikely event, as many stars had to be in exact alignment.Most of the Internet\'s core survived.The response from operators was fast and efficient, with the damage largely contained within an hour.The complete technical details can be found here.Deja vu all over againFast forward to today: Friday, 27 August 2010. What do you think would happen if another large and unusual routing announcement was made on the Internet? Do you think all the router vendors have perfected their code in the past 18 months? Do you think the entire planet has upgraded to this new, improved and perfect code base? Do you think it makes sense to use the Internet as your testbed? I doubt you answered \"yes\" to any of these questions.We\'ll begin to describe what happened today with a snippet from a private mailing list. We\'ll purposely leave out the technical details so that we don\'t inadvertently contribute to the building of a Cybernuke.On Friday 27 August, from 08:41 to 09:08 UTC, the RIPE NCC Routing Information Service (RIS) announced a route with an experimental BGP attribute. During this announcement, some Internet Service Providers reported problems with their networking infrastructure.Immediately after discovering this, we stopped the announcement and started investigating the problem. Our investigation has shown that the problem was likely to have been caused by certain router types incorrectly modifying the experimental attribute and then further announcing the malformed route to their peers. The announcements sent out by the RIS were correct and complied to all standards.Um, while standards compliance is nice, it is foolhardy to assume that all BGP implementations are perfectly compliant, especially given recent history. Over 3,500 prefixes (announced blocks of IP addresses) became unstable at the exact moment this \"experiment\" started. Not surprisingly, they were located all over the world: 832 in the US, 336 in Russia, 277 in Argentina, 256 in Romania and so forth. We saw over 60 countries impacted by a \"correct\" announcement that \"complied with all standards\". The following graph shows the timeline of the event, followed by a map of the impacted countries by prefix count. Notice that it takes a bit for the Internet to stabilize after RIPE claims to have withdrawn the announcement at 09:08 UTC.ConclusionsOn the positive side, the incident was very brief, the damage was limited to under 2% of the Internet and the responsible parties quickly fessed up, aborting their \"experiment\". On the negative side, the Internet remains a very fragile place, even if that fragility is highly localized and different in different places. Standards aren\'t followed, code isn\'t tested and people make mistakes. That\'s life with any complex system and, while we can certainly do a better job, we will continue to see these types of events no matter what safeguards we might take. What puzzles me is how anyone thought it might be a good idea to test fate in this way. The end result was completely predictable.Written by Earl Zmijewski, VP and General Manager, Internet Data Services | ");dw("