I just wanted to create an Apache virtual host responding to queries only over IPv6. That should have been most trivial considering that I had already been running a dual-stacked server, with all services accessible over both IPv4 and IPv6.

Following the established IPv4 practice, I set upon configuring the virtual host to respond only to queries directed to a specific IPv6 address. That is done by inserting the address in the opening of the VirtualHost stanza : <VirtualHost [2001:470:1f13:a4a::1]:80> – same as an IPv4 configuration, but with brackets around the address. It is simple and after adding an AAAA record for the name of the virtual host, it works as expected.

I should rather say it works even better than expected : all sub-domains of the second-level domain I’m using for this virtual host are now serving the same content that the new IPv6-only virtual host is supposed to serve… Ungood – cue SMS and mail from pissed-off users and a speedy rollback of the changes; the joys of cowboy administration in a tiny community-run host with no testing environment. As usual, I am not the first user to fall into the trap. Why Apache behaves that way with an IPv6-only virtual host is beyond my comprehension for now.

Leaving aside the horrible name-based hack proposed by a participant in the Sixxs thread, the solution is to give each IPv6-only virtual host his own IPv6 address. Since this server has been allocated a /64 subnet yielding him 18,446,744,073,709,551,616 addresses, that’s quite doable, especially since I can trivially get a /48 in case I need 1,208,925,819,614,629,174,706,176 more addresses. Remember when you had to fill triplicate forms and fight a host of mounted trolls to justify the use of just one extra IPv4 address ? Yes – another good reason to love IPv6 !

So let’s add an extra IPv6 address to this host – another trivial task : just create an aliased interface, like :

auto eth0:0
    iface eth0:0 inet6 static
    address 2001:470:1f13:a4a::1
    netmask 64
    gateway 2001:470:1f12:a4a::2

The result :

SIOCSIFFLAGS: Cannot assign requested address
Failed to bring up eth0:0.

This is not what we wanted… You may have done it dozens of time in IPv4, but in IPv6 your luck has ran out.

Stop the hair pulling right now : this unexpected behavior is bug – this one documented in Ubuntu, but I confirm it is also valid on my mongrel Debian system. Thanks to Ronny Roethof for pointing me in the right direction !

The solution : declare the additional address in a post-up command of the main IPv6 interface (and don’t forget to add the post-down command to kee things clean) :

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
    address 2001:470:1f12:a4a::2
    netmask 64
    endpoint 216.66.84.42
    local 212.85.152.17
    gateway 2001:470:1f12:a4a::1
    ttl 64
    post-up ip -f inet6 addr add 2001:470:1f13:a4a::1 dev he-ipv6
    pre-down ip -f inet6 addr del 2001:470:1f13:a4a::1 dev he-ipv6

And now the IPv6-only virtual hosts serves as designed and the other virtual hosts are not disturbed. The world is peaceful and harmonious again – except maybe for that ugly post-up declaration in lieu of declaring an aliased interface the way the Unix gods intended.

All that just for creating an IPv6 virtual host… Systems administration or sleep ? Systems administration is more fun !

With UMTS now potentially available on all the frequency bands traditionally allocated to GSM, why are we still operating GSM there while UMTS offers nothing but improvements over it and all contemporary handsets support it. The question is particularly pressing since data traffic has for quite a while accounted for more than 90% of network usage in volume and grows faster than backhaul can be deployed and cells made smaller while spectral efficiency has become awfully close to theoretical optima. GSM data modes such as GPRS and its incremental improvements have their purpose well, but they are hacks shoehorning data into a TDM voice world – nothing like the native capabilities of UMTS. Of course, modern marketing knows the value of nostalgia as an advertising vector, but I suspect that the market of users who insist on GSM for nostalgia’s sake may not be sufficient to justify its cost.

Some manufacturers nowadays offer unified RAN infrastructure that supports both UMTS and GSM on a single piece of equipment – and many antennas are now multiband, but there is still an awful amount of specific equipment with the associated duplicated costs… And then there is the effort of maintaining the software for two entirely independent systems, each with its own bugs, quirks and yearly upgrades attempting to squeeze more throughput out of a slice of spectrum that is not going to expand – a single large operator typically has dozens of people whose workload could be cut in half overnight. I for one would love to spend more time on GIS software for the fiber optics infrastructure and less dealing with the Jurassic park.

So what are we waiting for ? Don’t we understand that frequencies are too precious to be wasted on obsolete protocols ? Let’s recycle ! Let GSM retire ! Taiwan’s ministry of transportation and communications is already working on it…

I have owned an an HTC “G2″ Magic for almost two years and one of my biggest disappointments with the Android operating system has been my inability to find a decent Jabber client. On the desktop, my love of Psi has been going on for half a decade but my encounters with mobile Jabber clients have been nothing but disappointments.

On Android in the past two years I have tried them all, including notables such as Jabbdroid, Beem, Jabiru, Yaxim, Emess and many others not even worth citing. Some of them are hampered by a slow graphical user interface, some deplete batteries in a hurry, some lack features I consider essential, some even crash on receiving a message and not a single one is capable of remaining connected while the radio segment hops from GPRS to UMTS to Wi-Fi and back again… They won’t even try to reconnect – leaving me slack-jawed at the lack of such a basic feature when there is even a standard Android class that notifies applications when network connectivity changes.

Enter Xabber – it does everything I expect from an Android Jabber client. Yes, it really does – you can drop that unbelieving face. I’ll spare you the whole features list… Let’s just focus on what I was looking for :

• Permanent tray icon as link to contacts lists
• vCard based avatars
• XMPP priorities
• Groups
• Contacts list management
• TLS/SSL support
• Full Unicode support
• Chat history
• Parameters for just enough customization
• Multi User Chat – you can even join multiple rooms
• Does not deplete the batteries too quickly
• Reconnects promptly after each disconnection while the radio segment hops from GPRS to UMTS to Wi-Fi and back again

As a bonus it publishes geographical location, but I have no idea where it gets it from, nor if it is supposed to implement XEP-0080.

Don’t you love the feeling of discovering a new application and finding that it behaves the way you expect, as if the developers had been reading your mind and making helpful suggestions about the fuzzy parts of what they had read ? On Android K-9 Mail is the only other example I can think about… Yes, Xabber is that good.

The only downside of Xabber is that the code is not free… The site does not even mention a license. So you don’t know what lies hidden inside, you can’t modify it and you are at the mercy of the developer changing his mind and starting to ask for money for further versions. But even as a Free software fanboy I’m willing to live with that for now – I’m so relieved to at last have something that works.

From now on, expect to find me online while I’m on the move !

I loathe Facebook and its repressive user-hostile policy that provides no value to the rest of the Web. But like that old IRC channel known by some of you, I keep an account there because some people I like & love are only there. I seldom go to Facebook unless some event, such as a comment on one of the posts that I post there through Pixelpipe, triggers a notification by mail. I would like to treat IRC that way: keeping an IRC application open and connected is difficult when mobile or when using the stupid locked-down mandatory corporate Windows workstation, and I’m keen to eliminate that attention-hogging stream from my environment – especially when an average of two people post a dozen lines a day, most of which are greetings and mealtimes notifications. But when a discussion flares up there, it is excellent discussion… And you never know when that will happen – so you need to keep an eye on the channel. Let’s delegate the watching to some automation !

So let me introduce to you to my latest short script : bipIRCnickmailnotify.sh – it sends IRC log lines by mail when a specific string is mentioned by other users. Of course in the present use case I set it up to watch for occurrences of my nickname, but I could have set it to watch any other string. The IRC logging is done by the bip IRC proxy that among other things keeps me permanently present on my IRC channels of choice and provides me with the full backlog whenever I join with a regular IRC client.

This Unix shell script also uses ‘since’ – a Unix utility similar to ‘tail’ that unlike ‘tail’ only shows the lines appended since the last execution. I’m sure that ‘since’ will come handy in the future !

So there… I no longer have to monitor IRC – bipIRCnickmailnotify.sh does it for me.

With trivial modification and the right library it could soon do XMPP notifications too – send me an instant message if my presence is ‘available’ and mail otherwise. See you next version !

I work for a very large corporation. That sort of companies is not inherently evil, but it is both powerful and soulless – a dangerous combination. Thus when dealing with it, better err on the side of caution. For that reason, all of my browsing from the obligatory corporate Microsoft Windows workstation is done trough a SSH tunnel established using Putty to a trusted host and used by Mozilla Firefox as a SOCKS proxy. If you do that, don’t forget to set network.proxy.socks remote DNS to true so that you don’t leak queries to the local DNS server.

In addition to the privacy benefits, a tunnel also gets you around the immensely annoying arbitrary filtering or throttling of perfectly reasonable sites which mysterious bureaucracies add to opaquely managed exclusion lists used by censorship systems. The site hosting the article you are currently reading is filtered by the brain-damaged Websense filtering gateway as part of the “violence” category – go figure !

Anyway, back on topic – this morning my browsing took me to Internode’s IPv6 site and to my great surprise I read “Congratulations! You’re viewing this page using IPv6 (  2001:470:1f12:425::2 ) !!!!!”. A quick visit to the KAME turtle confirmed : the turtle was dancing. The surprising part is that our office LAN is IPv4 only and the obligatory corporate Microsoft Windows workstation has no clue about IPv6 – how could those sites believe I was connecting through IPv6 ? A quick ‘dig -x 2001:470:1f12:425::2′ cleared the mystery : the reverse DNS record reminded me that this address is the one my trusted host gets from Hurricane Electric’s IPv6 tunnel server.

So browsing trough a SOCKS proxy backed by a SSH tunnel to a host with both IPv4 and IPv6 connectivity will use IPv6 by default and IPv4 if no AAAA record is available for the requested address. This behaviour has many implications – good or bad depending on how you look at it, and fun in any case. As we are all getting used to IPv6, we are going to encounter many more surprises such as this one. From a security point of view, surprises are of course not a good thing.

All that reminds me that I have not yet made this host available trough IPv6… I’ll get that done before the World IPv6 Day which will come on 8th June 2011 – a good motivating milestone !

Piled Higher & Deeper and Savage Chickens nailed it (thanks redditors for digging them up) : we spend most of our waking hours in front of a computer display – and they are not even mentioning all the screens of devices other than a desktop computer.

According to a disturbing number of my parent’s generation, sitting in from of a computer makes me a computer scientist and what I’m doing there is “computing”. They couldn’t be further from the truth : as Edsger Dijkstra stated, “computer science is no more about computers than astronomy is about telescopes”.

The optical metaphor doesn’t stop there – the computer is indeed transparent: it is only a windows to the world. I wear my glasses all day, and that is barely worth mentioning – why would using a computer all day be more newsworthy ?

I’m myopic – without my glasses I feel lost. Out of my bed, am I really myself if my glasses are not connected to my face ?

Nowadays, my interaction with the noosphere is essentially computer-mediated. Am I really myself without a network-attached computer display handy ? Mind uploading still belongs to fantasy realms, but we are already on the way toward it. We are already partly uploaded creatures, not quite whole when out of touch with the technosphere, like Manfred Macx without his augmented reality gear ? I’m far not the only one to have been struck by that illustration – as this Accelerando writeup attests :

“At one point, Manfred Macx loses his glasses, which function as external computer support, and he can barely function. Doubtless this would happen if we became dependent on implants – but does anyone else, right now, find their mind functioning differently, perhaps even failing at certain tasks, because these cool things called “computers” can access so readily the answers to most factual questions ? How much of our brain function is affected by a palm pilot ? Or, for that matter, by the ability to write things down on a piece of paper ?”

This is not a new line of thought – this paper by Andy Clark and David Chalmers is a good example of reflections in that field. Here is the introduction :

“Where does the mind stop and the rest of the world begin? The question invites two standard replies. Some accept the demarcations of skin and skull, and say that what is outside the body is outside the mind. Others are impressed by arguments suggesting that the meaning of our words “just ain’t in the head”, and hold that this externalism about meaning carries over into an externalism about mind. We propose to pursue a third position. We advocate a very different sort of externalism: an active externalism, based on the active role of the environment in driving cognitive processes”.

There is certainly a “the medium is the message” angle on that – but it goes further with the author and the medium no longer being discrete entities but part of a continuum.

We are already uploading – but most of us have not noticed yet. As William Gibson puts it: the future is already here – it’s just not very evenly distributed.

In France, at least two mobile networks operators out of three (I won’t tell you which ones) have relied on Cell ID alone to identify cells… A mistake because contrary to what the “Cell ID” moniker suggests, it can’t identify a cell on its own.

A cell is only fully identified by combining with the Location Area Identity (LAI). The LAI is an aggregation of Mobile Country Code (MCC), Mobile Network Code (MNC – which identifies the PLMN in that country) and the Location Area Code (LAC – which identifies Location Area within the PLMN). The whole aggregate is called Cell Global Identification (CGI) – a rarely encountered term, but this GNU Radio GSM architecture document mentions it with details.

Since operators run their networks in their own context, they can consider that MCC and MNC are superfluous. And since the GSM and 3G specifications defines the Cell ID as a 16 bit identifier, the operators have believed that they had plenty for all the cells they could imagine, even taking multiple sectors into account – but that was many years ago. Even nowadays there are not that many cells in a French GSM network, but the growth in the number of bearer channels was not foreseen and each of them requires a different CellID – which multiplies the number of cells by their number.

So all  those who in the beginnings of GSM and in the prehistory of 3GPP decided that 65536 identifiers ought to be enough for everyone are now fixing their information systems in a hurry as they run out of available identifiers – not something anyone likes to do on a large critical production infrastructure.

Manufacturers and operators are together responsible for that, but alas this is just one occurrence of common shortsightedness in information systems design. Choosing unique identifiers is a basic modeling task that happens early in the life of a design – but it is a critical one. Here is what Wikipedia says about unique identifiers :

“With reference to a given (possibly implicit) set of objects, a unique identifier (UID) is any identifier which is guaranteed to be unique among all identifiers used for those objects and for a specific purpose.”

The “specific purpose” clause could be interpreted as exonerating the culprits from responsibility : given their knowledge at the time, the use of Cell ID alone was reasonable for their specific purpose. But they sinned by not making the unique identifier as unique as it possibly could. And even worst, they sinned by not following the full extent of the specification.

But I won’t be the one casting the first stone – hindsight is 20/20 and I doubt that any of us would have done better.

But still… Remember kids : make unique identifiers as unique as possible and follow the specifications !

Stumbling upon a months old article by my friend George’s blog expressing his idea of local social networking, I started thinking about Bluetooth again – I’m glad that he made that resurface.

Social networking has been in the air for about as long as Bluetooth exists. The fact that it can be used for reaching out to local people has not escaped obnoxious marketers nor have the frustrated Saudi youth taken long to innovate their way to sex in the midst of the hypocritical Mutaween.

Barely slower than the horny Saudi, SmallPlanet CrowdSurfer attempted to use Bluetooth to discover the proximity of friends, but it apparently did not survive: nowadays none of the likes of Brightkite, Gowalla, Foursquare or Loopt takes advantage of this technology – they all rely on the user checking-in manually. I automated the process for Brightkite – but still it is less efficient than local discovery and Bluetooth is not hampered by an indoor location.

People like George and me think about that from time to time, and researchers put some thought into it too – so it is all the more surprising that there are no mass-scale deployments taking advantage of it. I found OlderSibling but I doubt that it has a large user base and its assumed spying-oriented use-cases are quite off-putting. Georges mentioned Bliptrack, a system for the passive measurement of traffic, but it is not a social networking application. I registered with Aki-Aki but then found that it is only available on Apple Iphone – which I don’t use. I attempted registration with MobyLuck but I’m still waiting for their confirmation SMS… Both MobyLuck and Aki-Aki do not seem very insistent on increasing their user population.

Nevertheless I quite like the idea of MobyLuck and Aki-Aki and I wonder why they have not managed to produce any significant buzz – don’t people want local social networking ?

With indoor navigation looking like the next big thing already rising well above the horizon, I’m pretty sure that there will be a renewed interest in using Blueetooth for social networking – but why did it take so long ?

If you can read French and if you are interested in networking technologies, then you must read Stephane Bortzmeyer’s blog – interesting stuff in every single article. Needless to say I’m a fan.

Stéphane commented an article by Nokia people : « An Experimental Study of Home Gateway Characteristics » – it exposes the results of networking performance tests on 34 residential Internet access CPE. For a condensed and more clearly illustrated version, you’ll appreciate the slides of « An Experimental Study of Home Gateway Characteristics » presented at the IETF 78′th meeting.

The study shows bad performance and murky non-compliance issues on every device tested. The whole thing was not really surprising, but it still sounded rather depressing to me.

But my knowledge of those devices is mostly from the point of few of an user and from the point of view of an information systems project manager within various ISP. I don’t have the depth of knowledge required for a critical look at this Nokia study. So I turned to a friendly industry expert who shall remain anonymous – here is his opinion :

[The study] isn’t really scientific enough testing IMHO. Surely most routers aren’t high performance due to cost reasons and most DSL users (Telco environments don’t have more than 8 Mbit/s (24 Mbit/s is max).

[Nokia] should check with real highend/flagships routers such as Linksys E3000. Other issues are common NAT issues or related settings or use of the box DNS Proxy’s. Also no real testing method explained here so useless IMHO. Our test plan has more than 500 pages with full description and failure judgment… :)

So take « An Experimental Study of Home Gateway Characteristics » with a big grain of salt. Nevertheless, in spite of its faults I’m glad that such studies are conducted – anything that can prod the consumer market into raising its game is a good thing !

This morning a French banker provided me with an explanation for the efforts of the banks at selling MVNO contracts to their customers. This explanation does not dismiss the influence of the contemporary urge to use any customer-facing operation as an excuse for selling services entirely unrelated to the core product – but it makes a little more sense.

Banks see the mobile payment wave rising high on their horizon, and they want to be part of the surfing – in a bank-centric model of course. As near field communications are coming soon to a handset near you, getting ready is a rather good idea.

To carve their rôle into the mobile payments ecosystem, banks believe that building a customer base is a good way to make sure that they will have a critical mass of users to deploy their products to when the time comes for that. In the context of a maturing market with decreasing churn rates, this makes sense – especially as the banking and insurance industry enjoys much lower churn rates than mobiles operators, and the banker’s image could have a halo effect on the mobile products they distribute.

But on the other hand, considering the leonine conditions that French mobile license holders grant to the MVNO, this is a fragile position on which to take leverage.

By the way, if you feel like working for a hot mobile payments company, take a look at the openings at Zong and say hello to Stéphane from me !

Stéphane Richard, chief executive at France Telecom, argued recently : “There is something totally not normal and contrary to economic logic to let Google use our network without paying the price”. I could barely control my hilarity.

But wait, there’s more :

Telefonica chairman Cesar Alierta said Google should share some of its online advertising revenue with carriers to compensate them for the billions of euros they are investing in fixed-line and mobile infrastructure to increase download speeds and network capacity. Alierta said that regulators should step in to supervise a settlement if no revenue sharing deal was possible between search engines led by Google and network operators. France Telecom CEO Stephane Richard said, “Today, there is a winner who Google. There are victims that are content providers, and to a certain extent, network operators. We cannot accept this”. Deutsche Telekom CEO Rene Obermann stated, “There is not a single Google service that is not reliant on network service. We cannot offer our networks for free”.

Whiners ! France Telecom, Telefonica and Deutsch Telekom are all historical monopoly operators that suffered the full impact of the internetworking revolution. It took them a while to realize that the good old times were gone for good, but I thought that with a good help of new blood they had reluctantly adapted to the new reality. Apparently I was wrong : in spite of  a decades long track record of overwhelming evidence to the contrary, executives at the incumbent club keep fantasizing about the pre-eminence of intelligent networks and how they somehow own the user. Of course I would not tax them with sheer stupidity - they are anything but stupid. This is rather a case of gross hypocrisy serving a concerted lobbying effort. And maybe after all they end up believing their own propaganda.

Users pay Internet access providers for – guess what – Internet Access. And most providers are very happy for their Internet access to do exactly what it says on the tin while they get well earned monies in exchange. Only a few of them have the political clout necessary for this blatant attempt at distorting competition – they are trying to leverage it but they will fail, again like they failed to stop local loop unbundling.

Ultimately, if large operators across Europe make a foolish coordinated move against Google, it will look suspiciously like a cartel. You can play that game with the national governments, but you definitely don’t want to do that in view of the European Comissionner for Competition.

Since Google is in the crosshair, I’ll let them have the last word :

— Guide to Net Neutrality for Google Users, cited by the Wikipedia article on Network Neutrality.

Update : I am far from the only one to feel slack-jawed astonishment at that shocking display of hypocrisy. From the repeating-something-relentlessly-does-not-make-it-true dept, Karl Bode at Techdirt published “Telcos Still Pretending Google Gets Free Ride”. You’ll find comments and more context there.

This week-end I noticed Juick, an XMPP-based microblogging system with some nice original features. But Juick is not free and its author does not seem interested in freedom. So who’s gonna save XMPP-based microblogging ?

Enter OneSocialWeb, a free, open and decentralized XMPP-based social networking platform with all the federated goodness one might expect from an XMPP-based system. Sounds good doesn’t it ?

Laurent Eschenauer is a software engineer at Vodafone Group R&D and he is the architect of OneSocialWeb – the team also has Alard Weisscher, Lorena Alvarez and Diana Cheng on board. Today he posted great news about OneSocialWeb at Vodafone’s RndBackyard :

“Two months ago, we introduced you to our onesocialweb project: an opensource project that aims at building a free, open, and decentralized social networks. We explained the idea, we showed what it looked like, and we answered many questions. However it was only a prototype running on our servers, there was no such federated social network.. yet.

Today, we have released the source code and compiled versions of the core components of our architecture. With this, you are now in a position to install your own Openfire server, load our Onesocialweb plugin, and you will immediately be part of the Onesocialweb federation. We also provide you with a command line client to interact with other onesocialweb users.

As you see, we are not releasing the web and android client today. They will require a bit more work and you should expect them in the coming weeks. This means that this first release is mainly targeting developers, providing them with the required tools and documentation to start integrating onesocialweb features in their own clients, servers and applications.

This is a first release, not an end product. Our baby has just learned to walk and we’ll now see if it has some legs. We look forward to keep on growing it with the help of the community. Please have a look at our protocol, try to compile the code, and share your feedback with us on our mailing list. You can also have a look at our roadmap to get a feel for where we are going”.

Laurent only mentions Openfire and the OneSocialWeb plugin for Openfire is the only one currently available for download on OneSocialWeb’s site, but despair not if like me you are rather an ejabberd fan : “Its protocol can be used to turn any XMPP server into a full fledged social network, participating in the onesocialweb federation“. So if everything goes well, you may bet on some ejabberd module development happening soon. And who knows what other XMPP servers will end-up with OneSocialWeb extensions.

There were some news about OpenSocialWeb about two month ago, but that was unlucky timing as the project’s message got lost in the Google Buzz media blitz. Anyway, as Daniel Bo mentions : “Many years of discussion have gone into determining what a federated social network would look like, and the OneSocialWeb doesn’t ignore that work“. Indeed, as the OpenSocialWeb mentions, it “has been built upon the shoulders of other initiatives aiming to open up the web and we have been inspired by the visionaries behind them: activitystrea.ms, portablecontacts, OAuth, OpenSocial, FOAF, XRDS, OpenID and more“. Only good stuff there – an open standard built on top of recognized open standards is an excellent sign.

All that just for microblogging ? Isn’t that a slight overkill ? Did we say this was a microblogging protocol ? No – the purpose of OneSocialWeb is much more ambitious : it is to enable free, open, and decentralized social applications. OneSocialWeb is a platform  :

“The suite of extensions covers all the usual social networking use cases such as user profiles, relationships, activity streams and third party applications. In addition, it provides support for fine grained access control, realtime notification and collaboration”.

Two weeks ago, Laurent attended DroidCon Belgium and he explained how OneSocialWeb will enable developers to create social & real-time mobile applications, without having to worry about the backend developments:

“In my view, this is one of the most exciting element of our project. Beyond the ‘open’ social network element, what we are building is truly the ‘web as a platform’. An open platform making it simple to create new social applications”.

Here are his slides from DroidCon Belgium :

Is it a threat to Status.net ? No : being an open protocol, it can be used by any system willing to interoperate with other OneSocialWeb systems. @evan has expressed interest about that and I would trust him to hedge his bets. OneSocialWeb certainly competes with Status.net’s ambitious Ostatus distributed status updates protocol, but whichever wins will be a victory for all of us – and I would guess that their open nature and their similar use-cases will let them interoperate well. Some will see fragmentation, but I see increased interest that validates the vision of an open decentralized social web.

By the way, if you have paid attention at the beginning of this article, you certainly have noticed that Laurent’s article was posted at Vodafone’s RndBackyard. Yes, you read it right : OneSocialWeb is an initiative of Vodafone Group Research and Development to help taking concrete steps towards an open social web. Now that’s interesting – are big telecommunications operators finally seeing the light and embracing the open instead of fighting it ? Are they trying to challenge web services operators on their own turf ? My take is that this is a direct attack on large social networking operators whose rising concentration of power is felt as a threat by traditional telecommunications operator who have always lived in the fantasy that they somehow own the customer. Whatever it is, it is mightily interesting – and even more so when you consider Vodafone’s attitude :

“We by no means claim to have all the answers and are very much open to suggestions and feedback. Anyone is invited to join us in making the open social web a reality”.

“We consider it important to reality check our protocol with a reference implementation”.

They are humble, they are open and they are not grabbing power from anyone but walled garden operators : this really seems to be about enabling an open decentralized social. I have such a negative bias about large oligopolistic telecommunications operators that I would have a hard time believing it if I had not had my understanding of the rational behind one of them funding this effort against the likes of Facebook… But free software and open protocols are free software and open protocols – wherever they come from !

Stéphane Bortzmeyer has a very long track record of interesting commentary about the Internet – his blog goes back to 1996. Its a pity that my compatriot doesn’t write in English more often: I believe he would find a big audience for his excellent articles. But as he told me : “Many people write in English already, English readers do not need one more writer”. I object – there is always room for good information to be brought to a greater audience. And since his writings are licensed under the GFDL, I’ll do the translation myself when I feel like it.

Maybe this will be the only of his articles I translate – or maybe there will be others in the future… Meanwhile here is this one. I chose it because DNS hijacking is a subject I am sensitive about – and maybe because of the exoticism of Chinese shenanigans…

---

Before reading this interesting article, please heed this forewarning : as soon as we talk about China, we should admit our ignorance. Most people who pontificate about the state of the Internet in China do not speak Chinese – their knowledge of the country stops at the doorstep of international hotels in Beijing and Shanghai. The prize for the most ludicrous pro-Chinese utterance goes to the Jacques Myard, representative at the National Assembly and member of the UMP party, for his support for the Chinese dictatorship [translator's note : he went on the record saying that "the Internet is utterly rotten" and went on to say that it "should be nationalized to give us better control - the Chinese did it"]. When it comes to DNS, one of the least understood Internet services, the bullshit production rate goes up considerably and sentences where both « DNS » and « China » occur are most likely to be false.

I am therefore going to try not emulating Myard, and only talk about what I know, which will make this article quite short and full of conditional. Unlike criminal investigations in US movies, this article will name no culprit and you won’t even know if there was really a crime.

DNS root servers hijacking for the purpose of implementing the policy (notably censorship) of the Chinese dictatorship has been discussed several times – for example at the 2005 IETF meeting in Paris. It is very difficult to know exactly what happens in China because Chinese users, for cultural reasons, but mostly for fear of repression, don’t provide much information. Of course, plenty of people travel to China, but few of them are DNS experts and it is difficult to get them to provide data from mtr or dig correctly executed with the right options. Reports on censorship in China are often poor in technical detail.

However, from time to time, DNS hijacking in China has visible consequences outside of Chinese territory. On the 24th March, the technical manager for the .cl domain noted that root server I, anycast and managed by Netnod, answered bizarrely when queried from Chile :

$ dig @i.root-servers.net www.facebook.com A

; <<>> DiG 9.6.1-P3 <<>> @i.root-servers.net www.facebook.com A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7448
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.facebook.com.              IN      A

;; ANSWER SECTION:
www.facebook.com.       86400   IN      A       8.7.198.45

;; Query time: 444 msec
;; SERVER: 192.36.148.17#53(192.36.148.17)
;; WHEN: Wed Mar 24 14:21:54 2010
;; MSG SIZE  rcvd: 66

[translator's note : sign of the times, the Chilean administrator chose to query facebook.com - google.com and, before that, microsoft.com used to be classic example material Mauricio used facebook.com (or twitter.com) because it is hijacked by the chinese govt, unlike microsoft.com (or even google.com)]

The root servers are not authoritative for facebook.com. The queried server should therefore have answered with a pointer to the .com domain. Instead, we find an unknown IP address. Someone is screwing with the server’s data :

• The I root server’s administrators as well as its hosts deny any modifications of the data obtained from VeriSign (who manages the DNS root master server).
• Other root servers (except, oddly, D) are also affected.
• Only UDP traffic is hijacked – TCP is unaffected. Traceroute sometimes ends up at reliable instances of the I server (for example, in Japan) which seem to suggest that the manipulation only affects port 53 – the one used by the DNS.
• Affected names are those of services censored in China, such as Facebook or Twitter. They are censored not just for political reasons, but also because they compete with Chinese interests.

If you want to check it yourself, 123.123.123.123 is hosted by China Unicom and will let you resolve a name :

% dig A www.facebook.com @123.123.123.123 

; <<>> DiG 9.5.1-P3 <<>> A www.facebook.com @123.123.123.123
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44684
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.facebook.com.              IN      A

;; ANSWER SECTION:
www.facebook.com.       86400   IN      A       37.61.54.158

;; Query time: 359 msec
;; SERVER: 123.123.123.123#53(123.123.123.123)
;; WHEN: Fri Mar 26 10:46:52 2010
;; MSG SIZE  rcvd: 66

37.61.54.158 is a currently unassigned address and it does not belong to Facebook. [translator's note : I get 243.185.187.39 which is also abnormal]

It is therefore very likely that rogue root servers exist in China and that Chinese ISP have hacked their IGP (OSPF for example) to hijack traffic bound toward the root servers. This does not quite explain everything – for example why the known good instances installed in China still see significant traffic. But it won’t be possible to know more without in-depth testing from various locations in China. A leak from this routing hack (similar to what affected YouTube in 2008) certainly explains how the announcement from the rogue server reached Chile.

« The Great DNS Wall of China » and « Report about national DNS spoofing in China » are among the reliable sources of information about manipulated DNS in China.

For more information about the problem described in this article, you may also read « China censorship leaks outside Great Firewall via root server » (a good technical  article), « China’s Great Firewall spreads overseas » or « Web traffic redirected to China in mystery mix-up ».

This article is distributed under the terms of the GFDL. The original article was published on Stéphane Bortzmeyer’s blog on the 26 March 2010 and translated by Jean-Marc Liotier the same day.

Valued Lessons wrote :

A lot has been written lately about Google Maps Navigation. Google is basically giving away an incredible mapping application with good mapping data for free. Why would they do such a thing? Most of the guesses I’ve seen basically say “they like to give stuff away for free to push more advertisements”. That’s close, but everyone seems to have missed a huge detail, perhaps the most important detail of all.

Google is an advertisement company, particularly skilled at targeted advertisements. Almost all of their revenue comes from being able to show you ads that you want to see when you want to see them. What does this have to do with maps and navigation? Well, this is going to seem really obvious once you read it, but no one seems to have mentioned it yet, so here it goes:

Google will know everywhere you drive, and when.

Valued Lessons goes on to detail ways Google could use that data to refine the targeted advertisement that represents the lion’s share of Google’s revenue. But there is another reason for pushing Google Navigation…

Now that they have found the way to gather start harvesting the data at a really massive scale they are able to go head to head with all the navigation software editors that have provide traffic information. Here is a nice business model :

• Get the free version of Google Navigation deployed to as many terminals as possible.
• Harvest traffic data.
• Sell traffic data as a premium service. Or just give it away and kill everyone else…

Mobile network operators I know are going to hate this. They make partnerships with the likes of TomTom, only to be entirely bypassed by Google ! I love it.

Let’s take a look at what TomTom wanted to do :

TomTom will use two main sources of information, occasionally complemented by others.

First, travel times deduced from the movement patterns of mobile phones. TomTom has made an agreement with Vodafone NL, allowing us to use (anonymously) the country’s 4 million Vodafone customers as a potential source of information and developed the technology to transform this monitoring information from the mobile network into reliable travel time information.

Secondly, historical FCD (Floating Car Data) from our own customers. Every TomTom navigation system is equipped with a GPS sensor, from which one can determine the exact location of a car.

Yes, Google can do all that too.

The process of obtaining data TomTom has developed results in highly detailed traffic information. In the Netherlands, for example, it means up-to-date travel times per road segment for approximately 20,000 km of road (see figure) and historical information per road segment for all major roads in the country, approximately 120,000 km.

TomTom has developed the technology in-house to calculate travel times across the entire road network, by processing the monitoring data from the mobile telephone network through TomTom’s Mobility Framework software.

And that’s information from before 2007… Imagine what can be done today !

Letting Google know where you go and letting Google mine that data is the reason for Google Latitude too… Latitude does not have the same mainstream appeal as a turn by turn navigation application, but with so many Google Maps customers now using it inside their car we are now talking Google scale !

Last week-end I ventured outside of the big city, in the land where cells are measured in kilometres and where signal is not taken for granted. So what surprised me was not to have to deal with only the faint echo of the network’s signal. Cell of origin location on the other hand was quite a surprising feature in that environment : sometimes it works with an error consistent with the cellular environment, but often the next moment it estimated my position to be way further from where I actually was – 34 kilometres west in this case.

The explanation is obvious : my terminal chose to attach to the cell it received best. Being physically located on a coastal escarpment, it had line of sight to a cell on the opposite side of the bay – 34 kilometres away.

But being on the edge of a very well covered area, it was regularly handed over to a nearby cell. In spite of the handover damping algorithms, this resulted in a continuous flip-flop nicely illustrated by this extract of my Brightkite account’s checkin log :

Isn’t that ugly ? Of course I won’t comment on this network’s radio planning and cell neighbourhood settings – I promised my employer I will not mention him anymore. But there has to be a better way and my device can definitely do something about it : it is already equipped with the necessary hardware.

Instant matter displacement being highly unlikely for the time being, we can posit that sudden movement of kilometre-scale distances will result in the corresponding acceleration. And the HTC Magic sports a three axis accelerometer. At that point, inertial navigation immediately springs to mind. Others have thought about it before, and it could be very useful right now for indoor navigation. But limitations seem to put that goal slightly out of reach for now.

But for our purposes the hardware at hand would be entirely sufficient : we just need rough dead reckoning to check that the cell ID change is congruent with recent acceleration. With low quality of the acceleration measurement, using it as a positioning source is out of question, but it would be suitable for dampening the flip flopping as the terminal suffers the vagaries of handover to distant cells.

So who will be the first to refine cell of origin positioning using inertial navigation as a sanity check ?

Let’s go out on  a limb and make a prediction. In five years, in dense urban areas, you will get your ADSL at cost, provided you subscribe to your telecommunications operator’s mobile offering.

Three major trends are at play :

• Cells are getting smaller
• Radio throughput is increasing
• ADSL throughput is not going anywhere

Once cell throughput approaches ADSL throughput, the value of ADSL drops to zero. Why bother with ADSL when you have unlimited traffic at decent speeds with no geographical limitations ? In Paris, I seldom bother to even switch on my Android G2′s Wi-Fi networking – now it is all UMTS, all the time.

Why not ADSL for free ? As I can even get full motion video on demand on my mobile communicator, the availability of video services on the ADSL remains an incentive only if I’m interested in high definition. But to some people, high definition is important so ADSL retains some perceived value. In addition, giving away free ADSL access bundled with a mobile subscription would be gross abuse of a dominant position by operators protected behind the barrier to entry that their license affords them – so the worse they can do is selling ADSL at cost. But it is nevertheless tempting to squeeze out the perceived value of ADSL from the consumer’s point of view in order to cut the fixed access pure player’s oxygen supply. Isn’t life so much more comfortable among oligopolistic old pals ? Marginalization of ADSL pure players will be even worse if they are not playing along in the fiber optics arms race.

So the incentives combine :

• Users want the convenience of permanent unlimited cell access
• Operators are happy to squeeze out ADSL pure players

As a result, cell traffic increases and leads us to the next step of this self-reinforcing process : femtocells. Spectral efficiency nearing the Shannon limit, antenna diversity, spectral multiplexing and other 3G MIMO techniques can combine to provide the peak throughput that all the shiny marketing pie in the sky presentations promise. But in operations in the field those speeds are not achieved unless you camp under the antenna. For example, LTE 2×2 MIMO is advertised at a peak throughput of 173 Mb/s but actual rates are somewhere between 4 and 24 Mb/s in 2×20 MHz. They drop sharply as distance increases and it gets worse as the cell gets crowded. So there will be strong user demand for small cells – demand theoretically exists until there is one cell per user.

Approximately 60% of mobile usage already takes place indoors, yet providing in-building coverage is a technical problem at the gigahertz frequencies used for Wimax and LTE. This is only set to get worse as the mobile continues to replace the home phone. Research indicates that, as “all you can eat” data packages become commonplace, this number is likely to reach 75% by 2011.

Doug Puley – “The macrocell is dead, long live the network”, 2008

With the user spending more than 60% of his time indoors, there will be a fixed line access nearby. Extension of the access network on top of ADSL and FTTH links is already underway to increase capacity and compress costs by getting the data off the mobile network as close to the user as possible. Femtocells work well on ADSL too. So ADSL will remain useful as a way for mobile operator to shed load from the rest of the access network. And on top of that, ADSL lets the operator reach subscribers in areas not covered by the radio network.

So to mobile operators who offer fixed line access, ADSL could soon be considered as a mere adjunct to their core offering : mobile access. That could add yet more pressure on the game of musical chairs of mobile access frequencies license allocation. Why not attempt to exclude the competition that does not own a mobile network ? That leads us to ADSL access at cost – or slightly below that if the operator is willing to be naughty and deal with the market regulator. It will happen sooner than you think.

By the way, for a wealth of data about 3GPP evolution from UMTS-HSPA to LTE & 4G, you can take a look at this  September 2009 report by Rysavy Research. It provides about all you need to know about it and it is nearly as good as what I get internally from SFR.