Webremixed Articles for tags: domains

Dyn Inc. Acquires EditDNS and Launches Dynect SMB

Wed, 01 Sep 2010 21:58:00 GMT

Dynamic Network Services Inc. (Dyn Inc.), today announced the acquisition of EditDNS and the launch of Dynect SMB, offered on its IT services storefront, DynDNS.com, further cementing its position as the world's fastest growing provider of managed DNS. The acquisition of EditDNS is Dyn Inc.'s second in 2010, preceded by January's purchase of EveryDNS.

Dyn Inc. continues to follow through on its commitment to playing a large part in the consolidation of the DNS space, while improving the Domain Name System, overall. "There is no doubt in my mind that we are doing the right thing by handing our company off to Dyn," said Tyler Hall, Founder of EditDNS, a Phoenix based DNS company. "Dyn has been the leader in the industry for a very long time and has always stepped up when other competitors, such as us, needed help. They're here to make DNS better and that's why they are ahead of everyone else,"

Today also marks the formal launch of Dynect SMB, an entry point for small and medium sized businesses and startups in need of rock-solid globally redundant Anycast DNS infrastructure, demanding the lowest possible DNS latency (the Dynect Network delivers sub 30ms DNS lookup times), and seeking robust APIs (SOAP and REST) to tie into cloud services like Amazon AWS, GoGrid, Rackspace Cloud, Heroku or Joyent.

"Alongside the acquisition of EditDNS, Dynect SMB showcases our dedication to servicing customers of all sizes and scopes," said Kyle York, Dyn Inc., VP Sales & Marketing. "We originally built the Dynect Platform for two reasons. One, we did an audit of our consumer network and realized several big companies were using it and wanted more. Two, we realized that the premium Anycast DNS market lacked options and we could offer choice. Dynect SMB is our answer for SMBs and competitively positions us against low-cost providers like DNS Made Easy, Zone Edit, TZO and DNS.com."

Dynect SMB bridges the gap between their consumer service DynDNS.com's Custom DNS ($30/year) and their comprehensive Anycast solution, the Dynect Platform ($195/month and up) for enterprise organizations. Dyn Inc. has developed a reputation as an agile and affordable company that obsessively supports the scalability of its customers, yet to be known startups on Dynect SMB: Etacts, Weedle, Geek Call and Extole, to unprecedented Web success stories on the Dynect Platform: Pandora, GoWalla, Twitter and Zappos. "Growing quickly can be a real hazard to new businesses, so it made more sense for me to start with something I could grow into, rather than grow out of," said Dynect SMB user Peter Combs, Do it Yourself Solar Photovoltaics. "Dynect SMB is an affordable option that gives my business the competitive edge to grow."

Dynect SMB offers two packages based on Web traffic (Queries per Month) and number of domain names. With any package, customers will have full access to Dyn Inc.'s 14 global Anycast datacenters (growing to 17 PoPs by year end), Dynamic DNS, an easy to manage user interface, multiple login capability, REST/SOAP APIs and affordable monthly plans starting at only $30/month.

"Dyn Inc has now positioned itself as an Internet Infrastructure company, providing core technology that is always available to individuals and enterprises," said Jeremy Hitchcock, CEO of Dyn Inc. "Stay tuned for further product launches and acquisition news over the coming months."

ARF is Now an IETF Standard

Wed, 01 Sep 2010 16:57:00 GMT

When a user of a large mail system such as AOL, Yahoo, or Hotmail reports a message as junk or spam, one of the things the system does is to look at the source of the message and see if the source is one that has a feedback loop (FBL) agreement with the mail system. If so, it sends a copy of the message back to the source, so they can take appropriate action, for some version of appropriate. For several years, ARF, Abuse Reporting Format, has been the de-facto standard form that large mail systems use to exchange FBL reports about user mail complaints.

Until now, the only documentation for ARF was a draft spec originally written Yakov Shafranovich (CircleID) in 2005, and occasionally updated originally by him and later by other people including myself. Earlier this year, the IETF chartered a working group called MARF which took that draft, brought the references up to date, stripped out a lot of options that seemed useful five years ago but in practice nobody ever used, and this week it was finally published as RFC 5965.

ARF (or now MARF) is quite simple, a version of the existing Multipart/Report message format that includes information about the report, such as the address of the recipient, descriptive text for a human reader, and a copy of the offending message. Having a standard format for reports, simple though it is, makes them much easier to process. For my tiny system, for example, nearly all of the trickle of reports are about mailing list messages. When a FBL report arrives, an automated script looks at the report and the message, and in the usual case that it's from a mailing list, it creates an unsubscribe request to remove the person from the list. Otherwise, it passes the message along to the human manager so I can decide what, if anything, to do about it. Larger mail systems also use them to collect statistics about their mail-sending customers.

The IETF process works particularly well when it standardizes existing practice, and ARF/MARF is an excellent example of that. The differences between the earlier drafts and the final version make it clearer and more precise, and it's now a proper standard we can cite:

Abuse Reporting Format! Ask for it by name: RFC 5965!

Written by John Levine, Author, Consultant & Speaker

Google Voice: Race to the Bottom for Telephony - or Something Else?

Tue, 31 Aug 2010 19:26:00 GMT

Just when you thought making phone calls couldn't get any cheaper, along comes last week's news from Google about their latest iteration of Google Voice. There have been several steps along the way for Google to get to this point, and there are a host of reasons why this news is of interest to service providers of all stripes. I often write about how certain technologies and disruptive forces change the business of being a service provider, and this is but the latest example.

Ever since Vonage came to market, residential carriers have been faced with declining revenues for landline service, which itself is quickly losing ground to wireless substitution. Then Skype came along and brought desktop VoIP to a whole new level of adoption. Along with that came a new value proposition for voice. Whereas Vonage was offering a lower cost monthly plan, Skype was offering free or near free voice, driving the price down to levels that no conventional service provider could sustain.

Google has its own take on voice, which is why this story should be of interest to service providers. Vonage is marketed primarily as a replacement service for POTS, making it a direct competitor to telcos. Nothing complicated there—it's really just a price game, but telcos do have more options to bundle telephony with other things—and of course, even more so for cable operators.

Skype is primarily a Web-based IM/chat service, on top of which they do voice very well, and at low cost to subscribers. As popular as Skype is, their proprietary technology keeps them a bit inside their own sphere. They are still a major threat to telcos, but when positioned a bit differently, they can be a very good complement.

The latest news with Google, though, is something entirely different. Their calling service—Google Voice—is mainly an add-on to Gmail, and works a lot like Skype. As such, it's not a pure telephony service like Vonage, and it's not really built off IM/chat like Skype; it's built around email. Of course, Google has all these other tools, but email is ubiquitous, and Google has been successful building a strong user base here. Gmail binds the user more deeply than IM/chat, making it a great platform for both business and personal usage. I'm not alone in noticing these days that when you get a personal email address as a backup for someone you're working with, more often than not it's a Gmail address.

Google already has GTalk, which supports free online calls between Google users—and is comparable to the free calling Skype users have among themselves. Google Voice is much bolder and is their answer to Skype Out/In, and gives Gmail users a PSTN interface to make calls to the rest of the world. In the short term, this may take a bite out of Skype in that Google Voice calls within the U.S. and Canada will be free until year end (but maybe longer). Longer term - along with Skype - Google Voice is more of a threat to telcos as they accelerate the race to the bottom, bringing the value of a voice call pretty much down to where email is.

Why are they doing this?

In my view, it's not to put the telcos out of business. They're offering domestic PSTN calls for free, in the hopes of subsidizing them by charging two cents a minute for international calls. Fair enough, but I don't see that happening, and Google really doesn't need to make money with this service. Of course, free beats paid any day—so long as the quality is comparable—and I see them making the voice pie bigger, much the way Skype has. The key for me is more about how Google Voice interacts with Gmail. By escalating an email message to a free phone call, users will stay longer in the Google environment, and the ability to transcribe voicemail will certainly appeal to some.

However, I think there's more to the story. Am mentioned, Google is coming from a different place than Skype, who depends almost solely on those Skype In/Out minutes for revenues. VoIP service is not expensive to provide, and Google has spent relatively little to get in the game. I would contend that the vast majority of their Google Voice capability comes from three small acquisitions that cost them maybe $150 million. When you think about the annual Capex budget of any incumbent, this really is pocket change. Going back to 2007, they acquired GrandCentral; last year they acquired Gizmo5, and a few months ago, they added Global IP Solutions. Collectively these companies have given them the pieces to offer a very appealing VoIP-to-PSTN service globally, and if they never make a penny from it, so be it.

As mentioned, free beats paid, and there's no better incentive to get people to use your service. Look how long Vonage has been around, and they barely have two million subscribers. Unlike Skype, Google doesn't have to build its user base from scratch, and it won't take long for them to start logging millions of calls. Just consider what happens when school resumes next month, and students will be falling over each other to make free calls home from those super-retro red UK phone booths that will be popping up on college campuses (and solar powered to boot).

As such, Google Voice will be one more reason to cut the cord, and the race to zero just picked up some speed. Thanks to Gizmo5, Google Voice is SIP-based and works nicely on both softphones and hand-held endpoints. Short term, there will be some cannibalization with Android by competing with voice from data plans, but Google will figure out how to make all these pieces fit. This is actually where the GIPS acquisition comes in, with their ability to support both voice and video over mobile devices, which in turn can make Google Voice a great add-on for businesses.

While Google Voice is primarily an outbound telephony service, I think they'll be able to take free calling beyond the desktop, and that's really what service providers need to be thinking about. Free on the desktop is one thing, but when you push out to mobile devices, things get more complicated. If this isn't enough, I think there's a separate agenda at work here, and it's something I've commented about elsewhere for quite some time.

Google is really interested in the voice business, not to make life difficult to telcos, but as a source of raw material—snippets from voicemail and live calls, if you will—that can be harvested for search. I'm not sure about the regulatory issues around this—and apparently Google has been vague here—but certainly for voicemail, free calls will generate a huge cache of "content" that they can apply speech recognition algorithms to and build an archive of audio-based search prompts. Once those audio cues are transcribed into text, they can become hugely valuable for the next frontier—mobile search. This sounds a bit on the dark side ("do no evil" as we're told), but it's a far better way to monetize voice than charging a few cents a minute or a few dollars a month. When viewed from this lens, Google Voice is a very different business than Skype, Vonage, or any telco for that matter. Disruption comes in many forms, and we're seeing a new one with Google Voice. Don't let the race to zero fool you; I think it's just a side-show compared to what Google really has in mind.

This article of mine originally ran today on my Service Provider Views column on TMCnet.

Written by Jon Arnold, Principal, J Arnold & Associates

Stopping the Flow of Online Illegal Pharmaceuticals

Tue, 31 Aug 2010 16:24:00 GMT

Reading through Brian Kreb's blog last week, he has an interesting post up on the White House's call upon the industry on how to formulate a plan to stem the flow of illegal pharmaceuticals:

The Obama administration is inviting leaders of the top Internet domain name registrars and registries to attend a three-hour meeting at the White House next month about voluntary ways to crack down on Web sites that are selling counterfeit prescription medications.

The invitation, sent via e-mail on Aug 13 by White House Senior Adviser for Intellectual Property Enforcement Andrew J. Klein, urges select recipients to attend a meeting on Sept. 29 with senior White House and cabinet officials, including Victoria Espinel, the Obama administration's intellectual property enforcement coordinator.

"The purpose of this meeting is to discuss illegal activity taking place over the internet generally, and more specifically, voluntary protocols to address the illegal sale of counterfeit non-controlled prescription medications on-line," the invitation states.

Klein did not return calls seeking more information. A spokeswoman for the White House Office of Management and Budget confirmed the event, but declined to offer further details. The meeting appears to be a continuation of the administration's Joint Strategic Plan on Intellectual Property Enforcement, an initiative unveiled in June that promised to "address unlawful activity on the internet, such as illegal downloading and illegal internet pharmacies."

According to the World Health Organization, approximately 8 percent of the bulk drugs imported into the United States are counterfeit, unapproved, or substandard, and 10 percent of global pharmaceutical commerce—or $21 billion—involves counterfeit drugs. LegitScript.com, a verification service for online pharmacies, is currently tracking more than 45,000 rogue Internet pharmacies.

It is unclear to me whether or not the goal of this initiative is to stem the flow of online crime in general or to reduce the flow of illegal pharmaceuticals flowing into the United States (since presumably this cuts into the profits of large pharmaceutical companies… who would naturally want to see their profit margins increased in return for pledging their support for health care reform that was passed earlier this year). Assuming that the target of this are the online pharmaceuticals, there are a few things I can think of. Unfortunately, a three hour meeting really isn't enough to get this off the ground because it is a series of interconnected events that would need to take place. Anyhow, here's a list of things I'd do:

Stopping illegal pharmaceuticals piggy-backs onto stopping illegal on the 'net. Spammers who advertise illegal software, or fake degrees, or fake enlargement pills, or fake mortgages are all basically doing the same thing. So, any strategy that is aimed at stopping those other things will extend to stopping fake pharmas as well. My point here is that concentrating only on fake pharmaceuticals may exclude strategies that scale to others.
Registrars need to get their act in gear. When a website advertising cheap Viagra goes up, somebody somewhere needs to register that site. Whoever registers is needs to do a better job of verification of the identity who registered it. The problem here is that so many of these sites are registered by registrars in foreign countries which is outside the jurisdiction of the US. However, just like in the Wizard of Oz, there's no place like home and the government can pressure domestic ones to do better proactive abuse mitigation.
WHOIS protected services are questionable. I don't deny the need for WHOIS-protected services in some cases. However, any time I am looking up a suspicious site and the WHOIS registration is protected, that's pretty much all I need to make the determination that the site is abusive. It doesn't cost much to shield your WHOIS information. If you want to do it, that's fine but there should probably be a stricter set of criteria who shielding your information like this requiring you to jump through a couple of more manual hoops.
Crack downs on spammers will go a long ways. One of the chief mechanisms of advertising illegal pharmaceuticals is through the use of spam. We all get it in our inboxes. Of course, there are other avenues of advertisement such as black search engine optimization. However, because it is not particularly difficult to send out a lot of spam and make money off of it, and because there is little chance of repercussion, spammers continue to do it. If law enforcement had more resources dedicated to prosecuting spammers such that it became more de-incentivized, then the supply part of the equation would start to dry up. In other words, putting spammers in prison will help in this regards, and this requires a prioritization of law enforcement resources. Whether or not they are willing to divert resources from one area of law enforcement to another is an open question.
Perhaps walled gardens are a good idea. In Australia, some ISPs kick infected computers off of their network if the ISP can detect that the machine connecting to it is infected with malware. Or, they redirect them to a sandbox and alert the user that they cannot continue until they clean their system. If more ISPs made this a policy, then maybe we'd have less malware abuse flowing back and forth in cyber space. I don't think I'd want government to enforce this, but perhaps ISPs might be willing to voluntarily comply with this.

This is a small list of things that could be done but by no means it is exhaustive. Running up-to-date software is a good idea, and so is running the latest patched version of one's software. What other ideas do you have to cut down on the flow of illegal online pharmaceuticals?

Written by Terry Zink, Program Manager

House of Cards

Sat, 28 Aug 2010 01:38:01 GMT

Time flies. Although it was over 18 months ago, it seems just like yesterday that a small Czech provider, SuproNet, caused global Internet mayhem by making a perfectly valid (but extremely long) routing announcement. Since Internet routing is trust-based, within seconds every router in the world saw this announcement and tried to pass it on. Unfortunately, due to the size of this single message, quite a few routers choked—resulting in widespread Internet instability. Today, over a year later, we were treated to a somewhat different version of the exact same story.

First, let's review the Czech incident from February 2009. There were many positives to take away.

It was precipitated by an honest mistake.
It was an extremely unlikely event, as many stars had to be in exact alignment.
Most of the Internet's core survived.
The response from operators was fast and efficient, with the damage largely contained within an hour.

The complete technical details can be found here.

Deja vu all over again

Fast forward to today: Friday, 27 August 2010. What do you think would happen if another large and unusual routing announcement was made on the Internet? Do you think all the router vendors have perfected their code in the past 18 months? Do you think the entire planet has upgraded to this new, improved and perfect code base? Do you think it makes sense to use the Internet as your testbed? I doubt you answered "yes" to any of these questions.

We'll begin to describe what happened today with a snippet from a private mailing list. We'll purposely leave out the technical details so that we don't inadvertently contribute to the building of a Cybernuke.

On Friday 27 August, from 08:41 to 09:08 UTC, the RIPE NCC Routing Information Service (RIS) announced a route with an experimental BGP attribute. During this announcement, some Internet Service Providers reported problems with their networking infrastructure.

Immediately after discovering this, we stopped the announcement and started investigating the problem. Our investigation has shown that the problem was likely to have been caused by certain router types incorrectly modifying the experimental attribute and then further announcing the malformed route to their peers. The announcements sent out by the RIS were correct and complied to all standards.

Um, while standards compliance is nice, it is foolhardy to assume that all BGP implementations are perfectly compliant, especially given recent history. Over 3,500 prefixes (announced blocks of IP addresses) became unstable at the exact moment this "experiment" started. Not surprisingly, they were located all over the world: 832 in the US, 336 in Russia, 277 in Argentina, 256 in Romania and so forth. We saw over 60 countries impacted by a "correct" announcement that "complied with all standards". The following graph shows the timeline of the event, followed by a map of the impacted countries by prefix count. Notice that it takes a bit for the Internet to stabilize after RIPE claims to have withdrawn the announcement at 09:08 UTC.

Conclusions

On the positive side, the incident was very brief, the damage was limited to under 2% of the Internet and the responsible parties quickly fessed up, aborting their "experiment". On the negative side, the Internet remains a very fragile place, even if that fragility is highly localized and different in different places. Standards aren't followed, code isn't tested and people make mistakes. That's life with any complex system and, while we can certainly do a better job, we will continue to see these types of events no matter what safeguards we might take. What puzzles me is how anyone thought it might be a good idea to test fate in this way. The end result was completely predictable.

Written by Earl Zmijewski, VP and General Manager, Internet Data Services

White House Calls for a Meeting with Domain Registrars, Registries, and ICANN

Fri, 27 Aug 2010 19:21:00 GMT

Brian Krebs reporting in Krebs on Secruity: "The Obama administration is inviting leaders of the top Internet domain name registrars and registries to attend a three-hour meeting at the White House next month about voluntary ways to crack down on Web sites that are selling counterfeit prescription medications..."

ICANN's Tokyo Meeting Provides a Little More Clarity on the New gTLD Program

Fri, 27 Aug 2010 15:44:00 GMT

New gTLDs continue to be a major topic of discussion within ICANN circles, and the regional meeting currently underway in Tokyo has revealed some interesting updates for potential applicants.

ICANN's Chief gTLD Registry Liaison, Craig Schwartz, delivered a great presentation on the progress being made behind closed doors at ICANN and provided the attendees with an insight into a couple of key changes that are likely to be seen in the Final Applicant Guidebook. As many of our readers would be aware, we have been waiting in anticipation for the new gTLD Final Applicant Guidebook to be approved at a previously unconfirmed meeting of the ICANN Board. The date for this meeting was today announced as September 10th.

Like many others in the industry, we'll be actively watching for the outcomes of this Board retreat where the focus will be on the new gTLD program's remaining unresolved issues. In particular, the Board's willingness to address the complicated Vertical Integration topic (given the inability of the VI Working Group to reach consensus) will be of interest to the many applicants likely to be affected by the outcome.

On another interesting note, one very important topic that has been flying under the radar is Registry Transition, namely the current requirement for new gTLD applicants to provide both a backup Registry Services organisation and a financial instrument sufficient to guarantee a minimum of three years of Registry operations in the event of the TLD owner being unable to operate it.

Obtaining a backup Registry Services provider is not particularly difficult. However, for many potential applicants (in particular smaller community-based applicants) the requirement to obtain a letter of credit from a financial organisation is an enormous burden and a significant additional cost.

Acknowledging this today and noting that the protection of the Registrant is paramount to this process, Schwartz said that ICANN had invested significant time and will further expand the recent concept of Emergency Backend Registry Operator (and yet another acronym, EBERO) whereby qualified applicants (i.e. Existing Registry Operators) could tender to ICANN to provide 'temporary' Registry Services in the event of critical failure of the Registry Operator to operate the gTLD.

This is a great initiative and should be welcomed by the community for two key reasons:

a) It has the potential to remove the requirement to name a pre-organised backup Registry Service.

b) It has the potential to reduce the level of financial guarantee to ICANN from applicants.

Other interesting points worthy of note from yesterday's session:

Communications Plan – This is being worked on by ICANN currently but won't be rolled out until the Final Applicant Guidebook is approved, almost guaranteeing that the earliest date for applications will be March or April 2011
DAGv4 Summary of Analysis – This won't be released to the public until after the Board's retreat, which is a surprise given that the public comment finished quite some time ago
IDN ccTLD Fast Track – ICANN have 33 applicants, representing 22 languages, currently under review as this program continues to drive the expansion of the internet across the globe

All in all, these small yet important pieces of information represent yet another positive step forward in the new gTLD process. I for one can't wait to see what the next few months will bring.

Click here if you want to see the presentations from the Tokyo meeting as provided by ICANN.

Written by Tony Kirsch, Senior Manager - International Business Development, AusRegistry International

IPv6 Deployed But in Unexpected Places

Thu, 26 Aug 2010 22:21:00 GMT

Eric Vyncke reporting in the NetworkWorld: "IPv6 exists for more than 15 years and it is rumored to be deployed extensively in Asia and especially in Japan and China with Africa being the last continent to deploy IPv6. Another place where there should be a lot of deployments is of course in the USA with the US Government IPv6 mandates. But, when it comes to measure where web sites are actually deployed over IPv6, the rumor proves to be just a myth..."

Ensuring Maximum Resilience to the DNS?

Thu, 26 Aug 2010 18:34:00 GMT

Yesterday CommunityDNS noticed a sudden, heavy spike in traffic through its Anycast node in Hong Kong. While comfortably processing queries at 863,000 queries per second for close to 2 hours the occurrence was undeniable. While we can't say the increase in traffic was specifically due to DDoS, its sudden increase is suspicious and reminds us that DDoS is still a popular tool used by the malicious community.

DoS and DDoS attacks are happening throughout each day. Just as UltraDNS was twice regionally impacted in 2009 by DDoS traffic, Register.com with close to a 3 day outage in 2009, and DNS Made Easy, the recent target creating close to a 1.5 hour outage for its users earlier this month, we (enterprise, ISPs, hosting firms, registrars and DNS providers) are not all immune to such malicious antics. While all queries appeared legitimate in yesterday's spike, there is no reason to believe CommunityDNS was the intended target for the sudden increase in traffic. However, it still raises the issue of the impact such malicious activity can have on the general user base as well as online economy.

Last year and earlier this year CommunityDNS worked on a study developed for the EU Commission's office of Directorate-General for Justice, Freedom and Security, regarding the resilience of the DNS for the EU and its member states. The study pointed out the affects such malicious activity has on the confidence of legitimate Internet users. Such affects erode confidence, thus the EU's online economy not able to reach its full potential. The same concept would apply to any online economy. The study also noted how "suspicious" traffic appeared more elevated in some European cities over others. A recent Forrester survey indicated organizations experienced more than 350,000 DDoS attacks in 2009. Another study, from Arbor Networks, yielded a statistic of approximately 3% of the Internet's traffic is tied to DDoS, or roughly 1,300 attacks each day.

So as the Internet marches on with the needed ramp up of DNSSEC, the rollout of IDNs and eventually the addition of new gTLDs, the malicious community continues their global activity. Such activity should make us all question, "Are we doing the best we can to ensure maximum resilience for Internet users and online economies?" The best way to ensure maximum resilience for users, businesses and the general online economy is through platform diversity. Where one has an open source-based DNS platform, a non-open source-based platform should be used. A mix of hardware platforms, upon which the open source and non-open source DNS software operates, is also necessary as the hacker community has more tricks up their sleeve than DDoS attacks. Adding hardware and software diversity into an infrastructure with strong security, ample capacity and scalability is the strongest method for ensuring maximum resilience to the DNS.

Written by Chuck Kisselburg, Director, Strategic Partnerships

The Window of Opportunity for ccTLDs

Thu, 26 Aug 2010 03:27:00 GMT

The announcement that .co has already achieved over 450,000 new registrations since the opening up of the second level a month ago demonstrates that there is strong demand in the global domain name marketplace for quality new domain spaces.

Though .co is the country code Top Level Domain (ccTLD) for Colombia, the second-level registrations (i.e. company.co) are available on a global basis and it is being pitched as a direct competitor to the dominant .com gTLD. Google has altered its algorithm to increase the relevance of search results in the .co domain by treating .co as a gTLD and allowing .co website owners to specify the geographic regions they are targeting. Though .CO Internet has the freedom enjoyed by all ccTLDs of not having to operate under ICANN's policy framework, they have elected to adopt policies that very closely match that framework, including the Uniform Domain Name Dispute Resolution Policy (UDRP).

The launch of second-level registrations under .co therefore represents, to all intents and purposes, a new gTLD launch, and appears to be a popular alternative to .com for both large corporations and small businesses, at least at this early stage. Overstock's purchase of o.co for US$350,000 shows a high degree of confidence in the new .co brand, and Twitter has also joined their list of high-profile anchor tenants, launching t.co as a secure URL shortening service. Anecdotal evidence also suggests that small businesses are taking the opportunity to secure names within this new space that they had been unable to register in .com or other spaces.

The .co launch is just the latest in a long line of examples of the opportunistic repositioning of ccTLDs to compete in the global market against the 'official' gTLDs. Colombia, like Montenegro (.me) and Tuvalu (.tv) and a number of others are simply leveraging their luck in the two-character assignment lottery by opening up their ccTLD to the world. Both Colombia and Montenegro have however tried to maintain the best of both worlds by reserving third-level registrations (such as .com.co and .com.me) for local entities, thereby providing trusted and dedicated domain spaces for the domestic market, while reaping the benefits of having a desirable ccTLD extension by opening up the second level to the world.

Despite the fact that they are globally-focused and effectively gTLDs, the success of .co and .me highlights the market opportunity that currently exists for other ccTLDs that are yet to establish a clear market position.

Of course, the vast majority of countries do not have the opportunity to reposition themselves as gTLDs to chase the global market, and in most cases there will be a clear preference to focus on the needs of the local market.

A report [PDF] released by Eurid (the .eu Registry) in June highlights the power that well-established and effectively managed ccTLDs can exert in their local markets. In Sweden, for example, the local .se ccTLD scored nearly 100% in terms of awareness and 49% for preference, compared with only 34% for .com. Similar rankings are likely to be enjoyed by other well-established ccTLDs, and we've seen similar numbers in relation to the position of .au in Australia.

Many ccTLDs however face a raft of challenges that are preventing them from achieving anything like this sort of local market position. These challenges can include the absence of local control, legacy systems, inefficient registration processes and restrictive policies, as well as a general lack of local capacity.

When ICANN's new gTLD program finally comes to fruition (likely towards the latter part of 2011), there will be a dramatic increase in choice for prospective domain name registrants across all regions and language groups. Those ccTLDs that are yet to position themselves as the pre-eminent domain space and default choice in their local markets therefore have a finite window of opportunity in which to do so, to ensure that they are not consigned to relative obscurity in the face of dozens of new Top Level Domains.

Written by Jon Lawrence, Business Development Consultant, AusRegistry International

Omnibus Cybersecurity Bill May Not Go Where Original Authors Intended

Thu, 26 Aug 2010 03:17:00 GMT

In an interview with GovInfoSecurity, Sen. Thomas Carper said that the U.S. Senate is considering attaching cybersecurity legislation to a defense authorizations bill. Though clearly a ploy to be able to say "we did something about those evil hackers" before the elections, CAUCE applauds the attempt. There can be no doubt that the United States (and many other countries) sorely needs better laws to deal with these threats.

Further, Senate Majority Leader Harry Reid has asked that the cybersecurity bills currently in front of various committees be combined into one single, omnibus bill, which would presumably then be attached to the defense authorizations bill. Here's where we start to get worried.

Each of the bills we've seen (and we surely haven't seen them all yet) have some good points, and some...let's just call them unintended consequences. In every case it's obvious that the authors' intentions were good, but they needed some expert advice from people who understand the technical and legal realities of the internet today.

One such expert, a long-time CAUCE supporter who asked to remain anonymous, shares his review of one of those bills: S. 3742, the "Data Security and Breach Notification Act of 2010." You can read the original and check its current status here.

Please note that this is not legal advice. Our expert is not a lawyer, I'm not a lawyer, and CAUCE did not consult with any lawyers before publishing this article.

Our expert says it's going to be difficult to construct a single good omnibus cybersecurity bill. The bigger and more complicated it gets, the less likely it is that anyone will actually read the bill before voting on it—particularly when they're in a hurry to go home and win an election.

He highlights a few specific items which could be troublesome for just about anyone running a mail server, a web site, or other online services which collect or transit any information:

Page 2, Section 2 (a)(2)(A): More or less everyone's going to need to have personally identifiable information (PII) security policies
Page 3, Section 2 (a)(2)(B): ... and an information security officer
Page 3, Section 2 (a)(2)(C): ... and a process for monitoring for PII breaches
Page 3, Section 2 (a)(2)(D): ... and a process for mitigating PII vulnerabilities
Page 3, Section 2 (a)(2)(E): ... and a process for securely deleting electronic records containing PII
Page 4, Section 2 (a)(2)(F): ... and a process for securely destroying paper and other non-electronic records containing PII
Page 4, Section 2 (b): If you're an "information broker" (which would include nearly anyone who collects information and shares it with anyone else), you have additional obligations, including needing to submit policies to the FTC, needing to provide consumer access to information, tracking access to information maintained by the broker, etc.
Page 13, Section 3 (a)(1): Requires notification solely to US citizens and residents in the event of a breach. Of course, that presumes you know the nationality/immigration status of those whose PII data you hold (hmm, I don't think *anyone* I know does, except for HR departments with regard to their own employees). If I were a covered entity, I'd be strongly inclined to begin soliciting that information from everyone I get PII data from, although of course that may trigger a whole different set of issues, particularly in areas where immigration related issues are a hot button topic.
Page 14, Section 3 (b)(2): Notification by a service provider triggers reporting requirements. This is going to make LOTS of friends for service providers, given the affirmative notification and credit protection obligations that customers accrue after being notified.
Page 19, Section 3 (d)(2)(A): Alternative notification is available for incidents involving LESS than 1,000 individuals. This is goofy.
Normally alternative notification is allowed as an option when the number of covered individuals is very LARGE not very small. For example, some state laws permit alternative notification in cases where costs of providing notice would exceed a quarter million dollars, the affected class of consumers to be notified exceeds 350,000, or the notifying party doesn't have sufficient contact information to provide notice.
There's language on page 22 of the draft bill that may allow regulatory additions to expand when substitute notification is permissible, but the basics for when substitute notification should be permissible should be part of the core statute, not an after-the-fact, maybe-yes, maybe-no regulatory add on by the agency.
Page 25, Section 3 (d)(2)(B): imposes compliance burdens on entities for a year before technical compliance guidance is available. Enforcement of the act should be held until the guidance envisioned by 3(d)(2)(B) is available, and realistically it will take probably an additional period after that for sites to deploy the recommended technology (new projects don't happen over night).
Page 26, Section 3 (h): Potentially requires notification in polyglot languages. This can be a huge administrative PITA—consider the "simple" case of the EU, where there are "only" 23 official languages (Bulgarian, Czech, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Hungarian, Irish, Italian, Latvian, Lithuanian, Maltese, Polish, Portugese, Romanian, Slovak, Slovene, Spanish and Swedish, plus (semi-official) Catalan, Galician, and Basque).
This section could be potentially exceptionally burdensome if the FCC suddenly mandates that sites provide notification in multiple foreign languages (I could see an argument for requiring Spanish as well as English, but there are some communities in the United States where other languages are also very common).
Page 28, Section 4 (b)(1): It seems unnecessarially combative to define all data security incidents as "unfair or deceptive acts or practices." Data security incidents are not typically something which a covered entity intentionally does, neither are such breaches typically "unfair" or "deceptive" in the same way that some TV or Internet huckster's "miracle" product or pyramid sales scheme might be.

The most persuasive argument in the other direction is probably that currently most states already have their own PII breach notification laws, and it can be a pain to try to stay in compliance with 46 different PII information security and breach notification statutes. So again, the intention is clearly good, but in practice...it needs some careful review.

So there are the results from one bill, examined by one expert. He's one of the best minds in the cybersecurity community, yet he may still have missed something. With legislation as important as this, smushing it all together and rushing to attach it to something unrelated is simply a bad idea. This is a topic which requires careful thought, from multiple people who really do know what they're doing—and who can explain it to the Congressional staffers who will write the resulting bill, and then to the Senators and Representatives who will collectively make the decision.

Once that education has occurred, it should quickly become evident that while some of these bills do overlap, others do not. Some will disagree. Some simply contain bad ideas. All of this has to be worked out. Then, finally, it might make sense to combine them—not now, and not just because they all have the prefix "cyber" in the title somewhere.

This article was originally published by CAUCE.

Written by J.D. Falk, Director of Product Strategy at Return Path

.ORG the Public Interest Registry Announced Today That Alexa Raad Has Resigned as President and CEO

Wed, 25 Aug 2010 23:26:00 GMT

The Board of Directors of .ORG the Public Interest Registry announced today that Alexa Raad, the President and Chief Executive Officer of PIR, has decided to resign from her positions with the company effective on September 24th, 2010. Her resignation concludes 3 1/2 years of service and leadership at PIR.

Under Ms. Raad's leadership, PIR's .ORG base grew by 42%, from 5.5 million to over 8.5 million registrations of .ORG domains. As a result of that growth, .ORG now also leads the industry in terms of the numbers of users that retain .ORG domains after the first and subsequent years. Moreover, during Ms. Raad's tenure, PIR pioneered efforts in internet security, such as PIR's launch of DNSSEC.ORG and initiated and led industry collaboration efforts such as the DNSSEC Coalition and Registry Infrastructure Security Group (www.RISG.org) to make the domain name space a safer and more secure place.

"I have been fortunate to work with an extraordinary team and lead PIR through a period of change to tremendous achievement. While I remain personally committed to .ORG and its core mission, the time has come for me to seek new challenges and opportunities in the private sector," said Alexa Raad.

"We are grateful to Ms. Raad for all she achieved with her team over the years, renovating and growing the company from a young start-up to leading in the industry. She was the right candidate to provide a positive and focused leadership, which served PIR well. We wish her well in her future endeavors," said Maarten Botterman, Chairman of the Board.

The Board has initiated a search committee for the next CEO. In the meanwhile, Mr. Botterman will step in as Interim CEO following Ms. Raad's departure.

About Interim CEO

Maarten Botterman is an expert in Information Society policy issues with extensive international experience, with emphasis on the impact of technology on society and governance issues, and global information security and privacy issues. He has been on the PIR Board since January 1, 2008 and is actively involved in Internet governance development. He is founder of GNKS Consult, and has an advanced degree in Business Economics.

Network Neutrality in the Wireless Space

Wed, 25 Aug 2010 22:49:00 GMT

There's been a tremendous amount written about the Google-Verizon joint proposal for network neutrality regulation. Our commentary at the EFF offers some legal analysis of the good and bad in this proposal. A lot of commentary has put a big focus on the exemption for wireless networks, since many feel wireless is the real "where it's gonna be," if not the "where it's at" for the internet.

Previously I wrote about support for the principles of a neutral network, but fear of FCC regulation and decided that the real issue here is monopoly regulation, not network regulation. My feelings remain the same. In wireless we don't have the broadband duopoly, but it is a space with huge barriers to entry, the biggest one being the need to purchase a monopoly on spectrum from the government. I don't believe anybody should get a monopoly on spectrum (either at auction or as a gift) and each spectrum auction is another monopoly bound to hurt the free network.

Most defenders of the exemption for wireless think it's obvious. Bandwidth in wireless is much more limited, so you need to manage it a lot more. Today, that's arguably true. I have certainly been on wireless networks that were saturated, and I would like on those networks to have the big heavy users discouraged so that I can get better service.

With Martin Cooper (Left), former Motorola vice president and division manager who in the 1970s led the team that developed the handheld mobile phone (as distinct from the car phone).
Source: WikipediaAs I said, on those networks. Those networks were designed, inherently, with older more expensive technology. But we know that each year technology gets cheaper, and wireless technology is getting cheaper really fast, with spectrum monopolies being the main barrier to innovation. We would be fools to design and regulate our networks based on the assumptions of the year 2000 or even on the rules of 2010. We need to plan a regime for what we expect in 2015, and one which adapts and changes as wireless technology improves and gets cheaper. Planning for linear improvement is sure to be an error, even if nobody can tell you exactly what will be for sale in 2015. I just know it won't be only marginally better or cheaper than what we have now.

The reality is, there is tons of wireless bandwidth—in fact, it's effectively limitless. Last week I got to have dinner with Marty Cooper, who built the first mobile phone, and he has noticed that the total bandwidth we put into the ether has been on an exponential doubling curve for some time, with no signs of stopping. We were in violent agreement that the FCC's policies are way out of date and really should not exist. (You'll notice that he's holding a Droid X while I have the replica Dyna-Tac. He found it refreshing to not be the one holding the Dyna-Tac.)

Bandwidth is limitless both because we keep improving it, and because we can build picocells anywhere there is demand. The picocells use very high frequencies and won't go through walls. You may think that's a bug, but actually it's a feature, because you can have two picocells in different rooms that don't interfere much with each other, and get gigabits in each individual room. While wireless use is growing quickly, much of that is coming inside buildings.

In the past, having so many cells would be too expensive. But today the electronics for the cells cost a pittance compared to what old thinking predicted. And that's going to continue. This is just one way we know to get more bandwidth for everybody.

The original question was whether it was good for somebody to be soaking up the wireless bandwidth in your area downloading a movie, and whether networks needed to throttle such users. We scream out that they should, but our thinking is short-term. It is the congestion caused by these heavy users, after all, that drives the innovation and network expansion. If we can "solve" our problem with network management rather than putting in more bandwidth, then we don't create as much incentive to make the bandwidth technology cheap. If the only way we can solve the problem is to boost the network capacity to match the wired one, that's how we will solve it.

Some have argued, in fact, that it's cheaper to solve these problems with more bandwidth than it is to solve them with network management. Network management turns out to be pretty hard, and requires lots of work by human beings, and thus it's quite expensive. And it's not getting cheaper, for it is not a problem that Moore's law (or Cooper's law) helps you as much with. Boosting the network is such a problem. And if you solve congestion this way, and drive the creation of better and cheaper products, not only do you get reduced congestion but you also get a nice fast network when it's not congested. It's a huge win for the network and for the world, since everybody gets to buy the new technology, while not everybody needs the network management.

It's been popular to tell Google they are being evil by getting together with Verizon on this deal. I suspect it's more a case of not thinking about the future. Once the FCC encodes rules into law, we'll have them for decades, and even if we're lucky enough to get the right rules today, they won't be the right rules for the future. Alas, they will probably be the rules the lobbyists want.

If the FCC or FTC want to make rules, they should be monopoly busting rules. Let's have better roaming, for example, so our devices can readily and rapidly make use of the small cells. Most new phones have 802.11, so what about a system where any operator of a short-range access point can easily make it a picocell and sell service to the wireless company (now a wireless aggregator) at negotiated or auctioned rates. Most wifi hotspots would be happy to do this at very low rates (they often do it free right now) that can easily be bundled with any plan. A hotspot that wants to charge extra might only get premium customers.

A good roaming system helps enable the ethic I think is right for spectrum sharing—"don't be selfish." Under this regime you are required to use only as much power and spectrum as you need, and if you're inside a building and there is a nice 100 megabit in-room 5ghz wireless, you should not be broadcasting to everybody for a mile around at 850mhz. Doing so is wasteful and doesn't make sense. If the FCC needs to do anything, it should slightly tweak things to encourage such good behaviour.

Written by Brad Templeton, Electronic Frontier Foundation (EFF) Boardmember, Entrepreneur and Technologist

Verizon: Advent of 4G LTE, WiMAX-Based Devices Will Only Increase the Need for IPv6

Wed, 25 Aug 2010 18:30:00 GMT

Verizon Business has a message to companies still reluctant to migrate their networks to IPv6: You're better off doing it now than later. William Schmidlapp, Verizon Business's product manager for Internet dedicated access services, says that the advent of 4G LTE and WiMAX-based devices will only increase the need to switch over to IPv6, since each of those devices will require its own IP address…

Read full story: Network World

Russian Cybercrime is Organized / Russian Cybercrime is Not Organized

Wed, 25 Aug 2010 18:23:00 GMT

I like to read other people's stories when it comes to spam, and I like Box of Meat. It's always alerting me to interesting stories around the web that deals with cyber security. But the more I read, the more I see conflicting views on the state of the criminal cybercrime world. On the one hand, the Russian criminal cybercrime underworld is a scary, organized place where people are actively trying to do the rest of us harm. On the other hand, there is the position that that position is an exaggeration of what it is actually like and that it's a bunch of ragtag folks who have some advanced computer skills but they are not formally organized. They trade amongst each other for the highest prices and exchange goods and services like the open market but they are not colluding with each other. I see this very similarly to how I see cyber warfare—on the one hand there are the hawks who believe national cyber threats are behind every corner, and on the other hand there are the doves (for lack of a better word) who claim there is no national cyber threat, it's all about crime that has moved online.

Consider excerpts from this article from the New York Times:

MOSCOW—On the Internet, he was known as BadB, a disembodied criminal flitting from one server to another selling stolen credit card numbers despite being pursued by the United States Secret Service. And in real life, he was nearly as untouchable—because he lived in Russia. BadB's real name is Vladislav A. Horohorin, according to a statement released last week by the United States Justice Department, and he was a resident of Moscow before his arrest by the police in France during a trip to that country earlier this month.

...

The seizing of BadB provides a lens onto the shadowy world of Russian hackers, the often well-educated and sometimes darkly ingenious programmers who pose a recognized security threat to online commerce—besides being global spam nuisances—who often seem to operate with relative impunity.

Law enforcement groups in Russia have been reluctant to pursue these talented authors of Internet fraud, for reasons, security experts say, of incompetence, corruption or national pride. In this environment, BadB's network arose as "one of the most sophisticated organizations of online financial criminals in the world," according to a statement issued by Michael P. Merritt, the assistant director of investigations for the Secret Service, which pursues counterfeiting and some electronic financial fraud.

...

According to the Secret Service statement, Mr. Horohorin managed Web sites for hackers who were able to steal large numbers of credit card numbers that were sold online anonymously around the globe. Those buyers would do the more dangerous work of running up fraudulent bills. The numbers were exchanged on Web sites called CarderPlanet carder.su and badb.biz—according to the Secret Service, and payment was made indirectly through accounts at a Russian online settlement system known as Webmoney, an analogue to PayPal.
...
Computer security researchers have raised a more sinister prospect: that criminal spamming gangs have been co-opted by the intelligence agencies in Russia, which provide cover for their activities in exchange for the criminals' expertise or for allowing their networks of virus-infected computers to be used for political purposes—to crash dissident Web sites, perhaps.

Reading this article, you would come away with the impression that these guys are very good at what they do—they have extensive computer hacking and social engineering skills, are well educated not to mention being good at money laundering (or being affiliated with people who are good at it). We see terms such as 'sophisticated' being used to describe these people. They are a definitive threat and the odds of actually arresting them are small; when they are arrested, it is seen as the exception and not the norm. In any case, they are not a ragtag bunch of people but instead are well organized and intentional about their behavior.

Worse yet, there are possible collusions between themselves and national intelligence agencies. This makes the general public even more concerned because the not-so-subtle implication is that not only do these people have extensive hacking skills, they could potentially use this to cripple national infrastructure if a hostile government, directed by an intelligence agency, instructed them to do so. The general public isn't entirely clear on what spy agencies do anyway, but in our cultures we are ingrained with the belief that they do some nasty stuff. Just imagine what they could do with a small army of hackers.

However, contrast that article with excerpts from this one in eWeek:

When people think of cyber-crime, the typical image being pushed today is that of highly organized criminal operations. New research, however, suggests the underbelly of cyber-space may be less mafia-like than some think. In an effort to improve the level of understanding of today's black hats, security researchers Fyodor Yarochkin and "The Grugq" have spent several months looking at Russian hacker forums.

"It is an ongoing project that we started about 18 months ago," Grugq told eWEEK. "Originally it started when Fyodor investigated some service offerings from Russian hacker forums for a specific project that I was working on. It turned out to be extremely interesting and amusing, so we discussed doing more long-term monitoring on the forums. It grew from there into what is now a continuous monitoring program."

Their research was presented last month at the Hack in the Box 2010 conference in Amsterdam. What the two found was that the image of a highly organized cyber-underworld run by hardcore criminals is not the order of the day. Instead, the dozen or so hacker forums they analyzed illustrated that many of the users are "geeks, not gangsters," the researchers said.

"Basically, from what we've seen on the forums much of what goes on with the sales of services is much more petty criminal activity, or crimes of opportunity," Grugq said. "Often poor students who like to hack for fun will sell access to a server they've owned. Many don't even realize that this is an illegal activity. This sale will be for $20 or $30, which is a lot of money for a poor student in Russia, but for a hardened criminal mastermind bent on destroying Western civilization—not so much."

...

"In terms of percentage, there'd be two to three guys working on stuff professionally, versus 10 to 20 hobbyists," he continued. "Most of the activity is essentially petty criminal activity where guys are trying to make a little extra cash on the side. You can think of it as a self-organizing hierarchical system with needs and people able to provide goods and services to satisfy the needs."

...

"From what we can guess," Grugq said, "any [mob] involvement is more along the lines of some people at the very top of the stack have to pay off the real gangsters. ... So, for example, if you are organizing a massive credit card cash-out scam which nets millions of dollars, you'll have to pay protection money to the mob to not get robbed. It doesn't look like the mob itself is organizing these cash-outs though.

"We're not disputing that organized crime is involved with cyber-crime, but the popular conception of leather jacketed thugs running around with firearms and laptops is not in line with what we have observed from the actual communities," he said. "It seems like it is very useful for some companies to popularize the scary idea of Russian cyber-gangsters, but honestly the involvement seems to be much more hands off."

This is quite a bit different than the perspective offered by the first article. Here, we still have perpetrators that are advanced hackers with strong computer skills. However, they are not organized amongst each other and view their craft like a bunch of frat boys. They boast amongst themselves. They argue amongst themselves. They don't even seem to realize that what they are doing is illegal. What makes the problem so widespread is that the cost of technology has dropped so much and Internet access has become so ubiquitous that they can do a lot of damage with limited human resources.

A few weeks ago I wrote about how many hackers who get arrested are arrested because of their own hubris. They do not have their egos in check and therefore end up leading a cyber paper trail straight to their lairs. Their lack of life experience leads to carelessness, and when that occurs they get caught. It is more of a bunch of individual actors doing stuff, trading stuff, trying to make some money. This is hardly the portrait painted by the New York Times.

So which portrait is correct?

Well, to be sure, there are many hackers out there that are hobbyists, and they are the ones that get caught. But it certainly seems like there are plenty of organized criminal groups out there (such as Avalanche). A conspiracy is often a "nice" way to explain all that's wrong in the world, but most conspiracies rarely hold up to close examination (never attribute to malfeasance what you can simply attribute to incompetence).

My theory is that this is a variant of the Pareto principle. The Pareto principle, also called the 80/20 rule, states that 80% of the effects are from 20% of the causes. In a business, 80% of the revenue comes from 20% of the sales. 80% of the systems crashes are caused by 20% of the bugs. 80% of the movement on the stock market comes on 20% of the days (not sure if this one is true… it sure feels like it).

In the same way, 80% of the cybercrime is caused by 20% of the cyber criminals. The other 80% of the cyber criminals do some damage and are not so difficult to back trace. They are nuisances and commit online fraud but will always remain small potatoes. By contrast the good ones, the 20%, are very good at what they do. They are smaller and better and cause more damage, and get paid more. The reason they get paid more is because they are more skilled and have the full repertoire—good computer skills and good people management skills, that is, the ability to stay anonymous.

People who are good at their craft usually make more money, and in order to stay alive in the criminal underworld (that is, without getting arrested), you need to be good. Not everyone is good at what they do (like the players on my favorite football team which explains their current 2-6 record). The ones who aren't that good browse forums and chat openly about stuff. They don't make too much money. The ones who are good are busy honing their craft, coming up with new ways to separate people from their money and they don't browse forums. They are spending their time getting better at what they do, not raising their profile.

That's why the second article paints a picture of a disorganized structure of hackers. The hackers that they can examined fall into the 80% that just aren't the kingpins of the industry. That's why the first article paints a picture of doom and gloom, they are studying the elite group of hackers that are difficult to catch and more difficult still to profile.

That's my theory.

Written by Terry Zink, Program Manager

IT Risks for Cloud Computing

Wed, 25 Aug 2010 15:53:00 GMT

As the industry-wide paradigm shift to cloud computing and software-as-a-service gradually continues to make the transition from buzz to reality, security and availability continue to emerge as the main barriers to customer adoption. A recent ISACA survey of over 1,800 US IT professionals found that only 17 percent believe the benefits of cloud computing outweigh the risks. Only one in 10 respondents said they would consider using software-as-a-service (SaaS) for mission-critical applications.

While some of this hesitance can probably be attributed to an overabundance of caution and the general human tendency to be wary of change, some security concerns are well-founded.

Companies entrusting their sensitive data to a SaaS provider need to be reassured that the data cannot be accessed by unauthorized third parties, such as employees and other customers of the provider, whether at rest or in transit. Data leakage has always been a potential issue at the low end of the hosting market—budget customers on shared servers—but the co-tenancy sometimes involved in cloud computing carries the perceived risk of bringing the problem to enterprises. SaaS providers need to be open and transparent with their customers about their security precautions, such as their encryption and access control regimes, as well as their layers of physical security.

There are other concerns, such as distributed denial-of-service attacks. As DNS service providers and others can attest to, when you have many thousands, or millions, of customer accounts running on the same infrastructure, you increase the risk of that infrastructure becoming the target of an attack. It's the old all-your-eggs-in-one-basket problem. To a DDoS-attacker focused on extortion, political retribution or simple vandalism, a broad customer base looks more like a convenient, aggregated attack surface. They can channel their resources on a narrower choke point, getting their message across by attempting to cause maximum collateral damage.

Of course, the opposite case can also be made: securing systems can be an expensive proposition, and companies can actually benefit from the substantial economies of scale that SaaS providers offer in terms of cost and security. Benefits include the availability improvements brought about by consolidated patch management, the economics enabling a much more diverse technology base that is less vulnerable to exploits, and the ability to quickly respond to DDoS attacks by reallocating resources.

It's important that both SaaS providers and their customers do not overlook reliable DNS provision as a key component of their overall security strategy. Companies can often blow their budgets on a super-redundant hosting infrastructure and forget about DNS—the only way their customers can actually reach it. Far too many times DNS is allowed to become the weak link in the chain, making it an ideal target for would-be attackers. All DNS services must come with a Service Level Agreement (SLA). Accepting anything less than 100% up-time for that SLA means you are accepting downtime for your business.

SaaS customers, however, often forget about DNS. Signing up for Google Apps, for example, is fairly straightforward and free, so it's easy to be quickly lured into a false sense of security, believing that your critical applications now reside on one of the world's largest and most robust data centers. This is of course not completely true. While cloud services such as Google Apps have brought many efficiencies to enterprises, they usually do not natively support DNS resolution. If you've forgotten to effectively provision your DNS, and it goes down, so does your Google Apps.

For a SaaS provider, surveys showing customer reluctance to adopt your services should of course be of some concern. But this hesitance also provides cloud computing companies with excellent opportunities to differentiate their services. When customers make buying decisions with security and availability as their primary concern, there's a clear incentive for SaaS companies to compete on security—a rising tide that carries all boats with it.

Written by John Kane, Vice President of Corporate Services, Afilias

Anatomy of a Domain Name Land Rush

Wed, 25 Aug 2010 15:33:00 GMT

The launch of a new or repurposed Top-Level Domain (TLD) is always surrounded with speculative activity. Some domainers will register domains in the new TLD with hopes of getting rich quick. Others will do so because the same domain in .com is worth a lot of money. And then there are the developers who see the prospect of building a carefully branded website in the new TLD. And with all those proposed new generic Top-Level Domains (gTLDs), this cycle will be repeated. But what does a Domain Name Land Rush look like? It looks like this: HosterStats.com: Domain Landrush Graph .asia

The .asia sponsored Top-Level Domain (sTLD) is a very good example of how a new TLD evolves over the first few years of its operation. The Land Rush phase lasted from April 2008 to September 2008. During this time the numbers of new registrations massively outnumbered the numbers of deletions. For any new TLD, many of the domain name registrations during this period are speculative but there is also an element of brand protection as existing businesses register their brand in the new TLD. Brand protection registrations are a significant part of the registrations in new TLDs.

The end of the Land Rush phase in .asia occurred in September 2008. The volume of new registrations began to decline and the monthly registration figures started to move towards what would become the "normal" level of new registrations for .asia sTLD.

The first anniversary of the Land Rush phase is always a tough time for a new TLD. This is when many of the speculative registrations that could not be sold or monetised are dropped. This anniversary is sometimes referred to as the "Junk Dump". The deletions peaked in June 2009. However the interesting thing is that the numbers of new registrations remained relatively stable. The second Land Rush anniversary is when more of the domains that made it through the first anniversary are dropped. Some of these are reregistered domains that had been dropped in the first anniversary. The deletions in the second anniversary peaked in June 2010.

The new gTLDs will all go through a similar evolution. The Land Rush graphs may differ slightly but they will all have to deal with the first and second anniversaries and the deletions. But as with the gold rushes and the land rushes of old, those who made the real money sold the tools and supplies to the prospectors.

Written by John McCormac, CIO of www.hosterstats.com

The Web is Dead: What This Means to ICANN, New gTLD Program and the Domain Industry

Tue, 24 Aug 2010 22:48:00 GMT

While we are spending years figuring out how to create the perfect generic Top-Level Domain (gTLD) launch and guidebook, the Internet is moving along at an extraordinary pace without any care about ICANN policy-making. The fact of the matter is ICANN is a ghost to the ordinary person or Internet company. You can not imagine how many times I had to explain what ICANN is, what ICANN does and why ICANN is important.

While the Internet is moving along with exciting innovations and new platforms of communication, ICANN is still working at dinosaur pace, still playing catch up and still not aligning the realities of the Internet to policy-making. Interest groups, corporate monopolies, politics and conflicts of interest still rule supreme.

Chris Anderson, the editor of Wire Magazine, in a recent front-page Wired article called "The Web is Dead" proclaims that the world wide web is dead and we are experiencing the beginning of the next generation of the Internet. Anderson explains:

"Two decades after its birth, the World Wide Web is in decline, as simpler, sleeker services—think apps—are less about the searching and more about the getting. You wake up and check your email on your bedside iPad—that's one app. During breakfast you browse Facebook, Twitter, and The New York Times—three more apps. On the way to the office, you listen to a podcast on your smartphone. Another app. At work, you scroll through RSS feeds in a reader and have Skype and IM conversations. More apps. At the end of the day, you come home, make dinner while listening to Pandora, play some games on Xbox Live, and watch a movie on Netflix's streaming service. You've spent the day on the Internet—but not on the Web. And you are not alone."

The reality of the matter is that the web is not quite dead yet. It is evolving. Devices are becoming more and more important than ever before. Mobile devices have paved way for the app revolution. These apps do not reside on the web but on the Internet for the purpose of creating a better user experience for the consumer as well as creating "closed" and "controlled" economies bound by distribution gatekeepers. This might be the beginning of the death of the "open" web as we see it. The move away from Flash programming in mobile devices in favor of non-web-based applications illustrates the gradual move away from a web-centric Internet, but the reality of the matter is that the Web will continue to exist given the human need for open-access to information and connecting with like-minded communities or social networks.

One point is certain. ICANN is wasting precious time trying to create a perfect solution in regards to new gTLDs. Can ICANN predict the future? No-one thinks so, but ICANN's propensity to solve any possible problem that might arise is clouding the process itself. ICANN is well-equipped and capable of dealing with any secluded abuse that might arise and react to any potential future issue. ICANN is losing its prime focus and is distancing itself from real task at hand which is no other than to introduce innovation and competition in the domain space and expand the Web.

The odds against new entrants are high. However, ICANN still insists on archaic concepts such as not allowing new registries to engage in free-trade, be able to sell direct as well as be flexible to introduce their own innovations. The self-proclaimed ICANN Business Constituency that should be all about free-trade claims that free trade is a terrible idea for new registry entrants and keeping the monopolistic, restrictive and anti-business regime at bay with the status quo is the best option for businesses. The ICANN Business Constituency that alleges to represent small-business interest and open, free markets is what your typical economist will call an oxymoron that is inconsistent with the modern economic framework of business practices. Does it have credibility? None whatsoever. I can only imagine what happens behind closed doors for a Business Constituency to oppose free trade for new entrants.

While the Internet moves towards a new direction, ICANN stands and ponders on issues that delay innovation, competition and the expansion of the Web. Big brand holders are still complaining about implementing more trademark mechanisms or further improving the existing ones that were created to please them. Why is ICANN wasting more time with that? Is there a method to retrieve your trademarked domain if someone else is abusing it? Yes. ICANN has gone beyond what is necessary. Will new gTLDs introduce more harm or benefits to the Internet society? If ICANN is all about open-access, free trade, competition, fairness and represent the Internet community, it has to align itself with what is happening in the Internet space today and not be stuck in the '90s.

The Web is not perfect. The big brands and corporations that ICANN seeks to protect who are delaying everything are not perfect. For example, the Web has been used by companies such as Google and Internet Service Providers to piggyback on intellectual property issues. What ICANN is dealing with in regards to implementing additional trademark mechanisms is tiny in regards to the harm that has been inflicted by many corporations that are regarded as the "backbone" of the Web. Google and major ISPs have been piggypacking intellectual property owners for their own profit and not much has been done about it. Both Google and the ISPs have been profiting from the unauthorised distribution of copyrighted works. Google makes money and generates traffic so they do not care about intellectual property. The ISPs get paid higher fees from consumers wanting higher bandwidth to download illegally at faster rates. Rampant piracy translates to billions of dollars of profits. 95% of music on iPods is illegal. Apple knows that but their marketing is clear: fit tens of thousands of songs on your iPod (irrespective if its illegally downloaded or not).

The Internet is dominated by many corporations who really have no respect for intellectual capital. If ICANN wants to make a difference that matters in Intellectual Property, then perhaps they need to be involved with other more significant issues that affect the Internet. If they are responsible for implementing trademark mechanisms for TLDs, then why not actually make a difference where it counts and where copyright holders are suffering from piracy, which has cost many their jobs? The trademark issues that will arise from new TLDs are insignificant if compared with the harm inflicted by piracy to copyright holders. My point is that ICANN has done enough to appease the trademark community. They are offered the trademark mechanisms to solve cybersquatting, even though the potential harms are expected to be tiny in comparison (if any). Copyright holders do not enjoy such benefit because of the very nature of the Web and its chaotic openness. I thought Rod Beckstrom understood this concept. I did after-all I read his book. Action is needed now, not just mere words.

With the Internet moving away from the Web, the repercussions to the domain industry will be felt. Domain name parking will become obsolete and the astronomical prices that premium, one-word .COM domains sell for will fall significantly and industry will experience less million-dollar domain name sales. There is no better time to sell your domain portfolio than right now unless you are developing it or unless you believe that apps and mobile devices with proprietary, closed ecosystems is not a reality.

ICANN needs to finally get the new TLD program launched without any further delays. The delays are unwarranted given the very few issues that are left such as Vertical Integration, pricing on bulk same-translated strings and establishing a better and fairer point system for community applicants that will also prevent abuse.

Unless ICANN shares Chris Anderson's viewpoint that the Web is dead, ICANN has to finally acknowledge the financial harm and opportunity costs that all the delays have inflicted to all applicants that have been clinging to ICANN timing promises to launch their respective TLD. The Web depends on it since it is shrinking. Time to join forces with the new Internet economy and space. It is time to expand the Web and introduce new complementors to the Internet: new TLDs.

Written by Constantine Roussos, CEO & Founder of .Music & Music.us

Network Neutrality is the Wrong Fight!

Tue, 24 Aug 2010 18:32:00 GMT

Winning would mean giving up much more important rights—historical rights that were in place in the US as recently as 1995 and remain in place in most of Europe even today.

We shouldn't settle for network neutrality. It's a poor substitute for what we had and much less than what we need. Let me explain. There are two topics to discuss. The first is "common carriage," a centuries old legal concept that applied to the US telecom industry throughout most of the 20th century. The second involves communications protocols. Both topics are complex, so I will cover only what's needed to understand why we shouldn't accept network neutrality and why, at a minimum, we should fight for enforcement of existing common carriage rules.

Network neutrality is about allowing any Internet application to run over an Internet connection, i.e. over a connection that uses Internet Protocol (IP). But under common carriage as it applied prior to the late 1990s, we had a more powerful right—the right to run any kind of network protocol, IP or otherwise, over a lower, simpler service which today we call a "bit stream*." Why does this matter? Because real innovation is also possible at these lower layers and that innovation continues to be important. But today, such lower layer innovation is restricted to inside one building or one campus. Yes, we can tunnel some lower level innovations over IP, but not all of them and only at a cost.

IP telephony (VoIP) is one place where problems arise. Most enterprises use IP PBXs internally, yet calls between enterprises use the PSTN. Many companies have attempted to address this gap, but progress is slow and expensive. Within an enterprise, IP telephony packets are given priority, but that priority is not supported on Internet access links and network neutrality doesn't help. As a result, to interconnect VoIP calls, enterprises must lease separate dedicated access circuits—circuits usually based on bit stream access—to support "SIP trunks." Up until the late 1990s, these circuits were regulated under common carriage. Today they are an unregulated monopoly, with prices derived from the cost of voice circuits 15-20 years ago, i.e. abnormally expensive for today.

Common carriage is the legal concept that, in exchange for government granted monopoly access to rights-of-way, the monopolist must carry anyone's traffic over the resulting infrastructure, at regulated rates. For centuries this has applied, to canals, to roads, to railroads, to telegraph lines and, until nearly the end of the 20th century, to telecommunications lines. But during the legal battles after the Telecom Act of 1996, the FCC basically gave up on common carriage.

If we accept Network Neutrality instead of common carriage, we guarantee future innovations happen only above the IP layer. Innovation at lower layers will be restricted to enterprise or campus applications. That's too bad as it was the existence of common carriage that allowed the Internet to develop in the first place. Do we want to eliminate that kind of innovation in the future?

If anything, we should be fighting to extend the ideas of common carriage to lower layers, e.g. dark fiber. Installing dark fiber is expensive and requires access to rights-of-way that are limited. The installed fiber is capital expensive infrastructure that lasts for decades. Such conditions justify granting monopoly access, in exchange for common carriage and regulated rates of return. But when you light up a dark fiber, you use (relatively) low cost gear with a short life (even if it can survive for ten years, Moore's Law renders it functionally obsolete within 2-3 years). What's more, there's rapid innovation in opto-electronics gear. Just look at the order of magnitude difference in cost between enterprise and carrier fiber-optic gear.

Today, the US is loosing leadership in all things Internet. Network Neutrality will just put a nail in our coffin. To stop our decline, fight for restoration of the common carriage principals that existed through most of the 20th century and still exist in law. To regain world leadership, fight to extent those principals to include access to dark fiber at regulated rates.

_____
* Bit stream access. In the 20th century two regulated services provided what the 21st century calls bit stream access. These were voice telephony and T1 circuits. T1 circuits directly carry a stream of digital bits. Modems allowed voice connections to carry digital bits, for example, for bulletin board services and other purposes long before the Internet became popular.

Written by Brough Turner, Founder & CTO at Ashtonbrooke; Chief Strategy Officer at Dialogic

Wired vs Wireless Debate Becomes a Core Policy Differentiator in National Election

Tue, 24 Aug 2010 17:48:00 GMT

I never thought I'd see the day when the difference in capability between a wireless and a wireline Internet would become a core policy differentiator in a national election, but this has now happened in Australia.

Perhaps it's a timely indicator of just how important the Internet is in our daily lives these days, and how much we've managed to associate keeping in touch with family and friends with tools such as Jabber and Skype, and just how much of our daily working life is now mediated by email. It seems that everyone has an interest in a ubiquitous, fast and cheap internet. Now that interest has been taken up as a major policy differentiator by both sides of the political spectrum in the recent Australian election. What was this all about?

On the one hand there is the National Broadband Network (NBN), an ambitious project to replace the now quite old telephone copper pair access network with a comprehensive fibre optic system. The copper pair network was originally funded by the public purse many decades ago, and has since been passed into private hands, along with all the other network assets of the former monopoly telephone operator. The NBN plan is to provide a layer 2 national fibre access network that would provide a last mile conduit to the majority of the nation's 6 million households and business premises. The NBN was intended to be revolutionary in terms of the change in capability of the national network and lift achievable last mile access speeds from DSL-speeds of 1 to 10 Mbps to a uniform level of access speeds of 100Mbps for every customer. Curiously, the election campaign has managed to squeeze more capacity out of the network and the political rhetoric has managed to up the access speed of this network tenfold to claimed access speeds of 1Gbps. This network is intended to be truly prodigious and the harbinger of bountiful benefits for everyone for many decades to come! Of course such a massive undertaking to rewire an entire continent does not come cheap, and the budgeted cost of providing this infrastructure to its 21.5 million population is a $43 billion impost, or a cost of $2,000 for every Australian resident. This project is a public works program, and the evolving expectation is that the network will once more be a public asset, in the same way that the original copper telephone network was constructed using a funds underwritten by the public purse. In every respect the project is intended to be game-changing. The ubiquitous use of high capacity across the entire population is intended to alter the way in which services are delivered, in which we define work and entertainment and the way in which a relatively small population in the south Pacific Ocean defines its place as a developed and hopefully highly competitive economy in a global context. These are indeed great expectations and the price tag is entirely commensurate with the level of euphoric optimism that is associated with this national project.

On the other side of the political spectrum there is a proposal to scrap this scheme immediately after the election. Lest this political party be perceived as technical troglodytes, they propose to replace it with a program of installing a swathe of wireless access points, particularly in the semi-rural areas of the Australian continent, and undertake some form of unspecified upgrade of parts of the existing copper pair network. This is a far more modest program, which is reflected in the price tag, currently estimated to cost the Australian taxpayer a mere $6 billion Australian dollars.

Each side of this political debate is keen to paint their chosen Internet technology in the most positive of lights, and portray the alternative in as dark a light as possible. A national network based on expansion of wireless infrastructure is portrayed as retrograde and hopelessly ineffectual in terms of national infrastructure. A fibre optic network is portrayed as being wastefully extravagant, unnecessary, and behind the times in today's i* world of wireless access devices. As a result, this ordinarily somewhat dry debate conducted between engineering, product and business line managers within the industry about the relative merits and weaknesses of mass access wireless and wireline networks has come to the surface of the political world for a day or two of mass media focus.

What lies behind this debate? In our efforts to convert every home and office into a wifi hotspot and convert every handset into a 3G wireless client have we really turned our back on the wired Internet? Is the copper pair, and even the concept of the fibre access network already being consigned to the dustbin of historical technologies, and will wireless totally dominate the future of the Internet? Or does the wired network have an assured future as an essential path to higher capacity and greater diversity and utility of the Internet, while wireless is just a passing fad that cannot sustain the full load of the diversity of needs of tomorrow's Internet?

The case for comprehensive uptake of wireless networking in the world of consumer electronics is close to overwhelming in today's environment. This month it has been reported that the 5 billionth device will "plug" into the Internet. It is statistically likely that this 5 billionth device will not exactly "plug in" to the network but wirelessly associate with a nearby base station! Wireless has been focal point for the Internet's evolution in the past few years, fuelled largely by the market success of Apple's various i-devices and the competitive responses from other suppliers. An earlier press story, again from Australia, illustrates this rather dramatic growth of the wireless market sector:

"Use of wireless broadband services mushroomed during the past year [2009] to reach more than 2 million subscribers, driven by the popularity of wireless modems and mobile devices such as the iPhone. The Australian Communications and Media Authority's communications report [for 2009] revealed the use of wireless broadband services jumped by 162 per cent in 2008-2009. ... Wireless broadband subscribers accounted for 25 percent of the number of Internet subscribers, up from 11 per cent in 2008."
The Australian, Wednesday 13 January 2010

There is no doubt that wireless services are so popular with consumers that they attract a price premium for their services. It is still the case that SMS messages in the mobile network are the most expensive data service on the planet, measured in units of dollars per megabyte, but other wireless 3G data services are also up there in terms of the margins of price over cost, particularly if one is daring enough to use international mobile roaming services for data! In the Australian market, for example, for the same $50 per month a consumer can access an Internet service with a usage cap of 3Gb per month with a wireless service provider, or take a service with a cap of up to 100Gb per month with a DSL service provider. Why is the wireless service some 30 times more expensive? The cost or provisioning a wireless service is dramatically lower than the cost of a wired service. The return on the investment of a wireless tower in densely populated urban environments is dramatically higher than the business case of dragging more wires through existing communications conduits. Even taking into account the lease costs of the radio spectrum, wireless services still represent a much higher margin activity than wires services. So its evidently not the relative costs of the service that determines the retail price of the service. Perhaps its more of a case of provider push coupled with consumer pull. Wireless services resonate with consumers in terms of convenience, and are prepared to pay a premium for this convenience. Consumers are prepared to pay higher prices for mobile services. Providers use this preference to add a premium to their mobile products and services, making this a more attractive product for them in terms of return on investment in service infrastructure. In every respect this looks like a mutually satisfactory setup.

There is always a "but" in these arrangements. The perennial question that gets posed about these innovations in service delivery in the internet is: "But does it scale?" When we consider not just a population of some 6.8 billion humans, but a population of over 100 billion chattering devices, will this approach scale?

In other words, is wireless an infinitely exploitable resource? Can we expect ever-increasing numbers of services, ever-increasing intensity of use, and ever-increasing capacity from the wireless network in the future? Like the air we breathe, the radio spectrum is a shared resource with many competing potential uses, from broadcast media, such as radio, television and geolocation to private point-to-point services with mobile telephony, and various permutations of satellite services. And of course, not all radio spectrum is the same. Lower frequencies provide better penetration through buildings, and can extend beyond line of sight, but have limited bandwidth. Higher frequencies have higher bandwidth, but are more readily absorbed by hills, buildings, and even walls. And of course the radio spectrum is a shared medium, so it is necessary to manage the spectrum as a common resource and coordinate the various potential users of the spectrum. The spectrum space is already full, and the prospect of displacing the existing users to make way for a massively larger Internet appears to be an unlikely outcome.

The part of the spectrum is that can be used for wideband digital communications is very limited. As more subscribers crowd in the same shared spectrum space the problem is that the quality of the service ultimately degrades. This can be mitigated to some extent by using more and more base stations with smaller radii of coverage, but at the same time this approach increases the issues with cross talk and signal interference and the complexities with mobile station handover.

The service performance with wireless also suffers, with signal dropouts, higher bit error rates, higher jitter and sudden changes in access capacity due to the method of channel contention in 3G. All of these are particularly hostile to the TCP protocol, and while there has been much said about the rapid rise of theoretical carriage capacity of wireless systems in recent times, achievable sustained data transfer rates using TCP in the wild fall far short of the hype.

Does an investment of $6 billion of public funds into wireless infrastructure represent a wise investment in national infrastructure for a future extending for many years into the future? Or would this be a case of making a investment in a current technology that is closer to a fad than an enduring element of a digital infrastructure? Also, given that the current wireless internet has already been enthusiastically constructed with private capital investment, should further public funds be expended in undertaking a public works program that may well be undertaken by private capital in any case?

There is no doubt that if we are facing a bandwidth hungry Internet future, then fibre optic wireline services can provide much greater reticulated capacity to the network. Unlike wireless, wireline systems behave consistently in terms of bit error rates, latency management and jitter. As a result the TCP transport protocol behaves with close to maximal efficiency, and can achieve sustained data rates equal to the line bandwidth, even at gigabit per second rates. All this prodigious performance can be achieved on fibre optic systems without crosstalk and without interference between users. Because the signal is guided by the wire the systems exhibit far higher energy efficiency, and can operate at far higher speeds. If speed and capacity are what we are after, then speed and capacity is precisely what fibre optic systems can deliver.

But of course despite all these efficiency and performance differentials, it's still a wired service, and the service is tethered to the end of the wire. That limits its usefulness and utility in an acknowledged highly mobile world. However, the choice is not quite so stark as a choice between an RJ45 connector and a 3G modem. WiFi has also revolutionized the consumer marketplace, and these days its quite commonplace to see appliances use WiFi as a connection medium. There is no doubt that I have no interest in using a carrier's 3G network to send a print job to the printer sitting beside me on my desk—that's a job for my local WiFi network, as is access to a home server and a myriad of other local operations in the home and at the office.

Where should public funds be spent? On a comprehensive revamp of the wired access network, replacing the aged copper pair telephone network with a highly capable fibre optic network? Or on improving access in those areas where the copper pair network simply cannot support high speed access by public investment in wireless infrastructure?

In trying to answer this question, we return to a persistent theme in the area of public communications infrastructure. What's the role of public capital investment and how is that balanced against the role of private capital investment? Is it possible for private investment to fulfill the entirety of a public agenda? Given that a capable, cost efficient and effective public communications infrastructure that encompasses an entire national constituency is seen as a core deliverable of any national communications policy regime, then how is this best achieved today?

To more back from generalities to the specifics of this broadband investment choice, is it realistic to expect that we have further decades of useful life from an already ageing copper pair infrastructure? As a consequence, should current public investment focus on current gaps in the national infrastructure, using a relatively cost effective approach of plugging these gaps using wireless infrastructure where the copper network is simply inadequate, and leave the remainder of the network in situ, as being adequate for the moment Or should we leave such wireless infrastructure investment to private enterprise, given that this technology is enjoying strong consumer attention and there is a continuing investment in wireless infrastructure by the industry actors. Instead, should a public investment program focus on a longer term national program of replacing the copper loop with a comprehensive fibre optic network? From such a longer term perspective perhaps the NBN is the better approach, as we need to concede that the level of investment required for a national very high speed access infrastructure in a fibre access network is probably well beyond the scope of private capital works investment. So far all that the industry has achieved in this space has been the rewiring of the CBDs in the major cities, while the upgrading of remainder of the network has been effectively ignored. It appears that this is, like many major infrastructure projects in the past, one that properly sits in the realm of a public investment program, in the same way that we've made investments in national road, rail and shipping infrastructure in the past.

That's the spectrum of choice between wireless and wired infrastructure programs for a better, faster and broader broadband Internet by the two Australian political parties. The wired vs wireless debate has become a matter for the electorate to decide.

Written by Geoff Huston, Author & Chief Scientist at APNIC

Afilias' Project Safeguard to Boost Global DNSSEC Deployment by 50 Percent

Mon, 23 Aug 2010 18:41:00 GMT

Afilias plans to deploy Domain Name System Security Extensions in 13 more top-level domains

Afilias, a global provider of Internet infrastructure services, today announced that it will deploy Domain Name System Security Extensions (DNSSEC) across its registry platforms, signing 13 more top-level domains (TLDs) and increasing DNSSEC deployment among domain registries by 50 percent.

How prepared is your registrar to offer DNSSEC services to your registrants TODAY?
© Afilias Limited - Registrar DNSSEC Readiness Report. Aug 2010 (www.afilias.info)”Afilias has been a leader in DNSSEC deployment, including working closely with .ORG to plan, design and implement the .ORG DNSSEC strategy as early as 2007," said Ram Mohan, Executive Vice President and Chief Technology Officer for Afilias. "We are pleased to introduce DNSSEC across our registry and DNS platform, protecting TLDs in our care from DNS cache poisoning and man-in-the-middle attacks, while maintaining consistency and convenience for registrars and their customers."

DNSSEC development began in the early1990s, but only recently became ready for broad deployment as an additional security measure to protect the DNS from cache poisoning exploits. Recently referred to as the Kaminsky bug, this exploit can allow malicious entities to intercept Internet users' requests to access a website, and redirects or eavesdrops on these users without their knowledge, and with no ability to reassert control. DNSSEC introduces digital signatures to the DNS infrastructure and automatically ensures that users' are not hijacked and taken to an unintended destination.

To deploy DNSSEC for these additional TLDs, Afilias is introducing a new global strategy, launched under its "Project Safeguard" initiative. Project Safeguard includes a registry and DNS infrastructure upgrade across Afilias' global technology platforms to support DNSSEC. It also includes a year-long registrar training initiative to address technical issues concerning implementation of DNSSEC in registrar-registry transactions.

As part of Project Safeguard, Afilias conducted research across domain name registrars to understand the issues they face with DNSSEC deployment. Afilias' Registrar DNSSEC Readiness Report found that:

Registrars think DNSSEC is a good idea, but are not yet fully prepared to offer consumer services. 80 percent of registrars believe that top-level domain (TLD) registries should offer DNSSEC. However 90 percent of registrars currently feel completely unprepared or only somewhat prepared to actually offer DNSSEC services to their customers as this time.
69 percent of Registrars plan to offer DNSSEC services in 2011 or beyond. 32 percent have no plan to introduce DNSSEC within the next 12 months.
Consumer demand is the biggest challenge for registrars. 56 percent cite a lack of consumer demand as their biggest challenge impeding their DNSSEC implementation.
Registrars also cite issues with deploying DNSSEC technology: For example, nearly 20 percent cite the management of DNSSEC keys as their number one concern, followed by more than 18 percent that cite overall DNSSEC technology and expertise.

"Our goal is to help registrars navigate the challenges of enabling the next generation of Internet security with DNSSEC, by providing a simple and singular enablement process to easily deploy DNSSEC across Afilias-supported domain registries," said Mohan. "The Project Safeguard initiative should ease the technical burden of DNSSEC deployment and could spur user adoption."

Afilias will deploy DNSSEC first in the .INFO domain in September, to be followed by TLDs that it supports in Asia, the Latin America/Caribbean, and Europe. Based on the proven strategy for the .ORG registry's successful DNSSEC deployment effort, Afilias will adopt a similar, careful, step-by-step approach. This strategy will include a "friends and family period" which will coincide with registrar outreach.

DNSSEC statistics source: DNSSEC Deployment Initiative - as of 13 August 2010 26 TLDs had deployed DNSSEC.

Skype Goes IPO - What Should Service Providers Do?

Mon, 23 Aug 2010 16:11:00 GMT

Last week's news about Skype's planned IPO brings a renewed focus on what constitutes a service provider these days, and perhaps more importantly, what forms the basis for its valuation? We all know how the advent of IP has turned the economics of telephony on its head, and the drivers of value continue to shift from the physical world of network infrastructure to the virtual world of software, the Web and now the cloud.

There's little doubt that Skype's continued growth has made them an attractive vehicle for investors. Having customers is key for any company's success, and having lots of customers raises the bar on what success could look like. Skype doesn't have everyone on the planet as a customer, but they're as close anyone is likely to get. According to their S-1 filing, the current user base is 560 million, and this has increased by 163 million from last year. Although "users" aren't true customers in terms of being paying subscriber or tied to contracts, anyone who can add this many in one year must be doing something right.

We all know that many "users" have multiple identities or aren't really active, so a subset of this is needed to get a more meaningful read on what Skype actually has. One metric would be "connected users", which averages out at 124 million per month. This is still a substantial community, although the majority is not using any paid services. In fact, the paid segment is a fraction of this, at 8.1 million.

While 8.1 million is a far cry from 560 million, Skype generated $406 million in revenues during the first half of 2010, and with this being a 25 percent bump from 2009, the company is on track to hit $1 billion in revenues next year.

In some ways, Skype has the best of both worlds. They are generating decent revenue from a small portion of their base with hardly any marketing expense. On the other hand, free is hard to beat, and they keep building a massive user base from which they keep trying to upsell. This is a very different model from conventional service providers who only offer paid services, and do not have a feeder pool of free "users" they can convert to paying subscribers. Of course, their operating expenses are much higher than Skype, and they could never survive on the relatively small ARPU that Skype generates from their calling services.

Skype hasn't yet become very profitable, and the thinking is by going public they'll have enough working capital to find new ways to increase ARPU, develop new revenue streams, and convert more free users to paid. Whether the $100 million they expect to raise will be enough is open to debate, but I see their IPO as being a strong validation for a new model and a different kind of service provider.

Of course I'm using the term "service provider" loosely, since Skype is Web-based and has little control over the last mile connection. Their technology is not as open as other operators, which limits their ability to interwork with other user communities and achieve a more universal federation to grow the user base. Furthermore, their ability to extend Skype beyond desktop telephony depends heavily on partnerships with other operators and vendors. Skype may have strong brand recognition, but little leverage when it comes to entering new markets from a position of strength.

Two such scenarios were noted in their IPO filing. One is their dependence on smartphone vendors—primarily Apple—to get Skype featured as a downloadable application. This can provide a broad entrée into the mobile VoIP market, but only to the point that the vendor feels it is worthwhile. There is no exclusivity here, and the vendors are free to offer other comparable services or even limit the features that Skype can provide.

The second scenario would be the partnerships Skype has developed with wireless carriers. Verizon is the most notable here, and again, there is a delicate balance that both parties must strike. Verizon will gladly support Skype so long as the relationship helps retain subscribers, drive network usage, and develop new sources of revenues. However, once Skype starts to cut into established revenues, they become more of a competitor, at which point the relationship can sour quickly.

As such, Skype does not hold all the cards, but neither does anyone else. With the right partnerships and market positioning, Skype has many paths to growth. Their user base is attractive to any operator, especially those seeking global coverage. Skype recognizes the challenges of growing in both the video market and the business market, both of which are large untapped opportunities. Video already accounts for 40 percent of their calls, but they have not yet been able to monetize this. The fact that they're considering subsidizing free video calls with advertising says a lot about how important this opportunity is to them. In the early days, this would never have been an option, but the stakes are higher now, and market forces may leave them little choice.

Skype certainly has an attractive product mix, and with such a large user base, their main challenge is mainly around market positioning and creating the right business models to capitalize on their strengths. This is a very different problem set from what conventional service providers must contend with, and whether Skype goes it alone or as a complement with other operators, their IPO should give them enough resources to get to the next level. Skype is certainly not going away, and as these pieces come together, they will start to look more and more like more like these operators. At that point, service providers will have some complex decisions to make, and depending on where Skype is having success, they may well end up working more as equal partners than being a minor add-on to stay competitive.

This article of mine originally ran on Friday in my Service Provider Views column on TMCnet.

Written by Jon Arnold, Principal, J Arnold & Associates

Pew's Broadband Home 2010 Research: Is It Truly Representative?

Mon, 23 Aug 2010 15:48:00 GMT

A Pew Home Broadband 2010 Summary reports in a sub-headline, a dramatic absence of continued growth in broadband adoption across the United States; while at the same time reporting increases in demographic adoption in a particular ethnic group. That sub-headline seems contradictory by indicating an overly dramatic slowing of adoption.

"After several years of double digit growth, broadband adoption slowed dramatically in 2010. African-Americans experienced broadband adoption growth in 2010 well above the national average."

Home Broadband 2010
Broadband Adoption20092010% ChangeAll Americans63%66%3%African-Americans46%56%10%

In fact, indications are that broadband adoption continues to grow as referenced in the % change in those indicators. While it is not an overwhelming mandate that substantial adoption is continuing at a rapid pace; it is a positive referendum.

This change reflects the opinion of those surveyed and depends entirely on their location, circumstance, age or other factors which do not necessarily represent a broader geographical perspective. Results depend on those interviewed, their circumstances and knowledge of broadband in compiling the research. Pew Research methodology encompassed a sample survey of 2,252 adults, age 18 and older representing all adults in the United States who have access to either a landline or cellular telephone.

In further research Pew shares responses of those surveyed about government's role in making broadband a priority:

"By a 53%-41% margin, Americans say they do not believe that the spread of affordable broadband should be a major government priority. Contrary to what some might suspect, non-internet users are less likely than current users to say the government should place a high priority on the spread of high-speed connections."

Methodology (Source)

Pew statistics came from a Princeton Survey Research Associates International project conducted between April 29 and May 30, 2010. To say a representative survey of 2,252 respondents is reflective of all Americans becomes a stretch of anyone's imagination. It can hardly be characterized as being the end-all of statistics for broadband adoption due to the nature of broadband adoption or availability, which includes age, (since seniors are the fastest growing segment of our population and who are not as likely to be adoptive to broadband as much younger constituents.), where those respondents reside, education levels and exposure to broadband knowledge.

In reflecting the purpose of broadband adoption, results would be more substantial if those surveyed were asked thought provoking questions about the benefits of broadband, rather than what do you think of broadband adoption and availability, especially if unaware of the benefits. Those who follow broadband are well aware of the benefits afforded both younger and older generations who adopt the possibilities of its life changing abilities. Proliferation of broadband takes time and effort on the part of all related constituents from consumers, government, educators and businesses, alike.

Written by Leonard Grace, Founder & Editor - The Cable Pipeline

Undesirable Consequences of Empirical Studies on Cybersquatting

Sun, 22 Aug 2010 19:14:00 GMT

Empirical studies on cyber- and typosquatting (for example, Moore and Edelman's "Measuring the Perpetrators and Funds of Typosquatting") may inadvertently encourage bad behavior. People tend to do what most other people are doing, even when the given act is presented to them as something wrong. (See, for example, Professor Robert Cialdini's "Crafting Normative Messages to Protect the Environment.") Yes, attempts to use negative social proof against cybersquatting should still underline how much harm the practice causes overall. But, when possible, they should focus the audience's attention on the act of a few rotten apples, not the entire community.

Carrot-and-stick strategies can be effective in fighting cybersquatting. For example, domain parking service providers can display a seal of approval on parking pages whose registrants don't own rogue (i.e., brand-infringing) domains. The seal creates trust in the minds of visitors and thus generates additional profits to domain owners; that, in turn, increases parking companies' commissions. Moreover, the seal, combined with the parking company's logo, would indirectly increase the value of the parking company's other services. Skeptics may say that a given domainer could conceal infringing domains by splitting his or her portfolio among more than one parking company. That's possible in the short term, but profits from parking such domain names would dwindle, especially in the face of the quality-driven measures that search engines are likely to take against rogue domains. Although the carrot-and-stick mechanism has a first mover advantage, the stick available to parking companies (that is, rejecting rogue domain owners) won't be credible unless domain owners are made to realize the damage stemming from bad behavior. Otherwise, domain owners will block out the threat. (I have also proposed the carrot-and-stick mechanism in the context of a cooperative regime between brand and domain owners.)

Written by Alex Tajirian, CEO

ICANN Looking Into Demand Media's eNom After Serious Allegations by Security Group

Sat, 21 Aug 2010 16:52:00 GMT

ICANN is looking into Demand Media's eNom devision for answers following complains from the Internet security group HostExploit. "ENom, the world's second-largest domain name registrar, came under fire last week in a report from HostExploit, a volunteer-run anti-malware research group. According to HostExploit, eNom is host to an unusually large number of malicious websites and is a preferred domain name registrar for pharmaceutical spammers."

Read full story: Computerworld

Digital Rights Management or Digital Restrictive Management?

Sat, 21 Aug 2010 16:10:00 GMT

We are all accustomed to purchasing and/or using copyrighted material in one fashion or another. From music, movies-(BluRay), e-books-(Kindle), computers-(software), mobile phones-(iPhone) and games; the umbrella of companies wanting to restrict access to its products continues to grow and become increasingly restrictive.

Digital Rights Management (Source)

"Digital rights management (DRM) technologies are aimed at increasing the kinds and/or scope of control that rights-holders can assert over their intellectual property assets. In the wake of the Digital Millennium Copyright Act's (DMCA) ban on the circumvention of DRM technologies used to control copyrightable works, DRM restrictions are now backed up with the force of law. In essence, copyright owners now have the ability to write their own intellectual property regime in computer code, secure in the knowledge that the DMCA will back the regime with the force of law."

Investment Point of View

Digital Rights Management is a restrictive system enabled to protect the copyright and unlawful distribution on digital hardware or software produced by companies via an investment in technology through a business model. The restrictions placed on end users in copying and/or sharing protected material is essential in protecting the ROI (Return on Investment) of those entities producing digital content now and in the future. Without Digital Rights Management the argument constitutes that innovation and invention will suffer through piracy and stifle any future investment in producing the creative technologies we enjoy today.

Digital Millennium Copyright Act (Source)

United States copyright legislation, in conjunction with the World Intellectual Property Organization, criminalizes the production and dissemination of copyrighted technology, devices or services, thereby circumventing Digital Rights Management. The bill also heightens the penalties for copyright infringement on the Internet. The Act was passed on October 12, 1998 by a unanimous vote by the US Senate and signed into law by President Bill Clinton on October 28, 1998.

The law specifically addresses the encryption process used by manufacturers of copyrighted products or material to protect their rights. It is now unlawful to decrypt, disrupt, copy and share such products and/or material under criminal statutes provided by Digital Millennium Copyright Act.

Free Speech Point of View

This view takes the opposite approach to copyrighted material in that it contending that basic rights of users are violated since copyright holders are able to use Digital Rights Management to enforce restrictions. It therefore infringes on the rights of users to implement fair use exceptions. There continues to be a belief that content owners will take precedent over the rights of users.

Fair Use (Source)

"Section 107 contains a list of the various purposes for which the reproduction of a particular work may be considered fair, such as criticism, comment, news reporting, teaching, scholarship, and research. Section 107 also sets out four factors to be considered in determining whether or not a particular use is fair:

The purpose and character of the use, including whether such use is of commercial nature or is for nonprofit educational purposes
The nature of the copyrighted work
The amount and substantiality of the portion used in relation to the copyrighted work as a whole
The effect of the use upon the potential market for, or value of, the copyrighted work"

Perspective

Whether it is the right of consumers to Free Speech or the right of producers to protect their products, the bottom line remains how can Digital Rights Management draw the line between the use and abuse of copyright infringement? It seems only logical that protecting copyrighted products and material is of utmost importance in the continued innovation and dissemination of new products. The music industry learned the hard way that alienating consumers can produce a backlash of which recovery is very difficult.

Microsoft learned early on that copyright protection was critical the growth and innovation of its products which turned out to be a great thing for Microsoft shareholders. We cannot believe for a minute that copyright infringement does not hurt us all in some way from the economical standpoint of higher prices, loss of innovation and creation of sustainable jobs.

Written by Leonard Grace, Founder & Editor - The Cable Pipeline

Internet Continues to Grow at Astonishing Pace (Perspectives from RIPE NCC Membership Stats)

Fri, 20 Aug 2010 16:06:00 GMT

We are at the height of vacation season here in the Netherlands, and the RIPE NCC headquarters in Amsterdam are quieter than usual. The downtime has given me a chance to reflect on how the recent economic downturn has affected our membership growth.

The good news is that it hasn't.

Our membership, made up of Local Internet Registries (LIRs) from our service region in Europe, the Middle East and parts of Central Asia, is creeping very close to 7,000. Overall, we've had a stable increase in growth from 1994, when the RIPE NCC first started operations, to present day.

If we take a more detailed look at accumulative membership growth per 12-month period, you can see a definite lull in 2001-2002. This, of course, was when the dotcom bubble burst. Our membership still grew during this time, albeit at a snail's pace.

But the recent economic downturn, even amid speculation of a double-dip recession, has not had a negative impact on our membership. One can only assume that the reason for this is that while the manufacturing and financial industries took the brunt of this economic blow, the Internet industry continues to grow at an astonishing pace.

Other factors that may impact our membership growth include IPv4 depletion, though we haven't seen evidence of the impact of this to date.

Now back to vacation time…

Note: The RIPE NCC is an association and only its members can receive the full RIPE NCC service portfolio. Organisations become members mainly to request Internet Number Resources - IPv4 and IPv6 addresses and Autonomous System (AS) numbers.

Written by Daniel Karrenberg, Chief Scientist at the RIPE NCC

Intel to buy McAfee for $7.68 Billion, Biggest Acquisition in 42-Year History

Thu, 19 Aug 2010 20:54:00 GMT

Intel plans to buy security company McAfee for $7.68 billion—the biggest acquisition in its 42-year history. The chipmaker said Thursday it has entered into a definitive agreement to buy all of McAfee's common stock at $48 per share in cash. McAfee's stock closed Wednesday at $29.93, making Intel's offer a 60 percent premium. The boards of both companies have approved the deal.

Related Links:
Intel to buy McAfee for $7.68 billion CNET News, Aug.19.2010
Analysts: McAfee fits into Intel's future CNET News, Aug.19.2010

ccIDNs: So Many Choices, So Little Time

Thu, 19 Aug 2010 19:55:00 GMT

As a result of ICANN's IDN ccTLD Fast Track process, which was launched in November of last year, a number of new ccIDNs (Country Code Internationalized Domain Names) have been successfully added to the root including: China (.中国, .中國), Egypt (.مصر), Hong Kong (.香港 ), Russia (.рф), Saudi Arabia (.السعودية), Taiwan (.台湾, .台灣) and the UAE (.امارات).

And earlier this month, five additional countries/territories were approved by the ICANN Board including: Sri Lanka (.இலங்கை), Thailand (.ไทย), Palestinian Territory (.فلسطين), Tunisia (.تونس) and Jordan (.الاردن).

With so many new registration possibilities available, and several Sunrise periods quickly approaching, many corporate domain managers are asking themselves whether new registrations should be added to portfolios which are already bursting at the seams.

For the most part, the answer is—it depends.

Some brands are never translated, transliterated or transcribed into other languages and always appear using Latin script. In those instances, registering ccIDNs to protect brands may not make sense at all.

However, reviewing non-Latin trademark portfolios is an important step in determining which ccIDNs should be registered. This can provide a definitive list of names for registration and offers a good starting point.

In addition to researching trademark registrations, reaching out to regional marketing groups can also provide valuable information about where and how brands are actively marketed. Information obtained may be of critical importance in deciding whether a new registration is really necessary.

Regional marketing groups may also be able to assist in identifying generic terms that should be registered along with the brand. I recently heard of a domainer who was very excited because he had registered 'World Cup' using a non-Latin script. Unfortunately, only later did he find out that what he actually registered was 'World Glass' which did not have the same meaning at all.

Clearly with this ever-expanding namespace, the opportunities for cybersquatting are increasing. However, registering every variation is impractical—so employing a brand protection approach to monitoring and taking action becomes more important that ever.

Written by Elisa Cooper, Director of Product Marketing at MarkMonitor

Dot-Jobs Expansion Worries Job-Site Operators

Thu, 19 Aug 2010 19:49:00 GMT

Sarah E. Needleman reporting in the WSJ: "So far limited to only employers' names, as in Disney.jobs or Whirlpool.jobs, the dot-jobs Internet domain will begin accepting applications next month for generic names like hospitality.jobs and virginia.jobs. But the mostly small businesses that run job sites ending in dot-com say they worry how the development will affect their already crowded and distressed sector of the economy."

Read full story: Wall Street Journal

Australia's Gigabit: Cheapest Upgrade in History

Thu, 19 Aug 2010 19:40:00 GMT

Australian Minister Stephen Conroy announced the National Broadband Network would offer speeds of 1 gigabit without spending a penny more of capex. Sounds like the usual politician's promise. The NBN is a huge issue in the election in 8 days. The opposition wants to kill the $43B project as too expensive; the government warns that a vote against them will condemn Australians to a second rate Internet for a decade or more. Both are right.

Conroy wasn't lying. The shared 2.4 gig down, 1.2 gig up GPON Mike Quigley has chosen can in fact deliver a gigabit to the home—as along as your neighbors aren't doing much on the Internet. If three of the 32-64 users on a node want a gigabit, it can't deliver. Today, so few web services deliver even 100 megabits I'd guess you could get the 800+ megabits gigabit 95% or even 98% of the time. Even in five years, likely traffic patterns would allow actual speeds of 400 megabits or more most of the time. (Assuming GPON's shared bandwidth can be efficiently divided, which hasn't even been proven in the lab.)

The capital cost to the Australian taxpayer will be almost the same because the OLT in the exchange is the same standard Alcatel GPON. It will require more robust switches and routers from the exchange to the Internet peering point at modest expense.The OLT in the home may be slightly more expensive, but the chipmakers are making progress integrating the silicon. Charging the customers who want the gigabit $5-10 more per month would easily cover the increased operations costs.

We've learned that in practice even dramatically faster speeds produce surprisingly modest increases in total demand. HD TV at 3-8 megabits is the only high volume use. It streams at the same rate whether the connection is 10 megabits or 800 megabits. It's a joy to get your 150 megabit Microsoft update in seconds with high speeds, but you don't do more updates because of it.

Hong Kong Broadband Network is the only carrier I know doing customer experiments with a gig over GPON and hasn't discussed the results yet.

The efficiency of sharing at high speeds over GPON is unproven. I'd very much like to hear, probably off the record, from any well-informed engineer.

10GPON, four times faster, was demonstrated a few months ago by Huawei and Verizon. Commercial units are years away however. Active Ethernet inexpensively provides a full gigabit. It's being deployed at that speed in Sweden, Singapore, and the Vermont Tel network I consult with. It requires a strand to every home and more lasers, but is a simpler network to manage at high speeds.

For any fiber network built in 2011 or later, the natural speed is a gigabit.

Written by Dave Burstein, Editor, DSL Prime

Openness and Transparency: ICANN Takes an Important Step in the Right Direction

Wed, 18 Aug 2010 01:53:00 GMT

Over the years I have been critical of ICANN's inability on several occasions to match its words on openness, transparency and accountability with its actions. Therefore, it was a very pleasant surprise to see ICANN post the Board briefing documents in connection with two of its last three Board meetings (June 25th and April 22nd).

In connection with my 10-1 Reconsideration Request I had specifically requested that:

In addition, it is specifically requested that the staff briefing papers that are provided to the ICANN Board in advance of their Board meeting be publicly posted on the ICANN website in connection with the proposed Agenda seven (7) days before a meeting of the Board.

While these Board briefing papers have been posted after the Board meeting, and not before as I had originally requested, it is an important step in the right direction and for that these actions by ICANN should be applauded. Also encouraging in connection with the most recent 5 August 2010 Board meeting was the availability of the adopted resolution within 24 hours after the meeting. While I had requested that these resolutions be posted immediately after the conclusion of the meeting in my Reconsideration Request, this is still a positive change that needs to be recognized and applauded.

Keep up the good work!

Written by Michael D. Palage, Adjunct Fellow at The Progress & Freedom Foundation

Internet Connected Devices Reaching 5 Billion

Tue, 17 Aug 2010 17:57:00 GMT

John Cox reporting in Network World: "Sometime this month, the 5 billionth device will plug into the Internet. And in 10 years, that number will grow by more than a factor of four, according to IMS Research, which tracks the installed base of equipment that can access the Internet. On the surface, this second tidal wave of growth will be driven by cell phones and new classes of consumer electronics..."

Read full story: Network World

.ORG, The Public Interest Registry Releases Results of Bi-Annual Domain Name Report, "The Dashboard"

Tue, 17 Aug 2010 17:37:00 GMT

Key Findings Show that 2010 .ORG Registrations Grew 7.6 Percent during First Six Months - Total .ORG Domains Reaches 8.5 Million

Domains Under Management – By June 2010, over 8.5 million organizations owned a .ORG domain name. Domains under management increased by 7.6% in the first half of 2010..ORG, The Public Interest Registry today released the results of its bi-annual domain name report, "The Dashboard," detailing the continued unparalleled growth of the world's third largest generic Top-Level Domain (gTLD). In the first six months of 2010, the .ORG domain grew by 7.6 percent—more than doubling last year's first half gain of 3.2 percent. This increase in registrations has brought .ORG's total domains under management to an astounding 8.5 million.

The "Dashboard" also reveals other key findings illustrating the increasing strength of the .ORG domain:

.ORG surpassed the growth of the two largest gTLDs—.COM and .NET—by posting a growth rate of 7.6 percent.
77.1 percent of organizations renewed .ORG domains for 1 to 3years—an increase of 4 percent over 2009.
.ORG realized a 16.5 percent growth in the first half of 2010 for New Creates, staying on par with results posted from .COM and .NET.
A .ORG content analysis showed that healthcare and education related domains had the most significant growth for 2010, increasing 6 percent and 13.6 percent respectively since 2009.
North America and European Union (EU) continue to represent the regions with the most significant .ORG registrations, though China grew from 2 percent to 4 percent, and the Netherlands grew 1 percent to 3 percent in 2010.

"The staggering growth of .ORG is proof that we're successfully expanding our influence across a wide array of registered businesses, for-profit companies and special interests while also continuing to serve the greater non-profit community," said Alexa Raad (CircleID), CEO of .ORG, The Public Interest Registry. "With our overall number now reaching over 8.5 million, it only further illustrates the continued appeal of a .ORG address and how our domain is viewed as a trusted and secure source both domestically and internationally."

Complementing .ORG's notable growth thus far in 2010 was the announcement that .ORG is now offering full DNSSEC deployment. On June 23, 2010, during ICANN 38 Brussels, .ORG, The Public Interest Registry announced that it has taken the final step to become the first gTLD to offer full deployment of Domain Name System Security Extensions—otherwise known as DNSSEC. The acceptance of second level-signed .ORG zones culminated an extensive two-year process in the domain's rollout of breakthrough security protocol, as registrars such as Go Daddy, DynDNS.com, and NamesBeyond can now offer added security protection to their customers by enabling .ORG website owners to sign their respective domain name with DNSSEC.

Such key initiatives lead by PIR attest to the organization's continual dedication to improve Internet security. In cooperation with the DNSSEC Coalition, .ORG hosted educational webinars for registrars to outline best practices and lessons learned in DNSSEC implementation. Also, .ORG contributed to the creation and dissemination of a Crib Sheet (Operational Considerations for Registrar Implementation) along with a Risk Assessment Document for Registry Implementations. The continuation of proactive industry partnerships is one of the many reasons .ORG is considered the most trusted gTLD on the Internet.

For more information on "The Dashboard” or to download previous versions, go to www.pir.org/news.

Protection of Intellectual Property: The Core of the Net Neutrality Debate

Tue, 17 Aug 2010 17:13:00 GMT

It didn't take long for criticism of the Verizon/Google net neutrality proposal to start pouring in. "[I]nterest groups, bloggers, and even Google fanboys [have started] discrediting the plan" according to one trade publication.

Although most of the commentary simply echoes various groups' long-held positions, the Electronic Frontier Foundation, the nation's foremost cyber-rights watchdog, provided a crucial insight about the plan that goes to the core of the net neutrality issue.

EFF found merit with some aspects of the proposal, particularly with regard to limiting the FCC"s regulatory authority. The NGO stated that although they strongly support net neutrality, "we are opposed to open-ended grants of regulatory authority to the FCC." EFF also thought that a Verizon/Google recommendation for using standard setting bodies to "develop reasonable network management" was an "intriguing" approach to "handling concerns about politicization of the FCC processes...."

The most significant element of EFF's critique, however, is their objection to limiting net neutrality to "lawful" content. EFF stated that the plan would limit "nondiscrimination to 'lawful' content without defining the term or giving any indication of who decides what is 'lawful,' opening the door to entertainment industry and law enforcement efforts that could hinder free speech and innovation."

Whether or not to permit network management practices that discriminate against unlawful content is the crux of the net neutrality debate. EFF would like the issue addressed by applying non-discrimination provisions to content irrespective of its lawfulness while the FCC largely pretends that the lawfulness issue does not exist.

Although the FCC would nominally limit regulatory protections to "lawful" content, their net neutrality plans ignore the fact that most content distributed through peer-to-peer file sharing mechanisms is unlawful. As the Library of Congress' Copyright Office stated, "the files distributed over peer-to-peer networks are primarily copyrighted works...."

The FCC's new net neutrality plan rests on the fundamental mistake the agency made in their Comcast decision, determining that there is harm in companies limiting what is mostly the unlawful dissemination of music, movies, software and other protected intellectual property.

Until the FCC's error in the Comcast decision is corrected, a responsible net neutrality framework cannot be developed.

Written by Bruce Levinson, Regulatory Watchdog

Afilias Announces Judging Panel for 2010 .INFO Awards

Tue, 17 Aug 2010 15:00:00 GMT

Leading members of media and technology will select the short list of finalists to via for Best .INFO Website of 2010

Afilias, a global provider of Internet infrastructure services and the registry for the .INFO top-level domain (TLD), today released the roster of judges selected to evaluate submissions to the fourth annual .INFO Awards program. The Awards program, which opened last week, enables any .INFO website owner to submit their site for consideration to receive top honors as the "Best .INFO Website of 2010" and receive a cash prize of up to $7,500.

"Afilias is pleased to have such high caliber judges from the fields of online information, media, and technology," said Roland LaPlante, Senior Vice President and Chief Marketing Officer for Afilias. "This year's panel consists of judges from many different countries and three continents, truly representing the global nature and appeal of the .INFO domain."

The 2010 judging panel will be made up of seven distinguished individuals from the online, media and technology industries. They include:

Dominik Grollmann, editor in chief, Internet World Business (Germany)
Grant Allaway, group managing director, AD2ONE (UK)
Peter Prestipino, editor in chief, Website Magazine (US)
Liam Eagle, editor in chief, the Web Host Industry Review (Canada)
Anand Parthasarathy, editor, IndiaTechOnline.com (India)
Katy Tafoya, creator and editor, ConstantChatter.com (US)
Philipp Grabensee, chairman of the board, Afilias (Germany)

The judging panel will review all eligible sites submitted for consideration based on five key criteria including: presentation of content, functionality of the website, design, usability, and originality.

For details on entry requirements and restrictions please visit the Awards Rules. For more details on the .INFO Awards or to submit your site visit www.INFO-award.info.

About the .INFO Awards
The .INFO Awards honors the best .INFO websites and highlights the usefulness that the .INFO domain has added to the Internet in the nine years since its debut. Any .INFO domain owner may submit their website for consideration until September 10, 2010. A shortlist of the 10 finalists, based on the judges' scores, will be published on October 5, 2010. Members of the public will then be able to vote for their favorite of the top 10 sites until November 2. The public votes will be combined with the judges' scores to select the top 3 winners, with first place being named the "Best .INFO website of 2010." Winners will receive cash prizes allocated as: US$7,500 for first place, US$5,000 for second place, and US$3,000 for third place.

About .INFO
.INFO was the first generic, unrestricted TLD to be launched since .com and is the most successful new TLD launched in over 25 years. Registrations in .INFO first became available in 2001. Since then, .INFO has grown to become the fourth largest gTLD in the world with over 6 million domain names registered. .INFO Domains are currently available in ten Internationalized Domain Name (IDN) scripts. For more information on .INFO please visit www.info.info.

An Attack on DNS is an Attack on the Internet

Sun, 15 Aug 2010 17:18:00 GMT

On Saturday Aug 7th, DNS provider DNS Made Easy was the target of a very large denial of service attack. As far as can be determined the total traffic volume exceeded 40 Gigabit/second, enough to saturate 1 million dialup Internet lines. Several of DNS Made Easy's upstream providers had saturated backbone links themselves. There are indications that not only DNS Made Easy suffered from this attack, but the Internet as a whole.

An attack on DNS is an attack on the Internet in two ways. Name servers are a critical point in almost every Internet access. But as our research shows, the consequences of this attack were wider than the attack's primary target.

According to DNS Made Easy, service impact was limited. According to our measurements it was around 5-10% on a global basis.

"In some regions there were no issues, in other regions outages lasted a few minutes, while in other regions there were sporadic (up and down) outages for a couple of hours. In Europe for instance there was never any downtime. In Asia downtime continued longer than other regions. In United States the west coast was hit much harder and experienced issues longer than the central and east coast."

DNS was designed from the ground up to be resilient to individual server failures. In theory this should make the loss of a few servers irrelevant. On top of this, the provider has implemented an anycast routing infrastructure, which works to ensure that DNS queries all over the world are resolved regionally. Note that because of the anycast routing of this provider, outages are related to the location where the clients (resolvers) are located, not the servers whose names are being queried.

However, measurements/analyses that I made in collaboration with WatchMouse.com have uncomfortable implications. WatchMouse regularly measures the performance, including the DNS resolve time, of thousands of sites, through a network of more than 40 stations spread over all continents.

In a dataset with sites whose DNS records were served by the provider, resolve times rose from a normal average of less than 100 milliseconds to over 200 milliseconds in the hours of the attack. Average failure rates in this dataset are around 1%. During the attack hours, this rose to 5% and even 10%. As can be expected, these failure rates differed greatly by monitoring station, though it is hard to see a geographical pattern.

Another dataset consists of regular measurements of more than 300 sites, with a total of more than 300.000 individual measurements over a period of 8 days. In contrast, none of these sites had their DNS service from DNS Made Easy. These sites are operated by a wide variety of industries.

On the seven days leading up to the attack, the daily average DNS resolution time in this dataset was between 352 milliseconds and 379 milliseconds. On the 7th of August, the average was 453 milliseconds, which is a significantly higher. Averaged by the hour, resolution times rose to 600 and even 800 milliseconds. There are failure rate fluctuations in this dataset, but they appear to be uncorrelated to the attack.

Note that these measurements support the provider's claim of shorter resolve times. A regular DNS lookup takes 350 milliseconds, but DNS Made Easy's average is less than 100 milliseconds.

In conclusion, these results are disturbing because even sites that are totally unrelated to DNS Made Easy were affected in their response times. The implication of this is that this denial of service attack was big enough to have collateral damage on the rest of the Internet.

Written by Peter van Eijk, IT Strategist, Author and Speaker

Net Neutrality and Google/Verizon

Fri, 13 Aug 2010 16:16:00 GMT

What surprises me about the Google/Verizon deal is not that they have come to agreement, but that they have taken so long to do so. What they have agreed to is essentially what I proposed they do back in 2006.

What Google want and what Comcast, Verizon and the carriers want is not and was not incompatible. They both want high speed access, the dispute is over who pays for that high speed access. Google would prefer someone else pay. Verizon/Comcast want to build out high speed networks but are skeptical as to the willingness of consumers to pay for faster access.

If not for the way that Google and Comcast had raised the issue, I would have written much more about the issue in public at the time. But one of the biggest problems with net neutrality was the ideological manner in which the issue was being fought. Both sides were taking a no prisoners approach and threatening reprisals against anyone who might dare suggest a compromise.

On the face of it, the proposal is an entirely reasonable solution to the question of how to pay for higher speed Internet. But it does nothing to solve the underlying structural issue that most US consumers have little or no choice in Internet providers and there are no effective measures of how good the service a provider is supplying.

I currently have Comcast as a provider for my Internet and VoIP. I also have Vonage on my office line, but that is now unusable. But I have absolutely no way to know whether that is because of the Vonage network or because of Comcast. Comcast would like to upsell me to their new Xfinity product, which I might consider if it would let me run my own VoIP server, if I could run a home server, if it would provide me with other services I want, if it would make my home Internet faster. Verizon would like me to consider their FIOS service.

I spend a considerable amount on communications. I am clearly in the target market for these premium services. But at the moment I see no real reason to switch because neither supplier is able to quantify the improvement in quality they are offering.

And this is why I am somewhat more skeptical of the benefit of adding yet more competition for broadband provision into the mix. While competition is unlikely to hurt (unless you are a shareholder of a monopoly provider), it is hard for me to see what benefit I get by switching either. And if I can't work out what the advantage is, I doubt that the typical subscriber will either. Without objective measures of quality of service, I can't make an informed purchasing decision.

What we need here is a Nielsen ratings service for broadband provision. A statistically representative group of subscribers would fit measurement devices that sit behind the Internet router and these would feed statistics to one of more bodies that analyze the data and produce reports on the quality of service delivered by specific providers in specific locales. There could even be a service contract element here. If a consumer pays for five star service and only gets one, they get a break on their charges.

The other part of the puzzle is that we need a mechanism that ensures that the Google-Verizon deal is available to all Internet content providers on an equal basis.

Given Verizon's earlier experience of seeing a firestorm from customers after blocking a text message from a pro-abortion rights group, I seriously doubt that US broadband providers will want to get into the business of political censorship. On the contrary, it is in their interest to assure everyone that they are not taking sides. Whatever short-term gain is realized by favoring one side is going to be far outweighed by the revenge extracted by the other when they get their chance.

No, the real problem is how to make sure that the Internet does not tip so heavily towards the incumbents so that there is no room for innovators to enter in the US market. That would not only be bad for consumers, it would be catastrophic for companies like Google who need external innovators to supplement their internally generated ideas. Google realized the value of video and tried to set up their own service (Google Video, it still exists). But they ended up paying over a billion for You Tube because they had done it better, and Google needed to stay ahead.

In conclusion, I think the deal is positive. But it is the first step, not an end in itself.

Written by Phillip Hallam-Baker, Consultant, Author, Speaker

Google Responds to Criticisms Over Proposed Net Neutrality

Fri, 13 Aug 2010 04:38:00 GMT

Responding to recent controversies over Google-Verizon deal, Richard Whitt, Google's Washington Telecom and Media Counsel writes: "Over the past few days there's been a lot of discussion surrounding our announcement of a policy proposal on network neutrality we put together with Verizon. On balance, we believe this proposal represents real progress on what has become a very contentious issue, and we think it could help move the network neutrality debate forward constructively. We don't expect everyone to agree with every aspect of our proposal, but there has been a number of inaccuracies about it, and we do want to separate fact from fiction."

Domain Names as Second-Class Citizens

Thu, 12 Aug 2010 23:01:00 GMT

A new book by Dr. Konstantinos Komaitis (Lecturer in Law at the University of Strathclyde) provides a passionate yet legalistic and well-researched overview of the legal, institutional and ethical problems caused by the clash between domain names and trademarks. This is really the first decent book-length treatment of what is now a decade and a half of legal and political conflict between domain name registrants and trademark holders. But this is more than a static compilation and description of the subject: Komaitis has an original and fundamentally important argument to make.

In his view, domain names are a form of property, and the property rights held by domain name registrants need to be recognized in law—independently of, and carefully distinguished from, the limited rights associated with trademark protection. Komaitis shows that under the institutional regime that has evolved since 1998 (in which ICANN and US law play leading roles), domain name registrants are not afforded normal property rights. Due to the political power of the trademark lobby, their rights are subordinated to trademark protection and their property rights recognized only insofar as they have no impact on trademarks. Hence the book's subtitle: domain names are "second-class citizens in a mark-dominated world." The author makes a convincing case that this is not the appropriate state of affairs, so we need to rethink the way we approach the laws and rights pertaining to domain names.

This argument is carried out very systematically. Komaitis starts at the beginning, taking up the theory of property and reviewing the legal debate over whether domain names are property or "service contracts." He then proceeds to discuss the history, legal basis, procedural aspects and performance of ICANN's Uniform Domain Name Dispute Resolution Policy (UDRP). There is an interesting discussion of the differences between what we normally think of as arbitration and the UDRP, which poses as an arbitral process. As one might expect, most of the differences have the effect of weakening the rights of registrants, binding them to a procedure and rules while allowing the complainant more choice and options. He goes on to critique the procedural justness of the UDRP and the contradictions of the U.S. Anticybersquatting Consumer Protection Act (ACPA), with its in rem jurisdiction that erases the territoriality of trademark protection. There is a chapter on the interaction between domain name regulation and freedom of expression rights. He concludes by showing how "the same mistakes" are being repeated and even reinforced by a trademark interest-dominated "implementation review team" (IRT) which developed in reaction to ICANN's new top level domains initiative.

Komaitis's take on domain name regulation is definitely worth reading. On the downside, the writing style of this non-native English speaker is a bit complex at times (although, oddly, it improves in later chapters). One can only wonder whether the Routledge series that published the volume gave it the editorial attention it clearly deserved. There are also some minor mistakes in the author's understanding of DNS technology; several times the author says that ICANN enforces domain name judgments by "altering the registrant's information on the 'A' root," which is not how it works (actions deleting or reassigning second-level domains are taken at the TLD registry, not at the root zone file). But this has no impact on the legal argumentation.

Written by Milton Mueller, Professor, Syracuse University School of Information Studies

Harvard's Berkman Center to Study ICANN's Accountability and Transparency Review Process

Wed, 11 Aug 2010 20:03:00 GMT

The Berkman Center for Internet & Society at Harvard University announced today that it "will conduct an independent, exploratory study analyzing ICANN's decision-making processes and communications with stakeholders." The study is aimed at developing a framework and recommendations for understanding and improving ICANN's accountability and transparency. "The Berkman Center's final report will be made publicly available after ICANN's Accountability and Transparency Review Team has had the opportunity to utilize its findings in recommendations to the ICANN board."

Related Links:
Announcement from Berkman Center Aug.11.2010
Announcement from ICANN Aug.10.2010

Putting String Similarity into Context: Bulgaria's IDN (.бг) vs. Brazil's ccTLD (.br)

Wed, 11 Aug 2010 17:17:00 GMT

Bulgaria is a nation which is directly impacted by the current Fast Track automatic disqualification when Top-Level Domain (TLD) strings are "confusingly similar" to other TLDs, in this case an Internationalized Domain Name (IDN) country code Top-Level Domain (ccTLD). Bulgaria has already been declined twice (in late 2009, and in May of 2010) to register the *.бг Cyrillic IDN on the premise that it looks confusingly similar to Brazil's *.br ASCII TLD.

Being a native Bulgarian, I did not see how these two strings are similar—nor confusing for that matter—so a research on how ICANN determines a confusingly similar string was due. While reviewing the ICANN rules, it hit me that a very important part of the comparison was left out, namely how these strings will be used.

Before going into this, let me start with a few words on where the problem lies, i.e. why ICANN finds these strings to be confusingly similar.

Similarities and differences between Cyrillic and Latin characters – The Cyrillic letter б does not look like a b; it actually looks much more like the number 6, however every person who speaks a Cyrillic language will recognize the difference between the two letters and the number, especially when put into context (Click to Enlarge).The world population that speaks Cyrillic languages

Although a Latin-speaking user can certainly find these strings quite similar, a Cyrillic speaking person will know which one is which. The Cyrillic letter б does not look like a b (see my comparison of the Latin and Cyrillic alphabets); it actually looks much more like the number six 6, however every person who speaks a Cyrillic language will recognize the difference between the two letters and the number, especially when put into context (again, more on this later).

The difference between the subsequent top-level domain letters г and r are not as noticeable in regular fonts, but are very noticeable in hand-written and italic fonts. Still, a person who knows a Cyrillic language will know the difference. This case is even more obvious in hand-written and italic fonts:

.бг vs .br

As a result, it seems that the population that speaks Latin languages is the one finding these strings confusingly similar, which has resulted in the ICANN rules for string similarity, but without taking into consideration the population that speaks Cyrillic languages.

The population that speaks Latin languages

A major point that ICANN is missing in their current evaluation criteria for confusingly similar strings is that they do not review the TLDs, especially IDNs, in the context they will be used in. When reviewing an IDN in context, the evaluation of the string (and its alphabetical differentiation) becomes much clearer and easier. As an example, let's look at how а company's domain would look like in Latin and Cyrillic IDNs:

company.br
компания.бг (компания (BG) = company (ENG))

I doubt that someone will mistakenly take one for the other. Still, let's analyze this in more detail and review some extreme similarity cases.

Brazil's IDN vs. Bulgaria's IDN

The main reasons that differentiate Brazil's IDN from the Bulgarian IDN are:

A URL consists of a top-level domain and a second-level domain. Since .бг and .br are just top-level domains, they are meaningless without a second-level domain. When comparing full URLs, the difference between the two is exceptionally obvious.
Example: company.br and компания.бг
Brazil uses three tier domains (host+gTLD+ccTLD), whereas Bulgaria uses two-tier domains (host+ccTLD), which makes the visual gap between the two even larger. As a result, a Brazilian user looking at a Bulgarian URL will know right away that this is not a Brazilian domain, even if the host uses the same letters.
Example 1: Vivo is one of Brazil's mobile network operators. Their site is vivo.com.br which in Bulgarian would be виво.бг. There is no resemblance between the two.
Example 2: An imaginary company called American Electric has registered ae.com as its main domain. Its Bulgarian domain would be ае.бг, which does not resemble its Brazilian counterpart ae.com.br, even though the host is exactly the same. Even if Bulgaria starts using three-tier domain names (host+gTLD+ ccTLD), this URL will look like ае.ком.бг, which is also decidedly not the same as the Brazilian domain.

The Extreme Case of string similarity

IMPORTANT NOTE: The analysis below is excessive, and this is on purpose, because it could happen. It raises the importance of having regulations in the case that such situations arise in the future. This analysis presumes that Brazil uses two-tier domain names (host+ccTLD), and that there is a company with a domain string that is exactly the same in Cyrillic and Latin languages.

If a non-native English speaker (such as a Frenchman or a Spaniard) sees ae.бг, but knows the context where the URL is used/mentioned, s/he will most probably know that this is a Cyrillic/Bulgarian domain. No action here.
If a non-native English speaker (such as a Frenchman or a Spaniard) or a native English speaker sees ae.бг without knowing the context where the domain is used/mentioned, s/he may think that it is in Latin.

In such cases, regulation (which is ICANN's strength) should be in place to control the use of these strings and to ensure that a single registrant owns visually similar domains. In addition, browser vendors need to update their error message in case ae.бг is entered in Latin letters in the browser, and there is no such domain. The error message should reflect that the domain may be in Cyrillic. Here is an example for a possible error message:

Server not found
Firefox can't find the server at www.ae.bg.

Check the address for typing errors such as ww.example.com instead of www.example.com

Check the address for being in Cyrillic such as ае.бг instead of ae.br

If you are unable to load any pages, check your computer's network connection.

If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

ICANN Staff's reasoning on *.бг

ICANN staff's reasoning for declining Bulgaria is that "internet is a world resource and uniqueness is most important." However, its decision will have an impact on at least 7 million Bulgarians, not to mention their relatives and the Bulgarian-speaking population around the world. In addition, with the IDN ccTLD Fast Track Process ICANN wants to open the Internet to languages based on scripts other than Latin in order to make it more accessible, but at the same time impose limitations on its openness, thus effectively contradicting itself.

The good news is that ICANN is open for feedback (I have already submitted these comments to the ICANN), so hopefully these findings will make it into the ccTLD application and Fast Track review later this year. I will nevertheless appreciate your thoughts on this, so please leave a comment.

The history of the Cyrillic alphabet

To finish off, I would like to give you a little background on the Cyrillic alphabet.

The Cyrillic script is an alphabet developed in the 9th century by two brothers, Cyril and Methodius, who were later on venerated in the Eastern Orthodox Church as saints. The Cyrillic alphabet was first adopted by Bulgaria, my home country, and because of that Cyrillic is believed to be a Bulgarian alphabet, although this is debatable. The Cyrillic script is used in the Slavic nations of Belarus, Bosnia, Bulgaria, Russia, Serbia, Macedonia, Montenegro, and Ukraine, and in the non-Slavic nations of Moldova, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan, Tuva, and Mongolia. With the accession of Bulgaria to the European Union on 1 January 2007, Cyrillic became the third official alphabet of the European Union, following the Latin and Greek alphabets. It is also one of the few alphabets that has its own holiday (May 24th), which is celebrated internationally.

Written by Vassil Petev, Unit Manager

First Leap to Secure Linguistic Internet - Arabic SSL Certificates Launched

Wed, 11 Aug 2010 16:07:00 GMT

Linguistic Internet is becoming stronger with the first leap to develop non-Latin applications, as Arabic Language SSL Certificates has been launched by M/s ArabicSSL with the support of Live Multilingual Translator and The Multilingual Internet Group. This step is highly appreciable because this will ensure the security and stability and develop trust over new Internet layers of Internationalized Domains (IDN TLDs).

Financial Institutions will have more confidence to provide SSL security on their Online Financial Transaction services.

According to a press release, Arabic Internet to become a Securely-Certified Internet with the Launch of ArabicSSL™ Certificates.

The vision and journey that started more than a decade ago to deliver a Globally Multilingual Internet and to specifically empower and enable an Arabic Internet today took a giant leap forward in delivering a securely certified Arabic Internet with the official launch of the ArabicSSL™ Certifications.

ArabicSSL™ Certificates were created specifically to address a serious perpetual local problem in the Arabic Internet and its market, and to provide a localized solution based on Internationally Recognized Authentication and Encryption Mechanisms in SSL Certification.

Because ArabicSSL™ Certificates are now recognized by virtually all web browsers in the world like Internet Explorer, Firefox, Chrome, Safari and others means that ArabicSSL™ Certificates are ready for deployment to securely certify websites anywhere in the world.

Founder and chairman of ArabicSSL™ and The Multilingual Internet Group Mr. Khaled Fattal said on this occasion: "This is a milestone for the Arabic Internet by turning it into a secure Arabic Internet to subsequently enable and implement a vast array of Pan Arab e-commerce and e-payment solutions. Despite the recent boom in users in the Arabic Internet and with the highest rate of Internet penetration growth in the world being in the Middle East, the majority local Internet users still lack the confidence to perform financial and other sensitive transactions online locally or internationally."

Mr. Fattal later added: "The primary reasons had been that virtually all local websites in the Arabic market are not securely certified with a valid SSL Certificate, let alone a localized one. Add to that the lack of awareness of the security risks to users and website owners from websites that are without valid SSLs, until now. With the launch of ArabicSSL™ Certificates, this is about to change dramatically. ArabicSSL™ Certificate is the localized yet internationally recognized solution in removing these barriers to igniting a localized but Secure Pan Arab Internet en route to a booming Arabic e-commerce market".

ArabicSSL™ Certificates will range from domain and email certificates to full website encryption readiness for e-commerce. Certificate names such as " Nitaqat" ArabicSSL™ for Domain Names Certification of a website, "Moassassat" for Organization certifications, "Moatamad" for Companies, "Email" for Email Certification and "Mowathak" ArabicSSL™ - 128/256 bit SSL Certificates with Server Gated Cryptography (SGC)… to name a few are ready today for issuance and deployment.

Finally, it is stated that this step will support Policies Development Process for ICANN's mission to IDN TLDs.

Written by Imran Ahmed Shah, IT Consultant

What Matters in Net Neutrality

Tue, 10 Aug 2010 21:49:00 GMT

It's hard to know what to make of the Google/Verizon deal since until earlier today both companies have denied that there is one. And it's hard to argue about net neutrality because it means so many different things to different people. I've got lots of reading to do to catch up on the newly released set of principles from the companies, but in the meantime here are a few thoughts on the topic.

The core question is this: when Internet Service Providers turn out to have captive audiences of subscribers—either because their customers have few if any alternatives for broadband, or because switching is complicated and cumbersome, or because ISP practices are obscure and thus hard for customers to adapt to—how far should they be allowed to leverage that captivity?

That question arises in the midst of a very confused economy for the movement of bits over the Internet. With telephones the baseline rule was simple: sender pays. On the Internet, it's more complicated: both sender and receiver pay their respective Internet Service Providers to move their data traffic. Now, suppose these are large ISPs who are considering connecting to each other directly. The ISP who hosts a sender of traffic like YouTube might say to the ISP with lots of individual users who watch YouTube videos: "We seem to have a lot of stuff that your users want, and they're paying you to get it to them. What will you pay us to pass this stuff efficiently over to you?" The ISP with the individual users might reply with a different point of view: "You've got a lot of stuff you want to send to our users, and your corporate customer is making money through advertising or subscription fees when our users access it. What will you and your corporate subscriber pay us to be able to reach our captive audience?" It's an odd puzzle: both sides benefit from the transaction, so who should pay for it, given that there's no baseline rule like "sender pays"?

In the past this dilemma between large ISPs has been resolved through peering arrangements that have amounted to simple handshakes: I'll carry your traffic aimed at my subscribers if you carry mine aimed for yours, and we'll call it even. Today those deals are more complicated, and their details are typically trade secrets. But we know this much: Verizon, like other broadband providers, already says to its customers: pay us more and we'll give you faster Internet access. That's not controversial. So should Verizon also be able to make a similar offer in the other direction, to faraway upstream content providers? Verizon could say to Google: regardless of what you pay your own ISP to get your bits launched on the Internet, pay us more and we'll make sure your YouTube videos get to our subscribers all the more quickly as they come in for a landing.

Google might well be able to pay—and then leave poorer content providers behind. The next two guys who want to start, say, ShmouTube won't be able to do it if they've got to negotiate business development deals with one ISP after another in order to reach those ISPs' subscribers. And that's the real danger: when each ISP can, in effect, speak on behalf of its unwitting subscribers, serving as the troll under the bridge offering up different conditions for access to them, the economics of the Net will start to favor the consolidated, the well-connected, the well-heeled. Verizon and Google each have reason to take the trouble to negotiate with one another to begin with—they've both big, and each can offer uniquely desirable benefits to the other. The generative power of the Internet is that it has offered a perch for anyone who wants to plant a flag in the ground. Set up www.mynewamazingwebsite.com, and people the world over can beat a path to it or not as they please. That represented a huge change from the proprietary consumer networks of the 1980s and 90s, where AOL or CompuServe got to say who could have a presence within their gated communities.

It may turn out to be too simple to have a blanket rule against ISPs charging faraway providers for access. There are even some outcomes that make that desirable for consumers—imagine if Internet access were free, with ISPs beating down your door to provide you with broadband, because if you choose them then they'll get paid by Google et al. for the privilege of sending bits (and ads) to you. That's a dubious outcome for a number of reasons, but it's theoretically possible. But much more dangerous is if ISPs get to pick and choose: one deal for Google, another for the New York Times, a third for eBay, and no deal at all for mynewamazingwebsite. In a medium in which so many of the giants were yesterday's scrappy upstarts—eBay, Google, even the Web itself—it would be a travesty to freeze out the next round of innovation from odd corners by deploying an impenetrable web of contracts and fees. That's what I take to be at the core of Chairman Genachowski's comment that "Any outcome, any deal that doesn't preserve the freedom and openness of the Internet for consumers and entrepreneurs will be unacceptable."

Written by Jonathan Zittrain, Professor of Law at Harvard Law School

Afilias Opens .INFO Awards to Select the Best Websites of 2010

Tue, 10 Aug 2010 21:38:00 GMT

Afilias Opens fourth annual .INFO Awards to Select the Best Websites of 2010Afilias, a global provider of Internet infrastructure services and registry for the .INFO top-level domain (TLD), today announced the opening of its fourth annual .INFO Awards program which recognizes the best .INFO websites around the world. From August 9th to September 10th any .INFO domain owner may submit their website to the .INFO Awards for a chance to win honors as the "Best .INFO website of 2010."Afilias, a global provider of Internet infrastructure services and registry for the .INFO top-level domain (TLD), today announced the opening of its fourth annual .INFO Awards program which recognizes the best .INFO websites around the world. From August 9th to September 10th any .INFO domain owner may submit their website to the .INFO Awards for a chance to win honors as the "Best .INFO website of 2010."

".INFO is an intuitive domain name choice for anyone looking to share their information with the world," said Roland LaPlante, Chief Marketing Officer for Afilias. ".INFO has been the most successful new TLD ever launched, as evidenced by the millions of sites now operating worldwide. The .INFO Awards program not only gives us the opportunity to highlight the best .INFO sites from around the world, but also to allow Internet users to voice their support for their favorite ones."

Afilias first launched the .INFO Awards program in Germany in 2007 and expanded the awards internationally in 2009. 2010 will mark the fourth year of honoring the best .INFO websites and highlighting the usefulness that the .INFO domain has added to the Internet in the nine years since its debut.

Qualifying submissions will be evaluated by a panel of online and media experts based on five key criteria including: presentation of content, functionality of the website, design, usability, and originality. The panel of judges will be announced on August 17th and will consist of experts in the fields of websites, design, and media.

A shortlist of the 10 finalists based on the judges' scores will be published on October 5, 2010. Members of the public will then be able to vote for their favorite of the top 10 sites until November 2 at 11:59 pm ET. The public votes will be combined with the judges' scores to select the top 3 winners, with first place being named the "Best .INFO website of 2010." Winners will receive cash prizes allocated as: US$7,500 for first place, US$5,000 for second place, and US$3,000 for third place.

For details on entry requirements and restrictions please visit the Awards Rules. For more details on the .INFO Awards or to submit your site visit www.INFO-award.info.

About .INFO

.INFO was the first generic, unrestricted TLD to be launched since .com and is the most successful new TLD launched in over 25 years. Registrations in .INFO first became available in 2001. Since then, .INFO has grown to become the fourth largest gTLD in the world with over 6 million domain names registered. .INFO Domains are currently available in ten Internationalized Domain Name (IDN) scripts. For more information on .INFO please visit www.info.info.

Security Experts Urge Shifting from Defense to Offense in Cybersecurity

Tue, 10 Aug 2010 20:59:00 GMT

A report, released today by McAfee, Inc., titled "Security Takes the Offensive," says that traditionally, security technology companies and computer users have taken a defensive posture, putting the cyber equivalent of body armor on computers, networks and in the cloud. The report's authors say it is now time to avoid enemy strikes altogether by taking a more aggressive stance, aligning forces and involving law enforcement.

The report also suggests that a "major component for combating spam lies in the hands of ICANN (the Internet Corporation for Assigned Names and Numbers), as it accredits the registrants that sell the domains which cybercriminals use to host malicious sites." ICANN should take a stronger stance against cybercrime, says the report.

In 2009, the .com domain surpassed .info as the riskiest source of red- or yellow-rated sites among generic TLDs. The weighted risk ratio reflects the prevalence of .com sites, which far outnumber .info sites. Source: McAfee Security Journal

Related Links:
Full copy of the McAfee Security Journal