This way sir, left at Kashmir.
Feb. 26th, 2008 12:42 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
peterbirksI presume all you cybergeeks are aware of the fact that YouTube went down the tubes on Sunday for a few hours, for 67% of the globe, as a result of Pakistan banning it for domestic use.
The complexities of global access control on the web continue to be too complicated for any non-cyber-geek (such as myself). The madness seemed to occur because PCCW, in Hong Kong, which routes international traffic to Pakistan, took Pakistan’s blocking action to be a global signal, and (somehow) managed to turn YouTube into the global equivalent of www.hitlerisgreat.com (and I dread to think what google auto searches that will bring to this site).
The thing which is of concern here is that a nation state — one which holds some fairly dodgy principles — managed to block global acess to a web address. OK, Pakistan says that “it didn’t mean it” (surely the favourite excuse of the stupid and incompetent).
Pakistan’s block was meant to be domestic, but some kind of routing cock-up (this is what happens when you leave the geeks in charge) seemed to identify a route via Pakistan as the “quickest” way to get to YouTube. Except, of course, that it didn’t get you to YouTube at all, because there was an automatic redirect in place if you tried to access YouTube from Pakistan.
No user of the web thinks about routing, but basically you can’t really choose what way your packets get from sender to receiver. That’s what makes the web so efficient. But if you get a detour like this, you (the punter) have no override.
Todd Underwood, vice-president and general manager of Internet community services at Renesys, said that "to be honest, there's not a single thing preventing this from happening to E-Trade, or Bank of America, or the FBI, or the White House, or the Clinton campaign”.
Worrying, or what?
The complexities of global access control on the web continue to be too complicated for any non-cyber-geek (such as myself). The madness seemed to occur because PCCW, in Hong Kong, which routes international traffic to Pakistan, took Pakistan’s blocking action to be a global signal, and (somehow) managed to turn YouTube into the global equivalent of www.hitlerisgreat.com (and I dread to think what google auto searches that will bring to this site).
The thing which is of concern here is that a nation state — one which holds some fairly dodgy principles — managed to block global acess to a web address. OK, Pakistan says that “it didn’t mean it” (surely the favourite excuse of the stupid and incompetent).
Pakistan’s block was meant to be domestic, but some kind of routing cock-up (this is what happens when you leave the geeks in charge) seemed to identify a route via Pakistan as the “quickest” way to get to YouTube. Except, of course, that it didn’t get you to YouTube at all, because there was an automatic redirect in place if you tried to access YouTube from Pakistan.
No user of the web thinks about routing, but basically you can’t really choose what way your packets get from sender to receiver. That’s what makes the web so efficient. But if you get a detour like this, you (the punter) have no override.
Todd Underwood, vice-president and general manager of Internet community services at Renesys, said that "to be honest, there's not a single thing preventing this from happening to E-Trade, or Bank of America, or the FBI, or the White House, or the Clinton campaign”.
Worrying, or what?
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
DNS
Date: 2008-02-27 02:23 am (UTC)Hee hee hee.
I don't know where to begin at this level of ignorance. So I won't. You can always trust a man called Todd.
Far more worrying, in theory, was the wonderful information on Newsnight today that there's an international ring of credit-card fraudsters who pick off PINs in the UK and clone cards in the second, third, etc world. This, of course, is a subject that (for once) I actually know something about.
Leaving most of the technical details aside -- apart from the report's glancing comment that "for some reason, the information passed between the POS terminal and the issuer is not encrypted," which I refuse to discuss because it makes my stomach knot -- the most disturbing thing about this can be summed up as being the futility of the discussion.
Opposite Paxman was a fleshy young woman with shiny hair who was apparently a Director of Communication for APACS, or something. Now, I have always had a problem with APACS. If you look at their specs, you begin to realise the malign influence that BT has had over this country's communications infrastructure over the past forty years or so.
However, she managed to hit every single wrong note. You start with the televised evidence that it's possible to hack into a major POS swipe terminal using little more than a soldering iron and an oscilloscope. "Well, that's not scalable," she said. Obviously the concept of off-shoring hasn't really penetrated the supervisory bodies of the credit card industry here.
"We're seeing reduced credit card fraud here in the UK," she said. Well, no you're not, young lady. If the details are pilfered in the UK, and the transactions are being committed abroad, then it's still UK credit card fraud. (As an aside, this is typical of the industry. Card issuers make money. Card acceptance is merely a back-office detail, which is therefore far less sexy. Historically, this has meant that very little attention has been paid to when, where, and how the card is actually used.)
But the most frightening thing (for me) was when this demented corporate cretin was actually thrown a softball by Paxman. In one of her rare forays away from pointless marketing-speak, she actually got a technical detail right. As she said, the point of the "chip and pin" technology is that it is, on it's own, an industrially secure platform: the actual problem only occurs when you plug it in to a cheap piece of crap that sucks the security away. So, mused Paxman, does that mean that everybody needs a shiny new updated card (obviously not having listened, and possibly for good reason)?
Well, of course it doesn't. The mind boggles at the concept of producing 1.5 billion Visa cards overnight. Which is exactly the point that the marketdroid should have been able to make.
I forget what she said, but it was one of the rare occasions that make me want to emulate Elvis and shoot the TV. We are all doomed, and it is probably our own fault.
Re: DNS
Date: 2008-02-27 09:30 am (UTC)What are we producing in this country? A dual race of chav underlings with no future because it's given to anyone who can clamber along the channel tunnel on foot and self-styled uber menschen middle-class morons chanting corp-speak, "Multi-cult is good. We have all your money. Spend it today before it disappears tomorrow."
If we weren't so apathetically useless there would be a revolution... sometime. Don't know when exactly. Maybe we could organise a round of focus groups or something.
I'm quite miffed. I might screw up my copy of the Guardian. Only after reading it, of course. And then I would iron it and donate it to Guardian4Migration.com so they can laminate it into family sized canoes for the masses on the north African coast.
Now, where's my copy of Horst Wessel Lied? Followed by a little Cara al Sol.
Re: DNS
Date: 2008-02-27 11:19 am (UTC)July 1st:
Marketing Person So, will this web project be ready by August 8th?
IT Person (thinking of that Sunday's football game) Er, yeah, should be.
Marketing Person Great! Cool!
August 8th: Press Release: "New online service launches today!"
Phone rings in Marketing Department
Hello, Charlotte here.
Yeah, this is Dwayne. The site isn't up.
But you said it would launch on August 8th! All or press marketing schedule was based around that!
You should have checked with us on Friday. We would have told you it wasn't going to be up. No way. Problems. 'Bye.
It should also be noted that marketing departments and IT departments in publishing companies both speak different languages from people in Editorial -- mainly because we speak English.
____________
Re: DNS
Date: 2008-02-27 11:24 am (UTC)Still, it allowed me to play one off the other for 6 years, do absolutely nothing and jump at a 100K voluntary redundancy package.
Ahhh, those were the days.
Re: DNS
Date: 2008-02-27 08:05 pm (UTC)It should also be noted that nobody in their right minds talks to or listens to the marketing department, unless they are a coward or a bankrupt and their job depends upon it. They might well be speaking Somali to each other, and to you. Why should anybody care?
Re: DNS
Date: 2008-02-27 08:15 pm (UTC)Or maybe the entire site is designed by a select band of geeks, IT personnel, and marketroids in an attempt to make Birks appear even more insane than he already is.
First, two admissions. I apologise for the green-grocers' apostrophe in "it's" up there. Perhaps more importantly, I should have used "acquiring" rather than "accepting;" otherwise my claim to inside knowledge is shot to ribbons. I plead guilty in that my command of gerunds has been known to fail in the presence of alcohol after the midnight hour.
Anyway. James, you're beginning to sound like H.G.Wells. And, to be honest, I'm beginning to think that way too. Come round to a pub in south Birmingham, sometime, and we'll vent.
(I object mildly to the implied anti-foreigner bit about the Chunnel, but we can still vent anyhow.)
What is middle class, these days? I was accused the other day (by relatives, no less) of being "upper middle class." What the hell is that? Though, if pressed, I probably am.
Either that, or extra virgin olive oil.
... I had to look up the Falange thing. Funny how soon we forget.
Re: DNS
Date: 2008-02-27 08:22 pm (UTC)I want something like that for my mausoleum, only a lot bigger.
The pinkos have banned the singing of Cara al Sol but I sang it anyway.
Fug 'em!
Re: DNS
Date: 2008-02-28 01:38 am (UTC)I'm damn sure that it would be OK if I plugged in my trusty $20 ethernet-to-T1-to-ATM core card and told it that I was 1.11.111.sham69. I'm damn sure that this would inadvertently attract traffic from the real sham69. I'm not sure what the legal consequences of this are, but I suspect my wrists would be slapped good and proper.
What I'm also damn sure about is that this wouldn't inconvenience anybody much beyond, say, Kidderminster (and who cares about those fuckwits?). I'd be hard-pressed to mastermind a scenario whereby sham69 is universally routed through Hong Kong and Singapore and Pakistan, for God's sake.
Routers are pretty simple things. They have enormous look-up tables, and they work off Dijkstra's algorithm (or a variety thereof). What this boils down to is that you (at 1.1.1.1) are routed to your destination (at 2xx.2xx.2xx.2xx) via either (a) the minimum number of intermediate routers or (b) the route with the lowest mean delay. I'd be interested to see what the unix utility "traceroute" has to say about this particular problem.
Basically, this sounds like bollocks to me. The whole point of the internet (if, indeed, there is a point) is that it redirects traffic at the network level -- and I think you're confusing this with redirection at the Web level (Error 404! Danger, Will Robinson!) -- and therefore bypasses some stupid blockage like this.
It's not that I can't see a local IP hijacking taking place. I can; indeed, there's no real way to prevent that, since you don't have to request the DNS chain (remember DNS? This is basically about DNS) to let you in before you stick your IP quad online.
What I can't see is how this would affect anybody offside from the router in general. This makes no sense. There is something we are not being told, here.
Hello, Todd!