Category Archives: Internet History

Preston Padden @ TPRC 41

Not your typical TPRC speaker. His heroes include “risk takers” Rupert Murdoch and Pat Buchanan, but not Ted Turner. Netflix was not mentioned. I was the first (but not the last) to stand up to question what he said.

His heroes include risk takers Rupert Murdoch and Pat Buchanan, but not Ted Turner. Netflix was not mentioned.
Picture by John S. Quarterman, 27 September 2013.


Detection is much more important than prevention –Bruce Schneier

Reviewing Bruce Schneier’s 2004 book Secrets and Lies, much of which was written in 2000, reminds us of something really basic. You can’t just fix security. Security is a process, most of which is about knowing what’s going on. Detection is more important than prevention. To which I add that for detection we need comparable Internet-wide metrics on security performance so every organization can see what’s going on and will have incentive to do something about it because its customers and competitors can see, too. Sound familiar? That’s what is about.

Joe Zack posted in on Bastille Day, 14 July 2013, Secrets and Lies: Nine Years Later,

2. “Detection is much more important than prevention”

Schneier keeps coming back to this point. He had this epiphany in 1999 that “it is fundamentally impossible to prevent attacks” and “preventative countermeasures fail all the time.” Security is “about risk management, that the process of security was paramount, that detection and response was the real way to improve security.” (emphasis mine)

I had formerly thought of security as largely being about prevention. A year ago, if you have asked me about “InfoSec” I might have prattled on about firewalls, injection attacks, encryption and good passwords. That’s still important, but now I know that there’s a lot more to it.

Zack says he thinks Schneier was like Nostradamus for having such insight before NSA PRISM and even before Facebook. Sure, Bruce has always been ahead of his time. But that basic insight was not unique to him, and Continue reading

Egypt Returns

Egypt returned to the Internet about 09:30 GMT today (2 February 2011). This sudden return after being as suddenly disconnected one week ago (27 January 2011) is obviously not due to ordinary causes such as congestion, cable cut, or router failure. This political disconnection of an entire country does not seem to have helped the regime responsible for it; quite the opposite.


NANOG: Coping with Relentless Demand Growth

David G. Ross ofThe David Ross Group Inc. at NANOG 50 talked about data cables under the sea, in which he revealed that Internet growth has not only not paused during the recession, it has increased, and it continues to increase in every region in which his company operates, including Asia, Middle East, and Africa. North Atlantic hasn’t had any new submarine capacity in years, in “the most competitive capacity market on Earth”. It will probably run out in a few years, so now there is demand to build new cables there. Each cable costs about $200 million to install.

Slight downside: early remark that he was sure things were the same as they were when he worked for a telephone company.


Route Hijacking: Identity Theft of Internet Infrastructure

Peter Svensson gives an old and quite serious problem some mainstream press in this AP story from 8 May 2010:
On April 25, 1997, millions of people in North America lost access to all of the Internet for about an hour. The hijacking was caused by an employee misprogramming a router, a computer that directs data traffic, at a small Internet service provider.

A similar incident happened elsewhere the next year, and the one after that. Routing errors also blocked Internet access in different parts of the world, often for millions of people, in 2001, 2004, 2005, 2006, 2008 and 2009. Last month a Chinese Internet service provider halted access from around the world to a vast number of sites, including and, for about 20 minutes.

In 2008, Pakistan Telecom tried to comply with a government order to prevent access to YouTube from the country and intentionally “black-holed” requests for YouTube videos from Pakistani Internet users. But it also accidentally told the international carrier upstream from it that “I’m the best route to YouTube, so send all YouTube traffic to me.” The upstream carrier accepted the routing message, and passed it along to other carriers across the world, which started sending all requests for YouTube videos to Pakistan Telecom. Soon, even Internet users in the U.S. were deprived of videos of singing cats and skateboarding dogs for a few hours.

In 2004, the flaw was put to malicious use when someone got a computer in Malaysia to tell Internet service providers that it was part of Yahoo Inc. A flood of spam was sent out, appearing to come from Yahoo.

The Pakistani incident is illustrated in the accompanying story and video by RIPE.

This problem has been known for a long time. Why hasn’t it been fixed? Continue reading

Van Meter on Barabasi and Doyle on Internet topology and risks

rdv-hakama-0609.jpg Rodney Van Meter, co-teaching a class by Jun Murai, posts notes on why Albert-László Barabási (ALB) is both right and wrong about the Internet (it is more or less a scale-free network when considered as a network of Autonomous Systems (AS), but contrary to ALB's assumption John Doyle and others have pointed out that the bigger nodes are not central, an AS as a node would be somewhat difficult to take out all at once, there are both higher and lower layer topologies that make the Internet more robust, and the Internet's biggest problem isn't topology at all:

The most serious risks to the Internet are not to individual "nodes" (ASes), but rather stem from the near-monocropping of Internet infrastructure and end nodes, and the vulnerability of the system to human error (and political/economic considerations):

Monoculture, who would have thought it?

For that matter, the Internet's ability to reroute has been very useful to ameliorate topological link breaks at the physical layer, for example undersea cables in the Mediterranean Sea twice last year.

25 Years of Internet Mail

Well, it depends on what you count as the beginning of Internet mail, but Sendmail, Inc., naturally counts from when Eric Allman wrote the first version of Sendmail in 1981, and is holding a shindig tomorrow, 25 October 2006 at the Computer History Museum in Mt. View, California.

Of course, Ray Tomlinson beat that by a decade when he implemented the first known networked mail system in 1971, and Tom Van Vleck implemented mail on CTSS at MIT in 1965, as well as Multics mail, about 1969.

But the Internet didn’t exist back then, and at least the experimental Internet did in 1981, so Eric’s got a fair claim on the beginning of Internet mail.


What hath God wrought?

Telegram, b. 24 May 1844, d. 27 January 2006, R.I.P.:
Effective January 27, 2006, Western Union will discontinue all Telegram and Commercial Messaging services. We regret any inconvenience this may cause you, and we thank you for your loyal patronage.

Western Union Telegram, 27 January 2006

A little less than 162 years before, Samuel FB Morse sent the first telegram, saying:
What hath God wrought?
It took some years for telegrams to become commercially available, and it’s possible there is some company still sending telegrams today, but more than a century and a half is a pretty long run for a technology. Continue reading