Frizbits’ Bits

February 24, 2009

DNSSEC slowly becoming a reality (Updated)

Filed under: Uncategorized — frizbit @ 9:48 am

Although its not the full featured implementation we would all like, DNSSEC seems to be more than just something on the drawing board now.

DNS is one of the more fragile pieces underpinning the internet.  Translating names to IP addresses seems pretty trivial.  Its just a big phone book right?  Well imagine the fraud that would ensue if people could change entries in the phone book.  Anywhere.  For anyone.  More than that even, that number you always used to dial to pay your cable bill?  One day you dial the same number and as always someone happily takes your payment details but was it really the cable company?  I could go on and on with examples but lets just say that security on the internet should get a big boost from this.

To greatly simplify, DNSSEC allows us to cryptographically sign DNS records.  Someone retrieving this record can then verify that yes this record is valid (cryptographically, not necessarily accurate).  The idea is the DNS root would be signed (by the Dept of Commerce which controls ICANN right now) and the security could flow down from there.  The reality is that politics is slowing down the process.  ICANN has a temporary workaround in place that will allow top level domains (countries, etc.) to sign their namespace and have a central area to exchange these cryptographic keys.  The key exchange is a simple list right now.  This isn’t the robust solution we need to scale to cover the entire internet but its a start.  The article below points out that there is a concern that with this in place the better more permanent solution may be delayed.

There is some meat here for those of us with actual domains to manage.  VeriSign hasn’t announced their plans for .net and .com yet.  But again a workaround solution is available in Trust Anchor Repositories.  This, similar to above, gives lower level domains the ability to sign their records and publish the public keys for everyone to validate.  Again, not a permanent scalable solution but better than nothing and a step in the right direction.

Of course all this has one catch.  Just like SPF records intended to validate the source of email, publishing them does nothing until our clients and servers are prepared and configured to check for the information and then act on it.

Full article from Network World here.

Update:  VeriSign has released a statement saying they will support DNSSEC but that .com will likely be the last to get it due to its size.  They expect to have it in 24 months.


February 8, 2009

How does Virtualization Licensing work? Tech Brief answers

Filed under: Uncategorized — frizbit @ 6:32 pm

When we deal with virtualized workloads we are usually concerned about the operating system licensing.  But what about the application licensing for the server apps running in our virtualized datacenter.  It’s usually straightforward when dealing in an all Microsoft shop but when you mix in other virtualization platforms it can get pretty hairy.

Fortunately I recently found this Volume Licensing Tech Brief that covers all kinds of scenarios for both Microsoft and non-Microsoft platforms.  I’ve never seen this laid out in such plain English before.  It was almost hard to believe this was a licensing document.  I did a quick search to find a good link to this document to post here and what did I find? There are Licensing Tech Briefs on all kinds of technology.  Cold server backup DR, Apps running on Terminal Services, license transfer, reimaging rights, work at home licenses, etc.  The list goes on and on.

Check it out for yourself.  I’ve already found a treasure trove of information I didn’t know before.

Of course you can always go straight for the virtualization doc that led me here in the first place.

June 26, 2008

ICANN approves new top level domains.

Filed under: Uncategorized — Tags: , — frizbit @ 2:20 pm

Another breaking item in the news recently.  ICANN has approved custom top level domains.  In the past these top level domains (TLDs) were limited to .com, .net, .org (among others) and country codes like .us, .uk, etc.  Over the last few years others have been approved like .info, .travel, and .pro.  When these new rules go into effect an organization can decide on their own TLD.  Imagine a world with not just but,, burger.king, among millions of others.  How will we ever find anything anymore?  I imagine in the short term commercial organizations will keep at least their root presence in the traditional .com/.net/.org space.  Long term only time will tell but search engines certainly aren’t going away anytime soon.  Starting a new TLD will consist of jumping through numerous hoops as well as a significant investment in money.  Large registrars like Verisign will probably snap up a few new trendy TLDs to sell… .corp, .law, .whereeverthemoneyis.

One thing everyone seems to wonder is what will happen to .xxx.  This TLD has been repeatedly rejected by ICANN.  Do these rules open it up?  And who will have the corporate might to fight for the money available here?


Read more about it here.

June 12, 2008

New Ethanol cheaper than gas?

Filed under: Uncategorized — Tags: , — frizbit @ 7:58 am

Robert X Cringely has a great post up about alternative fuels.  He talks about the car as a platform and how it’s impractical to be thinking in terms of a forklift upgrade.  Will we all be driving hydrogen or electric cars in 30 years?  Sure, why not.  Will any of us be drive them next year?  Probably not.

“We see this all the time in computing where somebody comes up with a clever new idea but for that idea to succeed we all have to get new computers. How likely is that?”

Enter a new fuel.  SwiftFuel.  Simple idea.  Based off Ethanol but processed to eliminate the harsh side effects of ethanol on engines.  Even with current ethanol prices it could sell on the street for an estimated $3/gal.  It’s currently intended for aviation but could be modified for use in cars.

This is a perfect example of something that if it were open source it could change everything.  They just have to find a way for the big refineries and oil companies to profit from it.  They have the large sums of R&D money needed to get this out into the open market.  Suddenly  we wouldn’t be tied to oil from the Middle East.  Although the alternative is a little daunting also.  Currently the third largest producer of ethanol is China.  They are already an economic power, imagine if the middle east has the cohesiveness of the Chinese government to throw their weight around.

Alright, enough musing for now.  Check out the post it’s worth the read.

May 28, 2008

Long time, no post

Filed under: Uncategorized — frizbit @ 8:49 am

Ok, so I went a while without posting.  Like 6 months.  One of the reasons I was reluctant to start a blog is how busy I can be at times but I’m going to give this another shot.  I’ve found some of the best technical solutions not in Cisco’s vast online documentation or on Microsoft Technet but more often now in people’s blogs.  If I can post some useful bit of information for someone then that’s all I’m after.  Look forward to more posts in the coming week.

November 30, 2007

Great, Someone started another blog.

Filed under: Uncategorized — Tags: — frizbit @ 7:55 pm

Greetings all.  I stayed away from blogging for a long time.  I always said I just never had time.  Well I finally started.  Nothing like being the last person to jump on the bandwagon.  After reading lots of blogs over the past years (both good and bad) I thought maybe I have something worthwhile to contribute.

 The topics will probably vary widely with whatever I happen to be interested in at that time.  Most often it will be computer industry related but I could throw a curve in there.  Recently a lot of my work has been related to Microsoft products and certification so initial posts will lean that way.

Expect the layout to change initially since I am the last person in the world to get a blog.  (Seriously my Mom’s dog has been blogging for years)

Blog at