Events of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely potent cyber weapons with transnational reach. More than 20 years after Gilmore first coined [his] turn of phrase, his most notable quotable has effectively been inverted — “Censorship can in fact route around the Internet.” The Internet can’t route around censorship when the censorship is all-pervasive and armed with, for all practical purposes, near-infinite reach and capacity.

Because this was a novel iteration of online anti-Semitic culture, to the normie media it was worthy of deeply concerned coverage that likely gave a bunch of anti-Semites, trolls, and anti-Semitic trolls exactly the attention and visibility they craved. All without any of them having to prove they were actually involved, meaningfully, in anti-Semitic politics. That’s just a lot of power to give to a group of anonymous online idiots without at least knowing how many of them are 15-year-old dweebs rather than, you know, actual Nazis. [...]

In the long run, as journalistic coverage of the internet is increasingly done by people with at least a baseline understanding of web culture, that coverage will improve. For now, though, things are grim: It’s hard not to feel like journalists and politicos are effectively being led around on a leash by a group of anonymous online idiots, many of whom don’t really believe in anything.

But there’s lots in this legislation that should scare the public far more. For example, the proposal that the legislation should allow the retention of “superfluous data” gathered in the course of an investigation, which is a direct contravention of the ECJ’s demand that surveillance must be targeted and data held must be specifically relevant, not a trawl to be stored for later perusal “just in case”.
Or the claim that interception and retention of data, and access to it, will only be in cases of the most serious crime or terrorism threats. Oh, please. This was, and remains, the supposed basis for our existing, ECJ-invalidated legislation. Yet, as last year’s Gsoc investigation into Garda leaks revealed, it turns out a number of interconnected pieces of national legislation allow at least 10 different agencies access to retained data, including Gsoc, the Competition Authority, local authorities and the Irish Medicines Board.

After studying other e-voting systems around the world, the team was particularly alarmed by the Estonian I-voting system. It has serious design weaknesses that are exacerbated by weak operational management. It has been built on assumptions which are outdated and do not reflect the contemporary reality of state-level attacks and sophisticated cybercrime. These problems stem from fundamental architectural problems that cannot be resolved with quick fixes or interim steps. While we believe e-government has many promising uses, the Estonian I-voting system carries grave risks — elections could be stolen, disrupted, or cast into disrepute. In light of these problems, our urgent recommendation is that to maintain the integrity of the Estonian electoral process, use of the Estonian I-voting system should be immediately discontinued.

So, there you have it: Blocking is necessary, except it is not. Safeguards need to be implemented, except they don’t need to be. This approach is legal, except it isn’t. The text is based on the Child Exploitation Directive, except it isn’t. Is this really how we are going to create credible legislation on terrorism?

This site is a companion effort to the techarchives website, except it is less well-researched, and is primarily a personal view of the development of the Internet in Ireland by your humble author, Niall Murphy.

an online home for stories from Ireland – stories about the country’s long and convoluted relationship with information technology. It aims to gather information on the most significant aspects of this relationship, to compile archives on the selected themes, and to store the assembled records for the benefit of future generations.

A collection of bits and pieces of Internet history. Focusing somewhat (but not exclusively) on: (a) the 1980s, when I first started using the Internet, and: (b) Ireland.

The AWS edge network has points of presence in more than 50 locations. Today, it is used to distribute content via Amazon CloudFront and to provide rapid responses to DNS queries made to Amazon Route 53. With today’s announcement, the edge network also helps to accelerate data transfers in to and out of Amazon S3. It will be of particular benefit to you if you are transferring data across or between continents, have a fast Internet connection, use large objects, or have a lot of content to upload.

You can think of the edge network as a bridge between your upload point (your desktop or your on-premises data center) and the target bucket. After you enable this feature for a bucket (by checking a checkbox in the AWS Management Console), you simply change the bucket’s endpoint to the form BUCKET_NAME.s3-accelerate.amazonaws.com. No other configuration changes are necessary! After you do this, your TCP connections will be routed to the best AWS edge location based on latency.  Transfer Acceleration will then send your uploads back to S3 over the AWS-managed backbone network using optimized network protocols, persistent connections from edge to origin, fully-open send and receive windows, and so forth.

Wikimedia and Facebook have given Angolans free access to their websites, but not to the rest of the internet. So, naturally, Angolans have started hiding pirated movies and music in Wikipedia articles and linking to them on closed Facebook groups, creating a totally free and clandestine file sharing network in a country where mobile internet data is extremely expensive.

The Internet is structured to be an open communications medium. This
openness is one of the key underpinnings of Internet innovation, but
it can also allow communications that may be viewed as undesirable by
certain parties. Thus, as the Internet has grown, so have mechanisms
to limit the extent and impact of abusive or objectionable
communications. Recently, there has been an increasing emphasis on
"blocking" and "filtering", the active prevention of such
communications. This document examines several technical approaches
to Internet blocking and filtering in terms of their alignment with
the overall Internet architecture. When it is possible to do so, the
approach to blocking and filtering that is most coherent with the
Internet architecture is to inform endpoints about potentially
undesirable services, so that the communicants can avoid engaging in
abusive or objectionable communications. We observe that certain
filtering and blocking approaches can cause unintended consequences
to third parties, and we discuss the limits of efficacy of various
approaches.

There are very valid technical reasons many of the biggest sites on the Internet have not adopted them. Twitter use HTTP/2 + polling, Facebook and Gmail use Long Polling. Saying WebSockets are the only way and the way of the future, is wrongheaded. HTTP/2 may end up winning this battle due to the huge amount of WebSocket connections web browsers allow, and HTTP/3 may unify the protocols

It appears that more mechanically intensive champions are more affected by latency, while tankier champions or those with point-and-click abilities are less affected by latency.

In the end, sheer political fatigue may have played a major part in undermining net neutrality in the EU. However, the battle is not quite over. As Anne Jellema, CEO of the Web Foundation, which was established by Berners-Lee in 2009, notes in her response to today's EU vote: "The European Parliament is essentially tossing a hot potato to the Body of European Regulators, national regulators and the courts, who will have to decide how these spectacularly unclear rules will be implemented. The onus is now on these groups to heed the call of hundreds of thousands of concerned citizens and prevent a two-speed Internet."

uses the techniques invented by the authors of Paris-traceroute to enumerate the paths of ECMP flow-based load balancing, but introduces a new technique for NAT detection.

'I went to school with Bill. He's a nice guy. But making him immortal is not going to make life better for anyone in my city. It will just exacerbate the rent crisis.'

News of the ban caused a furore on Indian social media, with several senior politicians and members of civil society expressing their opposition to the move. The Indian government said that it was merely complying with the Supreme Court order and was committed to the freedom of communication on the Internet. "I reject with contempt the charge that it is a Talibani government, as being said by some of the critics. Our government supports free media, respects communication on social media and has respected freedom of communication always," Mr Prasad told PTI.

WB: By the late 80s the IANA [the Internet Assigned Numbers Authority, set up in 1988 to manage global IP address allocations] was trying to get all those countries that were trying to join the internet to use the ISO 3166 standard for country codes. It was used for all sorts of things — you see it on cars, “GB” for the UK. [...]

At that point, we’re faced with a problem that Jon Postel would like to have changed it to .gb to be consistent with the rest of the world. Whereas .uk had already been established, with a few tens of thousands of domain names with .uk on them. I remember chairing one of the JANET net workshops that were held every year, and the Northern Irish were adamant that they were part of the UK — so the consensus was, we’d try and keep .uk, we’d park .gb and not use it.

PK: I didn’t particularly want to change to .gb because I was responsible for Northern Ireland as well. And what’s more, there was a certain question as to whether a research group in the US should be allowed to tell the British what to do. So this argy-bargy continued for a little while and, in the meantime, one of my clients was the Ministry of Defence, and they decided they couldn’t wait this long, and they decided I was going to lose the battle, and so bits of MOD went over to .gb — I didn’t care, as I was running .gb and .uk in any case.

Based on our testing, this makes our Happy Eyeballs implementation go from roughly 50/50 IPv4/IPv6 in iOS 8 and Yosemite to ~99% IPv6 in iOS 9 and El Capitan betas. While our previous implementation from four years ago was designed to select the connection with lowest latency no matter what, we agree that the Internet has changed since then and reports indicate that biasing towards IPv6 is now beneficial for our customers: IPv6 is now mainstream instead of being an exception, there are less broken IPv6 tunnels, IPv4 carrier-grade NATs are increasing in numbers, and throughput may even be better on average over IPv6.

curl -s http://checkip.amazonaws.com/

If you're not immersed in the naming business you may find the jargon in it hard to understand. The basic upshot is this: the IPC believes that the mechanisms that were enacted to protect trademark holders during the deluge of new TLD rollouts are being gamed by the .SUCKS TLD operator to extort inflated fees from trademark holders.

Conducting such a widespread attack clearly demonstrates the weaponization of the Chinese Internet to co-opt arbitrary computers across the web and outside of China to achieve China’s policy ends.  The repurposing of the devices of unwitting users in foreign jurisdictions for covert attacks in the interests of one country’s national priorities is a dangerous precedent — contrary to international norms and in violation of widespread domestic laws prohibiting the unauthorized use of computing and networked systems.

In post-Soviet Russia, you don’t make memes. Memes make (or unmake?) you. That is, at least, the only conclusion we can draw from an announcement made this week by Russia’s three-year-old media agency/Internet censor Roskomnadzor, which made it illegal to publish any Internet meme that depicts a public figure in a way that has nothing to do with his “personality.”

Barlow once wrote that “trusting the government with your privacy is like having a Peeping Tom install your window blinds.” But the Barlovian focus on government overreach leaves its author and other libertarians blind to the same encroachments on our autonomy from the private sector. The bold and romantic techno-utopian ideals of “A Declaration” no longer need to be fought for, because they’re already gone.

Have you ever made a phone call, sent an email, or, you know, used the internet? Of course you have!

Chances are, at some point over the past decade, your communications were swept up by the U.S. National Security Agency. The NSA then shares information with the UK Government's intelligence agency GCHQ by default. A recent court ruling found that this sharing was unlawful. But no one could find out if their records were collected and then illegally shared between these two agencies… until now!

Because of our recent victory against the UK intelligence agency in court, now anyone in the world — yes, ANYONE, including you — can find out if GCHQ illegally received information about you from the NSA. Join our campaign by entering your details below to find out if GCHQ illegally spied on you, and confirm via the email we send you. We'll then go to court demanding that they finally come clean on unlawful surveillance.

One insider at a major US technology firm told the Guardian that “politicians are fond of asking why it is that tech companies don’t base themselves in the UK” ... “I think if you’re saying that encryption is the problem, at a time when consumers and businesses see encryption as a very necessary part of trust online, that’s a very indicative point of view.”

This unrealistically accurate system will generate 1 billion false alarms for every real terrorist plot it uncovers. Every day of every year, the police will have to investigate 27 million potential plots in order to find the one real terrorist plot per month. Raise that false-positive accuracy to an absurd 99.9999 percent and you're still chasing 2,750 false alarms per day -- but that will inevitably raise your false negatives, and you're going to miss some of those 10 real plots.

Newly designed protocols should prefer encryption to cleartext operation. There may be exceptions to this default, but it is important to recognize that protocols do not operate in isolation.  Information leaked by one protocol can be made part of a more substantial body of information by cross-correlation of traffic observation.  There are protocols which may as a result require encryption on the Internet even when it would not be a requirement for that protocol operating in isolation.

We recommend that encryption be deployed throughout the protocol stack since there is not a single place within the stack where all kinds of communication can be protected.

This is due in part to huge growth in the data volumes and data traffic that is transported over our network, which has exceeded our forecasted growth. We are making a number of improvements to our international connectivity which will add significant capacity and this work will be completed in the next two or three weeks.

Perceiving the different ways in which players approached the game led Bartle to consider whether MMO players could be classified according to type. "A group of admins was having an argument about what people wanted out of a MUD in about 1990," he recalls. "This began a 200-long email chain over a period of six months. Eventually I went through everybody's answers and categorised them. I discovered there were four types of MMO player. I published some short versions of them then, when the journal of MUD research came out I wrote it up as a paper."

The so-called Bartle test, which classifies MMO players as Achievers, Explorers, Socialisers or Killers (or a mixture thereof) according to their play-style remains in widespread use today. Bartle believes that you need a healthy mix of all dominant types in order to maintain a successful MMO ecosystem. "If you have a game full of Achievers (players for whom advancement through a game is the primary goal) the people who arrive at the bottom level won't continue to play because everyone is better than them," he explains. "This removes the bottom tier and, over time, all of the bottom tiers leave through irritation. But if you have Socialisers in the mix they don't care about levelling up and all of that. So the lowest Achievers can look down on the Socialisers and the Socialisers don't care. If you're just making the game for Achievers it will corrode from the bottom. All MMOs have this insulating layer, even if the developers don't understand why it's there."

Last year we interviewed Oleg Moskalenko and presented the rfc5766-turn-server project, which is a free open source and extremely popular implementation of TURN and STURN server. A few months later we even discovered Amazon is using this project to power its Mayday service. Since then, a number of features beyond the original RFC 5766 have been defined at the IETF and a new open-source project was born: the coTURN project.

"O Cormac, grandson of Conn", said Carbery, "What is the worst pleading and arguing?" "Not hard to tell", said Cormac. "Contending against knowledge, contending without proofs, taking refuge in bad language, a stiff delivery, a muttering speech, hair-splitting, uncertain proofs, despising books, turning against custom, shifting one's pleading, inciting the mob, blowing one's own trumpet, shouting at the top of one's voice."

Unfortunately for us, the traditional and most widespread method for clock synchronisation (NTP) has been caught up in a DDoS issue which has recently caused some ISPs to start blocking all NTP communication. [....] Because the DDoS attacks are so widespread, and the lack of obvious commercial pressure to fix the issue, it’s possible that the days of using NTP as a mechanism for setting clocks may well be numbered. Luckily for us there is a small but growing project that replaces it.

tlsdate was started by Jacob Appelbaum of the Tor project in 2012, making use of the SSL handshake in order to extract time from a remote server, and its usage is on the rise. [....] Since we started encountering these problems, we’ve incorporated tlsdate into an over-the-air update, and have successfully started using this in situations where NTP is blocked.

In its briefs filed last week, the US government said that content stored online doesn't enjoy the same type of Fourth Amendment protections as data stored in the physical world. The government cited (PDF) the Stored Communications Act (SCA), a President Ronald Reagan-era regulation.

On Friday Russia's parliament passed a law "which bans online businesses from storing personal data of Russian citizens on servers located abroad[.] ... According to ITAR-TASS, the changes to existing legislation will come into effect in September 2016, and apply to email services, social networks and search engines, including the likes of Facebook and Google. Domain names or net addresses not complying with regulations will be put on a blacklist maintained by Roskomnadzor (the Federal Supervision Agency for Information Technologies and Communications), the organisation which already has the powers to take down websites suspected of copyright infringement without a court order. In the case of non-compliance, Roskomnadzor will be able to impose 'sanctions,' and even instruct local Internet Service Providers (ISPs) to cut off access to the offending resource."

a Java implementation of an MQTT 3.1 broker. Its code base is small. At its core, Moquette is an events processor; this lets the code base be simple, avoiding thread sharing issues. The Moquette broker is lightweight and easy to understand so it could be embedded in other projects.

one of the world’s leading news organizations giving itself a rigorous self-examination. I’ve spoken with multiple digital-savvy Times staffers in recent days who described the report with words like “transformative” and “incredibly important” and “a big big moment for the future of the Times.” One admitted crying while reading it because it surfaced so many issues about Times culture that digital types have been struggling to overcome for years.

That leaves the remaining six [consumer ISPs peering with Level3] with congestion on almost all of the interconnect ports between us. Congestion that is permanent, has been in place for well over a year and where our peer refuses to augment capacity. They are deliberately harming the service they deliver to their paying customers. They are not allowing us to fulfil the requests their customers make for content. Five of those congested peers are in the United States and one is in Europe. There are none in any other part of the world. All six are large Broadband consumer networks with a dominant or exclusive market share in their local market. In countries or markets where consumers have multiple Broadband choices (like the UK) there are no congested peers.

A bill passed by the Russian parliament on Tuesday says that any blogger read by at least 3,000 people a day has to register with the government telecom watchdog and follow the same rules as those imposed by Russian law on mass media. These include privacy safeguards, the obligation to check all facts, silent days before elections and loose but threatening injunctions against "abetting terrorism" and "extremism."

An anonymous tip from a highly reliable source: "There are checkpoints in Syria where your Facebook is checked for affiliation with the rebellious groups or individuals aligned with the rebellion. People are then disappeared or killed if they are found to be connected. Drivers are literally forced to load their Facebook/Twitter accounts and then they are riffled through. It's happening daily, and has been for a year at least."

...because it doesn't stop attacks. Turning it on does nothing but slow things down. You can tell when something is security theater because you need some absurdly specific situation in order for it to be useful.

I stand in awe of their talent and dedication, that of Stephen Henson in particular. It takes nerves of steel to work for many years on hundreds of thousands of lines of very complex code, with every line of code you touch visible to the world, knowing that code is used by banks, firewalls, weapons systems, web sites, smart phones, industry, government, everywhere. Knowing that you’ll be ignored and unappreciated until something goes wrong. The combination of the personality to handle that kind of pressure with the relevant technical skills and experience to effectively work on such software is a rare commodity, and those who have it are likely to already be a valued, well-rewarded, and jealously guarded resource of some company or worthy cause. For those reasons OpenSSL will always be undermanned, but the present situation can and should be improved. There should be at least a half dozen full time OpenSSL team members, not just one, able to concentrate on the care and feeding of OpenSSL without having to hustle commercial work. If you’re a corporate or government decision maker in a position to do something about it, give it some thought. Please. I’m getting old and weary and I’d like to retire someday.

The mass surveillance methods employed in [the UK, USA, and India], many of them exposed by NSA whistleblower Edward Snowden, are all the more intolerable because they will be used and indeed are already being used by authoritarians countries such as Iran, China, Turkmenistan, Saudi Arabia and Bahrain to justify their own violations of freedom of information. How will so-called democratic countries will able to press for the protection of journalists if they adopt the very practices they are criticizing authoritarian regimes for?

With Cogent and Verizon fighting, [peering capacity] upgrades are happening at a glacial pace, according to Schaeffer.

"Once a port hits about 85 percent throughput, you're going to begin to start to drop packets," he said. "Clearly when a port is at 120 or 130 percent [as the Cogent/Verizon ones are] the packet loss is material."

The congestion isn't only happening at peak times, he said. "These ports are so over-congested that they're running in this packet dropping state 22, 24 hours a day. Maybe at four in the morning on Tuesday or something there might be a little bit of headroom," he said.

in a world where Netflix and Yahoo connect directly to residential ISPs, every Internet company will have its own separate pipe. And policing whether different pipes are equally good is a much harder problem than requiring that all of the traffic in a single pipe be treated the same. If it wanted to ensure a level playing field, the FCC would be forced to become intimately involved in interconnection disputes, overseeing who Verizon interconnects with, how fast the connections are and how much they can charge to do it.