I recently spoke with Statton Hammock, Senior Director, Law, Policy & Business Affairs, of Network Solutions, about invalid WHOIS data and how Network Solutions deals with invalid WHOIS on domain names. asked Mr. Hammock if Network Solutions has you ever suspended or deleted a domain name due to invalid WHOIS information on a customer’s domain. Here is what Network Solutions said:

Yes. Network Solutions investigates all allegations of invalid WHOIS information on domains under our management, and has suspended names when the registrant fails to respond to notices that they are in violation of contractual obligations.

I then asked Network Solutions if they have ever suspended or deleted a domain name due to an email address listed in the WHOIS bouncing or being invalid? Even though the other information on the WHOIS is correct?

Mr. Hammock commented, “If we receive a complaint that a domain’s listed email address is invalid and the customer does not respond to our requests via other channels to correct the data, the name will be suspended. Once inactive, the customer very often contacts our customer service department, corrects the inaccurate information, and the domain name is restored.”

According to Network Solutions, they “believe that some exaggerate the magnitude of the invalid WHOIS data issue. ICANN’s own research has shown that approximately 80% of the registrants studied were located or accurately provided deliverable addresses. In fact, we support the positions articulated by the Registrar Stakeholder Group’s public comments on ICANN’s Draft Report on WHOIS Accuracy (see http://forum.icann.org/lists/whois-accuracy-study/msg00019.html).

Network Solutions also told me that “Network Solutions supports the Registrar Stakeholder Group’s positions articulated in public comments on ICANN’s Draft Report on WHOIS Accuracy, including that “ICANN focus its resources on improving and publicizing awareness of the WDPRS [WHOIS Data Problem Reporting System] rather than commissioning expensive research into further WHOIS accuracy studies which lead to unrealistic and cost prohibitive conclusions.””.

Godaddy also had some comments about about invalid WHOIS . I spoke with Camille Ede, Go Daddy Director of Domain Services. According to Ms. Ede, “When Go Daddy receives a complaint of invalid WHOIS information, we launch an investigation. If we find the WHOIS information to be invalid, we contact the customer and ask him or her to update the information. If the information is not updated within 8 days, Go Daddy places the domain name on “Registrar Hold” (which suspends the domain name). If this happens, a reminder goes out to the customer to update his or her information. On the 15th day, if the information is still not updated, Go Daddy sends another reminder to the customer. The domain name then remains suspended until the customer makes the update.”

Camille also went on to say that “Per ICANN rules, the email address listed in the WHOIS information is required to be valid. Therefore, if the email address is invalid Go Daddy would take steps to suspend the domain name. However, if the email bounced due to a storage issue, then Go Daddy would take additional steps to validate the information before taking any action.”

I specifically asked Camille Ede whether Godaddy considers invalid WHOIS data to be a common problem or is it fairly minor at this point. She said, “Yes, invalid WHOIS data does appear to be a common problem. Go Daddy has a dedicated, 24/7 staff who deal specifically with these types of complaints in order to ensure that our customers are compliant with ICANN requirements.” She also went on to say that “All registrars should follow ICANN’s policy and actively investigate all invalid WHOIS complaints.”

So, at this point, I do believe that invalid WHOIS complaints are still an issue that needs to be addressed. Many domain owners do not take this issue seriously enough and realize that it is very important to keep your WHOIS data up to date: it must be accurate or you risk losing your domain names. In the case of Nikki Craft, it appears that the WHOIS data that was not accurate was an email address. Upon notification that this was the case, Ms. Craft told me that she corrected the issue and provided an up-to-date email address. But the registrar, Gandi.net, took their time to correct the issue; just before the 15th day they released the domain names back to Ms. Craft, who was able to then move the domains to another registrar.

If you have not done so recently, take a look at your domain names’ WHOIS record. Make sure the data is accurate. If it’s not, then correct it. Trust me, it is not worth the hassle to lose your domain names because of invalid WHOIS data. Just ask Nikki Craft.

Comments

In Certification Magazine, Brett Chambers, IT director for Purdue University’s College of Liberal Arts, indicates a trend for 2010 that clearly shows that “there will be an ongoing push to consolidate resources, justify costs and centralize complexity … new investments need to be made in server infrastructure and virtualization technology to support these changes.” He says more people are needed “that understand virtualization and how to get the most out of server hardware for the least expense.” Once the new infrastructure is in place however, there will be less machines to oversee. More of the hardware will be abstracted into software. Chambers stresses that by deciding to move to virtualized hardware is not without its risks to network engineers and “working ourselves out of a job, because you don’t need as many people to manage as many servers as you once had.”

The push for Virtulization technologies and the business generated by the new need is echoed by Wall Street as evidenced by Alan R. Elliott. On the Investor’s Business Daily Investors.com, he reports that the rise in stock prices held by the Computer-Networking industry group and the stocks of those like Cisco, Riverbed Technology, and Blue Coat Systems reflect the increasing need for virtualization technologies and the cloud computing made possible because of those technologies.

Take notice; more companies look toward virtualization technologies to primarily save money. After the initial investment in virtualization, the return on investment is that they won’t need as much maintenance and can be much more flexible in their service offerings.

A reverse situation is possible, too, where someone watching YouTube videos or playing online games on his lunch break would cause callers to have a bad experience. And it would be a real pain if it were necessary to make a company-wide announcement every time the phone rang.

So David Sims talked to officials at VoIP Insider about how to take VoIP calls into account, and they told him, “[Y]ou should calculate the total bandwidth needed to send and receive your calls. You can do this by multiplying the number of anticipated simultaneous calls times the packet size of the voice codec you will be using (like G.722 or G.729).”

Then, depending on how things look, the officials said, “[Y]ou may want to prioritize or even segment your voice traffic.” (This can also serve as a good precaution against unforeseen Internet problems even if the situation seems under control.)

If problems still exist after all this, it may be time to rework the VoIP cost analysis. Specifically, the cost of more bandwidth will have to be weighed against the cost of using traditional phones. It’s possible VoIP won’t represent such a great deal once the added expense is factored in.

The good news is that most organizations with decent Internet connections shouldn’t encounter a lot of problems when using VoIP tech. It’s just best to think about this sort of stuff before going through with any transitions; no one will win if all of a company’s phones are accidentally transformed into little more than paperweights.

The cloud has always been our target. We architected from the beginning to be an open source, web-based development platform.
If we had launched two years ago as a cloud only product, we would have starved before the cloud market started growing. Instead, we launched a version of our product that you could download and run on your own laptop (in your own private cloud). Another huge advantage of having a download was being able to build an open source community, which now numbers over 15,000 registered developers on our forums.

Now we have both a downloadable product as well as a cloud product. Both support 1-click deployment to the Amazon EC2 cloud.

Apparently WaveMaker’s third round was actually used to build sales, to empower its community and to invest in marketing. The Cloud Quick Start Partnership launched last October with IBM, Amazon and RightScale is promising, along with sell-through from SaaS ISVs and systems integration partners.

Talking about open source licensing, recently WaveMaker 5.0 moved from AGPL to Apache, with a light badgeware approach requiring you either to include an ackwlodgment in in the documentation or the “Powered by WaveMaker” logo somewhere in your application.

I asked Chris to tell us more about the reasons behind such shift.

What we found was that community members are very comfortable with the Apache license but were uncomfortable deploying an application with an embedded AGPL license.

Rather than try to educate the market on the AGPL, we just decided to adopt Apache. It helps that most of the components we embed (Spring, Hibernate) are also licensed under Apache.

Decisions around licensing sometimes are subject to change over times. Despite the fact that over the last year AGPL increment rate is bigger than any other copyleft licenses, WaveMaker Rapid Deployment Server went Apache, while WaveMaker Visual Ajax Studio code stayed AGPL. This way ISVs or OEMs are forced either to AGPL their applications or buy an OEM license, and it definitely makes (business) sense.

Comments

Chrome OS is currently intended for use on netbook-like devices, which are small and portable. Everything you do, when using Chrome OS, is through the browser (the same Chrome browser Google offers now). There are some resulting benefits from this approach, namely speed in doing anything online, but the tradeoff is simplicity. You can’t run Photoshop or Quickbooks or any other “installed” application on Chrome OS.

Here is one critical review of Chrome OS and one positive review.

And here is a blurb that explains one of the benefits of using a Web operating system like Chrome OS:

…the overhead of managing multiple PCs is too high for a home user. Paraphrased, his statement was that if you have five conventional PCs, it’s a pain to keep them all up-to-date and their data synced. The reason, I would add, is that five conventional PCs each presume that they’re either alone in the universe, or that they “connect” to this thing called a “server.” But five Chrome OS portables are five caches for the same cloud-based user and application data, and as such they resemble five netbooks only in their form factor.

And finally, a video:

Comments

The Verizon Private IP is the bread and butter that Red Ventures is hoping will be able to provide better performance and recover faster from network failures. Private IP has distinct rerouting capabilities that Red Ventures will exercise to speed through downtimes. Due to the company’s reliance on the network to log sales and transactions, this could potentially save the company a lot of money.

Jonathan Desrochers, director of IT at Red Ventures, talks about the Verizon Network partnership, “We are in the business of helping companies acquire customers quickly and securely, using the most sophisticated methods possible, so it is imperative that we use safe and reliable advanced technology to best serve our partners.” he continues, “Verizon Business has become a valued technology partner over the past few years; the account team truly understands our business and anticipates our needs, and it has developed a high-quality solution that has gone a long way in improving our communications. This, in turn, helps our business run smoothly, and helps us attract the best technology professionals in the industry.”

The flexibility of the Verizon Business Network looks like what really attracted Red Ventures to the deal. The company has such a diverse load of work, that various services were necessary when seeking out a solution. It looks like Verizon presented the answer they were looking for.

To be completely honest, none of Oracle’s plans come as a surprise.  And at the end of the day, the FAQ is not legally binding and is not a commitment to deliver products, code or functionality. Oracle clearly states this at the end of the FAQ.  This too is completely understandable.  Oracle, like any other company with shareholders, will have to evaluate and adjust their plans and intentions on a product by product basis over time.  Oracle has a fiduciary duty to do so.

In the FAQ, potentially released to appease the EU and critics of the deal, Oracle tackles its plans for MySQL as follows:

“Oracle plans to spend more money developing MySQL than Sun does now. Oracle expects to continue to develop and provide the open source MySQL database after the transaction closes. Oracle plans to add MySQL to Oracle’s existing suite of database products, which already includes Berkeley DB, an open source database. Oracle also currently offers InnoDB, an open source transactional storage engine and the most important and popular transaction engine under MySQL. Oracle already distributes MySQL as part of our Enterprise Linux offering.”

This position makes complete sense as MySQL and the Oracle DB are more complimentary than competitive.  I doubt that this assurance from Oracle will help Monty, Florian, RMS and others opposed to Oracle’s ownership of MySQL get past their fears.

Not unexpectedly, Oracle plans to keep GlassFish around, since it is the reference implementation for Java EE:

“Oracle plans to continue evolving GlassFish Enterprise Server, delivering it as the open source reference implementation (RI) of the Java Enterprise Edition (Java EE) specifications, and actively supporting the large GlassFish community. Additionally, Oracle plans to invest in aligning common infrastructure components and innovations from Oracle WebLogic Server and GlassFish Enterprise Server to benefit both Oracle WebLogic Server and GlassFish Enterprise Server customers.”

The plans for NetBeans are somewhat certain.  You’ll notice that Oracle makes no claims about “investing more than Sun does today” or “continue evolving”.

“As such, NetBeans is expected to provide an additional open source option and complement to the two free tools Oracle already offers for enterprise Java development: Oracle JDeveloper and Oracle Enterprise Pack for Eclipse. While Oracle JDeveloper remains Oracle’s strategic development tool for the broad portfolio of Oracle Fusion Middleware products and for Oracle’s next generation of enterprise applications, developers will be able to use whichever free tool they are most comfortable with for pure Java and Java EE development: JDeveloper, Enterprise Pack for Eclipse, or NetBeans.”

Finally, Oracle suggests that OpenOffice.org and a commercial offering will receive investment.

“After the transaction closes, Oracle plans to continue developing and supporting OpenOffice as open source. As before, some of the larger customers will ask for extra assurances, support, and enterprise tools. For these customers we expect to offer a typical commercial license option.”

So there you have it.  Oracle’s plans for Sun, well, based on current thinking and subject to change at Oracle’s sole discretion.  Which again, is perfectly sensible.

Comments

Funny Pictures

So here are some of the generic statements (aka “facts”) that I see daily:

• Cloud is not secure
• Application  XYZ failed therefore the cloud is a failure
• You are crazy if you put mission critical applications in the cloud

I could go on and on but you get the point.  So let’s discuss these “facts” one at a time.

Cloud is not secure

This one drives me nuts!  I heard a well respected industry analyst at a well respected conference declare “I just don’t understand how you can put customer data in the cloud.  When you buy Amazon, you don’t buy security”.  I raised my hand and asked, “When you buy a rack of servers from IBM, are you buying security?”.  The point is, you don’t buy security, you architect for it.  Whether you are using a SaaS, IaaS, or PaaS provider, you must understand what security features are addressed, what isn’t, and what the risks are.  Then you must design to mitigate those risks.  It is not different than what you should be doing on-premise.  Understand your requirements, and build (or buy) the appropriate solution.  So to sum it up, the cloud by itself is often not secure enough.  You may outsource your infrastructure but don’t outsource your brain.  There are still things you must do to secure your systems and services in the cloud.

Application XYZ failed therefore the cloud is a failure

Whether it is GMail, Tmobile losing Sidekick data, Ma.gnolia database crashes, or Coghead going out of business, any failure of an off-premise solution seems to feed the myth cloud computing is too risky.  However, we continue to fail miserably each day with our on-premise solutions but we can keep it from the press because it is behind our firewall!  In each one of the above mentioned failures, the issue lies with operational issues on the side of the provider and not issues with the cloud infrastructure itself.  I would argue that GMail, which is free, is at least as reliable than most corporate Microsoft Exchange implementations (at least for the companies that I have worked for in the past).  Also, if you are using SaaS solutions, you should have a mitigation strategy in place for lost data.  Outsource the business processes but not your brain!  You still need business continuity, disaster recovery, record retention policies, etc.  And when did on-premise become so perfect? How many companies do you know keep the lights on by having employees run around with duck tape and bailing wire plugging up the holes in the bottom of the boat.  Let’s face it, most failures are due to issues in architecture, design flaws, missed requirements, human error, weak controls, or poor implementations.

You are crazy if you put mission critical applications in the cloud

This one really drives me nuts.  The problem here is semantics and we really should be careful what we say.  It is one thing to say mission critical apps don’t belong in the public cloud and another to say it doesn’t belong in any cloud (which is how it often gets interpreted).  But even the term mission critical means different things to different businesses.  Even though you and I might not see Twitter as a mission critical application to our business, it is for others.  Some companies exist solely because they leverage Twitter’s APIs to deliver their products and services.  Now we all know Twitter’s track record of reliability.  But their performance and up-time was failing miserably before they moved to the cloud.  It improved once they migrated to Amazon.  Twitter’s problem is a flawed architecture, it is not a cloud computing issue.  I have written in the past about our secure hybrid cloud solution for processing micro-payments.  As a startup, I would argue that I would be crazy not to build this in the cloud.  In an era where it is difficult to raise money, my costs would increase ten-fold had I opted for an on-premise solution.  I would have to build or lease at least two data-centers and staff them accordingly.  Instead I can use a combination of cloud vendors coupled with a sound architecture to secure these transactions and meet all regulatory requirements.  If I already had an existing data-center, I would not have been forced to look beyond the opinions of others and try to solve the security and compliance requirements that my business required.  I just think that many people’s opinions about the cloud are focused primarily on their specific business models or domains.  So what may be true for their world does not necessarily apply across the board. We tend to generalize too much.

Summary

There are many opinions out there about cloud computing and there are many smart people offering them.  Unfortunately, many of these these smart people have not rolled up their sleeves and tried to solve real business problems in the cloud (nor do they need to).  In my case, as a matter of survival, we had to find out for ourself.  By no means, do I consider myself an expert in cloud computing.  But I do believe that spending a year actually working on delivering enterprise solutions in the cloud from scratch does entitle me to challenge the opinions that are deemed facts.  At the end of the day, it all comes down to knowing your business and technical requirements and applying sound architectural practices to provide a secure and compliant solution, whether it is in the cloud, on-premise, or both.

Comments

“Here at the amazing HAR2009 hacker conference + camp, I have the pleasure of operating a camp-wide GSM network.

Under license of the Dutch regulatory authority, we operate two BTS with two TRX each, forming the network 204-42. The BTS are positioned on the top of a hill, with the antennas mounted back to back on a tree, each covering about half of the HAR2009 camp site. Every transceiver runs at 100mW transmit power, which is the maximum output as per our license.

From that tree, we run AC power and a single E1 line down to the GSM tent, where it runs into the Linux PC that runs our OpenBSC software. “

For those of us who aren’t mobile phone networking experts, BTS stands for Base Transceiver Stations, TRX stands for transceivers and BSC stands for Base Station Controller.

OpenBSC is a GPL implementation of major components of a GSM network. Welte is one of the key developers behind OpenBSC, which aims to:

• provide a basis for experimentation and security research with GSM from the network side
• document, publicized and point out any security related issues that we find as part of that
• learn more about GSM networks on a lower level, particularly the practical aspects with real-world equipment

Unfortunately, the project is not interested in:

• building a stable/reliable BSC/MSC for deployment in actual networks
• building something that follows the GSM spec to the last detail
• disrupting actual commercial GSM network

Since a government issued network bandwidth license is required to run a GSM network in most countries, few of us will never run our own open source GSM networks.  Although it seems that countries like Russia allow the use of licensed frequencies for low-power indoor use.  So the title of this blog is squarely targeted at readers in Russia.  Kidding aside, I wonder while Welte and team aren’t interested in building a distribution that does fully implement the GSM specification.  The use of OpenBSC on Linux could be targeted at telecom operators in emerging markets.  Considering the growth in mobile phone usage in emerging markets, and network operator’s constant search for cost reduction, there could very well be a business here.

Any takers?

*Well, if you can get a government issued bandwidth license

Comments

This led me to start this discussion which is most excellent because it shows how to do password security right. I’ll be honest, I’m going through right now and changing all my passwords because I was practicing several of the bad practices that Twitter’s employees were. I bet many of you are doing the same stupid things too.

While I’m on this topic, last week the hard drive in my Mac died. I lost a few days of videos and emails because I wasn’t backing up as often as I should be. Naughty me. The drive just stopped right in the middle of me working. Apple replaced the drive but that didn’t help me get back the videos and emails. Today I’m setting up my new hard drives with JungleDisk. I don’t care what you use to back up, but I know lots of you aren’t. I bought a couple of 1.5TB drives from Seagate, too. Costs $159 at Best Buy and probably cheaper online. No excuses for not backing everything up now. You haven’t done it, have you? (I know most people don’t back up).

Anyway, just a friendly reminder to pay attention to these things before you get bitten.

Comments