Minding Standards Isn't Harmful

Network News Break: Breaking the DNS system, even just a little, considered harmful. Also: WiMax generates heat at the IEEE conference, Cisco picks up a new CTO, and Microsoft pockets $4 million from a spammer, but loses some browser share. This week's tip: Depriving your users of bandwidth may be your best QoS enforcement tool.

By Michael Hall | Posted Jul 16, 2004
Page of   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
Main     Elsewhere     Tech Tip     The Week in CrossNodes

There's a venerable tradition among netizens: The "considered harmful" essay, in which an aggrieved geek outlines the many ways in which the object of his/her peeve is, well, harmful. Doing a quick Google on "* considered harmful" yields a bevy of harmful things:

  • "Reply-To" Munging Considered Harmful
  • Csh Programming Considered Harmful
  • <FONT FACE> considered harmful
  • Weblogging Considered Harmful
  • People considered harmful
  • TCP Extensions Considered Harmful
  • Switched Ethernet considered harmful

and, our personal favorite:

  • "Considered Harmful" Essays Considered Harmful

These documents hold no real force, except to the extent they capture imaginations and become rallying cries for an end to the harm du jour. They're an institution, and we like them, even when they aren't as damning as they are pigheaded and obtuse.

At the core of a lot of these documents are references to assorted requests for comment (RFCs) and specifications. These source documents are dissected with rabbinical erudition by the authors, who appear, at first blush, to be obsessed with standards to a nearly abusive extent. Confronted with a TCP Loremaster, for instance, we might be tempted to look past the flood of citations and ignore the message in favor of snorting at the obsession.

That very human reaction, while understandable, is helping the Internet suck.

Earlier this week, ICANN got around to scolding VeriSign for SiteFinder:

In September 2003, VeriSign, managers of the .com and .net registry (a directory of the domains and owners of every Web address within those top-level domains), started redirecting Web users who typed in an incorrect or unused Web site or e-mail address to a paid advertising page, SiteFinder.com, rather than returning the industry standard RCODE3 "name error" code.

The result?

Introducing a DNS "wildcard" for incorrect addresses into the mix had the side effect of "legitimizing" every e-mail address sent, which snarled the scripts in many spam-blocking applications around the world. Many anti-spam filters were predicated on the fact that bogus e-mail addresses were spam. Administrators scrambled to adjust their scripts to accommodate the unforeseen change.

Ten months later, ICANN has bestirred itself to say something about the matter.

But as regular contributor Carla Schroder wrote in to remind us, "Quite a few domain name registrars have implemented Sitefinder-type re-directs, and no one is yelling at them ... Shouldn't we be crabbing at all of them?"

Yes we should.

According to one published report, fifteen of the 258 top level domains have wildcard redirects in place. Fifteen too many.

"Standards" are often used as a conversation-ending bludgeon when geeks congregate, stopping a lot of discussions dead when the issue is "what's the correct thing to do." That's good. They're also used as a conversation-ending bludgeon over discussions over "what's the right thing to do," which is a slightly different matter.

For the casual observer of these debates, it might seem like too much detail to bother with. But standards are what we have, even if they seem arbitrary, and even when they're not so much formal as they are matters of common practice. If you're running a node on the Internet, it's worth your time to do some background reading when these debates come up and get an opinion if you don't already have one. Sometimes maintaining a standard is hard work, and no one's perfect. Willfully defying a standard, though, goes beyond "we're all human."

VeriSign and ICANN have more than their share of disagreements, about which debates will continue to rage. But in this case, ICANN was right and Carla was right: Even if the effects of VeriSign's cash grab weren't net-shattering, they were harmful. When others try the same stunt, they're doing harm, too. Let them know.

Elsewhere in the News

» The IEEE is meeting in Portland, OR this week. According to The Register, it's "shaping up to be one of the most lively in years, with a packed agenda that highlights both the current breakneck pace of change in wireless networking, and many of the splits that could slow this pace in the near future." WiMax looms large in the scuffles.

» Cisco has named a new CTO: Charles Giancarlo "served as senior vice president and general manager of product development for Cisco, as well as president of the company's Linksys unit. He joined the company in December 1994 through the acquisition of Kalpana."

» Microsoft is taking home $4 million from spammer Daniel Khoshnood and his company Pointcom, Inc., which sent mails from typo versions of MS domains like "microsoftc.com" and "hottmail.com" to convince users to download toolbars. The judge in the case invoked laws prohibiting deceptive e-mail and Web addresses in his ruling against the spammer.

» WIRED reports that the recent Internet Explorer security scare has taken a minor toll on the browser's share: "According to analyst firm WebSideStory, there has been a 1 percent drop in Internet Explorer use over the past month, from 95.73 percent on June 4 to 94.73 percent on July 6. It's the first time WebSideStory has ever seen Internet Explorer usage take a dive."

» Now they tell us! Also at the IEEE conference this week, Wi-LAN (reported on here two weeks ago) has announced its intent to license the patents it claims give it significant leverage over the WiMax standard.

Tech Tip by Michael Burton

If I offered to give you either ten bucks or a hundred bucks which would you want? If there were no strings attached everyone would of course ask for the hundred bucks. But few things in life are really free.

There is basically zero per-port price difference between ten-megabit half-duplex and 100 megabit full-duplex. Any switch worth buying won't even offer a ten-megabit-only option anymore. So why not give everyone the fastest pipe possible? It makes the end users happy and is simpler to administer - everyone gets the same setup.

High tech employees are notoriously sensitive when it comes to technology. We are all familiar with the newest and greatest, sometimes painfully so. But when it comes to network speeds, even we can't tell a difference most of the time. During a "blind taste test" at a major high-tech company held last year, most folks could not tell the difference between 10/half, 100/full, or even gigabit! If your end users cannot see their connectivity lights, most of them won't be able to tell the difference either.

Now, that is not to say that 100 megabits to the desktop doesn't have its uses. For engineering work or any other application which requires very large files to be moved back and forth, 100 megabit connectivity certainly makes sense. But for normal Web browsing, accessing remote shares for Word documents, or even Microsoft Exchange traffic, ten megabits are more than sufficient.

Even those power-users would have a difficult time coming up with a real reason for full-duplex. Many think that duplex settings impact your speed and that is simply not the case. Unless you are moving large files to and from your system at the same time duplex changes do not have any impact on your outbound or inbound speeds. It is like thinking that throwing a ball at the same time you catch a ball will make the ball you're throwing travel faster.

But there is a very good reason to not give out the fastest connection possible. While your users will be unable to make use of that bandwidth anytime soon, any sort of virus or worm that infects their system can certainly make use of the pipes they are given. And systems sending out virus attacks while receiving confirmations back from zombies can definitely get a boost from that full-duplex connection.

Consider port and speed control as the poor network engineer's Quality of Service enforcer. Until your environment rolls out Voice over IP, you probably don't need to give systems the ammo needed to cripple your enterprise during a worm outbreak. Keep the 100/full or gigabit connection to the servers and backbone links where they are actually needed.

Michael Burton is a Portland, OR employee of Intel, where he has worked in network management. Michael was the technical administrator for Intel's 20,000 node network at its Hillsboro, OR campus.

The Week in CrossNodes

» Windows Services for Unix: There's No Place Like /home

Though far from perfect, Windows Services for Unix makes it a little easier to intermingle platforms. Bring your Unix chops, though, unless you want to point and click your way to an insecure mess.

» WAFS: The Next Best Thing to Being There?

Over-the-net latency makes remote file operations a pain. Wide area file services can help the folks in your branch offices feel like they're sitting next to the file server, minus the annoying hum.

Network News Break is CrossNodes' weekly summary of networking news and opinion, served up fresh. Please send your comments and suggestions to the editor.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter