Streaming della KSK ceremony
Lunedì a partire dalle 22 (ora italiana) sarà possibile seguire in diretta dal sito di ICANN la cerimonia di creazione della seconda Key Signing Key della root zone.
La root zone sarà firmata il 15 luglio, come da programma.
Se non avete idea di cosa avete appena letto vi raccomando di guardare le slide della mia breve introduzione a DNSSEC.
DNSBLs and IPv6
From time to time I see people arguing that the wide deployment of IPv6 will force DNSBLs to significantly change their operations and semantics. Usually they have little or no actual experience with IPv6 and the main argument used to justify this view appears to be more or less "OMG so many bits!1!!!".
I have no reason to believe that this will really happen. People are already sending mail over IPv6 and I expect that the same reputation mechanisms used for IPv4 will be deployed as soon as they will be needed, with small policy changes to cope with the fact that end users typically get a whole network instead of a single IP address.
So I expect that DNSBLs will continue to operate as usual like they currently do for IPv4 addresses, optionally by promoting "single IP" listings to "whole /64" listings when appropriate.
Let's briefly categorize the common types of DNSBL listings:
- spam sources or spam support (e.g. SBL): a human investigator decides that a specific server or network needs to be listed. Nothing will change.
- dynamic or dynamic-like (residential) networks (e.g. PBL): a human investigator decides that a specific network needs to be listed, or the ISP itself provides their relevant ranges. Nothing will change, except that dynamically-assigned networks will be much less common.
- fully automatic behaviour-driven listings (e.g. CBL): the IP addresses of spam sources are automatically listed as soon as they are detected. Are adjustments needed for this case? The only issue I can think about are the randomly-generated "privacy extensions" addresses used by some clients, but since they can be automatically detected the BL operator may also choose to just list the corresponding /64 from start.
If anything, with IPv6 much less guessing is needed to know how large each customer assignment is, so some things will actually be easier for operators.
(I have been using IPv6 for at least ten years and I have received email over IPv6 networks for at least five.)
Highlights and a description of the key signing ceremony
Lost: il finale
Colgo l'occasione per scusarmi con tutti coloro a cui ho consigliato di guardare Lost.
Less widely known features of iproute
While iproute (AKA ip(8)) nowadays has become the ultimate Linux network configuration tool, it is also poorly documented: many features are not documented in the man page or even in the built-in help.
With this post I would like to raise the attention to some of its more recent features which are not getting the attention they deserve. And remember: every time you use ifconfig(8), Cthulhu eats a kitten. Please, think of the kittens.
VLANs management
ip link add link eth0 type vlan name eth0.2 id 2 ip link add link eth0 type vlan name myvlan2 id 2 loose_binding on ip link add foo type vlan help
This replaces the obsolete vconfig(8) program and adds new features.
The loose_binding flag stops the VLAN interface from tracking the line protocol status of the underlying device.
Creation of TUN/TAP interfaces
ip tuntap add dev mytap mode tap user md
This replaces the obsolete tunctl(8) program.
Creation of dummy interfaces
ip link add mydummy type dummy
The only way to create more dummy interfaces after the dummy module has been loaded used to be loading it again with a different name, and they were all named dummyN. Since module-init-tools does not support anymore loading the same module multiple times, iproute fully replaced this method.
Ethernet in GRE tunnels
ip link add mygretun type gretap remote 192.0.2.1 ip link add foo type gretap help
A practical way to remotely bridge two Ethernet networks. The IP MTU is reduced of the expected 20 (IP) + 4 (GRE) + 14 (Ethernet II) bytes.
L2TPv3 static tunnels
See Documentation/networking/l2tp.txt for details, this requires kernels >= 2.6.34.
Digitale terrestre con Linux, a basso livello
# apt-get install dvb-apps vlc $ mkdir ~/.tzap/ $ scan -v -o zap /usr/share/dvb/dvb-t/it-Milano > ~/.tzap/channels.conf
$ vlc ~/.tzap/channels.conf