Gaurab's Musings on Travel and Technology

Where is Culpeper ? What are you doing there ? For the entire last two weeks, that’s the most common question I was asked. While there were a few thumbs up from people who knew what was going on, I tried to explain to other techies about DNSSec and the significance of the key signing ceremony. For others, I just resorted to saying that it’s a place near Washington DC where there was a technical meeting I had to attend. ‘DC’ and ‘meeting’ in the same line was enough explanation for them, me thinks.

While I am detailing the DNSSec protocol in laymen’s term further below, the signing ceremony was not different from a well written IETF protocol draft, where every actor had a role, and parts were scripted like it was an act on stage. The 35 pages long script will possibly be made public by ICANN in near future, but the attention to details, pedantic execution and timestamps at each step lasted almost seven hours. In seven hours, we incorporated the seven crypto officers and seven recover key share holders, initialized the HSM, generated the KSK, processed the request from Verisign  and made arrangements for continuation of the procedure in the West Coast facility. From Verisign, we received the Key Signing Request, containing ZSKs generated by Verisign, signed those and returned them a Signed Key Response, they will use those ZSKs to sign the root zone. Exceptions were handled by the ceremony administrators with utmost care. The main ceremony was in a secure room with multiple secure layers involving a man trap at the second stage.  The event was recorded, and was watched by more people in an external room in the same facility. We had an auditor present to keep notes of the proceedings, and a armed guard to make sure that we didn’t deviate.

I was one of the seven crypto officers selected for the East Coast facility, which is in Culpeper.  In essence, at least three out of the seven crypto officers need to be present in future key signing ceremonies for the east coast. We hold safe keys where the crypto smart cards that will be needed to operate the key signing hardware every time new keys are generated and used for signing the root zone key are stored. So, in a way, for popular consumption, I now hold keys to the DNS system on the Internet.

As was noted by various people, this was quite a significant ceremony. This makes DNS -one of the most fundamental tenets of the Internet more secure. DNS has long been one of the most open protocols on the Internet, and over time a model of how successful protocol design works. The cryptographic signing of the root zone possibly indicates the changes that has happened to the Internet over the years, and the way it’s headed.

Personally, I think it was a great step forward, but at the same time I wonder if we continue the push to crypto- encrypt everything on the Internet, the free and wild wild west nature of the Internet will still be there in a decade or so. Only time will tell.

Explaining DNSSec:

To give some background, DNSSec is short for Domain Name System Security Extensions. DNS is what links names like www.gaurab.org.np to Internet Protocol (IP) Addresses. IP addresses are like phone numbers on the Internet and DNS is the telephone directory.  DNS is very widely distributed network of hierarchical servers spread around the world. For example, for www.gaurab.org.np, there are separate servers that handle the ‘org.np’ part and the ‘www.gaurab’ part. The ‘org.np’ part is spread out over as many as nine name servers all over the world. Of the nine, few are distributed even further with a technique called Anycast. That makes it potentially about 80 to 100 servers for ‘org.np’ who can tell an inquiring machine about ‘gaurab.org.np’. Further, ‘gaurab.org.np’  has three authoritative servers spread between USA and Nepal.

When you go further above ‘org.np’ then we end up in the root zone. If you think of DNS as a inverted tree with the root at the top, with country codes branches like ‘np’, ‘nz’, and gTLD branches like ‘com’ which then further branch out to ‘org.np’ , ‘com.np’ and so on,  you get fairly close to the concept. The way the early DNS system was designed, there is no way to verify the integrity of the data you receive from these servers. With enough technical skills, someone in the middle can modify valid response and send false data. They can also pretend to be one of the servers and send bad data. There are also other known problems like cache poisoning that can inject false data into the Internet system.

To address this problem with maintaing the integrity of the data, DNSSec was developed many years ago. It’s been a known protocol for many years. DNSSec uses public key cryptography and embeds the information which can be used to cryptographically validate the response with each response. The bits included with each response is called a ’signature’. Your computer, or ‘resolver’ as it’s called in DNS parlance, can then verify this information by comparing against well known set of published data. This process is called validating the response. If the signature doesn’t validate, then the resolver will not accept the response and try again. Of course, this is very simplified version of the entire process.

Despite being around for a while, the root or the top level of the DNS system wasn’t using DNSSec. The main issue that delayed it for so long was the ownership and management of the root zone cryptographic data.  There were also other issues with DNSSec deployment that were identified and resolved in the mean time.  But by 2009, many organizations were pushing for deployment. The Swedish ccTLD .se was one of the first ones to be signed. In mid 2009, .org – a major gTLD was signed.  The pressure was on for the actors responsible for root zone management to sign the root.

It’s important to understand that unless the root zone was signed, the hierarchy couldn’t be verified. It meant the full benefit of using DNSSec wasn’t there.  Sometime in 2009, IANA, ICANN, Verisign and NTIA all agreed on a way to get this done.  They are the primary actors in the management of root zone management. Under the arrangement, Verisign – as maintainer of the root zone, was to keep and maintain the zone signing key (ZSK), and ICANN would issue and maintain the Key Signing Key (KSK), that would be used to cryptographically sign the ZSK.

The ceremony in Culpeper was where ICANN in the presence of 14 chosen community representatives as well as many other external witnesses created the KSK to be used for signing the root zone. And it accepted the first key signing request by Verisign to use the KSK to sign the ZSK.  ICANN will maintain the keys in two different locations in the US. The signing ceremony in Culpeper was the first of the two and the second one will take place in Los Angeles on 12th July 2010. Once the keys are safe and the 7 more community representatives incorporated for the West Coast facility, the root zone will finally be signed on 15th July 2010. DNSSec will be in production after 15th July, 2010. A major milestone on maintaining the integrity or the domain name system and subsequently the Internet.

The details of the root DNSSec are on the http://www.root-dnssec.org/ site. It also includes names and details of all the community representatives and other actors in the process.

I find Japan charming. It’s got its quirks, and the language doesn’t really help, but people make up for it. My recent visit was the fifth since 2003, and third in as many years.  First the visa – of the many countries and embassies that I go to for visas, Japan is unique that it requires original letters of invitations. printed or e-mailed ones are not acceptable. They need the paper with the squarish red stamp on it. But once you get that piece of invitation, it’s kinda straight forward. No questions asked. I think being the fifth time they weren’t as meticulous as they’d be on a first time visitor though.

Flights to Japan are non-incident in general. But if you fly Thai Airways, you can be sure that the flight to Tokyo possibly gets one of the best planes on the fleet. When i flew last week, it was the latest 777-200ER that they leased from Jet Airways. Given that this was Extended Range (ER) air-craft meant to fly India – USA non-stop, the seat pitch even in economy was really good. So, it was indeed a good flight.

Arrival in Tokyo is fun. They land on the never finished runway with a farm right there in the middle.  The well known story is that the farmer who owns that piece of land didn’t like the way government officials mis-using imminent domain rules to expand the airport that he fought back and the courts ruled in his favour. Meaning that the government can’t force him to sell it. so, the runway remains far shorter then it would have been. you can see this picture http://www.airliners.net/photo//0874120/M/.

The charm of Japan is in its service standards. Even before you hit the Immigration official, you’ll pass through at least two other ‘helpers’ who will check if you have the forms and another one who’ll come walking the queue to see if your forms are filled correctly. I believe that this does save time eventually, but also helps visitors, who has been confined to the airplane for long hours. Even frequent fliers tends to make mistake after being in the sanitized air of an air-craft for longer hours. A little bit of help, does help.

Sometimes the Japanese can overdo the ’stewards’ bit though. It’s common to walk through a conference or an event in Japan with two stewards standing every corner and every hallway with signs. I’d rather believe that most people attending these events are more than capable of finding their way.

Japanese food is another of its charm. You can get equally interesting boiled, fried, baked and even raw stuff. I prefer shoba noodles to ramen. This time around I got to try some interesting Ekonomi-akai Osaka style- in tokyo. Though for some reason, I didn’t eat any sushi. Time was well spent on other foods.  Even at Narita Airport, there are some good food places now in the Airport Mall. And my highlight was the Hagen-Diaz icecream vending machine.

Departure proceedings in Japan are fairly straight forward, and the ANA lounge was great. I was invited into the first class section by my friend Mr. Toyama. Irrespective of which lounge you are – ANA possibly are the only airlines which has a proper kitchen in the lounge and you can get your choice of noodles at the noodles bar.

Before ending, just so that you don’t think I was in Japan to just have fun, I was there for a reason. I was speaking at a major Japanese Internet Conference -  Interop-Japan. One of the founders of the event Toru Takahashi from IAJ had asked us to be part of a panel on Internet Exchange Points around the World. I was speaking about IXP Trends in Asia Pacific Region. While I didn’t go to any other sessions, as most were in Japanese, the exhibition was enormous. I’ll spare the details, but the highlight was a 100GigE circuit between two Cisco CRS-3. Now beat that.

I suddenly felt the urge to write about an older trip today, while I am waiting for my next flight to Tokyo.  One of my favourite pastimes at Bangkok Suvarnabhumi Airport is to check out the departure screens for flights to destinations that I can’t pronounce in a single go. The many times that I have flown through different airport, I haven’t seen flights to such unique destinations from one locations.  Where would you find flights going to Yekaterinburg, St Denis de la Reunionn, and Tashkent on a display screen. I find Bangkok unique in that aspect. On a broader scale, of course lots of flights to secondary cities all over Asia and to major cities in Africa.  And there is variety too. A few years ago, I counted that I could fly almost a dozen airlines from Bangkok to Singapore or Hongkong.

But now, back to my flights from a few years ago. It was August 2005. I did a crazy routings of flights. In the first phase, I went to Karachi – my first time to Pakistan. It was fun. The PIA experience – I was given a seat in business class in the Kathmandu – Karachi sector,  – but with economy service. It was one of their A310.  Of the five people who actually were going to Karachi, I was one. The rest were all connecting to destinations in the Gulf.  The details of my security escort in Karachi is a story for another day. But I did enjoy the food and the people I met in Karachi and we setup the ground for hosting the first SANOG in Pakistan in 2006.

After Karachi, I flew PIA to Delhi. I spent about 12 hrs in Delhi. While I was expecting hassle at IGI, it was as smooth as it could get. I could see that the Immigration guy was relieved to see a non-Indian or a non-Pakistan passport. Less work for him, I believe.  My 12 hrs in Delhi was spent visiting friends and eating lunch and dinner. I had a car pick me up from the airport, go around town all day with me and then drop me off at the airport again in the evening. Delhi can be intimidating for first time visitors, but definitely it’s fun , if you know your way around the system there.

In fact, I had no real reason for being in Delhi – other then how my flights got done. I was en-route to to Ulan Bator in Mongolia. If you use the Great Circle Mapper (http://gc.kls2.com), you realize that Karachi to Ulan Bator is about 2670 miles or roughly 6 hrs flight duration. But then I was booked Karachi- Delhi – Singapore – Seoul – Ulan Bator, turning it into roughly a 33 hours long run.

The flights themselves were not that interesting, but I had a misconnect in Singapore, but SQ were so good that when I arrived, they had already moved me to a later flight and prepared new boarding pass to Seoul – Incheon. From Seoul to Ulan Bator, I flew the Mongolian Airlines (MIAT). It was a nice new 737 Aircraft. Of course, my bags didn’t make it to ULN that night with me. It arrived the next day. I never figured out if it was left in Singapore or in Seoul. The bag was tagged with so many pieces of paper that it was a jumble.

After a week in ULN doing BGP Multihoming with the good Dr. Smith, the return was not eventful at all. Korean Airlines (KE) to Seoul. Both Philip and I thought we had business class seats, but then there was no visible difference from the Economy class.  I flew back to Delhi on Singapore Airlines from Seoul. Bags made it with me.

But this was not the end. A few months before this trip, I had a trip to Mumbai cut short  due to massive floods in Mumbai. It was now time for me to finish that trip. So I flew the excellent Jet Airways to Mumbai and back. And finally back to Kathmandu.

On this one trip, I had flown on 5 Airlines, flew 7,300+ miles to cover a distance of 2670 miles, had misconnected, missed bags and was now back home in about 3 weeks.  I had visited 3 countries, and transited through two more.

I know how I ended up with this complex routing. For the non-regular travelers, it may not make sense – but it does if you look at it deeper. The choices of flying to Ulan Bator were limited, either I had to fly through Beijing or through Seoul.  Flying back to Kathmandu from Karachi would also have resulted in another set of flight that would have taken me to Beijing or Seoul via Bangkok. So, in terms of absolute number of flights or time – it wouldn’t have really made a difference. On the other hand, I still had the un-utilized Delhi-Mumbai- Kathmandu portion of my ticket from the aborted trip a few months earlier. Thus if I flew to Delhi from Karachi, I would have the return already covered. In the short of it – by going via Delhi, I saved myself one Kathmandu – Delhi Flight. Make sense, doesn’t’ it.

Even if it doesn’t, don’t worry  – now you can fly direct from Kathmandu to Seoul on certain days, and hopefully the non-regular flight between ULN and BKK will become regular one day.

Safe Travels !!

On my recent trip to Europe, an amazing confluence of travel and technology made it a lot more fun. I travelled from Kathmandu to Kosovo via Abudhabi, Frankfurt and Vienna. Abudhabi and Vienna were uneventful and were only transit stops. Frankfurt, I had some work to finish off, so was a proper stop. That is where it was interesting.

For those of you who travel a bit more then usual, Dopplr.com is a site that I’ve been using for a while. I think I got an really early on invite to the site – and then have been using it. Nice thing is once i update my Dopplr account with my travel data, i can subscribe the feed to my calendar.  Of course, like any web 2.0 application, you add friends and links and networks in Dopplr and then connect to it  from Facebook. The Facebook linkage is fun. Dopplr, once you give it permission, will send nice updates to your Facebook wall with your travel plans and a map.

So, this trip to, my Facebook Wall was automatically updated that I was traveling to Frankfurt. A friend of mine, whom I haven’t seen for a few years was traveling from Vancouver to Cape Town – also through Frankfurt. Once in Frankfurt and on the Internet, he spotted that I would be in Frankfurt Airport as well and send me a message.  I wasn’t in the Airport, but then got the message and then we meet up for beer and dinner at the Airport. How Cool.. !!

This is not the first or the last time I guess combination of different online social networks will help us socialize more,  but do concede that I was amazed at the speed which this interaction took place.

More about this trip on a later blog..

So, it’s been a while I haven’t been on an international flight, 21 days to be exact.   The last time I nearly got onto one – but didn’t –  it was unusual (my travel agents words, not mine), it ended up good, as the subsequent flights and my return flights got cancelled due to the Icelandic Volcano, which of course like everyone else, I can’t pronounce or spell. Going back into this trip, I had to cancel going to Riyadh, because the visa didn’t come through on time. So, from being on a trip that would have taken me to Riyadh, Frankfurt and Brussels, I stayed home all the time. -well not really – I went to Pokhara.  The turn of events was, I agree, unusual. I was going to fly Etihad Airways for the first time – that has to wait too now.

So, how is it to be not on the ‘road’ for almost a month. I think not much different. But, all the time you spend traveling, you end up doing other stuff.. which might have taken a back seat. Like this blog setup. All it needed was a few hours to tweak around. I hadn’t had the time to do that for more than two years now. That brings to the next question – was I being more productive just because I had lots of time or  because most people thought I was on the road, and had no expectations of me in Kathmandu ?  I have no idea. But at least the first 3-4 days after I was supposed to have flown out – I didn’t get any calls other than from my Travel Agent.

Anyway, it’s getting around the time for lunch, so let’s talk about food. I think when I am in Kathmandu, I do go to a fair number of foodie places. So, sometime in the last thee weeks, I did manage to go the not-so-new anymore Pizza Hut in Durbar Marg. The pizza was pretty good, I’d say.  And also this new place called ‘Caferina’ – which is in Sherpa Mall – the food is hit or miss. But, Lakpa’s Chulo in Jhamel still wins hands down on both food and ambience. The service is also great. I also found out that Rum Doodle has moved locations within Thamel. The new place is large and airy – but quite not the cosy atmosphere from the old location. Rum Doodle still has the best Rum Punch in town and that’s what matters more than the location.

What else.. being in Kathmandu, I had my scooter repaired, upgraded RAM on an older Laptop, found time to look through some old backups to get them onto this laptop and so on. I also found time to upload pictures to Facebook. Quite interesting to see that I had people commenting even before the entire album was uploaded.

The world is connected even if you are not on the road.

I wrote this piece for the Y! magazine. One reason to post it here is that I said I’ll post my published articles in this blog.Another reason is also to get some practice in categorizing the content within Word Press. Ciao!!

Visit Y! at http://www.yzine.com.np

download Issue 12 at Download

-gaurab

—-

10’s – Touch, Cloud and Go

A new decade is always interesting. Contemporary historians tend to generalize trends in terms of the decades gone. 80s was for the PC, 90s for the Internet, the first decade of the millennia for the Youtube, Facebook and everything that survived the Dot com Crash. What’s in store for this year and then onwards for the decade? How would you flashback in a few decades?

The past 30 years of innovation and challenges in end-user computing has been enormous. This has peaked in the last decade with much more innovation happening from a user experience perspective. The cell phone which at the beginning of the decade was at least half a kilo brick is now a sleek device not much larger then a Dairy Milk pack.  As Nokia claims – adding a phone to the phone made them the biggest camera manufacturer in the world diluting the line between consumer electronics and communications devices.

Then came the iPhone, which can be credited to starting this focus where users had the world at their fingertips – literally.  Then Kindle revolutionized the e-Book world. We will have to wait and see how iPad impacts the world.

The next decade will be how people use the more easily available wireless connection to enrich their online experience with more video. The iPad and other sleeker internet access devices with larger screens are possibly the devices that will make it easier for people to watch video on the move. Instead of the grainy small resolution video, you will be able to watch full screen and even High Density (HD) videos on these devices. You then connect the audio through a blue tooth headset. Your video may be stored locally or be streamed over the network.

These days we don’t think twice before uploading our pictures to flickr, facebook or some other photo sharing site.  With bandwidth becoming more affordable, and content being easier to access over the network, we’ll start seeing more personal videos being uploaded to Youtube and similar sites.

The other big semi visible but important part of technology progress is the increasing use of cloud computing infrastructure. When we use Gmail, or Hotmail or yahoo for e-mail, search and storing information, we are already using a remote computer system and trusting our data to it. While these were limited services, cloud computing itself as a product can enable lots of small business and even individuals to setup online businesses and platforms. It will enable smaller organizations with limited budget to be able to utilize more complex system with a fee. Computing will then becoming a utility brought to you through the internet.

While these are the visible icons of the progress, there has been a lot of other innovation which lie underneath the visible progress. Every year in the past few years, technologies have enabled companies to pack in more components into ever smaller scale. Dual-core and quad-core CPUs enable massive computing power that until a few years ago was only available at specialist labs. Technologist realized that instead of packing in too many components into the same chip, running multiple CPUs actually increased the parallel processing power and at the same time reducing heat dissipation, enabling to build efficient machines.

On the other hand, for those who work in the industry, the greater problems lie in how to manage power and cooling for large cloud computing clusters. Since there are no mechanical parts in computers, almost all energy is radiated out as heat – creating a massive cooling problem when you have larger numbers of computing systems in one place. Research is ongoing on how efficient cooling system can be designed along with efforts in reducing the heat radiation from devices.

There is a lot more happening in this area for those who are interested.

But, what interests us today is how all of this comes to impact us in our daily lives. In the next decade, we can assure ourselves that we’ll be using more and more of wireless technology whether at home or mobile. As phones becomes replacements for computers, it’s obvious that wireless is the technology to watch. You may still have cables and fiber  that bring the internet to your homes and offices, but you will possibly use wireless connection for access – whether it be WiFi or through GPRS or may be even 3G connection.

In Nepali context, we may be able to get the ubiquitous Blackberry service finally in Nepal, producing our own share of crackberries. We may also start seeing more organizations finally sensing the ubiquitous ness of the Internet and choosing to use it more. Banks have been in the forefront of encouraging customers to use e-Banking services without much success – but this will change. It took ATMs the last decade to be the preferred means for personal banking in Nepal, and  eBanking will take at least half of that time frame to be widely used.

Another aspect of usage will be the increased focus in education institutions on the use of the network for students use. Universities and colleges have been spending a lot of money and resources in building libraries, but as many international publications and journals make internet the preferred means of delivering texts, research materials as well as other teaching resources, Nepali institutions will need to connect with high speed Research and Education Networks like the Internet2 (US), GEANT (Europe), APAN (Asia) if they want the students to have access to resources. The connection to these international networks will in fact make the local students a lot more competitive when they go abroad, having had access to the resources already.

Last but not least, there are progressing signs that Nepalis, who went abroad 10-20 years ago  have finally made a mark in their own fields in their adopted home countries. They are now poised to help the industry, academia and the government in Nepal with expertise and knowledge in their specific areas. They are interested to share their knowledge with local youths and professionals. The use of video conferencing facilities have made this a lot more easy then in the past – whereby they had to travel to Nepal for such knowledge sharing activities. Organizations in Nepal and US are now working to create a regular series of such knowledge transfer initiatives. Computer Association of Nepal with its US chapter has successfully piloted this last year already.

Kathmandu University will soon start regular lectures over video conferencing facilities with faculty in Europe. Doctors at Kathmandu Model Hospital do a video conferencing session with doctors in its satellite hospital in Dolkha every morning, and all of them are regularly joined by experts in New Mexico, US for regular consultation and medical discussion. They are sometimes joined by helath workers in Nangi, Myagdi, also over video conferencing.

The future is there for those are able to use the technology for making their lives easier, and the next year and the decade will be no different. Innovation in technology, Ingenuity  in usage and Improvement in user experience is all what’s for us in 2010.

hi all,

So, I guess as a tech savvy guy.. I am supposed to have a blog. I had an intention to get one for a while, but finally I found the right system and time to get it done. Here I hope I can write about stuffs I like..

I will also post things that are published elsewhere here too.

see you here more..

-gaurab