Long Term Storage

Lurking in the depths of the internet is a problem. A problem so large that it is going to cost billions to fix. It will effect every device connected to the internet without exception. Every cell phone, every game console, every computer, every router/modem, EVERYTHING. And it is a secret. Well, not really a secret, just not something anyone talks about.

The problem is the language that the internet speaks, is running out of unique names. Specifically, the IPv4 address space is running out of unassigned addresses. The simply version of why this is a problem is no new websites will be able to be online. It is a lot more complicated than that and will even impact users to a degree, but that is for a different article.

This is where the 600 days comes in. By the estimates of the people who are able to do estimates, the currently unused addresses will run out in about 600 days as of the beginning of 2010. As that day approaches, you can expect all sorts of shenanigans regarding pricing and allocation decisions. It will become much much more difficult and costly to setup your own website/service.

The good news is, there is a fix. The bad news is what I was saying in the beginning. It is going to be expensive as hell and it is going to impact a couple billion devices. The worst part is, you can’t even take steps to fix this yourself right now.

The answer is a new language. Internet Protocol Version 6 or IPv6. It solves the addressing problem for a VERY long time. The current version, IPv4, supports about 4.3 Billion addresses. This is represented by 32bits or 2^32nd. IPv6 supports 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses which is 128 bits or 2^128th. This post does a good job of expanding on what this means.

Because this is a new language, this means all of the devices have to be taught to speak it.  In the vast majority of cases, this is software and could be done for free.  The problem is if you are the manufacturer of such a device, why would you provide a free upgrade, when you could sell a new device?  This is further complicated, by the fact that essentially no one supports IPv6.  The deep insides of the internet do, but the majority of the pieces that are exposed on the internet, do not.  The biggest hurdle is most ISPs (Comcast, ATT, Verizon, Charter, Cable Vision, etc) don’t support IPv6 for their users.  Even if you could go buy replacement devices or upgrades to your equipment to support IPv6, you still don’t have access to the IPv6 Internet.

During the period of overlap when not everything speaks IPv6, we will run into problems of sites only being accessible from v4 or v6.  As time progresses that will go from overwhelmingly v4 to primarily v6 and this transition will take a very long time.  The general masses are going to learn more about networking than they wanted to know out of necessity.  Where did I put that number to tech support?

TL;DR; We have 600 days to make the Internet6 accessible.  After that, things start becoming REAL complicated, real quick.

Note:  This article is meant to build awareness not be complete or thurough.  There are large gloss-overs, simplifications and omissions to keep this from being a book.

A nice article over at Arstechnica talking about a project some Carnegie Mellon students have been working on called Perspective.

It is a SSL and SSH security enhancement which helps prevent Man In The Middle attacks by giving you a 3rd party “perspective” of the site you are visiting.  I know you are asking, what does that mean and how is that my problem?

As this article over at TechDirt describes, the little pad lock has been one of the best things for Internet security.  Users, for the most, recognize and trust it to indicate that the site and the data about the transaction is secure.  A MITM attack is where a cracker intercepts your requests to initiate a secure connection and places them selves in the chain.  If done correctly, you, your browser, and the 3rd party have no idea that someone is listening in.  If this attack succeeds, the cracker now has access to all of the information that is encrypted which could be credit card numbers and passwords.  For you Linux/Unix users out there, SSH is susceptible to this attack as well.

The perspectives project, as they describe it, “designed Perspectives to supplement [Trust-on-first-use] applications with spatial and temporal redundancy”.  It works like this…

You visit a site which has a self-signed certificate. (Nobody wants to spend the rediculous ammount of money required to get a 3rd party signed cert.)

With out Perspectives, Firefox will give you a big warning that most users promptly ignore and select to add the exception.

Perspectives places itself in that step instead.  When you receive the public certificate of the site, perspectives goes out and queries their servers.  Their servers will then connect to the site and send back what they received.  The plugin then compares the two.  If they match, then the certificate is accepted as being valid and Fx doesn’t prompt you with the warning.

There are some additional configuration choices that can be turned on to further enhance this by requiring the signature to have been valid for X number of days.  This acts as a further validation in case the attacker is able to intercept all requests to the site.

All in all, this is yet another tool in the arsenal to keep our computing safe.  I hope that Mozilla, OpenSSL, and OpenSSH take this project to heart and integrate it into their suites as well as some large companies step up and offer their services as a notary.

You can obtain the Firefox extenstion here and an OpenSSH client here.