billso.com

Earlier today, we noticed that YouTube was not available. An ISP in Pakistan, PieNet, single-handedly blocked global access to the popular video site for two hours, according to multiple reports on the Times of London, ZDnet, ReneSys, OpenDNS and Data Center Knowledge.

PieNet hijacked YouTube’s domain name by sending Border Gateway Protocol (BGP) instructions called advertisements to reroute all requests for YouTube.com to an IP address in Pakistan. ISPs use BGP to link the routers in their networks together, creating the global internetwork that we call the Internet. ISPs trust that the BGP advertisements they receive from other ISPs are correct.

Trust is cheap

Researchers have developed encrypted forms of BGP, but ISPs would rather not implement these more secure protocols because more powerful and expensive routers would be needed. While Cisco and other router manufacturers would welcome the additional sales revenue, ISPs would pass along their increased costs to businesses and consumers.

Many Internet protocols and services rely upon trust. Email is a good example. The core e-mail protocols do not check message content or the identities of senders and recipients. Email messages are sent across the Internet as alphanumeric text. Over the years, as a few users decided to exploit the open nature of email, we have added protocols and services to identify spam, check user identity and encrypt messages and passwords.

Pakistan goes offline

It is very rare for a major mistake like this to happen, because ISP managers and staff understand the value of reputation and trust. This redirect was probably not an accident or an error by PieNet staff – it was almost certainly an intentional hijacking designed to make a political statement. A bogus BGP advertisement is a very loud and rude way to make such a statement.

Richard Stiennon of ZDnet notes that PieNet probably brought all Internet traffic in Pakistan to a grinding halt, as Pakistan Telecom could not handle millions of requests for YouTube.

YouTube engineers detected the redirection quickly and asked for help from major ISPs. Their next step was to find the bad BGP instructions. This was a trivial exercise, as PieNet’s identifiers were all over the advertisement.

PCCW Telecom, the main Internet provider for Pakistan, removed Pakistan’s ISPs from the Internet until the new BGP advertisements propagated to ISPs across the world. Once YouTube’s route was restored, users could watch their videos again.

Internet users in Pakistan will have slower Internet connections for the next few days, and network engineers around the world will keep close tabs on Pakistani ISPs.

This site is now available in a mobile web format at http://m.billso.com/ – please give it a try with your mobile phone or PDA.

Apple iPhone users can view this site in its regular desktop mode at billso.com, or try the mobile version.

As I mentioned on 27 November 2007, the mobile web is not quite ready for the masses yet. There is no standard URL for mobile web sites, for example. Some sites like Facebook use “m.” as a subdomain that serves up a mobile site. Other mobile sites are using the .mobi top level domain. I have a short list of mobile web sites at http://billso.com/mobile/

I own http://billso.mobi and I’ve set that name to redirect to http://m.billso.com

It’s difficult to design web sites that resolve well on small screens, especially given the number of different devices, platforms and carriers that exist in the mobile Internet market.

Difficult does not mean impossible

I’ve tweaked my web site with some WordPress plug-ins. Plug-ins are prepackaged files of PHP programming code that third-parties have written to extend the WordPress blog software. I’ve made m.billso.com work on several hundred pages of content with 3 hours of effort.

The mobile version does load quickly on PDAs and phones, while preserving most of the site content. Those were my primary goals. I’m pleased with what I’ve accomplished using free software and web services.

Feel free to log on with a real computer and leave a comment about the mobile site. I’d like to know if the mobile version of this site is usable and useful for my readers.

A few of the site’s features do not work well on the mobile version. I’m looking for workarounds to address some of these problems.

1. The menu on the top of each page becomes a long set of entries.
2. The event calendar in the right sidebar turns into a single column of text, for example. This happens with the standard WordPress calendar widget, too.
3. Tables do not resolve well in mobile browsers, either. That’s one reason that the calendars on the Spring 2008 course pages are written in a boring text format.
4. The scenic image at the top of each page shrinks a bit.
5. Mobile users cannot enter comments. The reCAPTCHA plugin that I use to stop comment spam does not support mobile web browsers. The comment fields will appear on the mobile site, but comments will not be posted. i’ve seen very few mobile blogs that support comment entry, so I am not very worried about fixing this issue.

From Wired: developers are launching a beta version of QTrax, after reaching deals with the major music labels to allow free music downloads.

QTrax is an ad-supported P2P application that works within the Firefox web browser on Windows computers. Internet Explorer and Safari are not supported. Macs will be supported on 18 March, according to this article from New York’s Silicon Allwy Insider.

That article also reveals that Universal was the final of the 4 major labels to sign with QTrax.

The music files use Windows Media DRM, so they probably won’t work on iPods. A QTrax spokesmen claims iPod compatibility is high on the service’s list, and this Associated Press article says that QTrax has developed a workaround for iTunes compatibility. Apple has released patches to break previous iTunes workarounds by other companies.

QTrax has signed over most of the music revenues to the labels, so the service will earn the bulk of its margin by selling highly targeted web advertising. Of course, it is trivial to block ads in Firefox web pages by using an extension like AdBlock Plus. Whether AdBlock will work with the QTrax Songbird engine is another question. OpenDNS should block the ads, as I mentioned on 3 September 2007.

When I checked QTrax.com a few minutes ago, I saw a single image that claimed the service was overwhelmed by demand - check in tomorrow.

I mentioned OpenDNS on 3 September and 13 July of 2007. This is a free service that looks up domain names. Domain names represent the numeric IP (Internet Protocol) addresses that are used on every server. The Domain Name System (DNS) is highly distributed, and a good target for all sorts of legal and illegal opportunities.

OpenDNS is much faster than the domain name servers I’ve used at other ISPs. Every ISP has to provide DNS services to subscribers. The DNS servers are an important part of maintaining a fast connection, but some ISPs just do not manage their DNS servers well.

OpenDNS a great way to speed up an Internet connection, especially for residential and WiFi users, by outsourcing every domain name lookup request to a dedicated set of very fast servers in North America and Europe.

It’s hard to beat secure, fast and free.

OpenDNS also includes some nice security features. The service will block phishing and adult web sites, using a constantly updated list of known servers. This is a more elegant solution that proprietary security software that usually slows down a Windows or Mac computer.

Late last year, OpenDNS asked users to recommend the service to schools and universities. A recent article in THE Journal reports that over 10,000 educational organizations have adopted OpenDNS services.

Crackers have started to attack domain name servers, inserting false domain name entries that redirect users from well-known sites to forgeries. Schools and educational institutions are an attractive target for these attacks, as their IT security is sometimes less than adequate. In the past, school email servers have been a primary target for botnets. Hackers break into these servers, which can then be used to send spam. The legitimate users of these servers may not realize their email system has been compromised until their ISP cuts off their email access.

Installing OpenDNS on a personal computer is easy to do. I would not recommend that employees do this on their company computer without the support of their IT department, as some companies maintain specific entries in their own domain name servers.

The New York Times ran an interesting story today about ad blocking software for web browsers.

I’ve used variations of ad blocking over the last few years, in an effort to speed up my Internet browsing. After all, every ad on a web page takes time to download. Some ads use Flash or Java to provide animation, and those ads can take additional time for a browser to download, process and present.

AdBlock Plus, which is discussed in the Times, is one of the easier tools to use, but it only works in Firefox, my favorite web browser.

Updated 8 September 2007: AdBlock Plus supports several third-party lists of domain names – see this page for details. Subscribing to a list such as EasyList or EasyElement is a quick way to set up a comprehensive ad blocking system in Firefox.

There are other tools available for Internet Explorer, but I won’t discuss them here.

In the past, I’ve used a more comprehensive approach that blocks ads from appearing on a computer or a network. This method uses a hosts file, as described in this Lifehacker post and in this page, to block well-known ad servers, based on their domain names. This isn’t a good idea unless you own your computer and you understand what you’re doing. I wouldn’t do this on a corporate or public computer.

Updated 8 September 2007: Yoyo.org has a page with detailed information about ad blocking at the router and computer level.

It’s also possible to do this with an OpenDNS account. Just add the domains that the router or your computer should block. I mentioned OpenDNS on July 13.

Ad blocking is easy to do

For both the hosts and DNS methods, the strategy is simple. I’m trying to stop my router or computer from looking up the ad servers, thus blocking the ads themselves. Usually I’ll see a blank space or a 404 (file not found) message in place of the ad. In the example below, OpenDNS has blocked an ad server before my browser could open the ad.

Some of my readers may have noticed that I do include Google Ads on this web site. The Google Ads are located at the bottom of each page, and Google tries to select appropriate ads based on my site’s content.

Last week, I also added some dynamic ads from Amazon.com that show prices for my courses’ textbooks. Here’s an example.

I’m hosting these ads to see how the systems work before I include ads on some of my customers’ web sites. I do receive a small amount of cash if anyone clicks on the ads, somewhere between 5¢ and US$1, so this really isn’t a revenue stream for me.

Updated 8 September 2007: To my chagrin, I noticed that the default settings in AdBlock Plus will block my Amazon ads. It’s easy to fix this by deactivating or removing the entry for rcm.amazon.com.

But ad blocking can affect the revenue streams of some web sites, especially if a significant number of users are blocking ads. A few small web sites are throwing the baby out with the bathwater by blocking Firefox users, usually redirecting them to whyfirefoxisblocked.com, based on the ridiculous assumption that every Firefox user has also installed and is using AdBlock.

This kind of filtering by a web server isn’t an invasion of privacy. It’s trivial work for a web server to determine the kind of browser that a user is running, because the browser itself includes that information whenever it requests a file from a web server.

Blocking Firefox is not an option for larger web sites

While Internet Explorer still holds the most market share, a significant number of users, including myself, usually use Firefox for their web browsing. No sane advertiser wants to block users who are smart enough to install and run an alternative browser, as smart users might have more disposable income or more influence on their company spending.

There are some ways to circumvent ad blocking. Most ads come from third-party web servers. Webmasters can choose to server the ads themselves. Anyone who wants to see the site will have to see the ads, because these users won’t want to block the web site itself.

As the Times mentions, Microsoft itself is caught in the middle of this problem. Microsoft doesn’t include ad blocking software in Internet Explorer, but the company hasn’t prevented users from loading that software, either. But Microsoft also has a significant revenue stream from ads that its MSN sells.