Celebrating World IPv6 Day by Testing the Candidates

So today (June 8th, 2011), is the first “World IPv6 Day”. This is (was) a day where the techies all over the world were encouraged to try and see what worked with IPv6 and what didn’t. The good news is that the publicity has definitely helped demonstrate that this is an important topic for the future of the Internet. As more and more non-techies are aware, we ran out of IPv4 addresses a while ago (yes yes, I know that is not entirely an accurate statement), and the only long-distance solution is something called IPv6. Which I won’t explain here.

So what did I do to celebrate this monumental event? First, I checked the “who’s supporting it” list and was happily surprised to see a Fairly Long List of participating organizations. Granted, compared to the much longer list of organizations connected to the internet, this is nothing, but it’s a start… Then, I launched my web browser and hit a few random sites to see how they worked over my IPv6 connection. I was happy to see they worked fantastically.

But, I thought, what a boring test. How do I know that my dual-stack IPv4/IPv6 machine is really doing everything it can to reach these sites using only IPv6? I had two choices: pull the IPv4 plug out (no, non-techies, it’s not actually a different plug; sorry for the confusion) or do the right thing and actually test the real data. So I did the right thing. Or at least part of the right thing.

I quickly hacked up a script (now available from my GitHub ipv6day repository) to test a few important elements of how well an organization would truly fair in an IPv6 only world. Connectivity can fail to anyone at any time, and I wasn’t trying to test connectivity. I wanted to test whether they were truly advertising all the needed services of their organization as IPv6 capable. So I tested 3 things (arguably the 3 most important things):

  • Did they have a “www” record with a AAAA address (which is an IPv6 address)?
  • Did they have at least 1 NS (DNS) entry for their domain with a AAAA record?
  • Did they have at least 1 MX (email) entry for their domain that was reachable by IPv6?

Turns out, most sites concentrated on only the first question and skipped the other two. Not entirely a true commitment to testing IPv6. Still, I suppose, better than nothing. But I still won’t list them as “success cases”. If you had only IPv6 on your machine, you certainly couldn’t read their website without at least the first two, and you couldn’t send them mail complaining about it unless you had the last two.

As long as I was at it: DNSSEC

I figured as long as I was testing things, I wanted to test out my ability to use my other new favorite technology: DNSSEC. How many of these domains would at least have:

  • At least one published DNSKEY?
  • A parent that had a DS record pointing to them?

Note that I wasn’t testing the actual data. Just “if they were thinking about it”, as I wasn’t even checking to see if DNSSEC signatures were being published. And it’s not entirely fair if their parent won’t accept a DS record to publish (but that’s too bad; fix your parent).

Results

The full result table is long. So what do you do with long results? Summarize them of course! So here’s the summary table (the numbers in green are the number of sites that succeeded in all the tests).

  Good Results Counts
0 1 2 3
IPv6 38 212 176 41
DNSSEC 424 7 36  

It’d be nice if every one of those entries had maximized the IPv6 tests (3) and DNSSEC tests (2). But as you can see, we fell far short of that.

So who gets the gold stars? Of all the 436 domains that had listed themselves as testable, who actually truly tried their best? It’s only fair that I specifically call out “good job” to those that I consider having passed the “World IPv6 Day Test”. These weren’t hard tests. They weren’t even under undergrad course-level worthy. They’re far below questions that might be given during a 101 class test, and were more like a Elementary School course-level test questions. But those that passed are still worth naming.

41 passed the IPv6 test and 36 passed the DNSSEC test. That’s right, of all the companies that said they’d participate in “World IPv6 Day”, only 41/436 (9.4%) passed my simple tests. i don’t think the techie world scored an a+ today.

But, as in every class, there were a few over-achievers. i’ll call out their names as they cross the stage first, because not only did they pass the 3 simple ipv6 tests, they also passed my dnssec tests, which was really a pop-quiz they didn’t know they’d be taking. Kudos to the folks on this list! I passed out the most gold stars to this fine list of students:

Domain IPv6 DNSSEC Both
gotanet.se
imperial.ac.uk
lansstyrelsen.se
leissner.se
lst.se

And now the list of companies that at least passed either the full set
of IPv6 tests or the full set of DNSSEC tests:

Domain IPv6 DNSSEC Both
afilias.info
antixlabs.com
beamartyr.net
bluecatnetworks.com
broeltal.de
caib.nasa.gov
census.gov
cesca.cat
commerce.gov
cysols.com
dhs.gov
doi.gov
dol.gov
dpf.gov.br
ed.gov
energy.gov
faa.gov
fab-corp.com
feb.gov
gigatux.com
gsa.gov
gustavus.edu
hostingxs.nl
hostmaster.ua
httrack.com
hurricanelabs.com
ig.com.br
iltalehti.fi
indiana.edu
info.info
infoblox.com
inl.gov
internet2.edu
ipv6world.nl
isoc.se
jobs.qualcomm.com
jp.apan.net
kernel.org
km.nasa.gov
lemonentry.eu
lmu.de
lsu.edu
midlandcomputers.com
neustar.biz
nist.gov
nlm.nih.gov
opm.gov
orion.on.ca
pir.org
plurk.com
proofpoint.com
reading.ac.uk
rohitab.com
sanger.ac.uk
skymarket.co.uk
state.gov
supranet.net
t-online.de
tamagawa.jp
thehavennet.org.uk
tunix.nl
ucf.org
ulak.net.tr
ultradns.com
verisigninc.com
w3.org
webmetrics.com

Detailed Results

And for those that want to look at all the individual records, I present the full test result table:

  IPv6 DNSSEC
Domain DNS WWW MX DNSKEY DS
youtube.com 0 1 0 0 0
facebook.com 0 1 0 0 0
yahoo.com 0 2 0 0 0
akamai.com 0 2 0 0 0
limelightnetworks.com 0 2 0 0 0
youtube.com 0 1 0 0 0
cisco.com 0 1 0 0 0
meebo.com 0 1 0 0 0
genius.com 0 1 0 0 0
w3.org 1 1 1 0 0
unam.mx 0 1 0 0 0
rpi.edu 2 2 0 0 0
nyi.net 0 1 0 0 0
hosteurope.de 0 1 0 0 0
xiphiastec.com 0 0 0 0 0
tomshardware.com 0 1 0 0 0
seecs.edu.pk 0 1 0 0 0
twenga.com 2 2 0 0 0
plurk.com 2 1 2 0 0
terra.com.br 0 1 0 0 0
jolokianetworks.com 2 1 0 0 0
juniper.net 0 1 0 0 0
bing.com 0 2 0 0 0
gigatux.com 3 1 3 0 0
voxel.net 0 1 0 0 0
lemonentry.eu 2 1 1 0 0
2g2u.net 2 1 0 2 0
2020media.com 2 1 0 0 0
vonage.com 0 1 0 0 0
sapo.pt 2 1 0 0 0
tagadab.com 0 1 0 0 0
mercuryz.com 2 1 0 0 0
outpost10f.com 1 1 0 0 0
pir.org 4 0 0 2 2
sesamestreet.org 0 1 0 0 0
sesamestreet.com 0 1 0 0 0
arces.net 0 1 0 0 0
nic.mx 1 2 0 0 0
bluecatnetworks.com 0 1 0 2 1
nolet5.nl 0 1 1 0 0
mozilla.com 0 1 0 3 0
unapec.edu.do 1 1 0 0 0
lexmedia.ro 0 1 0 0 0
astaro.com 0 1 0 0 0
astaro.de 0 1 0 0 0
astaro.org 0 1 0 0 0
hurricanelabs.com 3 1 0 2 1
va.gov 0 1 0 0 0
rosslynanalytics.com 2 2 0 2 0
appalachianwireless.com 3 1 0 0 0
officescape.com 2 1 0 2 0
sliqua.com 0 1 0 0 0
exactabacus.com 0 0 0 0 0
weathercity.com 2 1 0 0 0
lcn.com 0 1 0 0 0
serverchoice.com 0 1 0 0 0
isomedia.com 0 1 0 0 0
fortinet.com 0 1 0 0 0
harvard.edu 2 1 0 0 0
commandchannel.com 0 0 0 0 0
biglobe.ne.jp 0 1 0 0 0
yellowbot.com 1 1 0 0 0
urbandictionary.com 0 1 0 0 0
dailykos.com 0 1 0 0 0
comcast.net 5 0 0 0 0
netcetera.co.uk 0 1 0 0 0
miniclip.com 0 1 0 0 0
midlandcomputers.com 2 1 3 0 0
internet2.edu 3 1 0 4 4
canarie.ca 2 1 0 0 0
gustavus.edu 3 1 2 0 0
laurentian.ca 0 1 0 0 0
huawei.com 0 2 0 0 0
interop.jp 0 1 0 0 0
mapy.cz 1 1 0 0 0
shazzlemail.com 0 0 0 0 0
bangzoom.com 0 0 0 0 0
telkom.co.id 1 1 0 0 0
plasa.com 1 1 0 0 0
telkomspeedy.com 1 1 0 0 0
httrack.com 3 1 2 0 0
luns.net.uk 2 1 0 0 0
a10networks.com 2 1 0 0 0
radiusgateway.com 0 1 0 0 0
dyni.net 2 1 0 0 0
mihostcgi.com 0 0 0 0 0
verisigninc.com 1 1 0 2 1
unclesamnames.com 0 0 0 0 0
devoteam.ch 0 1 0 0 0
campus-party.org 0 1 0 0 0
campus-party.com.co 0 1 0 0 0
campus-party.com.br 0 1 0 0 0
campus-party.es 0 1 0 0 0
opendns.com 0 1 0 0 0
us.ntt.net 5 1 0 0 0
isacc.ca 2 1 0 0 0
cccnt.ca 2 1 0 0 0
wikisail.fr 2 1 0 0 0
tellabs.com 0 1 0 0 0
mutali.rw 0 0 0 0 0
thehavennet.org.uk 3 1 3 0 0
townnews.com 0 0 0 0 0
ip-only.net 0 1 0 0 0
netpr.pl 1 1 0 0 0
hostingxs.nl 2 1 4 0 0
ig.com.br 2 1 0 1 1
infoblox.com 1 1 0 3 2
ericsson.com 1 2 0 0 0
nyu.edu 0 1 0 0 0
beirutix.net 1 1 0 0 0
frequence3.fr 3 1 0 0 0
ulak.net.tr 2 1 1 0 0
ripplecom.net 0 0 0 0 0
xs-software.com 0 1 0 0 0
agame.com 2 0 0 0 0
gry.pl 2 6 0 0 0
girlsgogames.nl 1 6 0 0 0
jeu.fr 2 6 0 0 0
spielen.com 2 6 0 0 0
games.co.uk 2 6 0 0 0
flashgames.ru 2 6 0 0 0
girlsgogames.it 2 6 0 0 0
cesca.cat 2 1 2 0 0
tatacommunications.com 0 1 0 0 0
sprint.com 0 1 0 0 0
orange.md 1 1 0 0 0
ccaba.upc.edu 1 1 0 0 0
hostmaster.ua 2 1 1 2 0
detik.com 2 1 0 0 0
alexville.com 0 0 0 0 0
hkirc.hk 1 0 0 0 0
hkdnr.hk 1 0 0 0 0
landshut.org 0 1 0 0 0
itgi.org 2 1 0 0 0
takinggovernanceforward.org 2 1 0 0 0
recro-net.hr 0 1 0 0 0
commerce.gov 6 1 0 3 2
census.gov 1 1 0 6 6
ntis.gov 0 1 0 0 0
itmastaren.se 2 1 0 0 0
twtelecom.com 2 1 0 0 0
ipv6world.nl 2 1 1 0 0
hostpoint.ch 2 1 0 0 0
opm.gov 0 0 0 5 2
feb.gov 0 0 0 5 1
turkcell.com.tr 0 1 0 0 0
www2.ntia.doc.gov 0 0 0 0 0
nic.cl 3 1 0 0 0
dualtec.com.br 1 1 0 0 0
nomer.com.br 1 1 0 0 0
faa.gov 0 2 0 3 2
cpanel.net 1 1 0 0 0
level3.com 0 1 0 0 0
adm-host.com 0 1 0 0 0
netnam.vn 0 1 0 0 0
fab-corp.com 2 1 1 0 0
superonline.com 0 1 0 0 0
cyberport.hk 0 0 0 0 0
marshall.edu 2 1 0 0 0
cyber.net.pk 0 1 0 0 0
f5.com 3 1 0 0 0
telcordia.com 0 1 0 0 0
neustar.biz 2 1 1 0 0
ultradns.com 2 1 1 0 0
webmetrics.com 2 1 1 0 0
quova.com 0 1 0 0 0
ultratools.com 2 1 0 0 0
melbourneit.info 0 1 0 0 0
bbn.com 2 1 0 0 0
campaya.co.uk 5 1 0 0 0
spain-holiday.com 5 1 0 0 0
xbox.com 0 2 0 0 0
subtel.cl 0 1 0 0 0
nlm.nih.gov 0 1 0 2 2
zerodayclothing.com 0 1 0 0 0
ncsu.edu 2 1 0 0 0
catnix.com 0 0 0 0 0
georgianc.on.ca 1 1 0 0 0
dlink.com 0 1 0 0 0
lsu.edu 4 1 0 2 1
chameleon.eu 2 1 0 0 0
indiana.edu 2 2 0 3 2
bandaancha.eu 2 1 0 0 0
teliasoneraic.com 0 1 0 0 0
farmfrites.com 0 1 0 0 0
tunix.nl 3 1 2 0 0
blox.eu 2 1 0 0 0
datapipe.net 0 1 0 0 0
localweb.com 2 1 0 0 0
xo.com 0 1 0 0 0
roaringpenguin.com 0 1 1 0 0
nttplala.com 2 1 0 0 0
kendo.jp 0 1 1 0 0
kernel.org 4 2 2 0 0
top-ix.org 0 1 0 0 0
t-online.de 1 1 2 0 0
unipi.it 3 1 0 0 0
sucomo.com 0 0 0 0 0
linuxzogno.org 4 1 0 0 0
salientfed.com 0 1 0 0 0
yp.com 0 1 0 0 0
answers.com 0 1 0 0 0
conexim.com.au 4 1 0 0 0
tele-pc.nl 0 1 1 0 0
atlasnetworks.us 0 1 0 0 0
tdc.dk 3 1 0 0 0
dominios.es 1 1 0 0 0
mybrighthouse.com 0 0 0 0 0
iweb.com 0 1 0 0 0
pachube.com 2 1 0 0 0
americanis.net 0 1 0 0 0
zeus.com 1 3 0 0 0
it-blog.net 2 1 0 0 0
it-in.ru 4 0 0 0 0
login.com 1 1 0 0 0
clara.co.jp 1 1 0 0 0
usnews.com 4 2 0 0 0
fibertech.com 0 1 0 0 0
anonymizer.com 0 1 0 0 0
widexs.nl 2 1 0 0 0
sanger.ac.uk 4 2 1 0 0
computerbase.de 0 1 1 0 0
haproxy.1wt.eu 0 0 0 0 0
telstraclear.co.nz 0 1 0 0 0
insuremytrip.com 1 1 0 0 0
sony.co.jp 3 1 0 0 0
alaxala.com 0 1 0 0 0
luthersem.edu 2 1 0 0 0
alliedtelesis.com 2 1 0 0 0
blacklotus.net 2 1 0 0 0
gsa.gov 0 1 0 3 2
yahoo.co.jp 0 1 0 0 0
bullpi.com 2 1 0 0 0
gotanet.se 2 1 2 2 2
leissner.se 2 1 2 2 2
tx-learn.net 0 1 0 0 0
onlinetech.com 1 1 0 2 0
treasury.gov 0 2 0 0 0
globalcrossing.com 4 2 0 0 0
peer1.com 0 1 0 0 0
unc.edu 0 1 0 0 0
netbenefit.com 0 1 0 0 0
qualcomm.com 0 2 0 0 0
jobs.qualcomm.com 0 0 0 1 1
ashmolean.org 0 1 0 0 0
ashmolean.eu 0 1 0 0 0
ashmolean.info 0 1 0 0 0
ashmolean.museum 0 1 0 0 0
ses.com 0 1 0 0 0
alindale.ca 0 1 0 0 0
hostopia.com 0 1 0 0 0
ed.gov 0 1 0 2 2
chpc.utah.edu 2 1 0 0 0
aol.com 0 1 0 0 0
red.es 3 1 0 0 0
ontsi.es 3 1 0 0 0
ivancorp.net 0 0 0 0 0
internet24.de 0 1 0 0 0
helinet.de 0 1 0 0 0
orion.on.ca 2 1 1 0 0
inl.gov 0 1 0 2 2
mastercard.us 1 0 0 0 0
egatedomains.ca 0 1 0 0 0
usda.gov 0 2 0 0 0
forestdaleinc.org 0 0 0 0 0
opus1.com 1 1 0 0 0
dci.co.uk 4 1 0 0 0
state.gov 0 2 0 3 2
mudynamics.com 0 1 2 0 0
kaweb.co.uk 0 1 0 0 0
charter.com 0 1 0 0 0
thesis-plc.com 0 1 0 0 0
lmu.de 3 1 2 0 0
towerstream.com 0 0 0 0 0
doi.gov 6 1 0 3 2
ctc.biz 1 1 0 0 0
zynga.com 2 1 0 0 0
forums.zynga.com 0 0 0 0 0
m.mafiawars.com 0 0 0 0 0
q9.com 0 1 0 0 0
phpbb.de 0 1 0 0 0
filetransferconsulting.com 2 1 0 0 0
noticias.juridicas.com 0 1 0 0 0
online.no 0 1 0 0 0
knowledgeit.co.uk 0 1 0 0 0
fasthosts.co.uk 0 1 0 0 0
nominum.com 2 1 0 0 0
quonix.net 3 1 0 0 0
bluecoat.com 2 1 0 0 0
globalconnect.dk 0 1 0 0 0
cira.ca 1 1 0 0 0
dedic.com.br 0 1 0 0 0
ateliersnowflake.com 2 1 0 0 0
comodo.com 0 1 0 0 0
lanwan.fi 0 1 0 0 0
intuix.com 1 0 0 0 0
domaindiscount24.com 0 1 0 0 0
stonesoft.com 0 2 0 0 0
daum.net 0 1 0 0 0
domicilium.com 0 1 0 0 0
nic.im 0 1 0 0 0
beamartyr.net 1 1 1 0 0
inuits.eu 0 1 0 0 0
colt.net 0 1 0 0 0
qwest.com 0 1 1 0 0
she.net 0 1 0 0 0
nuevasync.com 0 1 0 0 0
wtrade.com 4 1 0 0 0
minoritydealers.com 0 1 0 0 0
ipv6.es 3 1 0 0 0
suse.org 0 0 0 0 0
broeltal.de 1 1 1 0 0
memset.com 0 2 0 0 0
kfz.net 0 1 0 0 0
mcgill.ca 0 1 0 0 0
lanets.ca 2 1 0 0 0
unlu.edu.ar 2 1 0 0 0
sandvine.com 4 1 0 0 0
tsnet.it 1 1 0 0 0
pdms.com 0 1 0 0 0
grin.com 1 1 0 0 0
mtv3.fi 3 1 0 0 0
iltalehti.fi 3 1 1 0 0
grz.at 2 1 0 0 0
proofpoint.com 2 1 2 0 0
krystal.co.uk 0 1 0 0 0
umd.edu 0 1 0 0 0
isoc.se 2 1 1 0 0
cbn.net.id 5 1 0 0 0
epfl.ch 2 1 0 0 0
naver.com 0 1 0 0 0
orange-business.com 0 1 0 0 0
view.atdmt.com 0 0 0 0 0
colliertech.org 3 1 0 0 0
IronNails.com 0 0 0 0 0
IronNails.se 1 1 0 0 0
level365.com 2 1 0 0 0
ultracopier.first-world.info 0 1 0 0 0
orbitdiensten.com 0 0 0 0 0
onr.com 2 1 0 0 0
brookdalecc.edu 0 1 0 0 0
qut.edu.au 0 1 0 0 0
so-net.ne.jp 0 1 0 0 0
sctv.vnnic.net 0 0 0 0 0
jp.apan.net 4 1 2 0 0
supranet.net 3 1 3 0 0
niedersachsen.de 1 1 0 0 0
accelerateddesign.com 7 1 0 0 0
di.unito.it 0 1 0 0 0
pokeritieto.com 0 1 0 0 0
initialdraft.com 2 1 0 0 0
madonnaradio.com 0 0 0 0 0
najdi.si 1 2 0 0 0
freelancersunion.org 0 1 0 0 0
xadmi.pl 1 1 0 0 0
antixlabs.com 2 1 2 0 0
uni-koeln.de 1 1 0 0 0
checkpoint.com 0 1 0 0 0
anevia.com 0 1 0 0 0
reading.ac.uk 3 1 2 0 0
genua.de 0 1 0 0 0
mri.co.jp 0 1 0 0 0
coyotepoint.com 2 1 0 0 0
telecomputing.no 0 1 0 0 0
edbergogroup.com 0 1 0 0 0
afilias.info 5 1 0 2 2
info.info 5 1 0 2 2
inregistry.in 0 1 0 0 0
chinaseite.de 0 1 0 0 0
dot.gov 2 2 0 0 0
uscable.com 0 1 0 0 0
satec.es 2 1 0 0 0
tarad.com 0 1 0 0 0
neterra.net 0 1 0 0 0
azadnet.net 0 1 0 0 0
qxip.net 2 1 0 0 0
cysols.com 1 1 1 0 0
menandmice.com 0 1 1 0 0
dimetel.uc.edu.ve 0 1 0 0 0
fibernetservers.com 2 1 0 0 0
telefonica.com 0 1 0 0 0
zon.pt 0 1 0 0 0
fresno.gov 0 1 0 0 0
exceliance.fr 3 1 0 0 0
portunity.de 2 1 0 0 0
dpf.gov.br 2 1 0 2 1
espritxb.nl 0 1 0 0 0
motive.com 0 1 0 0 0
kvh.co.jp 0 1 0 0 0
map.nc4u.jp 0 0 0 0 0
kanazawa-u.ac.jp 1 1 0 0 0
dhs.gov 0 2 0 2 2
nic.ua 2 1 0 0 0
redstone.com 0 1 0 0 0
gov.bc.ca 0 2 0 0 0
nzpost.co.nz 0 1 0 0 0
webair.com 0 1 0 0 0
microsoft.com 0 3 0 0 0
imperial.ac.uk 3 2 4 2 2
home.pl 3 0 0 0 0
af.mil 0 2 0 0 0
navy.mil 0 2 0 0 0
defense.gov 0 2 0 0 0
zte.com.cn 0 0 0 0 0
wwwen.zte.com.cn 0 0 0 0 0
nephos6.com 0 1 0 0 0
dol.gov 0 2 0 4 6
nas.nasa.gov 2 1 0 0 0
km.nasa.gov 0 2 0 3 3
apod.eos.nasa.gov 0 1 0 0 0
earthobservatory.eos.nasa.gov 0 0 0 0 0
caib.nasa.gov 0 2 0 1 1
energy.gov 0 1 0 3 2
lst.se 3 1 4 2 2
lansstyrelsen.se 2 1 4 2 2
textalk.se 0 1 0 0 0
ncta.com 4 1 0 0 0
udg.mx 0 1 0 0 0
uni-erlangen.de 0 1 3 0 0
uni-erlangen.org 0 1 3 0 0
offerbox.com 2 2 0 0 0
ote.gr 0 1 0 0 0
bitcanal.pt 3 1 0 0 0
radware.com 1 1 0 0 0
wiscnet.net 0 0 0 0 0
newhost.ro 0 1 0 0 0
nps.gov 0 1 0 4 0
intelishift.com 2 1 0 0 0
fiu.edu 0 1 0 0 0
vcigp.com 2 1 0 0 0
rohitab.com 5 1 1 0 0
internet4you.com 0 1 1 0 0
ucf.org 2 1 1 0 0
vancouver-webpages.com 1 0 1 0 0
calyptix.com 1 1 0 0 0
webfusion.co.uk 0 1 0 0 0
cnn.com 0 2 0 0 0
alkmaar.nl 0 1 0 0 0
metu.edu.tr 2 1 0 0 0
blackberry.com 0 2 0 0 0
almavivaitalia.it 0 1 0 0 0
vc3.com 0 1 0 0 0
promptlink.com 4 1 0 0 0
skymarket.co.uk 2 1 1 0 0
netregistry.com.au 3 1 0 0 0
ru 0 1 0 0 0
bit.ly 2 4 0 0 0
nist.gov 1 1 0 2 2
mobily.com.sa 0 1 0 0 0
parc.com 0 1 0 0 0
soitron.com 3 1 0 0 0
soitron.sk 3 1 0 0 0
europa.eu 2 2 0 0 0
gip.com 0 1 0 0 0
telus.com 0 1 0 0 0
nec.com 0 1 0 0 0
mozilla.jp 0 3 0 0 0
media.hiroshima-u.ac.jp 0 1 0 0 0
fxmfg.co.jp 2 1 0 0 0
tamagawa.jp 0 0 0 2 2
tamagawa.ac.jp 0 0 0 0 0
mfeed.ad.jp 3 1 0 0 0
mfeed.co.jp 3 1 0 0 0
jpnap.net 3 1 0 0 0
jst.mfeed.ad.jp 3 1 0 0 0
aoyama.ac.jp 2 1 0 0 0
aoyamagakuin.jp 2 1 0 0 0

Leave a Comment

Internet Rule Number One: Hack on Code, Not on Protocols

Recently I ran into two different cases of other people running other networks that affected me directly in a negative way. Now, we all know that people make mistakes and hardware failures can and will happen. However, in these two cases it wasn’t from “broken code” but rather “broken as designed”. The IETF, a standards organization that I’ve spent some time working with, goes through lots of thought and trouble to design internet protocols so they’re interoperable if you follow the rules. The problem is that sometimes network administrators decide they can “hack around” the way a protocol is supposed to work in order to achieve some goal. Frequently, however, they miss critical aspects of how the protocol is supposed to work or (worse) consciously ignore how protocols are supposed to work because they don’t care about the other networks they break. As long as they’re not breaking their own, of course.

But, to begin my story, I think I need to first highlight the important protocols I’ll be talking about.

The Players

  • IPv4 and IPv6: These are the big players these days when it comes to “things that are going to break on their own soon”. IP addresses are those silly string of numbers that tell the internet who you’re actually sending packets to. Normally, the average Joe doesn’t think about these because the average Joe is lucky enough to type “Domain Names” into their web browser instead of silly strings of numbers. The thing you need to know about IP addresses is that in the near future (possibly by the time I’m done typing if I don’t hurry up) we’ll run out of IPv4 addresses to hand out to things like your cell phones, washing machines and toasters. Unfortunately much of the world isn’t ready for the transition from IPv4 to IPv6, even though it’s been coming for a very very very long time. We all procrastinate, after all.
  • Domain Name System (DNS): The DNS is how we translate those useful names (like pontifications.hardakers.net into silly numbers. Like 67.205.57.145. Or 2001:470:1f00:187::1 (yes, those really are all numbers if you expand your mind a bit).
  • Simple Mail Transfer Protocol (SMTP): This is the guy that is making post offices around the world quiver wondering when their funding from selling postage stamps will dry up. Although this E-Mail thing has been catching on, we’re also finding that more and more people are relying on other services now, like FaceBook, for communicating instead. Interestingly enough, both of my issues below relate to communication. One with E-Mail and one with FaceBook.

    Enter the Era of E-Mail

    Now, E-Mail, it turns out, gets sent around quite a bit. I know that I still get quite a bit of it these days. Unfortunately, some entrepreneurial folks have figured out that the powers from the dark side enable them to use E-Mail for negative reasons as well. I’m speaking of SPAM of course, which currently accounts for about 75% of my E-Mail. [On a side note: I suspect that spam via paper-mail (otherwise known as bulk-advertising) is the one thing keeping most of the world’s post offices still in business.]

    Now, unless you’re a protocol geek like I am, you may not know that E-Mail that needs to get sent from one server to the next also uses DNS records that translate human-readable domain names (like hardakers.net) into IP addresses (like 168.140.236.43 and 2001:470:1f00:187::1). So, lets say you need to email youraunt@hardakers.net the first thing that your ISP does when you ask it to deliver a letter is to look up the IP address.

    What’s supposed to happen

    Normally when you look up where to send something you’ll get a few answers, nicely prioritized by where you should try them first:

     # dig +short hardakers.net mx
     5  mail6.hardakers.net.
     10 dns66.hardakers.net.
     20 dnsm3.hardakers.net.
    

    This shows us (or more appropriately, your ISP) to try and send the mail first to mail6.hardakers.net (priority level 5) and if that fails to trydns66.hardakers.net and then finally to dnsm3.hardakers.net. The server then starts by looking up the numeric address for the first one and then trying to talk to it. If one doesn’t work, it should skip to the next one an keep trying till it has no more to try and then will give up. (And by “give up” I mean, “keep trying for another 7 days or so at regular intervals”.)

    So, lets look up the address of the first one. We’ll look up both the IPv4 and the IPv6 address for it:

     # dig +short mail6.hardakers.net A
     # dig +short mail6.hardakers.net AAAA
     2001:470:1f00:187::1
    

    Note how, in this case, there is no IPv4 address (the line ending with an A didn’t get an answer). There is only an IPv6 address (the answer to the line ending with AAAA). This is perfectly legal, and was actually set up this way intentionally. I wanted to be ready for the cometh of IPv6 and was encouraging mail agents around the world to try me first over IPv6. I thought that was rather good of me: exercise early, exercise often (which reminds me: I’m late for my bike ride).

    So, this has been working quite well for many years (I’ve been quite anxious for IPv6 to take off). Not only that, it likely even reduced some of my spam since many spammers don’t try the remaining listed addresses and rarely have IPv6 support. Spammers don’t even pretend to be compliant with anything. Especially morals.

    Enter btconnect, a UK ISP

    BTConnect is (supposedly) the biggest ISP on the other side of the pond from the United States. They decided to add in another rule to the SMTP protocol: every MX record MUST point to a valid address. IE, you couldn’t create a record for bogus.hardakers.net and use it as an MX record without adding an IP address for it. They did this to try and ensure that the remote address was legitimate and then refuse to send it for their customers (folks like you and me sitting at home on couches; they’re just British couches) if it couldn’t do a proper address lookup. But it turns out a lot of people (who now hate BTConnect) were intentionally putting in fake MX records with no matching A record to try and subvert spammers. The end result is that BTConnect clients are unable to send mail to any domains that were fighting spam in this way. I’m not going to argue which side is being legal here. They’re both doing things that are “unintended”.

    But what’s worse is that BTConnect assumes that the whole world is IPv4-based and treated my perfectly legal AAAA-only record mail6.hardakers.net entry as bogus. This prevented an associate from being able to email me (about designing protocols, ironically). Bad Bad BTConnect! (no bone!) You need to get with the game, because the IPv4 game is about over at this point. And stop hacking protocols because you’re affecting your client’s ability to conduct daily business by sending legitimate E-Mail.

    Enter the (new) Era of Facebook

    Facebook (unfortunately, IMHO) is trying to get everyone to communicate with each other solely through their website. The good news is that they’re actually trying to be up on the IPv6 front and even have an IPv6-only version of their website available. (If you can visit successfully it means you and your ISP is IPv6 enabled. But you’re probably not since 99% of the ISPs out there are not yet compliant).

    Now, many people are actually paranoid about deploying IPv6 enabled infrastructure too quickly and often attempt trickery to try and ensure that if some user out there is trying to get to them that they can. Rather than trust a user’s ISP to have correctly set up IPv6, they assume that all other ISPs out there are IPv6 broken even if they might not be. To reword that in simple terms: many places try and intentionally prevent you from reaching them over IPv6. Because they trust IPv4 and “just aren’t sure” about IPv6 yet. Hence the reason you have to go to a different domain name if you want to use IPv6 with Facebook, and they’re default web page (www.facebook.com) isn’t IPv6 compliant.

    Facebook does this IPv4-only hack in a bit more tricky, and DNS-illegal, sort of way. Here’s the nitty gritty details that will make DNS-experts cringe (but most other people won’t catch the problems). First, this all has to do with apps.facebook.com, which is where Facebook sends you to get your virtual hands dirty by tending to your screen through planting green pixels into fields of brown pixels. So, lets see what it takes to look up address records for apps.facebook.com.

     # dig @glb1.facebook.com. apps.facebook.com AAAA
     apps.facebook.com.      30      IN      CNAME   star.facebook.com.
    
     # dig @glb1.facebook.com. apps.facebook.com A
     apps.facebook.com.      30      IN      A       66.220.153.28
    

    Now, the DNS specialists here will immediately point out that what you see above is illegal in the DNS protocol world. My co-worker, who has memorized the RFCs better than I have, nicely extracted the right quote about this:

     "If a CNAME RR is present at a node, no other data should be 
     present; this ensures that the data for a canonical name and its aliases
     cannot be different.  This rule also insures that a cached CNAME can be
     used without checking with an authoritative server for other RR types."
    

    To reword that in simple terms: you can’t have a CNAME and an A name existing for the same record (even for different query types, like A and AAAA).

    Now… Did this break something? Yes.

    First, I found one web-browser/DNS-stack combination that refused to go further. The instant it got a serious error with a record while searching for an IPv6 address, it gave up and didn’t try to find an IPv4 address. Not exactly wise either, but not illegal. Ironically, this was the exact sort of thing that the Facebook DNS hackery is trying to prevent: the customer not getting to the site. And some green electronic crops probably turned brown and withered. Electronically.

    This DNS hackery also causes the most popular recursive name server in use today to be equally as annoyed with AAAA queries:

     # dig apps.facebook.com aaaa
     ...
     ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 31717
    

    Update: 2011-01-26

    They seem to have now realized that the above breaks thing. So they’ve started doing different illegal things in hopes that it would magically start working.

    # dig @ns4.facebook.com. apps.facebook.com ns
    ;; AUTHORITY SECTION:
    apps.facebook.com.      30      IN      NS      glb2.facebook.com.
    apps.facebook.com.      30      IN      NS      glb1.facebook.com.
    
    # dig @glb2.facebook.com. apps.facebook.com ns
    ;; ANSWER SECTION:
    apps.facebook.com.      30      IN      A       69.63.189.62
    

    Yes, you read that right: query for a NS record to ensure it’s accurate and you get back an A record instead. That’s what you really wanted, right?

    Conclusions

    The biggest conclusion here: if you’re going to hack, do so to speed things up. Do so to make things better. Do so to make things more interoperable. But do not assume that you’ve considered all of the corner cases with a protocol when you decide to modify the rules. The results will likely be less customers reaching your service, not more.

    Oh. And IPv6 is coming. Please get ready. But without the hackery.

Comments (2)

Limitations of SNMPv3/USM When Combined With EngineID Discovery

SNMPv3/USM, unfortunately, does suffer from some elements of man-in-the-middle attacks. But these are poorly understood and certainly not well documented (if at all). This document attempts to describe the weakness inherent in the SNMPv3/USM protocol.

Background and Conventions

Although this document coves some of the necessary background, it’s still expected that the reader already understands how SNMPv3 with its User Based Security Model (USM) works. The details of the SNMPv3 protocol and the USM-subprotocol aren’t discussed in this write-up.

It’s also expected that the reader is familiar with the USM concept of “discovery”, which can be summarized at a high level as this: a manager is allowed to send a “probe” message to an agent and the agent should return a “report” message that says “I’m using securityEngineID 1234”. An important element of this discovery request and response process is that it’s fundamentally unauthenticated. There is no proof that the agent responding actually is the right agent. The belief is that because future requests and responses are authenticated and use a key only known to the agent the manager wants to communicate with that the unauthenticated discovery request isn’t a big deal. But, in fact, it is and it does open the door for certain types of man-in-the-middle attacks.

USM contains a key-localization process provides the ability for the administrator to provide only a master password or a master key and the management software can transform that key through a series of one-way hashes into a key which is unique to each agent that the packets are destined for. Though this does prevent keys stolen from one agent from being used to break into another, it doesn’t help in the problem described below as will be shown. It won’t matter if the key localization process is used or not; they could have been randomly generated for each remote agent.

For documentation simplicity I’m only showing the use of one key in this document. But in SNMPv3/USM there are actually two: one for authentication and one for encryption. For purposes of the discussion, however, we can treat the keys as a “pair” and any time one is affected then so is the other.

SNMPv3 also has the notion of a contextEngineID, which is not discussed in this document as it is not relevant. Only USM’s specific securityEngineID is relevant to this discussion.

Typical Real-World SNMPv3/USM Start-Up Sequence

Pictures are always easier to understand, so let’s pretend we have the following network setup. Agent B will be colored red in these pictures since in the examples below we’ll consider it to be a machine which has been taken over by an attacker.

Typically a management station starts talking to an agent for the first time over SNMPv3/USM it will send an an securityEngineID request. And, of course, the agent sends back a response with its own securityEngineID:

At this point, the management station can start sending authenticated and encrypted traffic to the agent by using the authentication and encryption key assigned to the given securityName for the remote agent. Each agent has its own unique key pair that the manager uses to communicate with it and internally the manager has a table (the usmUserTable) of all the users and keys for the agent it wants to talk to.

The Attack

The problem with this situation is that the manager uses two values in order to look up the key for a given communication.

  1. It uses the securityName value it was given by some dialog box or command line option. In these diagrams this value is “userJoe”.
  2. The securityEngineID that it potentially learned from the discovery process.

But Discovery Results Aren’t Authenticated

Assume in the diagrams that Agent B has been compromised and it’s keys are now known to the attacker. Normally traffic sent from the manager to Agent A should be authenticated and encrypted with Agent A’s keys. This means that Agent B shouldn’t be able to see or respond to requests sent to Agent A because it doesn’t know the right keys.

But, if an attacker has compromised a device that is able to see traffic destined for more than just itself (e.g. when connect to a hub or truly in the middle of the path) then there is a problem if it can also spoof traffic. All it has to do is spoof responses to other addresses with its own securityEngineID for any securityEngineID probe that comes it can see. It will have to do this faster, of course, than the real agent can respond (but that can frequently be easily helped by launching DOS attacks). The end result is that the manager will get back a packet in response to it’s securityEngineID probe with a packet that looks like it was from Agent A but internally has a securityEngineID for Agent B.

Now, the manager thinks it has the right securityEngineID for Agent A, but in fact has the wrong securityEngineID for it (i.e. it has “engineIDB”). It uses this securityEngineID (“engineIDB”) in combination with the operator-provided securityName (“userJoe”) as indexes into it’s user/key table to figure out which key to use for protecting traffic. This look-up succeeds in finding a key, but has in fact found the wrong key for the agent it wants to talk to (Agent A). Instead, it finds Agent B’s key and starts its communications using KeyB.

Agent A will actually drop any requests that fail authentication (possibly sending a notification; but more on that later). But Agent B no longer even has to beat Agent A’s response back to the manager so there won’t be a race any longer and Agent B has successfully captured the entire communication stream until the manager looses its knowledge of Agent A’s securityEngineID again.

What Power Does This Leave Agent B With?

This only buys Agent B two things:

  1. The power to receive and decrypt traffic that was intended for Agent A. Typically GET and GETNEXT requests from a manager shouldn’t have anything but OIDs in them (though from an analysis point of view it might contain information about what functionality Agent A is supposed to have). SET requests, however, might have more interesting information encoded into the values that might be worth “stealing”.
  2. The power to spoof Agent A and return fictitious data from it. Agent B can now adequately pretend to be Agent A and thus can return bogus data as well as pretend to have acted as if SET requests had really been processed. This lets untold number of bad things happen, including convincing a management station that a device is fine when it really isn’t, under-reporting bandwidth usage, etc…

Protecting Yourself From The Attack

There are only a few choices when considering what to do about this attack:

  1. Understand the weakness and be OK with it. Just don’t be ignorant of it.
    • Understand that:
      • Management data sent from the management station can be stolen.
      • An agent can be “spoofed”. A management application may think it’s talking to agent A which has possibly:
        • Accepted and acted upon SET data.
        • Has returned real and true values that you can trust to be from that agent.
    • Protect yourself as best as possible:
      • Leaving your management applications long-running so they memorize securityEngineIDs can be helpful (though if the attacker succeeds at any point, you’ll believe he’s the right agent for a longer period of time so it’s still a trade off).
      • Doing a “leap of faith” type approach and believing the first securityEngineID and expecting it “from then on” (even if the management station is shut down; though I don’t know of software that stores securityEngineIDs in persistent storage.).
  2. Don’t use the securityEngineID discovery process and pre-populate the management database with the real expected securityEngineIDs extracted from their consoles. Unfortunately, this doesn’t scale well. And thus I don’t know of a single person who actually manages their network this way.
  3. Use different securityNames on every agent. Unfortunately, this doesn’t scale well either. I don’t know of a single person that manages their network this way either.
  4. Use another form of SNMPv3 security, such as SNMP/SSH transport or the upcoming SNMP/(D)TLS transport. These forms of SNMPv3 don’t suffer from this weakness but have only recently been defined by the IETF and aren’t widely implemented and deployed.
  5. Only run management commands over a protected physically separate and entirely switched network. Fortunately, this is frequently common practice. Though it doesn’t necessarily eliminate the threat depending on which network components have been broken into, it should help reduce the threat significantly.

Questions and Answers

Does This Attack Work If Not Man-In-The-Middle?

The short answer is “no”.

The longer answer is that if the attacker can’t see the traffic, then they’d have to be able to guess the manager’s messageID and time the securityEngineID response appropriately.

But even if they could do that, it doesn’t help much unless they can see the traffic since they won’t see what they can now decrypt and respond to. The attacker can’t easily respond to what they can’t see (without an unreasonable amount of guessing of packet contents and timing).

The best an attacker can hope to accomplish would be a denial of service attacker because the manager would fail to communicate with Agent A while the securityEngineID mismatched.

What About Authentication Failed Notifications?

If all the agents are configured to send out SNMPv2-MIB::authenticationFailure notifications then in theory the manager would receive a notification every time agent A received a packet that wasn’t authenticated with the proper key (keyA).

This is true and maybe helpful if authentication-failure notifications have been turned on. But the evil Agent B entity may find it possible to spoof securityEngineID query responses from the management’s notification receiver to stop INFORM notifications from being encrypted with the right authentication key thus causing the notification receiver to drop the notifications. TRAP notifications are sent using the local (correct) engineID so this attack won’t work on them.

Comments (4)

How I Cheated at FarmTown Today

Cheat??? Why??? Well, after posting my previous blog entry about FarmTown cheating I noticed a huge number of Google and other search engine hits by people looking for “how can I cheat at FarmTown”, etc. Apparently I’m not alone in the desire to overcome FarmTown boredom.

There is a huge amount of wonderful pages devoted to farmtown data, but not as much about advice about how to play efficiently. For those just looking for how much stuff costs, what level you get it at, etc, I recommend
Uncle Joe’s Farm Town Addicts Site

Today’s Progress

While working diligently away on my farm today and jumping from level 19 or 20 (I forget) to level 24 I:

  • Ate a wonderful father’s day breakfast with my family that was prepared by my wife
  • Filled up the car with gas
  • Packed the car
  • Went shopping
  • Played a game of pool
  • Read to my daughter

Motivation

Well, simply put I wanted to be level 27 so I could buy rivers. I didn’t get all the way there today, but I made a good leap forward. The problem with farmtown is that after the first 15 levels or so it gets very boring when it comes to the farming aspect itself. Not the building pretty pathways and stuff aspect, but the aspect of cultivating a huge set of crops just to try and get more experience points.

This, in my opinion, is a fault of FarmTown’s. They should, after a certain level, make it easier to clear and plant a field full of crops with one “select a rectangle” type motion. It’s cute when you first start to plant each square, but boy does it get boring by the time you get up there in levels. And because levels get harder and harder to achieve the level reward is less and less (aside from the financial increase, which is constant).

FarmTown isn’t the only game with this problem. It dates back to any large “build an empire” type games including empire (the old ascii text game for those that remember it) to warcraft and to the latest in the line: FarmTown. Maintaining a huge set of maintenance tasks gets dull and dry.

But… I really wanted to be level 27. I just didn’t want to spend the time.

Enter The Cheat

Ok, it’s not a “real” cheat. It’s well known, as I’ve discussed previously that you can turn FarmTown cash into FarmTown experience points. The cheapest way to do this is by adding hay bails to your farm. At the end cost of roughly 1 experience point per 10 FarmTown coins spent the hay bails are the best return.

But, it’s boring putting out a gazillion hay bails too, so why is that any better? It provides you increased speed at yet more boring work.

Or does it. I handled this by recording mouse clicks with a mouse event recorder and then playing them back. I’d buy a hay bail and then sell it. And then tell my computer to repeat the process over and over for me while I went and did something else.

Sure, occasionally it would mess up and start trying to place a bail on another, but in general it worked and I got a lot of house-hold chores done instead! Yay! I’m level 24 now!

So if you want the amount of coins you have divided by 10 in experience points, you might give this approach a shot. I don’t have software to recommend to you (see below for my linux notes) but I’m sure if you search for some for your OS of choice you’ll find something. I know stuff exists for windows, and I suspect for OSX as well.

Advice for FarmTown Developers

Don’t get mad at the people that want to cheat. Fix the issue within the game. I’ve noticed that a lot of my friends simply stop playing near level 28 or so because it’s just boring after that. You’ll loose customers unless you can fix the boring aspect of the higher levels. Add something else for them to do instead that captures their interest again.

Final Linux Geek Note

Turns out that all the linux event recording software is dated and doesn’t work. There is some playback software though. I wrote a quick script to wrap around xte from xautomation to record and then replay what I needed.

Comments (14)

How to win (sort of) at Facebook’s FarmTown

[Update: make sure to read my follow on article as well: How I Cheated at FarmTown Today]

Any game, is of course, accompanied by a number of different ways you can attack the problem of “how do I get a high score as quickly as possible”.

Facebook’s FarmTown game is highly addictive to many people and some of my friends have spent endless hours carefully laying out rice fields for harvest two days later.

Status in FarmTown

There are really only two things worth achieving in FarmTown: Money and Levels/Experience Points. Money is earned by planting and harvesting crops (or better yet, having someone else harvest your crops for you). And, if you harvest someone else’s crops then you get some extra cash too (it’s a good deal for both sides). The fastest way to get cash is to go hang out in the market place and beg people for jobs harvesting their fields.

But experience points you only get by either plowing, planting crops, visiting friends farms, or building infrastructure. Now, you can only visit your friends for experience points roughly twice a day. And there is only so much space on your farm so after you’ve filled you soil with crops and farming infrastructure (virtual barns, paths, scarecrows and hay bails) you have to sit back and wait until the crops are ready.

Or do you…

[Update: as people have pointed out in the comments and as I discuss in How I Cheated at FarmTown Today using hay bails for converting cash to experience points is more efficient]

Many people have figured out that planting grapes earns quick experience points because in 4 hours their ready again. Yes, they’re not worth much but they do turn around quickly. Thus if you’re shooting for straight XP then grapes seem like the right way to go.

But there is a better way:

  1. Plow your whole field per normal (20 coins per square and it’s worth 1 XP)
  2. Plant grapes in your whole field (also 20 coins per square and it’s worth 2 XP)
  3. Buldoze them over immediately (gasp!!!)
  4. Go back to step #1

(and for you slashdot readers add in “Profit!” somewhere)

See… If you’re willing to spend the cash (40 coins) and the time (something you’ll admittedly never get back) then you can earn 3 XP points per square. Quickly. Keep repeating till your out of cash. You’ve probably just levelled up quite a bit.

When you run out of cash, go to the market place and beg people for a job to get more cash. I bet following this formual you could go from level 1 to level 20 in a day without breaking a sweat on anything other than your index finger.

Begging for jobs

Having done a bit of job begging, here’s my advice: be smart, be witty, be silly. You’re much more likely to get a stranger to hire you than if you just keep chanting “hire me”. When I’ve simply made funny jokes about wanting to get hired I’ve gotten jobs much faster than the others around me that were closer to “annoying”.

After all is said and done

Go outside into the real world and mow the real lawn. You probably need it at this point.

Comments (32)

I’ve Got Mail!

Many people have asked me in the past to explain how in the world I handle so much E-Mail. Since it’s such a long story consisting of many parts, I rarely answer it. Also because I think it’s easier to describe using diagrams, examples and sciency looking graphs. In fact, it turns out, that even describing how much mail I get, and why I get so much, is a story in itself. So this is part #1 of like 2 that describe my E-Mail setup. This first part consists entirely of a description of how much mail I get in the first place. Believe you me, it’s quite a bit.

So, how much raw E-Mail do I get?

So before this, I actually wasn’t even sure. It turns out that the answer is simply put as “a lot”. A whole heaping lot. Much of it is, of course, spam (I don’t have an exact percentage at the top of the article). But even assuming that it’s 90% spam, which likely isn’t the case, I still receive a lot of mail. And it’s all my fault because, simply put again, I want that much (gasp). Ok, maybe not the spam.

So let’s start off with some (sciency) graphs showing the raw numbers of E-Mail that I attract. To really understand it all, I need to break it down into chunks and study each piece.

The Long Haul: Mail Per Month

The first graph below shows the amount of mail per month that I received over the last year-ish.

Mail Per Month

Mail Per Month

The important thing to notice in the above graph is that the amount of mail I receive isn’t even consistent month to month as it ranges from 6500 in a month to almost 13,000. Sure, February has less days in it so you’d expect it to be lower because all months were not actually created equal. But even those slight variations don’t account for the huge swing in differences from month-to-month. Some of it certainly is because my work-load with respect to communication comes and goes. Some months I simple receive a lot more mail for work related projects than other months (usually as deadlines approach and panic ensues).

But the biggest reason for the fluctuation is that spam comes in waves too. Just looking at my day to day E-Mail it’s always amazing how much the incoming spam varies. Some of my email addresses (I have many) are widely published and thus widely harvested by the evil address-collecting spam machines. This results in a huge amount of my mail being spam, unfortunately.

But beyond that, you can see trends in the graph where, for a while, there was a significant drop in incoming E-Mail. This was because a major spam ring was taken out of service a while back and that’s where the huge dip comes from (you should have had a spam dip in that time frame too). However things are unfortunately back to spam-normal again. Do you feel like all of a sudden you’re getting more spam than you used to? Well, you’re not alone. Eventually the next spam king-pin took over and we’re back to an abysmal spam rating of something like 90% on-average spam. The peace was nice while it lasted, but now I’m back to evaluating whether my rich Nigerian uncle really did leave me a fortune or not. Fortunately if he didn’t, it turns out I have 1094 other rich Nigerian uncles who also amassed a small fortune if only I could pay the wire-transfer fee to get it safely into my bank account.

The Shorter Haul: Mail Per Day

The next graph shows the amount of mail per-day that I received mostly during the month of May (2009).

Mail per Day

Mail Per Day

There are a couple of interesting actifacts that you can hopefully spot in this graph as well. You’ll notice that has a definite repeating cycle. The cycle is simply this: the low spots are on the weekends. I.E., by far the most mail I receive comes during the work week. This isn’t surprising to me since much of the mail I receive is work related in the first place. Which begins to tell you how much mail I receive for work-related purposes.

Ok, But What Exactly Is It All Then?

There’s the real question. If I get bombarded with so much mail, how much do I actually read??? So, lets pick a day. Ok, let me pick a day since you couldn’t help me there. I picked June 3rd, 2009 which is a Wednesday.

On Wednesday June 3rd, 2009 I received 4514 individual pieces of email. Now, lets quickly do the math shall we? If I tried to read all of that and I did so in, say, a 10-hour period (8 hours for work and 2 hours of reading just the personal mail) that would be 4514/(60*10) = 7.523 email messages per minute that I would have had to read. Though that might be possible if they were all short, I assure you that the people I correspond with are not well known for writing short, brief messages. Long winded rants are, unfortunately, much more common.

Weeding Out The Spam And Rich Uncles

So, the first thing we need to do is remove the auto-discarded spam and duplicate messages (I have a nice filter that removes duplicates so that I’m never bothered twice because someone put me on both the To and the CC line or because I’m subscribed to multiple mailing lists that the message went through). It turns out that in the 4514 messages, I auto-discarded 3163 of them. That’s roughly 70% of them. Since that’s most likely spam, that’s probably close to the real spam percentage that I receive: 70%.

Looking At What’s Left

That leaves only 4514 – 3163 = 1351 messages left to handle. And if I had 10 hours to sift through 1351 messages in my INBOX I could do so at the leisurely rate of 2.25 messages per minute. That’s almost doable (at least if I blacklist a few of the people that mail me the most long of the long winded rants).

But here’s the real secret. Of all those 1351 messages, only 10 actually ended up in my INBOX. That’s important, so let me repeat it. In bold. Only 10 messages actually ended up in my INBOX. And there’s the secret to my success: everything else gets filtered out and placed somewhere else. In fact, if you really look at how I treat mail it turns out I have lots of INBOXes. The one that only received 10 is the one that is just mail sent to my personal account. My work addresses only received 16 to the work INBOX equivalents.

Dealing With Mail in Clumps

So what is really happening, behind the scenes, is that my mail for the day actually got sorted into 44 different places. Not just 1 or 2, but 44. That lets me sort and prioritize my mail so that the important stuff I can see right away in small INBOXes and they don’t get lost in the bulk of the rants.

In the rest of the mail: 638 messages went to a folder for fedora developers consisting of auto-generated emails describing upcoming changes to the operating system. Another 110 were long winded rants about the same operating system that went to a discussion folder (at least I bet they were long winded rants; I didn’t study most of them in detail). 102 were about my favorite linux-based TV recording software: MythTV. Another 120 E-Mails were messages that were most likely spam but placed in a folder for me to double check them because the spam-filtering software wasn’t confident enough to just throw them away without my help.

And so on. You don’t want more of a breakdown than that. Trust me.

Thank You For Waiting;

You’re Message Important To Us Me

That being said even my real INBOX occasionally turns into a black tar-pit where it seems I can never stay afloat. Even with only 10 messages going into it for a particular Wednesday I’m not perfect and frequently I “mean to respond later” but fail to get back to it in a timely manner.

The important thing is that the people that really matter (you) do end up in my highest priority folder (assuming you’re not one of those long-winded ranting folks). Everyone should filter their mail to put their most important email messages first in their lives and let the others stew until they’re nice as savory. I’m going to come back at some point in the not too distant future (I hope) to provide additional guidance for “getting ahead of your email”.

I’ve actually learned something from this long winded analysis too. So I’m glad I wrote it up. What I’ve learned is that I should have a severe headache and should step quietly away from the computer. So I think I will.

Comments (1)

Google Wave: it’s a big one

Anyone who’s talked with me about computers and communication know that I have wanted to rewrite the email architecture and have a lot of good ideas about what is needed to make it happen. Well, yesterday the folks at google trumped me. And boy did they.

Now I’m not one to generally proclaim ahead of time that something is going to be the next big something. In fact the first time I opened a web page back in the 90s long before most people had heard of “http” I merely thought “yeah, that’s nice but nothing amazingly new”. Even http was a minor improvement on other things. The famous web 2.0, that brought us many cool webpages like google maps, facebook, etc, were really just minor steps forward in technology that I again thought were cool, but nothing outstanding.

For the first time, I’m here to say: Google Wave will indeed change the world. Or the way we work with it. It’s the first technology that has ever caught me completely off guard.

Learn About It

The best way to learn about it is to watch the demo video. You probably want to watch at least from about 0:05 to 0:15 on it to get a feel for how cool it is. The trick, I think, will be to stop watching it as it keeps rolling out new things as you watch it (the interesting non-geeky content is a full hour long, out of the hour and a half). Though the video is targeted for developers (and as a developer it targets me perfectly), but it’s not so geeky that everyone else will be annoyed.

I May Actually Quit Using My Current Mail Reader

I’ve tried, over the years, to move away from the mail reader I use today (something 99% of the population have never heard of: Gnus). The reason I have never succeeded in finding anything else that would fit my bill is that gnus helps me manage email like nothing else can. Yesterday, on May 28th 2009, I received 4661 pieces of email. Now, certainly a large portion of that is spam. But a lot of it was stuff I needed to at least consider and the power of gnus lets me sort it appropriately so I can actually handle the load. But that’s a whole other subject for another time (many people wonder how I do it; I should write it up sometime too).

Google Wave, on the other hand, may finally offer enough of a new enough complete change in the way communication happens that I’ll actually be able to keep up with the level of communication that I need.

Features

It provides real-time updates, shared tagging, proper thread control, reduced bandwidth, retroactive publishing a conversation to a new person. All these features are likely enough to actually pull me over. There are issues as well, and I’ll probably document those later, but on the whole they’re a fantastic change in thinking and are a lot along the lines of how I’ve wanted to revamp things but I think they’ve succeeded in taking to a level further than I was thinking.

It’s really like mixing email, web, chat, and usenet news all together in a single form. Or it looks like it at least. Kudos on taking the best of all those highly useful worlds and actually getting them to fit together.

And they already have it working on android and the iphone!

The Right Developmental Path

One of the reasons that I don’t use gmail much, or many other web-based solutions is that I don’t necessarily think that http and javascript are always the right tool for every job. Yes, javascript turns websites into wonderfully interactive sites, but in the end I still prefer writing text/editing into speedy local applications (I’m saying this while typing into a web page, oddly enough).

With waves, however, they’re extending both the web API and the protocol definition itself to the world. The protocol is based on XMPP, which is the standardized version of Jabber, and this is huge. This means that people will be able to write import/export components for waves and thus you can actually continue to edit in something else and publish it as a wave later.

Kudos to their forward thinking about the realm of standardization and allowing data access to other types of applications and programming languages. This is what will make it huge.

There is always a but…

I do wonder about some of the negative communication aspects that could happen. Centralized data storage about a conversation thread is a great thing when the data is generally public in the first place.

However, we still need to be careful when transmitting important information. Wave provides the ability to grant someone retroactive access to a wave. Imagine having a wave discussion and then suddenly excluding person X from a branch of it and then later intentionally or accidentally granting person X access again. Imagine how they’d feel when they realize they’ve been excluded. This happens all the time in email, but when in email when person X sees part of the conversation again he likely didn’t see the message that said “I’ve excluded person X because …”. This is really just a new management issue, but by far the benefit outweighs the negative.

(and there are more odd use cases, but certainly the benefits will outweigh the oddities of them as well)

I Can’t Wait…

And I’m not sure I’ve ever said that before about an upcoming technology.

Leave a Comment