Monthly Archives: February 2008

For the Checkpoint Lover in Every Child

200802-Security-Checkin.jpgCheck out the Security Check-in toy set from Playmobil. Here’s the description:

Every single smuggler is caught at the security check-in. With a modern X-ray machine every item not allowed on board is detected. At the same time, the passengers have to pass the passenger check-in under the watchful eyes of the security staff. Only then can they start in their hard-earned vacation.

The ad copy doesn’t say if the passenger’s shoes are removable.

(Hat tip: Scott Bludorn.)

RAV4 Blogging – 10 Days Behind the Wheel

We’ve had the new Toyota RAV4 for about 10 days, and I have a few observations:

  • There’s a little digital display in the middle of the dashboard with some numbers on it, but when I first saw it I couldn’t figure out where the odometer was. After a moment, I realized that the odometer must be that little “4” all by itself on one row. I guess I’m not used to seeing less than six digits…
  • The RAV4 is a complicated piece of machinery. It’s got a 5-speed automatic transmission with a switch to lock the differential. There’s anti-lock brakes, traction control, and stability control. It’s got daytime running lights, parking lights, regular headlights, high beams, and fog lights. It’s got front and rear window wipers, both with intermittent mode. The heating and air conditioning system has about 15 buttons. (I haven’t bought a new car in 10 years, so I don’t know how much of this stuff is standard on cars these days, how much is because it’s an SUV, and how much is because of the trim line we chose.)
  • jbl_logo.gifTo me, the JBL logo on all the sound system components looks more like UBL, and UBL means Usama bin Laden—the old official spelling of Osama bin Laden. It strikes an odd note every time I see it: I’ll probably always think of it as the Usama bin Laden audio system.
  • I wasn’t interested in getting heated seats, because I never really had a problem with my butt feeling cold while the rest of the car was warm. However, they came with the trimline we chose so we have them anyway, and I’ve learned something important: When I start the car cold, the heated seats will be the first thing to get warm.
  • The RAV4 is very easy to drive. From the first test drive at the dealer, it felt just like my Camry, but with a jacked-up suspension. Even that feeling has gone away by now. It has very quickly become just our car.
  • At night it’s easy to forget to turn on the headlights because the running lights come on as soon as I start the car and look just like the headlights. It’s only when I get to a dark area that I notice how much dimmer they are.
  • The tail lights are all LEDs, which should last forever. I don’t know if all cars have this option these days, but they should.
  • The rear window and the side windows behind the first row of seats are all tinted dark enough to keep people from looking in. I didn’t even notice that until the second or third day we had the car.

In roughly 10 days, we’ve put 804 miles on the car. 

The Difference Between a Website and Its Name

I’ve been reading about the Wikileaks issue on some legal blawgs, and corresponding with Scott Greenfield about it, and I think there’s a bit of confusion over a technical issue. I don’t think anyone within Judge White’s jurisdiction is disobeying his order. I’m going to have to delve into some history here, but I think I can explain it without getting too technical. The key is that the network service of hosting web content is different from the network service of associating that content with a domain name.

The networking protocol for the Internet is called IP, which stands for internet protocol. Every computer on the Internet is assigned an IP address within the network where it can be reached. When a human is going to see or type an IP address, it’s usually broken into four numbers ranging from 0 to 255, which are written down separated by dots. E.g. “88.30.13.160”.

That’s an ugly thing to be typing, so since the earliest days of the the old ARPAnet, there has been a mechanism to allow us humans to use names for computers instead of numbers. Initially, every computer simply had a list of the names and addresses of every other computer. Each computer’s administrators would occasionally download a new list from a central location.

By the mid-1980’s, that system was no longer workable because the number of computers had grown into the thousands and it was hard to keep track of the changes across all the organizations on the network. To solve this problem, the architects of the internet invented the Domain Name System (DNS), in which the lists of names and addresses are stored on computers called name servers that the other computers query when they need to lookup a name.

For any given domain name—yahoo.com, windypundit.com, wikileaks.org—there’s a nameserver somewhere that’s responsible for providing the associated IP addresses. It’s called the authoritative name server, and whoever controls this server controls the meaning of all the domain names for which it has authority.

How does the network of name servers find the authoritative name server? They send a query about the domain name to a group of top-level name servers, called registries, which respond by refering the query to the name server that has authority for that domain. When you buy a domain name from a registrar, you’re buying the right to tell one of the top-level registries which nameserver has the authority for that domain.

(I have simplified the domain resolution process quite a bit. There are a lot more options, and there is a lot of localized caching to improve performance.)

When it comes to accessing a web site, there are five roles we need to be concerned about:

  • The web server that actually serves the pages.
  • The authoritative nameserver, which points to the web server.
  • The registry, which points to the authoritative name server.
  • The registrar, which is the business entity that sold the domain name.
  • The registrant, which is the actual person or other entity that owns the domain name.

When you buy a domain name, you’re the registrant, and the registries are operated by the top internet authorities, but the other three roles are up for grabs. Many companies will sell you a package deal for registering a domain, operating the name server, and hosting your content, but it doesn’t have to be that way.

For example, the windypundit.com web server is operated by a company called DowntownHost, and the registrar is Tierranet. Currently, the name server is also operated by Tierranet, but I could switch it to DowntownHost or a third party if I wanted to.

Wikileaks used a similar arrangement. Their server is at IP address 88.30.13.160 and is run by a web hosting company called PRQ in Sweden.  Their registrar is a company called Dynadot, located in California.

According to the court documents John Katz has posted, Judge White ordered the registrar, Dynadot, to remove all information about the wikileaks.org domain from the registry. As far as I can tell, they’ve done so. That’s why we get an error if we try to browse to wikileaks.org. (That’s also why I can’t tell you anything about the nameserver or the registrant—Dynadot has deleted that information.)

None of that, however, affects the actual web server that hosts Wikileaks. If you happen to know that its address is 88.30.13.160, you just have to type this into your browser:

http://88.30.13.160

The Internet will just route traffic between your computer and the Wikileaks server, without ever having to do a query on the wikileaks.org domain. It’s just between your browser and the Swedish server.

Maybe all these technical details are too low-level for the courts to take notice, but as far as I can tell, no one is disobeying the judge’s order. He ordered the name deleted, and it’s gone.

Trying to Stop Wikileaks

Yesterday, I mentioned that Federal Judge Jeffrey S. White issued an order shutting down the Wikileaks site. He did this by ordering the domain registrar to disable the wikileaks.org domain. This only disables the name lookup feature, not the underlying website, which is still available via its IP address:

http://88.80.13.160

In a comment to my last post, Scott Greenfield asks,

[D]o you think it’s critical that the Judge White’s order was ineffective because of a technology error? If they figure out how to do it effectively next time, then what?

I’ve been giving this a little thought. I’m not an expert at Internet security, but I think I may have been unfair to Judge White. The IP address above traces to a server in Stockholm, Sweden, so he may very well have done all that it was in his power to do by ordering the American registrar to disable the name.

I suppose the aggrieved party could ask him to order the big American internet backbones to stop carrying traffic from that address. I think it would be analogous to ordering a phone company not to put through certain calls, or ordering the post office not to deliver certain mail. It would probably be a serious performance and administrative burden, and I wouldn’t be surprised if it’s not legally possible.

Besides, the Wikileaks site could get a new IP address in a few minutes. Within a day or two, all the usual web sites would be linked to it again.

In addition, Wikileaks has many other domain names, some of which are obvious—wikileaks.cx, wikileaks.cn, wikileaks.in, wikileaks.org.uk, wikileaks.org.nz—and some of which aren’t, e.g. sunshinepress.org. There are also independent mirror sites that serve all the same content to the web from locations in several different countries.

The folks who built Wikileaks make some pretty grandiose claims about it being “uncensorable.” Technically speaking, there’s no such thing, but as a practical matter, they can probably put up a pretty good fight. Wikileaks was originally designed to support dissident activities by people in repressive countries, and it makes use of some advanced security technologies.

It’s not as farfetched as it sounds. Consider that the Chinese government has been trying to censor Wikileaks without success. Here in the United States, our government has only been able to stop online poker sites by attacking the flow of money, not the web sites themselves.

Maybe some intelligence agencies have the resources to stop Wikileaks—especially if they’re willing to commit illegal and/or violent acts—but I don’t think a lawsuit or an overzealous judge is much of a threat.

Deserts, Predators, Domain Names, Musical Theater, Web Design, and Big Cats

Random shots around the web:

css.php