A Short History of DNS Over HTTP (So Far)
By John Levine
The IETF is in the midst of a vigorous debate about DNS over HTTP or DNS over HTTPS, abbreviated as DoH. How did we get there, and where do we go from here?
(This is somewhat simplified, but I think the essential chronology is right.)
Javascript code running in a web browser can’t do DNS lookups, other than with browser.dns.resolv() to fetch an A record, or implicitly by fetching a URL which looks up a DNS A or AAAA record for the domain in the URL.
It is my recollection that the initial impetus for DoH was to let Javascript do other kinds of DNS lookups, such as SRV or URI or NAPTR records which indirectly refer to URLs that the Javascript can fetch or TXT records for various kinds of security applications. (Publish a TXT record with a given string to prove you own a domain, for example.) The design of DoH is quite simple and well suited for this. The application takes the literal bits of the DNS request, and sends them as an HTTP query to a web server, in this case probably the same one that the Javascript code came from. That server does the DNS query and sends the literal bits of answer as a DNS response. This usage was and remains largely uncontroversial.
About the same time someone observed that if the DoH requests used HTTPS rather than HTTP to wrap DNS requests, the same HTTPS security that prevents intermediate systems from snooping on web requests and responses would prevent snooping on DoH. This was an easy upgrade since browsers and web servers already know how to do HTTPS, so why not? Since DoH prevents snooping on the DNS requests, a browser could use it for all of its DNS requests to protect the A and AAAA requests as well, and send the requests to any DoH server they want, not just one provided by the local network.
This is where things get hairy. If the goal were just to prevent snooping, there is a service called DNS over TLS or DoT, which uses the same security layer that HTTPS uses, but without HTTP. A key difference is that even though snooping systems can’t tell what’s inside either a DoT or a DoH transaction, they can tell that DoT is DNS, while there’s no way to tell DoH from any other web request, unless it happens to be sent to a server that is known to do only DoH.
Mozilla did a small-scale experiment where the DNS requests for some of their beta users went to Cloudflare’s mozilla.cloudflare-dns.com DNS service, with an offhand comment that maybe they’d do it more widely later.
On the one hand, some people believe that the DNS service provided by their network censors material, either by government mandate or for the ISP’s own commercial purposes. If they use DoH, they can see stuff without being censored.
On the other hand, some people believe that the DNS service blocks access to harmful material, ranging from malware control hosts to intrusive ad networks (mine blocks those so my users see a blue box rather than the ad) to child pornography. If they use DoH, they can see stuff that they would rather not have seen. This is doubly true when the thing making the request is not a person, but malware secretly running on a user’s computer or phone, or an insecure IoT device.
The problem is that both of those are true, and there is a complete lack of agreement about which is more important, and even which is more common. While it is easy for a network to block traffic to off-network DNS or DoT servers, to make its users use its DNS or DoT servers, it is much harder to block traffic to DoH servers, at least without blocking traffic to a lot of web servers, too. This puts network operators in a tough spot, particularly ones that are required to block some material (notably child pornography) or business networks that want to limit the use of the networks unrelated to the business, or networks that just want to keep malware and broken IoT devices under some control.
At this point, the two sides are largely talking past each other, and I can’t predict how if at all, the situation will be resolved.
Written by John Levine, Author, Consultant & Speaker
Follow CircleID on Twitter
More under: Cybersecurity, DNS, Internet Protocol
Read more here:: feeds.circleid.com/cid_sections/blogs?format=xml
Common misconceptions about IPv6 security
By David Holder Guest Post: I’ll seek to set the record straight for several of the most common misconceptions about IPv6 security.
Read more here:: blog.apnic.net/feed/
Datanami Career Notes: March 2019 Edition
In this monthly feature, we’ll keep you up-to-date on the latest career developments for individuals in the big data community. Whether it’s a promotion, new company hire, or even an accolade, we’ve got the details. Check in each month for an updated list and you may even come across someone you know, or better yet, yourself!
Albert Narvades
Lumina has announced that Albert Narvades has joined the company as its chief financial officer. Narvades most recently served as the CFO at Jagged Peak. Prior to Jagged Peak, he served as controller for BP’s alternative energy group and biofuels. His career spans nearly 25 years in finance and accounting.
“Lumina is a pioneer in the predictive analytics space. Our technologies will help save lives, protect communities and solve some of the biggest problems society faces,” Narvades said. “I’m honored to be a part of the team and join the company at this time of growth and opportunity.”
Carrie Palin
Splunk Inc. has announced that it has appointed Carrie Palin as senior vice president, chief marketing officer. Palin joins Splunk from SendGrid, where she served as CMO through the company’s acquisition. Prior to SendGrid, Palin was the first CMO of Box. She has more than 20 years of experience leading global marketing programs.
“I’ve long been an admirer of Splunk and am excited to lead this world-class marketing team,” said Palin. “I’m honored to be part of an organization that continues to enjoy such phenomenal growth. Splunk has a strong reputation for product excellence, a deep customer following and a much-loved brand – I’m excited to build on these strengths as the company continues its transformation journey.”
Jodok Schäffler
Crate.io has announced that Jodok Schäffler has been hired as the new head of its IoT data platform. Schäffler previously founded Mission-J, a company focused on the development of IoT-enabled discrete manufacturing solutions. Prior to that, he served as the general manager at ALPLA North America. He holds a doctorate in computer science.
“We’re extremely excited to add Jodok to the Crate team,” said Christian Lutz, CEO, Crate.io. “He brings a deep understanding of the goals and pain points that IoT-dependent industrial organizations are encountering. With Jodok as Head of the IoT Data Platform, we’re well positioned to reach more customers with exactly what they need to capably and reliably handle massive volumes of IoT sensor data.”
Rohit Singla
Sapience Analytics has announced that Rohit Singla has been appointed president of the company’s India operation. Singla has over 21 years of experience at companies including GE, World Bank, Morgan Stanley, NXP and BMC. Most recently, Singla was a leader at BMC, where he made contributions in critical areas, including transforming the India Engineering Center.
“I’m extremely excited to join Sapience Analytics – a company with a fantastic management team, a great product, and a true employee centric organization with solid customer-centric execution. Given my first-hand experience in seeing the phenomenal productivity improvements Sapience Analytics can bring to an organization during my tenure at BMC, it makes my role of chief product evangelist easy to assume,” said Singla.
To read last month’s edition of Career Notes, click here.
Do you know someone that should be included in next month’s list? If so, send us an email at oliver@taborcommunications.com. We look forward to hearing from you.
The post Datanami Career Notes: March 2019 Edition appeared first on Datanami.
Read more here:: www.datanami.com/feed/
Getting Ready For The Tsunami: AI Evolution, Blockchain and Technological Singularity Part 3
By Dinis Guarda
Getting Ready For The Tsunami: AI Evolution, Blockchain and Technological Singularity Part 3 Image source Dinis Guarda
When Will it Arrive?
When will tech singularity arrive, if it ever arrives ? Ray Kurzweil, famous for his Singularity optimism, insists that day is in 2029, so in one decade! Many other academics think on the other hand that it will never happen. In a certain way AI development (and human development! Humans are also growing and changing at incredible pace) is a never ending journey, and so is human consciousness. After all technological evolution results from the joint effort of humans designing machines that transform each other.
Yoshua Bengio, a professor at the University of Montreal, says something similar, about what he sees as a kind of hype, concerning AI: “We’re currently climbing a hill, and we are all excited because we have made a lot of progress on climbing the hill, but as we approach the top of the hill, we can start to see a series of other hills rising in front of us.”
Will Machines Crash Humanity or Serve Earth ?
To be worried about the unknown and prone to forecasting threat and dystopia is very understandable. The fear of the machine is deeply rooted in humans. The great scholar and mythologist Joseph Campbell has widely written about it. He was the adviser of George Lucas, for Star Wars, which he read through the mythological perspective. In his view, Star Wars was working out the conflict of machines either crashing humanity, or serving it.
Each industrial revolution stage (we are now entering the 4th one) just reawakens this very understandable anguish: Just think of the Spinning Jenny who led so may to poverty! Alan Turing and John Von Neumann, important pioneers, who were the first to anticipate the potential of AI, also raised queries similar to the ones we nervously tackle today, when anticipating the impact of this tsunami. Those questions resume themselves to a crucial one: is what we are doing going to annihilate us, the well know saga of Frankenstein ?
To the ones who look fearfully at a tech singularity, they can rest a bit more assured, if they look into detail about the state of evolution of the technology. Most scientists are not too impressed with the evolution of neural nets — the approach to AI more popular right now, plus scientists are still uncertain to where the deep learning AI paradigm will take us.
MIT’s Max Tegmark, for example, who participated in the book Possible Minds, estimates that “AI systems will probably (over 50 percent) reach overall human ability by 2040-50, and very likely (with 90 percent probability) by 2075.”
Image by Dinis Guarda
Other views though are more disheartening, tending to claim how AI will wipe out humanity in a very recent future. UC Berkeley’s Stuart Russell, Oxford’s Nick Bostrom, Tegmark, and the inventor of Skype, Jaan Tallinn who founded the Center for the Study of Existential Risk at University of Cambridge are all very worried and doing a big effort to avoid that possibility. Curiously, concern about AI risk is less seen in researchers connected with Tech companies like Facebook, Google Brain, and DeepMind.
Does AI have a Will?
The argument at the core of AI safety is quite a complex one. Its about will. An advanced AI might have an independent will. That will might truly cooperate with humans in a beneficial way, but it can also adopt approaches that humans do not approve of and that go against human ethics.
What sustains the reason for this argument is the idea of “competition” inherent to the survival of the species standpoint. Jayshree Pandya writes:
“Since there is no direct evolutionary motivation for an AI to be friendly to humans, the challenge is in evaluating whether the artificial intelligence driven singularity will — under evolutionary pressure — promote their own survival over ours. The reality remains that artificial intelligence evolution will have no inherent tendency to produce or create outcomes valued by humans– and there is little reason to expect an outcome desired by mankind from any super intelligent machine.”
Again, this is a view, that has embedded in itself a notion of separation and basis itself on Darwin’s evolutionary theories. But Darwin has been quite questioned and some state, he is very misunderstood and misread.
Economic Impact of AI
Regardless of whether or not, and when we will have a technological singularity, we need to look for the real problems we are facing with the evolution of technology. Jobs! The main question for a future that seems to be at our doorstep is: “what happens if jobs based on the current economic system can be automated ? and f people and processes can be replaced by AI in most jobs, how will that shape what we understand as economics?
The economic impact of AI, is now a tangible fact, so we really need to deal with it.
Economic progress has often been driven by some sort of consecutive level of increasing automation, which led to better production and the elimination of jobs across nations, being substituted quickly though, by new ones. We are now facing an upgrade of this process, which has deeper consequences. What is at stake here is a shift not only in terms of technology but also in terms of what type of economics we will have in the future.
For now, all the studies done are based on traditional economic viewpoints. Take the case of a 2015 paper, written by William D. Nordhaus of Yale University, that looked at the impacts of an impending technological singularity. In his view, Nordhaus was studying technological singularity through the point of view of the resources needed for it to happen. For information technology to evolve at the speed and by the date Kurzweil and others suggest, there would have to be significant productivity trade-offs. So, in order to devote more economic resources to producing quantum computers, one would need to decrease the production of non-information technology goods.
We can rest assured: of the seven tests Nordhaus design based on econometric methods, only two indicated that a Singularity was economically possible and both of those two predicted, at minimum, 100 years before it would occur.
Placing Blockchain In the Equation
What is then, the place of blockchain, in this complex equation? As I stated earlier, with the advancement of big data resulting from the increased datafication happening in the world, we will need powerful computers, and a new system of organisation of that data, that is fit to operate and deliver a truly interconnected, immediate and global world. Blockchain’s possible applications are innumerable, from governance to economics, to identity etc, as I have written in various other articles. But we are living the technology’s early days in terms of its true potential, and still dealing with theoretical scenarios.
The way to look at it, anyway, is by analysing AI and IoT together with blockchain. Francesco Corea, gives us a picture of the wide possibilities of what he calls the blockchain-enabled intelligent IoT economy. If done correctly blockchain could actually enable us to avoid some of the scenarios of a gloomy technological singularity. Bear in mind though, that blockchain in itself has its risks as well…
Getting Ready for The Tsunami, with conscious hope!
As I have demonstrated in this article, the debate around tech singularity is. triggering an old fear of the machine. This fear has been explored by artists and storytellers throughout times in powerful narratives. Hal 9000, is one example, the calm computer from the iconic film “2001: A Space Odyssey”, who was discreetly gaining a will of his own, and developing the killer instinct. But stories change, and we have other examples. Steven Spielberg’s “Artificial Intelligence”,for example, tells a different tale, the one of a little cyborg boy, becoming human and feeling love and empathy … for his human mother.
There is no clarity at all about when the massive intelligence explosion will occur in computers. But if we stop thinking of “supercomputers” as something outside us: as squared boxes with flashing lights, out there, the questions change to a different type. But we also need to be careful and ready for the tsunami. In order to do so, it is mandatory to start designing AI that is useful to all, and to the biosphere. For that we need systems thinking and intersubjective analysis that puts into perspective economics, psychology, ethics and technological development. And we need strong legislation. The future is ours, to decide upon what narratives to take on and what to abandon.
Getting Ready For The Tsunami: AI Evolution, Blockchain and Technological Singularity Part 1
Getting Ready For The Tsunami: AI Evolution, Blockchain and Technological Singularity Part 2
Read more here:: www.intelligenthq.com/feed/
5G4REAL: Israel Prepped for 5G With Next-Gen Apps
As a country known for innovation, Israel exhibited several exciting applications for a 5G future at MWC 2019, including a communications protocol that uses soundwaves, a new type of IoT sensor and augmented reality glasses for cyclists.
Read more here:: www.lightreading.com/rss_simple.asp?f_n=1249&f_sty=News%20Wire&f_ln=IPv6+-+Latest+News+Wire