RIPE 83
.
Plenary session
.
Friday, 26 November 2021
.
10:30 (UTC + 1)
BRIAN NISBET: Good morning, lovely RIPE 83 people, and my T‑shirt arrived today, it's rather lovely, I'm just going to say.
FRANZISKA LICHTBLAU: Now I want one too.
BRIAN NISBET: But, good morning to the Closing Plenary, after what has been a great week of virtual meeting. We hope for hybrid in the future again soon.
So we have two presentations this morning. But before we do that, just briefly in regards to the PC elections which we mentioned on Wednesday and it was in the e‑mail, we didn't have a lot of people. We had two people who stepped forward to be on the PC, and both of them were on the PC already and it's great that they wanted to remain and continue to contribute, but we had two seats, we had two people, so I will say who those two people are now in one moment, but I do want to just say that, you know, we're hoping that this is not something that becomes a regular thing, for lots of obvious reasons, and we understand virtual meetings are strange, I think there is probably several RIPE Labs articles or something brewing on that. But the PC are going to take this away and we're going to think about, you know, the reasons this happened, and we're very, you know, open to input from people, pc [at] ripe [dot] net, on why maybe you don't think people stood or you didn't stand or whatever, whatever reason yourself, and see what we can do to reinvigorate that engagement.
And as we all said, hopefully a physical meeting will help, or a hybrid meeting will help with that as well. But, the short answer to who is ‑‑ who left the PC and is back on again, is Dmitry Kohmanyuk and Alexander Azimov, so he was an ENOG representative and there will be a new ENOG representative, so Alexander is now one of the elected members of the PC.
So, thank you for that, and we shall now move on with the Plenary.
And our first presenter this morning speaking about DNS openness at some ‑‑ actually, it's not too ungodly hour of the night in Australia. As I said, the return to physical meetings, so Randy and Geoff and George and all of the people from non‑European time zones actually get to wake up and go to bed at reasonable hours. But, Geoff Huston from APNIC talking about DNS openness. So, please, Geoff, take it away.
GEOFF HUSTON: Thank you very much. Why am I talking about the DNS? Well, you and I don't live in the Internet that we built. We don't live in the Internet that, you know, uses addresses and routing. We live in a world of CD and assess networks. We live in an Internet where, you know, upwards of certainly more than three‑quarters, possibly, 80, 85% of all the volume and traffic delivered to end users come to a data centre close to you and close to me.
And so, routing doesn't matter, addresses don't matter. You and I could both share network 1 and, as long as your data centre is different from my data centre, no one would notice the difference. So what matters is the naming and references. It's the name system that is the glue, that's all we have got left. That's what defines the Internet these days and so the DNS is even more important than we thought. It is kind of the one piece of glue that actually keeps all this together these days, because we broke addresses, you know, we're still waiting for v6 and v4 broke years ago and good, oops, that wasn't a good thing. And we don't send packets around the world end‑to‑end to end‑to‑end any more. Part of the issue with NATs is we broke that. To make the Internet blindingly fast and to scale with all those billions of users, we built data centres and because we live in a world of abundance and computing and bandwidth‑wise, this is an amazingly abundant world, routing doesn't matter. It's all about the name system.
So, the openness of the DNS is really a super critical thing to think about. I wish I knew a better way of advancing she is slides.
What do we mean by "openness"? Well, maybe it's more about, well, is it open insofar as it doesn't matter who you are, it doesn't matter where you are, it doesn't matter what equipment you use, you get to see the same thing. It's open for anybody to access because it's one system, and that's what openness means in this context. But if you think about that, that was the DNS. The reason why we built this system was, some of you might remember, we were circulating versions of hosts.text all around the planet and this is the late eighties and everyone had a different version of that text file. That didn't work. And so the DNS was meant to be a system where we all saw the same name system, same answer to the same query, irrespective of who you were. And so it didn't depend on who you were asking, what equipment you had, what platform, nothing like that. The answer didn't depend on the origin or the information either. It was always going to give the same answer. The whole idea of the DNS was incredible consistency.
So, if consistency is really what we mean by openness, well, that was the DNS. So, you know, is the DNS open? Well, of course it is, right? Why are you asking this question, Geoff? That's just crazy. Well, there is a point.
Because that's only true in theory. In practice, that doesn't happen. It doesn't happen for me, it doesn't happen for you.
If you live in China, facebook.com gives you really weird answers. There are certainly names in the UK that just won't resolve, America, Australia where I live, India, Russia, you name it. For all kinds of reasons in all kinds of locations, some names just won't resolve. It's not there. So isn't the same DNS everywhere?
In some cases, your IP is desperate for money they went and sold NXDOMAIN from their resolvers to a research company or two. Instead of saying that name doesn't exist, they tell you this search I think will tell what you names will exist, come to our search engine and we'll give you all the answers you want. I used to work for Telstra and they tried that for a while too, with pretty bad results. It's not uncommon and it probably still happens. There are folks who make a feature of not answering names. Quad9 makes it a feature.
Now, it's true the names they are not answering are basically associated with malware and nasty work, and it's probably a good thing, but it's not what the DNS was meant to do. Whether you figured it out it was good or bad was not the DNS's problem, it was meant to be someone else's problem, so the DNS is being used for all kind of purposes for which it isn't designed and the issue then comes, the DNS isn't the same everywhere.
Where you are and what you are doing gives you different answers. Now, is this a problem? Is this a problem that the DNS is kind of, well, to you it's this answer, to you, no, sorry. Well, generally not. Was it at the piece of west failure, I mean, you Europeans should know, 16, oh, 1648, they talked about the monopoly of violence inside land boundaries, you know, nation states from a sovereign right to makes rules, and so, in some ways, if this is a DNS rule in my country, then it's a DNS rule. And, you know, Quad9 is not regarded as a new incarnation of evil. On the contrary, it's a good thing. Because, quite frankly, the ways in which we get duped and which malware enters our system is so many and so various that having a bit of help is actually probably a good thing rather than a bad thing. In general, you know, we think this is okay.
It's only really a problem when it starts to get used as a lever in someone's file. In Australia, they manage to convince the local regulators to ban the piratebay.org. Who did that? Well, the IPR holders, because obviously only naughty people would look up that site and they are only there to steal content so let's ban it from the DNS. Even that is just a side show, as ineffectual as it is, because everyone just goes and uses an open resolver that doesn't do that kind of censorship. In some ways, it's a side show. In some ways, consistency isn't really the key question here. Let's dig a bit deeper and talk about what we mean by "openness".
Well, we have sort of these definitions in the Internet which I think was actually built in a world of openness as a response to the previous incarnations of networking which are closed vendor base and so the Internet was living the dream of open systems in a connection which of course failed miserably, the whole OSI architecture. But from the 1980s, open was big, open meant vendor‑neutral, open meant to be openly specified without any kind of IP encumbrance. They were meant to be implementations as open source. You know, and if you look at our name servers in the DNS, they'll answer anybody, which is commonly used as an attack vector, but they are designed to answer anyone. They are designed to be open and promiscuous, and the DNS information is openly available, it's in a zone file a DNS server will give it to you. Some folk, like .com and .net, will not tell you the entire contents of a zone all at one time and so the entire collection might not be available, but each individual there you can ask for it and if it's there it will tell you.
The queries, the responses, are open. So in some ways, it's all open and that's a really good thing, except for that last point because DNS queries and responses being old. When we are talking about the surveillance economy and which is the world we live in right now, this has turned against us viciously because openness is actually a phenomenal weakness. If I am going to signal my intent in the next couple of seconds, if I am going to say this is what I'm going to do, just look at my DNS.
Because, no matter what I'm going to do in the next second or two, the DNS will tell you, because I have gone and looked up its name. So if I could see your stream of DNS queries in realtime, I could tell you what you are going to do. And if I could edit the answers, I could stop you doing it. And so in some ways, this openness can be viciously manipulated for fun, profit and evil, and sometimes you'll see all three together. And I always like this, a remarkably prescient view from XKCD and even more prescient when you realise that 30%, one in three roughly, of the Internet's, what is it now, 3 or 4 billion users, sent their queries to Google. One in three.
What an information stream that is. Unparalleled. So, in some ways, you know, this openness is actually a liability. Let's dig a bit further and see what's going on there. If you are not familiar with the DNS, this is the kind of five‑slide head‑spinning summary. The DNS takes human names and converts them into IP addresses, right. So, simple thing I want to get to Google, send the question, what's the IP address for Google into the DNS Cloud, the DNS Cloud sends back an IP address, send your packets to this address. Right. Easy stuff. In some ways inside the system, a sort of dedicated parts of this, the end user part, the DNS resolver engine that orchestrates the querying system, and a whole bunch of demand servers that have detailed knowledge of parts, and so if I am looking up a name about Google, there is a server that knows about Google and will answer it. The DNS resolver's task is to figure out which server to ask based on the query. That's a whole lot of text that says exactly the same thing.
.
You all knew this anyway.
The issue is, though, that those slides reflect a view when the Internet had about three users, and now that it has about more than 3 billion, what we have been doing in the last few decades is actually to scaling. Everything is scaling. And so it's not resolvers, it's resolver farms, and it's not even just resolver farms, we have Anycast constellations. All of this stuff is built on complex infrastructure and this is a mildly, a mildly simple attempt to try and put it all there. But the DNS is now, because of scaling, hideously complicated with a huge amount of handling just to cope with the query load, because we're doing trillions of queries a day.
But even that, that infrastructure view, that view of DNS engines isn't really the DNS, and when we talk about openness, it's not really about the infrastructure, because the DNS is a name space, it's a registration framework, it's a distributed database, it's a protocol, it's a signalling media. It's all of these and more. When we talk about openness and talk about markets, it's not a single market, there are many markets inside the DNS. There is even a market for DNS query logs, and so how can we talk about openness when the DNS is all of these things, and they all have very, very different characteristics.
Some of these market are well established, some are highly regulated, some of just complete failures. What parts of these are working well and to what extent are they failing?
.
Well, okay, let's take a market view of openness and try and figure out what themes we can use to talk about the DNS, to actually try and answer that question? Is this market working? Is it open? Is it sustaining the Internet and allowing it thrive or are we dancing with disaster? Time is limited, your time, my time and there are so many things in the DNS. DNS is privacy, it's the control element, trusting the answers, name space fragmentation, rendevouz tools tools, abuse, cyber attacks, centralisation. All of these things are relevant topics, and that's a huge agenda. And while I could happily talk about this all day, I have got about ten minutes left.
I am just going to take two topics and look at them very quickly and talk about how they should have worked and they didn't. Can you trust the DNS? Of course not. Most good attacks start with perverting the DNS, whether it's through fragmentation attacks, cache poisoning, whatever, whether it's through attacks on the registry/registrar system to actually get the delegation changed over to the evil person. You know, all of these things are possible in the DNS. And so, you'd think, because we rely on the DNS so much, that having a trustable DNS would be in everybody's interests. And the real question is: How are we doing?
.
Well, the way we do this is DNSSEC. We use the awesome power of cryptography and digital signatures, it should be impossible to lie because we sign everything. Why? Because all the answers can be validated against the original intent in the zone itself. If the signatures match, it's real. If they don't match, somebody is manipulating the DNS. And so we can look at the metrics of this and we find that who does DNSSEC validation? Yeah, Sweden, Finland, Saudi Arabia. Yeah, Somalia. Yeah, New Zealand. Yeah, nobody else. Why not in the UK? Why not Mexico? Why not Australia? Even Spain. Just don't.
And so in some ways, although it seems like an good idea, only 25% of users are actually protected with DNSSEC and not even they are protected. They sit behind resolvers that do the validation. Nobody, almost nobody, just one or two minor loonies like myself, do validation on the N systems and they won't resolve badly‑signed names. Everyone else, no, it's not a problem, is it?
.
And so, why not? Well, technology. Large responses, DNS it's a mess, it takes time, and, quite frankly, we count our milliseconds in millions, if not billions, of dollars these days, and so in some ways DNSSEC is a failure because while everyone wants it, quite frankly, no one is willing to live with the downside. The downside of taking more time, taking more effort, and introducing more fragility.
And so while it's a really, really good idea, and users would want it if they knew they wanted it, it's market failure. Users don't actually pay for queries, so you can't say look, if I pay, will you validate the answer for me? It's kind of, you don't have any choice.
And I don't have any choice in what I query for. I just click URLs. I don't care if the name is signed or not. Neither do you. And quite frankly, although everyone benefits, the benefits to the costs are so indirect and misaligned, nothing happens.
There is an odd coincidence that the number of users out there who do DNSSEC validation and the number of users that send their queries to Google's open DNS system are about the same. You can see why can't you, because they are the only ones left actually doing it. No one else cares.
Let's move on to Google then and look about this open market for DNS resolution. Healthy market, busted market?
.
Well, I don't know about you, but I don't pay for DNS name resolution queries, my ISP does it for me, and I don't pay them extra. And so in some ways, you know, no matter what goes on, they get the same money from me, why should they spend more money on on a good DNS? And so in response to that, we saw the open resolver effort appear. And there were various folk. It started with OpenDNS, but then along came Google, then CloudFlare of course, Quad9, TWNIC runs one, there is a whole bunch of them all over the place, Microsoft tried for a while. It might still be there, I don't know.
The problem is, how do you make money out of it? Because while it would be good to sell the query log, everyone looks at you if you try going I'm sorry, I'm sorry, in this privacy‑sensitive world, selling DNS queries is frowned upon. Don't go there.
And so, these open resolvers run the success disaster issue. So open resolvers are a market failure unless your name is Google. Everyone else uses their ISP. But their ISP is not motivated to make it go any better. I still pay them the same amount of one whether they spend zillions of dollars on a good DNS system or nothing.
And so, DNS is Mr. Cost. Why should I spend more on cost? And so the DNS is actually fatally broken in that economy. There is a massive resistance to change in the D ‑‑ ISP market. So all of this DNS infrastructure is stuck in a past that no one is motivated to fix, and so, it's broken. Even DNS privacy, DNS over TLS and DNS over HTTPS are looking like another market failure.
If we stop looking at it as one thing and look at it as something we can shatter, you start to get a different view. Because there are folk who have money and agility who don't want to upgrade every CPE on the planet, but want to improve their bits of the DNS and they are the application folk, they are the folk who actually drive content, they are the content of CDNs and those CDNs and those application folk want to drive an entirely different service and move at a pace that the rest of the rest of the ISPs are unwilling do to in the next decade. Like we have seen before in these kind of fights where one group want to move quickly and the other group are saying life is hard and I have got no money, the folk who have money and want to move spend their money and move. And they don't try and bring everything else up, they don't wait for everyone else to make the investments, they just do it themselves. Application‑specific naming services are a really very, very imminent outcome here.
Because the folk with the money, the folk with the motivation, and the folk with the resources, who is the two‑and‑a‑half trillion dollar company in this world? Oh, that's right, it's Apple. Who is the other one? Oh, it's Microsoft, oh, it's Amazon, oh, it's Google, oh, it's Facebook. None of these build infrastructure per se. They are up at the content and applications space and they are impatient and they have money and they are going to do what they need to do and not wait for everyone else. In some ways, pushing the DNS up into that space not as a single cohesive infrastructure but as a naming resolution service for their naming universe is not only inevitable, it's entirely logical, and that's where aware heading.
We're heading with an inevitability of a brick from the 40th floor. Sooner or later, it's going to hit the ground. It's just going to happen. Over the last 20 years we tried to scale the Internet. We actually failed to scale it the way we dreamt it. This is no longer an end‑to‑end peer network. It lost that when we started to build the first hundred million users. By the time we got to the first billion, again, we really are in scaling hell. To make this work, we pushed everything out to the edge, we pushed everything into the distribution systems that replicate content in an abundant world. And so the DNS is swept up inside all of that shift into application‑centric servers. This is a totally different network. And to think that we could hang on to this single DNS, this unified name space when everything else is being swept up in this dramatic change in the entire architecture of the Internet into this world that is driven by content, then, no, it's not going to happen like that.
And so, if we ask is the DNS open? The answer is well, today, at this time, yeah, okay, it's open.
Tomorrow? No. Because it's just getting too hard to keep this together. The network we're building and bringing it up into this application world is being tugged in so many different directions at once that there is no one left to try and keep it together. The only thing that orchestrates in this deregulated world are markets. And when markets fail, when markets don't signal orchestration but offer rewards to folk who strike quickly and in their own direction, which is what is happening, that's when you get fragmentation, that's when you get the breakdown of a cohesive system into something that is completely different. And that is where we're heading.
So, if that's a new version of openness, yeah, but I don't think it is. I'm not sure what we're going to call it, but it's certainly not the name system and the cohesive environment we were used to. It's going to be something entirely different. Who is in charge of this? Remember Google, 30% of users that use their resolution service.
I think we have got a bit of time for questions. Thank you very much. I'll hand it back.
FRANZISKA LICHTBLAU: Thank you. Actually, we are quite well on time, so if anyone has questions, please go ahead and ask Geoff. For now, I only see discussions in the chat. Yes, there is a question.
Lars Liman asks: "Geoff, you are probably right, I would argue that none of the fundamental pillars of the Internet was designed with a market‑driven environment in mind."
.
Yeah, that sounds ‑‑
GEOFF HUSTON: Wow, that is such an amazing statement, because in some ways, when we deregulated the monster of telephony, do you remember them, all those national telcos, the Internet was the poster child of deregulation and competitive forces, all those entrepreneurs did 50 years of technical innovation in the first five years, the Internet was the poster child of deregulation, this was meant to be victory of markets. It's just 20 years later it's all turning to ashes in our hand, but we had dreams. We seriously thought this was going to be so much better than what it was. And I think the issue is, in all of this, is really hard to make deregulated markets work at the scale we're asking of it and the skews are always there and when we look around there and find the control mechanisms, we find that we're pushed all of this debate and top topic then years ahead or maybe 20 of our social institutions. Regulators, governments, all these meetings about technology, are finding it hard to even understand the terms, let alone the points that are of interest. We did this before in the 1880s in the industrial revolution. We created monsters like General Electric and J.P. Morgan and then tried for the next 30 years to rip them apart because they just moved too fast. We're doing it again, everyone, we're just doing it again.
So, yeah, deregulation was meant to be an asset. It's again turned a bit bad. Oops!
FRANZISKA LICHTBLAU: I see a theme for your next presentation coming up.
Okay, is there anyone else? We have a new question. Daniel Karrenberg:
"Isn't the Internet we dreamed of still here? Is it not just a smaller scale subset?"
GEOFF HUSTON: Oh, look, at some point when I was trying to do voiceover, whatever it was, IP engineering, we realised at one point we were spending about 20% of our engineering cost, all of these resources, and the most money we could ever expect from having voice‑over the Internet was fractions of a percent, and it was always cheaper to just buy more bandwidth and ignore the problem. In some ways, if 85% of your money is the last mile access network, 85 of your traffic or the business, why spend a cent on this larger Internet on routing on the difficult bits? And that's the problem that's confronting us. In some ways leaving all of this to the inter data centre problem that is collectively Facebook, Google and Amazon, and so the rest of us don't even have to worry about it, is actually what's going on today. And even that little bit left, Daniel, is being closed down because it's just uneconomic. And so now we're finding access‑only ISPs out there and access‑only customers out there, and that's kind of what we're trading ourselves for. So, I don't share your optimism, unfortunately, and I'll say that with a smile, because what else can I do?
FRANZISKA LICHTBLAU: Okay. So, I actually have to correct myself. Earlier on, Daniel was asking with his hat of gild of IRR chief scientist and I think then the question is in a little bit different context.
The next one is Vesna, as a cyber citizen:
"Geoff, what do you think of using governing of the comments principle by Elinor Ostrom for keeping the future Internet or DNS open?"
Do you know anything about that?
GEOFF HUSTON: Yeah, look, I'm going to go back in history and talk about the gilded age for a second, because what happened in America was a rush in industrialisation that turned an agrarian society, with a little bit of slavery involved, into a entirely different society with massive dislocation, huge urban populations, large dislocation. What floated to the surface were a bunch of unprincipled exploiters. You remember them? Andrew Carnegie, Mr. Rockefeller, and their ilk. What they did after they became obscenely rich was to spend their next efforts in inventing a future. General Electric is around today, J.P. Morgan, Esso, Standard Oil, still here, and so, in some ways, trying to think that there is a way out of this mess, when the Googles of this world have got all they need out of today, then are building their tomorrow, is really where the problem is lying now. And like the folk of the 1890s in the US, they are building a century of domination, and trying to understand how to accommodate that, without even the enthusiasm of the US Congress and their Sherman antitrust bill, and the efforts of today's regulators with GDPR is kind of nipping at the ankles; it is so ineffectual it's laughable because it doesn't get to the core of the issues here. And this is what I said, that when you get the movement that's so fast, and so far in advanced of all the other institutions we're struggling to find how to talk about this and how to actually engage with this as a problem. As an issue that talks about when Google control 92% all of searches, all around the planet, are Google defining our language? Are Google defining how we think? What's going on here when all of that is private? These are deep questions, and they are deeply disturbing. We have spent the last ten years basically building a network that's scaled by a factor of 10 billion, that's a phenomenal achievement. We have spent all of our time and energy doing that. We didn't have enough time to look around at the side effects of what was going on and why we were scaling so quickly. And now that I think there is a little bit of time for breathing, and think this isn't what we bought, this isn't what we wanted, but how do you get to another room? That, I must admit, I can't answer, I really don't know. It's a tough one.
FRANZISKA LICHTBLAU: I agree. Like, given my background in the research world, we always had this discussion. Nobody has the answers right now, so I think we have a lot of interesting discussions coming up.
We have a question by Blake Willis:
"DNSSEC works better over IPv6 since fragmentation and firewalling are less awful than IPv4."
GEOFF HUSTON: Yeah, right! No, no, no, no, no! It's not even a v4/IPv6 issue. The issue with DNSSEC is, quite frankly, an economic issue. It's an issue where no one is actually motivated to do it. The browser folk don't want it because it takes too many milliseconds. The folk who were signing don't want to do it because they think it's one more thing to go wrong and, quite frankly, validation in your local recursive resolver is like outsourcing your security to the evil guy down the street. I might, you know, where is the security in that? If you really don't trust the DNS, you have got to do it yourself. Oh, great, where is the tool for me to do it myself? That's a question. I wish I had an answer. In some way, it's not a v6/v4 question, we have taken a fraction of the problem and said "problem solved", when it wasn't, and I think that's part of the issue here.
FRANZISKA LICHTBLAU: We have Vesna again, as a parent of young people:
"Do you have hope that the new generations will be able to solve problems we have allowed to happen or created ourselves?"
.
So give us some future optimism here.
GEOFF HUSTON: I mentioned 100 years when I talked about the gild age, that's three or four generations. We have created a long‑term monster. And it's going to take us quite some time to figure it out, various governments' efforts and I see there is an EU one to build a competitor to Google, a government resolver, I love your work guys, it's a great idea. It's going to take some time and unfortunately one generation isn't going to solve this. Part of the issue is trying to find a balance between public and private and we have kind of walked away from the world of libraries, walked away from the world of public services, because I think they did get corrupted, the telephone monopolies were no fun, but a world that's purely private is no fun either. And trying to get that balance right has always been an effort for us, but it's that, to my mind, is where the balance needs to be struck and that means a lot more of us need to work in the public sector, a lot more of us, because they need our help, much more than Google needs our help to be perfectly frank because to have these conversations, you can't have one group sucking up all the bright mind and everyone else struggling to keep up. So, you know, an ad for government work! Yeah!
.
FRANZISKA LICHTBLAU: I think all of us have had discussions with people from the public sector and there is a lot of potential that we could also at some point will help out there. Who of us actually does it?
GEOFF HUSTON: They need us. They need to understand the other side of what's actually happening, and quite frankly, this is a technology‑ridden space, we spent the last ten years building a whole dictionary of terms, we bastardised English. What we talk about when we talk routing, or DNS, security, no one could call that any language other than techno babble, and so I pity anyone else from the outside trying to come to grips with this.
The babble made us exclusive. Put us in a sealed room where we thought know one was looking because no one could understand us. I think we did the world a disservice when we did that. Just saying!
FRANZISKA LICHTBLAU: Just saying. Okay, we have three questions still in the queue, so I have to read a lot of novels and I'm closing the queue for now.
The next one is by Dmitry Kohmanyuk from UACC TLD: "In the brave new world or maybe franchise privatised world, would we have compartments of DNS that do not talk to each other or can DNS be used for bridging islands?"
GEOFF HUSTON: Oh, God, it's all going to separate. We are all little islands and there is no bridging island. We are going to rebuild the mess that was the 1980s and some of you are old enough to have been there and I was too, and, my God, it was horrible. We are going to do it again because cooperation is such a dim light in such a frenetically disastrously competitive world where Facebook is so paranoid that its whole privacy argument is not about securing me, they don't give a stuff about me. What they care about is leaking the valuable information about me to Google, to Amazon, to Microsoft or Akamai or anyone else. The real concern is the folk that won't look over their shoulders. That's the privacy debate for these folk and, quite frankly, islands is what we got to get used to because that's what's being built again. What was that early BBR one? There was some sillily bulletin board in America. We're doing it again.
FRANZISKA LICHTBLAU: So, next one is Raymond Jetten, speaking for himself:
"Do you think that people using Google for their lookups do this because their ISPs' DNS server are under regulation and modified or more due to the DNS quality provided?"
GEOFF HUSTON: Almost nobody picks Google by themselves. I have done a lot of work looking at this and most of the work and people using Google is because their ISP was so lazy that sending all the queries to Google was cheaper, and that's why Google has a market share that's so enormous. Their ISPs are lazy. People, end users, people who aren't you and me, right, don't twiddle with the knobs, because you'd kind of break things. So, very little of this is a conscious choice. Google gets used because ISPs find it's a cheaper way out than any other solution. So, this is the race to the lowest common denominator. Who wins? Google wins, unfortunately.
FRANZISKA LICHTBLAU: One last overarching question from Alex ‑ :
"Are you basically saying that we are in trouble now because we never really solved the monopoly power dynamics issues? We allowed to emerge during the industrial revolution and that as a society we have never really moved very far beyond that world?"
.
People, please use quotation marks and sentences, more than one.
GEOFF HUSTON: It's a really good question. But think about this, the Americans were very concerned about huge monopolies and they did a couple of antitrust actions in the early 1900s. It caused a massive depression in 1911. So Congress got scared. Then along came Ford and GM, who were the biggest industrial monopolies on the planet, they made 80% of the world's cars in the 1920s. They earned the US so much money that no one was prepared to touch them, certainly not the US. And so everyone else was saying yeah, we like cars, I wish we could make our own, part of the problem is taking on these giants seems to be a case of self‑harm every time in some way or another, and so we find it very, very difficult to strike a balance when this happens. The lesson from histories, it really needs very careful and informed discussion in society about how we want to deal with technology. And when we have this kind of discussion and debate pushed to the edges and the IGF or all of its intent has been sidetracked I think into small side shows rather than confronting the elephant, and they are literally elephants in our room, then we're never going to make progress.
So, you know, in some ways this is a painful discussion that we need to have, but having it is difficult. But thank you for the opportunity to talk about it. Because I think it's great to actually talk about it for once. So thank you all.
FRANZISKA LICHTBLAU: Thank you, Geoff. That was a really nice round of discussions and now we are leaving the look to the future and we do a little bit a look into the past week. Next up is Menno, and he will give us a breakdown of all the technical things that we experienced in this meeting week, so tell us how it went.
MENNO SCHEPERS: This is a short report on how the week went. First of all, the tech team. These are the people behind the scenes. There has been a slight change from last time. Razvan decided to leave the tech team, he is still working with us but he has a lot of duties on his plate so he decided to leave the team and we found a great replacement, Ondrej, in the bottom left, you see him, he joined the team and yeah, we're very happy with having him in the team.
Also, you see Martina is not in the picture any more. If you remember her from previous meetings, Martina left us, left the RIPE NCC, unfortunately, and hopefully next RIPE meeting we have someone else in the team to replace her.
Then, let's go to the next slide.
Meetecho. This is the platform that we're using. As you can see, yeah, this is the fourth time we're using it, and we're quite happy with it, actually very happy with it, and also with the support we're getting from the Meetecho team. Every meeting, there are new issues, and they help us with quickly solving those.
Some examples are, for example, audio issues. On the Monday, we noticed reports from people that they couldn't hear any audio. Apparently this was due to some changed behaviour because browsers get updates almost daily sometimes but quite frequently and some behaviour was changed in the audio play policy. This is a policy that basically helps the end users not to get spam websites automatically playing videos and audio. But the change in behaviour made it that also in Meetecho audio wouldn't play.
There was a quick fix made by the Meetecho team and they implemented it on the Monday evening, so, on Tuesday, those Windows users didn't have these issues any more, fortunately.
Then there was also another audio issue, and that was for Safari users, they had the issue that when they tried to enable the microphone, they got an error saying "audio track closed" and the microphone wouldn't actually work. This is a bug, and you can find the URL down here to look into it, but hopefully this also will be solved for the next RIPE meeting, and I am sure that there will be new issues by then for us to look at.
During the Anti‑Abuse, there was a discussion also about the 2 factor authentication, and what was cool to see is that, during that session, we saw eight users log in and enable 2 factor authentication on their SSO account, so we think that's probably because of that session. That's really cool. And if you haven't done so yet, consider doing the same.
The stenography, this is pretty cool. So what we have been using for a long time is StreamText for the stenography, and StreamText was always IPv4 only. And in 2012, we started sending them e‑mails asking them to see if they can enable IPv6. Back then, it wasn't possible because their Cloud provider didn't support it yet. Not so long ago, they moved to another Cloud provider, and, as you can see, they now do support IPv6, and this is pretty cool now because the website, ripe83.ripe.net and meetecho.ripe.net is now 100 dual stack, so you can enjoy it also IPv6‑only.
Then the next slide ‑‑ some statistics. You see here the statistics for the whole week of participants, the YouTube statistics are missing because YouTube is very slow with giving us the statistics. It stays behind, but here you can see at least the Meetecho and the live‑stream. You see also the live‑stream was quite ‑‑ there were quite more participants on the live‑stream on the Monday. This could be due to the audio issue for certain Windows users, and then on Tuesday, when that was fixed, probably they were all back on the Meetecho and didn't need to use the live‑stream.
And then the last, one the last slides here is the browser and OS stats. This is very similar to the last RIPE meeting. Nothing special in here.
And finally, an IPv6, some IPv6 stats compared to the last RIPE meeting, we see a small decline went from 52% to 50% of the participants coming in over IPv6. But still, a lot better compared to RIPE 81.
That's it for my tech report. It was ‑‑ it went quite smooth this week, and I really hope that, next time, we can do a hybrid meeting and hopefully the report contain some more interesting things how that went, but let's see what the future holds.
BRIAN NISBET: Yes, indeed, and thank you so much. As has been commented, there is nothing faster than the NCC technical team and I see how quickly the videos have been going up and all of the rest. And it's fantastic, from my point of view, to see that conversations during the Anti‑Abuse Working Group actually have an effect on people's network security. But we have got a couple of questions.
Remco van Mook: "Yes, how many other large‑scale users does the Meetecho platform have? These bugs seem pretty generic."
MENNO SCHEPERS: I don't know. I know that they do the IETF. Maybe if someone from Meetecho cares to comment on this question now, go ahead, but otherwise I can say about these issues, that, like I said, some issues pop up only a week before the meeting because of an update, for example, in the browser, that makes it difficult for us to spot them.
BRIAN NISBET: Okay. And going back to the 2FA piece, Blake Willis:
"Thanks for all your efforts here. I'd love to see an NCC access to FA option that doesn't require a mobile app."
.
I'll just drop that there. That's more an NCC Services ‑‑
MENNO SCHEPERS: Exactly, but I'm sure that they are looking at this as well, so it's noted. Thank you.
BRIAN NISBET: Okay. Any other questions, folks? I don't think so.
So, Menno, you are obviously the representative here, but thank you so much for your team, all of the work that's done to make this ‑‑ as I think I was tweeting, you know, virtual meetings have many issues, but none of them are down to the platform here, this is still by far and away the smoothest and most engaging virtual meeting that I have participated in, so thank you very much.
MENNO SCHEPERS: Thank you.
BRIAN NISBET: Are there ‑‑ one last one. Robert Scheck from UTES:
"Are there bandwidth statistics for Meetecho too?"
MENNO SCHEPERS: I am sure there are. I don't have them in here. Yeah, I am sure there are, but I don't have them in this presentation. Let's see if next time we can add something like that as well. Yeah.
BRIAN NISBET: Next time ‑‑ well, maybe next time in Berlin, we'll all be there on our laptops in the room logged into Meetecho, it will be a whole thing, but remember, walking up to the mic improves your step count. Thank you very much, Menno.
And so with that, that is the end of this bit of the Plenary. So, it just remains with me to say thank you to everybody who submitted talks to the Plenary, who presented to all of you for your engagement with those talks, we will obviously ‑‑ there'll be new call for papers and things, but please rate those talks so we know what you liked and ‑‑ I mean, obviously, while there was nothing you didn't like, I am sure what you found better or worse from this meeting, so we can, as the PC, can craft RIPE 84, and so we're now going to hand over back to the RIPE Chair team to close out the meeting.
Thank you all, and I look forward to seeing you in Berlin, but definitely seeing you one way or the other at RIPE, whatever type of hybrid meeting we hope that RIPE 84 will be.
So, Mirjam, Niall, are you out there?
