the london-based art and design practice united visual artist recently presented a series of light installation titled 'speed of light'. the project was commissioned by virgin media to commemorate the tenth anniversary of broadband in the UK. the project was installed in the victorian bargehouse on london's south bank and made use of 148 lasers spread across six rooms. UVA used the beam of light that travels along optical fibers as the starting point for the piece. among the pieces created, UVA crafted a small sitting area that features a sofa, table and television screen made completely from laser beams.

image credit: UVA | via designboom

Today, May 5 will be a good day to make sure your network is ready for DNSSEC. The last of the Internet’s 13 root servers will transition to DNSSEC. It could pose a problem for network administrators and users working with older DNS servers, routers, firewalls, and modems.

So, What is it for?

DNSSEC (Domain Name System Security Extensions) is a suite of specifications which implement record signing to ensure the integrity of certain types of transactions.  It uses both asymmetric and symmetric cryptography for RR (Resource Record) or zone transfer transactions, respectively. To ensure the authenticity of information received by a resolver. Securing DNS with DNSSEC begins with establishing a chain of trust. Resolvers use ‘anchor keys’ to verify parent domains, beginning with the trust anchor. DNSSEC will increase DNS traffic with more requests and larger responses. Domains with high volume traffic should prepare for increased bandwidth needs.

What it means to you?

One of the problems the DNS system has is that there are various techniques which are hard to explain but which are pretty well understood in certain nefarious quarters which can be used to trick a computer into believing a forged answer when its resolver asks a question.

When DNSSEC is fully deployed, it’ll provide a method your computer can use to thwart that kind of attack. DNS responses will be “signed”, and your computer’s resolver will be able to check the signatures to make sure they match. So when you type www.yourbank.com.cn and get a forged answer, your computer will know it’s forged.

DNSSEC deployment is a world-wide change to one of the systems that holds the Internet together, and is not something instigated or under the control of Internode as such. However, trying to ensure that in the unlikely event that it causes you a hassle, you will understand it and be able to do something about it.

Sounds good, why are the articles doom-saying about it?

To answer that, you need to know a bit of DNS history: Until relatively recently, DNS responses have usually been limited to 512 bytes, and have mostly been carried by an Internet protocol called “UDP”. So various bits of infrastructure such as firewalls and home ADSL routers have been designed on the assumption that all DNS responses are 512 bytes or less, transported by UDP.

The problem is that the digital signatures required by DNSSEC tend to push the size of DNS responses past the 512 byte point. This shouldn’t present a huge challenge, because the DNS protocol has a mechanism for transporting larger responses by sending them over TCP instead of UDP. But the mechanism has been so rarely needed that many vendors haven’t implemented it. Indeed, large DNS responses have been so rare that some firewall vendors and some companies’ security managers have actively blocked them on the assumption that the only possible reason they’d exist would be as part of an attack!

For people using systems which don’t work correctly with large DNS responses, Wednesday 5th May 2010 will represent a bit of a flag-day. On that day, the Internet’s root DNS servers will start emitting the digital signatures needed to authenticate their responses, and there’s a reasonable expectation that people who aren’t correctly processing large DNS responses will suffer connectivity problems to random bits of the Internet. Most systems should be fine, but older firewalls and ADSL modems might suffer problems.

What you should do?

Making sure your network and end users are ready for DNSSEC. Few Tips provided here may help you:

1. If you haven’t done so already, make sure your DNS servers, routers, and firewalls, can handle DNS requests with packet sizes larger than 512 bytes. Upgrade software and firmware if necessary.
2. Configure your firewall to allow DNS over RCP/53 and make sure “fragmented DNS responses over UDP or TCP aren’t blocked.”
3. If you support users’ home equipment, make sure it is also compatible with DNSSEC, especially if the device has a built-in DNS server. Install new firmware if necessary.

No one seems to be predicting that the May 5 DNSSEC changes will cause a significant Internet disruption, but it never hurts to make sure your network and your users are prepared. If you’re not sure, you can use the instructions at DNS-OARC to test if  your current DNS resolver can handle DNSSEC.

DNSSEC is undergoing a phased rollout and it won’t be ready for full use for a couple of years, but when the work is complete the security of the Internet infrastructure will be vastly improved. You can note that timeline on http://www.root-dnssec.org for other pertinent information about the deployment of DNSSEC for the root zone.

Web Directions has issued a report on The State of Web Development 2010. In the survey, professional web designers and developers answer over 50 questions about various web technology topics. Here are some of the highlights from the report:

• Few respondents use any form of Internet Explorer for their day to day web use, but IE8 is the num ber one browser devel op ers test their sites in.
• Google Chrome has jumped dramatically as the browser of choice for devel op ers, to rank 3rd, at 17% just behind Safari at 20%.
• Firefox remains the number one choice by some way, but respon dents were split between 3.5 and 3.6 at the time of our survey.
• Firefox 3.6 was released only a week before the survey began.
• Over half of respondents now use Mac OS X as their primary operating system.
• Nearly a third of respondents (up from 16%) use Mobile Safari, while Android use is at around 4%.
• JQuery has become even more dominant, with nearly 80% of all respondents using the library, up from 63% last year.
• Desktop-??like application frame works, such as Cappuccino and SproutCore show little sign of wide spread adoption by developers. Perhaps the day of desktop-??like web apps is yet to come, or perhaps developers really aren’t look ing to build webapps which mimic the desktop.

When it comes to web development technologies, the big stories are CSS3, web fonts and HTML5.

• More respondents (45%) than not (44%) use CSS3 and experimental CSS, up dramatically from last year (only 22% then were using CSS3 and nearly 70% not)
• Last survey, only 4% were using font link ing using @font-face. This survey that’s climbed to 23%
• HTML5 is now used to some extent by around 30% of respondents, up from under 10% last survey

Most of the respondents develop to W3C standards and then try to work around IE. The decision has payed off now that new web standards are gaining wide adoption even in IE (9). The survey asked which CSS selectors the respondents commonly used and 80% or more indicated Class selec­tors such as p.classname {}, HTML ele­ment selec­tors such as p {}, ID selec­tors such as p#idname {}, and Descendent selec­tors such as p a {}. One major change from 2008's results was the increase in CSS3 and experimental CSS usage. Only 22% used CSS3 or experimental CSS properties in 2008, but now the users of those properties have surpassed the users who don't use them. The most used property is border-radius by a significant margin.

Also, these were the results when respondents were asked which programming languages they used on the server-side:

Check out the results to all the questions, and you can download the complete (anonymized) set of responses in CSV format or grab the PDF infographic overview.

“The State of Web Development” survey is brought to you by Web Directions conferences, and Scroll Magazine, and conducted by John Allsopp