By now most of us know what Twitter is. Of do we? I spent more than a few months with a Twitter account and no real idea how to use it. At first it seemed a lot like re-branded Instant Messaging and I already have plenty of choices for that. Did I really need another one? My business partner Nick kept telling me, “Dude, you need to get on this. It’s big.” I wasn’t initially moved.

And then came the revelation: Twitter is not about instant messging. It is about promoting yourself to others. You can do it for business reasons or for personal ones, but one simple fact is true: Sell yourself 140 characters at a time. I’m not talking about spamming people. We’ve got plenty of that via other avenues (and Twitter is a victim, too). It’s about saying things that are quick, concise, relevant and interesting about what is happening in your world. If you say things that are not boring, people will follow you. You don’t have to find followers, they will find you. All you need to do is tweet. Dare I say it? “Tweet, and they will come.”

To date I have three Twitter accounts, each for a different facet of me. Admittedly I use one more than the others but I don’t like to cross-brand who I am. But that works for me. I tweet about business things with my business Twitter account. I tweet about more personal things with my personal twitter accounts. I don’t like to muddy the waters (which is the primary reason I despise Facebook). That may not work for you. Do what feels right.

The single biggest thing you can do for yourself on Twitter is to make sure you don’t get lured into using it as another IM client. I follow more than a few people who use it to chat about where to go to lunch or what time a movie starts, etc. That’s annoying. To them I suggest a little app called Skype. If you use Twitter as an IM client you are likely to lose followers in a hurry.

Twitter is a phenomon. It’s still misunderstood by many, though. More famous twitterer’s like Ashton Kutcher have increased their celebrity by making them more accessible to their fans. Having a direct line like that to people who have historically been so unattainable is a powerful, powerful thing. While you may not be hooking up with Demi you still may have interesting things to say. Tweet them. You will develop a following of your own.

A final note: Just because someone follows you does not mean you have to follow them in return. If you get a new follower, look them up. See what they tweet about. Read their bio. Are they interesting to you? If so, follow back. If not, that’s cool, too. If you do follow someone, see who else is following them. You will find that many of their followers are interesting to you. Follow them. Some of them will follow you in return. It’s viral.

Now go. Tweet.

Cheers,

Colin Weaver

I recently received an email asking about DNS server placement.  In part the email reads, “why whould a computer from the internet need to reach a “public” DNS server inside a private DMZ as if it were a web server? Are there occasions when a machine would need to reach accross the internet and resolve a private IP address? It seems backwards and highly unsecure, especially where there is no VPN.”

Questions in this vein are not too uncommon and over the years I have encountered a good number of people confused about where a DNS server should be placed and why.  The answer is not simple because there are many correct ones.  A lot depends on the layout of your network and your organization’s naming scheme.  To give a frame of reference for discussing this let’s consider three different general network layouts.  For each network I briefly review traffic flow typically allowed by the firewall.  This is important when trying to understand where a DNS server should be and why.  The networks are:

Network 1: Single Firewall With NO DMZ/Screened Subnet

Network 1 is the simplest scenario and more likely to be seen in a home network or a very small business.  The firewall allows internal nodes to establish connections to the Internet and there may be a limited ability for nodes on the Internet to make incoming connections to certain hosts on the internal LAN (but not by default).

Network 2:  Single Firewall With a Screened Subnet.

In Network 2 there is a single firewall with at least three interfaces.  One interface connects to the Internet, one to the ‘DMZ’ and the other to the internal network.  The servers in the DMZ are referred to as “public” because they are intentionally available to the Internet.  With appropriate rules configured traffic will be able to flow (in a limited fashion, of course) from the Internet to the DMZ but not from the Internet to the internal network.  The internal network can initiate outbound connections to the Internet as well as to the DMZ.  The DMZ may have limited ability to make connections in to certain nodes on the internal LAN.

One of the most important things going on with Network 2 is that hosts on the Internet cannot send uninitiated traffic into the internal LAN.  The DMZ area, commonly called a ’screened subnet’ in this single-firewall setup is protected by the firewall but the firewall does allow administrator configured rules that permit hosts on the Internet to send traffic into the DMZ.  This ability to be ‘touched’ by nodes on the Internet makes this DMZ network segment less trusted than the internal segment (which cannot be reached directly from the Internet).

Network 3: Dual-Firewalls with DMZ LAN segment In-Between

In Network 3 there are two firewalls.  The outer firewall (the one touching the Internet) is the first line of defense and controls the flow of traffic form the Internet into the DMZ as well as the flow of traffic from the internal LAN and the DMZ out to the Internet.  The inner firewall controls the flow of traffic from the DMZ into the internal LAN and it also controls the flow of traffic coming from the internal LAN going to the DMZ and the Internet.  In general, the DMZ nodes may have some limited ability to initiate connections to internal LAN hosts but the Internet will have zero ability to initiate inbound connections to the internal LAN.  This is a more aggressive security posture, offering multiple layers of firewall defense.  It is also slightly more complex in its configuration.

So where should your DNS servers be?  Let’s examine that a bit.

First we need to define the basic intent of DNS.  We know DNS resolves host names to IP addresses (and vice versa if configured) but we can separate that into two different areas:  internal host names and external (public) host names.  Internal nodes need to be able to resolve both internal and external host names.  For example, while at work I need to be able to resolve sql6.itdojo.com (an internal node) to an IP address just as much as I need to be able to resolve www.starwars.com (an external node).  The same may not be true for nodes on the Internet.  Should a node on the Internet be able to resolve sql6.itdojo.com to an IP address?  If yes, you need a DNS server that is reachable to the Internet node.  If you only have a single internal DNS server (like in Network 1) you will need to expose that internal server to the Internet for incoming queries.  This means that anybody on the Internet can resolve any internal host name.  That is generally considered a bad idea.  Rather than exposing your internal DNS server you may opt for Network 2 or Network 3, which have different DNS servers in the DMZ/screened subnet area that are reachable from the Internet while the internal private DNS server is not.  This is a step in the right direction from a security perspective because it prevents Internet nodes from resolving the names of internal hosts (which reside only on the internal DNS).  The only names that can be resolved by nodes on the Internet are the ones you place in the zone file on the DMZ-located DNS server.  This typically only includes the names of the servers in the DMZ/screened subnet.  The challenge with this scenario is in your DNS naming convention.  If both the private DNS server and the DMZ DNS server host the zone file for the same domain (itdojo.com in this example) you will have to duplicate entries on each server (and they may be different addresses if your firewall is NAT-ing between the private LAN and the DMZ/Internet) because primary-zone-file-holding DNS servers won’t forward to a query to another DNS server with the same name (e.g., the server is authoritative for the name space and will not forward requests to another server to resolve its own primary zone queries).  This increases the complexity of administration (but is not the end of the world).

An alternate solution would be to use a completely different name for the internal name space.  If your Internet presence is itdojo.com, consider using a child domain of that name space internally (or a different name altogether); corp.itdojo.com or itdojo.net, for example.  This allows your internal nodes to query for sql6.corp.itdojo.com and get internal resolution while queries for ftp.itdojo.com and still be forwarded to the DMZ-located DNS server.  On the flip-side, an attacker on the Internet can query the DMZ DNS server all day long and only resolve the nodes that have been manually entered by the administrator but will not be able to get queries directly to (or forwarded to) the internal corp.itdojo.com DNS server.  This helps protect against attackers building a list of available nodes in your environment.  And since so many shops have the bad habit of naming their servers after they function they provide this is an important consideration.

The placement of DNS servers is further complicated if you use Active Directory.  Active Directory-Integrated DNS zones are contained in the Active Directory database, not in a separate file or database.  This means that the DNS server will also need to be a domain controller.  Placing a domain controller in the DMZ is punishable by death in most organizations so AD-integrated solutions will have to be exclusively internal.  You are essentially compelled to use an internal DNS/external DNS scheme.  Whether you use different namespaces (itdojo.com vs. itdojo.net) is up to you.  I’ve met people who feel strongly about both ways of doing it.

The simple truth of all this discussion is this:  Hosts on the Internet should never be able to resolve the names of resources on the internal LAN that you have no intentions of ever sharing with the Internet.  It’s not keys-to-the-castle information but it’s a big help to a would-be attacker.  This means it is all but impossible to have Network 1 and expose your internal DNS to the Internet.  With no DMZ or screened subnet your only real alternative is to pay a 3rd party to host your DNS for resolution of Internet available resources (www, ftp, smtp, etc.)  The internal DNS server in Network 1 should never be directly reachable from the Internet.  Realistically, the only nodes that should be resolvable by the DMZ DNS server are the services offered in the DMZ (www, ftp, ssh, smtp, dns, pop3, etc.).  Hosts on the internal LAN should be able to resolve all addresses, inside or out (yes, there are exceptions to this).

If anyone has additonal questions on this topic please email me or ask in the comments and I will address them.

Cheers,

Colin Weaver

As Yoda might say, “Done am I with Vista 64-bit.  Sucks it does.  Mmmm, yes.  Sucks.”

1. Driver support is a catastrophe.  After all this time and with 64-bit rapidly becoming the norm I’m not sure how this is possible …but it is.
2. 64-bit apps are few and far between.  80-90% of apps run in emulation mode (WoW64).  This constrains them to their native 32-bit processing.  Visions of thunking and NTVDM’s come rushing back into my mind…
3. And on that note:  What good is a 64-bit OS that can read a full 4GB of installed RAM when everything is running in emulation mode and limited to 2GB of RAM anyway?  It’s all a joke.
4. Stability?  I’m not a superstitious man by nature but ever since I went 64-bit my bazillion dollar computer locks up for no reason …and it does so often.
5. This is so sad to admit but after 5 months I still can’t print to the main printer at my company.  I have to save files to PDF and email them to someone else in the office with a note that says something to the effect of, “Dude, my computer sucks.  Can you print this for me?”
6. Steam is pretty much broken (e.g. Half-Life, Bioshock, etc.).  Steam crashes every time I launch a game and most of the games I have purchased don’t even show up in the My Games tab.  What good is a computer if you can’t play Half-Life?  Seriously.  Yes, seriously…!
7. I’m harping on the driver thing but in this brave new world of no serial ports on PC’s I need to be able to connect USB-to-Serial adapters to my junk.  Cisco is printing T-shirts that say, “Long Live The Console Port”, and seem to be unwilling to move to a native USB port for console access (at least not for any devices I’ve seen).  I have four USB-to-Serial adapters, each from different vendors.  None work on Vista 64-bit because there is no driver support.
8. More than a few of the wireless cards (USB in particular) don’t work on 64-bit Vista.  My hacking mojo is no-go with 64-bit Vista running a block on my game.  Yeah, it’s the suck.  I know, I know, what kind of noob uses Windows for hacking stuff, right?

If I gave it some more thought I’d remember other things that annoy me about this whole 64-bit Vista thing but I’m done worrying about it.  If you’re thinking of going 64-bit, reconsider.  After I finish this post I’m slicking this rig and going back to cool comfort and relative stability of a 32-bit world.

Cheers,

Colin Weaver

I get a lot of emails from Cisco every week.  A whole lot.  They aren’t spam, really.  It’s just that the frequency with which they arrive in my mailbox makes me think of them as such.  Here is how the subject line of each and every message reads:

End-of-Sale and End-of-Life Announcement for the <Insert Latest Product Being Kicked to the Curb Here>

For example:

Nobody plows through products like Cisco.  They release and kill products faster than a developing fetus churns through cells.  It’s ridiculous, really.  Because I view our industry with a tiny pinch of cynicism I often find myself a teeny bit disenfranchised with Cisco over such things.  Their products tend to cost some noticeable duckets.  And they tend to get EOL’d pretty quickly.  Combining those two truths together means that Cisco is always wanting me to buy new gear before I’ve gotten sufficient ROI (Return on Investment) on what I’ve got.

But that’s part of the business model for Cisco.  The big players, the one’s with really deep pockets, can afford to keep up with Cisco’s shennanigans.  In fact, because the checks getting written aren’t usually having any impact on the paychecks of the people writing them they often don’t care one way or the other.  What’s a hundred grand here or there?  I mean, really?  It’s the smaller businesses that can’t hang.  Dropping $4K on a switch is a major deal for a small business.  Being told that it is end-of-life a year or so after you buy it stings more than just a little bit.  But this is the nature of the business.  Things move on.  Technology develops .  Features evolve.  Stockholders need dividend checks.

Don’t get me even a little bit wrong.  I straight-up LOVE capitalism.  I don’t believe that the big boys should have to play nice to give the little upstarts a chance.  That’s crap.  Crush them if you can.  Because if you don’t, they will crush you.  If I was Cisco, I would crush everyone.  Every Friday my employees would wear shirts to work that read “Cisco” on the front and “Monopoly” on the back.  I’d have custom Monopoly board games made where the objective was for Cisco to dominate the board, crushing all competitors.  Well, that’s the America I want to live in, at least.  It’s better to be the crusher than the crushee, of course.  And it sucks to be you if you find yourself getting smooshed.

I have a word for small businesses who want Cisco gear but don’t want to pay premium prices.  Either get out your checkbook and try to keep up or do what this word implies.  Pick a path and follow it.  I can tell you this because I am a small business.  I know what it is to want the toys of the big boys but have the bank books of an upstart.  I don’t like this word any more than you do.

So what’s the word?  You already know it.  You don’t like to say it.  It’s like buying bo-bo brand sneakers or Sam’s Choice Cola.  It’s buying Hyundai because you can’t afford Mercedes.  It’s like buing Inspiron because you can’t afford XPS.   As much as you don’t want it to this word shouts out to the world, “Hey, I can’t afford it!”

The word:  Linksys.

Cheers,

Colin Waver

I have been noticing a trend in the world of IT and it scares me.  There is a growing tendency for vendors to build functionality into their equipment that forgives the administrators for errors, omissions, misconfigurations and a general lack of knowledge.  The desired result is to increase functionality and make networks more usable (and available) for all.  That’s nice.  Networks that work even when faced with administrators who don’t know all they need to know are a good thing, I suppose.  The thing that gives me the heebie-jeebie’s is that it allows people to be successful despite a lack of knowledge.  Success without effort creates a framework for ineffective personnel when the poop hits the fan for real.  To steal a concept from the principles of adult learning, we’re allowing people to be successful while still at the unconscious incompetent phase of the learning process.  I say we should be accountable for the success of our network as well as its failure.  If you do it right, success is your reward.  If you do it wrong, you have earned your failure.  But nowadays you can do more and more stuff wrong and still be successful.  Your bosses think you’re doing a great job when in reality your gear is obscuring the fact that you don’t know how to administer your way out of the plastic bag covering your head.

Over the next few weeks I will take time to blog about examples that prove my point.  Keep in mind that vendors will call these things “features”.  Here is the first:

Automatic MDI/MDI-X Configuration

Remember when you had to know what kind of cable you needed in order to connect two devices together?  Getting tip (Tx) and ring (Rx) aligned in order to make a good connection required you to know the difference between straight-through and crossover cables.  We could follow the general rule that said connecting dissimilar  devices (PC-to-switch, router-to-switch) was done with a straight-through cable while connecting similar devices (PC-to-PC, switch-to-switch, etc.) required a crossover cable.  The exception to the rule that bonked people in the head on rare occasion was that connecting a PC directly to a router required a crossover cable.  Because they are both only nodes when viewed from the perspective of an ethernet switch they are, in reality, ‘like’ devices and therefore must be connected using a crossover cable.  Fortunately for most, connecting PC’s directly to ethernet ports on routers isn’t a common event.

If you used the wrong cable to connect your devices you didn’t get  a link.  You were accountable for making sure you obtained the correct cable for the job.  Well, Automatic MDI/MDI-X Configuration has put an end to that.  Interfaces equipped with this (ahem!) feature are able to detect the type of cable connected and dynamically switch tip and ring on the interface.  So now you are very much able to use a straight-through cable to join two PC’s together.  You can also use a straight cable on your switch uplinks.  The devices will simply detect your silly cable choice and quietly swap tip and ring to get them right for you.  Your lack of knowledge is absolved.

Do you feel it?  I do.  You can’t see it, you can’t smell it and you can’t taste it but it’s happening: stupidity is creeping up on us… I’m scared.

Next up:  Proxy ARP.  That’s right!  I said it!  Proxy ARP!

There’s something about the smell of popcorn that disrupts the flow of data across 802.11 WLANs.  It’s an interesting phenomenon.  Workers in the office, particularly those who sit close to the break room are finding that there is a direct relationship between the smell of someone making an afternoon popcorn snack and poor/diminished performance of their wireless computers.

We are currently trying to ascertain whether “Movie Theater Butter” popcorn has a greater impact than “Lite” flavors.  The results so far are inconclusive.  Tests are also planned to see if Crunch-N-Munch and other candied popcorn implementations will have a similarly disastrous effect.  We’re hoping that the caramel/butter/popcorn combo produces a synergy that allows for a more effective WLAN disruption mechanism.  We’re optimistic that the exact chemical composition that is disrupting the data flow will be identified.  With a little luck we may be able to weaponize a synthetic formula that allows for pinpoint WLAN DoS attacks by law enforcement and military officials.  Patents are pending.

Wait…..

Seriously?……

Uh…., no.

The symptoms of a network problem can often be misleading and even confusing.  If you don’t have a deep, fundamental understanding how a certain technology works you’ll be hard-pressed to be correct in your diagnosis.  All too common a reality in this day of GUI’s, automated set-up’s and plug & play devices.

Imagine how confused everyone will be when we decide to test the ability of popcorn cooked on the stove (What? You can do that?) to provided similar levels of 802.11 disruption.  They are sure to be baffled by the results.

Sometimes, just sometimes, you just need a new microwave…

I love Twitter.  I’m addicted to it.  I tweet from my laptop all day at work.  I tweet from my desktop PC when I get home at night.  I tweet from my iPhone while I’m at traffic lights, standing in line in the grocery store and waiting in the doctor’s office.  I tweet when I’m in the bathroom and when I’m watching Battlestar Galactica.  So, yeah, I love to tweet.    And that’s saying a lot.  I usually don’t get into any of this social networking stuff.  MySpace is an abomination and Facebook is becoming more and like MySpace every day.  LinkedIn seems to be holding its own as a gathering of professionals but I fear for its long-term viability (fear may not be the right word).

But I’m getting a little irked with the direction I see Twitter going.  A micro-blogging mechanism for friends and people with common interests to send a maximum of 140 characters is what Twitter is all about.  But now, more and more people are starting to follow me that have no interest in me other than getting me to follow them in return.  It’s the expected courtesy; you follow me so I follow you.  It would be rude for me not to reciprocate, right?  But they don’t follow me because they like what I have to say.  They follow me because if they can con me into following them in return they can then begin to spam me with their veiled  (or not so veiled) advertisements.  In the past 24 hours I’ve had several people start to follow me that don’t know me and don’t have any interest in what I tweet about.  The most recent is a guy trying to peddle skateboards and skateboarding gear.  Uh, what was it I said in one of my tweets that made you think that I was interested in your wares?  Poser.

It’s too bad, really.  There is no place to hide from spammers.  There is a fine line between getting people to know what you do and just being a pest.

So today I am coining a new term:  spitter;  a twitter spammer.  I think I’m the first to use it.

Subnetting.  A simple thing that fills many with dread.  The swirl of numbers flying about when discussing subnetted networks can make your head respond in kind.  If subnetting wasn’t challenging enough we have long dealt with this thing, this ’subnet-zero’ thing.  Discussion on the topic (this post included) lingers for some unknown reason.  It vexes me.  I even read a recent post (written about a month ago) that suggested NOT using it was still a viable concept.  At the risk of taunting the author I shall refrain from links to that post.  I can’t tell you how much I disagree with such a statement.  Well, scratch that.  I actually can tell you how much I disagree.  Please enjoy:

First, a review:  What is ‘ip subnet-zero’?

It’s a command you enter into a Cisco router (or L3 switch), actually.  From global configuration mode you have two choices:  ip subnet-zero or no ip subnet-zero.  If you want to use this thing we call subnet zero you enter the former.  If you don’t want to use it, enter the latter.  And I don’t understand you if you don’t want to use it.  Cisco doesn’t either.  They have been telling you for a long time that you should be using it.  The command has been enabled by default since IOS 12.0 which has been out for the better part of a decade.  To stop using it you would have to intentionally go into the router and disable it (e.g. no ip subnet-zero).  And who are you to disable a Cisco default?  Hmmph.  I thought so.

So it’s a command.  Cool.  But what does it actually do?  In simple terms the command controls whether or not the all zeroes and all ones subnets are valid.  Easy enough to say but it’s a little more involved to understand.  Let me explain by way of example.  Here is an example of a simple subnetting problem that uses subnet zero (and yes, I’m assuming you already have a little bit of subnetting skill):

In this example we take the 192.168.44.0/24 network and subnet it by 4 bits,  dividing it into 16 networks.  If we look at the newly created networks a little more closely we will see something interesting.  Using the image below, notice that the first network has all of the subnet bits set to zero.  Also notice that the last network has all of the subnets bits set to one.  We call the network with the subnet bits set to zero the “all zeroes subnet”.  We call the network with the subnet bits set to one the “all one’s subnet”.  Pretty clever names, I know.  Collectively we refer to both of them as subnet-zero.  Yeah, that makes sense?  Deal with the weirdness.

Two things you need to notice:

First:  To the user, the all zeroes subnet looks alamringly like the original network.  The original network was 192.168.44.0/24.  The all zeroes subnet is 192.168.44.0/28.  Does that creep you out?

Second:  The all one’s subnet has a decimal value equal to the subnet mask value in the last octet AND the broadcast address of the all zero’s subnet is 192.168.44.255 which is identical to the broadcast address of the original network (192.168.44.0/24).   How about that?  Feeling spiders crawling up your legs?

What’s my point?

First:  People got confused by the striking similarity between 192.168.44.0/24 and 192.168.44.0/28.  Let me restate that in case you didn’t catch it.  People got confused by… (never mind the rest, it doesn’t matter).  The important word, in case you missed the italics, is PEOPLE.  Computers, routers and other network devices were NEVER confused by the apparent similarity.  To the computer, a device which thinks only in binary, 192.168.44.0/24 is just as similar to 192.168.44.0/28 as 11.12.0.0/14 is.  The difference is plain to see for the computer.  The same can’t be said for the fragile mental stability of the network administrator.  Because people were confused the decision was made long ago to simply throw out the all zeroes subnet.  Just don’t use it.  Problem solved!  Outta’ sight, outta’ mind!  The word lame comes to mind.  How, in this world of IP address space exhaustion, can you even begin to condone throwing away a perfectly good network for the sole purpose of preventing confusion with the network administrators?  Uh, you can’t.  Your network people need to get over it.  Suck it up, use the addresses.  “Waste is a thief!” (my token Fight Club reference)

But wait!  There’s more!

Second:  We didn’t just throw out the all zeroes subnet.  We threw out the all one’s subnet along with it.  The confusion surrounding the decimal value of the last network value being equal to the subnet mask and the hosts having a decimal value greater than the subnet mask combined with the whole, “Hey the broadcast address of the last network is the same as the broadcast address of the original network”, thing caused “they” (whoever they are) to toss out the all one’s subnet, too.  What was that word again?  Oh yeah!  Lame.

The all zeroes subnet and the all ones’ subnet are both perfectly valid networks.  They should be used and are used in environments that are movitvated to squeeze all of the usefulness possible out of the IPv4 address space.  So, if you haven’t been using it you need to get busy doing so.  Have I mentioned that NOT using subnet-zero in IPv6 isn’t going to be an option?  When your ISP gives you a prefix of 2001:ABCD:1234::/48 guess what your first usable network is going to be …2001:ABCD:1234::/64.  How do you like them apples?  Ha!

Colin Weaver

About a year and a half ago I was working on writing a book that forced me to learn that about 16-17% of the Earth’s population had Internet access.  This is a stunningly low percentage of people.  I laugh at myself whenever I get grumpy for not having connectivity every single place I go.  My sense of entitlement to net access is pretty …American?  Regardless, I expect it.  I have to force myself to feel privileged for being in the incredibly small percentage that does have connectivity pretty much everywhere (thank you, mobile phone).

This morning I decided to see how the planet was coming along.  Wow.  What a bump.  According to http://www.internetworldstats.com/stats.htm a little under 22% of the population is now connected.  That shakes out to about 1.46 billion people.  The number of connected people seems to be growing at about 4% per year.  That’s impressive by itself but even more impressive when you consider the fact that the earth’s population is increasing at an insane rate at the same time.

IPv6 was designed with the year 2050 in mind; a time when we expect there to be somewhere around 10 billion people puttering around.  Even with 100% penetration (e.g. everybody on Earth has Internet connectivity) there are still more than enough IP addresses to go around.  And around.  And around.  In fact, with a population of 10 billion thera are 2 billion /48 networks per person.  Each /48 network has 65,536 possible subnets.  Each subnet has 18.4 quintillion possible addresses.  So that’s (2,000,000,000*65,536)*18.4 quintillion addresses per person.  We should be good.

I love about 90% of what Google does.  Microsoft, despite all of its efforts to win me over to their search engines has about a zero percent chance of being successful.  If Google is not your home page I seriously think something is wrong with you.  I think they have medications for such problems.  Having said that Google is not welcome on my desktop (Google Desktop is within the 10% of things that are Colin no-no’s).

On Saturday morning Google-the-mighty had some trouble:  http://www.networkworld.com/news/2009/013109-human-error-caused-google-search.html?fsrc=rss-security

It was brief, a mere blip on the radar.  I was on the web all morning on Saturday and I missed it.  Bummer.  I would like to be part of such moments in time.  Seeing Google have a misstep like that would be a memorable event.  But what I thought was fun was how quickly Google got to the business of blaming a human for the snafu.  As technology becomes more and more automated we, as the consumers of the convenience it brings, need to have a lot of faith in its abililty to not make mistakes that do bad things.  Google is hip to this.  Was the problem really caused by a person?  I guess so.  But even if it wasn’t I suspect that Google would massage the truth to make it look like it was.

I guess we will need to worry when we type a query in that ever-so-simple interface we all know and love and it comes back saying, “I’m sorry, Colin.  I’m afraid I can’t do that.”