Traceroute to provides amusing results

For network geeks, this is rather amusing… someone was obviously a bit bored some day and had a bit of fun! This was what it looked like on my Mac right now. (Hat tip to Michele Neylon for first pointing this out to me in some social media channel.)

$ traceroute
traceroute to (, 64 hops max, 52 byte packets
1 (  0.663 ms  0.537 ms  0.277 ms
2 (  34.913 ms  30.602 ms  28.762 ms
3 (  28.827 ms  30.120 ms  21.132 ms
4 (  19.262 ms  22.382 ms  19.438 ms
5 (  30.941 ms  32.204 ms  36.969 ms
6 (  48.409 ms (  45.363 ms  46.521 ms
7 (  44.828 ms  46.147 ms  46.715 ms
8 (  46.134 ms (  44.569 ms  45.409 ms
9 (  102.968 ms  101.157 ms  99.935 ms
10 (  99.752 ms  102.249 ms  100.301 ms
11 (  98.776 ms  97.968 ms  98.756 ms
12 (  97.956 ms  95.644 ms  96.459 ms
13  * * *
14 (  96.024 ms  96.826 ms  97.406 ms
15 (  87.981 ms  97.264 ms  86.158 ms
16 (  89.937 ms  86.768 ms  87.949 ms
17 (  88.073 ms  87.895 ms  86.609 ms
18 (  93.351 ms  92.933 ms  90.876 ms
19 (  115.629 ms  96.391 ms  96.864 ms
20 (  101.257 ms  102.472 ms  102.213 ms
21  he.rides.across.the.nation (  108.059 ms  107.064 ms  108.290 ms
22  the.thoroughbred.of.sin (  111.206 ms  110.611 ms  109.944 ms
23 (  116.866 ms  117.842 ms  115.659 ms
24 (  120.375 ms  123.519 ms  121.631 ms
25  it.needs.evaluation (  127.377 ms  126.769 ms  127.779 ms
26 (  132.761 ms  132.705 ms  131.315 ms
27  a.heinous.crime (  136.769 ms  136.045 ms  137.322 ms
28 (  141.842 ms  141.447 ms  148.635 ms
29 (  146.332 ms  147.854 ms  146.570 ms
30 (  149.928 ms  150.487 ms  152.083 ms
31 (  157.190 ms  156.693 ms  155.737 ms
32 (  160.201 ms  161.399 ms  159.623 ms
33  he-s.bad (  166.007 ms  165.738 ms  165.244 ms
34  the.evil.league.of.evil (  171.012 ms  170.984 ms  172.062 ms
35 (  176.041 ms  174.358 ms  176.463 ms
36 (  181.276 ms  178.815 ms  180.667 ms
37 (  188.481 ms  185.823 ms  188.627 ms
38 (  194.008 ms  189.161 ms  193.114 ms
39 (  198.708 ms  195.870 ms  195.894 ms
40  o_o (  200.037 ms  200.691 ms  201.280 ms
41  you-re.saddled.up (  207.748 ms  206.896 ms  205.608 ms
42 (  211.288 ms  219.062 ms  212.026 ms
43  it-s.hi-ho.silver (  216.961 ms  218.367 ms  216.492 ms
44 (  214.262 ms  218.125 ms  215.096 ms

Firewalls Now Looking At Intercepting SSH Traffic Via A MITM Attack

conexion manual ssh

Can you trust Secure Shell (SSH) when you are behind certain firewalls? That’s the question raised by a post from a friend of mine:

Lies, Damn Lies, and Inspecting SSH Traffic Securely

It seems that because ssh can be used for tunneling services and application traffic several firewall vendors are now implementing “SSH inspection” services that essentially perform a Man-in-The-Middle (MITM) attack on your ssh connection.

When you go to ssh into a server, the firewall pretends it is that server and creates a ssh tunnel with you. The firewall then creates the actual ssh connection to the server and passes your packets from the first tunnel into the second tunnel – while being able to log or inspect the packets in between the two tunnels.

Now, of course with ssh you go through an initial handshake when you first connect to a server that results in the server’s public key being added to your list of known hosts.

If you connect to a server for the first time BEFORE being behind one of these firewalls doing SSH inspection, you would already have the correct public key of the server in your known hosts file. What would happen when the firewall tried to do a MITM is that you would be asked to approve the public key of the server again. (Because you are actually now approving the public key of the firewall.)

You would have to realize that this was wrong and stop your connection!

If you proceeded ahead with the connection and approving the public key, you would now have the firewall as a MITM.

If you connect to a server for the first time AFTER being behind one of these firewalls, well… I’m not sure what you can do. You’re going to see a public key to approve, but it would be from the firewall! You’d have to somehow learn the correct public key of the target server to be able to match it to the fingerprint you are being shown.

I don’t know how well that will work.

The good news for me personally is that I’m not behind these kind of firewalls in my regular networks – although I don’t honestly know what my Internet service providers are using. They could be doing these kind of things.

I don’t consider this a good thing that firewalls are now doing this. We need to trust the security of services like SSH. This decreases overall trust.

Photo credit: El Taller del Bit on Flickr

Congrats to FreeBSD On Their $1 Million Donation

FreeBSD Foundation logoWow! Many congratulations to the folks at the FreeBSD Foundation for receiving a generous $1 million donation from Jan Koum, CEO and Co-Founder of WhatsApp.

And of course many, MANY thanks to Jan Koum for giving back in this way!  As he states in his Facebook post (reprinted in that link above), the FreeBSD operating system helped him get started in his career and got him to where he is today.  This is a wonderful recognition of the power of open source operating systems – and it is wonderful that Jan Koum made this donation.

While most of the UNIX-related work in my life has been focused around Linux versus FreeBSD, I’ve used FreeBSD on a number of projects and found it quite good.  From a strategic point of view, I’m glad to see this donation to the FreeBSD Foundation to help advance its own plans.  Much of the world’s attention to “open source” matters focuses around Linux – and Linux receives the majority of corporate support and donations. But the Internet thrives on diversity and it is great to have a strong set of operating systems out there.  This donation is good for the health of the overall Internet and the open source ecosystem.

Kudos to Jan Koum for making this donation now that he has risen to such a successful point in his life where he can make a donation like this.  I hope he will inspire others who are in such situations to do so as well!

Tracking The Shellshock BASH Vulnerability – News, Tools and Links

shellshockWith all the attention today to the Shellshock vulnerability, I need a place to keep track of it for my own purposes.  If this page or list helps anyone else, that’s great, but this is primarily a tool for me to capture what’s going on.  I intend to be updating it regularly while this is all happening.  Suggestions are of course welcome in comments.

Note that I have links here to discussion threads on Hacker News.  The comment threads are often fully of incredibly useful information.

Security Advisories

Testing Tools

News about actual exploits

News about the Shellshock vulnerability in general

Can You Please Help The Ottawa Linux Symposium?

Ols logoIf you have ever used the Linux operating system, could you please help out the Ottawa Linux Symposium (OLS)? For many years OLS has been one of the key events that has helped bring together people from all across the Linux community, and the connections made at OLS have helped to make the Linux operating system that much more powerful and useful. But… as organizer Andrew Hutton recounts on the OLS Indiegogo page, the event has fallen in a bit of a financial crunch and it is now not clear if there will be an OLS in 2015… or ever again.

Could you spare $10? $25? or even $50 or $100? (Or more?)

If so, please help fund OLS on the IndieGogo page!

I first attended OLS back in the early 2000s when I was living right there in Ottawa and working for first a startup called e-smith and then subsequently Mitel Networks. In looking at my list of presentations I can see that I spoke there several times… and the topics I covered take me back to a much different time:

  • 2004 OLS – Tutorial: Introduction to OpenPGP, GnuPG and the Web of Trust
  • 2002 OLS – Tutorial – Single Source Publishing Using DocBook XML
  • 2001 OLS – Maximizing Your Use of CVS

I still remember OLS as the incredibly passionate place where people connected…. and where I made so many connections and learned an amazing amount about Linux.

If OLS was ever important to you… or if Linux has been important to you… please consider donating to help the OLS organization get out of its financial hole and get moving ahead in future years. Organizer Andrew Hutton has poured his heart and soul – and personal money – into making OLS the incredible event it has been… now it would be great if we all can help him! Please consider donating!

Here are a few other viewpoints on the importance of OLS:

Please do donate if you can! THANK YOU!

Code.DanYork.Com Now Back Available Over IPv6

worldIPv6launch-256pxAfter a Reddit thread started up that briefly referenced a 2011 post I wrote about adding IPv6 to Node.js apps, I was contacted by a Redditor who was surprised that my site wasn’t available over IPv6!


I was surprised, too, because this site is hosted on a dual-stack server at Hurricane Electric and has been accessible over IPv6 since June 7, 2011, right before the World IPv6 Day event.

But in checking into it… there was no AAAA record in DNS for “” that would point to the server, so the report was indeed accurate. For regular users this site was not available over IPv6.

It turned out to be one of those system administration issues that can bite you.  A month or two ago, TypePad, the provider I still use for my personal site, experienced a severe DDoS attack that took many sites offline.  They recovered but in doing so changed the way that sites were referenced a bit.  I had to switch to using a CNAME instead of an IP address as I had been doing.  The problem there is that due to the “no CNAME at zone apex” rule of DNS, I could no longer use just “” – I would have to switch to using “”.

The episode highlighted to me, though, the need to be sure I have “Test over IPv6” in my list of things to check after making any major changes to any of my sites!

I didn’t want to switch and so I moved the DNS for “” over to CloudFlare to make use of their “CNAME Flattening” so that I could still use “”.

However, in moving the DNS info from my previous DNS hosting provider to CloudFlare, I messed up.  I didn’t bring across the AAAA record for  Also, very bizarrely, I didn’t have the “Automatic IPv6” setting enabled for – even though it is now supposed to be on by default for all new domains.

So the fix was simple – I added the AAAA record for, and I also flipped the switch on the Automatic IPv6 gateway.  Now both and are fully available over IPv6.

ACM: Python Now The Most Popular Intro Language At Top US Universities

pythonlogo.jpgAs a long-time fan of the python language, I was intrigued by this post on the ACM’s blog: “Python is Now the Most Popular Introductory Teaching Language at Top U.S. Universities“. The post begins with a summary:

At the time of writing (July 2014), Python is currently the most popular language for teaching introductory computer science courses at top-ranked U.S. departments.

Specifically, eight of the top 10 CS departments (80%), and 27 of the top 39 (69%), teach Python in introductory CS0 or CS1 courses.

… and then goes into greater detail.  Of course, the moment you publish one of these “XXXXXX language is the most popular programming language” type of posts, you immediately get reflexive reactions from programmers who favor all the other languages out there…  and this Hacker News thread with 357 comments (so far) shows exactly that, with people either supporting the idea or ripping apart the article’s methodology and explaining why the author is wrong, wrong, wrong… :-)

The programming language wars will always continue.  In the meantime, though, as someone who likes the python language, I’m pleased to see the uptake at universities around the U.S.  (and, as noted in the HN thread, by other universities around the world, too).

The Intersection of Github… and Babylon 5?

Lurkers guide to Babylon 5Back in the 1990’s I was a huge fan of the show “Babylon 5” for a great number of reasons. It remains, to this day, one of the best series I’ve ever watched on TV and I greatly admire the creator/writer, J. Michael Straczynski, for the narrative arc he used over the five year run of the series as well as the overall “universe” he created.

One of the web sites that those of us who enjoyed Babylon 5 frequently used was “The Lurker’s Guide to Babylon 5“. The pages there helped in the understanding of how all the pieces fit together and frequently offered glimpses of what was coming ahead. It was a great tool and reference source.

Today a Google search brought me back to that site although I hadn’t been there in years. And in visiting I learned that as of this past December the entire source for the website is now available on Github at:

It’s very cool that site creator Steven Grimm has made his site publicly available via Github. As he notes, others can now fork the code, send him updates via pull requests, etc.

It is also a great example of how I’ve told people that Github, and git in general, can be used for so much more than simply “source code” and that you don’t need to be a programmer to use it.

Plus… if you wander through some of the pages, like this one, it’s kind of fun to see references to how we used to get our information: “Stay caught up with the Usenet B5 discussions, which are often a great source of material.:-)

Cool stuff!


Fun Tool To Learn More About Git Branching And Merging

Want to learn more about how to work with branches in git? Confused about what “git rebase” does? By way of a post on Google+ I learned about this great tutorial site at:

Learn git branching

You can step through a whole series of guided lessons (type “levels”) that walk you through all different aspects of using git – or you can type “sandbox” and go into a private area to play. All from the comfort of your own web browser.

More information (and the source code) can be found on Github at There is a neat aspect of this where people can (and I guess have) contribute additional tutorial levels.

Very cool tool!

Use Google+? Join the Github and Git Communities

Github community on Google+Are you a Google+ use who is also interested in the git version control system and the Github hosting service?  If so, there are two of the new “communities” in Google+ that you may find of interest:

In the short time communities have been around on Google+, I’ve already found both of these communities to have very useful information and links in them related to Git and Github.  Well worth checking out and joining if you are a regular Google+ user.

And if you are a Google+ user, why not connect with me there?

P.S. We can also connect on Github.