Archive for March, 2011

Moonshooting Jabber

Tuesday, March 15th, 2011 by hartmans

Last fall, Moonshot was steaming forward. We ran into some non-technical obstacles and progress on the implementation was disturbingly quite from the end of October through February. That changed: the code was released February 25.

Since then, the project has picked up the momentum of last fall. There’s a new developers corner with helpful links for participating in the project, obtaining the code, and preparing for our upcoming Second Moonshot Meeting. Standards work in the ABFAB working group has been making steady progress the entire time.

The jabber chat room has been quite active. Developers have been working in three time zones. Whenever In get up there’s likely to be interesting progress awaiting me and new things to work on in the chat logs. Today was no exception. Luke moonshooted jabber. This is exciting: it’s the first tim our code has been used to authenticate some real application instead of a test service. Other discussion from the chat room not reflected in e-mail is equally exciting. He has Moonshot working with OpenSSH in controlled environments. It appears to require some updates to the OpenSSH GSS-API support.

Now is a really great time to get involved in Moonshot. We hope to see you on our lists and in our chat.

With last night’s news, we need to think towards eating our own dogfood and using Moonshot to authenticate to our own Jabber server and to authenticate to our repository for commits. Right now, there are some security issues with the code (lack of EAP channel binding) that might make that undesirable. However in a very small number of weeks or months I expect we will be there!

V6 Really is that Hard

Tuesday, March 8th, 2011 by hartmans

Sometimes I begin to think that we’ve solved most of the challenges to IPv6 deployment. Then something happens.

This time it was a DAP-1522 access-point. Not a NAT, not a router, just a layer 2 device. A while after deploying the device, I noticed that sometimes mail failed to work. After attempting to debug the problem was that the device wasn’t getting an IPv6 address. The router appeared to be sending out advertizments. Other machines on the same subnet were working fine.

This laptop had associated with the new access point. The default configuration helpfully includes IGMP snooping. The IGMP snooping detected that no one subscribed to any IPv4 multicast group corresponding to the router advertizements and thus didn’t forward them to the wireless link.

We have a long way to go if layer 2 devices sold today are incompatible with v6 in their default configurations.