Paul E. Jones' Blog

Click on this link to learn how to pronounce JSON.

Click on this link to learn how to pronounce GIF.

When new innovations come along, inevitably those innovations will be copied. It happens every time in every industry, so it is no surprise to see several new video platforms, social networking platforms, and messaging platforms get created in recent years. What is unfortunate, though, is that I think people are often unaware they exist.

Today, I received a message about "Rumble" being one of the top apps on the Apple app store. How could I not have heard of this platform and it be ranked so high? I know why: I usually have my head down working and I don't get so engaged in many of the new platforms that come along.

That said, there is something refreshing about seeing new platforms emerging and so I decided to spend a few minutes making a list of the new platforms I've discovered in recent months and years. If you know of one I should add to the following list, send me an email (ahem, yeah, I still use email mostly) or a message via Telegram (I'm relatively new to that platform).

Video Platform

• BitChute
• Brighteon
• Daily Motion
• Gab TV
• LBRY
• Odysee
• Rumble
• UGETube
• Vimeo

Social Media

• Gab
• Gettr
• Mastodon
• Minds
• Parler
• WeMe

Messaging

• Discord
• Signal
• SnapChat
• Telegram

Live Streaming

• DLive
• StreamYard

When the new coronavirus (COVID-19) became known to me in early January, I took interest in it since I am married to a woman from China and have family there. My wife and I would talk about it daily. I was tracking the infection rate and getting tips on how to avoid it.

All the while, I was absolutely dumbfounded that the WHO was recommending people not wear masks. Even as late as March 31, 2020, CNN was reporting that the "WHO stands by recommendation to not wear masks". That is absolutely stupid. The WHO was also reporting incorrect death rates. I was looking at the data China was publishing, and I kept seeing far higher death rates. Finally, the WHO reported that the death rate was 3.4%. That was a closer number, but still low. China was clearly tracking over 4% and some other countries are tracking even higher. Spain's death rate stands at over 9% as of this writing. The WHO simply cannot be trusted, so do not listen to them.

Yes, wear a mask! A mask isn't just to prevent you from spreading it to others. That seems to be the new claims from the US CDC, but even that’s misleading. It does help with that, but a mask also helps prevent getting it. The reality is that they are just concerned that you might buy the masks the medial teams need. In fact, they made that a bit clearer in a tweet. The reality is that a surgical mask or an N95 mask is absolutely your best defense if you must be out in public, but any good mask is better than no mask. The best defense, of course, is to not be out in public.

I think everyone has heard many of the recommendations about washing your hands, keeping distance between yourself and others, cleaning anything that enters your home, etc. I have also heard claims that drinking hot liquids will help. I have no evidence to support the claim, but I have seen "fact checking" sites say it does not help. At this point, I do not trust any site that claims anything does or does not work. What I can tell you is that pretty much everyone in China is required to wear a mask in public and at work. Many businesses require employees to drink hot liquids before shifts start. It is either that or gargling hot salt water. Given China's success rate at combating this virus, I put more stock in the common practices there than I do in what "experts" are telling us in the west.

By all means, do not listen to people like this:

The bottom line is this: if it makes sense, even if remotely helpful, do it. Help protect yourself and your loved ones.

Something is seriously wrong in America when a Senator mentions the name Eric Ciaramella, the alleged whistleblower who raised concerns with Adam Schiff that then led to the Impeachment of Donald Trump, and the video from his talk on the Senate floor is removed by YouTube.

Something is very, very wrong.

Microsoft made the dumbest decisions I've ever seen with Windows 10 to simply download updates, install them, and then reboot your machine for you! I've lost work I was doing several times and finally decided to track down a solution.

Here is what seems to be working for me.

1) Run "gpedit.msc".
2) Under "Computer Configuration" -> "Administrative Templates" -> "Windows Components" -> "Windows Update"...
2a) Select "Configure Automatic Updates", select "enabled", select "3 = Download the updates automatically and notify when they are ready to be installed", uncheck "install during automatic maintenance". I also checked "install updates for other MS products", though I'm not sure if this has any effect.
2b) Under "No auto-restart when logged on users for scheduled automatic updates" select "Enabled".
3) Run "gpupdate /force".

This works for Windows 10 Pro. I believe that "Home" versions may not have the ability to manipulate policies, so you just have to live with the crap from Microsoft, I guess.

I posted a blog entry talking about configuring DNSSEC. When I wrote that blog entry, very few registrars actually supported DNSSEC. One of the registrars that I use (Dynadot) did not. Today, though, they do! I was excited to discover that, though I never saw an announcement about it.

I did a little searching via Google and learned that there are actually several registrars that now support DNSSEC! Perhaps people are finally taking security a little more seriously.

I also found another list of registrars that includes, among other things, a clear indicator as to whether the registrar supports DNSSEC or not. This might be useful when you are looking to register or transfer a domain name. For whatever reason, ICANN's list still does not show that Dynadot supports DNSSEC.

For a number of years, users of Bitcoin have expressed a desire to use email addresses as a means of sending Bitcoin payments. The reason is that the typical bitcoin address looks like this: 17XoqvUCrf12H7Vc7c7uDxib8FDMXFx2p6. Trying to accurately convey that string of characters to somebody so they can enter it in manually is error prone. It's far simpler to request them to just send money to an address like paulej@packetizer.com.

Making bitcoin friendlier for the average person involves the use of WebFinger. WebFinger is a very light-weight protocol published by the IETF September 27, 2013 that allows one to map a URI (like an email-type address) to a set of other URIs. As a very simple example, this is a subset of what you get if you query my WebFinger server for paulej@packetizer.com:

$ curl https://packetizer.com/.well-known/webfinger?resource=acct:paulej@packetizer.com

{
  "subject" : "acct:paulej@packetizer.com",
  "aliases" :
  [
    "h323:paulej@packetizer.com"
  ],
  "properties" :
  {
    "http://packetizer.com/ns/name" : "Paul E. Jones",
    "http://packetizer.com/ns/name#zh-CN" : "保罗‧琼斯",
    "http://packetizer.com/ns/activated" : "2000-02-17T03:00:00Z"
  },
  "links" :
  [
    {
      "rel" : "http://webfinger.net/rel/avatar",
      "type" : "image/jpeg",
      "href" : "http://www.packetizer.com/people/paulej/images/paulej.jpg"
    },
    {
      "rel" : "http://webfinger.net/rel/profile-page",
      "type" : "text/html",
      "href" : "http://www.packetizer.com/people/paulej/"
    },
    {
      "rel" : "http://packetizer.com/rel/blog",
      "type" : "text/html",
      "href" : "http://www.packetizer.com/people/paulej/blog/",
      "titles" :
      {
        "en-us" : "Paul E. Jones' Blog"
      }
    },
    {
      "rel" : "http://schemas.google.com/g/2010#updates-from",
      "type" : "application/atom+xml",
      "href" : "http://www.packetizer.com/people/paulej/blog/blog.xml"
    },
    {
      "rel" : "http://bitcoin.org/rel/address",
      "href" : "bitcoin:17XoqvUCrf12H7Vc7c7uDxib8FDMXFx2p6"
    }
  ]
}

What you see in the output is a set of link relation types and links. The last one on the page is a bitcoin address. Bitcoin wallet software could issue a query to my WebFinger server and receive this address and use it. It’s that simple.

What's presently shown in my example is static, but it would not have to be. For example, if I used blockchain.info as my wallet, I might put something like this into WebFinger:

{
  "rel" : "http://bitcoin.org/rel/payments",
  "href" : "bitcoin:17XoqvUCrf12H7Vc7c7uDxib8FDMXFx2p6?
           request=https%3A%2F%2Fblockchain.info%2Fr%3Fid%3Dpaulej"
}

Now, when the user enters my email address, they basically get back a payment API address. I would assume the subsequent query the wallet makes to blockchain.info would contain the actual PaymentRequest message as per BIP70 (versus the static 17XoqvUCrf12H7Vc7c7uDxib8FDMXFx2p6).

To make things even simpler, we just do this:

{
  "rel" : "http://bitcoin.org/rel/payments",
  "href" : "https://secure.packetizer.com/bitcoin_address/?account=paulej"
}

Note that if you do a GET on that URI on my server as of this writing, you get get a bitcoin address. I have not actually implemented BIP70.

None of these procedures have been adopted by the Bitcoin community, yet, but it does highlight simple and secure ways of conveying addresses that are less prone to error and use the familiar e-mail address.

WebFinger is a new IETF protocol that allows one to discover information about people and entities on the Internet. It is a RESTful protocol that returns a JSON object (referred to as a JRD) containing a set of aliases, properties, and links related to a given URI.

WebFinger is not a protocol that scours the Internet looking for information about people. Rather, it is a protocol that enables a requesting entity to retrieve specific information that is publically and purposely shared via a WebFinger server. To give a concrete example, suppose you are a member of a social networking site, wherein you can post your profile picture, publish your contact information (e.g., address, phone number, and email address), and your name. The social networking site probably has privacy mechanisms so that you can mark that information to be shared with only certain people, groups of people, or publically. If the social networking site implements WebFinger, then any information marked as “public” might be available via a WebFinger query.

Now, you might be asking yourself why anyone would care about this. Well, imagine visiting a blog and entering your email address in order to post a comment. If you publish information via WebFinger, it would be possible for that other blog to retrieve that information. So, you would not have to publish a new picture of yourself or re-enter your name. The blog could retrieve it automatically for you, just using your email address. That’s very cool.

Now, while WebFinger can work with any URI, typically clients and servers utilize the “acct” URI (refers to a user’s account) to query for information about a person. For example, my email address is paulej@packetizer.com and my acct URI is acct:paulej@packetizer.com. A blog I might visit would issue a query to the WebFinger server at packetizer.com asking for information about “acct:paulej@packetizer.com”. The response would be the JSON document I described above.

Just to show a simplified example, this is what part of the response message might contain if the server were queried using the “curl” command.

$ curl https://packetizer.com/.well-known/webfinger?resource=acct:paulej@packetizer.com

{
  "subject" : "acct:paulej@packetizer.com",
  "aliases" :
  [
    "h323:paulej@packetizer.com"
  ],
  "properties" :
  {
    "http://packetizer.com/ns/name" : "Paul E. Jones",
    "http://packetizer.com/ns/name#zh-CN" : "保罗‧琼斯",
    "http://packetizer.com/ns/activated" : "2000-02-17T03:00:00Z"
  },
  "links" :
  [
    {
      "rel" : "http://webfinger.net/rel/avatar",
      "type" : "image/jpeg",
      "href" : "http://www.packetizer.com/people/paulej/images/paulej.jpg"
    },
    {
      "rel" : "http://webfinger.net/rel/profile-page",
      "type" : "text/html",
      "href" : "http://www.packetizer.com/people/paulej/"
    },
    {
      "rel" : "http://packetizer.com/rel/blog",
      "type" : "text/html",
      "href" : "http://www.packetizer.com/people/paulej/blog/",
      "titles" :
      {
        "en-us" : "Paul E. Jones' Blog"
      }
    },
    {
      "rel" : "http://schemas.google.com/g/2010#updates-from",
      "type" : "application/atom+xml",
      "href" : "http://www.packetizer.com/people/paulej/blog/blog.xml"
    },
    {
      "rel" : "http://bitcoin.org/rel/address",
      "href" : "bitcoin:17XoqvUCrf12H7Vc7c7uDxib8FDMXFx2p6"
    }
  ]
}

This document has a lot of useful information inside. For example, it provides my name, URLs to my picture, blog, RSS feed for my blog, and my Bitcoin address.

The last example is rather interesting. For those who are not familiar with Bitcoin, it is a relatively new digital currency that is growing in popularity. One of the challenges from a user perspective with Bitcoin is sharing one’s bitcoin address reliably with people. A bitcoin “address” looks like that long string of characters following “bitcoin:” in the example above. Typing that when trying to send somebody money is prone to error. WebFinger makes it much simpler by “discovering” the address using the more familiar e-mail address. So, as Bitcoin software clients are updated to support WebFinger, one would just enter “paulej@packetizer.com” to send money, for example. The software would add the “acct” URI scheme on the front, send the query to the domain, and then look for the bitcoin address(es) returned in the JRD.

WebFinger is already utilized by standards like OpenID Connect, which allows one to log into remote web sites using their account URI. This greatly simplifies the login process and the need to fill out lots of repetitive information when creating new accounts or associating two accounts.

Of course, since WebFinger is still new, it’s quite possible that your service provider does not yet support it. The good news is that it’s very simple to implement and there are already several open source implementations of client and server code.

All of us want to ensure our private information remains private and that data is not leaked onto the Internet. However, some IT departments simply go overboard in trying to secure information.

My wife recently worked for a company that would not allow any external communication by any employee without authorization from their management. Basically, without authorization there was absolutely no Internet access privileges at all. That’s certainly one way to control the leaking of information, though the same IT department had absolutely no means to prevent data from being copied to a flash drive. Thus, the policy must have been in place only to prevent leaking of information by “spyware” software that was unknowingly running behind the scene. That might have helped, but I doubt it. After all, there were many in the company with Internet access.

Her employer and many, many IT departments also practice something that absolutely makes little sense to me: blocking certain outbound ports. Sometimes, an IT department will block outbound UDP ports (all of them or ranges). Other IT departments will block nearly all outbound TCP ports. To what end? Is the intent to try to prevent leaking information to the Internet? If so, that is a pretty pointless exercise, if the IT department leaves port 443 (HTTPS) open. One could copy a company’s entire collection of data files right out through port 443. Further, software designed to steal information will exploit any potential hole. Whether there is a single port open or 65,535 ports open, it makes no difference. One is all that is needed.

Is the reason for blocking certain outbound ports to prevent employees from using certain software programs? If so, why? Is there truly a business reason to prevent use of certain applications, or is the practice just to demonstrate a certain level of control over employees “because we can”?

Since few reasons make little sense to me, I’ve come to conclusion that the practice of blocking outbound ports on a firewall is really something done out of paranoia. There appears to be a widespread fear of the unknown when it comes to the Internet. An expert in networking and hacking can get anything through a firewall if even one port is open, so blocking a bunch of ports if a futile exercise. What blocking ports does is create more frustration for end users and more work for IT departments as they try to figure out what ports to open for applications users want to use. What it really does not do is provide any real security, which is the claimed objective.