Google Chrome 68 and the SSL (TLS) Certificate

Google’s new age of Secure Internet is set to take another giant leap forward this coming July with the launch of Chrome 68.

For the past several years, Google has been increasingly advocating the use of HTTPS by gradually introducing not secure warnings to more and more HTTP pages. But soon, with the release of Chrome 68 due out on July 1st, 2018, Chrome will begin marking all HTTP sites that don’t have an SSL Certificate as “Not Secure”.

Chrome is dedicated to making it as easy as possible to set up HTTPS. Mixed content audits are now available to help developers migrate their sites to HTTPS in the latest Node CLI version of Lighthouse, an automated tool for improving web pages. The new audit in Lighthouse helps developers find which resources a site loads using HTTP, and which of those are ready to be upgraded to HTTPS simply by changing the subresource reference to the HTTPS version.

Additionally, Google has been down-ranking sites that have not been secured with an SSL certificate over the course of the last year quietly. They confirmed doing so over a teleconference with Tucows and a number of their resellers, such as us, during a webinar for SSL certificates.

That being said, That Hosting Company has made efforts to provide a free SSL certificate for all Shared and Managed WordPress website services through our systems. We can show you how to implement the free “Let’s Encrypt” SSL certificates to your Dedicated Servers and VPS so that you can be ready for the changeover. From Google’s perspective, there should be absolutely no reason for your site to not be secure. While we do provide you with the initial “Let’s Encrypt” SSL Certificate for free, it is still highly suggested to purchase an SSL Certificate if you wish to do any selling on your website to protect the transaction.

IPv4 availability has officially been depleted in North America

You may have heard this before, but we are really, really running out of public IPv4 addresses.

This week, the regional internet registry responsible for Latin America and the Caribbean, LACNIC, announced it has moved to “phase 3” of its plan to dispense with the remaining network addresses, meaning that only companies that have not received any IPv4 space are eligible. There is no phase 4.

That means LACNIC is down to its last 4,698,112 public IPv4 addresses(although that may increase as it recovers a little bit of space over time). If you are eligible for more addresses, you’re only going to get a maximum /22, or 1,024 addresses at a time.

So guess what LACNIC suggests people do? That’s right: move to IPv6. YOU HEARD US! MOVE TO IPv6 ALREADY! WHADDAYA MEAN IT’S HARD?! JUST DO IT!

LACNIC has been scraping the bottom of the barrel for some time – it warned back in 2014 that it was running out of space. And it was one of the last: APNIC ran out in 2011; RIPE in 2012 and ARIN said it was done in September 2015 – and it had a massive stash (sorry, we were not meant to mention that?).

The only place left with any public IPv4 numbers is Africa – almost entirely thanks to the continent’s massively under-developed internet. Even AFRINIC is warning that time is running out – its initial assessment that it would run out in 2020 has been reduced to 2019 already.

Of course, there are still many who continue to kid themselves that they can manage without the potentially painful shift to IPv6. And then there are those who decide to just do it – Microsoft for example – and are thoroughly depressed when they figure out even they can’t manage it.

Maybe it really is going to take the complete and absolute lack of new IPv4 addresses – even on the black market – to get people moving.

It you want to watch the slow death of available IPv4, all the tools you could wish for are available at ipv4.potaroo.net.

The problem is that IPv4 and IPv6 aren’t entirely compatible. If you’re on an IPv6 network, you can’t browse a site running on a web server that uses only IPv4—such as WIRED’s site—without some sort of compatibility layer in between. Fortunately, Internet service providers have been working hard to update their infrastructure and support both standards.

Curran says Internet providers are doing a good job of the transition so far. In fact, most smart phones are already using IPv6, he says, and most people never notice. Just today Comcast, the largest Internet provider in the US, said its entire network now supports both IPv4 and IPv6.

That was a report from Wired back in 2015. Good thing we already switched over to IPv6 for all of our services because another report released today from the Register  (https://www.theregister.co.uk/2018/04/18/llast_ipv4_address/) explains the following:

You may have heard this one before, but we have now really run out of public IPv4 address blocks.

The Internet Assigned Numbers Authority – the global overseers of network addresses – said it had run out of new addresses to dish out to regional internet registries (RIRs) in 2011. One of those RIRs, the Asia-Pacific Network Information Centre, said it was out of available IPv4 addresses later that year.

Then Europe’s RIR, Réseaux IP Européens aka RIPE, ran dry in September 2012, followed by the Latin America and Caribbean Network Information Centre (LACNIC) in June 2014. Next, the American Registry for Internet Numbers hit an IPv4 drought in September 2015.

Of course, there was running out and then there was actually running out. It wasn’t until February 2017 that LACNIC moved to “phase 3” when only those companies that did not have any IPv4 space were allowed to get any of the remaining addresses – which will only come in /22 bite-size pieces.

But this week, we have really run out. Despite having run out six years ago, RIPE this week has really, really run out. It has allocated its last /8 block – and you can see from this pretty graph – the dark green has run into the ground.

RIPE IPv4

Following that dark green line all the way… into nothingness

Of course, RIPE still has some other addresses. But it’s not like the old days when people would scoff at anything smaller than a /8. From here on out, it’s just crumbs.

But it’s gonna be OK

The good news is that after 20 years of pleading by internet engineers, who are not at all embarrassed by the fact that they developed a new protocol that is incompatible with the old one, everyone has decided to move over to IPv6 and so it doesn’t matter that we have run out of IPv4.

Only kidding. It’s an absolute mess.

The World IPv6 Launch campaign is still determinedly following and promoting the seemingly endless efforts to get people to move to IPv6: just this week it announced “an exciting new entrant” to its measurement stats. Chunghwa Telecom is the Taiwan’s largest telco and has an incredible IPv6 deployment rate of… 21 per cent.

That has now rocketed to, er, 26.3 per cent. That’s a whole percentage point up from six months ago. Which means that all the biggest websites in the world should be IPv6 ready by May 2021.

Despite the objective reality that a move to IPv6 is going to be necessary and it will be increasingly painful not to do so, it appears that human beings are pretty poor at behaving rationally and seem to be waiting it out until they literally have no other option.

ISPs are in denial; governments are looking for the IPv4 dollar signs and criminals are cashing in.

But with the last IPv4 address block now really, really gone, it’s only a matter of… what’s that? AFRINIC has still got some? Let’s go.

Canada and Data Sovereignty for Compliance

Did you know that certain industries are required to retain all their data within Canada due to Data Sovereignty ?

First thing’s first: what does Data Sovereignty mean, exactly? Data sovereignty is the notion that data and digital information is protected by the laws of the country it is physically stored in. For obvious reasons, this issue has become a hot topic for cloud providers and their customers, since businesses and people relying on cloud technology need assurance that their confidential data will stay that way. In order to assure cloud users that their data is in fact protected by data sovereignty laws, providers must maintain absolute transparency with them.

In Canada, as with other countries, providers must abide by specific rules determined by the host government if they want declare their data protected. Early in 2015, the Canadian government polled industry professionals to weigh in on whether the following strategies were viable in preserving data sovereignty¹:

  • All domestic data traffic should be routed exclusively through Canada
  • All databases in which data is stored on servers are located in Canada

There can be no connections between Canadian data centres and third-party data centres located outside Canadian borders, and there can be no available routes of legal entry to the data from an outside source

  • Data must be encrypted and all encryption keys must be held by Canada
  • Canadian data must be physically segregated as part of the design solution

In simpler terms, data must be held exclusively by a Canadian provider, transferred over a Canadian network, and housed in a Canadian data centre.

The inability of these industries to follow new laws added to PIPEDA on Oct 1, 2016 can net a fine of up to Can$10,000 is available on summary conviction, with a fine of up to Can$100,000 available on indictment for any of the following:

Violation of the provisions related to the retention of information subject to an access request.

Retaliating against an employee for:

  • co-operating with the commissioner;
  1. refusing to violate PIPEDA; or
  2. complying in good faith with the legislative requirements.
  • Obstructing the Commissioner in the investigation of a complaint or audit.

The Federal Court can order an organisation to:

  • Correct its practices.
  • Publish a corrective notice.
  • Pay damages to a complainant, including damages for humiliation.

Sources: