Category Archives: Luxembourg

The mysteries of Internet routing

Share

I blogged last year about the willingness of the Luxembourg authorities to enhance the country’s connectivity. I appended a traceroute showing the how a packet moving between two sites geographically distant of less than a kilometer from each other would actually travel through most of Europe. Not only is there no improvement to date, it is actually getting worse. Here is today’s traceroute. It goes is the other direction than last year’s.

traceroute to www.isoc.lu (158.64.14.86), 64 hops max, 40 byte packets
(5 internal hops deleted)

6 147.67.224.2 (147.67.224.2) 8.301 ms 9.866 ms 14.375 ms
7 uu194-7-242-205.unknown.uunet.be (194.7.242.205) 11.214 ms 7.786 ms 8.543 ms
8 uu194-7-242-201.unknown.uunet.be (194.7.242.201) 10.411 ms 8.841 ms 9.023 ms
9 so-3-0-0.xr2.bru2.alter.net (146.188.2.121) 8.792 ms 9.223 ms 9.005 ms
10 so-1-0-0.tr2.bru2.alter.net (146.188.9.153) 11.849 ms 10.144 ms 11.786 ms
11 so-7-1-0.tr1.ams2.alter.net (146.188.15.225) 13.349 ms 12.818 ms 12.397 ms
12 pos1-0.br1.ams3.alter.net (146.188.3.214) 12.849 ms 13.775 ms 12.857 ms
13 pos4-0.core2.amsterdam.level3.net (146.188.67.202) 15.719 ms 12.937 ms 12.696 ms
14 so-4-0-0.mp2.amsterdam1.level3.net (4.68.113.82) 13.680 ms 13.982 ms 12.900 ms
15 ae-1-0.bbr1.frankfurt1.level3.net (212.187.128.30) 23.811 ms as-1-0.bbr2.frankfurt1.level3.net (212.187.128.97) 23.178 ms ae-1-0.bbr1.frankfurt1.level3.net (212.187.128.30) 23.395 ms
16 ae-31-53.ebr1.frankfurt1.level3.net (4.68.118.94) 33.517 ms ae-32-56.ebr2.frankfurt1.level3.net (4.68.118.190) 23.688 ms ae-31-55.ebr1.frankfurt1.level3.net (4.68.118.158) 23.166 ms
17 ae-4-4.car2.milan1.level3.net (4.69.133.137) 32.141 ms 31.910 ms ae-1-100.ebr2.frankfurt1.level3.net (4.69.132.126) 29.827 ms
18 dante.car2.milan1.level3.net (213.242.65.26) 32.716 ms ae-4-4.car2.milan1.level3.net (4.69.133.137) 32.112 ms dante.car2.milan1.level3.net (213.242.65.26) 32.570 ms
19 dante.car2.milan1.level3.net (213.242.65.142) 33.288 ms so-6-3-0.rt1.gen.ch.geant2.net (62.40.112.33) 51.075 ms dante.car2.milan1.level3.net (213.242.65.142) 42.808 ms
20 so-6-3-0.rt1.gen.ch.geant2.net (62.40.112.33) 38.728 ms so-7-2-0.rt1.fra.de.geant2.net (62.40.112.22) 37.665 ms so-6-3-0.rt1.gen.ch.geant2.net (62.40.112.33) 37.290 ms
21 so-1-3-0.rt1.lux.lu.geant2.net (62.40.112.54) 41.656 ms 43.051 ms so-7-2-0.rt1.fra.de.geant2.net (62.40.112.22) 37.016 ms
22 restena-gw.rt1.lux.lu.geant2.net (62.40.124.150) 43.677 ms so-1-3-0.rt1.lux.lu.geant2.net (62.40.112.54) 42.767 ms 42.155 ms
23 gate-2-v33.bce.restena.lu (158.64.16.38) 42.558 ms restena-gw.rt1.lux.lu.geant2.net (62.40.124.150) 48.978 ms gate-2-v33.bce.restena.lu (158.64.16.38) 51.384 ms
24 gate-1-v26.rest.restena.lu (158.64.16.218) 47.132 ms gate-2-v33.bce.restena.lu (158.64.16.38) 44.242 ms gate-1-v26.rest.restena.lu (158.64.16.218) 43.795 ms
25 gate-1-v26.rest.restena.lu (158.64.16.218) 44.614 ms 44.706 ms boaz (158.64.14.86) 43.837 ms !<10>
26 www.isoc.lu (158.64.14.86) 42.866 ms !<10> 42.585 ms !<10> 41.996 ms !<10>

This time we go from Luxembourg to Brussels, Amsterdam, Frankfurt, Milan and Geneva and finally back at home. 15 hops last year. 21 this year.

Much of the blame goes to Verizon, who consistenly declined to peer at the local internet Exchange, citing the fact that the peering vould be very uneven.

Paypal settles European Office in Luxembourg

Share

According to the local press, PayPal has decided to settle its European offices in Luxembourg. To this effect PayPal has been granted a banking license. After Skype and eBay itself, this is the third company from the eBay group to select Luxembourg as its main European office. This is good news for the economy.

This is also good news for the local users. Hopefully, it will soon be possible to transfer money from a PayPal account to a Luxemburgish bank account.   At this very moment, if you select Luxembourg from this web page, you are being told you can transfer funds to a US bank account…

Luxembourg ADSL infrastructure upgraded

Share

At long last, the incumbent operator, P&T, has upgraded its ADSL infrastructure to the ADSL2+ standard. As a result, download speeds now range from 2 to 15 Mbits/s.  This is  most welcome, as  it moves Luxembourg back into the top 30 leading countries with broadband access. The icing on the cake is that this is being done with no additional subscription fees.

Many competing ISPs (Visual Online, Luxembourg Online, Alternet, Tele2)  use the P&T infrastructure. Hence , their offers have been adapted, too. I guess it will only take weeks before the competing infrastructure provider, Cegecom, will offer the same speeds, too.

A few months ago, the Luxembourg chapter of ISOC launched a survey among the Internet users. The main finding was that the users were unhappy with the slowish speed of their “broadband” connection. While I would not dare to say that this report changed the landscape, I think it nevertheless contributed to speed up the deployment of the new DSLAMs.

Luxtrust: which trust ?

Share

Which much fanfare, several public and private partners launched a company called LuxTrust which sells SSL certificates for web sites. Why on earth we need yet another certificate authority is beyond me. I guess this is a matter of national pride. Previously, the Luxembourg Chamber of Commerce sold Globalsign certificates. Globalsign is a Belgian company.

There are still a few glitches, though. As can be seen from this screenshot, LuxTrust still needs the right certificates for themselves. Although they claim their certificates are compatible with 99% of the browsers on the market today, it failed with my browser (Firefox 2.0.x) .

luxtrust1.jpg

And, by the way, if you are a not-for-profit and cannot afford those expensive certificates, get a free one from CACert. If you just need encryption when you do not want people to send their passwords in clear text over the wire, this is just what you need.

The CACert root certificate is installed by default on many Linux distributions, as well as FreeBSD and OpenBSD. For other OSes and browsers, you only need to install their root certificate. This web site, as well as the web site and sub web sites of ISOC Luxembourg use it.

Bankers are “Flashers”

Share

A while ago, I pointed out the very bad decision taken by Dexia-BIL bank in Luxembourg to use a Macromedia Flash applet to defeat phishing attempts. Competition being what it is, the number one bank in Luxembourg, BCEE, could not afford to sit and watch. They just copied the idea.

As was pointed out in the case of Dexia-BIL, the system is very user-unfriendly. However, customer-friendliness does not seem to be part of the equation.

Somehow, banks feel responsible for the fact that their customers are clueless when it comes to Internet e-mail. Rather than educating them, they think it is smart to protect these poor souls against themselves and their naivety. Or it could be the legal department telling the IT guys they have to find a way for the bank not to be held liable in case a customer would sue them if he fell victim of a phising e-mail.

So, again let us remind the banks and their customers how to fight phishing attempts:

  • Use common sense. A reputable bank does not send e-mails asking for personal information they should already have. Actually, a bank does not use e-mail to communicate with customers. They are convinced you are always available to walk to their branch office during office hours, and that you have nothing better to do.
  • Ask your ISP to filter out phising attempts in incoming e-mail messages. The cost is low. Open source tools do a wonderful job at that. MailScanner and Amavis-new do it for free. If your ISP wants to spend a lot of money, there are commercial products, too. If it is unwilling to do that, there is still client-side software. But you should rather move to an ISP which cares about its customers. In the “ISP” acronym, “S” stands for “Service”. If there is no service, vote with your feet.
  • Avoid broken mail clients that display HTML by default.
  • Double check the hyperlink you are clicking on.

And if you are too dumb to do any of the above, avoid accessing your bank account through the Internet and go to the branch office for every transaction. At least, this will give additional work to the clerk behind the desk and maybe he will be able to keep his job, rather than being fired because “customers use the Internet anyway”.