« Qualified Names (QNames) don't identify. | Main | IDEA 4 and Ant 1.6 »

Typekey: Grand Central Web

From a performance standpoint, how many times do you get a failure when you ping weblogs.com or blo.gs or even movabletype.org? Blogspot or TypePad users, have any problems accessing your service? Have you all tried to ping two Trackback-enabled TypePad weblog posts with the same entry, and found it has failed? How about you folks that link to Amazon or Google or Sitemeter or blogrolling.com on your pages -- ever notice how slow your page loads? - Shelley Powers

Oh sure, we've noticed. But here's the thing, the web, despite being the the most successful distributed system ever created, is still quite centralized. The centralization revolves around two things.

The domain name: the domain name is the bit between http:// and the next /, (dubyadubyadubya-summink). ICANN is a central body that distributes rights to resell domain names which you can then rent for a limited time. You don't really own your domain name, but you are accorded some rights through renting. [update] Technically the analog is DNS, the domain name system which links IP addresses to domains. DNS is prety neat tech, but it's managed to a large degree in a proprietary fashion which centralizes it to a degree. Some day, those handful of root name servers are going to be taken down and... well you don't want to know.

The server: Classically on the web or any other client-server style network, you connect to a server (another machine) and have the content downloaded to your machine. On the web, that domain name has to resove to an IP address, which means a single computer. If too many people connect that computer will be overloaded. But, the physical toplogy is different. Underneath that wafer thin conceptual layer you and I call the web, there is big technical mojo. It consists of machines that cache pages so you don't always connect to that server you thought you were, load balanced clusters of machines acting as though they are one server, and entire networks of geographically astute server farms called content delivery networks (which are also proprietary). The single stupidest, unmojo part? Probably your browser. Those of us that admire the web tend not to bang on too much about these modern wonders which keep things running - we know it's all a workaround. Instead we like to say that HTTP has caching and scale designed in. The design of the web is what matters. Right? Things degrade with HTTPS. A HTTPS session requires your computer create a stable one time link to another computer making clustering more complicated and eluding caches altogether. Notice that a site like Amazon doesn't put you into a HTTPS session until it has to.

Shelley again:

All of these are dependent on centralized systems, and as we have found in every single instance of centralization and weblogs, they don't scale. Every single instance.

I remember people saying Hotmail would never scale. Then they said Google wouldn't scale (well, I still say that). Making this stuff scale is expensive, but it's doable to a point - yet the web has no really good architectural answer to what most of us call the Slashdot Effect (or in security jargon, distributed denial of service).

I don't like the Typekey solution either; commercially and technically it's inelegant. But until we come up an alternative architectural model or make PKI usable, these models will continue to be proposed. For what it's worth I think Moveable Type with Typkey are ultimately targetting corporates (who tend to be able to live with centrality) using blogs behind the firewall or across firewalls with partners.

[streets: fit but you know it]

March 23, 2004 10:26 AM


(March 23, 2004 01:31 PM #)

Sorry, but you have a wrong understanding of DNS. It is a distributed system. I have an essay on this, but I have to put it back online. Will ping you when I do.

I agree, though, on the commercial aspects of TypeKey. I just don't think we need authentication with weblog comments.

Bill de hra
(March 23, 2004 03:00 PM #)

Right, DNS is a distributed technology. But perhaps my point wasn't clear- its management is centralized to the owners of root servers (the way domain names are handed out ensures this). It's not always enough to have a distributed tech - sometimes you need to seek decentralization.

(March 23, 2004 03:36 PM #)


DNS's management isn't centralized at all. It's possible to add/remove/edit entries without going through the top-level root servers. Like any good decentralized system, you can change the system anywhere and the information propagates through the network along trust lines. Shelley is pretty much right on this. A single, centralized service to handle access and authorization across the entire web is just a dumb idea. Unless you're trying to build your own platform on top of the web ie 'do a Microsoft'.

Bill de hra
(March 23, 2004 03:40 PM #)

So.. in DNS I can have the root name servers removed (cache notwithstanding) and will continue to function?

(March 23, 2004 11:18 PM #)

There was a massive attack against the root servers in 2002, and I looked up a couple of articles associated with it. If we didn't know about this attack because of reporting, very few of us would have even known it happened.


The following is a wonderful article on the attack and the implications:


With this wonderful world of oddball caching and distributed responsiblity, you'd have to sustain an attack most likely for a week before it could really cause any damage. DNS is as perfect a golden door distributed application as could possibly existing, and still have wires interconnected to each other. It's lovely.

So when you say 'root servers removed and still continue to function', yes!

Now, removing TLD's could cause problems sooner -- but then, even the services provided by these are distributed.

Of course if TypeKey could design the same type of infrastructure, and maintain it, I might reconsider on its viability.

Bill de hra
(March 24, 2004 01:42 AM #)

Ok, I struck the DNS stuff for now. But I think the issue still has more to do with name server ownership than any specific attack. Can someone can explain to me how VeriSign can break web code simply by routing hostname failures in the .com and ,net domains to Site Finder (curently suspended). Is that bad code or bad management? I think my point is that some degree, VeriSign and ICANN own the domain name system.

Trackback Pings

TrackBack URL for this entry: