 Live from the JSA Podcast Studio, presenting Data Movers, showcasing the leaders behind the headlines in the telecom and data center infrastructure industry. Hey everybody, welcome to our podcast series, Data Movers. I'm your host, Jamie Scott-O-Kataya, founder and CEO of JSA, along with my very fabulous co-host, Mr. Evan Christel, top B2B social media influencer. Hey Evan. Hey Jamie, hey everyone and welcome back to Data Movers, where we sit down with the most influential men and women of today's leading telecom and data center world, supporting the network infrastructure requirements of this new normal. Jamie, how are you? Good, good. I'm a little tired. I feel like, you know- Have you been moving boxes? I hear there was a move underway. Is that the case? Yes, yes. Absolutely. I would say about 400 boxes. I mean, we were in box city here. Yeah, yeah. And you was box city. I actually moved. And they say moving is among the top three most stressful life situations behind like death and divorce. So it's been completely exhausting. Any moving tips to our audience? Get a marriage counselor on hand. I'm a broadband provider because I've been using one. I won't name and shame them, but I may have to switch to another one as is the big house. And I'm not getting reliable services, which, you know, it's like the lifeblood of working from home now. So speaking of which, we're gonna talk about packets of data and broadband, aren't we? Yes, yes, we are. Absolutely. And I'm so excited. I know I say this every show, but wow, we are so excited here and so honored because today's guest, Stellar. And as you know, guys, here are data movers. We like to dive into background stories, career highs and lows, you know, unique perspectives on the future of our industry. And today I'm really excited to introduce you to Bill Woodcock, the Executive Director of Packet Clearing House. Howdy. Bill, welcome. Thank you. Well, it's great to have you here. And I did some extensive research into your background about 30 seconds ago. So let's dive right in. You have a really impressive history. To start with 29 years as Director of Packet Clearing House, PCH, is that actually possible? Well, it started out as a sort of joint project between internet service providers on the West Coast of the US, which was where half of the internet was at that time. So it was an unincorporated project for some years and then finally incorporated in 2001. And I've been the director since then. We're going to dive really deep. It was one of the people there on the first month or so. Fantastic. And you actually entered the high tech, you know, tech world in computing with the advent of desktop publishing. So working on educating others around electronic pre-printing and electronic media, then getting into the dot com space and the internet backbone world through Zocalo. So give us a snapshot of your career trajectory. It's a little unorthodox. Yeah. Well, you know, in the 80s, the number of people involved in computer networking per se was really, really small because there weren't that many computers and the personal computer was still not a commonplace thing. And so I got into it through desktop publishing. I was working for a publishing company and they, you know, I was doing a pretty menial work as a young person laying out catalogs, a lot of stat cameras and wax and Xactoblades and rulers and stuff. And they got in 1983, Elisa and asked me if this would improve productivity. And it, I won't say it improved productivity, but it made for a substantially cleaner result, a more interesting result for a while. And then, you know, from there, the Macintosh and the laser writer and the lineotronic printer. And at that time computers didn't have enough memory to hold the image of a page in memory and to display it if it had photographs. And so a lot of what you do in publishing involves photographs. And so there was a fairly complicated prepress system in which you would network together, workstation on which you were doing layout, an image setter that would produce the negatives to go to the press and a server that would hold the images. And the compositing of the images together with the text would happen inside the memory of the printer because the printer was, you know, a $30,000 thing instead of a $10,000 thing. And it could have enough memory in it to hold an image of the whole page at once. So to make that work, you had to have a functioning network between the workstation and the server and the printer so that they could all communicate and collaborate on that project. So that was how I got into the networking. And from there in, I think, 88, I went to work at Farrellon, which was a networking company that was doing networking for structured cable systems. So at that time, office buildings had PBXs and private phone exchanges. And there was a EIA, TIA 568, a standard for how to cable up a building. And so we were working on how you run a network across those standard cabling systems that were intended for telephone networks. And Farrellon was one of the two companies that was in parallel working on data switching as opposed to repeating. So switches as opposed to hubs in 89 and 90. And so that was a really, really interesting place to be. And I learned a lot from that. And during that time, I was putting together what became an internet service provider, although at the time, people weren't really thinking of it as internet access. They were thinking of it as, how do I get the email in this building to be able to interoperate with the email in that building? And we had the secret sauce, which was you take the email in one building and dump it out onto the internet and get it back off the internet in the other place with another gateway and dump it into the email there. And businesses couldn't get enough of that. So for a while, we were running, I think nine different protocols on our backbone. And eventually that narrowed down to just IP, just internet protocol as all the Apple Talk and DeckNet and XNS and so forth died away. I love that. That is so amazing. And that sort of gets us into the introduction to packet clearinghouse, right? Or PCH for short. Tell us a little bit about what your company does. What does it mean for global digital businesses and internet users even up to today? Yeah, so in 1992, there was a transition from what I refer to as the communist age of the internet from 1968 to 92, the US Department of Defense paid all the bills and determined who would get how much and it was not legal to buy and sell internet access. You got however much they decided you needed. And it was basically only available to defense contractors and research universities, but more and more academics would get used to having internet access to facilitate their research. And then they'd move out into the private sector, research institutions, biotech, pharmaceuticals, high tech, even film, right? And they'd be very used to having this communications medium and suddenly when they were at school, they would have it and when they were at work, they didn't. And that made for a market for this. And I was fulfilling that need before it was strictly legal as many of us were. And so when Al Gore came along and said, the DOD can't afford to pay for the growth that the private sector wants, why don't we just privatize this and let the private sector run wild. I and a lot of people breathed a huge sigh of relief and went to town with investment and building infrastructure and so forth. And it was a really, really fun time through the 90s, huge amount of infrastructure got built and the internet got brought to most of the world. And a part of that though, was the fact that the first 24 years of the internet had been done in this interesting kind of collaboration between academia and defense. And there was never any thought to how it would pay for itself because the answer to how it paid for itself was you send a bill to the DOD and it got paid, right? That you didn't have to think any further than that about business models or anything. And so when it got switched over to being a for-profit, business-driven institution, there were a lot of core parts of the internet that there was just no business model for and there was no easy path to make them profit centers. So PCH got started to support the parts of the internet that were critical infrastructure yet had no business model around them. So the internet exchange points were bandwidth is produced, the core of the domain name system, the lets you find things and then over time, added to that were regulatory and policy and cybersecurity coordination. So those are the four areas that we work in. And the first of those was exchange points back in 93 and then DNS starting about 95 and regulatory and policy and cybersecurity coordination came in the latter part of the 90s. Wow, fantastic. That was quite a tour de force on the history of networking and the internet. I love the throwback to Al Gore. Al Gore, I know. He lived down the, I helped create the internet reference, but he actually did. It seems like what makes you guys at Packet Clearinghouse so special is you have a mission of bettering the global internet. I believe you're an international NGO, isn't that right? And you guys do guidance and education and best practices, policy. So, why do we need Packet Clearinghouse? What is your sort of mission in today of commercialization and go to market and revenue and big tech and all this stuff that we're inundated by? By analogy, we're like the fire department. Every company needs to be able to do their business without having their own fire truck and firefighters standing by and it's a common everyone needs that. But at the same time, you don't wanna be in a world where when you call the fire department, they say, okay, what's your credit card number? You need that to be a service that is provided for the societal good and is available and is robust and is gonna work and is gonna be timely and quick. Yet at the same time, you don't want it to be hampered by budget constraints and the whims of the market and so forth. So, industry does a great job of supporting us. You know, for the last 20 years, we've had sort of slow, steady growth in terms of our budget, which is entirely provided by donors. About 40 governments and six to 700 internet companies support us each year and the overall budgets a bit over $300 million this year, which again is pretty steady year over year. But what's interesting is unlike a lot of nonprofits, 99% of that is in donations of goods and services. So power, fiber, servers, routers, space, remote hands, air conditioning, right? All the things that we need to operate a global network in 105 countries and 260 data centers around the world is donations from industry. And only a tiny portion of it, only about 3 million a year is cash, which pays the salaries and airplane tickets and insurance and custom things like that. So it's an interesting balancing act, but I think a lot of nonprofits struggle with funding and you talk with donors and the question is how do we know that this money to be spent on the public good? How do we know that this money is gonna go to what we think we're funding? And as long as it's cash, that's always a valid question, but when somebody is donating 10 racks of data center space and they see it fill up and they see that the queries are getting answered, people are happy and there are other customers are eager to interconnect with it. It's very mutually beneficial relationship and they can observe that it's not being used on excessive numbers of events and business class airfare, right? So we have a very supportive relationship with the donors and so I'm in a great relative to the CEOs of most nonprofits, when I can call my major donors and say I need another $50 million worth of stuff this year and they say, sure, seems like good return on investment. How many nonprofits can do that? It's a great position to be in. It is a great position. And when I think about your rich history, Bill, what I love the most too is that you really have this ribbon of advocacy built in as early as 1997, right? You were working to enact the world's first anti-span legislation. And now of course you're known for your work in protecting the public interest through regulation of public resources like IPV4 addresses, access to rights of ways and nonprofits. So the.org top level domain there. What drives your passion on causes like this and how does that translate into the work you do today with PCH? So, you know, our constituents are the internet industry and governments and governments obviously are kind of free to do what they need to do, but, you know, also have a lot of constraints and governance news and so forth. Companies are responsible to their shareholders have to turn a profit. So, you know, I fall back on this kind of firefighter role and there are all kinds of emergencies happening all the time. And many of them are just not ones that any one specific for-profit company or one specific government are in a position to deal with because, you know, the companies have to let their bottom line first. And that's often a very short-term worry and a lot of the emergencies, you know, you talk about emergencies and people think of something that's, you know, like the piano falling on your head right now, but emergencies are more like climate change, right? There's something that is slow and is making everything gradually harder and worse for industry and more expensive and there needs to be a coordinated response to it. And everybody's willing, everybody's happy to support an effort. But, you know, if their first responsibility is to their shareholders in their bottom line, that's where their focus, their attention is gonna be and they need somebody to coordinate those, those sort of bigger longer-term efforts. So, a lot of our work goes to finding the problems that are going to be constraining the internet industry in five years or 10 years and getting response to those up to speed in that time so that problems can be averted even if no one company has the time and attention to do that work in the short term. We kind of serve as a focal point for the little bit of time and energy and a lot of resources that all of these companies have to give to support their long-term future while their primary focus and attention is on their own, the success of their own business. So, you know, we wind up picking issues like spam, which is, of course, absolutely an ongoing problem, but at the same time, could have been a lot worse, right? That could have just made email unusable, but right now email is the primary business tool of most businesses for communication. So, could things be better? Absolutely. And we're working on a lot of parallel efforts to make things better. One of those, Dane authentication of server-to-server communications in email is actually quite successful just over the last couple of years. After, you know, 15 years of trying to tee things up and get things moving, we've gone from, I don't know the numbers offhand, but something like half a percent to something like 20 or 30% adoption globally over just the last couple of years. So, you know, that's starting to look like one of those hockey stick up into the right graphs, and so that's a success. You know, other things like the.org domain, a private equity company tried to do a sort of hostile takeover of the.org domain, which is what all the world's nonprofits are in, right? ICANN is in there. The Red Cross is in there. The United Nations, right, are all part of .org. And they sort of teed this up in this big complicated way that took all of the regulatory controls off the pricing before and also took the sort of rebidding period from three years to 10 years before they made their move such that if they had been successful, they could have charged every nonprofit what the market would bear for their own domain name. They could have gone to the United Nations and said, pay us $50 million a year or we'll give un.org to a porn company, right? And this is just not the kind of blackmail that we want, you know, the world's nonprofits to be subjected to, right? So there are a lot of these kinds of things that come up that we wind up working on. And, you know, it's not do good or ism in the sense of, you know, moral outrage or something. It's looking at an industry that the whole world is dependent on and seeing, you know, what are the blocking factors going to be five or 10 years out? What is looming on the horizon that needs attention that's big picture that nobody else is gonna have time for? And that's really what guides us. Fantastic. Let's switch topics to one of my favorites, DNS domain name servers. Tim Berners Lee, the great inventor of the worldwide web, once called it the Achilles' Heel of the Internet and, you know, emphasized how important it is to treat it responsibly. Explain to our listeners and viewers why, why this age of state actors and cyber crime, cybersecurity is DNS so fundamental and critical to our, you know, use of the internet. Well, before your computer can do anything, whether it's something you intended or something you're even unaware of, the first thing it has to do is it has to figure out where the thing it's gonna talk to is on the internet. And computer to computer, the communication is happening with IP addresses, whether they're IPv4 addresses, the, you know, 255.255.255.255 kind of, they're called dotted quad addresses or the IPv6 addresses, which are much larger and, you know, where things are going in the future. These are our numeric addresses that are very, very difficult for people to remember. And in addition, there's this sort of abstraction layer that allows, you know, www.google.com to resolve to, you know, hundreds or thousands of servers around the world, some of which have different IP addresses from each other. And there's a technique that we developed back in the 90s called anycast that allows you to put the same IP address on many servers in different locations. That was one of the things that first allowed the domain name system scale. So in order to get from those names that people can remember or, you know, things that are embedded in URLs or email addresses to IP addresses, you need to go through this domain name resolution process. And so what that means is your computer has a little, what's called a stub resolver, a little tiny domain name resolver in the operating system and other programs like your web browser and your email will pass a question to it, a query. And that query is gonna be, what's the IP address associated with this name? It will then talk to a recursive resolver and it'll just pass that question on unless it already has the answer because you already asked that question recently and it saved it, it cashed that answer. The recursive resolver in turn is gonna go ask a bunch of different sources to get that answer. So in the case of www.google.com, it's gonna ask the root name servers where to find a .com name server, then it's gonna go to the .com name server to ask them, where is google.com? And that's gonna go to Google's name server and ask where is www.google.com and then it's gonna come back to you with an answer. That saving your computer a huge amount of work, particularly since that recursive resolver has probably already looked up a .com and it may already have looked up google.com and somebody may have already looked up www.google.com in recent memory. So it can just skip all those steps and just give you the answer out of its cash. And that's what makes web browsing quick is when you have a recursive resolver that a lot of people are sharing, which has a cash that's what gets referred to as hot. It's got a lot of recently refreshed answers in it for a lot of questions that people are asking. So where's the problem in all this? The problem is that if malicious actors get into that cash and they put bad data into that cash, a lot of people will get that bad data. Now, what might the bad data be? One of the obvious things is the financial services industry is always kind of vulnerable because, you know, why do you rob banks? Because that's where the money is. Financial services industries have lots and lots of customers who are using a software intermediated process that can be subverted. And it's not that difficult to write a piece of software that will look like the login for a bank and will accept the credentials that you give to it. And then it will use those credentials to log into the bank and it will then be a man in the middle intermediary between you and your bank, seeing everything that you were doing with the credentials needed to authenticate itself to the bank as though it were you. And, you know, typically then wire all the money out of your account to an aggregator account somewhere while showing you a different picture of the world, showing you that all your money is still in your account. And then at some point later, you log in and discover that no, the account is empty. So that's the typical attack path, but you know, it might not be a bank account. It might be your email. It might be that someone wants to get into your email and read all your back email and see what business dealings you've been doing. There are a lot of different kinds of attacks that can be facilitated through the DNS. People say, oh, but what about these certificate authorities and the TLS certificates that are supposed to be protecting web servers? The problem there is that there are hundreds of certificate authorities and, you know, past studies have shown that many of them are controlled by governments that are partisan or, you know, are not aligned with your own interests, controlled by organized crime, controlled by intelligence agencies, a lot of people with a lot of different motives and any one of those organizations can issue a certificate authenticating anybody as anybody. So that's a system that we've known is broken for more than 25 years. And Dane, which I mentioned earlier is the replacement for that system that uses digital certificates or digital signatures to validate certificates within the domain name system. So instead of asking some random company in South Africa, whether, you know, your bank is your bank, you are going to your bank and getting a certificate and then asking your bank whether the signature on their website is correct and you have a chain that you can follow digital signatures all the way down from the route to validate that. And one of the big advances that we've been pushing for for a long time, Apple just started about three weeks ago, started allowing end users to do that cryptographic validation of DNS names inside the stub resolver in their computer. So they're no longer dependent upon the recursive resolver. They no longer have to trust the recursive resolver to do that for them. So that's another example of one of those sort of long-term problems that we've been working on for a long time to try and benefit the whole industry. And, you know, with Apple having done it now, Microsoft will undoubtedly follow suit very, very quickly. Well, that's great news. That's the first time I've heard any type of cyber attacks end in a little bit of a positive spin. So I appreciate that. But let's get to a lighter side of our podcast here where we really, it's, we call it the rapid fire questions. We'll just, you know, tell us the very first thing that comes to mind when we ask you a silly question. So Evan, you want to kick it off? Sure. I don't know how silly this is, but I understand you're a bit of a Franco file. So tell us what's your favorite bistro in France and what makes a good bistro? How do you judge that? Well, I moved to Paris two and a half years ago because my wife took a diplomatic position there and we've moved from one neighborhood to another. And ironically, the first neighborhood we lived in, in the 17th, R&D is small was kind of a food desert. And so you had to go about two blocks in any direction before you could find any food at all, which is really unusual in Paris. And then we went into COVID isolation out in Brittany and had a wonderful, I mean, ironically, a wonderful experience out there with nothing but sheep for neighbors and right by the beach and my daughters were able to go surfing and horseback riding and so forth. Well, a lot of other people were stuck in with all apartments in the city. And then when we came back, we moved to an apartment in the seventh R&D small right in the center of Paris. And so there are a wealth of bistros and restaurants within a block or two radius of where we are right now. My favorite is La Russion, which is a, on the one hand, it's kind of a traditional bistro, but on the other hand, they always have really good innovative specials and food is just a little bit above average. And one of my daughters is allergic to wheat. And so they always have gluten-free things that she can eat and it's right at the end of one of these little pedestrian shopping streets. So you can kind of do your shopping and then get some lunch. No, the waiters are more or less rude than the average in Paris, a little bit, maybe even better. Well, I'm sure not to him. Is his French sound familiar? Yeah, the seventh in the center of Paris, it's pretty touristy. And so any even rudimentary French like I have, they appreciate. And once they've seen you a few times, know that you're not just there for a week. Yes, you do get better service. Well, and here's another fast, fun fact question for you. If you could watch just one movie on repeat for 24 hours straight, not sure why you would do that, but if you were to do that, what would it be? What movie? Solaris, right? Then you only have to watch it once. Yeah, no. I have to confess, I've never actually stayed awake through all of Solaris. It's three or four hours or whatever. Oh, I don't know. I've certainly watched Blade Runner more than 24 hours worth of times. The choice, yes. The old one or the new one, right? The old one, but I do like the new one also. It doesn't try to be a remake. It's an interesting movie in its own right. I remember at a film festival, I saw a Korean movie that was sort of done in the world of Blade Runner, just sort of like that same sort of situation and future just in Seoul rather than Los Angeles. And that was a fascinating movie. Also, Korean film industry produces some wonderful movies. I got to say. DEF CON, last summer, there was a film crew from Columbia University doing a little documentary, running around asking computer hackers what movie most influenced you earlier in your career or whatever. And so we were all kind of sitting around and think, what's the best answer? And then a friend said, until the end of the world, the Vim Vendors movie, and we all realized that was in fact the best answer. And so yeah, there's a lot of good movies, but a few really stand the test of time. What about famous quotes? I like to tweet quotes and quotations. It's a fun discovery process. What's the best quote you've ever heard? Hmm, hmm. I wrote a book while I was in college and I took a pull quote from Darth Vader for the intro. Do not be too proud of this technological terror you have created. Of course, he was referring to the Death Star. I was referring to your enterprise land. Yeah. You know. Del Google, that could be the new motto, don't be evil. And now that one, that would be cool. I love it. Okay, and then on your iPhone or whatever mobile device you may prefer, what's your favorite app? What's most used, I should say? What's most used? I have to think about that. I mean, email certainly is the thing that is mostly keeping me in touch with most other people. I use both Apple messages and Signal. Apple messages used to be a front end to Jabber, which is an open standard for communication. So it just happened to be a really good client for Jabber. So I was really disappointed when Apple went proprietary on their back end there. And there just isn't a good open standard for short messaging now, which is really unfortunate. And I read a lot of books on that. RCS is getting close. It's sort of the anti-Apple RCS messaging, but yeah, I would agree with you there. And honestly, I think we have such a fabulous show. I so appreciate your time and insight. You have such a beautiful way of weaving historical facts and timelines into current trends and then looking out to what the future may hold. It's a wonderful conversation. And we so appreciate your time and energy and insight. Yeah, and thanks so much, by the way, just for the education. I had no idea before this interview that you guys were out there working so long and so tirelessly for the future of the internet. So thanks for what you do. And I encourage everyone listen to support them in whatever small way you can. Absolutely, absolutely. Fun job, I enjoy it. Thank you both very much for having me. Thanks. And guys, if you enjoyed today's Data Movers Podcast, just as much as we did, go ahead and check us out, jsa.net, slash podcast for more Data Movers episodes. We release every other week on Wednesday mornings. And be sure to follow us, tweet at us, at Jay Scott and Evan Kirstel. And as always guys, happy networking.