in security research and operations, plz send me e-mail.
--
Paul Vixie
i'm trying to keep track of which mailing list is getting scraped by whom, at
least among those who coldcall me. anybody else get one of these today?
re:
---BeginMessage---
Paul,Hi there!I came across your information while doing some research and wanted to contact you. We work with every major
You've also got fast retransmit, New Reno, BIC/CUBIC, as well as host
parameter caching to limit the affect of packet loss on recovery time. I
don't doubt that someone else could do a better job than I did in this
field, but I'd be really curious to know how much of an effect a
intermediary
in http://www.internetevolution.com/author.asp?section_id=499doc_id=150113
larry roberts says:
..., last year a new alternative to using output queues, called flow
management was introduced. This concept finally solves the TCP
unfairness problem and leads to my answer:
network latency.
--
Paul Vixie
://www.onlamp.com/pub/a/bsd/2008/02/26/whats-new-in-freebsd-70.html
i'd read that freebsd 7 also has some tcp auto tuning logic.
--
Paul Vixie
ago. i am
intrigued by the possible drop in total energy cost per delivered kW, though
in practice most datacenters can't get enough utility and backup power to run
at this density. if cooling doors were to take off, we'd see data centers
partitioned off and converted to cubicles.
--
Paul Vixie
Can someone please, pretty please with sugar on top, explain the point
behind high power density?
maybe.
Raw real estate is cheap (basically, nearly free).
not in downtown palo alto. now, you could argue that downtown palo alto
is a silly place for an internet exchange. or you could note
of any computer equipment.
the pressure differential between the pipe and atmospheric isn't
that much. nowhere near steam or hydraulic pressures. if it gave
me ~1500w/SF in a dense urban neighborhood i'd want to learn more.
--
Paul Vixie
integration is good, this could be a great
science fair project for smaller network operators who need big PPS.
--
Paul Vixie
(for cooling) and so that air won't bring grit (which is conductive)?
--
Paul Vixie
Matthew Crocker [EMAIL PROTECTED] wrote:
Seal off the room so you can control your replacement air source. Put a
series of cyclone dust collectors (think huge Dyson Vacuum) on your inbound
air.
http://www.proventilation.com/products/ProductsView.asp?page=1gclid=CKyD04SRqJICFQUilgod-isIRg
,
whereas ambient air with good-enough filtration will let one watt of roof fan
transfer the heat away from five delivered watts, then it's a no-brainer. but
as i said at the outset, i am vexed at the moment by the filtration costs.
--
Paul Vixie
Have you made any calculations if geo-cooling makes sense in your region to
fill in the hottest summer months or is drilling just too expensive for the
return?
i'm too close to san francisco bay.
i'm too close to san francisco bay.
Why is that bad? I thought ground-source HVAC systems worked better if
the ground was saturated with water. Better thermal conductivity than
dry soil.
aside from the corrosive nature of the salt and other minerals, there is an
unbelievable maze of
, a 200K-node botnet would pose no problem. we populate
these tables with a perl script that watches the apache server's logfiles.
--
Paul Vixie
at 100%, as
are input breakers and of course generators.
--
Paul Vixie
some day.)
--
Paul Vixie
/mail.archives/nanog/msg06810.html
to point at.
--
Paul Vixie
://gatekeeper.hpl.hp.com/archive/pub/misc/vixie/ifdefault/
--
Paul Vixie
, and should be avoided, for the good of all.
--
Paul Vixie
, to get ZFS.)
server hardware tends to be supermicro. starting to abandon 3ware/areca RAID
in favour of either JBOD or multiport SATA-II, with ZFS.
--
Paul Vixie
is it next?
--
Paul Vixie
to be, use the switch to reach all
of the other participants, but whenever you had a hot neighbor, get a PNI.
in other words there appeared to be no exchange-based topology, more like
a hybrid exchange and PNI topology.
--
Paul Vixie
in other words there appeared to be no exchange-based topology, more
like a hybrid exchange and PNI topology.
Paul Vixie
It is interesting. Is this the common case for the IXP infrastructure?[1] I
mean the hybrid topology? It seems that it is both directly-connected and
exchange
[EMAIL PROTECTED] (Ben Butler) writes:
...
This hopefully will ensure a relatively protected router that is only
accessible from the edge routers we want and also secured to only accept
filtered announcements for black holing and in consequence enable the
system to be trusted similar to
I was not proposing he Null routing of the attack source in the other
ISPs network but the destination in my network being Null routed as a
destination from your network out.
i explained why this is bad -- it lowers the attacker's costs in what
amounts to an economics war. they can get a web
, ARIN's expenses are mostly unrelated to partying.
--
Paul Vixie
a statement related to address ownership.
--
Paul Vixie
models like the one described as working for NZ
and AU is that it will keep truly worthless flows off the network. finally
there's a reason not to mindlessly share everything with everybody everywhere.
(which is the only part of the equation that free market capitalism can't
otherwise solve.)
--
Paul
(no lies) and gives good performance. so, while i'll
likely continue to run my own recursive resolvers (since it's easy and since
i like the low RTT for transactions having high frequency), it's not because
i'm avoiding lies.
--
Paul Vixie
somewhere probably having fits)
off topic. see http://lists.oarci.net/mailman/listinfo/dns-operations.
--
Paul Vixie
doesn't care
about (and which i think BGP won't do even on its best day.)
--
Paul Vixie
Dr. Larry Roberts, co-founder of the ARPANET and inventor of packet
switching, predicts the Internet is headed for a major crisis in an article
published on the Internet Evolution web site today. Internet traffic is now
growing much more quickly than the rate at which router cost is decreasing,
wessels, april, or florian.
if you're not submitting data yet, i hope you'll decide to do so, and drop me
some e-mail ([EMAIL PROTECTED]) to discuss details.
--
Paul Vixie
this problem that RFC 2136
does not permit the insertion or deletion of authority zones. noting that
the ideal internet you want is within our grasp if we can only define it and
sponsor it, i recommend taking up this thread on [EMAIL PROTECTED] or
[EMAIL PROTECTED]
--
Paul Vixie
the same?
yes.
--
Paul Vixie
in this stew pot together.
--
Paul Vixie
a magic wand and saying something doesn't make it so.)
--
Paul Vixie
This is a proven maneuver and Cogent is not the first to do it.
i guess that without knowing who else these de-peered networks are customers
of, it's hard for an outsider to guess which ratios into cogent's network by
other peers will improve as a result of de-peering these networks. had you
at http://www.e-gerbil.net/cogent-t1r there is a plain text document with
the following HTTP headers:
Date: Fri, 28 Sep 2007 21:56:34 GMT
Server: Apache/2.2.3 (Unix) PHP/5.2.3
Last-Modified: Fri, 28 Sep 2007 19:15:53 GMT
ETag: 92c1e1-a85-43b36ea5bcc40
Randy Epstein [EMAIL PROTECTED] wrote:
Clearly you can see the article was published by T1R in their Daily T1R
report: http://www.t1r.com/
(listed under The Daily T1R Headlines)
If you subscribe to the Daily T1R, you can find Dan's report issued today.
Sorry, T1R.com requires Flash 8 or
.
like anything else. remember, all power tools can kill. that's an argument
for using them correctly, more than it's an argument for living without them.
--
Paul Vixie
Does anyone use spamhaus drop list ?
http://www.spamhaus.org/drop/index.lasso
i do.
I'm glad to listen opinions or experience.
no false positives yet. mostly seems to drop inbound tcp/53.
log all from table(29) to any
add deny log all from any to table(29)
If you do have a process in place, not only for routing but also for
your new customer order process, it is a useful source of information.
agreed.
--
Paul Vixie
of the moderators has a beef with your
provider - look out!
agree.
--
Paul Vixie
.
Even Paul Vixie, the author, will likely agree the RFC has the bug.
i'm only one author, but in any case i ain't sayin', since this is nanog,
and my only purpose in joining this thread is to say enough already! if
you want to know what i think about SRV's . rules, ask me in some forum
where
Your comments have helped.
groovy.
When TCP is designed to readily fail, reliance upon TCP seems questionable.
i caution against being overly cautious about DNS TCP if you're using RFC 1035
section 4.2.2 as your basis for special caution. DNS TCP only competes
directly against other DNS
the resources given a nameserver to TCP connections are tightly
controlled, as described in RFC 1035 4.2.2. so while TCP/53 can become
unreliable during high load, the problems will be felt by initiators not
targets.
The relevant entry in Section 1035 4.2.2 recommends that the server
?
the DNSSEC design seems to distribute pain very fairly.
--
Paul Vixie
is. every
time someone sent me a BIND patch adding this kind of deliberate instability
(see RFC 1794 for an example) i said no.
--
Paul Vixie
of a name server's resources.
...but this is flat out wrong, dead wrong, no way to candy coat it, wrong.
--
Paul Vixie
... but a TCP connection will consume a
significant amount of a name server's resources.
...wrong.
Wanting to understand this comment, ...
the resources given a nameserver to TCP connections are tightly controlled,
as described in RFC 1035 4.2.2. so while TCP/53 can become unreliable
seems i've been ignoring it for two years. sorry about that. all the
mail i had on this topic has been processed. check your entries. i'm
in the mood for more updates if anybody's got anything. note that CCCP
died and i replaced it with an entry for SFCCP, don't know if that's
correct. i'd
of there.
2mW/floor seemed like a lot at the time. ~6kW/rack wasn't contemplated.
(is it time to build out the land adjacent to 200 paul, then?)
--
Paul Vixie
america, whenever i had a choice,
i chose hitec. (which spins with an axis parallel to gravity.)
--
Paul Vixie
+redundancy gear. which had passed testing during
construction and subsequently, but eventually some component just wore out.
--
Paul Vixie
http://slashdot.org/article.pl?sid=07/07/12/1236231
http://www.thelocal.se/7869/20070712/
two replies here. i ([EMAIL PROTECTED]) said:
quagga ospf6d works great, and currently lacks only a health check API.
Donald Stahl [EMAIL PROTECTED] answered:
Health checks are unfortunately the most important aspect of a LB for some
people.
understood.
Can you elaborate on where you
It depends on the length of those TCP sockets. If you were load-balancing
the increasingly common video-over-http, it would be very unacceptable.
yes. i believe i said that my preferred approach works really well with UDP
and marginally well with current WWW. video over http is an example of
As with all things, the trick is to weigh the risk of disaster against the
probability of benefit and do whatever makes sense within your own
particular constraints.
is nobody using a host based solution to this? that is, are times when HA LB
is needed for TCP (like video over http) also
check API.
--
Paul Vixie
valid business reasons.
i wish that the community had the means to do revenue sharing with such
folks. carrying someone else's TE routes is a global cost for a point
benefit.
--
Paul Vixie
it working.
--
Paul Vixie
for this class of networks.
i don't think you can use route-views as a poster child for filtering having
been gotten right.
--
Paul Vixie
critical infrastructure to use a /48, then f-root's
operator will comply. if the RIR community changes its mind, then f-root's
operator will comply with that, too.
--
Paul Vixie
namespace than we do now,
and the coca cola company would probably see far fewer hits at COKE.COM
than they see now.
whether drc's idea is bad depends on what one thinks the internet is.
--
Paul Vixie
a brew (or more) in your honor as I consider this a significant
| contribution to the march of civilization.
|
| -W Sanders
| http://wsanders.net
+---
in general, we ought to be willing to implement almost anything if free beer
is going to be offered by non-criminal beneficiaries.
--
Paul Vixie
That should read:
I have an internal datacenter. I need someone to come out and build
out a cage for me.
[EMAIL PROTECTED] has been known to take on that kind of project.
--
Paul Vixie
[EMAIL PROTECTED] (William Allen Simpson) writes:
Heads up on operational problem!
i block all gmail, too, and it causes me no operational problem at all.
--
Paul Vixie
since somebody made the mistake of cc'ing me, i actually saw this message even
though i long ago killed-by-thread the offtopic noise it's part of. hereis:
What's weird is that they don't just return a 0-record NOERROR when you
do the follow-up A query, which would be the most logical
And who, exactly, gets to tell IANA/ICANN how to do its job??
As far as I can tell, pretty much everyone on the planet... :-)
but you never LISTEN! :-)
, and where abuse policy, economics, morality, bots,
web, e-mail, ftp, firewalls, uucp, and bitnet are considered irrelevant and
off-topic? i did my time in the messaging salt mines. i'm ready to graduate.
--
Paul Vixie
that permitted automated
lookups for the purpose of abuse reporting would be good, then in the ARIN
region, http://www.arin.net/policy/irpep.html says how you can suggest such.
--
Paul Vixie
71.6.213.96
--
Paul Vixie
From: [EMAIL PROTECTED] (Dave Rand)
...
We are not fighting technology. We are dealing with very well organized,
smart, and well-funded people.
We need to focus on solutions that we can deploy, which will address the
problems at hand, as we discover them. That means we will deploy
From: Dave Crocker [EMAIL PROTECTED]
To: Paul Vixie [EMAIL PROTECTED], nanog@merit.edu, Gadi Evron [EMAIL
PROTECTED]
Subject: Re: On-going Internet Emergency and Domain Names
offlist.
actually, not, according to the headers shown above.
Paul Vixie wrote:
a push-pull. first, advance
with *that*.
(but this is not the first time I've been irritated that I can't choose which
other humans to share the galaxy with and which ones I'd like to kick out.)
--
Paul Vixie
building the infrastructure of evil. if that's what
you meant by swamp-draining, then i apologize for misunderstanding you.
--
Paul Vixie
...
Back to reality and 2007:
In this case, we speak of a problem with DNS, not sendmail, and not bind.
As to blacklisting, it's not my favorite solution but rather a limited
alternative I also saw you mention on occasion. What alternatives do you
offer which we can use today?
on any
since malware isn't breaking dns, and since dns not a vector per se,
the idea of changing dns in any way to try to control malware
strikes me as a way to get dns to be broken in more places more
often.
Well, once more people learn about DLV (especially the NS override
extension that
at the other end, authority servers which means registries and registrars
ought, as you've oft said, be more responsible about ripping down domains
used by bad people. whether phish, malware, whatever. what we need is
some kind of public shaming mechanism, a registrar wall of sheep if
by blackholing its domain names? if
so then i've got some phone calls to make.
--
Paul Vixie
[EMAIL PROTECTED] (Dorn Hetzel) writes:
I preferred the darkness of PAIX back in the late 90's. We had a
christmas tree in our cage and it looked great in the dark :)
that was brian reid's idea, and it was a great one, and equinix-san-jose
was merely copying paix (where al and jay had just
during the two
decades that the internet existed before the web came along. the web is
an internet application, and the dns is part of the internet, not part of
the web. the rest of the article is equally horrific in its maltreatment
and ignorance of facts.
--
Paul Vixie
[EMAIL PROTECTED] (Geo.) writes:
Multicast isn't going to help the phoneco atm network. ...
nothing can help, or for that matter save, the phoneco atm network.
--
Paul Vixie
plausible given recent events.)
--
Paul Vixie
(i'm guessing kc will be on the phone soon, to get from them their data?)
...
A recent report from Deloitte said 2007 could be the year the internet
approaches capacity, with demand outstripping supply. It predicted bottlenecks
in some of the net's backbones as the amount of data overwhelms the
-Chris, still-waiting-for-the-rapture, wrote as follows:
(or did I miss the hue and cry on nanog-l about full pipes and no more fiber
to push traffic over? wasn't there in fact a hue and cry about a 1) fiber
glut, 2) only 4% of all fiber actually lit?)
:-). however, you did seem to miss the
Has anyone considered that perhaps google is not looking at beating
Microsoft but instead at beating TIVO, ABC, CBS, Warner Cable, etc?
sure, but...
You can't possibly believe that there is enough bandwidth to stream
HD video to everyone, that's just not going to happen any time soon.
[EMAIL PROTECTED] (Sean Donelan) writes:
... don't believe everything you read on the net.
you had me right up until that last part, which is completely unreasonable.
--
Paul Vixie
... don't believe everything you read on the net.
you had me right up until that last part, which is completely unreasonable.
I think it's not only reasonable, but is the only sane way to approach
content on the net. Why do you feel it's unreasonable? Or are you being
sarcastic?
-multicast-00 is what i
expect. note: i've drunk that koolaid am helping on the distribution side.
--
Paul Vixie
(this must be my week for past-sins pennance related to RBL's.)
today someone whose e-mail was blocked when they tried to send it to an att
customer, asked the authors of RFC 2317 to please unblock their address. as
the only such author whose e-mail address hasn't changed since RFC publication
there; vs (b) hack up a BIND server so that it can
return a positive answer 1% of the time (chosen randomly).
--
Paul Vixie
and macros and e-lisp functions now. i just don't like the idea
of bouncing the stuff outright, since a lot of the senders will never guess
what went wrong. (i also appreciate the extra spam, for robot-training use.)
it's only a dozen messages a day, on average, and thus: idealism isn't dead.
--
Paul
that part of the inbound processing robotics, and i've
removed your /24 from the list.
--
Paul Vixie
getting people to fix their systems and stop querying the dead zone.
right you are. it sort of goes against my personal grain to cause folks'
mail to bounce when their only offense against the community is not reading
the qmail man page and understanding the what the defaults are.
--
Paul Vixie
bear with me, this appears to be about DNS but it's actually about e-mail.
maps.vix.com has been gone since 1999 or so. mail-abuse.org is the new thing.
i've tried just about everything to get traffic toward the old domain name to
stop... right now there's a DNAME but it made no real
... the effect of causing the subscribers to reconfigure their mailers to
stop querying the now-dead RBL in question. what's the current thinking
on this?
one problem with this is that the pain is not felt by the misconfigured
folk, but by distant innocents.
i am one of those who
1 - 100 of 738 matches
Mail list logo