Re: opportunistic email encryption by the MTA (not MUA)

[Brian J. Murrell]

On Fri, 2021-01-15 at 10:26 -0500, Bryan Fields wrote:
> 
> It's still stored unencrypted on the server, and the admin can see
> all.

This is true.  I was just referring to transit leakage.

> If
> you want it secure, you have to run gpg and encrypt the body.

Again, true.

Cheers,
b.



signature.asc
Description: This is a digitally signed message part

Re: opportunistic email encryption by the MTA (not MUA)

[Brian J. Murrell]

On Fri, 2021-01-15 at 03:33 -0800, Randy Bush wrote:
> email from a friend who uses protonmail as their MTA suddenly started
> to
> be opportunistically encrypted with pgp; i.e. the sender's MUA did
> nothing to cause the encryption.  i believe this started when i
> provided
> my pgp public key over WKD [0].

Interesting.  When I read the subject though, I have to admit that I
was hoping your e-mail was going to be about REQUIRETLS/RFC8689.

It's a real pity that there appears to be no real-world
use/implementation of RFC8689.

I think in practice the old adage that "e-mail is insecure" is becoming
untrue, by a significant amount, I suspect, due to the prevalence of
STARTTLS.

The problem with STARTTLS of course is that it is opportunistic only
and with no way for the sender to indicate that a message MUST use TLS
or not be delivered at all.

I routinely send things by e-mail that, while they are not the
combination to the big safe at Fort Knox, they are not something I
would staple to utility poles.

When doing such I will typically look up the MXes for the recipient and
test their SMTP port for STARTTLS to see if the mail will at least ride
the wires with TLS.

It would be so much easier to have a checkbox in my MUA to do this
though.  :-)

All of that said, thanks for the pointer to WKD.  I didn't know about
that.

Use of it at the MTA level is interesting.

Cheers,
b.



signature.asc
Description: This is a digitally signed message part

Re: netflix proxy/unblocker false detection

[Brian J. Murrell]

On Fri, 2020-06-26 at 12:45 -0500, Mike Hammett wrote:
> I believe they're only blocking the HE v6 prefixes used for the VPN
> service. 

I don't use any VPN service of HE but I still get errors from Netflix
when my client chooses my HE tunnel prefix as it's source.

Or I guess I should say I was, the last time I tried and have since
rejected Netflix's IPv6 hosts when the source address is the HE tunnel,
so force clients to choose a different source address.

Cheers,
b.



signature.asc
Description: This is a digitally signed message part

Re: netflix proxy/unblocker false detection

[Brian J. Murrell]

On Thu, 2020-06-25 at 17:32 -0500, Mike Hammett wrote:
> IPv6? 

I realize this list is for network operators, but as a user, when your
ISP doesn't provide IPv6, this is not possible.  Even with
tunnelbrokers like HE as they are blocked at Netflix.  I have to put
rules in my firewall to force the clients in my network to use the non-
HE addresses.

Cheers,
b.



signature.asc
Description: This is a digitally signed message part

Re: Abuse Desks

[Brian J. Murrell]

On Wed, 2020-04-29 at 09:50 -0700, Stephen Satchell wrote:
> 
> As I build up my new 
> firewall, I'll turn off public SSH access completely, and instead use
> a 
> robust VPN implementation.  (Which has its own issues.)

How does that solve the problem at hand in any way?

The abuse/probing just moves from ssh to your VPN service and you are
back to all of the same problems/arguments.

Cheers,
b.



signature.asc
Description: This is a digitally signed message part

Re: Phishing and telemarketing telephone calls

[Brian J. Murrell]

On Sat, 2020-04-25 at 11:23 -0600, Anne P. Mitchell, Esq. wrote:
> 
> Well, while we are already engaged in the thread, some of you may be
> interested to know (especially if you find yourself with time on your
> hands these days), that you *can* actually get money from these
> scum.  In fact, it turns out that they cave pretty easily because
> they *know* they are violating the law, and they *know* what the
> penalties are.  

This is awesome!

Not being a lawyer, I have no idea, but how effectively could a non-US-
resident (i.e. somebody who lives in Canada) apply this?  Do the laws
being violated still count if they are to a non US-resident?  Does not
being a US resident weaken the leverage you have over these scum?  I.e.
wouldn't they be more likely to ignore a non-US-resident on the
assumption that such a person is not likely going to bring suit?

Cheers,
b.

Re: xplornet contact or any experience with their satellite service?

[Brian J. Murrell]

On Tue, 2020-04-21 at 18:54 +, Mel Beckman wrote:
> It’s not really oversold bandwidth. It’s just that the turnaround
> time for a bolus of data is too long for two-way video conferencing
> to be smooth or reliable. It’s like video conferencing using post
> cards :)

Except that videoconferencing is just the victim of the problem, and
the problem is bursty bandwidth not latency.  In fact, the back-and-
forth of conversation is actually surprisingly decent for satellite. 
Not as much "talking over" as I would have suspected.

But put the victim application aside, the real data is in the iperf3
results I posted, demonstrating how bursty the throughput is.  The
problem with that of course is that the "lowest" bandwidth "valleys"
becomes the "constant bandwidth" that the codec uses rather than the
average -- which of course cannot be used for real-time VC.

Cheers,
b.



signature.asc
Description: This is a digitally signed message part

Re: xplornet contact or any experience with their satellite service?

[Brian J. Murrell]

On Tue, 2020-04-21 at 11:11 -0700, Sabri Berisha wrote:
> Hi,

Hi,

> Where I worked, phy transmissions are scheduled based on tokens. A UT
> must have a token to transmit data. If there is no congestion, a
> token will be available and the UT or ground station may transmit.
> Congestion does not need to exist in the ground network or even the
> transponder. It can even be in the spectrum of that geographical
> area. 

Interesting.  So basically as Mel said, over-sold network.  :-(

> To overcome the latency,

Latency (AFAIU) is not really his primary issue.  it's the lack of
consistency in bandwidth.  Periods of a second or two even where there
is no transmission of anything at all followed by a second or two of
transmission bursting even beyond his subscribed "rate".  This effects
his subscribed rate but in a really bad way for real-time traffic such
as live/two-way video.  He'd much, much more rather get a consistent
pipe at his prescribed rate rather than an average of it over longer
periods of time because then the codec would not have be encoding for
those super bad periods of time where there are 1-2 seconds of no
bandwidth at all.

> Satellite is obviously not the optimal medium for video conferencing,

Indeed.

> but I would recommend that your friend tries to ratelimit their
> transmissions.

He doesn't need to.  The over-congested network is doing that for him. 
:-(  In any case, I don't know that he has any way to put a rate limit
on the tools he is using.

> The reason why your latency is higher than you expect,

It actually isn't.  It's nowhere near as high as I had come to
(anecdotally -- I'd never had reason to do the math on the latency
before now) believe it would be.

Fortunately he might be a candidate for Xplornet (or others') WISP
services.  Hopefully they are a bit more stable.

Cheers,
b.



signature.asc
Description: This is a digitally signed message part

xplornet contact or any experience with their satellite service?

[Brian J. Murrell]

A friend of mine just recently got Xplornet satellite service at his
rural home.  I'm well aware of the latency issues with satellite
although frankly his latency is much better than I had feared it would
be and is around 600-700ms.

But what seems to be worse than the latency is the "burstiness" of the
traffic and I am just wondering if that is normal/expected for
satellite service in general, and/or expected from Xplornet's service,
or if what I am seeing is not expected at all (i.e. not an artifact of
the satellite signal but rather a network management issue).

Here's iperf3 for 30 seconds sending data (i.e. upload speed):

[ ID] Interval   Transfer Bitrate
[  5]   0.00-1.21   sec  12.9 KBytes  87.4 Kbits/sec  
[  5]   1.21-2.00   sec  6.47 KBytes  67.2 Kbits/sec  
[  5]   2.00-3.00   sec  22.0 KBytes   180 Kbits/sec  
[  5]   3.00-4.00   sec  41.4 KBytes   339 Kbits/sec  
[  5]   4.00-5.00   sec  41.4 KBytes   339 Kbits/sec  
[  5]   5.00-6.00   sec  55.6 KBytes   456 Kbits/sec  
[  5]   6.00-7.00   sec  69.9 KBytes   572 Kbits/sec  
[  5]   7.00-8.00   sec  89.3 KBytes   731 Kbits/sec  
[  5]   8.00-9.00   sec   120 KBytes   986 Kbits/sec  
[  5]   9.00-10.00  sec  86.7 KBytes   710 Kbits/sec  
[  5]  10.00-11.00  sec   133 KBytes  1.09 Mbits/sec  
[  5]  11.00-12.00  sec   184 KBytes  1.51 Mbits/sec  
[  5]  12.00-13.00  sec   186 KBytes  1.53 Mbits/sec  
[  5]  13.00-14.00  sec   159 KBytes  1.30 Mbits/sec  
[  5]  14.00-15.00  sec  0.00 Bytes  0.00 bits/sec  
[  5]  15.00-16.00  sec  0.00 Bytes  0.00 bits/sec  
[  5]  16.00-17.00  sec  93.2 KBytes   763 Kbits/sec  
[  5]  17.00-18.00  sec   264 KBytes  2.16 Mbits/sec  
[  5]  18.00-19.00  sec   124 KBytes  1.02 Mbits/sec  
[  5]  19.00-20.00  sec   157 KBytes  1.28 Mbits/sec  
[  5]  20.00-21.00  sec   120 KBytes   986 Kbits/sec  
[  5]  21.00-22.00  sec  86.7 KBytes   710 Kbits/sec  
[  5]  22.00-23.00  sec   369 KBytes  3.02 Mbits/sec  
[  5]  23.00-24.00  sec   197 KBytes  1.61 Mbits/sec  
[  5]  24.00-25.00  sec  90.6 KBytes   741 Kbits/sec  
[  5]  25.00-26.00  sec   193 KBytes  1.58 Mbits/sec  
[  5]  26.00-27.00  sec   192 KBytes  1.57 Mbits/sec  
[  5]  27.00-28.00  sec   189 KBytes  1.55 Mbits/sec  
[  5]  28.00-29.00  sec   193 KBytes  1.58 Mbits/sec  
[  5]  29.00-30.00  sec   179 KBytes  1.46 Mbits/sec  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval   Transfer Bitrate Retr
[  5]   0.00-32.20  sec  4.41 MBytes  1.15 Mbits/sec  388 sender
[  5]   0.00-30.00  sec  3.57 MBytes   998 Kbits/sec  receiver

which averaged the overall prescribed "upload" speed, but notice that
it's not 1Mb/s in any kind of a steady stream but rather bursts of
higher than 1Mb/s speed followed by low/no speed.  At one point it was
2 seconds with no transfer at all even.

and here's receiving (i.e. "download"):

[ ID] Interval   Transfer Bitrate Retr  Cwnd
[  5]   0.00-1.35   sec  46.6 KBytes   283 Kbits/sec0   12.9 KBytes   
[  5]   1.35-2.00   sec  0.00 Bytes  0.00 bits/sec0   12.9 KBytes   
[  5]   2.00-3.00   sec  67.3 KBytes   551 Kbits/sec0   37.5 KBytes   
[  5]   3.00-4.00   sec  46.6 KBytes   382 Kbits/sec0   40.1 KBytes   
[  5]   4.00-5.00   sec   105 KBytes   858 Kbits/sec0   44.0 KBytes   
[  5]   5.00-6.00   sec  88.0 KBytes   721 Kbits/sec0   54.3 KBytes   
[  5]   6.00-7.00   sec   141 KBytes  1.16 Mbits/sec0   69.9 KBytes   
[  5]   7.00-8.00   sec   124 KBytes  1.02 Mbits/sec0101 KBytes   
[  5]   8.00-9.00   sec   186 KBytes  1.53 Mbits/sec0146 KBytes   
[  5]   9.00-10.00  sec   248 KBytes  2.04 Mbits/sec0206 KBytes   
[  5]  10.00-11.00  sec   311 KBytes  2.54 Mbits/sec0257 KBytes   
[  5]  11.00-12.00  sec  0.00 Bytes  0.00 bits/sec   43194 KBytes   
[  5]  12.00-13.00  sec  0.00 Bytes  0.00 bits/sec   75199 KBytes   
[  5]  13.00-14.00  sec   435 KBytes  3.56 Mbits/sec0199 KBytes   
[  5]  14.00-15.00  sec  0.00 Bytes  0.00 bits/sec   34114 KBytes   
[  5]  15.00-16.00  sec  0.00 Bytes  0.00 bits/sec   34140 KBytes   
[  5]  16.00-17.00  sec   373 KBytes  3.05 Mbits/sec0149 KBytes   
[  5]  17.00-18.00  sec  0.00 Bytes  0.00 bits/sec0162 KBytes   
[  5]  18.00-19.00  sec   373 KBytes  3.05 Mbits/sec0168 KBytes   
[  5]  19.00-20.00  sec  0.00 Bytes  0.00 bits/sec0171 KBytes   
[  

Re: Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls

[Brian J. Murrell]

On Fri, 2020-03-06 at 18:37 -0500, b...@theworld.com wrote:
> 
> Why don't they just ask the phone companies who are billing these
> robocallers who they are and we can arrest them.

Exactly.

I have always maintained that if my phone number were one of those
"premium" numbers (1-976 -- maybe I am dating myself but you know what
I mean -- where calls to it were billed at $5/min), I am sure that my
telco (the one providing me the premium number on my the phone line
that runs into my location) would always know exactly who to send the
bill to for every call that called my number, including robocallers[1].

So, if my telco can bill the callers for those premium calls, they
surely know who they are, or at least know where they are sending the
bill and getting payment from.

But who are we kidding?  The telcos have been making money hand over
fist with robocalls and are not really all that motivated to dry up
that revenue stream.  Regulation (as much as I hate it in general) is
the only solution.

Making the allowing of robocalls more expensive than preventing them is
the only solution.  Whether that is through fines as a result of
regulation or otherwise.

Cheers,
b.

[1] I remember hearing a story of a guy, in the UK I think, that got a
premium number and then printed business cards with it on it and then
ran around a trade show handing out the cards.  That seems kind of
shady, but the idea of getting a premium number and having it
criminally sold to telemarketers, phishers and scammers makes me giddy.

Re: QUIC traffic throttled on AT residential

[Brian J. Murrell]

On Wed, 2020-02-19 at 13:54 -0600, Blake Hudson wrote:
> 
> Isn't this exactly why Net Neutrality is a thing:

Isn't it a "dead" thing in the USofA?

> So that people (or 
> companies) are free to develop new applications or enhance existing
> ones 
> without running into a quagmire of different policies implemented by
> any 
> number of different networks between the application developer and
> the 
> application's users?

Yes, this is a very prominent reason for Net Neutrality.  Too bad the
FCC killed that out from under the people and companies that would
utilize it to develop new applications.

Cheers,
b.



signature.asc
Description: This is a digitally signed message part

Re: FCC proposes $10 Million fine for spoofed robocalls

[Brian J. Murrell]

On Sat, 2020-01-04 at 16:32 +0200, Max Tulyev wrote:
> 
> Also, we implemented immediate answer and voice menu option, it says 
> "Welcome, press ... to reach ...!" and circles. So me (as the telco 
> operator) receive the money for call termination, and real customer
> do 
> not get a spam call. Looks like captcha in the Internet!

Ha!  As discussed earlier in this thread, I have implemented the same
thing.  But I am just a single end-user, not a telco.  It's so
incredibly effective that I have wondered often if any telcos had
actually implemented such a thing for their customers, even as an
option, or even a paid service.

I have also wondered though how ineffective it might become with wide
deployment effectively upping the ante in the arms race.  The captcha
would have to get more difficult.  "Enter the result of 1+3 to
reach...".  I wonder how many real people that would trip up though
with "WTF?".  Lots would probably try to press 1 and then 3, etc.

Cheers,
b.



signature.asc
Description: This is a digitally signed message part

Re: 5G roadblock: labor

[Brian J. Murrell]

On Mon, 2019-12-30 at 16:52 -0800, Sabri Berisha wrote:
> 
> Who needs more than 640Kb of memory?
> 
> We don't know what the future holds. This is an interesting read,
> featuring 5g to perform a "hologram" phone call:
> https://www.bbc.com/news/business-45009458

While I appreciate that this is just "an example" of why I might need
more than "640Kb of memory" (or more pertinently, more than just a few
MBits/s of phone bandwidth), it's not a realistic/relevant example.

Holographic phone calls?  I barely ever use even video calling of any
sort.  The "picture" portion of the call almost always adds zero value
-- helping my mom load paper in her printer using Duo to actually see
and navigate the physical restrictions of her printer from 300KM away,
aside.

But really, these are still all just weak excuses (and to be clear, not
reasons) for why we "need more" of what is already sufficient. 
Consumerism as it's worst[1].

I'm not saying that maybe one day we won't need 25Mb/s to a hand-held
device, but hologram telephone calling, Netflixing and even video
calling, are not the use-cases, IMHO.

To head way O/T:
[1] I chuckled a this article:
https://www.businessinsider.com/google-chromecast-cheap-streaming-device-older-tvs-2019-12

Any TV which you can plug a Chromecast into, which is by any definition
a TV with HDMI, which is by just about any definition any "flat screen"
TV is not "old", IMHO.  Call me an old fuddy-duddy but an "old" TV is
that 13" B/W with 13 (was it?) VHF channels that my parents used to
have in the living room.

The very idea that any flat-screen/HDMI TV is "old" is just more
evidence of the rampant replace-anything-older-than-two-years-old
consumerism that grips North American society and is filling our (or
third-world countries') landfills.  North Americans need to learn to be
happy with what they have and buy (and pay for) the kind of quality
that lasts (i.e. press-board furniture need not apply).

b.


signature.asc
Description: This is a digitally signed message part

Re: 5G roadblock: labor

[Brian J. Murrell]

On Mon, 2019-12-30 at 09:50 -0500, Shane Ronan wrote:
> 
> Also, keep in mind that 10 years ago, you didn't know you would want
> or
> need 25mbits to your phone,

Who needs 25mbits to their phone?

> but I'd bet that now you'd have a hard time
> living without it.

I already live without it (by a long shot) and am not sure what I'd do
with it if I had it except rack up huge overage bills a week into the
month.  Well, not really but that's because I honestly have no use for
that kind of speed to my phone.  What am I supposed to do with that? 
Go to the park and watch Netflix in 4K on my 2K phone screen?

The irony of such speeds in North America (Canada in particular) are
ludicrous usage limits that we have and how quickly we'd use up our
minuscule data alottemnt with such speeds.  But then again, overage
fees are what are paying the bills over at the mobile companies.

b.

> 
> On Mon, Dec 30, 2019, 9:24 AM Matt Hoppes <
> mattli...@rivervalleyinternet.net>
> wrote:
> 
> > We saw this with Femtocells. Why build the network when the end
> > user will
> > build it with their broadband connection?
> > 
> > With 5G - if I need fiber to the pole already and the pole has to
> > be
> > within. Few hundred feet of the end user, why not just deploy fiber
> > to the
> > home?
> > Do I really need a gigabit per second on my mobile device?



signature.asc
Description: This is a digitally signed message part

Re: FCC proposes $10 Million fine for spoofed robocalls

[Brian J. Murrell]

On Thu, 2019-12-19 at 11:02 -0800, William Herrin wrote:
> 
> I call your phone number.
> Your phone company compares my number against your whitelist. Ring
> through on match.
> If no match, "You have reached Name. Press 2 to leave a message.
> Press
> 3 to enter your code. Press 0 or stay on the line for an operator."
> Ring through on a valid code.
> If 0, the call connects to a call center where a live operator
> evaluates the call. Who am I? Why am I calling? Do I meet the
> plain-English criteria you've established for calls to allow through?
> If no, the operator offers to connect me to your voicemail. If yes,
> the operator dials you, explains who's calling and asks your
> permission to connect the call.

It really doesn't (currently at least -- until robocallers start using
voice recognition to defeat my system) need to be this complicated or
over-engineered.  A simple audio captcha works wonders.

   Hello.  If you are a telemarketer, press 1.  If you want to speak to
   somebody at this number, press 5.

Anyone pressing 1 gets their caller-id added to my blacklist and is
asked to add our number to their do not call list.  In reality all
telemarketers use robocallers so they don't even get that far.

Anyone pressing 5 rings through (with additional processing described
below).

But that's it.  That has blocked 100% of robocalling from actually
ringing the phones in our house for the last few years.

I couple the captch greeting system with a whiltelist (i.e. only
callers not on the whitelist get the above prompt -- callers on the
whitelist ring through directly with no greeting).  One gets on the
whitelist because (a) I add them explicitly, (b) their number was
called from our house phones (i.e. the PBX automatically adds all
outgoing numbers to the whitelist) (c) they pressed 5 at the prompt.

The result of that last one (c) is that people only ever hear that
prompt once and if they press 5, they never hear it again.  Unless of
course I remove them from the whitelist.  That has never had to be done
to the best of my recollection.

Of course I cannot know how many legitimate (robo)calls have not made
it through the gauntlet, but I also have not had anyone complain about
not being able to reach me.  I figure if it's really important, some
human from wherever the failed legitimate robocall is coming from will
eventually get in touch with me.

I do also get notified when a (i.e. a robo)caller doesn't choose either
1 or 5 and have noticed the very odd robocall that I would have liked
to have received (very few and far between -- maybe 1 or 2 a year), and
add them to the whitelist which works well since failed robocalls
typically get retried so I get it the next time around.

One might argue that having to deal with the notification on each
failed robocall washes out the value of the system, but I would argue
that reading a text message about a failed robocall, when I feel like
reading it, is a more than fair trade-off for not having to interrupt
what I am doing to answer the phone and get frustrated at another
phishing/scam/etc. attempt, and it gives me peace of mind that I will
catch (the very very few) failed robocalls that I did want.

b.


signature.asc
Description: This is a digitally signed message part

Re: Disney+ Streaming

[Brian J. Murrell]

On Thu, 2019-11-28 at 10:50 -0800, Owen DeLong wrote:
> While I agree about the likely outcome, I will point out that
> consumers have been
> begging for unbundling for years.

This is not the "unbundling" that consumers have been begging for. 
Rather I would submit that it's actually quite the opposite and much
more like the bundling that they have been railing against.

The "unbundling" that consumers have been begging for is minimally, the
ability to buy a single channel for a fair price and not have to take
14 other channels of *garbage* with it at 15x the cost one of those
channels.  I say minimally because I suspect that the really savvy
consumers would actually rather even pay (again, at a fair price) per
show or episode.

But that's not what's happening with this fragmentation.  This
fragmentation is like the cable company splitting up that "once price
for all" bundle and putting the pieces into other bundles, each at the
same cost as that original "all in one" bundle that the consumers were
originally happy with and saw as fair value.  Of course now to continue
to getting those pieces of the original bundle that they were happy
with, consumers are having to buy multiples of these new bundles and
their costs are driving up sharply accordingly.

> This fragmentation of streaming services _IS_ the direct result of
> that request.

I would submit that that is completely untrue.  Do you really think
Disney pulled out of Netflix and started their own service because
consumers wanted Disney to unbundle from Netflix?  I would suggest that
that is completely not why.  Rather, Disney was not happy to have just
a piece of the Netflix pie, and decided, as greedy as they are, that
they would sell their own pies and take the fully monthly subscription
price.

> It’s unbundled service, exactly what they have been asking for.

Again.  No.  Not at all.  Not even close.  Quite the opposite in fact.

The problem with suggesting that this is unbundling is that the cost of
Netflix didn't reduce when Disney pulled out and Disney (I would bet, I
haven't actually looked at it's cost) isn't charging the faction of the
Netflix cost that would be commensurate with their percentage of the
entire Netflix library.

So there has been no "unbundling" of any sort.  Rather it's been an
exercise of actually creating a new bundling.  And I still predict that
once the reality of this sets in with consumers, they are going to
reject it and head back to that low (zero) cost means of obtaining
their media that they used when they were unhappy with the previous
generation of bundling.

b.



signature.asc
Description: This is a digitally signed message part

Re: Disney+ Streaming

[Brian J. Murrell]

On Tue, 2019-11-12 at 15:32 -0800, Matthew Petach wrote:
> My point was that Disney has a lock on much of the content kids love.

Which was, until Disney+, on Netflix.

https://www.theverge.com/2012/12/4/3727688/netflix-streaming-rights-new-disney-marvel-pixar-movies

> Netflix/HBO/AmazonPrime, not so much.

The above article (and the number of kids in my life with their
eyeballs constantly glued to TV screens) says otherwise.

> So, the new eyeballs aren't going to be from parents watching
> different
> shows, it'll be from parents watching their adult-ish stuff, while
> the kids
> are happily ensconced with Disney+.

But those little eyeballs aren't new.  They have already been watching
as much streaming as their parents would allow -- unrestricted in
probably too many cases.

> I called out Game of Thrones and Good Omens as shows that are popular
> with
> adults but that aren't terribly family friendly, so you won't be
> getting
> many 12-and-unders watching them.

No, instead they were already watching the ass-barn-load of kids
content that is on the existing streaming services.

b.



signature.asc
Description: This is a digitally signed message part

Re: Disney+ Streaming

[Brian J. Murrell]

On Tue, 2019-11-12 at 12:53 -0800, Matthew Petach wrote:
> Different target audiences.

That are already satisfied with existing services, so no new target
audiences.

> Now the parents can be watching "Good Omens" or "Game of Thrones" on
> Netflix while the kids are streaming "The Lion King" on Disney+
> streaming.

But they could watch lots of (Disney even) content on Netflix already. 
So I still don't see an increase in consumption just because of
Disney+.

> Instead of the whole family watching one show together, now we have
> segmentation in the marketplace.

Disney+ doesn't change "whole family watching one show together" (or
not -- because individuals watching their own streams is already
possible) model from the current model.

Cheers,
b



signature.asc
Description: This is a digitally signed message part

Re: Disney+ Streaming

[Brian J. Murrell]

On Wed, 2019-11-13 at 08:17 +1100, Mark Andrews wrote:
> 
> People can really only watch one thing at a time.

This is my thought also.

> Net streaming of the last mile
> is unlikely to change much.  Just where that content is coming from
> may change.

Indeed.

Cheers,
b.



signature.asc
Description: This is a digitally signed message part

Re: Disney+ Streaming

[Brian J. Murrell]

On Tue, 2019-11-12 at 15:26 -0500, Valdis Klētnieks wrote:
> 
> I can foresee a lot of families subscribing to Netflix *and* Disney+
> because neither one has all the content the family wants to watch.

Absolutely.  But the time spent watching Disney would *replace* (not be
in addition to, or would it?  Would Disney's content result in existing
streamers watching more hours of streaming than they did before?)
Netflix watching.

> Has anybody seen a significant drop in total streaming traffic due to
> Netflix
> users jumping ship to Amazon/Hulu, or are consumers just biting the
> bullet,
> coughing up the $$, and streaming more total because across the
> services
> there's more stuff they want to watch?

I actually suspect streaming is going to decline (at least in
comparison to where it could have grown to) if this streaming service
fragmentation continues.

I think people are going to reject the idea that they need to subscribe
to a dozen streaming services at $10-$20/mo. each and will be driven
back the good old "single source" (piracy) they used to use before 1
(or perhaps 2) streaming services kept them happy enough to abandon
piracy.

The content providers are going to piss in their bed again due to
greed.  Again.

Cheers,
b.



signature.asc
Description: This is a digitally signed message part

Re: Disney+ Streaming

[Brian J. Murrell]

On Tue, 2019-11-12 at 15:08 -0500, Clayton Zekelman wrote:
> Netflix has done a great job deploying OC Appliances.   A Netflix 
> user != Amazon, Hulu, etc...

Fair enough, in the cases where operators are Netflix OC partners and
might see a shift in network use from a Netflic OC appliance to
external their network to other streaming services.

But for an operator who doesn't have an OC Appliances, is there likely
to be much difference?  I suppose that was the context I was thinking
in.

That said, I (admittedly, idly) wonder what percentage of users (world-
wide, by nation, geographical area, etc.) are served by OC Appliances. 
I really have no clue as to the penetration of OC Appliances.


Cheers,
b?


signature.asc
Description: This is a digitally signed message part

Re: Disney+ Streaming

[Brian J. Murrell]

On Tue, 2019-11-12 at 19:49 +, Justin Krejci wrote:
> 
> As the service grows in popularity, and its breadth of content and
> manageable price is likely to attract a lot of growth, I'd like to
> plan for any necessary augmentations to the network.

From the end-user/viewer network capacity perspective is a new
streaming service likely to (significantly) "add new viewers" or more
likely to just shift existing viewers away from an existing service
(i.e Netflix, Amazon, Hulu, etc.) to Disney, resulting in a net-wash
from the end-user/viewer network capacity perspective?

I guess the question is, will Disney content compel users who are not
already streaming to start streaming?

Cheers,
b.



signature.asc
Description: This is a digitally signed message part

Re: all major US carriers received text messages overnight that appear to have been sent around Valentine's Day 2019

[Brian J. Murrell]

On Thu, 2019-11-07 at 22:42 +, Chris Kimball via NANOG wrote:
> Does anyone have any more information on this?

Yeah, like who (in the private sector -- we all knew the NSA already
are doing this) has access to and is archiving *everyone*s text
messages?  And why?

Cheers,
b.



signature.asc
Description: This is a digitally signed message part

Re: Video Streaming Wars

[Brian J. Murrell]

On Tue, 2019-10-15 at 17:12 +, Rod Beck wrote:
> https://www.lightreading.com/video/ott/whats-at-stake-as-the-streaming-battle-builds-/d/d-id/754841?
> [
> https://img.lightreading.com/2019/10/754841/3383.jpg] ?>
> What's at Stake as the Streaming Battle Builds | Light Reading<
> https://www.lightreading.com/video/ott/whats-at-stake-as-the-streaming-battle-builds-/d/d-id/754841
> ?>
> Netflix, Amazon and Hulu have staked out their turf in the
> subscription VoD market, but will they be able to hold that coveted
> ground as Disney, Apple, WarnerMedia and NBCU enter the streaming
> fray?
> www.lightreading.com
> 

The video streaming wars are this years version of last years cable
channel bundling.  Everyone knows the game the cablecos play where they
bundle 14 channels of crap with one channel that people actually want
and because it's 15 channels, hey, well that's going to cost
$20.99/mo., you know, because you are getting 15 channels!  Oh, no,
sorry, no way to get just that one channel you want for just it's cost.
You need to buy all 15.

How many streaming services is the average consumer going to have to
start subscribing to for $10-20/mo. each to get all of the content they
want?

Or, as I (and I am sure others have) predict(ed), while consumers were
willing to pay a modest amount of money for a streaming service or two
to get all of the content they wanted, consumers are going to reject
the skyrocketing costs of the streaming fragmentation and go back to
the same solution they had for the high costs of cable channel
bundling.  Welcome back piracy.

Cheers,
b.



signature.asc
Description: This is a digitally signed message part

Re: DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users

[Brian J. Murrell]

On Wed, 2019-09-18 at 09:15 +0200, Jeroen Massar wrote:
> Hi Folks,

Hi.

> While in the US soon all Firefox users will *NOT* use your DNS
> Recursives configured using DHCP anymore
> (NXDOMAIN use-application-dns.net to avoid that[1]).

What am I misunderstanding?  Isn't use-application-dns.net supposed to
return A results until "defeated"?  I have not configured my own DNS
server to NXDOMAIN that yet, however:

$ dig use-application-dns.net a

; <<>> DiG 9.11.10-RedHat-9.11.10-1.fc30 <<>> use-application-dns.net a
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 33589
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;use-application-dns.net.   IN  A

;; Query time: 1181 msec
;; SERVER: fd31:aeb1:48df::2#53(fd31:aeb1:48df::2)
;; WHEN: Wed Sep 18 06:22:19 EDT 2019
;; MSG SIZE  rcvd: 52

And even Google's global DNS:

$ dig @8.8.8.8 use-application-dns.net a

; <<>> DiG 9.11.10-RedHat-9.11.10-1.fc30 <<>> @8.8.8.8 use-application-
dns.net a
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 33725
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;use-application-dns.net.   IN  A

;; Query time: 1454 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Sep 18 06:22:42 EDT 2019
;; MSG SIZE  rcvd: 52

Cheers,
b.



signature.asc
Description: This is a digitally signed message part

Re: MAP-E

[Brian J. Murrell]

On Fri, 2019-08-02 at 15:37 +0200, JORDI PALET MARTINEZ via NANOG
wrote:
> Ask the vendor to support RFC8585.
> 
>  
> 
> Also, you can do it with OpenWRT.
> 
>  
> 
> I think 464XLAT is a better option and both of them are supported by
> OpenWRT.
> 
>  
> 
> You can also use OpenSource (Jool) for the NAT64.

Will any of these (including MAP-E) support such nasty (in terms of
burying IP addresses in data payloads) protocols as FTP and SIP/SDP?

Cheers,
b.



signature.asc
Description: This is a digitally signed message part

Re: really amazon?

[Brian J. Murrell]

On Wed, 2019-07-31 at 23:13 +0300, Scott Christopher wrote:
> 
> Because it will get spammed if publicly listed in WHOIS.

I will take that at *least* as ironic as you meant it.

b.



signature.asc
Description: This is a digitally signed message part

Re: SHAKEN/STIR Robocall Summit - July 11 2019 at FCC

[Brian J. Murrell]

On Thu, 2019-07-11 at 11:59 -0400, Paul Timmins wrote:
> Chris it would be trivial for this to be fixed, nearly overnight, by 
> creating some liability on the part of carriers for illicit use of 
> caller ID data on behalf of their customers.

This 1000%.  Once legal liability is in place, the carriers themselves
will come up with the most effective and efficient solutions to solve
the problem.

> But the carriers don't want that,

And the legislators are in the pockets of Corporate America so nothing
will happen.

b.



signature.asc
Description: This is a digitally signed message part

Re: any interesting/useful resources available to IPv6 only?

[Brian J. Murrell]

On Mon, 2019-05-06 at 12:12 -0400, John Levine wrote:
> 
> There are perfectly good reasons to use v6: no NAT in front of your
> devices,

Check.

> every service gets its own IP,

Roger.

> better connections to devices
> on mobile networks and home networks that are behind v4 NATs.

Bingo!

All very good reasons, and in fact every one of them are my primary
reasons.

But the came I am making is to PHBs, not engineers and I am trying to
find a path of least resistance.

b.



signature.asc
Description: This is a digitally signed message part

Re: any interesting/useful resources available to IPv6 only?

[Brian J. Murrell]

On Mon, 2019-05-06 at 10:26 +1200, Pshem Kowalczyk wrote:
> I've found a VPS provider (https://www.vultr.com/pricing/) that
> offers
> cheaper instances with IPv6 only.

That's an interesting one.  Neat to see.

But it would probably be a stretch to try to use that as example of why
my ISP needs to provide IPv6 connectivity since even if I bought one of
those IPv6-only VPS, I could probably still administer it over IPv4.

That and that such a VPS is only reachable from IPv6 addresses, if I
were to have one, makes more of a case why other ISPs should support
IPv6 rather than my own ISP.

But it might be a useful case to point to in the more general sense of
"there is a portion of the Internet that is only reachable from IPv6
addresses".

Cheers,
b.



signature.asc
Description: This is a digitally signed message part

any interesting/useful resources available to IPv6 only?

[Brian J. Murrell]

Hi,

I am trying to make a case (to old fuddy-duddies, which is why I even
need to actually make a case) for IPv6 for my own selfish reasons.  :-)

I wonder if anyone has any references to interesting/useful/otherwise
resources on are only available to IPv6 users that they can forward to
me.

Cheers,
b.



signature.asc
Description: This is a digitally signed message part

Re: plaintext email?

[Brian J. Murrell]

On Tue, 2019-01-15 at 00:24 -0500, b...@theworld.com wrote:
> I'd like to go on record as saying that I PREFER top-posting.
> 
> Why dig through what you've already read to see the new comments?

Because in long discussion threads, you lose the context to exactly
what a particular person is replying to/about.  When they answer inline
(or bottom posting if there is just one thing to say) you get the
context as to what they are talking about.

> Actually in an ideal world previous included bits would be links
> which
> could optionally be expanded via one shared remote copy but lo I
> wander.

Right.  So you are actually advocating for inline/bottom-posting with
appropriate trimming and the added benefit of being able to collapse
the trimmed quote.  That could very well and easily be an MUA feature. 
But you started your message by saying you prefer top posting.

> You should try some of the internet governance (I know, oxymoron)
> lists where people will inline a megabyte of discussion to add just
> "+1!" or "I agree!" or "congrats!" in the middle or bottom. It's like
> Alice's Restaurant.

That's a different problem that IMHO, top posting actually perpetuates:
lack of trimming.  Top posting makes it too easy to send along the
entire copies of all of the messages that previous top-posters posted
and didn't trim.  When you encourage inline replying or bottom posting,
it seems to point out, only if slightly more, than one could trim the
useless content as one goes by it to inline/bottom post.

Cheers,
b.




signature.asc
Description: This is a digitally signed message part

Re: Facebook doesn't have a route to my ISP's (Cogeco) IPv6 space?

[Brian J. Murrell]

On Thu, 2018-12-20 at 17:28 -0600, Constantine A. Murenin wrote:
> Hi Brian,

Hi,

> But what's exactly at 2a03:2880:f012:3:face:b00c:0:1?

It's one of the endpoints involved in Facebook's Messenger service. 
IIRC it's "graph.facebook.com", although I note that that address is
currently answering as:

graph.facebook.com. 2068IN  CNAME   api.facebook.com.
api.facebook.com.   2068IN  CNAME   star.c10r.facebook.com.
star.c10r.facebook.com. 25  IN  2a03:2880:f00e:a:face:b00c:0:2

To be fair though, that one could just be what a load-balancing name
service is responding at the moment.  Notice that the two addresses are
only off by one.

But even more interesting is that it's now working:

My traceroute  [v0.92]
pc.interlinx.bc.ca (2001:1970:5261:d600:c5d9:3319:afbc:3bb6) 
2018-12-20T23:07:14-0500
Keys:  Help   Display mode   Restart statistics   Order of fields   quit
 Packets   Pings
 Host  Loss%   Snt   Last   Avg  Best  Wrst 
StDev
 1. 2001:1970:5261:d600::1  0.0%940.6   0.7   0.4   3.8 
  0.3
 2. 2001:1970:4000:82::10.0%949.0  20.2   7.3 889.2 
 91.0
 3. 2001:1970:0:1a7::1 39.4%94   19.8  19.5  17.9  26.3 
  1.8
 4. 2001:1970:0:61::1  45.2%93   18.1  16.5  14.3  22.5 
  1.9
 5. ae7.pr03.yyz1.tfbnw.net 0.0%93   19.6  19.4  14.9  76.8 
  9.4
 6. po103.psw04.yyz1.tfbnw.net  0.0%93   14.5  15.8  13.9  24.0 
  1.5
 7. po4.msw1ab.01.yyz1.tfbnw.net0.0%93   15.3  15.7  14.2  24.0 
  1.3
 8. 2a03:2880:f00e:a:face:b00c:0:1  0.0%93   19.2  15.5  13.7  22.5 
  1.7

And even just a few minutes ago it was not as I was testing it for
another (off-list) query:

My traceroute  [v0.92]
pc.interlinx.bc.ca (2001:1970:5261:d600:c5d9:3319:afbc:3bb6) 
2018-12-20T22:47:51-0500
Keys:  Help   Display mode   Restart statistics   Order of fields   quit
 Packets   Pings
 Host  Loss%   Snt   Last   Avg  Best  Wrst 
StDev
 1. 2001:1970:5261:d600::1  0.0%   1120.6   0.7   0.5   5.1 
  0.4
 2. 2001:1970:4000:82::10.0%   1129.2  15.8   7.3 374.4 
 36.2
 3. 2001:1970:0:1a7::1 17.0%   112   18.3  19.1  17.6  21.9 
  0.8
 4. 2001:1970:0:61::1  33.0%   112   15.9  16.0  14.8  27.9 
  1.8
 5. 2001:1978:1300::1   0.0%   112   15.5  17.0  14.1  49.8 
  4.4
 6. 2001:1978:203::45   0.0%   112   29.5  29.8  28.2  46.8 
  2.1
 7. ???

Perhaps the bit of cage rattling that I have done here has knocked
something loose.  :-)

Cheers,
b.



signature.asc
Description: This is a digitally signed message part

Re: Facebook doesn't have a route to my ISP's (Cogeco) IPv6 space?

[Brian J. Murrell]

On Thu, 2018-12-20 at 21:44 -0500, Harald Koch wrote:
> 
> To OP: I believe that every last-mile provider in Canda is still
> offering IPv6 as a best-effort, unsupported service.

Yeah.  I'm aware of this.  But I want to give them the benefit of the
doubt that this problem is simply ignorance and something they'd like
to fix rather than any of the more depressing alternatives.

Cheers,
b.



signature.asc
Description: This is a digitally signed message part

Re: Facebook doesn't have a route to my ISP's (Cogeco) IPv6 space?

[Brian J. Murrell]

On Thu, 2018-12-20 at 21:48 +0200, Max Tulyev wrote:
> Well known problem.

Interesting.  As in a general problem across the Internet or a well
known problem with Cogeco specifically?

> You can use our tunnel broker connection (tb.netassist.ua) as a
> workaround.

Thanks.  But I actually already have a tunnel as well as a(nother)
native IPv6 ISP (yes, I have two consumer ISP connections) which routes
to Facebook properly.

The problem is that for the clients behind this router receiving RAs
for all three upstream connections and plumbing IPv6 addresses on each
of those networks, I know of no way to prevent them from choosing their
Cogeco IP address among the 3 and thus trying to use the Cogeco route.

I can (and have) put a rule into that router to refuse connections to
Facebook when using the Cogeco source address which sends TCP clients a
TCP reset with the hope that (good at least) clients/IPv6 stacks will
try a different source address but the results on that seem spotty at
best.

b.



signature.asc
Description: This is a digitally signed message part

Facebook doesn't have a route to my ISP's (Cogeco) IPv6 space?

[Brian J. Murrell]

I've been trying to figure out why I can reach an IPv6 address at
Facebook (2a03:2880:f012:3:face:b00c:0:1) through (only) one of my two
Internet connections as well as via an HE IPv6 tunnel but not the other
of my two ISP connections

At one point in time a traceroute was dying inside of he.net:

 Host  Loss%   Snt   Last   Avg  Best  Wrst 
StDev
 1. 2001:1970:5261:d600::1  0.0% 72.1   1.3   0.7   2.9 
  0.8
 2. 2001:1970:4000:82::10.0% 7   10.0  14.0   8.3  37.9 
 10.6
 3. 2001:1970:0:1a6::1 16.7% 7   13.2 215.5  10.8 1031. 
455.9
 4. he.ip6.torontointernetxchange.net   0.0% 7   12.3  12.9  11.2  15.3 
  1.6
 5. 100ge9-2.core2.chi1.he.net  0.0% 7   23.6  23.0  21.3  27.6 
  2.2
 6. 100ge15-2.core1.chi1.he.net 0.0% 7   21.7  22.5  21.6  24.9 
  1.2
 7. 100ge12-1.core1.atl1.he.net 0.0% 7   34.2  35.1  34.1  36.1 
  0.7
 8. 100ge5-1.core1.tpa1.he.net  0.0% 7   49.1  46.6  44.8  49.1 
  1.5
 9. 100ge12-1.core1.mia1.he.net 0.0% 7   51.6  54.5  50.5  73.3 
  8.3
10. ???

But I think it getting that far time was an anomaly and frankly it
usually dies even before exiting my ISP's (Cogeco) network like this:

 Host   Loss%   Snt   Last   Avg  Best  
Wrst StDev
 1. 2001:1970:5261:d600::1   0.0%330.6   0.7   0.6   
1.0   0.1
 2. 2001:1970:4000:82::1 0.0%338.2  10.8   8.1  
40.5   5.6
 3. 2001:1970:0:1a7::1  15.2%33   23.4  20.1  16.5  
23.4   1.5
 4. 2001:1970:0:61::1   33.3%33   16.8  17.6  14.5  
25.9   2.5
 5. 2001:1978:1300::10.0%33   16.0  17.5  14.2  
29.6   3.1
 6. 2001:1978:203::450.0%33   30.7  30.7  28.4  
35.1   1.7
 7. ???

When I asked the kind folks at he.net for some advice about the problem
(i.e. in the first traceroute above) their diagnosis was that
Facebook's IPv6 router(s) likely didn't have a route back to my Cogeco
IPv6 address.

Trying to talk to my ISP (again, Cogeco) has been impossible.  One
simply cannot reach the people who know more than how to reset your
router and configure your e-mail.

I wonder how I could go any further with this to confirm the diagnosis
that Facebook doesn't have a route to the Cogeco network's IPv6 address
space given that I only have access to my end of the path.

Cheers,
b.



signature.asc
Description: This is a digitally signed message part