Re: it's mailman time again

[Richard Porter]

Pouring kerosine on fire? *flame me back if warranted*

Voice networks have no POTS left in them? *mostly?* ….

Get Outlook for iOS

From: NANOG  on behalf of 
Randy Bush 
Sent: Saturday, September 2, 2023 4:30:07 PM
To: Jim Popovitch via NANOG 
Subject: Re: it's mailman time again

> Mail in transit is mostly TLS transport these days,

yep.  mostly.  opsec folk are not fond of 'mostly.'

> BUT mail in storage and idle state isn't always secured.  I'm sure
> that most any of us could find a public s3 bucket with an mbox file on
> it if we cared to look.

sigh

randy

Re: Fred Brooks has died

[Richard Porter]

Some of us all getting old (For those that still know what POTS stands for
or remember the 3volt Phone that would stay on, when power went off)

Maybe the NANOG community should put up a digital memorial of the greats we
are loosing?

On Fri, Nov 18, 2022 at 5:22 PM Michael Thomas  wrote:

>
> His Mythical Man Month is a must read for anybody even remotely adjacent
> to coding, and frankly it should be read out of that context too.
>
> RIP Fred and thank you, that was one of the most important books I've
> ever read.
>
> Mike
>
>

Re: Parler

[Richard Porter]

On Sun, Jan 10, 2021 at 4:58 PM Jay Hennigan  wrote:

> On 1/10/21 13:50, Rod Beck wrote:
>
> > As a big fan of the 1st amendment, but someone deeply appalled by the
> > riot last week and keenly aware of how social media are letting the mud
> > to the surface, I am very perplexed how to reconcile free speech and the
> > garbage flowing through our social streets.
>
> The first amendment deals with the government passing laws restricting
> freedom of speech. It has nothing to do with to whom AWS chooses to sell
> their services. It is also not absolute (fire, crowded theater, etc.)
>
> Has anyone seen a rabbit? We've traveled quite a way down the rabbit hole.
>
A civil discourse filled rabbit hole, and I am happy to have gone down it.

Lost is the art of Civil Discourse sometimes, at least not here?

>
> --
> Jay Hennigan - j...@west.net
> Network Engineering - CCIE #7880
> 503 897-8550 - WB6RDV
>

Re: Parler

[Richard Porter]

>From a business perspective, this clearly helps us understand risk of a
single point of failure. Basic ORM tell us What is the Damage if it occurs,
how likely is it to occur and then accept, mitigate or transfer.

For example in another life, I was responsible for the 'last mile' for a
private city which included fiber in the road. We started to look at pop
diversity (small private city that was near 2 pops, rare but happens).
Instead we went with a pre negotiated contract with our fiber provider and
accepted a 24 hour outage knowing that our Fiber provider was on emergency
stand by if needed. They'd roll a truck and would have us back up within 24
hours (likely faster). The risk process included "How often do we have an
actual fiber cut in the road." It had happened in the past, but the private
city owned the roads and road crew, so new communications procedures were
put in place and it had not happened since.

I agree with Bill. This is a business problem.

On Sun, Jan 10, 2021 at 11:39 AM William Herrin  wrote:

> On Sun, Jan 10, 2021 at 5:43 AM Mike Bolitho 
> wrote:
> > Can we please not go down this rabbit hole on here? List admins?
>
> Hi Mike,
>
> While there's certainly an opportunity to get political, there are
> some obviously apolitical issues worth discussing here as well.
>
> First, this would appear to be an illustration of the single-vendor
> problem. You don't have a credible continuity of operations plan if a
> termination by a single vendor can take you and keep you offline. It's
> the single point of failure that otherwise intelligent system
> architects fail to consider and address. But more than that, cloud
> providers like Amazon tend to make it inconvenient approaching
> impossible to build cross-platform services. I kinda wonder what a
> cloud services product would look like that was actively trying to
> facilitate cross-platform construction?
>
> Second, Amazon strongly encourages customers to build use of its
> proprietary services and APIs into the core of the customer's product.
> That's quite devastating when there's a need to change vendors.
> Parler's CEO described Amazon's action as requiring them to "rebuild
> from scratch," so I wonder just how tightly tied to such Amazon APIs
> they actually are. And if there isn't a lesson there for the rest of
> us.
>
> These two issues, at least, are technical in nature and on topic for
> this forum. You may choose not to discuss them if they don't interest
> you, of course.
>
> Regards,
> Bill Herrin
>
>
> --
> Hire me! https://bill.herrin.us/resume/
>

Re: WhatsApp's New Policy Has...

[Richard Porter]

Thanks Dave,
I missed that... *he says as he deletes Keybase*

On Fri, Jan 8, 2021 at 1:36 PM Dave Phelps  wrote:

> Keybase was purchased by Zoom (
> https://www.cnbc.com/2020/05/07/zoom-buys-keybase-in-first-deal-as-part-of-plan-to-fix-security.html).
> From what I've gathered, Zoom is too tight with, owned by, or run by China,
> so I believe there was a similar mass exodus from Keybase for lack of trust.
>
> On Fri, Jan 8, 2021 at 1:17 PM Richard Porter 
> wrote:
>
>> Has anyone considered or used Keybase?
>>
>> On Fri, Jan 8, 2021 at 1:14 PM Mark Tinka  wrote:
>>
>>>
>>>
>>> On 1/8/21 19:26, Drew Weaver wrote:
>>>
>>> > This might be anecdotal but there is a ton of debate about whether or
>>> not Telegram is encrypted.
>>> >
>>> > This is not anecdotal though, on Wednesday night I saw an interview
>>> with a security expert on CNBC and he indicated that they knew that the
>>> riots in DC were going to happen because they had been "monitoring the
>>> extremists Telegram groups". What they didn't say was whether or not they
>>> were simply members of those groups, or monitoring from a
>>> "networking/technology" sense. I'm not sure if Signal does groups the same
>>> way that Telegram does but that one is widely believed to be much better
>>> than Telegram as far as privacy and security.
>>> >
>>> > Telegram is a tremendously useful (and free service) for connecting to
>>> Elastalert for all manner of notifications, but we have since moved to
>>> Teams for that just because we can't really be sure what is going on under
>>> the hood with Telegram.
>>> >
>>> > Just some things that I have observed, not trying to start a holy war.
>>>
>>> My rudimentary understanding of Telegram is that group messages are
>>> client-server, which is why new members can read old posts when they
>>> join a group.
>>>
>>> Signal, on the other hand, is p2p for members within the group. No
>>> messages are ever sent to their cloud.
>>>
>>> Mark.
>>>
>>

Re: WhatsApp's New Policy Has...

[Richard Porter]

Has anyone considered or used Keybase?

On Fri, Jan 8, 2021 at 1:14 PM Mark Tinka  wrote:

>
>
> On 1/8/21 19:26, Drew Weaver wrote:
>
> > This might be anecdotal but there is a ton of debate about whether or
> not Telegram is encrypted.
> >
> > This is not anecdotal though, on Wednesday night I saw an interview with
> a security expert on CNBC and he indicated that they knew that the riots in
> DC were going to happen because they had been "monitoring the extremists
> Telegram groups". What they didn't say was whether or not they were simply
> members of those groups, or monitoring from a "networking/technology"
> sense. I'm not sure if Signal does groups the same way that Telegram does
> but that one is widely believed to be much better than Telegram as far as
> privacy and security.
> >
> > Telegram is a tremendously useful (and free service) for connecting to
> Elastalert for all manner of notifications, but we have since moved to
> Teams for that just because we can't really be sure what is going on under
> the hood with Telegram.
> >
> > Just some things that I have observed, not trying to start a holy war.
>
> My rudimentary understanding of Telegram is that group messages are
> client-server, which is why new members can read old posts when they
> join a group.
>
> Signal, on the other hand, is p2p for members within the group. No
> messages are ever sent to their cloud.
>
> Mark.
>

Re: NDAA passed: Internet and Online Streaming Services Emergency Alert Study

[Richard Porter]

On Mon, Jan 4, 2021 at 10:25 PM Chris Adams  wrote:

> Once upon a time, Billy Crook  said:
> > On a technical note (having read the comment about overloading the
> system)
> > could a system like DNS help handle this?
>
> I wouldn't think so, because some of the important alerts are very time
> sensitive.  It's been mentioned several times in this thread that the
> earthquake alerts are on the order of 10 seconds in advance.  I know
> someone that survived a tornado by a few seconds (the time it took to
> get out of bed and get to the bedroom door as the tornado dropped the
> second floor of the house on the bed).
>
4G/LTE/5G networks could be further leveraged for this. In Denton County,
TX, USA, you can register to "opt in" to receive weather alerts. We get
tornadoes here. I could see better leveraging of that technology than
streaming services. It is uncommon to find anyone without a cell phone in
the US anymore.

EMS services in some states leverage private 3G/4G networks for real-time
communications. Wider reach in population clusters.


> To be useful for the worst events, they need to be push, and push in
> very short order.  And since those are the alerts most likely to be
> life-saving, those are what the system needs to be built for (or what's
> the point).
>
> And to the point of the weather service sending out more alerts than in
> the past: yes, they do.  To some extent, it's better radars and software
> to find hazards; they're also learning all the time to better identify
> what is and is not a threat (so there are storms that might have had a
> warning 10 years ago that might not today).  But I'll take extra alerts
> now and then... a friend died in a tornado years ago because the warning
> came after it was on the ground (and probably after they were dead).
>
> --
> Chris Adams 
>

Re: NDAA passed: Internet and Online Streaming Services Emergency Alert Study

[Richard Porter]

Comment inline

On Mon, Jan 4, 2021 at 5:32 PM J. Hellenthal via NANOG 
wrote:

> Comment inline
>
> --
>  J. Hellenthal
>
> The fact that there's a highway to Hell but only a stairway to Heaven says
> a lot about anticipated traffic volume.
>
> > On Jan 4, 2021, at 14:35, b...@theworld.com wrote:
> >
> > 
> > Why wouldn't we just build this into 10-year battery smoke alarms, a
> > simple radio receiver?
>
> Someone contact  gentex.com to go over the IoT thoughts.
>
Whatever could go wrong with putting *MORE* critical things on the internet
*Sarcasm REALLY intended here*? The Video Game *Cyberpunk 2077* seems kinda
prophetic?

Let us not forget the Hawaii incident from Human error.

https://www.hawaiinewsnow.com/story/37260138/watch-gov-david-ige-on-what-triggered-ballistic-missile-false-alarm/

I think the internet ship sailed with RFC 1 ;)

>
>
> >
> > Why does anyone think this must be a feature of the internet when, as
> > people here have described, that entails all sorts of complexities.
> >
> > You just want something that goes BEEP-BEEP-BEEP KISS YOUR ASS
> > GOODBYE! BEEP BEEP BEEP really loudly on command, perhaps with some
> > more detail.
> >
> > Probably about 10c in circuitry involved.
> >
> > We're really getting way into the cargo cult worship of the internet
> > much like how TV in the 1950s was supposed to be the answer to every
> > one of society's problems but mostly what we got were sitcoms and ads
> > for bad beer.
> >
> > Ok, proceed with the list of edge cases. But at least there are laws
> > requiring smoke alarms most everywhere.
> >
> > --
> >-Barry Shein
> >
> > Software Tool & Die| b...@theworld.com |
> http://www.TheWorld.com
> > Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
> > The World: Since 1989  | A Public Information Utility | *oo*
>

Re: Orange : Propagating Bogus Saudi Telecom Announcement

[Richard Porter]

https://twitter.com/millionaire_xrp/status/1297952306357567488?s=10

Related? reports of outages at Chase?

On Mon, Aug 24, 2020 at 2:13 PM Tom Beecher  wrote:

> Saudi Telecom ( AS 39386 ) is currently announcing Equinix NY9's IX
> prefix, and Orange is gladly sharing that for the world to see.
>
> Zayo : You might want to not be using that either when you're directly
> connected to that exchange. :)
>
> *Router:* New York, NY
> *Command:* show route protocol bgp table inet.0 198.32.118.0/24 terse
> exact
>
>
> inet.0: 833301 destinations, 5821043 routes (833250 active, 16 holddown, 88 
> hidden)
> + = Active Route, - = Last Active, * = Both
> A V DestinationP Prf   Metric 1   Metric 2  Next hopAS path
> * ? 198.32.118.0/24B 170100 4294967294  5511 
> 39386 39386 39386 39386 I
>   unverified   >64.125.29.222
> 64.125.29.220
>   ?B 170100 4294967294  5511 
> 39386 39386 39386 39386 I
>   unverified   >64.125.29.222
> 64.125.29.220
>   ?B 170100 4294967294  5511 
> 39386 39386 39386 39386 I
>   unverified   >64.125.29.220
> 64.125.29.222
>   ?B 170100 4294967294  5511 
> 39386 39386 39386 39386 I
>   unverified   >64.125.29.220
> 64.125.29.222
>   ?B 170100 4294967294  5511 
> 39386 39386 39386 39386 I
>   unverified   >64.125.29.220
> 64.125.29.222
> {master}
>
>

Re: DARAZ.COM.BD

[Richard Porter]

"Ham eggs bacon and spam?" - MP

Could not resist MUST ... Sing ... SONG!

On Fri, Sep 20, 2019 at 10:26 AM Mike Hale 
wrote:

> Lovely Spam! Wonderful Spam!
> Lovely Spam! Wonderful Spam
>
> On Fri, Sep 20, 2019, 7:50 AM Mel Beckman  wrote:
>
>> Maybe email them directly? Posting to the list just gets us all more
>> spam.
>>
>> -mel via cell
>>
>> > On Sep 20, 2019, at 5:47 AM, Jared Mauch  wrote:
>> >
>> > Can you please turn off your salesforce/autoresponder to nanog posts
>> please?
>> >
>> > - jared
>>
>

Sorta [OT] Contact Request

[Richard Porter]

Short story, 
Wife is moving us to a remote location. Anyone from Windstream ISP in greater 
Dallas TX area on the list that can contact me?

Thanks!,
~Richard

Re: Companies using public IP space owned by others for internal routing

[Richard Porter]

Robert,
I’ve heard of two cases recently, large companies (non carrier/ISP). One 
company looking to solve challenge with IPv6 and 6to4 and DNS.

Also curious how wide-spread this is? Maybe just the kick in the butt for 
catching the elusive IPv6 unicorn?

~Richard

> On Dec 17, 2017, at 3:30 PM, Robert Webb  wrote:
> 
> Will anyone comment on the practice of large enterprises using non RFC1918 IP 
> space that other entities are assigned by ARIN for internal routing?
> 
> Just curious as to how wide spread this might be. I just heard of this 
> happening with a large ISP and never really thought about it until now.
> 
> Robert

Re: Intellectual Property in Network Design

[Richard Porter]

> On Feb 12, 2015, at 5:43 PM, Ahad Aboss  wrote:
> 
> Hi Skeeve,
> 
> In a sense, you are an artist as network architecture is an art in itself.
> It involves interaction with time, processes, people and things or an
> intersection between all.
And to that, artwork would fall under copyright *Sarcasm*? +1 on art form! More 
like an abstract martial art really. PacketFu!
> 
> As an architect, you analyze customer needs and design a solution using
> your creative ideas to address their business driven needs today. In some
> ways, this is easier because creating a
If you are a consultant wouldn’t that fall under work for hire? If you are an 
employee? Check the contract, I am betting there is a clause for IP ownership!

> business centric network provides you some parameters to design within.
> You might mix and match technologies that will suite one business better
> than the other but it's your creative ideas. It's not secrets of their
> trade that you replicate or takeaway. You are master of the trade and you
> design a solution that works best for them.
> 
> While some design principles for application service provider, enterprise,
> carrier or ISP have similarities, no two network is the same.

> 
> If you don't claim IP on the design or publish company names you've done
> the designs for, under what jurisdiction can they claim what you designed
> is their IP? What if their requirement changes in 6 months from now?
> 
> If a architect designs a road system in a particular way, does it mean
> he/she can't design another road again because of IP issue?
> 
> I would tend to disagree.
+1
> 
> It may not answer your questions but I hope it provides some content to
> support your case :)
> 
> Regards,
> Ahad
> 
> 
> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Owen DeLong
> Sent: Friday, 13 February 2015 6:46 AM
> To: William Herrin
> Cc: nanog@nanog.org
> Subject: Re: Intellectual Property in Network Design
> 
> The extent to which this is technically feasible and how one must go about
> it actually varies greatly from jurisdiction to jurisdiction.
> 
> Something well worth considering given the number of jurisdictions already
> mentioned in the current discussion.
> 
> There are a number of possible concerns that the customer in question may
> be attempting to solve with their request. The first step is to identify
> which concern(s) they want to address.
> 
>   1.  Do they want to make sure that they have sufficient rights
> in
>   the design that they can replicate/modify/otherwise use it
>   without further compensating you?
> 
>   2.  Do they want to make sure that you surrender your rights
> in
>   the design so that you are not able to provide an
> identical
>   solution to another customer in the future and/or that you
> do
>   not use their design as an example or case study for your
>   marketing purposes?
> 
>   3.  Do they not really have a concern, but someone told them
>   that it was important to ask this question?
> 
>   4.  Do they want to make sure this treated as a "work for
> hire"
>   with all the legal implications that caries?
> 
> There are probably others that I am not thinking of at the moment.
> 
> Owen
> 
>> On Feb 12, 2015, at 08:18 , William Herrin  wrote:
>> 
>> On Thu, Feb 12, 2015 at 7:36 AM, Skeeve Stevens
>>  wrote:
>>> Actually Bill... I have two (conflicting) perspectives as I said
>>> but to
>>> clarify:
>>> 
>>> 1) A customer asked 'Can you make sure we have the IP for the network
>>> design' which I was wondering if it is even technically possible
>> 
>> Hi Skeeve,
>> 
>> IANAL but I play one when I can get away with it.
>> 
>> This is usually covered as, "Contractor agrees to provide Customer
>> with all documents, diagrams, software or other materials produced in
>> the course of the contract. Contractor shall upon request assign all
>> ownership of such materials to Customer. Contractor shall retain no
>> copies of said material following termination of the contract."
>> 
>> So yes, it's technically feasible.
>> 
>> 
>>> 2) If I design some amazing solutions... am I able to claim IP.
>> 
>> If it's copyrightable (a "solution" may be), then as a contractor (not
>> an employee) the copyright vests in you. If the contract states that
>> you agree to transfer it to the customer then you breach the contract
>> if you don't.
>> 
>> If the contract says the copyrights are theirs then at least that part
>> of the contract is probably void. Barring W2 employment copyrights
>> nearly always vest in the individual who first put them in to a
>> tangible form. There are explicit and narrow exceptions in the law.
>> Preface of a book. That sort of thing. It's unlikely you'll run afoul
>> of any of them.
>> 
>> Lawyers get this wrong shockingly often. IP doesn't vest in the
>> customer and can't be trans

Re: Does anyone know Jared's birthday?

[Richard Porter]

I do not claim to know Jared but suggest that on this list? He was not born, 
perhaps routed into existence? (please direct all boos, hisses and flames for 
that bad pun right at me :)


On Jun 4, 2014, at 4:21 PM, Chaim Rieger  wrote:

> Jared wasn't born, he just became.. therefore no birthday applies 
> 
> On June 4, 2014 12:15:47 PM PDT, Warren Kumari  wrote:
>> Yup, I did think it was worth asking the entire list.
>> 
>> W
> 
> -- 
> Sent from my Android device with K-9 Mail. Please excuse my brevity.

Hat - bcp38.info - Storm Center Diary

[Richard Porter]

Hat,
A reader suggested I reach out to you, he thought you might like a simple 
graphic I put together on the Storm Center Diary post. Talked about BCP38 today.

Email me off list and I will send it. 

~Richard


signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: blogs.cisco.com not available via IPv6

[Richard Porter]

*Sarcasm* but lawyers seem to think it is REALLY important to add that load to 
email servers, backup servers and storage :). I wonder how much extra storage 
those simple extra bits/bytes have taken over the years?

~Richard

On Dec 5, 2013, at 6:39 PM, Rogan Schlassa  wrote:

> Please dont reply back with such legal disclaimers.  It is basically SPAM
> and of course nonsense.
> 
> The thought that you can send a email and force your companies terms on us
> is rediculous.
> 
> If CISCO forces that in your sig then for one tell them to fuck off and two
> use a different email.
> On Dec 5, 2013 3:56 PM, "John Stuppi (jstuppi)"  wrote:
> 
>> Thanks folks.  Blogs.cisco.com should be back up now for both IPv4 and v6.
>> 
>> Thanks,
>> John
>> 
>> "We can't help everyone, but everyone can help someone."
>> 
>> 
>> 
>> 
>> John Stuppi, CISSP
>> Technical Leader
>> Strategic Security Research
>> jstu...@cisco.com
>> Phone: +1 732 516 5994
>> Mobile: 732 319 3886
>> 
>> CCIE, Security - 11154
>> Cisco Systems
>> Mail Stop INJ01/2/
>> 111 Wood Avenue South
>> Iselin, New Jersey 08830
>> United States
>> Cisco.com
>> 
>> 
>> 
>> Think before you print.
>> This email may contain confidential and privileged material for the sole
>> use of the intended recipient. Any review, use, distribution or disclosure
>> by others is strictly prohibited. If you are not the intended recipient (or
>> authorized to receive for the recipient), please contact the sender by
>> reply email and delete all copies of this message.
>> For corporate legal information go to:
>> http://www.cisco.com/web/about/doing_business/legal/cri/index.html
>> 
>> 
>> 
>> 
>> 
>> -Original Message-
>> From: Jared Mauch [mailto:ja...@puck.nether.net]
>> Sent: Wednesday, December 04, 2013 9:23 AM
>> To: Henri Wahl
>> Cc: NANOG list
>> Subject: Re: blogs.cisco.com not available via IPv6
>> 
>> I'm seeing it down via IPv6:
>> 
>> *   Trying 2600:1407:9:295::90...
>> * Connected to www.cisco.com (2600:1407:9:295::90) port 80 (#0)
>>> GET / HTTP/1.1
>>> User-Agent: curl/7.30.0
>>> Host: www.cisco.com
>>> Accept: */*
>>> 
>> < HTTP/1.1 200 OK
>> * Server Apache is not blacklisted
>> 
>> 
>> * About to connect() to blogs.cisco.com port 80 (#0)
>> *   Trying 2001:4800:13c1:10::178...
>> ^C
>> 
>> - Jared
>> 
>> On Dec 4, 2013, at 8:37 AM, Henri Wahl  wrote:
>> 
>>> Hi,
>>> can anybody from Cisco confirm that blogs.cisco.com
>>> (2001:4800:13c1:10::178) is not available via IPv6?
>>> Regards
>>> 
>>> --
>>> Henri Wahl
>>> 
>>> IT Department
>>> Leibniz-Institut fuer Festkoerper- u.
>>> Werkstoffforschung Dresden
>>> 
>>> tel: (03 51) 46 59 - 797
>>> email: h.w...@ifw-dresden.de
>>> http://www.ifw-dresden.de
>>> 
>>> Nagios status monitor Nagstamon:
>>> http://nagstamon.ifw-dresden.de
>>> 
>>> DHCPv6 server dhcpy6d:
>>> http://dhcpy6d.ifw-dresden.de
>>> 
>>> IFW Dresden e.V., Helmholtzstrasse 20, D-01069 Dresden VR Dresden Nr.
>>> 1369
>>> Vorstand: Prof. Dr. Juergen Eckert, Dr. h.c. Dipl.-Finw. Rolf Pfrengle
>>> <0x1FBA0942.asc>
>> 
>> 
>> 
>> 



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: NYT covers China cyberthreat

[Richard Porter]

When you really look at human behavior the thing that remains the same is core 
motives. The competition makes sense in that it is human nature to aggresse for 
resources. We are challenged in the "fact" that we 'want' to belong among the 
other five. This will never change but.

What is really a travesty here is that most of us have been saying "hey this is 
critical" and can now shift to "I told you so"… in that if you did what we said 
to do 1 … 5 …. 10 … years ago .. you would have "mitigated" this risk..

Basically, genetically we have not changed, so what behavior would suggest that 
(even with the introduction of faster calculators).. why would we change? Just 
means we would do X faster …….

This is my first comment to the list.. please flame me privately to save the 
list :) *** or publicly who think I should really be spanked!!! ***


Regards,
Richard



On Feb 20, 2013, at 7:27 PM, Suresh Ramasubramanian  wrote:

> Very true. The objection is more that the exploits are aimed at civilian
> rather than (or, more accurately, as well as) military / government /
> beltway targets.
> 
> Which makes the alleged chinese strategy rather more like financing jehadis
> to suicide bomb and shoot up hotels and train stations, rather than any
> sort of disciplined warfare or espionage.
> 
> --srs (htc one x)
> On 21-Feb-2013 7:40 AM, "Steven Bellovin"  wrote:
> 
>> 
>> On Feb 20, 2013, at 1:33 PM, valdis.kletni...@vt.edu wrote:
>> 
>>> On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
 boys and girls, all the cyber-capable countries are cyber-culpable.  you
 can bet that they are all snooping and attacking eachother, the united
 states no less than the rest.  news at eleven.
>>> 
>>> The scary part is that so many things got hacked by a bunch of people
>>> who made the totally noob mistake of launching all their attacks from
>>> the same place
>> 
>> 
>> This strongly suggests that it's not their A-team, for whatever value of
>> "their" you prefer.  (My favorite mistake was some of them updating their
>> Facebook pages when their work took them outside the Great Firewall.) They
>> just don't show much in the way of good operational security.
>> 
>> Aside: A few years ago, a non-US friend of mine mentioned a conversation
>> he'd had with a cyber guy from his own country's military.  According to
>> this guy, about 130 countries had active military cyberwarfare units.  I
>> don't suppose that the likes of Ruritania has one, but I think it's a safe
>> assumption that more or less every first and second world country, and not
>> a few third world ones are in the list.
>> 
>> The claim here is not not that China is engaging in cyberespionage.  That
>> would go under the heading of "I'm shocked, shocked to find that there's
>> spying going on here." Rather, the issue that's being raised is the target:
>> commercial firms, rather than the usual military and government secrets.
>> That is what the US is saying goes beyond the usual rules of the game.  In
>> fact, the US has blamed not just China but also Russia, France, and Israel
>> (see http://www.israelnationalnews.com/News/News.aspx/165108 -- and note
>> that that's an Israeli news site) for such activities.  France was
>> notorious
>> for that in the 1990s; there were many press reports of bugged first class
>> seats on Air France, for example.
>> 
>> The term for what's going on is "cyberexploitation", as opposed to
>> "cyberwar".
>> The US has never come out against it in principle, though it never likes it
>> when aimed at the US.  (Every other nation feels the same way about its
>> companies and networks, of course.)  For a good analysis of the legal
>> aspects,
>> see
>> http://www.lawfareblog.com/2011/08/what-is-the-government%E2%80%99s-strategy-for-the-cyber-exploitation-threat/
>> 
>> 
>> 
>> 
>>--Steve Bellovin, https://www.cs.columbia.edu/~smb
>> 
>> 
>> 
>> 
>> 
>> 
>> 

Re: RFC becomes Visio

[Richard Porter]

On Sep 28, 2012, at 12:17 PM, valdis.kletni...@vt.edu wrote:

> On Fri, 28 Sep 2012 14:29:50 -0400, Randy Carpenter said:
>> Just make sure to name the scanned file VisioDi~1_vsd.png, and maybe they 
>> won't notice.
> 
> That's eeevil. ;)

echo $Vladis_Statement >> evil_indeed.vsd

/r