Re: On the control of the Internet.

2010-06-14 Thread Valdis . Kletnieks
On Mon, 14 Jun 2010 08:05:14 BST, Brandon Butterworth said:
> > > Paul Baran's rand paper was on survivable networks. The arpanet was not
> > > that network.
> > 
> > I worry now if it will survive the people that operate it.
> 
> I doubt it. When the machines rise up against us they will
> kill the current net and carry on with their own IPv8 network.

Is *that* what it's going to take to finally get it deployed everyplace?



pgpghO9pAePeh.pgp
Description: PGP signature


Re: On the control of the Internet.

2010-06-14 Thread Eugen Leitl
On Mon, Jun 14, 2010 at 08:05:14AM +0100, Brandon Butterworth wrote:

> > I worry now if it will survive the people that operate it.
> 
> I doubt it. When the machines rise up against us they will
> kill the current net and carry on with their own IPv8 network.

Purely photonic relativistic cut-through all the way ;)




Re: On the control of the Internet.

2010-06-14 Thread Brandon Butterworth
> > Paul Baran's rand paper was on survivable networks. The arpanet was not
> > that network.
> 
> I worry now if it will survive the people that operate it.

I doubt it. When the machines rise up against us they will
kill the current net and carry on with their own IPv8 network.

brandon



Re: On the control of the Internet.

2010-06-13 Thread Larry Sheldon
On 6/13/2010 20:21, Joel Jaeggli wrote:

> Paul Baran's rand paper was on survivable networks. The arpanet was not
> that network.

I worry now if it will survive the people that operate it.

-- 
Somebody should have said:
A democracy is two wolves and a lamb voting on what to have for dinner.

Freedom under a constitutional republic is a well armed lamb contesting
the vote.

Requiescas in pace o email
Ex turpi causa non oritur actio
Eppure si rinfresca

ICBM Targeting Information:  http://tinyurl.com/4sqczs
http://tinyurl.com/7tp8ml





Re: On the control of the Internet.

2010-06-13 Thread Joel Jaeggli


On 06/13/2010 06:13 PM, Bruce Williams wrote:
> On Sun, Jun 13, 2010 at 6:42 AM, Joe Greco  wrote:
>>> Generally speaking, it will be treated as damage and routed around.
>>
>> That fable only really stands a chance when the damage is accidental; in
>> the case where such "damage" is being deliberately inflicted, particularly
>> by government, it gets more complicated.  A lot of the 'net is a little
>> more centralized than it ought to be in order to allow the "routed around"
>> concept to work successfully.
>>
>> ... JG
> 
> BTW, I forget, when was the original ARPANET spec of surviving a
> nuclear war tested? I mean, we do know what would happen, right?

Paul baran's rand paper was on survivable networks. The arpanet was not
that network.

> Yes, Joe, the ARPANET fable does lives on.
> 
> Bruce Williams
> 
> 



Re: On the control of the Internet.

2010-06-13 Thread Bruce Williams
On Sun, Jun 13, 2010 at 6:42 AM, Joe Greco  wrote:
>> Generally speaking, it will be treated as damage and routed around.
>
> That fable only really stands a chance when the damage is accidental; in
> the case where such "damage" is being deliberately inflicted, particularly
> by government, it gets more complicated.  A lot of the 'net is a little
> more centralized than it ought to be in order to allow the "routed around"
> concept to work successfully.
>
> ... JG

BTW, I forget, when was the original ARPANET spec of surviving a
nuclear war tested? I mean, we do know what would happen, right?

Yes, Joe, the ARPANET fable does lives on.

Bruce Williams



Re: On the control of the Internet.

2010-06-13 Thread Larry Sheldon
On 6/13/2010 18:09, Brett Frankenberger wrote:
> On Sun, Jun 13, 2010 at 03:23:06PM -0500, Larry Sheldon wrote:
>> On 6/13/2010 14:59, Joe Greco wrote:
>>
>> How about the case where the master zone file has be amputated and the
>> secondaries can no longer get updates?
>>
>> Mea culpa.
>>
>> That was suppose to say "How about the case where the master zone file
>> has beEN amputated and the secondaries can no longer get updates?
> 
> I'm really not sure what you're asking, and I don't know what "master
> zone file has been amputated" means, but if the master server goes
> unreachable, then, for each secondary, either:
>   (a) it's not reachable from anywhere, in which case it doesn't really
> matter what information it has because nothing will be querying it, or
>   (b) it is reachable from somewhere, in which case you log in to it
> from that somewhere, edit the configuration file, change "slave" to
> "master", and restart BIND.  (Adjust as needed for whatever DNS server
> is in use, if it's not BIND.)

I have been faulted for injecting "politics" into the discussion of BGP
configurations for people that ought not..

There I go again.

Have you actually read the article I posted at the top of this thread?
-- 
Somebody should have said:
A democracy is two wolves and a lamb voting on what to have for dinner.

Freedom under a constitutional republic is a well armed lamb contesting
the vote.

Requiescas in pace o email
Ex turpi causa non oritur actio
Eppure si rinfresca

ICBM Targeting Information:  http://tinyurl.com/4sqczs
http://tinyurl.com/7tp8ml





Re: On the control of the Internet.

2010-06-13 Thread Brett Frankenberger
On Sun, Jun 13, 2010 at 03:23:06PM -0500, Larry Sheldon wrote:
> On 6/13/2010 14:59, Joe Greco wrote:
> 
>  How about the case where the master zone file has be amputated and the
>  secondaries can no longer get updates?
> 
> Mea culpa.
> 
> That was suppose to say "How about the case where the master zone file
> has beEN amputated and the secondaries can no longer get updates?

I'm really not sure what you're asking, and I don't know what "master
zone file has been amputated" means, but if the master server goes
unreachable, then, for each secondary, either:
  (a) it's not reachable from anywhere, in which case it doesn't really
matter what information it has because nothing will be querying it, or
  (b) it is reachable from somewhere, in which case you log in to it
from that somewhere, edit the configuration file, change "slave" to
"master", and restart BIND.  (Adjust as needed for whatever DNS server
is in use, if it's not BIND.)

 -- Brett



Re: On the control of the Internet.

2010-06-13 Thread Eric Brunner-Williams
On 6/13/10 1:11 PM, Seth Mattinen wrote:
> On 6/13/10 9:35 AM, Larry Sheldon wrote:
>> How about the case where the master zone file has be amputated and the
>> secondaries can no longer get updates?
> 
> 
> We just saw that with Haiti.

This overlooks the consequences of that particular catastrophic event
on locally routed, and indifferently named resources, within the area
directly affected by the event.

The hard, even desperate struggle, to keep the physical level
infrastructure powered, and operate link and above level services,
using pre-event and ad hoc post-event resource to address mappings was
not an exercise staged to demonstrate server configuration errors
(these happen quite frequently, and without casualties) or network
partition events (these too happen quite frequently, also without
casualties).

The Lieberman, Collins (R-ME) and Carper bill, like the Rockefeller
and Snowe (R-ME) bill, offers nothing to the repair, or proactive
resilience of the Haitian network.

I am content that Congresswoman Chellie Pingree, of Maine's 1st CD,
assisted significantly in the effort to keep the Boutillier facility
fueled in the last weeks of January.

Network infrastructure security can be distinguished from
cybersecurity in the first instance by actual existence.

Eric



RE: On the control of the Internet.

2010-06-13 Thread George Bonser
> For example--what happens when name-service information for a part
that
> is not shutdown comes from a part that is?
> 
> What if an exchange point for parts that are not shutdown is shutdown.
> 
> And spare me the tinfoil hat stuff--tinfoil hats have not worked for a
> year or more.
> --
> Somebody should have said:
> A democracy is two wolves and a lamb voting on what to have for
dinner.

We can play "what if" all day long and wargame all sorts of scenarios
but what it all boils down to is that there is really no such thing as
"The Internet".  Just exactly how would the government implement any
policy that involved shutting things down and to what extent could they
accomplish anything without hurting themselves?  What if your NSP is a
foreign company?  Can our government tell a French company that they
cannot communicate with someone else?  Can our government tell any
American company that they cannot communicate with another American
company within the US? Do you "white list" certain communicators and
allow them access while denying others?  If so, how do you prevent your
white list from becoming obsolete the day after it is produced?

When you start disconnecting data communications you begin to impact
such things as voice communications, news media dissemination of
information, individuals in key positions losing a communications path,
etc. 

The notion of government being able to "shut down" portions of "the
internet" sounds easy to do in theory but I am not sure it has been
thought through at the practical level.

I would seem to me that the only effective way one could implement such
a policy is to initially shut down ALL communications and then gradually
certify various nodes for reinstatement into the net.  I have no
confidence that the government could ever pull such a thing off.

G



Re: On the control of the Internet.

2010-06-13 Thread Alexander Harrowell
I'll bet that is a political statement, against list rules. Larry is currently 
making up a really high percentage of list traffic and this is beginning to 
annoy.
L
"Larry Sheldon"  wrote:

>On 6/13/2010 15:54, Joe Greco wrote:
>
>> If we want to be pedantic, Sony this year announced that it is shutting
>> down its production of floppy disks by next year.  Of course, the choice
>> of "floppy disk" is irrelevant, and I'm guessing you know it.  If your
>> devices are more comfortable with CD-ROM or USB MicroSD readers, then by
>> all means.
>
>I certainly hoped that that was the case, but not very long ago I read a
>current "Emergency Recovery Plan" that depended on 9-track 1600BPI round
>reel tapes in a shop that had not had a drive like that for ten years.
>
>
>> Long before NANOG, there was actually a time that some of us hauled
>> around things like USENET on magnetic media, because it was simply the
>> highest bandwidth yet cheapest method to haul large amounts of data
>> around the city, back when a Telebit Trailblazer was still vaguely able
>> to cope with a USENET feed - and for a little while thereafter.
>
>Wide Band Truck was a major component of plans long ago.
>
>And I wish I had a nickel for every round-real tape in Anvil case I
>escorted through airports.
>
>> If your network has been so thoroughly taken over that you cannot hope
>> to get a file from a computer that does have a floppy over to your DNS
>> server, you have Much Bigger Problems to begin with...
>
>And that is the issue I was trying to raise.
>
>> Our monitoring systems are definitely able to detect when connectivity 
>> goes away.  What happens if and when that happens is generally left up
>> to a human to decide.  The sorts of brokenness that one might potentially
>> discover if the government were to corrupt connectivity is much more
>> complex than simple on/off; I feel comfortable saying that the best plan
>> is to have diversity of resources and some in-depth knowledge, since that
>> also serves normal engineering needs well.
>
>I'll bet you think The Stimulus created jobs.
>
>-- 
>Somebody should have said:
>A democracy is two wolves and a lamb voting on what to have for dinner.
>
>Freedom under a constitutional republic is a well armed lamb contesting
>the vote.
>
>Requiescas in pace o email
>Ex turpi causa non oritur actio
>Eppure si rinfresca
>
>ICBM Targeting Information:  http://tinyurl.com/4sqczs
>http://tinyurl.com/7tp8ml
>
>   
>

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.



Re: On the control of the Internet.

2010-06-13 Thread Joe Greco
> On 6/13/2010 15:54, Joe Greco wrote:
> > If we want to be pedantic, Sony this year announced that it is shutting
> > down its production of floppy disks by next year.  Of course, the choice
> > of "floppy disk" is irrelevant, and I'm guessing you know it.  If your
> > devices are more comfortable with CD-ROM or USB MicroSD readers, then by
> > all means.
> 
> I certainly hoped that that was the case, but not very long ago I read a
> current "Emergency Recovery Plan" that depended on 9-track 1600BPI round
> reel tapes in a shop that had not had a drive like that for ten years.

That's why emergency planning needs to be an ongoing thing.

> > If your network has been so thoroughly taken over that you cannot hope
> > to get a file from a computer that does have a floppy over to your DNS
> > server, you have Much Bigger Problems to begin with...
> 
> And that is the issue I was trying to raise.

If they've got control of your network to the point where you cannot even
hook up a laptop and get access to the DNS server, I submit that they 
effectively own your network and it is no longer your problem, unless
maybe you have a love of being thrown in some dark room where no one will
find you for a few years.  If that's the issue you're trying to raise, I
do not think it's solvable in any meaningful way.  More generally, is 
your company going to refuse to comply?  Or are you planning to refuse to
comply with the directives of your employer?

> > Our monitoring systems are definitely able to detect when connectivity 
> > goes away.  What happens if and when that happens is generally left up
> > to a human to decide.  The sorts of brokenness that one might potentially
> > discover if the government were to corrupt connectivity is much more
> > complex than simple on/off; I feel comfortable saying that the best plan
> > is to have diversity of resources and some in-depth knowledge, since that
> > also serves normal engineering needs well.
> 
> I'll bet you think The Stimulus created jobs.

It sure did, there's a bunch of construction going on all over the place.
Of course, a much better measure would be "how many of the jobs created by
these projects will be there in a year" - or better yet, but much harder
to quantify, would be positions created that weren't directly funded by
The Stimulus.  That's the best target to discuss, since everyone can pull
statistics to prove whatever position they hold dear.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.



Re: On the control of the Internet.

2010-06-13 Thread Larry Sheldon
On 6/13/2010 15:54, Joe Greco wrote:

> If we want to be pedantic, Sony this year announced that it is shutting
> down its production of floppy disks by next year.  Of course, the choice
> of "floppy disk" is irrelevant, and I'm guessing you know it.  If your
> devices are more comfortable with CD-ROM or USB MicroSD readers, then by
> all means.

I certainly hoped that that was the case, but not very long ago I read a
current "Emergency Recovery Plan" that depended on 9-track 1600BPI round
reel tapes in a shop that had not had a drive like that for ten years.


> Long before NANOG, there was actually a time that some of us hauled
> around things like USENET on magnetic media, because it was simply the
> highest bandwidth yet cheapest method to haul large amounts of data
> around the city, back when a Telebit Trailblazer was still vaguely able
> to cope with a USENET feed - and for a little while thereafter.

Wide Band Truck was a major component of plans long ago.

And I wish I had a nickel for every round-real tape in Anvil case I
escorted through airports.

> If your network has been so thoroughly taken over that you cannot hope
> to get a file from a computer that does have a floppy over to your DNS
> server, you have Much Bigger Problems to begin with...

And that is the issue I was trying to raise.

> Our monitoring systems are definitely able to detect when connectivity 
> goes away.  What happens if and when that happens is generally left up
> to a human to decide.  The sorts of brokenness that one might potentially
> discover if the government were to corrupt connectivity is much more
> complex than simple on/off; I feel comfortable saying that the best plan
> is to have diversity of resources and some in-depth knowledge, since that
> also serves normal engineering needs well.

I'll bet you think The Stimulus created jobs.

-- 
Somebody should have said:
A democracy is two wolves and a lamb voting on what to have for dinner.

Freedom under a constitutional republic is a well armed lamb contesting
the vote.

Requiescas in pace o email
Ex turpi causa non oritur actio
Eppure si rinfresca

ICBM Targeting Information:  http://tinyurl.com/4sqczs
http://tinyurl.com/7tp8ml





Re: On the control of the Internet.

2010-06-13 Thread Joe Greco
> On 6/13/2010 14:59, Joe Greco wrote:
> 
> > Yes, but unreachability is basically only a problem for those who have
> > failed to design and plan for it.  You can engineer for unreachability.
> > You're a lot more screwed if we start talking about government mandates
> > and the contents of your zone.
> 
> I meant to ask in my original posting:
> 
> http://volokh.com/2010/06/13/32843/
> What happens when the US shuts down part of its part?
> Depends on what part it shut down, of course.
> But what are the available boundaries for the parts in question?
> 
> If we don't know what will be ordered shutdown and what the boundaries
> of the shutdown area will be are there engineering concerns that can not
> be foreseen and economically provided-for?

I think it's a great question, and of course there are all sorts of
concerns.  For many operators here, though, this may be a political
question more than an engineering question:  if the government has 
the power, and comes and tells your management to do X, are they going
to comply, or not?

It is probably more operationally relevant to be concerned with how to
cope with the more general problem of partitioning, because it's also
possible that one day Elbonia will decide to filter out the US, and we
may actually be able to engineer solutions that cope with that.  A
network that has planned ahead and is able to respond to such issues 
has more of a chance to be able to successfully cope with other
partitioning issues, regardless of whether they're government-imposed
or just a peering spat.

>From that point of view, I believe my initial answers to you make a 
great deal of sense.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.



Re: On the control of the Internet.

2010-06-13 Thread Joe Greco
> On 6/13/2010 14:59, Joe Greco wrote:
> 
>  How about the case where the master zone file has be amputated and the
>  secondaries can no longer get updates?
> 
> Mea culpa.
> 
> That was suppose to say "How about the case where the master zone file
> has beEN amputated and the secondaries can no longer get updates?
> 
> My apologies.

Do you actually mean that the master zone file has been modified by the
government?  If so, how is that intertwined with secondaries no longer
being able to get updates?

Work with me, here, I'm trying to understand what you're saying.

If the government has corrupted your master, and they actually want those
changes pushed out, one would expect that:

1) your master is not public to begin with (just good design, that, ..)
2) they would definitely not damage it in a manner that broke the
   ability of the secondaries to update, because presumably the reason
   they changed your zone was to push their data out to the 'net under
   your domain name, and that wouldn't work without the secondaries.
3) if they just wanted your domain to go away, there are easier ways to
   make that happen.

So from my point of view, your question still makes no sense, even as
corrected.  I may be missing your point.

Otherwise, if your question is "How about the case where the master zone
file SERVER has been rendered unreachable and the secondaries can no
longer get updates," I think I answered that already, between the public
and private e-mails we've exchanged.  The fundamental answer there is 
just to engineer it to avoid that being a serious problem; this includes
things like trying to maintain a static DNS environment (dynamic updates
of things == somewhat bad, particularly where such updates are required
for proper operation), setting your expire record accordingly, and/or
maintaining a contingency plan for updating your secondaries through an
out-of-band mechanism, such as floppy disk via FedEx, modem to private
dial-in, or pretty much any other way one uses to get bits from A to B.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.



Re: On the control of the Internet.

2010-06-13 Thread Joe Greco
> On 6/13/2010 14:59, Joe Greco wrote:
> > What happens?  The master zone simply doesn't get updated until someone
> > FedEx's a floppy.  You know, some of us made these sorts of contingency
> > plans long ago, back in days when the Internet actually wasn't all that
> > reliable, and it wasn't completely unthinkable to be off the air for at
> > least 24 hours.
> 
> Interesting plan.
> 
> I've got a Gateway computer down stairs that can write a 3.5 inch floppy
> and a Micron tower (running Windows 2000 the last time it was powered
> up) that can write 5 inch floppies.

If we want to be pedantic, Sony this year announced that it is shutting
down its production of floppy disks by next year.  Of course, the choice
of "floppy disk" is irrelevant, and I'm guessing you know it.  If your
devices are more comfortable with CD-ROM or USB MicroSD readers, then by
all means.

Long before NANOG, there was actually a time that some of us hauled
around things like USENET on magnetic media, because it was simply the
highest bandwidth yet cheapest method to haul large amounts of data
around the city, back when a Telebit Trailblazer was still vaguely able
to cope with a USENET feed - and for a little while thereafter.

> When I left active administration in 2003, out of 30 or so machines
> running BIND I can't recall one that has a floppy drive of any sort.

If your network has been so thoroughly taken over that you cannot hope
to get a file from a computer that does have a floppy over to your DNS
server, you have Much Bigger Problems to begin with...

> > It's not that rough, these days, to install some monitoring to make sure
> > that your zones are up to date on the secondaries and that they resolve
> > names correctly; some operators used to even get really super-freakazoid
> > and do zone transfers back to allow verification.  Here, we draw the line 
> > at checking the SOA's for consistency and checking one other beacon record
> > for resolvability.  That's clearly not a solution aimed at warning about
> > non-transferable zones; it raises some interesting questions.  Think maybe
> > I'll go asking on dnsops what, if anything, people do to monitor.
> 
> "monitor" implies connectivity.  The OP was about the possibility that
> the government would deny you connectivity.  Please try to stay n topic.

Our monitoring systems are definitely able to detect when connectivity 
goes away.  What happens if and when that happens is generally left up
to a human to decide.  The sorts of brokenness that one might potentially
discover if the government were to corrupt connectivity is much more
complex than simple on/off; I feel comfortable saying that the best plan
is to have diversity of resources and some in-depth knowledge, since that
also serves normal engineering needs well.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.



Re: On the control of the Internet.

2010-06-13 Thread Larry Sheldon
On 6/13/2010 14:59, Joe Greco wrote:

> Yes, but unreachability is basically only a problem for those who have
> failed to design and plan for it.  You can engineer for unreachability.
> You're a lot more screwed if we start talking about government mandates
> and the contents of your zone.

I meant to ask in my original posting:

http://volokh.com/2010/06/13/32843/
What happens when the US shuts down part of its part?
Depends on what part it shut down, of course.
But what are the available boundaries for the parts in question?

If we don't know what will be ordered shutdown and what the boundaries
of the shutdown area will be are there engineering concerns that can not
be foreseen and economically provided-for?
-- 
Somebody should have said:
A democracy is two wolves and a lamb voting on what to have for dinner.

Freedom under a constitutional republic is a well armed lamb contesting
the vote.

Requiescas in pace o email
Ex turpi causa non oritur actio
Eppure si rinfresca

ICBM Targeting Information:  http://tinyurl.com/4sqczs
http://tinyurl.com/7tp8ml





Re: On the control of the Internet.

2010-06-13 Thread Larry Sheldon
On 6/13/2010 14:59, Joe Greco wrote:

 How about the case where the master zone file has be amputated and the
 secondaries can no longer get updates?

Mea culpa.

That was suppose to say "How about the case where the master zone file
has beEN amputated and the secondaries can no longer get updates?

My apologies.

-- 
Somebody should have said:
A democracy is two wolves and a lamb voting on what to have for dinner.

Freedom under a constitutional republic is a well armed lamb contesting
the vote.

Requiescas in pace o email
Ex turpi causa non oritur actio
Eppure si rinfresca

ICBM Targeting Information:  http://tinyurl.com/4sqczs
http://tinyurl.com/7tp8ml





Re: On the control of the Internet.

2010-06-13 Thread Larry Sheldon
On 6/13/2010 14:59, Joe Greco wrote:

> What happens?  The master zone simply doesn't get updated until someone
> FedEx's a floppy.  You know, some of us made these sorts of contingency
> plans long ago, back in days when the Internet actually wasn't all that
> reliable, and it wasn't completely unthinkable to be off the air for at
> least 24 hours.

Interesting plan.

I've got a Gateway computer down stairs that can write a 3.5 inch floppy
and a Micron tower (running Windows 2000 the last time it was powered
up) that can write 5 inch floppies.

When I left active administration in 2003, out of 30 or so machines
running BIND I can't recall one that has a floppy drive of any sort.

> It's not that rough, these days, to install some monitoring to make sure
> that your zones are up to date on the secondaries and that they resolve
> names correctly; some operators used to even get really super-freakazoid
> and do zone transfers back to allow verification.  Here, we draw the line 
> at checking the SOA's for consistency and checking one other beacon record
> for resolvability.  That's clearly not a solution aimed at warning about
> non-transferable zones; it raises some interesting questions.  Think maybe
> I'll go asking on dnsops what, if anything, people do to monitor.

"monitor" implies connectivity.  The OP was about the possibility that
the government would deny you connectivity.  Please try to stay n topic.


-- 
Somebody should have said:
A democracy is two wolves and a lamb voting on what to have for dinner.

Freedom under a constitutional republic is a well armed lamb contesting
the vote.

Requiescas in pace o email
Ex turpi causa non oritur actio
Eppure si rinfresca

ICBM Targeting Information:  http://tinyurl.com/4sqczs
http://tinyurl.com/7tp8ml





Re: On the control of the Internet.

2010-06-13 Thread Larry Sheldon
As so often happens, I forgot to note what my client picked up for a
return address.  This is the first of several items that I meant to send
to the list.

My apologies to Mr Greco.

On 6/13/2010 14:17, Larry Sheldon wrote:
> On 6/13/2010 14:07, Joe Greco wrote:
>>> On 6/13/2010 08:47, valdis.kletni...@vt.edu wrote:
 On Sun, 13 Jun 2010 00:21:49 CDT, Larry Sheldon said:

> For example--what happens when name-service information for a part that
> is not shutdown comes from a part that is?

 It's always been a BCP good idea to have your DNS have secondaries in 
 another
 non-fate-sharing AS, even though everybody from Microsoft on down seems
 to feel the need to rediscover this.
>>>
>>> How about if the source database (not the relevant zone file, but the
>>> collection of data on some computer from which a zone file is created.
>>
>> How about [...] is /what/?  Unavailable?  The zone files are still in
>> place.  Not really a problem in the overall scheme of things; I realize
>> that some people have engineered things so that this will be a problem,
>> but that's a choice.
> 
> Yeah, it is a choice to keep the source data in a database (think DHCP
> system or something) WHERE IT MAKES OPERATIONAL SENSE TO SO.
> 
> What happens if that source data can no longer be transferred to the
> master zone file located on the DNS server placed somewhere else WHERE
> IT MAKES OPERATIONAL SENSE TO SO, and the network is severed between them?
> 
>>> How about the case where the master zone file has be amputated and the
>>> secondaries can no longer get updates?
>>
>> I'm not sure what "amputated" means here, but considering the case where
>> the master itself is amputated, and the secondaries can no longer update,
>> generally speaking, you log into the secondaries and twiddle their configs
>> to make them masters.  This requires some planning, preparedness, and
>> procedures, but is in no way a crisis, unless you've failed to do the
>> planning, have failed to prepare, and haven't followed your procedures.
> 
> Amputated = severed = cut off = disconnected = no longer able to
> communicate with not to be communicated with.
> 
> Did not see that that was going to be so hard to understand.
> 
> Should have known better, I guess.
> 
>> How that works in the case where a government mandates something specific
>> happens within your zone file is of course debatable, but possibly more
>> back towards the original topic.
> 
> 
> Uhactually that WAS the original topic.
> 


-- 
Somebody should have said:
A democracy is two wolves and a lamb voting on what to have for dinner.

Freedom under a constitutional republic is a well armed lamb contesting
the vote.

Requiescas in pace o email
Ex turpi causa non oritur actio
Eppure si rinfresca

ICBM Targeting Information:  http://tinyurl.com/4sqczs
http://tinyurl.com/7tp8ml





Re: On the control of the Internet.

2010-06-13 Thread Joe Greco
> On 6/13/2010 08:47, valdis.kletni...@vt.edu wrote:
> > On Sun, 13 Jun 2010 00:21:49 CDT, Larry Sheldon said:
> > 
> >> For example--what happens when name-service information for a part that
> >> is not shutdown comes from a part that is?
> > 
> > It's always been a BCP good idea to have your DNS have secondaries in 
> > another
> > non-fate-sharing AS, even though everybody from Microsoft on down seems
> > to feel the need to rediscover this.
> 
> How about if the source database (not the relevant zone file, but the
> collection of data on some computer from which a zone file is created.

How about [...] is /what/?  Unavailable?  The zone files are still in
place.  Not really a problem in the overall scheme of things; I realize
that some people have engineered things so that this will be a problem,
but that's a choice.

> How about the case where the master zone file has be amputated and the
> secondaries can no longer get updates?

I'm not sure what "amputated" means here, but considering the case where
the master itself is amputated, and the secondaries can no longer update,
generally speaking, you log into the secondaries and twiddle their configs
to make them masters.  This requires some planning, preparedness, and
procedures, but is in no way a crisis, unless you've failed to do the
planning, have failed to prepare, and haven't followed your procedures.

How that works in the case where a government mandates something specific
happens within your zone file is of course debatable, but possibly more
back towards the original topic.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.



Re: On the control of the Internet.

2010-06-13 Thread Seth Mattinen
On 6/13/10 9:35 AM, Larry Sheldon wrote:
> How about the case where the master zone file has be amputated and the
> secondaries can no longer get updates?


We just saw that with Haiti.

~Seth



Re: On the control of the Internet.

2010-06-13 Thread Larry Sheldon
On 6/13/2010 08:47, valdis.kletni...@vt.edu wrote:
> On Sun, 13 Jun 2010 00:21:49 CDT, Larry Sheldon said:
> 
>> For example--what happens when name-service information for a part that
>> is not shutdown comes from a part that is?
> 
> It's always been a BCP good idea to have your DNS have secondaries in another
> non-fate-sharing AS, even though everybody from Microsoft on down seems
> to feel the need to rediscover this.

How about if the source database (not the relevant zone file, but the
collection of data on some computer from which a zone file is created.

How about the case where the master zone file has be amputated and the
secondaries can no longer get updates?


-- 
Somebody should have said:
A democracy is two wolves and a lamb voting on what to have for dinner.

Freedom under a constitutional republic is a well armed lamb contesting
the vote.

Requiescas in pace o email
Ex turpi causa non oritur actio
Eppure si rinfresca

ICBM Targeting Information:  http://tinyurl.com/4sqczs
http://tinyurl.com/7tp8ml





Re: On the control of the Internet.

2010-06-13 Thread Larry Sheldon
On 6/13/2010 07:50, Owen DeLong wrote:
> Generally speaking, it will be treated as damage and routed around.


Nothing to see here.  Move along.  Nothing to worry about.  Have a nice day.
-- 
Somebody should have said:
A democracy is two wolves and a lamb voting on what to have for dinner.

Freedom under a constitutional republic is a well armed lamb contesting
the vote.

Requiescas in pace o email
Ex turpi causa non oritur actio
Eppure si rinfresca

ICBM Targeting Information:  http://tinyurl.com/4sqczs
http://tinyurl.com/7tp8ml





Re: On the control of the Internet.

2010-06-13 Thread Dave CROCKER



On 6/13/2010 3:47 PM, valdis.kletni...@vt.edu wrote:

It's always been a BCP good idea to have your DNS have secondaries in another
non-fate-sharing AS, even though everybody from Microsoft on down seems
to feel the need to rediscover this.



Postel used to advise having them on different tectonics plates (and sources of 
power, of course.)


Conflating the "liberal in what you accept" advise, it might be wise to accept 
tectonic as covering tectonic shifts in politics, as well as land masses.


d/
--

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net



Re: On the control of the Internet.

2010-06-13 Thread Valdis . Kletnieks
On Sun, 13 Jun 2010 00:21:49 CDT, Larry Sheldon said:

> For example--what happens when name-service information for a part that
> is not shutdown comes from a part that is?

It's always been a BCP good idea to have your DNS have secondaries in another
non-fate-sharing AS, even though everybody from Microsoft on down seems
to feel the need to rediscover this.


pgpglL5vgU5Yl.pgp
Description: PGP signature


Re: On the control of the Internet.

2010-06-13 Thread Joe Greco
> Generally speaking, it will be treated as damage and routed around.

That fable only really stands a chance when the damage is accidental; in
the case where such "damage" is being deliberately inflicted, particularly
by government, it gets more complicated.  A lot of the 'net is a little 
more centralized than it ought to be in order to allow the "routed around"
concept to work successfully.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.



Re: On the control of the Internet.

2010-06-13 Thread Daniel
Taking into account a submarine cable structure like this:

http://www.telegeography.com/product-info/map_cable/images/cable_map_2010_large.png

And that satellite connections have very high latency.

I think the idea of routing around will be, at least, a performance hell.

On Sun, Jun 13, 2010 at 09:50, Owen DeLong  wrote:

> Generally speaking, it will be treated as damage and routed around.
>
> Owen


Re: On the control of the Internet.

2010-06-13 Thread Owen DeLong
Generally speaking, it will be treated as damage and routed around.

Owen

On Jun 12, 2010, at 10:21 PM, Larry Sheldon wrote:

> http://volokh.com/2010/06/13/32843/
> 
> What happens when the US shuts down part of its part?
> 
> Depends on what part it shut down, of course.
> 
> But what are the available boundaries for the parts in question?
> 
> Will that have to change?
> 
> For example--what happens when name-service information for a part that
> is not shutdown comes from a part that is?
> 
> What if an exchange point for parts that are not shutdown is shutdown.
> 
> And spare me the tinfoil hat stuff--tinfoil hats have not worked for a
> year or more.
> -- 
> Somebody should have said:
> A democracy is two wolves and a lamb voting on what to have for dinner.
> 
> Freedom under a constitutional republic is a well armed lamb contesting
> the vote.
> 
> Requiescas in pace o email
> Ex turpi causa non oritur actio
> Eppure si rinfresca
> 
> ICBM Targeting Information:  http://tinyurl.com/4sqczs
> http://tinyurl.com/7tp8ml
> 
>   




On the control of the Internet.

2010-06-12 Thread Larry Sheldon
http://volokh.com/2010/06/13/32843/

What happens when the US shuts down part of its part?

Depends on what part it shut down, of course.

But what are the available boundaries for the parts in question?

Will that have to change?

For example--what happens when name-service information for a part that
is not shutdown comes from a part that is?

What if an exchange point for parts that are not shutdown is shutdown.

And spare me the tinfoil hat stuff--tinfoil hats have not worked for a
year or more.
-- 
Somebody should have said:
A democracy is two wolves and a lamb voting on what to have for dinner.

Freedom under a constitutional republic is a well armed lamb contesting
the vote.

Requiescas in pace o email
Ex turpi causa non oritur actio
Eppure si rinfresca

ICBM Targeting Information:  http://tinyurl.com/4sqczs
http://tinyurl.com/7tp8ml