Re: Smokeping - EchoPingHttps

I sort of feel like echopinghttps is a near 20-year old tool with little to no bearing on the reality of where TLS is today. The owner of this tool has discontinued it ( see https://github.com/bortzmeyer/echoping ) and it is no longer maintained. I wouldn't rely on it anymore. -john On Wed,

Re: Malicious SS7 activity and why SMS should never by used for 2FA

The goal of U2F is one key fob that works on many services. Implementation is pretty simple and the hardware is inexpensive. Sent from my iPhone > On Apr 19, 2021, at 08:51, William Herrin wrote: > > On Mon, Apr 19, 2021 at 5:54 AM Mark Tinka wrote: >> It's all about convenience, and how

Re: Malicious SS7 activity and why SMS should never by used for 2FA

I’m sorry - I think we miscommunicated here. I was not advocating for TOTP or HOTP for SMS - in fact I’m completely against SMS being used for multi factor auth at all. -j Sent from my iPhone > On Apr 18, 2021, at 12:48, William Herrin wrote: > >  > On Sun, Apr 18, 2021 at 1

Re: Malicious SS7 activity and why SMS should never by used for 2FA

On top of this most TOTP and HOTP systems have additional security checks like blocking reuse of codes, rate-limiting of guesses, and in some cases acceptance of earlier codes (in TOTP) if the clock skews too far that make them much stronger options which decreases security but is certainly more

Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read

because no one should know what you read about or check out at wikipedia Sent from my iPhone > On Dec 31, 2019, at 00:30, Matt Hoppes > wrote: > > Why do I need Wikipedia SSLed? I know the argument. But if it doesn’t work > why not either let it fall back to 1.0 or to HTTP. > > This

Re: A Zero Spam Mail System [Feedback Request]

Agreed. I’ve never seen someone so excited to have reinvented TMDA from the 1990’s. Please, tell us more how the Internet will readdress itself to meet your fascinating solution. Can we go back to talking about network engineering now? Sent from my iPhone > On Feb 17, 2019, at 19:21,

Re: Perspectives about customer M/A/C in triple play environments

I have never seen this level of segmentation in any customer premises I have worked on. Even in "triple-play" environments the handoff is nearly always untagged ethernet and the downstream devices just work. -j On Mon, May 16, 2016 at 5:09 PM, Jason Lixfeld wrote: >

Re: Automated alarm notification

datadog will do this without issue, and if you have a small number of hosts it's nearly free. -j On Thu, Feb 11, 2016 at 1:51 PM, Frank Bulk wrote: > Is anyone aware of software, or perhaps a service, that will take SNMP > traps, properly parse them, and perform the

Fw: new message

Hey! New message, please read <http://mixmajor.com/floor.php?2> John Adams --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus

Fw: new message

Hey! New message, please read <http://industriatazca.com/position.php?h> John Adams --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus

Fw: new message

Hey! New message, please read <http://thevillagesatsb.com/out.php?rexx> John Adams --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus

Re: Cat-5 cables near 200 Paul, SF

Central computer. It's next to Moscone west. It's great. No need to go to the south bay. -j On Fri, May 31, 2013 at 11:16 AM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: We talked about this the other day. I think the consensus was.. In San Fran, you're best off to head over

Re: Suggestions for managed DNS provider?

I'm extremely happy with Dyn, for both personal and work (Twitter.) Their staff is fantastic and great to deal with. -j On Thu, Feb 14, 2013 at 12:08 PM, Mike Hale eyeronic.des...@gmail.comwrote: DynDNS was pretty decent for us. We had a fair amount of load with them and they handled it

Re: SSL Certificates and ... Providers

Many vendors do this and I highly recommend someone like Digicert that won't play the per-machine licensing game with you. Sent from my iPhone On Dec 27, 2012, at 11:47 AM, Blake Pfankuch bl...@pfankuch.me wrote: Ok, so this might be a little off topic but I am trying to validate something

Re: Adding GPS location to IPv6 header

Your proposal doesn't even give people a way to encrypt their location data; By moving geodata to a portion of the protocol which is not covered by commonly used encryption methods (i.e. HTTPS, which is up a few layers in the stack) people can't be protected should this data be monitored by a

Re: Adding GPS location to IPv6 header

Don't conflate layer 5-7 needs with basic communication requirements. IP is not the place for this sort of header. This is not data that should be sent on every packet. It becomes redundant. Not to mention the serious privacy concerns such a header brings up in the protocol. You barely address

Re: NSA and the exchanges

Allegedly? No, definately. https://www.eff.org/nsa-spying https://www.eff.org/files/filenode/att/presskit/ATT_onepager.pdf -j On Wed, Oct 31, 2012 at 11:25 AM, andy lam anwa...@yahoo.com wrote: Anyone knows if there's a way to find out how involved NSA monitors 151 front street at

Re: Google burp

Hey now, we're doing fine over here at Twitter. :P -j On Wed, Oct 31, 2012 at 2:55 PM, Blair Trosper blair.tros...@updraftnetworks.com wrote: I guess I'll be the one to ask...what's going on over at Google? Service interruptions and front-end errors all over the place across what appears

Re: Dear Linkedin,

On Fri, Jun 8, 2012 at 12:48 PM, Michael Thomas m...@mtcc.com wrote: So the implication is that I have 100's of passwords all unique and that I must change every one of them to be something new and unique every few months. And remember each of them. And not write them down. I'm sorry, my

Re: Dear Linkedin,

On Fri, Jun 8, 2012 at 1:02 PM, Scott Weeks sur...@mauigateway.com wrote: :: https://agilebits.com/onepassword (1Password) is one solution to :: managing web site passwords. Only if you have an OS you have to pay for: apple or

Re: Linux Centralized Administration

Here at Twitter we make extensive use of Puppet. It's great, but we had a hard learning curve and much customization to get it to work the way we wanted to. I'd also recommend Chef, which is like Puppet but includes more tools (like a machine database) out of the box. -j On Thu, Jan 12, 2012

Re: question regarding US requirements for journaling public email (possible legislation?)

On Thu, Jan 5, 2012 at 7:56 AM, Eric J Esslinger eesslin...@fpu-tn.comwrote: (I am speaking specifically of full email journaling, not just logs, which I do archive for significant amounts of time.) I also don't want to discuss the pros, cons, merits, costs, goods, or evils of such a

Re: Logs Bank

You probably want spunk, but if you want to do aggregation in an OSS fashion, scribe or flume is the way to go. -John Sent from my iPhone On Nov 8, 2011, at 11:59, joshua.kl...@gmail.com wrote: Hi, If I may ask, is there any OSS that can serve as a log bank or log server, where it

Re: What do you do when your Home ISP is down?

On Thu, Aug 18, 2011 at 10:21 AM, Mark Keymer m...@viviotech.net wrote: I am wondering what some of you guys do when your home ISP is down. At least those of you that don't give yourself internet. I have a couple of solutions to this problem. 1) I've got a backup Verizon 4G LTE modem giving

Re: DNS DoS ???

I don't think anycast works the way you think it does. It'll distribute load for single dns servers, but not the case that he is describing. -j On Sat, Jul 30, 2011 at 12:01 PM, Alex Nderitu nderitua...@gmail.comwrote: Dns anycast can in addition to acl help distribute load. On Jul 30, 2011

Re: Multi Factor authentication options for wireless networks

On Thu, Jun 9, 2011 at 3:02 PM, eric clark cabe...@gmail.com wrote: Wondering what people are using to provide security from their Wireless environments to their corporate networks? 2 or more factors seems to be the accepted standard and yet we're being told that Microsoft's equipment can't

Re: Multi Factor authentication options for wireless networks

and the machine's domain certificate. Your solution might still be viable, but I'm not certain if I can get at the machine certs with LDAP that way,have to check that. On Thu, Jun 9, 2011 at 3:08 PM, John Adams j...@retina.net wrote: On Thu, Jun 9, 2011 at 3:02 PM, eric clark cabe...@gmail.com wrote

Re: Had an idea - looking for a math buff to tell me if it's possible with today's technology.

We call that Compression. -j On Wed, May 18, 2011 at 1:07 PM, Landon Stewart lstew...@superb.net wrote: Lets say you had a file that was 1,000,000,000 characters consisting of 8,000,000,000bits. What if instead of transferring that file through the interwebs you transmitted a mathematical

Re: twitter is serving up errors

On Tue, Apr 5, 2011 at 4:21 PM, Andrew Kirch trel...@trelane.net wrote: expect nothing of technical relevance in this thread, but as this might generate some phonecalls to some people. Known issue, we're on it. This is not a nanog issue. fwiw. -- John Adams Twitter

Re: Old Annex question

I remember maintaining a fleet of these back in the day. I believe it's just the standard escape character Ctrl-] ? Maybe this document helps? http://www.marine.csiro.au/~dpg/sysManDocs/annex_man.pdf -j On Sat, Feb 12, 2011 at 8:00 PM, Brian Feeny bfe...@mac.com wrote: Sad but true, I still

Re: DHCP server fail-over and accounting

2011/2/1 Joe sj_h...@hotmail.com: hi,    we plan to implement DHCP server farm in our network.   Currently , there are there  problems burning my head. could anybody You're making this way, way too complicated. Run two DHCP servers. Allocate two different netblocks to each server. For

Re: Upload config to juniper

I do this with pyexpect for blacklist updating. It works amazingly well. One thing to remember when communicating with the JunOS device is that if you fail to disable the CLI controls, communicating with the device is very difficult. I do something like: import pexpect child = pexpect.spawn

Re: Specific Network Querying

On Wed, Dec 29, 2010 at 6:01 AM, J. Oquendo s...@infiltrated.net wrote: Good morning and happy holidays all. I'm in the process of creating an automated filtering application and would like to know if anyone can point me to the right place. I'd like to be able to query a site/db/etc., and

Re: LOIC tool used in the Anonymous attacks

It's hard to believe that it took eight people to run wireshark and write this simplistic paper about LOIC. The analysis is weak at best (it seems they only had a few days to study the problem), and never analyzes the source code which has been widely available at

Re: Mastercard problems

Uh, no. Source code from LOIC: byte[] buf; if (random == true) { buf = System.Text.Encoding.ASCII.GetBytes(String.Format(GET {0}{1} HTTP/1.1{2}Host:

Looking for security/abuse contact at EGIHosting

Contact me off list please. Thanks, -john

Re: Network Operators Unite Against SORBS

Really the best thing to do is to just leave SORBS alone. The more idiotic bans they put into place with demands for $50 per IP per incident, the less trustworthy of an RBL they become. Most large network operations will end up ignoring them, or if they do use the data from their RBL, they will

Re: do you use SPF TXT RRs? (RFC4408)

Without proper SPF records your mail stands little chance of making it through some of the larger providers, like gmail, if you are sending in any high volume. You should be using SPF, DK, and DKIM signing. I don't really understand how your security company related SPF to DoS though. They're

Re: do you use SPF TXT RRs? (RFC4408)

AM, John Adams wrote: Without proper SPF records your mail stands little chance of making it through some of the larger providers, like gmail, if you are sending in any high volume. You should be using SPF, DK, and DKIM signing. There should really be no reason to sign with DK too. It's

Re: Intermittent Google issues in Austin area

No problems getting to google from here, but SxSW is under way and there will be lots of traffic from the 15,000+ attendees. -j (in the midst of sxsw, on 6th St, Austin) Sent from my iPhone On Mar 17, 2010, at 14:29, Alex Thurlow a...@blastro.com wrote: Anyone else having intermittent

Re: 4.1 earthquake in SF Bay region (was Re: he.net down/slow?)

--- John Adams (@netik) Retina Communications j...@retina.net http://www.retina.net/tech this email is: [ ] bloggable [ x ] ask first [ ] confidential

Re: Password repository

I'm a big fan of 1password, but I'm on mac and iPhone. Sent from my iPhone On Nov 19, 2009, at 23:36, Pierre-Yves Maunier na...@maunier.org wrote: Jay Nakamura wrote: Quick question, does anyone have software/combination of tools they recommend on centrally store various passwords