RE: Thank you, Comcast.

ISP's should block nothing, to or from the customer, unless they make it clear *before* selling the service (and include it in the Terms and Conditions of Service Contract), that they are not selling an Internet connection but are selling a partially functional Internet connection (or a

RE: Broadband Router Comparisons

On Sunday, 27 December, 2015 17:58, Larry Sheldon said: > On 12/26/2015 23:49, Mike wrote: > > [snip] > > > Firstly, they are all junk. Every last one of them. Period. Broadband > > routers are designed to be cheap and to appeal to people who don't know > > any better, and

RE: Broadband Router Comparisons

On Sunday, 27 December, 2015 19:46, James Downs said: > > On Dec 27, 2015, at 09:43, Hugo Slabbert wrote: > > Hence: https://on.google.com/hub/ > The device looks cool, and sounds cool, but what data does google end up > with, and what remote management can

RE: Broadband Router Comparisons

> to take you seriously. Also who here can honestly say you never pretended > to power cycle your Windows 95 when asked by the support bot on the phone, > while actually running Linux, because that is the only way to get passed > on to second tier support? I can honestly say that I have told

RE: Nat

You can lead a horse to water, but you cannot make it drink. If people choose to be the authors of their own misfortunes, that is their choice. I know a good many folks who are not members of NANOG yet have multiple separate L2 and L3 networks to keep the "crap" isolated. > -Original

RE: Nat

> I agree that a /48 or /56 being reserved for business > customers/sites is reasonable. But for residential use, I'm having a hard > time believing multi-subnet home networks are even remotely common outside > of networking folk such as the NANOG members. A lot of recent IPv4 > devices >

RE: Binge On! - And So This is Net Neutrality?

Obviously this is designed so that the carrier knows what traffic to "disregard" in their feed to the NSA ... That is the sole purpose of it. > -Original Message- > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Owen DeLong > Sent: Friday, 20 November, 2015 14:50 > To: Steve

RE: Binge On! - And So This is Net Neutrality?

Why uncomfortable? How do you know this is not how the company executive that came up with the idea did so? (So that he or she could watch unlimited bestiality videos). > -Original Message- > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of nanog- > i...@mail.com > Sent:

RE: Why is NANOG not being blacklisted like any other provider that sent 500 spam messages in 3 days?

> Myth: blah blah blah social media is a bad way to get ahold of > netops/abuse. > Fact: Social media is an acceptable way to report abuse. My marketing > department certainly knows how to get ahold of me when such an issue > occurs. It's 2015, and if you and everyone you know isn't watching

RE: Microsoft blocking mail

> On Thursday, 17 September, 2015 11:22, valdis.kletni...@vt.edu said: > On Thu, 17 Sep 2015 13:14:21 -0400, Josh Luthman said: > > Well it's not a form and it redirects you to the support home page... > > https://support.microsoft.com/en-us > You didn't have NoScript or similar in effect at

RE: Extraneous "legal" babble--and my reaction to it.

> "Email Disclaimers: Legal Effect in American Courts" > - http://www.rhlaw.com/blog/legal-effect-of-boilerplate-email-disclaimers/ Dark grey text on a black background is unreadable. Plonk goes the website.

RE: Windows 10 Release

[mailto:n...@foobar.org] Sent: Saturday, 1 August, 2015 06:05 To: Keith Medcalf; nanog@nanog.org Subject: Re: Windows 10 Release On 01/08/2015 03:27, Keith Medcalf wrote: It just means that you cannot use the crappy apps or the crappy app store. which is fine until Microsoft ties in future

RE: Windows 10 Release

It takes no effort at all. You just do the same thing as has been done with every previous version of windows: When it asks for a LOCAL account and password, give it one. When it asks if you want to do a Microsoft Account, say no thank-you. Mind you, it does ask you about 8 times if you

RE: Windows 10 Release

Good to know. I was one of those insiders, And it's running on my laptop currently. It got the 10240 build a bit ago. Which removed the insider preview water marks, And appears to be the full release version.. So it would appear the insiders already have it. Or the ability to get it. But

RE: Remember Internet-In-A-Box?

Internet in a box. Wasn't that the Japanese thing with the Woody Woodpecker logo and the (translated) English text: Touch Woody, the Internet pecker? Didn't go over to well in English speaking parts as I recall ...

RE: [outages] CenturyLink fiber cut between Modesto, CA and San Jose, CA this AM.. Start time 4:26AM PST

Have they asked No-Such-Agency? No-Such-Agency typically taps communication lines by back-hoe accident of some sort on the path they are interested in tapping. That way they can install a tap over yonder while the victim telecom is attempting to repair the original damage. I guess this time

RE: [SECURITY] Application layer attacks/DDoS attacks

Without a concomitant increase in trustworthy, assigning greater levels of trust is fools endeavour. Whatever this trusted network initiative is, I take that it was designed by fools or government (the two are usually indistinguishable) for the purpose of creating utterly untrustworthy

RE: [probably spam, from NANOG nanog-boun...@nanog.org]

On Saturday, 9 May, 2015, at 10:59 John Levine jo...@iecc.com said: No test/plain? Delete without further ado. Sadly, it is no longer 1998. No kidding. Web-Page e-mail. Lots of proprietary executable-embedded-in-data file formats used for e-mail, and worst, gratuitous JavaScript

RE:

Ah. Security hole as designed. inline dispositions should be ignored unless the recipient specifically requests to see them after viewing the text/plain part. In fact, I would vote for ignoring *everything* except the text/plain part unless the recipient specifically requests it after

RE: Network Segmentation Approaches

It is called the Purdue Enterprise Reference Architecture ... -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of nan...@roadrunner.com Sent: Monday, 4 May, 2015 20:56 To: nanog@nanog.org Subject: Network Segmentation Approaches Possibly a bit off-topic,

RE: Cisco Routers Vulnerability

It's reported by different customers in different locations so I don't think it's password compromised Have you checked? If the routers had vty access open (ssh or telnet) and the passwords were easy to guess, then it's more likely that this was a password compromise. You can test this out by

RE: Searching for a quote

Robustness is desirable from a security perspective. Failure to be liberal in what you accept and not being prepared to deal with malformed input leads to such wonders as the Microsoft bug that led to unexpected/malformed IP datagrams mishandled as execute payload with system authority.

RE: Verizon Policy Statement on Net Neutrality

You are forgetting that the Internet and ISPs where originally common carriers and the FCC at the behest of the government decided to de-regulate so that they could raid, arrest, charge, fine and torture ISPs if their customers visited websites the governement did not like, sent email the

RE: Verizon Policy Statement on Net Neutrality

Except for the fact that the FCC decided that they wanted to give up Title II regulation of the internet because they were paid to do so by the telephants, they would have alwAYS had this power. The people who were bribed are simply dead and the current crop of officials (they are not

RE: Intrusion Detection recommendations

German Shepherd Dogs are wonderful intrusion detection devices. In a lot of cases they also server as excellent intrusion prevention devices as well. (Must be Friday night) :-) --- Theory is when you know everything but nothing works. Practice is when everything works but no one knows why.

RE: scaling linux-based router hardware recommendations

How is that a problem? --- Theory is when you know everything but nothing works. Practice is when everything works but no one knows why. Sometimes theory and practice are combined: nothing works and no one knows why. -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org]

RE: North Korean internet goes dark (yes, they had one)

What would be the point in blocking them? They don't even have electricity in the country, what would I worry about coming out of their IP block that wouldn't be more interesting than dangerous. Pretty obvious if it was really them behind the Sony hack, it was outsourced. For the few elite

RE: update

On Saturday, 27 September, 2014 23:29, Kenneth Finnegan kennethfinnegan2...@gmail.com said: My original proposition still holds perfectly: (1) The vulnerability profile of a system is fixed at system commissioning. (2) Vulnerabilities do not get created nor destroyed except through

RE: update

On Sunday, 28 September, 2014 00:39, William Herrin said: On Fri, Sep 26, 2014 at 11:11 PM, Keith Medcalf kmedc...@dessus.com wrote: On Friday, 26 September, 2014 08:37,Jim Gettys j...@freedesktop.org said: http://cyber.law.harvard.edu/events/luncheon/2014/06/gettys Familiarity Breeds Contempt

RE: update

On Sunday, 28 September, 2014 06:39, Jimmy Hess mysi...@gmail.com said: On Sat, Sep 27, 2014 at 11:57 PM, Keith Medcalf kmedc...@dessus.com wrote: This is another case where a change was made. If the change had not been made (implement the new kernel) then the vulnerability would not have been

RE: update

On Sunday, 28 September, 2014 14:47, valdis.kletni...@vt.edu said: On Sun, 28 Sep 2014 02:39:15 -0400, William Herrin said: The vulnerabilities were there the whole time, but the progression of discovery and dissemination of knowledge about those vulnerabilities makes the systems more

RE: update

Unfortunately, that page contains near the top the ludicrous and impossible assertion: Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities, by Clark, Fry, Blaze and Smith makes clear that ignoring these devices is foolhardy; unmaintained

RE: update

On Saturday, 27 September, 2014 20:49, Jimmy Hess said: On Sat, Sep 27, 2014 at 8:10 PM, Jay Ashworth j...@baylink.com wrote: I haven't an example case, but it is theoretically possible. Qmail-smtpd has a buffer overflow vulnerability related to integer overflow which can only be reached when

RE: update

This is another case where a change was made. If the change had not been made (implement the new kernel) then the vulnerability would not have been introduced. The more examples people think they find, the more it proves my proposition. Vulnerabilities can only be introduced or removed

RE: update

On Friday, 26 September, 2014 08:37,Jim Gettys j...@freedesktop.org said: For those of you who want to understand more about the situation we're all in, go look at my talk at the Berkman Center, and read the articles linked from there by Bruce Schneier and Dan Geer.

RE: Saying goodnight to my GSR

And what, exactly, is it vulnerable to? -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Daniel Sterling Sent: Saturday, 20 September, 2014 12:06 To: Bacon Zombie Cc: nanog@nanog.org Subject: Re: Saying goodnight to my GSR Again, you're focusing resentment

RE: Saying goodnight to my GSR

September, 2014 14:57 To: Keith Medcalf Cc: Daniel Sterling; Bacon Zombie; nanog@nanog.org Subject: Re: Saying goodnight to my GSR And what, exactly, is it vulnerable to? Most of these, I'd imagine: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/release/ntes/120SCAVS.html On 20 September 2014 14:25

RE: Scotland ccTLD?

sc is Seychelles. Available s* include sf, sp, sq, su and sw. They should pick .sf, use .scot for in-country domains and sell all .sf domains to San Francisco residents. Or Science Fiction productions. Lots more money there.

RE: Book / Literature Recommendations

On Tuesday, 16 September, 2014, 19:28, Roland Dobbins rdobb...@arbor.net said: On Sep 17, 2014, at 8:06 AM, Larry Sheldon larryshel...@cox.net wrote: I think of this paperless idiocy every time I write 20 reams of rinter paper on the grocery list. While it should be mandatory that things like

RE: FCC Help Wanted

Of couse such applications will be accepted. However, applicants are warned that failure to include a donation will require alternate verification of the requisite lack of morals and ethics. Will applications without a cancelled check for at least 100k in donations be considered? On Mon, Sep

RE: Net Neutrality...

An LED screen doesn't refresh the way a CRT does, right? The light doesn't flash and fade, it stays constant until the next change. So why would a 30 hz refresh rate make any difference at all for tasks which update the screen less often than 30 times a second? Mike did say he used it for doing

RE: short, two part question ICANN Vs. The World

The question at hand is.. Do countries/businesses have to affiliate or utilize any of those services provided by ICANN other than the assignment of an IP address?   No. And can you get away with LAN/CAN/MAN stand-alone systems [instead of utilizing DNS-via-ICANN]?? Yes. Example: Is it legal

RE: Level 3 blames Internet slowdowns on ISPs’ refusal to upgrade networks | Ars Technica

I don't see this as a technical problem, but one of business and ethics. ISP X advertises/sells customers up to 8Mbps (as an example), but when it comes to delivering that product, they've only guaranteed 512Kbps (if any) because the ISP hasn't put in the infrastructure to support 8Mbps per

RE: NSA able to compromise Cisco, Juniper, Huawei switches

We're all getting far too conditioned for the click OK to proceed overload, and the sources aren't helping. If one embarks with deliberation upon a course of action which may entertain certain results then the intent to cause the result so obtained is, by implication, proved.

RE: Sudan disconnected from the Internet

Of course it is entirely possible that it was the rioters simply because they wanted people to notice. And I guess it worked. -Original Message- From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com] Sent: Wednesday, 25 September, 2013 18:43 To: Tammy Firefly Cc:

RE: iOS 7 update traffic

Why do you sell services to customers using iThings if you are incapable of supporting them? Are you sure that it is not you yourself who have used to much bait and switch selling a service you are unable to provide? What actions do you take to discourage iThings on your network?

RE: Yahoo is now recycling handles

There's still the much more minor point that when I tried to self serve I ended up at a blank page on the Yahoo! web site, hopefully they will figure that out as well. I'm continually amazed at the number of web designers that don't test their pages with NoScript enabled. Just sayin'.

RE: Yahoo is now recycling handles

The appropriate party to inform would be the FBI ... The word fraud comes to mind, and millions of 50 centses puts company officers in prison for a long long long time. -Original Message- From: Kee Hinckley [mailto:naz...@marrowbones.com] Sent: Thursday, 5 September, 2013 11:28 To:

RE: MTR for Android?

Look for TRACEROUTE by SRCGUARDIAN in the Play Store. It needs network access only... Doesn't do TCP but does ICMP and UDP traceroutes and displays ASN as well ...

RE: The US government has betrayed the Internet. We need to take it back

Sure it does. You have confidentiality between the parties who are speaking together against third-parties merely passively intercepting the communication. Authentication and Confidentiality are two completely separate things and can (and are) implemented separately. The only Authentication

RE: Office 365..? how Microsoft handed the NSA access to encrypted messages

Maybe people will now start turning on their encryption functions on any device capable of doing it :) Those that care did that many moons ago. The rest don't care. Of course, if you do not have control of the endpoints doing the encryption (ie, the untrustworthy sucker is in the middle

Re: huawei (ZTE too)

There is more than just y'all's in North America  .  --- Sent from Samsung Mobile  Original message From: Jeroen Massar jer...@massar.ch Date: To: david peahi davidpe...@gmail.com Cc: NANOG list nanog@nanog.org Subject: Re: huawei (ZTE too)

RE: PRISM: NSA/FBI Internet data mining project

Of course the access isn't direct -- there is a firewall and a router in between. The access is indirect. --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org -Original Message- From: Jason L. Sparks [mailto:jlspa...@gmail.com] Sent: Sunday, 09 June, 2013 04:24

RE: PRISM: NSA/FBI Internet data mining project

Yahoo does not provide the government with direct access to its servers, systems, or network. Ah, so you admit that you provide indirect access by interposing a firewall and router between your datacenter network and the transport link to the NSA. That is just normal sound security practice

RE: Could not send email to office 365

http://email-guru.com/ ? --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org -Original Message- From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com] Sent: Wednesday, 01 May, 2013 10:12 To: JoeSox; nanog@nanog.org Subject: Re: Could not send

RE: ICMP Redirect on Resolvers

icmp redirect from 192.168.140.36: 192.168.179.80 = 192.168.140.254 The host attempted to send a packet to 192.168.179.80 via 192.168.140.36. 192.168.140.36 forwarded the packet to 192.168.140.254 according to its routing table, but is advising you (and the kernel has added to the routing

RE: Open Resolver Problems

And only the telco approved web sites are accessible, and the only protocol supported is the telco approved http and then only to port 80 ... --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org -Original Message- From: Niels Bakker

RE: Question on Ipv6 address

The default mtu of 576 is because, well, 2400 baud signaling is pretty darn slow and interactive performance (or any kind of multileaving of more than a single connection packet stream) is, what do we call it, laggy. Sort of like trying to telnet while doing a bulk transfer if you have

RE: looking for terminology recommendations concerning non-rooted FQDNs

We can call them rooted domain names and pwned domain names... --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org -Original Message- From: Andrew Sullivan [mailto:asulli...@dyn.com] Sent: Saturday, 23 February, 2013 15:15 To: nanog@nanog.org Subject: Re:

Test: Please Delete Me

If this gets delivered please delete me. Somehow I seem to have MX requests for nanog.org failing ... --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org

RE: Intermittent incorrect DNS resolution?

Just an FYI... Every version of Windows since Windows 2000 (sans Windows Me) has had the DNS Client service which maintained this caching function. This was by design due to the massive dependency on DNS resolution which Active Directory has had since its creation. It greatly reduced the

RE: ripe/ncc likes cookies

Don't most browsers accept all cookies by default without asking the user? no idea, but i think most browsers today block at least third party cookies by default. Most browsers accept any and all cookies by default. Many browsers can be configured into three states (1) accept anything

Re: Gmail and SSL

No more difficult at all.  A MITM is a MITM.  The atack is the same and intteger-store-bought certificates make the process  neither more nor less complicated. Sent from Samsung Mobile Original message From: William Herrin b...@herrin.us Date: To: George Herbert

Re: Gmail and SSL

Perhaps Googles other harvesters and the government agents they sell or give user credentials to, don't work against privately (not under the goverment thumb) encryption keys without the surveillance state expending significantly more resources. Perhaps the cheapest way to solve this is to

Re: Gmail and SSL

Non prime number store certificates are acceptd for SMTP (25) both to and from google. Perhaps this is CYA to prevent compromised gmail accounts from giving credentials from hijacked accounts to unknown servers. I have no idea how credentials for gmails pop pickup work but perhaps having

Re: Gmail and SSL

Your assertion that using bought certificates provides any security benefit whatsoever assumes facts not in evidence. Given recent failures in this space I would posit that the requirement to use certificates purchased from entities under the thumb of government control, clearly motivated only

Re: Gmail and SSL

While i will agree that the client being able to validate the certificate directly is the best place to be, I do not see any advantage of requiring purchased certificates over self-signed certificates.  IMO it provides no realistic security benefit at all. Then again I don't award points for 

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

Concomittant wirh reduced risk assessment capability? Sent from Samsung Mobile Original message From: Randy Bush ra...@psg.com Date: To: Lynda shr...@deaddrop.org Cc: North American Network Operators' Group nanog@nanog.org Subject: Re: Advisory — D-root is changing its

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

If your grandmother were running her own recursive DNS resolver, I expect she would have no difficulty understanding the message. It is the young-uns that have difficulty comprehending (and using) the English language. Sent from Samsung Mobile Original message From:

RE: Looking for recommendation on 10G Ethernet switch

On Fri, Nov 2, 2012 at 2:38 PM, Kevin L. Karch kevinka...@vackinc.com wrote: Andrew We offer several solutions that meet your initial requirements. Can you tell me if this is a multi rack deployment and a few more details? If you would like we could have a call with one of our

RE: NSA and the exchanges

And don't forget about the NSA's Operation Backhoe. What more convenient way of installing a tap than cutting the fibre, then installing a passive tap while repairs are in progress ... --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org -Original Message-

RE: NSA and the exchanges

That would be the CSE, not CSIS ... --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org -Original Message- From: Erik Soosalu [mailto:erik.soos...@calyxinc.com] Sent: Wednesday, 31 October, 2012 12:53 To: jim deleskie; andy lam Cc: nanog@nanog.org Subject:

RE: Please, talk me down.

As an aside, you may want to fix your DNS, as some mail receivers don't like this: $ dig -x 72.249.91.101 +short static.serversandhosting.com. $ dig a static.serversandhosting.com +short 72.249.3.27 What is really meant to be said is that MTA's which require RFC compliance won't talk to

RE: guys != gender neutral

Ugly bags of mostly water? --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org -Original Message- From: Otis L. Surratt, Jr. [mailto:o...@ocosa.com] Sent: Friday, 28 September, 2012 05:33 To: nanog@nanog.org Subject: RE: guys != gender neutral Maybe the OP

RE: next hop packet loss

Works fine in Firefox for me, and always has (within the limits of the shoddily designed website that is). Nonetheless, I'd never buy anything from them since they are an anti-security organization. Their Web site uses so much gratuitous javascript crap and hard-coded assumptions about

Re: using reserved IPv6 space

Ifconfig does not work on Windows. Are you saying that there are other operating systems brain-dead enough to just run any old arbitrary code from untrusted media? Sent from my Android phone using TouchDown (www.nitrodesk.com) -Original Message- From: [valdis.kletni...@vt.edu]

RE: job screening question

What's the problem with using 255.255.255.247 as a subnet mask if you want to make a LAN subnet with 12 hosts? (5 word answer) Unemployment Office Is That Way - Is the only 5 word answer I could come up with. The correct answer invalid netmask, is only two words. What TCP destination port

RE: job screening question

What's the problem with using 255.255.255.247 as a subnet mask if you want to make a LAN subnet with 12 hosts? (5 word answer) My response would be: Discontiguous subnet masks were allowed in the pre-CIDR era. If you so desire, give me about 2 hours since I do not have a scientific

FW: job screening question

(now copied to list as well) On Sat 07 July, 2012 at 20:32, Owen DeLong wrote: What TCP destination port numbers should be allowed through the perimeter stateful firewall device to and from a mail server whose only purpose is to proxy SMTP mail from internal sources? (one number answer)

RE: job screening question

My response would be insufficient information provided for meaningful diagnosis. The following could be issues: ... the user does not have a computer ... the computer is not turned on ... the keyboard is not plugged in ... the user is a quadraplegic and cannot use the mouse or keyboard ... the

RE: job screening question

A client cannot access the website http://xyz.com; How does the user know that it cannot access the web site? When did users become things? Probably a candidate that made this mistake should be dismissed from consideration on that basis alone. How do you know that the client is a person?

RE: Cisco Update

I see. Replace local access control with let anyone on the internet reconfigure the thing. Whoever's idea it was should be p*ssed on, keelhauled, drawn and quartered, then burned at the stake. --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org -Original

RE: Cisco Update

Significantly faster and with far fewer bugs than the Cisco/Linksys as well. --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org -Original Message- From: David Hubbard [mailto:dhubb...@dino.hostasaurus.com] Sent: Thursday, 05 July, 2012 10:56 To:

RE: F-ckin Leap Seconds, how do they work?

God damn that's a horrid piece of shit web site. You have to disable security and permit remote code execution or it does not work. What a crock! --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org -Original Message- From: Nick Hilliard

RE: F-ckin Leap Seconds, how do they work?

The system clock needs to be UTC, not UTC ± some offset stuck somewhere that keeps some form of running tally of the current leap second offset since the epoch. Nope. UTC *includes* leap seconds already. It's UT1 that does not. Are you suggesting that NTP timekeeping should be based

RE: F-ckin Leap Seconds, how do they work?

Leap seconds are to align the artificial and very stable atomic timescale with the irregular and slowing rotation of the earth. You are assuming facts not in evidence. The rotation is merely irregular within the capabilities of our scheme of measurement, calculation, and observation. Once

RE: F-ckin Leap Seconds, how do they work?

Tony Finch fa...@hermes.cam.ac.uk wrote: Keith Medcalf kmedc...@dessus.com wrote: You are assuming facts not in evidence. The rotation is merely irregular within the capabilities of our scheme of measurement, calculation, and observation. There is LOTS of evidence that the earth's

RE: [c-nsp] NTP Servers

those. The beauty of most appliances is that they're easy to manage. If it fails, download the latest ISO from company, burn it, boot appliance, restore it and you're back in business in an hour or so. Keep in mind a linux kernel running just ntpd and some management necessities like ssh

RE: [c-nsp] NTP Servers

Or you can ask the it guys to use a windows server... Eg: http://support.microsoft.com/kb/816042 That is a joke Jared? You left off the smiley. Windows doesn't do NTP out-of-the-box (Microsoft assertions to the contrary notwithstanding). You can build a reasonably working standard daemon,

RE: LinkedIn password database compromised

Leo, This will never work. The vested profiteers will all get together and make it a condition that in order to use this method the user has to have purchased a verified key from them. Every site will use different profiteers (probably whoever gives them the biggest kickback). You will end

RE: LinkedIn password database compromised

2. Pre-compromised-at-the-factory smartphones and similar. There's no reason why these can't be preloaded with spyware similar to CarrierIQ and directed to upload all newly-created private keys to a central collection point. This can be done, therefore it will be done, and when some

RE: EBAY and AMAZON

The problem at this point is that even with improvements in newer Windows systems there are probably on the order of a billion systems out there, attached to the net, and still running these deeply flawed OS's which can be taken over by just clicking on the wrong mail message. There have

RE: EBAY and AMAZON

Security Settings in the Trust Center: Read as Plain Text Even Signed Messages as Plain Text Never Download Images Require Confirmation when Forwarding or Replying will Download Anything at all Disable the AutoInfect options: Turn off the Preview

RE: EBAY and AMAZON

Windows security sucks. The real problem with Windows is that there exist folks who believe that it is, or can be, secured. They believe the six-colour glossy, the Gartner Reports, and other (manufacturers') propaganda. As a consequence they do not act in a fashion which will keep them

RE: Configuration Systems

On Thursday, 07 June, 2012 12:52, Owen DeLong observed: This is a hard problem to solve. Not the least of the difficulties is the fact that if you ask 50 engineers to define Cloud, you will get at least 100 definitions many of which are incompatible to the point of mutually exclusive. That

RE: Wacky Weekend: The '.secure' gTLD

This may result in mixed signals if a site on a SLD under .SECURE is actually compromised, which is more harmful than having no UI declaration. The greatest advantage of .SECURE is that it will help ensure that all the high-value targets are easy to find. --- () ascii ribbon campaign

RE: April fools joke?

http://www.bbc.co.uk/news/uk-politics-17576745 It's sad when you just can't tell with things like this.. I was hoping for something good, like maybe an extension of RFC 1149 implementing ECN (aka SQUAWK) in avian carriers. I'm disappointed. ECN doesn't help if the Hunting Season bit is

RE: Dear RIPE: Please don't encourage phishing

Unfortunately that's not under control of those businesses. This plain text email you sent comes across with clickable mailto and http links in your signature in most modern email clients despite you having sent it in plain text. Helpful email program defaults won't force people to copy and

RE: Whois 172/12

As port 137 is the Netbios Name Service port are you *sure* this is a port scan and not a windows box (or other OS running NetBIOS crud) that simply has fat-fingered addresses configured? --- ()  ascii ribbon campaign against html e-mail /\  www.asciiribbon.org -Original Message-

RE: Trouble accessing www.nanog.org

There is video hosting web sites on the intertubes? Now where would those be found, I wonder. All I have ever seen is macro-streaming that is fraudulently labeled and advertised as video -- the worst being something called FlashVirus, which was written by a company called MacroVirus Media or

<    1   2   3   4   >