Re: SHAKEN/STIR Robocall Summit - July 11 2019 at FCC

On 7/8/19 6:46 PM, Keith Medcalf wrote: On Monday, 8 July, 2019 19:28, Michael Thomas wrote: On 7/8/19 6:24 PM, Keith Medcalf wrote: You are the only person who has mentioned reverse DNS lookups. I'm only trying to guess what enlightens your misinformed world. You claimed that the "

Re: SHAKEN/STIR Robocall Summit - July 11 2019 at FCC

On 7/8/19 6:24 PM, Keith Medcalf wrote: You are the only person who has mentioned reverse DNS lookups. I'm only trying to guess what enlightens your misinformed world. Mike

Re: SHAKEN/STIR Robocall Summit - July 11 2019 at FCC

On 7/8/19 6:11 PM, Valdis Klētnieks wrote: On Mon, 08 Jul 2019 17:58:17 -0700, Michael Thomas said: On 7/8/19 5:54 PM, Keith Medcalf wrote: This is because DKIM was a solution to a problem that did not exist. ::eyeroll:: pray tell, how do you "always" know the identity of the M

Re: SHAKEN/STIR Robocall Summit - July 11 2019 at FCC

Jon Callas, Eric Allman, the IETF security geek contingent and even me disagree with you. rfc 4871 disagrees with you. STD 76 disagrees with you. Trillions of signed messages disagree with you. Steve Bellovin probably disagrees with you too since you seem to be under the illusion that a

Re: SHAKEN/STIR Robocall Summit - July 11 2019 at FCC

On 7/8/19 5:54 PM, Keith Medcalf wrote: On Monday, 8 July, 2019 18:08, Michael Thomas wrote: when we did DKIM back in the day, almost nobody was requiring SMTP auth which meant the providers could say "blame me" via the DKIM signature, >but couldn't really take much action sinc

Re: SHAKEN/STIR Robocall Summit - July 11 2019 at FCC

when we did DKIM back in the day, almost nobody was requiring SMTP auth which meant the providers could say "blame me" via the DKIM signature, but couldn't really take much action since they didn't know who has doing it. we sort of took a leap of faith that that would happen.  nowadays, almost

Re: webauthn

2, 2019 at 8:52 PM Michael Thomas <mailto:m...@mtcc.com>> wrote: I know it's a little tangential, but it's a huge operational issue for network operations too. Have any NANOG folks been paying attention to webauthn? i didn't know about until yesterday, though i wrote a pr

webauthn

I know it's a little tangential, but it's a huge operational issue for network operations too. Have any NANOG folks been paying attention to webauthn? i didn't know about until yesterday, though i wrote a proof of concept of something that looks a lot like webauthn in 2012. The thing that is

Re: Should Netflix and Hulu give you emergency alerts?

On 3/12/19 5:34 PM, William Herrin wrote: On Tue, Mar 12, 2019 at 4:04 PM Michael Thomas <mailto:m...@mtcc.com>> wrote: > On 3/12/19 3:39 PM, William Herrin wrote: >> I'd prefer if my computer's BIOS didn't talk to the network at all, that being >> far more likely to

Re: Should Netflix and Hulu give you emergency alerts?

On 3/12/19 4:52 PM, Sean Donelan wrote: On Tue, 12 Mar 2019, Michael Thomas wrote: What's with perpetuating the thought that it needs to be in the bios? It's just a normal app on a normal computer like Biff. I know, after working with network engineers in too many meetings. As I keep

Re: Should Netflix and Hulu give you emergency alerts?

On 3/12/19 3:39 PM, William Herrin wrote: On Tue, Mar 12, 2019 at 2:50 PM > wrote: > On Tue, 12 Mar 2019 13:45:23 -0700, William Herrin said: > > In many cases, only the foreground app has a clear understanding of the > > state of the screen. Not the OS and

Re: Should Netflix and Hulu give you emergency alerts?

On 3/12/19 1:45 PM, William Herrin wrote: On Tue, Mar 12, 2019 at 11:57 AM Michael Thomas <mailto:m...@mtcc.com>> wrote: > Yes, that's exactly my point: it should just be a requirement of the > hardware platform to implement this. Just like e911. Enumerating the >

Re: Should Netflix and Hulu give you emergency alerts?

On 3/11/19 8:24 PM, Sean Donelan wrote: On Mon, 11 Mar 2019, Michael Thomas wrote: It seems to me that it would be much better to use the standards we already have to deliver text, voice and video, and just make it a requirement that some list of devices must be able to listen

Re: Should Netflix and Hulu give you emergency alerts?

On 3/11/19 6:57 PM, William Herrin wrote: On Mon, Mar 11, 2019 at 6:25 PM Michael Thomas <mailto:m...@mtcc.com>> wrote: > This entire thing strikes me as a horrible layering violation. Why on > earth should alerts be required to dogleg through content providers? > > It seem

Re: Should Netflix and Hulu give you emergency alerts?

On 3/11/19 7:02 AM, Livingood, Jason wrote: +1 to Rich's note: I agree we need to be careful not to extrapolate our experiences/devices/preferences to the average person. Emergency alerts serve a valuable purpose, especially when something like a wild fire or tornado or whatever is

Re: Should Netflix and Hulu give you emergency alerts?

On 3/8/19 2:22 PM, Sean Donelan wrote: https://www.cnn.com/2019/03/08/tech/emergency-alert-netflix-hulu-streaming/index.html New York (CNN Business) The federal emergency alert program was designed decades ago to interrupt your TV show or radio station and warn about impending danger —

Re: Should Netflix and Hulu give you emergency alerts?

On 3/8/19 2:32 PM, Matt Hoppes wrote: No. Please no. We need less regulation. Not more. VoIP started out the same way. Very simple to start offering voip. Worked well. Then the government got involved. Now it’s a mess of requirements, warnings and reporting. I was there developing service

Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

Having been through this many times, I'd say that probably the best way to advocate for something is to advocate for what the *problem* is much more than what the *solution* is. Invariably, things are more complex than we imagine in the solution space and the people who inhabit that space are

Re: It's been 20 years today (Oct 16, UTC). Hard to believe.

On 10/17/2018 12:43 PM, Florian Weimer wrote: * Laszlo Hanyecz: On 2018-10-17 02:35, Michael Thomas wrote: I believe that the IETF party line these days is that Postel was wrong on this point. Security is one consideration, but there are others. Postel's maxim also allowed extensibility

Re: It's been 20 years today (Oct 16, UTC). Hard to believe.

On 10/16/2018 08:36 PM, Scott Brim wrote: On Tue, Oct 16, 2018, 22:37 Michael Thomas <mailto:m...@mtcc.com>> wrote: I believe that the IETF party line these days is that Postel was wrong on this point. Security is one consideration, but there are others. Mike I

Re: It's been 20 years today (Oct 16, UTC). Hard to believe.

On 10/16/2018 08:20 PM, b...@theworld.com wrote: On October 16, 2018 at 19:35 m...@mtcc.com (Michael Thomas) wrote: > I believe that the IETF party line these days is that Postel was wrong > on this point. Security is one consideration, but there are others. Security fits in

Re: It's been 20 years today (Oct 16, UTC). Hard to believe.

I believe that the IETF party line these days is that Postel was wrong on this point. Security is one consideration, but there are others. Mike On 10/16/2018 07:18 PM, b...@theworld.com wrote: What it's trying to say is that you have control over your own code but not others', in general. So

Re: Oct. 3, 2018 EAS Presidential Alert test

On 10/07/2018 03:49 PM, Fred Baker wrote: On Oct 7, 2018, at 12:23 PM, b...@theworld.com wrote: That was one advantage of the old air raid siren system, it was difficult to ignore and required nothing special to receive (hearing impaired excepted.) Where I grew up, the “Civil Defense Warning”

Re: Oct. 3, 2018 EAS Presidential Alert test

On 10/05/2018 04:47 PM, Sean Donelan wrote: On Thu, 4 Oct 2018, b...@theworld.com wrote: Just to try to squeeze something worthwhile out of these reports... I wonder, if there were a real alert, what the odds are that one wouldn't hear about it in 1 minute, 5 minutes, etc even if they didn't

Re: Proving Gig Speed

SoIP surely will sure require trigabits. Mike On 7/17/18 8:38 AM, Saku Ytti wrote: On Tue, 17 Jul 2018 at 17:45, Mike Hammett wrote: 10G to the home will be pointless as more and more people move away from Ethernet to WiFi where the noise floor for most installs prevents anyone from

Re: Proving Gig Speed

Thanks, Jason. While I might have idle curiosity of how well my link performs when I first get it, beyond that the only time I care is when I or somebody else in the house starts screaming "THE INTERTOOBZ R SLOWZ!@!". I just had this happen to me the other night as I trying to watch

Re: BGP in a containers

So I have to ask, why is it advantageous to put this in a container rather than just run it directly on the container's host? Mike On 06/14/2018 05:03 PM, Richard Hicks wrote: I'm happy with GoBGP in a docker container for my BGP Dashboard/LookingGlass project.

Re: Novice sysadmins

On 12/06/2017 09:27 AM, Seth Mattinen wrote: On 12/6/17 09:16, Nate Metheny wrote: I've always been more than willing to share knowledge and skill training with those who show interest and talent; the more qualified and interested people involved, the better, in my opinion. Making the club

Re: Novice sysadmins

On 12/05/2017 08:17 AM, Harald Koch wrote: Thirty years ago I started my sysadmin journey on an Internet that was filled with helpful, experienced people that were willing to share their knowledge. Twenty years ago I was one of three people running CA*net, the cross-Canada research Internet

Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 01:11 PM, John Levine wrote: PPS: Please spare us pontification about why ARC can't possibly work unless you're prepared to cite section numbers in the ARC spec supporting your argument. Apparently the levine unit is hearing things again because nobody -- least of all me -- has

Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 03:00 PM, Grant Taylor via NANOG wrote: On 11/29/2017 03:46 PM, Michael Thomas wrote: You know what the original header was via the signature. You can take the delta of the current subject line and remove any additions and validate the signature. Whether you're happy

Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 02:40 PM, Grant Taylor via NANOG wrote: On 11/29/2017 03:24 PM, Michael Thomas wrote: Message footers and subject lines can be dealt with. That's already been proven within the current DKIM spec. Please humor my ignorance and explain how a subject line (which is (over)signed

Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 01:11 PM, John Levine wrote: In article <1d458e76-ab61-db28-79cb-6aabcab4f...@mtcc.com> you write: I've been saying for years that it should be possible to create the concept of DKIM-friendly mailing lists. ... I suppose, if your users are OK with no subject tags, message

Re: Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 11:53 AM, Grant Taylor via NANOG wrote: On 11/29/2017 11:33 AM, Michael Thomas wrote: A broken DKIM signature is indistinguishable from a lack of a signature header. I'll argue that it's possible to distinguish between the two. *However* the DKIM standard states that you should

Re: Incoming SMTP in the year 2017 and absence of DKIM

third party's open relay), nor do they have access to the zonefile for the domain the mail server belongs to for the purpose of adding any sort of DKIM record. On Wed, Nov 29, 2017 at 10:12 AM, Michael Thomas <m...@mtcc.com> wrote: On 11/29/2017 10:03 AM, valdis.kletni...@vt.edu wrote:

Re: Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 10:03 AM, valdis.kletni...@vt.edu wrote: On Wed, 29 Nov 2017 09:32:27 -0800, Michael Thomas said: There are quite a few things you can do to get the mailing list traversal rate > 90%, iirc. Only 90% should be considered horribly broken. Anything that makes it difficult to

Re: Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 09:24 AM, William Herrin wrote: On Wed, Nov 29, 2017 at 12:17 PM, Stephen Frost wrote: * William Herrin (b...@herrin.us) wrote: On Wed, Nov 29, 2017 at 12:03 PM, Eric Kuhnke wrote: How much weight do you put on an incoming message,

Re: RFC 1918 network range choices

On 10/05/2017 05:14 PM, Lyndon Nerenberg wrote: On Oct 5, 2017, at 4:52 PM, Steve Feldman wrote: I have a vague recollection of parts of 192.168.0.0/16 being used as default addresses on early Sun systems. If that's actually true, it might explain that choice.

Re: IoT security

On 02/07/2017 02:05 PM, William Herrin wrote: On Tue, Feb 7, 2017 at 3:27 PM, Randy Bush wrote: On Tue, Feb 07, 2017 at 06:56:40AM -0500, William Herrin wrote: Immaterial. The point is to catch vulnerable devices before they're hacked. you have a 30 second window there, maybe

Re: IoT security

On 2/6/17 2:31 PM, William Herrin wrote: This afternoon's panel about IoT's lack of security got me thinking... On the issue of ISPs unable to act on insecure devices because they can't detect the devices until they're compromised and then only have the largest hammer (full account ban) to

Re: Fwd: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks

On 07/19/2016 04:55 PM, Jay R. Ashworth wrote: Heap overflow bug in either a widely used ASN.1 library from Objective Systems, apparently popular with cell-radio industry people. Not sure if this will leak over into NANOG land -- but neither are you, and that's most of my point. DO *you* know

Re: Broadband Router Comparisons

On 12/26/2015 11:37 PM, Mikael Abrahamsson wrote: Providing security updates is just a cost, there is no upside, because these boxes sit in a closet, unloved until they stop working, and they're thrown out and replaced by a new unloved box that goes into the closet until it stops working

Re: Broadband Router Comparisons

Nice, but i want my router to have an android environment itself, not just to be controlled by my phone (which i want as well, of course). The proximity sensor for app developers would be fun to play with, for example. Mike On 12/27/2015 09:43 AM, Hugo Slabbert wrote: From: Michael

Re: Binge On! - And So This is Net Neutrality?

On 11/20/2015 08:16 AM, Scott Brim wrote: On Fri, Nov 20, 2015 at 10:45 AM, Jay Ashworth wrote: According to: http://www.engadget.com/2015/11/20/fcc-chairman-gives-t-mobiles-binge-on-the-thumbs-up/ Chairman Wheeler thinks that T-mob's new "customers can get uncapped

Re: ARIN Region IPv4 Free Pool Reaches Zero

That will be pretty interesting for anybody who's using aws as their server infrastructure since aws is still v6 useless last i heard. Mike On 09/24/2015 04:33 PM, Eric Tykwinski wrote: No doubt as an iOS/Apple developer for a hobby, they have been pretty forth coming on dual stack. It’s not

Re: Android (lack of) support for DHCPv6

The thing about this is that I get the impression that there was violent agreement that DHCPv6 with PD would be Good Thing. I think that the disagreement is about single address assignments being a Bad Thing or Good Thing. For Android, it seems that if operators implemented the ability to

Re: Android (lack of) support for DHCPv6

On 06/10/2015 03:32 PM, George, Wes wrote: From: Ted Hardie ted.i...@gmail.commailto:ted.i...@gmail.com Date: Wednesday, June 10, 2015 at 6:09 PM To: George, Wes wesley.geo...@twcable.commailto:wesley.geo...@twcable.com Cc: Doug Barton do...@dougbarton.usmailto:do...@dougbarton.us,

Re: Android (lack of) support for DHCPv6

On 06/10/2015 02:36 PM, Doug Barton wrote: It *could*, but Lorenzo actually does have a point when he talks about not wanting to cripple future application development. I'd also like to see a rough outline of an implementation before commenting further. Meanwhile, DHCPv6 + PD solves all of

Re: Android (lack of) support for DHCPv6

On 06/10/2015 02:51 PM, Paul B. Henson wrote: From: Lorenzo Colitti Sent: Wednesday, June 10, 2015 8:27 AM please do not construe my words on this thread as being Google's position on anything. These messages were sent from my personal email address, and I do not speak for my employer. Can we

Re: Android (lack of) support for DHCPv6

On 06/09/2015 08:37 PM, Karl Auer wrote: On Tue, 2015-06-09 at 23:09 -0400, valdis.kletni...@vt.edu wrote: How does the device ask for a *second* DHCPv6'ed address for tethering or whatever? RFC 3315 says you just chuck in multiple IA_NA (or IA_TA) options. The server will respond with

Re: hiring net engs

On 6/6/15 10:34 AM, Randy Bush wrote: nanog as dinosaur food Don't you mean nanog as dinosaur water cooler? Mike

Re: West Coast FIOS disconnect

It's still down here in SF. Mike On 05/28/2015 05:51 PM, James Laszko wrote: It's really odd - we seem to have a decent amount of connectivity restored with customers however traceroutes and pings are all failing to sites that are accessible via HTTP/HTTPS.. James -Original

Re: Password storage (was Re: gmail security is a joke)

On 05/28/2015 02:29 AM, Robert Kisteleki wrote: Bcrypt or PBKDF2 with random salts per password is really what anyone storing passwords should be using today. Indeed. A while ago I had a brainfart and presented it in a draft:

Re: Rasberry pi - high density

As it turns out, I've been playing around benchmarking things lately using the tried and true UnixBench suite and here are a few numbers that might put this in some perspective: 1) My new Rapsberry pi (4 cores, arm): 406 2) My home i5-like thing (asus 4 cores, 16gb's from last year): 3857 3)

Re: Searching for a quote

On 03/12/2015 11:52 PM, Eygene Ryabinkin wrote: Thu, Mar 12, 2015 at 05:31:54PM -0700, Michael Thomas wrote: Jon Postel. I'm told that it is out of favor these days in protocol-land, from a security standpoint if nothing else. The principle has nothing to do with security: it doesn't mean

Re: Searching for a quote

Jon Postel. I'm told that it is out of favor these days in protocol-land, from a security standpoint if nothing else. Mike On 3/12/15 5:24 PM, Tom Paseka wrote: Be conservative in what you send, be liberal in what you accept ^http://en.wikipedia.org/wiki/Robustness_principle On Thu, Mar 12,

Re: Verizon Policy Statement on Net Neutrality

On 03/02/2015 09:20 AM, Naslund, Steve wrote: Average != Peak. What is peak? There is a question for you. If we get all the way down to the fundamentals of any network, peak is always 100%. There is either a bit on the wire or not. Your network is either 100% busy or 100% idle at any

Re: Verizon Policy Statement on Net Neutrality

On 02/28/2015 06:15 PM, Scott Helms wrote: Michael, You should really learn how DOCSIS systems work. What you're trying to claim it's not only untrue it is that way for very real technical reasons. I'm well aware. I was there. Mike On Feb 28, 2015 6:27 PM, Michael Thomas m...@mtcc.com

Re: Verizon Policy Statement on Net Neutrality

On 03/01/2015 08:19 AM, Scott Helms wrote: You mean CableLabs? Yes. Mike On Mar 1, 2015 11:11 AM, Michael Thomas m...@mtcc.com mailto:m...@mtcc.com wrote: On 03/01/2015 07:55 AM, Scott Helms wrote: Michael, Exactly what are you basing that on? Like I said, none

Re: Verizon Policy Statement on Net Neutrality

On 03/01/2015 08:19 AM, Scott Helms wrote: Michael, Then you understand that having the upstreams and downstreams use the same frequencies, especially in a flexible manner, would require completely redesigning every diplex filter, amplifier, fiber node, and tap filters in the plant. At

Re: Verizon Policy Statement on Net Neutrality

*and* they wanted to have something that nobody else (= oot) could compete with. The entire exercise was trying to bring the old telco billing model into the cable world, hence all of the DOCSIS QoS, RSVP, etc, etc. Mike On Feb 28, 2015 7:15 PM, Michael Thomas m...@mtcc.com mailto:m...@mtcc.com

Re: Verizon Policy Statement on Net Neutrality

On 03/01/2015 05:08 AM, Clayton Zekelman wrote: Yes, so when cable modems were introduced to the network, they had to be designed to work on the EXISTING infrastructure which was designed to deliver cable TV. It's not some conspiracy to differentiate higher priced business services - it was a

Re: Verizon Policy Statement on Net Neutrality

at Packetcable at the time? Mike On Mar 1, 2015 10:51 AM, Michael Thomas m...@mtcc.com mailto:m...@mtcc.com wrote: On 02/28/2015 06:38 PM, Scott Helms wrote: You're off on this. When PacketCable 1.0 was in development and it's early deployment there were no OTT VOIP providers of note

Re: Verizon Policy Statement on Net Neutrality

On 02/28/2015 03:14 PM, Clayton Zekelman wrote: You do of course realize that the asymmetry in CATV forward path/return path existed LONG before residential Internet access over cable networks exited? The cable companies didn't want servers on residential customers either, and were animated

Re: Verizon Policy Statement on Net Neutrality

On 02/28/2015 03:35 PM, Clayton Zekelman wrote: And for historical reasons. The forward path started at TV channel 2. The return path was shoe horned in to the frequencies below that, which limited the amount of available spectrum for return path. Originally this didn't matter much because

Re: Verizon Policy Statement on Net Neutrality

On 02/28/2015 02:38 PM, Barry Shein wrote: Can we stop the disingenuity? Asymmetric service was introduced to discourage home users from deploying commercial services. As were bandwidth caps. Answer: Give them a lot less upload than download bandwidth. That's exactly how I remember why we

Re: symmetric vs. asymmetric [was: Verizon Policy Statement on Net Neutrality]

On 02/28/2015 08:20 AM, Mike Hammett wrote: I use Skype regularly. It doesn't require 10 megabits. No, I didn't forget about them. There's simply not that many of them. No game requires significant amounts of upload. I forgot nothing and none of what you presented changes my statement in any

Re: symmetric vs. asymmetric [was: Verizon Policy Statement on Net Neutrality]

On 02/28/2015 08:59 AM, Mike Hammett wrote: 20 years ago was into AOL's prime, so yes they did. Great, let's re-evaluate the system when demand necessitates it. For many systems, it's literally as simple as changing how many channels are allocated to what directions. By that logic, we would

Re: Verizon Policy Statement on Net Neutrality

On 02/27/2015 02:52 PM, Naslund, Steve wrote: What is that statement based on? I have not seen any outcry for more symmetric speeds. Asymmetry in our networks causes a lot of engineering issues and if it were up to the carriers, we would much rather have more symmetric traffic patterns

Re: Verizon Policy Statement on Net Neutrality

On 02/27/2015 10:02 AM, Naslund, Steve wrote: I am talking about real compelling content with value not an HD camera staring at a wall. Even backups are rarely an issue for the average user as long as their backup solution is intelligent enough to use bandwidth efficiently. Really, the

Re: Verizon Policy Statement on Net Neutrality

On 02/27/2015 11:49 AM, Jack Bates wrote: It is my thought that when people ask for symmetrical circuits, they are really saying that they would like to see a higher upload. What they have is too slow for their needs. This is especially true for older technology that isn't in danger of being

Re: Bounce action notifications - NANOG mailing list changes yahoo.com users

On 10/10/2014 08:10 AM, Randy Bush wrote: a better approach would be to recommend that mailing list participants who want to actually participate should utilize a mail service appropriate for the purpose. support to be fair, this means EITHER one which does not DMARC mark messages OR one which

Re: Marriott wifi blocking

On 10/06/2014 07:37 AM, Owen DeLong wrote: On Oct 4, 2014, at 11:23 PM, Michael Thomas m...@mtcc.com wrote: On 10/04/2014 11:13 PM, Owen DeLong wrote: Very true. I wasn't talking about ideal solutions. I was talking about current state of FCC regulations. Further, you seem to assume a level

Re: Marriott wifi blocking

On 10/06/2014 10:12 AM, Owen DeLong wrote: On Oct 6, 2014, at 8:06 AM, Michael Thomas m...@mtcc.com wrote: On 10/06/2014 07:37 AM, Owen DeLong wrote: On Oct 4, 2014, at 11:23 PM, Michael Thomas m...@mtcc.com wrote: On 10/04/2014 11:13 PM, Owen DeLong wrote: Very true. I wasn't talking

Re: Marriott wifi blocking

On 10/04/2014 11:13 PM, Owen DeLong wrote: Very true. I wasn't talking about ideal solutions. I was talking about current state of FCC regulations. Further, you seem to assume a level of control over client behavior that is rare in my experience. Owen I this particular case, I think that

Re: Marriott wifi blocking

On 10/04/2014 10:23 AM, Jay Ashworth wrote: Majdi makes an excellent point, but I want to clarify it, so no one misses the important subtext: It is OK for an enterprise wifi system to make this sort of attack *on rogue APs which are trying to pretend to be part of it (same ESSID). It is NOT

Re: Marriott wifi blocking

On 10/04/2014 11:47 AM, Jay Ashworth wrote: A copycat AP is unquestionably hostile, and likely interfering with users, but I'm unconvinced that the hostility triggers a privilege to attack it under part 15 rules. In addition to not being allowed to interfere, we also have: You're not attacking

Re: Marriott wifi blocking

On 10/04/2014 01:33 PM, Owen DeLong wrote: On Oct 4, 2014, at 12:39 , Brandon Ross br...@pobox.com wrote: On Sat, 4 Oct 2014, Michael Thomas wrote: The problem is that there's really no such thing as a copycat if the client doesn't have the means of authenticating the destination. If that's

Re: update

On 9/24/14, 3:27 PM, Jim Popovitch wrote: On Wed, Sep 24, 2014 at 6:17 PM, Brandon Whaley redkr...@gmail.com wrote: The scope of the issue isn't limited to SSH, that's just a popular example people are using. Any program calling bash could potentially be vulnerable. Agreed. My point was

Re: Richard Bennett, NANOG posting, and Integrity

On 7/28/14, 12:39 PM, William Herrin wrote: And continued selling the product as described, long beyond any reasonable doubt their customers expected it to work with Netflix. Right through this very minute and beyond. It would be amusing to see Netflix just call their bluff. And maybe

Re: [OPINION] Best place in the US for NetAdmins

On 07/26/2014 06:01 PM, William Herrin wrote: On Sat, Jul 26, 2014 at 1:13 PM, Owen DeLong o...@delong.com wrote: Bill, on your list of not so wonderful things in DC, you left off: Weather In the sumer, the DC area is, well, what you’d expect from a hot, humid, fetid

Re: Richard Bennett, NANOG posting, and Integrity

On 7/22/14, 9:07 AM, Paul WALL wrote: Provided without comment: http://www.esquire.com/blogs/news/comcast-astroturfing-net-neutrality “The FCC’s Net neutrality rules are based on the false premise that American broadband services are sub-standard compared to those in other countries.”

Re: Net Neutrality...

On 07/18/2014 11:05 AM, Rob Seastrom wrote: Michael Thomas m...@mtcc.com writes: On 7/17/14, 2:15 PM, valdis.kletni...@vt.edu wrote: /me makes popcorn and waits for 4K displays to drop under US$1K and watch the network providers completely lose their shit http://www.amazon.com/Seiki

Re: Net Neutrality...

On 7/17/14, 2:15 PM, valdis.kletni...@vt.edu wrote: /me makes popcorn and waits for 4K displays to drop under US$1K and watch the network providers completely lose their shit http://www.amazon.com/Seiki-SE39UY04-39-Inch-Ultra-120Hz/dp/B00DOPGO2G $339! I use it for doing dev. It's

Re: Verizon Public Policy on Netflix

On 7/16/14, 3:57 PM, Owen DeLong wrote: On Jul 13, 2014, at 09:09 , na...@brettglass.com wrote: If Netflix continues on its current course, ALL ISPs -- not just rural ones, will eventually be forced to rebel. And it will not be pretty. I don't think so. I think the reality is that access

Re: Observations of an Internet Middleman (Level3)

Scott Helms wrote: Mark, Bandwidth use trends are actually increasingly asymmetical because of the popularity of OTT video. Until my other half decides to upload a video. Is it too much to ask for a bucket of bits that I can use in whichever direction happens to be needed at the moment?

Re: Observations of an Internet Middleman (Level3)

Scott Helms wrote: Michael, No, its not too much to ask and any end user who has that kind of requirement can order a business service to get symmetrical service but the reality is that symmetrical service costs more and the vast majority of customers don't use the upstream capacity they

Re: Observations of an Internet Middleman (Level3)

Mark Tinka wrote: One of the use-cases we thought about when deploying an FTTH backbone was having remote PVR's. So rather than record and save linear Tv programming on the STB, record and save it in the network. This could only be done with symmetric bandwidth. Isn't this already the

Re: Observations of an Internet Middleman (Level3)

Scott Helms wrote: Mike, In my experience you're not alone, just in a really tiny group. As I said I have direct eyeballs on ~500k devices and the ability to see another 10 million anytime I want and the percentage of people who cap their upstream in both of those sample groups for more

Re: Observations of an Internet Middleman (Level3)

http://twitter.com/kscotthelms On Fri, May 16, 2014 at 4:06 PM, Michael Thomas m...@mtcc.com mailto:m...@mtcc.com wrote: Scott Helms wrote: Mike, In my experience you're not alone, just in a really tiny group. As I said

Re: The FCC is planning new net neutrality rules. And they could enshrine pay-for-play. - The Washington Post

On 04/27/2014 05:05 PM, Owen DeLong wrote: Beyond that, there’s a more subtle argument also going on about whether $EYEBALL_PROVIDER can provide favorable network access to $CONTENT_A and less favorable network access to $CONTENT_B as a method for encouraging subscribers to select $CONTENT_A

Re: DMARC - CERT?

On 04/16/2014 09:19 PM, Private Sender wrote: I'm sorry but is there a fundamental misunderstanding of dmarc going on in this thread? Yahoo doesn't want you to be able to send @yahoo.com email from anything other than THEIR servers which contain the private key that corresponds to their DKIM

Re: DMARC - CERT?

On 04/17/2014 08:34 AM, valdis.kletni...@vt.edu wrote: On Wed, 16 Apr 2014 21:19:18 -0700, Private Sender said: I'm sorry but is there a fundamental misunderstanding of dmarc going on in this thread? Yes, apparently mostly on the part of Yahoo apologists... There is no need to flame a

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 4/14/14 4:06 PM, Randy Bush wrote: for those you can blame the vendor. this one is owned by the community. it falls on us to try to lower the probability of a next one by actively auditing source as our civic duty. is that kind of like jury duty? if only it were more like literature,

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 04/14/2014 05:02 PM, Nathan Angelacos wrote: On 04/14/2014 07:14 PM, Michael Thomas wrote: It's much, much worse than that. I can still read code plenty fine, but bugs can be extremely obscure, and triply so with convoluted security code where people are actively going after you to find

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 04/13/2014 07:30 AM, Randy Bush wrote: It's quite plausible that they watch the changes in open-source projects to find bugs. They could do nice diffs and everything. the point of open source is that the community is supposed to be doing this. we failed. Versus all of the closed source

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 04/13/2014 07:52 AM, Randy Bush wrote: the point of open source is that the community is supposed to be doing this. we failed. Versus all of the closed source bugs that nobody can know of or do anything about? for those you can blame the vendor. Or not. this one is owned by the

Re: DNSSEC?

On 04/11/2014 10:45 PM, Jimmy Hess wrote: The vulnerability is related to re-used memory pages within the same process. It also does not help that OpenSSL has its own wrapper around malloc() And instead of using the standard system libraries for memory allocation, apparently uses a high-risk

Re: DNSSEC?

On 04/12/2014 10:10 AM, Jimmy Hess wrote: On Sat, Apr 12, 2014 at 9:17 AM, Michael Thomas m...@mtcc.com wrote: Malloc doesn't write over to-be allocated memory, calloc does. Using a Zero'ing newly allocated memory is not the desired behavior. The desired behavior is that a segmentation fault

Re: Yahoo DMARC breakage

On 04/09/2014 09:54 PM, Jimmy Hess wrote: Basic functionality is seriously and utterly broken --- that DMARC doesn't have a good answer for such situations, is a major indicator of its immaturity, in the sense that it is Too specific a solution and cannot apply to e-mail in general. DMARC is

<    1   2   3   4   5   6   7   8   >