On 2021-06-02 4:25 a.m., Mark Tinka wrote:
On 6/1/21 20:46, Andy Ringsmuth wrote:
How about the farmer using an HD or 4k drone with WAPs on his center
pivot irrigation sprinklers to monitor crops? Or monitor the cattle
herd that is currently growing the next T-bone or porterhouse steak
you’ll
Most civilized societies immensely value a great many things, and for
exactly zero of them is it acceptable for the government to kick down my
door, wake me up, and scrawl a message on my wall to make sure I hear
about it. Just because digital tools can save the government millions
of
On 2020-11-20 6:06 p.m., Aaron C. de Bruyn via NANOG wrote:
> high speed, safe, secure global fiber connectivity
More importantly, can someone tell me what 'safe global fiber
connectivity' is? As opposed to 'unsafe global fiber connectivity'?
Do these guys have the market cornered on not
On 2020-07-24 3:06 a.m., Mark Tinka wrote:
On 24/Jul/20 00:26, William Herrin wrote:
Many moons ago, I interviewed at Google. During one of the afternoon
sessions the interviewer and I spent about half an hour spitballing
approaches for system monitoring problem at scale. I no longer
remember
Cloudflare's status page acknowledged a recursive DNS issue as of a few
minutes ago. Lots of reports of problems on the Outages list and Reddit.
From their status page:
*Investigating*- Cloudflare is investigating issues with Cloudflare
Resolver and our edge network in certain locations.
On 2020-07-14 1:55 p.m., Michael Thomas wrote:
But I try as much as possible to put candidates at ease because I know
that not everybody reacts to interviews the same, which is sadly not
the case far too often.
Mike
I often ask a question early in the interview to the effect of "Tell me
On 2019-04-01 10:59 AM, Mark E. Jeftovic wrote:
The DNS is an inverted-tree hierarchy, which is problematic and
promotes unequal outcomes among system participants.
After a lengthy contemplative process we have enacted a system of
social justice pricing which will rectify historical
It can be blocked, FYI. Just... not as easily as it should be. On
Android, if you remove the CellBroadcastReceiver service, the phone no
longer listens for the alerts.
I rooted my phone specifically to be able to do this after the alerting
system rolled out in Canada. The test was bad
On 2018-01-08 10:19 PM, John Levine wrote:
In article <0c45eee2-ffcb-2066-1456-eb2d38075...@alter3d.ca>,
Peter Kristolaitis <alte...@alter3d.ca> wrote:
We can build all of the above in other ways today, of course. But
there's certainly something to be said for a vendor-suppor
On 2018-01-08 12:52 AM, William Herrin wrote:
I'm having trouble envisioning a scenario where blockchain does that any
better than plain old PKI.
Blockchain is great at proving chain of custody, but when do you need to do
that in computer networking?
Regards,
Bill Herrin
There's probably
On 3/1/2017 10:50 PM, James DeVincentis via NANOG wrote:
Realistically any hash function *will* have collisions when two items are
specifically crafted to collide after expending insane amounts of computing
power, money, and… i wonder how much in power they burned for this little stunt.
Easy
On 2016-08-12 11:36 AM, Keith Stokes wrote:
Route53 can get expensive for lots of domains. Queries are cheap with the first
1M free, but if you have 1000 domains you’ll pay $500/month.
If you had 1000 domains, you'd pay $110/month, not $500. The first 25
domains at $0.50/month each, after
I don't think it's "groupthink" so much as it is "the mark of
experienced tech people who are good at their job".
At $DAYJOB, a HUGE part of my time is spent as a "technical firewall" --
stopping the company from blindly implementing something based on
incomplete information. When someone
On 2016-03-11 04:40 PM, Scott Weeks wrote:
-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Sean Donelan
The U.S. government definition of data center is a bit like defining
a warehouse as any room containing a single ream of paper. Yes,
warehouses are
On 10/13/2015 11:30 AM, Bob Evans wrote:
WAIT WAIT - I know the solution to all of this. Let's pass a law that
requires everyone to fill out a form to buy a device with a MAC address.
Make them wait 10 days to verify the buyer has never committed a digital
crime. While law enforcement puts it
The Walmart ones cost less upfront, but their support sucks. This often
leads to sags in performance, especially from the view of the average
eyeball network user, which results in personal discomfort when senior
management determines that the best way to resolve the issue is to bring
in some
On 7/14/2015 8:02 PM, Mike wrote:
The flame wars and vitrol and rhetoric is too much noise for me to
derive anything useful from. Someone needs to stand up and lead. I
will happily follow.
Too much noise has been v6's problem from the start. Every time I've
looked at v6 for use in the
On 6/26/2015 7:26 PM, Joe Abley wrote:
On 26 Jun 2015, at 15:04, Hank Disuko wrote:
Bell Canada is apparently gearing up to provide the good people of
Toronto with the World's Fastest Internet™.
On 6/7/2015 4:10 AM, Joshua Riesenweber wrote:
As someone studying their first CCIE (RS), I sometimes find these kind of
discussions disheartening. They come up every now and again, and the opinions
seem vary anywhere between 'a good interview tool' and 'less than worthless'.
A certification
Not industrial grade, but Raspberry Pis are pretty great for this kind
of low-horsepower application. Throw 2 at each site for redundancy and
you have a low-powered, physically small, cheap, dead silent, easily
replaceable system for ~$150 per site. Same idea as the Soekris --
just ship out
We use OpsGenie for notifications (and on-call scheduling, etc). There
are other similar options such as PagerDuty, etc, as well.
Notifications can be submitted to the service in a variety of ways
(email, web API, etc), has a variety of integrations with other tools
(Nagios, Pingdom, etc) to
On 10/21/2014 01:33 PM, Sandra Murphy wrote:
On Oct 21, 2014, at 11:08 AM, David Conrad d...@virtualized.org wrote:
On Oct 20, 2014, at 10:18 PM, Barry Shein b...@world.std.com wrote:
Not that anyone is looking for a solution but I suppose one possible
solution would be to use the two-letter
Likely not, since it's affecting Windows instances as well.
Also not just us-west-2 -- we have tons of instances scheduled for
downtime in us-east-1 and eu-west-1 as well.
-Peter
On 09/24/2014 04:51 PM, Gabriel Blanchard wrote:
Bash related?
On Sep 24, 2014, at 4:47 PM, Grant Ridder
On 06/19/2014 02:07 PM, Daniel Ankers wrote:
On 19 June 2014 18:19, valdis.kletni...@vt.edu wrote:
My WNDR3800 running cerowrt is quite able to use up the /60 Comcast hands me
(it burns 6 /64s by default the instant you turn it on, and can burn more
if
you start doing VLAN'ing or other
On 06/02/2014 08:26 AM, Randy Bush wrote:
I use OpenVPN to access an Admin/sandboxed network with insecure portals,
wiki, and ipmi.
h. 'cept when it is the openvpn server's ipmi. but good hack. i
may use it, as i already do openvpn. thanks.
randy
What you can also do if you want to
On 4/18/2014 11:29 PM, Jeff Kell wrote:
Anyone ever pentested you? It's an enlightening experience. Jeff
At a previous job, we hired a company (with CISSP-certified pentesters)
to do a black box pentest of our network.
Things I was enlightened by:
- It's OK to work in a highly technical
On 4/11/2014 4:03 PM, William Herrin wrote:
The U.S. National Security Agency knew for at least two years about a flaw
in the way that many websites send sensitive information, now dubbed the
Heartbleed bug, and regularly used it to gather critical intelligence,
two people familiar with the
OK, now... it's far too late for April Fool's. :(
That's scary as heck. :(Guess I know what the first order of
business will be tomorrow...
- Pete
On 4/8/2014 1:06 AM, Paul Ferguson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I'm really surprised no one has mentioned this
Not just run the updates -- all private keys should be changed too, on
the assumption that they've been compromised already. THAT is going to
be the crappy part of this.
- Pete
On 4/8/2014 1:13 AM, David Hubbard wrote:
RHEL and CentOS both have patches out as of a couple hours
ago, so run
This has been a solved problem for a long time. You just need to
implement Virtual Local Ant Nest (VLAN) and use overlapping local
address schemes.
On 4/5/2014 2:32 AM, Andrew D Kirch wrote:
So, if there's more than 4 billion ants... what are they going to do?
Andrew
On 4/5/2014 1:44 AM,
On 3/28/2014 12:57 AM, Randy Bush wrote:
Alexander Neilson alexan...@neilson.net.nz wrote:
I wonder if they should be invited to only post a single message with
the titles and links to the alerts so that people can follow it up.
i would prefer that the header be in blue, the titles in green,
I've been quite happy with the servers I'm renting from OVH
(http://www.ovh.com/ca/en/) in their new Montreal data center, which is their
entry into the North American market; they've operated in Europe for quite a
long time.
- Pete
--- kam...@ak-labs.net wrote:
From: Carlos Kamtha
On 2/4/2014 5:00 PM, Mark Andrews wrote:
Nope: it's easy to explain; you merely have to be a cynical bastard:
Attack traffic takes up bandwidth.
Providers sell bandwidth.
It *is in their commercial best interest (read: maximizing shareholder
value) *NOT* to filter out DOS, DDOS, and spam
On 9/17/2013 2:51 PM, Leo Bicknell wrote:
In a message written on Tue, Sep 17, 2013 at 07:11:23PM +0300, Martin T wrote:
counting traffic on inter-switch links is kind of cheating, isn't it?
I mean if input bytes and output bytes on all the ports facing the
IX members are already counted, then
On 9/5/2013 12:17 AM, valdis.kletni...@vt.edu wrote:
On Wed, 04 Sep 2013 20:47:40 -0500, Leo Bicknell said:
There's still the much more minor point that when I tried to self
serve I ended up at a blank page on the Yahoo! web site, hopefully they
will figure that out as well.
I'm continually
On 9/5/2013 1:20 AM, Larry Sheldon wrote:
On 9/4/2013 11:56 PM, Peter Kristolaitis wrote:
On 9/5/2013 12:17 AM, valdis.kletni...@vt.edu wrote:
On Wed, 04 Sep 2013 20:47:40 -0500, Leo Bicknell said:
There's still the much more minor point that when I tried to self
serve I ended up at a blank
The issue was studied thoroughly by a committee of MBAs who, after
extensive thought (read: 19 bottles of scotch), determined that there
was money to be made.
whatcouldpossiblygowrong?
- Pete
On 9/3/2013 11:09 PM, Jay Ashworth wrote:
Whackiness, predictably, ensues:
On 08/20/2013 09:52 AM, Harald Koch wrote:
On 20 August 2013 09:05, Randy Bush ra...@psg.com wrote:
ok, i have heard privately from folk who i respect. cira seems to be on
the up and up and doing good professional work.
haha. yes, because Canadians are normally so sinister and nefarious...
On 8/18/2013 1:11 AM, Jimmy Hess wrote:
On Sat, Aug 17, 2013 at 8:58 PM, Randy Bush ra...@psg.com wrote:
for your morning, or whatever time of day it is to you, giggle
lol...
Ah... they must want form #298446.3B-II; request for login shell and
root password from complete random
But the switches themselves are a single point of failure, so if a
switch dies you still only have a single provider (assuming one switch
per provider). ;)
All you're doing is moving the your single point of failure from the
routers to the switches, with arguably very little increase in
You need to talk to your marketing/sales department and have them figure
out how many existing clients you would retain by maintaining the
current level of service, how many clients you would lose with lower
quality of service, and how many clients you would attract with better
service. From
There isn't any reason that you couldn't offer ALL of those services.
Spin off the layer 1 2 services as a separate entity as far as finance
legal is concerned, then treat the muni ISP as just another customer
of that entity, with the same pricing and service that's offered to
everyone
Alternatively, just disable encryption by using --cipher none if you
only care about the L2 bridging and don't care about the encryption
aspect. You should get a huge performance boost through the tunnel and
it would be the same thing as dropping a dedicated circuit in there.
Of course,
On 1/3/2013 9:08 PM, Jimmy Hess wrote:
I am not sure why this would be classified as a feature request. If it
is impacting you, and you had service before, then is an
Outage/Defect/Bug, full stop. Describing working service for a
previously supported scenario as a feature request would be
On 12/29/2012 7:41 PM, Mark - Syminet wrote:
On Dec 14, 2012, at 7:52 AM, Peter Kristolaitis alte...@alter3d.ca wrote:
On 12/14/2012 10:47 AM, Randy wrote:
I don't have hundreds of dollars to get my ssl certificates signed
You can get single-host certificates issued for free from StartSSL
Yes, some SSL providers (mostly the overpriced ones) like to license
their certs on a per-server basis. If you read the contract language,
this is how it's written. However, this is strictly a contractual
issue, not a technical one. It's just a way to squeeze more money out
of people who
Drifting a big off topic for NANOG (but hey, that happens every /pi/
days anyways!), but I'll toss this in...
Like every other legal incident, it would be unique to your own
situation. Keep in mind that, should any of the charges you mentioned
go to court, the prosecution would have to prove
On 12/14/2012 10:47 AM, Randy wrote:
I don't have hundreds of dollars to get my ssl certificates signed
You can get single-host certificates issued for free from StartSSL, or
for very cheaply (under $10) from low-cost providers like CheapSSL.com.
I've never had a problem having my StartSSL
black
california state university, long beach
-Original Message-
From: Peter Kristolaitis [mailto:alte...@alter3d.ca]
Sent: Friday, December 14, 2012 7:53 AM
To: nanog@nanog.org
Subject: Re: Gmail and SSL
On 12/14/2012 10:47 AM, Randy wrote:
I don't have hundreds of dollars to get my
I'm getting the same thing when I try to access the web interface, but
SMTP IMAP seem to be working fine at the moment.
- Peter
On 12/10/2012 11:56 AM, Philip Lavine wrote:
getting a 502 error
On 12/5/2012 8:35 AM, Joe Greco wrote:
An end user operating a TOR exit node, or wide open Wireless AP,
intentionally allows other people to connect to their infrastructure
and the internet whom they have no relationship with or prior
dealings with, in spite of the possibility of network
On 11/30/2012 04:01 PM, Naslund, Steve wrote:
I am a little concerned that this guy keeps a safe deposit box with a burner
phone and cash around. Is he a CIA agent? :)
Anyone who DOESN'T have such things stashed away somewhere is, IMHO,
incredibly naive and taking on quite a large amount
of a crime., you are OK with this
guys keeping the defense fund?
Steve
-Original Message-
From: Peter Kristolaitis [mailto:alte...@alter3d.ca]
Sent: Friday, November 30, 2012 3:53 PM
To: nanog@nanog.org
Subject: Re: William was raided for running a Tor exit node. Please help
if you can
I recommend TekSavvy (www.teksavvy.com) as a DSL reseller pretty much
anywhere in Ontario (and any other provinces they can get service in).
Not sure why they're not on that CLEC list, but they're a pretty big
(and awesome) provider up here. For bonus points, if you have to call
their
On 12-08-29 04:55 PM, Jay Ashworth wrote:
- Original Message -
From: William Herrin b...@herrin.us
That's very poor practice. Each announcements costs *other people* the
better part of $10k per year.
That sounds ... really really big to me, Bill. Do you have a source
for that
On 12-08-20 04:25 PM, Leo Bicknell wrote:
In a message written on Mon, Aug 20, 2012 at 04:12:22PM -0400, Patrick W.
Gilmore wrote:
The story: A piece of underground cable went bad. The techs didn't pull new underground cable.
They decided it was better to do it arial (if you can call 2 feet
.
Pete
Owen DeLong o...@delong.com wrote:
I've never met a dog properly trained in ACLS and I'm pretty sure that a gun
isn't even useful for BLS.
Owen
On Aug 4, 2012, at 7:53 PM, Peter Kristolaitis alte...@alter3d.ca wrote:
Considering that none of the services that can be dispatched by 911
Considering that none of the services that can be dispatched by 911 are legally
required to help you in most North American jurisdictions (i.e. if you call
911 and the police don't respond until they finish eating their box of donuts,
they're not criminally or civilly liable), having working
On 7/5/2012 12:47 AM, Roy wrote:
Rather than discussing the pros and cons of UTC and leap seconds, just
create your own time system.
You could call it OpenTime. OpenTime will use NTP servers where the
Stratum 1 servers are synced to some time standard that doesn't care
about leap seconds.
You could have saved yourself a bit of typing by leaving off the last 5
words of that sentence. ;)
- Pete
On 6/30/2012 6:42 PM, Grant Ridder wrote:
I don't understand why anyone would use windows server for anything that
needed precision like time.
On Sat, Jun 30, 2012 at 5:39 PM, Keith
On 12-06-11 03:14 PM, Simon Perreault wrote:
On 2012-06-11 15:05, Owen DeLong wrote:
OK, someone shows you a Quebec driver's license. You ask for a
passport, she says, I don't have one, and points at the blue word Plus
after the words Permis de Conduire at the top of the license. Now
what?
On 6/7/2012 9:22 AM, James Snow wrote:
On Wed, Jun 06, 2012 at 11:14:58PM -0700, Aaron C. de Bruyn wrote:
Imaging signing up for a site by putting in your email and pasting
your public key.
Yes! Yes! Yes!
I've been making this exact argument for about a year. It even retains
the same email a
On 12-06-05 11:32 AM, Andrew Latham wrote:
On Tue, Jun 5, 2012 at 10:52 AM, Green, Timothy
timothy.gr...@mantech.com wrote:
Howdy all,
I'm a Security Manager of a large network, we are conducting a Pentest next month and the
testers are demanding a complete network diagram of the entire
On 12-06-05 03:48 PM, Brett Watson wrote:
On Jun 5, 2012, at 9:52 AM, Peter Kristolaitis wrote:
As far as horror stories... yeah. My most memorable experience was a guy
(with a CISSP designation, working for a company who came highly recommended)
who:
- Spent a day trying to get his
You're not allowed to sign an NDA, but you expect other people to
violate the ones that they've signed by disclosing pricing to you?
Yeah, I'm sure everyone will get right on that...
- Pete
On 6/3/2012 12:41 AM, Nabil Sharma wrote:
I am not allowed to sign NDA, can someone please send me
If you believe that they have no legal right to keep the data private,
then obviously any NDA surrounding that data is unenforceable, so you
should have no problems signing it yourself and then completely ignoring
its terms as you're asking others to do. I'm sure the judge at your
civil suit
You're using Verizon Math. ;) (If you don't know what this is, go
Google it!)
0.75 cents is not 0.75 dollars.point 75 cents == $0.0075.
$0.0075 * 1000 = $7.50
- Peter
On 12-05-15 05:51 PM, A. Pishdadi wrote:
last time i checked .75 x 1000 = 750
On Tue, May 15, 2012 at 9:58 AM,
I use Cogent as one of our upstreams at work, and I'll basically
reiterate what others have said -- overall, I'd have no problems
recommending them. Their routing can sometimes be a little weird
(though this is MUCH better now than it was a couple of years ago), so I
wouldn't necessarily use
I'm trying to determine if this is supposed to be an exercise in
How To Annoy Your Sysadmins
or
How To Do Network Security The Really, Really Wrong Way
or some combination of the two
- Pete
On 12-03-12 04:34 PM, Maverick wrote:
Like list of sites that operating systems or
On 12-03-12 04:53 PM, William Herrin wrote:
On Mon, Mar 12, 2012 at 4:40 PM, Peter Kristolaitisalte...@alter3d.ca wrote:
On 12-03-12 04:34 PM, Maverick wrote:
Like list of sites that operating systems or applications installed on
your machines go to update themselves. One way could be to go
On 12-02-17 03:05 PM, Leigh Porter wrote:
Did anybody say beer yet?
Don't forget the 30lb sledgehammer for those times when, ah, percussive
maintenance is the only possible solution. ;)
(Might be a bit hard to fit into a vending machine though... maybe the
colo staff could just rent one
On 12-01-19 10:46 AM, valdis.kletni...@vt.edu wrote:
On Thu, 19 Jan 2012 21:52:52 +0900, Randy Bush said:
uselessness, with more crap welded on to it than envisioned in mad max.
oooh... steampunk BGP. ;)
The Internet is like a series of (steam) tubes? ;)
- Peter
Wow! Congrats to the Comcast crew, that's absolutely awesome!
Definitely interested in hearing any lessons learned that you can
share from the exercise.
- Pete
On 1/10/2012 6:24 PM, Jeremy Bresley wrote:
Hadn't seen this mentioned yet.
(it looks like the comments I provided on the form
aren't being read, as the link I provided to some of our log snippets
showing the problem hasn't been hit).
Thanks!
- Peter Kristolaitis
http://www.comcastsupport.com/rbl
Your hypothetical scenario assumes you're the only organization
compromised by the flaw (or one of very few), and not #3972 on the list,
in which case the company could go bankrupt before a court can hear your
case, and the liability protection they offered you is worth the
electrons it's
Octopussy (8pussy.org) is another option as well. Natively ties into
various network monitoring packages (Nagios, Zabbix) for alerting
capabilities.
- Peter
On 11/8/2011 3:00 PM, Charles N Wyble wrote:
Yes. Check out rsyslog and logstash.
joshua.kl...@gmail.com wrote:
Hi,
If I may
Really? You can just connect with SSH?
root@somebox:~# ssh 1.2.3.4
The authenticity of host '1.2.3.4 (1.2.3.4)' can't be established.
RSA key fingerprint is 03:26:2c:b2:cd:fd:05:fc:87:70:4b:06:58:40:e7:c3.
Are you sure you want to continue connecting (yes/no)?
That's no different that having
77 matches
Mail list logo