On Mon, 03 Oct 2016 11:58:10 -0700, Stephen Satchell said:
> > THEREFORE the Consumer Product Safety Commission shall require that
> > the manufacturer provide a security update to the device within 30 day
> > of first notice; or failing that, to issue a complete recall of the
> > defective
On Tue, 27 Sep 2016 20:44:35 -, "White, Andrew" said:
> This assumes the ISP manages the customer's CPE or home router, which is
> often not the case. Adding such ACLs to the upstream device, operated by the
> ISP, is not always easy or feasible.
Hopefully, if you've been burnt by this, you
On Sun, 25 Sep 2016 21:19:31 -0700, Hugo Slabbert said:
> Linux:
> From /etc/sysctl.conf:
>
> # Uncomment the next two lines to enable Spoof protection (reverse-path=20
> # filter)
> # Turn on Source Address Verification in all interfaces to
> # prevent some spoofing attacks
>
On Thu, 22 Sep 2016 14:31:12 +0200, Alexander Maassen said:
> Maybe its time then for a global accepted, unified way to send/report abuse?
YOu mean ike these RFCs? (OK, so it's an XML schema. Just be glad
it isn't ASN.1 :)
5070 The Incident Object Description Exchange Format. R. Danyliw, J.
On Mon, 19 Sep 2016 13:19:43 -0400, Jeff Jones said:
> networksolutions.com and am looking for input on who is cheap, secure,
> reliable registrar. Thanks for your input.
cheap, secure, reliable - pick any two.
(The driver here is "cheap" - the other two criteria can be almost anything,
but to
On Wed, 21 Sep 2016 11:29:49 +1000, Mark Andrews said:
> What we need is business tech reporters to continually report on
> these failures of content providers to deliver their services over
> IPv6. 20 years lead time should be enough for any service.
Interestingly enough, the Playstation 4 has
On Mon, 19 Sep 2016 10:41:59 +1200, "Tony Wicks" said:
> Interestingly, Sony (SNEI-NOC-Abuse replied to being forwarded back one of their notification blocks requesting
> more detailed information with a csv file in under an hour!
So I guess
On Thu, 15 Sep 2016 09:22:10 -0700, "Aaron C. de Bruyn" said:
> On Thu, Sep 15, 2016 at 12:31 AM, Mark Andrews wrote:
>
> > QWEST isn't the only DNS provider that has broken nameservers. One
> > shouldn't have to try and contact every DNS operator to get them to
> > use protocol
On Tue, 13 Sep 2016 08:29:25 -0400, Alain Hebert said:
> Well "may" is not "must".
>
> â260.34. An Internet service provider may not give access to an online
> gambling site whose operation is not authorized under Québec law.
Note that most legal jurisdictions don't include RFC2119 as part
On Mon, 12 Sep 2016 14:07:47 -0400, Jean-Francois Mezei said:
> So there are some cases where BGP hijacking may be desirable. I guess
> this is where judgement kicks in.
I don't see "hijacking" in your description of the iStop case - it appears
to have been fully coordinated and with permission.
On Thu, 08 Sep 2016 23:09:28 -, Pshem Kowalczyk said:
> If I give them public IPs then they're routable and potentially can reach
> the internet via devices that don't police the traffic.
They can potentially reach the Internet even without public IPs.
All it takes is one idiot with a
On Tue, 30 Aug 2016 14:39:10 -0700, Owen DeLong said:
> I run a pair of nameservers. Letâs call them ns1.company.com
> and ns2.company.com
> Someone registers example.com and points NS records in the COM zone at my
> nameservers.
I would have expected that the resulting NXDOMAIN replies from
On Sat, 27 Aug 2016 10:34:36 -, Mel Beckman said:
> But mailop doesn't have the same odd mix of people as nanog. For example, I'm
> not on mailop. :)
And apparently you need to know the secret handshake to get on.
After Chrome complained the SSL cert on the subscription page had
expired 6
On Wed, 17 Aug 2016 01:11:09 +0200, Jonathan Hall said:
> And either way, defamation requires some form of punitive damage be proven in
> order to act ually win that case.
In addition to the other things already pointed out, punitive damage doesn't
need to be proven.
*Actual* damages have to be
On Tue, 16 Aug 2016 17:53:23 +0200, Niels Bakker said:
> An actual lawyer! Where were you in the CloudFlare booters thread, though?
Keeping sensibly quiet, I think... :)
pgp7DwJ_2f90w.pgp
Description: PGP signature
On Mon, 15 Aug 2016 11:16:26 -0400, Jon Lewis said:
> Obvious first question would be, have you fallen behind paying your bill?
And if you're in fact up-to-date, make sure you have *proof* of same. It's
not unheard of for providers to mis-credit your payments and then think you're
behind.
On Wed, 03 Aug 2016 10:53:22 -0400, Alain Hebert said:
> Between you and me, if only Elbonia are left DDoSing at 100Gbps, we
> simply de-peer the commercial subnets from that country (leaving the
> govt subnets up obviously)
Explain why, for those of us who don't see it as obvious.
On Tue, 02 Aug 2016 19:16:04 -0700, Eric Kuhnke said:
> But but but... cloud! THE CLOUD! Cloudy clouds fluffy white flying
> through the air, you should move everything to the Cloud (tm).
Running the stuff you need to keep your own network running on the cloud?
That's the sort of thing I
On Fri, 29 Jul 2016 07:50:09 -0500, "J. Oquendo" said:
> In my ramblings on "Why network operators love filth", I
> associate a landlord that knowingly allows his/her tenant
> to sell drugs. In America, your house is gone. This should
> be the case on the Internet as well.
Oh, do *NOT* go there.
On Thu, 28 Jul 2016 12:00:00 +0200, Baldur Norddahl said:
> DDoS attacks using stolen resources and fake identities is not legal
Are you making a blanket statement that covers all jurisdictions on
the planet?
For bonus points - is it more like "illegal as in murder", or "illegal
as in
On Wed, 27 Jul 2016 22:55:54 -0400, Miles Fidelman said:
> On 7/27/16 10:48 PM, Randy Bush wrote:
> >> They just lost all respect from here. Would someone from USA please
> >> report these guys to the feds? What they are doing is outright
> >> criminal.
> > hyperbole. it is not criminal. you
On Thu, 28 Jul 2016 10:48:47 +1000, Mark Andrews said:
> As soon as a transaction takes place, conspiricy to harm by
> . If the DoS actually occurs you can add additional charges for
> the actual actions.
If the claim is that a law has been broken, you have to show that is
actually a crime in
On Wed, 27 Jul 2016 11:21:02 -0700, Dan Hollis said:
> On Wed, 27 Jul 2016, b...@theworld.com wrote:
> > There isn't even general agreement on whether (or what!) Cloudfare is
> > doing is a problem.
>
> aiding and abetting. at the very least willful negligence.
aiding and abetting of what,
On Fri, 22 Jul 2016 10:54:48 +0200, Ricardo Ferreira said:
> Is there anyone here working in an ISP where IPv6 is deployed?
> We are starting to plan the roll-out IPv6 to mobile subscribers (phones) I
> am interesting in knowing the mask you use for the assignment; whether it
> is /64 or /128.
>
>
On Tue, 12 Jul 2016 15:30:11 +0300, Nikolai Petrov said:
> Is there any way to limit the amount of devices in a subnet to avoid problems
> and attacks? I don't think the equipment will work with 2^64 devices in a
> single subnet..
Sure. Just don't connect that many devices to one subnet, just
On Sun, 10 Jul 2016 21:53:52 +0300, Nikolai Petrov said:
> 1. Currently we do not have IPv6 in our network but I have seen the ISP is
> giving us a "/56 Block" which from what I understand is a couple hundred "/64
> Subnets". I think you can only have /64 subnets in IPv6. In our IPv4 setup we
On Sat, 09 Jul 2016 12:14:03 +0300, Saku Ytti said:
> Check the implementation on your PC. This is why code is broken and
> people don't even know it's broken. You have to use monotonic time to
> measure passage of time, which is not particularly easy to do
> portable, in some languages.
It
On Wed, 06 Jul 2016 13:23:04 -0400, Christopher Morrow said:
> On Mon, Jul 4, 2016 at 3:03 PM, Jay Ashworth wrote:
>
> > Seems to me that the proper thing to be done would have been for
> > Registries to deauthorize registrars on the grounds of continuous streams
> > of
On Tue, 05 Jul 2016 11:54:14 -0400, Spencer Ryan said:
> The Palo-Alto's also don't support anything but NAT64,
They don't support proper dual-stack?? Or NAT64 is the only NAT flavor
they support on the v6 side?
pgpMGuNc6KiEk.pgp
Description: PGP signature
On Fri, 01 Jul 2016 21:28:54 -0500, Edgar Carver said:
> We're having problems where viruses are getting through Firefox, and we
> think it's because our Palo Alto firewall is set to bypass filtering for
> IPv6.
Do you have any actual evidence (device logs, tcpdump, netflow, etc) that
support
On Tue, 05 Jul 2016 11:16:31 +0900, Masataka Ohta said:
> A large ISP should just set up usual NAT. In addition, the ISP
> tells its subscriber a global IP address, a private IP address
> and a small range of port numbers the subscriber can use and
> set up *static* bi-directional port
On Tue, 14 Jun 2016 14:57:40 -0400, "Ricky Beam" said:
> I've seen many "IPv6 Capable" CPEs that apply ZERO security to IPv6
> traffic. IPv4 goes through NAT, so one gets the pseudo-security of not
> being directly touchable from the internet.
And a very big *PSEUDO* on that. It's amazing how
On Mon, 13 Jun 2016 22:11:47 +0300, Max Tulyev said:
> Is it possible in general to measure the quality of Internet access? And
> if yes - how?
First, *define* "quality". Raw bandwidth to a test server? Raw bandwidth
to a weighted average of the Alexa Top 100? Does RTT/bufferbloat count?
What
On Mon, 13 Jun 2016 03:27:41 +0200, Baldur Norddahl said:
> On 13 June 2016 at 02:05, Owen DeLong wrote:
>
> 1) lower case
> 2) as short as possible, except do not shorten just one :0: into ::.
> 3) if there is more than one possible :: block that results in the same
> shortest
On Fri, 10 Jun 2016 22:22:31 -0700, subashini hariharan said:
> The aim is to detect DoS/DDoS attacks using the application. I am going to
> use ELK (ElasticSearch, Logstash, Kibanna) for processing the logs (Log
> Analytics).
Bad approach. At that point, not only is the application being
On Sat, 11 Jun 2016 00:21:52 +0900, Masataka Ohta said:
> As such, the fish passages can be constructed, if translation
> behavior of the NAT boxes are known to end systems so that
> the end systems have sufficient knowledge to reverse the
> translation.
This requires each end system to restrict
On Fri, 10 Jun 2016 20:12:43 -, "STARNES, CURTIS" said:
> and the Chromebook content filtering is not IPv6 compatible either
So what are you using for content filtering? A quick google search
indicates that there do exist filtering solutions that are IPv6
capable?
And what *non* Chromebook
On Fri, 10 Jun 2016 19:39:38 -, "STARNES, CURTIS" said:
> - Unix such as System V/BSD/Open Systems/AIX/SCO/HP-UX/Sun Solaris would each
> rule the world.
Compare the number of Android devices (basically every single smartphone
on the planet that doesn't say iPhone) to the number of laptops
On Fri, 10 Jun 2016 07:19:22 +0100, "t...@pelican.org" said:
> All the business systems that sit around it? Not so much. $DAYJOB has
> plenty of code, database structures etc that are built around "an IP address
> is
> no more than 15 characters long and matches
>
On Mon, 06 Jun 2016 14:59:51 -0600, Maximino Velazquez said:
> What is the best syslog server (opensource)?
Step 0: Define what "best" means in your environment.
What features do you need? Routing to a central aggregation server over TLS?
Powerful regex-based routing? Ingestion into a
On Mon, 06 Jun 2016 20:30:02 +0100, Aled Morris said:
> Maybe HE's IPv6 tunnel packets could be flagged with a destination option
> (extension header field) that records the end-user's IPv4 tunnel endpoint
> so geolocation could be done in the "old fashioned" way on that address.
>
> Similar to
On Fri, 03 Jun 2016 17:21:16 -0700, Blair Trosper said:
> ...IF (and that's a big IF in the Bay Area at least) you can get the newest
> modems. Easier said than done.
http://www.amazon.com/ARRIS-SURFboard-SB6141-DOCSIS-Cable/dp/B00AJHDZSI/
$68.75 and Done. And the damned thing even pays for
On Thu, 02 Jun 2016 14:11:57 -0700, Todd Crane said:
> According to bgp.he.net and ARIN, craigslist has 2620:7E::/44 which is
> announced on several transits. Curious as to what they use it for if not
> Web, MX, or DNS.
Well, for starters, they could put a quad-A in the DNS for
On Thu, 02 Jun 2016 15:45:33 -0500, Darin Steffl said:
> Have been getting reports of the same thing. Went to the craigslist help
> forums where some people there decided to call us a fake ISP because we
> don't hand out publics to every customer. They were VERY rude and hopefully
> none of them
On Sun, 15 May 2016 15:21:02 -, Mel Beckman said:
> But a more critical deployment of rubidium clocks is in cash-strapped public
> safety institutions, such as local police dispatch centers. Timing is crucial
> for the squad car communication systems, which these days are all digital,
> based
On Wed, 11 May 2016 17:23:31 -0700, Eric Kuhnke said:
> average of $150/mo x 500 = $75,000
Id worry more about the fact that somebody is willing to spend $75K/mo to
attack me than the fact that it might be possible to wiggle my time base a bit.
At that point, you *really* have to worry about
On Wed, 11 May 2016 21:07:21 +0200, Florian Weimer said:
> * Chris Adams:
>
> > First, out of the box, if you use the public pool servers (default
> > config), you'll typically get 4 random (more or less) servers from the
> > pool. There are a bunch, so Joe Random Hacker isn't going to have a
> >
On Wed, 11 May 2016 15:36:34 -, "Jay R. Ashworth" said:
> CDMA and GSM are false diversity: both network types nodes *get their time*
> from GPS, so far as I know.
I'll make the fairly reasonable assumption that most readers of this list have
networks that span multiple buildings.
If
On Tue, 10 May 2016 08:07:15 -0700, Brandon Vincent said:
> On May 10, 2016 7:59 AM, "Stephane Bortzmeyer" wrote:
> > Yes, but they may switch it off for civilian use (by going encrypted,
> > for instance) at any time, if it is better for *their* operations.
>
> I think you are
On Tue, 10 May 2016 16:39:54 +0200, Stephane Bortzmeyer said:
> You mean the GPS network is not managed by an external entity? With
> budget issues?
>
> http://www.schriever.af.mil/GPS
Note that they *do* have motivation to keep it working, simply because
so much of their *own* gear (from gear
On Sat, 30 Apr 2016 19:10:44 -, "Jakob Heitz (jheitz)" said:
> A use case for a longer prefix with the same nexthop:
>
>F
> / \
> D E
> | |
> B C
> \ /
>A
Am I the only one thinking "RFC4264" here? :)
pgpI3q583g2Ao.pgp
Description: PGP signature
On Thu, 28 Apr 2016 04:30:23 -, Ryan Finnesey said:
> I was wondering if anyone had any recommendations on carrier grade fax boards
> that are SIP based?
What would "carrier grade" even *mean* for a fax board?
pgpnbu6lUPiJ5.pgp
Description: PGP signature
On Thu, 14 Apr 2016 16:43:00 -0700, Todd Crane said:
> You do realize that this is the exact kind of thing that caused this
> discussion in the first place. I'm well familiar with that case. I was talking
> about my own experiences in the food service industry, but of course you
> barely
> read
On Tue, 12 Apr 2016 22:57:42 -0700, Todd Crane said:
>.What ever happened to holding people responsible for being
> stupid. When did it start becoming ((fill in the blank)) coffee shop
> for you burning your tongue on your coffee
Whatever happened to holding people responsible for fact checking
On Tue, 12 Apr 2016 20:17:03 -0400, Jean-Francois Mezei said:
> All GeoIP services would be forced to
How?
pgpE7Fsimh3CW.pgp
Description: PGP signature
On Mon, 11 Apr 2016 21:13:48 +0200, Niels Bakker said:
> * baldur.nordd...@gmail.com (Baldur Norddahl) [Mon 11 Apr 2016, 21:02 CEST]:
> >They should stop giving out coordinates on houses period. Move the
> >coordinate to the nearest street intersection if you need to be that
> >precise (I would
On Sun, 10 Apr 2016 15:33:43 -0400, b...@theworld.com said:
>
>
>
> Ya know, this is the problem with this kind of list groupthink.
>
> Who cares what his motivations are unless he asks for help with that
> underlying problem?
Because when people apply band-aid solutions rather than fixing the
On Sun, 10 Apr 2016 17:07:47 +0300, Max Tulyev said:
> Customers see timeouts if I blackhole Google network. I looking for
> alternatives (other than stop providing IPv6 to customers at all).
"Doctor, it hurts when I do this.." "Then don't do that..."
Why are you blackholing Google?
On Sun, 10 Apr 2016 16:29:39 +0300, Max Tulyev said:
> I need to stop IPv6 web traffic going from our customers to Google
> without touching all other IPv6 and without blackhole IPv6 Google
> network (this case my customers are complaining on long timeouts).
>
> What can you advice for that?
On Fri, 01 Apr 2016 18:02:56 -, Eric A Louie via NANOG said:
> I suppose we have a customer who is an Azure customer that wants to know if
> their Azure traffic will stay in our network or still go through the Internet.
As a practical matter, if they're using the answer for a security
On Thu, 31 Mar 2016 10:02:05 +0200, "marcel.duregards--- via NANOG" said:
> We consider port scan and brute force on ssh port as an attack, and even
So explain to me why you don't have ACLs that silently drop inbound SYN
packets on port 22 from outside your allocated address space? (And if
you
On Fri, 25 Mar 2016 23:15:25 -0700, Todd Crane said:
> Last time I called them on a Friday night, it was because they announcing
> (not originating but bad nevertheless) the IPv6 default route.
I'm tempted to say that forwarding it is even worse than originating it,
because it proves they
On Tue, 22 Mar 2016 12:11:11 -0400, Sean Donelan said:
> Why do you have two circuits with only 40% utilization. The auditor says
> that's waste, and you only need one circuit at 80% utilization for half
> the cost.
And of course, said auditor is probably near impervious to the very real
and
On Sun, 20 Mar 2016 12:07:31 -0700, Roy said:
> Here is an even better one. This one recycles the power when it loses
> contact with the internet.
Depending on its definition of "lose contact with the Interent", that could
result in interesting failure modes - everything from hundreds of them
On Fri, 18 Mar 2016 21:29:44 -, "Jakob Heitz (jheitz)" said:
> A single bit error will drop a whole packet.
> Larger packets will cause more loss. Cables will need to be
> shorter or bitrates lower to compensate.
If that's an actual concern in your production network, you probably have
bigger
On Mon, 14 Mar 2016 11:15:29 -0700, Owen DeLong said:
> > On Mar 13, 2016, at 20:58 , valdis.kletni...@vt.edu wrote:
> > Especially if you drop it and it manages to bounce through a cutout in the
> > raised floor. That's got to be the single best reason for overhead
> > cabling. :)
> Because
On Sun, 13 Mar 2016 22:21:48 -0400, "Oliver O'Boyle" said:
> Just place a piece of tape under the padding and it won't slide anymore. 5
> seconds of extra work per end, though.
I dunno. Your dexterity must be better than mine. I'd have trouble digging up
the roll of tape, removing a section,
On Sat, 05 Mar 2016 23:46:59 +0200, Mark Tinka said:
> If you want IPv6 DNS resolvers, DHCPv6 is a good option, which means a
> hybrid of DHCPv6 and SLAAC is reasonable.
And note that there isn't any problem with a machine getting an IPv6 address
via SLAAC *and* getting another one via DHCPv6 -
On Mon, 29 Feb 2016 09:24:42 +0700, "Roland Dobbins" said:
> On 29 Feb 2016, at 6:26, Baldur Norddahl wrote:
>
> > Around here they are currently voting on a law that will require unsampled
> > 1:1 netflow on all data in an ISP network with more than 100 users.
>
> That's interesting, given that
On Fri, 26 Feb 2016 10:52:55 -0500, Jay Nugent said:
> However, if a 'provider' wishes to block ANYTHING, then they need to
> inform the customer IN WRITING exactly what will be blocked so that
> customer doesn't waste their time and money with said (limited) service
> and vote with their
On Wed, 24 Feb 2016 16:51:55 -0500, "Patrick W. Gilmore" said:
> Or do you think Cogent is paying all of them? That is a possibility, but it
> means that Cogent is not getting paid - by definition.
All depends how creative their accountants are... :)
pgpW8dCKWjsxu.pgp
Description: PGP
On Tue, 02 Feb 2016 14:26:14 +, Nick Hilliard said:
> Jared Mauch wrote:
> > I can create a catv or similar list easily. good name
> > suggestions welcome.
>
> "There are only two hard things in Computer Science: cache invalidation
> and naming things".
They're only hard because all
On Thu, 28 Jan 2016 14:46:33 +0100, Bacon Zombie said:
> Do all "smart" TVs and Game consoles fully support IPv6 out of the box?
Specific data points: The PS/3 and PS/4 consoles do *not* do so. My Vizio TV
also apparently does not - it *does* dhcp for an ipv4, but does naught
that produces an
On Sat, 23 Jan 2016 14:02:52 -0500, Daniel Corbe said:
> How come? What situations would you run into that are so urgent about
> updating
> prefix lists that the task canât be put off for a few hours?
Those of you who have cron jobs doing an automatic pull can be quite surprised
by scenarios
On Tue, 19 Jan 2016 15:41:31 -0600, Rafael Possamai said:
> I fail to see how drones relate to fiber cuts and the superbowl. Did the
> article author just throw that in there? The news helicopter getting aerial
> footage also poses a risk, so not sure what's special about drones.
Drones don't
On Sun, 17 Jan 2016 19:39:52 -0500, b...@theworld.com said:
> How about if backed by an agreement with the 5 RIRs stating no new
> resource allocations or transfers etc unless a contract is signed and
> enforced? Or similar.
Then they'd just resort to hijacking address space.
Oh wait, they
On Sat, 16 Jan 2016 09:53:40 -0500, Rich Kulawiec said:
> I've said this many times: abuse does not magically fall out of the sky.
> It comes from hosts, on networks, run by people. It is time -- well
> past time -- to hold those people *personally* acountable.
And who, *exactly*, are you
On Sat, 16 Jan 2016 11:09:27 -0800, Owen DeLong said:
> > Making the owner of the host responsible for an attack -personally-
> > responsible would require every grandma & 6 year old to have insurance
> > before
> > buying a laptop or Xbox. And would bankrupt your favorite startup no matter
> >
On Thu, 14 Jan 2016 16:04:54 +0100, Seth Mos said:
> lsintra:~# telnet 62.214.62.205 443
> lsintra:~# telnet 2001:1438:1:2::d 443
> Is it possible for Google to realize some form of internal monitoring to
> catch these defunct dual stack nodes?
A traceroute to both would help greatly in
On Mon, 11 Jan 2016 12:25:17 +, Marc Storck said:
> I'm looking for a Yahoo email administrator who could contact me offlist.
> Error: "421 4.7.1 [TS03] All messages from x.x.x.x permanently deferred"
If you find one, tell them to go look up the difference between 4xx and 5xx
return codes.
On Sun, 10 Jan 2016 20:45:25 -0500, "Eric Rogers" said:
> Thank you for all that have responded, and this response has been the
> majority, to leave well enough alone. I guess I was hoping that maybe I could
> offer a new way to help narrow this search down.
The only thing that's more likely to
On Sun, 10 Jan 2016 14:04:13 +, Alan Buxey said:
> as for carriers pipes...will, if multicast was seriously taken up then eg OS
> updates could be streamed out on regular updates
You can multicast the Super Bowl, because to a rather high rate of accuracy
you can assume that everybody who
On Sat, 09 Jan 2016 11:12:16 -0600, Mike Hammett said:
> Bytes uploaded and\or downloaded. That's all that should matter. Initiated by
> you or not.
You want to be the one explaining to your customer that the reason they
got charged for 20G of unexpected transfer was because their 3 Windows 8
So we went round and round back in November regarding Binge On! and whether
it was net neutrality. So here's some closure to that...
The EFF did some testing and discovered that what T-Mobile is actually doing
doesn't match what they said it was...
On Mon, 04 Jan 2016 15:35:05 -0800, Owen DeLong said:
> You do realize that the query source address is not 8.8.8.8 when it goes to
> the
> authoritative server, right?
As I said:
> So in how many of the 196 or so extant countries does 8.8.8.8 resolve to
> a host which, when it sends a query
On Mon, 04 Jan 2016 13:52:46 -0800, Damian Menscher said:
> While I agree with your general sentiment about 3xx responses (often used
> to redirect example.com to www.example.com) I think your concerns about
> 8.8.8.8 are over-stated. 8.8.8.8 is deployed in many locations, which
> gives
On Mon, 04 Jan 2016 17:23:20 -0500, Christopher Morrow said:
> https://developers.google.com/speed/public-dns/faq?hl=en
>
> there I asked jeeves for ya!
> > So in how many of the 196 or so extant countries does 8.8.8.8 resolve to
> > a host which, when it sends a query up the chain, appears to be
On Mon, 04 Jan 2016 16:42:45 -0800, Owen DeLong said:
> Another alternative discussed, but Netflix seems so far to be unconvinced:
>
> If you come via IPv6, you get all the content.
>
> If you come from IPv4,
And Netflix convinces Sony to ship an IPv6-capable OS update for the PS3 and
PS4, how,
On Mon, 04 Jan 2016 11:59:40 -0800, Owen DeLong said:
> These numbers might be slightly pessimistic because 3XX series responses are
> not counted as good.
They may be a *lot* more than slightly pessimistic - consider the case of
any site that uses 3xx replies to redirect to a geo-IP based
On Thu, 31 Dec 2015 15:55:24 -0500, Chris Burwell said:
> Hi NANOG,
>
> I'm looking to solicit feedback on VPLS providers. The requirement is for
> connectivity among about ten sites in North America,
Going to depend a lot on what the 10 sites are. You're in Fairfax, Virginia,
I'm sure you can
On Sun, 27 Dec 2015 08:37:25 +0100, Mikael Abrahamsson said:
> If someone like Consumer Reports or similar agency started testing and
> rating devices on these things like long-time support, automatic updates,
> software quality etc, and not just testing wifi speed as a factor of
> distance, we
On Sun, 27 Dec 2015 05:35:19 +0100, Baldur Norddahl said:
> SSH password + key file is accepted as two factor by PCI DSS auditors, so
> yes it is in fact two factor.
They also accept NAT as "security". If anything, PCI DSS is yet another example
of a money grab masquerading as security theater
On Sun, 27 Dec 2015 17:56:02 -0800, Mike said:
> NO SUCH DEVICE EXISTS, because you can't afford it. If I were to take
> you seriously however - and we're talking about eliminating all excuses
> and simply getting down to it and making a marginally qualified showing
> at expecting uninterrupted
On Sun, 27 Dec 2015 22:12:25 -0600, Josh Reynolds said:
> Based over what has been leaked, announced, or passed as pork barrel since
> 9/11, its probably time a tin foil hat factory was created to speed up the
> issuance of said hats.
On Sat, 26 Dec 2015 15:11:13 -0800, Owen DeLong said:
> Or contexts where the user is sloppy about securing their private key, e.g.
> the real world.
I seem to remember that enough people stashed their entire home directory
to github, including their keys, that github had to put in special hacks
On Sat, 26 Dec 2015 12:50:27 -0800, Matthew Petach said:
> No, the difference is that a passphrase works
> in conjunction with the private key, which is
> the "something you have" vs the "something
> you know" in two-factor authentication.
>
> With password authentication, there's only a
> single
On Thu, 24 Dec 2015 23:44:10 +, Colin Johnston said:
> We really need to ask if China and Russia for that matter will not take abuse
> reports seriously why allow them to network to the internet ?
Well, first off, it isn't like China or Russia are just one ASN. You'd have
to de-peer a bunch
On Wed, 23 Dec 2015 16:39:11 -0800, Reza Motamedi said:
> Aren't availability, guaranteed service and remote hands an incentive to do
> peering inside a third party colocation?
Sure. But there are places in the US where you have to decide whether the
cost of lighting 300 miles of fiber to the
On Thu, 26 Nov 2015 10:06:30 +1100, Matt Palmer said:
> Except for the fuckups that the redundancy *caused*...
You can't have split-brain failures if there isn't enough brain to split? :)
pgpYyCs8TIJTE.pgp
Description: PGP signature
On Tue, 24 Nov 2015 09:39:54 +1100, Mark Andrews said:
> And a /56 gives you 256 subnets. When you remove unnecessary
> heirachical delegation / routing that still supports a reasonable
> sized home network.
If you have a *workable* solution for the case where you're handed a /56
and are running
201 - 300 of 1617 matches
Mail list logo