Re: Looking for contact within Comcast Xfinity

[Aaron C. de Bruyn via NANOG]

I ran into this a few days ago.

Both the random agent I talked to and our sales rep said they can't disable
the security edge service without increasing the cost of service for all of
our accounts.

Apparently it costs more to not molest DNS traffic leaving your network.

They can temporarily disable it, but they said it will turn back on when
the modem is rebooted.

It seems to only affect TCP and UDP port 53.

I fixed it by setting all of our routers to use DoH and DoT exclusively.
They can't intercept and molest that traffic.

-A



On Tue, Aug 23, 2022, 05:39 Michael Brown  wrote:

> If anyone from Comcast Xfinity is on this list, can you please reach out
> to me?
>
> We're getting increased reports of xFi Advanced Security customers being
> unable to access hosted sites and attempting to open tickets has had no
> success.
>
> Thanks,
>
> Michael Brown
>
>

Re: PoE, Comcast Modems, and Service Outages

[Aaron C. de Bruyn via NANOG]

On Tue, Mar 29, 2022 at 1:12 PM Joe Greco  wrote:

> So if you want the $100 test to eliminate PoE electrical effects, get
> a pair of media converters and run fiber between them.  Put the CPE on
> the far end.  Optimize as appropriate if you have SFP-capable switches.


Sure--that would shoot down the "leaking non-existent PoE across a
motherboard and out another NIC" theory, but I was more thinking along the
lines of something like PoE causing RF interference or something.
I mean it's DC not AC so...it wouldn't be putting out a modulating signal
that interferes? ...honestly that's outside my knowledge domain.

-A

Re: PoE, Comcast Modems, and Service Outages

[Aaron C. de Bruyn via NANOG]

On Tue, Mar 29, 2022 at 12:20 PM Brie  wrote:

> Unifi/EdgeSwitch?
>

Yeah.  Unfortunately.  USW-24-250.


> Yeah, you know when 24v passive POE is turned on because it kills the
> port on the other end that aren't designed to handle it.  Your router
> would likely have a dead eth port on it.
>

I've never tested it with one of my routers, but a tech did accidentally
test it on a UniFi AP.  I'm still not sure how he ignored the warning about
sending 24 volts down the line, but the WAP didn't like it and decided to
refuse to work with anyone ever again. ;)


-A

Re: "Permanent" DST

[Aaron C. de Bruyn via NANOG]

On Tue, Mar 15, 2022 at 3:09 PM Joe Greco  wrote:

> We COULD all work in UTC and un-learn the weird system of hour offsets
> and timezones.  This would be convenient for people at a distance, since
> it would be simply a matter of stating availability hours, rather than
> giving someone hours AND a timezone and making them do the math.  If I
> say that I'm available for an hour at 22:00 UTC, that works out anywhere
> on the globe.  But do you know what timezone "CDT" is?  When's "17:00 CDT"?


Seems like an issue that could be solved by some simple tech that I'm
surprised Apple and Google haven't really implemented.

My sister is a "world traveler".  I have no idea what country she'll be in
next week.  If I decide to call her, I have no idea what timezone she'll be
in...let alone what "normal sleeping hours" are for her when she's
jet-lagged after a 14 hour flight.

I just call her phone and see if she answers.

I think just about every smartphone has a rudimentary "do not disturb"
feature built in.  My Google phone automatically switches to DND when it's
on the charging stand after 10 PM and turns off when I pick it up in the
morning.

The multitude of chat apps have presence.  Online, available, free to chat,
busy, unavailable, offline, do-not-disturb.

Why doesn't that exist for phone numbers? Create a public queryable server
that shows a status for a phone number.  Set your status to some
pre-defined value or make a custom status:
{
  status: "doing my taxes",
  do-not-disturb: true,
  emergencies: true,
  typical_availability: {
start: "14:00:00 GMT",
end: "04:00:00 GMT",
  }
}

I know FreePBX has presence support internally for extensions.  Come up
with a standard, integrate it with cell phones and you've solved
interrupting people because you don't know what arbitrary time numbers and
offsets they are using.

Android and iOS could have a 'master switch' on every phone.  Set your
status and all your various apps can pick up that status including voice
calls.
Android (and I'm sure iOS has it too) provides a way to say "these contacts
can override DND".

All that's left to solve is in-person stuff...which already currently sucks.

"My flight leaves at 6 AM local time and lasts 90 minutes, but I'm crossing
3 timezones heading west...so you need to pick me up at...uh4:30 AM
your time?  Oh waitare you currently in DST or not because we don't do
DST here, but I think you doso you either need to pick me up at 4:30 AM
or 3:30 AM...I'm not surewhat's your time is it now?  Ok, it's 5 AM my
time and 7 AM your time, so no DST, so...uh...but next week your zone is
switching to DST but we're already on it..."

vs

"My flight leaves at 06:00 zulu, lasts 90 minutes, so I'm landing at 7:30
zulu.  See you then."

For the record, I was always told DST was implemented because of farmers.
I'm a farmer and I hate timezones.  I just wake up when the rooster starts
crowing, and no one goes out to adjust him twice a year for DST.

-A

Re: Fiber contractor in Washington state

[Aaron C. de Bruyn via NANOG]

Cascade Networks out of Longview Washington does (or used to do) fiber
installs.
They got bought out by Wave a few years ago, but I think their fiber
division is still active.

https://cni.net/

-A

On Tue, Feb 8, 2022 at 4:50 PM Ross Tajvar  wrote:

> Hi all,
>
> I'm looking for a fiber contractor to trench some fiber on private
> property and then splice it inside. The work will be in Washington state,
> north of Spokane. Does anyone have recommendations? On- and off-list
> welcome.
>
> Thanks,
> Ross
>

Re: Telia is now Arelion

[Aaron C. de Bruyn via NANOG]

On Wed, Jan 19, 2022 at 10:29 AM james.cut...@consultant.com <
james.cut...@consultant.com> wrote:

> As in any other company, the Marketing Department has to find some
> activity to prove their worth.
>

I don't think you realize just how much effort you have to put into finding
a vaguely pronounceable .com domain in today's world.
Marketing probably spent months asking the tech staff to do whois lookups
for them until they found something vaguely marketable.

I'm sure we'll eventually get back to AOL keyword searches and let anyone
register any random TLD they want.  Just email aaron@isawesome.
What?  No .com?
Nope.
What's your website?
Just type the keyword..er...domain 'isawesome' into your browser.

-A

Re: Coverage of the .to internet outage

[Aaron C. de Bruyn via NANOG]

On Thu, Jan 20, 2022 at 10:21 AM Eric Kuhnke  wrote:

> If you're a small pacific island nation state with a limited budget, and a
> working submarine cable, maintaining a SCPC geostationary satellite service
> that might be $20,000 a month (on 36-60 month term) in transponder kHz may
> seem like a very large ongoing expense.
>

Redundancy seems like it could be covered by increasing the cost of a .to
domain.

DNS for .to domains seems to be working just fine, but whois lookups for
.to domains fail with a timeout.

-A

Re: home router battery backup

[Aaron C. de Bruyn via NANOG]

On Mon, Jan 17, 2022 at 11:43 AM Jeff Shultz  wrote:

> BTW, Calix ONTs default to "Disable on battery = on" for the GigE ports -
> it's checkbox in the config to turn that off so they stay up when the power
> is out. Which we do uncheck. Particularly since we've going increasingly
> VOIP and our employees can connect remotely. Sadly, I suspect that trying
> to get a major telco to go in and uncheck that box for you would be the
> equivalent to talking to a wall.
>

My "small" (< ~5,000 customers) ISP won't uncheck that box for me no matter
how much I beg, plead, or offer to bring them snacks for their office.
They keep mumbling stuff about FCC requirements which I suspect is just
handwaving.  Oh well...it's on a generator-protected outlet now.

-A

Re: home router battery backup

[Aaron C. de Bruyn via NANOG]

On Thu, Jan 13, 2022 at 7:41 AM Jay  wrote:

> We consume around 150 watts on DC and generally around 600 watts on AC
> (unless a freezer or air conditioner cycles on).  When the power goes out,
> sometimes we don't immediately notice it!  I think I am living inside a
> giant UPS, and more independance from the Grid is refreshing.
>

*boggles*

I bought one of those power monitors and tossed it on the circuit that goes
into my house.  At *night* when everything is off, I might get down as far
as ~800 watts.
During the day it's more like 2,000-3,500.  If I get the hat-trick (water
heater, central air, and well pump) running at the same time, I can get up
to ~24,000 watts.

The down-side...it's only monitoring the branch that leads to the house.
My office is on a separate branch.

My neighbor pays around $150 every two months on their power bill.
I pay just under ~$260 *every month*.
*sigh*

I definitely notice it when the power goes out.  The sound of UPS relays
and alarms is enough to wake the dead.

-A

Re: home router battery backup

[Aaron C. de Bruyn via NANOG]

On Wed, Jan 12, 2022 at 10:18 AM Andy Ringsmuth  wrote:

> Given that most people barely even know what their home router is, I
> suspect the percentage would be somewhere south of 1 percent. Outside of my
> home, I honestly cannot recall EVER seeing someone’s home using a battery
> backup for their internet infrastructure.
>

Same here.  The only people I've seen that have battery backups for their
home routers are fellow geeks.  I even bought one and shipped it to my
~70-year-old mother...and she just doesn't want to install it.  "Too
complicated".


> I personally do, but of course I (and probably everyone on this list) am
> by no means representative of the population at large in this particular
> area.
>

Same.  My home office has 3 Cyberpower 2500 VA double-conversion UPS units
backed by Champion transfer switches.  Power goes out, and ~45 seconds
later I'm running on generator power.
My local ISP runs out of power well before I do.  Thankfully there's
Starlink.

Short of an asteroid hitting my office, it's highly unlikely I'll ever be
offline. ;)

-A

Re: DOJ files suit to enforce FCC penalty for robocalls

[Aaron C. de Bruyn via NANOG]

My normal test for this is to register a new domain name and leave my whois
info public.

Over the span of 1-2 weeks I will usually get 50-100 calls from people with
a certain accent asking for a  mispronunciation of my name and if I need a
website developed.  Then I forward them over to my spam recording line.

I registered a handful of new domains this week, and I've had less than 5
calls so far.

-A


On Thu, Oct 21, 2021 at 12:13 PM Michael Thomas  wrote:

>
> On 10/21/21 10:57 AM, Sean Donelan wrote:
> >
> > The multi-million dollar fines announced with great fanfaire by the
> > Federal Communication Commission are almost never collected. The FCC
> > doesn't have enforcement authority to collect fines. The FCC usually
> > withholds license renewals until penalties are paid. If the violator
> > doesn't have any FCC licenses (or doesn't care), the FCC is powerless.
> >
> > The FCC refers uncollected penalties to the Department of Justice. In
> > the past, DOJ didn't prioritize uncollected penalties and most fines
> > were never enforced.
> >
> >
> > The Department of Justice Files Suit to Recover $9.9 Million
> > Forfeiture Penalty for Nearly 5,000 Illegally Spoofed Robocalls
> >
> >
> https://www.justice.gov/opa/pr/department-justice-files-suit-recover-forfeiture-penalty-nearly-5000-illegally-spoofed
> >
>
> So has any of the STIR/SHAKEN stuff that was mandated made any
> difference on the ground yet? I assume this is different than what you
> posted about though.
>
> Mike
>
>

Re: massive facebook outage presently

[Aaron C. de Bruyn via NANOG]

It looks like it might take a while according to a news reporter's tweet:

"Was just on phone with someone who works for FB who described employees
unable to enter buildings this morning to begin to evaluate extent of
outage because their badges weren’t working to access doors."

https://twitter.com/sheeraf/status/1445099150316503057?s=20

-A

On Mon, Oct 4, 2021 at 1:41 PM Eric Kuhnke  wrote:

> I am starting to see reports that in ISPs with very large numbers of
> residential users, customers are starting to press the factory-reset
> buttons on their home routers/modems/whatever, in an attempt to make
> Facebook work. This is resulting in much heavier than normal first tier
> support volumes. The longer it stays down the worse this is going to get.
>
>
>
> On Mon, Oct 4, 2021 at 3:30 PM Jay Hennigan  wrote:
>
>> On 10/4/21 12:11, b...@theworld.com wrote:
>> >
>> > Although I believe it's generally true that if a company appears
>> > prominently in the news it's liable to be attacked I assume because
>> > the miscreants sit around thinking "hmm, who shall we attack today oh
>> > look at that shiny headline!" I'd hate to ascribe any altruistic
>> > motivation w/o some evidence like even a credible twitter post (maybe
>> > they posted that on FB? :-)
>>
>> I personally believe that the outage was caused by human error and not
>> something malicious. Time will tell.
>>
>> However, if you missed the 60 Minutes piece, it was a former employee
>> who spoke out with some rather powerful observations. I don't think that
>> this type of worldwide outage was caused by an outside bad actor. It is
>> certainly within the realm of possibility that it was an inside job.
>>
>> In other news:
>>
>> https://twitter.com/disclosetv/status/1445100931947892736?s=20
>>
>> --
>> Jay Hennigan - j...@west.net
>> Network Engineering - CCIE #7880
>> 503 897-8550 - WB6RDV
>>
>

Re: IPv6 woes - RFC

[Aaron C. de Bruyn via NANOG]

On Sat, Sep 4, 2021 at 9:36 PM Mark Tinka  wrote:

> Supporting the routing and forwarding of IP addresses is just about the
> most basic thing any ISP should do.
>
> If that is low on their to-do list, what else could they possibly be doing?
>

Counting all the profit they make from a captive audience with no
competition? ;)

-A

Re: Reminder: Never connect a generator to home wiring without transfer switch

[Aaron C. de Bruyn via NANOG]

During the February 2021 storm that swept through the US, power got knocked
out on my rural street due to a tree coming down and taking out a pole.

While they were waiting for a few more trucks to arrive with a replacement
pole, I got to ask them a few questions.  They said it's standard practice
for them to ground on both sides exactly for the reason that someone might
accidentally connect a generator.  They open the nearest switch on the
upstream side, test to make sure the line is dead, install grounds on all
the wires, then test the downstream side and attach grounds to all the
wires, effectively making the work zone an isolated segment.

I doubt it's "if you follow every step perfectly at all times and never
make a mistake".
There are usually redundancies built-in when it comes to safety.  i.e.
what's the point of installing grounds on the upstream side if you have the
switch open?  If the lines are de-energized, why wear gloves?  If you're
doing all that, why carry an AED?

-A

On Mon, Aug 30, 2021 at 10:19 AM Warren Kumari  wrote:

>
>
> On Mon, Aug 30, 2021 at 12:47 PM Aaron C. de Bruyn via NANOG <
> nanog@nanog.org> wrote:
>
>> I've been following the thread.
>> If I'm dumb enough to back feed through the transformer into the
>> downstream side of the downed line, how is it going to be a problem if
>> linemen are grounding the phases on *both sides* of the work area.
>>
>
> I suspect that there is a non-zero amount of "in an ideal, perfect world,
> when all of the wires are simply lines on a piece of paper, and you can
> look at them from the comfort of your office chair, this is easy" - but, in
> the real world, linesmen are rushing about and trying to get the lights
> back on, cut through the big ash tree that is wedged between the oak and
> the pole, etc. Even the nice idea of "well, just take the conductos and tie
> 'em to ground" means that you need to go trudging through hedges and
> vegetation and tree limbs and lions and tigers and bears, often while it is
> pissing down with rain or baking hot.
>
> I guess I'm missing how we've moved from the "some people are putting
> their lives on the line, let's try to make their life less dangerous" into
> a "well... if they simply followed these set of steps perfectly at all
> times, and never made a mistake they'd be fine."
> This is NANOG -- I'm sure that we've all followed a set of steps perfectly
> and still managed to redistribute BGP into the IGP, or apply an ACL and
> lock ourselves out of a box, or types "show run" and watched the router
> randomly reboot. Now consider this, but with the added drama of potentially
> ending up dead...
>
> W
>
>
>> That's what Ben seemed to be implying.
>>
>> -A
>>
>> On Mon, Aug 30, 2021 at 9:09 AM Mel Beckman  wrote:
>>
>>> Aaron,
>>>
>>> If you read back in this thread (using the NANOG mailing list archive),
>>> you’ll find this has been explained in great detail. In a nutshell, phase
>>> grounding won’t help if a generator is energized from the customer end, and
>>> this technique was discontinued in the 1970s due to the many deaths that
>>> resulted.
>>>
>>>  -mel
>>>
>>> On Aug 30, 2021, at 9:02 AM, Aaron C. de Bruyn via NANOG <
>>> nanog@nanog.org> wrote:
>>>
>>> 
>>> On Mon, Aug 30, 2021 at 7:35 AM Lady Benjamin Cannon of Glencoe, ASCE <
>>> l...@6by7.net> wrote:
>>>
>>>> Yes, this is a real and dangerous problem.  Today.  Even with grounding
>>>> I’m afraid.  Source: I’ve been working in an engineering capacity for 27
>>>> years and I have the license you’d need to build a nuclear power plant.
>>>>
>>>
>>> Would you care to educate me on this?
>>> If you ground the phases on both sides of the work-site, how are you
>>> going to end up being a better path to ground?
>>>
>>> -A
>>>
>>>
>
> --
> The computing scientist’s main challenge is not to get confused by the
> complexities of his own making.
>   -- E. W. Dijkstra
>

Re: Reminder: Never connect a generator to home wiring without transfer switch

[Aaron C. de Bruyn via NANOG]

I've been following the thread.
If I'm dumb enough to back feed through the transformer into the downstream
side of the downed line, how is it going to be a problem if linemen are
grounding the phases on *both sides* of the work area.
That's what Ben seemed to be implying.

-A

On Mon, Aug 30, 2021 at 9:09 AM Mel Beckman  wrote:

> Aaron,
>
> If you read back in this thread (using the NANOG mailing list archive),
> you’ll find this has been explained in great detail. In a nutshell, phase
> grounding won’t help if a generator is energized from the customer end, and
> this technique was discontinued in the 1970s due to the many deaths that
> resulted.
>
>  -mel
>
> On Aug 30, 2021, at 9:02 AM, Aaron C. de Bruyn via NANOG 
> wrote:
>
> 
> On Mon, Aug 30, 2021 at 7:35 AM Lady Benjamin Cannon of Glencoe, ASCE <
> l...@6by7.net> wrote:
>
>> Yes, this is a real and dangerous problem.  Today.  Even with grounding
>> I’m afraid.  Source: I’ve been working in an engineering capacity for 27
>> years and I have the license you’d need to build a nuclear power plant.
>>
>
> Would you care to educate me on this?
> If you ground the phases on both sides of the work-site, how are you going
> to end up being a better path to ground?
>
> -A
>
>

Re: Reminder: Never connect a generator to home wiring without transfer switch

[Aaron C. de Bruyn via NANOG]

On Mon, Aug 30, 2021 at 7:35 AM Lady Benjamin Cannon of Glencoe, ASCE <
l...@6by7.net> wrote:

> Yes, this is a real and dangerous problem.  Today.  Even with grounding
> I’m afraid.  Source: I’ve been working in an engineering capacity for 27
> years and I have the license you’d need to build a nuclear power plant.
>

Would you care to educate me on this?
If you ground the phases on both sides of the work-site, how are you going
to end up being a better path to ground?

-A

Re: Can somebody explain these ransomwear attacks?

[Aaron C. de Bruyn via NANOG]

On Fri, Jun 25, 2021 at 10:43 AM Tom Beecher  wrote:

> Incompetent insurance companies combined with incompetent IT staff and
>> under-funded IT departments are the nexus of the problem.
>>
>
> Nah, it's even simpler. It's just dollars all around. Always is.
>

Agreed.


> From this company's point of view, the cost to RECOVER from the problems
> is so much smaller than it would be to prevent the problems from happening
> to begin with, so they are happy to let you guys handle it. From the
> insurance company's point of view, they are collecting premiums, but no
> claims are being filed, so they have no incentive to do anything
> differently.
>

I'm sure that'll change drastically if either of these conditions are true:
* A claim is filed
* An audit is required
* Ransomware surges throughout 2021 and payouts go through the roof

I think it's reasonable to expect at least one of those things will happen
in the next year.

-A

>

Re: Can somebody explain these ransomwear attacks?

[Aaron C. de Bruyn via NANOG]

On Fri, Jun 25, 2021 at 5:28 AM Jim  wrote:

> Big problem that with organizations' existing Disaster Recovery DR methods
> --
> the time and cost to recovery from any event including downtime will
> be some amount.. likely a high one,
> and criminals' ransom demands will presumably be set as high a price
> as they think they can get --
> but still orders of magnitudes less than cost to recover / repair /
> restore, and the downtime may be less.
>

I think you're right.  DR methods are a *huge* part of the problem.
I manage DR systems for a number of companies including a large unnamed
healthcare provider.
A year ago they were still running Exchange 2007.  No, that's not a typo.
Cryptolocker strolled right into the network via file attachment and
somehow made it past the non-existent 3rd-party AV software that totally
wasn't integrated into Exchange because it cost too much.
It spread across the network and started encrypting around 1 AM on a Friday
morning.
Due to the way this particular strain worked, it missed several of the
monitoring tools that would have alerted my company to the massive file
encryption that was happening and it managed to completely encrypt 21
offices and all their patient data.
At 6 AM my monitoring system alerted me to a problem.  By about 6:30 I
realized the scope of the problem, disabled all the site-to-site VPNs,
dropped the 1 or 2 infected workstations off the network and the encryption
stopped.
We do local snapshots every 15 minutes, local backups twice daily, local
disconnected backups several times per week, and off-site write-only
backups multiple times per day.
After I figured out when cryptolocker launched, I ran a few commands from
our config management server and had every office restored and running in
about 28 minutes and the internal techs for the company were dispatched to
swap out the infected workstations.

The first rule I follow is: Windows *never* touches bare metal.
I amended that last year to: Windows *never* touches bare metal, including
workstations.

People *really* need to work on their backups and DR plans.  You don't need
some expensive 3rd-party cloud solution coupled with expensive VMWare
licenses to do it.

The other part of the problem is the insurance companies.
It might surprise you to learn that particular company has been
cryptolocker'd 8 times in the last 15 years.  They've never lost more than
a few minutes of data and recovery times are measured in minutes.
This line has literally been thrown around a few times: "We don't need to
spend $xxx,xxx to upgrade to current software versions.  We have a
$5,000,000 cyber insurance policy."

The insurance company issued the policy after *port scanning* their public
IPs and finding no ports open.  Our only 'ding' we got was that the routers
responded to pings and the insurance company thought they shouldn't.
Insurance failed to do any sort of competent audit (i.e. NIST 800-171).  If
they did, they would have found the techs "solve" problems by making people
local admins or domain admins and that their primary line-of-business app
actually requires 'local admin' to run 'properly'.

While they finally replaced Exchange 2007 in 2020 by switching to GMail
(not for security, but because it made work-from-home easier), they still
run about 1/3 of their systems on Windows 7 with a few Windows 8 and 8.1
machines here and there.  They even still have 2 Windows XP machines.
Their upgrade policy is currently "If the machine dies, you can replace it
with something newer".  Their oldest machine is around 15 years old.

Incompetent insurance companies combined with incompetent IT staff and
under-funded IT departments are the nexus of the problem.

-A

Re: 10 years from now... (was: internet futures)

[Aaron C. de Bruyn via NANOG]

On Mon, Mar 29, 2021 at 11:39 AM Matt Erculiani 
wrote:

> I think the best way to think about what 10 years from now will look like
> is to compare 10 years ago to the present:
> https://mailman.nanog.org/pipermail/nanog/2011-April/thread.html
>

Multi-homing your DSL connection?
I can't wait to multi-home my 10x10 array of StarLink satellites in a few
years...

-A

Re: Famous operational issues

[Aaron C. de Bruyn via NANOG]

All these stories remind me of two of my own from back in the late 90s.
I worked for a regional ISP doing some network stuff (under the real
engineer), and some software development.

Like a lot of ISPs in the 90s, this one started out in a rental house.
Over the months and years rooms were slowly converted to host more and more
equipment as we expanded our customer base and presence in the region.
If we needed a "rack", someone would go to the store and buy a 4-post metal
shelf [1] or...in some cases the dump to see what they had.

We had one that looked like an oversized filing cabinet with some sort of
rails on the sides.  I don't recall how the equipment was mounted, but I
think it was by drilling holes into the front lip and tapping the screws
in.  This was the big super-important rack.  It had the main router that
connected lines between 5 POPs around the region, and also several
connections to Portland Oregon about 60 miles away.  Since we were
making tons of money, we decided we should update our image and install
real racks in the "bedroom server room".  It was decided we were going to
do it with no downtime.

I was on the 2-man team that stood behind and in front of the rack with
2x4s dead-lifting them as equipment was unscrewed and lowered onto the
boards.  I was on the back side of the rack.  After all the equipment was
unscrewed, someone came in with a sawzall and cut the filing cabinet thing
apart.  The top half was removed and taken away, then we lifted up on the
boards and the bottom half was slid out of the way.  The new rack was
brought in, bolted to the floor, and then one by one equipment was taken
off the pile we were holding up with 2x4s, brought through the back of the
new rack, and then mounted.

I was pleasantly surprised and very relieved when we finished moving the
big router, several switches, a few servers, and a UPS unit over to the new
rack with zero downtime.  The entire team cheered and cracked beers.  I
stepped out from behind the rack...
...and snagged the power cable to the main router with my foot.  I don't
recall the Cisco model number after all this time...but I do remember the
excruciating 6-8 minutes it took for the damn thing to reboot, and the
sight of the 7 PRI cards in our phone system almost immediately jumping
from 5 channels in-use to being 100% full.

It's been 20 years, but I swear my arms are still sore from holding all
that equipment up for ~20 minutes, and I always pick my feet up very slowly
when I'm near a rack. ;)

The second story is a short one from the same time period.  Our POPs
consisted of the afore-mentioned 4-post metal shelves stacked with piles of
US Robotics 56k modems [2] stacked on top of each other.  They were wired
back to some sort of serial box that was in-turn connected to an ISA card
stuck in a Windows NT 4 server that used RADIUS to authenticate sessions
with an NT4 server back at the main office that had user accounts for all
our customers.  Every single modem had a wall-wart power brick for power,
an RJ11 phone line, and a big old serial cable.  It was an absolute rats
nest of cables.  The small POP (which I think was a TuffShed in someone's
yard about 50 feet from the telco building) was always 100 degrees--even in
the dead of winter.

One year we made the decision to switch to 3Com Total Control Chassis with
PRI cards.  The cut-over was pretty seamless and immediately made shelves
stacked full of hundreds of modems completely useless.  As we started
disconnecting modems with the intent of selling them for a few bucks to
existing customers who wanted to upgrade or giving them to new customers to
get them signed up, we found a bunch of the stacks of modems had actually
melted together due to the temps.  That explained the handful of numbers in
the hunt group that would just ring and ring with no answer.  In the end we
went from a completely packed 10x20 shed to two small 3Com TCH boxes packed
with PRI cards and a handful of PRI cables with much more normal
temperatures.

I thoroughly enjoyed the "wild west" days of the internet.

If Eric and Dan are reading this, thanks for everything you taught me about
networking, business, hard work, and generally being a good person.

-A

[1] -
https://www.amazon.com/dp/B01D54TICS/ref=redir_mobile_desktop?_encoding=UTF8=Pe4xuew1D1PkrRA9cq8Cdg_cr_id=5048111780901_rd_plhdr=t_rd_r=4d9e3b6b-3360-41e8-9901-d079ac063f03_rd_w=uRxXq_rd_wg=CDibq_=sbx_be_s_sparkle_td_asin_0_img

[2] - https://www.usr.com/products/56k-dialup-modem/usr5686g/



On Tue, Feb 16, 2021 at 11:39 AM John Kristoff  wrote:

> Friends,
>
> I'd like to start a thread about the most famous and widespread Internet
> operational issues, outages or implementation incompatibilities you
> have seen.
>
> Which examples would make up your top three?
>
> To get things started, I'd suggest the AS 7007 event is perhaps  the
> most notorious and likely to top many lists including mine.  So if
> that is one for you I'm asking for just two 

Re: Texas internet connectivity declining due to blackouts

[Aaron C. de Bruyn via NANOG]

It might not be an easy fix in the moment, but in the long run, buy a
generator and install a propane tank.
When power prices spike to insane levels like this, just flip your transfer
switch over and run off propane.
When utility power becomes cheaper, switch back to the grid.

Maybe some sort of Raspberry Pi to monitor the current prices and do the
transfer automatically.  (language warning:
https://www.youtube.com/watch?v=gz7IPTf1uts)

Protip: If you're blacked out, it doesn't matter what the price of power is.

-A

On Wed, Feb 17, 2021 at 8:47 AM John Sage  wrote:

> On 2/17/21 8:07 AM, Sean Donelan wrote:
> >
> >
> > On Wed, 17 Feb 2021, Andy Ringsmuth wrote:
> >> Not sure where you’re finding those numbers but I believe they are not
> >> accurate.
> >
> > U.S. Energy Information Administration (part of the Department of Energy)
> >
> >
> https://www.eia.gov/electricity/monthly/epm_table_grapher.php?t=epmt_5_6_a
>
> This article is an interest description of Texas electricity pricing for
> one provider and for the market in general:
>
> "Some retail power companies in Texas are making an unusual plea to
> their customers amid a deep freeze that has sent electricity prices
> skyrocketing: Please, leave us.
>
> Power supplier, Griddy, told all 29,000 of its customers that they
> should switch to another provider as spot electricity prices soared to
> as high as $9,000 a megawatt-hour. Griddy’s customers are fully exposed
> to the real-time swings in wholesale power markets, so those who don’t
> leave soon will face extraordinarily high electricity bills."
>
> The catch:
>
> "Hector Torres, an energy trader in Texas, who is a Griddy customer
> himself, said he tried to switch services over the long weekend but
> couldn’t find a company willing to take him until Wednesday, when the
> weather is forecast to turn warmer."
>
>
> https://www.dallasnews.com/business/energy/2021/02/16/electricity-retailer-griddys-unusual-plea-to-texas-customers-leave-now-before-you-get-a-big-bill/
>
>
>
> - John
> --
>
>

Re: Alexandria Ocasio-Cortez' Office is on NANOG?? Or, what is the policy about sharing email offlist?

[Aaron C. de Bruyn via NANOG]

On Mon, Jan 18, 2021 at 10:20 AM Anne P. Mitchell, Esq. 
wrote:

> And either way, what is the policy about forwarding list email to someone
> who is not on the list?
>

If you are posting to NANOG under the impression that your email will only
be seen by network engineers and that it will never be "leaked" off-list to
the public, I have deal for you involving a few billion shillings I need to
smuggle out of Kenya...you can keep 10%, and I just need your routing
info...

-A

Re: Parler

[Aaron C. de Bruyn via NANOG]

Maybe read Holmes' dissent where he uses the phrase "fire in a crowded
theater" or at least listen to the cliff notes:
https://www.popehat.com/2018/06/28/make-no-law-episode-seven-fire-in-a-crowded-theater/
.

-A

On Sun, Jan 10, 2021 at 2:59 PM Jay Hennigan  wrote:

> On 1/10/21 13:50, Rod Beck wrote:
>
> > As a big fan of the 1st amendment, but someone deeply appalled by the
> > riot last week and keenly aware of how social media are letting the mud
> > to the surface, I am very perplexed how to reconcile free speech and the
> > garbage flowing through our social streets.
>
> The first amendment deals with the government passing laws restricting
> freedom of speech. It has nothing to do with to whom AWS chooses to sell
> their services. It is also not absolute (fire, crowded theater, etc.)
>
> Has anyone seen a rabbit? We've traveled quite a way down the rabbit hole.
>
> --
> Jay Hennigan - j...@west.net
> Network Engineering - CCIE #7880
> 503 897-8550 - WB6RDV
>

Re: NDAA passed: Internet and Online Streaming Services Emergency Alert Study

[Aaron C. de Bruyn via NANOG]

On Mon, Jan 4, 2021 at 7:11 PM Billy Crook  wrote:

> On Fri, Jan 1, 2021 at 4:13 PM Matt Hoppes <
> mattli...@rivervalleyinternet.net> wrote:
>
>> Just give users the ability to select what categories/severities they
>> want to see, so I don't get disrupted every time there's a scary rain storm
>> coming or some divorcee is behind on child-support.
>
>
Yesterday I was mildly indifferent.
Today, after receiving SIX zarking Amber alerts between 8 PM and 11 PM
local time, I suddenly have a strong opinion.
Talk about alert fatigue.  The sixth alert I received could have been for
the world ending.  I still wouldn't have looked at my phone.

Thankfully I can adjust the default setting to disable everything except
"presidental emergency alerts"...whatever that is.

As long as I can turn it off completely, I'm fine with people baking that
crap into their tech.

I still want my wired Nest smoke alarm to be able to pick up NWS alerts
though.

-A

Re: A letter from the CEO

[Aaron C. de Bruyn via NANOG]

> high speed, safe, secure global fiber connectivity

More importantly, can someone tell me what 'safe global fiber connectivity'
is?  As opposed to 'unsafe global fiber connectivity'?

Do these guys have the market cornered on not string fiber optic cable at
throat-level across roads or something?

Freaking marketing droids.

-A

On Fri, Nov 20, 2020 at 2:25 PM Josh Luthman 
wrote:

> Got this message to me directly as well as through the list.
>
> @6x7 this list is *NOT* to be scrapped for email addresses for your
> marketing purposes.  This is complete garbage.  I'll be sending a message
> directly to k...@6by7.net as well.
>
> Josh Luthman
> 24/7 Help Desk: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
>
> On Fri, Nov 20, 2020 at 5:19 PM 6x7 Networks - Lady Benjamin, CEO <
> b...@6by7.net> wrote:
>
>>
>>
>> *A letter from the CEO of 6x7: 6x7 Networks and Communications Authority
>> of Kenya announce type approval to import 8tbps/second internet routers.*
>>
>> Hi, Lady Benjamin from 6x7 here, and I'm proud to share with you an
>> update on me and the company.
>>
>> Through our adjunct division, 6x7 just received type approval from the
>> Kenyan government to import core routers capable of over 8tbps (8 terrabits
>> per second).  This will enable us to enter the Kenyan IP transit and
>> transport markets, and service both datacenter and soon office buildings
>> and eventually residences with high speed, safe, secure global fiber
>> connectivity.   The market in Kenya is severely impacted now due to limited
>> fiber availability, and 6x7 will leverage it's undersea connections to
>> bring more wholesale bandwidth into the area, creating the economy by which
>> we expect to grow.
>> Thanks for reading, I'll be doing a regular set of these newsletters, and
>> if you like them or want to reach out, please contact us at k...@6by7.net!
>> -LB
>> Ms. Lady Benjamin Cannon, ASCE.
>> Find Out More
>> 
>> [image: Facebook]
>> 
>> [image: Twitter]
>> 
>> [image: Link]
>> 
>> [image: Website]
>> 
>> *Copyright © 2020 6x7 Networks, LLC, All rights reserved.*
>> You are receiving this email because you opted in via our website.
>>
>> *Our mailing address is:*
>> 6x7 Networks, LLC
>> 44 montgomery st
>> suite 2310
>> San Francisco, CA 94104
>>
>> Add us to your address book
>> 
>>
>>
>> Want to change how you receive these emails?
>> You can update your preferences
>> 
>> or unsubscribe from this list
>> .
>>
>>
>> [image: Email Marketing Powered by Mailchimp]
>> 
>>
>

Re: Apple Catalina Appears to Introduce Massive Jitter

[Aaron C. de Bruyn via NANOG]

Sorry--accidental premature send.

On Thu, Oct 29, 2020 at 12:54 PM Brielle  wrote:

> Updates are from same link as above, and there's new builds based on
> their new OS that integrates a bunch of separate controllers if you
> don't mind beta...
>

With most companies I wouldn't mind.
But with UniFi, Alpha is Beta, and Beta is launched into production.


> > I have a UDM Pro that's useless because the WAN port seems to have a
> > manufacturing defect.
>
> Its actually a software bug - I had it too on releases around 1.8.0.
> It's actually fixed in 1.8.2-5 and later.
>

That's what I saw originally too.  It kept it sitting on the shelf for
months.
It's fixed in their beta software, but not on one of my appliances.


> One thing I will note - I've had only one device out of hundreds go bad
> in the last 10 years of using their products.  Usually, when you have
> lots of failing hardware 'for some reason', its a good idea to look into
> the reason 'why?'.  Could be bad grounds, could be dirty power...


Their switches and WAPs are pretty solid for me.  I have about 150 of each
deployed with only 2 or 3 failures.

I've had electricians check power in locations where things died and they
find no issues.  Plus the sites use double-conversion UPS units, so I
highly doubt it's power issues.

-A

Re: Apple Catalina Appears to Introduce Massive Jitter

[Aaron C. de Bruyn via NANOG]

On Thu, Oct 29, 2020 at 12:54 PM Brielle  wrote:

> On 10/29/2020 1:42 PM, Aaron C. de Bruyn via NANOG wrote:
> > I have an old CloudKey that mysteriously doesn't seem to be getting
> > updates anymore.
>
>
> https://community.ui.com/releases/UniFi-Cloud-Key-Firmware-1-1-13/733dfc55-b61b-483b-afc1-77d7f2c1e032
>
> 4 months ago, if you want to stick strictly to stable...  More recent if
> you run a beta release.


Not  to drag this out any further, but that was well after I stopped using
it because it hadn't had updates for nearly a year.

Same with the other issues mentioned.  They spent a good 8-12 months not
communicating with customers, not addressing issues, and not releasing
firmware while they developed their new UniFi OS.

-A

Re: Apple Catalina Appears to Introduce Massive Jitter

[Aaron C. de Bruyn via NANOG]

On Thu, Oct 29, 2020 at 12:22 PM Peter Beckman  wrote:

> I'll take all of your Unifi gear, PM me for an address. :-)
>

I'd send it your way in a heartbeat, but you wouldn't get much use out of
it.
I have an old CloudKey that mysteriously doesn't seem to be getting updates
anymore.
I have an old CloudKey Gen2 Plus that hasn't received updates in about a
year but the HDD died 8 months in.
I have a UDM Pro that's useless because the WAN port seems to have a
manufacturing defect.
I have a 4 old UVC-G3 cameras that died at about 13 months (not eligible
for warranty repair)
I have 3 UVC-G3-Flex cameras that have bad SD cards that I fortunately
bought from a vendor instead of UniFi directly and they just said "here are
replacements, don't bother shipping that crap back--toss them".
I have a US-24-250 and a US-48-500 switch that have dead power supplies.
One was DOA, the other died about 3 months in.  UniFi won't fix it, and I'm
not going to pay for shipping labels to fix their mistakes.  (I paid for a
working switch, and I got a dead switch--why should I pay more to get what
I ordered?)
I have a dead VIEWPORT and two that 'stutter' badly when displaying 4
cameras and they reboot several times per hour.
I have a partially melted UA-HUB.

Fortunately I switched to a vendor in the last 6 months that charges about
5% less than the list price and they actually replace stuff at no cost.
Dealing with Ubiquity directly is a nightmare.

There are some quirky things about Unifi that can be annoying, but it is
> mostly around common stuff like running a DNS Caching server on the
> Security Gateway or force-pushing a DDNS update.
>

Quirky things:  the lack of customer service, the lack of communication
with customers, the buggy software, releasing hardware to production that
is completely unusable for 6 months (UDM Pro), etc...

Anyways, not to get too down on them, their wireless gear and switches are
pretty wonderful.  I've never had a WAP die on me, and only a small handful
of switches...but the cost is hard to beat.
There has been talk in the forums about various Apple gear having problems,
and I think a recent update (possibly still in beta) appears to have fixed
it.  I don't own any Apple gear, so I can't confirm.

-A

Re: Apple Catalina Appears to Introduce Massive Jitter

[Aaron C. de Bruyn via NANOG]

On Thu, Oct 29, 2020 at 5:43 AM Jared Mauch  wrote:

> I have all UBNT at home for wireless and periodically have some
> random
> issues which I can't explain, but for the most part have things tuned to
> ensure
> there's little to no interference.
>

All UBNT at home?  Ouch.

They're on my banned list after one of their POE devices caught on fire
after being in service for 11 months.
Then they went round and round for a week saying they weren't going to pay
for a shipping label.  I wasn't going to pay for one because I didn't want
their gear back.

Finally someone with a bit of common sense sent a shipping label so they
could figure out why it caught on fire.
They ended up sending a replacement back that was obviously used.  Instead
of letting it go to waste, I installed it.
It died two weeks later.  When I contacted them, they said the original
purchase was over a year ago so they wouldn't RMA it.

Then a second device (plugged into an entirely different switch in a
different building) started smoking and emitting an electrical smell.  I
pulled all of them and tossed them in the dumpster.

They are an absolutely atrocious company to deal with.  I'm betting some
day real soon they'll be sued into oblivion when their crap burns down
someone's home or office building.

Friends don't let friends buy UniFi.

-A

Re: curious spam...

[Aaron C. de Bruyn via NANOG]

Yes.  I get spammed about once a week from Jaime Herrera Beutler.  Never
looked at the headers though.
It's entirely possible someone is either pranking me by signing me up to
political lists or they harvested my well-known address from somewhere.

I'll check the headers next time.

-A

On Mon, Sep 14, 2020 at 11:33 AM William Herrin  wrote:

> Howdy,
>
> I've noticed something odd. When I lived in Virginia, I started
> receiving email directly to my gmail box from my U.S. Representative.
> Unsolicited spam from Congressmen is nothing new but it was a little
> odd that they found my gmail box (which I don't give out) and not one
> of the hundreds of aliases at herrin.us or dirtside.com which I do
> give out. The gmail box exists only in mail headers; "From" is always
> a different address.
>
> I moved to Seattle. Today I found my grmail box subscribed to a
> congressman's list from a nearby Washington jurisdiction. Not some
> random congressman. And not any of the addresses I give out; my gmail
> box's address which I don't.
>
> Anyone else have a similar experience? Any idea how a hidden address
> is making it on to relevant congressmens' lists but not any others?
> That's weird right?
>
> Regards,
> Bill Herrin
>
> --
> William Herrin
> b...@herrin.us
> https://bill.herrin.us/
>

Re: Wildfires: Reminder smart devices don't include emergency warnings while streaming

[Aaron C. de Bruyn via NANOG]

I would trust it more than not getting an alert.
Especially if it started with something along the lines of "There is a
tornado warning for Springfield and North Haberbrook" and I had enough
brain cells to know what city I was in.

-A

On Fri, Sep 11, 2020 at 1:14 PM ITechGeek  wrote:

> At least cell phones have a reliable way to know where they are at any
> given moment.  Would you really trust providers sending out emergency
> notifications based on something like GeoIP or based on the zipcode on the
> account?
>
>
> ---
> -ITG (ITechGeek)  |  i...@itechgeek.com
> i...@secure.itg.nu (Protonmail) (Fingerprint: 7d1a160f)
> https://keybase.io/itechgeek  |  https://itg.nu/
> Google Voice: +1-703-493-0128 / Twitter: ITechGeek / Facebook:
> http://fb.me/Jbwa.Net
>
>
> On Fri, Sep 11, 2020 at 3:49 PM Sean Donelan  wrote:
>
>> On Fri, 11 Sep 2020, William Herrin wrote:
>> > tl;dr: keep your cell phone on and with you 'cause only a few things
>> > get emergency alerts and only when they're turned on.
>>
>> You sound like the CTIA in the 2000s when it was opposed to requiring
>> emergency alerts on cell phones.  "Its unnecessary to require cell phones
>> have emergency alerts, because people get emergency alerts other ways."
>>
>> The problem was all the consumer electronic industry groups always point
>> at "someone else."  The cable industry said it was unnecessary in the
>> 1980s because local TV stations had emergency alerts.  The TV industry
>> said it was unnecessary in the 1970s because local radio stations had
>> emergency alerts.  Etc. etc. etc.
>>
>> The reason your cell phone has emergency alerts, is the FCC required them.
>>
>

Re: [outages] Major Level3 (CenturyLink) Issues

[Aaron C. de Bruyn via NANOG]

Sure.  But being good engineers, we love to exercise our brains by thinking
about possibilities and probabilities.
For example, we don't form disaster response plans by saying "well, we
could think about what *could* happen for days, but we'll just wait for
something to occur".

-A

On Wed, Sep 2, 2020 at 8:51 AM Randy Bush  wrote:

> creative engineers can conjecturbate for days on how some turtle in the
> pond might write code what did not withdraw for a month, or other
> delightful reasons CL might have had this really really bad behavior.
>
> the point is that the actual symptoms and cause really really should be
> in the RFO
>
> randy
>

Re: Centurylink having a bad morning?

[Aaron C. de Bruyn via NANOG]

On Mon, Aug 31, 2020 at 11:28 PM Bjørn Mork  wrote:

> Well, many of us are paying for redundant power supplies or redundant
> REs, even if that doesn't make any difference when the chassis is on
> fire.  I guess most people know that, and still buy those redundant
> components.
>

I buy it so I can walk the machine from an old UPS to a new UPS.  Those
instances occur with much more frequency than chassis fires. ;)

-A

Re: Paging Comcast

[Aaron C. de Bruyn via NANOG]

Someone reached out who could shove a new service order into the queue for
the tech and we'll deal with the old broken connection on Monday when the
Comcast premier group opens back up.

Thanks and sorry for the noise.

-A

On Sun, Aug 2, 2020 at 3:55 PM Aaron C. de Bruyn  wrote:

> I need to get in touch with someone at Comcast urgently.
>
> We just acquired an office.  Their service is hosed up and their IPs are
> routing out of Washington State to Ashburn VA before dying.  A tech is
> on-site and says there's something wrong with the account and that it might
> be because it's a "national account".
>
> I asked him to just set me up with new service.  He said he can't and I
> have to go through a sales rep or the support number.
>
> My sales guy isn't answering and every time I wade through 5 minutes of
> IVR and reach a human and explain it, they say "hang on a moment" and then
> I'm transferred back to the IVR.
>
> I desperately need to fix the issue with static IPs on the existing
> account or get new service installed because we're supposed to be live
> Monday morning at 7:30 AM local time.
>
> -A
>

Paging Comcast

[Aaron C. de Bruyn via NANOG]

I need to get in touch with someone at Comcast urgently.

We just acquired an office.  Their service is hosed up and their IPs are
routing out of Washington State to Ashburn VA before dying.  A tech is
on-site and says there's something wrong with the account and that it might
be because it's a "national account".

I asked him to just set me up with new service.  He said he can't and I
have to go through a sales rep or the support number.

My sales guy isn't answering and every time I wade through 5 minutes of IVR
and reach a human and explain it, they say "hang on a moment" and then I'm
transferred back to the IVR.

I desperately need to fix the issue with static IPs on the existing account
or get new service installed because we're supposed to be live Monday
morning at 7:30 AM local time.

-A

CloudFlare Issues?

[Aaron C. de Bruyn via NANOG]

Anyone seeing Cloudflare DNS outages or site issues?

Affecting a bunch of sites in Washington and Oregon.

-A

Re: CloudFlare Issues?

[Aaron C. de Bruyn via NANOG]

CloudFlare updated their status page and confirmed the issue:

https://www.cloudflarestatus.com/

-A

On Fri, Jul 17, 2020 at 2:33 PM Aaron C. de Bruyn 
wrote:

> More digging shows high latency to CloudFlare DNS servers from Comcast in
> Washington and Oregon as well as a few other providers (Charter,
> ToledoTel), etc...
>
> Sites that do resolve using other DNS servers but are hosted on CloudFlare
> aren't loading.
> Sites that use CloudFlare for their DNS aren't resolving either.
> traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
>
>  1  _gateway (192.168.42.254)  0.185 ms  0.109 ms  0.117 ms
>  2  pppoe-gw-208-70-52.toledotel.com (208.70.52.1)  1.896 ms  1.881 ms
>  1.903 ms
>  3  tuk-edge-13.inet.qwest.net (198.233.244.225)  4.158 ms  4.082 ms
>  4.071 ms
>  4  sea-brdr-03.inet.qwest.net (67.14.41.154)  8.976 ms  8.949 ms  8.903
> ms
>  5  * * *
>  6  ae-1-51.ear2.Seattle1.Level3.net (4.69.203.173)  4.494 ms  4.350 ms
>  4.311 ms
>  7  4.53.154.10 (4.53.154.10)  77.622 ms  103.323 ms  103.240 ms
>  8  * * *
>  9  * * *
> 10  * * *
> 11  * * *
> 12  * * *
> 13  one.one.one.one (1.1.1.1)  87.515 ms * *
>
> -A
>
> On Fri, Jul 17, 2020 at 2:18 PM Aaron C. de Bruyn 
> wrote:
>
>> Anyone seeing Cloudflare DNS outages or site issues?
>>
>> Affecting a bunch of sites in Washington and Oregon.
>>
>> -A
>>
>

Re: CloudFlare Issues?

[Aaron C. de Bruyn via NANOG]

More digging shows high latency to CloudFlare DNS servers from Comcast in
Washington and Oregon as well as a few other providers (Charter,
ToledoTel), etc...

Sites that do resolve using other DNS servers but are hosted on CloudFlare
aren't loading.
Sites that use CloudFlare for their DNS aren't resolving either.
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets

 1  _gateway (192.168.42.254)  0.185 ms  0.109 ms  0.117 ms
 2  pppoe-gw-208-70-52.toledotel.com (208.70.52.1)  1.896 ms  1.881 ms
 1.903 ms
 3  tuk-edge-13.inet.qwest.net (198.233.244.225)  4.158 ms  4.082 ms  4.071
ms
 4  sea-brdr-03.inet.qwest.net (67.14.41.154)  8.976 ms  8.949 ms  8.903 ms
 5  * * *
 6  ae-1-51.ear2.Seattle1.Level3.net (4.69.203.173)  4.494 ms  4.350 ms
 4.311 ms
 7  4.53.154.10 (4.53.154.10)  77.622 ms  103.323 ms  103.240 ms
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  one.one.one.one (1.1.1.1)  87.515 ms * *

-A

On Fri, Jul 17, 2020 at 2:18 PM Aaron C. de Bruyn 
wrote:

> Anyone seeing Cloudflare DNS outages or site issues?
>
> Affecting a bunch of sites in Washington and Oregon.
>
> -A
>

Re: Contact at Ubiquiti Networks?

[Aaron C. de Bruyn via NANOG]

On Tue, May 26, 2020 at 6:44 AM Mel Beckman  wrote:

> Your or my pet bug may never get fixed, based on market demand.
>

Gonna have to disagree with you there.
I'm not sure if it was a cashflow issue or what, but they launched the
Unifi Dream Machine Pro after a very short testing period.
A client bought two thinking they could replace their office firewall with
it.
There were *so* many show-stopping issues with the product, it was
basically a brick for ~4 months.
You couldn't configure the device unless it had a non RFC-1918 address on
its WAN interface.  It crashed frequently both due to software bugs and
memory usage. Software updates frequently b0rked things...and
backup/restore was broken.  Interfaces would disconnect and reconnect for
~30 seconds several times per hour.  I tested it for my client and had a
list of ~15 show-stopper bugs that prevented us from putting it into
production.

Thankfully they were "quick" to fix it.  It's been ~3 months and all the
show-stoppers seem to be resolved.  Things like logging and graphing are
still broken, but that doesn't stop internet access.

Regardless, they shouldn't have pushed a completely broken device out the
door as being ready for public sale.  It should still be in beta today in
my opinion.

-A

Re: Google peering pains in Dallas

[Aaron C. de Bruyn via NANOG]

Why isn't there a well-known anycast ping address similar to
CloudFlare/Google/Level 3 DNS, or sorta like the NTP project?
Get someone to carve out some well-known IP and allow every ISP on the
planet to add that IP to a router or BSD box somewhere on their network?
Allow product manufacturers to test connectivity by sending pings to it.
It would survive IoT manufacturers going out of business.
Maybe even a second well-known IP that is just a very small webserver that
responds with {'status': 'ok'} for testing if there's HTTP/HTTPS
connectivity.

-A

On Thu, Apr 30, 2020 at 10:10 AM William Allen Simpson <
william.allen.simp...@gmail.com> wrote:

> On 4/29/20 8:53 PM, Christopher Morrow wrote:
> > I suppose it's time for a more public:
> >"Hey, when you want to test a service, please take the time to test
> > that service on it's service port/protocol"
> >
> > Testing; "Is the internet up?"
> > by pinging a DNS server, is ... not great ;(
> > I get that telling 'joe/jane random user' this is hard/painful/ugh...
> > :( (haha, also look at cisco meraki devices!! "cant ping google dns,
> > internet is down")
> >
> > Sorry :(
> >
> Just as an anecdote: once upon a time I had a television that began
> reporting it couldn't work anymore, because the Internet was down.
>
> After resorting to packet tracing, discovered that it was pinging
> (IIRC) speedtest.napster.com to decide.  Napster had gone belly-up.
>
> Fortunately, it had a 2 year warranty, took it back to Best Buy
> with about a month to go.
>
> Now think about the hundreds of thousands of customers who didn't
> know how to diagnose the issue, or the warranty had expired, and
> had to buy a new smart TV?
>
> Tried to get the FTC interested, no joy.  Congress made noises
> about passing a law requiring software updates (especially for
> security issues), but still nothing on that either.
>
> Besides, what are we going to do after Google goes belly-up? ;)
>

Re: 5G roadblock: labor

[Aaron C. de Bruyn via NANOG]

On Mon, Dec 30, 2019 at 6:42 AM  wrote:

>
> Ultimately, market demand showed that it was necessary and we had done the
> right thing
> developing the next speed.
>

In other words, this will be up to the marketing teams.

$MAJOR_CELL_CARRIER will start advertising that they are the only all-5G
all-digital nation-wide network, built from the ground up...whereas
$COMPETITOR uses some obviously inferior tin-can-and-string type setup that
can't even pass bits in most places--and they'll have handy maps to prove
it.  They'll gain some market share and $COMPETITOR will start scrambling
to upgrade their network so their own maps look better and launch campaigns
and lawsuits to combat the false information put out by
$MAJOR_CELL_CARRIER.  In the end, consumers will only care that there's one
particular spot in there house where they can't get a signal and it's
really annoying because that's where they like to be when they talk on the
phone.

-A

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

[Aaron C. de Bruyn via NANOG]

Bad wording on my part.  I wasn't trying to imply their statement was
true--just a bit of humor.

-A

On Fri, Nov 22, 2019 at 6:09 PM Owen DeLong  wrote:

>
>
> On Nov 22, 2019, at 17:47 , Aaron C. de Bruyn via NANOG 
> wrote:
>
> On Fri, Nov 22, 2019 at 8:52 AM Blake Hudson  wrote:
>
>> This is absolutely an issue with Xbox Live/Sony PSN or RBLs used by mail
>> servers for reputation purposes. For better or worse these systems equate
>> one IPv4 address == one user (and possibly one IPv6 /64 == one user). My
>> opinion is that this may be a reasonable or "good enough" assumption
>>
>
> Talk to someone who has been sued for downloading or sharing movies.
> They'll swear on their own grave that one IP can never equal one user. ;)
>
> -A
>
>
> I’ll swear it’s a horrible assumption.
>
> Personally, I use many IP addresses each day.
> Some of them are also used by others.
> Some of them are not.
>
> Equating IP Address <-> Person relationships as being anything remotely
> resembling 1:1 is beyond absurd. To do so with an IPv6 /64 is even more so.
>
> Considering it to be reasonable or “good enough” is so far from valid I
> don’t even know where to begin.
>
> Owen
>
>

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

[Aaron C. de Bruyn via NANOG]

On Fri, Nov 22, 2019 at 8:52 AM Blake Hudson  wrote:

> This is absolutely an issue with Xbox Live/Sony PSN or RBLs used by mail
> servers for reputation purposes. For better or worse these systems equate
> one IPv4 address == one user (and possibly one IPv6 /64 == one user). My
> opinion is that this may be a reasonable or "good enough" assumption
>

Talk to someone who has been sued for downloading or sharing movies.
They'll swear on their own grave that one IP can never equal one user. ;)

-A

Re: This DNS over HTTP thing

[Aaron C. de Bruyn via NANOG]

On Wed, Oct 2, 2019 at 9:13 AM Livingood, Jason 
wrote:

> The challenge of course is that in the absence of a silver bullet
> solution, that people working to combat all forms of child exploitation are
> simultaneously trying several things, ranging from going to the source as
> you suggest and arresting people, to trying to interrupt the online tools
> that they may use or that might fund/support them, etc.  So they don’t
> approach it as a binary choice between trying these ecosystem measures vs
> going to the source – they are working all the levers.
>

Yes, obviously they are trying multiple levers--but who gets to draw the
line, where are they going to draw it, and why do they get to decide for me?
What prevents an absurd 'solution' like "We can not only stop child
molestation, but rape in general if we just castrate everyone" from being
one of the levers, but intentionally breaking tools like DNS is acceptible?

People who are determined enough will find ways to circumvent the
system--something along the lines of "the internet treats policy blocks as
damage and routes around it".

How many times has The Pirate Bay been blocked only to pop up under a
similar domain name hosted out of a new country?


> It is unfortunately a very difficult problem. FWIW, a recent NYT article
> on this was interesting – see
> https://www.nytimes.com/interactive/2019/09/28/us/child-sex-abuse.html
> Headline is “The Internet Is Overrun With Images of Child Sexual Abuse.
> What Went Wrong? Online predators create and share the illegal material,
> which is increasingly cloaked by technology. Tech companies, the government
> and the authorities are no match.”
>

I completely agree--it's a difficult problem, and I wish I had a solution.
That article turns my stomach.  I have kids, and I worry about it every day.

-A

Re: This DNS over HTTP thing

[Aaron C. de Bruyn via NANOG]

"For the children!"
"Stop resisting!"
"I was in fear for my life!"

The age-old cries of the oppressor.

The problem is that children are being kidnapped, trafficked, and abused.
DNS blocking doesn't solve that.  It's not a technical problem.
Go to the source--the kidnappers, traffickers, and abusers and give them 50
years in the electric chair.
Go to the consumers and do the same.  That will solve the problem.

-A





On Tue, Oct 1, 2019 at 11:33 AM John Levine  wrote:

> In article <20191001074011.n4xjouqg6lhsv...@nic.fr> you write:
> >Note that the UK is probably the country in Europe with the biggest
> >use of lying DNS resolvers for censorship. No wonder that the people
> >who censor don't like anti-censorship techniques.
>
> Most UK ISPs use the Internet Watch Foundation's advice intended to
> block child sexual abuse material.
>
> Circumventing it enables people to access that material.
>
> We can shout CHILD PORNOGRAPHY just as loud as you can shout
> CENSORSHIP so perhaps we should both stop now.  There are plenty of
> valid reasons for a DNS resolver to block some results.
>
> R's,
> John
>
>
>
>

Re: Comcast storing WiFi passwords in cleartext?

[Aaron C. de Bruyn via NANOG]

On Wed, Apr 24, 2019 at 9:05 AM Brandon Jackson via NANOG 
wrote:

> I'm not saying they are doing anything nefarious or packet capping the
> local network or anything of that nature that is a little on the tin foil
> hat side for me personally, but you should always consider that any
> information available to a cable modem Gateway or plain cable modem is
> available to the ISP.
>

I'd wager at least 95% of Comcast's users aren't network engineers,
security bros, or in some technically competent field.
If you were building a system to support hundreds of thousands or millions
of users who couldn't distinguish between a DVD drive and a cup holder, how
would you make it easy for your front-line support staff to help them use
the service they paid for?  Want to walk them through factory resetting an
old WTR54, hardwire a computer/laptop to it (if they have one), sign in
with default creds and then properly configure wireless?

I'd rather say "What do you want your wireless network name to be?"  "Ok,
and what do you want your password to be?"  "Done.  Try connecting now."

In any sort of business environment you should be briding the modem and
putting your own firewall in.

-A

Re: Frontier rural FIOS & IPv6

[Aaron C. de Bruyn via NANOG]

You're not alone.

I talked with my local provider about 4 years ago and they said "We will
probably start looking into IPv6 next year".
I talked with them last month and they said "Yeah, everyone seems to be
offering it.  I guess I'll have to start reading how to implement it".

I'm sure 2045 will finally be the year of IPv6 everywhere.

-A

On Sat, Mar 30, 2019 at 7:36 AM C. A. Fillekes  wrote:

>
> So by COB yesterday we now officially have FIOS at our farm.
>
> Went from 3Mbps to around 30 measured average.  Yay.
>
> It's a business account, Frontier.  But...still no IPv6.
>
> The new router's capable of it.  What's the hold up?
>
> Customer service's response is "We don't offer that".
>
>
>
>
>
>

Qwest CenturyLink / Telia issues near Seattle?

[Aaron C. de Bruyn via NANOG]

For the past ~36 hours I have been seeing 15% packet loss between
CenturyLink and Telia.

I regularly access equipment in a Wave Broadband datacenter in Longview, WA
from my office connected via ToldeoTel and the traffic transits
Qwest/CenturyLink over to Telia before hitting Wave.

I have a handful of clients affected too.

I contacted Wave yesterday and they said CenturyLink is aware that the link
to Telia is 'completely saturated' and working on it.  I contacted Wave
again today to see if they had an update and they said no.  ToledoTel
didn't have any update either.

Can anyone shed some light on it?  Or an ETA for resolving it?

Thanks,

-A

Re: Should Netflix and Hulu give you emergency alerts?

[Aaron C. de Bruyn via NANOG]

On Fri, Mar 8, 2019 at 2:36 PM Matt Hoppes <
mattli...@rivervalleyinternet.net> wrote:

> No. Please no. We need less regulation. Not more.
>
> VoIP started out the same way. Very simple to start offering voip. Worked
> well. Then the government got involved. Now it’s a mess of requirements,
> warnings and reporting.


Come on now...what we really need to get everyone attention is air raid
sirens coupled with streaming interruptions via a simultaneous reboot of
all 'core routers' on the internet so people stop surfing facebook and
start wondering "what's up", followed by the public utilities cycling the
nations power grid to the morse code 'SOS'.  Oh, and this all occurs during
the monthly test too.

-A

Re: The root KSK roll has occurred

[Aaron C. de Bruyn via NANOG]

Well that explains the DNS weirdness I was seeing this morning.  I had
just made a significant network change and initially thought I screwed
something up.  After 10 minutes of halfhearted troubleshooting and
poking around my configs I began to suspect DNS issues.  Before I
could do more digging, it magically resolved itself.

-A
On Thu, Oct 11, 2018 at 9:44 AM Selphie Keller  wrote:
>
> Pretty awesome moment in history, confirmed my DNS resolvers are showing 
> 20326. Also, seeing the new key on public resolvers like cloudflare and 
> level3, google 8.8.8.8 and 8.8.4.4 still have 19036, likely cache.
>
>
>
> On Thu, 11 Oct 2018 at 10:07, Mehmet Akcin  wrote:
>>
>> Congratulations for rolling the root zone KSK.
>>
>> On Thu, Oct 11, 2018 at 9:01 AM Matt Larson  wrote:
>>>
>>> On behalf of the root zone management partners (ICANN and Verisign), I 
>>> would like to report that the root KSK rollover occurred at 1600 UTC today, 
>>> 11 October, with the publication of the root zone with serial number 
>>> 2018101100.
>>>
>>> For the 48 hours after the rollover, we will be monitoring several mailing 
>>> lists, including this one, so please reply here with any issues or concerns.
>>>
>>> Matt
>>> --
>>> Matt Larson, VP of Research
>>> ICANN Office of the CTO
>>>

Re: Oct. 3, 2018 EAS Presidential Alert test

[Aaron C. de Bruyn via NANOG]

On Mon, Oct 8, 2018 at 9:19 PM Sean Donelan  wrote:
> A company already made a combination smoke alarm/weather radio.
> Halo Smart Labs went out of business earlier this year.
> https://www.smartthings.com/products/halo-smart-labs-halo-smoke-and-carbon-monoxide-alarm-plus-weather-alerts

*click*
*buy*

Thanks for the link. :)


> A $120+ niche silicon valley product is great for the nerds. Whats the
> business case for everyone else?

I know plenty of non-nerds that live in tornado and hurricane-prone
locations in the US that could also use a nice fire alarm/CO detector
in their house.

> What's the business case for reaching 126 million households, with a
> product that is afforable or already part of something they already have.

Sure--I totally agree.  But we don't build smoke detectors into our
cell phones because that's not a very good use case.  And I'm not
aware of weather alerts being broadcast to cell phones without having
an app installed, and it's unreliable.  (Although some already have
AM/FM radios in them...)



> More people own Amazon smart speakers than NEST thermostats.  Amazon
> product people have told me there is no demand for emergency alerts in its
> Alexa product.
>
> Likewise, I've asked Google developers.  They said the same thing about
> adding emergency alerts to their Google assistant product.

Maybe so.  I never received a survey.  Sounds like they just aren't
interested in developing a 'boring' feature.

> Fewer than 5% of households buy weather radios.

That's...surprising to me.  Any chance the majority of those 5% are in
hurricane or tornado areas?

*wonders what smoke alarm coverage is*

> If you know that Google or Amazon plan to add emergency alerts to its
> smart assistant products, that would be great news.  But so far, their
> product people have been very clear, they see no business case for
> supporting government emergency alerts on their "smart" products.

The only down-side I see to that is that my assistant products lose
power immediately when the grid fails.  My smoke alarm is wired, but
it has a battery backup.

Thanks for the info.

-A

Re: Oct. 3, 2018 EAS Presidential Alert test

[Aaron C. de Bruyn via NANOG]

On Mon, Oct 8, 2018 at 10:54 AM Sean Donelan  wrote:
> There is no business case for Amazon, Apple or Google to include emergency
> alerts as part of their smart speakers.

I have a $50 weather alert radio.
Does it have have batteries?  Are they charged?  Are they almost dead?
 When did I last hear an alert from it?
Does your smoke alarm have batteries?  Are they dead?  When did you
last test it?

Google solved these problems with ~$120 smoke alarm and a decent cell phone app.
If they released a new version with weather alerts, I wouldn't think
twice about dropping $200 on it.

So how is there no business case?  No disrespect intended, but you
failed to back up that statement.

Perhaps I'm the only one who would spend more than $50 on a weather
alert device?

-A

Re: Oct. 3, 2018 EAS Presidential Alert test

[Aaron C. de Bruyn via NANOG]

Hopefully Google and Amazon product engineers are listening: EAS/NWS
alert messages could come over your various devices to help the
consumer...

The NEST Protect smoke alarms would particularly be useful for NWS
Alerts (i.e. they're loud and could broadcast "TORNADO!  SEEK SHELTER
IMMEDIATELY!")

Already having ~6 Nest Protects, and a few Home devices, I can't seem
myself ever needing to spend money on another one...unless version
next.0 included an internal antenna that could pick up NWS
alertsseems like a good source of new hardware revenue to me...

-A
On Sun, Oct 7, 2018 at 12:25 PM  wrote:
>
>
> Re: EAS alert, people not being reached
>
> That was one advantage of the old air raid siren system, it was
> difficult to ignore and required nothing special to receive (hearing
> impaired excepted.)
>
> I recall in NYC as a kid you were expected (maybe legally required,
> not sure) to head off the streets and to the nearest shelter. And
> people did. If you were a wise guy teen and didn't and a cop saw you
> you'd get an earful (don't ask me how I know this.)
>
> Some areas particularly near the shore have similar siren systems.
>
> Probably a bigger issue which isn't as apparent from a test is do
> people have any reasonable options even if they are completely aware
> that negotiations with the UFOs have collapsed and the death rays have
> started?
>
> In the days when nuclear attack was more likely we'd often say that
> it's all well and good to be alerted but seriously wtf are we supposed
> to do (duck and cover!)? Beyond "better than nothing!"?
>
> Granted for some proportion of the population a half-baked response is
> a lot better than none. If you're likely 2+ miles from a 1MT nuclear
> air burst just going into your cellars and away from windows (flying
> glass and debris) would probably save most of those lives and much
> injury at least from the initial blast.
>
> So, EAS alert may be better than nothing for many but some enumeration
> of why one might get one and what would be a reasonable reaction to
> each case would be useful.
>
> Otherwise it's just "ALERT! YOU ARE ABOUT TO DIE!" Ok...
>
> Of course for many here it might mean "switch to alternate power
> source immediately".
>
> --
> -Barry Shein
>
> Software Tool & Die| b...@theworld.com | 
> http://www.TheWorld.com
> Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
> The World: Since 1989  | A Public Information Utility | *oo*

Re: California fires: smart speakers and emergency alerts

[Aaron C. de Bruyn via NANOG]

On Thu, Jul 26, 2018 at 9:14 AM Sean Donelan  wrote:

> Probably not a surprise, the product managers at Amazon and Google didn't
> see a benefit.  Instead of emergency alerts, instead the product
> improvement roadmap priority is on package tracking and delivery alerts :-)
>

I'm not aware of a public bug tracker/feature request feature for Google
Home, but the devices to support "Ok Google, feedback" (not sure about
Alexa).

Perhaps if people on this list gave them feedback about emergency alerts
they might be able to put an count to the people requesting the feature.

My opinion is it makes more sense to do emergency alerts at the smart
> device level (smart speaker, smart tv, smart streaming box) rather than at
> the content layer (hulu, netflix, spotify).
>

I agree.  My TV already automatically switches between Google and Amazon
devices automatically using some sort of HDMI trigger when one has a
notification--completely interrupting me if I'm watching something on the
other device.  I can only imagine how convenient it will be for the two
devices to fight back-and-forth for control of the display during an
emergency. ;)

Of course there's also the single-device question of: Will it work if I
don't have the Hulu app open?  Will Hulu run in the background and
preempt?  Will Hulu and Netflix start fighting for control because they
both have messages?


> There is a lot of opportunity to come up with better ways to notify people
> in ways they want, when they want, beyond tracking their package
> deliveries. And since its at the voluntary stage now, a chance to shape
> the discussion.
>

That's the whole reason I ditched Alexa.  All it would do is blink
constantly and notify me that ordered had been processed, then shipped,
then delivered (I know already, the UPS guy knocked), as well as constantly
misunderstanding me and then asking if I wanted to purchase some random
product based off the misunderstanding.

The NEST guys also didn't seem very receptive to the emergency alert stuff
when I contacted them.

Capitalist solution: Build yet another IoT device that just does emergency
alerting.

Someone with free time should start a kickstarter or something.  I'd
totally chip in.

-A

Comcast outage Southwest Washington?

[Aaron C. de Bruyn via NANOG]

There a Comcast outage affecting a few of my locations in SW Washington
state.  We initially had an estimate of 3:26 PM for service restoration.
That got bumped to 7 PM.  Now the phone system isn't giving an ETR and the
phone system says there are excessive hold times.

I'm guessing it's a fiber cut.  Can anyone provide some insight?

Thanks,

-A

Re: "Weird" Traffic about 10 hours ago

[Aaron C. de Bruyn via NANOG]

My extremely un-scientific reply:

I make a lot of connections from Washington State to Virginia every day.

Around 5 PM PDT yesterday, I got booted and had trouble re-connecting for
about 10 minutes.  I figured it was just me, but then a handful of sites
wouldn't load for me while others had no trouble.  I started to do some
traceroutes and they all succeeded, then I noticed my connections to
Virginia were restored.

I don't think it lasted for more than 10 minutes whatever it was.

-A

On Tue, May 1, 2018 at 6:31 AM Mike Hammett  wrote:

> This is going to be extremely scientific. 
>
> Did anyone else see "weird" stuff going on about 10 hours ago, about 6 PM
> Central on April 30th? I'm based in the Chicago area and have a large
> client on the east coast. I saw about a 25% drop in traffic for a half hour
> to an hour.
> Another Midwestern ISP also saw about 25% drops on two different upstream
> connections.
> A friend of mine runs an ISP in Virginia. He reported a dip in traffic
> (though didn't report how much of a drop), but also pings and IPSEC\L2TP
> worked, but couldn't SSH or do other activities.
> That friend reported another ISP in Virginia had problems at that same
> time.
> An ISP in Cyprus reported issues at that time. I'm looking to firm up what
> kind of issues and verify the time.
>
>
> Yet other ISPs report no problems at all. Smooth ramps on traffic graphs
> as one would expect at the beginning of prime time.
>
>
> I thought maybe "something" happened in Ashburn (fiber cut, DWDM card
> failure, etc.) as my client has a wave from the east coast to me in
> Chicago, but then the Midwestern ISP shouldn't have any dependency on
> Ashburn, given Chicago and Dallas.
> Then there's the guy in Cyprus, which shouldn't have any bearing on
> anything that happens over here in the States.
>
> I thought maybe it was an epic failure at one of the CDNs or other content
> networks, but then that wouldn't impact SSH or other management activities.
>
>
> Anyone else have any other data to help figure out what caused this?
>
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> Midwest-IX
> http://www.midwest-ix.com
>

Re: Is WHOIS going to go away?

[Aaron C. de Bruyn via NANOG]

You must be doing something wrong. ;)

After registering a new domain name, I get ~10 poorly worded emails trying
to convince me a I need professional web development services.  I also get
~15 phone calls over a few weeks from very thick accents and call-center
noise in the background telling me that I need professional web development
services or search engine optimization.  There's usually 1 or 2 calls with
the same characteristics telling me that they work for Google and have
noticed a problem with my 'listing' for my new site and I need to have them
correct it for a small fee because that's how Google makes money.

The phone calls don't happen if I use private registration. ;)

-A

On Wed, Apr 25, 2018 at 8:25 AM Stephen Satchell  wrote:

> On 04/25/2018 07:10 AM, ke...@contoocook.net wrote:
> > Well, personally for me, I use secret registration because I was tired
> of all the spam I got. Spammers scrape whois data for email addresses. I
> not trying to hide my identity on the web, I just don't like spam. I'm not
> some dark evil force.
> > Cheers, Keith
> >
>
> What I find interesting is that I didn't get all that much spam from my
> small collection of domains.  Of course, the e-mail addresses associated
> with those domains is "ad...@satchell.net" (and "ab...@satchell.net").
> Indeed, abuse is completely ignored by spammers, while admin gets a
> couple of pieces of Far East spam a week.  That's right, a week.
>
> I bought privacy service now, as well as renewal protection.  I've lost
> three domains, and don't want to lose any more.
>

Re: Is WHOIS going to go away?

[Aaron C. de Bruyn via NANOG]

On Fri, Apr 20, 2018 at 2:27 PM Naslund, Steve  wrote:

> They did not in fact have the "right" to publish those pamphlets.


Now we're way off-topic, but our constitution acknowledges that is a
pre-existing right.  The constitution didn't grant it to you.  (Rights are
inherent, privileges are granted)

People have the right to speak, write, and publish whatever they want.

-A

Re: Is WHOIS going to go away?

[Aaron C. de Bruyn via NANOG]

> "Wrong on several counts.  You can publicly access the records of who
owns every radio station, television station, and newspaper in the US and a
lot of other countries. "

You can't access their *sources* without a warrant.

You seem to be conflating private individuals with corporations.

> "No one ever had the liberty of publishing information to the public
without accountability."

That's provably false.  I can type whatever I want, hit print, and scatter
it around town unobserved at 3 AM.

> "The whole protecting you from the government point is nothing but a
straw man."

That's not what I'm advocating.  If whois disappeared entirely tomorrow, it
wouldn't protect me from government.  But it *would* protect me from crazy
nutjobs.

> "Do you really believe that ICANN will stand up to the world governments
if they ask for the data?"

Obviously not.  But there's nothing I can do about it except tell them to
come back with a warrant.

There *is* something I can do to help limit the ability of crazy nutjobs to
find out my information so they can visit my home and harass my family.

Anyways, I think this has rambled on long enough.

-A



On Fri, Apr 20, 2018 at 1:55 PM Naslund, Steve  wrote:

>
> >...in every other form of communication, the phrase "get a warrant" comes
> to mind.
> >Except on the internet where we require the information to be public so
> that anyone and their dog can view it without a warrant.
>
> Wrong on several counts.  You can publicly access the records of who owns
> every radio station, television station, and newspaper in the US and a lot
> of other countries.  All of those organizations are REQUIRED by law to file
> ownership statements. Every periodical published in the United States has a
> block in it identifying the publisher.  Every book sold has a publisher
> listed even if the author chooses to remain anonymous.  It is a violation
> of the law for a telemarketer to call you without identifying themselves
> (which is what we complain about with phone scammers).
>
> Get a warrant only applies to communications (like your phone calls and
> your personal Internet traffic) that have a reasonable expectation of
> privacy.  If you are in the public square shouting to the world you have no
> expectation of anonymity and you can actually be held responsible for false
> statements about another individual.  A publicly accessible website’s
> published pages would not have any expectation of privacy whatsoever.
> Besides we are talking about identification of ownership of a
> communications site not the communications going through it.  Just because
> I have your WHOIS data does not mean I have root access to your server.
>  The government needs a warrant to listen to your phone calls but not to
> know you have a phone and where it is.   We are not letting people monitor
> your traffic through WHOIS, we are only identifying who is responsible for
> all communications coming from that site.
>
> Another point is that “get a warrant” does not apply in totalitarian
> countries in any case.  Try saying get a warrant in North Korean or China.
> Pretty moot point there.
>
>
> "Those who would give up essential Liberty, to purchase a little temporary
> Safety, deserve neither Liberty nor Safety."
>
> No one ever had the liberty of publishing information to the public
> without accountability.  There are tons of laws protecting you from false
> statements and communications intended to harm your reputation or damage
> your business.
>
> You are giving up an essential liberty here which is knowing who is saying
> what about you.  Do you not want the right to know the sources of
> information presented to the public?  Do you think I should be able to post
> anything I want about you in the public square without accountability?  Can
> I put up a billboard criticizing you personally and keep my identity a
> complete secret?  Might it be nice to know that the source of political
> news might have an axe to grind or an ideological bent, would you like to
> know that the news story you just read was actually from an opposition
> candidate?  Are we not making a huge deal about Russia messing around with
> elections and trolling?  How would you ever know that was going on with no
> accountability of the source of information?
>
> The whole protecting you from the government point is nothing but a straw
> man.  There is no nation state that does not have enough resources to
> recover that information from you or your communications carrier.  Even if
> your traffic is encrypted, it is trivial to figure out who is posting to
> social media or underground websites via other intelligence or simple
> traffic analysis.  They can deny their entire populations access to just
> about any communications media they like.  Most of them don’t because it is
> actually a more lucrative source of intelligence than a threat.  If you are
> a dissident I might be better off leaving you on the 

Re: Is WHOIS going to go away?

[Aaron C. de Bruyn via NANOG]

On Fri, Apr 20, 2018 at 12:53 PM Keith Medcalf  wrote:

> This last statement is entirely untrue.  WHOIS provides information as to
> the PUBLISHER (such as one would find on the masthead of a newspaper).
> This is, ought to be, and should remain, public information.
>

Oh, so I'm a newspaper now?  Or are you telling me there's some magical
setting in media publishing that prevents someone from hitting 'print'
without attaching an identifying masthead?

I as an individual should be able to register whatever site I want without
filing to become a corporation to protect my identity from nutjobs on the
internet if I so desire.  Anyone with legal concerns about the content I
might publish can hire a lawyer, get a warrant, and reveal who owns
xyz.tld.  Not that registering as a corporation protects your private
identity either.

But in all other forms of media I *can* protect my identity.

I can publish a podcast, get interviewed by the news media with my face
blurred, type up a crazy manifesto and distribute leaflets through town,
take out an Ad in a newspaper, etc...

You still need to "get a warrant" (or a rubber hose) as you so quaintly put
> it to ascertain the origination of the information published.


Am I misunderstanding the incessant yearly emails I get from my registrar
warning me that I better be using valid information?  What part of whois
requires a warrant to view that information?

-A

Re: Is WHOIS going to go away?

[Aaron C. de Bruyn via NANOG]

> "I don't see why there should not be a way to know who is publishing data
on the Internet.  In almost all other forms of communication, there is some
accountability for the origination of information."

...in every other form of communication, the phrase "get a warrant" comes
to mind.
Except on the internet where we require the information to be public
so that anyone and their dog can view it without a warrant.

> "When you get into the business of "protecting" people from their own
"oppressive" governments, you are also protecting "enemies and criminals"
from another perspective."

"Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety."

-A

On Fri, Apr 20, 2018 at 12:33 PM Naslund, Steve 
wrote:

> I don't see why there should not be a way to know who is publishing data
> on the Internet.  In almost all other forms of communication, there is some
> accountability for the origination of information.  Newspaper publishers
> are known, radio stations are usually licensed and publicly known,
> television is licensed as well.  Your phone and Internet traffic is
> available to the government and law enforcement.  People need to be held
> legally accountable for the information they present to the public
> otherwise you would have absolutely no recourse in the event that you were
> slandered, scammed, or otherwise harmed by this information.  People being
> scared of their government is a real thing, however it is not up to the
> Internet to protect people from their own governments, that is a political
> problem not a technical one.  Always think of the negative side of the
> argument.  If a website was distributing unauthorized compromising photos
> of your children would you want them to be completely anonymous?
>
> Think of how aggravated we all are with the spam we receive every day and
> how much you like spoofed caller ID data when you talk about anonymity.
>
>
> Publishing information for access by the entire public should have some
> sort of accountability with it.
>
> When you get into the business of "protecting" people from their own
> "oppressive" governments, you are also protecting "enemies and criminals"
> from another perspective.  Most all nation states would have the ability to
> track the communications to their source in any case so all you are really
> doing is protecting the data from the public.
>
> It would appear to me that the ICANN proposal is nothing more than a means
> to monetize what used to be public data.  Why should Google have all the
> fun?
>
> Steven Naslund
> Chicago IL
>
>
>
>
>
> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of b...@theworld.com
> Sent: Friday, April 20, 2018 2:11 PM
> To: Tei
> Cc: nanog@nanog.org
> Subject: Re: Is WHOIS going to go away?
>
>
> On April 20, 2018 at 12:03 oscar.vi...@gmail.com (Tei) wrote:
>  > Maybe a good balance for whois is to include organization information
>  > so I know where a website is hosted, but not personal information, so
>  > I can't show in their house and steal their dog.
>  >
>  > I feel uneasy about having my phone available to literally everyone on
>  > the internet.
>
> There are various privacy options available when one registers a
> domain, generally a matter of checking a box and usually free.
>
>  >
>  >
>  > --
>  > --
>  > ℱin del ℳensaje.
>
> --
> -Barry Shein
>
> Software Tool & Die| b...@theworld.com |
> http://www.TheWorld.com
> Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
> The World: Since 1989  | A Public Information Utility | *oo*
>

Re: Is WHOIS going to go away?

[Aaron C. de Bruyn via NANOG]

On Thu, Apr 19, 2018 at 5:20 PM  wrote:

> So you think restricting WHOIS access will protect dissidents from
> abusive governments?
>

Every government has subpoena power.  Some of them even have the power to
beat people with a rubber hose in the back room until they get the
information they want.

Being able to put bogus data into whois won't prevent the government from
finding you, but it may prevent crazies from showing up at my house, or
even knowing that I run a particular site.

-A

Re: Is WHOIS going to go away?

[Aaron C. de Bruyn via NANOG]

You still have the same end result.  Bad data.  I could use a mail
forwarding service or fake the record entirely.  My VoIP provider probably
won't cough up who owns the phone number without a warrant.  Probably the
same for HelloFax.  And the only name verification that goes on at my
domain registrar is validating my credit card.  They don't seem to care if
I put "John Smith" in for the whois name.  But once again, they'll require
a warrant before they cough up the data.  The USPS doesn't seem to mind if
mail comes in under "my child's" name who is under 16 and doesn't have any
form of government ID yet...and might not even exist.

So you still have the same end-result.  Those determined to remain somewhat
private will do so and that means some of your whois data is garbage.

...but I don't see it as a big problem.  Some random site or IP is causing
problems, so you try to nicely get in touch with them.  Their whois is
garbage.  So block them.  They'll figure it out quickly enough.  Or contact
their upstream.  Their upstream probably knows who they are.  Digital Ocean
(for example) knows which IPs belong to my servers and they'll either reach
out to me or knock me offline until I get things corrected.

"dissident political movements in repressive countries"

...and there's my new band name.

-A


On Thu, Apr 19, 2018 at 7:29 AM Rich Kulawiec  wrote:

> On Sat, Apr 14, 2018 at 08:20:06PM +, Filip Hruska wrote:
> > Scraping WHOIS systems for thousands domains at once using the WHOIS
> > protocol is easy though. There are "WHOIS History" sites which scrape all
> > domains and then publish the data along with the date of retrieval.
>
> Which would not be necessary if all WHOIS information was fully published
> in text/XML/whatever form, available for immediate download/rsync to
> everyone, and refreshed at intervals (say, once a day).  This would
> neatly undercut the business model for these sites and would ensure
> that anyone who wants the information can get it efficiently.
>
> ---rsk
>

Re: Is WHOIS going to go away?

[Aaron C. de Bruyn via NANOG]

If you register a corp out of Nevada, the only person who gets to know the
names of the owners is the company lawyer unless someone shows up with a
warrant.  It costs around $1,200 if I remember correctly.

So I can spin up a legit looking company and put that info into whois and
you essentially end up with useless info unless you can convince a court to
issue a warrant.

So why are you proposing that I can't run my *personal*  "I strongly
believe in {insert emotionally-charged issue} site" without letting psychos
know exactly where I live?

-A

On Sat, Apr 14, 2018 at 10:16 AM Rich Kulawiec  wrote:

> On Sat, Apr 14, 2018 at 02:21:59PM +, Filip Hruska wrote:
> > EURID (.eu) WHOIS already works on a basis that no information about the
> > registrant is available via standard WHOIS.
> > In order to get any useful information you have to go to
> > https://whois.eurid.eu and make a request there.
> >
> > Seems like a reasonable solution.
>
> It's not.  All WHOIS information should be completely available
> with no limits, no restrictions, in bulk form to everyone -- so that
> everyone running every operation is identifiable to their peers and thus
> accountable to their peers.  I understand that some people don't want to
> be exposed to that, and that's fine: but then they shouldn't be running
> an Internet-connected operation.
>
> The only people served by restriction on WHOIS availability are abusers
> and attackers, and the entities (e.g., registrars) who profit from them.
>
> ---rsk
>

Re: Ping a Comcast Business DNS Admin?

[Aaron C. de Bruyn via NANOG]

I received replied from several friendly Comcast staff members and it
looks like there will be a resolution shortly.

Thanks, and sorry for the list noise.

-A

On Thu, Oct 26, 2017 at 3:33 PM, Aaron C. de Bruyn <aa...@heyaaron.com> wrote:
> I'm hoping a Comcast engineer can clear something up for me:
>
> If I recall correctly siteprotect.com is used by Comcast Business hosting.
>
> We have a mutual customer who has their domain NS pointed at
> ADNS.CS.SITEPROTECT.COM and BDNS.CS.SITEPROTECT.COM and those servers
> resolve their domain properly, but as of two weeks ago I no longer
> have the option to edit the customer's zone when signing in to
> businessclass.comcast.net.
>
> Phone reps have said "we don't manage you DNS" or "NetSol is their
> registrar", or even "Hmm...you're right, there's something wrong, but
> I don't know what's going on".
>
> On top of all of that, Comcast told this mutual customer to update
> their DNS records because they are being migrated to Office 365.  But
> the customer can't access it to edit it.
>
> Feel free to contact me off-list for the domain and customer details.
>
> -A

Ping a Comcast Business DNS Admin?

[Aaron C. de Bruyn via NANOG]

I'm hoping a Comcast engineer can clear something up for me:

If I recall correctly siteprotect.com is used by Comcast Business hosting.

We have a mutual customer who has their domain NS pointed at
ADNS.CS.SITEPROTECT.COM and BDNS.CS.SITEPROTECT.COM and those servers
resolve their domain properly, but as of two weeks ago I no longer
have the option to edit the customer's zone when signing in to
businessclass.comcast.net.

Phone reps have said "we don't manage you DNS" or "NetSol is their
registrar", or even "Hmm...you're right, there's something wrong, but
I don't know what's going on".

On top of all of that, Comcast told this mutual customer to update
their DNS records because they are being migrated to Office 365.  But
the customer can't access it to edit it.

Feel free to contact me off-list for the domain and customer details.

-A

Re: California fires: smart speakers and emergency alerts

[Aaron C. de Bruyn via NANOG]

On Mon, Oct 16, 2017 at 8:32 AM, Sean Donelan  wrote:
> A smart speaker suddenly announcing "There is a tornado warning in this
> area, would you like to hear more?" will probably freak-out those same
> non-technical people.

Simple programming problem.

Speaker: "There is a tornado warning in this area, would you like to hear more?"

User: "How did you get my phone number?"

Speaker: "You have opted out of tornado warnings"

Fast forward to the next tornado and techno-darwinism will take effect.

Alternatively you could have the speaker ramble on for 10-15 minutes
about how the weather alerting system works and maybe the end-user
will hang around long enough listening to the explanation...

-A

Re: California fires: smart speakers and emergency alerts

[Aaron C. de Bruyn via NANOG]

Someone do a kickstarter already. I'll contribute.  ;)

-A

On Sun, Oct 15, 2017 at 7:09 PM, Sean Donelan  wrote:
> On Sun, 15 Oct 2017, valdis.kletni...@vt.edu wrote:
>>
>> On Fri, 13 Oct 2017 18:50:51 -0700, Joe Hamelin said:
>>>
>>> I would think that Amazon knows where my Echo is since it's the same IP
>>> that I order (way too much crap) from.
>>
>> It knows the usual delivery address.  That's not necessarily the same
>> thing.
>>
>
> First, need to figure out if any smart speaker manufacturers have any plans
> to add emergency alerts to their product. Only need to solve the other
> problems if they do, otherwise it doesn't matter.
>
>
> While VOIP phones needed exact addresses for 9-1-1 purposes, emergency
> alerts are rarely as specific as a city or county.  An exact
> longitude/latitude would be nice to have, but probably not necessary for
> most emergency alerts. All the smart speakers ask for the user's location,
> at least a zip code, during the installation. And they seem to use the
> typical advertising network IP address geolocation.
>
> It would be creepy if an emergency alert was too targetted.  It may be
> better to keep it larger than a mile radius, rather than a single house.

Re: California fires: smart speakers and emergency alerts

[Aaron C. de Bruyn via NANOG]

I messaged the Nest guys a few weeks ago about that very issue.  I
think it would be somewhat simple for them to put an RF module in
their Protect devices (smoke alarms) and a speaker to alert about the
issue.  Since they are wifi-enabled, they could probably also arrange
a clearer audio feed over the internet with a fallback to RF if the
internet is down/power is out.

-A

On Fri, Oct 13, 2017 at 1:59 PM, Sean Donelan  wrote:
>
> Has anyone heard if the smart speaker companies (Amazon Echo, Google Home)
> plan to include emergency alert capability?  An estimate 10% of households
> own a smart speaker, and Gartner (well-known for its forecasting accuracy)
> predicts 75% of US households will have a smart speaker by 2020.
>
> Although most silicon valley tech nerds are still in the "invincible" years,
> were the california fires close enough to silicon valley that smart speaker
> developers might think an emergency could affect them.  And an emergency
> alert capability in their smart speakers might be important?
>

Re: Information about the national test of the Emergency Alert System

[Aaron C. de Bruyn via NANOG]

I didn't see a blip on my TV, or hear anything on the local radio
stations.  I didn't even get an alert on my cell phone.  Did I miss
it, or did it get cancelled?

-A



On Wed, Sep 27, 2017 at 9:03 AM, Sean Donelan  wrote:
>> And your upstream(s) to work. And their upstream(s) to work. etc. If 90%
>> of the stations in the EAS web are down you may end up with nothing working.
>
>
> 6% of TV stations are operating in Puerto Rico
> 15% of radio stations are operating in Puerto Rico
>
> Nationally, there are about 28,000 cable systems, radio and television
> stations.
>
> This test will not use the FEMA primary entry point system, so its only a
> partial test of the national EAS.
>
> Today's national test of the Emergency Alert System will be the same as the
> 2016 national test.  It is a partial test of the EAS, using the FEMA IPAWS
> system over the internet (i.e. Akamai and Cloudfront are used as CDNs) to
> the distribute the emergency test message. Cable, radio and TV stations need
> a working Internet connection as well as radio receivers and transmitters
> for IPAWS and EAS.
>
> Although the national test was scheduled back in July, its still a good test
> opportunity to see how the internet and EAS works in Puerto Rico and the
> U.S. VI with so much damage to the infrastructure. The one minute national
> test should not intefere with disaster recovery efforts in PR or USVI.
>
> For more information:
>
> https://www.fema.gov/news-release/2017/09/19/mandatory-nationwide-test-emergency-alert-system-be-conducted-september-27
>
> https://www.fcc.gov/document/nationwide-emergency-alert-system-test-planned-september-27
>

Re: [SPAM] Re: Bell outage

[Aaron C. de Bruyn via NANOG]

We have multiple redundant backup paths in case of a cut.  The backup
paths run about 1 mm away from the primary path in the same cable in
the same conduit. ;)

On Fri, Aug 4, 2017 at 11:14 AM, Nate Metheny  wrote:
> :s/fiber/conduit
>
> On Fri, Aug 4, 2017 at 12:11 PM, Rod Beck 
> wrote:
>
>> Everyone has a resilient network until they don't. 
>>
>>
>> 
>> From: NANOG  on
>> behalf of jim deleskie 
>> Sent: Friday, August 4, 2017 8:07 PM
>> To: J
>> Cc: NANOG list
>> Subject: Re: Bell outage
>>
>> Single fiber cut causes the much impact?
>>
>> -jim
>>
>> On Fri, Aug 4, 2017 at 2:59 PM, J  wrote:
>>
>> > https://www.theglobeandmail.com/news/national/much-of-
>> > atlantic-canada-loses-cellphone-service-in-widespread-outage/
>> > article35881182/
>> >
>> >
>> >
>> > Apparently some fiber cut.  No word on the exact model of construction
>> > equipment, yet, though.
>> >
>> >
>> >
>> > :\
>> >
>> >
>> >
>> >
>> >  On Fri, 04 Aug 2017 10:14:26 -0500 Krunal Shah &
>> lt;ks...@primustel.ca
>> > wrote 
>> >
>> >
>> >
>> >
>> > Does anyone know what is happening with Bell network at East Canada?
>> >
>> >
>> >
>> > http://canadianoutages.com/status/bell/map/
>> [http://canadianoutages.com/i/logo/bell.png]> canadianoutages.com/status/bell/map/>
>>
>> Bell down? Realtime status and problems overview ...<
>> http://canadianoutages.com/status/bell/map/>
>> canadianoutages.com
>> Bell Canada offers internet, mobile phone and home phone services to
>> individuals and businesses. Internet is delivered through DSL or fiber
>> technology.
>>
>>
>> >
>> >
>> >
>> >
>> >
>> > Krunal
>> >
>> > 
>> >
>> >
>> >
>> >  This electronic message contains information from Primus Management ULC
>> > ("PRIMUS") , which may be legally privileged and confidential. The
>> > information is intended to be for the use of the individual(s) or entity
>> > named above. If you are not the intended recipient, be aware that any
>> > disclosure, copying, distribution or use of the contents of this
>> > information is prohibited. If you have received this electronic message
>> in
>> > error, please notify us by telephone or e-mail (to the number or address
>> > above) immediately. Any views, opinions or advice expressed in this
>> > electronic message are not necessarily the views, opinions or advice of
>> > PRIMUS. It is the responsibility of the recipient to ensure that any
>> > attachments are virus free and PRIMUS bears no responsibility for any
>> loss
>> > or damage arising in any way from the use thereof.The term "PRIMUS"
>> > includes its affiliates.
>> >
>> >
>> >
>> > 
>> >
>> >  Pour la version en français de ce message, veuillez voir
>> >
>> > http://www.primustel.ca/fr/legal/cs.htm
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>>
>
>
>
> --
> Nate Metheny
> natemeth...@gmail.com

Re: Please run windows update now

[Aaron C. de Bruyn via NANOG]

On Mon, May 15, 2017 at 2:48 PM, J. Oquendo  wrote:
> On Mon, 15 May 2017, b...@theworld.com wrote:

>> You count the number of destructive opens in the kernel and if it
>> exceeds a threshold (for example) you stop it and pop up a warning.

That's basically what I did.  I got tired of users constantly opening
any attachment that came at them through e-mail and encrypting all the
files on their systems and other network systemsso...I installed a
Linux box running Samba backed by a ZFS file store.

Samba spits out syslog records on file writes.

Combine that with fail2ban.  When one user has more than 60 writes in
60 seconds *or* a write contains a well-known cryptolocker name (i.e.
*DECRYPT_INSTRUCT*) it immediately blocks their IP on the server,
looks up their MAC address, scans the switch for their MAC, and
disables the switch port.

Then I have a list of files in syslog that were encrypted and ZFS
snapshots I can restore from.

Additionally, some of the workstations were PXE or iSCSI booted from
the NAS so it was as simple as "Hold down the power button to turn off
your computer.  Ok, let me 'zfs rollback' your machine image...ok, now
turn your computer back on.  All set."

Plus adding new workstations was as easy as getting the MAC address
and doing a 'zfs clone' of a clean machine image.

Upgrades are easy too--boot a VM, install the latest version of
WIndows, update drivers, install software packages, then shutdown,
snapshot and clone.  Tell the user to reboot their PC and they are now
running the newer OS.

Windows isn't hard if you have Linux and Unix running underneath,
behind, and between everything. ;)

-A

Re: VPS plus email

[Aaron C. de Bruyn via NANOG]

Easy solution if you don't know how to configure e-mail:  Google Apps
for Business.  $5/user/month.

Cheaper solution than Exchange: $5/mo Digital Ocean server running
something like Dovecot and Haraka to handle e-mail.

If you don't want to leave Microsoft, I believe Outlook premium will
do what you want: https://premium.outlook.com/

Or pony up for Office 365.

-A

On Mon, Mar 27, 2017 at 12:16 PM, Samual Carman  wrote:
> Howdy y'all I would like to know if if anyone can recommend a good VPS to run 
> a exchange server as well as host a website I would like to set up an 
> exchange server with a  professional email address unless you guys can 
> recommend a different approach I should take to get a professionaladdress 
> so it would look better on resumes etc and I can consolidate all my various 
> email accounts to one I could consider switching to google apps and or 
> Microsoft outlook unless there are other better providers out there I am in 
> college so if there are any special programs please feel free to advice me of 
> such Feel free to private message me
> Not sure if this is allowed the rules where murkey on this
> Get Outlook for iOS

Re: Any Github Experts online ?

[Aaron C. de Bruyn via NANOG]

If they are using 'git pull', or 'git push' for example, they may be
accessing the data via HTTPS or SSH.

Can your user do a 'git remote -v' and see if they are connecting via
HTTPS or SSH to assist you with troubleshooting?

Then see if it's something specific to one or the other and if it's
specific to github or all sites.

-A

On Wed, Feb 22, 2017 at 3:40 PM, Bob Evans  wrote:
> Hello NANOGers,
>
> I have one customer that claims that 2 out of 17 downloads using the git
> command on github's service are slow and poor on our network when compared
> to others.
>
> However, when not using the git command , but using a simple web page link
> to a large zipped file from github, its always nice and fast. Using the
> git command 8% of the time being slow is unacceptable. Github just doesnt
> responds lethargically at best. BTW, have you seen how many hex digits a
> github ticket number is ?
>
> Of course Github says try a different ISP...Customer tries to tell me
> comcast is better ! What ! I dont believe it. No help from Github NOC - we
> have asked and asked... And we peer with Github and for some reason they
> do not transmit the Prefixes of the IP range that the customer uses for
> the git command.  github.com resolve IPv4 is not in the prefix list. So
> the exit is transits.
>
> I need more clues. Is it the resources the git command uses when checking
> files for dates etc ?
>
> Thank You
> Bob Evans
> CTO
>
>
>
>
>
>

Re: Quick name and shame -- Apologies but...

[Aaron C. de Bruyn via NANOG]

You might try the mailop mailing list.  A few MS staff lurk there and
might be able to shed some light.

-A

On Fri, Dec 30, 2016 at 1:48 PM,   wrote:
>
> For years, YEARS, Microsoft's OUTLOOK.COM has flooded us with this
> sort of dictionary spamming on a daily basis.
>
> Is there anyone at MS who cares?
>
> Surely it's not that difficult to notice someone is blasting stuff
> like this from your servers every single day for years? Or are your
> servers just an out of control free-for-all? Do you even know who is
> using them?
>
> If you need another few zillion records like this for motivation just
> ask.
>
> 2016-12-30T16:34:29.342803-05:00 pcls5 sendmail[5627]: NOUSER: jmarkus1 
> relay=mail-bn3nam01on0058.outbound.protection.outlook.com [104.47.33.58]
> 2016-12-30T16:34:29.593566-05:00 pcls5 sendmail[5627]: NOUSER: jmarkus2 
> relay=mail-bn3nam01on0058.outbound.protection.outlook.com [104.47.33.58]
> 2016-12-30T16:34:29.844258-05:00 pcls5 sendmail[5627]: NOUSER: jmarkus3 
> relay=mail-bn3nam01on0058.outbound.protection.outlook.com [104.47.33.58]
> 2016-12-30T16:34:30.094905-05:00 pcls5 sendmail[5627]: NOUSER: jmarkus4 
> relay=mail-bn3nam01on0058.outbound.protection.outlook.com [104.47.33.58]
> 2016-12-30T16:35:23.984284-05:00 pcls5 sendmail[7053]: NOUSER: ehansen1 
> relay=mail-sn1nam02hn0244.outbound.protection.outlook.com [104.47.36.244]
> 2016-12-30T16:35:24.235025-05:00 pcls5 sendmail[7053]: NOUSER: ehansen10 
> relay=mail-sn1nam02hn0244.outbound.protection.outlook.com [104.47.36.244]
> 2016-12-30T16:35:24.485697-05:00 pcls5 sendmail[7053]: NOUSER: ehansen5 
> relay=mail-sn1nam02hn0244.outbound.protection.outlook.com [104.47.36.244]
> 2016-12-30T16:35:24.736408-05:00 pcls5 sendmail[7053]: NOUSER: ehansen2 
> relay=mail-sn1nam02hn0244.outbound.protection.outlook.com [104.47.36.244]
> 2016-12-30T16:35:24.987137-05:00 pcls5 sendmail[7053]: NOUSER: ehansen3 
> relay=mail-sn1nam02hn0244.outbound.protection.outlook.com [104.47.36.244]
> 2016-12-30T16:36:01.134355-05:00 pcls5 sendmail[7889]: NOUSER: efd5 
> relay=mail-bl2nam02hn0233.outbound.protection.outlook.com [104.47.38.233]
> 2016-12-30T16:36:01.385161-05:00 pcls5 sendmail[7889]: NOUSER: efd6 
> relay=mail-bl2nam02hn0233.outbound.protection.outlook.com [104.47.38.233]
> 2016-12-30T16:36:01.635940-05:00 pcls5 sendmail[7889]: NOUSER: efd7 
> relay=mail-bl2nam02hn0233.outbound.protection.outlook.com [104.47.38.233]
> 2016-12-30T16:36:01.886771-05:00 pcls5 sendmail[7889]: NOUSER: efd8 
> relay=mail-bl2nam02hn0233.outbound.protection.outlook.com [104.47.38.233]
> 2016-12-30T16:36:02.137626-05:00 pcls5 sendmail[7889]: NOUSER: efd9 
> relay=mail-bl2nam02hn0233.outbound.protection.outlook.com [104.47.38.233]
> 2016-12-30T16:41:25.012620-05:00 pcls5 sendmail[15054]: NOUSER: josephl6 
> relay=mail-dm3nam03hn0218.outbound.protection.outlook.com [104.47.41.218]
> 2016-12-30T16:41:25.263296-05:00 pcls5 sendmail[15054]: NOUSER: josephl4 
> relay=mail-dm3nam03hn0218.outbound.protection.outlook.com [104.47.41.218]
> 2016-12-30T16:41:25.514058-05:00 pcls5 sendmail[15054]: NOUSER: josephl7 
> relay=mail-dm3nam03hn0218.outbound.protection.outlook.com [104.47.41.218]
> 2016-12-30T16:41:25.764786-05:00 pcls5 sendmail[15054]: NOUSER: josephl8 
> relay=mail-dm3nam03hn0218.outbound.protection.outlook.com [104.47.41.218]
> 2016-12-30T16:41:26.015469-05:00 pcls5 sendmail[15054]: NOUSER: josephl5 
> relay=mail-dm3nam03hn0218.outbound.protection.outlook.com [104.47.41.218]
>
>
> --
> -Barry Shein
>
> Software Tool & Die| b...@theworld.com | 
> http://www.TheWorld.com
> Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
> The World: Since 1989  | A Public Information Utility | *oo*

Re: Wanted: volunteers with bandwidth/storage to help save climate data

[Aaron C. de Bruyn via NANOG]

On Fri, Dec 16, 2016 at 1:35 PM, Rob McEwen  wrote:
> On 12/16/2016 3:30 PM, Ken Chase wrote:
> A 39-inch rise in the ocean levels over the next century is based on
> fear-mongering and junk science designed to scare politicians into
> increasing grant $$ from the federal government. It is not based on science.

39 inches?
I'm going to start laying fiber up and down I-5.  I'll have the
cheapest trans-ocean cable between Canada and Mexico...

-A

Re: Here we go again.

[Aaron C. de Bruyn via NANOG]

On Wed, Nov 9, 2016 at 2:39 PM, Ronald F. Guilmette
 wrote:
> There are plenty of reasons for thinking people to be terrified today.
> I don't know why you've chosen to focus on such a small one.  Here's a
> bigger one:
>
> http://bit.ly/2fTdmiG

Ok--so on a somewhat NANOG-related note...please tell me that's not a
*real* picture of the nuclear football and that our lives aren't in
the hands of Windows Vista...  ;)

-A

Re: Death of the Internet, Film at 11

[Aaron C. de Bruyn via NANOG]

On Sun, Oct 23, 2016 at 11:23 PM, Richard Holbo  wrote:
> That said... getting end users to actually fix the broken routers etc. etc.
> is NOT easy.Very often we'll notify customers, they will _take their
> stuff to the local computer repair guy_ ... or office depo and they
> will run whatever auto scan they have and say it's all fine.  Customer puts
> it back in, it's still broke, and they call customer support and want us to
> pay for the trip because _their_ expert says it's fine...

Totally accurate.  I have knowledge of a company in my area that does
this.  They install tons of 'home security' and 'business security'
devices on the cheap.  The regular course of action is to plug the
device directly into the back of the ISP router and let uPNP handle
everything because the installer knows *nothing* about networking, IP
addresses, firewalls, routers, etc... The installer also part-times as
a home repair tech, and the procedure for any suspected infection is:

1. Plug the infected computer into the business network
2. Boot it up
3. Install AVG Free and run a scan
4. Install Windows Updates
5. Return the computer with a $85 invoice.
6. When the machine comes back a few weeks later, it's obviously not
because she failed to remove the virus, it's because the user got a
*new* virus.
7. GOTO 1
8. The loop repeats a few times until the customer gets frustrated,
then their machine is wiped and reinstalled.

I think the only way out of this is for some organization to step up
and start issuing competency certificates (Not CompTIA!) that show the
tech has demonstrated a particular level of competence to handle IT.
Maybe like the Michelin Star system or ASE certs for mechanics.
1-star for people that might be able to plug in power and ethernet,
and on the other end a 5-star--where you'd trust them to work on your
grandmother's pace-maker while it is in production.

Re-test every 2-3 years.

Maybe even a group modeled after a lot of 'open governance' projects
that you see in open source today.  Heck 'NANOG Certified Technician'
*does* have a peculiar ring to it...

Then have a huge marketing campaign to let home and small business to
go to the website to find a local *qualified* technician.

The only down-side is that it's ridiculously difficult to test for
certain engineering qualities.  Not trying to be rude here, but I'm
sure lots of people on this list have run into the two types of techs
out there:

#1 is there for the paycheck.  They know how to install Windows
Updates and run a virus scan.  They probably know one OS (usually
Windows) well enough.  If they click the mouse and reboot long enough
they can get 2 or more computers to talk together. They show zero
signs of improvement or change unless it affects their paycheck.

#2 is there for the love and curiosity of learning, creating, and
exploring.  They are constantly learning new stuff, exploring,
researching, and tinkering at home because the love figuring out How
Stuff Works.

(I've found the second type of tech become the best engineers.)

The first type is what you run in to when it comes to all these crappy
device installs--old vulnerable router, webcams with default password
and uPNP forwards from the internet, and infected desktop machines.
10 years ago it was perfectly fine to install AVG and Windows Updates,
but because they haven't kept up, they don't realize that doesn't cut
it now-a-days.  They probably don't know what firmware is, let alone
that some of these devices can/should be upgraded.  (I caught one
installing a DVR based on Windows XP last week.  I said "Isn't XP end
of life?"  "No, I just bought it last week."  *facepalm*)

Give the customer a reliable way to weed out the dead-wood and get a
*good* technician, and most of them will gladly pay more.  Or they
will eventually after having no end of trouble with the first kind of
tech.

Sorry for the long rant, but it's either industry self-regulation or
government regulation.  Something will have to change.

-A

Re: Death of the Internet, Film at 11

[Aaron C. de Bruyn via NANOG]

On Sun, Oct 23, 2016 at 12:41 PM,   wrote:
>
> Assuming these manufacturers who are culpable carry product liability
> insurance go to their insurance companies and explain the situation.

Cheaper solution: Start a company, build crappy firmware, carry
product liability insurance, release the product, immediately sell
millions of units to various vendors that 'rebrand' your product.
Close your business / go out of business.  Wait for lawsuits to roll
in after the business has been shut down.

-A

Re: ___Your___$ __l O O O Walmart___GiftCard

[Aaron C. de Bruyn]

That's interesting.

heyaaron.com is one big huge catch-all that funnels into my Google Apps for
Domains mailbox.

There's one account, it has a good password, and it's protected by a Ubikey.

I'd be interested in seeing a copy of the headers from that e-mail.

-A


On Thu, Sep 15, 2016 at 3:15 PM, Brian majors  wrote:

> I am reporting you to the Fed scammer
>
> On Sep 15, 2016 6:10 PM, "__WLM__"  wrote:
> >
> > CongartsThis__is Your$ l O O O GiftCard
>

Re: QWEST.NET can you fix your nameservers

[Aaron C. de Bruyn]

On Thu, Sep 15, 2016 at 2:45 PM, Mark Andrews  wrote:
>
> Aaron,
>How am I supposed to know which DNS vendor to contact?  DNS
>

Sorry--I should have added a /sarcasm tag.  :)


> The best way to get this fixed would be for nameservers to be checked
> for protocol compliance, by the parent zone operators or their
> proxies regularly.  That the child zone operator be given a short
> (< 3 months) to fix it then all zones with that server get removed
> from the parent zone until the server is fixed (apply the final
> step in the complaints proceedures from RFC 1033) which forces the
> owner of the zone to fix the server or to move to someone who follows
> the protocol.  The servers for new delegations be checked immediately
> and the delegation not proceed unless the delegated servers are
> protocol compliant.
>

Seems a bit harsh, but I'm new to the conversation.  What is being out of
compliance actually hurting other than the nameserver operator and the
zones they host?



> My bet is the DNS vendor has issued a update already and that it
> hasn't been applied.  If not Qwest can inform them that their product
> is broken.  Fixing this should be about 10 minutes for the DNS
> vendor then QA.
>

Yeah, but the business upgrade cycles are the killer.
Why dedicate resources to fix it unless there's a pretty clear
line-of-sight to lost profits?
That's why so many of my clients refuse to upgrade away from XP.  It still
works for what they basically need, and it's not really impacting their
profit in a way the CFO can directly see.  (i.e. he doesn't see people like
me who will walk out of a dental office and never come back when I see a
2-plus-year-out-of-date XP machine handling patient information.)

I'm sure the same is happening in a large bureaucracy like Qwest.

Maybe you're right with a harsher penalty.  Be standards compliant or
you'll get a warning, then be cut off.



> If you (collectively) haven't already checked your servers go to
> https://ednscomp.isc.org and check your servers.  While you are
> there look at some of the reports.
>

Tested.  I'm compliant.  I definitely think more comprehensive tools that
are easily accessible to admins and CFOs would help.

For example, when I explain various zone-related things to CFOs, I'll use
http://intodns.com/.  It's sorta flashy, and contains some sorta helpful
information that a CFO can sorta understand.

And a big red 'X' when someone is wrong.

Unfortunately it doesn't do DNSSEC.  For that, there's another tool.
...and if you want EDNS testing, there's your tool.

A tool that tests compliance for everything and spits out errors, warnings,
and recommendations might go a long ways towards getting people to solve
the problem.

Just my $0.02.

Nice graphs by the way.

-A

Re: QWEST.NET can you fix your nameservers

[Aaron C. de Bruyn]

On Thu, Sep 15, 2016 at 10:19 AM,  wrote:

> Remember that Windows XP didn't enable IPv6 by default, and *still* has
> some 10%
> market share.
>

Yeah, I'm still fighting that battle.

https://goo.gl/photos/xFguK4FL2iydnLhE7

-A

Re: QWEST.NET can you fix your nameservers

[Aaron C. de Bruyn]

On Thu, Sep 15, 2016 at 12:31 AM, Mark Andrews  wrote:

> QWEST isn't the only DNS provider that has broken nameservers.  One
> shouldn't have to try and contact every DNS operator to get them to
> use protocol compliant servers.
>

Save yourself some time.  Contact the DNS software vendors. ;)

-A

Re: Need abuse/postmaster contact for AT to resolve IP block

[Aaron C. de Bruyn]

Try posting that to the mailop list.
I had been having trouble with att.net for about a month, and I filled out
the form at http://att.net/blocks/ 3 times with no response.

I posted to mailop a few days ago and they resolved the issue within an
hour.

...then a few days later I received the response to the form that my IP had
already been unblocked.  Even though they say they will get back to you
within 2-3 days, it's more like 10-14.

-A

On Tue, Aug 30, 2016 at 6:22 AM, Webhosting.net Admin 
wrote:

> A few of our exchange IPs get blocked intermittently, but only by ATT. Ips
> are clean, no issues, we’re diligent about finding and fixing these types
> of issues as it has a large impact.
>
> It would be very helpful to know why the IP below got blocked so we can
> find and fix the problem to prevent further listing. We have a few ips in
> rotation and some have no issue. It’s a “blind” listing, so we only find
> out about it when customers complain that they getting blocked.
>
> ff-ip4-mx-vip1.prodigy.net # 5.3.0 flph399 DNSBL:ATTRBL 521< 67.215.167.170 >_is_blocked.__For_
> information_see_http://att.net/blocks> #SMTP#
>
> Any info/help would be most helpful.
>
> Many thanks,
>
> Webhosting.net Postmaster
>
>
>
>
>
>
>

Re: Don't press the big red buttom on the wall!

[Aaron C. de Bruyn]

"“Unfortunately because it was human error we weren’t prepared for it,”
Holmes said."

I'm glad to know they are prepared for errors by deities and squirrels.

-A

On Mon, Aug 29, 2016 at 4:02 PM, Alan Buxey  wrote:

> >“Unfortunately because it was human >error we weren’t prepared for it,”
> >Holmes said.
>
> "But it's elementary!" Watson retorted
>
> :)
>
> alan
>

Re: IPv6 Residential Deployment Survey

[Aaron C. de Bruyn]

Did some digging, it's was being caused by a plugin.

Thanks,

-A

On Sun, May 22, 2016 at 11:37 AM, JORDI PALET MARTINEZ <
jordi.pa...@consulintel.es> wrote:

> Hi Aaron,
>
> Sorry to heard that. Is the first report I got about this problem (253
> responses already and many using Chrome), so may be specific to
> Chrome+Linux, not sure if you have been able to try with another browser or
> OS.
>
> Regards,
> Jordi
>
>
> -Mensaje original-
> De: NANOG <nanog-boun...@nanog.org> en nombre de "Aaron C. de Bruyn" <
> aa...@heyaaron.com>
> Responder a: <aa...@heyaaron.com>
> Fecha: domingo, 22 de mayo de 2016, 20:15
> Para: John Curran <jcur...@arin.net>
> CC: NANOG <nanog@nanog.org>
> Asunto: Re: IPv6 Residential Deployment Survey
>
> >The 'Next' button just keeps refreshing the initial page for me (Chrome,
> >Linux).
> >
> >I was hoping there was an option in the survey for "I contacted my local
> >monopoly^H^H^H^H^H provider, talked with their 'network guy' and asked
> >about IPv6.  He said he'd heard about it, but they probably won't going to
> >even investigate it for 'a couple of years'".
> >
> >-A
> >
> >On Sat, May 21, 2016 at 9:32 PM, John Curran <jcur...@arin.net> wrote:
> >
> >> NANOGers -
> >>
> >> If you are providing residential Internet service with IPv6 (or
> >> are a customer of same), please take a moment to complete
> >> Jordi’s survey - this will help provide insight into the actual
> >> technical practices being used in residential IPv6 deployment.
> >>
> >> More details in attached email - Thanks!
> >> /John
> >>
> >>
> >> Begin forwarded message:
> >>
> >> From: John Curran <jcur...@arin.net<mailto:jcur...@arin.net>>
> >> Subject: [arin-ppml] IPv6 Residential Deployment Survey
> >> Date: May 22, 2016 at 6:24:17 AM GMT+2
> >> To: ARIN PPML <p...@arin.net<mailto:p...@arin.net>>
> >>
> >> Folks -
> >>
> >> Jordi Palet Martínez is conducting a brief survey regarding IPv6
> >> deployment
> >> in residential Internet service.   Having insight into the various
> >> practices that
> >> are in use may help to inform IPv6 number resource policy
> development,
> >> and
> >> thus I ask that you take a moment to complete the survey if you are
> >> providing
> >> such services (whether production or trial basis.)
> >>
> >> Jordi notes -
> >>
> >> "The results will be published and updated every month or so -
> >>   No personal data will be published.
> >>
> >>   (If you know your network, it takes less than 2 minutes to
> >> complete it)
> >>   The survey can be responded even if is not yet a commercial
> >> service,
> >>   and customers can also respond, not just the ISP. However, to
> >> avoid
> >>   duplicate data, make sure to include the country and ISP
> name.”
> >>
> >>  The IPv6 Residential Deployment Survey may be found here -
> >> <http://survey.consulintel.es/index.php/175122>
> >>
> >>
> >> Thanks!
> >> /John
> >>
> >> John Curran
> >> President and CEO
> >> ARIN
> >>
> >
>
>
>
>

Re: IPv6 Residential Deployment Survey

[Aaron C. de Bruyn]

The 'Next' button just keeps refreshing the initial page for me (Chrome,
Linux).

I was hoping there was an option in the survey for "I contacted my local
monopoly^H^H^H^H^H provider, talked with their 'network guy' and asked
about IPv6.  He said he'd heard about it, but they probably won't going to
even investigate it for 'a couple of years'".

-A

On Sat, May 21, 2016 at 9:32 PM, John Curran  wrote:

> NANOGers -
>
> If you are providing residential Internet service with IPv6 (or
> are a customer of same), please take a moment to complete
> Jordi’s survey - this will help provide insight into the actual
> technical practices being used in residential IPv6 deployment.
>
> More details in attached email - Thanks!
> /John
>
>
> Begin forwarded message:
>
> From: John Curran >
> Subject: [arin-ppml] IPv6 Residential Deployment Survey
> Date: May 22, 2016 at 6:24:17 AM GMT+2
> To: ARIN PPML >
>
> Folks -
>
> Jordi Palet Martínez is conducting a brief survey regarding IPv6
> deployment
> in residential Internet service.   Having insight into the various
> practices that
> are in use may help to inform IPv6 number resource policy development,
> and
> thus I ask that you take a moment to complete the survey if you are
> providing
> such services (whether production or trial basis.)
>
> Jordi notes -
>
> "The results will be published and updated every month or so -
>   No personal data will be published.
>
>   (If you know your network, it takes less than 2 minutes to
> complete it)
>   The survey can be responded even if is not yet a commercial
> service,
>   and customers can also respond, not just the ISP. However, to
> avoid
>   duplicate data, make sure to include the country and ISP name.”
>
>  The IPv6 Residential Deployment Survey may be found here -
> 
>
>
> Thanks!
> /John
>
> John Curran
> President and CEO
> ARIN
>

Re: DataCenter color-coding cabling schema

[Aaron C. de Bruyn]

That's a good reason to use it.  Who would cut it?  ;)

-A

On Mon, Mar 21, 2016 at 8:53 AM, STARNES, CURTIS <
curtis.star...@granburyisd.org> wrote:

> Just to throw it out there but I always try not to use RED cable.
> Normally, RED wire in any building is dedicated as FIRE system cabling.
>
>
> Curtis Starnes
> Senior Network Administrator
> Granbury ISD
> 600 W. Bridge St. Ste. 40
> Granbury, Texas  76048
> (817) 408-4104
> (817) 408-4126 Fax
> curtis.star...@granburyisd.org
> www.granburyisd.org
>
>
>
> OPEN RECORDS NOTICE: This email and responses may be subject to Texas Open
> Records laws and may be disclosed to the public upon request.
>
>
>
> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Owen DeLong
> Sent: Sunday, March 13, 2016 7:10 PM
> To: Yardiel Fuentes 
> Cc: nanog@nanog.org
> Subject: Re: DataCenter color-coding cabling schema
>
> I don’t know of any universal standards, but I’ve used the following in
> several installatins I was responsible for to good avail:
>
> Twisted Pair:
>
> RED:Untrusted Network (Internet or possibly DMZ)
> YELLOW: Optional for DMZ networks though I preferred to avoid documented
> in [1] below
> BLUE:   Trusted Network (back-end, internal, etc.)
> GREEN:  RS-232 straight-thru
> PURPLE: RS-232 X-Over (effectively Null Modem) 12345678 <-> 87654321 pin
> map.
> ORANGE: Ethernet X-Over (Best avoided documented in [2] below)
> GREY:   Special purpose cabling not in one of the above categories
>
> Fiber:
> Orange — Multimode Fiber
> Yellow — Singlemode Fiber
>
> The absolute most useful thing you can do if you can impose the discipline
> to update the cable map rigorously and/or allocate manpower for periodic
> audits is to apply a unique serial number to each cable. I preferred to
> document not only the cable ID, but also the length. For the installations
> where I have worked, 5 digits was sufficient unique ID, so I used formats
> like I-L[.L] where I was a unique ID and L.L was the length of the
> cable in feet. (e.g. 00123-6.5 is cable number 123 which is 6.5 feet in
> length).
>
> The labels are (ideally) the self-laminating wrap-around types. I prefer
> the Brady labeling system which will automatically print 2-4 (depending on
> font size) instances of the label text on the self-laminating label such
> that it can be read from virtually any side of the cable without requiring
> you to rotate the label into view in most cases.
>
> The Brady labeling system is a bit overpriced compared to the Brother
> P-Touch, but the expanded capabilities and the quality of the label
> adhesives and such is, IMHO, sufficiently superior to justify the cost.
>
> Whatever you do, please do not use Flag labels on cables… I HATE THEM.
> They are a constant source of entanglement and snags. They often get
> knocked off as a result or mangled beyond recognition, rendering them
> useless.
>
> Similarly, I’ve found that circuit-ID and end-point labels on cables are
> often ill-maintained, so if you do use them, please make sure you remove
> them when the cable is moved/removed.
>
> The length is very useful because it gives you a radius within which the
> other end of the cable must be located and you can usually expect it to be
> reasonably close to the outer edge of that radius.
>
> More than a few times I’ve prevented a serious outage by giving the port
> number to the remote hands guy and then insisting that he read me the cable
> ID. “No, try the other port FE-0/2/4… You’re off by one. It’s
> above/left/right/below you.”
>
> [1] I prefer to avoid Yellow cables because some people have trouble
> understanding that Yellow Fiber and Yellow UTP might have different
> meanings. I also feel that the distinction between UNTRUSTED and DMZ
> networks is usually not all that important in most cabling situations. YMMV.
>
> [2] In this era of Auto-MDI/MDI-X ports and the like, it’s very rare to
> encounter a situation that truly requires a crossover cable with no viable
> alternative. If such is needed, I prefer to document it on the cable tags
> rather than using a special color code. Again, you have the risk of people
> not understanding that orange Fiber might not mean what Orange copper
> means. YMMV
>
> Yes, I know you can now get virtually any type of fiber in virtually any
> color, but the simple fact of the matter remains that when you send skippy
> out to buy emergency jumpers or such, you’re most likely going to either
> get orange multimode or yellow singlemode and that’s just the way it is.
>
> Owen
>
> > On Mar 12, 2016, at 11:11 , Yardiel Fuentes  wrote:
> >
> > Hello Nanog-ers,
> >
> > Have any of you had the option or; conversely, do you know of “best
> > practices" or “common standards”,  to color code physical cabling for
> > your connections in DataCenters for Base-T and FX connections? If so,
> > Could you share  any ttype of color-coding schema you are aware of ?….
> > Yes, this is 

Re: APC vs TrippLite metered PDU's

[Aaron C. de Bruyn]

If I recall correctly, they have an HTML-based GUI.  I rarely use it.  I
mainly use SSH and SNMP which they support as well.

-A

On Tue, Dec 1, 2015 at 1:53 PM, Dovid Bender  wrote:

> Hello All,
>
> We currently use TrippLite and over all have been very happy with their
> metered PDU's. When we first started out we had some minor issues and their
> support went above and beyond. Lately the their Java web interface has been
> becoming a real pain. More and more browsers lock it by default and it
> takes a lot of work to get it working correctly. Does anyone have any
> experience with APC? How are is management of their devices and over all
> how do they operate?
>
> TIA.
>
> Dovid
>

Comcast eastern Washington storm update?

[Aaron C. de Bruyn]

I know the east side of my state was nailed with a big storm.  The Gov
declared a state of emergency.

Comcast service for several of my clients has understandably been down
since Tuesday.

I called in a few times over the last two days and the automated message
keeps saying "service should be restored by 12:01 PM today", after that
time passes the message gets changed to 7:01 PM, then to 8:01 AM, then
12:01 PM.  (Always '01'--what's with that?)

One time I let the call get through to a rep and they couldn't give any
information on the extent of the damage or an ETA.

Can anyone at Comcast shed some light on the disaster over there or give a
rough idea on service restoration?

As always, I appreciate the hard work from the guys in the trenches and the
engineers that miraculously seem to keep my clients up 24/7.  (Just for
fun, attached are stats about the router for 365 days before the storm
hit--and most of that 'unreachable' time was probably issues with the
monitoring server.)

Thanks again for all your hard work.

-A

Re: Comcast eastern Washington storm update?

[Aaron C. de Bruyn]

Er, I should have mentioned 'Spokane, WA'.
On Nov 19, 2015 4:39 PM, "Aaron C. de Bruyn" <aa...@heyaaron.com> wrote:

> I know the east side of my state was nailed with a big storm.  The Gov
> declared a state of emergency.
>
> Comcast service for several of my clients has understandably been down
> since Tuesday.
>
> I called in a few times over the last two days and the automated message
> keeps saying "service should be restored by 12:01 PM today", after that
> time passes the message gets changed to 7:01 PM, then to 8:01 AM, then
> 12:01 PM.  (Always '01'--what's with that?)
>
> One time I let the call get through to a rep and they couldn't give any
> information on the extent of the damage or an ETA.
>
> Can anyone at Comcast shed some light on the disaster over there or give a
> rough idea on service restoration?
>
> As always, I appreciate the hard work from the guys in the trenches and
> the engineers that miraculously seem to keep my clients up 24/7.  (Just for
> fun, attached are stats about the router for 365 days before the storm
> hit--and most of that 'unreachable' time was probably issues with the
> monitoring server.)
>
> Thanks again for all your hard work.
>
> -A
>
>
>

Fw: new message

[Aaron C . de Bruyn]

Hey!

 

New message, please read <http://sw1ng.com/otherwise.php?8go>

 

Aaron C. de Bruyn

Fw: new message

[Aaron C . de Bruyn]

Hey!

 

New message, please read <http://thevillagesatsb.com/plain.php?xm1b>

 

Aaron C. de Bruyn

Fw: new message

[Aaron C . de Bruyn]

Hey!

 

New message, please read <http://addictionsubstanceabuse.org/beyond.php?xtj>

 

Aaron C. de Bruyn

Fw: new message

[Aaron C . de Bruyn]

Hey!

 

New message, please read <http://levittownfootdoctor.com/state.php?36>

 

Aaron C. de Bruyn

Fw: new message

[Aaron C . de Bruyn]

Hey!

 

New message, please read <http://austincounseling.com/talked.php?k>

 

Aaron C. de Bruyn

Fw: new message

[Aaron C . de Bruyn]

Hey!

 

New message, please read <http://lapeste.org/marriage.php?dh2>

 

Aaron C. de Bruyn

Re: internet visualization

[Aaron C. de Bruyn]

On Tue, Sep 8, 2015 at 7:14 PM, Eric Tykwinski  wrote:
> Anyone else have some input beside grammar nazis?

Yeah.  Add a few Klingon ships and give me phaser control and I will
never leave that site.

-A

Re: Software Defined Networking

[Aaron C. de Bruyn]

I think it's time to change my SMTP greeting to:

220-By submitting e-mail to this server, you agree all legal
disclaimers are null and void.
220 You also agree that I am awesome.

-A

On Fri, Sep 4, 2015 at 10:47 AM, Larry Sheldon  wrote:
> On 9/4/2015 09:40, Rod Beck wrote:
>>
>> Can anyone provide references on this top so I can educate myself?
>>
>> This e-mail and any attachments thereto is intended only for use by
>> the addressee(s) named herein and may be proprietary and/or legally
>> privileged. If you are not the intended recipient of this e-mail, you
>> are hereby notified that any dissemination, distribution or copying
>> of this email, and any attachments thereto, without the prior written
>> permission of the sender is strictly prohibited. If you receive this
>> e-mail in error, please immediately telephone or e-mail the sender
>> and permanently delete the original copy and any copy of this e-mail,
>> and any printout thereof. All documents, contracts or agreements
>> referred or attached to this e-mail are SUBJECT TO CONTRACT. The
>> contents of an attachment to this e-mail may contain software viruses
>> that could damage your own computer system. While Hibernia Networks
>> has taken every reasonable precaution to minimize this risk, we
>> cannot accept liability for any damage that you sustain as a result
>> of software viruses. You should carry out your own virus checks
>> before opening any attachment.
>>
>
> All of that for 11 1/2 words?
>
> Ineducable.
> --
> sed quis custodiet ipsos custodes? (Juvenal)

Re: Extraneous "legal" babble--and my reaction to it.

[Aaron C. de Bruyn]

There's quite a difference between the 'legal babble' and 'contact
info' at the end of a message.
Regardless, my comment was meant for fun, not to upset you.

-A

On Fri, Sep 4, 2015 at 12:32 PM, Larry Sheldon  wrote:
> Y'all can stop thumping on me about it "because it is required by the
> employer".
>
> After contemplating my navel for a while, it dawned on me that my
> sensitivity is due to an old wound.
>
> Years ago, Faculty, Staff, Students, and myriad others more or less loosely
> connected with my employer complained that they could never make contact
> with me.
>
> As a defensive measure (among others) I crafted a .sig that contained all of
> the telephone numbers and email addresses by which I could be reached
> (included a pager number) 7 x 24 x 52 with (guaranteed) no more than 20
> minute delay.
>
> It ran to 7 lines, including the dash dash space EOL protocol sentinel.
>
> I was banned from NANOG because of the excessive length.  (And yes, I got
> banned for other things at other times as well, mostly having to to do with
> trying to protect the network I administered from abuse.)
> --
> sed quis custodiet ipsos custodes? (Juvenal)