Re: Contact at archive.org
On Wed, Feb 07, 2018 at 01:23:26PM +1100, Ben McGinnes wrote: > Hello, > If there's anyone involved with archive.org's systems team > lurking around here, I'd appreciate being contacted off list. I knew there was a reason I stayed on this list even after departing the ISP, hosting and domain registration space and this, right here, is it. Thanks one and all for demonstrating real networking, in all senses of the term. Regards, Ben P.S. To my fellow GPG users: Don't worry about the revelation that there's a GPG dev in such a cryptographically ignorant (not to mention mathematics denying) and rights eroded country as Australia. I deliberately stay away from the libgcrypt component of GPG for all the reasons that might come to mind (and maybe one or two others). There's plenty else to work on anyway. ;) -- | Ben McGinnes | Adversarial Press | Author and Publisher | | Writer, Trainer, Systems Administrator, Developer, ICT Consultant | | Twitter: @benmcginnes (personal) | @AdversaryPub (publishing) | | Web: http://www.adversary.org/ http://publishing.adversary.org/ | | - | | GPG Made Easy (GPGME) Python 3 API Maintainer, GNU Privacy Guard | | GPG key: 0x321E4E2373590E5D http://www.adversary.org/ben-key.asc | | GPG key fpr: DB47 24E6 FA42 86C9 2B4E 55C4 321E 4E23 7359 0E5D | | https://www.gnupg.org/ https://securetheinternet.org/| | - | | This message may be delayed by failures of the Australian NBN. | | - | signature.asc Description: PGP signature
Contact at archive.org
Hello, If there's anyone involved with archive.org's systems team lurking around here, I'd appreciate being contacted off list. Regards, Ben -- | GPG Made Easy (GPGME) Python 3 API Maintainer, GNU Privacy Guard | | GPG key: 0x321E4E2373590E5D http://www.adversary.org/ben-key.asc | | GPG key fpr: DB47 24E6 FA42 86C9 2B4E 55C4 321E 4E23 7359 0E5D | | https://www.gnupg.org/ https://securetheinternet.org/| signature.asc Description: PGP signature
Re: Russian diplomats lingering near fiber optic cables
On Fri, Jun 02, 2017 at 05:52:43PM +0300, Denys Fedoryshchenko wrote: > > https://www.nanog.org/list > 6. Postings of political, philosophical, and legal nature are prohibited. > It is quite clear. That's a fair point. The crypto dev world does have a tendency to veer into two of those three (political and legal) with a little more regularity, usually by necessity. So I do tend to weave in and out of those "off" topics without getting too hung up on the creeping FUD in some quarters. At times they'll even have practical requirements which need addressing; which is why somewhere in one of my GPGME branches there's a completed ITAR questionairre - definitely political, very legal and absolutely required in order to continue the technical work at all. I'd be surprised if there were not similar types of issues affecting some aspects of various networks. Most likely pertaining to international routes and even more likely subject to confidentiality agreements of various types (not just everyone's favourite bugbear of national security). > I do not deny networks sometimes are deeply affected by political > factors, but current discussion is pure FUD, based on very > questionable MSM source. IMHO any sane person wont like to receive > this trash in his mailbox in list, that supposed to be > politics-free, as there is enough of this garbage in internet. And it's the role of NANOG to make sure all that FUD gets where the conspiracists intended it to go. Isn't it great ... :) > Thanks for the hint, fixed, i use this domain only for old maillist > subscriptions, > so i missed that, after i migrated SMTP to my private server. I entirely understand, I've been tweaking mine a fair bit recently, weighing up the local Postfix instance vs. not having as great a control over the network as I'd like and ultimately deciding to run it all through the MX. I noticed it because I was double-checking return headers to be sure my own systems are doing, more or less, what they're supposed to. Especially since the current MX is set the way it is for technical, legal and political reasons (basically the mail server is in a jurisdiction with *far* greater privacy protections than my own country). Regards, Ben signature.asc Description: PGP signature
Re: Russian diplomats lingering near fiber optic cables
On Fri, Jun 02, 2017 at 10:28:38AM +0300, Denys Fedoryshchenko wrote: > > American diplomats are doing also all sort of nasty stuff in > Russia(and not only), Yes they have and for a very long time. > but that's a concern of the equivalent of FBI/NSA/etc, not operators > public discussion places, unless it really affect operators anyhow. > Just amazing, how NANOG slipped into pure politics. The network(s) have been political for a very long time and will only become more so as time passes. Remember, the engineers wishing for the purity of technical discussion are usually the same ones crying that, "information wants to be free." Well, no matter. You want purely technical, okay, let's start with authorised mail hosts. You need to add 144.76.183.226/32 to the SPF record for visp.net.lb, which is currently triggering softfails everywhere. It might be wise to explicitly state whether or not it is just 144.76.183.226/32 in the SPF record for nuclearcat.com given the deny all instruction for that domain. Regards, Ben -- | GPG Made Easy (GPGME) Python 3 API Maintainer, GNU Privacy Guard | | GPG key: 0x321E4E2373590E5D http://www.adversary.org/ben-key.asc | | GPG key fpr: DB47 24E6 FA42 86C9 2B4E 55C4 321E 4E23 7359 0E5D | | https://www.gnupg.org/ https://securetheinternet.org/| | - | signature.asc Description: PGP signature
Re: Russian diplomats lingering near fiber optic cables
On Thu, Jun 01, 2017 at 07:15:12PM -0700, Joe Hamelin wrote: > > The Seattle Russian Embassy is in the Westin Building just 4 floors > above the fiber meet-me-room and five floors above the NRO tap room. > They use to come ask us (an ISP) for IT help back in '96 when they > would drag an icon too far off the screen in Windows 3.11. We were > on the same floor. So when Flynn & Friends in the Trump Transition Team were trying to establish that back channel link to Vladimir Putin they should've just wandered into the nearest colo facility ... okay, then. I guess they did it the other way because they wanted the trench coats. Regards, Ben signature.asc Description: PGP signature
Re: GeoIP database issues and the real world consequences
On Tue, Apr 12, 2016 at 08:08:29AM +0300, Hank Nussbacher wrote: > On 12/04/2016 00:41, Ricky Beam wrote: > > On Mon, 11 Apr 2016 12:55:11 -0400, Chris Boyd > > wrote: > >> Interesting article. > >> > >> http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/ > > ... > > > > "Until you reached out to us, we were unaware that there were issues..." > > > > Bull! I can dig up dozens (if not hundreds) of emails from coworkers > > and customers who have complained to MaxMind about their asinine > > we-don't-have-a-frakin-clue results. They've known for years! They're > > paid for a definitive answer, not an "unknown", which is why the > > default answer is the same near-the-center-of-the-country lat/lon. He, > > personally, may have had no idea, but MaxMind The Company did/does. > > > > Its called class action lawsuit. Yep. It's also effectively the inverse of the Streisand Effect since the news articles (and hopefully law suit) can only help people in that situation since it's the only way they'd get wide enough coverage of the issue to warn amateur sleuths that any trail that leads there is a dead end. It really says it all when the local sherriff says that his job now includes defending the house against all other law enforcement, state and federal. It's good that they're doing it, but ridiculous that they have to. Regards, Ben signature.asc Description: PGP signature
Re: How to begin making my own ISP?
On 17/09/11 7:34 AM, Charles N Wyble wrote: > On 09/16/2011 04:28 PM, hass...@hushmail.com wrote: >> On Fri, 16 Sep 2011 16:02:39 -0400 Markus >> wrote: >> >> I didn't receive any such email, sorry. Try resending it if you >> still have it ? > > Maybe hushmail blocked it? :) That's not outside the realms of possibility, especially if the sender was using OpenPGP. Hushmail does many odd things with its implementation (e.g. still no support for PGP/MIME or even SHA-2). Regards, Ben signature.asc Description: OpenPGP digital signature
Re: NANOG List Update - Moving Forward
On 15/07/11 12:24 AM, Alex Ryu wrote: > That issue can be resolved by changing email addresses for multiple > language support by using announce...@example.com, > anounce...@example.com ? Yeah, that's how I'd get around it. I think the Document Foundation had some other issues, like wanting addresses to be consistent across a large number of subdomains and I can see their point with it. Obviously it's not a case that NANOG has to deal with. Regards, Ben signature.asc Description: OpenPGP digital signature
Re: NANOG List Update - Moving Forward
On 13/07/11 11:37 PM, Richard Kulawiec wrote: > On Tue, Jul 12, 2011 at 04:13:10PM +0200, Mattias Ahnberg wrote: >> I might have missed some discussion; but why are we moving >> away from mailman, and what software is in the new system? > > Seconded. Mailman is presently the gold standard for mailing list > management Apparently the main exception to this is where you're running multiple lists with similar names, such as when creating lists for multiple languages (e.g. annou...@example.com, annou...@it.example.com, annou...@jp.example.com, etc.). This is the problem the Document Foundation found itself with and they opted for mlmmj (with the exception of one list which does use Mailman), but it has other issues and I definitely wouldn't want to see NANOG go down that path. Since NANOG doesn't need to deal with the similar names/multilingual problem, that shouldn't be an issue. Regards, Ben signature.asc Description: OpenPGP digital signature
Re: Found: Who is responsible for no more IP addresses
On 28/01/11 7:03 AM, Jay Ashworth wrote: > Let me clarify: > > The original question was (so far as I could see): "Was Fox making up the > quote where Vint took the blame for IPv4 exhaustion?" > > The answer, of course, was "no, they didn't; lots of people have the quote". If you want to see and hear footage of him repeating this and explaining, his keynote address to Linux Conf Australia is here: http://linuxconfau.blip.tv/file/4683393/ Regards, Ben signature.asc Description: OpenPGP digital signature
Re: Mastercard problems
On 9/12/10 7:49 PM, William Pitcock wrote: > On Thu, 2010-12-09 at 18:34 +1100, Ben McGinnes wrote: >> On 9/12/10 8:04 AM, Christopher Morrow wrote: >>> On Wed, Dec 8, 2010 at 3:06 PM, Philip Dorr wrote: >>>> The problem is that they were also slashdotted. The logs would also have a >>>> large number of unrelated. >>> >>> pro-tip: the tool has a pretty easy to spot signature. >> >> What is that signature? >> > > The tool makes HTTP/1.0 requests, most browsers make HTTP/1.1 requests. Is there anything else to it, or just the protocol version? Regards, Ben signature.asc Description: OpenPGP digital signature
Re: Mastercard problems
On 9/12/10 8:04 AM, Christopher Morrow wrote: > On Wed, Dec 8, 2010 at 3:06 PM, Philip Dorr wrote: >> The problem is that they were also slashdotted. The logs would also have a >> large number of unrelated. > > pro-tip: the tool has a pretty easy to spot signature. What is that signature? Regards, Ben signature.asc Description: OpenPGP digital signature
Re: wikileaks dns (was Re: Blocking International DNS)
On 3/12/10 3:05 PM, Ken Chase wrote: > All our topics of discussion are merging... (soon: "does > Wikileaks run on 208V?" :) > > http://www.everydns.com/ > > right hand side. > > (sorry to shift the discussion off of uucp... long live > sizone.uucp...) There is a list of mirror sites here: http://wikileaks.info/ There are three IPv4 addresses listed for the cablegate site: 91.194.60.90, 91.194.60.112 and 204.236.131.131. Of these, the first one is not responding (from Australia), the third is an Amazon IP and won't host the site now. The second one is responding, but is not up to date with the full release so far (it has 294 cables, up to November 30). I'm surprised they don't have a proper mirror using a .se, .ch or .is domain. Regards, Ben signature.asc Description: OpenPGP digital signature
Re: wikileaks unreachable
On 29/11/10 1:06 PM, kmedc...@dessus.com wrote: >> Uh... huh? > >>> Just so we are all straight and clear - wikileaks hit is not a >>> 'Distributed' DoS, its a simple DoS - I dont use intermediaries or >>> botnets. Sun Nov 16 - 15:28 EST > >> That would be just about 2 weeks ago. > > Actually, the last time November 16th fell on a Sunday would have been in > 2008. > > So fifty-four weeks ago ... 106 weeks ago. You need more caffeine. ;) Regards, Ben signature.asc Description: OpenPGP digital signature
Re: Tools for teaching users online safety
On 27/10/10 3:01 PM, Joly MacFie wrote: > Also the FTC has set up a comprehensive site to protect kids, including a > guide for parents on kid's use of social networks. > > http://www.onguardonline.gov/ The Australian version has kids, parents and libraries as the primary focus: http://www.cybersmart.gov.au/ I'm sure it's pretty similar otherwise (except for the links to report "offensive" websites for the national blacklist). Regards, Ben signature.asc Description: OpenPGP digital signature
Re: NTP Server
On 25/10/10 2:55 AM, Eugen Leitl wrote: > > For those you care about that: > > http://leapsecond.com/time-nuts.htm Wow ... that's a lot more effort than I'm willing to put in on a time server. Regards, Ben signature.asc Description: OpenPGP digital signature
Re: NTP Server
On 24/10/10 5:44 PM, Peter Lothberg wrote: > > How do you knew that your local NTP server knew what time it is? (for sure) By polling as many stratum 1 and 2 time servers as possible. Having your own stratum 2 server(s) beats nebulous NTP servers out in the big bad Internet every time. Regards, Ben signature.asc Description: OpenPGP digital signature
Re: New hijacking - Done via via good old-fashioned Identity Theft
On 8/10/10 10:00 AM, Leen Besselink wrote: > > k...@domain.tld for when you have a personal domain > key-u...@domain.tld for when you have a server which understand address > extensions Actually I think it's user+...@domain.tld for the second one. At least that's what I've seen for Postfix. Not so sure about other MTAs. Regards, Ben signature.asc Description: OpenPGP digital signature
Re: New hijacking - Done via via good old-fashioned Identity Theft
On 7/10/10 6:28 AM, Eric Brunner-Williams wrote: > On 10/6/10 10:34 AM, Owen DeLong wrote: >> >> Number resources are not and should not be associated with domain >> resources at the policy level. This would make absolutely no sense >> whatsoever. > > hmm. ... "are not" ... so the event complained of ... didn't happen? The key issue here is more the "should not" aspect, which I agree with, but that these records are frequently used by netops to verify a request. There really needs to be a greater standardised level of due diligence regarding advertisement requests that checks more than whether a request is coming from a seemingly legitimate email address. Regards, Ben signature.asc Description: OpenPGP digital signature
Re: New hijacking - Done via via good old-fashioned Identity Theft
On 7/10/10 12:08 AM, Eric Brunner-Williams wrote: > so ... should domains associated with asn(s) and addr block allocations > be subject to some expiry policy other than "it goes into the drop pool > and one of {enom,pool,...} acquire it (and the associated non-traffic > assets) for any interested party at $50 per /24"? Interesting idea, but how do you apply it to ccTLD domains with widely varying policies. All it takes is whois records being legitimately updated to use domain contacts using a ccTLD domain to circumvent. Sounds like more of a stop-gap measure. Regards, Ben signature.asc Description: OpenPGP digital signature