Re: 44.192.0.0/10 sale

[Brian Kantor]

Because questions have arisen here that are well answered by
a short series of postings from the 44net mailing list, at the
request of the author [Phil Karn] and others, I am reposting
them here.
- Brian


From: Phil Karn 
Subject: [44net] 44.192.0.0/10 sale

Hello all,

I've not been active here, but some of you may remember me as the guy
who first got TCP/IP going on amateur packet radio way back in 1986. At
one time, my name was registered as the owner of the block. This makes
me one of a VERY small group of people with any arguable personal
property interest in network 44. And yes, 25% of this space, which is
VERY unlikely to ever be used by hams, has been sold to Amazon.

Rather than try to personally profit from this, we all readily agreed to
place the *entire* proceeds of this sale into a 501(c)(3) charity
chartered to support amateur digital radio and related developments. No
one is buying a yacht or a mansion. As a tax-exempt charity, our tax
returns and related documents will be publicly available so you can see
what is being done. Like the rest of the amateur community, all of you
will have the opportunity to apply for grants and do good things for
amateur radio with them.

73, Phil

_


On 7/18/19 21:25, Gavin Rogers wrote:
> On 19/07/2019 12:19 pm, Phil Karn wrote:
>> Like the rest of the amateur community, all of you
>> will have the opportunity to apply for grants and do good things for
>> amateur radio with them.
> I don't know much about US-registered charities and tax law, but will
> this include amateurs and clubs located outside of the US? 

Sure. We'd like to cast the net as widely as possible for worthy grant
recipients. Doesn't matter where they are in the world, as long as the
purpose is consistent with our charter, which is to benefit amateur
digital radio and related development. That's a worldwide activity.

I suppose US legal restrictions on dealing with certain "pariah"
countries might come into play (e.g., North Korea) but that's a very
short list and there isn't much ham radio in them anyway.

We're already thinking about things like:

Educational grants to students who are hams;

Existing amateur radio 501(c)(3) organizations;

Development of *freely available* technology: hardware, software,
protocols, etc

Field trials, demonstrations, pilot projects, educational outreach, etc;

This list is NOT exhaustive by any means, and in fact we'll be looking
for good ideas from anyone who has them. We want to be as transparent
about this as possible.

Again, though we might have been able to establish a *personal* property
claim over network 44, we all quickly decided to not open that can of
worms and instead sign everything over to the ARDC. Face it, given who
we are we'd probably just spend the money on ham radio development
ourselves. This is a much better way to do it.

73, Phil

_

On 7/18/19 21:38, David Ranch wrote:
>
> Wow!  This is rather big news but has also been VERY opaque to the
> AMPR community.  I'm also surprised that the sale has already occurred
> and not auctioned off to say the highest bidder?  Since ARDC is a
> corporation, when will we learn about the sale price and how this
> money will be *really* spent?
>
> The bottom of https://www.ampr.org/amprnet/ does cover a little of
> this but it's all too vague for my tastes. 


I didn't like the secrecy either, but it was necessary given the nature
of the process. We are precluded by the terms of the sale from giving
precise figures at this time, but suffice it to say that we (Brian,
actually) worked *very* hard to get the best possible price. I am fully
satisfied that he did. Everyone with any arguable legal property
interest in 44/8 was fully informed and consented to give up that
interest and have it benefit ham radio instead. I didn't even think
twice about it.

Remember, this is an IRS 501(c)(3) charity, which means there are strict
rules on transparency, how money can be spent and how it must be
accounted for. Tax returns and other documents are public information.

One of the most important rules for a non-profit, which the IRS takes
pretty seriously, is a prohibition on "self dealing". This is how Donald
Trump's personal charity got shut down.

73, Phil

_

On 7/18/19 22:08, David Ranch wrote:
>
>> I have so many words for the conspiracy theorists and negative
>> naysayers,
>> but Ill hold that back and not contribute to the shitstorm.
>
> My main concern is what will stop the ARDC board from selling the next
> 25% or 50% of 44 space?

The fact that, unlike 44.192.0.0/10, it's being used by hams?

I personally approved the sale on two conditions:

1) The block wasn't being used by hams and had no viable prospect of
being used by hams.

[Editor's note: minor correction: 44.224.0.0/15 *was* in use as an
unrouted internal network by a German ham radio society; they have
been given a 

Re: Bgpmon alternatives?

[Brian Kantor]

That would be wonderful.  Thank you!
- Brian


On Sun, Jun 16, 2019 at 03:59:29AM -0700, Mike Leber wrote:
> I'm sure if it doesn't do exactly that already, we can add it shortly.
> 
> Some of planned functionality for hijack detection is already live. 
> That's one of the main reasons for creating this service.
> 
> Mike.
> 
> On 6/16/19 2:48 AM, Brian Kantor wrote:
> > On Sun, Jun 16, 2019 at 02:25:40AM -0700, Mike Leber wrote:
> >> As a beta service you can try out rt-bgp.he.net.  This is a real time
> >> bgp monitoring service we are developing.
> > It's interesting, but I don't see any way to do what I primarily
> > use the existing BGPMon for: watch for hijacks.
> >
> > That is, set up one or more prefixes to be continuously monitored
> > and have the monitor send me an email alert when that prefix or a
> > subnet of it begins to be announced by someone new.
> >
> > For example, if I have told it to monitor 44.0.0.0/8 and someone
> > somewhere begins announcing it, or perhaps 44.1.0.0/16, I'd very
> > much like to know about that, along with details of who and where.
> >
> > Then if that announcement is authorized, I can tell the monitoring
> > service that this new entry is NOT a hijack, and it won't bug me
> > about it again.
> >
> > Can it be persuaded to do this?
> > - Brian

Re: Bgpmon alternatives?

[Brian Kantor]

On Sun, Jun 16, 2019 at 02:25:40AM -0700, Mike Leber wrote:
> As a beta service you can try out rt-bgp.he.net.  This is a real time
> bgp monitoring service we are developing.

It's interesting, but I don't see any way to do what I primarily
use the existing BGPMon for: watch for hijacks.

That is, set up one or more prefixes to be continuously monitored
and have the monitor send me an email alert when that prefix or a
subnet of it begins to be announced by someone new.

For example, if I have told it to monitor 44.0.0.0/8 and someone
somewhere begins announcing it, or perhaps 44.1.0.0/16, I'd very
much like to know about that, along with details of who and where.

Then if that announcement is authorized, I can tell the monitoring
service that this new entry is NOT a hijack, and it won't bug me
about it again.

Can it be persuaded to do this?
- Brian

Re: Power cut if temps are too high

[Brian Kantor]

I was assuming the EPO trigger is a circuit that is normally OPEN
and is closed when the button is pushed.

If instead, it is a normally-CLOSED circuit, then you are correct,
you would want two thermostats that both OPENED when the temperature
rose, which would typically be HEATING thermostats, not AIR CONDITIONING
thermostats.

Either method could have been installed; in the computer room I
worked in, the EPO was a normally-open circuit that closed when you
hit any one of the buttons placed around the room and at the exits.

Or indeed, if the fire suppression system triggered.
- Brian

On Mon, May 27, 2019 at 06:10:49PM -0400, Brandon Ross wrote:
> On Mon, 27 May 2019, Brian Kantor wrote:
> 
> > A simple air conditioner thermostat wired to the EPO switch.
> > For safety, wire two thermostats in series so BOTH have to trip
> > before power is shut off.
> 
> Admittedly it's been a long time since I worked with basic circuitry, but 
> wouldn't wiring them in series cause the circuit to be interrupted if 
> EITHER thermostat tripped?
> 
> -- 
> Brandon RossYahoo:  BrandonNRoss
> Voice:  +1-404-635-6667ICQ:  2269442
> Signal Secure SMS, Viber, Whatsapp:  +1-404-644-9628 Skype:  brandonross
> Schedule a meeting:  http://www.doodle.com/bross

Re: Power cut if temps are too high

[Brian Kantor]

A simple air conditioner thermostat wired to the EPO switch.
For safety, wire two thermostats in series so BOTH have to trip
before power is shut off.

Note that the EPO rarely does an orderly shutdown, but then this
is a sort of an emergency.
- Brian


On Mon, May 27, 2019 at 02:00:39PM -0400, Dovid Bender wrote:
> Hi,
> 
> Is anyone aware of a device that will cut the power if the room goes above X
> degrees? I am looking for something as a just in case. 
> 
> 
> Regards,
> 
> Dovid
> 

Re: Spamming of NANOG list members

[Brian Kantor]

An interesting development: my posting to this list a few minutes
ago seems to have triggered an autoresponder asking me to confirm
the issuance of a support ticket by Liquid Web, whoever they are.
- Brian


> > On Fri, May 24, 2019 at 08:17:31AM -0700, Brian Kantor wrote:
> > > Anne, the way that such addresses are often harvested is that one of
> > > the spammers (or his agent) becomes a member of the list and simply
> > > records the addresses of persons posting to the list.  They then
> > > get spammed.

Re: Spamming of NANOG list members

[Brian Kantor]

Anne, the way that such addresses are often harvested is that one of
the spammers (or his agent) becomes a member of the list and simply
records the addresses of persons posting to the list.  They then
get spammed.
- Brian


On Fri, May 24, 2019 at 09:07:28AM -0600, Anne P. Mitchell, Esq. wrote:
> Question:  Is the member list with email addresses public??  Otherwise, one 
> has to wonder how they got these addresses?
> 
> Anne

Re: NTP for ASBRs?

[Brian Kantor]

On Wed, May 08, 2019 at 07:47:56PM -0500, Bryan Holloway wrote:
> 100% true. But there is also a practical side to this ...
> 
> When a NOC-ling, in their own local timezone, says, "hey, what happened 
> two hours ago?", they have to make a calculation. And that calculation 
> annoyingly depends on the time of year in many if not most locales 
> worldwide. And to make matters worse, some folks change at different 
> times of the year, so, if you're a global network 
> 
> Hawai'i and Arizona can add/subtract without looking at the damn 
> calendar. I'm just sayin' I'd like to see more of that.

Clocks are cheap. I have two on the wall; one is local time and
the other is marked GMT.
- Brian

Re: BGP Experiment

[Brian Kantor]

On Sun, Jan 27, 2019 at 01:21:56PM -0500, William Allen Simpson wrote:
> On 1/26/19 6:37 PM, Randy Bush wrote:
> > to nick's point.  as nick knows, i am a naggumite; one of my few
> > disagreements with dr postel.  but there is a difference between
> > writing protocol specs/code, and with sending packets on the global
> > internet.  rigor in the former, prudence in the latter.
> > 
> OK, Randy, you peaked my interest: what is a naggumite?
> 
> Many of us disagreed with Jon Postel from time to time, but he
> usually understood the alternative points of view.

I fondly recall that Erik could be quite acerbic, as I think is
well exemplified by this:

   "If I had to deal with you professionally, I would have told you
   to hold the onions and give me large fries."   - Erik Naggum

Unfortunately, I don't recall to whom he said that; I suppose I am
lucky that it wasn't me.
- Brian

Re: BGP Experiment

[Brian Kantor]

On Thu, Jan 24, 2019 at 03:49:46PM -, adamv0...@netconsultings.com wrote:
> This actually makes me thing that it might be worthwhile including these
> types of test to the regression testing suite.
> So that every time we evaluate new code or vendor we don't only test for
> functionality, performance and scalability, but also for robustness 
> i.e. sending a whole heap of trash down the sockets which are accessible
> form the Internet (via the iACL holes), to limit the scope of the test.
> 
> Rather than relying on experiments to notify us the hard way that something
> is not right.
> 
> adam

I agree.

It seems to me that testing with almost-valid data (well formed,
but with disallowed values) as well as fuzz-testing are essential
parts of software quality control.
- Brian

DNS Flag Day, Friday, Feb 1st, 2019

[Brian Kantor]

Quoting from the web site at https://dnsflagday.net/

  What is happening?

  The current DNS is unnecessarily slow and suffers from inability  
  to deploy new features. To remediate these problems, vendors of
  DNS software and also big public DNS providers are going to
  remove certain workarounds on February 1st, 2019.

  This change affects only sites which operate software which is
  not following published standards. Are you affected?

On that web page, there is a Domain Owner's test.  You can enter
a domain name and click 'test' and shortly receive a report of
what was found regarding your domain's DNS servers.

I somehow managed to miss the announcement of this upcoming event,
even though I read this mailing list fairly closely.  Perhaps it
was announced somewhere else instead.  I think it needs to be
mentioned here if it hasn't already been.
- Brian

Re: plaintext email?

[Brian Kantor]

On Tue, Jan 15, 2019 at 02:23:48PM -0500, valdis.kletni...@vt.edu wrote:
> Without reading further... which of your recent postings is this a reply to?
> Obviously you already know, because you said you don't need to see the
> text to know the context...

Gentlemen, this is getting petty.  Perhaps it's time to drop
the subject?  Or at least take it to private email?
- Brian

Re: Top Posting Was: Re: plaintext email?

[Brian Kantor]

> > Why must there be a hard rule about top posting?

It is my belief that whether to 'top post' or 'bottom post' may
largely depend on the characteristics of the medium.

In USENET, bottom posting was preferred because messages often
arrived out of order, and occasionally did not arrive at all, thus
supplying the context of the reply before the reply itself would
argueably increase the chance that a reply would be fully understood.
Conversations might span days with only a very few contributions
each day, and the context could be helpful.

In modern Internet email, messages rarely are delayed very much,
and rarely are lost in transit.  In that environment, top posting
allows someone who has been following the discussion closely may
continue to follow it without the distraction of having to page
past repeated text which he or she has already read and digested.

But against simply omitting that context, at the bottom, it is there
for those who would like to refresh their memory of previously-discussed
points or for whom the mail did not arrive, or arrived late or out
of order.

Interleaved posting, such as might be used in a question-and-answer
message, has a number of advantages over strict adherence to 'top'
or 'bottom' exclusively.

Conclusion: it pays to be versatile.
- Brian

Re: plaintext email?

[Brian Kantor]

On Mon, Jan 14, 2019 at 12:12:34PM -0500, Christopher Morrow wrote:
> Isn't the underlying assumption with non-plaintext that: "I know what will
> work better for you than you do"

I suspect that the increasing use of very long lines in the expectation
that the recipient's mail client will wrap them "appropriately"
leads to mail clients reformatting and wrapping lines in complete
disregard for the formatting that the sender used.

For example, the previous paragraph was sent consisting of four
lines.  If it didn't display that way for you, your mail client
may have reformatted it.  Had I wanted to use the formatting to
convey some information, that would have been lost.

A quote from many years ago that I feel is still relevant:

"Good spelling, punctuation, and formatting are essentially the on-line
equivalent of bathing."   -- Elf Sternberg

- Brian

Re: (Netflix/GlobalConnect a/s) Scheduled Open Connect Appliance upgrade is starting

[Brian Kantor]

On Sun, Jan 13, 2019 at 11:24:56PM -0500, valdis.kletni...@vt.edu wrote:
> The September That Never Ended was so long ago that pretty much
> everybody from before that event is now well into "get off my lawn"
> territory.

Yes, I'm afraid we are.

But I think it's more "get off my net".

...!moskvax!kgbvax!kremvax!brian

Re: (Netflix/GlobalConnect a/s) Scheduled Open Connect Appliance upgrade is starting

[Brian Kantor]

On Sun, Jan 13, 2019 at 07:02:43PM -0800, James Downs wrote:
> Now if only we could get everyone to stop top-posting.

The only way you'll get people to stop top-posting is to get them
to stop including every d*mn message in the thread in every posting.

With all that cr*p in there, any response at the bottom is lost.

Clearly, editing inclusions is a lost art.
- Brian

Re: plaintext email?

[Brian Kantor]

On Sun, Jan 13, 2019 at 01:50:58PM -0600, Mike Hammett wrote:
> People use plain-text e-mail on purpose? 

Are you trying to start another flame war?

But to answer your question, yes.
- Brian

Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Brian Kantor]

>From this point forward, all mail containing the phrase "TLS on
port 26" in the Subject line will be shunted into my junk mail box,
unread, because I do not wish to see any more correspondence on
this matter.

'procmail' is my friend.
- Brian


On Sun, Jan 13, 2019 at 03:20:26AM +0530, Viruthagiri Thirumavalavan wrote:
> Hello Mr. Levine,
>   [...]

Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues

[Brian Kantor]

On Fri, Jan 11, 2019 at 10:30:57AM -0600, Mike Hammett wrote:
> No HTTPS?!?! Where are the tar and feathers??!?!! 
> 
> This isn't something that needs HTTPS. 
> - 
> Mike Hammett 
> Intelligent Computing Solutions 

True, but our browser overlords would condemn it because they seem
to believe that EVERYTHING should be guarded by https.
- Brian

Re: Proofpoint Mail Delivery Issues

[Brian Kantor]

On Thu, Jan 10, 2019 at 10:01:07AM -0600, Mike Hammett wrote:
> There is a mailing list dedicated to email system operators. 
> - 
> Mike Hammett 
> Intelligent Computing Solutions 
> Midwest Internet Exchange 
> The Brothers WISP 

Would you have subscription information for that mailing list,
please?
- Brian

Re: Stupid Question maybe?

[Brian Kantor]

/24 is certainly cleaner than 255.255.255.0.

I seem to remember it was Phil Karn who in the early 80's suggested
that expressing subnet masks as the number of bits from the top end
of the address word was efficient, since subnet masks were always
a series of ones followd by zeros with no interspersing, which
was incorporated (or independently invented) about a decade later
as CIDR a.b.c.d/n notation in RFC1519.
- Brian

Re: How to choose a transit provider?

[Brian Kantor]

On Fri, Dec 14, 2018 at 03:26:56PM -0200, Mehmet Akcin wrote:
> Probably you also have never got the best possible pricing ;-)

Ugh.  Requiring an NDA to get best pricing is a  business practice 
that makes me feel I need to wash my hands after dealing with them.
- Brian

Re: How to choose a transit provider?

[Brian Kantor]

On Fri, Dec 14, 2018 at 04:07:08PM +, David Guo via NANOG wrote:
> First of all, sign NDA if possible, then ask the following questions:

Why in heaven's name would you *want* to sign an NDA?  Aren't you better
off without one?
- Brian

Re: It's been 20 years today (Oct 16, UTC). Hard to believe.

[Brian Kantor]

On Tue, Oct 16, 2018 at 02:01:48PM -0400, Daniel Corbe wrote:
> The one thing I remember about Postel, other than the fact that he had his  
> fingers in a lot of DNS pies, is be liberal about what you accept, be  
> conservative about what you send.  It’s a notion that creates undo burden  
> on the implementor, because it places the expectation on the that you need  
> to account for every conceivable ambiguous corner case and that’s not  
> always the best approach when implementing a standard; and it mostly arises  
> from the lack of adherence to the second part of that statement.

I think that his aphorism is simply a recognition that NO standard
can cover all cases that might arise when dealing with complex
matters, no matter how much thought went into it.  People are
fallible, and the standards they write are inevitably flawed in
some way, so a realistic implementor has to allow some slack or be
continually engaged in finger-pointing when something doesn't work.
- Brian

Re: It's been 20 years today (Oct 16, UTC). Hard to believe.

[Brian Kantor]

How soon we forget!

It was a telephone call to Jon (there was no email) in 1981 that
got my group the network that I still manage.  He was the editor
for the three RFCs that have my name on them.  I remember him as a
brilliant, kindly, efficient, helpful, and dedicated giant of the
early Internet.
- Brian


On Mon, Oct 15, 2018 at 10:00:33PM -0400, Rodney Joffe wrote:
> At NANOG two weeks ago, we had an interesting discussion at one of the lunch 
> tables. One of the subjects we discussed was the original IANA, and RFC 
> Editor, Jon Postel.
> 
> Seven of the ten people at the table had never heard of him. Maybe these days 
> it no longer matters who he was, and what he meant to where we are today.
> 
> 
> 
> For those who care about the history of the Internet, and routing and 
> addressing. And protocols…
> 
> https://tools.ietf.org/html/rfc2468
> 
> Oct 16, 1998.

Re: bloomberg on supermicro: sky is falling

[Brian Kantor]

I understand that in some countries the common practice is that the
waiter or clerk brings the card terminal to you or you go to it at the
cashier's desk, and you insert or swipe it, so the card never leaves
your hand.  And you have to enter the PIN as well.  This seems
notably more secure against point-of-sale compromise.
- Brian

On Wed, Oct 10, 2018 at 04:01:07PM +, Naslund, Steve wrote:
> Sure and with the Exp Date, CVV, and number printed on every card you are 
> open to compromise every time you stay in the hotel or go to a restaurant 
> where you hand someone your card.  Worse yet, the only option if you are 
> compromised is to change all your numbers and put the burden on your of 
> notifying everyone and that evening you hand your card to the waiter and the 
> cycle starts over.  The system is so monumentally stupid it’s unbelievable.
> 
>   Steven Naslund
> 
>  Chicago IL

Re: bloomberg on supermicro: sky is falling

[Brian Kantor]

On Wed, Oct 10, 2018 at 02:21:40PM +, Naslund, Steve wrote:
> For example, with tokenization there is no reason at all for any
> retailer to be storing your credit card data (card number, CVV, exp
> date) at all (let alone unencrypted) but it keeps happening over
> and over.

It's been a while since I've had to professionally worry about this,
but as I recall, compliance with PCI [Payment Card Industry] Data
Security Standards prohibit EVER storing the CVV.  Companies which
do may find themselves banned from being able to process card
payments if they're found out (which is unlikely).
- Brian

Re: Oct. 3, 2018 EAS Presidential Alert test

[Brian Kantor]

Many of those lightweight UPS units have a very small battery in
them and are really designed to 1) carry the computer across a power
flicker, or 2) provide a few minutes to shut down the computer in
a controlled manner.

Units with much bigger batteries to last a day are much more expensive
and much heavier.

If you're thinking of investing in one, download the manual and
take a look at the runtime-vs-load chart.  I believe you'll be
disappointed.  I was.
- Brian


On Tue, Oct 09, 2018 at 02:50:10PM -0400, b...@theworld.com wrote:
> 
> A good home investment people don't immediately think of (I'm sure
> some here have) is one of those inexpensive computer UPS's.  An
> off-the-shelf 1500VA is usually under $200 or thereabouts.
> 
> One can run anything off one, like a radio or lamp. Not a lot but I'd
> imagine 1500VA would keep a small radio and 6W LED 100W equivalent
> lumens running for 24 hours? Probably more. And it'll recharge phones,
> batteries, etc.

Re: Oct. 3, 2018 EAS Presidential Alert test

[Brian Kantor]

On Oct 7, 2018, at 12:23 PM, b...@theworld.com wrote:
> That was one advantage of the old air raid siren system, it was
> difficult to ignore and required nothing special to receive (hearing
> impaired excepted.)

_Wired_ has an interesting history of the various networked and
standalone national alert systems that FEMA and its predecessors
have tried over the years, many of them of limited success:

https://www.wired.com/story/presidential-text-alert-fema-emergency-history/

- Brian

https://www.dpvintageposters.com/cgi-local/detail.cgi?d=2469

Re: Oct. 3, 2018 EAS Presidential Alert test

[Brian Kantor]

Alert was received on two Tracfone (Verizon?) Android in San Diego.

A few minutes later, cable (Spectrum/TimeWarner) music service was
interrupted by the alert tones, then a voice announcement began but
cut off mid-word and the music resumed less than 5 seconds into the
announcement.  No terminating alert tones were heard.

My AT (formerly PacBell) landline rang around that time but as I
never answer it, I don't know if it was related.  No message was
recorded.
- Brian

Re: NANOG Security Track: Route Security

[Brian Kantor]

> To ensure unimpeded information sharing and discussion, the
> Security Track will not be broadcast or recorded.

I fail to understand how making the presentations secret from all
except those attending in person promotes information sharing.
Could whoever made this seemingly contradictory decision explain
the reasoning behind it?
- Brian

Re: California fires: smart speakers and emergency alerts

[Brian Kantor]

I can see my way clear to supporting this bill ONLY if it ALSO
proposes to enhance the liabilities for officials of agencies
who issue a false or disproportionate alert.
- Brian

On Thu, Jul 26, 2018 at 12:11:36PM -0400, Sean Donelan wrote:
> Also shouldn't be a surprise. Senator Schatz and Representative Gabbard 
> have introduced bills to study the feasibility of establishing systems 
> and signalling for emergency alerts to Internet audio and video streaming 
> services. Its just a proposed bill for a study, for now.

Re: unwise filtering policy on abuse mailboxes

[Brian Kantor]

On Tue, Jul 24, 2018 at 04:19:22PM -0700, Dan Hollis wrote:
> can we please just stop this nonsense?
> 
> ip under your direct control originates sewage. you should accept reports 
> as-is.
> 
> requiring victims of your sewage to go through special contortions to 
> report it to you is not acceptable.
> 
> >   - The following addresses had permanent fatal errors -
> > 
> >(reason: 550 "The mail server detected your message as spam and has 
> > prevented delivery.")


ab...@fsec.or.kr and c...@fsec.or.kr do the same thing.
- Brian

FSEC.OR.KR

[Brian Kantor]

Does anyone have a working contact email address for i...@fsec.or.kr?

>From time to time we receive a security complaint from them, usually
involving an IP address on our network that we know is not in use.

They claim to represent the Financial Security Institute(FSI) of
Korea, and usually say they may contact law enforcement in both our
and their country.  They request that we advise them of our action
in whatever matter they happen to be complaining about.

So far, so good.  But...

There is no record of fsec.or.kr at the APNIC nor KRNIC.

All attempts to reply to these folks are in vain; they reject EVERY
reply message - even "hello world" - with the rejection notice that
the message contains spam.

Before I put them in my 'smtp connection refused' list, I'd like
to discuss the matter with them, or to at least let them know that
they have a severe CRIS problem.
- Brian

Re: (perhaps off topic, but) Microwave Towers

[Brian Kantor]

> > I find myself driving down Route 66.  On our way through Arizona, I was 
> > surprised by what look like a lot of old-style microwave links.  They 
> > pretty much follow the East-West rail line - where I'd expect there's a lot 
> > of fiber buried.

Could they be a legacy of the Southern Pacific Railroad Internal Network 
Telecommunications,
now known under the acronym SPRINT?
- Brian

Re: What are people using for IPAM these days?

[Brian Kantor]

On Wed, Jun 13, 2018 at 11:25:47AM -0700, Randy Bush wrote:
>  emacs!
> >>> vim!
> >> ed!
> > TECO!
>  cat
> >>> IBM 029.
> >> Youngster.  IBM 026.
> > Infants!  Hollerith (IBM Type 1). I still own it.
> 
> but i actually do use emacs

For IP address management, I use a homebrew Perl web application
that is a front end to a postgres database and allows entry, update,
deletion and display.  There is a 'C' program which acts as a back
end, and builds the Bind zone files and the dhcp table from the
contents of the database when there is a change in the DB, as sampled
every 15 minutes.  There is also a batch update program to make
multiple changes to the database when that becomes necessary.
- Brian

Re: What are people using for IPAM these days?

[Brian Kantor]

On Tue, Jun 12, 2018 at 06:29:12PM -0500, Bryan Holloway wrote:
> On 6/12/18 1:52 PM, Chris Adams wrote:
> > Once upon a time, Randy Bush  said:
> >>> If you start with Excel, down Will It Scale Road, you will be sorry,
> >>> so very sorry.  Especially when it comes to v6.
> >>
> >> emacs!
> > 
> > vim!
> > 
> 
> ed!

TECO!

NTIA: Should the IANA Stewardship Transition be "unwound?"

[Brian Kantor]

The US NTIA (National Telecommunications and Information Administration)
has published an inquiry as to whether its transfer of stewardship of
IANA to ICANN in 2016 should be "unwound."  They are requesting comments
from interested parties to be sent to them by early July.

Quoting _The Register_:

"The US government has formally asked whether it should reassert
its control of the internet's administrative functions, effectively
reversing a handover to non-profit organization ICANN two years ago."

http://www.theregister.co.uk/2018/06/05/us_government_icann_iana/

and

https://regmedia.co.uk/2018/06/05/ntia-internet-policy-noi-jun18.pdf

- Brian

Re: Whois vs GDPR, latest news

[Brian Kantor]

An article in The Register on the current status of Whois and the GDPR.

https://www.theregister.co.uk/2018/05/16/whois_privacy_shambles/

Whois vs GDPR, latest news

[Brian Kantor]

A draft of the new ICANN Whois policy was published a few days ago.

https://www.icann.org/en/system/files/files/proposed-gtld-registration-data-temp-specs-14may18-en.pdf

>From that document:

"This Temporary Specification for gTLD Registration Data (Temporary
Specification) establishes temporary requirements to allow ICANN
and gTLD registry operators and registrars to continue to comply
with existing ICANN contractual requirements and community-developed
policies in light of the GDPR. Consistent with ICANN’s stated
objective to comply with the GDPR, while maintaining the existing
WHOIS system to the greatest extent possible, the Temporary
Specification maintains robust collection of Registration Data
(including Registrant, Administrative, and Technical contact
information), but restricts most Personal Data to layered/tiered
access. Users with a legitimate and proportionate purpose for
accessing the non-public Personal Data will be able to request
such access through Registrars and Registry Operators. Users will
also maintain the ability to contact the Registrant or Administrative
and Technical contacts through an anonymized email or web form. The
Temporary Specification shall be implemented where required by the
GDPR, while providing flexibility to Registry Operators and Registrars
to choose to apply the requirements on a global basis based on
implementation, commercial reasonableness and fairness considerations.
The Temporary Specification applies to all registrations, without
requiring Registrars to differentiate between registrations of legal
and natural persons. It also covers data processing arrangements
between and among ICANN, Registry Operators, Registrars, and Data
Escrow Agents as necessary for compliance with the GDPR."

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

[Brian Kantor]

On Tue, May 15, 2018 at 05:34:31AM -0400, Rich Kulawiec wrote:
> On Mon, May 14, 2018 at 01:47:50PM +0530, Suresh Ramasubramanian wrote:
> > TL;DR = Don't use HTML email [snip]
> 
> That's enough right there.  HTML markup in email is used exclusively
> by three kinds of people: (1) ignorant newbies who don't know any
> better (2) ineducable morons who refuse to learn (3) spammers.
> There are no exceptions.
> 
> ---rsk

Ah, if it only were those.  But the infestation has spread; nearly
every corporate communication these days is polluted by HTML, with
a very high percentage of that containing no content other than
hyperlinks that say, in one form or another, "click on this link
to read your message."

Banks especially.

I imagine some fool told them this improves security, and they were
stupid enough to believe it.
- Brian

Re: Is WHOIS going to go away?

[Brian Kantor]

Steve,

I believe you are mistaken as to current law in the USA:

The Supreme Court has ruled repeatedly that the right to anonymous
free speech is protected by the First Amendment. A frequently cited
1995 Supreme Court ruling in McIntyre v. Ohio Elections Commission
reads: Anonymity is a shield from the tyranny of the majority...

Google for that phrase "anonymity is a shield from the tyranny of
the majority" to see more references.

I'll drop the discussion here, as it's likely to only continue down
the rathole and I've said my piece.
- Brian

Re: Is WHOIS going to go away?

[Brian Kantor]

Steve,

I think you should re-examine the early history of the USA.  Anonymous
pamphleteering was the origin of our rebellion against England,
with Benjamin Franklin and many of the other founding fathers
publishing without their identities being registered anywhere.  The
Federalist Papers which form the basis for our system of government
were published anonymously.  It's a fundamental part of our liberties.

No COMMERCIAL publisher will do that himself, but any individual
who wants to may do so.  "Freedom of the Press is guaranteed only
to those who own one", and with the Internet, for the first time
in many years, it is again practical to publish anonymously.

It is the entrenched powers who want to require strict identification
of all sources.

I refer you to the Electronic Frontier Foundation website, and to
the Internet law blog, and the Reporters Committee for freedom of
the press, and any good American History book for further information.
- Brian


On Fri, Apr 20, 2018 at 08:53:06PM +, Naslund, Steve wrote:
> No one ever had the liberty of publishing information to the public without 
> accountability.  There are tons of laws protecting you from false statements 
> and communications intended to harm your reputation or damage your business.

Is WHOIS going to go away?

[Brian Kantor]

There is concern that the WHOIS database service will be in violation
of the new European GDPR which takes effect May 25th, and may have
to shut down.

http://www.theregister.co.uk/2018/04/14/whois_icann_gdpr_europe/

https://www.icann.org/en/system/files/correspondence/jelinek-to-marby-11apr18-en.pdf

- Brian

Re: Are any of you starting to get AI robocalls?

[Brian Kantor]

On Thu, Apr 05, 2018 at 10:20:29AM -0400, William Herrin wrote:
> For example, Vonage implementing Simultaneous Ring, you want to see
> the original caller id on your cell phone, not your vonage number even
> though Vonage is bridging the call to your cell phone.
> 
> More, the PBX may have trunks from multiple vendors and may use a
> different outbound vendor than the call arrives on, so you can't even
> reliably implement a rule that the outbound caller ID is rejected
> unless there's an active inbound call with the same caller id.
> 
> Regards,
> Bill Herrin

So the logical conclusion is that caller ID is useless as an
anti-vspam measure and the situation is hopeless, so the only
solution is to not personally answer the phone at all -- let voice
mail take a message.

This is what I have adopted on my personal landline.  With the
ringers disconnected.  Although I get probably a half-dozen incoming
calls a day, perhaps one a week will leave a message.  Most of those
messages are recorded announcements that started playing even before
the voicemail greeting finished.
- Brian

Re: Yet another Quadruple DNS?

[Brian Kantor]

On Tue, Apr 03, 2018 at 12:09:27PM +0200, Stephane Bortzmeyer wrote:
> On Tue, Apr 03, 2018 at 03:01:19AM -0700,
>  Brian Kantor <br...@ampr.org> wrote 
>  a message of 12 lines which said:
> 
> > > That would be a terrible violation of network neutrality. I hope
> > > that such ISP will go bankrupt.
> > 
> > On the contrary: it will enable them to collect more usage
> > statistics and from that sell more directed advertising.  They will
> > make MORE money off doing so.  And so they will.
> 
> Then, I'm going to stop reading NANOG and go to the movie
> instead. Because, in the movies, the bad guys lose.

Yes, I'm afraid that the situation is now like that of commercial
television - those who were the clients are now the product, and
the real paying customer is the advertisers.
- Brian

Re: Yet another Quadruple DNS?

[Brian Kantor]

On Tue, Apr 03, 2018 at 11:54:36AM +0200, Stephane Bortzmeyer wrote:
> On Sun, Apr 01, 2018 at 02:03:41PM -0600,
>  Paul Ebersman  wrote 
> > As long as ISPs don't actually disallow running of recursive servers
> 
> That would be a terrible violation of network neutrality. I hope that
> such ISP will go bankrupt.

On the contrary:  it will enable them to collect more usage statistics
and from that sell more directed advertising.  They will make MORE
money off doing so.  And so they will.
- Brian

Re: Yet another Quadruple DNS?

[Brian Kantor]

On Mon, Apr 02, 2018 at 09:07:07AM +, Baldur Norddahl wrote:
> The problem I see here is the five year research term after which they may
> or may not revoke the use of the prefix.
> 
> This is harmful. Such services should be stable. If you are going to let
> cloudflare run this service, it should be permanent.
> 
> Regards
> 
> Baldur

I would maintain that in the context of hi-tech for-profit industry
and the Internet, five years is a very close approximation of
permanent.
- Brian

Re: Yet another Quadruple DNS?

[Brian Kantor]

On Thu, Mar 29, 2018 at 09:08:38AM -0500, Chris Adams wrote:
> I've never really understood this - if you don't trust your ISP's DNS,
> why would you trust them not to transparently intercept any well-known
> third-party DNS?

Of course they could.  But it's testable; experiments show that they
aren't doing so currently.
- Brian

Re: Yet another Quadruple DNS?

[Brian Kantor]

On Thu, Mar 29, 2018 at 09:38:09AM -0400, Izaac wrote:
> No, the real question is: why do you find it desirable to centralize a
> distributed service?

I believe that centralized DNS resolvers such as 8.8.8.8 are of
benefit to those folks who can't run their own recursive resolver
because of OS, hardware, or skill limitations, and yet do not trust
the ones provided by their ISPs.

I use 9.9.9.9 for my home desktop to avoid the interception of my
DNS queries by my cable company.  I'd very much rather get an
NXDOMAIN than a connection to some web server that wants to offer
me a "helpful" web page, even when I'm running a non-web client
like ssh or 'dig'.

And I'd really like not to enrich my ISP's trove of information about
my browsing habits by them recording all my DNS lookups.  Of course,
9.9.9.9 could be collecting that information, but they're in less
of a position to insert ads than my cableco is.
- Brian

Re: any contact at mycheckfree.com

[Brian Kantor]

As is often the case, the Lynx text-only browser will connect
successfully when other browsers won't, and did enable me to
navigate to the 'contact us' page.  

"For inquiries, please contact us at 800-564-9184.  Support hours
are from 8:00 A.M. to 9:00 P.M., ET, Monday through Friday, and
from 8:00 A.M. to 5:00 P.M., ET, on Saturday and Sunday."

Sometimes the primitive mechanisms work better.
- Brian

On Sun, Mar 18, 2018 at 09:56:01AM -0500, Chris Adams wrote:
> Once upon a time, Randy Bush  said:
> > i am using both ffox 59.01 and chrome 65.0.3325.162 on latest macos high
> > sierra.  i am trying to connect to mycheckfree.com
> 
> https://www.ssllabs.com/ssltest/analyze.html?d=mycheckfree.com
> 
> -- 
> Chris Adams 

Re: Contact info for AS1880 - STUPI.SE (Svensk Teleutveckling & Produktinnovation)

[Brian Kantor]

Thank you all for your help.  The matter has been satisfactorily
resolved.
- Brian


On Sun, Mar 04, 2018 at 07:20:13PM -0800, Brian Kantor wrote:
> Does anyone have contact info for the peering folks at
> AS1880, Svensk Teleutveckling & Produktinnovation in Sweden?
> 
> They appear to be advertising a subnet of our network
> space without permission.  Their WHOIS entry at RIPE does
> not list any contact email addresses.
> 
> Any information would be appreciated.  Off-list is fine.
> 
> Thank you.
>   - Brian

Contact info for AS1880 - STUPI.SE (Svensk Teleutveckling & Produktinnovation)

[Brian Kantor]

Does anyone have contact info for the peering folks at
AS1880, Svensk Teleutveckling & Produktinnovation in Sweden?

They appear to be advertising a subnet of our network
space without permission.  Their WHOIS entry at RIPE does
not list any contact email addresses.

Any information would be appreciated.  Off-list is fine.

Thank you.
- Brian

Re: Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

[Brian Kantor]

It seems to me that since peer pressure hasn't worked, it's time
to resort to legal means.  Have a talk with your own organization's
lawyers, explain to them how much time and money those folks are
costing your organization, and see if there isn't something you can
do in the way of billing for the time, small claims court, stern
letters from your lawyers to their legal department, criminal
illegal-computer-access complaints, etc.
- Brian

Re: Blockchain and Networking

[Brian Kantor]

It seems to me that at the current moment in the evolution of bitcoin, the
only way to make money from it is to sell the equipment to mine coins, as
the chances of ever making any money from mining coins yourself are
vanishingly small.  And then only if you get your electricity and cooling
for free.

It has been estimated that the amount of electricity being consumed worldwide
in the attempt to mine bitcoins exceeds the consumption of several smaller
European countries.  Since little of this power is generated from renewable
sources, it could represent a significant consumption of fossil fuels.
- Brian


On Tue, Jan 09, 2018 at 10:49:52AM -0500, Jean | ddostest.me via NANOG wrote:
> BTC miners use asics. Big switches/routers use 100Gb asics. Some
> switches have multiple 100 Gb asics and sometimes only half is use or
> even less.
> 
> I guess it could be nice for some smaller telcos to generate some profit
> during off peak period. I don't know how feasible and I fully understand
> that the vendor warranty should be instantly void.
> 
> Also, sometimes telcos have off the shelves spare that gather dust for
> years... It could be interesting to also generate few coins.
> 
> Jean

Re: Waste will kill ipv6 too

[Brian Kantor]

On Sat, Dec 30, 2017 at 02:46:49AM +, Gary Buhrmaster wrote:
> (the time has finally arrived)
> Obligatory xkcd ref:  https://xkcd.com/865/

Just how many nanobots can dance on the head of a pin?
- Brian

Re: 48vDC Output UPS

[Brian Kantor]

On Fri, Dec 29, 2017 at 04:58:02PM -0800, Lewis,Mitchell T. wrote:
> Greetings again, 
> I have been looking for a Rack Mount UPS that accepts AC power input but has 
> 48vdc output(telco voltage). Anyone have any recommendations? 
> Regards, 
> Mitchell T. Lewis 
> [ mailto:mle...@techcompute.net | mle...@techcompute.net ] 
> [ http://linkedin.com/in/mlewiscc ] |203-816-0371 
> PGP Fingerprint: 79F2A12BAC77827581C734212AFA805732A1394E [ 
> https://pgp.mit.edu/pks/lookup?op=get=0x2AFA805732A1394E | Public PGP 
> Key ] 

A word of caution (I was bitten by this): in many data centers,
the USA National Electrical Code requires that UPS units be
connected to the Emergency Power Off system so that in case of
emergency the UPS will shut off too.  Many of the less expensive
UPS units do not have EPO shutdown capability, and it usually
takes an electrician to wire it up when they do.  

There are also NEC regulations regarding batteries.
- Brian

Re: Suggestions for a more privacy conscious email provider

[Brian Kantor]

On Wed, Dec 06, 2017 at 04:26:00PM -0500, Rich Kulawiec wrote:
> On Wed, Dec 06, 2017 at 12:29:30PM -0500, Gordon Ewasiuk via NANOG wrote:
> > and an online form where you can report EC2 abusers:
> > https://aws.amazon.com/forms/report-abuse
> 
> 1. Used it (and the abuse@ address).  Either (a) no response and/or (b)
> boilerplate response.  No responses indicating that reports were read and
> understood by a human.  No responses indicating any action taken, whether
> reactive or proactive.  No apparent change in observed attacks/abuse.
> 
> 2. Y'know, if I can see attacks/abuse arriving at networks/systems
> that I run, then surely they can see it leaving networks/systems that
> they run.  The same data is available to them as is available to me,
> and I have absolutely no trouble noticing it.  Why don't they see it and
> do something about it even before I (or anybody else) has the chance to
> report it?  Better yet, why not study the large-scale patterns over time
> and proactively address it?  (In fairness, the SMTP rate-limit described
> inter alia is exactly the sort of thing that would be part of this,
> and it's good that they're doing that.)
> 
> ---rsk

For the largest players, I can see no economic advantage in being a good
network neighbor, and plenty of cost (salaries, equipment) to do so.

Until that situation is reversed, even the most conscientious network
engineer will have great difficulty to get management to go along with
being a good guy.

I liken it to dumping toxic waste.  Clearly it was a better deal for a
company to just dump its toxic waste instead of pay for proper dispoal,
until large government fines forced a change in the practice.

The solution is to somehow make bad behaviour expensive.
- Brian

Re: Incoming SMTP in the year 2017 and absence of DKIM

[Brian Kantor]

As I see it, the problem isn't with DKIM, it's with the
implementation of DMARC and other such filters.  Almost all
of them TEST THE WRONG FROM ADDRESS.  They compare the Author's
address (the header From: line) instead of the Sender's address,
(the SMTP Mail From: transaction or Sender: header line).

For personal mail, these are almost always the same, but for
properly-functioning mailing lists, the Author address is the
email address of the person submitting the posting to the mailing
list, and the Sender address is the error-return ("bounce") address
of the mailing list.

If the filter checked the Sender address of mail instead of the
Author address, mailing lists wouldn't be broken!
- Brian


On Wed, Nov 29, 2017 at 10:12:05AM -0800, Michael Thomas wrote:
> I've been saying for years that it should be possible to create the concept
> of DKIM-friendly mailing lists. In such
> a case, you could have your nines. Until then, the best you can hope for is
> the list re-signing the mail and blaming
> the list owner instead.
> 
> Mike

Re: Looking for a contact with clue at Choopa/Reliablesite network engineering

[Brian Kantor]

The most recent contact I have had with Vultr (parent of Choopa) is
Richard Simpliciano , who a week ago signed
his note as "network administrator".  He was checking with me as to
whether a customer of theirs was authorized to have Vultr announce one
of our prefixes, so he might be the right person to contact.
- Brian


On 13/10/2017 05:56, Paul S. wrote:
>Hi nanog,
>
>Choopa/reliablesite is announcing our IP space, and despite repeated
>requests from us, they are refusing to withdraw the announcements.
>
>Can someone with clue from this contact me? Does anyone know someone at
>Choopa neteng?
>
>Their abuse desk has so far proved useless.
>

Re: RFC 1918 network range choices

[Brian Kantor]

On Thu, Oct 05, 2017 at 03:04:42PM -0400, valdis.kletni...@vt.edu wrote:
> Can't speak t the ASICs, but CIDR existed, even if your vendor was behind the
> times and still calling stuff class A/B/C. (Such nonsense persisted well into
> this century). Check the dates...

The concept of using a number-of-bits to describe
what is now called CIDR existed as early as 1987:

http://www-mice.cs.ucl.ac.uk/multimedia/misc/tcp_ip/8706.mm.www/0011.html

- Brian