Re: CloudFlare Issues?

[Coy Hile]

> On Jul 17, 2020, at 5:38 PM, Chris Grundemann  wrote:
> 
> Looks like there may be something big up (read: down) at CloudFlare, but 
> their status page is not reporting anything yet.
> 
> Am I crazy? Or just time to give up on the internet for this week?
> 
> 

You’re not crazy. I’m seeing the same behavior (still unable to get back into a 
few Discord servers) from Comcast in the Philly area. 

--
Coy Hile
coy.h...@coyhile.com

Re: rack rails

[Coy Hile]

> On Mar 30, 2020, at 5:24 PM, Karsten Elfenbein  
> wrote:
> 
> Hi,
> 
> something like https://www.opencompute.org/projects/rack-and-power
> comes into my mind for that.
> Mounting on 4 posts should be the default. It is insane what some
> vendors want to mount on 2 posts only.
> 

That brings up an interesting question. As I understand it, the penchant for 
two-post mounts come from what are at least colloquially termed telco racks 
that are or were common when you had tons of modem banks and such. Are such 
mounts — much like DC power — still quite common in the service provider space, 
or do most use more or less normal racks? (That said, the 750mm wide (29.5in) 
racks that actually have room for high density cables inside the rack seem much 
more useful for a networking application than the 600mm wide version.)



--
Coy Hile
coy.h...@coyhile.com

Re: Hi-Rise Building Fiber Suggestions

[Coy Hile]

On 2020-02-26 11:14, Randy Bush wrote:

We use plenty of multi-mode, but only in the data centre, between our
own kit, for racks within the same cage.


so you have to stock both single and multi?  hmmm

randy


I'd expect that from the ToR -> Servers would be MMF, but that other 
infrastructure cabling would be SMF.
Even using aftermarket optics, putting single-mode transceivers in every 
server and access port would quickly become cost-prohibitive, would it 
not?


--
Coy Hile
coy.h...@coyhile.com

Re: Benefits (and Detriments) of Standardizing Network Equipment in a Global Organization

[Coy Hile]

Why would one not set everything that's not an eyeball workstation to UTC and 
be done with it?

Sent from my iPad

> On Jan 5, 2017, at 19:30, Tim McKee  wrote:
> 
> Try times between Rio (Brasil) and Eastern US...  depending on the date there 
> are 4 different possible offsets...
> 
> 
> On Thu, 2016-12-29 at 21:47 -0800, Scott Weeks wrote:
> 
> 
> 
> :: and minimal time zones (still 5 hours
> :: between New York and Hawaii though).
> 
> 
> Apologies, I can't resist. :) Sometimes
> it's 6 hours and some times it's 5
> between Hawaii and the East Coast.
> Hawaii is *always* -10 GMT.  We don't
> do daylight savings time.
> 
> scott
> 
> 
> 
> 

RE: Webmail / IMAPS software for end-user clients in 2016

[Coy Hile]

I like horde (with dove cot doing imaps) because it speaks ActiveSync  
natively. 



Sent via the Samsung GALAXY S® 5, an AT 4G LTE smartphone

 Original message 
From: alvin nanog 
Date: 6/8/2016  21:37  (GMT-05:00)
To: eric.kuh...@gmail.com
Cc: nanog@nanog.org
Subject: Re: Webmail / IMAPS software for end-user clients in 2016



hi ya

On 06/08/16 at 06:06pm, Eric Kuhnke wrote:

If you had to put up a public facing webmail interface for people to use,
and maintain it for the foreseeable future (5-6 years), what would you use?

Roundcube?
https://roundcube.net/

- good


Rainloop?
http://www.rainloop.net/

- never used
- w/o db support, how you maintain a (real) list of x,000 users and pwd


Something else?


http://squirrlemail.org
- good

http://openwebmail.org/
- least effort to get webmail running ( esp if time is limited )

http://horde.org
- possibly confusing install process

-
imaps from doveocot.org
( note differences between dovecot-1.x vs dovecot-2.x )


Requirements:
Needs to be open souce and GPL, BSD or Apache licensed

Email storage will be accessed via IMAP/TLS1.2

Runs on a Debian based platform with apache2 or nginx

Desktop browser CSS and mobile device CSS/HTML functionality on 4" to 7"
size screens with Chrome and Safari


- you probably want support for your favorite sql app
- you probably want support for your favorite anti-virus app
- you probably want support for your favorite anti-spam app

http://networknightmare.net/WebMail/

magic pixie dust
alvin
# DDoS-Mitigator.net
#

Re: Book / Literature Recommendations

[coy . hile]

Everything Stevens wrote. Including newer editions since his passing. Bill kept 
him listed as first author on the new edition of APUE for a reason.

Sent from my iPhone

 On Sep 16, 2014, at 5:04, Roland Dobbins rdobb...@arbor.net wrote:
 
 
 On Sep 16, 2014, at 3:48 PM, James Bensley jwbens...@gmail.com wrote:
 
 What is the single best book you have read on networking?
 
 Impossible to answer with just one, really.
 
 Apart from the classics like Stevens and Perlman and Halabi and McPherson and 
 Doyle, these two:
 
 http://www.ciscopress.com/store/router-security-strategies-securing-ip-network-traffic-9781587053368
 
 http://www.ciscopress.com/store/mpls-vpn-security-9781587051838
 
 --
 Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com
 
   Equo ne credite, Teucri.
 
 -- Laocoön
 

Re: Comcast Outages?

[coy . hile]

In the Philly area (lower bucks for the locals), we were down most all of 
Tuesday, but back up sometime between 2300 Tuesday and 0700 Wednesday when I 
next logged in.

Sent from my iPhone

 On Jul 10, 2014, at 8:55, Jim Jagielski j...@jagunet.com wrote:
 
 In NE Maryland, Comcast has been down for 36hours. No idea how
 widespread that is.
 
 On Thu, Jul 10, 2014 at 08:39:29AM -0400, Tom Morris wrote:
 I had lightning strikes ditch my fiber connections twice yesterday, but you
 can't blame the network on the big angry hammer of Thor.
 
 At least the poor guy who was directly below where lightning nailed our
 site was already on the toilet..!!
 On Jul 10, 2014 3:16 AM, Kraig Beahn kr...@l2net.com wrote:
 
 Anyone in the SE seeing and/or hearing of any massive Comcast outages
 regionally?
 
 (Fiber, Voice  DOCSIS modems from Atlanta, GA to Tallahassee, FL and in
 some select areas Jacksonville, FL...)
 
 -- 
 ===
   Jim Jagielski   [|]   j...@jagunet.com   [|]   http://www.jaguNET.com/
Great is the guilt of an unnecessary war  ~ John Adams

Re: CARISIRT: Yet Another BMC Vulnerability

[Coy Hile]

On Jun 19, 2014, at 7:41 PM, Markus unive...@truemetal.org wrote:

 http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/
 
 = simple telnet commands displays passwords of BMCs. Damn Supermicro, please 
 hire some new programmers! :(
 

And here I was hoping it would be something useful like a vulnerability that 
would put BMC (the company) out of business!  Don’t get my hopes up like that!

More reason that one shouldn’t make his OOB net generally accessible.





smime.p7s
Description: S/MIME cryptographic signature

Re: ipmi access

[coy . hile]

Multiple points of entry into the VPN mesh? When you need to muck with 
concentratorA's ipmi, use b, c, or d.

Sent from my iPhone

On Jun 2, 2014, at 8:26, Randy Bush ra...@psg.com wrote:

 I use OpenVPN to access an Admin/sandboxed network with insecure portals,
 wiki, and ipmi.
 
 h.  'cept when it is the openvpn server's ipmi.  but good hack.  i
 may use it, as i already do openvpn.  thanks.
 
 randy

Re: Observations of an Internet Middleman (Level3) (was: RIP Network Neutrality)

[coy . hile]

It could be worse! Somebody might have thrown a 'v1' in there, too, Joel!

Sent from my iPhone

 On May 13, 2014, at 8:08, Joel M Snyder joel.sny...@opus1.com wrote:
 
 Shouldn't there be a rule against using RIP in the subject line of a 
 NANOG post?
 
 Every time I see that, a shudder goes down *my* spine.
 
 jms
 
 -- 
 Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
 Senior Partner, Opus One   Phone: +1 520 324 0494
 j...@opus1.comhttp://www.opus1.com/jms

Re: Console Server Recommendation

[Coy Hile]

 Avocent Cyclades ACS uses Cat5 straight through cables to Cisco consoles.

 I use them in our lab and production sites.


I personally use these as well; so does work.  There's a dongle for some
things like the older Sun Netra devices that used an RJ45 console connector.

One of the nicest features of the ACS boxes over my previous solution (old
cisco router with octopus cables) is the ability to share sessions.  Very
useful if I switch from my desktop to my laptop, for example.

Re: EV SSL Certs

[Coy Hile]

 On Sun, Sep 11, 2011 at 9:08 PM, Christopher Morrow
 morrowc.li...@gmail.com wrote:

 what's the real benefit of an EV cert? (to the service owner, not the
 CA, the CA benefit is pretty clearly $$)

 The benefit is to the end user.
 They see a green address bar  with the company's name displayed.

 Yeah, company's name displayed -- individuals cannot apply for EVSSL certs.


 With normal certs, the end user doesn't see a green address bar, and
 instead of the company's
 name displayed (unknown) is displayed and
 This web site does not supply ownership information.  is displayed.

 If you ask me, hiding the company's name even when present on a non-EVSSL
 cert is tantamount to saying  Only EV-SSL certs are really trusted anyways.

 So maybe  instead of these shenanigans browser makers should have just
 started displaying a don't trust this site warning for any non-EVSSL cert.


As an academic aside, exactly what would one set on his (internal)
root CA so that internally-trusted certs signed by that CA would show
up as EV certs?

Re: NANOG Digest, Vol 43, Issue 53

[Coy Hile]

 Date: Fri, 12 Aug 2011 20:49:48 -0400
 From: Alex Rubenstein a...@corp.nac.net
 I am in the process of building a house. I designed a room that can 
 accommodate three 24 x 36 inch cabinets or four post racks. I will likely 
 install a APC 2200 watt UPS in the bottom of two of the racks, and the third 
 will be a cross-connect field, patch panels, etc.

 The room will have a small, ductless ac unit, maybe a ton or a little more, 
 which should be good for about 3 to 5 kw of load.

 The house is backed up by a 48 kw genset with an auto transfer switch.

 The weakness will be only one provider of connectivity.


Damn, and people claim I'm nuts!

You know, you could go whole hog and multihome.

I've got 1 cabinet and 1 two-post rack in the basement.  I'm also
building out a small patch panel in a closet on the second floor.

That way, I don't have to do so many home-runs from the wall ports in
the living spaces back down to the basement.

-Coy

Re: NANOG Digest, Vol 39, Issue 52

[Coy Hile]

 Rotating shifts between daytime and nighttime is a horrible thing to
 do to your workers, both for their health and their attention span.


I wonder how well something like the following would work (seen in
paid fire/EMS circles):

24 on, 48 off.

But staff those 24 shifts with maybe 20% more than actually needed to
provide minimum coverage.

Of course, that all assumes that you can trust your guys to  work out
the dynamics of hey, you watch for the next 30 while I take a break.

-c

RE: racktables

[Coy Hile]

I've seen racktables mentioned recently in an IP Address management thread.  Do 
people use the stable version (0.17) or the beta (0.18mumble)?