RE: Verizon Email to SMS gateway

[Eric Tykwinski via NANOG]

As a side note, will the email to text gateways be subject to the FCC's A2P 
10DLC registration requirements?
I'm wondering if that's part of the reason for not officially supporting email 
to text.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> -Original Message-
> From: NANOG  On Behalf Of 
> Randy Carpenter
> Sent: Thursday, November 17, 2022 12:09 PM
> To: Justin H. 
> Cc: NANOG 
> Subject: Re: Verizon Email to SMS gateway
>
>
> We did a few months back and were told that they are no longer officially 
> supporting it. It may have to do with the volume that is being sent, > 
> particularly from a single IP address.
>
> We moved to using Twilio's API and it has been much more solid.
>
>
> thanks,
> -Randy
>
>
> - On Nov 17, 2022, at 11:56 AM, Justin H. justindh...@gmail.com wrote:
>
> > Anyone else seeing massive delays in Verizon's email to SMS gateway 
> > lately?  I'm seeing delays on emails to @vtext and @vzwpix addresses 
> > at anywhere form 45 minutes to 12 hours.
> > 
> > Justin H.

Re: email spam

[Eric Tykwinski]

Sorry about the bad examples, but I remember contacting both about issues with 
SPF multiple times.  They both have seemed have to fixed things at least 
searching my logs for the last week.  Most of my customers have had to 
whitelist them though for past issues. It’s also ezpassnj.com for the NJ 
collection.  Point still stands, assume incompetence over malice.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Aug 23, 2022, at 10:20 PM, Eric Tykwinski  wrote:
> 
> Bill,
> 
> Not only that, did they even follow their own rules, I’ve been fighting with 
> septa.org <http://septa.org/>, the Pennsylvania train authority, and 
> easypassnj.com <http://easypassnj.com/>, the New Jersey transit toll 
> collectors about invalid SPF records for years, and they literally don’t give 
> a shit.  If they say to put it in spam, well than that is their own fault.
> 
> Sincerely,
> 
> Eric Tykwinski
> TrueNet, Inc.
> P: 610-429-8300
> 
>> On Aug 23, 2022, at 10:00 PM, Suresh Ramasubramanian > <mailto:ops.li...@gmail.com>> wrote:
>> 
>> Without saying why the mail was blocked (dumb content filter looking for 
>> porn? a spamhaus listing because the police server was hacked? something 
>> else?) that’s not going to help too much.
>> 
>> I’ve been spam filtering stuff at large providers since the late 90s and it 
>> never gets any easier to block 100% spam or let 100% legit mail through.
>> 
>> —srs
>> 
>> --srs
>> From: NANOG > <mailto:nanog-bounces+ops.lists=gmail@nanog.org>> on behalf of William 
>> Herrin mailto:b...@herrin.us>>
>> Sent: Wednesday, August 24, 2022 7:03:52 AM
>> To: nanog@nanog.org <mailto:nanog@nanog.org> > <mailto:nanog@nanog.org>>
>> Subject: email spam
>>  
>> Hello,
>> 
>> To folks at places like Google and Godaddy which have gotten, shall we
>> say, overzealous about preventing spam from entering their systems,
>> consider the risk:
>> 
>> https://www.washingtonpost.com/education/2022/08/23/fairfax-county-counselor-solicitation-minor/
>>  
>> <https://www.washingtonpost.com/education/2022/08/23/fairfax-county-counselor-solicitation-minor/>
>> 
>> "Chesterfield County police said emails notifying Fairfax County
>> Public Schools that an employee was arrested and charged with
>> soliciting prostitution from a minor were not delivered to the school
>> system."
>> 
>> Long story short, the pedo kept his school job another year and a half.
>> 
>> There was once a time when both the outbound emails and the bounce
>> messages when they failed... worked. It was a spammy place but the
>> important emails got through.
>> 
>> Regards,
>> Bill Herrin
> 

Re: email spam

[Eric Tykwinski]

Bill,

Not only that, did they even follow their own rules, I’ve been fighting with 
septa.org, the Pennsylvania train authority, and easypassnj.com, the New Jersey 
transit toll collectors about invalid SPF records for years, and they literally 
don’t give a shit.  If they say to put it in spam, well than that is their own 
fault.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Aug 23, 2022, at 10:00 PM, Suresh Ramasubramanian  
> wrote:
> 
> Without saying why the mail was blocked (dumb content filter looking for 
> porn? a spamhaus listing because the police server was hacked? something 
> else?) that’s not going to help too much.
> 
> I’ve been spam filtering stuff at large providers since the late 90s and it 
> never gets any easier to block 100% spam or let 100% legit mail through.
> 
> —srs
> 
> --srs
> From: NANOG  on behalf of 
> William Herrin 
> Sent: Wednesday, August 24, 2022 7:03:52 AM
> To: nanog@nanog.org 
> Subject: email spam
>  
> Hello,
> 
> To folks at places like Google and Godaddy which have gotten, shall we
> say, overzealous about preventing spam from entering their systems,
> consider the risk:
> 
> https://www.washingtonpost.com/education/2022/08/23/fairfax-county-counselor-solicitation-minor/
>  
> <https://www.washingtonpost.com/education/2022/08/23/fairfax-county-counselor-solicitation-minor/>
> 
> "Chesterfield County police said emails notifying Fairfax County
> Public Schools that an employee was arrested and charged with
> soliciting prostitution from a minor were not delivered to the school
> system."
> 
> Long story short, the pedo kept his school job another year and a half.
> 
> There was once a time when both the outbound emails and the bounce
> messages when they failed... worked. It was a spammy place but the
> important emails got through.
> 
> Regards,
> Bill Herrin

Re: "Permanent" DST

[Eric Tykwinski]

What I don’t understand, is why change time, just change working hours.  
I’m all for giving up the time change, but the standard should probably still 
be UTC offset.
If you work 9-5, change it to 10-6.  Every company can post working hours on 
their website.
Obviously for most of us, it’s a moot point.

P.S.  Anyone working at NIST or a similar org probably needs a raise for 
dealing with all the exceptions.

> On Mar 15, 2022, at 4:16 PM, Joly MacFie  wrote:
> 
> WaPo has a been there done that item today.
> 
> https://www.washingtonian.com/2022/03/15/the-us-tried-permanent-daylight-saving-time-in-the-70s-people-hated-it/
>  
> 
> 
> On Tue, Mar 15, 2022 at 3:11 PM Jay R. Ashworth  > wrote:
> In a unanimous vote today, the US Senate approved a bill which would
> 
> 1) Cancel DST permanently, and
> 2) Move every square inch of US territory 15 degrees to the east.
> 
> My opinion of this ought to be obvious from my rhetoric.  Hopefully, it will
> fail, because it's likely to be the end of rational time worldwide, and even
> if you do log in UTC, it will still make your life difficult.
> 
> I'm poleaxed; I can't even decide which grounds to scream about this on...
> 
> Hopefully, the House or the White House will be more coherent in their
> decision on this engineering construct.
> 
> Cheers,
> -- jra
> 
> -- 
> Jay R. Ashworth  Baylink   
> j...@baylink.com 
> Designer The Things I Think   RFC 2100
> Ashworth & Associates   http://www.bcp38.info 
>   2000 Land Rover DII
> St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 1274
> 
> 
> -- 
> --
> Joly MacFie  +12185659365 
> --
> -

Re: atmark trading

[Eric Tykwinski]

> On Aug 22, 2020, at 4:53 PM, Bryan Holloway  wrote:
> 
> It's not sales; it's some dumb mailing list managed by "Soundest", which is 
> now owned by "Omnisend", which sounds even less fun than its predecessor.
> 
> Atmark's web-site has no contacts or management information listed other than 
> "info@", otherwise I would do what you suggest.
> 
> I don't have the patience to call their 800 number and talk to someone who 
> has zero interest in getting me off of their mailing-list, assuming the drone 
> has even an inkling of what I'm talking about.
> 

Dumb question, but if it’s a mailman or similiar list does it have unsubscribe 
headers?
List-Unsubscribe: <https://mailman.nanog.org/mailman/options/nanog>
List-Unsubscribe: <mailto:nanog-requ...@nanog.org?subject=unsubscribe>
List-Subscribe: <https://mailman.nanog.org/mailman/listinfo/nanog>, 
<mailto:nanog-requ...@nanog.org?subject=subscribe>

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

Re: cloud backup

[Eric Tykwinski]

I’m in the same boat, and sadly I still run VoIP for my house because why not…
I hate the canary in networking with a passion, but still I find it’s internal 
problems 99% of the time and I still have to deal with it.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Jul 26, 2020, at 6:45 PM, Michael Thomas  wrote:
> 
> 
> On 7/26/20 3:30 PM, Randy Bush wrote:
>> well, i was once given a tee shirt which said
>> 
>>   "i may have helped build the information
>>superhighway, but i can not drive a car" :)
>> 
> When I was working on carrier VoIP in the early days at Cisco, i was like 
> "wait, why am i doing this? i don't even like phones."
> 
> Mike
> 

Re: Huawei on Mount Everest

[Eric Tykwinski]

Honestly, being an amateur rock climber, I’m in the same boat, but how the hell 
are they going to get power up there for dependability.
Solar power sure is a great option, but I was under the assumption that repairs 
will be hell to put it bluntly.
Batteries in that cold of a climate is also a regular trip. which doesn’t seem 
feasible, unless there’s something I don’t know.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On May 1, 2020, at 2:07 PM, Aaron Gould  wrote:
> 
> You made me curious...
> 
> https://en.wikipedia.org/wiki/List_of_people_who_died_climbing_Mount_Everest
> 
> wow, I guess it would be great to be able to use cell/gps technology to 
> communicate with and track a lost/endangered climber
> 
> 
> -Original Message-
> From: NANOG [mailto:nanog-bounces+aaron1=gvtc@nanog.org] On Behalf Of 
> John Levine
> Sent: Friday, May 1, 2020 12:58 PM
> To: nanog@nanog.org
> Subject: Re: Huawei on Mount Everest
> 
> In article 
>  you 
> write:
>> -=-=-=-=-=-
>> 
>> https://telecoms.com/504051/huawei-and-china-mobile-stick-a-5g-base-station-on-mount-everest/
>> 
>> Why dont we leave the Everest alone? OTOH, we can now have tiktok
>> videos and latest instagram posts from the summit.
> 
> Given how dangerous the ascent is, I would think it would be a good
> thing for climbers to be able to check in and say whether they are OK.
> 
> I agree it's mostly a publicity stunt, though.
> 
> 

Re: Practical guide to predicting latency effects?

[Eric Tykwinski]

There is still one in XCode tools.  It’s a alternate download: 
https://developer.apple.com/download/more/?q=Additional%20Tools%20for%20Xcode 
<https://developer.apple.com/download/more/?q=Additional%20Tools%20for%20Xcode>
Of course this is limited to OSX, but it’s there.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Apr 8, 2020, at 10:33 PM, Lee  wrote:
> 
> On 4/7/20, Adam Thompson  wrote:
>> I’m looking for a practical guide – i.e. specifically NOT an academic paper,
>> thanks anyway – to predicting the effect of increased (or decreased) latency
>> on my user’s applications.
>> 
>> Specifically, I want to estimate how much improvement there will be in
>> {bandwidth, application XYZ responsiveness, protocol ABC goodput, whatever}
>> if I decrease the RTT between the user and the server by 10msec, or by
>> 20msec, or by 40msec.
>> 
>> My googling has come up with lots of research articles discussing
>> theoretical frameworks for figuring this out, but nothing concrete in terms
>> of a calculator or even a rule-of-thumb.
> 
> There used to be network simulators that claimed to figure that out for you - 
> eg
> https://opnetmodeler.wordpress.com/
>  "Predict application performance using real traffic in a simulated mode"
> 
> I suspect all that died after encryption became the norm, since you
> have to be able to see and understand what's going on before you can
> predict what will happen after changing the network.  Take a look at
> https://www.cse.wustl.edu/~jain/cse567-08/ftp/simtools/index.html
>  the date is 2008 and all the references are http://xxx  (or maybe I
> can't search worth beans & missed all the current references)
> 
> Or maybe simulation just got too expensive?  I vaguely recall sitting
> through a few OPNET sales pitches in the early 2000s & people getting
> excited about the product until they found out how much it cost :(
> 
> Regards,
> Lee
> 
> 
>> 
>> Ultimately, this goes into MY calculator – we have the usual north-american
>> duopoly on last-mile consumer internet here; I’m connected directly to only
>> one of the two.  There’s a cost $X to improve connectivity so I’m peered
>> with both, how do I tell if it will be worthwhile?
>> 
>> Anyone got anything at all that might help me?
>> 
>> Thanks in advance,
>> -Adam
>> 
>> Adam Thompson
>> Consultant, Infrastructure Services
>> [[MERLIN LOGO]]<https://www.merlin.mb.ca/>
>> 100 - 135 Innovation Drive
>> Winnipeg, MB, R3T 6A8
>> (204) 977-6824 or 1-800-430-6404 (MB only)
>> athomp...@merlin.mb.ca<mailto:athomp...@merlin.mb.ca>
>> www.merlin.mb.ca<http://www.merlin.mb.ca/>
>> 
>> 

Re: Practical guide to predicting latency effects?

[Eric Tykwinski]

The only informal paper I remember is Stuart Cheshire’s It’s the latency, 
stupid…
http://www.stuartcheshire.org/rants/Latency.html 
<http://www.stuartcheshire.org/rants/Latency.html>

Given it’s from the dialup days, but latency is still the same just a lot lower.

I would thing I would recommend now is checking out SRE docs as well for 
application latency it's not network related, but does affect performance.
https://landing.google.com/sre/sre-book/toc/ 
<https://landing.google.com/sre/sre-book/toc/>

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Apr 8, 2020, at 6:36 PM, Jakob Heitz (jheitz) via NANOG  
> wrote:
> 
> My data point:
> 
> I'm working from home. My computer is connected through company VPN, over 
> wifi to Comcast.
> Comcast speed test says 18mS.
> I use VNC and Webex with voice and video through the computer.
> VNC response time and voice delay is not noticeable.
> 
> Regards,
> Jakob.
> 
> -Original Message-
> Date: Tue, 7 Apr 2020 22:52:18 +
> From: Adam Thompson 
> 
> I’m looking for a practical guide – i.e. specifically NOT an academic paper, 
> thanks anyway – to predicting the effect of increased (or decreased) latency 
> on my user’s applications.
> 
> Specifically, I want to estimate how much improvement there will be in 
> {bandwidth, application XYZ responsiveness, protocol ABC goodput, whatever} 
> if I decrease the RTT between the user and the server by 10msec, or by 
> 20msec, or by 40msec.
> 
> My googling has come up with lots of research articles discussing theoretical 
> frameworks for figuring this out, but nothing concrete in terms of a 
> calculator or even a rule-of-thumb.
> 
> Ultimately, this goes into MY calculator – we have the usual north-american 
> duopoly on last-mile consumer internet here; I’m connected directly to only 
> one of the two.  There’s a cost $X to improve connectivity so I’m peered with 
> both, how do I tell if it will be worthwhile?
> 
> Anyone got anything at all that might help me?
> 
> Thanks in advance,
> -Adam
> 
> Adam Thompson
> Consultant, Infrastructure Services
> [[MERLIN LOGO]]<https://www.merlin.mb.ca/>
> 100 - 135 Innovation Drive
> Winnipeg, MB, R3T 6A8
> (204) 977-6824 or 1-800-430-6404 (MB only)
> athomp...@merlin.mb.ca<mailto:athomp...@merlin.mb.ca>
> www.merlin.mb.ca<http://www.merlin.mb.ca/>
> 

Re: South Africa On Lockdown - Coronavirus - Update!

[Eric Tykwinski]

I guess I wasn’t as detailed as should be, multi factor authentication should 
hopefully have 1 standard which will work for everything.  So we have an app on 
our phone to authenticate after a username/password which give a 6 digit key, 
or we use a hardware based key to sign a OTP.  Really either doesn’t matter, 
but trying to get endu sers to switch between each for every login is going to 
hamper acceptance in the large scale.

MailOps, would probably the best example, as the spam is generated simply from 
usually not having anything because it’s just too difficult to implement.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Mar 23, 2020, at 6:02 PM, Tom Beecher  wrote:
> 
> I see no possible future outcome in which "one simple authentication 
> mechanism" could ever be remotely close to reasonably secure. 
> 
> 
> 
> On Mon, Mar 23, 2020 at 5:57 PM Eric Tykwinski  <mailto:eric-l...@truenet.com>> wrote:
> I think that’s the major sticky point, I would hope we could all agree on one 
> thing, but that also leaves one entry point of failure.  Hopefully we can all 
> agree that FIDO2, OAUTH2, et al, with be a winner in the long run so 
> everything can just use one simple authentication mechanism.
> 
> Sincerely,
> 
> Eric Tykwinski
> TrueNet, Inc.
> P: 610-429-8300
> 
>> On Mar 23, 2020, at 5:23 PM, Mark Tinka > <mailto:mark.ti...@seacom.mu>> wrote:
>> 
>> 
>> 
>> On 23/Mar/20 22:39, Keith Medcalf wrote:
>> 
>>> Hardware tokens are nothing more than dedicated hardware TOTP devices with 
>>> perhaps a few additional parameters programmed at manufacturing time.  
>>> Example, RSAID keyfobs are nothing more than TOTP generators with 
>>> manufacturer programmed secrets and dedicated clock and display hardware 
>>> with no external interface which permits access to the secret.
>> 
>> For some of my banks, OTP tokens are issued via their device apps. I
>> used to have physical key fobs for that; those are now gone.
>> 
>> Admittedly, not all of my banks have made the transition. On the other
>> hand, many of the banks have moved on to support Face ID and QR code
>> verification via device apps.
>> 
>> Not specific to VPN access management, but in the same vein.
>> 
>> Mark.
> 

Re: South Africa On Lockdown - Coronavirus - Update!

[Eric Tykwinski]

I think that’s the major sticky point, I would hope we could all agree on one 
thing, but that also leaves one entry point of failure.  Hopefully we can all 
agree that FIDO2, OAUTH2, et al, with be a winner in the long run so everything 
can just use one simple authentication mechanism.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Mar 23, 2020, at 5:23 PM, Mark Tinka  wrote:
> 
> 
> 
> On 23/Mar/20 22:39, Keith Medcalf wrote:
> 
>> Hardware tokens are nothing more than dedicated hardware TOTP devices with 
>> perhaps a few additional parameters programmed at manufacturing time.  
>> Example, RSAID keyfobs are nothing more than TOTP generators with 
>> manufacturer programmed secrets and dedicated clock and display hardware 
>> with no external interface which permits access to the secret.
> 
> For some of my banks, OTP tokens are issued via their device apps. I
> used to have physical key fobs for that; those are now gone.
> 
> Admittedly, not all of my banks have made the transition. On the other
> hand, many of the banks have moved on to support Face ID and QR code
> verification via device apps.
> 
> Not specific to VPN access management, but in the same vein.
> 
> Mark.

Re: South Africa On Lockdown - Coronavirus - Update!

[Eric Tykwinski]

I’ve already been playing with YubiKeys, but sadly Google Titan wouldn't work 
with Windows Hello.  
Might be something I was doing wrong...

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Mar 23, 2020, at 4:21 PM, Peter Beckman  wrote:
> 
> Software-based TOTP offer more security than no one-time passwords, but
> admittedly less than the physical tokens. Google Authenticator, Authy,
> 1Password, LastPass all support TOTP.
> 
> On Mon, 23 Mar 2020, Alexandre Petrescu wrote:
> 
>> I dont know where are people about supporting VPN and one-time passwords on 
>> tokens.
>> 
>> At my work place a few people dont have tokens (OTP - One Time PAsswords).  
>> The reserve of these tokens has been exhausted.  NEw ones are being on 
>> order.  Until then some people cant get on VPN.
>> 
>> Some people forgot their token on their desk and had to to travel to office 
>> to get it, a thing not good to do to go to office now.
>> 
>> Some (not sure) might have issues with syncing these devices.  An OTP token 
>> has a certain skew about clock, and a battery that lasts long. Hopefully, 
>> one's token has been synchronised recently and the battery is new.  The 
>> length of time one cant go to office might be anywhere between 21 days 
>> (announced) and 2 months (experrience eg in Wuhan still closed).  Some times 
>> the synching of clock can be performed remotely, and some 'coin' batteries 
>> can be replaced by the person with skill and tools, could be extracted from 
>> a quartz watch for example.
>> 
>> An OTP device can be of many kinds.  Some people keep OTPs on paper (I did 
>> some time ago).  Some OTP devices are like Japanese 'tamaguchi' format, 
>> others like a credit card format.
>> 
>> Alex, LF/HF 3
>> 
>> Le 23/03/2020 à 20:47, Mark Tinka a écrit :
>>> On 23/Mar/20 21:20, Peter Beckman wrote:
>>>> But also:
>>>> 
>>>> "The categories of people who will be exempted from this lockdown
>>>>  are... those involved in the production, distribution and supply
>>>>  of... telecommunications services"
>>>> 
>>>> 
>>>> https://www.cnbcafrica.com/news/2020/03/23/breaking-nationwide-lockdown-announced-in-south-africa/
>>>> I think most anyone on this list could be considered exempt.
>>>> I do hope the same will be true should our respective local and national
>>>> governments take similar action.
>>> Yes, a number of "essential services" have been identified as needing to
>>> continue to operate under special dispensation during the lockdown, and
>>> telecoms falls within that.
>>> The details of the implementation of the dispensation may be nuanced.
>>> Experience will tell us more in the coming days.
>>> Mark.
>> 
> 
> ---
> Peter Beckman  Internet Guy
> beck...@angryox.com http://www.angryox.com/
> ---

Re: Google and Coronavirus Tech Handbook

[Eric Tykwinski]

Alex, Rob,

So I advised to run through Qualsys’s SSL Test: 
https://www.ssllabs.com/ssltest/analyze.html?d=coronavirustechhandbook.com 
<https://www.ssllabs.com/ssltest/analyze.html?d=coronavirustechhandbook.com>
It’s pretty much fine, I did manually run though LibreSSL 2.6.5 with OSX 
10.14.6 and it errors out, but that’s usually an edge case.

eric$ openssl s_client -connect coronavirustechhandbook.com:443 -showcerts 
-tls1_2 -crlf
CONNECTED(0006)
4526024300:error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert 
handshake 
failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/ssl/ssl_pkt.c:1205:SSL
 alert number 40
4526024300:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake 
failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/ssl/ssl_pkt.c:585:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol  : TLSv1.2
Cipher: 
Session-ID: 
Session-ID-ctx: 
Master-Key: 
Start Time: 1584736646
Timeout   : 7200 (sec)
Verify return code: 0 (ok)
---

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Mar 20, 2020, at 4:34 PM, Alexandre Petrescu 
>  wrote:
> 
> please stop writing me private emails, thank you, with due politeness and 
> smiley :-)
> 
> 
> 
> Alex, LF/HF 2
> Le 20/03/2020 à 19:40, Rob Pickering a écrit :
>> 
>> 
>> On Fri, 20 Mar 2020 at 18:11, Alexandre Petrescu 
>> mailto:alexandre.petre...@gmail.com>> wrote:
>> CA==Certificate Authority
>> 
>> the browser makes me questions before allowing me to see the content, after 
>> I click the indicated URL
>> 
>> LF/HF
>> What root CA list are you using?
>> 
>> I'm not at all involved in their hosting, but it looks like they are sitting 
>> behind Cloudflare SSL which is trusted by the default CA list of the browser 
>> vendor on my desktop.
>> 
>> --
>> Rob Pickering, r...@pickering.org <mailto:r...@pickering.org>

Re: Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls

[Eric Tykwinski]

Totally agree with you there, I run a mail server/monitoring server on OVH.  
With TLSA records, DKIM, and MTA-STS, I’ll still see junk filters on it if I 
accidentally email someone other than myself.  Yes my space has been SWIP’d and 
I send so low email volume so it’s reputation would be neutral at best which 
very much justifies the spam filters due to OVH’s reputation.  Somehow I don’t 
think SHAKEN/STIR would be any different.

I wonder how far this would go on VoIP transit.  I purchase from voicetel.com 
<http://voicetel.com/> for my house, which purchases from some other providers, 
which probably aggregates to others.  It doesn’t seem like this is quite as 
easy as looking up a whois from ARIN.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Mar 7, 2020, at 7:46 PM, John R. Levine  wrote:
> 
>> Most DNS registers avoid verifying customer information as long as the 
>> payment clears (for a short time).  DKIM (and DNSSEC) is built on top of 
>> trusting tokens from third-parties which disclaim all liability.
> 
> Right.  The only promise that DKIM makes is that if you have a stream of mail 
> signed by the same domain, you can praise or blame the same entity for it.  
> It's a handle that recipient systems can use to build a reputation system, 
> not a whitelist.  DKIM has worked this way since 2006, the documentation is 
> entirely clear that's what it does, and I'm kind of surprised you haven't 
> gotten the memo.
> 
>> Phone companies and advertisers have already demonstrated they can't be 
>> trusted to act as third-party introducers.
> 
> No kidding.  I've talked to people at big telcos who are in the middle of 
> STIR/SHAKEN and they tell me they plan to use it pretty much the same way 
> that mail providers use DKIM.  Some senders will have a good reputation and 
> their calls will be delivered, some won't, and not so much. As with mail, it 
> also provides a handle to push back on people sending unwanted junk.
> 
>> Eventually we'll have STE/STU-equivalent end-to-end verification on our 
>> smartphones.
> 
> That's known not to work for e-mail spam, so I can't imagine why anyone would 
> expect it to work for phone calls.
> 
> Regards,
> John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for 
> Dummies",
> Please consider the environment before reading this e-mail. https://jl.ly

Re: What can ISPs do better? Removing racism out of internet

[Eric Tykwinski]

John,

Seriously, just quote so people don’t have to look it up.  Honestly, though 
others are probably right in that case law usually will over-ride written law 
due to our legal structure.

> On Aug 6, 2019, at 10:36 PM, John Levine  wrote:
> 
> In article <6956e76b-e6b7-409f-a636-c7607bfd8...@beckman.org> you write:
>> Mehmet,
>> 
>> I’m not sure if you understand the terms under which ISPs operate as “common 
>> carriers”, and thus enjoy immunity from lawsuits due to the acts of their 
>> customers.
> 
> ISPs in the U.S. are not carriers and never have been.  Even the ISPs
> that are subsidaries of telcos, which are common carriers for their
> telco operations, are not common carriers for their ISPs.
> 
> This should not come as surprise to anyone who's spent 15 minutes
> looking at the relevant law.
> 
> ISPs are probably protected by 47 USC 230(c)(1) but all of the case
> law I know is related to web sites or hosting providers.

[ (1)Treatment of publisher or speaker
 No provider or user of an interactive computer service shall be treated as the 
publisher or speaker of any information provided by another information content 
provider. ]

Sounds great on paper, but sort of caught backpage in a quondam, perhaps 
because they installed filters to begin with.
Technically, will anyone else booting customer’s for any offense of TOS be 
similar is still up for grabs, since it’s basically a political nightmare for 
lawyers right now.
Right or wrong in your philosophy you are basically screwed imho.  I guess 
that’s why Anne’s got a job...

* Seriously though I think we should probably put a discussion thread in here, 
it’s reminding me of outages saying me too.

RE: Twitter security team?

[Eric Tykwinski]

They also have a bug bounty program on HackerOne:
https://hackerone.com/twitter

> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of J. Hellenthal
> via NANOG
> Sent: Thursday, July 18, 2019 3:01 PM
> To: Ken Gilmour
> Cc: North Group
> Subject: Re: Twitter security team?
> 
> Or maybe a tweet to @twittersecurity
> 
> > On Jul 18, 2019, at 13:59, J. Hellenthal  wrote:
> >
> >
> > Yes/No ?
> >
> > https://help.twitter.com/en/rules-and-policies/reporting-security-
> vulnerabilities
> >
> >> On Jul 18, 2019, at 13:45, Ken Gilmour  wrote:
> >>
> >> Anyone on the list know how to contact the Twitter Security team?
> >>
> >> Seems the new update allows an attacker to modify other people's
tweets.
> The "Hackerone" form for reporting a vulnerability is the wrong form and
the
> "My account has been hacked" form is also the wrong form. The whole site
> has been compromised, I have evidence and can't contact anyone due to the
> lack of an appropriate form and the fact that the security@ email address
> doesn't work.
> >>
> >> Thanks!
> >

RE: Colo in Africa

[Eric Tykwinski]

One of my favorite sites to give people:
https://thetruesize.com/

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

_

From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Mark Tinka
Sent: Tuesday, July 16, 2019 12:51 PM
To: nanog@nanog.org
Subject: Re: Colo in Africa


Where, in Africa? It's not a small place...

Re: SSL VPN

[Eric Tykwinski]

> On Jun 13, 2019, at 2:32 PM, Randy Bush  wrote:
> 
>> OpenVPN in pfSense?
> 
> yep
> 
>> We run tons of these around the world.
> 
> i only do 0.5kg
> 
> wireguard, https://www.wireguard.com/, is simpler (always a good thing
> with security), and has had code looked at by some credible experts.
> 

This is the second time I’ve seen WireGuard this past week, and honestly sounds 
really promising.
I’m probably going to test out on VyOS since I know it has support, but any 
word on ASA or JunOS?
I.E. is this going to export to hardware since it’s in the kernel already?

> randy

Re: Spamming of NANOG list members

[Eric Tykwinski]

Rich,

Comment’s inline:

On May 24, 2019, at 5:58 PM, Rich Kulawiec  wrote
> On Fri, May 24, 2019 at 06:34:25PM +0300, Scott Christopher wrote:
>> https://marc.info/?l=nanog=1=2 and https://lists.gt.net/nanog/
>> mangle email addresses in the headers but do nothing about email addresses
>> that are quoted / attributed in the body.
> 
> 
> There is zero, as in 0.0, point in mangling/obfuscating/etc. email
> addresses in forlon and misguided and ultimately futile attempts to keep
> spammers from getting their hands on them.  I wrote about this extensively
> a few years ago so please let me cite myself in these two messages [1]:
> 
>   http://www.firemountain.net/pipermail/novalug/2014-July/041213.html
>   http://www.firemountain.net/pipermail/novalug/2014-August/041230.html
> 

I guess you don’t get Comcast abuse reports, below is an example:
"e7f05f85ba44ad3393e7b086eed202ee b2cca3a3ae3825c36999e12722e83830" 
, "Ed 
d95a762f93c99703afe76d25f1679ea4" 

Let me see you figure out who on a shared server sent that message, hell, it’s 
gmail.com and comcast.net so appears on the logs probably significantly on most 
single use corporate servers as well.

> On the other hand, there are a lot of reasons NOT to mangle/obfuscate/etc.
> email addresses, including the use of archives by people who come along
> later and are trying to track down authors of messages of interest.
> 

This I sort of agree with on the above example, at least to some extent.  FBL’s 
are meant to alert to issues, as far as tracking them down it’s more of the 
mail ops job, so they are sort of allowed to make it a PIMA to avoid causing 
more issues by confirming.

> ---rsk


Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

Re: Oracle DBA

[Eric Tykwinski]

> On Mar 13, 2019, at 7:12 PM, Ross Tajvar  wrote:
> 
> This is totally off-topic.

Yes and no.  Probably the wrong list: 
https://mailman.nanog.org/mailman/listinfo/jobs 

I think it’s a great idea to ask for/seek human resources, since they probably 
can be more cost effective than vendors at times.

That’s it’s in a DBA field, well that’s sort of off topic, but I’m sure we all 
know people in the field so it’s probably not the one’s reading it, but it can 
be forwarded.

RE: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking

[Eric Tykwinski]

> Nah, you know, that won't happen any time soon. Mozilla is busy doing other, 
> more important things, like streaming all of the users' DNS queries to 
> Cloudflare, etc. The plain old security doesn't count anymore.
>
> --
> Töma

This was sort of discussed awhile ago:
Adam Langley:
https://www.imperialviolet.org/2015/01/17/notdane.html

Dan York:
https://www.internetsociety.org/blog/2012/01/what-is-the-correct-user-experience-for-dnssec-in-a-web-browser/

I don't totally agree with it all, but at least it's been tested.

Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Eric Tykwinski]

In my opinion, the problem isn’t that great.  As others have stated, you can 
locally enforce only STARTTLS on the receive connector or send connector 
locally to ensure that only encrypted transmission occurs.  If the MTA doesn’t 
send/accept STARTTLS send an error message.  That the host name is given, 
doesn’t really matter as most MiTM will still see IP SRC and IP DST so that’s 
given that transmission occurred.  DNSSEC already will ensure the same IP, and 
RPKI can help on BGP hijacks, given this is still an ongoing process.

In my opinion, the major issue is data at rest which would rely on PGP, S/MIME, 
et al.  Another option would be DMTP, like I emailed off list which encrypts 
even headers.  My guess though is that if this gains traction, there will be a 
corresponding law like CALEA for LEO to intercept.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Jan 12, 2019, at 5:09 PM, Viruthagiri Thirumavalavan  
> wrote:
> 
> I'm not sure why are being angry here. 
> 
> For the record, this conversation isn't about TLS on port 26. It's about 
> STARTTLS downgrade protection on port 25. 
> 
> On Sun, Jan 13, 2019 at 3:33 AM Brian Kantor  <mailto:br...@ampr.org>> wrote:
> From this point forward, all mail containing the phrase "TLS on
> port 26" in the Subject line will be shunted into my junk mail box,
> unread, because I do not wish to see any more correspondence on
> this matter.
> 
> 'procmail' is my friend.
> - Brian
> 
> 
> On Sun, Jan 13, 2019 at 03:20:26AM +0530, Viruthagiri Thirumavalavan wrote:
> > Hello Mr. Levine,
> >   [...]
> 
> 
> -- 
> Best Regards,
> 
> Viruthagiri Thirumavalavan
> Dombox, Inc.

Mark Tinka ping request

[Eric Tykwinski]

Mark,

Kevin does work for Apache and was asking about OSS usage rates in Africa/other 
places as well.
Since I know you are very involved in SAFNOG, et al, I figured you’d be a good 
resource for contacts over there for data.

I’m CCing Kevin McGrail, so more of an intro if you know of anyone.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

RE: Comcast

[Eric Tykwinski]

Nationwide outage for them right now:
https://twitter.com/hashtag/comcast


Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300


> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Daniel Corbe
> Sent: Friday, June 29, 2018 1:53 PM
> To: NANOG
> Subject: Comcast
> 
> Can someone from Comcast contact me off list?
> 
> Your customers can’t reach my network right now.

Re: BGP in a containers

[Eric Tykwinski]

The funny part is I don’t like containers but love VMs, so kvm, vmware, citrix, 
hvm, et al.
Not much difference but I tend to like the separation of OS knowledge, with all 
the bugs lately though I wonder if it’s worth it.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Jun 14, 2018, at 10:14 PM, Hunter Fuller  wrote:
> 
> On Thu, Jun 14, 2018 at 8:46 PM Mike Hammett  wrote:
> 
>> I wonder which part of the proposal people find offensive.
> 
> 
> I have no idea. All - You know no one is trying to make *you* run BGP
> inside of a container, right?

Re: Yet another Quadruple DNS?

[Eric Tykwinski]

> Is it just me, or is there a problem with the website? I get a nginx 403 
> Forbidden error when trying to access it.   
> 
> 
> 
> Regards, 
> Filip

I can verify it was working, but they might have gotten hammered after this 
thread.  Still curious how they got a SSL cert for an IP address, as that was 
definitely interesting to me.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

Re: Suggestions for a more privacy conscious email provider

[Eric Tykwinski]

> On Dec 4, 2017, at 6:34 PM, Rich Kulawiec  wrote:
> 
> ---rsk
> 
> [1] I don't expect them, or anyone else, to catch everything all the
> time.  There are always unpleasant surprises.  But there is absolutely
> no excuse for systemic, chronic abuse, for failure to accept abuse
> reports, for failure to respond to them quickly, for failure to
> act on them promptly, for failure to prevent repeat incidents,
> or for failure to apologize.

Not from I’ve seen, most get big fast, and than security follows secondary.  
Name your ISP, your Cloud, and your Virtual Environment.
Comcast and AOL used to be hell for spam, then they started blocking SMTP, or 
in AOL’s case sort of went out of business till the VZ buyout.  From what I’ve 
noticed, OVH is sort of the same, got big quick and was one of the biggest 
spammers around, they have finally gotten their act together IMHO.  Linode from 
what I remember hasn’t been that bad, a couple of hacked servers of course, but 
par for the course and kept things manageable and responsive to my requests.  
Main point I think is mailops comes with a learning curve, and it happens...

Re: Suggestions for a more privacy conscious email provider

[Eric Tykwinski]

Sort of a side note, but has anyone played with a Magma server?
Ladar Levison’s project to create a totally encryption email system.  I donated 
a bit, but have yet found time to beta test anything.
Just looking for pro’s/con’s and if it’s even worth spending the time.
https://darkmail.info/ 

> 
> On Dec 2, 2017, at 1:35 PM, Michael S. Singh  wrote:
> 
> Hi all,
> 
> I am in need of some suggestions for some privacy conscious email
> providers. I am currently using Migadu email hosting from Switzerland,
> basically they allow their users to have as many domains and mailboxes
> without storage limits without extra cost.
> 
> However they only allow 10 messages to be sent per day on their free tier.
> 
> -- 
> Sincerely Michael S Singh,
> M: 914-266-0601
> W: www.wadadli.me
> F: 5E0E FD46 4592 1682 A4B6 5F62 761E 4940 A177 3B38
> 
> 
> 
> Sent via Migadu.com, world's easiest email hosting
> 

Re: Reporting/fixing broken airport/hotel/etc wifi?

[Eric Tykwinski]

> On Jul 14, 2017, at 5:04 PM, Ken Chase  wrote:
> 
> 
> This is exactly why i have SSHd on port 443 and 53 on one of my boxes/IPs. 
> Once
> I got SSH sky's the limit on what I can fix/setup/tunnel.
> 
> /kc
> --
> Ken Chase - m...@sizone.org Guelph Canada

This is my usual workaround as well.  
Props to Avery Pennarun: http://sshuttle.readthedocs.io/en/stable/index.html
for making my life even easier.

Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal

[Eric Tykwinski]

> On Mar 28, 2017, at 7:08 PM, valdis.kletni...@vt.edu wrote:
> 
> On Tue, 28 Mar 2017 15:51:43 -0700, Seth Mattinen said:
> 
>> Has there ever been a real survey that asks people where they think
>> Google gets the money to support things like Gmail for "free"?
> 
> There's a difference.  Google only gets to aggregate data you pass to Google.
> Your ISP gets to aggregate data you pass to *anybody*.  The difference 
> matters.
> 
> Consider this example from the EFF:
> 
> "They know you spoke with an HIV testing service, then your doctor, then your
> health insurance company in the same hour. But they don't know what was
> discussed."
> 
> And the ISP is in that same position of being able to see all 3, and allowing
> anybody they sell the data to, to make conclusions.
> 
> https://www.eff.org/deeplinks/2013/06/why-metadata-matters

My first thought was your 6 year old watching sesame street videos, and your 10 
year old playing minecraft.
Sounds like the various COPPA lawsuits that I’ve seen from the FTC lawsuits, 
but IANAL.

DNS CAA records...

[Eric Tykwinski]

So I’ve come across this on Qualys and just wondering if there’s any practical 
examples out there in the wild.
I know some BIND guys are on here, so I’m sure I’m missing something from the 
RFCs.
Just wanted to test this out on my play domains before putting it out in the 
wild...

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

Just a quick question...

[Eric Tykwinski]

IPv4 routes did a quick bounce to 600,949 around 9:30AM EST, than went back 
down to 599,241 shortly after.  Seemed like a big jump so I setup an alert, 
just wondering if anyone else noticed anything, I’m not overly concerned, but 
seemed like a route leak possibly and I didn’t really see anything on bgpstream.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

Re: QWEST.NET can you fix your nameservers

[Eric Tykwinski]

Ironically,  I always wondered why I was told not to publish SPF records, since 
it did make more sense to have both, and slowly remove the TXT records later.  
Thanks for the heads up…

What do you think really is best practice now?

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Sep 15, 2016, at 7:30 PM, Mark Andrews <ma...@isc.org> wrote:
> 
> So your helpdesks don't get problem reports when people can't look
> up domain names?  Recursive DNS vendors don't get bug reports when
> domain names can't be looked up.  We don't get fixes developed
> because there are too many broken servers out there.
> 
> Because some servers don't answer EDNS requests this leads to false
> positives on servers not support EDNS when they do.  This in turn
> leads to DNSSEC validation failures as you don't get DNSSEC answers
> without EDNS.
> 
> IPv6 deployment was put back years because  DNS lookups got
> wrong answers.
> 
> DANE deployment is slow because DNS servers give bad answers to
> _._tcp./TLSA.
> 
> Then there is SPF.  A fare portion of the reason why the SPF record
> failed, despite it being architectually cleaner than using TXT
> records, is that some nameservers gave bad responses to SPF queries.
> 
> I could go find more examples of the cost of non DNS protocol
> compliance.
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org 
> <mailto:ma...@isc.org>

RE: I recommend dslreports.com/speedtest these days (was Speedtest.net not accessible in Chrome due to deceptive ads)

[Eric Tykwinski]

Jim,

No problems, I just knew you were one of the project founders.  I found it on 
the website shortly after posting.
My google-fu wasn’t up to par.
https://www.bufferbloat.net/projects/cerowrt/wiki/Tests_for_Bufferbloat/

I’m assuming I used the script last time for netperf, but have downloaded Flent 
to give it a shot.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
__
From: gettys...@gmail.com [mailto:gettys...@gmail.com] On Behalf Of Jim Gettys
Sent: Friday, July 22, 2016 3:23 PM
To: Eric Tykwinski
Cc: nanog list; jb; Toke Høiland-Jørgensen; Dave Taht
Subject: Re: I recommend dslreports.com/speedtest these days (was Speedtest.net 
not accessible in Chrome due to deceptive ads)

I don't read this list continually, but do archive it; your note was flagged 
for me to comment on.

On Thu, Jul 21, 2016 at 8:11 PM, Eric Tykwinski <eric-l...@truenet.com> wrote:
This is probably for Jim Gettys directly, but I’m sure most others have input.  
I could of sworn that that there was some test made to detect it directly on 
switches and routers?  Sort of like iperf, but to test bufferbloat specifically 
given the OS stack which is going to have issues as well, as shown on 
bufferbloat.net <http://bufferbloat.net/>.

​We recommend Toke Høiland-Jørgensen's
​
 "flent" ​
 
​https://flent.org/ for testing connections/devices/gear. It uses "netperf" 
transfers to load the link (by default with 4 simultaneous TCP connections in 
both directions, IIRC), and then runs another test (by default "ping") at the 
same time to test the connection under load. 
Turning on a netperf server is just as easy as turning on an iperf server (and 
the results are better, and netperf's maintainer responsive).​

See the documentation/paper on Toke's web site.  The "RRUL" test 
("Real-Time Response Under Load") is the one we use most/is best shaken down.   
I'm sure Toke would love help with other tests.
​

Gives you lots of useful graphs, will do diffserv marking, etc...​

Re: I recommend dslreports.com/speedtest these days (was Speedtest.net not accessible in Chrome due to deceptive ads)

[Eric Tykwinski]

This is probably for Jim Gettys directly, but I’m sure most others have input.  
I could of sworn that that there was some test made to detect it directly on 
switches and routers?  Sort of like iperf, but to test bufferbloat specifically 
given the OS stack which is going to have issues as well, as shown on 
bufferbloat.net . 

> On Jul 21, 2016, at 6:36 PM, Donn Lasher via NANOG  wrote:
> 
> On 7/21/16, 2:19 PM, "NANOG on behalf of Jay R. Ashworth" 
>  wrote:
> 
> 
> 
>> - Original Message -
>>> From: "Janusz Jezowicz" 
>> 
>>> Since this morning Speedtest.net is not accessible in Chrome
>>> Reason:
>>> https://www.google.com/transparencyreport/safebrowsing/diagnostic/#url=c.speedtest.net
>>> 
>>> For any ISPs/content providers linking to speedtest.net you may want to
>>> swap links to a different website or host your own speed test.
>> 
>> So far, I am very pleased with how it works, though I think it's letter
>> grades on speed are a bit pessimistic (65Mbps is a "C").
>> 
>> Specifically, it measures bufferbloat, with both a realtime graph and a 
> 
> 
> Are you talking about the dslreports speedtest? I like that one, very 
> detailed results.
> 
> http://speedtest.dslreports.com/
> 
> 
> I’d agree with the pessimistic scoring.. 160Mbit was given a “B” grade.
> 
> 
> 
> 

Re: Leap Second planned for 2016

[Eric Tykwinski]

That was great, I would actually like NIST to link to it…

> On Jul 8, 2016, at 7:14 PM, Hal Ponton  wrote:
> 
> I'll just leave this here :)
> 
> http://spendyourleapsecondhere.com/ 
> -- 
> --
> Regards,
> 
> Hal Ponton
> Senior Network Engineer
> 
> Buzcom / FibreWiFi
> 
> 
> 
> 
>> Andrew Kirch >
>> 9 July 2016 at 00:09
>> Its a whole extra second you can spend doing something awesome. You have to
>> plan now!
>> 
>> Javier J > >
>> 8 July 2016 at 23:53
>>> Time to start preparing
>> 
>> 
>> Unless you are running something that can't handle leap seconds what do you
>> really need to prepare for?
>> 
>> 
>> 
>> On Thu, Jul 7, 2016 at 12:59 PM, Andrew Gallo  wrote:
>> 
>>> Looks like we'll have another second in 2016:
>>> http://www.space.com/33361-leap-second-2016-atomic-clocks.html
>>> 
>>> 
>>> Time to start preparing
>>> 
>>> 
>> Andrew Gallo >
>> 7 July 2016 at 17:59
>> Looks like we'll have another second in 2016:
>> http://www.space.com/33361-leap-second-2016-atomic-clocks.html 
>> 
>> 
>> 
>> Time to start preparing

Re: ARIN Region IPv4 Free Pool Reaches Zero

[Eric Tykwinski]

No doubt as an iOS/Apple developer for a hobby, they have been pretty forth 
coming on dual stack.
It’s not totally a requirement yet, but pretty much a BCOP:
https://developer.apple.com/library/prerelease/ios/documentation/NetworkingInternetWeb/Conceptual/NetworkingOverview/UnderstandingandPreparingfortheIPv6Transition/UnderstandingandPreparingfortheIPv6Transition.html#//apple_ref/doc/uid/TP40010220-CH213-SW11
 
<https://developer.apple.com/library/prerelease/ios/documentation/NetworkingInternetWeb/Conceptual/NetworkingOverview/UnderstandingandPreparingfortheIPv6Transition/UnderstandingandPreparingfortheIPv6Transition.html#//apple_ref/doc/uid/TP40010220-CH213-SW11>

Sorry if it’s behind a sign-in wall.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
F: 610-429-3222

> On Sep 24, 2015, at 6:59 PM, Jared Mauch <ja...@puck.nether.net> wrote:
> 
> 
>> On Sep 24, 2015, at 6:56 PM, Franck Martin via NANOG <nanog@nanog.org> wrote:
>> 
>> I think the next requirement for iOS apps: "We ran your app on an IPv6 only
>> network and it did not work. Your submission to the Apple store is
>> therefore denied."
> 
> That’s forthcoming.
> 
> https://developer.apple.com/videos/wwdc/2015/?id=719
> 
> 
> - Jared

Re: GeoIP information

[Eric Tykwinski]

I love OVH where they ask where you want your IP space to be geolocated, but 
it’s still France/Canada…  
Why ask, I guess it worked in the past?

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
F: 610-429-3222


> On Sep 24, 2015, at 8:55 PM, Roland Dobbins <rdobb...@arbor.net> wrote:
> 
> On 25 Sep 2015, at 7:47, William Herrin wrote:
> 
>> Maxmind does not concur.
> 
> <https://news.ycombinator.com/item?id=7888280>
> 
> ---
> Roland Dobbins <rdobb...@arbor.net>

Re: Sign-On Letter to the Court in the FCC's Net Neutrality Case

[Eric Tykwinski]

I signed on as well, but why didn’t the EFF at least publish the letter to the 
list?
It was well written and laid out, even for politicians.  Personally, I would 
have included some VoIP stuff that’s well known about, but "que sera, sera”.  
The main point being if you want people to sign up, show your cards and let 
people make the business decision whether that will effect their present 
situation first.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
F: 610-429-3222

> On Sep 18, 2015, at 6:23 PM, Rich Kulawiec <r...@gsp.org> wrote:
> 
> On Thu, Sep 17, 2015 at 11:41:52AM -0400, Miles Fidelman wrote:
>> Me too.  Be sure to actually read the Amicus brief - it's incredibly
>> well written and informative.
> 
> I've signed on as well and strongly concur with Miles' recommendation.
> 
> ---rsk

Re: BGAN Optimized Laptops

[Eric Tykwinski]

Matt’s totally correct on the browser requesting the info, so it’s up to the 
client to decide what to download even obfuscated javascript links.
My question would be how far can compression take you for something like Opera 
which does some compression in browser with a caching server?  I figure a lot 
of websites are probably using more uncompressed formats like PNG, which can 
probably be compressed a bit more, but it’s still like taking a tar ball.  If  
a server in sending gzip’d text and the browser/cache are compressing that how 
much more can be gained?  Compression of compression with even more compression 
to me is probably more like a downward spiral.

> On Sep 10, 2015, at 10:54 PM, Matthew Petach  wrote:
> 
> On Thu, Sep 10, 2015 at 6:14 PM, Scott Weeks  wrote:
>> 
> ...
>> 
>> Someone told me that there is a way for the browser to say
>> to the web server, send me only the parts of the web page I
>> request.  For example, send me everything but the flash and
>> images.  Being a browser wuss I thought the web server just
>> sent everything and the browser decided whether to display
>> it or not.  That would mean the data already was transferred
>> over the expensive sat link incurring the data costs.
>> 
>> scott
> 
> Just wanted to clear one point up...
> 
> The web is *not* a "push" model; it's a "pull" model.
> 
> The HTML document is nothing but a text document
> which has references to other elements that are
> available to the browser, should it choose to
> request them; but it is incumbent upon the
> browser to request each and every one of
> those other elements from the server before
> they are transferred.  The server will not send
> something that was not first requested by the
> browser.
> 
> It's misunderstandings like this that make content
> providers twitch every time an eyeball network
> says "well you're *sending* all this data at my
> network" -- absolutely nothing is being sent
> that was not explicitly requested by the browser
> first.   ^_^;
> 
> Thanks!
> 
> Matt

Re: internet visualization

[Eric Tykwinski]

Sort of strange since RIPE bgplay is saying the same:
https://stat.ripe.net/widget/bgplay#w.resource=7224 


Anyone else have some input beside grammar nazis?

> On Sep 8, 2015, at 10:05 PM, Joly MacFie  wrote:
> 
> ​3/10 for spelling
> 
>> adjancencies​
> 
> or is that a thing?
> 
> 
> 
> -- 
> ---
> Joly MacFie  218 565 9365 Skype:punkcast
> WWWhatsup NYC - http://wwwhatsup.com
> http://pinstand.com - http://punkcast.com
> VP (Admin) - ISOC-NY - http://isoc-ny.org
> --
> -

Re: stacking pdu

[Eric Tykwinski]

I was pretty much thinking the same, get a switched/metered outlet PDU.  APC, 
ServerTech, et al have them, then daisy chain something like a Dell AP6015 off 
the outlet.  No clue about NEC/local laws, but the Dells are pretty much setup 
for that type of setup.

 On Jun 5, 2015, at 5:20 PM, Brian Loveland br...@bloveland.com wrote:
 
 APC does make some 'half rack' PDU's that take a C20 inlet so they could
 hang off a C19 outlet on another PDU:
 http://www.apc.com/resource/include/techspec_index.cfm?base_sku=AP8858displayList=ALLpage_type=displaybasicprinter_friendly=yes
 http://www.apc.com/resource/include/techspec_index.cfm?base_sku=AP7821displayList=ALLpage_type=displaybasicprinter_friendly=yes
 
 On the software side, just use a master PDU with metering.  These sub
 ones are also metered but you would want to look at the total utilization
 on the master.
 
 No comment if its to code...
 
 On Fri, Jun 5, 2015 at 12:51 AM, shawn wilson ag4ve...@gmail.com wrote:
 
 Well, I was kinda thinking this would turn out to be a dumb question / have
 an obvious answer. Apparently not. But it seems I can't go buy a solution
 either. I guess there isn't much of a market (though I am just talking
 software - maybe someone could make an update :) ).
 

Re: Ars breaks Misfortune Cookie vulnerability news to public

[Eric Tykwinski]

Here’s the thing I don’t get…  You have X provider supplying routers with 
vulnerable firmware that have remote support (TR-069) enabled.
Why would Check Point not at least name and shame, instead of trying to market 
their security?  I know the hack is old, but grandma isn’t probably up to date 
on the latest firmware that should have been upgrade through TR-069.  I’m 
honestly more upset with the reporting than the normal residential cpe didn’t 
get upgraded.

But yeah, Happy Holidays everyone...

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
F: 610-429-3222

 On Dec 19, 2014, at 5:54 PM, Jay Ashworth j...@baylink.com wrote:
 
 While the flaw is 12 years old and the fix 9, the article suggests that
 firmware for consumer routers may yet be being built with the vulnerable
 webserver code baked in.
 
 If you are responsible for lots of eyeballs you might want to look at this.
 
 http://arstechnica.com/security/2014/12/12-million-home-and-business-routers-vulnerable-to-critical-hijacking-hack/
 
 Have a nice Christmas weekend.  :-)
 
 Cheers,
 -- jra
 
 -- 
 Jay R. Ashworth  Baylink   
 j...@baylink.com
 Designer The Things I Think   RFC 2100
 Ashworth  Associates   http://www.bcp38.info  2000 Land Rover DII
 St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 1274

Re: Any experience with Comcast digital voice for OOB (offlist is fine)

[Eric Tykwinski]

Thanks all,

Jared, sorry I forgot about out-of-band touch tones and should of specified 
better, the client was looking to use a modem like most guessed.
I suggested using a cellular option since POTS wasn't available, as most gear 
usually has that as an option, and it looks like US Robotics makes a serial 
connection modem at that.

I do remember though something about a modem over VoIP protocol being 
developed, something like Jay was saying about Faxing over VoIP, but I guess it 
never took off.  My guess being relying on the same line as an internet 
connection would be about that smart anyways.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
F: 610-429-3222

On Mar 1, 2014, at 1:49 PM, Keegan Holley no.s...@comcast.net wrote:

 As others have said modems require POTS or at least a PBX line.  Also isn’t 
 the hand-off fog VoIP ethernet?  You wouldn’t be able to stick that into the 
 RJ-11 port in the modem.  It would be easier to use the comcast internet 
 connection with some sort of IPsec tunnel for OOB.  It’s cheap and mostly 
 reliable.
 
 If you’re looking for a better solution see the thread on OOB gear RE: 
 opengear.  They are multi-port and support, POTS, wifi and 3G for access.
 
 On Feb 28, 2014, at 2:27 PM, eric-l...@truenet.com wrote:
 
 
 Sincerely,
 
 Eric Tykwinski
 TrueNet, Inc.
 P: 610-429-8300
 F: 610-429-3222
 
 
 
 
 
 

RE: Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds

[Eric Tykwinski]

Looks like a bug, if you stick a 1 in total email users:
Per Year:   $504.00

-Original Message-
From: Adam Greene [mailto:maill...@webjogger.net] 
Sent: Friday, January 10, 2014 9:11 AM
To: 'NANOG Mailing List'
Subject: RE: Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds

Hi TR,

This looks like a very promising service to me as well.

Could you hit me off list with the pricing contact?

The pricing on http://www.spamhaustech.com/datafeed/pricecalculator.lasso is
a little high ($9,223,372,036,854,780,000.00/yr).

:)

Thanks,
Adam 

-Original Message-
From: TR Shaw [mailto:ts...@oitc.com]
Sent: Thursday, January 09, 2014 5:49 PM
To: Bryan Socha
Cc: NANOG Mailing List
Subject: Re: Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds

Replied off list.

On Jan 9, 2014, at 5:43 PM, Bryan Socha wrote:

 I would also like that contact, i've been trying to get the same quote 
 for
feed only for months.
 
 Thanks,
 Bryan
 
 

Re: Cogent Level 3 routing issue?

[Eric Tykwinski]

Honestly from the Internet Health Report, I've noticed connections between 
Level3 and Cogent are red quite a bit.
http://www.internethealthreport.com/

Bad samples or peering issues could be the cause either way, but it's been 
ongoing for awhile.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
F: 610-429-3222

On Dec 7, 2013, at 3:40 PM, Jason Canady ja...@unlimitednet.us wrote:

 Unfortunately Cogent has a lot of peering issues.  We use them in our network 
 blend and we have been having lots of problems with traffic outbound to 
 Comcast.  It looks like from South Bend, Indiana on Cogent to Chicago / Level 
 3 we are getting a very tiny amount of packet loss and a higher than 'normal' 
 latency of 35ms+.
 
 Where are you connected to Cogent at?  And what destination are you going to 
 on Level 3?
 
 Best Regards,
 
 -- 
 
 Jason Canady
 Unlimited Net, LLC
 Responsive, Reliable, Secure
 
 www.unlimitednet.us
 ja...@unlimitednet.us
 twitter: @unlimitednet
 
 On 12/7/13 3:14 PM, Matthew Crocker wrote:
 Anyone seeing issues between Cogent  Level3 in NYC?
 
 I have Sprint  Cogent for bandwidth.   Everything has been humming along 
 for a couple years just fine.   Yesterday around 8:00AM my BGP session with 
 Cogent flapped.  Now, when my Cogent BGP is up I get 100% packet loss in 
 level3 land.  When Cogent BGP is down (i.e. I’m running solely on Sprint)  
 Everything is fine.
 
 I have an open ticket with Cogent.  They say they have a ‘capacity issue’ 
 with level3 that has been escalated to executive levels.
 
 With Sprint  Cogent BGP UP
  I see traceroutes showing traffic leaving me on Sprint but returning on 
 Cogent (and failing at level3).  I’m guessing it is the level3/cogent border
 
 With Sprint UP  Cogent Down
  I see trace routes showing traffic on to/from on Sprint just fine.
 
 
 Anyone else having issues?
 
 -Matt
 
 --
 Matthew S. Crocker
 President
 Crocker Communications, Inc.
 PO BOX 710
 Greenfield, MA 01302-0710
 
 E: matt...@crocker.com
 P: (413) 746-2760
 F: (413) 746-3704
 W: http://www.crocker.com
 
 
 
 
 
 

ICANN related question...

[Eric Tykwinski]

We have a customer that purchased a domain through a reseller of
register.com.
The Whois records only point to the actual company and the originating
accredited registrar: register.com.

Does anyone know of any hints to find out who the reseller is?  Apparently
Register.com can't supply us with that information.

Just in case anyone is wondering:
Domain ID:D96747839-LROR
Domain Name:GIRLSINCDE.ORG
Created On:21-Apr-2003 18:39:46 UTC
Last Updated On:20-Nov-2013 22:11:57 UTC
Expiration Date:21-Apr-2014 18:39:46 UTC
Sponsoring Registrar:Register.com, Inc. (R71-LROR)
Status:CLIENT TRANSFER PROHIBITED
Registrant ID:F50A8CB8E137E659
Registrant Name:Lori Cooney
Registrant Organization:Girls Incorporated of Delaware

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
F: 610-429-3222

Re: DNS and nxdomain hijacking

[Eric Tykwinski]

Just as a side note, I don't think MS supports NXDOMAIN redirections yet, which 
is rather surprising.
Given I highly doubt anyone is using this external resolvers, which redirection 
is usually for.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
F: 610-429-3222

On Nov 5, 2013, at 7:57 PM, Phil Bedard bedard.p...@gmail.com wrote:

 
 
 On 11/5/13, 7:25 PM, Jimmy Hess mysi...@gmail.com wrote:
 
 On Tue, Nov 5, 2013 at 2:38 PM, Warren Bailey 
 wbai...@satelliteintelligencegroup.com wrote:
 
 
 I've noticed a lot more nxdomain redirects on providers (cox, uverse,
 tmo,
 
 
 I believe these ISPs have been servicing a mucked up recursive DNS like
 this for quite a while.
 
 I think every major residential ISP in the US has been doing this for 5+
 years now.  I worked at one provider who made a pretty decent chunk of
 change off the monthly ad revenue and that was 6 years ago.  People typo a
 lot of URLs.  
 
 Charter (my current ISP) does let you disable it via the web.
 
 Phil 
 
 
 

RE: How anti-NSA backlash could fracture the Internet along national borders - The Washington Post

[Eric Tykwinski]

Just wanted to add something to the discussion:
http://www.renesys.com/2013/10/google-dns-departs-brazil-ahead-new-law/

Basically, they are claiming possible new laws in Brazil have left Google to
shut down DNS services locally.

-Original Message-
From: Jorge Amodio [mailto:jmamo...@gmail.com] 
Sent: Monday, November 04, 2013 8:37 AM
To: Masataka Ohta
Cc: NANOG
Subject: Re: How anti-NSA backlash could fracture the Internet along
national borders - The Washington Post

That is correct (not everywhere) but it has no direct relationship with the
economics plus violating local or international laws is way above layer 7

Also there is no uniform and universal standard that defines what is or is
not a violation.

-Jorge

 On Nov 4, 2013, at 7:17 AM, Masataka Ohta
mo...@necom830.hpcl.titech.ac.jp wrote:
 
 Jorge Amodio wrote:
 
 There is no field on the IP packet header to indicate to which 
 political mandate the packet belongs.
 
 If a service provider violates some local regulation, the provider 
 will be punished, which is the political mandate.
 
 That is, the service provider should better observe related local 
 regulations as long as they want to have business at the locale.
 
   Masataka Ohta

Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6

[Eric Tykwinski]

I'll agree there, as developers have built in some tricks to work around NAT 
issues.  But in reality doing away with NAT is a much better alternative for 
the long haul.  So you are both right, but I'll side with Owen when doing 
network deployments as to ease my future headaches.

Sent from my iPhone

On Jan 17, 2013, at 7:30 PM, Jeff Kell jeff-k...@utc.edu wrote:

 On 1/17/2013 6:50 PM, Owen DeLong wrote:
 Vonage will, in most cases fail through CGN as will Skype, Xbox-360,
 and many of the other IM clients.
 
 Not sure about Vonage, but Skype, Xbox, and just about everything else
 imaginable (other than hosting a server) works just fine over NAT with
 default-deny inbound here, and we have several thousand students in the
 dorms that bang the heck out of those services.  Most applications have
 adapted to the SOHO NATing router that is prevalent today on broadband
 internet.  And if it didn't work, believe me, I'd hear about it :)
 
 Jeff
 
 
 
 

RE: Internet routing table completeness monitoring?

[Eric Tykwinski]

I agree, and just use the Threshold plugin so when it drops below or goes
above a certain # to notify you.
http://docs.cacti.net/plugin:thold


-Original Message-
From: Joseph Jackson [mailto:jjack...@aninetworks.net] 
Sent: Wednesday, October 03, 2012 9:51 AM
To: m...@kenweb.org; North American Networking and Offtopic Gripes List
Subject: RE: Internet routing table completeness monitoring?

I have cacti graph the amount of prefixes announced and withdrawn from a BGP
peer on each BGP router.

RE: WW: Colo Vending Machine

[Eric Tykwinski]

+1 for GBICs, SFPs 

I don't know if it's just me, but I have the worst luck with them.

-Original Message-
From: Jonathan Lassoff [mailto:j...@thejof.com] 
Sent: Friday, February 17, 2012 1:40 PM
To: Jay Ashworth
Cc: NANOG
Subject: Re: WW: Colo Vending Machine

On Fri, Feb 17, 2012 at 10:35 AM, Jay Ashworth j...@baylink.com wrote:
 Please post your top 3 favorite components/parts you'd like to see in 
 a vending machine at your colo; please be as specific as possible; 
 don't let vendor specificity scare you off.

This is a riot! I'd love to have something like this at facilities I'm in.
Some useful stuff that comes to mind:
 - Rack screws of various common sizes and threadings
 - SFPs, GBICs, etc.
 - Rollover cable / DE-9-8P8P adapter
 - Screwdrivers
 - Cross-over Ethernet, patch cables
 - zip ties, velcro tape, etc.
 - Label tape

Cheers,
jof

RE: Hijacked Network Ranges - paging Cogent and GBLX/L3

[Eric Tykwinski]

Haven't really been following, but you've got a 50/50 shot for BGP on Cogent
for us,
but Level3 is shorter so would take precedence.

208.110.48.0/20 3356 29791 11325 i
174 1299 29791 11325 i
208.110.49.03356 12189 19181 33611 i
174 12189 19181 33611 i

-Original Message-
From: Ido Szargel [mailto:i...@oasis-tech.net] 
Sent: Tuesday, January 31, 2012 3:06 PM
To: Schiller, Heather A; Kelvin Williams; nanog@nanog.org
Subject: RE: Hijacked Network Ranges - paging Cogent and GBLX/L3

I would go at first by advertising your prefixes as a /24 as well, just
randomly checked 2 different locations and the as-path to 11325 is shorter
than to 33611
This seems to be the case for customers of Tiscali and L3, so this will
probably get most of your traffic back to you...

Regards,
Ido

-Original Message-
From: Kelvin Williams [mailto:kwilli...@altuscgi.com]
Sent: Tuesday, January 31, 2012 1:01 PM
To: nanog@nanog.org
Subject: Hijacked Network Ranges

Greetings all.

We've been in a 12+ hour ordeal requesting that AS19181 (Cavecreek Internet
Exchange) immediately filter out network blocks that are being advertised by
ASAS33611 (SBJ Media, LLC) who provided to them a forged LOA.

The routes for networks: 208.110.48.0/20, 63.246.112.0/20, and
68.66.112.0/20 are registered in various IRRs all as having an origin AS
11325 (ours), and are directly allocated to us.

The malicious hijacking is being announced as /24s therefore making route
selection pick them.

Our customers and services have been impaired.  Does anyone have any
contacts for anyone at Cavecreek that would actually take a look at ARINs
WHOIS, and IRRs so the networks can be restored and our services back in
operation?

Additionally, does anyone have any suggestion for mitigating in the interim?
Since we can't announce as /25s and IRRs are apparently a pipe dream.

--
Kelvin Williams
Sr. Service Delivery Engineer
Broadband  Carrier Services
Altus Communications Group, Inc.


If you only have a hammer, you tend to see every problem as a nail. --
Abraham Maslow

RE: XBOX 720: possible digital download mass service.

[Eric Tykwinski]

The PS Vita still uses a proprietary memory card format, so it's not just
download only.
The best example of download only would be OnLive, which basically is a game
system that only delivers on demand games.

IMHO, it's the market that will determine whether this is the right choice
in the long run.
It's a creative way to eliminate the used market and stop piracy, but if the
consumers don't join up like the PSP Go, it will eventually fail.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
F: 610-429-3222

-Original Message-
From: -Hammer- [mailto:bhmc...@gmail.com] 
Sent: Friday, January 27, 2012 9:02 AM
To: nanog@nanog.org
Subject: Re: XBOX 720: possible digital download mass service.

Here's your baseline: Sony Vita. They already tossed the UMD out with the
PSP-GO and that failed miserably. Now they are trying again to go to digital
only with the Vita. It's not the scale of PS3 or XBOX360 but it may be a
good way to gauge the potential success of the concept.

-Hammer-

I was a normal American nerd
-Jack Herer



On 1/27/2012 7:34 AM, Jared Mauch wrote:
 It's already done on a similar scale when apple releases new software for
their mobile devices.

 Just don't do it if you are on a low cap plan (eg: mobile, satellite etc).
Caps will be the new market discriminator IMHO.

 Jared Mauch

 On Jan 27, 2012, at 3:35 AM, Teioscar.vi...@gmail.com  wrote:

 Can internet in USA support that?   Call of Duty 15 releases may 2014
 and 30 million gamers start downloading a 20 GB files.  Would the 
 internet collapse like a house of cards?.

RE: XBOX 720: possible digital download mass service.

[Eric Tykwinski]

That's the case, but yeah, definitely off-topic...
http://www.gamestop.com/ps-vita/games/uncharted-golden-abyss-ps-vita/91436

Which would be on-topic, though.  If anyone knows of an OnLive box just to
check out the bandwidth usage, I would be interested.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
F: 610-429-3222


-Original Message-
From: -Hammer- [mailto:bhmc...@gmail.com] 
Sent: Friday, January 27, 2012 9:21 AM
To: nanog@nanog.org
Subject: Re: XBOX 720: possible digital download mass service.

Now we are venturing OT but I thought the format was proprietary but you
still had to get the content on the memory via the glorious Internet? 
Are you saying I can go to Gamestop and buy a stick with whatever game I'm
looking for? Is that the plan?

-Hammer-

I was a normal American nerd
-Jack Herer



On 1/27/2012 8:13 AM, Eric Tykwinski wrote:
 The PS Vita still uses a proprietary memory card format, so it's not 
 just download only.
 The best example of download only would be OnLive, which basically is 
 a game system that only delivers on demand games.

 IMHO, it's the market that will determine whether this is the right 
 choice in the long run.
 It's a creative way to eliminate the used market and stop piracy, but 
 if the consumers don't join up like the PSP Go, it will eventually fail.

 Sincerely,

 Eric Tykwinski
 TrueNet, Inc.
 P: 610-429-8300
 F: 610-429-3222

 -Original Message-
 From: -Hammer- [mailto:bhmc...@gmail.com]
 Sent: Friday, January 27, 2012 9:02 AM
 To: nanog@nanog.org
 Subject: Re: XBOX 720: possible digital download mass service.

 Here's your baseline: Sony Vita. They already tossed the UMD out with 
 the PSP-GO and that failed miserably. Now they are trying again to go 
 to digital only with the Vita. It's not the scale of PS3 or XBOX360 
 but it may be a good way to gauge the potential success of the concept.

 -Hammer-

 I was a normal American nerd
 -Jack Herer



 On 1/27/2012 7:34 AM, Jared Mauch wrote:
 It's already done on a similar scale when apple releases new software 
 for
 their mobile devices.
 Just don't do it if you are on a low cap plan (eg: mobile, satellite
etc).
 Caps will be the new market discriminator IMHO.
 Jared Mauch

 On Jan 27, 2012, at 3:35 AM, Teioscar.vi...@gmail.com   wrote:

 Can internet in USA support that?   Call of Duty 15 releases may 2014
 and 30 million gamers start downloading a 20 GB files.  Would the 
 internet collapse like a house of cards?.

RE: software wanted

[Eric Tykwinski]

Cacti uses MySQL, but I'm not sure if plain rrdtool does.  
There is support for custom programming, so might be worth checking out.
http://oss.oetiker.ch/rrdtool/

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
F: 610-429-3222

-Original Message-
From: Bowen, Jeremy M [mailto:jeremy.m.bo...@windstream.com] 
Sent: Tuesday, December 20, 2011 9:27 AM
To: 'Gregory Edigarov'; nanog@nanog.org
Subject: RE: software wanted

Cacti is a very useful graphing tool  We have used it to graph anything we
can grab via snmp.

Hope that helps.
Jeremy Bowen

Hi everybody,

can anybody recomend a piece of software, that could graph a live network
scanning it via snmp.
requirements are:
1. must produce a text output suitable for postproduction. graphviz is an
ideal, xml - acceptable.
2. must use no external database i.e. have text config file. clean text
console, suitable to run as a cronjob.
3. must be able to work in heterogenous environment. 

thanks a lot in advance

-
With best regards,
Gregory Edigarov

--
The information contained in this message, including attachments, may
contain privileged or confidential information that is intended to be
delivered only to the person identified above. If you are not the intended
recipient, or the person responsible for delivering this message to the
intended recipient, Windstream requests that you immediately notify the
sender and asks that you do not read the message or its attachments, and
that you delete them without copying or sending them to anyone else.

RE: [ncc-announce] 128.0.0.0/16 configured as martians in some routers

[Eric Tykwinski]

If anyone on Cogent is lurking, we are not receiving the announcements yet
in our BGP table.

Double checked on the looking glass, and it looks company wide.
http://www.cogentco.com/en/network/looking-glass

The space is seen through Level3...

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
F: 610-429-3222

-Original Message-
From: Alex Le Heux [mailto:ale...@ripe.net] 
Sent: Monday, December 05, 2011 10:49 AM
To: Routing WG
Cc: lac...@lacnic.net; PacNOG List; nanog@nanog.org; me...@menog.net; UKNOF
List; SANOG List; ncc-annou...@ripe.net; Address Policy Working Group; AfNOG
List
Subject: Re: [ncc-announce] 128.0.0.0/16 configured as martians in some
routers

Dear Colleagues,

The correct prefix and pingable address list for the Debogonising Project
is:

prefix  pinagble address

128.0.0.0/21128.0.0.1
128.0.24.0/24   128.0.24.1

Our apologies for the oversight.

Best regards,

Alex Le Heux
Policy Implementation Co-ordinator
RIPE NCC

RE: [fyo...@insecure.org: C|Net Download.Com is now bundling Nmapwith malware!]

[Eric Tykwinski]

Maybe it's just me, but I would think that simply getting them listed on
stopbadware.org and other similar sites would probably have much more of an
effect.
The bad publicity can cause them to change tactics, but it takes some time.
I've seen much quicker results from blacklisting on Google and other search
engines.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
F: 610-429-3222


-Original Message-
From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] 
Sent: Tuesday, December 06, 2011 11:48 AM
To: andrew.wallace
Cc: fyo...@insecure.org; nanog@nanog.org
Subject: Re: [fyo...@insecure.org: C|Net Download.Com is now bundling
Nmapwith malware!]

On Mon, 05 Dec 2011 22:14:48 PST, andrew.wallace said:
 Using fruitful language and acting like a child isn't going to see you
taken seriously.

No, he *does* want fruitful language - one that produces results.  I think
you meant some other word instead.

As far as acting like a child, I'm reasonably sure that if CNet was doing
the same thing to the good name of your consulting company, you'd react
similarly.

 - Forwarded message from Fyodor fyo...@insecure.org

On the other hand, just being Fyodor is sufficient to get him taken
seriously.

Email administrator for Comcast Philadelphia region?

[Eric Tykwinski]

If there is anyone lurking on the list, we are having some strange issues
with one of your clients.
Please contact offlist. (supp...@truenet.com)

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
F: 610-429-3222

Mediacom Communications Corporation contact available?

[Eric Tykwinski]

Looking for a NOC contact if there are any available.

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

F: 610-429-3222

 

RE: The Confiker Virus.

[Eric Tykwinski]

Joe,

Here's the link for the Python Crypto toolkit:
http://www.amk.ca/python/code/crypto.html

I scanned our internal network and didn't find anything, so I can't really
vouch for it's reliablity though.

-Original Message-
From: David Tebbutt [mailto:da...@sunshadeseyewear.com.au] 
Sent: Tuesday, March 31, 2009 2:10 AM
To: Paul Ferguson; JoeSox
Cc: nanog@nanog.org
Subject: Re: The Confiker Virus.

you need to add python-crypto with whatever package manager your OS uses,
yast line in suse:

|python-crypto   |2.0.1  |2.0.1 
|Collection of cryptographic algorithms and protocols, implemented for use
from Python 

d

 JoeSox joe...@gmail.com 31/03/09 8:46 am 
Has anyone tried the Python scs Network Scanner script?
http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker/ 

I have installed Impacket-0.9.6.0 library but it throws the following
warning
WARNING: Crypto package not found. Some features will fail.

Does anyone know if this effects the reliability of the scs script? I have
it scanning but I don't like that warning.

What other library is Impacket looking for to correct that warning?

--
Thanks, Joe


On Mon, Mar 30, 2009 at 10:27 AM, Paul Ferguson fergdawgs...@gmail.com
wrote:

RE: Verizon/UU.net/Alternet Routing issue

[Eric Tykwinski]

Anyone else still seeing routing issues from Verizon's network still?
We are getting intermittent routing to/from our IP space.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
F: 610-429-3222

-Original Message-
From: Braun, Mike [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, November 12, 2008 6:06 PM
To: nanog@nanog.org
Subject: RE: Verizon/UU.net/Alternet Routing issue

I was told this was a Level3 router leaking bad routes into Verizon, and was
told the problem is now resolved.

Mike

-Original Message-
From: Paul Jasa [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 12, 2008 2:27 PM
To: jamie rishaw; Peter Beckman
Cc: nanog@nanog.org
Subject: RE: Verizon/UU.net/Alternet Routing issue


Same here.  Saw the issue from Los Angeles, and from New York.  Traces
were dropping a few hops into the Verizon cloud.  BGP stayed up, but
routing went nowhere.  
Paul



From: jamie rishaw [mailto:[EMAIL PROTECTED]
Sent: Wed 11/12/2008 3:14 PM
To: Peter Beckman
Cc: nanog@nanog.org
Subject: Re: Verizon/UU.net/Alternet Routing issue




Confirmed here as well; Saw loss on DS3s between 424 and 440 EST.  BGP
survived but routing didnt ..

No RCA yet from VZN (on hold).


On Wed, Nov 12, 2008 at 3:47 PM, Peter Beckman [EMAIL PROTECTED]
wrote:

 At about 4:24pm EDT, I lost connectivity from Verizon to destinations
in
 New York, Seattle and others.  Came back up (4:46pm) while composing
this
 email.  Anyone else notice?  Major problem or minor routing issue?

   Packets   Pings
  HostLoss%   Snt   Last   Avg  Best  Wrst
StDev
  1. localrouter  67.6%   3950.6   1.6   0.5  18.8
2.3
  2. 10.1.41.150.0%   3955.7   5.1   1.8 306.0
  17.4
  3. P4-2.LCR-02.WASHDC.verizon-g  0.0%   3957.4   2.7   1.2  19.0
2.5
  4. 130.81.29.218 0.0%   3956.0   3.8   1.8  40.9
 4.2
  5. 152.63.39.177 0.0%   3958.6   6.8   3.9  71.3
 4.4
152.63.36.213
  6. 152.63.69.11371.6%   395  120.7  44.0  31.2 186.7
  30.3
  7. POS7-0-0.GW4.IND6.ALTER.NET  30.7%   395  1179. 133.3 121.3 1179.
  79.5
  8. 152.63.67.25093.9%   395  121.5 125.4 121.0 186.2
  13.0
  9. POS6-0-0.GW4.IND6.ALTER.NET  53.0%   395  318.9 217.7 206.8 722.0
  43.3
 10. 152.63.67.25096.2%   395  211.1 211.1 209.0 215.7
 1.8
 11. POS6-0-0.GW4.IND6.ALTER.NET  67.0%   395  422.1 305.9 294.9 692.1
  37.5
 12. 152.63.67.25097.5%   394  295.1 298.0 295.1 303.6
 2.5
 13. POS6-0-0.GW4.IND6.ALTER.NET  73.5%   394  523.9 391.5 382.1 523.9
  17.7
 14. 152.63.67.25098.7%   392  388.5 386.6 381.9 389.5
 3.1
 15. POS6-0-0.GW4.IND6.ALTER.NET  82.6%   392  632.9 481.2 468.6 632.9
  22.2
 16. 152.63.67.25099.2%   388  472.7 472.2 470.2 473.6
 1.8
 17. POS6-0-0.GW4.IND6.ALTER.NET  85.8%   388  737.0 573.3 559.4 737.0
  27.8
 18. 152.63.67.25099.2%   387  560.5 562.0 560.5 565.1
 2.7
 19. POS6-0-0.GW4.IND6.ALTER.NET  89.6%   387  839.0 664.8 644.9 839.0
  38.6
 20. 152.63.67.25099.2%   387  649.3 649.6 649.3 649.9
 0.3
 21. POS6-0-0.GW4.IND6.ALTER.NET  94.8%   383  946.4 763.8 734.6 946.4
  48.5
 22. 152.63.67.25099.7%   376  735.5 735.5 735.5 735.5
 0.0
 23. POS6-0-0.GW4.IND6.ALTER.NET  92.5%   376  895.4 842.2 819.1 909.0
  26.8
 24. ???
 25. POS6-0-0.GW4.IND6.ALTER.NET  96.7%   365  1153. 955.9 908.9 1153.
  78.7
 26. ???
 27. POS6-0-0.GW4.IND6.ALTER.NET  96.6%   328  1261. 1057. 998.8 1261.
  86.8
 28. 152.63.67.25099.6%   245  999.3 999.3 999.3 999.3
 0.0
 29. POS6-0-0.GW4.IND6.ALTER.NET  98.8%   245  1189. 1123. 1086. 1189.
  57.5
 30. ???

 Beckman


---
 Peter Beckman
Internet Guy
 [EMAIL PROTECTED]
 http://www.angryox.com/


---




--
.!google!arpa.com!j



The information contained in this e-mail and any attached 
documents may be privileged, confidential and protected from 
disclosure.  If you are not the intended recipient you may not 
read, copy, distribute or use this information.  If you have 
received this communication in error, please notify the sender 
immediately by replying to this message and then delete it 
from your system

--

THIS E-MAIL MESSAGE AND ANY FILES TRANSMITTED HEREWITH, ARE INTENDED SOLELY
FOR THE USE OF THE INDIVIDUAL(S) ADDRESSED AND MAY CONTAIN CONFIDENTIAL,
PROPRIETARY OR PRIVILEGED INFORMATION.  IF YOU ARE NOT THE ADDRESSEE
INDICATED IN THIS MESSAGE (OR RESPONSIBLE FOR DELIVERY OF THIS MESSAGE TO
SUCH PERSON) YOU MAY NOT REVIEW, USE, DISCLOSE OR DISTRIBUTE THIS MESSAGE OR
ANY FILES TRANSMITTED HEREWITH.  IF YOU RECEIVE THIS MESSAGE IN ERROR,
PLEASE CONTACT THE SENDER BY REPLY E-MAIL AND DELETE THIS MESSAGE AND ALL
COPIES OF IT FROM YOUR SYSTEM.