Whoops. .mobi whois impersonation
[ Via PRIVACY ] https://arstechnica.com/security/2024/09/rogue-whois-server-gives-researcher-superpowers-no-one-should-ever-have/ -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Out-of-Bailiwick DNS? (Was: HE.net problem)
- Original Message - > From: "Robert L Mathews" > > However, if "example.com" uses "ns1.he.net" and "ns2.he.net" as its > nameservers, > having the second of those instead be "ns2.he.org" will keep "www.example.com" > reachable if he.net is placed on clientHold. > > That was presumably the emergency concern in this case -- not so much that > www.he.net itself was offline, but that all the other domains using their > nameservers were offline. Correct. I was not the person who made the original query/report, but that was the concern which made me run the event up the flagpole here and on Outages. > I run a registrar so there's no risk of our domain names getting put on > clientHold, but I still don't trust the *registry* not to put one of our > domain > names on their equivalent "serverHold". And it is there that perhaps I overreacted one step; I had thought from the data I heard that that *was* a registry-side hold (and hence it didn't matter that it was NetSol). Or perhaps that NetSol was still the registry for .net -- that's out of date now, isn't it? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: HE.net problem
Yup; I blew that one too. I've been told it was cleared around 2020Z, and whois reflects that, though my dig +trace doesn't seem to be behaving as expected. Cheers, -- jra - Original Message - > From: "Crist Clark" > To: "Mel Beckman" > Cc: nanog@nanog.org > Sent: Thursday, July 4, 2024 4:52:14 PM > Subject: Re: HE.net problem > On the other side of this, we all may be learning the value of not having > all of you NS records in a single zone with a domain under a single > registrar. > > (From someone who has personal domains hosted on HE DNS.) > > > On Thu, Jul 4, 2024 at 1:01 PM Mel Beckman wrote: > >> Aha. Just as I suspected, bureaucrats at Network Solutions are to blame. I >> have had many run-ins with NS and their inscrutable policies and odd >> viewpoints. I was once suspended for running a web cache that NS >> incorrectly claimed was stealing domain content. No engineer on the NS side >> seemed to know what a web cache does. >> >> -mel via cell >> >> On Jul 4, 2024, at 12:42 PM, Mel Beckman wrote: >> >> Ryan, >> >> >> Right you are. The dig still fails. hopefully the ICANN issue gets fixed, >> and a pox on any bureaucrat who arranged for this to happen over a holiday >> weekend! >> >> -mel >> >> On Jul 4, 2024, at 12:33 PM, Ryan Hamel wrote: >> >> >> Mel, >> >> Your local caching resolver knows the IPs for ns[1-5].he.net, which skips >> over the need for querying the root DNS resolvers, and gtld-servers (glue >> records). If the TTL (2 days) expires on your resolver before HE fixes >> their issue, you will not be able to resolve anything for that domain. >> >> At the moment, a simple DNS trace (dig he.net +trace) cannot complete >> fully. >> >> Ryan Hamel >> >> -- >> *From:* Mel Beckman >> *Sent:* Thursday, July 4, 2024 12:20 PM >> *To:* Jay Ashworth >> *Cc:* Ryan Hamel ; nanog@nanog.org >> *Subject:* Re: HE.net problem >> >> Caution: This is an external email and may be malicious. Please take care >> when clicking links or opening attachments. >> >> Our he.net dns appears to be fine at this time: >> >> $ nslookup >> server ns1.he.net >> Default server: ns1.he.net >> Address: 2001:470:100::2#53 >> Default server: ns1.he.net >> Address: 216.218.130.2#53 >> > set type=A >> > jet.net. >> Server: ns1.he.net >> Address:216.218.130.2#53 >> >> Name: jet.net >> Address: 206.83.0.42 >> >> -mel beckman >> >> On Jul 4, 2024, at 12:11 PM, Jay Ashworth wrote: >> >> >> Cool, thanks. We had a couple of other reports of people making support >> calls and being asked to reboot their modems, so I wanted to make sure tier >> 3 had gotten it. >> >> And I figured tier 3 would be here. :-) >> >> Cheers, >> -- jra >> >> >> On July 4, 2024 3:00:12 PM EDT, Ryan Hamel wrote: >> >> I called their support when that outage thread came in, they're already >> aware and taking a look now. >> >> Ryan Hamel >> >> -- >> *From:* NANOG on behalf of Jay >> Ashworth >> *Sent:* Thursday, July 4, 2024 11:55 AM >> *To:* nanog@nanog.org >> *Subject:* HE.net problem >> >> Caution: This is an external email and may be malicious. Please take care >> when clicking links or opening attachments. >> >> We have a report on outages that he.net has been placed in ICANN client >> hold, and people's DNS service is falling over on this Independence day. If >> you work in DNS for HE, you might want to look into this. >> >> I have double checked the report, and I am seeing the status as well. >> >> Hurricane serves lots of dns, I would classify this as a P1 ticket. >> >> Cheers, >> -- jra >> >> -- >> Sent from my Android device with K-9 Mail. Please excuse my brevity. >> -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: NOAA Space Weather Prediction Center issued a Severe (G4) Geomagnetic Storm Watch
How odd. Both clocks are stratum 1? Were the associated servers chiming off other servers as well? Cheers, -- jra - Original Message - > From: "Mel Beckman" > To: "John Curran" , "NANOG" > Sent: Friday, May 10, 2024 4:29:13 PM > Subject: Re: NOAA Space Weather Prediction Center issued a Severe (G4) > Geomagnetic Storm Watch > We just had two TM1000 TimeMachine brand GPS NTP servers lose clock sync at > the > same time, in two different cities (LA and Santa Barbara). The outage lasted > about five minutes, during which the NTP servers were responding, but with > time > that was 1900 seconds out of sync. The devices showed satellite lock on 8 > birds > (not all the same ones). I've never seen this behavior before with years of > NTP > clock experience. > > It could be that these inexpensive NTP servers aren't very selective about > bogus > inputs, as I would have expected them to lose synch in the event of a GPS > signal failure. Instead they produced garbage. Our PRTG NTP monitor logged the > problem this way: > > > Sensor SNTP (SNTP) *** > Device 10.2.10.90-TimeMachine NTP server (10.2.10.90) > New Status at 5/10/2024 12:49:52 PM (Pacific Standard Time): > Down > Last Message: > The target server did not return a valid time. To resolve this issue, use a > packet analyzing tool and do a trace of the NTP packets to check if all fields > are correctly populated. (code: PE085) > > > From: NANOG on behalf of John Curran > > Sent: Friday, May 10, 2024 10:54 AM > To: NANOG > Subject: NOAA Space Weather Prediction Center issued a Severe (G4) Geomagnetic > Storm Watch > > > <https://www.swpc.noaa.gov/news/swpc-issues-its-first-g4-watch-2005> > SWPC Issues Its First G4 Watch Since 2005 | NOAA / NWS Space Weather > Prediction > Center<https://www.swpc.noaa.gov/news/swpc-issues-its-first-g4-watch-2005> > swpc.noaa.gov<https://www.swpc.noaa.gov/news/swpc-issues-its-first-g4-watch-2005> > [favicon.ico]<https://www.swpc.noaa.gov/news/swpc-issues-its-first-g4-watch-2005> > > "Multiple CMEs erupted associated with flare activity from Region 3664 on > 07-09 > May. These CMEs are expected to merge with potential arrival expected by early > May 11 on the UTC day.” > > (Low but distinct possibility of effects to radio and transmission systems) > > FYI, > /John > > John Curran > President and CEO > American Registry for Internet Numbers -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
SRI's Dan Lynch dies
>From Lauren Weinstein @ PRIVACY Digest: """ Dan Lynch, one of the key people involved in building the Internet and ARPANET before it, has died. Dan was director of computing facilities at SRI International, where ARPANET node #2 was located and he worked on development of TCP/IP, and where the first packets were received from our site at UCLA node #1 to SRI, and later at USC-ISI led the team that made the transition from the original ARPANET NCP protocols to TCP/IP for the Internet. And much more. Peace. -L """ He was well written up across the web, but here's a 2021 piece for those who aren't as familiar with his background: https://www.internethalloffame.org/2021/04/19/dan-lynchs-love-brilliant-complexity-fuels-early-internet-development-growth/ And his IHoF induction speech: http://opentranscripts.org/transcript/dan-lynch-ihof-2019-speech/ I would note his age here, as obits usually do, but it seems unusually difficult to learn. Happy landings, Mr Lynch. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Leap Day
Late, just saw the posting on BlueSky: In the wake of NTP inventor Dave Mills' death, probably the next ranking topchimer is NIST's Judah Levine, and the New York Times interviewed him about why we have leap years, which makes sense; all the other news outlets had to make do with lower-ranking (and less well spoken) "time experts" (I'm lookin' at you, NPR...) https://www.nytimes.com/2024/02/29/science/leap-day-easter.html Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: IPv6 uptake (was: The Reg does 240/4)
- Original Message - > From: "William Herrin" > On Fri, Feb 16, 2024 at 2:19 PM Jay R. Ashworth wrote: >> > From: "Justin Streiner" >> > 4. Getting people to unlearn the "NAT=Security" mindset that we were forced >> > to accept in the v4 world. >> >> NAT doesn't "equal" security. >> >> But it is certainly a *component* of security, placing control of what >> internal >> nodes are accessible from the outside in the hands of the people inside. > > Every firewall does that. What NAT does above and beyond is place > control of what internal nodes are -addressable- from the outside in > the hands of the people inside -- so that most of the common mistakes > with firewall configuration don't cause the internal hosts to -become- > accessible. > > The distinction doesn't seem that subtle to me, but a lot of folks > making statements about network security on this list don't appear to > grasp it. You bet. I knew someone would chime in, but whether they'd be agreeing with me -- as you are -- or yelling at me, wasn't clear. It's a default deny (NAT) vs default allow (firewall) question, and I prefer default deny -- at least inbound. You *can* run NAT as default deny outbound, too, but it's much less tolerable for general internet connectivity -- in some dedicated circumstances, it can be workable. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: IPv6 uptake (was: The Reg does 240/4)
- Original Message - > From: "Justin Streiner" > 4. Getting people to unlearn the "NAT=Security" mindset that we were forced > to accept in the v4 world. NAT doesn't "equal" security. But it is certainly a *component* of security, placing control of what internal nodes are accessible from the outside in the hands of the people inside. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: The Reg does 240/4
- Original Message - > From: "Dave Taht" > The angst around ipv6 on hackernews that this triggered was pretty > revealing and worth thinking about independently. > https://news.ycombinator.com/item?id=39316266 Thanks; the source where I got the other link mentioned that, and I meant to include it... > I was inspired to try a couple traceroutes. It used to be 240 escaped > my prior comcast router and wandered around a while; it does not do > that anymore. I would be dryly amused if that box was actually running > my old OpenWrt bcp38 stuff which blocked 240 for a couple years. My > cloud works, my aws stack works, openwrt works. Damn; I haven't touched the bcp38 wiki in some time. Thanks for the reminder. > Peering into a murky crystal ball, say, 5 years in the future: > > Another thing that I worry about is port space exhaustion, which is > increasingly a thing on firewalls and CGNs. If I can distract you - in > this blog cloudflare attempted to cut the number of ipv4 addresses > they use from 2 to 1, after observing some major retry issues. With a > nice patch, reducing the problem. > > https://blog.cloudflare.com/linux-transport-protocol-port-selection-performance/ Interesting. Isn't that something CGNAT implementers would have had to deal with already? > Peering further into the soi-distant decades ahead, perhaps we should > just allocate all the remaining protocol space in the IP header to a > quic native protocol, and start retiring the old ones. Well, I've been able to avoid thinking about it for some time, but ISTR my reaction to QUIC as violating a number of organized religions' blasphemy rules... > /me hides Indeed. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
The Reg does 240/4
I know we had a thread on this last month, but I can't remember what it was titled. ElReg has done a civilian-level backgrounder on the 240/4 issue, for anyone who wants to read and scoff at it. :-) https://www.theregister.com/2024/02/09/240_4_ipv4_block_activism/ Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: NFPA 70 National Electrical Code 2026 first draft changes
> It mostly just renumbers/reorganizes the NEC. Old time electricians will > grumble because almost every code number changes. The NEC is included *by copy* in some state statutes, is it not? If so, I wonder how that will affect those. [ * rather than 'by reference' ] Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Networks ignoring prepends?
- Original Message - > From: "Jon Lewis" > On Mon, 22 Jan 2024, William Herrin wrote: >> It gives me, your paying customer, less control over my routing >> through your network than if I wasn't your paying customer. That >> seems... backwards. > > Not at all. Think like a service provider. > > "I've got packets to deliver. I've got 3 different classes of paths I can > use. One of them, I get paid to use. One is cost neutral. The last one, > I pay to use." > > Which path would you pick (assuming you're trying to maximize revenue > from your network)? And here, you nail it, Jon: The Internet stopped being an engineering construct many years ago, to its--and our--detriment; things work much more poorly, and harder to understand and diagnose and fix, because of this. His example, of packets going from Miami to Ft Lauderdale via One Wilshire, is a classic example. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: "Hypothetical" Datacenter Overheating
- Original Message - > From: "Tom Beecher" >> It's certainly one of many possible root causes which someone doing an >> AAR on an event like this should be thinking about, and looking for in >> their evaluation of the data they see. > > And I'm sure they are and will. > > By the time that post was made, the vendor had shared multiple updates > about what the actual cause seemed to be, which were very plausible. An > unaffiliated 3rd party stating 'maybe an attack!' when there has been no > observation or information shared that even remotely points to that simply > spreads FUD for no reason. I didn't see any of them in the thread, which was the only thing I was paying attention to, so those are fact not in evidence to *me*. I didn't see an exclamation point in his comment, which seemed relatively measured to me. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: "Hypothetical" Datacenter Overheating
- Original Message - > From: "Tom Beecher" > To: "Lamar Owen" > Cc: nanog@nanog.org > Sent: Wednesday, January 17, 2024 8:06:07 PM > Subject: Re: "Hypothetical" Datacenter Overheating >> If these chillers are connected to BACnet or similar network, then I >> wouldn't rule out the possibility of an attack. > > Don't insinuate something like this without evidence. Completely > unreasonable and inappropriate. WADR, horsecrap. It's certainly one of many possible root causes which someone doing an AAR on an event like this should be thinking about, and looking for in their evaluation of the data they see. He didn't *accuse* anyone, which would be out of bounds. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: How threading works (was Re: Root Cause Re: 202401102221.AYC Re: Streamline The CG-NAT Re: 202401100645.AYC Re: IPv4 address block)
- Original Message - > From: "William Herrin" > Respectfully, your MUA is not the only MUA. Others work differently. > > GMail, for example, follows the message IDs as you say but assumes > that if you change the subject line in your reply (more than adding > "Re:") then you intend to start a new thread from that point in the > discussion. It groups messages accordingly. > > This is not an unreasonable expectation: if you merely want to > continue the current conversation without going off on a new tangent > then there's no need for a different subject line. Maybe it's not. Looking at threads in NANOGs piper, though, it's easy to see threads where the Subject line evolves to follow the conversation, without dropping people who still want to participate in it. The fact that the "(was: old subject)" convention continues in good service to this day, *even though no mailer does that for you* (so far as I'm aware) suggests that people will put in the effort, to me at least. The number of times when I've consciously wanted to break a reply chain -- and usually was not provided with the facility by my mailer -- is much smaller than the number when I wanted it to continue. The only mailer I remember being able to do it in, really, is mutt, where you could get all the headers into vi, and delete In-Reply-To:. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: How threading works (was Re: Root Cause Re: 202401102221.AYC Re: Streamline The CG-NAT Re: 202401100645.AYC Re: IPv4 address block)
- Original Message - > From: "Abraham Y. Chen" > Hi, Bryan: [ ... ] > 2) From the Wikipedia explanation of RFC5822, I as a ThunderBird > user, really have nothing to do with the Message-ID that it puts on my > MSGs nor how does it make use of such to display the threads. And, my > Subject line style can't affect it either. So, why some colleagues are > having difficulties with just my eMails, but seemly not from others? > Could this be caused by the large number of MSGs within a short period > of time that amplified this issue? From another feedback, I realized > that some colleagues may be using plain text text editors or alike for > eMail, because they could not see color nor italic emphasizing of my > text. Could such be related to this issue? Well, when Bryan says: >> Threading has nothing to do with subject lines. RFC822 (now 5822) >> specifies how this works based on message ID. This thread displays >> fine in threaded mode in my MUA and in the archives. he's not wrong... but he fails to take into account that there are still email clients which don't thread based on *that*, as they should; they make up cock-a-mamie rules about the contents of the Subject line, and use those to thread with, and those clients *will* come apart if you make 'gratuitous' edits to it. Well, at least, this *has been* a running problem for 20 or 30 years; I don't have my fingers on a list of which clients get it right and which wrong, and which might have gotten religion over the years on the topic. 5322 isn't my primary RFC. :-) Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Outside plant - prewire customer demarc preference
- Original Message - > From: "Sean Donelan" > Around here, the local carrier seems to have stopped FTTH deployment. > Instead, the carrier is convincing home builders not to spend money on > demarc pre-wire. Wireless Home 5G service is all customers' need. > > Of course, the lack of demarc planning makes things more expensive for > any post-construction competitor. And don't get me started about the lack > of information of what's available in the utility easments. The builders > don't know, and the service providers won't say. The FCC broadband maps > are a lot of hand-waving by service providers. Well, that's not going to end well. Sadly, the circumstance in which we'll find out will be if SHTF, and after that failure, it won't matter much. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: .US Harbors Prolific Malicious Link Shortening Service
- Original Message - > From: "Seth Mattinen via NANOG" > On 11/2/23 1:30 PM, goemon--- via NANOG wrote: >> Are there any legitimate services running solely on .us domain names? > > Yes. Though not -- by several orders of magnitude -- nearly as many as there should be... but let's not get me started on that. Cheers, -- jr 'RFC1480' a -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: emily postnews
- Original Message - > From: "Randy Bush" > another old dog doing a search wrote to tell me they really appreciated > that i still had some antique advice up. i had long forgotten this one. > but found it amusing and still more relevant than i might wish. > >https://psg.com/emily.html I would bet many dollars green American that the venn diagram of "people who need that advice these days" and "people who can tell that it is sarcasm/ satire" is two disjoint circles... Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Pulling of Network Maps
Well, in fairness: those approaches *leave tracks* for a potential attacker; picking up published maps does not... Cheers, -- jra - Original Message - > From: "Mike Hammett" > To: "Denis Fondras" > Cc: nanog@nanog.org > Sent: Thursday, October 26, 2023 1:30:23 PM > Subject: Re: Pulling of Network Maps > But it already is publicly available to someone that's interested enough via > the > permits issued by the appropriate jurisdictions or if you put in 811 design > stage tickets. > > > > > - > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > Midwest-IX > http://www.midwest-ix.com > > - Original Message - > > From: "Denis Fondras" > To: nanog@nanog.org > Sent: Thursday, October 26, 2023 12:22:56 PM > Subject: Re: Pulling of Network Maps > > Le Thu, Oct 26, 2023 at 11:17:22AM -0500, Mike Hammett a écrit : >> Has anyone else noticed a trend of some network operators that previously >> offered street-level detailed maps, not only upon request, but also posted >> publicly have started to only provide them upon quotes? >> > > There is no small profit :) > > Also some will fear sabotage if the pathway is publicly available. -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses
- Original Message - > From: "Owen DeLong via NANOG" >> For a network feeding a data center, sure. For a network like >> Charter's which is feeding unsophisticated nontechnical users, they >> need all the messing they can get. >> >> If you're one of the small minority of retail users that knows enough >> about the technology to pick your own resolver, go ahead. But it's >> a reasonable default to keep malware out of Grandma's iPad. >> >> R's, >> John > > If it’s such a reasonable default, why don’t any of the public resolvers (e.g. > 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) do so? It's a reasonable default behavior *for default resolver servers for consumer eyeball networks*. I knew that was what John meant, and I can't see any reason why you wouldn't know it too, Owen; this isn't your first rodeo, either. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: U.S. test of national alerts on Oct. 4 at 2:20pm EDT (1820 UTC)
I'm not disabled (any more than being 58 years old makes you), but I know lots of people who are. And procmail still works just fine, I'm told. Cheers, -- jra - Original Message - > From: "Fred Baker" > To: "Warren Kumari" > Cc: nanog@nanog.org > Sent: Friday, October 6, 2023 4:28:43 PM > Subject: Re: U.S. test of national alerts on Oct. 4 at 2:20pm EDT (1820 UTC) > It’s been absurd for a while now… > > Sent using a machine that autocorrects in interesting ways... > >> On Oct 6, 2023, at 1:15 PM, Warren Kumari wrote: > >> On Fri, Oct 06, 2023 at 2:58 PM, Sean Donelan < s...@donelan.com > wrote: > >>> The Disability Advocacy Community has been extensively involved with >>> CMAS/WEA >>> since President Bush signed the WARN Act, passed by a republican house and >>> republican senate, in 2006. > >>> The dozens of disability groups helped design the sound and vibration >>> cadence >>> (which is different than EAS), and the policies for alerting. > >>> Nation-wide testing (EAS) has been conducted since 2011. And nation-wide >>> testing >>> (WEA) since 2014. National tests were conducted almost every between 2011 >>> and >>> 2020, suspended during the pandemic. > >>> The national tests are announced at least 60 days in advance by the FCC and >>> FEMA. News media have multiple stories. Most state and many local goverments >>> also had notifications. > >>> If you haven't been involved with the disability community for a decade, and >>> your school office didn't notify special education teachers about the news >>> releases and government advance notifications, perhaps that's room for >>> improvement with local school communications. Fire drills, tornado drills, >>> etc. >>> often involve loud sounds and flashing lights. > >> Fine! In that case I *demand* that we stop having fires and tornados and >> similar. It's super-disruptive to have to go and hide in my basement *every >> single time* there is a tornado, or pull over every time a fire engine comes >> barreling down the road…. and those sirens!... and the flashy lights! >> Wake up people, fire truck and police sirens are *specifically designed* to >> disrupt! It's all part of their plan to, erm…. well, something something…. > >> Ok, now that we have reached the absurdum part of reductio ad absurdum can we >> get back to network engineering? > > > W -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: U.S. test of national alerts on Oct. 4 at 2:20pm EDT (1820 UTC)
- Original Message - > From: "Sean Donelan" > On Wed, 4 Oct 2023, William Herrin wrote: >> On Wed, Oct 4, 2023 at 11:21 AM Sabri Berisha wrote: >>> Makes me wonder what I have to do to opt out of this. We all remember what >>> happened in Hawaii. >> >> For the national alert you can't. That's intentional. >> >> Although for some reason my silenced phone made no noise. I got the >> alert, it popped up on the screen, but no noise. > > If you don't want any interruptions, you can set your phone to "Airplane > Mode." Airplane Mode disables reception of all Wireless Emergency Alerts > for as long as the phone stays in Airplane Mode. And it's even possible, on most phones I have used, to turn Airplane mode on, and then *turn wifi back on* -- that would get you most functionality, while still precluding WEA/CMAS alerts. I think I've got that right, don't I, Sean? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Legal system as a weapon (was Re: AFRINIC placed in receivership)
Layer 8: People Layer 9: Money Layer 10: Lawyers. Cheers, -- jra - Original Message - > From: "David Conrad" > To: nanog@nanog.org > Sent: Thursday, September 28, 2023 6:46:31 PM > Subject: Legal system as a weapon (was Re: AFRINIC placed in receivership) > Somewhat related (at least one of the principals is the same) and perhaps of > interest to some here. While I have strong opinions on the topic, provided > without comment: > > https://www.gofundme.com/f/supporting-and-protecting-internet-governance > > Regards, > -drc > >> On Sep 13, 2023, at 6:27 PM, Bryan Fields wrote: >> >> I think this qualifies as potentially operational. >> >> Afrinic placed in receivership, board elections to be held in six months: >> https://archive.ph/jOFE4 >> -- >> Bryan Fields >> >> 727-409-1194 - Voice > > http://bryanfields.net -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: SMTP-friendly VPS provider where I can also get a BGP feed
I've run a mail server on Linode for 6 or 7 years now; no technical problems. End-node, Zimbra, postfix. Cheers, -- jra - Original Message - > From: "Jonathan Leist via NANOG" > To: "Daniel Corbe" > Cc: nanog@nanog.org > Sent: Tuesday, September 26, 2023 10:32:51 AM > Subject: Re: SMTP-friendly VPS provider where I can also get a BGP feed > Pretty much every popular provider blocks port 25 out by default, and > they'll instead try to steer customers to use a smart host. However, some, > including Linode, will unblock port 25 by request: > https://www.linode.com/docs/guides/running-a-mail-server/#sending-email-on-linode > > On Tue, Sep 26, 2023 at 6:11 AM Daniel Corbe wrote: > >> Hey all, >> >> I apologize if this isn't the right place to post this; however, I >> thought maybe the NANOG community would be able to point me in the right >> direction. >> >> I'm looking for a place that I can host a mailer. My primary use case >> is a Mailman-style technical discussion list; much like NANOG but >> software related instead of network related: READ: non-commercial in >> nature. >> >> I'm currently a vultr customer, but they're refusing to unblock port 25 >> on my account. I've tried explaining my use case but no matter who I >> talk to over there they just keep pointing me to their spam policy. >> >> Thanks! >> -Daniel >> > > > -- > Jonathan Leist > Staff Engineer -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Hawaiian ILEC infrastructure and fire
- Original Message - > From: "scott via NANOG" > On 8/11/23 4:06 AM, Mark Tinka wrote: >> It's like a war zone. > > Yes, it definitely looks like that. We have connectivity to some of the > edges and have put up hotspots, so folks can go to the hotspot areas and > get internet access. Well, it sounds like the historical Bell System attitude has transitioned forwards to ... newer transport. Good. Best of luck to you all, out there. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: NTP Sync Issue Across Tata (Europe)
Gotcha. The Bad Guys are smarter than me. :-) Cheers, -- jra - Original Message - > From: "Forrest Christian (List Account)" > To: "jra" > Cc: "nanog list" > Sent: Sunday, August 13, 2023 8:06:30 PM > Subject: Re: NTP Sync Issue Across Tata (Europe) > If I'm spoofing time, I'm going to produce an entire constellation of > satellites. That is, I'm going to provide a signal which looks like all > of the satellites in view providing their timing signals on whatever time I > want your GPS receiver to think it is. All I have to do is ensure that > your receiver receives my signal loud enough that it thinks the real > satellites are noise, and my signal is the real one. > > This isn't that hard to accomplish, especially since there are youtube > videos showing you how. > > On Sun, Aug 13, 2023 at 6:03 PM Jay R. Ashworth wrote: > >> - Original Message - >> > From: "Forrest Christian (List Account)" >> >> > Let me address your points: >> [ ... ] >> > Let's assume you have a typical GPS-derived NTP server using a typical >> > commercially available timing GNSS module. To convince that receiver >> that >> > it was a different time, I'd need to have an SDR that would operate in >> the >> > GPS band. These are widely available for under $500. You'd also need a >> > laptop and a download of a GPS simulator from GitLab. With a total >> > investment of $500 (assuming I already have a laptop), I now have a >> system >> > that can generate a GPS signal to convince your GPS receiver that it's >> any >> > time at all. If you're a tech neophyte, there are youtube videos on how >> to >> > do this. >> > >> > All I need to do now is add appropriate antennas and/or amplifiers to >> > overcome the official GNSS signals. As you pointed out, depending on >> the >> > location and directivity of your antenna, this is either trivial or >> becomes >> > slightly more difficult. If I can see your antenna, it becomes a lot >> > cheaper as I just need a relatively low-powered amplifier and a highly >> > directional antenna. If I can't see your antenna, I would opt for a >> > higher-power amplifier and a less directional transmit antenna to >> blanket a >> > wide area with the spoofed signal. >> >> If I'm trying to get time out of a NAVSTAR (yes, I know, shut up) receiver, >> it can see like 8-20 birds, right? Is there not some voting and such >> inside >> such a receiver? Just letting it see one 'bird' with spoofed time doesn't >> seem like it ought to work, to me; what don't I know? >> >> Cheers, >> -- jra >> -- >> Jay R. Ashworth Baylink >> j...@baylink.com >> Designer The Things I Think RFC >> 2100 >> Ashworth & Associates http://www.bcp38.info 2000 Land >> Rover DII >> St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 >> 1274 >> > > > -- > - Forrest -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: NTP Sync Issue Across Tata (Europe)
- Original Message - > From: "Forrest Christian (List Account)" > Let me address your points: [ ... ] > Let's assume you have a typical GPS-derived NTP server using a typical > commercially available timing GNSS module. To convince that receiver that > it was a different time, I'd need to have an SDR that would operate in the > GPS band. These are widely available for under $500. You'd also need a > laptop and a download of a GPS simulator from GitLab. With a total > investment of $500 (assuming I already have a laptop), I now have a system > that can generate a GPS signal to convince your GPS receiver that it's any > time at all. If you're a tech neophyte, there are youtube videos on how to > do this. > > All I need to do now is add appropriate antennas and/or amplifiers to > overcome the official GNSS signals. As you pointed out, depending on the > location and directivity of your antenna, this is either trivial or becomes > slightly more difficult. If I can see your antenna, it becomes a lot > cheaper as I just need a relatively low-powered amplifier and a highly > directional antenna. If I can't see your antenna, I would opt for a > higher-power amplifier and a less directional transmit antenna to blanket a > wide area with the spoofed signal. If I'm trying to get time out of a NAVSTAR (yes, I know, shut up) receiver, it can see like 8-20 birds, right? Is there not some voting and such inside such a receiver? Just letting it see one 'bird' with spoofed time doesn't seem like it ought to work, to me; what don't I know? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: NTP Sync Issue Across Tata (Europe)
- Original Message - > From: "John Gilmore" > Am I confused? Getting the time over a multi-gigabit Internet from a > national time standard agency such as NIST (or your local country's > equivalent) should produce far better accuracy and stability than > relying on locally received GPS signals. GPS uses very weak radio > signals which are regularly spoofed by all sorts of bad actors: > > https://www.gps.gov/spectrum/jamming/ > > for all sorts of reasons (like misleading drone navigation): > > https://en.wikipedia.org/wiki/Iran%E2%80%93U.S._RQ-170_incident > > Depending on satnav systems creates a large single point of failure for > worldwide civilian infrastructure. > > Jamming GPS with subtly fake time data near big data centers seems like > an easy move that would cause all sorts of distributed algorithms to > start failing in unusual ways. And in a more serious wartime attack, > many or most GPS satellites themselves would be destroyed or disabled. Maybe I'm getting too old, but it seems to me like the time when Internet systems design engineers did *not* need to design like a nation-state actor might affect their systems by combat attack... ended a couple decades ago. And if your bean-counters tell you it's not cost-effective to make it that tight, maybe it's time to change jobs? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Best Linux (or BSD) hosted BGP?
- Original Message - > From: "William Herrin" > On Tue, May 9, 2023 at 6:40 PM Tom Beecher wrote: >>> The implication being that while it might work, it would make >>> administration of >>> the system onerous and unpredictable, considering we are dealing with a ton >>> of >>> FreeBSD installations, and not just a single server. >> >> Adjusting a single tunable is 'onerous'? > > No, but it's brittle. A workaround, not a solution. Likely to break > during future maintenance. "Unpredictable" as Mark put it. > > Nothing a routing daemon does should involve the kernel BPF. The next > sysadmin won't be expecting it. That's such an important thought that it has a name. The Principle of Least Astonishment. "When doing things, try to pick the way among many that will least confuse the people who have to pick up the pieces when you get hit by a bus." Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: BCP38 For BGP Customers
- Original Message - > From: "Joel Halpern" > To: "Brian Turnbow" > Cc: nanog@nanog.org > Sent: Tuesday, November 8, 2022 10:03:20 AM > Subject: Re: BCP38 For BGP Customers > There is work a tthe IETF on an addon to RPKI called ASPA. There is a > draft that describes how the combiantion of ASPA and RPKI can be used to > help with DDOS prevention. > > There is also a working group at the IETF called SAVNET that is looking > at what technological additions can be made to address the shortcomings > in BCP 38. In fairness, there is distinct disagreement as to what those > shortcomings are, and whether the ideas being presented can help. Input > from more operators would be great. (For completeness, I am a co-chair > of that working group.) Wait; people are actually trying to implement BCP38, still? :-} Cheers, -- jra > On 11/8/2022 9:39 AM, Brian Turnbow via NANOG wrote: >>> This may not exist yet, but what about a uRPF-like feature that uses RPKI, >>> IRR, >>> etc. instead of current BGP feed? >> >> There is rfc8704 that extends urpf >> But I do not know of any commercial available solutions -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: any dangers of filtering every /24 on full internet table to preserve FIB space ?
- Original Message - > From: "Randy Bush" > To: "Edvinas Kairys" > Subject: Re: any dangers of filtering every /24 on full internet table to > preserve FIB space ? >> we're thinking to deny all /24s to save the memory > > i recommend this to all my competitors So good to know things haven't changed whilst I was in hiding... Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: IERS ponders reverse leapsecond...
Tom Scott ponders the leap second. And Timezones, and and https://www.youtube.com/watch?v=-5wpm-gesOY - Original Message - > From: "jra" > To: nanog@nanog.org > Sent: Wednesday, August 3, 2022 11:09:25 AM > Subject: IERS ponders reverse leapsecond... > General press loses its *mind*: > > https://www.cbsnews.com/news/earth-spinning-faster-than-usual-shortest-day-ever/#app > > Have you tested leap second handling, especially in reverse? How do you > simulate it? Are there existing test harnesses for simulating it? > > Cheers, > -- jra > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: IERS ponders reverse leapsecond...
Are the people involved in that consensus engineering types? - Original Message - > From: "Forrest Christian (List Account)" > To: "John Levine" > Cc: "nanog list" > Sent: Thursday, August 4, 2022 4:51:42 PM > Subject: Re: IERS ponders reverse leapsecond... > Having at least a part of one foot in the global time and frequency > community I'd say that it seems that the consensus is building toward > eliminating leap seconds. > > There was a vote planned in 2012 to do so after a straw poll showed that > most member countries was in favor to do so. But in a typical committee > move they elected to study it more before making a decision. > > Hopefully there will be some movement next year when they're scheduled to > discuss it again.It's unfortunate that the first negative leap second > is likely to occur before then. > > On Thu, Aug 4, 2022, 11:32 AM John Levine wrote: > >> >> > General press loses its *mind*: >> >> No more than usual. They're just rewriting this Facebook blog post: >> >> >> https://engineering.fb.com/2022/07/25/production-engineering/its-time-to-leave-the-leap-second-in-the-past/ >> >> It appears that Forrest Christian (List Account) >> said: >> >Personally I'd like to see the UTC timescale be fixed to the TAI timescale >> >with a fixed offset determined by whatever the offset is when they make >> the >> >change. >> >> That's what Facebook, Google, and AWS want, too. Who knows, for once they >> might be right. >> -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Frontier Dark Fiber
"I wouldn't have thought that Frontier was able to offer dark fiber loops to end user customers at any kind of reasonable product-scale". Sorry; didn't know I had to show my work here. :-) Cheers, -- jra - Original Message - > From: "Eric Kuhnke" > To: "nanog@nanog.org list" > Sent: Wednesday, August 3, 2022 2:24:45 PM > Subject: Re: Frontier Dark Fiber > Any regional ILEC spanning at least a few counties in size will have some > amount of inter-CO dark fiber, whether they want to sell it to any 3rd > parties is entirely another question. > > > > On Wed, 3 Aug 2022 at 08:17, Jay Ashworth wrote: > >> I wouldn't have thought that Frontier was able to offer dark fiber, since >> air distribution fan out is all GPON, is it not? >> >> If their fanout was active ethernet it might be a different story but... >> >> Cheers, >> -- jra >> >> On July 13, 2022 7:40:47 AM EDT, Mike Hammett wrote: >>> >>> I'm looking for a contact at Frontier that can discuss dark fiber. >>> >>> My current account exec says they don't offer it, yet prior conversations >>> with him and a previous SE revealed that they very much did (just didn't >>> have availability on the paths I wanted at the time). >>> >>> Their web site highlights it fairly proudly. >>> >>> >>> I'm aware that availability varies. >>> >>> I'm aware that they likely don't want to sell it. >>> >>> >>> >>> - >>> Mike Hammett >>> Intelligent Computing Solutions <http://www.ics-il.com/> >>> <https://www.facebook.com/ICSIL> >>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>> <https://twitter.com/ICSIL> >>> Midwest Internet Exchange <http://www.midwest-ix.com/> >>> <https://www.facebook.com/mdwestix> >>> <https://www.linkedin.com/company/midwest-internet-exchange> >>> <https://twitter.com/mdwestix> >>> The Brothers WISP <http://www.thebrotherswisp.com/> >>> <https://www.facebook.com/thebrotherswisp> >>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >>> >> -- >> Sent from my Android device with K-9 Mail. Please excuse my brevity. -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Frontier Dark Fiber
- Original Message - > From: "Brandon Martin" > On 8/3/22 11:16, Jay Ashworth wrote: >> I wouldn't have thought that Frontier was able to offer dark fiber, >> since air distribution fan out is all GPON, is it not? >> >> If their fanout was active ethernet it might be a different story but... > > They have access to/control of a large amount of mid-mile and long-haul > fiber built by/as GTE and Verizon. Additionally, while their resi/soho > distribution is all PON, they do have some excess fiber fairly deep into > their network in most markets and actively offer active-E service on it > for the right price (it can even occasionally be competitive). I > imagine they'd sell dark for the right price as well, though you may not > like that "right" price. Yeah, FU pricing ain't uncommon. Thanks for the clarification. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: IERS ponders reverse leapsecond...
- Original Message - > From: "Peter Beckman" > On Wed, 3 Aug 2022, Matthew Huff wrote: > This shouldn't cause huge issues, as most systems will not freak out and > die if the system clocks goes from 23:59:58 to 00:00:00. But things that > were supposed to happen at 23:59:59 on that day will never occur. > Hopefully the impact is minimal, but it won't be none. Occurs to me that "the last second of today" is approximately a million times more likely as a scheduling target than "the next to last second"; they should drop 23:59:5*8* instead. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Internet Storm Center says Russia hijacking Twitter's BGP
https://isc.sans.edu/diary/rss/28488 -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: "Permanent" DST
- Original Message - > From: "Owen DeLong" > No development really necessary… Just pick the corresponding standard-time > timezone and turn off the DST flip flopping. > > E.g. if you are in California and go always-on, then simply mark it as MST > year > round. > (i.e. just like you’re in Arizona today, which is MST year round, no DST). And... Owen illustrates my initial rhetoric about "moving to the east 15 degrees". Have we not learned, yet, the "don't lie to the computers" rule? How *would* the timezone libraries handle "DST always on"? They would still have to flap, twice a year, right? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: "Permanent" DST
- Original Message - > From: "Keith Stokes" > There are plenty of arguments that the existing school hours aren’t best for > educating children so the better answer might be to make school hours match > later daylight hours. As it turns out, there's a deeper answer here: There are still a statistically significant number of families, even in 2022, where the financial contribution of a high-school senior to the budget is important, and that necessity is perceived to be both safer, and more likely to be worth the investment for employers, if they can work later. This also, as I understood it, why high-school is always the first grade level which starts, and ends, the school day (often 7a-2p or so). No, I don't have a citation handy; news pieces I read on it some years ago. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: "Permanent" DST
Oh. This was "Unanimous Consent"? AKA "I want to vote for this, but *I do not want to be held responsible for having voted for it when it blows up*?" I'd missed that; thanks. - Original Message - > From: "Tom Beecher" > To: "Eric Kuhnke" > Cc: "nanog@nanog.org list" > Sent: Tuesday, March 15, 2022 5:04:02 PM > Subject: Re: "Permanent" DST > I would say if something passes the United States Senate in our current > political environment by unanimous consent (which this did) , I kinda feel > like there won't be a ton of issues with everybody figuring out how to line > themselves up appropriately. > > On Tue, Mar 15, 2022 at 5:01 PM Eric Kuhnke wrote: > >> That is true but at present everything business related in BC has a clear >> expectation of being in the same time zone as WA/OR/CA, and AB matches US >> Mountain time. >> >> On Tue, 15 Mar 2022 at 13:35, Paul Ebersman >> wrote: >> >>> eric> If Canada doesn't do the same thing at the same time, it'll be a >>> eric> real hassle, dealing with a change from -8 to -7 crossing the >>> eric> border between BC and WA, for instance. It has to be done >>> eric> consistently throughout North America. >>> >>> You must not have ever dealt with Indiana, where it was DST or not by >>> choice per county. It wasn't quite the cluster***k you'd think. >>> -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: "Permanent" DST
The bill is "permanently move all US time zones one hour earlier (-8 thru -5 is replaced permanently with -7 thru -4). They are *calling it* "permanent DST", but that's not really what's happening, in my engineering appraisal. Or my geopolitical one, but I don't lay claim to professional opinions there. -- jra - Original Message - > From: "Mel Beckman" > To: "jra" > Cc: "nanog@nanog.org list" > Sent: Tuesday, March 15, 2022 3:19:11 PM > Subject: Re: "Permanent" DST > I don’t follow why cancelling DST has the effect of moving the US fifteen > degrees to the east. Also, your subject line reads “permanent DST”, but from > your language the bill will be permanent standard time. > > I haven’t read the bill, but I’m hoping you can explain your position more > clearly. > > -mel via cell > >> On Mar 15, 2022, at 3:13 PM, Jay R. Ashworth wrote: >> >> In a unanimous vote today, the US Senate approved a bill which would >> >> 1) Cancel DST permanently, and >> 2) Move every square inch of US territory 15 degrees to the east. >> >> My opinion of this ought to be obvious from my rhetoric. Hopefully, it will >> fail, because it's likely to be the end of rational time worldwide, and even >> if you do log in UTC, it will still make your life difficult. >> >> I'm poleaxed; I can't even decide which grounds to scream about this on... >> >> Hopefully, the House or the White House will be more coherent in their >> decision on this engineering construct. >> >> Cheers, >> -- jra >> >> -- >> Jay R. Ashworth Baylink >> j...@baylink.com >> Designer The Things I Think RFC >> 2100 >> Ashworth & Associates http://www.bcp38.info 2000 Land Rover >> DII > > St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 > > 1274 -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
"Permanent" DST
In a unanimous vote today, the US Senate approved a bill which would 1) Cancel DST permanently, and 2) Move every square inch of US territory 15 degrees to the east. My opinion of this ought to be obvious from my rhetoric. Hopefully, it will fail, because it's likely to be the end of rational time worldwide, and even if you do log in UTC, it will still make your life difficult. I'm poleaxed; I can't even decide which grounds to scream about this on... Hopefully, the House or the White House will be more coherent in their decision on this engineering construct. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Russia attempts mandating installation of root CA on clients for TLS MITM
- Original Message - > From: "Eric Kuhnke" > Subject: Russia attempts mandating installation of root CA on clients for TLS > MITM > https://bugzilla.mozilla.org/show_bug.cgi?id=1758773 > > I think we'll see a lot more of this from authoritarian regimes in the > future. For anyone unfamiliar with their existing distributed DPI > architecture, google "Russia SORM". Some tech press coverage on this: https://www.bleepingcomputer.com/news/security/russia-creates-its-own-tls-certificate-authority-to-bypass-sanctions/ Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Coverage of the .to internet outage
This piece: https://www.npr.org/2022/01/18/1073863310/an-undersea-cable-fault-could-cut-tonga-from-the-rest-of-the-world-for-weeks drills down to this piece with slightly more detail: https://www.reuters.com/markets/funds/undersea-cable-fault-could-cut-off-tonga-rest-world-weeks-2022-01-18/ I'm told their national carrier is trying to bring in a ground station as well, though not whom it will connect to. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: .bv ccTLD
- Original Message - > From: "Jaap Akkerhuis" > Similar ideas where held for MD and TM but didn'y seem to work > out. Furthermore, an indepent Bougainville mighs change the name > to something else (as Zimbabwe did). On reflection, I don't think .inc has played all that well either. As for the name, though, my understanding was that it's not *presently* Bougainville; it's still PNG. That was the name the prospective government had chosen to use. Clearly I have learned my lesson this week about researching. :-} Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: .bv ccTLD
- Original Message - > From: "Bjørn Mork" > The rest of the story is here: > https://www.norid.no/en/aktuelt/plans-to-utilize-bv-shelved-en/ Sadly, that's not really The Rest... Of The Story. Sounds like the government regulator nixed it, giving *no reason at all*. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: .bv ccTLD
- Original Message - > From: "Jaap Akkerhuis" > It is no makred as reserved but assigned. So this sentence in the wikipedia article: "The domain remains reserved for potential future use. " speaks from the viewpoint of NORID, not of the MA. Got it. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: .bv ccTLD
- Original Message - > From: "John Levine" > I suspect the Bougainvillians (Bougainvillains?) have a few more urgent topics > to attend to. The island's only significant asset is a huge copper mine which > has been closed since 1989 when the civil war started. If they can't figure > out how to both get the mine open again and to deal with the environmental > mess > left by the former operator, they won't have much of a country. Well, sure, but with the copper deposit measured in double-digit billions, it seems sane to assume they've got a plan there... Though given .TV's benefits to Tuvalu, and the number of Scandahoovian businesses that are BVs... Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: .bv ccTLD
- Original Message - > From: "John Levine" > There's over 300 unassigned codes to choose from. GV or UV perhaps? I'm sure *I* would fight for a 3166 code that started with the first letter of my country name. But it's not my country, so my concerns are esthetic, and academic (in either send of the word). Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: .bv ccTLD
- Original Message - > From: "David Conrad" > Jay, > > On Dec 3, 2021, at 4:46 PM, Jay Ashworth wrote: >> In general I could I understand that, but it is my understanding that the >> domain >> is still marked reserved at the Secretariat, > > Sorry, which secretariat? As far as I know, the official status of ISO 3166-1 > Alpha 2 codes is specified by the ISO-3166 Maintenance Agency and listed on > the > ISO website (the “online browsing platform” output for BV being the URL I > provided). The ISO 3166 secretariat, yes. >> which is to say they could not have assigned any domains in it yet, even if >> they >> were inclined to which we are told they are not. > > ISO 3166-1 Alpha-2 codes are used for more than TLDs. True. >> In short, I think this is a possibility not an impossibility or I wouldn't >> have >> asked. > > “With enough thrust, pigs fly quite well although the landing can be messy.” > > However, realistically, I suspect you’d need to get the government of Norway > to > actively pursue something like transitioning BV from their auspices to > anywhere > else. I also suspect the government of Bougainville (which I gather doesn’t > yet exist) would need to request the change (and get an exception from the 50 > year hold down timer). I am a bit skeptical... Oh, there's a *formal* 50 year timer? Apologies, I'd missed that one. Yeah, as crappy as it will be for them to not have that 3166 code, you're probably right that it won't happen. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
.bv ccTLD
My favorite youtuber has just pointed out that Bougainville will separate formally from Papua New Guinea in 2027, which, surprisingly, is only 5 or 6 years from now. So I looked up .bv, and of course... it's assigned to Bouvet Island, an uninhabited island whose political superior says anything that might go in that TLD will go in .no instead. [Wikipedia] So, what's the actual status of .bv? Assigned, or reserved? And if it is reserved at the 3166 secretariat level, can they reassign it? NORID might try to make a case that BV is the common corporate abbreviation in their political subdivision... but they're not selling those domains now, so that doesn't seem compelling. Anyone here got a buddy on the secretariat? :-) Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Redploying most of 127/8 as unicast public
So see, that was kinda my view, though I hadn't realized there was a kernel hack advancing the football... - Original Message - > From: "Owen DeLong" > To: "William Herrin" > Cc: "jra" , "nanog" > Sent: Friday, November 19, 2021 9:28:01 AM > Subject: Re: Redploying most of 127/8 as unicast public > This will break a significant number of existing deployments where people > have come to depend on a feature in Linux where any address within 127.0.0.0/8 > can be “listened” and operate as a valid loopback address without configuring > the addresses individually as unicast on the interface. > > In fact, this is true of any prefix assigned to the loopback interface, but > 127.0.0.0/8 > is automatic and difficult to change. > > While I’m not sure this implementation in the Linux kernel was such a > wonderful > idea, it is widely deployed and in use in a number of environments. > > If we’re still using IPv4 widely enough that GUA space matters, we will have > far bigger problems than the lack of available GUA for it. > > Owen > > >> On Nov 17, 2021, at 16:15 , William Herrin wrote: >> >> On Wed, Nov 17, 2021 at 3:31 PM Jay R. Ashworth wrote: >>> This seems like a really bad idea to me; am I really the only one who >>> noticed? >>> >>> https://www.ietf.org/id/draft-schoen-intarea-unicast-127-00.html >> >> Hi Jay, >> >> I think it's a good idea. It won't be usable any time in the next two >> decades but if we're still using IPv4 in two decades we'll be glad to >> have anything we can scrounge. Why not ask OS authors to start >> assigning 127.0.0.1/16 to loopback instead of 127.0.0.1/8? >> >> Regards, >> Bill Herrin >> >> >> -- >> William Herrin >> b...@herrin.us > > https://bill.herrin.us/ -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Redploying most of 127/8 as unicast public
- Original Message - > From: "Justin Keller" > I'd be fine if newish devices use it like a 1918 but I don't think > it's worth the headache and difficulty of making it globally routed. > Maybe Amazon could use it too I could be wrong, but I don't think expanding 1918 was the goal of these proponents Cheers, -- jra > On Wed, Nov 17, 2021 at 6:31 PM Jay R. Ashworth wrote: >> >> This seems like a really bad idea to me; am I really the only one who >> noticed? >> >> https://www.ietf.org/id/draft-schoen-intarea-unicast-127-00.html >> >> That's over a week old and I don't see 3000 comments on it, so maybe it's >> just >> me. So many things are just me. >> >> [ Hat tip to Lauren Weinstein, whom I stole it from ] >> >> Cheers, >> -- jra >> >> -- >> Jay R. Ashworth Baylink >> j...@baylink.com >> Designer The Things I Think RFC >> 2100 >> Ashworth & Associates http://www.bcp38.info > > St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 > > 1274 -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Redploying most of 127/8 as unicast public
This seems like a really bad idea to me; am I really the only one who noticed? https://www.ietf.org/id/draft-schoen-intarea-unicast-127-00.html That's over a week old and I don't see 3000 comments on it, so maybe it's just me. So many things are just me. [ Hat tip to Lauren Weinstein, whom I stole it from ] Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Network visibility
- Original Message - > From: "Miles Fidelman" > Guys, > > You guys were in grade school, some of us were there at the beginning > (well, in my case, 2 years after the beginning). I can assure you that > folks made a big deal about what was and wasn't the Internet, and the > distinction between "an internet" and "the (capital I) Internet." > Opinions varied then, and opinions vary now. > > But... by and large, as I understand the general zeitgeist: > > - you're either on the Internet, or you're not - the key question is > whether you can send & receive IP packets from the public address space > (i.e., the classified segments are internets, but not part of THE > Internet). There are also disagreements on where the Internet ends - at > the demarc, or at the IP stack in your machine (I argue the latter, but > that's debatable) Seth Breidbart has the last word on this point, I think: The Internet is "the largest equivalence class in the reflexive, transitive, symmetric closure of the relationship 'can be reached by an IP packet from'." The associated press has, in the last year or two, disparaged the capitalization of the word Internet, proving they do not understand there's a difference. If they won't capitalize "my" name, I won't capitalize theirs. But I will capitalize Internet in all relevant uses. This is an *engineering definition*, it matters that you name the right object, and I am one of the people who will, in fact, die on this hill. The associated press can bite me. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
DC Power choices (was Re: Network visibility)
One of the 4 or 5 datacenters in downtown Tampa had a telco or offshoot in their spaces, when I took All The Tours about 9 years ago. They have 8x750MCM hauling -48VDC from their power plant to the cage in question. On each side. It was, in fact, pretty impressive to look at. But I was a little worried about the loading on the building frame. :-) And while I think there might be advantages in running power supplies in gear at -48, I'd want to rectify it in the cage, preferably from 480/3ph. Cheers, -- jra - Original Message - > From: "Lady Benjamin Cannon of Glencoe, ASCE" > To: "Mark Tinka" > Cc: "NANOG Operators' Group" > Sent: Thursday, October 21, 2021 4:50:10 PM > Subject: Re: Network visibility > Outside the datacenter is where DC power really shines in my opinion. Inside > the DC, everything is AC now and probably for the best. > > We never came up with a modular standard for -48VDC. Perhaps that could have > changed things. > > But it sure is nice having 72hrs of battery run time in the field/edge - > although those are becoming mini data centers themselves and are in turn also > slowly going AC. > > Ms. Lady Benjamin PD Cannon of Glencoe, ASCE > 6x7 Networks & 6x7 Telecom, LLC > CEO > l...@6by7.net > "The only fully end-to-end encrypted global telecommunications company in the > world.” > > FCC License KJ6FJJ > > Sent from my iPhone via RFC1149. > >> On Oct 20, 2021, at 10:19 PM, Mark Tinka wrote: >> >> >> >>> On 10/20/21 20:37, Lady Benjamin Cannon of Glencoe, ASCE wrote: >>> >>> -48VDC power is still the best. >> >> I really envy folk that love DC for networking gear :-). >> >> Work in 2007 was an all-DC network. I rebuilt it into AC, considering the ISP >> also owned the data centre (most of whose customers bought AC). The space we >> freed up and the ease of deployment was night & day. >> >> Currently, we obviously need DC for the terrestrial Transport and wet plants >> (because that's just how classic telco rolls), but I also switched all >> IP/MPLS >> gear to AC soon as I arrived. Heck, even the Arbor (now Netscout) gear, as >> well >> as the HP server rack, was loaded with DC power supplies. Those things just >> had >> to go. >> >> There is an avenue of pleasure in not having to spend inordinate amounts of >> time >> adding major electrical planning to deploying/decommissioning a router, >> switch >> or server. >> >> But yeah, I know the AC vs. DC discussion can become a rat hole. >> >> I'm aware of data centre operators now providing DC as an option for their >> expansion projects, when they previously had it as the norm, FWIW. >> > > Mark. -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Never push the Big Red Button (New York City subway failure)
- Original Message - > From: "Adam Thompson" > Now I'm curious... in all of the DCs and COs I've worked in - to the best of > my > knowledge, I haven't personally tested this! - the EPO button does not switch > to emergency power. It turns off ALL equipment power in the space - no > lights, > no klaxons, nothing. In simpler setups, the EPO is connected to the UPS so > anything plugged in to the UPS does dark instantly. In one DC I'm familiar > with, the EPO switch kills all the UPS output and uses several relays to kill > commercial power at the same time. > In some, the room lights were not covered by the EPO switch, in some they > were. > Emergency exit lamps will continue to be lit, as they have internal batteries, > and are required by building/fire code. > > Is it (somewhat) common for an EPO switch to only disconnect commercial power > and leave local redundant power live? What sort of facilities would have > this? No... I just hadn't had my coffee yet that morning and I crossed the streams. That should be the response to the *ATS cutover*, not the Molly switch. If someone hits the Molly button, you don't *need* an alarm. :-} Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Never push the Big Red Button (New York City subway failure)
- Original Message - > From: "Sean Donelan" > NEW YORK CITY TRANSIT RAIL CONTROL CENTER POWER > OUTAGE ISSUE ON AUGUST 29, 2021 > Key Findings > September 8, 2021 > > https://www.governor.ny.gov/sites/default/files/2021-09/WSP_Key_Findings_Summary-for_release.pdf > > Key Findings > [...] > > 3. Based on the electrical equipment log readings and the manufacturer’s > official assessment, it was determined that the most likely cause of RCC > shutdown was the “Emergency Power Off” button being manually activated. I don't even *do* datacenter for a living, and I know that when you hit the Molly button, 1) A Klaxon goes off in the Data Center -- one that sounds *different* from the Halon Klaxon, in both cadence and tone (just for a couple bursts), and 2) Yellow rotating beacons turn on, and stay on while you're on Emergency Power. Yes, real honest-to-ghod *rotating mechanical beacons*, none of this flashing LED crap. Clearly, it's important that the use of Emergency Power be annoyingly noticeable. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: RADb
- Original Message - > From: "Stephane Bortzmeyer" > To: "Marco Paesani" > Cc: "nanog" > Sent: Monday, May 10, 2021 3:45:11 AM > On Mon, May 10, 2021 at 09:25:36AM +0200, > Marco Paesani wrote > a message of 51 lines which said: > >> do you have news about the issue on RADb ? > > Note that it is discussed on the outages mailing list. No specific > news, just that it is down. And Jeremy Chadwick pronounces it back up now. :-) Thanks for the plug, Stephane. :-) Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: My First BGP-Hijacking Explanation
- Original Message - > From: "Matthew Walster" > On Thu, 8 Apr 2021 at 17:51, Jay R. Ashworth wrote: > >> Sam 'Half As Interesting' Denby actually did a surprisingly good job >> explaining >> this for the average only-vaguely-technical viewer... >> >>https://www.youtube.com/watch?v=K9gnRs33NOk >> >> [ For all the bad dad jokes he tells on HAI, he's got really good research >> skills/staff, and his long-form stuff on Wendover Productions is >> excellent ] > > Indeed, with the exception of getting the expansion of BGP incorrect, he's > simplified it and explained it in a way that the average viewer can > understand... He's really good at that, and has done a great job with this! He sure is. I did point up the definition bobble in a comment. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
My First BGP-Hijacking Explanation
Sam 'Half As Interesting' Denby actually did a surprisingly good job explaining this for the average only-vaguely-technical viewer... https://www.youtube.com/watch?v=K9gnRs33NOk [ For all the bad dad jokes he tells on HAI, he's got really good research skills/staff, and his long-form stuff on Wendover Productions is excellent ] Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: public open resolver list?
- Original Message - > From: "Bill Woodcock" > Are all y’all allergic to Wikipedia or something? Lots of people seem to be... :-} > https://en.wikipedia.org/wiki/Public_recursive_name_server I find it interesting that that article mentions alt-roots, but doesn't have a column for that, nor any actual mention of such resolvers... Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Hosting recommendations ... ?
- Original Message - > From: "Keith Medcalf" >>Is nested virtualization really a thing? > > Real Computers have been running VMs inside VMs for about 50 years. Bringing > this technology to "bitty boxes" is a recent thing. Sure, but VM is a bit more mature than KVM. :-) Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Re Parler
- Original Message - > From: "Mel Beckman" > John, > > What’s your point? Are you saying that it’s OK for an ISP to break antitrust > laws for a political cause? No, Mel. In very short, he's saying that criminal sedition and armed insurrection *are not political causes*, and I am adding that hitching your star to that wagon may shorten your career as much as it's shortening the careers of the people who were in Washington. And now, with prejudice, I'm requesting that this thread get moderated, before anyone *else* volunteers to jump off a bridge. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: End-user Alert Delivery (was Re: NDAA passed: Internet and Online Streaming Services Emergency Alert Study)
Well, it probably gets way worse: if it's a "permanent" battery, it will be harder to find, and harder to replace... - Original Message - > From: "William Herrin" > To: "jra" > Cc: b...@theworld.com, nanog@nanog.org > Sent: Wednesday, January 13, 2021 11:52:47 PM > Subject: Re: End-user Alert Delivery (was Re: NDAA passed: Internet and > Online Streaming Services Emergency Alert Study) > On Wed, Jan 13, 2021 at 7:58 PM Jay R. Ashworth wrote: >> Last time I looked, consumer residential smoke detectors were still running >> off 9V alkaline batteries, which are expected to run the device for 6 months >> of 1/99 duty cycle (or less, probably *way* less). > > Ordinary ionization-based smoke detectors use a 10-year lithium > battery, which is about the same lifespan as the americium-based > detector circuit as it begins to decay into neptunium. > > You may now resume your argument over how much battery drain is too much. > > Regards, > Bill Herrin > > > -- > Hire me! https://bill.herrin.us/resume/ -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Parler
- Original Message - > From: "esr" > sro...@ronan-online.com : >> >> When I actively hosted USENET servers, I was repeatedly warned by in-house >> and >> external counsel, not to moderate which groups I hosted based on content, >> less >> I become responsible for moderating all groups, shouldn’t that same principal >> apply to platforms like AWS and Twitter? > > Yes, it would. This was an astonnishingly stupid move on AWS's part; > I'm prett sure their counsel was not conmsulted. Well, this oughtta be fun. ESR is on the "yes, that is what 230 says" side, and John Levine -- with what looked to me like good arguments and references -- is on the "no, that's entirely not what 230 says side. Gentlemen: go to your corners and come out fighting! Well, ok, disagreeing politely. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Parler
- Original Message - > From: "Jay Hennigan" > On 1/10/21 12:40, Matthew Petach wrote: > >> There's easy solutions to the problem--hiring really good engineers >> to write your own AWS-lookalike where you can host whatever content >> you want, hosted in buildings you've built on land you've bought. > > There's also the issue of carrying the packets from those servers to > your audience and from your audience to those servers. In the final analysis, genties and ladelpersons, what we're talking about is the current shape of the Internet Death Penalty. Just in case anyone missed that. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Parler
- Original Message - > 2. Where do we expect legit insurrections to communicate? Should > AWS/Facebook/Twitter boot those calling for violent uprisings in Hong Kong > (for example). > > I suppose #2 is simply one mans freedom fighter is another criminal. https://youtu.be/isMm2vF4uFs?t=281 -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
End-user Alert Delivery (was Re: NDAA passed: Internet and Online Streaming Services Emergency Alert Study)
- Original Message - > From: b...@theworld.com > On January 4, 2021 at 21:19 valdis.kletni...@vt.edu (Valdis Klētnieks) wrote: > > First, that means your smoke alarm batteries run down faster, which is > > a major issue. > > That's the sort of argument I label "all sign, no magnitude". > > How much faster? If it took one minute of battery life off a 10 year > battery would that be a problem? 30 minutes? Well, let's address that. Last time I looked, consumer residential smoke detectors were still running off 9V alkaline batteries, which are expected to run the device for 6 months of 1/99 duty cycle (or less, probably *way* less). An Energizer 9v is rated for 8.4VDC in the very general vicinity of 500mAh. > How does that compare to other factors like ambient temperature which > also affects battery life but we mostly consider "in the noise"? A lot. Increasing the alert count from the 1 or 2 it probably is on most smoke alarms to 2 or 3 a *week*, with LOUD analog speaker alert playback is going to change that duty cycle, probably, to something like 10/90. [ All numbers pulled out of my butt for illustration, but probably within half an order of magnitude. ] > Could we make the battery just a little more powerful? How much power > would a bit of circuitry waiting for a "turn on! there's a new message > coming in!" need? Well, parsing for EAS on the receiver is going to make its drain non-trivial, too, I think. But there are "increasing the battery replacement frequency" problems *and* "increasing the battery capacity and hence price, not to mention general availability" problems balancing that out. Any way you play it, it has to be an optional model, not a general takeover of the field, I suspect, or the "well we just won't bother anymore" factor takes over. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Show NOCs: OIG report: Should you charge extra for NOC tours?
- Original Message - > From: "Valdis Klētnieks" > On Thu, 07 Jan 2021 23:35:06 +, "Jay R. Ashworth" said: >> > From: "Brandon Svec" >> > It is not really different than most other tourist attractions. Some are >> > amazed >> > and curious to see the largest ball of twine >> Those would be people who *don't* do this for a living, mostly... >> > and some think it is >> > ridiculous. >> Those would be people who *do* this for a living, mostly. > > I could go "meh" about a NOC tour itself. On the other hand, I can think > of a number of providers where buying the right person a beer would be > significantly enlightening. :) About 10 years ago now, I had a client whose project enabled/required me to go tour the big 6 or 7 colo providers in Tampa; we ended up in Park Tower at eSolutions, now owned by WOW. (Very nicely run, though I don't know if Arrin is still running it; they operated the carrier hotel in Tampa as well, so...) As you imply, while the tours were nice, the more important thing was that they were *given by exactly the guy you wanted to know better*. And by the end of the tour, if you'd asked good questions, you'd established both his bonafides... and your own. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Show NOCs: OIG report: Should you charge extra for NOC tours?
- Original Message - > From: "Brandon Svec" > It is not really different than most other tourist attractions. Some are > amazed > and curious to see the largest ball of twine Those would be people who *don't* do this for a living, mostly... > and some think it is ridiculous. Those would be people who *do* this for a living, mostly. Cheers, -- jr 'Though I'll always take a tour' a -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: NDAA passed: Internet and Online Streaming Services Emergency Alert Study
- Original Message - > From: "Chris Adams" > Aren't the cell-based emergency alerts on all cell phones, not just > smartphones? CMAS/WEA uses SMS Cell Broadcast. I assume the SMS firmware on the phone has to know what to do about those, and I don't know how far that knowledge goes back in the deployment of SMS firmware, and it's all-fired difficult to find out, IME. Anything built in the last 4-5 years certainly should know; I've received CMAS on phones as far back as 2009 build or so... though I did need an app, and I had to steal one from another carrier than my own. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: NDAA passed: Internet and Online Streaming Services Emergency Alert Study
- Original Message - > From: "Richard Porter" > On Mon, Jan 4, 2021 at 10:25 PM Chris Adams wrote: >> I wouldn't think so, because some of the important alerts are very time >> sensitive. It's been mentioned several times in this thread that the >> earthquake alerts are on the order of 10 seconds in advance. I know >> someone that survived a tornado by a few seconds (the time it took to >> get out of bed and get to the bedroom door as the tornado dropped the >> second floor of the house on the bed). >> > 4G/LTE/5G networks could be further leveraged for this. In Denton County, > TX, USA, you can register to "opt in" to receive weather alerts. We get > tornadoes here. I could see better leveraging of that technology than > streaming services. It is uncommon to find anyone without a cell phone in > the US anymore. Yup; it's called Commercial Mobile Alerting Service (Or Wireless Emergency Alerts, if you're a consumer), and it's been deployed, over SMS Cell Broadcast, for about 10 years now, depending on your carrier. NWS can actually send Tornado WARNINGS *to specific sectors of specific towers*, so they can warn exactly the people necessary in real-time... if it's implemented correctly along the entire path. I'm not actually certain which carriers if any have actually deployed the enchilada. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: NDAA passed: Internet and Online Streaming Services Emergency Alert Study
- Original Message - > From: "Keith Medcalf" >>I think the challenge here is that there's a category of people >>who don't have cell phones, who don't have cable TV, but >>receive content over their internet connection. I happen to >>live with someone like that, so I know it's a non-zero portion >>of the population. > > I pay for my Internet connection and I do not want "your shit" to be spending > "my money". If you think this is oh so important then *YOU* can pay to > install > at your sole expense, a device which emits your silly warnings -- I do not > want > them. You will also have to negotiate for easement rights on my Private > Property and those are not going to be given away for cheap. > > And even if you do pay me %1 Million a month that it will cost to acquire the > necessary easement on my Private Property, I will put your annoying shit > inside > a soundproof faraday cage in the closet. > > So you might as well just not bother. > > This is the same thing I tell shithead politicians and pollsters that cause my > phone to ring. If you wish to speak with me then you can pay to install your > own communications equipment at your own expense. That does not mean that I > will be answer or pay any attention to it or refrain from taking action to > prevent it from disturbing me. For the shitheads that use robotic callers I > have a wonderful digital war-dialer that can tie up a whole central switch -- > one way or the other the assholes will be forced to cease their disgusting > behaviour! Die in the tornado; I got no time for people like you anymore. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: NDAA passed: Internet and Online Streaming Services Emergency Alert Study
- Original Message - > From: "Michael Thomas" >> Well, TCP means that the servers have to expect to have 100k's of open >> connections; I remember that used to be a problem. >> >> As for D'oH, sure; let's centralize the attack surface. > The only reason I bring up DoH is because now there are tcp connection > when the day before there were none. I haven't noticed any difference > since firefox turned it, so they obviously figured out the scaling. Firefox is using one TCP connection to pipeline all the D'oH queries down? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: NDAA passed: Internet and Online Streaming Services Emergency Alert Study
- Original Message - > From: "Brandon Martin" > The nice thing is that such emergency alerts don't require > confidentiality and can relatively easily bear in-band, > application-level authentication (in fact, that seems preferable to only > using session-level authentication). That means you could easily carry > them over plain HTTP or similar which removes the TLS overhead you mention. Sure. Just signing the alert packet so it can be authenticated is plenty. > Several GB of RAM is nothing for a modern server, of course. It sounds > like you'd probably run into other scaling issues before you hit memory > limitations needed to juggle legitimate TCP connection state. Well, yeah, but I don't know that it's *just* RAM; I suspect it might be data structure as well... Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: NDAA passed: Internet and Online Streaming Services Emergency Alert Study
- Original Message - > From: "Michael Thomas" > To: nanog@nanog.org > On 1/2/21 10:31 PM, Jay R. Ashworth wrote: >> Yup; it's messy, and in many many different ways. Won't be a snapshot >> rollout. Not a bad idea, though, if implemented correctly; time to dig >> out my notes, I guess. > > Is there a reason not to use an outbound tcp/quic connection? It was > unthinkable years ago to use TCP with DNS, but now we have DoH and the > world hasn't spiraled out of control. Heck if you made it a websocket > you'd have a built in channel for multi-media html, etc. That is, just > push a URL down and fire up a webview that the OS makes certain is in focus. Well, TCP means that the servers have to expect to have 100k's of open connections; I remember that used to be a problem. As for D'oH, sure; let's centralize the attack surface. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: NDAA passed: Internet and Online Streaming Services Emergency Alert Study
- Original Message - > From: "Masataka Ohta" > To: nanog@nanog.org > Sean Donelan wrote: > >> the Commission shall complete an >> inquiry to examine the feasibility of updating the Emergency >> Alert System to enable or improve alerts to consumers provided >> through the internet, including through streaming services. > > It is trivially easy to have a dedicated UDP port to receive > broadcast packets for such purposes, as "through streaming > services" is not the requirement. Though, sadly, 911/udp is taken, and by someone who may not exist anymore. Who owns the <1024 post list these days, IANA? > As streaming services are often offered from distant places > including foreign locations, generations of emergency alert > packets *MUST* be responsibility of *LOCAL* ISPs. > > A problem is that home routers may filter the broadcast > packets from ISPs, but the routers may be upgraded or > some device to snoop the alert packets may be placed between > ISPs and the routers. Yup; it's messy, and in many many different ways. Won't be a snapshot rollout. Not a bad idea, though, if implemented correctly; time to dig out my notes, I guess. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: NDAA passed: Internet and Online Streaming Services Emergency Alert Study
- Original Message - > From: "Valdis Klētnieks" > To: "Matt Hoppes" > Cc: nanog@nanog.org > On Fri, 01 Jan 2021 17:12:40 -0500, Matt Hoppes said: >> How would that even work? Force a pop up into web traffic? > > That's not going to play nicely at all in a world of https:// > >> What if the end users is using an app on a phone? > > I'm having a hard time thinking of what app I could *possibly* be using on a > phone where I wouldn't want an interruption for a tornado or active shooter > alert. This would probably -- on phones, at least -- involve tightening up the deployment of CMAS/WEA, and the apps that catch it, which are pretty crappy right now; at least the one on my LG-V20 is. > This was discussed in detail a while ago - I'm pretty sure the general > consensus was that having the phone/game console/smart home control center/ > whatever would be running an alert endpoint app that would talk to the ISP/ > cellphone tower and register for alerts and then DTRT to notify the relevant > carbon-based life forms. Yeah, I designed most of this about 10 years ago, and couldn't figure out where to wedge it in. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: 10g residential CPE
- Original Message - > From: "Mark Tinka" > The MUA many (if not all) of us are using to read this has been obtained > for free, and with ongoing support, no less. I'd like to see someone > dish out cash for a commercial alternative. Zimbra? K9? ... Mutt? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: [External] Re: 10g residential CPE
- Original Message - > From: "John Levine" > They sure seem ready to take down the oopper. The installer was sad > when I told him to leave my six-pair copper cable alone even though > nothing is using it now. Sure; ILECs would *love* to deprovision their copper end networks. But that's not necessarily a great idea, societally; always-on dialtone (or, at least, dialtone with a much higher reliability than VoN) can be pretty important. My LECs in Florida seem to manage five 9s pretty handily at the station set; betting FiOS isn't managing that. They *tried* to get permission to do this in NYC after Sandy, and someone (NYPUC?) told them to pound sand; if the customer had copper, you *had* to give it back to them; you could not force them to voice-over-FiOS. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: [External] Re: 10g residential CPE
- Original Message - > From: "Mark Tinka" > On 12/25/20 22:49, Michael Thomas wrote: >> But using the right queuing disciplines it a lot cheaper than the >> brute force and ignorance of just upping the bandwidth, right? > > Consumer ISP's have realized that they can make money selling Gigabit > services, because the ones who really know how to harness it are few & > far between. By which you mean that they can safely afford to bandwidth-surf again because the average usage is so much lower than the peak? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Cable Company Hotspots
- Original Message - > From: "Rod Beck" > Hey Gang, > > How do the cable companies generally deliver this service? A friend insists it > piggybacks off the WIFI radios of existing cable company subscribers. In other > words, the cable company WIFI router in a flat is providing both a private > link > for the flat's subscriber, but also a public hotspot service. > > I concede it is possible, but I am skeptical that the high quality of hotspot > service we get here in Budapest could be achieved that way. Spectrum, formerly Bright House, and I don't think they did it when they were still Road Runner/TWC, does it by splitting the RF into a separate Surfboard and a Ruckus AP; all they borrow from the business customer in question is a couple watts of AC and a square foot of backboard -- if you have one; they'll put the AP wherever is high enough and clear enough. The tradeoff is you get to use all the other ones. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Mozilla solicits comments on rolling DoH wide
If, like me, you think it's a solution in search of a problem -- excuse me, a *problem* in search of a problem -- here's your chance: https://www.zdnet.com/article/fearing-drama-mozilla-opens-public-consultation-before-worldwide-firefox-doh-rollout/ -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: RFC 2468
- Original Message - > From: "Rodney Joffe" > It is especially fitting whenever the NANOG/ARIN joint meetings occur in the > same week that we “remember IANA”. > > As time has gone on, fewer and fewer of us actually know who J. Postel is - > that > name that appears at the end of so many RFC’s we refer to every day. The same > person who also guided the management of names and numbers in the “early” days > of this grand experiment we’re still struggling to get “right”. > > Today (Friday, October 16) is 22 years since Jon Postel passed away. I won’t > start to list the rest of the pioneers we’ve lost since then - its obviously > getting longer and longer. But I think its worth pointing “newcomers" at > Vint’s > RFC2468 (https://tools.ietf.org/rfc/rfc2468.txt) as the starting point for > them > (you) to understand the importance of Jon’s legacy as a moral compass to help > guide some of the decisions being made or ignored during this week. And > obviously other weeks and decisions that follow. I didn't know Jon personally, but I was still proud to have gotten an RFC approved by him -- RFC 2100, "The Naming Of Hosts"... which is now immortalized on my Florida license plate, after I lost LINUX, which I had for 30 years... And for reasons I was never clear on, he actually *reserved* the number, releasing several >2100 RFCs in the days before 1 April that year. :-) Still appreciate him. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: "Is BGP safe yet?" test
> From: "Andrey Kostin" > > Would be interesting to hear your opinion on this: > https://isbgpsafeyet.com/ > > We have cases when residential customers ask support "why is your > service isn't safe?" pointing to that article. It's difficult to answer > correctly considering that the asking person usually doesn't know what > BGP is and what it's used for, save for understanding it's function, > design and possible misuses. Well, given how little the BCP38 website below has moved that football, you're not likely in much danger... :-) Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Disney+ Streaming
Each service *is a cable company*, requiring it's own set-top box (or a plug-in that works on your current box/tv. Note also that you can't DVR any of this stuff, and it *does* go away. Cheers, -- jra - Original Message - > From: "Ross Tajvar" > To: "Owen DeLong" > Cc: "North American Network Operators' Group" > Sent: Thursday, November 28, 2019 2:33:32 PM > Subject: Re: Disney+ Streaming > Well, not exactly. Each service is still a bunch of shows and movies > bundled together. If you only want to watch one show, you can't just buy > that, you have to buy the whole service. > > Of course, there are services where you can buy individual movies and > episodes (Google Play comes to mind). But Netflix, Disney+, Hulu, etc. > don't operate that way. > > -Ross > > On Thu, Nov 28, 2019, 1:53 PM Owen DeLong wrote: > >> While I agree about the likely outcome, I will point out that consumers >> have been >> begging for unbundling for years. >> >> This fragmentation of streaming services _IS_ the direct result of that >> request. >> >> It’s unbundled service, exactly what they have been asking for. >> >> Owen >> >> >> > On Nov 26, 2019, at 01:54 , Mark Tinka wrote: >> > >> > >> > >> > On 12/Nov/19 22:36, Brian J. Murrell wrote: >> > >> >> >> >> I actually suspect streaming is going to decline (at least in >> >> comparison to where it could have grown to) if this streaming service >> >> fragmentation continues. >> >> >> >> I think people are going to reject the idea that they need to subscribe >> >> to a dozen streaming services at $10-$20/mo. each and will be driven >> >> back the good old "single source" (piracy) they used to use before 1 >> >> (or perhaps 2) streaming services kept them happy enough to abandon >> >> piracy. >> >> >> >> The content providers are going to piss in their bed again due to >> >> greed. Again. >> > >> > This! >> > >> > At the beginning of this year, I dumped Prime Video because while I >> > initially got it for "The Grand Tour", almost all the other content was >> > not available in Africa. Didn't see the point of shelling out over >> > US$100/year for just one show, especially since we already have Netflix >> > + a local linear pay TV service. >> > >> > I bought the wife a new iPhone 11 Pro earlier this month. This got us >> > 1-year's worth of free AppleTV+. Not a lot of content so far, but I hear >> > the same about Disney+. Granted 2 of the 3 shows on TV+ are not bad. But >> > it's free, so what the heck. >> > >> > I'm not keen on paying for more than one streaming service, if I'm >> > honest. There already isn't enough time in the world for regular life, >> > never mind watching one streaming service... now we have to deal with >> > more, each with their own price? Not sure how well the streaming >> > providers expect regular folk to take all of this fragmentation. >> > >> > As my daughter would say, "They can miss me with it :-)". >> > >> > Mark. >> > >> -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
D'oH III: In 3-D! Plot Twist from Google/Chrome, Vixie approves?
It's not clear to me whether Paul is expressing approval of the whole shebang at this point, or just the one change they've made, but, just on first look, I don't think that change addresses *my* distaste for DoH, as discussed in last month's 100-poster. :-) https://www.zdnet.com/article/dns-over-https-google-hits-back-at-misinformation-and-confusion-over-its-plans/ TL;DR: they (Chrome) won't enable DoH unless it's being run from an internet which they know supports it; there are apparently a list of 8-12 ISPs/etc which are announcing such support. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Update to BCP-38?
- Original Message - > From: "Stephen Satchell" > On 10/3/19 10:13 PM, Fred Baker wrote: >> There is one thing in 1122/1123 and 1812 that is not in those kinds >> of documents that I miss; that is essentially "why". Going through >> 1122/1123 and 1812, you'll ind several sections that say "we require >> X", and follow that with a "discussion" section that says "we thought >> about X, Y, and Z, there were proponents of each, the arguments were >> X', Y', and Z', and we chose X for this reason". I would presume that >> what you're really looking for in a 1812-for-IPv6 is not "we require >> X" as much as "for this reason". Correct me if I'm wrong. > > Ah. What I'm looking for is a list of check-boxes to include in an > implementation specification for an edge router. It can be references > to a whole bunch of RFCs and "packaged" as a BCP. The discussions you > describe are better in the individual papers. Is that a good time for me to point to the URL in my sig? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: This DNS over HTTP thing
- Original Message - > From: "Niels Bakker" > * j...@baylink.com (Jay R. Ashworth) [Wed 02 Oct 2019, 23:21 CEST]: >>- Original Message - >>> From: "Niels Bakker" >> >>> * j...@baylink.com (Jay R. Ashworth) [Wed 02 Oct 2019, 19:30 CEST]: >>>>> From: "Livingood, Jason" >>>>> What many people dismiss as 'lying' would be typically described as >>>>> 'complying >>>>> with the law' in certain countries. It is unfortunate that operators in >>>>> countries with legally-mandated DNS blocks are criticized for the actions >>>>> they >>>>> have no option but to undertake. IMO any such criticisms should more >>>>> correctly >>>>> be directed at the laws themselves or the governments that put them in >>>>> place. >>>> >>>>HTTP/451 >>> >>> Completely different protocol than what the rest of this thread is >>> about, much more invasive wrt possibility of logging, and requires >>> a lot more infrastructure and actual lying in DNS to make work. >> >>Closed captioned for the analogy-impaired: >> >>"The idea you're talking about, Jason, is analogous to that embodied in >>the 451 error code in HTTP." > > Oh, you weren't proposing a technical solution to a social problem? *I* wasn't proposing any solutions to any problems, at that particular twist, Neils, as I thought was obvious. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: This DNS over HTTP thing
- Original Message - > From: "John Levine" > In article <804699748.1254612.1570037049931.javamail.zim...@baylink.com> you > write: >>Tools. Are. Neutral. >> >>Any solution to a problem that involves outlawing or breaking tools will. >>Not. Solve. Your. Problem. > > I think in the outside world you'll find very little support for an argument > that filtering DNS is fundamentally broken. > > Sure, you can do it in broken ways, but it's going to be really hard > to persuade anyone that their lives are better if they have unfiltered > access to the malware links in their spam. I expect I would. But this is not "filtering DNS". It's "making a bodge-handed attempt to REPLACE DNS (well, proxy it) for only one application/layer". My problem isn't what they're using it for; it's that they've implemented it so poorly. I live down here in the trenches, John, where "it doesn't work" is the calibre of problem reports I get. When my tools say that "yes, it does", *I'm* the one who takes it in the nads because Mozilla had a Better Fuckin' Idea. That it will likely cause lots of 50,000ft problems to is just a cherry on the top. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: This DNS over HTTP thing
- Original Message - > From: "Niels Bakker" > To: nanog@nanog.org > Sent: Wednesday, October 2, 2019 1:42:08 PM > Subject: Re: This DNS over HTTP thing > * j...@baylink.com (Jay R. Ashworth) [Wed 02 Oct 2019, 19:30 CEST]: >>> From: "Livingood, Jason" >>> What many people dismiss as 'lying' would be typically described as >>> 'complying >>> with the law' in certain countries. It is unfortunate that operators in >>> countries with legally-mandated DNS blocks are criticized for the actions >>> they >>> have no option but to undertake. IMO any such criticisms should more >>> correctly >>> be directed at the laws themselves or the governments that put them in >>> place. >> >>HTTP/451 > > Completely different protocol than what the rest of this thread is > about, much more invasive wrt possibility of logging, and requires > a lot more infrastructure and actual lying in DNS to make work. Closed captioned for the analogy-impaired: "The idea you're talking about, Jason, is analogous to that embodied in the 451 error code in HTTP." Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: This DNS over HTTP thing
- Original Message - > From: "Livingood, Jason" > On 10/1/19, 3:44 AM, "NANOG on behalf of Stephane Bortzmeyer" > wrote: >> Note that the UK is probably the country in Europe with the biggest >use of lying DNS resolvers for censorship. > > What many people dismiss as 'lying' would be typically described as 'complying > with the law' in certain countries. It is unfortunate that operators in > countries with legally-mandated DNS blocks are criticized for the actions they > have no option but to undertake. IMO any such criticisms should more correctly > be directed at the laws themselves or the governments that put them in place. HTTP/451 Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: This DNS over HTTP thing
- Original Message - > From: "Livingood, Jason" > The challenge of course is that in the absence of a silver bullet solution, > that > people working to combat all forms of child exploitation are simultaneously > trying several things, ranging from going to the source as you suggest and > arresting people, to trying to interrupt the online tools that they may use or > that might fund/support them, etc. So they don’t approach it as a binary > choice between trying these ecosystem measures vs going to the source – they > are working all the levers. > > It is unfortunately a very difficult problem. FWIW, a recent NYT article on > this > was interesting – see > https://www.nytimes.com/interactive/2019/09/28/us/child-sex-abuse.html > Headline > is “The Internet Is Overrun With Images of Child Sexual Abuse. What Went > Wrong? > Online predators create and share the illegal material, which is increasingly > cloaked by technology. Tech companies, the government and the authorities are > no match.” Ah yes; the "proxies for evil" problem. Same problem as "getting the guns" (to quote President Andrew Shepard) as a solution for mass shootings. (And note here that I'm a lefty; we're not *required* to be gun-negative paranoids.) Child molesters also make use of houses, vans, and phonecams, so lets get all of *those* off the streets, too. Tools are *inherently* neutral, regardless of how partisans on either side want to paint them; even lockpicks -- or haven't you had to call a locksmith to get you back into your car/house without breaking a window. Tools. Are. Neutral. Any solution to a problem that involves outlawing or breaking tools will. Not. Solve. Your. Problem. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: This DNS over HTTP thing
- Original Message - > From: "Matt Corallo" > I’m not sure that google has announced any plans to, but Firefox has announced > plans to switch everyone to Cloudflare’s DNS. > > Hope none of y’all are running competing CDNs, cause they’re about to get > real > slow on Firefox. But wait! I was told we didn't *need* regs or laws to enforce Net Neutrality... Cheers, -- jr 'paging Mr Oliver, Mr John Oliver' a -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: This DNS over HTTP thing
- Original Message - > From: "Stephane Bortzmeyer" > To: "Jeroen Massar" >> While the 'connection to the recursor' is 'encrypted', the recursor >> is still in clear text... one just moves who can see what you are >> doing with this. > > As with any cryptographic protocol. Same thing with VPNs, SSH and > whatever: the remote end can see what you do. What's your point? I'm still assimilating this, but based on what I've read this half hour, his point is that "*it's none of Alphabet's damn business* where I go that isn't Google". I concur. I see no reasonable justification for this from a network engineering standpoint, and I'll be stomping on it wherever necessary. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: This DNS over HTTP thing
- Original Message - > From: "Stephane Bortzmeyer" > On Mon, Sep 30, 2019 at 11:56:33PM -0400, > Brandon Martin wrote > a message of 10 lines which said: > >> It's use-application-dns.net. NXDOMAIN it, and Mozilla (at least) >> will go back to using your local DNS server list as per usual. > > Unless, I hope, the user explicitely overrides this. (Because this > canary domain contradicts DoH's goals, by allowing the very party you > don't trust to remotely disable security.) Security? This is thought to be about security? Didn't we already *fix* DNS SECurity? No, I tend to buy the "Alphabet looking over your shoulder" argument a lot more than 'security', here, so far. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: This DNS over HTTP thing
- Original Message - > From: "Matt Corallo" > It was mentioned in this (partially related) thread, with all the responses > being the predictable “lol these folks in Silicon Valley need to lay off the > drugs”. > > https://mailman.nanog.org/pipermail/nanog/2019-September/103059.html Well, the parent message there seems to think it's inevitable that Firefox is going to do that, whereas my view is 1) Firefox will do as I damn well tell it, or 2) Firefox will be removed. They continue to expand past the size of what we coloquially call "their britches", and it's gotten about as tiresome as I -- for the seats under my responsibility -- propose to let it get. If there isn't a knob I can turn off, they're gone; no appeal. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
This DNS over HTTP thing
I've been embroiled in my first house-move in 28 years, and just got back to the table. I don't see any threads here about whatever this thing-which- appears-to-me-to-be-a-monstrosity; has it been discussed here and I missed it? Is there an official name for it I should be searching for? Is it in fact not a monstrosity, and I'm just not smart enough? :-) Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274