Re: Malicious SS7 activity and why SMS should never by used for 2FA

2021-04-20 Thread bzs


Something which binds them together are their insurance underwriters
who generally want to set minimum requirements without having to
review home-brewed security schemes. They want buzzwords and acronyms
to put onto checklists.

Others would be courts (e.g., when lawsuits arise) and government and
other contractors who, similarly, don't want to have to evaluate
beyond checklists of accepted industry practices.

And a major value of standardized practices is precisely so they don't
become competitive advantages particularly by their omission.

It's one reason, for example, car manufacturers are ok with something
like requiring seat belts or air bags, or in many industries
environmental regs, precisely so a competitor can't lower their costs
(and likely prices) by omitting them. Everyone has to have them and up
to some standard, compete on something else.

Perhaps if we began referring to a lot of this as "safety" rather than
"security" that would sink in.

On April 20, 2021 at 06:59 mark@tinka.africa (Mark Tinka) wrote:
 > 
 > 
 > On 4/20/21 01:46, b...@theworld.com wrote:
 > 
 > > If they want to protect trillions of dollars in assets maybe they need
 > > to toss in a few billion to help, and stop hoping some bad press for
 > > the technical community will shame some geniuses into dreaming up
 > > better security for them mostly for free in terms of research and
 > > specs and acceptance but that's the hard part.
 > >
 > > You know what the net did successfully produce, over and over? Some of
 > > the wealthiest individuals and corporations etc in the history of
 > > civilization. Maybe the profit margins were a little too high and now
 > > we're paying the price, or someone is.
 > >
 > 
 > For the most part, services that (want to) rely on security are 
 > providing their own security solutions. But they are bespoke, and each 
 > one is designing and pushing out their own solution in their own silo. 
 > So users have to contend with a multitude of security ideas that each of 
 > the services they consume come up with. Standardization, here, would go 
 > a long way in fixing much of this, but what's the incentive for them to 
 > all work together, when "better security" is one of their selling points?
 > 
 > If, "magically", the Internet community came up with a solution that one 
 > felt is fairly standard, we've seen how well that would be adopted, a la 
 > DNSSEC, DANE and RPKI.
 > 
 > At the very least, the discussions need to be had; but not as separate 
 > streams. Internet folk. Mobile folk. Telco folk. Service folk.
 > 
 > Mark.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Malicious SS7 activity and why SMS should never by used for 2FA

2021-04-19 Thread bzs


Can I make an old f*** comment on all this?

We didn't design this network to be highly secure.

It's general enough that security can be layered on at various places.

But when you get down to it it was mostly designed to get information
flowing easy, fast, and freely. Not to lock it down or provide strong
accountability, authorization, and authentication.

Look at RFCs prior to about 1990, security's hardly considered beyond
an occasional login/password scheme or MITM packet injection.

It was designed to be very cheap to implement and deploy at least in
part because it was designed and implemented on frugal academic
budgets.

And to share those implementations or roll your own because the specs
(RFCs etc) were published free.

Then people, corporations by and large, came along and realized they
could use the net to make many zillions of dollars if only it were
secure.

IF...ONLY!

Did anyone promise them that?

And no one ever really figured out how to make it secure beyond some
superficial attempts like adopting login/passwords, wire encryption
(SSL etc.), 2FA, MITM avoidance, etc. none of which were really part
of some well thought out, engineered scheme. Just some new doo-dad to
toss on hoping that maybe this will be good enough. It wasn't.

Now, when their sites are compromised, when they lose gazillions of
dollars to ransomware, when 100M records walk out the door, whatever,
they put on the big sad face and imply they were let down and *they*,
someone else, some gearheads, need to try harder. They're terribly,
terribly disappointed.

What a great con job, try to shame someone else into solving your
problems for you basically for free.

If they want to protect trillions of dollars in assets maybe they need
to toss in a few billion to help, and stop hoping some bad press for
the technical community will shame some geniuses into dreaming up
better security for them mostly for free in terms of research and
specs and acceptance but that's the hard part.

You know what the net did successfully produce, over and over? Some of
the wealthiest individuals and corporations etc in the history of
civilization. Maybe the profit margins were a little too high and now
we're paying the price, or someone is.

It's like my aged, now gone, adviser who'd worked in software going
back to the 50s said about the Y2K problem at that time: It's not that
we couldn't anticipate Y2K problems. It's that we never dreamed the
cheap bastards would still be running the same exact software without
any updates or review for forty years!

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: internet futures

2021-03-26 Thread bzs


The video is pretty good particularly where it's most pessimistic.

My prediction:

  It might take a little more than ten years but I'll predict positive
  ID or you're not getting anywhere useful.

And a lot of people here will loathe that.

But you/we had your chance and spent most of your energy rebuking it
and very little proposing and implementing any working alternative.

The BIG BUCK$ (corps, govts, etc) are sick to death of the current
situation and will go along with such proposals. And they have little
to zero interest in the usual arguments against it.

Note: I'm being predictive, what I think will happen, not
prescriptive, what I want to happen.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Perhaps it's time to think about enhancements to the NANOG list...?

2021-03-21 Thread bzs


And some of the lessons of group creation on USENET was:

1. You don't create a sub-topic to try to generate discussion. So for
example you don't create talk.baseball.redsox because no one ever
posts about the redsox in talk.baseball. It doesn't work. Not really
relevant here tho it might become relevant.

2. You create a sub-topic to split large amounts of traffic like when
there's just too much talk about the redsox and yankees in
talk.baseball so you create talk.baseball.redsox and
talk.redsox.yankees so those discussions can find each other. It's
generally best when you're trying to split an overflow of traffic
rather than enumerate or classify it or enforce some policy.

3. You don't create a sub-topic because some people don't want to see
certain posts like talk.baseball.fights hoping to draw talk of
on-field fights off talk.baseball.

I think what's going on here is #3 mostly trying to pose as #2 and
probably is unwise because it probably won't work plus or minus how
much one can try to force the occasional off-topic poster off the list
or to shame them.

That is, people will seek their audience.

P.S. Getto was a (mostly involuntary) Jewish neighborhood in Venice,
Italy which is where the term Ghetto derives. I've been there
(voluntarily.) "Getto" means "foundry" in Italian, it was a less
desirable area because of the foundry there.

On March 20, 2021 at 22:04 j...@reptiles.org (Jim Mercer) wrote:
 > On Sat, Mar 20, 2021 at 10:54:57AM -0500, Mike Hammett wrote:
 > > That seems like a reasonable proposal. NANOG-OffTopic, NANOG-Discuss, 
 > > NANOG-BizDev, NANOG-xyz, something (more more than one something). 
 > 
 > there used to be a thing called USENET.
 > 
 > it facilitated a forum-like interface to mailing-lists, with the ability for
 > anyone to create their own sub-forums.
 > 
 > it was quite popular for a while.
 > 
 > --jim
 > 
 > -- 
 > Jim Mercer Reptilian Research  j...@reptiles.org+1 416 410-5633
 > 
 > Life should not be a journey to the grave with the intention of
 > arriving safely in a pretty and well preserved body, but rather
 > to skid in broadside in a cloud of smoke, thoroughly used up,
 > totally worn out, and loudly proclaiming "Wow! What a Ride!"
 >  -- Hunter S. Thompson

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Re: OVH datacenter SBG2 in Strasbourg on fire 

2021-03-11 Thread bzs


From: George Herbert 

...Interesting overview of fire damage.

I remember many years ago spec'ing a machine room at BU and coming to
loggerheads with the VP of building and grounds.

He (well, their rules) wanted low-temp sprinkler triggers, I wanted
the high-temp ones (I forget but I think 135F vs 175F.)

Me: I'll have over $2M in electrical equipment in that room!

Him: I have $20M in building surrounding your machine room, I win!


-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Famous operational issues

2021-02-23 Thread bzs


Anyone remember when DEC delivered a new VMS version (V5 I think)
whose backups didn't work, couldn't be restored?

BU did, the hard way, when the engineering dept's faculty and student
disk failed.

DEC actually paid thousands of dollars for typist services to come and
re-enter whatever was on paper and could be re-entered.

I think that was the day I won the Unix vs VMS wars at BU anyhow.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Famous operational issues

2021-02-22 Thread bzs


At Boston Univ we discovered the hard way that a security guard's
walkie-talkie could cause a $5,000 (or $10K for the big machine room)
Halon dump.

Took a couple of times before we figured out the connection tho once
someone made it to the hold button before it actually dumped.

Speaking of halon one very hot day I'm goofing off drinking coffee at
a nearby sub shop when the owner tells me someone from the computing
center was on the phone, that never happened before.

Some poor operator was holding the halon shot, it's a deadman's switch
(well, button) and the building was doing its 110db thing could I come
help? The building is being evac'd.

So my boss who wasn't the sharpest knife in the drawer follows me down
as I enter and I'm sweating like a pig with a floor panel sucker
trying to figure out which zone tripped.

And he shouts at me over the alarms: WHY TF DOES IT DO THIS?! Angrily.

I answered: well, maybe THERE'S A FIRE!!!

At which point I notice the back of my shoulder is really bothering
me, which I say to him, and he says hmmm there's a big bee on your
back maybe he's stinging you?

Fun day.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Famous operational issues

2021-02-18 Thread bzs


One day I got called into the office supplies area because there was a
smell of something burning. Uh-oh.

To make a long story short there was a stainless steel bowl which was
focusing the sun from a window such that it was igniting a cardboard
box.

Talk about SMH and random bad luck which could have been a lot worse,
nothing really happened other than some smoke and char.

On February 18, 2021 at 01:07 eric.kuh...@gmail.com (Eric Kuhnke) wrote:
 > On that note, I'd be very interested in hearing stories of actual incidents
 > that are the cause of why cardboard boxes are banned in many facilities, due 
 > to
 > loose particulate matter getting into the air and setting off very sensitive
 > fire detection systems.
 > 
 > Or maybe it's more mundane and 99% of the reason is people unpack stuff and
 > don't always clean up properly after themselves.
 > 
 > On Wed, Feb 17, 2021, 6:21 PM Owen DeLong  wrote:
 > 
 > Stolen isn’t nearly as exciting as what happens when your (used) 6509
 > arrives and
 > gets installed and operational before anyone realizes that the conductive
 > packing
 > peanuts that it was packed in have managed to work their way into various
 > midplane
 > connectors. Several hours later someone notices that the box is quite
 > literally
 > smoldering in the colo and the resulting combination of panic, fire 
 > drill,
 > and
 > management antics that ensue.
 > 
 > Owen
 > 
 > 
 > > On Feb 16, 2021, at 2:08 PM, Jared Mauch  wrote:
 > >
 > > I was thinking about how we need a war stories nanog track. My favorite
 > was being on call when the router was stolen.
 > >
 > > Sent from my TI-99/4a
 > >
 > >> On Feb 16, 2021, at 2:40 PM, John Kristoff  wrote:
 > >>
 > >> Friends,
 > >>
 > >> I'd like to start a thread about the most famous and widespread 
 > Internet
 > >> operational issues, outages or implementation incompatibilities you
 > >> have seen.
 > >>
 > >> Which examples would make up your top three?
 > >>
 > >> To get things started, I'd suggest the AS 7007 event is perhaps  the
 > >> most notorious and likely to top many lists including mine.  So if
 > >> that is one for you I'm asking for just two more.
 > >>
 > >> I'm particularly interested in this as the first step in developing a
 > >> future NANOG session.  I'd be particularly interested in any issues
 > >> that also identify key individuals that might still be around and
 > >> interested in participating in a retrospective.  I already have 
 > someone
 > >> that is willing to talk about AS 7007, which shouldn't be hard to 
 > guess
 > >> who.
 > >>
 > >> Thanks in advance for your suggestions,
 > >>
 > >> John
 > 
 > 

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Famous operational issues

2021-02-16 Thread bzs


 > On Tue, 16 Feb 2021, John Kristoff wrote:
 > 
 > > Friends,
 > >
 > > I'd like to start a thread about the most famous and widespread Internet
 > > operational issues, outages or implementation incompatibilities you
 > > have seen.
 > >

When Boston University joined the internet proper ca 1984 I was in
charge of that group.

We accidentally* submitted an initial HOSTS.TXT file which included
some internally used one-character host names (A, B, C) and one which
began with a digit (3B, an AT 3B5), both illegal for HOSTS.TXT back
then.

This put the BSD Unix program which converted from HOSTS.TXT to Unix'
/etc/hosts format into an infinite loop filling /tmp which in those
days crashed Unix and it often couldn't reboot successfully without
manual intervention.

On many, many hosts across the internet.

I hesitate to guess a number since scale has changed so much but some
of the more heated email claimed it brought down at least half the
internet by some count.

It was worsened by the fact that many hosts pulled and processed a new
HOSTS.TXT file via cron (time-based job scheduler) at midnight so no
one was around to fix and reboot systems.

The thread on the TCP-IP mailing list was: BU JOINS THE INTERNET!

It was a little embarrassing.

Today it probably would have landed me in Gitmo.

* There were two versions, the one we used internally, and the one to
be submitted which removed those host names. The wrong one got
submitted.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: DoD IP Space

2021-02-15 Thread bzs


In my humble but correct opinion one of the things which sabotages
these efforts is an aversion to any solution which doesn't feel like
it would work quickly and decisively (ask Bezos to offer a discount to
anyone using IPv6 to order on Amazon???)

I remember back in ~2003 on the Anti-Spam Research Group some
interesting ideas* being shot down because that would take ten years
to deploy! 2003.

And here we are about 25 years into IPv6 still looking for that silver
bullet.

What might be more useful would be forming some sort of group with the
understanding that they might produce a ten year or longer timeline of
steps which might more fully deploy IPv6.

* In all honesty they weren't all that interesting. But for example
"we need to respecify SMTP to stop spam!" had a half-life of about 60
minutes dying on the rebuttal that even if you did that it would take
TEN YEARS to get wide adoption of an SMTP replacement. I never saw how
such proposals would help with spam but ok perhaps they were
discouraged by the rebuts.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Retalitory DDoS

2021-02-08 Thread bzs


I notice I often get DDoS'd when I post here, to NANOG, usually w/in
2-3 hours, so owing to this note it'll probably happen again tonight!

The typical attack is some mixture of DNS whacking from dozens or
hundreds of hosts, plus usually UDP packets being flung at basically
round-robin ports (udp port 13577, udp port 13578, ...) generating a
lot of ICMP unreachables again from hundreds of hosts no doubt all
phony.

I block it so it's not usually a big big deal other than a brief time
waste as I kick in autoblocking I wouldn't want to run all the time
but I can see it on for example MRTG, traffic spikes to as much as 10x
what I might expect at that time of day.

This is a rough neighborhood.

  "Who steals my bandwidth steals trash"
-- William Shakespeare the XIIth

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


David Tilbrook / QEF - Re: gofundme Medical Expenses - Ed Hew

2021-01-25 Thread bzs


Let me say a few words about David Tilbrook.

Unlike the author of that very nice linked article below I knew David
quite well. I co-chaired a couple of Usenix conferences with him and
even flew to Toronto for his daughter's bat mitzvah (umm, because he
invited me), etc.

He was very smart, he'd spent years at the CS dept at CMU and on other
projects. Ron Baecker (CMU prof) credits David's student work as
fundamental to his 2005 SIGCHI award.

His focus was always on how do we make complex problems (in software
engineering) simpler and easier to understand and manage?

This short article credits him with the quip:

  "Whenever faced with a problem, some people say `Lets use _.'
   Now, they have two problems."

https://news.ycombinator.com/item?id=5187686

He was very funny and very likeable.

I remember when we drew quite a participatory crowd at a San Francisco
Hilton Usenix conference (about 3,000 attendees) by starting a
penny-pitching contest -- toss pennies or other coins towards a wall
from some distance, whoever is closest to the wall in each round keeps
them all. It got quite out of hand but was a typical Tilbrook "well,
we might as well have some fun!"

Indeed, David, we might as well have some fun.

On January 25, 2021 at 12:12 j...@reptiles.org (Jim Mercer) wrote:
 > 
 > unrelated, but, David Tilbrook, an early Unix pioneer, passed away a week or
 > so ago.  due to COVID.
 > 
 > https://leahneukirchen.org/blog/archive/2021/01/remembering-the-work-of-david-m-tilbrook-and-the-qed-editor.html
 > 
 > 
 > 
 > --jim
 > 
 > 
 > On Mon, Jan 25, 2021 at 04:59:27PM +, Mel Beckman wrote:
 > > So often we report here on nanog the passing of major Internet 
 > > contributors, it seems even more fitting that we support these 
 > > contributors when they???re in need through no fault of their own. Thanks 
 > > for posting this, Jim. 
 > > 
 > > -mel
 > > 
 > > > On Jan 25, 2021, at 8:40 AM, Jim Mercer  wrote:
 > > > 
 > > > ???
 > > > unsure if this is allowed or not, but, here goes.
 > > > 
 > > > https://www.gofundme.com/f/ed-hew-medical-expenses
 > > > 
 > > > some of you may remember ed.
 > > > 
 > > > some, maybe not.
 > > > 
 > > > but, as the uucp maps maintainer for canada, he was quite influential in
 > > > the rise of email, and to some degree, the internet, in canada.
 > > > 
 > > > --jim
 > > > 
 > > > -- 
 > > > Jim Mercer Reptilian Research  j...@reptiles.org+1 416 
 > > > 410-5633
 > > > 
 > > > Life should not be a journey to the grave with the intention of
 > > > arriving safely in a pretty and well preserved body, but rather
 > > > to skid in broadside in a cloud of smoke, thoroughly used up,
 > > > totally worn out, and loudly proclaiming "Wow! What a Ride!"
 > > > -- Hunter S. Thompson
 > 
 > -- 
 > Jim Mercer Reptilian Research  j...@reptiles.org+1 416 410-5633
 > 
 > Life should not be a journey to the grave with the intention of
 > arriving safely in a pretty and well preserved body, but rather
 > to skid in broadside in a cloud of smoke, thoroughly used up,
 > totally worn out, and loudly proclaiming "Wow! What a Ride!"
 >  -- Hunter S. Thompson

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


RE: Nice work Ron

2021-01-21 Thread bzs


On January 21, 2021 at 12:39 nanog@nanog.org (Jean St-Laurent via NANOG) wrote:
 > 
 > I feel this is a good example that a pen is mightier than a sword.

In all honesty have we really given the sword a chance in these cases?

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: USENET peers?!

2021-01-20 Thread bzs


On January 20, 2021 at 16:06 nanog@nanog.org (Grant Taylor via NANOG) wrote:
 > On 1/20/21 3:50 PM, b...@theworld.com wrote:
 > > Around 300MB/day.
 > 
 > Interesting.
 > 
 > I see 50-70 MB / day for text only newsgroups.
 > 
 > Perhaps I want to step up to more than text only on some of my servers.

That might be a little overstated, I just took the spool size and
divided by the # of days of retention but there may be some expiration
leakage and we do expire some groups faster or slower. And of course
that's an average.

YMMV.

 > 
 > 
 > 
 > -- 
 > Grant. . . .
 > unix || die

Right now it's feeling like unix && die.

 > 
 > x[DELETED ATTACHMENT smime.p7s, application/pkcs7-signature]

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: USENET peers?!

2021-01-20 Thread bzs


On January 20, 2021 at 13:41 b...@herrin.us (William Herrin) wrote:
 > On Wed, Jan 20, 2021 at 12:40 PM  wrote:
 > > 2. Usenet is dead and besides a full feed is 20+TB/day because it's
 > > dead, but 20TB/day...
 > 
 > Hi Barry,
 > 
 > How much is it per day if you skip the groups distributing
 > finger-quote "linux isos"?

Around 300MB/day.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


USENET peers?!

2021-01-20 Thread bzs


Through a coincidence of hardware failures "out there", which should
come back soon, and admittedly some inattentiveness as peers went
away, The World finds itself looking for some Usenet peers.

Not a full feed, we can talk.

1. OT? Feel free to point me to a better place which anyone is likely
reading.

2. Usenet is dead and besides a full feed is 20+TB/day because it's
dead, but 20TB/day...

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: End-user Alert Delivery (was Re: NDAA passed: Internet and Online Streaming Services Emergency Alert Study)

2021-01-13 Thread bzs


On January 14, 2021 at 04:56 j...@baylink.com (Jay R. Ashworth) wrote:
 > Well, it probably gets way worse: if it's a "permanent" battery, it will be
 > harder to find, and harder to replace...

No, you don't replace the permanent batteries in these 10 year smoke
detectors, you toss the whole smoke detector and buy a new one. Heroic
efforts aside.

So you don't need to find the right battery.

FWIW many smoke detectors bought in the past 10-15 years (I dunno but
something like that) even with typical replaceable batteries have some
sort of timer in them so when they hit 10 years they begin beeping in
a slightly different pattern (like two short beeps every 60 seconds)
and replacing the battery doesn't help. It just begins doing that on
the fresh battery until you figure out that you need to toss the
detector and buy a new one.

Ran into that, looked it up on their web site as I was confused why a
new battery wasn't helping and they confirmed that means the detector
has expired buy a new one.

I assume these 10 year sealed smoke detectors somehow came out of
that.

 > 
 > - Original Message -
 > > From: "William Herrin" 
 > > To: "jra" 
 > > Cc: b...@theworld.com, nanog@nanog.org
 > > Sent: Wednesday, January 13, 2021 11:52:47 PM
 > > Subject: Re: End-user Alert Delivery (was Re: NDAA passed: Internet and 
 > > Online Streaming Services Emergency Alert Study)
 > 
 > > On Wed, Jan 13, 2021 at 7:58 PM Jay R. Ashworth  wrote:
 > >> Last time I looked, consumer residential smoke detectors were still 
 > >> running
 > >> off 9V alkaline batteries, which are expected to run the device for 6 
 > >> months
 > >> of 1/99 duty cycle (or less, probably *way* less).
 > > 
 > > Ordinary ionization-based smoke detectors use a 10-year lithium
 > > battery, which is about the same lifespan as the americium-based
 > > detector circuit as it begins to decay into neptunium.
 > > 
 > > You may now resume your argument over how much battery drain is too much.
 > > 
 > > Regards,
 > > Bill Herrin
 > > 
 > > 
 > > --
 > > Hire me! https://bill.herrin.us/resume/
 > 
 > -- 
 > Jay R. Ashworth  Baylink   
 > j...@baylink.com
 > Designer The Things I Think   RFC 
 > 2100
 > Ashworth & Associates   http://www.bcp38.info  2000 Land Rover 
 > DII
 > St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 
 > 1274

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


End-user Alert Delivery (was Re: NDAA passed: Internet and Online Streaming Services Emergency Alert Study)

2021-01-13 Thread bzs


(Topic at hand was just building an emergency alert system into smoke
detectors rather than try to come up with some complex
internet-oriented design.)

On January 14, 2021 at 03:56 j...@baylink.com (Jay R. Ashworth) wrote:
 > Last time I looked, consumer residential smoke detectors were still running
 > off 9V alkaline batteries, which are expected to run the device for 6 months
 > of 1/99 duty cycle (or less, probably *way* less).

Look again, as I said in the OP most consumer smoke detectors today
are sealed ten year, can't replace the battery (well, not without
surgery.)

I've no idea off-hand what they're using inside tho it's probably not
difficult to find out, $10 and a hammer if nothing else.

 > 
 > An Energizer 9v is rated for 8.4VDC in the very general vicinity of 500mAh.
 > 
 > > How does that compare to other factors like ambient temperature which
 > > also affects battery life but we mostly consider "in the noise"?
 > 
 > A lot.  Increasing the alert count from the 1 or 2 it probably is on most
 > smoke alarms to 2 or 3 a *week*, with LOUD analog speaker alert playback is
 > going to change that duty cycle, probably, to something like 10/90.
 > [ All numbers pulled out of my butt for illustration, but probably within
 > half an order of magnitude. ]

I don't understand what you're designing but all I was suggesting was
a smoke detector with a built in RF switch which upon hearing the
magic signal started squawking "EMERGENCY ALERT!" or similar, perhaps
with a coded word or two like "EMERGENCY TORNADO ALERT!" or perhaps a
brief suggestion to consult your favorite emergency medium immediately
(TV, radio, phone, religious text, etc.)

Or perhaps that would be understood if it ever starts squawking
"EMERGENCY ALERT!" or similar.

Some of them now just start barking "EMERGENCY! EMERGENCY! FIRE! FIRE!
GET OUT OF THE HOUSE" over and over. I hear them go off nearby fairly
regularly so that rings in my head I'm not making it up.

 > 
 > > Could we make the battery just a little more powerful? How much power
 > > would a bit of circuitry waiting for a "turn on! there's a new message
 > > coming in!" need?
 > 
 > Well, parsing for EAS on the receiver is going to make its drain non-trivial,
 > too, I think.
 > 
 > But there are "increasing the battery replacement frequency" problems *and*
 > "increasing the battery capacity and hence price, not to mention general 
 > availability" problems balancing that out.
 > 
 > Any way you play it, it has to be an optional model, not a general takeover 
 > of the field, I suspect, or the "well we just won't bother anymore" factor
 > takes over.

But none of these power problems etc applies to any of the other
proposed solutions? Phones etc? Or internet connections in general?

Meh, I'd like to hear the thoughts of a smoke detector product
engineer.

My WAG is the only major objection would be that they're already neck
deep in regulatory compliance and OMG this would add another layer of
that, new orgs to answer to, new paperwork, etc.

But so what else is new, ask marketing if it'd be worthwhile anyhow.

 > Cheers,
 > -- jra
 > -- 
 > Jay R. Ashworth  Baylink   
 > j...@baylink.com
 > Designer The Things I Think   RFC 
 > 2100
 > Ashworth & Associates   http://www.bcp38.info  2000 Land Rover 
 > DII
 > St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 
 > 1274

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Parler

2021-01-10 Thread bzs


Sorry for intruding one more time but in my experience, which is
absolutely vast, amateurs argue written law, professionals (i.e.,
lawyers) generally argue precedent; how courts have interpreted the
law in cases applicable to the issue at hand.

If no useful precedent exists professionals tend to run like hell
unless they're law professors or very highly paid.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Parler

2021-01-10 Thread bzs


Sometimes it's worth turning the issue around and looking at it right
up the...um, whatever.

A friend who is rather right-wing (tho mostly sane) said angrily that
AWS terminating Parler was "Stalinist" (apparently his metaphor for
totalitarian.)

I said no, the government _forcing_ AWS to carry Parler, or Twitter to
carry Trump (another 'plaint) would be "Stalinist".

Imagine if a Chinese social media company refused to carry anything
posted by Xi Jinping (China's president) for similar reasoning.

Then you'd likely, one can only speculate, see "Stalinist" in action.

P.S. Does anyone know whether Trump is paid for his Twitter traffic as
many celebrities are?

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Parler

2021-01-10 Thread bzs


On January 10, 2021 at 08:42 sro...@ronan-online.com (sro...@ronan-online.com) 
wrote:
 > While Amazon is absolutely within their rights to suspend anyone they want 
 > for violation of their TOS, it does create an interesting problem. Amazon is 
 > now in the content moderation business, which could potentially open them up 
 > to liability if they fail to suspend any other customer who hosts 
 > objectionable content. 
To avoid that sort of thing I'd just send PITA's notice that we typically
get (N) complaints per customer per (month or whatever.)

We have received $BIGNUM complaints and we are obliged to respond
which involves staff time etc.

We believe they are eliciting those excess complaints by their
behavior so henceforth we will charge them (like $100/complaint
response.)

FYI for the recent period that would amount to $BIGBUX. They will also
be responsible for any resulting legal expenses yaddie-yaddie.

We have no obligation to extend them credit for this service so will
need a retainer of (around 2x$BIGBUX) and future bills to be paid
within (small N) days of posting.

Failure to agree (agreement attached) and forward the requisite
retainer by (date) will result in the end of our services for them and
the closing of their account.

P.S. I was actually paid about $1,000 once but usually that ended it,
they either apologized and backed off (sometimes it was just
aggressive advertisers), or closed their account / let it expire.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: NDAA passed: Internet and Online Streaming Services Emergency Alert Study

2021-01-05 Thread bzs


On January 4, 2021 at 21:19 valdis.kletni...@vt.edu (Valdis Klētnieks) wrote:
 > On Mon, 04 Jan 2021 15:33:10 -0500, b...@theworld.com said:
 > > Why wouldn't we just build this into 10-year battery smoke alarms, a
 > > simple radio receiver?
 > 
 > First, that means your smoke alarm batteries run down faster, which is
 > a major issue.

That's the sort of argument I label "all sign, no magnitude".

How much faster? If it took one minute of battery life off a 10 year
battery would that be a problem? 30 minutes?

How does that compare to other factors like ambient temperature which
also affects battery life but we mostly consider "in the noise"?

Could we make the battery just a little more powerful? How much power
would a bit of circuitry waiting for a "turn on! there's a new message
coming in!" need?

etc.

 > 
 > I didn't bother thinking past that show-stopper, others can do so if they 
 > wish...


-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


RE: NDAA passed: Internet and Online Streaming Services Emergency Alert Study

2021-01-04 Thread bzs


Why wouldn't we just build this into 10-year battery smoke alarms, a
simple radio receiver?

Why does anyone think this must be a feature of the internet when, as
people here have described, that entails all sorts of complexities.

You just want something that goes BEEP-BEEP-BEEP KISS YOUR ASS
GOODBYE! BEEP BEEP BEEP really loudly on command, perhaps with some
more detail.

Probably about 10c in circuitry involved.

We're really getting way into the cargo cult worship of the internet
much like how TV in the 1950s was supposed to be the answer to every
one of society's problems but mostly what we got were sitcoms and ads
for bad beer.

Ok, proceed with the list of edge cases. But at least there are laws
requiring smoke alarms most everywhere.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: NDAA passed: Internet and Online Streaming Services Emergency Alert Study

2021-01-02 Thread bzs


Let's just go back to air-raid sirens.

I'm old enough to remember when they were tested every day at noon,
which also told you it was noon (lunch!)

We'd say heaven help us if The Enemy attacked at noon.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: 10g residential CPE

2020-12-25 Thread bzs


Another way to phrase the question (which was the subject of much
dispute 30 years ago) is:

Which would you rather have (I'll use modern speeds):

1gb flat rate

10gb metered

Where metered 10gb could cost less than 1gb when you don't use it, or
about the same at ~1gb, but more if you use >1gb?

It's possible this pricing model is reawakening.

Back then I argued the bigger pipe / metered was preferable. Then
again it was mostly non-residential.

But admittedly most seemed to prefer the lower speed unmetered. They
preferred the billing predicatibilty and didn't like the idea that a
"power user" (in the residential context that might be "kids") could
jack up the bill.

I suppose that depends a lot on what the actual prices of a flat-rate
1gb vs a fully saturated 10gb. If it's $50 vs $100/mo perhaps some
would say ok I'll risk the $50 overage, if it's $50 vs $500/mo maybe
not.

And today we have bandwidth-shaping in most any router/cpe (or could)
so even with the 10gb/metered someone in the house with the password
could rate-limit except when they needed it :-)

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: "Hacking" these days - purpose?

2020-12-16 Thread bzs


I'm not so sure. If someone got the banks, credit card (fintech), big
online shopping, etc (tho not a lot of etc needed) on board, the "head
count" for that wouldn't be very large, and others would join
(particularly retail) just to not be left out...

One can build a quite different network on top of the existing
infrastructure at least to get started, NEWSTUFF/IP.

That would only then require buy-in by end-users but if that's what's
on their phone etc and the only way they can access banks, shopping,
etc.

People here would deliver all those packets since it'd just look like
IP and go from there. Reminds me of the old expression "when it's time
to hang the capitalists they will sell us the rope" (when it comes
time to replace this internet they will deliver our packets.)

The obvious (to me) change would be positive id of anyone accessing
that new network.

The voice system seems to have achieved this to about a 99% level
which is more than good enough. And it would be a boon to them also,
no more annoyingly free voice/video stuff. By which I mean if they
thought it was credible they might pony up a billion or two to get it
going.

Then if they hit some critical mass they can consider replacing IP and
routing regimens etc also (the goal being largely to secure it), on
top of the existing "wire" infrastructure.

On December 16, 2020 at 07:48 mark.ti...@seacom.com (Mark Tinka) wrote:
 > 
 > 
 > On 12/16/20 02:38, b...@theworld.com wrote:
 > 
 > > Somedays I wonder if it's some vast, well-funded, Spectre-like
 > > organization whose backers just want to see trust in the internet
 > > undermined in the public's eyes on behalf of their own non-internet or
 > > anti-internet (think: phone companies who'd love to charge you per
 > > email and web page access for example by forcing you onto some private
 > > network) enterprises, large bricks+mortars interests etc.
 > 
 > If it were, they'd be fighting a losing battle.
 > 
 > The Internet has acquired exponential scale. It would never operate in 
 > such a pay-to-click model.
 > 
 > Mark.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: "Hacking" these days - purpose?

2020-12-15 Thread bzs


Somedays I wonder if it's some vast, well-funded, Spectre-like
organization whose backers just want to see trust in the internet
undermined in the public's eyes on behalf of their own non-internet or
anti-internet (think: phone companies who'd love to charge you per
email and web page access for example by forcing you onto some private
network) enterprises, large bricks+mortars interests etc.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: The Real AI Threat?

2020-12-11 Thread bzs


Slow Friday...

One pressing problem of "AI", and might be a useful analogy, is that
we're (everyone w/ the money) deploying it, for some value of "it",
into weapons systems.

The problem is that decisions made by for example an attack drone
might have to be made in milliseconds incorporating many real-time
facts, much faster than a human can. Particularly if one considers
such weapons "dog fighting" where both sides have them.

Some decisions we're probably comfortable enough with, can I get a
clear shot at a moving target etc. A human presumably already
identified the target so that's just execution.

But some amount to policy.

Such as an armed response where there was no armed conflict a few
milliseconds ago because the software decided a slight variation in
the flight pattern of that hypersonic cruise missile -- Russia claims
to be deploying these, some with nuclear power so can stay aloft
essentially forever -- is threatening and not just another go-around.

Etc.

The point being it's not only the decision/policy matrix, it's also
that when we put that into real-time systems the element of time
becomes a factor.

One can, for example, imagine similar issues regarding identifying and
responding to cyberattacks in real-time. An attempt to bring down the
country's cyberdefenses? Or just another cat photo? You have 10ms to
decide whether to cut off all traffic from the source (or whatever,
counter-attack) before your lights (might) go out and what are the
implications?

I'm sure there are better examples but I hope you get the general
idea.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: The Real AI Threat?

2020-12-11 Thread bzs


"Don't anthropomorphize computers, it just pisses them off." -- some wag

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Anyone from instagram reading?

2020-12-02 Thread bzs


Instagram is enabling an harassment attack.

They are sending out "change in terms of use" statements, you've
probably received it.

Apparently they will send them to unconfirmed accounts, en masse.

So for example you own example.com and all email for *@example.com
goes to you.

And there are no legitimate email accounts for that domain so can't
possibly be confirmed accounts.

So you are receiving a firehose of "terms of use" emails to
randomstr...@example.com apparently being generated by a script,
random+domain@domain like (from the actual emails tho not
example.com):

 qiuncjhuxeexam...@example.com
 mazhjkmthexam...@example.com

and so on and so on, each one different.

  SOLUTION: Stop sending your terms of use update messages to
  unconfirmed accounts. It's a trivially abused harassment vector as
  we're seeing.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: IPv4 Broker / Service -

2020-06-11 Thread bzs


Addrex.net

I know some of the principles personally and would vouch for them.


On June 11, 2020 at 14:27 edwin.malle...@gmail.com (edwin.malle...@gmail.com) 
wrote:
 > Hi Nanog,
 > 
 >  
 > 
 > I have need of a reputable IPv4 broker or service  ? personal experience with
 > said broker would be preferred.  These would be for small blocks - /23, 24s ?
 > in the US, so ARIN.  I know, I know, IPv6 for life and all that and I agree,
 > but ? you know, the business.  I?m happy to take responses off-list, but I
 > would really appreciate any recommendations.
 > 
 >  
 > 
 > Thanks!
 > 
 >  
 > 
 > Ed
 > 

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Don't email clients have a kill file?

2020-05-14 Thread bzs


Looks cool, I'll check it out, thanks!

  https://www.emacswiki.org/emacs/WanderLust

On May 14, 2020 at 14:57 ra...@psg.com (Randy Bush) wrote:
 > > I tend to read email with EMACS/VM.
 > 
 > fwiw, i moved from VM to Wanderlust a dozen years ago; if i remember
 > aright, for better imap support.  both have kill thread in current
 > messages.  neither remembers the kill order for newly received msgs a
 > la nn et alia.
 > 
 > randy

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Don't email clients have a kill file?

2020-05-14 Thread bzs


I tend to read email with EMACS/VM. It has a 'k' command which kills
(marks deleted) every message with the same subject as the current
message being viewed.

On May 14, 2020 at 20:36 bj...@mork.no (Bjørn Mork) wrote:
 > At the risk of starting an off topic discussion here, but am I the only
 > one who'd like to see more plonks and less troll feeding?
 > 
 > I miss Usenet.
 > 
 > 
 > Bjørn

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: RIPE NCC Executive Board election

2020-05-13 Thread bzs


 https://www.youtube.com/watch?v=UAeqVGP-GPM

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Abuse Desks

2020-04-29 Thread bzs


On April 29, 2020 at 07:35 na...@ics-il.net (Mike Hammett) wrote:
 > "What is it, exactly, that you expect a provider to do with your report of a
 > few failed SSH login attempts to stop the activity?... disconnect the
 > customer."
 > 
 > Yes.

What I've done in the past is tell the customer we have received
complaints and if they continue will bill them $100 (pick a number)
per complaint as we are obliged to respond to them.

I actually had someone pay me about $1,000 once tho I'll admit the
threat was usually enough.

In a couple of egregious cases I billed them and shut them off
explaining they didn't have sufficient credit with us so will only be
turned back on when the complaint bills are paid and a deposit for
future complaints received (pick a number.)

TBH I usually never heard from those customers again but that was fine
by me.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Phishing and telemarketing telephone calls

2020-04-27 Thread bzs


The obvious way to id them is to buy whatever it is they are selling.

So that reduces the problem to being able to cancel the transaction
once id'd, and probably using fraudulent credentials.

It might take a little more strategy than what I just described, there
are other potential pitfalls.

I wouldn't suggest that route to amateurs but it's not quite rocket
surgery.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: DHS letters for fuel and facility access

2020-03-17 Thread bzs


I remember an anecdote during 9/11 about a fuel truck being stopped, I
think the line was Houston St, someone found an empty fuel truck on
the other side and convinced the natl guard or whoever it was to let
them transfer the diesel from one truck to the other across the line
and get the fuel where it was needed.

Whatever works I guess.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: COVID-19 vs. our Networks

2020-03-14 Thread bzs


On March 14, 2020 at 14:49 r...@gsp.org (Rich Kulawiec) wrote:
 > 
 > 2. Find all the phone chargers, laptop chargers, USB sticks, cables,
 > everything.  If you're not already obsessive about keeping things
 > charged, get that way.

You're really expecting power interruptions due to the virus (in the
US)?

Somewhere else (FB) I saw someone snarking that people are dumb
because they're buying out frozen food what are they going to do when
there's no power for their freezers?!

I just don't see that as a likely scenario here but maybe I'm the one
who's deluded.

I suppose some regions are more vulnerable than others, there was that
crazy fire prevention outage in California a few months ago.

If we get to the point that there are serious power outages due to a
flu I think we'll have much worse problems than our phones are going
dead, there won't be any phone network! Or whatever.

P.S. I also got the death threat WARNING! WARNING! WARNING! spam but
didn't think it was worth a whole new message so, here, I mentioned it
in case people are wondering if it's just them.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls

2020-03-09 Thread bzs


On March 8, 2020 at 16:32 l...@satchell.net (Stephen Satchell) wrote:
 > On 3/8/20 4:00 PM, b...@theworld.com wrote:
 > > As I've said before what would likely work is if every time one of us
 > > (in the US anyhow) got a junk call we immediately called our
 > > congressional and/or senate office(s) and simply said "just got
 > > another junk call! (optionally add description.)"
 > 
 > Doesn't work.  I've been complaining both House and Senate offices every 
 > time CMS (Medicare billing arm) overcharges me $800 for my premiums. 
 > It's to the point that my elected officials will listen, then say "write 
 > a letter" (which I have done several times) and blow me off.
 > 
 > Nothing ever gets fixed.
 > 
 > BBB has told me they don't take complaints about government entities.

I was thinking more in terms of millions of calls to congressional
offices per day, not individual requests for action.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls

2020-03-08 Thread bzs


I do the same, don't say anything when I pick up an unknown caller id
until they say something, they disconnect about half or more of the
time tho not always.

As I've said before what would likely work is if every time one of us
(in the US anyhow) got a junk call we immediately called our
congressional and/or senate office(s) and simply said "just got
another junk call! (optionally add description.)"

The abuse works because we each suffer it alone.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls

2020-03-08 Thread bzs


Point taken.

On March 8, 2020 at 15:06 dam...@google.com (Damian Menscher) wrote:
 > On Sun, Mar 8, 2020 at 2:18 PM  wrote:
 > 
 > 
 > It's really not analogous to most of the mass attacks on the net
 > because the entire telco system is built to know who is using it in
 > great detail.
 > 
 > 
 > You don't think transit providers bill their customers?
 > 
 > The analogy holds surprisingly well.  Any transit provider (or other ISP) 
 > could
 > trivially identify their customers who are launching spoofed attacks, simply 
 > by
 > looking for a high volume of SYN packets, or a high diversity of source ASNs,
 > or several other signals.  But instead they pretend it's "hard", just as the
 > telcos do.  In reality, the only thing that's hard about it is the policy
 > decision of turning away money.
 > 
 > Damian
 > 
 > 
 > Have you ever made a billable call and *not* been billed for it?
 > 
 > If you're getting the same "Hi, this is  from card holder
 > services" calls like everyone else, or auto warranty etc etc etc, that
 > means they're making millions of calls per day, possibly hundreds of
 > millions...per day.
 > 
 > No one makes many millions of voice calls without paying the telcos.
 > 
 > If you don't believe me try it. You'll have a swat team at your home
 > or office (or possibly a telco sales person) probably after just
 > hundreds of calls and you'll be blocked, shut down.
 > 
 > The telcos are making a lot of money on these calls.
 > 
 > They know exactly who is making them because they know exactly who
 > they're sending that bill to and their payment history.
 > 
 > Which primarily leaves the question of why this Kabuki theater by the
 > FCC et al pretending as if it's some vast, uncontrollable evil like
 > the corona virus etc.?
 > 
 > --
 >         -Barry Shein
 > 
 > Software Tool & Die    | b...@theworld.com             | http://
 > www.TheWorld.com
 > Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
 > The World: Since 1989  | A Public Information Utility | *oo*
 > 

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls

2020-03-08 Thread bzs


It's really not analogous to most of the mass attacks on the net
because the entire telco system is built to know who is using it in
great detail.

Have you ever made a billable call and *not* been billed for it?

If you're getting the same "Hi, this is  from card holder
services" calls like everyone else, or auto warranty etc etc etc, that
means they're making millions of calls per day, possibly hundreds of
millions...per day.

No one makes many millions of voice calls without paying the telcos.

If you don't believe me try it. You'll have a swat team at your home
or office (or possibly a telco sales person) probably after just
hundreds of calls and you'll be blocked, shut down.

The telcos are making a lot of money on these calls.

They know exactly who is making them because they know exactly who
they're sending that bill to and their payment history.

Which primarily leaves the question of why this Kabuki theater by the
FCC et al pretending as if it's some vast, uncontrollable evil like
the corona virus etc.?

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls

2020-03-08 Thread bzs


On March 7, 2020 at 14:54 s...@donelan.com (Sean Donelan) wrote:
 > 
 > Has encryption ever solved scams/fraud/spam?
 > 
 > Extended Validation SSL Certificates - Just pay a Certificate Authority 
 > more money
 > 
 > DKIM signed email - Just pay a mail provider more money to blast email
 > 
 > SWIFT encrypted payments - Just find the weakest bank somewhere in the 
 > world

DKIM will be incredibly effective when we deploy a reputation database
as I was scolded at by someone who was deeply involved in all this in
2003 when I expressed some skepticism.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls

2020-03-08 Thread bzs


On March 7, 2020 at 02:03 morrowc.li...@gmail.com (Christopher Morrow) wrote:
 > On Fri, Mar 6, 2020 at 11:05 PM Brian J. Murrell  
 > wrote:
 > 
 > > So, if my telco can bill the callers for those premium calls, they
 > > surely know who they are, or at least know where they are sending the
 > > bill and getting payment from.
 > 
 > You are mistaken, billing is very hard.
 > Telcos show this regularly.

Telcos have been described as vast and efficient billing systems with
some minor voice service functions attached.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls

2020-03-06 Thread bzs


On March 6, 2020 at 17:34 s...@donelan.com (Sean Donelan) wrote:
 > 
 > https://www.fcc.gov/document/chairman-pai-proposes-mandating-stirshaken-combat-robocalls
 > 
 > Federal Communications Commission Chairman Ajit Pai today proposed a major 
 > step forward to further the FCC’s efforts to protect consumers against
 > spoofed robocalls: new rules requiring implementation of caller ID 
 > authentication using socalled “STIR/SHAKEN” technological standards. 
 > STIR/SHAKEN enables phone companies to verify the accuracy of caller ID 
 > information that is transmitted with a call. Industry-wide
 > implementation would reduce the effectiveness of illegal spoofing, allow 
 > law enforcement to identify bad actors more easily, and help phone 
 > companies identify calls with illegally spoofed caller ID information 
 > before those calls reach their subscribers.
 > 
 > The FCC will vote on these new rules during its Open Meeting on March 31.

Why don't they just ask the phone companies who are billing these
robocallers who they are and we can arrest them.

[

And if your urge is to jump on your keyboard and deny the telcos know
exactly who they are please ask yourself if you really know or are you
just defending some world view based on nothing really other than
you're uncomfortable with such treachery.

Last time we went around this several weeks ago people who actually
truly have worked in the telco biz on exactly this sort of thing
responded yes, exactly, the telcos know just who they are and do
indeed bill them for those robocalls.

]

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Reminiscing our first internet connections (WAS) Re: akamai yesterday - what in the world was that

2020-02-16 Thread bzs


Ok it's Sunday...

The first time I got on the internet was around 1977.

A friend dropped by the lab I worked in at Harvard and wondered if I
had an MIT ITS account and I said no wasn't even sure what it was
other than a time sharing system at MIT.

So we had a modem and dumb terminal and dialed-in and one could create
an account from the login prompt which I guess today seems mundane but
really was totally unintuitive, getting logins on time shared systems
generally required paper work and proof one should have access.

And I became BARRYS@MIT-AI (no stinkin' dots back then.)

He showed me some ARPAnet things and I was suitably amazed and
explored more from home where I had my own dumb tty and modem.

TBH I didn't really have much use for it at the time other than
joining mailing lists or similar.

Occasionally if someone was in the room I'd say "watch this!" and get
to a login prompt at Stanford or UCL (London.) They were usually
impressed.

I did use the local area network to access MIT-MC to use MacSyma (a
symbolic math package) which I did use in my work.

I was fairly amazed that my files were visible on either machine.

etc etc etc.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Tell me about AS19111

2020-02-07 Thread bzs


Once again I predict the past! It's amazing!

Thanks John.

On February 7, 2020 at 14:48 jcur...@arin.net (John Curran) wrote:
 > Barry - 
 > 
 > 
 > FYI – In addition to a regular financial audit, ARIN periodically has a
 > third-party operational audit conducted of the registry, including random
 > sampling of transactions and detailed review of same. 
 > 
 > The results of the audit are used to both reaffirm registry integrity and
 > have led to improvements in our processes in multiple areas including
 > internal review/signoff practices, transaction logging, and fraud
 > investigation. 
 > 
 > 
 > Thanks,
 > /John
 > 
 > John Curran
 > President and CEO
 > American Registry for Internet Numbers
 > 
 > 
 > On 6 Feb 2020, at 1:38 PM, b...@theworld.com wrote:
 > 
 > 
 > Given events including the IPv4 runout etc perhaps it's long overdue
 > that the RIRs should hire a professional big-name (we used to call
 > them Big 5) accounting firm to audit or at least review IP address,
 > ASN, etc. allocation.
 > 
 > I am not talking about money, I am talking about resource allocation.
 > 
 > That would be a step towards accountability.
 > 
 > It would likely be a lot better than "someone on NANOG noticed a
 > discrepancy let's shout at each other about it for a few days."
 > 
 > The "rules" really aren't that difficult even if the details of
 > technical management can be.
 > 
 > A modern accounting firm could find the talent to grasp how it all
 > should work and review how it has worked and is working.
 > 
 > I've worked with accountants, they know things like what we'd call in
 > a phrase "game theory" (you cut, I choose, etc) regarding resource
 > allocation, memorialization (is the record-keeping broken?), "forcing"
 > organizations to fix outright bugs in rules and record-keeping,
 > internal accountability (e.g., who has access to critical records?
 > what's the process when an error or fraud occurs?), proper reporting,
 > etc.
 > 
 > It wouldn't be cheap.
 > 
 > But as an easy suggestion I'd recommend that ISOC help with the
 > funding for such a project. There could be other sources.
 > 
 > Or possibly, I haven't a clue how the numbers might work, a $10 or $20
 > new annual resource allocation surcharge to underwrite such auditing.
 > 
 > It would be a new and potentially valuable service so, within reason,
 > justified.
 > 
 > --
 >-Barry Shein
 > 
 > Software Tool & Die| b...@theworld.com | http://
 > www.TheWorld.com
 > Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
 > The World: Since 1989  | A Public Information Utility | *oo*
 > 
 > 


-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Tell me about AS19111

2020-02-06 Thread bzs


It could measure the extent of the problem and would be within what I
suggested.

For example if there were only one AS being abused that would make it
a different priority than 1,000 or 10,000 (some seem to be implying a
number like that) being abused.

Do we have that number?

And tracking the trend.

On February 6, 2020 at 14:50 sa...@tislabs.com (Sandra Murphy) wrote:
 > 
 > 
 > > On Feb 6, 2020, at 2:38 PM, b...@theworld.com wrote:
 > > 
 > > 
 > > It would likely be a lot better than "someone on NANOG noticed a
 > > discrepancy let's shout at each other about it for a few days."
 > 
 > 
 > Did I miss something?  I thought the discrepancy being pointed out was that 
 > resources that were not currently allocated/assigned were still being 
 > actively used and actively accepted by people who should have rejected them. 
 >  Private address space and private ASNs are one case, resources that have 
 > not yet been allocated or were once allocated and have been reclaimed are 
 > another.
 > 
 > An accounting audit of ARIN resource management process is not going to help 
 > the fact that people are accepting routes they should not be accepting.
 > 
 > I suspect I did miss something.
 > 
 > —Sandy

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Tell me about AS19111

2020-02-06 Thread bzs


Given events including the IPv4 runout etc perhaps it's long overdue
that the RIRs should hire a professional big-name (we used to call
them Big 5) accounting firm to audit or at least review IP address,
ASN, etc. allocation.

I am not talking about money, I am talking about resource allocation.

That would be a step towards accountability.

It would likely be a lot better than "someone on NANOG noticed a
discrepancy let's shout at each other about it for a few days."

The "rules" really aren't that difficult even if the details of
technical management can be.

A modern accounting firm could find the talent to grasp how it all
should work and review how it has worked and is working.

I've worked with accountants, they know things like what we'd call in
a phrase "game theory" (you cut, I choose, etc) regarding resource
allocation, memorialization (is the record-keeping broken?), "forcing"
organizations to fix outright bugs in rules and record-keeping,
internal accountability (e.g., who has access to critical records?
what's the process when an error or fraud occurs?), proper reporting,
etc.

It wouldn't be cheap.

But as an easy suggestion I'd recommend that ISOC help with the
funding for such a project. There could be other sources.

Or possibly, I haven't a clue how the numbers might work, a $10 or $20
new annual resource allocation surcharge to underwrite such auditing.

It would be a new and potentially valuable service so, within reason,
justified.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Reminiscing our first internet connections (WAS) Re: akamai yesterday - what in the world was that

2020-01-27 Thread bzs


On January 27, 2020 at 09:26 james.v...@gmail.com (james jones) wrote:
 > Does AOL count? If my first real internet connection was dial up 3600 baud
 > through compuserv. When I finally upgraded to 56K I thought it was light
 > speed. 

I remember going from 300b to 1200b and thinking wow, this is it,
we're done, I cannot read text scrolling on the screen at 1200b.

(Ok, we did have a Lear-Siegler ADM-3A dumb terminal in the lab which
could keep up with 19.2kb across the room to a PDP-11 so I wasn't
ignorant of faster speeds, but in terms of remote access I really
thought 1200b was all I'd ever need.)

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Reminiscing our first internet connections (WAS) Re: akamai yesterday - what in the world was that

2020-01-27 Thread bzs


On January 27, 2020 at 22:57 ma...@isc.org (Mark Andrews) wrote:
 > The hardware support was 2B+D but you could definitely just use a single B.  
 >  56k vs 64k depended on where you where is the world and which style of ISDN 
 > the telco offered. 

FWIW bulk dial-up lines were often brought in as PRIs which were 24
ISDN 2B+D lines on basically a T1 (1.544mbps) and then you could break
those out to serial lines.

The sort of cool thing was that you could get caller information on
those even if the caller thought they blocked it with *69 or whatever
it was and log it. I forget the acronym...no no, that's the usual
caller-id this was...u, DNI? Something like that.

I won a court case with that data.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Reminiscing our first internet connections (WAS) Re: akamai yesterday - what in the world was that

2020-01-26 Thread bzs


On January 26, 2020 at 15:59 ka...@biplane.com.au (Karl Auer) wrote:
 > On Sat, 2020-01-25 at 22:29 -0600, Aaron Gould wrote:
 > > From: Ben Cannon [mailto:b...@6by7.net] 
 > > I started what became 6x7 with a 64k ISDN line.   And 9600 baud
 > > modems…   
 > 
 > Pah! Luxury!
 > 
 > When *I* were a lad we had to touch the wires with our tongues to tell
 > one from zero, no job for a sissy lemme tell you. And don't talk to me
 > about bandwidth. You could increase it easily enough by wiring up other
 > body parts, but it was hard to keep the staff.

You had ones?! We couldn't afford them, we had to guess from the time
delays between zeros.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: akamai yesterday - what in the world was that

2020-01-24 Thread bzs


On January 24, 2020 at 16:59 list-nan...@dragon.net (Paul Ebersman) wrote:
 > bzs> When we, The World, first began allowing the general public onto
 > bzs> the internet in October 1989 we actually had a (mildly shared*) T1
 > bzs> (1.544mbps) UUNET link. So not so bad for the time. Dial-up
 > bzs> customers shared a handful of 2400bps modems, we still have them.
 > 
 > The World was also our (UUNET) Boston hub. And at that time,
 > cross-country core backbone links were T1. We all thought the NSF T3
 > backbone was a government boon-doggle. :)

Those links were nailed up in the common closet not on 66 blocks but
basically boards with bolts and quarter-sized thumb nuts, that was New
England Telephone's (NET) demarc not our idea, it worked.

One day working with a phone guy I jokingly remarked that's some old
looking stuff, did Alexander Graham Bell put it in?

He looked at me and said "possibly, Bell founded New England Telephone
and would've helped on a job like this". The building was 1898.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


RE: akamai yesterday - what in the world was that

2020-01-24 Thread bzs


On January 24, 2020 at 08:55 aar...@gvtc.com (Aaron Gould) wrote:
 > Thanks Jared, When I reminisce with my boss he reminds me that this 
 > telco/ISP here initially started with a 56kbps internet uplink , lol

Point of History:

When we, The World, first began allowing the general public onto the
internet in October 1989 we actually had a (mildly shared*) T1
(1.544mbps) UUNET link. So not so bad for the time. Dial-up customers
shared a handful of 2400bps modems, we still have them.

* It was also fanned out of our office to a handful of Boston-area
customers who had 56kbps or 9600bps leased lines, not many.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: akamai yesterday - what in the world was that

2020-01-23 Thread bzs


On January 23, 2020 at 19:52 p...@nashnetworks.ca (Paul Nash) wrote:
 > > While it makes me feel old, it’s also something that I marvel about 
 > > periodically.
 > 
 > A bit of perspective on bandwidth and feeling old.  The first non-academic 
 > connection from Africa (Usenet and Email, pre-Internet) ran at about 9600 
 > bps over a Telebit Trailblazer in my living room.
 > 
 > The first non-academic IP connection was a satellite connection (64Kbps 
 > IIRC, not in my living room :-)).

Someone asked about Antarctica recently.

I remember the day in the 80s when they, I'm pretty sure McMurdo
Station, got its first "internet" connection. It was announced on
lists like this one.

It was a satellite which was good for only so many minutes per day as
it flew in and out of sight and exchanged batched email etc via Kermit
at probably around 9600bps if that, probably variable depending on
conditions.

If I may...which also reminds me of a project in Africa which used
some sort of wireless link (probably packet-radio) on top of buses.

People with the right equipment could get a batch exchange as a bus
drove by. I'm pretty certain that really was implemented and used.

No idea what the bandwidth was, I think packet-radio in that era
generally was glad to achieve around 1200bps.

Moral: Really, really, bad connectivity is a zillion times better than
no connectivity.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: FCC proposes $10 Million fine for spoofed robocalls

2019-12-20 Thread bzs


On December 20, 2019 at 08:00 na...@ics-il.net (Mike Hammett) wrote:
 > I can't imagine many telcos are making a lot of money from voice anymore.

They may not be making a huge amount anymore which may be why they're
now allowing (i.e., not fighting/lobbying) these folks to be thrown
under the bus before someone shines a light on them.

 > 
 > 
 > -
 > Mike Hammett
 > Intelligent Computing Solutions
 > http://www.ics-il.com
 > 
 > Midwest-IX
 > http://www.midwest-ix.com
 > 
 > ━━━
 > From: b...@theworld.com
 > To: "nanog" 
 > Sent: Thursday, December 19, 2019 5:11:17 PM
 > Subject: RE: FCC proposes $10 Million fine for spoofed robocalls
 > 
 > 
 > They should be fining the telcos, they're making a lot of money on
 > these calls.
 > 
 > And if you believe otherwise (e.g., that it's like email spam) you've
 > been duped by telco PR.
 > 
 > Unlike spam when was the last time a telco failed to bill you for a
 > billable phone call? Never.
 > 
 > They know exactly who is using their system. And they get paid for
 > it. And these junk callers are making millions of calls per hour when
 > they're active.
 > 
 > The entire telco infrastructure has been described as a billing system
 > with some added voice features.
 > 
 > Try devising a box which makes millions of voice calls per hour and
 > see how long it takes before you're stopped dead until you agree to
 > pay the telcos for those calls, or get arrested.
 > 
 > --
 > -Barry Shein
 > 
 > Software Tool & Die| b...@theworld.com | 
 > http://www.TheWorld.com
 > Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
 > The World: Since 1989  | A Public Information Utility | *oo*
 > 

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


RE: FCC proposes $10 Million fine for spoofed robocalls

2019-12-19 Thread bzs


If you want to end robocalls then every time you get one call your
local congress person's or senator's main phone number and say "I just
got another robocall (perhaps characterizing it like 'for auto
warranties' or 'for IRS fraud')".

Everyone. Every time.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


RE: FCC proposes $10 Million fine for spoofed robocalls

2019-12-19 Thread bzs


They should be fining the telcos, they're making a lot of money on
these calls.

And if you believe otherwise (e.g., that it's like email spam) you've
been duped by telco PR.

Unlike spam when was the last time a telco failed to bill you for a
billable phone call? Never.

They know exactly who is using their system. And they get paid for
it. And these junk callers are making millions of calls per hour when
they're active.

The entire telco infrastructure has been described as a billing system
with some added voice features.

Try devising a box which makes millions of voice calls per hour and
see how long it takes before you're stopped dead until you agree to
pay the telcos for those calls, or get arrested.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Gmail email blocking is off the rails (again)

2019-12-04 Thread bzs


25 years or so from now when the internet is basically a big CATV-like
service someone will write a book about how "SPAM Ate The Internet".

And a few other things, among them:

Phase II: Ham Eats The Internet.

Now that every marcom, billing, etc dept and their pet dog has figured
out they can send almost unlimited email, billions of them, just about
for free and if they have any sort of recognizable corporate identity
they won't be challenged by intermediaries (end users might try) watch
as you get 100, 500, 1000... emails/day from them collectively.

Hey it was just *one* email/day...from each of the Fortune 1000, and
their subsidiaries, and their agents, and...

But that's ok, the new masters of this universe will just charge both
ends for each and every email (perhaps a few included free with your
Hulu or Netflix subscription) and old timers will talk about how great
it was back in the old days when you could run lists like nanog for
roughly nothing tho I don't know where they'll talk about that.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: RIPE our of IPv4

2019-12-01 Thread bzs


This is that reasoning that because this particular shiny bauble is
laying right here on the table then that's the whole picture.

More likely if some of them decided to sell that IPv4 block they'd
catch up on the rent or cut deductibles on the health care plan or or
get rid of some of that 100mb ethernet or something.

IPv6 would be way, way down on that list.

That's how small businesses run.

On November 30, 2019 at 19:54 lists.na...@monmotha.net (Brandon Martin) wrote:
 > On 11/30/19 4:48 PM, Matthew Kaufman wrote:
 > > See previous message about legacy IPv4 holders without budget for IPv6 
 > > blocks 
 > 
 > How slim are your margins to have been around long enough to have a legacy 
 > IPv4 block but not be able to afford the ARIN fees to get a comparable/very 
 > usable (/48 to /52 for each IPv4) amount of IPv6?  And if you don't need a 
 > "comparable" amount of IPv6, presumably you aren't using all your legacy 
 > IPv4 and can sell off part of its presumably huge allocation to get some 
 > funds.
 > -- 
 > Brandon Martin

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: We've lost another innovator

2019-11-27 Thread bzs


I knew Brian Kantor from the old Usenix days, we've sat around the bar
together at conferences etc. many times.

There was even an outstanding minor technical issue from a few weeks
ago I wanted to get back to him about...oh well.

Sorry to hear this, he was one of those rare people who actually cared
about the technical landscape and how he could contribute.

On November 27, 2019 at 13:27 r...@gsp.org (Rich Kulawiec) wrote:
 > - Forwarded message from Russ Allbery  -
 > 
 > > From: Russ Allbery 
 > > Date: Tue, 26 Nov 2019 20:56:23 -0800
 > > Subject: Brian Kantor has died
 > > 
 > > Slashdot reported, via a contributor from the 44Net amateur radio mailing
 > > list, that Brian Kantor died suddenly in his home last week.
 > > 
 > > https://tech.slashdot.org/story/19/11/24/0051236/brian-kantor-internet-and-amprnet-pioneer-wb6cyt-dies
 > > 
 > > Brian was the co-inventor of NNTP and the co-author of RFC 977, with Phil
 > > Lapsley.  I never met him in person, but have had several opportunities to
 > > chat with him electronically, including as recently as last month (via
 > > NNTP and netnews newsgroups, of course).  He will be missed.
 > 
 > I never met Brian either, but have "known" him electronically for decades.
 > His was a voice I always paid attention to, even when I disagreed with
 > what he had to say.  I'm sorry he's gone, and I'll miss him.
 > 
 > ---rsk

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: RIPE our of IPv4

2019-11-26 Thread bzs


If the commitment really was to spread IPv6 far and wide IPv6 blocks
would be handed out for free, one per qualified customer (e.g., if you
have an IPv4 allocation you get one IPv6 block free), or perhaps some
trivial administrative fee like $10 per year.

But the RIRs can't live on that.

We have put them under the management of a group of five organizations
which are very dependent on the income from block allocations and no
doubt were hoping IPv6 allocations would be a boon since there will be
very little if any income growth from future IPv4 block allocations.

Worse, once acquired an IPv6 block has so many billions of addresses
very few if any would ever need another allocation so it would hardly
act as a loss leader.

I realize many still would not deploy IPv6 for various reasons such as
their equipment doesn't support it or they don't have the in-house
expertise to support it, etc tho I can't think of much other etc, a
few points of resistance do come up.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: 99% of HK internet traffic goes thru uni being fought over?

2019-11-21 Thread bzs


On November 20, 2019 at 15:11 js...@finchhaven.com (John Sage) wrote:

 > Then, as to Internet traffic, the probability that 99% of *all* Internet 
 > traffic to one global political entity (Hong Kong) goes through one 
 > single physical location that just happens to be a university currently 
 > experiencing student protests is ... yeah...

Interesting theory.

 > 
 > I take it you know nothing about Internetworking?

Perhaps you should look at https://www.TheWorld.com/~bzs

 > 
 > Or, again, Zerohedge?

Nope, knew nothing off-hand about them but wikipedia seems to concur
that Zerohedge is likely a "Russian asset". Thanks.

Nonetheless it doesn't particularly mean that 99% of HK traffic
*doesn't* go thru that facility, not alone.

Broad comparisons to other national internet structures as you appeal
to seems to be questionable in regards to a Special Administrative
Region of The People's Republic of China, albeit officially ruled
under "one system, two ways", HK being one of the regions (Macau being
the other) which is ruled under the "second" way.

China can be unique in their communications policies and practices.

Which is why I asked hoping someone knew the facts rather than had an
opinion about the particular source or some theory unifying all
national internet infrastructures under some simple rule of thumb.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: 99% of HK internet traffic goes thru uni being fought over?

2019-11-20 Thread bzs


Thanks everyone for the replies. My conclusion is that no one here
knows whether HKIX handles 99% of internet traffic for HK or not.

It's a number.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


99% of HK internet traffic goes thru uni being fought over?

2019-11-19 Thread bzs


Is this plausible?

  
https://www.zerohedge.com/geopolitical/heres-real-reason-why-hong-kong-authorities-are-desperate-regain-control-university

or

  http://tinyurl.com/slwchx8

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: all major US carriers received text messages overnight that appear to have been sent around Valentine's Day 2019

2019-11-09 Thread bzs


This can be a "curse" of highly available servers which stay up for a
year or more, some of mine will.

A mail delivery process locks messages in the queue for delivery and
then the process hangs.

Subsequent delivery attempts will honor the lock so they never go out,
nor are they even timed out.

It's not a terrible idea to have a scheduled process, like once a day,
which kills all delivery processes just for this reason, or any which
are more than, say, an hour or two old. It's an easy script to write
and mail delivery programs are or should be resiliant to receiving a
kill signal.

There are other scenarios possible but one would have to know their
entire software and network architecture to speculate.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: IPv4 and Auctions

2019-10-25 Thread bzs


There's a fairly famous animal behavior experiment where rats are
allowed to multiply in a room-sized cage without control, food and
water and basic sanitation are provided.

When the cage becomes extremely crowded rats are observed gnawing on
each other's tails.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: worse than IPv6 Pain Experiment

2019-10-10 Thread bzs


On October 9, 2019 at 17:12 b...@herrin.us (William Herrin) wrote:
 > On Wed, Oct 9, 2019 at 4:30 PM John R. Levine  wrote:
 > > > Can I summarize the current round of objections to my admittedly
 > > > off-beat proposal (use basically URLs rather than IP addresses in IP
 > > > packet src/dest) as:
 > > >
 > > >  We can't do that! It would require changing something!
 > >
 > > Nope.  You can summarize it as "it doesn't scale", which is what has
 > > killed endless numbers of superficially plausible bad ideas.
 > 
 > And Barry's been around long enough to know this. What's up Barry? What's the
 > meta-argument you're trying to make here 'cause "bits is bits" is about as
 > smart as telling a chef that "food is food."

Some brought up objections to IPv6 one of which was that its long hex
strings are difficult to remember compared to IPv4 addresses.

I first suggested that might be largly a human interface issue more
than a flaw in the design.

Then I remembered a talk I gave in Singapore, intended to be
controversial, suggesting the use of essentially URLs as a superset of
"domain names", but whatever, everyone knows what I mean, as actual
addresses in packets.

Just trying to stimulate some thinking beyond IPv6 and assessing where
we are in general terms regarding for example changes in hardware etc
availability since IPv6 was first being developed ca 1990.

Particularly in a context where the less than stellar adoption of IPv6
is an issue.

Some, most, of the comments have been very interesting and also
thought-provoking.

Others amounted to "but where do we put the gasoline in this
new-fangled electric car?!" (yes some fundamental things would need to
be redesigned), some wanted the entire design right here and right now
(sorry!), and a few basically revealed people who've never to my
knowledge managed anything more complicated than a zippo lighter
claiming profound and intuitive insight into mass scalability.

But as I said it's a few RFCs short of an internet.

Just meant to stir some discussion: Is there life after IPv6? What
might motivate another round of evolution and by whom?

My sense is these questions might be more imminent than some may want
to believe given the rise of issues such as security, privacy,
government control, accountability, legal and insurance issues, and a
multi-trillion dollar economy riding on this internet little of which
was really on the table in, say, 1990.

For example given the relatively low adoption of IPv6 and the
impossibility (pretty much) of going forward with IPv4, and the new
realities I mention, might someone(s) with sufficient interest and
capitalization and influence push to knock over the whole game board?

They marched us into a box canyon!

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: worse than IPv6 Pain Experiment

2019-10-09 Thread bzs


OK OK OK.

Can I summarize the current round of objections to my admittedly
off-beat proposal (use basically URLs rather than IP addresses in IP
packet src/dest) as:

  We can't do that! It would require changing something!

I've no doubt many here are comfortable with the current architecture.

Bits is bits.

URLs are, to a machine, just bit strings though they do incorporate a
hierarchical structure which isn't that dissimilar from current
network/host parts of IP addresses.

URLs are an obvious candidate to consider because they're in use, seem
to basically work to identify routing endpoints, and are far from a
random, out of thin air, choice.

Given the vast improvements in hardware since we last seriously
thought about this (ca. 1990, IPv6) perhaps this worship of
bit-twiddling and bit-packing may be a bit (haha) like those who once
objected to anything but machine language programming because HLLs
were so inefficient!

P.S. It was from a talk I gave in Singapore to the local HackerSpace
and intended to provoke thought and discussion but not just "no, we
can't do that because that's not the way we do things."

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: IPv6 Pain Experiment

2019-10-09 Thread bzs


On October 8, 2019 at 23:51 o...@delong.com (Owen DeLong) wrote:
(responding to my P.S.)

 > P.S. My prediction?
 > 
 > The world's major telcos et al, having had enough of various problems,
 > from address exhaustion to non-stop security disasters, and the
 > chaotic responses, propose and begin implementing an alternative. And
 > that won't be through the IETF or similar.
 > 
 > 
 > I tend to doubt it.
 > 
 > While I don’t discount what you say about telcos below, the thing to remember
 > is that insisted that VOIP would never displace TDM in the average 
 > enterprise.
 > 
 > When was the last time you saw a business phone system using TDM and not
 > IP phones?

Sorry, I was referring to telcos as the major so-called "tier 1" and
long line providers, the cell phone service providers (along with the
likes of comcast but there aren't many like that), and in many
countries the monopoly providers of the whole, pardon the expression,
cloud of comm services, rather than their voice function which has
largely become just another app.

The big capitalization and generally government embedded
infrastructure players.

The problem is two-fold.

First they (the collective group I describe) honestly believe they can
manage large-scale engineering projects w/o the help of a lot of
volunteers beyond /fait accompli/ -- please stamp this new technology
we collectively have agreed to as a "standard". Compare and contrast
5G for example.

Second are the liability issues. They may generally manage to escape
direct liability e.g. for business damage due to address exhaustion or
security problems etc but insurance companies, banks, et al, can't and
those are big players with sway over the "telcos" to do something
about services they are paying collectively many billions per month
for and incurring damages from.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: IPv6 Pain Experiment

2019-10-08 Thread bzs


On October 8, 2019 at 19:12 nwar...@barryelectric.com (Nicholas Warren) wrote:
 > Sweet deals, would you kindly share your vendor?
 > 
 > 
 > It's not 1990 any more, a TB of RAM now costs a few thousand dollars
 > and is dropping rapidly (similar for fancy router RAM), we have
 > processor chips with 64 cores available practically off the shelf for
 > under $10K (32-core literally off the shelf, try any Microcenter),
 > etc. etc. etc.

https://www.amazon.com/Corsair-Vengeance-128GB-3000MHz-Memory/dp/B019X5RN84

128GB DDR4 3000MHZ, $614.99, 8x (for 1TB) $5534.91

https://www.newegg.com/p/N82E16819113581?item=N82E16819113581=region_mc=knc-googleadwords-pc_mmc=knc-googleadwords-pc-_-pla-_-processors+-+server-_-N82E16819113581=CjwKCAjw5_DsBRBPEiwAIEDRW9nFdIuUnfGyEWeXuDb77ndDA-phHT2-eUYIHkFNiPoOzzQ7cwgoLxoC1WMQAvD_BwE=aw.ds

Newegg, 64-core, AMD/EPYC, $7522.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: IPv6 Pain Experiment

2019-10-08 Thread bzs


On October 8, 2019 at 12:04 b...@herrin.us (William Herrin) wrote:
 > On Tue, Oct 8, 2019 at 12:01 PM  wrote:
 > 
 > My main point is, as I said, Bits is Bits, whether they're human
 > readable (for some value of "human") like URLs or long hex strings
 > which perhaps are less human readable.
 > 
 > 
 > Bits aren't just bits. Bits with useful properties (such as aggregability 
 > which
 > coincides with the routing structure) are better bits.

Yet somehow we manage to start with URLs (for example.)

My point is whatever is used it can be mapped to something perhaps
more efficient given some design goals, such as the DNS does. And for
that matter route lookup tables w/in routers.

So at the end of the day all that is absolutely needed is (reasonable)
unambiguity because in general ambiguity can't be fixed, the packet
has to go somewhere.

Different schemes might present different design opportunities but
they all need to be unambiguous as routing endpoints.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: IPv6 Pain Experiment

2019-10-08 Thread bzs


On October 7, 2019 at 23:13 o...@delong.com (Owen DeLong) wrote:
 > 
 > 
 > > On Oct 7, 2019, at 20:16 , b...@theworld.com wrote:
 > > 
 > > 
 > > Well if you all really want your heads to explode I was invited to
 > > give a talk a few years ago in Singapore at the local HackerSpace.
 > > 
 > > It called for something creative and different, not really an IETF
 > > sort of crowd.
 > > 
 > > So I proposed we dump numeric addresses entirely and use basically
 > > URLs in IP packets and elsewhere.
 > > 
 > > I really meant something like 'IP://www.TheWorld.com' in the
 > > source/dest addr, possibly more specific for multiple interfaces but
 > > whatevs.
 > 
 > It doesn’t break my brain, but it really doesn’t make a lot of sense when 
 > you get down to it.

No, doesn't break your brain, but then you proceed to look at an
electric car and protest "but where do you put the gasoline?!" (i.e.,
describe current routing architecture.)

Yes, Owen, given my admittedly off-beat (isn't that how I introduced
it?) proposal some things would have to change, as I said in the note
you were responding to, more than once.

>There’s also the issue that prefixes of that address format don’t tend to 
>aggregate well.
>
>I’m betting that not all of the WWW addresses go to the same ASN.

Perhaps you have noticed in your vast travels that domain names'
significance is generally read right to left not left to right like IP
addresses?

I did finish with:

> I'd agree the idea is several RFCs short of an internet but hey it's
> something to think about.

My main point is, as I said, Bits is Bits, whether they're human
readable (for some value of "human") like URLs or long hex strings
which perhaps are less human readable.

The only non-negotiable criteria is whether a given bitstring choice
is sufficiently unique to indicate routing endpoints.

It's not 1990 any more, a TB of RAM now costs a few thousand dollars
and is dropping rapidly (similar for fancy router RAM), we have
processor chips with 64 cores available practically off the shelf for
under $10K (32-core literally off the shelf, try any Microcenter),
etc. etc. etc.

It might be reasonable to think about how we might take advantage of
what we've learned in 30 years, particularly starting with the premise
that IPv6 adoption isn't doing very well. Perhaps we can do better.

I'm not quite sure the knee-jerk reaction "but we're neck deep in the
big muddy, we must continue forward! look at how long and how much
trouble it took us to get even neck deep!" should be dispositive.

P.S. My prediction?

The world's major telcos et al, having had enough of various problems,
from address exhaustion to non-stop security disasters, and the
chaotic responses, propose and begin implementing an alternative. And
that won't be through the IETF or similar.

Something I have learned about telcos and other vast business and govt
enterprises is they are willing to sit back, for decades if necessary,
and watch the pioneers break sod, find and grow the markets, take the
hits, fight range wars among themselves, etc.

And only then when what can be gained, and how, becomes clear they
move in with their vast capitalization and organizational skills.

"...now we stand outcast and starving 'mid the wonders we have made",
old union song.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


RE: IPv6 Pain Experiment

2019-10-08 Thread bzs


On October 8, 2019 at 03:00 michel...@tsisemi.com (Michel Py) wrote:
 > > Owen DeLong wrote :
 > > Well… I don’t run into this very often any more, but I guess if you have a 
 > > poorly run DNS environment, it might be more of an issue.
 > 
 > About half of my devices, including all the VOIP phones, do not have DNS. I 
 > just cannot afford to lose the phones if there is a DNS failure. They have 
 > DHCP, but not DNS.

Considering the audience here configuration, maintenance, and repair
might involve entering numeric IP addresses.

Not the average user? I don't know, define average, how many tens of
millions of sites out there have more than just edge routers? How many
have adequate educational and reference materials in their native
language? etc.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: IPv6 Pain Experiment

2019-10-07 Thread bzs


Well if you all really want your heads to explode I was invited to
give a talk a few years ago in Singapore at the local HackerSpace.

It called for something creative and different, not really an IETF
sort of crowd.

So I proposed we dump numeric addresses entirely and use basically
URLs in IP packets and elsewhere.

I really meant something like 'IP://www.TheWorld.com' in the
source/dest addr, possibly more specific for multiple interfaces but
whatevs.

Leave out the implied 'IP://' and my example is 16 chars just like
IPv6.

Routers could of course do what they like with those internally such
as maintain a hash table to speed look-ups. Not anyone outside of
router software developers' problem.

If one agreed on a standard hash algorithm further performance
improvements could be realized (e.g., inter-router comm could add the
hashes, who cares, implementation nit.)

So the question is how long would these be on average and even if it
was a little longer would anyone care? Is a nanosecond saved really a
nanosecond earned?

We're already kind of committed to IP addresses not really meaning
anything (that is, no routing info implied), they are mostly only a
way to pick the next interface to push the packet out of and only need
to be unique, sort of, with exceptions (umm, multicast.)

BITS IS BITS. They're just bits either way. And in my proposal pretty
easy to remember bits.

And Look Ma! No more DNS! Or a much reduced role.

I'd agree the idea is several RFCs short of an internet but hey it's
something to think about.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: IPv6 Pain Experiment

2019-10-07 Thread bzs


I think we're basically on the same page. But what I described
wouldn't use port numbers to fake extended addressing, just a flag and
some extra IP header for the extended addr bits.

On October 6, 2019 at 21:12 li...@packetflux.com (Forrest Christian (List 
Account)) wrote:
 > I've been ignoring this discussion because I feel this ship sailed many years
 > ago, and IPv6, like it or hate it, is the best way forward we have.
 > 
 > But, assuming you're expanding the address space, the simplest solution is to
 > add the additional bits addresses at the end.
 > 
 > I.E. every existing /32 gets an additional 64K addresses.   Or how many
 > correspond to the additional number of bits.
 > 
 > You can then add this without making any changes to the core of the 
 > internet. 
 >  It's all routed just like it is today, only paying attention to the first 
 > /32
 > of the address.     The remaining /16 or /32 or whatever is then only handled
 > internally by each network/ASN.     Heck, you might be able to this without
 > changing IP at all - instead, you could probably add an extension address 
 > layer
 > between IP and TCP.   So it's TCP/EXPADDR/IP.   
 > 
 > The motivation to upgrade can then come from the endpoints.   For a lot of
 > applications, one only would have to update the customer-end software (i.e. 
 > web
 > browsers), and the server end.   So if you're a google and are tired of 
 > trying
 > to obtain more and more addresses, you just get the main browser vendors to 
 > add
 > support for "IP Extended addressing" and then you add it on your servers.   
 > The
 > internet in the middle doesn't care.    As a host, all you need is a single /
 > 32.  At some point, eyeball networks could start handing out the extended
 > addresses or using them for NAT, also alleviating their need for IP's.
 > 
 > On the other hand, this sure seems similar to what we do today with CGNAT and
 > similar today since there are already 64K endpoints in both TCP and UDP per 
 > ./
 > 32 of IP 
 > 
 > On Sun, Oct 6, 2019 at 3:59 PM Valdis Klētnieks 
 > wrote:
 > 
 > On Sun, 06 Oct 2019 17:47:24 -0400, b...@theworld.com said:
 > 
 > > All a strictly IPv4 only host/router would need to understand in that
 > > case is the IHL, which it does already, and how to interpret whatever
 > > flag/option is used to indicate the presence of additional address
 > > bits mostly to ignore it or perhaps just enough to know to drop it if
 > > it's not implemented.
 > 
 > So... how would a strict IPv4 router handle the case where 
 > 8.8.4.5.13.9/40
 > should be routed to Cogent, but 8.8.4.5.17.168/40 should be routed via
 > Hurricane Electric, and no you can't just route to wherever 8.8.4.5 goes
 > because there's yet another peering war and nobody's baked a cake yet, so
 > sending packets for either route to the wrong link will cause 
 > blackholing?
 > 
 > 
 > 
 > 
 > --
 > - Forrest

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: IPv6 Pain Experiment

2019-10-07 Thread bzs


I didn't quite say nothing would need to be changed, only that the
changes would be by and large very minimal, some new cases in the
existing IPv4 stacks, rather than an entirely new stack. Particularly
for hosts, if this bit (flag, whatever) is set be sure to copy the
entire IP packet into your dest headers.

The extended addressing I describe could probably be mostly
implemented in hosts as a new ICMP option for extended addressing.

On October 6, 2019 at 17:58 valdis.kletni...@vt.edu (Valdis Klētnieks) wrote:
 > On Sun, 06 Oct 2019 17:47:24 -0400, b...@theworld.com said:
 > 
 > > All a strictly IPv4 only host/router would need to understand in that
 > > case is the IHL, which it does already, and how to interpret whatever
 > > flag/option is used to indicate the presence of additional address
 > > bits mostly to ignore it or perhaps just enough to know to drop it if
 > > it's not implemented.
 > 
 > So... how would a strict IPv4 router handle the case where 8.8.4.5.13.9/40
 > should be routed to Cogent, but 8.8.4.5.17.168/40 should be routed via
 > Hurricane Electric, and no you can't just route to wherever 8.8.4.5 goes
 > because there's yet another peering war and nobody's baked a cake yet, so
 > sending packets for either route to the wrong link will cause blackholing?
 > 
 > x[DELETED ATTACHMENT , application/pgp-signature]

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: IPv6 Pain Experiment

2019-10-06 Thread bzs


On October 6, 2019 at 16:35 jhellent...@dataix.net (J. Hellenthal) wrote:
 > And in which part of the header is this to be added ?

I assume you mean the additional address. The IHL provides for up to
60 bytes of IP header length. 20 bytes is needed for the usual IPv4
header so an additional 40 bytes are available or 20 bytes for each of
source and destination, adding the 4 bytes already present that's 24
bytes for each of source and destination or a theoretical total of 192
bits of (each) source and dest address.

All a strictly IPv4 only host/router would need to understand in that
case is the IHL, which it does already, and how to interpret whatever
flag/option is used to indicate the presence of additional address
bits mostly to ignore it or perhaps just enough to know to drop it if
it's not implemented.

 > 
 > -- 
 >  J. Hellenthal
 > 
 > The fact that there's a highway to Hell but only a stairway to Heaven says a 
 > lot about anticipated traffic volume.
 > 
 > > On Oct 6, 2019, at 15:58, b...@theworld.com wrote:
 > > 
 > > 
 > >> On October 6, 2019 at 15:18 mpal...@hezmatt.org (Matt Palmer) wrote:
 > >>> On Sat, Oct 05, 2019 at 04:36:50PM -0400, b...@theworld.com wrote:
 > >>> 
 > >>> On October 4, 2019 at 15:26 o...@delong.com (Owen DeLong) wrote:
 >  
 >  OK… Let’s talk about how?
 >  
 >  How would you have made it possible for a host that only understands 
 >  32-bit addresses to exchange traffic with a host that only has a 
 >  128-bit address?
 > >>> 
 > >>> A bit in the header or similar (version field) indicating extending
 > >>> addressing (what we call IPv6, or similar) is in use for this packet.
 > >> 
 > >> How does that allow the host that only understands 32-bit addresses to
 > >> exchange traffic with a host which sets this header bit?
 > > 
 > > As I said, it doesn't, but it lets each host decide that rather than
 > > the router tho if the host just knows enough to copy out the entire
 > > src/dst address (imagine the bits beyond the first 32 were in
 > > something like an extended ICMP options field w/in the IP header) then
 > > the rest could operate identically to ipv4.
 > > 
 > > So all you'd need added to a host IPv4 stack would be if you see this
 > > extended addressing flag/bit/whatever then there's more that needs to
 > > be copied out to each outgoing IP packet.
 > > 
 > > It would be the routers' job to interpret those extra bits for routing.
 > > 
 > > -- 
 > >-Barry Shein
 > > 
 > > Software Tool & Die| b...@theworld.com | 
 > > http://www.TheWorld.com
 > > Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
 > > The World: Since 1989  | A Public Information Utility | *oo*

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: IPv6 Pain Experiment

2019-10-06 Thread bzs


On October 6, 2019 at 15:18 mpal...@hezmatt.org (Matt Palmer) wrote:
 > On Sat, Oct 05, 2019 at 04:36:50PM -0400, b...@theworld.com wrote:
 > > 
 > > On October 4, 2019 at 15:26 o...@delong.com (Owen DeLong) wrote:
 > >  > 
 > >  > OK… Let’s talk about how?
 > >  > 
 > >  > How would you have made it possible for a host that only understands 
 > > 32-bit addresses to exchange traffic with a host that only has a 128-bit 
 > > address?
 > > 
 > > A bit in the header or similar (version field) indicating extending
 > > addressing (what we call IPv6, or similar) is in use for this packet.
 > 
 > How does that allow the host that only understands 32-bit addresses to
 > exchange traffic with a host which sets this header bit?

As I said, it doesn't, but it lets each host decide that rather than
the router tho if the host just knows enough to copy out the entire
src/dst address (imagine the bits beyond the first 32 were in
something like an extended ICMP options field w/in the IP header) then
the rest could operate identically to ipv4.

So all you'd need added to a host IPv4 stack would be if you see this
extended addressing flag/bit/whatever then there's more that needs to
be copied out to each outgoing IP packet.

It would be the routers' job to interpret those extra bits for routing.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: IPv6 Pain Experiment

2019-10-05 Thread bzs


On October 4, 2019 at 15:26 o...@delong.com (Owen DeLong) wrote:
 > 
 > OK… Let’s talk about how?
 > 
 > How would you have made it possible for a host that only understands 32-bit 
 > addresses to exchange traffic with a host that only has a 128-bit address?

A bit in the header or similar (version field) indicating extending
addressing (what we call IPv6, or similar) is in use for this packet.

They may not be able to talk but rather than a whole new stack it
would have just been an extension of the commonly used IPv4 stack,
more like a (e.g.) new ICMP option.

Or even an octet indicating how many octets in this address, default
would be four (or even a nybble indicating how many 16-bit words.)

Something simple like that could have, at least in the early stages
(which we're still in w/ IPv6 unfortunately), have been entirely
handled in userspace in the software.

IPv4? Do the usual. Extended addressing? Hand to a userspace
library. A minor poke to the drivers plus the userspace software. In
many cases wouldn't even require a reboot to install, but at worst a
quick reboot to install the low-level driver that knows to switch
extended addressing packets to userspace.

Particularly if the low 32 bits indicated the same IPv4 interface w/in
a campus so primarily only the routers needed to interpret the rest of
the address.

So it'd get to the right router who'd hand it off to the right
(32-bit) host. Only a problem if your campus happened to have 4B+
hosts (or maybe 2B+), not likely.

It's similar to IPv4v6 stacks but the host would return the full
address in the (extended) IP packet.

In current IPv4v6 stacks (NAT et al) the router has to keep track and
interpolate by rewriting the packets or similar. In what I describe
that's not necessary as each packet retains the full address as it
passes through the host.

Well, basically your question asks for a complete stack design right
here right now, is that really where we want to go?

But the sort of thing I suggest was suggested.

Some of the considerations as to why not do it this way were good,
such as get some other bugs/limitations out of IPv4. And some not so
good like bit-level performance and compatibilty considerations that
have changed considerably since 1990.

Were the 36-bit'ers still at the table in 1990? Probably.

And CGNAT et al wasn't really conceived of yet or not very completely
so it was assumed this would all be so urgent as to propel itself into
the mainstream.

 > 
 > How would you have made a 128-bit address more human-readable? Does it 
 > really matter?

That really depends on your priorities. If the priority was, as with
ipv4, location independence so all bits are equally meaningful (i.e.,
necessary to know what's desired), then it's difficult.

If it were actually treated as a potential problem then more defaults
may have been engineered in.

But since this is a human interface problem I lean towards better
software to view and manipulate addrs and let the engineers do what
they need to do.

It's the tail wagging the dog or perhaps the dog returning to its, um,
whatever.

We developed, w/ IPv4, this entire culture and software regime which
thought it was reasonable to sometimes enter/read IPv4 addrs because
they weren't too hard and then carried that over to IPv6 (not in
theory, in practice.)

Meaning, for example, if DNS isn't working for you then you're often
left to entering raw IP addresses manually, and "you" can often be
non-technical users. IPv4, not a big deal, IPv6, challenging.

Mere cut+paste no doubt helps.

 > 
 > IPv4 is not particularly human readable. How many hosts do you keep IPv4 
 > addresses in your head for? How long does it take you to get someone at the 
 > other end of a support call to correctly transcribe an IPv4 address?

IPv4 is not that much more difficult than a phone number. IPv6 is.

IPv4 benefits from chunking, like phone numbers.

If I have an idea of the "net", by which I mean the part which comes
up repeatedly (such as w/in a campus) often the first two numbers,
then all I really have to remember anew is the last two numbers, maybe
only the last. For IPv6 it can be more difficult to commit a prefix to
memory even if it's used somewhat regularly.

But I'd agree this is mostly a red herring, better human interface
software should help and that might take time to evolve.

 > 
 > All of this is mostly absurd as DNS names are human readable regardless of 
 > whether they point to A, , or both records.

As I said it often comes up precisely because, for some reason, DNS
isn't available or not working correctly.

 > 
 > Owen
 > 

Anyhow, this is all fantasy sports.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: FW: This DNS over HTTP thing

2019-10-03 Thread bzs


Whether people make actual monetary profit off child porn is a red
herring.

Literally billions make postings to social media such as FB, Twitter,
(not child porn I mean in general) and very, very few get paid.

There are many reasons people might do this -- make child porn
available -- including just approbation and camaraderie from
like-minded individuals.

One blocks and prosecutes, etc, child porn in any way they can because
one wants to isolate and punish that activity.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: This DNS over HTTP thing

2019-10-01 Thread bzs


Everyone's (who's anyone) is looking for free curation of the net!

Maybe one more law or regulation will do it. Look at how well it
stomped out spam!

Put more grimly:

For over 100 years Europe, and others, have imagined the path to
paradise is paved with new and improved censorship.

Results have been sub-optimal.

Perhaps one really needs to go after the perps rather than their
digital images.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Weekly Routing Table Report

2019-08-30 Thread bzs


On August 30, 2019 at 15:09 patr...@ianai.net (Patrick W. Gilmore) wrote:
 > 
 > Stop and think about that for a second. You had a part in literally changing 
 > the world.

Some of us had a part in literally creating TheWorld(.com) :-)

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Protecting 1Gb Ethernet From Lightning Strikes

2019-08-14 Thread bzs


Are "surge protectors" really of much use against lightning? I suspect
not, other than minor inductions tho perhaps some are specially
designed for lightning. I wouldn't assume, I'd want to see the word
"lightning" in the specs.

I once had a lightning strike (at Harvard Chemistry), probably just an
induction on a wire some idiot had strung between building roofs (I
didn't even know it existed) and the board it was attached to's solder
was melted and burned, impressive! More impressive was the board
mostly worked, it was just doing some weird things which led me to
inspect it...oops.

My understanding was that the only real protection is an "air gap",
which a piece of fiber will provide in essence, and even that better
be designed for lightning as it can leap small gaps.

Check your insurance, including the deductibles, keep spares on hand.

P.S. My grandmother would tell a story about how what sounded like the
ever-controversial "ball lightning" came into her home when she was
young. Good luck with that!

  https://en.wikipedia.org/wiki/Ball_lightning

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: What can ISPs do better? Removing racism out of internet

2019-08-07 Thread bzs


On August 7, 2019 at 18:43 cov...@ccs.covici.com (John Covici) wrote:
 > Well, I don't want any net nannies sensoring the news I get, any ideas
 > the nanny does not like I will never see (?)

Then you wouldn't buy it. Netnanny exists now, do you use it? No?
Would you use it? No. Then nothing would change.

P.S. Netnanny is an actual product parents can buy to put a filter on
their children's access to the internet. I have no interest, it's just
become a term for that kind of thing.

 > On Wed, 07 Aug 2019 15:37:48 -0400,
 > b...@theworld.com wrote:
 > > 
 > > 
 > > I propose that the RIGHT THING TO DO would be to seek out, promote (to
 > > both customers and the public), and support various curation services
 > > like netnanny.
 > > 
 > > Promoting the idea that third-party curation is a service one can
 > > obtain into the public discussion can only be good.
 > > 
 > > -- 
 > > -Barry Shein
 > > 
 > > Software Tool & Die| b...@theworld.com | 
 > > http://www.TheWorld.com
 > > Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
 > > The World: Since 1989  | A Public Information Utility | *oo*
 > 
 > -- 
 > Your life is like a penny.  You're going to lose it.  The question is:
 > How do
 > you spend it?
 > 
 >  John Covici wb2una
 >  cov...@ccs.covici.com

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


RE: What can ISPs do better? Removing racism out of internet

2019-08-07 Thread bzs


Netnanny is mostly sold for parents to put on their children's access.

You're not thinking this through.

Promote third-party curation, those who never want to see content they
find disturbing can PURCHASE* that service rather than bugging their
congressperson to demand that ISPs provide this for everyone for free
by law.

* No reason it couldn't be ad-supported but I hope you get my point.

On August 7, 2019 at 16:34 kmedc...@dessus.com (Keith Medcalf) wrote:
 > 
 > On Wednesday, 7 August, 2019 13:38, b...@theworld.com wrote:
 > 
 > >I propose that the RIGHT THING TO DO would be to seek out, promote
 > >(to >both customers and the public), and support various curation 
 > >services like netnanny.
 > 
 > IANAP (I Am Not A Psychiatrist) however, persons who, when reading or 
 > hearing the words of others cannot control the images which leap, unbidden, 
 > into their minds causing them to offend themselves or otherwise instill in 
 > themselves a self-created state of distress, should, IMHO, seek professional 
 > help from a trained and certified mental health professional who may be able 
 > to help them overcome their mental disability either through psychotherapy 
 > or the administration of psychoactive drugs.
 > 
 > I do not think NetNanny is a certified mental health professional in any 
 > jurisdication -- at least not those within the NANOG region.
 > 
 > -- 
 > The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
 > lot about anticipated traffic volume.
 > 
 > 
 > 
 > 

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: What can ISPs do better? Removing racism out of internet

2019-08-07 Thread bzs


I propose that the RIGHT THING TO DO would be to seek out, promote (to
both customers and the public), and support various curation services
like netnanny.

Promoting the idea that third-party curation is a service one can
obtain into the public discussion can only be good.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: What can ISPs do better? Removing racism out of internet

2019-08-06 Thread bzs


And now this has happened, in a nutshell France's lower house says
remove content which is "obviously hateful" (words used in the
article) in 24 hours or face up to a 1.25M euro fine.

Granted perhaps it won't become law.

But legislators are clearly becoming consumed with this whole internet
fad and when all you have is a hammer the whole world looks like a
nail.

I'd argue all they're trying to legislate is free curation from
providers which is a really lousy thing to do.

https://www.msn.com/en-us/news/world/frances-lower-house-passes-online-hate-speech-law/ar-AAE5prg

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: What can ISPs do better? Removing racism out of internet

2019-08-06 Thread bzs


On August 5, 2019 at 19:02 valdis.kletni...@vt.edu (Valdis Klētnieks) wrote:
 > 
 > Hint:  The DMCA has the text about data stored on ISP servers because many 
 > ISPs
 > aren't mere conduits.  And this thread got started regarding a CDN, which is 
 > very much
 > all about storing data on servers.

I acted as an expert witness for the FBI regarding a case which
revolved around whether email spending time on intermediate servers is
"storing" the data or is it just another form of wire transmission?

I don't think they came to a definitive conclusion, the case was
basically settled out of court, plea-bargained I think, it was a
criminal matter.

But needless to say, once again, a non-legal-expert's reading of
"storing data on servers" doesn't amount to a hill of beans in the
legal world.

It turned out to be very important at least in theory since illegally
intercepting a wire transmission falls under a completely different
law than illegally accessing stored data, the defendant was arguing
that he'd been charged under the wrong law, and the court agreed it
was a valid point to investigate.

So my phone rang and I tried to help with the part of that (technical)
I knew something about, how internet email is transmitted etc. But I
was briefed on the legal aspects to help me focus on what they needed
and I agreed it isn't /prima facie/ obvious.

For example you may see storing of email (which may not even mean to a
physical disk) during transmission through intermediate servers as
"storing of data" but then again many network devices have various
buffering mechanisms in which data might reside for some amount of
time. Are they legally distinguishable? Should they be? etc.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: What can ISPs do better? Removing racism out of internet

2019-08-05 Thread bzs


One tiny bit of sermonizing not aimed at anyone in particular:

Interested amateurs tend to study the wording of laws.

Lawyers tend to study case law, actual cases and their outcomes.

In part that's because, besides the hazards of interpretation, laws
often conflict, supercede each other, modify each other, have
unexpressed limits particularly regarding jurisdiction and other
matters of process and applicability, etc etc etc and that all tends
to come out and get defined in the case law. And case law tends to be
dispositive, /stare decisis/ and all that, precedents.

And if that paragraph bored the crap out of you then good luck
guessing at what a few thousand pages of case law on a topic will do
to you.

TBH some of this is like watching someone try to set up a router using
only the marketing brochures.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: What can ISPs do better? Removing racism out of internet

2019-08-05 Thread bzs


My first suggestion would be to include an indemnification clause in
your contracts which includes liability for content, if you don't
already have it (probably most do.)

And a clause which indicates you (need lawyering for this) will seek
expenses including but not limited to legal, judgements, reputational
recovery (e.g., cost of producing press releases), etc, incurred by
actions taken by customer.

I've long had something like the latter regarding anyone using our
facilities to spam and I have billed spammers, and have collected some
of those bills.

I don't do this punitively. I really like to be paid for our time and
services!

Their behavior doesn't give them free access to our time even in the
form of responding to emails ("above and beyond normal") or phone
calls etc regarding their behavior.

I also included a clause that allows me to require an immediate
deposit if the outstanding bill rises above (pick a number) and
failure to provide that deposit or work out an arrangement is grounds
for suspension of services.

That allows for nearly immediate action rather than putting it into a
30 day billing cycle.

But the real power of generating that sort of bill is if they won't or
don't pay ok then they've been shut off not for their content etc but
for non-payment have a nice day.

And if they pay, ok.

As I said I have been paid generally with a promise to moderate their
behavior, usually involving too-aggressive email advertising causing a
lot of complaints. Perhaps not spamming in spirit but if we come in to
100+ complaints which need to be responded to I ain't payin' for that!

But beyond their right to express themselves, which I'm ok with, they
need to be financially responsible for their costs. Free speech is not
necessarily "free" as in beer.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Feasibility of using Class E space for public unicast (was re: 44/8)

2019-07-27 Thread bzs


On July 26, 2019 at 21:19 do...@dougbarton.us (Doug Barton) wrote:
 > All of this, plus what Fred Baker said upthread.
 > 
 > When I was running the IANA in the early 2000's we discussed this issue with
 > many different experts, hardware company reps, etc. Not only was there a
 > software issue that was insurmountable for all practical purposes (pretty 
 > much
 > every TCP/IP stack has "Class E space is not unicast" built in), in the case 
 > of
 > basically all network hardware, this limitation is also in the silicon. So 
 > even
 > if it were possible to fix the software issue, it would not be possible to 
 > fix
 > the hardware issue without replacing pretty much all the hardware.
 > 

Not particularly interested in arguing for using Class E space but
this "not compatible" reasoning would seem to have applied to IPv6 in
the early 2000s (whatever, pick an earlier date when little supported
IPv6) just as well, pretty much.

So in and of itself it's not a show-stopper. Just a matter of whether
there's an overall positive ROI.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Postmaster@

2019-06-15 Thread bzs


I wonder how much do-not-reply@ and similar is spammed?

On June 15, 2019 at 01:47 m...@beckman.org (Mel Beckman) wrote:
 > Postmaster@ is so widely spammed as to be useless. Standards, and even laws, 
 > can be overcome by reality. Witness the DoNotCall list.
 > 
 >  -mel beckman
 > 
 > > On Jun 14, 2019, at 6:45 PM, Gary E. Miller  wrote:
 > > 
 > > Yo All!
 > > 
 > > Is it no longer required to monitor the postmaster@ ?
 > > 
 > > Did RFC 822 and RFC 5321 get repealed?  Or is M$ more special than the
 > > rest of us?
 > > 
 > > RGDS
 > > GARY
 > > ---
 > > Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
 > >g...@rellim.com  Tel:+1 541 382 8588
 > > 
 > >Veritas liberabit vos. -- Quid est veritas?
 > >"If you can’t measure it, you can’t improve it." - Lord Kelvin
 > > 
 > > 
 > > Begin forwarded message:
 > > 
 > > Date: Sat, 15 Jun 2019 01:38:16 +
 > > From: The Outlook.com Team 
 > > To: 
 > > Subject: Fw: gem : rellim541
 > > 
 > > 
 > > This email address is not monitored. Please visit
 > > http://postmaster.outlook.com for information about sending email to
 > > Outlook.com, including troubleshooting information. If you are an
 > > Outlook.com user please visit http://answers.microsoft.com/ to learn
 > > more about our services, find answers to your questions, and share your
 > > feedback.
 > > 
 > > Sincerely,
 > > 
 > > Outlook.com Team
 > > Microsoft
 > > One Microsoft Way. Redmond, WA 98052, USA.
 > > 
 > > 
 > > 
 > > Microsoft respects your privacy. To learn more, please read our online
 > > Privacy Statement at http://privacy.microsoft.com

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Spamming of NANOG list members

2019-06-01 Thread bzs


WARNING: I AM ABOUT TO PONTIFICATE!

Many of the lists etc I'm on get spamt and that's followed by a stream
of "we're getting spamt!" (either directly or scraped) agonizing, over
and over.

I've been involved in the spam problems since before some of you were
bornt (ok I'll stop with the stupid past participles), late 90s, and
the net since the 1970s.

Instead of this non-stop quarter century of agonizing maybe it's high
time to admit failure, that we designed a system which is subject to
spam and that was a mistake, a big mistake.

I know, where's the FUSSP, the proposal, so you can shoot it down?

I won't do that, not here.

But I do think we need, and have needed for a couple of decades, some
sort of radical rethink.

Times have changed, ideas which were not practical 20 years ago are
perhaps possible today due to, if nothing else, cheaper, faster
hardware and networks etc.

I guess I'm an idealist but I also get a little sick of the endless
cycle of complaining, agonizing, and assertions that everything has
been tried and nothing can help which mostly amount to we like/hate
email just as it is.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Power cut if temps are too high

2019-05-28 Thread bzs


On May 28, 2019 at 19:56 o...@delong.com (Owen DeLong) wrote:
 > It’s unlikely to apply to much of anything in a datacenter other than disks.

Ok, disks, a mere bagatelle of a concern.

Then again obviously disks have gotten much, much better about thermal
change since people in, e.g., temperate climates might take their
laptops' running disks from a long, frigid walk into a warm building.

There was a time when you weren't supposed to move a disk while it was
still spinning (e.g., hot swaps had to be able to cut power before
removal so you could give the heads several seconds to stop and park),
not sure how they solved that so completely, again, laptops.

 > The reason it applies to disks is because rapid cooling of a drive will lead 
 > to uneven cooling of the platters which may cause abnormal stresses leading 
 > to shattering and/or warpage (depending on the material the drive platters 
 > are made from).

Also head clearances and other moving parts tolerances.

 > 
 > Most electronic components can tolerate a pretty steep thermal curve in 
 > either direction so long as the curve doesn’t take them out of spec one way 
 > or the other.
 > 
 > Also, most circuit boards and the like do not have enough mass to surface 
 > area ratio to lead to significant temperature differentials within a small 
 > physical distance.

Then again if you're cooling a room from, say, 115F to 70F you only
need one excuse to consider the rate of cooling and disks would be a
pretty good excuse.

SSDs no doubt are obsoleting even that concern.

But I still tend to worry about the relationship of resistance to
temperature in circuits as a general principle tho perhaps in the
likely range it's not a major concern.

Anyhow, IT'S WORTH A THOUGHT if something extreme happens to
temperatures in your machine room.

You might not want to fling open the doors and windows of a 110+F room
to 0F outside air and begin turning everything back on as the room's
air thermometer begins to register 70F a few minutes later.

Water condensation can also be a concern, after a prolonged A/C
failure it may be hot and humid in the room depending on the climate
etc.

File Under: MORE THINGS TO WORRY ABOUT!

 > Owen
 > 
 > 
 > > On May 28, 2019, at 12:18 , b...@theworld.com wrote:
 > > 
 > > 
 > > Something to keep in mind is that some equipment, disks in particular,
 > > should only be cooled at a certain rate once they're hot, often
 > > annoyingly slow by the specs like 2-3 degrees C per hour but there are
 > > probably circuits sensitive to this also which could be anywhere.
 > > 
 > > It came up because it happened to me in Cambridge, MA in the dead of
 > > winter and every helpful person in the building came by to suggest I
 > > just open windows and doors to the snowy outdoors to get things
 > > running sooner.
 > > 
 > > It should be in the specs and if you're concerned about equipment
 > > running in too hot an environment you might be concerned about this
 > > also. Particularly after a forced power-down which also powers down
 > > equipment fans while the chips etc are still hot so will continue
 > > heating cases.
 > > 
 > > Ambient air temperature might not be telling you the whole story is
 > > the point.
 > > 
 > > I keep one of those big 5' fans, looks like something they use in
 > > Hollywood for windstorms and feels a bit like it on high, for just
 > > this sort of reason tho even if I just think it's getting warm, and
 > > several smaller fans to point at racks etc.
 > > 
 > > The best thing you can do if it gets too hot is keep the air moving.
 > > 
 > > (Where to plug the fans in after a power shutdown is your problem, I
 > > knew someone would think that!)
 > > 
 > > -- 
 > >-Barry Shein
 > > 
 > > Software Tool & Die| b...@theworld.com | 
 > > http://www.TheWorld.com
 > > Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
 > > The World: Since 1989  | A Public Information Utility | *oo*
 > 

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Power cut if temps are too high

2019-05-28 Thread bzs


Something to keep in mind is that some equipment, disks in particular,
should only be cooled at a certain rate once they're hot, often
annoyingly slow by the specs like 2-3 degrees C per hour but there are
probably circuits sensitive to this also which could be anywhere.

It came up because it happened to me in Cambridge, MA in the dead of
winter and every helpful person in the building came by to suggest I
just open windows and doors to the snowy outdoors to get things
running sooner.

It should be in the specs and if you're concerned about equipment
running in too hot an environment you might be concerned about this
also. Particularly after a forced power-down which also powers down
equipment fans while the chips etc are still hot so will continue
heating cases.

Ambient air temperature might not be telling you the whole story is
the point.

I keep one of those big 5' fans, looks like something they use in
Hollywood for windstorms and feels a bit like it on high, for just
this sort of reason tho even if I just think it's getting warm, and
several smaller fans to point at racks etc.

The best thing you can do if it gets too hot is keep the air moving.

(Where to plug the fans in after a power shutdown is your problem, I
knew someone would think that!)

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Mostly name and shame...

2019-05-13 Thread bzs


Why has OUTLOOK.COM allowed daily dictionary spammers to operate from
their net, FOR YEARS?

It can't be that hard to detect and block.

2019-05-13T17:00:18.194103-04:00 pcls6 sendmail[14128]: NOUSER: proctor5 
relay=mail-eopbgr740053.outbound.protection.outlook.com [40.107.74.53]
2019-05-13T17:00:18.444848-04:00 pcls6 sendmail[14128]: NOUSER: proctor4 
relay=mail-eopbgr740053.outbound.protection.outlook.com [40.107.74.53]
2019-05-13T17:00:18.698977-04:00 pcls6 sendmail[14128]: NOUSER: proctor2 
relay=mail-eopbgr740053.outbound.protection.outlook.com [40.107.74.53]
2019-05-13T17:00:18.952548-04:00 pcls6 sendmail[14128]: NOUSER: proctor10 
relay=mail-eopbgr740053.outbound.protection.outlook.com [40.107.74.53]
2019-05-13T17:10:27.523597-04:00 pcls6 sendmail[19471]: NOUSER: proctor6 
relay=mail-eopbgr810043.outbound.protection.outlook.com [40.107.81.43]
2019-05-13T17:10:27.775984-04:00 pcls6 sendmail[19471]: NOUSER: proctor5 
relay=mail-eopbgr810043.outbound.protection.outlook.com [40.107.81.43]
2019-05-13T17:10:28.029744-04:00 pcls6 sendmail[19471]: NOUSER: proctor4 
relay=mail-eopbgr810043.outbound.protection.outlook.com [40.107.81.43]
2019-05-13T17:10:28.283016-04:00 pcls6 sendmail[19471]: NOUSER: proctor2 
relay=mail-eopbgr810043.outbound.protection.outlook.com [40.107.81.43]
2019-05-13T17:10:28.537106-04:00 pcls6 sendmail[19471]: NOUSER: proctor10 
relay=mail-eopbgr810043.outbound.protection.outlook.com [40.107.81.43]
2019-05-13T17:30:47.045677-04:00 pcls6 sendmail[31621]: NOUSER: proctor6 
relay=mail-eopbgr810072.outbound.protection.outlook.com [40.107.81.72]
2019-05-13T17:30:47.299131-04:00 pcls6 sendmail[31621]: NOUSER: proctor5 
relay=mail-eopbgr810072.outbound.protection.outlook.com [40.107.81.72]
2019-05-13T17:30:47.552492-04:00 pcls6 sendmail[31621]: NOUSER: proctor4 
relay=mail-eopbgr810072.outbound.protection.outlook.com [40.107.81.72]
2019-05-13T17:30:47.804233-04:00 pcls6 sendmail[31621]: NOUSER: proctor2 
relay=mail-eopbgr810072.outbound.protection.outlook.com [40.107.81.72]
2019-05-13T17:30:48.056635-04:00 pcls6 sendmail[31621]: NOUSER: proctor10 
relay=mail-eopbgr810072.outbound.protection.outlook.com [40.107.81.72]
2019-05-13T17:35:05.867715-04:00 pcls6 sendmail[1352]: NOUSER: proctor9 
relay=mail-eopbgr50127.outbound.protection.outlook.com [40.107.5.127]
2019-05-13T17:35:06.120021-04:00 pcls6 sendmail[1352]: NOUSER: proctor7 
relay=mail-eopbgr50127.outbound.protection.outlook.com [40.107.5.127]
2019-05-13T17:35:06.372603-04:00 pcls6 sendmail[1352]: NOUSER: proctor6 
relay=mail-eopbgr50127.outbound.protection.outlook.com [40.107.5.127]
2019-05-13T17:35:06.627583-04:00 pcls6 sendmail[1352]: NOUSER: proctor5 
relay=mail-eopbgr50127.outbound.protection.outlook.com [40.107.5.127]
2019-05-13T17:35:06.885218-04:00 pcls6 sendmail[1352]: NOUSER: proctor 
relay=mail-eopbgr50127.outbound.protection.outlook.com [40.107.5.127]

etc etc etc etc.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: any interesting/useful resources available to IPv6 only?

2019-05-07 Thread bzs


That's it! Put your stuff on IPv6-only and vastly improve your
security footprint!

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: Should Netflix and Hulu give you emergency alerts?

2019-03-09 Thread bzs


I'm old. I was online @MIT-AI the night the pentagon (probably DISA?)
started broadcasting messages that basically the ARPAnet was going
down for "emergency testing" blah blah.

I thought it was a prank so just kept working.

Another message or two and it all went dead, CONNECTION LOST

Couldn't dial back in.

Idjits, oh well.

The next morning I found out some students (not MIT students) had
taken over the US embassy in Tehran so that would have been 1979-11-04
more or less.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking

2019-02-27 Thread bzs


I have proposed many times to just move domain WHOIS data into a new
RRTYPE and let whoever owns the domain put in that whatever they want,
including (and perhaps most usefully for many) just a URL for further
detail.

Obviously registries/registrars/ICANN can require and maintain more
specific and validatable information from domain owners.

I only mean the publicly accessible WHOIS info.

It was a reaction to the whole GDPR foofraw: Let each domain owner
control their own publicly visible data with some default (like we see
now) initialized by registrars on purchase via a new RRTYPE perhaps
call it WHOIS tho there are some which might be reused for this
purpose, TBD.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


  1   2   3   >