Re: NIST NTP servers

2016-05-11 Thread Lyndon Nerenberg
> On May 11, 2016, at 5:42 PM, Scott Weeks wrote: > > Wouldn't the buffers empty in a FIFO manner? They will empty in whatever order the implementation decides to write them. But what's more important is the order in which the incoming packets are presented to the syslogd process. If you're l

Re: NIST NTP servers

2016-05-12 Thread Lyndon Nerenberg
[...] but I would also have doubts over running anything business critical on a RP2. We use them as reverse terminal servers, for dhcp/tftp bootstrapping other machines, and soon, NTP. They are absolutely rock solid. There's something to be said for "no moving parts inside." --lyndon

Re: Netflix VPN detection - actual engineer needed

2016-06-03 Thread Lyndon Nerenberg
> On Jun 3, 2016, at 4:59 PM, jim deleskie wrote: > > I don't suspect many folks that are outside of this list would likely have > any idea how to set up a v6 tunnel. Those of us on the list, likely have a > much greater ability to influence v6 adoption or not via day job > deployments then Net

Re: Netflix VPN detection - actual engineer needed

2016-06-06 Thread Lyndon Nerenberg
> 1. C-band teleport in Singapore with SingTel IPs, remote terminals in > Afghanistan. > > 2. Ku-band teleport in Germany with IP space in an Intelsat /20, remote > terminal on the roof of a US government diplomatic facility in > $DEVELOPING_COUNTRY > > 3. Teleports in Miami with IP space that lo

Re: Netflix VPN detection - actual engineer needed

2016-06-06 Thread Lyndon Nerenberg
> In other words, it's not just Netflix that has this problem... No, it's Netflix that has the problem. Audible actually gives a fuck about their customers.

yahoo mta admin help needed

2016-07-01 Thread Lyndon Nerenberg
Is there a Yahoo MTA admin listening who can help diagnose what might be a network ACL block to one of our SMTP server subnets? Thanks, --lyndon

Re: Chinese root CA issues rogue/fake certificates

2016-08-31 Thread Lyndon Nerenberg
> On Aug 31, 2016, at 6:36 PM, Matt Palmer wrote: > > Thanks, Netscape. Great ecosystem you built. Nobody at that time had a clue how this environment was going to scale, let alone what the wide-ranging security issues would be. And where were you back then, not saving us from our erroneous

Re: Kudos to Rogers Wireless on IPv6 deployment

2016-10-01 Thread Lyndon Nerenberg
> On Oct 1, 2016, at 8:37 PM, Hugo Slabbert wrote: > > So, kudos, Rogers Wireless! This has also been live on Roger's Fido sub-brand for a while now, too. 2605:8d80:484:: is live in Vancouver. --lyndon

Re: Legislative proposal sent to my Congressman

2016-10-03 Thread Lyndon Nerenberg
In thinking over the last DDos involving IoT devices, I think we don't have a good technical solution to the problem. Cutting off people with defective devices they they don't understand, and have little control over, is an action that makes sense, but hurts the innocent. "Hey, Grandma, did yo

Re: Legislative proposal sent to my Congressman

2016-10-03 Thread Lyndon Nerenberg
But that does not remove those devices from the network. That ship has sailed.

Re: Legislative proposal sent to my Congressman

2016-10-03 Thread Lyndon Nerenberg
This is where device profiles could help. If enough devices register profiles with the local router, at some point the router's default could be closed, so devices with no profile can't talk to the outside. That would be nice, but a manufacturer who can't be bothered to take even the most basi

Re: Legislative proposal sent to my Congressman

2016-10-03 Thread Lyndon Nerenberg
> On Oct 3, 2016, at 5:39 PM, Jay R. Ashworth wrote: > > You're not familiar with CPSC mandatory recalls, are you? I'm not sure how you could make the case that a compromised DVR, e.g., directly creates a risk of physical injury to a person. Without that, I don't see how the CPSA would apply

Re: Legislative proposal sent to my Congressman

2016-10-03 Thread Lyndon Nerenberg
> On Oct 3, 2016, at 6:33 PM, Matthew Petach wrote: > > If you hold the executives of the hardware manufacturer > responsible for the software running on their devices, > then the next generation of hardware from every > manufacturer is going to be hardware locked to > ONLY run their software.

Re: Legislative proposal sent to my Congressman

2016-10-03 Thread Lyndon Nerenberg
> On Oct 3, 2016, at 6:52 PM, Lyndon Nerenberg wrote: > > It's the closed software that is fscking everything up right now. A little > sunshine on the code base will go a long way towards those people not losing > their Ferrari's after all. Or coming from a more

Re: Canada joins the 21st century !

2016-12-23 Thread Lyndon Nerenberg
Canada should just have Comcast (or is it "Xfinity"?) provided nation-wide Internet service as a for-profit monopoly. Just as long as we have *someone* to Telus whom to chose.

Re: Is WHOIS going to go away?

2018-04-21 Thread Lyndon Nerenberg
> On Apr 21, 2018, at 1:58 PM, b...@theworld.com wrote: > > That's actually an excellent point and counterpoint to my suggestion > to move the WHOIS information into DNS RRs. > > But backup and failover are reasonably well understood technologies > where one cares. Registrars could for example c

Re: Is WHOIS going to go away?

2018-04-21 Thread Lyndon Nerenberg
> On Apr 21, 2018, at 2:27 PM, Lyndon Nerenberg wrote: > >> But backup and failover are reasonably well understood technologies >> where one cares. Registrars could for example cache copies of those >> zone records and act as failover whois servers. Sorry! I left ou

Re: Is WHOIS going to go away?

2018-04-21 Thread Lyndon Nerenberg
> On Apr 21, 2018, at 2:47 PM, Keith Medcalf wrote: > > Actually, a I doubt that there are any "real" people with vanity domains > behind this move. I suspect that it is the scammers and spammers who want to > hide their information for very good reason. > > And of course, the "powers of the

Re: Is WHOIS going to go away?

2018-04-21 Thread Lyndon Nerenberg
> On Apr 21, 2018, at 3:48 PM, Mark Andrews wrote: > > You have a logic fail. This fails because it STILL depends on the DNS for > the zone working. If the DNS fails to that extent, everything fails. I was addressing the single application endpoint point-of-failure. But from a practical st

Re: SHA1 collisions proven possisble

2017-02-23 Thread Lyndon Nerenberg
> On Feb 23, 2017, at 6:10 PM, Ricky Beam wrote: > > When you can do that in the timespan of weeks or days, get back to me. Stop thinking in the context of bits of fake news on your phone. Start thinking in the context of trans-national agreements that will soon be signed by such keys. --ly

mailops https breakage

2017-06-11 Thread Lyndon Nerenberg
> On Aug 27, 2016, at 6:46 PM, Matt Palmer wrote: > > On Sat, Aug 27, 2016 at 01:25:42AM -, John Levine wrote: >> In article >> you >> write: >>> I was working within the limits of what I had available. >> >> Here's the subscription page for mailop. It's got about as odd >> a mix of peo

Re: Hurricane Maria: Dominica partial communications restored

2017-09-20 Thread Lyndon Nerenberg
> On Sep 20, 2017, at 6:40 PM, Sean Donelan wrote: > > Some ham radio operators have been verified as operating from Dominica. Its > an unfortunate, but necessary thing that needs to be verified during disaster > communications. I'm not clear what you're getting at here. Are you saying peopl

Re: RFC 1918 network range choices

2017-10-05 Thread Lyndon Nerenberg
> On Oct 5, 2017, at 4:52 PM, Steve Feldman wrote: > > I have a vague recollection of parts of 192.168.0.0/16 being used as default > addresses on early Sun systems. If that's actually true, it might explain > that choice. 192.9.200.X rings a bell; but those might have been the example addre

Re: Suggestions for a more privacy conscious email provider

2017-12-04 Thread Lyndon Nerenberg
> On Dec 4, 2017, at 3:19 AM, Edwin Pers wrote: > > As an anecdotal aside, approx. 70% of incoming portscanners/rdp bots/ssh > bots/etc that hit the firewalls at my sites are coming from AWS. > I used to send abuse emails but eventually gave up after receiving nothing > beyond "well, aws ip's

Re: Waste will kill ipv6 too

2017-12-28 Thread Lyndon Nerenberg
> On Dec 28, 2017, at 2:31 PM, Thomas Bellman wrote: > > My problem with the IPv6 addressing scheme is not the waste of 64 bits > for the interface identifier, but the lack of bits for the subnet id. > 16 bits (as you normally get a /48) is not much for a semi-large organi- > zation, and will fo

Re: Waste will kill ipv6 too

2017-12-28 Thread Lyndon Nerenberg
> On Dec 28, 2017, at 3:28 PM, Brock Tice wrote: > > We are currently handing out /52s to customers. Based on a reasonable > sparse allocation scheme that would account for future growth that > seemed like the best option. Could you detail the reasoning behind your allocation scheme? I.e., wha

Re: Waste will kill ipv6 too

2017-12-28 Thread Lyndon Nerenberg
> On Dec 28, 2017, at 4:57 PM, Lyndon Nerenberg wrote: > > Instead, think about how we can carve up a 2^61 address space (based on the > current /3 active global allocation pool) between 2^32 people (Earth's > current population) Of course, I screwed up the number

Re: Waste will kill ipv6 too

2017-12-28 Thread Lyndon Nerenberg
> :: Isn't this the utopia we've been seeking out? > > I like that one! :-) Seriously. If we run out of networks while handing out /48s, by migrating everything to HTTPS we can claw back the 16 bit 'port' field in the IP header and reassign it as part of the 140-bit IPv6.1 address space. Min

Re: Waste will kill ipv6 too

2017-12-28 Thread Lyndon Nerenberg
> On Dec 28, 2017, at 6:11 PM, Scott Weeks wrote: > > All I was trying to say is there're going to be things > not thought of yet that will chew up address space > faster than ever before now that everyone believes it's > essentially inexhaustible. And, I expect, sooner than > imagined. If

Re: Waste will kill ipv6 too

2017-12-28 Thread Lyndon Nerenberg
Peripherally, it's worth noting that, in far less time then we have not migrated from IPv4 to IPv6, the UK moved from 7-digit to 11-digit telephone numbers. If that's not embarrassing ... --lyndon

Re: Waste will kill ipv6 too

2017-12-28 Thread Lyndon Nerenberg
> On Dec 28, 2017, at 6:54 PM, Ricky Beam wrote: > > Home networks with multiple LANs??? Never going to happen; people don't know > how to set them up, and there's little technical need for it. Again, you are assuming you know how people will use networks forever. Stop overthinking things,

Re: Waste will kill ipv6 too

2017-12-28 Thread Lyndon Nerenberg
> On Dec 28, 2017, at 7:28 PM, Tony Wicks wrote: > > I think its time you all had a bit of a holiday break and stopped thinking > of IP networking for a little while, Just saying... Nah. This is a useful conversation (and argument) to have.

Re: Waste will kill ipv6 too

2017-12-28 Thread Lyndon Nerenberg
> On Dec 28, 2017, at 7:26 PM, Brock Tice wrote: > > Most of our customers only have 2-5 devices. I know this is not the case > in most of America but we are quite rural and for many people they've > never had better than 1.5Mbps DSL until we install service at their > location. Most of them hav

Re: Waste will kill ipv6 too

2017-12-28 Thread Lyndon Nerenberg
> On Dec 28, 2017, at 7:50 PM, valdis.kletni...@vt.edu wrote: > > Comcast is passing out CPE that provides a subnet for the actual subscriber, > and another one for *other* Comcast roaming customers. And somehow this > works for a company the size of Comcast without the customers needing to know

Re: OpenNTPProject.org

2014-02-16 Thread Lyndon Nerenberg
On Feb 16, 2014, at 7:59 PM, Mark Tinka wrote: > Juniper's Junos implementation (which is based on FreeBSD) > hasn't been patched > > Using firewall filters is the only way to mitigate the > vulnerability. But doesn't the JunOS ntpd read/parse ntpd.conf? It's worth getting to the admin mod

Re: OpenNTPProject.org

2014-02-16 Thread Lyndon Nerenberg
On Feb 16, 2014, at 8:30 PM, Christopher Morrow wrote: > and good luck with figuring out: > 1) when you need to re-do that magic move > 2) making sure that the move is automatable over time I was suggesting it as an alternative to just chopping off NTP at your border. Presumably it would be

Re: Canada and IPv6 (& DNSSEC)

2014-06-23 Thread Lyndon Nerenberg
On Jun 20, 2014, at 6:24 AM, Jacques Latour wrote: > Just as an indicator, we have 316 .ca domains with IPv6 glue records :-( Part of the problem might be that two of the bigger registrars (Webnames and easyDNS) *still* can't handle input of IPv6 addresses in their management panels - you hav

Re: Verizon Public Policy on Netflix

2014-07-14 Thread Lyndon Nerenberg
On Jul 14, 2014, at 5:39 PM, Matt Palmer wrote: > I assume that there's a leopard involved there somewhere? It's noodling around in the disused lavatory with Moaning Myrtle. signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Ok; let's have the "Does DNAT contribute to Security" argument one more time...

2011-11-14 Thread Lyndon Nerenberg
There really is no winner or "right way" on this thread. In IPv4 as a security guy we have often implemented NAT as an extra layer of obfuscation. It's worse than just obfuscation. The 'security' side effect of NAT can typically be implemented by four or five rules in a traditional firewall.

Re: why haven't ethernet connectors changed?

2012-12-20 Thread Lyndon Nerenberg
On 2012-12-20, at 12:13 PM, Michael Thomas wrote: > Do these > things need to have gig-e speeds? Probably not... for a lot even Bluetooth > speeds > are probably fine. But they do want to be really small and really inexpensive. Then run RS-422 or RS-485 over a single twisted pair. You don't ev

Re: AD and enforced password policies

2012-01-02 Thread Lyndon Nerenberg
I just went through some calculations for a (government) site that has the following rules: [...] Under the plausible assumption that very many people will start with a string of digits, continue with a string of lower-case letters to reach seven characters, and then add a period, there are onl

cable markers for marine environments

2012-03-08 Thread Lyndon Nerenberg
I have a couple of wiring projects coming up on salt water-going vessels and I'm curious as to people's experiences with different types of cable marking products in a high-humidity / salt air / bilge environment None of the markers will be directly exposed to the outside elements, but quite a

Re: cable markers for marine environments

2012-03-08 Thread Lyndon Nerenberg
On 2012-03-08, at 2:01 PM, Jim Richardson wrote: > I have had good results with printed labels covered in clear > heatshrink. Awkward, time consuming, and generally annoying, but > works, and lasts. A bit more detail I should have included ... These are pleasure craft, so stuff goes under the

Re: cable markers for marine environments

2012-03-08 Thread Lyndon Nerenberg
On 2012-03-08, at 2:10 PM, George Herbert wrote: > Which fuel is present affects the label durability... Diesel.

Re: Dear Linkedin,

2012-06-08 Thread Lyndon Nerenberg
On 2012-06-08, at 12:48 PM, Michael Thomas wrote: > I'm sorry, my brain doesn't hold that many passwords. Unless you're a savant, > neither does > yours. So what you're telling me and the rest of the world is impossible. https://agilebits.com/onepassword (1Password) is one solution to managing

Re: Dear Linkedin,

2012-06-08 Thread Lyndon Nerenberg
On 2012-06-08, at 1:02 PM, Scott Weeks wrote: > Only if you have an OS you have to pay for: apple or ms. I don't pay for them. $WORK pays for them. If you're complaint is about 1Password not running on your particular operating systems, then pick a solution that *does* run on your OS. There

Re: Dear Linkedin,

2012-06-08 Thread Lyndon Nerenberg
On 2012-06-08, at 1:22 PM, Michael Thomas wrote: > Does your password safe know how to change the password on each > website every several months? Yes.

Password Safes

2012-06-08 Thread Lyndon Nerenberg
On 2012-06-08, at 1:41 PM, Michael Thomas wrote: > I run a website. If it can change it on mine, I'd like to understand > how it manages to do that. I log in to your website, change my password, and the software picks up that I've changed the password and updates the safe accordingly. The soft

Re: Password safes &c. (was: Dear Linkedin,)

2012-06-08 Thread Lyndon Nerenberg
On 2012-06-08, at 2:07 PM, Andrew Sullivan wrote: > I'm not trying to be dismissive. Those are excellent stopgap > measures. They're not a solution. There is no "solution." Security is about risk management, nothing more. The only way to ensure your personal passwords are never compromised i

Re: Dear Linkedin,

2012-06-10 Thread Lyndon Nerenberg
It is far preferable for the merchant to request ID and verify that the signature matches the ID _AND_ the picture in the ID matches the customer. In the late 1990s I had a Visa card from (I think) Citibank that had my picture embossed on the front of the card. I'm surprised this didn't catc

Re: Asia's Fastest Communications Cable Comes Online

2012-08-24 Thread Lyndon Nerenberg
On 2012-08-24, at 10:33 AM, valdis.kletni...@vt.edu wrote: > If you can use 3ms to extract enough money out of the market to pay for a > cable, that market is *way* too volatile in the first place. Heh. Think things are volatile now? Wait 'til they get it down to pico-payment based trading of

Re: Detection of Rogue Access Points

2012-10-14 Thread Lyndon Nerenberg
> I'm looking for innovative ideas on how to find such a rogue device, > ideally as soon as it is plugged in to the network. There was a SIGCOMM paper a few years back that described a scheme based on measuring the the ACK delays of TCP sessions. In a nutshell, you can detect nodes on the wirele

Re: Detection of Rogue Access Points

2012-10-14 Thread Lyndon Nerenberg
On 2012-10-14, at 14:56 PM, Matthias Waehlisch wrote: > do you mean http://conferences.sigcomm.org/imc/2007/papers/imc122.pdf > ? That's the one!

Re: Urgent

2014-08-18 Thread Lyndon Nerenberg
On Aug 18, 2014, at 3:05 PM, Randy Bush wrote: > the request message was a forge, see below. damned shame i did not > think of it, though. otoh, i consider the contact requests useful. You just blew an opportunity to get on every north american late night talk show. Oh ... (sorry) signatu

Re: cheap laptop with 32G or 64G recommendations

2014-11-10 Thread Lyndon Nerenberg
On Nov 10, 2014, at 4:24 PM, Izaac wrote: > If you're stuck working in a completely isolated environment, then work it > into the contract. That's the cost of being on an island. This is the argument being made against all the citizens who have the temerity to live in British Columbia, yet no

Re: Craigslist hacked?

2014-11-23 Thread Lyndon Nerenberg
On Nov 23, 2014, at 7:41 PM, Brian Henson wrote: > Is anyone else seeing their local craigslist redirected to another site > other than craigslist? I see it loading http://digitalgangster.com/5um. *.craigslist.ca and *.craigslist.org have been offline since about 16:40 Pacific Standard Time fr

Re: Craigslist hacked?

2014-11-23 Thread Lyndon Nerenberg
On Nov 23, 2014, at 8:51 PM, Randy Bush wrote: > and what tasty things did the hijacker's web site serve? Firefox on my Mac started acting very strangely after encountering one of the 'unresponsive' versions of craigslist.ca. Apparent browser hangs, javascript script timeouts, and odd things

Re: Ransom DDoS attack - need help!

2015-12-03 Thread Lyndon Nerenberg
Afaik, the DDoS is "only" a UDP based one (or much of the attack), you should be able to mitigate some to much of the damage caused by filled pipes by blocking incomming UDP trafic at your ISP level. This is the Armada Collective, based on the description. We just went through a round with t

Re: Ransom DDoS attack - need help!

2015-12-03 Thread Lyndon Nerenberg
On Dec 3, 2015, at 5:00 PM, alvin nanog wrote: > run tcpdump and/or etherreal to capture the DDoS attacks Of course! If we had only thought of this sooner! :-) --lyndon signature.asc Description: Message signed with OpenPGP using GPGMail

Staring Down the Armada Collective

2015-12-03 Thread Lyndon Nerenberg
Typically, businesses hide from admitting they've been hit by drive-by attacks like Armada is trying to pull off. It has been interesting to see the public reaction from the post-Protonmail targets, many of whom are being very visible about 1) admitting they have been hit by the attacks, and 2)

Re: Staring Down the Armada Collective

2015-12-03 Thread Lyndon Nerenberg
On Dec 3, 2015, at 6:28 PM, Lyndon Nerenberg wrote: > Are we perhaps, finally, reaching the cusp where everyone has realized that > if we all, collectively, tell the rodents to f*** off, they just might? I should also mention that, despite their bluster, they can't keep it up for

Re: Staring Down the Armada Collective

2015-12-03 Thread Lyndon Nerenberg
On Dec 3, 2015, at 9:14 PM, Lyndon Nerenberg wrote: > I should also mention that, despite their bluster, they can't keep it up for > more than half an hour. The mailing list has been quiet. All step forward who are scared to say "me too" on account of Armada. --ly

MACsec to edge hosts

2015-12-22 Thread Lyndon Nerenberg
Are any of you pushing MACsec (802.1AE) out from your switches to the edge hosts? Vs. just running it on the network cross-connect fabric? We have a scenario where, if we could MACsec encrypt those (switch <-> host) links, we could eliminate a lot of application level TLS. But searching for a

Re: remote serial console (IP to Serial)

2016-03-09 Thread Lyndon Nerenberg
I'd get something like a 1U ATOM server ($120 eBay) with small SSD ($18). Runup your favorite FOSS OS, and conserver. For more than the single real serialport, you can most likely fit a USB hub inside the case still, and hang a number of USB serial dongles off. We use Raspberry Pi 2s with sing

protection.outlook.com SMTP support contact needed

2015-02-26 Thread Lyndon Nerenberg
I'm running into TLS interoperability problems with some of the SMTP servers under the inbound.protection.outlook.com domain. Are there any Outlook postmasters lurking here that could contact me off list to help debug this? Thanks, --lyndon

Re: Verizon Policy Statement on Net Neutrality

2015-02-28 Thread Lyndon Nerenberg
> It's not about "that's all they need", "that's all they want", etc. Whenever any vendor spouts "this is what our customers want" you know they are talking pure bullshit. The only customers who know what they "want" are the microscopic percentage who know what's actually possible, and we are d

Re: Verizon Policy Statement on Net Neutrality

2015-02-28 Thread Lyndon Nerenberg
On Feb 28, 2015, at 4:37 PM, Jack Bates wrote: > The question is, if YOU paid for the fiber to be run to their ped, would they > hook you up? No. But that's because they are using the fibre pedestals to deliver a high bandwidth DSL service. The condo customers still get DSLon copper, but be

Re: Verizon Policy Statement on Net Neutrality

2015-02-28 Thread Lyndon Nerenberg
On Feb 28, 2015, at 5:24 PM, Stephen Satchell wrote: > (N.B.: "we forced long TTLs to reduce the traffic necessary across our > peering points." At one point, the cable people said they had one, > count 'em one, peering link at 44 megabits/s, to serve all cable > companies [with their own inter

Re: Verizon Policy Statement on Net Neutrality

2015-02-28 Thread Lyndon Nerenberg
> In my part of the world, a well-known service provider runs FTTC and > then runs VDSL into the home. Ummh... I live in a 3rd word country. Oh Canada! signature.asc Description: Message signed with OpenPGP using GPGMail

Re: symmetric vs. asymmetric [was: Verizon Policy Statement on Net Neutrality]

2015-02-28 Thread Lyndon Nerenberg
On Feb 28, 2015, at 7:17 PM, Barry Shein wrote: > I remember when downloading still images (dial-up days) was considered > bandwidth hogging and only something very few people did. Of course no > one did it, it took minutes to download even a rather small image and > there was little market for

Re: Android (lack of) support for DHCPv6

2015-06-10 Thread Lyndon Nerenberg
Where is Mr. Protocol? When we need him most?! signature.asc Description: Message signed with OpenPGP using GPGMail

Re: eBay is looking for network heavies...

2015-06-10 Thread Lyndon Nerenberg
On Jun 10, 2015, at 11:18 AM, goe...@anime.net wrote: > Indeed, the interview process is a two way street. Lets you evaluate who you > would be working for -- or if you really would want to. I wrote most of a very long follow-up to this. But what it boils down to is: +10,000 For all of you s

Nobody is looking for serious candidates

2015-06-10 Thread Lyndon Nerenberg
On Jun 10, 2015, at 8:39 PM, Stephen Satchell wrote: > After the phone screen, the company called me in for the face-to-face > "interview". I put the word "interview" in quotes because, for 25 minutes, > the chief programmer of the place played a video game he wrote. That was the > extent of

Re: Android (lack of) support for DHCPv6

2015-06-11 Thread Lyndon Nerenberg
On Jun 11, 2015, at 9:06 PM, Karl Auer wrote: >> You don't get to just say "I'm not going to implement this because I don't >> agree with it," which is what Google is doing in the case of Android. > > Actually, you DO get to just say that. Anyone can, but especially > something as big as Google

Re: DMARC in education

2015-06-17 Thread Lyndon Nerenberg
> What problem do you expect this to solve? This is a real question, > since you can be 100% sure that any DMARC policy will wreak havoc on > any of your users who use mailing lists like this one. *Any* mailing list. Please help stamp out this abomination by refusing to capitulate to its insane

Re: Residential VSAT experiences?

2015-06-22 Thread Lyndon Nerenberg
On Jun 22, 2015, at 5:27 PM, Scott Weeks wrote: > I do SSH over geostationary satellite links (C-band) all > the time. I'd say it's slow, but not excruciating, unless > you type really fast on the network device's CLI. :-) SSH client/server authors would do well to learn the lessons of telnet

Re: ARIN just subdivided their last /17, /18, /19, /20, /21 and /22. Down to only /23s and /24s now. : ipv6

2015-06-27 Thread Lyndon Nerenberg
On Jun 27, 2015, at 5:35 AM, Rafael Possamai wrote: > How long do you think it will take to completely get rid of IPv4? Or is it > even going to happen at all? IPX ruled the roost, very popularly, for a little while. How long did it take to die? Why did it die? What were the triggers that pu

Thoughts On Cheap Chinese xDSL Testers

2015-06-29 Thread Lyndon Nerenberg
I've been poking around looking for an inexpensive xDSL circuit tester to do some measurements on my home DSL line, in opposition to the telco. $2K+ is not in the budget, so I'm curious about the accuracy of the $300 Chinese units kicking around eBay (e.g. the ST332B). Anyone out there have exp

Re: another tilt at the Verizon FIOS IPv6 windmill

2015-07-13 Thread Lyndon Nerenberg
On Jul 13, 2015, at 1:57 PM, Mel Beckman wrote: > David, > Did you consider running an IPv6 tunnel through HE.net? Tunnels work, but they really are getting old. I have run 3ffe:: 6bone, HE tunnels, and (currently) aiccu. They all work very reliably, and I have immense gratitude towards the

Re: another tilt^2 [real numbers]

2015-07-13 Thread Lyndon Nerenberg
For a bit of fun, the results after 30 minutes of https://orthanc.ca/figure-1 being out on the nanog list: IPv4: 315 IPv6: 22 This is strictly GETs on the target page, not tainted by CSS or favicon nonsense. I don't know what this says about the proclivity of Nanog readers to blindly cl

Re: ARIN IPV4 Countdown

2015-07-14 Thread Lyndon Nerenberg
On Jul 14, 2015, at 6:33 PM, Curtis Maurand wrote: > Since IPV6 does not have NAT, it's going to be difficult for the layman to > understand their firewall. deployment of ipv4 is pretty simple. ipv6 on the > otherhand is pretty difficult at the network level. yes, all the clients get > eve

Re: Dual stack IPv6 for IPv4 depletion

2015-07-14 Thread Lyndon Nerenberg
On Jul 14, 2015, at 11:56 AM, Tony Hain wrote: > IPv6 is not the last protocol known to mankind. IF it burns out in 400-500 > years, something will have gone terribly wrong, because newer ideas about > networking will have been squashed along the way. 64 bits for both hosts and > routing was ove

Re: ARIN IPV4 Countdown

2015-07-14 Thread Lyndon Nerenberg
On Jul 14, 2015, at 7:26 PM, valdis.kletni...@vt.edu wrote: > But.. But... How does that work without using UPNP? :) SHOUT LOUDER! signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Assistance for Eavesdropping Legally on Avian Carriers (AELAC)

2013-06-25 Thread Lyndon Nerenberg
On 2013-06-25, at 7:58 PM, Sean Donelan wrote: > The memo provides an overview and principles regarding Lawful Intercept(LI) > of networks using RFC 1149, "A Standard for the Transmission of IP Datagrams > on Avian Carriers." National requirements are not addressed. Is scooping pigeon shit o

Re: Assistance for Eavesdropping Legally on Avian Carriers (AELAC)

2013-06-25 Thread Lyndon Nerenberg
On 2013-06-25, at 8:24 PM, "Caruso, Anthony" wrote: > Yes, if you can identify the source of the grains, you know origin and flight > path prior to your lawn. NSA approach's is getting the pigeon shit off of > everyone's lawn... Then I am in favour of PRISM. NSA: come vacuum all the pigeon

Re: Assistance for Eavesdropping Legally on Avian Carriers (AELAC)

2013-06-25 Thread Lyndon Nerenberg
On 2013-06-25, at 8:54 PM, Jason Hellenthal wrote: > Anyone got a pentagram packet and a weje board ? Be careful, when you pull out the chalk to draw a pentaGRAM around your data centre, that you don't – accidentally – draw a pentaGONE.

Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic

2013-11-01 Thread Lyndon Nerenberg
On Nov 1, 2013, at 7:18 PM, Mike Lyon wrote: > So even if Goog or Yahoo encrypt their data between DCs, what stops > the NSA from decrypting that data? Or would it be done simply to make > their lives a bit more of a PiTA to get the data they want? Markhov chain text generators are cheap. Rath

Re: Numbering nameservers and resolvers

2010-08-18 Thread Lyndon Nerenberg
because most of the end users who would be querying it are in Canada, and, with one nameserver in Canada and one in Japan, they would get a long RTT on DNS queries roughly half the time. But only, say, once per week if you're running a reasonable TTL on your zone.

Re: Randy in Nevis

2010-09-27 Thread Lyndon Nerenberg
On 10-09-27 7:20 AM, Robert E. Seastrom wrote: > "Cannot establish SSL with SMTP server 67.202.37.63:465" does not > sound like a 587 problem to me. > > netalyzr folks? comment? Cisco PIX?

Re: Randy in Nevis

2010-09-27 Thread Lyndon Nerenberg
On 10-09-27 7:20 AM, Robert E. Seastrom wrote: > "Cannot establish SSL with SMTP server 67.202.37.63:465" does not > sound like a 587 problem to me. > > netalyzr folks? comment? Sorry, I hit send too soon ... I've heard from a couple of people that the PIX will remap 587 (and 25) to oddball por

RE: Wireless bridge

2009-06-18 Thread Lyndon Nerenberg
On Thu, 2009-06-18 at 11:54 -0400, Peter Boone wrote: > Oh I know. Luckily it's located in an industrial area just on the > outskirts > of the city. There isn't a lot of other WiFi (in my opinion); 3-5 > total > SSIDs spread across 2 of the 3 physical channels (1,6,11) depending on > which > roofto

Re: Is your ISP blocking outgoing port 25?

2009-06-18 Thread Lyndon Nerenberg
On Thu, 2009-06-18 at 16:14 -0400, Joe Provo wrote: > then you should be shifting your userbase to authenticated on the > SUBMIT > port [587] anyway... Except for those ISPs who choose to intercept port 587 as well. This is a big problem with Rogers in Vancouver. They hijack port 587 connections

Re: OT: Bringing Cisco equipment to US

2009-06-29 Thread Lyndon Nerenberg
On Mon, 2009-06-29 at 13:46 -0700, Aaron J. Grier wrote: > On Mon, Jun 29, 2009 at 12:19:36PM -0400, Joe Abley wrote: > > If you want to avoid any unpleasant questions at the border, then the > > right thing to do is probably to find out what supporting paperwork is > > required to support the impo

Rogers cluefuls

2008-11-16 Thread Lyndon Nerenberg
Anyone from Rogers out there that can help me with port 587 proxy insanity? (Don't give me the 1-8xx numbers, thank you.)

Re: an over-the-top data center

2008-12-01 Thread Lyndon Nerenberg
On 1-Dec-08, at 10:27 AM, Danny McPherson wrote: On a related noted, some have professed that adapting old ships into data centers would provide eco-friendly secure data center solutions. Your data connection to shore is going to be tenuous at best. One good blow strong enough to make you dr

Re: an over-the-top data center

2008-12-01 Thread Lyndon Nerenberg
Not if the ship is literally encased in concrete at the shore. Which solves all your other problems as well. But that's not a ship, it's a building. There are even examples of actual free-floating ships which have been stable for a decade or more. And many counter-examples. --lyndon

Re: Redundant AS's

2009-03-22 Thread Lyndon Nerenberg
Autonomous systems will be assigned 16-bit identification numbers (in much the same ways as network and protocol numbers are now assigned), and every EGP message header contains one word for this number. Was that a 36-bit word? --lyndon I think 3B2 code deserves its own place

Re: ASN Name of the week

2007-07-24 Thread Lyndon Nerenberg
ASN Number NameHandle Location Organization 40543 1-800-GOT-JUNK [ABI19-ARIN] {Vancouver, BC, CA} 1-800-GOT-JUNK I guess somebody thinks that whois has advertising potential. Thats actually th

Re: What is "The Internet" TCP/IP or UNIX-to-UNIX ?

2010-04-04 Thread Lyndon Nerenberg
File transfer wasn't multihop It was, for at least some versions (V2 and later?), if the intermediate site(s) allowed execution of the uucp command. 25 years on the brain is fuzzy on the details ... --lyndon

Re: What is "The Internet" TCP/IP or UNIX-to-UNIX ?

2010-04-04 Thread Lyndon Nerenberg
You could certainly add uux and uux to the list of legal remote commands, but I confess that my memory is also dim about whether uucp file a!b!c would be translated automatically. It has indeed been a while... I'm pretty sure it was adding 'uucp' in the commands list that enabled the

  1   2   >