Hey!
New message, please read <http://wbank.info/company.php?bc>
Steven Bellovin
Hey!
New message, please read <http://baldrfilm.nl/mind.php?5f3>
Steven Bellovin
Hey!
New message, please read <http://maaike.info/could.php?b>
Steven Bellovin
On Sep 26, 2013, at 11:07 AM, John Curran jcur...@istaff.org wrote:
On Sep 26, 2013, at 4:52 AM, bmann...@vacation.karoshi.com wrote:
sounds just like folks in 1985, talking about IPv4...
If there were ever were a need for an market/settlement model, it is with
respect
to routing
There was an interesting paper at Usenix Security on the effects of deploying
DNSSEC; see
https://www.usenix.org/conference/usenixsecurity13/measuring-practical-impact-dnssec-deployment
. The difference in geographical impact was quite striking.
--Steve Bellovin,
http://www.wired.com/threatlevel/2013/07/ipmi/
Capsule summary: watch out!
--Steve Bellovin, https://www.cs.columbia.edu/~smb
On Apr 26, 2013, at 3:24 AM, Randy Bush ra...@psg.com wrote:
until widespread availability of webrtc, a bunch of us are using
jitsi for video, https://jitsi.org/
And last I tried it, it kept segfaulting on something dumb ;)
try the nightlies
I'm trying the latest two nightlies -- two
On Apr 2, 2013, at 9:16 PM, Jay Ashworth j...@baylink.com wrote:
- Original Message -
From: Steven Bellovin s...@cs.columbia.edu
DLT? I first heard it as a station wagon full of (9-track, 1600 bpi,
that having been the state of the art) mag tapes on the Taconic Parkway,
circa 1970
DLT? I first heard it as a station wagon full of (9-track, 1600 bpi,
that having been the state of the art) mag tapes on the Taconic Parkway,
circa 1970. I suspect, though, that Herman Hollerith expressed the idea
about a stage coach full of punchcards, back in the 1880s.
On Apr 2, 2013, at
The BBC has a similar story:
http://www.bbc.co.uk/news/world-middle-east-21963100
On Mar 27, 2013, at 6:41 PM, Neil J. McRae n...@domino.org wrote:
Via renesys
On Feb 20, 2013, at 9:07 PM, Steven Bellovin s...@cs.columbia.edu wrote:
On Feb 20, 2013, at 1:33 PM, valdis.kletni...@vt.edu wrote:
On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
boys and girls, all the cyber-capable countries are cyber-culpable. you
can bet that they are all
On Feb 20, 2013, at 3:20 PM, Jack Bates jba...@brightok.net wrote:
On 2/20/2013 1:05 PM, Jon Lewis wrote:
See thread: nanog impossible circuit
Even your leased lines can have packets copied off or injected into them,
apparently so easily it can be done by accident.
This is
On Feb 20, 2013, at 1:33 PM, valdis.kletni...@vt.edu wrote:
On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
boys and girls, all the cyber-capable countries are cyber-culpable. you
can bet that they are all snooping and attacking eachother, the united
states no less than the rest. news
On Jan 9, 2013, at 1:18 PM, Leo Bicknell bickn...@ufp.org wrote:
In a message written on Wed, Jan 09, 2013 at 06:39:28PM +0100, Mikael
Abrahamsson wrote:
IPMI is exactly what we're going for.
For Vendors that use a PC motherboard, IPMI would probably not be
difficult at all! :)
I
On Jan 3, 2013, at 3:52 PM, Matthias Leisi matth...@leisi.net wrote:
On Thu, Jan 3, 2013 at 4:59 AM, Damian Menscher dam...@google.com wrote:
While I'm writing, I'll also point out that the Diginotar hack which came
up in this discussion as an example of why CAs can't be trusted was
On Jan 2, 2013, at 7:53 AM, valdis.kletni...@vt.edu wrote:
On Sun, 30 Dec 2012 19:25:04 -0600, Jimmy Hess said:
I would say those claiming certificates from a public CA provide no
assurance of authentication of server identity greater than that of a
self-signed one would have the burden of
On Jan 2, 2013, at 7:15 PM, Randy Bush ra...@psg.com wrote:
Do you run Cert Patrol (a Firefox extension) in your browser?
yes, but my main browser is chrome (ff does poorly with nine windows and
60+ tabs). there is some sort of pinning, or at least discussion of it.
but it is not clear
On Jan 2, 2013, at 8:25 PM, Seth David Schoen sch...@loyalty.org wrote:
Steven Bellovin writes:
The only Chrome browser I have lying around right now is on a Nexus 7 tablet;
I don't see any way to list the pinned certs from the browser. There is a
list at http://www.chromium.org
On Jul 5, 2012, at 10:49 48AM, Peter Lothberg wrote:
On one of my BSD boxes. /usr/src/share/zoneinfo/leapseconds, I see no
-
No, but they're allowed; see Figure 9 of RFC 5905:
Steve,
I commented that it was stated that we where doing both positive and
negative corrections. Only
On Jul 3, 2012, at 5:06 PM, Peter Lothberg wrote:
On one of my BSD boxes. /usr/src/share/zoneinfo/leapseconds, I see no
-
No, but they're allowed; see Figure 9 of RFC 5905:
LI Leap Indicator (leap): 2-bit integer warning of an impending leap
second to be inserted or deleted in the
On Jul 2, 2012, at 11:47 AM, AP NANOG wrote:
Do you happen to know all the kernels and versions affected by this?
See
http://landslidecoding.blogspot.com/2012/07/linuxs-leap-second-deadlocks.html
--Steve Bellovin, https://www.cs.columbia.edu/~smb
On Jul 2, 2012, at 3:43 PM, Greg D. Moore wrote:
At 03:08 PM 7/2/2012, George Herbert wrote:
If folks have not read it, I would suggest reading Normal Accidents by
Charles Perrow.
Strong second to that suggestion.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
On May 14, 2012, at 7:52 PM, Bill Stewart wrote:
- Is there any application that can actually set the RFC3514 Evil Bit?
Code was added to FreeBSD to set it (though I think the commit was later
reverted); see the change logs at https://www.cs.columbia.edu/~smb/3514.html
Also see https://www.cs.columbia.edu/~smb/papers/v6worms.pdf
(Worm propagation strategies in an IPv6 Internet. ;login:,
pages 70-76, February 2006.)
On Apr 20, 2012, at 3:08 50AM, Fernando Gont wrote:
FYI
Original Message
Subject: IPv6 host scanning in IPv6
Date: Fri, 20
On Apr 19, 2012, at 6:31 43PM, Douglas Otis wrote:
On 4/18/12 8:09 PM, Steven Bellovin wrote:
On Apr 18, 2012, at 5:55 32PM, Douglas Otis wrote:
Dear Jeroen,
In the work that led up to RFC3309, many of the errors found on the
Internet pertained to single interface bits
On Apr 18, 2012, at 5:55 32PM, Douglas Otis wrote:
On 4/18/12 12:35 PM, Jeroen van Aart wrote:
Laurent GUERBY wrote:
Do you have reference to recent papers with experimental data about
non ECC memory errors? It should be fairly easy to do
Maybe this provides some information:
On Feb 29, 2012, at 11:17 17AM, Marshall Eubanks wrote:
On Wed, Feb 29, 2012 at 10:08 AM, Justin M. Streiner
strei...@cluebyfour.org wrote:
On Wed, 29 Feb 2012, Rodrick Brown wrote:
There's about 1/2 a dozen or so known private and government research
facilities on Antarctica and I'm
On Feb 24, 2012, at 7:46 40AM, Danny McPherson wrote:
On Feb 23, 2012, at 10:42 PM, Randy Bush wrote:
the problem is that you have yet to rigorously define it and how to
unambiguously and rigorously detect it. lack of that will prevent
anyone from helping you prevent it.
You referred
On Feb 24, 2012, at 2:26 14PM, Danny McPherson wrote:
On Feb 24, 2012, at 1:10 PM, Steven Bellovin wrote:
But just because we can't solve the whole problem, does that
mean we shouldn't solve any of it?
Nope, we most certainly should decompose the problem into
addressable elements
The timer for Linux is 5 minute by default but you can change it.
Timer timeouts do not affect TCP MSS.
RFC 2923:
TCP should notice that the connection is timing out. After
several timeouts, TCP should attempt to send smaller packets,
perhaps turning off the DF flag
On Feb 20, 2012, at 10:27 PM, Masataka Ohta wrote:
Steven Bellovin wrote:
Timer timeouts do not affect TCP MSS.
RFC 2923:
TCP should notice that the connection is timing out. After
several timeouts, TCP should attempt to send smaller packets,
perhaps turning off
On Feb 18, 2012, at 6:51 PM, George Bonser wrote:
academics in ontario are gonna need a scalable vpn service until they
find jobs elsewhere.
http://www.cautbulletin.ca/en_article.asp?SectionID=1386SectionName=Ne
wsVolID=336VolumeName=No%202VolumeStartDate=2/10/2012EditionID=36E
Oh, and 'i' and 'l' need to be banned as well, because a san-serif uppercase I
looks a lot like a san-serif lowercase l. (In fact, in the font I'm currently
using,
the two are pixel-identical).
I don't see anybody calling for the banning of 'i' and 'l' in domain names
due to that.
I received the enclosed note, apparently from RIPE (and the headers check out).
Why are you sending messages with clickable objects that I'm supposed to use to
change my password?
---
From: ripe_dbannou...@ripe.net
Subject: Advisory notice on passwords in the RIPE Database
Date: February 9,
If they're intended as a path to log in with a typed password, that's correct.
Sad, but correct.
On Feb 10, 2012, at 12:18 PM, Richard Barnes wrote:
So because of phishing, nobody should send messages with URLs in them?
On Fri, Feb 10, 2012 at 8:56 AM, Steven Bellovin s
On Feb 10, 2012, at 12:29 30PM, Randy Bush wrote:
So because of phishing, nobody should send messages with URLs in them?
more and more these days, i have taken to not clicking the update messages,
but going to the web site manyually to get it.
Yup -- I wrote about that a while back
On Feb 10, 2012, at 12:37 01PM, Leo Bicknell wrote:
In a message written on Fri, Feb 10, 2012 at 09:29:30AM -0800, Randy Bush
wrote:
more and more these days, i have taken to not clicking the update messages,
but going to the web site manyually to get it.
wy to much phishing, and it
On Jan 23, 2012, at 2:46 AM, Chris wrote:
The appropriately named SS mainly deals with counterfeit currency,
widespread ID theft (See also: Ryan1918) and threats to the President.
Actually, they have statutory authority to deal with computer crime,
too; see
On Jan 21, 2012, at 8:00 PM, Jay Ashworth wrote:
- Original Message -
From: Lyle Giese l...@lcrcomputer.net
Not that I would not be a bit miffed if personal files disappeared, but
that's one of the risks associated with using a cloud service for file
storage. It could have been a
On Jan 19, 2012, at 6:44 PM, ja...@smithwaysecurity.com wrote:
You guys serous, when did the order come in to sezie the domain?
http://arstechnica.com/tech-policy/news/2012/01/why-the-feds-smashed-megaupload.ars
has a good analysis; also see
On Jan 19, 2012, at 10:07 PM, Suresh Ramasubramanian wrote:
I would agree. They've dotted every i and crossed every t here.
This will inevitably be followed by a prosecution of some sort and/or
there's also scope for Megaupload to sue the USG for restitution.
It'll be interesting to see
in
such a prosecution - it would quite probably not constitute private
mail
On Fri, Jan 20, 2012 at 8:49 AM, Steven Bellovin s...@cs.columbia.edu wrote:
The Megaupload case is unusual, said Orin S. Kerr, a law professor
at George Washington University, in that federal prosecutors obtained
On Jan 18, 2012, at 10:41 30AM, Christopher Morrow wrote:
On Wed, Jan 18, 2012 at 10:05 AM, Nick Hilliard n...@foobar.org wrote:
On 18/01/2012 14:18, Leigh Porter wrote:
Yeah like I say, it wasn't my idea to put DNS behind firewalls. As long
as it is not *my* firewalls I really don't care
On Jan 5, 2012, at 11:05 37PM, Suresh Ramasubramanian wrote:
There's no shortage of stuff that reaches you 80..90 days after the fact
The UK voluntary retention rules make a lot more sense, compared to a
few days, which is entirely impractical
On Fri, Jan 6, 2012 at 9:30 AM,
On Jan 5, 2012, at 2:16 PM, Fred Baker wrote:
On Jan 5, 2012, at 10:42 AM, William Herrin wrote:
On Thu, Jan 5, 2012 at 10:56 AM, Eric J Esslinger eesslin...@fpu-tn.com
wrote:
His response was there is legislation being pushed in both
House and Senate that would require journalling for
On Jan 3, 2012, at 8:09 19AM, Greg Ihnen wrote:
On Jan 3, 2012, at 4:14 AM, Måns Nilsson wrote:
Subject: RE: AD and enforced password policies Date: Mon, Jan 02, 2012 at
11:15:08PM + Quoting Blake T. Pfankuch (bl...@pfankuch.me):
However I would say 365 day expiration is a little
On Jan 2, 2012, at 7:05 PM, Gary Buhrmaster wrote:
On Mon, Jan 2, 2012 at 22:32, Jimmy Hess mysi...@gmail.com wrote:
The sole root cause for easily guessable passwords is not lack of
technical restrictions. It's also: lazy or limited memory humans who need
passwords that they can
On Jan 2, 2012, at 9:10 PM, Lyndon Nerenberg wrote:
I just went through some calculations for a (government) site that has the
following rules:
[...]
Under the plausible assumption that very many people will start with a string
of digits, continue with a string of lower-case letters to
On Jan 1, 2012, at 8:34 PM, TR Shaw wrote:
John,
Unlike AH, ESP in transport mode does not provide integrity and
authentication for the entire IP packet. However, in Tunnel Mode, where the
entire original IP packet is encapsulated with a new packet header added,
ESP protection is
, Jan 2, 2012 at 7:20 AM, Steven Bellovin s...@cs.columbia.edu wrote:
On Jan 1, 2012, at 8:34 PM, TR Shaw wrote:
John,
Unlike AH, ESP in transport mode does not provide integrity and
authentication for the entire IP packet. However, in Tunnel Mode, where
the entire original IP packet
On Dec 29, 2011, at 5:30 16PM, Masataka Ohta wrote:
valdis.kletni...@vt.edu wrote:
IGP snooping is not necessary if the host have only one next
hop router.
You don't need an IGP either at that point, no matter what some paper from
years ago tries to assert. :)
IGP is the way for
On Dec 26, 2011, at 1:23 46PM, Mark Radabaugh wrote:
On 12/26/11 12:56 PM, valdis.kletni...@vt.edu wrote:
On Mon, 26 Dec 2011 12:32:46 EST, Ray Soucy said:
2011/12/26 Masataka Ohtamo...@necom830.hpcl.titech.ac.jp:
And, if RA is obsoleted, which is a point of discussion, there
is no reason
On Dec 22, 2011, at 7:04 PM, Jeroen van Aart wrote:
Marshall Eubanks wrote:
Does your Mom call you up every time she gets a dialog box complaining
about an invalid certificate ?
If she has been conditioned just to click OK when that happens, then
she probably can't.
Everyone I have
On Dec 7, 2011, at 2:51 08PM, Meftah Tayeb wrote:
big thank for that
but, i am testing that for one day :)
Can you do an AStraceroute or manually translate those addresses into AS#s?
That is, might level3 and tinet be using multiple AS#s, in which case this
isn't unreasonable?
what's available.
On Dec 7, 2011, at 2:56 16PM, Meftah Tayeb wrote:
please tel me how to ?
i don't know astraceroute:)
- Original Message - From: Steven Bellovin s...@cs.columbia.edu
To: Meftah Tayeb tayeb.mef...@gmail.com
Cc: Fred Baker f...@cisco.com; nanog@nanog.org
Sent
On Dec 6, 2011, at 12:34 31PM, William Allen Simpson wrote:
On 12/6/11 12:00 PM, Eric Tykwinski wrote:
Maybe it's just me, but I would think that simply getting them listed on
stopbadware.org and other similar sites would probably have much more of an
effect.
The bad publicity can cause
F*ck them! If anyone knows a great copyright attorney in the U.S.,
please send me the details or ask them to get in touch with me.
Hmm -- did you say copyright? I wonder what would happen if you sent
them a DMCA takedown notice. To quote Salvor Hardin, It's a poor atom
blaster that
On Nov 28, 2011, at 4:51 52PM, Owen DeLong wrote:
On Nov 28, 2011, at 7:29 AM, Ray Soucy wrote:
It's a good practice to reserve a 64-bit prefix for each network.
That's a good general rule. For point to point or link networks you
can use something as small as a 126-bit prefix (we do).
On Nov 22, 2011, at 7:51 59PM, valdis.kletni...@vt.edu wrote:
On Tue, 22 Nov 2011 13:32:23 -1000, Michael Painter said:
http://jeffreycarr.blogspot.com/2011/11/latest-fbi-statement-on-alleged.html
And In addition, DHS and FBI have concluded that there was no malicious
traffic from
On Nov 22, 2011, at 8:08 58PM, Steven Bellovin wrote:
On Nov 22, 2011, at 7:51 59PM, valdis.kletni...@vt.edu wrote:
On Tue, 22 Nov 2011 13:32:23 -1000, Michael Painter said:
http://jeffreycarr.blogspot.com/2011/11/latest-fbi-statement-on-alleged.html
And In addition, DHS and FBI have
On Nov 21, 2011, at 4:30 PM, Mark Radabaugh wrote:
Probably nowhere near that sophisticated. More like somebody owned the PC
running Windows 98 being used as an operator interface to the control system.
Then they started poking buttons on the pretty screen.
Somewhere there is a
On Oct 31, 2011, at 12:30 49PM, Joel jaeggli wrote:
On 10/31/11 03:43 , Jeroen Massar wrote:
On 2011-10-31 08:56 , Dmitry Cherkasov wrote:
Hello,
Please advice what is the best practice to use IPv6 address block
across distributed locations.
You go to multiple RIRs and get multiple
On Oct 15, 2011, at 11:20 58PM, Jay Ashworth wrote:
- Original Message -
From: Rodney Joffe rjo...@centergate.com
Subject: 13 years ago today - October 16, 1998...
we lost Jon.
It feels like just yesterday.
http://www.apps.ietf.org/rfc/rfc2468.html
My path didn't cross
On Aug 24, 2011, at 9:44 20AM, Patrick W. Gilmore wrote:
On Aug 24, 2011, at 8:55 AM, JC Dill wrote:
On 23/08/11 3:13 PM, William Herrin wrote:
A. Our structures aren't built to seismic zone standards. Our
construction workers aren't familiar with*how* to build to seismic
zone standards.
On Aug 15, 2011, at 10:12 21AM, Randy Bush wrote:
I've always wondered if the next cisco/juniper 0 day will be delivered
via a set of exploits delivered via a link posted to NANOG. :) Maybe
I'll do a talk at DEFCON next year about that.
more likely a 'shortened' url. how anyone can click
The holy grail I'm searching for now? A GigE switch with POE,
unmanaged is ok, and probably preferred from a price perspective;
but with NO FAN.
I can't help with the POE part. I have a 16-port D-Link DGS-1016D
-- GigE, no fan, unmanaged.
--Steve Bellovin,
On Aug 12, 2011, at 10:17 39PM, Joe Greco wrote:
What nobody wired their abode with fiber ?
Am i the only one here
I ran a bunch of fiber from the telco rack to the server rack to reduce
the risk of damage to expensive servers ... it's likely to be
meaningless but it is just a little
On Jul 26, 2011, at 11:07 37AM, Nate Burke wrote:
Hello, I'm hoping that someone here might have run into a similar issue and
might be able to offer me some pointers.
I have a customer that I am providing redundant paths to, one link over a
microwave connection, and a backup link over a
On Jun 29, 2011, at 8:59 49AM, Ryan Malayter wrote:
On Jun 28, 3:35 pm, Cameron Byrne cb.li...@gmail.com wrote:
AFAIK, Verizon and all the other 4 largest mobile networks in the USA
have transparent TCP proxies in place.
Do you have a reference for that information? Neither ATT
On Jun 20, 2011, at 5:52 27PM, John Levine wrote:
They have inquired about IPv6 already, but it's only gone so far as
that. I would gladly give them a /64 and be done with it, but my
concern is that they are going to want several /64 subnets for the
same reason and I don't really *think*
On Jun 20, 2011, at 10:22 45PM, John R. Levine wrote:
All they need -- or, I suspect, need to assert -- is to have
multiple physical networks. They can claim a production net, a DMZ,
a management net, a back-end net for their databases, a developer
net, and no one would question an
On Jun 11, 2011, at 5:34 10AM, Jeroen van Aart wrote:
Ricardo Ferreira wrote:
Funny, how in the title refers to the Internet globally when the article is
specific about the USA.
I live in europe and we have at home 100Mbps . Mid sized city of 500k
people. Some ISPs even spread WiFi across
On Jun 7, 2011, at 7:22 58PM, john.herb...@usc-bt.com
john.herb...@usc-bt.com wrote:
No issues connecting to FB for me on IPv6 (both to www.v6.facebook.com and to
the returned by www.facebook.com now).
Interesting (perhaps) side note - www.facebook.com has a , but
facebook.com
On May 27, 2011, at 10:24 22AM, Michael Holstein wrote:
I am a student at UCLA Anderson School of Managment and my MBA field study
team is working on a research that involves conducting a survey of CIOs, IT
Managers/Administrators, IT Engineers to understand challenges in managing
IT
On May 24, 2011, at 9:29 06PM, Jay Ashworth wrote:
- Original Message -
From: Jimmy Hess mysi...@gmail.com
On Tue, May 24, 2011 at 4:34 PM, vinny_abe...@dell.com wrote:
I think those within the organization that deploy those vehicles or
are Navy SEALs might sit at different lunch
On May 19, 2011, at 9:48 35AM, Jamie Bowden wrote:
I know you're having fun with him, but I think what the original poster
had in mind was more like thinking of a file as just a string of
numbers. Create an equation that generates that string of numbers, send
equation, regenerate string on
On May 18, 2011, at 4:07 32PM, Landon Stewart wrote:
Lets say you had a file that was 1,000,000,000 characters consisting of
8,000,000,000bits. What if instead of transferring that file through the
interwebs you transmitted a mathematical equation to tell a computer on the
other end how to
On May 17, 2011, at 10:30 13PM, Joel Jaeggli wrote:
On May 17, 2011, at 6:09 PM, Scott Weeks wrote:
--- joe...@bogus.com wrote:
From: Joel Jaeggli joe...@bogus.com
On May 17, 2011, at 4:30 PM, Scott Brim wrote:
On May 17, 2011 6:26 PM, valdis.kletni...@vt.edu wrote:
On Tue, 17 May 2011
On May 10, 2011, at 9:07 11AM, Marshall Eubanks wrote:
A Federal Judge has decided to let the U.S. Copyright Group subpoena ISPs
over 23,000 alleged downloads of some
Sylvester Stallone movie I have never heard of; subpoenas are expected to go
out this week.
I thought that there might
On May 10, 2011, at 2:10 10PM, Wil Schultz wrote:
On May 10, 2011, at 10:56 AM, Steven Bellovin wrote:
On May 10, 2011, at 9:07 11AM, Marshall Eubanks wrote:
Has anyone converted that file to some useful format like ASCII? You know
-- something greppable?
I've converted
On May 10, 2011, at 3:02 33PM, Owen DeLong wrote:
On May 10, 2011, at 11:49 AM, Michael Holstein wrote:
In the EU you have Directive 2006/24/EC:
But I'm not, and neither are most of the ISPs in the linked document.
Regards,
Michael Holstein
Information Security Administrator
On May 10, 2011, at 3:51 32PM, Michael Holstein wrote:
In the US, I believe that CALEA requires you to have those records for 7
years.
No, it doesn't (records *of the requests* are required, but no
obligation to create subscriber records exists).
Even if it did .. academic
On May 10, 2011, at 9:53 16PM, Michael Painter wrote:
Deepak Jain wrote:
For examples, see the RIAA's attempts and more recently the criminal
investigations of child porn downloads from unsecured access
points. From what I understand (or wildly guess) is that ISPs with remote
diagnostic
On May 5, 2011, at 1:55 54AM, George Bonser wrote:
There is a security aspect to such things, though, as how do you
know
the content is from a trusted source? That is the bugaboo with
multicast. It needs to be information that isn't going to hurt
anything
if it is bogus. Also, it opens
On May 4, 2011, at 3:37 48PM, Jeff Wheeler wrote:
On Wed, May 4, 2011 at 2:22 PM, Scott Helms khe...@ispalliance.net wrote:
Local caching is MUCH more efficient than having the same traffic running in
streams and depending on everyone's PC to try and update in the same time
This only
On Apr 21, 2011, at 12:55 32PM, Ben Whorwood wrote:
Dear all,
Can anyone share any thoughts or experiences for VPN links running over slow
Internet connections, typically 2kB/s - 3kB/s (think 33.6k modem)?
We are looking into utilising OpenVPN for out-of-office workers who would be
On Apr 21, 2011, at 4:31 32PM, Phil Regnauld wrote:
Steven Bellovin (smb) writes:
I should note: IPsec, being datagram-based, will also work well. PPTP,
which runs over TCP as far as I know, will suffer all of the ills I just
outlined.
PPTP uses 1723/tcp for control
On Apr 21, 2011, at 5:28 46PM, Terry Baranski wrote:
On Apr 21, 2011, at 4:20PM, Steven Bellovin wrote:
For your application or for the VPN? For the VPN, I *strongly*
suggest you use UDP, or you're going to get dueling retransmissions
and spend a lot of time sending many copies
On Apr 20, 2011, at 3:50 03PM, Owen DeLong wrote:
On Apr 20, 2011, at 11:25 AM, Doug Barton wrote:
On 04/20/2011 10:54, Brzozowski, John wrote:
Doug,
I am aware of the drafts you cited earlier, as Mikael mentions below the
existence of the same will not result in 6to4 being turned off
On Apr 17, 2011, at 11:47 20PM, Frank Bulk wrote:
Timely article on the FAA's involvement with sleep schedules:
http://www.ajc.com/news/air-traffic-controller-scheduling-913244.html
Union spokesman Doug Church said up to now, 25 percent of
the nation's air traffic controllers
On Apr 15, 2011, at 1:41 26PM, Marshall Eubanks wrote:
On Apr 15, 2011, at 12:44 PM, Mark Green wrote:
Suggestion; once on the 'night shift' stay put for at least three months...
Sleep patterns take time to adjust. Jumping between day and night shifts
will burn out even the most
On Apr 1, 2011, at 8:41 11AM, Sachs, Marcus Hans (Marc) wrote:
I was wondering which April 1st this would happen on. Now I know. So if a
v6 carrier swallows a v4 datagram does that count as packet loss or tunneling?
http://datatracker.ietf.org/doc/rfc6214/
I was disappointed in this
:
Swallows have MTU issues.
On Fri, Apr 1, 2011 at 8:27 PM, Owen DeLong o...@delong.com wrote:
On Apr 1, 2011, at 10:45 AM, Steven Bellovin wrote:
On Apr 1, 2011, at 8:41 11AM, Sachs, Marcus Hans (Marc) wrote:
I was wondering which April 1st this would happen on. Now I know. So
if a v6
On Mar 26, 2011, at 12:21 12AM, Franck Martin wrote:
On 3/26/11 15:36 , Joe Sniderman joseph.snider...@thoroquel.org wrote:
On 03/25/2011 11:12 PM, Steven Bellovin wrote:
On Mar 25, 2011, at 12:19 52PM, Akyol, Bora A wrote:
One could argue that you could try something like
On Mar 25, 2011, at 12:19 52PM, Akyol, Bora A wrote:
One could argue that you could try something like the facebook model (or
facebook itself). I can see it coming.
Facebook web of trust app ;-)
Except, of course, for the fact that people tend to have hundreds of friends,
many of whom
On Mar 24, 2011, at 10:27 58AM, Aaron Wendel wrote:
That's a good question. Maybe they can't qualify under Arin rules. Another
question will be: how is Arin going to handle it?
Im pretty sure that the RSA says that in the event of bankruptcy ips revert
to the Arin pool. I understand
...well, kind of. What you don't mention is that it was thought to be
ugly and rejected solely on the aesthetic grounds. Which is somewhat
different from being rejected because it cannot work.
Now, I'd be first to admit that using LSRR as a substitute for
straightforward address
On Mar 8, 2011, at 8:32 59AM, valdis.kletni...@vt.edu wrote:
On Tue, 08 Mar 2011 07:37:27 EST, Steven Bellovin said:
No. It was rejected because routers tended to melt down into quivering
puddles of silicon from seeing many packets with IP options set -- a fast
trip to the slow path
On Mar 8, 2011, at 11:21 09AM, valdis.kletni...@vt.edu wrote:
On Tue, 08 Mar 2011 08:43:53 EST, Steven Bellovin said:
It wouldn't -- couldn't -- work that way. Leaving out longer paths (for
many,
many reasons) and sticking to 64-bit addresses, every host would have a
64-bit
address
On Feb 28, 2011, at 1:10 21AM, Randy Bush wrote:
I'm not saying there are no uses for DHCPv6, though I suspect
that some of the reasons proposed are more people wanting to do
things the way they always do, rather than making small changes
and ending up with equivalent effort.
add noc and
1 - 100 of 209 matches
Mail list logo