Re: [Discuss] basic fiber optic phone service vs. Fios phone service
On Sun, Sep 14, 2014 at 10:46:06PM -0400, Tom Metro wrote: But then he went on point out that Verizon is offering two different products. One being Fios phone service, and the other being basic fiber optic phone service. As we know, Fios isn't regulated by the state utility regulators, but notably basic fiber optic phone service is. I hadn't heard of that before. A spokeswoman for the state Department of Telecommunications and Cable (DTC) said, Because this is a technology upgrade...the department does not have the authority to interfere with this change, so consumers must either switch to fiber or switch carriers. So I guess you are out of luck if Verizon picks you for a forced upgrade and you want to stick with copper. The reporter referenced the DTC's advisory on this matter: http://www.mass.gov/ocabr/docs/dtc/consumer/fiber-migration-advisory-final-6-27-14.pdf A quote from that: The DTC requires that Verizon make available to all residential customers in Verizon's service territory a regulated landline voice telephone service and Verizon claims its fiber service, where offered, will meet this obligation. Try ordering that regulated fiber optic phone service. -dsr- ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] selecting a subnet
On Sunday, September 14, 2014 10:53:22 PM Steven Santos wrote: If your corp network uses addresses in the 192.168.0.0 range, how about using an address in the 10.0.0.0 range? Most small routers limit users to the 192.168.x.x ranges. Even if a router allowed use of the 172.16~ or 10~ spaces on it's LAN ports, there's no guarantee that a corporate renumbering wouldn't strand the router anyway. I'd say it's unlikely, but every time I do, there's a little voice in my head whispering Famous Last Words ... . Bill -- Bill Horne William Warren Consulting 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] selecting a subnet
On Sunday, September 14, 2014 10:57:19 PM Derek Martin wrote: On Wed, Sep 10, 2014 at 04:04:12PM -0400, Stephen Adler wrote: I'm setting up a small network at work behind my own firewall. Typically I would use a 192.168.1.0/24 network but I'm afraid the IT people at work have used that for something in my work LAN environment. NEVER DO THIS. Um, yeah, well, ah, I, um, guess I, ah, agree, sort of ... But ... There are exceptions to every rule, and when the 3rd-line manager of the company I'm working at tells me (always at 4:59 PM on Friday, of course) that his son's Boy Scout troop will be visiting on Saturday and that he'd like them to be able to use their BlackAndPad dumb phones while they're inside the firewall, I am disposed to remember the golden rule and to do what it takes to make his wish come true. If the regular IT staff (who have, of course, left for the day) has set up a DMZ to accord visitors Internet access, then the process is simple. If not, well, I just try to remember who's name is on the door. FWIW. Bill -- Bill Horne William Warren Consulting 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] selecting a subnet
On Mon, Sep 15, 2014 at 9:17 AM, Bill Horne b...@horne.net wrote: If the regular IT staff (who have, of course, left for the day) has set up a DMZ to accord visitors Internet access, then the process is simple. If not, well, I just try to remember who's name is on the door. And whose name is on the pink slip, should you happen to work for a company with an AUP that you agreed to, and then willfully violated on the say-so of someone without relevant authority. But hey, it's your life. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] selecting a subnet
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am with Derek in this case, but remember that 192.168.n.n, 10.n.n.n and 172.16 - 172.31 are non-routable meaning that your router SHOULD never expose these addresses beyond the subnet. So, in the case where you have to set something up at the last minute, the 192.168 addresses are not going to conflict. I would also make sure that the wifi is set up with a pass code so that people outside the group can't use it although in this case the risk is minimal. especially if you disconnect the router after the boy scout meeting. On 09/15/2014 09:17 AM, Bill Horne wrote: On Sunday, September 14, 2014 10:57:19 PM Derek Martin wrote: On Wed, Sep 10, 2014 at 04:04:12PM -0400, Stephen Adler wrote: I'm setting up a small network at work behind my own firewall. Typically I would use a 192.168.1.0/24 network but I'm afraid the IT people at work have used that for something in my work LAN environment. NEVER DO THIS. Um, yeah, well, ah, I, um, guess I, ah, agree, sort of ... But ... There are exceptions to every rule, and when the 3rd-line manager of the company I'm working at tells me (always at 4:59 PM on Friday, of course) that his son's Boy Scout troop will be visiting on Saturday and that he'd like them to be able to use their BlackAndPad dumb phones while they're inside the firewall, I am disposed to remember the golden rule and to do what it takes to make his wish come true. If the regular IT staff (who have, of course, left for the day) has set up a DMZ to accord visitors Internet access, then the process is simple. If not, well, I just try to remember who's name is on the door. FWIW. Bill - -- Jerry Feldman g...@blu.org Boston Linux and Unix PGP key id:3BC1EB90 PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66 C0AF 7CEA 30FC 3BC1 EB90 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVBbpfHzqMPw7weuQAQJ0qAf9HkEBobS0y7hpr1xgzeVYjdLhjDmx6iYr zpSO13s2whsoP5M+hvGevwF0UM50p/cS/ClSZCoQUGbcYCAyDfgXmzMZxeCTxdly B3GcQsrgQgewrxFIR83B9j0Qp93Z84KibWKRhHfA5zRVj9Os9S2n1d7KS8zuUDWe yitn/Iw4d/HCbSSN7+hHeETEF9L8ZaBOc6NJMxespm1ThyFBovr76TeNz6hRChjw VNGEjfCdjchwN7Y69y9w4JqcMbB8L2oNirP0n54cywXW6XwSkBm6NlVOJ0+ir7YL XozBW5yROlK2DUcBmMJDDjhgyc75EPNn7o5eaZV+I5KyARg6IlIMbA== =+1Gh -END PGP SIGNATURE- ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] basic fiber optic phone service vs. Fios phone service
On Mon, Sep 15, 2014 at 07:05:24AM -0400, Dan Ritter wrote: On Sun, Sep 14, 2014 at 10:46:06PM -0400, Tom Metro wrote: But then he went on point out that Verizon is offering two different products. One being Fios phone service, and the other being basic fiber optic phone service. As we know, Fios isn't regulated by the state utility regulators, but notably basic fiber optic phone service is. I hadn't heard of that before. A spokeswoman for the state Department of Telecommunications and Cable (DTC) said, Because this is a technology upgrade...the department does not have the authority to interfere with this change, so consumers must either switch to fiber or switch carriers. So I guess you are out of luck if Verizon picks you for a forced upgrade and you want to stick with copper. The reporter referenced the DTC's advisory on this matter: http://www.mass.gov/ocabr/docs/dtc/consumer/fiber-migration-advisory-final-6-27-14.pdf A quote from that: The DTC requires that Verizon make available to all residential customers in Verizon's service territory a regulated landline voice telephone service and Verizon claims its fiber service, where offered, will meet this obligation. Try ordering that regulated fiber optic phone service. I don't know what it is called or how it is regulated, but my dad has fiber phone service from Verizon, because when he travels every winter he has his home phone deactivated, and one year when he came back in the spring they told him they could only activate a new line on fiber. My dad doesn't own any computers or mobile devices and hasn't subscribed to any pay TV service since approximately 1983. I believe he has measured (pay per minute) phone service too. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] SysVinit vs. systemd
If anyone hasn't had enough of SystemD debate ... G+ has a SysVinit - SystemD command crib sheet https://plus.google.com/u/0/116824676284814557701/posts/4Quj7FGTBBD a full debate and index to blogs elsewhere on topic https://plus.google.com/u/0/explore/Systemd On Sat, Sep 13, 2014 at 9:28 AM, Edward Ned Harvey (blu) b...@nedharvey.com wrote: From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss- bounces+blu=nedharvey@blu.org] On Behalf Of Mike Small systemd handles a lot of annoying infrastructure for you; for example, you do not have to arrange to daemonize programs you run. I don't understand this at all. Aren't daemons written as daemons (giving up controlling terminal and whatever else within their own code). Traditional daemons are, because the programmers *had* *no* *other* *choice.* Besides the complexity of actually daemonizing and figuring out how to hook up to a logging facility and manipulate the probably nonstandard running environment, the developer needs to debug their app, so they *also* make it able to run in console mode, and figure out how to manage running in both modes, in both environments. But if you want to create something new, the ability to daemonize any-random-command is a really nice convenience factor; you just write any simple console application or shell script, and it behaves exactly the same on your command terminal as it does when you make it a service under systemd. because it actively tracks unit status, conditional restarts are not dangerous; it shares this behavior with any competently implemented active init system. Don't understand this. What's a conditional restart and why is it dangerous? What's the difference between an active and passive init system? A passive system is like /etc/init.d scripts, which brainlessly do as they're told when they're told, and don't make any decisions. If something like mysqld dies, it will not automatically come back up. An active system will notice mysqld died, recognize that it's not supposed to do that right now, and restart it. I know SMF will try to restart a failed service some configurable threshold number of times in a configurable threshold period of time, and if the service continually fails, then the service gets disabled. I assume something similar exists for systemd. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss -- Bill Ricker bill.n1...@gmail.com https://www.linkedin.com/in/n1vux ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] selecting a subnet
On Monday, September 15, 2014 09:28:30 AM Jerry Feldman wrote: I am with Derek in this case, but remember that 192.168.n.n, 10.n.n.n and 172.16 - 172.31 are non-routable meaning that your router SHOULD never expose these addresses beyond the subnet. So, in the case where you have to set something up at the last minute, the 192.168 addresses are not going to conflict. I would also make sure that the wifi is set up with a pass code so that people outside the group can't use it although in this case the risk is minimal. especially if you disconnect the router after the boy scout meeting. Although the Internet won't relay detached network addresses, that's not necessarily the case inside a corporate network. Moreover, the average corporate network is awash in accidental routers, including portable cellular terminals, laptops with network sharing enabled, and the ubiquitous consumer grade routers that are /always/ going to be plugged in at any company picnic or other event when IT isn't involved in advance. I agree that passwords are an important security feature, but I've never seen them enabled on any router set up by the well-meaning civilians at company events. They aren't thinking about security; they concentrating on not burning the hot dogs. We could each write a book about the ways that self install technologies affect computer network security. It's just not something that anyone in a position of authority will ever read. FWIW. Bill -- Bill Horne William Warren Consulting 339-364-8487___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] selecting a subnet
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The reason I suggested password is that it just restricts the ad hoc user from using the network. This is a short-term requirement for the OP. And, assuming the WAN port of the router is plugged into the corporate network. This way the nonroutable addresses will not be exposed. However, I have seen (and done) routers connected to corporate networks as switches with the wifi turned on. In any case, agreeing with Derek that what the OP is doing is not a good thing, but in this specific case, you are not going to expose those addresses to the corporate network, but you are allowing them onto the corporate network rather than an isolated guest network, which is a bad thing. While the non-routable addresses are not exposed, anyone on that subnet can go through the firewall. They can get at the company intranet as well as the Internet. On 09/15/2014 11:18 AM, Bill Horne wrote: On Monday, September 15, 2014 09:28:30 AM Jerry Feldman wrote: I am with Derek in this case, but remember that 192.168.n.n, 10.n.n.n and 172.16 - 172.31 are non-routable meaning that your router SHOULD never expose these addresses beyond the subnet. So, in the case where you have to set something up at the last minute, the 192.168 addresses are not going to conflict. I would also make sure that the wifi is set up with a pass code so that people outside the group can't use it although in this case the risk is minimal. especially if you disconnect the router after the boy scout meeting. Although the Internet won't relay detached network addresses, that's not necessarily the case inside a corporate network. Moreover, the average corporate network is awash in accidental routers, including portable cellular terminals, laptops with network sharing enabled, and the ubiquitous consumer grade routers that are /always/ going to be plugged in at any company picnic or other event when IT isn't involved in advance. I agree that passwords are an important security feature, but I've never seen them enabled on any router set up by the well-meaning civilians at company events. They aren't thinking about security; they concentrating on not burning the hot dogs. We could each write a book about the ways that self install technologies affect computer network security. It's just not something that anyone in a position of authority will ever read. FWIW. Bill - -- Jerry Feldman g...@blu.org Boston Linux and Unix PGP key id:3BC1EB90 PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66 C0AF 7CEA 30FC 3BC1 EB90 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVBcsHnzqMPw7weuQAQJBtggAq5Xb0ViE3xU9854O7IxxXaPFvmFBNzBz eiQcjxowVNqPZcQqbu7OkWrmmKSowbaOfr5Lqjz/QwDFLt/QsbJn+jntsUNIHwoL Qkf+wmQEwuH6NJ4Uz2b+zjrBwxgW3WbqJPqkHOM2TWwuWnuOBvwSJ5Lh0ZGUyd5H fMrca3FlxxlgJ5FmU+Lo4/heKMNdjHJxrMDBAZTPeXw9y+1mNa9nBMYzsb/RTgrz u5Xv6cJzxYEMbcac1nJhX3doGrbgbc1toCKDRqfFjhsjHHi12To8sJNQN5l5iupF C+XJur9QX2CMbL4nM3PuwNABvE/Ws2DnYZpPm8eSB39EiwZKOJ2/UQ== =wwaI -END PGP SIGNATURE- ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] selecting a subnet
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jerry Feldman wrote:
The reason I suggested password is that it just restricts the ad hoc
user from using the network. This is a short-term requirement for the
OP. And, assuming the WAN port of the router is plugged into the
corporate network. This way the nonroutable addresses will not be
exposed. However, I have seen (and done) routers connected to corporate
networks as switches with the wifi turned on.
In any case, agreeing with Derek that what the OP is doing is not a good
thing, but in this specific case, you are not going to expose those
addresses to the corporate network, but you are allowing them onto the
corporate network rather than an isolated guest network, which is a bad
thing. While the non-routable addresses are not exposed, anyone on that
subnet can go through the firewall. They can get at the company intranet
as well as the Internet.
I'm not writing clearly, for which I apologize. The point I'm trying
to make is that users will *DEMAND* connectivity whenever *they* feel
they need it. It is not productive to say Call IT, or The rulebook
says ..., because users are unable to gauge security risks, unwilling to
admit that their actions may have negative consequences, and
unforgiving when told No.
I've been there. We've *all* been there. In a nutshell, the problem is
that evolution has not prepared human beings to appreciate long-term
costs in the face of short-term pleasure - that's why cigarettes are
still sold - and too many managers feel that technically adept
subordinates are talking gobbledygook just to feel important and that
the solution to every IT problem is to threaten to kick us in the butt
in order to make the magic bits flow.
At the heart of most security concerns is the simple truth that those
in charge often choose not to concern themselves with maybe warnings
about potential risks in the face of I want ... demands from
{anyone but us}. I feel this is a shortcoming of American management
in general, and I have never discovered a polite or effective way to
say You're being foolish - please don't do that.
FWIW.
Bill
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBAgAGBQJUF0HLAAoJEB+Bm2pt7eU7EtsP/1+6KxdZN+TQIqHMN0zj6Qbx
0mbxwKE3/h1XLPIHWpbaHSpglhA9m8pz2LasshyjwQR+Mp/p/RHWtWi7Tgz+vSOk
jp3h6NHGYvNsQr6HU4Rp7Qyv1CvEwXuNp/omgAOjrHC/NoHS7HWUfotG2vOIrmKK
K0lequU2MOUMYaZ6CEReAmQ865++1jFypyMZPEjmdYkiIzVYPeyVXuNyr3Ws7xa1
zv9heQ06XXX5ZF8ZGexVFWpnOGknp7XdVTiwoKo1ypz2zULGshb1eej7e2lNMXcI
OH/kQ2CJPOCkKUR8nPjxoKyOZinuvTLKqQdrD62qjMCc3k8Zt+AeHKqRY+Ihk7Kv
th0fV5WDqxFm2P58CtKty5GFKemVdtLSHD2vcG2ZDrn/hMckFUVLspK94ieS9VW5
XmQdsQsPWKkD875la8nJzRDu0skSS9LPFx+wXoLrxsz5HMm76BtEjTwdwQdnFnyt
AWp6cGcI+Bj4AgJKjU5ajc2FGKpBKIC7L0tniCkVerE0IpzyUSx3fQsaAux6Cw0M
Ju+eRPpflgqx7b1lCIorxm9pMDQzvrfP8wbK6bSSz7hDV1Q7A9LIpDau51MglICM
IFTr87R435cd0bvjCEEQSwkILST/wRYRwxunFkJXcqfr64Dhwdzjrres81lLD5Dj
FyGxri2N8+FpL+2HgVgg
=Phhz
-END PGP SIGNATURE-
--
Bill Horne
William Warren Consulting
339-364-8487
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] automatic daemon restarts
Richard Pieri wrote: Edward Ned Harvey (blu) wrote: An active system will notice mysqld died, recognize that it's not supposed to do that right now, and restart it. Which is a stupid way to run in production. There's a reason why the daemon died. That reason needs to be identified so that corrective steps can be taken. Blind restarts can obfuscate this information, can cause damage to data, and can exacerbate existing damage. Not to say your points are invalid, but Netflix would disagree with you. They created a testing tool that intentionally kills random services on their production systems just to test that automated recovery works correctly. -Tom -- Tom Metro The Perl Shop, Newton, MA, USA Predictable On-demand Perl Consulting. http://www.theperlshop.com/ ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] selecting a subnet
On 9/15/2014 3:48 PM, Bill Horne wrote: I feel this is a shortcoming of American management in general, No, not a shortcoming of American management. It's the irrational notion that pessimism is bad. and I have never discovered a polite or effective way to say You're being foolish - please don't do that. You hired me to do a job. If I'm not going to be allowed to do that job then I will find employment elsewhere. With two weeks' notice ready just in case said manager thinks you're bluffing. Because if your manager won't take you seriously then you seriously need to find a new manager. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] automatic daemon restarts
On 9/15/2014 4:15 PM, Tom Metro wrote: Not to say your points are invalid, but Netflix would disagree with you. They created a testing tool that intentionally kills random services on their production systems just to test that automated recovery works correctly. Netflix is a highly available application system that is designed to be robust in the face of isolated faults and to degrade gracefully under failure conditions. Chaos Monkey is the tool that they use to test the implementations of their designs. It works by shutting down random Netflix-owned instances within the AWS scalable architecture. Automated recovery in the Netflix environment is simple: spin up a new instance that is configured identically to the one that failed. They don't try to restart the faulted instance. It's down for the count and it stays that way so they can analyze the fault that knocked it out. This is a /very/ different scenario from what you might have with a single LAMP instance where systemd keeps restarting MySQL after a persistent fault of some sort keeps knocking it out. This isn't automated recovery; it's an automated disaster looking to wreck your tables. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] selecting a subnet
On Mon, Sep 15, 2014 at 09:17:24AM -0400, Bill Horne wrote: On Sunday, September 14, 2014 10:57:19 PM Derek Martin wrote: On Wed, Sep 10, 2014 at 04:04:12PM -0400, Stephen Adler wrote: I'm setting up a small network at work behind my own firewall. Typically I would use a 192.168.1.0/24 network but I'm afraid the IT people at work have used that for something in my work LAN environment. NEVER DO THIS. Um, yeah, well, ah, I, um, guess I, ah, agree, sort of ... But ... There are exceptions to every rule, and when the 3rd-line manager of the company I'm working at tells me (always at 4:59 PM on Friday, of course) that his son's Boy Scout troop will be visiting on Saturday and that he'd like them to be able to use their BlackAndPad dumb phones while they're inside the firewall, I am disposed to remember the golden rule and to do what it takes to make his wish come true. No, you aren't. You tell him that setting that up for him last minute could break the entire company network, and you're sorry but he'll need to give you more notice than that and get the right people involved so that this does not happen, because you're not willing to crush your company's ability to do business for the convenience of his boyscout troop. FWIW, this should work, and if it doesn't, you should quit today. I've been in this position, and I have in fact told a VP at my company that he was disrupting operations and he needed to stop. And he did. And it was a situation very much like what you described. You be polite, you be earnest, but you be sure he understands that what he's asking for is insane. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] selecting a subnet
On Tue, Sep 16, 2014 at 12:06 AM, Derek Martin inva...@pizzashack.org wrote: On Mon, Sep 15, 2014 at 09:17:24AM -0400, Bill Horne wrote: On Sunday, September 14, 2014 10:57:19 PM Derek Martin wrote: On Wed, Sep 10, 2014 at 04:04:12PM -0400, Stephen Adler wrote:. ... FWIW, this should work, and if it doesn't, you should quit today. I've been in this position, and I have in fact told a VP at my company that he was disrupting operations and he needed to stop. And he did. And it was a situation very much like what you described. You be polite, you be earnest, but you be sure he understands that what he's asking for is insane. And if this doesn't work, write done exactly what you told him/her and get him to sign a copy. It's amazing how having to actually sign something tends to get a manager's attention. Bill Bogstad ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
