Re: Sun Project Blackbox / Portable Data Center
Poor word choice on my part regarding command center versus data service augmentation. However there are many capabilities that this setup can bring to bear no differently than a military TOC is established out in a forward operating site. I do agree that a good DR plan and hot/warm sites are a necessity for critical services however there are uses for this capability. One only needs to look at Katrina or 9/11 where a solution like this would have shown benefits in augmenting a larger DR plan and quickly providing computing or network services depending on how it was built out. Just to add a disclaimer, these are my opinions and not an official stance by the government. Jerry [EMAIL PROTECTED] On Oct 13, 2007, at 11:05 PM, Alan Clegg <[EMAIL PROTECTED]> wrote: Jerry Dixon wrote: We've looked at these from a DHS perspective and they are a great concept. I know Sun has had the boxes here in DC on tour and worth checking out. I believe FEMA was in process of looking into leveraging them for disaster command centers along with the military. As a long time network professional, volunteer firefighter, CERT[*] team member/instructor, and Red Cross disaster response volunteer, I'd wonder why ANYONE would want one of these. If your "command center" is close enough to require this specialized configuration, YOU ARE TOO CLOSE. Please stay somewhere that you have functional/reliable power, walls that are not falling down, and hotel rooms for your staff. The idea of moving your data center INTO the hot zone would scare the bejeebers out of me. I've been to large fires, hurricane aftermath, floods, tornado paths, and nowhere have I seen a need for these things. If you have a spare data center somewhere "geographically diverse" from your primary, you're golden and you don't need a unit like this. The concept of moving one of these things into an area that is still without normal utilities is not only dangerous to the equipment "in the box", but also begins to steal from the limited resources that are being used to rehabilitate the incident scene. Why not get a couple of high-powered communication trucks that would allow network connectivity from the disaster zone instead of endangering your hardware and putting non-essential personnel into a dangerous situation? Who's going to hire the private army that you are going to need to protect these monsters? (I understand that one is available) And who's bringing in the food for the poor technicians that are being deployed with the crate? If you have the choice of using preciously scarce fuel to power your data center in a box or to help prepare and transport meals to people in need, which will you do? Maybe I'm missing the point. If you told me you were using one of these to deploy a preliminary data center while a permanent facility was being built, I'd think you were much more on track, but for emergencies? AlanC [*] Community Emergency Response Team, not computer related: http://www.wakecountycert.org
Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?
On Sat, 13 Oct 2007, J. Oquendo wrote: Personally, if I were a business owner, I would attempt my best to keep my networks in order and ensure that traffic being sent *from* my network to the world wasn't tainted in any shape form or fashion. This is basically the clause for terminating service which may "damage the reputation" that several bloggers found objectionable last week in some ISP's terms of service. You can propose many provocative statements, groups which murder unborn children, engage in illegal drug trafficking, corrupting the morals of youth, and so on. As I said before, I expect next month some group will be protesting that an evil ISP blocked their activities. If you want to turn the Internet into a broadcaster style environment, where only content the network owner considers acceptable to their reputation is allowed, that's probably not the Internet anymore. Just because a particular group uses an ISP to transmit something doesn't mean the ISP approves of the activities of that group or its content. In the UK, ISPs helped create the Internet Watch Foundation to block "illegal" material on the Internet. BT blocked those web sites from all its downstream networks. That didn't stop the biggest child porn group in the world to date operating from the UK, and it took the Canadian RCMP to crack the case since UK law enforcement apparently wasn't aware of the group operating in the UK. Arresting the members of the group was needed, because the network "blocks" simply made it harder to find. In the USA, the Wire Act allows law enforcement to issue orders to disconnect gambling operations. Several other countries have filed international complaints against the USA for blocking their countries' gambling operations. The US has also arrested the executives of several gambling operations, and companies that assisted those gambling operations. Out of sight, out of mind may help politicians show they are doing something because the voters stop complaining. But trying to suppress communications usually isn't that effective at stopping criminals. On the other hand, what can we do about the victims?
Re: Sun Project Blackbox / Portable Data Center
Jerry Dixon wrote: > We've looked at these from a DHS perspective and they are a great > concept. I know Sun has had the boxes here in DC on tour and worth > checking out. I believe FEMA was in process of looking into leveraging > them for disaster command centers along with the military. As a long time network professional, volunteer firefighter, CERT[*] team member/instructor, and Red Cross disaster response volunteer, I'd wonder why ANYONE would want one of these. If your "command center" is close enough to require this specialized configuration, YOU ARE TOO CLOSE. Please stay somewhere that you have functional/reliable power, walls that are not falling down, and hotel rooms for your staff. The idea of moving your data center INTO the hot zone would scare the bejeebers out of me. I've been to large fires, hurricane aftermath, floods, tornado paths, and nowhere have I seen a need for these things. If you have a spare data center somewhere "geographically diverse" from your primary, you're golden and you don't need a unit like this. The concept of moving one of these things into an area that is still without normal utilities is not only dangerous to the equipment "in the box", but also begins to steal from the limited resources that are being used to rehabilitate the incident scene. Why not get a couple of high-powered communication trucks that would allow network connectivity from the disaster zone instead of endangering your hardware and putting non-essential personnel into a dangerous situation? Who's going to hire the private army that you are going to need to protect these monsters? (I understand that one is available) And who's bringing in the food for the poor technicians that are being deployed with the crate? If you have the choice of using preciously scarce fuel to power your data center in a box or to help prepare and transport meals to people in need, which will you do? Maybe I'm missing the point. If you told me you were using one of these to deploy a preliminary data center while a permanent facility was being built, I'd think you were much more on track, but for emergencies? AlanC [*] Community Emergency Response Team, not computer related: http://www.wakecountycert.org signature.asc Description: OpenPGP digital signature
RE: Sun Project Blackbox / Portable Data Center
We've looked at these from a DHS perspective and they are a great concept. I know Sun has had the boxes here in DC on tour and worth checking out. I believe FEMA was in process of looking into leveraging them for disaster command centers along with the military. I think the better approach is to not purchase one but to do a lease so that the hardware stays refreshed and keeps up with technology. I'm not sure if they've got a service model for doing the leases but would be a great way to go for large organizations where you can pay a fee to have them on standby but managed by Sun or the provider and brought to disaster sites on-demand. It would be interesting to talk to someone that has used one during a major event to get their take on them including spin up time to bring them online. Jerry _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lorell Hathcock Sent: Saturday, October 13, 2007 6:07 PM To: nanog@merit.edu Subject: RE: Sun Project Blackbox / Portable Data Center That's the issue with these things. It seems that everyone likes the idea, but no one wants to be the early adopters. It was pointed out to me that Google has patented the idea, but yet Sun has working on Project Blackbox for a couple of years. I wonder if there will be a legal battle between the two over this. The concept of a portable data center is seems like it could have some very specific uses. Others? - Military - Geo Physical / Seismic - Disaster Recovery - New Media / Web 2.0 The same box could also serve these industries with the same buildings but in a permanent location. Others? - Telecommunications / Fiber - Semi-Permanent Data Centers Lorell From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hex Star Sent: Saturday, October 13, 2007 3:49 PM To: Lorell Hathcock; nanog@merit.edu Subject: Re: Sun Project Blackbox / Portable Data Center On 10/12/07, Lorell Hathcock <[EMAIL PROTECTED]> wrote: www.sun.com/blackbox Has anyone seen one of these things in real life? I hear that there's been one sighted in Houston. I would love to take a tour. Also, is anyone using anything like this? It seems like they would make great fiber huts. I also find this very interesting but don't really know of anyone who has deployed this in their business
Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?
Florian Weimer wrote: Anyway, if you've got a customer account that was created with a stolen credit card, and you get complaints about activity on that account from various parties, and you still don't act, this shows a rather significant level of carelessness. The other side of the story is that it takes months to get local police to forward the criminal complaint to state police, and state police to issue an order for seizure, even in areas of Germany where I thought we had pretty good LE coverage. We also can't discount the possibility the "unresponsive" ISP is cooperating (willfully or not) with a police sting operation and can't respond in any way at all, for fear of jeopardizing it. Though I still say a year is likely too long.
RE: Sun Project Blackbox / Portable Data Center
On Sat, 2007-10-13 at 17:07 -0500, Lorell Hathcock wrote: > - Disaster Recovery I can see portable generators being part of DR, but not one or more portable data centers. How long would it take you to start up a second instance of all the hosts and devices you have in a data centers? Isn't the purpose of DR to recover quickly? I've seen a zillion data centers, and I've never seen two that look alike or carry the same sub systems. So the value of this idea is the case with the empty rackspace (IMHO) but then I would have to pre-fill it with all my same-kind hardware and then store it somewhere safe until I needed it, and I would want it online so that I could keep it in sync... at that point it's only benefit is that I could move it from site to site as hookup costs (data/power) fluctuate. > - New Media / Web 2.0 HUH? Like everyone else I think the idea is cool... just not sure how valuable it is. Then again, CALEA brings a different perspective, the DOJ could have a thousand of these things on standby ready to park outside your offices when necessary. :rolleyes: -Jim P.
RE: Sun Project Blackbox / Portable Data Center
That's the issue with these things. It seems that everyone likes the idea, but no one wants to be the early adopters. It was pointed out to me that Google has patented the idea, but yet Sun has working on Project Blackbox for a couple of years. I wonder if there will be a legal battle between the two over this. The concept of a portable data center is seems like it could have some very specific uses. Others? - Military - Geo Physical / Seismic - Disaster Recovery - New Media / Web 2.0 The same box could also serve these industries with the same buildings but in a permanent location. Others? - Telecommunications / Fiber - Semi-Permanent Data Centers Lorell From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hex Star Sent: Saturday, October 13, 2007 3:49 PM To: Lorell Hathcock; nanog@merit.edu Subject: Re: Sun Project Blackbox / Portable Data Center On 10/12/07, Lorell Hathcock <[EMAIL PROTECTED]> wrote: www.sun.com/blackbox Has anyone seen one of these things in real life? I hear that there's been one sighted in Houston. I would love to take a tour. Also, is anyone using anything like this? It seems like they would make great fiber huts. I also find this very interesting but don't really know of anyone who has deployed this in their business
Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?
Sean Donelan wrote: > I don't know of any ISP that regularly (i.e. more than once) refuses to > obey lawful orders of authorities in the relevant jurisdiction to take > action. No disagreement there, but take a look at the wording. "orders of authorities". Inference: It's ok if someone I'm leasing bandwidth to is spamming, sending out DoS attacks, child pornography. I don't have any subpoenas, therefore I won't take any actions. > The number of complaints isn't proof. > Should ISPs be responsible for the network stuff (traceability, > disruption of service, etc) and let the appropriate authorities enforce > the laws of each jurisdiction? Scenario: I run silsdomain.com which is leasing facilities in donelanNetworks.com My infrastructure consists of insecure servers which have been compromised and are now: 1) sending spam 2) housing malware 3) running botnets 4) hosting child porn Concerned networker, individual, anyone contacts [EMAIL PROTECTED]: -- Dear Donelan Network Admins, We've been trying to get in touch with someone at silsdomain.com which is being hosted from your IP space. It has come to our attention that silsdomain has been carrying out illicit and illegal activities. We've attempted to contact someone directly at silsdomain to no avail and we have yet to receive resolution, we are now attempting to contact you in hopes of curtailing some of these activities. Sincerely, Someone else on the Internet -- My inference from your message is, the appropriate response to an email or letter like this would be: -- Dear Someone else on the Internet, What you may see as child porn, others may see as art. What you may think of botnet traffic, we've labeled academic penetration testing. What you may view as spam, we view as opt-out redirection to opt-in. What you view as malware, we view as enhanced features in Windows that offers you advertisements and the weather. We appreciate you contacting us however we are only a network provider and not an authority on law enforcement. So while child porn may be illegal in the US let us not forget in Japan it is ok to bed underage children. Please contact overwhelmed law enforcement authorities chasing terrorists and provide them with the information necessary to assess your claim. Sincerely DonelanNetworks Staff. -- So let me not distort this any more than my own interpretation of your message. I understand the need for certain traffic to go through networks as evil as some traffic may be, perhaps there is an investigation already under way and sites are being left opened in hopes of "catching bigger fish". I also know factually that there are individuals in this industry who care about nothing more than making quarterly earnings and keeping their accounts in order. Personally, if I were a business owner, I would attempt my best to keep my networks in order and ensure that traffic being sent *from* my network to the world wasn't tainted in any shape form or fashion. What goes around comes around... Keep turning a blind eye to issues like botnets and spam... When the poop hits the fan and you are forced to curtail these activities when you've knowingly allowed them, they'll turn right back around and haunt you. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo echo @infiltrated|sed 's/^/sil/g;s/$/.net/g' http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743 "I hear much of people's calling out to punish the guilty, but very few are concerned to clear the innocent." Daniel Defoe
Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?
* Mike Lewinski: > Florian Weimer wrote: > >> I don't know what case prompted Ferg to post his message to NANOG, but I >> know that there are cases where failing to act is comparable to ignoring >> the screams for help of an "alleged" rape victim during the "alleged" >> crime. > > I'm reminded of this story from earlier this year: > > http://www.jsonline.com/story/index.aspx?id=568400 > > "For his effort, Van Iveren was charged with criminal trespass while > using a dangerous weapon, criminal damage to property while using a > dangerous weapon and disorderly conduct while using a dangerous > weapon, all criminal misdemeanors that carry a maximum total penalty > of 33 months in jail." That guy was no foreigner to the local police, apparently. I couldn't find anything regarding the outcome of his court appearance. Of course, if you run to the help of those in apparent need, you always risk looking very stupid. Anyway, if you've got a customer account that was created with a stolen credit card, and you get complaints about activity on that account from various parties, and you still don't act, this shows a rather significant level of carelessness. The other side of the story is that it takes months to get local police to forward the criminal complaint to state police, and state police to issue an order for seizure, even in areas of Germany where I thought we had pretty good LE coverage.
Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?
On Fri, 12 Oct 2007, Paul Ferguson wrote: No, not necessarily. Given that there are Tier 1 ISPs, Tier 2, etc., so you can certainly have some small-ish ISP colluding with criminal activity, in effect, by ignoring it or claiming ignorance. However, it's kind of hard to plead ignorance when, say, people continually alert them to the issues and they persist. I don't know of any ISP that regularly (i.e. more than once) refuses to obey lawful orders of authorities in the relevant jurisdiction to take action. There are disputes about what is the correct jurisdiction, and what is a lawful order. I predict in a month or so, someone else will be ranting about ISPs censoring their "First Amendment" right to do something. There are lots of laws around the world, lots of courts, and lots of law enforcement agencies. Somewhere in the world, there seems to be a law against almost anything. People make lots of complaints about all sorts of stuff that may not be illegal. The FCC receives hundreds of thousands of complaints about television and radio programs frome people who have never seen or heard them. The number of complaints isn't proof. On one hand, there are the pundits that claim ISPs will never be able to stop whatever favored activity is prohibited by law in a jurisdiction: VOIP bypass, copyright infringement, encourging public disorder, etc. How long was The Pirate Bay shutdown after authorities seized their equipment, but didn't arrest the people? On the other hand, there are the pundits that claim ISPs are ignoring whatever disfavored activity: indecency, defamation, blasphemy, fraud, etc. Should ISPs be responsible for the network stuff (traceability, disruption of service, etc) and let the appropriate authorities enforce the laws of each jurisdiction? Is the complaint about ISPs, or about some the lack of law enforcement resources in some jurisdictions?
Re: Sun Project Blackbox / Portable Data Center
On 10/12/07, Lorell Hathcock <[EMAIL PROTECTED]> wrote: > > www.sun.com/blackbox > > > > Has anyone seen one of these things in real life? > > > > I hear that there's been one sighted in Houston. I would love to take a > tour. > > > > Also, is anyone using anything like this? It seems like they would make > great fiber huts. > > > > > I also find this very interesting but don't really know of anyone who has deployed this in their business
Re: Geographic map of IPv6 availability
Nathan Ward <[EMAIL PROTECTED]> writes: > ... > Nice rant though :-) agreed. > ... > Does anyone have info on how bind (and other recursive resolvers) > select whether to use v6 or v4 if an NS points at a resource with both > A and records? Most OSes prefer the record, does bind behave > the same? yes. -- Paul Vixie
Re: Why do some ISP's have bandwidth quotas?
On Fri, 12 Oct 2007, Brandon Galbraith wrote: Not to drag this too far off topic, but have serious studies been done looking at moving switching fabric closer to the DSLAMs (versus doing everything PPPoE)? I know this sort of goes opposite of how ILECs are setup to dish out DSL, but as more traffic is being pushed user to user, it may make economic/technical sense. I know some som non-ILECs that do DSL bitstream via L3/MPLS IPVPN and IP DSLAMs, which then if they implement multicast in their VPN would be able to provide a service that could support multicast TV. For me any tunnel based bitstream doesn't scale for the future and in competetive markets it's already been going away (mostly because ISPs buying the bitstream service can't compete anyway). -- Mikael Abrahamssonemail: [EMAIL PROTECTED]