Re: Should Netflix and Hulu give you emergency alerts?

[Sean Donelan]

On Mon, 11 Mar 2019, Sean Donelan wrote:

Apple has announced its going to announce something on March 26.

I wonder if any reporters will ask if the new Apple TV supports emergency 
alerts?


Ugh, typo.  March 25 at 10 a.m. PDT

Hopefully, Tim Apple will forgive me :-)

I still want a reporter to ask Apple about emergency alerts though.

Re: Should Netflix and Hulu give you emergency alerts?

[Sean Donelan]

On Mon, 11 Mar 2019, Michael Thomas wrote:
It seems to me that it would be much better to use the standards we already 
have to deliver text, voice and video, and just make it a requirement that 
some list of devices must be able to listen for these announcements and act 
accordingly. It's not like compositing video or muting one audio stream in 
favor of the other is rocket science.


Ecosystem owners control what their smart devices do (and won't do). The 
major smart device ecosystem owners don't allow other parties to control 
their devices without going through ecosystem owner controlled APIs.


Amazon controls what echo speakers and fire tv do with alexa.

Apple controls what apple tv and apple homepod speakers do with siri.

Google controls what google home speakers do with google assistant.


I think you are correct, Netflix and Hulu are at the wrong layer. Netflix 
and Hulu don't control the smart TVs and smart speakers ecosystems used 
to present their content.  Amazon Alexa, Apple Siri and Google Assistant 
do.


Yes, there are add-on apps for weather and news, but without support by the 
ecosystem owner in the base operating system, add-on apps can't interrupt 
other Apps. I understand why ecosystem owners wouldn't want to give 
third-party Apps an API to interrupt other Apps. Ecosystem owners could 
include emergency alert functionality controlled as part of the base 
operating system/intelligent assistant, preserving whatever UX it wants 
without allowing other third-parties to interrupt.



Apple has announced its going to announce something on March 26.

I wonder if any reporters will ask if the new Apple TV supports emergency 
alerts?

Re: Should Netflix and Hulu give you emergency alerts?

[Michael Thomas]

On 3/11/19 6:57 PM, William Herrin wrote:
On Mon, Mar 11, 2019 at 6:25 PM Michael Thomas > wrote:

> This entire thing strikes me as a horrible layering violation. Why on
> earth should alerts be required to dogleg through content providers?
>
> It seems to me that it would be much better to use the standards we
> already have to deliver text, voice and video, and just make it a
> requirement that some list of devices must be able to listen for these
> announcements and act accordingly.

Hi Mike,

What;'s the plan then? Establish a multicast path throughout my 
backbone for the emergency alert messages and pray none of them loop 
back in to my system to create a storm? If my $30 home firewall 
receives a multicast message on the proper port it should rebroadcast 
it inside? What could go wrong!


Wide area multicast sucks dude. That's why we have video dogleg its 
way through content delivery networks in the first place.


While multicast would be advantageous, it's hardly required. Brute force 
and ignorance (= unicast) would work too.


And yeah, maybe you need to alert all of the "viewable" devices unless 
you have some way of detecting what I'm paying attention to.


Mike

Re: Should Netflix and Hulu give you emergency alerts?

[William Herrin]

On Mon, Mar 11, 2019 at 6:25 PM Michael Thomas  wrote:
> This entire thing strikes me as a horrible layering violation. Why on
> earth should alerts be required to dogleg through content providers?
>
> It seems to me that it would be much better to use the standards we
> already have to deliver text, voice and video, and just make it a
> requirement that some list of devices must be able to listen for these
> announcements and act accordingly.

Hi Mike,

What;'s the plan then? Establish a multicast path throughout my backbone
for the emergency alert messages and pray none of them loop back in to my
system to create a storm? If my $30 home firewall receives a multicast
message on the proper port it should rebroadcast it inside? What could go
wrong!

Wide area multicast sucks dude. That's why we have video dogleg its way
through content delivery networks in the first place.

Regards,
Bill Herrin


-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Dirtside Systems . Web: 

Re: Should Netflix and Hulu give you emergency alerts?

[Michael Thomas]

On 3/11/19 7:02 AM, Livingood, Jason wrote:

+1 to Rich's note: I agree we need to be careful not to extrapolate our 
experiences/devices/preferences to the average person. Emergency alerts serve a 
valuable purpose, especially when something like a wild fire or tornado or 
whatever is approaching and an extra few seconds or a minute of advance warning 
is the difference between life or death. There are many situations where a 
smartphone may not be present and/or where the person for example is too young 
to own one.

So yeah, to answer the original question, I think a lot of platforms probably 
will need to support emergency alerts over the next 10 years. As the reach of 
traditional broadcast channels for those alerts declines, it seems natural and 
good for society to shift to the channels that have attention. Of course, the 
devil is in the details but I'm sure thoughtful engineering, UX design, and 
administrative rules can be devised to make it effective and not annoying. ;-)

This entire thing strikes me as a horrible layering violation. Why on 
earth should alerts be required to dogleg through content providers? And 
what is a "content provider" anyway? My pizza delivery app? It looks 
like it sets up a lot of single points of failure. You can understand 
why it's that way for tv and radio -- there was only one way to deliver 
the side channel -- but that's completely untrue in this day and age. 
And while the point about not everyone having access to smartphones is 
valid, we need to keep in mind that any attempt to shoehorn this into 
content is going to take a decade of bickering and pushback. Does 
anybody think that in the US every phone, tv, etc, will not be internet 
enabled in 10 years?


It seems to me that it would be much better to use the standards we 
already have to deliver text, voice and video, and just make it a 
requirement that some list of devices must be able to listen for these 
announcements and act accordingly. It's not like compositing video or 
muting one audio stream in favor of the other is rocket science.


Mike

Re: Should Netflix and Hulu give you emergency alerts?

[William Herrin]

On Mon, Mar 11, 2019 at 10:53 AM Sean Donelan  wrote:
> On Mon, 11 Mar 2019, William Herrin wrote:
> > My cell phone woke me up in the middle of the night during a recent
landline
> > outage because the county felt the need to let me know that I wouldn't
be
> > able to call 911 if, you know, I happened to need to call 911. Thanks
guys.
> > Thanks a lot. And I can't block their messages. That's a problem.
>
> Can you spot the multiple planning and operating flaws?

I would have to say the most glaring flaw was that the message was not
actionable. No instructions for what to do instead. Just, "Hey, wake up!
You can't call 911 right now. Bye!"

Regards,
Bill Herrin

Re: Analysing traffic in context of rejecting RPKI invalids using pmacct

[Steve Meuse]

On Tue, Feb 12, 2019 at 1:15 PM Job Snijders  wrote:

>
>
> ps. Dear Kentik & Deepfield, please copy+paste this feature! We'll
> happily share development notes with you, you can even look at pmacct's
> source code for inspiration. :-)
>


Thanks Job, I just wanted to reach back out to you and the NANOG community
that we've implemented this feature. Currently Kentik can match flow data
with the following validation state:

- VALID = Prefix fits in ROA, and ROA ASN and Prefix Origin Match
- UNKNOWN = we haven't found any matching ROA
- INVALID - ASN mismatch = BGP prefix fits in the ROA prefix's length BUT
the ROA ASN differs from the Prefix Origin ASN
- INVALID - Prefix length out of bounds = the BGP prefix doesn't have an
ROA with large enough Max-Length to refer to
- INVALID - ASN 0 specified = there is a matching ROA w/ the right
max-length but the ASN associated w/ it is 0 (explicit invalid)

If anyone would like more information please hit me up offline.

-Steve

Re: Should Netflix and Hulu give you emergency alerts?

[Scott Fisher]

It would be nice if someone from the E911 space could add their 2cents
on this. Anyone from Intrado/West-Corp on the list?

Thanks,
Scott

On 3/11/19 1:53 PM, Sean Donelan wrote:
> On Mon, 11 Mar 2019, William Herrin wrote:
>> My cell phone woke me up in the middle of the night during a recent
>> landline
>> outage because the county felt the need to let me know that I wouldn't be
>> able to call 911 if, you know, I happened to need to call 911. Thanks
>> guys.
>> Thanks a lot. And I can't block their messages. That's a problem.
> 
> 1. VOIP, telcos and network operators have recurring 9-1-1 issues. 
> There has been multiple, multi-state 9-1-1 outages in the last few
> years. VOIP, telcos and network operators don't seem to have coherent
> plans how to handle multi-state 9-1-1 outages.  Don't worry, the FCC has
> their "best people" looking into it, again.
> 
> 2. Because that was something "that will never happen," there was no
> plan how to alert cellular subscribers.  In fact, the "TOE," Telephone
> Outage Emergency code for 9-1-1 outages is blocked from WEA cell phones.
> 
> 3. Since there is no multi-state plan and the official emergency alert
> code, TOE, is blocked from WEA; county emergency managers overrode the
> emergency alert system and used the "extreme alert" message instead.
> 
> Can you spot the multiple planning and operating flaws?
> 
> ===
> 
> In the U.S., you can always block all state/local emergency alerts,
> including "extreme alerts," on your cell phone. The downside is that
> opts-out of *ALL* state, local, weather, etc. emergency alerts, except
> national/presidential emergencies.
> 
> Canada doesn't allow opting out of emergency alerts by cellular
> subscribers.
> 
> I proposed to the FCC a less severe alert settings for informational
> advisories, which wouldn't set off the WEA alarm on your cell phone. But
> the message would appear, semi-unobtrusively.
> 
> BTW, it would make more sense for VOIP and Telco 9-1-1 operators to have
> a plan to notify people at the time they dial 9-1-1 it isn't working.
> But since 9-1-1 "never fails," they don't seem to want to have a plan.
> 

Re: Should Netflix and Hulu give you emergency alerts?

[Sean Donelan]

On Mon, 11 Mar 2019, William Herrin wrote:

My cell phone woke me up in the middle of the night during a recent landline
outage because the county felt the need to let me know that I wouldn't be
able to call 911 if, you know, I happened to need to call 911. Thanks guys.
Thanks a lot. And I can't block their messages. That's a problem.


1. VOIP, telcos and network operators have recurring 9-1-1 issues.  There 
has been multiple, multi-state 9-1-1 outages in the last few years. VOIP, 
telcos and network operators don't seem to have coherent plans how to 
handle multi-state 9-1-1 outages.  Don't worry, the FCC has their "best 
people" looking into it, again.


2. Because that was something "that will never happen," there was no plan 
how to alert cellular subscribers.  In fact, the "TOE," Telephone Outage 
Emergency code for 9-1-1 outages is blocked from WEA cell phones.


3. Since there is no multi-state plan and the official emergency alert 
code, TOE, is blocked from WEA; county emergency managers overrode the 
emergency alert system and used the "extreme alert" message instead.


Can you spot the multiple planning and operating flaws?

===

In the U.S., you can always block all state/local emergency alerts, 
including "extreme alerts," on your cell phone. The downside is that 
opts-out of *ALL* state, local, weather, etc. emergency alerts, except 
national/presidential emergencies.


Canada doesn't allow opting out of emergency alerts by cellular 
subscribers.


I proposed to the FCC a less severe alert settings for informational 
advisories, which wouldn't set off the WEA alarm on your cell phone. But 
the message would appear, semi-unobtrusively.


BTW, it would make more sense for VOIP and Telco 9-1-1 operators to have a 
plan to notify people at the time they dial 9-1-1 it isn't working. But 
since 9-1-1 "never fails," they don't seem to want to have a plan.

Re: Should Netflix and Hulu give you emergency alerts?

[Sean Donelan]

On Mon, 11 Mar 2019, Rich Kulawiec wrote:

This is why the service(s) should use confirmed opt-in on a per-device basis
and offer sufficient granularity that alerts are only sent to the people who
need/want them on the devices they need/want them on.


Other than nerds, which means people on the NANOG list :=), few people 
like configuring lots of individual devices. They usually don't. Its like 
blaming people for choosing bad passwords and not configuring devices 
securely. Defaults matter. That's why I keep emphasizing the role of 
"Intelligent Assistants" in these smart device ecosystems.


Apple Siri, Amazon Alexa, Google Assistent have positioned themselves as 
the entertainment and information device content management systems in 
the smart device world. When you connect a new smart device into you 
choice of intelligent assistant, all your emergency alert preferences 
should carry-over to the new device.  If you turned-off emergency alerts 
in your intelligent assistant in the past, alerts would be off on new 
devices. If you want alerts on in one room, and off in a different room, 
talk to your intelligent assistant. You shouldn't need to remember to do 
that each time you buy a new smart TV or smart speaker.


10 years ago, I might have said AT&T or Comcast instead of Amazon and 
Google, because Cable and Telco ISPs were trying to be the home network 
managers.  But CableLabs and ATIS have failed in that regard. Facebook is 
still a potential powerplayer, but seems to have missed the smart 
device/intelligent assistant boat.




This will eliminate some of the alarm fatigue as well as reducing the
transmission requirements.  It's just a rather straightforward exercise
in database management.


The opt-in versus opt-out decision is a huge debate in the emergency 
management world.


Less than 15% of people actively opt into emergency alerts on any system, 
but they complain loudly after disasters. Its a bit like asking people to 
remember to turn on airbags or anti-lock brakes in their cars.  Normal 
humans don't think about safety systems until after its too late. A plan 
to have a security guard unlock the fire exits in case of fire is a bad 
plan.


That inevitable human failure is why cable TV was forced to add emergency 
alerts in the 1990s, after a series of tornado outbreaks across the 
midwest, and cell phones were forced to add emergency alerts in the 
2000s after a different set of disasters.



Generally, I think imminent danger warnings should be enabled by default, 
with easy opt-out available.  Advisories and Informational alerts, such as 
Be On The Lookout (i.e. amber, blue, silver, etc) advisories should be 
opt-in, with do-not-disturb by default. Informational alerts should not
alert by default, unless the user actively opts-in; and should just appear 
in my daily headlines, timelines, guide, whatever your smart 
information content manager uses.


However, just like advertisers and social media company privacy policies 
-- I wouldn't trust Facebook to honor emergency alert settings, emergency 
managers tend to ignore their promises and user preferences. Strong 
emergency management guidance and training of emergency alert originators 
is also needed to avoid alert fatigue.  Its not strictly a technical 
problem, the people problems are harder to solve.

Re: Should Netflix and Hulu give you emergency alerts?

[William Herrin]

On Fri, Mar 8, 2019 at 2:22 PM Sean Donelan  wrote:

> "More and more people are opting out of the traditional television
> services," said Gregory Touhill, a cybersecurity expert who served at the
> Department of Homeland security and was the first-ever Federal Chief
> Information Security Officer. "There's a huge population out there that
> needs to help us rethink how we do this."
>

Hi Sean,

Here's my take:

If it has a screen or speaker and it connects to a network, it should be
capable of providing emergency alerts.

Every device capable of providing emergency alerts should allow them to be
easily and fully disabled. Even if there is a missile inbound, I don't need
20 devices trying to tell me all at once. In fact, the cacophony would
almost certainly make the alert hard to understand.

My cell phone woke me up in the middle of the night during a recent
landline outage because the county felt the need to let me know that I
wouldn't be able to call 911 if, you know, I happened to need to call 911.
Thanks guys. Thanks a lot. And I can't block their messages. That's a
problem.

Regards,
Bill Herrin


-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Dirtside Systems . Web: 

Re: Should Netflix and Hulu give you emergency alerts?

[Joseph J. Jsnyder III]

There is the other legal issues.  Adv geolocation isnt always correct and in 
some cases way off. If it is wrong no big deal.  If emerg alert geolocation is 
wrong you can open yourself up to huge legal action.



On March 9, 2019 3:27:18 PM EST, Seth Mattinen  wrote:
>On 3/9/19 12:03 PM, Sean Donelan wrote:
>> Automatically geo-locating indoor smart speakers and smart TVs is
>more 
>> difficult, but if advertisers can get geolocation information from
>AT&T, 
>> Amazon, Apple, Google, Sprint, T-Mobile, Verizon, etc; why can't 
>> emergency alerts?
>
>
>There's no technical reason emergency alerts can't be geo located. But 
>advertisers pay for it; emergency alerts aren't revenue generating.

Re: Free Open Source Network Operating Systems

[John Hay]

What about SONiC?
https://azure.github.io/SONiC/


On Sat, 9 Mar 2019 at 18:39, Jason Lixfeld  wrote:

> I could be making this up, but my understanding is that the Broadcom SDK
> is not free, and without the SDK, hardware interaction is limited.
>
> At one time ONL was a free ONIE NOS but sans SDK.
>
> https://github.com/opencomputeproject/OpenNetworkLinux ?
>
> Sent from my iPhone
>
> On Mar 9, 2019, at 11:08 AM, Colton Conor  wrote:
>
> What free, opensouce, network operating systems currently exist that run
> on whitebox broadcom or other merchant silicon switches?
>
> I know Cumulus is very popular, but I don't believe they have a free
> version that runs on whitebox switches right? Only on a virtual machine
> from what I can tell.
>
> I think if one of these vendors would release a free and truly opensource
> network operating system, with the option for paid support if needed, then
> whitebox switching would really take off. This would be similar to the
> Redhat model, but for the networking world.
>
> Right now, the cost of the whitebox plus a paid network operating system
> seems to equal the same cost as a discounted Juniper, Cisco, or Arista. I
> am not seeing the savings on paper.
>
> If we could just buy the whitebox hardware, and have a free operating
> system on there, then financially whitebox switches would be half the cost
> of a similar Cisco switch after discount.
>
> Am I missing something?
>
>
>

Re: Free Open Source Network Operating Systems

[Luke Marrott]

Been a long time since I’ve messed with it but Vyatta may be worth looking
at.

https://vyos.io/




On Sat, Mar 9, 2019 at 09:09 Colton Conor  wrote:

> What free, opensouce, network operating systems currently exist that run
> on whitebox broadcom or other merchant silicon switches?
>
> I know Cumulus is very popular, but I don't believe they have a free
> version that runs on whitebox switches right? Only on a virtual machine
> from what I can tell.
>
> I think if one of these vendors would release a free and truly opensource
> network operating system, with the option for paid support if needed, then
> whitebox switching would really take off. This would be similar to the
> Redhat model, but for the networking world.
>
> Right now, the cost of the whitebox plus a paid network operating system
> seems to equal the same cost as a discounted Juniper, Cisco, or Arista. I
> am not seeing the savings on paper.
>
> If we could just buy the whitebox hardware, and have a free operating
> system on there, then financially whitebox switches would be half the cost
> of a similar Cisco switch after discount.
>
> Am I missing something?
>
>
> --
:Luke Marrott

Re: Should Netflix and Hulu give you emergency alerts?

[Livingood, Jason]

+1 to Rich's note: I agree we need to be careful not to extrapolate our 
experiences/devices/preferences to the average person. Emergency alerts serve a 
valuable purpose, especially when something like a wild fire or tornado or 
whatever is approaching and an extra few seconds or a minute of advance warning 
is the difference between life or death. There are many situations where a 
smartphone may not be present and/or where the person for example is too young 
to own one.

So yeah, to answer the original question, I think a lot of platforms probably 
will need to support emergency alerts over the next 10 years. As the reach of 
traditional broadcast channels for those alerts declines, it seems natural and 
good for society to shift to the channels that have attention. Of course, the 
devil is in the details but I'm sure thoughtful engineering, UX design, and 
administrative rules can be devised to make it effective and not annoying. ;-)

Jason

On 3/10/19, 10:23 AM, "NANOG on behalf of Rich Kulawiec" 
 wrote:

A side point:

On Sat, Mar 09, 2019 at 02:04:33PM -0500, Sean Donelan wrote:
> Wireless Emergency Alerts (WEA), i.e., mobile phone alerts, are less than 
10
> years old. And mostly on the high-end expensive cell phones and the most
> expensive carriers. People on NANOG may use mostly expensive smartphones,
> but not everyone can afford smartphones.

That's an excellent point that's often lost among people who work in
our industry.  Not everyone is so wealthy as to afford the luxury of
a smartphone.  And not everyone can use one.  And not everyone wants one.

The first two items also happen to describe the people who are most
vulnerable to disasters and have the most difficulty getting assistance
recovering from them: the poor and the elderly.

---rsk

Re: Should Netflix and Hulu give you emergency alerts?

[Rich Kulawiec]

> Just wait until your connected home speakers, smart smoke detector, smart
> refrigerator, smart tv, cell phone, IP streaming box, satellite receiver,
> cable box, home security panel and your Fitbit all go off warning you
> of the cancellation of an Amber alert at 1:30am, because the good folks
> at AlertReady.Ca and Pelmorex think that everything needs to go out at
> highest precedence, because, well,  think of the children!

and

> And thus, in the first week the system was alive, alarm fatigue set in, the
> government confirmed that it cannot be trusted, and I revoked their
> privilege to use my personal devices for stuff I don't want.

This is why the service(s) should use confirmed opt-in on a per-device basis
and offer sufficient granularity that alerts are only sent to the people who
need/want them on the devices they need/want them on.  To fabricate some
examples:

Tornado alert: why, yes, I live in southwestern Kansas so definitely
send those to my home device.

Silver alert: nope.  I live in Queens and don't go out much and don't
drive, so I won't be on the road to see the license plate you're trying
to tell me about.  Never send me these.

Coastal flooding alert: maybe.  I live 130 miles from the coast and
at 550 feet, so any coastal flooding even that would affect me will be
beyond catastrophic.  So don't send that to my home device.  However,
I'm vacationing at the beach right now so send it to my mobile.

This will eliminate some of the alarm fatigue as well as reducing the
transmission requirements.  It's just a rather straightforward exercise
in database management.

---rsk

Re: GPS rollover

[Eric S. Raymond]

Matthew Petach :
> On Sun, Mar 10, 2019 at 8:04 PM Stephen Satchell  wrote:
> 
> > So far as I can tell with NTP, there was no issue with time sources
> > becoming false-tickers, including my local GPS appliance.  FWIW.
> >
> >
> I believe the rollover is *next* month, in April.   :)
> https://ics-cert.us-cert.gov/sites/default/files/documents/Memorandum_on_GPS_2019.pdf
> 
> "This paper is intended to provide an understanding of the possible effects
> of the April 6, 2019 GPS Week Number Rollover on Coordinated Universal Time
> derived from GPS devices."

I'm a domain expert in this area - lead of NTPsec and GPSD.

Everything said in that memo is correct.  I would add only that it is
more normal now than not for GPSes to have a hidden pivot date. "For
example, a particular GPS device may interpret the WN parameter
relative to a firmware creation date and would experience a similar
rollover event 1024 weeks after that firmware creation date." Yes,
exactly.

It is therefore unlikely that your GPSes will become falsetickers on 6
April.  That's the good news.  The bad news is that they *will* go
poof some unpredictable number of weeks later.
-- 
http://www.catb.org/~esr/";>Eric S. Raymond

My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.

Re: GPS rollover

[Matthew Petach]

On Sun, Mar 10, 2019 at 8:04 PM Stephen Satchell  wrote:

> So far as I can tell with NTP, there was no issue with time sources
> becoming false-tickers, including my local GPS appliance.  FWIW.
>
>
I believe the rollover is *next* month, in April.   :)
https://ics-cert.us-cert.gov/sites/default/files/documents/Memorandum_on_GPS_2019.pdf

"This paper is intended to provide an understanding of the possible effects
of the April 6, 2019 GPS Week Number Rollover on Coordinated Universal Time
derived from GPS devices."

Matt