Re: NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies

[JASON BOTHE via NANOG]

Excellent work. I’m curious to know how many of the big ASs are participating 
to date. If you or anyone on the list knows if this is published please let me 
know. 

Thanks

J~

> On Mar 25, 2020, at 21:03, Michel Py  wrote:
> 
> Hi Job,
> 
>> Job Snijders wrote :
>> Exciting news! Today NTT's Global IP Network (AS 2914) enabled RPKI based 
>> BGP Origin Validation on virtually all
>> EBGP sessions, both customer and peering edge. This change positively 
>> impacts the Internet routing system.
> 
> Great, and thanks !
> I do have a question, the same one everyone has on their mind :
> How much whining / angry customers / calls / etc came out of it ?
> 
> 
> Why did you say anything instead of eventually blaming it on the coronavirus 
> ?  :P
> 
> 
> Michel.

Re: NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies

[Michel Py]

Hi Job,

> Job Snijders wrote :
> Exciting news! Today NTT's Global IP Network (AS 2914) enabled RPKI based BGP 
> Origin Validation on virtually all
> EBGP sessions, both customer and peering edge. This change positively impacts 
> the Internet routing system.

Great, and thanks !
I do have a question, the same one everyone has on their mind :
How much whining / angry customers / calls / etc came out of it ?


Why did you say anything instead of eventually blaming it on the coronavirus ?  
:P


Michel.

Re: free collaborative tools for low BW and losy connections

[Grant Taylor via NANOG]

On 3/25/20 11:27 AM, Nick Hilliard wrote:

nntp is a non-scalable protocol which broke under its own weight.


That statement surprises me.  But I'm WAY late to the NNTP / Usenet game.

Threaded news-readers are a great way of catching up with large mailing 
lists if you're prepared to put in the effort to create a bidirectional 
gateway.  But that's really a statement that mail readers are usually 
terrible at handling large threads rather than a statement about nntp as 
a useful media delivery protocol.


Especially when most of the news readers that I use or hear others talk 
about using are primarily email clients that also happen to be news 
clients.  As such, it's the same threading code.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies

[Job Snijders]

Dear group,

Exciting news! Today NTT's Global IP Network (AS 2914) enabled RPKI
based BGP Origin Validation on virtually all EBGP sessions, both
customer and peering edge. This change positively impacts the Internet
routing system.

The use of RPKI technology is a critical component in our efforts to
improve Internet routing stability and reduce the negative impact of
misconfigurations or malicious attacks. RPKI Invalid route announcements
are now rejected in NTT EBGP ingress policies. A nice side effect:
peerlock AS_PATH filters are incredibly effective when combined with
RPKI OV.

For NTT, this is the result of a multiyear project, which included
outreach, education, collaboration with industry partners, and
production of open source software shared among colleagues in the
industry.

Shout out to Louis & team (Cloudflare) for the open source GoRTR
software and the OpenBSD project for rpki-client(8).

I hope some take this news as encouragement to consider RPKI OV
"invalid == reject"-policies as safe to deploy in their own BGP
environments too. :-)

If you have questions, feel free to reach out to me directly or the
NTT NOC at .

Kind regards,

Job

Re: [EXT] Shining a light on ambulance chasers - Noction

[Chuck Anderson]

Let's start a public blacklist, sort of like a RBL reputation block list or 
800notes.com, but for companies to "never to do business with" for spamming.

On Wed, Mar 25, 2020 at 06:11:41PM -0400, Martin Hannigan wrote:
> This is overt and more than DB scraping IMHO. It's repulsive.
> 
> Public pressure is the only way to police _this_.
> 
> YMMV,
> 
> -M<
> 
> On Wed, Mar 25, 2020 at 4:30 PM Chuck Anderson  wrote:
> 
> > Someone should tell them what happened to Cogent for scraping ARIN WHOIS.
> >
> > On Wed, Mar 25, 2020 at 04:13:51PM -0400, Rodney Joffe wrote:
> > > Under the heading of sales spam from our community that is in even
> > poorer taste, and sucks:
> > >
> > >
> > > Begin forwarded message:
> > >
> > > > From: Josh Ankin 
> > > > Subject: BGP Management
> > > > Date: March 25, 2020 at 3:39:02 PM EDT
> > > > To: rjo...@centergate.com
> > > > Reply-To: jan...@noction.com
> > > >
> > > > Hello Rodney,
> > > >
> > > > I know things are pretty hectic right now with COVID-19 precautions
> > being taken everywhere. I hope it's not affecting your team too much, and
> > most importantly, I hope everyone is safe.
> > > >
> > > > In recent months, I've been trying to bring your attention to BGP
> > optimization. However, our solution's other notable features can be of
> > utmost value at these uncertain times as the Internet traffic volumes and
> > patterns change
> > >
> > > Etc Etc

RE: [EXT] Shining a light on ambulance chasers - Noction

[Michel Py]

> In recent months, I've been trying to bring your attention to BGP 
> optimization.

Is that not the thing that leaked a massive amount of prefixes some time ago ?

Michel.

TSI Disclaimer:  This message and any files or text attached to it are intended 
only for the recipients named above and contain information that may be 
confidential or privileged. If you are not the intended recipient, you must not 
forward, copy, use or otherwise disclose this communication or the information 
contained herein. In the event you have received this message in error, please 
notify the sender immediately by replying to this message, and then delete all 
copies of it from your system. Thank you!...

Re: free collaborative tools for low BW and losy connections

[Grant Taylor via NANOG]

On 3/25/20 3:47 PM, Randy Bush wrote:

some of us still do uucp, over tcp and over pots.


My preference is to do UUCP over SSH (STDIO) over TCP/IP.  IMHO the SSH 
adds security (encryption and more friendly authentication (keys / certs 
/ Kerberos)) and reduces the number of ports that need to be exposed to 
the world / allowed through the network.



archaic, but still the right tool for some tasks.Yep.  Though I think they are 
few and far in between.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

[NANOG-announce] Updates Regarding COVID-19 and NANOG 79

[NANOG Marketing]

The health and safety of the NANOG community is our top priority. The NANOG
Board of Directors and Staff continue to assess preventative measures
concerning COVID-19, and if necessary, will take appropriate action to
reduce transmission of the virus.



Based on the CDC’s recommendations to cancel or postpone events that
consist of 50 people or more, we canceled the NANOG Connect event,
previously scheduled for March 27 in St. Louis. We have also tasked the
NANOG Program Committee (PC) with exploring the option of enhancing our
platform to allow for remote participation at NANOG 79, and future
meetings, in addition to in-person attendance. The PC will communicate more
details about this option as we draw closer to NANOG 79.



Registration to attend NANOG 79 (June 1-3, in Boston) remains open
, and
early-bird registration has been extended to May 1, 2020. We encourage the
community to continue submitting talk proposals
 for NANOG
79, and all future meetings. As NANOG 79 draws closer, we will keep the
community informed with further details. Our next update will be on April
15.



To learn more about COVID-19, we suggest consulting the following
authoritative sources in NANOG's service region: the Centers for Disease
Control and Prevention
, the World
Health Organization
, and Harvard
Medical School
,
which include common-sense advice on prevention and treatment.



Please contact us with any additional questions or concerns at any time:
nanog-supp...@nanog.org



Sincerely,

The NANOG Board of Directors and Staff
___
NANOG-announce mailing list
NANOG-announce@nanog.org
https://mailman.nanog.org/mailman/listinfo/nanog-announce

Re: [EXT] Shining a light on ambulance chasers - Noction

[Martin Hannigan]

This is overt and more than DB scraping IMHO. It's repulsive.

Public pressure is the only way to police _this_.

YMMV,

-M<

On Wed, Mar 25, 2020 at 4:30 PM Chuck Anderson  wrote:

> Someone should tell them what happened to Cogent for scraping ARIN WHOIS.
>
> On Wed, Mar 25, 2020 at 04:13:51PM -0400, Rodney Joffe wrote:
> > Under the heading of sales spam from our community that is in even
> poorer taste, and sucks:
> >
> >
> > Begin forwarded message:
> >
> > > From: Josh Ankin 
> > > Subject: BGP Management
> > > Date: March 25, 2020 at 3:39:02 PM EDT
> > > To: rjo...@centergate.com
> > > Reply-To: jan...@noction.com
> > >
> > > Hello Rodney,
> > >
> > > I know things are pretty hectic right now with COVID-19 precautions
> being taken everywhere. I hope it's not affecting your team too much, and
> most importantly, I hope everyone is safe.
> > >
> > > In recent months, I've been trying to bring your attention to BGP
> optimization. However, our solution's other notable features can be of
> utmost value at these uncertain times as the Internet traffic volumes and
> patterns change
> >
> > Etc Etc
>

Re: [EXT] Shining a light on ambulance chasers - Noction

[Kaiser, Erich]

I like that idea!

Erich Kaiser



On Wed, Mar 25, 2020 at 4:57 PM Mike Lyon  wrote:

>   Actually, you should route their calls to the IRS scammers who keep
> calling. I'm sure the two callers would have a lot of fun chatting with
> each other.
>
> On Wed, Mar 25, 2020 at 2:51 PM Kaiser, Erich  wrote:
>
>> Cogent calls me about 2-3 times a week.  TIme to start re-routing their
>> calls back to them..
>>
>> Erich Kaiser
>>
>> On Wed, Mar 25, 2020 at 3:29 PM Chuck Anderson  wrote:
>>
>>> Someone should tell them what happened to Cogent for scraping ARIN WHOIS.
>>>
>>> On Wed, Mar 25, 2020 at 04:13:51PM -0400, Rodney Joffe wrote:
>>> > Under the heading of sales spam from our community that is in even
>>> poorer taste, and sucks:
>>> >
>>> >
>>> > Begin forwarded message:
>>> >
>>> > > From: Josh Ankin 
>>> > > Subject: BGP Management
>>> > > Date: March 25, 2020 at 3:39:02 PM EDT
>>> > > To: rjo...@centergate.com
>>> > > Reply-To: jan...@noction.com
>>> > >
>>> > > Hello Rodney,
>>> > >
>>> > > I know things are pretty hectic right now with COVID-19 precautions
>>> being taken everywhere. I hope it's not affecting your team too much, and
>>> most importantly, I hope everyone is safe.
>>> > >
>>> > > In recent months, I've been trying to bring your attention to BGP
>>> optimization. However, our solution's other notable features can be of
>>> utmost value at these uncertain times as the Internet traffic volumes and
>>> patterns change
>>> >
>>> > Etc Etc
>>>
>>
>
> --
> Mike Lyon
> mike.l...@gmail.com
> http://www.linkedin.com/in/mlyon
>
>
>
>

Re: [EXT] Shining a light on ambulance chasers - Noction

[Mike Lyon]

  Actually, you should route their calls to the IRS scammers who keep
calling. I'm sure the two callers would have a lot of fun chatting with
each other.

On Wed, Mar 25, 2020 at 2:51 PM Kaiser, Erich  wrote:

> Cogent calls me about 2-3 times a week.  TIme to start re-routing their
> calls back to them..
>
> Erich Kaiser
>
> On Wed, Mar 25, 2020 at 3:29 PM Chuck Anderson  wrote:
>
>> Someone should tell them what happened to Cogent for scraping ARIN WHOIS.
>>
>> On Wed, Mar 25, 2020 at 04:13:51PM -0400, Rodney Joffe wrote:
>> > Under the heading of sales spam from our community that is in even
>> poorer taste, and sucks:
>> >
>> >
>> > Begin forwarded message:
>> >
>> > > From: Josh Ankin 
>> > > Subject: BGP Management
>> > > Date: March 25, 2020 at 3:39:02 PM EDT
>> > > To: rjo...@centergate.com
>> > > Reply-To: jan...@noction.com
>> > >
>> > > Hello Rodney,
>> > >
>> > > I know things are pretty hectic right now with COVID-19 precautions
>> being taken everywhere. I hope it's not affecting your team too much, and
>> most importantly, I hope everyone is safe.
>> > >
>> > > In recent months, I've been trying to bring your attention to BGP
>> optimization. However, our solution's other notable features can be of
>> utmost value at these uncertain times as the Internet traffic volumes and
>> patterns change
>> >
>> > Etc Etc
>>
>

-- 
Mike Lyon
mike.l...@gmail.com
http://www.linkedin.com/in/mlyon

Re: [EXT] Shining a light on ambulance chasers - Noction

[Shawn L via NANOG]

And here I actually went to their website (not Cogent -- they still call me all 
the time as well) to see what they sell.
 
 


-Original Message-
From: "Kaiser, Erich" 
Sent: Wednesday, March 25, 2020 5:50pm
To: "NANOG list" 
Subject: Re: [EXT] Shining a light on ambulance chasers - Noction




Cogent calls me about 2-3 times a week.  TIme to start re-routing their calls 
back to them..





Erich Kaiser

On Wed, Mar 25, 2020 at 3:29 PM Chuck Anderson <[ c...@wpi.edu ]( 
mailto:c...@wpi.edu )> wrote:Someone should tell them what happened to Cogent 
for scraping ARIN WHOIS.

 On Wed, Mar 25, 2020 at 04:13:51PM -0400, Rodney Joffe wrote:
 > Under the heading of sales spam from our community that is in even poorer 
 > taste, and sucks:
 > 
 > 
 > Begin forwarded message:
 > 
 > > From: Josh Ankin <[ jan...@noction.com ]( mailto:jan...@noction.com )>
 > > Subject: BGP Management
 > > Date: March 25, 2020 at 3:39:02 PM EDT
 > > To: [ rjo...@centergate.com ]( mailto:rjo...@centergate.com )
 > > Reply-To: [ jan...@noction.com ]( mailto:jan...@noction.com )
 > > 
 > > Hello Rodney,
 > >  
 > > I know things are pretty hectic right now with COVID-19 precautions being 
 > > taken everywhere. I hope it's not affecting your team too much, and most 
 > > importantly, I hope everyone is safe.
 > >  
 > > In recent months, I've been trying to bring your attention to BGP 
 > > optimization. However, our solution's other notable features can be of 
 > > utmost value at these uncertain times as the Internet traffic volumes and 
 > > patterns change
 > 
 > Etc Etc

Re: [EXT] Shining a light on ambulance chasers - Noction

[Kaiser, Erich]

Cogent calls me about 2-3 times a week.  TIme to start re-routing their
calls back to them..

Erich Kaiser

On Wed, Mar 25, 2020 at 3:29 PM Chuck Anderson  wrote:

> Someone should tell them what happened to Cogent for scraping ARIN WHOIS.
>
> On Wed, Mar 25, 2020 at 04:13:51PM -0400, Rodney Joffe wrote:
> > Under the heading of sales spam from our community that is in even
> poorer taste, and sucks:
> >
> >
> > Begin forwarded message:
> >
> > > From: Josh Ankin 
> > > Subject: BGP Management
> > > Date: March 25, 2020 at 3:39:02 PM EDT
> > > To: rjo...@centergate.com
> > > Reply-To: jan...@noction.com
> > >
> > > Hello Rodney,
> > >
> > > I know things are pretty hectic right now with COVID-19 precautions
> being taken everywhere. I hope it's not affecting your team too much, and
> most importantly, I hope everyone is safe.
> > >
> > > In recent months, I've been trying to bring your attention to BGP
> optimization. However, our solution's other notable features can be of
> utmost value at these uncertain times as the Internet traffic volumes and
> patterns change
> >
> > Etc Etc
>

Re: free collaborative tools for low BW and losy connections

[Randy Bush]

some of us still do uucp, over tcp and over pots.  archaic, but still
the right tool for some tasks.

randy

Re: free collaborative tools for low BW and losy connections

[Rich Kulawiec]

On Wed, Mar 25, 2020 at 09:59:53AM -0600, Grant Taylor via NANOG wrote:
> Something that might make you groan even more than NNTP is UUCP.  UUCP
> doesn't even have the system-to-system (real time) requirement that NNTP
> has.  It's quite possible to copy UUCP "Bag" files to removable media and
> use sneaker net t transfer things. 

I was remiss not to mention this as well.  *Absolutely* UUCP still has
its use cases, sneakernetting data among them.  It's been a long time
since "Never underestimate the bandwidth of a station wagon full of tapes"
(Dr. Warren Jackson, Director, UTCS) but it still holds true for certain
values of (transport container, storage medium).

---rsk

Re: [EXT] Shining a light on ambulance chasers - Noction

[Chuck Anderson]

Someone should tell them what happened to Cogent for scraping ARIN WHOIS.

On Wed, Mar 25, 2020 at 04:13:51PM -0400, Rodney Joffe wrote:
> Under the heading of sales spam from our community that is in even poorer 
> taste, and sucks:
> 
> 
> Begin forwarded message:
> 
> > From: Josh Ankin 
> > Subject: BGP Management
> > Date: March 25, 2020 at 3:39:02 PM EDT
> > To: rjo...@centergate.com
> > Reply-To: jan...@noction.com
> > 
> > Hello Rodney,
> >  
> > I know things are pretty hectic right now with COVID-19 precautions being 
> > taken everywhere. I hope it's not affecting your team too much, and most 
> > importantly, I hope everyone is safe.
> >  
> > In recent months, I've been trying to bring your attention to BGP 
> > optimization. However, our solution's other notable features can be of 
> > utmost value at these uncertain times as the Internet traffic volumes and 
> > patterns change
> 
> Etc Etc

Re: CISA critical infrastructure letters

[Jeff Shultz]

We've been told to make sure we have company ID (which has a photo,
albeit an old one) and a business card on us as well as the letter(s).

On Wed, Mar 25, 2020 at 11:38 AM Tim Požár  wrote:
>
> They are so open ended, they are really useless.  Not sure why they
> didn't issue this with a company affiliation, etc to nail it down to say
> credentials that the person may have with them.
>
> Back in my Broadcast Engineering days, I would get passes issued by the
> local LE such as the SF Police department or as a "Registered Disaster
> Service Worker" issued by the State of California.  Each of these would
> have my name, photo etc.  These were respected and got me through
> numerous police lines in the past.
>
> https://www.lns.com/house/pozar/laminates/
>
> On 3/25/20 11:20 AM, Sean Donelan wrote:
> > The CISA critical infrastructure letters are a courtesy request letter.
> > If people abuse its purpose, local officials do not need to extend any
> > courtesy and can deny access.
> >
> > The CISA letter is only for "providing emergency communications
> > sustainment and restoration support to critical communications
> > infrastructure facilities."
> >
> > It is NOT a general purpose, ignore anything or go anywhere letter.
> >
> > Do NOT abuse the courtesy or no one will extend the courtesy.



-- 
Jeff Shultz
Central Office Technician
SCTC
(503) 769-2125
Go Big  Ask for Gig

-- 
Like us on Social Media for News, Promotions, and other information!!

   
      
      
      














_ This message 
contains confidential information and is intended only for the individual 
named. If you are not the named addressee you should not disseminate, 
distribute or copy this e-mail. Please notify the sender immediately by 
e-mail if you have received this e-mail by mistake and delete this e-mail 
from your system. E-mail transmission cannot be guaranteed to be secure or 
error-free as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses. The sender therefore does 
not accept liability for any errors or omissions in the contents of this 
message, which arise as a result of e-mail transmission. _

Shining a light on ambulance chasers - Noction

[Rodney Joffe]

Under the heading of sales spam from our community that is in even poorer 
taste, and sucks:


Begin forwarded message:

> From: Josh Ankin 
> Subject: BGP Management
> Date: March 25, 2020 at 3:39:02 PM EDT
> To: rjo...@centergate.com
> Reply-To: jan...@noction.com
> 
> Hello Rodney,
>  
> I know things are pretty hectic right now with COVID-19 precautions being 
> taken everywhere. I hope it's not affecting your team too much, and most 
> importantly, I hope everyone is safe.
>  
> In recent months, I've been trying to bring your attention to BGP 
> optimization. However, our solution's other notable features can be of utmost 
> value at these uncertain times as the Internet traffic volumes and patterns 
> change

Etc Etc

Re: South Africa On Lockdown - Coronavirus - Update!

[Paul Nash]

Don’t hold your breath :-(.

> On Mar 24, 2020, at 4:55 PM, Mark Tinka  wrote:
> 
> 
> 
> On 24/Mar/20 22:48, Randy Bush wrote:
> 
>> almost all our cultures have gaps; but some worse than others.  we will
>> all learn lessons in the coming many months of plague.  i know an office
>> which lost key engineers last year because they would not let them work
>> remotely.  now the entire company is working remotely, and successfully.
> 
> The Coronavirus is amplifying and accelerating the new economy that is
> burgeoning at the borders.
> 
> With some luck, those that need to pay attention, are.
> 
> Mark.

Re: CISA critical infrastructure letters

[Danny McPherson]

Indeed, many folks are developing letters summarizing the specific 
company mission, employee role & authorization, and tethering that to 
the DHS access letter(s) with more information to inform / better enable 
anyone that may need to assess.


You should also be aware of any local / state requirements in the 
relevant jurisdictions (e.g., pre-notify some entity of travel _before 
it takes place in a restricted area) - FEMA maintains state re-entry and 
private sector contact information in various regions (with varying 
utility - it seems the ones that have dealt with natural disasters such 
as hurricanes, e.g., Region IV, are better prepared for this at the 
moment - harmonization would be good).


This certainly varies on a country by country basis as well (e.g., some 
require pre-established / vetting of critical role and then issue them 
only to specific individuals when necessary).  Ideally, if applicable 
your folks have already established those relationships in the event 
that they need them.



-danny


On 2020-03-25 15:02, Matt Erculiani wrote:

The letters are not to be confused with hall passes.;they don't even
have an individual's name on it.

They simply outline a federal mandate that already exists to inform
anyone who may not know.

Law enforcement of any area that has implemented "stay at home" or
"shelter in place" should already be briefed on who is permitted to be
out and about.

If you're stopped and have a letter, you may still be asked to
substantiate the critical nature of your trip, just like you would be
if you didn't have one.

-Matt

On Wed, Mar 25, 2020, 12:54 Scott Weeks 
wrote:


I got these.  One each for travel and fuel.  I could fake
one in 15 minutes or so.  Heck, I could probable find one
online and modify it in less time than that! Because of
that I don't see the usefulness.

scott

Re: CISA critical infrastructure letters

[Ben Cannon]

Disaster Service Workers are different - see this link for information on DSWs, 
which are typically Government employees that have had special training and 
swearing-in.  They are not (necessarily) telecom workers but telecom workers 
may be DSWs.

Information on current status of DSWs in CA during this emergency:  
https://www.caloes.ca.gov/cal-oes-divisions/administrative-services/disaster-service-worker-volunteer-program


-Ben Cannon
CEO 6x7 Networks & 6x7 Telecom, LLC 
b...@6by7.net 




> On Mar 25, 2020, at 11:36 AM, Tim Požár  wrote:
> 
> They are so open ended, they are really useless.  Not sure why they didn't 
> issue this with a company affiliation, etc to nail it down to say credentials 
> that the person may have with them.
> 
> Back in my Broadcast Engineering days, I would get passes issued by the local 
> LE such as the SF Police department or as a "Registered Disaster Service 
> Worker" issued by the State of California.  Each of these would have my name, 
> photo etc.  These were respected and got me through numerous police lines in 
> the past.
> 
> https://www.lns.com/house/pozar/laminates/
> 
> On 3/25/20 11:20 AM, Sean Donelan wrote:
>> The CISA critical infrastructure letters are a courtesy request letter. If 
>> people abuse its purpose, local officials do not need to extend any courtesy 
>> and can deny access.
>> The CISA letter is only for "providing emergency communications sustainment 
>> and restoration support to critical communications infrastructure 
>> facilities."
>> It is NOT a general purpose, ignore anything or go anywhere letter.
>> Do NOT abuse the courtesy or no one will extend the courtesy.

Re: CISA critical infrastructure letters

[Todd Underwood]

However, if you are stopped and don't have a letter, you're much more
likely to trigger the "bozo making stuff up" detector and get sent home.

Virtually no one stops to print out a weird document on their way to buy
beer.

I'm aware of security guards and telecom techs who have been sent home for
not having these documents in 'shelter in place' jurisdictions.

t

On Wed, Mar 25, 2020 at 3:04 PM Matt Erculiani  wrote:

> The letters are not to be confused with hall passes.;they don't even have
> an individual's name on it.
>
> They simply outline a federal mandate that already exists to inform anyone
> who may not know.
>
> Law enforcement of any area that has implemented "stay at home" or
> "shelter in place" should already be briefed on who is permitted to be out
> and about.
>
> If you're stopped and have a letter, you may still be asked to
> substantiate the critical nature of your trip, just like you would be if
> you didn't have one.
>
> -Matt
>
> On Wed, Mar 25, 2020, 12:54 Scott Weeks  wrote:
>
>>
>>
>> I got these.  One each for travel and fuel.  I could fake
>> one in 15 minutes or so.  Heck, I could probable find one
>> online and modify it in less time than that! Because of
>> that I don't see the usefulness.
>>
>> scott
>>
>

Re: CISA critical infrastructure letters

[Matt Erculiani]

The letters are not to be confused with hall passes.;they don't even have
an individual's name on it.

They simply outline a federal mandate that already exists to inform anyone
who may not know.

Law enforcement of any area that has implemented "stay at home" or "shelter
in place" should already be briefed on who is permitted to be out and about.

If you're stopped and have a letter, you may still be asked to substantiate
the critical nature of your trip, just like you would be if you didn't have
one.

-Matt

On Wed, Mar 25, 2020, 12:54 Scott Weeks  wrote:

>
>
> I got these.  One each for travel and fuel.  I could fake
> one in 15 minutes or so.  Heck, I could probable find one
> online and modify it in less time than that! Because of
> that I don't see the usefulness.
>
> scott
>

Re: CISA critical infrastructure letters

[Scott Weeks]

I got these.  One each for travel and fuel.  I could fake
one in 15 minutes or so.  Heck, I could probable find one 
online and modify it in less time than that! Because of 
that I don't see the usefulness.

scott

Re: CISA critical infrastructure letters

[Sean Donelan]

Proper planning prevents piss poor performance.

“You go to war with the army you have, not the army you might want or wish 
to have at a later time.”



When someone does the after-action report, that will need to be a topic 
then.  Right now, we've need to work with what we've got.




On Wed, 25 Mar 2020, Tim Požár wrote:
They are so open ended, they are really useless.  Not sure why they didn't 
issue this with a company affiliation, etc to nail it down to say credentials 
that the person may have with them.

Re: CISA critical infrastructure letters

[Tim Požár]

They are so open ended, they are really useless.  Not sure why they 
didn't issue this with a company affiliation, etc to nail it down to say 
credentials that the person may have with them.


Back in my Broadcast Engineering days, I would get passes issued by the 
local LE such as the SF Police department or as a "Registered Disaster 
Service Worker" issued by the State of California.  Each of these would 
have my name, photo etc.  These were respected and got me through 
numerous police lines in the past.


https://www.lns.com/house/pozar/laminates/

On 3/25/20 11:20 AM, Sean Donelan wrote:
The CISA critical infrastructure letters are a courtesy request letter. 
If people abuse its purpose, local officials do not need to extend any 
courtesy and can deny access.


The CISA letter is only for "providing emergency communications 
sustainment and restoration support to critical communications 
infrastructure facilities."


It is NOT a general purpose, ignore anything or go anywhere letter.

Do NOT abuse the courtesy or no one will extend the courtesy.

RE: [EXT] ISC BIND 9 breakage?

[Drew Weaver]

Normally when there is an impending doom moment with BIND or another software 
release there is at least some amount of coverage of it.

Was this not announced or known in advance?

Thanks,
-Drew

-Original Message-
From: NANOG  On Behalf Of Chuck Anderson
Sent: Wednesday, March 25, 2020 2:10 PM
To: nanog@nanog.org
Subject: Re: [EXT] ISC BIND 9 breakage?

On the BIND Users list:

https://lists.isc.org/pipermail/bind-users/2020-March/102820.html

On Wed, Mar 25, 2020 at 05:18:49PM +, Drew Weaver wrote:
> Did anyone else on CentOS 6 just have some DNS resolvers totally fall over?
> 
> I noticed that this command: dnssec-lookaside auto; was causing the issue. 
> The issue occurred right at about 1PM EST.

CISA critical infrastructure letters

[Sean Donelan]

The CISA critical infrastructure letters are a courtesy request letter. 
If people abuse its purpose, local officials do not need to extend any 
courtesy and can deny access.


The CISA letter is only for "providing emergency communications 
sustainment and restoration support to critical communications 
infrastructure facilities."


It is NOT a general purpose, ignore anything or go anywhere letter.

Do NOT abuse the courtesy or no one will extend the courtesy.

Re: ISC BIND 9 breakage?

[Owen DeLong]

Yeah, looks like that comment should have been updated to “harmless until…”

Owen


> On Mar 25, 2020, at 10:32 , Drew Weaver  wrote:
> 
> We just left the dnssec-lookaside auto; configuration in there. Probably 
> because it specifically says in the documentation from ISC that it won't hurt 
> anything to leave it in there...
> 
> # Configuring "dnssec-lookaside auto;" to activate this key is
># harmless
> 
> Guess not?
> 
> Thanks,
> -Drew
> 
> 
> 
> 
> -Original Message-
> From: Stephane Bortzmeyer  
> Sent: Wednesday, March 25, 2020 1:27 PM
> To: Drew Weaver 
> Cc: 'nanog@nanog.org' 
> Subject: Re: ISC BIND 9 breakage?
> 
> On Wed, Mar 25, 2020 at 05:18:49PM +,  Drew Weaver 
>  wrote  a message of 97 lines which said:
> 
>> Did anyone else on CentOS 6 just have some DNS resolvers totally fall over?
> 
> dlv.isc.org signatures just expired.
> 
>># NOTE: The ISC DLV zone is being phased out as of February
>>2017;
> 
> And yet some people still use it, it seems.

Re: [EXT] ISC BIND 9 breakage?

[Chuck Anderson]

On the BIND Users list:

https://lists.isc.org/pipermail/bind-users/2020-March/102820.html

On Wed, Mar 25, 2020 at 05:18:49PM +, Drew Weaver wrote:
> Did anyone else on CentOS 6 just have some DNS resolvers totally fall over?
> 
> I noticed that this command: dnssec-lookaside auto; was causing the issue. 
> The issue occurred right at about 1PM EST.

Re: free collaborative tools for low BW and losy connections

[Scott Weeks]

Thanks, my facepalm moment of the day (so far; it's 
only 7:30am here) is...

Use tools from the past when the connections everywhere
were losy and slow.  They already mentioned RT.  I'll
mention that and NNTP/UUCP/etc.

scott

RE: ISC BIND 9 breakage?

[Drew Weaver]

We just left the dnssec-lookaside auto; configuration in there. Probably 
because it specifically says in the documentation from ISC that it won't hurt 
anything to leave it in there...

# Configuring "dnssec-lookaside auto;" to activate this key is
# harmless

Guess not?

Thanks,
-Drew




-Original Message-
From: Stephane Bortzmeyer  
Sent: Wednesday, March 25, 2020 1:27 PM
To: Drew Weaver 
Cc: 'nanog@nanog.org' 
Subject: Re: ISC BIND 9 breakage?

On Wed, Mar 25, 2020 at 05:18:49PM +,  Drew Weaver  
wrote  a message of 97 lines which said:

> Did anyone else on CentOS 6 just have some DNS resolvers totally fall over?

dlv.isc.org signatures just expired.

> # NOTE: The ISC DLV zone is being phased out as of February
> 2017;

And yet some people still use it, it seems.

Re: free collaborative tools for low BW and losy connections

[Nick Hilliard]

Paul Ebersman wrote on 25/03/2020 16:59:
And scary as it sounds, UUCP over SLIP/PPP worked remarkably 
robustly.
uucp is a batch oriented protocol so it's pretty decent for situations 
where there's no permanent connectivity, but uncompelling otherwise.


nntp is a non-scalable protocol which broke under its own weight. 
Threaded news-readers are a great way of catching up with large mailing 
lists if you're prepared to put in the effort to create a bidirectional 
gateway.  But that's really a statement that mail readers are usually 
terrible at handling large threads rather than a statement about nntp as 
a useful media delivery protocol.


Nick

Re: ISC BIND 9 breakage?

[Stephane Bortzmeyer]

On Wed, Mar 25, 2020 at 05:18:49PM +,
 Drew Weaver  wrote 
 a message of 97 lines which said:

> Did anyone else on CentOS 6 just have some DNS resolvers totally fall over?

dlv.isc.org signatures just expired.

> # NOTE: The ISC DLV zone is being phased out as of February
> 2017;

And yet some people still use it, it seems.

RE: ISC BIND 9 breakage?

[Drew Weaver]

Oh, yes. I am aware.

I am asking if anyone has any info as to why it just randomly stopped running 
perfectly normally at exactly 1PM EST?

Thanks,
-Drew


-Original Message-
From: Nick Hilliard  
Sent: Wednesday, March 25, 2020 1:21 PM
To: Drew Weaver 
Cc: 'nanog@nanog.org' 
Subject: Re: ISC BIND 9 breakage?

The fix is either to remove "dnssec-lookaside auto;" from the config or else 
set "dnssec-lookaside no;" and then reload named.

Nick

Drew Weaver wrote on 25/03/2020 17:18:
> Did anyone else on CentOS 6 just have some DNS resolvers totally fall over?
> 
> I noticed that this command: dnssec-lookaside auto; was causing the 
> issue. The issue occurred right at about 1PM EST.
> 
> I see this note in the ISC key file..
> 
> # ISC DLV: See https://www.isc.org/solutions/dlv for details.
> 
>      #
> 
>      # NOTE: The ISC DLV zone is being phased out as of February 
> 2017;
> 
>      # the key will remain in place but the zone will be otherwise 
> empty.
> 
>      # Configuring "dnssec-lookaside auto;" to activate this key 
> is
> 
>      # harmless, but is no longer useful and is not recommended.
> 
> It's not harmless anymore.
> 

Re: ISC BIND 9 breakage?

[Nick Hilliard]

The fix is either to remove "dnssec-lookaside auto;" from the config or 
else set "dnssec-lookaside no;" and then reload named.


Nick

Drew Weaver wrote on 25/03/2020 17:18:

Did anyone else on CentOS 6 just have some DNS resolvers totally fall over?

I noticed that this command: dnssec-lookaside auto; was causing the 
issue. The issue occurred right at about 1PM EST.


I see this note in the ISC key file..

# ISC DLV: See https://www.isc.org/solutions/dlv for details.

     #

     # NOTE: The ISC DLV zone is being phased out as of February 2017;

     # the key will remain in place but the zone will be otherwise 
empty.


     # Configuring "dnssec-lookaside auto;" to activate this key is

     # harmless, but is no longer useful and is not recommended.

It’s not harmless anymore.

ISC BIND 9 breakage?

[Drew Weaver]

Did anyone else on CentOS 6 just have some DNS resolvers totally fall over?

I noticed that this command: dnssec-lookaside auto; was causing the issue. The 
issue occurred right at about 1PM EST.

I see this note in the ISC key file..

# ISC DLV: See https://www.isc.org/solutions/dlv for details.
#
# NOTE: The ISC DLV zone is being phased out as of February 2017;
# the key will remain in place but the zone will be otherwise empty.
# Configuring "dnssec-lookaside auto;" to activate this key is
# harmless, but is no longer useful and is not recommended.

It's not harmless anymore.

Re: free collaborative tools for low BW and losy connections

[Paul Ebersman]

woody> UUCP kicks ass.

And scary as it sounds, UUCP over SLIP/PPP worked remarkably
robustly. When system/network resources are skinny or scarce, you get
really good at keeping things working.

:)

Re: free collaborative tools for low BW and losy connections

[Bill Woodcock]

> On Mar 25, 2020, at 4:59 PM, Grant Taylor via NANOG  wrote:
> UUCP doesn't even have the system-to-system (real time) requirement that NNTP 
> has.

Brian Buhrow and I replaced a completely failing 
database-synchronization-over-Microsoft-Exchange system with UUCP across 
American President Lines and Neptune Orient Lines fleets, back in the mid-90s.  
UUCP worked perfectly (Exchange connections were failing ~90% of the time), was 
much faster (average sync time on each change reduced from about three minutes 
to a few seconds), and saved them several million dollars a year in satellite 
bandwidth costs.

UUCP kicks ass.

-Bill



signature.asc
Description: Message signed with OpenPGP

Re: free collaborative tools for low BW and losy connections

[John Levine]

In article <9f22cde2-d0a2-1ea1-89e9-ae65c4d47...@tnetconsulting.net> you write:
>I hadn't considered having a per system NNTP server.  I sort of like the 
>idea.  I think it could emulate the functionality that I used to get out 
>of Lotus Notes & Domino with local database replication.  I rarely 
>needed the offline functionality, but having it was nice.  I also found 
>that the local database made searches a lot faster than waiting on them 
>to traverse the network.
>
>> Also note that bi- or unidirectional NNTP/SMTP gateways are useful.

I've been reading nanog and many other lists on my own NNTP server via
a straightforward mail gateway for about a decade.  Works great.  I'm
sending this message as a mail reply to a news article.

-- 
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

Re: free collaborative tools for low BW and losy connections

[Grant Taylor via NANOG]

On 3/25/20 5:39 AM, Rich Kulawiec wrote:> One of the tools that we've 
had for a very long time but which is
often overlooked is NNTP. It's an excellent way to move information 
around under exactly these circumstances: low bandwidth, lossy 
connections -- and intermittent connectivity, limited resources, 
etc.


I largely agree.  Though NNTP does depend on system-to-system TCP/IP 
connectivity.  I say system-to-system instead of end-to-end because 
there can be intermediate systems between the end systems.  NNTP's store 
and forward networking quite capable.


Something that might make you groan even more than NNTP is UUCP.  UUCP 
doesn't even have the system-to-system (real time) requirement that NNTP 
has.  It's quite possible to copy UUCP "Bag" files to removable media 
and use sneaker net t transfer things.  I've heard tell of people 
configuring UUCP on systems at the office, their notebook that they take 
with them, and systems at home.  The notebook (push or poll) connects to 
the systems that it can currently communicate with and transfers files.


UUCP can also be used to transfer files, news (NNTP: public (Usenet) and 
/ or private), email, and remote command execution.


Nearly any laptop/desktop has enough computing capacity to run an 
NNTP server


Agreed.  I dare say that anything that has a TCP/IP stack is probably 
capable of running an NNTP server (and / or UUCP).


depending on the quantity of information being moved 
around, it's not at all out of the question to do exactly that, so 
that every laptop/desktop (and thus every person) has their own copy 
right there, thus enabling them to continue using it in the absence 
of any connectivity.


I hadn't considered having a per system NNTP server.  I sort of like the 
idea.  I think it could emulate the functionality that I used to get out 
of Lotus Notes & Domino with local database replication.  I rarely 
needed the offline functionality, but having it was nice.  I also found 
that the local database made searches a lot faster than waiting on them 
to traverse the network.



Also note that bi- or unidirectional NNTP/SMTP gateways are useful.


Not only that, but given the inherent one-to-many nature of NNTP, you 
can probably get away with transmitting that message once instead of 
(potentially) once per recipient.  (Yes, I know that SMTP is supposed to 
optimize this, but I've seen times when it doesn't work, properly.)


It's not fancy, but anybody who demands fancy at a time like this is 
an idiot.  It *works*, it gets the basics done, and thanks to decades 
of development/experience, it holds up  well under duress.


I completely agree with your statement about NNTP.  I do think that UUCP 
probably holds up even better.  UUCP bag files make it easy to bridge 
communications across TCP/IP gaps.  You could probably even get NNTP and 
/ or UUCP to work across packet radio.  }:-)




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

Re: free collaborative tools for low BW and losy connections

[Rich Kulawiec]

One of the tools that we've had for a very long time but which is
often overlooked is NNTP. It's an excellent way to move information
around under exactly these circumstances: low bandwidth, lossy
connections -- and intermittent connectivity, limited resources, etc.

Nearly any laptop/desktop has enough computing capacity to run an
NNTP server and depending on the quantity of information being moved
around, it's not at all out of the question to do exactly that, so that
every laptop/desktop (and thus every person) has their own copy right
there, thus enabling them to continue using it in the absence of any
connectivity.

Also note that bi- or unidirectional NNTP/SMTP gateways are useful.

It's not fancy, but anybody who demands fancy at a time like this
is an idiot.  It *works*, it gets the basics done, and thanks to
decades of development/experience, it holds up  well under duress.

---rsk