Re: Current diameter of the Internet?
See https://voyager.jpl.nasa.gov/mission/status/ Thanks, Donald === Donald E. Eastlake 3rd d3e...@gmail.com On Sun, Jul 21, 2024 at 10:46 AM Josh Luthman wrote: > Where do you get 3 days? > > Voyager 1 is about 15.2B miles or 22.665707 hours at the speed of light. > > On Sat, Jul 20, 2024 at 7:12 PM Nathan Angelacos > wrote: > >> On Sat, 2024-07-20 at 00:58 -0500, Stas Bilder wrote: >> >> Pity we can’t ping Voyagers. >> >> S. >> >> >> >> ROTFL, you actually had me pull out Star Trek - The Movie... Wow... >> what a blast from 1979. >> >> So yeah ... According to our media outlets, RTT of the internet is ... um >> 3 days. >> >
Re: Smaller than a /24 for BGP?
Use Multipath TCP https://datatracker.ietf.org/group/mptcp/documents/ Thanks, Donald === Donald E. Eastlake 3rd 2386 Panoramic Circle, Apopka, FL 32703 USA d3e...@gmail.com On Sat, Jan 28, 2023 at 10:07 AM William Herrin wrote: > On Fri, Jan 27, 2023 at 9:49 PM Masataka Ohta > wrote: > > That multihomed sites are relying on the entire Internet > > for computation of the best ways to reach them is not > > healthy way of multihoming. > > This was studied in the IRTF RRG about a decade ago. There aren't any > other workable ways of multihoming compatible with the TCP protocol, > not even in theory. Every other mechanism imagined failed some basic > system constraint, usually the requirement that packets have > administrative permission to cross an intermediate network. So, > another way of multihoming critically depends on replacing the layer-4 > protocols with something that doesn't intermingle the IP address with > the connection identifier. > > For clarity: TCP's connection identifier consists of the source and > destination IP addresses plus the source and destination ports. Those > four elements, unique when combined, identify exactly one ongoing TCP > connection. Because of this, the connection must fail if the source or > destination IP addresses are no longer available to the source or > destination hosts. From this fact, we get the requirement that the > entire Internet learn when a particular IP address has changed its > position within the network. > > Regards, > Bill Herrin > > > -- > For hire. https://bill.herrin.us/resume/ >
Re: Jon Postel Re: 202210301538.AYC
an effect where it gets harder and harder to imagine someone else in the position, etc. But I wouldn't necessarily call it "totalitarian" and the length of time is much more important than the number of terms. If someone is elected Speaker of the US House of Representatives for 3 successive Congresses, thus serving for 6 years (3 terms) in that office, they will have substantial clout because of this but they can't rule the House like a dictator against the wishes of a majority of the representatives of their party who can vote them out of the Speaker's office and elect someone else whenever they want. The fact that it is possible for a Speaker to be so elected for 6 or more years and that this has happened does not make the US House of Representatives a "totalitarian" organization and I would not call it that. Thanks, Donald > Even if he would say that there is a mechanism for it. > Eduard > -Original Message- > From: Donald Eastlake [mailto:d3e...@gmail.com] > Sent: Monday, October 31, 2022 4:28 PM > To: Vasilenko Eduard ; North American Network > Operators' Group > Subject: Re: Jon Postel Re: 202210301538.AYC > > On Mon, Oct 31, 2022 at 2:37 AM Vasilenko Eduard via NANOG > wrote: > > > > 1. What is going on on the Internet is not democracy even formally, > > because there is no formal voting. > > 3GPP, ETSI, 802.11 have voting. IETF decisions are made by bosses who did > > manage to gain power (primarily by establishing a proper network of > > relationships). > > It could be even called “totalitarian” because IETF bosses could stay in > > one position for decades. > > I do not see how it can be called totalitarian given the IETF Nomcom > appointment and recall mechanisms. Admittedly it is not full on Sortition > (https://en.wikipedia.org/wiki/Sortition) but it is just one level of > indirection from Sortition. (See > https://www.forbes.com/sites/forbestechcouncil/2020/08/20/indirection-the-unsung-hero-of-software-engineering/?sh=2cc673587f47) > > Thanks, > Donald > > > ... > > > > Eduard
Re: Jon Postel Re: 202210301538.AYC
On Mon, Oct 31, 2022 at 2:37 AM Vasilenko Eduard via NANOG wrote: > > 1. What is going on on the Internet is not democracy even formally, > because there is no formal voting. > 3GPP, ETSI, 802.11 have voting. IETF decisions are made by bosses who did > manage to gain power (primarily by establishing a proper network of > relationships). > It could be even called “totalitarian” because IETF bosses could stay in one > position for decades. I do not see how it can be called totalitarian given the IETF Nomcom appointment and recall mechanisms. Admittedly it is not full on Sortition (https://en.wikipedia.org/wiki/Sortition) but it is just one level of indirection from Sortition. (See https://www.forbes.com/sites/forbestechcouncil/2020/08/20/indirection-the-unsung-hero-of-software-engineering/?sh=2cc673587f47) Thanks, Donald > ... > > Eduard
Re: how networking happens in Hawaii
See official apology of the United State to Hawaii https://www.govinfo.gov/content/pkg/STATUTE-107/pdf/STATUTE-107-Pg1510.pdf which includes these words: "apologizes to Native Hawaiians on behalf of the people of the United States for the overthrow of the Kingdom of Hawaii on January 17, 1893 with the participation of agents and citizens of the United States, and the deprivation of the rights of Native Hawaiians to self-determination;" Thanks, Donald === Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e...@gmail.com On Sat, Apr 30, 2022 at 7:09 PM scott via NANOG wrote: > > > On 4/30/2022 12:19 PM, Randy Bush wrote: > >> This reads a lot like dsl wars between ilecs and clecs in the late 90s > and > >> early 2ks. > > > > compounded by a 100+ year old military occupation > --- > Hee is definitely acting in an old school (meaning 60s/70s) Hawaii > manner... ;) > > Also, for the others here...on the occupation. I haven't read this > particular article, but I'm sure it covers the basics. The main question > is 'was it a nation when the US gov't overthrew Hawaii or was it a group > of individual kingdoms?' Many get that wrong and that's what matters to > international courts on the current issue of Hawaiian sovereignty. For > sure, it was a nation due to a forced treaty agreement with Kaumuali`i. > The rest of the individual island kingdoms were conquered with > violence by Kamehameha who then created a lahui..a nation. Therefore, > it is a military occupation. > > https://en.wikipedia.org/wiki/Overthrow_of_the_Hawaiian_Kingdom > > > scott > > well, that does it for the history lesson. ;-) >
Re: Nice work Ron
On Fri, Jan 22, 2021 at 9:07 PM Mark Andrews wrote: > Majority only means >50% > when there are 2 parties. > > When there is more than 2 parties the majority can be less than 50%. When > there is more than 2 parties, one uses the term “absolute majority” to > indicate >50%. At least in American English, less than 50% is not a "majority". The option getting the most votes, but less than 50%, among more than 2 is said to have a "plurality" of the votes. See https://en.wikipedia.org/wiki/Plurality Thanks, Donald === Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e...@gmail.com > There are more than 2 RIRs. > > If 40% of address are used in LACNIC, 30% in APNIC and 30% in RIPE then the > majority of addresses by region are in the LACNIC region. > > -- > Mark Andrews > > > On 22 Jan 2021, at 23:48, JORDI PALET MARTINEZ via NANOG > > wrote: > > > > > > > > El 22/1/21 13:25, "NANOG en nombre de Masataka Ohta" > > > mo...@necom830.hpcl.titech.ac.jp> escribió: > > > >JORDI PALET MARTINEZ via NANOG wrote: > > > >> My proposal added the clarification that "majority" is understood as "over > >> 50%". > > > >And the proposal is denied to be unreasonable by Toma and, more > >aggressively, by me. > > > >So? > > > > [Jordi] The proposal, on this specific point, only made a "clarification", > > didn't mean an actual policy change. The existing policy already had > > "majority", so unless you believe that majority means something different > > than more than 50% (in the context of the full text), the change was > > "neutral". If anyone disagree with a policy in any region, MUST DO > > SOMETHING ABOUT THAT: "bring the problem to the policy list, discuss it > > with the community, and if needed make a policy proposal". In Spain we say > > "barking dogs seldom bite" and in this context means "if you complain, but > > don't act, then you have nothing to do". > > > >> The staff was already interpreting the policy like that, because > >> usually when you say majority, you mean more than half. Do you > >> agree on that? > > > >How can you ask such a question. already opposed by Toma and, > >more aggressively, by me, to me? > > > > [Jordi] I think if we don't agree what means majority, then it is difficult > > to get us understanding among ourselves, so that's why I'm asking if you > > agree that in English, majority means more than half. In Spanish it means > > that. > > > >My point is that locality requirement, whether it is 50% or 40%, is > >impractical and, with operational practices today, is not and can > >not be enforced. > > > > [Jordi] Then you need to come to the right mailing list and discuss that > > with the community. It is not me who decides that! > > > >>> The community decided that my proposal to add the explicit "footnote" > > > >Then, the "footnote" might be applicable to *SOME* part of "the > >community" but definitely not beyond it. > > > > [Jordi] A footnote in the policy manual is a clarification to the manual > > text, and of course *applies* to anyone who signs a contract with the RIR > > to obtain resources. > > > >Masataka Ohta
Re: shouting draft resisters, Parler
Hi, On Mon, Jan 11, 2021 at 8:23 PM John R. Levine wrote: > > I think it is reasonably clear this was a reference to the Iroquois Theatre > > fire where 602 people died. > > Not at all. The actual quote is > > The most stringent protection of free speech would not protect a man > falsely shouting fire in a theatre and causing a panic. > > The Iroquois fire was unfortunately all too real. As you can see by looking at your own quote, there is nothing about whether or not there actually is smoke or is a fire in the "crowded theater". Certainly the operators, owners, and builders of the Iroquois Theater all claimed that the exists were more than adequate and it was entirely the fault of the people who died from being crushed/trampled because they should have remained calm. Thanks, Donald === Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e...@gmail.com > As soon as the US entered WW I the first amendment basically went out the > window with the Espionage Act. Schenck was part of that. > > R's, > John
Re: shouting draft resisters, Parler
I think it is reasonably clear this was a reference to the Iroquois Theatre fire where 602 people died. https://en.wikipedia.org/wiki/Iroquois_Theatre_fire https://www.smithsonianmag.com/history/how-theater-blaze-killed-hundreds-forever-changed-way-we-approach-fire-safety-180969315/ Thanks, Donald === Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e...@gmail.com On Mon, Jan 11, 2021 at 5:56 PM John Levine wrote: > In article <35226213b6fcdc4a9c94f0bf30472...@mail.dessus.com> you write: > > > >That would make me wonder how many cases there have been of someone > >"shouting fire in a crowded theatre" where there was no fire and at > >least one person died as a result; ... > > Probably none. That metaphor was used by Justice Holmes in a > now-discredited Supreme Court decision Schenck v. U.S., which was > actually about handing out anti-draft leaflets during WW I. It was > overwrought then and has never been a useful guide to free speech law. > > This seems a wee bit distant from Parler or TOS or Sec 230. > > R's, > John >
Re: "Hacking" these days - purpose?
On Mon, Dec 14, 2020 at 12:10 PM Miles Fidelman wrote: > David Bass wrote: > > It becomes more clear when you think about the options out there, and > > get a little creative. Now a days it’s definitely chess that’s being > > played. > And here I thought the purpose of hacking is (still) having fun - you > know... hacking. > > As to chess... I've begun to think that the game to master is now Go... > capturing territory, not pieces, and instantaneous global state changes. https://fortune.com/2016/03/12/googles-go-computer-vs-human Donald d3e...@gmail.com Miles Fidelman > > -- > In theory, there is no difference between theory and practice. > In practice, there is. Yogi Berra > > Theory is when you know everything but nothing works. > Practice is when everything works but no one knows why. > In our lab, theory and practice are combined: > nothing works and no one knows why. ... unknown >
Re: RIPE our of IPv4
I think it is less historic than when IANA ran out of blocks to delegate to the regional registries. https://en.wikipedia.org/wiki/IPv4_address_exhaustion Thanks, Donald === Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e...@gmail.com On Mon, Nov 25, 2019 at 10:34 AM Tei wrote: > > Nice! > > Is this what I think it is?a historical moment for the internet > for the story books? > > On Mon, 25 Nov 2019 at 15:59, Dmitry Sherman wrote: > > > > Just received a mail that RIPE is out of IPv4: > > > > Dear colleagues, > > > > Today, at 15:35 UTC+1 on 25 November 2019, we made our final /22 IPv4 > > allocation from the last remaining addresses in our available pool. We have > > now run out of IPv4 addresses. > > > > > > Best regards, > > Dmitry Sherman > > Interhost Networks > > www.interhost.co.il > > dmi...@interhost.net > > Mob: 054-3181182 > > Sent from Steve's creature > > > > -- > -- > ℱin del ℳensaje.
Re: Google DNS intermittent ServFail for Disney subdomain
Looks like some Disney services are/have been down. http://downdetector.com/status/disneyworld Thanks, Donald === Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e...@gmail.com On Thu, Oct 19, 2017 at 11:41 PM, David Sotnickwrote: > Hi Nanog, > > I am principal network engineer for sister-studio to Disney Studios. They > have been struggling with DNS issues since Thursday 12th October. > > By all accounts it appears as though *some* of the Google DNS resolvers > cannot reach the authoritative nameservers for "studio.disney.com". > > This is causing ~20-30% of all DNS requests against Google Public DNS > 8.8.8.8 / 8.8.4.4 to fail for requests in this subdomain. > > The name servers reside in 153.7.233.0/24. > > Might someone be able to *connect me* with someone at Google to assist my > poor colleagues who are banging their heads against a brick wall here. > > Thank you, > David >
Re: Russian diplomats lingering near fiber optic cables
On Thu, Jun 1, 2017 at 10:15 PM, Joe Hamelinwrote: > > The Seattle Russian Embassy is in the Westin Building just 4 floors above > the fiber meet-me-room ... The only real Russian Embassy in the US is in Washington where their Ambassador is stationed, although arguably their UN Office in NYC has the status of am Embassy. Embassies have to do with international diplomacy. Their Seattle office is a consulate, which is what most people deal with for passports, visas, import/export permits, and similar personal/commercial stuff rather than diplomatic stuff. Commonly the Embassy of a country is also a consulate or, as it is sometimes described, has a consular affairs branch. See http://www.russianembassy.org/page/russian-consulates-in-the-u-s Thanks, Donald = Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e...@gmail.com > -- > Joe Hamelin, W7COM, Tulalip, WA, +1 (360) 474-7474
Re: TRILL
On Fri, Mar 24, 2017 at 8:46 AM,wrote: > > Hi all! > > Can anybody recommend any good resources on TRILL? Particularly anything that > addresses do's and don'ts or any problems and pitfalls. Also any experiences > deploying and using TRILL in networks that anybody would like to share would > be welcome. That might depend on your application and to some extent whose equipment you are using. You might want to contact the people at http://www.six.sk/?lang=en= or SANET https://www.infinera.com/how-sanet-created-a-different-kind-of-network-backbone-a-discussion-between-marian-durkovic-sanet-and-geoff-bennett-infinera/ Thanks, Donald === Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e...@gmail.com > For clarity, this is the TRILL I'm referring to: > https://en.m.wikipedia.org/wiki/TRILL_(computing) > > Jared
Re: ARIN just subdivided their last /17, /18, /19, /20, /21 and /22. Down to only /23s and /24s now. : ipv6
On Sat, Jun 27, 2015 at 1:23 PM, Lyndon Nerenberg lyn...@orthanc.ca wrote: On Jun 27, 2015, at 5:35 AM, Rafael Possamai raf...@gav.ufsc.br wrote: How long do you think it will take to completely get rid of IPv4? Or is it even going to happen at all? IPX ruled the roost, very popularly, for a little while. How long did it take to die? Why did it die? What were the triggers that pushed it over the cliff? I think there's a lot to be learned from that piece of recent history. Specifically, as a demonstration of how a most popular protocol can find itself ejected from the arena in the blink of an eye. I knew several people who built their career path on the assumptions of IPX. Ouch. There are reasonable arguments that IPX was better than IPv4 but IPv4 had all the mind share as the standard and IPX was the proprietary alternative. So everyone switched but more than a few were not happy afterward when the noticed the features they had lost. Thanks, Donald = Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e...@gmail.com --lyndon
Re: What would you do about questionable domain pointing A record to your IP address?
Hi, On Fri, Feb 20, 2015 at 12:08 PM, Anne P. Mitchell, Esq. amitch...@isipp.com wrote: All, We have a rather strange situation (well, strange to me, at least). We have an email reputation accreditation applicant, who otherwise looks clean, however there is a very strange and somewhat concerning domain being pointed to one of the applicant's IP addresses Let's call the domain example.com, and the IP address 127.0.0.1, for these purposes. Applicant is assigned 127.0.0.1. the rDNS correctly goes to their own domain. However, example.com (which in reality is a concerning domain name) claims 127.0.0.1 as their A record. I don't think having an A record in the DNS is really a claim. Let's say I want to send mail to company.example.com but I don't like them so much so I set up companySUCKS.foo.example.com pointing at their mail server either through an A record or a CNAME... Then, I believe, inside my mail, the mail could appear to be to per...@companysucks.foo.example.com if it wasn't blocked by some security mechanism. Perhaps this is protected speech or, with a few changes, a parody or something. See Section 4.1.3 You Can't Control What Names Point At You in my RFC http://tools.ietf.org/html/rfc3675 A somewhat similar thing is in Section 4.1.4.1 of that RFC where I was on social mailing list with an innocuous name and someone had long set up a forwarder so that if you sent email to cat-torturers@other.example (real left hand side, obviously not the real right hand side). It would get sent to the social mailing list and the that address would appear in the to: line inside the mail. For that particular crowd, most people thought this was pretty funny, but it is the same sort of thing. Of course, example.com is registered privately, and their DNS provider is one who is...umm... known to provide dns for domains seen in spam. As I see it, the applicant's options are: a) just not worry about it and keep an eye on it b) publish a really tight spf record on it, so if they are somehow compromised, email appearing to come from example.com and 127.0.0.1 should be denied c) not use the IP address at all (it's part of a substantially larger block) d) two or more of the above. Thoughts? What would you do? If it isn't actually causing a problem, a) seems viable but you could certainly do b) or c) or both if you feel like it. Anyway, I'm not a lawyer... :-) Donald = Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e...@gmail.com Thanks! Anne Anne P. Mitchell, Esq. CEO/President ISIPP SuretyMail Email Reputation, Accreditation Certification Your mail system + SuretyMail accreditation = delivered to their inbox! http://www.SuretyMail.com/ http://www.SuretyMail.eu/ Author: Section 6 of the Federal CAN-SPAM Act of 2003 Member, California Bar Cyberspace Law Committee Ret. Professor of Law, Lincoln Law School of San Jose 303-731-2121 | amitch...@isipp.com | @AnnePMitchell | Facebook/AnnePMitchell
Re: Why is .gov only for US government agencies?
Why is the Greek flag always flow at the Olympics as well as the Olympic and host nation flags? Why is Britain the only country allowed, under Universal Postal Union regulations to have no national identification on its stamps used in international mail? Basically, if you are first, you tend to get extra privileges. Same with .gov for the US government. Thanks, Donald = Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e...@gmail.com On Sun, Oct 19, 2014 at 8:05 AM, Matthew Petach mpet...@netflight.com wrote: Wondering if some of the long-time list members can shed some light on the question--why is the .gov top level domain only for use by US government agencies? Where do other world powers put their government agency domains? With the exception of the cctlds, shouldn't the top-level gtlds be generically open to anyone regardless of borders? Would love to get any info about the history of the decision to make it US-only. Thanks! Matt
Re: Marriott wifi blocking
IANAL but no, I think it most certainly does not, at least in the USA, depend on the terms of your *lease* agreement. In particular, I refer you to http://apps.fcc.gov/ecfs/document/view;?id=6518608517 where in the US Federal Communications Commission (FCC) specifically voided terms restricting Wi-Fi in space leased from the Massachusetts Port Authority at Boston airport as in violation of the OTARD (Over The Air Reception Device) FCC rules. This probably doesn't apply if you are a mere licensee but if you are a leaseholder, including being a tenant-in-possession, as you are if you rent a hotel room, I think they do apply. Thanks, Donald = Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e...@gmail.com On Fri, Oct 3, 2014 at 7:12 PM, Wayne E Bouchard w...@typo.org wrote: On Fri, Oct 03, 2014 at 02:23:46PM -0700, Keenan Tims wrote: The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers. I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum. I think that depends on the terms of your lease agreement. Could not a hotel or conference center operate reserve the right to employ active devices to disable any unauthorized wireless systems? Perhaps because they want to charge to provide that service, because they don't want errant signals leaking from their building, a rogue device could be considered an intruder and represent a risk to the network, or because they don't want someone setting up a system that would interfere with their wireless gear and take down other clients who are on premesis... Would not such an active device be quite appropriate there? -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Huawei Atom Router
Huawei has sales personal in the US and does sell here. See http://huawei.com/us/about-huawei/contact-us/index.htm And for a more recent Huawei management statement, see http://usa.chinadaily.com.cn/epaper/2014-04/28/content_17470474.htm Huawei executive says it still seeks US sales Thanks, Donald = Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e...@gmail.com On Mon, Aug 4, 2014 at 4:41 PM, Alain Hebert aheb...@pubnix.net wrote: Well, Wasn't the Huawei CEO that stated that they where not interested into the US market. ( And by proxy ... the Canadian one ) http://www.theregister.co.uk/2013/04/23/huawei_not_interested_in_us/ And a bunch of ban's around Oct 2013 from a wide variety of countries... That's maybe why not many people are talking about their products in our corner of the world =D - Alain Hebertaheb...@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443 On 08/04/14 15:56, Eric Dugas wrote: Has anyone seen/touched Huawei's Atom Router? It was announced at the Mobile World Congress 2014.. haven't seen anything on the Interweb since. I'd be interested in getting one or two units to play in my lab! http://www.huawei.com/mwc2014/en/articles/hw-328011.htm Eric
Re: US patent 5473599
Hi, See below On Wed, Apr 23, 2014 at 12:47 PM, Henning Brauer hb-na...@bsws.de wrote: * Paul WALL pauldotw...@gmail.com [2014-04-22 19:30]: Both CARP and VRRP use virtual router MAC addresses that start with 00:00:5e. This organizational unique identifier (OUI) is assigned to IANA, not OpenBSD or a related project. The CARP authors could have gotten their own from IEEE. OUIs are not free but the cost is quite reasonable (and was even more reasonable years ago when this unfortunate decision was made). we're an open source project, running on a rather small budget almost exclusively from donations, so quite reasonable doesn't cut it. While it is at the discretion of the IEEE Registration Authority, generally the IEEE RA will grant code point for standards use without any fee. While this is not all that clear from their web site, http://standards.ieee.org/develop/regauth/, except for standards use group (multicast) MAC addresses which are only for standards use and for which there is no charge, it is their policy. The next two octets for IPv4 VRRP are 00:01. Highly coincidentally, the CARP folks *also* decided to use 00:01 after they got upset at the IETF for dissing their slide deck. you're interpreting way too much in here. carp has been based on an earlier, never published vrrp implementatoin we had before realizing the patent problem. i don't remember any discussion about the OUI or, more general, the mac address choice. it's 10 years ago now, so i don't remember every single detail, changing the mac addr has pbly just been forgotten. not at least using sth but 00:01 for the 4th and 5th octet was likely a mistake. changing that now - wether just 4th/5th octet or to an entirely different, donated OUI - wouldn't be easy, unfortunately. acadmic discussion as long as we don't have a suitable OUI anyway. If either of these decisions had not been made, we would not be having this discussion today. we weren't really given a choice. as I said before, I'd much prefer we had just been given a multicast address etc. we tried. the IEEE/IETF/IANA processes have been an utter failure in our (limited) experience, not just in this case. might be different if you're $big_vendor with deep pockets, but that doesn't help either. That seems like a very scatter-shot claim. The process for applying for MAC addresses under the IANA OUI was regularized in RFC 5342, since updated to and replaced by RFC 7042. See http://www.rfc-editor.org/rfc/rfc7042.txt. Perhaps you were trying before RFC 5342? To get an assignment under IANA it must bet or standard use that is either an IETF standard or related to an IETF standard but it doesn't say what the relationship has to be. It must also be documented in an Internet Draft or an RFC but there is no technical screening for posting an Internet Draft so that doesn't seem like a barrier. It is subject to expert review. Thanks, Donald = Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e...@gmail.com ... ... -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, AG Hamburg HRB 128289, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
Matthew, On Mon, Apr 14, 2014 at 10:48 AM, Matthew Black matthew.bl...@csulb.eduwrote: Also on this same idea, in his book The Puzzle Palace, James Bamford claims that we knew of the pending attack on Pearl Harbor but did nothing, because that would compromise we broke the Japanese Purple Cipher. I assume you refers to pages 36 through 39 of The Puzzle Palace which is almost entirely a recounting of bureaucratic fumbling and delay. The sensitivity of a Purple Cipher decode did cause the intercepted information to be sent by a less immediate means to the US Naval authorities in Hawaii. Nevertheless, it was sent with every expectation that those authorities would receive it before the time of the attack. We do not know what those authorities would have done it they had received the intercept information as expected, instead of receiving it about 6 hours after the first bomb struck Pearl Harbor. Your implication that Bamford says we decided to do nothing bears no relationship to what Bamford actually wrote. Thanks, Donald = Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e...@gmail.com matthew black california state university, long beach -Original Message- From: William Herrin [mailto:b...@herrin.us] Sent: Friday, April 11, 2014 2:06 PM To: nanog@nanog.org Subject: Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] On Fri, Apr 11, 2014 at 4:10 PM, Niels Bakker niels=na...@bakker.net wrote: Please go read up on some recent and less recent history before making judgments on what would be unusually gutsy for that group of people. I'm not saying this has been happening but you will have to come up with a better defense than it seems unlikely to me personally. Let me know when someone finds the second shooter on the grassy knoll. As for me, I do have some first hand knowledge as to exactly how sensitive several portions of the federal government are to the security of the servers which hold their data. They may not hold YOUR data in high regard... but the word sensitive does not do justice to the attention lavished on THEIR servers' security. In WW2 we protected the secret of having cracked enigma by deliberately ignoring a lot of the knowledge we gained. So such things have happened. But we didn't use enigma ourselves -- none of our secrets were at risk. And our adversaries today have no secrets more valuable than our own. -Bill
Pearl Harbor
This is getting pretty far afield so I thought I should at least change the subject. There was no initial withdrawal of the Japanese ambassador - it was the Japanese withdrawing from negotiations with the USA over USA demands -- essentially Japan declaring that it had given up on finding compromise and would not accede to USA demands for Japanese troop withdrawals. There were two messages related to the negotiations from the Japanese government to their embassy in Washington. The first was so long and meandering, that it has to be broken into 14 parts for transmission. Only in the final and 14th part, which was transmitted more than 24 hours after the first 13 parts were sent, did it direct the withdrawal from negotiations. This was considered within the Japanese government as tantamount to a declaration of war and it was felt that the attack would be dishonorable if it was not communicated to the USA government before the attack. Thus, there was a second much shorter message that specifically directed that the withdrawal be communicated to the US Government, if possible to the US Secretary of State, no later than 1pm later that day, Sunday December 7th. (It was immediately apparent to the American's reading this message that 1pm in Washington was dawn in Hawaii and probably the time of an attack.) There were some other messages sent about the same time including one ordering the Japanese embassy to destroy all cipher machines and codes. There were delays in USA decryption and translation of all of these messages. Then there was delay in getting what was clearly a threat of war to someone in Washington high enough to take action. But those were accomplished more than two hours before the attack. (The Japanese embassy in Washington was by no means immune to bureaucracy and delay and did not read the messages in time to implement then before the attack.) The fastest way to communicate with the US military in Hawaii would have been analog scrambled telephone which was, correctly, considered to be insecure and inappropriate for information derived from a Purple intercept. Such scrambled calls had been unscrambled by other countries before. So, it was given to the War Department's message center, who said that it would be delivered directly within a half an hour, after they encrypted it and sent it by radio. However, atmospheric conditions blocked that method and the encrypted message was given by the message center to a commercial wire carrier to send. It arrived and was printed out at the carrier's office in Honolulu at 7:33am local time, 22 minutes before the first bomb fell. Although obviously encrypted, it was apparently not marked for any special urgent handling -- remember the sender had though it would arrive directly at the military authorities in Hawaii over an hour earlier. As a result, it was not actually delivered to those authorities until 2:40pm, after the attack was over, and not read until 20 minutes later after decryption. Thanks, Donald = Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e...@gmail.com On Mon, Apr 14, 2014 at 6:09 PM, Matthew Black matthew.bl...@csulb.edu wrote: IIRC, the message was sent via courier instead of cable or telephone to prevent interception. Did the military not even trust its own cryptographic methods? Or did they not think withdrawal of the Japanese ambassador was not very critical? matthew black california state university, long beach From: Donald Eastlake [mailto:d3e...@gmail.com] Sent: Monday, April 14, 2014 8:28 AM To: Matthew Black Cc: William Herrin; nanog@nanog.org Subject: Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Matthew, On Mon, Apr 14, 2014 at 10:48 AM, Matthew Black matthew.bl...@csulb.edu wrote: Also on this same idea, in his book The Puzzle Palace, James Bamford claims that we knew of the pending attack on Pearl Harbor but did nothing, because that would compromise we broke the Japanese Purple Cipher. I assume you refers to pages 36 through 39 of The Puzzle Palace which is almost entirely a recounting of bureaucratic fumbling and delay. The sensitivity of a Purple Cipher decode did cause the intercepted information to be sent by a less immediate means to the US Naval authorities in Hawaii. Nevertheless, it was sent with every expectation that those authorities would receive it before the time of the attack. We do not know what those authorities would have done it they had received the intercept information as expected, instead of receiving it about 6 hours after the first bomb struck Pearl Harbor. Your implication that Bamford says we decided to do nothing bears no relationship to what Bamford actually wrote. Thanks, Donald = Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e...@gmail.com matthew
Re: Big Temporary Networks
The 2015 WorldCon site selection is contested. There is a group seeking selection for the Disney Coronado Spring Resort in Florida but also competing groups seeking Spokane, Washington, and Helsinki, Finland. Thanks, Donald = Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e...@gmail.com On Thu, Sep 13, 2012 at 10:29 AM, Jay Ashworth j...@baylink.com wrote: My best friend just got back from Chicon 7 last week, this year's World Science Fiction Convention. He tells me that the networking at the con hotel, the Chicago Hyatt, was miserable, whether wired or wireless... and that Sprint 4G wasn't much better. I'm talking to the people who will probably be, in 2015, running the first Worldcon I can practically drive to, in Orlando, at -- I think -- the Disney World Resort. I've told them how critical the issue is for this market; they, predictably, replied We look forward to your patch. :-} I know without a doubt that this is a problem NANOG PCs deal with 3 times a year; is there any collected wisdom on the web already about how this has been dealt with, that I can pore over? Pointers to good archive threads? If not, do any of the people who've already done have 5 minutes to chime in on what they did and what they learned? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: F-ckin Leap Seconds, how do they work?
See International Earth Rotation Service, http://www.iers.org/, particularly http://data.iers.org/products/6/15003/orig/bulletina-xxv-026.txt Thanks, Donald = Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e...@gmail.com On Sat, Jun 30, 2012 at 9:16 PM, Paul WALL pauldotw...@gmail.com wrote: Comments? Drive Slow Paul
Re: Iran blocking essentially all encyrpted protocols
Probably better than Iran doing man-in-the-middle... Thanks, Donald = Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e...@gmail.com On Fri, Feb 10, 2012 at 1:26 PM, Ryan Malayter malay...@gmail.com wrote: Haven't seen this come through on NANOG yet: http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-encrypted-internet-traffic.ars Can anyone with the ability confirm that TCP/443 traffic from Iran has stopped?
Re: Megaupload.com seized
I have always had a certain fondness for paper. Thanks, Donald = Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e...@gmail.com On Sat, Jan 21, 2012 at 3:19 PM, George Bonser gbon...@seven.com wrote: Sure, but balance that with podunk.usa's possibly incompetent IT staff? It costs a lot of money to run a state of the art shop, but only incrementally more as you add more and more instances of essentially identical shops. I guess I have more trust that Google is going to get the redundancy, etc right than your average IT operation. Now whether you should *trust* Google with all of that information from a security standpoint is another kettle of fish. Mike I agree, Mike. Problem is that the communications infrastructure that enables these sorts of options is generally so reliable people don't think about what will happen if something happens between them and their data that takes out their access to those services. Imagine a situation where several municipal governments in, say, Santa Cruz County, California are using such services and there is a repeat of the Loma Prieta quake. Their data survives in Santa Clara county, their city offices survive but there is considerable damage to infrastructure and structures in their jurisdiction. But the communications is cut off between them and their data and time to repair is unknown. The city is now without email service. Employees in one department can't communicate with other departments. Access to their files is gone. They can't get the maps that show where those gas lines are. The local file server that had all that information was retired after the documents were transferred to the cloud and the same happened to the local mail server. At this point they are flying blind or relying on people's memories or maybe a scattering of documents people had printed out or saved local copies of. It's going to be a mess. The point is that the cloud seems like a great option but it relies on being able to reach that cloud. Your data may be safe and sound and your office may have survived without much wear, but if something happens in between, you might be sunk. And out in Podunk, there aren't often multiple paths. You are stuck with what you get. Or your cloud provider might announce they are going out of that business next week.
Re: ICANN approves .XXX red-light district for the Internet
See http://www.rfc-editor.org/rfc/rfc3675.txt. Thanks, Donald = Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street Milford, MA 01757 USA d3e...@gmail.com On Sat, Mar 26, 2011 at 6:21 PM, William Herrin b...@herrin.us wrote: On Sat, Mar 26, 2011 at 5:43 PM, John R. Levine jo...@iecc.com wrote: US Code TITLE 18 PART I CHAPTER 71 § 1470 http://www.law.cornell.edu/uscode/18/usc_sec_18_1470000-.html That law includes the phrase knowing that such other individual has not attained the age of 16 years. That's why porn sites have a home page that asks you how old you are. In court, willful negligence is generally the same thing as knowing. As far as I can tell from looking for case law, all the 1470 cases are basically child molestation cases where the 1470 count was piled on in addition to the real charges, unrelated to kids looking for porn sites. It gets messy because obscenity hinges on local community standards. But that's the rub -- as a porn purveyor you can't know what the community standards are in the user's community. Not many examples of web sites being taken to task for web content, not yet, but lots of examples of mail-order porn owners having a really bad year year, legally speaking. So, in short, there's no problem for .XXX to solve. Suppose, just for the sake of the argument, that a statute or precedent came about to the effect that a community which permits access to .xxx sites (by not censoring the DNS) implicitly accepts that kind of thing isn't obscenity under local law. Further, suppose its found that the individual in such communities circumventing the technical safeguards in place to censor his access to .xxx is solely liable for such access, that the porn purveyor is -presumed- to have a reasonable belief that said individual's activity was lawful... merely because they access the site using the .xxx extension. Suppose, in other words, it comes to be that an internet porn purveyor is protected from local community standards for obscenity so he need only worry about staying away from stuff that's illegal in his own back yard. Where the prosecution has to support a claim that the site is accessible other than through the .xxx name in order to survive an early motion to dismiss. -Bill -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: so big earthquake in JP
USGS now says magnitude 8.9. And there seem to have been three aftershocks so far, two in the 7.x range... Thanks, Donald On Fri, Mar 11, 2011 at 2:13 AM, Khurram Khan brokenf...@gmail.com wrote: bbc reports 8.8 magnitude with a tsunami. http://www.bbc.co.uk/news/world-asia-pacific-12709598 On Fri, Mar 11, 2011 at 12:08 AM, Bryan Irvine sparcta...@gmail.com wrote: On Thu, Mar 10, 2011 at 10:19 PM, Tomoya Yoshida yosh...@nttv6.jp wrote: Japan had so big terrible earthquake How big? I see reports of Tokyo, was Kyoto affected?
Re: Pica8 - Open Source Cloud Switch
On Tue, Oct 19, 2010 at 11:00 AM, Peter Ashwood-Smith peter.ashwoodsm...@huawei.com wrote: ... a) bigger layer 2 networks with Vmware type mobility and no IP address changes. Technolgies in this space are much more than just L2 switching, its L2 switching on larger scales with encapsulation, multipathing etc. This is where technologies like IEEE 802.1aq Shortest Path Bridging, IEEE 802.1ah mac-in-mac come to play. These tend to be appropriate for existing enterprise applications (or complete virtual desktops) and simply make existing DC L2 fabrics bigger and availale for virtualization. No application software changes required, its done under them and end hosts can't tell whats happening. And the IETF TRILL protocol. Donald ... Peter
DNS performance...
Hi, There are a large number of DNS servers available. See for example http://en.wikipedia.org/wiki/Comparison_of_DNS_server_software Does anyone know of good performance comparisons, especially for high end applications with lots of data/zones and/or high query/update rates? Thanks, Donald = Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street Milford, MA 01757 USA d3e...@gmail.com
Re: DNS performance...
On Wed, May 5, 2010 at 10:48 AM, Simon Perreault simon.perrea...@viagenie.ca wrote: On 2010-05-05 10:41, Donald Eastlake wrote: Does anyone know of good performance comparisons, especially for high end applications with lots of data/zones and/or high query/update rates? Recursive or authoritative? I'm actually interested in both. Thanks for the pointer! Donald For recursive, there are pretty good graphs here: http://unbound.net/documentation/ripe56_unbound_02.pdf Simon -- NAT64/DNS64 open-source -- http://ecdysis.viagenie.ca STUN/TURN server -- http://numb.viagenie.ca vCard 4.0 -- http://www.vcarddav.org
Re: DNS performance...
On Wed, May 5, 2010 at 1:45 PM, Mark Scholten m...@streamservice.nl wrote: -Original Message- From: Donald Eastlake [mailto:d3e...@gmail.com] Sent: Wednesday, May 05, 2010 4:41 PM ... Hi, There are a large number of DNS servers available. See for example http://en.wikipedia.org/wiki/Comparison_of_DNS_server_software Does anyone know of good performance comparisons, especially for high end applications with lots of data/zones and/or high query/update rates? One of the links below should have information about this: - http://tin2.nixcartel.org/~devdas/presentation/dns-scalability.pdf - http://tin2.nixcartel.org/~devdas/presentation/dnsdb.pdf Thanks for these pointers. For others who may be interested, the dns-scalability.pdf presentation appears to be a superset of the dnsdb.pdf presentation. Donald Please note this reports are not created by me. Regards, Mark Thanks, Donald = Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street Milford, MA 01757 USA d3e...@gmail.com