Re: [Nanog-futures] Memberships, Bylaws and other election matters
On Tue, Oct 05, 2010 at 10:02:24AM -0700, Shrdlu wrote: I've been following along on this, with quite some interest. I'd actually be happy to pay to be a member, and be able to retain my natural state as a recluse. As yet another recluse, I'd like to suggest an alternate line of thinking. I'm *not* necessarily suggesting that this is a great idea: I'm suggesting that given the organizational transition currently underway, that this is as good a time as any to put this on the table for discussion/debate. Why are there [in-person] meetings? They're expensive for the organization (Matthew's notes from last night indicate NANOG49 cost $423K), they're expensive for individuals, they're a hassle (to organize and to attend), and they only manage to involve a few hundred people (607 @ NANOG49) out of a much larger community. (That works out to about $700/attendee, if my math is right. And while Matthew's notes also point out that the particular location of NANOG49 made it more expensive than others, I think it's fairly safe to assume that the long-term trends in facilities, hotels, airfares, and other expenses are all: up.) (Query: is anyone in a position to answer this question: Out of those 607, how many have attended 1,2,3,4,5,etc. meetings? Or in other words, do meetings attract a diverse and changing constituent body, or do meetings attract the same people time after time?) It seems to me that *this group*, out of all possible groups out there, ought to be leading the way in pioneering virtual meetings that dramatically reduce costs, reduce hassles, and involve many more people. (Including, to touch on a point others have made, lots and lots of students. We need to be training our replacements, and I don't mean in the nuts-and-bolts of router configuration or flow analysis.) Yes, yes, I know about all the reasons in-person meetings have certain advantages: one group of challenges in going virtual is replicating those interactions. But again: *this group* seems uniquely qualified to address that set of challenges. ---rsk ___ Nanog-futures mailing list Nanog-futures@nanog.org https://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Transition update
I have no dog in this fight, as I don't participate in NANOG other than to comment on the mailing list occasionally, and to occasionally try to render or request help (usually offlist). But I'll comment that from my outsider's view back here in the cheap seats, what has happened is indistinguishable from a coup. There is the lack of information about what really happened; there is the nebulous citation of alleged problems whose severity necessitated this action; there is the marginalization of those asking direct questions; there is the lack of a cogent public plan; there is the reassurance that all will be revealed in good time; and there is the vote to be held to ratify that which is already done. Note carefully: I'm not expressing any opinion about the reality of what's happened, only about its appearance. I don't know what the reality is. I'm not even sure I care, if I put on my selfish hat for a moment: it probably won't matter to me no matter what it turns out to be. (Well, that's not entirely true: I certainly care about many of the people involved, across the board, as they've clearly tried to do the right thing, and in too-many-cases-to-count, they've really worked hard for the mutual benefit of everyone in the community. That means, among many other things, they deserve respect and gratitude, and the benefit of a doubt -- which I note they're getting.) So given that *appearance*, I think it's understandable that some folks have some questions. That could have -- and should have -- been anticipated. Like I said, I can see it from way back here in the cheap seats, so surely those with a much better view should be able to see it too. A simple here's what we're doing, here's why, here's why now, here's how we think it will go down, here's what we have covered, here's what we're winging, here's the rough plan could have been written in 15 minutes by anyone involved, and would have neatly dealt with [most of] this up-front. Now before anybody gets too bent out of shape over this: I've done exactly the same thing -- that is, been part of a sweeping reorg that while entirely well-intentioned, and arguably necessary, and in the long run, demonstrably the right move, was botched at the outset because the prime movers behind it didn't communicate clearly *from the beginning*, thus engendering mistrust, confusion, etc. One of the people arguing against that communication? Me. ---Rsk ___ Nanog-futures mailing list Nanog-futures@nanog.org https://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Disclaimers again (was Re: Fiber Cut in Italy)
On Mon, Nov 16, 2009 at 10:22:16AM -0800, Shrdlu wrote: Top posting only because there's no point in making anyone who's already seen it look at again. Can we please remind people in a friendly way that a disclaimer of this length doesn't belong on a mailing list? I concur, but will add or anywhere else. These disclaimers, which usually consist of equal parts demands, threats and insults, have absolutely no value whatsoever. I suggest adding links to these explanations (below) to the list FAQ, as well as making it a policy that disclaimers are never welcome on the NANOG lists. Stupid E-mail Disclaimers and the Stupid Users that Use Them http://attrition.org/security/rants/z/disclaimers.html Stupid Email Disclaimers http://www.goldmark.org/jeff/stupid-disclaimers/ Don't Send Bogus Legalistic Boilerplate http://www.river.com/users/share/etiquette/#legalistic ---Rsk ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] spam-l list
On Mon, May 11, 2009 at 01:41:13PM +1200, Simon Lyall wrote: A few people have pointed out that the spam-l list is being shutdown [1] Could anybody recommend an alternative open[2] anti-spam orientated list that people can be pointed to? Another list, run by long-time participants in spam-l, is being started. I'll pass along details as soon as I'm certain I have them straight. ---Rsk ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Fwd: ADMIN: Reminder on off-topic threads
On Tue, Apr 21, 2009 at 09:43:22PM -0700, Paul Ferguson wrote: But I have to say (again, apologies) that security issues on the Internet - -- and especially the lack of engagement from ISPs -- is a major, major problem that NANOG could be a major facilitator, instead of turning its back on the woeful state of security affairs. I strongly concur with this. In any event, I think security-related issues are much more on topic than ARIN IPv4 policy foo. I think I mildly disagree with this. The allocation of chunks of IPv4 space to dedicated abusers, and the hijacking of chunks of IPv4 space by abusers, are security-related issues. So if you mean ARIN IPv4 policy in the sense of what their policies and procedures are, then I agree with you; if you mean it in the sense of what the real-world consequences are, then I'm not so sure. ---Rsk ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Can we stop the Intercage discussion mess now?
On Thu, Sep 25, 2008 at 02:58:36PM -0400, Brian Raaen wrote: Agreed... Mailman has a feature for emergency moderation of all post, created just for flame wars like this. chuckle I rate this one a 2 on a 10 scale of toastiness. But I think I probably have a much higher threshold for discussions like this, due to copious experience with Usenet decades ago. Unless they encompass at least a thousand messages and last over a month, I consider them just a momentary blip. As to the appropriateness of the discussion, I can see where once it's moved past immediate-operational concerns, it's arguably off-topic for the main NANOG mailing list. But...I think it's a discussion that needs to happen *somewhere*, and needs to happen with the involvement of some of the same people who populate the nanog list. (And probably with the involvement of some people who don't.) I know some folks have suggested that this should be left to law enforcement, but that's foolish. Law enforcement against abusers is erratic, slow and incompetent at best; it tends to only happen when one of four things is true: (a) someone's running for office (b) positive PR is needed (c) a government has been publicly embarrrassed and needs a scapegoat or (d) someone with sufficient political connections, money, and/or power wants it. And even when it happens, it's ineffective: for example, token prosecutions of spammers have done nothing to make the spam problem any better. Multiple spyware vendors have settled their cases for pitifully small sums and then gone right back to work. But even if that weren't true, even if law enforcement worldwide had adequate staff, resources, training, clue, etc. to attempt something useful -- the legal framework really doesn't exist to deal with a spyware vendor in Italy using web sites in the US and targeting users via outbound spam servers in China. Abusers are very well aware of this, which is why some of them have distributed their operations accordingly, and why they make copious use of dummy corporations, mail drops, etc. And even if THAT were addressed (which is unlikely in our lifetimes)... this is OUR network. We built it. We're responsible for it, and part of that responsibility is seeing that it's not the origin or conduit for obvious, egregious, abusive activities. We shouldn't just punt that responsibility to someone else because we don't like the idea of dealing with it. I know it's unpleasant, onerous, time-consuming, annoying and everything else -- but we should do it anyway. ---Rsk ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Subject line Tag and footer
On Wed, May 07, 2008 at 05:18:04AM -0700, Steve Gibbard wrote: Most of the ohter mailing lists I'm on have such a tag [...] That's because they haven't figured out (per http://www.l33tskillz.org/writing/tagging-harmful/): - it violates the principle of minimal munging - tagging is no longer needed for filtering - tagging wastes precious space - it coddles the lazy and penalizes the conscientious - it discourages discussion - tagging is often broken - tagging doesn't scale to multiple lists My expectation is that NANOGites are clueful enough to choose and use mail clients that deal with headers, including RFC 2369 headers, gracefully. One workaround for people who can't do that (due to whatever constraints apply) is to use procmail or equivalent to munge the Subject line to their personal taste before local delivery. But c'mon, RFC 2369 is now ten years old and RFC 2919 is seven; it's well past time to leave the ill-considered practice of subject-line tagging behind us. ---Rsk ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
[Nanog-futures] Fwd: [EMAIL PROTECTED]: Please confirm (XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)]
It appears that [EMAIL PROTECTED] is using a challenge/response system (see below). This is an extremely bad idea -- so bad that I'm surprised that NANOG personnel aren't already well aware of it. (It's common knowledge among most of those working in the anti-spam field.) See, for example: Challenge-Response Anti-Spam Systems Considered Harmful http://linuxmafia.com/faq/Mail/challenge-response.html Vastly superior anti-spam methods which do not result in outbound abuse are available, well-documented, and easily implemented. If NANOG needs assistance with that, I'm sure any number of us would be happy to help out. But the C/R mechanism should be disabled immediately, before it's used to abuse third parties. ---Rsk - Forwarded message from NANOG Admins [EMAIL PROTECTED] - From: NANOG Admins [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please confirm (X) Date: Thu, 24 Apr 2008 22:59:37 UTC This is an automated message. The message you sent (attached below) requires confirmation before it can be delivered. To confirm that you sent the message below, simply reply to this email message. You do not need to modify anything in this message. Once this is done, your original email will be forwarded and no more confirmations will be necessary for future messages. --- Original Message Follows --- Received: from taos.firemountain.net ([207.114.3.54]) Received: from squonk.gsp.org (bltmd-207.114.17.169.dsl.charm.net [207.114.17.169]) Received: from avatar.gsp.org (avatar.gsp.org [192.168.0.11]) Received: from avatar.gsp.org (localhost [127.0.0.1]) Received: (from [EMAIL PROTECTED]) Date: Thu, 24 Apr 2008 18:56:11 -0400 From: Rich Kulawiec [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: In re: [EMAIL PROTECTED]: Never seen before! Gucci Prada Chanel, Message-ID: [EMAIL PROTECTED] (Original message truncated) - End forwarded message - ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Opinions requested: NANOG-worthy or not?
On Mon, Apr 14, 2008 at 12:49:06PM +0100, [EMAIL PROTECTED] wrote: Our Internet!? Yeah, our. I have this antique idea that we are a community, mutually responsible and obligated to each other. I view the totality of what we've built as a collective project. And I get, errrm, testy, when I perceive that some people are trying to unfairly exploit that to satiate personal greed. NOT that I mind anyone making a buck, or perhaps these days, a euro; but I mind when they do so by usurping resources that aren't theirs, but ours, in a collective sense. Yeah, yeah, I know: it's 2008, get over it. ;-) ---Rsk ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] Opinions requested: NANOG-worthy or not?
On Fri, Apr 11, 2008 at 12:19:38PM -0600, Sean Figgins wrote: Old news. I elected not to post it to NANOG, but unless I'm mistaken, it's actually new news: we knew that NetSol has been stealing domains, but stealing subdomains isn't something I'd seen before. Of course, given how pervasively evil NetSol has turned out to be, it's getting increasingly difficult to keep track of all they ways they've attempted to turn our Internet into their personal profit center. ---Rsk ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] default routes question or any way to do the rebundant
On Fri, Mar 21, 2008 at 06:55:33AM -0500, Pete Templin wrote: Last I heard, there were ~9,000 subscribers to this list. Is it truly prudent of the list to be tech support for all the world? All I'm asking for, and all I'm trying to generate thoughtful discussion about, is boundaries. I understand this sentiment, as I've often felt the same way in other contexts. (And no doubt some of my own inept questions over the years have elicited the same feelings from others.) But I'd like to suggest that whatever that boundary is, we're nowhere near it. The list is not awash in an endless stream of elementary questions, nor is there any sign that it's going to be. In my opinion, it's a theoretical problem that we don't need to expend energy solving until/unless there is convincing evidence that it's going to transition to a real problem. And we have collectively expended more human effort discussing this than was expended in providing the responses. I understand this, or at least I think I do, because I have my own control-freakish tendencies when it comes to running mailing lists. But after decades of doing so, I think I'm finally learning that it's not worth trying to anticipate every possible way things could go wrong and pre-emptively trying to address them. (And it it *does* become a real problem? Maybe nanog-newbies, where people like me who often get lost in esoteric routing discussions can ask our naive questions of an audience that's prepared to address them.) ---Rsk ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] default routes question or any way to do the rebundant
On Fri, Mar 21, 2008 at 08:59:27AM -0500, Pete Templin wrote: Think definition of scope as the boundary, not rate of perceived off-topic messages as the boundary - we've had messages that were far better served by user-oriented (rather than operator-oriented) resources. Oh, I agree that such messages go by from time to time, but I'm not sure anything more than: read this FAQ check this documents see this web page go ask on this mailing list, wiki, blog, etc. is needed to deal with those. Yes, we might agree that they're off-topic, repetitive, annoying, etc., but -- and I'm not being flip -- so what? Unless they have accompanying negative effects such as mass unsubscription from people who are sick of them I don't see a need to define a boundary (which would presumably leave these on the outside). Many years ago (and sometimes still now) I took the approach that the best way to keep mailing lists and newsgroups focused was to try to enumerate their scope in minute detail. I was counseled at the time that perhaps this wasn't the best approach, because all such attempts are doomed to fail, and when they do, there will inevitably be arguments of the form: But you didn't say [this particular topic] was disallowed! But it is clearly related to [foo] and [bar], don't you see? No, I don't, it's obviously different, you're being arbitrary! the fallout from which is invariably worse than just letting the discussion wind itself through to a natural conclusion and moving on. I have slowly learned (slowly because I'm a stubborn bastard) that maybe that advice was more prescient than I grasped at the time. I'm not suggesting that nanog should let itself become the de facto go-to resource for how do I change the IP address on my Ubuntu box? I'm suggesting that the exercise of trying to exhaustively enumerate everything that's in-scope and not-in-scope is never-ending and very likely to fail, and that it's better to trust that the vast majority of nanog participants are clueful, bright (and sometimes vocal) people who will react en masse when they see a problem that needs solving. But if it's going to dissolve to a scenario where I get flamed for trying to discuss something (again), I can always go hide under a rock for a while (that's the shut up portion of RS's instructions to me). I *am* discussing, not flaming. Yet. ;-) You wanna see flaming, ask me about spam. ;-) ---Rsk ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] default routes question or any way to do the rebundant
On Thu, Mar 20, 2008 at 06:20:08PM -0400, Donald Stahl wrote: Do you walk up to a master carpenter and ask him to teach you everything he knows without so much as doing a little research first? Of course not. Do you throw together a network without reading a manual and then demand that the manufacturer fix things that don't work because you didn't read the manual? Of course not. The curmudgeonly, sarcastic side of me wants to agree with this. The side that remembers George Goble explaining to me what an inode is as I was struggling to understand research Unix v6 thinks that maybe we should not listen to my curmudgeonly, sarcastic side. (George is also responsible for rsk because he couldn't spell kulawiec reliably.) We don't see many of these questions on NANOG (as opposed to others lists where they're a daily occurence). I think if they're as sporadic as they appear to be, that what we saw today -- a handful of answers including pointers for further readying -- will suffice to answer the question, partially educate someone (maybe even someone who didn't asks the question) and alleviate the need to worry about it. ---Rsk ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: [Nanog-futures] blacklists getting out of hand?
On Wed, Nov 28, 2007 at 05:14:05PM -0800, Lynda wrote:
Yeah, no surprise from me. Personally, I don't much care for blacklists.
I find them a bit heavy handed, and I think they aren't effective.
Well...if I may, let me mumble about a few things. ('Cause it beats
going for a run in the sleet. ;-) )
First, nobody would go through the trouble of compiling a blacklist
if there weren't motivation for doing so. The fact that so many people
have done so (there are 500-1000 public blacklists plus an unknown but
likely very much larger number of private ones) indicates that said
motivation really does exist. See below for why.
Second, some of them are quite accurate. The Spamhaus Zen DNSBL
zone, for example, is very good, as are the zones maintained by NJABL
and DSBL, and most of the zones run by SORBS. On the other hand,
the zones run by APEWS are of poor quality. And effectiveness is
hard thing to measure globally because everyone's spam/not-spam mix
is different. I'll go so far as to say it's impossible to measure
globally, not only because it can't reduced to a single number of set
of numbers, but because part of measuring effectiveness has to
do with measuring how well it implements policy -- and policies
vary widely.
Third, use of blacklists (for blocking, as opposed to for scoring) is
one of the most resource-frugal ways to stop spam. After all: why should
I expend my bandwidth, my memory, my CPU, etc. accepting the entire body
of a mail message and then analyzing it...when it is already known
(by virtue of the connecting IP address) that it originates with
a spammer? It's not *my* problem to sort whether it's spam or not:
if it's from a spammer, then I don't want it, no matter what it is.
Fourth, if an IP address is emitting spam, then at least one of these
two things is true:
1. It is broken (e.g., open SMTP relay).
2. It is 0wned by spammers.
I see no reason to accept mail from broken or 0wned systems. It is
the responsibility of their caretakers to either (1) fix them or
(2) un-0wn them. Those who can't or won't do this are a menace to the
rest of the Internet. (I could say the same thing about IP addresses
emitting viruses, or participating in DoS attacks, or other abuse.
We're all responsible for making sure that everything we run is not
an operational hazard to the rest of the Internet. Or, don't build
it if you can't run it properly.)
Fifth, I suppose I have this view in part because of my views on
proper network operation. To illustrate using a header fragment
from a spam sample that arrived this morning:
Received: from adsl-67-126-134-137.dsl.irvnca.pacbell.net
(adsl-67-126-134-137.dsl.irvnca.pacbell.net [67.126.134.137])
Whose spam is that? It's Pacbell's. It came from THEIR network,
on THEIR watch, adn THEY allowed it to get out. Therefore they
have responsibility for it. (Oh, I'm not letting the owner of
the compromised system off the hook, nor am I letting the spammer
off either. They're also responsible.) But were Pacbell staff
doing their jobs properly, then I would not received this, neither
would a *lot* of other people, and thus we would not find:
*.dsl.irvnca.pacbell.net
in quite a few blacklists, because it wouldn't be necessary. But it's
there, and it's there because of the long-term incompetence and
negligence of Pacbell.
s/Pacbell/Comcast/
s/Pacbell/Verizon/
s/Pacbell/just about every other ISP/
Pacbell has no right to complain about this, of course: it's their
own fault. And Pacbell customers impacted by it need to take 100% of
their complaints solely to Pacbell, again, because it's Pacbell's fault.
To put it another way: it is everyone's job to control abuse outbound
from their operation, or supported by their operation (i.e., DNS provided
to spammers, web site hosting for spyware, etc.). Anyone who can't
do that simply isn't good enough to operate any portion of the Internet.
Of course, this isn't how things actually work. Apparently my view is
an archaic relic of .ARPA days, when allowing your network to be a
problem for others implied you will soon have your connection yanked.
So -- because nobody's going to yank Pacbell's, or Verizon's, or Comcast's
connection(s) any time soon, one of the few available methods for achieving
an equivalent result is pervasive blacklisting. To put it another
way, we can't remove them from the Internet, but we can certainly
remove the Internet from them, albeit one piece at a time.
The bottom line is that many of the problems we currently face could be
mitigated in large part by selectively blacklisting problem hosts/networks
and refusing to un-blacklist them until they're fixed. Yes, that's
draconian and inflexible, but (a) it works, because it forces the cost
of fixing the problem back on the entity responsible for it and
(b) nothing else works.
If you give people the means to hurt you, and they do it, and
