On 01/09/2011 10:09, John Curran wrote:
On Jan 9, 2011, at 2:09 AM, Jeff Wheeler wrote:
In terms of database size, excluding RIPE, the ARIN IRR is the 8th
largest, ahead of ALTDB and about 10% as large as Level3, the second
largest IRR database (except RIPE.) A mass-corruption of the ARIN IRR
overnight might be a serious incident causing service impact to a
large number of users and businesses, and cause probably thousands of
people to be got out of bed in the middle of the night, but clearly it
would not be a total disaster.
Jeff -
Please suggest your preferred means of IRR authentication to the ARIN
suggestion process:<https://www.arin.net/participate/acsp/index.html>
Alternatively, point to a best practice document from the operator
community for what should be done here. ARIN's work plan is very much
driven by community input, so that's what is needed here.
John,
I get what motivates this response, and am even guilty of having
provided similar responses. So I'm not going to glom onto the criticism
of this as a response _per se_. However, there is a line beyond which
some things cross which takes them out of the realm of, "Show me you
care about this issue by reporting it in triplicate" and into the
category of "This is bad on its face and I need to use my internal
channels to get people an answer ASAP." To me (speaking as someone with
absolutely no dog in this hunt) the issue of "The only authentication
method available for the ARIN IRR is mail-from" clearly falls into the
latter category. My reading of the reaction here is incredulity that
this was not your immediate response, and (once again without trying to
glom on) this is a reaction that I share.
Now it seems that you acknowledged that further on in this thread, but
just for fun I decided to try your suggestions-suggestion. I went to the
site, it requires a login. Well, ok, I think having a method for "I
don't want to track this I just want to throw it over the wall in case
someone cares" might be valuable, but everyone wants a login nowadays,
so fine. I attempt to click the "new user?" link, and at some point I
realize that the site requires cookies for login stuff. Ok, another
necessary evil. So I enter my desired information, and click continue,
and get bounced right back to to the original page. I figure my
registration was successful and attempt to log in. That fails. I click
the "assistance" link and enter the e-mail address I used to register,
it's not registered. So I go back to the registration form, enter my
information again, and hit Continue. This time I got an error message,
user names must be at least 6 characters. Um .... ok. So I think of
another username, click Continue, and get a new error:
The e-mail address you entered appears to be a role account. Please
enter an e-mail address that contains your name or initials. Note that
ARIN Web account information will not be published in ARIN's Whois. If
the e-mail address you entered is not a role account, please contact the
Registration Services Department at hostmas...@arin.net or +1.703.227.0660.
I create e-mail addresses of the form <blah>@dougbarton.us for all the
sites that I register on to track whether or not they use my e-mail
address for nefarious purposes. So yes, "a...@dougbarton.us" looks like
a role account, but it's not. So I'll bite, I'll call the number and
talk to them. Ooops! I called at 4:01 pm PST, and y'all had closed up
shop 1 minute earlier. (Yes, I realize that the ARIN office is on the
East Coast, don't care. My working day is still going on for hours more.
Must really suck for ops in HI.)
Now admittedly my method of working on line is different from the
average Internet user, although arguably not _that_ different from a lot
of the people in your custo^Wmember demographic. So one could make the
argument that in its current form the suggestions page actually serves
as a barrier to entry, rather than an effective communications channel.
But soldiering on, I put in my "regular" e-mail address, and hit
Continue again. It once again bounced me back to the main page, but once
again, I was not actually registered. So, I started the whole
registration process all over again, and this time it succeeded. So now...
You must accept the Terms of Service Agreement in order to proceed.
Hmm.. well, 79 very long lines of text, no way to download the document
for my lawyers to review, and most of it applies to people managing
information related to services. But what the heck, I'll give it a go.
So now I have to create a web profile. First/Last, Company, and full
postal address are all mandatory fields. Ok, all done with that, now I
actually have a web account. *phew* Wait, what was I going to do with
it again? Oh yes, I was going to submit a suggestion .... um .... where
is the link for suggestions? At the top of the page I have Number
Resources, Participate, Policies, Fees & Invoices, Knowledge, About Us.
Most of those don't apply to me, so let's see, on the left side we have
Message Center, Web Account, POC Records, Organization Data, Manage
Resources, Track Tickets, Listing Service, Downloads, Ask ARIN ...
neither I nor Firefox can find "suggestions" anywhere on that page. I
could of course use the "Ask ARIN" link which brings up a
reasonable-looking form to send my suggestion in the form of a question,
so I suppose that'll work.
Now in case anyone is still reading this message, my point is _not_
"ARIN SUCKS!" My point is simply that saying, "All you have to do is
...." doesn't always cut it, and as I said (way, way) above there _is_ a
line where it really is incumbent on the operator community to get
involved in the process on your turf. Hopefully though you'll take this
thread as feedback from the operator community that where you have (at
least up until recently) believed that line to be is not appropriate, or
even realistic.
best regards,
Doug
--
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
