Re: About.com/NYTimes admins about?
Hey Chris, I'll reply to you off list. Thanks for the heads up. -rjb On 9/26/08 10:13 PM, "Christopher Morrow" <[EMAIL PROTECTED]> wrote: > Is there perhaps an about.com/nytimes.com admin around? I was > wondering if they perhaps knew that their loadbalancer for > www.nytimes.com is fairly broken wrt answering queries: > > (who's NS for nytimes.com) > dig NS nytimes.com +short > ns1t.nytimes.com. > nydns2.about.com. > nydns1.about.com. > > (who do they think is the NS for www.nytimes.com) > dig www.nytimes.com @ns1t.nytimes.com. NS > ;; QUESTION SECTION: > ;www.nytimes.com. IN NS > > ;; AUTHORITY SECTION: > www.nytimes.com.60 IN NS nss1.sea1.nytimes.com. > www.nytimes.com.60 IN NS nss1.lga2.nytimes.com. > > (what is the for www.nytimes.com ?? ) > dig www.nytimes.com @nss1.sea1.nytimes.com. > ;www.nytimes.com. IN > > ;; AUTHORITY SECTION: > . 360 IN NS k.root-servers.net. > . 360 IN NS l.root-servers.net. > . 360 IN NS m.root-servers.net. > . 360 IN NS a.root-servers.net. > . 360 IN NS b.root-servers.net. > . 360 IN NS c.root-servers.net. > . 360 IN NS d.root-servers.net. > . 360 IN NS e.root-servers.net. > . 360 IN NS f.root-servers.net. > . 360 IN NS g.root-servers.net. > . 360 IN NS h.root-servers.net. > . 360 IN NS i.root-servers.net. > . 360 IN NS j.root-servers.net. > > ;; ADDITIONAL SECTION: > k.root-servers.net. 360 IN A 193.0.14.129 > l.root-servers.net. 360 IN A 198.32.64.12 > m.root-servers.net. 360 IN A 202.12.27.33 > > ;; Query time: 89 msec > ;; SERVER: 170.149.172.35#53(170.149.172.35) > > > wha??? Lucy, your loadbalancer is foobar'd > > In an effort to make v6 things work a tad better in this hostile > world, could the NYTimes folks let us know what sort of LB that is? > and why it wants to not be a good Intenet Citizen?? > > -Chris >
Re: About.com/NYTimes admins about?
* Christopher Morrow: > wha??? Lucy, your loadbalancer is foobar'd To cope with this, a QNAME/QTYPE-specific lameness cache has been added to BIND (and probably other resolvers). So this is nothing new, unfortunately.
Re: breadcrumbs and collusion
Laurence F. Sheldon, Jr. wrote: > [EMAIL PROTECTED] wrote: >>> However, it makes little sense to close your gate to keep the stray >>> dogs out of your yard, if they can just come in via your neighbour's >>> gate and climb over the fences. >> >> It makes a lot of sense. Having closed your gate, and discovered >> a stray dog in your back yard, you can call the animal control >> people and they stand a good chance of catching that stray dog. > > > Like most NANAE ...eerrr...NANOG metaphors this one is broken. Well, the first draft had "junkies" rather than dogs, but I decided that would cause issues in itself. Cats might be a better analogy though, you can train a dog to know better > We are not talking about stray dogs, were are talking about bad behaviour. Indeed so. unlike a stray dog, one that gets into your yard doesn't just crap there, but all over the neighbourhood, leaving clear trails that lead back to you. > If I keep them from dealing that stuff in my parking lot I do several > things, in approximate priority order: > > My clean customers don't have to suffer any effects of the bad guys > being on my lot. surely, but they still get dog crap on their boots > The bad guys learn it is not a good place to try to deal. They don't care. as long as they can get into your community *somewhere* that is good enough, it doesn't matter to them where. > The Law knows one place they don't have to worry about. true, but the discussion wasn't regarding *not* keeping your yard clean, but was regarding warning your neighbours so *they* can keep their yard clean - and that there is a self-benefit (in that some of the dirt in your yard comes from any dogs allowed into theirs) that would make it reasonable to do so (and not unfair victimization of stray dogs) and any suggestion that the Law would trust, just because you booted out *one* set of dogs, that your yard would forever more remain clean, confuses me. Perhaps you could explain further?
Re: high latency ds3 issue on unloaded line
Anyone considered this could simply be a case of a customer ds3 provisioned into a mpls ccc/l2ckt style upstream aggregate? Ie. Ppp/hdlc in mpls. It seems best to first contact Q and ask exactly how this thing is provisioned. -Tk On 9/27/08, Frank Bulk <[EMAIL PROTECTED]> wrote: > It would be quite the poorly implemented ATM-based transport system if > DS-3's were over-provisioned. We're not talking about packet-based service, > it should be transported as traditional SONET-mapped. > > Frank > > -Original Message- > From: Ben Plimpton [mailto:[EMAIL PROTECTED] > Sent: Friday, September 26, 2008 2:35 PM > To: mike > Cc: nanog@nanog.org > Subject: Re: high latency ds3 issue on unloaded line > > We've had a similar issue with a few of our Qwest DS3's. The solution > has been 1 of the following > > 1) Qwest has over-provisioned the transit links on their atm network > that the DS3 is riding and the during peak times of the day, the > transit link becomes congested causing high latency not related to our > traffic levels. So the congestion could be appearing beyond your > local loop. > > 2) We also had an instance where qwest had an issue with the PVC on > the atm switch that we connected into that was causing > 500ms of > latency. Like you, we are in a small town served by older ATM > switches, so you might just see if they can rebuild both sides to see > if that clears it up. Sounds quacky, but after 12 hours of > troubleshooting, that was the fix. > > Ben > > On Sep 26, 2008, at 12:59 PM, John Lee wrote: > >> Mike, >> >> Your latencies which suddenly appear for several hours and then go >> away and do this on a regular basis sounds like a layer 2, facility >> switching issue. As you indicated " the problem comes on during the >> day and then lets up late in the evening" sounds like the under >> lying facility is being switched back around the "long side" of the >> SONET ring or other facility. Some carrier facilities are scheduled >> for "one path or direction" say during the day that are supposed to >> be for lower latency time periods for interactive work and then >> switch for a lower cost, higher latency path in the evening when >> computer to computer backups do not care. If you can plot the times >> the issues start and end and that these occur daily during the week >> and not on weekends etc that would be a strong indicator. >> >> John (ISDN) Lee >> >> >> From: mike [EMAIL PROTECTED] >> Sent: Friday, September 26, 2008 12:04 PM >> To: nanog@nanog.org >> Subject: high latency ds3 issue on unloaded line >> >> Hello, >> >>I have a ds3 from qwest which has daily issues with insane >> point-to-point latencies sometimes exceeding 1000ms for hours on end, >> and which suddenly disappear, and does not appear to correspond with >> actual measured link utilization (less than 20mbps most days). >> >>To make a long investigation short, the problem comes on during the >> day and then lets up late in the evening. I have tested and examined >> everything at the ip layer and no it's not high utilization, an ACL, >> router cpu or bad hardware, no line errors or other issues visible >> from >> interface or controller stats. yes I have flushed all hardware, and I >> have a 7204vxr/npe-400 with this single ds3. The only clue seems to be >> millions of 'output drops' from qwest's side. And at night I can hit >> popular ftp mirrors from a directly attached server and observe my >> interface reporting about %100 utilization combined with my users and >> customers, so yeah it really is a full line rate ds3. And historically >> Mrtg always shows around 20mbps or less utilization and it's only >> smokeping that goes off, usually in the afternoon when the point to >> point latencies between my router and qwest start heading north, and >> consistently at that. I also have another in house tool that takes 30 >> second snapshots of my ds3 interface in order to catch short bursts >> that >> would be smoothed out with mrtg's 5 minute average, but during these >> high latency times there aren't any spikes noted. And for added >> confusion (or fun!), the latency can start at any utilization level - >> I've observed it while we were pulling just 12mbps, and I have not had >> it while we were doing 34mbps, only the time of day seems to be the >> common factor. >> >>Qwest has not been able to identify the issue, only note that - >> yeah, this really is happening when there is otherwise no real load on >> the line - and I am certain we have done everything to rule out the ip >> layer. They have put in a 'request' to move me to another router, >> but I >> am not hopeful of a resolution that way as the router we're >> currently on >> doesn't appear otherwise to have the problem with any other >> subscriber. >> >>What I want to know, is it possible that the underlaying atm/sonet >> that carries my ds3 from my facility is somehow oversubscribed or >> misco
Re: rackmount managed PDUs
Here is my contribution to the PDU/UPS list, Eaton has long been in this business http://www.powerware.com/UPS/Products.asp#large -henry - Original Message From: Paul Stewart <[EMAIL PROTECTED]> To: Andrew D Kirch <[EMAIL PROTECTED]> Cc: nanog@nanog.org Sent: Thursday, September 25, 2008 9:45:53 AM Subject: RE: rackmount managed PDUs We have a lot of APC managed power bars (zero U vertical, and 19" 1U rackmount) and they work great. We SNMP manage them and access them via web - they just work, and work well for our needs. Tripplite we've had issues with over time, especially their UPS units (SNMP sucks on them). Hope this helps a bit.. Take care, Paul -Original Message- From: Andrew D Kirch [mailto:[EMAIL PROTECTED] Sent: Thursday, September 25, 2008 12:41 PM Cc: nanog@nanog.org Subject: Re: rackmount managed PDUs http://www.webpowerswitch.com/ I've used these quite a bit. Depending on the model you can get per port or per zone power management, and it sends alerts if it's not in the state it's supposed to be, and some of them can auto kickover things like routers if they suddenly cant route (might be dangerous, I don't use this one except at the CPE) Andrew Justin M. Streiner wrote: > As much as I hate to tear people away from the Intercage/Atrivo > debacle and semi-tangential rants, I'll take one for the team and do > it :) > > I have an opportunity coming up to rebuild an existing machine room > space to an extent. It's not a total gut-and-refit, but I'll at least > get to put in some new infrastructure. That said, I'd be interested > in hearing about peoples' experiences with various rackmountable > managed PDUs. > > I have some Tripp Lite PDUMH30NETs that work well and are reasonably > priced, but they have a few quirks (no RS-232 console port, web > interface seems to be a little shaky with Firefox, etc) that would > become more annoying when scaled up to several rows of new rack > footprints. I'm also open to using managed vertically mounted PDUs. > The plan is for each footprint to have "A" and B" feeds, so two > PDUMH30NETs would take up 4U per footprint, which is a bit much... > > I don't need to worry about distributing DC power - just AC. > > This site will be lights-out most of the time, so robust remote > management capabilities are a must. > > Any thoughts/insight are greatly appreciated. > > jms > "The information transmitted is intended only for the person or entity to which it is addressed and contains confidential and/or privileged material. If you received this in error, please contact the sender immediately and then destroy this transmission, including all attachments, without copying, distributing or disclosing same. Thank you."
Re: About.com/NYTimes admins about?
On Sat, Sep 27, 2008 at 3:12 AM, Robert Manning <[EMAIL PROTECTED]> wrote: > Hey Chris, I'll reply to you off list. > awesome, thanks! > Thanks for the heads up. > > -rjb > > > On 9/26/08 10:13 PM, "Christopher Morrow" <[EMAIL PROTECTED]> wrote: > >> Is there perhaps an about.com/nytimes.com admin around? I was >> wondering if they perhaps knew that their loadbalancer for >> www.nytimes.com is fairly broken wrt answering queries: >> >> (who's NS for nytimes.com) >> dig NS nytimes.com +short >> ns1t.nytimes.com. >> nydns2.about.com. >> nydns1.about.com. >> >> (who do they think is the NS for www.nytimes.com) >> dig www.nytimes.com @ns1t.nytimes.com. NS >> ;; QUESTION SECTION: >> ;www.nytimes.com. IN NS >> >> ;; AUTHORITY SECTION: >> www.nytimes.com.60 IN NS nss1.sea1.nytimes.com. >> www.nytimes.com.60 IN NS nss1.lga2.nytimes.com. >> >> (what is the for www.nytimes.com ?? ) >> dig www.nytimes.com @nss1.sea1.nytimes.com. >> ;www.nytimes.com. IN >> >> ;; AUTHORITY SECTION: >> . 360 IN NS k.root-servers.net. >> . 360 IN NS l.root-servers.net. >> . 360 IN NS m.root-servers.net. >> . 360 IN NS a.root-servers.net. >> . 360 IN NS b.root-servers.net. >> . 360 IN NS c.root-servers.net. >> . 360 IN NS d.root-servers.net. >> . 360 IN NS e.root-servers.net. >> . 360 IN NS f.root-servers.net. >> . 360 IN NS g.root-servers.net. >> . 360 IN NS h.root-servers.net. >> . 360 IN NS i.root-servers.net. >> . 360 IN NS j.root-servers.net. >> >> ;; ADDITIONAL SECTION: >> k.root-servers.net. 360 IN A 193.0.14.129 >> l.root-servers.net. 360 IN A 198.32.64.12 >> m.root-servers.net. 360 IN A 202.12.27.33 >> >> ;; Query time: 89 msec >> ;; SERVER: 170.149.172.35#53(170.149.172.35) >> >> >> wha??? Lucy, your loadbalancer is foobar'd >> >> In an effort to make v6 things work a tad better in this hostile >> world, could the NYTimes folks let us know what sort of LB that is? >> and why it wants to not be a good Intenet Citizen?? >> >> -Chris >> > > >
Re: Estonian Cyber Security Strategy document -- now available online
On Sat, 27 Sep 2008, Eliot Lear wrote: On 9/26/08 4:08 PM, Gadi Evron wrote: Hello. The Estonian cyber security strategy document is now available online. I must say once again the concept of a national cyber security stance is quite interesting. But not new. It's something a number of governments have been advocating through the ITU-D, FIRST, the CoE Convention on Cybercrime, London Action Plan, etc. Good research has been done on this as well by institutions such as ETH. And OECD. Gadi. Eliot
RE: the Intercage mess
I get the feeling, to a certain extent, that there is a certain kind of mob mentality such that since we *can* do it, and they are a little guy, that we should shut them down no matter what. So despite what seems their now honest attempts to clean up, some are bent on still shutting them down (to make an example out of them?). Not that it's not unreasonable 'punishment' for all years of abuse that was inflicted on Internet users, but if this is who "we" are, then I'm a little disappointed. Frank -Original Message- From: Paul Ferguson [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 24, 2008 9:59 PM To: William Pitcock Cc: nanog@nanog.org Subject: Re: the Intercage mess -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Sep 24, 2008 at 7:52 PM, William Pitcock <[EMAIL PROTECTED]> wrote: > On Wed, 2008-09-24 at 19:28 -0700, Paul Ferguson wrote: >> I think that _more_than_reasonable_ background research, historical >> record, etc. have met the qualifications of "civilized vernier". The >> outcry was, and is not, arbitrary. > > No, but forcing them offline now that they are taking a new approach to > handling abuse is ridiculous. > No -- I think that after 5 years of malicious activity, it was overdue. I'm sorry, but your efforts to get the last word here are in vain. Cheers, - - ferg p.s. And by the way, whether the badness has actually been purged from Atrivo/Intercage's IP address space remains to be seen -- previous similar claims have all been false. Time will tell -- may eyes are watching. -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFI2v5Oq1pz9mNUZTMRAhaHAJ46OFbpGDap70pAEHlzLwOCiJpRhgCfRgM1 4Riwi5G0vWvtZZWyYt9mgKw= =4BP6 -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
Re: Renesys Blog Article [Was: Re: the Intercage mess]
If a consensus can be reached here, we have seen a rise in this, that does raise concerns of a RIAA/MPAA type of mindset, which is detrimental vigilante Definition vigi·lante (vij′ə lan′tē, -län′-) noun 1. a member of a vigilance committee 2. any individual who acts outside of legal authority, often violently, to punish or avenge a crime, right a perceived wrong, etc. vigi·lan·tism (vij′ə lan′tiz′əm, -län′-; vij′ə lən tiz′əm) noun the lawless, violent methods, spirit, etc. of vigilantes vigilantism Related Forms vig′i·lan′·tist adjective vigilantism Usage Examples Noun used with modifier * 'Internet: But this has come under fire from many who see it as an example of 'Internet vigilantism ' that could destabilize Internet trading. Adjective modifier * self-appointed: We must, moreover, take action which is firm enough to pre-empt action by self-appointed vigilantes. = - Original Message From: Gadi Evron <[EMAIL PROTECTED]> To: Paul Ferguson <[EMAIL PROTECTED]> Cc: nanog@nanog.org; [EMAIL PROTECTED] Sent: Wednesday, September 24, 2008 6:02:21 PM Subject: Re: Renesys Blog Article [Was: Re: the Intercage mess] On Wed, 24 Sep 2008, Paul Ferguson wrote: > Just a side-note: Rensys has an interesting blog article up today on this > Atrivo/Intercage "mess": > > http://www.renesys.com/blog/2008/09/internet_vigilantism_1.shtml > > FYI, I have but one comment. There is a difference between Vigilantism as it is perceived today and Vigilantism as it is in the dictionary. It means neighborhood watch. When the Police is not around, that is something you need. "It's for the children". All in all, very nice blog post. While I feel I can not yet fully comment on the whole Atrivo / Intercage depeering movement, there is an underlying strategy to consider. I will comment at a later date. Gadi.
Re: Renesys Blog Article [Was: Re: the Intercage mess]
Henry Linneweh wrote: > If a consensus can be reached here, we have seen a rise in this, that does > raise concerns > of a RIAA/MPAA type of mindset, which is detrimental > > vigilante Definition vigi·lante (vij′ə lan′tē, -län′-) It is not vigilantism, it is the common law, rooted in ancient English history, of the "shire reeve", who we now call the "sheriff". The original duty of the shire reeve, among other things, was that he was 1 man out of every 10 households, whose duty it was to check the locks and gates of each house and barn, before himself retiring for the night. Another name for the sheriff, is the "Conservator of the Peace", which is, that on behalf of the community, he ensures that there is peace. Each of the smaller networks connected to the larger Internet, has someone whose job it is to be sure that the "locks and gates" are shut. Telling everyone to be careful of the known thief and to take precautions against him, is not slander, libel, or vigilantism. Just common sense. --Patrick
