Re: Bottlenecks and link upgrades
On Wed, 12 Aug 2020, Hank Nussbacher wrote: At what point do commercial ISPs upgrade links in their backbone as well as peering and transit links that are congested? At 80% capacity? 90%? 95%? Thanks, Hank Caveat: The views expressed above are solely my own and do not express the views or opinions of my employer Why upgrade when you can legislate the problem instead. Charter tries to convince FCC that broadband customers want data caps. https://arstechnica.com/tech-policy/2020/08/charter-tries-to-convince-fcc-that-broadband-customers-want-data-caps/ Ted
Re: Comcast outages continue even in areas with PG&E power restored
On Fri, 11 Oct 2019, Michael Thomas wrote: On 10/11/19 4:31 PM, Sean Donelan wrote: The FCC asked a half-dozen carriers about their network resilience plans last month. Comcast was not one of the service providers askedd about their plans. The FCC should have looked closer at Comcast in California. While it was expected many people would loose home Internet, voice, video service when their Customer Premise Equipment lost power. The FCC no longer requires battery backup for CPE. That is now a customer responsibility. It turns out, Comcast's outside plant was woefully unprepared to handle long, i.e. 24 hour, power outages. And even when power is restored to people's homes, Comcast service is often still down. So I knew that telcos are required to battery backup pots, but are isp's too? I have a dinky little provider who also provides pots, but i have never been clear whether dsl stays up too in a blackout. Mike First of all DSL is not pots. Traditional voice services run on a subscriber loop which is a pair of copper lines running from the central office to the customer end point. This analog voice service is almost always backed up with a bank of batteries so that the service continues to run in the event of an emergency. DSL is a data service that runs on the subscriber loop at the same time as the voice service. This service is not required to be battery backed and will invariably stop working when power is cut at the customer end point. Ted
Re: U.S. test of national alerts on Oct. 4 at 2:20pm EDT (1820 UTC)
On Wed, 4 Oct 2023, Chris Adams wrote: Once upon a time, Grant Taylor said: Is this by chance a Specific Area Message Encoding (S.A.M.E.) filtering / lack of data issue? At least in my radio, I can't disable certain classes of things (the high and immediate impact warnings like tornado). I would expect the Presidential Alert class to be the same, if it exists. Can anyone corroborate NOAA weather radios not alerting? My weather radio went off for the regular weekly test a couple of hours before the national alert test, and did not go off for the national alert. -- Chris Adams Fema's press release goes into details. https://www.fema.gov/press-release/20230803/fema-and-fcc-plan-nationwide-emergency-alert-test-oct-4-2023 Ted
Re: Tools for teaching users online safety
On Mon, 25 Oct 2010, Alex Thurlow wrote: I'm trying to find out if there are currently any resources available for teaching people how to be safe online. As in, how to not get a virus, how to pick out phishing emails, how to recognize scams. I'm sure everyone on this list knows these things, but a lot of end users don't. I'm trying to find a way to teach these things to people who aren't too technically savvy. It seems to me that the fewer end users that have issues, the easier our lives will be. So what I'm trying to figure out is, is there a good site or set of sites for this stuff, or is there anyone out there interested in helping to build a unified list of instructions, videos, etc. for all this? Whatever instructional plan you put together make certain it includes instructions on applying security patches and keeping your system up to date. Probably the best thing most users can do to keep their systems clean. Ted Hatfield
Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability
On Tue, 1 Apr 2014, Brandon Butterworth wrote: The Cisco PSIRT has been sending IOS Security Advisories to the NANOG mailing list for well over a decade Thank you, much appreciated Given that there are a number of forums that more directly address either Cisco-specific issues or are specific to vulnerability announcements, we?re happy to discontinue sending to the NANOG list directly. They are lost in the noise of some endless threads Cisco maintains a mailing list and RSS feed to which we send our Security Advisories NANOG having a filtered feed of ISP backbone risk level advisorises seems fair brandon One of the reasons I subscribe to the NANOG list is to get these security advisories. I can always subscribe to another security list if necessary but I would would hope that CISCO would continue to send these notices, even if they are in a digest format. Ted Hatfield
Re: Yahoo DMARC breakage
On Wed, 9 Apr 2014, valdis.kletni...@vt.edu wrote: On Wed, 09 Apr 2014 17:15:59 -0400, William Herrin said: Meh. This just means list software will have to rewrite the From header to "From: John Levine " and rely on the Reply-To header for anybody who wants to send a message back to the originator. Maybe this is a good thing - we can stop getting all the "sorry I'm out of the office" emails when posting to a list. The sort of programmer that writes out-of-mind software that doesn't employ the long well-known heuristics for detecting mailing lists (starting with checking Return-Path: for "owner-" and similar) will also likely disregard the Reply-To: header. This Is Not A Good Thing. According to the DMARC FAQ at http://dmarc.org/faq.html Q: I operate a mailing list and I want to interoperate with DMARC, what should I do? DMARC introduces the concept of aligned identifiers. It means the domain in the from header must match the d= in the DKIM signature and the domain in the mail from envelope. 1: operate as a strict forwarder, where the message is not changed and the validity of the DKIM signature is preserved 2: introduce an "Original Authentication Results" header to indicate you have performed the authentication and you are validating it 3: take ownership of the email, by removing the DKIM signature and putting your own as well as changing the from header in the email to contain an email address within your mailing list domain. Option 1 is out of the question. Option 3 is what a lot of people are starting to do. Can anybody tell me what exactly option 2 is. What exactly is an "Original Authentication Results" header? I'm already doing my own research but if someone can give a concise answer as to what it is that would be appreciated. Ted Hatfield
ProofPoint admin
If there is a proofpoint email admin available please contact me off list. Thanks, Ted Hatfield PrismNet Ltd.
Re: WW: Colo Vending Machine
On Thu, 1 Mar 2012, Dale Shaw wrote: Hi Jon, On Tue, Feb 21, 2012 at 2:34 AM, Jon Lewis wrote: Speaking of that sort of thing, I'd really LOVE if there were a device about the size of a netbook that could be hooked up to otherwise headless machines in colos that would give you keyboard, video & mouse. i.e. a folding netbook shaped VGA monitor with USB keyboard and touchpad. I know there are folding rackmount versions of this (i.e. from Dell), but I want something far more portable. Twice in the past month, I'd had to drive 100+ miles to a remote colo and took a full size flat panel monitor and keyboard with me. Has anyone actually built this yet? What about something like this? http://www.comsol.com.au/SL-PCC-01 cheers, Dale Or something like this: http://www.amazon.com/StarTech-Console-Portable-Adapter-NOTECONS01/dp/B002CLKFTQ/ Ted Hatfield
Re: Mail best practices?
What's your greet pause set to? Ted On Tue, 3 Sep 2013, Deepak Jain wrote: Without going to a dedicated list for something like this, I'm looking for a common sense approach. Sep 3 17:55:20 XXX sendmail[155]: r83Lse37000155: rejecting commands from outmail016.ash2.facebook.com [66.220.155.150] due to pre-greeting traffic Sep 3 17:55:22 XXX sendmail[156]: r83Lsg6N000156: rejecting commands from outmail015.ash2.facebook.com [66.220.155.149] due to pre-greeting traffic Isn't this sort of thing supposed to be frowned upon still? I am not trying to name & shame here, but I figured this is a pretty big/respectable email sender. Thoughts for balancing sensible network spam management with sensible best practices that affect lots of users? Thanks in advance, Deepak
