Re: Legislative proposal sent to my Congressman

2016-10-03 Thread Valdis . Kletnieks
On Mon, 03 Oct 2016 18:33:38 -0700, Matthew Petach said: > If you hold the executives of the hardware manufacturer > responsible for the software running on their devices, > then the next generation of hardware from every > manufacturer is going to be hardware locked to > ONLY run their software.

Re: Legislative proposal sent to my Congressman

2016-10-03 Thread Lyndon Nerenberg
> On Oct 3, 2016, at 6:52 PM, Lyndon Nerenberg wrote: > > It's the closed software that is fscking everything up right now. A little > sunshine on the code base will go a long way towards those people not losing > their Ferrari's after all. Or coming from a more legalistic view, if they lock

Re: Legislative proposal sent to my Congressman

2016-10-03 Thread Lyndon Nerenberg
> On Oct 3, 2016, at 6:33 PM, Matthew Petach wrote: > > If you hold the executives of the hardware manufacturer > responsible for the software running on their devices, > then the next generation of hardware from every > manufacturer is going to be hardware locked to > ONLY run their software.

Re: Legislative proposal sent to my Congressman

2016-10-03 Thread Matthew Petach
On Mon, Oct 3, 2016 at 6:15 PM, Lyndon Nerenberg wrote: > [...] > > The only way to stop this sort of thing once and for all is to make it > punitively costly to the humans at the helm of the corporations selling this > crap in the first place. Under corporate law, this almost always means the

Re: Legislative proposal sent to my Congressman

2016-10-03 Thread Valdis . Kletnieks
On Mon, 03 Oct 2016 11:58:10 -0700, Stephen Satchell said: > > THEREFORE the Consumer Product Safety Commission shall require that > > the manufacturer provide a security update to the device within 30 day > > of first notice; or failing that, to issue a complete recall of the > > defective device

Re: Legislative proposal sent to my Congressman

2016-10-03 Thread Lyndon Nerenberg
> On Oct 3, 2016, at 5:39 PM, Jay R. Ashworth wrote: > > You're not familiar with CPSC mandatory recalls, are you? I'm not sure how you could make the case that a compromised DVR, e.g., directly creates a risk of physical injury to a person. Without that, I don't see how the CPSA would apply

Re: Legislative proposal sent to my Congressman

2016-10-03 Thread Peter Beckman
On Mon, 3 Oct 2016, Lyndon Nerenberg wrote: The only cure to this will be changing the law so that the directors of the companies that ship massively insecure devices like these are personally liable for all the financial loss attributed to their products. Bankrupt a few companies' board of di

Re: Legislative proposal sent to my Congressman

2016-10-03 Thread Jay R. Ashworth
- Original Message - > From: "Lyndon Nerenberg" >> But that does not remove those devices from the network. > > That ship has sailed. You're not familiar with CPSC mandatory recalls, are you? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink

Re: ARIN legacy block transfer process

2016-10-03 Thread William Herrin
On Mon, Oct 3, 2016 at 5:09 PM, John Curran wrote: > On 3 Oct 2016, at 4:06 PM, William Herrin wrote: >> ARIN asserts they've taken no action because community developed >> policy instructs them not to. That is a half-truth. The whole truth >> is that ARIN has bent over backwards to avoid testin

Re: Legislative proposal sent to my Congressman

2016-10-03 Thread Larry Sheldon
On 10/3/2016 13:58, Stephen Satchell wrote: In thinking over the last DDos involving IoT devices, I think we don't have a good technical solution to the problem. Cutting off people with defective devices they they don't understand, and have little control over, is an action that makes sense, b

Re: Legislative proposal sent to my Congressman

2016-10-03 Thread Ca By
On Monday, October 3, 2016, Lyndon Nerenberg wrote: > In thinking over the last DDos involving IoT devices, I think we don't >> have a good technical solution to the problem. Cutting off people with >> defective devices they they don't understand, and have little control over, >> is an action th

Re: Legislative proposal sent to my Congressman

2016-10-03 Thread John R. Levine
This is where device profiles could help. If enough devices register profiles with the local router, at some point the router's default could be closed, so devices with no profile can't talk to the outside. That would be nice, but a manufacturer who can't be bothered to take even the most basi

Re: Legislative proposal sent to my Congressman

2016-10-03 Thread John R. Levine
This is where device profiles could help. If enough devices register profiles with the local router, at some point the router's default could be closed, so devices with no profile can't talk to the outside. Are you thinking of MUD ( https://datatracker.ietf.org/doc/draft-ietf-opsawg-mud/) here,

Re: ARIN legacy block transfer process

2016-10-03 Thread John Curran
On 3 Oct 2016, at 4:06 PM, William Herrin wrote: > ... > 3. In it's 20-year history, ARIN has taken no actions whatsoever > against legacy address holders inconsistent with legacy address blocks > being common law property, save this: ARIN has not consistently > updated the registry to reflect a

Re: Legislative proposal sent to my Congressman

2016-10-03 Thread Lyndon Nerenberg
This is where device profiles could help. If enough devices register profiles with the local router, at some point the router's default could be closed, so devices with no profile can't talk to the outside. That would be nice, but a manufacturer who can't be bothered to take even the most basi

Re: Legislative proposal sent to my Congressman

2016-10-03 Thread Ted Hardie
On Mon, Oct 3, 2016 at 1:39 PM, John Levine wrote: > In article you write: > >> But that does not remove those devices from the network. > > > >That ship has sailed. > > This is where device profiles could help. If enough devices register > profiles with the local router, at some point the rout

Re: Legislative proposal sent to my Congressman

2016-10-03 Thread John Levine
In article you write: >> But that does not remove those devices from the network. > >That ship has sailed. This is where device profiles could help. If enough devices register profiles with the local router, at some point the router's default could be closed, so devices with no profile can't tal

Re: ARIN legacy block transfer process

2016-10-03 Thread William Herrin
On Sun, Oct 2, 2016 at 6:18 PM, John Curran wrote: > The agency with actual authority in these matters (NTIA) > subsequently issued a > statement of the the US Government’s Internet Protocol > Numbering Principles, > which noted that “the American Registry for Internet Numbers > (ARIN) is the RIR

Re: Legislative proposal sent to my Congressman

2016-10-03 Thread Lyndon Nerenberg
But that does not remove those devices from the network. That ship has sailed.

Re: Legislative proposal sent to my Congressman

2016-10-03 Thread Florian Weimer
* Lyndon Nerenberg: >> In thinking over the last DDos involving IoT devices, I think we >> don't have a good technical solution to the problem. Cutting off >> people with defective devices they they don't understand, and have >> little control over, is an action that makes sense, but hurts the >>

Re: Legislative proposal sent to my Congressman

2016-10-03 Thread Lyndon Nerenberg
In thinking over the last DDos involving IoT devices, I think we don't have a good technical solution to the problem. Cutting off people with defective devices they they don't understand, and have little control over, is an action that makes sense, but hurts the innocent. "Hey, Grandma, did yo

Legislative proposal sent to my Congressman

2016-10-03 Thread Stephen Satchell
In thinking over the last DDos involving IoT devices, I think we don't have a good technical solution to the problem. Cutting off people with defective devices they they don't understand, and have little control over, is an action that makes sense, but hurts the innocent. "Hey, Grandma, did y

Re: ARIN legacy block transfer process

2016-10-03 Thread Owen DeLong
That page is rather out of date as the RIPE policy it refers to was passed and then modified to (somewhat) restore needs basis. Owen > On Sep 30, 2016, at 10:47 AM, Enno Rey wrote: > > Hi, > > On Fri, Sep 30, 2016 at 10:26:36AM -0700, Seth Mattinen wrote: >> On 9/30/16 09:49, Bryan Fields wro

Re: ARIN legacy block transfer process

2016-10-03 Thread Jim Mercer
On Mon, Oct 03, 2016 at 08:57:01AM -0700, Randy Bush wrote: > fwiw, i did a transfer with the source in arin. i found arin's folk > very very helpful, and the process navigable, even for someone who is > administratively impaired such as i. yep, i agree. i recently was the source of a pile of tr

Re: ARIN legacy block transfer process

2016-10-03 Thread John Curran
On Oct 3, 2016, at 11:49 AM, Randy Bush wrote: >> The agency with actual authority in these matters (NTIA) > > inappropriate use of present tense Yes, Randy - excellent point. I should have included "at the time" in that sentence... Thanks! /John

Re: ARIN legacy block transfer process

2016-10-03 Thread Randy Bush
fwiw, i did a transfer with the source in arin. i found arin's folk very very helpful, and the process navigable, even for someone who is administratively impaired such as i. ignore the political positioning, plan ahead, be sure of all your options at each fork in the road, and proceed with cauti

Sling Media on list?

2016-10-03 Thread Shon Elliott
Anyone from Sling Media on NANOG? If so, can you please contact me off-list? We have a net block that you guys have incorrect information for which is causing grief for our mutual customers. Kind Regards, Shon Elliott, KK6TOO selli...@getunwired.com

Re: ARIN legacy block transfer process

2016-10-03 Thread Randy Bush
> The agency with actual authority in these matters (NTIA) inappropriate use of present tense

Re: Root Zone DNSSEC Operational Update -- ZSK length change

2016-10-03 Thread Wessels, Duane
> On Oct 1, 2016, at 11:29 AM, Mike wrote: > > On 10/01/2016 06:36 AM, Wessels, Duane wrote: >> I'm pleased to announce that this change is now complete. As of 13:34 UTC >> on October 1, 2016 the root zone has been signed and published with a >> 2048-bit ZSK. Please contact myself of Verisig

Re: ARIN legacy block transfer process

2016-10-03 Thread John Curran
On 3 Oct 2016, at 3:57 AM, Martin Hannigan mailto:hanni...@gmail.com>> wrote: ... Disclaimer: Get IPv6. Deploy it. Avoid cost. With that said… Indeed: we are likely to have a rather convoluted market supply curve for IPv4 blocks over the next decade, and those dependent on IPv4 as their primary m

Re: Any ISPs using AS852 for IP Transit?

2016-10-03 Thread Paul Stewart
To confirm AS852 and AS577 don’t charge $dayjob for prefix changes …. they both do them manually though which is a pain :( > On Sep 15, 2016, at 4:09 PM, Theodore Baschak wrote: > > I don't think this is standard across the board with Telus. > > I've also heard (rumours?) of a similar $250 pr

Re: ARIN legacy block transfer process

2016-10-03 Thread Martin Hannigan
On Sun, Oct 2, 2016 at 10:56 PM, John Curran wrote: > On 30 Sep 2016, at 12:49 PM, Bryan Fields wrote: >> [ clip ] > >> I'm thinking of referring both parties to an experienced broker as well. > > That certainly works - there is a list of several brokers available here >