minimal information at
https://tools.usps.com/zip-code-lookup.htm?byaddress
If USPS picked up the address wrong, you can contact them via
https://faq.usps.com/s/article/What-Address-Management-Tools-Are-Available
Once USPS has it, Amazon and Google pick it up.
Regards,
Bill Herrin
--
William
On Fri, Feb 28, 2025 at 12:50 PM David Conrad wrote:
> On Feb 28, 2025, at 12:18 PM, William Herrin wrote:
> > Remember my example cat.p.dirtside.com? P.dirtside.com is a subdomain
> > of dirtside.com. It's an administrative grouping of domain names that
> > have a
they're a part of. That's what makes them a less than useful concept
for an outside observer trying to categorize a set of fully qualified
domain names (FQDNs).
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
f "com" because there's an NS record for
"dirtside.com." However, "p.dirtside.com" is NOT a delegation of
"dirtside.com" because there's no NS record. "cat.p" is simply a name
within the "dirtside.com" zone file.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
he theory behind designing cards this way
is. It does mean that the OS will boot even if the boot process must
write to succeed, but it also means that the OS has no idea that the
flash drive has failed and experiences odd random faults instead.
Regards,
Bill Herrin
--
William Herrin
b...
been demonstrated and may be demonstrably false. Such as the
situations described upthread.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
nd, but the self-appointed
security experts have stolen that choice from me.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
both violations of the use
conventions on this list.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
email from other email servers
which have been statically assigned an IP address and thus given a
real name.
Regards,
Bill errin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
S --set-mss 11
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
don't have access to it.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
s: so-called "legacy" IP addresses which were assigned by
one of the incarnations of the "InterNIC" prior to ARIN's inception in
1997 and for which the registrants have subsequently declined to sign
a contract with ARIN.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
for the
Federal government is done on their IP addresses. This won't affect
address space assigned to federal contractors.
In a nutshell, this means that the few non-military federal agencies
still operating on "legacy" IPv4 addresses will now have to officially
sign a contract
calpref
differently than the default. You may even need to find the
communities that tell your ISP's ISPs to set their localprefs
differently than their defaults. It gets complicated fast.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
> this style of problem has become quite unusual over the last several years.
Doesn't seem like it would solve the bouncy link problem.
Absent bouncy links, simply having a reasonable time out for arp and
ND will assure the router quickly finds its neighbor unreachable,
which is applied
way in any capacity. One example is IPv6. Another is CGNAT.
If you'd rather not follow those examples, stop talking about why
route optimizers mustn't be done and move the conversation to what it
would take to _safely_ do it.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
off some of those escapes.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
ed from EBGP
sessions if explicitly configured to do so.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
gorithm.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
fetime
of a house and the little blue one-inch conduits are not exceptionally
expensive.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
king about the hack which was caused by the
government's regulatory insistence on a "lawful intercept" capability,
right?
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
train
staff for it and then have enough of it in their system to keep that
staff in practice. How many _new neighborhoods_ does the cable company
wire up in your locality each year?
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
added. But I guess to each his own.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Sat, Nov 23, 2024 at 11:59 AM Noah wrote:
> On Sat, 23 Nov 2024, 22:03 William Herrin, wrote:
>> On Sat, Nov 23, 2024 at 10:52 AM Noah wrote:
>> > On Sat, 23 Nov 2024, 21:47 William Herrin, wrote:
>> >> Can either one of you explain what possible difference i
On Sat, Nov 23, 2024 at 10:52 AM Noah wrote:
> On Sat, 23 Nov 2024, 21:47 William Herrin, wrote:
>> Can either one of you explain what possible difference it makes
>> whether the rest of us consider the RIRs a business? We all agree that
>> the RIRs have no shareholders and
it. We dont take profits.
Can either one of you explain what possible difference it makes
whether the rest of us consider the RIRs a business? We all agree that
the RIRs have no shareholders and thus are not engaged in maximizing
their shareholders' value.
Regards,
Bill Herrin
--
William
this: what can go wrong, and how do we
head that off so it doesn't?
Does that answer the meta-question you wanted to explore?
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
oesn't intrinsically facilitate broad discussion of
the proffered ideas. But, as you say: that's just my opinion.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
confused you.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
sistent with its non-profit mission.
Owen is correct that in every other respect, a non-profit organization
functions like any ordinary business.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
munity input and participation the process
they've picked is, respectfully, entirely wrong. Ideas need discussion
and debate to germinate and questionnaires fail to capture answers to
questions the author didn't think to ask.
But since you asked nicely, I'll offer that feedback via the q
egacy registry and let it
operate its own governance applicable only to those legacy
registrations. Such a registry would inherently overlap the geography
of the others.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
to what *registry
services* they can and cannot offer. It's an important distinction. As
previously mentioned, there exist things like RIPE RIS and ARIN
community grants which are not registry services and should really not
be geographically limited.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
a manner that
contravenes otherwise lawful services to its customers, I refer you to
the above.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
ld get another look.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
l Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
asiest one to find.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Mon, Nov 18, 2024 at 1:07 PM Noah wrote:
> On Sun, 17 Nov 2024, 23:48 William Herrin, wrote:
>> A group of geographical monopolies who between them have total control
>> over what the essential service costs and whether anybody else can
>> perform it.
>
> That
sed cabinet sat around taking
space for years.
The solution was to unplug it. I didn't have to find them; they found me.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
total control
over what the essential service costs and whether anybody else can
perform it. It might as well be the definition of a cartel.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Sun, Nov 17, 2024 at 11:05 AM David Conrad wrote:
> On Nov 16, 2024, at 10:00 PM, William Herrin wrote:
> > It seems to me that an RIR should be expected to locate itself in a legal
> > jurisdiction where they're unlikely to be ordered to alter service that is
> >
other services on a global basis.
For example, RIPE RIS is not geographically bound and would be of
little utility if it was. Nor was the ARIN policy and actions
authorizing the release of IPv4 address space for RFC 6598
geographically bound.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
if ordered by a court with
jurisdiction. Remember: a court ordered AFRINIC to do some pretty
remarkable things in the not too distant past.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
invalid?
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
ompulsion applied to the RIR, which was Brandon's reason for
considering blockchain in the first place.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
t the result would not be a
block chain and would not have the desired characteristic of
resistance against government compulsion.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
t attempted to cut off an entire
country from address registration.
Also, please don't cross-post discussions to two lists. It's against
the rules for NANOG and I presume it's against the rules for MANRS as
well.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
_ used the other way: to recognize that a
change beyond adding "Re: " means that the thread has branched.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
ed headers to create a
properly threaded reply and you don't have them. Few will notice and
none will harangue you for starting a new thread with your first reply
but if you do it with every reply it gets really old really fast.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
nt starts to sell traffic.
Of course they can sell transit. The reason they don't is that it has
the potential to create a conflict of interest. When your customer is
also a competitor and your customer suffers an outage that's your
fault... Well, you see where this is going.
Regards,
Bi
shell which would usually be a 25-pin connector with only 9 pins
> populated.
Sure, sure, and it's also TIA-232 not RS-232. It hasn't been a
"recommended standard" since at least 1986.
Try googling for de-9 instead of db-9. The world understands the 9-pin
d-sub to be db9.
can also connect one of the newer db9 to rj45 blue cables to a
usb-c to rj45 cable using a reverse inline coupler:
https://www.amazon.com/dp/B000I97FNI
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
into one of the old RJ-45
to DB-9 dongles? If you really want it to be permanent, use superglue
and some heat-shrink tubing to make it nice and neat.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
hing they hassled me about was changing my org name from
"William Herrin" to "William Herrin, sole proprietorship."
Feel free to hit me up with your details off list. I can maybe offer
suggestions.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
lts automatically approves the requestor for the
minimum allocation. The surrounding rules make it pretty trivial to
get the next nibble up from the minimum allocation if you want it.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
sn't placed any conditions on the available network infrastructure
and connectivity except that it offer 4x 10gig fiber optic ethernet.
That's weird.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
this fixed?
In the US, I believe it's the USPS which maintains that database. They
map all the addresses to the zip plus fours.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Fri, May 17, 2024 at 6:53 PM John R. Levine wrote:
> On Fri, 17 May 2024, William Herrin wrote:
> > That said, ICANN generates the root zone including the servers
> > declared authoritative for the zone.
>
> Nope.
Verisign maintains them under contract to ICANN and NTI
On Fri, May 17, 2024 at 4:28 PM John Levine wrote:
> It appears that William Herrin said:
> >I don't understand why Cogent is allowed to operate one of the root
> >servers. Doesn't ICANN do any kind of technical background check on
> >companies when letting the con
d they're behaving
unreasonably. I don't know any of the details -this time- but
historically speaking Cogent is behaving badly -again- and you can
take that to the bank.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
#x27;s
header From address is.
The message content (including the message headers) is theoretically
not used for SPF validation. In practice, some SPF validators don't
have direct access to the SMTP session so they rely on the SMTP
session placing the envelope sender in the Return-path heade
the immediate LAN and
route a /64 to the home automation controller and retain the balance
for the next device that wants to implement an internal subnet.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
want
them.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
ssible so that you don't
have to ask for more, something the ISP may or may not grant your
class of service.
And of course RFC3531 presumes a hierarchy in your network which is
not necessarily true.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
ent you privately. Also https://ipcheck.proofpoint.com/. Whatever
they're detecting, it didn't happen last year.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
olated. Even though it
interfered with the spammer's business, the block was merited so the
preponderance of the evidence fell in favor of the service provider.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Mon, Apr 22, 2024 at 4:00 PM John Levine wrote:
> It appears that William Herrin said:
> >If you can't reach a technical POC, use the legal one. Your lawyer can
> The only response to a letter like that is "we run our network to
> serve our customers and manage it
ce points it to a web site you control
which provides enough information to get delisted. And provides you
with a test point where you can collect information about what you've
caused to be interdicted.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
achines with large numbers of CPU cores. While they can handle
100gbps, they do it by running the cores in single-thread busywait
loops that eliminate the need for interrupts from the network devices.
This generates lots of heat and consumes lots of electricity.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Sat, Mar 30, 2024 at 9:55 AM Mel Beckman wrote:
> Well, Billie goes both ways :)
Hi Mel,
Billie is usually female while Billy is usually male. Same sound,
different spelling.
Regards,
Bill (Billy in my youth) Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Sat, Mar 30, 2024 at 7:38 AM Josh Luthman
wrote:
> How do you know the poster's gender??
Howdy,
As Josh is an uncommon female name, I'm going to play the odds and say
that like Bill and I, you're male. Am I mistaken?
Regards.
Bill Herrin
--
William Herrin
b.
l
sites. If there's ever an equal routing cost from any one site to two
others, there's a non-zero risk of the failover process failing... and
you won't know it until you need it.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
the DHCP renewals would very suddenly be going to the wrong DHCP
server. Where anycast works, it works because ECMP only rarely comes
into play.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
hen they do happen tend to be
persistent, affecting all communication between that client and the
anycast IP address for an extended duration, sometimes weeks or
months.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Mon, Feb 19, 2024 at 10:31 AM Tim Howe wrote:
> On Mon, 19 Feb 2024 10:01:06 -0800
> William Herrin wrote:
> > So when the user wants to run a home server, their IPv4 options are to
> > create a TCP or UDP port forward for a single service port or perhaps
> > create a
he
bridge mode is the only "off" setting for the IPv4 firewall.
Correct?
Their IPv6 options *might* include these but also include the option
to turn the IPv6 firewall off. At which point IPv4 is still firewalled
but IPv6 is not and allows all L4 protocols, not just TCP and UDP.
Also corr
On Mon, Feb 19, 2024 at 9:23 AM Hunter Fuller wrote:
> On Mon, Feb 19, 2024 at 11:16 AM William Herrin wrote:
> > > There isn't really an advantage to using v4 NAT.
> > I disagree with that one. Limiting discussion to the original security
> > context (rather than
xternally addressable (a stateful firewall without
NAT) and internal hosts which are not. Security doesn't deal with
"most people," it deals with people savvy enough to find and exploit
the openings and errors in the software most people use.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Mon, Feb 19, 2024 at 8:08 AM Hunter Fuller wrote:
> On Mon, Feb 19, 2024 at 9:17 AM William Herrin wrote:
> > There's also the double-ISP loss scenario that causes Joe to lose all
> > global-scope IP addresses. He can overcome that by deploying ULA
> > addresses (a t
that shares mounts
and clipboard with the host.
Regards,
Bill Herrin
>
> Lee
>
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
al
address, protocol and port to external addresses and ports (the entire
internal network is addressible from outside), it has no positive
impact on security the way IPv4's address-overloaded NAT does.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Mon, Feb 19, 2024 at 5:29 AM Howard, Lee via NANOG wrote:
> In the U.S., the largest operators without IPv6 are (in order by size):
> Lumen (CenturyLink)
CenturyLink has IPv6 using 6rd. It works fine.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
have discussed NAT. They'd have referred to the comparable
contemporary technology, which was "transparent application layer
gateways." Those behaved like what we now call NAT but did the job a
different way: instead of modifying packets, they terminated the
connection and proxied it.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
v6, they're painful for
IPv4.
I especially despised the Cisco PIX/ASA line. I did use Fortinet's WAF
product for a while and it was okay. I only used it as a reverse proxy
to a web server, and then only because it was a security compliance
requirement for that project.
Regards,
Bill Herrin
On Sat, Feb 17, 2024 at 10:03 AM Michael Thomas wrote:
> On 2/16/24 5:37 PM, William Herrin wrote:
> > What is there to address? I already said that NAT's security
> > enhancement comes into play when a -mistake- is made with the network
> > configuration. You want me t
y is accidentally
unconfigured, the network becomes wide open. When NAT is accidentally
unconfigured, the network stops functioning entirely. The gate is
closed.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
wire on top of the fence. Can you secure the place without the
barbed wire? Of course. Can an intruder defeat the barbed wire? Of
course. Is it more secure -with- the barbed wire? Obviously.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
of public IP addresses. Indeed, when Gauntlet was
released, IP addresses were still available from
hostmas...@internic.net at zero cost and without any significant
documentation. And Gauntlet was expensive: folks who couldn't easily
obtain public IP addresses also couldn't afford it.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
/64
be 199.33.224.0/24, make 2602:815:600::1 be 199.33.225.1 and make
2602:815:6001::4 be 199.33.224.4, it would be the exact same example
with the exact same network security impact.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
. You want me to say it again? Okay, I've said it again.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Fri, Feb 16, 2024 at 5:22 PM Michael Thomas wrote:
> On 2/16/24 5:05 PM, William Herrin wrote:
> > Now, I make a mistake on my firewall. I insert a rule intended to
> > allow packets outbound from 2602:815:6001::4 but I fat-finger it and
> > so it allows them inbound to
s to telnet
to 192.168.55.4. What happens? The packet STILL doesn't reach my
firewall because that IP address doesn't go anywhere on the Internet.
See the difference? Accessible versus accessible and addressable. Not
addressable enhances security.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
outside in
the hands of the people inside -- so that most of the common mistakes
with firewall configuration don't cause the internal hosts to -become-
accessible.
The distinction doesn't seem that subtle to me, but a lot of folks
making statements about network security on this list do
e IPv6 available *everywhere*
> within a month.
If only a couple of large businesses would slit their throats by
refusing to service a large swath of their paying customers, IPv6
deployment would surely accelerate.
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
addresses
at the current market prices, you don't belong here. Your presence
with a /24 will collectively cost us more than you spent, just in the
first year.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
ely judge that a situation is zero-sum,
even when this is not the case. This bias promotes zero-sum fallacies,
false beliefs that situations are zero-sum. Such fallacies can cause
other false judgements and poor decisions."
https://en.wikipedia.org/wiki/Zero-sum_thinking
Regards,
Bill Herrin
ticast.
So, a rush to deploy 240/4 to RIRs is not really warranted.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
to
RIRs for general Internet use they'll want to see studies and
experiments which demonstrate that it's usable enough on the public
Internet to be usefully deployed there.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Wed, Jan 31, 2024 at 1:46 PM Warren Kumari wrote:
> On Wed, Jan 31, 2024 at 3:56 PM, William Herrin wrote:
>> On Wed, Jan 31, 2024 at 12:30 PM Warren Kumari wrote:
>> Your router won't announce 192.0.2.0/24 unless it knows a route to
>> 192.0.2.0/24 or has been c
e to 192.0.2.0/24, so it'd withdraw the
announcement for 192.0.2.0/24. This is a bad idea for obvious reasons,
so best practice was to put a low priority route to discard as a
fall-back if the ethernet port briefly lost carrier.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
1 - 100 of 1054 matches
Mail list logo
