Re: [EXTERNAL] DNS filtering in practice, Re: Charter DNS servers returning malware filtered IP addresses

On 10/28/23 3:13 AM, John Levine wrote: It appears that Michael Thomas said: If you're one of the small minority of retail users that knows enough about the technology to pick your own resolver, go ahead. But it's a reasonable default to keep malware out of Grandma's iPad.

Appropriate venue to find out about the state of art of spear phishing defense?

I know this is only tangentially relevant to nanog, but I'm curious if anybody knows where I can ask what orgs do to combat spear phishing? Spear phishing doesn't require that you deploy DMARC since you can know your own policy even if you aren't comfortable publishing it to the world. tia,

Re: Appropriate venue to find out about the state of art of spear phishing defense?

On 11/13/23 12:29 PM, Mel Beckman wrote: We use KnowBe4.com's user training. That's really the only way you can fight this, since its a human problem, not a technical one. These guys provide fully automated, AI based (well, who knows what that means) simulated phishing attacks, largely to give

Re: IPv6? Re: Where to Use 240/4 Re: 202401100645.AYC Re: IPv4 address block

On 1/12/24 8:45 AM, Owen DeLong via NANOG wrote: Frankly, I care less. No matter how you use whatever IPv4 space you attempt to cajole into whatever new form of degraded service, the simple fact remains. IPv4 is a degraded technology that only continues to get worse over time. NAT was bad. CG

Re: IPv6? Re: Where to Use 240/4 Re: 202401100645.AYC Re: IPv4 address block

On 1/12/24 11:54 AM, Darrel Lewis wrote: On Jan 12, 2024, at 11:47 AM, Seth David Schoen wrote: Michael Thomas writes: I wonder if the right thing to do is to create a standards track RFC that makes the experimental space officially an add on to rfc 1918. If it works for you, great, if

Re: IPv6 Traffic Re: IPv6? Re: Where to Use 240/4 Re: 202401100645.AYC Re: IPv4 address block

On 1/15/24 12:56 AM, jordi.palet--- via NANOG wrote: No, I’m not saying that. I’m saying "in actual deployments", which doesn’t mean that everyone is deploying, we are missing many ISPs, we are missing many enterprises. I don't think what's going on internally with enterprise needs to change

Re: IPv6 Traffic Re: IPv6? Re: Where to Use 240/4 Re: 202401100645.AYC Re: IPv4 address block

On 1/15/24 12:26 AM, Saku Ytti wrote: On Mon, 15 Jan 2024 at 10:05, jordi.palet--- via NANOG wrote: In actual customer deployments I see the same levels, even up to 85% of IPv6 traffic. It basically depends on the usage of the caches and the % of residential vs corporate customers. You th

Re: IPv6 Traffic Re: IPv6? Re: Where to Use 240/4 Re: 202401100645.AYC Re: IPv4 address block

On 1/15/24 11:02 PM, Saku Ytti wrote: On Mon, 15 Jan 2024 at 21:08, Michael Thomas wrote: An ipv4 free network would be nice, but is hardly needed. There will always be a long tail of ipv4 and so what? You deal with it at your I mean Internet free DFZ, so that everyone is not forced to

Re: IPv6 uptake (was: The Reg does 240/4)

On 2/16/24 3:01 PM, William Herrin wrote: On Fri, Feb 16, 2024 at 2:19 PM Jay R. Ashworth wrote: From: "Justin Streiner" 4. Getting people to unlearn the "NAT=Security" mindset that we were forced to accept in the v4 world. NAT doesn't "equal" security. But it is certainly a *component* of

Re: IPv6 uptake (was: The Reg does 240/4)

On 2/16/24 5:05 PM, William Herrin wrote: On Fri, Feb 16, 2024 at 3:13 PM Michael Thomas wrote: If you know which subnets need to be NAT'd don't you also know which ones shouldn't exposed to incoming connections (or conversely, which should be permitted)? It seems to me that a

Re: IPv6 uptake (was: The Reg does 240/4)

On 2/16/24 5:30 PM, William Herrin wrote: On Fri, Feb 16, 2024 at 5:22 PM Michael Thomas wrote: On 2/16/24 5:05 PM, William Herrin wrote: Now, I make a mistake on my firewall. I insert a rule intended to allow packets outbound from 2602:815:6001::4 but I fat-finger it and so it allows them

Re: IPv6 uptake (was: The Reg does 240/4)

On 2/16/24 5:37 PM, William Herrin wrote: On Fri, Feb 16, 2024 at 5:33 PM Michael Thomas wrote: So you're not going to address that this is a management plain problem. Hi Mike, What is there to address? I already said that NAT's security enhancement comes into play when a -mistak

Re: IPv6 uptake (was: The Reg does 240/4)

On 2/16/24 6:33 PM, William Herrin wrote: On Fri, Feb 16, 2024 at 6:10 PM Ryan Hamel wrote: Depending on where that rule is placed within your ACL, yes that can happen with *ANY* address family. Hi Ryan, Correct. The examples illustrated a difference between a firewall implementing address

Re: IPv6 uptake

On 2/17/24 10:26 AM, Owen DeLong via NANOG wrote: On Feb 16, 2024, at 14:20, Jay R. Ashworth wrote: - Original Message - From: "Justin Streiner" 4. Getting people to unlearn the "NAT=Security" mindset that we were forced to accept in the v4 world. NAT doesn't "equal" security.

Re: The Reg does 240/4

On 2/17/24 10:19 AM, Owen DeLong via NANOG wrote: Mike, it’s true that Google used to be a lot less strict on IPv4 email than IPv6, but they want SPF and /or DKIM on everything now, so it’s mostly the same. There is less reputation data available for IPv6 and server reputation is a harder pro

Re: IPv6 mail The Reg does 240/4

On 2/17/24 2:21 PM, John Levine wrote: But what happens under the hood at major mailbox providers is maddeningly opaque so who really knows? It would be nice if MAAWG published a best practices or something like that to outline what is actually happening in live deployments. Unfortunately, spa

Re: IPv6 uptake (was: The Reg does 240/4)

On 2/17/24 11:27 AM, William Herrin wrote: On Sat, Feb 17, 2024 at 10:34 AM Michael Thomas wrote: I didn't hear about NAT until the late 90's, iirc. I've definitely not heard of Gauntlet. Then there are gaps in your knowledge. Funny, I don't recall Bellovin and Ches

Re: IPv6 uptake (was: The Reg does 240/4)

On 2/18/24 8:47 AM, Greg Skinner via NANOG wrote: On Feb 17, 2024, at 11:27 AM, William Herrin wrote: On Sat, Feb 17, 2024 at 10:34?AM Michael Thomas wrote: Funny, I don't recall Bellovin and Cheswick's Firewall book discussing NAT. And mine too, since I hadn't heard of

Re: IPv6 uptake

On 2/18/24 12:50 PM, Nick Hilliard wrote: Michael Thomas wrote on 18/02/2024 20:28: I do know that Cablelabs pretty early on -- around the time I mentioned above -- has been pushing for v6. Maybe Jason Livingood can clue us in. Getting cable operators onboard too would certainly be a good

Re: IPv6 uptake

On 2/18/24 1:10 PM, Nick Hilliard wrote: Michael Thomas wrote on 18/02/2024 20:56: That's really great to hear. Of course there is still the problem with CPE that doesn't speak v6, but that's not their fault and gives some reason to use their CPE. Already solved: cable mod

Re: Microsoft missing public DNS TXT entry for DKIM records (msn.com)

On 4/4/24 12:43 AM, Jay Acuna wrote: On Thu, Apr 4, 2024 at 1:23 AM Adam Brenner via NANOG wrote: .. It seems to me that if msn.com is going to include DKIM headers in their outgoing email, they should also publish their DKIM public key. If they are not going to publish their DKIM public key,

Re: Mailing list SPF Failure

On 5/16/24 8:11 AM, Peter Potvin via NANOG wrote: Appears there’s no SPF record at all now for nanog.org , which is not ideal… Since probably 99% of the mail from NANOG is through this list, it hardly matters since SPF will always fail. What is more important is that they r

Re: Mailing list SPF Failure

On 5/16/24 8:59 AM, Scott Q. wrote: Uhm, not really. An SPF failure is really bad even though DKIM works. It might depend what they do with DMARC but even so, there's no reason they can't just add that IP to their SPF record. SPF has from day one been known to be broken with mailing lists. It

Re: Mailing list SPF Failure

On 5/16/24 3:54 PM, William Herrin wrote: On Thu, May 16, 2024 at 12:03 PM John Levine wrote: It appears that Michael Thomas said: Since probably 99% of the mail from NANOG is through this list, it hardly matters since SPF will always fail. Sorry, but no. A mailing list puts its own

Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

On 5/16/24 4:17 PM, Brandon Martin wrote: I think the issue with their lack of effectiveness on spam calls is due to the comparatively small number of players in the PSTN (speaking of both classic TDM and modern IP voice-carrying and signaling networks) world allowing lots of regulatory cap

Re: Mailing list SPF Failure

they're broken...there's a few guys on the list here. On Thursday, 16/05/2024 at 19:17 Michael Thomas wrote: On 5/16/24 3:54 PM, William Herrin wrote: > On Thu, May 16, 2024 at 12:03 PM John Levine mailto:jo...@iecc.com>> wrote: >> It appears that Michael Th

Re: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

On 5/16/24 6:55 PM, John Levine wrote: It appears that Brandon Martin said: I think the issue with their lack of effectiveness on spam calls is due to the comparatively small number of players in the PSTN (speaking of both classic TDM and modern IP voice-carrying and signaling networks) world

Re: Mailing list SPF Failure

On 5/16/24 7:36 PM, John R. Levine wrote: I think a lot of us have nanog whitelisted or otherwise special cased. I don't and gmail is my backend. That's trivial falsification that lack of an SPF records alone will cause gmail rejects. Mike Also, it's been pumping out list mail for decad

interesting article on video encoding

not exactly this list's main focus, but i suspect that lots of people here's day job is to move these bits around as fast as possible once they are being streamed. https://www.theverge.com/2024/6/22/24171581/netflix-bet-advanced-encoding-anne-aaron Mike

Re: Current diameter of the Internet?

On 7/21/24 4:05 PM, Josh Luthman wrote: Mel, Voyager is using radio waves, which travel faster than the speed of light (in a vacuum, too!).  But my point is more Earth to outside the solar system is ~24 hours so where did circumnavigating the globe get three days of latency? ::Albert Eins

Re: Third Party VoIP Over Xfinity

On 9/10/24 1:36 PM, Mark Wiater wrote: What happens when you decrease your registration frequency? Do the phones stay registered? Have you tried TLS for the SIP transport by chance? I manage a few phones on comcast across the country and have no problems. In this day and age TLS isn't the

Re: Third Party VoIP Over Xfinity

and such. Now the RTP traffic could stay clear UDP, this was just the SIP part. -- Brandon Jackson bjack...@napshome.net On Tue, Sep 10, 2024 at 5:01 PM Michael Thomas wrote: On 9/10/24 1:36 PM, Mark Wiater wrote: What happens when you decrease your registr

Re: Third Party VoIP Over Xfinity

On 9/12/24 9:08 AM, Brandon Svec via NANOG wrote: What kinds of third party SIP are you all having so much issue with?  I manage a lot of accounts using the big, hosted providers and plenty of the endpoints sit behind Xfinity/Comcast boxes without issue. The dropping registrations just sound

Re: Third Party VoIP Over Xfinity

On 9/13/24 7:19 AM, Matt Hoppes wrote: Yes. We run lots of SIP UDP over many networks without issue.    I feel like bloat is exactly an application for using UDP? With TCP won't that cause more bloat/delay?  That being said, we generally see about 3-6 ms between end points and our PBX system

Re: Third Party VoIP Over Xfinity

On 9/14/24 9:04 AM, Brandon Martin wrote: On 9/13/24 11:20, Michael Thomas wrote: On 9/13/24 7:19 AM, Matt Hoppes wrote: Yes. We run lots of SIP UDP over many networks without issue.    I feel like bloat is exactly an application for using UDP? With TCP won't that cause more bloat/

Re: RFC 1918 network range choices

On 10/05/2017 05:14 PM, Lyndon Nerenberg wrote: On Oct 5, 2017, at 4:52 PM, Steve Feldman wrote: I have a vague recollection of parts of 192.168.0.0/16 being used as default addresses on early Sun systems. If that's actually true, it might explain that choice. 192.9.200.X rings a bell; but

Re: Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 09:24 AM, William Herrin wrote: On Wed, Nov 29, 2017 at 12:17 PM, Stephen Frost wrote: * William Herrin (b...@herrin.us) wrote: On Wed, Nov 29, 2017 at 12:03 PM, Eric Kuhnke wrote: How much weight do you put on an incoming message, in terms of adding additional score towards

Re: Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 10:03 AM, valdis.kletni...@vt.edu wrote: On Wed, 29 Nov 2017 09:32:27 -0800, Michael Thomas said: There are quite a few things you can do to get the mailing list traversal rate > 90%, iirc. Only 90% should be considered horribly broken. Anything that makes it difficult to ru

Re: Incoming SMTP in the year 2017 and absence of DKIM

e some ignorant third party's open relay), nor do they have access to the zonefile for the domain the mail server belongs to for the purpose of adding any sort of DKIM record. On Wed, Nov 29, 2017 at 10:12 AM, Michael Thomas wrote: On 11/29/2017 10:03 AM, valdis.kletni...@vt.edu wrote:

Re: Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 11:53 AM, Grant Taylor via NANOG wrote: On 11/29/2017 11:33 AM, Michael Thomas wrote: A broken DKIM signature is indistinguishable from a lack of a signature header. I'll argue that it's possible to distinguish between the two. *However* the DKIM standard states that

Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 01:11 PM, John Levine wrote: In article <1d458e76-ab61-db28-79cb-6aabcab4f...@mtcc.com> you write: I've been saying for years that it should be possible to create the concept of DKIM-friendly mailing lists. ... I suppose, if your users are OK with no subject tags, message footers,

Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 02:40 PM, Grant Taylor via NANOG wrote: On 11/29/2017 03:24 PM, Michael Thomas wrote: Message footers and subject lines can be dealt with. That's already been proven within the current DKIM spec. Please humor my ignorance and explain how a subject line (which is (over)s

Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 03:00 PM, Grant Taylor via NANOG wrote: On 11/29/2017 03:46 PM, Michael Thomas wrote: You know what the original header was via the signature. You can take the delta of the current subject line and remove any additions and validate the signature. Whether you're happy wit

Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 01:11 PM, John Levine wrote: PPS: Please spare us pontification about why ARC can't possibly work unless you're prepared to cite section numbers in the ARC spec supporting your argument. Apparently the levine unit is hearing things again because nobody -- least of all me -- has

Re: Novice sysadmins

On 12/05/2017 08:17 AM, Harald Koch wrote: Thirty years ago I started my sysadmin journey on an Internet that was filled with helpful, experienced people that were willing to share their knowledge. Twenty years ago I was one of three people running CA*net, the cross-Canada research Internet with

Re: Novice sysadmins

On 12/06/2017 09:27 AM, Seth Mattinen wrote: On 12/6/17 09:16, Nate Metheny wrote: I've always been more than willing to share knowledge and skill training with those who show interest and talent; the more qualified and interested people involved, the better, in my opinion. Making the club "ex

Re: do you use SPF TXT RRs? (RFC4408)

On 10/04/2010 09:54 AM, John Adams wrote: Without proper SPF records your mail stands little chance of making it through some of the larger providers, like gmail, if you are sending in any high volume. You should be using SPF, DK, and DKIM signing. There should really be no reason to sign with

Re: do you use SPF TXT RRs? (RFC4408)

that. It's been about 5 years since the issue of rfc4871. It might be helpful to name and shame. Mike -j On Mon, Oct 4, 2010 at 10:02 AM, Michael Thomas wrote: On 10/04/2010 09:54 AM, John Adams wrote: Without proper SPF records your mail stands little chance of making it through some of

Re: ARIN space not accepted

On 12/03/2010 02:13 PM, Jack Bates wrote: On 12/3/2010 4:09 PM, Dustin Swinford wrote: We have run into an issue with the 107.7.0.0/16 assigned to us several months ago. It appears that many sites have not yet accepted this space. I understand this is not a normal type post to NANOG, but hoped t

Re: Earthlink MX from *Earthlink* dynamic IPs blocked?

On 12/03/2010 03:22 PM, Jay Ashworth wrote: I'm trying to get my sister's MythTV DVR to send her a daily email with its recording schedule. Earthlink is apparently blocking the email because it's coming from a dynamic address -- even though that address *is an Earthlink cablemodem*. Is there an

Re: Facebook issue

On 12/16/2010 01:34 PM, andrew.wallace wrote: Anyone having issue with Facebook? Andrew Yep. Mike

Re: Facebook issue

Somebody obviously backed out the change because it's back up again. Mashable has a blurb on it. Mike On 12/16/2010 01:39 PM, John van Oppen wrote: Yep...Seeing serious issues from our office here at AS11404, we are peered directly and all looks good at the IP layer but all of us who wante

Re: spamassassin

On 02/18/2014 05:52 PM, Randy Bush wrote: in the last 3-4 days, a *massive* amount of spam is making it past spamassassin to my users and to me. see appended for example. not all has dkim. It's been a while since i've been in this world, but I wonder whether bayes filters are using the pub

Re: misunderstanding scale

[] It seems to me that the only thing that really matters in v6 wars for enterprise is whether their content side has a v6 face. Who really cares whether they migrate away from v4 so long as they make their outward facing content (eg web, etc) available over v6? That's really the key. Mike

Re: misunderstanding scale

On 03/24/2014 09:20 AM, William Herrin wrote: On Mon, Mar 24, 2014 at 3:00 AM, Karl Auer wrote: Addressable is not the same as accessible; routable is not the same as routed. Indeed. However, all successful security is about _defense in depth_. If it is inaccessible, unrouted, unroutable and u

Re: misunderstanding scale

On 3/24/14 10:08 AM, William Herrin wrote: On Mon, Mar 24, 2014 at 12:28 PM, Michael Thomas wrote: On 03/24/2014 09:20 AM, William Herrin wrote: On Mon, Mar 24, 2014 at 3:00 AM, Karl Auer wrote: Addressable is not the same as accessible; routable is not the same as routed. Indeed. However

Re: misunderstanding scale

On 3/24/14 10:37 AM, valdis.kletni...@vt.edu wrote: On Mon, 24 Mar 2014 13:13:43 -0400, William Herrin said: You'd expect folks to give up two layers of security at exactly the same time as they're absorbing a new network protocol with which they're yet unskilled? Does that make sense to you fr

Re: misunderstanding scale

On 03/24/2014 06:05 PM, Owen DeLong wrote: So ULA the printers (if you must). That doesn’t create a need for ULA on anything that talks to the internet, nor does it create a requirement to do NPT or NAT66. From a security perspective, I wouldn't trust my printer to not number itself with a

Re: Fwd: Serious bug in ubiquitous OpenSSL library: "Heartbleed"

Just as a data point, I checked the servers I run and it's a good thing I didn't reflexively update them first. On Centos 6.0, the default openssl is 1.0.0 which supposedly doesn't have the vulnerability, but the ones queued up for update do. I assume that redhat will get the patched version soo

Re: Yahoo DMARC breakage

On 04/09/2014 09:54 PM, Jimmy Hess wrote: Basic functionality is seriously and utterly broken --- that DMARC doesn't have a good answer for such situations, is a major indicator of its immaturity, in the sense that it is "Too specific" a solution and cannot apply to e-mail in general. DMARC i

Re: Yahoo DMARC breakage

On 04/09/2014 06:04 PM, Miles Fidelman wrote: Especially after reading some of the discussions on the DMARC mailing list where it's clear that issues of breaking mailing lists were explicitly ignored and dismissed. There's been 10 years of ostrichism about policy and mailing lists, especial

Re: DNSSEC?

On 04/11/2014 10:45 PM, Jimmy Hess wrote: The vulnerability is related to re-used memory pages within the same process. It also does not help that OpenSSL has its own wrapper around malloc() And instead of using the standard system libraries for memory allocation, apparently uses a high-risk m

Re: DNSSEC?

On 04/12/2014 10:10 AM, Jimmy Hess wrote: On Sat, Apr 12, 2014 at 9:17 AM, Michael Thomas wrote: Malloc doesn't write over to-be allocated memory, calloc does. Using a Zero'ing newly allocated memory is not the desired behavior. The desired behavior is that a segmentation fa

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 04/13/2014 07:30 AM, Randy Bush wrote: It's quite plausible that they watch the changes in open-source projects to find bugs. They could do nice diffs and everything. the point of open source is that the community is supposed to be doing this. we failed. Versus all of the closed source b

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 04/13/2014 07:52 AM, Randy Bush wrote: the point of open source is that the community is supposed to be doing this. we failed. Versus all of the closed source bugs that nobody can know of or do anything about? for those you can blame the vendor. Or not. this one is owned by the communit

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 4/14/14 4:06 PM, Randy Bush wrote: for those you can blame the vendor. this one is owned by the community. it falls on us to try to lower the probability of a next one by actively auditing source as our civic duty. is that kind of like jury duty? if only it were more like literature, which

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 04/14/2014 05:02 PM, Nathan Angelacos wrote: On 04/14/2014 07:14 PM, Michael Thomas wrote: It's much, much worse than that. I can still read code plenty fine, but bugs can be extremely obscure, and triply so with convoluted security code where people are actively going after you to

Re: DMARC -> CERT?

On 04/16/2014 09:19 PM, Private Sender wrote: I'm sorry but is there a fundamental misunderstanding of dmarc going on in this thread? Yahoo doesn't want you to be able to send "@yahoo.com" email from anything other than THEIR servers which contain the private key that corresponds to their DKIM i

Re: DMARC -> CERT?

On 04/17/2014 08:34 AM, valdis.kletni...@vt.edu wrote: On Wed, 16 Apr 2014 21:19:18 -0700, Private Sender said: I'm sorry but is there a fundamental misunderstanding of dmarc going on in this thread? Yes, apparently mostly on the part of Yahoo apologists... There is no need to flame a compan

Re: The FCC is planning new net neutrality rules. And they could enshrine pay-for-play. - The Washington Post

On 04/27/2014 05:05 PM, Owen DeLong wrote: Beyond that, there’s a more subtle argument also going on about whether $EYEBALL_PROVIDER can provide favorable network access to $CONTENT_A and less favorable network access to $CONTENT_B as a method for encouraging subscribers to select $CONTENT_A ov

Re: Observations of an Internet Middleman (Level3)

Scott Helms wrote: Mark, Bandwidth use trends are actually increasingly asymmetical because of the popularity of OTT video. Until my other half decides to upload a video. Is it too much to ask for a bucket of bits that I can use in whichever direction happens to be needed at the moment? Mik

Re: Observations of an Internet Middleman (Level3)

Scott Helms wrote: Michael, No, its not too much to ask and any end user who has that kind of requirement can order a business service to get symmetrical service but the reality is that symmetrical service costs more and the vast majority of customers don't use the upstream capacity they have

Re: Observations of an Internet Middleman (Level3)

Mark Tinka wrote: One of the use-cases we thought about when deploying an FTTH backbone was having remote PVR's. So rather than record and save linear Tv programming on the STB, record and save it in the network. This could only be done with symmetric bandwidth. Isn't this already the cas

Re: Observations of an Internet Middleman (Level3)

Scott Helms wrote: Mike, In my experience you're not alone, just in a really tiny group. As I said I have direct eyeballs on ~500k devices and the ability to see another 10 million anytime I want and the percentage of people who cap their upstream in both of those sample groups for more than

Re: Observations of an Internet Middleman (Level3)

678) 507-5000 http://twitter.com/kscotthelms On Fri, May 16, 2014 at 4:06 PM, Michael Thomas <mailto:m...@mtcc.com>> wrote: Scott Helms wrote: Mike, In my experience you're not alone, just in a really tiny group

Re: Verizon Public Policy on Netflix

On 7/16/14, 3:57 PM, Owen DeLong wrote: On Jul 13, 2014, at 09:09 , na...@brettglass.com wrote: If Netflix continues on its current course, ALL ISPs -- not just rural ones, will eventually be forced to rebel. And it will not be pretty. I don't think so. I think the reality is that access pr

Re: Net Neutrality...

On 7/17/14, 2:15 PM, valdis.kletni...@vt.edu wrote: /me makes popcorn and waits for 4K displays to drop under US$1K and watch the network providers completely lose their shit http://www.amazon.com/Seiki-SE39UY04-39-Inch-Ultra-120Hz/dp/B00DOPGO2G $339! I use it for doing dev. It's *fabul

Re: Net Neutrality...

On 07/18/2014 11:05 AM, Rob Seastrom wrote: Michael Thomas writes: On 7/17/14, 2:15 PM, valdis.kletni...@vt.edu wrote: /me makes popcorn and waits for 4K displays to drop under US$1K and watch the network providers completely lose their shit http://www.amazon.com/Seiki-SE39UY04-39-Inch

Re: Richard Bennett, NANOG posting, and Integrity

On 7/22/14, 9:07 AM, Paul WALL wrote: Provided without comment: http://www.esquire.com/blogs/news/comcast-astroturfing-net-neutrality “The FCC’s Net neutrality rules are based on the false premise that American broadband services are sub-standard compared to those in other countries.” T

Re: unqualified domains, was ICANN to allow commercial gTLDs

On 06/19/2011 07:08 PM, Paul Vixie wrote: From: David Conrad Date: Sun, 19 Jun 2011 16:04:09 -1000 On Jun 19, 2011, at 3:24 PM, Paul Vixie wrote: i think we have to just discourage lookups of single-token names, universally. How? that's a good question. marka mentioned w

Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)

On 07/10/2011 12:45 PM, Owen DeLong wrote: While this is true, there are a couple of factors that make it more difficult than it would appear on the surface. Number one: Participating effectively in IETF is a rather time-consuming process. While a lot of engineers and developers may have IETF e

Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)

Leo Bicknell wrote: In short, make it easy for the operators to participate at the right time in the process. It will be better for everyone! Unfortunately, where you want to be inserted into the process is when everybody has said their piece 80-dozen times and are tired and just want to get

Re: IPv6 end user addressing

On 08/11/2011 11:18 AM, Owen DeLong wrote: On Aug 11, 2011, at 10:41 AM, sth...@nethelp.no wrote: And your average home user, whose WiFi network is an open network named "linksys" is going to do that how? Because the routers that come on pantries and refrigerators will probably b

Re: East Coast Earthquake 8-23-2011

On 08/23/2011 02:48 PM, Owen DeLong wrote: A 5.8 (or 5.9, I've seen conflicting numbers) really isn't likely to do all that much damage, even on the East Coast. In California, anyone who has lived here for more than 10 years probably doesn't even feel anything less than a 5, and, it takes a solid

static asymmetry

Mohacsi Janos wrote: In my opinion. Home networking (including personal clouds) have to change the brain damaged model of asymmetric tail technologies. Giving back the original peer-to-peer nature of networking the asymmetricity of the access technologies will not be tolerable in such a level (

Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

Randy Bush wrote: But Gregory is right, you cannot really trust anybody completely. Even the larger and more respectable commercial organisations will be unable to resist when they ask for dodgy certs so they can intercept something.. No, as soon as you have somebody who is not yourself in cont

Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

Randy Bush wrote: with dane, i trust whoever runs dns for citibank to identify the cert for citibank. this seems much more reasonable than other approaches, though i admit to not having dived deeply into them all. If the root DNS keys were compromised in an all DNS rooted world... unhappiness w

Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

Martin Millnert wrote: On Mon, Sep 12, 2011 at 5:09 PM, Michael Thomas wrote: And how long would it be before browsers allowed self-signed-but-ok'ed-using-dnssec-protected-cert-hashes? As previously mentioned, Chrome >= v14 already does. The perils of coming in late in a thread :) Mike

Re: Facebook insecure by design

William Allen Simpson wrote: In accord with the recent thread, "facebook spying on us?" We should also worry about other spying on us. Without some sort of rudimentary security, all that personally identifiable information is exposed on our ISP networks, over WiFi, etc. Facebook claims to be a

Re: Facebook insecure by design

William Allen Simpson wrote: On 10/2/11 12:36 PM, Jimmy Hess wrote: On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas wrote: I'm not sure why lack of TLS is considered to be problem with Facebook. The man in the middle is the other side of the connection, tls or otherwise. That's

Re: Facebook insecure by design

Jason Leschnik wrote: On Mon, Oct 3, 2011 at 4:27 AM, William Allen Simpson < william.allen.simp...@gmail.com> wrote: On 10/2/11 12:36 PM, Jimmy Hess wrote: On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas wrote: I'm not sure why lack of TLS is considered to be problem with Fa

Re: Outgoing SMTP Servers

Dave CROCKER wrote: On 10/30/2011 8:36 PM, Brian Johnson wrote: So you support filtering end-user outbound SMTP sessions as this is a means to prevent misuse of the Commons*. Correct? If it is acceptable to have the receiving SMTP server at one end of a connection do filtering -- and it is

Re: On Working Remotely

What the heck... I've been working on a project for the last three years at home and mostly by myself. It has been one of the more productive times of my life codingwise precisely because I am at home and can juggle life's responsibilities as needed all without really having one. When you go into

Re: Big day for IPv6 - 1% native penetration

On 11/26/2012 03:18 PM, Dobbins, Roland wrote: Apple and Microsoft are application developers as well as OS vendors. How much of a priority do you think IPv6 capabilities are to their application development organizations? How much of a priority do you think IPv6 capabilities are to their c

Re: Big day for IPv6 - 1% native penetration

On 11/26/2012 04:24 PM, Dobbins, Roland wrote: On Nov 27, 2012, at 6:56 AM, Michael Thomas wrote: Er, uh, huh? v6 has been available forever on the usual suspect host operating systems, and most server side apps don't need to do much to support lighting v6 support up that I can thi

Re: Big day for IPv6 - 1% native penetration

On 11/26/2012 04:38 PM, Dobbins, Roland wrote: On Nov 27, 2012, at 7:35 AM, Michael Thomas wrote: Not on the server side that I can see. It's a network problem first and foremost, and starts by having the excuse that they can't get v6 upstream from their ISP's. It's h

Re: Big day for IPv6 - 1% native penetration

On 11/27/2012 11:58 AM, Cameron Byrne wrote: On Tue, Nov 27, 2012 at 11:28 AM, mike wrote: Is this the app's fault? What are they doing wrong? Yes, it is the app's fault. They are either doing IPv4 literals or IPv4-only sockets The IPv4 literal issues is when they do "wget http://192.168

Re: Big day for IPv6 - 1% native penetration

On 11/27/2012 12:41 PM, Mark Andrews wrote: In message <50b512b6.1010...@mtcc.com>, mike writes: On 11/26/12 9:32 PM, Mikael Abrahamsson wrote: The main problem with IPv6 only is that most app developers (most programme rs totally) do not really have access to this, so no testing is being done

Re: "Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications"....

On 11/27/2012 01:07 PM, Jeroen Massar wrote: On 2012-11-27 20:21, mike wrote: This is a point that is probably more significant than is appreciated. If the app, IT, and networking ecosystem don't even have access to ipv6 to play around with, you can be guaranteed that they are going to be hesita

Re: "Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications"....

On 11/27/2012 03:44 PM, Owen DeLong wrote: I would think that a developer of corporate network-based applications that is worth his salt would be one of the people pushing the IT/Neteng group to give him the tools to do his job. If he waits until they are implementing IPv6 on corporate deskto

<    1   2   3   4   5   6   7   8   9   >