Forgot your password?
typodupeerror

Comment: Re:Their implementation sucks. (Score 1) 146

by Burdell (#47526561) Attached to: Comcast Carrying 1Tbit/s of IPv6 Internet Traffic

I have no problem with Comcast's IPv6 setup, once I hacked a few things in OpenWRT that were wrong; not sending the requested prefix size was a big one (so I could only get a /64 initially). Also, if the link drops, when it comes back and dhcp6c tries to update radvd, radvd doesn't restart (so the RAs go away and IPv6 quits on all auto-configured systems). My link is generally stable enough that I haven't been bothered enough to track down this bug to get it fixed.

IIRC, the only time I've had my delegated prefix change was when I was working things out to get a /60 instead of a /64. After working with a Comcast engineer, it seems under normal conditions, the only reasons your prefix should change is if your MAC address changes or they switch you to a different headend (which should be rare).

Comment: Re:4.3 U (Score 1) 68

by Burdell (#47462103) Attached to: HP Claims Their Moonshot System is a 'New Style of IT' (Video)

It is probably either 7.5 inches (4.29 U) or 190 milimeters (4.27 U) tall. However, I don't know why you'd make something designed to be rack mounted that is not an integral multiple of U, unless you have something that needs cables attached to the front (in which case you still designed it poorly).

Comment: Re:Who owns them? (Score 1) 474

Ehh, Comcast's business practices tend to suck, but their technical people do a good job. I think they were the first large-scale residential provider in the US with DNSSEC and IPv6 for example.

In any case, they are already doing separate channels for separate services (I believe that's how they implement voice service for example), so this will just be turning up another channel.

Comment: Re:Who owns them? (Score 5, Insightful) 474

It is my understanding that this will be done only on Comcast-owned equipment, and using a separate logical connection (like a VLAN) from the local subscriber data. This won't affect any subscriber data cap one way or the other. If a subscriber cancels, they probably unplug the Comcast equipment (so the wifi goes down) because they are supposed to return it to Comcast (or get billed).

Comment: Not protocol vulnerabilities (Score 1) 62

by Burdell (#47190453) Attached to: IPMI Protocol Vulnerabilities Have Long Shelf Life

Bad subject alert: the protocol itself is not vulnerable (any more than any other protocol), the problems are in the implementations (and lack of on-going support for most).

I always set up IPMI on a private VLAN, with only a couple of "trusted" hosts having access. Most things can be done with the "ipmitool" command-line program, or I can port-forward port 80 for the BMCs with a web interface. There are a few web-based BMCs with crappy Java applets for remote KVM (they mangled the VNC protocol just enough so regular VNC clients won't work); for those, I either set up a minimal X desktop VM or use a VPN to the trusted host.

Comment: Re:Farmers grow your food (Score 1) 173

by Burdell (#47034989) Attached to: AT&T Buying DirecTV for $48.5 Billion

Okay, so let them make that part of the "cost of doing business", like other just about every other business has to do. Farmers also have to have fuel to operate and haul equipment, seed, fertilizer/herbicide/pesticide, and product to and from "civilization", and they manage to do that just fine without my fuel getting taxed extra to pay for their fuel. I'd argue that fuel is a lot more important to the process than cheap high-speed Internet.

Comment: Re:It's not arrogant, it's correct. (Score 5, Insightful) 466

by Burdell (#46567605) Attached to: AT&T Exec Calls Netflix "Arrogant" For Expecting Net Neutrality

Netflix pays for their bandwidth

Well, but they don't always, at least not as much as anybody else. Several times in recent years, Netflix has switched bandwidth providers to "wanna-be tier 1" networks; that is, networks that are not as well-connected as they'd like to be because they don't really meet anybody's requirements for settlement-free peering. These providers see Netflix as leverage against their bigger competitors and appear to have sold Netflix bandwidth at well market prices in order to strong-arm competitors to provide new network interconnects.

Large networks don't just peer with anybody. There are costs involved in each additional turn-up, both for hardware ports and for the management side. They also don't just peer at a single or few locations (since that can allow outsider actors to cause drastic changes in internal network bandwidth utilization); they require other large networks to peer in a bunch of different places. Some of the smaller networks can't afford to do that, and want to dump large traffic hogs like Netflix at already congested peering points, and then complain that the big guys didn't bend over backwards to help them.

I've worked for small to very-small ISPs for over 18 years, and I definately don't hold Netflix blameless in this. They do things they know will impact their customers and then blame the other networks for all problems (and they aren't the only one, just one of the biggest in recent years).

Comment: Re:Possible botnet C&C related (Score 2) 349

by Burdell (#46458751) Attached to: Crowdsourcing Confirms: Websites Inaccessible on Comcast

CNAME on the root record of a zone is not allowed. .org servers delegate 021yy.org to ns1/2.booen.com with NS records, so ns1/2.booen.com must supply an SOA and one or more NS records for 021yy.org. Instead they provide an out-of-scope SOA, valid-looking A, MX, and CNAME (which is also a bogus combination) but return NXDOMAIN for NS.

The real answer is that ns1/2.booen.com have a wildcard for * with A, MX, and CNAME records. Somehow they also respond to any SOA request with an SOA for booen.com, and have no NS records.

I still suspect a botnet C&C DNS server is running, with probably a rapidly-changing set of domains delegated to it. Comcast is probably blocking delegations to those servers, and the only real choice (that isn't a lie) for DNS responses would be SERVFAIL (in this case due to policy). NOERROR+no ANSWER records or NXDOMAIN would not really be true.

Comment: Possible botnet C&C related (Score 3, Informative) 349

by Burdell (#46457025) Attached to: Crowdsourcing Confirms: Websites Inaccessible on Comcast

The DNS for 021yy.org is rather fishy looking. The .org servers have NS records pointing to ns1.booen.com and ns2.booen.com, which have a 20 second time to live (vs. a normal 1 day TTL), which is common in botnet command & control networks. Also, the ns1/2.booen.com servers give answers to 021yy.org A lookups, but return NXDOMAIN for NS lookups (which is completely bogus; NXDOMAIN means that 021yy.org does not exist, not that it doesn't have NS records, which would still be bogus).

The NXDOMAIN for NS records would cause many caching servers to cache NXDOMAIN for all records (not just NS), which would cause the domain to not resolve (depending on the order things were looked up). Basically, I don't see this as a Comcast problem, but rather a problem with the DNS servers for 021yy.org. This may be accidental (although AFAIK no normal DNS server would reply with A records but return NXDOMAIN for NS records), but looks possibly like it is intentional and possibly part of a botnet C&C. There's a lot of that going on lately.

Comment: Re:Other options? (Score 1) 247

by Burdell (#46364173) Attached to: The Rescue Plan That Could Have Saved Space Shuttle <em>Columbia</em>

Oops, yeah, I forgot Apollo 7. They probably would have been able to survive, although it might have been rough. The biggest problem probably would have been that they would not have had much choice in where they landed (could have ended up in a location where recovery was effectively impossible or would take too long, could have hit land instead of water, etc.).

Comment: Re:Other options? (Score 1) 247

by Burdell (#46352489) Attached to: The Rescue Plan That Could Have Saved Space Shuttle <em>Columbia</em>

There are risks in spaceflight that just can't really be overcome, except in hindsight. If what happened to Apollo 13 had happened to Apollo 8, the result would have been very different. Apollo 8 had no LM that could have been used as a "lifeboat", and it is unlikely that there would have been any other way to keep the astronauts alive. There's a good chance the Apollo program would have ended if NASA had two consecutive crews killed.

However, one thing from Apollo 8 helped Apollo 13: on Apollo 8, Jim Lovell accidentally erased the flight computer's memory and had to re-figure the position from start sightings. He had to do a similar task during Apollo 13 after the computer was powered down and restarted.

Comment: Re:I don't understand (Score 1) 363

by Burdell (#45442907) Attached to: Arizona Approves Grid-Connection Fees For Solar Rooftops

Let's say you and I can both buy a shelf at Wal-Mart for $10. Now I start making shelves for myself instead, and make an exact duplicate of Wal-Mart's $10 shelf. Should my nearest Wal-Mart be required to buy my shelf for $10, transport it to your nearest Wal-Mart, and then sell it to you for $10? They have trucks already, so why should they charge me for the transportation costs?

I /suppose/ that AP might be operating at loss here if they have to pay out more per watt than it costs them to generate it themselves

That's exactly the case. If they charge residential customers $0.10/kWh, you don't think all $0.10 goes to pay for the power plant, do you? They have to transport the power from the plant to the customer's location (which has loss in the system; they have to generate more than 1 kWh to deliver 1 kWh), they have to meter how much the customers use, bill for the usage, maintain the system, etc.

Pick-up and deliver only makes sense when you get more for the delivery than you pay for the pick-up.

Overdrawn? But I still have checks left!

Working...