Forgot your password?
typodupeerror

Comment: Re:the only thing sad is router support (Score 1) 240

by marka63 (#46691833) Attached to: Dyn.com Ends Free Dynamic DNS

Then you should complain to the router vendor. Dynamic UPDATE and TSIG were
standardised over a decade ago to allow everyone to use the same protocol.
You should just be able to type in the update server's name if it isn't one of
the zone's nameservers. If it is then it shouldn't be needed.

nsupdate
server <servername>
key keyname <secret>
update delete hostname A
update add hostname 300 A 1.2.3.4
send

Comment: Re:maybe the internet should be put in space (Score 1) 223

by marka63 (#46689301) Attached to: Why There Are So Few ISP Start-Ups In the U.S.

Actually the Internet roads haven't changed much. Its been twisted pair copper (telegraph -> 110bd modems -> DSL
(last 80 years)), some coax (various stuff including various flavours of DOCIS (last 50 years), now fibre (which has
seen the frequency increase as the optics at the ends improve (last 30 years)) and a bit of wireless. What has
changed is the modulation of the data (cars) transmitted over it.

Now you can lease fibres or you can lease layer 2 access to those fibres (or do a mix). In either case you get
more speed by changing the technology at the ends (cars) not by changing the fibre (roads). There is no clear
winner over which type of lease to do.

Standardising the technology at each end is what has made the internet grow and it has made the technology
affordable for just about everyone.

Comment: Re:Stop (Score 1) 349

by marka63 (#46463765) Attached to: Crowdsourcing Confirms: Websites Inaccessible on Comcast

And you evidence for this is what? That name runs sanity checks on the function arguments then dies if it finds that the contract is not met? If system integrators did what Apple did and run named from launchd or the equivalent, which restarts named on unexpected terminations, there would be almost no advisories as the availability impact would go from complete (7.8) to partial (5.0) with even the easiest denial of service flaws and drops down still further to 4.3 or 2.6 with the more complicated ones. However the assumption is that there is nothing restarting named so a advisory with a 7.8, 7.1 or 5.4 score is issued.

Please go read the descriptions in the advisories at BIND-9-Security-Vulnerability-Matrix then ask yourself do you want software written by people who know they are human so mistakes will be made and therefor check for them or software that assumes that everything will always be correct and continues of regardless of the garbage arguments it has been given.

Comment: Re:Net Neutrality laws? (Score 1) 289

by marka63 (#46306655) Attached to: ISP Fights Causing Netflix Packet Drops

Requiring 1:1 traffic flows is a stupid way to organise peering agreements. It doesn't matter if it is 1000:1 as long as both sides are getting benefit from the peering. If you have content you want to deliver and eyeballs that want content you peer.

As for transit providers and eyeball networks. The transit providers are being paid to deliver content and the eyeball networks are being paid to deliver content. Failing to upgrade interconnects is taking monies under false pretences and that has another name "fraud".

Comment: Re:Net Neutrality was BAD. Full stop. (Score 1) 383

by marka63 (#45960179) Attached to: Federal Court Kills Net Neutrality, Says FCC Lacks Authority.

The last mile is essentially a one off cost if you are using your own infrastructure. There is the occasional repairs due to failed equipment and backhoe / tree branch fade. These costs are essentially bandwidth independent. As technology changes you have the occasional replacement of head end equipment to support new line protocols over the existing cabling. The costs of upgrading head end equipment can often be absorbed into the maintenance budget by replacing failed components with components that have newer functionality.

The trunks are a recurrent which continually need to be upgraded to meet the increasing aggregate usage of all the customers either by replacing the optics or lighting more fibres which may involve trenching. For trunks there are also transit costs.

Data centres are a bit like both. The bandwidth is essentially free but there are huge costs when you exceed the physical capacity.

Comment: Re:Email filters are NOT effective (Score 3, Insightful) 45

by marka63 (#45784547) Attached to: Whatever Happened To Sanford "Spamford" Wallace?

If you thing SPF as made a difference to the amount of spam being sent I have a bridge to sell you.

SPF was never about preventing spam. It has only ever been about preventing your email address being used as the from address in spam. It reduces the amount of blowback to your account and nothing else. The only reason SPF appears to be a effective anti-spam tool is that there is that the number of sites filtering using SPF hasn't risen to the level where the spammers need to stop using SPF protected address as the from addresses.

Another thing SPF does is cause spammers to use hijacked credentials to send spam through legitimate sources.

This shouldn't be seen as a reason to stop using SPF records. But if you think SPF will stop spam you are deluding yourself.

Comment: Re:So Would Apple (Score 1) 289

by marka63 (#45721575) Attached to: Standardized Laptop Charger Approved By IEC

It's very much dependent on the current path. Hand to foot and you have a good chance of survival. Hand to hand and your survival rate drops. Additionally whether you pick up the live object or brush the live object affects your survival rate.

Having brushed a live 240v connector with the back of my hand, and survived, I never want to do that again.

Comment: Re:orly? (Score 1) 229

by marka63 (#45614649) Attached to: Australia's $44B Broadband Network May Settle For Fiber Near the Home

Copper can carry Gbps 10s of meters. Fibre can carry multi Gbps 100s of kilometres. You use copper inside the house and fibre to the house.

Telcos use ethernet to get to your house. They use DOCIS, xDSL or even POTS. All of these have a modem of one description or a another that converts what they use to externally to something else (usually ethernet) for use within the house. Fibre still goes to a box that converts it in a similar manner to what a Cable modem (DOCIS), xDSL modem or a voice modem (POTS) does.

Comment: Visa Waiver (Score 1) 784

by marka63 (#45553463) Attached to: Disabled Woman Denied Entrance To US Due To Private Medical Records

I'm not sure about Canada but to get a Visa Wavier from Australia for the US you get asked about you mental health when filling it out. If you had attempted to commit suicide and you are still on medication for the condition, then I can't see how you can tick the no box and not be lying. I presume you would them be informed about the extra procedures you would need to complete to enter the US.

What I am trying to work out here is how she got to the border without this being flagged earlier.

Comment: Re:DNS is broke not the operators (Score 1) 170

by marka63 (#45550845) Attached to: Spamhaus Calls for Fining Operators of Insecure Servers

Firstly IP level fragmentations problems are self inflicted. IP fragments get though fine if you haven't put up a firewall to block them.
Even with fast open one needs vastly more compute power to support DNS over TCP to the equivalent level of DNS over UDP.

What does vastly more compute power mean and does it matter? Lets assume it costs 100% more CPU time and 100% more RAM per DNS query to use TCP.. who cares? The long tail of DNS servers sit idle and every server that becomes a TCP only server is a server that cannot be used for amplification.

While most do sit around idle there are still many that are busy all the time like TLD and ISP servers. Switching to TCP only will seriously increase their costs and mean additional machines to maintain the normal query loads supported over UDP. Lots of extra packets. Lots of extra state. Lots of extra sockets to manage.

cookies needs more work though as a general idea it is the way to go.

Yet for countless years it sits and **NOTHING** gets done. The only leadership I've seen in addressing this issue is futile attempt at discriminating thinking human adversaries from legitimate users (e.g. DNS RRL)

RRL discriminates caching resolver vs some classes of malware. It is only a stop gap measure.

Comment: Re:DNS is broke not the operators (Score 1) 170

by marka63 (#45544721) Attached to: Spamhaus Calls for Fining Operators of Insecure Servers

Firstly IP level fragmentations problems are self inflicted. IP fragments get though fine if you haven't put up a firewall to block them.
Even with fast open one needs vastly more compute power to support DNS over TCP to the equivalent level of DNS over UDP.

cookies needs more work though as a general idea it is the way to go.

Ingress filtering is possible to deploy and it doesn't have to be a perfect filter or require universal deployment to be helpful. Just reducing the number of machines that can send spoofed traffic or reducing the range of addresses that can be spoofed is useful. Often perfect gets is the way of good enough to be helpful.

Administration: An ingenious abstraction in politics, designed to receive the kicks and cuffs due to the premier or president. -- Ambrose Bierce

Working...