>>>>> "a" == alex <alex@xxx> writes:
a> If you are still interested, I'm on good terms with james, and
a> can probably get it hooked up again or something.
sure. I dunno though, he really dislikes me.
He will also say, ``use SixXS''. The reason I can't use SixXS is that
they forbid both irc servers and non-irc shell servers, that they have
a pattern of cutting people off without warning, and that I'm not sure
they have a working POP in NYC metro area (maybe just a ``planned''
one or something? it is hard to tell without jumping through the 10
easy hoops.).
I'd be happy to make subtunnels to your customers also. I was already
giving 2 or 3 people a /56.
a> I think all of that above are signs of trying to keep the
a> children away personally.
I think a better way would be to insist they use BGP.
I understand the policies are related to ``irc children,'' but I think
when you look at what SixXS is actually doing and its effect compared
to other (demonstrably working) approaches at he, freenet6, xs26, it's
more about demonstrating their hatred for the ``children'' than for
practical reasons.
I also think they're pretty childish themselves, though maybe I
shouldn't talk when I'm being so absolutist. And anyway, I think it's
all an unfortunate consequence of this blame-the-victim DDoS attitude.
If you want to hate someone, hate the DDoSers themselves, or at least
hate the customers whose neglected machines end up in botnets, and the
ISP's who know it but don't care because the traffic of a single bot
is no problem to them. It never seemed right to me to hate the guy
being DDoSed. It didn't seem right to me even if he was being
thoroughly obnoxious on irc, though honestly it seems usually the guy
is just standing up for himself or refusing to kneel to the
lord-of-the-flies. I think as Americans we have a right to be
thoroughly obnoxious on irc and risk nothing more than getting
ourselves or maybe our whole shellhost or even whole netblock banned
or KLINEd. DDoS is not an acceptable third penalty. It seems like
the sort of thing that would happen in China. Some guy gets beat up
by a bunch of corrupt cops bought off by $RICHGUY, and ordinary people
start hurling stones at him, too, and refusing to talk to him or his
family, and saying that he was ``asking for it'' by speaking his mind.
It's backwards and frankly unamerican.
Better yet, don't hate anyone. Work on some way to fix it. If some
markedroid changes his mind, and over a couple months there's some
kind of upstream-bandwidth-bidding-war, residential upstreams will
stop being so asymmetrically thin, and this DDoS thing is going to be
a true disaster instead of a slow-motion disaster. I think we are on
the brink of a world where this blame-the-victim attitude isn't just
morally wrong, but also totally ineffective. I don't know if I should
wish it to happen soon, or to not happen. But we need some efficient
way to block traffic---one that works slightly differently than
spam-blacklists so it can be safely left unattended without getting
used politically. And some scheme to incent the Level3's and Comcasts
of the Internet to do uRPF.
a> Its a free service. If you want no restrictions, pay for
a> proper v6 transit. :)
just tell me where to sign.
James is ``apolitical'', and his v6 transit for his colo customer Seth
Hardy was down more often than my free tunnel, so I'm not paying him
for a colo. Seth had billing problems, too.
The OCCAID tunnel stayed up well, though. I guess I'd pay him for
that tunnel iff it was as reliable as before, and iff he delivered it
with an acceptable AUP which definitely wouldn't include DNS spam
rules.
he.net does not colocate in NYC---they are many ms away. Before I
signed on with you, I spent months trying to make a special deal with
them. They wanted $40/mo for power and 1U in NYIIX plus $200/mo for
an Ethernet port capped at 1.5Mbit/s. I had the first layer of papers
signed and faxed and everything, then there was some gotchya. now the
deal is long forgotten.
After losing OCCAID I honestly thought of trying to move my T1 and
hurricane. But, (1) their sales guy wasted literally months of my
time with his confusion and late replies last time I tried to get that
half-finished package. It'd take more months just to explain my way
back to where I was. and, (2) they want me to terminate the T1 myself
which means I have to get a Sangoma card, which (2a) is not
well-supported and un-bitrotted on FreeBSD/sparc64 and (2b) means I
can't use a PCI NIC any more, and FreeBSD doesn't do interrupt
mitigation or device polling on my built-in GEM/ERI interfaces. and
(3) I think they might be not very good. :)
a> Why are you so in love with irc? ;)
well first of all I honestly don't use it just for irc. The web/mail
server is v6-accessible. All the LAN windows and linux desktop boxes
and the free wireless connect to the outside world with static v6
addresses. I had as many people ssh-ing to my shellhost from CCC
Berlin and CCC Cologne as I did connecting to the irc server if not
more. but as for irc...
1. you stop first!
2. i'm in love with the Internet, which means no port blocking
goddamnit.
3. i like having users and other sysadmins around who use the Internet
in the old Unix way, which is built around text and language, and
things that run quietly far away for months at a time. I am
probably paying ~$100/mo in electricity for people I am giving free
colos. many of *these* people like irc, and I don't want to
disappoint them or pass on fascist condescending restrictions to
them that undermine the Internet idea that I love.
4. sometimes the hobbyist projects I like to do involve adding network
gizmos, like v6 or tinc-vpn or fake-DNS-for-rfc1918 or whatever, and
irc is one of the neatest ways to test it and say ``look, it
works!''
5. irc is a challenge because its users complain about extremely small
outages or QoS problems.
a> irc is a waste of time at best, and ddos target at worst...
1. you stop first. :)
2. almost 2yrs and no ddos yet. We are lucky I guess.
a> I see, you want both A and AAAA. I guess that make
a> sense. Yeah, I googled a bit and I dont see registrar that
a> supports v6 either.
oh wait, it's ok with me if there isn't AAAA in my ivy.net glue from
Gandi. Maybe I shouldn't have said ``glue''. I just meant, if you
turn on v6 you better make sure it works well, because if not DNS will
get flakey since some of the root servers and in-addr servers are
already giving AAAA to themselves. They're still not giving it to the
user domains one level up, but a.gtld-servers.net has an AAAA record
for itself.
a> If there's customer demand, I can probably sell v6 transit...
please do! by now maybe I am not the only one.
me> I'll pay you $50
a> Eh, that doesn't quite bump it in the priorities list,
heh, no kidding.
if I can soon get v6 back somehow (from Robin, from a special deal
with he.net, from James, from SixxS, something), I could offer to
maintain tunnels for your customers. I mean you could just refer them
to me. Usually the traffic is so small I wouldn't mind paying for it
(though I might want to avoid paying twice, for intra-pilosoft
traffic). By the time traffic gets large enough I can't afford it,
it's probably also large enough to be a higher priority for you.
Attachment:
pgpOLDrvty9Fd.pgp
Description: PGP signature