[OCCAID] Proposal for EINTAP

[Michael Nicks]

On 01/13/05 17:24:27 -0500, Miles Nordin wrote:
>     mn> It seems perfectly normal to me, for quality control.
>     mn> If you aren't doing it, what you do you have to worry about?
> 
> You can't be serious?  ``First, they came for the jews, and I wasn't a
> jew.''  This is very frustrating for me.  Many of you seem to think
> you are somehow above ideological concerns.

Last I checked OCCAID wasn't running a death camp, Ace. Also, I am personally 
offended of the comparison of the holocaust to DNS spam; totally inappropriate 
and completely out of the scope of this discussion. 

>     mn> DNS Spam looks bad over all for the organization because it
>     mn> reflects on part of the userbase the organization is
>     mn> associated with, kiddies.
> 
>    sjc> But if you were to do the same out of address space that
>    sjc> represents OCCAID, it makes us nothing but look like bunch of
>    sjc> children.
> 
> I think concern about appearances and what other people think is a bad
> motivation, and that we should retreat from such positions.  But if
> you really do care about that, then you may also be interested to see
> what the so-called ``children'' on irc think of you, since of course
> everyone on irc is a child:
> 
> -----8<-----
> 14:42 <@souterrain> The TCAM has _nothing_ to do with the routing function, 
>                     though.
> 14:42 <@carton> right
> 14:42 <@carton> well.  no.
> 14:42 <@carton> but, in this case it is bullshit
> 14:43 <@souterrain> TCAM == Layer 2.
> 14:43 <@carton> and like, linksys don't even hav eeanyt
> 14:43 <@carton> no CAM layer 2, TCAM layer 3 switching.
> 14:43 <@carton> TCAM thrashing is what occaid guys were complaining using L3 
>                 switch rather than router at the core.
> 14:43 <@carton> TCAM is too small.  so it keeps aging out entries and getting 
>                 reloaded by the router-on-a-stick or routerboard or whatver.
> 14:44 <@souterrain> I'm not convinced of the OCCAID guys' credibility after I
>                     found out about their Layer 10 shit.
> 14:46 <@souterrain> I'd really like to see what switch they were using at their
>                     core.
> 14:46 < shardy> what layer 10 shit do they have?
> 14:48 <@souterrain> IRC is childish, DNS spam...
> -----8<-----

I don't think OCCAID is looking for an IRC user base. On top of that, 
I would like to think running OCCAID isn't a popularity contest. And to
elaborate further, it looks as if someone was having an educated conversation
when someone [souterrain] stepped in and dropped some hate on OCCAID.

> Arbitrary policies like this anti-DNSspam stuff are not reasonable on
> any world-class transit network, and certainly do not enhance your
> reputation.

Last I checked this wasn't a world class transit network. I thought OCCAID
was started with the purpose of being educational and providing a place for
network operators to expirement with such things as BGP. And again, reputation
among IRC kids? :)

> I've had similar discussions in person with others at alt.coffee in
> NYC.  Although we mostly share your opinions about ``quality'' people
> on irc and have retreated to private networks and channels, I haven't
> found anyone in my circle of friends that doesn't find this DNSspam
> thing objectionable and embarassing, much less anyone who supports it.

Then I fail to see your arguement. I am becoming more and more curious
about your objections to DNS spam if no one you know supports it, as well
as yourself.

> All three of these ``children'' quoted above are older than James, one
> has children of his own, and although though professionally we
> probably have less responsibility than James does, we all maintain
> corporate networks for a living.  Your stereotyping just...makes me
> bristle.  Why do I have to say ``even has children of his own'' to
> prevent you from dismissing a quotation just because it came from an
> irc channel?  sorry---I will try to stay productive and patiently
> explain my concerns, but I'm really kind of pissed off.  I sort of
> felt like most of this stuff I'm saying was obvious.

What relevance does this have? Again, off topic.

>    sjc> OCCAID is also planning to register as a 501(c)3 non profit
>    sjc> corporation this year sometime. How do you think we can expect
>    sjc> companies and businesses to continue to donate to the project
>    sjc> when there are bunch of seven year olds
> 
> By running a quality transit network with a predictable, transparent,
> simple, and free-speech-oriented AUP that limits itself to shielding
> you from liability and ensuring the network's survival, without making
> dangerous superficial judgements about who is a quality-person
> endpoint and who is a child, or worse yet making such judgements
> behind closed doors and then codifying the Jim Crowe laws to implement
> the judgement into the policy rather than the arbitrary judgement
> itself.

You are only magnifying the situation here. Discrimination against African
Americans simply because of their race has nothing to do with this 
discussion. Yet again, as previously mentioned, off topic, and, 
inappropriate.

> Our collective is working on getting together enough money to switch
> from our $330/mo sDSL to an he.net T1, and we now have one more
> motivation to do so.  While I'd rather get service from any good ISP
> in S&D and donate any hurricane electric premium to you, were I can
> support and participate in the emergence of something I find
> interesting, I...don't think it's an understatement to say I have a
> moral problem with policies like this.  At this point I'm looking at
> commercial IPv6 not just because I want to make sure I'm free to do
> what I want, but because I'm having to deal with the stigma of being
> associated with OCCAID among my friends.

If your friends ridicule you because of your association with OCCAID maybe
you should associate with people who respect you for who you are, rather 
than ridiculing you for loose assocations with organization(s) they do not
prefer.

> I also think it is questionable even from the most cynical perspective
> to run your network pandering to the hypothetical desires of some
> nebulous business interests rather than the actual members you have
> _right now_, several of whom don't want these types of stifling and
> judgemental rules---who, even if they are not breaking the rules, have
> a problem with their *EXISTENCE*.

If you think OCCAID has "stifling and judgemental" rules, you need to 
get a clue. That is my personal statement to you. OCCAID has one of the
most unrestricted educational networks I have seen to date. Compare that 
to say, HE.net. While they are a commerical enterprise, they have been forced
to filter tcp/6667 because of constant abuse. Which would you rather see, 
anti-dns spam policies which discourage abusive users from trying to join, 
or letting abuse run so rampant that filtering at POP/backbone level would 
be the only viable solution thus causing legitimate/non-abusive users to 
suffer? I myself, opt for the policies against DNS spam.

> Your side's response, ``you can do what you want---you just have to
> get another prefix'' is kind of silly.  Of course I will feel damn
> well welcome do what I want if I leave OCCAID.  Your offer to provide
> transit for a non-OCCAID prefix is disingenuous(sp?), because unless I
> somehow get a /32 prefix, as I understand it you will not actually
> advertise it nor will anyone accept it, so you may route it to other
> OCCAID members through special configuration, but _transit_, no.

I didn't know we were playing sides. I thought we were having a discussion;
atleast the grownups were. If we were to identify sides it would be Users
not wanting dns abuse policies V. OCCAID community majority who does want
dns abuse policies to migitate abusive users. Interesting.

Of course OCCAID won't advertise your prefix if it is smaller than /32.
This is common knowledge. If you were to sit back and think of what SJC
was offering, you would understand. OCCAID would accept your /48-/64 
address space from whomever/whatever and it would be present in the
OCCAID iBGP. You would receive full bgp routes from OCCAID which would
allow you to route engineer your traffic potentially out via OCCAID. 
Since uRPF is not yet an issue with IPv6 you could send bits from say,
your HE.net /48 to OCCAID and out via their peers/transits. Of course
the return path for anyone not a downstream of AS30071 would be HE.net's 
/32 announcement.

> Thus, not only is your suggestion impractical for the endpoint and
> disingenuous in it's appearance of an offer, but it is technically
> irresponsible because it advocates adding garbage to the IPv6
> default-free zone to work around a silly DNSspam policy.  I'm now
> encouraged to register an ASN for $500, pay ARIN membership for
> another $500, and present some business plan to ARIN so that I can get
> a /32, because that is apparently what I need to do to get the freedom
> and respect that I want.

If that is what you feel is necessary to get your "freedom" to create
senseless dns PTRs, do it.
 
> IPv6 addresses are supposed to be assigned and implemented to maximize
> aggregation, not labels of network allegiance or instruments of
> content-oriented policy.
> 
>    sjc> we will act if there is illegal traffic flowing 
> 
> yes, of course.
> 
>    sjc> since that's requirement by the law.
> 
> I think you are not deputized in this way, and that you are making
> some assumptions that, albeit prudent, aren't supported by the law.
> In some cases, can't you also lose some legal protections of claiming
> to be a ``common carrier'' if you enforce too arbitrarily?  I agree
> you should act against obviously illegal traffic---I'm just saying
> your ``since'' clause is sloppy and does not match the BCP way other
> ISPs think about this issue, and your willingness to take on
> responsibilities of police, judge, jury, and executioner is dangerous.

I'm not even going to touch this. You took what he said out of context
and twisted the meaning completely.

> But although oddly analagous, it is moot, as acting as required by law
> is worlds apart from this ``DNS spam'' stuff.  At least we can all
> agree DNS spam is legal, although some of us seem to think it is
> some kind of ``network abuse'', while I do not.

Then it is just a difference of opinion, no?

>     mn> I think enough people here are against DNS abuse that the
>     mn> policy laid out here represents the best interests of the
>     mn> OCCAID community,
> 
>     mn> As previously said, if you have your own address space, feel
>     mn> free to create useless and immature DNS PTRs such as
>     mn> i.am.not.on.occaid.address.space.lols.
> 
> Michael---you sound like you are speaking for the community or trying
> to inform us all of what policy OCCAID has handed down to us.  I know
> who Scott is, but since you sound like you are attempting to end this
> debate conclusively, I must ask you to make clear, who are you?

I'm a person who has educated opinions. It seems only a very tiny
minority tend to be fighting this DNS spam issue tooth and nail.

> To sum up, what I am trying to say is, anti-irc anti-child policies
> are designed to exclude people.  I may or may not be among the people
> they are designed to exclude, but they're definitely having that
> effect.  If you think I'm childish, that i'm irresponsible, that I'm
> not interested in nor able to contribute to OCCAID, then I think you
> are wrong, and I'm also somewhat offended.  

I don't think the goal of these policies is to exclude people who 
legitimately use OCCAID. If it excludes people who are abusive, what
is the arguement?

> But you are succeeding in excluding me in a very real way, and when
> our house next meets to discuss our he.net switchover, I *guarantee*
> you this DNSspam thing will come up.  I know that you could all get
> along very well without a small, and presently basically useless,
> ``end node'' like myself, but I'm asking, what is your real intent,
> what are you really trying to foster when you say ``experiment,'' and
> are these types of policies really in place because they are effective
> at achieving your goals, or for some other less practical reason?  My
> own opinion is that they're counterproductive, dangerous to the
> network's survival and to the climate of internet free speech, and
> embarrassing.

While I honestly do not want to see you leave the OCCAID user base,
I can not tell you how to feel in regards to exclusion. This is not
a specific policy designed to exclude someone [e.g. you], but rather
it is a simplistic policy to help migitate the effects of abusive
users. To put it into simple terms, the system [OCCAID] is not out
to screw you.

Overall, I think the way you handled this was very inappropriate and 
unprofessional.

-M

-- 
Michael Nicks				     IOPort Technologies, LLC
nicksm at ioport.com			
1(913)-378-6516