[james@towardex.com: Re: [OCCAID] Proposal for EINTAP]

Miles Nordin carton at Ivy.NET
Fri Jan 14 11:01:22 EST 2005 

>>>>> "j" == James  <james at towardex.com> writes:

     j> I am quite dissapointed that an unofficial irc channel would
     j> be taken out of context, and be used as a political bait in a
     j> public mailing list.

The content of what you said on that irc channel was very problematic,
though.  It's not that you used an off-the-record channel to speak
your mind freely or insult someone in a way you'd rather not have
widely-heard, as is the classic case with outing irc logs, for me
anyway. :)

Rather, you used it to try to kill discussion on the on-the-record
channel.  While I don't have the irc context, (1) you're welcome to
send me a larger log to post, and (2) this does match the context of
what happened on the mailing list.  I'm sorry it's embarrassing, and I
took it down.  But it is relevant, and it's hard for me to launder
your image to the public or keep the debate local when you are
sabatoging the forum by asking people privately not to speak, and then
Suresh is suggesting to me ``don't wash your dirty laundry, you
already have a forum with all the interested parties present, ...''
and what's more you're intentionally doing it in a way that it's hard
for me to figure out, so it will appear to me as if I am a wing nut,
when in fact I do have articulate support that's been asked not to
speak as a favor to you!  It's a little hand-wringing that you did it
all with good intentions, but you did do it.

If your policies are reasonable within the internet community, then I
think the readers of politech will support you, but I'm not sure how
much they matter.  If your current and prospective peers really do
agree and see politech subscribers as extremists, then the added
publicity should help you, since aside from this one issue on which
they supposedly support you, everything I said was glowingly positive.
In any case, you have an open channel to communicate with anyone whose
opinion matters to you through your web site, so I think you are in a
pretty good position.  well...except for the being tired and not
really wanting to deal with this, which does suck.  But you are also
the ones that set the schedule when you (albeit in irc), Scott, and
whoever my good buddy Michael is, declared that debate was over.

As for, why did _I_ post it, I guess I understand now why almost all
the stuff on politech starts with ``please remove my name.''

so...i'm kinda like, you guys are holding all the cards, you're
telling me i'm in a minority, you're telling me the policy is all
decided (at the time i sent in the article), but now you are like,
``oh no, politech, we'll look dumb.''  so, run your house in a way
that withstands public scrutiny!, because even when politech is gone
the public is still right here among your membership, and you will
still look dumb, unless you ask them privately not to tell you how
dumb you are, or they're too busy to tell you.


anyway, i sent the story in before i conceded and then
double-conceded, so now i'm in an awkward spot of still talking about
this after i meant to shut up about it.  But, you said, if I don't
like this policy you need more constructive ideas.

One idea is to make BGP mandatory.  Maybe if you can make ``irc
kiddies'' do some experimenting, you will still get abuse complaints
and DDoSes, but at least you don't feel ill-used.  see actually a lot
of the neatest stuff I've done is partly irc-related.  I'm running
Peter Postma's PF/ALTQ patch for NetBSD 2.0, so I can keep the irc
snappy during big file leeching or popular web page serving.  I have
traffic split into 105 different queues with HFSC.  And it works,
mostly.  Most of the popular demand for IPv6 at my site right now are
irc people trying to reach shardy's shell host.  so, irc can motivate
real experimentation.  even the DNS spam thing...my reverse-lookup
vanity motivated me to learn about A6 and bitstring labels...which
would have solved your /45 problem if DJB hadn't crusaded against
them.

;; QUESTION SECTION:
;\[x3FFE401D203A00C00000000000000001/128].ip6.arpa. IN PTR

;; ANSWER SECTION:
\[x3FFE401D203A/48].ip6.arpa. 72000 IN  DNAME   hhh.IP6.Ivy.NET.
\[x3FFE401D203A00C00000000000000001/128].ip6.arpa. 0 IN CNAME \[x00C00000000000000001/80].hhh.IP6.Ivy.NET.
\[x00C0/16].hhh.IP6.Ivy.NET. 72000 IN   DNAME   ospf-loopback.hhh.IP6.Ivy.NET.
\[x00C00000000000000001/80].hhh.IP6.Ivy.NET. 0 IN CNAME \[x0000000000000001/64].ospf-loopback.hhh.IP6.Ivy.NET.
\[x0000000000000001/64].ospf-loopback.hhh.IP6.Ivy.NET. 72000 IN PTR ezln.Ivy.NET.

But anyway, the best I've got is, if, with one member, you have a lot
of the problems you have too many of, then take down the member's
tunnel.  pow, that's it.  And write that up in the policy.  ``We don't
have an abuse department, and too many DDoS can cost us sponsors, so
whether it is your fault or not we may have to remove you, and the
most we can promise is to talk to you first.''

When I asked if it was okay to run an irc server, and you said ``well,
people hide from DDoS in IPv6 though, because they can just drop their
tunnel and keep using IPv4,'' I said, let me run it, and if you tell
me it's a problem I'll move it back to v4-only, and if that happens I
promise not to try to negotiate with you or bitch about it.

It is pedantically broader and more restrictive since it gives you
authority to drop any tunnel any time with a little warning---then no
more abuse complaints.  It makes me a participant rather than an ``end
user of the interweb.''  It gives me more power and flexibility in how
I want to deal with the problems I'm causing, rather than forcing me
to change a domain name which is transparently just trying to piss me
off, not enlisting me for help.  It includes an obligation to the
community rather than a ``disciplinary'' component or attitude.  And
for irc problems this obligation is practical, becuase if you will
just stop using IPv6 with your client or server, the DDoSes and the
abuse whiney social-engineering noise should stop.  It's very honest
about it's purpose and intent, especially compared to the Jim Crowe
policy.

It is maybe less pleasant day-to-day for you since sometimes you may
have to tell people you are taking down their tunnel, and they'll get
angry, but I think that awkwardness won't go away.  And I think mostly
you will say, ``I know it's not your fault, but you need to stop these
DDoS, or we can't keep your tunnel.''

If I were paying for an ISP, I'd never put up with that.  I'd say,
``what next, no `excessive uploading'?  fine, but i can break my 12
month contract at any time after giving you one week notice to stop
sucking and expect a pro-rated refund.''

But since I'm not getting bills, I just assume there is a vague policy
like this under everything, whether it's written down or not.

-- 
blue, orange, green, brown, slate.
blue, orange, green, brown, slate.

More information about the Occaid mailing list