From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from tuna.sandelman.ca (unknown [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) by huchra.bufferbloat.net (Postfix) with ESMTP id C2A9821F17B for ; Mon, 26 Nov 2012 07:28:27 -0800 (PST) Received: from obiwan.sandelman.ca (desk.marajade.sandelman.ca [209.87.252.247]) by tuna.sandelman.ca (Postfix) with ESMTP id 8E5D82016D; Mon, 26 Nov 2012 10:30:11 -0500 (EST) Received: by obiwan.sandelman.ca (Postfix, from userid 179) id E39B863A8E; Mon, 26 Nov 2012 10:28:00 -0500 (EST) Received: from obiwan.sandelman.ca (localhost [127.0.0.1]) by obiwan.sandelman.ca (Postfix) with ESMTP id D2FE863A8C; Mon, 26 Nov 2012 10:28:00 -0500 (EST) From: Michael Richardson To: Dave Taht In-Reply-To: References: <54532012A5393D4E8F57704A4D55237E3CDE473A@CH1PRD0510MB381.namprd05.prod.outlook.com> <10146.1353932800@obiwan.sandelman.ca> X-Mailer: MH-E 8.3; nmh 1.3-dev; XEmacs 21.4 (patch 22) X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Sender: mcr@obiwan.sandelman.ca Cc: Richard Brown , "cerowrt-devel@lists.bufferbloat.net" Subject: Re: [Cerowrt-devel] Bufferbloat at upcoming LUG talk X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Nov 2012 15:28:28 -0000 >>>>> "Dave" == Dave Taht writes: >> (In general, leaking names is really not that much of a worry...) Dave> Names, no. Amplification attacks are a serious problem with DNS. Dave> The internet is rife with worms and daemons that are leveraging open Dave> dns servers to amplification attacks. In a few short weeks that macej Dave> had left the port open, so, there is a difference between leaking names, and providing recursive service to everyone... Dave> I've tried very hard to respond to CVEs over the course of this Dave> project (bind alone, had 5), but I'm away from the lab, in the middle Dave> of a trip, in between a major upgrade of functionality to cerowrt and Dave> trying to get funding to re-invigorate this project. Understood. Dave> I haven't had much time to hack. None to test. Dave> I would to get to where we had infrastructure to easily create, test, Dave> and push out security related fixes. I wonder if part of the issue is that flashing hardware is a pain in the butt to do automagically. Were I able to spend paid time on this, I'd want to do a cerowrt build for x86, or some other trivially virtualized processor. >> Use the fountain images that Van Jacobson used at IETF84. Dave> In my own preso at the lincs, I used my coffee cup... Dave> There is an interesting preso that shemminger is using that uses soda Dave> bottles to do something similar to both concepts. Jamming holes into Dave> it randomly to simulate red.... Dave> I may adopt this - however in explaining fq_codel, I think I need to Dave> add multiple cups, and an eye-dropper for the ant packets. sure... in explaining fq_codel, I can see that you need more than the fountain. I think that most people need bufferbloat clearly articulated before they will see that there is a problem that needs fixing, and most non-network people are still there. -- ] He who is tired of Weird Al is tired of life! | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ Kyoto Plus: watch the video then sign the petition.