From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-yb1-xb34.google.com (mail-yb1-xb34.google.com [IPv6:2607:f8b0:4864:20::b34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id BE6F43CB37 for ; Tue, 7 Nov 2023 10:45:04 -0500 (EST) Received: by mail-yb1-xb34.google.com with SMTP id 3f1490d57ef6-d9ac9573274so6114904276.0 for ; Tue, 07 Nov 2023 07:45:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699371903; x=1699976703; darn=lists.bufferbloat.net; h=content-transfer-encoding:cc:to:subject:message-id:date:from :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=WOlYHf9Szjblj0CnkVsX29hn7OeXmSY/O6DRB7fS9AI=; b=YHm6dZLamjIh8ZlApCZgE60oW7FJ/86lkkI5u3fV4aildF6YTCT0sGQ27NvyIVjerH E+0LjEYe3EBk+wMr3zw5CYvBV5gLcYMHE+hmI1bgYqhn+QnK7+V07Up9O+1Qgn2V4+X8 3zSL4nFzKoPR9mOjVE7lthDfPwToHWjeVjUh8Lgcf2BPUTFcDRzoC4UpsDuRi5htRAiL eBuU19c/ojUQXnP+mUV+r1q9125cs8Xk+/+UXMQjSp+yl+tFuIX4JNwSxbllImAtsRk2 Uy/5qwht2I5O0bpBjTvm1GBwwTce1lhhs3//jqDecLK7tlmPB9YZhKliuIxOL4hRey49 /4Vg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699371903; x=1699976703; h=content-transfer-encoding:cc:to:subject:message-id:date:from :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=WOlYHf9Szjblj0CnkVsX29hn7OeXmSY/O6DRB7fS9AI=; b=gl4Yi7QUQCnjKJso027PpKAezHUdXjrtyf0nl5N7lW9NsW348qEH0Mno0OolXiegIX fy5wXO5EK5Yt+2fJ2GtQWXhkMlEjtdoX//Eg7CU7/ITjANKx5G2KXjumBoOj+nnN7ryq REFCJg5/4pPNiRuCv0ME2k8CY0VQdZrl/7aRPafPWokcechXFctETXzO+rOm8wSh8nU7 Vt3PbFqrVh3iQC1UiwPFR/Px1R9AOGWqLPWjnwVbLcLSGOrIxg30YgRSk/ukyA1XgCP6 hlkAcdpvLzAGIdVX9mY6qHRClwEfZUP/m/tzl0FgGUUne4dXnMwwLZYSGfbGF4YRfEy+ H/MA== X-Gm-Message-State: AOJu0Yyr+PCz7A0n1EJIAM7T8MDTgid/4Gc6yuEq6vAX4vO0moq5Vj3i nfr05ZXRek+Rwx5IVF06dzHGoJtshj0Et/0moldEpyIWXRA= X-Google-Smtp-Source: AGHT+IG+gvk5qJyxYLd8rYQagwbaPt2YORbh9+jSl4tsAmbyqjLX+SNwx85LgDKTufN5CNujv4nFhHoDVnGoTs8BnpI= X-Received: by 2002:a5b:c0a:0:b0:d71:6b6e:1071 with SMTP id f10-20020a5b0c0a000000b00d716b6e1071mr31786587ybq.32.1699371903202; Tue, 07 Nov 2023 07:45:03 -0800 (PST) MIME-Version: 1.0 From: Dave Taht Date: Tue, 7 Nov 2023 10:44:48 -0500 Message-ID: To: =?UTF-8?Q?Network_Neutrality_is_back=21_Let=C2=B4s_make_the_technical_asp?= =?UTF-8?Q?ects_heard_this_time=21?= Cc: Seth David Schoen Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: [NNagain] Artificial scarcity and virtual numbers, like IP addresses and certs X-BeenThere: nnagain@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: =?utf-8?q?Network_Neutrality_is_back!_Let=C2=B4s_make_the_technical_aspects_heard_this_time!?= List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Nov 2023 15:45:04 -0000 Last week a discussion started that is one of the sadder arguments in favor of some forms of artificial scarcity across the internet I have yet read, and a seemingly complete misunderstanding of the role of thesoftware that runs it - and it took a lot for me to recover enough to try and counter it. To start off with a sideways example: Everyone talks about planting more trees to cope with global warming. Nobody talks about planting more fruit trees to feed more people (while also helping with carbon capture). Why is that? We had an apple tree next door when I was growing up, and our neighbors made canned jam. During the season it was no trouble to jump the fence and pick up a healthy snack. Back when I had a house I had a plum tree that shed so much fruit it kept me in jelly all year, and also fed a profusion of friends, deer and other animals. I also had blackberries and raspberries on and around the property and could usually pick breakfast or dessert in under 15 minutes for many months out of the year. The principal downsides are: the dang deer would eat my roses, too, and raccoons would also turn over the garbage pail and scare my cat. Blackberries are a pretty invasive species, you have to cut them back yearly - and you can prick yourself picking them, but rather than resent that I dreamed of having a more automated means of picking them, perhaps via a daily drone. Nowadays, my gf and I hunt mushrooms in multiple parks nearby. It is a nice way to spend a morning. You can only do it a few days after rain in the late fall, and it rains rarely here. Some of these are poisonous, many, such as boletas - are utterly delicious. Their growth process is so mysterious still, that there seems to be no way to produce them in a factory farm. You see a lot of FUD spread around, about the dangers of mushrooms, but with a good guidebook, and experience, it seems to work out ok for many. Still... it is rare to see an American in the forest hunting mushrooms, we mostly see Japanese, Mexicans, Chinese and Russians doing it. A day where you can find 3 Boletas - is a VERY good day! That is enough to flavor quite a few meals! You walk a typical city street however, seeing no fruit trees, and hear very few birds. ... Not too many years ago, especially after the Snowden revelations, encrypting all web traffic became a thing, and a bunch of wanna monopolists attempted to make the processes for acquiring a cert onerous and expensive. I am talking 1000s of dollars here, with fancy procedures like locked physical vaults filled with these numbers. (for those that do not know, a web certificate is just a string of numbers and an authentication chain that ensures that the DNS name of a website matches the website itself. The process of validating one, or not, you have all seen. There are many other uses for certs in general, and one of the most useful - and problematic - ones, is you can setup a cert to expire after a given period of time) A couple internet founders got kind of PO'd at all that monopolistic behavior over the "open web", and started up LetsEncrypt, which by evolution and rigorous automation made acquiring a "good" cert child's play, (a minute, once), and thus everyone that wanted good crypto and authentication on their website, personal, or otherwise, got it. This is far too long a story to tell here, if I can find a reference on it, I will post it. I think I am mixing up the timelines some. Much hewing and gnashing of teeth later the wanna-be monopolists vanished, and anyone can get a cert for their application so long as they have a public IP address and an entry in the global DNS, from the letsencrypt system. The process of democratizing good cryptography started long before that with the openssl project, which was the baseline library that many applications used to manage cryptography and certificates. Being free software, and not horrible to deal with, and up to date, it ended up being used by nearly everything on the web... A downside to that was it wasn't until a major security hole was found that the starving developers got a little long term support from the now millions of users like banks and so on, and there is now enough variety in the ecosystem of other codebases to make another bug that big less terrifying. But trillions of dollars flow, still, through older openssl versions, bugs are still being found, and fixed. https://www.openssl.org/news/vulnerabilities.html and the internet is currently going through contortions to cope with far less complicated vulns such as: https://www.darkreading.com/vulnerabilities-threats/critical-unpatched-cisc= o-zero-day-bug-active-exploit ... More recently efforts to create artificial scarcity like NFTs were big and ugly fads. The bubble on NFTs finally crashed a few years ago, as did most (but not all) of the ones around web3. An image is just a string of numbers. You have to accept somehow, mentally, that someone's blockchain is authorative, and thus! that image has value. They didn't. I am very happy to see some of the biggest grifters behind "cryptocurrency" scams creating and then evaporating billions of dollars of value via bad practices, hype, pump and dump and "rug pulls" going to jail. PT Barnum was right - "there IS a sucker born every minute" - as was Mark Twain - "You can fool some of the people some of the time". Given the enormity of these levels of virtual theft I sometimes wish the penalties for it still included time in the public stocks, and severing of the hands, in the hope that it might deter more folk from this course of action. For all that, some forms of electronic currency strike me as pretty good and useful. Coping with IBAN and swift is a PITA, but works for many. Zelle is straightforward but not good internationally. I think the transaction fees charged by most of the common ones rather high and a real drain on the economy when compared to physical cash but it seems cheaper than the cost of printing and distributing physical money in the first place. India has rolled out a remarkably cheap, transaction fee-less, version of ecurrency, as has China. I do not know much about those, and wish I knew more. I know plenty of businesses still, that prefer cash, and many more that pass a 4% surcharge onto the customer when credit is used. I was a too-early adopter of eCash, (late 1990s) and being burned by that I avoided bitcoin. I still gawk at the idea that these strings of numbers got converted from a unit of exchange and into being a store of (pumped up) value. I guess I am unusual in disrespecting these forms of commerce given how widely accepted other forms of financial derivatives are and the commonness today of non-voting stock - but with my savings account earning .01% and my credit cards costing 29%, perhaps I should have figured out a way to play in this or the stock market long before now! I know multiple people that did well "investing" into bitcoin. One bought a house. But in the end these are just strings of numbers scribbled into a ledger. ... In 2016 John Gilmore convinced me that IPv4, and its 4 billion addresses, needed to connect through it - still had life in it - and was going to be needed for 50+ years more, for the Internet to continue to interoperate, from a paper entitled "The Hidden Standards War - Economic factors Affecting IPv6 deployment" It is in this presentation here - which I certainly wish more people would read and think about: https://github.com/schoen/unicast-extensions/blob/master/docs/IPv4%20Unicas= t%20Extensions3.pdf As part of the unicast extensions project... We went and scanned *All* the open source code in the world, only to find that certain "policy" restrictions placed on IPv4 in the early 80s were not enforced in IoT, in zero applications, and only a few mainline operating systems. Notably the 240/4 (1/16th of the internet address space reserved in 1983 for "future use" - 240 million addresses!) - actually worked on most devices already due to an effort dating back to 2008. I finished the job with a very small set of patches with the only public application left that did not work, we know of, being the bird routing daemon, and the Windows OS. While my fingers were in there, I also made 0/8 work (16 million addresses), and we crafted proposals also to divvy up 127/8 more as to its original meaning of "local host networking". Back then I was more naive than I am today. I had thought that various powers that be (the RIRs, ICANN, the IETF) would look at this vast unused space with huge demand for it, as an opportunity, and that as it did need an OS upgrade in many cases, that some adoption would force more OS upgrades which also gave workable IPv6 support. I am pretty sure that if a financial model emerged for supporting open source software development with at least some of this space emerged, that we could indeed roll out 240/4 in 3-7 years and it would be immediately and incrementally useful to those limping on along on limited or conflicting rfc1918 applications. Instead... oh, I don't want to to talk about it any more. I merely justify to myself that eliminating the 0/8 check from Linux saves a few nanoseconds on every packet. Our few weeks of effort saved money and time for all the billions of users of containers and linux a few hours after it deployed more widely as part of ubuntu, redhat, centos, etc, etc. But that is not the most hilarious thing. A goodly percentage of the internet's IPv4 address space remains dark - and not online - given the willy nilly allocations in the beginning and confused ownership that has been hard to sort out since 1983. I have a /23 that I have been sitting on for 30 years. I am happy ARIN is making it vastly easier to get a BGP AS number at the beginning of next year. I kind of view the dark areas on the ipv4 map as much like the FCC's wireless spectrum maps. Current market sales price for ipv4 is about $35/ip. Amazon looks to be renting their 120 million allocations to the tune of $44B/year starting in 2024. Other address spaces belong to people that have died, or orgs that have forgotten they had it in the first place, and some of the biggest unused chunks are held by corps that haven't tried to realize their market value yet - Apple has a /8 for example. The biggest chunks of that dark space are actually held today by the US government! Last I looked there were 11 /8s - 180m IPv4 addresses held fallow, and a giant mystery around AS8003 - which started announcing those, but not routing them: https://www.kentik.com/blog/the-mystery-of-as8003/ - I do not know what was going on here!? (anyone know?) I imagine at these prices that these spaces hold great value for those attempting to cross the digital divide and provide digital equity, as despite the successes of carrier grade nat, real IPv4 addresses are needed along the edge to provide good services through that, and real IPv4 addresses required to interoperate with many vpns, at least. Once upon a time someone with an IPv6 axe to grind, picked our second weakest proposal (reducing the native "localhost" 127/8 address block to a /16 and my use case, (others in the project differed) using up the remaining to make kubernetes less of a hairball and more efficient than rfc1918 host nat) For the record, our weakest proposal was trying to find ways to reduce the multicast space (224/4) sanely to reflect modern multicast IP addressing applications only using up about 8 dedicated ports total. Fixing this involves adding about 6 lines of code to multiple OSes, not subtracting it. IPv6 involves adding and testing 100s of thousands of lines of code to everything, the "adding" part being mostly done, the testing part problematic, and the long tail as per "The Hidden Standards War - Economic factors Affecting IPv6 deployment" incredibly long. I took so much flack from that 127/8 brigade, (tho we did get some grudging approval of making 240/4 usable enough as at least rfc1918 space once we pointed it out) - and being busy with fixing bufferbloat, which was far less controversial by that point, dropped out of the unicast extensions project. I like to think the IETF internet drafts we produced [3,4,5] are now highly entertaining pieces of the historical record and who knows!? as it has been 6+ years after the lines of code were deleted, the code deployed in linux and BSD, and the world didn't melt, perhaps it will gain traction. Since... Google used up 240/4 as a ipv6->ipv4 NAT translator for a while, and amazon is also using up at least 240/8 and 242/8 for their own internal uses. [2] Perhaps their use cases can be made official and shared with the rest of the internet denizens someday, or my original dream of aiming for the 240/4 space to become publicly available and operated succeed. I keep hoping to get a project launched to just announce 255/8 onto the global internet and see what, if anything, breaks. That is kind of symbolically like 2.4ghz spectrum was "junk spectrum" originally. There are a lot of other IPv4 things that could be made to work better - udp-lite could be made to just work (already does) more globally, thus doubling the available port space for all udp-like traffic, as one example. As for 0/8, I had fantasies of making that "just work" for a "space RIR" nat translator and individual terminal address-ability, 0.0.0.1 being starfleet headquarters. It helps to have read the paper I started with to realize we are going to be stuck with IPv4 for a lot longer than most think. But the day I deleted this code, with perhaps a someday value to someone of billions, was a good day.[5] As lessig once wrote - "code is law." ... sometimes it is bad law. Or just bugs. ... This finally gets me to trying to talk about the string of flawed analogies made in one of the posts - comparing a three tier passenger railroad system with how the internet works. Physical goods and infrastructure are vastly different from virtual goods, and the real costs of development, deployment, and especially maintenance, of the code on the internet, not well understood. But that is all I intend to write for today.I would merely like more folk to be aware that some numbers are only more valuable than others due to arbitrary constraints and shared hallucinations. [1] https://news.ycombinator.com/item?id=3D29246420 [2] https://news.ycombinator.com/item?id=3D32566730 [3] https://www.ietf.org/archive/id/draft-schoen-intarea-unicast-127-00.htm= l [4] https://www.ietf.org/archive/id/draft-schoen-intarea-unicast-240-00.htm= l [5] https://news.ycombinator.com/item?id=3D20430096 --=20 Oct 30: https://netdevconf.info/0x17/news/the-maestro-and-the-music-bof.htm= l Dave T=C3=A4ht CSO, LibreQos