WingNews logo WingNews GitHub [2]

kbirkeland's comments

kbirkeland | 6 years ago | on: Visibility of IPv4 and IPv6 Prefix Lengths in 2019

I think the reason for using /30s instead of /31s is mostly legacy. It's a 19 year old standard and most vendors support it.

Regardless of the point-to-point subnet used for the local peering connection, it's interesting that that many /30s have leaked into the default-free zone. BCP 194 recommends filtering IPv4 prefixes longer than a /24.

kbirkeland | 7 years ago | on: HTML Periodic Table

> that's when I learned the difference between being right, and being right in the eyes of the law

It sounds like there's an interesting story here. Care to elaborate more?

kbirkeland | 7 years ago | on: Really, Google? (Or Why We Can’t Have Nice Wireless Networks)

Besides security policy, mDNS uses a link-local multicast address, so routers will not forward it to other network segments. Many operators utilize a number of VLANs on their wireless networks, so this creates an issue when devices in separate VLANs attempt to discover each other over mDNS.

This is usually solved through some sort of mDNS proxy, but you don't really want to proxy everything. If your phone discovered all of the apple tvs and chromecasts across campus, then it wouldn't make for a good user experience for anybody.

kbirkeland | 7 years ago | on: Really, Google? (Or Why We Can’t Have Nice Wireless Networks)

While the rant is valid, I feel like the amount of effort venting about this was equal to or more than actually attempting to get this to work. The author claims that there is "a fair amount of multicast in play which could be part of the issue," but there are no inherent issues with multicast over wifi. My suspicion is that it uses mDNS or some other _link-local_ multicast protocol for discovery. This isn't really news though; any network operator that supports Apple TVs, Chromecasts, etc on their network has had to deal with this (and most vendors have solutions for proxying mDNS).

kbirkeland | 7 years ago | on: Linux Kernel Developers Discuss Dropping x32 Support

64 bit pointers are pretty important for security. When using ASLR, a certain number of the bits cannot be randomized. This leaves you with a randomization space of about 12 bits with 32-bit addresses, but over 40 bits of randomization with 64 bit addresses.

kbirkeland | 7 years ago | on: Go 2, here we come

I'm curious what the motivation was to use int instead of uint considering indexes cannot be negative in Go.

kbirkeland | 7 years ago | on: OpenBGPD – Adding Diversity to the Route Server Landscape

Unless you're peering with another stub AS, creating a prefix list for both sides is almost impossible. The current recommendation[0] is to filter inbound on customer links using either IRR or ROA. Unfortunately neither of these are perfect. ROA can be replayed. There are a breadth of IRRs and I'm not quite sure of the validation levels each has. From my experience, they usually allow updates via email with either sender verification or password based authentication.

[0] https://www.manrs.org/isps/guide/filtering/

kbirkeland | 7 years ago | on: OpenBSD 6.4 released

You can patch the system and update all binaries with two commands:

  doas syspatch
  doas pkg_add -u

kbirkeland | 7 years ago | on: Wi-Fi Alliance introduces Wi-Fi 6

The larger problem with the 2.4 GHz ISM band is the lack of non-overlapping channels along with only one station being able to transmit at a time per channel (in pre 802.11ax). There are only three non-overlapping 20 MHz channels in the 2.4 GHz unlicensed spectrum, where 5 GHz spectrum has about 21 (although some require active radar avoidance).
page 2
newer