home tags events about login

benjojo rss

Hope you never notice the outages I cause. Knows where the RFC2616 bodies are buried. recurse.com SP'2 18

Follow me using: @benjojo@benjojo.co.uk in your client

benjojo posted 22 Apr 2024 17:20 +0000

When your customer requires you to use a Supplier Relationship Management platform to raise invoices and get paid, and you have to figure out how to use it

(Original Video)

benjojo posted 22 Apr 2024 15:03 +0000

Breaking new records on the RIPE NCC members-discuss mailing list this month (and we are not even finished with the month)

Looking back, the peaks (IE over 150 emails a month have been)

Apr 2023: Charging Scheme

Mar 2022: " A request to terminate ENOG "

Apr 2020: Elad Cohen

Jan 2019: Charging Scheme

Sep 2016: Charging Scheme

Feb 2016: Charging Scheme

Jul 2012: Charging Scheme

Oct 2011: Charging Scheme

Jun 2009: Charging Scheme


It's the Charging Scheme mailing list, with a little tiny bit of other stuff

A graph of the email posting rate to RIPE's members-discuss from 2009 to now

benjojo posted 22 Apr 2024 10:27 +0000

blinks, ah yes, time to declare unread message bankruptcy

The Zulip chat program interface, showing 10145 unread messages

benjojo replied 22 Apr 2024 09:38 +0000
in reply to: https://ipv6.social/users/miyuru/statuses/112314180982473944

@miyuru I don't really record that kind of data, bgp.tools actually does not log that much data to mostly steer clear of things like GDPR liabilities.

Exceptions are made for "write" actions to users accounts (basically a audit log) and some page load performance data that is kept a few months so I can see if I am doing a better or worse job over time.

I do want to actually repeat some of these experiments, but I've yet to have the time

benjojo posted 22 Apr 2024 09:31 +0000

While home users can (mostly) change their DNS resolver, the vast majority of them don't.

In a talk last year at nog.fi Alain Durand from ICANN dug down on DNS resolver usage: https://nog.fi/event/1/contributions/6/attachments/2/3/eu-resolvers.pdf

The findings are somewhat interesting, this does mean that "Geo"DNS driven things are still very possible, and actually a reasonably small majority of eyeballs need special casing for public DNS recursors that are more hostile to GeoDNS like Cloudflare's 1.1.1.1

Obviously the kind of user that changes their DNS to Quad1/Quad8/Quad9 is more likely to also know how to complain if they are being served content from the wrong place, but again it's worth keeping that in mind that most consumer users don't change their DNS.

Biz's however do seem to change their resolver, I assume because they are doing more of the configuration themselves (vs a home user that just has a router with all of the stuff configured out of the box), and are more likely to enter into config DNS recursors that they remember the address of.

A pie graph showing "Large Consumer ISP Biz to Customer" DNS Resolver usage

benjojo posted 20 Apr 2024 10:50 +0000

Paying the cat tax, this one is a nap professional

Various photos of a white cat, mostly sleeping

Various photos of a white cat, mostly sleeping

Various photos of a white cat, mostly sleeping

benjojo posted 20 Apr 2024 09:30 +0000

High risk activity

benjojo replied 18 Apr 2024 22:04 +0000
in reply to: https://social.treehouse.systems/users/Aissen/statuses/112294457540592580

@Aissen bgp.tools is basically always doing a /0 ICMP scan for https://map.bgp.tools . I don't think I've observed any serious blocking of that IP address, and anyone who did decide to block based on a single ping every 2 weeks likely does not make a accountable difference to numbers!

In general I believe my network is pretty much as reachable as anyone elses, I do run a commercial service form it and have yet to get complaints about lack of reachability

benjojo posted 18 Apr 2024 20:40 +0000

Out of all IPv4 addresses on the internet (that are BGP routed), Around 9.57% of them respond to ICMP ping!

benjojo posted 18 Apr 2024 11:11 +0000

breaths in through gritted teeth

It's amazing how much LinkedIn is trying for me to hate it

A LinkedIn post box saying "Start a post, Try writing with AI!"

benjojo posted 18 Apr 2024 16:39 +0000

Man, I totally see why solar power people go nuts for stats, it's almost hypnotising to watch the power move around

A screenshot of a Victron Energy interface, showing the solar inverter doing 25kW, the AC inverter doing 9kW and the battery charging at 14kW

benjojo posted 17 Apr 2024 20:46 +0000

I think I'm going to call EMF-IX quits for this year.

I'm not really at the point where the cost to hire the marquee (etc) is viable for me, since I don't make the same level of income as I used to. (and I suspect trying to find people to split the costs is enough of a task as running EMF-IX etc)

Apologies!

benjojo posted 17 Apr 2024 15:04 +0000

I really hate this stuff, I know the site does not see the email until I click on it, but it just feels like a timebomb siting at the corner of my screen on every site. Even more so because my email addresses are clearly displayed on the screen, making it a doxxing risk if I am not careful with screenshots

A login with google prompt on stack exchange, there are 2 users called Ben, the email addresses are censored out

benjojo posted 17 Apr 2024 10:21 +0000

Target acquired

benjojo posted 16 Apr 2024 11:09 +0000

AI bot scraper desperately pawing at the door over and over, Maybe robots.txt changed since the last... 2 seconds since it last checked

A screenshot of a CLI prompt, showing lot of requests from AWS ip addresses, for robots.txt from the user agent claudebot

benjojo replied 15 Apr 2024 22:50 +0000
in reply to: https://infosec.exchange/users/malwaretech/statuses/112277613039708137

@malwaretech @filippo @dangoodin so I pulled the github keys of 1.4k people who follow me on github, and:

$ cat keys | awk '{print $1}' | sort | uniq -c 
     50 ecdsa-sha2-nistp256
      1 ecdsa-sha2-nistp384
      8 ecdsa-sha2-nistp521
      3 sk-ecdsa-sha2-nistp256@openssh.com
     14 sk-ssh-ed25519@openssh.com
    828 ssh-ed25519
    875 ssh-rsa

P521 is used more than P384, but it's all tiny volumes compared to the actually correct option of ed25519.

I don't think P521 (or, in general ECDSA) keys are that widely used, either that or my followers are smarter or dumber than the average

benjojo posted 15 Apr 2024 22:06 +0000

Being the first user of a syscall (at least as far as github code search can see) in your programming language comes with some nerd cred... and some extremely bizzare bugs that are now entirely my problem to resolve.

Currently dealing with a weird case of hitting a weird getsockopt on a socket, and only websockets breaking down, H2 etc still works, so it's not like I broke bi-directional sockets. Extremely strange.

Maybe I should just stop reading kernel code/man pages and just succumb to learning how eBPF works rather than doing mildly bizzare syscalls/sockopts to get what I want

benjojo replied 14 Apr 2024 15:49 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/66QHvBgf35zcy2Y2m4

Of course, inet_aton's other legacy will be all of the "trick shot" XSS / WAF bypasses that it allows, since nearly everything is a valid IP address with that damn function.

During the time where I was the maintainer of a largely deployed WAF product, inet_aton was a constant pain in the ass due to all of the creative ways you could fit IP addresses in places that should not have IP addresses in them.

benjojo posted 14 Apr 2024 15:52 +0000

inet_aton's legacy will be all of the crazy shit IP addresses it can invent in random places

A search suggestions menu that suggests that the input of "206924" is a URL with the IP address of "0.3.40.76"