RIPE 83

Daily Archives

Marc Wullings - 22-11-2021 11:01:05
Hi everyone, I'm Marc Wullings from the RIPE NCC. This chat panel is meant for discussion ONLY. If you have questions for the speaker and you want the session chair to read it out, please write it in the Q&A window also stating your affiliation. Otherwise, you can ask questions using the microphone icon.
Please note that all chat transcripts will be archived and made available to the public on https://ripe83.ripe.net/.

Franziska Lichtblau - 22-11-2021 11:01:13
Please remember to ask your questions in the Q&A Panel :)

Francis Nyaga - 22-11-2021 11:01:15
Can't get any voice yer

Julf Helsingius - 22-11-2021 11:01:26
Voice OK here

Florian Streibelt - 22-11-2021 11:01:28
chrome works

Florian Streibelt - 22-11-2021 11:01:35
but the shared screeen is very blurry

Gert Doering - 22-11-2021 11:01:40
Can we have a mudfight about the "responsible" disclosure surrounding the RPKI thing instead? :-)

Florian Streibelt - 22-11-2021 11:01:42
ths this a local problem on my side?

Jelte Jansen - 22-11-2021 11:01:50
no, it's blurry here as well

Franziska Lichtblau - 22-11-2021 11:01:51
For me everything is fine

Shane Kerr - 22-11-2021 11:01:53
Blurry for me too.

Alexandre Ferrieux - 22-11-2021 11:01:59
same here

Gert Doering - 22-11-2021 11:01:59
blurr here too (chrome)

Wolfgang Tremmel - 22-11-2021 11:02:02
blurry (low resolution) here too

Franziska Lichtblau - 22-11-2021 11:02:05
the slides look blurry now on chrome

Oliver Payne - 22-11-2021 11:02:08
thanks all, we're checking into it

Jelte Jansen - 22-11-2021 11:02:10
font large enough to read though

Peter Hurtenbach - 22-11-2021 11:02:11
for me screen share is blurry as well

Florian Streibelt - 22-11-2021 11:02:30
was not able to reaed the meeting agenda miriam shared (for reference on blurryness)

Dmitry Serbulov - 22-11-2021 11:03:35
my sound works funtastic/ I was test in another PC/ It was work. But after some reconections it is now not working on 2 PC :-)

Julf Helsingius - 22-11-2021 11:04:02
Blurry on brave too, sound fine

Franziska Lichtblau - 22-11-2021 11:05:00
Out lovely tech staff is working on the slides :) so lets be patient

Franziska Lichtblau - 22-11-2021 11:05:25
*our :)

Randy Bush - 22-11-2021 11:05:27
and here i thought it was because it is 2am

Job Snijders - 22-11-2021 11:05:45
About OpenBSD disclosure: it is important to recognize WHO found the vulnerability. in the case of OpenBSD developers themselves finding a vulnerability in their own OpenBSD software, they will disclosure it publicly, by fixing the issue. This is the responsible thing to do. Would anyone here feel comfortable if they suspected that OpenBSD gives some companies an advantage, and others not? :-)

Niall O'Reilly - 22-11-2021 11:05:48
@Florian, @Julf, thanks for feedback; if you or anyone needs the information, its over here: https://ripe83.ripe.net/programme/meeting-plan/

Ruben van Staveren - 22-11-2021 11:06:15
blurry on firefox too

Randy Bush - 22-11-2021 11:07:30
@job: i would have no problem if openbsd (or anyone) disclosed to folk incorporating it in something they are shipping to users.

Marita Phelan - 22-11-2021 11:07:35
Today's Meeting Plan is also in a fairly large form on the RIPE 83 homepage.

seyed roohollah Marashi - 22-11-2021 11:07:52
Hello all

SEYED marashi - 22-11-2021 11:09:36
Hallo

Marco d'Itri - 22-11-2021 11:09:45
I am one of the people shipping software to users (Debian developer) and I definitely expect people to disclose bugs in advance to vendors

seyed roohollah Marashi - 22-11-2021 11:11:13
What time is it now :mask:

Randy Bush - 22-11-2021 11:11:25
02:11

seyed roohollah Marashi - 22-11-2021 11:12:07
@randy good to see you again, the general meeting gone?

Payman Mohammadi - 22-11-2021 11:13:40
hi , where will the recorded file store ?

Marc Wullings - 22-11-2021 11:14:26
Please note that all chat transcripts will be archived and made available to the public on https://ripe83.ripe.net/.

Alvaro Vives - 22-11-2021 11:16:16
Payman: The slides and recordings will be added to the agenda

Marita Phelan - 22-11-2021 11:16:37
And here: https://ripe83.ripe.net/presentations/presentation-archive/ :)

Geoff Huston - 22-11-2021 11:19:20
https://indico.dns-oarc.net/event/21/contributions/301/attachments/272/492/slides.pdf

Konstantinos Prantzos - 22-11-2021 11:19:35
morgen

Peter Hessler - 22-11-2021 11:21:09
please read for me :)

Daniel Karrenberg - 22-11-2021 11:24:13
thanks fraziska. it was indeed a suggestion for discussion.

Brian Nisbet - 22-11-2021 11:24:14
Given the EU seems to be letting national governments decide that in the zone, and some governments are being weird and vague about it...

Brian Nisbet - 22-11-2021 11:24:20
For critical infrastructure.

Harry Cross - 22-11-2021 11:24:22
Some governments do set lists of what classifies as Civil National Infrastructure (ie Germany base it off how much bandwidth you serve in the territory) - so it may be worth surveying those to find an average?

Brett Carr - 22-11-2021 11:24:25
@danielK I don't think there is such a "list" but I think this would be a good thing to try and do

Jan Zorz - 22-11-2021 11:25:08
request the audio/video if you have questions, please :)

Jan Zorz - 22-11-2021 11:25:23
or response

Peter Hessler - 22-11-2021 11:27:10
I've heard some people call CVE's "invoice numbers", because they are only requested to get payments

Harry Cross - 22-11-2021 11:27:26
I can echo Michael's feedback, there are a lot of people wanting to just make a quick buck. I quite like how Ikea deal with this - https://bugs.ikea.com where you clearly define what is and isn't acceptable

Daniel Karrenberg - 22-11-2021 11:27:48
personally i am sympathetic to folks like openbsd who have a hard time deciding who to 'preferentially disclose' to. AND what Peter is sating.

Daniel Karrenberg - 22-11-2021 11:28:18
sorry, what *Michael* is saying

Marco d'Itri - 22-11-2021 11:28:21
Seen everything as black or white is obviously much easier...

Gert Doering - 22-11-2021 11:28:21
I second what Michael is saying, from the OpenVPN upstream point of view...

Marco d'Itri - 22-11-2021 11:28:28
s/Seen/Seeing/

Gert Doering - 22-11-2021 11:28:31
we do not have that many, though

Frantisek Holop - 22-11-2021 11:28:55
https://www.troyhunt.com/beg-bounties/

Job Snijders - 22-11-2021 11:29:17
haha +1 to the decoder ring :-)

Gert Doering - 22-11-2021 11:29:20
I'm in that cabal :-)

Shane Kerr - 22-11-2021 11:29:45
"shibboleet"

Leo Vegoda - 22-11-2021 11:30:10
@shane how are you pronouncing that ;-)

Harry Cross - 22-11-2021 11:30:35
I often handle tickets which state "I have a bug, but I will only disclose it if you pay me"

Farzaneh Badiei - 22-11-2021 11:30:59
"Do not use social engineering techniques." That's a good responsible rule. How they enforce it is beyond me

Maximilian Beiche - 22-11-2021 11:31:15
since i am not active in this area at all: does google pay bug bounties for bug reports in systems that are not part of their eco system? or only for their own systems?

Gert Doering - 22-11-2021 11:31:39
google pays out for bugs in software they consider "critical"

Maximilian Beiche - 22-11-2021 11:31:45
thanks!

Gert Doering - 22-11-2021 11:32:02
(it's online somewhere but I do not have the URL available just now)

Maximilian Beiche - 22-11-2021 11:32:44
totaly fine, thank you. just wanted to understand the background

Gordon Gidofalvy - 22-11-2021 11:39:12
good morning everyone!

Benno Overeinder - 22-11-2021 11:41:56
In answer to Daniel's question: "Is there a mechanism to reach all operators of critical infrastructure worldwide? Who determines who is sch an operator?" FIRST (first.org) tries to fulfil this role, with members like National CERT Coordination Centers and industry. Most likely the national CERTs define critical infrastructure for their country.

Peter Hessler - 22-11-2021 11:43:20
that's very operator specific. who defines what the "critical infrastructure" is for Operating Systems? For Auth DNS software? For Audio Players? Etc.

Benno Overeinder - 22-11-2021 11:43:32
For DNS, DNS OARC fulfils a role, but not specific to critical infrastructure. As Giovane mentioned, OARC members can exchange information confidentially.

Jan Zorz - 22-11-2021 11:43:41
for Q&A: we *really* prefer if you ask your questions yourself with requesting audio/video in the "mic queue" other than us reading the novels in written Q&A section. Discussion is much better if people ask their own questions, da? :)

Peter Hessler - 22-11-2021 11:43:42
your list of critical will always be in conflict with your neighbour's list of critical

Gert Doering - 22-11-2021 11:44:08
Peter: +1

Benno Overeinder - 22-11-2021 11:44:54
At DNS OARC, operators, researchers and vendors are in contact with each other, small and big.

Peter Hessler - 22-11-2021 11:46:08
another risk, is "bug is in intel cpus and must be mitigated in the OS. which OSes do we contact?" is the answer "just commercial?" how do you determine which operating systems are "critical" "enough" to get disclosure.

Sascha Growe - 22-11-2021 11:47:26
Franziska you're very quiet, or is that just a problem here?

Franziska Lichtblau - 22-11-2021 11:48:16
I hope so

Michael Richardson - 22-11-2021 11:48:41
I haven't found the button to go back to participants list :-(

Franziska Lichtblau - 22-11-2021 11:48:59
oh :(

Mirjam Kühne - 22-11-2021 11:49:03
Yes, Franziska, you seem to be far away from the mic. sometimes?

Sascha Growe - 22-11-2021 11:49:20
Dunno can hear everyone very good except you, have to increase the volume

Franziska Lichtblau - 22-11-2021 11:49:24
*sigh*

Rob Evans - 22-11-2021 11:49:31
Michael: It's the icon of heads with number of participants (currently 320) above the chat.

Franziska Lichtblau - 22-11-2021 11:49:37
sorry for that - I tested it this mornign and everything was fine

Christoph Berkemeier - 22-11-2021 11:49:44
@Michael, top right, with the number, below the microphone symbol

Florian Streibelt - 22-11-2021 11:49:55
participants list: https://meetecho.ripe.net/conference/?group=ripe83#participants

Michael Richardson - 22-11-2021 11:49:58
meetecho If your window is too narrow, then the participant button disappears.

Florian Streibelt - 22-11-2021 11:50:50
hm. its not smart enough to copy the link - that and opens a new window -- sorry

Michael Richardson - 22-11-2021 11:51:07
1200 px wide, see it. 1000 px wide, do not see it.

Vasilis . - 22-11-2021 11:51:15
Thank you for your presentation Alexandre.[Question] Is your proposal somewhere to review?

Alexandre Ferrieux - 22-11-2021 11:51:35
yes, see IETF draft URL in the refs

Vasilis . - 22-11-2021 11:52:23
Great, thank you.

Daniel Karrenberg - 22-11-2021 11:52:26
COFFEEE!

Pim van Pelt - 22-11-2021 11:52:32
Koffie!

Jelte Jansen - 22-11-2021 11:52:42
in what room will lunch be served?

Florian Streibelt - 22-11-2021 11:52:42
yap, coffee

Ondřej Caletka - 22-11-2021 11:52:44
covfefe

Eric van Uden - 22-11-2021 11:52:48
Koffie en koekjes

Niall O'Reilly - 22-11-2021 11:52:50
Caife

Rob Evans - 22-11-2021 11:52:58
Suggestion: If we finish sessions early, I the chairs should have to entertain us with a song...

Ruben van Staveren - 22-11-2021 11:53:09
Lunch and getting some fresh air

Geoff Huston - 22-11-2021 11:53:11
pushing the flow control channel behind the encryption envelope was deliberate!

Michael Richardson - 22-11-2021 11:53:12
remind us: is 5 the highest rating?

Brian Nisbet - 22-11-2021 11:53:18
5 is.

Mirjam Kühne - 22-11-2021 11:53:20
More info about the PC elections is here: https://ripe83.ripe.net/programme/ripe-pc/become-a-member/

Marc Wullings - 22-11-2021 11:53:27
This session has now ended. The next session will start at 13.00. More info on the RIPE 83 meeting plan: https://ripe83.ripe.net/programme/meeting-plan/

Dmitry Kohmanyuk - 22-11-2021 11:53:37
Rob - love your idea :)