On 01/09/2011 10:09, John Curran wrote:
On Jan 9, 2011, at 2:09 AM, Jeff Wheeler wrote:
In terms of database size, excluding RIPE, the ARIN IRR is the 8th largest, ahead of ALTDB and about 10% as large as Level3, the second largest IRR database (except RIPE.) A mass-corruption of the ARIN IRR overnight might be a serious incident causing service impact to a large number of users and businesses, and cause probably thousands of people to be got out of bed in the middle of the night, but clearly it would not be a total disaster.
Jeff -
Please suggest your preferred means of IRR authentication to the ARIN suggestion process:<https://www.arin.net/participate/acsp/index.html> Alternatively, point to a best practice document from the operator community for what should be done here. ARIN's work plan is very much driven by community input, so that's what is needed here.
John, I get what motivates this response, and am even guilty of having provided similar responses. So I'm not going to glom onto the criticism of this as a response _per se_. However, there is a line beyond which some things cross which takes them out of the realm of, "Show me you care about this issue by reporting it in triplicate" and into the category of "This is bad on its face and I need to use my internal channels to get people an answer ASAP." To me (speaking as someone with absolutely no dog in this hunt) the issue of "The only authentication method available for the ARIN IRR is mail-from" clearly falls into the latter category. My reading of the reaction here is incredulity that this was not your immediate response, and (once again without trying to glom on) this is a reaction that I share. Now it seems that you acknowledged that further on in this thread, but just for fun I decided to try your suggestions-suggestion. I went to the site, it requires a login. Well, ok, I think having a method for "I don't want to track this I just want to throw it over the wall in case someone cares" might be valuable, but everyone wants a login nowadays, so fine. I attempt to click the "new user?" link, and at some point I realize that the site requires cookies for login stuff. Ok, another necessary evil. So I enter my desired information, and click continue, and get bounced right back to to the original page. I figure my registration was successful and attempt to log in. That fails. I click the "assistance" link and enter the e-mail address I used to register, it's not registered. So I go back to the registration form, enter my information again, and hit Continue. This time I got an error message, user names must be at least 6 characters. Um .... ok. So I think of another username, click Continue, and get a new error: The e-mail address you entered appears to be a role account. Please enter an e-mail address that contains your name or initials. Note that ARIN Web account information will not be published in ARIN's Whois. If the e-mail address you entered is not a role account, please contact the Registration Services Department at hostmaster@arin.net or +1.703.227.0660. I create e-mail addresses of the form <blah>@dougbarton.us for all the sites that I register on to track whether or not they use my e-mail address for nefarious purposes. So yes, "arin@dougbarton.us" looks like a role account, but it's not. So I'll bite, I'll call the number and talk to them. Ooops! I called at 4:01 pm PST, and y'all had closed up shop 1 minute earlier. (Yes, I realize that the ARIN office is on the East Coast, don't care. My working day is still going on for hours more. Must really suck for ops in HI.) Now admittedly my method of working on line is different from the average Internet user, although arguably not _that_ different from a lot of the people in your custo^Wmember demographic. So one could make the argument that in its current form the suggestions page actually serves as a barrier to entry, rather than an effective communications channel. But soldiering on, I put in my "regular" e-mail address, and hit Continue again. It once again bounced me back to the main page, but once again, I was not actually registered. So, I started the whole registration process all over again, and this time it succeeded. So now... You must accept the Terms of Service Agreement in order to proceed. Hmm.. well, 79 very long lines of text, no way to download the document for my lawyers to review, and most of it applies to people managing information related to services. But what the heck, I'll give it a go. So now I have to create a web profile. First/Last, Company, and full postal address are all mandatory fields. Ok, all done with that, now I actually have a web account. *phew* Wait, what was I going to do with it again? Oh yes, I was going to submit a suggestion .... um .... where is the link for suggestions? At the top of the page I have Number Resources, Participate, Policies, Fees & Invoices, Knowledge, About Us. Most of those don't apply to me, so let's see, on the left side we have Message Center, Web Account, POC Records, Organization Data, Manage Resources, Track Tickets, Listing Service, Downloads, Ask ARIN ... neither I nor Firefox can find "suggestions" anywhere on that page. I could of course use the "Ask ARIN" link which brings up a reasonable-looking form to send my suggestion in the form of a question, so I suppose that'll work. Now in case anyone is still reading this message, my point is _not_ "ARIN SUCKS!" My point is simply that saying, "All you have to do is ...." doesn't always cut it, and as I said (way, way) above there _is_ a line where it really is incumbent on the operator community to get involved in the process on your turf. Hopefully though you'll take this thread as feedback from the operator community that where you have (at least up until recently) believed that line to be is not appropriate, or even realistic. best regards, Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/