On Wed, Jan 16, 2013 at 10:07:40AM -0500, Todd Underwood wrote:
no one seriously believes that the RIPE NCC (which is managed by all of its members) is primarily distinguished by their incompetence and negligence.
Really? Then why, pray tell, haven't they made it a practice to routinely (let's say, once a month) ask the people over at Spamhaus: "Hey folks, do you see anything wonky in the space we manage?" and then act immediately and decisively on what they get back for an answer? I don't want to speak for Spamhaus, but I suspect that they would be delighted to provide that response, particularly if it led to swift and effective action to make the problem(s) go away. And while I don't always agree with their positions, I've *rarely* found mistakes in their research: they're thorough. (So's Ron, by the way.) This isn't complicated. This isn't expensive. This doesn't require new technology or anything fancy. It's basic due diligence. Yet it clearly hasn't happened. Why the hell not? We live in a time when abuse is epidemic. It's costing us a fortune, and I don't just mean in financial terms, although certainly that's bad enough all by itself. But it doesn't just magically fall out of the sky and land on our servers or routers, or at port 25 on our mail servers. It comes from *somewhere*, and it does so on *somebody's* watch. And when it does so on a chronic and systemic basis, surely it is reasonable to ask questions like "Why, if we can so clearly see it arriving at our operation, can they not see it leaving theirs?" or "Why aren't people paying attention to the primary/most useful sources of information about their own operations?" So it's (well past) time to stop giving people a pass for looking the other way or failing to look at all. It's my, your, and everyone's professional responsibility to do everything we possibly can to prevent the networks, hosts, and resources we run from being part of the problem. So yeah: "incompetence" and "negligence" are the best words I can find to describe failure to do that. What would you call it? ---rsk