The great Netflix vpn debacle!
Well, It happened. I have multiple subscribers calling in. They can not access Netflix. Any contacts on list for Netflix that I can use to get my up blocks whitelisted? John
geosupport@netflix.com has been very responsive for us. Best of luck, Netflix is always a hassle. Phin On Fri, Aug 13, 2021 at 8:13 PM John Alcock <john@alcock.org> wrote:
Well,
It happened. I have multiple subscribers calling in. They can not access Netflix.
Any contacts on list for Netflix that I can use to get my up blocks whitelisted?
John
https://thebrotherswisp.com/index.php/geo-and-vpn/ ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "John Alcock" <john@alcock.org> To: nanog@nanog.org Sent: Friday, August 13, 2021 2:11:16 PM Subject: The great Netflix vpn debacle! Well, It happened. I have multiple subscribers calling in. They can not access Netflix. Any contacts on list for Netflix that I can use to get my up blocks whitelisted? John
Is there some new DB that major CDNs are using? We've been getting several reports of prefixes of ours being blocked, claiming to be VPNs, even though we've been using those subnets without incident for years. HBO, Netflix, and Hulu appear to be common denominators. I have to wonder if they're all siphoning misinformation off of some new DB somewhere ... On 8/14/21 1:45 AM, Mike Hammett wrote:
https://thebrotherswisp.com/index.php/geo-and-vpn/
----- Mike Hammett Intelligent Computing Solutions <http://www.ics-il.com/> <https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL> Midwest Internet Exchange <http://www.midwest-ix.com/> <https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix> The Brothers WISP <http://www.thebrotherswisp.com/> <https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> ------------------------------------------------------------------------ *From: *"John Alcock" <john@alcock.org> *To: *nanog@nanog.org *Sent: *Friday, August 13, 2021 2:11:16 PM *Subject: *The great Netflix vpn debacle!
Well,
It happened. I have multiple subscribers calling in. They can not access Netflix.
Any contacts on list for Netflix that I can use to get my up blocks whitelisted?
John
+1 on Bryan's message. TL;DR It seems lots of ISPs are struggling to figure out the why and the where of many IP addresses or blocks that are suddenly being blacklisted or flagged as VPNs or as out of service area. I would really love to find, as Bryan said, if there is one particular IP reputation data provider who either got real aggressive recently or some (contaminated?) data was shared around. If there is I have no problem wading through their support processes to get it sorted but as it stands I just don't know who to call. It just has been very difficult to glean any actionable info and of course the normal support teams at the respective streaming providers mostly just are telling customers to call their ISP.... as if every random ISP has some special backdoor contact to every streaming provider where we can just get problems resolved quickly and easily while we all have a good laugh at people being able to watch their preferred movies and shows. At least with email DNSBL filtering you usually get informed which DNSBL you are listed on and you can sort that out directly. In this case, the overall system of IP reputation based filtering seems still comparatively immature. The most I have gotten is after a very long phone call with someone at Hulu, they confirmed there is some issue affecting multiple networks and they are working on the issue and suggested I go through a whitelisting request process which may solve the problems but just for Hulu obviously. I have published and tried to register our own geofeed data as defined in RFC8805 with as many IP geolocation providers as possible. I have checked around to as many IP geolocation and IP reputations sites as I can find and everything is either clean/accurate or there is no query method open to the public for troubleshooting that I can find. This is just yet another example to me of immaturity on dealing with geolocation problems: just spinning my wheels in the dark with mud spraying everywhere. There does not appear to be any consistency on handling issues by the content providers using IP geolocation and reputation to filter. If the content providers want to reject client connections they ought to provide more actionable information in their errors messages for ISPs since they are all just telling the users to call their ISPs. It just feels like a vicious circle. So currently we are left with multiple video streaming providers that all started to flag many customers across many of our IP blocks all beginning earlier this month affecting customers, many of whom have been using the same IP address for years without issue until now. Do we try and decommission multiple IP subnets shuffle users over to new subnets and risk contaminating more subnets if this is an ongoing and regularly updated blacklist data set. This would further exacerbate the problem across yet more subnets that are getting scarcer. As a tangent, I am curious to see how IP geolocation and reputation systems are handling IPv6, I suppose they are just grouping larger and larger networks together into the same listings. Someone who knows something concrete about this current issue, please throw us ISPs a bone. With this email I feel like Leia recording a video plea for help addressed to Obi-Wan Kenobi.... help me Nanog Community... you're my only hope. ________________________________ From: NANOG <nanog-bounces+jkrejci=usinternet.com@nanog.org> on behalf of Bryan Holloway <bryan@shout.net> Sent: Friday, August 27, 2021 4:56 PM To: Mike Hammett; John Alcock Cc: nanog@nanog.org Subject: Re: The great Netflix vpn debacle! Is there some new DB that major CDNs are using? We've been getting several reports of prefixes of ours being blocked, claiming to be VPNs, even though we've been using those subnets without incident for years. HBO, Netflix, and Hulu appear to be common denominators. I have to wonder if they're all siphoning misinformation off of some new DB somewhere ... On 8/14/21 1:45 AM, Mike Hammett wrote:
https://thebrotherswisp.com/index.php/geo-and-vpn/
----- Mike Hammett Intelligent Computing Solutions <http://www.ics-il.com/> <https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL> Midwest Internet Exchange <http://www.midwest-ix.com/> <https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix> The Brothers WISP <http://www.thebrotherswisp.com/> <https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> ------------------------------------------------------------------------ *From: *"John Alcock" <john@alcock.org> *To: *nanog@nanog.org *Sent: *Friday, August 13, 2021 2:11:16 PM *Subject: *The great Netflix vpn debacle!
Well,
It happened. I have multiple subscribers calling in. They can not access Netflix.
Any contacts on list for Netflix that I can use to get my up blocks whitelisted?
John
So I've made some progress, but not on the HBO front. (Hulu and Netflix have been responsive so far.) Tried the e-mail address on Mike Hammett and Co.'s handy web-page, but got no response after several days. Ironically we were able to get through to the "closed-captioning" department, but this isn't particularly useful. Does anyone have another possible contact for HBO folks to get some prefixes unflagged as "VPN"? To be clear, this is not a geolocate issue. At least according to the error our users are getting. Thanks, all! On 8/28/21 1:51 AM, Justin Krejci wrote:
+1 on Bryan's message.
TL;DR
It seems lots of ISPs are struggling to figure out the why and the where of many IP addresses or blocks that are suddenly being blacklisted or flagged as VPNs or as out of service area.
I would really love to find, as Bryan said, if there is one particular IP reputation data provider who either got real aggressive recently or some (contaminated?) data was shared around. If there is I have no problem wading through their support processes to get it sorted but as it stands I just don't know who to call. It just has been very difficult to glean anyactionable info and of course the normal support teams at the respective streaming providers mostly just are telling customers to call their ISP.... as if every random ISP has some special backdoor contact to every streaming provider where we can just get problems resolved quickly and easily while we all have a good laugh at people being able to watch their preferred movies and shows.
At least with email DNSBL filtering you usually get informed which DNSBL you are listed on and you can sort that out directly. In this case, the overall system of IP reputation based filtering seems still comparatively immature. The most I have gotten is after a very long phone call with someone at Hulu, they confirmed there is some issue affecting multiple networks and they are working on the issue and suggested I go through a whitelisting request process which may solve the problems but just for Hulu obviously.
I have published and tried to register our own geofeed data as defined in RFC8805 with as many IP geolocation providers as possible. I have checked around to as many IP geolocation and IP reputations sites as I can find and everything is either clean/accurate or there is no query method open to the public for troubleshooting that I can find. This is just yet another example to me of immaturity on dealing with geolocation problems: just spinning my wheels in the dark with mud spraying everywhere. There does not appear to be any consistency on handling issues by the content providers using IP geolocation and reputation to filter. If the content providers want to reject client connections they ought to provide more actionable information in their errors messages for ISPs since they are all just telling the users to call their ISPs. It just feels like a vicious circle.
So currently we are left with multiple video streaming providers that all started to flag many customers across many of our IP blocks all beginning earlier this month affecting customers, many of whom have been using the same IP address for years without issue until now. Do we try and decommission multiple IP subnets shuffle users over to new subnets and risk contaminating more subnets if this is an ongoing and regularly updated blacklist data set. This would further exacerbate the problem across yet more subnets that are getting scarcer. As a tangent, I am curious to see how IP geolocation and reputation systems are handling IPv6, I suppose they are just grouping larger and larger networks together into the same listings.
Someone who knows something concrete about this current issue, please throw us ISPs a bone.
With this email I feel like Leia recording a video plea for help addressed to Obi-Wan Kenobi.... help me Nanog Community... you're my only hope.
------------------------------------------------------------------------ *From:* NANOG <nanog-bounces+jkrejci=usinternet.com@nanog.org> on behalf of Bryan Holloway <bryan@shout.net> *Sent:* Friday, August 27, 2021 4:56 PM *To:* Mike Hammett; John Alcock *Cc:* nanog@nanog.org *Subject:* Re: The great Netflix vpn debacle! Is there some new DB that major CDNs are using?
We've been getting several reports of prefixes of ours being blocked, claiming to be VPNs, even though we've been using those subnets without incident for years.
HBO, Netflix, and Hulu appear to be common denominators. I have to wonder if they're all siphoning misinformation off of some new DB somewhere ...
On 8/14/21 1:45 AM, Mike Hammett wrote:
https://thebrotherswisp.com/index.php/geo-and-vpn/ <https://thebrotherswisp.com/index.php/geo-and-vpn/>
----- Mike Hammett Intelligent Computing Solutions <http://www.ics-il.com/ <http://www.ics-il.com/>> <*MailScanner has detected a possible fraud attempt from "www.facebook.com" claiming to be* https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL <https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>> Midwest Internet Exchange <http://www.midwest-ix.com/ <http://www.midwest-ix.com/>> <*MailScanner has detected a possible fraud attempt from "www.facebook.com" claiming to be* https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix <https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>> The Brothers WISP <http://www.thebrotherswisp.com/ <http://www.thebrotherswisp.com/>> <https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg <https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>> ------------------------------------------------------------------------ *From: *"John Alcock" <john@alcock.org> *To: *nanog@nanog.org *Sent: *Friday, August 13, 2021 2:11:16 PM *Subject: *The great Netflix vpn debacle!
Well,
It happened. I have multiple subscribers calling in. They can not access Netflix.
Any contacts on list for Netflix that I can use to get my up blocks whitelisted?
John
On Aug 31, 2021, at 11:16 , Bryan Holloway <bryan@shout.net> wrote:
So I've made some progress, but not on the HBO front. (Hulu and Netflix have been responsive so far.)
Tried the e-mail address on Mike Hammett and Co.'s handy web-page, but got no response after several days. Ironically we were able to get through to the "closed-captioning" department, but this isn't particularly useful.
Does anyone have another possible contact for HBO folks to get some prefixes unflagged as "VPN"?
Try insulting them on Facebook. I did that several years ago in regards to wanting to be able to purchase HBO on-line without having to subscribe to it through a cable operator and shortly after, they launched a service to do just that. (No, I’m not convinced that my insulting them on facebook had a causal effect, but it’s at least an amusing thought).
To be clear, this is not a geolocate issue. At least according to the error our users are getting.
Geolocate and VPN or Not are often kind of tied to the same kinds of reporting services and it may well be that whatever provider HBO is using for one is also being used for the other. Owen
Thanks, Owen ... good point. Now hearing reports for these same prefixes with Disney+ too. So the common denominators are: HBO Hulu Netflix Amazon Prime Disney+ ... there has _got_ to be some new-fangled DB somewhere. This all started in the last month or so. All of our RR objects, whois, DNS is solid ... dehr? Fun times. On 8/31/21 9:16 PM, Owen DeLong wrote: [snip]
Geolocate and VPN or Not are often kind of tied to the same kinds of reporting services and it may well be that whatever provider HBO is using for one is also being used for the other.
Owen
I have customer subnet that does not work with Disney+ (pages never fully load), other streaming services are ok. Sent multiple emails to Disney over the last few months using info on the Brothers WISP page. I got a response to the first email saying they would “pass it along for investigation” and silence since then. What else can any of us do? On Tue, Aug 31, 2021 at 4:36 PM Bryan Holloway <bryan@shout.net> wrote:
Thanks, Owen ... good point.
Now hearing reports for these same prefixes with Disney+ too.
So the common denominators are:
HBO Hulu Netflix Amazon Prime Disney+
... there has _got_ to be some new-fangled DB somewhere. This all started in the last month or so.
All of our RR objects, whois, DNS is solid ... dehr?
Fun times.
On 8/31/21 9:16 PM, Owen DeLong wrote:
[snip]
Geolocate and VPN or Not are often kind of tied to the same kinds of
reporting services and it may well be that whatever provider HBO is using for one is also being used for the other.
Owen
-- Jim Troutman, jamesltroutman@gmail.com Pronouns: he/him/his 207-514-5676 (cell)
Force the traffic to these companies to use IPv6. Advise your customers that you are doing this, why you are doing this and what steps they need to take to enable IPv6 on their equipment. Your customers can’t be in a worse position. "Dear customer, if you want to reach … you will need to enable IPv6 support in your home network. The world ran out of enough IPv4 for everyone several years back and we have been sharing IPv4 between customers to allow you to reach IPv4 only sites. The afore mentioned companies are now blocking IPv4 connections from ISPs that have to share IPv4 addresses. To give you a better service we are blocking IPv4 connections to these companies so you will get a more reliable service over IPv6. For instructions on how to enable IPv6 connectivity on you home router see this page …. If your home router does not support IPv6 you will need to upgrade it to one that does."
On 1 Sep 2021, at 06:36, Bryan Holloway <bryan@shout.net> wrote:
Thanks, Owen ... good point.
Now hearing reports for these same prefixes with Disney+ too.
So the common denominators are:
HBO Hulu Netflix Amazon Prime Disney+
... there has _got_ to be some new-fangled DB somewhere. This all started in the last month or so.
All of our RR objects, whois, DNS is solid ... dehr?
Fun times.
On 8/31/21 9:16 PM, Owen DeLong wrote:
[snip]
Geolocate and VPN or Not are often kind of tied to the same kinds of reporting services and it may well be that whatever provider HBO is using for one is also being used for the other. Owen
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
You just broke 99% of the smart television sets in people’s homes, unfortunately. That will resolve itself over time, of course, as sets are replaced, but anyone with a set that is more than ~3 years old is mostly unlikely to have IPv6 support in it and the vendors are ALL universally terrible about updating firmware. As much as I like the idea (and that if a sufficient number of providers were willing to do so, it might just serve as a forcing function to get firmware updates done), I wouldn’t hold my breath and I suspect where there are competitive alternatives, such a notice would be a boon to the competition. Owen
On Aug 31, 2021, at 15:15 , Mark Andrews <marka@isc.org> wrote:
Force the traffic to these companies to use IPv6. Advise your customers that you are doing this, why you are doing this and what steps they need to take to enable IPv6 on their equipment. Your customers can’t be in a worse position.
"Dear customer, if you want to reach … you will need to enable IPv6 support in your home network. The world ran out of enough IPv4 for everyone several years back and we have been sharing IPv4 between customers to allow you to reach IPv4 only sites. The afore mentioned companies are now blocking IPv4 connections from ISPs that have to share IPv4 addresses. To give you a better service we are blocking IPv4 connections to these companies so you will get a more reliable service over IPv6.
For instructions on how to enable IPv6 connectivity on you home router see this page ….
If your home router does not support IPv6 you will need to upgrade it to one that does."
On 1 Sep 2021, at 06:36, Bryan Holloway <bryan@shout.net> wrote:
Thanks, Owen ... good point.
Now hearing reports for these same prefixes with Disney+ too.
So the common denominators are:
HBO Hulu Netflix Amazon Prime Disney+
... there has _got_ to be some new-fangled DB somewhere. This all started in the last month or so.
All of our RR objects, whois, DNS is solid ... dehr?
Fun times.
On 8/31/21 9:16 PM, Owen DeLong wrote:
[snip]
Geolocate and VPN or Not are often kind of tied to the same kinds of reporting services and it may well be that whatever provider HBO is using for one is also being used for the other. Owen
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On 2021-09-01 01:13, Owen DeLong via NANOG wrote:
You just broke 99% of the smart television sets in people’s homes, unfortunately.
If only everybody would not get a separate box, be that a AppleTV, a Playstation, a XBox, Chromecast, ... or many other options. Fun part being that it is hard to get a Dumb TV... though that is primarily simply because of all the tracking non-sense in them that makes them 'cheaper'... (still wonder how well that tracking stuff complies with GDPR, I am thinking it does not ... Schrems anyone? :) )
That will resolve itself over time, of course, as sets are replaced, but anyone with a set that is more than ~3 years old is mostly unlikely to have IPv6 support in it and the vendors are ALL universally terrible about updating firmware.
Quite a bit of Android TV out there too.... and we all know how well that supports DHCPv6... ;) Btw, geofeeds are getting fetched by some entities. I've seen at least Dataprovider.com and DB-IP, others that fetch the CSV don't bother to set UA to something unique, thus one sees curl + axios coming by for instance, which does not tell much; but apparently we have to give up on UAs anyway, even though they are great for things like bots where one can have a wee bit of contact details in the line. For instance DB-IP does regular updates of their code (rXXXX) and fetches quite often: 2a00:18a8:6:40:dcad:beff:feef:100 - - [23/Aug/2021:09:32:09 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6499" 2a00:18a8:6:40:dcad:beff:feef:100 - - [23/Aug/2021:09:02:14 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6499" 2a00:18a8:6:40:dcad:beff:feef:100 - - [24/Aug/2021:09:11:11 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6500" 2a00:18a8:6:40:dcad:beff:feef:100 - - [24/Aug/2021:09:42:15 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6500" 2a00:18a8:6:40:dcad:beff:feef:100 - - [24/Aug/2021:21:59:46 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6501" 2a00:18a8:6:40:dcad:beff:feef:100 - - [25/Aug/2021:01:24:28 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6501" 2a00:18a8:6:40:dcad:beff:feef:100 - - [25/Aug/2021:04:43:01 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6501" 2a00:18a8:6:40:dcad:beff:feef:100 - - [25/Aug/2021:05:11:05 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6501" 2a00:18a8:6:40:dcad:beff:feef:100 - - [26/Aug/2021:05:23:18 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6502" 2a00:18a8:6:40:dcad:beff:feef:100 - - [26/Aug/2021:02:49:59 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6502" 2a00:18a8:6:40:dcad:beff:feef:100 - - [27/Aug/2021:03:22:23 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6504" 2a00:18a8:6:40:dcad:beff:feef:100 - - [27/Aug/2021:03:55:04 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6504" 2a00:18a8:6:40:dcad:beff:feef:100 - - [28/Aug/2021:03:21:26 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6507" 2a00:18a8:6:40:dcad:beff:feef:100 - - [28/Aug/2021:03:51:20 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6507" and looking up the IPs in DB-IP.com indeed nicely shows the locations configured in the geofeed, thus that is succesful. But I am fairly sure that they will mark things as VPN if they get a sniff of that; though "VPN" seems to mean "Virtual Public Network", not the Private of days gone... Greets, Jeroen
On Aug 31, 2021, at 16:32 , Jeroen Massar <jeroen@massar.ch> wrote:
On 2021-09-01 01:13, Owen DeLong via NANOG wrote:
You just broke 99% of the smart television sets in people’s homes, unfortunately.
If only everybody would not get a separate box, be that a AppleTV, a Playstation, a XBox, Chromecast, ... or many other options.
Fun part being that it is hard to get a Dumb TV... though that is primarily simply because of all the tracking non-sense in them that makes them 'cheaper'... (still wonder how well that tracking stuff complies with GDPR, I am thinking it does not ... Schrems anyone? :) )
Interestingly, no, it’s easy to get a “dumb TV” these days… We just call them “monitors”. I have two of them (one on either side) of my iMAC as I write this. (Makes for great X-Plane flying visuals. On the other hand, the last time I went looking for a 27” monitor, I ended up buying a 44” smart television because it was a cheaper HDMI 4K monitor than the 27” alternatives that weren’t televisions. (It also ended up being cheaper than the 27” televisions which didn’t do 4K only 1080p, but I digress).
That will resolve itself over time, of course, as sets are replaced, but anyone with a set that is more than ~3 years old is mostly unlikely to have IPv6 support in it and the vendors are ALL universally terrible about updating firmware.
Quite a bit of Android TV out there too.... and we all know how well that supports DHCPv6... ;)
Does DHCPv6 really matter in a home? Really? I mean, I understand the NAC argument in the corporate LAN environment, but the average household user can’t even spell NAC, let alone implement an 802.1X stack.
Btw, geofeeds are getting fetched by some entities.
I presume geofeeds are getting fetched by many entities, but I’m not sure what the point of that is.
I've seen at least Dataprovider.com and DB-IP, others that fetch the CSV don't bother to set UA to something unique, thus one sees curl + axios coming by for instance, which does not tell much; but apparently we have to give up on UAs anyway, even though they are great for things like bots where one can have a wee bit of contact details in the line.
Yeah, Safari can now be trained to lie about it’s UA in developer mode easily. I presume this is true in Crome, Firefox, and just about anything else as well. It’s behind the drop-down panel to keep the adults out of the VCR, but it’s easily visible to any kid that would know how to program a VCR.
For instance DB-IP does regular updates of their code (rXXXX) and fetches quite often:
2a00:18a8:6:40:dcad:beff:feef:100 - - [23/Aug/2021:09:32:09 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6499" 2a00:18a8:6:40:dcad:beff:feef:100 - - [23/Aug/2021:09:02:14 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6499" 2a00:18a8:6:40:dcad:beff:feef:100 - - [24/Aug/2021:09:11:11 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6500" 2a00:18a8:6:40:dcad:beff:feef:100 - - [24/Aug/2021:09:42:15 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6500" 2a00:18a8:6:40:dcad:beff:feef:100 - - [24/Aug/2021:21:59:46 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6501" 2a00:18a8:6:40:dcad:beff:feef:100 - - [25/Aug/2021:01:24:28 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6501" 2a00:18a8:6:40:dcad:beff:feef:100 - - [25/Aug/2021:04:43:01 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6501" 2a00:18a8:6:40:dcad:beff:feef:100 - - [25/Aug/2021:05:11:05 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6501" 2a00:18a8:6:40:dcad:beff:feef:100 - - [26/Aug/2021:05:23:18 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6502" 2a00:18a8:6:40:dcad:beff:feef:100 - - [26/Aug/2021:02:49:59 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6502" 2a00:18a8:6:40:dcad:beff:feef:100 - - [27/Aug/2021:03:22:23 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6504" 2a00:18a8:6:40:dcad:beff:feef:100 - - [27/Aug/2021:03:55:04 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6504" 2a00:18a8:6:40:dcad:beff:feef:100 - - [28/Aug/2021:03:21:26 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6507" 2a00:18a8:6:40:dcad:beff:feef:100 - - [28/Aug/2021:03:51:20 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6507"
and looking up the IPs in DB-IP.com indeed nicely shows the locations configured in the geofeed, thus that is succesful.
I guess, but what do they do in terms of their “It’s a VPN” or “Not a VPN” service?
But I am fairly sure that they will mark things as VPN if they get a sniff of that; though "VPN" seems to mean "Virtual Public Network", not the Private of days gone...
A little of both these days. I’m still holding out for DOHOTOROUDPOIPOGREOIPSECOIP for name resolution. (I’m really not, just my twisted brand of cynical disgust at the everything->HTTPs trend) Owen
On 8/31/21 4:40 PM, Owen DeLong via NANOG wrote:
On the other hand, the last time I went looking for a 27” monitor, I ended up buying a 44” smart television because it was a cheaper HDMI 4K monitor than the 27” alternatives that weren’t televisions. (It also ended up being cheaper than the 27” televisions which didn’t do 4K only 1080p, but I digress).
Back when 4k just came out and they were really expensive, I found a "TV" by an obscure brand called Seiki which was super cheap. It was a 39" model. It's just a monitor to me, but I have gotten really used to its size and not needing two different monitors (and the gfx card to support it). What's distressing is that I was looking at what would happen if I needed to replace it and there is this gigantic gap where there are 30" monitors (= expensive) and 50" TV's which are relatively cheap. The problem is that 40" is sort of Goldielocks with 4k where 50" is way too big and 30" is too small. Thankfully it's going on 10 years old and still working fine. Mike
On Aug 31, 2021, at 18:01 , Michael Thomas <mike@mtcc.com> wrote:
On 8/31/21 4:40 PM, Owen DeLong via NANOG wrote:
On the other hand, the last time I went looking for a 27” monitor, I ended up buying a 44” smart television because it was a cheaper HDMI 4K monitor than the 27” alternatives that weren’t televisions. (It also ended up being cheaper than the 27” televisions which didn’t do 4K only 1080p, but I digress).
Back when 4k just came out and they were really expensive, I found a "TV" by an obscure brand called Seiki which was super cheap. It was a 39" model. It's just a monitor to me, but I have gotten really used to its size and not needing two different monitors (and the gfx card to support it). What's distressing is that I was looking at what would happen if I needed to replace it and there is this gigantic gap where there are 30" monitors (= expensive) and 50" TV's which are relatively cheap. The problem is that 40" is sort of Goldielocks with 4k where 50" is way too big and 30" is too small. Thankfully it's going on 10 years old and still working fine.
Costco stocks several 44” 4K TV models (like the one I got) that are relatively cheap. It’s a little larger than your 40” goldilocks, but I think still within range. Owen
Every time I've read a thread about using TVs for monitors several people who'd tried would say don't do it. I think the gist was that the image processors in the TVs would fuzz text or something like that. That it was usable but they were unhappy with their attempts, it was tiring on the eyes. Maybe that's changed or maybe people happy with this don't do a lot of text? Or maybe there are settings involved they weren't aware of, or some TVs (other than superficial specs like 4K vs 720p) are better for this than others so some will say they're happy and others not so much? Or maybe the unhappy ones were all trolls/sockpuppets from companies manufacturing/selling $500+ 24" **GAMING** monitors. On September 1, 2021 at 09:48 nanog@nanog.org (Owen DeLong via NANOG) wrote:
On Aug 31, 2021, at 18:01 , Michael Thomas <mike@mtcc.com> wrote:
On 8/31/21 4:40 PM, Owen DeLong via NANOG wrote:
On the other hand, the last time I went looking for a 27” monitor, I ended up buying a 44” smart television because it was a cheaper HDMI 4K monitor than the 27” alternatives that weren’t televisions. (It also ended up being cheaper than the 27” televisions which didn’t do 4K only 1080p, but I digress).
Back when 4k just came out and they were really expensive, I found a "TV" by an obscure brand called Seiki which was super cheap. It was a 39" model. It's just a monitor to me, but I have gotten really used to its size and not needing two different monitors (and the gfx card to support it). What's distressing is that I was looking at what would happen if I needed to replace it and there is this gigantic gap where there are 30" monitors (= expensive) and 50" TV's which are relatively cheap. The problem is that 40" is sort of Goldielocks with 4k where 50" is way too big and 30" is too small. Thankfully it's going on 10 years old and still working fine.
Costco stocks several 44” 4K TV models (like the one I got) that are relatively cheap. It’s a little larger than your 40” goldilocks, but I think still within range.
Owen
-- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
On 9/1/21 11:25 AM, bzs@theworld.com wrote:
Every time I've read a thread about using TVs for monitors several people who'd tried would say don't do it. I think the gist was that the image processors in the TVs would fuzz text or something like that. That it was usable but they were unhappy with their attempts, it was tiring on the eyes.
Maybe that's changed or maybe people happy with this don't do a lot of text? Or maybe there are settings involved they weren't aware of, or some TVs (other than superficial specs like 4K vs 720p) are better for this than others so some will say they're happy and others not so much?
It's been a while but there was a setting for mine that I had to futz with so that didn't happen. You're right that you should definitely check. Mike
Televisions generally have a way smaller pixel density than a computer monitor. It is very noticeable. On Wed, Sep 1, 2021 at 2:27 PM <bzs@theworld.com> wrote:
Every time I've read a thread about using TVs for monitors several people who'd tried would say don't do it. I think the gist was that the image processors in the TVs would fuzz text or something like that. That it was usable but they were unhappy with their attempts, it was tiring on the eyes.
Maybe that's changed or maybe people happy with this don't do a lot of text? Or maybe there are settings involved they weren't aware of, or some TVs (other than superficial specs like 4K vs 720p) are better for this than others so some will say they're happy and others not so much?
Or maybe the unhappy ones were all trolls/sockpuppets from companies manufacturing/selling $500+ 24" **GAMING** monitors.
On September 1, 2021 at 09:48 nanog@nanog.org (Owen DeLong via NANOG) wrote:
On Aug 31, 2021, at 18:01 , Michael Thomas <mike@mtcc.com> wrote:
On 8/31/21 4:40 PM, Owen DeLong via NANOG wrote:
On the other hand, the last time I went looking for a 27” monitor, I
Back when 4k just came out and they were really expensive, I found a
"TV" by an obscure brand called Seiki which was super cheap. It was a 39" model. It's just a monitor to me, but I have gotten really used to its size and not needing two different monitors (and the gfx card to support it). What's distressing is that I was looking at what would happen if I needed to replace it and there is this gigantic gap where there are 30" monitors (= expensive) and 50" TV's which are relatively cheap. The problem is that 40" is sort of Goldielocks with 4k where 50" is way too big and 30" is too small. Thankfully it's going on 10 years old and still working fine.
Costco stocks several 44” 4K TV models (like the one I got) that are relatively cheap. It’s a little larger than your 40” goldilocks, but I
ended up buying a 44” smart television because it was a cheaper HDMI 4K monitor than the 27” alternatives that weren’t televisions. (It also ended up being cheaper than the 27” televisions which didn’t do 4K only 1080p, but I digress). think still within range.
Owen
-- -Barry Shein
Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
On Sep 1, 2021, at 11:25 , bzs@theworld.com wrote:
Every time I've read a thread about using TVs for monitors several people who'd tried would say don't do it. I think the gist was that the image processors in the TVs would fuzz text or something like that. That it was usable but they were unhappy with their attempts, it was tiring on the eyes.
That was definitely true of 480 TVs and older 1080p units, but modern sets are almost designed to be monitors first and everything else second.
Maybe that's changed or maybe people happy with this don't do a lot of text? Or maybe there are settings involved they weren't aware of, or some TVs (other than superficial specs like 4K vs 720p) are better for this than others so some will say they're happy and others not so much?
There are some tradeoffs… For example, sitting normal computer monitor distance from a 44” 4K screen, you can damn near see the individual pixels and that can make text look fuzzy, especially if your GPU or OS are stupid enough to use a technique called anti-aliasing on text (which is the most probable source of the fuzziness in your originally quoted complaint). Older TVs would try to smooth some aspects of the analog signal they were using through anti-aliasing pixels that occurred on the edge of a change in the color signal to “smooth” the image. (The extent of this action was what was controlled by the “Sharpness” knob back in the analog days). Turning off this capability (Sharpness to the left most or lowest setting) would often improve things greatly.
Or maybe the unhappy ones were all trolls/sockpuppets from companies manufacturing/selling $500+ 24" **GAMING** monitors.
Possible, but unlikely. Owen
On September 1, 2021 at 09:48 nanog@nanog.org (Owen DeLong via NANOG) wrote:
On Aug 31, 2021, at 18:01 , Michael Thomas <mike@mtcc.com> wrote:
On 8/31/21 4:40 PM, Owen DeLong via NANOG wrote:
On the other hand, the last time I went looking for a 27” monitor, I ended up buying a 44” smart television because it was a cheaper HDMI 4K monitor than the 27” alternatives that weren’t televisions. (It also ended up being cheaper than the 27” televisions which didn’t do 4K only 1080p, but I digress).
Back when 4k just came out and they were really expensive, I found a "TV" by an obscure brand called Seiki which was super cheap. It was a 39" model. It's just a monitor to me, but I have gotten really used to its size and not needing two different monitors (and the gfx card to support it). What's distressing is that I was looking at what would happen if I needed to replace it and there is this gigantic gap where there are 30" monitors (= expensive) and 50" TV's which are relatively cheap. The problem is that 40" is sort of Goldielocks with 4k where 50" is way too big and 30" is too small. Thankfully it's going on 10 years old and still working fine.
Costco stocks several 44” 4K TV models (like the one I got) that are relatively cheap. It’s a little larger than your 40” goldilocks, but I think still within range.
Owen
-- -Barry Shein
Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
Some TVs may also try to rescale the inputs, or enhance/process the image in ways that can improve perceived video quality. Things like increasing frame rates of sources that are lower frame rates (thus the 120 Hz and 240 Hz TVs that attempt to make 24, 30, and 60 FPS sources look better), or deinterlacing 1080i ATSC sources. Some of this image processing may not work well in specific monitor use cases. I have had generally good results with using a TV as an HTPC monitor. Only issues I've run into over the years are 1.) a 1080p Sony TV with a VGA input that could not handle 1920x1080 (using HDMI worked) and 2.) a 720p Toshiba that could not show the BIOS screen of the attached computer (I think this was either an unsupported resolution issue, or a timing issue where the TV couldn't wake up fast enough from the 'signal lost' message to display a brand new signal input). YMMV. VPNs: there is a race going on between streaming services who want to block VPNs, and VPN services who have customers who want to be able to watch streams (whether in or out of their regions). Some VPN customers buy VPN services because they do not trust their ISP to not do stuff like selling browsing histories. I think ISPs are getting caught in the middle, maybe when they have IP ranges near or in the middle of ranges that are suspected by IP reputation companies as being used by VPN services. I'd guess the problem is more likely to affect smaller ISPs, and not the Comcast/Cox/Charter/Spectrum/CenturyLinks of the world. There are also 'distributed VPN' services that let people share their connections with others. We are also seeing fragmentation in the cable/streaming service space, similar to what happened in the cable/Dish Network/DirecTV wars. Add it all up, some customers may throw up their hands in annoyance at the various platforms and then revert to other means of obtaining the content they seek. On Wed, Sep 1, 2021, 15:13 Owen DeLong via NANOG <nanog@nanog.org> wrote:
On Sep 1, 2021, at 11:25 , bzs@theworld.com wrote:
Every time I've read a thread about using TVs for monitors several people who'd tried would say don't do it. I think the gist was that the image processors in the TVs would fuzz text or something like that. That it was usable but they were unhappy with their attempts, it was tiring on the eyes.
That was definitely true of 480 TVs and older 1080p units, but modern sets are almost designed to be monitors first and everything else second.
Maybe that's changed or maybe people happy with this don't do a lot of text? Or maybe there are settings involved they weren't aware of, or some TVs (other than superficial specs like 4K vs 720p) are better for this than others so some will say they're happy and others not so much?
There are some tradeoffs… For example, sitting normal computer monitor distance from a 44” 4K screen, you can damn near see the individual pixels and that can make text look fuzzy, especially if your GPU or OS are stupid enough to use a technique called anti-aliasing on text (which is the most probable source of the fuzziness in your originally quoted complaint).
Older TVs would try to smooth some aspects of the analog signal they were using through anti-aliasing pixels that occurred on the edge of a change in the color signal to “smooth” the image. (The extent of this action was what was controlled by the “Sharpness” knob back in the analog days).
Turning off this capability (Sharpness to the left most or lowest setting) would often improve things greatly.
Or maybe the unhappy ones were all trolls/sockpuppets from companies manufacturing/selling $500+ 24" **GAMING** monitors.
Possible, but unlikely.
Owen
On September 1, 2021 at 09:48 nanog@nanog.org (Owen DeLong via NANOG)
On Aug 31, 2021, at 18:01 , Michael Thomas <mike@mtcc.com> wrote:
On 8/31/21 4:40 PM, Owen DeLong via NANOG wrote:
On the other hand, the last time I went looking for a 27” monitor, I
ended up buying a 44” smart television because it was a cheaper HDMI 4K monitor than the 27” alternatives that weren’t televisions. (It also ended up being cheaper than the 27” televisions which didn’t do 4K only 1080p, but I digress).
Back when 4k just came out and they were really expensive, I found a
"TV" by an obscure brand called Seiki which was super cheap. It was a 39" model. It's just a monitor to me, but I have gotten really used to its size and not needing two different monitors (and the gfx card to support it). What's distressing is that I was looking at what would happen if I needed to replace it and there is this gigantic gap where there are 30" monitors (= expensive) and 50" TV's which are relatively cheap. The problem is that 40" is sort of Goldielocks with 4k where 50" is way too big and 30" is too small. Thankfully it's going on 10 years old and still working fine.
Costco stocks several 44” 4K TV models (like the one I got) that are relatively cheap. It’s a little larger than your 40” goldilocks, but I
wrote: think still within range.
Owen
-- -Barry Shein
Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
On Wed, Sep 1, 2021 at 2:28 PM <bzs@theworld.com> wrote:
Every time I've read a thread about using TVs for monitors several people who'd tried would say don't do it.
And everytime I see an email thread about the difference or not between monitors and TVs I'm taken over by an all consuming rage... I have a **monitor**.... I purchased it from Dell, and it clearly said "monitor" on the box, it identifies itself somewhere display settings as a "monitor", and even says "monitor" in small letters somewhere on the back.... It's a MONITOR dagnabit... but, for some unfathomable reason it has some tiny little speakers in it, and every time I connect it via HDMI to my Mac laptop, the machine decides to completely ignore the fact that I've told it that I want to use a specific sound output, and starts playing all audio though the monitors speakers. Oh, and because this is HDMI, and Apple apparently follows the HDMI spec, the Mac volume controls won't work ("This device has no audio level control" or something...) and I have to go scrummaging around in some horrendous on-screen monitor menu to make it less obnoxiously loud... All attempts to get this less stupid result in Apple pointing at the HDMI spec and saying that if a device advertises audio capabilites they list it as an output device, and Dell pointing out that they simply advirtise the fact that the device has a speaker, and, well, shrug, not thier issue if things try and use it. There used to be a good webpage that had some instructions along the lines of: Step 1: Open /System/Library/Extensions/AMDRadeonX6000HWServices.kext/Contents/PlugIns/AMDRadeonX6300HWLibs.kext in a hex editor Step 2: Change the byte at offset 931 to 0xED, offset 12323 to 0xFD, offset 94 to 0x00 and offset 42 to 0x03. Step 3: ??? Step 4: The HDMI capabilities parser no longer understands the audio capability message, and so the Mac will never try to use HDMI audio ever again.... well, until you upgrade... oh, this is perfectly safe, trust us, nothing could possibly go wrong here... Unfortunately this was only for a specific version of a specific kext on a specific model of Macbook, but it did work... All I want is to be able to reliably inform my computer that the thingie on my desk is "just" a monitor and not a TV/HiFi system/similar... is that too much to ask!?!!?!!?!??!! <sob> (Actually, this used to annoy me enough that I purchased one of bunnie Huang's NeTV (https://www.bunniestudios.com/blog/?cat=17) devices, which allows taking in HDMI, munging it and sending it out (e.g to do text overlays). My plan was to repurpose it as a straight data passthrough, but overriding the HDMI profile info, but as with most of these sorts of projects I got sidetracked into playing with the build environment instead, and now the hardware is buried under a pile of other abandoned projects somewhere on my workbench) Thank you all, I feel much better now... W
I think the gist was that the image processors in the TVs would fuzz text or something like that. That it was usable but they were unhappy with their attempts, it was tiring on the eyes.
Maybe that's changed or maybe people happy with this don't do a lot of text? Or maybe there are settings involved they weren't aware of, or some TVs (other than superficial specs like 4K vs 720p) are better for this than others so some will say they're happy and others not so much?
Or maybe the unhappy ones were all trolls/sockpuppets from companies manufacturing/selling $500+ 24" **GAMING** monitors.
On September 1, 2021 at 09:48 nanog@nanog.org (Owen DeLong via NANOG) wrote:
On Aug 31, 2021, at 18:01 , Michael Thomas <mike@mtcc.com> wrote:
On 8/31/21 4:40 PM, Owen DeLong via NANOG wrote:
On the other hand, the last time I went looking for a 27” monitor, I
Back when 4k just came out and they were really expensive, I found a
"TV" by an obscure brand called Seiki which was super cheap. It was a 39" model. It's just a monitor to me, but I have gotten really used to its size and not needing two different monitors (and the gfx card to support it). What's distressing is that I was looking at what would happen if I needed to replace it and there is this gigantic gap where there are 30" monitors (= expensive) and 50" TV's which are relatively cheap. The problem is that 40" is sort of Goldielocks with 4k where 50" is way too big and 30" is too small. Thankfully it's going on 10 years old and still working fine.
Costco stocks several 44” 4K TV models (like the one I got) that are relatively cheap. It’s a little larger than your 40” goldilocks, but I
ended up buying a 44” smart television because it was a cheaper HDMI 4K monitor than the 27” alternatives that weren’t televisions. (It also ended up being cheaper than the 27” televisions which didn’t do 4K only 1080p, but I digress). think still within range.
Owen
-- -Barry Shein
Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
-- The computing scientist’s main challenge is not to get confused by the complexities of his own making. -- E. W. Dijkstra
On Sep 1, 2021, at 15:17 , Warren Kumari <warren@kumari.net> wrote:
On Wed, Sep 1, 2021 at 2:28 PM <bzs@theworld.com <mailto:bzs@theworld.com>> wrote:
Every time I've read a thread about using TVs for monitors several people who'd tried would say don't do it.
And everytime I see an email thread about the difference or not between monitors and TVs I'm taken over by an all consuming rage... I have a **monitor**.... I purchased it from Dell, and it clearly said "monitor" on the box, it identifies itself somewhere display settings as a "monitor", and even says "monitor" in small letters somewhere on the back.... It's a MONITOR dagnabit... but, for some unfathomable reason it has some tiny little speakers in it, and every time I connect it via HDMI to my Mac laptop, the machine decides to completely ignore the fact that I've told it that I want to use a specific sound output, and starts playing all audio though the monitors speakers. Oh, and because this is HDMI, and Apple apparently follows the HDMI spec, the Mac volume controls won't work ("This device has no audio level control" or something...) and I have to go scrummaging around in some horrendous on-screen monitor menu to make it less obnoxiously loud...
Yes, it’s not clear why Apple doesn’t implement more of the HDMI spec and send it CEC commands to control the volume when it’s connected to an HDMI device with sound output. Interestingly, my Apple TV does implement that part of the spec and my Amp that it is connected to dutifully obeys and everything works as expected… Display on the monitor (TV if you prefer), sound from the 7.1 speakers through the amp as expected, and control of the playback through the Apple TV all from the single elegant Apple TV Remote. So clearly, Apple has mastered the skills necessary to make this possible. Why they don’t bring them to MacOS yet remains a mystery to me.
All attempts to get this less stupid result in Apple pointing at the HDMI spec and saying that if a device advertises audio capabilites they list it as an output device, and Dell pointing out that they simply advirtise the fact that the device has a speaker, and, well, shrug, not thier issue if things try and use it.
Listing it as an output device doesn’t require them to auto switch to that output device upon connection… You might want to point out to Apple that an ability to override this less than desirable behavior would be sufficient to cure your issue without violating the HDMI spec. It pains me to say this, but Dell is right. The HDMI spec doesn’t allow for them to have a (useful) implementation of a speaker (or speakers) in an HDMI monitor that can some how say “I have a speaker, but don’t use it unless the user specifically tells you to.”. OTOH, Dell could (and I’ve seen monitors and even televisions that do) add a user control to “Disable HDMI audio negotiations” or something to that effect.
There used to be a good webpage that had some instructions along the lines of: Step 1: Open /System/Library/Extensions/AMDRadeonX6000HWServices.kext/Contents/PlugIns/AMDRadeonX6300HWLibs.kext in a hex editor Step 2: Change the byte at offset 931 to 0xED, offset 12323 to 0xFD, offset 94 to 0x00 and offset 42 to 0x03. Step 3: ??? Step 4: The HDMI capabilities parser no longer understands the audio capability message, and so the Mac will never try to use HDMI audio ever again.... well, until you upgrade... oh, this is perfectly safe, trust us, nothing could possibly go wrong here...
Unfortunately this was only for a specific version of a specific kext on a specific model of Macbook, but it did work...
I suppose, if you’re willing to never have the ability to use HDMI Audio Output from your laptop (which wouldn’t work well for me). I will say that it’s annoying to have to do it each time you connect to the monitor, but it is relatively trivial to change the audio output back after the monitor and laptop finish their whole HDMI negotiation and the various auto switches have finished screwing up your system settings. System Preferences->Audio->Output — Select the output you want instead of the HDMI monitor.
All I want is to be able to reliably inform my computer that the thingie on my desk is "just" a monitor and not a TV/HiFi system/similar... is that too much to ask!?!!?!!?!??!! <sob>
I’m reminded of a certain advertising slogan… “Dude! You got [stuck with] a Dell.”
(Actually, this used to annoy me enough that I purchased one of bunnie Huang's NeTV (https://www.bunniestudios.com/blog/?cat=17 <https://www.bunniestudios.com/blog/?cat=17>) devices, which allows taking in HDMI, munging it and sending it out (e.g to do text overlays). My plan was to repurpose it as a straight data passthrough, but overriding the HDMI profile info, but as with most of these sorts of projects I got sidetracked into playing with the build environment instead, and now the hardware is buried under a pile of other abandoned projects somewhere on my workbench)
I can’t relate to this one bit… Nope, not at all…
Thank you all, I feel much better now...
Glad we could collectively help. Owen
On 9/1/21 3:17 PM, Warren Kumari wrote:
On Wed, Sep 1, 2021 at 2:28 PM <bzs@theworld.com <mailto:bzs@theworld.com>> wrote:
Every time I've read a thread about using TVs for monitors several people who'd tried would say don't do it.
And everytime I see an email thread about the difference or not between monitors and TVs I'm taken over by an all consuming rage... I have a **monitor**.... I purchased it from Dell, and it clearly said "monitor" on the box, it identifies itself somewhere display settings as a "monitor", and even says "monitor" in small letters somewhere on the back.... It's a MONITOR dagnabit... but, for some unfathomable reason it has some tiny little speakers in it, and every time I connect it via HDMI to my Mac laptop, the machine decides to completely ignore the fact that I've told it that I want to use a specific sound output, and starts playing all audio though the monitors speakers. Oh, and because this is HDMI, and Apple apparently follows the HDMI spec, the Mac volume controls won't work ("This device has no audio level control" or something...) and I have to go scrummaging around in some horrendous on-screen monitor menu to make it less obnoxiously loud...
Huh. I have a Mac and my monitor was definitely marketed as a TV and all I do is just turn the volume down on the TV remote and don't have issues with the Mac not honoring where its audio output is. So there is obviously something different between our two setups. It does like you say not have the ability to control volume which I don't understand because my chromecast can do that and its only cable is HDMI so obviously the Mac can too.
All attempts to get this less stupid result in Apple pointing at the HDMI spec and saying that if a device advertises audio capabilites they list it as an output device, and Dell pointing out that they simply advirtise the fact that the device has a speaker, and, well, shrug, not thier issue if things try and use it.
I can understand why they have speakers and all of that even if it's just a monitor because it's probably cheaper to just have one model to manufacture and just rebrand it. There was some device -- gad I want to think it was an old DEC terminal server -- that just filled in the serial ports with glue or something so that you couldn't use them. That was pretty shameless. Mike
At the risk of going off-topic, there must be an over-representation of network engineers as their customer: because I bought the same TV to also use as a 4k monitor. And the power supply on it just died. Samsung makes a 39” 4k and I haven’t been able to find it. How’s this relevant? We’ve been using them as 4k desktop monitors visualizing fiber routing for years now. —L.B. Ms. Lady Benjamin PD Cannon of Glencoe, ASCE 6x7 Networks & 6x7 Telecom, LLC CEO lb@6by7.net <mailto:lb@6by7.net> "The only fully end-to-end encrypted global telecommunications company in the world.” FCC License KJ6FJJ
On Aug 31, 2021, at 6:01 PM, Michael Thomas <mike@mtcc.com> wrote:
On 8/31/21 4:40 PM, Owen DeLong via NANOG wrote:
On the other hand, the last time I went looking for a 27” monitor, I ended up buying a 44” smart television because it was a cheaper HDMI 4K monitor than the 27” alternatives that weren’t televisions. (It also ended up being cheaper than the 27” televisions which didn’t do 4K only 1080p, but I digress).
Back when 4k just came out and they were really expensive, I found a "TV" by an obscure brand called Seiki which was super cheap. It was a 39" model. It's just a monitor to me, but I have gotten really used to its size and not needing two different monitors (and the gfx card to support it). What's distressing is that I was looking at what would happen if I needed to replace it and there is this gigantic gap where there are 30" monitors (= expensive) and 50" TV's which are relatively cheap. The problem is that 40" is sort of Goldielocks with 4k where 50" is way too big and 30" is too small. Thankfully it's going on 10 years old and still working fine.
Mike
On 9/1/21 7:58 PM, Lady Benjamin Cannon of Glencoe, ASCE wrote:
At the risk of going off-topic, there must be an over-representation of network engineers as their customer: because I bought the same TV to also use as a 4k monitor.
And the power supply on it just died. Samsung makes a 39” 4k and I haven’t been able to find it.
How’s this relevant? We’ve been using them as 4k desktop monitors visualizing fiber routing for years now.
Haha I'm not a network engineer, much more of a software engineer with lots of networking. the ability to get three browser windows up side by side is really nice for writing and testing code. There's probably more of a market out there then they realize. If you build it, we will come... Mike
—L.B.
Ms. Lady Benjamin PD Cannon of Glencoe, ASCE 6x7 Networks & 6x7 Telecom, LLC CEO lb@6by7.net <mailto:lb@6by7.net> "The only fully end-to-end encrypted global telecommunications company in the world.” FCC License KJ6FJJ
On Aug 31, 2021, at 6:01 PM, Michael Thomas <mike@mtcc.com <mailto:mike@mtcc.com>> wrote:
On 8/31/21 4:40 PM, Owen DeLong via NANOG wrote:
On the other hand, the last time I went looking for a 27” monitor, I ended up buying a 44” smart television because it was a cheaper HDMI 4K monitor than the 27” alternatives that weren’t televisions. (It also ended up being cheaper than the 27” televisions which didn’t do 4K only 1080p, but I digress).
Back when 4k just came out and they were really expensive, I found a "TV" by an obscure brand called Seiki which was super cheap. It was a 39" model. It's just a monitor to me, but I have gotten really used to its size and not needing two different monitors (and the gfx card to support it). What's distressing is that I was looking at what would happen if I needed to replace it and there is this gigantic gap where there are 30" monitors (= expensive) and 50" TV's which are relatively cheap. The problem is that 40" is sort of Goldielocks with 4k where 50" is way too big and 30" is too small. Thankfully it's going on 10 years old and still working fine.
Mike
On 9/2/21 17:46, Michael Thomas wrote:
Haha I'm not a network engineer, much more of a software engineer with lots of networking. the ability to get three browser windows up side by side is really nice for writing and testing code. There's probably more of a market out there then they realize. If you build it, we will come...
Everyone that I know who spends most of their time writing code can't get enough screens :-). Mark.
On 9/3/21 6:54 AM, Mark Tinka wrote:
Everyone that I know who spends most of their time writing code can't get enough screens :-).
Size matters, too. For example, I have a 54" screen. My record is twelve open (tiled) code windows. Usually, I have three or four code windows and a LibreWriter window with the specifiations and requirements.
On 9/3/21 17:07, Stephen Satchell wrote:
Size matters, too. For example, I have a 54" screen. My record is twelve open (tiled) code windows. Usually, I have three or four code windows and a LibreWriter window with the specifiations and requirements.
Okay - "screen real estate" :-). Mark.
I've been mulling over the use of an interactive whiteboard - not just for the "screen real estate", as you so correctly put it, but also to save my doodles. It beats hogging whiteboards. Has anyone tried this? On Fri, Sep 3, 2021 at 5:19 PM Mark Tinka <mark@tinka.africa> wrote:
On 9/3/21 17:07, Stephen Satchell wrote:
Size matters, too. For example, I have a 54" screen. My record is twelve open (tiled) code windows. Usually, I have three or four code windows and a LibreWriter window with the specifiations and requirements.
Okay - "screen real estate" :-).
Mark.
-- Ing. Etienne-Victor Depasquale Assistant Lecturer Department of Communications & Computer Engineering Faculty of Information & Communication Technology University of Malta Web. https://www.um.edu.mt/profile/etiennedepasquale
On 9/3/21 17:29, Etienne-Victor Depasquale wrote:
I've been mulling over the use of an interactive whiteboard - not just for the "screen real estate", as you so correctly put it, but also to save my doodles. It beats hogging whiteboards. Has anyone tried this?
You mean like this one he is using in the video? https://www.youtube.com/watch?v=IwxapMyPZe0 Mark.
I got a bit carried away watching that :) Yes, it looks like that's what I'm referring to. With me, my muse often sings well when I'm doodling. The problem is that I sometimes want to return to the doodle, which becomes problematic when you're sharing a classical whiteboard. Cheers, Etienne On Fri, Sep 3, 2021 at 5:35 PM Mark Tinka <mark@tinka.africa> wrote:
On 9/3/21 17:29, Etienne-Victor Depasquale wrote:
I've been mulling over the use of an interactive whiteboard - not just for the "screen real estate", as you so correctly put it, but also to save my doodles. It beats hogging whiteboards. Has anyone tried this?
You mean like this one he is using in the video?
https://www.youtube.com/watch?v=IwxapMyPZe0
Mark.
-- Ing. Etienne-Victor Depasquale Assistant Lecturer Department of Communications & Computer Engineering Faculty of Information & Communication Technology University of Malta Web. https://www.um.edu.mt/profile/etiennedepasquale
On 8/31/21 16:32, Jeroen Massar via NANOG wrote:
Fun part being that it is hard to get a Dumb TV... though that is primarily simply because of all the tracking non-sense in them that makes them 'cheaper'... (still wonder how well that tracking stuff complies with GDPR, I am thinking it does not ... Schrems anyone? :) )
Just get a "smart" TV, don't connect it to the Internet, and use its HDMI ports for your cable box, Apple TV, etc. and/or antenna input for local off-air reception. -- Jay Hennigan - jay@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV
On 8/31/21 5:13 PM, Jay Hennigan wrote:
On 8/31/21 16:32, Jeroen Massar via NANOG wrote:
Fun part being that it is hard to get a Dumb TV... though that is primarily simply because of all the tracking non-sense in them that makes them 'cheaper'... (still wonder how well that tracking stuff complies with GDPR, I am thinking it does not ... Schrems anyone? :) )
Just get a "smart" TV, don't connect it to the Internet, and use its HDMI ports for your cable box, Apple TV, etc. and/or antenna input for local off-air reception.
Yeah, until TV manufacturers actually start incorporating, oh say, Google tv (which is just a form of Android) they are always going to be inferior. Having the TV just be a monitor is a feature, not a bug. It's a lot cheaper to upgrade a $50 hdmi based dongle than the whole TV, doubly so since manufacturers have a bad reputation for not supporting upgrades beyond the sell date. I have no idea whether any of the external ones support v6 though. One thing that might be nice is for routers to internally number using v6 in preference to v4 and NAT that (if needed). Then you can easily tell what is still a laggard. My wifi cams might be poorly supported, but they don't need to interoperate with much on the Internet. Mike, Google TV has been pretty nice since the Amazon feud finally ended though I hate that the protocol is still pretty proprietary
On Aug 31, 2021, at 17:51 , Michael Thomas <mike@mtcc.com> wrote:
On 8/31/21 5:13 PM, Jay Hennigan wrote:
On 8/31/21 16:32, Jeroen Massar via NANOG wrote:
Fun part being that it is hard to get a Dumb TV... though that is primarily simply because of all the tracking non-sense in them that makes them 'cheaper'... (still wonder how well that tracking stuff complies with GDPR, I am thinking it does not ... Schrems anyone? :) )
Just get a "smart" TV, don't connect it to the Internet, and use its HDMI ports for your cable box, Apple TV, etc. and/or antenna input for local off-air reception.
Yeah, until TV manufacturers actually start incorporating, oh say, Google tv (which is just a form of Android) they are always going to be inferior. Having the TV just be a monitor is a feature, not a bug. It's a lot cheaper to upgrade a $50 hdmi based dongle than the whole TV, doubly so since manufacturers have a bad reputation for not supporting upgrades beyond the sell date. I have no idea whether any of the external ones support v6 though.
Apple TV supports IPv6, but does not allow the user to set a static IPv6 address and it uses rotating privacy addresses, so the security implications are “interesting”. OTOH, it does appear to support DHCPv6 and if you set M+O, it looks like you can collect the DUID and give it a fixed DHCP address. Android and by extension Google’s HDMI dongles/devices have some IPv6 support, but of course don’t work with DHCPv6 because of Lorenzo’s religious problems.
One thing that might be nice is for routers to internally number using v6 in preference to v4 and NAT that (if needed). Then you can easily tell what is still a laggard. My wifi cams might be poorly supported, but they don't need to interoperate with much on the Internet.
I actually have had an idea for a long time of producing a router-on-a-stick kind of device which would be a small linux SBC with two ethernet ports and some LEDs. The OS would go on a micro-SD card and it would literally be a single-device NAT64 setup so that the IPv4-only device on the downstream side could work with the IPv6-only LAN (which might further have a NAT64 gateway to deal with the IPv4-only legacy portions of the world outside. Ideally, the upstream ethernet port would be PoE to power the device (and the device would be sold with a small, cheap PoE injector in case needed).
Mike, Google TV has been pretty nice since the Amazon feud finally ended though I hate that the protocol is still pretty proprietary
To the best of my knowledge, the FireTV and its ilk still can’t spell IPv6. Owen
All this chatter about IPv6 support on devices is fun and all, but there are providers still not on board. They operate in my neighborhood and they know who they are... Nimrod
On 9/1/21 10:59 AM, Nimrod Levy wrote:
All this chatter about IPv6 support on devices is fun and all, but there are providers still not on board. They operate in my neighborhood and they know who they are...
This is about inside your premise before any NAT's enter the picture. What would be nice is if home routers offered up v6 as the default way to number and v6 tunnels past ISP's that don't have v6. Home routers could make that all rather seamless where users wouldn't need to know that was happening. It's really a pity that home routers are a race to the bottom where everything else with networking is expected to evolve over time. Mike
IPv6 tunnels work great for network geeks, but rather poorly for home users with streaming, gaming etc...It's not necessarily the performance, it's either the geolocation, latency, or the very issue that started this thread - VPN banning. Remember, the streaming services couldn't care less about geolocation or VPN banning, it's the contractual obligations with the content providers. The content providers care about vpn banning because it gets around geolocation, which interferes with their business models (different release schedules to different regions, etc..) Been there, done that...Stuck on Fios with no IPv6. Ran into rather "interesting" problems with various streaming services with IPv6 configured. Matthew Huff | Director of Technical Operations | OTA Management LLC Office: 914-460-4039 mhuff@ox.com | www.ox.com ........................................................................................................................................... -----Original Message----- From: NANOG <nanog-bounces+mhuff=ox.com@nanog.org> On Behalf Of Michael Thomas Sent: Wednesday, September 1, 2021 2:26 PM To: Nimrod Levy <nimrodl@gmail.com>; Owen DeLong <owen@delong.com> Cc: nanog@nanog.org Subject: Re: The great Netflix vpn debacle! (geofeeds) On 9/1/21 10:59 AM, Nimrod Levy wrote:
All this chatter about IPv6 support on devices is fun and all, but there are providers still not on board. They operate in my neighborhood and they know who they are...
This is about inside your premise before any NAT's enter the picture. What would be nice is if home routers offered up v6 as the default way to number and v6 tunnels past ISP's that don't have v6. Home routers could make that all rather seamless where users wouldn't need to know that was happening. It's really a pity that home routers are a race to the bottom where everything else with networking is expected to evolve over time. Mike
On 9/1/21 11:49 AM, Matthew Huff wrote:
IPv6 tunnels work great for network geeks, but rather poorly for home users with streaming, gaming etc...It's not necessarily the performance, it's either the geolocation, latency, or the very issue that started this thread - VPN banning.
Remember, the streaming services couldn't care less about geolocation or VPN banning, it's the contractual obligations with the content providers. The content providers care about vpn banning because it gets around geolocation, which interferes with their business models (different release schedules to different regions, etc..)
Been there, done that...Stuck on Fios with no IPv6. Ran into rather "interesting" problems with various streaming services with IPv6 configured.
Well, my point is that a properly pre-configured home router could probably make this plug and play. Openwrt can probably do what I'm thinking. Streaming should not be a problem but gaming/latency definitely is. I frankly don't understand why these home router vendors don't just adopt Openwrt and the like instead of maintaining their own code. They are extremely cost sensitive so you'd think that it would be a big win (yes, I know some do but, say, Linksys doesn't and their software is complete shit and I know this first hand). Why can't I have router distos just like Linux distos where somebody with clue does the work to customize distos with various features. My ISP could then just point at the ones they like too. It's really sad that home routers are completely treated like black boxes where people and their devices have no problem customizing them to their taste. My suspicion is this all a self-fulfilling prophecy. Mike
On Wed, Sep 1, 2021 at 2:26 PM Michael Thomas <mike@mtcc.com> wrote:
On 9/1/21 10:59 AM, Nimrod Levy wrote:
All this chatter about IPv6 support on devices is fun and all, but there are providers still not on board. They operate in my neighborhood and they know who they are...
This is about inside your premise before any NAT's enter the picture. What would be nice is if home routers offered up v6 as the default way to number and v6 tunnels past ISP's that don't have v6. Home routers could make that all rather seamless where users wouldn't need to know that was happening. It's really a pity that home routers are a race to the bottom where everything else with networking is expected to evolve over time.
I can't disagree about the quality of CPE, but I don't think that adding tunnels by default is appropriate. We tried that with 6to4 and while that worked, it didn't work well. Where would the far end of the tunnel terminate? Who wants to build and manage that infrastructure? I'd rather have the ISPs focus on deploying native IPv6 connectivity or at the very worst, on-net 6rd. But I can tell you from experience that 6rd will only take you so far before you figure out that you really needed native in the first place. Even more so, tunnels don't solve the problem that started this thread in the first place. Netfilx (and probably others) consider IPv6 tunnel brokers to be VPN providers and deny those connections. I stopped using a tunnel at home for that very reason. I think it's 100% appropriate for a CPE to not offer IPv6 on the inside interfaces if it doesn't have a v6 upstream connection. What would the point be?
Mike
Where possible vote with your dollars by selecting providers that do. Where there are multiple providers and none support v6, make it clear to all that the first one to support v6 will get your business and that subsequently, the best v6 support will win. Where there are not multiple providers, lobby your regulators to eliminate vertical integration (stop allowing those that own the natural monopoly in layer 1 to leverage that into a monopoly over higher layer services). Owen
On Sep 1, 2021, at 10:59 , Nimrod Levy <nimrodl@gmail.com> wrote:
All this chatter about IPv6 support on devices is fun and all, but there are providers still not on board. They operate in my neighborhood and they know who they are...
Nimrod
Also don't get a smart litterbox... ;-) Yeah that's a thing and connects to the local Wi-Fi. Kinda want to DMZ that mutha and wait for a script kiddie to turn one of my cats upside down... dubs litter-robot.com -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.
On Aug 31, 2021, at 19:16, Jay Hennigan <jay@west.net> wrote:
On 8/31/21 16:32, Jeroen Massar via NANOG wrote:
Fun part being that it is hard to get a Dumb TV... though that is primarily simply because of all the tracking non-sense in them that makes them 'cheaper'... (still wonder how well that tracking stuff complies with GDPR, I am thinking it does not ... Schrems anyone? :) )
Just get a "smart" TV, don't connect it to the Internet, and use its HDMI ports for your cable box, Apple TV, etc. and/or antenna input for local off-air reception.
-- Jay Hennigan - jay@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV
On 8/31/21 20:18, J. Hellenthal wrote:
Also don't get a smart litterbox... ;-)
Yeah that's a thing and connects to the local Wi-Fi. Kinda want to DMZ that mutha and wait for a script kiddie to turn one of my cats upside down...
dubs litter-robot.com
I have one, the cat loves it and it's very easy to clean. No need to enable the wi-fi. Front panel indicators are more than sufficient. "Wi-fi enabled" on things that don't need wi-fi is a marketing gimmick that's way over-used. Rule 37.024 subsection 7: Cats are always on-topic. -- Jay Hennigan - jay@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV
100% the Litter Robot is amazing. ( Except for my older cat, she's pushing 19, had to build a ramp for her. ) But I also agree there are limits to what needs IoTing. I don't live in a house large enough that I can't go see if the box needs cleaning within about 20s. I also sure as hell don't need a notification on my phone that one of them just made a deposit. On Wed, Sep 1, 2021 at 12:05 AM Jay Hennigan <jay@west.net> wrote:
Also don't get a smart litterbox... ;-)
Yeah that's a thing and connects to the local Wi-Fi. Kinda want to DMZ
On 8/31/21 20:18, J. Hellenthal wrote: that mutha and wait for a script kiddie to turn one of my cats upside down...
dubs litter-robot.com
I have one, the cat loves it and it's very easy to clean. No need to enable the wi-fi. Front panel indicators are more than sufficient. "Wi-fi enabled" on things that don't need wi-fi is a marketing gimmick that's way over-used.
Rule 37.024 subsection 7: Cats are always on-topic.
-- Jay Hennigan - jay@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV
If Netflix, et al. are not accepting connections from CGNs they are ALREADY obsolete. Yes, I know it sucks to have to tell your customers that they just bought obsolete equipment. Plug in Chromecast, Apple TV, and they can get back that functionality with a product that does actually get upgraded. Mark
On 1 Sep 2021, at 09:13, Owen DeLong <owen@delong.com> wrote:
You just broke 99% of the smart television sets in people’s homes, unfortunately.
That will resolve itself over time, of course, as sets are replaced, but anyone with a set that is more than ~3 years old is mostly unlikely to have IPv6 support in it and the vendors are ALL universally terrible about updating firmware.
As much as I like the idea (and that if a sufficient number of providers were willing to do so, it might just serve as a forcing function to get firmware updates done), I wouldn’t hold my breath and I suspect where there are competitive alternatives, such a notice would be a boon to the competition.
Owen
On Aug 31, 2021, at 15:15 , Mark Andrews <marka@isc.org> wrote:
Force the traffic to these companies to use IPv6. Advise your customers that you are doing this, why you are doing this and what steps they need to take to enable IPv6 on their equipment. Your customers can’t be in a worse position.
"Dear customer, if you want to reach … you will need to enable IPv6 support in your home network. The world ran out of enough IPv4 for everyone several years back and we have been sharing IPv4 between customers to allow you to reach IPv4 only sites. The afore mentioned companies are now blocking IPv4 connections from ISPs that have to share IPv4 addresses. To give you a better service we are blocking IPv4 connections to these companies so you will get a more reliable service over IPv6.
For instructions on how to enable IPv6 connectivity on you home router see this page ….
If your home router does not support IPv6 you will need to upgrade it to one that does."
On 1 Sep 2021, at 06:36, Bryan Holloway <bryan@shout.net> wrote:
Thanks, Owen ... good point.
Now hearing reports for these same prefixes with Disney+ too.
So the common denominators are:
HBO Hulu Netflix Amazon Prime Disney+
... there has _got_ to be some new-fangled DB somewhere. This all started in the last month or so.
All of our RR objects, whois, DNS is solid ... dehr?
Fun times.
On 8/31/21 9:16 PM, Owen DeLong wrote:
[snip]
Geolocate and VPN or Not are often kind of tied to the same kinds of reporting services and it may well be that whatever provider HBO is using for one is also being used for the other. Owen
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
"on you home router" Is that still common anymore? ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Mark Andrews" <marka@isc.org> To: "Bryan Holloway" <bryan@shout.net> Cc: nanog@nanog.org Sent: Tuesday, August 31, 2021 5:15:18 PM Subject: Re: The great Netflix vpn debacle! Force the traffic to these companies to use IPv6. Advise your customers that you are doing this, why you are doing this and what steps they need to take to enable IPv6 on their equipment. Your customers can’t be in a worse position. "Dear customer, if you want to reach … you will need to enable IPv6 support in your home network. The world ran out of enough IPv4 for everyone several years back and we have been sharing IPv4 between customers to allow you to reach IPv4 only sites. The afore mentioned companies are now blocking IPv4 connections from ISPs that have to share IPv4 addresses. To give you a better service we are blocking IPv4 connections to these companies so you will get a more reliable service over IPv6. For instructions on how to enable IPv6 connectivity on you home router see this page …. If your home router does not support IPv6 you will need to upgrade it to one that does."
On 1 Sep 2021, at 06:36, Bryan Holloway <bryan@shout.net> wrote:
Thanks, Owen ... good point.
Now hearing reports for these same prefixes with Disney+ too.
So the common denominators are:
HBO Hulu Netflix Amazon Prime Disney+
... there has _got_ to be some new-fangled DB somewhere. This all started in the last month or so.
All of our RR objects, whois, DNS is solid ... dehr?
Fun times.
On 8/31/21 9:16 PM, Owen DeLong wrote:
[snip]
Geolocate and VPN or Not are often kind of tied to the same kinds of reporting services and it may well be that whatever provider HBO is using for one is also being used for the other. Owen
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
We don’t NAT IPv4 and we’ve had a few new issues with Netflix (had to fix it a few years ago too). They resolved it this time, thankfully!
On Aug 31, 2021, at 18:15, Mark Andrews <marka@isc.org> wrote:
Force the traffic to these companies to use IPv6. Advise your customers that you are doing this, why you are doing this and what steps they need to take to enable IPv6 on their equipment. Your customers can’t be in a worse position.
"Dear customer, if you want to reach … you will need to enable IPv6 support in your home network. The world ran out of enough IPv4 for everyone several years back and we have been sharing IPv4 between customers to allow you to reach IPv4 only sites. The afore mentioned companies are now blocking IPv4 connections from ISPs that have to share IPv4 addresses. To give you a better service we are blocking IPv4 connections to these companies so you will get a more reliable service over IPv6.
For instructions on how to enable IPv6 connectivity on you home router see this page ….
If your home router does not support IPv6 you will need to upgrade it to one that does."
On 1 Sep 2021, at 06:36, Bryan Holloway <bryan@shout.net> wrote:
Thanks, Owen ... good point.
Now hearing reports for these same prefixes with Disney+ too.
So the common denominators are:
HBO Hulu Netflix Amazon Prime Disney+
... there has _got_ to be some new-fangled DB somewhere. This all started in the last month or so.
All of our RR objects, whois, DNS is solid ... dehr?
Fun times.
On 8/31/21 9:16 PM, Owen DeLong wrote:
[snip]
Geolocate and VPN or Not are often kind of tied to the same kinds of reporting services and it may well be that whatever provider HBO is using for one is also being used for the other. Owen
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
In general, my experience with IP Geolocation has been that it’s slightly worse than a bad idea, yet that ship has sailed and like Windows, there are way too many entrenched applications using it for logic to ever prevail. I believe Amazon runs their own detection service for this and IIRC, they do sell it. I forget the name under which it is marked, but it may well be that they are the common denominator culprit for all 5 you show there. The good news is if you can get any one of them to fix it, it will likely resolve them all. Owen
On Aug 31, 2021, at 13:36 , Bryan Holloway <bryan@shout.net> wrote:
Thanks, Owen ... good point.
Now hearing reports for these same prefixes with Disney+ too.
So the common denominators are:
HBO Hulu Netflix Amazon Prime Disney+
... there has _got_ to be some new-fangled DB somewhere. This all started in the last month or so.
All of our RR objects, whois, DNS is solid ... dehr?
Fun times.
On 8/31/21 9:16 PM, Owen DeLong wrote:
[snip]
Geolocate and VPN or Not are often kind of tied to the same kinds of reporting services and it may well be that whatever provider HBO is using for one is also being used for the other. Owen
On Tue, Aug 31, 2021 at 2:19 PM Bryan Holloway <bryan@shout.net> wrote:
So I've made some progress, but not on the HBO front. (Hulu and Netflix have been responsive so far.)
Tried the e-mail address on Mike Hammett and Co.'s handy web-page, but got no response after several days. Ironically we were able to get through to the "closed-captioning" department, but this isn't particularly useful.
Does anyone have another possible contact for HBO folks to get some prefixes unflagged as "VPN"?
I see a CDN at least in the path of their web server:
To be clear, this is not a geolocate issue. At least according to the error our users are getting.
Thanks, all!
On 8/28/21 1:51 AM, Justin Krejci wrote:
+1 on Bryan's message.
TL;DR
It seems lots of ISPs are struggling to figure out the why and the where of many IP addresses or blocks that are suddenly being blacklisted or flagged as VPNs or as out of service area.
I would really love to find, as Bryan said, if there is one particular IP reputation data provider who either got real aggressive recently or some (contaminated?) data was shared around. If there is I have no problem wading through their support processes to get it sorted but as it stands I just don't know who to call. It just has been very difficult to glean anyactionable info and of course the normal support teams at the respective streaming providers mostly just are telling customers to call their ISP.... as if every random ISP has some special backdoor contact to every streaming provider where we can just get problems resolved quickly and easily while we all have a good laugh at people being able to watch their preferred movies and shows.
At least with email DNSBL filtering you usually get informed which DNSBL you are listed on and you can sort that out directly. In this case, the overall system of IP reputation based filtering seems still comparatively immature. The most I have gotten is after a very long phone call with someone at Hulu, they confirmed there is some issue affecting multiple networks and they are working on the issue and suggested I go through a whitelisting request process which may solve the problems but just for Hulu obviously.
I have published and tried to register our own geofeed data as defined in RFC8805 with as many IP geolocation providers as possible. I have checked around to as many IP geolocation and IP reputations sites as I can find and everything is either clean/accurate or there is no query method open to the public for troubleshooting that I can find. This is just yet another example to me of immaturity on dealing with geolocation problems: just spinning my wheels in the dark with mud spraying everywhere. There does not appear to be any consistency on handling issues by the content providers using IP geolocation and reputation to filter. If the content providers want to reject client connections they ought to provide more actionable information in their errors messages for ISPs since they are all just telling the users to call their ISPs. It just feels like a vicious circle.
So currently we are left with multiple video streaming providers that all started to flag many customers across many of our IP blocks all beginning earlier this month affecting customers, many of whom have been using the same IP address for years without issue until now. Do we try and decommission multiple IP subnets shuffle users over to new subnets and risk contaminating more subnets if this is an ongoing and regularly updated blacklist data set. This would further exacerbate the problem across yet more subnets that are getting scarcer. As a tangent, I am curious to see how IP geolocation and reputation systems are handling IPv6, I suppose they are just grouping larger and larger networks together into the same listings.
Someone who knows something concrete about this current issue, please throw us ISPs a bone.
With this email I feel like Leia recording a video plea for help addressed to Obi-Wan Kenobi.... help me Nanog Community... you're my only hope.
------------------------------------------------------------------------ *From:* NANOG <nanog-bounces+jkrejci=usinternet.com@nanog.org> on behalf of Bryan Holloway <bryan@shout.net> *Sent:* Friday, August 27, 2021 4:56 PM *To:* Mike Hammett; John Alcock *Cc:* nanog@nanog.org *Subject:* Re: The great Netflix vpn debacle! Is there some new DB that major CDNs are using?
We've been getting several reports of prefixes of ours being blocked, claiming to be VPNs, even though we've been using those subnets without incident for years.
HBO, Netflix, and Hulu appear to be common denominators. I have to wonder if they're all siphoning misinformation off of some new DB somewhere ...
On 8/14/21 1:45 AM, Mike Hammett wrote:
https://thebrotherswisp.com/index.php/geo-and-vpn/ <https://thebrotherswisp.com/index.php/geo-and-vpn/>
----- Mike Hammett Intelligent Computing Solutions <http://www.ics-il.com/ < http://www.ics-il.com/>> <*MailScanner has detected a possible fraud attempt from "www.facebook.com" claiming to be* https://www.facebook.com/ICSIL>< https://plus.google.com/+IntelligentComputingSolutionsDeKalb>< https://www.linkedin.com/company/intelligent-computing-solutions>< https://twitter.com/ICSIL <https://www.facebook.com/ICSIL>< https://plus.google.com/+IntelligentComputingSolutionsDeKalb>< https://www.linkedin.com/company/intelligent-computing-solutions>< https://twitter.com/ICSIL>> Midwest Internet Exchange <http://www.midwest-ix.com/ < http://www.midwest-ix.com/>> <*MailScanner has detected a possible fraud attempt from "www.facebook.com" claiming to be* https://www.facebook.com/mdwestix>< https://www.linkedin.com/company/midwest-internet-exchange>< https://twitter.com/mdwestix <https://www.facebook.com/mdwestix>< https://www.linkedin.com/company/midwest-internet-exchange>< https://twitter.com/mdwestix>> The Brothers WISP <http://www.thebrotherswisp.com/ < http://www.thebrotherswisp.com/>> <https://www.facebook.com/thebrotherswisp>< https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg <https://www.facebook.com/thebrotherswisp>< https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>> ------------------------------------------------------------------------ *From: *"John Alcock" <john@alcock.org> *To: *nanog@nanog.org *Sent: *Friday, August 13, 2021 2:11:16 PM *Subject: *The great Netflix vpn debacle!
Well,
It happened. I have multiple subscribers calling in. They can not access Netflix.
Any contacts on list for Netflix that I can use to get my up blocks whitelisted?
John
On Fri, Aug 27, 2021 at 7:54 PM Justin Krejci <JKrejci@usinternet.com> wrote:
+1 on Bryan's message.
TL;DR
It seems lots of ISPs are struggling to figure out the why and the where of many IP addresses or blocks that are suddenly being blacklisted or flagged as VPNs or as out of service area.
I would really love to find, as Bryan said, if there is one particular IP reputation data provider who either got real aggressive recently or some (contaminated?) data was shared around. If there is I have no problem wading through their support processes to get it sorted but as it stands I just don't know who to call. It just has been very difficult to glean any actionable info and of course the normal support teams at the respective streaming providers mostly just are telling customers to call their ISP.... as if every random ISP has some special backdoor contact to every streaming provider where we can just get problems resolved quickly and easily while we all have a good laugh at people being able to watch their preferred movies and shows.
At least with email DNSBL filtering you usually get informed which DNSBL you are listed on and you can sort that out directly. In this case, the overall system of IP reputation based filtering seems still comparatively immature. The most I have gotten is after a very long phone call with someone at Hulu, they confirmed there is some issue affecting multiple networks and they are working on the issue and suggested I go through a whitelisting request process which may solve the problems but just for Hulu obviously.
I have published and tried to register our own geofeed data as defined in RFC8805 with as many IP geolocation providers as possible.
So, RFC8805 is great and all, but it sure is annoying that you have to find webforms for a whole heap-o-geolocation providers, and figure out how to tell them where your geofeed file lives, etc. Introducing RFC9092 - "Finding and Using Geofeed Data" ( https://datatracker.ietf.org/doc/rfc9092/ ). It slices, it dices...it even makes Julienne fries!... Actually, nope, it just allows you to publish, in IRR records, the location of the RFC8805 format file. e.g: $ whois -h whois.ripe.net 31.130.224.0 | egrep "inetnum|netname|remarks" inetnum: 31.130.224.0 - 31.130.239.255 netname: ietf-meeting-network remarks: Geofeed https://noc.ietf.org/geo/google.csv The RFC has more examples, and also suggests an optional signature to strongly authenticate the data in the geofeed files... W Disclaimer: author
I have checked around to as many IP geolocation and IP reputations sites as I can find and everything is either clean/accurate or there is no query method open to the public for troubleshooting that I can find. This is just yet another example to me of immaturity on dealing with geolocation problems: just spinning my wheels in the dark with mud spraying everywhere. There does not appear to be any consistency on handling issues by the content providers using IP geolocation and reputation to filter. If the content providers want to reject client connections they ought to provide more actionable information in their errors messages for ISPs since they are all just telling the users to call their ISPs. It just feels like a vicious circle.
So currently we are left with multiple video streaming providers that all started to flag many customers across many of our IP blocks all beginning earlier this month affecting customers, many of whom have been using the same IP address for years without issue until now. Do we try and decommission multiple IP subnets shuffle users over to new subnets and risk contaminating more subnets if this is an ongoing and regularly updated blacklist data set. This would further exacerbate the problem across yet more subnets that are getting scarcer. As a tangent, I am curious to see how IP geolocation and reputation systems are handling IPv6, I suppose they are just grouping larger and larger networks together into the same listings.
Someone who knows something concrete about this current issue, please throw us ISPs a bone.
With this email I feel like Leia recording a video plea for help addressed to Obi-Wan Kenobi.... help me Nanog Community... you're my only hope.
------------------------------ *From:* NANOG <nanog-bounces+jkrejci=usinternet.com@nanog.org> on behalf of Bryan Holloway <bryan@shout.net> *Sent:* Friday, August 27, 2021 4:56 PM *To:* Mike Hammett; John Alcock *Cc:* nanog@nanog.org *Subject:* Re: The great Netflix vpn debacle!
Is there some new DB that major CDNs are using?
We've been getting several reports of prefixes of ours being blocked, claiming to be VPNs, even though we've been using those subnets without incident for years.
HBO, Netflix, and Hulu appear to be common denominators. I have to wonder if they're all siphoning misinformation off of some new DB somewhere ...
On 8/14/21 1:45 AM, Mike Hammett wrote:
https://thebrotherswisp.com/index.php/geo-and-vpn/
----- Mike Hammett Intelligent Computing Solutions <http://www.ics-il.com/> < https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL <https://www.facebook.com/ICSIL%3E%3Chttps://plus.google.com/+IntelligentComputingSolutionsDeKalb%3E%3Chttps://www.linkedin.com/company/intelligent-computing-solutions%3E%3Chttps://twitter.com/ICSIL>
Midwest Internet Exchange <http://www.midwest-ix.com/> < https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix
The Brothers WISP <http://www.thebrotherswisp.com/> < https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg
------------------------------------------------------------------------ *From: *"John Alcock" <john@alcock.org> *To: *nanog@nanog.org *Sent: *Friday, August 13, 2021 2:11:16 PM *Subject: *The great Netflix vpn debacle!
Well,
It happened. I have multiple subscribers calling in. They can not access Netflix.
Any contacts on list for Netflix that I can use to get my up blocks whitelisted?
John
-- The computing scientist’s main challenge is not to get confused by the complexities of his own making. -- E. W. Dijkstra
* warren@kumari.net (Warren Kumari) [Tue 31 Aug 2021, 21:04 CEST]:
So, RFC8805 is great and all, but it sure is annoying that you have to find webforms for a whole heap-o-geolocation providers, and figure out how to tell them where your geofeed file lives, etc.
Introducing RFC9092 - "Finding and Using Geofeed Data" ( [..]
This won't help at all against geolocation vendors marking proxies and VPN endpoints as such. -- Niels.
Indeed. Let me be 100% clear: We are having issues with prefixes flagged as VPNs. They are not. We are NOT having issues with prefixes and geolocation. On 8/31/21 9:24 PM, Niels Bakker wrote:
* warren@kumari.net (Warren Kumari) [Tue 31 Aug 2021, 21:04 CEST]:
So, RFC8805 is great and all, but it sure is annoying that you have to find webforms for a whole heap-o-geolocation providers, and figure out how to tell them where your geofeed file lives, etc.
Introducing RFC9092 - "Finding and Using Geofeed Data" ( [..]
This won't help at all against geolocation vendors marking proxies and VPN endpoints as such.
-- Niels.
participants (25)
-
Bryan Holloway
-
bzs@theworld.com
-
Etienne-Victor Depasquale
-
Haudy Kazemi
-
J. Hellenthal
-
Jason Canady
-
Jay Hennigan
-
Jeroen Massar
-
Jim Troutman
-
John Alcock
-
Justin Krejci
-
Lady Benjamin Cannon of Glencoe, ASCE
-
Mark Andrews
-
Mark Tinka
-
Martin Hannigan
-
Matthew Huff
-
Michael Thomas
-
Mike Hammett
-
Niels Bakker
-
Nimrod Levy
-
Owen DeLong
-
Phineas Walton
-
Stephen Satchell
-
Tom Beecher
-
Warren Kumari