Job Snijders @job@bsd.network
- Website
- https://sobornost.net/~job/
- Github
- https://github.com/job
Internet routing security hacker-for-hire
Joined Jan 2020
Pinned post
Here is my review of RPKI in 2025 https://lists.nanog.org/archives/list/nanog@lists.nanog.org/thread/QLG35AUUHHZVLF6D24LK5J6HCOQQWL6V/
I uploaded a nearly complete data capture of the entire RPKI of the last 5 years into Zenodo https://zenodo.org/search?q=RPKIViews&l=list&p=1&s=10&sort=bestmatch
Job Snijders
boosted
I would love to understand what is going on inside IDNIC, The IRR (outside of the APNIC hosted endpoints) hasn't worked for nearly a entire year:
$ curl ftp://irr-mirror.idnic.net/
-rw-r--r-- 1 0 0 4 Jan 30 2025 IDNIC.CURRENTSERIAL
-rw-r--r-- 1 0 0 757397 Jan 30 2025 idnic.db.gz
$ curl ftp://irr.idnic.net/
-rw-r--r-- 1 0 0 4 Jan 30 2025 IDNIC.CURRENTSERIAL
-rw-r--r-- 1 0 0 757397 Jan 30 2025 idnic.db.gz
and their RPKI repo has AAAA records, but the v6 addresses don't work. this may seem harmless because things will eventually fall back to the A/IPv4 record, but that doesn't actually happen in NAT64 environments...
I tried emailing them about this and have never got a response (even trying to go via APNIC to see if they had any better contacts). For a NIC for a country with a population that is reasonably comparable to the United States this is an impressive level of abandonment to infrastructure.
Ik stond gisteren in de krant over Internet in Iran https://www.nrc.nl/nieuws/2026/01/20/vrij-internet-in-Iran-keert-misschien-helemaal-niet-meer-terug-vrezen-experts-a4918099
Job Snijders
boosted
UPDATE: Internet of Iran has been down for over 18 hours #IranProtests2026 #IranInternetShutdown
https://www.kentik.com/analysis/iran-goes-dark-as-government-cuts-itself-off-from-internet/
Job Snijders
boosted
This tree has TWO trunks?! How does that happen? (Spotted along the Dutch “kustpad” trail)
Job Snijders
boosted
I'd like to store one billion variable-length binary objects & get them by SHA256(obj) key. The median object size is 2 kilobyte. Low read/write volumes.
What I've tried so far: NFS with the hash's first few octets as nested directory names, it works but it is a bit slow and I also tried ZeroFS (also too slow).
Under considerations: DuckDB, RocksDB, BerkeleyDB, SQLite3, lmdb, something bespoke
Recommendations? Things/papers I should be reading?
Job Snijders
boosted
New (very minimal) Internet-Draft submitted: ASN Prefix-based Addressing for IPv6
"This document describes a method and policy for ASN prefix-based addressing for IPv6."
If this goes anywhere I expect it will change, and grow, markedly.
https://datatracker.ietf.org/doc/draft-kristoff-v6ops-asn-based-addressing/
Job Snijders
boosted
on a zoom call Chuck Moore the author of Forth announced that Windows updates have rendered his otherwise working colorForth system inoperable and unfixable. moving to another operating system would amount to a rewrite. as a result he said it's "time to move on" from Forth.
several people on the call thanked him for changing their lives with his language, for giving them a lifetime of joyful work and a powerful simple way of thinking about computing, to which he responded "I can only hope it was worthwhile"
Job Snijders
boosted
Friends, if you, your colleagues, or your organization has the means, especially if you've gotten some value out of rpki-client (also OpenBGPD or StayRTR), please consider donating to the non-profit Route Server Support Foundation (RSSF) to keep the software coming.
This is the important Internet infrastructure kind of stuff that is very deserving, and in need of support.
Job Snijders
boosted
If you or your colleagues have ROAs in the #AFRINIC #RPKI repository, see this email from @job
Those with a non-conformant subject name can reissue the ROA themselves, the others will need to be fixed by the registry.
https://lists.afrinic.net/pipermail/dbwg/2025-November/000546.html
Job Snijders
boosted
fun fact of the day: rpki-client natively supports Prometheus OpenMetrics! Look for the `metrics` file in the output directory.
https://prometheus.io/docs/specs/om/open_metrics_spec/
Job Snijders
boosted
For my company I have put together #gameoftrees and #OpenBSD support packages which cover tasks I have been doing via ad-hoc consulting gigs for years now. And I asked some freelancing friends from the OpenBSD community to share the work with me.
We support deployments of OpenBSD in server and firewall roles via yearly fixed-price contracts. All base system components can be supported.
From our existing client base we know for a fact that there are small and mid-sized businesses out there who run OpenBSD and would benefit from working with us. We want to find more of them.
APNIC now supports "signing with resources". This is a RPKI-based mechanism to challenge & verify control over IP address (blocks) and AS numbers. Very useful for Bring-Your-Own-IP (BYOIP) use cases.
I helped develop this as an open standard & software implementation. Very nice to see it finally reach the production environment! Kudos to Team APNIC
OpenBSD 7.8 is out! This release includes a little project of mine, a new implementation of the "watch" utility! This one has a real time display, can pause on error, highlight words & lines.
Job Snijders
boosted
- Website
- https://sobornost.net/~job/
- Github
- https://github.com/job
Internet routing security hacker-for-hire
Joined Jan 2020
