@huitema@social.secret-wg.org avatar

huitema

@huitema@social.secret-wg.org

Working on that Internet thing...

https://www.privateoctopus.com/about.html

This profile is from a federated server and may be incomplete. Browse more on the original instance.

joebeone, to random
@joebeone@techpolicy.social avatar

"The US Makes a Big Step Toward Better Routing Security" by Ryan Polk @internetsociety https://www.internetsociety.org/blog/2024/05/the-us-makes-a-big-step-toward-better-routing-security/

huitema,
@huitema@social.secret-wg.org avatar

@enoclue @joebeone RPKI probably helps filtering out bad routes, but it is also introducing its own failure mode. An incorrect RPKI entry, voluntary or not, can create its own outages. See for example:

https://therecord.media/orange-espana-outage-hacker-internet-ripe-bgp-rpki

huitema, to random
@huitema@social.secret-wg.org avatar

Question for DNS experts. Do you know of a DNS resolver software that can be configured to use a different IPv6 privacy address for each outgoing DNS query?

huitema,
@huitema@social.secret-wg.org avatar

@SteveBellovin This is discussed in the thread. The simplest solution is probably to have the server act as a router, and be the sole user of the IPv6 prefix. Maybe using something like prefix delegation.

bert_hubert, to random
@bert_hubert@fosstodon.org avatar

Recently places like @SIDN (Dutch national operator of .NL) have been claiming that nobody in Europe can deliver their computer needs, and that they are therefore forced to outsource operations to American cloud providers. Meanwhile our own IT industry denies this. Here I delve into what's going on, and how Europe is being Cloud Naïve instead of Cloud Native.

https://berthub.eu/articles/posts/cloud-naive-europe-and-the-megascaler/

huitema,
@huitema@social.secret-wg.org avatar

@jornfranke @bert_hubert @SIDN Bert, did you analyze the market incentives there? Suppose OVH or Hetzner come up with their own version of cloud storage, would it sell? Probably only if there is dome kind of standard, as you say. But could such a standard emerge without Amazon and Microsoft? And if it did, how long before "embrace and extend"?

huitema,
@huitema@social.secret-wg.org avatar

@bert_hubert The silicon valley school of system design emphasizes "build a moat" in order to secure a monopoly. Typically relying on network effects and economies of scale. For the cloud service, what is the moat? It cannot just be individual services like S3, because cheaper copies are doable. Security? Identity? Customer support? It is very hard to compete without understanding that.

whitequark, to random
@whitequark@mastodon.social avatar

IEEE 802.3 having a normal one

image/png

huitema,
@huitema@social.secret-wg.org avatar

@raggi @whitequark There was recently a thread in the chat room of QUIC developers -- engineers working on a variety of QUIC implementations, big and small. "Do you implement PMTU discovery". The most interesting answer was something like "we tried, and then we turned it off, because of rare failures that were hard to mitigate, so we just send 1280 bytes packets."

davemark, to tech
@davemark@mastodon.social avatar

"I deleted keys generated by our TV for 5 straight minutes. 5 Minutes of like 200BPM clicking. I restarted. Everything worked again. I laughed so hard I cried. I felt like I'd solved a murder."

Tech people, THIS IS A GREAT FANTASIC READ!!!

The title is, "DO NOT BUY HISENSE TV'S"

https://cohost.org/ghoulnoise/post/5286766-do-not-buy-hisense-t

huitema,
@huitema@social.secret-wg.org avatar

@davemark This actually looks like a bug in windows. Anything that causes the OS to fail is a bug. OK, so the TV is creating fake UUIDs each time it does a DHCP request. I don't know why HiSense does it, but it is about the only way to obtain privacy addresses and avoid DHCP tracking, so there are legit usages. Someone did not foresee the scenario and used an O(N) or maybe O(N^2) algorithm to maintain device lists, thus the stall. That's a bug.
Corrected 4/21: UPNP requests, not DHCP

huitema,
@huitema@social.secret-wg.org avatar

@davemark Thinking of it a bit more, this actually looks like a security bug. Random attacker brings small device to network, starts a loop of DHCP requests from random MAC and with random UUID, watch Windows11 laptops connected to the network start stalling. I don't have the time to repro that, but it is similar to a bunch of low level attacks against OSes.
Corrected 4/21: these were UPNP notifications, not DHCP requests. No random MAC involved.

huitema,
@huitema@social.secret-wg.org avatar

@ljrk @davemark From the documentation, "network discovery" is set by settings/network settings/advanced network settings/advanced sharing settings. On my PC, this is enabled for "private" networks, so I think it is the default. So the main attack is, some buggy device plugged on a home network. Or, the user did voluntarily open network discovery for public networks, in which case all bets are off.

bagder, to random
@bagder@mastodon.social avatar

and in case you missed it: with the new addition of --ech, now supports 259 command line options

huitema,
@huitema@social.secret-wg.org avatar

@bagder @jeroen ECH does not only hide the domain name. It hides lots of metadata like the ALPN or the initial parameters of QUIC, etc. It is useful even when domain fronting is not.

whitequark, to random
@whitequark@mastodon.social avatar

python is a great and fun language to write device drivers in :D

huitema,
@huitema@social.secret-wg.org avatar

@whitequark Writing drivers in Python looks like fun. I once wrote an X.25 Linux driver in Pascal, and a drawing program in Cobol. All languages can be misused, if enough creativity...

glennf, to random
@glennf@twit.social avatar

I was unaware that some people pronounced Nike like nyk without the E sound at the end. Like some people say Porsche without the E.

huitema,
@huitema@social.secret-wg.org avatar

@bagder @glennf I have a tendency to say it the same way as "athena nike" -- Neekay.

hrefna, to fediverse
@hrefna@hachyderm.io avatar

The protocol as it now sits will not keep you "safe" from threads in any meaningful way.

Repeat. After. Me.

The protocol as it now sits will not keep you "safe" from threads in any meaningful way.

I don't mean as in "it will not protect from a malevolent actor" sense. I mean in an ordinary, reasonable behavior sense.

not only does not have the tools for this, it makes assumptions that are fundamentally opposed to the kinds of protections that people seem to be seeking.

1/

huitema,
@huitema@social.secret-wg.org avatar

@hrefna Thank you for digging into these issues. I think that we are facing the classic case of a protocol built with an assumption of trust, and then used in a context in which that trust is dubious. The challenge is to retrofit the security controls required when trust is absent, and then do that without breaking the existing community.

mekkaokereke, (edited ) to random
@mekkaokereke@hachyderm.io avatar

As we hear reports that it will take 10 years (🤯) to replace the 1.6 mile Francis Scott Key bridge in Baltimore, remember that China built the Danyang-Kunshan bridge and Qingdao Jiaozhou Bay Bridge in 4 years each.

Danyang-Kunshan Bridge is 102 miles long, and 100 ft above the water.

Jiaozhou Bay Bridge is 16 miles and 623 ft tall, earthquake and typhoon proof, and can withstand a direct strike from a 300,000 ton cargo ship. That last point is unfortunately topical.

https://m.youtube.com/watch?v=U7iQqogVmr8

huitema,
@huitema@social.secret-wg.org avatar

@djcapelis @bouriquet @AdeptVeritatis @mekkaokereke @UncivilServant @McBeth @hazelweakly

I don't know where the 10 years figure comes from. Near my home town is the St Nazaire bridge, at the mouth of the river Loire in France. It is larger than the Baltimore bridge, and was completed in 1975 in 3 years. If the French could build that in 3 years 50 years ago, I have a hard time believing it will take 10 years in America now.

glennf, to random
@glennf@twit.social avatar

I’m incapable of adequately conveying just how many crows are in this neighborhood.

video/mp4

huitema,
@huitema@social.secret-wg.org avatar

@iDGS @glennf Same story in Bothell, WA: https://environment.uw.edu/news/2021/12/a-story-of-10000-crows-the-nightly-migration-to-uw-bothell-campus/

ErikJonker, to geopolitics
@ErikJonker@mastodon.social avatar

Diplomacy is a profession , an art maybe. Scholz is not mastering it and doesn't think about deterrence and deliberate/strategic ambiguity etc. Instead he makes absolutely clear Russia does not need to fear NATO troops and weapons in any context in Ukraine. True maybe, but why make Putin more secure and confident ?
Maybe he should agree a pact like in the Molotov-Ribbentrop days (being cynical here).
https://en.wikipedia.org/wiki/Policy_of_deliberate_ambiguity

@geopolitics



huitema,
@huitema@social.secret-wg.org avatar

@ErikJonker @geopolitics Before Molotov-Ribbentrop, we had the partitions of Poland, Frederick, Catherine and Maria-Theresa...

whitequark, to random
@whitequark@mastodon.social avatar

writing flowcharts for myself for the next time i have sleep issues

huitema,
@huitema@social.secret-wg.org avatar

@whitequark Sleep issues? Some people are counting sheeps. My favorite is mentally computing log 10 tables of the first 20 numbers with at least 4 digits of precision. That should get people to sleep quickly, or at least avoid thinking about something else...

bert_hubert, to random
@bert_hubert@fosstodon.org avatar

So a few days ago I asked for help how to record my mains signal with high resolution, because something in my house is eating LED lights. Together with @alzimon & friends we built a setup. Today I got it working here, and lo and behold, there appears to be crap on the wire. 196kHz samples (!). Still need to double check this is not caused by my setup, but it looks reasonably solid:

image/png

huitema,
@huitema@social.secret-wg.org avatar

@isomer @bert_hubert
Do you use some kind of home automation system? They use "data over power line" technology. Most popular tech are X.10 or UPB, with modulation around 100 KHz (X.10) or 30-40KHz (UPB) -- the general constraint is that the modulation shall be under 500KHz.

huitema, to random
@huitema@social.secret-wg.org avatar

Dave Mills was a great contributor to the IETF and the Internet. Of course, he invented NTP. But he did not just do that. He also kept improving it, solving issues, passing his knowledge, and inspiring many to work in his field. So many reasons to miss him.

https://en.wikipedia.org/wiki/David_L._Mills

hrefna, to fediverse
@hrefna@hachyderm.io avatar

My instinct, looking at conversations around and AS2, is that there there's a disconnect when people talk about trying to ensure compile-time type safety with those that prefer systems that lean more toward dynamic, runtime typing.

Because I've seen a few cases now where people in the latter group seem to not understand why the first group views the translation into this as such a problem.

But this isn't about the preferred tool, this is about where the complexity lives.

1/

huitema,
@huitema@social.secret-wg.org avatar

@hrefna @FenTiger A lot of that early checking can also be done by developing an extensive set of unit tests.

huitema, to random
@huitema@social.secret-wg.org avatar

Kudos to Marten Seeman for discovering the first DOS vulnerability in QUIC: attackers could send series of PATH CHALLENGE to force the server to queue large numbers of PATH RESPONSE frames, leading to memory exhaustion if the return path does not have enough congestion control credits. It turns out that many implementations (including picoquic) had foreseen the issue and limit the number of pending challenge, but that's in theory in violation of the standard.

https://seemann.io/posts/2023-12-18-exploiting-quics-path-validation/

nyquildotorg, to random
@nyquildotorg@fedia.social avatar

GM Says It's Dropping Apple CarPlay And Android Auto Because They're Unsafe

I can't bring myself to disagree with this. I've been a longtime Android Auto user and on many, many occasions I've thought to myself "ok, this is a bad idea," as I find myself fiddling with shit at a stop sign trying to get my music to play or to get my phone to reconnect or whatever.

huitema,
@huitema@social.secret-wg.org avatar

@nyquildotorg GM says they do that because they do not want to encourage cellphone use when driving. Maybe. But they are also developing systems like OneStar that keeps tracking cars and drivers, and then contracting with Google to install entertainment apps. Feels a lot like "we want to keep all the tracking data for GM, and monetize it ourselves."

huitema, to random
@huitema@social.secret-wg.org avatar

I was carried over when discussing a proposal to revive IPv6 packet fragmentation on the IETF IPv6 mailing list, posting more and more details about QUIC performance and why fragmentation would not help. So I finally collected these arguments into a presentation of what we did to improve the performance of QUIC implementations, and wrote them in a new blog:
https://www.privateoctopus.com/2023/12/12/quic-performance.html

SystemsAppr, to random
@SystemsAppr@discuss.systems avatar

The end of year is a popular time to make tech predictions, but rather than making new ones, we looked back at some old ones from 1995. The details are in our latest newsletter https://open.substack.com/pub/systemsapproach/p/outrageous-opinions?r=cxpek&utm_campaign=post&utm_medium=web 1/n

huitema,
@huitema@social.secret-wg.org avatar

@SteveBellovin @dave_andersen @danmcd @SystemsAppr On the jitter part -- very fast may not have been easy, but it was very clear that the Internet was getting faster quicker. The rule of thumb was that various QOS tricks allowed you to carry 20% more load with the same jitter, but that if capacity doubled every year it really did not matter.

nyquildotorg, to random
@nyquildotorg@fedia.social avatar

The "if buying doesn't mean owning, piracy isn't stealing" take drives me nuts.

IP licensing is, has been and always will be gross, but you can't just use your misunderstanding of what you get with your purchase to link those two completely disparate ideas together. Yes, you own the paper that book is printed on, the plastic that DVD is made from or that MP4 file, but you do not "own" the contents of those things.

You can say that IP licensing shouldn't be a thing, or that all information should be free, whatever, but you can't just decide for yourself the terms of a purchase.

huitema,
@huitema@social.secret-wg.org avatar

@nyquildotorg @HunterZ
The initial DVD roll out did not require DRM servers. That came later, after the DRM keys copied in each approved DVD reader leaked. I get that they may decided to not run servers anymore, but there are potential remedies, like publishing the keys for the abandoned products. Just waiting to see if some enterprising lawyers want to mount some kind of class action lawsuit...

  • All
  • Subscribed
  • Moderated
  • Favorites
  • normalnudes
  • everett
  • magazineikmin
  • thenastyranch
  • Youngstown
  • Durango
  • rosin
  • slotface
  • InstantRegret
  • mdbf
  • PowerRangers
  • kavyap
  • tsrsr
  • DreamBathrooms
  • Leos
  • ngwrru68w68
  • hgfsjryuu7
  • cubers
  • GTA5RPClips
  • khanakhh
  • vwfavf
  • ethstaker
  • osvaldo12
  • modclub
  • cisconetworking
  • tacticalgear
  • tester
  • anitta
  • All magazines
    •