@huitema@social.secret-wg.org avatar

huitema

@huitema@social.secret-wg.org

Working on that Internet thing...

https://www.privateoctopus.com/about.html

This profile is from a federated server and may be incomplete. Browse more on the original instance.

huitema, to random
@huitema@social.secret-wg.org avatar

Dave Mills was a great contributor to the IETF and the Internet. Of course, he invented NTP. But he did not just do that. He also kept improving it, solving issues, passing his knowledge, and inspiring many to work in his field. So many reasons to miss him.

https://en.wikipedia.org/wiki/David_L._Mills

hrefna, to fediverse
@hrefna@hachyderm.io avatar

My instinct, looking at conversations around and AS2, is that there there's a disconnect when people talk about trying to ensure compile-time type safety with those that prefer systems that lean more toward dynamic, runtime typing.

Because I've seen a few cases now where people in the latter group seem to not understand why the first group views the translation into this as such a problem.

But this isn't about the preferred tool, this is about where the complexity lives.

1/

huitema,
@huitema@social.secret-wg.org avatar

@hrefna @FenTiger A lot of that early checking can also be done by developing an extensive set of unit tests.

huitema, to random
@huitema@social.secret-wg.org avatar

Kudos to Marten Seeman for discovering the first DOS vulnerability in QUIC: attackers could send series of PATH CHALLENGE to force the server to queue large numbers of PATH RESPONSE frames, leading to memory exhaustion if the return path does not have enough congestion control credits. It turns out that many implementations (including picoquic) had foreseen the issue and limit the number of pending challenge, but that's in theory in violation of the standard.

https://seemann.io/posts/2023-12-18-exploiting-quics-path-validation/

nyquildotorg, to random
@nyquildotorg@fedia.social avatar

GM Says It's Dropping Apple CarPlay And Android Auto Because They're Unsafe

I can't bring myself to disagree with this. I've been a longtime Android Auto user and on many, many occasions I've thought to myself "ok, this is a bad idea," as I find myself fiddling with shit at a stop sign trying to get my music to play or to get my phone to reconnect or whatever.

huitema,
@huitema@social.secret-wg.org avatar

@nyquildotorg GM says they do that because they do not want to encourage cellphone use when driving. Maybe. But they are also developing systems like OneStar that keeps tracking cars and drivers, and then contracting with Google to install entertainment apps. Feels a lot like "we want to keep all the tracking data for GM, and monetize it ourselves."

huitema, to random
@huitema@social.secret-wg.org avatar

I was carried over when discussing a proposal to revive IPv6 packet fragmentation on the IETF IPv6 mailing list, posting more and more details about QUIC performance and why fragmentation would not help. So I finally collected these arguments into a presentation of what we did to improve the performance of QUIC implementations, and wrote them in a new blog:
https://www.privateoctopus.com/2023/12/12/quic-performance.html

SystemsAppr, to random
@SystemsAppr@discuss.systems avatar

The end of year is a popular time to make tech predictions, but rather than making new ones, we looked back at some old ones from 1995. The details are in our latest newsletter https://open.substack.com/pub/systemsapproach/p/outrageous-opinions?r=cxpek&utm_campaign=post&utm_medium=web 1/n

huitema,
@huitema@social.secret-wg.org avatar

@SteveBellovin @dave_andersen @danmcd @SystemsAppr On the jitter part -- very fast may not have been easy, but it was very clear that the Internet was getting faster quicker. The rule of thumb was that various QOS tricks allowed you to carry 20% more load with the same jitter, but that if capacity doubled every year it really did not matter.

nyquildotorg, to random
@nyquildotorg@fedia.social avatar

The "if buying doesn't mean owning, piracy isn't stealing" take drives me nuts.

IP licensing is, has been and always will be gross, but you can't just use your misunderstanding of what you get with your purchase to link those two completely disparate ideas together. Yes, you own the paper that book is printed on, the plastic that DVD is made from or that MP4 file, but you do not "own" the contents of those things.

You can say that IP licensing shouldn't be a thing, or that all information should be free, whatever, but you can't just decide for yourself the terms of a purchase.

huitema,
@huitema@social.secret-wg.org avatar

@HunterZ @nyquildotorg Ownership is often not absolute. You may own a house, but you have conditions like right of ways. You may own a pet, but there are rules on mistreatment. Etc. In the case of DVD, ownership of the media does not include the right to replicate the art, let alone sell copies. That much is fair. On the other end, the expectation if you bought it outright is that you can play it whenever you like. And breaking that does not seem fair. Not at all.

huitema,
@huitema@social.secret-wg.org avatar

@nyquildotorg @HunterZ
I am not sure that's how DVDs were sold 10 or 20 years ago. People were seeing that as the equivalent of VHS tapes, much like CDs were the equivalent of vinyl. People understood the DRM part, as in "keep paying the piper". They certainly had no expectation that it could just "go blank" on the mere wishes of the seller.

huitema,
@huitema@social.secret-wg.org avatar

@nyquildotorg @HunterZ No it did not. I don't believe there is a law that says the publisher of a book can come to my house and remove from my libraries the books that they don't want me to read anymore. If you know of a law that says that, please point me to it.

huitema,
@huitema@social.secret-wg.org avatar

@nyquildotorg @HunterZ
The initial DVD roll out did not require DRM servers. That came later, after the DRM keys copied in each approved DVD reader leaked. I get that they may decided to not run servers anymore, but there are potential remedies, like publishing the keys for the abandoned products. Just waiting to see if some enterprising lawyers want to mount some kind of class action lawsuit...

hrefna, to random
@hrefna@hachyderm.io avatar

I really think "soft restrictions" statements are undervalued by engineers.

Soft restrictions are things that are not enforced in a hard way, but are part of a spec. They are guardrails, not a wall.

You can't propose anything in this regard without people coming out of the woodwork with one of:

  1. Esoteric attacks that the proposal never claimed to address.
  2. "But it won't STOP the bad behavior!"
  3. "Well if you want that then you should just <do horribly obnoxious and unusable thing>"
huitema,
@huitema@social.secret-wg.org avatar

@hrefna You are arguing for an intermediate state between "fully public" and "privacy enforced by encryption". I think the big issue is trust. The participants "trust" a set of parties to enforce the "guardrails" -- mostly, other participants in the group and the admins of their servers. Is that obvious to them? What happens if some trusted parties fail to enforce the guardrails? Once? Repeatedly? Because they were hacked?

hrefna, to random
@hrefna@hachyderm.io avatar

I really like what I'm seeing with so far in terms of the communication and design layout, also with how thorough they are being in thinking through the auth and security models: https://atproto.com/blog/2023-protocol-roadmap

It's complicated and there's A Lot™ but it is neatly modularized.

Governance is my big open question mark and very, very important going forward, but from a design perspective I see a lot to like.

huitema,
@huitema@social.secret-wg.org avatar

@hrefna Not from the W3C, but the IETF/IAB did publish two RFCs specifically about these issue:

  1. RFC 9170, Long-Term Viability of Protocol Extension Mechanisms, https://datatracker.ietf.org/doc/html/rfc9170

  2. RFC 9413, Maintaining Robust Protocols, https://datatracker.ietf.org/doc/html/rfc9413

huitema,
@huitema@social.secret-wg.org avatar

@gugurumbe @hrefna If you don't want intermediaries messing with your messages, encrypt them.

campuscodi, to random
@campuscodi@mastodon.social avatar

The Irish Council of Civil Liberties says that an Israeli company named ISA Security is selling access to Patternz, a powerful surveillance tool.

The ICCL says Patternz taps into real-time bidding information from online ad platforms to provide customers the ability to track almost anyone around the world.

ISA claims Patternz has data points for five billion individuals, including information on their driving routes, children, co-workers, and approximate geo-locations.

https://www.iccl.ie/2023/new-iccl-reports-reveal-serious-security-threat-to-the-eu-and-us/

huitema,
@huitema@social.secret-wg.org avatar

@campuscodi that Israeli company tapping into online ad auctions is probably not the only one. The whole system of ad auctions is a horrific attack against privacy. Against human rights, in fact.

huitema, to random
@huitema@social.secret-wg.org avatar

For a couple of years now, I have been working with Alain Durand at ICANN to collect statistics in DNS usage, patterns, etc. Data is updated monthly. Latest addition is a table of the concentration of DNS name servers, measured by looking at where the IP addresses of the servers are hosted. The big "winner" is of course Cloudflare, but there is also a significant correlation between being hosted by AWS or served by Akamai and have the DNS on the same network.
https://ithi.research.icann.org/graph-m9.html

danyork, to random
@danyork@mastodon.social avatar

Drinking a cup of "Sleepytime" tea right before going into a 90-minute evening French class over Zoom was... perhaps NOT my brightest idea today! 🤣 😴💤

huitema,
@huitema@social.secret-wg.org avatar

@danyork Ha Ha! Before a French class, tea iz not ze right beverage. red wine iz much better! Enough red wine, you speak like a French man!

bagder, to random
@bagder@mastodon.social avatar

The updated 100 operating systems has run on. (Dropped two, added two)

huitema,
@huitema@social.secret-wg.org avatar

@bagder Isn't Windows CE finally dead?
https://arstechnica.com/gadgets/2023/10/windows-ce-microsofts-stunted-middle-child-reaches-end-of-support-at-26-years/

huitema, to random
@huitema@social.secret-wg.org avatar

Reading the post-mortem published by Cloudflare after their system failure, despite all the redundancies. Two specific point caught my attention. The repair team had a hard time restoring power because the access control system was powered off. I think I had heard that before. And when the service came back up, a thundering herd issue caused them to stumble. I have definitely heard that before...

https://blog.cloudflare.com/post-mortem-on-cloudflare-control-plane-and-analytics-outage/

cstross, to random
@cstross@wandering.shop avatar

About YouTube and ad-blockers:

YouTube is owned by Alphabet, aka Google's umbrella corporation. Google in turn was devoured by DoubleClick, the largest advertising company to come out of the 1990s web.

When you use Google, you are feeding the attention monster that is the advertising industry.

We should aim to criminalize behavioural advertising and break up the Google monopoly, not tolerate their shit and work around it by using adblockers.

huitema,
@huitema@social.secret-wg.org avatar

@cstross @exotaur
The many tentacles of Google! As much as I try to steer free of them, they get at me in at least two ways: reading the emails that I send to people using Gmail; and, open the Google docs and spreadsheets that people seem to share so happily. People, please stop enabling the machine! Don't force your friends to send mail to Gmail! Find altternatives to google docs and spreadsheets!

mattblaze, to photography
@mattblaze@federate.social avatar

More nerditry:

My main camera system is what's called "medium format'; the sensor is 40x54mm, which corresponds to the "645" format that used 120-type roll film. This is about 2.5 times the area of the standard "full frame" 24x36mm used in 35mm cameras, but only about 1/5th the area of "large format" 4x5 sheet film.

What's the significance of sensor size? Several things...

huitema,
@huitema@social.secret-wg.org avatar

@mattblaze the alternative to bigger sensors is super definition -- use small variations between successive takes to interpolate more pixels. That would mean shorter exposure for each pixel, e.g., instead of 1 picture at 1/60, 4 pictures at 1/240, for twice the number of pixels.

matthew_d_green, to random
@matthew_d_green@ioc.exchange avatar

Really impressed at the speed with which the advertising networks have deployed IP-address protecting proxies. I guess when ad dollars are on the line, industry can move mountains. https://www.theregister.com/2023/10/23/google_ip_proxy/

huitema,
@huitema@social.secret-wg.org avatar

@matthew_d_green the "oblivious" protocols try to hide the IP address of the user by using two relays: one that knows the original IP but does not know the destination URL, the second that knows the URL but does not know the original IP. It works, but only if there is no collusion between the two relays. Kinda like Tor, but Tor wants 3 relays to minimize risks of collusion. AFAIK Apple uses third parties for the first relay to be at arms length. No idea what Google plans.

huitema, to random
@huitema@social.secret-wg.org avatar

For those who are watching the slow decline of crypto, time for popcorn, maybe...
https://www.wired.com/story/us-treasury-crypto-mixer-hamas/

bagder, to random
@bagder@mastodon.social avatar

the OpenSSL API is the gift that just keeps on giving

And its like one of those gifts you get from an older relative that you rather wished they'd keep to themselves...

huitema,
@huitema@social.secret-wg.org avatar

@bagder Openssl has its very own definitions of software engineering...

huitema,
@huitema@social.secret-wg.org avatar

@bagder I really wish openssl separated the useful crypto library from the value added parts...

glennf, to random
@glennf@twit.social avatar

Is the world overall, for the most people, a better or worse place than when you were born? I was born in 1968; I believe it’s generally better for most people, despite being terrible for many. Do you expect at the time you leave this world for that to change much for better or for worse? I used to think for better; after the events of the last two years, for worse. I don’t expect to die soon, though (most people don’t).

huitema,
@huitema@social.secret-wg.org avatar

@ottocrat @glennf In the little village in France where I grew up, I remember people going to church in horse carts, and some even with oxen driven carts. That was in the 50's. At the same time, we had wars in Indochina and then in Algeria, the Suez canal affair. A bit later, we saw the soviets crushing rebellions in Hungary and then in Prague. So, yes, things have changed largely for the better.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • Leos
  • GTA5RPClips
  • osvaldo12
  • thenastyranch
  • DreamBathrooms
  • khanakhh
  • magazineikmin
  • InstantRegret
  • Youngstown
  • slotface
  • mdbf
  • love
  • kavyap
  • rosin
  • megavids
  • everett
  • cubers
  • ethstaker
  • Durango
  • ngwrru68w68
  • tacticalgear
  • modclub
  • cisconetworking
  • provamag3
  • anitta
  • normalnudes
  • tester
  • JUstTest
  • All magazines
    •