2800+ entries in 0.026s
Framedragger: aha, good stuff, i guess the point is that this kind of ddos is *easy*.
Framedragger: asciilifeform: forged as in e.g. where source ip addr != actual source?
Framedragger: how do you amplify udp? i guess application-layer-specific stuff like bittorrent's uTP (which has some amplification vuln shit iirc), etc.; also, dns
Framedragger: (one day i'll dup up logs why tae fuck mircea_popescu allegedly filters out udp by default)
Framedragger: also, ip packets with custom proto number would (1) stand out more easily to enemy, and could be more easily filtered out (vs. udp header with rng-data within) - see how chinese firewall blocked tor bridges etc etc; and (2) i'm sure quite a few appliances would filter them out by default (like how they filter out icmp, etc.)
Framedragger: asciilifeform: can you not use raw sockets (with some kind of linux cap to allow program to open them without root), defining udp-like struct within? (i'm sure performance tuning may not be easy, i mean to achieve same level of optimisation as in kernel stack)
Framedragger: aha. it's funny this little difference is 'forgotten' in most tutorials etc. heh.
Framedragger: yes that i know, but you still gotta reserve things to parse things...
Framedragger: i'm sure it's less than that especially as you don't need to save state/session info
Framedragger: asciilifeform: hm, sure. (and i forgot about arbitrary RSTs by anyone in the path which destroy the session, heh.) do you know how the resource allocation compares to udp in a typical (say, linux kernel) networking stack?
Framedragger: (this is just to juxtapose topics of trb and gossipd for a second and to maybe show why some folks really like the lighthouse idea) :)
Framedragger: (i guess "silently drop connections" (TCP DROP) from any non-whitelisted IP is one way around it, sorta.)
Framedragger: mircea_popescu: re. blackholing and to be alf-pessimistic for a second, node is exposed to risk of being blackholed as long as it uses TCP; because not only can enemy make it read packets (unavoidable in the end it seems), but there may be ways to making it send packets back.
☟︎ Framedragger not on the right side of the pond to know, i guess
Framedragger: *of course*. i'm not completely certain that he meant the latter (i guess he did?) and if he did, whether what he described is actually the case ("actual social networks are used as source of info again!1" - maybe?)
Framedragger: that it predicts you will click on. a lot of that reduces to "things i agree with", which is not at all bazaar-like, iiut. unless he meant "people recognising fake news for what it is, and physical word-of-mouth becoming a tool again." the latter does not imply facebook, but still sounds much too naive to my ear, but i dunno.
Framedragger: markets and souks, there is a long term advantage to being dependable." << if he's saying what i think he's saying (social networks work again!1 people use them to understand things!1) then he's beyond naive, as the modern 'social network' is nothing like that of a bazaar. the former is ~basically facebook which on top of being...facebook, selectively filters and presents "your friends' stories"
Framedragger: hmm. "The period of time that corresponds to the reliance on one-sided accounts such as television and newspapers, which can be controlled by the mandarins, lasted from the middle of the twentieth century until the U.S. elections of 2016. In that sense, social networks, allowing a two-way flow of information, put back the mechanism of tidings in its natural format. As with participants in
Framedragger: lol guardian strikes again pete_dushenski "Even then someone at The Guardian tried (unsuccessfully) to tone down my letter by showing that it was some type of *disagreement* with what *I* said, not a correction of their misrepresentation"
Framedragger: yupyup. easy to shame but nothing to replace it with
Framedragger: i expect most of those broken openssh keys were generated by ssh-keygen
Framedragger: yes yes i understand, the cherry on top is that you make sure it's also *easy*.
Framedragger: asciilifeform: i understand, but i mean the *detail*, etc. - it's a nice manual with everything spelled out for the user
Framedragger: ^ should be gold standard for hw vendors for all i know
Framedragger: i really admire the amount of effort you took to carefully spell out ways of auditing the thing
Framedragger: "when 4chan / $an_internet sets his mind to something"
Framedragger: asciilifeform: mno, this was a super random find, was going over some logs, re-read piece of your sage probe article, poked source out of curiosity
Framedragger: maybe not important enough to recalc and repub checksums heh
Framedragger: i see what you mean - knowledge gained on the problem space, processes with dealing with problems and researching this domain developed, etc.
Framedragger: probably worth thinking about it more, it'd be quite a spiffy thing indeed... that said, i have a more general concern with time-sunk-cost-to-trb. i do wonder how realistic it is to expect a trb-i in the years to come. if it is, then working on shitty legacy trb codebase is opportunity cost par excellence :( ; but, maybe testing harness could be generic enough to be easily re-usable.
Framedragger: this would be decently-demanding undertaking though, so makes sense to start from simpler unit tests which e.g. simply check if hash/signature checking routines work well. would still be handy for regression testing during development / when code is added, etc.
Framedragger: this would require a decently thought out testing framework (i don't mean shitty-web-framework, just, a systematized approach)
Framedragger: would be interesting to set up shitty-network-failure scenarios to see how 'antifragile' it is with regards to syncing up.
Framedragger: agree with mircea_popescu re fuzzing any inputs (primarily transactions)
Framedragger: asciilifeform: are you doing this to prototype your 32b tx header index idea?
Framedragger: (obviously you need to have written those tests first...)
Framedragger: i thought mouseovers were already there? if you mean timestamps over nicks
Framedragger: asciilifeform: where thing builds software and runs it tests every time a change is made. i assume you know his and are therefore asking rhetorically tho
Framedragger: #trilema is mircea_popescu's constant disappointment, then
Framedragger: i guess retort it "call me when you have 100 machines to adminster, kid"
Framedragger: snarky trinque uses ssh and bash for 100 machine setups, too
Framedragger: (even hft guy doesn't have anything bad to say about ansible)
Framedragger: "if you like report, pay bitcoin to this foundation address here -> " hey maybe one day it'll even happen
Framedragger: @all thanks to this chat i'll now make some urgent recommendations to startup i'm involved with. maybe it's not even gonna be fucked in the ass if moves decisively away. a bit ashamed i had $opinion on $thing-not-researched in the first place.
☟︎ Framedragger: (anyway, i never would have recommended to use it in critical production. but looks like it's shit for personal local machine projects, too)
Framedragger: trinque: not trying to redeem it any longer, at all, simmer down (but you were right.)
Framedragger: that said, fuck *again* i expose myself to arguing for a point i do not heartily believe in. need to reassess my shitty approach.