tmsr - Search: " T"

431900+ entries in 0.281s

mircea_popescu: atm, im blaming udp. and i would very much like to see it go away, right now. ☟︎☟︎

decimation: okay, let's imagine a new 'mpdp' that is the same as udp except carries an extra bit to indicate whether the bearer is an idiot

mircea_popescu reserves the sovereign right to blame anyhone on the path to the "accident" he chooses. so no, it's not "the misconfigured routers", i'm not the pitbull you put in the doorway, slam the door and it then "blames the misconfigured door".

jurov: then you'll just enable the reflection attacks right to your tcp port 80.. indeed fun to watch

mircea_popescu: it can be the fault of the shitty gun you bought. buy better guns or more funerals.

mircea_popescu: let them run on tcp/ip, should be fun to watch.

decimation: it's the fault of the misconfigured routers and the idiot ntp code

jurov: how is banning of udp going to magick dns/ntp away?

mircea_popescu: in which case you have to pay.

decimation: but that's not udp's fault

mircea_popescu: except if that trunk serves idiots who need or think might need udp

mircea_popescu: otherwise, the chump herd is eminently handle-able. the havok they can wreak by employing udp amps, not.

kakobrekla: you are all being theoretical. in practice you stop udp at least one step before the server in any way you particularity like and be done with it.

assbot: Logged on 30-07-2015 14:57:20; mircea_popescu: i find it kinda curious that asciilifeform and decimation can at the same time hold the discussion of political time we had recently in mind, and ALSO think breaking udp, or doing away with ntp is a bad idea.

mircea_popescu: and you've never answered ot the main point here. http://log.bitcoin-assets.com/?date=30-07-2015#1218091 ☝︎

mircea_popescu: it's the dumbass services currently sitting on udp.

mircea_popescu: asciilifeform it's not the "million chump botnet"

asciilifeform: mircea_popescu volunteers to shoot it, not realizing that the dog-kicker will kick every dog mircea_popescu ever bends to pet

asciilifeform: ~they~ kick the dog

asciilifeform: go, 'feel safe' because you went along with usg's transparent attempt to ban the only presently working single-packet transmission medium.

asciilifeform: but will point out that the million-chump botnet can just as easily transmit syn flood as udp crud

mircea_popescu: feel safe all you want, and maybe you never get to matter enough to find out better.

asciilifeform: mircea_popescu: not suggesting that everyone is to move to mordor and subscribe to this isp

mircea_popescu: your isp never had the problem, is all.

mircea_popescu: asciilifeform you're basically falling fore the "shared hosting" bit

asciilifeform: my isp clearly did not get defrauded in the same way as mircea_popescu's - because their six-figure machine does not as a result go down

mircea_popescu: decimation fuck this "misconfigured" bs. because udp.

mircea_popescu: they just take off the thing upstream. which IS six figures.

asciilifeform: through the window ?

asciilifeform: because how are they to walk in?

kakobrekla: iirc server saw about 800 megs of the 5 gigabit incoming garbage

asciilifeform: ok, those get dropped somewhere else

mircea_popescu: yes, they can. they can send you a trillion packets in fifteen minutes.

mircea_popescu: as decent as it gets = 500x line saturation three hops upstream.

asciilifeform: i mean, they can't walk in any faster than the 100Mb ethernet into the bldg

kakobrekla: i am at online.net, recommended by davout (paymium). they have serveral levels of infrastructure to mitigate attacks.

mircea_popescu: everything that gives idiots voice is the avatar of evil.

asciilifeform: mircea_popescu: i'm on a consumer fiber and, with modern hardware on my end (by no means six-figure), udp flood does not touch me.

mircea_popescu: decimation udp is widely deployed in the hands of idiots.

decimation fails to comprehend the difference between 'udp bad' and 'routing single ip packets good'

mircea_popescu: do tell ?

kakobrekla: as far as i can tell the attacker of qntra (trilema?) is the same as it was of bitbet last ddos.

kakobrekla: he is coming back because he is getting that half hour.

mircea_popescu: and the general point is udp does not belong. ☟︎

mircea_popescu: kakobrekla i might. atm not really a big enough deal, whatever, some people can't read trilema for half a day or w/e. but we were discussing the general point.

decimation: merely an example of an isp that can program routers

mircea_popescu: decimation yes, unfortunately, yhet another advantage for shithole cloud. "hey, we drop udp at least". exactly the good cop bad cop alf was proposing. but i am not moving to fuckingf cloud, and im not using fucking cloudflare and so fucking om.

kakobrekla: i was in the place where mp is and they wouldnt do it.

decimation: it ought to be simply done in any standard router too

kakobrekla: i wasnt talking about clold specifically.

decimation: I thought this was pretty standard for 'adult' cloud services

kakobrekla: some providers can in fact drop all incoming udp traffic per ip.

mircea_popescu: also true.

jurov: before udp, this originally happened to icmp, which then got filtered routinely... little did that help

mircea_popescu: no more udp => no more dns, no more ntp. win of all fucking time, i'd pay to see this happen tomorrow.

mircea_popescu: paint my nails and call me mary what the fuck is this.

mircea_popescu: what, jam tomorrow, maybe one day ima get gossipd over udp, perhaps, who knows ? meanwhile half the remaining usg online is BASED, and requires udp to survive at all ?

mircea_popescu: i find it kinda curious that asciilifeform and decimation can at the same time hold the discussion of political time we had recently in mind, and ALSO think breaking udp, or doing away with ntp is a bad idea. ☟︎

decimation: ntp has a fucktarded exploit - that makes neither 'exchange of time' nor 'udp' retarded

mircea_popescu: i still wish udp died, and with it all the "Services" it provides. starting with dns, ntp and come to think about it

mircea_popescu: asciilifeform ftr, i am noit proposing orphan-block TCP is any better. shouldreally be TCP/OB

mircea_popescu: excel to excel viruses!

mircea_popescu: it being written is the problem. as always.

mircea_popescu: ima see gossipd alright. atm, the infrastructure is not the problem.

mircea_popescu: i'd count this as a plus.

mircea_popescu: in any case : if it were the rule that udp gets dropped universally, i wouldn't have to have above convo with provider.

asciilifeform: not as theoretical as mircea_popescu might think

mircea_popescu: you maybe think about the theory of datagrams once a week.

mircea_popescu: i handle about two ddos attacks a week.

mircea_popescu: seriously, this discussion is asymmetrical.

mircea_popescu: who the fuck is going to create a syn flood for you.

mircea_popescu: asciilifeform stop being theoretical on me. sure same load, not same amplification available.

asciilifeform: to filter tcp syn vs empty udp

asciilifeform: throw out your filter then

mircea_popescu: udp is the problem atm. ☟︎

mircea_popescu: asciilifeform nope, those i filter ok.

asciilifeform: mircea_popescu: so then you get flooded with TCP SYNs. same difference.

mircea_popescu: decimation any time you wanna try processing 2-5mps let me know.

mircea_popescu: getting EVERYONE to entirely drop udp as a matter of policy would be a huge gain for me.

asciilifeform: mircea_popescu: you gotta understand the protocol stack.

mircea_popescu: asciilifeform the sort of machine that currently goes down is well i nthe six figure range.

asciilifeform: mircea_popescu: your machinery goes down even when you instruct it to drop all udp on the floor ?

mircea_popescu: me to isp "turn off fucking udp altogether, it's stupid" isp to me "you'll have toi buy the trunk"

decimation: how many of the muppet's packets were signed?

mircea_popescu: i gotta check keys. takes memory allocation. ddos.

asciilifeform: mircea_popescu: very easy to filter: reject anything that isn't a valid gossipd packet addressed to your key

mircea_popescu: asciilifeform you said yourself it's easier to filter!

asciilifeform: it is relevant to having created this bizarre situation where mircea_popescu thinks that tcp somehow solves ANY of the problems discussed earlier

mircea_popescu: decimation upd is hard to filter.

decimation is confused how any criticism of udp doesn't apply directly to any 'higher' ip protocol

mircea_popescu: what the usg does or doesn't do, wants or doesn't want, etc is irrelevant to everything, usg included.

asciilifeform: except that it doesn't

mircea_popescu: either provide it the sort of world it requires or visit its grave.

mircea_popescu: udp is braindamaged in that it requires a certain sort of world.

mircea_popescu: dude srsly. the fact that jews favour marriage is no argument pro or against.

asciilifeform: as tcp forces.

asciilifeform: they would much rather that everyone announce, for usg's ease of snoopage, when they are beginning to speak, and to whom, for how long, which order the bytes lay down in. ☟︎

asciilifeform: usg never liked the lack of inspectorial insight that udp creates. so they have deliberately set up this situation, long ago

asciilifeform: this is the one and only reason it was ever possible.

asciilifeform: mircea_popescu: realize that udp ddoes only ever existed because the net is willing to route packets 'from victim's' machine to the idiot tv boxes, who 'answer' them