asciilifeform: mp_en_viaje: loox like hooligan might be sending forced tcp close in 'your' ip .
asciilifeform: ftr i did not put this in genesis because naively supposed that ordinary workings of tcp will in fact throw a connection if the pipe were to unplug. but apparently this aint so
asciilifeform: i still dun grasp why os's tcp stack doesn't liquidate a socket known to be stone dead. but this i suppose is a q for the original perpetrators , when they're connected to 220v
asciilifeform: mircea_popescu: if the tcp stack per se is retarded in this way, i expect it is also in cobol , fortran, etc, how not.
asciilifeform: diana_coman: if it runs, will run, all that's asked of it is to forward a tcp pipe to port x (whichever yer py is on)
asciilifeform: worse, not even certain that it is possible to write a clean/light www shitter , considering what http , tcp , are like to begin with
asciilifeform: mircea_popescu: i can think of a few riotously braindamaged proggies atm (e.g. 'sshd', where author somehow thought it acceptable to generate host key at boot ; and tcp stack, where seq #'s )
asciilifeform: spyked: mine disconnects strictly when a send() or recv() actually return eggog (i.e. indicating dead tcp pipe)
asciilifeform: ( and, interestingly, specifically fucked re tcp. )
asciilifeform: http://logs.nosuchlabs.com/log/trilema/2019-08-19#1929694 << this is worth expanding on. asciilifeform also gets very fast pings ( never moar than 200msec, to date ) and fast udp. what i suspect is, usg's snoop gear that sits as parasitic toad on south amer's pipe, specifically slows down tcp.
asciilifeform: pipe delay ( piz <-> asciilifeform's chair , cannot be generalized to entire planet ) varies from 0.2-0.4s (for revvup of tcp pipe, that is)
asciilifeform: mp_en_viaje: thinking about it, it's outgrowth of tcp retardation, where having the client alive costs the server at all times
asciilifeform: in trad irc, server periodically asks 'PING blah' and client expected to 'PONG blah' back (why? if it's a tcp pipe? what's the whole point of tcp, orig, if not to avoid this? dun ask me)
asciilifeform: my 'udp' lib was orig. gonna be a 'udp and tcp' lib. but very quickly realized...
asciilifeform: could try to use ada's 'streams' model. but then must decide, how to represent ~all~ of the possible tcp hiccups.
asciilifeform: aand that's just pg. now consider how to deal with tcp.
asciilifeform: bvt: how do i throw into a tcp socket a formatted fetch of log, consisting of unknown length of "<a ... " + blah + "</a>" etc, w/out string munging ?
asciilifeform: currently there aint a 'tmsr lang' in which can readily write wwwisms. (i dun even have a tcp end for gnat atm)
asciilifeform: what does, is to prevent eternal hang on silent (ask the tcp committee why this is physically possible, not me) deaths
asciilifeform: reason why 3 decade of 'apache' is same as why erryone (incl. microshit) is using that SAME tcp stack from berkeley '80s. cuz protocol was deliberately made so braindamaged, with literally 10,000+ moving parts, that ~impossible to correctly reimplement if demanding compat with 'everyone'
asciilifeform: point is , tho, that it is barfalicious ~because tcp~, not because author as such was tard
asciilifeform: 'Now, as if this wasn't enough, TCP also has a (transport layer) segment size, which must fit into a so-called "Maximum Segment Size" (MSS), which must be smaller than the MTU, because we also need to fit lower-layer headers and all that. Otherwise TCP isn't concerned too much with this, but misconfiguration can cause problems with congestion windows and whatnot, and we sure as hell don't want this shit to blow up. Finally, as if the
asciilifeform: as if the ludicrous cpu & bw waste of tcp weren't enuff, it also conveniently groups (with said grouping being entirely plaintext) 'sessions' for hitler to moar conveniently store & read.
asciilifeform: tcp was a 'gift' of profound retardation that 'keeps on giving', even to moar obvious extent than e.g. unix. it is single-handedly responsible for ~100% of the backbreaking complexicrud of apache, ssh, ftp, etc
asciilifeform: not to mention, gotta establish process re tcp ddosen. tomorrow could be e.g. qntra instead.
asciilifeform: re upstack >> anyone using one of asciilifeform's kernels can use simple cure : echo 0 > /proc/sys/net/ipv4/tcp_sack☝︎
asciilifeform: tcp shows erry possible sign of having been designed, from the start, to extend the ease of snoopage from traditional circuit-switched telco grid, to the packet world. consider e.g. the 'helpfully' plaintext sequence numbers.☟︎
asciilifeform: spyked: not only is the implementation what it is, but tcp per se is massive pile o'shit, where it aint even possible to implement it w/out 9000 tonnes of state machine gnarl
asciilifeform: asciilifeform sees tcp as a legacy tech, really
asciilifeform: i'll add that even a tcp skin wouldn't be entirely useless ( right nao the only way to write a wwwistic proggy in ada is to use adacorpse's 'gnatsockets' crock of shit )☟︎
asciilifeform: or , say, take tcp. mircea_popescu aint even a programmer, and is just about as 'clean' as a fella can get in re programming radiation damage and still have worked with comp. but it took asciilifeform 3+yrs to get him to see that tcp is -- by design -- garbage
asciilifeform: ( e.g. the problems of mitigating tcp ddos are irrelevant to proper udpistic gossipd. and ditto authentication of handles. )
asciilifeform: diana_coman: i'll admit that it isn't clear to me how effort put into baking glue for oddball nonstandard ircisms helps in re gossipd . irc as i see it is an entirely dead-end tech ( rides on tcp, and 0 notion of crypto , and cannot be retrofitted really )
asciilifeform: defo premature, esp. in light of prospect of e.g. ditching tcp
asciilifeform: fwiw simply rejecting tcp won't do the trick, you also gotta not allocate state for udp ( all extant routers, afaik, do.. but e.g. s.mg protocol and similar, will operate entirely correctly without this, as i understand it )
asciilifeform: ( and also happen to know why : they 'give to allcomers' in the sense of allocating memory for state of tcp connection. therefore it stands to reason that if one built router that doesn't tcp at all -- it will not fall. )
asciilifeform: mircea_popescu: i have plain old tcp with 'pehbot' ( via trinque's cl proggy )
asciilifeform: ( unlike e.g. tcp, where pipe can die )
asciilifeform: the mechanics of use is actually 'easy part' -- they take x11 pipe over tcp, and are pretty light on graphics (1bit raster)
asciilifeform: i for instance am sitting here and tryin', not always successfully, to cure folx of delusions that linux instilled in'em, e.g. 'tcp gives cheap an' reliable pipes' ( cured mircea_popescu after , what, 3y ) and nao 'udp packets can be anyffing, not merely 1472' (not cured yet..)
asciilifeform: wouldn't go this far; dunno about mircea_popescu , but i'm presently connected to fleanode, trb, etc via tcp
asciilifeform: mircea_popescu: 'catalogue of tcp braindamage' is prolly ripe for an article. ( sadly asciilifeform is mired in liquishit and prolly will not write it this wk )
asciilifeform: mircea_popescu: the braindamage of tcp, iirc, is elaborated in buncha old threads
asciilifeform: i picture the end product as something like tcp but without the retardations.
asciilifeform: ftr i never grasped why irc is a tcp item to begin with. it aint as if the messages outweigh the available bucket.
asciilifeform: imho tcp , if preserved anywhere, oughta live as a lowered-into-pederasty item-only-carried-over-better-protocols or strictly-on-lan, like telnet.
asciilifeform: tcp imho is fundamentally sad, not the least reason for which is that 'anybody' can break yer pipe
asciilifeform: 'g' , the tunnel-tcp-through-ciphered-udp thing
asciilifeform: as for tcp, unixsockets, etc. imho if we ever need these, they oughta live in own separate lib, given as they force somewhat different and gnarlier semantics, they do not belong in 1 gigantic 'kitchen sink' imho☟︎
asciilifeform: incidentally, my lib can be asmed just as readily as ave1 asmed the classical 'all of tcp stack' glue. ( sadly i dun currently have the free hands to do this )
asciilifeform: ( a reply here, in turn, is not the idjit tcp 'ack', but a packet containing hash(currentsecretsalt + prevpacket) + cipherola-to-current-key , i.e. can only have been generated by the box on the other end, and can only be authenticated by yours
asciilifeform: tcp is very difficult to sanely work with without a stream abstraction, but udp -- trivial.
asciilifeform: diana_coman: that's pretty odd, i could not get it to tcp on 22
asciilifeform: and moreover, they are a problem with the basic design of (for the most part) tcp.
asciilifeform: it's convention, is all, the high ports were reserved for the local ends of tcp pipes
asciilifeform: mircea_popescu: perhaps he dun have a tcp pipe in the cokemachine chair.
asciilifeform: mircea_popescu: the new biosen are lulzy also, often they have tcp stack nao, and read file system , and even show spam in the setup
asciilifeform: ben_vulpes: iirc i proposed at one time an intermediate item on the way to proper gossipd ( 'serpent'-ciphered tunneler to connect coupla ircd instances to each other, and ditto for users ( get otp cookie a la deedbot, get a key that's good for 1 tcp connect ) but so far instead followed mircea_popescu's advice re not wasting sweat on such a thing, but pushing with ffa so as to get with what to gossipd.☟︎☟︎
asciilifeform: i'm not objecting to the 'opens tcp to to usg server' part. but to the price signal.
asciilifeform: i was convinced that mircea_popescu was picking at the tcp socket handoff !11 lol!!
asciilifeform: i dun think keepalive ( of the http variety , rather than tcp's ) comes into play at all when you aren't on a dialup modem or similar horror
asciilifeform: tcp gives every allcomer a quite-expensive 'something'
asciilifeform: mod6: not, sadly, practical with tcp at all
asciilifeform: this problem was a serious headache for the tcp/ip people, they solved it mircea_popescu-style, 'fuckyou and errything going over the wire is to be bigendian' (at the time, bigendianism dominated in 'serious' iron)
asciilifeform: it's a resurrection of circa-2014 embraceandextendism -- 'let's impose prbtronic sslistic payment-via-tcp, and at the same time spam some moar spamola, make blox less breathable'
asciilifeform: prbism where you gotta tcp to somebody's box to pay him, or something of the kind
asciilifeform: because we're doing arbitrary tcp to whole planet, presumably ? vs derping around inside one physical house
asciilifeform: i don't much like the phrase 'trusted nodes', when you connect to trb node, you get plaintext tcp, and 0 guarantees re who or what you're actually talking to.☟︎
asciilifeform: it can't really be vanished away without killing 'tcp to arsebook' etc also. as i currently understand it.
asciilifeform: and partly in that i find the 'prototype' that solves 0 of the difficult problems, simply not interesting. i can write a perlism that pushes shitrsa packets over tcp etc. in half hour. but why.
asciilifeform: in other, not wholly unrelated, lulz, '...out-of-bounds write in systemd-resolved in Ubuntu, which is possible to trigger with a specially crafted TCP payload. ... Certain sizes passed to dns_packet_new can cause it to allocate a buffer that's too small. A page-aligned number - sizeof(DnsPacket) + sizeof(iphdr) + sizeof(udphdr) will do this... A malicious DNS server can exploit this by responding with a specially crafted TCP payload
asciilifeform: hey i know a TCP jokehey i know a TCP jokehey i know a TCP jokehey i know a TCP jokehey i know a TCP jokehey i know a TCP jokehey i know a TCP joke[barf]
asciilifeform: now, not all of these invocations are of recv() for udp. most -- tcp.
asciilifeform: 'February 16, 2017 ... Enphase Energy, Inc. (ENPH), a global energy technology company, today announced that it has refinanced and extended its term loan facility with certain funds managed by Tennenbaum Capital Partners ("TCP") from $25 million to $50 million.'
asciilifeform: attempts to secure tcp are duct tape.
asciilifeform: the important thing is to throw tcp straight into the shitcan where it belongs.
asciilifeform: Framedragger: the problem with tcp isn't simply that enemy can insert an RST packet and make you blame your peer. (and whitelists do 0 against this.) but that it is very expensive , computationally, long before you have any idea who you're talking to.☟︎
asciilifeform: that being said, you can use 'wire' with anything that can maintain a ciphered tcp pipe between two boxes. dun have to be ssh.
asciilifeform: 'IOC/ECG's Advanced Forensic Division (AFD) performed an analysis of Hive version 2.5 network communications to assess its likelihood of detection.The results of this analysis are found in document AFD-2012-0973-2. In summary, AFD was able to create signatures for DNS, ICMP, and TFTP triggers; found that the TCP and UDP triggers did not adhere to their respective protocol standards; and further found that the TCP and UDP triggers eac
asciilifeform: or any matches. If a match is found the packet is assumed to be a TCP replay and is dropped.'
asciilifeform: which is why you'll often find trb-related tcp pipes randomly RST'd, and the like.
asciilifeform: my wired nodes still find each other via addr.dat and open ~second~, plaintext tcp pipe...
asciilifeform: srsly almost ANY protocol built on top of raw lossy packet, even with one hand tied behind your back, ends up beating the shit out of tcp.
asciilifeform: ben_vulpes: also subject to all classical tcp abuses (enemy can close connection for you without breaking a sweat or any cooperation from counterparty)
