log
162 entries in 0.153s
asciilifeform: i for instance am sitting here and tryin', not always successfully, to cure folx of delusions that linux instilled in'em, e.g. 'tcp gives cheap an' reliable pipes' ( cured mircea_popescu after , what, 3y ) and nao 'udp packets can be anyffing, not merely 1472' (not cured yet..)
asciilifeform: wouldn't go this far; dunno about mircea_popescu , but i'm presently connected to fleanode, trb, etc via tcp
asciilifeform: mircea_popescu: 'catalogue of tcp braindamage' is prolly ripe for an article. ( sadly asciilifeform is mired in liquishit and prolly will not write it this wk )
asciilifeform: !#s from:asciilifeform tcp
asciilifeform: mircea_popescu: the braindamage of tcp, iirc, is elaborated in buncha old threads
asciilifeform: i picture the end product as something like tcp but without the retardations.
asciilifeform: ftr i never grasped why irc is a tcp item to begin with. it aint as if the messages outweigh the available bucket.
asciilifeform: imho tcp , if preserved anywhere, oughta live as a lowered-into-pederasty item-only-carried-over-better-protocols or strictly-on-lan, like telnet.
asciilifeform: tcp imho is fundamentally sad, not the least reason for which is that 'anybody' can break yer pipe
asciilifeform: 'g' , the tunnel-tcp-through-ciphered-udp thing
asciilifeform: as for tcp, unixsockets, etc. imho if we ever need these, they oughta live in own separate lib, given as they force somewhat different and gnarlier semantics, they do not belong in 1 gigantic 'kitchen sink' imho
asciilifeform: incidentally, my lib can be asmed just as readily as ave1 asmed the classical 'all of tcp stack' glue. ( sadly i dun currently have the free hands to do this )
asciilifeform: ( a reply here, in turn, is not the idjit tcp 'ack', but a packet containing hash(currentsecretsalt + prevpacket) + cipherola-to-current-key , i.e. can only have been generated by the box on the other end, and can only be authenticated by yours
asciilifeform: tcp is very difficult to sanely work with without a stream abstraction, but udp -- trivial.
asciilifeform: diana_coman: that's pretty odd, i could not get it to tcp on 22
asciilifeform: and moreover, they are a problem with the basic design of (for the most part) tcp.
asciilifeform: it's convention, is all, the high ports were reserved for the local ends of tcp pipes
asciilifeform: mircea_popescu: perhaps he dun have a tcp pipe in the cokemachine chair.
asciilifeform: mircea_popescu: the new biosen are lulzy also, often they have tcp stack nao, and read file system , and even show spam in the setup
asciilifeform: ben_vulpes: iirc i proposed at one time an intermediate item on the way to proper gossipd ( 'serpent'-ciphered tunneler to connect coupla ircd instances to each other, and ditto for users ( get otp cookie a la deedbot, get a key that's good for 1 tcp connect ) but so far instead followed mircea_popescu's advice re not wasting sweat on such a thing, but pushing with ffa so as to get with what to gossipd.
asciilifeform: i'm not objecting to the 'opens tcp to to usg server' part. but to the price signal.
asciilifeform: i was convinced that mircea_popescu was picking at the tcp socket handoff !11 lol!!
asciilifeform: i dun think keepalive ( of the http variety , rather than tcp's ) comes into play at all when you aren't on a dialup modem or similar horror
asciilifeform: not tcp
asciilifeform: tcp gives every allcomer a quite-expensive 'something'
asciilifeform: mod6: not, sadly, practical with tcp at all
asciilifeform: this problem was a serious headache for the tcp/ip people, they solved it mircea_popescu-style, 'fuckyou and errything going over the wire is to be bigendian' (at the time, bigendianism dominated in 'serious' iron)
asciilifeform: it's a resurrection of circa-2014 embraceandextendism -- 'let's impose prbtronic sslistic payment-via-tcp, and at the same time spam some moar spamola, make blox less breathable'
asciilifeform: prbism where you gotta tcp to somebody's box to pay him, or something of the kind
asciilifeform: because we're doing arbitrary tcp to whole planet, presumably ? vs derping around inside one physical house
asciilifeform: tcp'd to death, looks like.
asciilifeform: i don't much like the phrase 'trusted nodes', when you connect to trb node, you get plaintext tcp, and 0 guarantees re who or what you're actually talking to.
asciilifeform: it can't really be vanished away without killing 'tcp to arsebook' etc also. as i currently understand it.
asciilifeform: ( and other tcp )
asciilifeform: and partly in that i find the 'prototype' that solves 0 of the difficult problems, simply not interesting. i can write a perlism that pushes shitrsa packets over tcp etc. in half hour. but why.
asciilifeform: in other, not wholly unrelated, lulz, '...out-of-bounds write in systemd-resolved in Ubuntu, which is possible to trigger with a specially crafted TCP payload. ... Certain sizes passed to dns_packet_new can cause it to allocate a buffer that's too small. A page-aligned number - sizeof(DnsPacket) + sizeof(iphdr) + sizeof(udphdr) will do this... A malicious DNS server can exploit this by responding with a specially crafted TCP payload
asciilifeform: hey i know a TCP jokehey i know a TCP jokehey i know a TCP jokehey i know a TCP jokehey i know a TCP jokehey i know a TCP jokehey i know a TCP joke[barf]
asciilifeform: in tcp
asciilifeform: now, not all of these invocations are of recv() for udp. most -- tcp.
asciilifeform: 'February 16, 2017 ... Enphase Energy, Inc. (ENPH), a global energy technology company, today announced that it has refinanced and extended its term loan facility with certain funds managed by Tennenbaum Capital Partners ("TCP") from $25 million to $50 million.'
asciilifeform: attempts to secure tcp are duct tape.
asciilifeform: the important thing is to throw tcp straight into the shitcan where it belongs.
asciilifeform: Framedragger: the problem with tcp isn't simply that enemy can insert an RST packet and make you blame your peer. (and whitelists do 0 against this.) but that it is very expensive , computationally, long before you have any idea who you're talking to.
asciilifeform: that being said, you can use 'wire' with anything that can maintain a ciphered tcp pipe between two boxes. dun have to be ssh.
asciilifeform: 'IOC/ECG's Advanced Forensic Division (AFD) performed an analysis of Hive version 2.5 network communications to assess its likelihood of detection.The results of this analysis are found in document AFD-2012-0973-2. In summary, AFD was able to create signatures for DNS, ICMP, and TFTP triggers; found that the TCP and UDP triggers did not adhere to their respective protocol standards; and further found that the TCP and UDP triggers eac
asciilifeform: or any matches. If a match is found the packet is assumed to be a TCP replay and is dropped.'
asciilifeform: https://wikileaks.org/ciav7p1/cms/files/DevelopersGuide.pdf << for aficionados strictly -- details of implant protocol, where gibblets are disguised as tcp replay packets. apparently standardized across this particular directorate.
asciilifeform: which is why you'll often find trb-related tcp pipes randomly RST'd, and the like.
asciilifeform: my wired nodes still find each other via addr.dat and open ~second~, plaintext tcp pipe...
asciilifeform: srsly almost ANY protocol built on top of raw lossy packet, even with one hand tied behind your back, ends up beating the shit out of tcp.
asciilifeform: http://btcbase.org/log/2017-02-10#1613048 << you get ~all of this for free JUST BY DUMPING TCP ☝︎
asciilifeform: ben_vulpes: also subject to all classical tcp abuses (enemy can close connection for you without breaking a sweat or any cooperation from counterparty)
asciilifeform: tcp over dead monkey?
asciilifeform: with which to tcp
asciilifeform: (specifically they did not permit chumps incoming tcp)
asciilifeform: mircea_popescu: the tcp stack per se does not offer any means whereby two proggies speak simultaneously through 1 socket
asciilifeform: this, incidentally, was a proggy that doesn't even use tcp.
asciilifeform: mircea_popescu: 'g' was result of my frustration with trb's plaintext tcp
asciilifeform: nmap: 'Discovered open port 49152/tcp on 82.193.247.114' >>>>> https://archive.is/WAevR
asciilifeform: now it pings, but won't take a tcp socket.
asciilifeform: ( i could even see an argument that, e.g., rawtx eater doesn't belong in trb , and that tx ought to be injected via the ordinary tcp method. but i dun recall having this argument )
asciilifeform: Run Moar Tcp.
asciilifeform: USE MOAR TCP
asciilifeform: in other noose, https://archive.is/cgpZD >> 'This botnet with 145607 cameras/dvr (1-30Mbps per IP) is able to send >1.5Tbps DDoS. Type: tcp/ack, tcp/ack+psh, tcp/syn.'
asciilifeform: 'I know when ARPANET was being developed, they were interested in physical (wires-level) robustness (i.e., in case of war) – but I’m not aware of any scholarly research going on about how to protect TCP/IP from itself.'
asciilifeform: and it was plugged into a bank of tcp to serial (yes) converters, even.
asciilifeform: Framedragger: i won't touch a tcp 'gossipd'
asciilifeform: and that (b) means either being retarded (services built on tcp, such as www and irc) or some variation on udp.
asciilifeform: (if all-comer can get a challenge, this not only makes you ddosable tcp-style, but turns your gossip net into a ddosatron weapon for any idiot who can get spoofed packets into it)
asciilifeform: tcp has no future, Framedragger .
asciilifeform: Framedragger: not only tcp, but the horse it rode in on. whole thing must burn.
asciilifeform: Framedragger: tcp is evil.
asciilifeform: syn flood is challenge enough, because tcp is braindamaged.
asciilifeform: the kind that accepts tcp conns from all-comers.
asciilifeform: trinque: 'nothing for showing up' is quite physically impossible with tcp.
asciilifeform: but they ought not to complain when 'my tcp connections are blackholing' or 'someone derived my rsa privkey using known-ciphertext attacks' etc.
asciilifeform: as an only sane possible replacement for tcp.
asciilifeform: phf: the handful of interesting aspects (single-packet friend-or-foe, no tcp) were outlined here.
asciilifeform: but it was ~always~ possible, from day1 of tcp, and this is evident to anyone with a copy of, e.g, richard stevens's 'tcp/ip illustrated'.
asciilifeform: it can also inject crapolade, into any tcp stream whatsoever. this is not a hypothetical, the actual mechanism that is actually used was recently discovered.
asciilifeform: usg can reset any and all tcp connections whenever it feels like it.
asciilifeform: tcp is evil, fundamentally because it violates the 'NEVER something-for-nothing-to-all-comers-FUCKOFFRANDOS' principle.
asciilifeform: http://btcbase.org/log/2016-08-26#1529651 << ~tcp~ is evil, and i will kill it with my own hands. at least in the sense where i killed, e.g., git. ☝︎
asciilifeform: the most galling thing is the VERY NOTION of a tcp that isn't porous. because tcp breaks BOTH of the two, as i found, iron rules of network sanity: 1) NOTHING TO RANDOS FOR FREE 2) NO OPERATIONS ON UNSIGNED INPUT
asciilifeform: ments, we show that the attack is fast and reliable. On average, it takes about 40 to 60 seconds to finish and the success rate is 88% to 97%. Finally, we propose changes to both the TCP specification and implementation to eliminate the root cause of the problem.'
asciilifeform: rther, if the connection is present, such an off-path attacker can also infer the TCP sequence numbers in use, from both sides of the connection; this in turn allows the attacker to cause connection termination and perform data injection attacks. We illustrate how the attack can be leveraged to disrupt or degrade the privacy guarantees of an anonymity network such as Tor, and perform web connection hijacking. Through extensive experi
asciilifeform: 'In this paper, we report a subtle yet serious side channel vulnerability (CVE-2016-5696) introduced in a recent TCP specification. The specification is faithfully implemented in Linux kernel version 3.6 (from 2012) and beyond, and affects a wide range of devices and hosts. In a nutshell, the vulnerability allows a blind off-path attacker to infer if any two arbitrary hosts on the Internet are communicating using a TCP connection. Fu
asciilifeform: lulzily, the iturd is the only phone that reliably works here in the house (because it supports telephony over tcp, transparently, instead of being stuck with tower, ~all of which are far away / weak)
asciilifeform: 'highland communications' << tcp-over-bagpipe ?
asciilifeform: http://btcbase.org/log/2016-07-06#1497604 << of naked tcp, aha. ☝︎
asciilifeform: (tcp, that massive barrel of liquishit, was designed before the discovery of luby code - or any of the subsequent 'fountain' algos)
asciilifeform: alert reader will realize that this abolishes tcp.
asciilifeform: and gossipd is considerably more general than a chat, it is to be a complete replacement for tcp/ip and packet switching as ordinarily understood.
asciilifeform: and incidentally what's packet size to do with irc, it runs on tcp.
asciilifeform: i routinely use, e.g., ida pro under 'wine' over x11 over tcp.
asciilifeform: mircea_popescu: aha, but then some bozo added tcp to it
asciilifeform: tcp over old slave banjo.
asciilifeform: i did not include the tcp module for ts either
asciilifeform: PeterL: it is supposed to be a generic cipherator for tcp tunnel
asciilifeform: i've experimented with tcp replay for testing