Notices by Paul_IPv6 (paul_ipv6@infosec.exchange)

@BillJelavich @jpmens @shaft

we need that dos equis dude meme with "it's not always DNS, but when it is, it's a doozy..."

@Viss

i was a very early employee at one of the first two commercial US ISPs, UUNET.

all of us were using cisco routers. there was a bug where at about 24-26 hours, the BGP session in them crashed, causing waves of BGP convergence issues, affecting all the tier 1 providers.

the solution was to reboot carefully at about 22 hours. we waited desperately for cisco to get us a patch.

we were at a usenix conference in the terminal room at about 11pm when we got an email that they'd isolated the bug and thought they had a fix. at this point, the senior router folks for UUNET, MCI, and Sprint sat in the terminal room, waiting.

about 1:30am we got email that tony thought he'd fix it. we asked how much testing he'd been able to do.

tony: "it booted in the lab"

us: "we'll take it!"

then, all 6 of us downloaded the code and proceeded to reboot about 70% of the internet backbone to start using the new code, all of UUNET, MCI, & Sprint.

fortunately, in those days, cisco let their senior engineers talk directly to customers and they got things fixed fast.

this never made the newspapers at the time. i can't even imagine any ISP these days allowing engineers to reboot their entire backbone from a terminal room with code that "booted in the lab".

kind of miss those old days.

@ryanc

lack of revision numbers on change in general is just evil.

i remember buying a couple of hundred boxes with a very specific controller board that we had to have due to OS support. first batch worked fine. second shipment, every one failed. checked board revision versions. no change.

turns out they did new board firmware but didn't increment version number.

hilarity ensues.

sigh...

@ryanc

NT 3.5.1

never to be repeated or equaled.

@ryanc

wow... that's like "would you prefer toxic waste, nuclear waste, or asbestos".

so many bad choices here... i will say that windows 11 is shaping up to be the privacy and security disaster we're all reminiscing about like this in 5 years.

@ryanc

don't last as long as wax or wooden apples when you're doing still life paintings but do taste very similar.

@VickForcella @SteveBellovin @inthehands @mattblaze

used the phone to call someone with a camera?

@SteveBellovin @inthehands @mattblaze

the old mechanical phone switches are amazing

@inthehands @SteveBellovin @mattblaze

go for it! i find keyboard instrument mechanics fascinating. harpsicords are just crazy.

@inthehands

"It thus follows that politicians and political parties are •lagging• indicators of change."

i think that's a crucial part of understanding where politicians are in the process of substantive, systemic change.

they are the original "no one ever got fired for buying X" folks.

you're right that politicians don't build consensus. they don't even lobby hard for it. they concede to consensus when they believe it's consensus.

the reason they need a story is to understand how what they're trying to do matches that consensus opinion.

politicians are sales folks as much as they are legislators.

what you call activists are the startups, the market disruptors, the visionaries.

@inthehands

yeah. probably more "actual solutions are pretty low in the priority queue". it's not that they are against fixing things. it's just not what they put as a top goal.

that's why if we can give them a "story" they think they can run with to go with actual solutions, we'll get more actual solutions.

@inthehands

yup. most don't care about actual solutions. they just want to be seen as doing something about the problem. they want to figure out the status quo/consensus opinion, then adopt that as their opinion du jour.

we, as technologists, can't just educate them, explain the risks, explore potential solutions. we also have to spoon feed them the "spin", the message they can use to show that they "did something" and are "on the right side of the argument". without that spin, they'll never care.

when we can both give unbiased, real info and also help them spin it, we will get what we want more often.

@ryanc

you can tell old school cashiers when they take a credit card that doesn't work, wrap it in a plastic grocery bag and try again too. :)

all sorts of "it worked for mag strips, why not now" confusion.

@ryanc @Crell @jerry

i was just joking recently with someone that what we got was PGP (Pretty Good Privacy) but what we really should have asked for was PEP (Pretty Easy Privacy). :)

@ryanc @Crell @jerry

same same here. run small email server.

while i can sympathize with consumer email providers that block-specific only doesn't scale nearly as well as block-all/allow-only-specific, we hit what you say. how do i prove i'm "clean" if i can't send to you.

i do think we need to have these discussions, possibly be willing to give up some cherished ideals, but most critically, we need to get those most at risk of abuse involved at every stage in discussion/design/test/deploy.

@ryanc @malwaretech

certain US states (CA among them) have much stricter laws about what landlords can get away with.

@ryanc

when mosaic first came out, i was working in a unix shop. general reaction was:

- who needs pictures
- this is really slow
- why do we need this if we have wais/gopher/archie/etc already

lessons learned from this:

- this is why none of us was able to retire early/rich
- we were right but no one listened

@ryanc

indeed.

there's a reason there's so much effort at voter suppression. the fascists know they are a shrinking demographic.

@ryanc

if you weren't deranged when you start, this should certainly kick you off the deep end. :D

@ryanc

never trust anything that claims it can parse ASN.1.

any syntax standard that is supposed to be clear and unambiguous but whose very name is Abstract is just a bad idea. :)