HackerTrans
TopNewTrendsCommentsPastAskShowJobs

_huayra_

no profile record

comments

_huayra_
·السنة الماضية·discuss
The unusually high amount of drama in NixOS is one of the reasons I have been hesitant to start using it. Jon Ringer (a former contributor) posted a giant video [0] outlining his history with the project and how he left / was forced out (amongst several other key folks). For the record, I don't know how to characterize his exit, only that there was an absolute ton of drama around it that wasn't really related to even any technical aspect.

[0] https://www.youtube.com/watch?v=gp0FI8Gw1iA
_huayra_
·قبل سنتين·discuss
I've had good luck with the Mikrotik Audience, but it is not wifi 6 yet (likely coming soon).

If you're in a country that uses steel / concrete to build, unfortunately physics is not so kind towards any signal propagation through that :(
_huayra_
·قبل 5 سنوات·discuss
Yes that isn't too many, but right now any device can just hop on a network and start communicating (after DHCP). Not only that, but they can start communicating with any public IP address.

If people decided to take this away by adding some security directly into the IP layer (i.e. such that communicating without it is impossible, such as mandatory IPsec), I don't think the tradeoff would be worth it. Now you would have to manage all the normal stuff that comes with keys (e.g. expiration and renewal), and you may find your device gets wedged if you don't do the delicate key expiry dance correctly (i.e. you can't even connect to the site to get updated keys).

It's very easy to say "those DARPA morons not designing security was a big mistake!", but I am not convinced that the tradeoffs of solving it at the internet level (i.e. L4 and down) are worth the bootstrapping / flexibility hits.
_huayra_
·قبل 5 سنوات·discuss
Honestly most of it is pretty great. Folks who want to give it better, more reliable performance end up reinventing circuit switching, and anything involving security is difficult to solve at the IP layer.

The last big things to secure are DNS (can be done with DNSSEC), and possibly somehow mandate TLS for connections (although you definitely don't want that all the time).

One big glaring problem is BGP, which we don't really have an answer for. Whereas "just use DNSSEC" pretty much solve the last big security hole above, BGP is still difficult because you have to basically have a system to attest the path for each BGP node. AS1 can't say "I have a path of length 5 through AS2 AS3 AS4 AS5 AS6 to AS6" unless that message can be attested to by each node, but then this comes into a bootstrapping problem (e.g. how do you reach those ASes to get some sort of key without going through AS2 first?) or trusting some authority as we do for ssl certs. God knows the first thing I do on any fresh install is uninstall those root certs from any sketchy government I don't trust.

Having worked on SDN in its heyday for some of the big players in the space, there are definitely good ideas in the space, but getting to adoption is damn difficult, bordering on impossible. I don't know what it will take to oust BGP, so we're kinda stuck with it for the foreseeable future.