I've been in the industry for a long, long time, and I would say that use of bastion hosts ranks #2 on my list of things that tell me your environment is not secure (right behind "we use fail2ban to protect us" as the #1 clue).
I've bought a bunch of companies and seriously evaluated hundreds of them, and the ones where people had a bastion host set up commonly seemed to act as if it protected them from everything, to the point where they just stopped worrying about security otherwise.
It gives a false sense of security and makes people put their guard down - like "OK, we have everything secured behind the firewall and only people who can log in to the bastion host, so there's no need for firewall rules or policies on the servers inside our firewall perimeter". Which inevitably breaks down over time as things get opened up to the internet, employees come and go, etc.
I can't tell you the number of companies where I look at their setup and their bastion host itself is root owned - since those hosts are always being used (and are tied to everything so you can't easily reboot or replace them), and are considered nothing more than a "tool" that you rarely actually have to look at, they don't get updated nearly enough and are neglected.
Not saying that bastion hosts are a bad idea - but just like any easy to use, easy to forget, high risk part of the stack, they are often a sign of inexperience and neglect elsewhere in the architecture.
(Yes, I know that there are plenty of big companies that use jump boxes without issue, and this jumpserver product is different, but I'm specifically talking about the idea of having one little machine that is open to SSH and then you bounce off of that to get into the "secured" machines, and all of this just based on my own experience and may not reflect yours)
I have been running this stack since well before Claude Code became popular. It works OK but I've found it to be very slow; and despite having a big context window, it seems to lose track of what it's working on and goes down a rabbit hole (or just wastes tokens trying to use the web browser) for hours and is hard to get back on track. I even tried spinning up two sub-agents but even after years of trying to prompt them, they are almost useless in terms of coding ability, so that is looking to be a waste of spending at least so far but maybe the model will improve as time goes on.
This is one of those stories, just like the SR-71 "ground speed check" story, that every single time I see it posted I just have to read the entire thing again. I love it.
Further proving my point, I wasn't sure if you - a fellow commenter! - were talking about Ente Auth or Ente Photos until I re-read your comment and the linked issue. I think that they have great product(s) but terrible branding and apparently some growing pains as well.
I love Ente Auth, but Ente (as a company/organization) does a somewhat poor job of calling out their non-photos apps in their branding and on their website. If you go to the "Download" button at the top of the page on this page about their LLM chat app, it downloads... their photo sharing application. If you click Sign Up, it takes you to a signup page with the browser title "Ente Photos" but the page text says "Private backups for your memories" with a picture of a lock - is that the Ente Auth signup, or the Ente Photos app signup?
A little bit of cleanup on their site to break out "Ente, our original photo sharing app" from the rest of their apps would do wonders, because I had to search around on the announcement to find the download for this app, which feels about like trying to find the popular Ente Auth app on their website
This almost confirms it then, each machine has an external modem tied to 1 phone line per modem, and there are no internal modems in use. The picture shows 50 modems that I can see, and the original article indicates that it's around half of their total setup. Scott notes that they had a T3 (likely a frac T3) with 140 dial-in nodes, which aligns with the articles guess of 134 machines.
So I would say that almost definitely, they are using 1 (or 2 for some on the right side of the photo) external modem per PC connected to the 66 block, those analog phone blocks tied back to the channel bank/multiplexer, and the carrier's T3 tied in there.
No internal modems used at all.
And the person who posted the photo on twitter is none other than Scott Miller, founder of Apogee Software, publisher of some of the most revolutionary games of the late 80's and early 90's, and this BBS (Software Creations) was the cornerstone of distributing the shareware versions of those games. Very cool bit of history, I remember dialing in to Software Creations to download Commander Keen!
SSH expects the escape sequence (tilde) to be the first character on a new line; since backspace is sent as a character, you can't just backspace over something you've started typing and then press tilde to have it recognized.
Technically, you don't have to press enter if you've not typed anything (try it in a new SSH session - as soon as you are logged in, type ~? to get the SSH help output), but since the comment was about doing this during an active session without ending it, I figured noting that pressing enter first to be sure you're on a new line wouldn't hurt
While in an SSH session, press enter, then type tilde and capital C (enter ~C) and you can add command line options to the current session. To add a port forward from your local 8080 to the remote port 80 without closing the connection, do:
yes, most of them look like USRobotics Courier modems. Note that not all the machines have one, and some have two.
Assuming that the parent commenter is right and that they are using internal line cards, I wonder if the external modems were being added to support higher speeds.
However, the fact that we can see at least 2 (but I think four) 66 blocks means they had 50 to 100 phone lines for the machines visible, which would make sense that the external modems are the primary connection and no internal modems are being used, based on the number of modems visible and the fact that each 66 block can handle 25 lines.
I'm surprised that Cloudflare hasn't started hosting a pre-scraped version of websites that use Cloudflare's proxy - something like https://www.example.com/cdn-cgi/cached-contents.json They already have the website content in their cache, so why not just cut out the middle man of scraping services and API's like this and publish it?
Obviously there's good reasons NOT to, but I am surprised they haven't started offering it (as an "on-by-default" option, naturally) yet.
The parallel port (at least in it's later implementations) actually supports DMA - I'm sure that data exfiltration via the parallel port is hard, but probably not impossible...
correct, I thought he meant that the Neo does not support it, since his M1 Macbook does support Apple Intelligence but perhaps he's not aware of that or hasn't updated yet.
I have seen shit that would turn you white.