• 0 Posts
  • 1.38K Comments
Joined 3 years ago
Cake day: June 18th, 2023
  • NaibofTabr@infosec.pubtoxkcd@lemmy.worldxkcd #3245: Results AgeEnglish
    2·
    5 hours ago

    Telnet is basically the predecessor to SSH for terminal-over-network communications:

    It is a protocol for bidirectional 8-bit communications. Its main goal was to connect terminal devices and terminal-oriented processes.

    At this point, it is archaic network technology:

    Telnet was originally developed for ARPANET in 1969.

    It was developed in a time when only very specific organizations with lots of funding had access to computer networking. The Mother of All Demos had happened only the year prior. The first version of the Internet Protocol used today would not come until 1973.

    There was no concern that unauthorized parties might eavesdrop on the communications between networked computers. Also, at this time there were no functional computer networks that extended beyond local sites. The first ARPANET nodes would not start communicating with each other until 1970:

    The first four nodes were designated as a testbed for developing and debugging the 1822 protocol, which was a major undertaking. While they were connected electronically in 1969, network applications were not possible until the Network Control Program was implemented in 1970 enabling the first two host-host protocols, remote login (Telnet) and file transfer (FTP) which were specified and implemented between 1969 and 1973.

    There weren’t interstate or international network connections, or public routing architecture or DNS or anything like that.

    So basically, everyone who could possibly access your computer network would have to be on site, and probably in the room with the (very classified) government research computers. At this point you could count the number of people who really understood computer networking technology (globally) on your fingers and toes. If you happened to be working in this field, you could probably name offhand all of the people who understood enough about the technology that could possibly pull off a vulnerability exploit against Telnet, and you very likely knew them personally. Cybersecurity wasn’t a thing that anyone was worrying about yet.

    All of the security features that have been added to Telnet are afterthoughts, bolted on to the original system. It was never designed for the public Internet that we have today. And yet… there is still legacy technology out there that uses Telnet for remote access and administration, some of it in critical infrastructure like power grids and water systems.

    Ultimately, my point is that it’s very very difficult to eliminate communications technologies once any kind of industrial, commercial or government activity starts to use them for regular business. It’s one of Microsoft’s biggest problems with the products that they have been selling to various enterprises since the 90s (Windows Desktop, Windows Server, Active Directory, Word, Excel, etc) - they’re forced to maintain compatibility with legacy stuff even when they know without a doubt that it creates major security problems, because there are too many organizations dependent on that software. The Internet is like this now, and the people who were part of its foundation are dying off.

  • NaibofTabr@infosec.pubtoFuck AI@lemmy.worldThe Time Bomb Went Off: AI's All-You-Can-Eat Era Just Ended in Real TimeEnglish
    1·
    11 days ago

    Plenty of hosters provide that. Cerebras, for example, fabs their own ASICs (seperate from Nvidia), builds them into servers, hosts a number of open-weights models themselves in friendly jurisdictions, and offers SLAs for enterprise clients; it doesn’t get more “guaranteed” than that in AI Land, but there are tons of hosts to choose from.

    This makes sense for first-party hardware businesses like Cerebras that are renting or selling their platform to developer businesses (second party) for the purpose of creating AI-based software tools which they will then sell as services to other businesses (third party), and I can see that guarantees could be written in a contract for the first-to-second-party relationship.

    What I don’t see is that any such guarantees can be effectively written or enforced in a second-to-third-party contract, where an AI SaaS company is selling their software service to companies that don’t do their own development, and expect that the service they have contracted will produce reliable results.

  • NaibofTabr@infosec.pubtoFuck AI@lemmy.worldThe Time Bomb Went Off: AI's All-You-Can-Eat Era Just Ended in Real TimeEnglish
    14·
    11 days ago

    How does this work when “good enough” AI like Deepseek V4, GLM and such are so dirt cheap they’re basically free for businesses? And available from tons of providers, or even self hostable?

    Typically what separates enterprise-grade products and services from alternatives is a contract with an SLA… but that generally means there’s some contractual requirements for the reliability and productivity of the product or service. I’m not sure that any of the overhyped chatbots are reliable enough to support such contractual obligations, or that there’s a useful way to measure their productivity.

  • NaibofTabr@infosec.pubtolinuxmemes@lemmy.worldI'm looking for a free OS, should it be Debian or Arch Linux(community)?English
    194·
    12 days ago

    If you are interested in maintaining your OS as an ongoing and constant project, go with Arch. You will learn a lot about Linux, and about system administration in general. You will also have entire days where you are unable to do anything productive with your computer because the last update broke userspace again and you can either spend a lot of time troubleshooting your specific problem, or spend a lot of time reinstalling and reconfiguring your system.

    If your computer is more than just a hobby platform and you need to use it regularly for any kind of productivity, go with Debian. Set it and forget it.

    Either way, off-system file backups are recommended.