Profile

Cover photo
Paul Vixie
Works at Farsight Security, Inc.
Attended Keio University
Lives in La Honda, California
2,313 followers|276,832 views
AboutPostsPhotosYouTubeReviews
People
Have him in circles
2,313 people
Brenden Kuerbis's profile photo
CAROLE UPPERSIDE's profile photo
Dave Phillips's profile photo
Jason Wellband's profile photo
John Hixson's profile photo
Jennifer Findley's profile photo
Aaron Falk's profile photo
Jothan Frakes's profile photo
Tim Hester's profile photo
Work
Occupation
Gray Lensman
Employment
  • Farsight Security, Inc.
    CEO, 2013 - present
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
La Honda, California
Links
YouTube
Other profiles
Contributor to
Story
Tagline
Hey you kids get offa my lawn!
Education
  • Keio University
    computer science, 2007 - 2011
Basic Information
Gender
Male
Relationship
Married

Stream

Paul Vixie

Shared publicly  - 
 
<<A recent Mega Millions lottery had 1-in-175,711,536 odds of winning. To put those chances in perspective, that’s about the number of seconds in six years. So it’s like knowing a hedgehog will sneeze once and only once in the next six years and putting your hard-earned money down on one particular second—say, the 36th second of 2:52am on March 19th, 2017—and only winning if the one sneeze happens exactly at that second. Don’t buy a Mega Millions ticket.>>
 
Great explanation of Graham's Number...head explodes.
Graham's number is so big, we need a whole new set of tools to even discuss it.
View original post
13
Russell Nelson's profile photoKevin Oberman's profile photoGreg Shepherd's profile photo
4 comments
 
It's a tax on people who are bad at math. Your odds of finding the winning lottery ticket are affectively no worse than the odds of buying one. So when the jackpot gets big, just look down.

Paul Vixie

Shared publicly  - 
 
this is really quite cool. i played "spot the bug" for each error message, and mostly lost until i read the explanatory text. BIND9 deserves to be checked by this tool.

http://www.viva64.com/en/b/0377/
17
1
Shane Kerr's profile photoPaul Vixie's profile photo
2 comments
 
i think C will peak at age 50, like fortran and cobol did.

Paul Vixie

Shared publicly  - 
 
<< In November 2014, Anderson was told he was being terminated during the middle of the fellowship. His review performance placed him among the lowest five percent of Yahoo's employees, all of whom were being fired, his supervisor told him. >>

not for nothing, but, i would only ask managers to rank employees in a linear fashion so as to find out which managers would actually do it vs. those capable of telling me i was insane to want it. i'd fire the former. all of them, down to the last man, woman, or child.
Gregory Anderson says his supervisors consistently preferred to hire women.
14
1
Ken Wallich's profile photoRussell Nelson's profile photoPaul Vixie's profile photo
3 comments
 
hint: using a linear model on a nonlinear process is a data-losing transformation.

Paul Vixie

Shared publicly  - 
 
so many layers of breakage here, i don't know where to start.

Jan 8 08:20:39 cc3 postfix/smtpd[70688]: connect from mail147.suw16.rsgsv.net[198.2.182.147]

Jan 8 08:20:39 cc3 postfix/smtpd[70688]: NOQUEUE: reject: RCPT from mail147.suw16.rsgsv.net[198.2.182.147]: 450 4.7.1 <davidu@jabber.tisf.net>: Relay access denied; from=<bounce-mc.us10_41408301.194141-davidu=jabber.tisf.net@mail147.suw16.rsgsv.net> to=<davidu@jabber.tisf.net> proto=ESMTP helo=<mail147.suw16.rsgsv.net>

Jan 8 08:20:39 cc3 postfix/smtpd[70688]: disconnect from mail147.suw16.rsgsv.net[198.2.182.147]
2
George Michaelson's profile photoMichael Richardson's profile photoPaul Vixie's profile photo
3 comments
 
+Michael Richardson
mcr, that e-mail should never have been sent. somebody scraped a JID and decided that it should also function as an e-mail address. there is no SMTP server anywhere that understands that RHS. --vix

Paul Vixie

Shared publicly  - 
 
somebody asked me why dnssec isn't getting deployed, and was there fear around the additional reflecting-amplifier efficiency (in spoofed-source ddos attacks) when dns responses are signed. i wrote back as follows:

<< i think mature experienced opsec thinkers know that dnssec makes a bad thing (amplification attacks using spoofed-source) worse, but that the thing that's bad without dnssec (udp itself in a non-BCP38 world) is still bad, still intractible, and bad enough that adding dnssec doesn't make it appreciably worse.

the other 99.7% of opsec thinkers want to be seen deciding something, and not deploying dnssec is something they can decide, and they are deciding it.

however, that's not why dnssec remains undeployed. rather, it's because the dnssec cost:benefit proposition is high:low. the "error surface" of things which can take you offline (when you sign) or artificially make you believe that someone else is offline (when you validate) is huge-- outlandishly huger than any problem you could face due to dns cache pollution or answer-substitution.

in other words the non-deployment decision is being made by default ("why would we do that?") not explicitly ("we should not do that") and it's being made by the full I.T. team not opsec in particular. >>
36
7
Gert Doering's profile photoTom Limoncelli's profile photoPatrik Fältström's profile photo
4 comments
 
DNSSEC happens when the hosting providers do sign zones by default. When there is no choice of having an unsigned zone.

Yes, as +Gert Doering  point out, transfer of domains between registrars and/or hosting providers is problematic, but IETF is to some degree working on that issue (at last). To some degree it is by default problematic because that is the kind of thing DNSSEC is to protect against. I.e. if someone else tries to start using a domain.

I think the two problems have to be separated from each other, and still, we will not get enough incentive to deploy DNSSEC unless we start by having validation out there. Then we can start comparing the cost with something. Without validation only the cool cats will sign their zones.

Paul Vixie

Shared publicly  - 
 
today i learned something new and terrifying, by porting my favourite small emacs-clone editor ("jove") to my current environment ("clang"):

cc -O -DBSDPOSIX -c paragraph.c
paragraph.c:425:16: warning: adding 'int' to a string does not append to the
      string [-Wstring-plus-int]
                        ins_str("  "+(2-nspace));
                                ~~~~^~~~~~~~~~~
paragraph.c:425:16: note: use array indexing to silence this warning
                        ins_str("  "+(2-nspace));
                                    ^
                                &   [          ]
1 warning generated.

i had no idea that string plus int did anything. so now i'm curious.
8
3
Ed Gould's profile photoSean Fagan's profile photoPeter da Silva's profile photoPaul Vixie's profile photo
9 comments
 
+Peter da Silva proving, as in my own work, that learning assembly language first, takes you to bad places.
Have him in circles
2,313 people
Brenden Kuerbis's profile photo
CAROLE UPPERSIDE's profile photo
Dave Phillips's profile photo
Jason Wellband's profile photo
John Hixson's profile photo
Jennifer Findley's profile photo
Aaron Falk's profile photo
Jothan Frakes's profile photo
Tim Hester's profile photo

Paul Vixie

Shared publicly  - 
 
<< We've seen several companies achieve ambitious growth plans, yet still find it challenging to raise follow-on capital due to concerns about high burn and the fundamental unit economics of the business. >>

perhaps because driving margins toward zero in order to outlast your competitors is a sucker's game, where the sucker is whatever company you sell out to?
Limited partners letter from the fourth quarter of 2015.
5
1
Sean Fagan's profile photoMartin Seeger's profile photo
2 comments
 
There were several takeover offers from other companies for us in the past. Most of them were startups. The most stupid of them tried to lure us into the takeover by boasting about their high cash burn rate (not "growth", not "new users", not "strategy"). They did not even make the next six months ;-).

Paul Vixie

Shared publicly  - 
 
so much for the small chance of ever reaching ubiquity that dnssec had until this week. time to move on, i suppose.

- Mitigating factors for UDP include:
- A firewall that drops UDP DNS packets > 512 bytes.
- A local resolver (that drops non-compliant responses).
- Avoid dual A and AAAA queries (avoids buffer management error) e.g. Do not use AF_UNSPEC.
- No use of `options edns0` in /etc/resolv.conf since EDNS0 allows
responses larger than 512 bytes and can lead to valid DNS responses that overflow.
- No use of `RES_USE_EDNS0` or `RES_USE_DNSSEC` since they can both lead to valid large EDNS0-based DNS responses that can overflow.
[PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow. From: "Carlos O'Donell" ; To: GNU C Library ; Date: Tue, 16 Feb 2016 09:09:52 -0500; Subject: [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer ...
9
2
Robert Edmonds's profile photo
2 comments
 
And DNSSEC isn't wedded to large responses either. Cloudflare has ~200 byte signed A/AAAA responses and ~300 byte DNSKEY responses, for leaf zones, using ECDSA.

Paul Vixie

Shared publicly  - 
 
because of long-tail problems amply demonstrated in every part of I.T. for ever and ever, we cannot expect that ssh initiators will add "UseRoaming no" to their configurations, nor that they will upgrade to a client that lacks this undocumented "feature" altogether. that is, many clients will respond to this threat, perhaps even most, but far from all.

i believe that the right solution to this to quasi-implement Roaming in the standard ssh server, such that if it can fetch the client's private key, it does so, and prints it on standard output, and closes the connection. perhaps an additional option would syslog it, or transmit it to some centrally located wall of sheep somewhere.

opin plz?
14
5
Dave Taht's profile photoRussell Nelson's profile photobert hubert's profile photoPerry Metzger's profile photo
5 comments
 
Generally, invisible exploitation of this one is unlikely -- not very unlikely, just unlikely -- because a server making use of the roaming feature breaks scripts and is visible to users in interactive sessions.

I agree that rapid turnover of clients is less likely than one would like -- where, for example, is the new version for my OS X boxes? -- but on the other hand this is not a problem confined to the current bug but to most exploits. We need more general mechanisms to force upgrades and more general mechanisms to make upgrades less painful.

Paul Vixie

Shared publicly  - 
 
i guess the way to apply the lessons of orwell's "1984" in today's world is to wire the /dev/null device on every POSIX system up to the local nation's intelligence/surveillance agency.
16
4
Dave Taht's profile photo
 
I was proposing that everyone also jello biafra facebook by starting to mis-tag everyone's faces, at least. Stross also suggested this.

Paul Vixie

Shared publicly  - 
39
3

Paul Vixie

Shared publicly  - 
 
it's almost as if the invisible hand of the market was a complicated way for humans at scale to foul their own nest at scale.

i usually excise the pictures when i re-post. not this time.

h/t to fergie.
Report showing 16% increase in tree destruction underscores climate threat and is a disappointing result for government efforts to combat deforestation
10
4
Room 110 is directly above the lobby. The music in the lobby was left on all night, in spite of a complaint to the lobby staff. June 12 2014 there was no way sleep was going to happen in that room. Sign me sleepless in Copenhagen. It is now 4:29am.
Public - a year ago
reviewed a year ago
1 review
Map
Map
Map