• 1 Post
  • 22 Comments
Joined 1 year ago
cake
Cake day: June 23rd, 2023

help-circle
  • None built in from what I recall. That was from back in 2011, so it’s possible things changed since.

    Reading through, it looks like retries do exist, but remember that duplicate packets are treated as a window reset, so it’s possible that transmission succeeded but the ack was lost.

    I remember the project demos from the course though - one team implemented some form of fast retry on two laptops and had one guy walk out and away. With regular wifi he didn’t even make it to the end of the hall before the video dropped out. With their custom stack he made it out of the building before it went.

    I’ll need to dig through to find the name of what they did.





  • I have either written or gotten a variant of every single one of these comments 🫠:

    Please include the JIRA task in the commit title.

    Did you run any manual testing?

    Where’s the PRD link in the commit message?

    Can you please split this into multiple smaller commits?

    Can you combine these two commits?

    Did you email Jon about this because he’s working on that project with Sarah and you might be duplicating efforts.

    This should be named BarFoo instead of FooBar.

    Why aren’t you using CorporateInternalLib16 that does 90% of this?

    Why aren’t you using ThirdPartyPaidLibByExEmployee?

    Why aren’t you using StandardLib thing you forgot existed?

    All our I/O should be async.

    All our hot loop code needs to be sync.

    This will increase latency of NonCoreBusinessFlow by 0.01%. can you shave some time off so we can push in feature B also?

    Please add a feature flag so we can do gradual rollout.

    What operational levers does this have?

    Lgtm - just address those comments

















  • Also that in order to exploit this it requires an active man in the middle. Which requires any of the following:

    • Reverse proxy hijack/NAT hijack - from a compromised machine near the server
    • BGP hijack - stealing traffic to the real IP
    • DNS hijack - stealing traffic to send to a different IP
    • Malicious/compromised network transit
    • Local network gateway control
    • WAP poisoning - wifi roaming is designed really well so this is actually easier than it sounds.

    Almost all of those have decent mitigations like 801.x and BGP monitoring. The best mitigation is that you can just change your client config to disable those ciphersuites though.