SoylentNews is people
SoylentNews
Don't worry - I won't.
I won't tell a human soul other than those in a position to fix it, however it's a systemic weakness, and cannot be fixed by issuing patches. This problem won't get fixed until the IETF issues some future RFCs - more than one of them - and even then, not until those new standards are _widely_ implemented.
I've never mentioned this in a public way - this is the very _first_ time I've done so - and I've only told one other person that I know how, but not how it would be done.
If you're in a position to implement new RFCs at your company, or in your contributions to a Free Software or Open Source codebase that you are a _commiter_ to, please fetch my OpenPGP key from a keyserver, if your key isn't already there, please submit it then _email_ your key fingerprint - I think that's 16 digits of hex or so - then I'll add it to my keyring.
$ gpg --keyserver pgp.mit.edu --list-keys 69297A03F84E2022
pub rsa4096 2018-11-18 [SC] [expires: 2023-11-17]
87741D160E80D4F860A192FE69297A03F84E2022
uid [ultimate] Michael David Crawford
sub rsa4096 2018-11-18 [E] [expires: 2023-11-17]
Note that I do not yet have a key for mike@soggywizards.com.
$ gpg --keyserver pgp.mit.edu --receive-key 69297A03F84E2022
Please do _not_ sign my key - nor anyone else's - unless I show your my _passport_ in your direct presence. That my technical articles are so popular led a few complete strangers who I'd never met to sign my old key. The key I've got now is _only_ self-signed.
Please keep it that way until we meet for coffee. But not a beer; I only get drunk when a close friend has been unlucky in love. Then we both Pray To The Porcelain God.
I must be purposefully oblique about the details I provide until I can feel certain not just that those who I share this with will keep a lid on it but also until I've found enough RFC-implementors that once I do provide the details, they'll be able to apply the fixes expeditiously.
It happens that I know some primary developers of some stacks. I also know some leading security experts. I'll explain this to a few of them first. I'm on good terms with some vendors' security people, I'll explain it to them as well.
(Score: -1, Troll) by Anonymous Coward on Tuesday December 04 2018, @04:36AM
I welcome the destruction of the internet because it will mean egotistical narcissistic assholes like you will lose your precious fucking soapbox which you use to shit on the rest of us. Without your global communication network, your influence extends only as far as you can shout. The next time you open your mouth to attract attention, enjoy getting punched in your fucking thoat, motherfucker.
Shut it down now, you lying piece of shit. Do it. Do it now.
SHUT DOWN THE INTERNET RIGHT NOW.
Fuck you, Crawford. Fuck you to Hell. Fuck you Forever.
FUCK MDC