Unfortunate news today that an internet friend and important engineer Dave Täht died recently. Dave was responsible for the bufferbloat project and the development of the Cake qdisc in the Linux kernel. He also pushed for much better control of latency across all internet hardware. He's a major reason why cable modem all have queue management algorithms. I interacted with him off and on for 15 years or so. He was about 59 years old so far too young.

via @toke

https://social.kernel.org/objects/bb4f56d3-5c79-4942-ab00-2b0310eb72d0
#openwrt

@dlakelan
Yes! Terrible! :(

I was devastated to learn that Dave Täht passed away. Wrote a bit about it.

https://blog.tohojo.dk/2025/04/remembering-dave-t%C3%A4ht.html

“eBPF Announces Support for Tolkien Ring”
Oh wow! 🐝 🧝 💍

https://ebpf.io/blog/support-for-tolkien-ring/

Let's take a moment to remember the guy who made sure we don't have to change Every Goddamn Clock today, David L. Mills, creator of Network Time Protocol (NTP) who passed last year.

My wristwatch is synced to my phone, which is synced to the internet, which knows that time it is right now thanks to David Mills. Cheers to his memory 🥃

https://cse.engin.umich.edu/stories/remembering-alum-david-mills-who-brought-the-internet-into-perfect-time//

#DST #NTP #FOSS

Today I got a cheery email from somebody who claims to be the "ethics and compliance" officer for a company called Bright Data. He wanted to have a "no pressure" conversation about the whole AI scraperbot problem. Looking at their web site, this company offers an API that, and I quote, "Bypasses anti-scraping mechanisms and solves CAPTCHAs, ensuring uninterrupted access to the most protected web sites".

After careful consideration for several milliseconds, I have concluded that I really don't have anything to discuss with this person.

But at least their claimed "100M+" of residential IP addresses that they use for their DDOS attacks are "ethically sourced".

The internet of things is truly a wonder. 😝

#dishwasher #parody #iot

restic 0.18.0 is released! Blog: https://restic.net/blog/2025-03-27/restic-0.18.0-released/

GitHub: https://github.com/restic/restic/releases/tag/v0.18.0

@asynchronaut Thanks!

New blog post: "ECN, ECMP and anycast: a cocktail of broken connections"

Just over five years ago, I was seeing weird "connection reset" errors when trying to connect to Cloudflare sites.

This turned out be due to an unholy alliance between ECN, ECMP and anycast routing, and figuring this out was quite interesting.

I meant to write up the experience in a blog post at the time, but somehow never got around to it. I was just reminded of this, so better late than never!

https://blog.tohojo.dk/2025/03/ecn-ecmp-and-anycast-a-cocktail-of-broken-connections.html

Trying to make it easier to debug RTNL lock contention...

https://github.com/iovisor/bcc/pull/5230

#GNUTerryPratchett

Ten years ago, Sir Terry Pratchett died. But "A man’s not dead while his name is still spoken."

We carry his memory with each DokuWiki release being named after one of his many Discworld characters.

If you never read a book by him - now is a good time to do so!

#GNUTerryPratchett

@larsmb
Same! Also generally add it to web server configs :)

X-Clacks-Overhead: GNU Terry Pratchett

(That's been in all my outbound e-mail for a decade now.)

#RIP #TerryPratchett

If your criticism of "big tech" is merely a result of the unhappiness about the fact that Meta, Google and Microsoft aren't EU-corporations you are missing the point.

There is nothing that indicates that SAP or Deutsche Telekom would hesitate a second at the chance of becoming equally violent and exploitive forces.

The solution to Big Tech isn't EU Big Tech. It's de-commercialisation and democratization of tech.

That ESP32 thing has a CVE: CVE-2025-27840: https://nvd.nist.gov/vuln/detail/CVE-2025-27840 .

And, pretty much everything all of the well-known infosec people have been saying is correct: physical access required (or, high privileges and high attack complexity; the score is kinda 'wrong' in some sense because it is combining two exploitation vectors but I think it gets across the point: this is not wormable and is not exploitable via wireless, at least not on its own. and if your threat model allows for physical access but still treats this as a big deal somehow, go home, your threat model is drunk).

“The fundamental weakness of Western civilization is empathy, the empathy exploit,” Musk said. “There it’s they’re exploiting a bug in Western civilization, which is the empathy response.”
-Elon Musk, March 6, 2025

“In my work with the defendants (at the Nuremberg Trials 1945-1949) I was searching for the nature of evil and I now think I have come close to defining it. A lack of empathy. It’s the one characteristic that connects all the defendants, a genuine incapacity to feel with their fellow men. Evil, I think, is the absence of empathy.”
-Captain G. M. Gilbert, the Army psychologist assigned to watching the defendants at the Nuremberg trials

https://www.cnn.com/2025/03/05/politics/elon-musk-rogan-interview-empathy-doge/index.html

The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks.

Update 3/9/25: After receiving concerns about the use of the term "backdoor" to refer to these undocumented commands, we have updated the title of our story.

https://www.bleepingcomputer.com/news/security/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices/