Re: Request for Patience and Cooperation

Howard Wilson (
Thu, 22 May 1997 15:27:58 -0500 (CDT)

> As you probably know, the keyserver was unavailable for about 1.5 hours
> Wednesday morning/early afternoon.
> The reason for the outage was a user "testing" some buggy code against
> the production keyserver.


> And "yes", I'm rather ticked-off about it!

I can imagine.

> Prior to the outage, I urged the person who took down DESCHALL to ask
> for advice on the mailing list. Here is an excerpt of his response.
> [This e-mail was received about 1.5 hours before the outage, while I
> was sleeping.]
> > Even if you don't have experience with firewalls, I do, and it is a
> > specialty of mine. The easiest way for me would have been to integrate
> > the tunneling code directly into your code. Since you won't let me do
> > that, I will have to write my own tunnel.

There's too much going through my mind to form words right now, but the
main thing is disbelief. "Who the Hell does he think he is?" is also near
the top.

> We lost approximately one Pentium-year worth of keys.


> I have no reason to suspect this person intended harm to the project.
> But his refusal to ask for advice from those who had gone before *did*
> cost the project a bunch of keys.

There is harm through ignorance. What he did did not need to be done, and
had he followed your advice, there would be no problem.

The way I see it, not only did he steal YOUR resources, but the resources
of everyone who, in good faith, was trying to use the server for legit

> Should I post his IP address, so you can send him 1 ping per lost key?
> [Very tempting! :) ]

I know that's tempting, but no need to waste our time. However...

> Should I ban his site from contacting the keyserver?

There's no need to let HIM waste OURS either. Is his site actually
contributing? I hate to lose CPU cycles, but if he's not even providing
that many it would be cheaper to ignore him.

> With some 10,000 computers contacting the keyserver daily, I just don't
> have time to deal with every loose cannon.

No, you don't. The way I understand it this is supposed to be a free-time
thing, and I don't imagine you want to use your free time cleaning up the
messes of others.

> The whole DESCHALL development team is dedicating a lot of time and
> energy to this project. And I know it can be frustrating to not have
> a client for your platform or not be able to get through your firewall.

If there is a need for a client, one can be provided without slapping the
entire group in the face. If there is one guy wanting to run it on, say,
a CoCo, then there most likely isn't enough demand. B-).

> But as we take time out to deal with the loose cannons, there is less
> time available to provide general solutions (and new clients) that will
> benefit everybody.

I'd like to see maybe a client that used the FPU (if it would help enough
to justify the work involved). Trust me, I don't have the Pentium bug. B-).

> By the way, adding more developers isn't a solution. This project is
> not unlike "The Mythical Man-Month" by Brooks. And I'm just about at
> my capacity for managing the project.

I want to thank you for what you've done so far. I LOVE this project.


Minister of All Things Digital & Electronic, and Holder of Past Knowledge  Cabal# 24601-fnord | Help crack DES, and have a crack at
I speak for no one but myself, and   |  your share of $10,000! Details at: 
 no one else speaks for me.    O-    |