Re: Request for Patience and Cooperation

Howard Wilson (stile@ionet.net)
Thu, 22 May 1997 15:27:58 -0500 (CDT)


>
> As you probably know, the keyserver was unavailable for about 1.5 hours
> Wednesday morning/early afternoon.
>
> The reason for the outage was a user "testing" some buggy code against
> the production keyserver.

HUH?

> And "yes", I'm rather ticked-off about it!

I can imagine.

> Prior to the outage, I urged the person who took down DESCHALL to ask
> for advice on the mailing list. Here is an excerpt of his response.
> [This e-mail was received about 1.5 hours before the outage, while I
> was sleeping.]
>
> > Even if you don't have experience with firewalls, I do, and it is a
> > specialty of mine. The easiest way for me would have been to integrate
> > the tunneling code directly into your code. Since you won't let me do
> > that, I will have to write my own tunnel.
>

There's too much going through my mind to form words right now, but the
main thing is disbelief. "Who the Hell does he think he is?" is also near
the top.

> We lost approximately one Pentium-year worth of keys.

*SIGH*.

> I have no reason to suspect this person intended harm to the project.
> But his refusal to ask for advice from those who had gone before *did*
> cost the project a bunch of keys.

There is harm through ignorance. What he did did not need to be done, and
had he followed your advice, there would be no problem.

The way I see it, not only did he steal YOUR resources, but the resources
of everyone who, in good faith, was trying to use the server for legit
reasons.

> Should I post his IP address, so you can send him 1 ping per lost key?
> [Very tempting! :) ]

I know that's tempting, but no need to waste our time. However...

> Should I ban his site from contacting the keyserver?

There's no need to let HIM waste OURS either. Is his site actually
contributing? I hate to lose CPU cycles, but if he's not even providing
that many it would be cheaper to ignore him.

> With some 10,000 computers contacting the keyserver daily, I just don't
> have time to deal with every loose cannon.

No, you don't. The way I understand it this is supposed to be a free-time
thing, and I don't imagine you want to use your free time cleaning up the
messes of others.

> The whole DESCHALL development team is dedicating a lot of time and
> energy to this project. And I know it can be frustrating to not have
> a client for your platform or not be able to get through your firewall.

If there is a need for a client, one can be provided without slapping the
entire group in the face. If there is one guy wanting to run it on, say,
a CoCo, then there most likely isn't enough demand. B-).

> But as we take time out to deal with the loose cannons, there is less
> time available to provide general solutions (and new clients) that will
> benefit everybody.

I'd like to see maybe a client that used the FPU (if it would help enough
to justify the work involved). Trust me, I don't have the Pentium bug. B-).

> By the way, adding more developers isn't a solution. This project is
> not unlike "The Mythical Man-Month" by Brooks. And I'm just about at
> my capacity for managing the project.

I want to thank you for what you've done so far. I LOVE this project.

Howard

-- 
Minister of All Things Digital & Electronic, and Holder of Past Knowledge
 stile@ionet.net  Cabal# 24601-fnord | Help crack DES, and have a crack at
I speak for no one but myself, and   |  your share of $10,000! Details at: 
 no one else speaks for me.    O-    | http://www.frii.com/~rcv/deschall.htm