However bad your key management is, unless you're on an older ssh that will let you choose to use the "None" cipher, you're still better off than telnet!
For a lot of the early years, it lost a lot of money. Providing the bandwidth, getting distribution closer to the ISPs etc was a major investment. Lots of dark fiber.
A bit like Google Maps though, a great visionary early investment that they then poured a lot of $ into to make them what they are today. No one else was just providing free satellite imagery for the entire world back then, not even Google Maps.
The investments to support these two products at least, have been really important in helping Google maintain its hold in other places too.
Lots of people still whinge about youtube, but standing up a solid competitor would take too many $ for anyone but other big tech now.
Probably one of the reasons this bug survived so long is that it isn't used much for priveleged access any more, but so you can play a moo or play you an ASCII movie, as people below you are replying.
What an amazing bug. I probably spent my first 10 years on the internet just using telnet. They were wild times. You could log ethernet traffic and see passwords. Towards the end of those we started to have a few more single-user machines, but the vast majority were old school many many user machines, where "root" was thought to be tightly restricted (of course, even then, in practice it wasn't if you were in the know).
I never sent root over telnet, but I spent too much vacation time browsing the web via lynx on my school AIX account from a library near my parents' home, because it had a telnet client in addition to the card catalogue program on the otherwise locked down desktop. It was just a more innocent time: you didn't assume your traffic was being logged six ways to Sunday. With telnet access to my AIX account, I could do all the internet things, like mail (pine) and the web (lynx) and irc, from a convenient command line anywhere in the world.
When did we all stop using telnet? I can't even remember. Most of my first 10-15 years was using telnet. One day I used telnet to connect to a shell for the last time and didn't know it. I had a ton of servers all with root telnet access Internet facing. Never hacked once, somehow. Those were the days.
In the Linux / BSD world, SSH took off incredibly fast for the time. I'd estimate that maybe 80% of people had moved to it within the first year of its release.
But adoption stalled when the original SSH moved to a commercial license in 1996-ish - many of us stuck with the last free version, but vulnerabilities started to pile up. There were various half-working alternatives, but it wasn't until OpenSSH came out in 1999 that the remaining telnet holdouts started to move across.
I worked for an ISP in the mid-90s and had been on the Internet since 1989 or so. I recall the progression for me was something like this:
We used telnet in college no problem. It was a fairly well-accepted method of remote access. The heterogeneous network had many different modes, but a major dialup point was the Annex box, which supported telnet into the Unix or VMS machines.
Between Unix machines, we would often prefer "rlogin" instead. There were several horrific iterations of other remote-access protocols such as "remsh". rlogin was notorious for its "/etc/hosts.equiv" authorization method which trusted DNS and should've been perceived as Swiss Cheese from the outset. rlogin was, IIRC, directly related to rsh and rcp and used the same frameworks. rlogin was no more secure than telnet, but probably less secure because of its conveniences.
We also used port 23/tcp for remote management, for example Cisco routers. They weren't running telnetd, but it was the port where you connected remotely and logged in with or without credentials.
rlogin persisted alongside telnet, until encryption came into fashion and ssh was distributed. Once ssh was available and working well, everyone knew that telnetd and rlogind were on borrowed time. The services were shut down and disabled in inetd. The ports were sometimes blocked. Security advisories went out.
I suppose it took a long, long time for ssh to finally dominate, and for people to abandon telnetd mostly, but it was fairly thorough. We all recognized the superiority of sshd's authentication and encrypted channels.
There were mitigations for people to extend their legacy use of telnetd and rlogind. For example, tcp wrappers and fail2ban could be implemented. Firewall filters could select only authorized networks. VPNs could tunnel through an Intranet that still used them. So, the services lived on wherever they didn't need to be exposed on the public Internet. But I think most Unix admins got the picture by the end of the dot-com bubble.
It's hilarious, especially given that I have memories of similar rlogin vulnerabilities -- various unixes being vulnerable to rlogin -l '-froot' in the 90s.
Never used telnet to log in to something but it is a cool debugging tool, so used it for that. E.g. can this container even send traffic to that container at all.
As a side note, Tungsten is a Swedish word ("heavy stone"). It was first "discovered" by a Swede, and they called it Tungsten. Its atomic symbol is W, for wolfram, the German word for it, which even the Swede's use. I find it mildly amusing. (it is to do with tungsten rich ores and the name of the ores that had been known about for a while)
Sorry to be pedantic, your longest view is not from the Hindu Kush, but from the mountains to the south of the Tarim Basin which are the Kunlun mountains.
The Hindu Kush are largely in Afghanistan, but also Pakistan, running in an arc from Kabul to the north east. They aren't in China.
The Hindu Kush range then gives way to the Karakoram, as you cross Kashmir, which is then bordered to the north by the Kunlun which form the arc of the southern Tarim Basin.
I suspect you're just mixing it up with the Hindu Tagh pass, just to the south of the peak your point is looking from. Hindu Tagh seems to be about as good a name as the line-of-sight community has come up with for that peak.
I think I came up with that name from a game of telephone of sources claiming to have the longest line of sight. There's a lot of really random sources on the Internet that mention the line of sight but do not cite the data or analysis. I have seen Hindu Tagh thrown around as well so if it's more accurate we want it there.
Part of our motivations were to stop the game of telephone and become an authoritative source on this stuff.
I use Teams all the time (although not because it is what I'd choose..).
Mostly just completely free tier, although I do have O365.
On the free tier I think the main restriction is the 60 minute limit on groups > 2?
Don't get me wrong, MS are almost as bad as Google in segregating their chat/video call/conferencing offerings, and even if you did know the names last week, they've probably changed them this week.
TBH, I suspect it will only be good for MS to unbundle it.
Of course, I wish they'd unbundle the whole suite. I am never ever going to run the Outlook, Access + whatever that I am forced to install to get Excel and Word.
FWIW, I suspect there isn't a single programmer you admire that hasn't looked back on moments in their career and cringed at some of their own code.
In some ways, I think it is the hurdle that Linus overcame as an undergraduate that I admire the most. Just putting it out there. This is code. Look at it. It might not amount to anything, but who dares wins.
reply