1. TELNET is an IETF-standard protocol defined by RFCs.
2. Telnet is a well-known port assigned by the IANA (tcp/23).
3. telnet is a client program, originated on Unix, available on many systems, and likely from a quite homogeneous codebase.
4. telnetd is a server program, also originated on Unix for the purpose of implementing Telnet protocol as a login server. Also a homogeneous codebase or two.
TFA is about items 2 and 4, and 1/3 are completely unrelated.
IIRC, the only traffic that was monitored and detected here is the scanning. The vulnerability scanners that try and detect, for better or worse, what someone's running on port 23, fingerprint it, and figure out if it's a vulnerability.
Interestingly, filtering port 23 only mitigates the CVE by happenstance. It is merely by convention that telnetd runs on port 23, so that people can use it to log in remotely. There is no constraint that requires port 23. Any other service could usurp 23/tcp for itself if the admin decrees it. So, filtering port 23 is an effective mitigation for the defaults of someone running a vulnerable server on the standard port. But it is not a panacea, and it doesn't prevent anyone from using the telnetd server, or the telnet client, except for port 23.
But it also prevents you from offering any service on port 23/tcp, lest it be filtered. You wouldn't want to run a web server, sshd, a MUD, or anything else, because your connectivity would be negatively impacted for this reason. (The common experience is that a lot of Windows SMB/NetBIOS ports are blocked, and SMTP and port 80, on a lot of consumer ISPs, although this is contrasting the ISP situation to Tier-1 transit carriers now.)
I'm not sure I understand how this argument refutes the claim that this isn't about telnetd. There'd be no reason to respond to the vulnerability in the way they did if the vulnerability in telnetd hadn't existed and been exploited -- and the proof is that nobody ever did until now.
...except that port 23 seems to now be filtered across the internet at large, leading to a huge drop-off in telnet traffic over the course of days if not hours. I think it's safe to say that even if you patch telnetd, being able to use telnet over the internet is not possible in many places (including Canada, according to the data).
That's not true. The money you use to buy stocks gets you an ownership interest in a company that creates value. The money you put into crypto gets you a line on a distributed spreadsheet.
The money that comes out of your ownership share is tied to the success of the company, through dividends and buybacks.
Sure but that still gets back to training drivers and enforcing regulations as the core issue. We don’t allow people who can’t pass proper medical training to be doctors no matter how many undocumented people may apply.
United States is a Constitutional Republic. Not a democracy according to the US constitution.
$ grep -i democra us_constitution.txt
$ grep -i republic us_constitution.txt
The United States shall guarantee to every State in this Union a Republican Form of Government, and shall protect each of them against Invasion; and on Application of the Legislature, or of the Executive (when the Legislature cannot be convened) against domestic Violence.
I understand you're offering this as a gotcha but I'm not sure what you're referring to and it's unclear from context.
In any event, both of those things are typically undemocratic which is why they are rare in functioning democracies and common in autocracies. No system is invulnerable to attack so in certain circumstances they aren't undemocratic. Excluding candidates for, say, a criminal record, mental incapacity, or foreign obligations is less democratic but no reasonable person would claim it voids the will of the people.
Not sure where you're getting the "overturned" part, but if you're trying to point out the the DNC runs roughshod over party members, then you're right only in the sense that they suck.
What sucks more is having a two-party system -- the game is pretty well rigged by that. Voters have the choice of the lesser of two evils. But at least there's a choice involved.
So, comrade, you have failed to sway me. I don't put party before country, even if I was a party member. I doubt you can say the same.
And the person they picked for this is a charismatic narcissist who clearly only cares about himself? The examples of previous "dictators" all clearly believed that what they were doing was for the benefit of the country as a whole.
Those opposed to Trump holding office don't do so because he's in the "wrong party", they oppose him because he is eminently unsuitable for the job. Note that even hard core conservative members of his party advocated for voting for his opponent. That's a first, and there's a reason why.
Note as well that he's making noise about ignoring a constitutional amendment that would prohibit him from the office after this term.
Jobs is not the same as production. Many of the jobs are lost due to automation. If you bring manufacturing back to the US you’ll be “hiring” a lot more robuts than humans.
reply