Everyone moved to SDDs or NVMe. If you're right, that includes manufacturers. HDDs still have advantages over SSDs for specific needs, like more reliable long-term unelectrified storage. It's also possible that the high price of SSDs made HDDs an option again.
Really if you're writing large solid files hard drives aren't that bad. If you can have the system split out one file per drive at a time then you'll avoid a lot of the fragments
A NetBSD posted a blog stating NetBSD is having issues porting Wayland due to Linux specific items. OpenBSD stated something similar.
Both articles indicated it will be a very long time, if ever, to get Wayland fully working on their systems. I did see this presentation that describes some issues as of 2025.
Why would they do that? When I started learning VIM more than 20 years ago, one of the main reason was that it (or vi) was already present and installed in every possible Linux system.
What a surprise, IIRC in Hong Kong there was a platform that was fully decentralized. HK protesters used it on their phones during their uprising and China could not block it.
Maybe it is time people move to that. Sadly I forgot its name or where to get it. Of course the app stores could block that too.
There is always USENET I guess. I wonder if there are apps on Cell Phones that can access USENET and format the posts to work with the small screens. And of course reformat posts to comply to USENET formatting requirements (ie: wordwrap at Col 70).
Bridgefy, Firechat, Bitchat and other bluetooth/wifi peer-to-peer SoMe's are great as long as you're enough people around. As long as you don't rely on one of the big tech app stores (or use an iPhone), it's not hard to get them even when the government is being tyrannical. It would be interesting to build something that would work over the various IoT networks which basically span all of Europe, but I guess that would be hard in countries where there are large areas of "nothing". It also depends on farmers choosing open source technology for their tech since you'd need a lot of farming IoT equipment to connect cross rural areas.
> It would be interesting to build something that would work over the various IoT networks which basically span all of Europe, but I guess that would be hard in countries where there are large areas of "nothing".
A portable device that could effortless hook up to the existing decentralized wireless networks would be even better, Freifunk covers large part of Germany, Guifi covers large parts of Spain, probably there are more somewhere else too, but AFAIK there is no portable device that lets you easily just connect and chat, still requires a bit of setup to participate.
A centralized platform with marginally cleverer cryptography can technically allow posts and comments to belong to a user, but not be traceable back to the user! When asked by the government who made a particular post or comment, it should not be possible for the platform to readily identify who made it. Of course the IP address should not be tracked either, certainly not beyond 1h. The logged in user would still be able to view and manage all of their posts and comments, also see responses, because they would have the cryptography key to do so. So what about spam and guardrail control -- one solution is to let AI classify it. Much more can be possible with cleverer uses of cryptography. In short, it is not formally necessary to switch to a decentralized or federated solution to address the anonymity issue.
The issue with that is that the author won't be able to edit or delete the message at any time. These are useful requirements. On Reddit I sometimes edit a message after several years, so there shouldn't be a time limit either.
Anything that is P2P E2EE is hard to block by utilizing traditional measures. Personally I use and trust Tox. If you also want anonimity you can pair it with tor.
>I liked B5 far more, it tended to show people as real people.
Absolutely. I just rewatched S02E05 ("The Long Dark") that had Dwight Schultz[0] as a guest star.
While watching it (and not for the first time), it occurred to me that in that one single episode on Babylon 5, Schultz showed us more humanity than in all the dozen or so Star Trek: TNG/Voyager episodes he was in as Lieutenant Barclay.
In both roles, Shultz's character is emotionally damaged, which causes problems for them, but in the Star Trek roles it's mostly played for comedy and the issues around his dysfunction aren't addressed at all.
As the B5 character, his PTSD (based on serious trauma as a soldier) made him a homeless substance abuser. The plot pushed him to examine and face the source of his trauma. While I wouldn't call it a "powerful" performance, the B5 character was much more believable and human than the ST character.
Same actor, incredibly different on-screen results.
I heard the same back then, plus IIRC B5 did or tried to sue Paramount for copying their plot for DS9. I believe the series was offered to Paramount first but they said no.
There were a few news articles about that in various entertainment publications.
Plus in Nov or 2026, get out and vote, no matter how hard it is to get to the polls. This happened because people sat on their behinds and did nothing in Nov 2024,
And, try to talk to people who don't agree with you. Have an open mind, listen, avoid being judgmental and critical. It's not easy, but you can change minds.
Won't matter. Donny put the epstein files out, redacted, to remind every single influential person in the blast radius that unless he keeps holding the redaction pen, all their lives will be over.
One thing to consider: it’s clear he was very widely connected in American elite circles. It’s likely that almost all prominent people (in finance, business, the arts, science, government, etc) all came across him. We know he worked pretty hard to get intertwined with everyone he could.
And yet, although the list of his connections is large, it’s very far from most of these people. It seems plenty of people saw him for who he was and steered clear.
Not sure what that means. Mostly ordinary citizens go to protests. Not aware of any group paying felons to protest. Speaking of, is Trump allowed to vote?
Attending public (peaceful) protest is valuable. It shows that people with that view point (whatever it is) are not alone. It encourages more people to get involved.
The main question is why use Telnet when ssh is available. Some people mentioned routers, maybe that is why. But I would think in this day and age routers would now use ssh.
I do remember reading a long time ago telnet does/can support encryption. But when I looked at the systems I have access to, the manuals have no mention of that.
The biggest remaining production use of telnet is IBM mainframe and midrange systems. tn3270 which is a telnet extension implementing support for 3270 block mode terminal data streams is still in widespread use, and there is also tn5250 which does the same for 5250 terminals (used on IBM i / AS/400)
This use case is perfectly secure, because IBM mainframe/midrange telnet servers support telnet-over-TLS, and that’s what people run in production
For connecting to mainframes, SSH has no real advantage over TLS, and its major disadvantage is that there is no standardised way to transmit 3270/5250 data streams over it
But people looking for telnet traffic over the public Internet probably won’t even notice this, because they aren’t looking for telnet over TLS - which is difficult to distinguish from whatever else over TLS - and because almost all of it goes over VPNs not the public Internet
This is, as far as I know, a completely accurate and factual take. It is also nearly irrelevant.
The two entities which have reported on this event are looking for tcp traffic on port 23, not TELNET protocol traffic. So indeed, as you say, if they are tunneled in VPN, or encapsulated or using an alternate port, tn3270 traffic will not be detect on port 23/tcp. Telnet over TLS is assigned to port 992, so any RFC-compliant implementation would be found there, and irrelevant, again, to the telnetd CVE reported this year.
There are two facets to January's incident: the vulnerability in the GNU implementation of telnetd, and the purported, widespread blocking of port 23. The original report went out because of the coincidence they perceived there, and especially because the latter preceded the disclosure of the vulnerability!
Mainframe tn3270 servers would not be subject to this vulnerability. If there had been a port filter in place, it only would've tripped-up the mainframes that still used port 23, which is evidently optional, and it says here that many admins want to keep AIX's telnetd bound to port 23 anyway.
So it is good to know that TELNET protocol, and its extensions, are alive and well. We may not actually know how many clients and servers implement the protocol itself, since MUDs made this a routine thing, but certainly the deployment of IBM systems is formidable, considering the sheer mass of the iron in their rack mounts.
You can wrap any TCP protocol in TLS which means every TCP protocol supports encryption, Telnet included. The app (and server) simply need to wrap their connections in TLS, which is trivial in many programming ecosystems.
And IMO, X.509 (used in TLS) is virtually superior over SSH’s bespoke certificate format in every way. You get both regular certificate pinning (like what SSH uses now) AND full certificate authority chains (if you want).
> You get both regular certificate pinning (like what SSH uses now) AND full certificate authority chains (if you want).
It doesn't do full chains, but SSH does have certificate authorities. I agree that the lack of intermediate CAs is a limitation (a CA can only sign a leaf node public key directly), but it's still super useful.
It is surprisingly common to find routers with " export firmware " installed out of the box, that do not have ssh support to avoid the interactions with US Cryptographic export licencing complications
Because I want to login to my user account without sending a password over the wire. If telnet can use keypairs to authenticate users then I guess I don't mind that as a solution, but I haven't heard of it? Also I do care about per-user auth because some of us still work in environments where servers have multiple users.
I suppose if you prefer, I can write "over the network". The point is that the password leaves my machine. As a practical example: With password auth, if an attacker gets root on a server then they can read your password and log in to other machines. With SSH keypairs, this isn't possible (unless you go out of your way to forward an SSH agent, and even then there are mitigations).
>> If telnet can use keypairs
> Kerberos exists, so, yes, it can.
This sounds promising, and in fact at least one page I found about it claims that kerberos+telnet encrypts the session, at which point I don't immediately see what we need wireguard or ssh for. On the other hand, it looks like eg. GNU inetutils telnet doesn't support it? In fact, https://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-us... says
> The Kerberos V5 telnet command works exactly like the standard UNIX telnet program, with the following Kerberos options added:
which makes it sound like they've just made a special telnet variant with these features, at which point it rather feels like we've just re-invented ssh under a different name.
Which is just an abstraction of a password. Instead of storing it in your mind and sending it over the network you store it on your harddrive and use to calculate things on the network. Haven't you just moved the security boundary slightly? You're now also mixing up authentication and encryption into one package which isn't strictly an upside. Granted you can secure your key with a password or a yubikey but now you're messing with agents or you're typing that password an incredible amount.
I see your point. The dead simplicity of telnet session over encrypted tunnel still appeals to me in the face of the structures above. It also means you can elide the whole "how do I do this complicated port forwarding with ssh" question entirely.
> we've just re-invented ssh under a different name.
ssh is the best implementation of self signed security you can get. With kerberos we actually get a central authority and it separates authentication and encryption rather nicely without requiring user agents running as daemons.
I don't think that's functionally true. The important thing is that with telnet or password-auth ssh, you send the actual text of your password to the server. With ssh keys, the server and client do some magic crypto math to let you prove you control the private key without ever sending it. Therefore, a compromised server can steal a password, but not a ssh key.
(Yes, in theory perhaps you could do some fancier way of proving that you know a password without sending it, but 1. I'm no cryptographer, but the fact that openssh hasn't done this feels suggestive, and 2. that is once again a pretty big change for the nominal goal of keeping telnet)
> ssh is the best implementation of self signed security you can get. With kerberos we actually get a central authority and it separates authentication and encryption rather nicely without requiring user agents running as daemons.
Sure. Like, I've never thoroughly evaluated kerberos in depth (again, I'm no cryptographer), but I hear generally good things. My point is that by the time you have kerberos, you aren't really using what I would call telnet anymore, you're using something that acts like telnet but backs into a completely different authentication and communication system, and at that point you might as well use a completely different authentication and communication system without pretending to be telnet. This goes double because (open)ssh does support kerberos.
However bad your key management is, unless you're on an older ssh that will let you choose to use the "None" cipher, you're still better off than telnet!
I forgot what it did, but I think it wiped your system out too.
reply