On Apr 6, 2021, at 9:17 PM, Johnny Billquist <bqt
at softjar.se> wrote:
Hi, all.
First of all, to comment on the OP. Area 63 has indeed been reserved for people
interested in doing hidden areas, like DEC did. I also do not remember much detail right
now, but others asked for it, and I saw no problem in reserving one area for it. Others
might even be using this, based on comments here.
When it comes to PMR and PASSTHRU, I might have some stuff for RSX that could answer some
questions, but I would have to dig through things... Not sure if there is enough interest
for any digging around right now.
If you find anything I would be interested in adding support to Linux DECnet.
Finally, when it comes to duplicate addresses, the
most obvious casualties are always the two nodes where the duplication actually happens.
If they are just endnodes, the damage always stops there. While this is maybe not a good
state, it at least is containable. But make sure people do not get creative and just start
changing to arbitrary other addresses, or we are going to need to take more drastic
action.
I can understand the desire to make it easier for people with little understanding to
hook up, there is a risk that if you don't know what you are doing, you create
problems for others that you don't even understand. I would really recommend that we
don't make it *too* easy for people to hook up. I don't want to hold hands for
people who have no idea what they are doing, just to prevent chaos on HECnet.
Finally, if you setup nodes that are not endnodes, the responsibilities grow. Especially
if you are in an area where others are also active, since any kind of router can
potentially wreck havoc in an area, or possible even with the inter-area routing.
So for those, I would even more suggest that you do not set anything like that up for
someone who don't know what they are doing.
Now, these comments are not really targeted at anyone in particular, but something for
everyone to be aware of, and consider, when you hook up others. HECnet is rather
distributed, really. I do manage the area allocation, and area 1. But when I hand out an
area to someone, then everything about that area becomes that persons responsibility. So
adding new people, new nodes, new links, or whatever, is totally up to them. I can
certainly offer a bit of support, but the "owner" of an area is really the
deciding person on what happens in that area. If the owner sub-let part of the area to
someone else, I think it still makes sense to consult with that area owner, if you further
sub-let, or hook others up, since this definitely can have an impact on the area.
Think about it. We should all try to be good neighbors. DECnet, while ok, isn't at
the robustness level, or security (well there are none) of modern internets.
In the late ?80s I was a member of the Distributed Services group working on DAAS
(Distributed Authentication and Authorization Service). The group was also responsible for
distributed naming services (DNADNS), distributed file service (DFS) and distributed time
service (DTSS). We licensed the RSA algorithm for prototyping and we were working on an
architecture using distributed CAs similar to what is used today. I had a version of CTERM
on Ultrix (dlogin) which used a crypto exchange to perform an immediate login without
entering a password. The main problem was the lack of compute power. A Microvax II, using
hand crafted assembler, could manage a blistering 8KB/s of DES encrypt or decrypt and the
RSA code was many times slower. I moved over to the Network Advanced Development group in
1990 and, I think, the assigned architect left the company around the same time so nothing
further came of the work.
John.
Johnny
On 2021-04-07 02:50, Paul Koning wrote:
On Apr 6,
2021, at 8:21 PM, Mark J. Blair <nf6x at nf6x.net> wrote:
On Apr 6, 2021, at 4:51 PM, Paul Koning
<paulkoning at comcast.net> wrote:
Given that you have an area number assigned to you
I don't have a whole area number. I have a 100-number chunk of Robert's area
reserved for me.
--
Mark J. Blair, NF6X <nf6x at nf6x.net>
https://www.nf6x.net/ Ok. The same principle holds: a misbehaving node connected
to an L1 router can mess up at most that area. If it mistakenly grabs someone else's
node number, those two nodes are affected but others are not. The only way it could do
worse things is if it's a router and it claims to be a really good path to other nodes
in the area, and then doesn't live up to the promise. (That happened in the Internet
once, when routers in some corner of the Internet, Hong Kong perhaps, claimed to be the
best way to reach Pakistan.)
Short of major software malfunction, not likely when dealing with VMS systems, the main
worry is misconfiguration. For that, connect via an L1 router and look for node address
errors.
paul
--
Johnny Billquist || "I'm on a bus
|| on a psychedelic trip
email: bqt at softjar.se || Reading murder books
pdp is alive! || tryin' to stay hip" - B. Idol