Sunday, July 9, 2017

MAP(Distributed Systems Are Scary)

Everything in this paragraph is wrong in an interesting way but we're going to focus on the DNS thing today.

So I went back over the Lawfareblog post on the GGE failure and I wanted to point something very specific out: The Global Domain Name System is not something we should save. Also, the last thing we want the GGE doing is negotiating on the "proliferation of cyber tools", but thankfully that is a story for another day (never).

When I went to university for Computer Science I only had to have a B average to keep my NSA scholarship. And RPI didn't have any notion of prerequisites other than a giant pile of cash in the form of tuition, which the NSA was paying for me. So Freshman year I started signing up for random grad-level classes. These have a different grading system: A (You did ok)  B (You understand it but your labs might not have worked at all). C (You didn't do well at all) 

The only grad-level class I got a C in was Computer Security. 

One of the advanced classes I signed up for was parallel programming, which back then was done on IBM RS6000s running a special C compiler and some sort of mainframe timeshare architecture. They'd done a ton of effort to make it seem like you were programming in normal C with just a special macro API, but memory accesses could sometimes be network calls and every program was really running on a thousand cores and you couldn't really predict when things would happen and because the compiler chain was "Next Gen" (aka, buggy as shit) you didn't get useful error messages - just like programming on Google's API today!

It was an early weird machine. You either got it or you didn't. And a lot of the other students refused to let go of the idea that you could control the order of everything. In their end, their programs, which looked right, just didn't work or worked as slow as a dead moose, and they had no way to figure out why. They had learned to program in C, but they had never learned to program.

Last Thursday I was in DC at a trendy bar with some people who have a lot more experience at policy. And one of them (who I will only name as a "Senior Government Official", because he is, and because being called that will annoy him) at one point exasperatedly said "We should just ban taking money out of Bitcoin." He may have said "We should ban putting money INTO bitcoin." I can't remember. The cocktails at this place are so good the bartenders wear overalls and fake black-rimmed eyeglasses. I was pretty toasted, in other words, so I didn't press him on this, even though I should have.

I've been to a ton of policy meetings, both in the US and abroad, where high level government officials have wanted a "driver's license for the Internet" or "Let's ban exploit trade" or "Let's just ban bitcoin". These are all the kind of ideas that result from not understanding the weird distributed machine that is Internet Society.

Yes, as a protocol DNS is a rotten eyeball on the end of a stick poked deep into a lake full of hungry piranhas. But the correct solution is to MOVE AWAY FROM DNS. It is not to try to get everyone to agree not to attack it. 

DNS is not important in any real sense. If it went away, we could create another IP to name system that would work fine, and be more secure and not have, say, Unicode issues, and scalability issues and literally every other issue. We don't move away simply because governments (and the companies that run DNS) love DNS. They love it centrally controlled and they love how much money they can make selling it and managing it.

Nobody technical would have suggested this brain-dead idea of agreeing not to attack DNS. What's next, no attacking FTP servers? All ICMP packets must be faithfully transmitted! They would have then sent around the "evil bit" RFC as a laugh and moved on with their lives.

I'll admit to not being at the meeting, and not knowing the details of the proposal. But I'm confident it was the kind of silly every technical person in this business would have stopped if they had the chance. This says something else about why the GGE failed...

No comments:

Post a Comment