Disabling TCP_NODELAY would also reduce number of packets + be portable & simpler to implement - but would incur a latency penalty.
I am aware of TCP_NODELAY (funny enough I recently posted about TCP_NODELAY to HN[1] when I was thinking about it for the same game that I wrote about here). But I think the latency hit from disabling it just doesn't work for me.
Also I was unfamiliar with SSH being vulnerable in the past to keystroke timing!
2023 discussion about it here.
please never do that (in production)
if anyone half way serious tries they _will_ be able to break you encryption end find what you typed
this isn't a hypothetical niche case obfuscation mechanism, it's a people broke SSH then a fix was found case. I don't even know why you can disable it tbh.
[1] https://people.eecs.berkeley.edu/~daw/papers/ssh-use01.pdf
- you are listening to an SSH session between devices
- and you know what protocol is being talked over the connection (i.e. what they are talking about)
- and the protocol is reasonably predictable
then you gain enough information about the plaintext to start extracting information about the cipher and keys.
It's a non-trivial attack by all means but it's totally feasible. Especially if there's some amount of observable state about the participants being leaked by a third party source (i.e. other services hosted by the participants involved in the same protocol).
So the "real" keystrokes are 100% the same but the fake ones which are never seen except as network packets are what is randomized.
It's actually really clever.
This should really be upstreamed as an option on the ssh library. Its good to default to sending chaff in untrusted environments, but there are plenty of places where we might as well save the bandwidth
https://github.com/openssh/openssh-portable/blob/d7950aca8ea...
I mean, for modern version of Openssh it's not exactly wrong. The failure was to tell you why that is the normal behavior.
WAT. Please no.
Another good trick for debugging ssh's exact behavior is patching in "None" cipher support for your test environment. It's about the same work as trying to set up a proxy but lets you see the raw content of the packets like it was telnet.
For terminal games where security does not matter but performance and scale does, just offering telnet in the first place can also be worth consideration.
When making this statement, are you taking into account that SSH encrypts the traffic by default?
And in this situation, the amount of encrypted payload in each packet is 36 bytes which is ~40x less than a full packet of ~1500 bytes. You would almost surely hit packet per second limits before you hit payload throughput limits at these small sizes.
Encryption is slow when compared to data throughput you can get with a properly designed transport stack, but that is because it is in comparison to 100 Gbps per core even with no hardware offload. Anything less than ~10 Gbps/1 million packets per second (ignoring other bottlenecks, so only the software transport is the limit) is not merely unoptimized, it is pessimized.
Found your problem.
But it is an interesting world where you can casually burrow into a crypto library and disable important security features more easily than selecting the right network layer solution.
However, there are existing libraries for exactly this use case - see https://github.com/ValveSoftware/GameNetworkingSockets
I guess QUIC libraries would also work.
running without congestion control means that you avoid slowstart. but at a certain rate you run into poorly defined 'fairness' issues where you can easily negatively impact other flows. past that point, you can actually self-interfere and cause excessive losses for yourself.
quic uses congestion control, but uses latency estimates and variance as a signal to back off. it still imposes an ordering on a per-stream basis. so it might not be ideal either.
sctp has a mode which supports reliable and unordered, which might be something to consider
so really - if you care about latency and have a different reliability model, its worth unpacking all these considerations and using them to select your transport layer or even consider writing a minimal one yourself
Is this not a performance consideration?
Either way, using plain old SSH means a metric bajillion computers have a client for your game built in.
The problems you run into when doing things you shouldn't do are often really fun.
[1] https://news.ycombinator.com/item?id=42342382
One thing you notice if you have ADSL is that some services are built as if slower connections matter and others are not. Like Google's voice and audio chat services work poorly but most of the others work well. Uploading images to Mastodon, Bluesky, Facebook, LinkedIn, Instagram and Nextdoor is reliable, but for Tumblr you have to try it twice. I don't what they are doing wrong but they are doing something wrong and not finding out what they're doing wrong because they're not testing and they're not listening to users.
Nobody consulted me about their decision not to run fiber by my house. If some committee decides to make ssh bloated they are, together with the others, conspiring to steal my livelihood and I think it would be fair for me to sue them for the $50k it would take to run that fiber myself.
It's OK if you work for Google where there is limitless dark fiber but what about people in African countries?
It's the typical corporate attitude where latency never matters: Adobe thinks it is totally normal that it takes 1-5s for a keystroke to appear when you are typing into Dreamweaver.
But you cannot just sue a company because their network connected software doesn't work well on slow networks. Let alone a project like OpenSSH. It would be like me suing a game studio because my PC doesn't meet their listed minimum requirements to play the game.
If you want a “1990s” mode, add it yourself or pay some to do it for you.
This is funny to me, because ADSL used to be the fast thing, as opposed to dialup modems.
> And they’re sent to servers that advertise the availability of the [email protected] extension. What if we just…don’t advertise [email protected]?
The extension is "ping@openssh.com." It shows up in the blog reliably for me across several browsers and devices.
Now that's solving the problem the wrong way. If you really want that, send all typed characters at 50ms intervals, to bound the timing resolution.
snowmobile•1h ago
Speaking of smoking guns, anybody else reckon Claude overuses that term a lot? Seems anytime I give it some debugging question, it'll claim some random thing like a version number or whatever, is a "smoking gun"
Hikikomori•1h ago
lloydatkinson•1h ago
It's nauseating.
cubano•1h ago
Considering what these LLMs bring to the table, I think a little tolerance for their cringe phrases is in order.
jcynix•1h ago
Terretta•1h ago
calvinmorrison•41m ago
jcynix•19m ago
Looking back we already had similar problems, when we had to ask our colleagues, students, whomever "Did you get your proposed solution from the answers part or the questions part of a stackoverflow article?" :-0
hamdingers•23m ago
Telemakhos•1h ago
https://pshapira.net/2024/03/31/delving-into-delve/
bdamm•1h ago
yread•1h ago
dave78•1h ago
MonkeyClub•29m ago
Btw, is the injection of "absolutely" and "in $YEAR" prevalent in other LLMs as well, or is it just in Gemini's dialect?
cristoperb•24m ago
locallost•1h ago
redwall_hp•1h ago
smallmancontrov•1h ago
f1shy•56m ago
cipehr•1h ago
Maybe it has something to do with your profile/memories?
eieio•1h ago
gf000•1h ago
grim_io•1h ago
hinkley•59m ago
ranger_danger•54m ago
rubslopes•41m ago
andai•38m ago
https://xkcd.com/3126/
Soon the Andy 3000 will finally be a reality...
thadt•6m ago
I still do - but I used to, too.
jcynix•1h ago
simonjgreen•53m ago
Fnoord•51m ago
Oh shoot! A shooting.
So the TL;DR of this post is: don't change this setting unless you know what you're doing.
kevin_thibedeau•45m ago
observationist•32m ago
Grok, ChatGPT, and Claude all have these tics, and even the pro versions will use their signature phrases multiple times in an answer. I have to wonder if it's deliberate, to make detecting AI easier?
nurettin•30m ago
layer8•23m ago
jcims•20m ago
HPsquared•16m ago