netsec people for once i am asking for a reply here. tell me why IPsec is so hateful. tell me there's some heinous story about it literally escaping a research lab at cisco in the early 90s by accident

— 🎃Utterly dispassionate documentary hog slaughte🎃 (@gravislizard) October 22, 2019

I’ve gotten many, many IPsec tunnels working and it does bite ass. The reason is that it’s a protocol (really a suite of associated-ish protocols and specifications) that has been in development, and thus ever-changing, since the 1970s.

And it’s all terrible because IPsec is designed to cover too many use cases and its actual implementation is up to dozens of different firewall vendors and OS makers, many of which don’t follow the RFCs or do it in such a confusing way that their interface or CLI is basically unusable. Additionally, since IPsec has been around so long, it’s not unusual to find firewalls or other devices still very much in service that can’t talk to newer devices because the old ones don’t support — or properly support — newer, now-required (by corporate policy) features. For instance, at work I have a firewall that is less than five years old that we could not initially use to connect to a client as it didn’t support IKEv2.

Anyway, IPsec is terrible because it’s trying to cover a huge territory with open source solutions which receive very little quality development, and because IPsec has been around so long there are 900 poor implementations of nearly-identical features, none of which play that well together for various reasons.

everything on linux is the most painful way it could possibly be on purpose

— 🎃Utterly dispassionate documentary hog slaughte🎃 (@gravislizard) October 22, 2019

Yep. It’s nerd-optimized and getting worse, so that means that absolultely nothing just works, it requires twiddling of endless configuration files and has no reproducibility at all. (That means that because you set it up a certain way on one system, doesn’t mean it’ll work the same on another, apparently-identical, system. In fact, I can guarantee it will not.)

And don’t tell me I just don’t know how to use it. I’ve been working with Linux since 1998, have a now-expired RHCE, and have deployed the OS in large-scale production environments. I do know what I am doing and I can tell you Linux is designed poorly even for its intended purpose, with some rare exceptions.

This isn’t really an unpopular opinion, but it’s a bit of a slantwise way of thinking about it.

Though fossil fuels kick-started our technological revolution and largely made possible the second phase of the Industrial Revolution, by causing so much harm it’d have been better overall for humanity if their major uses had never been discovered or their usage severely restricted.

Though I know the strict determinists and those who enjoy spreadsheet fuckery will protest, there is a path for humanity where we went electric in the early 20th century, never depended much on fossil fuels, and rapidly increased the efficiency and prevalence of electric engines. In this world the airline industry never developed and we made widespread use of high-speed trains since the 1950s. Ocean crossings are undertaken by fast cruise liners with nuclear reactors (60 knots cruising speed), so it takes two days to go from NYC to London, but you do so in a nice cabin with all the amenities, not packed in like lab rats in some population pressure experiment.

Don’t let anyone tell you this world was impossible — in fact, we could build it right now, and it’d only cost a few years of the DoD budget.

I agree that without such heavy dependence on fossil fuels tech development would’ve been delayed 60-90 years. But with them, it’s likely we will make the planet largely uninhabitable. So that’s not really a win in my book.