Re: [NNagain] upgrading old routers to modern, secure FOSS

[Karl Auerbach <karl@cavebear.com>]

I couldn't agree with you more - we need to take care that any control 
or management systems we create are not turn-off-the-Internet switches 
in disguise.

My even larger fear is that as we increasingly cross-link our various 
forms of infrastructure that protective measures will put us into 
(hopefully transient) neo-stone age with a long, difficult recovery.

I have had a long interest that comes from comparing the relative robust 
response of living organisms to the rather brittle responses of our 
technologies.

Living things have an option that is not usually available to our 
technologies - death of the individual.

The one lesson I've been able to draw out so far is that living things 
often have layers of responsive mechanisms that arise because 
evolutionary processes typically do not erase old machinery, but, 
rather, add new responses.  If the new response proves inadequate then 
the old mechanisms are still there and might offer a useful solution to 
whatever condition has happened.

The corollary that I derived from that is that we ought to be designing 
our network systems with layers of response machinery, often working 
somewhat at cross purposes, and with the goal being survival rather than 
optimal use of resources.

How to do this in practice remains somewhat elusive, at least to me.

     --karl--

On 10/23/23 4:39 PM, David Lang wrote:
> On Mon, 23 Oct 2023, Karl Auerbach via Nnagain wrote:
>
>> It would be nice if we built our network devices so that they each 
>> had a little introspective daemon that frequently asked "am I 
>> healthy, am I still connected, are packets still moving through me?"  
>> (For consumer devices an answer of "no" could trigger a full device 
>> reboot or reset.)
>
> I agree with a lot of what you say, but I want to throw in a word of 
> caution here. I have seen systems go from 'slow but functioning' to 
> 'completely down and requires a complete datacenter shutdown to 
> recover' because of automated response systems that decided to restart 
> something when it didn't respond fast enough, triggering a cascade of 
> failures that prevented any service from being able to start into a 
> healthy state.
>
> I've also implemented monitoring on APs to restart them if they don't 
> have a path to the Internet, resulting in continual reboots when there 
> is a transitory issue (now changed to only check their next hop and 
> only shut down wifi to avoid becoming a black hole for that SSID
>
> to err is human, to really mess things up requires a computer, and 
> automation removes the oversight from the computer allowing it to do 
> more damage faster.
>
> David Lang