If you think suicide is weak or shameful, you just don’t understand

Recently, someone fairly well known in certain circles committed suicide. People commit suicide all the time of course, but this person could fairly be described as a form of genius, a polymath, hero to many. Since their sphere of influence was (is!) strongly Internet-based, the net has been alive for weeks with people feeling the need to comment upon it.

I haven’t made a comment upon it because I didn’t know this person. I knew of them, of many of their great works and deeds and philosophies. Didn’t agree with some of them, but there you go. Anyone who knew anything about this person knows that the world is much worse off to not have them in it, so no one needs to hear that from me. Speaking about their circumstances specifically though is something I still don’t feel comfortable about. It feels to me a bit too much like some sort of leveraging of grief in order to just make statements about oneself.

Yes, I do realise that by just saying that stuff I have passed comment and now you all know something of my politics and beliefs so I’m really cool for how much I care right? Well, I couldn’t avoid it as otherwise it ends up coming across like, “I don’t care that they died; I didn’t know them.”

This particular incident though, being fodder for Internet discussion by persons not closely emotionally tied to the deceased, has lead to me now seeing quite a few people expressing views like, “don’t hero-worship someone who killed themselves, they’re weak and selfish.” Or, “I’m so disappointed in them that they felt this was necessary.” Like, publicly expressing them, for the world to see. Some influential people.

I still, weeks later, can’t quite put into words how much I am disgusted with these sorts of comments, or even exactly why I am. This is my best attempt so far and it’s not really going very well is it?

This is not about the individual concerned; these are views that some people express whenever there is a suicide that is notable enough to be a topic of discussion, but emotionally remote enough from them that they feel able to “speak their minds.”

There is just some shocking level of arrogance involved when you say that someone was weak, selfish, acted shamefully, disappointed you (YOU, for fuck’s sake!) by ending their own life.

I don’t entirely (thankfully) know what goes through someone’s mind when they decide to end it all but I am pretty sure that they are in such a bad place that any thought of what other people will think has long ago ceased to have any positive effect and probably has the opposite instead.

I don’t know how to stop people killing themselves through despair. I don’t know what the best strategies are. But please just stop acting like suicidal people feel they have some sort of choice, that if they would just not let everyone down so much it would go better for them. I can’t begin to imagine that helps.

Their action must have come from a place where they truly believe no choice exists, and if you can’t sympathise with that then please at least maintain a respectful silence.

Scanning for open recursive DNS resolvers

A few days ago we unfortunately had some abuse reports regarding customers with DNS resolvers being abused in order to participate in a distributed denial of service attack.

Amongst other issues, DNS servers which are misconfigured to allow arbitrary hosts to do recursive queries through them can be used by attackers to launch an amplified attack on a forged source address.

I try to scan our address space reasonably often but I must admit I hadn’t done so for some time. I kicked off another scan and found one more customer with a misconfigured resolver, which has since been fixed.

After mentioning that I would do a scan I was asked how I do that.

I use a Perl script I’ve hacked together over the last couple of years. I took a few minutes to tidy it up and add a small amount of documentation (run it with --man to read that), so here it is in case anyone finds it useful:

Update: This code has now been moved to GitHub. If you have any comments, problems or improvements please do submit them as an issue and I will get to it much quicker. The gist below is now out of date so please don’t use it.

Using the default 100 concurrent queries it scans a /21 in about 80 seconds (YMMV depending upon how many hosts you have that firewall 53/UDP). That scales sort of linearly with how many you do, so using -q 200 for example will cut that down to about 40 seconds. It’s only a select loop though so it’ll use more CPU if you do that.

Two things I’ve noticed since:

  • It doesn’t handle failing to create a socket with bgsend so for example if you run up against your limit of file descriptors (commonly ~1024 on Linux) the whole thing will get stuck at 100% CPU.
  • One person reporting a similar situation (bgsend fails, stuck at 100% CPU) when they allowed it to try to send to a broadcast address. I haven’t been ale to replicate that one yet.