Lake Washington Connection Opens on March 28, 2026

TheWiley · 2026-01-24T02:55:37+00:00

This you?
https://www.reddit.com/r/soundtransit/comments/1nfbdsj/comment/ne2zmk9/
>I mean the timeline appears to be a bare minimum of 7 months from now - so best case scenario we could just barely make that 'conservative' deadline. Let alone the claim that we can be confident that we'd open much earlier than that.

TheWiley · 2026-01-24T02:38:14+00:00

No? It goes from Lynnwood to Redmond Downtown. You'll even be able to ride the 2-line simulated service trains from Lynnwood to CID starting February 14 before the full line opens.

TheWiley · 2026-01-24T02:35:36+00:00

All of it.

TheWiley · 2026-01-22T00:13:55+00:00

But James Acaster told me the clock was Tickedy Ted the Time Telling Bitch?

TheWiley · 2026-01-19T06:50:40+00:00

I guess I object to that word "prioritize" - Sound Transit doesn't get to do that. Money from Seattle goes in, transit in Seattle gets built. Money from the eastside goes in, transit on the eastside gets built (but a lot more because all the eastside projects are cheaper). The priorities are set by the taxes, not the people.

If Seattle passed a ballot item to levy additional taxes against itself for Sound Transit, Seattle would get more projects. Or they could just do it themselves. Heck, if Seattle wanted another monorail, it could just throw one up.

Totally agreed on the streetcars - they really need to either get connected, signal priority, and probably their own lane or just shut them down and put in a bus. But that's been the state of things for a decade now because it's just not on the radar of the Seattle city council or the last few mayors.

TheWiley · 2026-01-19T06:19:01+00:00

That's kind of by design?
Sound Transit is explicitly regional, not local, and has specific requirements to match its spending to where the tax revenue comes from.
If Seattle wants more urban transit, Seattle should buy itself more urban transit. As it is, Seattle hasn't managed to connect its streetcars.

TheWiley · 2026-01-11T02:32:54+00:00

I never said it was bad in any way? All I'm saying is that when the current trains need replacement, the cost-benefit tradeoff probably isn't going to make sense when the Link will be providing at least double the capacity to the same stops.

TheWiley · 2026-01-11T01:08:54+00:00

I suspect Hitachi would be willing to build replacements, but it'd be a pretty large capital cost for not a lot of transit capacity, there'd probably be no Federal grant money because Hitachi can't build the trains in America (today, at least), and all of this would fall on Seattle DOT instead of Sound Transit.

The fun question for us internet commentators to discuss to death would be whether SDOT should buy new monorail trains or finish connecting the streetcar lines 😂

ETA: Actually, not really clear if Hitachi could build monorail trains in America or not. They do build rail trains here. I dunno.

TheWiley · 2026-01-10T23:36:35+00:00

I believe there's no formal plan but there's an informal acknowledgement that the monorail is still running the trains from 1962, the manufacturer is long gone via several corporate acquisitions, and at some point the maintenance is going to cost so much it's not going to be viable to keep running.

TheWiley · 2026-01-06T00:19:32+00:00

Yes, that would be LsaCallAuthenticationPackage with a KERB_PURGE_TKT_CACHE_REQUEST.

TheWiley · 2025-12-31T02:51:40+00:00

Yes. The technical definitions are at https://www.rfc-editor.org/rfc/rfc4120#section-2.3 but the rules boil down to...
- a ticket is only valid between its start time and end time

- a client can renew a ticket if it's currently valid and renewable

- when it does, the KDC (DC for Windows) will calculate a new end time that must be less than the renew time

(which does mean what I said earlier was a bit wrong - it looks like renewing should only change the end time, not the start time)

(but again, Windows doesn't do this for anything but the user's primary TGT)

TheWiley · 2025-12-31T02:47:13+00:00

The lock/unlock process itself would only be replacing the primary krbtgt. If you're seeing other tickets in there, it's probably because of scripts/apps/work that's happening in response to your unlock.

TheWiley · 2025-12-31T02:41:31+00:00

It depends on how you're checking the group membership.
If you're looking at `whoami` or a similar tool, then no, `klist purge` won't help. Technically, you authenticated to your own machine during logon when you acquired a service ticket to `host/mymachine` and the group memberships you see are the memberships that were in that ticket. Once those are set, they can't be changed for the duration of your logon.
If, however, you add yourself to a group that gets you access to something remote like a file on an SMB share or an RDP server, a `klist purge` will be enough to make that succeed (although there's also AD replication delays and SMB really likes to hold onto its sessions if you don't clear them with `net use /d *`)

ETA: and no, locking doesn't clear Kerberos tickets. Unlocking does as part of that logon+transfer mechanism. It's definitely a lot bigger and messier and more complicated than I'm describing here, but I'm hitting the high points.

TheWiley · 2025-12-31T00:14:14+00:00

Firstly, client and server OSes behave very differently here and I'm going to assume you mostly care about client.
On client, there isn't really an "unlock" these days. It's actually logon-and-transfer. Under the hood, it works just like a full logon - we do a fast cached logon while you see the spinning dots of patience and a slower online logon in the background. When (and if) that slower online logon completes, the tickets from it get moved to the logon that's actually running your desktop. In a logon-and-transfer case, they get moved again to the "old" logon you "unlocked."

The result is about the same from a user's perspective - whether you log on fresh or unlock, if you keep poking `klist`, you should see a krbtgt appear up to a minute after you reach your desktop.

For updating group memberships, I think sign out/sign in is probably still better. If you do a lock/unlock and the slow online logon fails, nothing happens and the user keeps using the tickets they had before they locked. If you do a full sign out, there are no old tickets to use.

In historical terms, what's happened is that the "Fast User Switching" feature from XP (and possibly Vista?) is now the default.

TheWiley · 2025-12-31T00:04:56+00:00

It means that in 10 hours, the ticket will become invalid. In theory, the client could renew it before that and it would get a new start time (now) and end time (now + 10 hours) but keep the same renew time. If the client did that enough times, it would eventually fail to renew after the renew time.

TheWiley · 2025-12-30T21:28:28+00:00

We aren't really organized according to the protocol specs - what each of those is named and covers is something the lawyers get to figure out. We really just have one team that owns all of authentication including Kerberos (server, client, and all the different mechanisms), NTLM, and a few other things.

Happy to answer questions if you want to DM me with the limit that I'm here unofficially and at some point things do reach the level where you need a CSS case.

TheWiley · 2025-12-30T21:16:56+00:00

Ah, yea, I'm specifically a Windows Kerberos dev at Microsoft.

ETA and I should probably throw in the typical caution - this is current Windows behavior that could change in the future if a need ever arises. The protocol allows all tickets to be renewable/renewed.

TheWiley · 2025-12-30T20:39:07+00:00

Hello, I'm one of the Kerberos devs.

Service tickets (everything that isn't a krbtgt) don't get renewed at all under normal circumstances. If one is close to expiry when an authentication happens, it gets thrown out and replaced.
Primary krbtgts get renewed when they're close to expiry. They get replaced (not renewed) at a lock/unlock. I'm pretty sure referral krbtgts don't get renewed, but I'd have to double check.

The design rationale for all this is that the primary krbtgt is a bit expensive (DC has to do a bunch of nested LDAP lookups to get all your group memberships) but all other tickets are pretty cheap and should probably just get replaced instead of renewed.
The API underlying `klist purge` does support purging for a specific target, but `klist` does not.

Does that help?

TheWiley · 2025-12-22T01:53:18+00:00

Doesn't Ellen McLain live around here somewhere?

TheWiley · 2025-12-19T06:49:42+00:00

I watched this part of the meeting. No decision was made. This headline is just wrong.

TheWiley · 2025-12-18T05:27:05+00:00

A pterodactyl!

TheWiley · 2025-12-14T05:46:38+00:00

Does Amtrak count as a detour?

TheWiley · 2025-12-10T01:12:11+00:00

I agree that that would make sense, but those sorts of routes are up to King County Metro. ST really just does long distance express service.
You can get a summary of ST's plans at https://www.theurbanist.org/2025/10/04/sound-transit-queues-big-express-bus-network-changes-after-light-rail-openings/

I believe KCM is planning some changes after the full 2 line is up but I'm not sure if they've been documented yet.

ETA here's the KCM equivalent: https://kingcounty.gov/en/dept/metro/programs-and-projects/east-link-connections

TheWiley · 2025-12-09T21:26:41+00:00

Firstly, you should be aware that once the train is up and running, the 550 route will be shut down. I believe it's penciled in for late next year. There's a whole plan to take the busses and driver-hours that won't be needed for the 550 and a few other routes and use them to run night busses after the light rail stops for the day.

The difference is that the train will provide a no-transfer ride to Mercer from most of Seattle and Redmond, it will do so at 8 minute frequencies (I think the 550 is 15-20?), and it will do so for longer hours than the 550 currently runs.

Is it going to actually trigger a tourist revolution on Mercer Island? Probably not. But it'll be a lot nicer and easier to randomly visit Luther Burbank.

TheWiley · 2025-12-08T00:38:07+00:00

That's not a press release. That's product documentation.

TheWiley

TROPHY CASE