Comment Re:The grey line of theft (Score 1) 276
That £40 - £60 per year is my entire entertainment budget for the year! If truth be told I can't really afford that much, a good 50% is gifts of vouchers at christmas and my birthday.
Question : What is lighter than any known gas ?
Answer : Vacuum
Question : Can we make a rigid "balloon" sufficient to withstand a high enough level of vacuum so as to be lighter than air?
Thinking carbon60 or carbon nanotubes here....
Answer : ?????
Randomly assigned IP addresses can be static or dynamic. You assign one static to each machine and let it generate dynamic addresses on its own. For incoming connections you use the static IP of the machine. For outgoing connections you use one of the dynamic IP addresses of the machine.
Thank you for this, it forced me to re-read the faq (http://www.faqs.org/rfc/rfc3041.txt). I must admit that had been focusing on it's primary declared relationship to "Stateless address autoconfiguration [ADDRCONF]", and failing entirely to grasp the "may also apply to interfaces with other types of globally unique and/or persistent identifiers" part.
Too many people with that attitude is the reason for the mess we have now.
Some of us are either more cautious, or less well informed. I was both, now I am merely cautious. I will gladly and with thanks, move on to basic connectivity testing rather than waiting.
If you have information regarding implementing Security Enhanced Neighbour Discovery please link it as this is now the final hurdle for me.
Did you even watch the video you linked to?
I did, and from it I headed down the path that you are on. That was until I also wanted a firewall as well as randomisation. If you implement a default deny firewall and are running randomised addresses, just how do you open a port ? Or otherwise grant access for inbound connections ?
All the flaws of NAT but without any of the benefits.
I am sure that there is a solution to this problem, it just has yet to be released.
I am just willing to wait for that or until ipv6 reaches critical mass and I am forced.
1) Whether it is an IPv6 address or an IPv4address+DNAT port, the exposure is the same, the outside world has a door into a specific system.
Unless you are running the ipv6 privacy extensions
http://playground.sun.com/ipv6/specs/ipv6-address-privacy.html
http://www.faqs.org/rfc/rfc3041.txt
My thought is that running an open wifi does not provide plausible deniability. It's more likely that someone will do something malicious behind your gateway and you'll take the blame than vice-versa. *Especially* if you seem technically capable, the fact that you explicitly left your wifi open would be taken as a sign you were *trying* for plausible deniability. Face it, for the residential case, *there is no plausible deniability*, at least with respect to traffic that originates from your residence, *unless* you have a trusted proxy shared with others out there that you *know* won't retain enough data to trace your identity. The only way to have plausible deniability is to find an open-wifi somewhere and hope there's no security camera. If it is some poor sap's house, then they will probably get blamed, if a business, that business may be required to discontinue open wifi under legal pressure.
Here I think we will have to agree to disagree. Particularly when you consider some of the advantages to the privacy extensions. My point is that at present, there is no happy medium. You have a choice between a centralised traditional firewall, and a decentralised randomised more privacy friendly solution.
I think we can agree that ipv6 could be far better than it is with what we know today verses when it was designed 15 years ago. I'm just willing to wait a little longer for my feature set than you are for yours.
How is that different from your NAT today? If you want to accept incoming connections, you must tell your NAT box a port to DNAT map from your external thing to something internal, defined by, surprise surprise, a static entry.
The differences are
1) A single static ip address in ipv4 can be either a single device or a NAT gateway. In ipv6 it is guaranteed to be a single device.
2) The perception that since a static ipv6 address is just one of the possibilities out of a 64bit subnet, that this renders address scanning useless. This perception is blatantly false, as without address randomisation you leave "footprints" everywhere you go hence the privacy extensions. Who needs to scan for your address when you leave it wherever you go ?
The current implementations of ipv6 leaves you the choice between security and privacy - you cannot have both.
If you choose security you cannot even have plausible deniability by running an open wifi as all ipv6 addresses are unique.
If on the other hand you choose privacy, then you cannot implement a default deny firewall as this would require a whitelist listing all of the allowed ipv6 addresses - something that you cannot provide if you are randomising your ip address as per the privacy rfc.
I will wait until someone figures out how to do both before I consider going live with ipv6.
Life is a healthy respect for mother nature laced with greed.