And actually, I should say this -

By switching over to Google Apps, I actually saved money. I was paying Linode 10 bucks a month for a VPS. I pay Google 8.33 a month for 2 users (me and my wife), so I ended up saving money and time with the change over. It was a no brainer

I'm pretty sure the only thing they drop is mail with infected attachments. Everything else they think is junk gets sent to the spam folder.

I mean hell, I had more problems with false positives from Outlook marking crap as junk than I ever did from Google, until I decided to just turn off the Outlook junk filtering and trust Google instead

For the technically savvy, sure. For the average everday user, this option is right out.

This is what I used to. Unfortunately, keeping my spam filters up to date ended up being a pretty major chore. Even with blocking everything but english, I still spent more time than I wanted training the filters what was spam and wasn't.

So I started to think about how to fix this. Then I realized that my gmail account rarely, rarely gets spam.

So I setup Google Apps for Work and moved my domain email hosting over to that. It's worth the 5 bucks a month.

And I fully agree, anyone using their ISP's email service is a bad nerd. Not being able to take it with you, or having crap like the Comcast fiasco's where they give your email address to someone else accidentally is just shooting yourself in the foot.

Me? I want the control over my email addresses, but I'm perfectly happy to outsource the filtering chore to Google since they're really good at it

Windows 8 was doomed simply because it was a radical shift from what people had been used to going back to Win95. Sure, In between Win95 and W2k there was some face lift stuff done to the UI to tweak and polish it, but basic functionality remained the same - Click Start, find your program, click on it, go to work. If you needed to fiddle with settings, you click on start and click on Control Panel

Trying to cram a touch screen style interface down the throats of point and click users..... of course that was going to end badly.

I personally don't upgrade my windows versions quickly and easily. I stuck with Win95 until Win98 SE, then upgraded to W2k after SP2, XP after SP2, skipped Vista entirely, and upgraded to Win7 when games I wanted to forced me to.

Looks like I'll be skipping Win8 entirely too. I will certainly take a look at Win10 when it becomes available, and I might consider upgrading to it if the UI isn't too much of a pain in the ass.

Hopefully Microsoft has learned that there's no money in the desktop OS market anymore, not with other vendors providing cheap or free installs and updates.

If Microsoft makes Win10 something that's not a pain in the ass to use, for a relatively cheap price, and capable of joining an AD domain, I'll probably use it on a more permanent basis, but probably not for the first couple years of it's life unless there's a *really* compelling reason to do so

Ok, that is not a security benefit. If a device doesn't have ports open for something outside to connect to, there's no connection possible period, NAT or no NAT.

If a device does have ports open, that usually implies that you want things to connect to it. In order to make that happen, you have to forward the port on the NAT device, which defeats any 'security' you think seems to exist.

Now, lets say you have a bunch of servers behind your border device that have SSH enabled, and you only want, say, one of them to be accessible from outside the border device, but you don't want the others to be connectable.

All that takes is a rule in the stateful firewall.

There's no security benefit there. I could leave a crapload of publicly addressed Windows boxes with the RDP port open behind a firewall, and no one outside is going to be able to connect to it, because my stateful firewall drops all inbound traffic that isn't part of a flow I initiated by default. I don't need NAT for that.

There's your problem, believing that NAT is what drops new traffic. That is not a function of NAT. That is a function of the stateful firewall that is enabled on the NAT device.

If my device is 192.168.1.1 sending on port 10000 (global address 1.1.1.1) to 2.2.2.2 port 80, that creates a NAT entry for that translation. If 2.2.2.2 responds from port 80 to 1.1.1.1 on port 10000, that is going through the NAT, as there's already a state for that translation.

Whether the connection is actually allowed is determined by the stateful firewall, ie is this flow new, related, or established

Yeah, so you think that you can't attack end hosts directly just because they're sitting behind a NAT?

It's perfectly possible to craft malicious packets and send them past the NAT to the desired end host. The NAT device will happily translate evil packets just as easily as the non-evil variants.

Do not mistake the protection that a stateful firewall provides as protection provided by NAT.

I cannot believe that, in this day and age, security through obscurity.

I don't think you've quite thought this through. With a single /64, you have alot more IP's than is posible in the entire v4 address space. In a sane deployment, you're probably using SLAAC to address your hosts, which means your hosts aren't conveniently labelled xx::1, xx::2. and so on.

Go ahead and port scan a single /64 to find out how many hosts are active. I won't wait, but it'll keep you from getting into trouble for a good long while. This is assuming the owner of that /64 was stupid and didn't do any firewalling.

Oh, and by the way, if you can actually sniff the feed at the ingress/egress point, you can still tell how many hosts are behind an ipv4 NAT.

Idjuts thinking that NAT is a security feature is one of the things holding back ipv6 deployments

The provisions expire midnight Jun 1, 2015, not May 31, 2015.

So, as of right now, and as of the time you posted, the provisions have not expired.

However, the program is already in shutdown, as they had to start turning it down early in order to be in compliance with the midnight expiration

The sad part is that the act just moves the spying to your communications provider. And part of the bill gives them immunity for providing the records (section 105) and also to compensate them for doing so (section 106)

The USA Freedom Act is the same crap, this is just Capitol Hill Monte being played. About the only good thing about the act is that companies will actually be able to admit their under FISA gag orders.

Depends. If the botters have switched over to buying WoW Tokens for their game time, then Blizzard doesn't lose a dime in revenue

The Samsung's will do the same thing. I speak from direct experience

Full Disclosure: I am a network ops engineer for Comcast.

Anyone who believes that buying private links into a providers network is the same as your traffic getting paid priority knows jack shit about network ops. In the case of Comcast, Netflix traffic gets no special priority once it's on the internal network. The direct links simply lets them bypass the naturally occurring bottlenecks that occur at internet peering points.

Now I'm sure a bunch of people (who are not network engineers) are going to argue over the wording and philosophy as to whether or not buying paid links into a providers network constitutes priority or not. It's not. In network operations, priority is a very specific concept. It means that you treat one class of traffic better than others, usually to the detriment of other classes of traffic. As an example, e911 voice traffic has the *highest* priority on the Comcast network.

Comcast does not treat Netflix traffic any better than anyone else's traffic. Nor is it treated any worse. It is forwarded as Best Effort within the Comcast network.

The only difference that buying direct links in meant was that they got to skip the congestion in the peering points. Comcast has alot more bandwidth internally and once traffic makes it into the network, congestion is not usually a problem (things do break, redundant links become saturated, etc. It's a big network, but in normal operation mode, congestion doesn't exist). What little prioritization we do has alot more to do with latency than with congestion (ie, your phone call is more important than your massive porn transfer, since voice is alot more sensitive to delay than bulk data transfer).

Is that techdirt did virtually no research on the issue, they just passed along what Golden Frog said in their filing.

Which brings me to the *really* scary part.

A company which provides VPN service should reasonably expect to have a clue when it comes to network operations.

Not only did this company not have the chops to figure out that 'someone may have incorrectly configured a firewall!', oh no. They decided to compound their inadequacy by including it in a filing to the god damn FCC.

So many levels of failure involved in this.

What obligation would that be? I don;t think you understand what obligation means.