Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
User Journal

Journal Journal: Lighter than air ? 2

Question : What is lighter than any known gas ?
Answer : Vacuum

Question : Can we make a rigid "balloon" sufficient to withstand a high enough level of vacuum so as to be lighter than air?
Thinking carbon60 or carbon nanotubes here....
Answer : ?????

Comment Re:Yay (Score 1) 247

Please mod parent up !

Randomly assigned IP addresses can be static or dynamic. You assign one static to each machine and let it generate dynamic addresses on its own. For incoming connections you use the static IP of the machine. For outgoing connections you use one of the dynamic IP addresses of the machine.

Thank you for this, it forced me to re-read the faq (http://www.faqs.org/rfc/rfc3041.txt). I must admit that had been focusing on it's primary declared relationship to "Stateless address autoconfiguration [ADDRCONF]", and failing entirely to grasp the "may also apply to interfaces with other types of globally unique and/or persistent identifiers" part.

Too many people with that attitude is the reason for the mess we have now.

Some of us are either more cautious, or less well informed. I was both, now I am merely cautious. I will gladly and with thanks, move on to basic connectivity testing rather than waiting.

If you have information regarding implementing Security Enhanced Neighbour Discovery please link it as this is now the final hurdle for me.

Comment Re:Yay (Score 1) 247

Did you even watch the video you linked to?

I did, and from it I headed down the path that you are on. That was until I also wanted a firewall as well as randomisation. If you implement a default deny firewall and are running randomised addresses, just how do you open a port ? Or otherwise grant access for inbound connections ?
All the flaws of NAT but without any of the benefits.

I am sure that there is a solution to this problem, it just has yet to be released.

I am just willing to wait for that or until ipv6 reaches critical mass and I am forced.

Comment Re:Yay (Score 1) 247

1) Whether it is an IPv6 address or an IPv4address+DNAT port, the exposure is the same, the outside world has a door into a specific system.

Unless you are running the ipv6 privacy extensions :
http://playground.sun.com/ipv6/specs/ipv6-address-privacy.html
http://www.faqs.org/rfc/rfc3041.txt

My thought is that running an open wifi does not provide plausible deniability. It's more likely that someone will do something malicious behind your gateway and you'll take the blame than vice-versa. *Especially* if you seem technically capable, the fact that you explicitly left your wifi open would be taken as a sign you were *trying* for plausible deniability. Face it, for the residential case, *there is no plausible deniability*, at least with respect to traffic that originates from your residence, *unless* you have a trusted proxy shared with others out there that you *know* won't retain enough data to trace your identity. The only way to have plausible deniability is to find an open-wifi somewhere and hope there's no security camera. If it is some poor sap's house, then they will probably get blamed, if a business, that business may be required to discontinue open wifi under legal pressure.

Here I think we will have to agree to disagree. Particularly when you consider some of the advantages to the privacy extensions. My point is that at present, there is no happy medium. You have a choice between a centralised traditional firewall, and a decentralised randomised more privacy friendly solution.

I think we can agree that ipv6 could be far better than it is with what we know today verses when it was designed 15 years ago. I'm just willing to wait a little longer for my feature set than you are for yours.

Comment Re:Yay (Score 1) 247

How is that different from your NAT today? If you want to accept incoming connections, you must tell your NAT box a port to DNAT map from your external thing to something internal, defined by, surprise surprise, a static entry.

The differences are :
1) A single static ip address in ipv4 can be either a single device or a NAT gateway. In ipv6 it is guaranteed to be a single device.
2) The perception that since a static ipv6 address is just one of the possibilities out of a 64bit subnet, that this renders address scanning useless. This perception is blatantly false, as without address randomisation you leave "footprints" everywhere you go hence the privacy extensions. Who needs to scan for your address when you leave it wherever you go ?

The current implementations of ipv6 leaves you the choice between security and privacy - you cannot have both.
If you choose security you cannot even have plausible deniability by running an open wifi as all ipv6 addresses are unique.
If on the other hand you choose privacy, then you cannot implement a default deny firewall as this would require a whitelist listing all of the allowed ipv6 addresses - something that you cannot provide if you are randomising your ip address as per the privacy rfc.

I will wait until someone figures out how to do both before I consider going live with ipv6.

Comment Re:Yay (Score 1) 247

But why do you care if they're known outside your network? You have a stateful firewall that protects them from the world. Here's my printer's IPv6 address: 2001:453:da65:1:94ab:7c00:8cba:beb5. Go ahead, have fun trying to connect to it.

You have far more confidence in your firewall than I have. One slip in the coding, one unchecked buffer is all that it takes for it to be breached.

Yes, of course. Why wouldn't you?

Privacy.
http://playground.sun.com/ipv6/specs/ipv6-address-privacy.html
http://www.faqs.org/rfc/rfc3041.txt

Comment Re:Yay (Score 1) 247

Then post your password here and/or SSH private key here. "Security through obscurity" is not remotely close to what you think it means.

Those are secrets that have no existence outside of my network. Unlike IP addresses. I believe you are mistaken in equating them.

Set your firewall policy to "default deny" and whitelist connections you specifically want to allow. This has been the correct way of building firewalls since the idea was first invented.

Why? You don't have a firewall on your router? Again, "default deny": don't open up a rule that allows random Internet hosts to connect to your toaster.

And what prey tell should I do for my PC ? Set a static ipv6 address to be entered into the whitelist ?

Pull the other one it's got bells on.

Comment Re:Yay (Score 1) 247

Security though obscurity is no security at all.

For every website or service you encounter on the internet you have to provide an address to which replies can be sent.

Who needs to port scan ?

Port scanning is not even as difficult as was first believed : http://www.youtube.com/watch?v=c7hq2q4jQYw

Address randomisation does not even begin to solve the problem, in fact it makes it worse. How can my firewall be expected to know the difference between an address generated by my network printer that should not be seen from outside my network and one from a pc that should ?

So now even my network printer (toaster, fridge, whatever) needs a built in firewall with guaranteed bug fixes.

When was the last time you saw a printer or other device manufacturer fixing such security flaws in a timely manner ?

And this is progress ????

Auto configuration is a nightmare. I want to be alerted to the addition of any kit to my network and be given the choice to allow or disallow access to my resources before whatever it is starts to use the limited data allocation that is my internet connection, starts to print a copy of wikipedia or otherwise use resources that cost me time or money.

Before anyone chimes in with "Security Enhanced Neighbour Discovery" - find me a howto that shows the proper configuration of "SEND" that creates a secure network of Windows and Linux machines..... Go on... I'm not holding my breath......

Comment Re:Is autonomous such a hot idea ? (Score 1) 133

As per the link : http://en.wikipedia.org/wiki/List_of_driverless_trains

There is only one fully autonomous train system in the world today. The Copenhagen Metro.

I have no experience of this system and would readily defer to someone who has or does use it.

Justice is not a matter of money.

Particularly when applied to the corporate world. No jail time no worries, kill someone, get caught, pay a fine that you probably have specific business insurance to cover.

For as long as the company's "death" rate does not cause the insurance to cost too much, then it's business as usual.

Proving liability in the first place is likely to be troublesome, as these are likely to be closed systems, can a private individual gain access to the source, schematic or datalog to verify the cause of an accident ? Or do we just trust without verifying the makers ?

Comment Re:Is autonomous such a hot idea ? (Score 1) 133

Asking for a system that can not only track, but identify correctly at speed from a moving platform everything that could cause it to alter it's maneuvering is a bit much. Particularly when you need to take into account variable levels of light, weather (rain / fog / mist).

"That is not to say that the computer couldn't easily have a decent amount of situational awareness"

Predefined "caution areas" are so far from being situationally aware it is not funny. For an autonomous system, it has to be "aware" at all times. In order to be aware it needs to know not only "Where are things in relation to me ?" and "How are they moving in relation to me ?" you also need to know "What are these things ?" and knowing these answers gives you input into the "How are these things likely to behave in relation to me ?" question.

For our current systems we can know in realtime faster than human reflexes, the where and how things are moving questions. What we have difficulty with is the "what" - is it a manikin, a human a statue or a large dog on it's hind legs ? This is a question that we cannot currently compute in realtime. Hell we can't even reliably discern a dog from a cat with our current technology.

Even an over cautious system is worse than no system as every hesitation or slow down due to over cautious behavior has huge ramifications in the overall traffic flow.

And if it is so possible - why have we not got autonomous trams or trains? Surely as there are no "turns" and fewer human interaction areas these should be the first to be experimented with, before moving into areas with higher degrees of mobility, and greater risks to the public should a vehicle "crash" in any sense of the word.

Comment Re:Is autonomous such a hot idea ? (Score 1) 133

I doubt that we are within 50 years of having the combination of the stability of our existing embedded systems, with the computing power and complexity required.

We are even further away from the programming paradigms and AI models that will allow us to build systems such as these that need to be able to cope safely with even the most unlikely events.

Dealing with pedestrians of all shapes, sizes, ethnicities appearing from the side of the road, stepping out, possibly from between parked cars, will be one of the tougher sets of tests.

Having to identify not only the potential for danger, but also recognizing when it is safe as the individual is loading the boot of their car and not about to cross the street.

"Seeing" is but one part of an incredibly complicated system, understanding - comprehending so as to properly adjust for potential future events is something else. "See" a ball bounce into the road in front of you - think child.... As an autonomous system, just how long should it wait for the ball to be collected before it considers it "safe" to proceed ? It can't exactly get out and move the ball itself...

Comment Re:Something should be done but not this... (Score 1) 133

I agree that the cancer figures are way out - should be more in the 1 in 30 range :
"Over one in four people die from cancer. Cancer accounted for 30 per cent of all deaths in males and 25 per cent in females.

The four most common cancers accounted for nearly half of the 127,800 deaths from cancer (including non-melanoma skin cancer) in England in 2007. Of these, 66,500 of the total were in males and 61,200 in females."
http://www.statistics.gov.uk/cci/nugget.asp?id=915

However the road deaths are more accurate :
"The total number of deaths in road accidents fell by 7 per cent to 2,946 in 2007 from 3,172 in 2006. However, the number of fatalities has remained fairly constant over the last ten years."
http://www.statistics.gov.uk/cci/nugget.asp?id=1208

Comment Re:Is autonomous such a hot idea ? (Score 1) 133

As it would seem to be only Toyota that is affected I would consider this a Toyota specific system fault. Be that in their design or implementation, something is clearly different from that done by the other manufacturers.

To claim that it is "a glitch between the pedal and the chair" without considering that no other manufacturer has such a high incidence of this problem is short sighted at best.

"Thankfully computers won't get confused and stomp on the gas instead of the brakes."

This requires "expert systems" capable of recognizing, in real time, when it is safe to swerve to avoid one pedestrian, and unsafe when such a maneuver would kill two on the roadside rather than one in front. The code to handle that is going to be somewhat complicated, identifying "humans" in real time from any angle (are the two objects on the side of the road bins? or are they humans bent over tying their laces ?) is not a simple question to answer for a computer.

Computer VISION is one thing, SITUATIONAL AWARENESS is "a whole different ballgame".

And your computer never crashes ? Now put it in charge of your transportation.

Rather you than me when it kernel panics, blue screens or otherwise literally crashes.

Slashdot Top Deals

Vitamin C deficiency is apauling.

Working...