If your home network has a /64, there are 2^64 possible addresses for a script kiddie to check for a device.

If you use privacy addresses, this means a script kiddie who is able to scan one million hosts per second is going to take around 600,000 years to get through the whole subnet.

If you use link identity addresses, that might reduce to 6,000 years or so.

I run v6 with a trivial firewall: allow established, allow inbound port 22, 80, >= 1024, allow ICMPv6, deny all other packets.

(If you do set up a v6 firewall, make sure you allow ICMPv6; there's no packet fragmentation in v6 so if you discard packet too big messages you'll break your v6 and be part of the 0.01% that gives big vendors like Google the willies about losing).

I haven't tried using it in any place noisier than the inside of my car with the windows up and no passengers. It doesn't start interpreting sounds as voice until I explicitly tell it to, so I've not pocket-dialled someone by farting yet.

I expect it would not work particularly well in noisier conditions. If that's the use case you'd have for voice recognition, then the technology probably isn't mature enough for you yet, but for my use case, it's good enough to be using now.

Shrug, goodbye karma, but my iPhone's voice recognition does pretty well. Needs you to tell it to listen, repeats what it's going to do before it does it so you can cancel when it does get it wrong.

100% success rate for the number I call most often, probably around three quarters successful for the other numbers I very infrequently call - so maybe it just seems good to me because of the specific circumstances I use it in.

The HTC Touch Pro 2 uses a Qualcomm CPU with a gpsOne aGPS module. The iPhone 4 uses a Broadcom BCM4750 single-chip aGPS.

The tracking sensitivity on the gpsOne is -160dB, with TTFF of 1s/29s/35s for hot/warm/cold startup. Power consumption data not available; it's always part of the CPU.

The tracking sensitivity on the BCM4750 is -162dB, with TTFF of 0.5s/30s for hot/cold startup. Power consumption is 13mW.

The BCM4750 is a better aGPS chip, but mostly due to its greater sensitivity and independence from CPU choice - there's not a lot of difference in TTFF between the two.

If you get fix times in under 10sec, but over 1sec, the phone is probably providing hints via a cache.

Given I have a 3GS with the much poorer Hammerhead II aGPS chipset, patch 4.3.3 is a pretty big net loss for me; I think I'll just skip it until I'm forced to take this Apple bashwagon generated downgrade as a part of a major release upgrade. :(

Airplane mode turns off (stops sending power to) all the wireless communications chips in the device: cell, gps, wifi, and bluetooth. You can't get location information while in airplane mode.

You can turn wifi back on while in airplane mode, but the BCM4750 will still be off, and you will still get no location information.

If Apple don't really disable the chips in airplane mode in order to keep tabs on where you are, they'll likely lose their accreditation for it, so I'm pretty sure they really do disable the chips.

Since neither subby nor the self-serving linkfarm reblog site they submitted bothered to either link to the Arbor Networks article, or read it beyond the first few paragraphs, here it is.

A better summary might be that native IPv6 usage has "more than doubled" in the past six months, while tunneled IPv6 has declined. This is exactly what we'd hope to see, but maybe not as catchy a headline?

The other big issue with NATs is traversal. You can't run bittorrent at all unless most hosts on the internet can be directly reached; it relies on peers being directly addressable.

When the NAT is on your home gateway, you (or your software) can instruct it to forward certain ports to certain hosts inside the NAT. When the NAT is run by the ISP, shared by hundreds of users, you can't do that - contention for the well known ports makes it impossible.

But clever people have realised that a NAT will often redirect all connections on a particular port back to you if you open up just one connection on that port. So if you can find a willing host to report back what port you've just connected from, you can tell others to use that.

Which breaks if you try to be clever about using the full (host, port, port, host) tuple to identify each connection.

You also have a scalability issue if you try to shove thousands of users onto a single address; storing and searching the state table for hundreds of thousands of mappings requires hardware that hasn't been built yet.

You're quite right. He should be tried immediately for his crimes.

Oh wait, that's what the fucking problem is - he's being held without trial in inhumane conditions.

The two things that jumped out at me were that Moxie has made a faulty assumption on the trust model of DNSSEC, and that Moxie has made a faulty assumption on the trust model of web certification.

Web certification is for relying parties to determine that a host is authorised to act on behalf of a domain holder.

DNSSEC is for relying parties to eliminate the need to trust the distributed database of DNS.

The question at the bottom of the article would lead to this if it were actually answered. Who do I need to trust, and for how long?

For the current model, I need to trust the hierarchical DNS authority system, because they hold the fundamental truth of the DNS data. I need to trust the distributed DNS database system, because I have no way to check that the answer I got is the answer the domain holder published. I also need to trust the entire CA set, because they're the ones who provide a bridge from the domain holder to me.

For the DANE model, I need to trust the hierarchical DNS authority system, because they still hold the fundamental truth of the DNS data.

In both cases, "for how long" gives the useless answer of "forever."

TL;DR: Moxie has pointed out that we place an awful lot of trust in the DNS operators, but failed to demonstrate that DANE or DNSSEC is a poor substitute for the current CA system.

The only thing CAs check before issuing a certificate is whether the cheque has cleared.

You say that now, but eventually they will learn and adapt to the modern environment, and blame the other robot driver for not looking where the hell it was going, or the car manufacturer for a sudden acceleration problem that's definitely not the robot driver's fault, officer.

If a restaurant could sell the same burger an infinite number of times, you ... still would have a bad comparison, since off the shelf software is a product, not a service.

The value of a thing asymptotically approaches the cost of duplication of that thing. Things with material costs have a fixed cost of duplication, as well as an amortised cost of creation and capital investment in copying equipment. Things with no material costs only have an amortised cost, and amortised costs asymptotically approach zero. The value of software is, thus, zero. The notion that I could double the value of my assets simply by making a copy of an application is absurd.

There are business models which are not founded on that absurdity, and they're working. Value-add services like iTunes offer syndication and convenience; you pay 99c for the ease of using the iTunes interface to find and download a track, not because the track itself is worth 99c. Hosted software services offer value in the management and in the indivisible unit of a system with software, not in the software itself. Software to support a product, like iOS or onboard software for cars, works very well.

But this is only a brief blip in history in which people can get away with using legislation to force value onto a valueless product.

Poor and uneducated folk breed more. Social programs don't significantly alter birth rates; number of people below the poverty line is a much better indicator:

Poverty lines.

Fertility rate.

The politics of the right will make things worse, not better.