Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment "Gravely voiced girl" (Score 1) 331

Is this the same thing you hear in many advertisements directed at a female demographic? I've always referred to it in my head as "the gravely voiced girl". It almost sounds like they hire the same voice over person to do "that voice" for lots of different ads (actually wouldn't surprise me much). I'm glad I'm not the only one to have noticed this. :-p

Comment Re:Why Gen Z Needs To Change for Work (Score 1) 443

Sorry, no matter what the generation, they should not be allowed to bring more attack vectors and security vulnerabilities in to the workplace.

They are not special snowflakes, and their personal devices are not necessary for productivity.

Businesses where mobile devices are useful and helpful should already have their infrastructures designed to handle it, so again Gen Z will make no difference.

Hear hear. If they're to be given access to anything, it should be some sort of guest WLAN with internet access only, and heavily firewalled VPN only access to the corporate net, if any. End users simply can't be trusted to keep their personal devices secure. It's hard enough to assure this with their corporate assigned hardware.

Many business, especially regulated ones (SOX, FDA, HIPPA regulated, etc) don't allow personal devices to be plugged into the network at all, and it is a serious breach of policy to do so which could result in termination.

Comment Re:This is ridiculous (Score 1) 214

IPv4 thinking is going to be hard to break. :)

Here's the relevant section of that RFC:

3. Address Delegation Recommendations

      The IESG and the IAB recommend the allocations for the boundary
      between the public and the private topology to follow those general
      rules:

            - /48 in the general case, except for very large subscribers.
            - /64 when it is known that one and only one subnet is needed by
                  design.
            - /128 when it is absolutely known that one and only one device
                  is connecting.

      In particular, we recommend:

            - Home network subscribers, connecting through on-demand or
                  always-on connections should receive a /48.
            - Small and large enterprises should receive a /48.
            - Very large subscribers could receive a /47 or slightly shorter
                  prefix, or multiple /48's.
            - Mobile networks, such as vehicles or mobile phones with an
                  additional network interface (such as bluetooth or 802.11b)
                  should receive a static /64 prefix to allow the connection of
                  multiple devices through one subnet.
            - A single PC, with no additional need to subnet, dialing-up from
                  a hotel room may receive its /128 IPv6 address for a PPP style
                  connection as part of a /64 prefix.

      Note that there seems to be little benefit in not giving a /48 if
      future growth is anticipated. In the following, we give the
      arguments for a uniform use of /48 and then demonstrate that it is
      entirely compatible with responsible stewardship of the total IPv6
      address space.

So it will actually be fairly common for end users to get a /48, or 64Ki /64s. Businesses will likely get a /48 per-site. :)

Comment Re:Mac Issue Or IPv6 Issue? (Score 1) 204

It's really the combination two problems. 1) The particular OS is configured to prefer 6to4 connectivity to native IPv4, 2) 6to4 isn't supported well on many ISPs for various reasons, and there can also be LAN issues which make 6to4 not work well, or at all. So you could say #2 here is a problem with 6to4 implementation.

Most OSes by default (Windows, and most distros of Linuxes, and BSDs) are configured to prefer using a native IPv4 address before an IPv6 6to4 or Teredo (another automatic tunneling method) address (see RFC 3484) for connections. Apparently OS X isn't. So, when a site has both an IPv4 and an IPv6 address, OS X will prefer the IPv6 address even if the system's IPv6 connectivity is via 6to4. Since 6to4 is often slow, slow to start, or just plain doesn't work on a particular LAN/ISP depending on a plethora of reasons, you'll get timeouts and such. This is one of the reasons why services like Google have a separate domain name for IPv6 based services (ipv6.google.com), instead of just putting up both A and AAAA DNS records.

If using a 6to4 connection, YMMV depending on your LAN configuration, your ISP, routes it receives, proximity to a 6to4 relay, whether the 6to4 anycast address (192.88.99.1) your ISP sees routes to a reasonable place, etc. This is why it's so problematic. There are a lot of variables which can make it either not work at all, or affect its performance. Plus, being a tunneling scheme, performance is already degraded vs. a "native" protocol even if it worked perfectly.

6to4 works by constructing an IPv6 address in a special range reserved for it (2002::/16) which encodes your IPv4 address into the IPv6 address (i.e. if your IPv4 is 192.0.2.10, the 6to4 IPv6 prefix will be 2002:c000:20a::/48, out of which you can subnet and make /64s, etc). The traffic is then sent over a IPv4 6in4 (IPv4 protocol 41) tunnel to the "nearest" 6to4 relay which is reached via the 6to4 anycast address (unless the relay server is configured manually). Unfortunately, many ISPs have this anycast routed to a far away relay. For instance, two friends' separate cable ISPs I tested this on had the traffic routing from eastern Canada and the western USA to a relay server in Sweden!

Traffic from the IPv6 internet to the 6to4 space is routed from its source to the "closest" relay server advertising the 6to4 space in BGP. The relay extracts the IPv4 address from the 6to4 IPv6, and the IPv6 packet is encapsulated in a IPv4 6in4 tunnel packet and sent to the extracted IPv4, which should be the user's 6to4 router. This trip from the origin to the 6to4 relay can also often be a long distance, depending on the origin of the traffic, and then of course the tunnel packets have to make their way over the IPv4 internet to your 6to4 router. Obviously this can make for some pretty serious asymmetric routing which can cause its own problems.

Other problems such as 6in4 being blocked anywhere along the forward or reverse path to the user's 6to4 router will cause it to fail. Also, if the implementation isn't smart enough to know that a particular box is behind a NAT, and constructs a 6to4 IPv6 address based on the NATed address instead of the public IPv4, it will obviously fail, since the return traffic will be sent to a private IPv4 address by the relay server instead of the user's public. I don't know if OS X does this or not. And finally, most firewall/nat boxes with a single public IP shared by many computers can only support a single 6in4 (and therefor 6to4) tunnel behind them, since unless they inspect and track the tunneled IPv6 packets (plus some other implementation enhancements), there's no way it can know which inside host to send return traffic to when it deNATs them.

Note, that none of this is a basic failing of IPv6! The problems here are with implementation details of a well intentioned automatic tunneling method designed to provide IPv6 access to IPv4 only users in a "automatic" manner which doesn't require much user knowledge or intervention. Unfortunately, it didn't "work as intended" based on some of the factors I mentioned above, plus probably others I haven't thought of. :-)

This should explain the problem as well as I understand it. Hope it wasn't too boring. :p

Comment Filters? (Score 1) 182

I presume these systems have filters to filter out undesired wavelengths such as UV so that one wouldn't get a sun burn indoors? Or perhaps those wavelengths are attenuated by the delivery system itself. Just curious about this aspect.

Great idea though, although not the first time I've seen it. Systems like this have been around a long time. From fancy sun tracking systems like this, to systems which use fiber optics, to simple sky lights which were once popular in homes. :)

Comment Re:And what, pray tell, do these good people do? (Score 1) 173

They re-enable IPv6, or whatever was broken that they had to disable it in the first place gets fixed. Failing that, if they leave it disabled, or have devices for which IPv6 isn't available, there are solutions like Dual-Stack Lite which will allow IPv4 only nodes to still get to the IPv4 internet (IPv4 traffic is tunneled through an IPv4-in-IPv6 tunnel on their CPE router to a Large Scale NAT device at the ISP.

There may be ways for these same users to get to IPv6 only web sites, etc, but I haven't actually looked into that, so I'm not sure. It would have to be some sort of proxy solution, or something like DNS64/NAT64 in reverse. :p

IMHO, these IPv4 only devices should be upgraded, or go away as soon as possible. :-)

Comment Re:Install your own 6to4 tunnel today (Score 1) 467

Hi there,

What are the variables SLA_INTF and INTF_ID supposed to be in your script above?

Without them it calculates my ipv6 address as: 2002:5e4b:cf23:0000::0000 (from 94.75.207.35) which doesn't look right to me.

Thanks

The entire 2002::/16 IPv6 block is reserved for 6to4. The address above isn't a full address, it's a 6to4 prefix (more succinctly represented as 2002:5e4b:cf23::/48). Basically, a 6to4 prefix is 2002:[half of your IPv4 in hex]:[2nd half]::/48. The 5e 4b cf 23 is 94.75.207.35 in hex. So the address is correct.

You then take your prefix and use it as /64s on your interface and LAN(s), giving you 16 bits of network field to work with (yes, 65,536 subnets possible). For instance, you could set your 6to4 router's 6to4 interface address to 2002:5e4b:cf23::1/64 (which is shorthand for 2002:5e4b:cf23:0000:0000:0000:0000:0001/64 ... double colon represents a run of zeros). Then you could set your inside LAN prefix to say 2002:5e4b:cf23:1::/64 (2002:5e4b:cf23:0001:0000:0000:0000:0000/64), so the inside LAN IPv6 on your 6to4 router might be 2002:5e4b:cf23:1::1/64 (as in IPv4 I tend to use host number 1 as my router IP). You have the entire 4th quad to use for LANs/subnets (2002:5e4b:cf23:0:: - 2002:5e4b:cf23:ffff::), so you could use any of 'em.

Your 6to4 router will encapsulate your IPv6 traffic in a a 6in4 tunnel packet (IPv4 protocol 41), and send it to the 6to4 tunnel server. If you use the anycast address for 6to4 servers (192.88.99.1) for the tunnel destination, it's supposed to send it to the closest 6to4 server, but unfortunately it's at the mercy of your ISP & BGP where it goes, so sometimes it's best to find the closest one to you and use that instead of the anycast.

Return traffic gets sent back to the IPv4 address encoded in the 2nd and 3rd quads of the IPv6 address. Obviously, if your ISP changes your IPv4 frequently, this could be annoying, since your IPv6 prefix will change with it. One of the reasons I stick with statically configured 6in4 tunnels for my IPv6 connectivity. :)

Also, word to the wise, if you get IPv6 going one way or another, make sure you have ip6tables running and configured on your router, otherwise all your machines will be wide open on the IPv6 internet with no firewall!

Comment Re:Install your own 6to4 tunnel today (Score 1) 467

Too bad, the anycast 192.88.99.1 sucks ass from so many places. For me, for example, it's in Switzerland, 60ms ping away (Poland).

I use SiXXS instead, with 15ms pings.

I set up a 6to4 on a Canadian friend's router (Eastlink) and it routed to Sweden. A friend in Fremont, CA, USA also routes the anycast to Sweden. My ISP routes it to HE a few hops away. :lol:

Comment Re:Don't say "NAT" (Score 1) 460

IMHO, nothing significant is going to happen until some real pain starts to be experienced as IPv4 addresses near exhaustion. When the cost of IPv4 blocks starts going way up, or they simply become unavailable to businesses hosting servers, or when end users get put behind CGN devices via things like DS-Lite and NAT64/DNS64 because of lack of public IPv4s, then I think we'll really see IPv6 kick into high gear as far as deployment/adoption.

I get my IPv6 connectivity via a tunnel. My ISP doesn't offer it, and when I asked, doesn't have any plans to offer it. Even to static IP customers like myself.

Comment Re:Teamviewer (Score 1) 454

X2. Best for supporting people who are completely clueless about computers and/or networking. All it takes is an app install, and a button click and you're in, even if they're behind a typical NAT firewall. It gets by firewalls (I believe) by using a rendezvous server. It may also use techniques such as hole punching, not sure. I also noticed that if there's a way to direct connect, it'll take that option. You don't even need to get an IP address from the person you are supporting. It uses a short numeric "partner ID" and password which it shows the person so they can read it off to you (it can also send invitations). Been a real lifesaver for "family IT" support.

Comment Re:Wristwatches are just plain convenient (Score 1) 778

I agree. Pulling a mobile phone out of your pocket to check the time and (with many of them) having to wake up the display to see it is a pain. I'd rather just raise my wrist and look. My Casio Pathfinder also charges itself (solar), sets its own time via the NIST WWV radio signal ("atomic watch"), has an altimeter, barometer, thermometer, and digital compass, stopwatch w/ split time, countdown timer, alarms, world time, and is water resistant to 100 meters. And it all sits on my wrist. I won't be giving up watches any time soon. :P

Slashdot Top Deals

"Someone's been mean to you! Tell me who it is, so I can punch him tastefully." -- Ralph Bakshi's Mighty Mouse

Working...