Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment IPv6 deployment (Score 1) 184

And I'm telling you :
- you DO NOT need to be on an unaddressable private address (192.x.y.z or fxxx:::) to not receive any traffic.

No shit. Then again, how many "average joe 6-pack" users get assigned anything bigger than a /32 (i.e. a single address) for IPv4, or anything at all for IPv6?

Here around on our side of the pond ?
Let me count :

- Most of the ISP here around in Europe that I know of (Switzerland, France, Germany) are providing IPv6.
Usually they are 6RD (rapid deployment), i.e.: their network (fiber, xDSL, etc.) is still legacy IPv4,
but their router automatically establish a 6to4 tunnel to the ISP's IPv6 access point,
Usually, most 6rd deployment offer /60 or /56 prefix, so each (IPv6-enabled) device on the home network can get its very own 64bits suffix based on the MAC-Address (and the router get a few extra 4 or 8 bits of headroom for its internal management).

So anyone plugging "the box" they've received from their ISP is automatically on IPv6.
And automatically getting sensible IPv6 packet filtering on said box (to go back to the subject of this discussion)
(And hopefully also getting sensible default passwords for amdin and Wifi in the form of long random base32 strings printed on the backside of the box)

- Lots of 3G/4G wireless providers are moving to IPv6 (well, obviously as 4G is a purely packet-switched network. IPv6 is more or less an unofficial requirement)

(Though usually, a smartphone will get a publicly addressable IPv4 and IPv6 on lots of networks. Not all though, some wireless providers are moving to NATed IPv4 and only publicly addressable for the IPv6 prefix)

(3G/4G to USB+Wifi routers do work similarily to above-mentionner xDSL/FITH routers. They advertise a publicly accessible IPv6 prefix and provide packet-filtering).

- Most universities I've seen also provide both IPv4 and IPv6 (but usually provide publicly addressable IPs on both).
(Though not necessarily on the "eduroam" shared wireless network. They used to be on IPv4 on some universities, and as of lately, all univesrities I've been in seem to move their eduroam on a different special IPv4-only subnet).
(And though to go back to the current discussion, universities here around seldom do any filtering. As soon as you plug in your laptop, your start to see failed login attempts in your SSHD logs)

- If you want your very own special IPv6 prefix, you can get one from SiXXS over a 6in4 or AYIAY tunnel.
(But then again that's not average joe).

And with only a single globally routable address, you do NEED to be on RFC1918 network.

Obviously this isn't the only way one can do NAT, but it's the only way joe sixpack's router does it.

Most users in a non backwater countries will get a 6rd publicly addressable IPv6 prefix, too.
By default, the box they've received from their ISP and they've plugged into the wall will filter the packets by default.

So please stop with this "NAT increases security".

And I'm telling you, the extra security provided to joe sixpack DOES come from the fact that he's being NATted, since he's still unreachable when any other packet filtering is disabled.

(emphasis mine)
Yup. We've reached a conclusion.
We both agree that for security, you need packet filtering.
You need a "magic box" standing between the wild wide interweb and the home network that does this filtering.
Usually this box is the xDSL/Cable/FITH/whatever router that the user has recieved from the ISP.
NAT'ing, is one of the peculiar types of packet filtering that happens on this box and provides some form of security (simply because of the reason it's a type of packet filtering).

IPv6 by itself isn't usually subject to NAT'ing (not needed, nearly every deployment I've encountered - include at home of random non-techie users - gets a publicly addressable prefix), but still isn't any less secure BECAUSE IT NEEDS TO GO THROUGH THE EXACT SAME MAGIC BOX (the router) THAT STILL DOES PACKET-FILTER NO MATTER WHAT (which happens *not* to be NAT in this exact context).

The joe six pack himself doesn't care, he just plugs the "magic box" that he got from his ISP, painstakingly copies the overly long password from the sticker on the back of the magic box (while cursing why isn't he allowed to use "Passw0rd!" as a passwrod. Com'on, there's even an uppercase and number), or simply flashes the QR-code from the OLED mini-screen (for the lastest generation of router that have one for that purpose).



They used to be a time when users did connect to the wild wide interwebs over an Analog Modem (those screeching boxes that you use to plug into your computer's COM port), or later ISDN Modem (no screenching, but basically the same). Back at the time, a computer thus connected was completely exposed to anything coming at it (Ah, the joys of a time when you could "winnuke" any computer on the net), and lots of software (FTP, IRC, direct file send in IM, P2P file sharing) counted on it.

So when xDSL arrived, I've seen lots of weird setups.
- xDSL *modem*. That plug straight into the USB port of the computer, and the computer gets a public address just like in the time of Analog/ISDN connections.

And that also includes weird routers :
- Router with USB (as a network device) and a single Ehternet port,
that did hand out a private address over DHCP to the computer,
BUT THEN DID A 1:1 STRAIGHT MAPPING between the public IP address and the private address of the computer.
(What was the name of this already? "cone NAT" ?)

- Same as above. Except that now the DHCP can hand out 3 other adresses (to plug a networked printer ?)
But still does straight 1:1 Mapping with the first address (printer doesn't need to have internet access at all, and the whole internet needs to be able to win-nuke the windows machine).
I still have such a useless junk from ZyXel collecting dust somewhere - it got used only a couple of hours, the time it took me to go buy something better.

So the reason current NAT'ing does security is because in addition of employing private address, it does sensible packet filtering (block inboud traffic, allows on-demand outbound traffic for all parties, requires manual TCP-forwarding configuration or UPnP to allow inboud traffic), but there exist asinine ways to do unsecure private addresse that used to actually exist in the wild.

Comment Re:Grid Scale Batteries (Score 2, Insightful) 91

Solyndra was a bet that silicon prices would remain high. It was a way to get more power out of less silicon. The bet was wrong. With the drop in price in silicon, their death was inevitable. They also had a weird design decision, going for the concentrator. It made sense (in the economics of the time) to go for either concentrators or CIGS, but not both.

That said, the government took way too much flak - politically motivated - over Solyndra. With any diverse profile of startup investments, you expect some to fail. Economists analyzing the ARRA post-facto have been by and large given it quite positive evaluations for its effects on the economy. The loans program office had already wiped out the Solyndra loss just two years later.

Comment Re:Something's fishy (Score 1) 214

I don't know how you can possibly read anything about EU subsidies into anything I've written here, but if it makes you feel any better, my businesses have never taken any form of EU subsidy. In fact, from the point of view of my own businesses, the EU probably does more harm than good as things stand today, and in isolation we'd be a bit better off without it. But of course we're not operating in isolation, so the interesting questions are really about whether the EU is a net win or net loss in the big picture, and those are much harder to answer (despite the number of people who seem to think it's an easy question and if you voted the other way from them you're obviously some sort of clueless idiot).

Comment Re:Something's fishy (Score 1) 214

It's not quite that simple, unfortunately.

The EU operates what is termed a "single market" or "internal market", which actually includes the EU member states plus a few others via separate international agreements. This is a region in which the "four freedoms" apply: goods, services, labour and capital may be moved freely between the participating states as if within their own country.

This relatively close relationship is generally seen as good for trade between members of that single market. It means there are no government-imposed tariffs on imports/exports, there are common standards and regulations for what you're allowed to sell throughout the market, and so on. This is why some people in the UK are currently arguing that on leaving the EU as a whole, we should seek an agreement to remain within the single market (a form of "soft Brexit").

However, membership of that single market isn't necessarily a win in all respects.

One issue is that the freedom of movement of labour means member states can't limit immigration from other member states. This has been controversial recently for a number of reasons. In the UK specifically, some people argue that immigration is putting an unsustainable burden on our national infrastructure. Others argue that immigrants are both helpful and in some cases necessary to keep our economy running and support that very infrastructure. Some point out that while we receive many immigrants from elsewhere in the single market, many of our own citizens also choose to work or retire abroad, and that travelling within the EU without visas is beneficial. Across the EU more widely, there is an issue at the moment with the number of refugees from elsewhere in the world who are entering member states close to troubled areas but then able to move around within the EU relatively freely. And on top of all of this, there are all the "free movement, but with strings attached" arrangements where the politicians and diplomats have been trying to dance around the problems without giving up the benefits.

There has probably been more objectively wrong nonsense said about immigration than any other issue around Brexit, but unfortunately it's long been a difficult subject and a certain part of the population in most EU states, including the UK, isn't very nice when it comes to foreigners. And just to throw one more ingredient into the mix, of course the UK also has people moving to and from non-EU states, but our visa and immigration system is overcomplicated, dysfunctional and a huge burden on those people and businesses involved. The natural assumption is that the same currently awful system would apply to those coming from the EU in the event of a "hard Brexit" where we cut ties like single market membership as part of leaving the EU, which some people see as too high a price to pay pragmatically, even if they don't in principle mind immigration from the EU being subject to the same rules as from anywhere else.

Another issue with the single market is that it is also what is called a "customs union". That means that while trade within the market is free, any member state importing from outside the market is required to impose a certain level of tariffs, regulations, and so on. That is usually seen as bad for trade with partners outside the EU single market, for much the same reasons that trade within the market is good. For the UK specifically, although it does a lot of trade with the EU, it actually does a bit more now with other partners outside the EU, and the external trade is also growing a bit faster. And of course a lot of goods and services are both provided and consumed internally within the UK. As long as the UK is within the scope of the EU arrangements, it therefore has to apply the EU rules even to internal matters and to trade with non-EU partners. Depending on who you ask and what line of business they're in, this is either no big deal or a crippling burden on trade and our national economy.

Crucially, the UK is also not free to negotiate its own trade deals for more favourable terms with non-EU partners, because the rules say that only the EU itself can negotiate trade deals on behalf of the bloc as a whole. This goes along with the whole single market/customs union deal, but if you're looking at increasing trade with, say, North America or Asia, it's a big barrier. And as we've seen recently with proposed trade deals like TTIP and CETA, being in the EU is no guarantee that your diplomats will actually close good trade deals on behalf of the member states. Apparently negotiating on behalf of the whole EU bloc, when in the real world those member states naturally have different priorities and goals and when they also have varying levels of veto powers, isn't always easy!

In the end, a lot of the controversy around Brexit is whether the known, established benefits of being an EU member state outweigh (and would continue to outweigh) the potential benefits of being free to negotiate independently with non-EU partners and to set our own rules for our home market. It's not really about "losing access to the single market" or "preventing immigration". Trade between the UK and EU member states would still happen even if the UK left the single market, just as obviously the UK trades with many other nations around the world. Likewise, people would still come and go. But there would potentially be significant extra barriers to trade and movement within the EU, and potentially lower barriers to trade and movement elsewhere, and the long term pros and cons of those arrangements are hard to predict.

Comment Re:Hmm (Score 1) 904

That's indeed the kind of ideas that is now floating around. I rank it in the category of Iraq coming to kill us all, with the same combination of inflating the threat and at the same time regarding the opponent as a pushover. I think Colin Powell has made some sensible comments on that. Russia is paranoid about us, about NATO. We scare them. They are a small power, we're a big one that is surrounding them more and more, and then sabre rattling is a sensible response.

That doesn't explain why they weren't rattling their sabers a few years ago. The Economist has a recent article that does offer an explanation that covers that as well The thesis is basically that domestic troubles caused by a weak economy have motivated Putin to seek ways to distract his people from domestic concerns. Specifically, he's tried to recapture the superpower position of the Soviet Union. He can't, really, because Russia isn't the Soviet Union. Without the central planning structure to force the massive overproduction of military resources, the Soviet Union wouldn't have been the Soviet Union, either.

But his people don't really realize this and, frankly, the rest of the world tends not to realize it much, either. So Putin can rattle his rusted and broken saber and the rest of the world reacts as though he was the mighty Soviet Union. Except... there is one area in which is military isn't so rusted or broken: nuclear weapons. Oh, his nuclear armament is aging and dilapidated, but it's still very real and Russia has the technological wherewithal to build highly functional nukes and missiles to carry them. Russia can't afford to build very many of them, but it doesn't really take all that many.

So, as it becomes more and more apparent that Putin doesn't really have the conventional forces to make the world treat Russia with the fear and respect that the Soviet Union got, he's almost certainly going to be making more and more use of the nuclear threat that the world can't ignore. And that will help to keep his people feeling like they're a major world power again, which will keep him in power.

Is this true? I don't know. Makes sense to me.

Comment Re:Am I missing something? (Score 1) 142

Hangouts used to have seamless SMS/Hangouts.

No, it was never seamless in the sense that iMessage is. The seams were harder to see, and that was exactly the problem that motivated the clear separation; the failure modes of the combined messaging were subtle, hard to understand and opaque to users. The upshot is that the combination made Hangouts messaging appear to be unreliable.

Actually, iMessage isn't really seamless either. It breaks badly if iMessage thinks the destination device is an iPhone but it isn't. It's very good in a pure-Apple world, though.

Comment Contradicts the definition of copyright infringeme (Score 3, Interesting) 93

The entire reason Jammie Thomas-Rasset was ordered to pay $222,000 was because she purportedly uploaded 24 songs to thousands of people. She was distributing the songs without a license from the copyright holder - something Copyright law expressly prohibits. In other words, by using copyright law crafted to stop wholesale copyright infringement, Capitol Records cast Ms. Thomas-Rasset as the mastermind of a bootleg music business and won a judgement of $222,000 against her. That judgment effectively indemnifies people who downloaded music from her uploads. She paid for the crime, not her "customers". When you shut down a counterfeit CD ring, you do not then go after the people who bought the illegitimate CDs.

If you throw all that out the window and instead argue that it's the act of downloading a song which is infringement (which current copyright law does not support), then this becomes really easy. Each downloader becomes liable for a single copy (the one they downloaded). And an appropriate fine would be, say, 3x or 5x the cost of buying the song from a legitimate source. So about $3-$5 per song. Frankly I think that's a much more sensible approach to copyright enforcement than ruining people's lives and depriving them of Internet service because they shared some music files.

But I suspect the *AA is going to want their cake and eat it too, and want to assess hundred-thousand dollar judgments against downloaders as well. This is a slimy and illogical (should be illegal) tactic of turning n crimes into n^2 crimes. If 10 people share a file and each copyright violation costs $100, then there are a total of 9 illegal copies made, and the total damages should be $900. But by the *AA's nonsensical reasoning, each person is responsible for 9 counts of copyright violation, so each person should pay $900, resulting in $10,000 in damages awarded. The math simply doesn't add up - they'd be getting $10,000 in court awards when the law has determined that they've only suffered $900 in damages.

You can't have it both ways. Either one person is liable for all the copyright infringement and you can ruin them financially. Or each person is responsible for a single copyright infringement (the file they downloaded) and you can only fine them a few times what it would've cost to buy the file legitimately.

Comment Re:Why? (Score 2, Insightful) 904

The hippie solution doesn't work because even if you can convince 99.99% of people to be peaceful, that remaining 0.01% can still send the world into nuclear winter.

You need some sort of hybrid approach, where you convince easiest 99% of people to be peaceful, but retain enough military capability to dissuade the remaining stubborn 1% from doing anything nuts. Which is more or less what we're doing today. Except some of those pursuing the hippie part of this hybrid approach have deluded themselves into thinking their approach will work on the entirety of the remaining 1% just because it worked on the first 99%.

That's what hippies don't seem to understand. Even if you temporarily achieved 100% indoctrination into a peaceful, cooperative society and completely disarmed. It just takes one person to be born who thinks differently and builds his own devices and following in secret, and spreads chaos and ruin upon that idyllic and disarmed utopia. You must have some sort of defense against this in reserve. Always. I don't particularly blame hippies for making this mistake - people tend to think that others will act as they themselves do. So if it's beyond their conception as to why someone would want to kill and destroy in order to have power over (parts of) the world, then it will literally be inconceivable to them that someone would ever want to do this. But that doesn't change the fact that it's a bad assumption.

Comment Re:Laying cable (Score 1) 193

I'm running into the same problem trying to get cable modem service to my business. The building currently doesn't have cable service.. The nearest location the cable company can extend service from to wire up our building is only about 1000 ft away, but they're estimating it'll cost them $14.5k. Most of that cost is in drawing up the plans and submitting it to the city so they can get permits to dig up the street to lay down new cable. You don't incur these costs when maintaining existing lines. They estimate the cost of sending a crew out to actually dig up the road, lay down the cable, and patch up the road will only be a few thousand.

Comment Re:Hmm (Score 1) 904

Should have been "alumium". Next best is "aluminum" (like platinum, molybdenum, most all of the classic elements like plumbum, argentum, etc). "Aluminium" is right out. It was derived from from alumina, not "aluminia"; the i is supposed to be the joining stem (lithia/lithium, magnesia/magnesium, titania/titanium, etc). There are a couple element names that are as poorly formed as "aluminium", but not many.

Not to mention that Davy was the one who named it, and he named it "aluminum", but suggested "alumium" as an alternative.

Slashdot Top Deals

The IBM 2250 is impressive ... if you compare it with a system selling for a tenth its price. -- D. Cohen