Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:IPv6 (Score 1) 113

IETF decided that rather than do piecemeal solutions, they'd do one cleanroom implementation of the internet protocol using everything that had been learned over the decades of IPv4 usage.

HAH! They actively ignored much of what had been learned, and further, ignored what enterprises actually used. They put zero effort into how to get there -- backwards compatibility, migration paths, ... And they gave zero consideration to any aspect of security. IPv6 is the horribly broken, constantly changing ball of shit that it is because of the design-by-committee pile of personal projects and agendas that were nailed together and called a protocol. There were many proposed methods of extending IPv4 address space, but it was agreed to create a new protocol to fix more than just addressing. In the end, we still have to build a new internet -- after decades, we still haven't.

Comment Re:give me a break. (Score 1) 113

#1 - Wrong. This is often trotted out, but an outsider cannot find every machine on your network with just the prefix or a single address. Once inside your network (compromised host), it's possible, but far from dirt simple.
#2 - It's as tested as anything else.
#3 - True, but you can attack anything that has a NAT map as well. And this is partially why privacy extensions exist (your address changes regularly)
#4 - Wrong. This was a basic requirement of early IPv6 standards. It's now "optional", but present in many stacks.
#5 - I'd say it's "full assed" by the few ISPs that bother to offer it at all.

Comment Re:give me a break. (Score 1) 113

Don't blame M$ and Google for what was a basic, founding tenant of IPv6... "None of this bullshit NAT!" And from a second chair in the room, "yeah, and none of this G** D*** DHCP!" By the time we get around the room, IPSec (think all of OpenSSL) had been glued into the protocol. Many hard lessons completely unlearned -- SLAAC, RA's, multicast DNS, etc.

If you want something to blame on Google, ask them why Android doesn't support DHCPv6.

[On the subject of SLAAC: this wasn't such a bad idea on the surface. However, the types of limited machines SLAAC specifically called out were *NEVER* going to be able to run anything close to a standards compliant IPv6 stack. It's a very stupid optimization once all the other designed-by-committee bullshit was stapled together. And worse, to date it has simply cemented the completely anti-IPv6 mindset of 64/64 network/host divide. So much so, that Stupid(tm) has been built into silicon!]

Comment Re:give me a break. (Score 1) 113

Those professionals hate it because it's a constantly moving target. If IPv6 were one thing to implement, ONCE, they'd've done it long ago. However, that's not the case. Even today, it's a constantly changing ball of shit.

IPv6 is a different way to doing things. NAT does involve a "firewall" -- 'tho it's unlikely to be watching traffic with an eye to security. With IPv6, security is not automatic; firewall rules have to be manually crafted.

Comment Re:give me a break. (Score 1) 113

"every flavor"? You mean NAT? Shit we've all been using since the mid-90s? ISPs have been grasping at straws because they can't get any more v4 addresses, and still have to connect a growing number of users to the v4 internet. (and develop v6 CPE hardware and infrastructure, AND still get the v6 only connected to the v4 internet.) And their answer has been NAT as well; just on a scale beyond reason.

Comment Re:give me a break. (Score 1) 113

XP has an IPv6 stack, but I wouldn't go so far as to say it "supports v6". It only supports SLAAC. (pinning a static address is a pain in the ass, and doesn't always survive a reboot) There is zero GUI integration for managing it. The OS will not use it for it's own internal processes (namely DNS.) And Microsoft has never officially supported it.

It's also so hopelessly out-of-date, it only barely works. Very little of what is considered IPv6 today is supported.

Comment Re:There's nothing you can do about idiot admins (Score 1) 91

The issue is not the server, per se, but the components that can only be run from that old version. I have a few of those still around (toshiba pbx management engine: you give it its own VM and never fuck with any part of it! Shut down the VM when it's not being used.)

if he built things right in the first place

WRONG. Obviously you aren't a programmer, nor do you know any. Functions get changed, renamed, deprecated, and removed. No matter how well you write your java craplet, changes in the JRE will eventually break it. I have a desktop full of various versions simply because apps can't work with newer versions. The same is true of perl, python, and php applications on Linux.

Comment Re:The Cisco way seems.....old (Score 1) 77

(Cisco knows this and that's why they bought Meraki)

So they could nickel-and-dime you in the cloud as well.

Meraki is ok. But their hardware is way too expensive, and the never ending cloud management fees can't be ignored. For an enterprise that can't afford a huge IT staff, the stuff is perfect, if costly.

Slashdot Top Deals

"Would I turn on the gas if my pal Mugsy were in there?" "You might, rabbit, you might!" -- Looney Tunes, Bugs and Thugs (1954, Friz Freleng)

Working...