Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Is USB really better? (Score 1) 543

IIRC, it doesn't say that it's charging, but it will trickle-charge. The problem is that USB ports don't provide enough power for a device that current-hungry to charge from. My ASUS Transformer Pad Inifinity is the same way: It doesn't say it's charging when I plug it into my computer, but it will slowly charge if I'm not using it (1% every 10 minutes or so).

Comment Re:What happens when people change their minds.. (Score 1) 299

> Plus, don't most lights go to flashing yellow (= 4 way stop) at off-peak times?

Traffic lights on side streets, or business intersections, perhaps. But not all lights. And it'd be flashing red if it'd be a 4-way stop. Most of the ones I see do flashing red to the smaller road and flashing yellow to the through road.

Comment Re:why phase out DVI? (Score 1) 704

> HDMI allows sending audio over the same cable, DVI does not.

Actually, you can get audio out of a DVI port on a video card. I have a GTX570, with one of its DVI ports connected to an HDMI port on my TV with a DVI to HDMI cable, and audio routes over that cable just fine. I was actually surprised the first time it happened, for I thought the same as you.

Comment Re:More money... (Score 1) 123

I've found that the combination of a PC and a Wii serves my gaming needs excellently. The Wii has an excellent set of casual games (Wii Sports, Wii Fit, Mario Kart, Super Smash Bros, etc) that I can pick up and play with my gf whenever we have a few minutes to kill. The PC is great for serious gaming. A keyboard and mouse are, IMO, the best input controllers ever and the graphics on a mid-range gaming PC beat those on a 360 or PS3. I also like the fact that my games are all $50 (and not $60) new at retail.

Of course, everyone is different and I do miss out on a few 360 and PS3 exclusives, but nothing has come out for either system that has been that compelling for me.

I think when people say the Wii has "no good games", they mean it doesn't have good games like GTA, CoD, WoW, and other TLAs. But it has a ton of quick and fun, easy to learn, easy to play games that are great to play with friends, coworkers, kids, gf's, non-gamers etc.

Comment Re:Hmm (Score 1) 370

Firewalls are capable of providing all of the positive benefits of NAT (transient traffic flow approval instead of mapping for example, blocking traffic not originated from the LAN, etc) save obfuscating the source address. Obfuscating the source address isn't particularly relevant from an attack perspective given that the entire LAN is still protected by the same Firewall process, NAT or not.

For example: you could NAT your LAN in 192.168.10.x space behind IP .. you connect to shady.com port 80 sport, NAT/firewall allocates for you. Shady sees all the traffic coming from, but has no way (short of client-side malware) to know that maps to; nor can Shady care since all access to is mediated by Shady.com might try to port scan, and see any port forwards your entire LAN uses in one swoop, try to exploit them if possible. Moral: make sure you know what you are doing when you port forward.

Or, if you use IPv6 for your LAN, let's say you are allocated 1:2:3::/112. No need to NAT it, so you just firewall behind your gateway, let's say 1:2:3::4. You connect to shady.com port 80, sport [1:2:3::101]:2000. Firewall doesn't have to allocate a damned thing for you, but instead records the flow for [1:2:3::101]:2000 shady.com:80 as established from within the LAN and thus authorized. Shady sees all the traffic coming from [1:2:3::101]:2000, but it's not relevant since all access to 1:2:3::101 is still mediated by the firewall at gateway 1:2:3::4. Shady.com can port scan 1:2:3::101 if it likes, but won't see any open ports if you only allow LAN established traffic, or else sees your whitelisted ports for that IP only (instead of your entire LAN). Just like the IPv4/NAT scenario, keep your open ports secure.

As you can see, source IP obfuscation provides no meaningful advantage to the end user in this scenario. If anything, IPv6 users who feel like they want to use NAT could have the firewall choose random source addresses as well as random source ports out of their /112, and hide their 3 LAN devices within a pool of 65 thousand addresses. Would that not confuse a would-be attacker?

Still, the major drawback to be avoided with NAT is in breaking the globally unique address space and complicating inbound connection access, which will become a growing part of popular network policy over the next few decades. One thing Bit Torrent teaches us is that "the server" will less and less frequently have resources comparable to the "client swarm", so crowdsourcing the heavy lifting (from distribution to content creation to editing to caching) becomes vital to any scaling strategy worth it's salt. The hub/spoke communication model is slowly eroding in the presence of more sophisticated, decentralized many-to-many connection models.

NAT reduces a peer to a "consumer" which can only fetch data, but never re-offer it without convoluted port forwarding messes. Entire LAN's are limited to one named service per outbound IP, unless one wishes to screw with what port they offer services on, further complicating the job for other firewalls and participants of the content network.

You'll know what I mean if you've ever tried to configure mobile SIP access. Half the time you are behind a NAT, and you'll never know in advance if it's full cone, symmetric, or just somehow pathological. Sometimes you are nested within multiple NATs which each behave differently!

Some legacy UDP protocols I've worked with need to make connections to thousands of remote IP addresses at multiple, highly transient port mappings which bring NAT mapping tables to their knees. In a firewall-only environment, it's easy to whitelist access to swaths of ports for clients and then the gateway need not maintain tables for related traffic, but can continue to protect unrelated ports unlike with SOHO DMZ.

To sum up, NAT is not only a bandaid, but it's already pulling at our short-hairs.

Slashdot Top Deals

Technology is dominated by those who manage what they do not understand.