Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:fun fact (Score 1) 110

An AC said:

Your figures are wrong - multiply that 2 trillion number by 4 and you'll get the cost of military operations in the Middle East since the Oil Crisis.

Oil dependence has been a disaster for the United States.


I couldn't agree more but I was focusing ONLY on the most recent waste of lives and taxpayer dollars.

Comment Re:fun fact (Score 1) 110

I know right? And if we didn't NEED the oil, the knockon effects would be tremendous.

The price of oil would plummet.
The funding backing terrorists would plummet.
We would lose interest in fighting over it.

Sure- oil will continue to be a valuable resource indefinately, but no more so than other resources like iron, aluminum, and copper.

Comment IPv6 deployment (Score 1) 190

And I'm telling you :
- you DO NOT need to be on an unaddressable private address (192.x.y.z or fxxx:::) to not receive any traffic.

No shit. Then again, how many "average joe 6-pack" users get assigned anything bigger than a /32 (i.e. a single address) for IPv4, or anything at all for IPv6?

Here around on our side of the pond ?
Let me count :

- Most of the ISP here around in Europe that I know of (Switzerland, France, Germany) are providing IPv6.
Usually they are 6RD (rapid deployment), i.e.: their network (fiber, xDSL, etc.) is still legacy IPv4,
but their router automatically establish a 6to4 tunnel to the ISP's IPv6 access point,
Usually, most 6rd deployment offer /60 or /56 prefix, so each (IPv6-enabled) device on the home network can get its very own 64bits suffix based on the MAC-Address (and the router get a few extra 4 or 8 bits of headroom for its internal management).

So anyone plugging "the box" they've received from their ISP is automatically on IPv6.
And automatically getting sensible IPv6 packet filtering on said box (to go back to the subject of this discussion)
(And hopefully also getting sensible default passwords for amdin and Wifi in the form of long random base32 strings printed on the backside of the box)

- Lots of 3G/4G wireless providers are moving to IPv6 (well, obviously as 4G is a purely packet-switched network. IPv6 is more or less an unofficial requirement)

(Though usually, a smartphone will get a publicly addressable IPv4 and IPv6 on lots of networks. Not all though, some wireless providers are moving to NATed IPv4 and only publicly addressable for the IPv6 prefix)

(3G/4G to USB+Wifi routers do work similarily to above-mentionner xDSL/FITH routers. They advertise a publicly accessible IPv6 prefix and provide packet-filtering).

- Most universities I've seen also provide both IPv4 and IPv6 (but usually provide publicly addressable IPs on both).
(Though not necessarily on the "eduroam" shared wireless network. They used to be on IPv4 on some universities, and as of lately, all univesrities I've been in seem to move their eduroam on a different special IPv4-only subnet).
(And though to go back to the current discussion, universities here around seldom do any filtering. As soon as you plug in your laptop, your start to see failed login attempts in your SSHD logs)

- If you want your very own special IPv6 prefix, you can get one from SiXXS over a 6in4 or AYIAY tunnel.
(But then again that's not average joe).

And with only a single globally routable address, you do NEED to be on RFC1918 network.

Obviously this isn't the only way one can do NAT, but it's the only way joe sixpack's router does it.

Most users in a non backwater countries will get a 6rd publicly addressable IPv6 prefix, too.
By default, the box they've received from their ISP and they've plugged into the wall will filter the packets by default.

So please stop with this "NAT increases security".

And I'm telling you, the extra security provided to joe sixpack DOES come from the fact that he's being NATted, since he's still unreachable when any other packet filtering is disabled.

(emphasis mine)
Yup. We've reached a conclusion.
We both agree that for security, you need packet filtering.
You need a "magic box" standing between the wild wide interweb and the home network that does this filtering.
Usually this box is the xDSL/Cable/FITH/whatever router that the user has recieved from the ISP.
NAT'ing, is one of the peculiar types of packet filtering that happens on this box and provides some form of security (simply because of the reason it's a type of packet filtering).

IPv6 by itself isn't usually subject to NAT'ing (not needed, nearly every deployment I've encountered - include at home of random non-techie users - gets a publicly addressable prefix), but still isn't any less secure BECAUSE IT NEEDS TO GO THROUGH THE EXACT SAME MAGIC BOX (the router) THAT STILL DOES PACKET-FILTER NO MATTER WHAT (which happens *not* to be NAT in this exact context).

The joe six pack himself doesn't care, he just plugs the "magic box" that he got from his ISP, painstakingly copies the overly long password from the sticker on the back of the magic box (while cursing why isn't he allowed to use "Passw0rd!" as a passwrod. Com'on, there's even an uppercase and number), or simply flashes the QR-code from the OLED mini-screen (for the lastest generation of router that have one for that purpose).



They used to be a time when users did connect to the wild wide interwebs over an Analog Modem (those screeching boxes that you use to plug into your computer's COM port), or later ISDN Modem (no screenching, but basically the same). Back at the time, a computer thus connected was completely exposed to anything coming at it (Ah, the joys of a time when you could "winnuke" any computer on the net), and lots of software (FTP, IRC, direct file send in IM, P2P file sharing) counted on it.

So when xDSL arrived, I've seen lots of weird setups.
- xDSL *modem*. That plug straight into the USB port of the computer, and the computer gets a public address just like in the time of Analog/ISDN connections.

And that also includes weird routers :
- Router with USB (as a network device) and a single Ehternet port,
that did hand out a private address over DHCP to the computer,
BUT THEN DID A 1:1 STRAIGHT MAPPING between the public IP address and the private address of the computer.
(What was the name of this already? "cone NAT" ?)

- Same as above. Except that now the DHCP can hand out 3 other adresses (to plug a networked printer ?)
But still does straight 1:1 Mapping with the first address (printer doesn't need to have internet access at all, and the whole internet needs to be able to win-nuke the windows machine).
I still have such a useless junk from ZyXel collecting dust somewhere - it got used only a couple of hours, the time it took me to go buy something better.

So the reason current NAT'ing does security is because in addition of employing private address, it does sensible packet filtering (block inboud traffic, allows on-demand outbound traffic for all parties, requires manual TCP-forwarding configuration or UPnP to allow inboud traffic), but there exist asinine ways to do unsecure private addresse that used to actually exist in the wild.

Comment Re: Sociopaths gonna sociopath. What's new? (Score 4, Interesting) 232

More progressives looking to play with numbers to justify whining about rich people

Your bias sees these studies as part of a political movement, mine sees them as part of the strangely recursive science of anthropology. From the moment we are born to the day we lose our mind, watching others is how we navigate the society we find ourselves in. Those at the top of the totem pole are no longer trying to navigate, they are either trying to steer or have anchored in a safe and pleasant harbour.

Comment Re:fun fact (Score 5, Insightful) 110

We spent 2 trillion dollars and 4000 lives to protect the oil industry. Heck, overthrowing democratically elected leaders for oil companies is one root cause of the radicalization of the middle east.

I think I can cut clean solar/electric industries a little slack when i consider what we spend t help the oil industry.

Their subsidies are buried so deep in the government, they don't even look like subsidies any more.

But imagine if 5 years from now, Oil demand had dropped another 10% due to electric cars? We'd be a lot less tempted to get involved in foreign entanglements.

Comment Re:Buzzword du jour (Score 1) 108

Advances in large scale chips capable of running neural networks have not slowed down, though. Microprocessors haven't gotten faster because the clock speeds haven't been rising, and there's only so much you can do to boost performance per thread by throwing more transistors at it. There may be some hype but there's a lot of things that are suddenly working. It really is true that there has been more progress in the last 5 years for AI than the first 50.

This may "just" be pattern recognition but it's stupendously better than before.

Slashdot Top Deals

Do molecular biologists wear designer genes?