Forgot your password?
typodupeerror

Comment Re:DST is Dumb (Score 1) 252

We can operate at night, but do we want to? Your comment is precisely why I'm an advocate for permanent DST I'm not a morning person, so fuck any light in the morning. Give me sunlight in the afternoon to sit outside and enjoy myself.

Also no we can't operate perpetually at night, at least not without medical issues. This is one of the reason vitamin D deficiency is a thing.

There is absolutely no reason that work and other mandatory things cannot be done at night, leaving the daytime free for you to do your own things. Wasting what limited daylight hours we have stuck in a cube farm with artificial lights anyway is ridiculous. There are very few jobs that actually require natural light these days.

Comment Re:They should do the same in The Netherlands (Score 5, Insightful) 252

The sun always rises later in the winter, that's the nature of winter... The only thing this changes is the arbitrary numbers that are displayed when the sun is rising.
Instead of fixating around those arbitrary numbers, plan your day around actual environment factors like when the sun rises etc.

Comment Re:What's the Real Danger? (Score 1) 76

Assuming that CGNAT makes you immune is a huge error.
Once you compromise a single customer you're now inside the CGNAT pool, where you will see lots of very vulnerable devices because they were left vulnerable on the assumption that they were not reachable. In an ISP with thousands of customers, at least a handful will have some infected devices.

Modern Windows devices absolutely do not become compromised via inbound connections to open ports, they become compromised via vulnerable client software or user error (eg phishing, malware infected downloads etc), all of which only depends on being able to make outbound connections.

Comment Re:Shouldn't this be expected? (Score 1) 76

Many simply don't care.
A lot of ISPs especially in Asia use CGNAT and/or rapidly rotating IPv6 and then do nothing about abuse so the address space is widely blacklisted.

In other countries ISPs aren't forced to use CGNAT, and use at least sticky if not fully static addressing so if customers get themselves blacklisted the ISP generally doesn't need to care as it won't affect other users.

Comment Re:standard practice (Score 3, Interesting) 76

Setting the policy to DROP just means that clients will try multiple times before timing out, which means not only will you waste bandwidth with the retries, but your own clients will experience a delay while they time out instead of receiving an instant rejection.

For legacy IPv4 networks the address space is so congested and in short supply that it's economically unviable to leave unused addresses, so you gain nothing from this. With IPv6 there might be some very limited security-through-obscurity value to someone not being able to identify a live address, but its also not practical to scan sequential address space anyway.

What this article really highllghts however, is how flawed the perimeter security model is. Modern end user devices will actually do perfectly well on an open connection, as they don't have any externally visible services. Indeed people frequently connect their devices to public wifi networks where they are fully exposed to the network owner, other users and potentially beyond and it hasn't caused the apocalypse.

People are relying on the perimeter security model, and then using really lousy insecure devices to actually implement that perimeter so they get the worst possible outcome. User think their devices are inside a secured perimeter when the very device supposed to be enforcing that perimeter has been compromised putting the attacker inside. These devices are often MUCH worse than today's end user operating systems.

The proper solution is zero trust - assume your devices are fully exposed and have to stand alone.

Comment Re:CGNAT (Score 1) 25

Using "ip address, user agent and screen resolution" is extremely unreliable - think any kind of organised environment like a corporate network, cybercafe, educational campus etc. They will usually have standardized hardware and software so all of the above will match.

There's a difference between a spam lawsuit and a criminal investigation, for a serious enough crime that absolutely will happen. There will also be prosecutions brought against the ISP for failing to identify the subscriber as various laws require them to do. If an ISP isn't complying with this requirement today they are gambling and could face severe penalties.

Comment Re:CGNAT (Score 1) 25

The primary reason botnets target random home devices is because of shared ip addresses.
Earlier botnets targeted servers (more bandwidth etc), but these are trivially blocked. Once you have shared addressing you can't blanket block it without upsetting users, so you end up with login requirements or operators being forced to accept some level of malicious traffic.

If you have static addressing, and your address space earns a reputation for non malicious activity then you have a much easier life. This still doesn't help them track individual users beyond "non malicious users and not bots come from this range" as they still have no idea how many devices, how many individuals, how many roaming users etc exist. A static address block could represent an individual household, it could represent a company or an educational establishment, or a public venue like a bar or cafe etc.

Comment Re:CGNAT (Score 1) 25

The idea that companies track you based on IP is a fallacy, they use cookies and similar technologies. Even if everyone had static addressing at home and companies like google could guarantee this was the case globally, people still travel so the same device can pop up from multiple different locations with wildly different source addresses. I have multiple devices at home, but on the same VLAN they originate from the same IPv6 /64. Sites like google consider them different users, and even guess completely different physical locations for them which are hundreds of km apart.

Having a shared IP is a hassle, and a frequently rotating one isn't far behind.

Just because you have a unique IP, doesn't mean external companies know who it belongs to unless the ISP informs them.

Allowing them to track you will actually alleviate the anti-bot problems, as they can identify you as a known user. The anti-bot measures kick in when you are a *new* user as far as the system is concerned.
If you are a new user from a new ip then you get some leeway, if you are a new user from a previously seem ip then you look more malicious as bots will never retain cookies as if the bots could be tracked they would be trivially banned, and will always show as multiple users from the same address.

ISPs probably also like it because it means that without extensive logging, for which there is no business justification, they can't identify who downloaded some movie that the MAFIAA et. al. want to sue over.

Depending on your location you will probably find that this extensive logging is mandated by law. And since the logging is being done anyway, the ISP will look for ways to recoup the costs which often involve selling the data.
You think organisations like the MPAA will accept a response of "well it could be any one of 50 different users" and just give up? Absolutely not, they will either go after all 50 users with threats, or go after the ISP etc.

Europol gave a presentation on this:
https://ripe74.ripe.net/presen...

The Europol investigation also highlights a "could be any of 50 users" problem which resulted in 49 innocent people being intrusively investigated for a serious crime committed by someone else. If you're concerned about privacy you absolutely don't want a shared IP because then you're either facing detailed logging or possible intrusive investigation through no fault of your own.

Slashdot Top Deals

Dealing with the problem of pure staff accumulation, all our researches ... point to an average increase of 5.75% per year. -- C.N. Parkinson

Working...