Speak Freely To Be Withdrawn January 15

wrenhunt writes "The Speak Freely site has this: 'On January 15th, 2004, Speak Freely will be discontinued and removed from this Web site. Existing users may continue to use the program as long as they wish, but no further releases will be forthcoming. For details and the reasons why Speak Freely is being discontinued, please see the full end of life announcement.'" The reasons are various and interesting; it's graceful of the author to provide an explanation of why a piece of software is going away. Update: 01/11 19:22 GMT by T : As reader pi_rules points out, this story is a duplicate -- my apologies.

Dupe.

[pi_rules]

http://slashdot.org/article.pl?sid=03/09/20/155625 3&mode=nested&tid=126&tid=185&tid= 95

For God's sake, search for 'speakfreely' in your own engine. It returns ONE result! The same damned article!

Re:Dupe.

At least that summary hinted at what this program is. SF = ?

Re:Dupe.

[Dilbert_]

There is only one thing more pathetic than complaining about duplicate slashdot stories, and that is complaining about complaints about duplicate slashdot articles... Come on, who goes more recursive?

Re:Dupe.

[Mod+Me+God]

Even more pathetic than complaining about complaints about duplicate /. articles is complaining about the complaints that are complaining about duplicate /. articles. Word.

Re:Dupe.

[tungwaiyip]

Slashdot should probably be enhanced to do a automatic search before an article is submitted. Is there good algorithm to extract keywords from subject and passage?

Cheap routers..

[Aliencow]

Why isn't it easier for people to open up ports on their cheap routers ? Tell someone to "Just forward your port 4893 to your computer" and they'll look at you like you're an alien, so why not include an application to do it that goes in their start menu (in addition to the web based interface) that would detect software trying to listen, and then asking if you want these to be open ? A bit like ZoneAlarm but controlling the router...

Re:Cheap routers..

[TheSpoom]

He's referring to ISPs NATing off their customers, not customers being restricted by their own routers. Though honestly, I've never heard of an ISP doing this where I live (Ontario, Canada)... Maybe I just haven't been paying attention. Suffice it to say that if my ISP does it, they'll probably be losing me as a customer.

Re:Cheap routers..

[JebusIsLord]

that sounds a lot like Universal Plug and Play, which IS supported by Windows XP and many routers. For example, MSN messenger needs UPnP to open and close random ports within a NAT to send and recieve files... without UPnP this function does not work. There is also a free UPnP implementation for Linux NAT boxes out there as well.

Re:Cheap routers..

[Reik]

I hear ya. I play games all the time with friends from work...and for somethings we need to forward a port through a firewall. I just twiddle a line or two in the natd.conf on my BSD firewall. They all have linksys or other routers...so they just kind of blink a few times, then disconnect the router/firewall and hook their PC up directly to their DSL connection (*sigh*)
It's even more sad cause two of them designed and built the hardware for an industrial NIC (10/100) with Copper and Fiber..dual port with fail over. Of course they didn't do the software....

Re:Cheap routers..

[Aliencow]

Yeah but does it actually ask you or it just does it ? Because if it just does it that'd be a bit insecure no..?

Re:Cheap routers..

[kfg]

Yeah, UPnP is pretty nifty. Just think about it. All you have to do is install a piece of software and it can give itself whatever firewall permissions it thinks it needs to do whatever deed it thinks it needs to do, and all without involving the user.

And imagine never having to flash firmware again. The device simply keeps track of available upgrades and flashes itself.

Why, Belkin could give us a new popup coded directly into firmware every week. That way you never have to get tired of looking at the same one over and over again.

Sign me up.

KFG

Re:Cheap routers..

Tell someone to "Just forward your port 4893 to your computer" and they'll look at you like you're an alien

Uh... I'm not sure how to say this, Aliencow, but the reason people look at you like you're an alien, and maybe just a bit bovine...

Re:Cheap routers..

[uradu]

> He's referring to ISPs NATing off their customers, not customers being restricted by their own routers

His rant gives no indication either way, I don't know how you draw that conclusion. Your own experience (and mine, and most others') tells you that you've never heard of ISP-level NAT, so why would he mean that? He's just bitter about NAT for whatever reasons and venting by the most dramatic means he has: EOL-ing a fairly popular piece of software. Well, I know why he hates NAT, but that's hardly NAT's fault, that's similar to getting angry at the color Yellow for being so bright. Instead of pouting, he could think about or work on some generic method to overcome NAT's inherent weaknesses.

In fact, since--as he himself puts it--NAT will be with us for a long time, even after switching to IPv6, it might be very worthwhile for him to think about methods of addressing private computers below the transport level, but above the application level. A universal method of sub-addressing machines would be very useful, since not all machines will ever be on the public internet, whether for security or address limitation reasons. Port mapping works well enough for some things but has inherent limitations (16 bit, many apps assume fixed ranges etc.), and ports were really meant to identify applications on a single machine, not machines on a network. It's really a hack, and you don't build future technologies on hacks.

Re:Cheap routers..

Wow, you really are as dumb as people claim. Router, not a firewall. Router, not a firewall. Repeat that to yourself over & over.

Re:Cheap routers..

you are lying - you actually enjoyed saying that just as much as the rest of us enjoyed reading it

Re:Cheap routers..

[kfg]

Ok, I tried that. Got a nifty little samadhi out of it after awhile. Not necessarily the mantra I'd recommend, but it functions.

Here, now you try one.

UPnP, not RPnP. UPnP, not RPnP.

Give it about 10 minutes before it configures the port to the Tao. Unless, of course, your firewall is configured to block the Tao's ip (as I suspect is the case), then it might take rather longer.

KFG

Re:Cheap routers..

[TheSpoom]

Then it's time for a paradigm shift, since I've obviously been misunderstanding.

Admittedly, NAT can stop inbound connections from reaching a computer that otherwise would receive all connections had it not been behind a NAT router. But my computer is no longer a peer on the internet; my NETWORK is now a peer on the internet, with ports opened and forwarded to multiple machines as I see fit. In one way of thinking, it allows me to use the computers in my home more as I would had I been running a corporate perimeter network, with different machines running web servers, FTP servers, and the like.

Admittedly, Joe Sixpack has no idea why his computer won't allow inbound connections anymore after he's put a router on his network, but here's the thing: Joe Sixpack has no idea what an inbound connection is, nor, likely, does he even know SpeakFreely even exists. If Joe Sixpack doesn't want the feds snooping on his conversations, he'll find a way to forward his ports, like all decent home-level routers allow. If John Walker wanted to combat this NAT-related inability to use his software, why didn't he just post some documentation or links showing how users can forward the correct ports? The moment Joe Sixpack wants to use SpeakFreely, he could go to the site and see "hey, I have a Linksys router, and this link that says 'IF YOU HAVE A ROUTER CLICK HERE' shows me how to get around it!"

IMHO this whole end of life thing seems a bit much if it's based entirely around home-level routers, as this issue is largely avoidable.

Re:Cheap routers..

[OeLeWaPpErKe]

the purpose of nat "firewalls" (which is what most people run) is to make computers unaddressable.

Take that out and you're fucked on the firewall part.

Re:Cheap routers..

[uradu]

> the purpose of nat [...] is to make computers unaddressable.

No, the purpose of NAT is to allow multiple computers to share one single public IP address. The firewalling is just a convenient side effect. You can still deny incoming packets even if they're addressed to a very specific machine, so just because internal machines are addressable doesn't mean you can't still have effective firewalling. It will just rely on other mechanisms.

Re:Cheap routers..

[SomeGuyFromCA]

> For example, MSN messenger needs UPnP to open and close random ports within a NAT to send and recieve files... without UPnP this function does not work.

Funny, AIM somehow manages to do it. Oh, right, since we're not all running AOL OS, AOL has to find a more polite and less insecure way to accomplish the same thing.

Re:Cheap routers..

[nacturation]

His rant gives no indication either way, I don't know how you draw that conclusion. Your own experience (and mine, and most others') tells you that you've never heard of ISP-level NAT, so why would he mean that?

Walker's announcement does give an indication:

• But won't NAT go away once we migrate to IPv6?
  (If you don't know what IPv6 is, please skip ahead to the next question.) First of all, any bets on when IPv6 will actually be implemented end-to-end for a substantial percentage of individual Internet users? And even if it were, don't bet on NAT going away. Certainly it will change, but once the powers that be have demoted Internet users from peers to consumers, I don't think they're likely to turn around and re-empower them just because the address space is now big enough.

The question that is relevant here is: Why would the "powers that be", such as ISPs, need to re-empower users unless the ISPs were the ones who removed that power to begin with? And if the address space wasn't big enough before, what's a solution? Why, NAT!

He's just bitter about NAT for whatever reasons and venting by the most dramatic means he has: EOL-ing a fairly popular piece of software.

Did you actually read the announcement? You might be interested in the paragraph Why all the dramatics of an "end of life" announcement?. What appears to be dramatics to you is a helpful explanation and courtesy to others. You'd be on here ranting if he simply abandoned it.

Well, I know why he hates NAT, but that's hardly NAT's fault, that's similar to getting angry at the color Yellow for being so bright. Instead of pouting, he could think about or work on some generic method to overcome NAT's inherent weaknesses.

Pouting? Getting angry? You sound very hurt about his decision to discontinue development. Perhaps this section of the article would interest you:

• Writing software and giving it away doesn't incur any obligation of any kind to any person. I've been working on this program off and on for more than 12 years. At my age (don't ask, but if I live as long as Bob Hope did, I'm more than half way to the checkered flag), the prospect of spending another five or ten years dreaming up clever countermeasures to an Internet that's evolving to make programs like Speak Freely impossible, in a climate where creating a tool some people find useful and giving it away only invites incessant malicious attacks upon it motivated solely by nihilism, for a shrinking user community forced to master the ever-growing complexity all of this requires does not appeal to me. Programs, like people, are born, grow rapidly, mature, and then eventually age and die. So it goes. If somebody disagrees and wants to step in, they're more than welcome, but such a person has yet to appear over the entire history of Speak Freely.

He's not pouting -- he's providing a rational explanation as to why he has chosen to discontinue work on Speak Freely. Your reaction to his decision is quite telling though.

In fact, since--as he himself puts it--NAT will be with us for a long time, even after switching to IPv6, it might be very worthwhile for him to think about methods of addressing private computers below the transport level, but above the application level

That may be a worthwhile endeavor to some, but Walker has already indicated that he does not consider such work worthwhile (by his own standards, not yours). Heck, if you consider that kind of work to be so beneficial, how about doing it yourself? It might be very worthwhile.

Re:Cheap routers..

I cant believe that no-one yet yet mentioned that 'The Man' is now after new and unprecedented wiretapping powers for VOIP phonecalls. The sort of stuff that can be done at any time with no involvement or approval by the courts at all. The sort of thing that an ISP is forbidden to disclose to its customer base, even when they are aware that the integrity of their customers' data has been and is being compromised.

But hey, dont take the word of an AC, google for 'voip wiretap' yourself and inform yourself of the ongoing destruction of the 'unreasonable search' rights we once had.

Do you think that there is a coincidence between this, and the canning of development of a free speech & free beer VOIP product that uses military-grade encryption? Not that I'm calling the developer cowardly or anything.. faced with intimidation and threats from the FBI & DOJ I think most people, myself included, would cave in under the pressure and ditch the project too.

Re:Cheap routers..

Mod parent up! Couldn't be more accurately stated.

Re:Cheap routers..

[uradu]

> Why would the "powers that be", such as ISPs

The ISP bit is your interpretation, nowhere does his piece mention the word ISP or provider or whatever. It could also mean government regulators, or whatever, if you're of the tin foil hat crowd. In fact, one extremely strong point against your ISP conjecture is that broadband providers are starting to clamp down on NAT usage, instead wanting to lease you an IP address for every single machine on your home LAN. IOW, creating an artificially scarce IP address resource is about squeezing out cash from customers, not about limiting their internet usage paradigms. They would be most happy to sell you an IP address for each machine, along with the "right" to set up a server, etc., all for a very juicy monthly fee.

> Did you actually read the announcement? You might be interested in the
> paragraph Why all the dramatics of an "end of life" announcement?

That's nothing but spin to make it seem like he's not pouting. But read the whole page carefully several times (I did), and the overwhelming message is that of disgust with NAT and a yearning for the good old every-man-and-his-analog-modem days. Everything else is just spin.

> You'd be on here ranting if he simply abandoned it.

Hardly. I've never used SF and probably never will, not for spite reasons or anything, I just never had a need for it.

> Heck, if you consider that kind of work to be so beneficial,
> how about doing it yourself? It might be very worthwhile.

And how do you know that I'm not? Network communications is one of my main areas of interest, and session initiation in a world of NAT *is* a problem, but there are solutions other than proxy servers or just giving up. That's just plain nihilism.

Re:Cheap routers..

[uradu]

> Do you think that there is a coincidence between this, and the canning of
> development of a free speech & free beer VOIP product that uses
> military-grade encryption?

Actually, the tin-foil-hat part of me did pipe up with this idea while reading the post. But the guy seems to be based in Switzerland, and at least emotionally he would feel less under the auspices of Uncle. Of course, who knows.

Re:Cheap routers..

[nacturation]

> Heck, if you consider that kind of work to be so beneficial,
> how about doing it yourself? It might be very worthwhile.

And how do you know that I'm not? Network communications is one of my main areas of interest, and session initiation in a world of NAT *is* a problem, but there are solutions other than proxy servers or just giving up. That's just plain nihilism.

I guess when he's been doing it for over a decade and given that he's already over 50 years old, the benefits for him no longer justify the cost involved. I also read the announcement over several times, and while there is a certain amount of pining for the old days of 1 machine per IP address, there is also the realization that continued development is no longer his bag. Nihilism though? I think that's reading into it a bit too much.

Re:Cheap routers..

[uradu]

> Nihilism though? I think that's reading into it a bit too much.

Hey, that was conjecture on MY part <g>.

Re:Cheap routers..

The whole whining NAT thing is BS. Every other company that WANTS to make it work can do so for 90% of the NAT users. Making this even easier now for windows users at least is MS Advanced networking pack. It's so STRANGE how I, being NAT'd can communicate directly with another user who is also NAT'd. All this WITHOUT having to do anything including open router ports manually. WOW, it would seem he is full of shit/lazy/bitter. One thing to not want to do it, another to blame NAT, then another to insult any person who may WANT to take over development and fix it..

Re:Cheap routers..

ROFLMAO... Thanks for making me squirt coffee through my nose this morning.

Re:Cheap routers..

[JebusIsLord]

Jeez man, i was just demonstrating how UPnP works, not pimping MSN messenger.

You lost me

[radoni]

...at "Start Menu"

One Reason

They weren't in a licensed free-speech zone.

And we will call it...

[DAldredge]

And we will call it, i don't know, Universal Plug and Play?

HINT. Do a Google search on Universal Plug and Play. It does what you are asking. I do not use it, but the latest beta firmware for my WAP supports it.

Open-source it?

[Faust7]

There is ... no indication that any other developer qualified to do the job and sufficiently self-motivated and -disciplined to get it done exists.

In the vast herd of OSS developers, there are surely some that would qualify in both skill and motivation. Granted, one wouldn't be able to assemble a team of dozens, but that's not altogether necessary--even Linux doesn't have that.

Even if ... another developer or group of developers volunteered to undertake the task, the prospects for such a program would not justify the investment of time.

Well, why not let them decide that?

Re:Open-source it?

[TheSpoom]

It is open source :^)

Re:Open-source it?

[TheSpoom]

And yeah, I use Windows for the most part, the Unix version is here.

Re:Open-source it?

[Faust7]

You know what I meant--a more "official" passing of the development torch.

Re:Open-source it?

[lukior]

RTFA he did open source it. According to his statements anyone is able to use it and do with it what they please. He is only saying that in the twelve years since he has been developing the program no one has come forward or shown an interest in helping.

Re:Open-source it?

[willtsmith]

It could be that no one wanted to help him do what HE wanted to do.

It's very possible that theres plenty of people who want to add their own features. Surely, when NATs start thwarting them, individual users will hack the thing up to evade NATs.

This is the evolutionary software model. It's the Xtreme programming approach. And it's apparently the approach with the most success.

Too bad -- design was obsolete

Any protocol that isn't designed to accomdate NAT is incompatible with the modern Internet and is obsolete by design.

Yes, in the stone ages, the Internet was "end-to-end". It's not anymore. Sorry for your loss.

Re:Too bad -- design was obsolete

[Albanach]

Then almost all voip and h323 software is "obsolete". Alternatively, perhaps you jsut don't know much about the protocols and why they're difficult to route over NAT. Don't you think is you could easily design coip to run through NAT everyone would be doing it? Even skype needs a non NAT box to work - if neither client can be used it'll use someone else in the middle.

As has been pointed out, what we really need are easier solutions such as port forwarding - you could turn the port into an extention number. So your voip could be slashdot.org:5 and then a bit like VNC have traffic routed to slashdot.org port xxxx + 5. For that to work we'd need cooperation from router manufacturers.

The other alternative is IPv6. VoIP might just be the driving force needed to see IPv6 deployed in the real world.

Re:Too bad -- design was obsolete

Apparently the h323 people at least were old school type that had it in for NAT. It could be difficult to do, but I don't think these people even want to try.

10 years ago I worked at a place that had a global tcp/ip network. Even back then we were NATed. "End to End" didn't survive when the Internet graduated from universities.

Re:Too bad -- design was obsolete

[pla]

The other alternative is IPv6. VoIP might just be the driving force needed to see IPv6 deployed in the real world.

I don't see that as a solution, for one basic reason... Why do most of us NAT/MASQ our connections in the first place?

Yeah, some do it for the sake of firewalling, but most of us do it because our ISPs will only give us a single address, and at best will let us pay more for an extra two or three addresses.

Using IPv6 won't change that. It would technically mean we have an abundance of addresses, but our ISPs would still pull the same BS, expecting us to pay more for the same level of service.

And even then, most broadband ISPs have rules against running "servers", a concept so vague that an out-of-the-box Windows box technically violates it (although ironically enough, while they piss and moan over having an open telnet port, they'll overlook a wide open SMB share). So what use would we have for an abundance of IP addresses? If my ISP limits me to acting as a pure client, I can do that just as well behind a masquerading gateway as I can with each machine directly on the net.


As has been pointed out, what we really need are easier solutions such as port forwarding

I kinda missed his point with that one... Port forwarding works pretty well, assuming your ISP doesn't spank you for having an open port. I tell my masq box to send port X to an internal machine, and it works. No hassle beyond a single firewall rule. So why doesn't port forwarding provide a sufficient means of getting around the NAT-to-NAT connection problem?

Re:Too bad -- design was obsolete

> they'll overlook a wide open SMB share

Rarely. Most broadband ISPs firewall the SMB/RPC ports. On cable, this is actually done at the cable modem to prevent the 'network neighborhood' effect.

Re:Too bad -- design was obsolete

[Bookwyrm]

Bluntly speaking, yes, all VoIP and H323 software is obsolete for these reasons.

People are confusing "end to end" applications with "end to end" mechanisms.

When the telegraph was the latest technology, the 'application' and the 'mechanism' were practically identical -- pulses of electricity sent over a wire. Same with the initial voice and phone system. Over time, though, people started separating the 'application' (voice/information transmission) from the 'mechanism' (eletrical patterns on the wire.) Separating the two layers, now we have the ability to place phone calls that are digitized, sent over wires, over fiber, over radio waves, and coverted back to voice. The application (voice) is still end to end, but the mechanism isn't.

Many protocols today are obsolete because people have and still confuse the 'application' (voice, web access, email) with the 'mechanism' (associated protocols bound to IPv4). We want the application to run end-to-end, because that is what make the application useful -- but folks have confused this with requiring the mechanism to be identical from end to end -- IPv4 without NAT, all the way! That is like saying we should only over end to end copper, with no fiber in between.

End-to-end IPv4 (no NAT) used to be the application -- like in the days of the telegraph, the mechanism and the application were synonymous. That is an obsolete model, though. Our needs and demands have gotten more varied and complex from the point of view of the applications -- the mechanism (IPv4) needs to be separated out from the applications.

Imagine if you could not translate digital information from electronic pulses to optical ones. In order to replace a copper network with a fiber one, you'd have to replace the entire thing at once -- regardless of whether or not that made sense. Fortunately, because we can translate and manipulate the mechanisms, we can use a mix of technologies and capacities and do gradual upgrades and best-fit uses of technology without breaking anything. If people wrote their network protocols and applications *properly*, in a non-obsolete fashion, then the transition to IPv6 would be fairly painless and quick. However, the insistance on end-to-end mechanisms is locking us into IPv4 and makes the upgrade to IPv6 very painful.

Geeze. Isn't it obvious that *mandatory* end-to-end anything is a disaster waiting to happen? If end-to-end lock-in is a good model, why the complaints when companies like Microsoft or such try to make people use nothing but Microsoft products 'end-to-end'? Whenever that happens, people start shouting about open interfaces and needing interoperability between different vendors and products. Yet when it comes down to IPv4, people fall down on their knees and worship the way things have been (badly) designed to *require* end-to-end IPv4. (That is, end-to-end conformity is not a bad thing in and of itself, but the requiring of it is a lock-in that inhibits change and growth, as well as competition.) Modularity, anyone? What next, going to propose that electricty only be made and transmitted as 120V AC end to end, and you can't transform it into DC current or anything else because it breaks the end to end model?

Think a bit more, folks. End-to-end uniformity, conformity, blandness is all well and good, but much of the advancement in technology and industry comes from having standardized *interfaces* and *translations* that allow us to interconnect different mechanisms together to make more interesting things. (No IPv4 is not a standardized *interface* when it is coupled with the requirement to be end-to-end. A good interface should hide the implementation details both sides. The end-to-end requirement violates the hiding principle.)

Re:Too bad -- design was obsolete

[uradu]

> As has been pointed out, what we really need are easier solutions such as port forwarding

What we really need is a generic method of sub-addressing machines. The public/private network paradigm is here to stay for various reasons, so we should shape our protocols to cope with that. We need another protocol between IP and TCP/UDP: IP addresses a point-of-presence on the internet, TCP/UDP a POP on a machine (i.e. an app), we need something that addresses a POP on an internal network. In fact, it could be a nestable protocol that replaces IP and allows for unlimited levels of private subdivision. That way a large company could have multiple internal NAT setups and you could still address a specific machine several levels down the hierarchy. I guess one could modify IP to be nestable, and IP stacks inside routers to be aware of it. Then you would address a private machine as a.b.c.d/e.f.g.h where a.b.c.d is the public IP address, and e.f.g.h the private one. The public NAT router would examine the next nested IP header (in this case e.f.g.h) and pass the packet to the correct internal machine (which could be another NAT box, ad infinitum).

The downside of course is that we're then back to the old UUCP days where you had to explicitly specify the route to the destination machine, making the network more fragile. Still, given that for the vast majority of setups it would be just a two-tiered setup (public internet and internal LAN), it should be workable.

Re:Too bad -- design was obsolete

[graf0z]

Any protocol that isn't designed to accomdate NAT is incompatible with the modern Internet and is obsolete by design

Wrong. You mix up different problems. There are 'evil' protocols like ftp or ipsec or sun/rpc or ... which are not compatible with single NAT (client NATed, server not). ie. they negotiate a random second port for a data channel like ftp does. These protocols are 'bad by design'. Some of them can be NATed if the nat box tracks the negotiation ("ftp helper module").

But mr. Walker is speaking about the double NAT problem: if client (the peer that initiates a connection) and the server (the peer that receives that initial packet) are located behind NAT boxes you are lost. NO protocol is compatible to that situation.

Many propose "oh just configure portforwarding on your NAT box", but that does not scale. Imagine a bunch of workstations configured via dhcp behind NAT (typical setup in mid-range companies). How do you set up that? What are you doing as netadmin if everyday another P2P protocol pops up?

Mr. Walker's rant is sad but true. The only solutions i see are

• wait for ipv6 and hope it's potential will be used (instead of re-apply NAT to it)
• (will never happen) create a generic protocol for NAT-box communication for anvertising internal services. Each p2p-protocol could use it. NAT box vendors had to implement it.
• (the way IM services work) install huge proxies which route all p2p-traffic
• (the way filesharing networks work) classify peers: 'good' peers are not NATed and act as proxies for the others. As gratification they get more bandwidth within the fs-network
• forget p2p

I am sure that we all would use VoIP now if there were no NAT.

/graf0z.

Re:Too bad -- design was obsolete

[mysticalreaper]

Wow. I *completely* disagree with what you've just stated here. Allow me to explain why.

First off, the internet was BUILT as an end-to-end network. You cannot just sweep this fact aside by saying it's "outdated". This principle is what MADE the internet successful. Without end-to-end, the internet would have gone nowhere. Really.

We want the application to run end-to-end, because that is what make the application useful -- but folks have confused this with requiring the mechanism to be identical from end to end

But now, in the new system, it requires that the network be AWARE of the application, and configured EXPLICITLY to allow this certain type of data to be transferred. Now you have to ask permission from the people who control the network to run your application. Now you have to make configuration changes in the network itself before you can run any new application. Gone is the open development environment of the internet. Gone are new applications that pop up that anyone can use immediately. (This is how the web started. Your NAT support would have made the web so difficult that it wouldn't have gone anywhere. Imagine the millions who would have had to configure their NAT to work with a new system of doubious worth.)

You say that the network should be SEPERATE from the application, and then go on to promote the application being DEPENDANT on the specific configuration of the network.

"like in the days of the telegraph, the mechanism and the application were synonymous. That is an obsolete model, though. Our needs and demands have gotten more varied and complex from the point of view of the applications -- the mechanism (IPv4) needs to be separated out from the applications."

AND IT IS! That's the POINT, Bookwyrm. Currently, in the 'obsolete' model, the network is TRANSPARENT to the application. No specific configuration of the network is requried. The network is seperate from the application. However, NAT makes the application depend on the network, and thus makes the network and the application once again joined, like the telegraph, phone and cable TV networks of the past. That's a step BACKWARDS.

Even now, because of NAT, we can observe the harmful effects of new development. VoIP doesn't work properly. File sharing applications are suffering massively because people can't share, even when they want to. Running a server of any kind, (a game server for you and your budies to play on) requires additional configuration, making it harder. People in certain situations, like in university, for example, have no ability to influence the functionality of the NAT, and are stuck being internet consumers. And don't forget that it's even MORE arduous to have multiple computers doing the same thing, like being a webserver, behind the NAT. Now you have to specify to the CLIENTS to use different ports for different servers behind the NAT. It begins to get so ugly that people give up.

Your goals are noble, Bookwyrm, but your thoughts on the matter are misguided. This site might help shed some additional light on the situtation.

And finally, the people who invented the internet for real though that end-to-end addressing was the best idea, and from their efforts, we have the most advanced communcation system humans have ever seen. To say that they are utterly wrong requires some guts, and also a LOT of backing up. In other words, the proof is in the pudding. Where is YOUR all NAT internet?

Re:Too bad -- design was obsolete

[mysticalreaper]

Okay, uradu, we already HAVE a system for doing that.

You propose a a.b.c.d/e.f.g.h addressing sheme. Where a.b.c.d is the connection facing the world, and e.f.g.h is the internal IP. How is that any better than our current set up of having e.f.g.h point directly to the host? You're still pointing directly to the host in both cases. Oh, perhaps you're worried about security?

Well, if you have an office building with a single internet connection feeding all the computers, you can still put a firewall on that single connection, and block ports or types or traffic you do not want, on a host-by-host basis. In fact, this is regularily done. And it requires no modification of the internet structure at all. No new stack, no new routers, nothing like that. And it keeps things more simple anyway.

The public NAT router would examine the next nested IP header (in this case e.f.g.h) and pass the packet to the correct internal machine (which could be another NAT box, ad infinitum).

I laughed when i read this. What you just described is a router. A plain regular router of which thousands exist. I looks at the destination IP of the packet, and forwards it on to the correct place! Wow, what a concept!

Still, given that for the vast majority of setups it would be just a two-tiered setup (public internet and internal LAN), it should be workable.

But this is how it works already! The internet is a network of networks, so to speak. How a individual network runs it's own operations is it's own business, being part of the 'internet' just means it's connected to other networks already.

The thing is, the wheel has already BEEN invented, guys. Re-inventing it by suggesting 'new' ideas on slashdot is not required, nor does it lead to innovative ideas. Rarely, at least. The internet is the way it is because it's a GOOD design, capable of many things, highly functional. Witness how widespread it has become. If it had crippling design flaws, it would never have gotten this far.

Re:Too bad -- design was obsolete

[nacturation]

I laughed when i read this. What you just described is a router. A plain regular router of which thousands exist. I looks at the destination IP of the packet, and forwards it on to the correct place! Wow, what a concept!

Not quite though. If you sent a packet to ip address 12.34.56.78 and port 5555, which NATed machine does it go to? Does it send the packet to 10.0.0.1 or 10.0.0.2 or ...? Can *you*, as the originator of the packet, specify what machine the packet is routed to given that there are multiple NATed machines listening in on port 5555?

Re:Too bad -- design was obsolete

[Bookwyrm]

First off, the internet was BUILT as an end-to-end network. You cannot just sweep this fact aside by saying it's "outdated". This principle is what MADE the internet successful. Without end-to-end, the internet would have gone nowhere. Really.

Rebuttal: First off, the initial gun powder weapons were BUILT as muzzle loading, single shot weapons. I can certainly sweep this fact aside as "outdated". This does not say that the black powder weapons were NOT successful in their time, but now, they would not go anywhere. Really.

But now, in the new system, it requires that the network be AWARE of the application, and configured EXPLICITLY to allow this certain type of data to be transferred.

Well, duh. What else do you call a firewall?

Now you have to ask permission from the people who control the network to run your application.

Well, duh. Ever looked at your Terms of Service agreement? Look closely at the your own statement! "Ask permission from people who CONTROL the network" -- they control it, it isn't YOUR network.

So far, you seem to be building a spammers haven -- no filtering, and no one who can tell a spammer not to run their spamming applications.

Now you have to make configuration changes in the network itself before you can run any new application. Gone is the open development environment of the internet. Gone are new applications that pop up that anyone can use immediately. (This is how the web started. Your NAT support would have made the web so difficult that it wouldn't have gone anywhere. Imagine the millions who would have had to configure their NAT to work with a new system of doubious worth.)

Great. Tell me how to access an IPv6 server from an IPv4 application. Wow! Looks like we need NAT before we can have all these new applications.

AND IT IS! That's the POINT, Bookwyrm. Currently, in the 'obsolete' model, the network is TRANSPARENT to the application. No specific configuration of the network is requried. The network is seperate from the application.

Bull. The application is aware of IPv4 addresses, therefore it is not separate from the network layer.

However, NAT makes the application depend on the network, and thus makes the network and the application once again joined, like the telegraph, phone and cable TV networks of the past. That's a step BACKWARDS.

NAT does NOT make the application dependent on the network. The application was ALREADY dependent on the network. If it wasn't dependent on the network, changing the network would not break the application.

Silly.

IP addresses have no place in the application layer. You can't say that the network is transparent to the application, because if the network was transparent to the application, the application would not break because of NAT! NAT breaks the applications because the applications are dependent on the configuration of the network.

If the applications were not dependent on the network configuration, then I should be able to run the same application across a Bluetooth conneciton, ethernet, GSM, and ATM, without changing one aspect of the application. Instead, all these applications *NEED* IPv4, they are *DEPENDENT* on IPv4 being configured without NAT. They require knowledge of IPv4 address space -- they break with IPv6 addresses.

This is NOT transparency. This is dependency, addiction.

End-to-end addressing the best idea? Great! Let's use MAC addresses instead of IP addresses! Heaven forbid we translate or map IP addresses to MAC address on ethernet! Goodness, those folks who developed ethernet much have been a bunch of idiots then, right, to require another level of translation and mapping? Even if it does allow for people to use IPv4 and IPv6 over top the same med

Re:Too bad -- design was obsolete

[zangdesign]

I use NAT for one simple reason - NOT doing it would be one more opportunity for some twerp to try and break into my network. Until it becomes possible to narrow the source of an attack down to a single person or persons, the chance of losing control over my own networks is not worth the risk.

Re:Too bad -- design was obsolete

[Trejkaz]

What we really need is a generic method of sub-addressing machines.

I propose we invent a new part of the address. We could make it 16 bits, so you can get effectively 65535 virtual 'hosts' (one reserved) using a single IP address. Furthermore I propose we call this a 'port'.

Now the question is just how to get everybody to implement it...

Re:Too bad -- design was obsolete

[Otto]

Many propose "oh just configure portforwarding on your NAT box", but that does not scale. Imagine a bunch of workstations configured via dhcp behind NAT (typical setup in mid-range companies). How do you set up that?

Give every machine a name, configure the NAT box to forward whatever port you want to that name instead of to a specific IP address. If you're using anything better than a home-type cable/dsl NAT box, then it most likely has support for this, for exactly this type of reason. More likely, you're using a NAT/firewall machine which has a lot more configurability than the home boxes.

What are you doing as netadmin if everyday another P2P protocol pops up?

If you're doing your job right, you're probably doing your best to make sure it is blocked at the firewall. It's a workplace, not the users personal playground. Not every application should be allowed to run inside your network. It's the companies' network, not the user's.

If there's a legitmate reason to allow an application access to the network, then you can configure the network to allow it. Otherwise, the network's firewall should be blocking it by default. That's what a good netadmin does. Duh.

Re:Too bad -- design was obsolete

[dubl-u]

Using IPv6 won't change that. It would technically mean we have an abundance of addresses, but our ISPs would still pull the same BS, expecting us to pay more for the same level of service.

Possibly not.

Back in Ye Olden Days, IP addresses were free and easy to get. But they became a relatively scarce resource, and companies started charging because of that.

When IPv6 takes off, ISPs will be able to give out as many addresses as they like without incurring significant costs. With even a modicum of competition, that will stop them from charging for extra addresses. And it certainly means they won't have to charge you for a single real address. If nothing else, that will result in reduced support calls.

Mind you, that may not apply to fixed addresses. People who need fixed addresses are up to something more than the average consumer. From the business perspective, it makes sense to charge more to them.

Re:Too bad -- design was obsolete

[dubl-u]

What we really need is a generic method of sub-addressing machines.

We already have at least two.

One is IPv6. The other is VPNs. Instead of coming up with a completely new mechanism and getting it in the routers, we should go with one that we've been working on for a while and just get it deployed.

Re:Too bad -- design was obsolete

[uradu]

> Furthermore I propose we call this a 'port'.

Cute, but I already mentioned its existence in my post, and the need for something else.

Re:Too bad -- design was obsolete

[Trejkaz]

My bad. I guess I mustn't have spotted the word 'port' in there. I do need new glasses.

Re:Too bad -- design was obsolete

[dubl-u]

If you're doing your job right, you're probably doing your best to make sure it is blocked at the firewall. It's a workplace, not the users personal playground. Not every application should be allowed to run inside your network. It's the companies' network, not the user's.

That depends on what kind of company you're at. If workers are treated as machiery, that's probably true. For example, running a big call center, you might be able to argue that things should be locked down.

But there are other kinds of companies out there. Any software development shop, for example, that locks things down excessively will lose good developers at an astonishing rate. In fact, pretty much any company where you have people needing to do creative work, there's benefit to locking things down as little as possible.

If there's a legitmate reason to allow an application access to the network, then you can configure the network to allow it. Otherwise, the network's firewall should be blocking it by default. That's what a good netadmin does. Duh.

If a network is of the size and resources to afford a good netadmin who isn't overworked, then that makes sense. I'd guess that covers, say, 5% of the computers out there. For the bulk of the population, we need better solutions.

Re:Too bad -- design was obsolete

[uradu]

> I laughed when i read this. What you just described is a router. A plain regular router of which thousands exist.

You don't quite follow me, I'm afraid. In my example, the only public (and publicly routable) IP address is a.b.c.d, which as far as the greater internet is concerned, is the final destination address of this packet, and the payload of the packet is opaque as far as anybody is concerned. In our case it's actually the address of a router. Only this router cares that there is another nested packet inside, with a further destination address, e.f.g.h. This is NOT a public IP address, and is thus not publicly routable. In a home user's case it could be 192.168.0.3, the address of your internet-attached vibrator. Only your router at a.b.c.d knows how to route the packet on to e.f.g.h. Furthermore, let's say your vibrator is in fact a wireless router that services your webcams scattered throughout your "compound". For whatever paranoid reason you don't even want these to be attached to your main intranet directly. So now to address webcam B to see Dee at i.j.k.l, your packet has three nested headers: a.b.c.d/e.f.g.h/i.j.k.l. Only the wireless router at e.f.g.h knows how to route to i.j.k.l, etc. For simplicity and genericity you would make this nesting scheme unlimited, but for most setups it would be a two level system--internet and intranet.

Incidentally, this scheme is hardly innovative. Especially in industrial settings you often find "networks of networks", where gateways connect dissimilar networking technologies that usually don't run IP in a router fashion. The issue is then often how to generically address a device on a sub-sub-network somewhere out there.

It could be useful to extend the IP protocol to allow partitioning off private intranets with machines that don't have to show up in the (ever growing) public DNS tables, yet can still be addressed individually provided you know where you want to go.

Re:Too bad -- design was obsolete

[uradu]

> Can *you*, as the originator of the packet, specify what machine the packet is
> routed to given that there are multiple NATed machines listening in on port 5555

How would "multiple NATed machines" "listen in" on the same port? A router normally forwards packets from ONE port to ONE machine, unless you've hacked yours to broadcast them instead on the LAN.

The reason he doesn't get what I mean is that with current routers and IP you cannot directly send a packet from outside to address 192.168.1.3 on your home LAN without mapping it to a particular port. With a nested IP scheme your router would receive the packet because of the outer-most envelope, and would then examine the inner envelope to find the next destination of 192.168.1.3. Essentially we're talking about explicit routing in a sense.

Re:Too bad -- design was obsolete

[uradu]

> We already have at least two.
> One is IPv6. The other is VPNs

IPv6 doesn't solve the problem of how to reach private addresses, it merely provides tons more public ones to eliminate the need for private ones. Except the lack of public addresses isn't the only reason for the modern use of NAT anymore.

Regarding VPNs, it's an interesting way of bypassing the problem by making you a part of the private network, but you get other problems that way. You obtain an IP address on the destination network, and with home-type setups you're liable to get endless clashes--how many people run their home LAN on the 192.168.0 subnet? When you send a packet to 192.168.0.4, does your local print server get it, or your friend's voice chat program on the remote private network? I haven't looked at this issue with VPNs enough to know if there are easy established solutions.

Re:Too bad -- design was obsolete

[devilspgd]

Forget explicit routing, instead of 1.2.3.4/5.6.7.8 think of it like class-B routing, it's no better or worse then 1.2/3.4 (just that it's longer).

His suggestion still results in the removal of NAT, and replace it with more routers and more address space.

Unless I'm misreading something, this is IPv6 (Ignoring the other changes that IPv6 introduces)

Re:Too bad -- design was obsolete

[devilspgd]

If a private address is reachable, then why is it still private? Assuming no scarcity of public addresses (IPv6), then make it public and be done with it.

Re:Too bad -- design was obsolete

[uradu]

> If a private address is reachable, then why is it still private?
[...] make it public and be done with it.

For various reasons. Some people and companies feel that certain things should be scarce and/or expensive, regardless of how plentiful they are. To some a public IP address seems to inherently valuable that it shouldn't just be handed out like that. I don't think we'll see a world where IP addresses can be had for pennies or what have you, even with IPv6. Besides, there IS overhead involved with making an address public, since it must enter the DNS system and will occupy router caches along the way. With 32 bits our current internet routing system works. Make it 128 bits and give every light switch, temperature sensor, door know, LED etc. its own address, and the internet will come to its knees.

Having nested packets allows you to partition a private network into its own internet universe, allowing it to use all the same IP technologies and hardware, yet not pollute the public internet with its existence. Look, the current system of public internet/private intranets all using off-the-shelf TCP/IP works great and is exactly what many people like and want--with the exception of port forwarding hacks and such. Consider a nested packet header to be a "hint" to the relevant router as to which machine on a private intranet to forward the packet to, without encumbering the public internet with the overhead of its existence.

Re:Too bad -- design was obsolete

[uradu]

> it's no better or worse then 1.2/3.4 (just that it's longer).

It's arbitrarily long, since you can always partition off another private network off an existing private network and nest another packet envelope to address it.

> His suggestion still results in the removal of NAT, and replace it with more routers and more address space.

My point is that you don't necessarily WANT all IP-based devices to be public. With IPv6 you have 128 bits of address, so let's assume that for whatever obsure reason I want to create a public LED billboard where each LED has its own IP address. And I sell hundreds of thousands of these all over the world. Now I can send a packet to any one of these LEDs in the world to switch it individually. All these billions of LEDs pollute DNS tables and routers all over the world, not to mention the traffic overhead of sending individual packets to each. The point is that just because you can doesn't mean you should.

Re:Too bad -- design was obsolete

[n_are_q]

I don't think there exists a problem with addressing individual machines behind a nat. There are 65536 ports that can be used for this. People will want to run and access services, they will learn about the problems and technology will be developed to help them. Basicly people will know they have to "enable" certain services on their router, and their routers will make it easy for them to do so. RIAA conspiracy theorists will say something different, but who cares about them.

The problem is exposing standard services from behind the NAT by more than one machine. For services like web serving this could be fixed with DNS. Simply add the port to your DNS record www.slashdot.com -> 1.2.3.4:8001.

Another seperate problem is with broadcast protocols like ones used by Kazaa. Suppose two machines behind a NAT want to run kazaa clients. Both want to you use standard kazaa ports. I think the best solution to this problem is a service that will run on NAT'ing routers that on request will describe the local network the way the owner of that network wants to describe it. It will basicly say there are two kazaa clients, one on port X and another on Y, two web servers, one on port X and another on Y, etc. Kind of similar to DNS, because it will have records with standard names with numbers assigned to them. Local DNS if you will.

This could be combined with subnetworking support within IP that you propose, but i think just ports are prefectly enough.

Re:Too bad -- design was obsolete

[mysticalreaper]

The reason he doesn't get what I mean is that with current routers and IP you cannot directly send a packet from outside to address 192.168.1.3 on your home LAN without mapping it to a particular port.

No i get what you mean. I'm just saying that your system is MORE complex than the system we currently have. That is, use public IP addresses everywhere, then just firewall if you're concerned with security. Don't give your 'internal' machines 192.168.x.x addresses, give them 'real' ip addresses. Then, without all this fancy packet mangling and address translation, you have the exact same functionality. Which is how the internet works.

So what i'm saying is i get your idea, but it's completely uneccesary. Just give your internal computers real ips and you're already there, without complex and costly NAT technology, and without a new addressing scheme. The only problem with this idea is that your provider doesn't give you enough IPs. The ISP is actually the one who's dropping the ball here, not the IP adressing system. If the ISP would give you an IP for each host (as the system is supposed to work) then NAT would be entirely unneccessary in the first place, and we wouldn't be in such a state as we currently are in.

Re:Too bad -- design was obsolete

[mysticalreaper]

Okay, you rebutted me well. But there is a failure to your suggestion.

Essentially, you are suggesting that we should separate the application from the address of the other application they are talking to. Excellent suggestion. And in this, i can see your point in how this is MORE separation, and LESS dependancy, which was your original claim.

But here's the problem: Now that you've separated the application from the address, how does the application tell the network where it wants it's data to go? The layers have to communcate, you know. Like, each layer of the OSI model can communcate with the layers above and below them, right? I mean, you can't just COMPLETELY separate things, there needs to be communcation. So the application has to feed the network SOMETHING about where the packet is destined. And so what does it feed the network? Previously, it used an address, an IP address. The application said: "Send this data to this address". Now, what's it going to say, now that you've removed the 'dependancy' of the application on the IP address space?

Let's examine your suggestion: The application should be able to find things based purely on "http://slashdot.org/" and leave any piddling network addresses to the network stack.

Er, but, dns translates into IPs. So that idea is no good. Heh, so this goes back to my snide "proof is in the pudding" comment. You DON'T have a replacement idea in your head. NAT is starting to break the end-to-end principle, which is what the internet was founded upon, and thus, is starting to break the ineternet. If you have a better idea of how the internet should work, let's hear it.

And my contention would be that the current NAT sitution is more complex, more costly, and more complicated that the end-to-end idea. And since it adds no functionality at all, is worse than having no NAT, but proper addressing.

Re:Too bad -- design was obsolete

[mysticalreaper]

Nesting ip addresses has the exact same effect as extending the address space we currently have. As in, we get more addresses. So your system adds complexity without adding any functionality.

In addition to that, the delivery of your packet is now DEPENDANT on the external router which forwards the rest of the way internally, right? So what if that router fails? Well, no one can pick an alternate route, because you've hard-coded in the IP of the gateway router. And suddenly, you're basically telling the internet what route to take to deliver the packet. The intenet DOES NOT work like this by design. For the sake of robustness, the internet is allowed to choose ANY POSSIBLE path to deliver the packet. This allows it to be VERY fault tolerant, precisely the goal of the military-funded engineers who designed the system.

It could be useful to extend the IP protocol to allow partitioning off private intranets with machines that don't have to show up in the (ever growing) public DNS tables, yet can still be addressed individually provided you know where you want to go.

Heh. Poor uradu. That statment doesn't really make any sense. Best to learn of what you speak. More IPs doesn't mean that somehow DNS is going to suffer...

Re:Too bad -- design was obsolete

[uradu]

> The problem is exposing standard services from behind the NAT by more than one machine.

Well, that's exactly one of the shortcomings of port forwarding. As I said, ports were originally meant to identify applications on a machine, not machines on a network. If you use them as machine identifiers, you can't also use them as app identifiers on those machines. You just can't have it both ways without some serious hacking (assigning port ranges to various machines etc.)

Re:Too bad -- design was obsolete

[uradu]

> Nesting ip addresses has the exact same effect as extending the address space we currently have.

No it doesn't. You're talking one global address space versus many private partitioned ones.

> In addition to that, the delivery of your packet is now DEPENDANT on the
> external router which forwards the rest of the way internally, right?

Well, it is dependent on it anyway, since it's the only point of connection between the public and private networks, "the internet" won't be able to find an alternate route anyway. But yes, as I said in other posts, this is essentially a hard-coded route.

> More IPs doesn't mean that somehow DNS is going to suffer...

Really? So how do YOU think IP addresses are resolved--the computer just somehow knows, right? Those addresses don't actually need to be stored somewhere, and there's no network traffic involved in getting them to your computer? DNS is already suffering because of poor system and application configurations, it will only get worse once you increase the number of participants by orders of magnitude.

Re:Too bad -- design was obsolete

[Bookwyrm]

Sigh. You're being very closed minded. Also, you seem to acknowledge that less dependency is a good idea, but then go "Well, this is too hard, so I'm not going to think about how to make things better."

Look, here is how it works.

The applications uses "http://slashdot.org/". That is *ALL* it uses.

When it wants to open up a network connection, it passes the URL to the operating system network stack and gets back, oh, say a socket descriptor. The network stack may *internally* turn this into an IP address (or a MAC address, a GSM cell number, IPv4, IPv6, *whatever*) but since the application is protected from that by only having the socket descriptor as an interface, the application remains independent of whatever happens in the network layer. At this point, the application doesn't care if the URL happens to resolve to an IPv6 address or an IPv4 address or whatever.

Here's a more complex scenario:

1. User A turns on his network device.
2. The network device broadcasts on the default network medium a request for a network level address and the address of a router (MAC/DHCP)
3. The device then sends to the router "I am device "device12.user-a.domain.com", this is my encrypted authentication to use this hostname. Please allow incoming web services and telnet services."
4. The local router forwards this to the next router up until it reaches a (potentially one of many) global network space. Then the DNS server for "user-a.domain.com" is contacted and the router tells it "A device behind me is requesting to use "device12.user-a.domain.com" with these services. I am "router-1.network.net", this is my authentication information for my hostname. This is the authentication information the device gave me to use the hostname and services it requested. This is the network address for these services." The network address could be a set of IP addresses and ports, but that specific IP addresses and ports are only known to the routers and the DNS servers.
5. The DNS server accepts the entry, and associates the new network addresses with "device12.user-a.domain.com."
6. Someone attempts to access "http://device12.user-a.domain.com". Their application passes the URL to the network stack. The network stack sends a look up query on the local network to the router "I need to talk to device12.user-a.domain.com with http". The router forwards the request up its router chain until it finds a global address space that can resolve "device12.user-a.domain.com", where the DNS server hands back a network address which is valid (only) in the global context, saying that at the moment, here is where the service is located.
7. The connection is made from router to router, though more in the style of switching than routing. As such, it can be NAT all the way, every hop if need be. (The end point requests from router-a a connection to a given URL. router-a says "use address-a:port-a on our shared network". *HOWEVER*, when router-a talks to router-b and says it needs to reach that URL, router-b might say "use address-b:port-b on our shared network." When router-b talks to router-c... etc.
8. At this point, the networks are separated and independent of one another in terms of protocol and address space (you could be running IPv4 to IPv6 to ATM to IPv4 to IPv6 without any network knowing about it) and the applications are protected from the changes as well. You even solve the damned roaming problem. (Say device-a was connected to the router "point-1.coffeeshop.com", and the DNS entries for the device now pointed to coffeeshop.com's external router. device-a roams from point-1.coffeeshop.com to point-2.coffeeshop.com. The local router(s) inside coffeeshop.com just have to do an internal update to the local NAT to route the traffic to device-a, but since the *external* address, as far as the world is concerned, has not changed (due to NAT), from the external world, no loss of connection has happened. Tweak device-a's n

Re:Too bad -- design was obsolete

[n_are_q]

Well there's 65k of them and who cares what they were supposed to be when they were created.. but ok maybe for a huge corporate network that wouldn't be enough. You still need the other part of the solution - a way of leting the outside world know those "public" services exist. Who knows if your subneted network is running on the 10.* block or the 172 block and what exact ip's in those blocks it uses. That's the real problem.

Re:Too bad -- design was obsolete

[Eric+S.+Smith]

When IPv6 takes off, ISPs will be able to give out as many addresses as they like without incurring significant costs.

Of course they'll incur a significant cost -- more hosts per customer means more traffic per customer. Some ISPs already forbid attaching more than one machine. IPv6 will not cause them to become more agreeable.

Re:Too bad -- design was obsolete

[Zak3056]

First off, the initial gun powder weapons were BUILT as muzzle loading, single shot weapons. I can certainly sweep this fact aside as "outdated". This does not say that the black powder weapons were NOT successful in their time, but now, they would not go anywhere. Really.

Modern "black powder" (actually, they use Pyrodex now) weapons are currently made in large numbers--and are VERY successful commercially. Really. :)

Most of these weapons are not replica antiques, either (though some, of course, are) but rather involve modern design, manufacturing, and features. Most US states have special "black powder only" hunting seasons as well, which will continue to drive their popularity.

For an example, see Knight Rifles.

Re:Too bad -- design was obsolete

[Bookwyrm]

Ah, well. Live and learn.

Re:Too bad -- design was obsolete

[dubl-u]

Of course they'll incur a significant cost -- more hosts per customer means more traffic per customer.

I'm not sure that's an "of course". Although I'm TVless, my family back home has a number of TVs. I don't think much more television-watching gets done when you add multiple TVs to a house, and I think home computers are already going that way. The first wave of internet appliances failed, but with 802.11 becoming so common, the $300 small terminal in the kitchen becomes more reasonable. Ditto for the internet-enabled appliances.

Some ISPs already forbid attaching more than one machine. IPv6 will not cause them to become more agreeable.

Yep. Some do that to squeeze money out. Some do that because it may really correlate with their costs. (It would for business lines, for example.) The first approach will be less tenable if we end up with good broadband competition.

The second, using IP addresses as a cheap correlate for bandwidth usage, may make sense for some. But if bandwidth is the issue, it's better just to charge for that; it mainly takes better accounting and billing systems. An active file trader probably uses 100 times the bandwidth of somebody checking email, so just number of IPs probably doesn't correlate so well in the home market.

Re:Too bad -- design was obsolete

[dubl-u]

IPv6 doesn't solve the problem of how to reach private addresses, it merely provides tons more public ones to eliminate the need for private ones. Except the lack of public addresses isn't the only reason for the modern use of NAT anymore.

Is there another reason besides security? If so, that's not a big reason; you can still have NAT-style security (dynamic approval of outgoing connections but static configuration of allowed incoming connnections) without a lot of work.

with home-type setups you're liable to get endless clashes

The typical solution here is to have the VPNs set up to do some remapping. Technically, this strikes me as ugly, but a lot less ugly than redoing IP to accomodate bang-path routing. And people have been doing it on a large scale for at least ten years, so the problems are pretty well understood.

But if everybody needs to talk to everybody, the real solution is to give everybody a routable address. Anything other than that is a hack, and hacks grow increasingly expensive over time to maintain, as you have to code for the base layer, the additional hack layers, and all of the weirdnesses that the hacks result in. One fine example is this SpeakFreely package; the thing that pushed him over the edge is trying to deal with the hack of NAT.

Last chance to see

[Scrameustache]

For God's sake, search for 'speakfreely' in your own engine. It returns ONE result! The same damned article!

You're not thinking like a /. editor, to them this is their last chance to slashdot that server to oblivion!

Re:Last chance to see

Why do you call them "Editors"

They do not edit... Fuck, most of 'em can't even spell.

They accept postings and link them to the front page. Remember, they provide no original content here, just relinking...

it's a "Dynamic Bookmark" website for most of us.

Re:Last chance to see

[babbage]

You're not thinking like a /. editor

Since when do /. editors think?

I thought that, aside from Pudge, the whole scheme was to be as anti-journalistic integrity as possible. Clearly, thinking about their jobs would run counter to that...

</troll> :-)

So, since I'm already whining about journalistic integrity, would it have killed them to come out and say what Speakeasy is / was? As is too often the case, this writeup leaves me none the wiser as to what they're talking about, or why anyone should care...

Re:Last chance to see

[hkmwbz]

Well gee, what could it be... Perhaps they actually choose what is posted on the site and therefore do the job of an editor? Do you think the editor in a newspaper writes everything himself?

Speak Freely does hard encryption

[MichaelCrawford]

I can understand why development is stopping, but it's important to understand that Speak Freely is still a valuable resource to the community.

Why? Because speak freely does voice over IP with hard encryption. I don't know of any other VoIP product that does that.

So if you care about your privacy, and have the time and skill, get the source code while you still can, and make a new generation VoIP product that addresses the problems in Speak Freely while continuing to provide hard encryption.

If you wonder why you should bother, read Why You Should Use Encryption.

Thank you for your attention.

Re:Speak Freely does hard encryption

[gnu-generation-one]

"Because speak freely does voice over IP with hard encryption. I don't know of any other VoIP product that does that".

You do now!

Re:Speak Freely does hard encryption

[Snocone]

...does voice over IP with hard encryption. I don't know of any other VoIP product that does that...

Michael, meet X-Cipher.

X-Cipher, meet Michael.

http://www.xten.com/proto/index.php?menu=products& smenu=xpro&ssmenu=xcipher

Re:Speak Freely does hard encryption

[Fnkmaster]

Which unfortunately is in exactly the same position as Speak Freely is - it was a great VoIP+strong encryption program back in its day, but it's not being currently maintained, it's probably fairly hopelessly out of date (APIs have changed, standards exist that didn't and so on), and nobody has picked up maintenance of a fork of it.

Also, PGPFone is copyrighted and though the source is available, it is essentially just source-available abandonware as there is no appropriate Open Source license for it, as best as I can tell.

So if somebody wanted to create an up-to-date VoIP+strong encryption program, they'd be much better off to use Speak Freely as a base, or at least as a source for code snippets or inspiration than PGPFone.

Re:Speak Freely does hard encryption

[God!+Awful+2]

Why? Because speak freely does voice over IP with hard encryption. I don't know of any other VoIP product that does that.

What the hell is hard encryption? Is that the same as strong encryption?

-a

Re:Speak Freely does hard encryption

You might also try psst.sourceforge.net for voice encryption and chat.

One method...

[topham]

One method which works on some NAT routers is pretty simple:

Output a packet via UDP to a particular IP address and port number. The NAT setups I've used will log that, and subsequently allow incoming UDP packets from that IP address and port number. If both machines negotiate via a third party and then trade such packets blind they can then start communicating. Note: some of the UDP packets will be lost at the start of the process... doesn't matter, not a problem.

Re:One method...

[danknight]

Yea.. But he is not talking about your NAT box, he is talking about the trend of ISP's using NAT and giving users non Routable IP addresses. Sort of like AOL. I Suppose you could just call your ISP Customer service and ask them nicely to open up Port XXXX on thier NAT for your 192.168.X.X IP that they assigned you :)

Re:One method...

[zcat_NZ]

I was just wondering about that..

particularly, I was wondering this; if both ends swap IP and port numbers via a third party such as the LWL server, they should be able to blindly send syn and and packets at each other as if they were setting up an outbound connection from both ends. The NAT devices (router, ISP firewall, whatever) both think they opened the connection and once it's open it's all just packets, right?

Re:One method...

[Nkwe]

Output a packet via UDP to a particular IP address and port number.

This is the problem. There are fewer and fewer individuals out there who have a static (particular) IP addresses. Ownership and control of static addresses is moving from individuals to companies. When no individual has a static address then you have to rely on some company somewhere to host the static IP address and to "route" your connection (VOIP call, etc.) for you. When this happens you have given control of cost, content, and privacy to the company with the static address. This is a bad thing.

Re:One method...

[osgeek]

I've thought about trying that one, but the problem is this: Let's say that you have two networks, A and B. Say you send a UDP packet from a host on A that has source port 100 and destinatio port 5000, NAT firewall A will translate that to some other source port, say 535. That packet will then bounce off of NAT firewall B because a connection hasn't been opened yet on port 5000. When a host on B goes to try to open the fake UDP pathway, how is it going to know to use port 535 on the A NAT firewall that will map back to port 100 on the original host machine?

I guess you could have the third party machine get the fiewall source port of A (if you send your opening packet to it instead) and pass that on to B, but wouldn't most NAT firewall writers check to make sure that all mapped ports are remote address specific? That is, if 23.34.55.66 is where my host A sent its original UDP packet to, I'm not going to accept responses from some other IP address.

Re:One method...

[sigwinch]

There are fewer and fewer individuals out there who have a static (particular) IP addresses.

That's what dynamic DNS is for. Set up a name with the DNS provider, then tell them your new IP whenever it changes.

Re:One method...

[SmilingBoy]

I guess you would have to swap a few more things than IP and port numbers if there is a proper firewall in the way, but I believe that it should be possible - I am not sure if it would work with a standard TCP/IP stack though as you would have to send a SYN/ACK withouth having received a SYN. What would need to happen is the following. You have two computers behind NAT that want to speak to each other, A and B. You have an "enabling" public server C. A and B exchange IP addresses/ports and the ID of the SYN packet you are going to send through C and then agree on a time (i.e. in 0.1s) when you would send SYNs and SYN/ACKs. This should trick the firewall and NAT router into thinking that the SYN/ACKs are the replies to the SYNs sent earlier and open a connection. The problem could be that a firewall could drop outgoing SYN/ACKs without having passed through a SYN before. It might be easier with UDP (which would be good enough for VoIP)? Disclaimer: I don't really know the details here - are there any TCP/IP and firewall wizards around who could see whether this would be possible?

Re:One method...

[drinkypoo]

There are a number of ways to handle this. On linux, a custom iptables module could be constructed. On just about any Unix net filtering package, mangling rules could be used. On linux, or assorted small router devices, one could use uPnP, which while not secure in any way is certainly functional. (There is a upnpd for linux; it works, though not amazingly well last time I checked.) There are the rules you suggest. There are permanent port forwards.

Giving up simply because people are having problems with firewalls is silly. It's true that supporting some or all of these methods would add complexity to the program. However, it's not like he's taking the code away; It's on sourceforge (as per the webpage.) So who cares? If you want it, work on it. It's not like it doesn't work right now. Perhaps the way to go is to somehow merge it with bittorrent. Then you could use public bt trackers to initiate communications. Of course, ONE of you is still going to have to be able to punch through a firewall to do so.

Re:One method...

[SmilingBoy]

I guess you could have the third party machine get the fiewall source port of A (if you send your opening packet to it instead) and pass that on to B, but wouldn't most NAT firewall writers check to make sure that all mapped ports are remote address specific? That is, if 23.34.55.66 is where my host A sent its original UDP packet to, I'm not going to accept responses from some other IP address.

Well, you use a third-party server to find out the IP address and local port of the other side - and then you just start sending UDP packages. The first few will be lost, but then it should work.

Re:One method...

As others may have pointed out (but none very clearly, from what I've seen), that's not a problem.
A third party needs to exist that will allow the two people to "meet" and exchange IP addresses (hell, you could do that over AIM/ICQ/IRC/whatever).
And don't try to tell me that there isn't a way to find out the "public" IP address, becasue there are plenty of sites that will tell you what your public IP address is.
Now, I'm not sure that the connection grafting (that's my image of it) would work, but it's a novel idea.

Re:One method...

[ls+-lR]

Yes but now you get to reimplement all the useful parts of TCP, such as reliability, retransmissions, rate control/exponential backoff, fragmentation and out-of-order reassembly, 3-way handshake to prevent spoofing, etc. That kind of thing belongs in the kernel or protocol stack, not the application. For some situations it's not needed, and perhaps VoIP is one of them. But there are still lots of things (like p2p file transfer) that need all of the above, and to say "Oh just use UDP" is really a non-solution.

Re:One method...

[topham]

Most programs doing audio over the internet ARE based on UDP.

TCP is inappropriate for voice in most circumstances. TCP's extra overhead and reliability of transfer are counter productive to sending audio. Missing a single packet or two is not a big deal, but re-trying transmission repeatedly untill success would cause significant stutter and or delay in an audio application.

Re:One method...

[dubl-u]

Well, you use a third-party server to find out the IP address and local port of the other side - and then you just start sending UDP packages. The first few will be lost, but then it should work.

No, it can't work if both are NATed. Here's why:

Start with the case of one NATed box (call it A) and one with a real IP address (B). They meet on a real server, and B gives its address and port. Call it 12345. So A sends B a packet from port 10000 to B's port 12345. A's NAT box notices this, remaps 10000 to, say 20000, and remembers that packets from B on port 20000 are for A's port 10000. Then it sends it on, and all is merry.

So now imagine that B gets stuffed behind a NAT box. A and B meet again and try to swap address and port numbers. The server can figure out the IP addresses of both NAT boxes, so A could send out a packet to B's NAT box. But what port does A send it to? And how will B's NAT box know that the packet goes to B?

As far as I can see, there's no way for this to work without B being able to tell the NAT box to forward a particular port.

Re:One method...

[Nkwe]

That's what dynamic DNS is for. Set up a name with the DNS provider, then tell them your new IP whenever it changes.

Perhaps I should have been more specific. By static IP, I also meant Internet addressable or not NAT.

The issue is not one of name resolution, but rather one of the ability to connect to.

Re:One method...

[SmilingBoy]

You are correct. I hadn't thought of the port remapping. How do NAT boxes usually remap ports? Could you infer something from the packets sent to the negotiating server? IE, if the remapped ports are always increased by one, you could try and guess the next port that will be sent from? And if you have a good guess a couple of times (always trying with a handful of ports), there might be a good chance that a connection can be established. Sounds a bit dodgy but it could work...

Re:One method...

[internet-redstar]

Using an external source to find out the port numbers is the way it can be implemented the best.

How this is done for SIP-based VoIP - THE STANDARD FOR VoIP. Can be read on this interesting document (page 13 and on are the parts you want to look at).
Basically it works as you described. The third party is called a 'NAT proxy', which forwards the necessary external port numbers and communicate that information with the clients during the communication initiation phase. But it doesn't work for 'Symmetrical NAT'.

For Symmetrical NAT, a so-called 'NAT proxy' is being used to forward the

Re:One method...

[ysachlandil]

Have you actually read the comment before responding? What the previous poster is saying is that sending a UDP packet out of a NATted net will create state that allows inbound UDP traffic with reversed src-dst. This works regardless of where the NAT happens or who configured it.

Multiplayer games have been doing this for years. The author of the originating post suggests using a publicly reachable server to negotiate the portnumbers to use, an alternative is to use high udp ports, eg: I send a UDP packet to your NAT gateway with src-dst ports = 30000. My NAT gateway translates the source IP to its IP, but leaves the source port the same (lazy translation) since it isn't used yet. This packet hits your NAT gateway and is dropped (out of state). But if you send a UDP packet to me at the same time, using the same src-dst port 30000, your NAT gateway will do the same translation, and after a couple of dropped packets, both NAT gateways will pass all UDP packets. (NAT gateways usually assume UDP traffic is bi-directional, so this works)

The net result is that you and I are communicating even though we are both hidden behind NAT gateways.

See http://www.doxpara.com/Black_Ops_Hivercon_Final.pp t slide 65 for source material and more hacks

--Blerik

This could happen to any OSS software.

[perotbot]

If Linus said "I've got my family to raise, and a life to lead without being called Messiah by everyone jumping on the bandwagon,and this isn't fun anymore. you know what? I'm done. " We (/. and others) would be doing two things, one mourning the lost of our "leader" and secondly, trying to find a way to keep development going without said leader. SpeekFreely is the work of one person, if someone else thinks they can fix the problems identified (NAT issues. major code rewrite), then by all means grab the CVS code and fork another project away from the original, that's the point of OSS, you can STOP and if someone thinks it's worthwhile, they'll continue it.

Re:This could happen to any OSS software.

[The+One+KEA]

The difference between this and what you describe is that if Linus decided to step down, the community would spontaneously force an election of someone to take his place. Some of the people I could think of off the top of my head include Andrew Morton, Alan Cox, and maybe Dave Jones.

Sure, Linus quitting his role as the titular developer of the Linux kernel would be pretty bad, but it would never lead to an EOL of the Linux kernel.

Re:This could happen to any OSS software.

Linus isn't going to step down without appointing a successor.

Unless he's trying to kill his own kernel. Which he couldn't even do if he wanted.

Re:This could happen to any OSS software.

Some of the people I could think of off the top of my head include Andrew Morton, Alan Cox, and maybe Dave Jones.

Steve Jobs, man! Steve Jobs!

Re:This could happen to any OSS software.

[aethera]

You should read "Illusions" by Richard Bach. It's kind of campy Christian fiction, but its from the Vatican council II days, so it's a lot more optimistic and progressive thinking than today's evangelical christian pulp. It's central character is a Messiah who on his second time around decides this isn't fun anymore and quits. The wording and style of your post immediately made me think of the book, though I haven't read it in years.

Re:This could happen to any OSS software.

[ls+-lR]

One of the main differences though is that SpeakFreely required a central server to organize everything, which every client connects to. In other words, you can easily go off and use the linux kernel without anybody running a central server. But to keep this project running someone would have to step up and offer hosting and bandwidth for it, and be prepared to fund/support that.

Hmm.

[Faust7]

RTFA

You're new here, aren't you?

Re:Hmm.

[DAldredge]

You are too.

Re:Hmm.

you are teh flamebait

Since I can't reach the site

and I know nothing about the software, I will assume it is some sort of new, better webserver that someone invented while having their morning coffee.

Re:Since I can't reach the site

[tsaler]

It's Voice-over-IP software. Like the "Talk" function in AOL Instant Messenger, just long before that was added in to the popular IM programs. I remember using it years and years ago with a friend of mine in Nebraska (I was in Indiana at the time). We both played guitar, so we would play back and forth & exchange ideas and suggestions. I still have a copy of the program, if not on this machine, then on my old Windows 98 desktop. I haven't used it in a long time, but I do remember it well, and I'll be a little sad to see it go.

sorry I missed it

[timothy]

unfortunately for me, the program's author spells it as "Speak Freely" rather than "speakfreely," and as a result the search engine doesn't actually find that article when searching on the name.

timothy

Re:sorry I missed it

[pi_rules]

Sorry... my words were rather harsh becuase I've used the "email ahead" feature once or twice about dupes and it's ignored. I don't have access to my email else I'd have tried to.

I originaly searched for "Speak Freely" myself but tried the alternate when I didn't see the dup come up right away.

Re:sorry I missed it

[jacrawf]

Perhaps y'all should consider implementing a feature which checks all the URLs in a given post and compares that to an index of URLs used in past posts and warns you of a possible duplicate.

This would work great for sites like Slashdot, because the important content of 98% of the "articles" posted is not the text, but the URLs they link to. Since Slashdot is basically a link filter, filtering the links directly for duplicates makes a lot of sense to me.

Re:sorry I missed it

[Overly+Critical+Guy]

Hey, this is off-topic, but I just wanted to say it's great that you replied, admitted the mistake and apologized. Seems like a little thing, but most of the time it feels like the editors don't listen to us, and direct interaction with us even in a little post like this is nice.

Re:sorry I missed it

[thinkninja]

Here, here! I think Timothy is one of the few editors that actually gives a damn.

Re:sorry I missed it

Umm, except that /. regularly reposts The Reigster articles, Groklaw articles, the New York Times, etc. etc.

Sure, it would work if it was based on the whole URL, but then it wouldn't work for

http://slashdot.org/
vs
http://slashdot.org/in dex.pl

Also, to make it sane speedwise you'd need to index the URLs themselves.

Also, it would generate a lot of false positives if the submitter is anchor-tag-crazy and puts links to homepages of various parties involved in the story (eg http://www.apple.com for an Apple story).

Re:sorry I missed it

Slashbots have yet to legally or morally justify pirating an artist's music.

Psst... Your sig is a tautology. If pirating were legally justified, it wouldn't be pirating! If you want examples of legally copying an artist's music, there are plenty.

Re:sorry I missed it

There was evidence to prove that Overly Critical Guy is a lying cocksucker, but he deleted it. Think independently.

Did anyone else..

[michaelhood]

read this as "Speech Freedom To Be Withdrawn"? I figured Patriot Act 7 was here.

Posting this now is VERY appropriate

[Ungrounded+Lightning]

Dupe. ... For God's sake, search for 'speakfreely' in your own engine. It returns ONE result! The same damned article!

That posting was last September.

John is taking the archive down next Thursday. (Possibly Wed night - he's in Switzerland.)

A reminder post now, when we still have a few days to grab the archive, is VERY appropriate.

(Thanks, Timothy!)

Re:Posting this now is VERY appropriate

[110010001000]

Grab the archive? Its on sourceforge.

Do not despair, gentle readers

[aardvarko]

Your right to speak FREELY has been revoked. Your right to speak in DUPLICATE, however, is still flourishing wildly!

Re:Do not despair, gentle readers

[Limburgher]

Your right to speak FREELY has been revoked. Your right to speak in DUPLICATE, however, is still flourishing wildly!

IPV6 and NAT

[LinuxInDallas]

He mentions that with IPv6, NAT will not be required because the address pace will be so much bigger. Does anyone know if the costs in obtaining your own static IP would then drop dramatically? I mean, will it be financially feasible for most of us to get a static IP when IPv6 is in full use? Most of us would need at least several.

Re:IPV6 and NAT

[The+One+KEA]

The problem is getting IPv6 distributed all the way down to the last mile while simultaneously eliminating all of the legacy hardware and n00bish software that won't allow it. With enough time, energy, and money, I suspect that in 10-15 years IPv4 will be dead.

Re:IPV6 and NAT

[YellowSubRoutine]

I currently have a /64 of ipv6 space, totally free. I probably could give every bit of ram in my home a private ipv6 address. (that's an obligatory remark)

Of course it's trough some tunnel broker (thanks sixxs!), but it works.

I think if ipv6 penetrates the enduser-market in native mode (won't happen 'till cisco and MS say so), most isp's will give in.

After all, they're currently denying you a static ip (if they are) because they're short of them themselves, and a pool of dynamic ip's can serve more users (since not everyone is online at the same time)...

Re:IPV6 and NAT

[J.+T.+MacLeod]

Unfortunately, the shortage of IPs really has little to do with the static/dynamic problem.

If you are a broadband provider, you CANNOT oversell relative to your IP space.

It has a lot to do with the fear of the corporation heads that someone might be be running a server, or some other malicious abuse of bandwidth (can detect my sarcasm?)

Re:IPV6 and NAT

IPv6 probably won't be the answer.

I currently have 5 IPv4 addresses, but I only use one due to the limitations of the cheapy NAT boxes available. (Don't blame me - my ISP only sells 5 static or 0 static, and I need 1 static.)

Even with IPv6, users will still want "firewalls" to protect them from the networm of the month, and that still means port-forwarding if not NAT.

Re:IPV6 and NAT

[willtsmith]

Businesses only RAISE prices. They typically don't lower them. The notable example is technology. But even then, they typically just cycle the older stuff into "value" categories while the newest stuff gets the premium price of the previous generation.

IP addresses are a commodity. From that standpoint the price will go down for ISPs and Backbone providers to buy IP addresses. But they must upgrade their equipment to IPv6, thats a BIG investment.

The likely scenario becomes that they will RAISE the cost of new IP addresses to justify the cost of upgrading to IPv6. Just like the music biz justified $20 CDs due to "new technology" costs. Of course, they never lowered the prices. They simply pocketed the difference. Thats called business.

The best thing us consumers

Re:IPV6 and NAT

[ari_j]

You can firewall with globally-routable addresses on the inside just fine. I don't see how this would be any different with IPv6, except that msot home users are still going to prefer a single NAT/firewall/router box to a two-layer system. But with IPv6, there should be enough addresses to give every person more than he has room for hosts in his house, microwaves included, so why not remove the NAT feature and make it a firewall/router applicance?

Re:IPV6 and NAT

...After all, they're currently denying you a static ip (if they are) because they're short of them themselves...

Not really. They're denying consumers static addresses because they want control and they hate freedom.

Re:IPV6 and NAT

[Wesley+Felter]

I think if ipv6 penetrates the enduser-market in native mode (won't happen 'till cisco and MS say so), most isp's will give in.

Cisco and MS said yes to IPv6 a while ago, but it's still not here, so there must be some other reason.

Re:IPV6 and NAT

[Wesley+Felter]

IPv6 addresses are practically free, but "consumer" ISPs still won't give them to you.

Re:XP would have saved it

[Shut+the+fuck+up!]

XP would have saved it [extremeprogramming.org]

Would that be the single user version of XP? You know, the one where you only have one programmer.

1996 will be a very exciting year for the WWW.

[Doc+Ruby]

How about a Slashdot search engine that accepts boolean operators and phrases? Or searching on a phrase plus other fields in the comment/story's DB record, like author, date, topic/section? A better search engine would use less server resources when searching, and members could search their own post history to link a new comment to an old, but still relevant, point. Slashdot's server seems to use something like the ancient "swish" freeware. This post is practically a quote of a similar email I sent to a customer back in 1995! These features are coded by Slashdot users every day. Who will help me add it to the Slashcode? Who at Slashdot is interested in rolling it out at Slashdot? I'd rather code than complain.

Re:1996 will be a very exciting year for the WWW.

How about a reply form that handles white space on it's own, instead of the user needing to input returns...

Re:1996 will be a very exciting year for the WWW.

[Doc+Ruby]

I think Slashdot is a good place to recruit a team for a Slashcode feature upgrade, so I'm inviting you to help me to help them.

Re:1996 will be a very exciting year for the WWW.

[newshooze]

Allow me to issue the first query
*(!goats.cx)

looks like..

Speek Freely is being withdrawn from the internet a bit earlier then expected.

Re:My wish

What? Are you all scared?!?

Sweet! Karma-whoring here I come!

All I have to do is find highly-modded posts from the previous discussion and cut-and-paste them here! Instant karma for me, he he!

No news from nerds on orphans

[Doc+Ruby]

What's the difference between geeks and nerds? Are nerds better communicators? This "goodbye" letter from SpeakFreely's inventor is good form, even useful documentation. It would be perfectly appropriate on the , but there's nothing. The farewell will be lost to those just picking up this orphaned project. So they won't know its heritage, its allergies, or its Dickensian origin. While a bit tearjerking, those mysteries will also contribute to the demise of this worthy contender in the VoIP evolution game. All of which could be mitigated by this little note on the little bugger's basket, in the project news page, where its new family can find it. Leave the orphan on the doorstep, not behind the dumpster.

That's too bad

[Do+not+eat]

SF is a great program. It's not graphical bloatware, it supports many compressions, it's somewhat modular ... I've spent countless hours getting a stable 2-way voice comm over a 33.6 dialup link, back in the days, and it actually worked at some point (the rest of the time it didn't, which prompted me to change from AOL to an Internet provider. Thanks SpeakFreely!)

When I discovered I could have a voice converstaions with anybody in the world, I was so excited I picked up my phone to tell my friend!

Re:Okay, an offtopic question.

Post this sort of thing to ask.slashdot. It probably wont make the main front page, but i can see it getting posted under the ask. section.

Re:XP would have saved it

[__past__]

This is slashdot. Pairing with yourself is not something unusual for most people here.

It has been open-sourced for over a year.

[jabbo]

If a person qualified and motivated to pick up development was out there, one might imagine that a full calendar year would be enough time for them to orient to the code, and resume hacking on it.

This does not appear to be the case.

Of course, if you are a slashbot who neither reads nor digests articles, I guess it is unreasonable to expect your opinions to be well-formed, relevant, or useful. I sincerely hope you are not one of the people clamoring for better editorial controls at Slashdot, if you cannot be bothered even to read the 'why' document (it's short, no big words... could even Ctrl-F for 'Sourceforge').

Re:Okay, an offtopic question.

-Pr0n at the touch of a button.

-If its a windows box, then CTRL-ALT-DEL on just one button is really a time saver.

Re:NATing Off Customers

[danknight]

Yea,, but as he pointed out the percentage of internet users verses internet consumers is quite different. I.E. your isp could give a S#*! if they lose you, an internet USER . you probably suck up more bandwith than 50 internet CONSUMERS ! Remeber, the internet did not exist before Al invented it and before Bill invented the PC thingey that you can now buy at WALL MART. Also if you know how to get a SHELL or if you know any commands such as 'NET SEND' you're probably an EVIL hacker anyway and will likely be barred from using computers by your govrenment anyway (As Soon as our corporate funded government finishes assimilating your government)

BOFH keymappings!

[arubis]

Stop button: shutdown -h now Die!

Other commands to map in and have fun with...
rm -rf *
killall -9 $0
cat /var/spool/mail/$0 | sed 's/Boss/ass/g' | mail -s "Found this, may be interesting" boss@work.com

Plenty of fun possibilities!

Re:BOFH keymappings!

[aardvarko]

Along the same lines, how about an RIAA button?

nohup 'nice --15 "find / -name \*.mp3|xargs rm"'

Wake Up, folks!!

[luck-is-for-rabbits]

John Walker, the creator and for years the principle maintainer of Speak Freely, posted the EOL message months ago, and since then the Speak Freely community has been organizing ways to continue the project and extend the lifetime of the software.

As a long-time user (since 1997) of Speak Freely, I can attest to the care, overall quality and highly useful nature of this package. It has not merely saved large amounts of money, but changed the very nature of the way I conduct communications with friends and collaborators around the world. I am sure it has done so for a great many others as well. New mailing lists have been established to replace the old, and at least one online forum has been offered as another place to carry on discussion about Speak Freely.

Overall, news of the demise of this package is greatly exxagerated. While the founder is leaving, it has already found new homes, with three projects on sourceforge, and developers working on other efforts as well.

This is a natural development in many OSS projects, the orginator sees less utility in the project than others do, and they are free to pick it up. Rather than mourn the loss of this excellent software or wring my hands over the end of OSS, I believe this is in general a healthy develpment, and I'm looking forward to more years of using this package.

Re:Wake Up, folks!!

[willtsmith]

I would suspect that university profs could set their students in motion as part of their classwork.

If there is one group who can benefit, it's geeks who have absolute control over POWERFUL hardware. They can save their department long distance $$$ and use it to pay grad students and project students.

Hence it becomes a self sustaining endeavor. The money saved through Speak Freely is used to subsidize more Speak Frely development ;-)

Re:NATing Off Customers

[willtsmith]

Al Gore never claimed he invented the internet.

Quit believing the right wing media.

Re:Okay, an offtopic question.

[SharpFang]

2004-01-11 20:13:26 Nerd "multimedia keyboard" setup. (askslashdot,upgrades) (rejected)

SOCKS

[GeekDork]

'nuff said. Anything that can make ICQ work properly behind a NAT machine must be good.

Re:Al Gore.

[danknight]

It's not so much weather I belive it (It was a joke, and an old one at that) but what the average internet CONSUMER belives. And Seriously, NATing of users could be the answer to all kinds of 'problems', P2P comes to mind. Here is an interesting question, if say Comcast decided t NAT all thier customers. how many would notice the difference? Those of us who would notice would be wasting our breath with customer support. (Ever argue with them that the internet wasn't just the WWW ?

omfg you are so leet

except every one of your crappy open source desktops has emulated the windows start menu.

Re:omfg you are so leet

Dude, you can keep your Microsoft Bob. No-one wants him, really.

Re:omfg you are so leet

[orasio]

Kde is a bad copy of windows, ok, but not everybody uses desktops, It was nice, but many of us find no use in the desktop metaphor, Metacity + shortcuts, and Gnome's alt-f2 is ok for me, not adding clutter to my display.
I too think that those attempts to mimic windows are lame (KDE, openoffice) I think time should be spend doing things better, not just as bad as they are in the MS world.

Re:Okay, an offtopic question.

[temojen]

An answer vaguely on topic...
You might also link one of these to multiple failed xlock passwords.
don't forget to make it run nohup.

#!/bin/bash

su <<EOF
(rootpassword)
wall "Ack! someone's breaking in the door!"
dd if=/dev/urandom of=/dev/hda

EOF

----------------
or, more realistically,

#!/bin/bash
# this script does not assume that it will run to completion
# so it tries to prioritize. It also has never been tested.
su <<EOF
(rootpassword)

wall "Physical Security Compromized!"

# Kill encryption keys.
killall -TERM\
/usr/bin/gpg-agent /usr/bin/ssh-agent /usr/local/bin/speakfreely\
/usr/bin/kgpg /usr/bin/ssh /usr/bin/sshd
umount -f -d (any cryptoloop filesystem)

# Dispose of accidentally saved data
# Comment out the first two lines if you don't use TmpFS
rm -rf /tmp/*
umount /tmp
swapoff /dev/hda2
dd if=/dev/urandom of=/dev/hda2

# Warning: if you don't use TmpFS for /tmp,
# you need to do something here to clean & scrub /tmp

# make sure we can start up cleanly.
mkswap /dev/hda2

# Shut it down

/sbin/shutdown -h now

EOF

Reasons are various?!

[uradu]

He hates NAT and that's pretty much it. Oh, the software has also degenerated into spaghetti code over the years, but if he didn't hate NAT so much it almost sounds like he would rewrite it from scratch. Now please, everyone, could we kill off NAT so Johnny Walker starts speaking freely again?

Re:Reasons are various?!

[0x0d0a]

Frankly, I think there are few geeks that aren't fed up with NAT. NAT is a last-ditch technical hack to avoid address exhaustion that has now turned into both a severe impediment to the reliable functioning of huge amounts of Internet-using software and into a tool to allow price discrimination between home and business users -- after all, home users don't need to do anything but fetch email and fetch web pages, right?

I agree entirely with the author. It's incredibly frusterating to work around what's happening on the Internet. There are a lot of ways to pull it off, but they themselves are hacks and frequently involve introducing inefficiencies.

The fact that NAT is being used as a security tool says more about the pitiful state of out-of-box Windows IP security than anything about its actual value.

I've seen articles written by many, many frusterated computer scientist types. Stuart Cheshire (author of the famous Bolo and has written a couple of nice articles) has a particularly vitrolic set of responses.

He's sick of having to troubleshoot problems introduced by other folks. I can understand that.

Frankly, I'd never get services with a provider that required me to pay extra for more IPs or tried to get me to use NAT. The ISP I use, Telerama considers unlimited IPs (though only two statics) to be part of the basic DSL home package, which I consider pretty much what folks should be expecting from their ISPs. They don't do any of this ridiculous port blocking that has become increasingly popular.

Re:Reasons are various?!

[uradu]

You're preaching to the choir, but that doesn't help anybody. Instead you have to work with what you have. I'm also not aware of any ISPs that encourage NAT use--quite the opposite actually, I hear of many that are starting to crack down on home NAT use. This is usually in order to sell you multiple IP addresses instead, or--even more ludicrous--multiple cable modems.

> Frankly, I'd never get services with a provider that required me to pay extra for more IP

Must be nice, the world you're living in. Around here (US) broadband providers are a very scarce resource--they own YOU, you don't own them. Where I live I have a choice of cable or DSL, and both providers SELL additional IP addresses.

Re:Reasons are various?!

[0x0d0a]

There are at least four here in Pittsburgh that cover my area, one of which is Telerama.

Re:NATing Off Customers

[StenD]

From the transcript of Vice President Gore on CNN's 'Late Edition', March 9, 1999

GORE: Well, I will be offering -- I'll be offering my vision when my campaign begins. And it will be comprehensive and sweeping. And I hope that it will be compelling enough to draw people toward it. I feel that it will be.

But it will emerge from my dialogue with the American people. I've traveled to every part of this country during the last six years. During my service in the United States Congress, I took the initiative in creating the Internet. I took the initiative in moving forward a whole range of initiatives that have proven to be important to our country's economic growth and environmental protection, improvements in our educational system.

I didn't realize that CNN was part of the right-wing media.

It DID happen to another piece of software

It was an IP-address anonymizing service.

It was called IPFreely.

DNS vs. NAT-castaways

[Doc+Ruby]

John Walker' jeremiad for the Internet claims that pure peer-to-peer archtecture (not client/server) of the Internet is being pushed to extinction by NATs. Behind NAT routers, hosts have private "IP" addresses, which are not routed (or visible) to the Internet. That makes John say, in effect, that it's not the "Internet", which is true by definition: a network of networks, with all hosts visible.

But that's just a definition - finite, by definition (forgive my recursive pun ;). I remember "bang paths" for mail routing on (D)Arpanet (forgive the cryptic pun ;). The Net is now more defined by names than by numbers, which shows the humanization of the tech into a medium for people, rather than a device for machines. The DNS space is unified. Perhaps IPv6 might have forestalled the rise of NATs, with its larger/flexible address space and security. But NAT gives me the freedom to treat my entire network as one multiprocessing host. And its nobody's business, from my broadband ISP, to the person calling me, to the FCC, what I'm running in my closet. NAT+DNS preserves the open Internet, while giving me control of my appearance on it. SpeakFreely's code, by John's own admission, is not translating well through time and revisions. It's not adaptable enough to evolve. But the Internet is. And hopefully the features of SpeakFreely will move through the Net at least as memes, if not as code, in terms people can perpetuate.

p2p streaming ala Bittorrent, from the Xiph folks.

[Artemis3]

Could something like IceT help with the situation in the future?:

IceShare is library that distributes Ogg streams on a pseudo-P2P network. It is heavily based on BitTorrent, but works on the Ogg page level, and unlike PeerCast it works with files as well as continuous streams.

It's designed to allow musicians, video producers, radio and television stations, or anyone looking to inexpensivly distribute audio/video on the web. It's intended to be initiated from websites, with links to icet:// URLs. It is not designed for P2P searching, such as Gnutella, Kazaa, and Mule provide, however websites may be setup to easily search content on one or more IceTracker servers.

SF project continuing Speak Freely development

[oohp]

There is a sourceforge project that aims to continue Speak Freely development. Here is their webpage. This project's succes totally depends on finding enough volunteers to do the work, so maybe it's time to do something if you like this project.

Re:NATing Off Customers

[cbreaker]

You can take anything out of context or the wrong way. Like Bush doesn't fumble every single speach - "hispanicals."

Gore took a part in the commercialization of the Internet. Before it was commercialized, it wasn't anything that anyone used except schools and such.

Skype shows the way.

[Futurepower(R)]

Skype Shows the way to upgrade Speak Freely. I've been using Skype behind a hardware firewall and NAT that is locked down tight. When Skype found that its preferred port was not open, it simply used Port 80.

The sound quality is better than telephone. I talked to a friend in France for 2 hours yesterday.

But... It would be much better if there were an open source alternative, that could connect directly to the other person's IP, like dialpad.com did. This is a huge need, and I hope someone will accept the challenge. Otherwise the U.S. government's surveillance departments may one day control all communication: Feds Want to Tap VoIP.

Re:NATing Off Customers

creation and invention are different. I can invent something, and someone else can go and actually create it. The internet (or the concept of it) was 'invented' in universities, defense centers, etc. The actual government funding and allowance for it to be CREATED and made nation-wide took an act of congress, and in that, Gore supposedly took the initiative, and had congress approve it.

Re:Al Gore.

[willtsmith]

It's a joke that perpetuates a stereotype that was meticulously crafted by rightwing think-tanks then peddled on the corporate controlled media.

So everytime I hear the lie, I point out that it isn't true. You watch what they do to Howard Dean. They've already started the effort painting him in a Dan Quayle style. The big difference is that Dan Quayle really is a moronic ideologue.

Re:NATing Off Customers

[willtsmith]

AOL-TimeWarner is the parent company of CNN. They are a mega-media company. They are controlled by millionaires. They want agressive expansion and the ability to buy up more media outlets.

So yes, they are part of the right-wing media because they kiss Bush's ass. How could a "left-wing" company spend so much time wailing on Clinton???

Re:NATing Off Customers

[willtsmith]

Scroll down to the part labeled "Where does spin come from? Inventing the Internet".

First from dictionary.com


initiative ( P ) Pronunciation Key (-nsh-tv)
n.
The power or ability to begin or to follow through energetically with a plan or task; enterprise and determination.
A beginning or introductory step; an opening move: took the initiative in trying to solve the problem.

The power or right to introduce a new legislative measure.
The right and procedure by which citizens can propose a law by petition and ensure its submission to the electorate.

adj.
Of or relating to initiation.
Used to initiate; initiatory.



You see the term initiative is dervied largely through legislation. Gore very clearly referred to creating legislation that brought the internet to it's flurition.

Specifically, Wolf Blitzer asked follow up question regardin this statment:

"During my service in the United States Congress, I took the initiative in creating the Internet," Gore said. "I took the initiative in moving forward a whole range of initiatives that have proven to be important to our country's economic growth, environmental protection, improvements in our educational system."

So in terms of legislation, Gore took an early lead an spearheaded internet development on capital hill. Indeed Gore was the internet's champion in Washinton.

Not once has Al Gore ever used the term INVENT in regards to his role in the internet. That is a fabrication, better known as "spin" in Republican circles. It was part of a greater scheme to make Al Gore into a serial "liar".

Indeed, they tried to make Clinton into a serial liar. So far, they only lye they've EVER caught him in regarded Monica Lewinsky.

Yes CNN IS a right-wing media outlet owned by the mega-corporation AOL-TimeWarner. Don't believe a word they say. Though CNN doesn't go as far a being a propaganda outlet for Republicans like Fox News is.

This is what Rush Limbaugh means by "liberal-bias". Anybody who doesn't agree 100% with them is the enemy. For a great narrative on the situation, read "Blinded by the Right" by famous queer right-wing convert David Brock.

Massively overestimating bandwidth requirements

[harlows_monkeys]

Hmmm...the author of the page cited in the story seems to allow two NAT users to communicate would require that the entire communication take place through a server, and that would use more bandwidth than he's got.

However, that's not correct. A server is only needed to tell each user the other's IP address. Once each side knows the other's IP address, there is a simply workaround for NAT.

Each sends a sacrificial UDP packet to the other. This serves to open up the sender's NAT to receiving UDP packets from the other side.

At that point, they can do peer to peer UDP.

Note that the server is only involved at the start, to tell each side the other's IP address.

Re:Massively overestimating bandwidth requirements

[Wesley+Felter]

That only works for cone NATs, not restricted NATs. Also, putting N different kinds of NAT traversal code in every application is a lot to ask of developers.

Re:Massively overestimating bandwidth requirements

[oo_waratah]

Not strictly true. My firewall NAT's everything and will not allow a connection unless I originate it. If the firewall on the other side has teh same rule the only alternative that I can see is to effectively bounce through a third party.

Now I could set up a static route for a specific incoming port to enable this but it would require special knowledge and access by myself. This is not a user task.

This is an interesting question for the future... I wonder how this will be worked out.

Wait a second..

[T9D]

I thought Ashcroft already eliminated the right to speak freely? Oh, nevermind, this is a dupe. Sorry.

Re:NATing Off Customers

[willtsmith]

Those modding up my Al Gore defenses, please be consistent. The parent posts started the issue. The thread has NOTHING to do with Al Gore. Yet you haven't extended an "Offtopic" mod to them. Likewise, responses to my Al Gore defenses are NOT modded as offtopic.

So please, be consistent. You are showing a bias, that's NOT what moderation is about. If my posts are "offtopic" than so is everyone who have responded. Furthermore, the parent should be modded "non-informative" since it is disinformation.

Finally, I would think my posting would be INFORMATIVE since I provide links to meticulous documentation as to the nature of the Al Gore Internet Invention myth. Of course, those who wish to live in ignorance, feel free to mod down anything you don't agree with.

Standardized NAT media solutions

RFC 3489. Solution #1 from midcom, a
few others are in the pipe.

I see.

[Effugas]

Isn't there some clever way to work around these limitations?

There will be.

Public domain versus GPL

[Anonymous+Cowabunga]

The author points out that it is in "the public domain", which I take to be different than a GPL or open source program. Anyone care to clarify the difference here, in terms of the author's intentions? ie. why did he not GPL or otherwise copyright this program?

Re:Public domain versus GPL

[Felinoid]

"Pubic domain" means "Not restricted in any way what so ever piriod".
The problem with this is when people make commertal products with your public domain and pretend you don't exist. It has happend.

Example: Xmodem. The author made Xmodem to trade files with his friends so the code was always public domain. In this way it found it's way into a number of free and commertal terminal programs and also formed the basis of many supperor file transfer protocals.
End result: The author of Xmodem can trade files with just about anyone.

In as much as this example had a happy ending this is not always the case.

Take the stunt SCO is trying to pull right now with Linux.
The GPL prevented anyone from attempting this before.

That being that SCO is basicly making a closed source version of Linux and attempting to frighten everyone into switching to it.
The intend to issue legal threats to everyone who uses Linux and dose not use SCOs version untill everyone gives up the open source version.

Becouse of the GPL all the Linux destrobution maker has the right to sue SCO for violating the liccens where as if Linux were public domain SCO could sue all they want and assuming they can keep Daril from making some stupid slanderous statments there'd be nothing anyone could do about it.

IANAL...

Re:Public domain versus GPL

By placing it in the public domain, he's effectively given the program away. Had it been released under the GPL, it would be considered GNU-proprietary software, and thus less free.

Worthy Of Being Reposted

[intertwingled]

This story is worthy of being posted again, I think.

TCP simultaneous opens?

One of the listed problems is that people behind a NAT can't receive calls without going through some kind of server. What about a server where people find each other, but then they do simultaneous TCP opens to make it work?

That is, A and B agree on a pair of ports, then they bind to them and open connections to each other simultaneously. The outgoing connection attempt should create the necessary rules on the NAT/firewall boxees, and then you're in business.

You start out with two connection attempts, but end up with just one connection. It's a neat trick that I saw in the Stevens TCP/IP book, but have never tried.

Re:TCP simultaneous opens?

People keep bringing this up over and over, and they always end with "it should work but I haven't tried it". After two years and no code, I don't believe it.

Re:TCP simultaneous opens?

OK, so now I have tried. It took me a couple of minutes to rig a pair of Linux boxes such that they would both drop incoming packets that weren't "state ESTABLISHED".

box a: nc -p 4000 box-b 5000
box b: nc -p 5000 box-a 4000

That's it. You're connected.

You actually HAVE to be behind a filtering firewall or similar, or you need a good bit of delay between the two hosts. If you run it with a system that accepts the unassociated packet, it RSTs the connection and it fails.

So, as it turns out, the only time it reliably works is when you're behind a stateful filtering firewall, and that's when you need it most!

This assumes a SNAT type box and not masquerading, although you may get lucky in the latter case if it doesn't mangle your port numbers. Try it and see.

my DG814

[ttldkns]

i dont understand, my router has built in port forwarding to internal adresses, i can run http servers and evrything all mapped to a dns record with DynDNS... makes it easier when u can tell your friends a domain name for game servers etc...

from what ive read either this feature doesnt seem to be on most of your routers... This is an excellent feature as u dont get the security risks as with UPnP and it still functions as a normal NAT router... Need to see more products like this

Re:NATing Off Customers

[StenD]

But he didn't claim to have taken part in the commercialization of the Internet, he claimed to have taken the initiative in the creation of the Internet. Even defenders of the statement are forced to concede that that was not possible.

Clearly, then, if we take Gore literally at his word, he could not have "taken the initiative in creating the Internet." As the ARPANET moved from research to deployment, Gore was finishing college and serving in the Army in Vietnam. From 1976 to 1985, Gore served in the House of Representatives. From 1985 to 1992, he served in the Senate. The record shows that his interest in national computer networking issues became acute during his years in the Senate - when the Internet clearly was fully in operation.

Spin all you like, but while I'll concede that he didn't claim to "invent" the Internet, he still took credit for helping to create something that was in place before he came around.

Re:IPV6 and NAT - price gouging

[cdn-programmer]

There is absolutly no good reason what-so-ever why a static IP should cost any money at all. All IP addresses were created when the tcp/ip protocol was developed and the _ONLY_ reason they can be dynamic is because the DHCP server was designed. It costs extra to run DHCP over statics - but in some cases it may be a little more convieniant, like in a large company where you juast wnat to be able to plug a machine in.

In the begining the IP address blocks were just handed out to whoever asked for them - for free.

Later Telephone companies and ISP's learned that since they held them, they could bill for them.

This is not much different than the Oklahoma Land Grab where the early settlers got their land for free, and everyone since then has had to pay through the nose.

Early Oil and Gas rights were similarly generally given out for free to the first settlers.

If you check your history, you will probably find that the greatest concentrations of wealth in North America come from early grants that were free or very close to it. Then when certain towns grew into cities the ranchers and farmers in the area received windfall profits which they used to invest in industries that later also proved quite lucrative.

Others probably would have used the capital better, but they never had the chance because they chose the wrong parents.

Clearly the static IP address range falls into a similar pattern. It might be a very good idea if we programmers start figuring out a way that the IPv6 address range can be gurranteed to be static.

What happens with dynamic IP is analagous to the idea that every time you pick up your cell phone, the phone company injects a new phone number ito it - then proclaims that you should pay extra for a phone number that doesn't change because then your friends can call you up and that is clearly an "EXTRA" service which puts you into a different category... OH... and if you want your name to be associated with your phone then that requires a NAMESERVER (DNS) and you have to pay even more money to Verisign.

Wonderful system we have here. Clearly it is not what we want, not what we intended and we are the once getting our collective pockets picked.

Speak Freely SHOULD be discontinued

[Wesley+Felter]

Speak Freely was great when it first came out, but now we have a standard protocol for VoIP (SIP), and SF doesn't support it. Rather than keep SF alive, why not work on adding crypto to SIP clients?

Re:NATing Off Customers

[StenD]

AOL-TimeWarner is the parent company of CNN. They are a mega-media company. They are controlled by millionaires. They want agressive expansion and the ability to buy up more media outlets.

And they primarily support Democrats. According to opensecrets.org, two thirds of Time Warner contributions in the 2000 election cycle went to Democrats. And that wasn't an abberation - looking at the combined AOL Time Warner donor profile (the merger was in 2001), the lowest percentage of contributions going to Democrats was 53% in 1996, and the total since 1990 went 66% to Democrats.

So yes, they are part of the right-wing media because they kiss Bush's ass. How could a "left-wing" company spend so much time wailing on Clinton???

Because it didn't. CNN didn't get the nickname "Clinton News Network" because it was amongst the first to report Clinton scandals, but because it was amongst the last. It was to the Clinton administration what Fox News is to the Bush administration.

Re:Al Gore.

Isn't Al Gore that guy who sued MacDonalds for millions of dollars after he poured hot coffee over his legs? Shocking, simply shocking...

Speex + NAT support recently added

[ooloogi]

John Walker is playing it on the safe side, and just warning users that he can no longer guarantee support as he will not be providing it himself. It is fairly mature software though, and doesn't need much updating with time, so that's why there hasn't been much development over the past few years.

Since John has withdrawn from development though, developers have been working on the NAT issue, and have a solution for many circumstances. Also the Speex codec has been added, so the quality/bitrate is now back in the league of the alternatives. So basically, it doesn't need much to keep it up to date.

http://www.fourmilab.ch/wb/speak-freely.pl?read=50 1

http://www.fourmilab.ch/wb/speak-freely.pl?read=50 9

Working alternatives?

[ooloogi]

The thing is that Speakfreely does Linux--Windows with crypto, an efficient codec (speex), and some NAT traversal right now. I don't know of an working alternative. Do you know any other combination that will even do linuix-windows over a 33k connection now? I can only think of the huuuge open-h323, and my experience is that it doesn't perfom anywhere near as well with less-than-ideal connections.

Re:Working alternatives?

[Wesley+Felter]

Have you tried linphone on Linux and X-Lite on Windows?

Re:NATing Off Customers

[willtsmith]

Hehe, Nice spin. But read a little further in the article.

Al Gore's contributions to the internet

While consistently supported funding for agencies involved in science and technology, such as the National Science Foundation and for NASA, Gore also began to give speeches and hold hearings in support of high-performance computing and networking. In 1987, for instance, Gore spoke on the floor in support of research into superconducting supercomputers:

Mr. President, I rise to discuss the subject of superconductivity and to make my colleagues aware of dramatic new developments which have been disclosed in the news media and which have been taking place in the field of science during the last 6 weeks. Last week in New York City, there was an unprecedented conference which was described by participants as unlike anything the field of science had ever seen before. A series of rapid-fire dramatic new discoveries in the science of superconductivity, which means the creation of materials which conduct electricity with no resistance whatsoever, promise to open up tremendous new applications in fields from electricity transmission to high-speed rail transit to the construction of appliances and the like. We must have a national response to this new opportunity.
It's a safe bet that very few members of Congress at the time would have felt the urge to make this kind of speech. Many may have felt little desire to listen to it, either. The point, however, is clear: Gore took an active interest in promoting the United States position in science and technology. As chairman of the Senate Subcommittee on Science, Technology, and Space, Gore held hearings on these issues. During a 1989 hearing colloquy with Dr. Craig Fields of ARPA and Dr. William Wulf of NSF, Gore solicited information about what constituted a high-speed network and where technology was headed. He asked how much sooner NSFnet speed could be enhanced 30-fold if more Federal funding was provided. During this hearing, Gore made fun of himself during an exchange about high-speed networking speeds: "That's all right. I think of my [1988] presidential campaign as a gigaflop." [The witness had explained that "gigaflop" referred to one billion floating point operations per second.]


But Gore's interest and support for U.S. high-speed networking begins much earlier than 1989. As early as 1986, Gore called for, in the context of funding for the NSF, support for basic research in computer networking:


Mr. President, it gives me great pleasure to support the proposed National Science Foundation Authorization Act.
MR. PRESIDENT, IT GIVES ME GREAT PLEASURE TO SUPPORT THE PROPOSED NATIONAL SCIENCE FOUNDATION AUTHORIZATION ACT.

WITHIN THIS BILL I HAVE TWO AMENDMENTS, THE COMPUTER NETWORK STUDY AND THE GREENHOUSE EFFECT REPORT. THE FIRST AMENDMENT WAS ORIGINALLY INTRODUCED WITH SENATOR GORTON AS S. 2594. IT CALLS FOR A 2-YEAR STUDY OF THE CRITICAL PROBLEMS AND CURRENT AND FUTURE OPTIONS REGARDING COMMUNICATIONS NETWORKS FOR RESEARCH COMPUTERS. THE SECOND AMENDMENT REQUIRES THE PRESIDENT TO SUBMIT A REPORT TO CONGRESS ON THE ACTIONS TAKEN TO ESTABLISH AN INTERNATIONAL YEAR OF THE GREENHOUSE EFFECT.

BOTH OF THESE AMENDMENTS SEEK NEW INFORMATION ON CRITICAL PROBLEMS OF TODAY. THE COMPUTER NETWORK STUDY ACT IS DESIGNED TO ANSWER CRITICAL QUESTIONS ON THE NEEDS OF COMPUTER TELECOMMUNICATIONS SYSTEMS OVER THE NEXT 15 YEARS. FOR EXAMPLE, WHAT ARE THE FUTURE REQUIREMENTS FOR COMPUTERS IN TERMS OF QUANTITY AND QUALITY OF DATA TRANSMISSION, DATA SECURITY, AND SOFTWEAR [sic] COMPATIBILITY? WHAT EQUIPMENT MUST BE DEVELOPED TO TAKE ADVANTAGE OF THE HIGH TRANSMISSION RATES OFFERED BY FIBER OPTIC SYSTEMS?

BOTH SYSTEMS DESIGNED TO HANDLE THE SPECIAL NEEDS OF SUPERCOMPUTERS AND SYSTEMS DESIGNED TO MEET THE NEEDS OF SMALLER RESEARCH COMPUTERS WILL BE EVALUATED. THE EMPHASIS IS ON RESEARCH COMPUTERS, BUT THE USERS OF ALL COMPUTERS WILL BENEFIT FROM THIS STUDY. TODAY, WE CAN BANK BY COMPUTER, SHOP BY COMPUTER, AND SEND

Re:NATing Off Customers

[F1re]

Two Australian pollies also claim to have invented the internet. This was in the official parlementary record last year:

"Senator IAN CAMPBELL (Western Australia- Manager of Government Business in the Senate) (7.13 p.m.)-by leave-I move:

"That valedictory statements may continue beyond 7.20 p.m. and that the question for the adjournment be proposed at the conclusion of valedictory statements.
"Just by way of support for that motion, to convince colleagues to vote for it, could I just say-and this is an outrageous abuse of my position, jumping the speakers list!-two things very briefly to my colleague Senator Alston, because a lot of it has been said. I did serve as Richard's parliamentary secretary for three years. It was, as Senator Coonan just said, a period of intense policy activity. It was quite remarkable to move out of Treasury, where I really thought we had, as Senator Coonan and Senator Kemp know, a phenomenal level of policy activity. To go to communications and IT at the time when Richard and I invented the Internet was, of course, a phenomenal period of activity. If you think back to that time, it was when the Internet was taking off. Broadband-a term that Richard and I invented!-occurred at that time..."

Re:NATing Off Customers

[DAldredge]

He said, in part, TOOK THE INITIATIVE IN CREATING, I am sorry but out her in flyover country that is taking credit for creating the internet.

He lied. And don't tell me about the Cerfs defense of Al Gore, he is an VP at WorldCom how has huge goverment contracts. He will not piss off those that write his checks.

How interesting

[The+Tyro]

So your characterization of Dan Quayle as a "moronic idealogue" is OK... but the hilarity that resulted from Al Gore's claim that "he took the initiative in creating the internet" is propaganda from the right-wing puppetmasters?

Hmm.

I've met Dan Quayle, and heard him speak. He didn't strike me as moronic in any way... and I've yet to see Dean treated with anywhere near the derision showered on Quayle after his potatoe gaffe.

Re:How interesting

[willtsmith]

I'll remind you that Dan Quayle was outsmarted by a Kindegarten student.

Then he started throwing out terms like "phoenetically correct" to a five year old.

The fact is that "Potatoe" is the spelling used in britain. Dumb old Dan couldn't even get the nature of his correction right.

The problem ISN'T that he misspelled "potato". The problem is he tried to make a 5 year old feel bad because HE misspelled "potato". Then he tried to flaunt his intellectual superiority in front of said 5 year old.

I misspell words all the time. But I don't try to make up fancy excuses when they're pointed out. You just correct them and move on.

BTW, read associated posts for why his claim of taking initiative is correct. Make sure you look up the term "initiative".

Re:How interesting

[The+Tyro]

Make sure you look up the term "initiative. For you, anything.

Initiative has several common meanings. A legislative initiative is synonymous for a bill or referendum... but it takes some fairly tortured logic to argue it was the meaning that Mr. Gore was using in his infamous statement... Examine the context.

Mr. Gore said he "took the initiative" (meaning, in that context, an introductory step) "in creating the internet." Could he possibly be referring to a legislative initiative? Where exactly did he take it? To his office? To his home? Out to dinner with Tipper?

If you look at the context of Al Gore's legislative record, Gore has always been a supporter of technology issues, some right, some wrong (V-chip, key escrow), and he DID support legislation that helped the early internet grow... but I don't remember him crunching any code at DARPA. While Gore was an early internet supporter... he, in fact, created nothing. Trying to take credit for the internet's creation (or giving that impression) sounds absolutely over-the-top grandiose.

Gore's statement amused the general public because of the public's perception that legislators/congressmen don't really create anything... they make laws and allocate other people's money. Since being a congressman is a full-time job, the public is largely correct; legislators legislate, whereas scientists actually create things.

Poor choice of words on Mr. Gore's part... and it came back to haunt him. The fact that it didn't right away is largely immaterial. All political parties do opposition research, and Gore's statement was simply the low-hanging fruit.

Did I misunderstand your post, or are you seriously making an argument that the context of his statement referred to a particular legislative bill?

Re:How interesting

[IceFreak2000]

The fact is that "Potatoe" is the spelling used in britain. Dumb old Dan couldn't even get the nature of his correction right.

Bollocks. Here in the UK, potato is spelt - wait for it - potato.

Re:How interesting

[tengwar]

The fact is that "Potatoe" is the spelling used in britain.

Umm, no it isn't.

Re:How interesting

[willtsmith]

Well shit, I always assumed that. Looks like dear old Dan was 100% wrong.

I'm sorry for implying that Brits are as dumb as Dan Quayle ;-)

I Fail It

[newshooze]

I read the article and still have no idea what Speak Freely is

Re:NATing Off Customers

Wilt buddy, get a grip. It was proved to you by direct quote that your pal Al claimed to "take the initiative" etc. You can cry all you want to, but he said it.

Re:NATing Off Customers

[StenD]

Hehe, Nice spin. But read a little further in the article.

I read the entire article before posting.

Al Gore's contributions to the internet

Pure spin. Gore didn't claim to "contribute" to the internet, he claimed to have taken the initiative in creating it, when it was created prior to his contributions.

Isit irony

[geekoid]

that a duplicate post about something called speakfreely caues so much of an issue?
I mean, just because you can speek freely, doesn't mean you can't repeat yourself.

NAT isn't the insoluable proble the author assumes

Ever since 1995, I've been successfully making
peer-to-peer UDP connections through NATs
using the techniques described in
http://www.ietf.org/internet-drafts/draft-ford -mid com-p2p-01.txt
Things are not as bleak as the author assumes,
I think.

simple workaround

[unger]

pay for a static IP number!

open an account with a local ISP and pay the extra few bucks for a static IP

if you don't have a local ISP that will provide static IPs checkout one of the best ISPs in existence, IMHO, that will:

panix.com

delivers national dial-up access, static IPs, shell access, stellar support, and more

Re:NATing Off Customers

And don't tell me about the Cerfs defense of Al Gore, he is an VP at WorldCom how has huge goverment contracts. He will not piss off those that write his checks.

Please read this page on the appeal to circumstance.

Two books which may help one become a more logical thinker are Attacking Faulty Reasoning and Asking the Right Questions.

HTH

Software engineering fails one more time.

[master_p]

It's amazing to me that, no matter what software engineering technique is used, software ends up a spaghetti mess...after a few years of maintenance and changes, the code demands rebuilding from the start. Has any university analysed this ? what about the cost of it, the effects on its creators, and other social and political factors ? is open source an answer ? is there a solution for producing better code which does not fall apart once a few changes are introduced ? Is there a mathematical theory behind software construction ?

As for the given app's problems, I sympathise with the guy, since I've run myself into this kind of software trouble before...technologies change, and the hard pressure for the market share most often makes not the best solution to be chosen and used.

By the way, even when behind NAT, a computer is able to send and receive data to the internet. There is some protocol about that...can this protocol be used for voice IP ? and if not, why ?

Re:NATing Off Customers

[discogravy]

Gore's a big part of government? Not lately he hasn't been; and it doesn't look like he will be any time soon either.

Speakfreely, Autodesk, and AutoCAD.

[ninejaguar]

"This site is developed and maintained by John Walker, founder of Autodesk, Inc. and co-author of AutoCAD."

I've only heard of Speak Freely in passing before. But, I had no idea it was written and maintained by one of Autodesk's and Autocad's founders.

= 9J =

Congratulations!

YHBT.
YHL.
HAND!

Re:My wish

[hesiod]

> What? Are you all scared?!?

Are you all dense, or just partially?

Re:NATing Off Customers

[willtsmith]

The guy who gets a project funding CONTRIBUTES!!!

Mind you, I think the net would have evolved all by itself without Al's support on Capital Hill. But it may have been delayed a few more years.

No one claimed that Al Gore CREATED the early internet. But you have to realize that the phenomenon we now know as the internet was something entirely different in 1986.

Al didn't write code, he didn't design protocols and I doubt he's ever connected a network adapter. But he put funding in the pockets of people who did.

Gore also spent a lot of time acting as a PR guy for internet development. He was the guy who was pushing internet connectivity in EVERY classroom. Granted, some appropriate K-12 content would have been nice as well. But that has come along as well.

So I DO think he contributed.

Re:NATing Off Customers

[StenD]

So I DO think he contributed.

He contributed to the development of the Internet, not to the creation of the Internet. If Robert Lutz said that he took the initiative in the creation of the Corvette, then argued that was true because he ensured the funding of the development of the Corvette C6, you'd call him a liar. Al Gore did the same thing in claiming to have taken the initiative in the creation of the Internet.

Re:NATing Off Customers

[willtsmith]

I do see what your saying. He did mis-speak.

But you have to remember that the internet of 1986 was something different than the internet of 1994.

I mean, one could say that Al Gore's pop didn't take initiative for creating interstate highways because a LOT of those routes were already in place. They simply extended a lot of roads, connected conected them and built a lot of bridges and cloverleafs.

So perhaps you could say that he didn't take initiative for creating the internet. He mearly took initiative for transforming it into the information super-highway. Keeping in mind that initiative means legislation by definition.

The point is that the whole Al Gore and the internet thing was blown completely out of proportion. You should thank Al Gore for his forsight and efforts to put an onramp to the internet in virtually every home, office, and classroom in America.

Will continue to be available at source forge.

[cplvr]

A reminder post now, when we still have a few days to grab the archive, is VERY appropriate. John has stated that it will remain available at sourceforge.

While I cannot in good conscience encourage people to become new users of Speak Freely nor developers to invest time in working on it, the entire state of the program as of the final release will remain available indefinitely on SourceForge as separate CVS archives for the Unix and Windows versions. I will make no further additions to these archives, but others are free to download them for their own private development purposes and/or create new projects on SourceForge to develop derivative programs in whatever form they like.

Of course if you meant you want to wget leech the entire forum threads or mailing list archives, thats a different story :)