Slashdot Mirror
Who Will Fix the Internet? No One, Apparently
blackbearnh writes "It seems like everyone focuses on the latest and greatest killer Internet applications, but the underlying infrastructure that all of them run on is showing its age. That's the claim made by a recent article in the Christian Science Monitor. IPv4 is relatively ancient, and even stalled improvements like IPv6 aren't significant enough to matter, according to some researchers. With no one 'in charge' of the Internet, it's almost impossible to get any sweeping technical improvements made, especially since there's no financial incentive on the part of the ISPs and telecoms to invest in basic infrastructure. CalTech Professor John Doyle puts it this way: 'To the extent I've been working in this field for the last 10 years, I've been mostly working on band-aids. I'm really trying to get out of that business and try to help the people, the few people, who are really trying to think more fundamentally about what needs to be done.'"
Let the porn industry fix the internet. They're responsible for most of the traffic.
...is it s diffuse and decentralized nature, a network of networks, not a single network. An organization or individual with the power to "fix" the internet would have the power to destroy it or lock it down.
We're running out of IPv4 addresses?
Another ridiculous article. Supply will always follow demand. WHo will fix the internet? It doesn't matter, it will always be there as long as there is a demand.
IPv4 is an absolutely fundamental part of virtually every network in existence today, and given that networks are a fundamental prerequisite in the modern computing world and see very, very, very, very heavy usage every minue of the day no one is going to take any time out and start tinkering because people think networks and the internet are broken. There's no financial incentive for ISPs or any companies to invest in IPv6 yet and there won't be no matter who is 'in charge' of the internet to 'force' it to happen. You can't mandate anything in an open market, and I just find the possible motivation for that statement bizarre.
Basically, it'll start to happen when we really do run out of IP addresses and things get desperate and it will happen when someone comes up with a sane and straightforward guide for making IPv6 co-exist happily with existing IPv4 networks and making sure everyone knows about it. Until those things happen there is zero incentive to rip out and replace or tinker with something so fundamental. Band aids are the order of the day and have been in every piece of fundamental infrastructure since time imemorial. We must leave this 'rip out and replace' culture in computing far behind otherwise no one can ever take us seriously.
The article author thinks IPv6 is just a band-aid, though he admits it would fix the address shortage. He is talking, vaguely, about an architectural upgrade but doesn't really say *what*. He only says "more research is needed", which I translate to "give me more funding".
Do you have any insight as to what he's talking about, other than "get off your ass on IPv6"?
Learning HOW to think is more important than learning WHAT to think.
The existing internet certainly has its rough edges, and they are not insignificant; but an alarming number of proposed "internet fixes" and "new improved internet" proposals seem to be more about serving the interests of incumbents(largely in the areas of surveillance and copyright enforcement) than about making the internet work better.
Many of the internet's virtues are a result of the fact that it grew up before anybody outside of a narrow circle knew that it was going to be significant, so its development was relatively uncrippled. We aren't going to have that opportunity again. Any "new internet" proposal is going to have the grubby claws of "stakeholders" all over it.
There will be no proactive solution; this sort of thing will only be improved upon in increments as things break. John Doyle mentions "Band-Aids" but that's exactly how it needs to evolve....like any other living organism.
Loading...
Internet-Fixer Man!!! With his large hoard of anonymous, probably overweight, definitely awkward, mostly perverted, could be educated, willing to take risks, bunch of trolls from 4CHAN, he's going to fix the internet in no time flat!
It seems to me that most of the country is still in a situation where there are one or two options for high speed internet in any given area (only one here). If we allowed more competition, we would probably see a rush to upgrade infrastructure, as most people are damn tired of this "large pipe, limited download" crap, and the first ISP to offer either no cap or really high cap and maintain fast speeds is going to take every last customer from crappy services like AT&T.
Having some centralized organization handle network upgrades will work out about as well as it did in the 90's, ie not at all. They'll just pocket the money and continue to clamp down on their customers. The only way to improve service is to increase competition.
I'm afraid the powers that be, will be the ones 'in charge' of the New and Improved internet, and can bet your sweet ass, they won't make the mistakes they did last time that leaves them without total control.
Their corporate masters, will force them to have severe control on what content can be pumped over it, pretty much necessitating control on what can connect to it (so much for having control of your computer), and the govt. and lawyers will certainly make it where you can't be anonymous, and you will likely need a special license to publish on it.
Personally? No thanks, with all its bugs and problems, and tons of cruft out there, I'll be happy to stick with the current internet system that is out there. I like the idea that I can hook a computer on it, and instantly become a peer with any other computer out there, no matter if it is a farm kid on dial up, or a massive corporation's data center. My box/server is equal, and I can do and publish damned near anything I want.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
The only conclusion that I can draw from the silence on the actual upgrade is that it's something we wouldn't like.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
Yes actually. One of the most unbiased news sources available.
No this isn't sarcasm.
I fail to see how/why the TFA is lumping everything under one problem called the "Internet". Break it up into little bits, and you'll see that there *are* mostly effective working groups and vendor coalitions solving issues, up and down the stack, every day.
body massage!
Ref: the article linked to in the post. "Pakistanâ(TM)s relatively anemic data pipeline"? That's a major understatement.
Life is too good to waste... Read!
The problem correlates to what makes the Internet so successful: it's a wide-open, essentially unregulated space.
With no centralized authority, you get benefits like anonymity (see how long that lasts once the bureaucrats get their hooks in it--oh noes! the terrorists! think of the children! we must track each user), innovation (in just a few years we've gone from hypertext to graphical MMORPGs--I can just see trying to get the paperwork through on that one) and freedom (I don't suppose the good people at 760 United Nations Plaza would be interested in protecting the freedom of expression of fascists, for instance).
Of course, with anonymity comes spam, with innovation you get new and better malware, and with freedom you get a lot of crazy talk. But unless you're ready to throw the baby out with the bath water, it's probably best to leave well enough alone. Since politicians of all stripes are essentially unable to understand opportunity costs or unintended consequences, I shudder each time I read one of these FUD-o-thons.
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
I honestly don't even think IPv6 is needed. We just need recall some of those huge blocks of IP addresses that have been allocated for no good reason and implement NAT/proxies more widely.
Just about every single company uses firewalls nowadays anyway, there is absolutely no reason for them to have huge blocks of IP addresses like they currently do (they don't even use them!).
The Internet is improving everyday as better routers, faster servers, new better cables/antennas are deployed, the last mile connection options are also multiplying. IPv6 is put on hold as there is no real need for it at the moment.
IPv6 is NOT on hold. Most of Asia are already using IPv6. If you use Apple there's a good chance you're using IPv6 without even realising it. The EU is mandating moves to IPv6 in the coming years, and I imagine most countries are doing something similar.
The US may have its head in the sand, but that doesn't mean everyone else does.
The Future of Human Evolution: Autonomy
Yes. It's a very respectable source indeed. Also, Christian Science (promoted by Christian Scientists) is entirely different from the science promoted by Christians (who are a different group).
The only conclusion that I can draw from the silence on the actual upgrade is that it's something we wouldn't like.
My understanding from my experience and research into the subject is that in order to upgrade the Internet...
The Tubes demand SACRIFICE!
I haven't RTFA. But my little hopeful, idealistic vision for a next-gen internet is a mesh network with an ad-hoc routing protocol that can get your traffic from one side of the globe to the other, without address assignment that is centrally controlled by a hierarchy of government and corporate entities.
A solution I was thinking of was giving each device a (changeable) cryptographically secure address (ie. you generate a key pair, the public key is the address, the private key is your proof that you own that address). In the local area finding the destination could simply be a matter of asking the neighbors if they've seen it. On the global scale geographical routing could be used, with a registry mapping the public keys to their general spatial neighborhood (General so it was less of a privacy concern, say 16-256 km^2). My idea certainly needs more research, especially regarding decentralizing such a geo-address registry and making a working routing protocol that can find good routes over millions of nodes.
If there was someone "in charge" of the internet, we wouldn't be worried about being unable to change technical standards by proclaimed fiat, but instead about why we were using both ancient and nearing unworkable technical standards, and why we were unable to even apply band-aids to the problem, lest the ship be rocked, incompatibilities result, special interests slighted, and the status quo in danger of coming out of stasis.
Slashdot: Playing Favorites Since 1997
My understanding from my experience and research into the subject is that in order to upgrade the Internet...
The Tubes demand SACRIFICE!
Well, Ted Kennedy did die today. I wonder if that was some deal between Ted Stevens (D-AK, "Mr. Tubes") and the Devil to keep Stevens out of prison. Satan's minion just got the wrong Ted...
Learning HOW to think is more important than learning WHAT to think.
The basic internet is fine, IPv4 and IPv6 both transmit datagrams, and that is all you need; WHAT we DO NOT need is big government or CORPORATE AMERICA __improving things__.
It's not broken, it doesn't need fixing.
Move along, nothing to see here.
"Blah blah blah." - [citation needed]
Ignorance is bliss, and you, sir, seem to be positively rolling in it. CSM, strange as it may seem, is generally regarded as being of surpassing quality (vastly superior to your "mainline" news channels and rags).
The irony is that most religious people I know revile the CSM as being liberal, ungodly, and in all manner of secular.
Who does he think has been paying for most of the network upgrades? The government? The martians? Does he think that God has sent down an army of angels to quietly build up our infrastructure?
Time to bring Al Gore out of retirement so that he can reinvent the Internet.
WHO is too busy dealing with the swine flu to think about this.
What they have to do with this anyway?
The good, the evil and the vacuum tubes.
These statements are not surprising and such things are true everywhere. In computer architecture for example, no one wants to change a hell lot of things because that may lead to new compilers, rewriting legacy codes etc and no one is interested in doing that even if it can provide tremendous performance and scalability benefits. There are radical ideas, but if they are too radical and need a lot of change, then nobody wants them because of the effort required to change existing systems. I think to some extent this may be true here too.
Well, think about it this way -- why *hasn't* the transition to IPv6 gone smoother/faster? Answer: the current architecture (with its dead-end-to-dead-end philosophy) is not designed to be upgraded. Presumably, some day, some one with ambition will come up with a networking protocol that is *better* than IPv6 (not talking about bigger address space, I mean even better protocol design.) I have problems believing that in a million years we would still be running IPv6 because no one will have come up with anything better. (Maybe because it's been impossible to migrated from, but...) Ideally, IPv6 would have some design elements to make it possible to easily and quickly upgrade to future (non-IPv6) technologies faster.
The problem that making sweeping improvements has such a high cost barrier (or even a decent method for making piecemeal/gradual improvements) is in itself a problem because it slows down the development and deployment of new technologies. Which is why IPv6 has been so slow to be deployed. This is an architectural issue.
Historical, essentially. The Christian Science Monitor is so called because it's associated with the Church of Christ, Scientist, sharing the same founder. A bunch of mid-level crazies who are strong believers in the power of faith healing. The paper tries to keep it's distance from it's patron church, well aware that to be seen in their association would threaten it's credability.
http://www.csmonitor.com/aboutus/about_the_monitor.html Is 7 Pulitzer Prizes, including one for uncovering the death camps in Bosnia, serious enough?
Here, let me find the wiki page for you:
http://en.wikipedia.org/wiki/Christian_Science_Monitor
"Despite its name, the Monitor is not a religious-themed paper, and does not promote the doctrine of its patron church. However, at its founder Eddy's request, a daily religious article has appeared in every issue of the Monitor."
Planning to be moderated ± 1: Bad Pun.
There is a lot that could be implied by saying "Fix the internet," but all that's really needed is a full duplex asynchronous protocol that's light weight and secure. We're at a point now where browsers are adhering better to standards and compiling javascript on the fly to machine code, yet we're still piggy-backing on http.
Aside from that, the summary doesn't make a lot of sense. What does IPv4 have to do with the internet being broken? We're just running out of IP addresses but even now it's not an impending issue as IPv6 is becoming more widely supported. And where is the infrastructure lacking on the side of ISP's? Saying "the internet is broken" is such an open-ended statement I still wonder what the submitter is trying to get at.
Similes are like metaphors
Dear mr.Christian Science,
Your attempt to make us panic and throw a metric shitload of money into your inadequate research to end net-neutrality has failed. The average slashdot reader knows more about the intricacies of the Internet than you expect and can therefore tell you that doom's day is far off. We know that because the Terminators need IPv6 to keep track of their innumerable minions.
No IPv6 no doom's day.
Thank you for your time,
Average Slashdot Joe
TFA says that the internet was just an experimental demo that worked too well and ended up getting adopted. Wrong. It started as an experimental but real network that was to be used for real work. The basic principles were deliberately, and well, chosen.
The environment has changed, but the basic principle of a simple network with intelligence at the "edges" - in the devices that connect to the basic bit-shuffling network - is sound. That above all is what has allowed so many innovative services to be rapidly and successfully deployed.
This allows some less desirable features, but that's the price of flexibility. Same with roads: they are a flexible network, which means the bad guys can use them for trafficking or drive stolen cars. If you build too many controls into a system, you make it less versatile.
The problem with "sweeping technical improvements" is that improvements are often tradeoffs, and (as someone else pointed out) any changes will have the grubby claws of "stakeholders" all over them. They are most likely to serve powerful interests rather than users and they are much less likely to foster the innovation that has made the internet such an explosive success, and such a multiplier of potential.
The article also has a slightly US-centric view of the IP6 issue. In other parts of the world there is not the same relative abundance of IP addresses, and IP6 deployment seems to be a bit further ahead. The Beijing Olympics used IPv6, and ISPs in India and Australia for example run commercial IP6 services.
Paul "Say no to feeping creaturism"
We will see the massive changes in tech when the CS and IT folks who entered the market in the 2000s make it to management and start controlling the tech. These are individuals that have grown up with change and are adaptable to it. A large number of them WANTED to be geeks, they arent paycheck hunters and are genuinely interested in the advance of tech. Why do I think this? Of the people I know that have adopted newer techs, eg IPv6 or maintain stricter code, or push for HTML5 or whatnot, they all are individuals who graduated high school or college in the last 10 years...just my observation though.
CS: It is all sink or swim...oh and did I mention there are sharks in that water?
> it won't be anywhere near as free and useful for any Joe Public to get on, express views, be anonymous, etc.
The internet isnt anonymous.. and people need to stop believing that.
Posted A.C. for irony. :]
It's called Christian Science Monitor basically because the founder was also the founder of the Church of Christ, Scientist and she demanded that it be called that. Despite it's name, the paper is 95% secular and is actually known for its fair and balance reporting, especially for avoiding sensationalism (ironically in this case). Their staff has even won a handful of Pulitzer Prizes over the years.
The problem is that congestion control on the Internet is strictly based on the Van Jacobsen hacks to TCP/IP. These work pretty well, but they have problems. First, a lot of IP traffic is not TCP. Second, various IP protocols like Bittorrent actually game congestion control to get more than their fair share of the pipe, and there's really no way to prevent this (e.g., what Comcast tried isn't a good solution).
The belief that no-one is working on this is incorrect, however. There's some very good work being done in the IRTF (a research organization associated with the IETF). They did a really cool presentation on their work at the Stockholm IETF this month. There are really good people at various ISPs and running the backbones. It is not the case that it's all on autopilot and slowly decaying. E.g., check out Hurricane Electric. Comcast has a very good team.
The most hopeless thing I see on the Internet is the continued prevalence of operating systems that are highly vulnerable to attack due to poorly-thought-out security models. Apple is starting to do some interesting work on this - they recently hired the guy who did BitFrost for the OLPC project, for example. A big complaint about Bitfrost is that it's not necessarily all that useable, but if anyone can fix that, it's probably Apple. Would be nice if Microsoft weren't backsliding on this.
The internet has very many technical shortcoming and many businesses make their living off of compensating for them. It turns out that the trade-off between fixing the technical problems and paying someone to compensate for them falls in favor of paying someone. What's the problem here? The only reason to make the technical changes is when the costs are too high (which apparently hasn't happened yet) or physical limits are reached (e.g. running out of IP v.4 addresses). I don't see a problem with this...
Christian Science is a religious group founded in Boston by Mary Baker Eddy in the 19th century. They believe that healing can be accomplished through prayer. Yes, they sound odd, don't they? Nevertheless, part of their worldview is a deep abiding interest in world affairs, and a complete lack of the sort of bias about them you would expect. Their newspaper, the Christian Science Monitor, is one of the finest, most respected dailies in the US, and its journalistic standards are unimpeachable (though I wouldn't personally stretch them too far on healthcare). As a result of those high standards, the print edition is going out of business. See the Wikipedia article on the Christian Science Monitor (i.e., CSM).
There's the Future Internet Symposium 2009 (http://www.fis2009.org/ ) in Berlin next week which exactly targets the topic in the post. From the call for papers: "With over a billion users today's Internet is arguably the most successful human artifact ever created. The Internet's physical infrastructure, software, and content now play an integral part of the lives of everyone on the planet, whether they interact with it directly or not. Now nearing its fifth decade, the Internet has shown remarkable resilience and flexibility in the face of ever increasing numbers of users, data volume, and changing usage patterns, but faces growing challenges in meetings the needs of our knowledge society. Yet, Internet access moves increasingly from fixed to mobile, the trend towards mobile usage is undeniable and predictions are that by 2014 about 2 billion users will access the Internet via mobile broadband services. This adds a further layer of complexity to the already immense challenges."
I honestly don't even think IPv6 is needed. We just need recall some of those huge blocks of IP addresses that have been allocated for no good reason and implement NAT/proxies more widely.
NAT requires jumping through all sorts of hoops to try to get back to the host-to-host connectivity that IP used to allow. It's slowing the adoption of things like IPSEC and makes any application that requires peer-to-peer connections a chore to set up. NAT is not a good thing.
Just about every single company uses firewalls nowadays anyway, there is absolutely no reason for them to have huge blocks of IP addresses like they currently do (they don't even use them!).
While I agree that some organizations have many more addresses than they will ever use, firewalls have nothing to do with NAT. Every company *should* use a firewall, of course, but firewalls worked perfectly well before NAT, and they will continue to work after NAT dies a deserved death.
"Well kids, you tried your best, and you failed. The lesson is, never try."
Sorry, my mistake. It does, however, make the switch look that much more nefarious as Ted Kennedy was most definitely a D.
Learning HOW to think is more important than learning WHAT to think.
It's a religion that has existed longer since you've been alive. They come up quite regularly in popular entertainment as the most respectable group who believe in "faith healing" and avoid surgery etc.
Independently from their oddities, they've published a very highly regarded news source called the Christian Science Monitor for many decades. They are respected for their independent voice, accurate reportage, and even handed investigation.
This is all common knowledge. Read about something that isn't a computer sometime?
-josh
To quote an article I once read that addressed what you are saying:
The long and the short of it is that NAT is only a band-aid... it is not a scalable solution. NAT can only be "good enough" as long as the above issues remain unimportant to a majority of people.
File under 'M' for 'Manic ranting'
The CSM is a serious paper which tends to focus on international news. Probably one of the best, actually. It is owned and operated by the Christian Science church (of which, to be clear, I am not a member.) But other than the rare editorial, that doesn't really influence the reporting at all. Its reporting style makes it something like the NPR of news papers.
Oh, and if you reassigned all of the large, assigend-but-unused, IPv4 blocks at the current allocation rate, they would all be gone within 18 months. Good long-term thinking there.
I am TheRaven on Soylent News
Some of the "problems with the Internet" are not technical problems so much as social, legal, and financial ones.
SPAM would be an example - except that today's legal approach has failed catastrophically to address the issue. The US has a weak "you can spam" act, and the UK is worse (Spam can only be stopped, one spammer to spammee "information" flow at a time, starting from the second message any given spammer sends to any given recipient). But the problem is not IP. Nor is the problem, fundamentally, that anonymous virtually-free email is possible (it is a system that has many important benefits - from global accessibility, to anonymity). The problem is unscrupulous users who exploit the internet by sending spam.
The Network Neutrality debate is driven by under-investing ISPs who want to run an under-resourced cheap network, and split it into many segmented markets, where they can charge each separate segment as much as it will bear without going into bankruptcy. This will fossilise current usage models of the network, and be a huge barrier to innovation.
Many of today's security "problems of the Internet" are no more Internet problems than mugging or burglary are a problem with streets. The real problem is undetected criminals, and insecure computers and protocols.
Most of these issues either are being addressed - or can be addressed without "fixing" the Internet.
Paul "Say no to feeping creaturism"
"I am stuck on Band-aids, 'cause band-aids stuck on me,
I am stuck on Band-aids, 'cause band-aids stuck on me,
updating specs is a PITA now,
with dysfunctional ISPs,
We're all stuck on Band-aids now, 'cause of our sucky ISP!" "
IPV6? Do you really want to give each toaster an individual ip addresses? You know toasters have a plan!
Well...while I don't believe quite as they do...
1) Nothing in "Christian" precludes "Science".
2) The converse is also true.
3) The term, "Christian Science", is something that is typically placed in front of the writings and beliefs that have come from the Church of Christ, Scientist (Not to be at all confused with Scientology! :-D) One of several Protestant denominations.
4) The term, I believe, came into use when Mary Baker Eddy founded the denomination back in 1879, in Boston, MA.
It's not a "specification", per-se. Had you dug just the slightest bit, you might have found out your answer to those questions you posed, snide though they were.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
To add to the other good replies to your message.
"Recalling" those "huge" blocks (and note that there is no legal justification for any entity to be able to do so) would also only be a band-aid. If you "recall" all of the /8 blocks that are globally assigned that are likely underutilized, you only extend the lifetime of IPv4 by a handful of years.
Many people point to NAT as a way to prevent the depletion of IPv4 address space, but what most of them don't realize is that NAT (despite the huge problems that hitch along for the ride) has *already* served that purpose. We're *still* running out of IPv4 address space, even with ubiquitous use of NAT (including being hobbled by the problems that it brings). If NAT hadn't seen widespread use already, we would have run out of IPv4 address space years ago.
NAT creates problems, and it doesn't even fix the problem that people are positioning it to fix (ie, the depletion of IPv4 address space). We're still going to run out, we still need to transition to IPv6, even if you "recall" those big blocks and make everyone use NAT. Taking the steps you suggest only extends the horizon of the problem, and only extends it by a relatively small amount.
... the eyeballs are on the internet advertisers are itching to get at eyes that are no longer on television.
Let's not also forget gaming, tv and porn is on the internet. Also a significant amount of ecommerce happens online (amazon.com, ebay, etc, etc).
Quite frankly this is like crying wolf when there are no wolves around.
Yes. I'm not a Christian of any denomination, but I've been impressed by the quality of reporting by the Christian Science Monitor over the last few years. It's aimed at non-specialists, but it generally provides good coverage.
I am TheRaven on Soylent News
Did somebody accidentally the internet again?
All that we see or seem is but a dream within a dream.
Anyone cares to tell me what the words 'christian' and 'science' are doing together ? I mean, do they live in a universe with different rules with different science or what ? No, I'm not thinking about the evolution denier idiots, I assume this refers to run of the mill christians. So why the specification ?
Your average 'run of the mill' Christian believes that Science is a set of rules and theories about a universe created by God.
Science for it's part, hasn't found anything that flat-out irrefutably contradicts a universe that has been intelligently designed...and it has found no irrefutable evidence that it has. Personally I don't see a conflict between the words 'Christian' and scientist anymore than I would see one between 'gay' and 'scientist'.
What are they going to do? Cover up the 'gay' gene if it gets discovered?
There's no place like
Let's see... nothing at all to do with Science, not mainstream Christian, Scientist in their name but entirely unrelated to Scientology... yup, I'm confused.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Kinda like I2P?
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Just unplug the router and plug it back in. Works every time.
Ginga no Rekshiya Mata Each page.
who ever comes out on top wins and will have the new standard. it'll boild down to a popularity contest. The fastest and easiest will show more color.
"Be who you are and say what you feel, because those who mind don't matter and those who matter don't mind." -Dr. Seuss
Sounds like the gov't "heath care reform" to me. Lots of nebulous words that could mean something different to every person who hears them. Define "upgrade", "improvement", "solution", etc. Well, you get my point.
Another poster was kind enough to point out some of these details here: http://slashdot.org/comments.pl?sid=1348243&cid=29201683
I need to read through those before I understand what he considers are the deficiencies of the current infrastructure that require re-architecting.
And I disagree the IPv6 is an architecture issue. All the major OSes support it: XP on up, Linux, OS X, VxWorks, IOS, etc. All of the major router/switch vendors have supported it for years: Cisco, HP, Juniper, etc. It is a matter of coordinating address block allocation and enabling it in the various ISP networks. Many home gateways are DHCP, so there isn't much of a challenge in configuing for the end users if the ISP does it right using either DHCPv6 or stateless autoconfiguration.
How do you perceive IPv6 as an architectural issue at this point? I agree that it was, once, but that time is long past.
Learning HOW to think is more important than learning WHAT to think.
If there was "someone" (in this context meaning "some company" or more likely "some government agency") was "in charge" of the internet, I think it would probably be much worse off than it already is! Having the underlying technology essentially owned by no one has, in my opinion, kept the playing field much closer to level than if there was anyone "in charge" of it; if it was a company, then they'd eventually leverage the technology to their own advantage and charge everyone else for the privelege of using it, and if it was a governmental agency, then fixes for any problems that arose would likely get mired in red tape to the point where it would take years, if not decades, to get anything significant done. There needs to be a consensus between all the companies that you'd consider the big players in the internet game, however, and sadly we're far from ever seeing that, either.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
There is no "they" who has the responsibility for fixing "it". The Internet is a collaborative cooperative: everyone takes care of their part of it, cooperating with de-facto standards, and contributing a little money for those very few services everyone needs done by a few people.
If you want the Internet "fixed", then it's up to YOU to do YOUR part. Do you run a IPv6-compliant OS? router? server? Do you implement/support whatever you believe needs to be done to "fix" YOUR part of the Internet?
- yes? Then when the time comes when the alleged problem must be solved, you've already taken care of your part - and (we hope) everyone else has done the same with theirs. There won't be a problem if everyone is proactive about the issue.
- no? Then WTF are you complaining about? There is no "net-mommy" whose job it is to clean up your room along with everyone else's.
"Oh," you'll complain, "what about everyone who DOESN'T fix their part? Shouldn't ICANN or someone FORCE them to comply with what I think should be done?"
Welcome to freedom. Enjoy your liberty. You get to do what you think you should do, and others get to do what they think they should do. When SHTF, you're ready, and they're not, and you'll find things have a way of sorting out.
Grow up. No, I don't mean that in a mean way. I mean: you are an adult now, meaning YOU are one of the people who makes the decisions you grew up assuming someone else was responsible for. "The government" (be it a nation's leaders, ICANN, or other empowered body) is just a collection of people like you; they're not super-adults or minor deities whom you naturally petition for care and security. YOU have freedom & liberty & responsibility - take care of your part of the Internet (and everything else) as you see best, cooperate with others as best you can, prepare for the failings of others, and make sure YOU are not one of those who fail.
Upgrade your networking stuff to do what you think it should (IPv6, etc.). Start using the improvements, showing your ISP that they need to upgrade (if they haven't already). Be the improvement, live the benefits early, be ahead of the curve, be ready for what comes. When the digital SHTF, your part of the 'net will work and will attract those who want to work with those others that work; those not ready will either fail (good riddance) or cope (catching up to where you are).
Who will fix the Internet? YOU will. You don't want a net-nanny telling you what you can't see/do on the web, so why do you want one telling you what you must see/do on the web?
Can we get a "-1 Wrong" moderation option?
I'm not certain of how the stimulus was delivered, but it seems it would have made a lot more sense if, rather than just giving money to the ISPs, the government hired them for a particular task. I think most of the giant ISPs are flush with cash, they just need someone to tell them how to spend it. This, by the way, is another failure of capitalism: people tend to horde the money rather than pay for maintenance.
Whoa, dude. The first seems a rather disjointed rambling around several disciplines, with no clear summary, or even point. The second? 416 pages (not including appendice, index, or the 9 page bibliography) - it's gonna take awhile to read it, let alone digest it.
Is there a Clifford's Notes version?
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
They are quite possibly the best and least biased foreign news reporters in the world, bar none. Excellent work they do.
CSM is very widely respected around the world. When I had a job analyzing foreign affairs, keeping up with CSM was my first duty.
"I zero-index my hamsters" - Willtor (147206)
The adoption of a new technology is generally not driven by those who dominate once it is widespread. It tends to be driven by early adopters, who are willing to spend the money to try out a new technology. They either prove it, or they have tons of problems. As soon as somebody proves a technology is viable, a business shmuck at some large company can make a successful pitch that "This is the future, etc, etc...and it's already proven technology so the company doesn't have to worry about hiccups, etc, etc".
That is why Porn killed Betamax. Not because Porn represents a large market share, but because Porn was willing to be an early adopter of VHS. They proved that video sales and rental via VHS was viable. Once that happened, the major video players we unwilling to take a bet on Betamax, no matter how superior it was, because they looked at the Porn industry and saw that VHS was already in use, and therefore, the business plan and technical hurdles were done for them, guaranteed.
"The GPL is viral by design, like any good religion."
...of the editors posting provocative and largely worthless flamebait, due to having mistaken it as news.
Factual reporting of actual events counts as news. Trolling, attention seeking, punditry, or navel gazing do not, and I don't care how supposedly "respected," said navel gazer is.
I certainly agree that we will run out of IPv4 address space someday. But it doesn't look like that day is particularly imminent.
Consider that IANA currently has 28 /8s marked as UNALLOCATED. That means they are sitting there ready to be used, but haven't been touched yet because they haven't been needed.
Consider that there are another 16 /8s in the 240-254 range that could fairly easily be made usable. Non-CIDR routers are already broken by the modern Internet, so there should be few or zero devices that recognize this as Class E space and care what that means.
So there isn't that much pressure on the 20-or-so underutilized early assignments. If and when we get to the point where the slack is gone and the underutilized networks are the only way to get more address space, their IP ranges will by then be so valuable that they will be happy to sell them.
And by the time that happens, ISPs will already be selling web hosting accounts for $10/month on IPV6 or $50/month on IPV4. Which is what will finally drive IPV6 to the finish line, if anything does.
-Graham
Solving world hunger would be easier than "fixing" the internet. Not only would you need someone to be willing to take on the task of regulating the internet, they would also need to have the authority to enforce their regulations around the entire world. Who would be able to do that? Those owning the technology that needs to be updated, replaced, or implemented differently would need to have the extra funding to do so. Where is that going to come from? When the changes finally are implemented, how is it going to be coordinated on such a huge scale? Look at how IPv6 implementation is going for an example of how difficult this becomes.
My point? Even if you come up with a solution that's better than a band aid, you'll never be able to implement it. Applications that require a better infrastructure should be run on Internet2 or another controlled network. Perhaps the author should become involved in that project?
Would your proposed fix break the current internet?
If so, you'd better follow the IPv6 route, and only implement it as a separate sub-net linked by conversion protocols.
Would the existing internet break your proposed fix?
If so, you'd better follow the IPv6 route, and only implement it as a separate sub-net linked by conversion protocols.
If no to both questions, then just implement your proposed fix, and let those who want to use it, use it.
I think we've pushed this "anyone can grow up to be president" thing too far.
NAT IS NOT A SECURITY MEASURE!!
HOW MANY TIMES DO WE HAVE TO BEAT THIS INTO YOU! IT NEVER WAS, NEVER HAS, AND NEVER WILL BE A PROPER METHOD TO SECURE A NETWORK!
*starts whipping the dead horse*
NAT was designed to share network addresses and not to firewall your computer. It just so happens to protect from certain worms because it doesn't know how to deal with certain NAT configurations.
However, NAT is not a replacement for a proper firewall because some of those bots can call home even though a NAT.
If your box can be owned when its on a public IP, it can owned when its behind a NAT.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
I honestly don't even think IPv6 is needed.
There are more people on the planet then IPv4 addresses. So no matter what kind of reorganization and cleanup you will do, we will run out of IPv4 new addresses really soon. The trouble of course is that this simply means IPv4 addresses will get more expensive and people will fudge around with even more NAT, not that ISPs will switch to IPv6. After all why replace a valuable resource with a free one, there is nothing to gain for the ISPs with IPv6 at the moment.
Most of the proposed "upgrades" are worse. There was a "Clean Slate Program" at Stanford, but the general idea was to put the network firmly under the thumb of the carriers, turning the Internet into something like mobile telephony. That didn't fly.
IPv6 and IPSEC would fix most of the problems down at the IP level. It might be useful if the FCC mandated that US ISPs must support IPv6 to consumers by some date. More likely, China may mandate IPv6; they need the address space. The 2008 Olympics was mostly run on IPv6, so the technology is working there.
And, most importantly
Welcome to the Turing Tarpit, where everything is possible but nothing interesting is easy.
It runs fine for me. Frankly, I'm afraid that if anyone gets 'in charge', and 'improves' the internet, it won't be anywhere near as free and useful for any Joe Public to get on, express views, be anonymous, etc.
It doesn't run fine for me. Speed is too expensive, particularly upload speeds. It's too easy to spoof domains because of the separation between DNS and SSL certs. I get tons of spam-- 80-90% of the email I receive is spam. Most gets filtered out, but it's still a problem as far as I'm concerned. It's hard to have a reliable connection to my home servers because my ISP tends to drop the connection, and besides, they won't give me a static IP unless I spend an extra $100 for a "business account".
Now I don't want anyone to be "in charge" of the internet, and I like the option to be anonymous. However, I'd also like better tools for me to be able to say authoritatively "I really am who I say I am" without having to send silly amounts of money to a CA who really isn't doing very much. There are some things that could be improved.
Of course, people are going to claim that IPV4 depletion is always 700 days away - this is true. But what they're missing is that IPV4 depletion is like peak oil - you won't have some random guy scrape the bottom with his shovel and suddenly that's the end and there's chaos everywhere. As there are fewer and fewer IP addresses, people will become more and more conservative about them, trying to conserve them, and eventually there will be a cost to each IP address that will keep increasing. The problem is, some of the tricks used to save addresses, like NAT, are really bad for the internet - NAT traversal difficulties make it much harder for two computers to connect. If the world could switch to using water as an energy source just by changing a protocol, you wouldn't see much opposition at all.
Why would they be exposed to the unfiltered Internet just because they had a globally unique address? Those are different concepts.
Go Beavers!
Did you ever wake up in the morning, with a Zombie Woof behind your eyes? -- FZ
This article appears on the Slashdot home page sandwiched between 2 articles about hackers and malware. Are those incentives to fix The Internet?
Repeat after me: "Christian != Creationist". Not every christian denies evolution, and understanding evolution doesn't make one a non-christian.
Yeah, because christians never contribute to science.
I know what you are aiming at but still, computer behind the NAT is more secure then the one on the public IP.
The computer behind NAT can't be port probed from external address or act as a proper server, big difference. This (NAT) will shield it from 0day exploits of vulnerable OS services for example.
You forgot Gregor Mendel.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Working fine here. All this talk of "fixing" is just a way to control what should not be controlled. Let the demons roam free, and the angels mingle in the muck. The global connection project has succeeded. Now some would like to see it fail, or stop working so well. Beware...
I think therefore I can't be ~TTNH
We've had this discussion here a 100 times regarding email and SMTP. For their to be a change somebody big: Federal Government, Microsoft, Verizon.... has to push through the change. So far they don't have a reason to do it.
Good point regarding IPV4. Hopefully this starts pushing up the cost of existing domans while IPV6 is cheap and ....
http://christianscience.com/questions-christian-science-faq.html
http://en.wikipedia.org/wiki/Christian_Science
IPv6 means I have to get permission from someone else to IP my personal devices.
None of my routing equipment supports IPv6.
The "globally unique address model" isn't a perfect idea. See point 1.
NAT generally does not break the Peer to Peer model.
NAT helps enforce security and QoS applications.
NAT is preventing significant costs.
etc, etc, etc.
I know IPv6 gives people a giant bonor, but the internet is not facing imminent demise. The FUD surrounding the issue is mostly bullshit and it's not helping.
DNA evidence and the similarities between species...
Don't tell me you've never cut-n-pasted source code.
More important, can anybody explain why they think it's a good idea that "someone" fix the Internet? I can't imagine that "someone" would go to this trouble without expecting to own the internet, and we're already fighting the many bad actors who would like to own the internet.
You want to fix the internet? Pass Net Neutrality regulations and/or make all phone companies government-regulated public utilities.
You are welcome on my lawn.
Even if IPv6 is "just a band-aid" I don't understand why it hasn't been implemented fully. The summary says that IPv6 has "stalled" but I'm not sure why. If anyone can explain it in a sentence, would you mind doing so?
You are welcome on my lawn.
* NAT prevents direct attacks on Internet- connected machines
* NAT prevents snooping of internal network structures
You misspelled "firewall"
There are 0x40000000 types of people: those who understand 32-bit IEEE 754 floating point, and those who don't.
>>>It tends to be driven by early adopters,
Correct. That was Hollywood movie rentals back in the 70s, and TV websites (like scifi.com) and stores (like amazon.com) in the 90s that were the early adopters. Not porn, which although present, also exaggerates their influence the same way they exaggerate the size of their body parts. ;-)
Of course if you think I'm wrong, then please provide some PROOF (i.e. numbers) to show that we owe the porn industry for the VHS and dot-com boom. Good luck. As with typical urban legends (like the guy waking-up in a bath and no kidneys), you won't find anything to back it up because it never happened.
>>>unwilling to take a bet on Betamax, no matter how superior it was
Yet another myth. Betamax and VHS have identical specs - 3 megahertz luma bandwidth (250 lines horizontal resolution) and 0.4 megahertz chroma bandwidth and 20-20,000 Hi-Fi sound. The only place they were not identical was Betamax's paltry 1-hour record limit, while the first VHS decks could do either 2 or 4 hours. From the point-of-view of the consumer 4 is a hell of a lot better than 1, especially if you want to record Monday night's football game.
Even later when Sony realized their mistake and extended Betamax's record time to 5 hours, it still couldn't match VHS' maximum 10.5 hour length. It was the battle over time that made VHS win consumer loyalty.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
Let's call it Universal Internet Reform, declare the internet as a basic right, and have the US Government supervise, monitor, and maintain all aspects of the internet. If you want to register a domain name - talk to the new government agency, the United States Internet Maintenance and Monitoring Agency, or NAMBLA.
And, most importantly
This is something you can activate on a router/firewall the same way today you activate Nat and Upnp to open some ports. Really, it's just a matter of the configuration guy to drop by default incoming to connection not initiated by you and enable only the hosts that are allowed to receive it.
IPV4 addresses will be exhausted at a time according to the following formula:
Wiggabu + 18 months
where Wiggabu represents the time you are currently reading this equation.
-- I was raised on the command line, bitch
I echo the sentiments of the majority of the posts that do not want any more central authority than already exists on the internet. But the problem of shrinking IPv4 address pool will be fixed as the IPv6 address pool starts getting utilized more. Dear Uncle Sam here in the U.S. already mandates that all network capable devices sold to the Federal Government be IPv6 capable. So when they are ready to take the plunge, they can do so fairly quickly. Many commercial entities are also doing the same. So with more IPv6 addresses being used, the take rate on IPv4 addresses will level off, then actually reverse and more addresses will be available. With IPv4 encapsulation, many of the IPv4 devices can be allowed to be purged on their natural cycles, eliminating the need for any mass purge of older devices. I think this is a tempest in a teacup and there is probably nothing to see here. Keep movingâ¦
Much like the transportation industries, adding new safety gear after a huge loss of life, the network is still based on capitalist concerns.
Ever wonder why there are places in America without cellphone coverage? It's because, in a zone where not even ONE phonecall will happen for 10 years, there's zero financial reason to invest the money: it won't nearly pay for itself, and it'll likely go unused for the term, until it needs updating. So what's the point?
In the ISP business, things are kinda cut-throat. If there's no force to make them do it, it won't get done. There are tight margins in this business.
Remember the 286? People cheered: "Hurray for protected mode!" (or was it real mode?) But no one wrote an OS for it for a long time. It's why the 386 was created, so it could switch between modes. Those modes were unarguably better: it just required a need.
So don't expect someone to write a standard for the internet and just have them follow it voluntarily. Remember how .com was for commercial entities, .org for organizations and .net were intended for ISPs? How long did that last?
When we start to run out, it'll be the hot ticket to get on IPv6. It's unarguably better. But since most people deal with the mediocrity of Windows there's no pressure to make the move. One person in 500 even knows what this is. Don't worry: it'll come.
--- For a good time mail uce@ftc.gov
There's no incentive for the ISPs to fix the problem?
I think if there's a way to increase profits by reducing equipment costs, then there is an incentive. One of the original authors of the TCP/IP protocol just designed a stream router (as opposed to a packet based one) that will route orders of magnitude more data for roughly the same cost as a conventional switch or hub. [citation needed] If ISPs adopt the thing, they spend less money on upgrading infrastructure to meet need and make more money. Money is a good incentive. You can make just about anyone do anything for the right amount of money.
It's annoying. Being a provider who is in transition from IPv4 to IPv6 I can say that people want IPv4 and if that's what the guy who is paying you money wants, that's what you give him. Because if you don't, he goes elsewhere. So really I'm looking forward to IPv4 running out because once my competitors stop handing out huge blocks without question then maybe my customers won't threaten to take their business elsewhere when I mention they need to actually prove they need the addresses before we expand their block. So yes, I hope the IPv4 Deathclock speeds up just a touch.
The Goal: A long simple life filled with many complex toys.
Sure, supply and demand. Where the demand is great because of IPv4 address shortage -- Asia -- it hasn't stalled and has been rolled out robustly. Where it is NOT in demand, because there is no shortage of IPv4 addresses in the U.S., it has stalled. Aside from large address space, there really isn't a compelling benefit to switch to IPv6. As much as geeks like things like mandatory IPsec support, autoconfig, etc. they are geek appealing and not appealing to the masses.
Learning HOW to think is more important than learning WHAT to think.
Let's start by creating true network neutrality: get the ownership of the wires into public hands. Buy the telcos and backboners out, paid for with tax increases if necessary. Once We The People own the wires, then we can have real conversations about fixing things.
On the global scale geographical routing could be used, with a registry mapping the public keys to their general spatial neighborhood (General so it was less of a privacy concern, say 16-256 km^2)
That would never work in the United States. We have no idea how to measure this "km^2" thing you speak of.
There is very little future in being right when your boss is wrong.
The possibility of the fear your having actually becoming reality is pretty unlikely. Most of the companies your afraid of doing those things don't even have their own overseas infrastructure. Just like us smaller shops they rely on international fiber companies who specialize only in fiber... they don't care what data is going over the fiber. The more the better. Anything that limits the amount of data going over is an attack on their business. The real people 'in charge' of the internet, those "corporate masters" your afraid of, WANT you to push useless data, they are on *your* side.
... it aint happening. If the law passed tomorrow it'd take decades to enforce unless they wanted to just cripple it into in-usability, that's possible on a local scale.
It's your ISP thats being a cheap bastard and wanting to shape/limit speeds, they don't want to invest in their own infrastructure. Why upgrade when you can just get rid of those 'abusive customers' after all.
If you ever get the chance I strongly recommend you take a walk through a carrier hotel, once you see a place like that you'll realize that no one company owns or controls *anything* on the internet, no matter how big or powerful they are. The internet outgrew the USA's control and even oppressive regimes with limited fiber can't control what their citizenry see
The Goal: A long simple life filled with many complex toys.
I would not be surprised to see a kludge put in for IPv4. Something along the lines of using unused bits within the ip header to create multiple ipv4 spaces....
Service guarantees Citizenship! Questions Guarantee GITMO.... Amerika Uber Alles!
I've often wondered what would have happened if the government hadn't stuck it's nose into the computer business by creating the internet. I imagine Private networks would have grown. Companies like AOL and Prodigy would have created networks for consumers to dial into. These companies would have had a strong financial interest in keeping the networks safe from pests like spammers and viruses. Eventually some of these companies would seen the benefits of offering access to each others' networks to create larger networks. Perhaps some companies would have seen the benefits of making it cheap or even free for people to set up their own servers. Applications for visiting different networks would have been built.
I think we would have ended up with pretty much the same major benefits of the internet but with strong infrastructure based support for preventing viruses and spam.
Necessarily the internet the emerged wouldn't have been the same. And some things, like running your favorite video game on a high bandwidth connection, might have ended up more expensive, but I think overall the web would be a better place.
And who would pay for the upgrades? That wouldn't even be an issue.
I often don't like the choices people make, but I like the fact that people make choices. That's why I'm a conservative.
The internet is a business driven platform. If there is no incitement or clear gain for the industry or private user there will be no reason to "upgrade". You have to strive to a very clear gain if you want to implement a new technological wonder like the IPv6
In order to form an immaculate member of a flock of sheep one must, above all, be a sheep.
I honestly don't even think IPv6 is needed.
There are more people on the planet then IPv4 addresses. So no matter what kind of reorganization and cleanup you will do, we will run out of IPv4 new addresses really soon. The trouble of course is that this simply means IPv4 addresses will get more expensive and people will fudge around with even more NAT, not that ISPs will switch to IPv6. After all why replace a valuable resource with a free one, there is nothing to gain for the ISPs with IPv6 at the moment.
Well, 1.6 million people can easily use one IPv4 address for their basic internet needs. So, I'm not so sure the number of people on the planet is directly related to the number of needed IPv4 addresses...
-Dan
How can a computer communicate with a NATed computer that it has not initiated communications with?
It's invisible!
Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
I'll be happy to stick with the current internet system that is out there. I like the idea that I can hook a computer on it, and instantly become a peer with any other computer out there, no matter if it is a farm kid on dial up, or a massive corporation's data center.
The reason you can do that now is because the internet 'grew up' protected by govt regulation that required net neutrality. That situation no longer exists, and the corprate masters you talk about are now in the process of testing the waters to see if they can get away with changing the paradigm to the benefit of their own pocket books at even greater expense to the consumer.
The situation the person in the topic article decribed was created by those corprate masters. A previous administration/govt deregulated the industry and gave the telco's a lot of taxpayer money to upgrade infrastructure and services, and industry for the most part hasn't responded. So now we are in a situation where we need to ensure that net neutrality continues; so giving a federal agency the mandate with the requisite responsibility, resources, and authority seems to me a good idea. Along with authority comes accountability; we haven't seen industry act responsibilty, so we really have little to lose, and much to gain.
Anytime government or corporate behemoths talk about "fixing" something like the backbone or underlying structure of the internet they're generally looking to fix it to better serve their interests.
As many posts have already eloquently opined, these attempts can often be about control; the proposed changes can involve things most of us who support privacy, anonymity online and true network neutrality abhorr.
The internet will continue to evolve as it always has, and only in ways in which it needs to, if it stays as "ownerless" as it is now...to me, anything else, especially if it involves more beaurocracy or legislation or control being given to some body that isn't purely committed to an open, free internet, is dangerous.
In case that was unclear, I mean, they can *share* a single address.
-Dan
Al Gore. He invented it. May be he will fix it.
-- It is the mark of an educated mind to be able to entertain a thought without accepting it. -- Aristotle
I modded you redundant on accident.
I accidentally modded you redundant.
Look at www.psirp.org, a project for redesigning Internet's architecture.
NAT provides a level of security, whether it was designed to do that or if it comes along as a side-benefit.
I have a PC sitting behind a NAT router. I dare you to reach out from a site I don't currently have a connection to and touch that system in any way, shape or form. Every attempt YOU make to touch that system ends at the router. It doesn't matter if I have a completely unsecured FTP/SMTP/HTTP/whatever server running on that system available to everyone else on my local net, YOU can't touch it.
Yes, of course, NAT won't protect me from malicious websites I visit, but then, neither will a firewall. NAT won't stop me from installing malicious code, but then, neither will a firewall. If you are claiming that NAT isn't security because it doesn't do everything a firewall does, well, that's a silly argument.
NAT was designed to share network addresses and not to firewall your computer. It just so happens to protect from certain worms because it doesn't know how to deal with certain NAT configurations.
It protects you from a lot more than "certain worms". It protects you from anything that propogates by an inbound connection.
However, NAT is not a replacement for a proper firewall because some of those bots can call home even though a NAT.
Duh. Any CURRENT INFECTION can connect outbound through a NAT router. To claim that this means NAT provides NO security is simply ridiculous. In fact, any current infection can connect outbound through most firewalls, because most firewalls are configured to prevent incoming but not outgoing connections, so even firewalls won't protect you from the effects of a bot already on your computers. Yes, you can firewall your infected system after the fact and prevent it from calling out, but similarly you can simply shut it off and accomplish the same.
If your box can be owned when its on a public IP, it can owned when its behind a NAT.
And to BECOME owned when you are behind a NAT requires the same actions that would result in you becoming owned behind a firewall. Connect to the wrong place, install the wrong thing, bingo. But NAT won't allow outsiders to connect to your inside services, and so that vector for infection is gone.
Well there are 2 links to respond to them at the bottom of every page; labeled "Feedback" and "Contact Us." Certainly they're not like Slashdot where they're mostly commentary, but then not every site can be nor should be. You could, though, submit a Christian Science Monitor article to Slashdot and probably start a quite good discussion.
As for their articles often being rants, I'll sometimes think someone is ranting when I disagree with them. Often articles are written for people whom are informed, whom bring to the article a background of knowledge about the subject and the world and can thus absorb differing perspectives or interpretation of facts, or even rants. News articles are just that, new articles about familiar and occasionally unfamiliar events; they're not the be-all end-all last statement.
Well, no one was "in charge" of the Internet during its period of vastly largest growth and improvement: the last 14 years since the NSF released control. And even during the years and decades before that, as the Internet became something everyone wanted and many contributed to, there was no one "in charge" of it. No one's ever really been "in charge" of the Internet, which is why it grew as fast as people wanted to participate. The "no one in charge" model is exactly why the Internet became successful.
I notice that the cablecos, telcos and other major ISPs are not any good at innovation on their own networks they're "in charge" of. I notice that the more the Internet has become owned and controlled by fewer corporations, the less innovation, worse maintenance, more abuse and total aimlessness has taken over.
This report was written by some authority worshipper who ignores the Internet's history of success without someone in charge. They want some authority, so they make it sound like the Internet needs one. When the more authority it's had, the worse it's been.
--
make install -not war
Or as IPv6 is deployed those IPv4 blocks become worthless.
Cory Doctorow talking about cloud computing makes as much sense as George W Bush talking about electrical engineering.
Its something that may have already happened and which can't certainly be determined, in any case, except retrospectively?
Nothing is good or bad for "the internet", which doesn't have desires, which is the only thing by which good and bad can be evaluated.
NAT may be bad for certain classes of internet users (e.g., most of them), but making it hard to do arbitrary client-to-client communications on basic connections is good for both major ISPs, as it enables market segmentation, and for established providers of services over the internet (as increasing the cost of hosting accessible services or providing peer-to-peer services poses a barrier to competition.)
Yeah, you would; from powerful entrenched interests whose power is dependent on the current energy markets.
Actually, it's fairly easy to do. I've seen NAT routers can be tricked using UPNP into opening ports. Of course if you don't have UPNP, or have it turned off, there's no issue, but there are a number of ways to get around hiding behind NAT (and other firewalls) these days.
Is it in heat with tons of pussies aroun...? ...OH SHIT!
Any sufficiently advanced intelligence is indistinguishable from stupidity.
Why are we bothering with IPV8? I say lets skip right ahead to IPV64.
But seriously folks, why isn't there an Encrypted bit in the IP header by now?
...The computer behind NAT can't be port probed from external address or act as a proper server, big difference.
Those functions are provided by routing/filtering. NAT by itself does nothing to protect you. An open NAT box will send everything to the designated IP.
To claim that this means NAT provides NO security is simply ridiculous.
On a technical level, NAT does absolutely nothing to protect you. It simply translates one ip to another. Take a typical SOHO internet router for example, it can use a specified IP for a DMZ. That turns off the filtering rules, (they are what protect you) while NAT is still running.
One of the first Linksys home routers would allow unauthenticated admin access with text-only based browsers.
DNA evidence and the similarities between species...
Don't tell me you've never cut-n-pasted source code.
LMAO! My Kingdom for mod points...
There's no place like
I honestly don't even think IPv6 is needed. We just need recall some of those huge blocks of IP addresses that have been allocated for no good reason and implement NAT/proxies more widely.
It is needed for ubiquitous computing, sensor networks, internet-enabled whiteware/intelligent home, etc. Also Mobile IP.
Also, IPv6 is more than just more addresses. Read up about it.
NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
Well, the change to ipv6 isn't gonna help any of your problems....and it sounds more like your problem is with your provider.
I have a business acct with cox and am more than happy with it. For only $70/mo I have static IP, unlimited up/down (no caps), I can run all the servers I want, I have a low level SLA with fast service ...etc. As a bonus, they can't really filter the line due to speed needs...so, one could tap into the line for free tv too..
I don't think anyone in charge of 'the internet' is gonna help you, but, perhaps some legislation (mostly a city or state thing) could help with competition with providers in your area.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
You are suggesting the creation of a new address space. The specific details of the packet header are irrelevant to the fact I present here, that is, to support your new address space a large number of protocols must be changed to understand the new address format (34 bits, in your case) and direct packets to the right place.
That work has been done: it's called IPv6.
That's how NAT is broken. Unless there are specific reasons that you don't want two machines on the Internet talking to eachother, either computer should be able to initiate a connection to the other as long as the latter computer is listening for such a connection.
IPv6 fully solves the problem of address space shortage that we are facing today, and *IF* a person still wants NAT for whatever reason, they can still utilize it.... but with IPv6, it's not an inevitable necessity as it is fast becoming IPv4. This isn't about giving nerds a giant tech-woody, it's simply about employing a scalable and sustainable solution that can actually continue to effectively provide for the forseeable future. The best arguments against IPv6 ultimately boil down to little more than recognizing that IPv4's shortcomings are simply not important enough to people for them to invest in the change.
File under 'M' for 'Manic ranting'
Judging from recent moves from my ISP (They were much better before being taken over by OCN.), the ISPs are expecting a huge windfall profit from static IPs real soon now.
There are also those who expect IPv6 to bring more control over (and more profits from) the content they "provide".
(Never attribute to malice alone what can be augmented by stupidity.)
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
nt;
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
NB "Christian Scientists" should not to be confused with Christian scientists (e.g. John Polkinghorne).
Firewalls are capable of providing all of the positive benefits of NAT (transient traffic flow approval instead of mapping for example, blocking traffic not originated from the LAN, etc) save obfuscating the source address. Obfuscating the source address isn't particularly relevant from an attack perspective given that the entire LAN is still protected by the same Firewall process, NAT or not.
For example: you could NAT your LAN in 192.168.10.x space behind IP 1.2.3.4 .. you connect to shady.com port 80 sport 192.168.10.101:2000, NAT/firewall allocates 1.2.3.4:3000 for you. Shady sees all the traffic coming from 1.2.3.4:3000, but has no way (short of client-side malware) to know that maps to 192.168.10.101; nor can Shady care since all access to 192.168.10.101 is mediated by 1.2.3.4. Shady.com might try to port scan 1.2.3.4, and see any port forwards your entire LAN uses in one swoop, try to exploit them if possible. Moral: make sure you know what you are doing when you port forward.
Or, if you use IPv6 for your LAN, let's say you are allocated 1:2:3::/112. No need to NAT it, so you just firewall behind your gateway, let's say 1:2:3::4. You connect to shady.com port 80, sport [1:2:3::101]:2000. Firewall doesn't have to allocate a damned thing for you, but instead records the flow for [1:2:3::101]:2000 shady.com:80 as established from within the LAN and thus authorized. Shady sees all the traffic coming from [1:2:3::101]:2000, but it's not relevant since all access to 1:2:3::101 is still mediated by the firewall at gateway 1:2:3::4. Shady.com can port scan 1:2:3::101 if it likes, but won't see any open ports if you only allow LAN established traffic, or else sees your whitelisted ports for that IP only (instead of your entire LAN). Just like the IPv4/NAT scenario, keep your open ports secure.
As you can see, source IP obfuscation provides no meaningful advantage to the end user in this scenario. If anything, IPv6 users who feel like they want to use NAT could have the firewall choose random source addresses as well as random source ports out of their /112, and hide their 3 LAN devices within a pool of 65 thousand addresses. Would that not confuse a would-be attacker?
Still, the major drawback to be avoided with NAT is in breaking the globally unique address space and complicating inbound connection access, which will become a growing part of popular network policy over the next few decades. One thing Bit Torrent teaches us is that "the server" will less and less frequently have resources comparable to the "client swarm", so crowdsourcing the heavy lifting (from distribution to content creation to editing to caching) becomes vital to any scaling strategy worth it's salt. The hub/spoke communication model is slowly eroding in the presence of more sophisticated, decentralized many-to-many connection models.
NAT reduces a peer to a "consumer" which can only fetch data, but never re-offer it without convoluted port forwarding messes. Entire LAN's are limited to one named service per outbound IP, unless one wishes to screw with what port they offer services on, further complicating the job for other firewalls and participants of the content network.
You'll know what I mean if you've ever tried to configure mobile SIP access. Half the time you are behind a NAT, and you'll never know in advance if it's full cone, symmetric, or just somehow pathological. Sometimes you are nested within multiple NATs which each behave differently!
Some legacy UDP protocols I've worked with need to make connections to thousands of remote IP addresses at multiple, highly transient port mappings which bring NAT mapping tables to their knees. In a firewall-only environment, it's easy to whitelist access to swaths of ports for clients and then the gateway need not maintain tables for related traffic, but can continue to protect unrelated ports unlike with SOHO DMZ.
To sum up, NAT is not only a bandaid, but it's already pulling at our short-hairs.
People willing to trade their freedom of expression for temporary entertainment deserve neither and will lose both.
I assume you mean, so long as no more than a few thousand of these 16 million try to use the net at one time?
There are only 65k ports to a public IP address. Every outbound connection consumes a port to receive data back from the internet. Every meaningful web page access makes connections to up to a dozen foreign IPs (trackers, ad networks, all that fun stuff I get called a thief for AdBlock'ing ;3). Hence, you'll only get a few thousand of your 16 million, aka, less than one tenth of one percent ( < 0.1% ) of your customer base online at any given time.
What sort of beefy router you feel like running that gnarly NAT on by the way? Just routing that much traffic is hard enough, do you have any idea how much overhead you are making up for yourself trying to NAT every connection as well, when you could just adopt the ipv6 standard instead?
Seriously, you can (physically) stuff up to 20 people into a hotel room with 2 fire exits and one toilet. This was even a popular living arrangement for immigrants in the early 20th century. But who would do that when you could instead allocate square miles of land for every person's dog's flea?
I agree that the number of people on the planet is not directly related to the number of needed IP addresses. After all, my laptop has one, as does my desktop machine, my workstation at work, the Fax machine, my cell phone, my media center, the playstation, each CCTV camera I've got keeping an eye out on my house and the livestock, my web server at work, the off-site backup, and all of the virtual machine instances they host..
People willing to trade their freedom of expression for temporary entertainment deserve neither and will lose both.
I pay a total of $30/mo and have two high speed connections to my house.
Connection 1 has 5 public IP's, 6mbit down / 1mbit up uncapped, I'm only using one of the 5 IP's. I've got commercial grade routing equipment at my house so I can use 'em all, but I'm natting behind 1 because I have more than 5 things on my LAN, and can't think of a policy to spread that over these IPs..... and I'm lazy.
Connection 2 is 4mbit down / 2 mbit up uncapped. It comes from work, so I could assign it a /24 if I wanted to be really ambitious. This connection is new, so I haven't figured out how to even begin utilizing the blasted thing! I presently just hook it into my switch on an unused VLAN.
Connection 3: to be perfectly honest, I'm typing this all from a 2.5mbit down / 0.3 mbit up wifi connection at a hotel. The NAT here is outside my control though.
My email account is via Gmail. So I'll bet I receive plenty of Spam, I just never see it. I consider Spam as much of a problem as SSH trolling or religious fundamentalists. I see none of these as technological problems at the core. I think you can really only fight them by starving them.
I get SSL certs for free whenever I want. Each of my ISP's give me 3 nines of reliable connectivity, and if I load balanced them (too lazy to figure that out ATM, it seems ;D) I could increase the combined reliability to 5 nines.
So for me, while I'm sure things could be improved, they all currently bottleneck at my desk. I'm certain it is the same for virtually everyone, if you look at things from the right perspective.
People willing to trade their freedom of expression for temporary entertainment deserve neither and will lose both.
It needs to be redesigned specifically so that entry points were available everywhere, to everyone, without any registration.
What do you mean by "it" here, the Internet?
What you are asking for (once you tune out the hyperbole of "everyone/everywhere") is not an architectural problem, but a political one.
Any one organization, co-op or consortium could provide the service you ask for. One consortium that does in fact is the EFF's TOR. While onion routing is complex under the hood and that complexity leads to a dialup-like user experience, the alternative would be obfuscation provided by the Network Service Provider itself. The Pirate Bay has shown us what that is like however. If you "hide" all of your clients from the rest of the world, then you will be held responsible for their actions when they hack, threaten, or disseminate spam and trojans.
Still, if you are so gung ho that such services should be offered then start your own ISP and let us know how it goes. Offer service for less than a kazillion in my area, mebe I'll even sign up. *shrug*
People willing to trade their freedom of expression for temporary entertainment deserve neither and will lose both.
NAT provides a level of security, whether it was designed to do that or if it comes along as a side-benefit.
Is that so?
I have a PC sitting behind a NAT router. I dare you to reach out from a site I don't currently have a connection to and touch that system in any way, shape or form. Every attempt YOU make to touch that system ends at the router. It doesn't matter if I have a completely unsecured FTP/SMTP/HTTP/whatever server running on that system available to everyone else on my local net, YOU can't touch it.
Damn, you're right. I can't touch it. It appears as though the same machine that is providing NAT services is also providing Firewall services. Perhaps you are confusing those two?
That's easy to remedy for the purposes of our test though. Simply place your computer within your NAT's DMZ. There you go! All of the NAT, with none of the Firewall. Where is your God^H^H^H Security now, bitch? >;D
People willing to trade their freedom of expression for temporary entertainment deserve neither and will lose both.
The first chapter is a good intro to the book.
That is an incorrect "error of ommission" statement.
A NAT router takes a connection request from a specific non-routable address and port and creates a connection to the destination using a routable address and port.
That's the only connection the inside, non-routable system has to the internet. You can't port scan it, you can't connect to it's mail server, you can't touch it. If you port scan the routable address, you will be port scanning the NAT router, which isn't going to be listening to you because it has no reason to listen to you.
Take a typical SOHO internet router for example, it can use a specified IP for a DMZ.
Yes, you CAN use the firewall function in a SOHO router to define a catch-all system that is attackable, but again, that is a level of security, too. You know which system is open to the world, you can protect it and not worry about your other internal systems.
That turns off the filtering rules, (they are what protect you)...
No, "filtering rules" are a firewall function. Under NAT, what protects you is the fact that the address of the system you are hiding is non-routable, unknown to the outside, and thus unreachable from the outside, and the only connections are outgoing connections created by the internal system itself. You aren't subject to port scans or brute force slogin attacks.
No, I'm talking about NAT and not the firewall. You are conflating the two as if they were one service.
That's easy to remedy for the purposes of our test though. Simply place your computer within your NAT's DMZ.
My NAT doesn't have a DMZ. The firewall does. See, you've confused the two.
Where is your God^H^H^H Security now, bitch?
You want to be crude and disgusting, I can respond the same way. It won't accomplish anything, asshole, but it sure feels good, I guess.
No, I'm talking about NAT and not the firewall. You are conflating the two as if they were one service.
If you are in fact talking about the NAT and not about the firewall, then the DMZ test should be completely valid. A DMZ is "part of" neither a NAT nor a Firewall on a basic level. It is simply defined as any part of a local network not protected by the same firewall policy as the remainder.
Since by definition a NAT service demarcates a local network segment from the WAN, any portion of that local network which does not partake in Firewall services can be referred to as "the NAT's DMZ" or "The NAT'd DMZ", which was the original intention of my comment.
My NAT doesn't have a DMZ. The firewall does. See, you've confused the two.
No, U. Firewalls only "have" DMZ's from the perspective that a contiguous firewall policy defines a DMZ specifically by not serving that segment of the network. I've already clarified my language regarding the NAT's relationship to the DMZ.
So far as your routing equipment lacking the capability of supporting a DMZ: most SOHO routers (netgear, linksys, D-link, Belkin, etc) provide a DMZ option, whereby you specify one host within the NAT'ed network which will not be firewalled. All inbound traffic not otherwise port forwarded will be delivered to the DMZ.
If your router has no less than the functionality provided by these cheap SOHO units, then you can accomplish the same feat, and doing so would illustrate my point. Your computer would still be taking advantage of your Network Address Translation services â" it would still have a private, non-world-viewable IP address â" yet it would not take advantage of any firewall services your router might otherwise provide.
In that scenario, please list the "security side benefits" your target machine would enjoy from taking advantage of NAT services but no Firewall services.
You want to be crude and disgusting, I can respond the same way. It won't accomplish anything, asshole, but it sure feels good, I guess.
Please refer to Fig. 1a: "Whoooosche" ;3
People willing to trade their freedom of expression for temporary entertainment deserve neither and will lose both.
That's right. DMZ is not part of NAT. Your "DMZ test" doesn't test NAT. It would test the security of having a DMZ. Thanks for admitting that.
In that scenario, please list the "security side benefits" your target machine would enjoy from taking advantage of NAT services but no Firewall services.
I've already listed them. YOU cannot touch the systems I have behind a NAT router because YOU cannot route packets to their non-routable addresses and my NAT router ignores any connections YOU try to make to the routable address it uses. YOU cannot port scan my systems, YOU cannot make a brute-force attempt to log in. YOU cannot connect to my ftp server and use the welcome string to detect a buggy server and crack into it, you cannot do the same with my Sendmail 4 server, or another service I'm using locally. YOU cannot take advantage of any older system I happen to reattach to the net, nor can you crack a fresh, unpatched installation of XP I am working on. YOU simply can't get to the system to touch it, while it can still reach out and get updates.
In fact, I don't need to care if NFS has more holes than swiss cheese, YOU can't talk to my NFS mount demon to take advantage of that. I don't need to care if I have no root password on half of my systems, YOU can't get a login prompt or port connection to take advantage of it. I don't need to care if remote X lets you keystroke monitor my sessions, because YOU cannot connect to any of my X servers to use it.
YOU cannot do ANYTHING to my systems -- unless I make a connection TO YOU, and if I do that then the firewall would not protect me, either. No, perhaps NAT wasn't designed as a security system, but it has enough properties of one that it is stupid to claim that it doesn't provide any security.
Even IF a DMZ was part of NAT, NAT has prevented YOU from touching ANY OTHER of my systems, even ones that have password-less root accounts and open SSH ports. YOU couldn't talk to anything but the one computer I guard carefully, and you can be sure it won't allow you to do anything, either.
Now, if you are arguing that NAT doesn't provide security because you can deliberately and stupidly misconfigure it to provide no security, then Duh! Of course, you need to realize that you can do the same to firewalls, so firewalls, in your opinion, must not provide security, either.
Please refer to Fig. 1a: "Whoooosche" ;3
Whooooosche yourself, bitch. If you can't be civil, go bother someone else. If you expect to be gratuitously insulting and then excuse it by claiming a "whoosh", then you really do need to go bother someone who cares.