This can be solved with current technologies:
Have bonjour/zeroconf on the router looking for available services and hostnames.
Give the router a domain name (example.com in this example).
since the domain does nothing other than looking after your home network, it can be the DNS server. Sure you can add secondaries, but you don't need to (since if it's down, you can't connect to that shit anyway).
Based on the name of the machine (we'll call it dad) you create a dns TXT record for the subdomain (dad.example.com) which states the services and the ports that those services are available on. (dad.example.com. 86400 IN TXT "RDC:34542,HTTP:6253")
You then build into the connectivity tools the tools for looking this information up (ie, build it into firefox, build it into remote desktop connection) then it's seamless.
You don't need to change the internet to get this shit done. NAT is fine, you're trying to break shit that works to do something that is possible today.
Yeah, but over the same time period v4 traffic there increased from 250Gbps to 450gbps. Maybe they just got a bunch of new companies peering with them? Also it's 1Gbps out of 450Gbps. That's the kinda reach v6 currently has.
Sounds like someone hasn't done a real migration of IP addresses and is living in "theory land". The amount of domains that point to hosts I run that have DNS servers that are completely out of my control is insane. Getting those people to understand that if they don't fix it within a month their shit will break isn't possible, especially when you have to ring each one and tell them since they don't really read emails - but they sure do bitch when they can't get them. In the end you've turned off the old IPs because you're now GREing those things, paying money you don't need to pay to keep them up. Suddenly a somewhat technical person rings you, angry about not getting email. He says this is the first he's ever heard of it. You tell him the details again, he gets this sorted out about 2 weeks later because he can't find the passwords for some shitty DNS service he signed up with 4 years ago. I don't have time for this.
Changing IP addresses sucks when you're dealing with servers. For clients, there's no real issues, but for servers it's about one of the most painful things you can do. Buying more ram for your router isn't that big an issue in comparison, and helps the economy.
Wouldn't you just use the exploit to run some software to detect if the rootkit exists? I mean, the OS can't detect the rootkit in the SMM, but other software that's been esc'd can no?
I've had video phones for 7 years, and am yet to have a video call. I'm also yet to send an mms though, so maybe I'm technically retarded, but it always made more sense to email photos
You'd lose me. Firefox 2's self signed SSL behaviour is much nicer than FF3. Chrome's behaviour is also nicer in that respect.
Dealing with the FF3 SSL behaviour would push me to one of the other browsers.
Hosts file, private domain, keep using it with your own DNS server that doesn't care what some registrar says?
Sounds like you're introducing complexity into connecting to machines. Oh boy I can't wait! Sign me up now!
As for the rest, I and many other people find end to end connectivity to be very useful. If you want to live in some ISPs walled garden, be my guest. Just don't try to drag everyone else in with you.
Yeah, you and many other IPv6 lovers. I'll tell you what though, the numbers of people who don't care about end to end connectivity far outweight your numbers.
If you can't find machines for other people, you can't find your own machines.
If you're inside the network in question, you can sniff traffic to locate your own machines. Also, nothing says you can't be dual stack or manually assign contiguous IPv6 addresses if you want/need to.
Yeah, but why should I have to sniff traffic to find a machine? Saying IPv6 is going to solve problems by hiding machines is bullshit. It's going to make people look harder for machines, but as the speed of the internet grows, it'll just be the same as it is now.
The mere fact that you're saying I can still use IPv4 means you've run into this argument before and you're saying this quite often. Oh I can still use IPv4? Gee thanks. What's the point of v6 then really? The end to end internet is a shit excuse because people wouldn't have given that up for nat if they really wanted it. What the majority wants to do is check email and go to youtube, not become an SMTP server and configure DNS. You guys really need to get out more. Zeroconf is too hard for some people I've met.
I'm not describing Zeroconf. That works through broadcast, so that will never work on the internet at large, or even on a network with more than one vlan. I'm describing this to minimize ip's in a server network, not a client network. Clients don't need routable IP addresses, because they don't need or want to be servers. If you're a client and you want to be a server, get yourself a proper network.
Currently through virtual hosting you need an IP address for each SSL certificate used. This is a complete waste of IP's. With the following description, I could take the the thousands of IPs that I use and turn them into 60ish.
You have DNS txt records that describe a service, say http or https. It defines a port for this service.
In the interest of explaining this well: ;; QUESTION SECTION: ;example.net. IN TXT ;; ANSWER SECTION:
example.net. 86400 IN TXT "http:380,https:3443"
A browser picks this up and connects to the alternate ports for https and http. Easy and no security concerns.
The server could be configured through a control panel or manually decided. Only one IP should be used on a virtual hosting machine, not the stupid amounts there currently are due to SSL certs. I neglect to see how this is any less secure and frees up, for me at least, about 4000 Routable IPs. That might be a drop in the ocean, but where else could this solution be used?
I know IPv4 needs to go, but IPv6 isn't a great answer. The addressing is too long, it's trying to be too many things at once. When you introduce even a smidge more complexity than you need, things tend to fuck up. You use the most simple option.
Sure there's 300 Million hosts, but there's a shitload more money in the internet now. You'd think that the ISP's would be trying to establish themselves as IPv6 compatible if it were such a great thing. You know like Multimedia compatible back in the day, or IBM compatible. These things sold - IPv6 isn't selling.
You seem to think I'm just complaining because the addressing is long. I'm complaining because the current solution works and the only issue is we don't have enough addresses. You're taking this to jam IPv6 down the throats of people. It's going to make a whole lot of diagnosis a lot more painful.
Also you seem to think I'm running an internal network. No, I run an AS. ASNs are being used up as well. What was the solution there? Oh make them 4 byte instead of 2.
At home my NAT box is a Linux machine. I just SSH into it.
PS: Your suggestion of running an IPv4 address alongside an IPv6 address just plays further to my point.
It's sad you get called a troll for speaking the truth. The IPv6 crowd are too loud to hear everyone else telling them that we don't want their shitty protocol.
Am I the only person who finds this to be a terrible thing? If you can't find machines for other people, you can't find your own machines. I run a fairly decent sized network, and it's hard enough keeping track of what's on which IP. Hostnames are great, but what about when your domain name expires? You going to memorise an address to get connected to all your other machines? It just seems to me like overkill. The end to end internet died and noone wants it back. Get over it. Servers and clients are just how it's going to be. You don't need IPv6 for that. Sure it'll be great for my kettle, toaster and underpants to have an IP address, but practically it's really fucking pointless.
but IPv6 isn't a better solution than NAT. It's annoyingly long. How's this - since we've got 65000 ports per IP why can't we just give each machine a few ports and advertise stuff that's available using DNS. Sure there's things to work out with that, but it's not difficult to do. IPv4 didn't have to push so hard to be accepted - it took over from NCP pretty much as soon as it was completed. Sure there were less hosts, but it was still a big job. People are only willing to change when something appears better and IPv6 really seems like it's harder to remember IP's that will make my life more difficult when DNS is broken (which will almost certainly happen at some point). What if an automated script breaks both my DNS servers and I need to ssh into them to fix them? Oh too fucking bad, you forgot your ffas:3qrr:r2f223:dada:fdsda cunty number. It really feels like everyone's trying to sell me a lemon with this IPv6 bullshit.
I dropped out of high school and managed to get a decent IT job. Computers aren't an overly difficult thing to learn.
I was making money while other people were going to college, and now I'm in charge of a few people who have college degrees. You don't have to chop wood just because you drop out of high school.
Of course baldness is a disease. A minor one at first sight, but it can lower people's self-esteem and cause severe psychological diseases, such as depression.
You're probably trolling, but I'll bite.
Of course black skin is a disease. A minor one at first sight, but it can lower people's self-esteem and cause severe psychological diseases, such as depression.
I believe the main reason you open source something is to get more eyes on the problems and more brains on the solutions. Sure, there's the whole free thing that comes along with it, but without the combined efforts of people across the globe, progress is slow. Also ideas other people have aren't even thought of, due to the unknowns of the project.
I use a shitty $10 certificate brand for my servers, however the dedicated server customers have no CA signed certificate, because everyone is tight. They're tight for a reason, as it's tough to compete in the Australian market. The company I work for has a lot of dedicated servers, and I'm not going back to update them all to a self signed certificate with the common name of *. It's too much hassle. I'd rather just use FF2 or Safari until someone creates a version of FF3 without this bullshit in it. It's just not worth my time. They should have an option to disable this with about 5 warning signs: Warning this is dangerous! Only enable if you know what you're doing! GIANT BAT BALLS WILL FLY OUT OF THE SKY AND INTO YOUR MOUTH!
Oh yeah, cause the only country that ever is talked badly about by anyone is Israel. Well, I guess the next time I give shit to America, I'll be thinking of the Jews that live there, so it makes it easier for me.
Geez, sometimes I wish I were a Jew, so I could play the antisemitic win argument card.
You seem to ignore common sense, so you're probably trolling, but you inadvertently raise an interesting point - as you'd have the inverse of what you're saying. You'd have higher disease prevalence due to people not going to the doctors, or going to the doctors in other countries to get around the transparency of the medical system. Imagine that because your mother has mental health issues you couldn't get a job because genetically you're a high risk for similar mental health issues and that increased their insurance policy. This is why keeping all forms of privacy is important.
Slashdot Mirror
This can be solved with current technologies:
Have bonjour/zeroconf on the router looking for available services and hostnames.
Give the router a domain name (example.com in this example).
since the domain does nothing other than looking after your home network, it can be the DNS server. Sure you can add secondaries, but you don't need to (since if it's down, you can't connect to that shit anyway).
Based on the name of the machine (we'll call it dad) you create a dns TXT record for the subdomain (dad.example.com) which states the services and the ports that those services are available on. (dad.example.com. 86400 IN TXT "RDC:34542,HTTP:6253")
You then build into the connectivity tools the tools for looking this information up (ie, build it into firefox, build it into remote desktop connection) then it's seamless.
You don't need to change the internet to get this shit done. NAT is fine, you're trying to break shit that works to do something that is possible today.
The idea someone gave me when I mentioned this last time was to run an ipv4 address on the same machine. That really said a lot.
Yeah, but over the same time period v4 traffic there increased from 250Gbps to 450gbps. Maybe they just got a bunch of new companies peering with them? Also it's 1Gbps out of 450Gbps. That's the kinda reach v6 currently has.
Sounds like someone hasn't done a real migration of IP addresses and is living in "theory land". The amount of domains that point to hosts I run that have DNS servers that are completely out of my control is insane. Getting those people to understand that if they don't fix it within a month their shit will break isn't possible, especially when you have to ring each one and tell them since they don't really read emails - but they sure do bitch when they can't get them. In the end you've turned off the old IPs because you're now GREing those things, paying money you don't need to pay to keep them up. Suddenly a somewhat technical person rings you, angry about not getting email. He says this is the first he's ever heard of it. You tell him the details again, he gets this sorted out about 2 weeks later because he can't find the passwords for some shitty DNS service he signed up with 4 years ago. I don't have time for this.
Changing IP addresses sucks when you're dealing with servers. For clients, there's no real issues, but for servers it's about one of the most painful things you can do. Buying more ram for your router isn't that big an issue in comparison, and helps the economy.
Wouldn't you just use the exploit to run some software to detect if the rootkit exists? I mean, the OS can't detect the rootkit in the SMM, but other software that's been esc'd can no?
Seems like the narcissists don't agree with your ideas. They seem to have all the mod points.
Well, you can't run the cisco os on juniper routers now can you? Maybe we can have a suit against cisco.
Also, you can't run photoshop on linux. Maybe we should sue those guys.
I've had video phones for 7 years, and am yet to have a video call. I'm also yet to send an mms though, so maybe I'm technically retarded, but it always made more sense to email photos
This is much safer anyways, since your private key and your passphrase stays on your local machine.
Until your laptop is stolen. Then they have access to all your machines. Laptops + private key auth != security.
You'd lose me. Firefox 2's self signed SSL behaviour is much nicer than FF3. Chrome's behaviour is also nicer in that respect. Dealing with the FF3 SSL behaviour would push me to one of the other browsers.
I still don't see why they're pushing people so hard to upgrade to Vista.
Because they won't work on XP anymore. It will not be supported and will no longer receive security updates. How hard is that to understand?
Vista still seems slower and more buggy than the version of XP I have been using for some time.
Except it's faster. kernel improvements, less memory leaks, a security implementation of sorts, etc. Vista requires less resources.
I would argue that XP is not an obsolete product
By definition, it is. It will reach End of Life.
Hosts file, private domain, keep using it with your own DNS server that doesn't care what some registrar says?
Sounds like you're introducing complexity into connecting to machines. Oh boy I can't wait! Sign me up now!
As for the rest, I and many other people find end to end connectivity to be very useful. If you want to live in some ISPs walled garden, be my guest. Just don't try to drag everyone else in with you.
Yeah, you and many other IPv6 lovers. I'll tell you what though, the numbers of people who don't care about end to end connectivity far outweight your numbers.
If you can't find machines for other people, you can't find your own machines.
If you're inside the network in question, you can sniff traffic to locate your own machines. Also, nothing says you can't be dual stack or manually assign contiguous IPv6 addresses if you want/need to.
Yeah, but why should I have to sniff traffic to find a machine? Saying IPv6 is going to solve problems by hiding machines is bullshit. It's going to make people look harder for machines, but as the speed of the internet grows, it'll just be the same as it is now.
The mere fact that you're saying I can still use IPv4 means you've run into this argument before and you're saying this quite often. Oh I can still use IPv4? Gee thanks. What's the point of v6 then really? The end to end internet is a shit excuse because people wouldn't have given that up for nat if they really wanted it. What the majority wants to do is check email and go to youtube, not become an SMTP server and configure DNS. You guys really need to get out more. Zeroconf is too hard for some people I've met.
I'm not describing Zeroconf. That works through broadcast, so that will never work on the internet at large, or even on a network with more than one vlan. I'm describing this to minimize ip's in a server network, not a client network. Clients don't need routable IP addresses, because they don't need or want to be servers. If you're a client and you want to be a server, get yourself a proper network.
;; QUESTION SECTION:
;example.net. IN TXT
;; ANSWER SECTION:
Currently through virtual hosting you need an IP address for each SSL certificate used. This is a complete waste of IP's. With the following description, I could take the the thousands of IPs that I use and turn them into 60ish.
You have DNS txt records that describe a service, say http or https. It defines a port for this service.
In the interest of explaining this well:
example.net. 86400 IN TXT "http:380,https:3443"
A browser picks this up and connects to the alternate ports for https and http. Easy and no security concerns.
The server could be configured through a control panel or manually decided. Only one IP should be used on a virtual hosting machine, not the stupid amounts there currently are due to SSL certs. I neglect to see how this is any less secure and frees up, for me at least, about 4000 Routable IPs. That might be a drop in the ocean, but where else could this solution be used?
I know IPv4 needs to go, but IPv6 isn't a great answer. The addressing is too long, it's trying to be too many things at once. When you introduce even a smidge more complexity than you need, things tend to fuck up. You use the most simple option.
Sure there's 300 Million hosts, but there's a shitload more money in the internet now. You'd think that the ISP's would be trying to establish themselves as IPv6 compatible if it were such a great thing. You know like Multimedia compatible back in the day, or IBM compatible. These things sold - IPv6 isn't selling.
You seem to think I'm just complaining because the addressing is long. I'm complaining because the current solution works and the only issue is we don't have enough addresses. You're taking this to jam IPv6 down the throats of people. It's going to make a whole lot of diagnosis a lot more painful.
Also you seem to think I'm running an internal network. No, I run an AS. ASNs are being used up as well. What was the solution there? Oh make them 4 byte instead of 2.
At home my NAT box is a Linux machine. I just SSH into it.
PS: Your suggestion of running an IPv4 address alongside an IPv6 address just plays further to my point.
It's sad you get called a troll for speaking the truth. The IPv6 crowd are too loud to hear everyone else telling them that we don't want their shitty protocol.
Am I the only person who finds this to be a terrible thing? If you can't find machines for other people, you can't find your own machines. I run a fairly decent sized network, and it's hard enough keeping track of what's on which IP. Hostnames are great, but what about when your domain name expires? You going to memorise an address to get connected to all your other machines? It just seems to me like overkill. The end to end internet died and noone wants it back. Get over it. Servers and clients are just how it's going to be. You don't need IPv6 for that. Sure it'll be great for my kettle, toaster and underpants to have an IP address, but practically it's really fucking pointless.
but IPv6 isn't a better solution than NAT. It's annoyingly long. How's this - since we've got 65000 ports per IP why can't we just give each machine a few ports and advertise stuff that's available using DNS. Sure there's things to work out with that, but it's not difficult to do. IPv4 didn't have to push so hard to be accepted - it took over from NCP pretty much as soon as it was completed. Sure there were less hosts, but it was still a big job. People are only willing to change when something appears better and IPv6 really seems like it's harder to remember IP's that will make my life more difficult when DNS is broken (which will almost certainly happen at some point). What if an automated script breaks both my DNS servers and I need to ssh into them to fix them? Oh too fucking bad, you forgot your ffas:3qrr:r2f223:dada:fdsda cunty number. It really feels like everyone's trying to sell me a lemon with this IPv6 bullshit.
I dropped out of high school and managed to get a decent IT job. Computers aren't an overly difficult thing to learn.
I was making money while other people were going to college, and now I'm in charge of a few people who have college degrees. You don't have to chop wood just because you drop out of high school.
bought and bought bitch. who am i kidding. i use linux for all my theft.. i mean hd..
You are probably trolling, but I'll bite.
Of course baldness is a disease. A minor one at first sight, but it can lower people's self-esteem and cause severe psychological diseases, such as depression.
You're probably trolling, but I'll bite.
Of course black skin is a disease. A minor one at first sight, but it can lower people's self-esteem and cause severe psychological diseases, such as depression.
I believe the main reason you open source something is to get more eyes on the problems and more brains on the solutions. Sure, there's the whole free thing that comes along with it, but without the combined efforts of people across the globe, progress is slow. Also ideas other people have aren't even thought of, due to the unknowns of the project.
Apple does not get the source code
I don't think that's how it would work. Certificate Signed Applications usually have their source checked.
I use a shitty $10 certificate brand for my servers, however the dedicated server customers have no CA signed certificate, because everyone is tight. They're tight for a reason, as it's tough to compete in the Australian market. The company I work for has a lot of dedicated servers, and I'm not going back to update them all to a self signed certificate with the common name of *. It's too much hassle. I'd rather just use FF2 or Safari until someone creates a version of FF3 without this bullshit in it. It's just not worth my time. They should have an option to disable this with about 5 warning signs: Warning this is dangerous! Only enable if you know what you're doing! GIANT BAT BALLS WILL FLY OUT OF THE SKY AND INTO YOUR MOUTH!
This is also wasting IP addresses.
You mean Verisign right? Since they own over 70% of the market. Oh and crazy frog. Seems like they have a monopoly on being annoying.
Oh yeah, cause the only country that ever is talked badly about by anyone is Israel. Well, I guess the next time I give shit to America, I'll be thinking of the Jews that live there, so it makes it easier for me. Geez, sometimes I wish I were a Jew, so I could play the antisemitic win argument card.
You seem to ignore common sense, so you're probably trolling, but you inadvertently raise an interesting point - as you'd have the inverse of what you're saying. You'd have higher disease prevalence due to people not going to the doctors, or going to the doctors in other countries to get around the transparency of the medical system. Imagine that because your mother has mental health issues you couldn't get a job because genetically you're a high risk for similar mental health issues and that increased their insurance policy. This is why keeping all forms of privacy is important.