That's true on many implementations - you change the date and not necessarily the date of change. Wouldn't surprise me if a lot of Unixes work the same way.
Windows is worse because it ignores the changeover date entirely does UTC->Local based on the *current* DST instead of the one in force for the requested date (http://www.codeproject.com/datetime/dstbugs.asp - bug still exists in Vista).
The whole point of these devices is that *don't* need to forge the bank's SSL certificate - they're breaking the end to end nature of SSL and inserting a proxy inbetween that allows the admins to get at the banking data in plaintext.
You have no way of verifying it because the ability to verify the SSL certificate is taken away from you (every site returns the certificate of the proxy).
Yes reading such data would be actionable - as would reading most emails without explicit written consent. Hasn't stopped them in the past and won't stop them in the future. If you *really* trust those admins then go ahead and use SSL sites at work, otherwise don't bother because it's not secure anymore.
In an hour or so (I start at about 11.30pm) I'm off onto the streets of our fair city (voluntary, no less). I carry a radio that's linked to every nightclub, ever shop, night worker, plus the camera centre. There are about 150 cameras in the city centre... at any time I can make a call to get one or more of them pointed in my direction.
That's not orwellian. Anyone can do what they want... we don't even stop people fighting each other provided nobody else is involved and it's only fists (any sight of a knife and the police are there usually in under 30 seconds.. no guns here so it's not an issue). Stuff happens when people are drunk.. it's no big deal.
It's all about two things - protection - everyone has a right to go out and enjoy themselves without nutters getting in the way and trying to mug them or something - and perception - even though the city is *very* safe at night it's good to have people in high-vis wandering around because people feel safer, and they enjoy themselves more.
Orwellian implies something completely different - that it's used as a means of control. Discounting the fact that it would be nearly impossible to control 250,000 people in one place it implies some kind of conspiracy - and there's simply no evidence of that. The structures aren't even there.. local government usually only pays lipservice to central government... the police are independent again... in reality the way the setup is in this country you couldn't even setup a totalitarian system if you wanted to (as a last backstop the army is allied to the queen not the government and she has the power to forcibly remove them.. it's never get that far though).
Actually no - you can go to another country in Europe without a passport - you just need verifiable ID.
Although that's *possible* since old georgie boy's 'war on terror' it's got a whole lot harder. A few years ago a friend of mine went on holiday to ireland with no passport and got back with no issues. Wouldn't want to try it today.
.. and Walmart in the US have one of the largest data mined databases in the world, whereas in the UK we have the data protection act that makes it a criminal offence to sell on your customer data without permission.
You can always pick examples but there really isn't that much difference... the only time I've really felt scared of the authorities was when I visited the US.
OSX has a learning curve too - quite a big one if you're used to Windows (try to find *anything* on OSX when you've been using the start menu for 5 years for example).
Both Linux and OSX have a chance now because Vista is such a major headache.. it doesn't work like Windows so it's back to square one with the training (no way I'd upgrade my mother's machine.. if even an icon goes out of place she phones me up for support - Vista would just have her putting it back in a box and forgetting about it!!).
It's not just OSS - ego is a big problem in the commercial realm too.
If takes a lot to work on something for years then hand it over and watch someone do something *completely different* with it.
Some are never able to do that - I've worked at a place where the boss wrote the first version of the software and absolutely everything - right down to bug fixes - had to be approved by him. Then he'd go away at the weekend and rewrite half of it... badly...
For linux it's one file and that can be automated.
For Windows it seems that half the software needs to be patched, plus the OS (reboot required of course).
I mean... Exchange? Oracle? You'd think the authors of software like that would have a frikkin clue. Harcoding DST routines into user applications? WTF??
Those are multicast I think. You could probably reclaim a lot of the space but it'd require router software upgrades to handle it.
We had that problem with x.x.x.0 addresses - they're now just like normal addresses but a lot of routers still treat them as broadcast so they're not really usable.
Well... someone usually posts this list so I'll run down it (these discussions could be defined as a dup:) )
Larger address space - given. Stateless autoconfiguration - doesn't handle DNS addresses, router addresses, other stuff, so you still need DHCP, which ipv4 has anyway... Multicast - ipv4 has this. Jumbograms - err. what? Might matter on multi-gigabit links I guess. Good look finding a switch that can handle it (it's hard enough finding ones that handle 4k frames). Faster routing - ipv4 routing is fast enough (nearly instant is fast enough for me). Technical issues that really doesn't matter to anyone except backbone providers. Ipsec - ipv4 has this. Mobility - see mobile ipv4. Not needed TBH.. my mobile phone handles handover just find on its ipv4 address no matter how many cells I cross.
participated in on the 6bone mailing list talked about how, since everyone in the world now had access to IPv6, there was no more need for this test network.
lol. comedy gold... got a link?
I just assumed they'd given it up as a lost cause and the 'not needed any more' tagline was face saving.
Indeed it has the same problem - busted protocols that randomize their inbound ports.
That's damned hard to firewall, on NAT, ipv4 or ipv6 same problem - the protocols suck so you need something like upnp as a bandaid to work around it - and that opens up a security hole.
but wait until your company merges with another company that uses the same private IP addresses..you update the DHCP server on one end to change the allocation. Get all the machines on the other side to reboot and it all happens automatically (maybe some hardwired entries in the DNS but most should be DDNS these days).
Next problem?
I've said it before and I'll say it again *IPV6 HAS NAT!!*
No company with any sanity would allow their addresses - ipv6 or not - onto the global internet. They'll NAT it at the firewall.
netmeeting uses a gatweway, just as it does now. netmeeting is *not* available to everyone and never should be.
99% of companies have been using NAT for years without any issues. It works. As I said, users should not be running servers, period.
FYI I *have* integrated companies after mergers. Install VPN. Update DHCP server on other end, mirror DNS. That's the network side done. ipv6 not needed. That's not the hard bit at all. The hard bit comes later.
In the case of the AD controller. If the users haven't got an ipv4 address they can't login to the domain.. so they need ipv4 addresses *anyway* and there's no point in ipv6, because that just creates cost with no advantage.
In *any* company try justifying the hardware cost of the router upgrades, software upgrades, etc. by saying 'it's cool, and 6 is more than 4! so it must be good!' and you'll get thrown out of the office. Even the slightly more sane 'we're going to run out of ipv4 addresses' is going to get the same result - who's 'we'? Our little company that has 32 public IPs and a thousand machines on the NAT? Good luck with that.
ipv6 rollout only makes any sense if you replace the entire network infrastructure. And it'll never make sense for that reason - which is why 12 years on ipv6 adoption is nonexistant.
IPv6 won't be in wide use until the ISPs drop their ridiculous additional IP charges
Heh. dya think?
If ipv6 takes off you'll be lucky to get a/120 off them.. and that'll be for 'corporate customers only'. It'll cost more of course because it's for the 'new improved faster sparkly ipv6'.
Some ISPs are simply control freaks. From them you'll get a *single* ipv6 address and if you want more you'll have to NAT it, same as always.
ISPs that charge for IPs now are going to be charging for IPs in the future. Good ISPs don't charge for IPs (mine doesn't.. they gave me 16 IPs just in case I needed them... and a/64 ipv6 allocation for free).
I wouldn't also be surprised to see more work done on automagic NAT mapping protocols that can allow for dynamic inbound mappings, further eliminating the need for multiple public IPs just to satisfy port number conflicts.
That's actually not that hard.. add some data to the TCP header to give the final destination (machine number) - a couple of bytes would would do fine. You'd just need a stack at both ends that was capable of handling that.
Could probably hack it up in linux in 20 minutes... getting anyone else to use it of course would take longer. We're probably going to have to wait to see if a big player like MS does it first.
One of the *big* things holding up ipv6 adoption is the complete lack of ipv6 routers and firewalls.
Cisco routers have a firewall (provided you have the right IOS build), but it's not exposed in SDM so you can't set it in a user friendly way (and setting up cisco firewalls using the IOS command line sucks donkey).
99.9% of consumer routers don't even support ipv6 let alone ipv6 firewalling. Nor do any of the major vendors look like their planning to add it.
Critical parts of infrastructure don't support it - Active Directory will only bind to ipv4 ports even on an ipv6 capable machine, for example. Worse - if you enable ipv6 over the network domain authentication breaks because AD *clients* try to talk over ipv6...
Still no ipv6 squid. Been waiting for that for 5 years.
Slashdot Mirror
So does every other fix - Windows doesn't store historical data regarding timezone changes.
That's true on many implementations - you change the date and not necessarily the date of change. Wouldn't surprise me if a lot of Unixes work the same way.
Windows is worse because it ignores the changeover date entirely does UTC->Local based on the *current* DST instead of the one in force for the requested date (http://www.codeproject.com/datetime/dstbugs.asp - bug still exists in Vista).
The whole point of these devices is that *don't* need to forge the bank's SSL certificate - they're breaking the end to end nature of SSL and inserting a proxy inbetween that allows the admins to get at the banking data in plaintext.
You have no way of verifying it because the ability to verify the SSL certificate is taken away from you (every site returns the certificate of the proxy).
Yes reading such data would be actionable - as would reading most emails without explicit written consent. Hasn't stopped them in the past and won't stop them in the future. If you *really* trust those admins then go ahead and use SSL sites at work, otherwise don't bother because it's not secure anymore.
btw. orwellian? That implies wrong motivation.
In an hour or so (I start at about 11.30pm) I'm off onto the streets of our fair city (voluntary, no less). I carry a radio that's linked to every nightclub, ever shop, night worker, plus the camera centre. There are about 150 cameras in the city centre... at any time I can make a call to get one or more of them pointed in my direction.
That's not orwellian. Anyone can do what they want... we don't even stop people fighting each other provided nobody else is involved and it's only fists (any sight of a knife and the police are there usually in under 30 seconds.. no guns here so it's not an issue). Stuff happens when people are drunk.. it's no big deal.
It's all about two things - protection - everyone has a right to go out and enjoy themselves without nutters getting in the way and trying to mug them or something - and perception - even though the city is *very* safe at night it's good to have people in high-vis wandering around because people feel safer, and they enjoy themselves more.
Orwellian implies something completely different - that it's used as a means of control. Discounting the fact that it would be nearly impossible to control 250,000 people in one place it implies some kind of conspiracy - and there's simply no evidence of that. The structures aren't even there.. local government usually only pays lipservice to central government... the police are independent again... in reality the way the setup is in this country you couldn't even setup a totalitarian system if you wanted to (as a last backstop the army is allied to the queen not the government and she has the power to forcibly remove them.. it's never get that far though).
Actually no - you can go to another country in Europe without a passport - you just need verifiable ID.
Although that's *possible* since old georgie boy's 'war on terror' it's got a whole lot harder. A few years ago a friend of mine went on holiday to ireland with no passport and got back with no issues. Wouldn't want to try it today.
.. and Walmart in the US have one of the largest data mined databases in the world, whereas in the UK we have the data protection act that makes it a criminal offence to sell on your customer data without permission.
You can always pick examples but there really isn't that much difference... the only time I've really felt scared of the authorities was when I visited the US.
The Daily Mail?
That's like an american getting views on the democratic party from Fox News.
Daily Mail Watch is a good read, if you've not seen what this 'paper' prints before.
Even having the wireless there is a security risk. Someone will enable it, then bang goes your carefully crafted firewall.
OSX has a learning curve too - quite a big one if you're used to Windows (try to find *anything* on OSX when you've been using the start menu for 5 years for example).
Both Linux and OSX have a chance now because Vista is such a major headache.. it doesn't work like Windows so it's back to square one with the training (no way I'd upgrade my mother's machine.. if even an icon goes out of place she phones me up for support - Vista would just have her putting it back in a box and forgetting about it!!).
It's not just OSS - ego is a big problem in the commercial realm too.
If takes a lot to work on something for years then hand it over and watch someone do something *completely different* with it.
Some are never able to do that - I've worked at a place where the boss wrote the first version of the software and absolutely everything - right down to bug fixes - had to be approved by him. Then he'd go away at the weekend and rewrite half of it... badly...
(which I think is somehow derived from the phone's EIN, so I'm surprised that nobody has reverse-engineered it yet);
They have - there are hundreds of places and websites in the UK that will unlock phones for you for £10-£20.
There's also a free website that'll give you the codes for certain nokia phones.
For linux it's one file and that can be automated.
For Windows it seems that half the software needs to be patched, plus the OS (reboot required of course).
I mean... Exchange? Oracle? You'd think the authors of software like that would have a frikkin clue. Harcoding DST routines into user applications? WTF??
ipv4 ipsec has opportunistic encryption too.
ipsec over ipv4 uses its own protocols as well. Nat breaks nieve implementations but since NAT-T was designed even that is not a problem any more.
Those are multicast I think. You could probably reclaim a lot of the space but it'd require router software upgrades to handle it.
We had that problem with x.x.x.0 addresses - they're now just like normal addresses but a lot of routers still treat them as broadcast so they're not really usable.
Well... someone usually posts this list so I'll run down it (these discussions could be defined as a dup :) )
Larger address space - given.
Stateless autoconfiguration - doesn't handle DNS addresses, router addresses, other stuff, so you still need DHCP, which ipv4 has anyway...
Multicast - ipv4 has this.
Jumbograms - err. what? Might matter on multi-gigabit links I guess. Good look finding a switch that can handle it (it's hard enough finding ones that handle 4k frames).
Faster routing - ipv4 routing is fast enough (nearly instant is fast enough for me). Technical issues that really doesn't matter to anyone except backbone providers.
Ipsec - ipv4 has this.
Mobility - see mobile ipv4. Not needed TBH.. my mobile phone handles handover just find on its ipv4 address no matter how many cells I cross.
participated in on the 6bone mailing list talked about how, since everyone in the world now had access to IPv6, there was no more need for this test network.
lol. comedy gold... got a link?
I just assumed they'd given it up as a lost cause and the 'not needed any more' tagline was face saving.
Indeed it has the same problem - busted protocols that randomize their inbound ports.
That's damned hard to firewall, on NAT, ipv4 or ipv6 same problem - the protocols suck so you need something like upnp as a bandaid to work around it - and that opens up a security hole.
but wait until your company merges with another company that uses the same private IP addresses ..you update the DHCP server on one end to change the allocation. Get all the machines on the other side to reboot and it all happens automatically (maybe some hardwired entries in the DNS but most should be DDNS these days).
Next problem?
I've said it before and I'll say it again *IPV6 HAS NAT!!*
No company with any sanity would allow their addresses - ipv6 or not - onto the global internet. They'll NAT it at the firewall.
Are you saying DHCP is not a result of limitations of IPV4?
ipv6 requires DHCP also - RA only gives you an address.. you need DHCP to hand out the DNS, router addresses, etc.
Many ISPs don't support 192.88.99.1... my last 3 didn't. My current one does but they run their own gateway so it responds to that IP.
netmeeting uses a gatweway, just as it does now. netmeeting is *not* available to everyone and never should be.
99% of companies have been using NAT for years without any issues. It works. As I said, users should not be running servers, period.
FYI I *have* integrated companies after mergers. Install VPN. Update DHCP server on other end, mirror DNS. That's the network side done. ipv6 not needed. That's not the hard bit at all. The hard bit comes later.
In the case of the AD controller. If the users haven't got an ipv4 address they can't login to the domain.. so they need ipv4 addresses *anyway* and there's no point in ipv6, because that just creates cost with no advantage.
In *any* company try justifying the hardware cost of the router upgrades, software upgrades, etc. by saying 'it's cool, and 6 is more than 4! so it must be good!' and you'll get thrown out of the office. Even the slightly more sane 'we're going to run out of ipv4 addresses' is going to get the same result - who's 'we'? Our little company that has 32 public IPs and a thousand machines on the NAT? Good luck with that.
ipv6 rollout only makes any sense if you replace the entire network infrastructure. And it'll never make sense for that reason - which is why 12 years on ipv6 adoption is nonexistant.
IPv6 won't be in wide use until the ISPs drop their ridiculous additional IP charges
/120 off them.. and that'll be for 'corporate customers only'. It'll cost more of course because it's for the 'new improved faster sparkly ipv6'.
/64 ipv6 allocation for free).
Heh. dya think?
If ipv6 takes off you'll be lucky to get a
Some ISPs are simply control freaks. From them you'll get a *single* ipv6 address and if you want more you'll have to NAT it, same as always.
ISPs that charge for IPs now are going to be charging for IPs in the future. Good ISPs don't charge for IPs (mine doesn't.. they gave me 16 IPs just in case I needed them... and a
I wouldn't also be surprised to see more work done on automagic NAT mapping protocols that can allow for dynamic inbound mappings, further eliminating the need for multiple public IPs just to satisfy port number conflicts.
That's actually not that hard.. add some data to the TCP header to give the final destination (machine number) - a couple of bytes would would do fine. You'd just need a stack at both ends that was capable of handling that.
Could probably hack it up in linux in 20 minutes... getting anyone else to use it of course would take longer. We're probably going to have to wait to see if a big player like MS does it first.
Not much use if the 'ipv4 device' is your router.
Unless you're planning to give ciscos to everyone then routed ipv6 for the consumer is a pipedream.
One of the *big* things holding up ipv6 adoption is the complete lack of ipv6 routers and firewalls.
Cisco routers have a firewall (provided you have the right IOS build), but it's not exposed in SDM so you can't set it in a user friendly way (and setting up cisco firewalls using the IOS command line sucks donkey).
99.9% of consumer routers don't even support ipv6 let alone ipv6 firewalling. Nor do any of the major vendors look like their planning to add it.
Critical parts of infrastructure don't support it - Active Directory will only bind to ipv4 ports even on an ipv6 capable machine, for example. Worse - if you enable ipv6 over the network domain authentication breaks because AD *clients* try to talk over ipv6...
Still no ipv6 squid. Been waiting for that for 5 years.
ipv6 is just not ready.