While I don't know where you live, I suspect that there are fines that can be levied against you if the court was to decide so as well as court costs. For example the fines in NSW are up to 20 penalty units Road Rules for Pedestrians which equates to $2200.
Well here in Australia the polling stations (local schools, churches and town halls) don't change much from election to election (local, state and federal) and if you don't know where to vote the Electoral Commission's web site will tell you. Also since you are required register when you turn 18 and to attend a polling place every election this sort of disinformation campaign just doesn't happen here. You can also pre-vote, postal vote and absentee vote for all elections.
and when are we going to do someting with 240/4? How many proposals have to be unfulfilled to use this resource when the resource is scarce? (I know, it'll take a while for some vendors to support this)
ARIN, RIPE, AFINIC and LACNIC are all Internet Registries. They are the bodies that hand out addresses to companies and individuals. Or were you looking to generate a Perpetual Assignment Process:-)
As for 240/4 it really can't be made usable on a global scale. To many machines can't talk to it. One could use it between consenting machines in a limited way. e.g. between the CPE and a CGN.
But mostly I see people whining about how evil NAT is, but without ever giving any supporting reasons.
Mainly because it is self evident to anyone who has had to code software to do anything other than the trivial connect to a server out there.
If you want two clients to be able to talk to each other from behind a NAT you need to deploy a relay server or use STUN and PCP/UPNP and hope that the NAT is configured to support it. This all takes extra development time. Requires extra hardware for the relay server or the STUN server. It's also fragile.
Without NAT each client knows its own address so no need for a STUN server. Depending upon the firewall it may need PCP/UPNP but there to it becomes simpler.
IPv6 is as finalised as IPv4 is. Whats going on now is tinkering and making IPv4 interop better. The main issue with deploying IPv6 is backend software that assumes that IP addresses are 4 octets, dotted quads or has hard coded AF_INET into the socket calls. Most of these issues are relatively straight forward to fix if you have access to the source code. There are address family agnostic techniques to address these issues that are well known.
e.g. replace gethostbyname() with getaddrinfo(), replace "struct sockaddr_in" with "struct sockaddr_storage".
Which isn't true. There are a whole suite of technologies designed to allow a IPv6-only host reach IPv4 only servers. Lots of mobile phones are IPv6 only devices today yet they still reach IPv4 only sites. Going from IPv6 to IPv4 is trivial. Going from a IPv4 only client to a IPv6 only server is harder only because it's hard to squeeze 128 bits into 32 bits and make that scale to a large number of clients.
I would suggest that you really should be looking at your security policies to see if they make sense. DDNS with TSIG or SIG(0) is as secure if not more so than whatever script you are running. This is a decade old technology that has been used in some of the biggest companies in the world, read "Fortune 100" and bigger.
Except there never has been the expectation that communication on the Internet is private without encryption and identification of the party you are talking to. The public has been told this repeatedly for the last two decades. This is one of the reasons people are told to use HTTPS when connecting to banks.
It's very easy to see what page you are looking up unless you encrypt the traffic by using HTTPS. HTTP sends the requests in ASCII and tcpdump will happily display the entire packet in both hexadecimal and ASCII forms.
audio and video are not much harder. The Mac comes with all the tools required to display / play back audio and video and it is trivial to take a stream captured with tcpdump and extract the payload, write it to disk then play it back.
I've got a digital wireless phone at home. One of selling points was that it encrypts between the handset and the base station. If I had bought a wireless phone that didn't encrypt the radio signal I would expect that it could be heard by anyone in range.
I've got a wifi at home. It encrypts communication between the wifi capable device and the access point. If I turn that encryption off I expect that anyone the has a wifi capable device is capable of reading the communication.
There are options that allow you to detect MiTM SSL interception attacks by allowing you to verify the CERT being returned by a path that is not vulnerable. See: DANE.
Actually it isn't forbidden. What is forbidden is driving them on a public road/place without a licence which is about public safety and human rights not car rights.
Then if I'm a black hat I just run a local http server and redirect traffic where I please. Now if applications checked for 0.0.0.0 and:: and didn't make a connection attempt one could use these to indicate that a site is not to be talked to. Unfortunately most applications will happily attempt to connect to 0.0.0.0 and:: and if there is a local service it will succeed.
Slashdot Mirror
While I don't know where you live, I suspect that there are fines that can be levied against you if the court was to decide so as well as court costs. For example the fines in NSW are up to 20 penalty units Road Rules for Pedestrians which equates to $2200.
Well here in Australia the polling stations (local schools, churches and town halls) don't change much from election to election (local, state and federal) and if you don't know where to vote the Electoral Commission's web site will tell you. Also since you are required register when you turn 18 and to attend a polling place every election this sort of disinformation campaign just doesn't happen here. You can also pre-vote, postal vote and absentee vote for all elections.
If you're going to grab networks that aren't BGP Advertised, take them all:
7/8 (ARIN)
9/8 (IBM)
11/8 (US Defense)
19/8 (Ford Motor Company)
21/8 (US Defense)
22/8 (US Defense)
25/8 (UK Defense)
26/8 (US Defense)
28/8 (US Defense)
29/8 (US Defense)
30/8 (US Defense)
31/8 (RIPE)
45/8 (Prudential Securities)
102/8 (AFINIC)
104/8 (ARIN)
179/8 (LACNIC)
191/8 (LACNIC)
and when are we going to do someting with 240/4? How many proposals have to be unfulfilled to use this resource when the resource is scarce? (I know, it'll take a while for some vendors to support this)
ARIN, RIPE, AFINIC and LACNIC are all Internet Registries. They are the bodies that hand out addresses to companies and individuals. Or were you looking to generate a Perpetual Assignment Process:-)
As for 240/4 it really can't be made usable on a global scale. To many machines can't talk to it. One could use it between consenting machines in a limited way. e.g. between the CPE and a CGN.
No, we didn't skip IPv5. It just was not a main stream protocol.
But mostly I see people whining about how evil NAT is, but without ever giving any supporting reasons.
Mainly because it is self evident to anyone who has had to code software to do anything other than the trivial connect to a server out there.
If you want two clients to be able to talk to each other from behind a NAT you need to deploy a relay server or use STUN and PCP/UPNP and hope that the NAT is configured to support it. This all takes extra development time. Requires extra hardware for the relay server or the STUN server. It's also fragile.
Without NAT each client knows its own address so no need for a STUN server. Depending upon the firewall it may need PCP/UPNP but there to it becomes simpler.
IPv6 is as finalised as IPv4 is. Whats going on now is tinkering and making IPv4 interop better. The main issue with deploying IPv6 is backend software that assumes that IP addresses are 4 octets, dotted quads or has hard coded AF_INET into the socket calls. Most of these issues are relatively straight forward to fix if you have access to the source code. There are address family agnostic techniques to address these issues that are well known.
e.g. replace gethostbyname() with getaddrinfo(), replace "struct sockaddr_in" with "struct sockaddr_storage".
Which isn't true. There are a whole suite of technologies designed to allow a IPv6-only host reach IPv4 only servers. Lots of mobile phones are IPv6 only devices today yet they still reach IPv4 only sites. Going from IPv6 to IPv4 is trivial. Going from a IPv4 only client to a IPv6 only server is harder only because it's hard
to squeeze 128 bits into 32 bits and make that scale to a large number of clients.
Actually it doesn't require the ISP to be completely IPv6 or even deploy the AFTR box as that can be outsourced at the cost of a little more latency.
The AFTR box is still a LS-NAT. It just isn't a double NAT and doesn't have to be in-line nor a be a traditional router.
I would suggest that you really should be looking at your security policies to see if they make sense. DDNS with TSIG or SIG(0) is as secure if not more so than whatever script you are running. This is a decade old technology that has been used in some of the biggest companies in the world, read "Fortune 100" and bigger.
On a mac, system preferences -> sharing, and if you hit edit you can teach it how to register itself in the DNS.
Except there never has been the expectation that communication on the Internet is private without encryption and identification of the party you are talking to. The public has been told this repeatedly for the last two decades. This is one of the reasons people are told to use HTTPS when connecting to banks.
It's very easy to see what page you are looking up unless you encrypt the traffic by using HTTPS. HTTP sends the requests in ASCII and tcpdump will happily display the entire packet in both hexadecimal and ASCII forms.
tcpdump -i en1 -s 0 -X port 80
audio and video are not much harder. The Mac comes with all the tools
required to display / play back audio and video and it is trivial to take a
stream captured with tcpdump and extract the payload, write it to disk
then play it back.
I've got a digital wireless phone at home. One of selling points was that it encrypts between the handset and the base station. If I had bought a wireless phone that didn't encrypt the radio signal I would expect that it could be heard by anyone in range.
I've got a wifi at home. It encrypts communication between the wifi capable device and the access point. If I turn that encryption off I expect that anyone the has a wifi capable device is capable of reading the communication.
My Mac with factory installed software can dump entire communication streams which I use regularly to debug networking problems.
"tcpdump -i en1 -s 0 -X port 25" will show all the email being sent.
There are options that allow you to detect MiTM SSL interception attacks by allowing you to verify the CERT being returned by a path that is not vulnerable. See: DANE.
No, he is thinking about adding a redirect to the *existing* HTTPS instances for everyone he can identify as coming from the UK.
No you don't. See The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA.
And use DANE to publish the CERT in a cryptographically verifiable manner,
And the next most untrustworthy party is your ISP.
Which is why cyclists are often banned from higher speed roads or have dedicated lanes where the difference in speed is likely to cause a issue.
If you are a slow vehicle you are also supposed to pull over and let other vehicles past.
Actually it isn't forbidden. What is forbidden is driving them on a public road/place without a licence which is about public safety and human rights not car rights.
Both
Person A kills dog belonging to Person A
and
Person A kills cow belonging to Person A
are both actionable and legal. It is the method of killing that matters not the killing itself.
The skis still have moving parts. They need to be lifted up and put down. For a robot like this, no moving parts means no movement at all.
Now there are transport systems with no moving parts but they use linear accelerators.
I call BS. Of the 2,437,163 deaths in the US in 2009, 28,088 were due to prostate cancer. http://www.cdc.gov/nchs/data/nvsr/nvsr60/nvsr60_03.pdf
As they say you are more likely to die with prostate cancer than of prostate cancer.
Then if I'm a black hat I just run a local http server and redirect traffic where I please. Now if applications checked for 0.0.0.0 and :: and didn't make a connection attempt one could use these to indicate that a site is not to be talked to. Unfortunately most applications will happily attempt to connect to 0.0.0.0 and :: and if there is a local service it will succeed.