The solution is, of course, to buy a $500 videocard, which will be good for a few years, but with that money you can get a console with controllers and one or two bundled games, so why bother?
Or buy a cheaper video card and play on lower settings.
New games generally work on older computers with reduced graphic settings. Yes, you will not be able to see all of the graphic awesomeness of the new game, but if all games targeted your video card, nobody would be able to get the better graphics. Now you can still enjoy the game with lower settings on cheaper hardware, while I can play it on higher settings on more expensive hardware.
Also, to me, keyboard+mouse is much better than a controller.
Finally, while I'm on it, you need not worry about fucking DRM in your console games, although that's another story (and perhaps the trade is fair, for PC gamers need not fear that their PC manufacturer suddenly bricks their computer... unless sony is involved).
DRM is an annoyance, but it can be cracked. However, I can use my PC for more than just playing games, also, I can play quite old games on the same PC and play indie games that cannot be released on a console (for example Minecraft). I can also modify my PC as much (or as little) as i want, run any program (even ones I wrote myself) and the manufacturers (of the CPU, GPU etc) cannot prevent it.
Besides, everyone keeps complaining how games nowadays focus on looking stunning and having great sound effects and, basically, taking too much effort into the media part of the game, while slacking off in other areas, like immersiveness, story, character development and all that.
I do not think that everyone agrees what the weak parts are. Each person has a different opinion on what is good and what could be better - one likes graphics, another can play a text mode game as long as the story (or gameplay) is good enough. I, for example, like games with good stories and gameplay, but I need to see stuff to be able to enjoy the game. Minecraft is about the lowest quality graphics that I can tolerate (though I am using a HD texture pack for it, I can tolerate the original textures too).
Also, why do I have to press up, up, down, down, left mouse button, enter to perform some action instead of pressing a some button? I mean my keyboard has a bit more than 100 keys...
Under IPv6 the above mentioned autoconf feature has been extended so that it CAN also be used as a general address assignment scheme. This allows a router to send out a simple message on a broacast domain, advertizing the network number. The hosts can then generate a host number based on their MAC address (or some random heuristics in the case of privacy extensions), do a duplicate address check, and start communicating.
Makes sense.
That feature is a lightweight and efficient replacement for DHCPv6 in many cases, however you are not forced to use it.
At least in IPv4, DHCP offers more than just the IP address. IP, DNS, WINS, gateway, where to find a server to boot from (in case of network boot). DHCPv6 probably does too, so I would use it instead of autoconf.
I don't know of any routing equipment that prevents you from doing/100 subnetting in IPv6, you would simply have to assign addresses without using autoconf.
Oh, OK, the previous poster mentioned something that it might not be supported, but if it is then great. I hope that someone implements NAT (so I can continue to have the functions I listed several times before) then I would no longer have anything against IPv6.
Well, it was one way I discovered that one cell phone provider used transparent proxy. conect to some random IP and send a HTTP request without the "Host" part and I would get an error from the proxy software.
Transparent proxies and HTTP interception do not need to know the original destination IP - proxies get it from the request header, interceptors just ignore it and reply with their page instead.
Vaccines and medicine are not the final answer, at least not yet. Maybe some day humans will be able to cure any disease, but for now, we should at least be happy that we can cure many diseases that in the past were almost certain death.
Your router only picks it up because your computer has the router IP listed as "default gateway".
But if I capture a packet that is going to google.com I see this:
Source IP: internal IP of my PC. Destination IP: the IP of google.com Source MAC: MAC of my PC Destination MAC: MAC of my router
Using "gw" means "this subnet is not local, you need to send it to that guy, he knows how to deliver it". Leaving out "gw" mean this subnet is local so you can deliver it directly to host machines on the local ethernet.
One time I had to configure a bunch of virtual Cisco routers to act as a network (to forward packets where they should, this was part of a class at my university. The routers were connected directly to each other (and it was assumed that the networks could be connected to the routers) and it was possible to make packets go trough even though the IPs at the ends of a connection were part of different subnets (each router had its own subnet and all ports were in it). I just had to specify the correct interface and the packets could go from router 1 to router 3 while going trough router 2. Though maybe it worked because the links between the routers were point-to-point (serial connections).
The entire communication has to be altered to convince both ends that they're talking to who the believe they are.
What if the program is on another computer? In that case you need to redirect that packet to that machine, so you need to replace the destination IP (and maybe the source IP too) and send the packet out the appropriate interface. Then, when the reply comes back, you need to replace the source IP (and maybe the destination IP too) so that the client thinks it is talking to the actual server instead of the proxy.
The only properties that matter are those that support survival in the face of adversity.
I wanted to say that, but did not manage to make a correct sentence - English is not my native language.
Besides, the human immune system, given proper conditions will be far more capable of keeping up with virus evolution than science will, and we've got about 2 million years of evolution to prove it.
Could be, but still, since we value the life of an individual, letting people die from a disease that is possible to prevent (now) seems horrible. This is what happened during those 2 million years - the weak died and the strong survived.
By proper conditions, I mean clean land, air, water and food.
Which may not be that possible, given the current population. However, since we value life, we use whatever means necessary to extend life and prevent diseases without resorting to "kill a bunch of people to free up some space" option.
We aren't anywhere close to that in the air and water department, but our food is much better than it was in times past (assuming that the source of food is whole food).
Air - yes, water can be filtered. The people in the ISS manage to extract safe water from urine, I'm sure it would be possible to extract clean water from muddy water.
Interception requires one to rewrite the source and/or destination IPs in the header, like NAT does. It also requires one to remember the mappings, just like NAT.
The packets only get picked up by your router if they are routed to the routers IP address.
Maybe you meant MAC address. I am sure than when i go to google.com, my PC sends a packet with the source IP as its own and destination IP as the one for Google and my router picks it up, sends it out the other interface (and changes the source IP to the external one, since I am using NAT).
Also, I thought that the "gw" parameter for the route command was only useful when there was more than one router on the same interface, for example:
route add -net net1 netmask mask gw 192.168.0.1 dev interface route add -net net2 netmask mask gw 192.168.0.2 dev interface
Now packets going to net2 will go to.0.2 and packets going to net1 will go to.0.1 that are both connected to the same interface.
I really want to try this, but as I cannot, I'll take your word for it, that it did not work.
Your statement that "a lot more people would be dead right now" is an assumption that at the moment can't be proved either way as we have no way of knowing how humans would evolve.
Without vaccination a lot more people would die from the diseases from which the vaccine currently protects us. Take the original vaccine for example - smallpox. Before the vaccine was developed, a lot more people died from smallpox than are dying now (wikipedia says that the disease was completely eradicated). If the vaccine was not developed, logic dictates that the disease would not be eradicated and people would be dying from it even now. Other diseases are similar.
if that were feasible without a giant die-off, it's something to consider.
Sure, but since it is not feasible without a lof of people dying (after all, natural selection usually means deaths of those who have the undesired properties).
Earlier I said specifically that I wanted to not use different DNS names, though I am well aware of the possibility. It is possible to do that with and without NAT, but only NAT allows me to have one DNS name.
For most of the normal people, IPv6 will be exactly the same as IPv4 - they will need to buy and reconfigure their equipment, but other than that, the web browsing will be the same. They will still need to configure the firewall to allow certain IPs/ports in (just like they need to do that with NAT). The positive effects of multiple public IPs will be felt by the advanced users. I also think that having multiple external IPs won't hurt, but I want NAT for the other functions that require it.
Well, I once talked with an older person about this, he said that in the past people were healthier. I agree with it, however it seems more likely that it was mainly do to these reasons:
1. Natural selection. A lot of people dies from diseases we can cure today, for example, tuberculosis and whatever heart conditions that require a pacemaker. After all, when my grandmother was young (before WW2), it was perfectly normal that some of your children die before reaching adulthood. Now we are shocked if a child dies. Like the kid with an artificial heart - in the past he would have just died and nobody (except his family/relatives/friends) would have known about it. 2. Less information. If someone has some strange disease, the whole country might find out about it (because it will probably be broadcast at least nationally), in the past, the newspapers and radio had other things to talk about rather than how some kid in the US has some strange disease.
As is so often the case, we can't always see the long-term implications of our actions. For now, it's working out and benefiting most of the people who have accepted vaccines.
Which is useful now. The fact that we do not know the long-term effects should not stop us from doing this. After all, if vaccines were banned we would not even find out if they were good or bad in the long term and a lot more people would be dead right now.
There is considerable risk that vaccines, like antibiotics could give rise to "superbugs".
The way i see it:
Vaccination (antibiotics): +:more people survive, hopefully the disease is eliminated completely -:there is a chance that in the future the vaccine will become ineffective. Hopefully the science will have advanced by then and a new vaccine or drug will be developed.
No vacciantion: +: there is a chance that it won't get any worse in the future (but the bug could still become more dangerous). -: more people die now, and continue dying in the future at least at the same rate
You're not going to get cancer by inhaling a little environmental cigarette smoke.
If I go to a bar once in a while, I won't get cancer from the smoke, even if the smoke is so thick it's more like a fog. I don't envy the bartender who has to be there the whole day.
What if I am sharing an office with a coworker who does likes to smoke inside? What if I am allergic to some chemical inside the smoke?
Outside (and in your home, provided you live alone or everyone is OK with it and you do not have children living with you), sure, smoke as much as you want, it won't affect me.
Well, the insides computers that are in the homes of heavy smokers (who smoke inside) can be covered by a layer of whatever stuff there is in the smoke. At least dust can be cleaned easily and does not stink. The particles from smoke stick and stink. Here is a picture of a computer from a smoker. I am quite sure that if the dust is disturbed, the resulting smell would stay in the room quite long.
Second hand smoke does not have much of an effect when the exposure is short (at a bar or wherever, unlike, say, working 8 hours every day with someone who constantly smokes inside the office, or the bartender who works at a bar that is foggy from smoke), however, the particles inside the computer result from years of smoking, so the dose is fairly high, not just a couple of cigarettes.
That was where I learned about the "invisible firewall" trick. Only way to do it when the ISP does not like you.
So, it can be done, that is your equipment works with smaller subnets. From what you told me about IPv6 it looks like my equipment might not work if the subnet is smaller than a/64.
Actually you can not split a IPv4 subnet into smaller subnets if the ISP does not play along. I know, I have been there. The ISP gave me a/27 but refused to setup a route.
The problem is exactly the same no matter what size network they expose as long you do not get to configure a route either automatically or manually.
OK, let's see if I understand this correctly. The ISP assigned you a/27, so it means that the route is set up as "your.ip/27 goes to your.interface", that is, all packets destined to your subnet would come to you. Now, if you placed a router at your side of the cable, why were you unable to configure it to route the incoming packets to watever part of your network they were supposed to go? The routes on your router should be something like "ip/29 goes to interface1; ip2/29 goes to interface2; everything else goes to the ISP".
I do not have enough computers right now to test it, so can you tell me why that would not work?
Actually it doesn't. In Linux terms you need to the REDIRECT target in iptables. This should still be available for IPv6 although I have not tested it.
Last time I did this, I used the DNAT target on iptables.
In general all the iptables targets should work with IPv6, but likely some of them are not implemented.
Yes, thankfully IPv6 does not prevent NAT, it's just that there are no way to do it for now.
But the need for something like this will be much less. Often a setup like that is done to preserve IP addresses of which there is no need.
Or I may not want to use www.example.com and ftp.example.com domain names, just use the one name for all services, even if they are on separate physical (or virtual) servers. For example, let's say that I have a server that does both, http and ftp. That servers stops working and I replace it with two older servers that cannot handle the combined load, so I use one server for ftp and the other for http. But everyone is expecting a single server. With NAT I could just change the port mappings and be done with it.
The reverse (mapping two external IPs to a single internal one) is useful if I want to have two different server IPs but do not want to use separate physical or virtual machines for them.
This is not to say that you should not be using routing for such a setup, but if you can not because your ISP is playing stupid, the alternative is not so bad.
But that's the point - I do not want my ISP to have a say in anything I do inside my network (and two networks connected by VPN also count) as long as the incoming and outgoing packets are what the ISP allows. As it is now, I can have a lot of subnets, routing, redirections and anything else, and my ISP has no say in it, actually, it does not know what I am doing inside the network. It also does not know how many computers (or other devices) I have. The ISP should not care how many subnets I have (and if I got a big block of public IPv4 addresses, I could split them up in however many subnets I want and the ISP would not know, so, in my opinion, this part of IPv6 is a downgrade).
Similar thing is with the electricity - the power company provides power and as long as I pay for the energy, do not use too much power (or else the circuit breaker trips) and do not attempt to disturb the voltage on the main lines (by introducing noise or whatever), the company shoud not care, for example, how many outlets I have and how many devices I have plugged in (10 40W lightbulbs draw the same power as 4 100W lightbulbs, so the power company should not care about how many lightbulbs I have, as long as the total power used is normal) or how many rooms are in my house.
Of course the subnet problem could be fixed by NAT (AFAIK, IPv6 has a reserved internal address space, like the 192.168.*.* and similar IPs in IPv4). I could just do 1-to-1 (or some other) mapping and use whatever subnets I want.
This makes your Linux box act like a switch with two ports, automatically bridging packets received on one interface to the other, filtering on MAC addresses like a real switch.
Thanks for the information. I hope that it is also possible to filter by IPs (since MACs depend on the network card) and ports (as in the router mode) though.
Why not write about them here so we might debate useful approaches?
One example is transparent proxies. You want to connect to google.com, you actually connect to the proxy server. This can be useful for caching and also to make a login page for the network (a few providers use it) - when you first connect to the network you get the login page, later all your connections go to the intended destinations. This requires NAT.
Also, with NAT, I can make two physical servers appear as one, so, for example, example.com:80 goes to one server and example.com:21 goes to another. Or conversely, make example.com:80 and example1.com:80 go to different ports of the same server. This can be achieved with port forwarding without NAT, however, that makes all of the connections seem to originate from the device that does the port forwarding, which means that logging etc is less useful.
As for subnets, they are easy to make parts of the network to not talk to each other, or at least the packets can be made to go trough a router which can also do filtering. For example, let's say I want to have an open wifi connection so anyone can use it. I would want to make it so the wireless user can access the internet but not my wired network. That I can do with firewalls, however, having one additional network card on my router is easier, but that requires that the wifi and the wired network be part of different subnets.
Routing also allows me to use Layer 3 VPNs, so no broadcast packets go trough the tunnel, after all, whatever connection I am using to connect to the VPN might be very slow or capped.
IPv6 replaces broadcasts with multicast and implements multicast on an ethernet level so a proper network does not propagate multicast packets to ports with no subscribers to that multicast group.
Which means that my switches might not work with IPv6, or at least may not work correctly. Hubs forward packets to everyone anyway, so there would be no difference.
Some are using layered NATs but mostly because that is the default on many wireless routers and not because they made a decision about it.
I don't think that whoever has layered NAT just because it is the default setting on their router/AP will want to have multiple web (or some other service) servers on the default port.
Also, is there a way to configure a Linux box to work just as a firewall, but not router (that is, to filter packets when both interfaces are part of the same network/subnet)?
One IP with NAT and ability to subnet your internal network versus 2^64 IPs without NAT and subnets, the later wins.
While I am using NAT and subnets right now, I would not know what to do even with two (much less 2^64) public IPs. Actually, I can think of a lot of fun stuff that I can do with subnets and NAT, but a lot of public IPs would not be as useful. The fact that I would have to somehow hack the subnets and NAT (or at least the funtions that NAT provides) into the network makes me wish IPv6 was designed differently (at least with the subnet part - NAT, as you said, is possible, just not implemented yet).
Why would someone design it so that/64 is the smallest supported subnet?
Subnetting a residential connection has limited utility but unique public addresses for every computer and device is tremendious useful.
Life is possible without NAT, of course. However, NAT as an option makes life easier. It would be interesting to see how transparent proxies (and network login pages*) can be implemented without NAT.
* Some hotspots do this - you connect to the network and when you go to some site, instead of the site you see a login page. You enter the login/password tat you got from the ISP (or when you paid for the wifi) and not every new connection will go to the intended destination. This is easy to do with iptables and nat and works like a transparent proxy.
So, IPv6 does not completely support multiple subnets in the/64 network and I have to ask the ISP to give me another/64 so I could put a couple of devices there. And the ISP of course will just give it to me without making me pay more, riight.
Instead of, you know, having however many subnets I want with no cooperation from the ISP. I would think that however many IPs there are in the/64 it should be enough for at least a couple of subnets.
The more I read about IPv6 the more it seems to me that it was badly designed. No transparent proxies, no subnets, no normal port forwarding. And it looks like some really bad hacks will need to be done to have the same functions as with IPv4.
However, if by port forwarding you mean something that works like "nc -l -p 80 | nc server_ip 80" then it makes all connections appear as if they are originating from the router/firewall. Replacing the destination IP/port, while keeping the source IP/port is NAT.
There are so many things broken with NAT you wont belief it, but because you've never used such features you cannot think they could exists, nor could you see the use of it, so you want NAT.
And why would it be bad if I used NAT for whatever features I think are useful and you do not use it because it breaks something that you want?
Slashdot Mirror
The solution is, of course, to buy a $500 videocard, which will be good for a few years, but with that money you can get a console with controllers and one or two bundled games, so why bother?
Or buy a cheaper video card and play on lower settings.
New games generally work on older computers with reduced graphic settings. Yes, you will not be able to see all of the graphic awesomeness of the new game, but if all games targeted your video card, nobody would be able to get the better graphics. Now you can still enjoy the game with lower settings on cheaper hardware, while I can play it on higher settings on more expensive hardware.
Also, to me, keyboard+mouse is much better than a controller.
Finally, while I'm on it, you need not worry about fucking DRM in your console games, although that's another story (and perhaps the trade is fair, for PC gamers need not fear that their PC manufacturer suddenly bricks their computer... unless sony is involved).
DRM is an annoyance, but it can be cracked. However, I can use my PC for more than just playing games, also, I can play quite old games on the same PC and play indie games that cannot be released on a console (for example Minecraft). I can also modify my PC as much (or as little) as i want, run any program (even ones I wrote myself) and the manufacturers (of the CPU, GPU etc) cannot prevent it.
Besides, everyone keeps complaining how games nowadays focus on looking stunning and having great sound effects and, basically, taking too much effort into the media part of the game, while slacking off in other areas, like immersiveness, story, character development and all that.
I do not think that everyone agrees what the weak parts are. Each person has a different opinion on what is good and what could be better - one likes graphics, another can play a text mode game as long as the story (or gameplay) is good enough. I, for example, like games with good stories and gameplay, but I need to see stuff to be able to enjoy the game. Minecraft is about the lowest quality graphics that I can tolerate (though I am using a HD texture pack for it, I can tolerate the original textures too).
Also, why do I have to press up, up, down, down, left mouse button, enter to perform some action instead of pressing a some button? I mean my keyboard has a bit more than 100 keys...
Under IPv6 the above mentioned autoconf feature has been extended so that it CAN also be used as a general address assignment scheme. This allows a router to send out a simple message on a broacast domain, advertizing the network number. The hosts can then generate a host number based on their MAC address (or some random heuristics in the case of privacy extensions), do a duplicate address check, and start communicating.
Makes sense.
That feature is a lightweight and efficient replacement for DHCPv6 in many cases, however you are not forced to use it.
At least in IPv4, DHCP offers more than just the IP address. IP, DNS, WINS, gateway, where to find a server to boot from (in case of network boot). DHCPv6 probably does too, so I would use it instead of autoconf.
I don't know of any routing equipment that prevents you from doing /100 subnetting in IPv6, you would simply have to assign addresses without using autoconf.
Oh, OK, the previous poster mentioned something that it might not be supported, but if it is then great. I hope that someone implements NAT (so I can continue to have the functions I listed several times before) then I would no longer have anything against IPv6.
Well, it was one way I discovered that one cell phone provider used transparent proxy. conect to some random IP and send a HTTP request without the "Host" part and I would get an error from the proxy software.
Transparent proxies and HTTP interception do not need to know the original destination IP - proxies get it from the request header, interceptors just ignore it and reply with their page instead.
Oh, OK, now I understand.
Vaccines and medicine are not the final answer, at least not yet. Maybe some day humans will be able to cure any disease, but for now, we should at least be happy that we can cure many diseases that in the past were almost certain death.
Your router only picks it up because your computer has the router IP listed as "default gateway".
But if I capture a packet that is going to google.com I see this:
Source IP: internal IP of my PC.
Destination IP: the IP of google.com
Source MAC: MAC of my PC
Destination MAC: MAC of my router
Using "gw" means "this subnet is not local, you need to send it to that guy, he knows how to deliver it". Leaving out "gw" mean this subnet is local so you can deliver it directly to host machines on the local ethernet.
One time I had to configure a bunch of virtual Cisco routers to act as a network (to forward packets where they should, this was part of a class at my university. The routers were connected directly to each other (and it was assumed that the networks could be connected to the routers) and it was possible to make packets go trough even though the IPs at the ends of a connection were part of different subnets (each router had its own subnet and all ports were in it). I just had to specify the correct interface and the packets could go from router 1 to router 3 while going trough router 2. Though maybe it worked because the links between the routers were point-to-point (serial connections).
The entire communication has to be altered to convince both ends that they're talking to who the believe they are.
What if the program is on another computer? In that case you need to redirect that packet to that machine, so you need to replace the destination IP (and maybe the source IP too) and send the packet out the appropriate interface. Then, when the reply comes back, you need to replace the source IP (and maybe the destination IP too) so that the client thinks it is talking to the actual server instead of the proxy.
The only properties that matter are those that support survival in the face of adversity.
I wanted to say that, but did not manage to make a correct sentence - English is not my native language.
Besides, the human immune system, given proper conditions will be far more capable of keeping up with virus evolution than science will, and we've got about 2 million years of evolution to prove it.
Could be, but still, since we value the life of an individual, letting people die from a disease that is possible to prevent (now) seems horrible. This is what happened during those 2 million years - the weak died and the strong survived.
By proper conditions, I mean clean land, air, water and food.
Which may not be that possible, given the current population. However, since we value life, we use whatever means necessary to extend life and prevent diseases without resorting to "kill a bunch of people to free up some space" option.
We aren't anywhere close to that in the air and water department, but our food is much better than it was in times past (assuming that the source of food is whole food).
Air - yes, water can be filtered. The people in the ISS manage to extract safe water from urine, I'm sure it would be possible to extract clean water from muddy water.
Those are not NAT, they are "interception".
In that case, what is NAT?
Interception requires one to rewrite the source and/or destination IPs in the header, like NAT does. It also requires one to remember the mappings, just like NAT.
The packets only get picked up by your router if they are routed to the routers IP address.
Maybe you meant MAC address. I am sure than when i go to google.com, my PC sends a packet with the source IP as its own and destination IP as the one for Google and my router picks it up, sends it out the other interface (and changes the source IP to the external one, since I am using NAT).
Also, I thought that the "gw" parameter for the route command was only useful when there was more than one router on the same interface, for example:
route add -net net1 netmask mask gw 192.168.0.1 dev interface
route add -net net2 netmask mask gw 192.168.0.2 dev interface
Now packets going to net2 will go to .0.2 and packets going to net1 will go to .0.1 that are both connected to the same interface.
I really want to try this, but as I cannot, I'll take your word for it, that it did not work.
Your statement that "a lot more people would be dead right now" is an assumption that at the moment can't be proved either way as we have no way of knowing how humans would evolve.
Without vaccination a lot more people would die from the diseases from which the vaccine currently protects us. Take the original vaccine for example - smallpox. Before the vaccine was developed, a lot more people died from smallpox than are dying now (wikipedia says that the disease was completely eradicated). If the vaccine was not developed, logic dictates that the disease would not be eradicated and people would be dying from it even now. Other diseases are similar.
if that were feasible without a giant die-off, it's something to consider.
Sure, but since it is not feasible without a lof of people dying (after all, natural selection usually means deaths of those who have the undesired properties).
Earlier I said specifically that I wanted to not use different DNS names, though I am well aware of the possibility. It is possible to do that with and without NAT, but only NAT allows me to have one DNS name.
For most of the normal people, IPv6 will be exactly the same as IPv4 - they will need to buy and reconfigure their equipment, but other than that, the web browsing will be the same. They will still need to configure the firewall to allow certain IPs/ports in (just like they need to do that with NAT). The positive effects of multiple public IPs will be felt by the advanced users. I also think that having multiple external IPs won't hurt, but I want NAT for the other functions that require it.
Well, I once talked with an older person about this, he said that in the past people were healthier. I agree with it, however it seems more likely that it was mainly do to these reasons:
1. Natural selection. A lot of people dies from diseases we can cure today, for example, tuberculosis and whatever heart conditions that require a pacemaker. After all, when my grandmother was young (before WW2), it was perfectly normal that some of your children die before reaching adulthood. Now we are shocked if a child dies. Like the kid with an artificial heart - in the past he would have just died and nobody (except his family/relatives/friends) would have known about it.
2. Less information. If someone has some strange disease, the whole country might find out about it (because it will probably be broadcast at least nationally), in the past, the newspapers and radio had other things to talk about rather than how some kid in the US has some strange disease.
As is so often the case, we can't always see the long-term implications of our actions. For now, it's working out and benefiting most of the people who have accepted vaccines.
Which is useful now. The fact that we do not know the long-term effects should not stop us from doing this. After all, if vaccines were banned we would not even find out if they were good or bad in the long term and a lot more people would be dead right now.
There is considerable risk that vaccines, like antibiotics could give rise to "superbugs".
The way i see it:
Vaccination (antibiotics):
+:more people survive, hopefully the disease is eliminated completely
-:there is a chance that in the future the vaccine will become ineffective. Hopefully the science will have advanced by then and a new vaccine or drug will be developed.
No vacciantion:
+: there is a chance that it won't get any worse in the future (but the bug could still become more dangerous).
-: more people die now, and continue dying in the future at least at the same rate
Seems like a pretty easy choice for me.
You're not going to get cancer by inhaling a little environmental cigarette smoke.
If I go to a bar once in a while, I won't get cancer from the smoke, even if the smoke is so thick it's more like a fog.
I don't envy the bartender who has to be there the whole day.
What if I am sharing an office with a coworker who does likes to smoke inside? What if I am allergic to some chemical inside the smoke?
Outside (and in your home, provided you live alone or everyone is OK with it and you do not have children living with you), sure, smoke as much as you want, it won't affect me.
Well, the insides computers that are in the homes of heavy smokers (who smoke inside) can be covered by a layer of whatever stuff there is in the smoke. At least dust can be cleaned easily and does not stink. The particles from smoke stick and stink. Here is a picture of a computer from a smoker. I am quite sure that if the dust is disturbed, the resulting smell would stay in the room quite long.
Second hand smoke does not have much of an effect when the exposure is short (at a bar or wherever, unlike, say, working 8 hours every day with someone who constantly smokes inside the office, or the bartender who works at a bar that is foggy from smoke), however, the particles inside the computer result from years of smoking, so the dose is fairly high, not just a couple of cigarettes.
That was where I learned about the "invisible firewall" trick. Only way to do it when the ISP does not like you.
So, it can be done, that is your equipment works with smaller subnets. From what you told me about IPv6 it looks like my equipment might not work if the subnet is smaller than a /64.
Actually you can not split a IPv4 subnet into smaller subnets if the ISP does not play along. I know, I have been there. The ISP gave me a /27 but refused to setup a route.
The problem is exactly the same no matter what size network they expose as long you do not get to configure a route either automatically or manually.
OK, let's see if I understand this correctly. The ISP assigned you a /27, so it means that the route is set up as "your.ip/27 goes to your.interface", that is, all packets destined to your subnet would come to you. Now, if you placed a router at your side of the cable, why were you unable to configure it to route the incoming packets to watever part of your network they were supposed to go? The routes on your router should be something like "ip/29 goes to interface1; ip2/29 goes to interface2; everything else goes to the ISP".
I do not have enough computers right now to test it, so can you tell me why that would not work?
Actually it doesn't. In Linux terms you need to the REDIRECT target in iptables. This should still be available for IPv6 although I have not tested it.
Last time I did this, I used the DNAT target on iptables.
In general all the iptables targets should work with IPv6, but likely some of them are not implemented.
Yes, thankfully IPv6 does not prevent NAT, it's just that there are no way to do it for now.
But the need for something like this will be much less. Often a setup like that is done to preserve IP addresses of which there is no need.
Or I may not want to use www.example.com and ftp.example.com domain names, just use the one name for all services, even if they are on separate physical (or virtual) servers. For example, let's say that I have a server that does both, http and ftp. That servers stops working and I replace it with two older servers that cannot handle the combined load, so I use one server for ftp and the other for http. But everyone is expecting a single server. With NAT I could just change the port mappings and be done with it.
The reverse (mapping two external IPs to a single internal one) is useful if I want to have two different server IPs but do not want to use separate physical or virtual machines for them.
This is not to say that you should not be using routing for such a setup, but if you can not because your ISP is playing stupid, the alternative is not so bad.
But that's the point - I do not want my ISP to have a say in anything I do inside my network (and two networks connected by VPN also count) as long as the incoming and outgoing packets are what the ISP allows. As it is now, I can have a lot of subnets, routing, redirections and anything else, and my ISP has no say in it, actually, it does not know what I am doing inside the network. It also does not know how many computers (or other devices) I have. The ISP should not care how many subnets I have (and if I got a big block of public IPv4 addresses, I could split them up in however many subnets I want and the ISP would not know, so, in my opinion, this part of IPv6 is a downgrade).
Similar thing is with the electricity - the power company provides power and as long as I pay for the energy, do not use too much power (or else the circuit breaker trips) and do not attempt to disturb the voltage on the main lines (by introducing noise or whatever), the company shoud not care, for example, how many outlets I have and how many devices I have plugged in (10 40W lightbulbs draw the same power as 4 100W lightbulbs, so the power company should not care about how many lightbulbs I have, as long as the total power used is normal) or how many rooms are in my house.
Of course the subnet problem could be fixed by NAT (AFAIK, IPv6 has a reserved internal address space, like the 192.168.*.* and similar IPs in IPv4). I could just do 1-to-1 (or some other) mapping and use whatever subnets I want.
This makes your Linux box act like a switch with two ports, automatically bridging packets received on one interface to the other, filtering on MAC addresses like a real switch.
Thanks for the information. I hope that it is also possible to filter by IPs (since MACs depend on the network card) and ports (as in the router mode) though.
Why not write about them here so we might debate useful approaches?
One example is transparent proxies. You want to connect to google.com, you actually connect to the proxy server. This can be useful for caching and also to make a login page for the network (a few providers use it) - when you first connect to the network you get the login page, later all your connections go to the intended destinations. This requires NAT.
Also, with NAT, I can make two physical servers appear as one, so, for example, example.com:80 goes to one server and example.com:21 goes to another. Or conversely, make example.com:80 and example1.com:80 go to different ports of the same server. This can be achieved with port forwarding without NAT, however, that makes all of the connections seem to originate from the device that does the port forwarding, which means that logging etc is less useful.
As for subnets, they are easy to make parts of the network to not talk to each other, or at least the packets can be made to go trough a router which can also do filtering. For example, let's say I want to have an open wifi connection so anyone can use it. I would want to make it so the wireless user can access the internet but not my wired network. That I can do with firewalls, however, having one additional network card on my router is easier, but that requires that the wifi and the wired network be part of different subnets.
Routing also allows me to use Layer 3 VPNs, so no broadcast packets go trough the tunnel, after all, whatever connection I am using to connect to the VPN might be very slow or capped.
IPv6 replaces broadcasts with multicast and implements multicast on an ethernet level so a proper network does not propagate multicast packets to ports with no subscribers to that multicast group.
Which means that my switches might not work with IPv6, or at least may not work correctly. Hubs forward packets to everyone anyway, so there would be no difference.
Some are using layered NATs but mostly because that is the default on many wireless routers and not because they made a decision about it.
I don't think that whoever has layered NAT just because it is the default setting on their router/AP will want to have multiple web (or some other service) servers on the default port.
Also, is there a way to configure a Linux box to work just as a firewall, but not router (that is, to filter packets when both interfaces are part of the same network/subnet)?
One IP with NAT and ability to subnet your internal network versus 2^64 IPs without NAT and subnets, the later wins.
While I am using NAT and subnets right now, I would not know what to do even with two (much less 2^64) public IPs. Actually, I can think of a lot of fun stuff that I can do with subnets and NAT, but a lot of public IPs would not be as useful. The fact that I would have to somehow hack the subnets and NAT (or at least the funtions that NAT provides) into the network makes me wish IPv6 was designed differently (at least with the subnet part - NAT, as you said, is possible, just not implemented yet).
Why would someone design it so that /64 is the smallest supported subnet?
Subnetting a residential connection has limited utility but unique public addresses for every computer and device is tremendious useful.
Not for me.
Life is possible without NAT, of course. However, NAT as an option makes life easier. It would be interesting to see how transparent proxies (and network login pages*) can be implemented without NAT.
* Some hotspots do this - you connect to the network and when you go to some site, instead of the site you see a login page. You enter the login/password tat you got from the ISP (or when you paid for the wifi) and not every new connection will go to the intended destination. This is easy to do with iptables and nat and works like a transparent proxy.
So, IPv6 does not completely support multiple subnets in the /64 network and I have to ask the ISP to give me another /64 so I could put a couple of devices there. And the ISP of course will just give it to me without making me pay more, riight.
Instead of, you know, having however many subnets I want with no cooperation from the ISP. I would think that however many IPs there are in the /64 it should be enough for at least a couple of subnets.
The more I read about IPv6 the more it seems to me that it was badly designed. No transparent proxies, no subnets, no normal port forwarding. And it looks like some really bad hacks will need to be done to have the same functions as with IPv4.
However, if by port forwarding you mean something that works like "nc -l -p 80 | nc server_ip 80" then it makes all connections appear as if they are originating from the router/firewall. Replacing the destination IP/port, while keeping the source IP/port is NAT.
There are so many things broken with NAT you wont belief it, but because you've never used such features you cannot think they could exists, nor could you see the use of it, so you want NAT.
And why would it be bad if I used NAT for whatever features I think are useful and you do not use it because it breaks something that you want?