Which implies (1) you're technically adept enough to worry about this, and thus (2) you could just forward a dynamic SSH proxy from the torrent machine and use it for connecting.
Which would be less convenient than using NAT.
Or install a SOCKS proxy, and use ProxySwitchy! or similar in your web browser.
Same thing too.
I do not see why an optional NAT would be such a problem. I should be able to do whatever I want to the packets that enter and leave my network.
Oh, OK, so if I assign my addresses like...1,...2,...3 I would still be able to make...256 be a part of a different subnet. That's good to know, I am not planing to use the MAC address as part of the IP, that would just lead to problems if I ever need to replace the network card.
I wrote that when replying to other comments, but basically NAT allows me to make http://example.com/ and ftp://example.com actually go to different servers. Or conversely, I could make example.com:80 and example1.com:80 go to different ports on the same server. Also, NAT allows me to have transparent proxies. Some torrent sites note my IP when I log in and only allow connections from it, now I can log in from my main PC and have the torrents on an other PC. Without NAT I would have to log in from the torrent PC (or set up some sort of proxy on it and then use it).
IPsec AH headers protect the integrity of the source and destination IP addresses (by design), so if those are modified in any way by NAT things will break.
Now that i went and read about it in Wikipedia, it seems we were both right - IPSec Transport mode does not support NAT (and needs NAT-T), while Tunnel mode (which is used for VPNs) supports NAT.
Anyway, you are clearly okay with NAT's limitations.
The only limitations of NAT that I see are those that stem from the fact that I only have one external IP (so I absolutely have to use NAT for everything). If that limit is lifted, NAT would have no problems, or rather, if you do not like it, you would not have to use it. Why would it be bad for you if I use it to mask the number of my computers, do transparent proxies and other fun stuff that is only possible when it is possible to modify the source and destination fields in the header.
That's not the only reason. IPsec, for instance, has to be wrapped inside UDP (called IPsec NAT-T) to break through NATs since IPsec was designed to be run directly on top of IP, where there is no concept of ports to forward! Any attempt to go beyond TCP and UDP runs horribly afoul of NATs.
Or I can forward whatever protocol number to my VPN server. The fact that NAT is possible does not mean that I have to limit yourself to one external IP. If I have two VPN servers I can use two external IPs for them.
Simple inbound port forwarding doesn't need to be implemented as some fancy stack-level kernel feature like NAT; you just need a process listening on a port that, upon accepting, makes a connection to another IP and port and copies the data in both directions.
Which means that the server will see a lot of connections coming from the router (or whatever does the port forwarding) and will not see the actual IPs of the clients. Which makes this less useful than NAT.
It's likely a fair amount of NAT-like behavior will be written for IPv6 to support implementing transparent proxies, which do have to happen at the stack level.
Oh yea, I forgot transparent proxies. Thanks for reminding me:)
I just want the amount of NATted traffic on the Internet at large to be on the opposite end of the bell curve than it is now, since with IPv6 it will be unnecessary to "share an Internet connection" in the same way as IPv4.
What I understand is that there is not so much a problem with NAT by itself, it's that ISPs sometimes put clients behind NAT that the clients cannot control. NAT by itself can be configured however you like, especially since with IPv6 it would not have to be 1-to-many (or is it called "many-to-1"? anyway, the version with a single external IP) NAT, you can do 1-to-1 (to have constant internal IPs that do not depend on which ISP you are connected to at the moment, also to load balance between two ISPs that have assigned different IPs) or some other form. Skype does not need to punch trough NAT if the port is forwarded, neither does P2P. Configuration will still be necessary, but instead of "forwarding a port" it will be "opening a port" on the firewall.
As for "share an Internet connection" - ISPs may try to charge the customers based on how many devices they have connected (the fact that the address space is big enough for everyone does not mean that the ISPs won't try to get a few bucks out of the customers anyway).
But a lot of protocols in use today (peer-to-peer filesharing, VOIP, VPN, etc.) have had horrible kludges built into them to ensure that they can break through NAT and still work.
Breaking trough NAT without port forwarding - sure. The only reason why the protocol might not work with NAT with port forwarding is if it for some reason does not trust the header of the packet and adds a copy of the IP address in the data section (like ftp does).
So make your router (or other box) explicitly do port forwarding and/or load-balancing; it's effectively what you're using NAT for here and would likely be more flexible.
So, I can make a packet destined to 1::2 port 80 (hmm, with IPv4 I can write 1.2.3.4:80, is some other symbol used for marking the port number? 1::2:3:4:80 could be confusing?) actually go to 1::3 port 80? Great - it means I can still publish only one IP and do the port mappings, which makes this "almost" NAT.
So, the only thing that cannot be done is rewriting the source IP field on outgoing connections (not packets, since for port forwarding to work it has to work both ways)?
It's a pretty bad scientist who makes conclusions with no experiments.
Well, IPv4 is currently working well enough for me, but i would experiment with v6 so that when I need it, I know how to use it, however, using tunnels is probably going to be a bit different than when my ISP finally offers it (from configuration standpoint). Also, since HE does not have a tunnel server in my country, the packet may end up going a longer path than needed (especially if I try to access a server that is in my country).
most Internet traffic is tunnelled at one point or another,
Yes, and those tunnels won't disappear if I start using a yet another tunnel.
Why oh why would you want NAT?
I already answered that in response to other comments about that, tldr version is that I want to be able to mask multiple computers as one and make my network a black box (nobody should know or care what is inside it to be able to communicate with it). Reasons why are in the other comments.
And why would you care that you have three IP addresses (one of which isn't even routable to the outside world)?
Because I will have to remember and manage them all (not to mention that v6 IPs are much longer and harder to remember), and it's not just 3 IPs, it's 3 IPs per computer.
What, 2^64 (1,844,674,410,000,000,000) addresses aren't enough for your personal use?
Reply:
But this only allows one network (as networks are always/64). If I want to have three networks (servers on one network, clients on another network, and my lightswitches and fridges on a third network) I will simply be able to do this.
Then what's the problem? Just divide it by some easy to remember rule and that's it (like on IPv4 I can make 192.168.0/24 as subnet 1, 192.168.1/24 as subnet 2 and so on). If it is possible to do the same thing with IPv4 then why would you need a larger address space than the minimum/64, since it is very unlikely that anybody will be able to use it all up?
That not only allows for a couple of subnets (e.g. wired, wireless, uplink, DMZ), but it also lets you use relatively dumb routers that handle subnets by cutting their address space in 2-4 pieces, and you can stack a couple of those.
Wait, so you cannot do subnets like in IPv4? You actually have to use the whole huge address space for a single subnet and if you want another one, beg the ISP to give it to you?
NAT breaks stuff right and left today, for two main reasons - lots of protocols, including FTP and newer protocols, put the IP address inside the data packets, not just in the packet headers, and doing NAT properly requires ripping the packets apart, changing the addresses, and fixing up any checksums that got damaged in the process. It's even worse if you've got protocols that use crypto, either for information hiding or just simply for authentication. It's very hard to get them right, especially if people design protocols the firewall doesn't know about.
OK, I can just use whatever protocols that work.
- stateful NAT makes it hard to establish connections through the firewall. Sometimes this is intentional, blocking unwanted connections for security reasons, but if two people behind NAT want to communicate, neither one can talk until the other one has talked to them first. There are products like Skype that are popular because they go to a lot of trouble to work around the different broken NAT implementations out there.
If I want to I can always forward a port. Just like I am doing right now with IPv4.
The point is, I do not want NAT to be imposed on everyone. I just want the option of doing whatever I want to the packets that enter and leave my network, including changing the address fields, for whatever reason. If something does not work for me because of NAT that I myself placed there, so be it, I'll find a workaround or, if it really bugs me, stop using NAT.
If you want to offload packet inspection from your 2GHz CPU down to your 200 MHz SOC-based firewall, go ahead; about a quarter century ago, Van Jacobson figured out how to tune the BSD TCP/IP stack so you could do wire-speed file transfer on 10 Mbps Ethernets using a Sun 3/60, so you should have plenty of spare CPU horsepower left to inspect your packets.
I can use a PC with Linux (or even Windows) as a firewall or router, that's not the point. The point is that getting that 1gbps internally is quite difficult even when the CPU does not have to split each packet into 1500 byte sized parts (and even more difficult if the CPU has to inspect it first). And I'm not that guy, I won't be able to tweak Windows enough to get 1gb on software only (even without packet inspection).
There's no particularly good reason for your computer to look like a single computer to anybody outside your network, and simple address-munging isn't enough to solve the problem.
As I said in reply to another post, i might want to make example.com:80 and example.com:21 connect to different physical (or virtual) servers. Without modifying DNS and doing the whole www.example.com and ftp.example.com thing.
Some torrent trackers get your IP when you log in and later only allow connections from that IP. This practice is not very common now, everybody is using passkeys, but it still is possible to find one that tracks by IP. If my torrent PC is a separate one I may not want to open the browser in it (if it even has a browser).
Some servers track your IP when you log in. If your IP changes you might have to log in again. What if I want to be logged in from two computers?
Also, if I, say, have two servers that provide similar, but different services, I might want to make them appear as a single server that has a single DNS name. connecting to example.com at port 80 (http) would connect you to one server, but connecting to port 21 (ftp) would connect you to another server and there would be no need for www.example.com and ftp.example.com
Also, if the server fails and I have a backup one (that is not exactly the same as the primary one, maybe I have two older servers each providing a subset of the services of a newer server), I can just change the port mappings to make the backup server(s) appear like the primary one. Without NAT I can either put an identical server in place of the failed one (and assign it the same IP) or remap all DNS records (and wait for the changes to propagate) pointing to the failed server. And I don't want to have a DNS record for each service that might end up on a different IP.
Basically, I want to make my internal network a "black box" - no one should know or care what is inside it.
Why do you want NAT? What does it achieve that a simple firewall does not?
Ability to mask multiple computers as one while they are all connected to the network at the same time.
Once IPv6 is live, there's only one address to worry about. The local one is not only automatically selected, it's automatically used in place of the public one when routing packets locally. You literally never have to use it yourself. Windows even randomizes this to an extent, so remembering it is fruitless.
Yes, and it will always work, I won't have to enter it ever, since my DNS server has 100% uptime. Oh, and I have no old computers and other devices (a printer for example) that do not support IPv6, so I won't have to use both protocols./sarcasm
However, NAT would allow me to have to configure one set of addresses less than without NAT (3 sets without NAT, 2 with NAT). Also, NAT allows my network to appear as a single computer to any server outside of my network, how do I achieve that with IPv6?
NAT on IPv6 should not be that hard to do, that is, all it needs is to rewrite the source and destination IPs (and remember what the originals were), right? It's not like NAT is something very difficult and resource consuming to do.
As for security, yes, I can just block all incoming connections in a firewall and get the same effect as NAT, at least as far as the incoming connections are concerned.
every modern OS comes with a firewall built in...
... that makes the computer not use the offload (primarily Segmentation Offload) capabilities of the network card, reducing the LAN bandwidth and increasing the CPU usage. Some other firewalls process every single packet, making the network even slower and CPU usage even higher.
Yea, I'm waiting for my ISP to offer it too, so I can start experimenting with it. I won't use any of the tunneling services because I have a fast connection, so routing the packets trough a longer path than necessary (and this is what would hapen if my Pc decided to use IPv6 instead of v4 to connect to a server that supports both) will reduce my bandwidth, also, I doubt that any of those tunneling services would offer me 80mbps up/down for free.
Also, my ISP said that they will not be taking the public v4 addresses away, so that's good news too.
in addition, the fact that my computers will have at least 3 IP addresses (one v4, one v6 internal, one v6 external) is not a very appealing thought, I'd rather have NAT for v6 too, but AFAIK nobody offers it, yet.
Also, whenever I want to go somewhere and plan a route on my phone (or PC, to later transfer it to my phone) I always check the route that the program produced, mainly because it sometimes makes some choices that are OK, but I would like it different, for example - I prefer wider roads, but I would not want to drive 50km more just to avoid a narrow paved road or a small town, also, I would rather drive a bit more and go around a bigger city rather than go trough it, especially if my destination is on the edge of the city. So, I check the route and adjust it if I think I can do better.
I use Garmin Mobile XT on my phone, in addition to Google Maps. Google Maps does not have voice instructions (and when I'm driving, I like to look at the road, not my phone) nor it rotates the map so "up" is whatever direction I am going (instead of north), though maybe it is different in a new version, I have to go and check:). Garmin, on the other hand, is a bit slow in map mode (when I want to find something), so I use it when I'm driving (since the voice instructions and the 3D view work fine), but I use Google Maps when I want to find some place on the map. When I actually want to go there, I start Garmin.
Most of the time I can drive by the voice instructions alone, but sometimes I have to look at the screen to see which way the device wants me to go.
After all, it is not like iPhones *couldn't* support WebM.
Current ones probably can't support it because video decoding is done in hardware and AFAIK there is no hardware decoder for WebM yet.
But, realistically, where are these customers going to go?
Some other site - blip or something else.
I suppose that it is possible that some other video site might use this as an opportunity to usurp Youtube's position, but I see that as a long shot. Besides, unless the video site is run by an MPEG-LA member the new site is also going to be inclined to follow Google's lead on WebM.
Not necessarily - if the site adopts WebM as fast as Youtube does, they will always be smaller than Youtube (well, they couldn't overtake Youtube before WebM, they probably won't do it later too), however, using a codec that Apple products support would increase their user count after Youtube makes itself incompatible.
Obviously Apple wants to keep you happy enough so that you would consider buying from them again, but Google is actively trying to change the game so that you don't buy from Apple again. Google wants to do to Apple on the phone what Microsoft did to Apple on the PC. Making the iPhone feel like a special island of incompatibility is part of that strategy.
It will be interesting to see how this plays out - after all, Apple's products are too expensive even now, yet people are buying them, especially the iPods/Pads/Phones.
I certainly agree that 720EUR is a lot of money. I can see why you are upset. I am sure that, when you bought it, you did not envision that it would become less useful with time either.
Well, when I bought it, I understood that it will be less useful than newer phones (that were not yet released), however, I still can watch Youtube videos because my phone has a h264 (and DivX) decoders (it needs.mp4 container though, but is otherwise compatible with the iPod video format (older version, well, my phone was made in 2006). Now that Youtube (and others) want to change he codec to some other one that is not that different (and is the same to me - no software patents in my country) for some reason that only a few end users would care about, it kinda bugs me.
If anything, however, that just goes to show why a truly open codec for web video is so important. No one worries that HTML, HTTP, or any of the other web standards are going to disappear any time soon.
I also do not worry that h264 or mp3 are going to disappear soon. Even though there are better codecs than mp3 (higher quality for the same bitrate), mp3 is still extremely popular. h264 is part of a lot of devices, digital TV and Bluray, so it won't disappear any time soon too.
OTOH, I hope that CoreCodec releases a CoreWebM decoder, I use CoreAVC to play 1080p files because CoreAVC manages to use my CPUs (2 sockets with dual core CPUs) better.
The reason for this is simple. These standards, and many of them are just de-facto standards, are both open and not patent encumbered. Anyone can implement these standards without having to pay money, and so they are widely supported.
Ok,so they ban games for other reasons too. However, I still think that this law (the one in the article) is not bad at all - now parents will have more options than either allow the kid to play the game without restrictions or forbid it completely (using content filtering and so on).
As for H.264 being better, well, that's probably true, but the difference is slight, at best.
Anime fansubbers can do whatever at it isn't going to matter. TV show rippers are as likely to follow Google's lead as anything else.
AFAIK, it is very hard to do a good encode. The encoders (people) know how to make x264 do what they want and if they move to a different format, they will have to learn it again, just like they did when they moved from DivX to h264. However, h264 haas advantages over DivX, that it, it has better video quality for the same file size (or smaller file size for the same quality). WebM is "the same" at best, so, no point in switching.
As soon as their is hardware support for WebM, it is likely to get the nod.
Again, unlikely. Fansubers still release videos in divx (not all of them though) for those with crappy PCs or with hardware players that do not support h264. If they start using WebM, they will have to do 3 encodes - DivX (for those with crappy PCs and old players), h264 (for those with newer players also iPods and such) and WebM (for... those who do not like h264). So, web video will use one codec, downloadable video will use another. Old devices will not support the newer codec. And I thought that I won't need to do transcoding anymore.
Of course, the funniest thing that could happen is, after WebM is accepted almost everywhere, some patent holder finds out that the codec infringes on one (or more) of his patents and sues everybody (including end users) to get some cash. Now THAT would be fun.
See, the thing is, I do not care is some standard is abandoned and a new, better one is used. h264 is better than divx, because it allows for smaller file sizes and that is very important for HD. And everyone benefits from smaller files. However, WebM has no advantage for the vast majority of people, but it has disadvantages - the need to transcode online video (if your current library is in h264), the fact that older devices will not support it (and will need another transcode).
On the bright side, if you really care about this issue you can always build your own Chrome or Firefox browser with H.264 support. You have the source, after all.
I don't need it. I can modify software written in C/C++ by using a hex editor on the binary just as well, though I think it would be actually easier, since FF needs so much crap installed just to open/modify the source, not to mention that it is not compatible with Windows XP SP3, wtf?
An iPod is considerably less useful if it doesn't work with Youtube.
And Youtube is considerably less useful if it does not work on iPod. If/when Google drops h264 support from Youtube, we'll see if it's the iPod or the Youtube that suffers. Since a lot of people paid money for their iPods (and similar devices), also some of them would not buy a non-Apple phone, I think that they will move to another video site rather than buying another very expensive device.
Now, if they didn't have the devices already, then they would choose a device that (probably) works with Youtube, but as they have the devices now, it's going to be different. For example, in 2006, I paid ~720EUR for my cell phone, new phones (that I would want - that is, a phone must have a keypad with not-too-small buttons, preferably made by Nokia) cost about the same. 700EUR is a lot of money, the other phone must be that much better to convince me to part with another 700 Euros, since I already have a phone.
His next thought was utterly predictable: "I remember thinking, I'm gonna be rich! I'm gonna plunder the lottery!" he says. However, these grandiose dreams soon gave way to more practical concerns. "Once I worked out how much money I could make if this was my full-time job, I got a lot less excited," Srivastava says. "I'd have to travel from store to store and spend 45 seconds cracking each card. I estimated that I could expect to make about $600 a day. That's not bad. But to be honest, I make more as a consultant, and I find consulting to be a lot more interesting than scratch lottery tickets."
So, for him, the lottery was not profitable and interesting enough.
With Google backing WebM in a two years WebM is going to be ubiquitous on devices, and then your stated problems with the format disappear.
We'll see. DVB-T will still use h.264 (or MPEG2, depending on the country) though. Old devices still won't be able to play the new codec. Anime fansubbers and TV show rippers will still most likely use h264 since it is better.
Slashdot Mirror
Which implies (1) you're technically adept enough to worry about this, and thus (2) you could just forward a dynamic SSH proxy from the torrent machine and use it for connecting.
Which would be less convenient than using NAT.
Or install a SOCKS proxy, and use ProxySwitchy! or similar in your web browser.
Same thing too.
I do not see why an optional NAT would be such a problem. I should be able to do whatever I want to the packets that enter and leave my network.
Oh, OK, so if I assign my addresses like ...1, ...2, ...3 I would still be able to make ...256 be a part of a different subnet. That's good to know, I am not planing to use the MAC address as part of the IP, that would just lead to problems if I ever need to replace the network card.
I wrote that when replying to other comments, but basically NAT allows me to make http://example.com/ and ftp://example.com actually go to different servers. Or conversely, I could make example.com:80 and example1.com:80 go to different ports on the same server. Also, NAT allows me to have transparent proxies. Some torrent sites note my IP when I log in and only allow connections from it, now I can log in from my main PC and have the torrents on an other PC. Without NAT I would have to log in from the torrent PC (or set up some sort of proxy on it and then use it).
IPsec AH headers protect the integrity of the source and destination IP addresses (by design), so if those are modified in any way by NAT things will break.
Now that i went and read about it in Wikipedia, it seems we were both right - IPSec Transport mode does not support NAT (and needs NAT-T), while Tunnel mode (which is used for VPNs) supports NAT.
Anyway, you are clearly okay with NAT's limitations.
The only limitations of NAT that I see are those that stem from the fact that I only have one external IP (so I absolutely have to use NAT for everything). If that limit is lifted, NAT would have no problems, or rather, if you do not like it, you would not have to use it. Why would it be bad for you if I use it to mask the number of my computers, do transparent proxies and other fun stuff that is only possible when it is possible to modify the source and destination fields in the header.
That's not the only reason. IPsec, for instance, has to be wrapped inside UDP (called IPsec NAT-T) to break through NATs since IPsec was designed to be run directly on top of IP, where there is no concept of ports to forward! Any attempt to go beyond TCP and UDP runs horribly afoul of NATs.
Or I can forward whatever protocol number to my VPN server. The fact that NAT is possible does not mean that I have to limit yourself to one external IP. If I have two VPN servers I can use two external IPs for them.
Simple inbound port forwarding doesn't need to be implemented as some fancy stack-level kernel feature like NAT; you just need a process listening on a port that, upon accepting, makes a connection to another IP and port and copies the data in both directions.
Which means that the server will see a lot of connections coming from the router (or whatever does the port forwarding) and will not see the actual IPs of the clients. Which makes this less useful than NAT.
It's likely a fair amount of NAT-like behavior will be written for IPv6 to support implementing transparent proxies, which do have to happen at the stack level.
Oh yea, I forgot transparent proxies. Thanks for reminding me :)
I just want the amount of NATted traffic on the Internet at large to be on the opposite end of the bell curve than it is now, since with IPv6 it will be unnecessary to "share an Internet connection" in the same way as IPv4.
What I understand is that there is not so much a problem with NAT by itself, it's that ISPs sometimes put clients behind NAT that the clients cannot control. NAT by itself can be configured however you like, especially since with IPv6 it would not have to be 1-to-many (or is it called "many-to-1"? anyway, the version with a single external IP) NAT, you can do 1-to-1 (to have constant internal IPs that do not depend on which ISP you are connected to at the moment, also to load balance between two ISPs that have assigned different IPs) or some other form.
Skype does not need to punch trough NAT if the port is forwarded, neither does P2P. Configuration will still be necessary, but instead of "forwarding a port" it will be "opening a port" on the firewall.
As for "share an Internet connection" - ISPs may try to charge the customers based on how many devices they have connected (the fact that the address space is big enough for everyone does not mean that the ISPs won't try to get a few bucks out of the customers anyway).
But a lot of protocols in use today (peer-to-peer filesharing, VOIP, VPN, etc.) have had horrible kludges built into them to ensure that they can break through NAT and still work.
Breaking trough NAT without port forwarding - sure. The only reason why the protocol might not work with NAT with port forwarding is if it for some reason does not trust the header of the packet and adds a copy of the IP address in the data section (like ftp does).
So make your router (or other box) explicitly do port forwarding and/or load-balancing; it's effectively what you're using NAT for here and would likely be more flexible.
So, I can make a packet destined to 1::2 port 80 (hmm, with IPv4 I can write 1.2.3.4:80, is some other symbol used for marking the port number? 1::2:3:4:80 could be confusing?) actually go to 1::3 port 80? Great - it means I can still publish only one IP and do the port mappings, which makes this "almost" NAT.
So, the only thing that cannot be done is rewriting the source IP field on outgoing connections (not packets, since for port forwarding to work it has to work both ways)?
It's a pretty bad scientist who makes conclusions with no experiments.
Well, IPv4 is currently working well enough for me, but i would experiment with v6 so that when I need it, I know how to use it, however, using tunnels is probably going to be a bit different than when my ISP finally offers it (from configuration standpoint). Also, since HE does not have a tunnel server in my country, the packet may end up going a longer path than needed (especially if I try to access a server that is in my country).
most Internet traffic is tunnelled at one point or another,
Yes, and those tunnels won't disappear if I start using a yet another tunnel.
Why oh why would you want NAT?
I already answered that in response to other comments about that, tldr version is that I want to be able to mask multiple computers as one and make my network a black box (nobody should know or care what is inside it to be able to communicate with it). Reasons why are in the other comments.
And why would you care that you have three IP addresses (one of which isn't even routable to the outside world)?
Because I will have to remember and manage them all (not to mention that v6 IPs are much longer and harder to remember), and it's not just 3 IPs, it's 3 IPs per computer.
What, 2^64 (1,844,674,410,000,000,000) addresses aren't enough for your personal use?
Reply:
But this only allows one network (as networks are always /64). If I want to have three networks (servers on one network, clients on another network, and my lightswitches and fridges on a third network) I will simply be able to do this.
Then what's the problem? Just divide it by some easy to remember rule and that's it (like on IPv4 I can make 192.168.0/24 as subnet 1, 192.168.1/24 as subnet 2 and so on). If it is possible to do the same thing with IPv4 then why would you need a larger address space than the minimum /64, since it is very unlikely that anybody will be able to use it all up?
That not only allows for a couple of subnets (e.g. wired, wireless, uplink, DMZ), but it also lets you use relatively dumb routers that handle subnets by cutting their address space in 2-4 pieces, and you can stack a couple of those.
Wait, so you cannot do subnets like in IPv4? You actually have to use the whole huge address space for a single subnet and if you want another one, beg the ISP to give it to you?
NAT breaks stuff right and left today, for two main reasons
- lots of protocols, including FTP and newer protocols, put the IP address inside the data packets, not just in the packet headers, and doing NAT properly requires ripping the packets apart, changing the addresses, and fixing up any checksums that got damaged in the process. It's even worse if you've got protocols that use crypto, either for information hiding or just simply for authentication. It's very hard to get them right, especially if people design protocols the firewall doesn't know about.
OK, I can just use whatever protocols that work.
- stateful NAT makes it hard to establish connections through the firewall. Sometimes this is intentional, blocking unwanted connections for security reasons, but if two people behind NAT want to communicate, neither one can talk until the other one has talked to them first. There are products like Skype that are popular because they go to a lot of trouble to work around the different broken NAT implementations out there.
If I want to I can always forward a port. Just like I am doing right now with IPv4.
The point is, I do not want NAT to be imposed on everyone. I just want the option of doing whatever I want to the packets that enter and leave my network, including changing the address fields, for whatever reason. If something does not work for me because of NAT that I myself placed there, so be it, I'll find a workaround or, if it really bugs me, stop using NAT.
If you want to offload packet inspection from your 2GHz CPU down to your 200 MHz SOC-based firewall, go ahead; about a quarter century ago, Van Jacobson figured out how to tune the BSD TCP/IP stack so you could do wire-speed file transfer on 10 Mbps Ethernets using a Sun 3/60, so you should have plenty of spare CPU horsepower left to inspect your packets.
I can use a PC with Linux (or even Windows) as a firewall or router, that's not the point. The point is that getting that 1gbps internally is quite difficult even when the CPU does not have to split each packet into 1500 byte sized parts (and even more difficult if the CPU has to inspect it first). And I'm not that guy, I won't be able to tweak Windows enough to get 1gb on software only (even without packet inspection).
There's no particularly good reason for your computer to look like a single computer to anybody outside your network, and simple address-munging isn't enough to solve the problem.
As I said in reply to another post, i might want to make example.com:80 and example.com:21 connect to different physical (or virtual) servers. Without modifying DNS and doing the whole www.example.com and ftp.example.com thing.
There is no reason not to have NAT as an option.
Some torrent trackers get your IP when you log in and later only allow connections from that IP. This practice is not very common now, everybody is using passkeys, but it still is possible to find one that tracks by IP. If my torrent PC is a separate one I may not want to open the browser in it (if it even has a browser).
Some servers track your IP when you log in. If your IP changes you might have to log in again. What if I want to be logged in from two computers?
Also, if I, say, have two servers that provide similar, but different services, I might want to make them appear as a single server that has a single DNS name. connecting to example.com at port 80 (http) would connect you to one server, but connecting to port 21 (ftp) would connect you to another server and there would be no need for www.example.com and ftp.example.com
Also, if the server fails and I have a backup one (that is not exactly the same as the primary one, maybe I have two older servers each providing a subset of the services of a newer server), I can just change the port mappings to make the backup server(s) appear like the primary one. Without NAT I can either put an identical server in place of the failed one (and assign it the same IP) or remap all DNS records (and wait for the changes to propagate) pointing to the failed server. And I don't want to have a DNS record for each service that might end up on a different IP.
Basically, I want to make my internal network a "black box" - no one should know or care what is inside it.
One reason would be that. Another could be to stay logged in to servers that track your IP.
Why do you want NAT? What does it achieve that a simple firewall does not?
Ability to mask multiple computers as one while they are all connected to the network at the same time.
Once IPv6 is live, there's only one address to worry about. The local one is not only automatically selected, it's automatically used in place of the public one when routing packets locally. You literally never have to use it yourself. Windows even randomizes this to an extent, so remembering it is fruitless.
Yes, and it will always work, I won't have to enter it ever, since my DNS server has 100% uptime. Oh, and I have no old computers and other devices (a printer for example) that do not support IPv6, so I won't have to use both protocols. /sarcasm
However, NAT would allow me to have to configure one set of addresses less than without NAT (3 sets without NAT, 2 with NAT). Also, NAT allows my network to appear as a single computer to any server outside of my network, how do I achieve that with IPv6?
NAT on IPv6 should not be that hard to do, that is, all it needs is to rewrite the source and destination IPs (and remember what the originals were), right? It's not like NAT is something very difficult and resource consuming to do.
As for security, yes, I can just block all incoming connections in a firewall and get the same effect as NAT, at least as far as the incoming connections are concerned.
every modern OS comes with a firewall built in ...
... that makes the computer not use the offload (primarily Segmentation Offload) capabilities of the network card, reducing the LAN bandwidth and increasing the CPU usage. Some other firewalls process every single packet, making the network even slower and CPU usage even higher.
Yea, I'm waiting for my ISP to offer it too, so I can start experimenting with it. I won't use any of the tunneling services because I have a fast connection, so routing the packets trough a longer path than necessary (and this is what would hapen if my Pc decided to use IPv6 instead of v4 to connect to a server that supports both) will reduce my bandwidth, also, I doubt that any of those tunneling services would offer me 80mbps up/down for free.
Also, my ISP said that they will not be taking the public v4 addresses away, so that's good news too.
in addition, the fact that my computers will have at least 3 IP addresses (one v4, one v6 internal, one v6 external) is not a very appealing thought, I'd rather have NAT for v6 too, but AFAIK nobody offers it, yet.
Also, whenever I want to go somewhere and plan a route on my phone (or PC, to later transfer it to my phone) I always check the route that the program produced, mainly because it sometimes makes some choices that are OK, but I would like it different, for example - I prefer wider roads, but I would not want to drive 50km more just to avoid a narrow paved road or a small town, also, I would rather drive a bit more and go around a bigger city rather than go trough it, especially if my destination is on the edge of the city. So, I check the route and adjust it if I think I can do better.
cavemen didn't settle for taking a dump on a wall, sticking a leaf on top, and being satisfied that said configuration designated "auroch."
Even if they did, such marking would not have survived until it was found by archeologists, so we wouldn't know. Maybe they did.
I use Garmin Mobile XT on my phone, in addition to Google Maps. Google Maps does not have voice instructions (and when I'm driving, I like to look at the road, not my phone) nor it rotates the map so "up" is whatever direction I am going (instead of north), though maybe it is different in a new version, I have to go and check :). Garmin, on the other hand, is a bit slow in map mode (when I want to find something), so I use it when I'm driving (since the voice instructions and the 3D view work fine), but I use Google Maps when I want to find some place on the map. When I actually want to go there, I start Garmin.
Most of the time I can drive by the voice instructions alone, but sometimes I have to look at the screen to see which way the device wants me to go.
After all, it is not like iPhones *couldn't* support WebM.
Current ones probably can't support it because video decoding is done in hardware and AFAIK there is no hardware decoder for WebM yet.
But, realistically, where are these customers going to go?
Some other site - blip or something else.
I suppose that it is possible that some other video site might use this as an opportunity to usurp Youtube's position, but I see that as a long shot. Besides, unless the video site is run by an MPEG-LA member the new site is also going to be inclined to follow Google's lead on WebM.
Not necessarily - if the site adopts WebM as fast as Youtube does, they will always be smaller than Youtube (well, they couldn't overtake Youtube before WebM, they probably won't do it later too), however, using a codec that Apple products support would increase their user count after Youtube makes itself incompatible.
Obviously Apple wants to keep you happy enough so that you would consider buying from them again, but Google is actively trying to change the game so that you don't buy from Apple again. Google wants to do to Apple on the phone what Microsoft did to Apple on the PC. Making the iPhone feel like a special island of incompatibility is part of that strategy.
It will be interesting to see how this plays out - after all, Apple's products are too expensive even now, yet people are buying them, especially the iPods/Pads/Phones.
I certainly agree that 720EUR is a lot of money. I can see why you are upset. I am sure that, when you bought it, you did not envision that it would become less useful with time either.
Well, when I bought it, I understood that it will be less useful than newer phones (that were not yet released), however, I still can watch Youtube videos because my phone has a h264 (and DivX) decoders (it needs .mp4 container though, but is otherwise compatible with the iPod video format (older version, well, my phone was made in 2006). Now that Youtube (and others) want to change he codec to some other one that is not that different (and is the same to me - no software patents in my country) for some reason that only a few end users would care about, it kinda bugs me.
If anything, however, that just goes to show why a truly open codec for web video is so important. No one worries that HTML, HTTP, or any of the other web standards are going to disappear any time soon.
I also do not worry that h264 or mp3 are going to disappear soon. Even though there are better codecs than mp3 (higher quality for the same bitrate), mp3 is still extremely popular. h264 is part of a lot of devices, digital TV and Bluray, so it won't disappear any time soon too.
OTOH, I hope that CoreCodec releases a CoreWebM decoder, I use CoreAVC to play 1080p files because CoreAVC manages to use my CPUs (2 sockets with dual core CPUs) better.
The reason for this is simple. These standards, and many of them are just de-facto standards, are both open and not patent encumbered. Anyone can implement these standards without having to pay money, and so they are widely supported.
MP3, DivX, MPEG2 are also widely supported.
Ok,so they ban games for other reasons too. However, I still think that this law (the one in the article) is not bad at all - now parents will have more options than either allow the kid to play the game without restrictions or forbid it completely (using content filtering and so on).
As for H.264 being better, well, that's probably true, but the difference is slight, at best.
Anime fansubbers can do whatever at it isn't going to matter. TV show rippers are as likely to follow Google's lead as anything else.
AFAIK, it is very hard to do a good encode. The encoders (people) know how to make x264 do what they want and if they move to a different format, they will have to learn it again, just like they did when they moved from DivX to h264. However, h264 haas advantages over DivX, that it, it has better video quality for the same file size (or smaller file size for the same quality). WebM is "the same" at best, so, no point in switching.
As soon as their is hardware support for WebM, it is likely to get the nod.
Again, unlikely. Fansubers still release videos in divx (not all of them though) for those with crappy PCs or with hardware players that do not support h264. If they start using WebM, they will have to do 3 encodes - DivX (for those with crappy PCs and old players), h264 (for those with newer players also iPods and such) and WebM (for ... those who do not like h264).
So, web video will use one codec, downloadable video will use another. Old devices will not support the newer codec. And I thought that I won't need to do transcoding anymore.
Of course, the funniest thing that could happen is, after WebM is accepted almost everywhere, some patent holder finds out that the codec infringes on one (or more) of his patents and sues everybody (including end users) to get some cash. Now THAT would be fun.
See, the thing is, I do not care is some standard is abandoned and a new, better one is used. h264 is better than divx, because it allows for smaller file sizes and that is very important for HD. And everyone benefits from smaller files. However, WebM has no advantage for the vast majority of people, but it has disadvantages - the need to transcode online video (if your current library is in h264), the fact that older devices will not support it (and will need another transcode).
On the bright side, if you really care about this issue you can always build your own Chrome or Firefox browser with H.264 support. You have the source, after all.
I don't need it. I can modify software written in C/C++ by using a hex editor on the binary just as well, though I think it would be actually easier, since FF needs so much crap installed just to open/modify the source, not to mention that it is not compatible with Windows XP SP3, wtf?
An iPod is considerably less useful if it doesn't work with Youtube.
And Youtube is considerably less useful if it does not work on iPod. If/when Google drops h264 support from Youtube, we'll see if it's the iPod or the Youtube that suffers. Since a lot of people paid money for their iPods (and similar devices), also some of them would not buy a non-Apple phone, I think that they will move to another video site rather than buying another very expensive device.
Now, if they didn't have the devices already, then they would choose a device that (probably) works with Youtube, but as they have the devices now, it's going to be different. For example, in 2006, I paid ~720EUR for my cell phone, new phones (that I would want - that is, a phone must have a keypad with not-too-small buttons, preferably made by Nokia) cost about the same. 700EUR is a lot of money, the other phone must be that much better to convince me to part with another 700 Euros, since I already have a phone.
From TFA:
His next thought was utterly predictable: "I remember thinking, I'm gonna be rich! I'm gonna plunder the lottery!" he says. However, these grandiose dreams soon gave way to more practical concerns. "Once I worked out how much money I could make if this was my full-time job, I got a lot less excited," Srivastava says. "I'd have to travel from store to store and spend 45 seconds cracking each card. I estimated that I could expect to make about $600 a day. That's not bad. But to be honest, I make more as a consultant, and I find consulting to be a lot more interesting than scratch lottery tickets."
So, for him, the lottery was not profitable and interesting enough.
With Google backing WebM in a two years WebM is going to be ubiquitous on devices, and then your stated problems with the format disappear.
We'll see. DVB-T will still use h.264 (or MPEG2, depending on the country) though. Old devices still won't be able to play the new codec. Anime fansubbers and TV show rippers will still most likely use h264 since it is better.