Slashdot Mirror


User: smash

smash's activity in the archive.

Stories
0
Comments
7,084
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,084

  1. Re:How long will IPv6 last? on Military Pressuring Vendors On IPv6 · · Score: 1

    Your mother can be protected by 2 lines of firewall script (allow incoming for established, deny all incoming otherwise). WITHOUT having the brain damage of NAT imposed for everything/everybody else.

  2. Re:How long will IPv6 last? on Military Pressuring Vendors On IPv6 · · Score: 1

    uh... simpler = more complex. need to preview.

  3. Re:How long will IPv6 last? on Military Pressuring Vendors On IPv6 · · Score: 1

    As opposed to "it just works" in both cases.

  4. Re:How long will IPv6 last? on Military Pressuring Vendors On IPv6 · · Score: 1
    Um... excuse me....

    How is 2 lines of firewall script (allow incoming for established connections, deny everything else incoming) more complicated than understanding nat translation and why various applications break because of it?

    How is it simpler than explaining that your employees can't VPN in to work because they happen to run the same IP address range as your company?

    How is it simpler than explaining that your employee can't VPN in from his phone because his telco gave him the same private-ip subnet as your corporate network?

  5. Re:How long will IPv6 last? on Military Pressuring Vendors On IPv6 · · Score: 1

    Unless they're like, 1 atom in size, we still have enough IPs.

  6. Re:How long will IPv6 last? on Military Pressuring Vendors On IPv6 · · Score: 1

    I'm not entirely sure you understand just how big the ipv6 address space is. I'm also not entirely sure you have dealt with large scale nat related problems before.

    Exhibit A: you are the admin of a 5,000 host multi-site network, with 100 computers per site. You are running an IP range of 10.1.y.z where Y is a unique site number and z is the host part. You want to join networks (company merger) with another company that is also running 10.1.z.y. You have overlapping IP ranges.

    Who re-addresses their network, and where does the budget (time/money) come from to do this?

    Exhibit B. You have a similar situation to the above, with peeps from company A wanting to VPN into company B (contractors, for example). Both run the same internal IP range. It doesn't work.

  7. Re:How long will IPv6 last? on Military Pressuring Vendors On IPv6 · · Score: 1

    This is why you have internet facing DNS, and internal DNS severs.

  8. Re:How long will IPv6 last? on Military Pressuring Vendors On IPv6 · · Score: 1

    Local addresses. If you really wanted to you could continue to run IPV4 internally, and run all services via an IPV4-IPV6 translator.

    But you'd have to be pretty masochistic...

  9. Re:IPv6 is a Failure on Military Pressuring Vendors On IPv6 · · Score: 1

    You're replacing the work of rolling out IPv6 alongside existing IPv4 with brainless NAT on NAT hackery to try and make things work.

    And eventually we run out of NAT because the translation tables get too big/run out of ports and then we're fucked.

    IPv4 needs to be phased out, this bullshit with NAT is only going to delay the inevitable and make a BIGGER problem for us to untangle in the future.

    IPv6 gives us a nice clean, flat network that will work as the internet was originally intended. Further NAT bastardization won't.

  10. Re:How long will IPv6 last? on Military Pressuring Vendors On IPv6 · · Score: 1

    Um. replace ip with TCP in the first line...

  11. Re:How long will IPv6 last? on Military Pressuring Vendors On IPv6 · · Score: 1

    Here here. Those who suggest NAT as a security measure simply do not understand stateful firewalling.

    All the brain damage of NAT is avoided by

    ip access list extended internet-in
    permit ip any [your subnet] established
    deny ip any [your subnet]

    Done. Apply that to your incoming interface and you have the same level of security (or better) as NAT.

  12. Re:How long will IPv6 last? on Military Pressuring Vendors On IPv6 · · Score: 2

    Sorry can you please post the size of the ipv6 pool in something people can relate to, such as libraries of congress?

  13. Re:How long will IPv6 last? on Military Pressuring Vendors On IPv6 · · Score: 2

    We can simply start using NAT... :D

  14. Re:How long will IPv6 last? on Military Pressuring Vendors On IPv6 · · Score: 1

    ALSO, there are only 3 NAT ranges.

    Try this sort of thing for why NAT in IPv4 is completely brain damaged (and un-necessary in IPv6):

    • Establish a VPN connection from a network that is NATed with the same IP range as the network you are attempting to VPN into
    • Join two corporate networks (as in company merger, joint venture, etc) that are using the same internal IP address range (typically 10/8)

    Hint: it doesn't fucking work. In IPv6 you get local addresses that are pretty much guaranteed to be globally unique.

  15. Re:How long will IPv6 last? on Military Pressuring Vendors On IPv6 · · Score: 1

    You've heard of firewalls, yes?

    Its not like scanning an entire /64 or /48 of an organization's IP address space for open ports is a feasible thing.

    And yes, learn DNS. The "hobbled together" nature of IPv6 addressing is necessary to get the required address-space. There is zero reason to be remembering ip addresses of all your gear if you have a working DNS infrastructure.

  16. Re:It's just revenge! on Intel's Sandy Bridge Processor Has a Kill Switch · · Score: 1

    Its a deterrent. If the machine is not going to work or be worth anything shortly after theft, then why would you risk stealing it in the first place (other than for data, which can already be remotely wiped or have the disk encrypted on OS install)

  17. Re:Won't keep your data out of 'enemy' hands on Intel's Sandy Bridge Processor Has a Kill Switch · · Score: 1

    You can already remotely wipe/disable. You can already use encryption on the disk to prevent unauthorised access if you desire. The kill switch is just the last component required to make a stolen machine totally worthless.

  18. Re:What? No conspiracy theories? on Intel's Sandy Bridge Processor Has a Kill Switch · · Score: 1

    Microsoft wouldn't do that. An no, not because they're nice guys.

    If your machine dies, you aren't a potential software customer. You aren't learning their software. More useful to them is to spam you with nagware to get you to buy, but even if you don't, you're helping the monopoly by simply being an end user, legal or not.

    If microsoft were to actually KILL all machines out there running pirate windows, their market share would disappear overnight.

    Not to mention the legal ramifications of getting it wrong and killing a legit machine.

  19. Re:HD != CPU on Intel's Sandy Bridge Processor Has a Kill Switch · · Score: 1

    This is why you wipe the machine via remote management before triggering the kill switch.

  20. Re:Hasty Assembly Permit on Today's WikiLeaks News · · Score: 1

    Australia has no free speech laws. And given the death of habeas corpus in the US recently, neither does the US. Oh sure it may say so in your constitution, but now you can also be arrested and indefinitely detained with no charges and no lawyer due to the military commisions act.

  21. Re:cracked? on ChromeOS Laptop-Smashing Ad Equation Solved · · Score: 3, Insightful

    OK let me spell it out for you. The guy watched the ad and paid attention. Enough to actually go through and work out the easter egg. Google wants to encourage people to watch, and pay attention to their ads.

  22. Re:cracked? on ChromeOS Laptop-Smashing Ad Equation Solved · · Score: 4, Insightful

    Did you think to go do the effort to solve the problem before realising what the consequences of doing so may be? The fact that someone bothered to go to the effort when seeing it on the ad is "worth" just as much, if not more than the actual ability to solve it.

    It shows that they're a person who is willing/eager to work on problems "just because" (they have an active mind) rather than being forced to by an employer or similar.

  23. Re:Makes the rest of us suffer... on IT Worker's Revenge Lands Her In Jail · · Score: 2

    They should perhaps HAVE access to the root / admin passwords.

    They should not be using them however.

    There is a difference (and any competent PHB knows this). Having the password(s)/keys/etc in an envelope locked away in a physical safe for use in emergency (possibly by a contractor when in-house IT go awol, die, etc) is just good business sense.

  24. Re:I'm glad I went back to Fedora earlier this yea on Preview of Ubuntu's Unity Interface · · Score: 1

    RDP may be a "lame kludge" but in my experience works faster/better over shitty wan links than X11.

  25. Re:I'm glad I went back to Fedora earlier this yea on Preview of Ubuntu's Unity Interface · · Score: 1

    Huzzah, someone actually gets it.