Slashdot Mirror


User: mark-t

mark-t's activity in the archive.

Stories
0
Comments
15,598
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 15,598

  1. Re:First world problems... on EFF: T-Mobile "Binge On" Is Just Throttling of All Data (eff.org) · · Score: 2

    This is why I've always preferred the term "unmetered" to "unlimited", where the notion of unmetered does not necessarily mean no records of usage are kept at all (although it may, and certainly that it what the term might literally imply), but that any records which *MIGHT* be kept are not generally used to change any aspect of the terms of service for the customer, so that the end result for the consumer for the most part is as if their usage were literally unmetered.

  2. Re:Analysis of Star Wars: The Force Awakens on What the Future Fiction of 2015 Revealed About Humans Today (vice.com) · · Score: 1

    I'm not sure why Star Wars was even in the article.... I thought this was about *future* fiction. Star Wars is a story that takes place "a long time ago".

  3. Re:what on IPv6 Turns 20, Reaches 10 Percent Deployment (arstechnica.com) · · Score: 1

    You assume that NAT's sole purpose is to deal with address scarcity. That is only one of its purposes... maybe the only one that is important to yourself, and perhaps the only one that matters to a great many people, but not necessarily the only one that may be important to everybody.

    ...you can have a firewall that issues a drop instruction for any inbound packets, while letting through outbound packets.

    That only does half of what NAT does... while it might be the only part that matters to you, and it's probably the most important part for many, but the other part of NAT is that it also acts as a layer-3 transparent proxy between the devices you place behind it and the outside world, so that there is absolutely no mapping between any IP address that the outside world might perceive from a connection of yours and any particular IP addresses within it other than that of your NAT device itself. Of course, you can use a firewall combined with a layer-3 transparent proxy if you want and get absolutely everything that NAT does, but at that point you might as well just be using NAT anyways. While many see the fact that NAT breaks end-to-end connectivity as its biggest flaw, it is hardly inconceivable that it might be desired for people who neither need such connectivity or would be able to adequately cope with the responsibilities that might come with such connectivity if they had it. A drop-all-incoming connections rule on a a firewall might cover most of the cases you need to worry about, but without the addition of a layer-3 transparent proxy, a firewall isn't doing what a NAT does. Don't pretend that it is.

    The biggest problem with NAT is not that it breaks the Internet, it is that in consumer devices it is generally an all-or-nothing proposition, and generally not very configurable. The ever-present issue of IPv4 address scarcity is probably what keeps the demand for any additional flexibility very low, because most people would simply not be able to utilize it if they had it. Because there is no lack of IP addresses in IPv6, I do not anticipate the same inflexibility to continue to apply in that domain.

  4. Re:what on IPv6 Turns 20, Reaches 10 Percent Deployment (arstechnica.com) · · Score: 1

    The point of NAT is not only to be unplugged from the internet, but to still be able to use the internet for outgoing connections while remaining so unplugged.

  5. Re:what on IPv6 Turns 20, Reaches 10 Percent Deployment (arstechnica.com) · · Score: 1

    NAT also breaks end-to-end connectivity, which is where all of the safety that it does have actually comes from. While breaking such connectivity is generally an undesirable thing (and the very reason that NAT is often loathed by IPv6 advocates), it is not unimaginable that there may be circumstances in which it is desired, and a firewall, by itself, cannot do that.

    Of course, there are any number of ways to break end-to-end connectivity too... and you can couple such a system with a firewall to accomplish that. A layer-3 transparent proxy would be the most seamless way to achieve that, although if you are doing that, you might as well just be using NAT anyways. The biggest problem with NAT is not that it breaks the Internet, it's that it's almost always an all-or-nothing proposition, and usually not very configurable.

    So please don't pretend that a firewall that simply rejects all incoming connections will do everything for everybody that a NAT would. It won't.

  6. Re:You need NAT in ipv6 on IPv6 Turns 20, Reaches 10 Percent Deployment (arstechnica.com) · · Score: 1

    There is absolutely nothing that NAT achieves which cannot be functionally reproduced with a combination of a firewall and a layer 3 transparent proxy.

  7. Re:IPv6 addresses unfriendly on IPv6 Turns 20, Reaches 10 Percent Deployment (arstechnica.com) · · Score: 1

    Yes.

    When the first 8 bits of the ipv6 subnet are 0xfd, it is considered a private subnet.

  8. Re:NAT is my antivirus on IPv6 Turns 20, Reaches 10 Percent Deployment (arstechnica.com) · · Score: 1

    If all you're using is NAT then someone can bypass your NAT by simply adding a static route for your internal network pointing at your address

    Wouldn't they need to *KNOW* the address to accomplish this? Granted, they might be able to make an educated guess about the class of network, but they could still have a heckuva lot of IP's to choose from.

    Also, wouldn't the router need to know how to deliver packets inside the network that you want to manually route from outside and be configured to do so?

  9. Re:what on IPv6 Turns 20, Reaches 10 Percent Deployment (arstechnica.com) · · Score: 1

    There is a vocal group that seems absolutely fearful of the idea of NAT being as common with IPv6 as it is with IPv4

    Is this fear particularly justified with IPv6? With IPv4, the sheer lack of address space makes it virtually essential. Since there is an abundance of available addresses in IPv6, it seems more likely to me that something like NAT would only be used when the specific characteristics that NAT offers might be desired, that cannot generally be achieved by a firewall alone, specifically, the way NAT discards end-to-end connectivity.

    Under normal circumstances, disregarding such connectivity is undesirable, but it is not remotely inconceivable that some users may expressly want it for at least some subset of the connected devices on their network, while still maintaining seamless outgoing connectivity.

    I don't imagine NAT has any danger of becoming so pervasive as to affect end-to-end connectivity for the people that desire it, so I imagine concerns about IPv6 NAT are unwarranted in that respect.

  10. Re:what on IPv6 Turns 20, Reaches 10 Percent Deployment (arstechnica.com) · · Score: 1

    What? If you want the same 'security' as NAT, can't you just set the firewall to reject all incoming connections?

    It's not quite the same thing... NAT also breaks end-to-end connectivity even on outgoing connections, while a firewall does not. While generally breaking such connectivity is not a desirable thing, it is not unimaginable that there may be circumstances where this might be actively desired in some situations.

    Ideally such, end-to-end connectivity should be selectable per NIC in an IPv6 network.

  11. Re:Attack vector? on First Node.js-Powered Ransomware Discovered (softpedia.com) · · Score: 1

    My point is that as a trojan, the end user still needs to explicitly launch the executable... so the only techniques that will work to propogate it are the same ones as what are used to propogate any trojan. The overall experience of using the web is not altered by this as it would be if the exploit were runnable inside of a browser window.

  12. Am I the only one.... on Haptic Glove Lets You Feel Distant Objects Underwater (discovery.com) · · Score: 1

    ... to think of rule 34 when I read this?

  13. Re:If you say your Christian, you are Christian... on When Hacking Vigilantism Infringes On Free Speech (betanews.com) · · Score: 0

    No, they do not.

    Unless you allege that not everyone who calls themselves christian actually *IS* one.

  14. Re:Attack vector? on First Node.js-Powered Ransomware Discovered (softpedia.com) · · Score: 1

    That's not a javascript limitation, that's a limitation imposed by the web browser. To my understanding, NW.js gives access to node.js from inside DOM, and has nothing to do with the OS's filesystem. To my understanding, the node.js filesystem api is for accessing permanent storage, and has about as much to do with the real filesystem as ~/.wine/drive_c has to do with the native file system.

  15. Re:Pure HTML on First Node.js-Powered Ransomware Discovered (softpedia.com) · · Score: 1

    Where did you see that it ever claimed to work inside of web browser?

  16. Re:Attack vector? on First Node.js-Powered Ransomware Discovered (softpedia.com) · · Score: 1

    So... trojan?

  17. Re:Attack vector? on First Node.js-Powered Ransomware Discovered (softpedia.com) · · Score: 1

    The javascript that executes inside a mail reader can't see the filesystem either.

  18. Attack vector? on First Node.js-Powered Ransomware Discovered (softpedia.com) · · Score: 3, Interesting

    Specifically, what is the actual attack vector for this? All it seems like to me is that they've made a cross-platform trojan.... one that still needs to be explicitly executed by the end user. since the only self-executing js that I know of is within a web browser, and the javascript running inside of that can't even see the local filesystem, can it?

  19. Similar happened with my son and grandson on Kid Racks Up $5,900 Bill Playing Jurassic World On Dad's iPad (pcmag.com) · · Score: 2

    My eldest son recently got a paid xbox live account, and his son racked up about a thousand bucks of charges in one day before my son even had a chance to set up the parental locks on the device.

    He got a refund after telling them what had happened... it was still was a bit an eye-opener for him though. Really, I think that the biggest reason that things like this happen is because while it is obvious to the parent that it costs real money, it might not as obvious to the child, and it also may not be obvious that permission was even needed unless this is explicitly clarified ahead of time.

  20. Within a human lifetime? Sure.... on The Three Possible Classes of Interstellar Travel (forbes.com) · · Score: 1

    .... if one is travelling sufficiently close to the speed of light, time dilation can make a trip that would take many thousands of years only seem to take a tiny fraction of that for those on board the space craft.

    And with the quantum vacuum thrust engine, which would not require the mass of any fuel to be brought on board, the kind of lengthy accelleration times involved to get up to such speeds should be entirely feasible.

  21. Re:Therefore.. on Majority of Americans OK With Warrantless Internet Surveillance (ap.org) · · Score: 1

    "If you have nothing to hide you have nothing to worry about."

    I find it interesting that this statement is actually entirely true, but only by virtue of a false hypothesis.

    Because of course, everyone has something to hide, but not because they have necessarily done anything wrong, rather because some things are simply private.

    After all, most people where clothes in public, but this is not because there is anything necessarily wrong with their body.

    My point being that something does not have to be necessarily bad or wrong to merit being hidden from others.

  22. Re:The Repukians hate this... on The Power of Crowds and "Human Computation" (vice.com) · · Score: 1

    Why do you want to?

    Because it I have found that it is often the case that A.C.s can make insightful or interesting posts as well, and I do not generally want to exclude them, particularly if I have mod points. Although lengthy discussions like what was spawned by the parent of my earlier post are doing a damn good job of convincing me to not be bothered.

  23. Re:The Repukians hate this... on The Power of Crowds and "Human Computation" (vice.com) · · Score: 2

    Why the goddamn fuck does practically every goddamn fucking slashdot story lately have to have some goddam fucking lengthty discussion started by some A.C that insisting on spouting some goddamn fucking political non-sequitor into every goddamn single fucking discussion that starts out having absolutely nothing to do with *ANY* political agenda? And why are none these posts and followups not modded as OT? Heck, I expect that *THIS* post will be modded OT.

    Posts like what follows from the parent of this are a good reason to never browse Slashdot at 0.

  24. Ineffective, and hugely invasive. on Tech Companies Face Criminal Charges If They Notify Users of UK Government Spying (techspot.com) · · Score: 1

    It is pretty clear to me that the government simply wants to watch anybody, at any time, and for any reason that it arbitrarily chooses, without having any accountability to anyone.

    Clearly, if one feels they have any reason to even *suspect* that they are being monitored, then they might as well consider that as a sufficient basis to carry on their actions as if they actually *were* being monitored, which effectively amounts to doing what they would do if they had actually been alerted they were being monitored anyways.

    The only way this isn't true is if the government's actual intent behind the law prohibiting notification is if they simply want monitor individuals who have not ever done anything wrong, and would not have had any reason to suspect they were being monitored.

    Thus, this law is clearly being put in place to eavesdrop on innocent communications, not those of people who are breaking the law. It seems incontrovertible.

  25. Not quite.... since a warrant canary requires that it be triggered by the warrant itself, where what I am suggesting only involves telling them only what the person is directly permitted to know, perhaps only in direct response to a customer inquiry, unless the law explicitly requires either the company to say an outright falsehood to any monitored customer who asks, or be evasive with any non-targeted customer who does so.