I've yet to find anything "you simply can't do" in C, as this would imply it's not possible in any language.
A common mistake. C is not assembler. Obvious things not possible in C but very possible in assembler: Function calls using a different ABI, most types of garbage collection memory allocation strategies, automatic stack descriptors for use by said garbage collectors and some exception handler schemes and probably loads of other stuff I just haven't run into yet.
Also C is pretty bad for optimizing compared to other languages. This is due to the fact a pointer can do just about anything, which takes away guarantees other languages would be able to provide to the optimizer. C might be better at _manual_ optimizing than most other languages except assembler.
The proper term for a/64 is a link. Since there are 128 bits in an address, using the first 64 bits to specify a link leaves the remaining 64 for the host part. For a host all the bits are fixed, so it is a/128.
Example: The localhost is::1/128
baldur@pkunk:~$ ip -6 addr show dev lo 1: lo: mtu 16436
inet6::1/128 scope host
valid_lft forever preferred_lft forever
I think you are just confusing terms a little. HE will assign you a/48 prefix. This prefix has space for 65536 links of size/64 each. Each link has space for 2^64 hosts, but that is not why we write the address as/64. The number after the slash is the number of bits in the prefix, not the number of bits in the host part of the address.
For example, some people like to use/127 for point to point links. This means the first 127 bits are prefix and only 1 bit is host, leaving space for only two hosts. One for each end.
Done ranting. All I wanted to say was:/80 is completely non-standard. It is not the usual size for anything, that be subnet, prefix, links, hosts, or whatever other name you might call something.
It is one of the worse transition methods in my opinion. DNS64 is stateless but is not compatible with DNSSEC. NAT64 is stateful and just another Large Scale Nat solution (ISP-NAT).
The better method is dual stack. When the ISP is no longer able to provide sufficient IPv4 addresses they should using DS-lite with A+P: http://tools.ietf.org/html/rfc6346
DS-lite is really just a tunnel technology. The ISP has box somewhere with an IPv4 address. When this box receives a IPv4 packet with destination-port between 1000 and 2000 it knows that it has to forward the packet to customer 1. If the port is between 2000 and 3000 it goes to customer 2. Port 3000-4000 to customer 3 and so on. The port ranges are fixed at configuration by the ISP (not dynamic).
The CPE at customer 1 knows that ports 1000 to 2000 is allocated to it. It does normal NAT but restricted to that port range.
This allows the ISP to share one IP-address between multiple customers. The ISP box is completely stateless and therefore fast. They can probably get this as an extension to their backbone Cisco switches.
The tunnel is just a normal IPv4 within IPv6 packet style tunnel. This existed already before DS-lite was invented. DS-lite brings "select tunnel end-point based on port-range" and "let the CPE handle the actual NAT which is memory and processor intensive". And finally DS-lite defines some DHCPv6 options to tell the CPE about all this.
You have clearly not tried carry grade NAT. These things are overloaded and slow. You would do well to convert your servers to IPv6 if you want to offer the best experience to your users.
There have been some improvements. IPv6 is not just IPv4 with longer addresses. You are stuck in IPv4 think - in the IPv6 world your computers will take a maximum of 30 seconds to discover a prefix change. Yes IPv6 has buildin route-verification. It is not just left to chance or to a timeout of the DHCP-lease. The computers are actively monitoring the router and if it fails the computers will go hunt for a new one with possibly a new prefix.
Your router is also monitoring the ISP the same way. It will not "forget" to do the prefix change.
All this is verified by independent testing centers for the IPv6 gold certification program. You can expect your equipment to actually do the right thing.
baldur@pkunk:~$ ping6 -c1::1 PING::1(::1) 56 data bytes 64 bytes from::1: icmp_seq=1 ttl=64 time=0.042 ms
---::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.042/0.042/0.042/0.000 ms
# ping6 does not understand IPv4 baldur@pkunk:~$ ping -c1 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_req=1 ttl=64 time=0.083 ms
--- 127.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.083/0.083/0.083/0.000 ms
It is ping and traceroute that are the odd ducks. Most of the unix commands have a -4/-6 switch: telnet, ssh, mtr and so on.
It is quite annoying actually. I can ssh any domain and it will automatically work no matter if that domain has a A or AAAA record. But to ping the same domain I suddenly need to know.
This example is quite obvious but it might not be in a few years when IPv6 only sites are common:
# this works baldur@pkunk:~$ ping6 -c1 ipv6.google.com PING ipv6.google.com(fra07s07-in-x67.1e100.net) 56 data bytes 64 bytes from fra07s07-in-x67.1e100.net: icmp_seq=1 ttl=49 time=43.4 ms
--- ipv6.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 43.449/43.449/43.449/0.000 ms
# curl automatically does the right thing: baldur@pkunk:~$ curl -v http://ipv6.google.com/ * About to connect() to ipv6.google.com port 80 (#0) * Trying 2a00:1450:4001:c01::67... connected * Connected to ipv6.google.com (2a00:1450:4001:c01::67) port 80 (#0)...
Then realize that Windows clients default to link-local addresses
No Windows does not default to link-local addresses. Windows will _never_ use a link local address for accessing an internet site. No IPv6 enabled device would. If you actually read and understood that Wikipedia page, you would know why too.
How about XP clients not supporting DNS on v6?
XP clients has the needed support for DNS. Nobody would be crazy enough to deploy a pure v6 only network with XP clients on it. No home router on the marked operates in this mode. The XP clients will continue to lookup AAAA records using v4 and this works just fine.
It's not simple and it won't be simple in the near term for anyone who doesn't do this for a living
I think the difference between me and you might be that I have actually deployed an IPv6 network to customers on a large network. There are zero problems. It just works. And yes, for windows clients too.
And when you are done reading it, you will realize that nothing in there was something you actually need to know.
Deploying IPv6 is dead simple. Really.
Having every subnet to be/64 means people will not need to understand concepts such as netmask.
Having automatic default routes means people will not need to understand routing even when configuring addresses manually.
Having no NAT means people will not need to understand NAT. Yes really. NAT is a complicated subject for the average user.
In general it can be said that deploying IPv6 is so easy, that will happen automatically as soon as your ISP provides it. Your IPv6 ready router will pick it up and so will your computer.
Stupid too. So you got your splendid IPv4 address but need to talk to your European IPv6 friend? Guess what, you are out of luck!
When do people learn that as anyone is out we are effectively all out?
Oh it might yet only be a few Chinese dudes that we do not like that much anyway. But soon enough it will be Europe. I know Americans like to think that USA is the whole world, but in fact there is a reason they call USA+Europe+others "the western world".
There will probably always be v4 addresses for servers to go around. The first to go will be end users.
So what if some European pal is on an v6 only network? Surely his ISP has enabled some sort of NAT that allows him to access your old v4 site? Yes of course they have. But let me say from experience: Said ISP also undersized that NAT device, so it will be overloaded, slow and unstable. We have yet to see how easy DOS attacks on carrier NAT really is.
If you do _any_ business outside USA, and if you are an enterprise of any size of consequence you do, the message is very clear: Very soon a big chunk of your business will have a bad experience if you are not IPv6 ready.
As for end users, we also need to get on the bandwagon. The only way to do peer to peer communication with the increasing number of v6-only people is by having an v6 address yourself. Soon you will only get the full utility out of programs like Bittorrent if you got dual stack. It does not matter were in the world you live, some of your peers are going to be in those regions that are out of v4 addresses.
If you are a lazy enterprise, you can buy a NAT64 box and put in front of your servers. It is a one step solution to exposing your services on the IPv6 network.
And for the employees, well what are they doing browsing the net during working hours anyway? Plus, you probably have them using a proxy server already (so you can filter dangerous non-work related pages) and said proxy server will work as a translation technology. Only the proxy server needs an IPv6 address.
Lazy enterprises can get away without implementing IPv6 for almost forever. Just like they did with IE5.
HP did a quick one. We got a ton of IPv6 enabled HP 2910al HP layer 3 gigabit switches. Did I say layer 3? What I meant was layer 3 IPv4 and managed layer 2 IPv6 switches.
Yes, HP apparently figured the switch would qualify for all those government deals that mandates IPv6 support. I bet they were right. But the switches are just some very expensive managed switches for any IPv6 work. No support for routing IPv6 nor any other useful IPv6 support. But you _can_ telnet, ssh, SNMP etc to them using IPv6. The switch can be assigned an IPv6 address. So this qualifies for an IPv6 gold logo. They just do not advertise very loud that it is a logo for a "client"-device.
So does HP suck? Not especially so. It is the whole industry pulling this stunt.
There is no such thing as the last IP. You can always take one from another customer that pays less. What, you thought that address you paid extra for was yours to keep for ever? Not so.
In some cases the address space is actually yours to keep. But even then, there will be a price where you will choose to sell it. And if not you, then someone else.
*Any* solution will not get around pulling out the hard drive, swapping its controller, and running forensics - but if the key/algorithm is sufficiently strong it would take them a while
That is why part of the key needs to be stored in the controller (or any other external to the actual disk). Store part of the key in a tamper resistant chip. If the chip is lost, or if the chip activates its self destruct protocols, the actual 256 bit AES key is lost for ever.
If you are suggesting that they might try to brute force data encrypted with something like 256 bit AES (or even 128 bit) - well that wont be any of your concern. You will be long gone before they succeed in that. No matter who "they" are.
You need to understand the coupling between "autoconf" also called SLAAC (stateless address autoconfiguration) and DHCPv6. SLAAC is used when the network has active routers with a RA daemon but no DHCPv6 server. The RA daemon is nothing but a router announcing its presence and the subnet it will route. Any extra information is retrieved from a possibly stateless and possibly non-local DHCPv6 server by multicast.
The idea is that RA gives you enough information to communicate with the DHCPv6 server. It is not intended to be a replacement for DHCPv6. In fact it is a required part of DHCPv6.
Someone figured that it would be possible to do entirely without DHCPv6 so they allocated one bit in the RA response for that case. Of course that is not so useful if you need information such as DNS.
Later DNS information was added to the RA response. Not all clients supports this however, so it is still recommended to run a (stateless) DHCPv6 server to provide that information.
It should be trivial to implement a stateless DHCPv6 server along your RA daemon so I am not sure why everyone makes this a problem.
You are proof that the judge is wrong. Either that, or you are not a "reasonable person". Because he said that Top Gear did lie but noone reasonable would believe what they said as true...
Re:haskell for the masses? sure, but only...
on
OCaml For the Masses
·
· Score: 1
I get monads. But Prolog? I never learned to do more than asking what color is the ball in the third hut? Can you actually make real programs with that?
Slashdot Mirror
I've yet to find anything "you simply can't do" in C, as this would imply it's not possible in any language.
A common mistake. C is not assembler. Obvious things not possible in C but very possible in assembler: Function calls using a different ABI, most types of garbage collection memory allocation strategies, automatic stack descriptors for use by said garbage collectors and some exception handler schemes and probably loads of other stuff I just haven't run into yet.
Also C is pretty bad for optimizing compared to other languages. This is due to the fact a pointer can do just about anything, which takes away guarantees other languages would be able to provide to the optimizer. C might be better at _manual_ optimizing than most other languages except assembler.
The proper term for a /64 is a link. Since there are 128 bits in an address, using the first 64 bits to specify a link leaves the remaining 64 for the host part. For a host all the bits are fixed, so it is a /128.
Example: The localhost is ::1/128
baldur@pkunk:~$ ip -6 addr show dev lo ::1/128 scope host
1: lo: mtu 16436
inet6
valid_lft forever preferred_lft forever
I think you are just confusing terms a little. HE will assign you a /48 prefix. This prefix has space for 65536 links of size /64 each. Each link has space for 2^64 hosts, but that is not why we write the address as /64. The number after the slash is the number of bits in the prefix, not the number of bits in the host part of the address.
For example, some people like to use /127 for point to point links. This means the first 127 bits are prefix and only 1 bit is host, leaving space for only two hosts. One for each end.
Done ranting. All I wanted to say was: /80 is completely non-standard. It is not the usual size for anything, that be subnet, prefix, links, hosts, or whatever other name you might call something.
This is called NAT64 and DNS64.
NAT64: http://tools.ietf.org/html/rfc6146
DNS64: http://tools.ietf.org/html/rfc6147
It is one of the worse transition methods in my opinion. DNS64 is stateless but is not compatible with DNSSEC. NAT64 is stateful and just another Large Scale Nat solution (ISP-NAT).
The better method is dual stack. When the ISP is no longer able to provide sufficient IPv4 addresses they should using DS-lite with A+P: http://tools.ietf.org/html/rfc6346
Yes, sorry. What I described is called DS-lite with A+P and was published at the same time as DS-lite.
DS-lite RFC 6333 (August 2011): http://tools.ietf.org/html/rfc6333
A+P extension RFC 6346 (August 2011): http://tools.ietf.org/html/rfc6346
/128 is a host...
DS-lite is really just a tunnel technology. The ISP has box somewhere with an IPv4 address. When this box receives a IPv4 packet with destination-port between 1000 and 2000 it knows that it has to forward the packet to customer 1. If the port is between 2000 and 3000 it goes to customer 2. Port 3000-4000 to customer 3 and so on. The port ranges are fixed at configuration by the ISP (not dynamic).
The CPE at customer 1 knows that ports 1000 to 2000 is allocated to it. It does normal NAT but restricted to that port range.
This allows the ISP to share one IP-address between multiple customers. The ISP box is completely stateless and therefore fast. They can probably get this as an extension to their backbone Cisco switches.
The tunnel is just a normal IPv4 within IPv6 packet style tunnel. This existed already before DS-lite was invented. DS-lite brings "select tunnel end-point based on port-range" and "let the CPE handle the actual NAT which is memory and processor intensive". And finally DS-lite defines some DHCPv6 options to tell the CPE about all this.
How would a DNS server's IPv6 address be advertised in such a manner?
Stateless DHCPv6. There is also a RA option that can specify DNS servers, but few operatingsystems currently support it.
You have clearly not tried carry grade NAT. These things are overloaded and slow. You would do well to convert your servers to IPv6 if you want to offer the best experience to your users.
There have been some improvements. IPv6 is not just IPv4 with longer addresses. You are stuck in IPv4 think - in the IPv6 world your computers will take a maximum of 30 seconds to discover a prefix change. Yes IPv6 has buildin route-verification. It is not just left to chance or to a timeout of the DHCP-lease. The computers are actively monitoring the router and if it fails the computers will go hunt for a new one with possibly a new prefix.
Your router is also monitoring the ISP the same way. It will not "forget" to do the prefix change.
All this is verified by independent testing centers for the IPv6 gold certification program. You can expect your equipment to actually do the right thing.
No. In Linux, the ping command does not support IPv6, period. You need to use ping6.
Check for yourself:
# ping the IPv6 localhost ::1 ::1
baldur@pkunk:~$ ping -c1
ping: unknown host
baldur@pkunk:~$ ping6 -c1 ::1 ::1(::1) 56 data bytes ::1: icmp_seq=1 ttl=64 time=0.042 ms
PING
64 bytes from
--- ::1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.042/0.042/0.042/0.000 ms
# ping6 does not understand IPv4
baldur@pkunk:~$ ping -c1 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_req=1 ttl=64 time=0.083 ms
--- 127.0.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.083/0.083/0.083/0.000 ms
baldur@pkunk:~$ ping6 -c1 127.0.0.1
unknown host
It is ping and traceroute that are the odd ducks. Most of the unix commands have a -4/-6 switch: telnet, ssh, mtr and so on.
It is quite annoying actually. I can ssh any domain and it will automatically work no matter if that domain has a A or AAAA record. But to ping the same domain I suddenly need to know.
This example is quite obvious but it might not be in a few years when IPv6 only sites are common:
# this fails
baldur@pkunk:~$ ping -c1 ipv6.google.com
ping: unknown host ipv6.google.com
# this works
baldur@pkunk:~$ ping6 -c1 ipv6.google.com
PING ipv6.google.com(fra07s07-in-x67.1e100.net) 56 data bytes
64 bytes from fra07s07-in-x67.1e100.net: icmp_seq=1 ttl=49 time=43.4 ms
--- ipv6.google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 43.449/43.449/43.449/0.000 ms
# curl automatically does the right thing: ...
baldur@pkunk:~$ curl -v http://ipv6.google.com/
* About to connect() to ipv6.google.com port 80 (#0)
* Trying 2a00:1450:4001:c01::67... connected
* Connected to ipv6.google.com (2a00:1450:4001:c01::67) port 80 (#0)
In that case, "majority" can buy the bankruptcy and own 100%. Minority loses.
Then realize that Windows clients default to link-local addresses
No Windows does not default to link-local addresses. Windows will _never_ use a link local address for accessing an internet site. No IPv6 enabled device would. If you actually read and understood that Wikipedia page, you would know why too.
How about XP clients not supporting DNS on v6?
XP clients has the needed support for DNS. Nobody would be crazy enough to deploy a pure v6 only network with XP clients on it. No home router on the marked operates in this mode. The XP clients will continue to lookup AAAA records using v4 and this works just fine.
It's not simple and it won't be simple in the near term for anyone who doesn't do this for a living
I think the difference between me and you might be that I have actually deployed an IPv6 network to customers on a large network. There are zero problems. It just works. And yes, for windows clients too.
And when you are done reading it, you will realize that nothing in there was something you actually need to know.
Deploying IPv6 is dead simple. Really.
Having every subnet to be /64 means people will not need to understand concepts such as netmask.
Having automatic default routes means people will not need to understand routing even when configuring addresses manually.
Having no NAT means people will not need to understand NAT. Yes really. NAT is a complicated subject for the average user.
In general it can be said that deploying IPv6 is so easy, that will happen automatically as soon as your ISP provides it. Your IPv6 ready router will pick it up and so will your computer.
Stupid too. So you got your splendid IPv4 address but need to talk to your European IPv6 friend? Guess what, you are out of luck!
When do people learn that as anyone is out we are effectively all out?
Oh it might yet only be a few Chinese dudes that we do not like that much anyway. But soon enough it will be Europe. I know Americans like to think that USA is the whole world, but in fact there is a reason they call USA+Europe+others "the western world".
There will probably always be v4 addresses for servers to go around. The first to go will be end users.
So what if some European pal is on an v6 only network? Surely his ISP has enabled some sort of NAT that allows him to access your old v4 site? Yes of course they have. But let me say from experience: Said ISP also undersized that NAT device, so it will be overloaded, slow and unstable. We have yet to see how easy DOS attacks on carrier NAT really is.
If you do _any_ business outside USA, and if you are an enterprise of any size of consequence you do, the message is very clear: Very soon a big chunk of your business will have a bad experience if you are not IPv6 ready.
As for end users, we also need to get on the bandwagon. The only way to do peer to peer communication with the increasing number of v6-only people is by having an v6 address yourself. Soon you will only get the full utility out of programs like Bittorrent if you got dual stack. It does not matter were in the world you live, some of your peers are going to be in those regions that are out of v4 addresses.
If you are a lazy enterprise, you can buy a NAT64 box and put in front of your servers. It is a one step solution to exposing your services on the IPv6 network.
And for the employees, well what are they doing browsing the net during working hours anyway? Plus, you probably have them using a proxy server already (so you can filter dangerous non-work related pages) and said proxy server will work as a translation technology. Only the proxy server needs an IPv6 address.
Lazy enterprises can get away without implementing IPv6 for almost forever. Just like they did with IE5.
APNIC ran out 19 April 2011: http://www.potaroo.net/tools/ipv4/index.html
HP did a quick one. We got a ton of IPv6 enabled HP 2910al HP layer 3 gigabit switches. Did I say layer 3? What I meant was layer 3 IPv4 and managed layer 2 IPv6 switches.
Yes, HP apparently figured the switch would qualify for all those government deals that mandates IPv6 support. I bet they were right. But the switches are just some very expensive managed switches for any IPv6 work. No support for routing IPv6 nor any other useful IPv6 support. But you _can_ telnet, ssh, SNMP etc to them using IPv6. The switch can be assigned an IPv6 address. So this qualifies for an IPv6 gold logo. They just do not advertise very loud that it is a logo for a "client"-device.
So does HP suck? Not especially so. It is the whole industry pulling this stunt.
There is no such thing as the last IP. You can always take one from another customer that pays less. What, you thought that address you paid extra for was yours to keep for ever? Not so.
In some cases the address space is actually yours to keep. But even then, there will be a price where you will choose to sell it. And if not you, then someone else.
If you are using Debuan/Ubuntu/etc just do this simple command:
sudo apt-get install gogoc
Tada! You got IPv6. Test it at http://test-ipv6.com/
*Any* solution will not get around pulling out the hard drive, swapping its controller, and running forensics - but if the key/algorithm is sufficiently strong it would take them a while
That is why part of the key needs to be stored in the controller (or any other external to the actual disk). Store part of the key in a tamper resistant chip. If the chip is lost, or if the chip activates its self destruct protocols, the actual 256 bit AES key is lost for ever.
If you are suggesting that they might try to brute force data encrypted with something like 256 bit AES (or even 128 bit) - well that wont be any of your concern. You will be long gone before they succeed in that. No matter who "they" are.
There is SEND: http://tools.ietf.org/html/rfc3971
But only the implementations are Cisco, Linux and BSD. So not an option in practice.
You need to understand the coupling between "autoconf" also called SLAAC (stateless address autoconfiguration) and DHCPv6. SLAAC is used when the network has active routers with a RA daemon but no DHCPv6 server. The RA daemon is nothing but a router announcing its presence and the subnet it will route. Any extra information is retrieved from a possibly stateless and possibly non-local DHCPv6 server by multicast.
The idea is that RA gives you enough information to communicate with the DHCPv6 server. It is not intended to be a replacement for DHCPv6. In fact it is a required part of DHCPv6.
Someone figured that it would be possible to do entirely without DHCPv6 so they allocated one bit in the RA response for that case. Of course that is not so useful if you need information such as DNS.
Later DNS information was added to the RA response. Not all clients supports this however, so it is still recommended to run a (stateless) DHCPv6 server to provide that information.
It should be trivial to implement a stateless DHCPv6 server along your RA daemon so I am not sure why everyone makes this a problem.
You are proof that the judge is wrong. Either that, or you are not a "reasonable person". Because he said that Top Gear did lie but noone reasonable would believe what they said as true...
I get monads. But Prolog? I never learned to do more than asking what color is the ball in the third hut? Can you actually make real programs with that?