NAT is about address use, not security. In no way should NAT ever be confused with security, even if it appears to give you some security.
Every single security feature you like about NAT can also be had without NAT.
The common things people think they get with nat:
- Connections that must initiate from inside the network. This is easily achieved with a normal firewall and routable addresses as well.
- My addresses aren't routable, so I'm more secure.
No, your addresses are perfectly routable, just the internet at large does not route them by agreement. Your ISP could easily configure it's routers to get traffic in to your network on those addresses.
- It hides the real addresses of my machines.
Not really... or more accurately, to an outside attacker, those addresses dont mean anyhting anyway. Whether they are known or not is not relevant. A firewall in front of a network of routable addresses could hide things equally well.
NAT by itslef does not reduce exposure. The best example of this would be those who configure nat in a hurry on linux 2.4 systems..... they set up an SNAT or masquerade rule in postrouting, and that's it. That's nat, full, 100% working nat. With absolutely no security.
The ISP could route to their internal network, no problem, making connections to whatever they want.
This is easily fixed by a few rules.. but then you are into firewalling, and not NAT at all.
1 - They complement each other, yes, and they are intimately interrelated.. but they are not the same thing (for practical purposes). If you have a bar magnet in front of you, is their an electric field around it? no, there isn't.
2 - A cruise of the whitepapers indicates that the magnetic field strength is related to distance via 1/d^6, as opposed to radiated power, where it's relatd to 1/d^2. This means a much sharper dropoff in power... meaning the point beyond which there is a negligible power level is much sharper.
3 - A magnetic field and RF radiation are not the same thing.. one transmits energy over distance (RF).. the other puts that energy into sustaining a field (Magnetic)
4 - What you are saying about frequencies applies to RF. This is not about RF. The mention of a high frequency, relatively unused ISM band probably refers to the EM side effects of the devices. (a 10Ghz oscillator, even if it's used via induction, sitll creates a 10Ghz EM signal)
5 - "Used by Industrial, Scientific, and Medical" as they said in the article, is most likely just the reporter trying to sound smart.. but that's usually abbreviated as "ISM", and covers the fun 900Mhz and 2.4Ghz bands we already love and know, as well as others....
6 - interference is not an issue for practical purposes because this thing has a high field strength within the bubble, and virtually none outside. Any inteferer would have to be really strong, or really close.
except, this type of thing is not the responsibility of the DNS.
The fact that we tend to use DNS as an index of everything, and that humans can't get over "Www." is OUR problem, not a problem with DNS. DNS is a precise lookup service... we'd just like it to function as it always has, thanks.
DNS wasn't put here to look up websites, it's far more fundamental than that.. and if people are too lazy to learn how to use a web browser right.. tough cookies for them. We should not be mangling DNS in order to do it.
DNS is about a LOT more than just you looking up a web address, and to break it now is absurd.
If you want a feature like you suggest, you build it at the application level, into the web browser... you don't mess with the fundamental protocols involved.
It's the same under certain conditions only. In the scenario you described, it would make no difference.
Let's look at another one now... Let's say we have a) A guy who goes out, spends lots of time, and over a year manages to borrow and make copies of 1000 cds, either by taking them from the library, friends, strangers, etc.
b) A guy who makes 1000 copies of commercial CDs, and gives them away on the sidewalk.
Guy A took personal time and effort, and how much he got was directly related to his time and effort.
Guy B let a whole bunch of people get copies of music with NO effort.. they just had to walk by his booth.
A distributor can cause a lot of damage in a hurry. An individual making personal copies really isn't.. he's only affecting his own habits.
The point of the law is, more or less, that if YOU take on the effort to acquire temporarily, and copy, whatever music you want, it's okay.. but if you set it up to distribute to others, it's not.
This makes sense. The fact that we want to split hairs about what digital music sharing is all about just confuses things.
But that's not really a reason to make it unavailable.. a lot of things will do a lot more damage to you a lot faster, and you can buy them at 7-11.....
And how long would it take you to transfer a terabyte of information to the UK. Total cost here.. the other end has to pay as well.
Your cost is cheap because your ISP does cost averaging. If you pin your connection at maximum usage in/out 24/7, most broadband residential ISPs will send you a nasty letter, and shortly after, simply drop you as a customer. They aren't REALLY selling you bandwidth at that price. OR if you want to look at it, they are, but only if you use it a small amount.
If you need to transfer terabytes of data long distance, quickly, it's cheaper and faster to send computers via fedex than it is to purchase the bandwidth from some network provider.
It's not radioctive. It's not all that useful for much. It is interesting chemcially.
It's not that expensive, though certainly much more expensive than normal water... but compared to other chemicals, it's not that pricey.
The "Heavy" in heavy water refers to the fact that it is heavy, not that it is full of dangerous radiation, metals, or anything else.... You could drink it.
Let's face it. We've survived these worms pretty well. Some minor inconveniences. Sure, some people paid some money.. but it was spread around. We've survived lots of worms, and viruses, and other disasters... each time we learn a lesson, systems are hardened a bit. Pundits bitch about how security isn't getting any better, but if you look at the number of new hosts on the net in the last 10 years, it's surprising how FEW big problems there have been. The Interent is so far, successful.
Fines for people? No way. ISPs need to be responsible, peopel need to be responsible.. and that's about it. I'm not in favor of licenses, fines, or any other scheme for keeping the net "safe". It will just create beurocracy.
What I AM in favor of is making the pricing reflect costs. If your computer uses a ton of baniwidth because of some worm, you SHOULD pay for it. The fact that you didn't know is irrelevant... your computer used it.. it's your responsibility (though not necessarily your fault). Of course, ISPs will not go to this length.. customers won't like the pricing model.. its' better to charge based on average usage, and then kick off the "abusers".
The net has done well so far. Let's keep it open, and let it grow.. and if some organisation really misbehaves, we jus't wont play with them more.
IT's not like canada is one big city coast to cast along the US border you know.
We are talking about the population density of the populized areas.. NOT calculated over teh entire landmass of Canada...
This argument doens't hold up, sorry.. the population density of canada just in teh strip north of hte US is still much lower than the US, or the UK, or most other places.
And certainly, the logistics are different. But considering the US likes to think of itself as a leader in the net field.... well, excuses don't cut it.
No, they did not take into account that it is a larger country with more sparse population. Neither did they take into account that it's the largest, richest economy on earth, and currently the most powerful nation on the planet. It goes both ways.
Canada is #3 on the list, and we are significantly more spread out than the US is. Yes, even accounting for the fact that 90% of our puplation is within 90km of the US border, we are STILL more spread out than the US is.
Yes, it did happen, and the information hasn't reached us yet. Okay. From our point of view.
Different observes will percieve events happening in a different order.. therefore there is no such thing as absolute time.
There is no absolute reference from from which you can declare what order things happened in. Time marches differently for different observers, and there is no one who is more correct than any other.
Verisign should nto be able to just mess with the dns system like this. They should be a registrar.. nothing more. From their point of view, whether or not this involves websites is pointless.
P2p, which is a silly term to use really, is just about peer to peer. It's about hosts communicating directly with each other.
If I send you a ping... that's a p2p operation. If I send you an email, it's not.. there are servers involved. If I ftp a file to your computer, that' s a p2p operation.
What is it really about, except the ability of computers to communicate directly to each other. Now.. that's what the internet is.
The future of the network is partially p2p... I don't mean file sharing (because we always had that).. but in machines sem-intelligently communicating directly with each other.. and helping each other out, rather than having everything localized at big servers. Why not? it's not revolutionary, it's not sneaky... it just makes sense. We have more bandwidth, therefore methods of doing things that were not practical in the past are now practical.
It's a shame that people can't look past the somewhat shady uses of some new technology and see the benefits.
Look at bittorrent... it is a great example. It's not 100% distributed, but it uses the p2p concept to let a bunch of machines help each other out towards a common goal.. and it works really well. Look at skype.. it's neat... the kazaa model applied to voip (sort of). Great idea....
Look at kazaa.... let's forget for a few minutes that it's mostly porn and copyrighted music, and think in terms of the number of items available in a large, searchabale index, for anyone to get... all without the need for any central, dedicated server.. now that's pretty cool.
Now picture these things working together... ideas like "swarm computing" "hive computing" "chaotic routing" and whatnot are really all about ways for things to work semi-autonomously... it's great.
but all effects. Taken from a relativistic point of view, the event simply has not happened form our point of view until the effects reach us, and the fastest they can propagate is the speed of light. Gravitational effects included.
It's not just a matter of us "not seeing it yet".. but that it literally has not happened.
I think you need to re-evaluate what you think space is made of, and how the speed of light is relevant.
We can't see "ripples" Because they woudl have to move faster than the speed of light to get to us before the event itself did... the maximum speed any effect on the universe from that event moves outwards is the speed of light. Period. Gravitational.. the imaginary "ripples" you think you would see, everything.. NO effects can be detected any faster than that.
In fact, from our perspective, it didn't happen until we see it.
Now, speed of light in a vacuum, yes, is a limit.. what "stuff" do you think it travelled through? Do you think the interstellar dust somehow significantly slowed down the light from the event, yet would allow the effects of that light to ripple towards us faster? Makes no sense.
As there is no absolute time... to say "it blew up but we didnt' see it yet" is actually inaccurate... it didn't blow up as far as we are concerned until we saw it. Before that, the effects of the explosion had no effect on the universe as far as we are concerned.
It's not jjust the light from the event, but the gravitational and other effects as well.. for all intents and purposes, the event doesn't happen until we see it.
Furthermore, it's proportional.. howver much power is lost over distance distance D, 4 times as much is lost over 2D, and 8 times as much is lost over 3D, etc.
It may be highly unlikely.. it's also highly unlikely for an event 45,000 light years away to cause disruptions HERE, over that distance as you said.
Let's see.. you want to be responsible for a name that is globally reachable in the DNS, and you want control as close to the root zone as possible.. is it wrong for the public to want to know who you are? After all.. this is humanity. I can just see how things go when we CANT find out who owns what..
This is about an agreement made between the two parties, not about the trademark, even if that's what started it.
If Apple Computers agreed to stay out of the music busines.. you get the picture.
Nowadays, nobody will confuse Apple with Apple.. but in the day when Apple Records decided to settle out of court with Apple Computers.. it was a different story.
Slashdot Mirror
NAT is about address use, not security. In no way should NAT ever be confused with security, even if it appears to give you some security.
Every single security feature you like about NAT can also be had without NAT.
The common things people think they get with nat:
- Connections that must initiate from inside the network.
This is easily achieved with a normal firewall and routable addresses as well.
- My addresses aren't routable, so I'm more secure.
No, your addresses are perfectly routable, just the internet at large does not route them by agreement. Your ISP could easily configure it's routers to get traffic in to your network on those addresses.
- It hides the real addresses of my machines.
Not really... or more accurately, to an outside attacker, those addresses dont mean anyhting anyway. Whether they are known or not is not relevant. A firewall in front of a network of routable addresses could hide things equally well.
NAT by itslef does not reduce exposure. The best example of this would be those who configure nat in a hurry on linux 2.4 systems..... they set up an SNAT or masquerade rule in postrouting, and that's it.
That's nat, full, 100% working nat.
With absolutely no security.
The ISP could route to their internal network, no problem, making connections to whatever they want.
This is easily fixed by a few rules.. but then you are into firewalling, and not NAT at all.
1 - They complement each other, yes, and they are intimately interrelated.. but they are not the same thing (for practical purposes). If you have a bar magnet in front of you, is their an electric field around it? no, there isn't.
2 - A cruise of the whitepapers indicates that the magnetic field strength is related to distance via 1/d^6, as opposed to radiated power, where it's relatd to 1/d^2. This means a much sharper dropoff in power... meaning the point beyond which there is a negligible power level is much sharper.
3 - A magnetic field and RF radiation are not the same thing.. one transmits energy over distance (RF).. the other puts that energy into sustaining a field (Magnetic)
4 - What you are saying about frequencies applies to RF. This is not about RF. The mention of a high frequency, relatively unused ISM band probably refers to the EM side effects of the devices. (a 10Ghz oscillator, even if it's used via induction, sitll creates a 10Ghz EM signal)
5 - "Used by Industrial, Scientific, and Medical" as they said in the article, is most likely just the reporter trying to sound smart.. but that's usually abbreviated as "ISM", and covers the fun 900Mhz and 2.4Ghz bands we already love and know, as well as others....
6 - interference is not an issue for practical purposes because this thing has a high field strength within the bubble, and virtually none outside. Any inteferer would have to be really strong, or really close.
except, this type of thing is not the responsibility of the DNS.
The fact that we tend to use DNS as an index of everything, and that humans can't get over "Www." is OUR problem, not a problem with DNS. DNS is a precise lookup service... we'd just like it to function as it always has, thanks.
DNS wasn't put here to look up websites, it's far more fundamental than that.. and if people are too lazy to learn how to use a web browser right.. tough cookies for them. We should not be mangling DNS in order to do it.
DNS is about a LOT more than just you looking up a web address, and to break it now is absurd.
If you want a feature like you suggest, you build it at the application level, into the web browser... you don't mess with the fundamental protocols involved.
It's the same under certain conditions only.
In the scenario you described, it would make no difference.
Let's look at another one now...
Let's say we have
a) A guy who goes out, spends lots of time, and over a year manages to borrow and make copies of 1000 cds, either by taking them from the library, friends, strangers, etc.
b) A guy who makes 1000 copies of commercial CDs, and gives them away on the sidewalk.
Guy A took personal time and effort, and how much he got was directly related to his time and effort.
Guy B let a whole bunch of people get copies of music with NO effort.. they just had to walk by his booth.
A distributor can cause a lot of damage in a hurry.
An individual making personal copies really isn't.. he's only affecting his own habits.
The point of the law is, more or less, that if YOU take on the effort to acquire temporarily, and copy, whatever music you want, it's okay.. but if you set it up to distribute to others, it's not.
This makes sense. The fact that we want to split hairs about what digital music sharing is all about just confuses things.
Most of us patched the first time.
Copycats don't bother us.
You see, due to the nature of the original "benign" version, as you call it, you had to patch systems in order to not get re-infected in a hurry....
"virii" is not a word.
But that's not really a reason to make it unavailable.. a lot of things will do a lot more damage to you a lot faster, and you can buy them at 7-11.....
And how long would it take you to transfer a terabyte of information to the UK. Total cost here.. the other end has to pay as well.
Your cost is cheap because your ISP does cost averaging. If you pin your connection at maximum usage in/out 24/7, most broadband residential ISPs will send you a nasty letter, and shortly after, simply drop you as a customer. They aren't REALLY selling you bandwidth at that price. OR if you want to look at it, they are, but only if you use it a small amount.
If you need to transfer terabytes of data long distance, quickly, it's cheaper and faster to send computers via fedex than it is to purchase the bandwidth from some network provider.
Why should you not be able to buy it?
It's not radioctive. It's not all that useful for much. It is interesting chemcially.
It's not that expensive, though certainly much more expensive than normal water... but compared to other chemicals, it's not that pricey.
The "Heavy" in heavy water refers to the fact that it is heavy, not that it is full of dangerous radiation, metals, or anything else.... You could drink it.
Honest question here....
If there is no fusion going on, where are the neutrons coming from?
Let's face it. We've survived these worms pretty well. Some minor inconveniences. Sure, some people paid some money.. but it was spread around. We've survived lots of worms, and viruses, and other disasters... each time we learn a lesson, systems are hardened a bit. Pundits bitch about how security isn't getting any better, but if you look at the number of new hosts on the net in the last 10 years, it's surprising how FEW big problems there have been. The Interent is so far, successful.
Fines for people? No way. ISPs need to be responsible, peopel need to be responsible.. and that's about it.
I'm not in favor of licenses, fines, or any other scheme for keeping the net "safe". It will just create beurocracy.
What I AM in favor of is making the pricing reflect costs. If your computer uses a ton of baniwidth because of some worm, you SHOULD pay for it. The fact that you didn't know is irrelevant... your computer used it.. it's your responsibility (though not necessarily your fault).
Of course, ISPs will not go to this length.. customers won't like the pricing model.. its' better to charge based on average usage, and then kick off the "abusers".
The net has done well so far. Let's keep it open, and let it grow.. and if some organisation really misbehaves, we jus't wont play with them more.
Yes, but still nowhere NEAR what it is in the UK.
IT's not like canada is one big city coast to cast along the US border you know.
We are talking about the population density of the populized areas.. NOT calculated over teh entire landmass of Canada...
This argument doens't hold up, sorry.. the population density of canada just in teh strip north of hte US is still much lower than the US, or the UK, or most other places.
And certainly, the logistics are different. But considering the US likes to think of itself as a leader in the net field.... well, excuses don't cut it.
No, they did not take into account that it is a larger country with more sparse population. Neither did they take into account that it's the largest, richest economy on earth, and currently the most powerful nation on the planet. It goes both ways.
Canada is #3 on the list, and we are significantly more spread out than the US is. Yes, even accounting for the fact that 90% of our puplation is within 90km of the US border, we are STILL more spread out than the US is.
It's a great idea. It's just not reality.
Yes, it did happen, and the information hasn't reached us yet. Okay. From our point of view.
Different observes will percieve events happening in a different order.. therefore there is no such thing as absolute time.
There is no absolute reference from from which you can declare what order things happened in. Time marches differently for different observers, and there is no one who is more correct than any other.
The disturbance was all EM radiation, X and Gamma, which as you know travels at the speed of light.
There was no particle disturbance at this distance.
There is no way to detect the EM burst before it gets here..
The initial portion is what just hit us, and is what the article is about.
Verisign should nto be able to just mess with the dns system like this. They should be a registrar.. nothing more. From their point of view, whether or not this involves websites is pointless.
P2p, which is a silly term to use really, is just about peer to peer. It's about hosts communicating directly with each other.
If I send you a ping... that's a p2p operation.
If I send you an email, it's not.. there are servers involved.
If I ftp a file to your computer, that' s a p2p operation.
Old-style unix "talk" command is p2p.
New-style instant messengers aren't (sort of)
What is it really about, except the ability of computers to communicate directly to each other. Now.. that's what the internet is.
The future of the network is partially p2p... I don't mean file sharing (because we always had that).. but in machines sem-intelligently communicating directly with each other.. and helping each other out, rather than having everything localized at big servers. Why not? it's not revolutionary, it's not sneaky... it just makes sense. We have more bandwidth, therefore methods of doing things that were not practical in the past are now practical.
It's a shame that people can't look past the somewhat shady uses of some new technology and see the benefits.
Look at bittorrent... it is a great example. It's not 100% distributed, but it uses the p2p concept to let a bunch of machines help each other out towards a common goal.. and it works really well.
Look at skype.. it's neat... the kazaa model applied to voip (sort of). Great idea....
Look at kazaa.... let's forget for a few minutes that it's mostly porn and copyrighted music, and think in terms of the number of items available in a large, searchabale index, for anyone to get... all without the need for any central, dedicated server.. now that's pretty cool.
Now picture these things working together... ideas like "swarm computing" "hive computing" "chaotic routing" and whatnot are really all about ways for things to work semi-autonomously...
it's great.
but all effects. Taken from a relativistic point of view, the event simply has not happened form our point of view until the effects reach us, and the fastest they can propagate is the speed of light. Gravitational effects included.
It's not just a matter of us "not seeing it yet".. but that it literally has not happened.
I think you need to re-evaluate what you think space is made of, and how the speed of light is relevant.
We can't see "ripples" Because they woudl have to move faster than the speed of light to get to us before the event itself did... the maximum speed any effect on the universe from that event moves outwards is the speed of light. Period. Gravitational.. the imaginary "ripples" you think you would see, everything.. NO effects can be detected any faster than that.
In fact, from our perspective, it didn't happen until we see it.
Now, speed of light in a vacuum, yes, is a limit.. what "stuff" do you think it travelled through? Do you think the interstellar dust somehow significantly slowed down the light from the event, yet would allow the effects of that light to ripple towards us faster? Makes no sense.
Time, as you know, is all relative.
As there is no absolute time... to say "it blew up but we didnt' see it yet" is actually inaccurate... it didn't blow up as far as we are concerned until we saw it. Before that, the effects of the explosion had no effect on the universe as far as we are concerned.
It's not jjust the light from the event, but the gravitational and other effects as well.. for all intents and purposes, the event doesn't happen until we see it.
The article doesn't say anything about protons.. just X/Gamma detected.
IT mentions in the first paragraphs what a flare from the sun looks like... EM burst followed by a proton shower... but that was only from our sun.
There was no mention of particle detection from the far-away event.
Square of distance... not cube.
Furthermore, it's proportional.. howver much power is lost over distance distance D, 4 times as much is lost over 2D, and 8 times as much is lost over 3D, etc.
It may be highly unlikely.. it's also highly unlikely for an event 45,000 light years away to cause disruptions HERE, over that distance as you said.
Let's see.. you want to be responsible for a name that is globally reachable in the DNS, and you want control as close to the root zone as possible.. is it wrong for the public to want to know who you are? After all.. this is humanity. I can just see how things go when we CANT find out who owns what..
of a position of trust.
They should maintain the registry from a technical perspective, period.
This is about an agreement made between the two parties, not about the trademark, even if that's what started it.
If Apple Computers agreed to stay out of the music busines.. you get the picture.
Nowadays, nobody will confuse Apple with Apple.. but in the day when Apple Records decided to settle out of court with Apple Computers.. it was a different story.
at no extra cost, even...
You know, you CAN use it on a mousepad.. it keeps it cleaner, and moves smoother, depending.
Really. It works. I've seen it.