Yes. magical little devices, those computers. That said, if you think that before the users install your "application", they'd nuke their OS and install a fresh one from scratch, then you must be even more confused than i initially thought you'd be. In fact a much more realistic testing scenario would be to make random junk changes to your VM and snapshot those too, intermixed with the occasional update. But i'm not advocating that.
Ever heard of restoring a snapshot, installing updates and creating a new snapshot? then you branch off of the latest snapshot for your tests. Jesus, get a clue.
But you have already installed from scratch, and saved the hard disk. What's the difference between restoring and reinstalling anew? You must be horribly confused.
both would primarily transmit. look at that RX vs TX. and (to GP) calling 34G a day "not a heavy user" is plain silly. That's a continuous > 3 Mbit/s stream of incoming data, 24/7.
Yes, cue the standard "Batteries haven't advanced!" stuff from people carrying around cell phones with significantly more amp hours in a smaller battery profile than the last generation phones that they owned.
Well in the eyes of the average smartphone zombie, what has really happened is "cell phone battery life" plummeting. My Nokia brick lasted weeks (plural) even when the battery was years old. Earlier this year it finally broke, I replaced it with a smartphone which, depending on usage, has a battery that lasts something between half a day and three days. So what is the obvious conclusion to arrive at? Battery tech isn't improving. Can't really blame them for that.
Not quite - the slowing o fusion as hydrogen runs out just causes the star to collapse. If it's massive enough though, the greater pressures and temperatures that creates then cause the helium and other heavier elements to begin fusing, releasing far more energy far more quickly than in the original star, causing an explosion that is barely noticable at the surface
Sufficiently massive starts will happily fuse all their He, then all their C, and then whatever comes next until Fe. This wouldn't be possible if the star was already ripped to sheds when the He burning started.
The star "explodes" when the fusion stops, and there's NO "next stage" fusion to start at the increasing pressure and temperatures, to counter gravity.
Here around on our side of the pond ? Let me count:
- Most of the ISP here around in Europe that I know of (Switzerland, France, Germany) are providing IPv6.
My former German ISP provided IPv6 in an opt-in pilot project, although they were doing it wrong and changed the routing prefix twice a day, so it was useless. My current German ISP does not provide IPv6. Heck, they don't even give me PPP credentials meaning I cannot use my own gear. (Then again, it's past August now, so next time I ask them they better do...)
Regarding IPv6, I do have a point. (paraphrased)
Ok.
And with only a single globally routable address, you do NEED to be on RFC1918 network.
Obviously this isn't the only way one can do NAT, but it's the only way joe sixpack's router does it.
But with a completely different premise, I'm still right (paraphrased)
Ok.
And I'm telling you, the extra security provided to joe sixpack DOES come from the fact that he's being NATted, since he's still unreachable when any other packet filtering is disabled.
(emphasis mine) Yup. We've reached a conclusion.
(additional emphasis mine). I don't really see how that is a conclusion to draw from the above. You do realize I said UNreachable and DISabled, right?
We both agree that for security, you need packet filtering.
That was never really the question, although I agree, because I consider what an IPv4 home-router NAT setup does to be an implicit (or accidental) packet filter.
But when there is no NAT, NAT does not add any security (paraphrased)
Indeed. You can skip the lesson on networking history, by the way.
- Router with USB (as a network device) and a single Ehternet port, that did hand out a private address over DHCP to the computer, BUT THEN DID A 1:1 STRAIGHT MAPPING between the public IP address and the private address of the computer. (What was the name of this already? "cone NAT" ?)
We call that NAT. What Joe sixpack's home router does is NAPT, to be pedantic.
- Same as above. Except that now the DHCP can hand out 3 other adresses (to plug a networked printer ?) But still does straight 1:1 Mapping with the first address
I have never encountered such a bizarre scheme.
So the reason current NAT'ing does security is because in addition of employing private address, it does sensible packet filtering (block inboud traffic, allows on-demand outbound traffic [...]
Only if by "current NAT'ing" you really mean "that oddball Zyxel thingy that does it wrong." This is not the usual case, and in the usual case unsolicited inbound traffic gets dropped simply because the router has most their (TCP or UDP) ports closed.
(Yes, I have also heard of that one device that internally rolls dice in order to select what random machine from (say) 192.168.0/24 receives the traffic to A.B.C.D/32, on a per-packet basis.)
Well, fusion explosions routinely rip entire stars to sheds, so I'm not betting on any theoretical limits on a human scale, even if it is only a fission reaction.
The fuck? It's the fusion coming to a stop that "rips entire stars to sheds" (exercise for the reader: why?). As long as the fusion is going on, the star is perfectly happy thank you very much.
So then let's start with the headline. "Nuclear Plants Leak Critical Alerts [...]"
Leak? That would imply they're not dispatched intentionally. And "Leak" in the context of nuke plants...? Yes, that's totally not trying to make people click the link.
Do reasonable non-sensationalist submissions and we can discuss them reasonably.
The "security" of NAT comes as a by-product of the fact that multiple devices NEED to be on a private RFC1918-style network (assuming we're talking typical consumer-grade NAT), and hence no single device does - by default - receive inbound traffic because they're not addressable in the first place.
And I'm telling you : - you DO NOT need to be on an unaddressable private address (192.x.y.z or fxxx:::) to not receive any traffic.
No shit. Then again, how many "average joe 6-pack" users get assigned anything bigger than a/32 (i.e. a single address) for IPv4, or anything at all for IPv6? And with only a single globally routable address, you do NEED to be on RFC1918 network.
Obviously this isn't the only way one can do NAT, but it's the only way joe sixpack's router does it.
So please stop with this "NAT increases security".
And I'm telling you, the extra security provided to joe sixpack DOES come from the fact that he's being NATted, since he's still unreachable when any other packet filtering is disabled.
What you're describing is called a packet filter, not a router. The "security" of NAT comes as a by-product of the fact that multiple devices NEED to be on a private RFC1918-style network (assuming we're talking typical consumer-grade NAT), and hence no single device does - by default - receive inbound traffic because they're not addressable in the first place.
Sorry, you're right. Even my browser handles it correctly now. (For the record, I remember trying this with firefox two-weeks-ago (version 20-30ish) and with chrome (version unknown) on a friend's computer, unsuccessfully both times, but it might have been due to the Host header indeed. I hadn't thought of that..
I sometimes run 'sudo su - foo' because a) unlike with 'su - foo' I have to enter the root password rather than foo's password, and b) unlike 'sudo -i -u foo -g wheel' it's quicker to type.
Then there is no justification for the expectation that both sudo and su will somehow work as expected.
Yes, there is. sudo does its job, su does its job. Where the hell did you learn unix so that you think there was something wrong about combining the two?
All you actually have to do is lower the periapsis of your orbit such that it ends up inside the sun.
Okay, what's the minimum delta-v required to pull that off?
we got probes to Mercury
Yeah -- With payload masses ranging from 1/2 to 1 metric ton... Without in-depth research, there seem to be at least 70,000,000 metric tons of nuclear waste in the US alone -- and that doesn't include the equally heavy radiation shielding etc. For the foreseeable future, this won't work. Cheap mass-driver launches might help at some point.
Or we could change the space treaties to allow it to be sent into the sun.
Do you have any idea what kind of energy it takes to send something to the sun? Earth's orbital speed is around 70,000 mph, that's 70,000 mph you have to decelerate your payload.
Speaking of the payload, nuclear waste consists of heavy atoms. Heavier than lead, or gold. Have fun getting that even into earth/sun orbit at an acceptable cost.
Yeah. And look in what interesting ways they're killing themselves. I daresay with a proper understanding of kinematics (as well as dynamics), a lot less people would e.g. tailgate, or brake in the middle of a turn, etc.
Neither FreeBSD nor OpenBSD (nor NetBSD) ship or "support" any DE, and frankly I don't think any serious BSD user would even want to use KDE or Gnome or similarily bloated stuff that makes their computer "ready for granny". BSD users aren't granny, and granny doesn't use BSD. It would really be missing the point.
Slashdot Mirror
Yes. magical little devices, those computers.
That said, if you think that before the users install your "application", they'd nuke their OS and install a fresh one from scratch, then you must be even more confused than i initially thought you'd be. In fact a much more realistic testing scenario would be to make random junk changes to your VM and snapshot those too, intermixed with the occasional update. But i'm not advocating that.
Ever heard of restoring a snapshot, installing updates and creating a new snapshot? then you branch off of the latest snapshot for your tests. Jesus, get a clue.
But you have already installed from scratch, and saved the hard disk. What's the difference between restoring and reinstalling anew? You must be horribly confused.
both would primarily transmit. look at that RX vs TX.
and (to GP) calling 34G a day "not a heavy user" is plain silly. That's a continuous > 3 Mbit/s stream of incoming data, 24/7.
Yes, cue the standard "Batteries haven't advanced!" stuff from people carrying around cell phones with significantly more amp hours in a smaller battery profile than the last generation phones that they owned.
Well in the eyes of the average smartphone zombie, what has really happened is "cell phone battery life" plummeting. My Nokia brick lasted weeks (plural) even when the battery was years old. Earlier this year it finally broke, I replaced it with a smartphone which, depending on usage, has a battery that lasts something between half a day and three days. So what is the obvious conclusion to arrive at? Battery tech isn't improving. Can't really blame them for that.
Not quite - the slowing o fusion as hydrogen runs out just causes the star to collapse. If it's massive enough though, the greater pressures and temperatures that creates then cause the helium and other heavier elements to begin fusing, releasing far more energy far more quickly than in the original star, causing an explosion that is barely noticable at the surface
Sufficiently massive starts will happily fuse all their He, then all their C, and then whatever comes next until Fe. This wouldn't be possible if the star was already ripped to sheds when the He burning started.
The star "explodes" when the fusion stops, and there's NO "next stage" fusion to start at the increasing pressure and temperatures, to counter gravity.
Here around on our side of the pond ? :
Let me count
- Most of the ISP here around in Europe that I know of (Switzerland, France, Germany) are providing IPv6.
My former German ISP provided IPv6 in an opt-in pilot project, although they were doing it wrong and changed the routing prefix twice a day, so it was useless. My current German ISP does not provide IPv6. Heck, they don't even give me PPP credentials meaning I cannot use my own gear. (Then again, it's past August now, so next time I ask them they better do...)
Regarding IPv6, I do have a point. (paraphrased)
Ok.
And with only a single globally routable address, you do NEED to be on RFC1918 network.
Obviously this isn't the only way one can do NAT, but it's the only way joe sixpack's router does it.
But with a completely different premise, I'm still right (paraphrased)
Ok.
And I'm telling you, the extra security provided to joe sixpack DOES come from the fact that he's being NATted, since he's still unreachable when any other packet filtering is disabled.
(emphasis mine)
Yup. We've reached a conclusion.
(additional emphasis mine).
I don't really see how that is a conclusion to draw from the above. You do realize I said UNreachable and DISabled, right?
We both agree that for security, you need packet filtering.
That was never really the question, although I agree, because I consider what an IPv4 home-router NAT setup does to be an implicit (or accidental) packet filter.
But when there is no NAT, NAT does not add any security (paraphrased)
Indeed. You can skip the lesson on networking history, by the way.
- Router with USB (as a network device) and a single Ehternet port,
that did hand out a private address over DHCP to the computer,
BUT THEN DID A 1:1 STRAIGHT MAPPING between the public IP address and the private address of the computer.
(What was the name of this already? "cone NAT" ?)
We call that NAT. What Joe sixpack's home router does is NAPT, to be pedantic.
- Same as above. Except that now the DHCP can hand out 3 other adresses (to plug a networked printer ?)
But still does straight 1:1 Mapping with the first address
I have never encountered such a bizarre scheme.
So the reason current NAT'ing does security is because in addition of employing private address, it does sensible packet filtering (block inboud traffic, allows on-demand outbound traffic [...]
Only if by "current NAT'ing" you really mean "that oddball Zyxel thingy that does it wrong." This is not the usual case, and in the usual case unsolicited inbound traffic gets dropped simply because the router has most their (TCP or UDP) ports closed.
(Yes, I have also heard of that one device that internally rolls dice in order to select what random machine from (say) 192.168.0/24 receives the traffic to A.B.C.D/32, on a per-packet basis.)
Well, fusion explosions routinely rip entire stars to sheds, so I'm not betting on any theoretical limits on a human scale, even if it is only a fission reaction.
The fuck? It's the fusion coming to a stop that "rips entire stars to sheds" (exercise for the reader: why?). As long as the fusion is going on, the star is perfectly happy thank you very much.
So then let's start with the headline. "Nuclear Plants Leak Critical Alerts [...]"
Leak? That would imply they're not dispatched intentionally. And "Leak" in the context of nuke plants...? Yes, that's totally not trying to make people click the link.
Do reasonable non-sensationalist submissions and we can discuss them reasonably.
The "security" of NAT comes as a by-product of the fact that multiple devices NEED to be on a private RFC1918-style network (assuming we're talking typical consumer-grade NAT), and hence no single device does - by default - receive inbound traffic because they're not addressable in the first place.
And I'm telling you :
- you DO NOT need to be on an unaddressable private address (192.x.y.z or fxxx:::) to not receive any traffic.
No shit. Then again, how many "average joe 6-pack" users get assigned anything bigger than a /32 (i.e. a single address) for IPv4, or anything at all for IPv6?
And with only a single globally routable address, you do NEED to be on RFC1918 network.
Obviously this isn't the only way one can do NAT, but it's the only way joe sixpack's router does it.
So please stop with this "NAT increases security".
And I'm telling you, the extra security provided to joe sixpack DOES come from the fact that he's being NATted, since he's still unreachable when any other packet filtering is disabled.
It's the packet filtering that does.
For john netops, yes. For joe sixpack, no.
What you're describing is called a packet filter, not a router. The "security" of NAT comes as a by-product of the fact that multiple devices NEED to be on a private RFC1918-style network (assuming we're talking typical consumer-grade NAT), and hence no single device does - by default - receive inbound traffic because they're not addressable in the first place.
I'm forced to use Microsoft software at work. I encounter multiple bugs every hour, some quite serious.
I can confirm that
At home, I have the luxury of using Linux. I can go literally years without encountering a software bug.
I can NOT confirm that. Random example pulled out of my ass:
$ systemctl service_that_does_not_exist disable
$ echo $?
0
$
HTH
Sorry, you're right. Even my browser handles it correctly now. (For the record, I remember trying this with firefox two-weeks-ago (version 20-30ish) and with chrome (version unknown) on a friend's computer, unsuccessfully both times, but it might have been due to the Host header indeed. I hadn't thought of that..
unless the domain ends in a period. "google" -> "google.your.home.net"
So "google" -> "google.your.home.net" -> "google.your.home.net.your.home.net" -> "google.your.home.net.your.home.net.your.home.net" -> "google.your.home.net.your.home.net.your.home.net.your.home.net" [...]
Thanks for explaining the matter! I totally get it now.
technically that's not a problem, but i have yet to see a browser that wouldn't shit itself over a real FQDN (i.e. one that ends in a period)
I sometimes run 'sudo su - foo' because a) unlike with 'su - foo' I have to enter the root password rather than foo's password, and b) unlike 'sudo -i -u foo -g wheel' it's quicker to type.
Then there is no justification for the expectation that both sudo and su will somehow work as expected.
Yes, there is. sudo does its job, su does its job. Where the hell did you learn unix so that you think there was something wrong about combining the two?
Whoa, I think you're off by an order of magnitude.
Uh, yes. I meant kg, not tons, my bad. My source was treehugger though, not sure how serious their data is.
All you actually have to do is lower the periapsis of your orbit such that it ends up inside the sun.
Okay, what's the minimum delta-v required to pull that off?
we got probes to Mercury
Yeah -- With payload masses ranging from 1/2 to 1 metric ton... Without in-depth research, there seem to be at least 70,000,000 metric tons of nuclear waste in the US alone -- and that doesn't include the equally heavy radiation shielding etc. For the foreseeable future, this won't work. Cheap mass-driver launches might help at some point.
How is geothermal nuclear?
Solar, wind, wood, coal or gas aren't, in any way.
Or we could change the space treaties to allow it to be sent into the sun.
Do you have any idea what kind of energy it takes to send something to the sun? Earth's orbital speed is around 70,000 mph, that's 70,000 mph you have to decelerate your payload.
Speaking of the payload, nuclear waste consists of heavy atoms. Heavier than lead, or gold. Have fun getting that even into earth/sun orbit at an acceptable cost.
That was an April fool's joke in a German computer magazine, all including a drilling mask.
Yeah. And look in what interesting ways they're killing themselves. I daresay with a proper understanding of kinematics (as well as dynamics), a lot less people would e.g. tailgate, or brake in the middle of a turn, etc.
"another" DE? Like i3 was a DE in the first place? Sheesh.
Neither FreeBSD nor OpenBSD (nor NetBSD) ship or "support" any DE, and frankly I don't think any serious BSD user would even want to use KDE or Gnome or similarily bloated stuff that makes their computer "ready for granny". BSD users aren't granny, and granny doesn't use BSD. It would really be missing the point.
I see north then south I am going the right way, but south then north stop immediately
Interesting idea, but too easy to DoS using two magnets from the hardware store:
(N===S) [trolled car] (S===N)
RFID chips into the asphalt.
That's actually a pretty good and inexpensive idea, if failing to communicate with an RFID tag doesn't render the car immobile.