It's very unlikely that this is actually possible.
Technically, I guess you *could* make a phone capable of doing both 3G and GSM, and cripple the 3G part. The K610i, for example, has a memory option allowing you to disable 3G if you want to. (It improves talk time, apparently.)
And I guess, with today's technology involved in software defined radio, you could make a radio module that could be upgraded to 3G through pure software. However, this strikes me as very unlikely, as far as I know, this isn't the technology used in modern cell phones.
There is, after all, a reason why 3G phones tend to be larger than their GSM counterparts so far. For example, the Motorola RAZR v3x, which has 3G support, contrasted with the Motorola RAZR v3, is thicker, despite being basically the same phone as far as I'm aware.
I don't see why Apple would go with putting a radio in there, which could run 3G, and then not actually run 3G on it. They could have chosen a smaller and cheaper radio to start with, or they should have just announced it with to start with.
Then again, what do I know. I haven't seen any pages dissecting the iPhone, mainly because it doesn't exist yet. Maybe they have done what I think is very improbable. Or maybe it's just Apple being Apple, exceeding user expectations.
If the iPhone were a simple software upgrade away from doing 3G, it would definitely need FCC approval to operate on those frequencies and that mode. For that reason, if the iPhone is only a software update away from supporting 3G, and Apple is actively seeking FCC approval for that possibility, we'll hear about it very soon.
All we have on that page is an unlikely rumor, that doesn't stand up to scrutiny of common sense. But hey, then again, a while back the day before Apple announced their switch to Intel, up until the minute I heard it from Apple themselves, I believed the Intel switch to be yet another crazy apple rumor. I might be wrong again, on this count, but I doubt it.
Eventually, we will see an iPhone with 3G in it. That i'm certain of. Crippling a device like that at EDGE speeds is just plain stupid. I just don't think it'll be a mere software update away, though.
I don't know how it works in the US, but in Sweden, pagers are most often actually receive-only devices. Every single time somebody in Sweden is paged, that page is sent to every single pager tower transmitter in the country, and broadcast out a few times.
The way the pager knows if it has missed any pages is because there's a rolling sequence number on the pages, and if one is missed, it knows a page has been missed.
This leads me to think that people who are paranoid of being tracked through cell phones should just go get themselves a one-way pager, and turn on their cell phone only to make a call or return a page -- or just return the call using some other phone that happens to be around.
Incidentally, I wonder how two-way pagers work. Do they keep themselves associated to a certain tower, or do they receive the same way one-way pagers do, activating a transmitter only to send pages?
If you want to get really technical, I guess it's possible to track you by checking for the stray RF from your pager's radio receiver, but it's bound to be very impractical -- even much less practical than using the emissions from a Nike+iPod device to track you -- given the very low level of emissions.
Your Japanese may be fine, but your English sucks. "How do you do" is not the same as "how are you".:-)
"O-genki desu ka" (literally, "are you healthy?") is closer to "how are you?" than to "how do you do".
As for a translation of "hajimemashite" (roughly literally, "we have begun"), "nice to meet you" and "how do you do" are, at least in my opinion, equally close as translations to English idioms.
Disclaimer: English is my second language, and I'm just starting to learn Japanese.;-)
I RTFA, and it seems they're not actually extracting the chemical energy from the sewage -- rather, they're just installing a heat pump to exploit the temperature differential between the sewage and the ground.
Now, using a heat pump might be rather novel in itself -- but extracting energy from sewage is nothing new. We've been doing this in Sweden for quite some time now -- except chemically. Here's a random link with some information about one such installation...
The resulting biogas is used to replace natural gas in different applications, and we have for quite some time had Bi-Fuel vehicles that can run compressed biogas as well as gasoline, that enjoy certain tax benifits. Also, I seem to remember that a new residential area in Stockholm, Hammarby Sjöstad, is getting a biogas system for heating (and maybe for cooking, I can't remember)...
Either way. Extracting energy from sewage is not a new idea. Extracting heat energy from sewage using a heat pump might be a novel idea, but it's not really any new exciting technology, just a rather clever application of existing technology. Calling it "turning sewer waste to energy" is inaccurate, because the actual sewer waste isn't consumed when you do just, you just cool it down.
If that's the most secure way you can think of, you're obviously not a cryptographer.:-)
I'm definitely not a cryptographer myself, but from what I've heard, the Diffie-Hellman key exchange would be ideal for exactly this purpose.
I only know how it works vaguely, by analogy. The premise is that, if you want to send a key to a friend over an untrusted postal system, you'd put the key inside a box. You'd then lock the box by hanging on a padlock with a key only you have. You'd then send it to your friend, who would then proceed to hang another padlock on the box, meaning the box is still locked but with two keys. He would then send it back to you, and you'd then remove your padlock, and finally send it back to your friend who would remove his own padlock and get the key. Now, replace any references to locking with encryption, and you have the essence of a D-H Key Exchange. (Or so I have been told...)
Sure, a pure D-H key exchange can still be defeated by a man-in-the-middle attack, (imagine a guy in the middle pretending to be both you and your friend, performing seperate exchanges with you and your friend...) but that's not really the biggest problem. The biggest problem is that the Secure Easy Setup, as described, will allow any clients within a certain timeframe to perform a key exchange. If that's how it works, you have bigger problems in your security architecture to worry about than a theoretical man-in-the-middle attack.:-)
I live in China, where DRM effectively doesn't exist and bootlegs are widely available, without much chance of getting sued by the RIAA. It has killed the CHinese entertainment and everybody knows it. A recent movie of "Crazy Stone" stunned everybody by making a small profit. The key to its profitability was somehow, it took a whole week before quality bootlegs became widely available. That is a lot more important factor than the quality or basic appeal of a movie
Given the choice, people don't want to spend any money. Either you have to make new business models (typically involving all artists becoming advertisements), you have to abandon the entertainment industry, or you need DRM & copyright protection. Your system of people voluntarily giving money wouldn't work.
There is a big difference between the situation in China, where pirate copies on DVD are readilly available for a few yuan on every market, and widespread file sharing.
The main factor here is convenience. It is no less convenient to buy a pirated DVD at a market in China, then to buy a legitimate one. Also, from what I've heard, even most mainstream stores carry pirate copies. There is negligble value added to the commercial DVD, because it's neither more convenient to purchase, nor better than the bootleg in any meaningful way.
Why pay more for a DRM-laden "official" disc when you can pay less for a bootleg with no copy protection, if the convenience in doing so is the same?
The same thing applies to downloads on the Internet. Downloading a movie off bittorrent is pretty inconvenient, if you face it, compared to how convenient it *could* be if we get nice DRM-free services from the movie industry.
Either way, I don't think many copyright reform people believe in a complete elimination of the commercial copyright. One reasonable proposal for copyright reform would involve retaining exclusive copyright for commercial purposes for 5 years, and allowing unlimited copying for personal or non-profit use. This is the position the Swedish Pirate Party takes, for example.
Quite simply, you can't compete with a product that is cheaper than the real thing and just as good. But you can compete with free, if you add value beyond the actual movie itself, such as the convenience of downloading it. This is because those who sell bootlegs actually make money and have an incentive to be on the markets, making it convenient to buy their copies. There is no such incentive in a peer to peer network.
The Movie Industry could make a killing if they started competing with free by streaming movies. No, not the streaming kind where you need to stream it every time you watch it, but the kind where you download the movie and can watch it as it downloads. If the download speed is faster than the video data rate (quite reasonable with current residential broadband in Sweden), there is no concern for skipping, because the buffer just gets progressively larger. Would you pay 50 yuan / 50 kronor / $5 / 5 for the convenience of getting to watch the movie immediately without waiting for the download, and without messing with torrent sites? I just might if it were convenient enough and worked on my Mac.
IPV6 on the other hand uses 128 bit addresses (please correct me if i'm wrong), which gives you an unbelievably large number of addresses, which will be able to address every atom in the universe with it's own IP address.
Not quite so many. How many atoms can IPv6 address? For purposes of a simple back-of-the envelope calculation for visualizing the mass required, imagine that the average atomic mass in biomass is 10 u, making biomass approximately 10 gram/mol. Now, you may disagree with this exact number, but it's definitely the right order of magnitude.
Now, you have 2^128 ~= 3.4E+38 addresses out there, and you have Avogadro's constant, 6.0E+23 which is the number of atoms in a mol.
If you want to address every atom with an IPv6 address, you can address a maximum of 3.4E+38 / 6.0E+23 mol = 5.7E+14 mol.
Given biomass at 10 gram/mol or 1E-2 kg/mol, that gives you the ability to address 5.7E+12 kg of carbon 12. A quite big amount of mass, but in no way unfathomable.
Especially not if you divide it by 6 billion, which is the approximate population of earth. 5.7E+12 / 6E+9 = 1000.
So, every person on earth could address every single atom in around 1000 kg or so of biomass. That's a lot, but a far cry from being able to address every single atom in the universe.
Hope this helps clarify exactly how awesome IPv6 is;-)
As for getting rid of ports numbers -- bad idea. IP addresses should indicate network addresses, not single services, identifying machines. Also, port numbers is a question that is above IP itself, they are implemented by TCP and UDP.
Powerbooks have a small backup battery which is non-replaceable, which can be used to keep the computer in sleep mode for a minute or so, while the battery is swapped out.
Asterisk is a very flexible little piece of software, and I'm sure you can write a channel driver (or a channel driver already exists) which lets you roll your own telephone interface using a sound card and a parallell port.
Read more about it, and if you want to be geeky, Asterisk is *definitely* what you want to be playing with.
Your girlfriend probably want to subscribe to something like Vonage, SkypeOut, or some other Internet telephone provider. Sure, she'll have to pay for her calls, but it's definitely a lot less hassle than having to set up a gateway.
Plus, she gets her own phone number people can call her on, if she gets a service that does that.
On the more geeky side, if you want to be your girlfriend's telephone operator so you can give her free calls (I don't know, maybe that kind of thing turns you or her on), you definitely want to play around with Asterisk, the free open source PBX, and get an account with a tinkerer-friendly SIP provider. Using that setup, and a SIP softphone program on the computer, or a hardware SIP telephone adapter or SIP telephone, you can do pretty much anything you can imagine.
Don't bother trying to do anything clever with Skype though, it's not an open system, and you're a lot better off with an account from some kind of tinkerer-friendly SIP provider. Not living in the US, I can't give you any specific recommendations.
There are mice out there with trackball-like devices instead of a scroll wheel. The Apple Mighy Mouse among others does that, although all mice I've seen have placed the scroll-ball where the scroll wheel typically is.
Personally, I like two-finger scrolling on my Powerbook's trackpad.:-)
These private property - fotography laws aren't just to create draconian restrictions. Some part of the reasoning is to protect the privacy of people who believe they are on private property. By your argument, toilet cams should be acceptable. If I visit your home and say I'm going to use the restroom in the master bedroom, I should be able to drop a wireless X10 camera in the master bedroom to supervise you and your spouse reflecting light at my device.
... no.
There is a difference between covert photography and overt photography, just as there's a difference between peeking through the keyhole/window and being in the room overtly while wanting to supervise whatever... activity... you had in mind.
Okay, this post actually made a lot more sense than the points you raised in your previous post. I misunderstood what you said about the Windows firewall. I thought you were saying it was "too integrated" into the operating system, when you were in fact saying the opposite.
However, I must disagree about your idea of checking for access permissions at bind(), sendto() or connect() time. For sendto() and connect(), you'd pretty much have to check the routing table first to check which address the connection would be routed to. At that point, you're pretty much checking the routing table twice. Why not just let the IP stack do its job, and cheerfully let the packet jump through the hoops of passing the routing table, and just see where the packet ends up before filtering it instead of duplicating the logic? (And adding to the amount of things that might go wrong.)
Not to mention the possibility of race conditions that always occurs whenever you need to check something twice.
And then imagine the carnage if you want to do advanced rule-based routing.:-) (Rather, the carnage if Microsoft decides they want to add that feature later.)
As for bind(), the idea is a little more attractive. But it doesn't really add very much security compared to just firewalling the port (or indeed the entire application) off. (Because with a host-based firewall you can filter based on destination PID as well as port.) Either way, it boils down to trusting the operating system to keep your application safe. Better if the application gets to choose what to bind to itself, without adding more features to the operating system. Though I must say the feature sounds appealing on some level, I don't really think it's a good idea in the long run.
I guess what I'm saying is that I don't see the point of trying to predict what a packet will do and shooting it down before it even enters the IP stack, compared to checking for what's leaving the IP stack, and shooting down the packets once you know exactly what they're doing.
One thing I can agree with you on though, is that individual services should be configurable, by themselves, on what interfaces they will bind() themselves to.
Also, thanks for the tip about the -p flag to Linux netstat. Nice catch! I grepped the Mac OS X netstat man page, and didn't turn out anything equivalent. (But you can still use lsof, even if it's annoying.:-)
Finally, on some level I can agree with you about that you shouldn't have to worry about poorly-written applications. But practicality makes me reluctant to change things like that. Why break stuff if you can avoid it? Also, in the case of a wild pointer bug or stack corruption, the cause might not be completely obvious. It's a valid semi-assumption to make on a Windows, that an IP stack is installed. (Though not one I would make myself.)
Errm... who mentioned NAT? The thread was about firewalls: the complaint was made that a firewall needs configuration to allow the right protocols and the "solution" presented was to use UPnP (which is only 1 stage better than just shutting down the damned firewall)
If you actually read what the people in the thread says, it's clear their complaints are actually about NATrouters (personal Internet connection sharing devices), not about firewalls per se. Unfortunately, the NAT Router == Firewall terminology really confuses a lot of people.
A network-level firewall designed to maintain security would be stupid to implement UPnP. (At least stupid if it allowed every single whim of the user.) But that's not what a NAT router is for. UPnP is just meant to allow people get around restrictions that NATimposes on people by dynamically configuring port forwards.
A NAT router is not primarilly a security device -- a good NAT router will simply let multiple users share a single IP address and try to get the hell out of your way if you want to run peer-to-peer applications, like video conferencing, ip telephony, file sharing, or whatever.
Now I kind of understand how these are built by 3rd parties (since they can't directly modify the IP stack) but I don't understand why Microsoft (who _can_ hack the IP stack) produced a personal firewall.
Uhh. How does it make any difference what company makes a firewall? Code is code, no matter who writes it.
Also. Have you any idea how network code actually works? When I build network code (at least on Linux, Mac OS X, or any other similar OS -- and I can't imagine Winsock is that much different, considering the Winsock API is almost identical to Unix sockets) I don't actually have to "bind" to any specific interface in the first place. I just create a socket() -- not bound to any specific interface.
In the simplest case of me wanting to send a simple UDP packet (the process of creating a TCP stream is a bit more involved, but similar), I craft my packet and my destination address and send it to the stack using sendto(int s, const void *msg, size_t len, int flags, const struct sockaddr *to, socklen_t tolen). It is at this point that the IP stack will figure out using its routing table where to send the packet. So, there are basically two ways to stop malicious packets. At or after the IP stack, as is commonly done, and which you don't like for some strange reason, or you have to stop unauthorised applications from making *any* socket whatsoever (even if it's just for contacting localhost and doing some inter-process-communication). And you gain nothing from that, save some inconvenience.
By the way, as a secondary point, I could imagine a lot of poorly-written applications, assuming that you can just socket(), and get a socket without doing any form of error checking would simply fall over on startup (or later in the case of subtle memory corruption due to wild pointers, yay!), even if their main purpose has nothing to do with networking. (Say, for example, that they check for updates on start-up.) If it ain't broke, don't fix it!
Finally, putting the firewall in the operating system (or at least in cohorts with the operating system, hooking yourself in pretty much where Microsoft is hooking itself in anyway) is precisely the right course of action, because that makes it a lot easier to actually place adequate security restricitons in the right place, rather than patching up some of the more common "holes". Imagine the alternative, it'd be the IP equivalent of javascript anti-right-click scripts and bad third-party access restriction systems for Windows.
Whilest I agree that firewalls are a useful feature, I question the idea of treating them as a "first line" defense.
This time it's you who can't read what I write. I said that host-level firewalls are a *final* line of defense, not a *first* level. (Well, at least for incoming traffic,
A NAT router is not meant to be used as a firewall. It can be used as a line of obscurity, but that's about it.
You should really have a final line of defense in a host-level software firewall. This is actually more secure than any other firewall in some ways -- it's the only type of firewall that can filter connections application-by-application. Malware can easilly phone home by masquerading their evil data inside a HTTP request, which pretty much no firewall can protect against unless you want to whitelist every single host you want to browse to.
(Sure, host-level firewalls are pretty worthless if your operating system is configured so that any malware application can just overpower the firewall because the malware has root access.)
I remember calculating at one point that if you gave every atom in your body an IPv6 address, and everybody else in the world did the same, you'd only use around 10% of the address space out there.
Actually, let's see if I can do some quick back-of-the-envelope calculations for that.
Let's see. There are 2^128 = 3.40E+38 ipv4 addresses out there, and approximately 6E+9 people in the world. Leaving you 5.67E+28 addresses per person, allowing you to address 5.67E+28 / 6.02E+23 = 94,200 mol. Now, assuming an atomic weight of approximately 8 gram/mol. (Pulled out of my ass, but it's probably close to reality, considering carbon is around 12 gram/mol, compensating for all the hydrogen in organic chemistry.) Assuming 8 gram/mol, you get 94,200 * 8 = 754 kg +- a healthy margin of error.
So... seems I remembered correctly. Assuming an average atomic weight of 8 gram/mol (for typical biomass) every person on earth can get enough adresses to address every single atom in a block of biomass the mass of a typical automobile.
So, I don't think IPv6 will run out of addresses soon, if reasonably intelligently managed.:-) (No giving out 1/256's of the available address space to large corporations or universities.:-)
You want to shoot planes down? Using prior art?! That's clearly terrorist talk!
I must contact the glorious President Bush of the United States of America at once to make the use of prior art illegal to protect the children from those patent terrorists.
Slashdot Mirror
It's very unlikely that this is actually possible.
Technically, I guess you *could* make a phone capable of doing both 3G and GSM, and cripple the 3G part. The K610i, for example, has a memory option allowing you to disable 3G if you want to. (It improves talk time, apparently.)
And I guess, with today's technology involved in software defined radio, you could make a radio module that could be upgraded to 3G through pure software. However, this strikes me as very unlikely, as far as I know, this isn't the technology used in modern cell phones.
There is, after all, a reason why 3G phones tend to be larger than their GSM counterparts so far. For example, the Motorola RAZR v3x, which has 3G support, contrasted with the Motorola RAZR v3, is thicker, despite being basically the same phone as far as I'm aware.
I don't see why Apple would go with putting a radio in there, which could run 3G, and then not actually run 3G on it. They could have chosen a smaller and cheaper radio to start with, or they should have just announced it with to start with.
Then again, what do I know. I haven't seen any pages dissecting the iPhone, mainly because it doesn't exist yet. Maybe they have done what I think is very improbable. Or maybe it's just Apple being Apple, exceeding user expectations.
If the iPhone were a simple software upgrade away from doing 3G, it would definitely need FCC approval to operate on those frequencies and that mode. For that reason, if the iPhone is only a software update away from supporting 3G, and Apple is actively seeking FCC approval for that possibility, we'll hear about it very soon.
All we have on that page is an unlikely rumor, that doesn't stand up to scrutiny of common sense. But hey, then again, a while back the day before Apple announced their switch to Intel, up until the minute I heard it from Apple themselves, I believed the Intel switch to be yet another crazy apple rumor. I might be wrong again, on this count, but I doubt it.
Eventually, we will see an iPhone with 3G in it. That i'm certain of. Crippling a device like that at EDGE speeds is just plain stupid. I just don't think it'll be a mere software update away, though.
I don't know how it works in the US, but in Sweden, pagers are most often actually receive-only devices. Every single time somebody in Sweden is paged, that page is sent to every single pager tower transmitter in the country, and broadcast out a few times.
The way the pager knows if it has missed any pages is because there's a rolling sequence number on the pages, and if one is missed, it knows a page has been missed.
This leads me to think that people who are paranoid of being tracked through cell phones should just go get themselves a one-way pager, and turn on their cell phone only to make a call or return a page -- or just return the call using some other phone that happens to be around.
Incidentally, I wonder how two-way pagers work. Do they keep themselves associated to a certain tower, or do they receive the same way one-way pagers do, activating a transmitter only to send pages?
If you want to get really technical, I guess it's possible to track you by checking for the stray RF from your pager's radio receiver, but it's bound to be very impractical -- even much less practical than using the emissions from a Nike+iPod device to track you -- given the very low level of emissions.
Your Japanese may be fine, but your English sucks. "How do you do" is not the same as "how are you". :-)
;-)
"O-genki desu ka" (literally, "are you healthy?") is closer to "how are you?" than to "how do you do".
As for a translation of "hajimemashite" (roughly literally, "we have begun"), "nice to meet you" and "how do you do" are, at least in my opinion, equally close as translations to English idioms.
Disclaimer: English is my second language, and I'm just starting to learn Japanese.
I RTFA, and it seems they're not actually extracting the chemical energy from the sewage -- rather, they're just installing a heat pump to exploit the temperature differential between the sewage and the ground.
...
Now, using a heat pump might be rather novel in itself -- but extracting energy from sewage is nothing new. We've been doing this in Sweden for quite some time now -- except chemically. Here's a random link with some information about one such installation
The resulting biogas is used to replace natural gas in different applications, and we have for quite some time had Bi-Fuel vehicles that can run compressed biogas as well as gasoline, that enjoy certain tax benifits. Also, I seem to remember that a new residential area in Stockholm, Hammarby Sjöstad, is getting a biogas system for heating (and maybe for cooking, I can't remember)...
Either way. Extracting energy from sewage is not a new idea. Extracting heat energy from sewage using a heat pump might be a novel idea, but it's not really any new exciting technology, just a rather clever application of existing technology. Calling it "turning sewer waste to energy" is inaccurate, because the actual sewer waste isn't consumed when you do just, you just cool it down.
If that's the most secure way you can think of, you're obviously not a cryptographer. :-)
:-)
I'm definitely not a cryptographer myself, but from what I've heard, the Diffie-Hellman key exchange would be ideal for exactly this purpose.
I only know how it works vaguely, by analogy. The premise is that, if you want to send a key to a friend over an untrusted postal system, you'd put the key inside a box. You'd then lock the box by hanging on a padlock with a key only you have. You'd then send it to your friend, who would then proceed to hang another padlock on the box, meaning the box is still locked but with two keys. He would then send it back to you, and you'd then remove your padlock, and finally send it back to your friend who would remove his own padlock and get the key. Now, replace any references to locking with encryption, and you have the essence of a D-H Key Exchange. (Or so I have been told...)
Sure, a pure D-H key exchange can still be defeated by a man-in-the-middle attack, (imagine a guy in the middle pretending to be both you and your friend, performing seperate exchanges with you and your friend...) but that's not really the biggest problem. The biggest problem is that the Secure Easy Setup, as described, will allow any clients within a certain timeframe to perform a key exchange. If that's how it works, you have bigger problems in your security architecture to worry about than a theoretical man-in-the-middle attack.
The main factor here is convenience. It is no less convenient to buy a pirated DVD at a market in China, then to buy a legitimate one. Also, from what I've heard, even most mainstream stores carry pirate copies. There is negligble value added to the commercial DVD, because it's neither more convenient to purchase, nor better than the bootleg in any meaningful way.
Why pay more for a DRM-laden "official" disc when you can pay less for a bootleg with no copy protection, if the convenience in doing so is the same?
The same thing applies to downloads on the Internet. Downloading a movie off bittorrent is pretty inconvenient, if you face it, compared to how convenient it *could* be if we get nice DRM-free services from the movie industry.
Either way, I don't think many copyright reform people believe in a complete elimination of the commercial copyright. One reasonable proposal for copyright reform would involve retaining exclusive copyright for commercial purposes for 5 years, and allowing unlimited copying for personal or non-profit use. This is the position the Swedish Pirate Party takes, for example.
Quite simply, you can't compete with a product that is cheaper than the real thing and just as good. But you can compete with free, if you add value beyond the actual movie itself, such as the convenience of downloading it. This is because those who sell bootlegs actually make money and have an incentive to be on the markets, making it convenient to buy their copies. There is no such incentive in a peer to peer network.
The Movie Industry could make a killing if they started competing with free by streaming movies. No, not the streaming kind where you need to stream it every time you watch it, but the kind where you download the movie and can watch it as it downloads. If the download speed is faster than the video data rate (quite reasonable with current residential broadband in Sweden), there is no concern for skipping, because the buffer just gets progressively larger. Would you pay 50 yuan / 50 kronor / $5 / 5 for the convenience of getting to watch the movie immediately without waiting for the download, and without messing with torrent sites? I just might if it were convenient enough and worked on my Mac.
pv2b
Member of the Swedish Pirate Party.
Not quite so many. How many atoms can IPv6 address? For purposes of a simple back-of-the envelope calculation for visualizing the mass required, imagine that the average atomic mass in biomass is 10 u, making biomass approximately 10 gram/mol. Now, you may disagree with this exact number, but it's definitely the right order of magnitude.
Now, you have 2^128 ~= 3.4E+38 addresses out there, and you have Avogadro's constant, 6.0E+23 which is the number of atoms in a mol.
If you want to address every atom with an IPv6 address, you can address a maximum of 3.4E+38 / 6.0E+23 mol = 5.7E+14 mol.
Given biomass at 10 gram/mol or 1E-2 kg/mol, that gives you the ability to address 5.7E+12 kg of carbon 12. A quite big amount of mass, but in no way unfathomable.
Especially not if you divide it by 6 billion, which is the approximate population of earth. 5.7E+12 / 6E+9 = 1000.
So, every person on earth could address every single atom in around 1000 kg or so of biomass. That's a lot, but a far cry from being able to address every single atom in the universe.
Hope this helps clarify exactly how awesome IPv6 is
As for getting rid of ports numbers -- bad idea. IP addresses should indicate network addresses, not single services, identifying machines. Also, port numbers is a question that is above IP itself, they are implemented by TCP and UDP.
I don't think you can actually be electrocuted by the low voltage (12 V) in a typical car battery.
:-)
A car battery can deliver a lot of current, but that doesn't do a lot of good if you want to electrocute someone.
You probably don't want to short circuit the battery though (remember what I said about high current capacity?
Oh. How I wish I had mod points for such posts like the parent. :-)
(For those that didn't quite get the parent: Consider that sin(0)^2 = 0 and cos(0)^2 = 1.
Powerbooks have a small backup battery which is non-replaceable, which can be used to keep the computer in sleep mode for a minute or so, while the battery is swapped out.
Asterisk is a very flexible little piece of software, and I'm sure you can write a channel driver (or a channel driver already exists) which lets you roll your own telephone interface using a sound card and a parallell port.
Read more about it, and if you want to be geeky, Asterisk is *definitely* what you want to be playing with.
Your girlfriend probably want to subscribe to something like Vonage, SkypeOut, or some other Internet telephone provider. Sure, she'll have to pay for her calls, but it's definitely a lot less hassle than having to set up a gateway.
Plus, she gets her own phone number people can call her on, if she gets a service that does that.
On the more geeky side, if you want to be your girlfriend's telephone operator so you can give her free calls (I don't know, maybe that kind of thing turns you or her on), you definitely want to play around with Asterisk, the free open source PBX, and get an account with a tinkerer-friendly SIP provider. Using that setup, and a SIP softphone program on the computer, or a hardware SIP telephone adapter or SIP telephone, you can do pretty much anything you can imagine.
Don't bother trying to do anything clever with Skype though, it's not an open system, and you're a lot better off with an account from some kind of tinkerer-friendly SIP provider. Not living in the US, I can't give you any specific recommendations.
Hope this helps.
There are mice out there with trackball-like devices instead of a scroll wheel. The Apple Mighy Mouse among others does that, although all mice I've seen have placed the scroll-ball where the scroll wheel typically is.
:-)
Personally, I like two-finger scrolling on my Powerbook's trackpad.
Yes. Verbose languages make programs much more readable. Which is why we're all coding in COBOL.
</sarcasm>
Challenge-response authentication involving knocking? Is this anything like one of those knock-knock jokes? :-)
There is a difference between covert photography and overt photography, just as there's a difference between peeking through the keyhole/window and being in the room overtly while wanting to supervise whatever... activity... you had in mind.
Okay, this post actually made a lot more sense than the points you raised in your previous post. I misunderstood what you said about the Windows firewall. I thought you were saying it was "too integrated" into the operating system, when you were in fact saying the opposite.
:-) (Rather, the carnage if Microsoft decides they want to add that feature later.)
:-)
However, I must disagree about your idea of checking for access permissions at bind(), sendto() or connect() time. For sendto() and connect(), you'd pretty much have to check the routing table first to check which address the connection would be routed to. At that point, you're pretty much checking the routing table twice. Why not just let the IP stack do its job, and cheerfully let the packet jump through the hoops of passing the routing table, and just see where the packet ends up before filtering it instead of duplicating the logic? (And adding to the amount of things that might go wrong.)
Not to mention the possibility of race conditions that always occurs whenever you need to check something twice.
And then imagine the carnage if you want to do advanced rule-based routing.
As for bind(), the idea is a little more attractive. But it doesn't really add very much security compared to just firewalling the port (or indeed the entire application) off. (Because with a host-based firewall you can filter based on destination PID as well as port.) Either way, it boils down to trusting the operating system to keep your application safe. Better if the application gets to choose what to bind to itself, without adding more features to the operating system. Though I must say the feature sounds appealing on some level, I don't really think it's a good idea in the long run.
I guess what I'm saying is that I don't see the point of trying to predict what a packet will do and shooting it down before it even enters the IP stack, compared to checking for what's leaving the IP stack, and shooting down the packets once you know exactly what they're doing.
One thing I can agree with you on though, is that individual services should be configurable, by themselves, on what interfaces they will bind() themselves to.
Also, thanks for the tip about the -p flag to Linux netstat. Nice catch! I grepped the Mac OS X netstat man page, and didn't turn out anything equivalent. (But you can still use lsof, even if it's annoying.
Finally, on some level I can agree with you about that you shouldn't have to worry about poorly-written applications. But practicality makes me reluctant to change things like that. Why break stuff if you can avoid it? Also, in the case of a wild pointer bug or stack corruption, the cause might not be completely obvious. It's a valid semi-assumption to make on a Windows, that an IP stack is installed. (Though not one I would make myself.)
If you actually read what the people in the thread says, it's clear their complaints are actually about NATrouters (personal Internet connection sharing devices), not about firewalls per se. Unfortunately, the NAT Router == Firewall terminology really confuses a lot of people.
A network-level firewall designed to maintain security would be stupid to implement UPnP. (At least stupid if it allowed every single whim of the user.) But that's not what a NAT router is for. UPnP is just meant to allow people get around restrictions that NATimposes on people by dynamically configuring port forwards.
A NAT router is not primarilly a security device -- a good NAT router will simply let multiple users share a single IP address and try to get the hell out of your way if you want to run peer-to-peer applications, like video conferencing, ip telephony, file sharing, or whatever.
Uhh. How does it make any difference what company makes a firewall? Code is code, no matter who writes it.
Also. Have you any idea how network code actually works? When I build network code (at least on Linux, Mac OS X, or any other similar OS -- and I can't imagine Winsock is that much different, considering the Winsock API is almost identical to Unix sockets) I don't actually have to "bind" to any specific interface in the first place. I just create a socket() -- not bound to any specific interface.
In the simplest case of me wanting to send a simple UDP packet (the process of creating a TCP stream is a bit more involved, but similar), I craft my packet and my destination address and send it to the stack using sendto(int s, const void *msg, size_t len, int flags, const struct sockaddr *to, socklen_t tolen). It is at this point that the IP stack will figure out using its routing table where to send the packet. So, there are basically two ways to stop malicious packets. At or after the IP stack, as is commonly done, and which you don't like for some strange reason, or you have to stop unauthorised applications from making *any* socket whatsoever (even if it's just for contacting localhost and doing some inter-process-communication). And you gain nothing from that, save some inconvenience.
By the way, as a secondary point, I could imagine a lot of poorly-written applications, assuming that you can just socket(), and get a socket without doing any form of error checking would simply fall over on startup (or later in the case of subtle memory corruption due to wild pointers, yay!), even if their main purpose has nothing to do with networking. (Say, for example, that they check for updates on start-up.) If it ain't broke, don't fix it!
Finally, putting the firewall in the operating system (or at least in cohorts with the operating system, hooking yourself in pretty much where Microsoft is hooking itself in anyway) is precisely the right course of action, because that makes it a lot easier to actually place adequate security restricitons in the right place, rather than patching up some of the more common "holes". Imagine the alternative, it'd be the IP equivalent of javascript anti-right-click scripts and bad third-party access restriction systems for Windows.
This time it's you who can't read what I write. I said that host-level firewalls are a *final* line of defense, not a *first* level. (Well, at least for incoming traffic,
A NAT router is not meant to be used as a firewall. It can be used as a line of obscurity, but that's about it.
You should really have a final line of defense in a host-level software firewall. This is actually more secure than any other firewall in some ways -- it's the only type of firewall that can filter connections application-by-application. Malware can easilly phone home by masquerading their evil data inside a HTTP request, which pretty much no firewall can protect against unless you want to whitelist every single host you want to browse to.
(Sure, host-level firewalls are pretty worthless if your operating system is configured so that any malware application can just overpower the firewall because the malware has root access.)
I remember calculating at one point that if you gave every atom in your body an IPv6 address, and everybody else in the world did the same, you'd only use around 10% of the address space out there.
:-) (No giving out 1/256's of the available address space to large corporations or universities. :-)
Actually, let's see if I can do some quick back-of-the-envelope calculations for that.
Let's see. There are 2^128 = 3.40E+38 ipv4 addresses out there, and approximately 6E+9 people in the world. Leaving you 5.67E+28 addresses per person, allowing you to address 5.67E+28 / 6.02E+23 = 94,200 mol. Now, assuming an atomic weight of approximately 8 gram/mol. (Pulled out of my ass, but it's probably close to reality, considering carbon is around 12 gram/mol, compensating for all the hydrogen in organic chemistry.) Assuming 8 gram/mol, you get 94,200 * 8 = 754 kg +- a healthy margin of error.
So... seems I remembered correctly. Assuming an average atomic weight of 8 gram/mol (for typical biomass) every person on earth can get enough adresses to address every single atom in a block of biomass the mass of a typical automobile.
So, I don't think IPv6 will run out of addresses soon, if reasonably intelligently managed.
You want to shoot planes down? Using prior art?! That's clearly terrorist talk!
I must contact the glorious President Bush of the United States of America at once to make the use of prior art illegal to protect the children from those patent terrorists.