From what I've heard, many foreign purchasers have already begun to look at all U.S.-manufactured encryption technology with a much more skeptical eye as a result of what the NSA has done. That's too bad, because I suspect only a minority of products have been compromised this way
Not just encryption, but pretty much any US created technology... cloud services or anything else.
If the US has made their technology companies part of their spy apparatus, then who the hell would trust a US technology company? You simply can't.
So don't go all boo-hoo that people are looking at your products with some skepticism they can trust you when you created the situation in which they can't trust you.
Anybody outside of the US has no choice but to look at US technologies and ask "given that it's almost certain they're under the thumb of the NSA, what are my alternatives?"
You can't have it both ways. And you don't get to whine if people stop buying your products because they can't trust you anymore.
Well, the problem with duck(*) tape is you can't ever remove the adhesive.
It leaves a sticky gooey mess which pretty much can't be removed. It's got its uses, but not anywhere it ever has to come off.
(*) The original tape was duck tape, and used for waterproofing ammo boxes... it's not meant to be used for ducts, and it's a terrible application for it, or so I've been told by people who install furnaces. Not sure why it morphed into duct tape.
I don't think anybody is suggesting telesurgery is going to be the normal way of doing things, or that you would routinely outsource it.
But if you're in some remote place and need critical care, it makes sense. Oil rigs or other remote and dangerous places make sense.
AFAIK, this is real surgeons trying to solve real problems, not someone trying to come up with an outsourcing model.
But if you start bleeding out, the surgeon needs to respond as fast as he would if in the same room to fix it. And I think the whole point of TFA is, we're not quite there yet.
And just as important, I have a full OEM copy of Windows 8.1 Pro on my personal desktop. I paid for it, and I specifically bought the PC before Windows 10.
Being forced to an OS I don't want which spies on me is a non-starter. I have no interest in that shit. My usage patterns are none of Microsoft's damned business, no matter how entitled they feel to it.
So, at this point I'm forced to conclude that I will accept security updates, but in general I can no longer trust Microsoft to apply updates, and that "important" is just as likely to mean important to them. I'll trust my own security practices to keep me out of problems, but if Microsoft is going to lie to me about what updates are doing I can't trust them.
But letting them replace what I paid for with something I don't want? Not bloody happening. Over time I will likely have to invert my desktop to be primarily Linux, with Windows running in a VM.
Microsoft seems to think it's their computer. It's not. And Microsoft can shove Windows 10 up their own asses. They're sure as hell not shoving it up mine.
It may not cost you anything, but it sure as hell isn't free. I was cleaning up my in-law's PC the other week (which unfortunately had updated itself to Windows 10), and Microsoft had installed shit like Candy Crush Saga and a bunch of other stuff they had no idea what is was.
Microsoft doesn't seem to realize they're pissing off customers and likely to push more people away with this.
Stop acting like we need to you to tell us what to do with our own computers. And stop letting your bullshit marketing desire to show how many people have switched to Windows 10.
I really don't understand why Microsoft are being such aggressive assholes over this, especially with stuff like taking away choice for automatic updates. Because eventually they'll leave people with useless computers, and won't do a damned thing about it.
Right up until you meet the limits of what a low skilled person can do.
And then you can quickly get into uncharted territory which requires much more understanding.
Sure, that low skilled person can do "some", "many", or possibly even "most" of the tasks. And they can also drive you off a cliff through lack of understanding.
Anybody who has ever dealt with outsourced admins who can follow a script can tell you that when those people go outside of the script they will become utterly useless, if not outright dangerous.
And at that point, you're deeply screwed if there's not someone around who actually understands the rest of the stuff. It's not pretty to watch some noob with a little knowledge completely screw up a corporate environment.
You act like if we were still living in the times where you'd get fake taxis robbing you.
As opposed to the realUber and Lyft drivers who might do that or worse?
Btw, nothing prevent the "place where you live" to force Uber to have camera in their cars.
Are you an idiot or something? If Uber and its drivers contend they don't need a commercial license, commercial insurance, or otherwise comply with any other regulation around vehicles for hire... WTF would make you think they'd care about this regulation?
The entire business model of Uber is "we're not a cab company, so the rules don't apply".
You really think they'll ignore all of the other laws and follow that one? Why the hell would you think that? Uber has basically stated the rules don't apply to them and too bad. They would ignore that rule along with all of the other ones they have decreed they're not subject to.
Yeah, I always found coding (and especially debugging) required a level of intuition... precisely because it was more than just gluing pieces together.
I understand you don't want to rely too much on intuition, because it's hard to sound like anything other than voodoo, but sometimes the voodoo is still a real thing.
I worked with someone years ago who liked to go on about how everything should be abstracted and pretty/elegant according to whatever was popular that month. He read the books and magazines incessantly, and wouldn't shut up about them.
The problem is he often wrote shit code he couldn't maintain or debug because he'd abstracted things so much it was impossible for him to follow his own code, or know where to look when things went wrong. A small enhancement request left him squealing how the code wasn't designed to do that and he'd have to rebuild it. Meanwhile the rest of us went "so, all of that is in here, and if I just nudge this a little it's all done".
I'm sure he got better over time, but for someone who was so loudly a proponent of the latest language theories and methodologies, he never seemed to understand how his neat intellectual model in no way translated into maintainable, readable, or sometimes even useful code. But his insistence on following all of these things usually had the result of him making absolutely terrible design choices.
These frameworks and methodologies sound awesome on paper, but you can still use them to write complete garbage code which is brittle, inflexible, and often completely wrong for what you're trying to use it for.
Whereas the guys who learned to program and debug without the syntactic sugar and frameworks to build upon, those guys tended to have a bigger picture view of the pieces. Which means you can zero in on where you think it likely went sideways instead of staring blankly wondering why your monument to methodology is now a teetering mess you have no idea where to begin with when there's a problem.
And yet, there are literally millions of assholes like me who use Uber constantly, and would take a ride managed by Uber over a taxi any day.
Meh, I place no judgement on people who use the service. Some schmuck trying to save a couple of bucks is understandable, it doesn't make you an asshole.
Why we allow a corporation to claim a car for hire isn't a care for hire "because business model"... that I have no idea.
However, where I live, taxis -- in addition to being properly licensed and insured -- must also have a camera in their vehicle. The cab drivers fought it tooth and nail until one of their own was violently robbed. Which means unlike Uber, there's a record of a crime if your driver turns out to be a mugger or a rapist.
If you choose to get into a car with a random stranger, who isn't properly licensed or insured, that's your damned choice.
To me Uber is just a bootleg cab company claiming taxi regulations don't apply to them. So, I don't trust them and have no intention of rewarding them for it.
But get into a random car with a driver who has had no background check or otherwise complied with any of the laws which exist for my safety? No thanks.
Millenials drive less, not more than previous generations and so far interfaces for their phones to their cars doesnt seem to be enticing them to change that trend
Good, because enticing millenials to drive cars because there's a cell phone interface is an idiotic thing.
I recently spent a few days in a busy downtown walking around on snow covered sidewalks... I saw people stop dead in the sidewalk, or in a crosswalk, or in the door to a store... all so they could check their damned phones. I had to resist a fairly constant urge to give the people who just stopped dead in front of me a fairly hard shove out of my way.
I hadn't quite experienced just how many people stop in their tracks and put their phone up to their face without any concept of what's around them. Apparently I've been lucky enough to avoid being around this much.
The last thing we want is for people who have the attention span of a gnat driving cars with cell phone interfaces. They're dangerous enough as pedestrians. In control of a motor vehicle sounds like an awful idea.
Seeing some guy standing in the middle of a crosswalk texting after his light has turned says these are not people who should be driving.
No no no.. haven't you been paying attention to what Uber says?
Taxis are a commercial service, requiring a commercial license, a taxi license, proper insurance and liability.
This will be random people under no regulations driving you around for a fee.
See, due to the magical thinking of Uber, a car for hire through an app isn't anything like a taxi and isn't subject to regulations because they say so.
Nothing at all like a taxi.
I plan on starting a service called "nothing at all like a lawyer" where for a fee I will show up and defend you in court. Only I'll not know anything about the law, not be covered under any regulations, and bear no professional responsibility, so when your ass gets sent off to prison that's your damned problem.
I'm also thinking of buying a dremmel tool and branching out into the "nothing at all like a dentist" business. That's probably pretty lucrative too.
Of course, apparently the real money is in having the app which connects you to a "nothing at all like an X", take a cut, and pretend that you're not really just illegally plying a trade and ignoring the regulations around it. If you can convince enough suckers of this they'll throw billions of dollars at you, apparently.
Does this require that I trust a device isn't manufactured by a lazy, incompetent corporation who cares more about profits than security, and is really interested in collecting marketing and analytics data?
Because my entire point is that you pretty much have to assume you can't trust the internet at all, you can't trust the corporation who made the device, and you can't trust that any piece of software isn't actively hostile to your security.
Let's start with the premise there's not a single piece in the chain you can truly trust and assume that will never change, and then build in stuff which recognizes that fact. Don't graft something onto the protocol which may or may not be implemented properly
Anything else is ignoring every lesson about security we've learned in those 15 years -- including that the companies making this shit don't give a crap about either your privacy or your security, and therefore have to be assumed to have neither unless you force it on them.
There's no way I'm willing to believe I can put any trust in privacy extensions. I want a protocol which starts from the premise of "hell no I can't trust you fuckers, and I never will". Because that much more closely coincides with the reality of the internet.
Don't leave security in the hands of the guy who wanted to sell you an internet connected fridge. If you do, you're a complete idiot, because he doesn't give a crap about your security, and never will.
Pretty much every device with IPv6 has privacy extensions by default. Many it cannot be turned off.
So here's my problem with that statement: It assumes that I trust the maker of that device isn't lazy, incompetent, cheap, indifferent, or hasn't built in some back door. And, I'm sorry, but your user id is low enough that if you still put any trust the makers of consumer or even professional electronics, you simply haven't been paying enough attention.
Every week we see how the manufacturers of these devices are utterly incapable of actually doing these things correctly. Which means the only sane solution is to assume every single device has the most incompetent or non-existent level of security you can imagine, because it probably does.
Sorry, but any solution which assumes you can trust the company who made the device is a terrible idea.
When a company bears legal responsibility for crap security, I might change my mind. Until then, reality and experience tells me those privacy extensions in the device don't exist, or don't work. Because we pretty much see it weekly right here on Slashdot.
If you can't set up a rule which says "all of these machines may only communicate with these machines", then every piece of malware and spyware has free rein to send data outside of your network. If IPv6 can't do this, then IPv6 is missing some pretty serious concepts of proper security.
Defending against the broader internet and devices with crap security must be something built into the protocol. If it isn't, the protocol is defective.
Well, for many of us, the notion that everything has a unique address which can be known by anybody else seems idiotic.
Using internal 192.168.*.*, or the entire class A of 10.*.*.* means my internal IP address is not your damned business. It's an un-routable address to anything else. Which means in a lot of ways it's invisible -- you have no way of knowing the IP address of a given machine, and even if you did it wouldn't do you any good because there's no way to get there.
If you don't know information about what's behind the firewall, you can't exploit that information. NAT allows you to say "yes, there is a machine behind the firewall talking to you, but any specific information about that machine isn't for you to know because we don't trust you with that information".
Providing the same level of 'security' as NAT also includes some anonymity. You're not meant to know which machine you're talking to, and it isn't possible for that information to bleed out. Which means you don't have the ability to deduce information about it.
Having an outside entity know any information about your hosts and their IP addresses is just another vector to glean information and possibly act on it. You can't target a specific machine if you have no information about it from outside the firewall.
So, for me, if you start with the assumption that the internet is a dirty cesspool of actors which simply cannot be trusted and must be assumed to be hostile... then you start by denying as much information as you possibly can. And after many years around the internet, not assuming the internet is a dirty cesspool of bad actors is utterly idiotic, because it hasn't been true in a very long time.
IPv6 seems to have a rather naive and in-built assumption that the internet isn't full of hostile assholes, and the decision to say that NAT was unnecessary reinforces that. Anything which assumes there isn't a risk in allowing outside actors to glean information about your environment is naive, broken, and not going to work. Because you pretty much need to assume that every additional item of information someone else has is going to be exploited in some way.
If you need to rely on state-ful firewall rules to know what's allowed, you need to rely on the vendor to competently be able to handle all of these protocols and the like. And, quite frankly, time and time again we see plenty of reasons why we can't trust the vendors to competently do that.
This is one of the reasons a lot of organizations have looked at IPv6 and consistently said "no thanks, there's parts of this we really don't like".
If after 20 years IPv6 has 10% adoption, maybe it's time to start understanding why people don't want it instead of telling us everything is fine and we don't actually need NAT.
Not for tedious underwater work, of course, but for remotely groping
Well, subway groping jokes aside... it's all still the same old teledildonics. A glove which can be used to 'feel' remotely is half way to an internet handjob, subway or no.
As you point out, the killer application is almost always sex.
Don't trust that you aren't getting screwed in the deal. Don't trust that your security isn't being left up to some greedy asshole of an MBA. Don't trust that it isn't designed first and foremost for analytics and ads to make even more money for those greedy assholes.
Stop buying into this garbage, you don't need your damned phone to be able to control your lights.
Feel like you're getting screwed in the process? Don't play the game.
Millions of people every day go through their lives without needing a bloody app for this shit. Stop worshiping technology and realize just what this stuff is... marketing hype made by lazy, greedy idiots who don't give a crap about you.
Hey, if someone thinks me flashing the book cover of my old copies of Tom Clancy or an Isaac Asimov means I'm signalling either virtue or status... then that person is a fucking moron.
I'm sorry, but I have never heard of this bullshit, and I don't give a fuck about what anybody else thinks about what I'm reading. While I'm sure society will always have some proportion of shallow, vain idiots whose life is dependent on being seen doing stuff.. I still think the vast majority of people reading actual books aren't doing it to signal status.
That guy in the corner with the cover folder around a beat up paperback? He doesn't give a crap what you think of what he's reading.
Pretentious college students? Maybe. Real grown ups reading books for pleasure? No bloody way.
Because many of us like paper books, and we can tell the publishers to fuck off and go to hell when they try to tell us what the license for the book says we can and can't do.
When I'm doing leisure reading, I don't want some damned screen... I want to sit in a comfy chair, in an idea world near a pool with a mojito, and if a little water (or rum) gets on my paperback book, who cares? I sure don't want some fragile digital device which needs to be coddled and recharged.
I tried e-Books for a while, and while they have a small amount of places where I like to use them, in general many many people still prefer the tactile feel of a book, and don't want to have our eyes constantly facing a screen. The most avid readers I know have eBooks, but still mostly read off paper.
Used book stores are making a comeback because people are asking themselves "why a I reading this on a digital screen where I need to ask permission if I can turn the damned page?" You buy a physical book, and you own it... you buy a digital book and some asshole lawyer will tell you the terms and conditions. And that lawyer can cram his terms and conditions up his ass.
It may surprise you to know that not all of us wish our entire lives to be spent at the altar of technology, and when we disconnect and take downtime, the last thing we want is some stupid computer screen to have to interact with.
You should try it some time. There's a whole world out there which isn't controlled by a touchscreen or a mouse.
Asset forfeiture has become a program by which law enforcement can shake down citizens without and evidentiary standard, and steal that money for their own departments.
I'm sorry, but can you trust law enforcement when they profit from the misapplication of terrible laws?
For me, no way in hell... it became a license to steal money like a bunch of crooks. And like a bunch of crooks, they stole everything which wasn't nailed down.
I bet the sheer amount of money which has essentially been stolen by a bunch of thugs with badges is vast. I mean, why wouldn't they steal money from every schmuck they encountered if they could just make shit up and claim they suspected a crime.
You want to see how corruptable police are? Give them free reign to take money without a court to decide, and you'll see exactly what we have now... a fucking shakedown racket the mob would be proud of.
Slashdot Mirror
Not just encryption, but pretty much any US created technology ... cloud services or anything else.
If the US has made their technology companies part of their spy apparatus, then who the hell would trust a US technology company? You simply can't.
So don't go all boo-hoo that people are looking at your products with some skepticism they can trust you when you created the situation in which they can't trust you.
Anybody outside of the US has no choice but to look at US technologies and ask "given that it's almost certain they're under the thumb of the NSA, what are my alternatives?"
You can't have it both ways. And you don't get to whine if people stop buying your products because they can't trust you anymore.
Well, the problem with duck(*) tape is you can't ever remove the adhesive.
It leaves a sticky gooey mess which pretty much can't be removed. It's got its uses, but not anywhere it ever has to come off.
(*) The original tape was duck tape, and used for waterproofing ammo boxes ... it's not meant to be used for ducts, and it's a terrible application for it, or so I've been told by people who install furnaces. Not sure why it morphed into duct tape.
I don't think anybody is suggesting telesurgery is going to be the normal way of doing things, or that you would routinely outsource it.
But if you're in some remote place and need critical care, it makes sense. Oil rigs or other remote and dangerous places make sense.
AFAIK, this is real surgeons trying to solve real problems, not someone trying to come up with an outsourcing model.
But if you start bleeding out, the surgeon needs to respond as fast as he would if in the same room to fix it. And I think the whole point of TFA is, we're not quite there yet.
And just as important, I have a full OEM copy of Windows 8.1 Pro on my personal desktop. I paid for it, and I specifically bought the PC before Windows 10.
Being forced to an OS I don't want which spies on me is a non-starter. I have no interest in that shit. My usage patterns are none of Microsoft's damned business, no matter how entitled they feel to it.
So, at this point I'm forced to conclude that I will accept security updates, but in general I can no longer trust Microsoft to apply updates, and that "important" is just as likely to mean important to them. I'll trust my own security practices to keep me out of problems, but if Microsoft is going to lie to me about what updates are doing I can't trust them.
But letting them replace what I paid for with something I don't want? Not bloody happening. Over time I will likely have to invert my desktop to be primarily Linux, with Windows running in a VM.
Microsoft seems to think it's their computer. It's not. And Microsoft can shove Windows 10 up their own asses. They're sure as hell not shoving it up mine.
It may not cost you anything, but it sure as hell isn't free. I was cleaning up my in-law's PC the other week (which unfortunately had updated itself to Windows 10), and Microsoft had installed shit like Candy Crush Saga and a bunch of other stuff they had no idea what is was.
Microsoft doesn't seem to realize they're pissing off customers and likely to push more people away with this.
Stop acting like we need to you to tell us what to do with our own computers. And stop letting your bullshit marketing desire to show how many people have switched to Windows 10.
I really don't understand why Microsoft are being such aggressive assholes over this, especially with stuff like taking away choice for automatic updates. Because eventually they'll leave people with useless computers, and won't do a damned thing about it.
The lawyers would sue!
I think I've seen some Dutch porn ... and I don't think anybody was condemning backdoors.
Thanks folks, I'm here all week. Tip your waitress.
Right up until you meet the limits of what a low skilled person can do.
And then you can quickly get into uncharted territory which requires much more understanding.
Sure, that low skilled person can do "some", "many", or possibly even "most" of the tasks. And they can also drive you off a cliff through lack of understanding.
Anybody who has ever dealt with outsourced admins who can follow a script can tell you that when those people go outside of the script they will become utterly useless, if not outright dangerous.
And at that point, you're deeply screwed if there's not someone around who actually understands the rest of the stuff. It's not pretty to watch some noob with a little knowledge completely screw up a corporate environment.
As opposed to the real Uber and Lyft drivers who might do that or worse?
Are you an idiot or something? If Uber and its drivers contend they don't need a commercial license, commercial insurance, or otherwise comply with any other regulation around vehicles for hire ... WTF would make you think they'd care about this regulation?
The entire business model of Uber is "we're not a cab company, so the rules don't apply".
You really think they'll ignore all of the other laws and follow that one? Why the hell would you think that? Uber has basically stated the rules don't apply to them and too bad. They would ignore that rule along with all of the other ones they have decreed they're not subject to.
Yeah, I always found coding (and especially debugging) required a level of intuition ... precisely because it was more than just gluing pieces together.
I understand you don't want to rely too much on intuition, because it's hard to sound like anything other than voodoo, but sometimes the voodoo is still a real thing.
I worked with someone years ago who liked to go on about how everything should be abstracted and pretty/elegant according to whatever was popular that month. He read the books and magazines incessantly, and wouldn't shut up about them.
The problem is he often wrote shit code he couldn't maintain or debug because he'd abstracted things so much it was impossible for him to follow his own code, or know where to look when things went wrong. A small enhancement request left him squealing how the code wasn't designed to do that and he'd have to rebuild it. Meanwhile the rest of us went "so, all of that is in here, and if I just nudge this a little it's all done".
I'm sure he got better over time, but for someone who was so loudly a proponent of the latest language theories and methodologies, he never seemed to understand how his neat intellectual model in no way translated into maintainable, readable, or sometimes even useful code. But his insistence on following all of these things usually had the result of him making absolutely terrible design choices.
These frameworks and methodologies sound awesome on paper, but you can still use them to write complete garbage code which is brittle, inflexible, and often completely wrong for what you're trying to use it for.
Whereas the guys who learned to program and debug without the syntactic sugar and frameworks to build upon, those guys tended to have a bigger picture view of the pieces. Which means you can zero in on where you think it likely went sideways instead of staring blankly wondering why your monument to methodology is now a teetering mess you have no idea where to begin with when there's a problem.
Meh, I place no judgement on people who use the service. Some schmuck trying to save a couple of bucks is understandable, it doesn't make you an asshole.
Why we allow a corporation to claim a car for hire isn't a care for hire "because business model" ... that I have no idea.
However, where I live, taxis -- in addition to being properly licensed and insured -- must also have a camera in their vehicle. The cab drivers fought it tooth and nail until one of their own was violently robbed. Which means unlike Uber, there's a record of a crime if your driver turns out to be a mugger or a rapist.
If you choose to get into a car with a random stranger, who isn't properly licensed or insured, that's your damned choice.
To me Uber is just a bootleg cab company claiming taxi regulations don't apply to them. So, I don't trust them and have no intention of rewarding them for it.
But get into a random car with a driver who has had no background check or otherwise complied with any of the laws which exist for my safety? No thanks.
Good, because enticing millenials to drive cars because there's a cell phone interface is an idiotic thing.
I recently spent a few days in a busy downtown walking around on snow covered sidewalks ... I saw people stop dead in the sidewalk, or in a crosswalk, or in the door to a store ... all so they could check their damned phones. I had to resist a fairly constant urge to give the people who just stopped dead in front of me a fairly hard shove out of my way.
I hadn't quite experienced just how many people stop in their tracks and put their phone up to their face without any concept of what's around them. Apparently I've been lucky enough to avoid being around this much.
The last thing we want is for people who have the attention span of a gnat driving cars with cell phone interfaces. They're dangerous enough as pedestrians. In control of a motor vehicle sounds like an awful idea.
Seeing some guy standing in the middle of a crosswalk texting after his light has turned says these are not people who should be driving.
But but ... my business model says I'm not covered by the regulations, if it works for Uber why not for anything else?
Or, gasp, maybe Uber is full of shit when they say such things?
No no no .. haven't you been paying attention to what Uber says?
Taxis are a commercial service, requiring a commercial license, a taxi license, proper insurance and liability.
This will be random people under no regulations driving you around for a fee.
See, due to the magical thinking of Uber, a car for hire through an app isn't anything like a taxi and isn't subject to regulations because they say so.
Nothing at all like a taxi.
I plan on starting a service called "nothing at all like a lawyer" where for a fee I will show up and defend you in court. Only I'll not know anything about the law, not be covered under any regulations, and bear no professional responsibility, so when your ass gets sent off to prison that's your damned problem.
I'm also thinking of buying a dremmel tool and branching out into the "nothing at all like a dentist" business. That's probably pretty lucrative too.
Of course, apparently the real money is in having the app which connects you to a "nothing at all like an X", take a cut, and pretend that you're not really just illegally plying a trade and ignoring the regulations around it. If you can convince enough suckers of this they'll throw billions of dollars at you, apparently.
Does this require that I trust a device isn't manufactured by a lazy, incompetent corporation who cares more about profits than security, and is really interested in collecting marketing and analytics data?
Because my entire point is that you pretty much have to assume you can't trust the internet at all, you can't trust the corporation who made the device, and you can't trust that any piece of software isn't actively hostile to your security.
Let's start with the premise there's not a single piece in the chain you can truly trust and assume that will never change, and then build in stuff which recognizes that fact. Don't graft something onto the protocol which may or may not be implemented properly
Anything else is ignoring every lesson about security we've learned in those 15 years -- including that the companies making this shit don't give a crap about either your privacy or your security, and therefore have to be assumed to have neither unless you force it on them.
There's no way I'm willing to believe I can put any trust in privacy extensions. I want a protocol which starts from the premise of "hell no I can't trust you fuckers, and I never will". Because that much more closely coincides with the reality of the internet.
Don't leave security in the hands of the guy who wanted to sell you an internet connected fridge. If you do, you're a complete idiot, because he doesn't give a crap about your security, and never will.
Privacy extensions my ass.
So here's my problem with that statement: It assumes that I trust the maker of that device isn't lazy, incompetent, cheap, indifferent, or hasn't built in some back door. And, I'm sorry, but your user id is low enough that if you still put any trust the makers of consumer or even professional electronics, you simply haven't been paying enough attention.
Every week we see how the manufacturers of these devices are utterly incapable of actually doing these things correctly. Which means the only sane solution is to assume every single device has the most incompetent or non-existent level of security you can imagine, because it probably does.
Sorry, but any solution which assumes you can trust the company who made the device is a terrible idea.
When a company bears legal responsibility for crap security, I might change my mind. Until then, reality and experience tells me those privacy extensions in the device don't exist, or don't work. Because we pretty much see it weekly right here on Slashdot.
If you can't set up a rule which says "all of these machines may only communicate with these machines", then every piece of malware and spyware has free rein to send data outside of your network. If IPv6 can't do this, then IPv6 is missing some pretty serious concepts of proper security.
Defending against the broader internet and devices with crap security must be something built into the protocol. If it isn't, the protocol is defective.
Well, for many of us, the notion that everything has a unique address which can be known by anybody else seems idiotic.
Using internal 192.168.*.*, or the entire class A of 10.*.*.* means my internal IP address is not your damned business. It's an un-routable address to anything else. Which means in a lot of ways it's invisible -- you have no way of knowing the IP address of a given machine, and even if you did it wouldn't do you any good because there's no way to get there.
If you don't know information about what's behind the firewall, you can't exploit that information. NAT allows you to say "yes, there is a machine behind the firewall talking to you, but any specific information about that machine isn't for you to know because we don't trust you with that information".
Providing the same level of 'security' as NAT also includes some anonymity. You're not meant to know which machine you're talking to, and it isn't possible for that information to bleed out. Which means you don't have the ability to deduce information about it.
Having an outside entity know any information about your hosts and their IP addresses is just another vector to glean information and possibly act on it. You can't target a specific machine if you have no information about it from outside the firewall.
So, for me, if you start with the assumption that the internet is a dirty cesspool of actors which simply cannot be trusted and must be assumed to be hostile ... then you start by denying as much information as you possibly can. And after many years around the internet, not assuming the internet is a dirty cesspool of bad actors is utterly idiotic, because it hasn't been true in a very long time.
IPv6 seems to have a rather naive and in-built assumption that the internet isn't full of hostile assholes, and the decision to say that NAT was unnecessary reinforces that. Anything which assumes there isn't a risk in allowing outside actors to glean information about your environment is naive, broken, and not going to work. Because you pretty much need to assume that every additional item of information someone else has is going to be exploited in some way.
If you need to rely on state-ful firewall rules to know what's allowed, you need to rely on the vendor to competently be able to handle all of these protocols and the like. And, quite frankly, time and time again we see plenty of reasons why we can't trust the vendors to competently do that.
This is one of the reasons a lot of organizations have looked at IPv6 and consistently said "no thanks, there's parts of this we really don't like".
If after 20 years IPv6 has 10% adoption, maybe it's time to start understanding why people don't want it instead of telling us everything is fine and we don't actually need NAT.
Well, subway groping jokes aside ... it's all still the same old teledildonics. A glove which can be used to 'feel' remotely is half way to an internet handjob, subway or no.
As you point out, the killer application is almost always sex.
Don't fucking buy this Internet of Things, crap.
Don't trust that you aren't getting screwed in the deal. Don't trust that your security isn't being left up to some greedy asshole of an MBA. Don't trust that it isn't designed first and foremost for analytics and ads to make even more money for those greedy assholes.
Stop buying into this garbage, you don't need your damned phone to be able to control your lights.
Feel like you're getting screwed in the process? Don't play the game.
Millions of people every day go through their lives without needing a bloody app for this shit. Stop worshiping technology and realize just what this stuff is ... marketing hype made by lazy, greedy idiots who don't give a crap about you.
Hey, if someone thinks me flashing the book cover of my old copies of Tom Clancy or an Isaac Asimov means I'm signalling either virtue or status ... then that person is a fucking moron.
I'm sorry, but I have never heard of this bullshit, and I don't give a fuck about what anybody else thinks about what I'm reading. While I'm sure society will always have some proportion of shallow, vain idiots whose life is dependent on being seen doing stuff .. I still think the vast majority of people reading actual books aren't doing it to signal status.
That guy in the corner with the cover folder around a beat up paperback? He doesn't give a crap what you think of what he's reading.
Pretentious college students? Maybe. Real grown ups reading books for pleasure? No bloody way.
Because many of us like paper books, and we can tell the publishers to fuck off and go to hell when they try to tell us what the license for the book says we can and can't do.
When I'm doing leisure reading, I don't want some damned screen ... I want to sit in a comfy chair, in an idea world near a pool with a mojito, and if a little water (or rum) gets on my paperback book, who cares? I sure don't want some fragile digital device which needs to be coddled and recharged.
I tried e-Books for a while, and while they have a small amount of places where I like to use them, in general many many people still prefer the tactile feel of a book, and don't want to have our eyes constantly facing a screen. The most avid readers I know have eBooks, but still mostly read off paper.
Used book stores are making a comeback because people are asking themselves "why a I reading this on a digital screen where I need to ask permission if I can turn the damned page?" You buy a physical book, and you own it ... you buy a digital book and some asshole lawyer will tell you the terms and conditions. And that lawyer can cram his terms and conditions up his ass.
It may surprise you to know that not all of us wish our entire lives to be spent at the altar of technology, and when we disconnect and take downtime, the last thing we want is some stupid computer screen to have to interact with.
You should try it some time. There's a whole world out there which isn't controlled by a touchscreen or a mouse.
Asset forfeiture has become a program by which law enforcement can shake down citizens without and evidentiary standard, and steal that money for their own departments.
I'm sorry, but can you trust law enforcement when they profit from the misapplication of terrible laws?
For me, no way in hell ... it became a license to steal money like a bunch of crooks. And like a bunch of crooks, they stole everything which wasn't nailed down.
I bet the sheer amount of money which has essentially been stolen by a bunch of thugs with badges is vast. I mean, why wouldn't they steal money from every schmuck they encountered if they could just make shit up and claim they suspected a crime.
You want to see how corruptable police are? Give them free reign to take money without a court to decide, and you'll see exactly what we have now ... a fucking shakedown racket the mob would be proud of.
Which, arguably, pretty much says "this is not and cannot ever be considered science because it's just shit you make up which can't be tested".
String theory has always had the ring of stuff people make up to sound cool at parties but which is otherwise completely meaningless drivel.
Color me surprised by this.
One wonders at the level of screeching outrage if suddenly other countries started blocking Americans with no explanation.
It might go something like "coming to America is a privilege, Americans travelling abroad is a right".
Oh, sorry, you plan on voting for Trump ... you are inadmissible to our country.
LOL .. you are all Republicows! Moo you damned Repulicows! Moo!
Unless they are wealthy, or corporations, or politicians. Those people all do it and get away with it.
It's the little guy like you and I who goes to prison for such things. That bank account in the Caymans? Well, we'll pretend that never happened.
By the time you're a CEO it's almost expected. The politicians, mostly being former CEOs, all do it as well I bet.