With real (IPv6) routing, I now have to install firewalls on all of my systems and maintain them individually.
That's not true at all. Conceptually, NAT is similar to a default-deny firewall. Why not just enabled one of those at the same place your NAT would have been running? Make a firewall ruleset like:
allow all from $internal_if to $external_if;
allow tcp to $web_server port http, https;
allow tcp to $mail_server port smtp;
allow tcp,udp to $dns_server port domain;
...
deny from all;
...and so on. The above is almost exactly what a NAT setup would look like except that it lacks the actual redirects.
NAT offers no additional security beyond that of a stateful firewall. In either case, an incoming address:port combo corresponds to a specific port on an internal machine.
However: even simple typos like foo.baar()// should be one a only...
get compiled by dynamic languages and lead to an runtime error: method baar() not found! I make such typos in the hundrets a day, if I was forced to use languages like python I would hang myself.
In Emacs, I have F1 bound to (pylint), which scans my program for all sorts of errors, including those. It's not perfect and I often end up disabling some of its warnings - "yes, I know this block looks odd, but I know what I'm doing and I meant it to be that way" - but it's very good at what it does. Consider that running pylint isn't inherently different from running javac and looking for warning and errors.
Radio is cool. It's completely free and I can find really good music on it.
Where do you live? We have 4 ClearChannel country, 2 ClearChannel classic rock, and 2 ClearChannel greatest hits of yesterday and today stations. I have a Sirius subscription, but they keep jacking the prices and I'm letting it lapse. Guess I'll be surfing Pandora to find new music from now on.
Do you wonder why the same chiro treatment costs $50 without insurance, but they bill the insurance provider $165 for it?
I can't speak for everyone, but I know why we bill that way: because the insurance companies will pay a set percentage of the "reasonable and customary" charge for each procedure performed. If that currently happens to be 30%, then a $50 procedure gets billed at $165 so that it actually gets reimbursed at $50. If notice comes down that the new rate is 25%, then expect that to go to $200 overnight. There's also the need to periodically raise rates above the reasonable and customer charge to pull the average upward. If everyone starts billing $200 for the $165 procedure, then insurance will only "allow" $165 at first and will reject the extra $35. After a few years, they'll adjust the allowance to some multiple of the new rate.
Yes, it's horribly screwed up. That's still better than travesties like Medicaid that often reimburses for procedures at less than the cost of the supplies needed to perform them. Yes, you read that right. There are certain billing codes that Medicaid pays at about 5 to 10 percent of what insurance would. It's hard to make up profits with volume when you are literally, tangibly losing money on each treatment. That's why almost no doctors will see new Medicaid patients without a referral from a colleague. Every doctor I know does a lot of free/charity work, but you have to save some time for paying patients if you want to keep the doors open.
Every time something on IPv6 comes out, there's a thundering herd of people who've never used it but are certain that it's awful and won't ever work. What's wrong with you people? Do you feel threatened because you're used to being the networking expert among your clique and don't want to lose that reputation? If not that, then what is it that's making you sneer at a cool new technology without even trying it first?
I'm not addressing people who tried to make IPv6 work but had problems along the way, or who otherwise had bad experiences with it. That's totally understandable and I'm not going to tell such a person that they're wrong. I am talking directly to the people who've read old articles talking about why it won't work, or who are trotting out the same tired, invalid reasons to dislike it.
Here's what you need to know about IPv6:
It's here and working today, and a lot of people are starting to adopt it.
You can run IPv4 and IPv6 on the same network and machines. I don't know of any IPv6 implementation that can't run alongside IPv4.
DNS works perfectly fine for IPv6. I have a long address on my machines at home and work, but ever have to manually type them anywhere after adding them to DNS.
If you enable IPv6 alongside IPv4 and try to connect to another host, and that host has an IPv6 DNS record, then your machine will try to connect to that address and then fall back to IPv4 if that fails. If it doesn't have an IPv6 DNS record, then you'll connect via IPv4. There's no penalty for enabling it.
NAT sucks. It might seem like a reasonable idea until you're reminded how nice it is not to have to mess with it, then you'll come to loathe it.
There are plenty of good, free, reliable IPv6 tunnels available. I use Hurricane Electric, but there are lots of others to choose from.
All modern OSes support IPv6 out of the box.
Many/most consumer routers do not support IPv6 natively (although you can still tunnel through those routers from your Linux or Windows or Mac server or desktop). Some do, though, and an Airport Extreme is still a consumer product even if it's more expensive than some of the others.
I think that about covers it. There's no reason to be afraid of IPv6. If you haven't tried it, give it a shot before bragging about how smart you are for recognizing that it can't work. Again, if you've tried it and had problems, I can understand why you're leery of the idea. If you haven't at least used a free tunnel to see what IPv6 is like, though, then you don't have a lot of room to comment on the subject.
Instead at the current situation you have to figure out how and were to get an IPv6 address,
If they're using an IPv6-enabled ISP, that's a non-event. It really does Just Work.
and either keep an IPv4 as well (and switch between the two as the situation demands) or work out how you are going to talk to the 90+% of the world that doesn't have an IPv6 address.
Why wouldn't you keep both, out of curiosity? Almost every machine on our corporate LAN uses both protocols. I enable it on the router and the various servers and workstations just started using it without any additional configuration.
Either of those require extra work, for every person trying to connect to the network.
Comcast ISP, by the way, does not support IPv6. If IPv6 is here and working today, I should be able to use it. How do I do that?
Switch to an ISP that provides IPv6 (you're surprised that Comcast is behind the times?), or spent 5 minutes enabling an IPv6 tunnel to someone like Hurricane Electric from your Linux box.
You're mostly right, and the other posters are also correct that removing the need for fueling would save a lot of hassle, but it's still not perfect.
MREs aren't magic. You still have to get them from somewhere. The military also takes morale somewhat seriously; a crew that's been eating chicken a la king for 9 months straight isn't going to operate as well as they could. You also wouldn't believe how cranky people get when the mail doesn't come on a regular basis.
Sometimes you have to add personnel for various reasons, both mundane and grim.
You'd be surprised at the things you run out of, from perishable medical supplies to massive parts for a ship's powertrain. We had to make an unscheduled detour to Pearl Harbor because the ship blew out a drive shaft bearing.
So yeah, this would go a long way to cutting down on the size of replenishment convoys and having to cart around megagallons of diesel and jet fuel (neither of which being very explosive, BTW).
until consumer routers support IPv6 it's a dead protocol
Then it must be doing pretty well, since Apple's Airport Extreme router has it enabled by default and even configures a working tunnel for you. Cue grumbling about "but other routers don't!" in 3... 2... 1...
Umm, about what? He trots out a bunch of hypothetical problems that people have been cheerfully ignoring because they don't manifest in reality. IPv6 is here and working today, even if Dan didn't want to believe it possible.
Oh, perhaps to crush a government sitting on top of oil or other resources deemed indispensible by the American War Machine and its nutty consumerist inhabitants? And why would they bomb one of these nations to flinders? Because it would work against the export land model, freeing up oil to the market that the USA can then steal to keep the suburbs expanding and the war machine rolling...
So, how much oil did we steal from Iraq? Where do I sign up to get my free "occupancy fuel"?
Your nuclear-powered carrier fleet is on patrol in a war zone. Resupply convoys are a risky business.
Note that supply convoys also carry things like food, supplies, and personnel. When my ship was being UNREPed, refueling was only one (albeit huge) part of the operation.
That's not to say that a really great ASM programmer wouldn't do better than VCL, but he would have to work much much harder. You'd have to [...]
...start from scratch when someone rolls out a different chip design that obsoletes all your assumptions or when you learn a new optimization technique. I'd much rather write at a higher level and let new versions of the compiler handle updated architectures, and automatically adjust all my old code whenever their optimizers improve.
I've got a Sony Wega that has a brighter, sharper image than any TV I've seen since. It's not HD, true, but it still looks beautiful. Throw on an anamorphic DVD and put the TV into the mode where it compresses the same number of scan lines into a smaller vertical patch on the screen and there's nothing better. Why would I want to downgrade?
You want to call a lady a "skanky ho," try to damage her reputation, and then hide like a coward, you are a Cad.
Being a cad isn't illegal. How much weight does the public put into name-calling from anonymous hecklers? Practically none. If anything, I'd say that it would carry more authority if the poster had actually signed his name to it, because then a named individual would be signing his name to the fifth-grade insults.
I don't care who you are; someone on the Internet doesn't like you. What can suing them do other than to give their opinions a vastly larger audience?
If people haven't figure out by now that posting private information to the Internet isn't a good idea, then this probably won't hurt them any more than any of the other goofy things they're likely to do.
What about if you linked to your private pictures?
What are you doing with those links? If you're sending them via email, why not send the whole link? If you're posting them to Twitter or Facebook, then they're effectively public anyway and anyone could see your private pictures just by clinking the shortened links. It's not like they're password protected.
Help me understand this. What's a plausible use case where a shortened URL could potentially increase privacy?
When I use tinyurl and such I kind of can know that all the destination urls wont be open data to everyone. Yeah, I know you shouldn't paste personals url via other sites, but people still do. Some privacy, please?
Read it? Great! Now show me where it said they won't display a list of links to anyone who asks.
Think about this for a minute. What information could anyone glean from knowing that a particular URL has been mapped, especially since you don't have to use an account to create the shortened URL so there's no way of showing who originally created it? Also, given that a given shortened URL is trivially resolvable to the original address, what privacy did you incorrectly think it was granting you?
With real (IPv6) routing, I now have to install firewalls on all of my systems and maintain them individually.
That's not true at all. Conceptually, NAT is similar to a default-deny firewall. Why not just enabled one of those at the same place your NAT would have been running? Make a firewall ruleset like:
allow all from $internal_if to $external_if;
allow tcp to $web_server port http, https;
allow tcp to $mail_server port smtp;
allow tcp,udp to $dns_server port domain;
...
deny from all;
...and so on. The above is almost exactly what a NAT setup would look like except that it lacks the actual redirects.
NAT offers no additional security beyond that of a stateful firewall. In either case, an incoming address:port combo corresponds to a specific port on an internal machine.
However: even simple typos like foo.baar() // should be one a only ...
get compiled by dynamic languages and lead to an runtime error: method baar() not found! I make such typos in the hundrets a day, if I was forced to use languages like python I would hang myself.
In Emacs, I have F1 bound to (pylint), which scans my program for all sorts of errors, including those. It's not perfect and I often end up disabling some of its warnings - "yes, I know this block looks odd, but I know what I'm doing and I meant it to be that way" - but it's very good at what it does. Consider that running pylint isn't inherently different from running javac and looking for warning and errors.
If everyone loses money on Medicare, why do doctors accept the patients?
Medicaid. Similar name, different system.
Radio is cool. It's completely free and I can find really good music on it.
Where do you live? We have 4 ClearChannel country, 2 ClearChannel classic rock, and 2 ClearChannel greatest hits of yesterday and today stations. I have a Sirius subscription, but they keep jacking the prices and I'm letting it lapse. Guess I'll be surfing Pandora to find new music from now on.
It just doesn't solve any problem I (as a fairly tech savvy user) care about.
You are fascinatingly incurious.
Do you wonder why the same chiro treatment costs $50 without insurance, but they bill the insurance provider $165 for it?
I can't speak for everyone, but I know why we bill that way: because the insurance companies will pay a set percentage of the "reasonable and customary" charge for each procedure performed. If that currently happens to be 30%, then a $50 procedure gets billed at $165 so that it actually gets reimbursed at $50. If notice comes down that the new rate is 25%, then expect that to go to $200 overnight. There's also the need to periodically raise rates above the reasonable and customer charge to pull the average upward. If everyone starts billing $200 for the $165 procedure, then insurance will only "allow" $165 at first and will reject the extra $35. After a few years, they'll adjust the allowance to some multiple of the new rate.
Yes, it's horribly screwed up. That's still better than travesties like Medicaid that often reimburses for procedures at less than the cost of the supplies needed to perform them. Yes, you read that right. There are certain billing codes that Medicaid pays at about 5 to 10 percent of what insurance would. It's hard to make up profits with volume when you are literally, tangibly losing money on each treatment. That's why almost no doctors will see new Medicaid patients without a referral from a colleague. Every doctor I know does a lot of free/charity work, but you have to save some time for paying patients if you want to keep the doors open.
I have had one replaced, and it was the easiest thing I have ever done.
Unless your life in unimaginably suckish or you have severe OCD, I have a hard time believing that's the easiest thing you've ever done.
Every time something on IPv6 comes out, there's a thundering herd of people who've never used it but are certain that it's awful and won't ever work. What's wrong with you people? Do you feel threatened because you're used to being the networking expert among your clique and don't want to lose that reputation? If not that, then what is it that's making you sneer at a cool new technology without even trying it first?
I'm not addressing people who tried to make IPv6 work but had problems along the way, or who otherwise had bad experiences with it. That's totally understandable and I'm not going to tell such a person that they're wrong. I am talking directly to the people who've read old articles talking about why it won't work, or who are trotting out the same tired, invalid reasons to dislike it.
Here's what you need to know about IPv6:
I think that about covers it. There's no reason to be afraid of IPv6. If you haven't tried it, give it a shot before bragging about how smart you are for recognizing that it can't work. Again, if you've tried it and had problems, I can understand why you're leery of the idea. If you haven't at least used a free tunnel to see what IPv6 is like, though, then you don't have a lot of room to comment on the subject.
I have a hacked WRT-54G. You presume much.
Instead at the current situation you have to figure out how and were to get an IPv6 address,
If they're using an IPv6-enabled ISP, that's a non-event. It really does Just Work.
and either keep an IPv4 as well (and switch between the two as the situation demands) or work out how you are going to talk to the 90+% of the world that doesn't have an IPv6 address.
Why wouldn't you keep both, out of curiosity? Almost every machine on our corporate LAN uses both protocols. I enable it on the router and the various servers and workstations just started using it without any additional configuration.
Either of those require extra work, for every person trying to connect to the network.
Where "extra" approximates "no".
Comcast ISP, by the way, does not support IPv6. If IPv6 is here and working today, I should be able to use it. How do I do that?
Switch to an ISP that provides IPv6 (you're surprised that Comcast is behind the times?), or spent 5 minutes enabling an IPv6 tunnel to someone like Hurricane Electric from your Linux box.
You're mostly right, and the other posters are also correct that removing the need for fueling would save a lot of hassle, but it's still not perfect.
MREs aren't magic. You still have to get them from somewhere. The military also takes morale somewhat seriously; a crew that's been eating chicken a la king for 9 months straight isn't going to operate as well as they could. You also wouldn't believe how cranky people get when the mail doesn't come on a regular basis.
Sometimes you have to add personnel for various reasons, both mundane and grim.
You'd be surprised at the things you run out of, from perishable medical supplies to massive parts for a ship's powertrain. We had to make an unscheduled detour to Pearl Harbor because the ship blew out a drive shaft bearing.
So yeah, this would go a long way to cutting down on the size of replenishment convoys and having to cart around megagallons of diesel and jet fuel (neither of which being very explosive, BTW).
until consumer routers support IPv6 it's a dead protocol
Then it must be doing pretty well, since Apple's Airport Extreme router has it enabled by default and even configures a working tunnel for you. Cue grumbling about "but other routers don't!" in 3... 2... 1...
He is basically dead right.
Umm, about what? He trots out a bunch of hypothetical problems that people have been cheerfully ignoring because they don't manifest in reality. IPv6 is here and working today, even if Dan didn't want to believe it possible.
Oh, perhaps to crush a government sitting on top of oil or other resources deemed indispensible by the American War Machine and its nutty consumerist inhabitants? And why would they bomb one of these nations to flinders? Because it would work against the export land model, freeing up oil to the market that the USA can then steal to keep the suburbs expanding and the war machine rolling...
So, how much oil did we steal from Iraq? Where do I sign up to get my free "occupancy fuel"?
Your nuclear-powered carrier fleet is on patrol in a war zone. Resupply convoys are a risky business.
Note that supply convoys also carry things like food, supplies, and personnel. When my ship was being UNREPed, refueling was only one (albeit huge) part of the operation.
My father also helped organize the Chicago Firefighter strike of '78 ... we had hundreds of firemen in our house on any given night
Isn't that against code?
That's not to say that a really great ASM programmer wouldn't do better than VCL, but he would have to work much much harder. You'd have to [...]
...start from scratch when someone rolls out a different chip design that obsoletes all your assumptions or when you learn a new optimization technique. I'd much rather write at a higher level and let new versions of the compiler handle updated architectures, and automatically adjust all my old code whenever their optimizers improve.
But it doesn't say anywhere that they are planning to remove it. I highly doubt they are, since the cost of maintenance on leaving it there is zero.
When has Sony ever passed up a perfectly good chance to remind their customers of their rightful place in the food chain?
People still watch tube tvs?
I've got a Sony Wega that has a brighter, sharper image than any TV I've seen since. It's not HD, true, but it still looks beautiful. Throw on an anamorphic DVD and put the TV into the mode where it compresses the same number of scan lines into a smaller vertical patch on the screen and there's nothing better. Why would I want to downgrade?
You want to call a lady a "skanky ho," try to damage her reputation, and then hide like a coward, you are a Cad.
Being a cad isn't illegal. How much weight does the public put into name-calling from anonymous hecklers? Practically none. If anything, I'd say that it would carry more authority if the poster had actually signed his name to it, because then a named individual would be signing his name to the fifth-grade insults.
I don't care who you are; someone on the Internet doesn't like you. What can suing them do other than to give their opinions a vastly larger audience?
If people haven't figure out by now that posting private information to the Internet isn't a good idea, then this probably won't hurt them any more than any of the other goofy things they're likely to do.
Can't put one past you, can they.
What about if you linked to your private pictures?
What are you doing with those links? If you're sending them via email, why not send the whole link? If you're posting them to Twitter or Facebook, then they're effectively public anyway and anyone could see your private pictures just by clinking the shortened links. It's not like they're password protected.
Help me understand this. What's a plausible use case where a shortened URL could potentially increase privacy?
When I use tinyurl and such I kind of can know that all the destination urls wont be open data to everyone. Yeah, I know you shouldn't paste personals url via other sites, but people still do. Some privacy, please?
Go read Tiny URL's privacy policy. Go ahead, I'll still be here when you get back.
Read it? Great! Now show me where it said they won't display a list of links to anyone who asks.
Think about this for a minute. What information could anyone glean from knowing that a particular URL has been mapped, especially since you don't have to use an account to create the shortened URL so there's no way of showing who originally created it? Also, given that a given shortened URL is trivially resolvable to the original address, what privacy did you incorrectly think it was granting you?