1. You're misusing the term "pirate". In copyright law parlance, a copyright pirate is someone who reproduces a large number of exact copies for resale and commercial gain.
Thanks for mentioning this, Ray. I'm going to be linking to this article for a long time to come. I was always in the "it's not piracy!" camp up until I learned that people had been using "piracy" for "commercial copyright violation" since 1703 or so. Basically, we were the ones trying to redefine the language, not the *AA cartels.
Other studies have concluded that any other correlation between childhood cancers and powerlines were either statistical noise, or due to other factors such as the higher likelihood that the lines would be located near industrial residential areas.
I have a friend who's a radiologist. He's an extremely sharp guy and I've heard people say that he's really good at his job. And yet, he and his wife fought tooth and nail to try to keep a cell phone tower being put up a mile from their house because they didn't want to be irradiated.
Great guy, but the logical disconnect here almost drove me to drink.
When parents of my pediatric patients say they're skipping vaccines, they talk more about what they read on the Internet than what they see on television or read in the newspaper.
Our pediatrician in our last city was extremely popular and hard to get in with. We only managed it because his brother-in-law was a partner at my wife's practice. Before he'd accept new patients, he required their parents to attend an hour-long group session where he talked about his theories and how he ran his practice.
At one point, he asked parents to raise their hands if they were unwilling to have their children vaccinated. A few did so, and he told them that they should find another doctor. He'd done (and continued to follow) the research and was convinced that vaccines did much more good than harm, and that he would not treat a child without making sure they were appropriately immunized.
He also told us later that this weeded out the parents who would be fundamentally incompatible with his methods, because he was thoroughly science-based and wouldn't tolerate, for example, skipping necessary antibiotics for magnetic "therapy".
So after a couple of weeks soothing crying babies people tend to try feeding powder milk instead of breastfeeding - and voila, the spams ease out. But these spams -always- ease out after a couple of weeks. Scientifically proven, but you can't convince a parent with that argument.
It's not proven, because it's completely wrong. We have four kids, and our oldest son is very lactose intolerant to the point that he couldn't breast feed. From about the third week of his life to about 6 weeks later, every time he'd drink milk, he'd scream. I don't mean that he'd cry or get upset, but that he'd tense up and scream in agony while tears streamed down his cheeks. Upon his doctor's advice we tried switching him to lactose-free formula, and that instantly stopped his discomfort for a few days. When he started screaming again, the doctor suggested soy formula and it worked.
Three of our four kids thrived on breast milk. One did not. Your assertion that feeding problems will always resolve themselves is naive and not backed by any real-world experience.
If your daughter steps on a used needle in the sand at the beach, and catches HPV, and dies of cervical cancer, what have you achieved?
I'll give you a much more likely scenario: your daughter says no but her date won't stop. It's bad enough that she has to live with that, but now she has a fatal disease to go along with it.
My girls will be vaccinated, not only because of what they might do, but because of what others might.
it's not like there's a process that needs to be running in order for the device to filter traffic.
Right. It's not like the firewall reaches into the stream and removes packets that aren't allowed. Instead, all packets go into the firewall and only the allowed ones are passed on to the rest of the stack.
There will always be NAT so that people can represent themselves as a single entity and protect their work flow.
How do you mean?
Question: I have a IPv4 ISP and a NAT home lan. Is there any generic (as in non-distro dependent) method of setting up an IPv6 internal NAT?
Not that I'm aware of, but frankly, I've never gone looking for one (or known anyone who has).
How would you (or could you) overlay an IPv4 in the event you had internal hardware that couldn't handle IPv6?
Right now my little home router (WRT56G) offers IPv4 with DHCP and IPv6 with autoconf. Every device on my LAN that supports IPv6 automatically gets assigned an address when it joins the network. Honestly, I don't know what protocol I'm using unless I specifically pay attention. SSHing around hosts (or to the office) goes over IPv6, Jabber goes over IPv6, external websites go through a mix (with more supporting v6 as time goes on), and so on.
You don't manage network connectivity across VPN's and multiple sites.
And yet I do!
Changing the firewalls and VPN's and switches to support IPv6 is pretty expensive for a mid-sized business, and there's usually no cost justification for doing so until the old stuff is being replaced anyway.
Umm, I'm not sure exactly what you're replying to, but I never said otherwise.
Having said that, IPv6's built-in IPsec is a nice replacement for VPN stuff, and OpenBSD can pass a lot of traffic on inexpensive hardware. My company is relatively small but we've been able to start rolling out IPv6 with zero budget by enabling it on the router, then slowly enabling and testing services as we get around to it.
Years ago, when requesting a class C from ARIN, they practically handed it to you the instant you sent the request email. "ARIN, may I hav...", "SURE! Here it is!!!".
That's an understatement. I worked at an ISP with two netblock, each allocated from one of our upstreams, and decided to ask for our own assignment. I was charged with putting together the documentation packet and technical plan for demonstrating why we need an allocation. About a week after we mailed it out, we got confirmation of our new/19 (32 "/24" or "class C") blocks. At that time, we handled about 4,000 customers with perhaps 500 phone lines.
You mean the one that Psystar presumably used to install the OS. OK, I'm done with this because you're building up strawmen that I don't have the patience to knock down.
In the case of firewall, if the sofware fails because of an exploit, brute force or any other case which makes the firewall stop. The packets will go trought without any filters because the ips are routable.
I'm sure there is some firewall, somewhere, that fails to "default allow" but I've never seen one. If OpenBSD's "pf" fails, then it's probably because the entire machine is down and no longer passing any traffic at all.
I don't think you can use only one of the two solutions, but you cannot rely on filtering alone.
So if we (the US) finally convert over to IPV6 does that mean I won't have to mess with port forwarding in the router and the firewall and like 80 other programs just to be able to play a game online?
Yes, that's exactly what it means - assuming your firewall is configured to pass the traffic.
it'll kill me at work with all the proprietary horseshit we have deployed. Lot of people are going to drag their feet.
We're running dual-stack here at work. I'm phasing in IPv6 clients and services as they come available. I really, really recommend this approach; if some service isn't as IPv6-compliant as it claims, you just turn it off and drop back to IPv6 while you wait for the next version to come out.
This puts a lot less stress on network security than there should be in a business environment, and much less attention to what should or shouldn't be allowed through a local firewall, let alone a site firewall.
block all pass (22, 80) to 192.168.0.1 pass (25,143) to 192.168.0.2
The decision making process is identical. You've already decided which ports are which machines should be exposed, and that's the hard part! Once you're past that, the semantics of NAT and a "default deny" firewall are almost identical.
I wasn't talking about corporations alone, BTW. I have a BT setup like yours, with the router configged to forward one port to my desktop, one to my wife's, and one to my laptop. It works, but you have to admit that it's a pain in the butt. Wouldn't it be easier to say "pass in to port 6881" and be done with it? I loathe UPnP because it lets untrusted client programs create ad-hoc forwarding rules on the router, so a piece of random malware can open up its own publicly-visible listening port.
If you're going to have to migrate to a new protocol, whether it's IPv4+NAT+UPnP or IPv6, why not pick the better one, the one that's a superset of the other and doesn't add more complexity to the problem?
1. You're misusing the term "pirate". In copyright law parlance, a copyright pirate is someone who reproduces a large number of exact copies for resale and commercial gain.
Thanks for mentioning this, Ray. I'm going to be linking to this article for a long time to come. I was always in the "it's not piracy!" camp up until I learned that people had been using "piracy" for "commercial copyright violation" since 1703 or so. Basically, we were the ones trying to redefine the language, not the *AA cartels.
Other studies have concluded that any other correlation between childhood cancers and powerlines were either statistical noise, or due to other factors such as the higher likelihood that the lines would be located near industrial residential areas.
I have a friend who's a radiologist. He's an extremely sharp guy and I've heard people say that he's really good at his job. And yet, he and his wife fought tooth and nail to try to keep a cell phone tower being put up a mile from their house because they didn't want to be irradiated.
Great guy, but the logical disconnect here almost drove me to drink.
When parents of my pediatric patients say they're skipping vaccines, they talk more about what they read on the Internet than what they see on television or read in the newspaper.
Our pediatrician in our last city was extremely popular and hard to get in with. We only managed it because his brother-in-law was a partner at my wife's practice. Before he'd accept new patients, he required their parents to attend an hour-long group session where he talked about his theories and how he ran his practice.
At one point, he asked parents to raise their hands if they were unwilling to have their children vaccinated. A few did so, and he told them that they should find another doctor. He'd done (and continued to follow) the research and was convinced that vaccines did much more good than harm, and that he would not treat a child without making sure they were appropriately immunized.
He also told us later that this weeded out the parents who would be fundamentally incompatible with his methods, because he was thoroughly science-based and wouldn't tolerate, for example, skipping necessary antibiotics for magnetic "therapy".
I am allergic to beef
Um, what do you mean by "allergic"? I'm pretty sure that a true allergy to eating meat is incompatible with life.
So after a couple of weeks soothing crying babies people tend to try feeding powder milk instead of breastfeeding - and voila, the spams ease out. But these spams -always- ease out after a couple of weeks. Scientifically proven, but you can't convince a parent with that argument.
It's not proven, because it's completely wrong. We have four kids, and our oldest son is very lactose intolerant to the point that he couldn't breast feed. From about the third week of his life to about 6 weeks later, every time he'd drink milk, he'd scream. I don't mean that he'd cry or get upset, but that he'd tense up and scream in agony while tears streamed down his cheeks. Upon his doctor's advice we tried switching him to lactose-free formula, and that instantly stopped his discomfort for a few days. When he started screaming again, the doctor suggested soy formula and it worked.
Three of our four kids thrived on breast milk. One did not. Your assertion that feeding problems will always resolve themselves is naive and not backed by any real-world experience.
If your daughter steps on a used needle in the sand at the beach, and catches HPV, and dies of cervical cancer, what have you achieved?
I'll give you a much more likely scenario: your daughter says no but her date won't stop. It's bad enough that she has to live with that, but now she has a fatal disease to go along with it.
My girls will be vaccinated, not only because of what they might do, but because of what others might.
it's not like there's a process that needs to be running in order for the device to filter traffic.
Right. It's not like the firewall reaches into the stream and removes packets that aren't allowed. Instead, all packets go into the firewall and only the allowed ones are passed on to the rest of the stack.
You jest, but this is precisely what the shareholders will demand of the publishers.
What if shareholders sue them for irresponsibly losing sales because people are starting to learn the truth about DRM?
There will always be NAT so that people can represent themselves as a single entity and protect their work flow.
How do you mean?
Question: I have a IPv4 ISP and a NAT home lan. Is there any generic (as in non-distro dependent) method of setting up an IPv6 internal NAT?
Not that I'm aware of, but frankly, I've never gone looking for one (or known anyone who has).
How would you (or could you) overlay an IPv4 in the event you had internal hardware that couldn't handle IPv6?
Right now my little home router (WRT56G) offers IPv4 with DHCP and IPv6 with autoconf. Every device on my LAN that supports IPv6 automatically gets assigned an address when it joins the network. Honestly, I don't know what protocol I'm using unless I specifically pay attention. SSHing around hosts (or to the office) goes over IPv6, Jabber goes over IPv6, external websites go through a mix (with more supporting v6 as time goes on), and so on.
You don't manage network connectivity across VPN's and multiple sites.
And yet I do!
Changing the firewalls and VPN's and switches to support IPv6 is pretty expensive for a mid-sized business, and there's usually no cost justification for doing so until the old stuff is being replaced anyway.
Umm, I'm not sure exactly what you're replying to, but I never said otherwise.
Having said that, IPv6's built-in IPsec is a nice replacement for VPN stuff, and OpenBSD can pass a lot of traffic on inexpensive hardware. My company is relatively small but we've been able to start rolling out IPv6 with zero budget by enabling it on the router, then slowly enabling and testing services as we get around to it.
Years ago, when requesting a class C from ARIN, they practically handed it to you the instant you sent the request email. "ARIN, may I hav...", "SURE! Here it is!!!".
That's an understatement. I worked at an ISP with two netblock, each allocated from one of our upstreams, and decided to ask for our own assignment. I was charged with putting together the documentation packet and technical plan for demonstrating why we need an allocation. About a week after we mailed it out, we got confirmation of our new /19 (32 "/24" or "class C") blocks. At that time, we handled about 4,000 customers with perhaps 500 phone lines.
You mean the one that Psystar presumably used to install the OS. OK, I'm done with this because you're building up strawmen that I don't have the patience to knock down.
Considering IPv6 means the complete end of privacy and anonymity
How do you figure that?
In the case of firewall, if the sofware fails because of an exploit, brute force or any other case which makes the firewall stop. The packets will go trought without any filters because the ips are routable.
I'm sure there is some firewall, somewhere, that fails to "default allow" but I've never seen one. If OpenBSD's "pf" fails, then it's probably because the entire machine is down and no longer passing any traffic at all.
I don't think you can use only one of the two solutions, but you cannot rely on filtering alone.
Consider yourself corrected. :-)
You do know that RealVNC will connect out to you right?
How well does that work if you're also behind a NAT?
So if we (the US) finally convert over to IPV6 does that mean I won't have to mess with port forwarding in the router and the firewall and like 80 other programs just to be able to play a game online?
Yes, that's exactly what it means - assuming your firewall is configured to pass the traffic.
How the hell do they sell a original shrink-wrapped box after they installed the software?
I have no idea where you got that impression.
FWIW though, I know I need to dive into some reading material and a Lab.
Here's your lab. Get a connection up and running and start experimenting!
You won't hear me arguing.
Many people do not want IPv6 because getting set up for it will be expensive and time consuming.
Except it's not.
Remembering or just typing an IP will be much more of a bitch.
I haven't typed my IP since I added it to DNS.
And some people don't want machines to have publicly accessible IPs.
Then don't open the firewall.
I for one don't want my fucking toaster or condoms
I think (hope!) you didn't mean it that way.
to have IP addresses.
Then don't plug them into the LAN.
it'll kill me at work with all the proprietary horseshit we have deployed. Lot of people are going to drag their feet.
We're running dual-stack here at work. I'm phasing in IPv6 clients and services as they come available. I really, really recommend this approach; if some service isn't as IPv6-compliant as it claims, you just turn it off and drop back to IPv6 while you wait for the next version to come out.
So they do sell two copies for each they buy. Case closed.
Nope, just the one (and the "live" version that every relevant court case has affirmed does not count as it's the same copy but in usable form).
Look how much the US DoD is taking up.
That's the privilege of making something.
This puts a lot less stress on network security than there should be in a business environment, and much less attention to what should or shouldn't be allowed through a local firewall, let alone a site firewall.
I disagree. Say your current NAT setup is:
The firewall equivalent is:
The decision making process is identical. You've already decided which ports are which machines should be exposed, and that's the hard part! Once you're past that, the semantics of NAT and a "default deny" firewall are almost identical.
I wasn't talking about corporations alone, BTW. I have a BT setup like yours, with the router configged to forward one port to my desktop, one to my wife's, and one to my laptop. It works, but you have to admit that it's a pain in the butt. Wouldn't it be easier to say "pass in to port 6881" and be done with it? I loathe UPnP because it lets untrusted client programs create ad-hoc forwarding rules on the router, so a piece of random malware can open up its own publicly-visible listening port.
If you're going to have to migrate to a new protocol, whether it's IPv4+NAT+UPnP or IPv6, why not pick the better one, the one that's a superset of the other and doesn't add more complexity to the problem?