So, the solution is obvious. The "Wall Street Journal" (WSJ) has already implemented the solution: charge for news. The readership of the WSJ has declined little since the start of the Internet Age. Revenue has also been relatively stable.
Now, look at the "Los Angeles Times". Every bit of news and opinion at the "Times" is free. Why would anyone subscribe to the "Times" when she can get the news for free?
Bingo. I think you've also touched, indirectly, on the bigger issue: original content. If you don't have any original content, then you can't well charge admission! Papers that basically just re-run the same wire service reports as everyone else, can't adopt the WSJ's business model, because there are lots of other, cheaper (free) sources for the same thing.
What we are about to see, is a big contraction in the newspaper market. Honestly I don't think this is a bad thing. It's been a long time in coming. Most newspapers -- and I'm not talking about the LA Times here (I don't have a clue about them) -- have long been a 'news dissemination' service, and not a real 'news reporting' service. They don't really make any content themselves, beyond pretty basic local stuff that a smart highschool Junior could write up. Everything else is just wire service stuff. These are the papers that aren't going to make it, or are going to have to radically change shape in order to survive.
The Internet makes the dissemination of information relatively cheap and easy. What it doesn't do is change the cost of creating the material originally (well, in some cases it might, but not as dramatically as it affects the distribution side). If you're nothing but an information distributor, you're in trouble. But if you're an information creator, then you still have something you can market.
Everyone talks about newspapers going under, but you never hear anyone (seriously) talking about the AP or UPI going under. They're not going to, and neither are the big papers that actually do some serious reporting and content-creation -- although they might have to become more like wire services themselves, less "newspapers" and more 'information brokers' or 'content assemblers' (taking lots of raw data and presenting it in a format that people find pleasing and useful, and are incidentally willing to pay for).
There's no shortage of demand for news, and that means there's always going to be money for the people who are really in the core of the business. It's the ancillary stuff that's going to go down, and well it should.
Well, the dialog is "modal" within the context of the ASU application. It blocks the rest of ASU, and prevents you from doing anything else within it, until you respond.
It doesn't block the rest of the OS, or prevent you from switching to a different application, like old OS 9 modal dialogs did. (With the exception of a few special-case system messages, I don't think anything can do that anymore, thank god.) However, I still think it's appropriate to talk about a "modal dialog" within an application; i.e. it blocks you from working on the document / main window until you respond. Not that it's authoritative, but Wikipedia seems to also be OK with this description.
I didn't mean to imply that ASU blocked all user input, as OS 9 seemed to do from time to time, or Windows still does occasionally -- I'm firmly with you in saying that sucks. Furthermore I think that modality within applications also sucks, if the dialog blocks the user from accessing other documents besides the one the dialog is related to.
It really saves on worrying about a paycheck - I don't get one because I don't have a job. Believe me, the worthwhile stuff can be easily stolen from parked cars/unoccupied houses and I don't find myself on a Saturday afternoon watching what I'm drinking because I might be too hungover for work.
Doesn't work.
Seriously -- life as a criminal isn't nearly as good as a lot of people seem to believe it is. It's a tough way to make a living in anything but the very short run. Pretty much any way you could think of to make money via crime has (A) already been thought of and tried, and (B) is unsustainable. Either you can make a lot of money for a very short amount of time, and run a large risk of being caught and imprisoned, or you can only make small amounts of money. (There's an interesting study referenced in "Freakonomics" where the average salary of a street-level gang member is computed -- turns out it's less than flipping burgers at McD's.) If there were ways to make large amounts of money, quickly, with low risk, simply by being immoral or amoral, there'd be a line from New York to Kansas City to sign up.
It's just that on the whole, you can do a lot better for yourself, provided you're a reasonably intelligent person, in a legitimate occupation than you can dealing drugs or knocking over convenience stores, or stealing cars.
The reason the system works is because it's advantageous -- or at least perceived as advantageous -- to play by the rules in the long run.
In an NTSC television, the flyback transformer (a.k.a. line output transformer) is fed at 15.750kHz. That's well within the range of human hearing. I think that they tend to vibrate due to the air gap causing them to vibrate.
She must have hit the dialog without realizing it...by default, Apple Software Update won't auto-restart, and I don't think there's any way to even enable that behavior.
By default, this is how it works: * ASU puts up dialog showing list of installable updates; they're checked by default. Ones with restart required are marked. * User unchecks items they don't want, presses "Install" or hits Return. * ASU downloads and installs software. At end, flashes its own icon in the Dock as notification. * User returns to ASU; if an update requiring restart has been installed, a modal dialog is displayed saying "The new software requires that you restart your computer..." with options "Shut Down" and "Restart." Default is 'Restart,' if user presses Return. (However, the dialog is modal only within the ASU application, you can still switch away from ASU and use the computer normally, and after clicking on it once, ASU no longer bounces in the Dock.) * If Restart is pressed, the computer will begin the reboot process. I *think* that the process will stop if you have an application open with an unsaved document, but I haven't tested this recently.
Unfortunately, I think users are sometimes conditioned to quickly clicking the default option in any dialog they're presented with, that they sometimes don't realize until 1/4 sec after they hit it, that they just rebooted their computer.
As an aside: it's possible to avoid the reboot either by just leaving ASU in the background indefinitely (pressing Cmd-H 'hides' it so that it doesn't clutter up the UI) or by Force Quitting it, although I doubt that's recommended.
If you ever see a car accident just to the side of you, and are planning on stopping to assist, pull PAST the accident before pulling over (assuming you can do so safely). Don't just stop right where you are. Behind or right next to the accident, you're just going to be in the way of the firetrucks, ambulances, etc. that are going to need to get in, plus you'll be stuck there until the scene is clear and everyone else is out of the way, which is far longer than you'll be of any use.
If I'd been in the SUV, I would have pulled through the plaza, gotten over to the side, and then gone and seen if there was any place to assist. Not park my big freaking car right in the middle of everything, particularly when there's already police on the scene (and no need to use it to block traffic -- that would be the only valid reason to stop in front of things).
Might depend on the law of the state he's in, or the guidelines followed by his physician. Where I used to live, the rule seemed to be pretty much universally applied: seizure-free for a year or no license, or at least that's my understanding based on the (several) people with epilepsy that I knew.
A quick look at the Epilepsy Foundation's web page on the subject reveals a lot of variability. Some states have no mandatory seizure-free period, some are 90 days, some are as long a year, with mandatory physician-reporting and examination requirements. (If you want to see two relative extremes, compare, say, Connecticut and the District of Columbia.)
That's why we have a Federal court system, so states can sue each other.
Similarly, that's what you'd do if your neighbor started doing something that was adversely affecting your ability to use your own property -- you'd sue them and get an order making them stop what they were doing, and probably also get damages to compensate you for what's already occurred.
The solution to many environmental problems is just to not give them special exceptions from normal civil processes -- if Kentucky allows coal-fired power plants that cause acid rain in Vermont, then the AG of Vermont, looking out for his own state's interests, should sue the state of Kentucky.
We already have frameworks in place which, if left to work unfettered, would allow many more environmental externalities be brought to bear on the parties responsible. Unfortunately, years of corruption in the Federal government have left a vast tapestry of exemptions and bureaucracy that prevent much of it from working as it should.
He shouldn't have. Unfortunately, the restrictions against people who have seizures are so strict, that many people who occasionally have minor seizures fail to report them, because it can be ruinous to lose your driver's license. (Lose license = lose job, lose house, etc.) There's very little middle ground.
This guy shouldn't have been driving, but it's not really surprising that he was. The system as it is, only punishes people who have seizures and are honest about it.
Why should circumvention be illegal in the first place?
Because the satellite TV companies, and more recently the movie industry, bought up a lot of Senators and Representatives and got some legislation passed?
Or another long-standing bug: Firefox's apparent inability to print layered transparent PNGs, such as the type used for the route-line overlay on Google Maps.
Seriously, go try it. At least on OS X, you don't even need to print, you can just hit the "Preview" button from the Print dialog, when looking at a Google Maps "print view," and it'll show you the route-line-less (and therefore pretty damn useless) map that it's about to print. It does the same thing on any other page that uses overlaid transparent graphics in layers.
It's unfortunate, because it just makes FF seem very much 'unfinished' when, in order to print a map from one of the more popular sites on the Internet, you have to use an alternate browser. The same thing works just fine in Safari on Mac OS X, or IE on Windows.
They need to stop adding new features and fix some of the bugs that have been around for months or years.
The stateful firewall you'd need on an IPv6 connection isn't inherently any more complicated than an IPv4 UPnP+NAT box. In order for NAT to work, the device performing the translation must keep track of all the individual connections; it's basically a stateful firewall already. If you can do that, then you can firewall IPv6 (provided you have the capacity for the longer addresses). You need a protocol, like UPnP, so that clients can request "holes" (so that things like FTP, Bittorrent, and VoIP work), but that's no worse than NAT right now.
Now, I think this is a completely crappy way to run a network, and I think we just need to get rid of the idea of firewalls completely (at least as a generic cureall, I'm all for retaining them for specific applications); security needs to be at the client level, not at the network-gateway level; as more and more devices become mobile, they cannot and should not ever assume that their local network is secure.
But unfortunately, people have gotten so used to the idea of firewalls that they're attached to them, particularly because it allows for a certain amount of laziness (running old, crummy operating systems on Internet-enabled systems, not patching, etc.) while giving the perception of safety. So I suspect that all IPv6 implementations will mimic the brokenness of NAT, at least initially.
But the problem with a VPN is, it means Apple needs roughly twice the bandwidth you're using, unless you were just going to connect to Apple anyway -- in which case, I don't see why they wouldn't just use 10.x.x.x and let you VPN in to that.
Part of me wants IP addresses to more closely reflect the physical layout. Which is kind of what I do with IPv4 right now -- 10.0 is my office, 10.1 is my home, 10.2 is my brother's LAN party, all tied together with VPNs -- 10.0.10 is the office VPN, 10.1.3 is mine... at the LAN party, 10.2.2 is known good machines, and 10.2.3 is the "ghetto", and they are firewalled from each other (but not from the game server).
This is kinda how the whole scheme was supposed to work, back before NAT muddied the waters, and CIDR made subnets a little less-obvious to understand. I worked at.edu's with Class B allocations and they had IP assignment schemes that pretty closely followed the physical topology. Just by looking at an IP you could tell where it was located.
There are a lot of benefits to a system like that, and frankly I think it was a darn good idea from the beginning, only the people laying it out just never had any idea of the scale the system they were building would grow to. IPv6 fixes the scale problem, but brings back a number of really good Internet concepts that have been compromised away over the years to avoid totally destroying the net.
It only seems ridiculous because of the way we distribute IP addresses today, using CIDR. Prior to 1993 (or whenever CIDR was implemented), if you wanted to run a network with subnets, then you needed at least a Class B allocation, so that your subnets could have Class C blocks (254 hosts each).
This is why MIT, Apple, DEC, IBM, and lots of other big companies were given Class A's. It wasn't just a "thanks for playing" reward, it was because the original design for the IP system required Class A blocks if you wanted to run big networks: if you had a big organization, you needed a Class A, in order to do multiple levels of subnetting.
When you look at the IP allocations and see GE or DEC's Class A blocks, it seems ridiculous. But you have to understand that when those allocations were made, what they were looking at was less the number of actual host IPs in the block (which is what we care about now) but the number of Class B and C subnet blocks that were inside. Put yourself in the shoes of someone at a big company like IBM or GE, with lots of regional offices. Each region/office needs to have a network, with its own subnets (for each department or whatever). That's how they were laying things out. "IBM" as an organization gets a Class A. Each regional office or some other division, Class B. Each network or further subdivision, Class C. Yeah, you end up with a lot of wasted capacity, but this whole scheme was designed back when a "host" was a PDP or VAX; there just weren't enough of them for it to seem like a major issue.
The problem people sometimes refer to when they talk about "the last time we were running out of IPs" (back in the early 90s) wasn't really a shortage of IPs at all (well, at least not immediately, although people were definitely realizing it was going to be a problem), it was a shortage of Class B and C subnet blocks. (Particularly Class B's, since that's what medium-size businesses and.edu's really wanted, and there are only like 16k of them around for direct allocation.)
So that's when CIDR was introduced, and it ended the whole 'Classed Network' concept (A, B, and C classes) and replaced it with the now-familiar bitwise/subnet-mask format. (E.g., IBM's Class A block is 9.0.0.0/8, Apple's is 17.0.0.0/8, etc.) This, along with prefix aggregation, allowed more efficient address allocation, and kept the routing tables from growing out of control. Now that you can subnet at the bit level, rather than at the Class level, those A Blocks seem huge. But keep in mind that before CIDR, each of those A Blocks was looked at, not as 16M hosts, but as 254 subnetworks.
It's only in retrospect, with the help of a bunch of new technologies, that the allocations made back in the Internet's early years look ridiculous.
If they're not stupid, they'd hold out for $2 Billion... heck, maybe more than that. If IPv6 plods along at its current pace, those Class A's are going to be gold mines.
Yes, it would be harder, because it wouldn't obviate the need for IPv6, it would just delay it by a few years. So it would create a lot of difficulty for the companies involved -- who would naturally fight it tooth and nail, probably in the courts and by whatever other means available to them -- and only buy a little more time before we'd all need to transition to IPv6 anyway.
That's like fixing the Y2K problem by going from a two-digit year that maxes out at 99, to a field that only goes to 110. Yeah, it solves the immediate problem, but that's not a real solution to the problem.
After all, most recent network hardware are more or less ready to make the transition, and anyone running Windows 2000 Professional or later, MacOS X variants, and more recent Linux distributions could make the jump to IPv6 either natively or by installing a patch program.
And going out and buying a new gateway/router.
What... you think the manufacturers are going to give you that upgrade for free?
What's holding IPv6 back is two things: public perception that the change will be difficult
What's holding IPv6 back is that most people don't have a Cisco 2621 sitting at the headend of their home network; they've got some piece of shit Linksys or Netgear box (running the stock firmware -- the WRT54GL with one of the upgraded firmwares is decent) that doesn't speak IPv6 and never will. As a result, even moderately technically competent users -- the usual 'early adopter' crowd, but perhaps not real network experts -- are turned off from IPv6, because you have to shell out real dough for a router that supports it. [1] It's a chicken-and-egg problem: ISPs aren't going to roll out IPv6 until their customers start to demand it, or they actually do run out of v4 addresses; customers aren't going to demand it or start caring, because their hardware wouldn't support it even if their ISP offered it; hardware manufacturers aren't going to make hardware that supports it until consumers refuse to buy IPv4 gear (because they know this way, everyone will have to re-buy new stuff later, plus it's cheaper for them).
[1] I think the Apple Airport Extreme Base Station is the only 'consumer' router that does IPv6 out of the box, aside from it, to get v6 you either need to get a router that can be flashed with nonstandard firmware, or you have to get "real" networking gear.
Actually the version designator of "5" was used for the Internet Stream Protocol, which is one of the reasons why they skipped from IPv4 to v6.
ST2 is apparently a protocol for setting up QoSed streams between computers for doing video and audio. Given that I've never heard of it, I'm going to go out on a limb and bet it was a flop.
Yes, it would have the same prefix, but that's exactly the same level of anonymity that you have now with a single IPv4 address and NAT.
With v4, your router gets the address and then NATs it out to however-many devices you have. With v6, you'd get a block of addresses at the router, which it could then distribute via DHCP, or the machines could randomly assign themselves within. You're not losing anything there. Where you might gain something is in the ability to quickly switch IPs when traveling and connecting to an AP that's not yours (which is conceptually similar to performing a DHCP release-and-renew).
If you want plausible deniability, pretty much your only option is to leave your AP unsecured and hope that when the cops show up they buy it as a defense, or use some type of onion routing like Tor.
There seems to be a lot of fear and paranoia going around regarding IPv6, and I just don't get it. There's nothing you can do on IPv4 today that you can't do on IPv6, if you want to. Hell, if you're that attached to NAT, you can do it with IPv6 addresses just as readily -- it's just that it's stupid, because there's no longer any reason to since there's no address shortage, and there's really no privacy or security gained from it that you don't get by just rotating your IPv6 address.
Slashdot Mirror
Apple and Microsoft both have significantly deeper pockets than RMS and the FSF. They're much, much bigger targets.
So, the solution is obvious. The "Wall Street Journal" (WSJ) has already implemented the solution: charge for news. The readership of the WSJ has declined little since the start of the Internet Age. Revenue has also been relatively stable.
Now, look at the "Los Angeles Times". Every bit of news and opinion at the "Times" is free. Why would anyone subscribe to the "Times" when she can get the news for free?
Bingo. I think you've also touched, indirectly, on the bigger issue: original content. If you don't have any original content, then you can't well charge admission! Papers that basically just re-run the same wire service reports as everyone else, can't adopt the WSJ's business model, because there are lots of other, cheaper (free) sources for the same thing.
What we are about to see, is a big contraction in the newspaper market. Honestly I don't think this is a bad thing. It's been a long time in coming. Most newspapers -- and I'm not talking about the LA Times here (I don't have a clue about them) -- have long been a 'news dissemination' service, and not a real 'news reporting' service. They don't really make any content themselves, beyond pretty basic local stuff that a smart highschool Junior could write up. Everything else is just wire service stuff. These are the papers that aren't going to make it, or are going to have to radically change shape in order to survive.
The Internet makes the dissemination of information relatively cheap and easy. What it doesn't do is change the cost of creating the material originally (well, in some cases it might, but not as dramatically as it affects the distribution side). If you're nothing but an information distributor, you're in trouble. But if you're an information creator, then you still have something you can market.
Everyone talks about newspapers going under, but you never hear anyone (seriously) talking about the AP or UPI going under. They're not going to, and neither are the big papers that actually do some serious reporting and content-creation -- although they might have to become more like wire services themselves, less "newspapers" and more 'information brokers' or 'content assemblers' (taking lots of raw data and presenting it in a format that people find pleasing and useful, and are incidentally willing to pay for).
There's no shortage of demand for news, and that means there's always going to be money for the people who are really in the core of the business. It's the ancillary stuff that's going to go down, and well it should.
Well, the dialog is "modal" within the context of the ASU application. It blocks the rest of ASU, and prevents you from doing anything else within it, until you respond.
It doesn't block the rest of the OS, or prevent you from switching to a different application, like old OS 9 modal dialogs did. (With the exception of a few special-case system messages, I don't think anything can do that anymore, thank god.) However, I still think it's appropriate to talk about a "modal dialog" within an application; i.e. it blocks you from working on the document / main window until you respond. Not that it's authoritative, but Wikipedia seems to also be OK with this description.
I didn't mean to imply that ASU blocked all user input, as OS 9 seemed to do from time to time, or Windows still does occasionally -- I'm firmly with you in saying that sucks. Furthermore I think that modality within applications also sucks, if the dialog blocks the user from accessing other documents besides the one the dialog is related to.
It really saves on worrying about a paycheck - I don't get one because I don't have a job. Believe me, the worthwhile stuff can be easily stolen from parked cars/unoccupied houses and I don't find myself on a Saturday afternoon watching what I'm drinking because I might be too hungover for work.
Doesn't work.
Seriously -- life as a criminal isn't nearly as good as a lot of people seem to believe it is. It's a tough way to make a living in anything but the very short run. Pretty much any way you could think of to make money via crime has (A) already been thought of and tried, and (B) is unsustainable. Either you can make a lot of money for a very short amount of time, and run a large risk of being caught and imprisoned, or you can only make small amounts of money. (There's an interesting study referenced in "Freakonomics" where the average salary of a street-level gang member is computed -- turns out it's less than flipping burgers at McD's.) If there were ways to make large amounts of money, quickly, with low risk, simply by being immoral or amoral, there'd be a line from New York to Kansas City to sign up.
It's just that on the whole, you can do a lot better for yourself, provided you're a reasonably intelligent person, in a legitimate occupation than you can dealing drugs or knocking over convenience stores, or stealing cars.
The reason the system works is because it's advantageous -- or at least perceived as advantageous -- to play by the rules in the long run.
Is there anything propane CAN'T do?
Can propane show you naked women?
In an NTSC television, the flyback transformer (a.k.a. line output transformer) is fed at 15.750kHz. That's well within the range of human hearing. I think that they tend to vibrate due to the air gap causing them to vibrate.
She must have hit the dialog without realizing it...by default, Apple Software Update won't auto-restart, and I don't think there's any way to even enable that behavior.
By default, this is how it works:
* ASU puts up dialog showing list of installable updates; they're checked by default. Ones with restart required are marked.
* User unchecks items they don't want, presses "Install" or hits Return.
* ASU downloads and installs software. At end, flashes its own icon in the Dock as notification.
* User returns to ASU; if an update requiring restart has been installed, a modal dialog is displayed saying "The new software requires that you restart your computer..." with options "Shut Down" and "Restart." Default is 'Restart,' if user presses Return. (However, the dialog is modal only within the ASU application, you can still switch away from ASU and use the computer normally, and after clicking on it once, ASU no longer bounces in the Dock.)
* If Restart is pressed, the computer will begin the reboot process. I *think* that the process will stop if you have an application open with an unsaved document, but I haven't tested this recently.
Unfortunately, I think users are sometimes conditioned to quickly clicking the default option in any dialog they're presented with, that they sometimes don't realize until 1/4 sec after they hit it, that they just rebooted their computer.
As an aside: it's possible to avoid the reboot either by just leaving ASU in the background indefinitely (pressing Cmd-H 'hides' it so that it doesn't clutter up the UI) or by Force Quitting it, although I doubt that's recommended.
Word to the wise:
If you ever see a car accident just to the side of you, and are planning on stopping to assist, pull PAST the accident before pulling over (assuming you can do so safely). Don't just stop right where you are. Behind or right next to the accident, you're just going to be in the way of the firetrucks, ambulances, etc. that are going to need to get in, plus you'll be stuck there until the scene is clear and everyone else is out of the way, which is far longer than you'll be of any use.
If I'd been in the SUV, I would have pulled through the plaza, gotten over to the side, and then gone and seen if there was any place to assist. Not park my big freaking car right in the middle of everything, particularly when there's already police on the scene (and no need to use it to block traffic -- that would be the only valid reason to stop in front of things).
Might depend on the law of the state he's in, or the guidelines followed by his physician. Where I used to live, the rule seemed to be pretty much universally applied: seizure-free for a year or no license, or at least that's my understanding based on the (several) people with epilepsy that I knew.
A quick look at the Epilepsy Foundation's web page on the subject reveals a lot of variability. Some states have no mandatory seizure-free period, some are 90 days, some are as long a year, with mandatory physician-reporting and examination requirements. (If you want to see two relative extremes, compare, say, Connecticut and the District of Columbia.)
Oddly enough, in the U.S., the TV producers have capitalized on their, and a large part of the rest of the world's, own ineptitude.
That's why we have a Federal court system, so states can sue each other.
Similarly, that's what you'd do if your neighbor started doing something that was adversely affecting your ability to use your own property -- you'd sue them and get an order making them stop what they were doing, and probably also get damages to compensate you for what's already occurred.
The solution to many environmental problems is just to not give them special exceptions from normal civil processes -- if Kentucky allows coal-fired power plants that cause acid rain in Vermont, then the AG of Vermont, looking out for his own state's interests, should sue the state of Kentucky.
We already have frameworks in place which, if left to work unfettered, would allow many more environmental externalities be brought to bear on the parties responsible. Unfortunately, years of corruption in the Federal government have left a vast tapestry of exemptions and bureaucracy that prevent much of it from working as it should.
He shouldn't have. Unfortunately, the restrictions against people who have seizures are so strict, that many people who occasionally have minor seizures fail to report them, because it can be ruinous to lose your driver's license. (Lose license = lose job, lose house, etc.) There's very little middle ground.
This guy shouldn't have been driving, but it's not really surprising that he was. The system as it is, only punishes people who have seizures and are honest about it.
Why should circumvention be illegal in the first place?
Because the satellite TV companies, and more recently the movie industry, bought up a lot of Senators and Representatives and got some legislation passed?
Or another long-standing bug: Firefox's apparent inability to print layered transparent PNGs, such as the type used for the route-line overlay on Google Maps.
Seriously, go try it. At least on OS X, you don't even need to print, you can just hit the "Preview" button from the Print dialog, when looking at a Google Maps "print view," and it'll show you the route-line-less (and therefore pretty damn useless) map that it's about to print. It does the same thing on any other page that uses overlaid transparent graphics in layers.
It's well known and extremely annoying, but apparently the FF devs don't care about printing bugs?
It's unfortunate, because it just makes FF seem very much 'unfinished' when, in order to print a map from one of the more popular sites on the Internet, you have to use an alternate browser. The same thing works just fine in Safari on Mac OS X, or IE on Windows.
They need to stop adding new features and fix some of the bugs that have been around for months or years.
If I could buy and sell turds for that price I'd be happy, let alone a Zune!
That's a redundant statement.
The stateful firewall you'd need on an IPv6 connection isn't inherently any more complicated than an IPv4 UPnP+NAT box. In order for NAT to work, the device performing the translation must keep track of all the individual connections; it's basically a stateful firewall already. If you can do that, then you can firewall IPv6 (provided you have the capacity for the longer addresses). You need a protocol, like UPnP, so that clients can request "holes" (so that things like FTP, Bittorrent, and VoIP work), but that's no worse than NAT right now.
Now, I think this is a completely crappy way to run a network, and I think we just need to get rid of the idea of firewalls completely (at least as a generic cureall, I'm all for retaining them for specific applications); security needs to be at the client level, not at the network-gateway level; as more and more devices become mobile, they cannot and should not ever assume that their local network is secure.
But unfortunately, people have gotten so used to the idea of firewalls that they're attached to them, particularly because it allows for a certain amount of laziness (running old, crummy operating systems on Internet-enabled systems, not patching, etc.) while giving the perception of safety. So I suspect that all IPv6 implementations will mimic the brokenness of NAT, at least initially.
But the problem with a VPN is, it means Apple needs roughly twice the bandwidth you're using, unless you were just going to connect to Apple anyway -- in which case, I don't see why they wouldn't just use 10.x.x.x and let you VPN in to that.
.edu's with Class B allocations and they had IP assignment schemes that pretty closely followed the physical topology. Just by looking at an IP you could tell where it was located.
Part of me wants IP addresses to more closely reflect the physical layout. Which is kind of what I do with IPv4 right now -- 10.0 is my office, 10.1 is my home, 10.2 is my brother's LAN party, all tied together with VPNs -- 10.0.10 is the office VPN, 10.1.3 is mine... at the LAN party, 10.2.2 is known good machines, and 10.2.3 is the "ghetto", and they are firewalled from each other (but not from the game server).
This is kinda how the whole scheme was supposed to work, back before NAT muddied the waters, and CIDR made subnets a little less-obvious to understand. I worked at
There are a lot of benefits to a system like that, and frankly I think it was a darn good idea from the beginning, only the people laying it out just never had any idea of the scale the system they were building would grow to. IPv6 fixes the scale problem, but brings back a number of really good Internet concepts that have been compromised away over the years to avoid totally destroying the net.
It only seems ridiculous because of the way we distribute IP addresses today, using CIDR. Prior to 1993 (or whenever CIDR was implemented), if you wanted to run a network with subnets, then you needed at least a Class B allocation, so that your subnets could have Class C blocks (254 hosts each).
.edu's really wanted, and there are only like 16k of them around for direct allocation.)
This is why MIT, Apple, DEC, IBM, and lots of other big companies were given Class A's. It wasn't just a "thanks for playing" reward, it was because the original design for the IP system required Class A blocks if you wanted to run big networks: if you had a big organization, you needed a Class A, in order to do multiple levels of subnetting.
When you look at the IP allocations and see GE or DEC's Class A blocks, it seems ridiculous. But you have to understand that when those allocations were made, what they were looking at was less the number of actual host IPs in the block (which is what we care about now) but the number of Class B and C subnet blocks that were inside. Put yourself in the shoes of someone at a big company like IBM or GE, with lots of regional offices. Each region/office needs to have a network, with its own subnets (for each department or whatever). That's how they were laying things out. "IBM" as an organization gets a Class A. Each regional office or some other division, Class B. Each network or further subdivision, Class C. Yeah, you end up with a lot of wasted capacity, but this whole scheme was designed back when a "host" was a PDP or VAX; there just weren't enough of them for it to seem like a major issue.
The problem people sometimes refer to when they talk about "the last time we were running out of IPs" (back in the early 90s) wasn't really a shortage of IPs at all (well, at least not immediately, although people were definitely realizing it was going to be a problem), it was a shortage of Class B and C subnet blocks. (Particularly Class B's, since that's what medium-size businesses and
So that's when CIDR was introduced, and it ended the whole 'Classed Network' concept (A, B, and C classes) and replaced it with the now-familiar bitwise/subnet-mask format. (E.g., IBM's Class A block is 9.0.0.0/8, Apple's is 17.0.0.0/8, etc.) This, along with prefix aggregation, allowed more efficient address allocation, and kept the routing tables from growing out of control. Now that you can subnet at the bit level, rather than at the Class level, those A Blocks seem huge. But keep in mind that before CIDR, each of those A Blocks was looked at, not as 16M hosts, but as 254 subnetworks.
It's only in retrospect, with the help of a bunch of new technologies, that the allocations made back in the Internet's early years look ridiculous.
Well, yeah. That's the "Strategic IP Address Reserve."
If they're not stupid, they'd hold out for $2 Billion... heck, maybe more than that. If IPv6 plods along at its current pace, those Class A's are going to be gold mines.
Yes, it would be harder, because it wouldn't obviate the need for IPv6, it would just delay it by a few years. So it would create a lot of difficulty for the companies involved -- who would naturally fight it tooth and nail, probably in the courts and by whatever other means available to them -- and only buy a little more time before we'd all need to transition to IPv6 anyway.
That's like fixing the Y2K problem by going from a two-digit year that maxes out at 99, to a field that only goes to 110. Yeah, it solves the immediate problem, but that's not a real solution to the problem.
After all, most recent network hardware are more or less ready to make the transition, and anyone running Windows 2000 Professional or later, MacOS X variants, and more recent Linux distributions could make the jump to IPv6 either natively or by installing a patch program.
... you think the manufacturers are going to give you that upgrade for free?
And going out and buying a new gateway/router.
What
What's holding IPv6 back is two things: public perception that the change will be difficult
What's holding IPv6 back is that most people don't have a Cisco 2621 sitting at the headend of their home network; they've got some piece of shit Linksys or Netgear box (running the stock firmware -- the WRT54GL with one of the upgraded firmwares is decent) that doesn't speak IPv6 and never will. As a result, even moderately technically competent users -- the usual 'early adopter' crowd, but perhaps not real network experts -- are turned off from IPv6, because you have to shell out real dough for a router that supports it. [1] It's a chicken-and-egg problem: ISPs aren't going to roll out IPv6 until their customers start to demand it, or they actually do run out of v4 addresses; customers aren't going to demand it or start caring, because their hardware wouldn't support it even if their ISP offered it; hardware manufacturers aren't going to make hardware that supports it until consumers refuse to buy IPv4 gear (because they know this way, everyone will have to re-buy new stuff later, plus it's cheaper for them).
[1] I think the Apple Airport Extreme Base Station is the only 'consumer' router that does IPv6 out of the box, aside from it, to get v6 you either need to get a router that can be flashed with nonstandard firmware, or you have to get "real" networking gear.
Actually the version designator of "5" was used for the Internet Stream Protocol, which is one of the reasons why they skipped from IPv4 to v6.
ST2 is apparently a protocol for setting up QoSed streams between computers for doing video and audio. Given that I've never heard of it, I'm going to go out on a limb and bet it was a flop.
Yes, it would have the same prefix, but that's exactly the same level of anonymity that you have now with a single IPv4 address and NAT.
With v4, your router gets the address and then NATs it out to however-many devices you have. With v6, you'd get a block of addresses at the router, which it could then distribute via DHCP, or the machines could randomly assign themselves within. You're not losing anything there. Where you might gain something is in the ability to quickly switch IPs when traveling and connecting to an AP that's not yours (which is conceptually similar to performing a DHCP release-and-renew).
If you want plausible deniability, pretty much your only option is to leave your AP unsecured and hope that when the cops show up they buy it as a defense, or use some type of onion routing like Tor.
There seems to be a lot of fear and paranoia going around regarding IPv6, and I just don't get it. There's nothing you can do on IPv4 today that you can't do on IPv6, if you want to. Hell, if you're that attached to NAT, you can do it with IPv6 addresses just as readily -- it's just that it's stupid, because there's no longer any reason to since there's no address shortage, and there's really no privacy or security gained from it that you don't get by just rotating your IPv6 address.