> I have a theory that the next major human pandemic will be spread > by tablets. At least with a smartphone people generally keep > it to themselves. When you use someone's iPad, you are now sharing > the bathroom habits of everyone else who has touched that iPad.
You, sir, are paranoid. We can greatly improve business productivity by sending all the smartphone cleaning people away on the "B" Ark, along with all the middle managers and hairdressers.
If a Yahoo or Google email group is overkill, howsabout a school-provided email address? And the school keeps backups, available to authorities. This allows 2-way communications, with the sobering proviso that ot is being monitored. A technical question about Euclidian geometry won't be incriminating, as opposed to "whatcha doin Friday night?".
> You know, if you take off your tin foil hat for a moment, you might > realize that no one at all gives a flying fuck about your little life
Well, there's that manager who's going through a stack of resumes trying to figure out whom to hire. The usual process is to eliminate as many applicants as possible, so look them up in the various social nets. And there are some corporate assholes who get off on firing people. Don't give them excuses.
> The problem is that Facebook is basically becoming a walled garden > service for many Internet users now. Message/mail service, chat, > blogging, location, games, photo albums, business info, etc - there > are a lot of people who use it almost exclusively.
Facebook == AOL 2.0 But without the free floppies.
> The solution to background checks such as that is to simply not work > for companies that do them and go work somewhere else. I assume > you're an american (if not, I realize your country may be different) > then you have no excuse for not being able to find a job. ANYONE in > America can get a job, you just don't want to.
Can I have some of what you're smoking/drinking/ingesting? Must be strong stuff. Unemployment rates are at record highs. Many people who want a reasonable job *THAT THEY ARE CAPABLE OF DOING* are unable to find one.
> So make your choice, do you want to be a douche and hide who you are > online just incase someone in the real world sees it, or do you want > to take a different, possible less enjoyable position somewhere else?
And if you had a comfortable, well-paying, office job, would you trade it for a minimum-wage job flipping burgers? And if you have a wife/kids/mortgage, a minimum-wage job is not an option.
Imagine if 10,000 sets of identical twins file lawsuits for $100 million in separate courts, claiming that Zuckerberg stole their idea. That would be well in excess of even Facebook's valuation.
The countermeasures look like they've been written by a script-kiddie. They are not 100% effective. Everybody has been concentrating on DNS servers. Guess what...
1) There are already some greedy asshat ISPs intercepting port 53 and replacing results with their own. Right now, they get a lot of complaints when they're caught. But if the government orders it, all ISPs will have to do it.That'll stop *ALL* regular DNS queries to foreign servers (including roots), unless you VPN, or ssh-tunnel, or use non-standard ports.
2) "Undesirable sites" can be null-routed. Remember when Pakistan accidentally knocked Youtube off the net for the entire planet? http://slashdot.org/story/08/02/25/1322252/Pakistan-YouTube-Block-Breaks-the-World Even knowing the correct IP address doesn't work then. Only VPN or ssh-tunneling will get you the content if the IP address itself is blocked. Of course if the US managed to knock foreign "infringing" servers off the net, the MAFIAA wouldn't exactly cry about it.
> You really do not appreciate the difference in power usage difference > between day and night. Build more power plants & transmission lines > and you can get that number even higher
Do you have *ANY* clue how difficult that is in the LSA (Litigious States of America)? It can take years of lawsuits merely to extend powerlines several miles. New hydro/coal/natgas/nuclear power plants are just about impossible. Remember the fiasco in California several years ago? People like to blame Enron, but Enron was merely making the obvious bet on the market. No new powerplants for umpteen years... of course power rates were going to shoot through the roof.
If you're going after a company in small claims court, they're supposed to send an employee to represent them. Outside legal counsel may be forbidden. But if they're big enough, they'll have corporate lawyers on the payroll. Are you saying they can't send an employee of their choosing to represent them?
And to take your idea to its extreme, if you take a lawyer to small claims court, are you claiming that he can't show up in court to defend himself?
Also, define "lawyer". Does that include only somebody who's a member of the bar in your jurisdiction? What about somebody who's a member of the bar in another jurisdiction? Articling lawyers (not called to the bar yet)? Paralegals? Legal secrataries? Etc, etc.
> Step 1: Draft a law that says anyone writing a computer virus or malware
There are already laws punishing unauthorized access to computers. Kevin Mitnick did jail time for NON-destructive unauthorized access.
> Step 2: Get all of the worlds nations to agree with the law and enforce it within their borders.
Bwahahahahahahaha. Just like the US has managed to get Mexico and Colombia and Afghanistan to stop sending drugs to the US? Just like they've stopped piracy off the coast of Africa? And how are you going to get North Korea and China to reign in their military?
> I think that USB storage standards are what did it. Before that, > the only reliable thing you could bring between machines was > Floppy and CD-R. CD-R was annoy if you just wanted a single file, > and you couldn't just work off them (open file, edit, save), like you > could with a floppy. so they didn't kill floppies either. What killed > floppies was the fact that there was drivers on every machine that > let you plug in your USB storage device into any computer and have it just work.
Speaking of USB thumbdrives and drivers everywhere, WTF is it that when I stuck in a model of USB thumbdrive that the Windows XP PC at work hadn't seen before, it always had to go out and find a driver on the internet? Meanwhile, with linux, I just stick in a USB thumbdrive and it shows up properly as a USB mass storage device.
> So whenever a bug in the firmware is discovered (batteries wearing out quicker > than normal, overheating, etc), instead of pushing a firmware update over the > internet, Apple should require all users to physically take their computers to an > Apple store and wait in line or, worse, leave their computer behind for a few days?
I would much rather have that than the ability for some snotty-nosed 14-year-old kid on the other side of the planet to explode or permanently brick the battery in my laptop. There may be an argument for having firmware on the battery, but easy updatability, by both the alleged "good guys" and "bad guys" is going too far.
The on-battery chip should be non-modifiable. I can see only only one reason for Apple doing this. It's just like all the updates to IOS. After a jailbreak method is discovered, Apple issues an IOS update that closes the loophole used for the jailbreak. They'd love to be able to "upfate" batteries that have been jailbroken, and remove the jailbreak loophole.
> A vanilla install of firefox doesn't seem that bad - but > once you add a handful of addons, things do get > leaky as hell.
> Would that be Mozillas fault, or the addon writers?
Howsabout leaving all the cutsie features for addons, rather than hard-coding in every addon that's been downloaded a dozen times or more? * get rid of spellcheck, etc, etc, etc * get rid of the relational database to store bookmarks and various settings. We all know how successful binary data blobs like the Windows Registry turned out... !NOT
Showing my age. I remember years ago all the "about:kitchen_sink" jokes about Mozilla 0.9x. It was a breath of fresh air when Phoenix (later renamed to Firebid and then to Firefox) came out. They actually got rid of the usenet news and the email and the HTML website builder. That greatly reduced the memory footprint and sped up the browser.
But then they went back to their old ways. Remember how AOL f***ed up Netscape when they tried to make it into a OS-on-top-of-an-OS? Seems like the Mozilla foundation is repeating that mistake. I don't want a f***ing "application platform" with a buttload of built-in features, I want a web browser.
One reason for the occasional freezes on the linux version is due to the SQLite RDBMS which is used to store a bunch of stuff that belongs in straight text files. Don't blame the people that wrote SQLite. A real RDBMS is supposed to do stuff like fsync() to commit transactions and ensure database integrity. Then again, an RDBMS is usually intended to be run on a dedicated server, not as part of the infrastructure of a stinking web browser.
Another stupidity in the linux version is the braindead insistence on dereferencing symlinks. Here's what happens... * first time I run into a.doc file, I set the "helper application" to/usr/bin/abiword * but/usr/bin/abiword is just a symlink to/usr/bin/abiword-2.7, which in turn is a symlink to/usr/bin/Abiword-2.7. * Firefox "corrects" the application name from/usr/bin/abiword to/usr/bin/Abiword-2.7 * I do a system update, and there's a version bump to/usr/bin/Abiword-2.8, and/usr/bin/Abiword-2.7 is removed. * I click on a URL to a.doc file, and Firefox starts crying about "application not found".
If Firefox wasn't so braindead, and was willing to accept what I had typed in, rather than de-referencing it, it would've found/usr/bin/abiword, which is properly symlinked to/usr/bin/Abiword-2.8, And this doesn't even begin to address applications that respond differently, *AND EXPECT DIFFERENT PARAMETERS* based on which symlink name thay're invoked with. At one point, I ended up hacking into the chrome directory, grepping for "/usr/bin/Abiword-2.7" in a config file, and replacing it with "/usr/bin/abiword". When that config info ends up in an SQLite RDBMS, that hack is no longer possible.
Oh yeah, this message is coming to you via Opera. If I had a million dollars, and access to a bunch of coders, I'd love to launch a project to backport the latest HTML implementation to Firefox 2.x.
Some people seem to live in la-la-land. I don't care about the difference between SPI and NAT, but some people do, all in the interest of "end-to-end connectivity". Some of their suggestions are totally brain-dead. E.g. http://tools.ietf.org/html/draft-ietf-v6ops-cpe-simple-security-09 > In managed, enterprise networks, virtual private networking tunnels > are typically regarded as an additional attack surface. and they are > often restricted or prohibited from traversing firewalls for that > reason. However, it would be inappropriate to restrict virtual > private networking tunnels by default in unmanaged, residential > network usage scenarios.
Hello?!?! WTF should my home network be any less secure than a network at an office???
> Therefore, this document recommends the DEFAULT operating > mode for residential IPv6 simple security is to permit all virtual > private networking tunnel protocols to pass through the stateful > filtering function. These include IPsec transport and tunnel modes > as well as other IP-in-IP protocols.
WTF?!?! So when some manufacturer makes a bunch of fridges or toasters or washer/dryers that respond to default UserIDs and passwords over a VPN, they'll accessable to the outside world *BY DEFAULT*.
>The intention is to provide an example of a security model which allows most traffic, > including incoming unsolicited packets and connections, to traverse the CPE...
Ex-bleeping-scuse me. This SPI "security" is a joke. You'll pry NAT out of my cold dead fingers.
>...unless the CPE identifies the traffic as potentially harmful based on > a set of signatures (and other correlation data and heuristics)
IDIOTS!!! One of the basic rules of internet security is to enumerate good, *NOT* to enumerate evil. There are new exploits being created all the time. You simply can't keep up with a list of exploits. You're a lot better off deciding what minimal stuff to allow through.
> that are kept up to date on a regular basis.
Oh boy. My ISP's router/modem will come with a 90-day trial subscription to Macafee/Norton/whatever. And when I'm watching a movie on Netflix, or whatever, I'll get get a popup warning me that the free anti-virus subscription expires tomorrow and that I *MUST SIGN UP NOW*. And the router/modem will have a quad-core processor, but still be dog slow, because it'll be continuous ly scanning packets, and looking through a list of a gazillion exploits. And just like craplets on new PCs, it'll be almost impossible to uninstall. Like I said, you'll pry NAT out of my cold dead fingers.
I haven't been a NAT fanboi, but if the internet hippies at IETF get their way, NAT will indeed be the safest way to go.
Howsabout a home server that accepts ssh connections (key-only, no passwords to brute-force). Connect the thermostats to your home box as "the central server", and ssh to your server when you want to do stuff.
> There's also the possibility that some ISPs might end up giving static IP address blocks > to all customers. Given the HUGE address space they're being assigned, they have > plenty of addresses available to do that. There's no longer a justification for dynamic > addresses (reusing oversubscribed addresses).
That was the thinking when the original internet had/8 addresses handed out. Some people never learn. Fercryinoutloud, a/64 is 2^64 addresses. China's current population is approx 1.4 billion. Assume it grows to 4 billion later this century, a/64 would still supply every man/womand/child in China with 4 billion addresses each.
The 2 major types of high-capacity residential internet providers are cablecos and telcos. Cablecos sell cable TV, and own some of the pay-TV channels. Major telcos also own some pay-TV channels and have their own cable-TV equivalant services over IPTV... * ATT in the US has Uverse * Verizon in the US has Fios * Bell Canada has Fibe
There isn't the major congestion they'd like you to believe. It's just that they're scared shitless of competition. If you want to get a movie channel on a cableco/telco, you have to get "basic service", and then some higher tier, and then subscribe to the movie channel. You're easily talking $50 to $80 per month. Meanwhile, Netflix is a fraction of that cost.
In Canada, the major networks provide delayed video streams of most of their shows. I assume that it's the same in the US. If not for ridiculous caps, many cableco/telco customers will "cut the cord" for their TV subscriptions, and watch only what they want over internet, rather than paying for 500 chanells, most of which are crap.
...will be to patent the concept of defeating the tech that stops Iphone from recording video. Licence it for $1,000,000 per day or portion thereof. If you're caught defeating the anti-filming tech, Apple could bankrupt you. Remember also that in a civil lawsuit, they can destroy you financially just by suing you, even if you're eventually found not guilty.
> IIRC there is legislation in the US and elsewhere > preventing the use of RF blockers in public places.
That is a non-sequitur. Didi you read the post you're replying to? You cannot use a transmitter to jam cellphone frequencies (and there are several bands). But there is no law saying you can't put up a layer of tinfoil or rf-absorbant paint behind the wallpaper. It's called a Faraday Cage. See http://en.wikipedia.org/wiki/Faraday_cage and http://www.theregister.co.uk/2007/03/23/rf_proof_paint/
> "Mozilla Labs has introduced its concept of a > desktop replacement called Webian Shell. The > Webian Shell basically consists of a browser which > will replace the traditional desktop, and web > applications are given more importance than the > native applications.
First, Java was going to render the underlying OS irrelavant, running applets on every browser.
Then AOL was going to render the underlying OS irrelavant by expanding Netscape to make it a pseudo-OS. While working on their pseudo-OS, AOL totally ignored Netscape 4.x, and that's when IE walked away with the web.
Here we go again... if I only had several million dollars and a team of programmers at my disposal... sigh.
> no RIAA or MPAA snoops Wrong; if anything, it'll be easier. Dynamic IP addresses (at least for ADSL) are an address-conservation measure. It's based on the assumption that not every customer is online at the same time. By using dynamic IP addresses, you can get away with fewer of them. This is important in the current environment.
Without the address scarcity to force dynamic IP address usage, an ISP can assign you a fixed/64 under IPV6. It doesn't matter how much you shuffle your address inside that block, every packet you send out will have your prefix. In addition to using using cookies, Google and Adclick/etc can simply aggregate data from every web user. Eventually, somewhere in your web-surfing, you *WILL* give out your realword contact info, and all that web-surfing will be traceable to you. Nothing short of wifi hotspots will provide privacy.
> Why didn't they just add one or 2 more octets to IP4, a-la: a.b.c.d.e.f > instead of the godawful hexadecimal and colons thing they came up > with? All existing IP's could then stay the same but just have leading zeros!
Asking this question shows that you do not understand IPV4 and IPV6...
a) IP addresses are *NOT* sent as octects or hex digits. They are clumps of binary bits. Octets and hex digits are simply human-readable representations. IPV6 traffic is a string of binary bits just like IPV4. The *HUMAN READABLE* representation is *DELIBERATELY* different, so that web browsers will know whether you're talking IPV4 or IPV6. E.g. http:/// 192.168.0.1/example.html versus http:/// fc:ab:cd::ef/example.html
b) Backwards compatability is impossible when changing the length of the packets. IPV4 is sent in clumps of 32 bits, IPV6 is sent in clumps of 128 bits. It doesn't matter whether you go to 33 bits, 34, 35, or 128. Every IPV4 router's firmware is *HARD CODED* for 32-bit packets; period; end of story; it's *NOT* compatable; deal with it. Note that I deliberately broke the URLs because Slashdot butchers the IPV6 URL by removing the colon. Yet another IPV6 incompatability.
Slashdot Mirror
> I have a theory that the next major human pandemic will be spread
> by tablets. At least with a smartphone people generally keep
> it to themselves. When you use someone's iPad, you are now sharing
> the bathroom habits of everyone else who has touched that iPad.
You, sir, are paranoid. We can greatly improve business productivity by sending all the smartphone cleaning people away on the "B" Ark, along with all the middle managers and hairdressers.
If a Yahoo or Google email group is overkill, howsabout a school-provided email address? And the school keeps backups, available to authorities. This allows 2-way communications, with the sobering proviso that ot is being monitored. A technical question about Euclidian geometry won't be incriminating, as opposed to "whatcha doin Friday night?".
> You know, if you take off your tin foil hat for a moment, you might
> realize that no one at all gives a flying fuck about your little life
Well, there's that manager who's going through a stack of resumes trying to figure out whom to hire. The usual process is to eliminate as many applicants as possible, so look them up in the various social nets. And there are some corporate assholes who get off on firing people. Don't give them excuses.
> The problem is that Facebook is basically becoming a walled garden
> service for many Internet users now. Message/mail service, chat,
> blogging, location, games, photo albums, business info, etc - there
> are a lot of people who use it almost exclusively.
Facebook == AOL 2.0
But without the free floppies.
> The solution to background checks such as that is to simply not work
> for companies that do them and go work somewhere else. I assume
> you're an american (if not, I realize your country may be different)
> then you have no excuse for not being able to find a job. ANYONE in
> America can get a job, you just don't want to.
Can I have some of what you're smoking/drinking/ingesting? Must be strong stuff. Unemployment rates are at record highs. Many people who want a reasonable job *THAT THEY ARE CAPABLE OF DOING* are unable to find one.
> So make your choice, do you want to be a douche and hide who you are
> online just incase someone in the real world sees it, or do you want
> to take a different, possible less enjoyable position somewhere else?
And if you had a comfortable, well-paying, office job, would you trade it for a minimum-wage job flipping burgers? And if you have a wife/kids/mortgage, a minimum-wage job is not an option.
Imagine if 10,000 sets of identical twins file lawsuits for $100 million in separate courts, claiming that Zuckerberg stole their idea. That would be well in excess of even Facebook's valuation.
The countermeasures look like they've been written by a script-kiddie. They are not 100% effective. Everybody has been concentrating on DNS servers. Guess what...
1) There are already some greedy asshat ISPs intercepting port 53 and replacing results with their own. Right now, they get a lot of complaints when they're caught. But if the government orders it, all ISPs will have to do it.That'll stop *ALL* regular DNS queries to foreign servers (including roots), unless you VPN, or ssh-tunnel, or use non-standard ports.
2) "Undesirable sites" can be null-routed. Remember when Pakistan accidentally knocked Youtube off the net for the entire planet? http://slashdot.org/story/08/02/25/1322252/Pakistan-YouTube-Block-Breaks-the-World Even knowing the correct IP address doesn't work then. Only VPN or ssh-tunneling will get you the content if the IP address itself is blocked. Of course if the US managed to knock foreign "infringing" servers off the net, the MAFIAA wouldn't exactly cry about it.
> You really do not appreciate the difference in power usage difference
> between day and night. Build more power plants & transmission lines
> and you can get that number even higher
Do you have *ANY* clue how difficult that is in the LSA (Litigious States of America)? It can take years of lawsuits merely to extend powerlines several miles. New hydro/coal/natgas/nuclear power plants are just about impossible. Remember the fiasco in California several years ago? People like to blame Enron, but Enron was merely making the obvious bet on the market. No new powerplants for umpteen years... of course power rates were going to shoot through the roof.
> If you use the free WiFi at starbucks, I can record your MAC address.
Computer literacy test...
Question: What is your MAC address?
Answer by...
Clueless user: Duhhhh... I don't got MAC, I got Windows
Competent user: 01:23:45:67:89:ab
Expert: What do you want it to be?
And since we're at Starbuck's...
ifconfig eth0 hw ether c0:ff:ee:c0:ff:ee
If you're going after a company in small claims court, they're supposed to send an employee to represent them. Outside legal counsel may be forbidden. But if they're big enough, they'll have corporate lawyers on the payroll. Are you saying they can't send an employee of their choosing to represent them?
And to take your idea to its extreme, if you take a lawyer to small claims court, are you claiming that he can't show up in court to defend himself?
Also, define "lawyer". Does that include only somebody who's a member of the bar in your jurisdiction? What about somebody who's a member of the bar in another jurisdiction? Articling lawyers (not called to the bar yet)? Paralegals? Legal secrataries? Etc, etc.
> Step 1: Draft a law that says anyone writing a computer virus or malware
There are already laws punishing unauthorized access to computers. Kevin Mitnick did jail time for NON-destructive unauthorized access.
> Step 2: Get all of the worlds nations to agree with the law and enforce it within their borders.
Bwahahahahahahaha. Just like the US has managed to get Mexico and Colombia and Afghanistan to stop sending drugs to the US? Just like they've stopped piracy off the coast of Africa? And how are you going to get North Korea and China to reign in their military?
> I think that USB storage standards are what did it. Before that,
> the only reliable thing you could bring between machines was
> Floppy and CD-R. CD-R was annoy if you just wanted a single file,
> and you couldn't just work off them (open file, edit, save), like you
> could with a floppy. so they didn't kill floppies either. What killed
> floppies was the fact that there was drivers on every machine that
> let you plug in your USB storage device into any computer and have it just work.
Speaking of USB thumbdrives and drivers everywhere, WTF is it that when I stuck in a model of USB thumbdrive that the Windows XP PC at work hadn't seen before, it always had to go out and find a driver on the internet? Meanwhile, with linux, I just stick in a USB thumbdrive and it shows up properly as a USB mass storage device.
> So whenever a bug in the firmware is discovered (batteries wearing out quicker
> than normal, overheating, etc), instead of pushing a firmware update over the
> internet, Apple should require all users to physically take their computers to an
> Apple store and wait in line or, worse, leave their computer behind for a few days?
I would much rather have that than the ability for some snotty-nosed 14-year-old kid on the other side of the planet to explode or permanently brick the battery in my laptop. There may be an argument for having firmware on the battery, but easy updatability, by both the alleged "good guys" and "bad guys" is going too far.
The on-battery chip should be non-modifiable. I can see only only one reason for Apple doing this. It's just like all the updates to IOS. After a jailbreak method is discovered, Apple issues an IOS update that closes the loophole used for the jailbreak. They'd love to be able to "upfate" batteries that have been jailbroken, and remove the jailbreak loophole.
> A vanilla install of firefox doesn't seem that bad - but
> once you add a handful of addons, things do get
> leaky as hell.
> Would that be Mozillas fault, or the addon writers?
Howsabout leaving all the cutsie features for addons, rather than hard-coding in every addon that's been downloaded a dozen times or more?
* get rid of spellcheck, etc, etc, etc
* get rid of the relational database to store bookmarks and various settings. We all know how successful binary data blobs like the Windows Registry turned out... !NOT
Showing my age. I remember years ago all the "about:kitchen_sink" jokes about Mozilla 0.9x. It was a breath of fresh air when Phoenix (later renamed to Firebid and then to Firefox) came out. They actually got rid of the usenet news and the email and the HTML website builder. That greatly reduced the memory footprint and sped up the browser.
But then they went back to their old ways. Remember how AOL f***ed up Netscape when they tried to make it into a OS-on-top-of-an-OS? Seems like the Mozilla foundation is repeating that mistake. I don't want a f***ing "application platform" with a buttload of built-in features, I want a web browser.
One reason for the occasional freezes on the linux version is due to the SQLite RDBMS which is used to store a bunch of stuff that belongs in straight text files. Don't blame the people that wrote SQLite. A real RDBMS is supposed to do stuff like fsync() to commit transactions and ensure database integrity. Then again, an RDBMS is usually intended to be run on a dedicated server, not as part of the infrastructure of a stinking web browser.
Another stupidity in the linux version is the braindead insistence on dereferencing symlinks. Here's what happens... .doc file, I set the "helper application" to /usr/bin/abiword /usr/bin/abiword is just a symlink to /usr/bin/abiword-2.7, which in turn is a symlink to /usr/bin/Abiword-2.7. /usr/bin/abiword to /usr/bin/Abiword-2.7 /usr/bin/Abiword-2.8, and /usr/bin/Abiword-2.7 is removed. .doc file, and Firefox starts crying about "application not found".
* first time I run into a
* but
* Firefox "corrects" the application name from
* I do a system update, and there's a version bump to
* I click on a URL to a
If Firefox wasn't so braindead, and was willing to accept what I had typed in, rather than de-referencing it, it would've found /usr/bin/abiword, which is properly symlinked to /usr/bin/Abiword-2.8, And this doesn't even begin to address applications that respond differently, *AND EXPECT DIFFERENT PARAMETERS* based on which symlink name thay're invoked with. At one point, I ended up hacking into the chrome directory, grepping for "/usr/bin/Abiword-2.7" in a config file, and replacing it with "/usr/bin/abiword". When that config info ends up in an SQLite RDBMS, that hack is no longer possible.
Oh yeah, this message is coming to you via Opera. If I had a million dollars, and access to a bunch of coders, I'd love to launch a project to backport the latest HTML implementation to Firefox 2.x.
Some people seem to live in la-la-land. I don't care about the difference between SPI and NAT, but some people do, all in the interest of "end-to-end connectivity". Some of their suggestions are totally brain-dead. E.g. http://tools.ietf.org/html/draft-ietf-v6ops-cpe-simple-security-09
> In managed, enterprise networks, virtual private networking tunnels
> are typically regarded as an additional attack surface. and they are
> often restricted or prohibited from traversing firewalls for that
> reason. However, it would be inappropriate to restrict virtual
> private networking tunnels by default in unmanaged, residential
> network usage scenarios.
Hello?!?! WTF should my home network be any less secure than a network at an office???
> Therefore, this document recommends the DEFAULT operating
> mode for residential IPv6 simple security is to permit all virtual
> private networking tunnel protocols to pass through the stateful
> filtering function. These include IPsec transport and tunnel modes
> as well as other IP-in-IP protocols.
WTF?!?! So when some manufacturer makes a bunch of fridges or toasters or washer/dryers that respond to default UserIDs and passwords over a VPN, they'll accessable to the outside world *BY DEFAULT*.
It gets worse. http://tools.ietf.org/html/draft-vyncke-advanced-ipv6-security-01 says...
>The intention is to provide an example of a security model which allows most traffic,
> including incoming unsolicited packets and connections, to traverse the CPE...
Ex-bleeping-scuse me. This SPI "security" is a joke. You'll pry NAT out of my cold dead fingers.
> ...unless the CPE identifies the traffic as potentially harmful based on
> a set of signatures (and other correlation data and heuristics)
IDIOTS!!! One of the basic rules of internet security is to enumerate good, *NOT* to enumerate evil. There are new exploits being created all the time. You simply can't keep up with a list of exploits. You're a lot better off deciding what minimal stuff to allow through.
> that are kept up to date on a regular basis.
Oh boy. My ISP's router/modem will come with a 90-day trial subscription to Macafee/Norton/whatever. And when I'm watching a movie on Netflix, or whatever, I'll get get a popup warning me that the free anti-virus subscription expires tomorrow and that I *MUST SIGN UP NOW*. And the router/modem will have a quad-core processor, but still be dog slow, because it'll be continuous ly scanning packets, and looking through a list of a gazillion exploits. And just like craplets on new PCs, it'll be almost impossible to uninstall. Like I said, you'll pry NAT out of my cold dead fingers.
I haven't been a NAT fanboi, but if the internet hippies at IETF get their way, NAT will indeed be the safest way to go.
Howsabout a home server that accepts ssh connections (key-only, no passwords to brute-force). Connect the thermostats to your home box as "the central server", and ssh to your server when you want to do stuff.
> There's also the possibility that some ISPs might end up giving static IP address blocks
> to all customers. Given the HUGE address space they're being assigned, they have
> plenty of addresses available to do that. There's no longer a justification for dynamic
> addresses (reusing oversubscribed addresses).
That was the thinking when the original internet had /8 addresses handed out. Some people never learn. Fercryinoutloud, a /64 is 2^64 addresses. China's current population is approx 1.4 billion. Assume it grows to 4 billion later this century, a /64 would still supply every man/womand/child in China with 4 billion addresses each.
The 2 major types of high-capacity residential internet providers are cablecos and telcos. Cablecos sell cable TV, and own some of the pay-TV channels. Major telcos also own some pay-TV channels and have their own cable-TV equivalant services over IPTV...
* ATT in the US has Uverse
* Verizon in the US has Fios
* Bell Canada has Fibe
There isn't the major congestion they'd like you to believe. It's just that they're scared shitless of competition. If you want to get a movie channel on a cableco/telco, you have to get "basic service", and then some higher tier, and then subscribe to the movie channel. You're easily talking $50 to $80 per month. Meanwhile, Netflix is a fraction of that cost.
In Canada, the major networks provide delayed video streams of most of their shows. I assume that it's the same in the US. If not for ridiculous caps, many cableco/telco customers will "cut the cord" for their TV subscriptions, and watch only what they want over internet, rather than paying for 500 chanells, most of which are crap.
...will be to patent the concept of defeating the tech that stops Iphone from recording video. Licence it for $1,000,000 per day or portion thereof. If you're caught defeating the anti-filming tech, Apple could bankrupt you. Remember also that in a civil lawsuit, they can destroy you financially just by suing you, even if you're eventually found not guilty.
> IIRC there is legislation in the US and elsewhere
> preventing the use of RF blockers in public places.
That is a non-sequitur. Didi you read the post you're replying to? You cannot use a transmitter to jam cellphone frequencies (and there are several bands). But there is no law saying you can't put up a layer of tinfoil or rf-absorbant paint behind the wallpaper. It's called a Faraday Cage. See http://en.wikipedia.org/wiki/Faraday_cage and http://www.theregister.co.uk/2007/03/23/rf_proof_paint/
> One of the biggest news items yet released about
> Windows 8 is that it will be cross-architecture (x86 & ARM)
And you seriously believe that multi-platform support will last longer than NT's support for Intel IA-32, MIPS, and Alpha ?
> This will effectively force ALL programs to be written .NET if they want to reach the full Windows market.
> for
Ever heard of compiling separate binaries for each platform? That's how linux supports multiple hardware platforms.
> "Mozilla Labs has introduced its concept of a
> desktop replacement called Webian Shell. The
> Webian Shell basically consists of a browser which
> will replace the traditional desktop, and web
> applications are given more importance than the
> native applications.
First, Java was going to render the underlying OS irrelavant, running applets on every browser.
Then AOL was going to render the underlying OS irrelavant by expanding Netscape to make it a pseudo-OS. While working on their pseudo-OS, AOL totally ignored Netscape 4.x, and that's when IE walked away with the web.
Here we go again... if I only had several million dollars and a team of programmers at my disposal... sigh.
> no RIAA or MPAA snoops
Wrong; if anything, it'll be easier. Dynamic IP addresses (at least for ADSL) are an address-conservation measure. It's based on the assumption that not every customer is online at the same time. By using dynamic IP addresses, you can get away with fewer of them. This is important in the current environment.
Without the address scarcity to force dynamic IP address usage, an ISP can assign you a fixed /64 under IPV6. It doesn't matter how much you shuffle your address inside that block, every packet you send out will have your prefix. In addition to using using cookies, Google and Adclick/etc can simply aggregate data from every web user. Eventually, somewhere in your web-surfing, you *WILL* give out your realword contact info, and all that web-surfing will be traceable to you. Nothing short of wifi hotspots will provide privacy.
> Why didn't they just add one or 2 more octets to IP4, a-la: a.b.c.d.e.f
> instead of the godawful hexadecimal and colons thing they came up
> with? All existing IP's could then stay the same but just have leading zeros!
Asking this question shows that you do not understand IPV4 and IPV6...
a) IP addresses are *NOT* sent as octects or hex digits. They are clumps of binary bits. Octets and hex digits are simply human-readable representations. IPV6 traffic is a string of binary bits just like IPV4. The *HUMAN READABLE* representation is *DELIBERATELY* different, so that web browsers will know whether you're talking IPV4 or IPV6. E.g. http:/// 192.168.0.1/example.html versus http:/// fc:ab:cd::ef/example.html
b) Backwards compatability is impossible when changing the length of the packets. IPV4 is sent in clumps of 32 bits, IPV6 is sent in clumps of 128 bits. It doesn't matter whether you go to 33 bits, 34, 35, or 128. Every IPV4 router's firmware is *HARD CODED* for 32-bit packets; period; end of story; it's *NOT* compatable; deal with it. Note that I deliberately broke the URLs because Slashdot butchers the IPV6 URL by removing the colon. Yet another IPV6 incompatability.
Given that she was a 6-time karate champion, I don't think Linus would dare. See http://en.wikipedia.org/wiki/Linus_Torvalds#Personal_life