Well, you don't necessarilly need to do bandwidth prioritisation - just queuing prioritisation may be good enough. Although I am in favour of allowing time-critical protocols to work at the expense of other protocols for one simple reason: putting an unprioritised time-critical protocol over a congested connection can make the protocol *completely* useless, whereas dropping the priority on bittorrent just makes it go slightly slower - it still works.
maybe the 'evil bit' was a good idea, after all
Sounds like you're talking about the ToS flags (that have always existed in IPv4), which are a nice idea in principle, but the selfishness of users makes it useless for public networks - there have been a number of P2P clients that have set the low-latency ToS flag in the hope of getting priority treatment - if that traffic really gets prioritised then it would seriously impact all the other traffic.
There may, however, be some merit in paying attention to the ToS flag and heavilly penalising people who abuse it. This could be done by defining a limit to the "low-latency" bandwidth, if the user exceeds that limit (which they would if they were abusing the ToS flags) then penalise them heavilly. Penalties could include dropping the priority of *all* that user's traffic below everyone else's traffic. This would prevent abuse of the ToS flags pay off whilest still allowing users to classify legitimate traffic.
I think non-net-neutrality can be divided into 2 camps: 1. Non-neutral treatment of traffic for quality of service reasons (such as prioritising realtime protocols so they remain useful) - I believe this is good. 2. Non-neutral treatment of traffic for financial/political/contractural reasons (trying to downgrade the competition or extorting money out of a content provider) - this is certainly very bad.
How does this autoconfiguration relate to the DNS? In particular, if I switch providers and my prefix changes, is there some mechanism for changing this in DNS without manually updating a bajillion records?
Ah, well this is a slight sticking point - if you're using AAAA records then I think your option is basically search + replace. The newer A6 style of records separates the prefix and host address into separate records so you should just need to update the prefix in a single record. Unfortunately the A6 records don't appear to be widely supported, and it seems they are widely regarded as a Bad Thing for various reasons (i.e. increased number of lookups, etc.).
some people don't have direct access to their zone files but are instead restricted to managing them through a web UI or similar
This is a reason why I always run my own master DNS server - having direct access to the zonefile makes everything much easier and faster to administer, and you're not stuck behind the limitations of the web interface (what? you want an AAAA record? Sorry, the web interface doesn't know about those... how about SRV, TXT, NSPTR records? no - we only know about A, MX, NS and CNAMES, sorry).
Of course the web interface could do all the search & replace for you, but I can't see many service providers bothering.
Presumably I'd have to get some "real" IPv6 addresses, but I'm not really sure where I'd get them from. Is it even possible to get "real" IPv6 address allocations that would persist should IPv6 catch on? If so, who would I get them from?
You can get global-scope allocations through a few methods:
1. 6-to-4 addresses, which have a network prefix containing your gateway's IPv4 address.
2. A network prefix from a tunnel broker such as sixxs.net or similar
3. A network prefix allocated by the IANA
(1) and (2) will give you a globally unique and routable address now, (3) would technically do the same but you'd have to convince a tunnel broker to route it for you and I'm not sure what IANA's rules are on allocations for small networks.
Of all the methods, (3) is probably the only one that can persist once your ISP starts routing natively, but you'd have to convince the ISP to route it which isn't going to happen with most normal ISPs. However, because IPv6 is largely an auto-configured protocol, changing network prefixes shouldn't be too much effort, so persistence is probably almost a non-issue.
Of course if you're only interested in getting a persistent unique address and not a globally routable one (i.e. you're going to access it over a VPN rather than via the normal public routing) then having an IANA allocation for the network would probably be the way to go since it would be persistent.
Software will largely become a commodity. Software as goods sold will largely die out. Common applications will be free or subsidized by content producers. This is a good thing. The whole bit about Media Player is just stupid.
Whether or not software is sold or is free is almost moot - the thing is that competition in whatever form is good for the end user because it forces the vendors to continue to make the software better.
Internet explorer is a prime example of why we need competition - once Microsoft had taken almost the entire market they completely stopped developing the software and allowed it to stagnate for years. It's only now that there is once again competition forcing them to do some (half arsed) development. Having the most popular web browser stagnate like that makes innovation of the whole web grind to a halt - even if other browsers support lots of shiny new features, the web developers are stuck having to support the ancient browser that has most of the market.
Probably the only exception to this rule are FOSS projects which are driven by the developers' need to do something for their own use rather than to satisfy another end-user and beat the competition. But even here, competing products are good because features often get taken from one product and added to another because they have been shown to be useful.
don't tell them they can't include applications which most people would consider to be basic functionality. You end up lookign like a crackpot when you do.
But including applications with Windows pretty much kills the competing applications stone dead, even if the competing applications are much better (and free). The bundled applcation has to be *really* bad before the majority of users will even look at the competition, let alone install it or pay for it.
Also, what do you consider "basic functionality"? In all these cases, Microsoft has broken into an existing market and demolished it by bundling the software - it wouldn't be so bad if the functionality they were offering was brand new and innovative, but people are already providing it when MS start bundling their own software.
you came up with a better statement than I could have. Or at least, better than I was willing to put time into.
I just got particularly bored on my lunch break:)
I had quite a time getting my SIP ATA set up initially.
I NAT my IPv4 traffic, but run Asterisk on the machine that does the NATting so everything uses Asterisk to route all the calls and this solves most of the problems. But running Asterisk is complex and overkill if you don't want it's extra features (I use it to do my voicemail, etc).
As to IPv6, no, my ISP isn't quite "with it" enough to assign me, a lowly consumer, any addresses. But my gateway router runs a v6 tunnel and radvd, so my entire network is online.
This is what I do too - I have a 6-to-4 gateway running radvd. Sadly Asterisk has yet to get IPv6 support (a real shame since this is the application that could make the best use of it).
Even if the ISPs do all start doing native v6, sadly there are no consumer grade DSL routers that I'm aware of that support IPv6. The closest you'll get is probably a Linksys router running WhiteRussian, and that's beyond most users.
An important thing to remember is that many NATs don't actually do this, and this is one reason why they are no substitute for a real stateful firewall. Because NATs aren't designed with security in mind they often take the easy way out - create an entry in the translation table when *any* outgoing packet is seen, and remove the entry after an idle timeout. This means that they may well reverse-NAT traffic long after a connection has actually ended because they don't track the actual TCP handshake and so don't remove the translation as soon as the connection is torn down.
Oh, another problem with NATs is that they need to understand the protocols involved - fine if you're only using TCP, UDP and ICMP but it can cause real headaches when you start using other protocols such as ESP, AH, SCTP, etc.
My life would be much easier if all hosts had public IP addresses
I'm not sure how much control you have over these networks, but have you considered enabling IPv6 on them so that you can have a globally unique IP for each machine?
When was the last time ANYONE was assigned an IPv6 address?
Umm... I have an IPv6 address...
When was the last time you connected with an IPv6 address on the internet?
I do this very frequently, every day.
True, but that is just one of the many benefits of a NAT router. So you don't need a hardware firewall.
Err... you're advocating buying a device that provides poor security because that means you don't have to buy a device that provides better security? From a cost point of view, what is the difference (infact doing NAT is more complex than just stateful firewalling), either way you're having to buy a router.
So you should get a router (that does those things worse and are harder to configure for the average user) instead?
How is a non-NAT router harder to configure than a NAT router? They are the same thing except the NAT router does a load of translation on top which may need extra configuration.
Also, "open ports" is not wrong at all, it perfectly describes what is happening.
Really it doesn't - on a firewall you can simply "open" a port and thus it allows the traffic through unadulterated. With a NAT you have to provide a mapping to an internal IP address to translate that traffic to. This is more akin to a policy route with some packet rewriting on top than simply opening a port.
if you haven't specifically asked for it (that, set up a server on your computer or requested the traffic by, say, going to a webpage), then no, you shouldn't be able to reach me.
This argument causes problems when making a peer-to-peer connection, such as a VoIP call, between two peers that are both behind NATs. The problem is partially worked around with STUN but it is unreliable. Using SIP as an example, the procedure for setting up a call is roughly: 1. The caller places a call to the callee's SIP server (this server is publically accessible) 2. The callee's SIP server relays the call signalling to the callee over an already established connection. 3. The callee sends a "call answered" response, together with an IP address and port, to the SIP server, which relays it back to the caller over the original connection. 4. The caller sends an IP address and port to the SIP server, which relays it to the callee. 5. Both the callee and the caller start sending the RTP (voice and video) data directly to the IP addresses and ports that their peers sent them.
Now the problem is clear - both peers need to know what source IP address and port their own RTP streams are going to be mapped to by the NAT. There is no way to reliably determine this information. What SIP phones do is contact a STUN server that will make an educated guess, but there really is no way to know for sure until you try and send the RTP traffic and see if it gets to the remote end. As far as the NAT is concerned, neither end has "asked" for the RTP data from the other side because the request was sent over a separate signalling stream that the NAT has no knowledge of.
Also, you need to make sure the STUN server you're using is on the same side of your NAT as the peer you're trying to contact. If you place calls to both phones on your LAN and phones on the internet then you have a real problem here - pretty much the only way to deal with it is to run an application proxy on your NAT router itself, which is certainly overcomplicating things.
it's the results that count.
Yes it is, and the result is on the whole bad - NAT breaks so much stuff it's just not funny.
a decade or so (plenty of time for IPv6 to get started, which will probably take just as long or longer)
IPv6 was "started" many years ago already and is currently in use over large chunks of the Internet. The only thing NAT is doing at the moment is slowing down the adoption of IPv6 by taking pressure off ISPs - there's no reason we can't all jump to using IPv6 tomorrow, the technology is well proven.
First of all it really solves the issue with IP-addresses running low beautifully
Not really - it temporarilly works around the problem and causes an enormous mess at the same time by breaking the peer-to-peer nature of the Internet. To some extent it's prolonged the problem because it has reduced the pressure to take decisive action and switch to IPv6.
it will take an enourmous amount of time before IPv6 is fully implemented
I'm not sure what you mean by "fully implemented" - it's been fully implemented on most operating systems for many years and works fine (I use IPv6 on a daily basis, both on my LAN and across the Internet to public servers). The major sticking point at the moment is a complete lack of native IPv6 support on consumer grade DSL routers, but that aside it works just fine.
Actually since the widespread adoption of NAT routers, it isn't even really a problem anymore!
Completely wrong - even with CIDR and NAT we're still very short of IPv4 addresses and they *will* run out. Predictions vary but generally it seems to be agreed that the unallocated addresses will probably become exhausted some time between 2010 and 2020.
Secondly, it's the most important thing ever to happen to internet security
Again, completely inaccurate - NAT is only very loosely related to security. Simply put, NAT requires some kind of connection tracker to work - you get the same level of security from using a connection tracker that doesn't perform NAT. Infact, many NATs do only the bare essentials of connection tracking and therefore leave some big security holes - you're far better off using a proper stateful firewall. The translation itself should definately not be treated as a security measure. Also, most consumer NATing routers don't block inbound traffic that's addressed directly to the internal IP addresses, so it's possible to circumvent the whole security aspect of it if you have control of the upstream router.
Third, it's also great if you share your internet connection with several other computers (either at home or in a corporate environment). Old style hubs would simply broadcast incoming data to all computers in the local network. NAT doesn't do that, it maps local IPs to ports and only transmits to them.
Well firstly, switches are as cheap as hubs these days so noone has any reason to be using a hub, but in any case you wouldn't use a hub to connect a LAN to the WAN, you'd use a router. No NAT needed here - move along
I'm guessing you are critizing NAT because at one point you wanted to run some software that required you act as a server and you were to dumb to figure out how to open a port?
There are numerous problems with NAT, this isn't simply a case of "opening a port". It completely violates the peer-to-peer principles of the Internet and means software on the local machines must use lots of fun tricks to try and work out what it's external IP address is and what ports the NAT will be mapping it's connections to - this is unreliable and requires external servers (look up STUN for more details). I'm certainly hoping the popularity of true peer-to-peer applications such as VoIP will push IPv6 more into the mainstream.
software is learning how to do it automatically using either UPnP
On the one hand you're promoting NAT for the false sense of security it gives and then you go on to promote the almighty security hole that is UPnP - have you ever thought that maybe allowing random software control over your firewall is a Bad Thing?
that is, the two computers who wishes to talk to eachother connects to a third party server who informs them of the others IP and currently open port, that way the port is already mapped to the correct local IP so the two computers can connect.
I think you are referring to the STUN protocol - you should investigate further, STUN is unreliable b
Ah yes, I've had a number of irate support calls from customers complaining that "I emailed you to ask you to fix my broken Internet connection hours ago and I've still not got a response!"... umm yes, how do you expect the email to get to me if your internet connection is FUBAR?:)
After all, a company that doesn't need to pay the Microsoft tax can invest that money productively
And can also invest it closer to home - Europeans investing money in European produce is better for the European economy than sending all that cash over to the US.
And of course getting rid of patents always helps economy, since it allows improved offerings from 3rd parties and thus encourages competition.
(Assuming we're talking about the West in general, and not just the EU) I'm not an economist, but is this actually true in all cases? I imagine that having a single company bringing in a lot of cash from the whole world is potentially better for the economy that company is based within than having many companies all over the world selling equivalent products for less. Sure, competition is beneficial for the parts of the world where that single company *isn't* based but what about the part of the world where it is based?
So that means that at least in some european countries it is very possible and very legal to use a copy of XP without having to pay for a copy.
Depends on how enforcable the EULA is, since the EULA explicitly disallows this. It could be argued that EULAs are unenforcable (I don't think there have been any court cases in Europe to say either way have there?). Some rights cannot be withdrawn through a contract anyway and the fair usage rights might fall into this category (IANAL).
But their dominance is not good for the market; not just for competitors, but for consumers (which in this case is mainly other businesses outside the computer industry).
In my experience the problem is that the customers don't give a damn about long term effects - they are only interested in the *current* state of affairs.
I.e. customers want lots of software to be bundled because it's easier for them *now*. They also want vendor lockin because they don't have to bother making decisions. Pulling the plug on bundling and lockin actually makes things worse for the current customers so the customers are resistent to action being taken against MS.
I've seen the same thing when talking to people about VoIP - there are plenty of SIP/PSTN gateways around with competetive prices, but people like Skype despite the fact that it locks them into a single vendor and they can't shop around for the best prices. Why? Because shopping around is effort and they can't be bothered.
The problem is that this attitude comes back to bite everyone in the arse a few years later when there is a single dominant company and everyone's locked into using them - at that point the dominant company can do pretty much whatever they want. If someone steps in at any point in the cycle and prevents the bundling and lockin, it *will* get worse for the customers before it can get better - there's just no way around this, and unfortunately many of the customers would prefer everything to get progressively more sucky than put up with a few years of inconvenience before it gets better.
Dunno what UK you've been to, but in my UK we do things the US way. 1,000,000,000 is almost always a billion.
Both systems are frequently used and sometimes it can be downright difficult to work out which one is being used. As usual the Americans have made a mess of things:)
Not really sure what to say at this point, because the Brits are completely screwed up on this, but at least they're consistently inconsistent with the rest of the world.
Maybe the rest of the world is screwed up... AFAIK the British billion predates the American billion which has been adopted worldwide. In any case, the British billion is rarely used in Britain these days.
The US billion tends to fit in with the SI units a bit better anyway: - Kilo == Thousand - Mega == Million - Giga == Billion - Tera == Trillion
Although it does mean you have to remember more names for dealing with increasingly massive numbers.:)
What advantage is there in having FF running when you're asleep?
It means I don't have to bother restarting it when I next want to use it. I use the web frequently enough for it to be worthwhile leaving the browser running on my spare monitor so that it's already there when I next want to use it without having to wait for it to start.
closing your browser every once and a while isn't a kludge.
I'm sorry, that's just plain wrong - requiring the user to work around a bug by frequently shutting down software is a kludge. This really is no different to requiring people to reboot their machines every few days because the operating system is incapable of keeping them running.
try opera or IE7 or something else
Opera's user interface is terrible (IMHO), IE is incompatable with all of my computers, has very poor support for web standards and is terminally insecure.
Well, it might not be a memory leak, but I'd argue that it is a bug. If I leave my FireFox pointing at a auto-refreshing page for a couple of days it *will* OOM my machine. Whether or not that's a memory leak, I'd argue that causing the OOM killer to come out and start blowing away applications is a bug. Now I understand that this memory is supposidly used to cache content to speed up the browsing experience but I'd counter that argument by pointing out that if FireFox is so deep into swap space that it causes my machine to go on holiday for 5 minutes every time I do something because it's thrashing the swap then this isn't speeding up anything.
I've had firefox running for days at a time without seeing anywhere over 100 MB. I rarely ever see it go over 75 MB. Then again, I haven't kept it open for months at a time. Maybe if I did, then I may see problems.
I never close my FireFox unless I absolutely have to. Currently it's using about 281MB:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1934 steve 15 0 281m 94m 8624 S 0.0 12.5 191:18.84 firefox-bin (Yes, I know this includes mmap()ed resources, but I doubt FireFox is mmap()ing much huge stuff).
Then again, its a web browser. You can turn it off once in a while.
That's not really an excuse though is it... Hey, no need to fix memory leaks in Windows, it's only an OS, you can reboot it every so often...:) Shutting stuff down in order to work around a bug is a horrible and very annoying kludge.
For a moment I thought, Franco was in charge again, and the whole internet (P2P!) was illegal.
I'm not sure why this legislation is specifically targetted at P2P... what's more, isn't unauthorised distribution by any means already illegal? Seems the only thing this law does is makes it illegal for the ISP to carry "unauthorised" traffic for P2P protocols (what constitutes a "peer" is an open question). This just means that people will end up encrypting their traffic, which is a Bad Thing for those of us who want ISPs to do traffic fingerprinting for queuing prioritisation.
They can't nail you for copying a CD, or dumping a recording from one medium to another.
Actually that very much depends on what jurisdiction you're in. Here in the UK it is illegal to convert from one format to another. i.e. you're allowed to back up a CD onto another CD for personal use but you can't copy a CD onto tape/Ogg/MP3/whatever because you've changed the format.
Of course this is a law that everyone ignores, but the music industry is on record saying that they expect people to re-buy all their CDs in a format that can be played on an iPod (or similar) since converting them yourself is illegal.
As someone who basically only ever uses CDs and DVDs for backups of _my own data_, I'd like to know if these laws would allow the tax to be claimed back since I am the copyright holder. (Not that the laws affect me since I'm not in Spain but I'm sure it's only a matter of time before some crazies introduce such laws in the UK).
Taxing people because they *might* do something really sucks... Next up, a ram-raid tax on cars, just incase you decide to use your car to commit a robbery. And a murder tax on every kitchen knife just incase you decide to kill someone with it...
Sure. The parent post said "who needs this linux shit". I explained why this hack is useful.
You did? Obviously I'm misreading the thread coz from what I can tell yorugua posted saying "maybe you can do with a wrt54g, but dont be misleaded by the $20 difference: we are talking about whether you want to turn your $80 router into a $400 one or not... as usual, your choice." (i.e. you can't turn the WRT54G v5 into a $400 router.
You replied with: "If you think you can turn any WRT54g into a $400 router, you are dead wrong. Those things are unstable as hell, even with Linux on them." (Oh look, you're confirming the premise that yorugua already made that you can't turn a WRT54G v5 into a $400 router).
Can't see anyone asking "who needs this linux shit" or anywhere where you've explained why this hack is useful. Infact your post seems to indicate that installing Linux on a WRT54G v5 is pointless because it'll be unstable.
If the WRT54G is unstable in it's default configuration, send it back under warranty and buy yourself a WRT54GL.
Crushing someone who calls you a "bad guy" is being the bad guy.
Iraq called the US a "bad guy" and was crused. Iran is calling the US a "bad guy" and is receiving threats. China is calling the US a "bad guy"...
If people call you "the good guy" of their own free will, in a society with a free press and dissent, you can be sure you are the good guy.
Patting yourselves on the back and telling yourselves you're a "good guy" doesn't count - you need to look outside the US for opinion on the US's actions and you will see there is a lot of negative opinion.
China would not be a "good guy", even if (or because they) point a gun at you and say, "Say I'm a good guy!"
Only by your standards. Who's to say your standards are right for everyone else in the world? (Note: I'm not saying China *aren't* bad, I'm just saying that you are looking at it from a single perspective "communism bad, capitalism good". That is a US-centric attitude and most of the rest of the world doesn't see the communism/capitalism divide in such stark contrast.)
People still look to it to do the right thing, and defend freedom
You do realise that with recent laws, the US is probably now one of the least free nations in the west? Sadly Europe is going the same way.
Of course, you are free to say such idiotic things
Assuming that someone's opinions are "idiotic" just because they differ from your own is extremely arrogant.
I wish we were more about forcing freedom on the rest of the world
There is something very oxymoronic about "forcing freedom" upon people. True freedom is anarchy since everyone would be free to ignore the laws and is clearly unacceptable. I'm in favor of freedom - I think nations should be free to run their affairs without the US sticking it's nose in and telling them they're not doing it how the US would like.
If a large group of nations (the UN) decides that one nation has gone off the rails and needs some intervention then that's fair enough. However, this hasn't happened in the case of Iraq where the US just plain ignored the UN and did it's own thing - IMHO that makes the US no better than any other rogue nation. What would be the difference between Iraq bombing the US in order to remove a warmongering head of state compared to what the US has done to Iraq?
And no, while Bush IS an a-hole, he is not a warlord dictator.
I think the jury is still out there I'm afraid.
The US really doesn't want to (and can't) be the world's police force
There is a big difference here: the police force upholds the laws, the US outright ignored the laws when they attacked Iraq in violation of the UN charter. If the police force broke the law in order to do what they personally perceive as "the right thing" then there would be hell to pay.
Some people point to Guantanimo, but I'd MUCH rather spend 10 years in Guantanimo than 5 years in a prison in China or North Korea, or Iran.
Not being as bad as some of the worst "bad guys" does *not* automatically make the US "good guys".
If you really want to point fingers, perhaps you should start looking at who is providing these "bad" countries with nuclear technology or other support.
Both the US and UK have supplied most of the "bad guys" with weapons for long periods of time. (and in many cases put them in power in the first place)
like Australia and the UK (both of which supported the US in Iraq BTW)
The UK *government* supported the US in Iraq despite massive public outcry from the electorate. Current popular opinion suggests that this will be a major factor in the current government's defeat at the next election.
Since we are talking about porn, you are going to get a lot of false positives - after all, there is only so many revealing poses.
Given that these systems are able to pick an individual face from a crowd with good accuracy, they could identify the subjects pictured in the photo by facial features alone. Adding data about whole body positions would just help identifying the specific picture once you had identified the "actors". Also, I imagine that there's a whole lot more personally identifying geometric data that can be collected from an unclothed body than just the face.
you either keep the original images and do fuzzy matching, or this database won't be able to match anything.
I imagine some of the facial recognition techniques could be used. Don't store the image itself, just store the positions of certain features. You can then fuzzy-match to the stored feature shapes.
Slashdot Mirror
I was mostly joking, but not completely.
Well, you don't necessarilly need to do bandwidth prioritisation - just queuing prioritisation may be good enough. Although I am in favour of allowing time-critical protocols to work at the expense of other protocols for one simple reason: putting an unprioritised time-critical protocol over a congested connection can make the protocol *completely* useless, whereas dropping the priority on bittorrent just makes it go slightly slower - it still works.
maybe the 'evil bit' was a good idea, after all
Sounds like you're talking about the ToS flags (that have always existed in IPv4), which are a nice idea in principle, but the selfishness of users makes it useless for public networks - there have been a number of P2P clients that have set the low-latency ToS flag in the hope of getting priority treatment - if that traffic really gets prioritised then it would seriously impact all the other traffic.
There may, however, be some merit in paying attention to the ToS flag and heavilly penalising people who abuse it. This could be done by defining a limit to the "low-latency" bandwidth, if the user exceeds that limit (which they would if they were abusing the ToS flags) then penalise them heavilly. Penalties could include dropping the priority of *all* that user's traffic below everyone else's traffic. This would prevent abuse of the ToS flags pay off whilest still allowing users to classify legitimate traffic.
I think non-net-neutrality can be divided into 2 camps:
1. Non-neutral treatment of traffic for quality of service reasons (such as prioritising realtime protocols so they remain useful) - I believe this is good.
2. Non-neutral treatment of traffic for financial/political/contractural reasons (trying to downgrade the competition or extorting money out of a content provider) - this is certainly very bad.
How does this autoconfiguration relate to the DNS? In particular, if I switch providers and my prefix changes, is there some mechanism for changing this in DNS without manually updating a bajillion records?
Ah, well this is a slight sticking point - if you're using AAAA records then I think your option is basically search + replace. The newer A6 style of records separates the prefix and host address into separate records so you should just need to update the prefix in a single record. Unfortunately the A6 records don't appear to be widely supported, and it seems they are widely regarded as a Bad Thing for various reasons (i.e. increased number of lookups, etc.).
some people don't have direct access to their zone files but are instead restricted to managing them through a web UI or similar
This is a reason why I always run my own master DNS server - having direct access to the zonefile makes everything much easier and faster to administer, and you're not stuck behind the limitations of the web interface (what? you want an AAAA record? Sorry, the web interface doesn't know about those... how about SRV, TXT, NSPTR records? no - we only know about A, MX, NS and CNAMES, sorry).
Of course the web interface could do all the search & replace for you, but I can't see many service providers bothering.
Presumably I'd have to get some "real" IPv6 addresses, but I'm not really sure where I'd get them from. Is it even possible to get "real" IPv6 address allocations that would persist should IPv6 catch on? If so, who would I get them from?
You can get global-scope allocations through a few methods:
1. 6-to-4 addresses, which have a network prefix containing your gateway's IPv4 address.
2. A network prefix from a tunnel broker such as sixxs.net or similar
3. A network prefix allocated by the IANA
(1) and (2) will give you a globally unique and routable address now, (3) would technically do the same but you'd have to convince a tunnel broker to route it for you and I'm not sure what IANA's rules are on allocations for small networks.
Of all the methods, (3) is probably the only one that can persist once your ISP starts routing natively, but you'd have to convince the ISP to route it which isn't going to happen with most normal ISPs. However, because IPv6 is largely an auto-configured protocol, changing network prefixes shouldn't be too much effort, so persistence is probably almost a non-issue.
Of course if you're only interested in getting a persistent unique address and not a globally routable one (i.e. you're going to access it over a VPN rather than via the normal public routing) then having an IANA allocation for the network would probably be the way to go since it would be persistent.
Software will largely become a commodity. Software as goods sold will largely die out. Common applications will be free or subsidized by content producers. This is a good thing. The whole bit about Media Player is just stupid.
Whether or not software is sold or is free is almost moot - the thing is that competition in whatever form is good for the end user because it forces the vendors to continue to make the software better.
Internet explorer is a prime example of why we need competition - once Microsoft had taken almost the entire market they completely stopped developing the software and allowed it to stagnate for years. It's only now that there is once again competition forcing them to do some (half arsed) development. Having the most popular web browser stagnate like that makes innovation of the whole web grind to a halt - even if other browsers support lots of shiny new features, the web developers are stuck having to support the ancient browser that has most of the market.
Probably the only exception to this rule are FOSS projects which are driven by the developers' need to do something for their own use rather than to satisfy another end-user and beat the competition. But even here, competing products are good because features often get taken from one product and added to another because they have been shown to be useful.
don't tell them they can't include applications which most people would consider to be basic functionality. You end up lookign like a crackpot when you do.
But including applications with Windows pretty much kills the competing applications stone dead, even if the competing applications are much better (and free). The bundled applcation has to be *really* bad before the majority of users will even look at the competition, let alone install it or pay for it.
Also, what do you consider "basic functionality"? In all these cases, Microsoft has broken into an existing market and demolished it by bundling the software - it wouldn't be so bad if the functionality they were offering was brand new and innovative, but people are already providing it when MS start bundling their own software.
you came up with a better statement than I could have. Or at least, better than I was willing to put time into.
:)
I just got particularly bored on my lunch break
I had quite a time getting my SIP ATA set up initially.
I NAT my IPv4 traffic, but run Asterisk on the machine that does the NATting so everything uses Asterisk to route all the calls and this solves most of the problems. But running Asterisk is complex and overkill if you don't want it's extra features (I use it to do my voicemail, etc).
As to IPv6, no, my ISP isn't quite "with it" enough to assign me, a lowly consumer, any addresses. But my gateway router runs a v6 tunnel and radvd, so my entire network is online.
This is what I do too - I have a 6-to-4 gateway running radvd. Sadly Asterisk has yet to get IPv6 support (a real shame since this is the application that could make the best use of it).
Even if the ISPs do all start doing native v6, sadly there are no consumer grade DSL routers that I'm aware of that support IPv6. The closest you'll get is probably a Linksys router running WhiteRussian, and that's beyond most users.
A stateful firewall watches for TCP handshakes
An important thing to remember is that many NATs don't actually do this, and this is one reason why they are no substitute for a real stateful firewall. Because NATs aren't designed with security in mind they often take the easy way out - create an entry in the translation table when *any* outgoing packet is seen, and remove the entry after an idle timeout. This means that they may well reverse-NAT traffic long after a connection has actually ended because they don't track the actual TCP handshake and so don't remove the translation as soon as the connection is torn down.
Oh, another problem with NATs is that they need to understand the protocols involved - fine if you're only using TCP, UDP and ICMP but it can cause real headaches when you start using other protocols such as ESP, AH, SCTP, etc.
My life would be much easier if all hosts had public IP addresses
I'm not sure how much control you have over these networks, but have you considered enabling IPv6 on them so that you can have a globally unique IP for each machine?
When was the last time ANYONE was assigned an IPv6 address?
Umm... I have an IPv6 address...
When was the last time you connected with an IPv6 address on the internet?
I do this very frequently, every day.
True, but that is just one of the many benefits of a NAT router. So you don't need a hardware firewall.
Err... you're advocating buying a device that provides poor security because that means you don't have to buy a device that provides better security? From a cost point of view, what is the difference (infact doing NAT is more complex than just stateful firewalling), either way you're having to buy a router.
So you should get a router (that does those things worse and are harder to configure for the average user) instead?
How is a non-NAT router harder to configure than a NAT router? They are the same thing except the NAT router does a load of translation on top which may need extra configuration.
Also, "open ports" is not wrong at all, it perfectly describes what is happening.
Really it doesn't - on a firewall you can simply "open" a port and thus it allows the traffic through unadulterated. With a NAT you have to provide a mapping to an internal IP address to translate that traffic to. This is more akin to a policy route with some packet rewriting on top than simply opening a port.
if you haven't specifically asked for it (that, set up a server on your computer or requested the traffic by, say, going to a webpage), then no, you shouldn't be able to reach me.
This argument causes problems when making a peer-to-peer connection, such as a VoIP call, between two peers that are both behind NATs. The problem is partially worked around with STUN but it is unreliable. Using SIP as an example, the procedure for setting up a call is roughly:
1. The caller places a call to the callee's SIP server (this server is publically accessible)
2. The callee's SIP server relays the call signalling to the callee over an already established connection.
3. The callee sends a "call answered" response, together with an IP address and port, to the SIP server, which relays it back to the caller over the original connection.
4. The caller sends an IP address and port to the SIP server, which relays it to the callee.
5. Both the callee and the caller start sending the RTP (voice and video) data directly to the IP addresses and ports that their peers sent them.
Now the problem is clear - both peers need to know what source IP address and port their own RTP streams are going to be mapped to by the NAT. There is no way to reliably determine this information. What SIP phones do is contact a STUN server that will make an educated guess, but there really is no way to know for sure until you try and send the RTP traffic and see if it gets to the remote end. As far as the NAT is concerned, neither end has "asked" for the RTP data from the other side because the request was sent over a separate signalling stream that the NAT has no knowledge of.
Also, you need to make sure the STUN server you're using is on the same side of your NAT as the peer you're trying to contact. If you place calls to both phones on your LAN and phones on the internet then you have a real problem here - pretty much the only way to deal with it is to run an application proxy on your NAT router itself, which is certainly overcomplicating things.
it's the results that count.
Yes it is, and the result is on the whole bad - NAT breaks so much stuff it's just not funny.
a decade or so (plenty of time for IPv6 to get started, which will probably take just as long or longer)
IPv6 was "started" many years ago already and is currently in use over large chunks of the Internet. The only thing NAT is doing at the moment is slowing down the adoption of IPv6 by taking pressure off ISPs - there's no reason we can't all jump to using IPv6 tomorrow, the technology is well proven.
Looking ove
NAT is a wonderful technology.
You're crazy, right?
First of all it really solves the issue with IP-addresses running low beautifully
Not really - it temporarilly works around the problem and causes an enormous mess at the same time by breaking the peer-to-peer nature of the Internet. To some extent it's prolonged the problem because it has reduced the pressure to take decisive action and switch to IPv6.
it will take an enourmous amount of time before IPv6 is fully implemented
I'm not sure what you mean by "fully implemented" - it's been fully implemented on most operating systems for many years and works fine (I use IPv6 on a daily basis, both on my LAN and across the Internet to public servers). The major sticking point at the moment is a complete lack of native IPv6 support on consumer grade DSL routers, but that aside it works just fine.
Actually since the widespread adoption of NAT routers, it isn't even really a problem anymore!
Completely wrong - even with CIDR and NAT we're still very short of IPv4 addresses and they *will* run out. Predictions vary but generally it seems to be agreed that the unallocated addresses will probably become exhausted some time between 2010 and 2020.
Secondly, it's the most important thing ever to happen to internet security
Again, completely inaccurate - NAT is only very loosely related to security. Simply put, NAT requires some kind of connection tracker to work - you get the same level of security from using a connection tracker that doesn't perform NAT. Infact, many NATs do only the bare essentials of connection tracking and therefore leave some big security holes - you're far better off using a proper stateful firewall. The translation itself should definately not be treated as a security measure. Also, most consumer NATing routers don't block inbound traffic that's addressed directly to the internal IP addresses, so it's possible to circumvent the whole security aspect of it if you have control of the upstream router.
Third, it's also great if you share your internet connection with several other computers (either at home or in a corporate environment). Old style hubs would simply broadcast incoming data to all computers in the local network. NAT doesn't do that, it maps local IPs to ports and only transmits to them.
Well firstly, switches are as cheap as hubs these days so noone has any reason to be using a hub, but in any case you wouldn't use a hub to connect a LAN to the WAN, you'd use a router. No NAT needed here - move along
I'm guessing you are critizing NAT because at one point you wanted to run some software that required you act as a server and you were to dumb to figure out how to open a port?
There are numerous problems with NAT, this isn't simply a case of "opening a port". It completely violates the peer-to-peer principles of the Internet and means software on the local machines must use lots of fun tricks to try and work out what it's external IP address is and what ports the NAT will be mapping it's connections to - this is unreliable and requires external servers (look up STUN for more details). I'm certainly hoping the popularity of true peer-to-peer applications such as VoIP will push IPv6 more into the mainstream.
software is learning how to do it automatically using either UPnP
On the one hand you're promoting NAT for the false sense of security it gives and then you go on to promote the almighty security hole that is UPnP - have you ever thought that maybe allowing random software control over your firewall is a Bad Thing?
that is, the two computers who wishes to talk to eachother connects to a third party server who informs them of the others IP and currently open port, that way the port is already mapped to the correct local IP so the two computers can connect.
I think you are referring to the STUN protocol - you should investigate further, STUN is unreliable b
Ah yes, I've had a number of irate support calls from customers complaining that "I emailed you to ask you to fix my broken Internet connection hours ago and I've still not got a response!"... umm yes, how do you expect the email to get to me if your internet connection is FUBAR? :)
After all, a company that doesn't need to pay the Microsoft tax can invest that money productively
And can also invest it closer to home - Europeans investing money in European produce is better for the European economy than sending all that cash over to the US.
And of course getting rid of patents always helps economy, since it allows improved offerings from 3rd parties and thus encourages competition.
(Assuming we're talking about the West in general, and not just the EU) I'm not an economist, but is this actually true in all cases? I imagine that having a single company bringing in a lot of cash from the whole world is potentially better for the economy that company is based within than having many companies all over the world selling equivalent products for less. Sure, competition is beneficial for the parts of the world where that single company *isn't* based but what about the part of the world where it is based?
So that means that at least in some european countries it is very possible and very legal to use a copy of XP without having to pay for a copy.
Depends on how enforcable the EULA is, since the EULA explicitly disallows this. It could be argued that EULAs are unenforcable (I don't think there have been any court cases in Europe to say either way have there?). Some rights cannot be withdrawn through a contract anyway and the fair usage rights might fall into this category (IANAL).
But their dominance is not good for the market; not just for competitors, but for consumers (which in this case is mainly other businesses outside the computer industry).
In my experience the problem is that the customers don't give a damn about long term effects - they are only interested in the *current* state of affairs.
I.e. customers want lots of software to be bundled because it's easier for them *now*. They also want vendor lockin because they don't have to bother making decisions. Pulling the plug on bundling and lockin actually makes things worse for the current customers so the customers are resistent to action being taken against MS.
I've seen the same thing when talking to people about VoIP - there are plenty of SIP/PSTN gateways around with competetive prices, but people like Skype despite the fact that it locks them into a single vendor and they can't shop around for the best prices. Why? Because shopping around is effort and they can't be bothered.
The problem is that this attitude comes back to bite everyone in the arse a few years later when there is a single dominant company and everyone's locked into using them - at that point the dominant company can do pretty much whatever they want. If someone steps in at any point in the cycle and prevents the bundling and lockin, it *will* get worse for the customers before it can get better - there's just no way around this, and unfortunately many of the customers would prefer everything to get progressively more sucky than put up with a few years of inconvenience before it gets better.
Dunno what UK you've been to, but in my UK we do things the US way. 1,000,000,000 is almost always a billion.
:)
Both systems are frequently used and sometimes it can be downright difficult to work out which one is being used. As usual the Americans have made a mess of things
Not really sure what to say at this point, because the Brits are completely screwed up on this, but at least they're consistently inconsistent with the rest of the world.
:)
Maybe the rest of the world is screwed up... AFAIK the British billion predates the American billion which has been adopted worldwide. In any case, the British billion is rarely used in Britain these days.
The US billion tends to fit in with the SI units a bit better anyway:
- Kilo == Thousand
- Mega == Million
- Giga == Billion
- Tera == Trillion
Although it does mean you have to remember more names for dealing with increasingly massive numbers.
Try Safari. Lean, mean, beautiful, elegant, and... ...Incompatable with all my computers.
What advantage is there in having FF running when you're asleep?
It means I don't have to bother restarting it when I next want to use it. I use the web frequently enough for it to be worthwhile leaving the browser running on my spare monitor so that it's already there when I next want to use it without having to wait for it to start.
closing your browser every once and a while isn't a kludge.
I'm sorry, that's just plain wrong - requiring the user to work around a bug by frequently shutting down software is a kludge. This really is no different to requiring people to reboot their machines every few days because the operating system is incapable of keeping them running.
try opera or IE7 or something else
Opera's user interface is terrible (IMHO), IE is incompatable with all of my computers, has very poor support for web standards and is terminally insecure.
This isn't a bug, and isn't a memory leak.
:) Shutting stuff down in order to work around a bug is a horrible and very annoying kludge.
Well, it might not be a memory leak, but I'd argue that it is a bug. If I leave my FireFox pointing at a auto-refreshing page for a couple of days it *will* OOM my machine. Whether or not that's a memory leak, I'd argue that causing the OOM killer to come out and start blowing away applications is a bug. Now I understand that this memory is supposidly used to cache content to speed up the browsing experience but I'd counter that argument by pointing out that if FireFox is so deep into swap space that it causes my machine to go on holiday for 5 minutes every time I do something because it's thrashing the swap then this isn't speeding up anything.
I've had firefox running for days at a time without seeing anywhere over 100 MB. I rarely ever see it go over 75 MB. Then again, I haven't kept it open for months at a time. Maybe if I did, then I may see problems.
I never close my FireFox unless I absolutely have to. Currently it's using about 281MB:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1934 steve 15 0 281m 94m 8624 S 0.0 12.5 191:18.84 firefox-bin
(Yes, I know this includes mmap()ed resources, but I doubt FireFox is mmap()ing much huge stuff).
Then again, its a web browser. You can turn it off once in a while.
That's not really an excuse though is it... Hey, no need to fix memory leaks in Windows, it's only an OS, you can reboot it every so often...
For a moment I thought, Franco was in charge again, and the whole internet (P2P!) was illegal.
I'm not sure why this legislation is specifically targetted at P2P... what's more, isn't unauthorised distribution by any means already illegal? Seems the only thing this law does is makes it illegal for the ISP to carry "unauthorised" traffic for P2P protocols (what constitutes a "peer" is an open question). This just means that people will end up encrypting their traffic, which is a Bad Thing for those of us who want ISPs to do traffic fingerprinting for queuing prioritisation.
They can't nail you for copying a CD, or dumping a recording from one medium to another.
Actually that very much depends on what jurisdiction you're in. Here in the UK it is illegal to convert from one format to another. i.e. you're allowed to back up a CD onto another CD for personal use but you can't copy a CD onto tape/Ogg/MP3/whatever because you've changed the format.
Of course this is a law that everyone ignores, but the music industry is on record saying that they expect people to re-buy all their CDs in a format that can be played on an iPod (or similar) since converting them yourself is illegal.
As someone who basically only ever uses CDs and DVDs for backups of _my own data_, I'd like to know if these laws would allow the tax to be claimed back since I am the copyright holder. (Not that the laws affect me since I'm not in Spain but I'm sure it's only a matter of time before some crazies introduce such laws in the UK).
Taxing people because they *might* do something really sucks... Next up, a ram-raid tax on cars, just incase you decide to use your car to commit a robbery. And a murder tax on every kitchen knife just incase you decide to kill someone with it...
Sure. The parent post said "who needs this linux shit". I explained why this hack is useful.
You did? Obviously I'm misreading the thread coz from what I can tell yorugua posted saying "maybe you can do with a wrt54g, but dont be misleaded by the $20 difference: we are talking about whether you want to turn your $80 router into a $400 one or not... as usual, your choice." (i.e. you can't turn the WRT54G v5 into a $400 router.
You replied with: "If you think you can turn any WRT54g into a $400 router, you are dead wrong. Those things are unstable as hell, even with Linux on them." (Oh look, you're confirming the premise that yorugua already made that you can't turn a WRT54G v5 into a $400 router).
Can't see anyone asking "who needs this linux shit" or anywhere where you've explained why this hack is useful. Infact your post seems to indicate that installing Linux on a WRT54G v5 is pointless because it'll be unstable.
If the WRT54G is unstable in it's default configuration, send it back under warranty and buy yourself a WRT54GL.
Crushing someone who calls you a "bad guy" is being the bad guy.
Iraq called the US a "bad guy" and was crused.
Iran is calling the US a "bad guy" and is receiving threats.
China is calling the US a "bad guy"...
If people call you "the good guy" of their own free will, in a society with a free press and dissent, you can be sure you are the good guy.
Patting yourselves on the back and telling yourselves you're a "good guy" doesn't count - you need to look outside the US for opinion on the US's actions and you will see there is a lot of negative opinion.
China would not be a "good guy", even if (or because they) point a gun at you and say, "Say I'm a good guy!"
Only by your standards. Who's to say your standards are right for everyone else in the world?
(Note: I'm not saying China *aren't* bad, I'm just saying that you are looking at it from a single perspective "communism bad, capitalism good". That is a US-centric attitude and most of the rest of the world doesn't see the communism/capitalism divide in such stark contrast.)
People still look to it to do the right thing, and defend freedom
You do realise that with recent laws, the US is probably now one of the least free nations in the west? Sadly Europe is going the same way.
Of course, you are free to say such idiotic things
Assuming that someone's opinions are "idiotic" just because they differ from your own is extremely arrogant.
I wish we were more about forcing freedom on the rest of the world
There is something very oxymoronic about "forcing freedom" upon people. True freedom is anarchy since everyone would be free to ignore the laws and is clearly unacceptable. I'm in favor of freedom - I think nations should be free to run their affairs without the US sticking it's nose in and telling them they're not doing it how the US would like.
If a large group of nations (the UN) decides that one nation has gone off the rails and needs some intervention then that's fair enough. However, this hasn't happened in the case of Iraq where the US just plain ignored the UN and did it's own thing - IMHO that makes the US no better than any other rogue nation. What would be the difference between Iraq bombing the US in order to remove a warmongering head of state compared to what the US has done to Iraq?
And no, while Bush IS an a-hole, he is not a warlord dictator.
I think the jury is still out there I'm afraid.
The US really doesn't want to (and can't) be the world's police force
There is a big difference here: the police force upholds the laws, the US outright ignored the laws when they attacked Iraq in violation of the UN charter. If the police force broke the law in order to do what they personally perceive as "the right thing" then there would be hell to pay.
Some people point to Guantanimo, but I'd MUCH rather spend 10 years in Guantanimo than 5 years in a prison in China or North Korea, or Iran.
Not being as bad as some of the worst "bad guys" does *not* automatically make the US "good guys".
If you really want to point fingers, perhaps you should start looking at who is providing these "bad" countries with nuclear technology or other support.
Both the US and UK have supplied most of the "bad guys" with weapons for long periods of time. (and in many cases put them in power in the first place)
like Australia and the UK (both of which supported the US in Iraq BTW)
The UK *government* supported the US in Iraq despite massive public outcry from the electorate. Current popular opinion suggests that this will be a major factor in the current government's defeat at the next election.
Read the parent post, you fucktard.
Errm, care to elaborate on this very insightful comment?
Since we are talking about porn, you are going to get a lot of false positives - after all, there is only so many revealing poses.
Given that these systems are able to pick an individual face from a crowd with good accuracy, they could identify the subjects pictured in the photo by facial features alone. Adding data about whole body positions would just help identifying the specific picture once you had identified the "actors". Also, I imagine that there's a whole lot more personally identifying geometric data that can be collected from an unclothed body than just the face.
you either keep the original images and do fuzzy matching, or this database won't be able to match anything.
I imagine some of the facial recognition techniques could be used. Don't store the image itself, just store the positions of certain features. You can then fuzzy-match to the stored feature shapes.