From what I understand (I'm Australian, so I could be way off base), the SEC in the US require that if a private company has more than a 1000 or maybe 10 000 shareholders, they have to publicly report their financials.
For some reason, floating the company, which also has that reporting requirement, is preferable.
I don't think Google are floating to raise capital, which was the original reason to float a company.
Microsoft didn't float to raise capital either. The problem they had, which is why they were forced to float, was an informal "stock market" sprung up within the company. This is either illegal or frowned upon by the US business regulators.
How about this : OpenVPN over UDP port 53 ie. DNS
on
Network Attacks Via DNS
·
· Score: 5, Interesting
Thought of this almost two years ago. Run OpenVPN over UDP port 53. I figure a fair number of firewalls may not analyse UDP DNS traffic to see if it actually is UDP DNS traffic. Haven't had a chance to try it out though.
Thinking big picture, you realise that once opportunistic IPsec becomes available, and with IPv6 it will be, any device in the network trying to interpret traffic, such as firewalls and proxy servers, will become just about useless.
Sounds like you organisation could really benefit from this feature. It also sounds like it would save you money. So why not use some of the potentical money savings, and offer to pay one of the Linux file system developers to develop it for you.
It sounds like you've benefited from the Linux development community, why not, by paying for further development of one of the existing file systems, recipricate.
If the emails themselves are authenticated, the MTAs just become a delivery mechanism (which is actually what they really are today anyway). Which MTA delivers the authenticated email doesn't matter, and therefore MTA authentication doesn't matter.
Authenticating emails would ensure you absolutely known the sender. A spammer wouldn't be anonymous anymore. Once they aren't anonymous anymore, anti-SPAM laws would be very effective at reducing or preventing spam.
Deploying an authentication system with 100% coverage of the Internet population is the problem with this anti-spam solution.
but I was not a Communist so I did not speak out. Then they came for the Socialists and the Trade Unionists, but I was neither, so I did not speak out. Then they came for the Jews, but I was not a Jew so I did not speak out. And when they came for me, there was no one left to speak out for me."
Maybe you guys in the US need to start speaking out, as your government seems to be taking away your rights in the same manner. Eventually you won't have any left.
Parent not informed unfortunately
on
Ethernet at 10 Gbps
·
· Score: 2, Informative
Today's "ethernet" doesn't have limitations - it is really only referring to a frame format.
The distance limitations were initially related to running ethernet in half duplex mode, due to the requirement for all devices to be able to detect a collision.
Now that ethernet is run in full duplex the distance limitations due to collision detection have gone.
Distance limitations in "ethernet" are now related to physical media the ethernet frame format is carried over at the specified clock rate. In most cases, cost is providing a constraint, in the sense that longer distances can sometimes be achieved over the same media, however the costs to do so rise dramatically, such that the technology might be priced out of the market it is intended for.
For example, from memory, Cisco have been selling a variant of 1Gbps Ethernet for at least four years now called "1000BaseZX". It would reach around 90 000 metres over single mode fiber. From memory though, the GBICs (Gigabit Interface Converters) were $12 000 US each or something like that, and you needed one per end of the link. And that would be really, really, really cheap when compared with the cost of the 90 000 metres of single mode fibre.
I don't know if the article mentions any distances for 10Gbps, at the moment it has been slashdotted to death.
I'm tempted to answer your points directly, however, I think it would be better to spend my time pointing you towards the following documents, which, firstly, describe the Internet architecture, and why it was designed the way it is, and secondly, describe how NAT / overlapping address spaces break the architecture. I don't think a debate on NAT can take place until both the design of the Internet and how NAT breaks that design are understood.
RFC 1631 - The IP Network Address Translator (NAT) - even the original NAT RFC suggests limitations - from section 4. "Conclusions" - "NAT may be a good short term solution to the address depletion and
scaling problems. This is because it requires very few changes and
can be installed incrementally. NAT has several negative
characteristics that make it inappropriate as a long term solution,
and may make it inappropriate even as a short term solution. Only
implementation and experimentation will determine its
appropriateness."
Deprecating Site Local Addresses - an IPv6 oriented document, discussing "site local" addresses, and the problems they cause. They are the equivalent of IPv4 RFC1918 addresses eg. Network 10. The same problems it discusses also occur with RFC1918 addresses.
The Middleware Dilemma - NAT is a form of middleware, as it does more than just forward IP packets - it maintains state within the network (see RFC1958 for why maintaining state in the network is a problem).
Once you've read through these documents, at least to the point of having a basic understanding of them, go through the comment I'm responding to, and look for ways as to how some of your solutions can be better and much more simply achieved via public addressing and the removal of NAT.
Assigning each device a unique, public IP address would work even better, and would be far, far simpler, as that is the way things were originally designed in the first place.
I just can't understand how people seem to be fixated on comming up with a more and more complex solution to work around NAT's limitations, when removing the limitations that NAT imposes, by removing NAT itself, would achieve the same functionality without all the added complexity. As they say, "Complexity is the enermy."
Actually I can understand it, a lot of technical people love complex, technical solutions, irrespective of whether they are the best and simplest way to achieve the intended outcome.
I've come to the conclusion that most people who like NAT actually really just like the idea of regularly playing with the settings of their NAT device to just get simple things to work. They love to fiddle, rather than have a solution that just works, with the barest minimum of effort.
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
I think this is practical. Just like a regular firewall is practical. (Might as well make this thing a proper full blown hardware firewall)
I think you may be over estimating people if you think firewalls are practical for the majority of users on the Internet. They haven't worked out how to keep their systems patched yet, (using basic, automated patch installers) and you think they understand UDP/TCP/IP/ICMP well enough to configure a firewall properly ?
The "so-called" advantage of NAT is that on a home router, you plug it in, switch it on an you are magically "secure". Sadly, that's all people want to do, and that is usually what they do. They don't want to learn what this NAT thing is, and they don't want to have to configure it. Same with a firewall. All they want is access to the Internet, and if they can view a web page, they consider they've achieved that, and don't want to spend any more effort on doing it "properly".
We might be able to do something like "reverse firewalls" once the majority of the VCRs in the world have stopped blinking "12:00". That would show a dramatic improvement in the technical competence of the general public.
Even my home network could be described as peer to peer as I have no server for 4 client machines.
Its interesting you say that. Client / Server is really only defined at the transport layer or layer 4, and here is why:
Ethernet is a peer-to-peer protocol - a device sending or receiving an ethernet frame is no different from any other, which makes it a peer
IP is (or was designed to be) a peer-to-peer protocol - a device sending or receiving an IP packet is no different from any other, which makes it a peer.
What makes a particular device a "client" or a "server" ? Only the applications running on it, and where it matters in the context of TCP/IP is either the UDP or TCP ports the applications are using.
However, even that doesn't really work. What if you are configuring a "web server". To test it out, you fire up a web browser on the same box. Now the box is running both the web server and web client, so is it stil a "server", or is a "client", or is it both a client and a server ?
A point about why I clarified IP as being designed, but not necessarily a peer to peer protocol - NAT. NAT breaks the "equally a sender or receiver" property of IP. This property is one of the ones that have made the Internet what it is today - if you had an IP connection, and an IP address, you used to be able run up a web server, irrespective of any up stream devices. In other words, you were in complete control of the decision to make available a service to the network.
With deployment of NAT, you don't have as much, and depending on your environment, a lot less flexibility in making that "service providing" decision. Groups like RIAA and MPAA are quite happy with this, as they want a "broadcast" only style network, where home users can't deploy their own, possibly competing, services. NAT is the technology that will facilitate that.
There are a lot of other technology limitations that NAT causes, which are fundamentally side effects of violating the "equally a sender or a receiver" property of IP. Here is Keith Moore's list - Things that NATs break
Unfortunately, your provider is being stingy
on
IPv6 is Here
·
· Score: 1
The recommendation, for all users of IPv6, including home users, is a/48. Fortunately, they've given you enough address space to get around their stingyness. You'd be stuck if they'd given you a/128.
and kids probably don't have to go to the library to read one...
(Well, I'm assuming that commonly available dictionaries aren't censored in the US - they aren't in Australia. We were looking up dictionary definitons of "swear" words in primary school.)
(1) Aluminium suffers from "sag" in the sense that aluminium has no natural "spring" in it, unlike steel. An aluminium frame, during use, is always slowly warping out of shape. Steel doesn't have that problem, obviously it is a lot heavier though. Carbon fibre doesn't have that problem, although, as you know, it is quite a lot more expenseive.
Because of this, one of the cycling books I've got (The Lance Armstrong Training Guide or something like that), says that an aluminium frame will only last 5 years, where as a carbon fibre frame will last 10. Obviously it depends on use, admittedly I'm not sure if that time frame involves a Lance Armstrong training schedule.
So, if your 5200 didn't cost twice as much as a 2300, there are economic reasons to get carbon fibre.
and
(2) An expensive bike is far cheaper to get than an expensive car - your whole bike probably cost the equivalent of just a replacement door for a middle of the line BMW or Mercedes Benz. Of course, a door of a car isn't much use without the rest of the car.
Now, if only I could find the money to buy a 5200 (or a 2300 at the moment, I wouldn't care that much).
They are under no obligation to give you any sort of instruction manual with it.
I completely agree.
My motives for wanting these vendors to publish programming information are partly selfish, and partly altruistic.
My selfish reason is that I'd like to have available latest performance graphics hardware, with high quality open source drivers. In particular, this will ensure that bugs in the driver will never outlast the hardware, as with open source code, bugs can be fixed by anybody, even if the vendor isn't interested. Publishing programming information is the first requirement for open source drivers.
My altruistic reason is that these binary modules can cause instability and security problems under Linux. Less knowledgable people may think less of Linux, which of course it wouldn't deserve. Those people may abandon something they may greatly benefit from, based on a false impression.
So why do so many vendors not have a problem releasing source code or programming guides ?
If you run Linux, have a look in the "drivers" directory of the kernel source code. Each and every.c file under that directory is a result of vendors realising that they make money off of designing and making hardware. Publishing open programming information can only increase their hardware sales.
Anyway, back to the real issue. Do you agree with what StorageTek are doing ? If you don't, why not, based on what you've said endorsing other vendors doing the same sort of thing ie. hiding information from legitimate owners of the vendor's hardware ?
No, they wont, as it cost them millions of dollars to create.
You seem to have missed the whole point of owning something. Once you do, you should be able to do with it what you want, irrespective of whether they spent $1 or $100 Billion dollars developing it.
Your argument equally applies to what StorageTek are doing, and to me, that suggests you agree with them. Do you ?
Having a go at companies for not releasing their intellectual property they spent millions on to the general public for free is incredibly naive.
I'm not asking them to release intellectual property. I'm asking them to let me know how to get the device to do what it was designed for - draw dots on the screen. They can embed all the intellectual property they want inside the chipset or firmware. I'm not asking them to disclose it in any way (note that if they were smart, they would patent it, and have a government monopoly on it for at least 17 years, rather than trusting it to be kept secret). All they need to do is just publish how to get the card to execute it.
How would you like to buy a car, jump in, find that it doesn't work like a normal car, turn around to the sales guy and say "how do I switch it on?", and have him turn around and say, "I'm sorry, can't tell you that, you'll have to use one of our specially certified drivers". That raises two questions - (1) what if you've proven to be a better driver than theirs (say you drive a Formula 1 race car), and (2) why would you want to have somebody else drive your car anyway, when you are perfectly capable of doing it yourself ?
Slashdot Mirror
From what I understand (I'm Australian, so I could be way off base), the SEC in the US require that if a private company has more than a 1000 or maybe 10 000 shareholders, they have to publicly report their financials.
For some reason, floating the company, which also has that reporting requirement, is preferable.
I don't think Google are floating to raise capital, which was the original reason to float a company.
Microsoft didn't float to raise capital either. The problem they had, which is why they were forced to float, was an informal "stock market" sprung up within the company. This is either illegal or frowned upon by the US business regulators.
Thought of this almost two years ago. Run OpenVPN over UDP port 53. I figure a fair number of firewalls may not analyse UDP DNS traffic to see if it actually is UDP DNS traffic. Haven't had a chance to try it out though.
Thinking big picture, you realise that once opportunistic IPsec becomes available, and with IPv6 it will be, any device in the network trying to interpret traffic, such as firewalls and proxy servers, will become just about useless.
Advanced Linux Sound Architecture Project
Sounds like you organisation could really benefit from this feature. It also sounds like it would save you money. So why not use some of the potentical money savings, and offer to pay one of the Linux file system developers to develop it for you.
It sounds like you've benefited from the Linux development community, why not, by paying for further development of one of the existing file systems, recipricate.
if the emails themselves were authenticated.
If the emails themselves are authenticated, the MTAs just become a delivery mechanism (which is actually what they really are today anyway). Which MTA delivers the authenticated email doesn't matter, and therefore MTA authentication doesn't matter.
Authenticating emails would ensure you absolutely known the sender. A spammer wouldn't be anonymous anymore. Once they aren't anonymous anymore, anti-SPAM laws would be very effective at reducing or preventing spam.
Deploying an authentication system with 100% coverage of the Internet population is the problem with this anti-spam solution.
he hasn't aged well.
but I was not a Communist so I did not speak out. Then they came for the Socialists and the Trade Unionists, but I was neither, so I did not speak out. Then they came for the Jews, but I was not a Jew so I did not speak out. And when they came for me, there was no one left to speak out for me."
The Failure to Speak Up Against the Nazis - Martin Niemoeller
Maybe you guys in the US need to start speaking out, as your government seems to be taking away your rights in the same manner. Eventually you won't have any left.
Today's "ethernet" doesn't have limitations - it is really only referring to a frame format.
The distance limitations were initially related to running ethernet in half duplex mode, due to the requirement for all devices to be able to detect a collision.
Now that ethernet is run in full duplex the distance limitations due to collision detection have gone.
Distance limitations in "ethernet" are now related to physical media the ethernet frame format is carried over at the specified clock rate. In most cases, cost is providing a constraint, in the sense that longer distances can sometimes be achieved over the same media, however the costs to do so rise dramatically, such that the technology might be priced out of the market it is intended for.
For example, from memory, Cisco have been selling a variant of 1Gbps Ethernet for at least four years now called "1000BaseZX". It would reach around 90 000 metres over single mode fiber. From memory though, the GBICs (Gigabit Interface Converters) were $12 000 US each or something like that, and you needed one per end of the link. And that would be really, really, really cheap when compared with the cost of the 90 000 metres of single mode fibre.
I don't know if the article mentions any distances for 10Gbps, at the moment it has been slashdotted to death.
I'm tempted to answer your points directly, however, I think it would be better to spend my time pointing you towards the following documents, which, firstly, describe the Internet architecture, and why it was designed the way it is, and secondly, describe how NAT / overlapping address spaces break the architecture. I don't think a debate on NAT can take place until both the design of the Internet and how NAT breaks that design are understood.
Once you've read through these documents, at least to the point of having a basic understanding of them, go through the comment I'm responding to, and look for ways as to how some of your solutions can be better and much more simply achieved via public addressing and the removal of NAT.
See, I told you it would be easy!
I hope your joking. In case you aren't.
Assigning each device a unique, public IP address would work even better, and would be far, far simpler, as that is the way things were originally designed in the first place.
I just can't understand how people seem to be fixated on comming up with a more and more complex solution to work around NAT's limitations, when removing the limitations that NAT imposes, by removing NAT itself, would achieve the same functionality without all the added complexity. As they say, "Complexity is the enermy."
Actually I can understand it, a lot of technical people love complex, technical solutions, irrespective of whether they are the best and simplest way to achieve the intended outcome.
I've come to the conclusion that most people who like NAT actually really just like the idea of regularly playing with the settings of their NAT device to just get simple things to work. They love to fiddle, rather than have a solution that just works, with the barest minimum of effort.
C'mon John, I'm sure you can meet the technical challenge! Take pity on all those people with 486s !
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical I think this is practical. Just like a regular firewall is practical. (Might as well make this thing a proper full blown hardware firewall)
I think you may be over estimating people if you think firewalls are practical for the majority of users on the Internet. They haven't worked out how to keep their systems patched yet, (using basic, automated patch installers) and you think they understand UDP/TCP/IP/ICMP well enough to configure a firewall properly ?
The "so-called" advantage of NAT is that on a home router, you plug it in, switch it on an you are magically "secure". Sadly, that's all people want to do, and that is usually what they do. They don't want to learn what this NAT thing is, and they don't want to have to configure it. Same with a firewall. All they want is access to the Internet, and if they can view a web page, they consider they've achieved that, and don't want to spend any more effort on doing it "properly".
We might be able to do something like "reverse firewalls" once the majority of the VCRs in the world have stopped blinking "12:00". That would show a dramatic improvement in the technical competence of the general public.
I'd recommend not holding your breath ...
Even my home network could be described as peer to peer as I have no server for 4 client machines.
Its interesting you say that. Client / Server is really only defined at the transport layer or layer 4, and here is why :
What makes a particular device a "client" or a "server" ? Only the applications running on it, and where it matters in the context of TCP/IP is either the UDP or TCP ports the applications are using.
However, even that doesn't really work. What if you are configuring a "web server". To test it out, you fire up a web browser on the same box. Now the box is running both the web server and web client, so is it stil a "server", or is a "client", or is it both a client and a server ?
A point about why I clarified IP as being designed, but not necessarily a peer to peer protocol - NAT. NAT breaks the "equally a sender or receiver" property of IP. This property is one of the ones that have made the Internet what it is today - if you had an IP connection, and an IP address, you used to be able run up a web server, irrespective of any up stream devices. In other words, you were in complete control of the decision to make available a service to the network.
With deployment of NAT, you don't have as much, and depending on your environment, a lot less flexibility in making that "service providing" decision. Groups like RIAA and MPAA are quite happy with this, as they want a "broadcast" only style network, where home users can't deploy their own, possibly competing, services. NAT is the technology that will facilitate that.
There are a lot of other technology limitations that NAT causes, which are fundamentally side effects of violating the "equally a sender or a receiver" property of IP. Here is Keith Moore's list - Things that NATs break
The recommendation, for all users of IPv6, including home users, is a /48. Fortunately, they've given you enough address space to get around their stingyness. You'd be stuck if they'd given you a /128.
RFC 3177 - IAB/IESG Recommendations on IPv6 Address Allocations to Sites
Read the book "Maverick" by Ricardo Sembler. Reviews of managers by their underlings is something they implemented many, many years ago.
Just programming specifications, the community will do the rest.
Lots of free porn there ...
I like it :-)
and kids probably don't have to go to the library to read one...
(Well, I'm assuming that commonly available dictionaries aren't censored in the US - they aren't in Australia. We were looking up dictionary definitons of "swear" words in primary school.)
Two further ways of justifying your purchase.
(1) Aluminium suffers from "sag" in the sense that aluminium has no natural "spring" in it, unlike steel. An aluminium frame, during use, is always slowly warping out of shape. Steel doesn't have that problem, obviously it is a lot heavier though. Carbon fibre doesn't have that problem, although, as you know, it is quite a lot more expenseive.
Because of this, one of the cycling books I've got (The Lance Armstrong Training Guide or something like that), says that an aluminium frame will only last 5 years, where as a carbon fibre frame will last 10. Obviously it depends on use, admittedly I'm not sure if that time frame involves a Lance Armstrong training schedule.
So, if your 5200 didn't cost twice as much as a 2300, there are economic reasons to get carbon fibre.and
(2) An expensive bike is far cheaper to get than an expensive car - your whole bike probably cost the equivalent of just a replacement door for a middle of the line BMW or Mercedes Benz. Of course, a door of a car isn't much use without the rest of the car.
Now, if only I could find the money to buy a 5200 (or a 2300 at the moment, I wouldn't care that much).
They are under no obligation to give you any sort of instruction manual with it.
I completely agree.
My motives for wanting these vendors to publish programming information are partly selfish, and partly altruistic.
My selfish reason is that I'd like to have available latest performance graphics hardware, with high quality open source drivers. In particular, this will ensure that bugs in the driver will never outlast the hardware, as with open source code, bugs can be fixed by anybody, even if the vendor isn't interested. Publishing programming information is the first requirement for open source drivers.
My altruistic reason is that these binary modules can cause instability and security problems under Linux. Less knowledgable people may think less of Linux, which of course it wouldn't deserve. Those people may abandon something they may greatly benefit from, based on a false impression.
Or are people choosing there position based on what type of hardware is involved... ?
So why do so many vendors not have a problem releasing source code or programming guides ?
If you run Linux, have a look in the "drivers" directory of the kernel source code. Each and every .c file under that directory is a result of vendors realising that they make money off of designing and making hardware. Publishing open programming information can only increase their hardware sales.
Anyway, back to the real issue. Do you agree with what StorageTek are doing ? If you don't, why not, based on what you've said endorsing other vendors doing the same sort of thing ie. hiding information from legitimate owners of the vendor's hardware ?
Releasing the source to their drivers ...
Re-read my posts. Where have I asked them to release their source code ?
No, they wont, as it cost them millions of dollars to create.
You seem to have missed the whole point of owning something. Once you do, you should be able to do with it what you want, irrespective of whether they spent $1 or $100 Billion dollars developing it.
Your argument equally applies to what StorageTek are doing, and to me, that suggests you agree with them. Do you ?
Having a go at companies for not releasing their intellectual property they spent millions on to the general public for free is incredibly naive.
I'm not asking them to release intellectual property. I'm asking them to let me know how to get the device to do what it was designed for - draw dots on the screen. They can embed all the intellectual property they want inside the chipset or firmware. I'm not asking them to disclose it in any way (note that if they were smart, they would patent it, and have a government monopoly on it for at least 17 years, rather than trusting it to be kept secret). All they need to do is just publish how to get the card to execute it.
How would you like to buy a car, jump in, find that it doesn't work like a normal car, turn around to the sales guy and say "how do I switch it on?", and have him turn around and say, "I'm sorry, can't tell you that, you'll have to use one of our specially certified drivers". That raises two questions - (1) what if you've proven to be a better driver than theirs (say you drive a Formula 1 race car), and (2) why would you want to have somebody else drive your car anyway, when you are perfectly capable of doing it yourself ?