These may have belonged in my earlier question, but anyway:
1) Are you concerned with biting off more than you can chew with the "Manage Identities" portion of the recommendation? (or, put another way, are you sure the government should really be doing any of those in the first place?)
A number of people are already uncomfortable with the idea of a national identity card (witness the problems that RealID is having these days)...your report goes even farther, though, by proposing a government-issued identity card that consumers could use for purchases online. If I'm already suspicious of a national ID, why in the world would I want to use a government-issued online ID?
2) Also, your recommendations have some huge loopholes: point 17 says that you want to allow consumers to use strong government-issued credentials for online activities, but point 18 then says that there should be regulation preventing businesses from *requiring* the use of those credentials.
In practice, one of these two lines will be pointless (companies will say that it's optional to do business with them, so it's not "required"). By way of example, it's illegal for a company to *require* an SSN for non-banking business, but just try to get water service in Maryland without giving it to them...you can't do it. Doesn't this sort of loophole make your "consumer protection" recommendations pointless?
To build on this, how are you planning on addressing the credibility gap between what the executive wants to achieve, and what the rest of the internet community (at least in the US) believes you really can/should achieve?
For example, I was at BlackHat this year, and the keynote speaker was one of the Feds, speaking about the federal plans for cyber security. The discussions in the hall after his keynote were scathing. Many of the attendees concluded that he had no clue what he was talking about. This, I think, has to be the first hurdle the executive needs to clear before accomplishing anything. Put simply: the private sector just doesn't believe in government's ability to succeed. How are you going to fix that?
No, BusinessWeek is being pulled into a very interesting game. There is a *ton* of posturing and jockeying for attention going on with the incoming administration (primary example is the DoD compromise story...how many versions of that story came out?). These stories are aimed at getting the transition teams to say "hey, yeah, that team/project/agency over there really does need more funding."
It depends on the region you're in. ARIN and RIPE have slightly different policies. In general, you can't get a block for a person the way you could with IPv4 in the early 90's. However, if your org can get PI space in IPv4, odds are very high that you'll qualify for the same in IPv6.
If you just want some IPv6 addresses sub-assigned to you to play with, have a look at Hurricane Electric...they're running one of the biggest tunnel broker ( http://tunnelbroker.net/ )setups out there, and are giving out/64s (and/48s, I think) for folks to experiment with IPv6.
Fair enough. My concern was that the words "public property" can be interpreted to mean things like school grounds, libraries, etc, which are often used as polling places themselves...so I wanted to make it clear about talking to the election judges first in those places.
You might also want to do your own exit polls. As long as you're on public property, no one has the right to keep you from shooting video.
This is very bad advice.
While a school may be public property, if it's being used as a polling place you most certainly do not have the right to shoot video or poll people inside. If you want to do either of these things in or near a polling place, please (please, please, please) check with the poll workers at the polling place first. They will know what rules there are and what limits there are to video and exit polling. (There are procedures for what the media can & can't do in a polling place, but the most important one is: if the chief judge says "no", then you're not filming...and you need to ask first.)
I have volunteered as a poll worker this cycle, and I'm really worried about getting into fights with people about the "Video the Vote" campaign. Video or photography inside the polling place is illegal in my state (I suspect it's illegal in all states, but I only know my state's law for sure). I don't want to get into these fights, but the Video the Vote folks have buried their CYA "please ask the poll workers" stuff in the middle of huge blocks of text that no one's likely to read, so I'm not optimistic.
(By the way, the whole soft-shoeing of the need to check with the election judges by "Video the Vote" really pisses me off...the poll workers are going to have a tough enough time this cycle with the expected huge turnout. The last thing we're going to need is some zealot screaming voter suppression when we try to enforce the "no filming" law in the polling area.)
</rant>
In short, if you want to be the media creator, that's fine...you just need to play by the rules.
Actually, I'm signed up to be an election judge in MD this cycle (I'm still a standby), and there's an interesting twist here:
The Maryland machines (Diebold) already have printers.
The printers are used to print out vote totals before polling place opens (they should all be zero) and after polling closes (the number of voters pointed to that machine should match the number of votes it has).
I suspect part of why Diebold/Premier Election Systems didn't want to add user-accessible printers was the complication of guaranteeing that voter's paper record went to one printer while the vote totals went to the other one. For the extra degree of difficulty, add in that they'd be trying to do that with the pared-down version of Windows that the voting machines run.
We burn through 8-10/8's every year. (see here for more info) Even if we reclaimed all of the "legacy"/8's (which we won't) it would still only push back the problem by a year or two. Reclaiming legacy IPv4 won't help.
So don't tie it down. There's nothing about the design of the space elevator that requires it to be tied to the earth in any way. If there's a storm coming, pull it up (or fold it up) about a mile or so above the clouds.
You're missing my point, I think: if I'm to believe the estimates of IPv4 exhaustion (granted, that's a big assumption), then we'll be out of IPv4 before the IETF + implementation process finishes for this replacement. So there will be hosts that won't have a choice about going IPv6-only...and they'll have to do it before the replacement is ready. That strikes me as a poor situation to be in.
I'll acknowldge that NAT-PT wasn't great. But something that sucks is better than nothing.
Funny, but not helpful. If the RFC is deprecated, why would anyone implement it? Any major implementation of it will be seen as a waste of time, since it's dead now. The thing is, we will need something like NAT-PT well before we will have any real implementations of whatever replacement the IETF process comes up with.
I still think shouldn't have thrown out NAT-PT until we were ready to replace it...ie, once the IETF process finished, not before it started.
Which is fine, but we need a translation system *now*, not in 4-5 years after IETF is done designing it. If someone came along with something better than NAT-PT, then deprecating it to replace it with the better thing would have been fine. But, deprecating NAT-PT before we had any replacement was just foolish.
So, every IPv6 host either needs access to a 6-4 gateway (most of which probably won't be public due to abuse concerns) or the IPv6 host has to have an IPv4 address (not likely after we run out of IPv4). Yeah, that's real effective.
Any IPv4 address has, per the IPv6 spec, an IPv6 representation, so any IPv6 machine can talk to a machine that has only IPv4 connectivity.
But, if your IPv4 host has no IPv6 address, it has no way to reply to the IPv6 host. This is one of the reasons people wanted things like NAT-PT, and why killing NAT-PT was a bad idea.
Oh, yes they will, they'll just fail in new and exciting ways. (Bug causing your router's CPU to hit 100%? Redundancy won't help you, 'cause once you fail over, the other one will just go up to 100%, too.)
No, this solution is basically breaking the DNS functionality that Kaminsky exploited. By design, the referral records were supposed to overwrite the cache (which some organizations do use). This patch breaks that.
Because the lack of (at least) a DNS server shoots an enormous hole in the entire "you can just let the clients auto-configure" claim about IPv6.
Until the RDNSS RFC gets implemented by both the router and client vendors (I'd bet on at least 5 yaers for that, probably more), not a single enterprise is going to go entirely auto-config...because they can't. Which makes the whole auto-configuration claim look really silly.
Slashdot Mirror
These may have belonged in my earlier question, but anyway:
1) Are you concerned with biting off more than you can chew with the "Manage Identities" portion of the recommendation? (or, put another way, are you sure the government should really be doing any of those in the first place?)
A number of people are already uncomfortable with the idea of a national identity card (witness the problems that RealID is having these days)...your report goes even farther, though, by proposing a government-issued identity card that consumers could use for purchases online. If I'm already suspicious of a national ID, why in the world would I want to use a government-issued online ID?
2) Also, your recommendations have some huge loopholes: point 17 says that you want to allow consumers to use strong government-issued credentials for online activities, but point 18 then says that there should be regulation preventing businesses from *requiring* the use of those credentials.
In practice, one of these two lines will be pointless (companies will say that it's optional to do business with them, so it's not "required"). By way of example, it's illegal for a company to *require* an SSN for non-banking business, but just try to get water service in Maryland without giving it to them...you can't do it.
Doesn't this sort of loophole make your "consumer protection" recommendations pointless?
To build on this, how are you planning on addressing the credibility gap between what the executive wants to achieve, and what the rest of the internet community (at least in the US) believes you really can/should achieve?
For example, I was at BlackHat this year, and the keynote speaker was one of the Feds, speaking about the federal plans for cyber security. The discussions in the hall after his keynote were scathing. Many of the attendees concluded that he had no clue what he was talking about. This, I think, has to be the first hurdle the executive needs to clear before accomplishing anything. Put simply: the private sector just doesn't believe in government's ability to succeed. How are you going to fix that?
No, BusinessWeek is being pulled into a very interesting game. There is a *ton* of posturing and jockeying for attention going on with the incoming administration (primary example is the DoD compromise story...how many versions of that story came out?). These stories are aimed at getting the transition teams to say "hey, yeah, that team/project/agency over there really does need more funding."
It depends on the region you're in. ARIN and RIPE have slightly different policies. In general, you can't get a block for a person the way you could with IPv4 in the early 90's. However, if your org can get PI space in IPv4, odds are very high that you'll qualify for the same in IPv6.
If you just want some IPv6 addresses sub-assigned to you to play with, have a look at Hurricane Electric...they're running one of the biggest tunnel broker ( http://tunnelbroker.net/ )setups out there, and are giving out /64s (and /48s, I think) for folks to experiment with IPv6.
I tried it on ibex as well, and can confirm the grandparent's experience. Network Manager has a very bad habit of forgetting static IP settings. (ibex open bug: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/256054 )
But it's trying to get out.
Fair enough. My concern was that the words "public property" can be interpreted to mean things like school grounds, libraries, etc, which are often used as polling places themselves...so I wanted to make it clear about talking to the election judges first in those places.
You might also want to do your own exit polls. As long as you're on public property, no one has the right to keep you from shooting video.
This is very bad advice.
While a school may be public property, if it's being used as a polling place you most certainly do not have the right to shoot video or poll people inside. If you want to do either of these things in or near a polling place, please (please, please, please) check with the poll workers at the polling place first. They will know what rules there are and what limits there are to video and exit polling. (There are procedures for what the media can & can't do in a polling place, but the most important one is: if the chief judge says "no", then you're not filming...and you need to ask first.)
I have volunteered as a poll worker this cycle, and I'm really worried about getting into fights with people about the "Video the Vote" campaign. Video or photography inside the polling place is illegal in my state (I suspect it's illegal in all states, but I only know my state's law for sure). I don't want to get into these fights, but the Video the Vote folks have buried their CYA "please ask the poll workers" stuff in the middle of huge blocks of text that no one's likely to read, so I'm not optimistic.
(By the way, the whole soft-shoeing of the need to check with the election judges by "Video the Vote" really pisses me off...the poll workers are going to have a tough enough time this cycle with the expected huge turnout. The last thing we're going to need is some zealot screaming voter suppression when we try to enforce the "no filming" law in the polling area.)
</rant>
In short, if you want to be the media creator, that's fine...you just need to play by the rules.
Actually, I'm signed up to be an election judge in MD this cycle (I'm still a standby), and there's an interesting twist here:
The Maryland machines (Diebold) already have printers.
The printers are used to print out vote totals before polling place opens (they should all be zero) and after polling closes (the number of voters pointed to that machine should match the number of votes it has).
I suspect part of why Diebold/Premier Election Systems didn't want to add user-accessible printers was the complication of guaranteeing that voter's paper record went to one printer while the vote totals went to the other one. For the extra degree of difficulty, add in that they'd be trying to do that with the pared-down version of Windows that the voting machines run.
...and yet, information hates to be anthromorphized. It's funny that way.
Yes, Red Bull is definitely evil. You can tell by the taste.
So, what, Republics are run by Republicans?
We'll see about that.
The use of "they" as a singular pronoun is by no means universally accepted.
We burn through 8-10 /8's every year. (see here for more info) Even if we reclaimed all of the "legacy" /8's (which we won't) it would still only push back the problem by a year or two. Reclaiming legacy IPv4 won't help.
So don't tie it down. There's nothing about the design of the space elevator that requires it to be tied to the earth in any way. If there's a storm coming, pull it up (or fold it up) about a mile or so above the clouds.
Citadel also tries to be a full-featured e-mail/calendaring/task management/etc system.
You're missing my point, I think: if I'm to believe the estimates of IPv4 exhaustion (granted, that's a big assumption), then we'll be out of IPv4 before the IETF + implementation process finishes for this replacement. So there will be hosts that won't have a choice about going IPv6-only...and they'll have to do it before the replacement is ready. That strikes me as a poor situation to be in.
I'll acknowldge that NAT-PT wasn't great. But something that sucks is better than nothing.
Funny, but not helpful. If the RFC is deprecated, why would anyone implement it? Any major implementation of it will be seen as a waste of time, since it's dead now. The thing is, we will need something like NAT-PT well before we will have any real implementations of whatever replacement the IETF process comes up with.
I still think shouldn't have thrown out NAT-PT until we were ready to replace it...ie, once the IETF process finished, not before it started.
Which is fine, but we need a translation system *now*, not in 4-5 years after IETF is done designing it. If someone came along with something better than NAT-PT, then deprecating it to replace it with the better thing would have been fine. But, deprecating NAT-PT before we had any replacement was just foolish.
So, every IPv6 host either needs access to a 6-4 gateway (most of which probably won't be public due to abuse concerns) or the IPv6 host has to have an IPv4 address (not likely after we run out of IPv4). Yeah, that's real effective.
Any IPv4 address has, per the IPv6 spec, an IPv6 representation, so any IPv6 machine can talk to a machine that has only IPv4 connectivity.
But, if your IPv4 host has no IPv6 address, it has no way to reply to the IPv6 host. This is one of the reasons people wanted things like NAT-PT, and why killing NAT-PT was a bad idea.
Oh, yes they will, they'll just fail in new and exciting ways. (Bug causing your router's CPU to hit 100%? Redundancy won't help you, 'cause once you fail over, the other one will just go up to 100%, too.)
No, we get upset at the TSA for doing their job badly.
No, this solution is basically breaking the DNS functionality that Kaminsky exploited. By design, the referral records were supposed to overwrite the cache (which some organizations do use). This patch breaks that.
Because the lack of (at least) a DNS server shoots an enormous hole in the entire "you can just let the clients auto-configure" claim about IPv6.
Until the RDNSS RFC gets implemented by both the router and client vendors (I'd bet on at least 5 yaers for that, probably more), not a single enterprise is going to go entirely auto-config...because they can't. Which makes the whole auto-configuration claim look really silly.