* Posts by Amos

27 publicly visible posts • joined 12 Nov 2007

The Moon certainly ain't made of cheese but it may be made of more metal than previously thought, sensor shows

Black Helicopters

Re: But nobody has yet reported

That comes after the space station and base are built and operational.

Asia’s internet registry APNIC finds about 50 million unused IPv4 addresses behind the sofa


Re: So, IPv4 addresses are like petroleum

Your info is months out of date. It is now below 70% and continues dropping at a consistent rate.


Re: if at all

> they put too much unnecessary nonsense ion ipv6 and tried to persuade people it was a good thing.

That can be said of IPv4.

However, the truth is the "they" you are referring to are not IPv6 people. "They" are a host of IPv4 advocates trying to make IPv6 behave like IPv4 when such behaviour is counter productive and inefficient. As a result there have been a huge number of extension, compatibility, address translation, address mapping, address re-assignment, and tunneling specifications defined. Each used briefly then thrown away when the "IPv4 way" proved, time and again to be unnecessary or worse than the originally defined "IPv6 way".

> no nat by design

That can be said of IPv4.

NAT is an extension in both IPv4 and IPv6. It is largely unused because once admin take the step to migrate they find out how useless the IPv4 types of NAT really are in IPv6 networks.

> every thing publicly addressable by design


The IPv4 core specification defines all IPs as globally routable.

IPv6 core specification defines several ranges which must never be permitted through routers.

> the ip address being derived from the MAC address permitting device tracking by design (ok mainly addressed now)

Link-local address allocation is such a popular feature it got back-ported to IPv4 despite major performance loss on allocation, issues with IPv4 not coping with multiple IPs per machine interface, and the 169/8 range being globally routable adding security issues the IPv6 dedicated private range does not have.

You also aware of a little old protocol called ARP? The one which puts the word 'address' in the term "MAC address".

> slaac

IPv4 has the same feature. Its called DHCP static address assignment, and is surprisingly popular with IPV4 admin.

IPv6 just removes several layers of complexity and dependency on DHCP servers.

> extensible headers

The great failing of IPv4. Fixed at last. No more need to, how did you put it, "bolt things around the standard".

> etc etc etc

Do continue please. So far all we can see is a list of common myths.

> the simplicity of ipv4 has ensured it has survived longer unexpected as we've learnt to bolt things around the standard rather than in the standard.

IPV6 is much, much simpler than IPv4. It is the great expanse of legacy IPv4-only software and hardware around the world combined with misinformation from IPv4-focussed people like yourself which is keeping IPV4 alive. IPv6 is a mature protocol, in so far as any network protocol ever is.

Ever wonder why those Apple iPhone updates take so damn long?


Re: @SuccessCase

"the option to download the update is greyed out."

.. which in software actually means that you cannot turn it off if they want to download it anyway.

Having the option available to flick, but defaulting to _disabled_ is what one should expect to see.

Windows 10 networking bug derails Microsoft's own IPv6 rollout


Re: My Personal IPv6 Beef

You seem to have missed the fact that you are no longer tied to having 1 IP address per machine. It is expected to have both an ULA and a global prefix assigned to each LAN machine.

Use DNS views for .local domain to present the ULA for internal machines. That way your machines can use their ULA for LAN communications and whatever random value global-scope has that day for outbound WAN connections. Anything that needs to receive global connections should have fixed IPs so you can either setup a NAT66 to map those to the ULA or assign the appropriate global IP as a third address on the machine presenting that service.

What you end up with is static IPs for services provided to the world, an ephemeral global-scope range for outbound connections, and a static ULA range for internal traffic.

FalseCONNECT sends vendors scrambling to patch proxy MITM bug


Re: Security Design - been there done that. Twice already.

RFC 7235 etc were redone just a few years ago. That is why the MUST exists on the 407 response status.

There is nothing actually new about this problem. It has been known about since sometime around 2002 when Microsoft found it and fixed similar behaviours in MSIE. The other browser vendors lagged a bit but got their fixes out in 2009. Lookup CVE-2009-1835 if you want a reference.

Popular cache Squid skids as hacker pops lid


Re: But it's C++!

If only it was a complete re-write. Most of what you are mentioning is C memory and assertion behaviour that was left in amongst the C++ code for "backwards compatibility". The (few) actual C++ bits work rather well.

Including this lovely new vulnerability that I tracked back to Squid 1.1 before the mists of time got in the way.

Burn all the coal, oil – No danger of sea level rise this century from Antarctic ice melt


Re: pacific islanders?

"I know about how coral islands are dynamic structures that track sea level - but I'd be interested in any verifiable evidence of scaryness."

The warmer sea waters are killing off the corals. Leading to the opposite effect due to erosion. Even so corals grow very, very slowly and it does so after the fact (coral does not grow out of water). Flooding the land with salt water for a century or so is not a great plan for keeping it habitable. Nor is making the volcano underneath the coral produce some more rock (for the smaller islands, Hawaii seems to be doing okay with that approach, but its not an option for the smaller islands.

The biggest issues are not even about water actively covering the land. The other effects that preceed it are worse - the islands water table is flooded with salt water as the rise in sea level adds external pressure and pushes the clean potable water out. The vegetation that can cope with this salty situation are not sufficient to sustain the inhabitants or most local wildlifes food requirements. Loss of vegetation also opens up land to storms (which have higher storm surges and faster wind speeds now) and erosion dragging it down closer to the sea level where the flooding and water table changes have more effects. Its a vicious cycle from lovely tropical island to sandy desert island.

Tuvalu started their planning 2001. A decade later the situation appears not to have changed much, but note the context of 0 population growth as residents are migrating away as fast as they can get approved.


Catarets reached tipping point in 2009 with a forced total evacuation of one island. The others are following with only slightly less urgency:


Don't touch this! Seven types of open source to dance away from


Overall openwashing is a good thing.

... regardless of how we may feel about the practice.

One of the major outstanding problems with todays technology is the closed-source code driving pieces from individual chips to complex mechanical systems.

Simply having the code visible publicly allows the technology using it to be maintained in the long term. Perhapse commercially from what started as openwashed code. Perhapse replaced by properly FOSS projects later down the line after the commercial support evaporates.

As our world gets ever more mechanised by the IoT trends this openwashing behaviour plays a vital role in sustainability.

Small businesses trashed in big malware campaign


In other words all the small startups and split-offs from larger university-type organisations research groups. I'm seeing a bit of a trend in these past few weeks data theft articles.

Man the HARPOONS: YOU can EASILY SLAY ad-scumware Superfish


"As someone a bit dumb but interested, would this be possible if HTTP2 was being used?"

Yes it would still be possible. HTTP/2 only changes the wire format of the HTTP layer messages and makes TLSv1.2 the minimal version. The SSL/TLS encryption protocol is where the attack is happening. They can use all the trusted CA trickery to intercept connections of any type (email, ssh, even VPN, ... whatever uses SSL/TLS). The downgrade to SSLv2/v3 on the server connection would not be possible in HTTP/2, but that is not a necessary part of the hijack anyway.

Torvalds turns to Sir Mix-A-Lot for Linux versioning debate


Re: Don't do it, Torvalds.

"Care to explain how 3.0 was a major shift from later 2.6?"

Rumour has it 3.0 was in part a celebration of getting rid of The Big Kernel Lock. That make true multi-core support a reality.

Nude celeb pics wrongly blamed for DDOS at New Zealand's largest ISP


Re: Whose modems were they anyway

The NZ consumer market suffered for many years from a bit of a monopoly ("absence of competition"?) on low-cost device types being sold which would also connect to the certain major ISP without something approximating sysadmin skills. ISP provided ones were from the same range of vendors.

Those of us clueful enough to buy quality rather than cheap hardware tend to prefer other ISP services as well. So most of the populace served by said ISP has a range of crap hardware even today.

Office printers spew reams of garbage as 2-year-old Trojan runs wild


You had clay? stones the way to go my friend. Solid dependable long term record storage. Costs a lot in balloons to get it to the clouds though.

Google shoves cybersquatter off 763 Googletastic domains


Re: Google generic term...

Despite common mis-perception "Spam" and "spam" is not a Hormel trademark.

"SPAM" all upper case is the trademark.

Unlike some other big corporates Hormel are kind enough to understand their own chosen trademark and extend leeway to persons in the anti-spam area who are careful to use the non-trademark variants correctly and without profiting from the term.

They *do* actively enforce the trademark however. Try to label everything in CAPS and you are violating their trademark. Do so while operating a money-making operation and can expect to receive a legal complaint.

Microsoft claims Google bypassed its browser privacy too


So several browsers completely ignore privacy protection when strange input is received.... and somehow google is to blame? how many sites have been doing this maliciously already?

Come on, put the blame where its deserved. Security is useless when the default behaviour is to bypass that security at the slightest sign of trouble.

90% of visitors declined ICO website's opt-out cookie


@Phil Endecott

Yes exactly so. Its pure and simple outsourcing of analytics tasks to Google.

BT earmarks 66 more exchanges for fibre-to-the-cabinet upgrade


"Duct blockages" causing delays?

would that be another name for "we found a tree growing through the cables", or as the calldesk knows it "I cant connect" ??

FAIL. Because blockages, floods, and various state of animal matter in ducts are no excuse for being surprised.

Windows 7 takes PC upgrade for a cycle


Don't you just hate it...

when the trolls and fanbois put up the difficulty of learning Windows as a selling point for keeping it?

"people still struggle with Windows after using it for 15 years." ... so use an OS where the GUI is tunable to match the users way of thinking instead of twisting the users thoughts to fit a pre-set designers view of the world.

Once they get over the "Excel is not the only spreadsheet in existence" problem users find almost all other OS easier to understand than Windows.

IP registry goes to Defcon 1 as IPv4 doomsday nears



You could try and get WIA to send that "expert" to TechEd this year. They have already announced that it will be a IPv6-only network at the conference *because they could not get any IPv4 allocation*.

IPv4 connectivity? please hand over $XXX to the local residential ISP for a cellphone and do it yourself.

Santander blames Firefox 4 for website fail



You typo...

"giving poor advice that can lead to their customers having their bank accounts hijacked."

"giving poor advice that WILL lead to their customers having their bank accounts hijacked."

There fixed.

Operators demand smartphones sort signalling storm


chatter boxes

The chatter problem (as described by a cellular engineer to me) is that the networks moving to LTE use IPv6 on top of legacy protocols. From the IP-layer point of view (HTTP and others) the network is always connected. The signal layers under IP have far too many wrapper layers each doing their own setup and teardowns. Sometimes on a per-packet basis. Sometimes on timeouts regardless of what usage is still going through. This results in a HUGE amount of sub-chatter even halfway through a regular TCP link for any network which has not transitioned properly or completely.

Websites seem to also have this fascination with hundreds of requests per page (forced to not cache and forced to close immediately) and you start to see why people are starting to really hate them.

Dirty, dirty PCs: The X-rated picture guide


Dust bunnies are not all bad....

I upgraded from hand-vacuum to a full hoover in 2004 after opening an old third-hand IBM box that had been through two house fires and five years of garage duty. The machine (barely) worked before the cleanup and not afterwards. I think the desert spoon required to dig ash out around the RAM boards did some damage. In retrospect I think the prior buildup of dustbunnies died as unsung heroes in the fires, protecting the PC from meltdown.

@reg: no I don't quite believe the last two.

* Fitting packets through small gaps is a student pasttime, but fitting a dell mouse in there as well is a bit beyond them.

* Have seen real mice-kebabs coming out of power supplies and those two were suspiciously missing a whole lot of exterior charcoal.

BOFH: Baitin' switch



Of course it is.

... and xmail is short for ex-mail ...

Microsoft says US is top malware target


Not surprising to see...

... that in all countries where IE is not forced on people, windows has a lesser rate of infection :)

Mind you, removal tool will not let itself be run on pirated versions of windows. So there are a whole lot of installs stuffed to the brim with evil in the Asia-pacific area.

Grenade. because there is no ticking bomb icon.

Boffins beget bacterial biofuel bonanza

Paris Hilton

Anyone else...

.. reminded of the ancient movie Rocket Pants?

The one that shall not be named? because she was also made of hollywood-grade bio-plastics.

BOFH: How dangerous are your users?

Black Helicopters

@Moreley Dotes

hey Morely, long time no see.

And quite a coincidence. We both got the same user rating.

I wonder why ;-)