Re: But nobody has yet reported
That comes after the space station and base are built and operational.
27 posts • joined 12 Nov 2007
> they put too much unnecessary nonsense ion ipv6 and tried to persuade people it was a good thing.
That can be said of IPv4.
However, the truth is the "they" you are referring to are not IPv6 people. "They" are a host of IPv4 advocates trying to make IPv6 behave like IPv4 when such behaviour is counter productive and inefficient. As a result there have been a huge number of extension, compatibility, address translation, address mapping, address re-assignment, and tunneling specifications defined. Each used briefly then thrown away when the "IPv4 way" proved, time and again to be unnecessary or worse than the originally defined "IPv6 way".
> no nat by design
That can be said of IPv4.
NAT is an extension in both IPv4 and IPv6. It is largely unused because once admin take the step to migrate they find out how useless the IPv4 types of NAT really are in IPv6 networks.
> every thing publicly addressable by design
The IPv4 core specification defines all IPs as globally routable.
IPv6 core specification defines several ranges which must never be permitted through routers.
> the ip address being derived from the MAC address permitting device tracking by design (ok mainly addressed now)
Link-local address allocation is such a popular feature it got back-ported to IPv4 despite major performance loss on allocation, issues with IPv4 not coping with multiple IPs per machine interface, and the 169/8 range being globally routable adding security issues the IPv6 dedicated private range does not have.
You also aware of a little old protocol called ARP? The one which puts the word 'address' in the term "MAC address".
IPv4 has the same feature. Its called DHCP static address assignment, and is surprisingly popular with IPV4 admin.
IPv6 just removes several layers of complexity and dependency on DHCP servers.
> extensible headers
The great failing of IPv4. Fixed at last. No more need to, how did you put it, "bolt things around the standard".
> etc etc etc
Do continue please. So far all we can see is a list of common myths.
> the simplicity of ipv4 has ensured it has survived longer unexpected as we've learnt to bolt things around the standard rather than in the standard.
IPV6 is much, much simpler than IPv4. It is the great expanse of legacy IPv4-only software and hardware around the world combined with misinformation from IPv4-focussed people like yourself which is keeping IPV4 alive. IPv6 is a mature protocol, in so far as any network protocol ever is.
You seem to have missed the fact that you are no longer tied to having 1 IP address per machine. It is expected to have both an ULA and a global prefix assigned to each LAN machine.
Use DNS views for .local domain to present the ULA for internal machines. That way your machines can use their ULA for LAN communications and whatever random value global-scope has that day for outbound WAN connections. Anything that needs to receive global connections should have fixed IPs so you can either setup a NAT66 to map those to the ULA or assign the appropriate global IP as a third address on the machine presenting that service.
What you end up with is static IPs for services provided to the world, an ephemeral global-scope range for outbound connections, and a static ULA range for internal traffic.
RFC 7235 etc were redone just a few years ago. That is why the MUST exists on the 407 response status.
There is nothing actually new about this problem. It has been known about since sometime around 2002 when Microsoft found it and fixed similar behaviours in MSIE. The other browser vendors lagged a bit but got their fixes out in 2009. Lookup CVE-2009-1835 if you want a reference.
If only it was a complete re-write. Most of what you are mentioning is C memory and assertion behaviour that was left in amongst the C++ code for "backwards compatibility". The (few) actual C++ bits work rather well.
Including this lovely new vulnerability that I tracked back to Squid 1.1 before the mists of time got in the way.
"I know about how coral islands are dynamic structures that track sea level - but I'd be interested in any verifiable evidence of scaryness."
The warmer sea waters are killing off the corals. Leading to the opposite effect due to erosion. Even so corals grow very, very slowly and it does so after the fact (coral does not grow out of water). Flooding the land with salt water for a century or so is not a great plan for keeping it habitable. Nor is making the volcano underneath the coral produce some more rock (for the smaller islands, Hawaii seems to be doing okay with that approach, but its not an option for the smaller islands.
The biggest issues are not even about water actively covering the land. The other effects that preceed it are worse - the islands water table is flooded with salt water as the rise in sea level adds external pressure and pushes the clean potable water out. The vegetation that can cope with this salty situation are not sufficient to sustain the inhabitants or most local wildlifes food requirements. Loss of vegetation also opens up land to storms (which have higher storm surges and faster wind speeds now) and erosion dragging it down closer to the sea level where the flooding and water table changes have more effects. Its a vicious cycle from lovely tropical island to sandy desert island.
Tuvalu started their planning 2001. A decade later the situation appears not to have changed much, but note the context of 0 population growth as residents are migrating away as fast as they can get approved.
Catarets reached tipping point in 2009 with a forced total evacuation of one island. The others are following with only slightly less urgency:
... regardless of how we may feel about the practice.
One of the major outstanding problems with todays technology is the closed-source code driving pieces from individual chips to complex mechanical systems.
Simply having the code visible publicly allows the technology using it to be maintained in the long term. Perhapse commercially from what started as openwashed code. Perhapse replaced by properly FOSS projects later down the line after the commercial support evaporates.
As our world gets ever more mechanised by the IoT trends this openwashing behaviour plays a vital role in sustainability.
"As someone a bit dumb but interested, would this be possible if HTTP2 was being used?"
Yes it would still be possible. HTTP/2 only changes the wire format of the HTTP layer messages and makes TLSv1.2 the minimal version. The SSL/TLS encryption protocol is where the attack is happening. They can use all the trusted CA trickery to intercept connections of any type (email, ssh, even VPN, ... whatever uses SSL/TLS). The downgrade to SSLv2/v3 on the server connection would not be possible in HTTP/2, but that is not a necessary part of the hijack anyway.
The NZ consumer market suffered for many years from a bit of a monopoly ("absence of competition"?) on low-cost device types being sold which would also connect to the certain major ISP without something approximating sysadmin skills. ISP provided ones were from the same range of vendors.
Those of us clueful enough to buy quality rather than cheap hardware tend to prefer other ISP services as well. So most of the populace served by said ISP has a range of crap hardware even today.
Despite common mis-perception "Spam" and "spam" is not a Hormel trademark.
"SPAM" all upper case is the trademark.
Unlike some other big corporates Hormel are kind enough to understand their own chosen trademark and extend leeway to persons in the anti-spam area who are careful to use the non-trademark variants correctly and without profiting from the term.
They *do* actively enforce the trademark however. Try to label everything in CAPS and you are violating their trademark. Do so while operating a money-making operation and can expect to receive a legal complaint.
So several browsers completely ignore privacy protection when strange input is received.... and somehow google is to blame? how many sites have been doing this maliciously already?
Come on, put the blame where its deserved. Security is useless when the default behaviour is to bypass that security at the slightest sign of trouble.
when the trolls and fanbois put up the difficulty of learning Windows as a selling point for keeping it?
"people still struggle with Windows after using it for 15 years." ... so use an OS where the GUI is tunable to match the users way of thinking instead of twisting the users thoughts to fit a pre-set designers view of the world.
Once they get over the "Excel is not the only spreadsheet in existence" problem users find almost all other OS easier to understand than Windows.
You could try and get WIA to send that "expert" to TechEd this year. They have already announced that it will be a IPv6-only network at the conference *because they could not get any IPv4 allocation*.
IPv4 connectivity? please hand over $XXX to the local residential ISP for a cellphone and do it yourself.
The chatter problem (as described by a cellular engineer to me) is that the networks moving to LTE use IPv6 on top of legacy protocols. From the IP-layer point of view (HTTP and others) the network is always connected. The signal layers under IP have far too many wrapper layers each doing their own setup and teardowns. Sometimes on a per-packet basis. Sometimes on timeouts regardless of what usage is still going through. This results in a HUGE amount of sub-chatter even halfway through a regular TCP link for any network which has not transitioned properly or completely.
Websites seem to also have this fascination with hundreds of requests per page (forced to not cache and forced to close immediately) and you start to see why people are starting to really hate them.
I upgraded from hand-vacuum to a full hoover in 2004 after opening an old third-hand IBM box that had been through two house fires and five years of garage duty. The machine (barely) worked before the cleanup and not afterwards. I think the desert spoon required to dig ash out around the RAM boards did some damage. In retrospect I think the prior buildup of dustbunnies died as unsung heroes in the fires, protecting the PC from meltdown.
@reg: no I don't quite believe the last two.
* Fitting packets through small gaps is a student pasttime, but fitting a dell mouse in there as well is a bit beyond them.
* Have seen real mice-kebabs coming out of power supplies and those two were suspiciously missing a whole lot of exterior charcoal.
... that in all countries where IE is not forced on people, windows has a lesser rate of infection :)
Mind you, removal tool will not let itself be run on pirated versions of windows. So there are a whole lot of installs stuffed to the brim with evil in the Asia-pacific area.
Grenade. because there is no ticking bomb icon.
Biting the hand that feeds IT © 1998–2020