Posts by Vic

The NSA don't resell their users

They most certainly do.

The Snowden documents show situations where an evidence trail has been fabricated becasue someone actually got caught through an NSA snoop, with the data then (unlawfully) being passed on to DEA or similar.

It is alleged - and unproven, naturally - that snooped data is also passed onto US businesses to give them a competitive edge.

So the NSA is certainly reselling data - I just don't yet know how much I care about that.

Vic.

Re: Pick any Comparision

"He ruined the print media, he ruined television"

You forgot FOOTY.

Even the very worst of us gets things right occasionally... :-)

Vic.

Re: Why?

it'd be nice to have it displayed in a manner that doesn't require my phone to be in one of those bloody windscreen suckers.

That's exactly what I was talking about...

Vic.

Re: Why?

if it can push oil/water temp, oil pressure, and other measurements that aren't on the dash any more

You can find stuff like that on eBay for £30 delivered...

Vic.

Re: IPv6 like OSI is far more complex than necessary - part 2

this is, hopefully, NOT a SCI-Fi rant

It is, however, almost entirely unintelligible :-(

VIc.

Re: IPv6 like OSI is far more complex than necessary

What I do worry about is that if made available, then pretty well everyone would implement it because "we always have NAT" regardless of whether they need it. Ie, too many people couldn't get their heads around not having this crutch to lean on.

So what?

If that's how people want to use the Internet, what does it matter? It'll still work.

If it really does add to the costs of running a service - and, as a small-time VoIP provider, I'm not sure I can really agree with you - then you pass those costs on to the user, with rebates if he takes the solution that makes it cheaper for you. If it makes business sense for people to discard NAT, they will do so. At the moment, it's all cost and no reward.

IPv6 takeup is very, very slow. It would make sense for the community as a whole to work out why this is - and that involves asking the people who have chosen to stay with IPv4, not just telling them why they're wrong...

Vic.

My recollection is that in fact there were no real issues, or almost none.

Then you were lucky. I had *lots* to fix at several establishments.

Y2K might not have been a worked example in how to run a development project, but the reason it was such a non-event is all the hard work put in by many people trying to turn it into that non-event.

Vic.

Re: You don't need NAT for IPv6

Any NAT router worth its weight will do at least some firewalling

Look at the routers being distributed by cheapo ISPs.

I'm not arguing whether or not they ought to have decent firewalls fitted. I'm saying that a substantial number do not.

Now you can say that they're not fit for purpose until you're blue in the face - this is what people *have*. Arguing that these people muist change their IT systems to suit your model is not a strong position.

Alternatively, we can just promote the idea of NAT over IPv6 for those who want it and all these issues just go away...

Vic.

Re: You don't need NAT for IPv6

If it does NAT it is, to all intents and purposes, a firewall.

But it is not a firewall.

It might be implemented by a firewall - that's how I do the NAT between two of my networks - but that doesn't make it a firewall; a firewall does many things besides NAT that may well not be implemented by a NAT box.

And as to latency, which do you think is quicker/less resource intensive

Neither. They're largely the same operation. You will not be able to measure any difference.

Vic.

Re: That's not a mandatory part of the standard

Not any more. But it should never have been a part of it at all.

I don't think it ever was - it's simply a suggestion for how to allocate link-local addresses with a high probability of avoiding collision. You need to allocate unique link-local addresses, and this is a simple way of doing so.

IPv6 has numerous difficulties, but this really hasn't ever been one, no matter how many times you hear that the sky is falling from someone writing a "helpful" blog piece...

Vic.

Re: You don't need NAT for IPv6

home routers already have firewalls

They do? All of them?

Because if any ship without firewalls - *any* - then your assertion and all the inferences you draw from it are entirely wrong.

The point is we need IPv6 to make it easier to do peer to peer things like videos, gaming, telephone

No, we don't. I'm already doing that - sans the gaming, usually, as that's not my thing - on IPv4 with NAT. It's all very well asserting that IPv6 is "needed" for $application, but reality does not bear that out. Feynman had good things to say about what happens when your theory doesn't agree with reality...

Removing NAT removes a level of CPU and memory requirements that saves electricity and latency

Bullshit. You're still processing stuff, just in a slightly different way.

IPv6 brings a raft of other things, multicast is one example

IPv6 brings in a number of things, but multicast is not one of them. I've been doing multicast over IPv4 for years. If you watch TV, the chances are you're watching the product of multicast over IPv4, as that's how substantially all the content providers work[1]. Multicast is entirely orthogonal to IPv6.

Vic.

[1] I'm not even sure if the encoders in use even support IPv6; certainly the ones I worked on don't. AFAIK, there's very little demand for it...

Re: It's happening, get over it

IPv6 people argue IPv4 with NAT breaks so many things like peer to peer

You hear a lot of that.

For example, I've been assured many times that NAT breaks VoIP. And yet here I am, doing VoIP through NAT. It's stunningly[1] simple...

Vic.

[1] Yes, I did.

Re: Please refrain from NAT66

IPv6 is asstastic for anyone excepting weathy enterprises and backbone providers that don't have the sorts of concerns faces by the under-1000 seat crowd.

It's not *quite* that bad.

What concerns me more is the sub-15 seat companies and private users who don't have a sysad available - they are left with a fairly steep technical challenge to setting up IPv6. And what will happen is this - they'll plug in the router they get from their (el cheapo) ISP and wonder why the traffic LED flashes so much...

"The business" is generally not ready or willing to invest in replace what works just fine today with a more expensive thing that will hopefully prepare us for the future.

Precisely. I can create a firewall-type device to secure the network, but realistically, by the time I've built it and installed it, it's not going to come in under £300. Any small business owner is going to ask what he gets for that money - and that's not an easy story to tell.

Pretty much everyone who isn't already wedded to IPv6 is really just hoping that the ivory tower types will capitulate, we'll get our IPv6 NAT and nobody will have to actually change how they do things.

Nobody actually *needs* to capitulate anything - NAT will work on IPv6 in exactly the same way as it does on IPv4; it just needs to be built into the router. Unfortunately, if the cheapo modem/router from the ISP doesn't do it - and, being contrary to the spec, I suspect many manufacturers will be loath to build one that does - we're back to that £300 box again - albeit with a different purpose this time.

do we - the majority - accept the dogmatic implementation of IPv6, or do we tell the ivory tower types what to go do with themselves and implement a NATed version, with all the benefits - and downsides - that it entails.

The latter, obviously. Having NAT available doesn't mean you *have* to use it - the MAU is still /64, so those that want to do it per the spec can still do so. But having NAT available means that either solution is available, without breaking anything any more than we're already used to. This would seem to me to be the pragmatic solution - but it *always* causes arguments from those that think NAT should be prevented...

Vic.

Re: NAT is a kludge

Baking the device's MAC address into the IPv6 address isn't good for privacy.

That's not a mandatory part of the standard - just a suggestion - and it's only for link-local addresses. Those addresses that you use for talking to other devices on the Internet will not contain your MAC address[1]

Vic.

[1] Unless you're monumentally unlucky, or deliberately make it so.

Re: You don't need NAT for IPv6

You don't need NAT for IPv6. But many people *want* to use it.

NAT introduces a few issues - at least one of which is insurmountable (and, thankfully, quite rare these days) - but it also means that setting up a small network behind a NAT router is trivial. And there are a *vast* number of people with exactly that setup.

Now it's all very well to say that you "just" add a new firewall to hide that lot from IPv6 connectivity - but that's just adding hardware to prevent what is being sold as a benefit; it would be much, much simpler just to change the address space and leave the NAT model in place. Then everyone is happy.

Vic.

Re: NAT is a kludge

Yes NAT is a kludge. Rather than killing it, IP6 should have had a fixed version.

IPv6 doesn't need a "fixed" version - just the removal of the objection to NAT on IPv6.

Then NAT can carry on working just as we've been doing on IPv4; it's not a technical limitation, it's a dogmatic one.

Vic.

Re: We should finally invest in defence

Many languages, for example, will make sure that your stackpointer is at the same value it used to be before a function call.

Most of that sort of protection only operates at run-time; it might prevent the buffer overflow, but it will cause an exception from the bowels of the code. How that exception is handled is a problem unto itself - and if unhandled, simply kills the process. So although you can obviate the effects of certain types of bug, you cannot prove that the code will do anything sensible (like not crashing) without a lot more analysis. And that is expensive...

Essentially the current attempts boil down to the idea that you give your compiler hints on how it can check if the code is right. Early starts to this are "const" attributes to variables in C.

Yes - there are many things you can do to improve code reliability. But that's a long way from having properly proven code...

Vic.

Re: We should finally invest in defence

And we should learn how to prove code.

We've known how to prove code for decades. The trouble is - it's ruinously expensive.

So when a PHB is presented with the choice of a £50 piece of code that isn't proven and a £50,000 piece of code that is, guess which one is chosen?

Thus anyone proving his code goes out of business...

The only solution is to make PHBs responsible for their actions. Yeah, and that'll happen.

Vic.

Re: Can I suggest that you move to the North

It is far safer, friendlier and more green and pleasant than the god-forsaken shithole that is London.

Talk about damning with faint praise...

Vic.

Re: An alternative viewpoint is...

The sooner we build a big wall along the route of the M25 and seal them all in forever, the better.

Not a wall. A mould...

Vic.

Re: "almost always mechanical backup for critical ... components."

There are multiple incidents, none of which I can remember right now but which are doubtless in Wikipedia, where passenger aircraft have been steered largely or solely by means of adjusting engine thrust (more thrust = go up, differential L/R thrust for L/R steering).

No, I can't remember any such instances either. I suspect there's a reason for that.

Adjusting engine thrust will give you control over your glide angle, and some control over yaw (given multiple functioning engines), but essentially no control over roll or pitch[1]. So you might be able to choose the point at which you strike the runway, but not which part of the plane you do it with. Planes don't land well on the wingtip...

Feel free to post references to prove me wrong, but I doubt you'll find any.

Vic.

[1] Secondary effects give you some control over roll, but not enough to land the thing.

Re: "almost always mechanical backup for critical ... components."

If the engine dies, it's a royal pain in the arse

I probably should have added, by way of contrast, "if you lose control of the flight surfaces, you're all dead".

Vic.

Re: "almost always mechanical backup for critical ... components."

I can't help wondering why the vaguely similar functional requirements (apart from environment, where a fllight computer has an easy life vs an engine-mounted FADEC), and the same engineering/regulatory/resilience requirements (DO178 level A in both cases?) lead to such architecturally different technical solutions in flight computer vs FADEC?

Different consequences if they fail.

If the engine dies, it's a royal pain in the arse, but planes can and do land safely without power - it's one of the skills that must be demonstrated on the first attempt during the Skills Test. There are no second chances - cock it up and you fail.

My favourite story of an unpowered descent is the Gimli Glider. That aircraft was used for another 25 years after that incident.

Vic.

Re: "almost always mechanical backup for critical ... components."

In three decades of working with safety critical engine control systems

Flight computers aren't FADECs...

I've read lots about dissimilar redundancy. I've never seen a real commercially deployed system that used it.

I have first-hand experience of one of the Typhoon flight computers. Part of the spec was that it had to have a different CPU to the other type.

I'm happy to believe it happens somewhere. Documented examples welcome.

This document (PDF, takes a while to download) describes the A320 and A340 flight controllers. Section 3 covers the dissimilar hardware in each type of computer, as well as the dissimilar software in each channel of each computer - i.e. there are 4 separate developments by 4 separate teams. This is standard practice, IME.

Maybe I've led a sheltered life

'Fraid so...

Vic.

Re: "almost always mechanical backup for critical ... components."

Although the electronics is dual channel (one controlling, one backup), it's two channels of identical hardware running identical software.

This is frequently not the case; all the aircraft I've worked on have different types of CPU in the primary and secondary flight computers.

I've just read a presentation on Airbus fly-by-wire systems, and they use the same protocol.

Vic,

Re: Wot about ILS?

ILS is unencrypted. Heck, it's not even digital.

So?

Try to work out a practical hack for ILS. Just adding more transmitters isn't going to bring aircraft down - it's just going to piss off the first two pilots who have to execute a missed approach.

As soon as the difficulty is discovered - even if no-one knows why it's gone wrong - ILS will be marked as inoperative, and every single incoming aircraft will be told this. The pilot will need to say that it is inoperative as part of his read-back to ATSU.

ILS is an aid to navigation, it's not the only way of bringing an aircraft in. Should the visibilty be so poor that the airfield is effectively unusable without ILS, incoming aircraft will be diverted. They *do* have enough fuel for that - it's part of the flight plan.

Vic.

Re: But what upgrades the software?

There is no mechanical backup for Airbuses for some time. Nor I believe the 777.

There is certainly a mechanical backup on the 777. I'd have to look up the Airbus.

Vic.

Re: We don't need no stinkin' backups

How do they know if these backup systems are working if you never use them?

You do use them.

Two of the aircraft I fly have a "glass cockpit" system - the flying displays are big LCD screens, showing all the flight instrumentation and navigation systems.

The backups are mechanical instruments alongside the displays - and you *do* use them all the time. In fact, I rarely look at the airspeed indicator on the LCD, because I prefer to use the mechanical one (it's less laggy)

These backups aren't something that sit unused in a cupboard; they're in front of your face every time you fly.

Vic.

Re: I was amazed at how SMALL these aircraft were

And if things went wrong, it wasn't exactly easy to get back out again.

Vulcan pilots had ejector seats. They'd get out just fine.

The "back office" crew - the other three members of the flight crew - had to slide down the entry hatch and fall out of the bottom of the aircraft.

That's bad enough - but the entry hatch is forward of the nosewheel. There is a procedure in the manual for getting out when the nosewheel is down - the designers calculated that the crew would miss the mainwheels by some 12 inches...

Vic.

Re: Impressively long lived

Vulcan XH778 is still going now

XH558.

but next year she'll hit the buffers because of the rules about flying hours for some of the airframe components, and that will presumably be that

The wing modifications last winter are sufficient to keep the airframe going for about 7 or 8 years. The problem is the engines - there's little life left in them, according to Rolls Royce. And RR need to sign off on the engines for the aircraft to keep flying. The project expects to fly the 2014 and 2015 seasons, but that's the lot, unless some sort of miracle occurs. The display has been modified to minimise throttle movement, which gets the most out of the engines, at the cost of airframe fatigue.

http://www.vulcantothesky.org/ - they need £200K to service her for next year's displays.

It's a great charity, and they're always short of cash. The remaining flying seasons are not yet paid for :-(

Vic.

Re: I was amazed at how SMALL these aircraft were

As a treat one day they let me go into the static Lanc they had at the main gate

Not quite a Lanc, but the Wellesbourne Vulcan mob do tours of XM655 on Saturdays. They do a cockpit tour in return for a donation - I've not made that yet.

Vic.