Posts by Jusme 111 publicly visible posts • joined 18 Dec 2007
Well it seems well intentioned, but given the parents of this innovation (Google and Cloudflare - wannabe owners of the internet) I'm not sure this is a Good Thing.
Also, if QUIC/IP is replacing TCP/IP, shouldn't that be implemented in the OS, rather than every application? I can imagine a world where there are dozens of buggy, incompatible implementations, so browser X won't talk to site Y. Oh... isn't that handy..........
Data channel locked down with https, DNS locked down with DOH, content locked down with DRM. Emails rejected unless they come from one of the big providers. Barriers to entry erected. Only Big Business allowed to play soon.
It's not the internet any more Toto, it's Cable TV Mk2, with a credit card reader as a viewing card.
Paranoid? Maybe. True? We'll see...
yaml, bastard sibling of python. Love-children of the scented chip-fat smoking brigade.
They're the the sort of "languages" I'd invent as a kid to solve a particular problem. Full of inconsistencies and hacks to make them more generally useful. Unfortunately they'll probably take over the world by sheer weight of numbers.
Now please vacate my lawn, it's getting dark.
...from my pov:
To reach every site, or be reachable from every potential client, you need an IPV4 address. If you have an IPV4 address, you don't need an IPV6 address. Adding an IPV6 address is > 0 effort/cost/hassle/risk, so why bother.
Some actors have been too aggressive in pushing IPV6 by default, before it was (is?) sensible to use it. This leads to a "disable IPV6 and it works" mindset. And because there is generally no simple way to say "prefer IPV4", IPV6 gets nuked at the lowest level, never to be seen or herd of again.
Despite the downvotes, this is exactly the endgame publishers want: end-to-end control over the delivery and presentation of their (precious) content. They may or may not fully achieve it, but we're certainly well on the road towards it: First HTTPS to protect it in transit, now lockdown of the presentation. The final stage will be browsers refusing to display content that's not "approved" (they're already getting antsy about http sites), then we'll be back to the TV delivery model, with a huge cost of entry and only a few big players to control.
"I'll just use a free browser then"... But you'll only be able to view hobby sites with it, as all the mainstream sites will be locked out, so most people won't bother.
"If they block adblockers there will be an outcry"... but the vast majority of people don't care. They happily pay subscription TV services to watch ads, why should the web be any different.
As soon as there's an option to protect sites it will be used, whatever the content. The age of web-TV is coming - sit and consume what's served up by your masters, no looking behind the curtains, no "fake news" from unapproved sources.
Don't agree? Time to accept that the internet is now a utility. Mainstream, regulated, sanitized and in the hands of the big boys. The open internet we grew up with will be like amateur radio - still available to those who care, but very much a fringe interest.
Is it time to leave Earth yet, Pop?
We got a mail "Easily Security Update" yesterday that went in the "could be a phishing attempt" pile as it was peppered with crap like "Click the “Forgotten Login/Password” [www.mmtrack43.co.uk] button". The only worrying aspect was that it was sent to the unique address used only for our Easily account - was it sent by the hackers to get the info they missed while they were in...?
(WTF is mmtrack43.co.uk? Google for "mmtrack43.co.uk" brings up a lot of links about Blueleaf Plants. mmtrack.co.uk seems to be some sort of mailing manager, but nothing that gives any confidence it's legitimate).
Three problems with biometrics.
1) The human body isn't suited to being machine-readable. This means either the match is fussy (got a cold? No cookies for you today) or lax (1-in-100-or-less false positives). Most systems tend to the latter, else they're deemed to "not work".
2) You only have one identity. Different finger for each website is a bit limiting, and once you've given your DNA sample to $badBoys (via cutekittens.org) they can impersonate you anywhere, forever.
3) You can't change your biometric identity. Once it's compromised - tough.
Proper 2-factor authentication is the way to go (i.e. something you have and something you know, not something you know and something else you know asked in a really awkward way, as some sites seem to think...)
Just go look in your browser certificate store and see world+dog being trusted. That's why they had to introduce Extended Validation certificates - for sites that really really (cross-my-heart-and-hope-to-die) want you to think they are secure.
A false sense of security is worse than no security. On an http site you know anyone could be viewing and tampering with your data. Deal with it. On a plain https site your best bet is to assume the same.
Raspberry Pi turns out to be a bit of a success.
Thousands of kids are getting to use Linux and possibly liking it.
Original Pi is too weedy to run Windows.
Problem.
Let's have a chat with the Pi Foundation and become buddies...
New Pi released with 6x the CPU and 4x the RAM. (For the same price?!)
Get a sawn-off version of windows running on it ("runs apps written in HTML", wtf?)
"Developers will need PowerShell running on a connected PC". There's the payback / lock-in.
Have chat with our buddies that run the National Curriculum and get some Windows-based Pi modules made mandatory.
All Pi's in schools must run Windows. Putting Linux on them is forbidden as a security risk / hackers training tool.
Profit.
Damn, that takes more than three steps. Ah well....
...if the internet we connect to is real any more, or just an elaborate simulation by a cartel of the big ISPs, Google and the NSA. We know all our web traffic is proxied, email is proxied, DNS is proxied. I wonder if every packet we send is going to a server at the local ISP and triggering some emulation that may or may not make a real connection to the outside world to get the date we seek.
[Nurse! The medication! Stat!]
VME SESSION STARTS AT 17:00:07
-begin
-help(37022)
DESCRIPTION:
THE EXISTING CONTEXTS FOR THE REQUIRED NODETYPE DEFINES THE STARTING POINTS FROM WHICH SELECTIONS MAY BE PERFORMED,THE SYNTAX OF THE SUPPLIED HIERARCHIC NAME IS SUCH THAT NO MEANINGFUL SELECTIONS MAY BE MADE FROM THE EXISTING POINTS FOR THE REQUIRED HIERARCHIC NAME
"Stateful systems aren't equipped to handle distributed state, thus pretty much any system that isn't an endpoint of a MCTCP connection is useless at doing anything besides simply forwarding the packets."
Correct. That's all they're supposed to be doing.
How is this different from a VPN (other than performance considerations)? Or spread-spectrum radio?
If the price was reasonable and IF it really did mean no ads (unlike a certain subscription TV service...).
(yes it would be nice if the original artists got a cut, but that's probably not going to happen. They did sign their rights away when they sold out to The Man. Maybe the next generation will sell directly to their fans and cut out the leeches.)
Remember how long BT dragged their heels providing internet access in the first place? First with dial-up by not providing sufficient line capacity to these upstart ISPs and DAXing domestic lines when everyone wanted a second line for internet use. Then broadband...
There are only two last mile providers in the UK - BT (ok Openreach, but that's just bean-counter fiction) and Virgin, and they have precisely no incentive to open their networks to anyone. They only need to play the "Think of the Children" card and the government will be happy to let them be nanny to everyone's internet. Actually they already do.
And why else do the carriers prefer to implement NAT rather than IPV6? Couldn't be that NAT makes the internet look more like the traditional broadcast model (provider to consumer) could it?
Interesting times...
"They" won't be happy until the internet is dragged back to being a cable TV service, where content providers (Facebook, Netflix, ebay, Amazon, BBC etc.) pay the carriers to take their content and the punters pay the carriers for access to "Approved" services. Google takes their cut by stuffing adverts into everyone's feed. No peer-to-peer, don't want the plebs making their own voice heard. Only the big boys need apply to join the providers club, and you'll only get into the routing tables if you're in the club.
I give it 5 years.
Well I had to patch squid to prefer IPV4 because youtube was unusable over IPV6 last time we tried this.
If you're stuck on 512Kbit ADSL it may be ok, but on 50/100MBit+ cable there is no way a free public tunnelbroker is going to keep up, or be willing to try if/when demand rises beyond a few spotty geeks playing with a curious new toy.
And I'm not sure exactly what the AUP is for the one I use, but I dobut they'd be happy with me pulling several GBytes/day through their free service.
I still have to configure my proxy to prefer the IPV4 address when a site offers both. Why? Well for me, like I expect 99% of people, IPV6 connectivity is via a tunnel over an IPV4 link. So I either have a fast IPV4 connection to the site or a slow IPV6 one.
When more sites offer both IPV4 and IPV6 addresses, anyone who's experimented with IPV6 will rapidly start to disable their IPV6 connectivity once they figure out why everything has slowed down.
I predict "Your internet is slow?" "Have you disabled IPv6?" will become a common exchange :(
If IPV6 is to take off, the last-mile ISPs need to support it. Anything else and it's just an academic experiment.
Or if you must have a technical solution to a social problem:
1) Register ".kids"
2) Hand control of that domain to your favourite nanny organisation
3) Get ISPs to offer a filtering option that only allows access to IP addresses that reverse-lookup to a valid ".kids" address (i.e. 1.2.3.4 -> cbbc.kids -> 1.2.3.4 = ok, else blocked)
...
Profit!
Even if the games and media companies manage to eliminate "piracy" and second-hand sales completely they won't be getting a windfall. There's only so much disposable income to go around.
If we have to buy everything at full price most people aren't suddenly going to find 10x the cash to spend on games and media, we'll just get less of it. Actually we may spend less as well, since we'll feel more like we're being ripped off.
We only need one more top-level domain, and that's something like ".kids". Only legitimate, traceable organizations would be allowed to register, and anyone peddling un-wholesome content could be banned and fined. ISPs could easily provide a bullet-proof kiddy filter by only allowing IP traffic to sites that reverse-resolve to the correct address in that domain.That would provide a safe corner of the internet for those needing an electronic baby-sitter, and allow us adults to get on with our business elsewhere.
The whole new TLD nonsense is just holding anyone with a significant internet presence to ransom. Pay us a bucket-load of money or your name will be sold to the highest bidder...
I've always said the internet will eventually turn into a glorified cable TV channel. That's what the media corporations have been pushing for ever since Napster gave them a kick up their backsides all those years ago. They (and governments, and other big corporations) hate user-generated content. Can't think why....
And you can hardly upload a video of your cat to TheirTube these days without getting a copyright warning because a neigbour two doors down had the radio on.
I've been slowly moving to a fully dual-stack network, but have had nothing but problems. The typical advice being to "turn off IPV6". That's not going to help adoption much...
Example: My primary ISP doesn't provide IPV6, and I suspect there isn't a cat in Hades chance of them doing it before I get my bus pass. Hurricane Electric kindly provide me with an IPV6 /48 via a tunnel, that's 65535 x (IPV4 internet address space)^2 worth of addresses. I set up a router and make it the default IPV6 route and it works!
But... YouTube crawls. Why? Well they advertise IPV6 routes, and that takes priority, so rather than using the fast IPV4 link traffic goes via the tunnelbroker. Switch IPV6 off? That's giving in. Change the default routing policy using a bodge called RFC3484 (gai.conf on Linux)? No good - squid doesn't take any notice of this and carries on merrily sending everything it can over IPV6. Current solution, a hacked version of squid that favours IPV4 except for local IPV6 addresses.
Example: Sometimes we get really slow traffic on some links on virtual machines. Turns out there's a bug in the vmxnet3 network driver that makes it ignore the MTU for IPV6 (how??!!). Turning IPV6 off solves it! Or switch to the trusty e1000 driver and lose some performance.
Example: "IPV6 doesn't do NAT". Actually this seems to be more of a religious point than a technical one. The way to avoid having to change all your internal IPs when changing providers is to allocate multiple IPV6 addresses to each interface. Great idea - I'll use the IPV6 private prefix and give all machines a private and public IPV6 address. Can I find a DHCPv6 server that supports multiple addresses? Nope. So we now have IPV4 addresses handed out with DHCP but IPV6 addresses have to be manually configured.
Example: If consumer-level ISP do start giving out IPV6 addresses, will they give out /48's? No chance - that'll eat up IPV6 address prefix space (which isn't that much larger than IPV4 address space) pdq. A /56? Unlikely. A /64? Maybe, but then how do you do routing without some bodge. Less than a /64? Quite possibly!
Better stop there for now - but the point is, IPV6 is still very immature. Yes, the basics work, but try and do anything more complicated and be prepared to hit bugs and lacking implementation. Give it another 10 years and it might be workable. Unfortunately for most people IPV4+NAT works, IPV6 doesn't.
> Seriously, the moment Zuckerberg and Co decide to go IPv6 only, IPv6 will take off faster than a class M rocket engine attached to a bog roll.
>The one thing that will push everyone to IPv6 will be when some of the big sites (YouTube, Facebook) go IPv6-only.
These big sites will never go IPV6 *only* in our lifetime. They have no reason to.
> And will the PS3/Xbox360/Wii support IPv6? Of course! That's what FW updates are for!
Won't happen. What possible business case is there for MS/Sony/Nintendo to create a support nightmare when everything is working fine today and will continue to tomorrow. Again these companies have all the IPV4 they need "forever".
No, some multiplayer games won't play well with NAT. They will be fixed (to use a 3rd party server - oh look another means of controlling the consumer. EA love turning their severs off to push everyone onto this years roll of their top-earning cash cow). A lot of multiplayer games do work with NAT, I've run several xboxes behind a local NAT and it's just fine most of the time.
> And of course, the smaller ISPs won't be able to compete, thus they'll get squeezed out of business, leaving the ones that remain free to rip us off with crap service.
I can't see the big ISPs crying about that...
> Non-browser apps? Most of 'em support IPv6 as well!
Disagree. There are a huge number of legacy application that don't. They won't be fixed. They will (and do) work with NAT. They don't work IPV6 only.
> I can't have *decent* IM chat engine without a 3rd party involved
Boo hoo say the telcos!
> I'd love to run my own website at home.
> I can't setup my own Teamspeak server,
So pay a few $ extra for a premium service with an IPV4 address. Kerching!
> Yep, I can see a carrier-NATed Internet being a happy place!
It won't be. The internet will be come cable TV 2.0. A lot of big money wants exactly that.
In the end, I'd love IPV6 to take off - but I fear that it won't and we'll end up in a world of IPV4 NAT pain.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
