Posts by john.jones.name 269 publicly visible posts • joined 1 Aug 2017
rather than only deploying CGNAT consuming power and expenses deploy IPv6 in parallel
that way by default they go IPv6 and if there is a problem CGNAT it reduces the amount of load on CGNAT...
problem is most ISP's do CGNAT by default rather than relying on XLAT for IPv4 -<--> IPv6 connectivity
more education and sensible cost savings on networks needed...
regards
John Jones
you can see more details of BGP and test your own ISP
on top of that when is theregister.com going to sort the domains HSTS or stop offering TLS 1.1 or CAA or security.txt or DNSSEC or DANE for your email
you cant be expected to be taken seriously when the website fails on this many points far out all you have to do is change your google MX to signed ones...
Australian Antarctic Program is frankly a shizer show...
install some equipment to classify the birds plus a 360 camera and a web link
no so sad just want to go back drink coffee and count the whales...
Australian tax payers money at work doing feck all not science
science is important to Australia try actually doing it
the problem is that they do things on the cheap...
ok so someone complains about Electricity pylons, also known as transmission towers people get the wrong end of the stick we have those because its cheap not because its best...
best is to dig a trench and put electricity cables and fibre optic in it
that way tree's dont need to be tended or snow falls get in the way... but no cheap option rather than thinking about 50 years down the track
equally smart meters are good BUT they went with the cheap option now 2g is being retired. they are only now thinking gee wouldnt it be nice to have multiple backhual options... ANYONE in radio or networking would tell you have multiple backhual options built into it from the start...
cheap / fast / good
pick 2
44.7% observed https://stats.labs.apnic.net/ipv6/CN
while Japan is ahead on 58%
this feels like well researched click bait
basically the certificate authority PKI based system is broken
99% use it
Those that do not have advantages of caching and they like that...
Those that do use TLS backed by a CA are susceptible (can be hacked) by a nation state without any trouble at all simply ask your local CA company (there are american and chinese CA's in your browser)
so really its a farce currently the only way out is DNS
if a chinese dissident contacts the americans the chinese have the power and can compel a CA to sign a cert that allows them to intercept all traffic and it appears to be signed by USA equally American dissident contacts the china the americans have the power and can compel a CA to sign a cert that allows them to intercept all traffic
IF we had DNSSEC and DANE then the local gov for that domain is in charge nothing to do with centralised power...
so yeah sign your domain its not hard
SVG is hard to implement and browsers still have not implemented it 100%
so any "owner" of the end viewing software gets to dictate how things are "rendered" so what the servers (those sending adverts or pretty pictures) gets to say, use and track
use standards like SVG (secure version) rather than canvas where google/bing/yahoo/cloudflare/Fastly/PageCDN can not track track you...
https://www.ietf.org/archive/id/draft-svg-tiny-ps-abrotman-04.html
actually ACMA did a awesome job
the telco's all 3.... did what ever they could to delay and not upgrade...
Australia has the same emergency service as MODERN european WITHOUT anything legacy... what does that mean ? 100%, (consider how hard it is to get 100% of anything) of the phones will when they phone 000 / 112 / 911 / 999 actually send a SMS (after 3 seconds) of their GPS fix and all the towers will triangulate as well to give the emergency services the best possible chance
fall down in a creek and your watch detects a fall it will give them the best chance of saving you
get bitten by a snake and phone for help they dont need to ask for directions
go the wrong way down the highway and phone for help... they dont need a translator to find you
FAARRK how many lives saved and your worrying about being forced to buy a phone that is not offshore model and not supported anymore vs the amount of money spent saving people spent by the tax payers
Visitors who turn up need a phone that works and need a modern version to get service and make calls so its one rule for all
ironically emergency is still supported for legacy bands for some time they just don't say that...
Australia is living in the future with regards bands allocation and LTE and 5G NSA / SA announced on their networks and we should be proud to save actual lives...
dont get me started on HSTS policy but for IPv6
Log in to your Cloudflare account and go to a specific domain.
Go to Network.
For IPv6 Compatibility, switch the toggle to ON
its called dual stack
you dont need ipv6 on your webservers cloudflare will sort that out and the statistics remain the same...
this is pure lazy
FFS
telco is full of DSP, compression and backhaul
if AMD finally got it together instead of copying intel (and doing it better right now) then they could kill
AMD could dominate since they have FPGA with DSP heritage and ARM license...
but hey they are too focused on X86-64 which they only have to be marginally better than intel towin so why bother...
they do not configure DNS correctly - its always DNS
https://internet.nl/site/www.megaport.com/3172853/
all you have to do is sign it they use godaddy for registration and AWS for a DNS server so its one click... brilliant...
be better maybe also have a security reporting schema
regards
John Jones
I dont think everyone has thought this through
they need to blow a efuse
change certificates
EVERYTHING is over for the AMD64 / X86-64 they need to change and update all the root of trust
far out this is what happens when you have HARDWARE that is MODIFIABLE (which most is now) you need a way of changing certificates and verifying them...
good luck
John Jones
when you send a PCB to manufacture,
you send artwork, a mask.
If they copied the artwork by tracing the PCB.
thats a problem
first of all ethically you don't understand whats going on or why, second you literally copied an artwork.
I can understand that its going to be a problem legally even if both are grey areas
they created access/easement (laying a road)
laid concrete
erected a tower of steel
laid fibre optics or linked up microware
NONE of which is good for environment or wildlife,
they literally cant electrocute the wildlife or shoot it with AI... or they would...
nature finds a way (do your freaking research on that phrase) Australia will screw you (the sun/radiation down here burns bad steel)
study a complex system for long enough and you will understand
yeah nah...
they don't care for the wildlife
the wildlife eats their budgets and time... basically no crews would approach because well do you want to argue with a mother eagle on a tower next to its chicks
F that
build them a nest... note that there is no lightning protection surrounding the nest infrastructure that the built
now cockatoos they are the real freaking danger they eat wires...
see someone who built a nest https://industreegroupstadium.com.au/the-stadium/our-birds/
X25519+Kyber
20.7% of TLS 1.3 traffic at cloudflare is using post-quantum encryption in Australia
Google's Chrome 124 enabled it by default this year, starting on April 17, and adoption grew rapidly following that release, including Chrome derivatives. Other browsers are on path as well: Mozilla Firefox has started rolling out post-quantum by default, and cloudflare observed Apple Safari starting initial testing.
whats surprising is I dont see SHA-384 being retired any earlier
I'm not sure buying from aliexpress is the best way to go and it lacks some features that a home network might need....
I ecourage you to look at
actually Australia is doing quite well due to Telstra... of all companies
what is really holding us back is OPTUS not having a modern network
(they list as Microplex )
AS1221 ASN-TELSTRA Telstra Limited 79.14%
AS4804 MPX-AS Microplex PTY LTD. 0.21%
AS7545 TPG-INTERNET-AP TPG Telecom Limited 13.31%
AS4764 WIDEBAND-AS-AP Aussie Broadband 28.78%
AS9443 VOCUS-RETAIL-AU Vocus Retail 45.11%
if optus just started using their network correctly we could be up there with the best of them...
why do you think range rover insurance is so much...
most organised gangs already pay for wireless tools and have backpacks for clone of keys or relay attacks most camera's rtp server are trivial to overload/crash anything with a rolling keyfob again is trivial.
picking locks digital or otherwise was always done by professionals and criminals better than the Military simply because of motivations
looks like a lot of Teal box's that come from china in there...
normally the problem is the User agent (UE) as with so much of networking it depends on the Equipment...
there is QoS applied and you will see this most often when someone is making a call in a train and the rest of the phones trying to consume plain data get bumped down for QoS reasons
the easiest way to get decent calls is to use a mobile/GSM handset that the operator has optimised for which in most of the world in a iPhone... and the best way in modern network is to use a iphone thats 5G capable so the latency can be reduced (if the operator has done their homework)
what you need is decent microphones/speakers and DSP paired with a good packet processing.
when we get standalone networks and full end to end packets then picking the fidelity of the sound wave will be possible right now its up to manufacturers and operators....
until you read the prospectus its all conjecture and even then its going to be full of weasel lawyer words
if I was being mean I would say they have become a fantastic broadcom VAR, doing very little to add capability beyond adding their own ASIC for what was called the southbridge in old intel terms...
on a positive note hopefully they could use some of the money to fund their own SOC with a full graphics stack (full openGL ES 3.2 and vulkan 1.3 compliance) rather than just broadcom
either way its been a good thing
yes cloudflare do their website but really they should be able to manage that themselves with a failover to cloudflare...
its still pretty poor that their RPKI has portions that are not signed
dnsa.nominetdns.uk.
... 2001:502:ad09::/48 AS397215 not-found
... 2001:502:ad09::/48 AS397218 not-found
... 2001:502:ad09::/48 AS397220 not-found
there is a HUGE market in SSL certificate authority that they could quite easily setup plus the filtering market
then there is the phone number registry they could get into in a blink of an eye combined with the certificate business you could have SHAKEN/STIR monopoly which would be prefered to BT...
the problem is they only have 1 MX server and thats prefilter.emailsecurity.trendmicro.eu.150.70.226.147 its borked
email has failover and preferences for mail exchanging systems only using 1 trendmicro.eu is a bad design it should have a failover on a different domain at the very least...
even Microsoft know better...
once everyone turns off 3G and 2G then we will get better signal the amount of energy maintaining old Infrastructure is crazy
for Australia thats after 30 June 2024.
If your mobile device doesn’t have Voice over LTE (VoLTE) technology, even if it uses 4G, it will not be able to make voice calls on our network after 30 June 2024.
Finally we will be in a IP / Packet only network for telstra and Vodafone already is...
this is all because their where media reports theorising that the reason they could not get hold of optus was because Executives used only Optus and had no backup
I will tell you all members of rivals firms e.g. Vodafone carry known backup SIM and are instructed to swap to those as part of a BCP (business continuity plan)
I highly doubt it was a "personal" DR strategy they are just trying to either explain away the fact they did and said nothing for HOURS while the whole network was down
(the NOC will have been actioning and running full stream but the execs where shown to be pointless and did not communicate to their customers )
the real issue was while emergency calls (000 / 999 / 911) on GSM roam to whichever network is available and it that works for Optus as they are rarely the only carrier/provider in a area THEY HAD NO BACKUP solution for all their digital/VoIP lines beyond switching to Optus GSM which was also down - this effected HOSPITALS, doctors and trains
Frankly the Australian Government should be looking at how to regulate firms who are not publicly listed in australia and have responsibility to foreign owners
optus network assets and config has clearly been sweated and lack investment
they should have been filtering their routes and at a minimum using RPKI and investing in IPv6 like other ISP's... they did not and wanted as much money sent back to the parent corp as possible
when we see RPKI and IPv6 on the optus network then we will know the engineers have been given the budget and they actually have had the time to fix this mess...
do not trust them beforehand
unless they are repackaging existing kit there is no way 89M pays for custom radios
all you can do is essentially recenter the frequency around Military frequency allowances and even then 89M wont pay for all the actual engineering to be done...
all they will end up with is supply chain full of china/APAC based vendors rebadged with no clue that the kit is being used for military use...
intresting would be the split in fee's between BAE to Kellogg since those "consultants" don't have any RF experience they just talk a good game
ISSUE: None of your web servers has an IPv6 address.
www.theregister.com IPv6 address = None
SOLUTION:
1/ Login to your Cloudflare account.
2/ Click the Network app.
3/ Toggle IPv6 Compatibility On.
ISSUE: Your domain is insecure, because it is not DNSSEC signed.
Domain Registrar for www.theregister.com = CSC Corporate Domains, Inc.
SOLUTION:
1/ Login to your Cloudflare account.
2/ Go to DNS > Settings.
3/ For DNSSEC, click Enable DNSSEC.
(In the dialog, you have access to several necessary values to help you create a DS record at your registrar CSC.)
ISSUE: Your web server supports TLS versions that should be phased out deliberately, because they are known to be fragile and at risk of becoming insufficiently secure. TLS 1.1 phase out
SOLUTION
1/ Login to your Cloudflare account.
2/ Go to Domain > “Crypto” tab
3/ choose the “Minimum TLS Version” as TLS 1.2
I dont think this is complicated. get on it.
SHAKEN system, short for Signature-based Handling of Asserted information using toKENs. would help...
if your going to switch people to digital voice and SIP it would be good to actually sign outgoing call's as coming from BT oh and can you sort out RPKI Route Origin Authorization at the same time this is basic stuff
I would bet they cheaped out and used aerial Fibre run
microsoft will have known this and didnt care thinking the other links would be fine until bang they didnt have capacity to balance a failure
1.6Pbps is the addition of all links its practically nothing if you have a lot of DC's with 100Gbps links
maybe just maybe they should have located "west" in more countries and not just the cheapest bandwidth wise...
data and network sovereignty have you heard of it ?
Linux killed Solaris, why buy expensive box's from sun/oracle that funded the spaghetti code maintenance when you could change it yourself or pay someone else cheaper (I'm not saying its better just cheap)
really the whole argument about RedHat/IBM removing src rpms is aimed squarely at Oracle everyone knows that, every time a redhat sales people walk into large accounts Oracle people are there or are going to be there saying they will do it for free and oh can we sell you a database/etl...
do you rape the earth cutting down trees and extracting oil / plastics to achieve that ?
do you feel pity for those that suffer after you ?
maybe just maybe you should consider those that come after you and actually lead... NASDAQ: MLKN needs to be sustainable now not in 2030
Whoever administrates www.theregister.com is VERY behind the times
ISSUE: None of your web servers has an IPv6 address.
www.theregister.com IPv6 address = None
SOLUTION:
1/ Login to your Cloudflare account.
2/ Click the Network app.
3/ Toggle IPv6 Compatibility On.
ISSUE: Your domain is insecure, because it is not DNSSEC signed.
Domain Registrar for www.theregister.com = CSC Corporate Domains, Inc.
SOLUTION:
1/ Login to your Cloudflare account.
2/ Go to DNS > Settings.
3/ For DNSSEC, click Enable DNSSEC.
(In the dialog, you have access to several necessary values to help you create a DS record at your registrar CSC.)
ISSUE: Your web server supports TLS versions that should be phased out deliberately, because they are known to be fragile and at risk of becoming insufficiently secure. TLS 1.1 phase out
SOLUTION
1/ Login to your Cloudflare account.
2/ Go to Domain > “Crypto” tab
3/ choose the “Minimum TLS Version” as TLS 1.2
I dont think this is complicated. get on it.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
