@Gav

It's a classic:

http://xkcd.com/327/

@AC 21:13

They didn't start out with classful addressing. :-) And there's nothing wrong with using /31 on point-to-point-links (RFC3021), and it often works on Ethernet-links too!

And 240.0.0.0/3 will hopefully not see service any time soon. The work involved in making sure it's reachable from everywhere makes IPv6 deployment seem like a vacation. It'll give you 14-15 IPv4 /8s, just around one years worth with the current allocation speed.

@ARP spoofing etc.

One of the points here is that most exploits in IPv4 have been dealt with so you have no end of knobs to turn, e.g. "Dynamic ARP Inspection", "DHCP Snooping" et cetera. Features similar to these are much less common in IPv6, which is a shame. Though there's not much new in the article one can hope it helps forcing the vendors to supply RA Guard et cetera.

@Shannon Jacobs

It depends on what you mean by "configuration state". Most deployments are dual stack where IPv4 and IPv6 live together. Each one is configured just like if it was the only one. In some deployments you could have tunnelling here and there, but for most users/uses this should appear transparent.

If you suspect your ISP is incapable of handling issues like these you really should choose another. Protecting customers from each other has long been a standard ISP practice and IPv6 doesn't change this at all.

@AC 11:25

Well ffs... the people taking over the responsibility for the network (and taking the money) are obligated to look for problems. I only know Cisco and cannot speak wisely about other vendors, but everything is in the configuration. You can't "hide" stuff as such.

@spanning tree problems

Oh please... the spanning tree protocol is there to _help_. Many people think it's a bad thing, but it's not. Many people configure their network wrong and blame spanning-tree for the ensuing problems.

You could be right about this being a spanning-tree related problem, i.e. a problem created or exacerbated by wrong STP configuration, but STP is not at fault. The problem lies with the (highly paid?) incompetent "consultants" that design and operate the network.

It sure does sound like they need a redesign: A network with a single point of failure, where said SPoF can disable the whole network and where fault isolation takes several hours. Amateurs! :-)

@Peter Jones 2

You might very well be right about the current operator (Logica) probably not being directly responsible for the initial sorry state of the network. But _anyone_ assuming responsibility for a network _has_ to observe some kind of "due diligence". If Logica (or whoever) is willing to take the money they implicitely also accept taking the blame.

@The Dodoman

It's the *lack* of critical fixes that people complain about. Every sane OS (which excludes OS/400) needs fixes to critical bugs. We get updates to our CentOS servers often, and the Fedora workstations get them like every day.

The problem is when there's a bug and the fix is NOT supplied. And then the exploiting starts...

@Brian

Yeah, that actually made me a little sad inside every time you said it.

Yeah wait a minute...

Ah, so *that's* what the author meant, "Sun VirtualBox". Oh wait, ^W^W^W^W^W^WOracle VirtualBox" of course. And I'm using VirtualBox something like every other day.

@AC 17:02

Sir, you need to come with us please. You obviously display terrorist tendencies.

@Andy and Cowherd

You two are WoW nerds. (Or should it be WotW?)

@Bugs R Us

Sure, let's have some "rights managed" content. But PLEASE make sure that it then actually works for the people who pay for it. Not everyone uses Microsoft Windows and Windows Media Player, and things like protected WMA can't work at all on my Fedora installation.

The iTunes Plus ".m4a" files are fine, at least I can get a gstreamer plugin to play those. I don't know if they're patent encumbered though. The files themselves are identified as having been bought by me. I have no problem with that.

@AC 05:27

Maybe you should read up on Internet routing. Nobody uses OSPF on the "Internet". SPF algorithms can give you best-latency routing, but they scale very badly.

And maybe you should read the paper. They do try to explain why a "nearest neighbor" routing scheme could be a good idea.

It has not met any serious criticism on NANOG-ML, on the contrary:

http://mailman.nanog.org/pipermail/nanog/2010-September/025219.html

OpenGL maybe?

I'm a little puzzled about there being "nothing analogous to Direct2D from other OSes"; I don't know the Windows-world very well, but I seem to have seen OpenGL able to provide services on a few other OSses, a.o. Linux. And on my laptop hardware acceleration works very well. (I'm using the proprietary NVIDIA-driver, but that's irrelevant to the OpenGL argument.)

AFAICT the Direct2D APIs are "easier" on the developer, but OpenGL can to 2D acceleration fine.

@Asgard

> "I don't see any 4Ghz chips and i've been waiting years for them!"

How does a 5.0 GHz POWER6 sound to you? Or an 8 core 4 GHz POWER7? If you don't see these chips you're really taking care not to follow tech news.

@Mark_T

If you by "old laws incapable of addressing the modern world" mean that the juror's/victim's/witness' Googling/Facebooking is just a thing of the modern world that the judicial system should accept, you are IMHO very wrong.

They must never be allowed to investigate by themselves, Internet-based or otherwise. When a victim or witness has to ID a suspected perpetrator among many potential in a line-up, all these potential suspects are presented in as much a neutral and equal way as at all possible. If the victim starts investigating himself then he already has an idea from which his investigation starts, and he is thus prejudiced against the subject of this investigation.

And a juror's job is to consider the guilt or innocence based only on what the court presents. There's a reason certain things are inadmissible in court, things that are not presented to the jury at all. The same goes with things that the jurors are explicitly instructed to ignore.

Letting people investigate by themselves would erode the legal rights of the innocent-until-proven-guilty suspects.

(I do not commend the MET's actions described in this article. And IANAL.)

@AC 00:22

There are others ways of making money than being litigious you know. I think James' was miffed by the sparkling eyes being those of the lawyer, since this lawyer's goal seemed to clearly be suing Google.

@MAC users

Yeah, screw MAC users, let's start using X.25 again!

@TJK

No, a /16 network isn't always a Class B network. The Class B networks start with binary "10", and cover the range from 128.0.0.0 to 191.255.255.255. In classful addressing their natural netmask is 255.255.0.0, i.e. /16 in CIDR notation.

The network 170.56.77.0/24 (CIDR-notation) is a /24 subnet of the Class B network 170.56.0.0. And 192.168.0.0/16 (CIDR-notation) is a supernet of the Class C networks 192.168.0.0 through 192.168.255.0.

Everyone please forget everything about classful addressing.

@Highlander

But the malicious traffic actually comes from your own PC, not from the Internet. The filtering you suggest, while theoretically a good idea, is of no use here.

Anyway the "special use" IP-adresses (RFC 5735) are not likely to hit your front door, since sane ISPs are unlikely to accept these in the DFZ.

@John Sanders

You said "I'm still awaiting for an anti-Muslim Google bombing".

@Alex 64

It's called slang. Look it up. El Reg have used "trick cyclist" instead of "psychiatrist".

Take a look at http://www.trickcyclists.co.uk/ for example.

@AC 21:42

"And just what does the "i" in Apple's iOS stand for anyway?"

The "i" in "iOS" is the same as the "i" in iPhone, iPad et cetera which is a super short form of "Irritating incompetent inept impotent idiot".

@James

""If I were running the App Store I'd go through all other apps and ensure that any which use the GPL are booted. And I'd turn down any future GPL apps.""

That would be extremely prudent. It would even be illegal _not_ to do this. Unless Apple changes their license terms.

Please understand: Distributing GPL applications via the App Store using the store's standard license terms is ILLEGAL.

@boltar

"So in other words a daemon running with root privs just downloads and installs stuff when it feels like it. No bloody thank you!"

I haven't tried this flavour, but if it works like how auto-installs have worked in Fedora 12 it's not a daemon, it's a program started on demand. And it asks you for a root password to install the packages.

Even if it doesn't, I would think they have protected this program just as they have protected "login", "gdm" and other programs running as root and taking input from the user.

How do you feel about being able to shutdown your machine from the GUI without specifying a root password? How do you think that works?

@max allan

You didn't try to zoom in did you? Was that too difficult for you? They're stopwatches

@Andrew Jones 2

You must live in a strange country. :-)

Where I live (Denmark) it works like this: One person verifies your ID (typically drivers licence) before taking your voting card (sent to you previously by snail mail) and putting a mark on the list next to your name. Another person, sitting next to the first person, hands you a voting ballot. Noone writes anything down about who gets which ballot.

Are you sure it's trackable where you are? Most modern countries seem to use an anonymous system.

@AC 04:17

Please read up on what DNSSEC is. It gives the client a cryptographically safe way of determining if the DNS answer came from a "trusted" source, just like SSL certificates.

It will not make it any easier to track you (yes YOU Derek) on the Internet than it already is.

@AC 16:13

"... you download one of the many FREE MP3 encoders. Same goes for H.264 - ..."

Where can I find a free MP3 and/or H.264 encoder for commercial use?

@psyq

I completely agree with your point: Technology like codecs isn't free to develop, and giving out patents ensures that someone actually wants to spend their ressources developing shuff.

One thing bothers me a little though: The patents last for 20 years. That's a long time when we're talking software. So if we want to keep software patents, let's at least shorten that period a little, to maybe 10 years instead.

The people making money from H.264/MPEG4 licences now isn't the same people that developed the thing.

@AC 14:05, amanfrommars?

Why would amanfrommars post as AC?

@ disabling DNSSEC in BIND 9?

I don't get it. What's wrong with "dnssec-enable no" in your named.conf? I haven't tested it myself (no handicapped network connections here) but I can't see why it wouldn't work.

(If you're referring to the mess with a certain python script mangling named.conf, that's hardly a BIND problem.)

@pillowfight

> Funny, nobody said "********" yet.

You just did. :-) But let's keep this discussion humane and civilized please.

Why the downvotes?

This is actually the funniest post so far. Some people have no humour it seems...

@problems using 8.8.8.8

Are you guys sure it's not something between you and 8.8.8.8?

[20:45:36 prathlev@euler ~]$ dig @8.8.8.8 +short rs.dns-oarc.net txt

rst.x1247.rs.dns-oarc.net.

rst.x1257.x1247.rs.dns-oarc.net.

rst.x1228.x1257.x1247.rs.dns-oarc.net.

"74.125.42.94 DNS reply size limit is at least 1257"

"74.125.42.94 sent EDNS buffer size 1280"

"Tested at 2010-04-14 18:45:23 UTC"

[20:45:36 prathlev@euler ~]$

(Yes, my timezone is GMT+2)

Making MS ISA 2006 do EDNS0

Simple: Press the "Start"-button, choose to shut down the machine. Insert a CentOS 5 DVD and install from there. In about 30 minutes you will have a server that can do EDNS0. Name it "msisa" or something for nostalgic reasons.