Posts by Alan Brown

Re: Thingies cat

"If you are in a Conservative Government and you hire your mate you know its going to be a disaster."

No, WE know it.

You are off in sunlit la-la uplands prancing with lesser spotted mauve unicorns

I don't know what they put in the water at Westminster but it seems to induce some pretty powerful hallucinations of adequacy

Re: Thingies cat

"if you're that far out on the Dunning-Kruger inability-to-recognise-your-own-limits scale, you should be (at best) Assistant Manager of a motorway services franchise"

and yet the person at the heart of this has presided over a long series of fusterclucks including losing personal data of hundreds of thousands of people at TalkTalk

It's presence near ANYTHING should be a warning klaxon that whatever the project was, it's now a "jobs for the boys" boondoggle

Re: Thingies cat

> "You'll need to contact the manufacturer"

Is a surprisingly and depressingly common mantra

British Trading Standards departments are so catastrophically overloaded that complaining about this might get dealt with in 3-6 months time, if at all

> Their response, after much faffing, was "well our guy used to work for that same organisation and THEY think it's okay".

Quality British Workmanship, Innit

There's a reason "Made in the UK" is a warning klaxon across the commonwealth (even louder if it has a union jack attached) even 47 years after the trading agreements were torn up which essentially forced companies in Commonwealth countries to buy British items

(The reaction is so visceral that General Motors found they couldn't GIVE away Vauxhalls in Australia/New Zealand in the late 1990s - having to phsysically change the badging on a shipment of ~1000 Vectras to Holden or Opel)

"Despite this recent snafu, I wonder if we're still better off than if we'd produced a fully tested system,"

Some organisations HAD fully tested systems in place which they were ordered to shut down in favour of the £18billion Serco app

"Both organisations have generous IPv4 allocations"

Which are not "theirs" and can be clawed back if ARIN/RIPE etc feel there is a need.

This has been a regular occurence when IP netspace hijacking takes place as it's regarded as proof-positive that the org no longer needs the allocations

And no, ARIN/RIPE/ETC are not obligated to pay for the clawbacks. IP addresses have no intrinsic value. If you're silly enough to pay a million for a /8 from someone then the sayings about fools and money are vindicated

YT, FB, Scamazon, etc are going to be the LAST outfits to deprecate IPv4, for simple commercial reasons

But they may well be the first to encourage users to push across to IPv6 access for enhanced features, given the expenses of operating IPv4/IPv6 tunnels at the edges of their networks

IPv6 is already clearly lower latency for most of these guys so "faster access" might be the selling point that pushes people to bug ISPs for v6

Re: And just after IPv6 hits 50% adoption ...

They don't have much choice

Goo, FB and friends are deprecating it (forcing browsers to use higher levels) whilst browsers are doing the same thing (refusing to talk to websites only doing older protocols

It does cause problems talking to legacy shit like old printers in your internal networks though....

"A lot of complaints don't seem to be based on reality"

Virtually all complaints are that renumbering or redeploying is far too hard and they can't be arsed moving on from IPv4

As I've mentioned I ran into this regularly dealing with organisations which allocated themselves addresses for internal use (usualy 128.*) on the basis that they'd never need the Internet, then found they DID need it.

Telling them they had to renumber their internally used nets out of public space and into 10.* or 172.16-32 had exactly the same resistance as seen to moving to IPv6 and many of them TO THIS DAY are using 128.* addresses internally.

The fact that the worst offenders are regional health authorities shouldn't surprise many people (frequently the same organisations would be running their entire financial systems using MS Access - these are organisations employing upwards of 10,000 people and handling hundreds of millions of dollars a year)

Re: Doomed to eternal limbo

"The question is whether such an assumption is still valid in today's world with a more diverse range of end-point devices."

Case in point: TEAMS and ZOOM

on IPv6 they're easy, on IPv4 they require all kinds of backend kludging

Re: Doomed to eternal limbo

"It's telling that people would go to those lengths and put up with those inconvenienced in order to avoid IPv6."

No, they go to those lengths and put up with those inconvenience BECAUSE IPv6 ISN'T AVAILABLE

It's called working around NAT's fuckups, because you don't have any other choice, but it ONLY works through one layer of NAT. As soon as you have CGNAT or multiple layers, you are reduced to client-server models

It's that client-server kludgearound which usually ends up poking glaring holes in IoT implementations and completely backdooring even NATed networks in the quest for remote accessiblility

Re: Doomed to eternal limbo

"The cheap crap that is IoT in the real world is usually designed to only use out of date 2.4 wifi standards"

Because the IoT processors which do it (most commonly ESP8266 family ) are 5p each in quantity whilst the 5G ones are 10-20p each thanks to licensing on 2.4G being signficantly cheaper than 5G.

Critical 5GHz patents have started expiring over the last 12 months and the latest generation of processors are coming down in price

(Fun stuff: Tasmota, etc)

the IoT SoCs themselves are IP agnostic and will happily do IPv4 or IPv6, but the standardised arduino toolkiits are the limit: https://github.com/esp8266/Arduino/issues/638

wrt porn sites

Offering "premium porn services" on IPv6 only would likely result in people bugging their ISPs heavily even though they won't ADMIT why they want it

(When I was a callow youth working in a video rental store, nobody ever admitted hiring the porno movies and the people hiring most of them are not the ones you'd expect. Quite why apparently normal middle age women seem to get off on hardcore gay male porn is something that puzzles me to this day when the "lesbian porn" everyone made the most noise about was hardly hired by anyone)

Re: What has it got in its pocketses?

"It means that one third of the people hitting Google do so from TCP (...or UDP...) connections that have a v6 source address."

It would probably be more if it wasn't for the number of mobile providers who shoehorn LTE (which is IPv6) through CGNAT gateways to connect to the world using IPv4 instead of letting them run IPv6 natively

Yes, really

https://www.google.com/intl/en/ipv6/statistics.html#tab=ipv6-adoption - shows that in the 4 months since this article was published, IPv6 access proportion has increased from 31 to 33%

The bigger problem at the moment is ISPs who won't provide IPv6 automatically to users (even "by request" is an impediment), or refuse to provide IPv6 at all.

Re: What has it got in its pocketses?

"From memory, I'm not aware of having spend time on any of these in the last 30 years that could be wholly attributable to the continued usage of IPv4."

I've had to deal with it at least a dozen times. Particularly in the early days when people would pull IP numbers out of their arses for networks that "would never connect to the internet", and then a few years later discovered they needed to do exactly that.

Explaining to dickhead "CTOs" that "no, you haven't been hacked by Rutgers university, their names are showing up in your logs because YOU ARE USING IP NUMBERS INTERNALLY WHICH BELONG TO THEM" an then getting a response "How do we keep all these rutgers hackers out of our network" is enough to make you tear your hair out

- especially when the response "Get IP numbers of your own allocated, use those and stop trying to steal other people's allocations" would be met with "OH NOES, WE CAN'T DO THAAAAT, IT'S TOOO HAAARD TO RENUMBERRRRRR OUR INTERNAL NETWORRRRRK. WE WANT YOU TO FIX THIS!"

I can see at least 2 people in this thread I've had exactly this discussion with in the 1990s now claiming that IPv6 is too hard because "renumberring is too hard, Waaaaah!"

Re: Not be simple

"I have NO idea what I'm talking about from this point on. "

Yup and then you absolutely went there and proved it

Re: Hostnames

"the NAT/firewall provides some level of security for poorly configured/secured devices on the home network"

Again: NAT pioneer here - NAT PROVIDES NO SECURITY and we saw shitloads of NAT customers get compromised via various means before firewalls and router security became the norm.

Do NOT conflate firewalling and NAT. The fact that you think over-the-counter consumer IPv6 routers don't provide firewalling and network security shows how seriously out of touch with the real world you actually are.

Virtually all of them mirror network security settings at IPv4 and IPv6 as well as completely preventing external IPv6 from touching internal IPv6 systems unless holes are specifically opened

Go back to playing with your unicorns and let the competent people deal with network issues because anyone taking your advice is going to be royally PWNED

Re: Not be simple

2001:0db8:85a3::8a2e:0370:7334.

IT IS (almost) A HUMAN UNREADABLE MESS.

really? as humanly unreadable as 32.1.13.184.133.163.0.0.0.0.138.46.3.112.115.32 ?

which is what it would be using the classic notation you started with - and skipped over just how unreadable it really is

(Hint, that looks disgustingly like X.400 (or SNMP MIBS) which everyone HATED due to its cumbersome nature)

Humans are really bad at handling more than about 6-8 digits at once. This is WHY the CCITT standards attempt to limit phone numbers to 11 digits AND break them into groups

We don't stack up every phone number in any country in sequential access and UNLIKE phone numbers, it's bloody hard to add extra digits later (it's bloody hard in side the phone number routing systems to add extra digits too, which is why country/area/district/local codes have fixed lengths despite what humans might see)

In the case above, if you were to compare this with telephone codes

2001:0db8:85a3::8a2e:0370:7334.

2001:0db8 = +44

85a3:0:0 = 20

0:0 = 8

0370 = 128

7334 = 4567

I'm sure you'd rather have +44-20-8128-4567 and be able to tell at a glance that it's in outer london UK than to have to dial 606084237921354623 for your neighbour on one side and 8272904627629921 for the neighbour on the other side every time you pick up the phone

IPv6 IS CREATED FOR EFFICIENT PACKET ROUTING, not about stuffing as many IP addresses as possible into the available space.

Anyone who fails to realise that falls into the same trap that turned IPv4 from a packet routing system into a tangled address mess and is responsible for the clusterfuckage of allocations we now see where companies are paying stupid money to get IP addresses

And if you're in east/SE asia, there are countries like Vietnam with a single /22 allocated for THE ENTIRE COUNTRY - NAT works "okish" for a couple of machines behind a modem, but not for several MILLION people behind each IP

Re: That's pretty much all it does

>NAT: it ain't a kludge, it's a vital security tool.

>> NO! NAT is an abomination. The very concept of NAT breaks so many protocols in unnecessary ways.

I'm one of the people who PIONEERED the use of NAT in enduser networks and this assessment of NAT is 100% correct.

We knew and discussed its shortcomings then. It was a kludge rolled out with intention to solve a very limited range of problems and it's been beaten into an eldrich horror over time.

We even tested multiple levels of NAT ans realised it was an utter clucsterfuck. Whoever came up with CGNAT needs to be flayed - alive and slowly.

Re: That's pretty much all it does

"perhaps you should look at the people who insist there's a way to make v4 somehow be forwards-compatible with bigger addresses without making any changes to v4 or any v4 devices. "

These are of course the same kinds of people who believe in Mauve Unicorns in Sunlit Uplands and Empire 2.0

Arguing with religious zealotry against IPv6 is on par with playing chess with a pigeon. The pigeon puffs its chest out, knocks all the pieces over shits all over the board and struts around as if it's won

Re: That's pretty much all it does

"IPV4 with two more octets would have met the need for more space admirably"

Which completely misses the point that IP addressing is part of a routing/addressing protocol, NOT a series of pigeonholes

2 octets would require exactly as much pain and suffering in redeployment as 48 or 64 or 96, so do it once and do it RIGHT

Virtually all the arguments about not deploying IPv6 boil down to "Ohhhh noes, It's too haaaaaaaard, I don't want to understand itttttttt, You're being meaaaannnn to meeee!!! WAAAAAH"

And the irony is that virtually every single whinger came along to the Internet long _AFTER_ IPv6 was developed

Re: How many IP addresses do we actually need?

"That's of the order of 10,000 addresses for every person living on the planet. That would surely be an adequate number of them."

"640kB ought to be enough for everyone - we're only using 64kB now!"

"Oh look, if we give every building in town a sequential number as they're built, we can write it all out in one line!" (incidentally this IS how buildings are addressed in Japan and it makes for merry hell trying to find anything when walking down the streets)

IP addressing gives LOCATION and ROUTING details as well as a unique address.

I cannot emphasis this enough: IPv4 IS MEANT TO BE SPARSE - all Internet addressing is - because it's supposed to be a red/black style routing table

The sparseness of IPv6 is careful and deliberate. It's a feature, not a drawback. Think of it as street addressing, not a series of pigeonholes

The tradeoff is vastly reduced computational load on routers across the Internet. It turns out that numbers and sparseness is something that computers are good at and who cares if www.google.com is 216.58.204.4 or 2a00:1450:4009:806::2004? You don't go to site by IP address anyway

Re: IPv6 isn't a very good solution?

"except broadcast is removed in favor of multicast"

With very good reason. Broadcast packets caused _EVERYTHING_ on the lan to have to stop and listen

That's why NetBEUI only works ok when there are only 10 or fewer machines on the network. Back in the day you could SEE when someone else was doing file transfers as your desktop would slow to a crawl as the computer processed and dumped the wire broadcast packets

Re: IPv6 isn't a very good solution?

" Ipv4.1 would be a lesser rewrite."

Until it isn't - and the rewrite is not the issue as you need to do that anyway.

IPv6 is "IPv4 expanded" at its core. The extra features are all optional despite the whingers claiming otherwise

The Elephant int he room is that it doesn't matter HOW large the address space is, moving off IPv4 requires dual stacking and transition periods.

Doing it only ONCE is preferable to having to look at having to repeat the process every 15 years or less

FWIW

1: IPv4 was GOING to use 128bit addressing until Vint Cerf was browbeaten into using 32 bits as IPv4 was a kludge solution only intended to be used for 5 years in a population of a few hundred machines

2: IPv4 is actually a ROUTING protocol. The first 2 octets were intended to indicate site and department, in a red/black tree type manner (in a manner akin to "country, city, district, street address", A.B.C.D was "A=site, B=department, C=subdepartment, D=address)

Because it was sparse, when a "shortage" loomed in the late 1980s, extra address space was able to be shoehorned out of it by throwing out the routing intentions but it quickly turned into spaghetti-infused custard

3: IPv6 restores that routing protocol and means you can (mostly) get rid of most of the messy shit of OSPF/BGP/EIGRP, etc etc etc. In the core of the Internet this is hugely important as IPv4 routing granularity has had to be pruned down simply to stop routers shitting themselves - and that means that if you have a portable /24, you tend to find it's not portable at all due to the smallest prefix being accepted at most BGP4 tier1 interfaces being /18 - it also means you find your /24's traffic being routed over paths you weren't expecting, subjected to arbitrary interference by non-contracted parties

IPv6 still uses 16 bit ports at host level

Any arguments about NAT providing enduser security are proof that the poster is still of shit and has no idea what they're talking about. These fuckwits are the same kinds of twats who think multiple levels of NAT or CGNAT are a good idea

I'm one of the people who pioneered enduser dialup NAT back in the very early 1990s.

Security wasn't even a consideration when it was rolled out - all we were looking for was a way of being able to support multiple users on the end of a modem without having to play complex/expensive routing games on the dialup server (most of which would provide a single IP - ONLY - in any case)

In my case the main motivating factor (in a university town) was enabling student flats to put a bunch of people through one connection and not have 4 people tying up 4 different lines most of the evening.

The customers loved it because they could pool costs and not pay for 4-6 analogue phone lines into their flats, or avoid fighting over whose turn it was to use the modem line.

Yes, it was a kludge - with a very specific purpose. It's been used and abused out of all recognisable shape since then and if we'd had any idea at the time of the clusterfuckage we were unleashing we'd have burned the idea at midnight whilst summoning eldrich gods to deal with further deployments

Re: Why Huawei?

"There's then further accusations that they're at risk of being pressured to put security backdoors in networking kit in everyone's telecoms system."

Unlike say, Cisco, who've been SHOWN to have done so?

And let's not forget operation Ivy Bells, the USN Submarine Jimmy Carter or room 641A

Feel free to look them up. :)

Re: Nice people, disgusting government

"a large majority of them believe a war between them and the U.S. to be inevitable "

Most of then believe that the USA will be tossing the first nukes too, as it tosses its toys out of the pram in a last big temper tantrum

Re: Nice people, disgusting government

"Unlike in the West many Chinese see an attack on their government as an attack on both them and their country."

Funnily enough, Brexiters take it about as personally, as do most religious zealots when their belifes are challenged

Nationalism wasn't even an issue in China until after Tianiamen square, It's been stoked up by the government as part of their policies.

Nationalism and the rise of right wing politics in other parts of the world go hand in hand with economic downturns

Re: Nice people, disgusting government

"That's not a description in any way applicable to the Chinese Communist Party,"

I deal with a lot of chinese academics.

The PLA moles are dead obvious, but they're also clearly there to spy on the other chinese.

Re: Build a better mousetrap....

"And the US will «ban» and «sanction» you...."

Yup, even if you happen to be American and the creator of the original crude prototype mousetrap

Look at the treatment of Alvin Weinberg and the Molten Salt Nuclear Reactor Experiment at Oak Ridge - we could have had nuclear power several hundred times safer than it is now (Fukushima, Chernobyl, TMI, SL1, the Nuclear Ouchie, and the near miss at Diablo Canyon would have been impossble with this design), that's NOT dependant on the weapons industry(*) and would have been about 1/10 the cost to run, plus producing vastly less than 1% of the long term waste (which only needs 350 years and it's less radioactive than new LWR fuel!)

(*) U235 is a waste product of nuclear weapons production. The real weapons material is the depleted uranium as this is what's transmuted to plutonium for bombs or used directly as bomb casings to make the "boom go BOOM-BOOM". All the protesters around civil nuke plants and reprocessing sites miss the point that the real weapons stuff is nowhere near where they're protesting and the stuff they're protesting can never become weapons

"Was told earlier this year "no we can't supply firewalls in NZ" - errrrr ok......."

I'm running into the same problem updating my WACs, now casting about for something which can control several hundred WAPs so I don't have to rip/replace £200k of kit

Re: So, how was it that

"Huawei is China's version of Bell Labs. Back in the day Bell Labs and its manufacturing affiliate, Western Electric, dominated telecommunications with both basic research and product development. "

The difference is that Bell Labs existed as part of the 1930s antitrust settlements with the FTC and was legally obligated to exist

The "breakup of AT&T" has resulted in a reconsolidation of the aomeba into 2 parts (west/east of the mississippi) so that the FTC can't touch it, without the pesky "universal service for all" and R&D obligations which it can simply buy in like it used to prior to 1926

Re: So, how was it that

"But if Huawei gained access to our Tea growing secrets "

Those would be the tea growing secrets Britain stole (badly) from China ~275 years ago?

Re: Not so fast

" If you are snapping together phones at a Foxconn factory this may not be the case, but tech-workers are well paid"

Actually they're better paid than their brethren in the UK or USA - which you unknowingly make clear with the sentence:

"many Chinese producers are outsourcing work to places like Indonesia to save money. Foxconn is moving work to India."

One of the reasons China's heavily investing in automation systems is because the cost of labour around Shenzhen has been higher than in western countries for nearly a decade. Where Shenzhen wins is LOGISTICS and agility - they understand customer service and the importance of an intangible called "goodwill" in ways that MBAs and accountants fixated on maximising short term profits do not

Incidentally, one of Huawei UK's biggest hurdles to sales over the last 5 years has been "Huawei UK" - the chinese made the mistake of employing traditional British sales and management staff who've quite effectively screwed the pooch in terms of goodwill

Re: Not so fast

"The universal "Made in PRC" label on the bottom of anything in the shops is a massive failure of trade and industry policy,"

It's rather ironic that the world champions and pushers of global free trade are whining about the successes of global free trade

Any failures are entirely self inflicted, not China's fault - the list of UK trade and industry screwups (usually government directed) would fill several pages

Reading Neville Shute's "Slide Rule" autobiography might give an idea just HOW badly the UK government has been cocking things up every time it attempted to exert control as well as how UK rigidly hierarchical management structures led directly to things like the Comet disasters (no, it wasn't the windows. The real cause is more complicated and the windows were a convenient "out" to avoid people facing personal criminal liabilities)

Re: Not so fast

"forcing companies that want to do business in China to license their IP to Chinese companies"

The USA has been doing THAT for decades longer than china, as well as encouraging state-sponsored IP theft for over 200 years

Re: Not so fast

"The UK has this rather arrogant notion that its doing everyone a favor by allowing them to sell products to them. "

It also expects everyone to fawn all over them because they're British

Funnily enough that was China's attitude about 200 years ago, just before "the century of humilation" started

Re: The Phantom Devil Comes Out to Play for Saints and Sinners :-) in CHAOS*

ghods, I was expecting that date to be 1999 and it to be Robert McNamara

in such cases, paying out the guilty is frequently cheaper than paying off the legal claims of the innocent

it's all about money in the end. Companies take the expedient path, not the "right" one

Re: Static

"(³) I also remember paying £2k for a 1GB 12" Winchester drive circa 1986/7."

More likely to have been 100Mb. 1GB 5.25" drives were $2000 in late 1994

Re: Confessions of a bolt cutter

> object-orientated magic pixies

Beware of pictsies, they fixate on objects like sheep