Posts by Charles 9

Re: Sure, it'll beat outsourcers

"Huge problems for the AI...no problem for humans. The task is so simple, its usually the kind of work people would often hand to interns/new hires to see how they do. I bet by the time most programmers read through the specification of this really simple task, they already have at least a half-formed idea how to do it."

Even for The New Guy who doesn't yet understand all the meanings behind the meanings? That's where machine-generated code stands right now. This is more school-grade problems, whst I used to read in things like The Great Computer Challenge.

Re: Its an alternative to doing anything useful

Don't you have a similar quote east of the pond? Something along the lines of "He may be a bastard, but he's my bastard"?

Re: fundamental misunderstandings of IPv4 and v6

"Packing 1 billion devices into IP v4 space (let alone the current 8-12 billion) was a classic illustraion of the phrase "Just because you CAN, doesn't mean you SHOULD""

I'm reminded of another phrase: "If you build it, they will come." You see it all the time with roads. Especially for something available to the public, it seems no matter how much capacity one adds, the public finds a way to use it up. It's a mug's game, really. Limits are needed, but no one likes them.

Re: Won't happen in my lifetime

To elaborate, ALL the NAT part of the stack does is translate packets as to their sources and destinations. Outgoing packets get rewritten as coming from the Internet-facing port, and incoming packets gets rewritten as going to one of an internal host according to its internal rules; if could be from an existing outgoing connection or towards a port with a known rule. If it happens to receive a packet directed to an internal address already, it wouldn't have a rule in place to change it, so would pass it along unchanged.

Everything you attribute to the NAT about dropping packets and so on happens at the firewall, which is deeper in the stack versus the NAT. It's the firewall that would receive a packet with an internal IP destination (it probably wouldn't come from the greater Internet since it's likely to get dropped as invalid, but the ISP itself would have nothing between it and you), not recognize it as part of an existing connection, and drop it. And the reason this works is because the firewall can keep track of the connections in progress (thanks to things like forwarding rules).

Re: Won't happen in my lifetime

"Oh. Wait. Both T-Mobile and AT&T have problems with VPNs, including Apple's Private Relay and Cloudflare's 1.1.1.1."

That's weird. Because I use T-Mobile, and I have no trouble connecting to VPNs. I use OpenVPN and connect to servers I personally set up and obtained the necessary configurations. The only times I have trouble getting through are (a) network trouble, which is outside the scope of OpenVPN, and (b) forgetting to turn off Blokada first (since it has to use the VPN interface to work).

Re: "I don't always need to look up the address of a bit of kit I need to contact"

You the other reason to make the address space so huge: sparse routing, which helps speed up turnover time when it comes to routing. One reason IPv4 routing is becoming such a pain is because you can't use geographic or tree-based routing optimization since two nearby IPv4 addresses may not correspond physically. With IPv6 having up to 64 bits in the front half to work with, they can split things more finely and still be able to do optimal binary routing searches. Wouldn't you like a little less lag in your Internet?

Re: Won't happen in my lifetime

Perhaps not now, but even you'll either be dragged kicking and screaming or you'll probably come back swearing and shooting. Think overlay area codes and ten-digit dialing. It's coming whether I like it or not. At some point, some next big thing will discover itself unable to get a foot in the proverbial door because the incumbents hog all the IPv4 like digital Scrooges. Do you really want to trust the future of the Internet to the incumbent Scrooges?

Re: Won't happen in my lifetime

Sounds to me like your best solution in this case would be to buy a cheap WiFi hotspot (secondhand, maybe) and just never hook up the WAN end of it. That would make it just about physically impossible for things you don't want to see the Internet to see the Internet. At that point, you wouldn't really care what version of IP is running as you'll have truly isolated those devices. Anything that requires phoning home, you're probably much better off replacing it with something that doesn't do it. If that's not an option, you can always go without; it's pick-your-poison time.

And before you demand that your devices be able to see the Internet without the Internet being able to see it, the answer is increasingly going to be, "No way; price of admission." So it's either going to be bend over or throw up your arms and go, "Stop the Internet! I wanna get off!"

Re: Won't happen in my lifetime @charles 9

That means the device requires phoning home just to work. In which case, it's going to fall on you to decide whether or not to use the device on your home network because it's likely going to tie any kind of telemetrics to its basic use. A savvier user would replace such a device with something else.

Re: Won't happen in my lifetime

That's against RFC1918, which implies the ISP has gone rogue. In which case, as said before, you have bigger problems.

Re: Won't happen in my lifetime

And in case you're wondering about IoT and other "creep factor" devices phoning home, locate and relegate those devices to a subnet of your choice (with a /64 to work with in most cases, it should be easy) and then just make a firewall rule to reject outgoing connections from that subnet.

Re: People do not want it

"Not quite. The router has to check the NAT table to see if the dst header on an incoming packet needs rewriting. If it does, it's rewritten, otherwise it's not rewritten. Actually routing the packet is done separately, by the not NAT parts of the router."

I think the bigger question being overlooked is, "How does a packet with a RFC1918 destination address get to your router from the outside in the first place?" Under RFC1918, if the ISP gets a packet with that address, it's supposed to have a rule to drop it, meaning it doesn't send it on to your home router, meaning the home router never sees it. Furthermore, given the destination address is not intended for public use, how would the ISP know where to send this packet if most of its customers are using such addresses for their internal use? It'd be like the postman getting a card address to house #10 with no street designation. There are only two ways in from where I sit. Either the ISP lets it go through, knowing which one of its customers is the intended target (meaning the ISP is rogue), or the packet got injected somewhere between the ISP and the home router, implying an Evil Tech. Either way, you have bigger problems at that point.

Going further, what needs to be understood is that the NAT part of the network stack and the Firewall part of the network stack are two distinct components. Think the UNIX philosophy: each of them only does ONE thing. Basically, the NAT only performs translations. It keeps tabs and so on, but only for that, while the firewall keeps its own rules for accepting and rejecting packets it gets. Thing is, outgoing packets get sent to the NAT if sent to something like the FORWARD rule, whereas incoming packets had been massaged by the NAT beforehand. Sometimes they're rolled into the same thing, but for the sake of the argument, think of them like two different things...especially since each one could be interchanged with different components.

Re: Won't happen in my lifetime

"IPv6 puts every IP live on the Internet. So how do you put locks on the router so that you prevent that? Seriously. That's a major reason why I don't put IPv6 on my net."

They still have to go through your router, don't they? The router still has a firewall on it, doesn't it? Even for IPv6?

It's just like with your house. Lock the front door. Now how do they get through to your stuff?

Re: Won't happen in my lifetime

"Forgive my ignorance, but can anyone explain why isn't it written with leading zeroes, i.e. 2001:0db8:0100:0022::/64? It would make it much more regular to read..."

Actually, there's nothing stopping you. Just that for most people, leading zeroes are harder to read, not easier. Maybe you routinely read your addresses with a monospaced font so read for alignment. Anyway, your suggestion is actually perfectly valid, as is entering the address in decimal octet format.

"My car exhaust is roughly at ankle height to a full adult. As are the vast majority of vehicle exhausts. Any toddler capable of walking is going to have it's face well above that exhaust."

They also come out hot so tend to rise...right to the height of a child's face, which is pretty damn common in neighborhood streets. Heck, in crowded city streets, enough hot exhaust allows it to get up to the height of an adult human's face. Thus the frequent complaints of smog.

Re: California roll

The US Stop sign is octagonal (eight-sided). The general thought is that the more sides and more angles a sign, the more urgent the message. The only signs more urgent than stops are round (infinite-sided) signs, usually for things like railroad crossings.

Re: California roll

All-Way Stops (this includes three-way stops at a T intersection) can occur where two roads of equal footing (like two neighborhood streets) intersect, so neither one can claim primacy, and there's been a demonstrated risk of accidents (either auto/auto or auto/ped) requiring a forced stop. It may also be necessary if there's no room for something like a roundabout (say a city intersection that's already fully built-up) or where pedestrian traffic is being encouraged (like a downtown intersection--cars must also yield to pedestrians at a stop sign).

"Thankfully, most humans can detect very, very slight movement in their peripheral vision, making your point rather pointless in this context."

There's a huge difference between detecting motion and actually being able to identify and track the same motion, especially against a backdrop of additional motion all around it. The hardest place to find a needle isn't a haystack, after all, but within a bunch of other needles; that's why it was always so hard to find Waldo/Wally.

Re: Rule following isn't always practical

It's like the two-second rule. That necessitates a gap longer than a car length if it's anything faster than ~1.5m/sec. Thing is, any gap longer than a car length invites a car to pull into the gap, so you can't win.

Re: One doesn't imply the other

Was the ASCII character set actually around when Adams wrote that bit? Which came first? The answer 42 or the ASCII 42?

Re: Watson

"Watson was no fool, he was tough as nails, intelligent, a good shot, flexible and mentally agile enough that he could put up with weirdness out of Holmes, and was a very good physician"

Good enough that Holmes had to be sure to have Watson keep his distance from him when feigning illness (in The Adventure of the Dying Detective)...or Watson would've caught on and spoiled the attempt to nail a real poisoner.

Re: elevator I say it's plausible

Wear and tear. Elevator cars tend to run for decades. They'll probably get bumped, jostled, dinged. As for the teeth, think Murphy. It may not tilt off plump right away, plus the teeth or the corner could have flaws (the corner could be dented so it doesn't catch clean or the tooth has a metallurgic flaw that creates a weak point that allows it to snap).

Re: This all happens locally within your browser

And if it turns out to be government website or some other site where no substitution is possible (and yes, they do exist)?

Re: FFS

"Honesty is one thing the advertising branch does practice. They would expose their creepiness if they did and nearly everybody would run away fast."

Are you sure about that? What if people heard the unvarnished truth AND EMBRACED IT? Sort of like the praise someone got for bragging he could shoot someone in broad daylight and not get in trouble...

Re: Powerline?

I sure would like to know. My home is owned, but multi-story and old, so there's no easy way to cross floors other to run outside, making certain rooms downstairs nigh-inaccessible (no outside walls). Also because it's old, some of the walls have radio-attenuating materials (they're also load-bearing so can't be easily replaced). It creates some distinct not-spots in the house that have no easy solutions.

Just saying there are plausible scenarios where neither solution is practical.

Re: Powerline?

Doesn't powerline LAN have its own sniffing issues, especially in communal settings like apartment buildings?

Anyway, I recognize that both wired and wierless Internet has its uses. Some people, for example, have to use portable devices or aren't allowed to wire up for one reason or another (usually tenant restrictions). Others, as noted, have radio-restrictive layouts.

What I'd like to see is a solution for someone who has both at once: they can't use wireless, AND they're not allowed to wire up. Maybe worse, their power lines aren't well suited for a powerline-based setup, either.

Re: Welcome to MUMSnet

What truth? Class or no class, it's assuming a /24. Anything beyond that calls for more technical, more expensive equipment. If a router is assuming a /24, isn't it correct to reserve the .0 and .255 for the network and broadcast descriptors, yes or no?

Re: Welcome to MUMSnet

Thing is, RFC1918 still depends on the classful system, as the private allocations are explicitly classful: Class A (10.), Class B (172.16 thru 172.31), and Class C (192.168.). So any router doing NAT over an assumed Class C private network will assume the .0 and .255 (all 0s and all 1s on the host part, respectively) can't be used due to them being the network and broadcast identifiers, respectively.

Re: Welcome to MUMSnet

It's considered nonstandard by the address class system set up with IPv4, which normally enforces the subnet split at the octet (class A at the first octet, class B at the second octet, and class C at the third). Resorting to nonstandard conventions points to there being a problem (or as I would put it, barrel-scraping).

Re: Welcome to MUMSnet

.0 and .255 are reserved in the standard. .0 describes the subnet and is crucial for bindings and listening rules (bind to 192.168.1.0, etc.). .255 is the broadcast address intended to send a packet to all members of the subnet.

Re: That old chestnut

"There are solutions:

A&A L2TP VPN

Draytek VPN Matcher"

Both of those solutions require a third party. Do you really want to trust your connection like that?

Re: That old chestnut

The overall point is that CGNAT forced through address exhaustion is breaking endpoint visibility, which is critical to various Internet activities. It's not a matter of whether you want to or not, many are increasingly not even being given the option, which makes them beholden to gatekeepers you may not want to trust (Google, Facebook, untrustworthy ISPs, etc.). With some 4 billion hosts out there, there simply isn't enough space in 32 bits anymore. That's all IPv4 provides, no ifs, ands, or buts, especially for legacy/EOL hardware. The most basic gist of IPv6 is to at least allow for this again. Turn it down if you want, but at least have the ability.

Some people just have a poor head for stuff like that, though. They have a hard time remembering a ten-digit telephone number, and the 12 (at most) digits of an IPv4 address is a real stretch. Now lengthen it and throw some letters into it and it all becomes alphabet soup in their heads.

Now was that "correcthorsebatterystaple" or "donkeyenginepaperclipwrong"? That kind of confusion.

Re: That old chestnut

Ever thought about things like the Ping of Death? Do you really want to be pwned by a push?

Re: Another (posssibly uninformed) view........

Clients should keep a live link to central control, much like the telephone system depends on a live wire. This is especially important if the client keeps moving and jumping neyworks. Only it can keep the server informed of its current position.