* Posts by Neil Alexander

282 posts • joined 19 Oct 2007

Page:

OK, this time it's for real: The last available IPv4 address block has gone

Neil Alexander

Re: Compatibility

"I, for example, want to know if two addresses are the same. With IPv4 I look at them, do strcmp or simple 32 bit integer arithmetic; with IPv6 I have do do a massively complex normalisation step first then line them up on paper and use my fingers."

Computationally, strcmp is, and always has been, the wrong way to do this. What if I decide to throw some leading zeroes into an octet, i.e. 010 instead of 10?

The correct answer, as it always has been, is to use inet_pton (or the equivalent in your favourite language) and compare the two addresses in binary form. That's just as true in IPv4 as it is in IPv6.

As for the human element, well in IPv4 you already remove trailing zeroes in your head from each octet and you can continue doing that for each quad in IPv6. As for address expansion, well that's hardly rocket science either.

None of this is actually difficult, you're just not used to it. You will get used to it. It just takes a little bit of time.

12
2

UK digi minister Hancock suggests Facebook and pals give your kids a time-out

Neil Alexander

"For an adult I wouldn’t want to restrict the amount of time you are on a platform but for different ages it might be right to have different time cut-offs"

I think these days schools are making much more of an effort to teach children about online dangers and social media, and perhaps it's even working! On the other hand, adults seem to be too busy trying to climb the ladder in a global popularity contest to care.

I deleted my Facebook account over two years ago now and my primary motivation for doing so was that my adult "friends" are completely and utterly insufferable on social media. I feel like a lot of the "think of the children" attitude is just projecting.

11
2

Take SNAT, says Microsoft, to improve Azure load balancing

Neil Alexander

"Source Network Address Translation is a special sauce that allocates IP port numbers"

For correctness, port numbers are a TCP/UDP construct, not an IP one. Also SNAT translates the source IP address (and optionally a TCP/UDP port) but to say that it is "allocating" anything by itself is misleading. Azure allocates port numbers on an Azure load balancer irrespective of SNAT.

"In the TCP/IP stack, the “port” is an addressing field in the header that identifies a host (because incoming traffic is addressed to the router, not the server) and the protocol"

The port doesn't identify a host at all - the port identifies a service. It is the job of the load balancer to forward traffic it receives on a given port onto one of a pool of servers configured to provide that service.

12
0

Windows slithers on to Arm, legless?

Neil Alexander

"Then why the push for ARM on servers? Servers are probably one of the areas of computing that happens to be MORE demanding than gamers"

The workloads we put onto servers are often quite different to those of gamers.

To use a web or application server as an example, the majority of the work is being done using non-complex CPU instructions, the workload is mostly repetitive and, more often than not, is not architecture-specific. For this kind of work, ARM chips are fine - you can take comparatively inexpensive ARM hardware and ramp up the density hugely without consuming much more electricity and that's fine for generic server workloads. That's exactly what HP did with the Moonshot systems.

A lot of computer games aren't general-purpose compute applications. They are far more sensitive to architecture-specific optimisations and countless extended CPU instructions, not to mention memory bandwidth, bus speeds, etc.

Maybe Sony or Microsoft will start building consoles with ARM chips, but that doesn't bring us any closer to a "one-size-fits-all" ARM machine. They're going to have to make big changes and compromises to squeeze out the kind of performance they will want or need. We will just end up with high-powered-power-sucking-ARM vs low-powered-battery-sipping-ARM.

Sounds familiar - ah yes, Xeon vs Atom.

3
0
Neil Alexander

"No, YOU'RE missing the point. Crysis is the benchmark for a VERY popular and VERY demanding program. There are lots of people, myself included, who have no choice but to stick to Windows because lots of applications are ONLY for Windows. That includes a LOT of demanding applications, of which there are plenty, too: probably more then the power-sippers. Indeed, there are probably plenty of intersects: people who want power-sipping at points and performance at others, all from the same device. Everyone wants everything yesterday, and they expect results."

Sure, there's a whole demographic of gamers and power users out there and truthfully they are probably not going to be well-served by Windows on ARM. If you need to run demanding Intel-targeted applications that only run on Windows then obviously you would be better with a Windows machine running natively on Intel instead of a low-power-resource-constrained-Windows-on-ARM-emulating-Intel machine. Why would you think otherwise?

The point of Windows on ARM is not to satisfy everyone. It isn't meant to be the perfect intersection - it's an entry point. It's to satisfy the people who want cheaper and more efficient and leaner mobile computers that Microsoft struggle to cater for. It's to satisfy the people who would quite likely otherwise go and buy an iPad. It's to satisfy the people who don't even know or care what Crysis is.

There is no device that is going to satisfy everyone. That's why gaming rigs exist in a wholly different category to ultra-portables. It's a pipe dream to think that's going to change anytime soon.

4
0
Neil Alexander

What you're referring to, effectively, is ARM's big.LITTLE architecture (and the various other equivalents). That's already in today's smartphones and tablets, shifting workloads between low-power and high-power cores and powering down unused cores when not needed.

For a lot of people, that kind of architecture would work perfectly well and that's a big part of how we would get better standby times whilst remaining connected. It also means that time spent staring at an article or email isn't using up power on more expensive cores when it isn't needed.

What it really needs is the support of developers to actually support the target architecture to get native execution performance rather than just lazily expect that the emulation layer will take care of it for you and then blaming the architecture when it doesn't perform as well as you want. That's the hard part.

7
0
Neil Alexander

You're missing the point. It's not about being able to run Crysis. It's more about all the people who don't want to run Crysis.

It's about the people who value portability and battery life over processing power, of which there are plenty.

15
2

Paging all Microsoft System Center users: Your treadmill is here

Neil Alexander

It's difficult to get excited about System Center updates because they seldom fix any of the infuriating and long-lived bugs.

Virtual Machine Manager still occasionally corrupts the cluster configuration of a VM and seemingly is unable to recover itself. It still doesn't configure logical switches gracefully on Hyper-V hosts when the management connection is on an affected NIC and is briefly interrupted. You still can't remove/delete a vCenter connection from SCVMM after the vCenter has gone offline! Live Migration might work if the planets are correctly aligned, but running software update remediation on a cluster will inevitably grind to a halt after a single virtual machine is unwilling to migrate for some reason. Speaking of which, if Live Migration decides to not use storage offloading (which also happens at random) then you could be waiting for a very long time for BITS to slowly trickle the virtual machine across even on a 10GbE link. Not to mention the fact that storage offloading also only works between the VMM library and the cluster shared volumes/datastores within a single cluster and not across multiple.

The amount of "unknown errors" or undocumented error codes that SCVMM throws up is outstanding. Come back, VMware. All is forgiven.

Configuration Manager still routinely breaks during upgrades, management points need reinstalling frequently when HTTPS is configured (seemingly it does strange things to IIS), Software Update Points are a complete and utter joke and I've still yet to see one even functioning. Machine and user policy retrieval can be incredibly slow on clients, and often without any feedback to the user or administrator whatsoever. Distribution points still won't always provide a boot image to a client for a specific architecture unless boot images for other unused architectures are present too. Computer accounts imported from heartbeat discovery also don't always seem to be recognised properly when a machine tries to PXE-boot (even when the MAC and SMBIOS GUID are correctly populated in the object).

Does anyone at Microsoft even use these products? I can't believe that these problems would still exist after all this time if they did.

3
0

WhitTVman to head mobile-first media platform

Neil Alexander

Some new things for her to dismantle!

7
0

PowerShell comes to MacOS and Linux. Oh and Windows too

Neil Alexander

Bash vs. PowerShell nitpicking aside - I've used PowerShell plenty at work on Windows platforms, and I'm a big fan of how it can be used to automate many processes with scriptable access to hardware and software configuration, the operating system environment, network setup, Active Directory, etc.

But all of these hooks are largely specific to Windows - it's not like I'm going to be able to bring a script that I wrote to do things on Windows and run it in PowerShell on macOS or Linux and expect to get the same results. In that case, why would I use it on non-Windows platforms when there are shells and tools for those platforms already available?

4
1

Self-driving cars still do not exist even if we think they do

Neil Alexander

Re: They kinda do and kinda don't

Or the car just decides to brake because the sun reflected off the wet road surface. Or the car just decides to brake just because it can.

I have driven thousands of miles on ACC in my Volvo, which uses a camera-radar sensor combination, and have never experienced either of these problems. Even if the camera vision is obscured by sunlight for some reason, the radar sensor wouldn't be.

3
0

Tired of despairing of Trump and Brexit? Why not despair about YouTube stars instead?

Neil Alexander

I don't get it.

Who really wants to spend time watching someone else playing games?!

13
1

Do you suffer from the shame of 'Scroll Jank'? Help is at your fingertips

Neil Alexander

It's 2017 and scrolling using a trackpad on Windows is still frustratingly awful, even on their so-called "Precision Trackpads" which are typically anything but.

Apple perfected trackpads a decade ago. What's the hold-up, Microsoft?

8
3

Another day, another cryptocurrency miner lurking in a Google Chrome extension

Neil Alexander

Re: As long as I am asked

"it is my CPU."

Try telling that to Intel!

4
0

Developers' timezone fail woke half of New Zealand

Neil Alexander

Re: *Would have been* valuable to residents

No, it isn't an app, it's a cell feature.

0
0

Docs ran a simulation of what would happen if really nasty malware hit a city's hospitals. RIP :(

Neil Alexander

I really hope you're not a CSO.

2
0

EU court must rule on legality of UK's mass surveillance – tribunal

Neil Alexander

Re: "safeguard national security"

Isn't that always the case?

22
0

The Telegraph has killed Prince Philip

Neil Alexander

It's like Hackers but in real life!

3
0

UK Parliament launches inquiry into NHS WannaCrypt outbreak

Neil Alexander

Well, an inquiry will be a complete waste of time and tax-payer funding.

We already know everything that an inquiry is going to tell us. We know that Windows XP is out of date, we know that patch management was insufficient, we know that appropriate control measures weren't in place, we know that management of NHS IT is inadequate and so is the money allocated to it. More to the point, we already know what steps need to be taken to resolve these issues.

What the NHS really needs is for someone to go out there and actually pull out their cheque book and invest properly.

2
1

Windows 10: Triumphs and tragedies from Microsoft Build

Neil Alexander

Re: Business users

"Linux and Libre Office is now a good bit better than Windows Workstation & office"

What on earth are you smoking? LibreOffice is nowhere near functional parity with Microsoft Office. Not even close.

28
16

Leaked: The UK's secret blueprint with telcos for mass spying on internet, phones – and backdoors

Neil Alexander

Re: @Steve Davies 3 - Goibg to Jail?

"Android rooting is your friend"

Deliberately circumventing platform security is not your "friend" and certainly shouldn't be the expectation that users have to get the functionality they want.

Send a message with your money, people. Don't buy crap phones.

1
0

TVs are now tablet computers without a touchscreen

Neil Alexander

Been pretty happy with my Apple TV 4 connected to an otherwise dumb television. It's simple to control, very usable, non-intrusive and Smart TV manufacturers really ought to learn a thing or two from it.

0
0

Bring it BACK... with MODs! Psion 5 storms great tech revival poll

Neil Alexander

Re: Bit pricey and it'll be a few more months until it's out but...

Try this instead:

https://www.indiegogo.com/projects/gpd-pocket-7-0-umpc-laptop-ubuntu-or-win-10-os-laptop--2#/

4
0

Global IPv4 address drought: Seriously, we're done now. We're done

Neil Alexander

Re: Address allocated but not live

"too hard for most home users."

On the contrary, it is very typical for ISP-provided (and even off-the-shelf) routers to be configured with default-deny for incoming connections. In that case, most home users would never need to change a thing.

For those that do go in and make uneducated changes to the firewall settings, well, you can't protect users from themselves even in IPv4 land.

1
3
Neil Alexander

Re: Address allocated but not live

"We want none of it inside our companies and homes. We are happy with or 10 and 172 addresses."

This is a really naive attitude and it is exactly this attitude (and ignorance) that makes the IPv6 transition so difficult.

Ignoring the really obvious problem of being expected to unnecessarily translate between IPv6 and IPv4 on your network boundaries, why are IPv4 private address ranges preferable? The answer is they aren't.

Even if you are hell-bent on your outdated thinking, you could use ULA address ranges in IPv6 for places that you do not want to be globally routable.

The correct tool for the job of controlling network traffic in and out of your network is a firewall. A device with a globally routable IPv6 address behind a correctly configured firewall is just as safe as a device with an internal IPv4 address behind a NAT configuration on a firewall.

Repeat after me: NAT is not a firewall. NAT does not provide security. NAT makes absolutely no guarantees.

"We have are comfortable with NAT"

No, globally, we're not comfortable with NAT.

NAT creates massive headaches and fundamentally pushes us towards service centralisation, as we are forever having to create applications that have to "call outbound" instead of being able to work in true peer-to-peer fashion. It makes even simple applications complicated as we have to constantly be concerned with NAT traversal, or UPnP, or NAT-PMP.

NAT is a hack. It was a hack when it was first implemented, and it's still a hack now. Unfortunately it's a hack that people are sadly attached to.

"OSPF, Vlans and tags."

None of this changes with IPv6 apart from an uplift to the OSPFv3 protocol. VLANs and tagging do not change - those are part of Layer 2, not Layer 3. Please see the OSI model.

"We DO NOT WANT an internet for every device."

This is not a problem with IPv6, but instead with your network topology. Put them on a VLAN that doesn't route to the Internet, or use a firewall to prevent traffic to/from them. There are correct tools for this job. Avoiding IPv6 forever is not.

"I do NOT want my LED light bulbs or my garage door on the internet, because I can not protect them."

See above statement.

3
5
Neil Alexander

Re: class D address space

"Why don't we use class D addresses ? It's not really used for multicast"

Most IP stacks have special behavior hard-coded for the "special" IP ranges, i.e. multicast, link-local, etc. It would be an absolutely mammoth task to make those address ranges globally routable.

5
0

Elon Musk joins anti-Trump legal brief

Neil Alexander

Re: Chilling

"in a National Security case"

So far there is no evidence that this is really anything to do with National Security. I would not be so quick to believe that Trump's intentions are actually aligned to his words. He is a businessman, after all.

16
6

Windows 10 networking bug derails Microsoft's own IPv6 rollout

Neil Alexander

"decided not to make this next-gen networking protocol backward-compatible?"

Because that's just not how it works. IPv6 quite rightly unifies a lot of things that were merely afterthoughts to IPv4, and cuts quite a lot of crap too.

Just because "we always did it that way" doesn't mean it's the best or most practical way of doing it.

2
1

Busted Windows 8, 10 update blamed for breaking Brits' DHCP

Neil Alexander

You're ignoring the simple fact that the conversation happening on the wire might actually be perfectly fine up to a point, it could just be that Windows is ignoring something in the response. Wireshark won't show you that.

1
3
Neil Alexander

Of course...

2
0

Renewed calls for Tesla to scrap Autopilot after number of crashes

Neil Alexander

Usually one can blame their stupidity on a different kind of autopilot. Certainly not all autopilot is of the technological variety. Just ask the morons who text whilst driving.

2
0

Sorry, iPhone fans – only Fandroids get Barclays' tap-to-withdraw

Neil Alexander

" Apple restricts the use of iPhones' NFC chips to its own Apple Pay facility and there's no hook-in that for third-party apps from banks or anyone else."

As far as I'm concerned this is a good thing. At least that way I know there's no leakage of payment data to some rogue application that makes use of an API vulnerability.

The real question here, though, is why Barclays have had to implement some custom app-powered NFC hook to get this to work when existing NFC payment infrastructure would handle this use case perfectly?

3
0

IPv4 is OVER. Really. So quit relying on it in new protocols, sheesh

Neil Alexander

In reality, this is massively overdue.

IPv6 is in it's late teens, IPv4 address exhaustion has been on the table for years and is hardly recent news and it's not acceptable for so-called "standards bodies" to just sit back and pretend like nothing is happening.

The IETF should have been rejecting drafts that were dependent on IPv4 long before now. If anything is going to drive IPv6 adoption, it's real-world use cases - that is, protocols and services that actually work, are well-defined and solve real problems.

19
1

A British phone you're not embarrassed to carry? You heard that right

Neil Alexander

"WileyFox"

Not strong on names, are they?

0
9

WebAssembly: Finally something everyone agrees on – websites running C/C++ code

Neil Alexander

Never will understand this constant desire by developers to make applications as web pages instead of applications as applications. The user experience delivered by web applications usually sucks.

9
2

Hackintoshes hackable

Neil Alexander

"Mac OS is notoriously hard to virtualise, and creating a Mac OS VM that will run on non-Apple hardware requires all manner of tweaking"

No it isn't. You can do it effortlessly in VMware Fusion, and then you can even take those VMDKs/VMXs and take them to VMware Workstation on Windows, or even ESXi, and often they work fine with only very minor tweaks to the SMBIOS lines in the VMX file.

1
1

Tesla's big news today:
sudo killall -9 Autopilot

Neil Alexander

Re: "...and a more powerful computer."

"Do 'A.I.' cars realized when an unexpected crash has occurred?"

Non-AI cars know when they've been crashed. How do you think airbags are deployed?

Also see Volvo pedestrian airbags, which deploy even if a human is hit without the front-end being damaged or crumpled.

5
1

Mercedes answers autonomous car moral dilemma: Yeah, we'll just run over pedestrians

Neil Alexander

Sure does depend on the situation. After all, dinging the car is one thing. Writing off the people inside of it is another.

Not all external players are pedestrians or cyclists, though. Some of them are in HGVs or trucks. Some of them are idiots in Range Rovers who think they're indestructible.

26
3
Neil Alexander

Not sure this approach of protecting the occupants of the vehicle is so unusual. The autonomous system can at least largely control the vehicle, whereas it has absolutely no influence or control over external players.

If someone outside of the car does something reckless then I don't suppose it's really fair to expect the car to sacrifice its own occupants as a result.

39
7

Desktop budget wrangles: Whose device is it anyway?

Neil Alexander

I guess I can appreciate that somewhat, but not because I expect to get any real work done on such a device. Sometimes it'd be nice to have a little 8" screen to carry over to a colleagues desk when I just need a quick opinion on something or to flick through minutes from a previous meeting when sat around a table.

1
0

IPv6 now faster than IPv4 when visiting 20% of top websites – and just as fast for the rest

Neil Alexander

Re: 20% is not noticable

"And if you *are* trying to open up that server, I *want* there to be some effort to prevent services being accidentally exposed to the outside world."

That is the job of a firewall. Repeat after me: NAT is not a firewall.

1
0
Neil Alexander

Re: Time to learn

"That would actually be Prefix Translation rather than address translation, but unfortunately (AIUI) that got kicked out as "not needed" quite early one."

Despite that, you can NETMAP quite easily using netfilter6 to translate prefixes with minimal effort on Linux. In fact, this is exactly what I do on my home network with my EdgeRouter X, which includes these modules out-of-the-box.

0
0

Did you know iOS 10, macOS Sierra has a problem with crappy VPNs? You do now

Neil Alexander

PPTP should have been dead years ago.

Congratulations go to Apple.

8
1

Apple: Crisis? What innovation crisis? BTW, you like our toothbrush?

Neil Alexander

Is it really a bad thing for new devices to feature "incremental" improvements? We've pretty much reached the point with smartphones where they do what we need and they do it reasonably well. We don't need a massive paradigm shift. We need refinement.

7
1

Pains us to run an Apple article without the words 'fined', 'guilty' or 'on fire' in it, but here we are

Neil Alexander

To give them credit for one thing

The AirPods do look really well thought out. If they work as well as advertised, I'll be sold.

1
6

Beautiful, efficient, data-sucking Smart Cities: Why do you give us the creeps?

Neil Alexander

The ironic thing here is that not everything in a smart city needs to be heavily networked in order to be "smart".

A street light that dims when nobody is around needs a dumb heat/motion sensor, and that's about it. At worst, it might want to know about the nearest few street lights and their motion sensing too, but it doesn't need to know about me, you or anyone else individually, and it doesn't really need to be networked with street lights some miles away. Road junctions can be monitored in volume of traffic and not necessarily by following individual vehicles around using ANPR. Some traffic lights already can detect oncoming traffic to stop people sitting at red lights unnecessarily - no citywide network needed there either.

The problem isn't making things smart. The problem is making things too networked.

8
0

FBI Director wants 'adult conversation' about backdooring encryption

Neil Alexander

Non-technical people in Government trying to rule on technical matters, sky still blue, etc.

0
0

Update your iPhones, iPads right now – govt spy tools exploit vulns

Neil Alexander

Re: Safe and secure...

That's a dangerous assumption to make, given that security holes in Windows Phone are much less likely to be as widely published given the comparatively minor market share. That doesn't mean that they aren't there and that the bad guys don't know about them.

4
2

Native Skype for Windows Phone walked behind shed, shot heard

Neil Alexander

Re: Bad reporting - Skype UWP part of Windows 10 Mobile etc.

"All active users of Windows Phone 8.1 devices (i.e. 2014 handsets onwards, roughly)"

So, er, not all active users of Windows Phone 8.1 then.

2
1

Windows 10 Anniversary Update is borking boxen everywhere

Neil Alexander

Re: Plan ahead

That would absolutely be wise, given that some Windows 10 users have seen such updates nuking their Linux partitions too.

10
1

Page:

Forums

Biting the hand that feeds IT © 1998–2018