Posts by Frumious Bandersnatch

Re: Nat as a security measure

NAT makes for better privacy. The use of IPv6 without any NAT is likely to make each device in your site uniquely identifiable by its global address.

Sorry, but that's probably the #1 myth about ipv6. If you use SLAAC then the global address for a single host will change over time. See for example, this page which says (emphasis added):

IPv6 provides both a stateful and a stateless address configuration functionality. Stateful address configuration is similar to the existing DHCP functionality in IPv4. IPv6 also supports Stateless Address Auto Configuration (SLAAC). In this mode, nodes can automatically configure their network configuration by generating a local IP address, locating neighbors on the same local segment, locating a default router, and even generating a globally routable address using the prefix supplied by the router through ICMP messages. All of this occurs without any user interaction. Another interesting note is that IPv6 provides the ability to easily renumber these global addresses via the routers on the network instead of configuring the hosts individually. Securing these interactions is definitely something to consider when deploying IPv6.

Re: Poor show

it's a really poor show when you've already run out by 9:30am on a Monday, too :)

The gin, yes, but running out of grenadine? It's non-alcoholic, isn't it?

Also, minor quibble... all the OpenWRT releases are named after cocktails. The splash screen (motd) when you log in has always given the recipe on any release I've ever used.

"I didn't really understand it, but it solved my issue, so I used it."

Sums up my entire career as a "developer" :(

There's a name for that ... https://en.wikipedia.org/wiki/Cargo_cult_programming

Re: Cracks?

If GCHQ recommends SHA 256 and PBKDF2

I just happened to be reading this article about hacking WPA/WPA2 on Tom's Hardware the other day. Though they didn't mention it by name, they describe PBKDF2 as using an iterative HMAC construction for protecting the key. As far as I know, there are no practical attacks against this, so the attacker is forced to use brute force. I would be extremely surprised if someone ever did manage to come up with any better attack since the construct effectively includes two one-way functions (the HMAC part and the chosen digest function). Plus, even if someone did find an attack that's better than brute force, increasing the number of rounds or alternating between two separate digest functions should make it secure again.

Re: Sorry, got the first sentence wrong

words like "brainfart" and "Mrs. Mimsy" were flowing liberally through my mind

Careful! Next thing you know, your mome raths will be outgribing ...

Re: Only one thing to say

Not forgetting The Commentators

Who's on first?

Re: Here it comes?

I remember doing that and wondering if my monitor was going to get fried...

Been there... fingers hovering over CTL-ALT-BACKSPACE. just in case.

Of course then someone decided that we don't need to have that enabled by default (as if I'm going to accidentally hit it). Same goes for PointerKeys. Grrr--I hate "progress".

Re: Answer

"Phucket", the place, starts with a 'p' sound. Technically, it's an "aspirated" p sound, which means that it comes with a quick outburst of air. The 'h' is what distinguishes a normal p sound (like in "nap") from an aspirated one in the transliteration to our alphabet. It's never a good idea to assume that normal English orthography rules (like 'ph' -> 'f') apply when dealing with foreign words, especially place names.

Storing extremely high-value information on a server

I have to downvote your there, AC. How is anyone supposed to get any work done these days if they can't collaborate and share crucial development info over the net? Especially something like open source tools where (presumably) developers are spread around the world?

Could you suggest a way for them to share info that will be 100% secure? Of course not. We're all human and susceptible to making mistakes every now and then that can let the bad guys breach almost any "secure" system.

Cats, not meerkats

Racist! I'm just as much a Feliform as your stupid moggies. And cuter, too.

Re: Re. perpetual right to watch a movie

So tell me why my Raspberry Pi's root filesystem needs to pay royalties again?

Because you made an inexplicable decision to format it as FAT with long filenames instead of ext[234]?