* Posts by SImon Hobson

2539 publicly visible posts • joined 9 Sep 2006

Deere & Co won't give out software and data needed for repairs, watchdog told

SImon Hobson Bronze badge

Re: repairability

BMW led the way with that one. But the behaviour you describe is illegal in Europe (you don't say where you are) after the EU removed the block exemption from car manufacturers that allowed them an exemption to various competition rules. Now it is illegal to have tied dealers, exclusive areas, and a raft of other stuff they used to do - and it's illegal to restrict servicing to its own dealer network in the way you describe.

A friend of mine used to work for the local dealer of a well known British off-road icon. I recall him telling me that the third party diagnostics computer, while being a fraction of the price, was way better than the manufacturer's official one.

SImon Hobson Bronze badge

No, the Standard Oil approach. Then after that, the IBM approach. Then ...

Standard Oil is the reference text on how to do it - cross subsidising so you can undercut any competitor in any territory you choose to target, until they go out of business. Then up your prices to suit the new local monopoly to raise the cash to do the same thing in the next area.

Backblaze report finds SSDs as reliable as HDDs

SImon Hobson Bronze badge

Unless there's a bad block in the middle of that one crucial data file, or it's one of those shihorrible Seagate drives that "just stops responding" when it hits certain types of error (and so you can never recover most fo the undamaged data), or it's just given up altogether, or it's crashed it's heads and turned them into lathe cutting tools to remove the oxide layer instead of reading it, or ...

All failures I've had with spinning rust.

NHS Digital's demise bad for 55 million patients' privacy – ex-chairman

SImon Hobson Bronze badge

Re: Dead on arrival

Oh, I think we all agree that this data is incredibly important for research. Unfortunately, the people who should be applying the "checks and balances" in protecting that very important and very intimate personal information have really poisoned the well by showing themselves to be untrustworthy.

Now, if they were to somehow demonstrate that they can be trusted, and that said trust would stand the test of time (and future ideas about what is "reasonable"), then I doubt that many of us would be averse to doing our little bit towards future medical research. But, that's a massive IF there - I have no idea how they could get from where they are now to where they need to be.

File suffixes: Who needs them? Well, this guy did

SImon Hobson Bronze badge

Yes, thanks for reminding me. But NTFS wasn't ubiquitous by the time the problem was causing real headaches - and there are still probably billions of FAT formatted devices around. And don't forget, Windows isn't the only other OS - most Linux & Unix filesystems have the same limitation.

SImon Hobson Bronze badge

all binary files should have a specification which mandates the use of a magic number - that some don’t just means that the specification of these outliers needs updating

The Mac used to use embedded file descriptors - each file had a data fork (equivalent to a regular file) and a resource fork which effectively provided a whole new filesystem of metadata.

As a minimum, the resource fork would have two four character fields, well technically I think they were just 32 bit fields but convention said they were human readable strings. One was the creator - the application that made it; the other was the type - the specific type of file (e.g. TEXT). Other stuff in the resource fork would include all the icons, dialogs, etc, etc for an application. With a suitable editor, you could do some "interesting" things by editing these. It also meant that a text file created by one program could have an icon specific to that program, and open (by default) with that program - quite separate to text files created by a different program.

It was a brilliant system, but it was a right royal P.I.T.A. with anything but an Apple filesystem since other filesystems simply didn't have this concept. Apple did have workarounds, but these typically involved having a second file to hold the resource fork - so MyTextFile and _MyTextFile. Needless to say, it was hard for a non-Apple system to lose these other files, it confused users, etc, etc. So in the end Apple had to admit defeat, resource forks went away, and once again inferiority won the day. Now OS X uses extensions to identify the file type.

UK internet pioneer Cliff Stanford has died

SImon Hobson Bronze badge
Pint

Re: Demon Internet

They did eventually become a victim of their own success and became too slow to use

That happened a few times.

I recall in the early days (I think I got onboard when they had around 400 customers) they used to have a graph of user numbers over time. If you knew your history, you could point at each flat spot and say "that's when X was struggling" - where X could have been "running short of dial-in ports so you couldn't get connected, or the mail system getting overloaded, or ... Then when they solved a problem, the graph would continue its exponential curve upwards.

They had a lot of problems to solve - stuff people take for granted now. Back then, email meant SMTP - but SMTP wasn't designed for intermittently online devices. So as a first workaround you had to go online then (from memory) finger the mail server to trigger their software to trigger the mail server to spit out it's mail to you. Later they integrated that into the dial-in software. POP was only just appearing, and IMAP wasn't even a twinkle in anyone's eye.

They were "interesting" days. Thanks Cliff.

Journalist won't be prosecuted for pressing 'view source'

SImon Hobson Bronze badge

For "begin an investigation" read "persecute the b'stard so he (and his family) daren't leave the house" to teach him a lesson in not showing idiots up for being idiots.

EU Data Protection Board probes public sector use of cloud

SImon Hobson Bronze badge
Holmes

Re: AWS?

Well MS have long claimed that the data centres in Ireland are run by a different business and that MS (the Seattle based corp) is physically unable to access the data.

But then, the day the CLOUD act was passed, they handed over data held on a server in Ireland over to US authorities. Hmm ... And not to mention that access to services routes via whatever the US corporation decides the US controlled DNS should send it to, so of course plenty of scope for (e.g.) intercepting logins, capturing the password before forwarding the login, and then using the captured information to access the data.

It can be done properly, but it does mean having proper legal separation such that if (e.g.) a US authority asks for information stored in the EU - the business which actually runs the data centre can tell them to take a hike without fear of any repercussions.

France says Google Analytics breaches GDPR when it sends data to US

SImon Hobson Bronze badge

Re: Remember this word: Interstitial

No, you handed over a packet to be delivered without any special handling instructions. Therefore it is quite legitimate to deliver it by the most efficient* route.

If you want packets delivered by a specific route, then you can do that - you just need to specify it when arranging your connections. Be sitting down and prepared for a reassuringly expensive quote.

Or, you encrypt your packets en route which you can do quite simply if you control both ends - if it's a (e.g.) public web site then the opportunity to analyse traffic in flight is (or should be) the least of your worries, especially with SSL enabled sites.

* Where "efficiency" is going to be a combination of cost and available bandwidth, perhaps with a bit of commercial (e.g. contracts) thrown in.

SImon Hobson Bronze badge

Good question - and one I suspect Google will be careful not to answer directly or honestly.

SImon Hobson Bronze badge

Re: It's irrelevant, sadly

Yes, that case rather exposed MS's claims about data security etc as being "rather misleading". If MS's claims were true, then MS in the USA would have been physically unable to hand it over, and MS in Ireland would have refused to do so for legal reasons.

SImon Hobson Bronze badge

Re: Where is the UK in all of this ?

deems *all analytics* to be illegal

I suggest you try reading the article again.

At no point have analytics been made illegal - what has been made illegal is the use of Google Analytics as currently implemented. This is simply because, without explicit and freely given consent, users' PII is being exported to the US where it does not enjoy the same level of protection as it would if kept within the EU. It could be fixed in several ways - Google could fix their stuff to be legal to use in the EU, sites could use ${some_other_analytics} that is legal, or the US could change their laws so that they weren't completely incompatible with EU privacy law.

The USA doesn't seem interested in improving their laws (quite the reverse), I don't see Google giving up on an income stream, so that basically means website owners will need to find a different way of getting that information.

SImon Hobson Bronze badge

Re: Good.

True a contract does not have to be negotiated, but it must have been reached by a fair "meeting of minds". Where there is a take it or bog off, then you are at far more of a risk of it being challenged and parts declared unenforceable - or even, as in this case, found to be illegal.

SImon Hobson Bronze badge

Re: Confusing GA with advertising?

running a small company you are often short of time

I know first hand. But then that is not an excuse for not complying with the law. If it were, then a valid defence to speeding would be "but officer, I'm very busy and speeding shaves a few minutes off my day so that's legitimate".

GDPR is no secret, how GA works is no secret, at least to anyone with enough knowledge to be competent at assessing whether they are complying with the law. If you don't want to put the time in to educate yourself, then you consult someone who already has - and pay for a share of their investment.

It's no different really to someone deciding that it's cheaper/better/easier (for whatever their combination of preferences/constraints is) to pay an accountant to do their tax returns vs doing them themselves.

As suggested fairly early on, the main surprise is that it's taken this long to reach a legal conclusion. Everyone who had a clue could see that Safe Harbour was a sham, and when that was struck down it was obvious that Privacy FigleafShield would be struck down as soon as it ground it's way through the courts. Similar things like GA - there's no way to opt out of it as doing so breaks too many sites, including sites where I spend money buying their goods and services, but it exports PII out of the EU and that makes it illegal without informed, specific, and freely given consent. "You can't buy ${essential parts} from us if you don't agree" is not freely given consent - and it's rightly illegal under GDPR.

And the thing to remember is that legal compliance is not a "one off" activity - done that, tick the box, forget about it. Laws change, both because they've been explicitly changed by legislators and because it gets "clarified" by case lore. It may have been assumed up till now that using GA was legal - now it isn't. So you either deal with that or sooner or later you'll find yourself on the naughty list.

I recently got in touch with a supplier as when I went to their website it offered unlawful options regarding cookies etc. As it happens, they didn't moan about it "not being their job to comply with the law, boo-hoo, woe is me" - they thanked me for bringing it to their attention as they don't normally see the cookies prompts etc, and they'd just had some website updates done which had broken something in that area.

SImon Hobson Bronze badge

Re: Remember this word: Interstitial

Forwarding packets is required in order to fulfil a contract (whether direct or indirect, express or implied). If you want your packet delivering, then you need routers to forward it. Thus that's covered by one of the other legitimate reasons, not by "informed consent".

SImon Hobson Bronze badge

Re: Remember this word: Interstitial

Google (for example) gets a request to load one of it's fonts. It gets your IP address, information about the browser, AND a referrer URL. So then it knows quite a lot it can correlate with it's other data - at the very least it knows that someone at your IP address is browsing a particular site, and by fingerprinting your browser it can determine which of you (assuming multiple people sharing the address) it is.

So yes, they get a lot of information from this seemingly innocuous traffic. Why else do you think they offer it "free" ?

Fibre broadband uptake in UK lags behind OECD countries

SImon Hobson Bronze badge

Re: Emergency phone connections....

I don't know what the current situation is, but early FTTP setups incorporated a battery-backed NTU and analogue port so that your old POTS phone would continue to work with the power off. But it was only a short time (1 hour ?).

SImon Hobson Bronze badge

Re: It's of no interest to me.

I agree, this asymmetric rates business is ... annoying. There's a genuine reason with DSL services as you are trading off upstream rates (which people don't generally use as much of) for more downstream which people do use a lot. With ADSL-2 there is an option called Annex-M which changes this to give more upstream at the expense of losing downstream bandwidth - used to have customers using this to get better performance on VPNs etc.

But on things like "real" fibre, its native capacity is quite a lot more than typically used, and there's no real reason for being asymmetric other than the marketing people who don't want you running any services on a "residential" connection.

SImon Hobson Bronze badge
Holmes

Re: " I just switched from bt to ee and halved my monthly bill."

It's worth knowing that OR offers different service levels based on how much the ISP pays for the line/services running over it.

SImon Hobson Bronze badge

Re: Nevermind Fibre, could I have copper please

what is wrong with Aluminium for POTS?

Actually, if the wire is sized accordingly, nothing.

But, aluminium is renowned for its ability to turn into non-conductive white powder - ask any Land Rover owner ! So after a few years, what should be a bit of copper terminated into a joint ends up being a bit of aluminium not quite reaching the joint and some non-conductive white powder in the gap.

At a previous job we had a site on the Isle of Wight - unfortunately fed by copper for part of the run. It was a regular occurrence reporting non-functional lines (we had 9 in all by the time we counted the voice lines, fax line, Kilostream line, and ISN-2 for backup to the Kilostream). Eventually they gave in (I suspect they ran out of ability to shorten and re-terminate the wires) and replaced the trunk cable with copper.

So a cost saving at one point ended up as a massive cost sink a few years down the line - both from replacing the cable, and the massively increased number of faults occurring until they did replace it.

To our total surprise, Apple makes adding alternative payment systems to apps 'painful, expensive, clunky'

SImon Hobson Bronze badge

I suspect all of the manufacturers would do that if they could - luckily things like petrol and tyres are "open" to the extent that it can't be done. But yes, I bet they are all working on "electronic locks" to restrict what else you can do.

SImon Hobson Bronze badge

That would only be a vaid comment if it was something you had built for your own use - and someone came along and said you had to let others use it.

In this case, Apple have built something (well millions of iSomethings) which they have sold to customers for the customers to use for the customers benefit. But they've reserved unto themselves the right to dictate what the customers can use that bought item for*, reserved unto themselves the right to prevent you buying accessories (i.e. apps) other than through themselves, and then use the second of those to justify charging devs for the privilege of being able to sell their wares to customers.

Carp car analogy. A bit like Ford restricting your car so that you can only use petrol paid for via Ford financing, only fit tires paid for via Ford financing, only play CDs in the audio system that have been paid for via Ford financing, only listen to radio stations that have been approved by Ford (and for which they charge the radio station). Seems a bit different put that way doesn't it.

* I wanted to use an iPad for WiFi surveys for work - but "not allowed" by Apple. Being pedantic, to do that means using a particular API which existed - but use of it was verboten by Apple for anything but it's own apps.

Play Store class action has £15m budget for defeating Google in London court

SImon Hobson Bronze badge

Re: Equality

Put into escrow, not handed over.

But, the problem with this is that it puts further costs onto being a defendant - c.f. strategic lawsuit against public participation (SLAPP). So while it might seem appealing to "hit the big bad guys", in practice any such law would end up being used by big bad boys to put "not as big and probably good" boys out of business.

That's already a tactic in some jurisdictions (esp. USA). Calculate who is not big enough to be able to fund a good defence and offer them a chance to pay protection money (a.k.a. out of court settlement) for an alleged infringement - carefully calculating the amount so it seems attractive compared the cost of defending litigation. I've read that it can cost 1/4 million $ to successfully defend a patent infringement case !

No, I've not read the screen. Your software must be rubbish

SImon Hobson Bronze badge

Yeah, just a matter of naming. It was an easy transition :-)

SImon Hobson Bronze badge

Ah yes, I remember that from a few jobs ago. Most work was done on Wyse 60 terminals connected over serial to a Xenix (later Unix) box. As described, if something was left on the keyboard, the terminal would start beeping incessantly.

It was surprising how many people were oblivious to the racket coming from their own terminal - until people would start calling across the office to them.

Privacy Shield: EU citizens might get right to challenge US access to their data

SImon Hobson Bronze badge

Re: True in every way in fact

Can the EU mandate that european businesses cannot use Salesforce?

No, but they can say that (using your example) Salesforce doesn't comply with the law and hence it's illegal to use them. The reason we don't have the big homegrown tech is that the US has provided an environment where they could get going and through a variety of illegal techniques killed off any meaningful competition.

If the law was properly enforced such that use of "US services" was effectively illegal, then we'd rapidly see a number of options pop us -and some of them already exist.

Take MS. In theory* we are told that the data centres in Ireland are operated by a a separate business resident in and subject to the law in Ireland. In theory*, the us corporation known as Microsoft is physically unable to access data held in a data centre in Ireland. I suspect some of the others have already set up such structures - and if done right can comply with the law.

Any of the usual suspect will be able to sit back and either sort out something similar, or see their EU business dry up - and as pointed out, the EU is big enough than few of these international corporations can afford to walk away from it. But if they did, then others will be happy to pop up and fill the gap.

* I say "in theory" because it's not as clear cut as they claim. Firstly, the domain names used are under US control - so there's no guarantee that things couldn't be redirected for nefarious purposes. We've seen how this complex international web of stuff can create fragility where the failure of a server somewhere can cause outages for customers on a different continent. Secondly there's that rather inconvenient issue that MS in the US handed over data held on Irish soil the day after the US passed the CLOUD act.

Right-to-repair laws proposed in the US aim to make ownership great again

SImon Hobson Bronze badge

Re: Car manufacturers are not immune to this.

That's a different thing altogether.

With one proviso, that's basically selling an option that's not essential to you using or repairing your car. So when deciding what make/model/set of options you want to buy, it'll be just one more "is that worth the price" choice.

The proviso is that the buyer is made fully aware of it BEFORE purchase. It's not entirely clear from that article, but it does look like you get a physical key fob that can be used to start the car. If that is the case, rather than an option to pair your mobile etc to do it, then I would expect that to be a "static" feature. Unless it was made clear (and not buried in small print) than this function was dependent on subscribing to an unrelated service, then I would expect it to function without me paying a subscription for it.

SImon Hobson Bronze badge

Re: "Medical" devices - still not "exempt"

You can be very certain that they won't do that. There's a reason everything they sell comes with all those warnings about "not a medical device, don't use for medical purposes" and the like (along with "don't try and run a nuclear power station with it") - and that's product liability. With general purpose IT stuff, we "sort of" accept bugs and crashes as part of the experience. With medical kit we expect it to work[period]. And if medical kit fails to work properly, then some serious brown stuff can hit the air circulator.

SImon Hobson Bronze badge

Re: The Problem

That worked for Adobe - but only because Adobe have a de-facto stranglehold on the creative industry (effectively, if you are in the design/print business then your clients will expect you to be able to handle Adobe documents).

But contrary to what others have said, Deere don't have that degree of stranglehold. A tractor is basically a commodity item with stable and well defined interfaces. If you drag something, then there are industry standards about how you couple it; if you attach an implement, again there are industry standards for the 3 point linkage; ditto for the power take off; ditto (more or less) for hydraulics. Basically, for any specific weight/size/power of tractor, you can largely swap that tractor out for any other make of a suitable weight/size/power.

And there are plenty of manufacturers around. Ford, Case, Massey Ferguson come immediately to mind. But there's also Lamborghini (made tractors before they made cars) and a host of other little known makes. And that's before you get to the Russian and Chinese models - a lot of which appear to be either copies of, or perhaps they bought the tooling from, well known makes like MF.

So Deere can take the decisions to stop selling outright, but their sales teams will very quickly be feeding back to management that they might as well scale back manufacturing capacity a lot. They'll get some lease deals - big operators do tend to lease more of their kit - but they'll lose pretty well all of their sales to small and mid size customers.

One thing that does tend to get attention is when [big vendor's sale person] comes calling to collect his next sale - he sees that amongst your current [big vendor] kit parked in the yard, there is now a competitor's product. The sales person knows very well that once you've bought one of something else, unless it turns out to be a lemon, then it's unlikely to be the last.

European watchdog: All data collected about users via ad-consent popup system must be deleted

SImon Hobson Bronze badge

Re: Current ads on Amazon are

I've not got a real problem with Amazon using my purchasing history on Amazon to determine what "suggested items" to show me on Amazon. This involves only my data that Amazon might reasonably be expected to have, from my use of their site, to provide functionality, on their own site.

And here we get into a much murkier area.

Yes, it's reasonable for Amazon to have a record fo what you've bought from/through them. They have a legitimate interest in holding that in case you want to return something or have a warranty issue etc.

But, did you give them permission to use that information for any other purpose ? Because unless you gave your free and informed consent then Amazon using purchase history to target other products to you is explicitly illegal under GDPR.

But as with a lot of stuff, what the law says and what the big corporations know they can get away with - for at least many years - are not the same thing.

SImon Hobson Bronze badge

I wouldn't go that far - but it does depend on "who" you mean when you say "the EU".

Some elements of the ruling class went out of their way to put a fudge in place to replace the previous fudge that was eventually found invalid. Everyone knows that the current fudge is invalid - but until the legal process grinds through to a conclusion, it's still in place. Comparisons with Nelson and "I se no flags" come to mind.

But thanks to Max Schrems, the current fudge is under scrutiny, and it's certain to be found invalid when the case finally makes it through all the stages.

Then we'll be at a crossroads. It will be a lot harder to put another fudge in place because now everyone knows that the EU and US have fundamentally incompatible laws, so it might come down to a case of who blinks first - the EU or the US.

SImon Hobson Bronze badge

Re: Ad blockers are as immoral as tracking

And the answer to that is - offer the choice.

How many sites that now depend on ads for their running costs have offered the choice ?

I use a small number of sites that have done - you can pay an annual subscription and have no ads, or you get ads. And several of those are useful enough to be worth what they are asking.

And this is part of the problem - too many vested interests have now educated the general population to expect everything on the internet to be free. It suits Google because they've geared up to massively mine the users to be aggregated and sold, while charging web site owners for the advertising that puts users off using the sites. Faecesborg is much the same. And of course, now they've burned their bridges they are up in arms that anyone dare challenge their business processes - knowing full well that their entire business model is dependent on breaking the law.

They've burned their bridges in many ways. For one, they've trained users to expect it all for free - so users aren't going to be keen to start paying. And especially in the case of Faecesborg, they've destroyed any semblance of the trust they'd need users to have in them if they were going to offer a "paid but not creepy" option.

It will be interested to see what happens when finally some of these large corporations have the legal process catch up. Will Faecesborg try to offer a paid but not creepy options ? WIll sites in general start asking users for cash ? Will a system appear and get traction to allow users to pay small amounts - i.e. in the order of what the site gets from serving ads to them - for a "pay as you eat" option rather than having to subscribe for a month/year/whatever even if you only ever read the one page ?

Throw away your Ethernet cables* because MediaTek says Wi-Fi 7 will replace them

SImon Hobson Bronze badge

Re: You can pry the ethernet cable out of my cold dead hands!

All that happens is that over time a new system comes out that gives us more bandwidth - and that bandwidth gets eaten up by an increase in competing devices. Sooner or later we'll start seeing problems with 5.8G like some of us recall with 2.4G.

Many years ago I was sent to visit a bosses friend in Monaco - hard life, someone's got to do it :-) When I looked at the wifi in use around his apartment, the list of APs was pages long - and this was when 5.8G gear was few and far between.

And also many years ago, I recall reading a comment from someone in Korea. His problem was a UI one - there were so many WiFi SSIDs that by the time he'd scrolled down to find his - the UI refreshed the list and he had to start again !

I'll take a wired connection any day for a static device. And not only does the ethernet cable reliably deliver the network without interference from the neighbours - it can also deliver power for some of my devices.

IPv6 is built to be better, but that's not the route to success

SImon Hobson Bronze badge

Re: Literally all of those are solved problems.

Piercing NAT from inside a firewall is a solved problem. BitTorrent proved that decades ago.

No, it proved that some of the time, with sufficient wasted effort from devs, the borkage of NAT could be worked around. If it was "so solved" - why then do (did) clients have so many NAT related settings ? Why were support forums full of threads about getting the client working properly/at all ? Why support pages/thread about how to manually configure port forwarding in your router and matching the settings in your client (because that is the ONLY way to guarantee full operability with other clients) ?

Looking back, a not inconsiderable portion of my time has been spent dealing with problems caused solely by NAT. The problem was not so much solved as worked around by a great deal of effort that would have been better spent on other things. E.g. if the devs hadn't had to deal with NAT, they'd have had that time to write better software, code features, ...

CGNAT is worse and will be coming to more and more users over time.

SImon Hobson Bronze badge

Re: "I don't always need to look up the address of a bit of kit I need to contact"

They put too many barriers

There really are very few barriers, and for most users changes like doing ND with multicast instead of ARP with broadcast are invisible. A lot of the complaints I read in these threads boil down to "it's not identical to what I know and learning who to handle the letters a-f is too hard. OK, I suppose some people are also thinking that it takes an extra keystroke to do a : instead of a . - but then using hex instead of decimal will save keystrokes.

I'll be blunt - and I don't care that I'll get downvotes for saying it - but learning IPv6 is no harder than learning IPv4. That it seems harder is (for most people) simply down to the fact that they have already learned (enough of) IPv4 and so learning for IPv6 is extra compared to what they have already done.

As an analogy, I could say that German is a much harder language than English - for me it is, but then English is my native language, while German is something I sort of learned at school. For someone born and brought up in Germany, I imagine English is considered a harder language - and if you take a step back and look at them, English is a far more complicated language to learn.

APNIC: Big Tech's use of carrier-grade NAT is holding back internet innovation

SImon Hobson Bronze badge

Re: Welcome to MUMSnet

... but whenever the subject of IPv6 comes up, the comment section turns into something from Mumsnet or the Daily Mail - lots of loud uninformed opinions based on "research" that would embarass a flat-earther.

And you missed off another feature of IPv6 discussions - all the downvotes against factually correct statements that don't fit with someone's idea of what reality should be in their world. And I note that none of those downvoting are brave enough to say what they think is wrong with the post they are downvoting.

SImon Hobson Bronze badge

Re: That old chestnut

End to end encryption is a standard component of ipv6 so why do a vpn?

It may be a standard, but optional, part of IPv6 - but is it actually widely implemented ?

And I am NOT referring to the likes of NordVPN. My background here is in setting up and managing multi-site networks for both my employer and clients. That's all been IPv4 (and hence RFC1918 addressing) because of the issues people raise - mostly the "why am I bothered when everything seems to work OK" attitude.

Going to IPv6 it would make sense to use ULAs for internal traffic - that way, you can have a stable addressing setup, properly configure the DNS, etc, etc and be independent of what the upstream ISP does - and yes, some ISPs do "interesting" things. Running site-site tunnels using whatever tunnelling protocol is in fashion* at the time allows you to do that - while hiding not only the contents of the packets, but also the individual flows**. E-E encryption within IPv6 doesn't hide the device-device flows as both source and destination addresses have to remain visible for routing to work.

* For a given set of vendor support and security considerations

** Yes, it's possible to infer flows given a deep enough analysis of packet sizes, timing, etc - but that's getting into the "if you have to worry about someone putting the effort in to do that, then you have bigger issues to worry about" territory.

SImon Hobson Bronze badge

Re: Welcome to MUMSnet

a router built since 1993 will be compliant with the RFC's & will not assume classful networking & will be compliant with CIDR

I'd suggest "many routers built since 1993 will ..." It took a while for Netgear to understand that the whole internet isn't built with /24 subnets ! I recall working with one that was much more modern than 1993 that would not allow .0 or .255 to be used anywhere regardless - including on WAN facing settings.

SImon Hobson Bronze badge

Re: Welcome to MUMSnet

I bet your large site had just 1 subnet.

It did, but actually not that many devices. It was more a case of our use case didn't fit too well with their prescribed block assignments - and it left a dynamic range that was a bit too small to allow for both reasonable length leases (for stability) and a moderate amount of churn.

Prior to joining this big WAN with the prescribed usage of IPs, I did use just a /24 for this network from the 192.168.0.0/16 allocation. It wasn't the number of devices, it was the restrictions imposed that made me choose a /23.

So perhaps they’d had a standard that no subnet should be more than /24 and all routers would be from .1 to 9, and you suddenly broke that.

Actually, it was more a case of the supposedly professional people doing the networking hadn't actually even thought about that. It was clear that they had never worked with anything but a /24.

Why didn’t you just do 2 x /24’s, private ip’s are free!!

And then you have the problem of routing those addresses together - and breaking the stuff that relies on broadcast or multicast.

It’s good engineering to not use big subnets, modern switches can temper broadcasts but in older times having large broadcast domains would slow all your systems in that broadcast domain as everything would need to listen to the broadcasts.

True. But as you don't know what was on our network, you aren't qualified to say whether your suggestion would be better or worse than what we did have. It did work just fine, and broadcast traffic was not a problem. Bear in mind that a significant proportion of traffic was keystrokes sent via Telnet and the corresponding screen updates - that should date it a bit for you, as should the fact that it was a mix of 100 and 10M, using hubs, and only (IIRC) one switch to give some traffic segregation between hubs (I tried to keep "groups of users", especially the art/design dept with their megabyte sized files, together on one hub). That was not far behind state of the art at one time you know ;-) As it was, it was a very major step up for us from the 230kbps Apple LocalTalk for the Macs, and no network at all for the PCs.

Also, lets just say that budget was "not large" :-(

Many firewalls (checkpoint, asa etc) for decades have allowed ranges to be used in rules as well as subnets.

And many have not. And also there's the issue of diagnostics and stuff like that.

Classic example of someone who knows a little & thinks they know best but truly has no clue.

That's a rather wild accusation to throw at someone when the only evidence you have is that you think you have a better grasp on how the network should have been designed than the person who was actually there with access to the information needed in order to make those decisions.

SImon Hobson Bronze badge

Re: Fighting NAT and DHCP broke ipv6 adoption

I think you are getting confused with mobility services - where a client can keep a stable address - but only by using a mobility service in their home network. But this is completely unrelated to the long deprecated use of the MAC address in forming addresses.

But yes, in many networks, especially mobile, the upstream prefix will change and so the device (and anything downstream of it) will need to renumber. Yes, people understand that, and yes, we can understand that DHCPv6 isn't necessarily the best option in those networks.

But Google has declared that because DHCPv6 is not good for mobile devices, it won't allow it to be implemented on Android regardless of application. And when I say won't allow it to be implemented, AIUI they've done deals with hardware (chip) manufacturers to actively block the packets (at the chipset level) that would be needed to make DHCPv6 work. AIUI there is an implementation for Android - but because of this packet blocking, it doesn't work on many devices.

So in this case, it really is a case of Google actively blocking it's implementation because they don't think people should be allowed to use their own devices as they want.

SImon Hobson Bronze badge

Re: Fighting NAT and DHCP broke ipv6 adoption

For DHCPv6 put the blame in Google's lap. There is no problem using DHCPv6 in general - it's just that Google for their own reasons refuse to allow it to be used on Android. This isn't just a case of not supporting it, they actively block the ability to install a DHCPv6 client.

The reason, AIUI, is that DHCPv6 can be slow to renumber if the upstream network changes - such as in mobile networks. Therefore, because DHCPv6 is not good for this application, they refuse to allow it to be used anywhere.

They also have this attitude that network operators should not be allowed to control or influence or monitor clients in any way - regardless of that being not just good practice, but legal requirement for many networks. And monitoring deices and spying on people is Google's job - not some pesky network operator between them and the client.

GOOGLE IS TO BLAME for DHCPv6 being a problem

SImon Hobson Bronze badge

Re: What's all the fuss about?

The problem is that if you have enough large holdouts that stick to IPv4, then "rest of world" needs to continue supporting IPv4. As long as "rest of world" still does IPv4, then there's no incentive for anyone to move to IPv6.

It's great that so many large outfits have gone to IPv4. But at the current rate, it's likely to be a long time before people see that propping up IPv4 with more gaffer tape (NAT is gaffer tape, CGNAT is more gaffer tape on top, methods to get through NAT are yet more gaffer tape) is pointless.

Just think, if someone like Google declared that they were dropping IPv4 then there would be a significant push to get IPv6 working everywhere that people want to use Google services. Google isn't going to do that as ong as there's a significant amount of IPv4-only stuff about. Catch-22.

SImon Hobson Bronze badge

Re: Another (posssibly uninformed) view........

So you continue the situation the article mentions - "control" is vested with those who run the servers and there are disincentives for that to change.

Agreed there are security issues, but for example I already run my own mail server at home (so SMTP and IMAP) and web service (so HTTP(S)). I can connect to those from my phone without having to have permission from someone like Google or Faecesborg to do so. Who knows what else people could come up with that might well be very useful if there weren't this technical hurdle that - contrary to what people will tell you - dealing with NAT is actually non-trivial (it's easy for some cases, impossible for some - there's a reason I hold a special place in my room 101 for Zyxel).

SImon Hobson Bronze badge
Facepalm

An experienced network engineer can look at the issued IPv4 ranges on a PC and work out why they may be having issues accessing the internet / network resources / VPN etc.

And with IPv6 it would be no harder - and in many ways a lot easier - for a given level of familiarisation.

If I tell you that a client at a.b.c.237 is struggling to talk to a.b.c.243 with a subnet mask of 255.255.255.224 - how long does it take you to work out what the numbers mean ? OK, if you deal with it all day every day you carry the tables in your head to convert the decimal to binary - but with IPv6 you only have to remember at most 16 binary values from 0000 (0) to 1111 (f) and subnet calculations are a lot easier. And you only ever have to do one nibble of comparison as the split is explicit (as in writing a.b.c.237/27 - and in a well setup network you'll NEVER have to do any binary as the prefixes will all be on nibble boundaries.

So ... IPv4 means learning "strange" tables of decimal-hex-binary-subnet length conversions, IPv6 means just comparing numbers are written and AT MOST doing on nibble of hex-binary conversion. So obviously, IPv6 is so much more complicated

SImon Hobson Bronze badge
Facepalm

Re: Welcome to MUMSnet

Part of me is laughing at these people, another part of me is hoping I never have to work with or depend on these people.

With a previous work hat on, I did in fact work with this sort of "network professional".

The sort of network professional that laid down a corporate standard that any routers would lie in the range of addresses .1 to .9, that servers would be in the range .30 to .49, and so on. Completely decimal thinking without any clue about what that means in terms of applying filters should that be needed.

Not only that, but because of the size of my site, I decided to allocate a /23 out of our bit of the 172.16/12 block - the same "professional" network people simply couldn't understand that allocating a client to .1 in the upper half of the subnet didn't put it in the range reserved for routers.

Oh yes, and I recall working with some Netgear routers in the past that simply could not cope with anything but a /24 subnet. Regardless of context, a.b.c.0 or a.b.c.255 were declared invalid by the GUI.

So yes, "these people" really do exist - and yes, they do exist in worrying places.

SImon Hobson Bronze badge

Re: Addressing only the problem that v4 has?

Yes, a big part of the problem is that "it's not IPv4"<period>

NAT is an abomination, but because it appears to work, too many people see that there's no problem with IPv4 so why fix what isn't broken.

To be blunt, IPv4 internet is like something held together with gaffer tape - not that I'm knocking gaffer tape. But NAT, and all the kludges to work around what it breaks, is an enormous lump of gaffer tape.

But as long as people see that IPv6 is "new and scary", they'll shy away from implementing it. It's not actually all that hard. OK, addresses are longer, but in a properly set up network the user shouldn't ever be using them - which is another problem, too many networks are, to be blunt, steaming middens with poorly setup service that require users to understand IP addresses.

SImon Hobson Bronze badge

Re: The real problem with ipv6....

And it must be remembered that most OSs do actually support DHCPv6.

Notable is that Google not only won't support it in Android, but actively block the means for the user to add their own DHCPv6 client where they want it.

You see, Google work on the basis that users' privacy is sacrosanct at the network level - it's Google's job to invade that. So they actively refuse to allow Android devices to use DHCPv6 which they see as allowing network engineers to constrain what a device can do - while actively tracking which device used which addresses when. The fact that well managed networks do actually need this ability - and in some cases it's an absolute legal requirement - makes it difficult to actively use DHCPv6 and be able to support all popular OSs.

It is actually one reason (just one) for some networks not implementing IPv6 - Android, or rather Google's petulant refusal to allow Android to use DHCPv6, is a problem.

BLAME GOOGLE FOR P1SSING IN THE WELL

SImon Hobson Bronze badge

Re: FFS!

Far safer to implement the p2p business status further up the stack

As long as you trust those "further up the stack". Ask (ex) Revolv users how that worked out for them when Google bought the company and shut down the servers - bricking the devices. There are numerous examples of where a service has been shut down and stuff stops working, or of services being found to be mining users' data for their own profit.

Put another way, in the general case, "further up the chain" can't be trusted.

Pop quiz: The network team didn't make your change. The server is in a locked room. What do you do?

SImon Hobson Bronze badge
Mushroom

Re: Locked in at night

I was wondering how long before that came up. Many of the situations described should have resulted in a business version of the icon - an incident report should have been filed detailing how the situation was a hazard to life and a breach of health and safety laws or fire regulations in most places.