* Posts by Canecutter

90 publicly visible posts • joined 18 May 2011

Page:

What is it with cloud computing? Engage VM, disengage brain?

Canecutter

Thank You

Words to live by, Trevor. Thank you.

When will Microsoft next run out of US IPv4 addresses for Azure?

Canecutter

Re: Confused about IPv6 vs. NAT.

"The idea of my network hosts being publicly addressable seems like a bad idea to me."

Then set up the filters of your site ingress and egress routers to DROP any datagrams addressed to the IPv6 nodes you want to keep on your private network. That is what happens for the 192/24, 172/16 and 10/8 addresses right now.

Also, just because you use NAT, does not mean your "internal" nodes are any safer!

IPv4 addresses now EXHAUSTED in Latin America and the Caribbean

Canecutter

IPv6 in LACNIC

IPv6 doesn't have any technical problems that are any worse than IPv4. In fact, I would say that IPv6 is a vast improvement on IPv4, if only it could succeed in weaning the sheep away from NAT.

I have built and run IPv6 networks since 1996 when I first learnt about it, and it was only available on FreeBSD via the Kame implementation. It is no more complicated to run than IPv4 was. The biggest headache I ever had was keeping track of address assignments, because so many addresses were available to me.

People who worry that IPv6 provides no privacy, and that they will lose it if they switch from IPv4 really need to explain to me just what privacy advantage IPv4 offers that they stand to lose in a switch to IPv6. And they need to speak slowly and clearly lest I don't understand their speech.

Even via tunneling, I often get better performance using IPv6 native than I do with IPv4, simply because my packets don't get touched by a bunch of middleboxes trying to "protect" my data stream with NAT. I tell you, the most sulphurous, smelliest, hottest circle of hell awaits the devils who foisted NAT on the networking community.

Regarding IPv6 in LACNIC, the only reason I could see for the slow uptake of IPv6 comes in a single phrase, "Internet Service Providers". For whatever reason, they refuse to provide native IPv6 transit service where I live. If it is the same elsewhere, then that industry, as a class, needs to be taken to the back of the barn and given a "gentle reminder" about their duty of providing connectivity for their existing and new customers, perhaps with a few 50 mm rounds of artillery.

I check every year with the local ISP's, and every year, they return with nothing but empty promises that they will provide native IPv6 transit service by the end of the year. WE ARE STILL WAITING, folks.

You've heard of the internet, right? Well this here might just be the INTERCLOUD

Canecutter

Utility? Really?

There is a fundamental difference everyone seems to overlook between cloud computing, and what might be called a "utility."

In the case of a utility, the SERVICE is brought to you directly. Not just access to the service. Not just the infrastructure for the service. The actual service itself. In cloud computing, YOU must go to the service (by SENDING YOUR data (at the least), and SENDING YOUR program) to the provider who makes available a platform upon which to perform the associated processing.

It's about as much a utility as the exchequer is a utility, or as much as the passport office is a utility.

DeSENSORtised: Why the 'Internet of Things' will FAIL without IPv6

Canecutter

Re: is this what.....

"If you use a tunnel broker, perhaps. Most of the Internet backbone carries IPv6. The BGP routing protocol anounces v6 prefixes. I have no problem getting to v6 hosts all around the world, and only a small fraction, if any, goes over v4 tunnels."

Thing is, if your (native) first-hop egress link doesn't carry IPv6, you haven't much choice about using a tunnel. :(

Canecutter

Re: Networking's answer to Windows Vista

"Above all, IPv4 has those non-routable address blocks and with readily available $30 NAT boxes, with only a very basic skill set, anyone can make sure that packets which belong inside the building stay inside the building. Simply, the market does not want IPv6, it wants IPv4 with extra numbers."

Non-routeable address blocks: IPv6 has a very large pool of similar address blocks, if you want to use them. They are called ULA (Universal Local Address), prefix: fd00:: /8 Enjoy their use.

Readily available $30 NAT boxes: If you need it (unlikely) any Linux box could do the job. Save your $30.

Make sure packets stay inside the building: You ever actually put a protocol analyser on the egress link of any company network. Many have so badly misconfigured their egress routers that you can find teeming masses of packets with SRC=192.168.x.y, 10.x.y.z, etc going to God alone knows where. I won't quite bet on net-10 the way you would.

Canecutter

Re: Havin_it

"I'm sure there are already tools around to put mapped ips into groups for management purposes ..."

Yes, it is called IP Address Management. It works for both IPv4 and IPv6, and allows you to do everything you describe and more.

Canecutter

Re: Bridging IPv4 to IPv6

"As much as I hate this restriction with NAT, I'm still not sure that I like the alternative of flat routing (no hiding behind NAT) in IPv6."

With IPv6 your options for creating globally reachable subnets are quite a bit richer than that for IPv4. In particular, if you want to divide up your network into a "Private" network and a "Public" network, use (at least two) subnets and filtering rules to drop all traffic except as you authorise on entry, egress, or transit. In other words, no more complicated than the original picture for IPv4, and a lot less complicated than the picture for IPv4 plus NAT.

Canecutter

Re: Bridging IPv4 to IPv6

"My network has been native dual-stack for a good six months now, and had tunnelled v6 before that - the big boys like BT need to stop dragging their heels."

Looks like my situation. I've been tunneling to the rest of the IPv6 Internet for the better part of 12 years now. Haven't had any problems with that. The only reason I didn't tunnel out (IPv6 over IPv4) earlier is that I didn't know of any IPv6 transit providers then.

My own suspicion is that there are a lot of IPv6 users already, and the only reason you don't hear from them is that they've already accepted the reality that ISP's will never get with it until they are forced to, and IPv6 users have simply "routed past the network failure" by tunneling to the global IPv6 Internet.

Certainly is what I did.

OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts

Canecutter

Re: I am paying for OpenSSL, via my Red Hat subscription

"Thirdly, there's C. We desperately need a new systems programming language. We've written enough applications programming languages to know what works and what doesn't (Java, Python, Lua, etc) but those languages simply aren't deployable in the systems programming space."

Want a language to use to replace C? Well how about the language that is most studiously ignored by the elites of software development, such as the ones responsible for OpenSSL? To what language do I refer? Why Oberon-2 of course! It IS a SYSTEMS programming language with which it is possible to implement the entire stack, from Operating System all the way to the most sophisticated applications. The language has a clear, concise definition, it enables the programmer to _REASON_ about the artifacts he is generating, is type-safe, and does not rely on a preprocessor.

Having said that, though, I really do not believe OpenSSL's problem stems from the use of C, per se. Instead it stems from the methods used to create its source code (reliance on the pre-processor, reliance on libraries that have not been proven secure, and an undisciplined style).

The fact that the RFC in which OpenSSL is defined is such a convoluted mess doesn't help much either.

For a good, recent set of practical advice on avoiding the kinds of problems that produce heartbleed, check out "Mars Code" by Gerard J. Holzmann CACM DOI:10.1145/2560217.2560218 also available at:

http://cacm.acm.org/magazines/2014/2/171689-mars-code/pdf.

But then I just cut sugarcane for a living. What do I know.

IEEE signs off on 400 Gb/s Ethernet development

Canecutter

Re: latency...?

"Any word on zero byte latency? This is a number that does not seem much downward movement."

As it should be. The laws of Physics are rather unbending. It still takes at least 3.25 nanoseconds to traverse each metre of interconnect length no matter how you transmit the data.

Maybe when Ethernet is transmitted via quantum teleporting we might be able to look forward to less latency. I doubt it, though.

Ethernet boffins get ready to kick off 400G development

Canecutter

Well, then!

400 Gb/s, eh? That is about 400 bits per foot of interconnect length; 400 bits per nanosecond.

I'd hate to be the guy who has to troubleshoot a network built to those specs.

Hey, IT department! Sick of vendor shaftings? Why not DO IT, yourself

Canecutter

Re: Better is the enemy of good enough

"Sorry in biggish companies standardisation is the way forward."

The problem there is that quite often the standardisation is done before finding out exactly what WORKS in the situation, and then you have standardised wrongness.

Standardisation should be treated the same way as optimisation: get it RIGHT before you standardise or optimise.

Canecutter

The trick with DIY

"I think the trick with DIY is to know when to step back."

Couldn't agree more.

"A good example is IP addressing: DHCP is here, it has worked for a decade, but the number of IT shops which have a DIY IP address allocation service."

Agreed with one note: so far, DHCP needs to be augmented with a comprehensive means of providing the data to answer the question, 'Which station (MAC address, user, location, interface port) has IP addrss X assigned to it?' Most shops don't have such a means in place, and when there is a problem on the network, they need to perform a lot of detective work to find the offending station.

"Another thing is not to get caught up reinventing."

The counterweight to that would be don't become so afraid of finding yourself 'reinventing the wheel' that you fail to recognise that you do need a wheel, or you are unable to specify what kind of wheel you need.

Canecutter

Re: Job Justification!

"Remember that the sole purpose of a company is to generate a return to shareholders and not to have IT departments."

To take your statement to its logical conclusion, permit me to make the following change. To make it compact, I will use a grammar.

$S ::= "Remember that the sole purpose of a company is to generate a return to shareholders and not to have" $ITEM "."

$ITEM ::= [" IT Departments" | " employees" | " capital equipment" | " managers" | " products" | " services" | " customers"]

In other words, it is all just a means to an end. The sooner us IT folks realise that, the better it will be for us, won't it?

VMware hyper-converge means we don't need no STEENKIN' OS...

Canecutter

Yippee!

It looks like we have rediscovered the basic, humble time-sharing system.

The IT industry, true to form, just keeps on rediscovering the solutions to problems that were solved decades ago, and then rediscovering the problems when they try to apply the "new, improved" solutions to replace the elegant ones that have been working well for decades.

Virtualization was always a case of the Emperor's New Clothes.

Internet Explorer 11 BREAKS Google, Outlook Web Access

Canecutter
Meh

The proper use of Internet Explorer

Here is the proper way to use Internet Explorer.

1. Use Internet Explorer to download the installer for some other browser (Firefox, Chrome, Opera, etc.)

2. Install downloaded browser

3. Run newly installed browser

4. Forget you ever had IE installed on your computer (except for the patch Tuesday patches, of course)

The secure mail dilemma: If it's useable, it's probably insecure

Canecutter

Re: Sounds like you have a hammer

"There's a big problem with a built-in, though. What if the built-in BREAKS? Like a digital wristwatch whose reading light goes out. Now you can only see it in daytime unless you use an external light. At least with a bolt-on you can always bolt OFF if it breaks and bolt something else on."

Not in this case. Since qualities like security, reliability and performance are what you might call system attributes, you need to consider those properties quite early in the system's life (like during the concept and design phases). The system will never exhibit a quality if it was not specifically and deliberately included during the system's design - no matter how the system is finally implemented. Worse yet, there is no component you may later bolt on to the system that will cause it to exhibit that quality.

Of course, once the specific property is included in the system design, the design may specify that the system will have a modular structure, that would allow the system's various functions to be implemented via removable components. Nonetheless, a system _function_ is not a system _attribute_, and neither is equivalent to the system's structure. Replacement or failure of a component in a system with modular structure, may invalidate a system attribute; but if the system never had the attribute in the first place, no component will grant the system that attribute. That is particularly true for qualities like security or performance.

Canecutter

Re: PGP email

Completely agree. Security is a _system attribute_ not a component you can bolt on or otherwise retrofit.

Canecutter

Re: Sounds like you have a hammer

"[B]uilt-in is always better tha[n] bolt-on"

Hear, Hear!

Perhaps this series of events will prompt a whole change in the way people think about the systems they put to work for them. Hopefully, everyone will finally give the aphorism that built-in is better than bolt-on, together with the end-to-end dependability concept, the respect they deserve.

I won't hold my breath, though.

Microsoft dev tools to add Linux-style source code versioning

Canecutter
Windows

Hrrmph!

""This is not about lock in – It's about providing a good and interoperable Git capability," Harry wrote."

Will believe it when I see it.

Embrace...............................Embraced

Extend ................................Pending

Extinguish............................Pending

Comp Sci becomes 'fourth science' in English Baccalaureate

Canecutter

Re: Plus

"So how is CS a subset of mathematics again ??"

Perhaps you should ask the likes of Dijkstra, Gries and Wirth. They have all made the argument (at least once) that computer science is indeed a subset of mathematics.

Canecutter
Coat

Re: Oh Yeah, DUMB IT DOWN !

"Real computer science is taught using PASCAL."

Nah!

Real computer science is taught using Dijkstra's Guarded Command Language.

(There, I've done my name dropping for the current quarter).

Canecutter
Thumb Up

Re: A significant difference...

Same for me, except my school days was in the eighties.

Help us out here: What's the POINT of Microsoft Office 2013?

Canecutter

Only one thing I use Office for

The only thing I use Office for is Word's document outline editor. It's efficient, it gets out of my way, and it lets me build my document from skeleton. A highly useful feature, in my opinion.

Does anyone know if OpenOffice or Libre Office have a document outline editor?

Stanford super runs million-core calculation

Canecutter

Take.

Mind.

Out.

Of.

Gutter!

Canecutter
Boffin

Re: At what point

One important advantage of constructing a simulation is that you get to validate models you might have constructed by induction from empirical methods like building (many versions of) jet engines and testing them with instruments.

The benefit of having a validated, quantitative model is that you are now aware of how the various attributes and parameters of the model constrain each other, thus you are better enabled to do effective engineering. You will be better aware of the various tradeoffs and optimisations you may perform during the specification and design process.

Canecutter
Boffin

Re: Quite impressive in term of size but am I alone in wondering.

If by your question, you wish to find out what SIMD is, it is one of four models for organisation of parallel computations and parallel computers.

S - Single I - Instruction (stream) M - Multiple D - Data (stream)

The other three (just for completeness' sake are as follows.

SISD (Single Instruction, Single Data);

MISD (Multiple Instruction, Single Data);

MIMD (Multiple Instruction, Multiple Data).

The most common ones commercially are SISD (Standard Serial Computing), SIMD, and MIMD.

HP launches security service for after the horse has bolted

Canecutter
Trollface

Re: Pardon my cynicism

Yeah. That must be why HP is actively burying one of its most highly regarded products as far as security is concerned.

You know: bury the thing that was conceived and designed with security in it from the word go; sell the insecure thing; make container-loads of money selling "bolt-on security and services".

That is why I just cut sugarcane.

Panasonic: We'll save Earth by turning CO2 into booze

Canecutter
Trollface

Re: Energy in and out?

Actually, even if the device has every one of the drawbacks you cite, it could still be a net gain, as it could provide another channel for converting carbon from one of its most inaccessible forms, to a more accessible form.

With the passage of time, people will come to realise that carbon is a rather valuable commodity, and that burning any more than the minimum necessary amount is a tragic waste.

That's why I just cut sugarcane.

Google's JavaScript assassin: Web languages are harder than VMs

Canecutter
Pint

Re: My Two Cents on A Browser Language

"[H]aving a clear trust demarcation between real programs and web-based scripts is not a design flaw."

Words to live by, except that I would expand that statement slightly to say having a clear trust demarcation between the _hosting system_ and the _application_ is not a design flaw.

To thee I raise a pint!

Making apps for touchscreen mobes? YAWN. Try a car instead

Canecutter
FAIL

Keep your eyes on the road, you idiot!

This is just another of the bone-headed ways Ford keeps finding to undermine what weak market there is for Ford vehicles.

So we add yet another set of touchy-feely doodads to our two-tonne high-speed death-trap cages, further distracting drivers' attention, so that more murder and mayhem may occur on our roadways. While they are about it, why don't they replace windscreens and side windows with solid sheet metal? Then at least when people board their Ford vehicle, they are under no illusions about paying attention to the road.

Major FAIL!

Microsoft scrambles to thwart new Internet Explorer 0-day attack

Canecutter
Coat

Re: Erm...

I spoke with some of the guys I work with.

They list their only use for Microsoft Explorer outside of company mandated usage is to act as an initial tool for downloading a copy of Chrome, Mozilla or Opera.

What a thing!

Yes, hundreds upon hundreds of websites CAN all be wrong

Canecutter
Trollface

Re: Error strewn tab was around long before the internet...

Actually, for learning to perform a tune on the guitar, there is no better way than the long way.

1. Grab hold of the music score for the tune

2. Work out the fingerings yourself

3. Make your own tablature

4. Continue having fun.

Amazon outage whacked Netflix US customers on Christmas Eve

Canecutter
Devil

Well, look at that!

It seems that despite the hype of cloud computing and the outsourcing craze, that it still is necessary to sit down and work out the design of your systems, including figuring out how you will avoid compromising your business when the inevitable component failure (cloud provider outage) occurs.

Reality is still in charge.

Reality has teeth.

Reality does not take too kindly to being ignored.

Ouch!

The Higgs boson search continues ... into ANOTHER dimension

Canecutter
Boffin

Re: Is there an end point?

In fact there is an end point. It is the point at which the energies of the interacting particles are such that their Compton radii become equal to their Schwarzschild radii. Beyond that, it is not possible, even in principle, to make build any apparatus to make sense of what (if anything) goes on.

But that is a LONG way away from what exists at present.

Office 365, Hotmail and SkyDrive hit by outage

Canecutter
Facepalm

Perhaps...

But...

What is the data and computing equivalent of 60 Hz AC?

What is the data and computing equivalent of potable water?

The utility model is indeed a credible model for the future of computing, but I doubt we will get much further ahead the way we are going.

Server virtualisation is not enough

Canecutter

The article IS on topic

The article talks about _private_ clouds and what infrastructure is required to build a private cloud. It then asserts that virtualization alone is not sufficient. Thus the article has delivered as promised on the tin. What's your beef?

Rapture postponed as world inexplicably fails to end

Canecutter

Re: Mathematical Error

"Perhaps he used imaginary numbers in his calculations."

Yeah. like Eleventeen.

Pint-sized 3D printer produced

Canecutter

Regarding animation

The process of fixing your model so that it may be posed is called by practitioners, "the Fine Art of Rigging". It is the process whereby you specify the "bones" of the model, thus enabling either posing the model directly, or associating various rules of Physics to allow the model to exhibit realistic behaviour under various conditions.

Page: