[opensuse] Firefox 34?
Is there an openSuSE version of Firefox 34 available? Factory shows 33.1 and the Mozilla site has 34.0.5. tnx jk -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat 06 Dec 2014 11:24:58 PM CST, James Knott wrote:
Is there an openSuSE version of Firefox 34 available? Factory shows 33.1 and the Mozilla site has 34.0.5.
tnx jk
? openSUSE Tumbleweed shows 34.0.5? http://software.opensuse.org/package/MozillaFirefox Seems it was build a few days ago... https://build.opensuse.org/package/show?project=mozilla%3AFactory&package=MozillaFirefox If your on 13.2.... http://download.opensuse.org/repositories/mozilla:/Factory/openSUSE_13.2/ Or just wait for an update to appear.... and enjoy the yahoo default search engine... -- Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890) SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.28-4-default up 4 days 10:11, 4 users, load average: 0.32, 0.29, 0.30 CPU Intel® B840@1.9GHz | GPU Intel® Sandybridge Mobile -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am 07.12.2014 um 06:13 schrieb Malcolm:
Or just wait for an update to appear.... and enjoy the yahoo default search engine...
which is only for the US region and can easily be changed for people who care as it's only two mouse clicks away. (If you click, hold and release it's only one.) But just a small note while we are at it: With the openSUSE packages you won't see the changed search UI (which also only appears for the US region in the upstream version). This is due to the fact how hacky Mozilla implemented/enabled that which cannot easily be reflected in our packages and I didn't want to fiddle with it another day and delay the update. If someone really is curious to try out the new search bar UI: Set browser.search.showOneOffButtons to true in your configuration and restart Firefox. Wolfgang -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/07/2014 12:13 AM, Malcolm wrote:
On Sat 06 Dec 2014 11:24:58 PM CST, James Knott wrote:
Is there an openSuSE version of Firefox 34 available? Factory shows 33.1 and the Mozilla site has 34.0.5.
tnx jk
? openSUSE Tumbleweed shows 34.0.5? http://software.opensuse.org/package/MozillaFirefox
Seems it was build a few days ago... https://build.opensuse.org/package/show?project=mozilla%3AFactory&package=MozillaFirefox
If your on 13.2.... http://download.opensuse.org/repositories/mozilla:/Factory/openSUSE_13.2/
Or just wait for an update to appear.... and enjoy the yahoo default search engine...
I'm on 13.1, so I'll try one of those to see if I can manually install. tnx -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/07/2014 12:13 AM, Malcolm wrote:
openSUSE Tumbleweed shows 34.0.5? http://software.opensuse.org/package/MozillaFirefox
I just tried this link for Firefox 34. On my desktop, I'm taken to a page that lists Tumbleweed, 13.2, 13.1, etc.. But when I try on my notebook, which is where I want to install 34, I get a page that just has direct install, which wants to install version 33. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/07/2014 07:51 AM, James Knott wrote:
On 12/07/2014 12:13 AM, Malcolm wrote:
openSUSE Tumbleweed shows 34.0.5? http://software.opensuse.org/package/MozillaFirefox
I just tried this link for Firefox 34. On my desktop, I'm taken to a page that lists Tumbleweed, 13.2, 13.1, etc.. But when I try on my notebook, which is where I want to install 34, I get a page that just has direct install, which wants to install version 33.
Hmmm... I selected 34.0.5 from Tumbleweed and wound up with 33.1. This is on openSuSE 13.1. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 7-12-2014 13:57, James Knott wrote:
On 12/07/2014 07:51 AM, James Knott wrote:
On 12/07/2014 12:13 AM, Malcolm wrote:
openSUSE Tumbleweed shows 34.0.5? http://software.opensuse.org/package/MozillaFirefox
I just tried this link for Firefox 34. On my desktop, I'm taken to a page that lists Tumbleweed, 13.2, 13.1, etc.. But when I try on my notebook, which is where I want to install 34, I get a page that just has direct install, which wants to install version 33.
Hmmm...
I selected 34.0.5 from Tumbleweed and wound up with 33.1. This is on openSuSE 13.1.
no 34 is show, when i look from: http://software.opensuse.org/package/MozillaFirefox openSUSE Tumbleweed openSUSE 13.2 official release 33.0 openSUSE 13.1 official update 33.0 openSUSE 12.3 official update 33.0 openSUSE 12.2 official update 26.0 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/07/2014 10:23 AM, Luuk wrote:
no 34 is show, when i look
from: http://software.opensuse.org/package/MozillaFirefox
openSUSE Tumbleweed openSUSE 13.2
As I mentioned, it showed 34.0.5, but 33.1 installed. I'm on openSuSE 13.1. When I tried, I first selected download, but got an error. I then tried 1 Click Install, which installed 33.1. I now see that I can download. I don't know why I got the error before. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/07/2014 10:30 AM, James Knott wrote:
On 12/07/2014 10:23 AM, Luuk wrote:
no 34 is show, when i look
from: http://software.opensuse.org/package/MozillaFirefox
openSUSE Tumbleweed openSUSE 13.2
As I mentioned, it showed 34.0.5, but 33.1 installed. I'm on openSuSE 13.1.
When I tried, I first selected download, but got an error. I then tried 1 Click Install, which installed 33.1. I now see that I can download. I don't know why I got the error before.
I downloaded and installed 34.0.5 on my notebook computer. I wanted this because Firefox 34 supports WebRTC video chat. I didn't install it on my desktop system, as it doesn't have a web cam. Here's some info on using WebRTC video chat with Firefox. <http://www.disruptivetelephony.com/2014/12/how-to-test-firefox-hello-mozillas-new-webrtc-video-call-service.html> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/07/2014 10:30 AM, James Knott wrote:
On 12/07/2014 10:23 AM, Luuk wrote:
no 34 is show, when i look
from: http://software.opensuse.org/package/MozillaFirefox
openSUSE Tumbleweed openSUSE 13.2
As I mentioned, it showed 34.0.5, but 33.1 installed. I'm on openSuSE 13.1.
When I tried, I first selected download, but got an error. I then tried 1 Click Install, which installed 33.1. I now see that I can download. I don't know why I got the error before.
It appears I was a bit too proactive. Firefox 34.0.5 came down on other systems as a regular update. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/07/2014 10:23 AM, Luuk wrote:
On 7-12-2014 13:57, James Knott wrote:
On 12/07/2014 07:51 AM, James Knott wrote:
On 12/07/2014 12:13 AM, Malcolm wrote:
openSUSE Tumbleweed shows 34.0.5? http://software.opensuse.org/package/MozillaFirefox
I just tried this link for Firefox 34. On my desktop, I'm taken to a page that lists Tumbleweed, 13.2, 13.1, etc.. But when I try on my notebook, which is where I want to install 34, I get a page that just has direct install, which wants to install version 33.
Hmmm...
I selected 34.0.5 from Tumbleweed and wound up with 33.1. This is on openSuSE 13.1.
no 34 is show, when i look
Odd. On all of them I get mozilla 34.0.5
openSUSE 13.1
official update 33.0
I'll grant you that, if you only have the distribution and update repositories configured. But I also see mozilla:Factory 34.0.5 32 Bit 64 Bit Source 1 Click Install mozilla:beta 34.99 32 Bit Source 1 Click Install home:X0F:HSF 34.0.5 And more. -- /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/07/2014 12:13 AM, Malcolm wrote:
If your on 13.2.... http://download.opensuse.org/repositories/mozilla:/Factory/openSUSE_13.2/
+1 I get that updates regularly and and 34.0.5 for some while now. (I'm not counting the days,it just happens.) Of course I've changed the search engine to use google as #1 and opensuse search as #2. -- /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sun, Dec 07, 2014 at 10:03:43AM -0500, Anton Aylward wrote:
On 12/07/2014 12:13 AM, Malcolm wrote:
If your on 13.2.... http://download.opensuse.org/repositories/mozilla:/Factory/openSUSE_13.2/
+1
I get that updates regularly and and 34.0.5 for some while now. (I'm not counting the days,it just happens.) Of course I've changed the search engine to use google as #1 and opensuse search as #2.
The regular updates take a while longer, as usually ARM takes ages to build and we put it on some days of "QA hold". But I just released the regular 34.0.5 updates. Ciao, MArcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am 07.12.2014 um 05:24 schrieb James Knott:
Is there an openSuSE version of Firefox 34 available? Factory shows 33.1 and the Mozilla site has 34.0.5.
As always(TM) the latest Firefox is available in the mozilla repo. How long it takes to reach Factory/Tumbleweed and the update repositories always differs a bit because of the different workflows for the maintenance cycle and Tumbleweed inclusion. It's always submitted to updates and Factory at the same time. Wolfgang -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/06/2014 10:24 PM, James Knott wrote:
Is there an openSuSE version of Firefox 34 available? Factory shows 33.1 and the Mozilla site has 34.0.5.
tnx jk
Is there anything wrong with using a browser for more than a couple of weeks? Hell, I can recall using the same major version browser across several releases in the 10.X 11.X days. (3.X). Now I can't go a damn week it seems without my browser jumping another major version in what seems in complete disregard of any relevance the major.minor versions scheme. -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/12/2014 03:08 PM, David C. Rankin wrote:
On 12/06/2014 10:24 PM, James Knott wrote:
Is there an openSuSE version of Firefox 34 available? Factory shows 33.1 and the Mozilla site has 34.0.5.
tnx jk
Is there anything wrong with using a browser for more than a couple of weeks? Hell, I can recall using the same major version browser across several releases in the 10.X 11.X days. (3.X). Now I can't go a damn week it seems without my browser jumping another major version in what seems in complete disregard of any relevance the major.minor versions scheme.
The updates don't bother me, but I wanted v34 so I could try the WebRTC video chat that's now supported. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, Dec 12, 2014 at 03:19:59PM -0500, James Knott wrote:
On 12/12/2014 03:08 PM, David C. Rankin wrote:
On 12/06/2014 10:24 PM, James Knott wrote:
Is there an openSuSE version of Firefox 34 available? Factory shows 33.1 and the Mozilla site has 34.0.5.
tnx jk
Is there anything wrong with using a browser for more than a couple of weeks? Hell, I can recall using the same major version browser across several releases in the 10.X 11.X days. (3.X). Now I can't go a damn week it seems without my browser jumping another major version in what seems in complete disregard of any relevance the major.minor versions scheme.
The updates don't bother me, but I wanted v34 so I could try the WebRTC video chat that's now supported.
Just what we need for firefox. Where would we be without ANOTHER video chat.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/15/2014 12:35 AM, Ruben Safir wrote:
Where would we be without ANOTHER video chat.
The idea is to have video chat without requiring any app beyond a browser and also to not have to subscribe to some service. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mon, Dec 15, 2014 at 08:23:55AM -0500, James Knott wrote:
On 12/15/2014 12:35 AM, Ruben Safir wrote:
Where would we be without ANOTHER video chat.
The idea is to have video chat without requiring any app beyond a browser and also to not have to subscribe to some service.
That is a stupid idea. Shoving more stuff in the browser makes it a crappy, impossible to debug, monolitic pile of crap that doesn't work and crashs. Now if ti would just browse and not crash that would a good idea. You don't want other applications in the browser. As for point to point video chat without needing a serive, that has been around for a decade .... or more. Learn to use your operating system ... maybe? Ruben
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
That is a stupid idea.
Shoving more stuff in the browser makes it a crappy, impossible to debug, monolitic pile of crap that doesn't work and crashs.
I do have to agree...why would it need to be embedded within the browser when it could be enabled via a plugin if someone so desires? Personally, it sounds like a new attack vector, with some potentially scary implications. Right now with only 4 tabs open, firefox is consuming almost 1GB of memory on my laptop. And they want to add more crap on top of that? What happened to the nice, fast, extensible, resource-friendly browser I fell in love with? :/ That's one of the big reasons I hate Microsoft products - they're always trying to tell folks "this is what you want," when we're perfectly capable of clicking a button to say "I want this feature." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/15/2014 02:31 PM, Christopher Myers wrote:
That's one of the big reasons I hate Microsoft products
Why throw that in, when you now found the same thing if Open source? Could it be that people actually WANT convenience? If done right, video chat would add nothing to the size of the executable, unless or until the user chose to run it. (Not that I suspect they will do it right). It does become an huge attack vector, but being open source you should be able to double check how this is done and if it is done securely. What I doubt is this nonsense about not having to register with a service. You can not magically just find a remote IP address to route your video connection to, without a third party. And THAT is where the attack comes in. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-15 23:38, John Andersen wrote:
What I doubt is this nonsense about not having to register with a service. You can not magically just find a remote IP address to route your video connection to, without a third party. And THAT is where the attack comes in.
It is true, there is no registration. Mozilla has a welcome link, or whats new on this version, that explains it (I don't have it or I'd post it). You send the other party a temporary link to yourself, hosted somewhere, yes, but without registration. Similar to pastebin sites, you do not need registration. I guess the server role is only to find one another, the video is peer 2 peer. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/15/2014 02:58 PM, Carlos E. R. wrote:
On 2014-12-15 23:38, John Andersen wrote:
What I doubt is this nonsense about not having to register with a service. You can not magically just find a remote IP address to route your video connection to, without a third party. And THAT is where the attack comes in.
It is true, there is no registration. Mozilla has a welcome link, or whats new on this version, that explains it (I don't have it or I'd post it). You send the other party a temporary link to yourself, hosted somewhere, yes, but without registration. Similar to pastebin sites, you do not need registration.
I guess the server role is only to find one another, the video is peer 2 peer.
Nope, it can't be that simple. It is necessary that there be a third party somewhere with the ability to eavesdrop. Picture this: Carlos sits behind (at least one) Nat-Router-firewall and sends jsa a link to connect. I try to connect, but run smack into carlos's firewall. The usual firewall piercing technologies is therefire required. Carlos connects to some (possibly distributed) bridge site, then sends jsa an invite, and I try to connect to this bridge site. The bridge matches the two connections, and sends my video to Carlos. But Carlos still can not connect directly to me, even after we have a working two way connection via the bridge, because I too am behind (at least one) nat-firewall-router. We have no other choice but to pass video through this common bridge. This is skype revisited. (Before microsoft routed all connections through their servers such that they could choose to make any of them tap-able by US authorities with a simple piece of paper. Best possible situation is that YOU and I are using some form of private key encryption with the keys never shared with the bridge. - -- After all is said and done, more is said than done. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlSPavsACgkQv7M3G5+2DLKEjwCdHSdKBgTi5727OO46IxktKFZ0 fCEAoIX7mTxAZPCgEvNE8YfYP3nR0ouq =+aiI -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-16 00:12, John Andersen wrote:
On 12/15/2014 02:58 PM, Carlos E. R. wrote:
I guess the server role is only to find one another, the video is peer 2 peer.
Nope, it can't be that simple. It is necessary that there be a third party somewhere with the ability to eavesdrop.
http://en.wikipedia.org/wiki/WebRTC http://www.webrtc.org/faq http://blogs.trilogy-lte.com/post/77427158750/how-webrtc-is-revolutionizing-... And many more links there. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/15/2014 03:36 PM, Carlos E. R. wrote:
On 2014-12-16 00:12, John Andersen wrote:
On 12/15/2014 02:58 PM, Carlos E. R. wrote:
I guess the server role is only to find one another, the video is peer 2 peer.
Nope, it can't be that simple. It is necessary that there be a third party somewhere with the ability to eavesdrop.
http://en.wikipedia.org/wiki/WebRTC http://www.webrtc.org/faq http://blogs.trilogy-lte.com/post/77427158750/how-webrtc-is-revolutionizing-...
And many more links there.
O sorry, you are still thinking INSIDE the box of WebRTC. I'm talking about TCP/IP. Take off your browser hat and but on your firewall router hat. You can listen on all the ports you want on your browser, but that doesn't mean your router will listen on those ports on the internet. Even if you were so foolish as to enabled SNMP to allow your router to dynamically configure inbound ports for anyone that wants one, the hotel or campus that you are working from will not allow this. Even your local ISP may not allow this. - -- After all is said and done, more is said than done. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlSPc4oACgkQv7M3G5+2DLLRfgCeINrCTn329/akkLrSMEv3DSVH NDwAoI5IBQcWZEc9tLi0K3lBk5LC/Imu =dfXE -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/15/2014 06:49 PM, John Andersen wrote:
O sorry, you are still thinking INSIDE the box of WebRTC.
I'm talking about TCP/IP. Take off your browser hat and but on your firewall router hat.
You can listen on all the ports you want on your browser, but that doesn't mean your router will listen on those ports on the internet.
Even if you were so foolish as to enabled SNMP to allow your router to dynamically configure inbound ports for anyone that wants one, the hotel or campus that you are working from will not allow this. Even your local ISP may not allow this.
I tried a test, with one computer outside my firewall and one inside. I had no problem getting it to work. Another thing I noticed is that it's only IPv4, even when both devices are on my local network, where IPv6 is generally used. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
It is the same knind of problem you have with an application like gnutella but they aren't going to understand so don't waste bandwidth. It is the same webchat serives we've always had but now it will be stuffed into the browser so it will have more reasons to crash. Ruben On Mon, Dec 15, 2014 at 03:49:30PM -0800, John Andersen wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12/15/2014 03:36 PM, Carlos E. R. wrote:
On 2014-12-16 00:12, John Andersen wrote:
On 12/15/2014 02:58 PM, Carlos E. R. wrote:
I guess the server role is only to find one another, the video is peer 2 peer.
Nope, it can't be that simple. It is necessary that there be a third party somewhere with the ability to eavesdrop.
http://en.wikipedia.org/wiki/WebRTC http://www.webrtc.org/faq http://blogs.trilogy-lte.com/post/77427158750/how-webrtc-is-revolutionizing-...
And many more links there.
O sorry, you are still thinking INSIDE the box of WebRTC.
I'm talking about TCP/IP. Take off your browser hat and but on your firewall router hat.
You can listen on all the ports you want on your browser, but that doesn't mean your router will listen on those ports on the internet.
Even if you were so foolish as to enabled SNMP to allow your router to dynamically configure inbound ports for anyone that wants one, the hotel or campus that you are working from will not allow this. Even your local ISP may not allow this.
- -- After all is said and done, more is said than done. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iEYEARECAAYFAlSPc4oACgkQv7M3G5+2DLLRfgCeINrCTn329/akkLrSMEv3DSVH NDwAoI5IBQcWZEc9tLi0K3lBk5LC/Imu =dfXE -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/15/2014 06:36 PM, Carlos E. R. wrote:
On 2014-12-16 00:12, John Andersen wrote:
On 12/15/2014 02:58 PM, Carlos E. R. wrote:
I guess the server role is only to find one another, the video is peer 2 peer. Nope, it can't be that simple. It is necessary that there be a third party somewhere with the ability to eavesdrop. http://en.wikipedia.org/wiki/WebRTC http://www.webrtc.org/faq http://blogs.trilogy-lte.com/post/77427158750/how-webrtc-is-revolutionizing-...
And many more links there.
One thing I haven't seen mentioned is the lifetime of the URL. Is it permanent or does it expire. With Google Hangouts they say you can bookmark the URL, which I assume means it's permanent. I've also noticed that while it works on my phone, I can't select the front or rear camera, the way I can in Skype or Hangouts. It's front camera only. Also, I can't yet send the invitation from my phone. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/15/2014 06:12 PM, John Andersen wrote:
I guess the server role is only to find one another, the video is peer 2 peer.
Nope, it can't be that simple. It is necessary that there be a third party somewhere with the ability to eavesdrop.
I verified with Wireshark that the connection is indeed peer to peer. I tried connecting from a computer outside of my firewall to a computer behind it. Worked fine. The connection is encrypted. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/15/2014 04:54 PM, James Knott wrote:
On 12/15/2014 06:12 PM, John Andersen wrote:
I guess the server role is only to find one another, the video is peer 2 peer.
Nope, it can't be that simple. It is necessary that there be a third party somewhere with the ability to eavesdrop.
I verified with Wireshark that the connection is indeed peer to peer. I tried connecting from a computer outside of my firewall to a computer behind it. Worked fine. The connection is encrypted.
In that case your firewall is broken. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/15/2014 07:55 PM, John Andersen wrote:
In that case your firewall is broken.
--
Well, port scans, both from www.grc.com and nmap show only ssh and imaps are open. So, how is it broken? Also, would Google and Mozilla, among other be promoting it, if it didn't work through NAT? It's a UDP data stream and other UDP protocols can make it through a firewall and NAT. It requires the firewall to track the connection. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/15/2014 06:19 PM, James Knott wrote:
On 12/15/2014 07:55 PM, John Andersen wrote:
In that case your firewall is broken.
--
Well, port scans, both from www.grc.com and nmap show only ssh and imaps are open. So, how is it broken? Also, would Google and Mozilla, among other be promoting it, if it didn't work through NAT? It's a UDP data stream and other UDP protocols can make it through a firewall and NAT. It requires the firewall to track the connection.
It works because it is NOT going direct, even if you are lead to believe it is. It is being routed through one or more of the firewall piercing (google that) technologies. All connections from your browser are outbound connections. Same with your phone. (do you really think your carrier is going to let you listen on an inbound connections on your phone)? If merely connecting to a website could pass an open socket to some third computer, can you imagine the security risk in that? There would be no possible protections against all sort of mischief. There is a third party involved somewhere for the duration of the connection, just as there is with google remote desktop, google chat, google voice chat, iPhone face-whatever, skype, Tox, etc. It is not going direct. Good protocols use a distributed network of nodes for this, so that it is unhackable. Bad protocols (skype) route all connections first thru their own servers, and then, it both parties are not of interest to the feds, hand them off to distributed servers. Come on, James, you've been around here long enough to have picked up a thing or three about TCP/IP, listening ports, etc... -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/15/2014 09:46 PM, John Andersen wrote:
On 12/15/2014 06:19 PM, James Knott wrote:
On 12/15/2014 07:55 PM, John Andersen wrote:
In that case your firewall is broken.
-- Well, port scans, both from www.grc.com and nmap show only ssh and imaps are open. So, how is it broken? Also, would Google and Mozilla, among other be promoting it, if it didn't work through NAT? It's a UDP data stream and other UDP protocols can make it through a firewall and NAT. It requires the firewall to track the connection.
It works because it is NOT going direct, even if you are lead to believe it is. It is being routed through one or more of the firewall piercing (google that) technologies. Well, when I use Wireshark to look at the packets and see the addresses of the two computers and no other, I see peer to peer. Give it a try and see what you find.
All connections from your browser are outbound connections. Same with your phone. (do you really think your carrier is going to let you listen on an inbound connections on your phone)?
If merely connecting to a website could pass an open socket to some third computer, can you imagine the security risk in that? There would be no possible protections against all sort of mischief.
There is a third party involved somewhere for the duration of the connection, just as there is with google remote desktop, google chat, google voice chat, iPhone face-whatever, skype, Tox, etc. It is not going direct.
Good protocols use a distributed network of nodes for this, so that it is unhackable. Bad protocols (skype) route all connections first thru their own servers, and then, it both parties are not of interest to the feds, hand them off to distributed servers.
Come on, James, you've been around here long enough to have picked up a thing or three about TCP/IP, listening ports, etc...
Yes, and I'm also aware that a stateful firewall can allow UDP to pass. No doubt there is a server in between at the start, but the actual connection is peer to peer. Fire up Wireshark and see for yourself. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/15/2014 09:19 PM, James Knott wrote:
On 12/15/2014 07:55 PM, John Andersen wrote:
In that case your firewall is broken.
-- Well, port scans, both from www.grc.com and nmap show only ssh and imaps are open. So, how is it broken? Also, would Google and Mozilla, among other be promoting it, if it didn't work through NAT? It's a UDP data stream and other UDP protocols can make it through a firewall and NAT. It requires the firewall to track the connection.
Forgot to mention, my firewall is openSUSE 13.1 running SuSE firewall. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mon, Dec 15, 2014 at 09:19:07PM -0500, James Knott wrote:
On 12/15/2014 07:55 PM, John Andersen wrote:
In that case your firewall is broken.
--
Well, port scans, both from www.grc.com and nmap show only ssh and imaps are open. So, how is it broken? Also, would Google and Mozilla, among other be promoting it, if it didn't work through NAT?
You can't "work through nat" which part of this are you not getting? Nat controls what does and doesn't go through completely and NAT will masquarade internal IP addresses, asuming you didn't just turn on the firewall and forget to give it rules. But what can be expected from someone who can't be bothered to open an application for video chatings because he can't find it if it is not in his browser. Ruben
It's a UDP data stream and other UDP protocols can make it through a firewall and NAT. It requires the firewall to track the connection.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/15/2014 9:55 PM, Ruben Safir wrote:
You can't "work through nat"
which part of this are you not getting? Nat controls what does and doesn't go through completely and NAT will masquarade internal IP addresses, asuming you didn't just turn on the firewall and forget to give it rules.
When james stops and thinks about it for a while he will realize that udp does not make it through Nat without a specific rule to allow it. Now if your browser has set up a private proxy server for the video, you wouldn't know what was being sent through the ssl pipe the browser set up to middle man. And if your browser is still running while you are chatting away, who knows what they may be diverting through your ssl connection to some middle man. They could be proxying all the video through that and it would never show up as a separate connection, not in netstat, not in wireshark. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 01:45 AM, John M Andersen wrote:
On 12/15/2014 9:55 PM, Ruben Safir wrote:
You can't "work through nat"
which part of this are you not getting? Nat controls what does and doesn't go through completely and NAT will masquarade internal IP addresses, asuming you didn't just turn on the firewall and forget to give it rules.
When james stops and thinks about it for a while he will realize that udp does not make it through Nat without a specific rule to allow it.
Now if your browser has set up a private proxy server for the video, you wouldn't know what was being sent through the ssl pipe the browser set up to middle man.
And if your browser is still running while you are chatting away, who knows what they may be diverting through your ssl connection to some middle man. They could be proxying all the video through that and it would never show up as a separate connection, not in netstat, not in wireshark.
Use Firefox to examine the source and destination IP addresses for those UDP packets. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 07:48 AM, James Knott wrote:
On 12/16/2014 01:45 AM, John M Andersen wrote:
On 12/15/2014 9:55 PM, Ruben Safir wrote:
You can't "work through nat"
which part of this are you not getting? Nat controls what does and doesn't go through completely and NAT will masquarade internal IP addresses, asuming you didn't just turn on the firewall and forget to give it rules. When james stops and thinks about it for a while he will realize that udp does not make it through Nat without a specific rule to allow it.
Now if your browser has set up a private proxy server for the video, you wouldn't know what was being sent through the ssl pipe the browser set up to middle man.
And if your browser is still running while you are chatting away, who knows what they may be diverting through your ssl connection to some middle man. They could be proxying all the video through that and it would never show up as a separate connection, not in netstat, not in wireshark.
Use Firefox to examine the source and destination IP addresses for those UDP packets.
Correction use Wireshark. I haven't had my morning beer yet. ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
what is this? http://www.mrbrklyn.com/images/state_of_firefox.png On Tue, Dec 16, 2014 at 07:49:22AM -0500, James Knott wrote:
On 12/16/2014 07:48 AM, James Knott wrote:
On 12/16/2014 01:45 AM, John M Andersen wrote:
On 12/15/2014 9:55 PM, Ruben Safir wrote:
You can't "work through nat"
which part of this are you not getting? Nat controls what does and doesn't go through completely and NAT will masquarade internal IP addresses, asuming you didn't just turn on the firewall and forget to give it rules. When james stops and thinks about it for a while he will realize that udp does not make it through Nat without a specific rule to allow it.
Now if your browser has set up a private proxy server for the video, you wouldn't know what was being sent through the ssl pipe the browser set up to middle man.
And if your browser is still running while you are chatting away, who knows what they may be diverting through your ssl connection to some middle man. They could be proxying all the video through that and it would never show up as a separate connection, not in netstat, not in wireshark.
Use Firefox to examine the source and destination IP addresses for those UDP packets.
Correction use Wireshark. I haven't had my morning beer yet. ;-)
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 10:08 AM, Ruben Safir wrote:
what is this?
That's a Firefox crash. However, those happened long before Hello and is not relevant to the topic. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Dec 16, 2014 at 10:15:15AM -0500, James Knott wrote:
On 12/16/2014 10:08 AM, Ruben Safir wrote:
what is this?
That's a Firefox crash. However, those happened long before Hello and is not relevant to the topic.
In your mind, how is firefox crashes not related to the incresing bloat of firefox? Ruben
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 10:19 AM, Ruben Safir wrote:
On Tue, Dec 16, 2014 at 10:15:15AM -0500, James Knott wrote:
On 12/16/2014 10:08 AM, Ruben Safir wrote:
what is this?
http://www.mrbrklyn.com/images/state_of_firefox.png That's a Firefox crash. However, those happened long before Hello and is not relevant to the topic.
In your mind, how is firefox crashes not related to the incresing bloat of firefox?
Well, if you care to educate yourself, you'll find that most of what it takes for this was already in Firefox and other browsers. It was mainly the addition of a couple of calls to connect the video that made it possible. The other stuff, such as JavaScript, CODECs etc., were already there. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 11:21 AM, James Knott wrote:
On 12/16/2014 10:19 AM, Ruben Safir wrote:
On Tue, Dec 16, 2014 at 10:15:15AM -0500, James Knott wrote:
On 12/16/2014 10:08 AM, Ruben Safir wrote:
what is this?
http://www.mrbrklyn.com/images/state_of_firefox.png That's a Firefox crash. However, those happened long before Hello and is not relevant to the topic.
In your mind, how is firefox crashes not related to the incresing bloat of firefox?
Well, if you care to educate yourself, you'll find that most of what it takes for this was already in Firefox and other browsers. It was mainly the addition of a couple of calls to connect the video that made it possible. The other stuff, such as JavaScript, CODECs etc., were already there.
Incidentally, it's not just browsers. It's an open protocol supported by W3C and IETF and can be implemented in other applications. So, you could have a video phone app on your smart phone that uses WebRTC. It's a means of getting away from proprietary protocols, such as Skype, or relying on a server, where the NSA etc., can get their paws on your conversations. Even if they intercepted your call somewhere on the Internet, they'd still have to break the encryption that's part of the spec. Compare that with regular SIP voice over IP calls, where encryption is generally not used. Someone else provided this link earlier. It may help you understand the service. http://www.webrtc.org/faq -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-16 17:29, James Knott wrote:
On 12/16/2014 11:21 AM, James Knott wrote:
Incidentally, it's not just browsers. It's an open protocol supported by W3C and IETF and can be implemented in other applications. So, you could have a video phone app on your smart phone that uses WebRTC. It's a means of getting away from proprietary protocols, such as Skype, or relying on a server, where the NSA etc., can get their paws on your conversations. Even if they intercepted your call somewhere on the Internet, they'd still have to break the encryption that's part of the spec. Compare that with regular SIP voice over IP calls, where encryption is generally not used.
And SIP is also peer to peer. The signaling goes via a server, at least initially, to find one another. Then the conversation can go directly end to end, no intermediary, or indirectly, via a host server; asterisk does this, but not for traversing firewall and nat, because it is done also intranet; it is done as a codec conversion service, so that both sides, even when using different codecs, can talk (I'm thinking of hardware voip phones which can not easily get new codecs). Firewall/nat traversal is done with the help from stun servers. http://en.wikipedia.org/wiki/STUN That direct conversation happens is obvious when you setup the whole thing yourself, and the server simply does not have the internet pipe to hold all the bandwidth of the simultaneous conversations it handles. Being a private setup, you control it fully. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 12/16/2014 11:58 AM, Carlos E. R. wrote:
Firewall/nat traversal is done with the help from stun servers.
http://en.wikipedia.org/wiki/STUN
That direct conversation happens is obvious when you setup the whole thing yourself, and the server simply does not have the internet pipe to hold all the bandwidth of the simultaneous conversations it handles. Being a private setup, you control it fully.
I'm aware of STUN, but haven't investigated WebRTC enough to see what it uses. However, STUN is a hack made necessary by NAT. With IPv6 and it's incredible number of public unicast addresses, NAT & STUN are not needed. One thing I have noticed is that, at least with the Firefox implementation, IPv6 is not used, even though other traffic on my local network normally uses it. I don't know if this is due to the Hello server currently having only an IPv4 address. One would expect, with Google and Mozilla pushing WebRTC, IPv6 would be supported. They both support IPv6 on their other sites. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-16 18:08, James Knott wrote:
On 12/16/2014 11:58 AM, Carlos E. R. wrote:
I'm aware of STUN, but haven't investigated WebRTC enough to see what it uses.
The links I read did not explain what exactly it does, only parts of it that probably interest the media. At least the word "stun" was not on the pages I read. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 12/16/2014 12:21 PM, Carlos E. R. wrote:
On 12/16/2014 11:58 AM, Carlos E. R. wrote: I'm aware of STUN, but haven't investigated WebRTC enough to see what it uses. The links I read did not explain what exactly it does, only parts of it
On 2014-12-16 18:08, James Knott wrote: that probably interest the media. At least the word "stun" was not on the pages I read.
STUN was mentioned in one of the links provided earlier: http://www.webrtc.org/faq -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-16 18:27, James Knott wrote:
On 12/16/2014 12:21 PM, Carlos E. R. wrote:
On 12/16/2014 11:58 AM, Carlos E. R. wrote: I'm aware of STUN, but haven't investigated WebRTC enough to see what it uses. The links I read did not explain what exactly it does, only parts of it
On 2014-12-16 18:08, James Knott wrote: that probably interest the media. At least the word "stun" was not on the pages I read.
STUN was mentioned in one of the links provided earlier: http://www.webrtc.org/faq
Yes, somehow I missed it there. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 12/16/2014 12:08 PM, James Knott wrote:
On 12/16/2014 11:58 AM, Carlos E. R. wrote:
Firewall/nat traversal is done with the help from stun servers.
http://en.wikipedia.org/wiki/STUN
That direct conversation happens is obvious when you setup the whole thing yourself, and the server simply does not have the internet pipe to hold all the bandwidth of the simultaneous conversations it handles. Being a private setup, you control it fully. I'm aware of STUN, but haven't investigated WebRTC enough to see what it uses.
Ah...
From the article: http://www.webrtc.org/faq "Includes and abstracts key NAT and firewall traversal technology using STUN, ICE, TURN, RTP-over-TCP and support for proxies." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-16 18:22, James Knott wrote:
On 12/16/2014 12:08 PM, James Knott wrote:
I'm aware of STUN, but haven't investigated WebRTC enough to see what it uses.
Ah...
From the article: http://www.webrtc.org/faq "Includes and abstracts key NAT and firewall traversal technology using STUN, ICE, TURN, RTP-over-TCP and support for proxies."
Ah, so there it is :-) -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 12/16/2014 09:22 AM, James Knott wrote:
On 12/16/2014 12:08 PM, James Knott wrote:
On 12/16/2014 11:58 AM, Carlos E. R. wrote:
Firewall/nat traversal is done with the help from stun servers.
http://en.wikipedia.org/wiki/STUN
That direct conversation happens is obvious when you setup the whole thing yourself, and the server simply does not have the internet pipe to hold all the bandwidth of the simultaneous conversations it handles. Being a private setup, you control it fully. I'm aware of STUN, but haven't investigated WebRTC enough to see what it uses.
Ah...
From the article: http://www.webrtc.org/faq "Includes and abstracts key NAT and firewall traversal technology using STUN, ICE, TURN, RTP-over-TCP and support for proxies."
And the heavy lifter here is TURN. Go read about that. It does EXACTLY what I said it does. Man in the Middle. Google probably uses excess bandwidth all over the world to supply TURN servers, just like every sip provider has been doing for years. WEBRTC has no real magic of its own other than bundling it into the browser. I bet they even forgo encryption, relying on SSL alone. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 01:56 PM, John Andersen wrote:
And the heavy lifter here is TURN. Go read about that. It does EXACTLY what I said it does. Man in the Middle.
From https://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT "NATs, while providing many benefits, also come with many drawbacks. The most troublesome of those drawbacks is the fact that they break many existing IP applications, and make it difficult to deploy new ones. Guidelines have been developed that describe how to build "NAT friendly"
TURN is another hack to get past NAT. protocols, but many protocols simply cannot be constructed according to those guidelines. Examples of such protocols include multimedia applications and file sharing. Session Traversal Utilities for NAT (STUN) provides one means for an application to traverse a NAT. STUN allows a client to obtain a transport address (an IP address and port) which may be useful for receiving packets from a peer. However, addresses obtained by STUN may not be usable by all peers. Those addresses work depending on the topological conditions of the network. Therefore, STUN by itself cannot provide a complete solution for NAT traversal. A complete solution requires a means by which a client can obtain a transport address from which it can receive media from any peer which can send packets to the public Internet. This can only be accomplished by relaying data through a server that resides on the public Internet. This specification describes Traversal Using Relay NAT (TURN), a protocol that allows a client to obtain IP addresses and ports from such a relay. Although TURN will almost always provide connectivity to a client, it comes at high cost to the provider of the TURN server. It is therefore desirable to use TURN as a last resort only, preferring other mechanisms (such as STUN or direct connectivity) when possible. To accomplish that, the Interactive Connectivity Establishment (ICE) methodology can be used to discover the optimal means of connectivity." Once again, we need another hack to get around the problems caused by that hack called "NAT". Again, this has nothing to do with allowing data through a firewall. It's only used to get past NAT, just like STUN. As, the WebRTC link says, it just supports multiple ways to get past NAT. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 11:30 AM, James Knott wrote:
On 12/16/2014 01:56 PM, John Andersen wrote:
And the heavy lifter here is TURN. Go read about that. It does EXACTLY what I said it does. Man in the Middle.
TURN is another hack to get past NAT.
No, TURN is another hack to get past firewalls. NAT isn't even part of the issue here. You seem to be laboring under the delusion you are going to be connecting each workstation directly to the internet backbone once ipv6 comes along. You, sir, are in for a rude awakening. Firewalls are not going anywhere soon. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 02:35 PM, John Andersen wrote:
TURN is another hack to get past NAT.
No, TURN is another hack to get past firewalls. NAT isn't even part of the issue here.
Please read that article you linked to. I previously posted a quote from it that says the opposite of what you claim.
You seem to be laboring under the delusion you are going to be connecting each workstation directly to the internet backbone once ipv6 comes along.
No, I have never made such a claim. IPv6 supports a variety of IP address scopes, that include routable to the Internet, routable only within an organization, similar to RFC1918 IPv4 addresses and non-routable, similar to link local addresses in the 169.254.0.0/16 range. You pick the ones suitable for your needs.
You, sir, are in for a rude awakening. Firewalls are not going anywhere soon.
I have never made that claim. It's NAT that will disappear with IPv6, as it's no longer needed. You just confirmed what I said earlier, when I suspected you were confusing NAT with firewalls. Firewalls control what traffic is allowed to pass. NAT allows multiple devices to share a single address. These are two completely different functions that are often combined in the same box. As I mentioned in another message, a deny all firewall is every bit as effective as NAT at blocking incoming traffic. On the other hand, NAT causes problems if you have multiple devices offering services that you want to reach from the Internet. If you have, for example, 2 web servers, you can't have both on port 80. With NAT you can only forward a protocol to one computer and use a non-standard port number to access the 2nd. As I said NAT breaks things. With public addresses on both computers, you only have to configure the firewall to pass the traffic to the appropriate computer, without messing with non-standard port numbers. It is easy to do and in fact easier than configuring NAT to deal with non-standard port numbers. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-16 19:56, John Andersen wrote:
On 12/16/2014 09:22 AM, James Knott wrote:
From the article: http://www.webrtc.org/faq "Includes and abstracts key NAT and firewall traversal technology using STUN, ICE, TURN, RTP-over-TCP and support for proxies."
And the heavy lifter here is TURN. Go read about that. It does EXACTLY what I said it does. Man in the Middle.
But STUN is not. TURN is the last resource, nobody wants clients to use it, as it is expensive.
Google probably uses excess bandwidth all over the world to supply TURN servers, just like every sip provider has been doing for years.
NOT every SIP provider, only some of the heavy ones. Many only provide signaling and addressing. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/16/2014 12:12 PM, Carlos E. R. wrote:
On 2014-12-16 19:56, John Andersen wrote:
On 12/16/2014 09:22 AM, James Knott wrote:
From the article: http://www.webrtc.org/faq "Includes and abstracts key NAT and firewall traversal technology using STUN, ICE, TURN, RTP-over-TCP and support for proxies."
And the heavy lifter here is TURN. Go read about that. It does EXACTLY what I said it does. Man in the Middle.
But STUN is not. TURN is the last resource, nobody wants clients to use it, as it is expensive.
Google probably uses excess bandwidth all over the world to supply TURN servers, just like every sip provider has been doing for years.
NOT every SIP provider, only some of the heavy ones. Many only provide signaling and addressing.
Still, if you and your caller are behind nat or a firewall, (or NAT) TURN will be used, and I've NEVER run into a single sip provider that did not also host or recommend a turn server. Most of the time its totally automaticly provided. I use SIP quite a bit. - -- After all is said and done, more is said than done. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlSQlbMACgkQv7M3G5+2DLKa8wCgrvBGvKZJv7J1V1kx2Lqox6yw qFEAn0hVJ1qJn7+JQpLxzHjB18IuMtG8 =JBWs -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 03:27 PM, John Andersen wrote:
Still, if you and your caller are behind nat or a firewall, (or NAT) TURN will be used, and I've NEVER run into a single sip provider that did not also host or recommend a turn server. Most of the time its totally automaticly provided.
I use SIP quite a bit.
Then you should know that STUN is not necessary when NAT is not in the way. I have also set up several VoIP PBXs. Since the VoIP didn't go off the local network, STUN was not needed. These PBXs connected to POTS trunks, so access to the Internet was not required. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-16 21:27, John Andersen wrote:
On 12/16/2014 12:12 PM, Carlos E. R. wrote:
NOT every SIP provider, only some of the heavy ones. Many only provide signaling and addressing.
Still, if you and your caller are behind nat or a firewall, (or NAT) TURN will be used, and I've NEVER run into a single sip provider that did not also host or recommend a turn server. Most of the time its totally automaticly provided.
Nope. We tested it in a lab without internet connection (wire removed). A switch that emulates an internet network (ie, internet addresses), but isolated, two routers, two separate local networks, some standalone voip hardware phones. No turn server anywhere, no connection to internet. And it worked. We just had to use normal network tools like iptraf, ntop, ethereal, to find where the traffic was going to/from and thus decide what to change. Anyway, if there is an intermediary involved, you see its IP addresses in the packets. It is quite simple to spot. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 12/16/2014 1:19 PM, Carlos E. R. wrote:
We tested it in a lab without internet connection (wire removed). A switch that emulates an internet network (ie, internet addresses), but isolated, two routers, two separate local networks, some standalone voip hardware phones. No turn server anywhere, no connection to internet.
And no firewall or NAT, so you were on the same unprotected network, two different segments, but the same network. Apples and Oranges Carlos. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-16 22:23, John Andersen wrote:
On 12/16/2014 1:19 PM, Carlos E. R. wrote:
We tested it in a lab without internet connection (wire removed). A switch that emulates an internet network (ie, internet addresses), but isolated, two routers, two separate local networks, some standalone voip hardware phones. No turn server anywhere, no connection to internet.
And no firewall or NAT,
Why not? Where you there to know what we did? LOL. Try it yourself and educate yourself. Set the firewall, configure it. Set NAT, configure it. Make sure that VoIP works, learn when it does or does not. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 12/16/2014 04:28 PM, Carlos E. R. wrote:
And no firewall or NAT, Why not? Where you there to know what we did? LOL.
Try it yourself and educate yourself. Set the firewall, configure it. Set NAT, configure it. Make sure that VoIP works, learn when it does or does not.
As mentioned earlier, I have set up VoIP PBXs in the manner you describe where everything is on the local network. I have also set up some where the calls are routed to other offices, without passing through NAT and again STUN was not necessary. STUN is only needed when you have NAT blocking the proper connection. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 2:18 PM, James Knott wrote:
On 12/16/2014 04:28 PM, Carlos E. R. wrote:
And no firewall or NAT, Why not? Where you there to know what we did? LOL.
Try it yourself and educate yourself. Set the firewall, configure it. Set NAT, configure it. Make sure that VoIP works, learn when it does or does not.
As mentioned earlier, I have set up VoIP PBXs in the manner you describe where everything is on the local network. I have also set up some where the calls are routed to other offices, without passing through NAT and again STUN was not necessary. STUN is only needed when you have NAT blocking the proper connection.
Again, apples and oranges, and completely non-germane. If you want to get outside your little provincial world view, and use firefox or sip or voip or skypeto connect across town, or across the world, there WILL be a man in the middle. And you probably will be using TURN, or a central server. Just Like I told you at the very start of this thread to which you replied: oh no, udp will get around the firewall/nat All hail udp. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 05:24 PM, John Andersen wrote:
If you want to get outside your little provincial world view, and use firefox or sip or voip or skypeto connect across town, or across the world, there WILL be a man in the middle. And you probably will be using TURN, or a central server. Just Like I told you at the very start of this thread to which you replied: oh no, udp will get around the firewall/nat All hail udp.
Actually, I have set up VoIP over significant distance. I have set up networks that cross significant parts of Canada, including through routers and VPNs. Funny thing, as they didn't pass through NAT, STUN was not needed and not used. To get an idea of how far this was, get a map of Canada and check the distance from Toronto, Ontario to Halifax, Nova Scotia. Or from Toronto to Calgary, Alberta or Toronto to Vancouver. That encompasses a distance of about 4400 Km. Not exactly local. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-16 23:18, James Knott wrote:
On 12/16/2014 04:28 PM, Carlos E. R. wrote:
And no firewall or NAT, Why not? Where you there to know what we did? LOL.
Try it yourself and educate yourself. Set the firewall, configure it. Set NAT, configure it. Make sure that VoIP works, learn when it does or does not.
As mentioned earlier, I have set up VoIP PBXs in the manner you describe where everything is on the local network. I have also set up some where the calls are routed to other offices, without passing through NAT and again STUN was not necessary. STUN is only needed when you have NAT blocking the proper connection.
Not even always. Asterisk worked with some firewall (ie, router+nat+firewall devices all in one) trickery. Only the asterisk server needed a fixed and known internet address. And nowdays, home /routers/ support VoIp facilitating things, including holes. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Carlos E. R. wrote:
On 2014-12-16 23:18, James Knott wrote:
On 12/16/2014 04:28 PM, Carlos E. R. wrote:
And no firewall or NAT, Why not? Where you there to know what we did? LOL.
Try it yourself and educate yourself. Set the firewall, configure it. Set NAT, configure it. Make sure that VoIP works, learn when it does or does not.
As mentioned earlier, I have set up VoIP PBXs in the manner you describe where everything is on the local network. I have also set up some where the calls are routed to other offices, without passing through NAT and again STUN was not necessary. STUN is only needed when you have NAT blocking the proper connection.
Not even always. Asterisk worked with some firewall (ie, router+nat+firewall devices all in one) trickery. Only the asterisk server needed a fixed and known internet address.
As long as the VoIP client supports/does NAT keep-alive, there's probably no need for STUN. We have some people working from home, hooked up over their regular ADSL lines. All of their phones are Linksys and they all do NAT keep-alive. I'm not sure if we have a STUN service. -- Per Jessen, Zürich (5.5°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, Dec 17, 2014 at 08:30:27AM +0100, Per Jessen wrote:
Carlos E. R. wrote:
On 2014-12-16 23:18, James Knott wrote:
On 12/16/2014 04:28 PM, Carlos E. R. wrote:
And no firewall or NAT, Why not? Where you there to know what we did? LOL.
Try it yourself and educate yourself. Set the firewall, configure it. Set NAT, configure it. Make sure that VoIP works, learn when it does or does not.
As mentioned earlier, I have set up VoIP PBXs in the manner you describe where everything is on the local network. I have also set up some where the calls are routed to other offices, without passing through NAT and again STUN was not necessary. STUN is only needed when you have NAT blocking the proper connection.
Not even always. Asterisk worked with some firewall (ie, router+nat+firewall devices all in one) trickery. Only the asterisk server needed a fixed and known internet address.
As long as the VoIP client supports/does NAT keep-alive, there's probably no need for STUN. We have some people working from home, hooked up over their regular ADSL lines. All of their phones are Linksys and they all do NAT keep-alive. I'm not sure if we have a STUN service.
on standard configurations that is liekly
-- Per Jessen, Zürich (5.5°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Dec 16, 2014 at 05:18:37PM -0500, James Knott wrote:
On 12/16/2014 04:28 PM, Carlos E. R. wrote:
And no firewall or NAT, Why not? Where you there to know what we did? LOL.
Try it yourself and educate yourself. Set the firewall, configure it. Set NAT, configure it. Make sure that VoIP works, learn when it does or does not.
As mentioned earlier, I have set up VoIP PBXs in the manner you describe where everything is on the local network. I have also set up some where the calls are routed to other offices, without passing through NAT and again STUN was not necessary. STUN is only needed when you have NAT blocking the proper connection.
Yeah, I don't believe this, BTW
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 04:23 PM, John Andersen wrote:
On 12/16/2014 1:19 PM, Carlos E. R. wrote:
We tested it in a lab without internet connection (wire removed). A switch that emulates an internet network (ie, internet addresses), but isolated, two routers, two separate local networks, some standalone voip hardware phones. No turn server anywhere, no connection to internet. And no firewall or NAT, so you were on the same unprotected network, two different segments, but the same network.
Apples and Oranges Carlos.
This was on a private network and yes there was a firewall between the network at the various sites and the Internet. However, as I pointed out a few times now, the connection between sites was via VPN. The VPN terminates on the router, where the firewall rules are set up. But the VoIP traffic never passes directly over the Internet. It is always carried via VPN. So, there is no way into that network, except as allowed by the firewall rules. And you'd never see VoIP traffic on the Internet connection as it is hidden by the VPN. Regardless, there is still no NAT involved between the different locations, thanks to the use of the VPN. No NAT means no STUN. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Dec 16, 2014 at 07:22:28PM -0500, James Knott wrote:
On 12/16/2014 04:23 PM, John Andersen wrote:
On 12/16/2014 1:19 PM, Carlos E. R. wrote:
We tested it in a lab without internet connection (wire removed). A switch that emulates an internet network (ie, internet addresses), but isolated, two routers, two separate local networks, some standalone voip hardware phones. No turn server anywhere, no connection to internet. And no firewall or NAT, so you were on the same unprotected network, two different segments, but the same network.
Apples and Oranges Carlos.
This was on a private network and yes there was a firewall between the network at the various sites and the Internet. However, as I pointed out a few times now, the connection between sites was via VPN. The VPN terminates on the router, where the firewall rules are set up. But the VoIP traffic never passes directly over the Internet.
???? you should try typing less and reading more
It is always carried via VPN. So, there is no way into that network, except as allowed by the firewall rules. And you'd never see VoIP traffic on the Internet connection as it is hidden by the VPN. Regardless, there is still no NAT involved between the different locations, thanks to the use of the VPN. No NAT means no STUN.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Dec 16, 2014 at 07:22:28PM -0500, James Knott wrote:
On 12/16/2014 04:23 PM, John Andersen wrote:
On 12/16/2014 1:19 PM, Carlos E. R. wrote:
We tested it in a lab without internet connection (wire removed). A switch that emulates an internet network (ie, internet addresses), but isolated, two routers, two separate local networks, some standalone voip hardware phones. No turn server anywhere, no connection to internet. And no firewall or NAT, so you were on the same unprotected network, two different segments, but the same network.
Apples and Oranges Carlos.
OK lets start tearing this appart.
This was on a private network and yes there was a firewall between the network at the various sites and the Internet.
Without knowing what rules controll the firewall, this is a meaningless statement.
However, as I pointed out a few times now, the connection between sites was via VPN. The VPN terminates on the router, where the firewall rules are set up.
So a VPN is restricted to a private psycial network, and blocked by a router with a firewall on it with limited capacity, I might add. This is BS. Come on. Stop playing with us. The prupose of a VPN is to between private networks.
But the VoIP traffic never passes directly over the Internet. It is always carried via VPN.
The VPN is ON the internet.... so what the heck are you talking about.
So, there is no way into that network, except as allowed by the firewall rules.
That doesn't even logically follow. getting out of the DMZ has nothing to do with VPNs.
And you'd never see VoIP traffic on the Internet connection as it is hidden by the VPN. Regardless, there is still no NAT involved between the different locations, thanks to the use of the VPN.
That would be flat out wrong under any construction of a DMZ and firewall. Again, this has nothing to do with the VPN.
No NAT means no STUN.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 01:56 PM, John Andersen wrote:
WEBRTC has no real magic of its own other than bundling it into the browser.
Use Wireshark to look at the traffic and tell me where it's going.
I bet they even forgo encryption, relying on SSL alone.
Ummm... Doesn't SSL/TLs provide encryption? I thought that was it's purpose. https://en.wikipedia.org/wiki/Transport_Layer_Security -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 09:08 AM, James Knott wrote:
With IPv6 and it's incredible number of public unicast addresses, NAT & STUN are not needed.
Oh yes they are needed. You think firewalls are going away just because we have lots of address space? STUN is only PART (a very small part) of the process. Stun just gets addresses of the end firewall of the end points. Thats all it does. It is not a transport. Once you have those addresses your application has to use ICE http://en.wikipedia.org/wiki/Interactive_Connectivity_Establishment to see if you can traverse directly. With NAT on both ends, you still can not make this work. So in those cases you have to use TURN servers. Traversal Using Relays around NAT (TURN) places a third party server to relay messages between two clients where peer to peer media traffic is not allowed by a firewall. Turns out there is less magic to this WEBrtc than everyone thinks. Everyone in the SIP/VOIP community is laughing. They've had this worked out for years. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 01:52 PM, John Andersen wrote:
On 12/16/2014 09:08 AM, James Knott wrote:
With IPv6 and it's incredible number of public unicast addresses, NAT & STUN are not needed.
Oh yes they are needed.
You think firewalls are going away just because we have lots of address space?
STUN is only PART (a very small part) of the process. Stun just gets addresses of the end firewall of the end points. Thats all it does. It is not a transport.
I thought that is what I was saying in that STUN isn't necessary with public addresses. STUN provides the NAT firewall address, when the devices would normally provide actual addresses. Once the other end has the firewall address, the NAT transversal kicks in and sends the incoming packets to the destination device. Without NAT, the need for STUN disappears. This is completely different from the function of opening a firewall to allow the traffic. You seem to be one of those who confuses NAT with firewall filtering. As I mentioned, NAT is a hack to work around the IPv4 address shortage. It should not be considered a means of security, in that it provides nothing that a properly configured firewall can't in that regard. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 11:24 AM, James Knott wrote:
On 12/16/2014 01:52 PM, John Andersen wrote:
On 12/16/2014 09:08 AM, James Knott wrote:
With IPv6 and it's incredible number of public unicast addresses, NAT & STUN are not needed.
Oh yes they are needed.
You think firewalls are going away just because we have lots of address space?
STUN is only PART (a very small part) of the process. Stun just gets addresses of the end firewall of the end points. Thats all it does. It is not a transport.
I thought that is what I was saying in that STUN isn't necessary with public addresses. STUN provides the NAT firewall address, when the devices would normally provide actual addresses. Once the other end has the firewall address, the NAT transversal kicks in and sends the incoming packets to the destination device. Without NAT, the need for STUN disappears. This is completely different from the function of opening a firewall to allow the traffic. You seem to be one of those who confuses NAT with firewall filtering. As I mentioned, NAT is a hack to work around the IPv4 address shortage. It should not be considered a means of security, in that it provides nothing that a properly configured firewall can't in that regard.
NAT IS a means of security. (Your reason for saying it should not be so considered is totally non germane). NAT and firewalls are, for most implementations, one and the same. And in regards to the current discussion, you would STILL have the same problem of traversal with a properly configured network firewall in a pure ipv6 network. You aren't going to get direct inbound connections on any corporate network. IPV6 opens more security issues than most people think. Firewalls are going to be even more important. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
John Andersen wrote:
On 12/16/2014 11:24 AM, James Knott wrote:
IPV6 opens more security issues than most people think. Firewalls are going to be even more important.
+1 -- Per Jessen, Zürich (7.1°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 02:44 PM, Per Jessen wrote:
John Andersen wrote:
On 12/16/2014 11:24 AM, James Knott wrote:
IPV6 opens more security issues than most people think. Firewalls are going to be even more important. +1
Firewalls are always important when connected to the Internet. Regardless the same principles apply whether IPv4 or IPv6. However, John Anderson seems to confuse the firewall function with the NAT function. They are not the same thing as they have different purposes. One is a necessary function for network security, the other is a hack to get around the address shortage. Not the same thing at all. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 12:50 PM, James Knott wrote:
On 12/16/2014 02:44 PM, Per Jessen wrote:
John Andersen wrote:
On 12/16/2014 11:24 AM, James Knott wrote:
IPV6 opens more security issues than most people think. Firewalls are going to be even more important. +1
Firewalls are always important when connected to the Internet. Regardless the same principles apply whether IPv4 or IPv6. However, John Anderson seems to confuse the firewall function with the NAT function. They are not the same thing as they have different purposes. One is a necessary function for network security, the other is a hack to get around the address shortage. Not the same thing at all.
Keep digging James. If you knew anything about it other then what you read on half of a wiki page you would realize that NAT is a Router and a firewall. At the bottom of that deep pile you fail to understand its all iptables or PacketFilter. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-16 22:01, John Andersen wrote:
On 12/16/2014 12:50 PM, James Knott wrote:
Firewalls are always important when connected to the Internet. Regardless the same principles apply whether IPv4 or IPv6. However, John Anderson seems to confuse the firewall function with the NAT function. They are not the same thing as they have different purposes. One is a necessary function for network security, the other is a hack to get around the address shortage. Not the same thing at all.
Keep digging James. If you knew anything about it other then what you read on half of a wiki page you would realize that NAT is a Router and a firewall.
ROTFL! You are making it worse. Everybody here with networking knowledge knows how wrong you are by now. :-P -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 12/16/2014 1:22 PM, Carlos E. R. wrote:
On 2014-12-16 22:01, John Andersen wrote:
On 12/16/2014 12:50 PM, James Knott wrote:
Firewalls are always important when connected to the Internet. Regardless the same principles apply whether IPv4 or IPv6. However, John Anderson seems to confuse the firewall function with the NAT function. They are not the same thing as they have different purposes. One is a necessary function for network security, the other is a hack to get around the address shortage. Not the same thing at all.
Keep digging James. If you knew anything about it other then what you read on half of a wiki page you would realize that NAT is a Router and a firewall.
ROTFL!
You are making it worse. Everybody here with networking knowledge knows how wrong you are by now. :-P
I've been right from the beginning. You are they guy that insisted WebRTC could pierce firewalls at both ends with nothing but UDP and no man in the middle. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 04:01 PM, John Andersen wrote:
If you knew anything about it other then what you read on half of a wiki page you would realize that NAT is a Router and a firewall. At the bottom of that deep pile you fail to understand its all iptables or PacketFilter.
This is getting old. The main purpose of NAT is to get around the address shortage. That is it's intended purpose, though it can also be used for remapping address ranges. The firewall function only occurs because there is no direct way to reach devices behind it, as commonly used, and is thus a side effect of NAT. If you had a subnet of public addresses, the deny all access list on a router would be just as effective at controlling what's allowed. A router is a separate function again. I happen to have a Cisco router here beside my desk. I can configure it to allow/deny traffic on a subnet, or for NAT, or even just as a filter, without routing or NAT functions. NAT, routing and filtering are three separate functions that are often combined within the same box. Incidentally, when NAT is used to remap address ranges, that is the same number of addresses on either side, it loses the "firewall" function. You again need access lists to control what's allowed to pass. Cisco routers also allow a configuration, where one or more local addresses map directly to public addresses, in both directions, again without the inherent NAT "firewall", so you again need access lists. BTW, I have been working with commercial grade routers from Adtran and Cisco for several years and am also Cisco certified. As I mentioned earlier, I have also worked with VoIP PBXs. All this for business customers. You may want to pick up a Cisco CCNA text for a full description of how NAT is used & it's limitations and also about access lists & how they are used to control traffic into, out of and within a network. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 1:24 PM, James Knott wrote:
BTW, I have been working with commercial grade routers from Adtran and Cisco for several years and am also Cisco certified. As I mentioned earlier, I have also worked with VoIP PBXs. All this for business customers.
And after all these years you still think UDP pierces firewalls all by itself? Are your customers getting what they paid for? -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux... FWIW -- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 04:46 PM, Ruben Safir wrote:
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux...
FWIW
Nothing new there. I have been using IPTables and IPChains before it for years. Also, most routers at both commercial and home type levels are built using Linux or BSD. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Dec 16, 2014 at 07:25:26PM -0500, James Knott wrote:
On 12/16/2014 04:46 PM, Ruben Safir wrote:
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux...
FWIW
Nothing new there. I have been using IPTables and IPChains before it for years. Also, most routers at both commercial and home type levels are built using Linux or BSD.
Oh course there is nothing new there, for us. You however, need to read the documentation.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 04:26 PM, John Andersen wrote:
On 12/16/2014 1:24 PM, James Knott wrote:
BTW, I have been working with commercial grade routers from Adtran and Cisco for several years and am also Cisco certified. As I mentioned earlier, I have also worked with VoIP PBXs. All this for business customers. And after all these years you still think UDP pierces firewalls all by itself? Are your customers getting what they paid for?
Please read what I said in other messages. I never claimed it pierced firewalls. I have stated that because NAT was not used, STUN was not necessary. When I set up those networks, the entire system was over private addresses and never passed through NAT or firewalls, except as provided by the VPN. This means that only routing was required between sites. So, each site had it's own subnet. Each site was connected via VPN. Since the VPN was configured on the firewall, it only had to pass through the filters, but not NAT. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 3:59 PM, James Knott wrote:
On 12/16/2014 04:26 PM, John Andersen wrote:
On 12/16/2014 1:24 PM, James Knott wrote:
BTW, I have been working with commercial grade routers from Adtran and Cisco for several years and am also Cisco certified. As I mentioned earlier, I have also worked with VoIP PBXs. All this for business customers. And after all these years you still think UDP pierces firewalls all by itself? Are your customers getting what they paid for?
Please read what I said in other messages. I never claimed it pierced firewalls.
Yes you did: http://lists.opensuse.org/opensuse/2014-12/msg00831.html -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/17/2014 04:01 PM, John Andersen wrote:
On 12/16/2014 3:59 PM, James Knott wrote:
On 12/16/2014 04:26 PM, John Andersen wrote:
On 12/16/2014 1:24 PM, James Knott wrote:
BTW, I have been working with commercial grade routers from Adtran and Cisco for several years and am also Cisco certified. As I mentioned earlier, I have also worked with VoIP PBXs. All this for business customers. And after all these years you still think UDP pierces firewalls all by itself? Are your customers getting what they paid for?
Please read what I said in other messages. I never claimed it pierced firewalls. Yes you did: http://lists.opensuse.org/opensuse/2014-12/msg00831.html
And in other messages I said it contacts the server first, and in the one above, I also said it requires the firewall to track the data stream. At the moment, I am connected to my employers network via OpenVPN. That VPN is running on Windows 7, running in an OpenBox virtual machine, on openSUSE 13.1 OpenVPN runs over UDP. Those UDP packets manage to make it both ways through my NAT firewall and again trhough the VM NAT. There is no STUN or TURN server involved. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/17/2014 04:17 PM, James Knott wrote:
On 12/17/2014 04:01 PM, John Andersen wrote:
On 12/16/2014 3:59 PM, James Knott wrote:
On 12/16/2014 04:26 PM, John Andersen wrote:
On 12/16/2014 1:24 PM, James Knott wrote:
BTW, I have been working with commercial grade routers from Adtran and Cisco for several years and am also Cisco certified. As I mentioned earlier, I have also worked with VoIP PBXs. All this for business customers. And after all these years you still think UDP pierces firewalls all by itself? Are your customers getting what they paid for?
Please read what I said in other messages. I never claimed it pierced firewalls. Yes you did: http://lists.opensuse.org/opensuse/2014-12/msg00831.html
And in other messages I said it contacts the server first, and in the one above, I also said it requires the firewall to track the data stream.
At the moment, I am connected to my employers network via OpenVPN. That VPN is running on Windows 7, running in an OpenBox virtual machine, on openSUSE 13.1 OpenVPN runs over UDP. Those UDP packets manage to make it both ways through my NAT firewall and again trhough the VM NAT. There is no STUN or TURN server involved. Correction, that should read VirtualBox VM.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Dec 16, 2014 at 08:44:20PM +0100, Per Jessen wrote:
John Andersen wrote:
On 12/16/2014 11:24 AM, James Knott wrote:
IPV6 opens more security issues than most people think. Firewalls are going to be even more important.
+1
+2 which is a good reason to avoid it until forced to use it. Besides, there really are still plenty of IP addresses if they just free up space and if the private networks would get off the public addressing. IP6 is a disaster.
-- Per Jessen, Zürich (7.1°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 04:29 PM, Ruben Safir wrote:
On Tue, Dec 16, 2014 at 08:44:20PM +0100, Per Jessen wrote:
John Andersen wrote:
On 12/16/2014 11:24 AM, James Knott wrote:
IPV6 opens more security issues than most people think. Firewalls are going to be even more important. +1
+2 which is a good reason to avoid it until forced to use it.
Since you're such an expert, care to elaborate? In some repects IPv6 is more secure than IPv4. One common attack in IPv4 is to ping all the addresses until something is found to attack. According to one article I read recently, to do so in a single /64 subnet, it would take some 5000 years to find a host to attack. A /64 subnet is the smallest an ISP can hand out. I have a /56, which is 256x a /64 or about a trillion times the entire IPv4 address space. As I mentioned earlier, IPSec was designed for IPv6 and later adapted to IPv4. There are also other measures to prevent intrusions or other network issues that are simply not possible to accomplish in IPv4.
Besides, there really are still plenty of IP addresses if they just free up space and if the private networks would get off the public addressing.
Given there are already more mobile devices than IPv4 addresses, ignoring the fact that most of those addresses are already taken, how is that possible. Also, despite the enormous IPv6 address range, private addresses are still supported.
IP6 is a disaster.
Again, please explain why. Also bear in mind it was designed in consideration of the good and bad points of IPv4. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 12/16/2014 04:29 PM, Ruben Safir wrote:
On Tue, Dec 16, 2014 at 08:44:20PM +0100, Per Jessen wrote:
John Andersen wrote:
On 12/16/2014 11:24 AM, James Knott wrote:
IPV6 opens more security issues than most people think. Firewalls are going to be even more important. +1
+2 which is a good reason to avoid it until forced to use it.
Since you're such an expert, care to elaborate? In some repects IPv6 is more secure than IPv4. One common attack in IPv4 is to ping all the addresses until something is found to attack. According to one article I read recently, to do so in a single /64 subnet, it would take some 5000 years to find a host to attack. A /64 subnet is the smallest an ISP can hand out.
I have heard of /96 and /112 being handed out by small local ISPs around here. I don't know if they're still doing it. -- Per Jessen, Zürich (5.4°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Per Jessen wrote:
James Knott wrote:
On 12/16/2014 04:29 PM, Ruben Safir wrote:
On Tue, Dec 16, 2014 at 08:44:20PM +0100, Per Jessen wrote:
John Andersen wrote:
On 12/16/2014 11:24 AM, James Knott wrote:
IPV6 opens more security issues than most people think. Firewalls are going to be even more important. +1
+2 which is a good reason to avoid it until forced to use it.
Since you're such an expert, care to elaborate? In some repects IPv6 is more secure than IPv4. One common attack in IPv4 is to ping all the addresses until something is found to attack. According to one article I read recently, to do so in a single /64 subnet, it would take some 5000 years to find a host to attack. A /64 subnet is the smallest an ISP can hand out.
I have heard of /96 and /112 being handed out by small local ISPs around here. I don't know if they're still doing it.
http://www.edis.at/de/home/ They're allocating a /112 per Raspberry. -- Per Jessen, Zürich (6.4°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/17/2014 04:22 AM, Per Jessen wrote:
They're allocating a /112 per Raspberry.
That's 64K addresses for that one device. That might be enough. ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/17/2014 02:17 AM, Per Jessen wrote:
I have heard of /96 and /112 being handed out by small local ISPs around here. I don't know if they're still doing it.
That would break the MAC based addresses, though could be used with DHCP or manual configuration. With MAC based addresses, FFFE is inserted in the middle of the MAC and the 7th bit is toggled. This then forms the lower 64 bits of the 128 bit address. Of course, given the huge address space, why even bother with subnets that small. If only /48 subnets were handed out, there's more that 4000 available for every person on earth. With /64 subnets you'd have over 65000x more. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 12/17/2014 02:17 AM, Per Jessen wrote:
I have heard of /96 and /112 being handed out by small local ISPs around here. I don't know if they're still doing it.
That would break the MAC based addresses, though could be used with DHCP or manual configuration.
They're almost certainly using DHCP.
With MAC based addresses, FFFE is inserted in the middle of the MAC and the 7th bit is toggled. This then forms the lower 64 bits of the 128 bit address. Of course, given the huge address space, why even bother with subnets that small.
I would tend to agree, but it is of course exactly that lack of imagination that is (at least partially) to blame for our IPV4 shortage :-(
If only /48 subnets were handed out, there's more that 4000 available for every person on earth. With /64 subnets you'd have over 65000x more.
I know, I know, there's plenty. Still seems waste. -- Per Jessen, Zürich (5.9°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 02:32 PM, John Andersen wrote:
NAT IS a means of security. (Your reason for saying it should not be so considered is totally non germane). NAT and firewalls are, for most implementations, one and the same.
Please explain what security NAT provides beyond what's capable with a properly configured firewall. NAT is only used due to the lack of addresses. If we had sufficient addresses on IPv4, so that everyone could get a reasonable number of addresses, then the need for NAT would disappear.
And in regards to the current discussion, you would STILL have the same problem of traversal with a properly configured network firewall in a pure ipv6 network. You aren't going to get direct inbound connections on any corporate network.
NAT transversal is not the same issue as passing through a firewall. However, that NAT transversal is what requires use of hacks such as STUN and TURN. So, with NAT, you need not only transversal, but still some means of allowing the desired traffic through.
IPV6 opens more security issues than most people think. Firewalls are going to be even more important.
The exact same filters used on IPv4 are also available on IPv6, so as far as protocols being open, the situation is the same. IPv6 also properly supports multiple addresses and routes better than IPv4 and that's something that has to be considered. On the other hand, consumer grade routers generally come configured to block everything, with exceptions then being configured to allow desired protocols through. This is no different on IPv6 or a non-NAT IPv4 firewall. On commercial grade routers from Cisco etc., firewall functions must be specifically enabled. But again you start with a block everything access list and then start adding exceptions. On Cisco, a block everything access list can be created simply by creating the access list with nothing more than a remark line in it and then applying it to the incoming side of the port connected to the Internet. This will then create a deny all firewall, as all access lists have an implicit deny all at the end. You now have a firewall that's every bit as effective as NAT at blocking incoming connections. If you're running both IPv4 and IPv6, you create an access list for each. So, it's not terribly complicated. Also, IPSec originated as part of the IPv6 spec, so is fully supported on it. Another security or rather privacy feature is random number based IPv6 addresses, which mean you can no longer match an address with a specific device. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Dec 16, 2014 at 03:25:31PM -0500, James Knott wrote:
On 12/16/2014 02:32 PM, John Andersen wrote:
NAT IS a means of security. (Your reason for saying it should not be so considered is totally non germane). NAT and firewalls are, for most implementations, one and the same.
Please explain what security NAT provides beyond what's capable with a properly configured firewall. NAT is only used due to the lack of addresses.
oh boy, it is time to put you in /dev/null -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 04:32 PM, Ruben Safir wrote:
On Tue, Dec 16, 2014 at 03:25:31PM -0500, James Knott wrote:
NAT IS a means of security. (Your reason for saying it should not be so considered is totally non germane). NAT and firewalls are, for most implementations, one and the same. Please explain what security NAT provides beyond what's capable with a
On 12/16/2014 02:32 PM, John Andersen wrote: properly configured firewall. NAT is only used due to the lack of addresses.
oh boy, it is time to put you in /dev/null
No, as John has demonstrated, a lot of people don't understand the difference between NAT and firewall functions. The purpose of a firewall is to filter traffic so that only the desired traffic gets through. In many cases that means block everything. The main purpose of NAT is to share addresses, but in the process provides a firewall function, as a side effect, in that there's no way past it to devices behind, unless specifically configured. That said, from the viewpoint of filtering traffic, NAT provides no benefit that a properly configured firewall doesn't. A lot of people are confused on this because they've only been exposed to the consumer grade devices from D-Link, Linksys etc., which are toys compared to commercial grade equipment from Cisco, Adtran, Juniper and others. Even a computer running Linux can do a lot more than those consumer level devices. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Dec 16, 2014 at 05:15:59PM -0500, James Knott wrote:
On 12/16/2014 04:32 PM, Ruben Safir wrote:
On Tue, Dec 16, 2014 at 03:25:31PM -0500, James Knott wrote:
NAT IS a means of security. (Your reason for saying it should not be so considered is totally non germane). NAT and firewalls are, for most implementations, one and the same. Please explain what security NAT provides beyond what's capable with a
On 12/16/2014 02:32 PM, John Andersen wrote: properly configured firewall. NAT is only used due to the lack of addresses.
oh boy, it is time to put you in /dev/null
No, as John has demonstrated, a lot of people don't understand the difference between NAT and firewall functions. The purpose of a firewall is to filter traffic so that only the desired traffic gets through. In many cases that means block everything. The main purpose of NAT is to share addresses, but in the process provides a firewall function, as a side effect, in that there's no way past it to devices behind, unless specifically configured.
No, it means your have a fundemental lack of understanding. The technology views, disects and reconstructs IP packets and take action on such investigations under rules. This is fundementally what firewalls and NAT does. Your just not understanding, but the irritating part is that you just really couldn't care. You would have a crippled firewall without network translation It has nothing to do with ip6 or ip4 Packet filtering an manipulation is not rocket science, but it is the backbone of all firewall technology, and all IP technolgy, for that matter. Your entire ongoing intellectual construction which your blowing so much enegy over here, is a canard. Just as it is more convient to have video chat in the browser rather than using your operating system is also a canard. As for IP4, it is better and that is why people stick with it, IP6 truly sucks, Also, there are plenty of IP address, most in circukation are wasted. Also, cellphones don't need public ip addresses, and really shouldn't have them. Over and Out. Ruben -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
I'm aware of STUN, but haven't investigated WebRTC enough to see what it uses. However, STUN is a hack made necessary by NAT. With IPv6 and it's incredible number of public unicast addresses, NAT & STUN are not needed.
As long as we're all dual-stack, NAT and STUN will remain though. -- Per Jessen, Zürich (7.1°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 02:30 PM, Per Jessen wrote:
James Knott wrote:
I'm aware of STUN, but haven't investigated WebRTC enough to see what it uses. However, STUN is a hack made necessary by NAT. With IPv6 and it's incredible number of public unicast addresses, NAT & STUN are not needed. As long as we're all dual-stack, NAT and STUN will remain though.
All we can do is encourage the use of IPv6. Without it there are simply not enough IP addresses. For example, there are already more mobile devices than there are IPv4 addresses. Sticking with IPv4 means hack upon hack upon hack, to get around the limitations caused by the lack of address space, while still inhibiting proper use of the Internet. This is before we even consider other advantages of IPv6 beyond address space. My home network has been fully functional on IPv6 for about 4.5 years. IPv6 is used whenever possible, whether on my local LAN or out to the Internet. My own IPv6 subnet has about a trillion times the entire IPv4 address space. I haven't used all those addresses yet. ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 12/16/2014 02:30 PM, Per Jessen wrote:
James Knott wrote:
I'm aware of STUN, but haven't investigated WebRTC enough to see what it uses. However, STUN is a hack made necessary by NAT. With IPv6 and it's incredible number of public unicast addresses, NAT & STUN are not needed. As long as we're all dual-stack, NAT and STUN will remain though.
All we can do is encourage the use of IPv6. Without it there are simply not enough IP addresses.
Agree, absolutely.
For example, there are already more mobile devices than there are IPv4 addresses. Sticking with IPv4 means hack upon hack upon hack, to get around the limitations caused by the lack of address space, while still inhibiting proper use of the Internet. This is before we even consider other advantages of IPv6 beyond address space.
My home network has been fully functional on IPv6 for about 4.5 years. IPv6 is used whenever possible, whether on my local LAN or out to the Internet. My own IPv6 subnet has about a trillion times the entire IPv4 address space. I haven't used all those addresses yet. ;-)
What would happen if you went IPv6-only? Does your provider do some 6to4 trickery? -- Per Jessen, Zürich (7.1°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 03:16 PM, Per Jessen wrote:
My home network has been fully functional on IPv6 for about 4.5 years.
IPv6 is used whenever possible, whether on my local LAN or out to the Internet. My own IPv6 subnet has about a trillion times the entire IPv4 address space. I haven't used all those addresses yet. ;-) What would happen if you went IPv6-only? Does your provider do some 6to4 trickery?
No, as mentioned earlier, my firewall is openSUSE 13.1. While there may be such "trickery" available, I haven't heard of it. So, if I want to access my IPv4 only devices or web sites, I have to run dual stack. Comcast is a major U.S. ISP. They're in the process of switching their entire network to VoIP and when IPv4 is needed, they'll use 4in6 tunnels and carrier grade NAT to access the IPv4 only Internet sites. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 06:43 PM, James Knott wrote:
On 12/16/2014 03:16 PM, Per Jessen wrote:
My home network has been fully functional on IPv6 for about 4.5 years.
IPv6 is used whenever possible, whether on my local LAN or out to the Internet. My own IPv6 subnet has about a trillion times the entire IPv4 address space. I haven't used all those addresses yet. ;-) What would happen if you went IPv6-only? Does your provider do some 6to4 trickery? No, as mentioned earlier, my firewall is openSUSE 13.1. While there may be such "trickery" available, I haven't heard of it. So, if I want to access my IPv4 only devices or web sites, I have to run dual stack.
Comcast is a major U.S. ISP. They're in the process of switching their entire network to VoIP and when IPv4 is needed, they'll use 4in6 tunnels and carrier grade NAT to access the IPv4 only Internet sites.
Sorry for the typo. That should read "switching their entire network to IPv6". -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Dec 16, 2014 at 07:26:39PM -0500, James Knott wrote:
On 12/16/2014 06:43 PM, James Knott wrote:
On 12/16/2014 03:16 PM, Per Jessen wrote:
My home network has been fully functional on IPv6 for about 4.5 years.
IPv6 is used whenever possible, whether on my local LAN or out to the Internet. My own IPv6 subnet has about a trillion times the entire IPv4 address space. I haven't used all those addresses yet. ;-) What would happen if you went IPv6-only? Does your provider do some 6to4 trickery? No, as mentioned earlier, my firewall is openSUSE 13.1. While there may be such "trickery" available, I haven't heard of it. So, if I want to access my IPv4 only devices or web sites, I have to run dual stack.
Comcast is a major U.S. ISP. They're in the process of switching their entire network to VoIP and when IPv4 is needed, they'll use 4in6 tunnels and carrier grade NAT to access the IPv4 only Internet sites.
Sorry for the typo. That should read "switching their entire network to IPv6".
The same comcast who is a backbone for spam accross the internet.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 12/16/2014 03:16 PM, Per Jessen wrote:
My home network has been fully functional on IPv6 for about 4.5 years.
IPv6 is used whenever possible, whether on my local LAN or out to the Internet. My own IPv6 subnet has about a trillion times the entire IPv4 address space. I haven't used all those addresses yet. ;-) What would happen if you went IPv6-only? Does your provider do some 6to4 trickery?
No, as mentioned earlier, my firewall is openSUSE 13.1. While there may be such "trickery" available, I haven't heard of it. So, if I want to access my IPv4 only devices or web sites, I have to run dual stack.
Comcast is a major U.S. ISP. They're in the process of switching their entire network to IPv6 and when IPv4 is needed, they'll use 4in6 tunnels and carrier grade NAT to access the IPv4 only Internet sites.
I wonder how it's handled on the client side. How does a single stack IPv6 client talk to an IPv4 server? Just being curious, I'm sure that problem has been solved without necessitating anything extra on the client side. Swisscom here is also rolling out IPv6 to all new customers. -- Per Jessen, Zürich (5.2°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/17/2014 02:05 AM, Per Jessen wrote:
their entire network to IPv6 and when IPv4 is needed, they'll use 4in6 tunnels and carrier grade NAT to access the IPv4 only Internet sites. I wonder how it's handled on the client side. How does a single stack IPv6 client talk to an IPv4 server? Just being curious, I'm sure that
Comcast is a major U.S. ISP. They're in the process of switching problem has been solved without necessitating anything extra on the client side. Swisscom here is also rolling out IPv6 to all new customers.
I don't have the details, but perhaps the modem provides the 4to6 tunnel, along with IPv4 DHCP etc. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 12/17/2014 02:05 AM, Per Jessen wrote:
their entire network to IPv6 and when IPv4 is needed, they'll use 4in6 tunnels and carrier grade NAT to access the IPv4 only Internet sites. I wonder how it's handled on the client side. How does a single stack IPv6 client talk to an IPv4 server? Just being curious, I'm sure
Comcast is a major U.S. ISP. They're in the process of switching that problem has been solved without necessitating anything extra on the client side. Swisscom here is also rolling out IPv6 to all new customers.
I don't have the details, but perhaps the modem provides the 4to6 tunnel, along with IPv4 DHCP etc.
Ah yes, that is quite possible. Thanks, I dunno why I didn't think of that. -- Per Jessen, Zürich (6.0°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Dec 16, 2014 at 06:43:53PM -0500, James Knott wrote:
On 12/16/2014 03:16 PM, Per Jessen wrote:
My home network has been fully functional on IPv6 for about 4.5 years.
IPv6 is used whenever possible, whether on my local LAN or out to the Internet. My own IPv6 subnet has about a trillion times the entire IPv4 address space. I haven't used all those addresses yet. ;-) What would happen if you went IPv6-only? Does your provider do some 6to4 trickery?
No, as mentioned earlier, my firewall is openSUSE 13.1.
I know, you keep saying that and I keep giggling. Your firewall is NOT opensuse... want to try again? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
No, as mentioned earlier, my firewall is openSUSE 13.1.
I know, you keep saying that and I keep giggling. Your firewall is NOT opensuse...
want to try again?
OK, since you're such a genius, you tell me. Between my cable modem and my local network I have a computer, running openSUSE 13.1 and SUSE Firewall. That box is set up for NAT on IPv4 and also provides the 6in4 tunnel for my IPv6 subnet. It is also configured to pass only SSH and IMAPS, on both IPv4 and IPv6 to my local network. Now, please tell me what my firewall is. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, Dec 17, 2014 at 10:10:01AM -0500, James Knott wrote:
No, as mentioned earlier, my firewall is openSUSE 13.1.
I know, you keep saying that and I keep giggling. Your firewall is NOT opensuse...
want to try again?
OK, since you're such a genius, you tell me.
I'm far from a genius, and maybe you should consider that .... anyway you want. I don't really care. opensuse is an operating system. Your firewal software is not opensuse.
Between my cable modem and my local network I have a computer, running openSUSE 13.1 and SUSE Firewall. That box is set up for NAT on IPv4 and also provides the 6in4 tunnel for my IPv6 subnet. It is also configured to pass only SSH and IMAPS, on both IPv4 and IPv6 to my local network. Now, please tell me what my firewall is.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On December 17, 2014 10:11:29 AM EST, Ruben Safir <ruben@mrbrklyn.com> wrote:
On Wed, Dec 17, 2014 at 10:10:01AM -0500, James Knott wrote:
No, as mentioned earlier, my firewall is openSUSE 13.1.
I know, you keep saying that and I keep giggling. Your firewall is
NOT
opensuse...
want to try again?
OK, since you're such a genius, you tell me.
I'm far from a genius, and maybe you should consider that .... anyway you want. I don't really care.
opensuse is an operating system. Your firewal software is not opensuse.
Ruben, Stop being a dick. We all, except for you, understand what James means. If I had to contact someone for network assistance I would call James. Ken -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Ruben, Stop being a dick. We all, except for you, understand what James means. If I had to contact someone for network assistance I would call James.
I wouldn't and if you worked for me and you said opensuse was your firewall I'd fire you and your cisco certified credentials. AND, fwiw, you have no idea what he means, Ken. You don't know what firewall rules he invoked. You have no idea, as a matter of fact, if he is just dev/null routing stuff or using any other network package software on opensuse. But most importantly, "opensuse Firewall" doesn't gaurantee any quality of firewalling, which is what he is saying. He is saying, I'm using opensuse 13.1 firewall, which is a product that does not exist, and therefor I'm good, which is not known even if he is using iptables knowlegably.... which I seriously doubt. So what is he saying Ken? That opensue has some prepackaged configuration that opensuse calls its 'fire wall' and he clicked on? Because that is not what any network admin I would hire would do. And if sure and heck doesn't guarantee that it blocks sip connections to Nova Scotia. And BTW bragging that you made sip connections from Alberta to Haifax is like bragging that you received spam from Russia, or north korea. If the stuff is done correctly, the physical location is MEANINGLESS.
Ken
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, Dec 17, 2014 at 10:10:01AM -0500, James Knott wrote:
No, as mentioned earlier, my firewall is openSUSE 13.1.
I know, you keep saying that and I keep giggling. Your firewall is NOT opensuse...
want to try again?
OK, since you're such a genius, you tell me. Between my cable modem and my local network I have a computer, running openSUSE 13.1 and SUSE Firewall. That box is set up for NAT on IPv4 and also provides the 6in4 tunnel for my IPv6 subnet. It is also configured to pass only SSH and IMAPS, on both IPv4 and IPv6 to my local network. Now, please tell me what my firewall is.
You don't know what your firewall is? What does iptables --list say?
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/17/2014 10:17 AM, Ruben Safir wrote: You don't know what your firewall is? What does iptables --list say? It shows a long list of thing, much more than I care to put on this list, but it starts with: # iptables --list Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate ESTABLISHED ACCEPT icmp -- anywhere anywhere ctstate RELATED input_int all -- anywhere anywhere input_dmz all -- anywhere anywhere input_ext all -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-IN-ILL-TARGET " DROP all -- anywhere anywhere It sure looks to me like a firewall. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, Dec 17, 2014 at 10:24:48AM -0500, James Knott wrote:
On 12/17/2014 10:17 AM, Ruben Safir wrote:
You don't know what your firewall is?
What does
iptables --list
say?
wow - you have iptables... imagine that.
It shows a long list of thing, much more than I care to put on this list, but it starts with:
# iptables --list Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate ESTABLISHED ACCEPT icmp -- anywhere anywhere ctstate RELATED input_int all -- anywhere anywhere input_dmz all -- anywhere anywhere input_ext all -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-IN-ILL-TARGET " DROP all -- anywhere anywhere
It sure looks to me like a firewall.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/17/2014 10:27 AM, Ruben Safir wrote:
wow - you have iptables...
imagine that.
So whats your point? I have exactly what I said, that is a computer running openSUSE 13.1 as firewall. Like I said earlier, you really need an attitude adjustment. You come in here and act as though you're the only one who knows anything, whether this thread or the one on profiles. It gets old fast. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 17/12/2014 16:34, James Knott a écrit :
So whats your point? I have exactly what I said, that is a computer running openSUSE 13.1 as firewall.
nitpicking... A firewall can be iptables, the software configuring iptables (SuSEfirewall2), the operating system running the software (openSUSE) or even the computer itself could even be the room or the building, who cares :-) the only secure computer is the one closed in a safe with no network at all and no keyboard access. but who needs one :-) jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* James Knott <james.knott@rogers.com> [12-17-14 10:37]:
On 12/17/2014 10:27 AM, Ruben Safir wrote:
wow - you have iptables...
imagine that.
So whats your point? I have exactly what I said, that is a computer running openSUSE 13.1 as firewall.
Like I said earlier, you really need an attitude adjustment. You come in here and act as though you're the only one who knows anything, whether this thread or the one on profiles. It gets old fast.
# ------------------------------------------------------- :0: * ^From.*ruben@mrbrklyn.com /dev/null # ------------------------------------------------------- -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/17/2014 11:30 AM, Patrick Shanahan wrote: >> Like I said earlier, you really need an attitude adjustment. You come >> > in here and act as though you're the only one who knows anything, >> > whether this thread or the one on profiles. It gets old fast. > # ------------------------------------------------------- > :0: > * ^From.*ruben@mrbrklyn.com > /dev/null > # ------------------------------------------------------- He's the first person I've had to add to my trash filter. Bye Ruben -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-17 18:29, James Knott wrote:
On 12/17/2014 11:30 AM, Patrick Shanahan wrote:
He's the first person I've had to add to my trash filter.
He has been there for months. Just don't feed the trolls. :-) It is useless to talk with him. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
or years http://lists.opensuse.org/opensuse/2000-12/msg01488.html On Wed, Dec 17, 2014 at 10:37:26PM +0100, Carlos E. R. wrote:
On 2014-12-17 18:29, James Knott wrote:
On 12/17/2014 11:30 AM, Patrick Shanahan wrote:
He's the first person I've had to add to my trash filter.
He has been there for months. Just don't feed the trolls. :-)
It is useless to talk with him.
-- Cheers / Saludos,
Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On December 17, 2014 11:30:00 AM EST, Patrick Shanahan <paka@opensuse.org> wrote:
* James Knott <james.knott@rogers.com> [12-17-14 10:37]:
On 12/17/2014 10:27 AM, Ruben Safir wrote:
wow - you have iptables...
imagine that.
So whats your point? I have exactly what I said, that is a computer running openSUSE 13.1 as firewall.
Like I said earlier, you really need an attitude adjustment. You come in here and act as though you're the only one who knows anything, whether this thread or the one on profiles. It gets old fast.
# ------------------------------------------------------- :0: * ^From.*ruben@mrbrklyn.com /dev/null # -------------------------------------------------------
If only I could do this with k9 mail. -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/17/2014 12:29 PM, Ken wrote:
If only I could do this with k9 mail.
Depending on your mail provider, you may be able to on the server. For example, my ISP uses Yahoo for email. I can go in there with web mail and set up filters if I desire. At the moment, I have set up to pass everything, as I do the filtering on my main system, where I run my own IMAP server. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, Dec 17, 2014 at 10:34:47AM -0500, James Knott wrote:
On 12/17/2014 10:27 AM, Ruben Safir wrote:
wow - you have iptables...
imagine that.
So whats your point? I have exactly what I said, that is a computer running openSUSE 13.1 as firewall.
No that is not what you said and it is not what you implied either. You said nothing like that. You said that your firewalll was opensuse 13.1 as if that should mean something in the context of the conversation. It is the kind of non-exact, fuzzy nonsense that makes you seem foolish and as if your net background is an disconjuctive associations of manufactorers product pamphlets without any true depth of understanding of how things actually work. And that is the point. Likewise, when you say, lets just put the total kitchen sink of features into firefox because it is "convienent", and "people find it convienent" that is utter marketing BS based on a fuzzy logic, limited data points and a TOTAL lack of original thought. People learn to use what they are forced to use and then everything else becomes "inconvinent". Firefox has enough trouble just not crashing at this point and has functional design problems in its core features at an unprecedented level. They need to stop coding altogether and debug what they have and pair it down to an operational functional unit. Everything doesn't have to be systemd and SWALLOW whole everything in its path. The fact is, you have demonstrated minimal background on the core infrastructure of IP network control, what you would call firewalling. Meanwhile you are taking up the high and mighty advocacy for technolgoies that you clearly don't understand. Furthermore, you don't understand what existed from before. And you have less understanding of how all these peices fit together. Let me drop some hints on you... and then you can go from there. Cell Phones and Mobile devices not only DON'T NEED public dot quads, but they are better off without publically accessable internet connections. We have not run out of IP addresses being used because, LOW and BEHOLD, a great portion of the assigned IP space is not being used. I for example, have 3 IP addresses I don't need. I only need one, actually. NYU certainly, for example, doesn't need a WHOLE Class A network Finally, ip6 SUCKS because, amoung other things, it is not easily backward compatable to IP4, and it uses MAC addresses. It is a clusterfuck created by a consortium of corperate players... which is why it sucks. IF there was a serious problem with IP space, they could have just added another byte to the addressing scheme. But no...they had to shove everything under the sun into the format, and it sucks. People will adopt it when they are DRAGGED to do so. Ruben
Like I said earlier, you really need an attitude adjustment. You come in here and act as though you're the only one who knows anything, whether this thread or the one on profiles. It gets old fast.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-16 21:10, James Knott wrote:
All we can do is encourage the use of IPv6. Without it there are simply not enough IP addresses.
Encouraging me is pointless, and encouraging my provider is useless. They do not want to do till forced by authority, perhaps with subsidies. So IPv4 is here to stay :-/ -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 12/16/2014 03:17 PM, Carlos E. R. wrote:
On 2014-12-16 21:10, James Knott wrote:
All we can do is encourage the use of IPv6. Without it there are simply not enough IP addresses. Encouraging me is pointless, and encouraging my provider is useless. They do not want to do till forced by authority, perhaps with subsidies.
So IPv4 is here to stay :-/
Or you could do what I do and set up a tunnel. There are several IPv6 tunnel brokers that will provide the service for free. Hurricane Electric is a big one that covers much of the world. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-17 00:45, James Knott wrote:
On 12/16/2014 03:17 PM, Carlos E. R. wrote:
On 2014-12-16 21:10, James Knott wrote:
All we can do is encourage the use of IPv6. Without it there are simply not enough IP addresses. Encouraging me is pointless, and encouraging my provider is useless. They do not want to do till forced by authority, perhaps with subsidies.
So IPv4 is here to stay :-/
Or you could do what I do and set up a tunnel. There are several IPv6 tunnel brokers that will provide the service for free. Hurricane Electric is a big one that covers much of the world.
Possibly, but I get no advantage. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 12/16/2014 07:38 PM, Carlos E. R. wrote:
Or you could do what I do and set up a tunnel. There are several IPv6 tunnel brokers that will provide the service for free. Hurricane Electric is a big one that covers much of the world. Possibly, but I get no advantage.
You'd get what I have, an IPv6 subnet and access to IPv6 over the Internet. Running IPv6 through a tunnel is not much different from using PPPoE over ADSL or a VPN between sites. It's just another layer of encapsulation, for transporting IPv6 over IPv4. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-17 02:24, James Knott wrote:
On 12/16/2014 07:38 PM, Carlos E. R. wrote:
Possibly, but I get no advantage.
You'd get what I have, an IPv6 subnet and access to IPv6 over the Internet. Running IPv6 through a tunnel is not much different from using PPPoE over ADSL or a VPN between sites. It's just another layer of encapsulation, for transporting IPv6 over IPv4.
Yes, but I don't need that for me :-) I know there are sites on IPv6 only, but I don't need accessing any; nor do I need been accessed. When the providers provide it, I'll use it, meanwhile I'll just wait. It is just a question of time. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On Tue, Dec 16, 2014 at 06:45:17PM -0500, James Knott wrote:
On 12/16/2014 03:17 PM, Carlos E. R. wrote:
On 2014-12-16 21:10, James Knott wrote:
All we can do is encourage the use of IPv6. Without it there are simply not enough IP addresses. Encouraging me is pointless, and encouraging my provider is useless. They do not want to do till forced by authority, perhaps with subsidies.
So IPv4 is here to stay :-/
Or you could do what I do and set up a tunnel. There are several IPv6 tunnel brokers that will provide the service for free. Hurricane Electric is a big one that covers much of the world.
seriously .... Is there a church you go to for this?
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 2014-12-16 21:10, James Knott wrote:
All we can do is encourage the use of IPv6. Without it there are simply not enough IP addresses.
Encouraging me is pointless, and encouraging my provider is useless. They do not want to do till forced by authority, perhaps with subsidies.
Don't worry, Carlos, even Telefonica will move. Swisscom is moving, Deutsche Telecom is moving, BT and Telefonica will wake up too, eventually.
So IPv4 is here to stay :-/
In our life time, certainly. -- Per Jessen, Zürich (5.4°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-17 08:11, Per Jessen wrote:
Carlos E. R. wrote:
Encouraging me is pointless, and encouraging my provider is useless. They do not want to do till forced by authority, perhaps with subsidies.
Don't worry, Carlos, even Telefonica will move. Swisscom is moving, Deutsche Telecom is moving, BT and Telefonica will wake up too, eventually.
Oh, I know. They are waiting to be pushed. It means changing the access routers of millions of homes, so they wait till they break down, or the government mandates or something. Like a subsidy. Or a move from the EC. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 12/16/2014 12:10 PM, James Knott wrote:
All we can do is encourage the use of IPv6. Without it there are simply not enough IP addresses. For example, there are already more mobile devices than there are IPv4 addresses.
You don't see the conflict in those two sentences? -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 03:23 PM, John Andersen wrote:
On 12/16/2014 12:10 PM, James Knott wrote:
All we can do is encourage the use of IPv6. Without it there are simply not enough IP addresses. For example, there are already more mobile devices than there are IPv4 addresses. You don't see the conflict in those two sentences?
How is it a conflict? There aren't enough IPv4 addresses so we have to move to IPv6 and the sooner the better. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 2:07 PM, James Knott wrote:
On 12/16/2014 03:23 PM, John Andersen wrote:
On 12/16/2014 12:10 PM, James Knott wrote:
All we can do is encourage the use of IPv6. Without it there are simply not enough IP addresses. For example, there are already more mobile devices than there are IPv4 addresses. You don't see the conflict in those two sentences?
How is it a conflict? There aren't enough IPv4 addresses so we have to move to IPv6 and the sooner the better.
(1) There are simply not enough IP addresses. (2) There are already more mobile devices than there are IPv4 addresses. Since those mobile devices are all on line, along with all the computers already on the net, (for some imprecise values of "all") it can easily be deduced that there ARE enough IPV4 addresses. Ipv6 adoption rates are still hovering around less than 1 %. http://arstechnica.com/business/2014/08/ipv6-adoption-starting-to-add-up-to-... -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 05:18 PM, John Andersen wrote:
How is it a conflict? There aren't enough IPv4 addresses so we have to
move to IPv6 and the sooner the better.
(1) There are simply not enough IP addresses. (2) There are already more mobile devices than there are IPv4 addresses.
Since those mobile devices are all on line, along with all the computers already on the net, (for some imprecise values of "all") it can easily be deduced that there ARE enough IPV4 addresses.
Let's put this into perspective. At the moment, cell phones generally do not use VoIP, unless the user adds some VoIP service. With 4G, all phones will be VoIP. With NAT, as currently used, you need a "gateway" server, including STUN to move all those connections between the RFC 1918 addresses used by the phones and the rest of the Internnet and again at the other end to get back to the desitation device. This has to be done for the duration of the call, adding latency and cost. If the devices had public addresses, then this stuff wouldn't be necessary. With the way SIP/RTP is designed, it should only be necessary for the phones to connect to their "server" to set up the call, after which it drops out, with the phones communicating directly in peer to peer operation. However, NAT kills this, forcing the use of gateways, STUN and more garbage that wouldn't be necessary if there were sufficient addresses. However, this is just the beginning. Another thing that's coming is the "Internet of Things" (IoT), where there will be several devices in your, car, on your person and elsewhere, all requiring IP address. So, if you want to reach the IoT devices in your home, from elsewhere, they will need their own public IP addresses, free of that load of crap called "NAT". The existing situation, of more mobile devices than IPv4 addresses, on top of all the existing wired devices that can't get addresses is just the being of the problem that will only be magnified when IoT really kicks in. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
you are so over your head, you have no idea what you are talking about. Phones don't need public dot quads.... at all. On Tue, Dec 16, 2014 at 10:06:45PM -0500, James Knott wrote:
On 12/16/2014 05:18 PM, John Andersen wrote:
How is it a conflict? There aren't enough IPv4 addresses so we have to
move to IPv6 and the sooner the better.
(1) There are simply not enough IP addresses. (2) There are already more mobile devices than there are IPv4 addresses.
Since those mobile devices are all on line, along with all the computers already on the net, (for some imprecise values of "all") it can easily be deduced that there ARE enough IPV4 addresses.
Let's put this into perspective. At the moment, cell phones generally do not use VoIP, unless the user adds some VoIP service. With 4G, all phones will be VoIP. With NAT, as currently used, you need a "gateway" server, including STUN to move all those connections between the RFC 1918 addresses used by the phones and the rest of the Internnet and again at the other end to get back to the desitation device. This has to be done for the duration of the call, adding latency and cost. If the devices had public addresses, then this stuff wouldn't be necessary. With the way SIP/RTP is designed, it should only be necessary for the phones to connect to their "server" to set up the call, after which it drops out, with the phones communicating directly in peer to peer operation. However, NAT kills this, forcing the use of gateways, STUN and more garbage that wouldn't be necessary if there were sufficient addresses. However, this is just the beginning. Another thing that's coming is the "Internet of Things" (IoT), where there will be several devices in your, car, on your person and elsewhere, all requiring IP address. So, if you want to reach the IoT devices in your home, from elsewhere, they will need their own public IP addresses, free of that load of crap called "NAT". The existing situation, of more mobile devices than IPv4 addresses, on top of all the existing wired devices that can't get addresses is just the being of the problem that will only be magnified when IoT really kicks in. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 10:22 PM, Ruben Safir wrote:
you are so over your head, you have no idea what you are talking about.
Well, given that I have been working with this stuff for years and am Cisco certified... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, Dec 17, 2014 at 07:27:03AM -0500, James Knott wrote:
On 12/16/2014 10:22 PM, Ruben Safir wrote:
you are so over your head, you have no idea what you are talking about.
Well, given that I have been working with this stuff for years and am Cisco certified...
Cisco certification is good? Are you trying to sell that? It is not good a MASTERS DEGREE in cyber security, that might be good.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Dec 16, 2014 at 12:08:59PM -0500, James Knott wrote:
On 12/16/2014 11:58 AM, Carlos E. R. wrote:
Firewall/nat traversal is done with the help from stun servers.
http://en.wikipedia.org/wiki/STUN
That direct conversation happens is obvious when you setup the whole thing yourself, and the server simply does not have the internet pipe to hold all the bandwidth of the simultaneous conversations it handles. Being a private setup, you control it fully.
I'm aware of STUN, but haven't investigated WebRTC enough to see what it uses.
Well, when you want to educated yourself, please remember that this wasn't invented yesterday and there are a number of aqpplications for this that do not have to be stuffed into firefox bloat. Ruben -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/16/2014 08:58 AM, Carlos E. R. wrote:
On 2014-12-16 17:29, James Knott wrote:
On 12/16/2014 11:21 AM, James Knott wrote:
Incidentally, it's not just browsers. It's an open protocol supported by W3C and IETF and can be implemented in other applications. So, you could have a video phone app on your smart phone that uses WebRTC. It's a means of getting away from proprietary protocols, such as Skype, or relying on a server, where the NSA etc., can get their paws on your conversations. Even if they intercepted your call somewhere on the Internet, they'd still have to break the encryption that's part of the spec. Compare that with regular SIP voice over IP calls, where encryption is generally not used.
And SIP is also peer to peer. The signaling goes via a server, at least initially, to find one another. Then the conversation can go directly end to end, no intermediary, or indirectly, via a host server; asterisk does this, but not for traversing firewall and nat, because it is done also intranet; it is done as a codec conversion service, so that both sides, even when using different codecs, can talk (I'm thinking of hardware voip phones which can not easily get new codecs).
Firewall/nat traversal is done with the help from stun servers.
http://en.wikipedia.org/wiki/STUN
That direct conversation happens is obvious when you setup the whole thing yourself, and the server simply does not have the internet pipe to hold all the bandwidth of the simultaneous conversations it handles. Being a private setup, you control it fully.
Did you even read your own linked article??? The STUN protocol allows applications operating behind a network address translator (NAT) to discover the presence of the network address translator and to obtain the mapped (public) IP address (NAT address) and port number that the NAT has allocated for the application's User Datagram Protocol (UDP) connections to remote hosts. The protocol requires assistance from a third-party network server (STUN server) located on the opposing (public) side of the NAT, usually the public Internet. .... If both peers are located in different private networks behind a NAT, the peers must coordinate to determine the best communication path between them. Some NAT behavior may restrict peer connectivity even when the public binding is known. The Interactive Connectivity Establishment (ICE) protocol provides a structured mechanism to determine the optimal communication path between two peers. Session Initiation Protocol (SIP) extensions are defined to enable the use of ICE when setting up a call between two hosts. ..... There isn't much magic is STUN, it essentially just returns the ip and port it was connected via. If the sip/voice/video can go direct, it will. But for you sitting behind your nat trying to talk to me sitting behind my nat there will be a third party involved. This service is provided by TURN servers http://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT STUN by itself cannot provide a complete solution for NAT traversal. A complete solution requires a means by which a client can obtain a transport address from which it can receive media from any peer which can send packets to the public Internet. This can only be accomplished by relaying data through a server that resides on the public Internet. This specification describes Traversal Using Relay NAT (TURN), a protocol that allows a client to obtain IP addresses and ports from such a relay. So Carlos: YES the server DOES have the pipes to hold all the conversations, because there are a bazillion TURN servers sitting out there in the world, all supplied by SIP providers and Google itself. Google (but not Mozilla) has more bandwidth than God. And because it is dispersed in data centers throughout the world there is no bottleneck. And because it is at least encrypted to some level, there is not much point in the police even asking for a wiretap. Side note: Use of UDP vs TCP is totally incidental the the issue here. STUN/ICE/TURN can all use TCP as well as UDP. UDP contains no magic. Its a much more primitive transport. - -- After all is said and done, more is said than done. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlSQfWEACgkQv7M3G5+2DLJ9RQCghtDw8RBZBjxBm0DujZdl5VFr UQIAoIfmBKTtSMfBprm9aceu0BX0zEGL =CW6i -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 01:43 PM, John Andersen wrote:
This service is provided by TURN servers http://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT
STUN by itself cannot provide a complete solution for NAT traversal.
From that article: "Although TURN will almost always provide connectivity to a client, it comes at high cost to the provider of the TURN server. It is therefore desirable to use TURN as a last resort only, preferring other mechanisms (such as STUN or direct connectivity) when possible. To accomplish that, the Interactive Connectivity Establishment (ICE) methodology can be used to discover the optimal means of connectivity."
TURN is the method of last resort, with STUN or direct connection (no STUN or TURN) preferred. Again, this is a hack made necessary by NAT. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 11:33 AM, James Knott wrote:
On 12/16/2014 01:43 PM, John Andersen wrote:
This service is provided by TURN servers http://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT
STUN by itself cannot provide a complete solution for NAT traversal.
From that article: "Although TURN will almost always provide connectivity to a client, it comes at high cost to the provider of the TURN server. It is therefore desirable to use TURN as a last resort only, preferring other mechanisms (such as STUN or direct connectivity) when possible. To accomplish that, the Interactive Connectivity Establishment (ICE) methodology can be used to discover the optimal means of connectivity."
TURN is the method of last resort, with STUN or direct connection (no STUN or TURN) preferred. Again, this is a hack made necessary by NAT.
No. As I pointed out in another reply, TURN is also necessary to traverse firewalls. Your own link says so. Why did you cherry pick which parts to quote? Was the first sentence somehow inconvenient to your point of view?
Traversal Using Relays around NAT (TURN) is a protocol that allows for a client behind a network address translator (NAT) or firewall to receive incoming data over TCP or UDP connections. It is most useful for clients behind symmetric NATs or firewalls that wish to be on the receiving end of a connection to a single peer.
-- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 02:40 PM, John Andersen wrote:
On 12/16/2014 11:33 AM, James Knott wrote:
This service is provided by TURN servers http://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT
STUN by itself cannot provide a complete solution for NAT traversal. From that article: "Although TURN will almost always provide connectivity to a client, it comes at high cost to the provider of the TURN server. It is therefore desirable to use TURN as a last resort only, preferring other mechanisms (such as STUN or direct connectivity) when possible. To accomplish that,
On 12/16/2014 01:43 PM, John Andersen wrote: the Interactive Connectivity Establishment (ICE) methodology can be used to discover the optimal means of connectivity."
TURN is the method of last resort, with STUN or direct connection (no STUN or TURN) preferred. Again, this is a hack made necessary by NAT.
No. As I pointed out in another reply, TURN is also necessary to traverse firewalls.
Your own link says so. Why did you cherry pick which parts to quote? Was the first sentence somehow inconvenient to your point of view?
Actually, it was your link. I hadn't seen that article until you posted it. As for it's purpose, that article starts out with: "Traversal Using Relays around NAT (TURN) is a protocol that allows for a client behind a network address translator (NAT) or firewall to receive incoming data over TCP or UDP connections." You even pointed that out in your reply. Funny how NAT is included in the description and mentioned throughout the article and also in RFC 5766. It sure sounds like it's intended purpose is to get around NAT.
Traversal Using Relays around NAT (TURN) is a protocol that allows for a client behind a network address translator (NAT) or firewall to receive incoming data over TCP or UDP connections. It is most useful for clients behind symmetric NATs or firewalls that wish to be on the receiving end of a connection to a single peer.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 12:48 PM, James Knott wrote:
On 12/16/2014 02:40 PM, John Andersen wrote:
On 12/16/2014 11:33 AM, James Knott wrote:
This service is provided by TURN servers http://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT
STUN by itself cannot provide a complete solution for NAT traversal. From that article: "Although TURN will almost always provide connectivity to a client, it comes at high cost to the provider of the TURN server. It is therefore desirable to use TURN as a last resort only, preferring other mechanisms (such as STUN or direct connectivity) when possible. To accomplish that,
On 12/16/2014 01:43 PM, John Andersen wrote: the Interactive Connectivity Establishment (ICE) methodology can be used to discover the optimal means of connectivity."
TURN is the method of last resort, with STUN or direct connection (no STUN or TURN) preferred. Again, this is a hack made necessary by NAT.
No. As I pointed out in another reply, TURN is also necessary to traverse firewalls.
Your own link says so. Why did you cherry pick which parts to quote? Was the first sentence somehow inconvenient to your point of view?
Actually, it was your link. I hadn't seen that article until you posted it.
As for it's purpose, that article starts out with:
"Traversal Using Relays around NAT (TURN) is a protocol that allows for a client behind a network address translator (NAT) or firewall to receive incoming data over TCP or UDP connections." You even pointed that out in your reply.
Funny how NAT is included in the description and mentioned throughout the article and also in RFC 5766. It sure sounds like it's intended purpose is to get around NAT.
Traversal Using Relays around NAT (TURN) is a protocol that allows for a client behind a network address translator (NAT) or firewall to receive incoming data over TCP or UDP connections. It is most useful for clients behind symmetric NATs or firewalls that wish to be on the receiving end of a connection to a single peer.
Look, James, for a guy that had no clue about TURN, and insisted udp was all that was needed to bust through firewalls and NAT, and further insisted that there would be no need of a third party to route peer to peer when both peers were behind NAT or a firewall, I don't think you are the right person to lecture me about the internet and how basic routing works. It doesn't matter whether its nat or a firewall. There will always be a need for a man in the middle when both ends are behind either of those. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 03:57 PM, John Andersen wrote:
Look, James, for a guy that had no clue about TURN, and insisted udp was all that was needed to bust through firewalls and NAT, and further insisted that there would be no need of a third party to route peer to peer when both peers were behind NAT or a firewall, I don't think you are the right person to lecture me about the internet and how basic routing works. It doesn't matter whether its nat or a firewall. There will always be a need for a man in the middle when both ends are behind either of those.
Why do you keep putting words in my mouth? I have never said what you claim. My point has always been that STUN and TURN are necessary to get around NAT. There is a lot of networking in this world that does not use NAT. For example, my firewall uses NAT for IPv4, because I have to share one IPv4 address among several devices. On the other hand, every IPv6 capable device on my network, including smart phone and tablet, has a public IPv6 address and is configured in the DNS service I use, so, as long as I have IPv6 available, I can directly access those devices without having to use NAT. In the work examples I mentioned, the VoIP was carried between sites via IPSec VPN, so again, NAT is not used, which means STUN was not needed. This is a key point you keep missing or ignoring, without NAT, you don't need hacks like STUN or TURN. I also said with WebRTC that a server is involved at the start of the connection, just as with SIP, but is not needed beyond that initial setup. What is so hard to understand about that? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-16 19:43, John Andersen wrote:
So Carlos: YES the server DOES have the pipes to hold all the conversations, because there are
No. I configured a SIP/VoIP service with a group of people, and TURN was certainly not part of the picture. We did not use any outside server, all in-house. Voice channel was direct, user to user. Don't argue that with me, it was a requirement of the contract, so we made sure. Not everybody out there is google, nor uses google. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On Tue, Dec 16, 2014 at 11:29:15AM -0500, James Knott wrote:
On 12/16/2014 11:21 AM, James Knott wrote:
On 12/16/2014 10:19 AM, Ruben Safir wrote:
On Tue, Dec 16, 2014 at 10:15:15AM -0500, James Knott wrote:
On 12/16/2014 10:08 AM, Ruben Safir wrote:
what is this?
http://www.mrbrklyn.com/images/state_of_firefox.png That's a Firefox crash. However, those happened long before Hello and is not relevant to the topic.
In your mind, how is firefox crashes not related to the incresing bloat of firefox?
Well, if you care to educate yourself,
And who is it that will provide that education? An individual who thinks that ever increasing feature bloat in firefox is "conveneince"? I don't take cues from Wlamart. Ruben -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mon, Dec 15, 2014 at 10:45:14PM -0800, John M Andersen wrote:
On 12/15/2014 9:55 PM, Ruben Safir wrote:
You can't "work through nat"
which part of this are you not getting? Nat controls what does and doesn't go through completely and NAT will masquarade internal IP addresses, asuming you didn't just turn on the firewall and forget to give it rules.
you wouldn't know what was being sent through the ssl pipe the browser set up to middle man.
And if your browser is still running while you are chatting away, who knows what they may be diverting through your ssl connection to some middle man. They could be proxying all the video through that and it would never show up as a separate connection, not in netstat, not in wireshark.
A man in the middle attach would be impossible to describe to someone who thinks that thechatbox should be integrated into firefox.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 12:55 AM, Ruben Safir wrote:
You can't "work through nat"
which part of this are you not getting? Nat controls what does and doesn't go through completely and NAT will masquarade internal IP addresses, asuming you didn't just turn on the firewall and forget to give it rules.
I mentioned NAT because it often interferes with some protocols.
But what can be expected from someone who can't be bothered to open an application for video chatings because he can't find it if it is not in his browser.
You may want to adjust your attitude. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
I mentioned NAT because it often interferes with some protocols.
NAT interfere with ALL protocols because it blocks, reads, rediricts, alters, and spoofs all socket traffic.
You may want to adjust your attitude.
Not necessary when confronted by people who cheer for bloatware that crashes all the time on critical software infrastructure. You it was a gaming platform, I couldn't care less how much you bloat it or how much it crashed. Ruben
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mon, Dec 15, 2014 at 04:55:17PM -0800, John Andersen wrote:
On 12/15/2014 04:54 PM, James Knott wrote:
On 12/15/2014 06:12 PM, John Andersen wrote:
I guess the server role is only to find one another, the video is peer 2 peer.
Nope, it can't be that simple. It is necessary that there be a third party somewhere with the ability to eavesdrop.
I verified with Wireshark that the connection is indeed peer to peer. I tried connecting from a computer outside of my firewall to a computer behind it. Worked fine. The connection is encrypted.
In that case your firewall is broken.
Yah think? How about non-existant.
-- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 12:51 AM, Ruben Safir wrote:
In that case your firewall is broken.
Yah think? How about non-existant.
Well, as I mentioned earlier, my firewall is openSUSE. Is it non-existant? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Dec 16, 2014 at 07:44:23AM -0500, James Knott wrote:
On 12/16/2014 12:51 AM, Ruben Safir wrote:
In that case your firewall is broken.
Yah think? How about non-existant.
Well, as I mentioned earlier, my firewall is openSUSE. Is it non-existant?
If what you post is true then yes, it is non-exisitant.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/15/2014 05:38 PM, John Andersen wrote:
What I doubt is this nonsense about not having to register with a service. You can not magically just find a remote IP address to route your video connection to, without a third party. And THAT is where the attack comes in.
With Skype & Hangouts, you have to register an account and connect through it. With Firefox Hello you only talk to the server to set up a URL for your connection. The actual call is direct peer to peer. You do not have to join anything, but you can if you wish. Everything is over SSL/TLS. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/15/2014 07:51 PM, James Knott wrote:
On 12/15/2014 05:38 PM, John Andersen wrote:
What I doubt is this nonsense about not having to register with a service. You can not magically just find a remote IP address to route your video connection to, without a third party. And THAT is where the attack comes in.
With Skype & Hangouts, you have to register an account and connect through it. With Firefox Hello you only talk to the server to set up a URL for your connection. The actual call is direct peer to peer. You do not have to join anything, but you can if you wish. Everything is over SSL/TLS.
I have Firefox 34.0.5 and I don't see anything that looks like "Hello" or any other communications thing. What am I missing? If I found Hello, and want to speak to my friend, who is 40 miles away, and runs Windows 7 and Mac before OS-X--i.e., a non-Intel machine--what would we have to do? (Assuming he also has ver.34.) Thanx--doug -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Doug <dmcgarrett@optonline.net> [12-15-14 21:53]:
On 12/15/2014 07:51 PM, James Knott wrote:
On 12/15/2014 05:38 PM, John Andersen wrote:
What I doubt is this nonsense about not having to register with a service. You can not magically just find a remote IP address to route your video connection to, without a third party. And THAT is where the attack comes in.
With Skype & Hangouts, you have to register an account and connect through it. With Firefox Hello you only talk to the server to set up a URL for your connection. The actual call is direct peer to peer. You do not have to join anything, but you can if you wish. Everything is over SSL/TLS.
I have Firefox 34.0.5 and I don't see anything that looks like "Hello" or any other communications thing. What am I missing?
If I found Hello, and want to speak to my friend, who is 40 miles away, and runs Windows 7 and Mac before OS-X--i.e., a non-Intel machine--what would we have to do? (Assuming he also has ver.34.)
Thanx--doug
https://www.google.com/search?client=qupzilla&q=firefox%20chat&gws_rd=ssl first hit -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/15/2014 10:11 PM, Patrick Shanahan wrote:
* Doug <dmcgarrett@optonline.net> [12-15-14 21:53]:
On 12/15/2014 07:51 PM, James Knott wrote:
On 12/15/2014 05:38 PM, John Andersen wrote:
What I doubt is this nonsense about not having to register with a service. You can not magically just find a remote IP address to route your video connection to, without a third party. And THAT is where the attack comes in.
With Skype & Hangouts, you have to register an account and connect through it. With Firefox Hello you only talk to the server to set up a URL for your connection. The actual call is direct peer to peer. You do not have to join anything, but you can if you wish. Everything is over SSL/TLS.
I have Firefox 34.0.5 and I don't see anything that looks like "Hello" or any other communications thing. What am I missing?
If I found Hello, and want to speak to my friend, who is 40 miles away, and runs Windows 7 and Mac before OS-X--i.e., a non-Intel machine--what would we have to do? (Assuming he also has ver.34.)
Thanx--doug
https://www.google.com/search?client=qupzilla&q=firefox%20chat&gws_rd=ssl first hit
Thanx, Pat. That link answers just about all questions. --doug -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/15/2014 09:51 PM, Doug wrote:
I have Firefox 34.0.5 and I don't see anything that looks like "Hello" or any other communications thing. What am I missing?
If I found Hello, and want to speak to my friend, who is 40 miles away, and runs Windows 7 and Mac before OS-X--i.e., a non-Intel machine--what would we have to do? (Assuming he also has ver.34.)
Thanx--doug
Replying to myself, and to others with the "find" question: Go to the "Getting Started" menu, found on the bottom-most bar, (I assume you have replaced all the bars that Mozilla would like to hide.) Then there is a heading called Hello. Follow the bouncing ball until you can open the customized box and pick out the _Halloween pumpkin head_ and drag it to one of the bars on the top. I put mine just to the right of the little search box, where all the other icons are. I snapped on the icon, and it says to share with someone you want to talk to, but I'm not sure how to do that, so my second question, above, is not answered. BTW, I am assuming when it says "talk" it means by voice? Or does it mean interactive text, like Teletype? --doug -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/15/2014 09:51 PM, Doug wrote:
On 12/15/2014 07:51 PM, James Knott wrote:
On 12/15/2014 05:38 PM, John Andersen wrote:
What I doubt is this nonsense about not having to register with a service. You can not magically just find a remote IP address to route your video connection to, without a third party. And THAT is where the attack comes in.
With Skype & Hangouts, you have to register an account and connect through it. With Firefox Hello you only talk to the server to set up a URL for your connection. The actual call is direct peer to peer. You do not have to join anything, but you can if you wish. Everything is over SSL/TLS.
I have Firefox 34.0.5 and I don't see anything that looks like "Hello" or any other communications thing. What am I missing?
If I found Hello, and want to speak to my friend, who is 40 miles away, and runs Windows 7 and Mac before OS-X--i.e., a non-Intel machine--what would we have to do? (Assuming he also has ver.34.)
Thanx--doug
Follow the direction here: <http://www.disruptivetelephony.com/2014/12/how-to-test-firefox-hello-mozillas-new-webrtc-video-call-service.html> When you want to set up a connection, you click on "Hello" to get a URL, which you send to your friend. They then lick on the URL and go from there. Windows 7 is no problem, but I don't know about that old MAC. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mon, Dec 15, 2014 at 09:51:37PM -0500, Doug wrote:
On 12/15/2014 07:51 PM, James Knott wrote:
On 12/15/2014 05:38 PM, John Andersen wrote:
What I doubt is this nonsense about not having to register with a service. You can not magically just find a remote IP address to route your video
hmmm maybe https://en.wikipedia.org/wiki/Ekiga http://www.icq.com/en This has been built into window, if I'm not mistaken, since W95...
connection to, without a third party. And THAT is where the attack comes in.
With Skype & Hangouts, you have to register an account and connect through it. With Firefox Hello you only talk to the server to set up a URL for your connection. The actual call is direct peer to peer. You do not have to join anything, but you can if you wish. Everything is over SSL/TLS.
I have Firefox 34.0.5 and I don't see anything that looks like "Hello" or any other communications thing. What am I missing?
If I found Hello, and want to speak to my friend, who is 40 miles away, and runs Windows 7 and Mac before OS-X--i.e., a non-Intel machine--what would we have to do? (Assuming he also has ver.34.)
Thanx--doug -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mon, Dec 15, 2014 at 02:38:43PM -0800, John Andersen wrote:
On 12/15/2014 02:31 PM, Christopher Myers wrote:
That's one of the big reasons I hate Microsoft products
Why throw that in, when you now found the same thing if Open source?
Could it be that people actually WANT convenience?
This is not convience when the browser is increasingly crashing and the security holes and footprint keeps getting big. In fact, it is not convient at ALL. It sucks. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/15/2014 05:31 PM, Christopher Myers wrote:
That is a stupid idea.
Shoving more stuff in the browser makes it a crappy, impossible to debug, monolitic pile of crap that doesn't work and crashs.
I do have to agree...why would it need to be embedded within the browser when it could be enabled via a plugin if someone so desires? Personally, it sounds like a new attack vector, with some potentially scary implications.
Right now with only 4 tabs open, firefox is consuming almost 1GB of memory on my laptop. And they want to add more crap on top of that? What happened to the nice, fast, extensible, resource-friendly browser I fell in love with? :/
That's one of the big reasons I hate Microsoft products - they're always trying to tell folks "this is what you want," when we're perfectly capable of clicking a button to say "I want this feature."
So get Pale Moon. A clone of T/B without the crap. --doug -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mon, Dec 15, 2014 at 06:55:12PM -0500, Doug wrote:
On 12/15/2014 05:31 PM, Christopher Myers wrote:
That is a stupid idea.
Shoving more stuff in the browser makes it a crappy, impossible to debug, monolitic pile of crap that doesn't work and crashs.
I do have to agree...why would it need to be embedded within the browser when it could be enabled via a plugin if someone so desires? Personally, it sounds like a new attack vector, with some potentially scary implications.
Right now with only 4 tabs open, firefox is consuming almost 1GB of memory on my laptop. And they want to add more crap on top of that? What happened to the nice, fast, extensible, resource-friendly browser I fell in love with? :/
That's one of the big reasons I hate Microsoft products - they're always trying to tell folks "this is what you want," when we're perfectly capable of clicking a button to say "I want this feature."
So get Pale Moon. A clone of T/B without the crap.
what is T/B??? Ruben
--doug -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 01:15 AM, Ruben Safir wrote:
On Mon, Dec 15, 2014 at 06:55:12PM -0500, Doug wrote:
On 12/15/2014 05:31 PM, Christopher Myers wrote:
That is a stupid idea.
Shoving more stuff in the browser makes it a crappy, impossible to debug, monolitic pile of crap that doesn't work and crashs.
I do have to agree...why would it need to be embedded within the browser when it could be enabled via a plugin if someone so desires? Personally, it sounds like a new attack vector, with some potentially scary implications.
Right now with only 4 tabs open, firefox is consuming almost 1GB of memory on my laptop. And they want to add more crap on top of that? What happened to the nice, fast, extensible, resource-friendly browser I fell in love with? :/
That's one of the big reasons I hate Microsoft products - they're always trying to tell folks "this is what you want," when we're perfectly capable of clicking a button to say "I want this feature."
So get Pale Moon. A clone of T/B without the crap.
what is T/B???
Ruben
--doug --
T/B = Thunderbird. --doug -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
ever try dwb? On Tue, Dec 16, 2014 at 01:28:49AM -0500, Doug wrote:
On 12/16/2014 01:15 AM, Ruben Safir wrote:
On Mon, Dec 15, 2014 at 06:55:12PM -0500, Doug wrote:
On 12/15/2014 05:31 PM, Christopher Myers wrote:
That is a stupid idea.
Shoving more stuff in the browser makes it a crappy, impossible to debug, monolitic pile of crap that doesn't work and crashs.
I do have to agree...why would it need to be embedded within the browser when it could be enabled via a plugin if someone so desires? Personally, it sounds like a new attack vector, with some potentially scary implications.
Right now with only 4 tabs open, firefox is consuming almost 1GB of memory on my laptop. And they want to add more crap on top of that? What happened to the nice, fast, extensible, resource-friendly browser I fell in love with? :/
That's one of the big reasons I hate Microsoft products - they're always trying to tell folks "this is what you want," when we're perfectly capable of clicking a button to say "I want this feature."
So get Pale Moon. A clone of T/B without the crap.
what is T/B???
Ruben
--doug --
T/B = Thunderbird.
--doug -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/16/2014 01:42 AM, Ruben Safir wrote:
ever try dwb?
http://www.reddit.com/r/linux/comments/2huqbc/dwb_abandoned/>
On Tue, Dec 16, 2014 at 01:28:49AM -0500, Doug wrote:
On 12/16/2014 01:15 AM, Ruben Safir wrote:
On Mon, Dec 15, 2014 at 06:55:12PM -0500, Doug wrote:
On 12/15/2014 05:31 PM, Christopher Myers wrote:
That is a stupid idea.
Shoving more stuff in the browser makes it a crappy, impossible to debug, monolitic pile of crap that doesn't work and crashs.
I do have to agree...why would it need to be embedded within the browser when it could be enabled via a plugin if someone so desires? Personally, it sounds like a new attack vector, with some potentially scary implications.
Right now with only 4 tabs open, firefox is consuming almost 1GB of memory on my laptop. And they want to add more crap on top of that? What happened to the nice, fast, extensible, resource-friendly browser I fell in love with? :/
That's one of the big reasons I hate Microsoft products - they're always trying to tell folks "this is what you want," when we're perfectly capable of clicking a button to say "I want this feature."
So get Pale Moon. A clone of T/B without the crap.
what is T/B???
Ruben
--doug --
T/B = Thunderbird.
--doug -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (17)
-
Anton Aylward -
Carlos E. R. -
Christopher Myers -
David C. Rankin -
Doug -
James Knott -
jdd -
John Andersen -
John M Andersen
-
Ken -
Luuk -
Malcolm -
Marcus Meissner -
Patrick Shanahan -
Per Jessen -
Ruben Safir -
Wolfgang Rosenauer