So then pls tell me why the soo advanced Apple forgot about IPv6 when it comes to the iPhone ?
I'm sure they didn't forget about it. I'm sure they left it out on purpose, probably for fear of it causing problems. Apple really wanted the iPhone launch to go successfully, and that meant leaving out a lot of things which could cause problems.
Hopefully, Apple will add IPv6 support into a future software update for the iPhone. Several smartphone platforms already have IPv6 support (such as Symbian and Windows Mobile).
You only get one IP because there aren't enough addresses to give everyone their own IP. That's the whole point of IP6. With that, an ISP could happily give you one billion unique IP addresses and have no fear of being anywhere close to running out of addresses to give to their other customers.
They'll still charge, especially because they've geared static ip addressing around business services.
Apple has serious problems with NATing because of their Network Stack from BSD doesn't handle virtual interfaces like Linux or Solaris, or other non-BSD based OSs.
From my experience Back to my Mac is a bust and doesn't really work most times unless I am on my home network. In that case I find it easier just to walk back to my mac.
You only get one IP because there aren't enough addresses to give everyone their own IP. That's the whole point of IP6. With that, an ISP could happily give you one billion unique IP addresses and have no fear of being anywhere close to running out of addresses to give to their other customers.
According of Wikipedia that each of the 6.5 Billion people on earth could get 50,000,000,000,000,000,000,000,000,000 (5x10^28) unique IP addresses.
For comparison, that is over 7x the number of atoms in the human body and almost half the number of posts Melgross has on AI.
Quote:
Originally Posted by afreemanmd
From my experience Back to my Mac is a bust and doesn't really work most times unless I am on my home network. In that case I find it easier just to walk back to my mac.
Since 10.5.2 it's worked great for me. If I'm at a hotel that doesn't allow UPnP it sometimes won't find it for awhile. I can always just connect my AT&T wireless card and it pops up immediately.
Apple has serious problems with NATing because of their Network Stack from BSD doesn't handle virtual interfaces like Linux or Solaris, or other non-BSD based OSs.
I would like to quite a previous Apple insider article to correct an error in this one.
In this article the author ponders why doesn't apple encrypt the client side connections to web services on mobile me. It isn't necessary...
"Data transaction security in MobileMe's web apps is based upon authenticated handling of JSON data exchanges between the self contained JavaScript client apps and Apple's cloud, rather than the SSL web page encryption used by HTTPS. The only real web pages MobileMe exchanges with the server are the HTML, JavaScript, and CSS files that make up the application, which have no need for SSL encryption following the initial user authentication. This has caused some unnecessary panic among web users who have equated their browser's SSL lock icon with web security. And of course, Internet email is not a secured medium anyway once it leaves your server.
If Apple applied SSL encryption in the browser, it would only slow down every data exchange without really improving security, and instead only provide pundits with a false sense of security that distracts from real security threats."
From the review of MobileMe client applications posted a few days ago...LOL
According of Wikipedia that each of the 6.5 Billion people on earth could get 50,000,000,000,000,000,000,000,000,000 (5x10^28) unique IP addresses.
For comparison, that is over 7x the number of atoms in the human body and almost half the number of posts Melgross has on AI.
Quote:
Originally Posted by derekmorr
Quote:
Originally Posted by mdriftmeyer
Apple has serious problems with NATing because of their Network Stack from BSD doesn't handle virtual interfaces like Linux or Solaris, or other non-BSD based OSs.
There is no contradiction between reporting that MobileMe uses authentication to secure JSON transactions, and noting that data transmitted in JSON is not encrypted.
Encryption and Authentication are not the same thing. The original article never maintained or suggested that MobileMe web apps use any sort of encryption of data following the initial authentication session. SSL is only used to login and while changing settings.
Do not jump to your own conclusions and then criticize the article for saying things it did not say just because you want to complain about something.
Quote:
I find the condescending view of NAT's side benefit of being a hardware firewall as being a diaper to also be offensive.
Unless you can disprove a fact, it's not a good idea to be offended by it. NAT does not have a "side benefit of being a hardware firewall." NAT is a firewall service that translates addresses. It can only possibly serve as a limiting factor in hiding unsecured ports.
Offensive? A self-evaluation might be in order here.
(non-directed)
Everyone is so damn "offended" these days. Grow a pair, live your life, and stop dragging everyone else down in the gutter. Enough of this me, me, me crap.
"Offensive" was perhaps a bit of an overstatement, perhaps childish would have been more accurate. Not to mention it is inacurrate and are only backed up by derekmorr's claim that firewalls are useful things, and a NAT is an extremely effective hardware firewall.
I would like to quite a previous Apple insider article to correct an error in this one.
This article is recommending Apple use IPSec encryption for its web apps using IPv6. SSL encryption has both pros and cons when applied to a web app, and the original article noted, and may have overstated, the downsides of using SSL in response to the overstated demands for needing it.
However, the panicked response to this, demanding that Apple SSL the entire web app immediately to prevent people in one's own household from reading emails as they are sent, was clearly a bit over the top. Readers should evaluate points on both sides to understand the issues involved.
MobileMe web app users should keep in mind that Internet email is not secure, and that if people are listening to your network (either by packet filtering traffic on your LAN, or by breaking security on your WiFi network, or by filtering traffic at your ISP for the NSA), they're obtaining far more critical information on you outside of your mailbox. If you have highly sensitive information to deliver, this should not be done via email, and clearly should not be done using MobileMe's web app. Even using Gmail with SSL, the information could easily be intercepted elsewhere in the delivery chain.
Email is not secure, and putting an SSL badge on the browser to suggest that it is bulletproof could clearly lead to a mistaken view that email is appropriate for sending sensitive information.
So take security arguments into consideration on both sides. You should stick to using the secured desktop/laptop/mobile services of MobileMe if you are concerned about using a public network. Apple's web mail should (as in shame on Apple) provide better security because it is intended for use in public networks. IPv6 would allow Apple a more secure way of delivering MobileMe web apps, and either browser SSL or an internal encryption exchange between the web app and the cloud would be an alternative for users unable to connect to IPv6 services (such as from behind an old router).
Rather than try to "AH-HA!!!" every minutia of fact that can be challenged in the article, it would be more useful for commenters with some special insight to point out errors with some explanation, or offer an alternative perspective on matters that would be useful to other readers.
Recent comments from some individuals in the forums have drifted toward over-the-top nit-picking that appears to be trying to completely discredit articles that are being provided as a free service to help inform readers on technologies. It is possible to offer a correction or expansion of an idea in a collaborative way that informs, rather than as an overstated, negative attack that itself often suggests ideas that are completely wrong or simply overboard.
Discussion is a good thing, and doing so with some civility is even better.
There is no contradiction between reporting that MobileMe uses authentication to secure JSON transactions, and noting that data transmitted in JSON is not encrypted. ...
Do not jump to your own conclusions and then criticize the article for saying things it did not say just because you want to complain about something.
As also mentioned by someone else, I was pointing out that the author asks why they don't use ssl and to explain it. And the referenced link states that it is authenticated and email is not a secure medium against eavesdropping anyway. Hence apple has forgone ssl because it only serves as extra overhead and a false sense of security. I was not saying that the authenticated JSON communication was encrypted. Who is "jumping to conclusions now and saying I said things which I did not say" now? :-)
Quote:
Originally Posted by Prince
Unless you can disprove a fact, it's not a good idea to be offended by it. NAT does not have a "side benefit of being a hardware firewall." NAT is a firewall service that translates addresses. It can only possibly serve as a limiting factor in hiding unsecured ports.
Maybe you should read up on http://en.wikipedia.org/wiki/Network...ss_translation. NAT is not a firewall service that translates address, and nowhere is it described as such nor was it developed to solve that problem. It simply translates addresses. The fact that the NAT process limits connectivity from the outside (see Drawbacks) coincidentally happens to also fit the definition of a firewall (see benefits). Whether you consider your device a firewall that supports NAT or just a NAT (which fundamentally blocks unexpected connections like a firewall would) is an academic distinction I leave to marketing.
NAT is not a firewall service that translates address, and nowhere is it described as such nor was it developed to solve that problem. It simply translates addresses. The fact that the NAT process limits connectivity from the outside (see Drawbacks) coincidentally happens to also fit the definition of a firewall (see benefits).
In fact, not all NATs block incoming connections. Symmetric NAT, for example, does not. There is nothing in the NAT speciifcation that says it has to block incoming connections.
I don't have room in my signature to be more explicit, but I'm talking about pure plurals. i.e. the plural of "apple" is "apples" not "apple's", the plural of "Mac" is "Macs", not "Mac's" etc. etc. People putting in an apostrophe every damn time they see an "s" at the end of a word drives me nuts!
Edit: huzzah, there's room in the signature after all. 'Tis now fixed
At least he registered to only make one comment about it, unlike you who is so incessant about it, it's weird. Like jerk off in the corner weird....
It still surprises me that you can't control a network of macs across the internet & you can only punch through to a single mac. >> Unless I've been mistaken for the past few years...
Quote:
Originally Posted by nojetlag
So then pls tell me why the soo advanced Apple forgot about IPv6 when it comes to the iPhone ?
I was a network engineering manager at a Fortune 100 corporation and we managed 18 Class B public address spaces of which around 5 class C's were publically broadcasted.
Understanding the only reason to have a public IP address is to provide a unique IP address for a standard IP service, there is no reason why Apple and Xerox need whole class A addresses given that these two corporations globally probably only publically "announce" maybe a handfull of class C's.
If all the corporations of the world, released their unused public address spaces back to IANA, IPV4 would be fine (for a while).
I was a network engineering manager at a Fortune 100 corporation and we managed 18 Class B public address spaces of which around 5 class C's were publically broadcasted.
Then why did you have the extra public space?
Quote:
Understanding the only reason to have a public IP address is to provide a unique IP address for a standard IP service, there is no reason why Apple and Xerox need whole class A addresses given that these two corporations globally probably only publically "announce" maybe a handfull of class C's.
I agree that most (if not all) of the legacy class As should be returned to IANA or ARIN.
If all the corporations of the world, released their unused public address spaces back to IANA, IPV4 would be fine (for a while).
I'm not so sure about this. IANA allocates between 10-12 /8s annually to the RIRs. There are 42 legacy class As. Even if you could get them all returned, that's only a few more years at the IANA level. Unfortunately, there's no legal mechanism you can use to force the legacy class A holders to return their oversized allocations (although ARIN is trying). There's also the pragmatic issue - renumbering networks takes time. Can enough legacy class A's be renumbered in time before the IANA free pool runs out?
Because they can doesn't mean they will. What business school did you go to! j/k
Well, of course they won't! Most households will never need more than 1-2 unique IP addresses. He was simply showing how much larger of a pool IPv6 is compared to v4.
Comments
So then pls tell me why the soo advanced Apple forgot about IPv6 when it comes to the iPhone ?
I'm sure they didn't forget about it. I'm sure they left it out on purpose, probably for fear of it causing problems. Apple really wanted the iPhone launch to go successfully, and that meant leaving out a lot of things which could cause problems.
Hopefully, Apple will add IPv6 support into a future software update for the iPhone. Several smartphone platforms already have IPv6 support (such as Symbian and Windows Mobile).
You only get one IP because there aren't enough addresses to give everyone their own IP. That's the whole point of IP6. With that, an ISP could happily give you one billion unique IP addresses and have no fear of being anywhere close to running out of addresses to give to their other customers.
They'll still charge, especially because they've geared static ip addressing around business services.
Apple has serious problems with NATing because of their Network Stack from BSD doesn't handle virtual interfaces like Linux or Solaris, or other non-BSD based OSs.
You only get one IP because there aren't enough addresses to give everyone their own IP. That's the whole point of IP6. With that, an ISP could happily give you one billion unique IP addresses and have no fear of being anywhere close to running out of addresses to give to their other customers.
According of Wikipedia that each of the 6.5 Billion people on earth could get 50,000,000,000,000,000,000,000,000,000 (5x10^28) unique IP addresses.
For comparison, that is over 7x the number of atoms in the human body and almost half the number of posts Melgross has on AI.
From my experience Back to my Mac is a bust and doesn't really work most times unless I am on my home network. In that case I find it easier just to walk back to my mac.
Since 10.5.2 it's worked great for me. If I'm at a hotel that doesn't allow UPnP it sometimes won't find it for awhile. I can always just connect my AT&T wireless card and it pops up immediately.
Apple has serious problems with NATing because of their Network Stack from BSD doesn't handle virtual interfaces like Linux or Solaris, or other non-BSD based OSs.
Could you elaborate on those problems, please?
In this article the author ponders why doesn't apple encrypt the client side connections to web services on mobile me. It isn't necessary...
"Data transaction security in MobileMe's web apps is based upon authenticated handling of JSON data exchanges between the self contained JavaScript client apps and Apple's cloud, rather than the SSL web page encryption used by HTTPS. The only real web pages MobileMe exchanges with the server are the HTML, JavaScript, and CSS files that make up the application, which have no need for SSL encryption following the initial user authentication. This has caused some unnecessary panic among web users who have equated their browser's SSL lock icon with web security. And of course, Internet email is not a secured medium anyway once it leaves your server.
If Apple applied SSL encryption in the browser, it would only slow down every data exchange without really improving security, and instead only provide pundits with a false sense of security that distracts from real security threats."
From the review of MobileMe client applications posted a few days ago...LOL
Ben
According of Wikipedia that each of the 6.5 Billion people on earth could get 50,000,000,000,000,000,000,000,000,000 (5x10^28) unique IP addresses.
For comparison, that is over 7x the number of atoms in the human body and almost half the number of posts Melgross has on AI.
Apple has serious problems with NATing because of their Network Stack from BSD doesn't handle virtual interfaces like Linux or Solaris, or other non-BSD based OSs.
Could you elaborate on those problems, please?
+1
but you guys said in a recent article ...
There is no contradiction between reporting that MobileMe uses authentication to secure JSON transactions, and noting that data transmitted in JSON is not encrypted.
Encryption and Authentication are not the same thing. The original article never maintained or suggested that MobileMe web apps use any sort of encryption of data following the initial authentication session. SSL is only used to login and while changing settings.
Do not jump to your own conclusions and then criticize the article for saying things it did not say just because you want to complain about something.
I find the condescending view of NAT's side benefit of being a hardware firewall as being a diaper to also be offensive.
Unless you can disprove a fact, it's not a good idea to be offended by it. NAT does not have a "side benefit of being a hardware firewall." NAT is a firewall service that translates addresses. It can only possibly serve as a limiting factor in hiding unsecured ports.
Offensive? A self-evaluation might be in order here.
(non-directed)
Everyone is so damn "offended" these days. Grow a pair, live your life, and stop dragging everyone else down in the gutter. Enough of this me, me, me crap.
"Offensive" was perhaps a bit of an overstatement, perhaps childish would have been more accurate. Not to mention it is inacurrate and are only backed up by derekmorr's claim that firewalls are useful things, and a NAT is an extremely effective hardware firewall.
I would like to quite a previous Apple insider article to correct an error in this one.
This article is recommending Apple use IPSec encryption for its web apps using IPv6. SSL encryption has both pros and cons when applied to a web app, and the original article noted, and may have overstated, the downsides of using SSL in response to the overstated demands for needing it.
However, the panicked response to this, demanding that Apple SSL the entire web app immediately to prevent people in one's own household from reading emails as they are sent, was clearly a bit over the top. Readers should evaluate points on both sides to understand the issues involved.
MobileMe web app users should keep in mind that Internet email is not secure, and that if people are listening to your network (either by packet filtering traffic on your LAN, or by breaking security on your WiFi network, or by filtering traffic at your ISP for the NSA), they're obtaining far more critical information on you outside of your mailbox. If you have highly sensitive information to deliver, this should not be done via email, and clearly should not be done using MobileMe's web app. Even using Gmail with SSL, the information could easily be intercepted elsewhere in the delivery chain.
Email is not secure, and putting an SSL badge on the browser to suggest that it is bulletproof could clearly lead to a mistaken view that email is appropriate for sending sensitive information.
So take security arguments into consideration on both sides. You should stick to using the secured desktop/laptop/mobile services of MobileMe if you are concerned about using a public network. Apple's web mail should (as in shame on Apple) provide better security because it is intended for use in public networks. IPv6 would allow Apple a more secure way of delivering MobileMe web apps, and either browser SSL or an internal encryption exchange between the web app and the cloud would be an alternative for users unable to connect to IPv6 services (such as from behind an old router).
Rather than try to "AH-HA!!!" every minutia of fact that can be challenged in the article, it would be more useful for commenters with some special insight to point out errors with some explanation, or offer an alternative perspective on matters that would be useful to other readers.
Recent comments from some individuals in the forums have drifted toward over-the-top nit-picking that appears to be trying to completely discredit articles that are being provided as a free service to help inform readers on technologies. It is possible to offer a correction or expansion of an idea in a collaborative way that informs, rather than as an overstated, negative attack that itself often suggests ideas that are completely wrong or simply overboard.
Discussion is a good thing, and doing so with some civility is even better.
Could you elaborate on those problems, please?
+1
++
-mattyohe
There is no contradiction between reporting that MobileMe uses authentication to secure JSON transactions, and noting that data transmitted in JSON is not encrypted. ...
Do not jump to your own conclusions and then criticize the article for saying things it did not say just because you want to complain about something.
As also mentioned by someone else, I was pointing out that the author asks why they don't use ssl and to explain it. And the referenced link states that it is authenticated and email is not a secure medium against eavesdropping anyway. Hence apple has forgone ssl because it only serves as extra overhead and a false sense of security. I was not saying that the authenticated JSON communication was encrypted. Who is "jumping to conclusions now and saying I said things which I did not say" now? :-)
Unless you can disprove a fact, it's not a good idea to be offended by it. NAT does not have a "side benefit of being a hardware firewall." NAT is a firewall service that translates addresses. It can only possibly serve as a limiting factor in hiding unsecured ports.
Maybe you should read up on http://en.wikipedia.org/wiki/Network...ss_translation. NAT is not a firewall service that translates address, and nowhere is it described as such nor was it developed to solve that problem. It simply translates addresses. The fact that the NAT process limits connectivity from the outside (see Drawbacks) coincidentally happens to also fit the definition of a firewall (see benefits). Whether you consider your device a firewall that supports NAT or just a NAT (which fundamentally blocks unexpected connections like a firewall would) is an academic distinction I leave to marketing.
NAT is not a firewall service that translates address, and nowhere is it described as such nor was it developed to solve that problem. It simply translates addresses. The fact that the NAT process limits connectivity from the outside (see Drawbacks) coincidentally happens to also fit the definition of a firewall (see benefits).
In fact, not all NATs block incoming connections. Symmetric NAT, for example, does not. There is nothing in the NAT speciifcation that says it has to block incoming connections.
You registered just for that?
I don't have room in my signature to be more explicit, but I'm talking about pure plurals. i.e. the plural of "apple" is "apples" not "apple's", the plural of "Mac" is "Macs", not "Mac's" etc. etc. People putting in an apostrophe every damn time they see an "s" at the end of a word drives me nuts!
Edit: huzzah, there's room in the signature after all. 'Tis now fixed
At least he registered to only make one comment about it, unlike you who is so incessant about it, it's weird. Like jerk off in the corner weird....
It still surprises me that you can't control a network of macs across the internet & you can only punch through to a single mac. >> Unless I've been mistaken for the past few years...
So then pls tell me why the soo advanced Apple forgot about IPv6 when it comes to the iPhone ?
Maybe in Snow Leopard?
Understanding the only reason to have a public IP address is to provide a unique IP address for a standard IP service, there is no reason why Apple and Xerox need whole class A addresses given that these two corporations globally probably only publically "announce" maybe a handfull of class C's.
If all the corporations of the world, released their unused public address spaces back to IANA, IPV4 would be fine (for a while).
I was a network engineering manager at a Fortune 100 corporation and we managed 18 Class B public address spaces of which around 5 class C's were publically broadcasted.
Then why did you have the extra public space?
Understanding the only reason to have a public IP address is to provide a unique IP address for a standard IP service, there is no reason why Apple and Xerox need whole class A addresses given that these two corporations globally probably only publically "announce" maybe a handfull of class C's.
I agree that most (if not all) of the legacy class As should be returned to IANA or ARIN.
Apple, however, is announcing 17.0.0.0/8 - http://www.cidr-report.org/cgi-bin/a...AS714&view=2.0
If all the corporations of the world, released their unused public address spaces back to IANA, IPV4 would be fine (for a while).
I'm not so sure about this. IANA allocates between 10-12 /8s annually to the RIRs. There are 42 legacy class As. Even if you could get them all returned, that's only a few more years at the IANA level. Unfortunately, there's no legal mechanism you can use to force the legacy class A holders to return their oversized allocations (although ARIN is trying). There's also the pragmatic issue - renumbering networks takes time. Can enough legacy class A's be renumbered in time before the IANA free pool runs out?
Because they can doesn't mean they will. What business school did you go to! j/k
Well, of course they won't! Most households will never need more than 1-2 unique IP addresses. He was simply showing how much larger of a pool IPv6 is compared to v4.