RFC2324 posted:thats dumb, tho I can see it making sense on older OS/hardware setups. I think UEFI is technically supposed to solve it by providing a protected mode (or long mode) driver interface that the OS can keep using after loading its HAL, but I'm not sure anyone actually does that.
|
|
# ? Aug 2, 2020 20:29 |
|
|
# ? Apr 18, 2024 00:18 |
|
I'm reminded of the bad old days of the mid-90s. Prices on DSL in Montana had finally fallen to "somewhat reasonable", so my father decided to upgrade from 56k. It worked like a dream... except when it didn't. It would just become unstable OR sometimes completely fail for half hour or so, normally on the weekends but not always. Sometimes multiple times a day, sometimes not. Turns out part of the phone wiring was unshielded. In the laundry room. The dryer would put out enough static to disrupt the signal... after the clothes had dried enough. First part of the cycle was totally fine, it was only after they were mostly dry. And of course, the sweaters load was more problematic than the underwear load.
|
# ? Aug 2, 2020 23:14 |
|
There is always, of course, the More Magic Switch
|
# ? Aug 3, 2020 03:04 |
|
RFC2324 posted:I had a work laptop with this problem. All the ports were usb3, which caused interference with my mouse and keyboard. Sucked balls and no one actually believed me til i found the Logitech article saying "yeah, this can happen" Now I find myself wanting an EMF detector that'll cover the Bluetooth range.
|
# ? Aug 3, 2020 03:45 |
|
The Fool posted:When I was at uni, both as a student and an employee, all campus computers had public IP’s We have a /16 so we're gonna use it. Though we've moved most devices that don't need Internet access to private ranges. Not using NAT, like the Founders intended. NAT is for plebs. I have been in meetings where people were discussing installing fail2ban on individual desktops because they were being hit from the Internet and was met by incredulity when I suggested they do like us and drop any incoming connection by default at the edge. We also block ntp, smtp, dns outgoing, like the good netizens we are.
|
# ? Aug 3, 2020 08:51 |
|
NAT has broken so many people to the point where IPv6 becomes a difficult concept to explain, and people assume that it's less secure because your IP is now globally routable.
|
# ? Aug 3, 2020 10:52 |
|
Relentless posted:I'm reminded of the bad old days of the mid-90s. Prices on DSL in Montana had finally fallen to "somewhat reasonable", so my father decided to upgrade from 56k. There was a case like five years ago where an ISP couldn't figure out why their customers in one particular area of apartment blocks kept losing their internet connections at 9 in the morning. After spending about a month going through wiring, changing out equipment, on the 6th attempt they found out it was an old lady with a really old TV dumping out noise into the area. This old lady was of course very upset that she was causing all this trouble for people, but she couldn't afford a new TV so the ISP ended up buying her a new tv.
|
# ? Aug 3, 2020 12:14 |
|
MrBling posted:There was a case like five years ago where an ISP couldn't figure out why their customers in one particular area of apartment blocks kept losing their internet connections at 9 in the morning. After spending about a month going through wiring, changing out equipment, on the 6th attempt they found out it was an old lady with a really old TV dumping out noise into the area. This old lady was of course very upset that she was causing all this trouble for people, but she couldn't afford a new TV so the ISP ended up buying her a new tv. If you're near enough to the giant radio telescope in the national radio quiet zone in West Virginia there are teams of people who will do this as well because it will gently caress over observations. A brief list of things that have hosed with observations: - Old microwave. Replaced. - Old electric blanket. Replaced. - A bunch of radio transmitters someone attached to squirrels for a population movement experiment. They had to wait for all the batteries to die. - Every single wifi router ever made. Entire spectrum abandoned for observations.
|
# ? Aug 3, 2020 12:22 |
|
MrBling posted:There was a case like five years ago where an ISP couldn't figure out why their customers in one particular area of apartment blocks kept losing their internet connections at 9 in the morning. After spending about a month going through wiring, changing out equipment, on the 6th attempt they found out it was an old lady with a really old TV dumping out noise into the area. This old lady was of course very upset that she was causing all this trouble for people, but she couldn't afford a new TV so the ISP ended up buying her a new tv. Hah. I heard an incredibly similar story directly from the horse's mouth of the engineer who was involved. Old guy with his B&W CRT in the kitchen was killing the speeds of a local business park and they managed to track down the issue after a lot of investigation. They gave the business involved three options: 1) take the legal route against the pensioner which would take months and costs thousands in lawyer fees. 2) rewire a quarter of the entire park. 3) take £50 from petty cash and buy him a nice, new TV and the ISP engineer would set it up for him. They took the sensible option.
|
# ? Aug 3, 2020 12:24 |
|
Moo the cow posted:Hah. I heard an incredibly similar story directly from the horse's mouth of the engineer who was involved. I know its '3' but then I remember in this timeline its probably '2' and then '1' to recoup the costs
|
# ? Aug 3, 2020 14:47 |
|
Shugojin posted:- A bunch of radio transmitters someone attached to squirrels for a population movement experiment. They had to wait for all the batteries to die. Man, to have been a fly on the wall during that meeting. "Okay, so the good news is we know what's wrong..."
|
# ? Aug 3, 2020 16:58 |
|
Thanks Ants posted:NAT has broken so many people to the point where IPv6 becomes a difficult concept to explain, and people assume that it's less secure because your IP is now globally routable.
|
# ? Aug 3, 2020 18:20 |
|
Shugojin posted:- A bunch of radio transmitters someone attached to squirrels for a population movement experiment. They had to wait for all the batteries to die.
|
# ? Aug 3, 2020 18:27 |
|
Craptacular posted:Couldn't they trap the squirrels and remove the transmitters? Presumably they had to trap them in the first place in order to install the transmitters. I imagine there's a slight rise in difficulty between "trap ten squirrels" and "trap these specific ten squirrels".
|
# ? Aug 3, 2020 18:40 |
|
Aye, I'm a squirrelmonger, like me father was. But me prize squirrels have escaped, and I'm nae fast enough to catch 'em. What's worse, they've gone and mingled with the wild squirrels around the village. Can I trouble ye to find and catch me special squirrels? Ye can tell which ones are mine by the baubles on their hind legs. Accept quest? [ Yes ] [ No ]
|
# ? Aug 3, 2020 18:46 |
|
Powered Descent posted:I imagine there's a slight rise in difficulty between "trap ten squirrels" and "trap these specific ten squirrels".
|
# ? Aug 3, 2020 18:50 |
|
NAT is good because "everything's closed fuckoff" is the default state on the outside due to the way it works. in a professional environment with a managed firewall that's not really a feature, but i'm incredibly glad people's home pcs are in a private IP range, not accessible from the internet and their routers rejecting all incoming traffic. now, you might say "but not-nat/ipv6 routers/firewalls can do that too". yes they can. but do you trust random home appliances to have sane defaults unless they have to? i don't. "our gaming turbo super router doesn't cause problems with hosting steam games! no more port forwarding! buy now just 29.95"
|
# ? Aug 3, 2020 19:03 |
|
Truga posted:NAT is good because "everything's closed fuckoff" is the default state on the outside due to the way it works. I don't trust the average home router to not have a baked in default admin password. It only took 20 years for home wifi to have a password by default.
|
# ? Aug 3, 2020 19:27 |
|
Relying on NAT for security is at best security through obscurity and introduces a false sense of confidence.
|
# ? Aug 3, 2020 19:29 |
|
False sense of confidence can get you far in life though.
|
# ? Aug 3, 2020 19:37 |
|
The Fool posted:I don't trust the average home router to not have a baked in default admin password. And when they finally did, some implemented it in stupid ways. Can't remember which vendor it was. But with one of them (I think Netgear?). The default SSID had part of the MAC in it. The problem with this is that the WIFI and router password where derived from part of the MAC. The very same part that was present in the default SSID. Someone figured out the method used to generate it and made a website where you could punch the SSID in and get the password.
|
# ? Aug 3, 2020 19:38 |
|
The Fool posted:Relying on NAT for security is at best security through obscurity and introduces a false sense of confidence. that's a little unfair because it does work exactly as described upthread, it's simply not possible in an ipv4 network to brute force your way "in" through a nat device, and there is security in that that is not just obscurity that this usually ends up not mattering from a security standpoint imo says a lot about the average attack vector and where your attention should usually be focused (internet facing services, user endpoints)
|
# ? Aug 3, 2020 19:50 |
|
Craptacular posted:They know roughly where the squirrels are since they have transmitters on them, so I think that would make it easier, if anything. Finding them isn't the issue, catching specific squirrels (30m up in a tree?) rather than baiting traps for a random sampling is the issue.
|
# ? Aug 3, 2020 20:17 |
|
Jaded Burnout posted:Finding them isn't the issue, catching specific squirrels (30m up in a tree?) rather than baiting traps for a random sampling is the issue. How long did they end up having to wait for the batteries to die?
|
# ? Aug 3, 2020 20:26 |
|
Craptacular posted:shoot that squirrel. This would be my response too, but I’ve made similar comments in the past around here and gotten very negative reactions
|
# ? Aug 3, 2020 20:29 |
|
12 rats tied together posted:it's simply not possible in an ipv4 network to brute force your way "in" through a nat device, https://www.fkie.fraunhofer.de/content/dam/fkie/de/documents/HomeRouter/HomeRouterSecurity_2020_Bericht.pdf
|
# ? Aug 3, 2020 20:35 |
|
The Fool posted:Relying on NAT for security is at best security through obscurity and introduces a false sense of confidence. Statements like this that boil down to "NAT is not a firewall" are, in the very strictest sense, correct. But even the cheapest, jankiest consumer router will also act as a basic firewall in its default configuration. At least, I've never encountered one that does only 100% pure NAT and allows hosts on the outside to freely route to the inside. (It may well have happened, and someone will probably jump in with an example, but it's very much the exception to the rule, and it's hardly the fault of NAT that such a thing happened.)
|
# ? Aug 3, 2020 20:36 |
|
See above.
|
# ? Aug 3, 2020 20:38 |
|
I read the whole PDF even though it took 5 minutes to render for some reason and I don't think it holds water in this context. That you can brute force your way into a home router doesn't mean NAT doesn't provide a layer of security that is not just obscurity. This is one of those cases where the exception, or the distinction (commodity consumer grade hardware using an OS that has been unsupported for almost 5 years), applies to instances of that distinction. NAT is just a technique, you can do it from any device with a network card, it doesn't have to be a home router. e: Thinking about it for a second the issue with a compromised home router isn't even NAT, either, it would be configuring static port mapping to a box or otherwise gaining root access to an "internal" device. At that point you aren't even performing NAT you're just ... engaging in red teaming.
|
# ? Aug 3, 2020 20:44 |
|
Jaded Burnout posted:Finding them isn't the issue, catching specific squirrels (30m up in a tree?) rather than baiting traps for a random sampling is the issue. One presumes the tagged squirrels would be harder to catch, too, given that they'd already been trapped once, which may make them skittish around the traps they use.
|
# ? Aug 3, 2020 20:45 |
|
just put flyers up advertising free nuts at makeout point, wait for all the squirrels to turn up, then press the button on the bomb you buried under makeout point beforehand. this isn't difficult.
|
# ? Aug 3, 2020 22:04 |
|
Strumpie posted:just put flyers up advertising free nuts at makeout point, wait for all the squirrels to turn up, then press the button on the bomb you buried under makeout point beforehand. I had to interrupt our staff meeting not once, but twice, because my manager and a coworker could shut the gently caress up about Covid. I literally had to say, “okay guys can we be done now? This is a staff meeting and if the two of you want to chat up on Covid do it on your time, not mine.” This response to the squirrel detail is what I should have said in my meeting.
|
# ? Aug 3, 2020 22:34 |
|
Craptacular posted:Couldn't they trap the squirrels and remove the transmitters? Presumably they had to trap them in the first place in order to install the transmitters. Possibly, but also that would have ruined the research the person who put them on got grant money for and so absolutely not a chance in hell they would do it.
|
# ? Aug 3, 2020 22:44 |
|
Agrikk posted:I had to interrupt our staff meeting not once, but twice, because my manager and a coworker could shut the gently caress up about Covid. I hope you have some iron clad job security because drat, that is borderline wreckless.
|
# ? Aug 3, 2020 22:50 |
|
Shugojin posted:Possibly, but also that would have ruined the research the person who put them on got grant money for and so absolutely not a chance in hell they would do it.
|
# ? Aug 3, 2020 22:51 |
|
That I do not know! Possibly, but regardless that's the story the people who run the telescope center told us. It wasn't fully showstopping iirc, they just had to select observations that didn't want anything in that range for the duration. There's a system to request for what part of the sky you want to look at for how long in what band so if someone didn't care about squirrel tag frequency then it was fine. Shugojin fucked around with this message at 23:30 on Aug 3, 2020 |
# ? Aug 3, 2020 23:28 |
|
Truga posted:NAT is good because "everything's closed fuckoff" is the default state on the outside due to the way it works. The entire concept of a "DMZ" computer as implemented by most consumer NAT platforms for example. Consumer router manufacturers are going to figure out ways to be dumb one way or another. Let's not encourage keeping things lovely for the rest of us just because of those idiots.
|
# ? Aug 3, 2020 23:45 |
|
The Fool posted:https://www.fkie.fraunhofer.de/content/dam/fkie/de/documents/HomeRouter/HomeRouterSecurity_2020_Bericht.pdf
|
# ? Aug 4, 2020 02:45 |
|
Craptacular posted:Track the transmitters, visually verify that a squirrel is wearing a transmitter, then shoot that squirrel. Ah yes, sorry, forgot I was talking to Americans. On topic, I've been in the industry for nearly two decades now (though I switched to software at some point) and I'll admit I never really learned a good firewall from a bad one, and what vulnerabilities residential routers have on NAT etc. Jaded Burnout fucked around with this message at 07:15 on Aug 4, 2020 |
# ? Aug 4, 2020 07:13 |
|
|
# ? Apr 18, 2024 00:18 |
|
Jaded Burnout posted:Ah yes, sorry, forgot I was talking to Americans. Squirrels are small enough you could use an air rifle or slingshot or longbow or whatever you have over there. I had never heard of the radio quiet zone, but apparently the severity of restrictions varies quite a bit over the area, so it could be they got trapped and tagged in an area with less severe restrictions and then went back to an area with more strict rules, squirrels have absolutely massive ranges in rural areas because they can't live off of dumpsters.
|
# ? Aug 4, 2020 08:29 |