| |||||||||||||
|
| |||||||||||||
Stable kernels 2.6.17.12, 2.6.17.13 released
The 2.6.17.12 stable kernel is out. There
is a fairly long list of fixes this time around, but none are associated
with specific security problems. But most people are more likely to be
interested in 2.6.17.13, which adds the
remaining patches needed to actually build a working kernel.
(Log in to post comments)
Stable kernels 2.6.17.12, 2.6.17.13 released Posted Sep 9, 2006 22:42 UTC (Sat) by ernest (subscriber, #2355) [Link] ... There is a fairly long list of fixes this time around, but none are associated with specific security problems. hmmm, I would rather suspect that : YOSHIFUJI Hideaki: feels like a local DoS fix.
Stable kernels 2.6.17.12, 2.6.17.13 released Posted Sep 9, 2006 23:32 UTC (Sat) by smitty_one_each (subscriber, #28989) [Link] Genuine curiosity: does IPv6 have significant presence on the net yet?
IPv6 Posted Sep 10, 2006 3:05 UTC (Sun) by rvfh (subscriber, #31018) [Link] I'm not even sure that all main OS's have full support for it, especially 'that one'.
IPv6 Posted Sep 10, 2006 5:12 UTC (Sun) by pbrutsch (guest, #4987) [Link] If by "that one" you mean the one from Redmond...
Vista will install by default.
It shipped with XP and 2003 but isn't installed by default.
It's available as an addon to 2000.
Regardless, IPv6 is largely irrelevent at this point in time. You need more than just OS support on your servers and desktops to be able to really make use of it.
IPv6 Posted Sep 10, 2006 6:23 UTC (Sun) by proski (subscriber, #104) [Link] When it comes to the network infrastructure, "that one" is Cisco IOS, not some client OS.
IPv6 Posted Sep 10, 2006 7:16 UTC (Sun) by bangert (subscriber, #28342) [Link] so what is the state in _that one_?
with the recent revival of _we are running out, real soon now_
too bad there is no real transition plan.
[1] http://www.heise.de/newsticker/meldung/77925 (German only, sorry)
IPv6 Posted Sep 10, 2006 9:17 UTC (Sun) by dlang (✭ supporter ✭, #313) [Link] for all those who are worried that we are running out of addresses, please look up the number of IANA unallocated class A networks. these are the networks that haven't even been allocated to countries to be allocated to ISP's. you will be surprised at how many you find.
I'm not saying that the reserve will never run out but we aren't even close
IPv6 Posted Sep 10, 2006 11:18 UTC (Sun) by job (subscriber, #670) [Link] Forgive me, but I don't really follow what you mean. I'm not a native English speaker and your strange lower case spelling doesn't help me. If you mean that we're not currently in a address shortage, that is correct but consider the following: First and foremost, the problem today is not address shortage but NAT. As a whole, a lot of the Internet has now been reduced from an end-to-end architecture to a crippled client-server one. This causes all sorts of problems with peer-to-peer networks, file transfers and IP telephony. Also, don't see IPv6 as simply an address extension of v4. The auto configuration features alone should be a killer app for the end user. The fixed frame size makes for faster networking switching hardware. And so on...
IPv6 Posted Sep 10, 2006 20:15 UTC (Sun) by dlang (✭ supporter ✭, #313) [Link] the primary arguement for why ipv6 is needed has been that we are about to run out of addresses. that is what I have responded to.
there is a secondsry argument that says that NAT (and firewalls) are bad, becouse they restrict the end-to-end flow of traffic on the Internet. ipv6 addresses this with end-to-end encryption that won't tolorate NAT and makes it impossible for firewalls to see the traffic (and so they can't check anything)
on this second point I think that we will just have to disagree. I don't see this as a positive change in ipv6, you do.
yes it makes it harder to do some peer-to-peer things (harder, not impossible, configure the thing that's doing the nat and well designed protocols will work), but this same thing provides a dignificant amount of protection to the devicesbehind the NAT as well.
David Lang
IPv6 Posted Sep 11, 2006 9:42 UTC (Mon) by job (subscriber, #670) [Link] Well, NAT *is* the problem of having a too small address space. It's not a different problem. It makes a lot of powerful applications impossible to build, that would have been possible before. In regard to end-to-end encryption in IPv6, that's just not an argument for anything, since ipsec has been backported to v4 and probably the most common VPN protocol in use. That's just not an argument against v6 adoption. I have great trouble to understand what exactly it is you are trying to argue. The point I was trying to make is that there are several other reasons than the larger address space to adopt IPv6.
IPv6 Posted Sep 10, 2006 22:36 UTC (Sun) by lutchann (subscriber, #8872) [Link] If you haven't seen it before, take a look through Tony Hain's whitepaper from last year:
http://www.cisco.com/web/about/ac123/ac147/archived_issue...
It's an analysis of various IPv4 address space projections, and in both the paper and the "virtual roundtable" following the article, all possible hopes for IPv4's continued dominance for more than five years, or ten at the most, are dismissed.
In particular, in response to the consumption rate question:
"[...]the most recent allocation rate (22 /8s over the 18 months leading up to July 1, 2005) suggests that the remaining pool of 64 /8s will be exhausted in about 5 years, even if growth abruptly flattens out to hold around 1 /8 per month."
The article's conclusion is that the RIRs will continually tighten allocation policies so that we never actually "run out" of IPv4 addresses, and that large organizations will eventually realize that switching their networks over to IPv6 will be more cost-effective than dealing with 5+ layers of NATs internally. Those two factors will make IPv6 increasingly more attractive.
IPv6 Posted Sep 10, 2006 23:01 UTC (Sun) by dlang (✭ supporter ✭, #313) [Link] this actually makes more sense then anything else I have read.
I also think that there are a couple more things that will happen
1. ISP's will go after the large address space owned by copanies that got it early on (buying it away from them)
2. if people migrate from SSLv3 to TLS lots of address space will be freed up that's currently needed for ASP's hosting lots of secure websites
I don't understand why comapnies would _need_ to run many layers of NAT internally (although I can see reasons they may want to) the private address space is large enough that I don't even see IBM needing more then that (1 A, 17 B's). you are likly to need to NAT at your perimiter for connections to other companies, but you really need to control those connections anyway, so adding NAT is a minor additional effort.
IPv6 Posted Sep 11, 2006 2:27 UTC (Mon) by lutchann (subscriber, #8872) [Link] Unfortunately it's not possible to use anywhere close to 100% of the addresses in an IP address block due to the hierarchical structure of the address assignments through the network topology. RFC 3194 has a good discussion of this, and introduces a calculation for a network's Host-Density Ratio (HD Ratio) to measure the manageability and growth potential of a network given the size of the address allocation and number of hosts.
The numbers come out much smaller than you'd expect. An organization with a /8 assignment would nearly be at its "threshold of pain" with only 1,000,000 hosts, and at 2,000,000 hosts would reach the "practical maximum". A Class B block would reach its limit with only 15,000 hosts. Given that IBM has 350,000 employees, you can see how internal NATs probably became a fundamental component of their network infrastructure years ago. Even the DoD, with their vast expanses of early address assignments, is using NAT internally.
Even if a large-ish company did manage to squeeze all their employees onto the 10./8 network, what happens when they merge with another company in a similar position? Like, say, when HP and Compaq merged. That's a big example, but it happens all the time on a smaller scale where two networks using the same 1918 addresses need to be coalesced. In this situation, the options are (a) attempt to acquire public addresses and renumber one network, (b) keep the networks separate and put a NAT between them, or (c) start migrating to IPv6. Obviously (a) is out or that would have been done in the first place, so everyone goes for (b) now, but people are starting to realize that it's not a realistic long-term solution, so as IPv6 support matures (c) will become more and more attractive.
IPv6 Posted Sep 11, 2006 9:51 UTC (Mon) by job (subscriber, #670) [Link] That's just silly. At least in Europe it would be a clear violation of the IP assignment rules to try to sell address space. I would expect rules elsewhere to be similar. I don't think you understand the situation. Address space is a problem for network planners, not for individual ISPs.
IPv6 Posted Sep 11, 2006 13:01 UTC (Mon) by Dom2 (guest, #458) [Link] Migrating to TLS over HTTP instead of just using SSL is unlikely to happen in the near future. This ismostly because it exposes more data than is required in the initial request (e.g. the Host header, Cookies, etc).
IPv6 Posted Sep 11, 2006 8:52 UTC (Mon) by Seegras (subscriber, #20463) [Link] the problem isn't actually Cisco, neither is it Windows. It's those damned appliances called "routers" or "modems" for DSL or Cable access. I've got an IPv6-net, an IPv6 ISP, and an IPv6 capable Server in an IPv6-enabled datacenter. What I don't have is a leased line which can do IPv6, because the friggin Zyxel can't cope with it.
IPv6 Posted Sep 10, 2006 19:30 UTC (Sun) by jeroen (subscriber, #12372) [Link] With tunnels you can already make use of IPv6 today (and for the past 5 or more years for that matter). With stateless 6to4 tunnels configuring a tunnel is even an one-minute job. I'm currently running IPv6 on the servers I admin and on my home network and it works fine. At home I've got an OpenWRT router/AP with radvd for autoconfiguration and aiccu for the SixXS tunnel. My laptop and workstation get their address using autoconfiguration from radvd. One thing you've to take in mind however is that with IPv6 your computer is directly on the internet and doesn't have the protection of NAT. Of the servers I admin only one uses a tunnel, the others have native IPv6. Almost all free software can already work with IPv6, configuring it quite easy. Most big ISPs have IPv6 already working and I've already seen IPv6 routes with a lower latency than IPv4 routes to the same destination. I actually don't see a reason we shouldn't start using IPv6 today. Of course you can say that it's useless because nobody is using, but that way we will never switch to it. But as technically skilled people, we should be the early adopters. And with more people using it there is more reason for other people to start using it.
IPv6 Posted Sep 10, 2006 20:15 UTC (Sun) by zlynx (subscriber, #2285) [Link] You don't have the protection of NAT, but three simple iptables, well, ip6tables, on a Linux router/firewall will give you the same effect.
Allow established and related connections from outside.
Stable kernels 2.6.17.12, 2.6.17.13 released Posted Sep 10, 2006 12:04 UTC (Sun) by stumbles (guest, #8796) [Link] Wow, was someone really sacked over the via cock up? And I wonder how manykernel versions back those cockups existed.
Stable kernels 2.6.17.12, 2.6.17.13 released Posted Sep 10, 2006 14:30 UTC (Sun) by nix (subscriber, #2304) [Link] That was a reference to the opening credits of _Monty Python and the HolyGrail_, which goes on at great length about moose, despite increasingly frantic attempts to stop it by sacking people :)
(`We apologise for the fault in the subtitles. Those responsible have been
Stable kernels 2.6.17.12, 2.6.17.13 released Posted Sep 10, 2006 14:52 UTC (Sun) by stumbles (guest, #8796) [Link] Ah I see. The reference eluded me.
Now how far back does those via errors go?
Stable kernels 2.6.17.12, 2.6.17.13 released Posted Sep 10, 2006 16:54 UTC (Sun) by jimmybgood (guest, #26142) [Link] Now how far back does those via errors go?
Probably just 2.6.17.12. In drivers/ide/pci/via82cxxx.c the log shows three lines being removed. When you update a list, you would normally remove the old lists and then replace them with the new.
Stable kernels 2.6.17.12, 2.6.17.13 released Posted Sep 10, 2006 19:05 UTC (Sun) by ikm (subscriber, #493) [Link] Despite all the fixes that went into .12 for the sky2 ethernet driver, it still breaks up after some time of heavy activity... sigh
|
|
||||||||||||