Date: Thu, 14 Feb 2002 18:46:19 -0800 (PST) From: "f.johan.beisser" <jan@caustic.org> To: Terry Lambert <tlambert2@mindspring.com> Cc: j mckitrick <jcm@FreeBSD-uk.eu.org>, <freebsd-chat@FreeBSD.ORG> Subject: Re: How do basic OS principles continue to improve? Message-ID: <20020214164323.C21734-100000@localhost> In-Reply-To: <3C6C5824.4476B512@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 14 Feb 2002, Terry Lambert wrote: > > IPv6 is not a good example of "single idealist" design and developing. v6 > > is definately a commitee design, and it kind of shows. the IPng workgroup > > didget a few things right with the acceptance of v6, but migrating to it > > is still not easy. > > The implementation is pretty far from committee, despite > KAME and INRIA pooling forces to "committee it up". ;^). while i agree with the implementation having been driven by one person, or one small group of people. the RFC was designed on commitee. perhaps i should have been more clear? > I think the main barrier to IPv6 is availability in a > consumer OS. > > For a long time there was a "we'll support it, if you > support it" starvation deadlock between the endpoint OS > vendors, and the intermediate router vendors. > > I give IBM a bit of credit on this for supporting it on > AIX before most other support was there, router, OS, or > otherwise. > > Cisco has supported it on their routers since the loads > released on 22 June 2001, and the laggard has been > Microsoft from that day onward, even though they have > had a "technology preview" version of the stack around > for a while now. with cisco's change, of course, everyone else fell in line. where i work, we've been relying on KAME FreeBSD routers for a while now, while we're now switching to cisco and hitatchi for some bits, much of our network still consists of those early KAME machines. > I think the primary motivation for them dragging their > feet has been a "you scratch our back, we'll scratch > yours" between them and the U.S. Government, which, for > the most part, would just as soon not have a network > infrastructure with strong cryptography built in. > > In fact, if we look at the "technology preview", and > compare it with what actually ended up released with > the IPv4 IPSEC code, and then, later, with Windows XP, > we see that authentication and nonrepudiation made it, > but ene-to-end encryption of content did not, and that > there is still widespread dependence on SSL, instead. this may be due to the already widespread existence of SSL, vs any real conspiracy between the US government and MS. remember that MS tends to be lazy about their systems and protocols, and as an extention of this they may have simply viewed it as "unnessassary work" in implementing it. on the other hand, the use of auth/rep parts of IPSec allows MS to say "look, no one can fake packets from your machine. see how we've improved your personal safety on the internet?" > We also see that, even where SSL is used, it's mostly > used for protection of plaintext passwords on form > submits for HTTP based session establishment, but > that the content thereafter is not encrypted. This is > definitely true of HotMail and of Yahoo. In fact, we > see that Yahoo defaults to non-encrypted authentication, > as well, and you have to go out of your way to request > it. odd. once again, i see a nitch service for a pseudo-anonymous private email system. web mail, IPSec/FreeSWAN and potentially encrypted mail transactions (with the option of pgp) would be handy. someone's probably done this already. > > Most "this is nifty" developments happen in Free OSs, since there's little > > corparate pressure to support or develop something new, or to let their > > in-house projects out. > > I really disagree with this rationale; please see "The > Innovator's Dilemma", referenced in my other post with > full bibliographic information. will do. can you give me a date span to search? > While there is some truth to the idea that commercial > products tend to lag behind the curve because of a product > centric focus (indeed, I worrk about IBM research, which > has been given the imperitive to bring one technology per > laboratory to a product, every 6 months, suffering as a > result of this focus), the Free OSs are just as resistant > to change as the commercial ones. that's a bit evil.. but understandable from a corparate point of view. i guess i'm lucky in that i work for a Giant Evil Corparation That Is Intent on Taking Over The World, but doesn't feel the need to pressure the various labs to produce something marketable 2 times a year. > > with the release of XP, though, MS has also given out broad range of > > potential v6 users (this is what i've been given to understand, i've not > > had the motivation or spare hardware to check this out and verify it). > > I have XP on a machine I bought for $300 at Fry's the > other day to install FreeBSD on (in fact, this was the > genesis of my diatribe about installation an partitioning > tools in FreeBSD last month); Windows XP does *not* come > with IPv6 support integrated into it, at least as far as > the networking "control panels" are able to discover. 8-(. what version of XP? i guess this means i have to install and check anyway. it would not suprise me if they had everything command line as they did with win2k's v6 extention. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan@caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020214164323.C21734-100000>