-------- Original Message -------- Subject: Re: [Politech] John Walker on NAT and "lights going out across the Internet" Date: Tue, 23 Mar 2004 00:47:28 +0100 (CET) From: Thomas Shaddack <shaddack@private> To: Declan McCullagh <declan@private> References: <405F2A71.7060102@private> The issue is serious, but not as hot as it may seem. There are powerful counter-forces in the game. First, not all the customers are know-nothing sheeps, and many of the others insist on using features that don't play well with NAT, eg. various P2P telephony products or - more often - multiplayer games. Both these subgroups drive demand for non-NAT connection, and hopefully educate other potential customers. Then there is the pending IPv6 roll-out. Japan and China, with their IPv4 address space lack, drive this; once they succeed, other countries will follow; there are some IPv6 efforts in Europe (don't ask me for details). Even without that, the very architecture of the world is fundamentally P2P; people know each other, are friends or business partners. If both sides of a want-to-make phone call are locked behind a NAT, they need a third party to act as a packet reflector. If at least one of them has a friend who operates a suitable server, their day is saved. With a suitable micropayment architecture, providers of such packet mirrors could become a cozy niche market. A suitable protocol for discovery of the best packet mirror with least line latency and least load would have to be developed, but that is something far within the existing technological limits. VoIP presents special challenge because of its sensitivity to latencies, but all kinds of other transfers could be done that way as well. Or, instead of micropayments, some ISPs could offer a subscription service for a connection negotiation service; $5 for gigabyte is something many people would be willing to pay, while keeping the service profitable, as it can be located on cheap fat pipe with a single IP, if a suitable protocol would be designed. NAT is a threat to the current paradigm of the Net. However, the individual-as-publisher role isn't necessarily endangered. Though some creativity and forethought on the side of the developers is likely to be required. The basic rule is to never lose hope. There is always a solution. -------- Original Message -------- Subject: Re: [Politech] John Walker on NAT and "lights going out across the Internet" Date: Mon, 22 Mar 2004 13:00:57 -0800 From: Brad Templeton <btm@private> Organization: http://www.templetons.com/brad To: Declan McCullagh <declan@private> CC: politech@private References: <405F2A71.7060102@private> While agreeing with John on the evils of NAT, there is, to use a delicious pun, light at the end of the tunnel. I have real optimism for the deployment of IPv6, thanks to a decision by Microsoft to embrace it. They have put not just v6 support into XP, but also support for automatic 6 over 4 tunnels, allowing disconnected islands of IPv6 to communicate. More is needed, of course. The NAT vendors should put in support for v6 and the tunnels (though the ones MS is using don't need that support directly from most NATs). And the ISPs should support it -- when I asked my own small ISP for v6, he said I was the first to ask. (I wonder if with some ISPs the fact that they get to charge monthly rental for static v4 addresses encourages them to delay?) In addition, we're getting much better at NAT penetration for UDP. In general, it can be done for 90% of users behind typical household NATs, though a central "introduction" server, on the real internet, is needed. Skype, which many of you has seen, does a very seamless job of NAT penetration, presumably relying on unknowing P2P proxies for those 10% of users behind symmetric NATs. Microsoft fortunately (in this case) has the power to pressure NAT vendors, router vendors and ISPs to support what it wants supported. -------- Original Message -------- Subject: Re: [Politech] John Walker on NAT and "lights going out across the Internet" Date: Mon, 22 Mar 2004 19:43:45 -0800 From: mournian@private To: Declan McCullagh <declan@private> References: <405F2A71.7060102@private> In other words, That's the Night the Lights went out in Georgia. The Big Boys are building the walls, and closing the gates. No more freestyle on the Internet. Tony -------- Original Message -------- Subject: RE: [Politech] John Walker on NAT and "lights going out across theInternet" Date: Mon, 22 Mar 2004 20:34:29 -0800 From: Ali Farshchian <ali@private> To: Declan McCullagh <declan@private> Some related CircleID posts and discussions on John Walker's... - "Lights Going Out on the Internet? Not Just Yet" http://www.circleid.com/article/453_0_1_0_C/ "In his article titled, "End of Life Announcement", John Walker (author of the Speak Freely application) makes a few arguments about Network Address Translation (NAT) that are simply not true..." There has been quite a number of interesting discussions on the topic of Network Address Translation (NAT) on CircleID which may also be of interest to Politech readers: - "IP or NAT IP: Mostly IP" http://www.circleid.com/article/494_0_1_0_C/ - "Why NAT Isn't As Bad As You Thought" http://www.circleid.com/article/447_0_1_0_C/ - "NAT: Just Say No" http://www.circleid.com/article/355_0_1_0_C/ -------- Original Message -------- Subject: Re: [Politech] John Walker on NAT and 'lights going out across the Internet' Date: Mon, 22 Mar 2004 13:13:40 -0800 (PST) From: Barclay McInnes <barc@private> To: <declan@private> References: <405F2A71.7060102@private> Hi Declan; Normally I'd let this pass, but Mr. Walker is either really thick headed (which I doubt very much considering his background and the work he's done) or is being deliberately disingenious/misleading. > A user behind a NAT box is no longer a peer to other sites on the > Internet. This statement by itself is correct. > Since the user no longer has an externally visible Internet Protocol > (IP) address (fixed or variable), there is no way (in the general > case--there may be "workarounds" for specific NAT boxes, but they're > basically exploiting bugs which will probably eventually be fixed) for > sites to open connections or address packets to his machine. The user > is demoted to acting exclusively as a client. This is most assuredly not correct. Pretty much every NAT device or software package on the market allows the user(s) to specify whether or not they want to pass ports through to a particular machine inside the private network. These are not "bugs" but rather features, prominent features at that. The catch is that you cannot arbitrarily pass the same port to several machines unregulated, but only one. >While the user can > contact and freely exchange packets with sites not behind NAT boxes, he > cannot be reached by connections which originate at other sites. Unless the user has specified that port X goes to his machine inside the network. I do this all day, working with a boatload of machines that are behind NAT boxes. In fact, my company's servers are all behind a NAT device . This includes a web server, a mail server, a DNS server, and an LDAP server. All I do is pass the particular port on to the appropriate box (80 for web, 25, 110 and 143 for mail, etc). There are several advantages to doing this, one is of course dramatically improved security. A lot of exploits will open obscure ports to the cracker in question to allow them access. With my situation, even if someone did get that port open, they can't use it because that port is only open if you're on the private NAT network. > In > economic terms, the NATted user has become a consumer of services > provided by a higher-ranking class of sites, producers or publishers, > not subject to NAT. > And this is different from all of those temporary DHCP'd dial-up users that were predominant in the 90's and early 2000s how? > There are powerful forces, including government, large media > organisations, > and music publishers who think this situation is just fine. This is tin-foil hattery at its finest. The music industry for example couldn't tell you what NAT even stands for, much less what it does. And Napster, Kazaa, Limewire, Morpheus and all of those other "enemy of the musician's rights" softwares all work just peachy keen through NATs anyway. > In essence, > every time a user--they love the word "consumer"--goes behind a NAT > box, a site which was formerly a peer to their own sites goes dark, no > longer accessible to others on the Internet, while their privileged > sites remain. The lights are going out all over the Internet. My paper, > The Digital Imprimatur, discusses the technical background, economic > motivations, and social consequences of this in much more (some will > say tedious) detail. This sounds like a lament for the destruction of the early 90's Internet, and it is. It is a damn shame, I will admit. I too would love to have those days back, but it's not going to happen. > Suffice it to say that, as the current migration > of individual Internet users to broadband connections with NAT proceeds, > the population of users who can use a peer to peer telephony product > like Speak Freely will shrink apace. It is irresponsible to encourage > people to buy into a technology which will soon cease to work. Simply put, NAT makes sense for too many reasons not to do it. The worm issue alone is sufficent argument for NAT. Frankly, I think all broadband users should use NAT devices, as soon as possible. It's all these broadband users who have no concept of security (nor should they be expected to, based on their level of expertise with computers) who are the priciple problem whenever one of these new worms is released. All of their machines are directly on the Internet, waiting for their neighbor's infected machine to come infect them too, and then when they get infected, their box starts scanning around, looking for victims of its own. That couldn't happen if they were beind a NAT device, since the necessary direct connection to the potential victim isn't there. Even a security program running on the machine like BlackICE defender is not sufficient, as last week's worm that specifically exploits that package demonstrated. This is a real issue. Here's an anecdote about how bad it is. I reinstalled Windows XP on a box at an acquaintance's residence who has broadband cable. After XP was installed, I connected to the broadband connection, to do all of the Windows updates (including the security updates). Before we had finished getting the list of updates from Windows Update, the newly installed machine had already become infected with a worm. We're talking less than 10 minutes on the connection! I formatted the drive again, redid XP again, and drove it over to my place to do the updates from behind my NAT. Afterwards I told my acquaintance to go buy a NAT device immediately. From that moment forward I was convinced that everyday joes using broadband should not ever have a direct connection to the 'net. Mr. Walker's Speak Freely will not work directly behind a NAT *without the user taking extra steps to enable it*, and for his package that is unfortunate. But there are a raft of other packages that will work just as well or better. Asterisk is one (www.asterisk.org), Teamspeak (www.teamspeak.org), etc. There's a bit of effort involved with getting all of these packages to work, but that's on setting up a server. Once that's going, anyone behind NATs will have no issues. It just seems to me that it's grossly unfair for him to classify NAT as a bad thing because in no small part his software won't work anymore without extra user effort. I agree that NAT could have the effects he describes and be a Very Bad Thing indeed if your ISP suddenly decided to put all of their customers on a private network, but that's not how NAT is used in today's world. Everyone gets a real IP address, and the NAT box that they have control of goes on that, and lets everyone in the house connect to it from there. Or, in the business world, everyone at the office is behind a NAT that the company has set up. And in the business world, you're there to work, not use peer-to-peer apps anyway. If something is being blocked by the NAT that is important to the company, the person running the NAT will be able to adjust to allow it through. No problem. Barclay McInnes -------- Original Message -------- Subject: Re: "The lights are going out all over the Internet" Date: Mon, 22 Mar 2004 14:55:31 -0600 From: Mike Schneider <mike1@private> To: Declan McCullagh <declan@private>, politech@private References: <405F2F9E.9020901@private> (I posted the author's piece in another group, and saw the following response. -- Mike.) To: <Individual-Sovereignty@private> From: "Scott Jordan" <scott_c_jordan@private> Date: Mon, 22 Mar 2004 11:41:53 -0800 Subject: RE: [I-S] "The lights are going out all over the Internet" Reply-To: Individual-Sovereignty@private "While the user can contact and freely exchange packets with sites not behind NAT boxes, he cannot be reached by connections which originate at other sites. In economic terms, the NATted user has become a consumer of services provided by a higher-ranking class of sites, producers or publishers, not subject to NAT. There are powerful forces, including government, large media organisations, and music publishers who think this situation is just fine. In essence, every time a user--they love the word "consumer"--goes behind a NAT box, a site which was formerly a peer to their own sites goes dark, no longer accessible to others on the Internet, while their privileged sites remain. The lights are going out all over the Internet." Loon. He ignores the fundamental animating notion of the Internet, which is a "network of networks". It was never meant to be a peer-to-peer thing. Besides, it is almost trivially simple to poke a hole in any NAT-based router for specific purposes. This does not necessitate "exploitation" of "bugs" but rather the utilization of the DMZ and port-forwarding features of virtually all routers. He also ignores a sincerely beneficial utility of NAT-based routers, which is to serve as a cloaking device for the PCs behind them. That is emphatically *not* in the best interests of the shadowy forces he lists towards the end, nor for hackers. The broad popularity of NAT-based routers also represents a significant evolutionary step for individuals' use of the Internet. Now entire families and groups can share broadband, formerly a luxury afforded to only a privileged few. The necessary technology--NAT--is available for less than $35 at any computer store, even in wireless form (cf. my Belkin 802.11b wireless router with four-port hard-wired 10/100 switching router). Seven years ago a NAT-based router cost over $20,000--and forget about wireless--meaning individuals and groups had to deal with dialup. A 1997 PC World magazine I nabbed the other day features a review which debates the merits of 33k vs 56k modems! There are many other, more legitimate reasons to opine that "lights are going off all over the Internet", such as lack of venture funding [gasp! capitalism!] and copyright enforcement by music vendors [ditto] and the metastization of spam [which has resulted in ISPs blocking email servers sited on home DSL lines], but NAT isn't one of 'em. It may have posed obstacles to "Speaking Freely"'s antique technology, however. The guy needs some cheese and crackers with his whine. --S. Mike. -------- Original Message -------- Subject: RE: [Politech] John Walker on NAT and "lights going out across theInternet" Date: Mon, 22 Mar 2004 14:15:31 -0800 From: Ilya Haykinson To: 'Declan McCullagh' <declan@private> Declan, [please remove email address if you forward] In my opinion, the problem is easily solved with firewalls / NAT devices that support UPnP -- which provides for applications on PCs behind firewalls to ask the NAT to open up a particular port. If Speak Freely wants to allow peer-to-peer connections, it should use UPnP (which is a standard and has been in many if not most popular broadband routers for at least a year now) to make sure that it can communicate. I think it's a little bit silly to try to find a sinister plot or a problem of epic proportions in the world getting NAT'ed when a solution is available and allows the best of both world: firewall protection without destroying the interconnectedness of the network. -ilya haykinson -------- Original Message -------- Subject: Re: [Politech] John Walker on NAT and "lights going out across the Internet" Date: Mon, 22 Mar 2004 13:20:41 -0800 From: Tim Pozar <pozar@private> To: Declan McCullagh <declan@private> CC: politech@private References: <405F2A71.7060102@private> On Mon, Mar 22, 2004 at 01:03:29PM -0500, Declan McCullagh wrote: > [I missed this the first time around. The topic is Speak Freely, but the > implications of John's essay are far broader. It's worth a read. --Declan] A much more through treatment to how the Internet is loosing its ability to support democratic (aka. P2P, etc.) communication is John's essay called "The Digital Imprimatur" at: http://www.fourmilab.ch/documents/digital-imprimatur/ He outlines what many of us have been concerned about for more than a decade now; The Internet will be, or is now, just a pipe for major content providers to push their product. Tim -- How big brother and big media can put the Internet genie back in the bottle. by John Walker September 13th, 2003 Revision 4 -- November 4th, 2003 imprimatur 1. The formula (=`let it be printed'), signed by an official licenser of the press, authorizing the printing of a book; hence as sb. an official license to print. The Oxford English Dictionary (2nd. ed.) Introduction Over the last two years I have become deeply and increasingly pessimistic about the future of liberty and freedom of speech, particularly in regard to the Internet. This is a complete reversal of the almost unbounded optimism I felt during the 1994-1999 period when public access to the Internet burgeoned and innovative new forms of communication appeared in rapid succession. In that epoch I was firmly convinced that universal access to the Internet would provide a countervailing force against the centralisation and concentration in government and the mass media which act to constrain freedom of expression and unrestricted access to information. Further, the Internet, properly used, could actually roll back government and corporate encroachment on individual freedom by allowing information to flow past the barriers erected by totalitarian or authoritarian governments and around the gatekeepers of the mainstream media. So convinced was I of the potential of the Internet as a means of global unregulated person-to-person communication that I spent the better part of three years developing Speak Freely for Unix and Windows, a free (public domain) Internet telephone with military-grade encryption. Why did I do it? Because I believed that a world in which anybody with Internet access could talk to anybody else so equipped in total privacy and at a fraction of the cost of a telephone call would be a better place to live than a world without such communication. Computers and the Internet, like all technologies, are a double-edged sword: whether they improve or degrade the human condition depends on who controls them and how they're used. A large majority of computer-related science fiction from the 1950's through the dawn of the personal computer in the 1970's focused on the potential for centralised computer-administered societies to manifest forms of tyranny worse than any in human history, and the risk that computers and centralised databases, adopted with the best of intentions, might inadvertently lead to the emergence of just such a dystopia. The advent of the personal computer turned these dark scenarios inside-out. With the relentless progression of Moore's Law doubling the power of computers at constant cost every two years or so, in a matter of a few years the vast majority of the computer power on Earth was in the hands of individuals. Indeed, the large organisations which previously had a near monopoly on computers often found themselves using antiquated equipment inferior in performance to systems used by teenagers to play games. In less than five years, computers became as decentralised as television sets. But there's a big difference between a computer and a television set--the television can receive only what broadcasters choose to air, but the computer can be used to create content--programs, documents, images--media of any kind, which can be exchanged (once issues of file compatibility are sorted out, perhaps sometime in the next fifty centuries) with any other computer user, anywhere. Personal computers, originally isolated, almost immediately began to self-organise into means of communication as well as computation--indeed it is the former, rather than the latter, which is their principal destiny. Online services such as CompuServe and GEnie provided archives of files, access to data, and discussion fora where personal computer users with a subscription and modem could meet, communicate, and exchange files. Computer bulletin board systems, FidoNet, and UUCP/USENET store and forward mail and news systems decentralised communication among personal computer users, culminating in the explosive growth of individual Internet access in the latter part of the 1990's. Finally the dream had become reality. Individuals, all over the globe, were empowered to create and exchange information of all kinds, spontaneously form virtual communities, and do so in a totally decentralised manner, free of any kind of restrictions or regulations (other than already-defined criminal activity, which is governed by the same laws whether committed with or without the aid of a computer). Indeed, the very design of the Internet seemed technologically proof against attempts to put the genie back in the bottle. "The Internet treats censorship like damage and routes around it." (This observation is variously attributed to John Gilmore and John Nagle; I don't want to get into that debate here.) Certainly, authoritarian societies fearful of losing control over information reaching their populations could restrict or attempt to filter Internet access, but in doing so they would render themselves less competitive against open societies with unrestricted access to all the world's knowledge. In any case, the Internet, like banned books, videos, and satellite dishes, has a way of seeping into even the most repressive societies, at least at the top. Without any doubt this explosive technological and social phenomenon discomfited many institutions who quite correctly saw it as reducing their existing control over the flow of information and the means of interaction among people. Suddenly freedom of the press wasn't just something which applied to those who owned one, but was now near-universal: media and messages which previously could be diffused only to a limited audience at great difficulty and expense could now be made available around the world at almost no cost, bypassing not only the mass media but also crossing borders without customs, censorship, or regulation. To be sure, there were attempts by "the people in charge" to recover some of the authority they had so suddenly lost: attempts to restrict the distribution and/or use of encryption, key escrow and the Clipper chip fiasco, content regulation such as the Computer Decency Act, and the successful legal assault on Napster, but most of these initiatives either failed or proved ineffective because the Internet "routed around them"--found other means of accomplishing the same thing. Finally, the emergence of viable international OpenSource alternatives to commercial software seemed to guarantee that control over computers and Internet was beyond the reach of any government or software vendor--any attempt to mandate restrictions in commercial software would only make OpenSource alternatives more compelling and accelerate their general adoption. This is how I saw things at the euphoric peak of my recent optimism. Like the transition between expansion and contraction in a universe with ? greater than 1, evidence that the Big Bang was turning the corner toward a Big Crunch was slow to develop, but increasingly compelling as events played out. Earlier I believed there was no way to put the Internet genie back into the bottle. In this document I will provide a road map of precisely how I believe that could be done, potentially setting the stage for an authoritarian political and intellectual dark age global in scope and self-perpetuating, a disempowerment of the individual which extinguishes the very innovation and diversity of thought which have brought down so many tyrannies in the past. [...] _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2b30 : Mon Mar 22 2004 - 23:38:29 PST