social.coop is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Fediverse instance for people interested in cooperative and collective projects. If you are interested in joining our community, please apply at https://join.social.coop/registration-form.html.

Administered by:

Server stats:

504
active users

@spritely @cwebber speaking of context collapse... have you read...

"we must avoid the two opposite social deaths of a global monoculture and a set of isolated cults, and how the fractal patterns found in nature seem to present themselves as a good compromise." w3.org/DesignIssues/Fractal.ht

www.w3.orgFractal Web - Commentary on Web Architecture

@spritely @cwebber @lotte I'm afraid it means that NAT translation is healthy.

In nature, groups are made of people and people are made of organs and organs are made of cells; there are boundaries at each layer.

We shouldn't expect every device in the world to be connected to every other device without boundaries.

@dckc@social.coop @spritely@social.coop @cwebber@social.coop to be clear I have nothing against firewalls. believe me I've had my share of cyber security issues that make me thankful that we have firewalls-by-default on routers and such.

NATs however, are not necessary for security purposes - they're simply a solution to the limited number of IPv4 addresses available. and that's fair enough, but they're no longer necessary with IPv6.

@lotte @cwebber @spritely is there a substantial difference between NATs and IPv6 firewalls when it comes to usablity for the average user?

aren't the same TURN/STUN kludges required in either case? Or am I missing something?

@dckc @lotte @cwebber @spritely I think you're missing something...no NAT, no NAT traversal, no having to figure out what your "real" address is, because, the endpoint knows the right information. It's not exactly theoretical: Comcast gives me IPv6 GUAs by default, and so do virtually all mobile phone networks I can think of.

@fdr @lotte @cwebber @spritely so you're sharing your IPv6 address with the world? Your device is directly exposed to every adversary in the world at all times?

@dckc @fdr @lotte @spritely It's dangerous probably to directly expose machines over ipv6, but is there any reason it should be if our software stacks better designed, if we had a more capability-oriented worldview?

I think often of Marc Stiegler's "perimeter security is eggshell security" which critiques many things, including a firewall-oriented perspective skyhunter.com/marcs/ewalnut.ht

See the "eggshell defense" subsection

www.skyhunter.comE in a Walnut
Dan Connolly

@cwebber @fdr @lotte @spritely indeed, too much emphasis on perimeter security is unhealthy, but capability patterns include membranes, caretakers and such - indirect connectivity.

@cwebber @fdr @lotte @spritely re wide area network security, MinimaLT has some really cool ideas: "Faster than TCP/IP, simpler than TLS, public-key authentication, with extensive privacy and denial of service protections."

ethos-os.org/papers.html

www.ethos-os.orgEthos (papers)Center for Security at Univ. of Illinois at Chicago