What is Digg?Sponsored by Double Your Dating
Scary Quiz - Do you have what it takes to attract women? view!
doubleyourdating.com - Think you know a thing or two about meeting women? Take this quiz and find out...
77 Comments
- mb309, on 12/31/2008, -4/+60PRNP, I must admit I hadn't heard of it until now.
Good post, dugg for its thorough explanation and screenshots. - Qwfwq, on 10/12/2007, -14/+68It seems that Vista is not only about the looks (Aero) after all, it actually seems to have some brains. This is a nice feature that should make it more straightforward to remotely access/control our home computer. Now let's just wait and see how it behaves security-wise.
- jmazzi, on 10/12/2007, -3/+29Don't worry. No on will take it.
- Yorn, on 10/12/2007, -11/+31What a perfect avenue of message relaying for a botnet...
Microsoft might have finally invented a working totally-decentralied P2P scheme that botnet herders have been trying to do for ages. We might see IRC botting going the way of the dodo if this works out, as they will be able to connect directly and just use hashes to verify authority.
Of course, that's bad for essentially everyone, but it's hard to argue that IIS/Internet Explorer wasn't bad for everyone either. - CharlesGriswold, on 10/12/2007, -2/+21From the article: "Yep, you're going to need a very solid firewall to ensure your PC is kept secure when running PNRP."
A masterful piece of understatement. - kalmi, on 10/12/2007, -6/+23@springfield:
Actually you can get it to work in XP SP2 too.
So it's nothing exceptionally new.
http://www.codeproject.com/dotnet/PeerNameResolutionnetsh.asp - steelmaverick, on 10/12/2007, -11/+28@phjr
I'm sure you can turn it off. - Ascus, on 10/12/2007, -14/+28Wonderful, Vista will violate my ISP's EULA where its says absolutely no servers!
- harmlessinc, on 10/12/2007, -4/+16... without having to know your IP address, because not many people will be able to "know" their address since it will be an IPv6
- kalmi, on 10/12/2007, -6/+15Actually it's using no servers.
"The cool answer is that no, there is no central server. The whole service is peer to peer based on a technology called PNRP (really ICNs are PNRP names, they just get published for the entire machine rather than a single process as is more normal for PNRP).
Basically, every machine knows about a few other machines basically at random. Those machines know a few others, who know a few others, etc. When I want to resolve someone else's name, I can use all of those relationships to track down the machine publishing the name I want."
Source: http://blogs.msdn.com/noahh/ - cybersamurai, on 10/12/2007, -4/+13I just went through the process of setting up ftp and web servers at home and I can really appreciate this being built right into Windows.
- Cerpin_Taxt, on 10/12/2007, -11/+19I'm really not expecting vista to be any more usable, either. People tend to rag on Microsoft a bit (a bit?), but i really think that as of late, they have been pretty much on the ball. If it's a security risk for you, you can disable it. I'm looking forward to this feature, but not so much the price of paying for a mostly rehashed xp.
- manitoba98xp, on 10/12/2007, -3/+8What I find funny, is that this has the opposite effect. Which would you rather remember?
fe80::38e8:6b18:4b10:a4bd
p.p3d1d6bc434051204edcdb57536c9fcc7c555b3f8.pnrp.net
Note: I may have miscopied those, but the point remains the same. I know this is "secure" mode, and that you can choose a memorable name, but that's rather absurd. I also know that this is Dynamic DNS, and that the IP address changes, etc, but isn't one of the advantages of IPv6 that every network-enabled device can have a unique, static IP address? - meatmcguffin, on 10/12/2007, -4/+9On OS X, I'm fairly sure you can use Bonjour (rendezvous / zeroconf) over a *non* local network which would allow you to use the whatever.local nomenclature to find your computer.
I could be wrong but if i'm right can someone tell me how to set it up :) - Changa, on 10/12/2007, -6/+11
I can't wait to go IPV6... Should get there by 2019. - gclef, on 10/12/2007, -6/+11Well, it will certainly make target acquisition in IPv6 easier....one of the security improvements in IPv6 is that there are so many IPs available that scanning them all is impractical. So, finding a target to attack will be much harder in IPv6.
This auto-naming system gives attackers another way to find targets: find a valid name, and you've got a valid host. I imagine dictionary attacks coupled with random DNS searches across the hash name-space will give attackers a fairly good list of all the people who turn this on. Good thing it's off by default. - grumpyrain, on 10/12/2007, -0/+5SteelMaverick: "I'm sure you can turn it off."
PNRP has actually been around since XP SP1 in the Advanced Networking Pack.
Unless they have changed their mind on it, it is only enabled by default on the Vista betas to test out the protocol, it will be turned off by default for release. - saxjazman9, on 10/12/2007, -3/+7I love how ppl commeny who have NO idea how dns and ipv4/6 work.... good job diggers...
- inactive, on 10/12/2007, -9/+13> Answer: totally insecure. Well, maybe not so bad, but I wouldn't be
> surprised by a security problem with it.
Yeah, but microsoft's meet up place will be filtered by their web bot army... so, they'll know who the bad guys are (or at least they'll know other scary things, like where you work, travel, vacation, etc.). - AngryBoy, on 10/12/2007, -1/+4Gentlemen, start your flame throwers!
*ducks* - pixelguru, on 10/12/2007, -5/+8"In Apple Computer's Mac OS X since v10.3 "Panther", which was released in 2003, IPv6 is supported and enabled by default."
- foolfromhell, on 10/12/2007, -0/+3Block this dude. he is spamming Digg with links to his own story.
@nmeadata
If your story was good, people ill find it and digg it. DONT EVER SPAM DIGG AGIN.
There should be a function for ostracism. - philz, on 10/12/2007, -1/+4Peer name resolution is not equal every Vista-PC gets a domain name.
It just means we would have a decentralized name resultion service (P2P DNS would be another term for it). Bonus: If you feed enough peers with wrong information you can reroute someone's traffic :-) - LiquidPenguin, on 10/12/2007, -4/+7Just a thought here.
If the name resolution is done as a "cloud", ie in a P2P fashion with each PC knowing only a few at any given time, what's to stop spoofing? Secure or non-secure?
Let's say that we have a pc with the name thisisarandomname in one cloud and another pc in a completely different cloud with the same name. Now one PC somewhere eventually figures out that there are two clouds with two PC's with the same name. Which one does it choose to use and how do those two PC's resolve the name conflict?
With current DNS, they had to apply "locks" to prevent a similar sort of address spoofing. From what I've read in the article, there's actually a possibility that PNRP would have the same problem. - inactive, on 10/12/2007, -0/+2Thats what I've always wanted with IPv4, auto-configuration, no need for DNS or other Domain Name infrastructure that broadcasts your IP all over the world.
This mechanism is just like having a transparent, secure and confidential IP every place you go.
I dont' want to say it, but the RIAA or the MPAA will have more trouble trying to have a IP database of every user using Vista, and another thing is that it will be like free-net, because you will be anonymous everywhere you go.
The disadvantage however is the security, because IPv4 does not have a IP exension security header that makes all packets encrypted. The solution is to use IPSEC over IPv4 allowing a public key infrastructure by letting every Vista Client to have a Digital Certificate signed by Microsoft or Verisign so you can really enjoy the experience of being in the cyberspace without fear of hackers, phishers or other criminals on the net. - d722002, on 10/12/2007, -2/+4I'm glad that things like this have finally come out. Microsoft hasn't really done enough to promote all the new innovative features in Vista, and this is definitely one of the best. They need to do more to talk about new stuff other than the User Interface. Vista also includes a neat little feature called 'Network Map', which generates a graphic of how your computer is connected to the internet, and would be highly useful in the office setting. Some other new things are MIC (Mandatory Integrity Control) which makes sure an unstable application cant crash a stable one, and vise versa, NAP (Network Address Protection) which makes sure a 'unhealthy' (virus infected, not running anti-virus/spyware, etc) computer cannot connect to a network if there is a potential for harm to other systems, and some other things. I would recommend checking out http://en.wikipedia.org/wiki/Features_new_to_Windows_Vista .
- Ryosen, on 10/12/2007, -0/+2@danwarne
Just like VNC does. - eSecuris, on 10/12/2007, -1/+3www.dyndns.com
- inactive, on 10/12/2007, -2/+4VNC > *****
- kutza, on 10/12/2007, -0/+1The Downside: HUGE potential for devastation.
The Upside: A new excuse against the RIAA :D. - danwarne, on 10/12/2007, -1/+2No way! Gotomypc is awesome. It does one thing REALLY well that none of the other products do: it works around restrictive corporate firewalls be encapsulating remote screen sharing packets as HTTP port 80 ones.
- r3zonance, on 10/12/2007, -0/+1Easier to way to track down PCs which have been zombied.
- rowanjl, on 10/12/2007, -2/+3kalmi, it makes your computer a server, which violates his (and my) ISPs terms.
But thats hardly Microsofts fault, since it'll be disabled by default... - isny, on 10/12/2007, -1/+2Something like this combined with Hamachi is all you need. Keep your private network private and your public network public.
- JonnyTrombone, on 10/12/2007, -2/+2Is it just me, or are most of the good things about Vista just taken from Linux or OSX? This is a good example of how far advanced UNIX based operating systems are compared to Windows.
- malkir, on 10/12/2007, -1/+1Yeah, I can see this being used against people with a bit of effort.
- nundeeram, on 10/12/2007, -11/+11I don't understand why we haven't really heard about this as a big Vista feature before. This is exactly the type of feature that could constitute a "big leap forward" in operating systems, and something that Windows competitors (OSX) don't have. If there are enough of these types of features in Vista, then I think it has a good chance of differentiating itself in the space.
- shagangus, on 10/12/2007, -1/+1It's nothing that hasn't been available for years through services like No-Ip, but cool nonetheless.
- codemander, on 10/12/2007, -9/+8"They don't? News to me. I must have just imagined being able to remotely use my computers."
did you actually read AND understand the article.
jesus! - yeahbuddy, on 10/12/2007, -3/+2So gotomypc.com is going out of business when Vista is released?
- addicted68098, on 10/12/2007, -2/+1I love that service.
- rishmaster, on 10/12/2007, -1/+0Wow. pretty cool, could be very useful. Would it negate the need for PCAnywhere type clients?
- coastie, on 10/12/2007, -3/+2I like that in Linux, I control it. Things just don't automatically happen! One of the reasons I stopped using Windows is that things happened automatically by default, IMHO that is a huge security risk.
- jzp-digg, on 10/12/2007, -2/+1@yorn: I've been arguing that angle since this crap raised its head.
All end users: your ISPs are helping diagnose the spread of badness through DNS lookups today. Removing the DNS lookups will force the ISPs that haven't yet dropped 'deep packet inspection' devices inline to do so. That's one short stop to throttling your p2p, etc.
The second-order effects are going to be very bad indeed. - realyst, on 10/12/2007, -2/+0intelligent.comment.digg.com CNAME down.digg.com
@.intelligent.comment.digg.com CNAME down.digg.com
port 53 error ID10T - realyst, on 10/12/2007, -2/+0I'm also curious about that. All I would have to do is identify myself as "charliesputer" and receive all info going to the real "charliesputer". Unless there is some kind of central keying at microsoft's end or the content is encrypted even before the initial logon is performed.
But if this does work, it would pave the way for a truly autonomous Intermesh as soon as wireless connectivity reaches gigabit speeds(yeah, pretty far still, but will still happen eventually) and we can finally be rid of ICANN, telcos and the whole "Net neutrality" issue.
...mind you I still ain't putting Vista on my workstation due to all the other crap and licensing hells it contains. - inactive, on 10/12/2007, -3/+12019 is the Conservative Estimate.
- tylerni7, on 10/12/2007, -3/+1I really don't think this is worth it... I mean if you know enough to connect to your computer remotely, you should know enough to memorize your IP or to register with a free DNS service or something. Especially since IPv6 won't be dynamic, that should be really easy. If you don't know enough about the internet to do all that, then you're going to have a giant security hole and it probably isn't a good idea. I guess it can be a time saving feature, even though it really isn't that new (yes, there are dynamic DNS services out there now...).
- toxonix, on 10/12/2007, -4/+2I think a lot of these security features are going to backfire and are pretty much just hacks around older problems in the first place.
MIC - What, does kernel-level scheduling and memory protection not work?
NAP - So you have to install and run anti-virus/spyware protection software in order to be allowed to get on a network? So everybody gets a virus tomorrow, and nobody is allowed to connect to the internet to get a security patch? Thats going to work well.. - rockforever, on 10/12/2007, -19/+16Agreed, finally some good news about vista...
-
Show 51 - 77 of 77 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is