It may be nearly three years since the world officially exhausted all of the available IPv4 internet addresses, but now a new initiative has been proposed that could free up hundreds of millions of addresses that are currently unused – or are they?

While the world is still slowly moving towards broader adoption of the newer IPv6 protocol, which offers a vast address space, the widespread continued use of IPv4 has caused problems because all available ranges of the roughly 4.3 billion addresses it supports have largely been allocated.

Now it seems that Seth Schoen, formerly a senior staff technologist at the Electronic Frontier Foundation and co-founder of Let's Encrypt, has made proposals collectively labelled either the IPv4 Unicast Extensions Project or the IPv4 Cleanup Project (both are used on the project's GitHub page).

Writing in a post on the APNIC blog, Schoen detailed his proposals.

These are also outlined in four Internet Drafts filed with the Internet Engineering Task Force (IETF), which call for four categories of "special" addresses that are currently unavailable for standard addressing purposes to be redefined as ordinary unicast addresses, meaning they should no longer be regarded as reserved, invalid, or loopback addresses.

The reasons for the existence of these special addresses go back to the creation of the IPv4 version of the Internet Protocol in the early 1980s, but many of them have never been used for the purpose that they were reserved for, according to Schoen, yet have continued to be treated as special addresses.

Those four categories of addresses that the project is aiming at comprise the lowest address in each IPv4 subnet, 240/4, 0/8 and 127/8. Each was reserved for a different reason, and Schoen acknowledges that each one presents a different set of challenges to change.

Of the four, the lowest address fix is regarded as the least problematic. It proposes eliminating a duplicate broadcast address within each local network segment.

The standard broadcast address on a subnet is the highest one (i.e. 255 on a 24-bit subnet which uses 8 bits for the host addresses), but for historical reasons the "zeroth" address (i.e. 0) is also reserved, according to Schoen.

Changing this only frees up a single address per subnet, but allows organizations to "take a small step to unilaterally increase the efficiency of their use of their existing IPv4 allocations."

The other changes require code-level changes in IPv4 stack implementations, which will no doubt set alarm bells ringing among any IT admin staff out there along with network software engineers.

However, Schoen claims that some of these changes are in widespread use already, particularly the proposed changes for the 240/4 addresses that were reserved as a future-use Class E network block, comprising a total of 256 million addresses.

Changing these into recognized unicast addresses was previously proposed to the IETF more than a decade ago and apparently implemented in several operating systems now running in millions of nodes on the internet, and "has not caused any problems over the past decade," he states.

The 0/8 address range comprises another 16 million addresses that were reserved for potential device auto configuration based around ICMP messages, but these are effectively unused (apart from 0.0.0.0).

Likewise, 127/8 represents another 16 million address block that was reserved as loopback addresses, and this is maintained despite the fact that virtually all applications use only a single loopback address (127.0.0.1).

These addresses will gradually become more useful as more implementations accept them as valid address space

Schoen's proposal is to reduce the range of this block so that only 127.0/16 is reserved for local loopback purposes.

Whether these changes are really necessary is debatable, since many organizations that are still using IPv4 will be sitting behind a network address translation (NAT) gateway that presents a small number of IP addresses to the outside world and operates a private addressing scheme on the internal network.

Nevertheless, Schoen believes that these measures will prove useful during the drawn-out IPv4 to IPv6 transition, if there continues to be demand for IPv4 space.

"We are continuing to encourage implementers to make the required changes, and developing software patches to support them. These addresses will gradually become more useful as more implementations accept them as valid address space," he wrote.

The proposals have already met some understandable resistance.

"Testing and changing all devices that know that 240/8, 0/8, and 127/8, etc, are 'special' is a bigger job than making them just use IPv6," tweeted Adrian Kennard, who runs UK ISP Andrews & Arnold. "The 0 address being usable probably only helps local networks." ®

Analysis For all the pomp and circumstance surrounding Apple's move to homegrown silicon for Macs, the tech giant has admitted that the new M2 chip isn't quite the slam dunk that its predecessor was when compared to the latest from Apple's former CPU supplier, Intel.

During its WWDC 2022 keynote Monday, Apple focused its high-level sales pitch for the M2 on claims that the chip is much more power efficient than Intel's latest laptop CPUs. But while doing so, the iPhone maker admitted that Intel has it beat, at least for now, when it comes to CPU performance.

Apple laid this out clearly during the presentation when Johny Srouji, Apple's senior vice president of hardware technologies, said the M2's eight-core CPU will provide 87 percent of the peak performance of Intel's 12-core Core i7-1260P while using just a quarter of the rival chip's power.

Microsoft has forgotten to renew the certificate for the web page of its Windows Insider software testing program.

Attempting to visit the Windows Insider portal was returning the familiar "Your connection is not private" warning – as if webpages larded with scripts and trackers can truly be called "private." The problem has now been fixed, and someone's no doubt getting an earful.

Browsers like Chrome, Firefox, and Safari will attempt to deter visitors from accessing the webpage, but will provide a link for those who ignore the warnings and persist on clicking through to advanced options.

RSA Conference For the first time in over two years the streets of San Francisco have been filled by attendees at the RSA Conference and it seems that the days of physical cons are back on.

The security conference trade has been more cautious than most when it comes to getting conferences back up to speed in the COVID years. Almost all cons were virtual with a very limited hybrid-conference season last year, including DEF CON, where masks were taken seriously. People still wanted to mingle and ShmooCon too went ahead, albeit later than usual in March.

The RSA conference has been going for over 30 years and many security folks love going. There are usually some good talks, it's a chance to meet old friends, and certain pubs host meetups where more constructive work gets done on hard security ideas than a month or so of Zoom calls.

As compelling as the leading large-scale language models may be, the fact remains that only the largest companies have the resources to actually deploy and train them at meaningful scale.

For enterprises eager to leverage AI to a competitive advantage, a cheaper, pared-down alternative may be a better fit, especially if it can be tuned to particular industries or domains.

That’s where an emerging set of AI startups hoping to carve out a niche: by building sparse, tailored models that, maybe not as powerful as GPT-3, are good enough for enterprise use cases and run on hardware that ditches expensive high-bandwidth memory (HBM) for commodity DDR.

Review The Reg FOSS desk took the latest update to openSUSE's stable distro for a spin around the block and returned pleasantly impressed.

As we reported earlier this week, SUSE said it was preparing version 15 SP4 of its SUSE Linux Enterprise distribution at the company's annual conference, and a day later, openSUSE Leap version 15.4 followed.

The relationship between SUSE and the openSUSE project is comparable to that of Red Hat and Fedora. SUSE, with its range of enterprise Linux tools, is the commercial backer, among other sponsors.

Oracle is planning to build a national database of individuals' health records for the whole United States following its $28.3 billion acquisition of electronic health records specialist Cerner.

In a presentation, CTO and founder Larry Ellison said electronic health records for individual patients were stored by hospitals and physicians, and not replicated or shared between providers.

"We're going to solve this problem by putting a unified national health records database on top of all of these thousands of separate hospital databases," Ellison said.

Analysis The European Parliament this week voted to support what is effectively a ban on the sale of cars with combustion engines by 2035, and automakers are not happy.

MEPs backed a plenary vote on Wednesday for "zero-emission road mobility by 2035" – essentially meaning no more diesel and gasoline-fueled vehicles on the road.

The ambitious target means the automotive battery industry will have to service a much larger demand over the coming years, and electric carmakers stand to benefit hugely – that is, if they can source the requisite semiconductors and batteries.

Intezer security researcher Joakim Kennedy and the BlackBerry Threat Research and Intelligence Team have analyzed an unusual piece of Linux malware they say is unlike most seen before - it isn't a standalone executable file.

Dubbed Symbiote, the badware instead hijacks the environment variable (LD_PRELOAD) the dynamic linker uses to load a shared object library and soon infects every single running process.

The Intezer/BlackBerry team discovered Symbiote in November 2021, and said it appeared to have been written to target financial institutions in Latin America. Analysis of the Symbiote malware and its behavior suggest it may have been developed in Brazil. 

Microsoft has treated some of the courageous Dev Channel crew of Windows Insiders to the long-awaited tabbed File Explorer.

"We are beginning to roll this feature out, so it isn't available to all Insiders in the Dev Channel just yet," the software giant said.

The Register was one of the lucky ones and we have to commend Microsoft on the implementation (overdue as it is). The purpose of the functionality is to allow users to work on more than one location at a time in File Explorer via tabs in the title bar.

Over recent years, Uncle Sam has loosened its tight-lipped if not dismissive stance on UFOs, or "unidentified aerial phenomena", lest anyone think we're talking about aliens. Now, NASA is the latest body to get in on the act.

In a statement released June 9, the space agency announced it would be commissioning a study team, starting work in the fall, to examine unidentified aerial phenomena or UAPs, which it defined as "observations of events in the sky that cannot be identified as aircraft or known natural phenomena."

NASA emphasized that the study would be from a "scientific perspective" – because "that's what we do" – and focus on "identifying available data, how best to collect future data, and how NASA can use that data to move the scientific understanding of UAPs forward."

The UK government has committed to ending its reliance on legacy applications, or at least those it deems the highest priority, by 2025.

In a policy paper released yesterday, the Central Digital & Data Office (CDDO) said the costly issue of technical debt had been allowed to build up over multiple financial cycles and was now a barrier to the delivery of policy and services.

In the US, according to a report by the Government Accountability Office, the government spent over $100bn in fiscal 2021 on IT.

The Register - Independent news and views for the tech community. Part of Situation Publishing

Biting the hand that feeds IT © 1998–2022