Credit scores require you to get some kind of debt. This is because it’s not a score of your financial health. It’s a score of how reliably you repay your debt.
Queer folx (at least on the Fediverse) are too smart to fall for it.
Conservatives are dumb enough to get upset.
Public, profit-motivated veneers of support are at least not public displays of homophobia.
A society where 100% of its e.g. banking sector pretends to care about pride month should normalize gay lifestyles more than a society where that sector is openly hostile to them. If someone raises a kid who sees pride flags on every building, even if their parents suck those shallow displays may subconsciously still have a positive effect at the end of the day.
I’d rather have genuine support but the fake crap is at least better than hate?
I 100% agree with you, but I don’t think the alternative is hate (for most corporations, anyway…); I think the actual attitude for most big corps is indifference. They just don’t give a shit about any group other than potential customers.
Very true; I don’t oppose the idea of a Pride Month. I just respond to corporate allyship with the same way the corps regard any marginalized group - indifference.
Good point. Facade alter people perspective far quicker than waiting for systemic change, and once perspective change, systemic change will follow. Better to have acceptance plaster everywhere, even if it’s hollow or propaganda-ish, than hate.
Public, profit-motivated veneers of support are at least not public displays of homophobia.
Have you seen Target’s pride month collection this year? I’d say that it counts as a public display of homophobia, it’s so bad. (Also they aren’t crediting their few artists this year.)
Sometimes you can get therapy covered through health insurance. It’s worth checking, because therapy can be really helpful, even just for having someone to share stresses with. I hope you’re able to find someone!
I tried an IPv6 AWS Lightsail instance recently. It had a private IPv4 address, but it’s not behind NAT and won’t route outside the network.
Which would be fine if all the software packages you need can access things over IPv6 on their servers. One that doesn’t is WordPress, because of course it doesn’t. That means no plugins or updates except by manual downloads.
But hey, who would ever want to run WordPress on a cheap Lightsail instance?
All consumer and enterprise equipment made in the last 10+ years natively support IPv6.
I object to this statement. You can buy name brand routers today that don’t implement it properly. Sure, they route packets, but they have broken stateless auto configuration or don’t respect DHCPv6 options correctly, and the situation is made worse because you don’t know how your ISP implements IPv6 until you try it.
God help you if you need a firewall where you can open ports on v6. Three years ago I bought one that doesn’t even properly firewall IPv6.
I tested a top-of-the-line Netgear router to find that it doesn’t support opening ports and once again doesn’t correctly support forwarded IP DHCPv6, which even if that works correctly, your Android clients can’t use it 🫠 Decades later there’s no consensus on how it should function on every device. This is a severe problem when you are a standard.
The state of IPv6 on consumer hardware is absolute garbage. You have to guess how your ISP implements it if at all, and even then you’re at the mercy of your limited implementation. If you’re lucky it just works with your ISP router. If you’re not, it’s a PITA.
The problem is mainly that IPv4 port forwarding is network address translation, but on IPv6 it’s instead IP forwarding with a firewall rule.
The latter is conceptually simpler, but it’s a different mechanism and one that most home routers don’t bother to implement. This is quite ironic because IPv6 was intended to restore end to end connectivity principles.
Don’t get me wrong; I’m quite happy with the standard. They are very few good implementations of that standard, and given the momentum of its predecessor, implementers just don’t care.
I absolutely hate how dependent we’ve gotten to IPv4. To the point that Amazon is charging almost $4 a month per IP. It used to be free. These assholes are buying IPv4 addresses so fast that they are literally driving up the price.
Is there a resource that you can recommend on learning IPv6 based on my knowledge on IPv4? A lot of resources I’ve seen are way over engineered for my feeble brain.
Like I know what IP addresses are and what port numbers are. I don’t understand the difference between how IPv6 addresses are assigned (both locally and generally speaking) and what makes it different from IPv4.
It absolutely can be DHCP. There’s two main ways to do it: stateless auto configuration, and DHCP. Super briefly, you can assign IP addresses the same way you used to if you want, or you can let devices pick their own.
I’m afraid I can’t recommend a great resource, but I really like the Wikipedia article because it’s very precise in its terminology. I appreciate that with learning a new subject. I’m not even that precise here. For example, I use the term IP forwarding more liberally than what it actually means.
This is why I use PFSense and Hurricane Electric as a v6 tunnelbroker. I have working functional IPv6 with SLAAC and DHCPv6 and full Routing Advertisements on my LAN running side-by-side so that no matter which the device implements how poorly; it gets an IPv6 address and it works and is protected by the firewall.
I really like stateless, but it bugs me that the router has to snoop on traffic if you want a list of devices. The good ones will actually do this, but most are blind to how your network is being used with IPv6.
And it really bothers me that Android just refuses to support DHCPv6 in any capacity. Seems like a weird hill to die on. There are too many legitimate use cases.
I run both because of this; and because SLAAC enables features in Desktop OSes that offer some level of additional privacy.
For example; Windows can do “Temporary IPv6 Addressing” that it will hand out to various applications and browsers. That IPv6 address rotates on a periodic basis; once every 24 hours by default; and can be configured to behave differently depending on your needs via registry keys.
This could for example, allow you to quickly spin up a small application server for something; like a gaming session; and let you use/bind that IPv6 address for it. Once the application stops using it and the time period has elapsed; Windows drops the IP address and statelessly configures itself a new one.
I also like the privacy extensions, but how often does your prefix even change? Most places I’ve seen you get a /64 announced and it basically never changes – so somewhat elementary to “break through” that regardless.
A /64 is more than enough though to prevent most casual attempts at entry; and does force more work / enumeration to be done to break into a network and do damage with. I’m not saying the privacy extensions are the greatest; but they do work to slightly increase the difficulty of tracking and exploitation.
With a /48 or even a /56; I can subdivide things and hand out several /64s to each device too; which would shake up things if tracking expects a /64 explicitly.
I actually use /55s to cordon off blocks inside the /48 that aren’t used too. So dialing a random prefix won’t help. You’d be surprised how often I get intrusive portsweeps trying to enumerate my /64s this way…and it doesn’t work because I’m not subnetting on any standard behavior.
You shouldn’t be forwarding anything - lan devices are directly accessible from the internet with ipv6. The router’s job now is to firewall inbound ipv6 packets. You should be able to simply open the inbound port for that device in particular.
Right, that’s how it should work. Unfortunately that’s not how it actually works most of the time in consumer.
Many devices don’t provide an option in the UI to open an inbound port on IPv6. For example, the latest and most expensive Linksys gaming router blocks all inbound connections and there are no options for different behavior. It doesn’t support opening any ports for v6.
The most recent TP link device I tested for my dad doesn’t even have a firewall. If you know the global IP, you can connect to any port you want.
And that’s why I abandoned cheap consumer routers many years ago… closest devices to implement ipv6 port management firewalling even half good was/is the ASUS devices. I got fed up and went pfsense and/or unifi one day and never looked back.
UDM handles ipv6 real good, and pfsense can even get /64 subs from an ATT router for all its lan interfaces.
Comcast has finally gotten around to giving hosts inside the firewall publicly routable IPv6 addresses, but port forwarding (which, by the way, can only be done through Xfinity’s website or mobile app which then connect to and configure the router through the ISP interface – if you go to the port forward configuration in the router’s webui, all you’ll see is a message that it’s now “easier than ever” to configure port forwards) can only happen on IPv4. Want to open a hole in the IPv6 firewall? Well that’s just too fucken bad.
Funny, I have an ancient DOCSIS modem from a company that went bankrupt ages ago which supports all these features flawlessly. Only thing it’s missing is DNS options, it’s hardcoded to use the ISPs DNS. Oh well.
My university is still mostly on IPv4 for our infrastructure. We got in early on the IPv4 address gold rush, so we got a full /16 block. Not quite MIT’s 18.0.0.0/8 block, but enough so there’s little pressure to move. It can be a little embarrassing, feeling like an institution that should be breaking ground is instead trailing behind. At the same time, our IT department is chronically understaffed, so I can understand not doing the switch. It’s not as simple as just flipping a switch, there are many ramifications of IPv6 that aren’t immediately obvious.
There's literally nothing stopping a moderately skilled IT team from integrating ipv6. You can run any site easily using both. The exceptions are few and even those aren't that hard to deal with.
Source: been running dual ipv4/ipv6 Web servers for over 10 years (maybe 15 would need to check) . Likewise had ipv6 dual stack at home for a similar amount of time, initially using tunnels and then native.
Almost every server provider will give you ipv6 for free. There's really no excuse these days not to run your services on both protocols now.
The worst gotchas and limitations I have seen building my own self-host stack with ipv6 in mind has been individual support by bespoke projects more so system infrastructure. As soon as you get into containerized environments, things can get difficult. Podman has been a pain point with networking and ipv6, though newer versions have become more manageable. The most problems I have seen is dealing with various OCI containers and their subpar implementations of ipv6 support.
You’d think with how long ipv6 has been around, we’d see better adoption from container maintainers, but I suppose the existence of ipv6 in a world originally built on ipv4 is a similar issue of adoption likewise to Linux and Windows as a workstation. Ultimately, if self-rolling everything in your network stack down to the servers, ipv6 is easy to integrate. The more one offloads in the setup to preconfigured and/or specialized tools, the more I have seen ipv6 support fall to the wayside, at least in terms of software.
Not to mention hardware support and networking capabilities provided by an ISP. My current residential ISP only provides ipv4 behind cgnat to the consumer. To even test my services on ipv6, I need to run a VPN connection tunneling ipv6 traffic to an endpoint beyond my ISP.
I'm lucky that I have a choice of multiple ISPs all offering service on gigabit symmetric fibre. I've managed to keep my old setup of a /29 IPv4 allocation and /48 IPv6 allocation. But before IPv6 was available, I used tunnels at the point of the router with no problem. As such, the internal network doesn't need to know there's a tunnel and gets native IPv6.
memes
Newest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.