I’ve met people with C++ Stockholm Syndrome, and I think their trajectory is different. There’s no asymptotic approach toward zero; their appreciation just grows or stays steady, even decades into their career.
You shouldn’t need to remember IP addresses, they invented DNS to solve that problem lol
Even so, the addresses can be even easier to remember because we get a-f as well as digits, my unique local subnet is fd13:dead:beef:1::/60 cause I like burgers haha
I’m curious how you normally deploy since there’s a couple of ways to do it, I’ve mostly dealt with requesting a number of prefixes from the upstream router and delegating to each subnet/VLAN as appropriate, and each time I’ve done it it’s been a breeze
Even if you need static addressing you can just set it manually and DAD will handle it if it ever conflicts with a DHCP address, at least in my experience
For example I have a couple of locations tied together with a Wireguard site-to-site VPN, each with several subnets. I had to write wg config files and set static routes with hardcoded subnets and IP addresses. Writing the wg config files and getting it working was already a bit daunting with IPv4, because I was also wrapping my head around wireguard concepts at the same time. It would have been so much worse to debug with IPv6 unreadable subnet names.
Network ACLs and firewall rules are another thing where you have to work with raw IPv6 addresses. For example: let’s say you have a Samba share or proxy server that you only want to be accessible from one specific subnet, you have to use IPv6 addresses. You can’t solve that with DNS names.
Anyway my point is: the idea that you can simply avoid IPv6’s complexity by using DNS names is just wrong.
You don’t even have to NAT the fuck out of your network. NAT is usually only needed in one place: where your internal network meets the outside world, and it provides a clean separation between the two as well, which I like.
For most internal networks there really are no advantages to moving to IPv6 other than bragging rights.
The more I think about it, the more I find IPv6 a huge overly complicated mistake. For the issue they wanted to solve, worldwide public IP shortage, they could have just added an octet to IPv4 to multiply the number of available addresses with 256 and called it a day. Not every square cm of the planet needs a public IP.
You can subnet it with the exact same rulea as IPv4, nothing is chaning there.
Replace, for example, 192.168. with fd01::, with digits after this being divided however you like. You might step upon a too basic router that has it’s own way to assign addresses with no way to change it, but that would not be IPv6 fault.
Since I bought a domain name I do not remember IP addresses. Just like I don’t remember password since I installed password manager or not remember phone numbers since I have a smartphone.
It’s only annoying when being on someone’s else computer without my clipboard sharing setup and need to copy an address by hand. But that’s an issue when setting something up. I would take this inconvenience while setting up than all everyday inconveniences that IPv4 created in last years.
Sure, in the UK we have very strict rules around competition law and broadband access. Here, fibre businesses lay fibre to premises (and are paid to do so). Then, a customer can order from any number of broadband providers, and the company who originally laid the fibre lease that line out at wholesale prices. The broadband operator runs ‘over the top’ of whoever installed the fibre.
That way, the fibre installer makes money over time, gently and progressively. All broadband companies and smaller ‘Alt-Nets’ as we call them, have an equal opportunity to a customer base. Finally the customer has the choice to find services matching their needs and price points. Pay a lot get a lot, pay less get less.
I think I have a choice of 6. Names which come to mind are EE, Vodafone, Virgin, Trooli, Cuckoo and Orange.
Meanwhile, in the US, the government paid ISPs for fiber to be ran and they just pocketed it instead.
Now we’ve got smaller companies running fiber and charging less for synchronous gigabit than you’d pay for copper 500mb down 5mb up, and ISPs are panicking a bit.
All the fiber maps have big empty zones where apartment complexes are, sadly.
Here in Greece, we have three providers, but I don’t want to change, since we pay very little money to the one I am in right now in return of slower speeds (5 Mbps download, 0.5 Upload).
Not always possible. In Spain IPv6 adoption is at like 5%. There’s literally no ISP that offers it. I don’t even know how that 5% got it, maybe special deals.
Yes just had a look, according to Google countrywide it’s 10%. Very low, sadly. Neighboring France at 74% IPv6. Interesting to see the difference even with neighbouring countries.
As soon as fiber covers the final < 0.5% of my city with fiber (🤞 but I doubt it will happen) I’ll switch off of cable. Until then I can use cable with one provider or DSL with another.
move providers? Where, to who? There is currently one provider where i live, soon potentially to be two. Though it’s not finalized yet, nor constructed, so for all intents and purposes, it’s just the one provider.
Huh? With IPv6 you get your own IP address, the ISP doesn’t need to know shit about ports. Your address is not behind a NAT anymore, and ports don’t need to be forwarded.
Perhaps you mean the ISP set up a firewall that blocks incoming connections? In which case, maybe you can have that firewall disabled? ISP firewalls and “safe browsing” packages are always shit.
To be honest though there might be some aspect to this I don’t know.
Honestly, I was there the first time round, when everyone raw dogged the internet on a single modem per PC. I remember Blaster, and talking people through removing it in 60 second bursts as their PCs shut down over and over.
It was carnage. The average user doesn’t need open ports on the internet, and they’ll only get their elderly machines infected instantly if they did.
Watch, hold on, I’ll prove it! I’ll perform a feat of brute strength in a blind rage that will end up hurting me in the long run! Then later when I find out that massive fall didn’t actually kill you and you fought your way back up through 2km worth of test chambers powered by sheer spite to come and confront me, I’ll act like nothing happened and beg you for your help because I have no idea how to run this place and it’s falling apart and the robot test subjects I built don’t work at all!
Retardistan is hogging the biggest portion of the IPv4 addresses for themselves. That’s why they have the worst IPv6 support. The need arose last in this part of the world.
I work in a technical field, and the amount of bad work I see is way higher than you’d think. There are companies without anyone competent to do what they claim to do. Astonishingly, they make money at it and frequently don’t get caught. Sometimes they have to hire someone like me to fix their bad work when they do cause themselves actual problems, but that’s much less expensive than hiring qualified people in the first place. That’s probably where we’re headed with ais, and honestly it won’t be much different than things are now, except for the horrible dystopian nature of replacing people with machines. As time goes on they’ll get fed the corrections competent people make to their output and the number of competent people necessary will shrink and shrink, till the work product is good enough that they don’t care to get it corrected. Then there won’t be anyone getting paid to do the job, and because of ais black box nature we will completely lose the knowledge to perform the job in the first place.
You’d better hope that you can NAT ipv6 because if you aren’t behind a CGNAT and then your LAN is completely exposed without a NAT you’re very likely going to have devices exploited.
NATs on people’s boundary has been doing pretty much all of the heavy lifting for everyone’s security at home.
NAT does not provide security whatsoever. If the NAT mapped your (internal IP, internal port) to a certain (external IP, external port) and you do not have a firewall enabled, everyone can reach your device by simply connecting to that (external IP, external port).
I haven’t seen routers that do not come with IPv6 firewalls enabled by default.
No the word I’m looking for is the NAT. It was not designed for security but coincidentally it is doing the heavy lifting for home network security because it is dropping packets from connections originating from outside the network, barring of course, forwarded ports and DMZ hosts because the router has no idea where to route them.
Consumer router firewalls are generally trash, certainly aren’t layer 7 firewalls protecting from all the SMB, printer, AD, etc etc vulnerabilities and definitely are not doing the heavy lifting.
By and large automated attacks are not thwarted by the firewall but by the one-way NAT.
They are not layer 7 firewalls for the network which are going to be where most the majority of attacks are concentrated. No citation needed unless you believe they are layer 7 firewalls or using something like Snort.
Added some clarification in my first sentence so it makes a bit of sense.
layer 7 firewalls for the network which are going to be where most the majority of attacks are concentrated.
The NAT doesn’t have to operate at layer 7 to be effective for this because
coincidentally it is doing the heavy lifting for home network security because it is dropping packets from connections originating from outside the network, barring of course, forwarded ports and DMZ hosts because the router has no idea where to route them.
The point is that the SPI firewalls are not protecting against the majority of the attacks we’ve seen for decades now from botnets and other arbitrary sources of attacks, except, perhaps targeted DDoSing which isn’t the big problems for most home networks. They must worry about having their OS’ and software exploited and owned in the background, which doesn’t get much of an assist from a router’s firewall.
Obviously, this is however true for the NAT since the NAT are going to drop connections originating from outside the network attempting to communicate with that software to exploit it
barring of course, forwarded ports and DMZ hosts because the router has no idea where to route them.
How is this “dropping packets” not applicable to firewalls, then? You are not just going to casually connect to my IPv6 device as we’re speaking. The default-deny firewall in my router does the heavy lifting… just like what NAT did.
Honestly, it just sounds like you need to brush up on networking knowledge. Repeat after me: NAT is not security.
So, really, you were “correcting” me for you and your specific setup at the very beginning because your router’s firewall has a deny rule for all inbound connections because I must have been confusing what a NAT and what a firewall is because I must have been talking about your specific configuration on your specific devices.
Oh come on, are you seriously suggesting that default-deny stateful firewall is not the norm??
Holy. Fucking. Shit. Indeed.
You keep on suggesting to me that you really have no idea how networking works. (Which is par on course for people thinking NAT == security, but I digress)
Let me tell you: All. Modern. Routers. include a stateful firewall. If it supports NAT, it must support stateful firewalling. To Linux at least, NAT is just a special kind of firewall rule called masquerade. Disregarding routers, even your computer whether Linux (netfilter) or Windows (Windows Firewall) comes built-in with a stateful firewall.
What the fuck are you talking about? My ISP supports IPv6 just fine, but following my VPN’s advice I disable it (on certain devices at least) for privacy concerns. And it makes exactly zero difference in functionality.
If the Internet means for you a way to access Facebook, Netflix, Google and YouTube, yeah.
But if it means a network to send something to another computer then it’s a huge problem.
Because ISP won’t care if you can accept connections or not. They don’t care about decentralization and being able to host stuff yourself. Most consumers just want a pipe to big services and not to their friend’s house.
naw, what you do is write a small exe to play "youre the best" by joe espesito through the pcspeaker at 15% volume than you can trigger remotely..randomly until the user goes mad
programmer_humor
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.