This is why I try my damnedest not to write in weakly typed languages.
string + object makes no logical sense, but the language will be like “'no biggie, you probably meant string + string so let’s convert the object to string”! And so all hell breaks loose when the language’s assumption is wrong.
Private addresses don’t necessitate NAT. IPv6 also allows private addresses in the form of fd00::/8, like fd00:face:b00b:1::1.
.local is already used by mDNS
This is an EU4 / CK3 / HOI4 joke
Tell that to your ISP which has fucked their IPv6 deployment up. In my experience IPv6 is actually faster since it bypasses the IPv4 CGNAT.
On busy days my IPv4 connection can get as slow as 15KB/s, now that’s trash.
And we are facing the effects of it as we’re speaking. CGNAT and protocols like TURN were not invented without a reason.
Our network architecture has the tendency to waste IP addresses. A subnet may have 10 devices but have 256 IPs (e.g. a /24 network like 192.168.0.0 to 192.168.0.255) - that’s 246 wasted addresses. This wastage is kinda unavoidable since we’d need to keep our routing tables from being too fragmented.
With that in mind it is entirely possible for 64-bit addressing space to not be enough, unless we revert to methods like NAT which come with their own disadvantages.
We have already used up about one /11 block of the IPv6 internet. That’s 128-11=117 bits. If we replace the standardized /64 subnets of IPv6 with old /24 subnets typical in IPv4 networks, you get 61 bits. That’s dangerously close to the upper limit of a hypothetical 64-bit IPv5 internet.
If history is any indication then more lock-in will be the future trend. And they will sugarcoat it with reasons such as “this is more secure”.
I use arch btw.
Indeed. I would love to have a “modernized Morrowind” experience – an RPG game that really nails the role-playing part of RPG, but without the cheesy parts of Morrowind like the unintuitive combat system – but all of us know that it’s just not gonna happen.
Were I really strawmanning you? Is “I never even implied the opposite” really true? Quote:
So, really, you were “correcting” me for you and your specific setup
Yeah, my “specific setup”… which can be found in virtually all routers today.
Oh come on, are you seriously suggesting that default-deny stateful firewall is not the norm??
Holy. Fucking. Shit. Indeed.
You keep on suggesting to me that you really have no idea how networking works. (Which is par on course for people thinking NAT == security, but I digress)
Let me tell you: All. Modern. Routers. include a stateful firewall. If it supports NAT, it must support stateful firewalling. To Linux at least, NAT is just a special kind of firewall rule called masquerade. Disregarding routers, even your computer whether Linux (netfilter) or Windows (Windows Firewall) comes built-in with a stateful firewall.
It’s a stateful firewall. It simply drops unsolicited packets.
How is this “dropping packets” not applicable to firewalls, then? You are not just going to casually connect to my IPv6 device as we’re speaking. The default-deny firewall in my router does the heavy lifting… just like what NAT did.
Honestly, it just sounds like you need to brush up on networking knowledge. Repeat after me: NAT is not security.
Wait, why are we talking about Layer 7 when NAT and firewalls are Layer 4 at best?
Consumer router firewalls are generally trash
[Citation needed]
They are literally piggybacking on the netfilter module of Linux. I don’t see how that’s trash
Wow, Europe, you guys sure are worrying us a little.
– Best regards, South East Asia
I reckon I see most IPv6 complainers are from the US though…
In my country, turning on IPv6 is not really something ceremonial, it’s just literally clicking on the IPv6 checkbox. The default configurations set in the router are good enough for an average home user, firewalls and all that security jazz are enabled by default.
The DNS didn’t break just because I enabled IPv6, nor did my phone apps stop working. Life goes on, and I have gotten rid of that terrible CGNAT. Somehow this is not the case for many US users across multiple ISPs, I have heard IPv6 horror stories from Verizon, Comcast, and AT&T. Like how did you manage to do that?
I use IPv6 exclusively for my homelab. The pros:
No more holepunching kludge with solutions like ZeroTier or Tailscale, just open a port and you are pretty much good to go.
The CGNAT gateway of my ISP tends to be overloaded during the holiday seasons, so using IPv6 eliminates an unstability factor for my lab.
You have a metric sh*t ton of addressing space. I have assigned my SSH server its own IPv6 address, my web server another, my Plex server yet another, … You get the idea. The nice thing here is that even if someone knows about the address to my SSH server, they can’t discover my other servers through port scanning, as was typical in IPv4 days.
Also, because of the sheer size of the addressing space, people simply can’t scan your network.