There are genuine improvements in IPv6 aside from the abundance of addresses. The two that immediately come to my mind are:
1. SLAAC means routers no longer need to keep a record of each client on the network. With DHCP, the router had to maintain a table of which addresses had been assigned and getting an address involved 2-way communication. With SLAAC the router just periodically broadcasts the prefix to the network and any device that wants an address can just listen to that broadcast and assign themselves an address within that prefix without having to inform the router and without the router needing to maintain a table of assigned addresses. (2-way communication is still possible since devices can solicit a broadcast but it is not necessary)
2. With IPv6, middleboxes are no longer allowed to fragment packets. The only device that can fragment a packet is the original sender. If any segment along the path has a lower MTU than the size of the packet, the original sender is notified and then they can fragment the packet.
On Linux, I think the defaults are left up to the distros so there is a chance of a privacy footgun there. Hopefully most distros follow the example set by Apple and Microsoft (a sentence I never thought I would write...)
> I don’t want some of my devices to be publicly addressable at all, even if I mess up something at the firewall while updating the rules. NAT provides this by default.
Do you ever connect your laptop to any network other than your home network? For example, public wifi hotspots, hotel wifi, tech conferences, etc? If so, you need to be running a firewall _on your laptop_ anyway because your router is no longer there to save you from the other people on that network.
It's also a good idea even inside your home network, because one compromised device on your network could then lead to all your other firewall-less devices being exploited.
Not every device can run its own firewall. IoT devices, NVR systems, etc should be cordoned off from the internet but typically cannot run their own firewall.
You must have not read my original post. I said that the NAT provides an additional fallback layer of safety in case you accidentally misconfigure your firewall. (This has happened to me once before while working late and I’ve also seen it in the field.)
You can't correlate the number of addresses with the number of devices because IPv6 temporary addresses exist. If you enable temporary addresses, your computer will periodically randomly generate a new address and switch to it.
"If you enable" is doing ALL THE HEAVY LIFTING THERE.
Again, my point isn't about what is possible, but what is likely. -- which is MUCH MORE IMPORTANT for the real world.
If we'd started out in an IPv6 world, the defaults would have been "easy to discover unique addresses" and it's reasonable to think that would have made "pay per device" or other negatives that much easier.
Temporary addresses are enabled by default in OSX, windows, android, and iOS. That's what, like 95% of the consumer non-server market? As for Linux, that's going to be up to each distro to decide what their defaults are. It looks like they are _not_ the default on FreeBSD, which makes sense because that OS is primarily targeting servers (even though I use it on my laptop).
I feel like this is a silly narrowing of the problem for normal, retail users. My priority isn't masking "the number of addresses" or devices. My desire is to not have a persistent identifier to correlate all my traffic. The whole idea of temporary addresses fails at this because the network prefix becomes the correlation ID.
I'm not an IPv4 apologist though. Clearly the NAT/DHCP assignments from the ISP are essentially the same risk, with just one shallow layer of pseudo-obscurity. I'd rather have IPv6 and remind myself that my traffic is tagged with my customer ID, one way or another.
Unfortunately, I see no real hope that this will ever be mitigated. Incentives are not aligned for any ISP to actually help mask customer traffic. It seems that onion routing (i.e. Tor) is the best anyone has come up with, and I suspect that in today's world, this has become a net liability for a mundane, privacy-conscious user.
But most ISPs aren’t giving out static IPv6 prefixes either. Instead they are collecting logs of what addresses they’ve handed out to which customer and holding on to them for years and years in case a court requests them. Tracking visitors doesn’t need to use ip addresses simply because it’s trivial to do so with cookies or browser fingerprinting. There’s exactly zero privacy either way.
No need to rely on app-specific configs. You can disable it globally in your fontconfig. For example, this disables ligatures in the Cascadia Code font:
Well it looks like we might soon be able to have the benefits of NixOS while also having bhyve (and presumably Sylve): https://github.com/nixos-bsd/nixbsd
Yeah I was disappointed that Cascadia was not in the fonts on the site. What won me over for Cascadia was: I decided to try it for a couple weeks. By the end, I was certain that Cascadia must be larger than my previous font because it was so much easier to read, so I opened two terminals side-by-side and counted the rows+columns that fit between my old font and Cascadia. To my complete shock, Cascadia fit a couple more lines on my screen, indicating that it was actually _smaller_ despite being easier to read.
Are they? I recently had to learn nftables and they seem to be iptables but with a slightly nicer syntax and without pre-defined chains. But otherwise, nftables directly maps to iptables and neither of them seem similar to pf.
> Simultaneously, the Republican-led Senate and House Intelligence Committees conducted their own investigations into the Russians' activities. The Senate committee's report, released in five volumes between July 2019 and August 2020, found that the Russian government had engaged in an "extensive campaign" to sabotage the election in favor of Trump
In a battle of "this narrative has been debunked" / "no it has not", the person who can provide links to inquiry on the narrative kinda prevails over the person who does not provide links to the debunk.
I say "kinda", in the sense that "it matters to people interested with dispassionnately learning about the subject", not "it will convince anyone to change their mind".
1. SLAAC means routers no longer need to keep a record of each client on the network. With DHCP, the router had to maintain a table of which addresses had been assigned and getting an address involved 2-way communication. With SLAAC the router just periodically broadcasts the prefix to the network and any device that wants an address can just listen to that broadcast and assign themselves an address within that prefix without having to inform the router and without the router needing to maintain a table of assigned addresses. (2-way communication is still possible since devices can solicit a broadcast but it is not necessary)
2. With IPv6, middleboxes are no longer allowed to fragment packets. The only device that can fragment a packet is the original sender. If any segment along the path has a lower MTU than the size of the packet, the original sender is notified and then they can fragment the packet.
reply