• 0 Posts
  • 3 Comments
Joined 22 days ago
cake
Cake day: November 20th, 2024

help-circle

  • There’s no inherent guarantee that a router has a firewall configured properly, or has it enabled.

    If it’s not an enterprise router (where you sometimes start with a blank configuration), it most definitely does have a firewall blocking incoming traffic by default.

    In the deployments you’re seeing, are ISPs handing out /120 blocks to each router?

    /120 is not enough for IPv6 to reasonably work. It kinda requires the smallest block to be /64, otherwise half the cool stuff about IPv6 breaks. So you should get something between /48 and /64 (the recommendation for ISPs is /56 for residential users so they can subdivide their network to 256 other networks, and /48 as default commercial allocation).

    Does that require the ISP to have access to alter your home router, or do customers configure the DHCP themselves (which seems unlikely to scale)?

    There is DHCPv6, but it’s not really an important part of a network like DHCP for v4 networks. IIRC Android doesn’t even support it. IPv6 uses Router Advertisement (RA) to tell devices what prefix they’re in (and a few things that were originally DHCP options, like the preferred DNS servers), and the devices then pick their own address using the SLAAC mechanism (originally it was derived from the MAC address, but nowadays should be a random number). RA supports “multilayer” networks where each following router further subdivides the prefix it got.

    If you want a static address (for example for a server), you can either configure it manually on the device (using tokenized addresses, i.e. “static local part with dynamic prefix”), or use a DHCPv6 server to assign the address (in which case the RA responses from your router need to indicate that there is a DHCPv6 server on the network).

    Also, you talked about the fc00::/7 (or its locally managed half, fd00::/8) prefix as a proof that NAT is used with IPv6, but… There’s absolutely nothing stopping you from having both a globally routable address and a local only address at the same time. IPv6 already requires you to have at least two addresses when you connect to any network - a link local address and whatever other address you get assigned (btw IPv4 never prevented you from doing the same thing, it just wasn’t directly encouraged and wasn’t widely used, and DHCP didn’t support handing out multiple addresses unlike RA).

    You can even get a security “improvement” over the claimed scenario with NAT with this - if you don’t assign a global address to a node, then not only will it be unreachable from the internet, it will also be unable to connect to the internet itself while being reachable from your network without any issues. “Air gapping” (I know, I know… but people use this term for “no internet” now) for folks afraid of firewalls!


  • I would hope it’s a special, heavy-duty kind at least.

    I’ve seen an expensive microwave with a capacitive touch panel right above the door (and the door was the classic oven style, so attached by the bottom edge). If you ever had a phone with crappy moisture detection, you know where this is going.

    You put your food in the microwave. Turn it on and let it heat the food up. Open the door, take the food out and close the door again. Congratulations, your microwave has probably just turned itself back on, because it detected the humid hot air rising from the briefly opened door as you touching the screen. And because most of the touch screen is “touchable”, there’s a pretty good chance this gust of humid air can successfully pick a cooking/heating mode and confirm it.

    The microwave randomly navigating its own touch screen happened pretty much every time, passing all the menus and turning on was successful about 10% of the time.

    In short, I wouldn’t expect a microwave interface to have any thought put into it.