I install molly-guard on important machines for this reason. So fast to do a reboot on the wrong ssh session
I install molly-guard on important machines for this reason. So fast to do a reboot on the wrong ssh session
You have my sympathy. I do not know of a sure way to get isp’s to behave. Espesially not if they have regional monopoly
Thank you! :) I also notice i compleatly forgot the port exhaustion issue we see with larger networks behind roo few ipv4 NAT addresses…
I guess I am lucky. 3 out of 3 isp’s available from in my region provide IPv6 with a dhcp-pd assigned stable address by default. (Norway)
If there is a ipv6 service online. That you want to reach from a v4 only client. You can set up a fixed 1:1 nat on your firewall where you define a fake internal ipv4 address -> destination NAT onto the public ipv6 address of the service. And SRC NAT64 embed your clients internal v4 into the source ipv6 for the return traffic. And provide a internal dns view A record pointing to the fake internal ip record. It would work, but does not scale very well. Since you would have to set this up for every ipv6 ip.
A better solution would be to use a dualstack SOCKS5 proxy with dns forwarding where the client would use the IPv6 of the proxy for the connection. But that does not use NAT tho.
The best solution is to deploy IPv6 ofcourse. ;)
That is not how it works. You can have a home network on ipv6. And it can reach all of ipv4 via nat ( just like ipv4 do today). A net with only ipv4 can not reach any ipv6 without a proxy that terminst the v4 connection and make a new v6 connection. since ipv6 is backwards compatible. But ipv4 is naturally not forwards compatible.
Also it is the default deny of the stateful firewall that always coexist with NAT, since NAT depends on that state, that is the security in a NAT router.
That default deny is not in any way dependant on the NAT part.
But DNS rarely break. The meme about it beeing DNS’s fault is more often then not just a symptom of the complexity of IPv4 NAT problem.
If i should guesstimate i think atleast 95% of the dns issues i have ever seen, are just confusion of what dns views they are in. confusion of inside and outside nat records. And forgetting to configure the inside when doing the outside or vice verca. DNS is very robust and stable when you can get rid of that complexity.
That beeing said, there are people that insist on obscurity beeing security (sigh) and want to keep doing dns views when using IPv6. But even then things are much easier when the result would be the same in either view.
I assume the normal fear of unknown things. It is hard to hate ipv6 once you have equivalent competence in ipv4 and ipv6.
I felt dirty! and broke so much shit when i had to implement NAT on networks in the mid 90’s. Nowdays with ipv6 and getting rid of NAT is much more liberating. The difference is staggering!
Now the greatest and best effect of ipv6 is none of the above. It is that with ipv6 we have a slim hope of reclaiming some of what made the Internet GREAT in the first place. When we all stood on equal footing. Anyone could host their own service. Now we are all vassals of the large companies that have made the common person into a CGNAT4444 using consumer mindlessly lapping up what the large company providers sees fit to provide us. with no way to even try to be a real and true part of the Internet. Fight the companies that want to make you a eyeball in their statistic, Set up your own IPv6 service on the Internet today !
China block much of the internet so who knows with china. Do not know if anyone have real china numbers of IPv6 deployment. They also had their own “IPv9” that was rumored some years ago that may or may not have been used internally.
Not much choise i guess. Usa and europe grabbed the majority of available ipv4 space. Asia got a bit. And only scraps and leftovers for africa and latin america.
You do as well, if you run any operating system newer then the last 10 years.
That should simply not be allowed. Cgnat for ipv4 is fine if they also provide proper ipv6
Someyhing like searxng? Or what do you imagine?
While that may be true. The filter bubble is also a very real thing.
Social media sites earn their money by your attention. And try to keep it as long as possible, with all the tricks in the books, and some they invented.
So when someone belives something. They search about it. And belive they have done research. When they find what the site belive keeps them engaged.
Want to know more? sorry, been playing to much helldivers 2. ;) https://www.ted.com/playlists/470/how_to_pop_our_filter_bubbles
The science is not conclusive tho. Perhaps i am in a bubble… messes with the head…
If you fell on your face before the camera phone. Your 2 friends laughed at you. Nowadays the whole school laughes at the video of you for a week or more. I am not at all suprised that young people are risk avoidant. I feel so very priveleged that I grew up in the slim timeframe while the internet was new and exciting and made modem warbling noises. And not now in the time when we are permanently connected, and absolutly everything on the internet is trying to exploit you, and have a team of psycoanalysts to make it most effective on you.
old post, but I so wonder why you got downwoted for saying it like it is. a good isp will give you a /56, the minimum best practice. a great isp will give you a /48 you’r router will also participate in the wan /64, but that is just the uplink, and not something that will be used on the lan. https://www.ripe.net/publications/docs/ripe-690/#4--size-of-end-user-prefix-assignment---48---56-or-something-else-
Wtf is a real elon musk? He is not elon musk of tesla. But is not uncommon for multiple people to have the same name.
Poor man it must be annoying to have to introduce yourself as “elon musk, no not that elon musk” all the time?
All chat tools after irc have been trash for large communities. That includes slack. Irc somehow still works with 1500 people in it. I can not explain how. With a logging bot the discussions can be archived for google searchabillity. I guess that could be true for a discord or slack also, But i never seen it implemented. In most slacks i can not search more then 60 days back.
That must have been a concerted effort. The amount of anti-mozilla posts and comments that totaly permeated everything for a short while, was very suspicious.