Slashdot Mirror
Apple Under Fire For Backing Off IPv6 Support
alphadogg writes "Apple Computer came under fire for back-pedaling on its support for IPv6, the next-generation Internet Protocol, at a gathering of experts held in Denver this week. Presenters at the North American IPv6 Summit expressed annoyance that the latest version of Apple's AirPort Utility, Version 6.0, is no longer compatible with IPv6. The previous Version, 5.6, offered IPv6 service by default. While home networking vendors like Cisco and D-Link are adding IPv6 across their product lines, Apple appears to be the only vendor that is removing this feature."
is all the world will need for the next 20 years, right?
With IPv6 likely to become mainstream soon, I'm sure they'll add it back ... for a fee. If it follows their use of XMPP, DAAP, ePUB, etc, there will also be proprietary extensions.
Apple is secretly working on IPv7, where there's just a single light-weight packet type, and is exclusively available on the AT&T backbone (at a premium rate).
Apple is a company where non-engineers make the rules, which allows them to create the best user experience, but in cases like this it would be better to have someone with a technical background in the lead.
Probably removed it because Apple didn't design IPv6 and they'll release iIP next month to compete instead of following a standard.
I'm sure slashdot readers are entirely unaware of what goes on when a program is rewritten. And naturally assume that when it happens, 100% of all features and abilities are reproduced without any complications in a couple months. Just look at photoshop - its been such a breeze to rewrite for adobe.
I'm sure no company would ever think about building a rewrite with enough features and polish to ship, then add in feature parity as updates later.
Actually, the expertsare divided on whether IPv4 addresses will be exhaused. There may be many more addresses hidden out there. Before this is properly investigated it is too early to take action on IPv4 exhaustion. The idea that addresses are running out is only scare-mongering spread by the left-wing media. We should focus more on the controversy and less on IPv6 support.
How much do you want to bet it shows up in a new update? This looks like FCPX, XCode4, iMovie08 etc etc all over again. Completely new redesigned version that has some feature that isn't used much stripped out that will be put in in a future update.
Steve Jobs gone, so we can do whatever we want with Apple!! :P
Nothing here... So... SHOOO!!!
Simple as that. That's their core philosophy. Batter life. IPv4 got it. IPv6 don't.
I don't anticipate that ipv4 dies off as slowly as many people suggest. ipv4 is easy to understand, and addresses fit within the average technicians short term memory. Just try to remember ipv6 addresses, you brain will melt!
Soo many services are now becoming NAT compatible, and many ISPs are now NATing their customers and handing out private ipv4 addresses.
I do expect enterprise networks to migrate first. Microsoft has done a good job at making ipv6 a desirable thing in it's enterprise environment. Each computer gets a public ipv6 address and ipsec encrypts any domain related traffic for a VPN-free anywhere corporate network.
At home? probably ipv4 for a very long time and some 4to6 NATing either on the router side or way up at the ISP side as the server world goes ipv6..
just my thoughts.
Every big firm wants, above all, to get rid of the quaint notion that the Internet is a network of intelligent peers. Much better to have dumb terminals all locked in to your service.
Sticking with IPv4 and the resultant multi-NAT hell is a good technical step in this direction.
It's like Google pretending to champion IPv6 then setting absurd conditions for their IPv6 services. So ISPs which offer native IPv6 by default, such as England's Andrews&Arnold, have to jump through artificial hoops before they're "supported". And it's no coincidence that half of abusive SixXS is half-run by a Google employee.
Oddly enough - and this'll get me the mod to oblivion - only MS has historically shown neutral support for IPv6, neither trying to control it nor eschewing it. That's because, I expect, Microsoft was traditionally about the powerful desktop and local server (running NT, of course). Now it's jumped on the cloud bandwagon, who knows?
Watch carefully as I suspect Apple will "magically" add this as a bullet point feature to help sell a new iteration of the product. (Failing to mention that it was previously supported) Wankers
I'm sure the functionality will be added back in.
Airport Utility 6.0 follows the recent trend of Apple making all of their software neutered versions of iOS versions (Lion to a certain extent, iCal, Address Book, etc)--so the comments here http://www.macrumors.com/2012/01/30/apple-releases-redesigned-ios-like-airport-utility-6-0-and-an-airport-base-station-bug-fix/. So, they went from a useful program with a standard interface (old version) to one with a pretty UI that lacks major features.
The trend has been for Apple to add MOST features back in at some point, so hopefully it continues. I can't imagine Airport Utility will stay this way forever.
I just keep an old binary around...
They did not remove IPV6 at all. They new confit utility (v.6) doesn't let you configure it, but they say so right in the docs that it is one of th feature the new version does not yet support. They also give you a download link the previous 5.6 version if you want to configure those rarely used features. IPV6 is even enabled by default.
There I said it. The lack of adoption and the lack of knowledge have made it a tremendous burden with absolutely zero benefit to our organization. I'm fine with running ipv4 into the ground. I just don't care anymore. I hate ipv6.
Uhm,
You do know, that IP addresses were originally designed to be assigned to a computer statically, right?
Each computer used to get an address, and the host file would be updated to include that computer's host name and IP address. Passing host files around got to be a nightmare, so DNS was invented, but IPs were still static for everyone except dial-up modem users.
NAT is here and it works for some things, but it is a shitty solution that causes all kinds of problems. NAT and dynamic IPs were not invented for privacy or anonymity, and they don't really do a good job at either. Having your computer have a globally routable IP address is a good thing, not a bad thing, and a lot of people pay extra for that "extra" feature (including people who want to run a server).
apple is no doubt creating its own network. no more worry about DRM, or how apple will get your money into their pocket!
On a further note, MS has put some level of annonymity into their adaption of the MAC address into IPv6 addressing.
Not only is this a significant increase in packet overhead, but it is highly likely that some portion will identify a person.
Without additional corroborating information all you can do with IPV4 or IPV6 is identify the originating computer. It is impossible to be 100% certain of who the person actually sitting at that computer is unless they transmit other uniquely identifying information or can be identified by third party sources such as security cameras. IPv6 is not meaningfully more useful for personal identification than IPv4.
You're a moron.
"Having your computer have a globally routable IP address is a good thing, not a bad thing..."
Not from a security perspective.
http://www.rootstrikers.org/
"Not only is this a significant increase in packet overhead, but it is highly likely that some portion will identify a person.
Yes, yes, I know there are lots of things the ISPs _can_ do to under IPv6 preserve anonymity. Most will not"
It isn't the job of the ISP do generate random ipv6 addresses, it is pu to the user:
http://tools.ietf.org/rfc/rfc4941.txt (nearly 5 years old though)
MS seen as backpedaling on it's support for 64-bit computing over Windows 8 only supporting 32-bit CPUs in tablets.
Come on people, this isn't backpedaling, it's a completely new version of a utility that in it's initial release supports what's in use in 99% of installations. Those who are actually using IPv6 can use the older version until this one adds support (probably in the next release).
make imaginary.friends COUNT=100 VISIBLE=false
Would you maybe care to explain just what it is that you're on about? Seriously, not a single thing you've written makes any sense.
I'm getting really tired of idiots that think NAT is a security solution. It's not. It's a hack that breaks end-to-end connectivity.
The only way IPv6 can be a security issue is because incompetent fucks don't understand security.
And so the number of people who can afford internet access - and, consequentially, the need to enlarge the range of available addresses - is about to plunge dramatically?
(Yeah, you may think that is trolling, but anybody who runs a big corporation will tell you that the corporation that doesn't keep a finger to the political winds has already seen its best days.)
Orwell: "In a Time of Universal Deceit, telling the Truth is a Revolutionary Act"
I suppose Apple could do a software update for the Airport to support V6. I wonder if Apple is going to AUID and IMEI rather than IP so they have an intermediate mapping server to funnel through?
JJ
That's bunk. NAT doesn't provide real security, and in fact a false sense of security. Your firewall should always deny/drop traffic by default, except where permitted otherwise, either explicitly or by a stateful connection originating from the inside.
If you want pseudo anonymity on the level of what you have with IPv4, then leave the global randomize identifiers on. It's on by default in Windows. You actually have to disable it with netsh interface ipv6 set global randomizeidentifiers=disabled.
http://en.wikipedia.org/wiki/Stateful_firewall
Time to learn some networking, bro.
You have the same ability to be "anonymous" as with IPv4. With IPv4, they can track it down to your gateway, but have no idea what PC inside originated the traffic. I doubt you get a unique IPv4 address each time your gateway restarts. My Comcast connection has had the same one for 8 years, through two cablemodems, because my MAC address on my router stayed the same (or rather, I told my newer routers to use the one my older one had). Even if it is different each time, like with many PPPoE implimentations, your ISP has logs where each account-to-IP-assignment is known.
With IPv6, if you leave the global randomize identifier option enabled (default in Windows), then all they can do is track it down to your network /64 which is assigned to your gateway, and not to the individual PC.
Not sure about other OS, but if being "anonymous" is important to you, you might look into it.
So here's the deal.
/60 network via a mechanism called DHCP-PD using what's called a DUID.
/64 (or multiple /64's, depending on the features of the device, I suspect just one by default unless you go into some advanced networking config), which will be used to connect your home network.
Your ISP will provide you with say, a
Your router will then provide you with a
Your end devices, such as your PC, will have the option of what's called "temporary addresses". These addresses by default on Windows are preferred for 1 day (meaning, all new connections are made using that address), and available for 7 days (as in, it will accept incoming connections on that address, but not create new ones from it).
This mechanism provides a level of anonymity because the address generation has nothing to do with any identifiable components on the device itself.
This is also something you control on your client, not controlled on the routers. If controlled on the router, one would merely use DHCP, offering the same level of "anonymity" that we have today.
I think what they were referring to is that the ISP presently gives out dynamic IPv4 addresses. The correlation in this case would giving out a dynamic IPv6 /64 to each network that connects. While this could be done, there are many reasons not to do so as it would require constant renumbering (which can be done, but it's confusing for the end-user).
Either way, it's all bunk, as the ISP will keep track of the address assignments to the network level either way. Both IPv4 and IPv6 have a way to "anonymize" the end-PC (IPv4 NAT, IPv6 random IPv6 addressing) - but it's very easy to fingerprint the PC without the IP address.
What you want is a firewall.
IPv6 who would ever want that?
More likely you will get a /96 at best. In those fixed 96 bits, there can easily be static UID portions. Right now with IPv4, the "tightness" of addr space means very few users have static bits in their addr, and most pay heavily for the privilige because they need it for incoming traffic.
You block ping too? God, you're two kind of idiots at once.
Apple didn't back off on anything. The version of Airport Utility discussed is the pretty, dumbed-down version of the application intended for folks who just barely understand what a router is about. It matches the similar version deployed on iOS.
The "previous version" isn't. The feature-complete 5.6 was released at the same time as the simple version, and has the same support for IPv6 as it ever did.
A.
...bringing you cynical quips since 1998
NAT is a security solution just as much as disconnecting or shutting off your computer is a security solution.
5.6 is not the previous version! 6.0 and 5.6 were released simultaneously! The problem lies with their product naming, not versioning. That is, 6.0 really should have been called Airport Utility Lite or something like that. 5.6 could have been Airport Utility Pro or something like that. 5.6 is very much the latest version. Want all the features? Use 5.6. Want a simplified interface? Use 6.0.
Why wouldn't they? ISPs get blocks in the /20 to /32 range, and end-users get /48s. That's plenty enough bits to do routing with, for both the ISP and for the end-user.
A /60 isn't generous, it's downright stingy. Not quite as bad as the ISPs that only give a single /64 (or the ones that fail to understand routing and don't give you anything at all), but there's plenty of space to give everyone /48s. Why go smaller? Especially all the way down to /96; you'd end up breaking SLAAC and subnetting for your users for no gain whatsoever.
Any argument revolving around what most people understand or need is silly in IPv6. Some people will need it or understand what to do with it, and the address space is large enough to allocate the same large block size to everyone, including the people who won't use it. What advantage is there in not doing that?
"But why would an ISP be so generous as to give you a /60"
Why wouldn't they? There aren't enought customers and equipment in the world to justify restricting customers to something smaller then /64.(bits reserved for local identifiers). Hell, the guy in charge of rolling out ipv6 to our customers is contemplating to just give all customers a /48 "because we can".
Apple is not in the "serious business" business. They aren't. They make "consumer gear" now. I love the Mac Pro. I love the Mac Mini. I think they are great machines. The problem? They aren't focusing on those any more. They care about iThings for people to throw away in favor of the next one.
And when some great F/OSS stuff makes implementing IPv6 easier, they will absorb it and pretend they invented it like they always have.
Apple users have multiple devices connected to the internet in their home. More so than pc users I believe.
Apple users are taking more ipv4 addresses, so when they run out of v4 addresses, what then?
Bad move on apples part
Not only is this a significant increase in packet overhead, but it is highly likely that some portion will identify a person.
Theres an RFC for that... RFC 3041. On windows hosts privacy addresses are enabled by default. Apple users have to switch it on manually if they want it.
Yes, yes, I know there are lots of things the ISPs _can_ do to under IPv6 preserve anonymity. Most will not, and of the few remaining, a few unfriendly chats from the telecommunication regulators will persuade most.
ISPs will have more prefixes to play with.. very reasonable to assume users will end up keeping their IPv6 prefixes longer or even have them statically attached to their accounts. My current ISP is dynamically assigning IPv4 addresses but I've had the same one for more than a year.
Broadband and "always on" put an end to dialup era short term assignment.
I love it when idiots post stupid things pretending that they know stuff. They come out looking like complete morons.
Here is a hint, go home and "google" home network and then come back and talk about what you learned and about how much of an ignorant you were before.
A /64 is the abolute largest prefix you will get.
Currently, those with ideas about this are debating between end-sites getting a /48 or a /56.
I like Spaces better in Lion. At first I was annoyed that my precious 4x4 grid was now a line, but I like better how the spaces and windows within them are combined with exposed and displayed.
I also really like full-screen support, I don't use it all the time but it's better than not having it.
Mail is also better.
Time Machine is, for me, less buggy.
I agree with iCal being terrible though, and the odd shift from Save As to Duplicate is rough - but that one I can chalk up to my having been used to how things are, and I'm willing to ride out that change to see if it's really better. The CS person in me thinks it is better because it's Apple baking version control into every document, which is pretty compelling if support becomes widespread.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Even if you could, it's trivial to block ping scans at the firewall in the same way as unsolicited connections
You have five minutes to have your mom accomplish that task, it being trivial and all.
Go.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Hosts which are not supposed to be (publicly?) addressable can just remain within a LAN. In case of IPv4, they'll have private addresses like 192.168.0.1, while under IPv6, they'll have a link-local address like fe80::1. NAT is just an address translation from the public internet to a private network. But if a host is not supposed to be addressable, why connect it to the public internet via a NAT?
If any host needs to connect to the internet, it ought to get a routable address. Let the firewall have its rules for which addresses are allowed and which are disallowed, be it via IPtables or PF. But making it jump through hoops via a NAT is ridiculous - either make it publicly accessable end to end, or don't make it publicly accessable at all.
Too many people are conflating NAT w/ private addresses. Any host can exist within a private network - no problems there. But if it needs to be a part of a public network, don't use the private network to connect the host to the public one - connect it directly, but w/ all the firewall rules in place.
This is something that would be easily achieved w/ the use of static vs dynamic addresses. For things like websites or ftp servers which one may want others to connect to from outside, use static addresses. For things that you don't want enumerated by hosts, use dynamic addresses. It's easier w/ IPv6, since you now have 2^64 - s, where s is the #static addresses you'll want/need.
To set all that up, in IPv4, you need DHCP, and in IPv6, you need DHCP6. Set up your address assignment configuration rules, and you're good to go.
IPv6 NAT only exists for links b/w IPv4 and IPv6 nodes. There is no such thing as NAT66 or NAT666.
Actually the value being widely recommended is a /56. See RFC 6177. That allows the user quite a few subnets, more than most homes and small businesses will likely use. Those with larger requirements should have no problem requesting a larger block.
Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
An ipv4 address isn't much different than a phone number and fits into human short-term memory well. An ipv6 address is tough to keep in mind and harder to look at. The human factor.
That's why I double NAT.
~S
I'm just doing this for fun, but wouldn't it be a couple clicks and 'disable ICMP' radio button in DD-WRT? :)
Yes of course.
Now think of a real person attempting to do this. Without your input. They are screwed.
NOW think of a real person attempting to do this, with your input, YOU are screwed, and I can almost certainly guarantee a home visit by yourself to do this in the end.
I myself like to enjoy the company of people I visit, not the company of their router interfaces (which very rarely serve cheeses I enjoy).
"There is more worth loving than we have strength to love." - Brian Jay Stanley
You've never heard of bait'n'switch? Get you lusting after a /48 and all hot-to-go, then get a /72 or less? Tell me -- if you were Big Sis and wanted to clamp down on the Internet, what would you do? Do you think Crisco and other router mfrs are gonna complain with more routing bits?
I have one use case that I haven't seen addressed yet (ha, ha): reverse proxy for high availability.
Okay, let's say I have two internal servers that I want to expose externally via a single IP in order to facilitate reachability in a scenario where one server goes down. I am aware of round-robin DNS for load balancing, but that doesn't address the scenario wherein a client has a previously-established end-to-end connection and the server they are explicitly addressing goes offline. For simplicity's sake, we can assume we are discussing a stateless app server, but the concept applies the same in application clusters that share session state among the cluster.
With v4, I can have the NAT device handle failover so that subsequent requests from the client are seamlessly rerouted to the other server at the network layer—all behind the abstraction layer that NAT provides.
I've read a little about RFC 6296 (NPT), but it's not entirely clear to me that this would solve my use case. As far as I know, the simplest/best solution is to insinuate a proxy between the public IP and the private IP, because interface bonding doesn't fix the scenario where the app server has gone down but the server host is still up. In an interface-bonding configuration traffic can still be sent to the host with the downed app server (FAIL).
I have read that some people are attempting to hack NAT on top of IPv6, but I have seen many posts over the past few years claiming that "NAT is never the solution/breaks the internet/causes cancer/etc"; therefore, I am wondering what the best practice actual solution is in this case.
/48 was the originally envisioned minimum end user allocation. It has been changed to /56 because some ISP's are afraid of running out of addresses. A typical ISP is assigned a /32 unless they ask for more, so that is "only" 65000 customers. However, large ISP's have been assigned up to /19, which leaves room for half a billion subscribers, even with /48 assignments. Going to /56 bumps that to 137 billion subscribers...
Finally! A year of moderation! Ready for 2019?
Because 4,294,967,296 addresses ought to be enough for everybody,.
V6 is Betamax and will never be adopted.
Some other really clever protocol will pop up and gain widespread commercial acceptance. It will not come from the IETF.
Mark my words.
Need Mercedes parts ?
ipv6 sucks anyway
There is a lot of confusion here from people who have obviously never configured Airport devices.
Most routers provide a web interface. The configuration interface is part of the router's firmware, and it can be assumed that if the configuration interface doesn't have a setting, it doesn't exist.
This is not the case with Airport devices.
Airport devices do not provide a web interface; the only way to configure them is through the "Airport Configuration Utility" which runs as an application on your PC, Mac, or iOS device. The Airport device's firmware hasn't changed - it still provides the same functionality it always has.
Second, there is a difference between between native IPv6 and running a 6to4 tunnel. One is "real" IPv6, the other is a hack for early adopters who want to gain experience with IPv6, even though their ISP doesn't provide it.
The Airport firmware hasn't removed any IPv6 support at all. As far as I can tell (and I've set it up on my home network), if an Airport device is given native IPv6 addresses & routing, it uses them and passes them along to devices that connect to the Airport network. "It just works."
The catch is that you cannot configure a 6to4 tunnel using Airport Configuration Utility 6. A 6to4 tunnel is the only way to get IPv6 for most of us, so many cry that the sky falling, etc. (Even though Apple released a new version of ACU - 5.6 - the same day as 6.0 - and 5.6 still has 6to4 tunnel configuration)
For those of us geeks that want IPv6, 6to4 is fine; we're using it for exactly the purpose it was designed for: a mechanism for early adoption.
But let's face it: 6to4 has some ugly warts: packets typically have to travel as IPv4 packets far farther than the local ISP office. A typical 6to4 packet traversal is along the lines of:
Not only does 6to4 add many unnecessary (and time-consuming steps), but network routing is much less efficient, which makes it even slower. I've yet to see a single 6to4 tunnel that had anything approaching the latency and bandwidth of the native IPv4. Having double (or more) of the latency, and considerably less bandwidth is a pretty poor user experience. In my mind, 6to4 tunnels are a hack that I'll be glad to be rid of, and one that normal users should never have to put up with.
Normal users shouldn't know or care about IPv6. Only we few should even have to think of a 6to4 tunnel, let alone use one.
For the "general case" internet user, the correct path is for the ISP's to provide native IPv6.
The real question is whether Apple is premature or simply "ahead of the curve" in deprecating 6to4 tunnels. I honestly feel the vast majority of users will never use 6to4 or its ilk - the transition will be from IPv4 only to a native dual stack - at which point the "removal" of 6to4 configuration is a moot point.
-- Sometimes you have to turn the lights off in order to see.
Here is a problem with idiots .... they don't think before posting stupid thing.
FACT: We are talking about a home network. Not the internet. Or are you going to tell us that somebody needs 4+ million web enable devices at home??
And BTW, I'm not defending Apple. Just making sure other uneducated people don't learn bad information from stupid people.
Come on guys....
How many home users know that if they have an IPv6 setup at home that it will travel with them when they take their notebook to Starbucks? Did Starbucks or any other WIFI site had IPv6 setup wrong, guess what!?!? The bad guys can poke you at any hot spot that is setup wrong, once they have your IPv6 they can just have the malware reply back to the controller node when it has a valid IPv6 address. Now how is it that these Home users understand how the Internet was suppose to work.
BAM!
Is your AV software also IPv6 compatible to understand these new exploits and connectivity?
Home users expect that when they are at a hotspot they are protected. ALL the hot spot operators I know barely know hot to turn the damn thing on or when it needs to be reset.
Your Average Joe
13.0.0.0/8 Xerox Corporation
15.0.0.0/8 Hewlett-Packard Company
16.0.0.0/8 Digital Equipment Corporation Digital Equipment Corporation, then Compaq, then Hewlett-Packard.
17.0.0.0/8 Apple Inc.
19.0.0.0/8 Ford Motor Company
48.0.0.0/8 Prudential Securities Inc.
47.0.0.0/8 Bell-Northern Research Bell-Northern Research, now absorbed into Nortel.
I'll believe there's a shortage, when those companies explain to me why they need 16.7 million addresses. Each. With a publically reachable IP.
For an internal network, what would be ideal would be what's called site unique addresses (fc00::/10), whereby every node in the world has a unique, non-routable address. AFAIK, It's never been implemented and the IETF also proposed a site local address (fd00::/10) where the global uniqueness wasn't required. But this is certainly a better solution than public IPv6 addresses - why would one give one's office network printer its own IPv6 address, when the only people authorized to use it are company employees?
The idea of a VPN is to connect 2 (or more) LANs so that it acts as 1 LAN - something doable using the above IPv6 address scopes. It's a PITA in IPv4, since a lot of groups do use 192.168.x.x, and chances of overlap are high to begin w/. W/ IPv6, chances are that nobody has overlapping IPv6 addresses, which makes networking them w/o using a higher layer to resolve any similarities that much easier.
And I'm still not sure what so many people want to do with DHCPv6. Router announcements and default DNS servers cover a very significant portion of DHCP uses under IPv4. There are some things that need additional configuration -- any sort of netboot arrangement for example, probably needs additional configuration data -- but those are all specialized applications, and given self-configured IP networking, quite easy to do without DHCP or at least without DHCP-based address assignment (i.e. just use DHCP for configuration of the non-IP-network parameters). And I have no idea what you mean by "buggy or exploitable" -- both IPv6 stateless autoconfig and DHCPv4 can be disrupted or hijacked by any host on the same broadcast segment, and even at that IPv6 has better recovery modes because the refresh interval is typically orders or magnitude shorter.
This one is easy - unlike IPv4, DHCP6 is needed if one wants stateful addresses - default DNS servers don't work in IPv6 w/o DHCP6. In IPv4, given that you have DNS and that the fact that every node is allowed only one address, DHCP4 is not as vital. But in IPv6, where a node can have any number of addresses, and where some services require that the addresses be stateful, it's a good idea to use DHCP6 to manage addresses. Using it, one should be able to distribute a link b/w stateful and stateless addresses, static and dynamic addresses and so on. An ideal DHCP6 would allow one to configure each of the segments, so that from the address, someone internally managing that network can tell whether an address is static, dynamic, belongs to a website, and so on.
Also, EUI 64 embeds the Layer 2 MAC address in a way that would enable anyone to know what it is, which is a bad idea. BSD unfortunately uses that as the default for assigning an address to a desktop. A better idea is to give the user the option of either doing an address fetch using router advertizements, or if the user is more competent, provide one w/ the option of using DHCP6 to assign the addresses of all the devices within the network.
How else can I see that dancing turtle?
But why would an ISP be so generous as to give you a /60 ?
Both native-IPv6 ISPs that I have used in the UK actually allocate a /48.
Why not? They have a /32 from RIPE and a small customer base.
Given that no LAN is likely to need anything greater than class A addresses, I think that that is probably the last thing that needs to migrate. The only reason to have a LAN IPv6 is that it would seem that having the same protocol for one's public and private networks would make it easier on the OS. Note that by LAN, I'm only talking about networks here that need to be isolated from the internet, not networks that form VPNs.
The thing that confuses this issue is people conflating NAT w/ a wide variety of things, from LANs, firewalls, reverse proxys and what have you. Very simply, if internet connection is needed, NAT is not the way to go about it. Firewalls do not break end to end connections. Load balancing is the only legit reason I've seen argued so far for having NAT, and even there, there's the question of whether a disruption in the continuity is required.
But yeah, even as an IPv6 advocate, I don't advocate that organizations move their LANs to IPv6 - except if they need to use them to connect VPNs.
This is all asssuming you are behind a NAT. But one of the good things of IPV6 is that it does away with all this NAT stupidity.
And Apple isn't giving their users this awesome user experience.
But I'm still not sure you are an idiot or just very bitter due to mistreatment by ISPs (or just trolling).
But IPv6 addresses have no value, there are just to many of them. And larger prefixes only mean more micromanagement for ISPs.
Also, if being anonymous is important to you, you should be using Tor.
Otherwise most notions of "anonymity" that you have are a joke.
The command line tools needed for ports/fink/etc can be installed without all of the rest of the stuff. So now instead of your 4-8GB download, you only need a 170MB download.
They force their users to upgrade every year anyways so maybe in 12 months it will be back.
The catch is that you cannot configure a 6to4 tunnel using Airport Configuration Utility 6.
So far as I can see, you can't configure the IPv6 firewall with Airport Utility v6.0. That is something that is far more important, and which also impacts those who can get a real auto-configured IPv6 address range and routing.
Yaz
The router still supports IPv6. Just use the 5.6 utility to set it up until some subsequent version of 6.0 supports it. Geez.
Backing off IPv6? Apple isn't doing anything of the sort. How absurd.
The only way IPv6 can be a security issue is because incompetent fucks don't understand security.
You just described 99.9999% of the people with an internet connection.
They want to see the DANCING BUNNIES!
There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.
# http://technet.microsoft.com/en-us/library/cc783049(v=ws.10).aspx
# default site local (FEC0) DNS server anycast addresses are:
# FEC0:0:0:FFFF::1
# FEC0:0:0:FFFF::2
# FEC0:0:0:FFFF::3
#
# IPv6 Host Address Block prefix
#sorry for the obfuscation, stupid
#XXXusingfwewerjunkcharactersusingfewerju-1
#-usingfewr-1-aa-3-bb-4-cc-6-dd-8-ee-9-ff-1
#-usingfewr-6-ee-2-ff-8-gg-4-hh-0-ii-6-jj-2
V6HABP=FDFD:DEAD:BEEF:CAFE:DEAD:BEEF:CAFE:0::
There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.
When Steve Jobs decided to not support Flash on iPhones, Adobe said it will not longer develop Flash on any mobile platform, Apple or otherwise (e.g. Android).
Steve Jobs managed to make Flash on mobile essentially die, right before he did.
And even though he is dead, his little tantrum and bullshit about Flash being a battery hog has hurt Android.
Spread enough FUD and you don't need to worry about your competitors supporting something you won't or can't, the vendor will just quit, and now no one
supports it so you win (and the people lose).
Flash had its problems, but it was opening up and getting better, and HTML 5 is not yet ready, and now there will be no way to play Flash games, etc on Android, since Adobe's abandonment means security holes won't get fixed and people will have to either remove it or get hacked.
IPv6 could lose support, now the The Flawless Almighty Apple (when will members of Steve Jobs cult wake up - the leader is dead!) has decreed it. Then we will all be stuck with NAT as ISPs revoke even dynamic routable IPs from customers.
Just because it CAN be done, doesn't mean it should!
Nice! A variation of the "Air Crushes Can"
http://www.youtube.com/watch?v=QVayky_b-6U
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling