IPv6 Turns 20, Reaches 10 Percent Deployment

An anonymous reader writes: Ars notes that the RFC for IPv6 was published just over 20 years ago, and the protocol has finally reached the 10% deployment milestone. This is an increase from ~6% a year ago. (The percentage of users varies over time, peaking on the weekends when most people are at home instead of work.) "If a 67 percent increase per year is the new normal, it'll take until summer 2020 until the entire world has IPv6 and we can all stop slicing and dicing our diminishing stashes of IPv4 addresses."

"A decade or so ago, it was still quite common for people to complain about certain IPv6 features, and proclaim the protocol would never catch on. Although part of that can be blamed on the conservative nature of network administrators, it's true that adopting IPv6 requires abandoning some long standing IPv4 practices. For instance, with IPv4, it's common to use Network Address Translation (NAT) so multiple devices can share the use on an IPv4 address. IPv6 has more than enough addresses to give each device its own, so there's no NAT in IPv6. The Internet is probably better off without NAT and the complications that it adds, but without NAT as a first but relatively porous line of defense against random packets coming in from the open Internet, it's necessary to be much more deliberate about which types of packets to accept and which to reject."

Dear asshole utopians who hate NAT

[PvtVoid]

The Internet is probably better off without NAT

Short response: Fuck you.

Long response: I should be the one who decides whether my local network appears to the outside as a single IP address, or multiple. Also, fuck you.

Re:what

[gstoddart]

Does this require that I trust a device isn't manufactured by a lazy, incompetent corporation who cares more about profits than security, and is really interested in collecting marketing and analytics data?

Because my entire point is that you pretty much have to assume you can't trust the internet at all, you can't trust the corporation who made the device, and you can't trust that any piece of software isn't actively hostile to your security.

Let's start with the premise there's not a single piece in the chain you can truly trust and assume that will never change, and then build in stuff which recognizes that fact. Don't graft something onto the protocol which may or may not be implemented properly

Anything else is ignoring every lesson about security we've learned in those 15 years -- including that the companies making this shit don't give a crap about either your privacy or your security, and therefore have to be assumed to have neither unless you force it on them.

There's no way I'm willing to believe I can put any trust in privacy extensions. I want a protocol which starts from the premise of "hell no I can't trust you fuckers, and I never will". Because that much more closely coincides with the reality of the internet.

Don't leave security in the hands of the guy who wanted to sell you an internet connected fridge. If you do, you're a complete idiot, because he doesn't give a crap about your security, and never will.

Privacy extensions my ass.