How much more gradual do you want? I've been running dual stack for over a decade with a tunnel back to HE. At this stage most of your equipment runs fine with IPv6.
Actually you get something that has passed several different analyses.
Silencing "gcc -Wall" is a good thing. Modern gcc versions catch lots of errors. Add to that clang static analysis and others you get pretty reasonable error detection which is what they are aiming for.
Because it is a change of contract and if they did it to those still in the minimum contract period they would let them break the contract without them having to pay ETP.
So Verizon made a bet that customers wouldn't use the unlimited data that they sold them and they lost. Tough!
It looks like Verizon should start offering plans that reflect the actual cost to supply. Those that use the most pay the most.
Have data caps. Throttle users once they reach those caps. This puts back pressure on the users in terms of cost.
Provide incentive to time shift data transfers to the quieter periods. e.g. Only count 1/2 the data between 02:00 and 06:00 for example and let the customers know.
It costs NetFix $X to supply the cache per month over the lifetime of the cache box. It also costs them $Y to populate the cache as this still has to go over paid transit + the cost of the tail $Z. Against this is the cost of just sending it all via paid transit $T. Remember the "cache" isn't a pure cache. It has movies pushed to it without there being a request for them in multiple forms.
For small nets $X + $Y + $Z > $T. As the size of the net increases the balance switches to $X + $Y + $Z $T.
Do you really think it is fair to demand that Netflix take a cost hit just to provide you with a cache?
In sane countries you have "bring your own phone" plans which are cheaper that ones with phones and contracts where the cost of the phone is itemised and disappears once it is paid off. You can also unlock the phone at anytime for a small fee while in contract and $0 out of contract. The contracts are advertised with minimum spend over X months. This is what the carrier expects to get from you regardless of whether you use the phone or not. It is also what you are expected to pay.
Yes. Applications can do much, much better job of access control than any firewall can do. Additionally the access control can be based on things of other than IP address which are very poor authentication tokens.
Having worked with protocols that uses cryptographically strong authentication it provides a much better solution space than using IP address. This is especially true when the client side is changing IP address all the time.
What does ASN count have to do with route counts? They have no relationship with each other other than you need a ASN to announce routes in BGP. Note you can have a ASN without announce routes.
And now 100% of their home users have IPv6 available to them if they wish to avail themselves of it. Comcast have been aggressively supporting IPv6 for many years now.
CGN for homes breaks things people expect to work at home.
Cellular networks are almost completely client only. Home networks aren't. People run services on home networks and ISP's know this. Port forwarding is all about providing services from the home network.
It is so that they can reduce the number of routes they need to manage. This applies to IPv4 and IPv6.
When segments of the network become overloaded then need to split them by installing new equipment. Rather than install a route per customer they get the customer to renumber.
Similarly if they need to increase a address pool because there is too many customers for the configured pool of addressees. They find a bigger address block and have the customers renumber into it. The old block will be marked as free, possible consolidated with other address blocks and reused somewhere else in the network.
You have a IPv4 address allocated to you. You have a IPv6 address block allocated to you. There is no difference from a privacy perspective. The single address (IPv4) or the block (IPv6) identifies the home. With privacy addresses implemented and on turned on by default by the major vendors you don't get to track back to individual computers unless you are running a service which doesn't use them.
Truly, you should be able to connect a box to the Internet without a firewall and it should be fine. If it isn't the manufacture has not done due diligence. That said mistakes happen. Keeping up to date with maintenance releases is the way to address this issue.
Governments could help here by requiring manufactures to supply security fixes indefinitely for any internet connectable software. For consumer electronics this could be 20 years or more. Note the fix may be "upgrade to release X" where X involves a feature jump.
You still haven't show why a commercial operator should require a certificate when a hobbyist doesn't for the same class of drone. If a class of drone requires equipment to be fitted it should be independent of whether the drone is commercially operated or not.
Which is why you also put in a speed camera on such lights as well as a red light camera with a big sign saying "Red Light - Speed Camera". All new red light cameras are both speed and red light camera here with the old red light cameras being retrofitted with speed timing loops.
If you speed up to make the light you get a speeding fine. Traffic actually obeys the speed limits as there are enough of these to make it a pain to speed up and then slow down for the intersections.
Bridges have massive error tolerances built into the design. A single bolt/rivet failing won't bring down a bridge. Bridges are designed to cope with these sorts of failures.
Software as almost zero tolerance for errors. A single bit error can destroy a program.
Slashdot Mirror
How much more gradual do you want? I've been running dual stack for over a decade with a tunnel back to HE. At this stage most of your equipment runs fine with IPv6.
Actually you get something that has passed several different analyses.
Silencing "gcc -Wall" is a good thing. Modern gcc versions catch lots of errors. Add to that clang static analysis and others you get pretty reasonable error detection which is what they are aiming for.
It saves the government money to consolidate the checking to one place. Otherwise every department would need to do the checking themselves.
By doing this continuously you end up with releases which are free of known errors.
Because it is a change of contract and if they did it to those still in the minimum contract period they would let them break the contract without them having to pay ETP.
So Verizon made a bet that customers wouldn't use the unlimited data that they sold them and they lost. Tough!
It looks like Verizon should start offering plans that reflect the actual cost to supply. Those that use the most pay the most.
Have data caps. Throttle users once they reach those caps. This puts back pressure on the users in terms of cost.
Provide incentive to time shift data transfers to the quieter periods. e.g. Only count 1/2 the data between 02:00 and 06:00 for
example and let the customers know.
It costs NetFix $X to supply the cache per month over the lifetime of the cache box. It also costs them $Y to populate the cache as this still has to go over paid transit + the cost of the tail $Z. Against this is the cost of just sending it all via paid transit $T. Remember the "cache" isn't a pure cache. It has movies pushed to it without there being a request for them in multiple forms.
For small nets $X + $Y + $Z > $T. As the size of the net increases the balance switches to $X + $Y + $Z $T.
Do you really think it is fair to demand that Netflix take a cost hit just to provide you with a cache?
Only because of rip off plans.
In sane countries you have "bring your own phone" plans which are cheaper that ones with phones and contracts where the cost of the phone is itemised and disappears once it is paid off. You can also unlock the phone at anytime for a small fee while in contract and $0 out of contract. The contracts are advertised with minimum spend over X months. This is what the carrier expects to get from you regardless of whether you use the phone or not. It is also what you are expected to pay.
Yes. Applications can do much, much better job of access control than any firewall can do. Additionally the access control can be based on things of other than IP address which are very poor authentication tokens.
Having worked with protocols that uses cryptographically strong authentication it provides a much better solution space than using IP address. This is especially true when the client side is changing IP address all the time.
What does ASN count have to do with route counts? They have no relationship with each other other than you need a ASN to announce routes in BGP. Note you can have a ASN without announce routes.
And now 100% of their home users have IPv6 available to them if they wish to avail themselves of it. Comcast have been aggressively supporting IPv6 for many years now.
CGN for homes breaks things people expect to work at home.
Cellular networks are almost completely client only. Home networks aren't. People run services on home networks and ISP's know this. Port forwarding is all about providing services from the home network.
Whine, Whine, Whine.
My IPv6 tunnel end point is the other side of the Pacific ocean.
It is so that they can reduce the number of routes they need to manage. This applies to IPv4 and IPv6.
When segments of the network become overloaded then need to split them by installing new equipment. Rather than install a route per customer they get the customer to renumber.
Similarly if they need to increase a address pool because there is too many customers for the configured pool of addressees. They find a bigger address block and have the customers renumber into it. The old block will be marked as free, possible consolidated with other address blocks and reused somewhere else in the network.
You have a IPv4 address allocated to you. You have a IPv6 address block allocated to you. There is no difference from a privacy perspective. The single address (IPv4) or the block (IPv6) identifies the home. With privacy addresses implemented and on turned on by default by the major vendors you don't get to track back to individual computers unless you are running a service which doesn't use them.
If you turn on IPv6 in a typical home today over half the traffic will move to IPv6. In the future the shift will be greater.
For Comcast, this means that ~15% of their traffic from the home is IPv6, and the overall home traffic is ~6Tbps.
One packet in six is IPv6.
The ability to more easily diagnose network problems without having to deal with the consequence of address and port translations.
A default deny in firewall is as easy to manage as a NAT and it doesn't mangle the addresses or ports.
Truly, you should be able to connect a box to the Internet without a firewall and it should be fine. If it isn't the manufacture has not done due diligence. That said mistakes happen. Keeping up to date with maintenance releases is the way to address this issue.
Governments could help here by requiring manufactures to supply security fixes indefinitely for any internet connectable software. For consumer electronics this could be 20 years or more. Note the fix may be "upgrade to release X" where X involves a feature jump.
And you can to this at the application layer. You do not need a firewall to restrict service to particular clients.
Which shows more about you local network that slashdot.
Yes. I do have IPv6 enabled and have done so for the last decade.
% dig -6 slashdot.org +short
216.34.181.45
%
Given the size of usb sticks. Searching a coin box would be reasonable.
You still haven't show why a commercial operator should require a certificate when a hobbyist doesn't for the same class of drone. If a class of drone requires equipment to be fitted it should be independent of whether the drone is commercially operated or not.
The commercial operating certificate is to protect the fare paying passengers by ensuring that you have the requisite experience.
Last time I looked drones were not carrying passengers. The two situations are in no way comparable.
Which is why you also put in a speed camera on such lights as well as a red light camera with a big sign saying "Red Light - Speed Camera". All new red light cameras are both speed and red light camera here with the old red light cameras being retrofitted with speed timing loops.
If you speed up to make the light you get a speeding fine. Traffic actually obeys the speed limits as there are enough of these to make it a pain to speed up and then slow down for the intersections.
Bridges have massive error tolerances built into the design. A single bolt/rivet failing won't bring down a bridge. Bridges are designed to cope with these sorts of failures.
Software as almost zero tolerance for errors. A single bit error can destroy a program.
Firstly use ULA for local stability.
As for DNS, UPDATE + TSIG works with just about all name servers as does UPDATE + SIG(0).
Mac's already support UPDATE + TSIG.