WPA3 is resistant to dictionary attacks. The Wi-Fi Alliance says that WPA3's SAE is resistant to offline dictionary attacks where an attacker tries to guess a Wi-Fi network's password by trying various passwords in a quick succession.
WPA3 uses Dragonfly which was shown to be vulnerable to small subgroups that can be exploited to conduct offline dictionary attack.
The article is dismissive of the direction this is heading, but in a world where 99% of the people using a mobile device simply have no ability to manage digital security, you just can't continue to allow people to install something from anywhere.
Of course you can. It's done by creating operating systems not full of swiss cheese escalation vulnerabilities and giving users meaningful access controls that never devolve into take it or leave it demands of software.
Google refuses because it eats into profits of themselves and app developers. God forbid a user is able to feed fake location, address book and phone data into malware they downloaded from Google play store or restrict access to resources... App developers would riot. Owning users is the business model of the everything must be FREE app store market.
As a technical user I absolutely want there to be way more open options where people with technical ability have a lot of freedom as to what they can do, and I'm sure some Android devices will continue to provide that.
Damn straight!! The peasant class doesn't deserve no stinking freedom. They can't handle it. All Hail King Alphabet ruler of all teh Intertubes.
But the world also absolutely needs Apple-level closed off system like the App Store that protects people who cannot protect themselves from remote exploitation and harm.
Good grief, let me know when all the malware in the Google app store is gone. Really perverse aspect of these arguments is the failure to understand app stores themselves are responsible for creating "race to the bottom" market incentive that only fuels development of malware and resulting 0wnage of millions of users.
This is nothing more than being as evil as possible for financial gain while blurting out "SECURITY" as justification for everything. No different than Facebook saying it needs to do cross site tracking of everyone everywhere in order to protect Facebook.
The ONLY problem is proliferation of defective operating system jails and associated access controls.
Especially love CO alarms with numeric readouts showing CO levels. They always show 0 even when the alarm itself detects significant quantities of CO.
Most amazing aspect to me is people have gone to the hospital for persistent CO poisoning while their meters were working AS INTENDED.
Root cause of this behavior is an intense desire to squelch "false" alarms at the cost of leaving the consumer in the dark as to actual CO problems that may exist.
Even outright hazardous levels will typically take several minutes to a half hour to sound the alarm when physically detected all that time.
This was not intended as an excuse for outright defective hardware yet personally I consider all CO "alarms" defective as designed and generally government mandated. If you have CO issues or concerns get yourself a "meter". Anything that is an "alarm" or a "detector" is defective by law in my view.
Better still avoid being a total dipshit and 90% efficient furnaces with _secondary_ heat exchangers. The failure modes of these things are insane.
It's amazing to see eBay taking action against crap it knows doesn't work even though they seem to have no such compunction about proliferation of 100% guaranteed scam items like 1TB USB sticks for $20-$100.
Indeed. It's a great way of finding out what focus groups are good at. Interestingly have you ever seen a focus group, or a beta tester? The kind of people who participate in these events hugely skews the results which is one of the reason why the industry is trying towards telemetry.
Creating a focus group that isn't representative of your customer base is a rather counterproductive endeavor. Play testers are there to find issues not take the place of a focus group.
Laziness is really the point here isn't it? You're too lazy to install a stats package and parse your own access logs.
Not quite. One man's lazy is another man's more cost effective service. It just goes with the whole general global theme of outsourcing or building on the work of others.
A lot of it also has to do with economics. I was at the time doing quick work paid by the hour. Copying and pasting a paragraph of Javascript ultimately was far more effective for the client than paying to screw around with stats packages and setting up specific targeted telemetry. The client's users be damned.
All I'm hearing in these remarks are justifications for laziness. An attempt to externalize your costs without regard for consequences simply because it is easier for YOU.
Well guess what the free ride is nearing an end. Privacy legislation and consumer awareness is increasingly piling up against you. With each day that passes value of Google analytics decreases as percentage of users with privacy filters preventing Google analytics from functioning increase.
The reality is reduced effort justification isn't really even true unless you're a newbie or just have one customer. Stats packages are relatively trivial to install and configure especially as a standard feature of websites. Many of them support multi-site configurations and several hosting panels wire them up automatically without any intervention when creating a new site.
The problem is those "others" who provide you a service have it in their best interest for their service to be as flexible as humanly possible with no regard to your scope. You want the logs? We'll get you the logs. Incidentally we'll also get you the kitchen sink, and details of how often your users actually do the dishes in their sinks? Didn't want it? Well we got that info anyway.
Stop purchasing solutions which are not scalable and the "problem" will solve itself.
The Allow-Origin header allows any malicious website you happen to visit to use xmlhttprequest to fuck with and steal information directly from your device with impunity. This is absolutely insane.
Telemetry: I think as developer I need to gather this metric to make sure I didn't make this level to difficult and deter users in the future.
This is what focus groups and play testing are for.
I remember installing Google analytics a few years ago to find out some information about a new page we added to a customer's website. We had our suspicions that the customers weren't seeing it. I was not at all interested in the intricate details of every browser, screen resolution, operating system, how long they stayed, and what they clicked it. It was all given to me anyway.
Laziness is really the point here isn't it? You're too lazy to install a stats package and parse your own access logs. People can't be bothered to take the time to understand their users so they hide "telemetry" without regard for customers wishes and consequences.
Right, because Christianity and Judaism have been so toxic that cultures that live consistent with Judaeo-Christian norms have failed miserably.
The only difference of import between Islam and Christianity is the REPETITIVE nature of being a practicing Muslim.
Religion at low levels is a manageable annoyance. Religion of people who organize their life around it is how you get ISIS and heaven's gate.
Religion is not cancer. You could argue that people can be peaceful, intellectual, and also without religion. I'd like to see an example of such a culture. Best we see of that is a culture that replaces worship of a god or gods with worship of a leader or of government.
Religion is absolutely a cancer. Too many have leveraged religion for their own aims granting themselves legitimacy that would otherwise be denied to them without it. Religion is a dangerous vehicle of control (yet far from the only one) the world is far better off without.
The only difference between Christianity and Islam is the volume level. It isn't the content of the religion. All of the Abrahamic religions reflect cave dwelling sensibilities of their times.
Perhaps someday Islam will evolve into a religion that is not bent on suicide.
The only evolutionary path for religion is the extent to which underlying theology is ignored by its adherents.
In the early 20th century, human living conditions, including improvements in sanitation, hygiene, and dietary needs being met likely all contributed to a net rise in human cogitative performance, however atmospheric CO2 levels have also been steadily rising in that time.
So yeah. Probably CO2 level rise has caught up to the benefits of improved standards of living.
These studies are short term experiments addressing the question of immediate effect of change in CO2 exposure in office settings. They do not even attempt to address questions of acclimation over much larger time scales.
For all these studies are designed to show baseline CO2 concentrations may well be irrelevant under a reasonable limit.
If you used to judge the content of the study by who wrote it, you were never interested in "science" anyway. Science was always done by some random dude. That doesn't make it any more or less right.
In a world with infinite time and infinite resources perhaps. In the real world integrity or lack thereof of those involved with paper is a necessary signal as to whether it is even in ones interests to waste limited time and resources with it.
If people are systematically fucking up go ahead and expect it not to have consequences if you so desire. It's not the way the world actually works and for good reason.
Dude... Do you REMEMBER what PC gaming was like before Steam?
You had to have the CD in your computer to play. People started putting in multiple CD-ROM drives so that folks could easily play different games. That's not so bad...
Steam was (and continues to be) successful, because it turned the adversarial relationship between player and publisher into a much more cooperative one. It's not some grand conspiracy. It took a terrible user experience and turned it into something that was organized, didn't install rootkits, let people have all their games at their fingertips, works across platforms, and has ensured that if I have anything resembling a modern computer, I can play almost anything I've ever purchased. Oh, and there's not monthly fee for anything.
Justifying unacceptable behavior by invoking even more unacceptable behavior is priceless.
Steam pretty much has a distribution monopoly on PC video games. There are niche services like Origin or Uplay but they mainly just distribute their own games. Or GOG for DRM-free stuff but only a fraction of games is available there.
If it isn't on GOG or available for sale DRM free it might as well not exist.
You don't have an automatic right to have a software company support massively outdated OS feature sets that was end of life a decade ago.
So long as they first turn off any DRM that would prevent software you already own and purchased from continuing to function you would have a point.
Otherwise if you purchased a perpetual license to something the store you bought it from doesn't have an "automatic right" to recall the item from your home because your house is too old.
Perhaps they granted themselves that right and the right to your first born and the right for you to give them a million dollars on command because they wrote something to that effect in a legal document. Any such provision is clearly unconscionable.
MS forums are a rather comical example of the dangers of "playing to the metric". I suspect most would be better served if they were shut down in their entirety and all traces purged from search engines.
There are much better alternatives for crowd sourced support.
If allowed, the flip to IPv6 will occur as soon as the price delta on this demand can pay for it, or make it worthwhile.
In functioning market based systems if you can foresee increased demand or a looming shortage you don't just wait passively by doing nothing until problem hits before reacting. Nobody concerned has any desire at all to be subject to negative consequences of reasonably avoidable problems.
This is simply not the way people who conduct business and still expect to remain relevant behave.
Typical ipv6 goon, patronizing. Yah, that's going to work. News for you: ipv6 mafia are the clowns. Not just my opinion.
Don't shoot the messenger. It's what content wanted. Google counts milliseconds of latency in terms of millions of dollars in lost revenue.
To them it is either native IPv6 with similar reliability and capability or IPv4. They are not interested in losing money on tunneled overlay schemes. This reality is something many "IPv6 goons" had no appreciation for. Goons only cared about clever ways to get everyone IPv6 with duck tape and bailing wire if need be as soon and as fast as possible. The "goons" were laughed out of the room by big content.
The financial services industry will NOT use IPv6 because multicast doesn't work properly on switches, there is no good way to filter unwanted traffic.
IPv6 day was the grownups sending a pretty clear message that clowning around with transition schemes were no longer appreciated. They demand a production quality IPv6 network at least as capable and reliable as IPv4.
This means all of these crummy tunneling overlays ended up being unused, unappreciated and ultimately rather pointless.
Like those guys lived in an ivory tower or something.
Ivory towers full of pigeon poop I bet. At least they appreciate the pigeonhole principle.
I know I'll get burned for saying this but IPv6 fails the scratch and sniff test. I've grown up around the IPv4 dilemma yet no-one I know that I worked with (contractor worked at 30+ different businesses) ever seemed to fully grasp IPv6.
Workers don't get it, vendors don't get it, network providers don't get it, telcos don't even seem to get it. Based on the fact that we've been at this for 15years+ and it still hasn't gained any traction it's time to call it a failure and move on.
IPv6 in all ways that matter is the same as IPv4 with 96 more bits of address space.
It seems that the IPv6 designers used the kitchen sink approach and tried to solve multiple (actual, potential, and far-future) problems at the same time rather than the single, simpler problem of the IPv4 address-space exhaustion and that approach made IPv6 a complex mess that's difficult to easily understand. If they had done something simpler, everyone would have switched over by now. IPv6 is another case of smart people doing dumb things - specifically, not thinking things through enough by thinking things through too much.
The only part of IPv6 that matters is the address space. The rest is noise.
Personally I think 128-bits was a great decision. Not only did it give everyone more room than they'll ever need it also thwarts low effort global scanning and exploitation campaigns. I even like SLAAC for as dumb as it is since it kind of nudges providers not to skimp out and take more of the address space for themselves.
Also going with a completely separate address space rather than mapping across was a very smart move due to pigeonhole principal, network reliability and not inheriting scarcity driven route disaggregation.
Operationally it doesn't matter how much IPv4 and IPv6 peers can communicate with each other. What really matters is reliability. The door was forever closed on address space expansion the moment ink dried on IPv4's fixed address space. There was nothing that IPv6 could do. No matter what you would by necessity be required to expand address space in an incompatible manner.
The naming service in my view is the proper place to advertise support for a particular address space. When I hear people talk about how everyone was dumb and they could have did it different in a more compatible way what I never hear is an operationally viable plan of action.
It is ALWAYS some tired old NAT/tunneling/overlay scheme which fails to provide the same reliability and capability as IPv4 and for which insufficient address space likely remained to properly implement.
Now there IS no shortage of IPv4# any more, since the invention of NAT. The only reason for IPv6 now is total traceability
As a user I want to be able to directly communicate with others without my communications being mediated by a centralized server owned by corporate stalkers and governments. NAT makes this very difficult to achieve.
There is a certain logic in hiding behind a single IP and thinking this does something for your privacy. In some ways it's true. In most ways that matter it's an illusion.
Most CGN implementations use a port mapping structure in which each user is allocated a logged predictable fixed subset of ephemeral ports. Source port can be logged by any server you visit and used to uniquely ID you vs. others using the same address even though everyone is behind a NAT with the same public IP.
Obviously the gambit at all layers of the stack from exploitation of DNS caches, TLS resumption, browser fingerprints, cookies and sessions applies to Internet users especially web users.
So for me given the choice in terms of freedom and privacy I chose IPv6. I can use privacy addresses if I want to thwart correlation within my network. Having a reasonable chance of directly communicating with peers is worth way more to me in terms of capabilities, freedom and privacy.
and the ability to directly address any device... something most users do not want.
What your saying is not only wrong but completely backwards. IPv6 is SAFER than IPv4.
The reality is there are no consumer IPv6 capable routers that don't do SPI by default. IPv6 SPI affords users more secure than IPv4 NAT due to absence of ALG and associated packet mangling codes.
They tested IPv6 service about 7 years ago, but took away my IPv6 routers at the end of the trial period. All I have left are my static IPv4 addresses.
All static IPv4 Comcast customers get at least a static/56 allocation whether you know about it or use it or not. Check your Comcast business account portal. Assigned IPv6 network will be listed there.
We haven't "run out" of IPV4 addresses. Not even remotely so.
A good comparison would be land. There was a time, even within the last 50 years -- where one could (for example) 'stake out' land in Canada. You'd head to unclaimed land, put up your fences, work it and use it -- and in 5 (or 10? it's been a long time since I read up on this), the land would officially be yours.
This is closer to IPV4 realities, than not.
Why?
If you think IP addresses should be treated as a limited resource and priced by the market accordingly then of course you're right. Chances are YOU can afford to have an IP address. Therefore they are not scarce for you.
Yet from a global perspective there are more Internet users coming online than publically routable IPv4 addresses. Basic math would seem to indicate there are not enough addresses to go around.
If we had really "run out", I would have to WAIT to connect to the internet. Or, I'd be stuck behind a NAT device (I'm not),
Good for you. Population of Internet users will soon be a much much higher number than publically routable IPv4 addresses. Others are today not so lucky and this problem only grows worse with time.
Even if you assume all server infrastructure has no IP addresses allocated to it and 100% efficient distribution of IPv4 to end users only there are still NOT ENOUGH IPv4 addresses for everyone.
I bet in 2050, we'll still primarily be IPV4.
I bet IPv4 at least in terms of public Internet is shut down in its entirety by 2050.
Slashdot Mirror
WPA3 is resistant to dictionary attacks. The Wi-Fi Alliance says that WPA3's SAE is resistant to offline dictionary attacks where an attacker tries to guess a Wi-Fi network's password by trying various passwords in a quick succession.
WPA3 uses Dragonfly which was shown to be vulnerable to small subgroups that can be exploited to conduct offline dictionary attack.
https://en.wikipedia.org/wiki/...
RFC 7664 section 4 even provides optional advice for mitigation.
Amazing to see new security protocols out of the gate include crypto known to be flawed.
Linux has good open-source drivers
There is no such thing as a "Linux driver". Linux doesn't have a stable kernel interface nor a binary interface of any kind.
When it comes to embedded, especially with something like an MRI machine, that's somewhat irrelevant since you'll be writing your own drivers anyway.
It's very relevant when your drivers won't work with any other version of Linux kernel due to lack of stable interface.
The article is dismissive of the direction this is heading, but in a world where 99% of the people using a mobile device simply have no ability to manage digital security, you just can't continue to allow people to install something from anywhere.
Of course you can. It's done by creating operating systems not full of swiss cheese escalation vulnerabilities and giving users meaningful access controls that never devolve into take it or leave it demands of software.
Google refuses because it eats into profits of themselves and app developers. God forbid a user is able to feed fake location, address book and phone data into malware they downloaded from Google play store or restrict access to resources... App developers would riot. Owning users is the business model of the everything must be FREE app store market.
As a technical user I absolutely want there to be way more open options where people with technical ability have a lot of freedom as to what they can do, and I'm sure some Android devices will continue to provide that.
Damn straight!! The peasant class doesn't deserve no stinking freedom. They can't handle it. All Hail King Alphabet ruler of all teh Intertubes.
But the world also absolutely needs Apple-level closed off system like the App Store that protects people who cannot protect themselves from remote exploitation and harm.
Good grief, let me know when all the malware in the Google app store is gone. Really perverse aspect of these arguments is the failure to understand app stores themselves are responsible for creating "race to the bottom" market incentive that only fuels development of malware and resulting 0wnage of millions of users.
This is nothing more than being as evil as possible for financial gain while blurting out "SECURITY" as justification for everything. No different than Facebook saying it needs to do cross site tracking of everyone everywhere in order to protect Facebook.
The ONLY problem is proliferation of defective operating system jails and associated access controls.
Especially love CO alarms with numeric readouts showing CO levels. They always show 0 even when the alarm itself detects significant quantities of CO.
Most amazing aspect to me is people have gone to the hospital for persistent CO poisoning while their meters were working AS INTENDED.
Root cause of this behavior is an intense desire to squelch "false" alarms at the cost of leaving the consumer in the dark as to actual CO problems that may exist.
Even outright hazardous levels will typically take several minutes to a half hour to sound the alarm when physically detected all that time.
This was not intended as an excuse for outright defective hardware yet personally I consider all CO "alarms" defective as designed and generally government mandated. If you have CO issues or concerns get yourself a "meter". Anything that is an "alarm" or a "detector" is defective by law in my view.
Better still avoid being a total dipshit and 90% efficient furnaces with _secondary_ heat exchangers. The failure modes of these things are insane.
It's amazing to see eBay taking action against crap it knows doesn't work even though they seem to have no such compunction about proliferation of 100% guaranteed scam items like 1TB USB sticks for $20-$100.
Indeed. It's a great way of finding out what focus groups are good at. Interestingly have you ever seen a focus group, or a beta tester? The kind of people who participate in these events hugely skews the results which is one of the reason why the industry is trying towards telemetry.
Creating a focus group that isn't representative of your customer base is a rather counterproductive endeavor. Play testers are there to find issues not take the place of a focus group.
Laziness is really the point here isn't it? You're too lazy to install a stats package and parse your own access logs.
Not quite. One man's lazy is another man's more cost effective service. It just goes with the whole general global theme of outsourcing or building on the work of others.
A lot of it also has to do with economics. I was at the time doing quick work paid by the hour. Copying and pasting a paragraph of Javascript ultimately was far more effective for the client than paying to screw around with stats packages and setting up specific targeted telemetry. The client's users be damned.
All I'm hearing in these remarks are justifications for laziness. An attempt to externalize your costs without regard for consequences simply because it is easier for YOU.
Well guess what the free ride is nearing an end. Privacy legislation and consumer awareness is increasingly piling up against you. With each day that passes value of Google analytics decreases as percentage of users with privacy filters preventing Google analytics from functioning increase.
The reality is reduced effort justification isn't really even true unless you're a newbie or just have one customer. Stats packages are relatively trivial to install and configure especially as a standard feature of websites. Many of them support multi-site configurations and several hosting panels wire them up automatically without any intervention when creating a new site.
The problem is those "others" who provide you a service have it in their best interest for their service to be as flexible as humanly possible with no regard to your scope. You want the logs? We'll get you the logs. Incidentally we'll also get you the kitchen sink, and details of how often your users actually do the dishes in their sinks? Didn't want it? Well we got that info anyway.
Stop purchasing solutions which are not scalable and the "problem" will solve itself.
You could have saved a lot of typing if you only realised no one is talking about incoming connections.
Whoooooooooosssshhhhh
Cache-Control: no-cache
Pragma: no-cache
Access-Control-Allow-Origin: *
The Allow-Origin header allows any malicious website you happen to visit to use xmlhttprequest to fuck with and steal information directly from your device with impunity. This is absolutely insane.
This is nuts. What the heck were they thinking?
Telemetry: I think as developer I need to gather this metric to make sure I didn't make this level to difficult and deter users in the future.
This is what focus groups and play testing are for.
I remember installing Google analytics a few years ago to find out some information about a new page we added to a customer's website. We had our suspicions that the customers weren't seeing it. I was not at all interested in the intricate details of every browser, screen resolution, operating system, how long they stayed, and what they clicked it. It was all given to me anyway.
Laziness is really the point here isn't it? You're too lazy to install a stats package and parse your own access logs. People can't be bothered to take the time to understand their users so they hide "telemetry" without regard for customers wishes and consequences.
Right, because Christianity and Judaism have been so toxic that cultures that live consistent with Judaeo-Christian norms have failed miserably.
The only difference of import between Islam and Christianity is the REPETITIVE nature of being a practicing Muslim.
Religion at low levels is a manageable annoyance. Religion of people who organize their life around it is how you get ISIS and heaven's gate.
Religion is not cancer. You could argue that people can be peaceful, intellectual, and also without religion. I'd like to see an example of such a culture. Best we see of that is a culture that replaces worship of a god or gods with worship of a leader or of government.
Religion is absolutely a cancer. Too many have leveraged religion for their own aims granting themselves legitimacy that would otherwise be denied to them without it. Religion is a dangerous vehicle of control (yet far from the only one) the world is far better off without.
The only difference between Christianity and Islam is the volume level. It isn't the content of the religion. All of the Abrahamic religions reflect cave dwelling sensibilities of their times.
Perhaps someday Islam will evolve into a religion that is not bent on suicide.
The only evolutionary path for religion is the extent to which underlying theology is ignored by its adherents.
In the early 20th century, human living conditions, including improvements in sanitation, hygiene, and dietary needs being met likely all contributed to a net rise in human cogitative performance, however atmospheric CO2 levels have also been steadily rising in that time.
So yeah. Probably CO2 level rise has caught up to the benefits of improved standards of living.
These studies are short term experiments addressing the question of immediate effect of change in CO2 exposure in office settings. They do not even attempt to address questions of acclimation over much larger time scales.
For all these studies are designed to show baseline CO2 concentrations may well be irrelevant under a reasonable limit.
If you used to judge the content of the study by who wrote it, you were never interested in "science" anyway. Science was always done by some random dude. That doesn't make it any more or less right.
In a world with infinite time and infinite resources perhaps. In the real world integrity or lack thereof of those involved with paper is a necessary signal as to whether it is even in ones interests to waste limited time and resources with it.
If people are systematically fucking up go ahead and expect it not to have consequences if you so desire. It's not the way the world actually works and for good reason.
Dude... Do you REMEMBER what PC gaming was like before Steam?
You had to have the CD in your computer to play. People started putting in multiple CD-ROM drives so that folks could easily play different games. That's not so bad...
Steam was (and continues to be) successful, because it turned the adversarial relationship between player and publisher into a much more cooperative one. It's not some grand conspiracy. It took a terrible user experience and turned it into something that was organized, didn't install rootkits, let people have all their games at their fingertips, works across platforms, and has ensured that if I have anything resembling a modern computer, I can play almost anything I've ever purchased. Oh, and there's not monthly fee for anything.
Justifying unacceptable behavior by invoking even more unacceptable behavior is priceless.
Steam pretty much has a distribution monopoly on PC video games. There are niche services like Origin or Uplay but they mainly just distribute their own games. Or GOG for DRM-free stuff but only a fraction of games is available there.
If it isn't on GOG or available for sale DRM free it might as well not exist.
You don't have an automatic right to have a software company support massively outdated OS feature sets that was end of life a decade ago.
So long as they first turn off any DRM that would prevent software you already own and purchased from continuing to function you would have a point.
Otherwise if you purchased a perpetual license to something the store you bought it from doesn't have an "automatic right" to recall the item from your home because your house is too old.
Perhaps they granted themselves that right and the right to your first born and the right for you to give them a million dollars on command because they wrote something to that effect in a legal document. Any such provision is clearly unconscionable.
MS forums are a rather comical example of the dangers of "playing to the metric". I suspect most would be better served if they were shut down in their entirety and all traces purged from search engines.
There are much better alternatives for crowd sourced support.
If allowed, the flip to IPv6 will occur as soon as the price delta on this demand can pay for it, or make it worthwhile.
In functioning market based systems if you can foresee increased demand or a looming shortage you don't just wait passively by doing nothing until problem hits before reacting. Nobody concerned has any desire at all to be subject to negative consequences of reasonably avoidable problems.
This is simply not the way people who conduct business and still expect to remain relevant behave.
Typical ipv6 goon, patronizing. Yah, that's going to work. News for you: ipv6 mafia are the clowns. Not just my opinion.
Don't shoot the messenger. It's what content wanted. Google counts milliseconds of latency in terms of millions of dollars in lost revenue.
To them it is either native IPv6 with similar reliability and capability or IPv4. They are not interested in losing money on tunneled overlay schemes. This reality is something many "IPv6 goons" had no appreciation for. Goons only cared about clever ways to get everyone IPv6 with duck tape and bailing wire if need be as soon and as fast as possible. The "goons" were laughed out of the room by big content.
The financial services industry will NOT use IPv6 because multicast doesn't work properly on switches, there is no good way to filter unwanted traffic.
It's called RA Guard.
That and not making the slightest attempt at backward compatibility.
Are you joking? There have been countless RFCs dealing with compatibility from every which way. How many more do we need?
https://en.wikipedia.org/wiki/...
IPv6 day was the grownups sending a pretty clear message that clowning around with transition schemes were no longer appreciated. They demand a production quality IPv6 network at least as capable and reliable as IPv4.
This means all of these crummy tunneling overlays ended up being unused, unappreciated and ultimately rather pointless.
Like those guys lived in an ivory tower or something.
Ivory towers full of pigeon poop I bet. At least they appreciate the pigeonhole principle.
I know I'll get burned for saying this but IPv6 fails the scratch and sniff test. I've grown up around the IPv4 dilemma yet no-one I know that I worked with (contractor worked at 30+ different businesses) ever seemed to fully grasp IPv6.
Workers don't get it, vendors don't get it, network providers don't get it, telcos don't even seem to get it. Based on the fact that we've been at this for 15years+ and it still hasn't gained any traction it's time to call it a failure and move on.
IPv6 in all ways that matter is the same as IPv4 with 96 more bits of address space.
Corporations hold onto NAT for reasons that are real, not imagined, and not easily overcome by smoothly worded IPv6 talking points.
NAT is a security risk.
It seems that the IPv6 designers used the kitchen sink approach and tried to solve multiple (actual, potential, and far-future) problems at the same time rather than the single, simpler problem of the IPv4 address-space exhaustion and that approach made IPv6 a complex mess that's difficult to easily understand. If they had done something simpler, everyone would have switched over by now. IPv6 is another case of smart people doing dumb things - specifically, not thinking things through enough by thinking things through too much.
The only part of IPv6 that matters is the address space. The rest is noise.
Personally I think 128-bits was a great decision. Not only did it give everyone more room than they'll ever need it also thwarts low effort global scanning and exploitation campaigns. I even like SLAAC for as dumb as it is since it kind of nudges providers not to skimp out and take more of the address space for themselves.
Also going with a completely separate address space rather than mapping across was a very smart move due to pigeonhole principal, network reliability and not inheriting scarcity driven route disaggregation.
Operationally it doesn't matter how much IPv4 and IPv6 peers can communicate with each other. What really matters is reliability. The door was forever closed on address space expansion the moment ink dried on IPv4's fixed address space. There was nothing that IPv6 could do. No matter what you would by necessity be required to expand address space in an incompatible manner.
The naming service in my view is the proper place to advertise support for a particular address space. When I hear people talk about how everyone was dumb and they could have did it different in a more compatible way what I never hear is an operationally viable plan of action.
It is ALWAYS some tired old NAT/tunneling/overlay scheme which fails to provide the same reliability and capability as IPv4 and for which insufficient address space likely remained to properly implement.
Now there IS no shortage of IPv4# any more, since the invention of NAT. The only reason for IPv6 now is total traceability
As a user I want to be able to directly communicate with others without my communications being mediated by a centralized server owned by corporate stalkers and governments. NAT makes this very difficult to achieve.
There is a certain logic in hiding behind a single IP and thinking this does something for your privacy. In some ways it's true. In most ways that matter it's an illusion.
Most CGN implementations use a port mapping structure in which each user is allocated a logged predictable fixed subset of ephemeral ports. Source port can be logged by any server you visit and used to uniquely ID you vs. others using the same address even though everyone is behind a NAT with the same public IP.
Obviously the gambit at all layers of the stack from exploitation of DNS caches, TLS resumption, browser fingerprints, cookies and sessions applies to Internet users especially web users.
So for me given the choice in terms of freedom and privacy I chose IPv6. I can use privacy addresses if I want to thwart correlation within my network. Having a reasonable chance of directly communicating with peers is worth way more to me in terms of capabilities, freedom and privacy.
and the ability to directly address any device... something most users do not want.
What your saying is not only wrong but completely backwards. IPv6 is SAFER than IPv4.
The reality is there are no consumer IPv6 capable routers that don't do SPI by default. IPv6 SPI affords users more secure than IPv4 NAT due to absence of ALG and associated packet mangling codes.
They tested IPv6 service about 7 years ago, but took away my IPv6 routers at the end of the trial period. All I have left are my static IPv4 addresses.
All static IPv4 Comcast customers get at least a static /56 allocation whether you know about it or use it or not. Check your Comcast business account portal. Assigned IPv6 network will be listed there.
We haven't "run out" of IPV4 addresses. Not even remotely so.
A good comparison would be land. There was a time, even within the last 50 years -- where one could (for example) 'stake out' land in Canada. You'd head to unclaimed land, put up your fences, work it and use it -- and in 5 (or 10? it's been a long time since I read up on this), the land would officially be yours.
This is closer to IPV4 realities, than not.
Why?
If you think IP addresses should be treated as a limited resource and priced by the market accordingly then of course you're right. Chances are YOU can afford to have an IP address. Therefore they are not scarce for you.
Yet from a global perspective there are more Internet users coming online than publically routable IPv4 addresses. Basic math would seem to indicate there are not enough addresses to go around.
If we had really "run out", I would have to WAIT to connect to the internet. Or, I'd be stuck behind a NAT device (I'm not),
Good for you. Population of Internet users will soon be a much much higher number than publically routable IPv4 addresses. Others are today not so lucky and this problem only grows worse with time.
Even if you assume all server infrastructure has no IP addresses allocated to it and 100% efficient distribution of IPv4 to end users only there are still NOT ENOUGH IPv4 addresses for everyone.
I bet in 2050, we'll still primarily be IPV4.
I bet IPv4 at least in terms of public Internet is shut down in its entirety by 2050.