Domi

Yes, because Docker becomes significantly more powerful once every container has a different publicly addressable IP.

Altough IPv6 support in Docker is still lacking in some areas right now, so add that to the long list of IPv6 migration todos.

There is this notion that IPv6 exposes any host directly to the internet, which is not correct. When the client IP is attacked “directly” the attacker still talks to the router responsible for your network first and foremost.

While a misconfiguration on the router is possible, the same is possible on IPv4. In fact, it’s even a “feature” in many consumer routers called “DMZ host”, which exposes all ports to a single host. Which is obviously a security nightmare in both IPv4 and IPv6.

Just as CGNAT is a thing on IPv4, you can have as many firewalls behind one another as you want. Just because the target IP always is the same does not mean it suddenly is less secure than if the IP gets “NATted” 4 times between routers. It actually makes errors more likely because diagnosing and configuring is much harder in that environment.

Unless you’re aggressively rotating through your v6 address space, you’ve now given advertisers and data brokers a pretty accurate unique identifier of you. A much more prevalent “attack” vector.

That is what the privacy extension was created for, with it enabled it rotates IP addresses pretty regularily, there are much better ways to keep track of users than their IP addresses. Many implementations of the privacy extension still have lots of issues with times that are too long or with it not even enabled by default.

Hopefully that will get better when IPv6 becomes the default after the heat death of the universe.

Will take a look at the talk once I get time, thanks. If you can find the original one you were talking about, please link.

For servers, there is some truth that the address space does not provide much benefit since the addressing of them is predictable most of the time.

However, it is a huge win in security for private internet. Thanks to the privacy extension, those IPs are not just generated completely random, they also rotate regularily.

It should not be the sole source of security but it definitely adds to it if done right.

With NAT on IPv4 I set up port forwarding at my router. Where would I set up the IPv6 equivalent?

The same thing, except for the router translating 123.123.123.123 to 192.168.0.250 it will directly route abcd:abcd::beef to abcd:abcd::beef.

Assuming you have multiple hosts in your IPv6 network you can simply add “port forwardings” for each of them. Which is another advantage for IPv6, you can port forward the same port multiple times for each of your hosts.

I guess assumptions I have at the moment are that my router is a designated appliance for networking concerns and doing all the config there makes sense, and secondly any client device to be possibly misconfigured. Or worse, it was properly configured by me but then the OS vendor pushed an update and now it’s misconfigured again.

That still holds true, the router/firewall has absolute control over what goes in and out of the network on which ports and for which hosts. I would never expose a client directly to the internet, doesn’t matter if IPv4 or IPv6. Even servers are not directly exposed, they still go through firewalls.

Anything connected to an untrusted network should have a firewall, doesn’t matter if it’s IPv4 or IPv6.

There’s functionally no difference between NAT on IPv4 or directly allowing ports on IPv6, they both are deny by default and require explicit forwarding. Subnetting is also still a thing on IPv6.

If anything, IPv6 is more secure because it’s impossible to do a full network scan. My ISP assigned 4,722,366,482,869,645,213,696 addresses just to me. Good luck finding the used ones.

With IPv4 if you spin up a new service on a common port it usually gets detected within 24h nowadays.

This seems like common sense, no?

Hindsight is 20/20. As seen in the post, there’s not that many APIs that don’t just blindly redirect HTTP to HTTPS since it’s sort of the default web server behaviour nowadays.

Probably a non-issue in most cases since the URLs are usually set by developers but of course mistakes happen and it absolutely makes sense to not redirect HTTP for APIs and even invalidate any token used over HTTP.

OP didn’t ask for unpopular languages but for languages you want to be more popular.

I also want C# to be more popular, it’s a fantastic language.

I mainly use it instead of googling and skimming articles to get information quickly and allow follow up questions.

I do use it for boring refactoring stuff though.

Those are also the main uses cases I use it for.

Really good for getting a quick overview over a new topic and also really good at proposing different solutions/algorithms for issues when you describe the issue.

Doesn’t always respond correctly but at least gives you the terminology you need to follow up with a web search.

Also very good for generating boilerplate code. Like here’s a sample JSON, generate the corresponding C# classes for use with System.Text.Json.JsonSerializer.

Hopefully the hardware requirements will come down as the technology gets more mature or hardware gets faster so you can run your own “coding assistant” on your development machine.

That depends, we have quite a few images that are just a single shell script or a collection of shell scripts which run as jobs or cronjobs. Most of them are used for management tasks like cleaning up, moving stuff or debugging.

Has the big advantage of being identical on each node so you don’t have to worry about keeping those shell scripts up to date with volumes. Very easy to just deploy a job with a debug image on every node to quickly check something in a cluster.

Of course, if the shell script “belongs” to an application you might as well add the shell script in the application container and override the start arguments.

Environments like Kubernetes only run containers so you would deploy any shell script with containers as well.

I prefer to do things properly once rather than do it again every day.

For example, I have an automation that I can trigger from my phone with a single button that does all these things:

• Lowers all my blinds in the living room
• Turns on all lights in the living room and dims them a little bit
• Powers up the smart plugs for my projector, receiver and player(s)
• Sets the correct volume and source on the receiver
• Starts playing random music in my living room

The alternative would be to do each of these steps manually, every day I get home. I’m lazy, probably wouldn’t do it all or just leave stuff running.

IoT devices (the non-shitty ones that don’t connect to the internet) become useful together when they are automated.

HDR is an issue. It just doesn’t seem to work right. Media players do all kinds of weird stuff. I’ve seen six screencaps from six media players taking snapshots of the same file, and they all had their colours wrong in different ways on Linux. VLC managed to get the colours right, but then lacked some other features. The Linux version of his previous media player uses different codecs on Linux so it suffers from the same problem.

Not surprising, there’s zero HDR support on Linux desktop as of right now. You either need a player that can tonemap from HDR to SDR or you need to run your entire desktop through gamescope (which is what Steam Deck is doing).

However, KDE Plasma 6 releases next month and it’s the first desktop environment to come with rudimentary HDR support. So things are evolving in that area.

If you’re still interested in finishing it:

Besides the tip given by someone else there’s also a mod for PC that makes the scary parts significantly less scary: https://outerwildsmods.com/mods/eotebrighterdreams

Did you try Sunshine and Moonlight? A little rough around the edges but the most reliable solution that I ever used. Also has the lowest latency out of the ones I tested.

https://github.com/LizardByte/Sunshine https://moonlight-stream.org/

Tesla wasn’t alone in the push. Nissan’s Leaf was very popular but Tesla made it cool. Cool, as long as you cold afford it,

The Leaf came both after the initial Roadster launch and the initial funding by Musk. They definitely helped but the main push was the Model S and 3.

but dieselgate and climate change are what made EVs a necessity today.

Do you really believe anyone gave a damn about dieselgate or gives a damn about climate change now? You gave them money by buying a ID.3, did the dieselgate situation influence your decision at all?

maybe do some reading first before launching a defense?

My comment is in reference to a single sentence. Neither am I defending anyone, simply correcting a wrong statement. If you do not think the statement is wrong, that is fine but don’t tell me to do some reading while ignoring the context of the comment chain.

So what?

None of what you said is wrong but none of it concerns the original statement that everyone knew things were headed towards electric cars.

Nobody knew, nobody would have invested, but Musk tried anyway. One can be a massive asshole and sometimes right at the same time.

Your ID.3 is the product of the push Tesla gave the industry at a point in time where nobody gave a shit about electric cars. Who knows much much longer things would have taken without that push.

Anyone could tell the wind was blowing towards electric cars.

Not to defend Musk but that is simply not true. Everyone was saying electric cars will never work. Just 6 years ago the Volkswagen CEO made fun of Tesla and now they are still playing the catch up game.

https://youtu.be/wSklSKRkIpk (english subtitles available)

Did you try time-loop games yet? Outer Wilds is fantastic. Majora’s Mask, The Forgotten City and The Sexy Brutale are also pretty cool.

Thanks for the detailed response, both DLCs are like 12 bucks now so I added them to cart. :)

Are the DLC any good? I wanted to do more ripping and tearing but the ratings on Steam are pretty bad.