TuxPowered's comments

TuxPowered · 2026-03-19T22:31:44 1773959504

> not fully compatible with OpenBSD one

The OpenBSD NAT and scrub syntax, and af-to are available in FreeBSD 15.

TuxPowered · 2026-03-15T12:03:04 1773576184

Even with IPv6 you still might have stateful firewalls allowing only for outbound connection at both ends (e.g. a CPE a.k.a. “WiFi router”) and to establish communication you’d need to punch a hole in those firewalls.

brewmarche · 2026-03-15T15:33:10 1773588790

That’s true we won’t get rid of hole-punching with IPv6. But at least it will get rid of TURN.

gzread · 2026-03-15T17:14:30 1773594870

The hole punching is so much simpler because you don't need to guess your own address and port - you just know it

brewmarche · 2026-03-16T16:02:54 1773676974

IPv6 still allows proper NAT (prefix translation), but even then finding your global address wouldn’t need TURN, just STUN, actually not even that, just a service like “What’s My IP.”

gzread · 2026-03-16T16:47:02 1773679622

It does allow it in the sense that it's possible, and even useful in some scenarios, but then you're on a weird experimental network and not a normal one.

brewmarche · 2026-03-16T17:45:43 1773683143

Yes, you are right, quite literally, as RFC 6296 is marked ‘experimental.’

ranger_danger · 2026-03-16T01:52:48 1773625968

Doesn't that assume that your machine is given its own world-routable (and unfiltered) v6 address?

gzread · 2026-03-16T02:25:19 1773627919

That's how it works in ipv6. If your network doesn't give you an address, it's broken. We do not assume unfiltered since we are talking about hole punching.

majorchord · 2026-03-16T01:54:46 1773626086

How will it get rid of TURN? Can't IPv6 addresses still be firewalled by your carrier like they do already for IPv4?

brewmarche · 2026-03-16T16:01:28 1773676888

I thought TURN was for symmetrical PAT, not for proper NAT (which just needs STUN for address determination) or full/restricted cone PATs (which need STUN for address and port determination, and then, in case of restricted cone, performs a hole punch).

Standard-conforming IPv6 at most allows prefix translation (i.e., proper NAT, not PAT), which wouldn’t need it.

TuxPowered · 2026-03-10T13:27:51 1773149271

> just like almost all transportation is done today via cars instead of horses.

That sounds very Usanian. In the meantime transportation in around me is done on foot, bicycle, bus, tram, metro, train and cars. There are good use cases for each method including the car. If you really want to use an automotive analogy, then sure, LLMs can be like cars. I've seen cities made for cars instead of humans, and they are a horrible place to live.

Signed, a person who totally gets good results from coding with LLMs. Sometimes, maybe even often.

TuxPowered · 2025-12-11T19:15:05 1765480505

It should always be at 0, because GitHub is unreachable over IPv6, which in 2025 should be considered an incident.

tonymet · 2025-12-11T19:32:25 1765481545

mobile adoption is high, desktop (residential and corporate) is still quite low.

I'm a big advocate for github to add ipv6 support , but let's not pretend it's critical for their business.

kalleboo · 2025-12-12T05:27:14 1765517234

Aren't there serveral hosts now where IPv6 access is included but you have to pay for each attached IPv4? E.g. AWS and Hetzner

tonymet · 2025-12-12T06:04:36 1765519476

pas · 2025-12-12T00:03:37 1765497817

just a few hours ago we found a pretty nice residential desktop use case for proper v6 (with prefix delegation), due to no need for NAT the old router (2013) became less of a bottleneck!

tonymet · 2025-12-12T06:05:48 1765519548

Double check (I mean by remote port scan) that your firewall is working. I’ve seen routers with no IPv6 firewall . And it actually matters

doubled112 · 2025-12-12T00:08:44 1765498124

I haven’t had a residential ISP that provided IPv6 yet.

fragmede · 2025-12-11T20:06:10 1765483570

"yeah but when I turn on ipv6 everything breaks"

TuxPowered · 2025-11-25T16:16:11 1764087371

I did traffic shaping per user for a few hundred users on 1GHz Pentium III on Linux. It can be done just fine.

TuxPowered · 2025-11-07T18:12:37 1762539157

> On what's now almost 10 year old hardware, we could drop 44Mpps of a volumetric DOS attack and still serve our nominal workload with no impact.

Was filtering done with pf, ipfw or some custom firewall?

TuxPowered · 2025-10-22T11:36:54 1761133014

> How do you avoid this

IPv6 of course.

> or is it just not important

Port knocking not a security feature anyway.

TuxPowered · 2025-08-16T11:31:44 1755343904

Making my web resources IPv6-only has solved the problem for me. I don’t consider this a solution for ever, but for now it’s apparently way too modern or complicated for the A-so-called-I companies.

speckx · 2025-08-16T12:19:09 1755346749

In my experience managing a number of IPv6-only sites for clients, they still get crawled and abused, and this goes back years. If anything, it has gotten worse now with all the LLM/AI nonsense.

TuxPowered · 2025-08-02T10:17:57 1754129877

So that’s the only hope to get MRU tab switching in Chrime - get hired at Google?

TuxPowered · 2025-05-13T21:24:14 1747171454

Is this another incarnation of Sofort? Fortunately nobody is forced to used the former nor the later, you can either pay with card or just make your own SEPA transfer from any bank in Europe.

dzhiurgis · 2025-05-13T21:55:13 1747173313

At least in Lithuania the "nobody is forced to used" is partly true. Sometimes in checkout flow you get links to big-5 banks and thats it, even tho technically entire SEPA should be ok.

ssl232 · 2025-05-13T21:35:19 1747172119

Ah yes it was Sofort, not Klarna.