907
top 50 comments
sorted by: hot top controversial new old
[-] frezik 215 points 3 weeks ago

I know it's a joke, but the idea that NAT has any business existing makes me angry. It's a hack that causes real headaches for network admins and protocol design. The effects are mostly hidden from end users because those two groups have twisted things in knots to make sure end users don't notice too much. The Internet is more centralized and controlled because of it.

No, it is not a security feature. That's a laughable claim that shows you shouldn't be allowed near a firewall.

Fortunately, Google reports that IPv6 adoption is close to cracking 50%.

[-] truthfultemporarily@feddit.org 102 points 3 weeks ago

I think NAT is one reason why the internet is so centralized. If everyone had a static IP you could do all sorts of decentralized cool stuff.

[-] frezik 73 points 3 weeks ago

Right, not the only reason, but it's a sticking point.

You shouldn't need to connect to your smart thermostat by using the company's servers as an intermediary. That makes the whole thing slower, less reliable, and a point for the company to sell your personal data (that last one being the ultimate reason why it's done this way).

[-] Creat@discuss.tchncs.de 43 points 3 weeks ago

Everyone having a static IP is a privacy nightmare.

There's a reason the recommendation in the standard for ipv6 had to be amended (it whatever the mechanic was) so that generated local suffixes aren't static. Before that, we were essentially globally identifiable because just the second half of your v6 address was static.

[-] frezik 26 points 3 weeks ago

IPv4 centralization creates far more privacy issues than everyone having a static IP. The solutions are still things like VPNs and onion routing.

load more comments (3 replies)
load more comments (1 replies)
load more comments (15 replies)
[-] Tiger_Man_ 60 points 3 weeks ago

I hope nat burns in hell when ipv6 will become standard

[-] Opisek@lemmy.world 28 points 3 weeks ago
[-] cornshark@lemmy.world 14 points 3 weeks ago

It's the year of the ipv6 server

load more comments (18 replies)
[-] domi@lemmy.secnd.me 58 points 3 weeks ago

My favorite thing to use IPv6 for is to use the privacy extension to get around IP blocks on YouTube when using alternative front ends. Blocked by Google on my laptop? No problem, let me just get another one of my 4,722,366,482,869,645,213,696 IP addresses.

I have a separate subnet which is IPv6 only and rotates through IP addresses every hour or so just for Indivious, Freetube and PipePipe.

[-] drmoose@lemmy.world 23 points 3 weeks ago

This is exactly why ipv6 was never widely adopted. There's too much power in a limited IP pool.

load more comments (3 replies)
[-] qaz@lemmy.world 15 points 3 weeks ago

Could you link the privacy extension in question I haven't heard of it

[-] kieron115@startrek.website 28 points 3 weeks ago* (last edited 3 weeks ago)

it's not a browser extension, its a SLAAC thing https://www.internetsociety.org/resources/deploy360/2014/privacy-extensions-for-ipv6-slaac.

TL;DR is that SLAAC used to use part of your device MAC to form it's IP, which would be trackable/fingerprintable. Now devices just pick the last 48-bits at complete random on the assumption that no other device is going to have that specific address out of the 4 quintilion available addresses.

edit the RFC https://datatracker.ietf.org/doc/html/rfc4941

load more comments (1 replies)
load more comments (1 replies)
load more comments (3 replies)
[-] Blaster_M@lemmy.world 56 points 3 weeks ago* (last edited 3 weeks ago)

Skill issue

IPv6 is easy to do.

2000::/3 is the internet range

fc00::/7 is the private network range (for non routing v6)

fe80::/64 is link local (like apipa but it never changes)

::1/128 is loopback

/64 is the smallest network allocation, and you still have 64 bits left for devices.

You don't need NAT when you can just do firewalling - default drop new connections on inbound wan and allow established, related on outbound wan like any IPv4 firewall does.

Use DHCPv6 and Prefix Delegation (DHCPv6-PD) to get your subnets and addresses (ask for a /60 on the wan to get 16 subnets).

Hook up to your printer using ipv6 link local address - that address never changes on its own, and now you don't have to play the static ip game to connect to it after changing your router or net config.

The real holdup is ISPs getting ultra cheap routers that use stupid network allocation systems (AT&T) that are incompat with the elegant simplicity of prefix delegation and dhcp.

load more comments (1 replies)
[-] NuXCOM_90Percent@lemmy.zip 54 points 3 weeks ago

In my personal life I will probably "never" intentionally use ipv6.

But it is a DAMNED good sniff test to figure out if an IT/NT team is too dumb to live BEFORE they break your entire infrastructure. If they insist that the single most important thing is to turn it off on every machine? They better have a real good reason other than "it's hard"

[-] nightwatch_admin@feddit.nl 25 points 3 weeks ago

It’s vulnerable af. And I mean really, it’s as bad as Netscalers or Fortigate shit. Like https://www.bleepingcomputer.com/news/security/hackers-abuse-ipv6-networking-feature-to-hijack-software-updates/ or https://www.bleepingcomputer.com/news/security/hackers-abuse-ipv6-networking-feature-to-hijack-software-updates/

Problem is, yes it’s hard to implement but it’s even a lot harder to get it properly secured. Especially because few people are using it, and not securing it is worse than disabling it.

[-] lena@gregtech.eu 29 points 3 weeks ago

Just a heads up, you linked to the same article twice

[-] Fuck_u_spez_@sh.itjust.works 33 points 3 weeks ago

Clipboards are also hard

load more comments (1 replies)
[-] NuXCOM_90Percent@lemmy.zip 22 points 3 weeks ago

And I would consider a detailed argument on why it is more secure to disable it to be a good reason.

Personally? I consider an IT team who don't know how to secure an ipv6 enabled network to not be competent. But that is a different conversation.

load more comments (3 replies)
load more comments (1 replies)
load more comments (4 replies)
[-] nonentity@sh.itjust.works 48 points 3 weeks ago

The reason IPv6 was originally added to the DOCSIS specs, over 20 years ago, is because Comcast literally exhausted all RFC1918 addresses on their modem management networks.

My favourite feature of IPv6 is networks, and hosts therein, can have multiple prefixes and addresses as a core function. I use it to expose local functions on only ULA addresses, but provide locked down public access when and where needed. Access separation is handled at the IP stack, with IPv4 it’s expected to be handled by a firewall or equivalent.

[-] Bytemeister@lemmy.world 30 points 3 weeks ago

My favorite feature of IPv6 is that there are so many addresses available. Every single IPv4 address right now could have its own entire IPv4 range of addresses in IPv6. It's mind-boggling huge.

[-] gnuplusmatt@reddthat.com 18 points 3 weeks ago* (last edited 3 weeks ago)

you could assign every square meter of the planet an ip and use it for location, and still have addresses left over

load more comments (2 replies)
load more comments (3 replies)
[-] thejml@sh.itjust.works 42 points 3 weeks ago

I use IPv6 every day and everywhere I can. It solves so many issues in large corporate and ISP network setups. And yes 10. Wasn’t big enough, and NATing is a PitA.

Honestly we just keep pushing it off when it’s not that bad. Workaround after workaround just because people are lazy.

load more comments (6 replies)
[-] socsa@piefed.social 35 points 3 weeks ago

Meh, the idea of having every address be globally routable makes a lot of sense. NAT is a great bandaid but it's still a bandaid. It still limits how peer to peer and multicast applications function, especially on larger networks.

[-] Korhaka@sopuli.xyz 16 points 3 weeks ago* (last edited 3 weeks ago)

NAT444 is shit. I can't even host a web server without routing it through a VPN, and my ISP can't work out how to provide an IPv6 addresses yet. Give it to me and I will work out how to use it.

Slight update - Just looked and apparently they had a goal of rolling out IPv6 addresses to all customers by earlier this year. I'll check my router config tomorrow and who knows. Maybe I will be able to get one now? Would be pretty sweet.

load more comments (2 replies)
[-] LaLuzDelSol@lemmy.world 32 points 3 weeks ago* (last edited 3 weeks ago)

Just my perspective as a controls (SCADA engineer):

I work for a large power company. We have close to 100 sites, each with hundreds of IP devices, and have never had a problem with ipv4. Especially when im out in the field I love being able to check IPs, calculate gateways, etc at a glance. Ipv6 is just completely freaking unreadable.

I see the value of outward-facing ipv6 devices (i.e. devices on the internet), considering we are out of ipv4s. But I don't see why we have to convert private networks to ipv6. Put more bluntly: at least industry, it just isn't gonna happen for decades (if it ever does). Unless you need more IPs it's just worse to work with. And there's a huge amount of inertia- got one singular device that doesn't talk ipv6 at a given generation site? What are you supposed to do?

load more comments (11 replies)
[-] eah@programming.dev 30 points 3 weeks ago
load more comments (1 replies)
[-] blackstrat@lemmy.fwgx.uk 28 points 3 weeks ago

Ipv6 is broken for those that want control over their home networks thanks to Google and terribly written RFCs.

All that was needed was an extra byte or two of address space, but no, some high and mighty evangelicals in their ivory towers built something that few people understand 30 years later. Their die hard fans are sure that this will be the year of ipv6. The Year of Linux on the Desktop will come 10 years before the year of ipv6.

load more comments (9 replies)
[-] MissingGhost@lemmy.ml 25 points 3 weeks ago

I'm surprised by the comments here. I use 90% IPv6. For me v4 is only present for retro compatibility. The transition was hard however.

[-] sudo@lemmy.today 19 points 3 weeks ago

Was?

It's still in progress..

[-] VonReposti@feddit.dk 17 points 3 weeks ago

In progress?

I can't even get an IPv6 address, even if I wanted to pay an obscene amount for a business tier.

load more comments (1 replies)
load more comments (1 replies)
[-] ExLisper@lemmy.curiana.net 24 points 3 weeks ago
[-] SteveTech@programming.dev 21 points 3 weeks ago

Fun fact: IP version 5 is actually reserved for the Internet Streaming Protocol.

[-] Voyajer@lemmy.world 22 points 3 weeks ago

CGNATs suck ass though, I had to buy a vps just to access my own network outside my home.

load more comments (4 replies)
[-] FiskFisk33@startrek.website 19 points 3 weeks ago

fun fact, the RFC introducing NAT calls it a "short-term solution"

https://www.rfc-editor.org/rfc/rfc1631

load more comments (1 replies)
[-] BootLoop@sh.itjust.works 18 points 3 weeks ago

I have never started using ipv6 so I'm in the clear here

[-] 2910000@lemmy.world 18 points 3 weeks ago

I love the flat earther energy in this

[-] marine_mustang@sh.itjust.works 17 points 3 weeks ago

C’mon, IPv4 has so many problems. Sure, let’s reserve a whole /8 for a single loopback address, that’s efficient. 🙄

[-] TheFogan@programming.dev 19 points 3 weeks ago

Well of course, how else would you trick script kiddies that figured out when they DDOSed 127.0.0.1 and learned what a loop back was, and get them again in a few weeks with "ok ok my real address is 127.34.21.2"

load more comments (4 replies)
[-] DarkSideOfTheMoon@lemmy.world 16 points 3 weeks ago

Also for home network I don’t won’t my IOT to have a real IP to the Internet. Using IPv4 NAT you can have a bit of safety by obscurity

load more comments (7 replies)
load more comments
view more: next ›
this post was submitted on 01 Aug 2025
907 points (100.0% liked)

Programmer Humor

25900 readers
630 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS