My IPS changes my prefix once in while. I consider this a privacy feature, not a bug.
Now I find myself in a situation that my devices are not reachable anymore as when the IPv6 address changes and both DNS entries and firewall need to be updated each time when the prefix changed (In between connections break, but this might be a lesser problem)
As far as I understand the only solution which does not include some complex scripting of ip change detection and automatically updating the firewall rules is to use NAT66 and ULA. But even then I have a protocol whose most advertised feature is not to rely on NAT and puts mit fast in a situation in need to use NAT. And the privacy extension of every device or the devices using SLAC and not DHCPv6 are problematic.
IPv6 is just not able to steup efficiently for where IP addresses are changing. Not with moving mobile devices, not in wifi environments with multiple access points, not with changing prefixes, not in failover scenarios.
Bottom Line: I disabled IPv6 again here without any intentions to look for complex workarounds. All outbound traffic is now IPv4 again. IPv6 is providing no benefit but causes additional problems over IPv4 due to issues with the design. I am waiting for IPv7 (or whatever will be the next successor of IPv4) will arrive.
Are you talking about reaching the devices from inside the network, or outside?
If inside then you don't need NAT66 and ULA, you just need ULA. Use both ULA and the ISP GUAs on the network, and do your internal connections over ULA. If outside, then NAT66+ULA doesn't help because connections from outside will still fail until you update DNS for the new prefix.
NAT66 doesn't help in either situation, so why do you think you need to use it here?
> automatically updating the firewall rules
You can probably structure your firewall rules to not rely on the prefix, e.g. by doing "connections from WAN to LAN where the address matches ::42/-64" -- you might to write it with a mask instead (::42/::ffff:ffff:ffff:ffff), which looks awful but works fine. There's no point in putting a specific prefix into the rule if you're just going to change it to match the network anyway.
It'll prefer ULAs when connecting to hosts without A records. Programs will use ULAs if you connect to an IP literal, or if connecting to the A records fails. Also, Linux/glibc will prefer ULAs if you have a ULA assigned to the machine, and so will anything using the update to RFC 6724. So "ULA won't be used at all" is definitely not correct.
"IPv6 is the next generation of the Internet Protocol (IP), the successor to IPv4."
This is a misconception. It is not the successor to IPv4, it is an alternative. Maybe the alternative is so good it will eventually make the older extinct, but it does not look like that
Regardless of whatever other things may be better or worse about ipv6, it's still a reality that as we continue connecting more and more devices to the internet eventually ipv4 addresses will become so scarce and valuable that a not-insignificant minority of residential customers will be behind such aggressive CGNAT that the internet will become nearly unusable unless a majority of the services they are using support ipv6.
I agree with you. While I can see some benefits to v6 on the internet, I find v4 to be miles easier and cleaner to work with in a LAN setup. Unfortunately though v6 oversteps on LAN features and makes bridging v4 and v6 way uglier than it should.
Currently my IPS provides IPv6, but I set up my firewall in the access router of my home LAN to block all IPv6 in both directions.
- I don't want to have a permanent global unchanged ipv6 as in id of my traffic.
- IPv6 privacy extensions would change that but then I can not reach my two devices I do want to reach from outside anymore as my access router only supports DynDNS for its own address and no NAT in IPv6
Router has a DynDNS function. I am using a reverse proxy for multiple services, but this only sets up router IP and IPv4 NAT port forwarding to the reverse proxy.
So what would be the correct setup with IPv6 when using privacy extensions?
I don't see any benefit in allowing IPv6 traffic or using IPv6, but a couple of new problems coming up with it.
Privacy extensions are additional addresses that are used by default for outbound connections. You still have the non-privacy address, which doesn't change; put that one into DNS.
This approach prevents outbound connections from leaking the address needed to connect to your servers. On v4, it's likely that any outbound connection from your network gives the server the IP they need to do that.
> My ISP changes the prefix on a regular base (and on request)
I found this was the case (with Telus) until I reconfigured the DHCPv6-PD client on my gateway, mainly to stop it from sending DHCPv6 Release messages and to have it explicitly request the prefix I was previously assigned.
OpenWRT in particular seemed to be built not to save any dhcp client state in non-volatile memory, resulting in a lot of unnecessary address and prefix churn when rebooting the router. I've had the same stable prefix for over a year now, using systemd-networkd with the following configuration (the important parts are SendRelease=no, RequestAddress= and PrefixDelegationHint=; the rest of the options are just insurance):
So you'll never have a permanent unchanging v6 address to ID your traffic with.
Privacy extensions are orthogonal here; they only affect the suffix, not the prefix. As for dealing with a changing prefix... I'm afraid you'll just have to find some way to automate the DNS updates. You can do it with a program running on one of the servers -- I can't suggest a specific one offhand since I have a static prefix and haven't needed it, but they do exist.
Never checked. But it does change once in a while. The router has a dyndns function which updates a DNS entry, but only for the router itself. But this is sufficient for the NAT port forwarding.
Let's say when your ipv6 prefix changes it is almost the same situation. Only that ipv4 bundles all traffic of all devices on one ip which obfuscates a bit.
But having the ipv6 prefix change you get a pile of problems (DNS, firewall), you don't have with ipv4.
The IPv6 prefix changes are disruptive, I agree. My prefix has been stable for a couple years, but on another ISP it would change every few months and was certainly annoying.
Arguably lots of UIs getting worse with every iteration of redesign.
- Windows GUI went downhill from Windows 7 (or even XP) with every release.
- Outlook went from good over fair to annoying so that I finally replaced it as my personal client.
These are not the only examples I could name but they are the most prominent.
I think the main problem is that both technical staff and UX designers both trying to make something "new" or "fancy" which is in most cases the opposite of something usable. E.g. Aero was fancy but it took away that my active window had one signal color header bar and all others were tamed. Now all windows are colorful and yelling at me at the same time. Orientation is gone.
And after that UIs got even more "fancy".
Step 13 ("Nobody's happy but nobody hates it") is the plateau when everybody is to tired to keep on fighting - a compromise, not the state of the GUI reached anything acceptable. It is not fancy enough anymore for developers and UX designers to be proud of but at the same time and is still annoyingly bad for the users.
About Outlook: Are you talking about the Win32 desktop client or the M365 web app? If the desktop client, what has gotten so much worse? And is there a better alternative to the Exchange calendar? I have not seen one in my experience at mega corps.
> Why would smart people care about denim vs. trousers?
Mostly it's about the sponsors. It's much more difficult to get sponsors for an event if the participants are dressed like they slept in their clothes. That's why organizers try to impose minimal standards on dresscodes.
Jeans and sneakers are maybe debatable, but players showed up with cargo pants, shorts or tank tops on other events.
In the FIDE regulation for that event jeans were explicitly mentioned as not allowed. FIDE would have made a fool out of themselves when allowing Magnus to wear the jeans.
Not sure I agree. Chess has moved towards a much younger audience over the last 5 years, and is incredibly popular now. Gets 10s of thousands of viewers on Twitch, for example & there are many players that could be seen as modern day celebrities in their own right.
FIDE needs to embrace the younger generation that think the game is cool. Ancient dress codes are a distraction.
Not only still. It increasingly belongs to old people. Old people have capital, young people salaries. Capital has grown faster than salaries for a while, and ai should make the difference even bigger.
There’s quite a difference between casual clothes and dressing indecently. IMO jeans are fine as long as they’re inconspicuous (such as raggy jeans with holes in them or worn in such a way that the buttocks are showing) for such an event. Swimsuits are for a different type of event where if you’re showing up in trousers they would disqualify you.
Other environments manage more casual dress codes without too much difficulty. I can’t wear a swimsuit to the office but I can wear jeans. No-one seems especially confused about where the line is.
Having never read any formal dress code rules for any office, hospital, or place of worship I've been inside in my life, I've never gotten kicked out for wearing the wrong thing, and I've also never seen someone wearing a swimsuit in any of those places. This isn't some uniquely problem that only chess tournaments have, and it's not nearly as hard to solve as you're making it out to be.
> It's much more difficult to get sponsors for an event if the participants are dressed like they slept in their clothes.
Anyone who considers jeans to look like "clothes someone would sleep in" is immediately dubious in my book. Jeans are so extraordinarily uncomfortable to sleep in that I don't think I've ever intentionally done that in my life.
Many jeans today are not the stiff and sturdy work clothes they used to be. They have the appearance of it, but are actually made of a relatively thin, stretchy fabric that is more comfortable, and much less durable.
It seems rather harder to get sponsors when you can no longer attract the best player in the world to your tournaments. That they made much more of a fool out of themselves by holding "world championships" without attracting the undisputed best player in the world to them.
This looks to me like a case where FIDE got greedy and forgot to balance the talents interests with the sponsors.
> Mostly it's about the sponsors. It's much more difficult to get sponsors for an event if the participants are dressed like they slept in their clothes.
Would be interesting if they can get mattress companies or apparel companies that have good comfy clothes as sponsors. Why not play chess on a firm mattress?
We'll see how easy it gets to get them when Magnus is playing at some parallel tournament, though. Nakamura, for instance, has already made a point about that.
id think the venue more than the sponsors. the media sponsor being the norway public broadcast to specifically put magnus on tv means theyve ticked off at least one sponsor by disqualifying him
Before OOP became popular the usage of global variables was discouraged in procedural languages because it was the cause of many bugs and errors.
In OOP global state variables were renamed to instance variables and are now widely used. The problem why it was discouraged beforehand did not went away by renaming but is now spread all over the place.
Here in Germany you can see how this argument evolves. For the Green party everything which disagrees with their position is declared nowadays rated as "hate speech" because the only conceivable reason for disagreeing with the green is people hate them.
But then you'd have other problems that come with using another paradigm, since there's no silver bullet, and no paradigm that handles all problems better than other paradigms. Probably popular languages tend to be multi-paradigm.
That's not really true. Structured programming completely supplanted the paradigm that predated it. I think it's pretty close to a consensus now that null values are a mistake. Same with manual memory management.
Programming paradigms meaning imperative, functional, logical, OOP, stack-based, array-based, that sort of thing.
Widely used languages like C++, Javascript, Python allow for a mix of those approaches. If one programming paradigm was best, we'd expect languages like Haskell, Prolog or APL to be popular instead.
The contemporary "multi-paradigm" style is influenced by the many paradigms which preceded it, but for all the elements it borrows, there are elements it leaves behind, too. Implementation inheritance is often left out of newer languages (see Rust, Go). I don't think it makes sense to view new langauges and styles as the sum of all preceding paradigms. It's an evolutionary process, rather than accretive. We keep the good bits and discard the rest.
I don't think this is a very reliable test, and it even verges on misleading, as there is a degree of complexity that may lead people who do not have aphantasia to believe that they do have the condition. I think this line of thinking with your "test" has been what has led some people in the comments to say that they believe that the condition may just be a result of miscommunication on what mental visualization entails, since they believe that those who claim to have aphantasia believe that they have the condition due to not meeting a threshold of visualization.
However, it appears that for people who actually have the condition, visualization never gets to any specificity. One could be unable to answer a single one of the questions on your test, yet that does not necessarily mean they have aphantasia, as aphantasia is not the lack of detail in visualization, but the lack of any visualization at all. Some people who have aphantasia have attested in these comments that they cannot picture anything in their minds at all. Many of them attest that they don't even visualize when dreaming.
I like this test because it’s not your answer, it’s your reaction to the question that matters. If you read this and think “uhh is that a trick question?” then you probably have aphantasia.
My initial reaction to reading this the first time was to go reread the story more closely to find the answer. But the answer isn’t in the story. For many people the answer is just a truth that exists when they hear the story and are asked the question. If it’s not you likely have aphantasia.
Maybe you are just very lazy at filling in the details of the scenery? A questionnaire based approach doesn't sound very objective to me. A condition with the only "realiable" diagnostic being the VVIQ test, is not a condition at all.
Even replace "circle" with "straight line." I think tests like above (balls, people, details) miss the point that in actual aphantasia you literally visualize nothing
I think this hits closer to the mark. For any given description, if a person is able to visualize anything at all, then they don't have the condition. If they do have the condition, then they apparently can't visualize anything.
Now I find myself in a situation that my devices are not reachable anymore as when the IPv6 address changes and both DNS entries and firewall need to be updated each time when the prefix changed (In between connections break, but this might be a lesser problem)
As far as I understand the only solution which does not include some complex scripting of ip change detection and automatically updating the firewall rules is to use NAT66 and ULA. But even then I have a protocol whose most advertised feature is not to rely on NAT and puts mit fast in a situation in need to use NAT. And the privacy extension of every device or the devices using SLAC and not DHCPv6 are problematic.
IPv6 is just not able to steup efficiently for where IP addresses are changing. Not with moving mobile devices, not in wifi environments with multiple access points, not with changing prefixes, not in failover scenarios.
Bottom Line: I disabled IPv6 again here without any intentions to look for complex workarounds. All outbound traffic is now IPv4 again. IPv6 is providing no benefit but causes additional problems over IPv4 due to issues with the design. I am waiting for IPv7 (or whatever will be the next successor of IPv4) will arrive.
reply