SoylentNews is people
SoylentNews
A Swiss VM hosting provider has a technical blog post about how to kill IPv4 completely on FreeBSD. That is to say, turning it completely off, not just preferring IPv6. They then solicit concrete solutions describing, along with a proof of concept, how to turn IPv4 completely off in other operating systems and allowing them to communicate with IPv6 only.
Earlier on SN:
Vint Cerf's Dream Do-Over: 2 Ways He'd Make the Internet Different (2016)
You have IPv6. Turn it on. (2016)
We've Killed IPv4! (2014)
This discussion has been archived.
No new comments can be posted.
Removing IPv4 Completely from FreeBSD and Other Operating Systems
|
Log In/Create an Account
| Top
| 69 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
There's no such thing as an original sin.
-- Elvis Costello
(Score: 3, Insightful) by fyngyrz on Saturday January 19 2019, @03:36AM (20 children)
...the first thing that struck me was how much stuff this would outright break.
There's a bunch of stand-alone and stand-between stuff that can't be updated. There are a bunch of OSs, even the computers themselves with fixed network hardware, that can't be updated. There are a bunch more of all of those things where there is zero chance that the users would be able to manage to update whatever it is even were it nominally possible and something available for the fix.
Seems like...
IPv6 is already in place. New devices and OSs and so forth already support it. Leave IPv4 alone. You want to use IPv6? Even only IPv6? By all means. Enjoy. Leave the rest of the world out of your nefarious plans.
--
Neque porro quisquam est qui dolorem ipsum quia dolor sit
amet, consectetur, adipisci velit...
Well, Cicero clearly didn't know some of the women I've known.
(Score: 2, Informative) by janrinok on Saturday January 19 2019, @09:23AM (5 children)
Well I could easily counter your argument by saying that I use IP6 and have not found anything that doesn't work. My internal network, websites, internet access, and NAT all function perfectly well, but without the security implications and fudges that are associated with IP4. So I suggest that your statement should be amended thus:
(Score: 2) by fyngyrz on Saturday January 19 2019, @03:26PM (4 children)
And that's just fine. But what you can't do is claim that this is true in general. Which was my actual, you know, point. So as it turns out, you can't counter my argument that way. Sorry. 😊
--
Money can't buy love, but it can sure buy a yacht to pull up next to it on.
(Score: 3, Insightful) by janrinok on Saturday January 19 2019, @06:34PM (2 children)
The longer one clings to older systems and refuse to update them for fear that they will not work, the more likely you are to reach the stage where you will encounter a problem that it is too late to resolve.
I don't support stopping IPv4 completely, but I do believe that we should not cling to old technology when there is something better and more secure available to replace it.
(Score: 2) by Apparition on Saturday January 19 2019, @08:30PM (1 child)
It reminds me of the few people that still use Microsoft Windows XP on the Internet to this day and insist that it still works just fine.
(Score: 2) by hendrikboom on Wednesday January 23 2019, @11:09PM
For the once a year or so I needed it, it worked just fine. Now I use Wine,
(Score: -1, Troll) by fakefuck39 on Saturday January 19 2019, @09:56PM
ACtually, your actual, you know, point, is you underline your text with a comment of some type. Your posts - I've never seen an actual point, hence no point needs to be countered. You replied that we shouldn't take IPv4 out of general operating systems. You're the only one talking about that in your straw man. You're arguing with yourself, not the rest of us.
The directions were posted on how to remove v4 from operating systems, so now people like the OP can easily do so and not have stuff sitting around they don't need, worry about what it does or its security. Then comes underline idiot yelling "things will break" - well guess what - they won't, for use cases where they won't.
Hey, you ever go on a sports car forum and complain a supra can't transport pianos? They'll love your underlines there. Here, we'll just shit in your mouth as you open wide for us.
(Score: 0) by Anonymous Coward on Saturday January 19 2019, @12:13PM (3 children)
What's preventing owners of these devices from NATing the 4 to 6 addresses?
(Score: 0) by Anonymous Coward on Saturday January 19 2019, @01:12PM
..... that's not a NAT my friend. That's called a proxy.
(Score: 2) by fyngyrz on Saturday January 19 2019, @03:29PM
Not everyone has money to spare for new devices, you know.
It's all too easy to say "just buy..."
--
Yes sir, two copies of "Math For Dummies" at $16.95.
That'll be $50.00
(Score: 2) by hendrikboom on Wednesday January 23 2019, @11:11PM
The IPv6 protocols are not identical to the IPv4 protocols. More has changed than the number of bits in the address.
(Score: 2) by VLM on Saturday January 19 2019, @02:39PM (6 children)
You permanently have a cognitive load of ipv4 firewalls, MITM type attacks, ipv4 DDOS, stuff like that.
Aside from obvious kernel level security attacks (buffer overflows or whatevs)
Can't have a security issue with something not installed.
For something like an IOT device, a link local ipv6 subnet, and a EUI-64 unroutable host addrs, is a nicely secure situation for LAN-local IOT "stuff". You literally can't be hacked from China if you don't have a network protocol and network address thats accessible from China (Well, not hacked directly, given that Big Brother and every nation state on the planet probably has zero-days and pownership of your router unless you have an *bsd box or whatevs as a router, LOL)
(Score: 2) by fyngyrz on Saturday January 19 2019, @03:33PM (5 children)
Except that you certainly can, since retransmission through point B (and C, and D, and... ZZZZZZZZZZ) is a thing. Other than that, of course not!
--
I'd agree with you, but then
we would both be wrong.
(Score: -1, Flamebait) by fakefuck39 on Saturday January 19 2019, @10:03PM (4 children)
retransmission of IPv4 traffic is not a thing if your system doesn't have a 4 octet IP address. what is it you're not getting here sherlock? You're claiming the failure points existing in v6 leave in place the extra failure points of v4? I gotta ask - are you wearing velcro shoes (stupid people have a hard time w/ laces)? Does you not having laces on your short bus shoes mean you still have trouble with shoe laces, on your dummy shoes? I bet you do. I bet you do.
Seriously, it's rare to find someone who keeps purposely drawing attention to their own idiocy. When you were a kid, did you ever shit your pants in the middle of a grocery store and start yelling it smells bad? I bet you did. I bet you did.
(Score: 0) by Anonymous Coward on Saturday January 19 2019, @10:41PM (1 child)
You seem to have an unhealthy obsession with feces. I guess with a prick that tiny, you gotta get your jollies somehow.
(Score: -1) by fakefuck39 on Saturday January 19 2019, @11:38PM
I'd say the person swallowing my shit with a ready and wide open mouth is the one with a feces obsession - you. I guess according to your logic we all have a shit obsession, since we shit daily. The person who keeps eating it though and coming back for more - an idiot who does not know the difference between NAT and a firewall, or between TCP and IP, and keeps talking about other people's genitals, just so those people can keep pointing out how dumb you are.
You can talk about my dick and keep eating my shit all you want buddy. I get my jollies by pointing out you're on a tech site, know nothing about basic networking protocols, and keep coming back for people to point that out. Kid who has shit his pants yelling it smells. Now open up that mouth a little more for me, human toilet.
(Score: 2) by hendrikboom on Wednesday January 23 2019, @11:13PM (1 child)
Some of us are smart enough to ignore societal conventions and use velcro shoes because they save us time.
(Score: 0) by fakefuck39 on Saturday January 26 2019, @01:57PM
undoing the velcro then putting it back takes less time than doing nothing? lemme axe you: do you think you're smart enough for shoelaces, or do other people think that also (if you know other people)?
(Score: 3, Insightful) by Anonymous Coward on Saturday January 19 2019, @05:00PM
There are a large number of people who want to control what you do with your computer, and one key way to enforce that is by destroying backwards compatibility and forcing you to choke down whatever shit they cram into updates. This is just a part of that philosophy, because according to them, peons can't be allowed to own computers or commit WrongThink.
(Score: 2) by rleigh on Saturday January 19 2019, @05:35PM (1 child)
Actually, it's far less bad than you say.
Look into NAT64 and DNS64. You (or your ISP) sets up a proxy which maps a range of IPv4 addresses into the IPv6 address space. All DNS requests for an IPv4 host will return the mapped IPv6 address. All connections to IPv4 hosts use IPv6 to talk to the proxy, which then talks using IPv4 to the host in question. All your hosts internally are IPv6 only, but still transparently access the IPv4 network. You can even have it proxy for internal IPv4-only hosts as well on a private subnet, so you can keep legacy devices around. The reverse also applies; you can have external IPv4 connections proxy to an internal IPv6 host.
This is a typical way you would set up a new network. It pushes IPv4 to the edge of your network, leaving the internal network with just IPv6 to support. It keeps things both simple and future proof. I definitely appreciate this for running virtual machines, which can bridge directly to the internal network with a global IPv6 address. No different than a regular host. Just maintain the appropriate firewall rules to control access, as you would for IPv4 with or without NAT.
(Score: 0) by Anonymous Coward on Saturday January 19 2019, @09:22PM
Comcast and TW/Spectrum have native IPV6 stacks. AT&T not so much (as you have seen). Not sure on the VZ/Fronter setup currently as I have not seen it.