Vincent 🐡3d ago
Baa 🐑
Every HackerNews post about IPv6 has some of the worst, most privileged, idiotic, vibe-coded, proprietary, ignorant, 16bit, capital-guzzling, unicorn takes I've ever known on the subject:

- IPv6 addresses are too hard to remember.
So? You're not meant to remember addresses, that's why we have DNS, write it down, literally a non-issue.

- IPv6 is confusing and I don't want to learn something new.
That's a personal issue buddy, either start reading or get left behind, that's what you said about AI right? More things than you depend on this transition.

- NATing has solved the IP limit problem so there's no point.
NATing is a plaster slapped onto brain bleed, easy and cheap, but ineffective, it causes a wide range of usability problems, such as blanket IP bans, restrictions on self-hosting, connectivity issue for VPNs both private and corporate.
To make matters worse, the effects are significantly worse in poorer countries, while Europe, China and the USA have a bounty of IPv4s to use (though China's still aren't enough), India has been on critically short supply for a while now with reports of multiple NATed network layers being issued. Imagine if you got banned from Valo because your neighbour 4 districts away got caught cheating.

- We've been trying for 40 years and it hasn't worked so let's give up.
OK, we're going to give up on solving world hunger too then because that's clearly not getting anywhere, and the energy crisis too while we're at it, just shut it all down.
Just because you personally haven't seen the progress or felt its effects doesn't mean its not happening, people smarter than you have been working on this before you were born, and at this rate might continue to work on it after you switch careers to Goose Farming.

- IPv6 hasn't worked so let's just make IPv7.
Insane take, despite how it looks, IPv6 support is extremely widespread and ready to go, the reluctance of big tech and ISPs is purely due to the cost implication and lack of enforcement, creating a brand new spec now would enforce another 40 year delay just to assuage your own personal opinion.

- IPv6 is a security risk because the router isn't NATing.
Misunderstanding of what NATing does. Even with a public-facing IP on every device, ports are still protected by the router's firewall.

- IPv6 is a privacy issue because now you can easily identify every device in a home by its public IP.
A valid concern, if it hadn't been identified and resolved with the Privacy Extensions to SLAAC that randomises your IP address after a set time period, mitigating the problem to that of your NATed IPv4 Public IP, if not making it more private by muddying the telemetry waters.

#ipv6 #networking
Privacy Extensions for IPv6 SLAAC - Internet Society

Whereas IPv4 had two basic methods for obtaining an IP address, IPv6 has three. Static configuration is basically the same in both protocols, although less relevant for IPv6 given the length of the address. DHCP is also there for both protocols, and IPv6 DHCPv6 is described in RFC 3315. Introducing SLAAC The new method that […]

Internet Society
Apr 12 at 2:58pmWeb
Show threadNorm Mikoto3d ago
@Baa I kinda wonder if it's an issue with how networking is taught to people. If I recall correctly in school, I think we may have briefly touched on IPv6 stuff at most (granted I only took one course in that stuff but still)
Show threadBaa 🐑3d ago
@[email protected] To be honest, I think HackerNews has a particularly high number of junior vibe-coding devs that don't understand networking very well, but get paid a big salary and now their ego's inflated past their actual experience.
Suddenly they think their opinion on every technical subject is valuable and important, even though their actual knowledge is near zero.
Which is frustrating because they are likely also leading the charge in technological development for a lot of areas...
Show thread⁡snow  3d ago
@Baa @mikoto hackernews is a comedy site and only exists for laughing at ppl who have zero clue what theyre doing
Show threadEloy.3d ago
@snow @mikoto @Baa Y Comedy Hacker News
Show threadKevin Karhan1d ago
@eloy @snow @mikoto @Baa +1
Show thread✨メッツォ✨  2d ago
@snow I need to register for HackerNews, then  
Show thread⁡snow  2d ago
@mezzodrinker bonk
Show thread✨メッツォ✨  2d ago
@snow How did I deserve being bonked :fernpout:
Show thread⁡snow  2d ago
@mezzodrinker youre not dum, that's my job 
Show thread✨メッツォ✨  2d ago

@snow I didn't claim I was dumb, I just claimed I have zero clue what I'm doing  

Also, you're also not dumb. As I keep saying: Silly? Maybe. But definitely not dumb 

Show threadLett Osprey   🍉 1d ago
@mikoto @Baa I ampast 50, I barely learned anything about Ipv6... I think an issue is more that IT isn't taught well at all most places, and mostly focus on the portfolio of the tech giants. The more "generic" education I got seems to be more and more rare.
Show threadFlux1d ago

@lettosprey @mikoto @Baa

Good news is it seems like CCNA material touches on IPv6 a bit more than it used to and was made more generic. But honestly if you know and understand v4, it takes like an hour or two to read what you need to know about v6 in most cases.

I also feel with countries that got larger than average allocations of IPv4 addresses feeling how tight the address space is and companies like Amazon now charging for v4 addresses, that v6 will continue to see the rapid growth we have seen since COVID.

The differences between V4 and V6 is greatly exagurated, and I would argue that IPv6 simplifies somethings that people often just expect the ugly complexity of V4 and NAT.

Like subneting in v6 is extremely easy compared to v4 because basically every single access network is a /64 and large v6 networks can easily be made with heirarchy for organisation with extremely large space.

Show threadLisPi1d ago

@Umbreon @lettosprey @mikoto @Baa I had to learn IPv6 properly after not being taught it much at all in schooling ("it exists, you won't use it at work enough to bother, specialize in networking if you really want to know").

Some things are indeed much simpler.

The main pain point I have is that sufficiently specific firewall forwarding rules are not possible without ugly hacks (such as hooks & shellscripts) with nftables for registering/unregistering addresses in named sets on prefix changes (yes this can be templated with configuration management, it's still annoying and gross).

(My pain point, effectively, is due to dynamic prefixes and having no guarantee my prefix won't change at any point. nftables has yet to address the reality that users usually get screwed over.)

Some other consumer firewalls (many are proprietary ) do support either matching on the suffix/id part of an address or automatically adjusting for prefix changes. (I've seen mention of some binary comparison logic methods for nftables online but they don't actually seem to work on my Debian setup.)

Show threadsilhouette   3d ago
@Baa as much as I agree with all of this, these arguments are all worthless if you can't make a compelling business case to management.
Show threadThomas Schäfer3d ago

@silhouette @Baa

🤦
Ok,

A further nonsense point:

IPv6 has no killer app.

Show threadsilhouette   3d ago
@tschaefer @Baa I literally manage a /29 prefix so you can go facepalm someone else.
Show threadDenis 3d ago

@tschaefer

> IPv6 has no killer app.

DirectAccess could have been.
However companies could not deploy it while their employees' ISP (or the public Wi-Fi they connected to) were not IPv6-enabled.

Unfortunately, there can't be a killer-app while the lower layers are not ready.

@Baa

EDIT 2026-04-13: I have to correct myself. DirectAccess can work on an IPv4 island. I wonder why I did not push more at work back then 

Show threadBaa 🐑3d ago
@ledeuns @tschaefer We use DirectAccess.
Sometimes people's Windows copy downgrades from Enterprise to Pro and Direct Access gets disabled.
We then can't access the machine to fix it and they have to bring it into the office.

So when it works it's decent but MS have sabotaged it
Show threadzivi3d ago
@tschaefer @silhouette @Baa ipv6 has no games
Show threadLisPi1d ago

@tschaefer @silhouette @Baa It enables end-to-end routing that makes p2p networking for things like torrenting trivial to do right.

With an anonymizing layer, it enables one to save a lot of money per month that would otherwise be stolen away by capitalist gatekeepers.

Show threadFelix1d ago

@silhouette @Baa
Roll-out IPv6 is cheaper and faster. No need to manage pages-long lists of NAT in our routers any longer. Shorter routing tables. Easier filtering. Less CPU cycles on the perimeter systems. Saves energy costs.
Save a LOT of money in resources, both human and technology.

As said: NAT is a plaster and it costs. Not obviously but indirectly.

"Besides: Our devices are doing it anyway for internal purposes already."

Show threadBenjamin3d ago

@Baa While all your responses are valid, they are all Service Provider issues to solve. As a user, I don't really care much.

From my point, services I (want to) use do not work with IPv6 (Okta, Escape from Tarkov) but everything works with IPv4.

Edit: Wait, I think Okta does have v6 now. Need to verify at work tomorrow.

Show threadx0r3d ago
@Baa And last time I checked, about half of Internet traffic is IPv6 now. So IPv4 is soon becoming a minority protocol.
Show threadzivi3d ago
@Baa we need ipv6 because computers simply being properly reachable on the public internet by default is magic and would allow for so many cool things to happen so much more casually
Show threadDavid Schuetz ** looking for work **3d ago
@zaire @Baa Its funny because that’s how it used to be. :)
Show threadzivi3d ago
@darthnull @Baa yep, exactly, and it’s how it should’ve remained
Show threadKevin Karhan1d ago

@zaire @darthnull @Baa problem is Chicken vs. Egg.

  • I can't even work remotely without a static #IPv4 cuz corporate bs.
Kevin Karhan (@[email protected])

@[email protected] unless #IPv6 is mandatory to be supported with *every service and device* I'm stuck with #IPv4. - Plus: #PrivacyExtensions are tagged-on, not mandatory! > if you got banned from Valo because your neighbour 4 districts away got caught cheating. Then don't play a garbage game (which I won't anyway, cuz it's laced eith #malware under *false pretenses*. Not to mention even big #telcos are unwilling to do IPv6 and instead do bs like #CGNAT on #RFC1918 (10 /8) to *deliberately brick #VPN|s*!

jorts.horse
Show threadkasperd3d ago
Many true words spoken in that post. When discussing privacy questions related to IP versions you might find some of the risks associated with IP-ID to be interesting. I once made a tool that makes use of one of the lesser known properties of that field to find out if two IPv4 addresses are both pointing to the same host: https://v6tools.kasperd.dk/same-host/
Same host detection through IP-ID

Show threadAndreas K3d ago
@Baa
Now, I have to admit I have to check it, perhaps Magenta has changed it, but traditionally when you turned their router into bridge mode it turned into IP v4 only. Static address and all. But IPv4. So for the past decade and a couple of years my home network has been IPv4. Because I will not run with an ISP provided WiFi router, that is literally awful.
Show threadantsu3d ago
@Baa One of my first blog posts ever was precisely to address some of these points.
https://blog.antsu.net/ipv6-for-people-who-hate-ipv6/
IPv6 For People Who Hate IPv6

My current ISP offers IPv6 connectivity, but it is opt-in. I suppose due to it being a relatively small business, they lacked the expertise to make things Just Work®, and it took them several weeks to get IPv6 running smoothly on my account. During these weeks of troubleshooting and back-and-forth

antsu's blag
Show threadS T E L L A R  3d ago
@Baa hackernews is stupid, and i found them idiotic since the day i saw someone make a "uv sterilizer" for a n95 mask.
Show threadLisPi1d ago
@Stellar @Baa Without knowing specifically what the mask is made out of or having testing equipment, that's a bad idea.

There has been research on sterilization for reuse (shortage concerns and not being made out of money), and most of them tolerate low dry-heat for hours (in proper dry-heat sterilizer units) better than autoclaves.

I think UV was also tested in a few of those whitepapers and found worse than dry-heat. (This was testing in relation with Covid contamination. Other stuff might resist sterilization enough that there really is no option other than destroying the masks.)
Show threadS T E L L A R  1d ago
@[email protected] @Baa of course because uv sterilization doesn't work on porous material
Show threadLisPi1d ago

@Stellar @Baa It can if they're UV penetrable.

That also means more degradation before an acceptable effect is achieved, which also means being able to test that it's not enough to ruin them is essential.

Show threadJohann150 ⁂   ☮3d ago

@Baa

16biti might be stealing that as an insult >:3

Show threadPreston Maness ☭3d ago

@Baa

I suspect ISPs and data centers view "restrictions on self-hosting" as an important "feature" of continued NAT+IPv4.

Show threadWolf480pl2d ago

@Baa
I agree in general and I cheer for IPv6 becoming more widespread

however

> you're not meant to remember addresses

The only cases when I type IPv4 addresses from memory is when I don't have working DNS - either when debugging DNS, or when manually configuring the first interface of a host, on a network with no DHCP.

Unfortunately, these are the cases where I can't rely on DNS to remember IPv6 for me.

It's not a deal-breaker but it does add some friction.

Show threadFelix1d ago

@wolf480pl @Baa
Why?
That's likely a private network and in that case one is free to decide on which address and -type to use.

What's so hard to remember 2001:db8::1 as a default local DNS? 2001:db8::/32 is the "documentation" private IPv6 prefix - much like example.com is for DNS.

I remember a time when I mixed up 192.168 to 198.162 for our home network. Yay! Public IPv4 /16 mapped at home!

Pro-tip: Have a printed cheat sheet.

Reminds me I need to step on my ISP's feet.

Show threadFelix1d ago

@wolf480pl @Baa
Coming to think of it:
Remembering 2001:db8 is 32 bit for IPv6.
Now there's
10.0/8
172.16/12
192.168/16
for IPv4 private networks. Makes 9+13+17=39 bits for IPv4. Whoops?
IPv6 in fact requires _less_ human memory for "common" addresses. Even more so when starting to count characters, not just bits.

"I can't remember IPv6 addresses" is just another word for "I don't want to learn new stuff."
Here's your two-weeks notice, thanks for your services.

Show threadWolf480pl1d ago

@syn_rst
1. since IPv6 has no NAT, you use public addresses in LAN, and you can't control the first 64 bits of it

2. using the "documentation" prefix as a private prefix is wrong

3. actual private IPv6 addresses come from fd00::/8 and you're supposed to pick the next 40 bits randomly

4. I also need to remember a public DNS resolver, ideally one that responds to pings - like 1.1.1.1 for IPv4

5. I'm sorry to hear your country's law allows such a short notice period

@Baa

Show threadFelix1d ago

@wolf480pl @Baa
1. Since I may choose from fd00::/8 for private purposes (see 3), I have at least some control over the first 64 bits. Also, if my ISP handed me a prefix which is shorter than 64 bits - what is what an ISP should do.

2. sure is, so is using "example.com" locally.

3. so, my random choice just happens to be my postal-code.

4. Why is there no DNS resolver on the LAN already?

5. Mine actually doesn't, however, refusing to learn on the job may be a reason for termination.

Show threadWolf480pl1d ago

@syn_rst
4. Because I put it there, but somehow it doesn't work, so I need to figure out if it's broken, or if my internet is down.

Or maybe there isn't one yet and I need working DNS to apt install unbound.

3. https://datatracker.ietf.org/doc/html/rfc4193#section-3.2.1

2. which is why nobody does that

1. sure but the part you can't control is more than 32 bits

I'm sure with enough use I'd memorize the few IPv6 prefixes I use at home. But it will take some time.

RFC 4193: Unique Local IPv6 Unicast Addresses

This document defines an IPv6 unicast address format that is globally unique and is intended for local communications, usually inside of a site. These addresses are not expected to be routable on the global Internet. [STANDARDS-TRACK]

IETF Datatracker
Show threadWolf480pl1d ago

@syn_rst
Also, re your math - that's not how entropy works.

I have 192.168/16, 172.16/12 and 10/8 in my long term memory, so it's only 2 bits to remember which one is used on a particular network.

Then there are the remaining 16, 20 or 24 bits. Even in the worst case of 10/8, it's 2+24=26 bits. But if we assume router gets .1 on the last octet, it'd be 2+16=18 bits.

Show threadWolf480pl1d ago
@syn_rst
Meanwhile with IPv6, even if I get a whole /48 from my ISP (unlikely), the part fixed in tbe standard is 2000/3, so that leaves 45 bits I can't control that I have to remember.
Show threaddmi 💽 1d ago

@wolf480pl @syn_rst literally just do NAT and bind your outer address to something short. my local net is fdaa::/64, default gw is fdaa::1, and (for now) i’m statically assigning addresses

it’s necessary on my dual-ISP setup (so I have my devices available under two prefixes at once from the outside), but nobody is stopping you from doing it with just one ISP if you want to use short IPs.

like 75% of your complaints are only valid because you’ve been used to IPv4 for all your life :|

Show threadWolf480pl1d ago

@domi @syn_rst
I didn't mean these to be complains.

> fdaa::/64

so you're saying fuck the RFC?

Show threaddmi 💽 1d ago

@wolf480pl @syn_rst fdaa::/64 is within fd00::/8, which is a reserved private range

like sure, you can randomize it if you want to be perfectly safe. but you’re complaining about the numbers being too long to remember. at that point even just raw fd00::/64 would be okay, it’s just your home network

Show threadWolf480pl1d ago

@domi @syn_rst
I have two of them and a site-to-site VPN in between, so it's three.

I can envision a scenario where it becomes more, and the argument in RFC is quite convincing to me.

(also I'm a perfectionist)

Anyway, I'm not trying to say IPv6 sucks. IPv6 is great.

But if you do it by the book, the addresses will be a bit harder to remember. And I think it's fair to be upfront about this, rather than trying to sweep it under the rug or workaround it.

Show threaddmi 💽 1d ago

@wolf480pl @syn_rst

But if you do it by the book,

THERE IS NO BOOK!

we have serving suggestions. that’s all. please make yourself comfortable instead of whining about RFCs :(

Show threaddmi 💽 1d ago
@wolf480pl @syn_rst “i’m a perfectionist” sorry but i can’t take you seriously when you put “perfection (RFC)” above “perfection (it feels comfy)”
Show threadWolf480pl1d ago
@domi @syn_rst
I'm sorry my brain is wired that way
Show threaddmi 💽 1d ago

@wolf480pl @syn_rst that’s alright

i’m just… prompting you to maybe rethink this.. for your own comfort in the future

Show threadnick 1d ago
@domi @wolf480pl @syn_rst some of us feel comfy when there's Ordnung, myself included. But a) that's also imposing limits on yourself on what you are allowed to do (imagine the fun that you could have when you ignore the rules - this is general life advice) and b) failing to live up to the self-imposed rules can be distressing.
Show threaddmi 💽 1d ago

@nick @syn_rst @wolf480pl if you prefer perfect order (whatever that is for you, really!) - by all means, please do! i’m not trying to police your sandpit

wolf sounded like he’s between a hammer and a hard place, where neither volles ordnung, nor chaos, nor a mid-way would suit him, and that’s a really bad place to be (…speaking from experience)

Show threadWolf480pl1d ago

@domi @nick @syn_rst

Nah, I'm fine. I'm just arguing with someone on the internet about advertising IPv6 for what it's not.

Show threadWolf480pl1d ago
@domi @nick
FWIW I think @syn_rst is overreacting to my original post