It's a re-election tactic. He knew all along.
Album
joined 1 year ago
I agree with this but I would say the prefix is the only thing you should focus on.
It's important that ISPs don't regularly rotate your PD and it's part of the rfc recommendations that they don't. And the remainder of the prefix is your vlan space that is as important for VLAN routing as always.
Ipv6 requires fundamental rethinking about how addressing is done. If you're trying to apply v4 concepts to V6 you likely end up running into something they intentionally designed out.
A unique local address is an address space where you could do that. It's the equivalent to RFC1918 eg. 172/192/10. So you could statically assign fd0::x, and that is expected, but not required generally.
I wouldn't give each device a static unique global address unless they need to be accessed via wan without domain consistently. You lose device privacy really quickly that way because every device gets a unique globally routable address. It's fine for internet facing services but most Linux, Windows, and mobile implementations are using ipv6 privacy extensions by default to ensure you get a random GUA every day.
My network is dual stack and I connect mostly over ipv6 to all my internal clients using internal DNS. If my internal DNS is ever down I can fall back to ipv4 or it's basically the one box on my network with an easy to remember ULA.
Yeah, that's basically right. With an opening line like mine (a formula), we're basically dealing in typical reddit/lemmy pedanticism.
I (somewhat ironically now) specifically chose the words MFA over 2fa when saying "mfa-1" as to be most encompassing from the get go because yes:
- the truest definition of MFA is =>2
- there are cases where the factors are multiple things you have and/or are (like private keys and pass keys, and biometrics)
i do agree the 1st factor in a situation where its multiple factors is generally and common practice to be something you know.
MFA is not necessarily only 2 factors and single factor is not necessarily a password.
Your mfa is now mfa-1
Ah yeah I see your point I suppose - i didn't think that's the line that would hang people up though. By definition of the theory of the singularity is that it will be blisteringly quick - though that's my word for how quick it will be. The whole concept that the last 50 years equivalent of tech advance will be achieved in the next 25, and so on ... to the point that it creates the singularity. I think we will see it in our lifetimes and it's going to be much closer than people are comfortable with.
They can do it all they want but it won't work...
If I "opt in" it falls back to non doh immediately because using doh on my network is not up to Chrome.
use-application-dns.net + nxdomain for any known doh provider
I don't use pihole but doh blocking works great on my network. It should work on a pihole tho it's pretty basic stuff.
If you can't resolve the domain you can't validate the TLS certificate.
It's not up to Chrome.
It's honestly super simple to set up. Outside of your ISP config it's almost all autoconfig. 100% of the complication (at least for me) comes from knowing ipv4 first for 20 years and then trying to incorrectly map those concepts to V6.
As soon as I "let go" it was fine.
There's not a huge net benefit you're right. I mostly wanted to learn and I hope to be at the front edge of disabling ipv4 in the near distant future.