Or, more likely, we're seeing the result of a generation growing up glued to cell phone screens and crappy social media every waking moment from their youngest years?
We are quick to blame phones and social media. Previously it was tv. Before that comics and radio. The breakdown of the nuclear family.
We ignore the food we put into our bodies, we include the medical waste going into our environment getting recycled back into food/water. We blindly take pills the doctor gives. We gladly take a needle where you need to sign a piece of paper saying you can't sue if anything goes wrong with this untested vaccine. We would never let any other drug/vaccine into the market without years of testing but this one is fine. You have to sign here because when something goes wrong we need to make sure it's your fault alone.
Luckily, this can all be achieved using a Wi-Fi or (even better) a Z-Wave thermostat that is 100% locally-controlled using something like Home Assistant or any number of other solutions.
The guy I replied to was asking why you'd want an Internet connected thermostat.
I am a HA guy and prior to my ecobee I ran an American Radio Thermostat with local HA support and you could control over curl. But the wifi module was so old that no modern device connected to it when I had to reset it up.
This is spot on. Nicely written! I think many people forget what a great, unique, and exciting time those decades were. (Or many simply did not experience them).
There was a palpable sense of nearly unlimited potential for a brighter future, powered by technology.
As someone who experienced those decades, present day feels like a dystopia in comparison.
Not really true on modern digital radio systems. They are AES-256, but the voice frames are encrypted right after the vocoder does its thing, then the voice data is dropped into the stream just as if it were clear voice. It's all wrapped in the same same digital protocol (like P25 or numerous others), so the signal is very distinct in that encrypted and clear communications both sound the same to someone listening to the raw audio.
Pre-shared, static keys are unfortunately quite common. However, the P25 standard does provide for re-keying over they air through a process known as OTAR (Over The Air Re-keying).
To put it very simply, radios communicate with a central Key Management Facility (KMF) using a special key (UKEK, Unique Key Encryption Key) to securely transport the new key material. There's more to it than that, of course, but these features are heavily used by the feds and also by larger state and local systems -- because manually re-keying each radio is a huge pain.
I recently decided that it was high time to stop ignoring IPv6 after 30 years of computing and actually learn how it is supposed to work.
So I started digging in, and there's definitely a lot to like.
But I see two big problems that are showstoppers in my opinion, at least for my home network (not even considering the fact that very few residential ISPs even support v6 at this point):
1. Generally speaking, the IPs of your LAN are based on the prefix assigned by the ISP. Most residential ISPs don't offer static prefixes. This means that every time your prefix changes, the IPs of all your devices on your LAN change. Seems like this "feature" was developed in a more idealistic era when people probably thought everyone would be getting static IPv6 addresses, since shortages would never be an issue. Unfortuantely, they failed to foresee the fact that most major ISPs are terrible, greedy organizations that either outright refuse to offer static assignments, or continue treating them as if they were scarce IPv4 resources, charging a premium or requiring business-class service to even get them.
2. The ISPs that do support v6, like Comcast/Xfinity in the USA, are only allocating one /64 prefix. This means you can only have one subnet (VLAN) on your LAN! Why are they being so stingy?
I would love to migrate to IPv6, but these two issues alone make it feel like a clown show for home users.
Couple of things - if you want prefixes to stay the same you can use ULAs for your home network. Not ideal but it's available. The 'right' way to manage this is to use DNS, and just have the prefixes auto-update there, or mDNS. For prefix sizes you should be getting a /56 most of the time, especially from major US ISPs. If you're getting a single /64 it's almost definitely an issue with your router's PD setup.
Yeah, I know about the workarounds, but that just kind of defeats the purpose for me. Also, I've read comments from folks stating they were having a hard time getting a larger prefix from Comcast using PD... don't know how universally true that is.
Using DNS to resolve everything solves part of the problem, but firewall rules are another issue. The router would need to have the capability to update everything dynamically when the prefix changes. I think this in the works for pfSense, but I'm not sure if its actually supported yet. It looks like you might have to mess around with some 3rd-party script to make it work.
I guess I'm just generally disappointed that the whole process seems unnecessarily messy. I don't have a v6-compatible ISP right now anyway. I was thinking about trying a tunnel, but I'm not seeing the benefit in it right now.
Yeah, this is the constant problem with IPv6: it's a much better design than IPv4, it's simpler to understand, and it should be theoretically much easier to use, but the tooling is all so terrible that it's often easier to just use IPv4. Which is too bad, because so many of the problems with IPv4 completely go away when you use IPv6, but right now we're stuck with dual-stack, which just doubles the amount of work to set everything up.
1. nftables supports NPTv6 (Network Prefix Translation), which is similar to NAT, except it's stateless and every device remains individually addressable. So you can configure your DHCPv6/SLAAC to assign to each device both an address from your globally-routable prefix and from your ULA prefix, and then NPTv6 will handle mapping your ULA prefix to/from the internet.
2. Lots of ISPs only assign a /64 by default, but if you configure your router to request a /56 via DHCPv6 prefix delegation, you'll usually get the larger prefix.
FWIW, I'm using both of these on my home network, via a router running OpenWRT.
Thanks, I appreciate your explanation. I was aware that there are workarounds, but to me that defeats one of the core tenants of IPv6, which is that we're supposed to be doing away with this NAT and NAT-like nonsense by giving everything a globally rotatable IP.
When I was reading up on everything, I also learned that your router can request a bigger prefix, but I ran across several posts from various folks stating they could only get a /64 from Comcast no matter what they tried, so I'm not sure how universally supported DHCPv6-PD requests are.
> I was aware that there are workarounds, but to me that defeats one of the core tenants of IPv6, which is that we're supposed to be doing away with this NAT and NAT-like nonsense by giving everything a globally rotatable IP.
The nice thing with IPv6 is that devices have no problem with being assigned multiple addresses on the same interface. So most of my devices actually have 5 IPv6 addresses [0]: a globally-routable DHCPv6 address (the default), a globally-routable SLAAC address, a ULA DHCPv6 address, a ULA SLAAC address, and a link-local address. So you can have a globally-routable IP and a locally-stable IP at the same time. And this is arguably a good thing, since it would be annoying to have to renumber your local network if you ever changed ISPs.
> I ran across several posts from various folks stating they could only get a /64 from Comcast no matter what they tried, so I'm not sure how universally supported DHCPv6-PD requests are.
That's annoying, and also means that you probably won't be able to get NPT to work either. FWIW, both Shaw and Telus (in Canada) will assign you a /56 via DHCPv6-PD if you request it.
[0]: I don't actually want this many addresses, but a link-local address is required for IPv6, I want my devices to have constant/easily-memorable IP addresses so I need DHCPv6, Android only supports SLAAC so I have to keep that enabled too, devices will prefer IPv4 over a v6 ULA so I need to keep the globally-routable addresses, and I want to use static addresses in my LAN so I need ULA enabled as well.
This is such a dumb problem with IPv6. Unless ISP stop being crappy and start offering static prefixes to regular residential subscribers, then I just don't see how v6 would ever be practical. This seems like a big oversight in the design and implementation of v6.
Doesn't using ULAs kind of defeat the purpose (or one of the main intents) of IPv6, which is every device having a globally rotatable IP address? It kind of puts us right back in the IPv4 with NAT situation, only with longer, uglier addresses.
I personally think it is absurd that the ISPs that do actually support IPv6 are being so difficult and stingy about assigning static v6 prefixes.
IPv4/NAT is not the only "to get to system X you must pass through system Y" scenario.
Example: You have a bastion host that is Internet-accessible, and it has one or more server behind it you only want accessible "through" the bastion host. The bastion host might be running nginx and reverse proxying multiple servers behind it, and this host is doing caching in addition to WAF and some other stuff.
So this bastion host would have at least 2 NICs, one for the Internet-facing connection and one or more where servers exist on a non-public LAN. The small network(s) connecting these servers to the bastion host can use a ULA and thus be guaranteed to not be globally routable.
Link-locals are suboptimal because since they are link local, they only have to be unique per link. This means some commands insist you specify interface name with the LLA, e.g. fe80::aaaa%eth1.
This is amazing. Thank you so much to the authors for putting the time into this and sharing it. I would love a way to download a local archive of music like this.
Also, I hope this site doesn't disappear if/when the rather unpredictable .tk TLD operator decides to do something dumb.
