“spam” I guess because they tried to post a photo to this comm instead of a news article.

The way you’re supposed to identify hosts for v6 configuration is with a DUID instead of a MAC.

So this is just a feature of DHCPv6, right? The one unsupported by Android?

A better way of managing it is to group common hosts within a specific /64, and set policy specific to that. The hosts can then cycle through IADs as normal. It’s why it’s so important for ISPs to provide a minimum of /60 or /56 via PD as a default.

Then, without some kind of ident, you need physical separation or VLANs which gets kind of annoying in a small/home network. Mostly I want to keep an eye on windows machines, silence consumer devices (IoT/entertainment devices), and allow some services for a couple of servers (don’t tell my ISP). They all need to be treated uniquely by the router/firewall.

That’s basically low-heat frying them for more than half an hour, according to the recipe?

Basically. The goal is to literally caramelize the sugars in the liquid you sweat out of the onions. This takes time and a lot of attention to prevent burning or sticking to the pan.

Btw, one thing I’ve found that pairs unexpectedly well with the taboulah salad and mujadara is unflavored Greek yogurt.

I completely forgot that in the fridge. I’ll be having that with leftovers.

Not to mention, SCO (steel cut oats) are always an improvement over hulled rice.

I originally bought some groats to use (since that’s what wikipedia said), but my lack of experience with it and inability to find a good recipe using them made me go the rice route. Might give that a shot at some point.

Delete this post

As far as privacy is concerned, v6 allows a much broader scope for protection than v4 and NAT, as the IA portion (second 64 bits) can be changed at will by that endpoint. EUI-64 is still common with basic v6 stacks, but SLAAC will rotate every ~24 hours.

Oh that’s cool.

One of my favourite features of v6 is it explicitly permits, and caters for, multiple addresses on an interface. This means you could theoretically have a unique address per application, within multiple prefixes if they’re available.

Couldn’t you do that with v4? Or maybe that was only with bridge interfaces. hmm

I personally have all my internal services accessible only on addresses under ULA prefixes, which intrinsically prevents them from being accessed outside of my network, no firewall required. Using WireGuard permits remote access when needed.

This is… interesting. At first I thought it was just like the v4 loopback range, but like you mentioned it opens up the possibility of routing between two on-machine networks. I’m gonna have to digest that idea for a while.

What’s a useful way to manage clients identities? Like before, static MAC would allow the assignment of a static IP, then that device could be handled by the firewall using that IP. But with these random addresses is there any way to use targeted firewalling/monitoring for specific devices?

Great to know, thanks!

I didn’t really think it could reach the temperatures necessary for caramelization. Good to know, thanks.

From the perspective of the internet, and any properly configured routing infrastructure, they should only ever be interested in the first 64 bits when routing, the second 64 should be exclusively the domain of the last segment.

Interesting. But routers don’t actually strip that, do they? So the endpoint I’m communicating with will still get the full /128 address? I’m concerned about the privacy implications of MAC addresses being sent to everybody and their mother.

I’m a bit concerned about SLAAC’s metadata leakage. Sending out many of my devices’ MAC addresses to the world isn’t exactly the best for privacy. My key devices like laptop and phone use MAC randomization, but I have a ton of other stuff that doesn’t.

That leaves DHCPv6, which won’t work with any android devices or chromebooks.

Damn, that’s a straight WONTFIX, too since 2014. Lots of religious argument in there, maybe I’m reading all that tonight.

Thanks for answering my questions.

You can’t subnet below a /64 at all? Or it just makes things like SLAAC/auto-addressing using the MAC address unusable?

Doesn’t a /64 already give me more than I’ll ever use?

I gotta suck it up and learn IPv6. My ISP now provides me with a /64. But I feel like I have a lot of knowledge gaps on their features so I’m worried about security. Especially with all the new features like SLAAC.

What’s the best crash course these days? Go through Cisco materials or something?

If the manufacturer designs it so that I have to disassemble the entire engine just to replace the spark plugs, I’m still going to be irritated even if I can just pay some people a ton of money to replace them for me.

Happy for you, but onstar shares the infotainment circuit on my vehicle. The only way to disable it is to dismantle the dash, remove the whole infotainment unit, and remove the circuit board for onstar. Which likely has some warranty implications, as well.

Hope to get to it soon, but what a hassle.

A little office, probably for security.

Moving water is like the hardest of the infrastructure projects.

Right, the Americans…

Scientists from Tianjin University, China Agricultural University in Beijing, and Utrecht University in the Netherlands found that between 2001 and 2020, increased vegetation reduced water resources in both the eastern monsoon region and the northwestern arid region.

The whole intro to the article even puts China in a favorable light. Why are you so ready to go to the mat for China without even trying to read what they’re saying?

They prevented that from working years ago. Now it’s usually on a critical circuit that you can’t just disable.

I care. But they make it really hard to remove or disable that shit.