Forgot your password?
typodupeerror
Networking The Internet Apple

Apple Under Fire For Backing Off IPv6 Support 460

Posted by samzenpus
from the no-ipv6-for-you dept.
alphadogg writes "Apple Computer came under fire for back-pedaling on its support for IPv6, the next-generation Internet Protocol, at a gathering of experts held in Denver this week. Presenters at the North American IPv6 Summit expressed annoyance that the latest version of Apple's AirPort Utility, Version 6.0, is no longer compatible with IPv6. The previous Version, 5.6, offered IPv6 service by default. While home networking vendors like Cisco and D-Link are adding IPv6 across their product lines, Apple appears to be the only vendor that is removing this feature."
This discussion has been archived. No new comments can be posted.

Apple Under Fire For Backing Off IPv6 Support

Comments Filter:
  • I hate ipv6 (Score:5, Insightful)

    by Sir_Real (179104) on Sunday April 15, 2012 @11:56AM (#39693535)

    There I said it. The lack of adoption and the lack of knowledge have made it a tremendous burden with absolutely zero benefit to our organization. I'm fine with running ipv4 into the ground. I just don't care anymore. I hate ipv6.

  • by smpoole7 (1467717) on Sunday April 15, 2012 @12:05PM (#39693597) Homepage

    I guess I'll try one more time. Whether in this *specific* case it's a good or bad thing, remember that most of us are running small IPv4 networks. IPv6 adds needless complexity and simply isn't needed.

    I just wrote an article on this for an industry trade magazine. One gem of a quote came from a vendor who makes audio-over-IP remote equipment (i.e., remote broadcast from a site away from the studios). He said, and I quote, that his company is IPv6-ready at the hardware level, but hasn't added it yet, because -- here's the quote -- "not one single customer has requested it." In fact, those who have added it get support calls from people: "why is this so slow?" "Why can't I connect?" The answer? Disable the IPv6 unless you KNOW you need it! :)

    Remember: the shortage of IPv4 addresses is on the PUBLIC INTERNET. (An extremely important distinction.) A small business with maybe 10-20 devices on an internal network doesn't care about IPv6. At all. Now, those of you with hundreds of clients on a large network, might indeed want it. But for most of us, all we'll need is an IPv6-capable router/modem at the Internet gateway. Inside the facility, who cares?

  • In other news.... (Score:5, Insightful)

    by gstrickler (920733) on Sunday April 15, 2012 @12:11PM (#39693645)

    MS seen as backpedaling on it's support for 64-bit computing over Windows 8 only supporting 32-bit CPUs in tablets.

    Come on people, this isn't backpedaling, it's a completely new version of a utility that in it's initial release supports what's in use in 99% of installations. Those who are actually using IPv6 can use the older version until this one adds support (probably in the next release).

  • by evanbd (210358) on Sunday April 15, 2012 @12:24PM (#39693727)
    IPv6 makes VPN a lot easier and more reliable. Many small businesses care about that so that their employees can work while at home or traveling.
  • Re:Features (Score:5, Insightful)

    by marcansoft (727665) <hector@@@marcansoft...com> on Sunday April 15, 2012 @12:48PM (#39693891) Homepage

    You don't "switch" to IPv6, you add IPv6. Nobody expects IPv4 to go away any time soon. What everyone's talking about is supporting IPv6 plus IPv4. So all your old sites work, but you can also reach any new hosts that have IPv6 addresses only directly, and get the benefits of avoiding NAT. Those hosts will likely be mobile customers at first, since that's one of the first places where ISPs are having to use v6. As for those users, they will be able to talk to IPv4 sites via DNS trickery and IPv6-to-IPv4 NAT, or just via plain old IPv4 NAT.

  • by ericloewe (2129490) on Sunday April 15, 2012 @12:53PM (#39693933)

    Windows 8 isn't limited to 32-bit processors in tablets. The processors themselves lack 64-bit instructions, but the support is there. Nothing is preventing anyone from sticking an x64 processor in a tablet, like they've done quite a few times (Asus EP121, Samsung Series 7 Tablet).

    Apple on the other hand, is not allowing users to configure IPv6 - even if it is present and enabled, what good does it do if it can't be configured? Less features is not something you should want or tolerate. That's what pre-release builds are for.

  • by Anonymous Coward on Sunday April 15, 2012 @01:20PM (#39694133)

    You block ping too? God, you're two kind of idiots at once.

  • by Anonymous Coward on Sunday April 15, 2012 @01:27PM (#39694169)
    The more you know about security the less you'd rely on stateful firewalls for security. For organizations that care about security, every device in the network not having a publicly accessible address is a desirable feature and not a problem. The day someone makes a mistake does not necessarily expose your entire network. It just exposes the servers/services that you hopefully have already hardened for such a scenario. A NAT router does not protect your internal network from your ISP and whoever has control over the adjacent network to it, but that risk is way lower.

    Even if you don't care about hiding your network if you use IPv6 you will need NAT technologies or similar.

    Because if you need to talk to "IPv4 only" servers, you need an IPv4 address. If you do not have an IPv4 address because your ISP has run out of them your ISP is going to have to provide proxies or NAT, what do they do - use proven IPv4 hardware/software or use IPv6 to IPv4 proxies/NATs?

    I remember not long ago when many IPv6 proponents either didn't realize or didn't think it was a big problem that an IPv6-only client could not talk to an IPv4-only server. You'd need a proxy or similar - and nobody was/is making those proxies, so guess why those of us with a clue didn't bother with IPv6? It was clear the technology and developers were not aware of the real world. Sorry if we aren't keen on implementing dreams by delusional people.

    There was even a time when they were thinking they wouldn't need DHCP for IPv6. I think some hilariously thought it was not needed and were busy reinventing the wheel badly. How many years do you think it'll take for those new "DHCP-like" services to be less buggy and exploitable?
  • by ugen (93902) on Sunday April 15, 2012 @01:29PM (#39694179)

    Except some of us *like* NAT for the added privacy it provides. Personally, I'd be a lot more willing to switch to IPv6 once there is a workable NAT masquerading solution that lets me hide all my devices behind a single address

    As an aside, Linux is no help here, the iptables authors are religiously opposed to it, last time I checked. FreeBSD might work out in the end - we'll see. Once I can get this solution to run on a wifi router (like I do now with dWRT) - it's a go :)

  • by Tore S B (711705) on Sunday April 15, 2012 @01:35PM (#39694211) Homepage

    I guess I'll try one more time. Whether in this *specific* case it's a good or bad thing, remember that most of us are running small IPv4 networks. IPv6 adds needless complexity and simply isn't needed.

    No, NAT adds needless complexity and simply isn't needed if we could all just start using IPv6! Incomplete appliance support is an extreme hinderance to that.

    Remember: the shortage of IPv4 addresses is on the PUBLIC INTERNET. (An extremely important distinction.) A small business with maybe 10-20 devices on an internal network doesn't care about IPv6. At all. Now, those of you with hundreds of clients on a large network, might indeed want it. But for most of us, all we'll need is an IPv6-capable router/modem at the Internet gateway. Inside the facility, who cares?

    I happen to work in broadcasting, so I know your anecdote is a bit of an edge case. Few people in broadcasting even use DNS or DHCP, much of the time, IP networks are simply replacements for whatever proprietary bit of telco comms preceded it.

    But of course no end user asks for IPv6. The mere idea that an end user should need to care about what happens on the transport layer for improvements in transport layer tech to be a Good Idea is flabbergasting. These things are supposed to be transparent. Technicians should realize they have a social responsibility to implement it, because the net gain is dependent on almost everyone getting it into place, so it can reach a critical mass so that we don't have to deal with the gigantic, internet-breaking kludge that is NAT.

    The main point is: There should be no distinction in addressing, there should be no NAT. One address should be able to reach another address no matter what network each host is on. That's kind-of why it's called an inter-net.

  • by ugen (93902) on Sunday April 15, 2012 @02:22PM (#39694527)

    In addition - I don't have any publicly accessible servers at home and do not plan to ever get such. My servers are hosted in a dedicated facility and have publicly addressable IPs (of course :) ).

    At the same time, I am strongly opposed to all the possible devices on my home network being visible/enumarated by hosts they need to access on the public Internet. These devices are only for me to know, and I go to great lengths to make sure that externally all access from my home network appears uniform and indistinguishable (for example, right now my web browser tells this web site that I am running Firefox 3.0 on the same Windows XP box :), irrespective of which computer or device I am using). Try doing that *without* "shitty NAT" :)

  • by slimjim8094 (941042) <slashdot3 AT justconnected DOT net> on Sunday April 15, 2012 @02:25PM (#39694547)

    Every big firm wants, above all, to get rid of the quaint notion that the Internet is a network of intelligent peers. Much better to have dumb terminals all locked in to your service.

    While this does seem to be the general trend, companies like Comcast are surprisingly actually pretty good about v6.

    It's like Google pretending to champion IPv6 then setting absurd conditions for their IPv6 services. So ISPs which offer native IPv6 by default, such as England's Andrews&Arnold, have to jump through artificial hoops before they're "supported".

    Bullshit. From their website [google.com]:

    To qualify for Google over IPv6, your network must meet a number of requirements. These include:
            Low latency, redundant paths to Google using direct peering or reliable transit
            Production-quality IPv6 support and reliability
            Separate DNS servers for your IPv6 users (not shared with IPv4-only users)
            Users who have opted in to IPv6 services and know how to opt out if they experience problems with Google services

    Google damn sure doesn't want provider's shitty v6 implementation to cause people problems with their service. Seems like a pretty reasonable desire to me, and pretty reasonable conditions to meet to prove you don't have a shitty implementation.

    And it's no coincidence that half of abusive SixXS is half-run by a Google employee.

    Um what? Care to provide any support for "abusive SixXS"? I did a quick search and couldn't find anything suggesting it, aside from people who were pissed that they got cut off for abuse. They actually seem to be more responsive than HE about abuse complaints, so I don't get it. Plus, I've never had any trouble with SixXS - at least not in the 3 years or so that I've had a tunnel with them.

    Oddly enough - and this'll get me the mod to oblivion - only MS has historically shown neutral support for IPv6, neither trying to control it nor eschewing it. That's because, I expect, Microsoft was traditionally about the powerful desktop and local server (running NT, of course). Now it's jumped on the cloud bandwagon, who knows?

    While MSFT has admittedly been pretty decent about v6 support (at least Vista+, their v6 implementation for XP worked, but was lukewarm), Apple had some of the earliest consumer routers that really supported v6 properly. Their phones, tablets, OS, all do as well. As noted before, this utility is a rewrite, and lacking several features that will (presumably) be added back in. The hardware still supports it; if you need v6, just keep the older utility for now.

    I don't know why you were modded up.

  • by slimjim8094 (941042) <slashdot3 AT justconnected DOT net> on Sunday April 15, 2012 @02:41PM (#39694651)

    The v6 address space is so enormously huge, you can't enumerate all hosts. Even if you could, it's trivial to block ping scans at the firewall in the same way as unsolicited connections. Furthermore, the Privacy Extensions (made possible by the address space!) give you a different address every few minutes, for the same net effect (it's the same prefix, but a different host portion every time, which is analogous to one NATted public address).

    Regarding your earlier post, the internet is in fact supposed to have end-to-end connectivity. Private address spaces were supposed to be non-routable, organization-internal addresses using the IP as a convenience - not bridged to the "real" internet with a nasty hack. The nodes in the middle are supposed to be "dumb", since that's how IP was designed to function. I don't know what software you wrote, but it doesn't change the facts. And yes, I have read the papers.

  • by cheater512 (783349) <nick@nickstallman.net> on Sunday April 15, 2012 @04:56PM (#39695475) Homepage

    Far more additional complexity.

    A) You need an extra length field to specify the length in bytes so it doesn't accidentally start reading other data as part of the IP address.
    B) Makes routing more difficult. You can use bitmasks and so on to help with routing when it is in binary form. You'd need to expand everything to the binary form anyway.
    C) The vast majority of packets would be drastically larger. E.g. IPv4 ips are a 32bit long in a packet. 4 bytes. 255.255.255.255 is a whopping 15 bytes. Multiply that for a 128 bit (only 16 bytes) address.
    D) In some instances, IPv6 addresses are based on MAC addresses. No 'compression' there.

  • by Junta (36770) on Sunday April 15, 2012 @05:21PM (#39695613)

    existing solutions work just fine with ipv4.

    Really? Because I had to renumber my home network because I happened to conflict with one of my employers non-routable networks. I had established a peer VPN with an associate, but he had to renumber his network to do it. There are numerous departments I have had to deal with, but I can't connect to all their VPNs at the same time. Why? Because half of them used 10.0.0.0/8 as 'their' network.

    I don't believe, for a second, that all addresses in companies or homes need to be public addresses!

    Even if you believe that, ULA in IPv6 is really quite nice. Instead of conflicting with everyone using 10.0.0.0/8 because everyone likes having a fake class A, I have a 1 in 1^40 chance of conflicting with private addresses.

    I don't WANT my address to be easily and directly reachable.

    Everyone knows the address of the white house. That does not mean a gunman can walk through the front door just because he knows where to find it. Firewalling rules are still viable even if you aren't NATing.

  • by ugen (93902) on Sunday April 15, 2012 @06:08PM (#39695855)

    Just because a host is not directly addressable does not mean it should not be able to actually communicate with hosts outside. But I certainly don't want it to be "visible" or known.
    Just like I don't want anyone to be able to tell by looking at my home from the outside what brand of refrigerator I have or what's in my stove or dishwasher (even though they are connected to public utilities too), I don't want anyone to be able to (easily, at least) tell what network-connected devices I am using in my home. It's a basic tenet of privacy and security. Providing any type of unique per-device addressing defies this objective.

    Think of it in terms of real world addresses. My house has one, but not each bedroom or item of furnishing. They are "things within the house" and the only way someone gets to talk to them is by mailing a letter to "Attn. : Commode, John Doe, 123 Main st, New York, NY 10001".

  • by Anonymous Coward on Sunday April 15, 2012 @07:11PM (#39696187)

    This, 1000 times this.

    NAT may not add security, but it does add privacy.

  • Don't know why they header doesn't specify the address in the same way that utf8 specifies numbers.

    Because with fixed-length address fields, I can implement routing with NAND gates.

FORTRAN is a good example of a language which is easier to parse using ad hoc techniques. -- D. Gries [What's good about it? Ed.]

Working...