Apple Under Fire For Backing Off IPv6 Support 460
alphadogg writes "Apple Computer came under fire for back-pedaling on its support for IPv6, the next-generation Internet Protocol, at a gathering of experts held in Denver this week. Presenters at the North American IPv6 Summit expressed annoyance that the latest version of Apple's AirPort Utility, Version 6.0, is no longer compatible with IPv6. The previous Version, 5.6, offered IPv6 service by default. While home networking vendors like Cisco and D-Link are adding IPv6 across their product lines, Apple appears to be the only vendor that is removing this feature."
Because 32bits of addressing... (Score:2, Funny)
is all the world will need for the next 20 years, right?
Re: (Score:2, Informative)
I was really puzzled about this, so I went to 'investigate' the issue a bit. Turns out Airport is not a router, but a sort of wireless switch (no modem). So this is probably another speed optimization as packets are 96bit smaller and your home network probably isn't filled with more than 4294967296 devices.
The first thing that comes to my mind is how in the hell this is going to work when you want to access the internet in such a configuration. The utility or physical Airport station probably converts this.
Re:Because 32bits of addressing... (Score:4, Informative)
Source on this? It seems to do the important parts of routing, at least for a home network configuration--assigns IP addresses, allows port forwarding, etc. And it certainly can do IPv6--the option was removed, for some reason, from the newest configuration utility. Also, it obviously works when connecting to the Internet, unless it has a really sophisticated Slashdot emulator :)
You can still download the old Utility: http://support.apple.com/kb/DL1482?viewlocale=en_US&locale=en_US [apple.com]
Re:Because 32bits of addressing... (Score:5, Informative)
So this is probably another speed optimization as packets are 96bit smaller...
Actually, an IPv6 packet can be smaller than an IPv4 packet. The IPv4 header contains a lot of garbage not required by IPv6. See for yourself. [cisconet.com]
Secondly, IPv6 addresses can be concatenated. Only if you're using an extremely complex IPv6 address will your router need to process a large source or destination header.
Re:Because 32bits of addressing... (Score:5, Informative)
"can be smaller", but won't.
IPv4 header: "Variable length of 20-60 bytes, depending on IP options present." (if you don't use any options, 20 bytes).
IPv6 header: "Fixed length of 40 bytes. There are no IP header options." (if you don't use any options either, 40 bytes)
IPv6 is terrible if those "20 bytes more" are relevant for your application.
Src: http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=%2Frzai2%2Frzai2compipv4ipv6.htm [ibm.com]
Re:Because 32bits of addressing... (Score:4, Insightful)
Far more additional complexity.
A) You need an extra length field to specify the length in bytes so it doesn't accidentally start reading other data as part of the IP address.
B) Makes routing more difficult. You can use bitmasks and so on to help with routing when it is in binary form. You'd need to expand everything to the binary form anyway.
C) The vast majority of packets would be drastically larger. E.g. IPv4 ips are a 32bit long in a packet. 4 bytes. 255.255.255.255 is a whopping 15 bytes. Multiply that for a 128 bit (only 16 bytes) address.
D) In some instances, IPv6 addresses are based on MAC addresses. No 'compression' there.
Re:Because 32bits of addressing... (Score:4, Insightful)
Don't know why they header doesn't specify the address in the same way that utf8 specifies numbers.
Because with fixed-length address fields, I can implement routing with NAND gates.
Re:Because 32bits of addressing... (Score:5, Interesting)
I was really puzzled about this, so I went to 'investigate' the issue a bit. Turns out Airport is not a router, but a sort of wireless switch (no modem). So this is probably another speed optimization as packets are 96bit smaller and your home network probably isn't filled with more than 4294967296 devices.
The first thing that comes to my mind is how in the hell this is going to work when you want to access the internet in such a configuration. The utility or physical Airport station probably converts this. I don't think Apple is that retarded...
If you investigate further, you'll see it's just the Admin tool that lost support when they rewrote it, and it has nothing to do with the actual Airport device. Just like Final Cut Pro X, I'm sure Apple will re-add features over time.
Re:Because 32bits of addressing... (Score:5, Informative)
Turns out Airport is not a router, but a sort of wireless switch (no modem).
Your terminology is not quite standard.
So this is probably another speed optimization as packets are 96bit smaller and your home network probably isn't filled with more than 4294967296 devices.
My comparatively ancient and underpowered WRT54G manages IPv6 just fine.
But more to the point, the Airport Extreme itself is perfectly capable of routing IPv6, so your point is moot. It's just that IPv6 support is no longer included in the configuration utility.
Re:Because 32bits of addressing... (Score:5, Interesting)
I don't think Apple is that retarded...
I'm sure I'll be modded flamebait for this, but I take it you don't have much dealing with Apple products in a support capacity. They can be pretty retarded. Little things like:
* Improper grounding on wifi cards in the macbook air
* Driver/kernel integration with DHCP
* Signed binaries becoming corrupt requiring a full reinstall (or similar)
* Removing features and adding steps to perform basic tasks while calling it 'streamlining'
* Removing compatibility for no apparent reason (eg. samba removal)
Re: (Score:3)
The airport extreme is a wireless router with some modem functionality, it can also act as a wireless AP.
Both of these have DHCP and print/file sharing servers.
Re: (Score:3)
Actually its this kind of stupidity that has always had me hating IPV6. Frankly they should have included backwards compatibility with IPV4 private networks because who in the hell is EVER gonna have more devices than a class A private address can provide?
Which brings us to the second stupid ass move with IPV6 the removal of NAT. That was stupid because it relies on what i call "Star trek thinking" where they only see the bright side of life, never the dark. engineer: "With IPV6 you'll have so many addresses you won't NEED NAT so everything can just be online!" Me-What about those of us who don't want to have everything online ALL the time, but don't want to switch back and forth between private and public addresses? What about the security risk as now I'll have to worry about the possibility of security weaknesses in every damned device like TVs, game machines, PMPs, etc? Engineer: "-------". Whether you love it or hate it you have to admit NAT WORKS, it makes it a hell of a lot harder to target an individual device on a network.
NAT is a retarded way of being online, always intended as a temporary solution and forced due to the shortage of IP addresses. If you don't want certain things to be on the internet, then simply assign them private addresses, but not public ones. In IPv6, any device can have multiple IP addresses, but that doesn't mean that they have to. If you don't want a device, such as your console, to be online, simply disconnect it from the external network - say if you want your kids to play w/ each other within
Re:Because 32bits of addressing... (Score:5, Insightful)
I guess I'll try one more time. Whether in this *specific* case it's a good or bad thing, remember that most of us are running small IPv4 networks. IPv6 adds needless complexity and simply isn't needed.
I just wrote an article on this for an industry trade magazine. One gem of a quote came from a vendor who makes audio-over-IP remote equipment (i.e., remote broadcast from a site away from the studios). He said, and I quote, that his company is IPv6-ready at the hardware level, but hasn't added it yet, because -- here's the quote -- "not one single customer has requested it." In fact, those who have added it get support calls from people: "why is this so slow?" "Why can't I connect?" The answer? Disable the IPv6 unless you KNOW you need it! :)
Remember: the shortage of IPv4 addresses is on the PUBLIC INTERNET. (An extremely important distinction.) A small business with maybe 10-20 devices on an internal network doesn't care about IPv6. At all. Now, those of you with hundreds of clients on a large network, might indeed want it. But for most of us, all we'll need is an IPv6-capable router/modem at the Internet gateway. Inside the facility, who cares?
Re:Because 32bits of addressing... (Score:5, Insightful)
Re:Because 32bits of addressing... (Score:5, Informative)
I don't believe, for a second, that all addresses in companies or homes need to be public addresses!
Not every IPv6 address is a "public" address - private addresses can be assigned to a local subnet, very much like RFC1918 addresses, except now called Unique Local Addresses.
and, of course, there is some security to NOT being directly touchable on the net.
I don't WANT my address to be easily and directly reachable
Second of all, I can only assume by "directly reachable" you remain the loss of NAT/PAT. Again, Unique Local Addresses invalidate your statement. Furthermore, NAT/PAT can still be implemented. Not that it gives you any security whatsoever today.
running ipv6 is about as useful, to home users, as running BGP.
You do know that BGP is a routing protocol and IPv6 is a routed protocol, right? Please take a moment and read through the Wikipedia page on IPv6. Maybe even try running it for a week or two in a virtual environment?
Re: (Score:3)
Thanks for the reply. However, what you described appears to be effectively identical to basic NAT inasmuch as it provides address translation/rewriting behind a router and serves as an abstraction layer between external & internal IPs.
Have I merely misunderstood the semantics in the v6 NAT debate?
Re:Because 32bits of addressing... (Score:5, Informative)
Re:Because 32bits of addressing... (Score:5, Insightful)
existing solutions work just fine with ipv4.
Really? Because I had to renumber my home network because I happened to conflict with one of my employers non-routable networks. I had established a peer VPN with an associate, but he had to renumber his network to do it. There are numerous departments I have had to deal with, but I can't connect to all their VPNs at the same time. Why? Because half of them used 10.0.0.0/8 as 'their' network.
I don't believe, for a second, that all addresses in companies or homes need to be public addresses!
Even if you believe that, ULA in IPv6 is really quite nice. Instead of conflicting with everyone using 10.0.0.0/8 because everyone likes having a fake class A, I have a 1 in 1^40 chance of conflicting with private addresses.
I don't WANT my address to be easily and directly reachable.
Everyone knows the address of the white house. That does not mean a gunman can walk through the front door just because he knows where to find it. Firewalling rules are still viable even if you aren't NATing.
Re: (Score:3)
The only "security" NAT provides is *exactly* the same as a stateful firewall. No more, no less. It makes no sense to talk about NAT providing some different kind or amount of security than a stateful firewall.
There are all sorts of IPv6->IPv4 proxies available. Virtually every load-balancing appliance and proxy software project with any IPv6 support provides such capabilities. All you need to make your IPv6-only internal network compatible with an IPv4-only website, or visa versa, is a copy of squid. Pl
Re: (Score:3)
The only "security" NAT provides is *exactly* the same as a stateful firewall.
As much as I agree with the sentiment, I will play devil's advocate for a moment. In an ideal world they are 100% equivalent. However, I think security people may consider NAT to be more 'failsafe'. If a NAT fails to apply its capabilities correctly, you have an outage and a problem, but it failed in a way that more likely than not still doesn't let foreign traffic in. For a stateful firewall, a failure is more equally likely to cause unwanted traffic to flow. Or, if being more pessimistic, cheap home
Re: (Score:3)
The only "security" NAT provides is *exactly* the same as a stateful firewall. No more, no less. It makes no sense to talk about NAT providing some different kind or amount of security than a stateful firewall.
Um, no. A NAT hides the internal network topology from the outside, and won't uniquely identify a client to an outside server.
The remote end of the socket has no business knowing whether it's the same device that connects for to separate sockets. Ad revenue based companies like Google and Facebook as well as *AA and DHS will rejoice over the possibilities this will give them. That is a security concern whether or not you are willing to see it.
Re: (Score:3)
You have obviously never had to build site to site VPN's to other customers/departments.. It completely loses any argument about 'private addresses that can't be reached' and in fact, makes it much, much worse.
Source and destination NATing on an IPSEC vpn is a royal pain in the ass, but is necessary, because people seem to think NAT is a security feature, so they run their company on the same 10.10.x.x or 192.168.1.x subnet as everyone else.
btw, how on earth do you use NAT without relying on a statefull fir
VPN addresses (Score:3)
For an internal network, what would be ideal would be what's called site unique addresses (fc00::/10), whereby every node in the world has a unique, non-routable address. AFAIK, It's never been implemented and the IETF also proposed a site local address (fd00::/10) where the global uniqueness wasn't required. But this is certainly a better solution than public IPv6 addresses - why would one give one's office network printer its own IPv6 address, when the only people authorized to use it are company employ
Re: (Score:3)
> A small business with maybe 10-20 devices on an internal network doesn't care about IPv6.
IPv6 isn't only about having more adresses. For instance, stateless address autoconfiguration is interesting in a local network.
Re: (Score:3)
Re: (Score:2)
But for most of us, all we'll need is an IPv6-capable router/modem at the Internet gateway. Inside the facility, who cares?
You are planning to run IPv4 on the inside NAT'ed to IPv6 on the router? This is doable but somewhat tricky since you need to fake DNS. You won't get any of the IPv6 benefits, of course.
I doubt it will be a particularly popular deployment model. Putting complexity in the CPE's which are already behind schedule to save trouble for the client systems which have been ready for ages seems somewhat backwards.
Re:Because 32bits of addressing... (Score:5, Interesting)
IPv6 allows us to finally get rid of NAT by having the router request several public addresses which are handed out to the individual computers.
The "not needed" mentality doesn't solve anything, especially because they could have just added an option to disable IPv6 instead of removing it.
Re:Because 32bits of addressing... (Score:5, Informative)
You're breaking the internet because you don't understand it. There's not really a nicer way to say it. Every host is *SUPPOSED* to be addressable. It's called the end-to-end principle. The fact that NAT prevented unsolicited connections was a consequence of its design, not a feature. Firewalls do it better, and with more control. They even do it by default! The reason the iptables authors are religiously opposed to it is because the internet isn't meant to be like that, and there are perfectly good solutions (in iptables!) to do what you want without a broken end-to-end principle.
For what it's worth, I've been running IPv6 at home for a few years without the slightest trouble. My clients get NATted IPv4 addresses, and a public IPv6 address. They have the same security, since the firewall prevents unsolicited connections. But since it's a firewall and not shitty NAT, I have three SSH servers on port 22 and two webservers on port 80 that are publicly routable. Try doing that with NAT
Re:Because 32bits of addressing... (Score:5, Informative)
:) As one of the original authors of some of the software that makes this Internet run (you probably are using it too, at least indirectly) I have a vague idea :)
Not every host is supposed to be addressable. There is a very specific reason private non-publicly-addressable subnet ranges were created, for example. So, your claims are false - you simply don't know what the Internet is "supposed" to be like.
Re:Because 32bits of addressing... (Score:5, Insightful)
Just because a host is not directly addressable does not mean it should not be able to actually communicate with hosts outside. But I certainly don't want it to be "visible" or known.
Just like I don't want anyone to be able to tell by looking at my home from the outside what brand of refrigerator I have or what's in my stove or dishwasher (even though they are connected to public utilities too), I don't want anyone to be able to (easily, at least) tell what network-connected devices I am using in my home. It's a basic tenet of privacy and security. Providing any type of unique per-device addressing defies this objective.
Think of it in terms of real world addresses. My house has one, but not each bedroom or item of furnishing. They are "things within the house" and the only way someone gets to talk to them is by mailing a letter to "Attn. : Commode, John Doe, 123 Main st, New York, NY 10001".
Re: (Score:3, Insightful)
In addition - I don't have any publicly accessible servers at home and do not plan to ever get such. My servers are hosted in a dedicated facility and have publicly addressable IPs (of course :) ).
At the same time, I am strongly opposed to all the possible devices on my home network being visible/enumarated by hosts they need to access on the public Internet. These devices are only for me to know, and I go to great lengths to make sure that externally all access from my home network appears uniform and indi
Re:Because 32bits of addressing... (Score:5, Insightful)
The v6 address space is so enormously huge, you can't enumerate all hosts. Even if you could, it's trivial to block ping scans at the firewall in the same way as unsolicited connections. Furthermore, the Privacy Extensions (made possible by the address space!) give you a different address every few minutes, for the same net effect (it's the same prefix, but a different host portion every time, which is analogous to one NATted public address).
Regarding your earlier post, the internet is in fact supposed to have end-to-end connectivity. Private address spaces were supposed to be non-routable, organization-internal addresses using the IP as a convenience - not bridged to the "real" internet with a nasty hack. The nodes in the middle are supposed to be "dumb", since that's how IP was designed to function. I don't know what software you wrote, but it doesn't change the facts. And yes, I have read the papers.
Re: (Score:3)
"OK, Mom, now click the 'Block ICMP' checkbox. Yep, with the left mouse button. Great! All set."
Re:Because 32bits of addressing... (Score:5, Informative)
And IPv6 can do better, without all the ugly side-effects of NAT: https://www.rfc-editor.org/rfc/rfc4941.txt [rfc-editor.org]
Re: (Score:3)
It does not give you privacy. Assuming it does, now *insert evil entity here* only knows that occurrence X happened on your network, not on your computer. For all practical purposes, even IF NAT worked as a "privacy shield", you're still on the hook for whatever you did.
Knowledge of the network is often just as useful as knowledge of the machine behind it.
Re:Because 32bits of addressing... (Score:5, Funny)
Inside the facility, who cares?
Patronizing, are you? What makes you think you may prescribe the type of internal addressing (size of RAM, internationalisation, etc.) to anyone and everyone?
I for one do care. Be it to work with IPv6 islands in an IPv4 shop, or student and research work. Maybe someone wants the same IP address wherever she goes?
It can be understood from your post that you say "as long as the Apple box allows a connection; by whichever means and difficulties including eventual downgrades and encumbrances, I will defend its weaknesses to the very end".
Though you could have said so.
Re: (Score:2)
Remember: the shortage of IPv4 addresses is on the PUBLIC INTERNET. (An extremely important distinction.) A small business with maybe 10-20 devices on an internal network doesn't care about IPv6. At all. Now, those of you with hundreds of clients on a large network, might indeed want it. But for most of us, all we'll need is an IPv6-capable router/modem at the Internet gateway. Inside the facility, who cares?
That's all well and good, but the technology to translate an IPv4 private network to an IPv6 public network -- and the need to do that is coming quickly -- *sucks*. It is not nearly as trivial a problem as one might initially expect, and every solution I've seen other than dual stack is an ugly hack that makes IPv4 NAT look like the very model of elegance. Removing IPv6 as even an option at this point is just stupid. Make the default "off?" Sure. But remove it entirely? Stupid in the extreme
Re:Because 32bits of addressing... (Score:4, Informative)
The impression I get (since I'm part of the group that runs the network for a major southeastern university) is that everyone should be running dual-stack for a while. Any infrastructure equipment you get that runs v6 should also be able to run v4 fairly easily. Any time we upgrade all the equipment in a building, or put in a new building, the addressing for the switches gets done via IPv6. For a majority of desktops, dual stack is available. For servers
But we have the money available to us to have IPv6 capable equipment. At home, FiOS has yet to provide me anything that provides IPv6 connectivity natively (ignoring tunneling). From what I've ready recently, say what you will about Comcast, at least they're deploying it.
The impression I get from your post is that you have equipment (both infrastructure and otherwise) that's more than 10 years old. I feel for you; we do, too. To a large extent, I'm not so sure you want an OS that old to have any kind of Internet access anyway. From a "It makes me feel good" stand-point, it would be nice if there were an easily implemented v4-v6 translation method available, but there just isn't.
So, what am I trying to say? Well, I've never talked to the "IPv6 crowd," but I don't doubt that they can be obsessive. But need to maintain an internal IPv4 network? Oh my, that can't be that hard. IPv4 isn't going away any time soon, and I seriously doubt there's anything out there on the services side (IE, a website) that you couldn't easily get to via IPv4 (unless it's an IPv6 proof of concept site).
It's going to be outside-in. Until all the major providers of home internet are providing at least a majority of their customer base IPv6 access, it's not going to be that big a deal. And even after they're doing that, you've got to assume that they'll be dual-stacking it, too. At least for a while.
Re:Because 32bits of addressing... (Score:5, Insightful)
I guess I'll try one more time. Whether in this *specific* case it's a good or bad thing, remember that most of us are running small IPv4 networks. IPv6 adds needless complexity and simply isn't needed.
No, NAT adds needless complexity and simply isn't needed if we could all just start using IPv6! Incomplete appliance support is an extreme hinderance to that.
Remember: the shortage of IPv4 addresses is on the PUBLIC INTERNET. (An extremely important distinction.) A small business with maybe 10-20 devices on an internal network doesn't care about IPv6. At all. Now, those of you with hundreds of clients on a large network, might indeed want it. But for most of us, all we'll need is an IPv6-capable router/modem at the Internet gateway. Inside the facility, who cares?
I happen to work in broadcasting, so I know your anecdote is a bit of an edge case. Few people in broadcasting even use DNS or DHCP, much of the time, IP networks are simply replacements for whatever proprietary bit of telco comms preceded it.
But of course no end user asks for IPv6. The mere idea that an end user should need to care about what happens on the transport layer for improvements in transport layer tech to be a Good Idea is flabbergasting. These things are supposed to be transparent. Technicians should realize they have a social responsibility to implement it, because the net gain is dependent on almost everyone getting it into place, so it can reach a critical mass so that we don't have to deal with the gigantic, internet-breaking kludge that is NAT.
The main point is: There should be no distinction in addressing, there should be no NAT. One address should be able to reach another address no matter what network each host is on. That's kind-of why it's called an inter-net.
Re: (Score:3)
By the way, the "uh ... OK" in my reply is mine. For some reason the editor decided to join it to your quote. Sorry about that.
But while I'm on a roll, let's see: hmm, umm ... My Dial Global satellite receiver uses both DNS and DHCP. It's IPv4-only, too. My Westwood One "Max" receiver, my XDS-Pro receiver and my Comstream (used for corporate feeds) is IPv4-only. The first two use DNS and obtain their address by DHCP by default. The Comstream was designed before gravity and dirt, so it's merely IPv4-only.
At
Re:Because 32bits of addressing... (Score:5, Informative)
Re: (Score:3, Informative)
Re: (Score:3)
The problem with Apple is the oversimplification
IPv7 (Score:5, Funny)
Re: (Score:2, Funny)
Do those packets have rounded corners?
Re:IPv7 (Score:5, Funny)
You joke but the rounded corners make the packets move through the series of tubes better.
Re:IPv7 (Score:5, Funny)
Re: (Score:2, Funny)
Close, It'll be called iPv5, actually. It'll work only with HTML5, and its packets will only support one standard transfer protocol. Google, Mozilla, and Apple disagree on whether it should be HTTP, FTP, or FTTP respectively, even though FTTP [wikipedia.org] is not even a transfer protocol.
Also it'll make canvas and video faster somehow, possibly through the patent-pending technology called "magic".
Re:IPv7 (Score:4, Funny)
the new revolutionary internet Protocol for enhanced experience on devices.
You could actually claim "iPeed on an iPad".
We still need subjects? (Score:5, Interesting)
I'm sure slashdot readers are entirely unaware of what goes on when a program is rewritten. And naturally assume that when it happens, 100% of all features and abilities are reproduced without any complications in a couple months. Just look at photoshop - its been such a breeze to rewrite for adobe.
I'm sure no company would ever think about building a rewrite with enough features and polish to ship, then add in feature parity as updates later.
Re: (Score:2)
I just upgraded to Photoshop CS24. Too bad the filters don't work, and neither does export to jpeg, but hey I should give Adobe some slack. I cannot expect them to do magic when rewriting their flagship product, right? Oh well, I guess it will become available in a few months with SP1.
Idiot.
CS Twentyfour? So they have really invented time travel then?
Did Adobe do it (in which case you'd be bounced into the Civil War if your mouse click is off by a pixel) or did Apple do it? (If so, say hi to Steve II for us).
What's the weather like?
Re: (Score:2)
Your sarcasm detector is broken.
Non-sense! (Score:4, Funny)
Actually, the expertsare divided on whether IPv4 addresses will be exhaused. There may be many more addresses hidden out there. Before this is properly investigated it is too early to take action on IPv4 exhaustion. The idea that addresses are running out is only scare-mongering spread by the left-wing media. We should focus more on the controversy and less on IPv6 support.
Re: (Score:2, Redundant)
Actually, the expertsare divided on whether IPv4 addresses will be exhaused.
IPV4 addresses have already been exhausted for a year now. [wikipedia.org]
Any so-called 'experts' claiming otherwise may not be reliable sources.
Re: (Score:2)
Re:Non-sense! (Score:5, Funny)
you are right. we should 'teach to the controversy'.
IPv4 addresses are less than 6000 years old. they are our god-given right and no heathen lefty is gonna convince me otherwise.
USA USA USA!
Re: (Score:2)
Not to mention the fact that adding IPv6 addresses hugely dilutes the value of IP addresses - you can't just print more IP addresses without causing hyperinflation! The internet IP economy will COLLAPSE!
That's why I've been switching to doing all my communications with packets made of solid gold. It's a little slower, but no dang socialist government is going to collapse MY packets' value! I'll be the one laughing when you guys have to use like a billion IP addresses just to send one "tweet"!
Re: (Score:2)
Re: (Score:2)
Correction: free IPv4 addresses are being exhausted. Once there are no more free addresses, people will start selling them and anybody who really needs them will be able to buy as many as he can afford. Most normal people won't though, being quite happy with NATed connectivity.
Why am i not surprised (Score:2)
peer-to-peer = loss of control (Score:4, Interesting)
Every big firm wants, above all, to get rid of the quaint notion that the Internet is a network of intelligent peers. Much better to have dumb terminals all locked in to your service.
Sticking with IPv4 and the resultant multi-NAT hell is a good technical step in this direction.
It's like Google pretending to champion IPv6 then setting absurd conditions for their IPv6 services. So ISPs which offer native IPv6 by default, such as England's Andrews&Arnold, have to jump through artificial hoops before they're "supported". And it's no coincidence that half of abusive SixXS is half-run by a Google employee.
Oddly enough - and this'll get me the mod to oblivion - only MS has historically shown neutral support for IPv6, neither trying to control it nor eschewing it. That's because, I expect, Microsoft was traditionally about the powerful desktop and local server (running NT, of course). Now it's jumped on the cloud bandwagon, who knows?
Re:peer-to-peer = loss of control (Score:5, Insightful)
Every big firm wants, above all, to get rid of the quaint notion that the Internet is a network of intelligent peers. Much better to have dumb terminals all locked in to your service.
While this does seem to be the general trend, companies like Comcast are surprisingly actually pretty good about v6.
It's like Google pretending to champion IPv6 then setting absurd conditions for their IPv6 services. So ISPs which offer native IPv6 by default, such as England's Andrews&Arnold, have to jump through artificial hoops before they're "supported".
Bullshit. From their website [google.com]:
To qualify for Google over IPv6, your network must meet a number of requirements. These include:
Low latency, redundant paths to Google using direct peering or reliable transit
Production-quality IPv6 support and reliability
Separate DNS servers for your IPv6 users (not shared with IPv4-only users)
Users who have opted in to IPv6 services and know how to opt out if they experience problems with Google services
Google damn sure doesn't want provider's shitty v6 implementation to cause people problems with their service. Seems like a pretty reasonable desire to me, and pretty reasonable conditions to meet to prove you don't have a shitty implementation.
And it's no coincidence that half of abusive SixXS is half-run by a Google employee.
Um what? Care to provide any support for "abusive SixXS"? I did a quick search and couldn't find anything suggesting it, aside from people who were pissed that they got cut off for abuse. They actually seem to be more responsive than HE about abuse complaints, so I don't get it. Plus, I've never had any trouble with SixXS - at least not in the 3 years or so that I've had a tunnel with them.
Oddly enough - and this'll get me the mod to oblivion - only MS has historically shown neutral support for IPv6, neither trying to control it nor eschewing it. That's because, I expect, Microsoft was traditionally about the powerful desktop and local server (running NT, of course). Now it's jumped on the cloud bandwagon, who knows?
While MSFT has admittedly been pretty decent about v6 support (at least Vista+, their v6 implementation for XP worked, but was lukewarm), Apple had some of the earliest consumer routers that really supported v6 properly. Their phones, tablets, OS, all do as well. As noted before, this utility is a rewrite, and lacking several features that will (presumably) be added back in. The hardware still supports it; if you need v6, just keep the older utility for now.
I don't know why you were modded up.
Airport Utility 6.0 is awful (Score:5, Interesting)
I'm sure the functionality will be added back in.
Airport Utility 6.0 follows the recent trend of Apple making all of their software neutered versions of iOS versions (Lion to a certain extent, iCal, Address Book, etc)--so the comments here http://www.macrumors.com/2012/01/30/apple-releases-redesigned-ios-like-airport-utility-6-0-and-an-airport-base-station-bug-fix/ [macrumors.com]. So, they went from a useful program with a standard interface (old version) to one with a pretty UI that lacks major features.
The trend has been for Apple to add MOST features back in at some point, so hopefully it continues. I can't imagine Airport Utility will stay this way forever.
I just keep an old binary around...
Re: (Score:2, Informative)
Indeed, they still offer the download for previous version (5.6) which happily coexists with version 6.0. I can only imagine they wanted to get the new version out fast, and extend it with non-essential features over time.
PS: The download link for those interested: http://support.apple.com/kb/DL1482
Re: (Score:2)
Snow Leopard will go down in history as the last great Apple OS. Everything after it is complete crap from a design standpoint. They are absolutely ruining what imho was the best designed OS from a GUI standpoint. What they are doing is just as bad as Microsoft's shitty metro UI for Windows 8. I guess I'm running Snow Leopard until my computer dies. Then I don't know what I'll do. I suppose Windows 7 on a "ultrabook". At least that will be supported for many years to come.
DOS was an OS nobody could love fro
Re: (Score:3)
I completely agree.
I upgraded my Mac Pro at work to Lion and can't say there's a single changed feature that I prefer over Snow Leopard. Not one thing. Mission Control is a regression, the removal of Save As / Duplicate is just confusing and annoying, Launchpad utterly useless, buggy (time machine backups, notably), annoying flat, monochrome, greyscale interface change throughout the system (finder sidebars, itunes, etc). Address Book is awful. iCal is awful. It's possible there's SOME new feature I prefer,
This is non-sense (Score:5, Informative)
They did not remove IPV6 at all. They new confit utility (v.6) doesn't let you configure it, but they say so right in the docs that it is one of th feature the new version does not yet support. They also give you a download link the previous 5.6 version if you want to configure those rarely used features. IPV6 is even enabled by default.
I hate ipv6 (Score:5, Insightful)
There I said it. The lack of adoption and the lack of knowledge have made it a tremendous burden with absolutely zero benefit to our organization. I'm fine with running ipv4 into the ground. I just don't care anymore. I hate ipv6.
Re: (Score:3)
That's funny. I talked to ipv6, and she said she still likes you.
Re: (Score:3)
nah, ipv6 has been dating DECnet phase V for the last few decades.
they have their differences, but their neighborhoods are similarly gated and their kids all share the same bus to school.
In other news.... (Score:5, Insightful)
MS seen as backpedaling on it's support for 64-bit computing over Windows 8 only supporting 32-bit CPUs in tablets.
Come on people, this isn't backpedaling, it's a completely new version of a utility that in it's initial release supports what's in use in 99% of installations. Those who are actually using IPv6 can use the older version until this one adds support (probably in the next release).
Re:In other news.... (Score:4, Insightful)
Windows 8 isn't limited to 32-bit processors in tablets. The processors themselves lack 64-bit instructions, but the support is there. Nothing is preventing anyone from sticking an x64 processor in a tablet, like they've done quite a few times (Asus EP121, Samsung Series 7 Tablet).
Apple on the other hand, is not allowing users to configure IPv6 - even if it is present and enabled, what good does it do if it can't be configured? Less features is not something you should want or tolerate. That's what pre-release builds are for.
You'd think IPV6 people would be smarter... (Score:5, Informative)
Apple didn't back off on anything. The version of Airport Utility discussed is the pretty, dumbed-down version of the application intended for folks who just barely understand what a router is about. It matches the similar version deployed on iOS.
The "previous version" isn't. The feature-complete 5.6 was released at the same time as the simple version, and has the same support for IPv6 as it ever did.
A.
Re: (Score:3)
I'd object to that because that would be plain stupid. Why not simply have a "Show advanced..." button, rather than forcing users to download an alternative utility to access them?
But AFAICT, the issue is not one of interface visibility of IPv6 settings, it is one of IPv6 support in general. The utility does not support IPv6, which is not only a UI issue but a functional issue.
Re: (Score:3)
The Airport devices (and their firmware) have IPv6 support - that has never changed.
The changes sound very "Apple", actually. There's a famous story of the iDVD team having a whole set of slides ready to show user interaction. Steve Jobs walks in, doesn't take a single look at their presentation, and draws a window on the chalkboard. "This is your interface. You drag movies to the window, you click 'burn.' That's it."
There are two "latest" Airport Configuration Utiltities right now - 5.6 and 6.0. 6.0 is th
5.6 *is* the latest version (Score:4, Informative)
5.6 is not the previous version! 6.0 and 5.6 were released simultaneously! The problem lies with their product naming, not versioning. That is, 6.0 really should have been called Airport Utility Lite or something like that. 5.6 could have been Airport Utility Pro or something like that. 5.6 is very much the latest version. Want all the features? Use 5.6. Want a simplified interface? Use 6.0.
If it wasn't clear before, it should be now (Score:3)
Apple is not in the "serious business" business. They aren't. They make "consumer gear" now. I love the Mac Pro. I love the Mac Mini. I think they are great machines. The problem? They aren't focusing on those any more. They care about iThings for people to throw away in favor of the next one.
And when some great F/OSS stuff makes implementing IPv6 easier, they will absorb it and pretend they invented it like they always have.
Re: (Score:2, Funny)
The input boxes/fields became to big considering the maximum size/length of an ipv6 address. UI design just doesn't allow such huge elements.
Re: (Score:2)
As someone who actually uses this app, it seemed strange to me too when I first saw it. Like someone took away the admin/power user side and made it completely simple UI. They actually tell you to go and download an older version to do advanced stuff.
Something must have snuck past the (whoever looks out for shit like this) to make it into the wild. I do not mind a simple interface for the simple people, but give the power users an access panel or something.
If you like that, check out Lion Server. About 10 steps backwards from Snow Leopard Server. But it's easier. So easy, that you could put it on a toaster.
Somebody at Apple is regressing to the mean for some bizarre reason. I'm also OK with a 'simple' interface if you leave some functionality behind the scenes - dropdown menus (so 20th Century) or just a CLI - whatever. But something for those who walk upright all of the time.
And then there is Final Cut X. And Aperture.
The Apple singularity is going to
Re: (Score:2)
The Apple singularity is going to be a little machine with a single button that just pulses quietly and does nothing at all.
That's not true at all! Each blink is $29.95 being debited from your accounts... All of them... Belonging?
Re: (Score:3)
Re:Features (Score:5, Informative)
You know, I've been waiting for it to become "mainstream" for over a decade now. Constantly, people have said "It's coming! It's coming!". Support has been added to just about everything. The problem is still that all those pesky web sites that people want to reach haven't converted. I went cruising through the IPv6 migration sites, they show the dozens of sites that are available.
Here's a quick look.
So, if you just switch over, you can't use google.com, unless you remember to use ipv6.google.com. You can't reach Slashdot. Try all the sites you frequent. Of my daily reading list, the only one that works by its normal name is xkcd.com. Most of them are big sites.
I'd expect to see ISP wide NAT deployed before IPv6. IPv6 is a novelty that may get adopted sometime in the future, but I wouldn't hold my breath on it.
Re: (Score:3)
I disocvered that Youtube was delivering to me via IPv6 and I didn't even realize that. The main site has no AAAA record that I can see. But the video delivery actually went over IPv6, despite me only using IPv4 for DNS. I suspect they bugged the page with a transparent image that asks for a hostname that is only on IPv6, and set a cookie or something to engage IPv6.
Re:Features (Score:5, Insightful)
You don't "switch" to IPv6, you add IPv6. Nobody expects IPv4 to go away any time soon. What everyone's talking about is supporting IPv6 plus IPv4. So all your old sites work, but you can also reach any new hosts that have IPv6 addresses only directly, and get the benefits of avoiding NAT. Those hosts will likely be mobile customers at first, since that's one of the first places where ISPs are having to use v6. As for those users, they will be able to talk to IPv4 sites via DNS trickery and IPv6-to-IPv4 NAT, or just via plain old IPv4 NAT.
Re: (Score:2)
On June 6th, however, this will no longer be a requirement and ALL DNS servers will return Google's public IPv6 addressing, including over your v4 servers.
Re: (Score:3, Interesting)
I have heard one paranoid assertion about IP6 which said that the reason it was being pushed so enthusiastically is that every device in the world will gets its own address. With a GUID on all traffic, everything is traceable and MAFIAA and the spooks are happy.
discuss
Re: (Score:3, Informative)
Every device gets an address, but that address is not a GUID. The address is different if you go to a different network. The address changes every day. It's not useful for tracking you, at least no more so than your v4 address was.
Not much to discuss here.
PEBKAC flaw in logic (Score:2)
Not only is this a significant increase in packet overhead, but it is highly likely that some portion will identify a person.
Without additional corroborating information all you can do with IPV4 or IPV6 is identify the originating computer. It is impossible to be 100% certain of who the person actually sitting at that computer is unless they transmit other uniquely identifying information or can be identified by third party sources such as security cameras. IPv6 is not meaningfully more useful for personal identification than IPv4.
Re: (Score:2)
"Not only is this a significant increase in packet overhead, but it is highly likely that some portion will identify a person.
Yes, yes, I know there are lots of things the ISPs _can_ do to under IPv6 preserve anonymity. Most will not"
It isn't the job of the ISP do generate random ipv6 addresses, it is pu to the user:
http://tools.ietf.org/rfc/rfc4941.txt [ietf.org] (nearly 5 years old though)
Re: (Score:2)
I think what they were referring to is that the ISP presently gives out dynamic IPv4 addresses. The correlation in this case would giving out a dynamic IPv6 /64 to each network that connects. While this could be done, there are many reasons not to do so as it would require constant renumbering (which can be done, but it's confusing for the end-user).
Either way, it's all bunk, as the ISP will keep track of the address assignments to the network level either way. Both IPv4 and IPv6 have a way to "anonymize
Re: (Score:2)
Would you maybe care to explain just what it is that you're on about? Seriously, not a single thing you've written makes any sense.
Re: (Score:3)
You have the same ability to be "anonymous" as with IPv4. With IPv4, they can track it down to your gateway, but have no idea what PC inside originated the traffic. I doubt you get a unique IPv4 address each time your gateway restarts. My Comcast connection has had the same one for 8 years, through two cablemodems, because my MAC address on my router stayed the same (or rather, I told my newer routers to use the one my older one had). Even if it is different each time, like with many PPPoE implimentatio
Re: (Score:3)
Your ISP will provide you with say, a
Your router will then provide you with a
Your end devices, such as your PC, will have the option of what's called "temporary addresses". These addresses by default on Windows are preferred
Re: (Score:3)
I'm getting really tired of idiots that think NAT is a security solution. It's not. It's a hack that breaks end-to-end connectivity.
The only way IPv6 can be a security issue is because incompetent fucks don't understand security.
Re:Good for them! PRIVACY gone in 128bits (Score:4, Informative)
Time to learn some networking, bro.
Re:Good for them! PRIVACY gone in 128bits (Score:4, Informative)
That's bunk. NAT doesn't provide real security, and in fact a false sense of security. Your firewall should always deny/drop traffic by default, except where permitted otherwise, either explicitly or by a stateful connection originating from the inside.
If you want pseudo anonymity on the level of what you have with IPv4, then leave the global randomize identifiers on. It's on by default in Windows. You actually have to disable it with netsh interface ipv6 set global randomizeidentifiers=disabled.
Re:ipv4 is dead, long live ipv4! (Score:5, Interesting)
I don't anticipate that ipv4 dies off as slowly as many people suggest. ipv4 is easy to understand, and addresses fit within the average technicians short term memory. Just try to remember ipv6 addresses, you brain will melt!
IPv4 never has to go away. It can be used forever in internal networks.
IPv6 Addresses can be remembered if you select your local bits rather than let the slaac monster pick them for you. Google via IPv6 for example: 2001:4860:8005::68 ... Almost the same length as an IPv4 address!!
IPv6 lets you have some hexsp33k fun..
Face book:
2620:0:1cfe:face:b00c::3
cisco dog food ipv6 day:
2001:420:80:1:c:15:c0:d07:f00d
SPRINT!!! OMFG...
2600::
Re: (Score:2)
I don't anticipate that ipv4 dies off as slowly as many people suggest. ipv4 is easy to understand, and addresses fit within the average technicians short term memory. Just try to remember ipv6 addresses, you brain will melt!
That's what DNS is for. DNS never really caught on in small private networks, but network equipment is increasingly making use of it. WHS 2011 can be accessed as "http://homeserver", most routers/APs support it as well... It's by far the least of anyone's worries
Re: (Score:2)
Re:ipv4 is dead, long live ipv4! (Score:5, Informative)
IPv6 is actually very easy to remember when done right. Further, we have DNS for address resolution - how many of the websites you visited today do you know the IPv4 address for?
For an enterprise, once they get their allocation, it's really not that bad. I will make up an allocation as an example:
2600:123:b000::/48
With 5 more octets left (octets isn't the right term, but divisions seperated by colons), you can do a large amount of intelligent numbering, and even just reuse all of your VLAN and IPv4 numbering right inside your IPv6 addressing.
For instance, if you have a server network at 172.16.2.0/24 and it is vlan 203, you can assign 2600:123:b000:203::/64 (with the nodes getting ::172:16:2:yyy), so a given server node with 172.16.2.105 would be 2600:123:b000:203:172:16:2:105 . It's wasteful, but with IPv6, who cares?
If you have more than one site, then each site should get you your own /48. When applying for addreses, you should do so for all sites at once. We have a /44 (x:x:b000 - x:x:b00f) as we have 9 sites. We can then assign each site based on their site numbers (2600:123:b001 - 2600:123:b009). We use 2600:123:b000 for infrastructure, and still have 2600:123:b00a - 2600:123:b00f left over.
So, site 3, vlan 405, network 172.24.5.0/24 would be assigned 2600:123:b003:405::/64 with nodes having 2600:123:b003:405:172:24:5:yyy. For workstations that use SLAAC and/or DHCPv6, you don't care about the last 64 bits and you rely on DNS. But you still know the site and VLAN if you use the same numbering. 2600:123:b002:464::/64, which is site 2, vlan 464.
All the IT staff has to do is learn that 2600:123:b000 - b00f is our assignment and explain the rest of our addressing plan. It's actually rather natural to do it this way and makes a ton of sense.
Oh, and personally I would skip doing any decimal to hex conversion where it can be avoided. For instance, I would not make vlan 165 be A5 (the hex value), but rather just 165. This does mean you'll "waste" something like 37.5% of your address space - but again, who cares? I'll take readability over maximum use any day.