Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
tonymet a day ago

double the firewall, double the listening sockets to manage, double the testing (e.g. my router was working ipv4 and broken ipv6 with the same daemon), double the app-level ACLs

You can argue "it's only one line" but that one line is a new socket and new test variant needing testing. something that worked perfectly well for 5-10 years now needing a re-test.

I'm not arguing against ipv6 . I'm arguing for honest assessments of the effort needing to migrate a network , especially residential networks, to IPv6 -- as the only way to make it happen. Shaming people with "it's so easy and simple" is just dishonest and doesn't help the cause.

Dagger2 a day ago | parent [-]

It's still just one firewall. You can listen on a single socket too (sockets listening on :: will accept v4 connections by default on Linux). You can likely drop many of the v4 ACLs when things are going over v6.

It's not no work. I'm just saying it's not double the work. You'd think knowing that would make people more likely to do it, but...

tonymet 5 hours ago | parent [-]

> It's still just one firewall.

One appliance or service, but double the rules. The rules are all of the maintenance cost

> You can listen on a single socket too (sockets listening on :: will accept v4 connections by default on Linux).

Old apps need migrating. 99% of apps that listen 127.0.0.1:PORT and need a rebuild & re-test. Any app compiled with AF_INET need a rebuild.

I encountered this working on adding ipv6 support for oauth callbacks (127.0.0.1:3000) to rclone and it was a huge pain. still never got this working reliably enough for the maintainer to merge.

You're thinking about your desktop where you are recompiling constantly. I'm talking about embedded & unsupported IOT devices that are out there. Even with sources the effort to rebuild reinstall is heavy.