No competent network engineer wants to work in Iran, so government doesn't know how to block v6 properly. End result: just get rid of it entirely!

▲

coffeemug a day ago | parent | next [-]

Two counterintuitive/surprising lessons I've come to appreciate:

1.Talent pools in nation states are extraordinarily deep-- much deeper than they appear. Countries can suffer from brain drain for decades (or centuries!) but when conditions call for it, superbly talented people somehow manifest.

2. The correlation between talent and conscience is weak. Nation states always manage to find superbly talented people to work on problems many of us would recoil from.

▲

f1shy a day ago | parent | next [-]

This is so much true! Indeed you can find absolutely everywhere absolutely incredible brilliant people in any area you want. The reason for the 1st and 3rd world is that is difficult to come by enough people and then coordinate them: is about critical mass and alignment.

About 2. also 100% true: intelligence/knowledge is totally independent of any other trait.

	▲	coffeemug a day ago \| parent [-]
		Right-- talent isn't that useful in a vacuum. You need economic and legal infrastructure that talented people can plug into to be productive. That infrastructure (a) takes a very long time to build and (b) depends on cultural norms that take a long time to evolve and don't find fertile ground everywhere.

▲

SilentM68 a day ago | parent | prev | next [-]

I tend to agree with most of what you said regarding all governments and countries. What may not be widely known is that some authoritarian regimes have been accused by expatriates of identifying and indoctrinating intellectually gifted children into their state-sponsored organizations for use by these entities for unmentionable purposes. Of course, it's next to impossible to find written documentation, with specific details since detailed evidence in such states are understandably hard to retrieve. Most of these accounts arrive through word of mouth.

▲

chrneu a day ago | parent [-]

>What may not be widely known is that some authoritarian regimes have been accused by expatriates of identifying and indoctrinating intellectually gifted children into their state-sponsored organizations

Literally every country does this. It's just perspective whether an individual thinks it's okay or not.

If you're on the side doing the indoctrination, you probably agree with it, or are indoctrinated yourself. We all are to some degree.

	▲	SilentM68 a day ago \| parent [-]
		That is true. But I refer to those parents that sent their children to other countries because they knew the state or gov would not have allowed them to prevent the indoctrination of their children. But yes, we all are to some degree, unfortunately.

▲

keybored a day ago | parent | prev [-]

Counter-intuitive? The primary motivation for fretting about Brain Drain (whether it is true or not is secondary) is because the people who fret about it are educated professionals, precisely the people who are prone to build their identity around the idea that society thrives and succumbs based on their own existence.

The same people who have unironically latched onto the idea of Meritocracy. A concept/idea that was literally conceived as a parody.

▲

umanwizard a day ago | parent | prev [-]

Why would they want to block IPv6 specifically?

▲

cogman10 a day ago | parent | next [-]

IDK for sure, but might be harder to maintain, monitor, and block.

One characteristic of v4 is it's somewhat reasonable to do a straight forward block on a range of addresses to shut down access. This is still somewhat possible with v6, but harder as there's simply a much larger portion of ip addresses that can be all over the place. It's theoretically a lot easier for anyone that wants to bypass a simple filter to grab a new public IP address.

	▲	toast0 a day ago \| parent \| next [-]
		Otoh, ipv6 address assignment tends to be much more contiguous. My (small) residential ISP has one v6 prefix but several v4 prefixes. If you block the whole prefix for services you don't like, it's far less prefixes for v6. But, it is a new skill, and you can turn off v6 at small cost if you're already ok with heavily restricting v4.
	▲	sva_ a day ago \| parent \| prev \| next [-]
		Additionally to the much larger IP space, you also have larger headers and additionally extension headers which make deep packet inspection computationally much more expensive if you consider the scale
	▲	miyuru a day ago \| parent \| prev \| next [-]
		>One characteristic of v4 is it's somewhat reasonable to do a straight forward block on a range of addresses to shut down access. This is still somewhat possible with v6, but harder as there's simply a much larger portion of ip addresses that can be all over the place. It's theoretically a lot easier for anyone that wants to bypass a simple filter to grab a new public IP address. no its not, its easier to block IPv6 ranges than IPv4 ones. if someone want be block my ISP, they only need a single /32 rule with v6.
	▲	iso1631 a day ago \| parent \| prev [-]
		n ipv4 /32 is roughly equivalent to an ipv6 /56 or /64 You'd typically block an AS - i.e. every IP originating from AS12345. That's just as easy on v6 as v4.

▲

davidw a day ago | parent | prev | next [-]

There are some pretty big protests happening right now: https://bsky.app/profile/chadbourn.bsky.social/post/3mbvphn4...

▲

umanwizard a day ago | parent [-]

That doesn't explain why they would want to block IPv6 specifically, and not also block IPv4.

▲

marcosdumay a day ago | parent | next [-]

The OP's comment is that they can censor IPv4 when they want, but they don't know how to censor IPv6. So they block it entirely.

	▲	helloaltalt a day ago \| parent [-]
		Thanks this really explains the situation.

▲

observationist a day ago | parent | prev | next [-]

A lot of the Starlink and other contraband uplinks are using ipv6, allowing connectivity for people the regime doesn't want to have contact with the rest of the world. They don't want the revolution broadcast or popularized.

	▲	umanwizard a day ago \| parent [-]
		I wouldn't think blocking terrestrial IPv6 links would have anything to do with blocking Starlink.

▲

syncsynchalt a day ago | parent | prev [-]

It could be as simple as their surveillance / censorship tools not fully supporting IPv6.

▲

coretx a day ago | parent | prev | next [-]

Because v6 IPs are cheap, expendable and routing it over encrypted tunnels does not look suspicious. Anyone can buy a block and with little help announce them from multiple locations including home, mobile, uni wifi, and route further from there.

▲

stackskipton a day ago | parent | prev | next [-]

It's much more difficult to block.

A lot of anti censorship organizations have trouble getting more IPv4 /24 for cost reasons or moving it around to different AS since they would go offline.

With IPv6, you can get IPv6 /40 from ARIN/RIPE no problem. You slice that up into /48 and just start bouncing it all over the place. When one /48 goes down, you move everything to another /48, switch providers if required and continue.

EDIT: They also tend to get multiple blocks as well for when ISP figures out to root /40.

▲

jcalvinowens a day ago | parent [-]

> It's much more difficult to block.

No it isn't. Nobody is blocking ranges as they roll in, they're blocking whole ASNs at once. That's just as trivial with v6 as v4, actually v6 can be simpler because ISPs tend to have fewer large blocks in v6land.

	▲	stackskipton a day ago \| parent [-]
		There are plenty of providers that when you BYOIP, they will broadcast out of their ASN, I know Azure does, Google appears to, no clue on AWS. Plenty of colo providers including $LastCompanyProvider will fold your IP block under their ASN as well. That's how it worked at last job. Sure, Iran government may just decide to block that specific ASN but if it's they want to remain somewhat on the internet, they are stuck with "Smack entire broad ASNs and lose large chucks of internet" or "Block specific IP spaces."

▲

tguvot a day ago | parent | prev [-]

(going with recent ipv6 discussion) they probably failed to make it work properly and decided that it's easier to block it

▲

umanwizard a day ago | parent [-]

Is this an attempt at a joke, or do you actually seriously believe a country capable of enriching uranium isn't capable of hiring competent network engineers?

▲

bigyabai a day ago | parent | next [-]

Reading through their comment history, it doesn't seem like a good-faith comment. Not sure what they thought HN stood to gain from their contribution here.

▲

tguvot a day ago | parent [-]

[flagged]

	▲	bigyabai a day ago \| parent \| next [-]
		Case in point.
	▲	a day ago \| parent \| prev [-]
		[deleted]

▲

tguvot a day ago | parent | prev [-]

i'll leave it as exercise to a reader