I am a privacy advocate, and also am disappointed at how narrow minded some of the arguments of privacy advocates are.
"Banning encrypted chat will just mean the bad people moved to banned platforms". Perhaps, but some bad people have to operate where victims are (Facebook stalkers, eBay cons, ...)
"Police should be forced to just do... actual police work."
It's pretty reasonably for police to want to increase the chances and speed of resolution.
We should champion and defend privacy, in spite of the good reasons to weaken it. There's no need to strawmen.
I can't run SLAAC and DHCPv6 at the same time without giving devices multiple addresses, and Android doesn't support DHCPv6, so I'd have to carve out a separate, SLAAC-based, android-only network. And then figure out firewall rules, multicast reflection, etc.
I thought this was a problem too. Then I realized that addresses are not in short supply, so I stopped caring that some devices get multiple addresses. The ones I care about are handed out over DHCPv6, and the firewall works accordingly. The rest gets basic connectivity and nothing else.
No. Admittedly, my firewall rules are all about granting something extra beyond the basics. I only do this for clients I care about anyway, so I can always tell them to use the right address.
Different person here, but no. I never write firewall rules based on individual source addresses. They’re too easy to fake. And with IPv6’s privacy extensions, you never know what source address a given machine will have anyway.
I haven’t had a need for DHCPv6. I’d use DNS (or better, mDNS) to assign a hostname to the destination’s fixed IPv6 address or ULA, both of which are static. I don’t ever manually assign an IPv6 address to a host, though. I just let SLAAC do the thing it was designed for.
No control over which source address is used. I'm assigning a lot of clients DHCP reservations so I can use static addresses for monitoring and firewall rules. With multiple addresses on the same network, clients may use their SLAAC address which won't match the firewall rule.
That still doesn’t really make sense. Why not run SLAAC on one subnet and have a single firewall rule for the whole thing? You’re not running any major servers on an Android phone, so it won’t be anything complex.
My point is that they might only be getting 1 /64 from their ISP; or getting a /62 or something small, and needing more subnets anyway. In these situations, you may not have an extra /64 to dedicate to SLAAC for certain devices.
Right. I was merely correcting your statement that SLAAC needs more than 64 bits to work with. But my question remains; do any ISPs hand out smaller delegations than a /64?
Small to mid sized OSS projects benefit heavily from this. There is a size beyond which the free runner sizes become insufficient, but the assumption is that some form of monetization is figured out by that time.
For example, we have a lot of OSS projects using WarpBuild because performance and fast CI is important for productivity.
Without GitHub's free CI for public repos, the small projects and indies will get hit the hardest imo.
However, I do not know hard numbers to quantify the impact.
"Banning encrypted chat will just mean the bad people moved to banned platforms". Perhaps, but some bad people have to operate where victims are (Facebook stalkers, eBay cons, ...)
"Police should be forced to just do... actual police work."
It's pretty reasonably for police to want to increase the chances and speed of resolution.
We should champion and defend privacy, in spite of the good reasons to weaken it. There's no need to strawmen.