Yeah. This USian has reliable access to the following without presenting ID
* Telephone service
* Internet service
* A rental apartment to live in and relevant utilities
* Food
* Clothing
* Entertainment
* Medical care
* A bank account
It has been so long that I can no longer clearly remember, but I think that I didn't have to present ID to get my job and get paid.
Maybe things are way worse over in Euroland? Or maybe US-based authoritarians have successfully used the threat of imaginary "Stranger Danger" to turn the screws tighter for access to some of those things over the past ten, twenty years? I know it's not medical care, internet access, food, clothing, or entertainment because I've changed providers for those fairly recently.
In most of the EU, IDs are issued for free to everyone above age 14/15 (and in many countries you can get one even for a newborn for a small fee). Since everyone has this ID, all banks (nearly?, I haven't seen one that doesn't) require ID card and/or a passport to open an account. For medical care you have a separate card with your compulsory medical insurance information that you present to the doctor but in the worst case they can just look up the info using your ID/passport.
How did you rent an apartment without ID? Every time I’ve done that they wanted an SSN, a credit check, and the pledge that your first born would be named after whatever dipshit was in the office that day.
You absolutely cannot get a bank account without an ID either: KYC is a thing.
Finally, you must complete an I9 form for any new job, which requires (wait for it) an ID.
> You absolutely cannot get a bank account without an ID either.
And yet, I have multiple accounts. Go figure.
> How did you rent an apartment without ID?
I dunno. The paperwork was done like a bit more than fifteen years ago. But I've only been asked for my ID for apartment-related things once and that was to tour a place in a shitty, shitty apartment complex more than... twenty years ago.
> ...you must complete an I9 form for any new job, which requires (wait for it) an ID.
I'm pretty sure that all I've ever been asked for is name and SSN. Again, maybe this stuff is new as of the past ten, twenty years. Strong, strong anti-immigrant sentiment has a way of gripping people's hearts and making them do stupid shit.
If all of your experience of these things dates back ten to twenty years, I’d encourage you to look at the actual current requirements now, which are what matters to people trying to do things now.
> ...but since it jumps it doesn’t lead the eyes which makes is disorienting.
What happens when you enable "mouse pointer trails"? Or is that a feature that died like a decade or two after manufacturers stopped using the extremely slow LCDs that made use of the feature all but mandatory on machines that used them?
> There is another pressure building underneath all this. AI usage will become more visibly metered. The current enterprise feeling of “everyone has access, don’t worry too much about the bill” will not hold forever, at least not in the form people are getting used to. ...
> I do not want to make this a cost panic story, that would be the least interesting way to think about “rented intelligence”. The question is not how to minimize token spend in the abstract, any more than the question of software delivery was ever how to minimize keystrokes.
If tokens were as cheap as keystrokes -that is, effectively free- then "How do we minimize token spend?" wouldn't be a question that anyone asks. It's because keystrokes are effectively free that you only ask "How do we minimize the number of keys pressed during the software development process?" if you're looking for an entertaining weekend project. If keystrokes cost as much per unit of work done as the -currently heavily subsidized- cost of tokens from OpenAI and Anthropic, you'd see a lot of focus on golfing everything under the sun all the damn time.
Tokens _are_ as cheap as keystrokes. A single keypress by a full-time SWE averages out to $0.005-$0.02 (depending on typing speed and TC). The relationship is obscured because the keystrokes are usually part of a fixed-price subscription plan but they absolutely have a cost. Prior to AI this was in fact a large reason everyone pontificated about concise programming languages and elegantly factoring problems and DRY and...
I can set up a drinking-bird-style device to press keys on a keyboard. My per-year operational cost is the same whether or not the bird presses keys.
Programmer time costs money. Nearly all of a programmer's time is spent understanding the system being maintained, the reasons for its existence, and the reasons for the proposed changes to it. If you're honestly such a fool as to think that DRY, "elegant" [0] design, and related things are about reducing the number of keys pressed rather than the time spent understanding the system and how to change it, then... well, I think you make an awfully good "AI Booster".
[0] Read as "easy to reason about, once you understand the core concepts"
Part of it is additional load. Part of it is their move of more and more of Github infrastructure to Azure.
I've done a lot of "plain compute" work [0] with the Big Three Cloud Compute vendors. Azure is by far the worst. Mysterious resource creation failures, mysterious resource deletion failures, mysterious "incompatible schema" failures when talking to Azure provisioning and status infrastructure, mysterious and inexplicable performance problems, etc, etc, etc. Unless I was being paid a lot of money to use Azure, I'd take Google's legendarily nonexistent support over Azure's unreliability any day.
[0] That is, "create a VM with persistent disks, Internet access, and maybe a load balancer in front and ignore all of the other features provided by the vendor"
> Does she think this really does the complexity of each case justice though?
Do you believe that -prior to the 2020-ish mass evacuation of doctors from the profession- the typical specialist would misrepresent the facts of a case when asking for a cross-check?
Related: Have you ever worked as "the guys who actually work on the thing"-level tech support for a nontrivial Enterprise Software Product (or System)? If you have, did you never send a quick message to a knowledgeable coworker to double-check something that you were pretty sure was correct, but weren't 100% certain about?
An enterprise product is not comparable with the human body at all. A single cell contains hundreds of times more information/entropy in its state than an operating system.
> An enterprise product is not comparable with the human body at all.
Incorrect! Enterprise products are often sprawling projects that
* are poorly designed
* are inadequately (and often incorrectly) documented
* have confusing and/or inadequate diagnostic facilities
* are far, far too large for any one person to completely understand
* have one or components that no one adequately understands
* are pretty much constantly in a state of partial failure
* usually don't require an understanding of -say- the QM principles that govern the behavior of the medium that embodies system in order to perform system diagnostics and repair
Given that you dodged them, I'll assume that your answer to my first question to you is "Yes", and to my second is "No".
I'm not sure what you mean by "fix" DHCP and NAT, but FYI: RFC 3315 was published in 2003.
As far as NAT goes, it looks like iptables added IPv6 support to the MASQUERADE, SNAT, and DNAT targets in kernel version 3.7, released in 2012. IDK when other OSs added such support.
I wasn't around for the discussions at the time, but I would have asked for it if I was. SLAAC is IPv4LL, except that you usually get a globally-routable IP address from it. It's great. It's also quite a bit simpler than DHCP... "If the advertised prefix permits autonomous addressing, generate a host part in the non-fixed part of the prefix, run DAD on the generated address to ensure it's not in use, and start using it if it's not.".
> SLAAC was part of IPv6 since the original RFC...
An attentive reader notices that RFC 1883 and RFC 1971 are separated by nearly a year.
"use MDNS for name resolution" works until your machine is reattached to your LAN and your MDNS server thinks your hostname is "in use" and sticks a "-N" at the end of it to "avoid hostname collisions". Though, it might just be Avahi that has this particular bit of brain damage... I haven't paid attention to the behavior of the Macs that I've been obligated to use over the years.
Few people are more sad about this behavior than I am.
There's nothing stopping you from using memorable ULA prefixes on your LAN [0] and requiring the use of DHCPv6 for addressing so that each host gets a host part that is easy to remember. Hand-selecting your ULA prefix abandons the collision-resistance that you get from using The Technique to generate one, but if that's something you don't care about, then it's something you don't care about.
Plus, manual address assignment is just as viable in an IPv6 world as it is in IPv4.
[0] fd00::/64 is quite easy to remember, as are fd00::1 and similar.
If I hadn't put my long-running machines' -er- ULA-derived [0] SLAAC addresses into my local DNS ages ago, I'd either do exactly that, or slice off the "redundant" parts of the IPv4 address off, so that I could choose to assign sixteen additional bits of addresses to each host. That is:
- ipv6: prefix:192:168:0:42
would become
- ipv6: prefix::0:42:[0-ffff]
[0] I'm really not sure how to succinctly say "The autonomously-configured addresses on my LAN's ULA prefix".
> But instead, the default way of using v6 was those new addresses, also SLAAC and no NAT...
Well, the good news is that we've had DHCPv6 and IPv6 NAT for at least like 25 years. It's true that these weren't standardized in 1995, but I always wonder how long things need to be fully supported [0] before people stop acting like they don't exist.
It took something like a decade for IPv4 to get DHCP, and I don't know how long for it to get NAT, and yet I don't hear people saying that IPv4 has no default mechanism for address autoconfiguration or network address translation.
The defaults determine what like 95% of users end up actually using, even if they have their own preference. Like you said, even if I wanted to use DHCP6, Android won't use it. My router also doesn't support it.
I'm sorry your router sucks. If -for example- my router intermittently fucked up its IPv4 NAT and sent NATted packets into the Internet Bitbucket, it would be incorrect for me to claim that IPv4 NAT sucks or isn't supported by default. The correct claim would be that my router's NAT implementation sucks.
A router messing up IPv4 NAT would make it unusable for v4. My router still works with v6, just doesn't support an optional extension of it. (Idk if the v6 spec actually says DHCP is optional, but it de facto is because slaac isn't, likewise NAT isn't even part of v4 spec but a home router will need it.)
And it's not exactly a bad thing that most routers have only one right way to do v6 addressing. One thing that's explicitly optional in v6 is default-deny firewall, which is where those "v6 is insecure" "no you're just using it wrong" fights come from:
REC-49: Internet gateways with IPv6 simple security capabilities MUST
provide an easily selected configuration option that permits a
"transparent mode" of operation that forwards all unsolicited flows
regardless of forwarding direction, i.e., not to use the IPv6 simple
security capabilities of the gateway. The transparent mode of
operation MAY be the default configuration.
You could say well the user is dumb for not changing this setting, but there's a point where you should blame the design instead of the user if it's not generating the desired outcome across many users. This also goes if you actually want the router to leave your inbound alone and let the devices do firewalling, cause your device isn't going to be reachable when you're on someone's default-deny network.
> I think this is the biggest change with IPv6: that a machine’s IP addresses is no longer its identity, and you can’t easily predict what address will be used when connecting somewhere.
Can't you unset the "Use autonomous addressing" bit and set the "Use DHCPv6 for addressing and other config" bit in your RAs, and then refuse to hand out anything other than DHCPv6 Normal Addresses? Or do OS's ignore the fact that Temporary Addresses are an entire other category of DHCPv6 addresses and just go off and make their own "privacy addresses" off of the advertised prefix in the RA... ignoring the router's command to not use SLAAC for addressing? [0]
[0] Yes, I'm very aware that Android doesn't support anything that DHCPv6 provides other than getting an entire damn prefix delegated. For the duration of this discussion, let's ignore Android.
IME nothing pays attention to when you set a flag to not do autonomous addressing. macOS and iOS don't respect it AFAICT, I don't recall what Linux does by default, but I don't remember having any success.
But it's rather not really my point... best practices for IPv6 are to not do any of this, and you probably don't want to do it, because privacy addresses are an actually-important thing for privacy (so that sites can't correlate you easily.) You can say "oh but websites use fingerprinting anyway" (which doesn't help you when it's not a web browser you're using, but any other software that's connecting places) or "but sites don't trust the trailing 64 bits" (which only helps because everyone else is using privacy addresses, which rather proves my point.) When doing IPv6, you sort of have to abandon the idea that you're going to have a fixed, known IP address that you will use for all outbound connections. Fighting this is an exercise in pain.
> IME nothing pays attention to when you set a flag to not do autonomous addressing.
When I unset the Autonomous flag, Linux does the right thing, at least on the systems I have at hand. Android does the right thing. My Playstation 5 does the right thing. I'd be shocked if Windows doesn't do the right thing. While I wouldn't be surprised to hear that Apple devices absolutely do the wrong thing -given Apple's long history with flagrantly doing the disruptively-wrong thing in regards to networking-, based on the results I'm seeing, I expect that Apple devices work just fine. I think you came to the wrong conclusions because you fucked up your test.
> ...privacy addresses are an actually-important thing for privacy (so that sites can't correlate you easily.)
As you allude to, The Web has eleventy billion ways to track you that give absolutely zero shits about your IP address. "Privacy" addresses buy the typical user of The Internet effectively zero privacy. January's deprecation of DHCPv6 "Temporary Addresses" suggests that folks who deploy this stuff believe that this feature is far less useful than proponents might think it to be. Plus, absolutely nothing prevents a DHCPv6 server from randomly generating the host part of the addresses it hands out, as well as handing out entirely new addresses for each address request. If I believed that "privacy" addresses actually provided any meaningful privacy, that's how I'd configure mine to behave for hosts that I wasn't intentionally providing fixed addresses.
Y’know I see you in every thread about IPv6 and you have this terrible habit of completely ignoring the actual point someone is trying to make and bogging straight down into the minutiae of some technical detail instead.
I will stipulate that it’s possible to configure a network so that clients don’t set up their own addresses and use only DHCP. I will stipulate that I fucked up the configuration the last time I tried it. You’re obviously a lot more smart than me. Congratulations.
Now, yould you maybe get past that and look at my actual point, which is that multiple addresses is the expected and default behavior of IPv6, and is a big change from how people are used to doing things in IPv4? You don’t need to use every opportunity you can to flex your nerd cred at the expense of actually getting the point of what is being discussed.
> ...you have this terrible habit of completely ignoring the actual point someone is trying to make and bogging straight down into the minutiae of some technical detail instead. ... [w]ould you maybe get past that and look at my actual point, which is that multiple addresses is the expected and default behavior of IPv6...
Here's your comment's [0] second paragraph:
I think this is the biggest change with IPv6: that a machine’s IP addresses is no longer its identity, and you can’t easily predict what address will be used when connecting somewhere. IP-based access control becomes impossible (not that it was ever a great idea in the first place), reverse DNS lookups become irrelevant, seeing IP’s in logs no longer tells you “what machine connected here”, it’s overall a big change in mental model.
An attentive reader notes that I did not object to your comment's first paragraph. [1] Such a reader also notes that in your reply to me you both double down on the claim that it's impossible to centrally control what IPv6 addresses a host has, and go on to claim that even if you could it would be undesirable to do so.
[1] "The changes to Ethernet lookup mandate that you have a link-local address in addition to your “real” address, and this starts the ball rolling on the idea that machines have multiple IP addresses in general. Which makes privacy addresses commonplace, ULA+GUA addresses on the same machine, etc."
See here you go again. I'm not doubling down on anything.
My claim goes like this. Tell me where you disagree.
1. In a typical IPv6 setup you have more than one address. You even had to exclude android from the discussion just to bring up a scenario where this isn't true.
> Yes, I'm very aware that Android doesn't support anything that DHCPv6 provides other than getting an entire damn prefix delegated. For the duration of this discussion, let's ignore Android.
Yeah so as long as we ignore the largest operating system in the world by number of devices, yeah you totally are making a great point here.
2. In such a setup, things like IP-based access control become impossible (no, I'm not going to just pretend android doesn't exist, sorry), reverse DNS lookups become irrelevant, etc.
3. Yes, it is possible to configure a network such that these things are not the case, but that is not a typical IPv6 setup. There are a lot of reasons this setup is not typical, there are a lot of SHOULD lines in various IEEE specs that talk about this. Hell, even if you get your network configured perfectly, it's not going to stop a random machine from deciding to use its link-local address when talking to somemachine.local (which happens all the damned time in my network.)
It's like if someone came in and critiqued that /64 is way too huge of a subnet size in IPv6, and you responded with "yeah but you can change it and run a /96 network!" Which while technically true is also not how literally fucking anybody does IPv6 at all.
Now I wait while you attack the above with dumb fucking nitpicks about technicalities while totally fucking ignoring the point I was trying to make. Go ahead, you've done it in these threads for years.
Hon, you really need to step away from the keyboard and seek yourself some headpats, or other such comforting entertainment. I expect that -like most people- once you're able to find a way to regularly and reliably enhance your calm, you'll be better able to take critique and acknowledge when parts of your argument are substandard.
And if you don't need a router, you can get 10gbit ports for much cheaper than that. The Mikrotik CRS305-1G-4S gives you one copper 1gbit port, four 10gbit-capable SFP+ cages, and is ~150USD [0]. Their whole lineup of switches with SFP+ ports can seen here [1].
* Telephone service
* Internet service
* A rental apartment to live in and relevant utilities
* Food
* Clothing
* Entertainment
* Medical care
* A bank account
It has been so long that I can no longer clearly remember, but I think that I didn't have to present ID to get my job and get paid.
Maybe things are way worse over in Euroland? Or maybe US-based authoritarians have successfully used the threat of imaginary "Stranger Danger" to turn the screws tighter for access to some of those things over the past ten, twenty years? I know it's not medical care, internet access, food, clothing, or entertainment because I've changed providers for those fairly recently.
reply