Comment by ronsor
3 days ago
No competent network engineer wants to work in Iran, so government doesn't know how to block v6 properly. End result: just get rid of it entirely!
3 days ago
No competent network engineer wants to work in Iran, so government doesn't know how to block v6 properly. End result: just get rid of it entirely!
Two counterintuitive/surprising lessons I've come to appreciate:
1.Talent pools in nation states are extraordinarily deep-- much deeper than they appear. Countries can suffer from brain drain for decades (or centuries!) but when conditions call for it, superbly talented people somehow manifest.
2. The correlation between talent and conscience is weak. Nation states always manage to find superbly talented people to work on problems many of us would recoil from.
This is so much true! Indeed you can find absolutely everywhere absolutely incredible brilliant people in any area you want. The reason for the 1st and 3rd world is that is difficult to come by enough people and then coordinate them: is about critical mass and alignment.
About 2. also 100% true: intelligence/knowledge is totally independent of any other trait.
Right-- talent isn't that useful in a vacuum. You need economic and legal infrastructure that talented people can plug into to be productive. That infrastructure (a) takes a very long time to build and (b) depends on cultural norms that take a long time to evolve and don't find fertile ground everywhere.
I tend to agree with most of what you said regarding all governments and countries. What may not be widely known is that some authoritarian regimes have been accused by expatriates of identifying and indoctrinating intellectually gifted children into their state-sponsored organizations for use by these entities for unmentionable purposes. Of course, it's next to impossible to find written documentation, with specific details since detailed evidence in such states are understandably hard to retrieve. Most of these accounts arrive through word of mouth.
>What may not be widely known is that some authoritarian regimes have been accused by expatriates of identifying and indoctrinating intellectually gifted children into their state-sponsored organizations
Literally every country does this. It's just perspective whether an individual thinks it's okay or not.
If you're on the side doing the indoctrination, you probably agree with it, or are indoctrinated yourself. We all are to some degree.
1 reply →
Counter-intuitive? The primary motivation for fretting about Brain Drain (whether it is true or not is secondary) is because the people who fret about it are educated professionals, precisely the people who are prone to build their identity around the idea that society thrives and succumbs based on their own existence.
The same people who have unironically latched onto the idea of Meritocracy. A concept/idea that was literally conceived as a parody.
Why would they want to block IPv6 specifically?
IDK for sure, but might be harder to maintain, monitor, and block.
One characteristic of v4 is it's somewhat reasonable to do a straight forward block on a range of addresses to shut down access. This is still somewhat possible with v6, but harder as there's simply a much larger portion of ip addresses that can be all over the place. It's theoretically a lot easier for anyone that wants to bypass a simple filter to grab a new public IP address.
Otoh, ipv6 address assignment tends to be much more contiguous. My (small) residential ISP has one v6 prefix but several v4 prefixes. If you block the whole prefix for services you don't like, it's far less prefixes for v6.
But, it is a new skill, and you can turn off v6 at small cost if you're already ok with heavily restricting v4.
Additionally to the much larger IP space, you also have larger headers and additionally extension headers which make deep packet inspection computationally much more expensive if you consider the scale
n ipv4 /32 is roughly equivalent to an ipv6 /56 or /64
You'd typically block an AS - i.e. every IP originating from AS12345. That's just as easy on v6 as v4.
1 reply →
>One characteristic of v4 is it's somewhat reasonable to do a straight forward block on a range of addresses to shut down access. This is still somewhat possible with v6, but harder as there's simply a much larger portion of ip addresses that can be all over the place. It's theoretically a lot easier for anyone that wants to bypass a simple filter to grab a new public IP address.
no its not, its easier to block IPv6 ranges than IPv4 ones.
if someone want be block my ISP, they only need a single /32 rule with v6.
There are some pretty big protests happening right now: https://bsky.app/profile/chadbourn.bsky.social/post/3mbvphn4...
That doesn't explain why they would want to block IPv6 specifically, and not also block IPv4.
6 replies →
Because v6 IPs are cheap, expendable and routing it over encrypted tunnels does not look suspicious. Anyone can buy a block and with little help announce them from multiple locations including home, mobile, uni wifi, and route further from there.
It's much more difficult to block.
A lot of anti censorship organizations have trouble getting more IPv4 /24 for cost reasons or moving it around to different AS since they would go offline.
With IPv6, you can get IPv6 /40 from ARIN/RIPE no problem. You slice that up into /48 and just start bouncing it all over the place. When one /48 goes down, you move everything to another /48, switch providers if required and continue.
EDIT: They also tend to get multiple blocks as well for when ISP figures out to root /40.
> It's much more difficult to block.
No it isn't. Nobody is blocking ranges as they roll in, they're blocking whole ASNs at once. That's just as trivial with v6 as v4, actually v6 can be simpler because ISPs tend to have fewer large blocks in v6land.
1 reply →
You can get a large block, split it up and announce it from different places but that doesn't stop someone blocking your larger allocation.
Getting multiple blocks is harder - the RIRs will want justification for this, and would rather give you a single large block than lots of fragmented ones.
(going with recent ipv6 discussion) they probably failed to make it work properly and decided that it's easier to block it
Is this an attempt at a joke, or do you actually seriously believe a country capable of enriching uranium isn't capable of hiring competent network engineers?
5 replies →