Encryption everywhere isn’t about the individual content. By making it ubiquitous, it’s harder for bad actors to separate the encrypted data they want from the one’s they don’t. If only special content is encrypted, then just the fact that it’s encrypted is a flag for them. It also makes it much harder to ban. It’s pretty much impossible to ban the algorithms in TLS at this point. Too much depends on it.

What, you don’t love downloading a zip file that contains an msi (which is perfectly capable of internally compressing much of its internal data)?

If you’re going to lecture about “maturing”, then maybe don’t start by jumping to conclusions based on the first sentence.

JSON numeric encoding is perfectly capable of precise encoding to arbitrary decimal precision. Strings are easier if you don’t want to fuck around with the parser, though.

If your home router blocked incoming connections on IPv4 by default now, then it’s likely to continue doing so for IPv6. At least, I would hope so. The manufacturer did a bad job if otherwise.

You can get exactly the same benefit by blocking non-established/non-related connections on your firewall. NAT does nothing to help security.

Edit: BTW–every time I see this response of “NAT can prevent external access”, I severely question the poster’s networking knowledge. Like to the level where I wonder how you manage to config a home router correctly. Or maybe it’s the way home routers present the interface that leads people to believe the two functions are intertwined when they aren’t.

Governments are not anyone’s issue other than other governments. If your threat model is state actors, you’re SOL either way.

That’s a silly way to look at it. Governments can be spying on a block of people at once, or just the one person they actually care about. One is clearly preferable.

Again, the obscurity benefit of NAT is so small that literally any cost outweighs it.

I don’t see where you get a cost from it.

• Firewall rules are more complicated
• Firewall code is more complicated
• Firewall hardware has to be beefier to handle it
• NAT introduces more latency
• CGNAT introduces even more latency
• It introduces extra surface area for bugs in the firewall code. Some security related, some not. (I have one NAT firewall that doesn’t want to setup the hairpin correctly for some reason, meaning we have to do a bunch of workarounds using DNS).
• Lots of applications have to jump through hoops to make it through NAT, such as VoIP services
• Those hoops sometimes make things more susceptible to snooping; Vonage VoIP, for example, has to use a central server cluster to keep connections open to end users, which is the perfect point to install snooping (and this has happened)
• . . . and that centralization makes the whole system more expensive and less reliable
• A bunch of apps just never get built or deployed en masse because they would require direct addressing to work; stuff like a P2P instant messenger
• Running hosted games with two people behind NAT and two people on the external network gets really complicated
• . . . something the industry has “fixed” by having “live service” games. In other words, centralized servers.
• TLS has a field for “Server Name Indication” (SNI) that sends the server name in plaintext. Without going far into the details, this makes it easier for the ISP to know what server you’re asking for, and it exists for reasons directly related to IPv4 sticking around because of NAT. Widespread TLS use would never have been feasible without this compromise as long as we’re stuck with IPv4.

We forced decisions into a more centralized, less private Internet for reasons that can be traced directly to NAT.

If you want to hide your hosts, just block non-established, non-related incoming connections at your firewall. NAT does not help anything besides extending IPv4’s life.

But why bother? “Let’s make my network slower and more complicated so it works like a hack on the old thing”.

So instead we open up a bunch of other issues.

With CGNAT, governments still spy on individual addresses when they want. Since those individual addresses now cover a whole bunch of people, they effectively spy on large groups, most of whom have nothing to do with whatever they’re investigating. At least with IPv6, it’d be targetted.

NAT obscurity comes at a cost. Its gain is so little that even a small cost eliminates its benefit.

IIRC, there are some sloppy ISPs who are needlessly handing out prefixes dynamically. ISPs seem to be doing everything they can to fuck this up, and it seems more incompetence than malice. They are hurting themselves with this more than anybody else.

It wasn’t designed for a security purpose in the first place. So turn the question around: why does NAT make a network more secure at all?

The answer is that it doesn’t. Firewalls work fine without NAT. Better, in fact, because NAT itself is a complication firewalls have to deal with, and complications are the enemy of security. The benefits of obfuscating hosts behind the firewall is speculative and doesn’t outweigh other benefits of end to end addressing.

Obfuscation is not security, and not having IPv6 causes other issues. Including some security/privacy ones.

There is no problem having a border firewall in IPv6. NAT does not help that situation at all.

For individuals. There are tons of benefits for everyone collectively, but as is often the case, there’s not enough incentive for any one person to bother until everybody else does.

I’m starting to think the way to go isn’t set stories in the sprint at all. There’s a refined backlog in priority order. You grab one, do it, grab the next. At the end of the two week period, you can still have a retro to see how the team is doing, but don’t worry about rollover.

Alternatively, don’t think of Agile as a set instruction manual, but rather a group of suggestions. Have problem X? Solution Y worked for many teams, so try that.

It’s definitely a movie cut from the same cloth as Catcher in the Rye. You love it as a teenager because you vibe with the main character. Then you grow up and see how self-polluting and obnoxious the character is.

I did love the exchange between Mary McDonnell’s character and the fundie lady. “Do you know who Graham Greene is?” “Please, I think we’ve all seen Bonaza”. It has a layer of humor that couldn’t have been intentional. The fundie lady is mixing up Graham Greene with Lorne Green, and Mary McDonnell would go on to play the political half of Lorne Green’s character in the Battlestar Galactical reboot a few years later.

I thought the first one was at least fun, but had some obviously annoying parts that should have been cut from any sequel.

Then the second one comes out, and the annoying parts of the first are the entire movie of the second.

IIRC, the International Criminal Court. They accept judges that would be qualified in their home country. With the US stepping out of it, one of the ICC’s biggest funders is Japan. They have a history of paneling judges who are just people of the community with no specific legal training . Maybe that works for them, but it meant some unqualified judges were sent to the ICC from Japan. The ICC isn’t in a position to stop them, given the funding situation.

IIRC, the International Criminal Court. They accept judges that would be qualified in their home country. With the US stepping out of it, one of the ICC’s biggest funders is Japan. They have a history of paneling judges who are just people of the community with no specific legal training . Maybe that works for them, but it meant some unqualified judges were sent to the ICC from Japan. The ICC isn’t in a position to stop them, given the funding situation.

Plenty of counties in the US will elect you to Sherriff without any experience at all. Just say the right Tough On Crime rhetoric and you’re good to go.

Yes, I’m aware of how this works.

The important point is that zip and compressed tarballs have overlapping but not identical purposes.