Re: We didn't run out of ipv4
"getting rid of NAT is good, and I operate an ipv6-only website which really helps to keep the peasant scum out."
the common misconception here is that NAT is bad, though there ARE cetain security advantages to using it.
First of all: do you REALLY want publically accessible IP addresses on EVERY device you own? Isn't it a good idea to have your PCs and other things at home behind some kind of NAT-based firewall? It's a fair bet that NONE of your devices that support IPv6 are properly firewalled for it. This goes TRIPLE for Windows. Try a 'netstat -an' some time, and see what's listening... and other machines, ALSO listening on the SAME ports. It should scare you a bit, because NEARLY EVERY IPv6 address is publically visible and routable, and discoverable whenever you 'hit' a web site with an IPv6 request.
I've personally been using IPv6 for a few years now, using a tunnel through he.net . My ISP doesn't support IPv6 and probably never will. No biggee, it works fine this way. HOWEVER, after early experiments, I determined that windows boxen that have IPv6 configured are DANGEROUS security craters waiting for some 0-day that exploits the "somewhat well known" listening ports. So I scan all of the windows boxen, and add these ports specifically to my (FreeBSD-based) firewall and router box. But I also see the pathetic support for IPv6 that exists on typical NAT-based routers, particularly wifi, particularly older ones.
Sadly, I think that widespread adoption of IPv6 would yield more virus outbreaks than ever before. Too bad, because it SHOULD be "the standard" by now. Perhaps if we can convince Micro-shaft that it needs to STOP IT with the listening ports on "::" and "0.0.0.0" then security *might* improve. If they MUST listen for connections on these 'somewhat well known' ports, they need to listen on LOCALHOST ONLY, and *NOT* every stinking IP address (and IPv6 address) you've configured. And that just about sums it up.
Biting the hand that feeds IT
