* Posts by DougMac

251 publicly visible posts • joined 16 Jul 2013

Page:

Snakes on a wane: Python 2 development is finally frozen in time, version 3 slithers on

DougMac

More lazyness than anything

The differences between Python3 and Python2 are pretty minimal overall in terms of language design. More like lets get rid of the bad decisions we made 30 years ago so we can move forward.

I think PHP changes much more rapidly with much greater impact from version to version.

I think the reason people stuck with Python2 so long is because they had zero incentive to look at Python3, and so they kept on the same path. To them, Python3 was much like Perl6, some distant far off thing that will never come about. So its good that the Python foundation finally set a firm date to decommission python2 and promote python3 as the future.

iFixit surgeons dissect Apple's pricey Mac Pro: Industry standard sockets? Repair diagrams? Who are you and what have you done to Apple?

DougMac

Re: you can’t just swap in a drive from Crucial

Surprisingly few 3rd party vendors for weird Apple proprietary flash. Just one that I know of, OWC has replacements for the trash can, and MBP/MBA flash drives.

They most likely will have replacements for the 2019 MacPro as well (already a category on their website).

I do wish Apple switched over to the "standard" version of the products after they pioneered the stick form factor, but they keep on with their own thing for some vendor lock.

Update Docker: Fun bug involving file paths and shared libraries turns out to be a security hole

DougMac

Indeed.

Its what, over 55-60% of all docker images in the docker registry have some sort of security issue out of the gate?

macOS? More like mac-woe-ess: Google Chrome slip-up trips up SIP-less Apple Macs

DougMac

Oh, I wish I could be 100% chrome free.

It has turned into the IE6 of today. Many websites I need to use are coded only so they work in Chrome. :-(

Thankfully that is a very small percentage, but its enough that I need to run Chrome for some of those damn work SaaS offerings they insist on using.

UK ISPs must block access to Nintendo Switch piracy sites, High Court rules

DougMac

Re: Pointless

One reason that there is a flag domain name an ISP can implement to have browsers opt out of DNSoH negotiation by browser at the start.

That doesn't prevent an advanced user from implementing their own DNS setup, just like now. But due to measures like this, DNSoH is going to probably be flagged by all ISPs in UK and other places that require these blocks.

Pat Gelsinger vows to upgrade VMware's once 'bad' open-source rep to the 'very' best by 2021

DougMac

Re: vSphere

Current versions of vSphere is fully HTML5, and new features only go into the H5 client.

The flash client is deprecated, and strongly points you over to the H5 interface with banners or notices telling you the flash client is deprecated. The HTML5 has been complete for a few years.

While not all VMware products are flash free yet, they are well on their way, at least on the newer versions.

I don't think vSphere 7.0 is slated to be completely rid of the flash client, but it could be by the time it rolls out.

DougMac

10G switches are the base standard in the data center now-a-days? We've been deploying 10G ones with 40G uplinks for some years already. 25G switches (with 100G uplinks) look to be the upcoming base standard soon. These are basic datacenters, not 400G/100G spline-and-leaf monsters. I don't see them dropping 1G as a supported option as one needing the bandwidth, but just reflecting the base level in the datacenter switching now-a-days. VMware is targeting datacenters, not a small company. I'd have thought the pricing alone would have cut out all the small companies.

You don't have to use NSX if you don't want. We don't deploy NSX in our management clusters.

A lot of the tools are there to provide options. The basic VMware Hypervisor is there just the same. You use the tools that work for you. If you need options in NSX, then use it. If not, you'll probably need external boxes to do that function, same as in the past. You'll lose some of the distributed nature of NSX then. Likewise, don't use VSAN? You'll still need external shared storage.

You seem a bit all over, if you are worried about VCSP Standard going away (5 point rental), you can't be using any thing beyond the basics, as you don't get VDS with Standard, and *anything* advanced (ie NSX, VSAN, etc. etc. etc) all requires VDSs on Enterprise Plus (7 point rental) plans. I think the only time we deployed VCSP 5 point rental ones were for private cloud customers with two hosts and two networks. (ie. the most basic which probably were better served with other solutions anyway).

What is it with hosting firms being stonewalled by Microsoft? Now it's Ionos on naughty step

DougMac

Re: Active / Passive redundancy?

An ISP can't just switch IPs out of the blue, you have to warm up new IP addresses, by sending a tiny fraction of the email through, to push your legit to spam ratio up higher and higher, all the while the larger providers will start accepting more and more email from your new IP addresses as long as that ratio is maintained well.

You also have to keep email flowing from time to time through your new warmed up IP addresses, or they will grow cold again, and you start over from scratch.

Finally, if you start ping ponging around, and you haven't taken care of your internal compromised accounts/systems that are the problem, and Microsoft/Google/Yahoo notices you doing this ping-ponging, you are much more likely to get whole swaths of your IP space banned instead of individual servers.

Microsoft blocked TSO Host's email IPs from Hotmail, Outlook inboxes and no one seems to care

DougMac

Large mail providers run their own blacklists

None of the large mail providers depend on SORBS or the other public RBLs now-a-days, they have their own internal RBL system that they use (seeing the viability and usability of the RBLs out there, I don't blame them).

Thus you have to deal with each on their own terms. And deal with each large mail provider on their own. Most like Comcast or Yahoo keep you on the block list for some short period, see if you are still sending SPAM and if you are, will renew the blocks. If they see the rate down, you get auto-delisted.

So if the rate of SPAM in Microsoft SNDS stays up in the red zone, you are unlikely to get cleared.

Running an ISP mail provider, I find most blocklists are fair, although Microsoft's is the longest to wait and deal with. The appeal process is also backwards (ie. you have to reply to the ticket that says in no uncertain terms do not reply to this ticket). But usually if the auto-delist system hasn't cleared after your SNDS rate has fallen, appealing to the ticket usually gets good results through them. I see a few appeals on mailop, but most of them haven't gone through the proper normal steps that Microsoft has laid down.

They don't seem capricious or arbitrary to me. They really do make sure you are on the ball with your own rate limiters and compromised account detectors.

Get ready for a literal waiting list for European IPv4 addresses. And no jumping the line

DougMac

IPv6 is here

IPv6 is here. Any business ISP can get you IPv6 connectivity. Many residential ISPs do it by default (but granted not all).

There is much gear that supports IPv6 natively.

What doesn't do IPv6? People. Especially Enterprise/Business Techs.

That is the number one factor. They see no need. They don't bother learning. They don't bother doing. "I don't need it, I don't want it, I don't use it." Stick their head in the sand, no problems here, no need to do anything.

Just about everyone on their smart phone has fully IPv6 connectivity right now.

My home ISP does IPv6. My mom's home ISP does IPv6, and her computer is fully IPv6 connected without her knowledge.

But in 99% of the enterprise businesses I deal with, even though they could enable IPv6 on their firewall and do it, they do not. They see no need, so they don't enable it.

So ISPs have to go to extraordinary measures, like enabling CGNAT. I do not know how much time I've spent dealing with CGNAT issues. Constant breakage. Constantly dealing with slow downs, and all the rate limiting they have to do on their gateways. I tell the customer to get away from the ISP that has to do CGNAT. They don't. I tell them lets try IPv6, and see if all the content you want can be gotten natively. They don't.

I think the only event that will force enterprise adoption of IPv6 is if Facebook or Slack went IPv6 only. That might make the people learn quickly.

Why would anybody believe that a different protocol than IPv6 that will take another 20 years to adopt would do any better? Anything that makes people change what they are doing is not going to be adopted unless it is done for them.

Migrating an Exchange Server to the Cloud? What could possibly go wrong?

DougMac

Re: Late to the party...

Ditto. I find it questionable that a MS Partner wouldn't know that Exchange digs so deep into ActiveDirectory that touching anything in Exchange is the same as touching it in the main Active-Directory?

FYI: Your Venmo transfers with those edgy emojis aren't private by default. And someone's put 7m of them into a public DB

DougMac

Can someone tell me why there's an app with social activity tied to payments?

Why in the world would *anybody* think up, hey, what the world needs, is Twitter with payments?

Hey, I sent you money! Thanks d00d!

Backup your files with CrashPlan! Except this file type. No, not that one either. Try again...

DougMac

This isn't a change?

Crashplan has always filtered on file extensions like this. I've been using it for over a decade. This isn't anything new? Maybe they hid it better in the past, but now the true nature comes out on some level of setup.

One thing they do well is continuous backup, changed files get backed up quickly, rather than on a snapshot schedule like most everybody else.

OOTH, its hard to believe they'll be in business with how they are turning away their core users. They want to sell to businesses, but won't support servers?

They want to turn into a security monitor DLP solution, but I don't know of anybody that wants a DLP unless its a compliance box to check.

A2 Hosting finds 'restore' the hardest word as Windows outage slips into May

DougMac

Servers..

If only there were other cloud providers that you could backup your data regularly to, and test your DR setup rather than put all your eggs in one basket.

Hmmm..

IT sales star wins $660k lawsuit against Oracle in Qatar – but can't collect because the Oracle he sued suddenly vanished

DougMac

It is truely amazing that Oracle has any customers. If you think this is screwing you over, look into the licensing terms of an Oracle product, especially their flagship one.

Even if the Oracle sales rep personally paid me $1mil, I still wouldn't in anyway purchase Oracle software for my company unless I wanted to screw them over big time. Perhaps that is the secret as to their existance.

Apple bestows first hardware upgrades in years upon neglected iPad Mini and Air lines

DougMac

Use it for what it is designed for..

The end of the article seems to go off as Chromebooks are better.

The iPad and Chromebooks are designed for two totally different types of usage.

Many people don't understand this.

The iPad is designed as a content consumption device. Watch movies, play games, read ebooks. web browsing, etc.

Chromebooks are designed as cheap throw away laptops. If you want to do things that a laptop does, write code, term papers, then a chromebook would be better. I don't understand people trying to make iPads into laptops, this kinda of works with lots of hurdles. Then people go and slam on the hurdles trying to shoehorn the wrong device into the wrong task. Apple kinda follows along and tries to enable this to happen, but with their sandbox, this is never going to be the same as a laptop.

But they work great to consume media. Hand an iPad to a 3-year and watch them learn to navigate it in minutes.

Disk drives suck less than they did a couple of years ago. Which is nice

DougMac

Any single disk setup is asking for trouble. If you need to stay up and working, RAID. If you need your data, backup, backup, backup, backup, backup.

Everything can fail (as I'm looking at the 2nd SSD failure on my laptop), average time to fail = 1.5 years.

DougMac

Re: Ah...

Not true, for a while there, almost all Seagate drives (even enterprise ones) were pretty shit.

I had many a NetApp/EMC, etc. etc. that came packed to the gills with Seagate drives, that started regularly failing on a very regular schedule starting just about half a year before the normal warantee period on those drives. I had a Sun Thor (48 SATA 1TB Seagate drives) that probably had lost 70% of its original drives.

The replacements started coming back with Seagate drives, that failed again after replacement.

Pretty soon the replacements starting came back with HGST or sometime Toshiba, and those disks never had to be replaced again.

Domain name 'admin' role eyed up as latest victim of Whois system's GDPRmeggdon

DougMac

Just Admin Contact?

Aren't all the contact data fields of questionable value? None of my customers care what goes in there, It could be all folded down to one contact (with mostly fake info) in all cases.

There, I just saved a "committee" months of "work".

How an over-zealous yank took down the trading floor of a US bank

DougMac

Sun IPX "server"?

The Sun IPX was never meant to be a server, but a tiny workstation. Typical configuration was something like 40MHz CPU, and 16MB or 32MB of RAM. It came in a tiny "lunchbox" case. (about 1 foot by 1 foot by 8 inches tall).

I doubt a PC era hardware was more powerful, but almost certainly, SunOS was 1000 times more stable and capable then anything running on a PC at the time.

DougMac

Re: Unplugging the keyboard = kernel panic ?

It wasn't a kernel panic, but the Sun machines had a tough time differentiating between Stop-A and the keyboard being unplugged. Stop-A was a means to break out into the rommon to debug the kernel, and was reasonably difficult to preform, and was introduced into an era when machines were built to be serviced by kernel systems programmers to find kernel bugs. Then continued on long past the day when this was useful.

It was just unfortunate that the Stop-A procedure was confused a bunch by the keyboard being unplugged too.

Dead retailer's 'customer data' turns up on seized kit, unencrypted and very much for sale

DougMac

How's this different than normal?

By the time a company is liquidated, anybody left there gives zero ***cks to what happens to anything left over, data, sensitive info, etc?

I've cleaned out offices with tax forms, W-2's, etc. all left behind. This is normal.

I've also bought 2nd hand filers from liquidated companies with full data still left on them. Source code, CAD drawings, records, etc. etc. Bought network gear with full configs (SNMP communities are always fun) still left on them, etc.

Not many liquidators would have the means, knowledge or time to make sure things are securely wiped, and if it has come down to the end, its doubtful anybody still left at a company does either. They are the cleanup crew, get it out, get it gone. who cares.

DNSSEC in a click: Cloudflare tries to crack uptake inertia

DougMac

Re: El Reg writes "In some respects it is like IPv6...."

Yeah, but with the consolidation in the industry, there's less than a handful of large players, and the small players are probably going to all die off sooner than later. The CAA record seems less useful if its between a choice of 3 or 4.

Microsoft sharpens its claws to cut Outlook UI excess, snip Ribbon

DougMac

UI revamp

The next UI revamp for Office 2020, we'll get rid of the toolbar, and invent the new latest k00l toy, the menubar! Everyone must conform to the new UI standard.

Welcome! Mimecast finds interesting door policies on email filters

DougMac

Re: A study?

Mimecast has been around a lot longer than Microsoft has been a mail provider.

Sysadmin sank IBM mainframe by going one VM too deep

DougMac

"Incidentally, since we call it a hash in the UK, but the Americans call it a pound.."

That usage in the US has gone away decades ago. It was current when typewriters were a thing and was used then, but since computers came around, nobody abbreviates pound as #.

People hate hot-desking. Google thinks they’ll love hot-Chromebooking

DougMac

Re: MTBF

"So users are having to replace their Chromebooks over three times a year due to failure?"

Lets do the math. Lets settle on the $300 chromebook. 3.3 chromebooks per user per year.

At 3 years out, the company has spent $2970 for chromebooks vs. an assigned laptop.

Wow, what a cost savings.

Fix this faxing hell! NHS told to stop hanging onto archaic tech

DougMac

Not being in the industry, but interested observer, I think the reason FAXs are so prevalent in the health industry is because printed documents transferred in "modern" protocols fall within HIPPA, and FAX's are preexisting tech and don't have all those silly data protection rules attached.

I've heard of medical billing outfits in the US that emulate 1,000's of concurrent online FAXs machines at a time so all those medical billings can go back and forth on paper, bypassing HIPPA rules.

I've had so many of my customers that have to process PHI billing just how they can do email with PHI and still be HIPPA. My answer of you can't just pissed them off all to no end. I think this is the industry's end-run to still have paper record shuffle.

Boffin botheration as IET lifts axe on 20-year-old email alias service

DougMac

Email forwarding services are passé

Due to technical measures such as SPF/DKIM, most email forwarding services have extremely poor forwarding rates.

The users of this service are probably missing most of their forwarded email anyway due to SPF filters (which Google encourages all domains to setup, by dumping more and more non-SPF setup domains right into the gmail recipients SPAM buckets).

Mailling lists also encountered this, but most adapted by rewriting the sender address, which probably would not go over well with just an email forwarder service, if the recipients couldn't reply back to the sender. Suddenly the email forwarder service has to be running a full on mail server, keeping track of all rewritten senders and expanding them back and forward.

A total mess technology wise.

When Google's robots give your business the death sentence – who you gonna call?

DougMac

Re: Google 'support'

No MSP will trust Google Apps with their customer's email setup. Support and response to problems is just too messed up. One reason Office365 took off so much.

PayPal reminds users: TLS 1.2 and HTTP/1.1 are no longer optional

DougMac

Re: TLS 1.1 is fine for PCI ?

Correct, TLS v1.1 is fine, but generally in practice, TLS 1.0 marks the dividing point between "legacy old systems" and stuff that supports it all.

If you can to TLS v1.1, generally you can do TLS v1.2, and you may as well get on that wagon while you are reconfiguring.

IPv6 growth is slowing and no one knows why. Let's see if El Reg can address what's going on

DougMac

> Personally I don't know whether this is a thing or not, but I've been hearing rumours about carrier-grade NAT and how it's going to be widely used by ISPs in the near future.

CGNAT is widely deployed, and customers typically have no clue it is in use, until of course things break and nobody can figure out what is going on. Every tech I've met has no idea why customer one has "public IP" 100.64.1.5 when customer two also has "public IP" 100.64.1.5 when they live in different states when they get allocated IP's out of RFC6598 space.

Of course I get brought in when everything is fubar. The ISPs doing CGNAT are doing heavy rate limiting to make sure their CGNAT gateways aren't overloaded, and doing dirty tricks like redirecting all speed test sites internal so they look like they have great speed, until of course you have to transit outside of their network and find that you have almost no bandwidth besides the tricked out ports the carriers play around with.

But IPv4 is "good enough", except when it isn't. IPv4 won't die until it is too painful to use. Too many techs are blind to the world outside what they know.

VMware to finally deliver full-function HTML5 vSphere client

DougMac

Re: Flash... ah!

> Now if they wouldn't mind taking the moron who made the decision to implement their last stab at the web client using Flash outside and summarily execute them for gross stupidity (followed by a fair trial).

At the time, Flash was very embedded and a safe choice with the only other choice being Java in the browser.

Java applets disappeared so much quicker than Flash has, so it was a better choice in hindsight.

The main choice was if they did a web based solution (to get more than just WIndows management) or stick with heavy clients needing to be installed. Flash or Java were the only technologies that could have done what they needed to at the time.

Single single-sign-on SNAFU threatens three Cisco products

DougMac

Re: Is it me...

Nothing new there, although it does seem to have accelerated some since the classic days.

OK, this time it's for real: The last available IPv4 address block has gone

DougMac

About the only one that hasn't figured out IPv6 are enterprise & SMB

The carriers have it all down pat, and 65-85% of residential users and wireless users are using IPv6 natively already. Mostly because the CPE can be remotely configured by the carriers to handle what they need.

But when techs have to go configure SMB firewall, they won't bother to learn how to do IPv6, and they only configure the IPv4 side (if their gear even supports dual stack).

Meanwhile, the residential and wireless users are driving most of the content so the content providers provide big fat pipes that can handle their needs.

DougMac

Re: Time to claw some back

> There are probably large blocks of unused IPv4 addresses out there, if only the IANA would get off it's bottom and reclaim them.

Nope, been already done. They got some /8's back, and reallocated them years ago.

The only "large companies" left are Apple, HPE & Ford and a couple others. If you go down the IANA list, almost everything is allocated to huge Tier1 carriers directly, or to a regional IRR.

Stanford brainiacs say they can predict Reddit raids

DougMac

Wow, they could have just dug up behaviorial studies of 2nd graders on the playground and be done and complete.

Rant launches Eric Raymond's next project: Open-source the UPS

DougMac

>> It has been my impression that UPS's fail to "off"

The problem I've encountered is that for most of the small-ish UPSs, that when the batteries go past their useful life, the UPS starts cycling the power, even if the wall power has been steady on. APC is particularly nasty about this for certain models.

Battery past useful life is almost always only a light on the front, I can't tell you the last time I've looked at the front of my home UPS.

>> Why not allow us to rig ubiquitous car batteries..

It was covered later to be mostly size. Your UPS would be quite large and heavy. As it is, most small-ish UPSs now use motorcycle/lawn mower Lead-Acid batteries. So, same technology, just smaller package. Less capacity.

The UPSs I'm mainly interested in though have their own rooms. : - )

And they do typically use deep-cycle marine batteries. Just lots and lots of them.

DVLA denies driving licence processing site is a security 'car crash'

DougMac

Re: Certificate chain

"If there's a problem with the certificate chain how come only Firefox is complaining about it and not all browsers?"

Because every browser is different. Even different Chromium based browsers are different than Chrome itself.

Firefox is a very different beast than Chrome or from Safari. Firefox complains more about things like broken certificate chains vs. Chrome. Chrome complains different things like requiring SAN entries instead of depending on cn= in the X.509 cert.

Thus if you run a web app, best to check it in all the major browsers..

Judges dismisses majority of Cisco's 'insane' IP defence against Arista

DougMac

Re: F*ck Arista

Arista took a pretty different direction than Cisco at the time of founding.

I'd argue that they were innovative at a time where Cisco was stuck in the mud spinning their wheels.

Since then, Cisco has followed them, and that is why I think Cisco is flinging sue-balls at them.

From July, Chrome will name and shame insecure HTTP websites

DougMac

SSL is not all that common

Just because 81% of the top 100 sites have SSL, doesn't mean that follows for the remainder. There is a very long tail of websites out of the top 5000, or 10000 that are never going to get SSL that are now going to be penalized.

Lets Encrypt on windows is still slightly messy. Going through various load balancers are messy.

Very few customers not doing SSL today find even the little effort to do SSL to be worth the costs (money wise or technical wise).

This is definitely going to train normal users that it is "normal" to see the warnings and to ignore them.

Cops find ATM spewing cash, car with dodgy plates, stack of $20 bills and hacking kit inside

DougMac

COTS?

It blows me away that ATMs (and cash registers) are now COTS windows PC's, networked to the Internet with about as much firewalling as a typical enterprise has.

I would have thought that with all the engineering experience, that fairly custom extremely hardened designs would be de-rigor, especially now-a-days. No USB ports with auto-run on them behind some panel with virtually nothing to prevent intrusion.

I remember when the original crypto cards for ATM transactions came out, with all the layers of anti-tampering on them (eg. critical battery traces potted in above the data traces). But now-a-days, it seems like COTS wins the day, and instead of up front engineering, they just spend it on after-the-fact cover up and throw money at covering their loses instead of putting it up front.

The real scary attacks described on Krebs are the ones that infiltrate the whole bank's network, and can upload malware remotely, and have it jackpot any given ATM on demand.

STOP! It's dangerous to upgrade to VMware 6.5 alone. Read this

DougMac

Re: Too Naive

> Finally, we get the horrible mess of clients that VMWare has: The fat Windows client, the Flash web >interface and the newer HTML5 interface. No one interface can do everything. Nice one VMWare!

At least there is a path. eg. The C# client is dead now and has been for a year (if you are current on patching on the 6.5 track).

The HTML5 fling UI offers full usability, and they keep wrapping more and more of the HTML5 fling into 6.5 as it ships U updates.

Most of what I've encountered are VMware admins that are adament that they can never use anything but the C# client, even though it is dead, so they stick with the older things because they can't change.

DougMac

Re: Upgrading from 5.5

I know of nobody that has changed to Hyper-V and liked it.

Hyper-V has its own worms and problems.

Everywhere I've encountered it in production is in basic mode (eg. single hosts) because full-on clusters is unatainable for just about eveyone.

Oracle still silent on Meltdown, but lists patches for x86 servers among 233 new fixes

DougMac

SPARC doesn't seem to be affected..

Unofficially, some Oracle people have stated that since SPARC runs kernel and user address space completely separate as part of the design of their ABI, that the same sorts of issues can't crop up.

Happy New Year! Love, Microsoft: Price rises? Aw, you shouldn't have

DougMac

The article seems to state this is a UK only thing. Service provider partners in the US face the same 10% price hikes.

They also are saying another 10% for some of the same products in Jan 2019 as well.

Security pros' advice to consumers: 'We dunno, try 152 things'

DougMac

Re: "Don't use Java"

especially since so much software of enterprise and service provider realm is written in Java.

VMware is heavy on Java, all my storage systems management systems use Java on the backend for management and reporting (even if it is a web front end).

My PKI solution uses Java, I know at least two large SSL CA providers use Java systems.

My SIEM is written in Java.

Since .Net is just a copy of Java, does that equate to don't use .Net apps either?

I suspect the thought is don't use Java in your browser, which would be near impossible now-a-days anyway with all the roadblocks that everything throws up. But Java on the backend is extremely prevalent.

You're doing open source wrong, Microsoft tsk-tsk-tsks at Google: Chrome security fixes made public too early

DougMac

Re: They're right but it's a moot point

> but on the other hand a borked update can brick vast hoards

Sort of like the latest Flash build breaks anything VMware or other enterprise interfaces in Flash,

and Chrome updates keep removing the "buggy" old flash that still can run the only interface we have into vSphere?

AWS to Windows devs: Come out of the dark, into the Lightsail

DougMac

The "Cloud"

Just from the small base of my customer-set, at least 90% that are "in the cloud" are nothing more than a VPS or three or a dozen.

Well less than 10% do anything "cloud scale" that actually utilizes any sort of features beyond just having a VPS in the cloud.

I firmly believe that the current rush to "be in the cloud" results only from the desire not to have hardware onsite. Once people realize that their data and all they own are now tied up far beyond their control and they get cloud shock at sticker price, things will probably swing around again.

Internet-wide security update put on hold over fears 60 million people would be kicked offline

DougMac

Just look at IPv6?

> Just look at IPv6

I'm looking at IPv6. Mobile really made it a slam dunk use-case.

56-60% of all my email users come in over IPv6.

I'm not a large web content provider, so I can't show the same stats there, but I'd bet that Facebook is showing numbers equally impressive.

Look at the ISPs or companies like Facebook that are 100% IPv6 internal with only IPv4 gateways now.

Look at the IOC 2017 IPv6 report for more evidence of ISPs considering dropping IPv4 native in the next *handful* of years.

The one case where everybody is dragging their feet?

Enterprise.

Enterprise fears IPv6, buried their heads in the sand, even though they probably have significant IPv6 traffic internally traversing their network. They need to figure out that those OSs running internally are all doing IPv6 native now, and learn how to properly secure it (a single external breach could setup a IPv6 RA and proxy, and funnel all the Enterprise traffic out beyond the firewall in a heartbeat) and embrace it. IPv4 is going away, Enterprise needs to learn that.

Page: