Not sure about GP, but that’s basically what we did under “SAFe” (Scaled Agile Framework). PI planning means taking most of a sprint to plan everything for the next quarter or so. It’s like a whole week of ticket refinement meetings. Or perhaps 3 days, but when you’ve had 3 days of ticket refinement meetings, it might as well be the whole work week for as much a stuff as you’re going to get done otherwise.

It’s as horrible as you’re thinking, and after a lot of agitating, we stopped doing that shit.

There’s almost always at least a little ASM sprinkled into any kernel, so that’s not a big deal.

OTOH, there is the factor of “you know how Chrome takes up 2GB per tab? What if that was a whole OS?”

You’re probably in a country that got a ton of allocations in the 90s. If you came from a country that was a little late to build out their infrastructure, or even tried to setup a new ISP in just about any country, you would have a much harder time.

The Rust compiler tends to turn my impostor syndrome to 11. I assume she has some kind of humiliation kink and I do not consent.

If your home router blocked incoming connections on IPv4 by default now, then it’s likely to continue doing so for IPv6. At least, I would hope so. The manufacturer did a bad job if otherwise.

You can get exactly the same benefit by blocking non-established/non-related connections on your firewall. NAT does nothing to help security.

Edit: BTW–every time I see this response of “NAT can prevent external access”, I severely question the poster’s networking knowledge. Like to the level where I wonder how you manage to config a home router correctly. Or maybe it’s the way home routers present the interface that leads people to believe the two functions are intertwined when they aren’t.

Governments are not anyone’s issue other than other governments. If your threat model is state actors, you’re SOL either way.

That’s a silly way to look at it. Governments can be spying on a block of people at once, or just the one person they actually care about. One is clearly preferable.

Again, the obscurity benefit of NAT is so small that literally any cost outweighs it.

I don’t see where you get a cost from it.

• Firewall rules are more complicated
• Firewall code is more complicated
• Firewall hardware has to be beefier to handle it
• NAT introduces more latency
• CGNAT introduces even more latency
• It introduces extra surface area for bugs in the firewall code. Some security related, some not. (I have one NAT firewall that doesn’t want to setup the hairpin correctly for some reason, meaning we have to do a bunch of workarounds using DNS).
• Lots of applications have to jump through hoops to make it through NAT, such as VoIP services
• Those hoops sometimes make things more susceptible to snooping; Vonage VoIP, for example, has to use a central server cluster to keep connections open to end users, which is the perfect point to install snooping (and this has happened)
• . . . and that centralization makes the whole system more expensive and less reliable
• A bunch of apps just never get built or deployed en masse because they would require direct addressing to work; stuff like a P2P instant messenger
• Running hosted games with two people behind NAT and two people on the external network gets really complicated
• . . . something the industry has “fixed” by having “live service” games. In other words, centralized servers.
• TLS has a field for “Server Name Indication” (SNI) that sends the server name in plaintext. Without going far into the details, this makes it easier for the ISP to know what server you’re asking for, and it exists for reasons directly related to IPv4 sticking around because of NAT. Widespread TLS use would never have been feasible without this compromise as long as we’re stuck with IPv4.

We forced decisions into a more centralized, less private Internet for reasons that can be traced directly to NAT.

If you want to hide your hosts, just block non-established, non-related incoming connections at your firewall. NAT does not help anything besides extending IPv4’s life.

JSON and XML can be “real” languages. Mostly because of people who didn’t stop to ask if they should.

But why bother? “Let’s make my network slower and more complicated so it works like a hack on the old thing”.

So instead we open up a bunch of other issues.

With CGNAT, governments still spy on individual addresses when they want. Since those individual addresses now cover a whole bunch of people, they effectively spy on large groups, most of whom have nothing to do with whatever they’re investigating. At least with IPv6, it’d be targetted.

NAT obscurity comes at a cost. Its gain is so little that even a small cost eliminates its benefit.

IIRC, there are some sloppy ISPs who are needlessly handing out prefixes dynamically. ISPs seem to be doing everything they can to fuck this up, and it seems more incompetence than malice. They are hurting themselves with this more than anybody else.

It wasn’t designed for a security purpose in the first place. So turn the question around: why does NAT make a network more secure at all?

The answer is that it doesn’t. Firewalls work fine without NAT. Better, in fact, because NAT itself is a complication firewalls have to deal with, and complications are the enemy of security. The benefits of obfuscating hosts behind the firewall is speculative and doesn’t outweigh other benefits of end to end addressing.

Obfuscation is not security, and not having IPv6 causes other issues. Including some security/privacy ones.

There is no problem having a border firewall in IPv6. NAT does not help that situation at all.

For individuals. There are tons of benefits for everyone collectively, but as is often the case, there’s not enough incentive for any one person to bother until everybody else does.

This is the same language where you have to say PLEASE sometimes or it won’t compile. But if you say PLEASE too much, the compiler will think you’re pandering and also refuse to compile. The range between too polite and not polite enough is not specified and varies by implementation.

import tensorflow # we don't actually use this anywhere, but my boss told the client we use AI

Every time I see a defense of IPv4 and NAT, I think back to the days of trying to get myself and my roommate to play C&C: Generals together online, with a 2v2 game, with one of us hosting. Getting just the right combination of port forwarding working was more effort than us playing C&C: Red Alert on dial up when we both lived at home.

With IPv6, the answer is to open incoming traffic on the port(s) to the host machine (or just both since the other guy is might host next time). With IPv4, we have to have a conversation about port forwarding and possibly hairpin routes on top of that. This isn’t a gate for people “who know what they’re doing”, it’s just a bunch of extra bullshit to deal with.

There’s one practical thing. Routers have had years to optimize IPv4 routing, which has to be redone for IPv6. Same with networking stacks in general.

In theory, IPv6 should be faster by not having to do bullshit like CGNAT. There’s every reason to think it’ll match that advantage if we just make it happen.

Rogue One is how you do two acts of slow burn, followed by a third act that gives you payoff for your patience.

The first season of Picard is exactly how not to do that.

The other app off the top of my head is VoIP. You should be able to “dial” a number directly. Most solutions go through the company’s data center first in order to pierce through NAT. Which makes it more expensive, less reliable, slower, and more susceptible to snooping.

There’s a “if you build it, they will come” effect here. Once you can address hosts directly, a whole bunch of things become better, and new ideas that were infeasible are now feasible. They don’t exist now because they can’t.