Request: IPv6 support for thedailywtf.com (and forums)


  • SockDev

    Request: We're a tech commiunity we really should be supporting modern technology.

    Can we get IPv6 Support for thedailywtf.com and what.thedailywtf.com? Please?

    Paging: @apapadimoulis and @sam

    Is this a thing we can do?


  • SockDev

    oh and while we're at it there was an outstanding request to support HTTPS too.

    don't suppose we could take care of that too?



  • Oh boy...



  • That might be asking for a bit much. Not only will someone have to order a cert, they'll have to turn on SSL with Nginx, but not SSLv3. Oh and maybe enable perfect forward secrecy.



  • How works IPv6? I assume this is something I need to ask hosting provider for, or do you suppose that they all use it now internally?

    Also… why? I get the principle, but curious on the practical.



  • "How does this benefit the shareholders? And we need to know if this provides recourse for Big Discourse™ or @Intercourse, or course."


  • Banned

    We found that sadly the most effective way of dealing with spam is ip blocks, ipv6 is going to make ip blocks pretty much useless :(

    That said, Discourse internally supports ipv6, I think we run meta on it, but we would have to amend the digital ocean side of things and dns records.


  • SockDev

    @apapadimoulis said:

    I assume this is something I need to ask hosting provider for, or do you suppose that they all use it now internally?

    yes, it's something the hosting provider needs to support (most do these days, often free of charge)

    then you'll need to add an AAAA record to DNS for the IPV6 address, and configure IIS/.NGINX to listen to it

    that's about it.

    as for....

    @apapadimoulis said:

    Also… why? I get the principle, but curious on the practical.

    if i'm being honest it's for the bots. they're occasionally getting caught in 429 storms because they all share an IP address and even though they are rate limited to have fewer request/second than actual users there are enough of them that they can sometimes trip the IP based ratelimiting.

    but my host (digital ocean) gives me 15 IPV6 addresses so i could split them into different origin addresses to silo them (without removing their internal rate limiting) and prevent one bots 429 from impacting other bots.

    so it's for the principle but also for a selfish reason.

    ...

    if that's okay with you...


  • Grade A Premium Asshole

    So you are both on Digital Ocean?

    "The call is coming from inside the building!!"


  • SockDev

    only if what.thedailywtf.com is also in their NY3 datacenter.


  • Grade A Premium Asshole

    It is in a New York datacenter. Not sure which one though.



  • Hahahahahah ahahHAHAHAHAHAHHAHAHAHHAAHAHAHAHAHahahhahahAHAHA


  • Grade A Premium Asshole

    You could be right next door. Your bots should bring TDWTF a casserole.



  • Yeah, arsenic flavored. Yum yum, good eatin'.


  • Grade A Premium Asshole

    @blakeyrat said:

    Yeah, arsenic flavored. Yum yum, good eatin'.

    You're a dick, but even I will give that reply a like.


  • SockDev

    @blakeyrat said:

    Hahahahahah ahahHAHAHAHAHAHHAHAHAHHAAHAHAHAHAHahahhahahAHAHA

    @blakeyrat said:

    Yeah, arsenic flavored. Yum yum, good eatin'.

    :expressionless:

    really?

    Thanks.

    @Intercourse said:

    You're a dick

    QFT. but no likes from me for that one.

    besides i'd go for potassium cyanide before i went for arsenic. arsenic kills way too slowly.



  • Oh please. IPv6 is like tilting at windmills. I think the laughing is the most appropriate reply.


  • SockDev

    maybe, but we're running out of IPv4 addresses fast, if we don't tilt at those windmills eventually there will be no way to get online without paying someone else to give up their IPv4 address.

    little steps leads to big progress.



  • The sky is falling...



  • @accalia said:

    maybe, but we're running out of IPv4 addresses fast, if we don't tilt at those windmills eventually there will be no way to get online without paying someone else to give up their IPv4 address.

    Yeah right. We ran out like 4 years ago. I remember the big commotion on Slashdot. Guess what? Turns out the world didn't end.


  • Grade A Premium Asshole

    @accalia said:

    maybe, but we're running out of IPv4 addresses fast

    If only some technology existed in order to enable multiple computers to share a single IP address... One day we will develop the technology...


  • SockDev

    @Intercourse said:

    If only some technology existed in order to enable multiple computers to share a single IP address... One day we will develop the technology...

    yes. i realize we're years and years away from absolutely needing IPv6.

    but if we're taking little steps that's how long it's going to take.

    we will eventually want to have more than 4 billion uniquely addressable computers on the interwebz. and when we do we'll need something more than IPv4

    when will that be? frack if i know but it will happen eventually.


  • Grade A Premium Asshole

    @accalia said:

    we will eventually want to have more than 4 billion uniquely addressable computers on the interwebz.

    We already have that. Reverse proxies, load balancers and routers have taken up the slack.

    Yes, some day we will need to do so. But until it becomes a pressing matter, and causes pain somewhere, we will be unlikely to see it happen.

    Funny thing, shitty PowerBuilder applications are not compatible at all with IPv6 if it is even enabled on the client or server. Even if you do not use it, and do not even set a scope for IPv6 at the DHCP server, it is always the first thing that support people for shitty PowerBuilder applications ask you.

    Of course, that would only effect things on the LAN side. Routers could handle NAT and IPv4 > IPv6 translation through NAT, but we have a LOT of "small steps" to take before it is even a possibility.


  • SockDev

    @Intercourse said:

    we have a LOT of "small steps" to take before it is even a possibility.

    exactly! and we should take them at every opportunity!

    elsewise my investment in rose coloured glasses is going to prove misguided.


  • Discourse touched me in a no-no place

    @accalia said:

    maybe, but we're running out of IPv4 addresses fast, if we don't tilt at those windmills eventually there will be no way to get online without paying someone else to give up their IPv4 address.

    Like oil, we've been running out of IP4 addresses for ages.

    I suspect that if it becomes necessary, ISPs will implement NAT, or some kind of crazy-ass TDWTF-worthy tiered NAT.


  • SockDev

    @FrostCat said:

    I suspect that if it becomes necessary, ISPs will implement NAT, or some kind of crazy-ass TDWTF-worthy tiered NAT.

    that will make IP filtering of spammers from websites interesting....



  • @FrostCat said:

    Like oil, we've been running out of IP4 addresses for ages.

    I suspect that if it becomes necessary, ISPs will implement NAT, or some kind of crazy-ass TDWTF-worthy tiered NAT.

    so we need a shale IP address boom?


  • Grade A Premium Asshole

    @accalia said:

    that will make IP filtering of spammers from websites interesting....

    It already is. IP addresses for residential accounts change somewhat frequently. Very frequently for some DSL users (several times a day, depending upon carrier, etc). So much so that DMCA notices are very frequently sent to the wrong users and it is pretty common to end up with an IP address blacklisted and then an innocent person ends up with it.



  • It's especially annoying when I'm talking to someone on a Mumble server and mid-sentence I lose connectivity to the internet while my ISP decides which of their hundreds of addresses per customer they want me to switch to.


  • Grade A Premium Asshole

    It shouldn't change IP address while you are active, but their detection of that gets a bit muddy once people started leaving the computers on and browsers open to AJAX heavy sites.



  • It should only ever change addresses if I'm disconnected from the internet. Otherwise, I'm still using the internet, so they don't have any net savings by changing me to a different address.


  • Grade A Premium Asshole

    Very few people ever completely disconnect from the Internet. Now with everything being connected, right down to your refrigerator (I was just appliance shopping. There is a solution looking for a problem.) but they still try to pull the same tricks as when routers were rare in homes and DSL modems connected via USB.

    I get what you are saying and you are not wrong, but that is why it happens. DSL is shit.



  • Static IPs are only $74.99 every month for 6Mbit.


  • Grade A Premium Asshole

    Oh yes, I read about them when you posted it before. I think I pay ~$15/month for 16 adresses. That is highway robbery.

    You are probably bouncing so much because they are heavily over-committed.





  • @accalia said:

    but my host (digital ocean) gives me 15 IPV6 addresses

    15? Do they know they’re a bit less rare than IPv4? My hosting provider gives me 1 IPv4 and 18'446'744'073'709'551'616 IPv6 addresses for a single VM.


  • SockDev

    that's a lot of IPV6 addresses.....

    also 15? more than enough... if the sites i wanted to go to were on IPv6 too.



  • For the bots! Well why didn’t ya say so in the first place.

    OK – what.thedailywtf.com is hosted at Digital Ocean, do I need to do anything especial to get IPv6 addresses? Once I find what the address is, then I need to do something with NGIX, maybe, unless the server listens to all IPs (which, hopefully it does, but we’ll find out)… then I just need to add an AAAAAAAAAAA record on GoDaddy, which I know how to do.


  • SockDev

    @apapadimoulis said:

    OK – what.thedailywtf.com is hosted at Digital Ocean, do I need to do anything especial to get IPv6 addresses?

    dunno how to get it added to an existing setup. but a support ticket to DO should get you sorted out. they are super nice and i know it is possible to add after droplet creation so long as you are in a DC that has support for it (IIRC that's NY2 and NY3 also their out of US DCs)

    @apapadimoulis said:

    then I need to do something with NGIX

    depends on setup. but all you need to do is add the config line that says to listen to IPV6 if not already present and restart nginx

    IIRC the default configuration already has it listening to both IPv4 and IPv6


  • SockDev

    @accalia said:

    dunno how to get it added to an existing setup.

    not true, after a quick googling:

    if you're in a DC that doesn't support IPv6 we'll either need to migrate or call that a nice theory and wait for the DC to be upgraded

    @accalia said:

    IIRC the default configuration already has it listening to both IPv4 and IPv6

    checked. yeah by default listens to all IPs regardless of version, you should have this line in your server config:

    listen [::]:80;
    

    if it's there you're listening to everyone and just need to restart nginx to pick up the new IP address.


  • Discourse touched me in a no-no place

    @ben_lubar said:

    Static IPs are only $74.99 every month for 6Mbit.

    No, Static IPs cost $40 extra. TRWTF is that the premium they command rises with the speed of the connection: 3Mb SIPs only cost an extra $20. I do like the "starting at" verbage, though. You should call them, and ask under what circumstances they would raise the price. Probably "if you run a server".

    I see they also charge for line filters. When I had DSL, ten years ago, AT&T gave me a pile of them free.

    Someone probably already asked this but I assume you have no better alternatives.

    It's kind of interesting knowing of someone who actually is affected by this internet-era "legend".


  • Discourse touched me in a no-no place

    @VinDuv said:

    18'446'744'073'709'551'616

    Pssst, VinDuv, you accidentally used the upside-down font with your commas.



  • @sam said:

    We found that sadly the most effective way of dealing with spam is ip blocks, ipv6 is going to make ip blocks pretty much useless

    IIRC you only block individual IPv4 addresses. The equivalent would be to block the entire /64 under IPv6.


  • Impossible Mission Players - A

    Still doesn't really solve the objection that instead of 4 billion potential addresses to block, you now have 16 x 10^18 addresses.


  • SockDev

    @izzion said:

    Still doesn't really solve the objection that instead of 4 billion potential addresses to block, you now have 16 x 10^18 addresses.

    given that IP blocking is completely ineffective at a determined technical user, even on IPv4, IP blocking is effective at casual driveby spammers. IP blocking will continue to be effective against that sort of spammer on IPv6.

    i'm not seeing how that's a valid objection... sure they're more addresses but against someone who knows how to change their IP, either at their router or by using a proxy, the IP block wasn't going to work anyway.



  • We need: inscrutable javascript!


  • SockDev

    absolutely!

    It's impossible to use a bot to defeat a JS heavy app!

    :-D


  • Impossible Mission Players - A

    Hey, you're not allowed to inject actual logic into discussions reasoned debate arguments on the Interwebz! :p


  • SockDev

    @izzion said:

    Hey, you're not allowed to inject actual logic into discussions reasoned debate arguments on the Interwebz!

    allowed? maybe not.

    did i? FRACK yes!



  • OK! I’ve added this to my list; I’m going to try to connect with @ben_lubar in the next week or so, and will hopefully be able to bribe him into helping with the CS forums import thing (I guess Discourse is stable enough now??) , and possibly even with the with edit nginx bit if its needed.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.