Domi

Did anything ever come from this? I imagine that any of the railway companies affected would want to sue?

Not much possibility for argumenting about security reasons either when you literally have the GPS coordinates of your competitors in your code.

That’s less of an opinion and more of a hardware restriction, isn’t it?

If I had a 5 Mbps connection or no display that can display 4k, I also would not download in 4k.

Yes, because Docker becomes significantly more powerful once every container has a different publicly addressable IP.

Altough IPv6 support in Docker is still lacking in some areas right now, so add that to the long list of IPv6 migration todos.

There is this notion that IPv6 exposes any host directly to the internet, which is not correct. When the client IP is attacked “directly” the attacker still talks to the router responsible for your network first and foremost.

While a misconfiguration on the router is possible, the same is possible on IPv4. In fact, it’s even a “feature” in many consumer routers called “DMZ host”, which exposes all ports to a single host. Which is obviously a security nightmare in both IPv4 and IPv6.

Just as CGNAT is a thing on IPv4, you can have as many firewalls behind one another as you want. Just because the target IP always is the same does not mean it suddenly is less secure than if the IP gets “NATted” 4 times between routers. It actually makes errors more likely because diagnosing and configuring is much harder in that environment.

Unless you’re aggressively rotating through your v6 address space, you’ve now given advertisers and data brokers a pretty accurate unique identifier of you. A much more prevalent “attack” vector.

That is what the privacy extension was created for, with it enabled it rotates IP addresses pretty regularily, there are much better ways to keep track of users than their IP addresses. Many implementations of the privacy extension still have lots of issues with times that are too long or with it not even enabled by default.

Hopefully that will get better when IPv6 becomes the default after the heat death of the universe.

Will take a look at the talk once I get time, thanks. If you can find the original one you were talking about, please link.

For servers, there is some truth that the address space does not provide much benefit since the addressing of them is predictable most of the time.

However, it is a huge win in security for private internet. Thanks to the privacy extension, those IPs are not just generated completely random, they also rotate regularily.

It should not be the sole source of security but it definitely adds to it if done right.

With NAT on IPv4 I set up port forwarding at my router. Where would I set up the IPv6 equivalent?

The same thing, except for the router translating 123.123.123.123 to 192.168.0.250 it will directly route abcd:abcd::beef to abcd:abcd::beef.

Assuming you have multiple hosts in your IPv6 network you can simply add “port forwardings” for each of them. Which is another advantage for IPv6, you can port forward the same port multiple times for each of your hosts.

I guess assumptions I have at the moment are that my router is a designated appliance for networking concerns and doing all the config there makes sense, and secondly any client device to be possibly misconfigured. Or worse, it was properly configured by me but then the OS vendor pushed an update and now it’s misconfigured again.

That still holds true, the router/firewall has absolute control over what goes in and out of the network on which ports and for which hosts. I would never expose a client directly to the internet, doesn’t matter if IPv4 or IPv6. Even servers are not directly exposed, they still go through firewalls.

Anything connected to an untrusted network should have a firewall, doesn’t matter if it’s IPv4 or IPv6.

There’s functionally no difference between NAT on IPv4 or directly allowing ports on IPv6, they both are deny by default and require explicit forwarding. Subnetting is also still a thing on IPv6.

If anything, IPv6 is more secure because it’s impossible to do a full network scan. My ISP assigned 4,722,366,482,869,645,213,696 addresses just to me. Good luck finding the used ones.

With IPv4 if you spin up a new service on a common port it usually gets detected within 24h nowadays.

That is what I’m doing currently but now unbound doesn’t talk to the root servers anymore, it sends all queries to Quad9.

Both scenarios are not ideal because you always end up with one entity knowing all your queries.

Not illegal but it leaves all your DNS lookups in plain text with your ISP, which just doesn’t sit right with me.

Not that the ISP in my country would care.

Is it possible to get unbound to talk to the root servers via TLS/HTTPS by now?

I’m currently using Quad9 because they support DNS over TLS and DNS over HTTPS.

I tried Jellycon briefly when I started but it’s unfortunate that it doesn’t integrate into the Kodi UI properly, so there’s no way to really use the Kodi interface nicely without casting from the Jellyfin app. It more or less just becomes a playback client for the Jellyfin app. If the Jellyfin app wouldn’t be such a disaster when casting I probably would be fine with that.

Might try it again in the future but the Jellyfin app experience is nothing like what Kore or Yatse can do directly with Kodi.

CoreELEC is community maintained and the N2+ still receives the latest builds, my last update was just last month.

However, CoreELEC can be installed on many devices (including some Android TV boxes) that have Amlogic chips. You can see a full list if you to to the download page on the CoreELEC page https://coreelec.org/.

Also, CoreELEC is not Android, it is Linux running only Kodi. If you need anything besides Kodi you might want to look at another solution or have multiple devices.

Kodi still plays via SMB/NFS when configured in direct play mode. Only the metadata is provided via Jellyfin and play progress is synced to Jellyfin.

The Jellyfin plugin is not the most stable piece of software but it gets the job done.

I have been using an Odroid N2+ with CoreELEC installed and the Jellyfin Kodi plugin for years now.

Plays pretty much everything you throw at it, including 4k HDR HFR.

Dolby Vision is supported in CoreELEC but only on some devices.

Is that a real Deezloader website? That website looks shady af.

I just built the Vulkan layer and gamescope from git and then started my native Steam installation normally. Then I just set the launch parameters to ENABLE_HDR_WSI=1 gamescope --hdr-enabled --hdr-debug-force-output --nested-refresh 165 --fullscreen --steam --output-width 3440 --nested-width 3440 --output-height 1440 --nested-height 1440 -- env ENABLE_GAMESCOPE_WSI=1 DXVK_HDR=1 DISABLE_HDR_WSI=1 %command%.

Works pretty well so far but I’m on AMD.

Which monitor do you have? ABL is unfortunately fairly aggressive on OLED screens, e.g. my screen only reaches about 250 nit with a 100% white window, which is only 10-20 nit brighter than the maximum for SDR content.

I can’t speak for Star Wars but Dune is pretty bright so you might just run into your monitors ABL very easily. You can test by making mpv really small against a black background and then maximizing. If the image gets dimmer you’re getting limited by ABL.

You might want to grab a 4k remux for something like The Greatest Showman or Spider-Man: Across the Spider-Verse to benchmark with. They have a lot of colorful but dark scenes to really bring out the HDR highlights.

I’m also using Plasma 6 to play games and watch movies in HDR and everything looks as expected.

What monitor/TV do you use? Did you install the necessary Vulkan layers? Do you use mpv with the correct parameters? Which movies/scenes?

You can try turning the SDR brightness all the way down and back up. If the brightness of mpv changes, you’re not running in HDR.

I never used Citra before so I just grabbed it from Flathub.

You can still grab the latest early access build here: https://github.com/pineappleEA/pineapple-src/releases