Readit News logoReadit News
apparentorder commented on iOS 18 breaks IMAPS self-signed certs   forums.developer.apple.co... · Posted by u/mmd45
apparentorder · a year ago
I run my own CA and install it as a trusted CA via Configuration Profiles. This works fine, including iOS 17.

Does this break in iOS 18 or does this affect only self-signed (untrusted) certificates?

apparentorder commented on AWS to start charging for IPv4 usage, but critical services don't support IPv6   old.reddit.com/r/aws/comm... · Posted by u/mooreds
charcircuit · 2 years ago
Azure and Google Cloud don't, and they didn't have full ipv6 support when making the change either
apparentorder · 2 years ago
But did they tell you to "think about accelerating your adoption of IPv6 as a modernization and conservation measure" when they announced the charges? Because AWS did.
apparentorder commented on AWS Customers Cannot Escape IPv4   tty.neveragain.de/2023/09... · Posted by u/apparentorder
NovemberWhiskey · 2 years ago
>almost no AWS API can be used from a VPC without public IPv4 addresses

Virtually every single application at the company I work at deploys into VPCs without public IPv4 addresses - this seems like a ridiculous claim.

apparentorder · 2 years ago
As mentioned in the footnote, this can be done by using PrivateLink; it costs a few bucks too, but it is the way to go if your VPC does not (or must not, for Compliance™ reasons) have internet connectivity.

If your target VPC has neither PrivateLink nor public IPv4 connectivity somewhere, I'm not sure how that would work; I'd love to learn how that was built.

apparentorder commented on AWS Customers Cannot Escape IPv4   tty.neveragain.de/2023/09... · Posted by u/apparentorder
chandlerswift · 2 years ago
Looks like the theme might be a lightly modified version of the GitHub Pages Hacker theme[0]?

[0]: https://github.com/pages-themes/hacker

apparentorder · 2 years ago
It's a Jekyll theme, https://news.ycombinator.com/item?id=37609543
apparentorder commented on AWS Customers Cannot Escape IPv4   tty.neveragain.de/2023/09... · Posted by u/apparentorder
Bluecobra · 2 years ago
> There is no concept of private addresses in IPv6, which means farewell to the Managed NAT Gateway and its magnificent pricing.

Maybe not in AWS, but there are Unique Local IPv6 addresses in fc00::/7 and NAT66 if you really love NAT!

apparentorder · 2 years ago
Yeah, I was referring to AWS; I should have made that clear. ULA is frequently discouraged though, and NAT66, well ... just no.

I just recently heard that MS apparently has built everything IPv6 on Azure around NAT. This is so weird.

apparentorder commented on AWS Customers Cannot Escape IPv4   tty.neveragain.de/2023/09... · Posted by u/apparentorder
wheybags · 2 years ago
neveragain.de is... a strange choice of domain for a tech blog. It sounds like a holocaust memorial site.
apparentorder · 2 years ago
This domain is very, very old and at that time, the phrase wasn't usually associated like it is today. Not sure what to do about that.
apparentorder commented on AWS Customers Cannot Escape IPv4   tty.neveragain.de/2023/09... · Posted by u/apparentorder
Hikikomori · 2 years ago
There's one viable solution to be able to run IPv6 only subnets in AWS, their (or your own) NAT gateways support v6->v4 NAT. So it allows you to create large IPv6 only subnets for your compute services (ec2, ecs, k8s, elb, all supports that), allowing your containers to scale without worrying about IP addresses. Then you use dual stack subnets for other AWS services that may not support IPv6 and your compute services can access them through the NAT gateway.
apparentorder · 2 years ago
ECS, ELB and most other services do not support IPv6-only subnets, as mentioned in the article.

ECS does support dual-stack IPv6, but most other services do not support IPv6 at all.

apparentorder commented on AWS Customers Cannot Escape IPv4   tty.neveragain.de/2023/09... · Posted by u/apparentorder
solatic · 2 years ago
Half the reason AWS has leading IPv6 support in the first place is due to mandates from the US government to start migrating. Author is correct that, from a cost perspective, the new costs are immaterial to large customers, but I wouldn't discount the power of policy mandates from the largest customers, where the threat of building an in-house alternative to comply with policy might be sufficient to force AWS to finally prioritize support.
apparentorder · 2 years ago
Indeed. I really don't like the thought, but I more and more believe that there is no other way to incentivize IPv6 at the "server side". The client (end user) side seems to do well, considering that Google reports IPv6 end user traffic of almost 50% these days.
apparentorder commented on AWS Customers Cannot Escape IPv4   tty.neveragain.de/2023/09... · Posted by u/apparentorder
alias_neo · 2 years ago
Off topic: Does anyone know if this page is generated from a Static-Site generator starting from Markdown?

I currently use Hugo and my blog is in Markdown in git, but the theme is pretty heavy-weight, and I like this look of the page in OP; Looking at the source, it's so minimal!

apparentorder · 2 years ago
Yes, it's Markdown and I use https://jekyllrb.com with the theme "jekyll-theme-hacker" to generate the site. I quite like how simple it is.
Posted by u/apparentorder 2 years ago
AWS Customers Cannot Escape IPv4tty.neveragain.de/2023/09...
a

u/apparentorder

KarmaCake day133September 18, 2023View Original