I get an IPv6 address from my ISP (a /56 I believe), but I wish there was some good information on how to update my OpenWRT VLAN configuration, routing, and firewall rules to be able to support native IPv6 on my devices. Would love to be able to have direct IPv6 connections to the internet from my devices, but I want to make sure I can do it safely.

You only need to set nothing and it should setup ipv6 on all downstream vlan interfaces. For static prefix I'd you can set ip6hint per vlan interface. For each vlan interface you need a stanza in the DHCP config file. And regarding firewall, as with the default lan zone you might need to add new zones with the vlan interfaces and configure forwarding rules. That's it.

This was surprisingly complicated for me on Altice/Optimum, which is why my home didn't have IPv6 for a while even after they started provisioning.

We actually have a /128 address only, and had to tweak several settings including enabling IPv6 masquerading (NAT).

I haven't the slightest clue why they didn't give us a block.

Yeah, I'm in the same boat. I like the idea of being able to remotely connect to anything on my network, but I know just enough about networking to be dangerous, and don't trust my self to set it up securely, so I have IPv6 disabled on my router. With IPv4, it's physically impossible to mess up the firewall and NAT settings enough to make local devices public.

It's honestly not that hard. Tell your router to reject new inbound connections from the WAN interface, and you're done.

You have to do the exact same thing to make sure inbound connections aren't possible on v4 (even with NAT in the picture), so you might well have already done this or got it from the default ruleset. Plus it's trivial to test, by attempting to connect from another network.

From https://opensource.org/osd:

> 6. No Discrimination Against Fields of Endeavor > > The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.

A non-commercial clause is a discrimination against a field of endeavor and thus non-open-source. The license cannot restrict how the user is able to *use* the software and still be open source. There can however be requirements to distribute the source code when distributing the software, ala GPL.

The power of correlating your real ID with your browsing activity on the internet.

I mean, as much as I don't want the Government to be able to do that, I don't want private industry to be able to do that even more tbh. Though both options are pretty horrendous privacy-wise.

Until recently I felt the opposite way -- what they could do with that was more targeted advertising. The government currently in power is demonstrating that they can do far worse, and plans to.

They also have the guarantee that the code licensed under the GPL, and all future enhancements to it, will remain free software. The same is not true of the MIT license's weak-copyleft.

As far as I know, all the (L)GPL does is make sure that if A releases some code under it, then B can't release a non-free enhancement without A's permission. A can still do whatever they want, including sell ownership to B.

Neither GPL nor MIT (or anything else) protects you against this.

(EDIT) scenario: I make a browser extension and release v1 under GPL, it becomes popular and I sell it to an adtech company. They can do whatever they want with v2.

My keepass database has around 400 different entries in it. If I needed to transfer to a new password manager, it's not feasible to go around to 400 different sites to register new passkeys. In case one might say the answer to that is oauth, I'm also not interested in putting my faith in Google/Microsoft/Apple being benevolent arbiters of my ability to access my accounts.

You could put your faith in LastLogin: https://lastlogin.net

It's great to see more git documentation, and I have a lot of respect for Beej's Guide to Network Programming. However he really needs to work on his commit hygiene. I get that this is a one-man project, but still it's pretty atrocious: https://github.com/beejjorgensen/bggit/commits/main/. This does not set a good example.

I usually refer people to https://cbea.ms/git-commit/.

I think technical people understand the mechanics of using Passkeys, having them backed up to multiple devices etc, but there's no way my 70 year old father is going to be able to understand that. He barely knows the difference between the computer login and his gmail login. My parents are also not wealthy-enough to have Apple take care of all of this for them. He has a hand-me-down Linux laptop because all he needs is Google Chrome. Thankfully I've been able to teach my parents to write down their passwords in a password book.

I can't tell you how many times I've ask my father "what's your google password" and he says "I don't have a google password". I like the idea of eliminating passwords, but inevitably his phone is going to break or his computer is going to crash and he needs a way to recover.

The password book of every person around me become awful over time. They don’t distinguish between uppercase and lowercase, they write bad notes, most of the content is outdated, sometimes there duplicates and overall cause me more headache than anything.

I hate password books. I don’t have a better solution though.

For now, I teach them to use chrome password manager for now and log in their chrome account when they need help. It sucks too. But at least I don’t get angry with their notes.

A box of index cards with alphabetical tabs is a step up. That way you can update entries without making the book a mess.

But it's a small step.

So do I, but this is annoying because I need to have physical access to both of the keys when setting up 2FA on an account, or hope that I remember to add the backup yubikey when I get back home.

Bah, not open source, rather BSL licensed. Stop it with the open-washing already!

Computer security is hard, and I think a "security label" would give a false sense of safety. Requiring manufacturers to respond to critical security vulnerabilities for a given period of time sounds like a good idea, but such rules often have unintended side-effects (like impacting startups, who maybe couldn't afford the certification or can't guarantee long term support). What we really need is local-only device access, so that I can firewall a device off completely from the internet, and still make full use of it with a local controller like home assistant. Locking down devices with the threat of DMCA violations to reverse-engineers actively reduces device security, and takes away my ability to fix devices myself.

This overall strikes me as much lower priority than the currently ongoing ATSC 3.0 DRM doom. Please please please do something about this nightmare that broadcasters are imposing on the public. Don't let broadcasters take away my ability to watch live TV without an internet connection (resulting in a complete emergency broadcast system failure?). Don't let broadcasters take away my ability to record/time-shift live TV using software-based DVRs (e.g. Plex, Jellyfin), which could never possibly meet the "Nextgen TV" certification requirements!