Merge branch 'master' into new-design
5
Makefile
|
@ -7,7 +7,7 @@ pull:
|
|||
git pull
|
||||
|
||||
publish: pull build permissions
|
||||
rsync -av $(BUILDDIR)/ $(DESTINATION)
|
||||
rsync -av --exclude .lektor/ $(BUILDDIR)/ $(DESTINATION)
|
||||
|
||||
permissions: build
|
||||
find $(BUILDDIR) -type f -exec chmod 0644 {} \;
|
||||
|
@ -15,3 +15,6 @@ permissions: build
|
|||
|
||||
build:
|
||||
lektor build -O $(BUILDDIR)
|
||||
|
||||
clean:
|
||||
rm -rf $(BUILDDIR)
|
BIN
assets/u/image/favicon.ico
Normal file
After Width: | Height: | Size: 1.1 KiB |
BIN
content/u/blackipv6friday.png
Normal file
After Width: | Height: | Size: 9 KiB |
|
@ -0,0 +1,55 @@
|
|||
title: via-ipv6.com: enabling IPv4 sites for IPv6 only networks
|
||||
---
|
||||
pub_date: 2019-10-17
|
||||
---
|
||||
author: Nico Schottelius
|
||||
---
|
||||
twitter_handle: NicoSchottelius
|
||||
---
|
||||
_hidden: no
|
||||
---
|
||||
_discoverable: yes
|
||||
---
|
||||
abstract:
|
||||
We launched via-ipv6.com to enable legacy (IPv4) sites in IPv6 only networks
|
||||
---
|
||||
body:
|
||||
|
||||
Have you ever been in an IPv6 only network and wanted to reach IPv4
|
||||
sites without NAT64?
|
||||
|
||||
Inspired by talks at [RIPE79](https://ripe79.ripe.net), I decided to
|
||||
give it a try, whether we can easily expose some IPv4 only sites with
|
||||
a proxy to the IPv6 Internet.
|
||||
|
||||
Turns out, using a bit of nginx magic and an
|
||||
[IPv6 only VM](https://ipv6onlyhosting.com/) with NAT64 this is
|
||||
actually not too hard.
|
||||
|
||||
## How it works
|
||||
|
||||
First of all, all sites are enabled on a site-by-site basis, so this
|
||||
is not a generic IPv6-to-IPv4 proxy.
|
||||
|
||||
For every "site", be it Hackernews, Twitter or Reddit, I created a
|
||||
subdomain below **via-ipv6.com** like:
|
||||
|
||||
* [reddit.via-ipv6.com](https://reddit.via-ipv6.com)
|
||||
* [twitter.via-ipv6.com](https://twitter.via-ipv6.com)
|
||||
* [hackernews.via-ipv6.com](https://hackernews.via-ipv6.com)
|
||||
|
||||
Each of the sites have their own SSL certificate, not the one used by
|
||||
the actual site. The reason for this is that I needed the client to
|
||||
access the proxy instead of failing to access the site (like
|
||||
reddit.com) by not finding an AAAA entry.
|
||||
|
||||
The disadvantage of this is that I have to decrypt and re-encrypt the
|
||||
traffic. So while I am not interested in your data, I advise to use
|
||||
this service knowing that the TLS connection is decrypted and
|
||||
reencrypted on the path.
|
||||
|
||||
## List of sites
|
||||
|
||||
You find the current list of sites on
|
||||
[via-ipv6.com](https://via-ipv6.com). If you would like to have
|
||||
another site added, just ping me on [IPv6.chat](https://IPv6.chat).
|
100
content/u/blog/free-ipv6-vpn-for-hackerspaces/contents.lr
Normal file
|
@ -0,0 +1,100 @@
|
|||
title: Free IPv6 VPN for hackerspaces
|
||||
---
|
||||
pub_date: 2019-11-08
|
||||
---
|
||||
author: Nico Schottelius
|
||||
---
|
||||
twitter_handle: NicoSchottelius
|
||||
---
|
||||
_hidden: no
|
||||
---
|
||||
_discoverable: yes
|
||||
---
|
||||
abstract:
|
||||
From today on ungleich offers free, encrypted IPv6 VPNs for hackerspaces
|
||||
---
|
||||
body:
|
||||
|
||||
## TL;DR
|
||||
|
||||
If you are a hackerspace and you want to hack/work/have fun with IPv6,
|
||||
send an email to **ipv6hackerspace -at- ungleich.ch** with your
|
||||
[public wireguard
|
||||
key](https://redmine.ungleich.ch/projects/open-infrastructure/wiki/The_ungleich_VPN_infrastructure#Sample-clustomer-client-configuration)
|
||||
plus a short description of your hackerspace and get an IPv6 VPN for free.
|
||||
|
||||
## The world belongs to geeks...
|
||||
|
||||
"...because nobody else wants it." was a slogan I've once read on a
|
||||
mug. True or not, fact is that we geeks and hackers are the ones
|
||||
who live in the Internet, create many of its backbone technologies and
|
||||
always fight for a better version of it (with varying degree of
|
||||
success...).
|
||||
|
||||
|
||||
## How the Internet was supposed to be
|
||||
|
||||
The Internet was built to foster communication, research and exchange
|
||||
of ideas. With the tranformation to a commercial driven network and
|
||||
the exhaustion of IPv4 addresses we changed the way how we use the
|
||||
Internet: instead of exchanging data directly with each other, we use
|
||||
intermediate cloud services. Instead of being able to publish
|
||||
information on any computer, we are hidden by multiple levels of NAT.
|
||||
|
||||
We have moved far away from the original idea of the Internet, it's
|
||||
time to take back control.
|
||||
|
||||
## Using IPv6 to change the game, now
|
||||
|
||||
With IPv6 we geeks are back in the game, can launch services as we
|
||||
like, be reachable under the same IPv6 address world wide, can even
|
||||
carry around our networks and offer them as a service when we visit
|
||||
other places.
|
||||
|
||||
The values of [team ungleich](https://ungleich.ch) are pretty much
|
||||
aligned with the hacking community (in fact, we run a [Hacking
|
||||
Hotel](https://hack.digitalglarus.ch/hacking-and-living-in-hotel-diesbach.html)
|
||||
in [Digital Glarus](https://digitalglarus.ch/)). Our job at ungleich
|
||||
is to **enable people to do stuff**, so we decided it is time to
|
||||
enable (other) hackerspaces to join the movement.
|
||||
|
||||
## Why hackerspaces?
|
||||
|
||||
If you read hacking as in "creative use of technology", it is clear
|
||||
that creativity should not be limited. To explore new ways of using
|
||||
the Internet (maybe even [without
|
||||
facebook?](https://code.ungleich.ch/nico/rif)), you need to be able to
|
||||
experiment, to explore, to challenge. We love this groove and
|
||||
want to support this, that's why we support hackerspaces.
|
||||
|
||||
## Why a (wireguard based) VPN?
|
||||
|
||||
We are aware that there are other tunnel providers and technologies out
|
||||
there and that is a good thing. The reasons why we opted for a
|
||||
[Wireguard VPN based solution](https://ipv6vpn.ch) are following:
|
||||
|
||||
* wireguard: it's very easy and slim and does not require IPv4 inside
|
||||
the tunnel ([which OpenVPN still
|
||||
does](https://ungleich.ch/en-us/cms/blog/2019/09/10/openvpn-vs-wireguard/)). Also
|
||||
it works on "almost any device" including Linux, BSD and niche OS
|
||||
like Windows, macos, iOS and Android.
|
||||
* VPN: work with dynamic IPs, works behind CGNAT
|
||||
|
||||
(feel free to challenge this decision in a discussion on
|
||||
[IPv6.chat](https://IPv6.chat))
|
||||
|
||||
## Getting IPv6 for a hackerspace
|
||||
|
||||
To get IPv6 for your hackerspace, simple write an email to
|
||||
ipv6hackerspace -at- ungleich.ch with a short description of your
|
||||
hackerspace and your public [wireguard](https://www.wireguard.com/)
|
||||
key.
|
||||
|
||||
You can find more information on how to configure wireguard and how to
|
||||
create the public key in the [ungleich redmine
|
||||
wiki](https://redmine.ungleich.ch/projects/open-infrastructure/wiki/The_ungleich_VPN_infrastructure#Sample-clustomer-client-configuration).
|
||||
|
||||
## IPv6 chat
|
||||
|
||||
If you want to stay in touch with us and talk about IPv6 **IRC alike**,
|
||||
you can join us on the [IPv6 chat](https://IPv6.chat).
|
170
content/u/blog/hack-a-job-2019/contents.lr
Normal file
|
@ -0,0 +1,170 @@
|
|||
title: Hack-a-job (2019 edition)
|
||||
---
|
||||
pub_date: 2019-10-08
|
||||
---
|
||||
author: ungleich
|
||||
---
|
||||
twitter_handle: ungleich
|
||||
---
|
||||
_hidden: no
|
||||
---
|
||||
_discoverable: yes
|
||||
---
|
||||
abstract:
|
||||
Hack a job in 42 hours and live in Switzerland afterwards.
|
||||
---
|
||||
body:
|
||||
|
||||
On the 1st of November to 3rd of November the 2019 edition of
|
||||
**Hack-a-job** will take place in the
|
||||
[Hacking Hotel Diesbach, Switzerland](https://hack.digitalglarus.ch/hacking-and-living-in-hotel-diesbach.html).
|
||||
|
||||
## Hack a what?
|
||||
|
||||
We are a team of hackers running the [Data Center
|
||||
Light](https://datacenterlight.ch) at [ungleich](https://ungleich.ch)
|
||||
and we think that hacking to get a job is the right way
|
||||
of finding someone fitting to us.
|
||||
|
||||
## How does it work?
|
||||
|
||||
At Hack-a-job you have one weekend to show your skills. You will be
|
||||
given the choice of three different tasks and you choose one of them.
|
||||
You then have 42 hours to do your best to solve the task. During these
|
||||
42 hours, we will coach you and direct you into the right direction.
|
||||
|
||||
During that time, food and drinks will be provided.
|
||||
|
||||
After 42h you present your work and in the afternoon of the
|
||||
Sunday, everyone will get direct feedback from the jury.
|
||||
|
||||
## Who can apply?
|
||||
|
||||
At this Hack-a-job edition anybody can apply, who can start working in
|
||||
Switzerland without special work permits. This usually includes
|
||||
|
||||
* citizens of EU/EFTA countries
|
||||
* Swiss citizens
|
||||
|
||||
Checkout
|
||||
|
||||
* https://www.swissinfo.ch/eng/work-permits/29191706
|
||||
* https://www.sem.admin.ch/dam/data/sem/eu/fza/broschueren/blau-europaeer-in-ch-e.pdf
|
||||
|
||||
for more details.
|
||||
Unfortunately we cannot offer anyone from
|
||||
"third states" to participate, as this has complicated and partially
|
||||
impossible constraints for hiring attached. If you are a creative mind
|
||||
and can convice us that you can be hired nonetheless - this might be a
|
||||
good chance for earning first points.
|
||||
|
||||
You should be at least 18 years old to participate.
|
||||
|
||||
Go [to the application page for registering!](https://survey.ungleich.ch/2/).
|
||||
|
||||
## Who gets the job?
|
||||
|
||||
**Up to two people** can stay and to join our team.
|
||||
The criteria for evaluation can be seen below.
|
||||
|
||||
We promise to be fair, however joining Hack-a-job does not mean
|
||||
you get the job.
|
||||
|
||||
### Degree of success
|
||||
|
||||
How much of the task did you get done?
|
||||
Is it solved
|
||||
|
||||
* not at all
|
||||
* partially
|
||||
* mostly
|
||||
* fully
|
||||
|
||||
?
|
||||
|
||||
### Cleanliness of the solution
|
||||
|
||||
Is your solution
|
||||
|
||||
* documented?
|
||||
* easy to understand?
|
||||
* using best practice?
|
||||
|
||||
### Creativity of the solution
|
||||
|
||||
Did you think out-of-the-box? Are you employing smart solutions?
|
||||
|
||||
### Sustainability / Unix Philosophy
|
||||
|
||||
How much did you think about running your application for longer?
|
||||
Did you follow the unix philosophy?
|
||||
|
||||
### Communication
|
||||
|
||||
Work is only worth something, if other team members can work with
|
||||
you. How do you communicate with the mentors?
|
||||
How do you present your solution?
|
||||
|
||||
## What if I win?
|
||||
|
||||
The winner(s) of Hack-a-job are getting offered the following:
|
||||
|
||||
* A 1 year contract with ungleich, likely to be extended
|
||||
* A monthly pre-tax salary of 2'500 CHF
|
||||
* A paid stay in the Hacking Hotel with native IPv6 10 Gbit/s network
|
||||
* A halb tax (half fare) card for Swiss trains
|
||||
|
||||
Additionally you can request to be reimbursed for the travel expenses
|
||||
to Hack-a-Job.
|
||||
|
||||
## What if I don't win?
|
||||
|
||||
Then you probably will take home a lot of new knowledge and you will
|
||||
get a certificate for participation. Also you get a good feeling for
|
||||
being one of the 6 people that were invited in the first place.
|
||||
|
||||
## How to prepare?
|
||||
|
||||
We recommend to refresh your knowledge of the following topics prior
|
||||
to participation:
|
||||
|
||||
* Python3: you should be able to code mildly complex programs
|
||||
* HTTP / REST: you should be able to talk REST
|
||||
* Networking: Basic knowledge of IPv6 (including multicast), VLAN and
|
||||
VXLAN
|
||||
* Storage: knowledge of Ceph of advantage ("how to build a small cluster")!
|
||||
* OS: knowledge of either Linux or BSD, Unix commandline, Shell
|
||||
scripting
|
||||
|
||||
### What to bring?
|
||||
|
||||
You need to bring yourself, a working computer (including
|
||||
wifi) with either Linux or BSD on it and a sleeping bag.
|
||||
|
||||
## The schedule
|
||||
|
||||
* 2019-10-08: Openning of CfP
|
||||
* 2019-10-20: midnight UTC: close of CfP
|
||||
* 2019-10-22: Notification of invitation
|
||||
* 2019-11-01 1300 to 1600: Hacking Hotel opens for arrival and registration
|
||||
* 2019-11-01 1600 to 1700: Introduction of the three tasks
|
||||
* 2019-11-01 1700 to 2019-11-03-1100: Hack-a-Job main event!
|
||||
* 2019-11-03 1100 to 1300: Presentations
|
||||
* 2019-11-03 1300 to 1500: Final lunch
|
||||
* 2019-11-03 1300 to 1500: Jury meeting
|
||||
* 2019-11-03 1500: Presentation of jury ratings and notification of winner(s)
|
||||
|
||||
## The location
|
||||
|
||||
Hack-a-Job will be held in the
|
||||
[Hacking
|
||||
Hotel](https://hack.digitalglarus.ch/hacking-and-living-in-hotel-diesbach.html)
|
||||
in Switzerland, 8777 Diesbach, Hauptstrasse 28. The nearest train
|
||||
station is **Diesbach-Betschwanden**.
|
||||
|
||||
## More information
|
||||
|
||||
You can get in touch with us via
|
||||
|
||||
* email: info at ungleich.ch
|
||||
* chat: [chat.ungleich.ch](https://chat.ungleich.ch)
|
20
content/u/blog/hacking-an-ipv6-based-chat-system/contents.lr
Normal file
|
@ -0,0 +1,20 @@
|
|||
title: Hacking an IPv6 based chat system (WIP)
|
||||
---
|
||||
pub_date: 2019-10-13
|
||||
---
|
||||
author: Nico Schottelius
|
||||
---
|
||||
twitter_handle: NicoSchottelius
|
||||
---
|
||||
_hidden: yes
|
||||
---
|
||||
_discoverable: no
|
||||
---
|
||||
abstract:
|
||||
The strength of IPv6 is to allow direct connections between devices.
|
||||
Let's explore how one could build a fully decentralised chat system.
|
||||
---
|
||||
body:
|
||||
|
||||
As you might know, recent events in
|
||||
[Hong Kong](/u/blog/how-ipv6-can-help-protesters-in-honk-kong)
|
|
@ -0,0 +1,89 @@
|
|||
title: How IPv6 can help protesters in Hong Kong
|
||||
---
|
||||
pub_date: 2019-10-08
|
||||
---
|
||||
author: Nico Schottelius
|
||||
---
|
||||
twitter_handle: NicoSchottelius
|
||||
---
|
||||
_hidden: no
|
||||
---
|
||||
_discoverable: yes
|
||||
---
|
||||
abstract:
|
||||
Protesters in HK encountered communcation disruption by Apple.
|
||||
This article shows how this can be avoided by using IPv6.
|
||||
---
|
||||
body:
|
||||
|
||||
Recently
|
||||
Apple decided to [remove a central
|
||||
app for communication in Hong
|
||||
Kong](https://www.bbc.com/news/technology-49919459), just
|
||||
[to add it later
|
||||
again](https://www.bbc.com/news/technology-49961149).
|
||||
|
||||
With this move Apple effectively disrupted the communication between
|
||||
people demonstrating in Hong Kong and at the same time endangered
|
||||
those who wanted to protect themselves from violance on the streets.
|
||||
|
||||
In this article I want to show how this problem can be mitigated by
|
||||
the use of IPv6.
|
||||
|
||||
## The core problem: centralisation
|
||||
|
||||
The main problem is that we depend on centralised
|
||||
services. One of the questions is, why do we depend on centralised
|
||||
services at all? The reason for this is that there are not enough IPv4
|
||||
addresses and for that reason we use NAT to hide multiple devices
|
||||
behind one IPv4 address. Wait what? Let's take it a bit slower.
|
||||
|
||||
## How NAT works
|
||||
|
||||
In the old times of the Internet, every device in the Internet used to
|
||||
have a public IPv4 address. However when the number of devices began
|
||||
to exceed amount of officially available IPv4 addresses, NAT was
|
||||
introduced and it works as follows:
|
||||
|
||||
![IPv4 NAT](/u/ipv4nat.png)
|
||||
|
||||
Many devices are hidden behind one Public IP address. So for a phone
|
||||
to communicate with another phone, it needs to connect via a
|
||||
central, publicly available IPv4 server. So in the end, the complete
|
||||
picture looks as follows:
|
||||
|
||||
![IPv4 Double NAT](/u/ipv4doublenat.png)
|
||||
|
||||
|
||||
## How IPv6 solves the problem
|
||||
|
||||
In the IPv6 world, there are enough IP addresses available.
|
||||
So every device, every smart phone, every alarm clock, every computer
|
||||
can have a public IP address. Because every device can have a public
|
||||
IPv6 address, they can communicate directly with each other:
|
||||
|
||||
![IPv6 direct connections](/u/ipv6direct.png)
|
||||
|
||||
## How to communicate with IPv6?
|
||||
|
||||
So how does it look like with IPv6? Instead of relying on a central
|
||||
entity (Apple in this case), you can directly connect to the phone of
|
||||
your friends. This way, you could even use your standard browser like
|
||||
Firefox, Chrome or Safari to write a message to your friend's phone.
|
||||
|
||||
## So, what to do now?
|
||||
|
||||
At the moment IPv6 is picking up pace in deployment and ISPs
|
||||
everywhere in the world are moving forward with it.
|
||||
However, if you do not have IPv6 connectivity,
|
||||
[ungleich provides IPv6 VPNs](https://ungleich.ch/ipv6/vpn/) that
|
||||
enable you world wide to have IPv6.
|
||||
If you are an application developer, I urge you to checkout whether
|
||||
your application supports IPv6, because in the future you might enable
|
||||
people to talk to each other, just by supporting IPv6 now already.
|
||||
|
||||
## More IPv6
|
||||
|
||||
If you are interested in IPv6, we invite you to join the [IPv6
|
||||
chat](https://IPv6.chat) or [follow us on
|
||||
Twitter](https://twitter.com/ungleich).
|
144
content/u/blog/how-ipv6-changes-the-world/contents.lr
Normal file
|
@ -0,0 +1,144 @@
|
|||
title: How IPv6 changes the world already
|
||||
---
|
||||
pub_date: 2019-11-16
|
||||
---
|
||||
author: ungleich
|
||||
---
|
||||
twitter_handle: ungleich
|
||||
---
|
||||
_hidden: no
|
||||
---
|
||||
_discoverable: yes
|
||||
---
|
||||
abstract:
|
||||
Let's dive into the changes caused by IPv6
|
||||
---
|
||||
body:
|
||||
|
||||
So we had all those nice, theoretical articles about
|
||||
how IPv6 **could** change the future. At ungleich we are already
|
||||
seeing many things changing and for that reason we start this series
|
||||
of blog articles about how IPv6 changes the world.
|
||||
|
||||
## The Base Claims
|
||||
|
||||
When starting a series of blog entries about how IPv6 changes the
|
||||
world, there are some assumptions and general understandings. In this
|
||||
article we will try to illustrate what we think is already given.
|
||||
|
||||
## Claim 1: Everyone can have IPv6 connectivity
|
||||
|
||||
We know that not every ISP provides IPv6 connectivity yet, but that
|
||||
is really not a show stopper for IPv6 connectivity. We have even
|
||||
written an [blog article about how to get
|
||||
IPv6](https://ungleich.ch/en-us/cms/blog/2019/02/05/how-to-get-ipv6/)
|
||||
and our conclusion is: **everyone can have IPv6 connectivity**.
|
||||
|
||||
If you are missing options there, give us a shout, we are glad to
|
||||
add them. Point being, we are very confident saying there is nobody
|
||||
who cannot have IPv6 connectivity anymore. We even offer
|
||||
[free IPv6 connectivity to hacker spaces](https://ungleich.ch/u/blog/free-ipv6-vpn-for-hackerspaces/).
|
||||
|
||||
If you very much disagree with us, we are open to be challenged by you.
|
||||
|
||||
## Claim 2: Everyone can host content IPv6 reachable
|
||||
|
||||
If you are in the content or publishing business, you can easily have
|
||||
your content reachable by IPv6. All bigger
|
||||
[CDNs](https://en.wikipedia.org/wiki/Content_delivery_network) support
|
||||
IPv6 and even if you happen to host on an IPv4 only web hoster,
|
||||
there is
|
||||
[via-ipv6.com](https://ungleich.ch/u/blog/enabling-ipv4-only-sites-for-ipv6-only-networks/),
|
||||
a proxy service enabling all your IPv4 content by IPv6.
|
||||
|
||||
And we don't
|
||||
say you should be using that service, you can also easily build it
|
||||
yourself: you can use any IPv6 only VM and you can setup a proxy for
|
||||
yourself.
|
||||
|
||||
## Claim 3: The world is now really moving towards IPv6
|
||||
|
||||
We know, there was this very, very unfortunate miscommunication many
|
||||
years ago that we already ran out of IPv4 addresses. That was
|
||||
only IANA running out of blocks to assign to the RIRs, however the
|
||||
RIRs
|
||||
([RIPE](https://www.ripe.net/),
|
||||
[APNIC](https://www.apnic.net/),
|
||||
[AFRINIC](https://www.afrinic.net/),
|
||||
[lacnic](https://www.lacnic.net/) and
|
||||
[ARIN](https://www.arin.net/)) did have plenty of IPv4 addresses
|
||||
left. This situation changed since 2011 and now
|
||||
ARIN is really out of IPv4, RIPE
|
||||
is likely to run out of IPv4 in 2019. LACNIC and
|
||||
AFRINIC are soon (probably 2020) to follow. APNIC on the other hand is already having a **per resource
|
||||
fee**, which let it run out of IPv4 slower.
|
||||
|
||||
But, and there is the big but: APNIC slowing down the IPv4 run out has
|
||||
a cost. And the cost is for companies who are relying on IPv4
|
||||
addresses. So if you are in the APNIC region, you already pay around
|
||||
1800 AUD for a /22 IPv4 network yearly.
|
||||
|
||||
The situation is somewhat similar in the regions that are running out
|
||||
of IPv4, only that you need to buy or lease your IPv4 space there from
|
||||
some market. The price for an IPv4 address is around $25 at the
|
||||
moment, so if you were to buy a /22 IPv4 network, you would have to
|
||||
spend more than $25'000. And this is not feasible for most SMB.
|
||||
|
||||
Even if you don't acquire IP addresses directly from a RIR and
|
||||
run your service on a
|
||||
[cloud like GCP, you begin to pay more for IPv4
|
||||
addresses now](https://news.ycombinator.com/item?id=20742965).
|
||||
|
||||
So what is the alternative? It clearly is IPv6. Not because
|
||||
there are many IP addresses in IPv6, but because
|
||||
**IPv6 is affordable**.
|
||||
|
||||
So in short, why the world now really moves to IPv6:
|
||||
|
||||
* IPv4 now becomes a real cost factor
|
||||
* It is not easy to acquire additional IPv4 space anymore
|
||||
* IPv6 is economically more feasible
|
||||
* We take the way of the least resistance, which is now IPv6
|
||||
|
||||
## Claim 4: IPv6 will re-enable end users
|
||||
|
||||
Due to the long ongoing IPv4 shortage, we are very much used to
|
||||
[NAT](https://en.wikipedia.org/wiki/Network_address_translation). Some
|
||||
people even believe that private IPv4 addresses are more secure,
|
||||
which, generally speaking, is a bogus claim. You still need a
|
||||
firewall, as you do with IPv6.
|
||||
|
||||
The bigger problem with private IPv4 addresses is that users have been
|
||||
taught that they cannot reach each other directly. And this eventually
|
||||
led to the rise of cloud services, because people were unable to reach
|
||||
each other or to exchange data directly.
|
||||
|
||||
The Internet was built with the idea that everyone can reach everyone
|
||||
else directly. NAT was only introduced due to the shortage of IPv4
|
||||
addresses.
|
||||
|
||||
With the advent of IPv6, there are many "new old" ways of how we can
|
||||
work together.
|
||||
|
||||
## Claim 5: End users start to care
|
||||
|
||||
Directly following from claim 3 & 4 and also something that we noticed
|
||||
happening in 2019: Real end users start to care about IPv6. The amount
|
||||
of tweets on Twitter containing
|
||||
[#ipv6](https://twitter.com/search?q=%23ipv6) is growing and people
|
||||
are asking more vendors more often to support IPv6 on their
|
||||
infrastructure (like here for
|
||||
[discord](https://www.reddit.com/r/ipv6/comments/dx94ty/discord_users_petition_for_ipv6_support_in_discord/)).
|
||||
|
||||
|
||||
## The changes of IPv6 to the world
|
||||
|
||||
In the next articles we will describe some real, practical changes of
|
||||
what we use and how we can work differently with IPv6. If you already
|
||||
have suggestions, we are happy to read them on **ipv6 at ungleich.ch**
|
||||
or on the [IPv6 Chat](https://IPv6.chat).
|
||||
|
||||
Meanwhile, if you are
|
||||
interested in giving IPv6 only VPS a try, there is a 50% discount only
|
||||
until [Black IPv6
|
||||
Friday](https://swiss-crowdfunder.com/campaigns/black-ipv6-friday?locale=en).
|
121
content/u/blog/how-ipv6-saves-you-money/contents.lr
Normal file
|
@ -0,0 +1,121 @@
|
|||
title: How using IPv6 saves money
|
||||
---
|
||||
pub_date: 2019-11-18
|
||||
---
|
||||
author: ungleich
|
||||
---
|
||||
twitter_handle: ungleich
|
||||
---
|
||||
_hidden: no
|
||||
---
|
||||
_discoverable: yes!
|
||||
---
|
||||
abstract:
|
||||
It's not a question of ideologcy or technology, but of resources.
|
||||
---
|
||||
body:
|
||||
|
||||
Today we focus on one of the very obvious effects of IPv6: saving
|
||||
resources and thus money. This post is part of the
|
||||
[how IPv6 changes the world](/u/blog/how-ipv6-changes-the-world/)
|
||||
series.
|
||||
|
||||
|
||||
## The general way of saving money with IPv6
|
||||
|
||||
Economically, the less of something exists, the more expensive it
|
||||
is. There is only one Mona Lisa and that one is quite
|
||||
expensive. Similar if you move out of a city
|
||||
(like to
|
||||
[Digital
|
||||
Glarus](https://hack.digitalglarus.ch/hacking-and-living-in-hotel-diesbach.html)),
|
||||
rent become more affordable.
|
||||
|
||||
As stated in the previous post, it has gotten quite expensive for companies
|
||||
to acquire IPv4 address space and
|
||||
[the prices are
|
||||
rising](https://www.retevia.net/address-pricing-2019-and-beyond/).
|
||||
Compared to what we paid 2 years ago, the
|
||||
**market price is now 600% as high**.
|
||||
|
||||
So as a company like us, when the cost is rising, we transparently
|
||||
forward the price increase to the end users to stay profitable.
|
||||
|
||||
So if you opt out of IPv4, we don't need to buy more space and neither
|
||||
of us needs to spend money on it.
|
||||
|
||||
## Most services work without IPv4
|
||||
|
||||
And this brings me to the question of what one can do without an
|
||||
explicit IPv4 address. And the answer is: almost everything you could
|
||||
do with an IPv4 address.
|
||||
|
||||
Here at ungleich we spent quite some time to allow a seamless
|
||||
migration to an IPv4 free world:
|
||||
|
||||
* If you want your server to be reachable from the IPv4 Internet,
|
||||
you can use our [IPv4-to-IPv6
|
||||
Proxy](https://redmine.ungleich.ch/projects/open-infrastructure/wiki/How_to_use_the_IPv4-to-IPv6-Proxy),
|
||||
which even works with HTTPS.
|
||||
* If you want to access something via IPv6, but you don't have IPv6
|
||||
connectivity, we can provide you with an [IPv6
|
||||
VPN](https://ipv6vpn.ch), which works even through CGNAT. It is also
|
||||
free, if you have any VPS running from [IPv6OnlyHosting](https://ipv6onlyhosting.com).!
|
||||
|
||||
There are rare exceptions of things that do not yet fully work, but
|
||||
we even work on these cases.
|
||||
|
||||
## Saving money #1: IPv6 only VPS
|
||||
|
||||
One of the most obvious gains is, if you decide to go with
|
||||
[IPv6 only VPS](https://ipv6onlyhosting.com/), because there you are
|
||||
directly rewarded more affordable prices.
|
||||
|
||||
Be it Google, ungleich or our friends at
|
||||
[mythic beasts](https://www.mythic-beasts.com/), we are all in the
|
||||
same situation that IPv4 addresses cost us money.
|
||||
|
||||
As a user, you even have the ability influence this
|
||||
development: the more IPv6 only services you consume and the less you
|
||||
rely on IPv4, the more it becomes the standard and the less everyone
|
||||
is depending on IPv4. It's a positive feedback cycle.
|
||||
|
||||
## Saving money #2: Going IPv6 only
|
||||
|
||||
Another very simple case is the network management in SMB and even
|
||||
enterprises. The bigger you are, the more networks you have to manage
|
||||
and in our experience, dual stack networks (IPv6+IPv4) are no fun to
|
||||
maintain and have rather high complexity when it comes to security /
|
||||
ACLs/ firewalling.
|
||||
|
||||
However you will need IPv6 in your network eventually anyway. So the
|
||||
strategy that we recommend is to switch directly to IPv6 only
|
||||
networks.
|
||||
|
||||
This way your network planning becomes significantly easier, also in
|
||||
comparison to IPv4 networks. You don't have to spend a lot of time
|
||||
into network planning anymore, as you can use a /64 for every
|
||||
individual networks.
|
||||
|
||||
This way you reduce complexity and are future proven at the same time.
|
||||
|
||||
## Saving money #3: Not using the cloud
|
||||
|
||||
Another interesting aspect with IPv6 is to avoid cloud services at
|
||||
all. Instead of uploading your data somewhere and having somebody else
|
||||
downloading it again, you can easily share data or communicate with
|
||||
other employees directly using IPv6.
|
||||
|
||||
## Saving money #4: The IPv6 Black Friday
|
||||
|
||||
At the moment we run a special IPv6 promotion campaign
|
||||
named [Black IPv6
|
||||
Friday](https://swiss-crowdfunder.com/campaigns/black-ipv6-friday?locale=en)
|
||||
at which you can even get up to 50% discount on the already more
|
||||
affordable IPv6 only products.
|
||||
|
||||
## More money saving?
|
||||
|
||||
If you think we missed an opportunity to save money with IPv6, let us
|
||||
know on the [IPv6 Chat](https://ipv6.chat) and we will add the hint
|
||||
for others.
|
|
@ -2,7 +2,7 @@ title: How to enable IPv6 in applications
|
|||
---
|
||||
pub_date: 2019-09-26
|
||||
---
|
||||
author: Team ungleich
|
||||
author: ungleich
|
||||
---
|
||||
twitter_handle: ungleich
|
||||
---
|
||||
|
|
|
@ -0,0 +1,96 @@
|
|||
title: How to run your browser in the cloud
|
||||
---
|
||||
pub_date: 2019-11-18
|
||||
---
|
||||
author: Nico Schottelius
|
||||
---
|
||||
twitter_handle: NicoSchottelius
|
||||
---
|
||||
_hidden: no
|
||||
---
|
||||
_discoverable: yes
|
||||
---
|
||||
abstract:
|
||||
Finally, freeing my notebook from memory and CPU pressure
|
||||
---
|
||||
body:
|
||||
|
||||
So I have this problem: [no matter which notebook I
|
||||
buy](https://www.nico.schottelius.org/about/computers/), some
|
||||
applications are always to "heavy" for it. Notably running two
|
||||
browsers has so far exhausted the available RAM on my notebook.
|
||||
|
||||
## The Pros and Cons of the cloud
|
||||
|
||||
For many years I have the strict policy to be able to work
|
||||
autonomously with my notebook. So moving parts of what I use to the
|
||||
cloud was rarely an option. I want to be able to work offline.
|
||||
|
||||
However this comes with a drawback that switching the notebook can be
|
||||
a bit cumbersome. So I migrated to a git + nextcloud + imap
|
||||
based setup in which all "small files" (notes, source code, etc.)
|
||||
reside in git repositories and "big files" (photos, videos, etc.)
|
||||
reside in Nextcloud.
|
||||
|
||||
One thing I always want to have locally, are my emails, which I read
|
||||
in [emacs](https://www.gnu.org/software/emacs/)
|
||||
(using [mu4e](https://www.djcbsoftware.nl/code/mu/mu4e.html)).
|
||||
Using mbsync / isync this problem has also been solved - my mails are
|
||||
local and remote.
|
||||
|
||||
## The browser
|
||||
|
||||
While you can make a joke about emacs consuming all my memory (it
|
||||
stands for [Eight Megabytes And Constantly
|
||||
Swapping](https://www.gnu.org/fun/jokes/gnuemacs.acro.exp.html),
|
||||
doesn't it?), the real problem are actually browsers. It was a problem
|
||||
on my 256MB RAM notebook in 1998 with Netscape Navigator, it is still
|
||||
a problem with firefox and chromium and 16GB RAM in 2019.
|
||||
|
||||
Even if you are crazy and upgrade to a 32GB RAM notebook, like I did,
|
||||
you finally become CPU bound! Yes, indeed, the tabs of my browser
|
||||
consume all CPU cores - while it is idling.
|
||||
|
||||
There is an important discussion around why browsers use
|
||||
so many resources and how to optimise this, however this is not the
|
||||
focus of this post...
|
||||
|
||||
|
||||
|
||||
## The browser in the cloud
|
||||
|
||||
Working at [ungleich](https://ungleich.ch), literally less than
|
||||
50 meters away from the [Data Center
|
||||
Light](https://datacenterlight.ch), I was wondering whether or not I
|
||||
can actually use one of our VMs to outsource my browser.
|
||||
|
||||
First check: does it make sense? I use the browser, to browse the web
|
||||
and it is rarely of use in an offline scenario. So it is a possible
|
||||
candidate for moving out of my notebook.
|
||||
|
||||
Second check: how would I access it? I potentially want to be able to
|
||||
access it from anywhere, even without my notebook. Luckily we have
|
||||
recently gained some knowledge about
|
||||
[Apache Guacamole](https://guacamole.apache.org/), which lets me
|
||||
access VNC, RDP and even SSH via the web. Guacamole also supports 2FA,
|
||||
which is a nice add-on.
|
||||
|
||||
Sanity check: So... I can *use a browser to access my browser*
|
||||
in the cloud. Does that actually make sense? And the answer for me is
|
||||
yes, because instead of running many tabs, I only have to run 1 tab
|
||||
locally and can outsource the rest.
|
||||
|
||||
## More in the cloud
|
||||
|
||||
Actually, what happens behind the scenes is that the VM is running VNC
|
||||
(we are also experimenting with XRDP), so I have actually full access
|
||||
to a remote Linux desktop via browser and can even run applications
|
||||
like libreoffice, blender or gimp remotely.
|
||||
|
||||
Because I think it's a cool thing to have, our team at ungleich added
|
||||
it as an offer to our [Black IPv6 Friday
|
||||
Crowdfunding](https://swiss-crowdfunder.com/campaigns/black-ipv6-friday?locale=en).
|
||||
|
||||
Below you can actually see how it looks like:
|
||||
|
||||
![Desktop in the cloud](/u/desktop-small.png)
|
30
content/u/blog/how-to-support-open-source/contents.lr
Normal file
|
@ -0,0 +1,30 @@
|
|||
title: How to support Open Source
|
||||
---
|
||||
pub_date: 2019-10-08
|
||||
---
|
||||
author: Nico Schottelius
|
||||
---
|
||||
twitter_handle: NicoSchottelius
|
||||
---
|
||||
_hidden: yes
|
||||
---
|
||||
_discoverable: no
|
||||
---
|
||||
abstract:
|
||||
How to support Open Source as a hosting company
|
||||
---
|
||||
body:
|
||||
|
||||
## TL;DR
|
||||
|
||||
Anyone who is working on a serious open source project can apply
|
||||
for a free IPv6-VM and free IPv6-VPN.
|
||||
|
||||
|
||||
|
||||
## More information
|
||||
|
||||
You can get in touch with us via
|
||||
|
||||
* email: info at ungleich.ch
|
||||
* chat: [chat.ungleich.ch](https://chat.ungleich.ch)
|
|
@ -0,0 +1,155 @@
|
|||
title: Isn't it too late to build a data center?
|
||||
---
|
||||
pub_date: 2019-10-09
|
||||
---
|
||||
author: ungleich
|
||||
---
|
||||
twitter_handle: ungleich
|
||||
---
|
||||
_hidden: no
|
||||
---
|
||||
_discoverable: yes
|
||||
---
|
||||
abstract:
|
||||
Is it or is it not too late to build a data center?
|
||||
---
|
||||
body:
|
||||
|
||||
The very valid question,
|
||||
[isn't it too late....to build a
|
||||
data center?](https://twitter.com/Mac_S13/status/1181983378100424710)
|
||||
was asked on Twitter and it made our team here in Glarus smile a lot,
|
||||
and we decided to write a blog article about this question.
|
||||
|
||||
## Fiber = the advantage of a data center?
|
||||
|
||||
According to the tweet, the main strength of a data center is fast
|
||||
network connection, or the fiber line that you have. And nowadays,
|
||||
everyone has fast fiber, so it follows that data centers are maybe not
|
||||
needed anymore.
|
||||
|
||||
## TL;DR
|
||||
|
||||
It is not that easy.
|
||||
|
||||
## How to run a data center in reality
|
||||
|
||||
Some time ago we wrote about
|
||||
[How to run a really green
|
||||
data center](https://ungleich.ch/de/cms/ungleich-blog/2019/07/12/how-run-really-green-datacenter/).
|
||||
Admittedly, the question was not about running a **green** data
|
||||
center, so let's dive a bit more into it.
|
||||
|
||||
Running a data center like we do at [Data Center
|
||||
Light](https://datacenterlight.ch) does indeed require a fiber
|
||||
connection. To be precise, actually a couple.
|
||||
|
||||
## How much fiber is enough fiber?
|
||||
|
||||
Don't tell anyone, but geeks are working at ungleich. And according to
|
||||
geeks, there is never enough fiber. But for real, how much fiber is
|
||||
needed? In our case, running a data center at 3 different locations,
|
||||
requires a couple of dark fiber lines and a couple of redundant
|
||||
upstream connections. Using the rule of thumb, let's say we need at
|
||||
least 3 fiber connections:
|
||||
|
||||
* One for location A
|
||||
* One for location B
|
||||
* One to connect locations A and B
|
||||
|
||||
So are three fiber connections enough?
|
||||
|
||||
## What is actually in a data center?
|
||||
|
||||
Maybe the real question is, why would you run a data center at all?
|
||||
Alright, for the geeks of us, "just because I can" is a reason, but
|
||||
let's think about other cases as well. For instance we are running a
|
||||
data center, because we our customers asked us to run one (easy, isn't
|
||||
it?). So some years ago we started buying hardware like switches,
|
||||
servers, SSDs, cables, transceivers, disks, network cards, access
|
||||
points and even much, much more cables.
|
||||
|
||||
And why did we do that? Because we were asked to host virtual machines
|
||||
and data for our existing customers. So if you want to run a data
|
||||
center, you also need a bit of hardware.
|
||||
|
||||
And there comes one of the bigger problems: hardware also needs to be
|
||||
turned on. And if it is on, it actually consumes energy and you do not
|
||||
proper fuses. Not only the ones inside the data center, but also the
|
||||
ones going into the building!
|
||||
|
||||
## So what do you need to run a data center?
|
||||
|
||||
So to run a data center, you need at least
|
||||
|
||||
* enough power (best to be 100% renewable here!)
|
||||
* enough network capacity
|
||||
* enough space
|
||||
|
||||
These are the three base ingredients for a data center. Then the only
|
||||
thing that is left, like for every good menu, is a chef. And in case
|
||||
of a data center, the chef is the team running it. The team that is
|
||||
available all the time, that fixes the network, replaces the disks and
|
||||
servers, etc.
|
||||
|
||||
## Too late or not too late? To be or not to be?
|
||||
|
||||
We would like to rephrase the question a bit, because we actually
|
||||
think the notion of the question was more: **Does it make sense to
|
||||
start a new data center TODAY?**
|
||||
So what is the answer to this seemingly easy to answer question? Does
|
||||
it make sense or not?
|
||||
We want to answer with a crystal clear **yes-and-no** answer.
|
||||
|
||||
### Yes, build a new data center today
|
||||
|
||||
We encourage everyone to actually build their own data center. Get
|
||||
some IPv6 space to your home, get a bit of equipment. Even get some
|
||||
servers. Maybe even some ARM servers to save some energy for a change?
|
||||
|
||||
Build it, like it, maybe even fail at it. It is a great experience to
|
||||
build your own. We strongly believe into decentralisation, so we
|
||||
encourage distributing the Internet more to different places.
|
||||
|
||||
Put all the fun stuff on it. Put your development on it. Don't forget
|
||||
to backup your stuff to somewhere else, though.
|
||||
|
||||
We even invite you to [join our chat](https://chat.ungleich.ch) to ask
|
||||
about how to build a data center and we are more than happy to share
|
||||
our experiences.
|
||||
|
||||
### No, don't build a new data center today
|
||||
|
||||
If you start fresh and you are not with an experienced team and you
|
||||
want to offer services to other people, we dis-recommend building a
|
||||
data center on your own. Taking the responsibility to run things even
|
||||
when you are sick, even when you want to go to holidays, even if it is
|
||||
3am is not very healthy if you are not a team that works well
|
||||
together.
|
||||
|
||||
If you think that the world is already well off with Amazon and co.,
|
||||
it is also not a good idea to build one yourself. You need to be able
|
||||
to stay in the business even though you get questions like "But I can
|
||||
put everything to Amazon - why does it need you?"
|
||||
|
||||
|
||||
## Does fiber at home make data centers redundant?
|
||||
|
||||
And to answer the other implicit question asked: we think that fiber
|
||||
at home actually enables the use of data centers better. So far if
|
||||
your connection was slow, you had to have all your data
|
||||
locally. With fiber at home, you can store your data anywhere (you
|
||||
probably shouldn't, but that is a topic for a different post) and
|
||||
access it quickly.
|
||||
|
||||
|
||||
## More of it?
|
||||
|
||||
If you want to learn more about this topic,
|
||||
you can always get in touch with us as follows:
|
||||
|
||||
* email: info at ungleich.ch
|
||||
* open chat: [chat.ungleich.ch](https://chat.ungleich.ch)
|
||||
|
||||
<!-- LocalWords: SSDs
|
||||
-->
|
|
@ -0,0 +1,119 @@
|
|||
title: How to redirect all ports to one port with nftables
|
||||
---
|
||||
pub_date: 2019-11-07
|
||||
---
|
||||
author: ungleich
|
||||
---
|
||||
twitter_handle: ungleich
|
||||
---
|
||||
_hidden: no
|
||||
---
|
||||
_discoverable: yes
|
||||
---
|
||||
abstract:
|
||||
How to redirect traffic from all (tcp/udp) ports to another port.
|
||||
And why one would want to do that...
|
||||
---
|
||||
body:
|
||||
|
||||
## Motivation
|
||||
|
||||
Sometimes networks (like hotels or airports) block or filter
|
||||
outgoing traffic and thus prevent you to connect to where you want to
|
||||
connect to.
|
||||
Here at [ungleich](https://ungleich.ch) we are travelling quite a lot,
|
||||
but we always want to be able to access the servers of
|
||||
[Data Center Light](https://datacenterlight.ch).
|
||||
|
||||
To be able to do so from anywhere in the world, we needed to
|
||||
ensure that we have some way of connecting to them, even if the
|
||||
network filters traffic to the ssh port (tcp/22).
|
||||
|
||||
While our main motivation was to enable ssh, the example below can be
|
||||
adjusted to any service, including http, https, smtp, ...
|
||||
|
||||
## A solution based on nftables
|
||||
|
||||
As you might know we are
|
||||
[big fans of
|
||||
nftables](https://ungleich.ch/de/cms/ungleich-blog/2018/08/19/iptables-vs-nftables/)
|
||||
and this hotel/airport problem motivated us to once again checkout
|
||||
what we can achieve just with nftables.
|
||||
|
||||
Typically these networks will still allow outgoing traffic on
|
||||
*some ports*, but we don't know *which ports*.
|
||||
So instead of guessing which port we should bind SSH to,
|
||||
we will just use nftables to make ssh available on
|
||||
*all TCP ports*. Simple idea, isn't it?
|
||||
|
||||
## How it works
|
||||
|
||||
To achieve our goal we need to tell nftables to take the traffic that
|
||||
goes to any port that is not our target port, to be redirected to our
|
||||
target part. If you have other services running on the host, you might
|
||||
want to adjust this logic though (see below). The following
|
||||
nftables snippet will already do the job:
|
||||
|
||||
```
|
||||
flush ruleset
|
||||
|
||||
table ip nat {
|
||||
chain prerouting {
|
||||
type nat hook prerouting priority 0;
|
||||
|
||||
tcp dport != 22 redirect to 22
|
||||
}
|
||||
chain postrouting {
|
||||
type nat hook postrouting priority 0;
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
You can save this as nftables.conf and run
|
||||
|
||||
```
|
||||
nft -f nftables.conf
|
||||
```
|
||||
|
||||
to see it working on your system.
|
||||
|
||||
After applying this, we can use `ssh -p <port>` to choose any port and
|
||||
connect to our server:
|
||||
|
||||
```
|
||||
ssh -p 80 serverX.placeY.ungleich.ch
|
||||
```
|
||||
|
||||
## Using specific ranges or ports only
|
||||
|
||||
If you have other services running on the system, you might want to
|
||||
restrict the ports to be used for ssh. You can either use **sets**
|
||||
(nftables syntax: *{ a, b, c, ... }*) or **intervals**
|
||||
(nftables syntax: *X - Y*) as follows.
|
||||
|
||||
```
|
||||
tcp dport 2000-4000 redirect to :ssh
|
||||
tcp dport {23, 25, 80, 443 } redirect to :ssh
|
||||
```
|
||||
|
||||
(just replace the *tcp dport != ...* line above)!
|
||||
|
||||
## A note on ports
|
||||
|
||||
Over time you will see that there are some ports which are more likely
|
||||
to be open, even if the network filters your traffic. Some well known
|
||||
ports for this are:
|
||||
|
||||
* 80: regular http traffic
|
||||
* 53: DNS, uses UDP by default, but TCP is also part of the standard
|
||||
* 443: usually has encrypted https traffic
|
||||
* 783: smtp submission port for sending out emails
|
||||
|
||||
Of course, if the filtering uses deep packet inspection, this will
|
||||
fail, but then there are other solutions for that... stay tuned!
|
||||
|
||||
|
||||
## More of it?
|
||||
|
||||
If you are interested in more of this, we invite you to join our
|
||||
[open infrastructure chat on chat.ungleich.ch](https://chat.ungleich.ch).
|
78
content/u/blog/the-biggest-ipv6-bargain-ever/contents.lr
Normal file
|
@ -0,0 +1,78 @@
|
|||
title: The biggest IPv6 bargain ever: Black IPv6 Friday
|
||||
---
|
||||
pub_date: 2019-11-15
|
||||
---
|
||||
author: ungleich
|
||||
---
|
||||
twitter_handle: ungleich
|
||||
---
|
||||
_hidden: no
|
||||
---
|
||||
_discoverable: yes
|
||||
---
|
||||
abstract:
|
||||
The world's first Black IPv6 Friday campaign starts today!
|
||||
---
|
||||
body:
|
||||
|
||||
![Back IPv6 Friday](/u/blackipv6friday.png)
|
||||
|
||||
## TL;DR
|
||||
|
||||
IPv6 allows you to deploy the same things, just with less money.
|
||||
And right now it get's even crazy with [up to 50%
|
||||
discount](https://swiss-crowdfunder.com/campaigns/black-ipv6-friday?locale=en)
|
||||
on even the already very affordable IPv6 only offers.
|
||||
*Valid only until 2019-11-29*.
|
||||
|
||||
## The Black IPv6 Friday
|
||||
|
||||
So you have probably heard about the
|
||||
Black Friday, haven you?
|
||||
We want to take this to the next level with the
|
||||
**Black IPv6 Friday**, which might be **the biggest discount on IPv6
|
||||
only services in history**!
|
||||
|
||||
## IP... what?
|
||||
|
||||
You might have heard some things about
|
||||
[IPv6](https://en.wikipedia.org/wiki/IPv6) already, but what you might
|
||||
not know yet is that you can actually save money by using
|
||||
IPv6. Significantly. But let's first have a short look what IPv6
|
||||
actually is.
|
||||
|
||||
## The IPv6 and IPv4 Internet
|
||||
|
||||
IPv4 is the "old", some people even call it "legacy", Internet. It has
|
||||
been in use for a while, however its
|
||||
[shortage of addresses](https://ipv4.potaroo.net/)
|
||||
[has become a real
|
||||
problem](/u/blog/when-does-ripe-run-out-of-ipv4-addresses/). Whenever
|
||||
there is a shortage, prices jump up steeply and, in the end, the
|
||||
end customer has to pay that price.
|
||||
|
||||
To fix this problem, the successor IPv6 was designed with a huge
|
||||
amount of addresses. Not an infinite number, but for everything that
|
||||
we want to do in our lifetime, we could call it "almost infinite".
|
||||
|
||||
For many years, vendors and providers were only slowly adapting
|
||||
IPv6. However with the imminent IPv4 exhaustion in 2019, the game
|
||||
changed and IPv6 has become a hot topic everywhere.
|
||||
|
||||
## How you save money by using IPv6
|
||||
|
||||
And this brings us to how you can save money with IPv6: instead of
|
||||
renting IPv4 addresses at home, in the office or at your cloud
|
||||
provider, you can now rely on IPv6 only. There also exists support to
|
||||
enable IPv6 only services to the IPv4 Internet - and that is even for
|
||||
free.
|
||||
|
||||
## The biggest IPv6 bargain
|
||||
|
||||
So with all of this, doesn't it sound interesting go with IPv6?
|
||||
We want to make it even easier for you to get
|
||||
started and offer **up to 50% discount** on the regular offers. This
|
||||
deal is available on the [crowdfunding campaign on
|
||||
Swiss-Crowdfunder.com](https://swiss-crowdfunder.com/campaigns/black-ipv6-friday?locale=en).
|
||||
But beware: it only gets real if the goal of 20'000 CHF is reached
|
||||
until 2019-11-2!9. Otherwise there will be a 100% refund to all orders.
|
147
content/u/blog/the-importance-of-decentralisation/contents.lr
Normal file
|
@ -0,0 +1,147 @@
|
|||
title: The importance of decentralisation
|
||||
---
|
||||
pub_date: 2019-11-14
|
||||
---
|
||||
author: ungleich
|
||||
---
|
||||
twitter_handle: ungleich
|
||||
---
|
||||
abstract:
|
||||
Or: why the Internet still functions
|
||||
---
|
||||
body:
|
||||
|
||||
Did you ever wonder, why the Internet is as robust as it is?
|
||||
Then this article is for you.
|
||||
|
||||
## The Internet Architecture
|
||||
|
||||
The Internet basically consists of a lose collaboration of network
|
||||
service operators. Each operator, whether an individual or a large
|
||||
scale enterprise, can announce their own networks and run services in
|
||||
their own networks.
|
||||
|
||||
The dependency on other providers is relatively low, the only thing
|
||||
you need to operate in the Internet is one or more upstream
|
||||
providers. If you happen to have many of them, we call this
|
||||
**peering** and it allows you to get good deals for data exchange.
|
||||
|
||||
## Decentralisation is an enabler
|
||||
|
||||
Because each operator can decide what to run in their network, whether
|
||||
it's providing access to websites, providing a mail infrastructure,
|
||||
providing a webshop or other services. What you do, what you sell is
|
||||
up to you.
|
||||
|
||||
So far so good, isn't it?
|
||||
|
||||
## The threat of centralisation
|
||||
|
||||
In the real world, we see that some services have become strictly
|
||||
centralised. Services like ebay, amazon, google or facebook are very
|
||||
convenient, because they allow access to a lot of resources, but are
|
||||
also very dangerous at the same time.
|
||||
|
||||
### Problem one: Seller dependency
|
||||
|
||||
Imagine you are selling pink socks. Because pink socks are
|
||||
the coolest and they make people feel more warm in winter.
|
||||
Imagine further you exclusively sell your products solely through
|
||||
one of these platforms. Then the provider bans you from their website,
|
||||
because pink is considered to be incorrect, socks always have to be
|
||||
black. This will ruin your business model completely, because you
|
||||
don't have an alternative.
|
||||
|
||||
While the example of pink socks is fictional, there are
|
||||
[many such real world cases](https://duckduckgo.com/?q=bannled+from+selling+on+amazon).
|
||||
|
||||
### Problem two: Buyer dependency
|
||||
|
||||
On the other hand as a consumer, if you usually go to one site. Now
|
||||
if you are banned from that site, you cannot approach the seller, even
|
||||
if the seller wanted to sell to you.
|
||||
|
||||
### Problem three: Censorship
|
||||
|
||||
A generic problem with centralised platforms is censorship. This is a
|
||||
very important one, as it applies to providers in
|
||||
[a lot
|
||||
nations](https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_by_country).
|
||||
We have seen censorship on a variety of platforms including a variety
|
||||
of reasons including political motivated censorship. Centralised
|
||||
platforms are especially prone for censorship with huge effects.
|
||||
|
||||
### Problem four: Lack of choices
|
||||
|
||||
Once a centralised platform has been established, the lack of choice
|
||||
forces sellers, buyers and consumers into a strong dependency (related
|
||||
to this is [strong vendor
|
||||
lock-ins](https://en.wikipedia.org/wiki/Vendor_lock-in). If the
|
||||
platform raises prices or decides to reduce privacy features, users
|
||||
don't have a choice, but to accept, if there are no alternatives.
|
||||
|
||||
## Some many problems - what is the solution?
|
||||
|
||||
Like we say in Switzerland, we like to **buy locally**, supporting
|
||||
small shops and small companies. But how do you realistically do this in
|
||||
the Internet? We see one easy to use way that is not on everyone's
|
||||
radar: **switching to IPv6**. Let us show you how to establish your
|
||||
own presence in 3 small steps.
|
||||
|
||||
### 1. Acknowledge that you are a network operator
|
||||
|
||||
First of all, anyone can be a network operator. This is how the
|
||||
Internet was built and it is still true. You can start by
|
||||
[getting your own IPv6
|
||||
space](https://ungleich.ch/en-us/cms/blog/2019/02/05/how-to-get-ipv6/).
|
||||
|
||||
This is really easy and in case you are using the
|
||||
[IPv6VPN.ch](https://IPv6VPN.ch) only requires installing
|
||||
[wireguard](https://www.wireguard.com/) and a configuration.
|
||||
|
||||
### 2. Setup your own presence
|
||||
|
||||
When you have your own IPv6 range, you can run anything in it. From a
|
||||
website, to mail servers, ... anything any other operator can do.
|
||||
|
||||
If you don't know how to do that, you can ask for help on the
|
||||
[IPv6.Chat](https://IPv6.chat), where you find many people who are
|
||||
using IPv6 on a daily basis.
|
||||
|
||||
You can even setup your [own social
|
||||
network](https://mastodon.social/about) on your infrastructure!
|
||||
|
||||
### 3. Talk about it
|
||||
|
||||
Many people are not aware that with IPv6 the game really changes and
|
||||
that everyone is back in the game. So when you start your journey, we
|
||||
ask you to talk about it and enable other people.
|
||||
|
||||
### 4. (optional) Get an IPv4 Proxy
|
||||
|
||||
If you want to be reachable from the IPv4 world, you can also use an
|
||||
IPv4-to-IPv6 proxy, which you find the the [IPv6
|
||||
Shop](https://ipv6onlyhosting.com/en-us/cms/ipv6-shop/).
|
||||
|
||||
![ungleich IPv4 to IPv6 proxy](/u/ipv6-to-ipv4-proxy.png)
|
||||
|
||||
## Summary and Outlook
|
||||
|
||||
Centralisation is a danger to everyone. It concentrates decision power
|
||||
and effectively can censor opinions and in the worst case even ruin
|
||||
businesses. With IPv6 you can back in control. Even better, you can
|
||||
be part of driving decentralisation.
|
||||
|
||||
Soon upcoming is the [Black IPv6
|
||||
Friday](https://swiss-crowdfunder.com/campaigns/black-ipv6-friday?locale=en),
|
||||
where you can get direct IPv6 experience. Or you can exchange your
|
||||
ideas for decentralisation on the [IPv6.Chat](https://IPv6.chat).
|
||||
|
||||
## Updates
|
||||
|
||||
As pointed out by [nicey](https://news.ycombinator.com/user?id=nicey)
|
||||
on [hackernews](https://news.ycombinator.com/item?id=21535181) there
|
||||
is the
|
||||
[awesome-selfhosted](https://github.com/awesome-selfhosted/awesome-selfhosted/)
|
||||
git repo on github with a lot of explanations on how to self
|
||||
host. Really worth checking it out!
|
35
content/u/blog/the-ungleich-ipv6-eco-system/contents.lr
Normal file
|
@ -0,0 +1,35 @@
|
|||
title: The ungleich IPv6 ecosystem
|
||||
---
|
||||
pub_date: 2019-10-10
|
||||
---
|
||||
author: ungleich
|
||||
---
|
||||
twitter_handle: ungleich
|
||||
---
|
||||
_hidden: yes
|
||||
---
|
||||
_discoverable: no
|
||||
---
|
||||
abstract:
|
||||
How to enable people with IPv6 - the ungleich IPv6 ecosystem.
|
||||
|
||||
---
|
||||
body:
|
||||
|
||||
As you might have noticed, we have a focus on IPv6, because we think
|
||||
it is required for a sustainable development of the Internet. But what
|
||||
do we actually do at ungleich to support IPv6?
|
||||
|
||||
- ipv6.chat
|
||||
- ipv6.blog
|
||||
- ipv6 vpn
|
||||
- ipv6onlyhosting
|
||||
- ipv6 proxies
|
||||
- posts in /r/ipv6
|
||||
|
||||
|
||||
## More IPv6
|
||||
|
||||
If you are interested in IPv6, we invite you to join the [IPv6
|
||||
chat](https://IPv6.chat) or [follow us on
|
||||
Twitter](https://twitter.com/ungleich).
|
68
content/u/blog/what-is-wrong-with-ipv4/contents.lr
Normal file
|
@ -0,0 +1,68 @@
|
|||
title: What is wrong with IPv4?
|
||||
---
|
||||
pub_date: 2019-10-01
|
||||
---
|
||||
author: Nico Schottelius
|
||||
---
|
||||
twitter_handle: NicoSchottelius
|
||||
---
|
||||
_hidden: yes
|
||||
---
|
||||
_discoverable: no
|
||||
---
|
||||
abstract:
|
||||
Why are people talking about moving to IPv6?
|
||||
What is wrong with running application on IPv4?
|
||||
---
|
||||
body:
|
||||
|
||||
## TL;DR
|
||||
|
||||
Nothing is wrong with IPv4. There is just too less of it.
|
||||
|
||||
## IPv6 vs. IPv4 for end users
|
||||
|
||||
At home
|
||||
Not big difference at the moment
|
||||
But: big potential for independence
|
||||
|
||||
### Example: home automation
|
||||
|
||||
All devices talk to a vendor
|
||||
|
||||
You already have a bridge. Why sending data elsewhere?
|
||||
|
||||
If enough IPv4: give all devices a public address. Can directly
|
||||
connect to your home bridge. But you can't. NAT.
|
||||
|
||||
## IPv6 vs. IPv4 for developers
|
||||
|
||||
This is the section I like most. Forums with posts from developers who
|
||||
recommend to turn off IPv6, to ignore it, complain about the new
|
||||
format.
|
||||
All of these are valid points. IPv6 is an additional protocol that
|
||||
applications need to handle.
|
||||
|
||||
New apps: develop IPv6 only.
|
||||
|
||||
|
||||
|
||||
## IPv6 vs. IPv4 for ISPs
|
||||
|
||||
- SKT
|
||||
- Multiple NATs
|
||||
- Need to run IPv6 anyway to provide reachability
|
||||
- Easier to run end point NAT64
|
||||
|
||||
|
||||
## IPv6 vs. IPv4 for cloud providers
|
||||
|
||||
Probably highest pressure for IPv4 users is on cloud
|
||||
|
||||
|
||||
## Other applications
|
||||
|
||||
If you know about other applications or want to enhance one of our
|
||||
configuration, we invite you to join the [IPv6
|
||||
chat](https://IPv6.chat) or [write to us on
|
||||
Twitter](https://twitter.com/ungleich).
|
|
@ -0,0 +1,18 @@
|
|||
title: What was Open Source has now become IPv6
|
||||
---
|
||||
pub_date: 2019-11-15
|
||||
---
|
||||
author: ungleich
|
||||
---
|
||||
twitter_handle: ungleich
|
||||
---
|
||||
_hidden: yes
|
||||
---
|
||||
_discoverable: no
|
||||
---
|
||||
abstract:
|
||||
The Open Source did not vanish, it just changed
|
||||
---
|
||||
body:
|
||||
|
||||
Many years ago the Open Source community
|
|
@ -0,0 +1,83 @@
|
|||
title: When will RIPE run out of IPv4 addresses?
|
||||
---
|
||||
pub_date: 2019-10-10
|
||||
---
|
||||
author: ungleich
|
||||
---
|
||||
twitter_handle: ungleich
|
||||
---
|
||||
_hidden: no
|
||||
---
|
||||
_discoverable: yes
|
||||
---
|
||||
abstract:
|
||||
This month? Next month? 2019?!
|
||||
---
|
||||
body:
|
||||
|
||||
As of today,
|
||||
[RIPE has less than 1 million IPv4 addresses available](https://www.ripe.net/manage-ips-and-asns/ipv4/ipv4-available-pool).
|
||||
|
||||
![ripe ipv4 pool](/u/ripe_ipv4_pool_20191010.png)
|
||||
|
||||
So the question is, how long until RIPE does not have any IPv4
|
||||
addresses anymore? Or more specifically,
|
||||
**which is the exact date on which RIPE will have run out of IPv4
|
||||
addresses**?
|
||||
|
||||
We are very curious and wonder who can best predict the exact date.
|
||||
And because it's a lot of fun to guess the right time, we will give
|
||||
out an **IPv6 only VM for free** to the person that guesses the exact
|
||||
date.
|
||||
|
||||
## Guesses
|
||||
|
||||
* ~~[@TuxOne](https://twitter.com/Tux0ne/status/1182309473521737728) 2019-10-23 08:27~~
|
||||
* ~~[@objetsfabuleux](https://twitter.com/objetsfabuleux/status/1182305989128855552)
|
||||
2019-10-26 ([the same day as the IPv4 exhaustion
|
||||
party](https://www.meetup.com/Digital-Glarus-Business-Technology/events/264859527/),
|
||||
so it must be correct)~~
|
||||
* ~~[@natedalliard](https://twitter.com/natedalliard/status/1182256538305667072)
|
||||
2019-11-08~~
|
||||
* ~~[@JoelAMay](https://twitter.com/JoelAMay/status/1183225050486325248)
|
||||
2019-11-11. Hopefully at 11:11:11 (that's probably the most sane
|
||||
guess we have seen so far)~~
|
||||
* ~~[@RickBakkr](https://twitter.com/RickBakkr/status/1182260610458963968)
|
||||
2019-11-12~~
|
||||
* ~~[@inoobkivervip](https://twitter.com/inoobkilervip/status/1182261254288760832)
|
||||
2019-11-12 @ 1PM BST (submitted three minutes after @RickBakkr)~~
|
||||
* [@zajdee](https://twitter.com/zajdee/status/1182236698266275846) 2019-11-15
|
||||
* [@MrXermon](https://twitter.com/MrXermon/status/1182254662914850817) 2019-11-25
|
||||
* [@Sami_Lehtinen](https://twitter.com/Sami_Lehtinen/status/1182366137876701184) 2019-11-15 Friday
|
||||
* [@VertXVaaR](https://twitter.com/VerteXVaaR/status/1182791748139061249)
|
||||
2019-11-22 (a nice date)
|
||||
* [@pb_double](https://twitter.com/pb_double/status/1182236265233752064)
|
||||
2019-11-27 0610 UTC (very precise!)
|
||||
* [@agowa338](https://twitter.com/agowa338/status/1182236572047101952)
|
||||
2019-11-28
|
||||
* [@NicoSchottelius](https://twitter.com/ungleich/status/1185153567243550722)
|
||||
2019-12-03
|
||||
* [@treysis](https://twitter.com/treysis/status/1182256065213280261)
|
||||
2019-12-04
|
||||
* [@ReplicaJune](https://twitter.com/ReplicaJune/status/1182235564180942849)
|
||||
2019-12-12
|
||||
* [@mrimann](https://twitter.com/mrimann/status/1182769149233238016) 2019-12-16
|
||||
* [@Mac_S13](https://twitter.com/Mac_S13/status/1182242286714970113)
|
||||
2019-12-24 (a Christmas present?)
|
||||
* [@le_roncio](https://twitter.com/el_roncio/status/1182301050247827456) 2019-12-29
|
||||
* [@sighubCH](https://twitter.com/sighupCH/status/1182332420487557121)
|
||||
2020-01-11 09:32
|
||||
* [@STAXCON1](https://twitter.com/STAXCON1/status/1182795161266458626)
|
||||
2020-01-17 03:23
|
||||
|
||||
|
||||
## Want to guess?
|
||||
|
||||
Just follow [@ungleich](https://twitter.com/ungleich) on Twitter
|
||||
and post your guess as [a reply to our tweet](https://twitter.com/ungleich/status/1182234419102388224).
|
||||
|
||||
Rules are:
|
||||
|
||||
* You cannot use the same date somebody else already guessed
|
||||
* You can only guess once
|
||||
* You can only guess until 2019-10-13-2359 UTC
|
BIN
content/u/desktop-small.png
Normal file
After Width: | Height: | Size: 316 KiB |
BIN
content/u/ipv4doublenat.png
Normal file
After Width: | Height: | Size: 29 KiB |
BIN
content/u/ipv4nat.png
Normal file
After Width: | Height: | Size: 20 KiB |
BIN
content/u/ipv6-to-ipv4-proxy.png
Normal file
After Width: | Height: | Size: 23 KiB |
BIN
content/u/ipv6direct.png
Normal file
After Width: | Height: | Size: 15 KiB |
BIN
content/u/ripe_ipv4_pool_20191010.png
Normal file
After Width: | Height: | Size: 70 KiB |
|
@ -13,4 +13,4 @@ order_by = -pub_date, title
|
|||
|
||||
[pagination]
|
||||
enabled = yes
|
||||
per_page = 4
|
||||
per_page = 5
|
|
@ -16,6 +16,7 @@
|
|||
<script type="text/javascript" src="/u/static/js/bootstrap.min.js"></script>
|
||||
|
||||
<!-- Google analytics -->
|
||||
|
||||
<script>
|
||||
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
|
||||
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
|
||||
|
@ -25,6 +26,7 @@
|
|||
ga('create', 'UA-62285904-1', 'auto');
|
||||
ga('send', 'pageview');
|
||||
</script>
|
||||
|
||||
<!-- End Google Analytics -->
|
||||
|
||||
</head>
|
||||
|
|
|
@ -4,8 +4,17 @@
|
|||
<a href="{{ pagination.prev|url }}">« Previous</a>
|
||||
{% else %}
|
||||
<span class="disabled">« Previous</span>
|
||||
{% endif %} |
|
||||
|
||||
|
||||
{% for page in range(1, pagination.pages + 1) %}
|
||||
{% if page != pagination.page %}
|
||||
<a href="{{ pagination.for_page(page)|url }}">{{ page }}</a> |
|
||||
{% else %}
|
||||
{{ pagination.page }} |
|
||||
{% endif %}
|
||||
| {{ pagination.page }} |
|
||||
{% endfor %}
|
||||
|
||||
{% if pagination.has_next %}
|
||||
<a href="{{ pagination.next|url }}">Next »</a>
|
||||
{% else %}
|
||||
|
|