Apart from the obvious, China seems to be making incredibly reasonable decisions lately. Especially compared to the current superpower.

To be fair, the current superpower has set a pretty low bar. By comparison, most other countries could be said to be making reasonable decisions.

We should probably wait before declaring any decisions "incredibly reasonable". After all, the outcomes of previous rationally-sounding decisions were mixed.

One-child policy, intended to prevent overpopulation, made Chinese birth deficit worse than it would have to be - if it were phased out by 1995 or so, there would likely be at least 100 million more young people now. Chinese real estate bubble popped and had to be carefully deflated over several years. Government-driven mass investment into manufacturing resulted in involution and production surplus which now needs readjustments as well. And as of the AI policy, while the stated reasons sound rational, we don't know how the entire thing will pan out yet.

Ming China banned seafaring and exploration because it cost too much money. A very rational decision from their momentary perspective, as it indeed cost too much money at that time. But it turned out that not having a blue water navy was more costly in the long term.

AI may, or may not, follow a similar trajectory, including various market bubbles (South Sea Bubble anyone?). We just don't know. We don't have crystal balls at our service. Neither do the PRC elites.

When Evergrande went down in 2021 a lot of commentary said this would take their whole economy down (or worse) similar to how the subprime mortgage bubble took down the US economy in 2007. That didn’t really happen.

The problem is still unfolding. The debt overhang still exists from the housing bubble and is dragging on the economy.

It’s a problem that hasn’t been solved yet.

Sounds to me like you’re describing effective but imperfect policy on the part of the PRC. That seems pretty good to me.

Please can we do away with NAT forever. Why are we still encouraging this? It’s caused the world to do horrible kludges and continues to do so.

1.) IPv4 is still heavily favored over IPv6.

2.) Market segmentation: keeps home users from easily hosting their own services without spending $$$ on an upgraded plan.

3.) Adding on to #2, I've seen claims of providers putting IPv6 behind NAT, so don't think full IPv6 acceptance will solve this problem.

> I've seen claims of providers putting IPv6 behind NAT, so don't think full IPv6 acceptance will solve this problem.

I get annoyed even when what's offered is a single /64 prefix (rather than something like a /56 or even /60), but putting IPv6 behind NAT is just ridiculous.

What is a single /64 prefix not enough for?

Multiple local networks while still using SLAAC.

Separating out main, guest, work, internet-of-shit, security & VPN subnets

This shouldn't be mistaken for an anti-IPv6 post. There's also some steps you have to go through to enable IPv6 on your VPS networks, and there's still stuff like GitHub not handling IPv6. So, much as we need to migrate, we still have to support IPv4 connectivity for the foreseeable future.

Shoutout to Hacker News for having IPv6 support!

> and there's still stuff like GitHub not handling IPv6.

And virtually everything inside of AWS still requires IPv4 so even if you have zero need to reach out to WAN, if you need any number of private AWS endpoints, you're going to be allocating some ipv4 blocks to your VPC :(.

I've worked at four tech companies and never saw a hint of IPv6 (except for some tests that verified that third-party networking code accepted that address family).

Instead I played with IPv6 at home to make sure I understood it well enough should it ever come up at work. We'll see!

Whenever an ISP offers me IPv6 service that works, I will move to it.

Its so much easier to remember`192.168.0.34` than some weird ipv6 numbering.

For someone just getting started with networking and learning things, this seems rhe best way to go forward.

Because it's never once inconvenienced the average network admin, probably. I still don't get what problem it's supposed to solve for me.

There absolutely are annoyences IPv6 get rid of, that are much embedded in IT culture we only see them if we look.

Port forwarding, external/internal address split, split horizon DNS, SNI proxies, NAT, hairpin routing - some of the hacks made mostly because of shortage in IP space.

The internal/external address split problem only goes away if you have a provider independent prefix, thats not in reach for many due to cost

Using both GUA/ULA together solves enough to get by, but its not ideal

That's kind of my point. In 20 years of managing networks and infra, none of those things have ever been painful or cost me more than a few minutes a year. That's just not enough to convince me I have any reason to switch over.

No. We can't. We encouraging it because it works.

Presumably the idea is that if you go ipv6-only you can avoid this cost and just use a firewall?

In theory.. but what happens when you want to change ISPs or your ISP doesnt assign static ipv6 blocks? Its recomnended but ISPs have no incentive to give a shit about you. Now all internal infra is not routable.

An IPv6 allocation being static or dynamic has no bearing on its routability.

Don’t even need firewall. Aws has egress only ipv6 gateway.

Look at the Wikipedia article “criticism of Huawei” for a massive list of IP theft, espionage, backdoors and more, including references.

None of this really backs up the idea of "cheap crap", though, or really concerns me as a consumer. Hell, if anything "IP theft" sounds like "competitive product" to my ear. May we all live to see an explosion of IP "theft".

They even manage to steal IP before the original inventor actually invents it. Imagine that.

Do you have any examples? Asking for a friend.

The issue with this is in many authoritarian nations they will see your Wireguard link and block it. Or even knock at your door.

Feel vs is oppressed is a two-by-two matrix and people exist in every square.

China is a country with a population of 1.4 billion people. Where is their Stasi to enforce this surveillance state?

Many people use VPNs and use overseas services. The primary purpose of the "Great Firewall" appears to be erecting a technological barrier to entry, protecting the culture of average people who don't require that sort of access for business.

If ICE is going over everything I post online to see if I'm making fun of Trump and I'm gonna get a visit for not being white enough, I'm not sure we're not also on the way to being oppressed.

May I suggest getting a cheap VPS in another country and using SSH to tunnel traffic, or even setup a window manager on the VPS.

In London it was a different story to the USA.

Since AI video creation is now a big topic, was looking for a way to authenticate real videos and media. Seems this just opens a whole host of other problems.

Is TikTok so obfuscated to prevent people from knowing the full extent of data collection and device fingerprinting?

1. Practically speaking all this javascript fingerprinting pales in comparison to what native apps have access to. Most people aren't using tiktok on their browsers, and the browser version heavily pushes you to using the app, so you should be far more worried about whatever's happening in the app.

2. Despite tiktok having a giant target painted on its back for its perceived connections to the CCP, I haven't really seen any evidence that it does any more tracking/fingerprinting that most other websites (eg. facebook) or security services (eg. cloudflare or recaptcha) already do.

> 2. Despite tiktok having a giant target painted on its back for its perceived connections to the CCP, I haven't really seen any evidence that it does any more tracking/fingerprinting that most other websites (eg. facebook) or security services (eg. cloudflare or recaptcha) already do.

Take a look for request parameters in TikTok vs. Instagram for example.

Every request for TikTok forces you to pass most of the information that browser can collect from the end-user before server responds:

https://www.nullpt.rs/reverse-engineering-tiktok-vm-1

>Every request for TikTok forces you to pass most of the information that browser can collect from the end-user before server responds:

Half of the parameters are stuff relating to the app itself, or could be inferred from other sources like user-agent. The other fingerprinting stuff (eg. canvas or webgl fingerprinting) is basically industry standard and by no means unique to tiktok. Even the claim that "browser can collect from the end-user before server responds" doesn't hold up to scrutiny, because there's no meaningful difference between that, and browser check interstitials (eg. the cloudflare checkbox), which fingerprint you before letting you access the content. It's also unclear how that's more sinister than the alternative approach of sending telemetry/fingerprinting data to a separate endpoint.