There's several enhancements that have been strapped on to BGP over the years. The article talks about two at the end that will help reduce route leaks.

A wholesale protocol replacement is unlikely, but definitely more doable than replacing something like IP.

There are still lots of customers with IPv6, if you go completely and totally v6 only then you limit your potential customer base. Now going v6 internally with a dual stack edge makes sense, Meta has done this.

It's really not a risk, as long as you dual stack your edge.

Yeah I this is the bigger issue. CG-NATs break things, you shouldn't be able to sell a pooled IP CG-NAT only service as broadband connection. Looking at you MetroNet

Expect CG-NAT boxes are expensive, and introduce another point of failure into the network. Most mobile carriers are running IPv6 first networks these days anyway.

Like you said, CG-NAT does have the benefit of making v4 address reputation less reliable, which means it's not as big a deal for the transition to v6.

>CG-NAT does have the benefit of making v4 address reputation less reliable

heh, less reliable is doing a lot of heavy lifting there. You mean "complete and total trash". We need to get to the point where Cloudflare/AWS/some other big sites just block CG-NAT nodes for a day going this IP address is a risk.

Instead if you're a website, instead of doing an easy block by IP, you're left filtering out AI crawlers, spammers, and lots of other crap hiding behind a single IP with thousands of other users behind it, and ISPs that don't really give a shit about doing anything about it.

We need to push the value of IPv4 to nearly zero and finally move away from that crap.

Could you please stop posting unsubstantive comments and flamebait? You've unfortunately been doing it repeatedly. It's not what this site is for, and destroys what it is for.

If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and taking the intended spirit of the site more to heart, we'd be grateful.

Why? How is it "discrimination" if it actually corresponds to a single user, who has been doing bad things to your server (e.g. slamming it with requests)? Do you expect to be able to go and knock on people's doors all day and not have them tell you off?

No.

The original NT TCP/IP stack was purchased from Spider Systems, which may have been based on BSD.

The Spider Systems stack was completely ripped out for NT 3.5 and replaced with a Microsoft-developed stack that has no basis on the BSD stack.

THIS is a good idea and use case. Rather than having every install be what every random commands chatGPT decided to spit out that day.

How is asking an LLM to make some random install script up better than a script designed by the application developer?

The install.sh is auditable, yes you need to know bash to be able to audit it, but the same is true for an LLM, it could hallucinate random commands that delete files or override other applications/configs.

Currently when you configure DNS over TLS/HTTPS you have to set the IP address AND the hostname of the SSL certificate used to secure the service. Getting IP Address certs makes the configuration simpler

If you have non-public IPs you need certs for you should set up a non-public certificate authority and issue your own certs for them.