@torproject Q: I wish there was a similar tool test #Bridges, as https://bridges.torproject.org/scan/ is not that good and I don't want to hammer it with dozens of addresses, cuz at best that's quite antisocial if not possibly trigger responses assuming this is an intelligence gathering operation.

• Ideally sone standalone binary that one can just give a list of #TorBridge|s in a text file (similar to the way one can just past them in at #TorBrowser) would help.

I.e.

bridgetest -v4 obfs4 203.0.113.0:80 …

bridgetest -v6 webtunnel [2001:DB8::1]:443 …

bridgetest -list ./tor.bridges.list.private.tsv 

• But maybe #onionprobe already does that. In that case please tell me to "#RTFM!"…

Similarly there needs to be a more granular way to request #TorBridges from #BridgeDB (as it's basically impossible to get #IPv4 #Webtunnel addresses nor is there an option to filter for #ports like :80 & :443 to deal with restrictive #firewalls (i.e. on public #WiFi)…

• there are flags like ipv6=yes but neither ipv4=yes nor ipv6=no yielded me other resultd than #IPv6 webtunnel bridges…

And before anyone asks: Yes, I do have a "legitimate purpose" as some of my contacts do need Bridges to get beyond a mandatory firewall and/or do use #TorBrowser (through an #SSH tunnel) to circumvent Tor & #VPN blocks and maintain privacy (as many companies do block sometimes entire #Hosters' ASNs due to rampant #scrapers…

@f4grx @nixCraft @torproject not really.

1. #aws has pretty chunky blocks like /14.
2. They don't use #IPv6, only #IPv4.
3. Blocking entrie #ASN|s is easy.

I do this with #pfSense & #pfBlockerNG for quite a while…

And the same #blocklist also works for other applications like #nginx, #HAproxy, #httpd, etc.

So current state is that to configure your local WIFII router you need to use plain #HTTP, no #TLS, over #IPv4. Given that this is a usecase existing a million times over, that's... bad?

@Jarek @landley that assumes #IPv6 addresses are static (Providers in #Germany do "pseudostatic" alike #IPv4 and unless one's a business customer, will forcibly disconnect once each 24 hours and reassign a new IP) and that applications ain't configured to prefer IPv4 over IPv6 just to avoid timeouts and having to check if IPv6 exists since the only "#IPv6only" #ISP I know is #Starlink (and even they do #CGNAT due to customer complaints…)

@landley @jschauma @ryanc @0xabad1dea
I guess the only way "out of this mess" for me would be to cough up €500 p.a. in @ripencc membership fees and start my own #ASN and get a /48 of #IPv6 & /24 of #IPv4 allocated.

• TBH, I have more pressing dues to pay for and I shouldn't have to worry about this at all...

@landley @jschauma @ryanc @0xabad1dea yeah, the exhaustion problem would've been shoved back with a #64bit or sufficiently delayed by a 40bit number.

Unless we also hate #NAT and expect every device to have a unique static #IP (which is a #privacy nightmare at best that "#PrivacyExtensions" barely fixed.)

• I mean they could've also gone the #DECnet approach and use the #EUI48 / #MAC-Address (or #EUI64) as static addressing system, but that would've made #vendors and not #ISPs the powerful forces of allocation. (Similar to how technically the #ICCID dictates #GSM / #4G / #5G access and not the #IMEI unless places like Australia ban imported devices.

I guess using a #128bit address space was inspired by #ZFS doing the same before, as the folks who designed both wanted to design a solution that clearly will outlive them (way harder than COBOL has outlived Grace Hopper)...

• Personally I've only had headaches with #IPv6 because not only do I only have #IPv4only #Internet but my #ISP refuses to allocate even a singe /64 to me (but has no problem throwing in a free /29 of #IPv4's in with my contract!)and stuff like #HurricaneElectric / #HEnet's #Tunnelbroker fail face first due to #Geoblocking and the fact that #ASNs get geolocated, not their #PoPs...

If I was @BNetzA I would've mandated #DualStack and banned #CGNAT (or at least the use of CGNAT in #RFC1918 address spaces) as well as #DualStackLite!

@tails_live @tails @torproject plus support for meek, snowflake, webtunnel and non-#obfs4 #Bridges seems missing in #Tails.

• It would also help if #BridgeDB allowed to actually select #IPv4 and not just #IPv6 and select ports (i.e. 80 & 443) on top of that.

Cuz to this day I've to yet see an IPv4-#webtunnel #bridge…

@landley @jschauma @ryanc @0xabad1dea I should see if the #IPv4 numbering trick also applies to #IPv6 and make a "notation coverter" afterwards.

• Just for teh lulz...

@landley @jschauma @ryanc @0xabad1dea I think #IPv6 would've gotten more acceptance if it was merely a 4x long #IPv4 annotation instead of doing hexadecimals.

• I mean, worse would've only been #base32hex or #base64hex for IPv6 addresses...

@namedbird
Thank you for sharing. I'm glad that at least you have a normal speed

Do you have FTTC or FTTH?

@quux aber allen Public #IPv4 #IPvLegacy im LAN und WLAN ohne Filter geben?