back to article IPv6 comes to AWS S3

Amazon Web Services' simple storage service (S3) can how handle IPv6. Amazon's Jeff Barr says S3 buckets “are now accessible via IPv6 addresses via new 'dual-stack' endpoints.” “When a DNS lookup is performed on an endpoint of this type, it returns an 'A' record with an IPv4 address and an 'AAAA' record with an IPv6 address. …

  1. Lee D Silver badge

    How's The Reg's migration plans coming along?

    About once a year I post on here about it, sometimes receive a snarky reply of "we're working on it" and then that's all I hear until the next year.

    For a tech site, enabling IPv6 and restarting your webserver instances, then a big of pokery with whatever scripts you have, shouldn't be a real chore for you.

    And, yes, all my websites, email servers, etc. are IPv6-enabled and working, even my NTP pool server. And I don't even use the excuse that my ISP doesn't let me use IPv6 on my home connection for not configuring my external services that do.

    1. Marco Fontani

      We're working on it, but it isn't high in the priority list as you can surmise.

      Unfortunately it isn't a click and restart, else we'd have done it already, like TLS support and all sorts of stuff that are much harder to do than it appears at a first glance.

      I also have IPv6 and TLS with HSTS on a bunch of personal domains, but that's a hell of a lot simpler to do when the scope is smaller and the downsides of getting it wrong are way lower than "whoopsie, I guess I just killed your business because we didn't $foo because $bar".

      Specifically with regards to IPv6, current (slowly moving) plans are to finally push live the required backend changes, then enable what we can via Cloudflare - as that gets us ~80% of the way there for all intents and purposes, with a small-ish set of changes we've been testing for a while now.

      1. Dwarf

        It can't be that hard ..

        +100 to @Lee on El Reg making the change to IPv6..

        I can't imagine that there is that much infrastructure behind this site

        • Load balancers
        • DNS updates
        • Web farm
        • Database tier
        • The in-house app
        • E-mail component
        • Monitoring and management
        • Backup platform.
        • Hopefully Dev, Pre-Prod and DR equivalents
        I don't see anything difficult in that list.

        Not sure what you are referring to about re TLS support for IPv6. Certs are issued against names, not addresses. Could you clarify the issue you think you hit ?

        1. David Dawson

          Re: It can't be that hard ..

          It'd be possible, even preferred, to have ipv6 to the load balancer, then leave the rest as is?

          Ideally all in a little private net of some kind, aws vpc or similar.

          1. Dwarf

            Re: It can't be that hard ..

            @David D

            Nah, that fits into the "lipstick on a pig" approach.

          2. Yes Me Silver badge

            Re: It can't be that hard ..

            If you do that, you have to translate in the load balancer. It would be easier to dual-stack the back end, I think. The devil is in the details. One piece of non-dual-stack-friendly code anywhere and you're not there yet. But Cloudflare is a fine approach.

      2. Lee D Silver badge

        At least that's an update! I think that's more than I've managed to winkle out of them before.

        But I still never got what's wrong with:

        "Hey, try out https://beta.theregister.co.uk and tell us whether it works for you over IPv6, whether SSL works, what's missing, etc. Don't complain to us if it eats your cat or makes your computer turn neon green, though!"

        I just went through my comment history and for at least 3 years (possibly longer) the answer's been "Oh, yes, at some point". And in that post 3 years ago, there are replies from others about how they did it for their sites 3 years before that!

        Seriously, TLS is pretty much required nowadays. IPv6 is a nicety you can test for the front end web on a beta at least.

        I just don't want to even ask about how our unencrypted login details are being stored, because if the words "salted hash with a decent hash algorithm" don't appear, I may have to reconsider logging in at all!

        1. Mike Tubby
          Mushroom

          Not much wrong with it other than the certificate ...?

          Your connection is not private

          Attackers might be trying to steal your information from beta.theregister.co.uk (for example, passwords, messages or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID

          Automatically report details of possible security incidents to Google. Privacy Policy

          Back to safety HIDE ADVANCED

          This server could not prove that it is beta.theregister.co.uk; its security certificate is from edit.theregister.com. This may be caused by a misconfiguration or an attacker intercepting your connection.

          Proceed to beta.theregister.co.uk (unsafe)

        2. Anonymous Coward
          Anonymous Coward

          I just don't want to even ask about how our unencrypted login details are being stored, because if the words "salted hash with a decent hash algorithm" don't appear, I may have to reconsider logging in at all!

          What about plain text? Everyone always overlooks the obvious. Lets say you hack a website for logins are you really going to try and open them as plain text? Not likely, the more obvious option is to go hell for leather with various tools then give up when none of them work. Therefore based on this logic plain text is the most secure form of password storage and those passwords should be at the top of the list of common passwords as everyone knows common passwords then no one would try them thinking that no one would use them. Total security.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon