I was referring to Hacker News' lack of support for IPv6, however it is nice to see that ipv6.watch does support it.
To elaborate: I feel that the irony comes from an apparent desire by this website's users towards supporting IPv6, as evidenced by a few articles about the topic on the first page today; Raising awareness of IPv6 support on a site that does not.
> I wonder how many customers can realistically hide behind a single IPv4 (CGNAT), given that there are 65535 TCP/UDP ports.
In theory, one IPv4 address can maintain 65535 connections with every HTTPS server (TCP port 443) on the Internet simultaneously. The main cause of port depletion would be when lots of users connect to the same server.
A reasonable number is 1000 users with 64 ports each, but you could probably squeeze in another 10X.
The law should require certain minimums of security for infrastructure deemed vital, like oil pipelines. If entertainment companies and HIPPA can ensure those they work with practice good cybersecurity, why can't the government do the same?
There's already branches of cabinet-level departments that try to do this. In my opinion they're having about the same level of efficacy as one might expect in any other set of large-scale changes in very large old companies with a wide variety of internal systems and needs. If you look you'll find a plethora of government-led attempts to secure various critical industries.
You'll also note that entertainment companies and hospitals are routinely breached. There's perhaps room to question if they are indeed practicing good cybersecurity.
They simply have to be in separate AWS accounts for this to work. To that end, you can provide them with a CloudFormation template that deploys a stack with the necessary configuration.