Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "ipv6"
Today I learned.
FACE:B00C is used in the ipv6 address of v6.facebook.com
I'm impressed, well done4
Today, I learned the shortest command which will determine if a ping from your machine can reach the Internet:
This parses as 18.104.22.168, which thanks to Cloudflare, is now the IP address of an Internet-facing machine which responds to ICMP pings.
Oh, you can also use this trick to parse 10.0.0.x from `10.x` or 127.0.0.1 from `127.1`. It's just like IPv6's :: notation, except less explicit.12
A tcp packet walks in to a bar and says “I want a beer”, barman says “you want a beer?” and tcp packet says “yes, a beer” .
In high society, TCP is more welcome than UDP. At least it knows a proper handshake.
A bunch of TCP packets go into a bar, until it’s overcrowded. The next day, half as many go in.
A bunch of TCP packets walk into a bar. The bartender says, “Hang on just a second, I need to close the window.”
When I try to send SYNs to chicks, I don’t get any ACKs. Just FINs and RSTs.
IP packet with TTL=1 arrives at bar. Bartender: “Sorry, can’t let you leave…and you don’t get any beer either…”
The worst part about token ring jokes is that if someone starts telling one while you are telling yours, all joking stops.
The great thing about TCP jokes is that you always get them.
The problem with TCP jokes is that people keep retelling them slower until you get them.
I would tell some UDP jokes too but I never know if anyone gets them
The best thing about UDP jokes is that I don’t care if you get them or not.
I had a funny UDP joke to tell, but I lost it somewhere...
The sad thing about IPv6 jokes is that almost no one understands them and no one is using them yet.
I tried to come up with an IPv4 joke, but the good ones were all already exhausted.
A DHCP packet walks into a bar and asks for a beer. Bartender says: “here, but I’ll need that back in an hour!
DHCP jokes only work when there is only one person telling them
The worst part of SSH jokes is that, even when they're not funny, you suck it up and just pretend they were anyway.
The problem with token ring jokes is you need to wait your turn to laugh
I’d make a joke about UDP, but I don’t know if anyone’s actually listening…11
I miss old internet.
- without politics
- without robots
- without money
- without big portals
- without commercials
- without advertising
- without data centers
- without ipv6
but with great usenet and community
Shit fuck I’m old26
User Ip Address is too long (maximum is 30 characters).
Okay, dear third-party API, I guess users with IPv6 don't deserve the service... And wtf is 30-char limit for an IP address, when IPv4 can be only 15 characters long, and IPv6 can be up to 39 characters? Did you calculate a weighted average of IP length to get that number?11
Here are the reasons why I don't like IPv6.
Now I'll be honest, I hate IPv6 with all my heart. So I'm not supporting it until inevitably it becomes the de facto standard of the internet. In home networks on the other hand.. huehue...
The main reason why I hate it is because it looks in every way overengineered. Or rather, poorly engineered. IPv4 has 32 bits worth, which translates to about 4 billion addresses. IPv6 on the other hand has 128 bits worth of addresses.. which translates to.. some obscenely huge number that I don't even want to start translating.
That's the problem. It's too big. Anyone who's worked on the internet for any amount of time knows that the internet on this planet will likely not exceed an amount of machines equal to about 1 or 2 extra bits (8.5B and 17.1B respectively). Now of course 33 or 34 bits in total is unwieldy, it doesn't go well with electronics. From 32 you essentially have to go up to 64 straight away. That's why 64-bit processors are.. well, 64 bits. The memory grew larger than the 4GB that a 32-bit processor could support, so that's what happened.
The internet could've grown that way too. Heck it probably could've become 64 bits in total of which 34 are assigned to the internet and the remaining bits are for whatever purposes large IP consumers would like to use the remainder for.
Whoever designed IPv6 however.. nope! Let's give everyone a /64 range, and give them quite literally an IP pool far, FAR larger than the entire current internet. What's the fucking point!?
The IPv6 standard is far larger than it should've been. It should've been 64 bits instead of 128, and it should've been separated differently. What were they thinking? A bazillion colonized planets' internetworks that would join the main internet as well? Yeah that's clearly something that the internet will develop into. The internet which is effectively just a big network that everyone leases and controls a little bit of. Just like a home network but scaled up. Imagine or even just look at the engineering challenges that interplanetary communications present. That is not going to be feasible for connecting multiple planets' internets. You can engineer however you want but you can't engineer around the hard limit of light speed. Besides, are our satellites internet-connected? Well yes but try using one. And those whizz only a couple of km above sea level. The latency involved makes it barely usable. Imagine communicating to the ISS, the moon or Mars. That is not going to happen at an internet scale. Not even close. And those are only the closest celestial objects out there.
So why was IPv6 engineered with hundreds of years of development and likely at least a stage 4 civilization in mind? No idea. Future-proofing or poor engineering? I honestly don't know. But as a stage 0 or maybe stage 1 person, I don't think that I or civilization for that matter is ready for a 128-bit internet. And we aren't even close to needing so many bits.
Going back to 64-bit processors and memory. We've passed 32 bit address width about a decade ago. But even now, we're only at about twice that size on average. We're not even close to saturating 64-bit address width, and that will likely take at least a few hundred years as well. I'd say that's more than sufficient. The internet should've really become a 64-bit internet too.37
*Opens a pack of tablets (8000) and start to prep them.*
WHAT THE ACTUAL FUCK.
SAME MAC ADDRESS.
Okay, that's just an er-
NOPE, ANOTHER ONE. HOLY SHIT. OKAY IT'S GETTING WORSE.
Is it my db?
The db is just fine.
*Painfully getting in contact with the reseller*
Me: grumbles grumbles Mac Address grumbles
Reseller: Uh.. What?
It would be okay if we weren't using Mac Addresses as primary key in our databases.
They gave us some weird-looking software to "re-write mac addresses". It's working.
Something tells me that ipv6 is not for tomorrow.7
Okay, so I was helping an elderly woman with her laptop + internet today (with payment). Problem: Laptop connects to WiFi, shows internet connection, but you couldn't even go to google.com.
The router wasn't the issue as my phone worked on the same WiFi. After a lot of troubleshooting steps, I noticed that Windows forced IPV6 for all WiFi connections for some reason. The router doesn't even support IPV6... So I disabled it and everything started working again.
WHY THE FUCK DID WINDOWS NOT TRY TO LOOKUP A IPV4 ADDRESS IF THE IPV6 FAILS? BOTH WERE ENABLED! WHO AT THE FUCKING WINDOWS 10 DEVELOPMENT TEAM THOUGHT IT WAS A GOOD IDEA?19
Fucking piece of shit German internet man. Some of you might know that Germany probably has the shittiest internet in the EU. And by shitty, I don't mean the downstream speeds you can get (which is how most ISPs justify their crappy network), but the GODDAMN UPSTREAM SPEEDS.
See, I'm just a student, right? I don't run a fucking company or something like that. I don't need / can't afford a symmetrical gigabit connection. But I do a lot of stuff that requires a decent upstream connection.
Fucking Unitymedia (my ISP), if I already decide to buy the goddamn "business plan" (IPv6 & static adresses), at least supply me with some decent upstream speeds. PLEASE!
My current plan costs ~45€ a month for internet and TV (I don't watch, but my two other flat-mates do).
Internet speeds are 150 Mbit/s down and FUCKING 10 Mbit/s up! What??! What the hell am I supposed to do with only 10 Mbit/s?? I'm already completely exhausting the bandwidth and I'm not even done setting everything up! Fucking hell...
I was planning on getting their "upload package" to get at least 20 Mbit/s up – but they removed that option! IT'S GONE, PEOPLE! They said in an interview last year that "customers are not interested in higher upload speeds" and consequently removed that option. WHAT???
"You wanna have state-of-the-art downstream speeds of 400 Mbit/s? Here you go. Oh, our maximum limit of 10 Mbit/s upstream is not enough for you? TOO FUCKING BAD, NOTHING THAT WE CAN OFFER YOU!"
(Seriously though, the best customer internet plan is 400D & 10U)
Goddamn... in this day and age of things like cloud storage etc. even "normal" people definitely need higher upload speeds.
Man, this rant got so long, but I really wanted to get this out. This wasn't even everything though, maybe I'll make a separate rant to elaborate on other issues.
If you are interested, you might want to read up on the following report:
I wish the apple review team shove them white polished apples up their fucking asses
A problem solved over a month ago... Ipv6 works it's tested.
Now you come back with a very specific old iPad on a very specific os and say it doesn't work !?
The topping on this shit (apple) pie? They sent me a screenshot of the issue.
It's a screenshot of the fucking login page. I know what the fucking thing looks like you assholes.
In my previous rant about IPv6 (https://devrant.com/rants/2184688 if you're interested) I got a lot of very valuable insights in the comments and I figured that I might as well summarize what I've learned from them.
So, there's 128 bits of IP space to go around in IPv6, where 64 bits are assigned to the internet, and 64 bits to the private network of end users. Private as in, behind a router of some kind, equivalent to the bogon address spaces in IPv4. Which is nice, it ensures that everyone has the same address space to play with.. but it should've been (in my opinion) differently assigned. The internet is orders of magnitude larger than private networks. Most SOHO networks only have a handful of devices in them that need addressing. The internet on the other hand has, well, billions of devices in it. As mentioned before I doubt that this total number will be more than a multiple of the total world population. Not many people or companies use more than a few public IP addresses (again, what's inside the SOHO networks is separate from that). Consider this the equivalent of the amount of public IP's you currently control. In my case that would be 4, one for my home network and 3 for the internet-facing servers I own.
There's various ways in which overall network complexity is reduced in IPv6. This includes IPSec which is now part of the protocol suite and thus no longer an extension. Standardizing this is a good thing, and honestly I'm surprised that this wasn't the case before.
Many people seem to oppose the way IPv6 is presented, hexadecimal is not something many people use every day. Personally I've grown quite fond of the decimal representation of IPv4. Then again, there is a binary conversion involved in classless IPv4. Hexadecimal makes this conversion easier.
There seems to be opposition to memorizing IPv6 addresses, for which DNS can be used. I agree, I use this for my IPv4 network already. Makes life easier when you can just address devices by a domain name. For any developers out there with no experience with administration that think that this is bullshit - imagine having to remember the IP address of Facebook, Google, Stack Overflow and every other website you visit. Add to the list however many devices you want to be present in the imaginary network. For me right now that's between 20 and 30 hosts, and gradually increasing. Scalability can be a bitch.
Any other things.. Oh yeah. The average amount of devices in a SOHO network is not quite 1 anymore - there are currently about half a dozen devices in a home network that need to be addressed. This number increases as more devices become smart devices. That said of course, it's nowhere close to needing 64 bits and will likely never need it. Again, for any devs that think that this is bullshit - prove me wrong. I happen to know in one particular instance that they have centralized all their resources into a single PC. This seems to be common with developers and I think it's normal. But it also reduces the chances to see what networks with many devices in it are like. Again, scalability can be a bitch.
Thanks a lot everyone for your comments on the matter, I've learned a lot and really appreciate it. Do check out the previous rant and particularly the comments on it if you're interested. See ya!25
Was discussing IPv6 subnets with a couple mates, when suddenly a non-tech friend standing by jumps in and says: "I'm doing no-NAT-November!"2
"There's more to it"
This is something that has been bugging me for a long time now, so <rant>.
Yesterday in one of my chats in Telegram I had a question from someone wanting to make their laptop completely bulletproof privacy respecting, yada yada.. down to the MAC address being randomized. Now I am a networking guy.. or at least I like to think I am.
So I told him, routers must block any MAC addresses from leaking out. So the MAC address is only relevant inside of the network you're in. IPv6 changes this and there is network discovery involved with fandroids and cryphones where WiFi remains turned on as you leave the house (price of convenience amirite?) - but I'll get back to that later.
Now for a laptop MAC address randomization isn't exactly relevant yet I'd say.. at least in something other than Windows where your privacy is right out the window anyway. MAC randomization while Nadella does the whole assfuck, sign me up! /s
So let's assume Linux. No MAC randomization, not necessary, privacy respecting nonetheless. MAC addresses do not leak outside of the network in traditional IPv4 networking. So what would you be worried about inside the network? A hacker inside Starbucks? This is the question I asked him, and argued that if you don't trust the network (and with a public hotspot I personally don't) you shouldn't connect to it in the first place. And since I recall MAC randomization being discussed on the ISC's dhcp-users mailing list a few months ago (http://isc-dhcp-users.2343191.n4.nabble.com/...), I linked that in as well. These are the hardcore networking guys, on the forum of one of the granddaddies of the internet. They make BIND which pretty much everyone uses. It's the de facto standard DNS server out there.
The reply to all of this was simply to the "don't connect to it if you don't trust it" - I guess that's all the privacy nut could argue with. And here we get to the topic of this rant. The almighty rebuttal "there's more to it than that!1! HTTPS doesn't require trust anymore!1!"
... An encrypted connection to a website meaning that you could connect to just about any hostile network. Are you fucking retarded? Ever heard of SSL stripping? Yeah HSTS solves that but only a handful of websites use it and it doesn't scale up properly, since it's pretty much a hardcoded list in web browsers. And you know what? Yes "there's more to it"! There's more to networking than just web browsing. There's 65 THOUSAND ports available on both TCP and UDP, and there you go narrow your understanding of networking to just 2 of them - 80 and 443. Yes there's a lot more to it. But not exactly the kind of thing you're arguing about.
Enjoy your cheap-ass Xiaomeme phone where the "phone" part means phoning home to China, and raging about the Google apps on there. Then try to solve problems that aren't actually problems and pretty vital network components, just because it's an identifier.
P.S. I do care a lot about privacy. My web and mail servers for example do not know where my visitors are coming from. All they see is some reverse proxies that they think is the whole internet. So yes I care about my own and others' privacy. But you know.. I'm old-fashioned. I like to solve problems with actual solutions.11
I recently installed pi-hole...
Everything was immediately perfect.
So, about two days later, I install a linux system... Hadn't had one when I setup my pi-hole. (Well, no Linux with desktop environment...)
So... Now I had error messages in Chrome... Connection change detected. The page didn't load, 3 seconds later it loaded. Many pages had to be reloaded.
And I focused my Google-Fu on issues connecting to pi-hole. Some issues where there, referring to Safari and pi-hole, but none for Chrome or/and Linux.
But what's a pi-hole? A DNS Resolver/Non-authoritive server and a DHCP server...
Maybe I haven't turned off my router's DHCP server correctly. So, wireshark... "bootp or dns" filter...
All dns communication is perfect, via UDP and from the pi-hole to my machine, not from the router. No DHCP messages from my router either...
Almost accidentally I found a page speaking about this issue. Had nothing to do with the pi-hole. Timing was a coincidence. Had everything to do with IPv6. Somehow that's switching over. Even worst, after reading that, I remembered I had the same issue in the past. I just forgot.
Turning off IPv6 was the solution. And fuck. Let this be a PSA: "Confirm your bloody assumptions when troubleshooting/debugging or waste time like an idiot... Just like me..."
Yes, my ISP supports ipv6 to home too, and after some hacking around my servers can serve my websites on ipv6 :D3
I fukin hate App reviews in Apple Store :/ My app, basic cordova webview and Onesignal push, was rejected again! For fifth time! Now for IPv6 in-compatibility.3
Who the fuck thought that carieer grade NAT would be a great solution instead of just switching over to IPv6 and have functioning internet?
I don't want to share my IP with some bastard who fails every reCaptcha so that pictures take 5 fucking seconds for me to fade out and in again.
Neither Chrome nor Firefox have a reliable way of forcing IPv6 if possible so Google still thinks I'm an evil bot.
I'm waiting for my PayPal to be frozen because of "suspicious actions from 'my' internet connection".
I don't want to share my IP. I want to be responsible myself for everything that happens to it.
Please replace that old switches that are too slow to manage serious traffic anyway and are just wasting their power for being turned on so that I can have an IP address to myself2
One of the big ISP/entertainment companies dug up the roads a few months back and laid fibre optic cables (cutting through a power cable in the process but that's another story).
Recently had someone turn up at my door to chat about their services. All sounded very good, I took a card and gave it some thought and did some research.
So, it'd be a little cheaper than my current provider (FTTC setup). It'd be faster for downloads, slightly slower for uploads (I want fast upload). IPv6 is only on their business packages. I use IPv6 a lot. I also have several static IPv4 addresses.
It would involve getting a cable in to where my equipment rack is, and one to where the TV is (which I spent ages building a TV unit with power, network etc.)
To record/watch TV in another room with their service, I'd need to pay extra. The service just provides HD channels that I can already get, unless I pay more. At the moment I have MythTV handling all the recording of TV shows I want, and Kodi to play them back on different TVs, via CAT6 I spent ages installing into the walls.
Then there's the uncertainty of how nicely their equipment will play with my relatively complicated setup.
I decided, it isn't worth it really for me. I would have to change a load of stuff just to end up with what I already have... But with more limitations.
Anyway, the guy turned up again a few days later, I told him of my decision and away he went.
Since then I have been visited by 2 other employees of this company to try to sell me the service.
It is probably great and convenient if you are not like me and DIY all your home network and media distribution setup...
Also the ISP I'm with is quite small. They are very knowledgeable and friendly and I can get through to someone quickly if i phone. What I use meets my needs, so I prefer to support the smaller company in this case.
When nginx decides to just NOT answer to any IPv4 requests, áfter 2 weeks of having it set up for IPv6, just because I updated the Let's Encrypt certificate..
I finally got IPv6 working on my home network with a custom Linux router. It's pretty neat. I wrote a full tutorial:
Me: Ok, we'll implement that message tech. But since the clients are servers in that architecture and can't speak IPv6 we've to use a dedicated VPN so the endpoint is able to connect to the servers (clients). Since we have limited network resources we should use VPN cert-encryption and send the actual data plain to save at least some overhead.
Boss: Ok! Let's do it!
Boss: Hey! I talked to a guy from that message tech. Their encryption is certified. We should use that instead and get rid of the VPN to save the overhead!
Me: *unable to say a word*
What in "VPN in that architecture is mandatory" is unclear?
Well, I assume we'll kill the architecture then... Fun Time!
Huge update and refactoring on my private infrastructure (gigabit lan, ipv6, new vpn architecture, new dns, new mailserver and much more). And there is no more microsoft in my little kingdom :)
Also i stumbled over devrant ;)
Still a lot of unfinished projects, more and more problems at work because of lack of concentration. Been diagnosed with adhd this year, so at least i know the source of my problems, but it still hurts to fail :(
Best wishes for 2017++ to the devrant community!1
Last year I switched to a dedicated server with several IPv4 and IPv6 addresses. Getting Docker to direct traffic (both ingress/egress) to specific IP addresses is way more difficult than it should be. I wrote a tutorial for anyone else who's interested:
I was just flicking through my new android phone, ended up on my I.P address, and it had 6 addresses?!?
4 IPv6 with single colons
I might be a bit thick, but shouldn't a device have 2 I.P's at max? Or am I wrong?9
GOOGLE, I WANT TO FUCK YOUR ASS, WHY THE HELL THE NEWER VERSIONS OF ANDROID ARE NO LONGER ABLE TO OPEN THE FUCKING WEB APPS ON LOCAL NETWORKS, THE SAME APP IS ACCESSIBLE FROM IOS AND FUCKING ANDROID CAN’T FIGURE OUT THE CORRECT DNS OF THE LOCAL IP ADDRESS BECAUSE YOU DROPPED IPV4 SUPPORT YOU ASSHOLES.6
I haven't touched my OpenVPN server configuration in almost a year. Everything seemed to "just work" the way I wanted it.
I have now just found out that all ipv6 DNS queries were actually going to the wrong ip.
Why am I such a magnet for stupid shit like this?
Every time I try to do something beautiful, elaborate, complex, I always get some small shitty detail wrong.
It's like "close, but no cigar".
Bonus fun fact: I only found out thanks to Windows' DNS leak feature. Thanks, Windows!5
One of these days my Windows 10 system will actually figure out how to obtain an IPv6 address without needing me to manually run ipconfig /renew6 or disable/reenable the network adapter... For now, static IPv6 it is
I have just slept for a minimum of 5 hours. It is 7:47 PM atm.
We have had a damn stressful day today.
We have had a programming test, but it really was rather an exam.
Normally, you get 30 minutes for a test and 45 minutes for an exam.
In this "test" we have had to explain what 'extends' does and name a few advantages of why one should use it.
Read 3 separate texts and write the program code on paper. It was about 1 super class and 1 sub class with a test class in Java.
Task 3: Create the UML diagram of the code from above. *internally: From above? He probably means my code since there is no other code there. *Checks time*. I have about 3 minutes left. Fuck my life.*
Draws the boxes. Put the class names in each of them. A private attribute for the super class.
Teacher: Last minute!
Draw the arrow starting starting from the sub class to the super class.
Put my name on each written paper. And mentally done for the day. Couldn't finish the last task. Task 3.
During this "test", I heard the frustrations of my classmates. Seemed like everyone was pretty much pissed.
After a short discussion with the teacher who also happens to be the physics professor of a university nearby.
[If you are reading this, I hope that something bad happens to you]
The next course was about computer systems. Remember my recent rant about DNS, dhcp, ftp, web server and samba on ubuntu?
We have had the task to do the screenshots of the consoles where you proof that you have dhcp activated on win7 machine etc. Seemed ok to me. I would have been done in 10 minutes, if I would be doing this relaxed. Now the teacher tells us to change the domain names to <surnameOfEachStudent>.edu.
I was like: That's fine.
Create a new user for the samba server. Read and write directories. Change the config.
Me: That should be easy.
Create new DNS entries in the configs.
Change the IPv6 address area to 192.168.x.100-200/24 only for the dhcp server.
Change the web server's default page. Write your own text into it.
You will have 1 hour and 30 minutes of time for it.
Dumbo -ANGRY-CLIENT-: Aye. Let us first start screenshotting the default page. Oh, it says that we should access it with the domain name. I don't have that much time. Let us be creative and fake it, legally.
Changes the title element so that it looks like it has been accessed via domain name. Deletes the url and writes the domain name without pressing Enter. Screenshot. Done. Ok, let us move to the next target.
Dhcp: Change lease time. Change IP address area. Subnet mask. Router. DNS. Broadcast. Optional domain name. Save.
Switches to win7.
Holy shit it does not work!
After changing the configs on ubuntu for a legit 30 minutes: Maybe I should change the ip of the ubuntu virtual machine itself. *me asking my old self: why did not you do that in the first place, ass hole?!*
Same previous commands on win7 console. Does not work. Hmmm...
Where could be the problem?
Check the IP of the ubuntu server once again. Fml. Ubuntu did not save when I clicked on the save button the first time I have changed it. Click on save button 10 times to make sure it really is saved now lol.
Same old procedure on win7.
Alright. Dhcp works. Screenshot.
Checks time. 40 minutes left.
DNS:It is your turn. Checks bind9 configs. sudo nano db.reverse.edu.
sudo nano db.<mysurname>.edu.
Alright. All set. It should work now.
Ping win7 from ubuntu and vice versa. Works. Ping domain name on windows 7 vm. Does not work.
Oh, I forgot to restart the bind9 server on ubuntu.
sudo service bind stop
" " " start
Check DNS server IP on win7. It looks fine.
It still doesn't work. Fuck it. I have only 20 minutes left. Samba. Let us do this!
10 minutes in. No result. I don't remember why. I already forgot why I have done for it. It was a very stressful day.
Let us try DNS again.
Oh shit. I forgot the resolver!
sudo nano /etc/resolv.conf
The previous edits are gone. Dumb me. It says it in the comments. Why did not I care about it. Fuck it.6 minutes left. Open a yt video real quick. Changes the config file. Saves it. Restarts DNS and dhcp. Closes the terminal and opens a new one. The changes do not affect them until you reopen them. That's why.
Change to win7.
Ping works. How about nsloopup.
Does not work.
Teacher: 2 minutes left!
Saves the word document with the images in it. Export as pdf. Tries to access the directories of the school samba server. Does not work. It was not my fault tho. Our school server is in general very slow. It feels like they are not maintained and left alone like this in the dust from the 90s.
Friend gets the permission to put his document on a USB and give the USB to the teacher.
Sneaky me: Hey xyz, can you give me your USB real quick?
Gets bombed with "do you want to format the USB?" pop-ups 10 times. Fml. Skips in a fast way.
Transfers the pdf. Plug it out. Give it back.
After this we have had to give a presentation in politics. I am done.6
1. Universal switch to IPv6 with back compatibility to IPv4.
2. A new universe of easy and convenient personal softwares that are served from your own home (aka, every client is a server).
3. More 3 wishes 😏2
I reset my Linode VPS to vanilla Arch after the blundered attempt to use an unsupported Linux distro. Now I'm reinstalling OpenVPN and decided to try out IPv6 networking over the tunnel. Got my free address block and it is SO AWESOME, even typing the addresses feels nicer. I never want to touch IPv4 octets again.6
I love Mikrotik. Just fucking love them. I also love my residential fiber service. Small company. Synchronous 125M service. No caps. Bandwidth is always there.
BUT... They use PPPOE (seriously guys?), and the IP changes on *every single re-connect*. Also: no IPv6 support. I know. I don't need it. But I want it.
Enter DNSMadeEasy's DDNS, Hurricane Electric's 6to4 tunnel service, and my Routerboard AH100x4. I wrote a script that runs on the router whenever my IP changes. It updates my DDNS record, updates my 6to4 tunnel IP using HE's API, and updates my local 6to4 interface's IP.
It just works. My public IPv4 may change, but the /48 IPv6 networks on my LAN side stay fully routeable.4
So got first invoice for Internet in my new flat. Via e-mail with winmail.dat attached. WTF? Send them reply that their mailing system is broken. They replied that *I* probably have wrongly setup *Outlook* and sent me instructions how to configure my Outlook. Thank you, my mutt us fine and your instructions wouldn't work. Sent them another reply that I'm happy that they know the answer and that they should apply it to their setup as my mail setup is correct. Got e-mail with pdf. No wonder those guys don't suppprt IPv6 nor DNSSEC if they have troubles using plain e-mail. Maybe I should check whether they have DKIM or SPF and do some little evil...1
Woohoo! Finally managed to set up ipv6 tunnelling on my openvpn server, now all my clients can reach ipv6 resources too!
The only hiccup is that I have to manually specify an ipv6 address to each client beforehand, or they won't get one automatically, but that seems to be an OpenVPN-related issue.
Still, feeling great! Finally figured this out :D2
Accidentally bridged the only interface with a manual IPv4 address on a production box. With only public key access, my only choice was to calculate and ssh via its IPv6 link local address address.
Thanks god it worked.
Fuck DS-Lite with a rusty rod covered in sand. Also fuck 4to6tunnel.
Boy I really need to take a networking class, this is driving me nuts
Which one is IPv6 loop-back address ?
E. I put a loop-back on your loop-back
F. None of the above20
Now I have enough of this shit I fucking go grab a chainsaw and cut you into the tiniest pieces possible then pour gasoline on your fucking servers and lit them on fire. How the fuck should I remain calm if there is at least two fucking email I can't send because your fucking piece of shit server gets blacklisted EVERY FUCKING WEEK.
Oh how cool you made ipv6 available to shared plans so outlook servers won't blacklist mails. But guess what, it STILL DOESN'T WORK!!! Not to mention that you automatically modify my existing SPF record and set the shared storage ipv6 address to the main domain which should be pointing to the vps (still working though but have no idea why). I am so fucking fed up with people for today, and it's only just morning.
Ok so another short rant about project I ranted before. We are developing Android and iOS social app for around 6 months, apps should have been in store during September . Turns out sometimes during August Apple decided that all apps of appstore that communicate with server have to implement ipv6 also Amazon had support ipv6 on its old ec-classic instances but not on new ec-vpc instances. I have worked until middle of the night trying to find work around for this but at the end we need to find another host that supports ipv65
Fine then, keep your secrets.
500 OOPS: run two copies of vsftpd for IPv4 and IPv6
root@RPi3b:/home/pi# vsftpd --help
500 OOPS: unrecognise option: --help
root@RPi3b:/home/pi# vsftpd -?
500 OOPS: unrecognise option: -?
Fuck's sake, why is setting up ipv6 for an LXC container so hard?
For whatever reason the assigned ipv6 address to the lxcbr0 interface (on the host) doesn't stick, and any v6 outgoing traffic from the container is blocked.
Can't find any decent documentation either :(1
I've started to get more into the TOR idea over the last couple of weeks.
I know I'm way to "non protective" of my privacy but changing would mean I'd have to break many habits and stop using things I'm used to.
A couple years back (I guess it was in like 8th grade or so) I had a presentation in German (my first language) for an extra mark. It was about tor. In the process of researching all of it I learned quite a lot about it. All of this knowledge has stuck to me the whole time, unused.
Fast forward to today, I've finally decided to use the couple of bitcoins I have (like 15€ or so) from my home mining experiment to rent a vps for a tor relay. First, I was lucky enough to find a service provider that accepts bitcoin for a 3€. They advertised "Fair use Traffic", later found out, after committing for three months since I was like "yeah... will be fine", in the customer panel there is a graph that shows me that I have used x% of 1.5 TB... I guess the customer support will get an email from me asking what "Fair use" exactly means... But that's fine... Oh... And ipv6 wasn't a thing to be found...
To wrap it up... I've now got a 2 weeks old little tor relay <3
(I didn't wanted to put it on my main vps where I have 200mbit guaranteed at unlimited for 5€ a month since that's where I have my mail server running and a hidden service for my next cloud)1
Bought the HELIO Amped router and low n behold.. ipv4 and ipv6 not connected to the internet. I have a project due. I tried everything from uninstalling/installing drivers to using command flushdns. I’m starting to have my suspicions on the modem?
Having problems with some users ipv6 addresses in my server. For testing purposes I would like to find a free or very cheap vpn so I could obtain a ipv6 ip address proxy/vpn (if its even possible) for testing purposes. Can you recommend something?13
Why the fuck did Apple just start testing my app using an ipv6 only network? I mean that is a good idea in general, but did they just start doing this recently, or did a major appledick decide that now, after 15 good releases, they should reject the app and force me to rethink my whole backend structure... Screw you, why didn't you tell me when I started?2
Having problems with getting user's IP address with PHP.
So basically I made a custom DDoS protection for my linux server.
It works like this: php website gathers visitor IP address when he does a certain action (in this case registers an account). All visitor ips are stored in ips.txt securely on my website ftp.
Then my linux server has iptables rules setup in a way where it blocks all traffic except my website traffic.
On linux server I have a cron job which pulls whitelisted ips every 5 minutes from my php website FTP and then whitelists all IP's in iptables.
That way only visitor IP's (of those who registered account in my website) are being whitelisted in my linux server.
In case of a DDoS attack, all traffic is dropped except for the whitelisted visitor's IP's gathered from website ips.txt
Now I'm having a problem. My PHP script is not accurate. Some visitors in my website are not being whitelisted because they might have a different ipv4 ip address than what is given from php website. So basically I am looking for some php script/library that would gather ALL ipv4 ips from a visitor, then whitelist them.
Also regarding ipv6, my iptables are all default (which means that all ipv6 visitor traffic is allowed) so problem is not with visitors that have ipv6. Problem is with my script not getting ALL ipv4 ip addresses assigned to the user.
Can you recommend me some php library for that? So far I've used https://github.com/marufhasan1/... but apparently it's not accurate enough.16
Any advice for the CCNA exam? I've been through the cisco online courses and use them for reference. I know Todd Lammle's guides are pretty good too. Any extra texts/resources I should take a look at?
I feel my weak points are:
IPv6, NAT, ACL's, and Class A/B subnetting.5
rant.author != this
Christ people. This is just sh*t.
The conflict I get is due to stupid new gcc header file crap. But what
makes me upset is that the crap is for completely bogus reasons.
This is the old code in net/ipv6/ip6_output.c:
mtu -= hlen + sizeof(struct frag_hdr);
and this is the new "improved" code that uses fancy stuff that wants
magical built-in compiler support and has silly wrapper functions for
when it doesn't exist:
if (overflow_usub(mtu, hlen + sizeof(struct frag_hdr), &mtu) ||
mtu <= 7)
and anybody who thinks that the above is
(b) efficient (even with the magical compiler support)
(c) particularly safe
is just incompetent and out to lunch.
The above code is sh*t, and it generates shit code. It looks bad, and
there's no reason for it.
The code could *easily* have been done with just a single and
understandable conditional, and the compiler would actually have
generated better code, and the code would look better and more
understandable. Why is this not
if (mtu < hlen + sizeof(struct frag_hdr) + 8)
mtu -= hlen + sizeof(struct frag_hdr);
which is the same number of lines, doesn't use crazy helper functions
that nobody knows what they do, and is much more obvious what it
I guarantee that the second more obvious version is easier to read and
understand. Does anybody really want to dispute this?
Really. Give me *one* reason why it was written in that idiotic way
with two different conditionals, and a shiny new nonstandard function
that wants particular compiler support to generate even half-way sane
code, and even then generates worse code? A shiny function that we
have never ever needed anywhere else, and that is just
And yes, you still could have overflow issues if the whole "hlen +
xyz" expression overflows, but quite frankly, the "overflow_usub()"
code had that too. So if you worry about that, then you damn well
didn't do the right thing to begin with.
So I really see no reason for this kind of complete idiotic crap.
Tell me why. Because I'm not pulling this kind of completely insane
stuff that generates conflicts at rc7 time, and that seems to have
absolutely no reason for being anm idiotic unreadable mess.
The code seems *designed* to use that new "overflow_usub()" code. It
seems to be an excuse to use that function.
And it's a f*cking bad excuse for that braindamage.
I'm sorry, but we don't add idiotic new interfaces like this for
idiotic new code like that.
Yes, yes, if this had stayed inside the network layer I would never
have noticed. But since I *did* notice, I really don't want to pull
this. In fact, I want to make it clear to *everybody* that code like
this is completely unacceptable. Anybody who thinks that code like
this is "safe" and "secure" because it uses fancy overflow detection
functions is so far out to lunch that it's not even funny. All this
kind of crap does is to make the code a unreadable mess with code that
no sane person will ever really understand what it actually does.
Get rid of it. And I don't *ever* want to see that shit again.
I've never used Python much, but my network class had an assignment to make a program that would convert a physical MAC address to an EUI-64 address (as well as some other, easier functions). It's not the most elegant solution, I'm sure, but I'm proud of what I created.
(Reposted due to needing to rehost image)1
I already searched for a while and couldn't find a viable solution.
I setup a service with docker-compose, and published it on port 80.
However port 80 is only published on ipv4 networks, not ipv6.
How can I make docker publish the service on ipv6 networks as well.1