r00ty

r00ty , 1 day ago

So between 0 and 20. 😛

r00ty , 2 days ago

Pretty sure mine was 16399753. But, not logged in for probably 15 or more years, so could be wrong.

No idea whatsoever about the password :P

r00ty , 6 days ago

I think people's experience with PLE will always be subjective. In the old flat we were in, where I needed it. It would drop connection all the time, it was unusable.

But I've had them run totally fine in other places. Noisy power supplies that aren't even in your place can cause problems. Any kind of impulse noise (bad contacts on an old style thermostat for example) and all kinds of other things can and will interfere with it.

Wifi is always a compromise too. But, I guess if wiring direct is not an option, the OP needs to choose their compromise.

r00ty , 10 days ago

You should only assign static ipv6 to servers, in theory you could just define a host id and use a prefix too. But, most people at home really aren't running enough servers to make that worthwhile. Everything else should just pick up new addresses fine using ND.

r00ty , 10 days ago

Hah. But to be fair, ATM did have a specific use that it worked great for. That is the move to digital voice circuits. The small fixed cell size and built in QoS meant that if you had a fixed line size you could fit X voice channels, and they would all be extremely low latency and share the bandwidth fairly. You didn't need to buffer beyond one cell of data and you didn't need to include overhead beyond the cell headers.

ATM was designed to handle the "future" or digital network needs. But, the immediate use was about voice frames and that likely dictated a lot of the design I'd expect.

r00ty , 10 days ago

Only if you're a masochist.

r00ty , 10 days ago

Yeah, but they're not. That's the modern world. But also even if it was a web server there's usually ways to advertise the IP for the app to connect to. I've seen other stuff do that. So getting an IP is easy. Once the app knows the IP and if you really want to allow connections from outside to your IOT devices (I wouldn't) it could remember the IP and allow that.

You really don't need to give a fixed IP to everything. I think I've given 1 or 2 things fixed IPv6 IPs. Everything else is fine with what it assigns itself.

r00ty , 11 days ago

I think this really comes down to whether the employee was IT (and to an extent part of the network team). If so, I'd say there's a lot of questions to be answered here. If not, there's also a lot of questions to be answered but not from that employee :P

r00ty , 11 days ago

I'd say that it is always gambling because there is risk involved.

But I would say that both traditional gambling and investments have the same threshold for problematic behaviour, and that is when you spend more money than you can afford to lose. That is regardless whether you win or not.

r00ty , 19 days ago

When people read my code, they usually say they like that I comment so much, it makes it easier to understand what's happening.

I say, I comment so much because my memory is terrible. It's for me!

r00ty , 18 days ago

Ironically I just left the startup world for a larger more established company and the code is some of the worst I’ve seen in a decade. e.g. core interface definitions without even have a sentence explaining the purpose of required functions. Think “you’re required to provide a function called “performControl()”, but to work out its responsibilities you’re going to have to reverse-engineer the codebase”. Worst of all this unprofessional crap is part of that ground-up 2nd attempt rewrite.

I think this is actually quite common in commercial code. At least, for most of the code I've seen. Which is why I laugh most of the time when people imply commercial code is better than most open source code. It's not, you just cannot see it.

r00ty , 19 days ago

I think a federation of smaller hobby run sites is going to be the only way to avoid the commercialised Internet, and all the negatives it involves.

r00ty , 18 days ago

Yep. I was around in the mid 90's. Which was around when it became generally affordable to get internet at home.

I'd say most stuff was running from university computers though. Normal people couldn't afford to have a permanent connection (even 64k) at home and in the few places co-location existed it was priced out of reach of normal people (and so were the servers you could install).

But it was still not even slightly commercialised.

r00ty , 18 days ago

I ensure my instance stays up, by running my own :)

r00ty , 19 days ago

Last time I heard a dial tone was just a second ago when I pushed the speakerphone button on my Cisco ip phone.

r00ty , 18 days ago

Well, it's generated in the same way as modern tones are in a telephone exchange, not a played sample. You can usually configure the tone frequencies (never tried on cisco ip phone, but asterisk allows it for its own generated tones and I had a cisco ATA that let you configure them).

So, unless we're limiting ourselves to the original mechanically generated dial-tones. I'll consider them for all intents and purposes to be one and the same.

E.g. for the UK on cisco/sipura ATAs you would use the configuration found here https://teamhelp.sipgate.co.uk/hc/en-gb/articles/208200875-UK-Regional-Settings-Cisco-Linksys-Sipura-Adaptors and as an example (dial tone)

Dial Tone: 350@-19,440@-22;10(*/0/1+2)

The comfort noise is also generally only added when there's no other noise on the call. This is to prevent you thinking you were disconnected when no-one is talking.

r00ty , 19 days ago

Generally, a device cannot get an internet facing IP address unless something else on your network is advertising the prefix. In fact, I'd argue there's little point using DHCPv6 now. Some devices are only interested in SLAAC. But, if you have a router that gets an IPv6 prefix from your ISP (usually /48 or /64, but you can get other sizes) it will usually then advertise that onto your local network.

As for the IP addresses. I would say that you should definitely still have a firewall in place. But the setup is the same as IPv4 just without NAT. e.g. you set a blanket rule for your prefix to allow outbound and block unrelated inbound. Then poke holes through for specific devices and services.

By default, IPv6 implementations make an assumption that they're not going to be a server (if you want a device to be a server, you can just set a static IP) and their "main" IP will be a random looking one (and the configuration will depend on whether it uses an interface identifier to create the address, or if it is random) within your (usually huge) allocation. But more than that, they will usually be configured to use the IPv6 privacy extensions (RFC4941). This generates extra temporary addresses per device, which are used for outbound connections and do not accept incoming connections. That is, people cannot see your IP address on their host from your connection and then port scan you, since no ports will respond. You could still have ports open on your "real" IP address. But, that one isn't ordinarily used for outgoing connections, so no-one will know it exists. To discover it they would need to scan your whole prefix (remember that the /64 allocation you will generally get is the internet * the internet in terms of address space, that is much harder to brute force scan).

I think the differences between IPv4 and IPv6 might seem scary, but most of them are actually improvements on what we had before, making use of the larger pools we have available. Once you work it out, it's really not so bad.

I would like to see routers setup to firewall ipv6 by default to give the same protection as NAT though, meaning users need to poke holes into the firewall for incoming connections. Maybe some do. I know mine did not and it was one of the first things I did.

r00ty , 19 days ago

github.com doesn't have a AAAA DNS entry. So it's not serving anything directly over IPv6. Likewise, ping -6 github.com fails. So, what are you seeing that is supporting ipv6?

r00ty , 19 days ago

In the USA they charge extra for IPv6? I'm in the UK and while there are some ISPs that don't provide IPv6 at all, and some that do shitty things like dynamic prefixes on IPv6, I've not seen anyone charging for it.

Likewise, server providers generally don't charge for it. In fact, they will often charge less if you don't need IPv4.

r00ty , 19 days ago

But new IPv4 allocations have run out. I've seen ISPs that won the lottery in the 90s/2000s (when the various agencies controlling IP allocations just tossed them around like they were nothing) selling large blocks for big money.

Many ISPs offer only CGNAT, require signing up to the higher speed/more expensive packages to get a real IP, or charge extra on top of the standard package for one. I fully expect this trend to continue.

The non-move to IPv6 is laziness, incompetence, or the sheer fact they can monetize the finite resource of IPv4 addresses and pass the costs onto the consumer. I wonder which it is.

r00ty , 19 days ago

That is interesting. I figured they would be something like cloudflare/other redirection for github pages. But the IPv6 address space is github registered.

So, really not sure why they don't have the rest of their site enabled.

r00ty , 19 days ago

There's been other posts about IPv6 and the TL;DR is that while there are shitty implementations everywhere, the USA seems to be ahead of the game of doing it badly, if at all.

r00ty , 1 month ago

You're right, that sounds better than the average HR rep.

r00ty , 1 month ago

Well the malware authors of yore could have gotten away with it, so long as they attached their malware to an even slightly useful program, added an EULA that was 40 pages long and on one of those pages mentioned the malware and had no way to use the software without agreement.

r00ty , 1 month ago

Yeah. But they'll likely make Azure Recall running on their own AI hardware. You'll have to opt out (on every windows update) of their ad driven free model that uses your data to target ads, and sell your overall profile on.

r00ty , 1 month ago

The activities the program is said to engage in include constantly resetting the user's web browser homepage to bonzi.com without the user's permission, prompting and tracking various information about the user, installing a toolbar, and serving advertisements

Looks to me like they taught Microsoft well in this area.

r00ty , 1 month ago

Kinda on brand though somehow.

r00ty , 1 month ago

No no. This kind of automated "protection" is only used against their users, who are their product. Not the advertisers, who are their customer!

r00ty , 1 month ago

I would say no-one is sending troops yet. I really dislike any country ruling it out entirely, better to just say nothing. If the conditions change, we (NATO/Europe) will need to act. Otherwise, our leaders may well be judged by the same yardstick as the leaders keen to appease a certain country in the late 30s.

r00ty , 1 month ago

I would tend to agree. But I think we definitely need to define a line in the sand now, not declare there is no line. Which seems to me to be what such statements say about us.

r00ty , 1 month ago

My point is, someone has to say where the line is (or indeed was). I don't think any western government wants to be on record saying where it is (or should have been). Some are saying there isn't a line regardless of what happens, and that's the problem I'm talking about. It's worse than not defining the line.

r00ty , 1 month ago

Yes, I don't agree with the no way to mitigate statement.

I suspect on windows the only real defence is something like.

• Check if the network has suspicious multiple routes setup from the DHCP
• If so, either use the IP/Mask/Gateway with manual IP config (to not receive the CIDR routes) or steer clear of an at best questionable network entirely.
• Maybe use the windows firewall to block all traffic outbound EXCEPT from the firewall program (with perhaps exceptions for local networks as per below linux example). For whatever reason the windows firewall doesn't seem to have a way to specify an interface. But you can specify a program.

I did look for some way to control Window's handling of DHCP options. But it seems there isn't anything obvious to limit this otherwise. I do not know if the windows firewall has this kind of fine-grained control with its own fire

For linux, I used to have my own blackout firewall rules. That only allowed the specific LAN range (for mobile use you could include all RFC1918 ranges) and the specific VPN IP out of the internet facing interface. Only the VPN interface could otherwise access the internet.

r00ty , 1 month ago

If no-one pirated any Sony game do you think they would.

A) Lower the price of the game to maintain their existing profit margin.
B) Set a lower price that increases their margin.
C) Keep the higher price and just make a fuck ton more money.

r00ty , 1 month ago

I think that's entirely fair and similar to store loyalty cards. You get something in exchange for your datas at least.

r00ty , 1 month ago

I really don't see the problem, provided it is cosmetic. If you don't want to link, you don't get a glittering, whatever in game. If you don't mind sharing your datas, then you get the shiny thing (and everyone knows you don't mind sharing your datas).

r00ty , 1 month ago

So if you mind sharing your data, don't get the shiny. You know it will become like that shiny pony back in wow's wrath expansion. It told you more about the person than anything else.

r00ty , 1 month ago

Just vpn to your house that has ipv6. Simples.

r00ty , 1 month ago

I would agree. It's useful to know all the parts of a GNU/Linux system fit together. But the maintenance can be quite heavy in terms of security updates. So I'd advise to do it as a project, but not to actually make real use of unless you want to dedicate time going forwards to it.

For a compiled useful experience gentoo handles updates and doing all the work for you.

r00ty , 2 months ago

It's all good until you get into a dependency loop with your email account passwords needing resetting, that have the email from the other account that needs resetting :P

r00ty , 2 months ago

Well no. If the programmer uses prepared statements, they are protected. If they use a prepared statement but actually just put their own unsanitized statement in there and execute it, it's not protected.

Now, I'd like to say it is 2024 and everyone should be using AT LEAST prepared statements for security. I've seen people doing some scary things in my time, and that includes quite recently.

r00ty , 4 months ago

I'd agree, but the caveat is that github is primarily about an interface for source control and collaboration between developers for projects. The release page is really just an also-ran in terms of importance.

r00ty , 4 months ago

Here's why I think activitypub is probably better.

Having multiple instances, hundreds or even thousands, spreads the load of the network. Smaller instances can curate the communities they want to subscribe to in order to limit traffic and storage. Communities can be hosted across the network too to reduce load on single instances.

This means that when things are done well, we could produce and serve reddit/twitter levels of content and availability on hobbyist level hosting options spread across the world.

r00ty , 5 months ago

This is the right way to do it. Make it clear this IT process is causing reduced performance. Especially if you're a profit centre you will likely see the problem solved soon enough.

This specific thing. A password on task manager is really dumb though. I assume they have some spyware they don't want users to be able to stop. But, most of this kind of software (think antivirus) generally have other ways to prevent tasks being closed. They don't need to remove task manager. Task manager is an important and needed tool for any windows user.