Hah! Joke’s on you. I accidentally restarted my PC and updated it without wanting to.
Yeah? Well I was playing a game and it rebooted in the middle of a boss fight!
Tell me you didnt take a look at your windows update settings without saying so.
Linux time?
Linux always
😏🐧
Just say you run Arch and move on.
I run Arch and move on.
btw.
Now THAT’S a story I can FEEL. Thank you.
Well, it’s not like you lost a pen, now, is it?
Edit: for anyone who is lost here, enjoy
People always talk about Arch. I wonder what people think of other oses and the people who run them lol. Like I’m a bearded Debian user (closer to the look of the Dilbert comic unix guy).
I think those are really the only two options when it comes to Linux (that’s why I main Windows 10). Hacker man or Dilbert.
Well, I’d like to think I’m just a normal looking dude who blends in in a crowd. I just use Debian ‘cause I got sick of Windows’ shit a long time ago, like, back when telemetry was introduced in Windows XP. That was the first sign of things to come. When we would start losing control of our own OS and computers and losing privacy as well. I shouldn’t even notice the OS when I do normal computer shit, and I want to keep it that way. Those who are old enough to have grown up with PCs in the 90s get what I’m saying. We had control.
IPv6 huh? There are dozens of us!
I updated Windows so hard Linux popped out.
And it’s Arch, by the way.
“Compromises all devices running … an IPv6 address.”
Oh so no one is effected. (other then network nerds, and they are not real)
As a networking nerd, I am endlessly frustrated with how many otherwise smart people are just ‘fuck ipv6 lmao’
Giving me goddamn flashbacks to this https://www.youtube.com/watch?v=v26BAlfWBm8
As a tech nerd who self hosts stuff, I’m more like “what is IPV6 and why is it causing me issues, I can’t figure this out, I guess I’ll disable it, wow my problems are fixed now.”
I guess I can see why people don’t like it, as it’s caused me issues, but just because I don’t understand it doesn’t mean it’s dumb. I’d need to understand how it works before I could say anything about it, positive or negative. I guess all I could say is that it’s been way less intuitive to me, I can’t memorize the numbers, and the reason it exists makes sense. Beyond that, I unno.
I should probably spend the time to learn about it, but I already have a full time job where I work on computers all day, I’d rather focus on my other hobbies while I’m at home.
It’s not terribly difficult to learn when you avoid trying to relate it to IPv4 concepts. Particularly: forget about LAN addresses and NAT, and instead think about a large block of public addresses being subdivided between local devices.
instead think about a large block of public addresses being subdivided between local devices.
Thinking about all my devices being exposed like that gives me the heebie jeebies. One public facing address hiding everything else on a private network is much less frightening to my monkey brain.
IPv6 genuinely made some really good decisions in its design, but I do question the default “no NAT, no private network prefixes” mentality since that’s not going to work so well for average Janes and Joes
No NAT doesn’t mean no firewall. It just means that you both don’t have to deal with NAT fuckery or the various hacks meant to punch a hole through it.
Behind NAT, hosting multiple instances of some service that uses fixed port numbers requires a load-balancer or proxy that supports virtual hosts. Behind CGNAT, good luck hosting anything.
For “just works” peer to peer services like playing an online co-op game with a friend, users can’t be expected to understand what port forwarding is, let alone how it works. So, we have UPnP for that… except, it doesn’t work behind double NAT, and it’s a gaping security hole because you can expose arbitrary ports of other devices if the router isn’t set up to ignore those requests. Or, if that’s not enough of a bad idea, we have clever abuse of IP packets to trick two routers into thinking they each initiated an outbound connection with the other.
can you tell me if any device in an IPv6 LAN can just assign itself more IP v6 adresses and thereby bypass any fw rule?
IPv6 has two main types of non-broadcast addresses to think about: link-local (fe80::) and public.
A device can self-assign a link-local address, but it only provides direct access to other devices connected to the same physical network. This would be used for peer discovery, such as asking every device if they are capable of acting as a router.
Once it finds the router, there are two ways it can get an IP address that can reach the wider internet: SLAAC and DHCPv6. SLAAC involves the device picking its own unique address from the block of addresses the router advertises itself as owning, which is likely what you’re concerned about. One option for ensuring a device can’t just pick a different address and pretend to be a new device is by giving it a subset of the router’s full public address space to work with, so no matter what address it picks, it always picks something within a range exclusively assigned to it.
Edit: I butchered the explanation by tying to simplify it. Rewrote it to try again.
In most cases, the router advertises the prefix, and the devices choose their own IPv6. Unless you run DHCPv6 (which really no-one does in reality, I don’t even think android will use it if present).
It doesn’t allow firewall bypass though, as the other commenter noted.
Unless you run DHCPv6 (which really no-one does in reality)
Question for you since I have very little real world IPv6 experience: generally you can provide a lot of useful network information to clients via DHCP, such as the DNS server, autoconfig info for IP phones, etc. how does a network operator ensure that clients get this information if it’s not using DHCPv6?
You can include some information in router advertisements, likely there will be rfcs for more. Not sure of the full list of stuff you can advertise.
For sure I’m quite sure I had dns servers configured this way. I’ll check when not on a phone to see what options there are.
Ye fuck ipv6 lol. I still have no need to move to it lol.
IP4 is running out, that’s the problem. Or better, IP4 is hoarded by companies and they don’t give them up. The insane amount of network devices every human being uses on a daily basis doesn’t make the situation better. It exploded the last 10 years and only gets worse. The fuckery ISPs are doing to solve it without IP6 is insane, fuck cgnats and co. The whole networking world would be so much better to get it over with and adopt IP6 everywhere and let the hoarders drown in their mountain of IP4.
My ISP gave me a IPV6 router. I have it bridged (or whatever the right term is) to another router that serves IPV4 addresses to all my devices. Worked well so far with the added bonus that the ISP can’t see what’s going on within my network.
Switch to Linux, be done with all of this Microsoft software nonsense
not that easy if you play games unfortunately
Actually it is 100% that simple, proton has fixed gaming on Linux.
It doesn’t work for a few rare games that install a rootkit on your Windows PC, but that’s already silly and irresponsible of you to allow a game to do anyway, in my opinion.
Nearly all the games i play run worse on linux than windows. Counterstrike, the finals, vrising. Im sure at least one of them dont have rootkit installed. Even got glorious egg proton profiles and still no luck.
Counterstrike 2 is native to Linux, doesn’t use proton so should have 0 preforman impact
Ill have to test counter strike 2 later today and see if its still runs poorly cause it could have been due to it being recently released when i tested CS2 out.
Though just last night i was testing out the Finals and i noticed that the grqphics were significantly different from windows. In windows i had their polished texture and effects but in linux it was permanently foggy and the wall textures were super bad with shitty shadows.
I tried replicating those textures and settings on windows but i wasnt able to. Im beginning to think the game is not using my graphics card.
So in short; do you have any experience in this kind of issue with the graphics?
Well, not ALL Windows machines…
“Systems are not affected if IPv6 is disabled on the target machine.”
I can’t remember the last time I saw an IPv6 machine…
It is on by default in Windows… More likely people have routers with it disabled.
Is this for Windows 11?
My windows XP laptop is good right?
Our windows XP laptop
Can’t tell if you’re russian, or room mates.
What about Windows 3.1!?
Does 3.1 even go online?
Winsock baby.
modem noises
Pshhh “zoomers” amiright?!
Eh, they’re alright. They had to deal with more bullshit than I ever had to in high school.
They had to deal with the daily threat that a school shooting could be their school. All I had to deal with was teenage girls having a war over who was hotter. Backstreet Boys, or N-Sync.
Which to be fair, if you said the wrong one to a teenage girl in the 90s, she’d be likely to flip out on you. Still though, they wouldn’t pull a gun!
I’m honestly surprised that the closest we ever got to a parody boy band was Justin Timberlake singing Dick in a Box with Lonely Island. Seems like SOMEBODY should have made a parody band! Weird Al can’t do EVERYTHING, ok???
This would presumably mainly be an issue for computers open to the internet. So not so much for home PCs, unless the router’s firewall is opened up.
I’ve not read the CVE but assuming it works on any IPv6 address including the privacy extensions addresses, it’s a problem. Depending on what most routers do in terms of IPv6 firewalling.
My opinion is, IPv6 firewalls should, by default, offer similar levels of security to NAT. That is, no unsolicited incoming connections but allow outgoing ones freely.
In my experience, it’s a bit hit-and-miss whether they do or not.
Now, if this works on privacy extension addresses, it’s a problem because the IPv6 address could be harvested from outgoing connections and then attacked. If not, then scanning the IPv6 space is extremely hard and by default addresses are assigned randomly inside the /64 most people have assigned by their ISP means that the address space just within your own LAN is huge to scan.
If it doesn’t work on privacy extension IPs, I would say the risk is very low, since the main IPv6 address is generally not exposed and would be very hard to find by chance.
Here’s the big caveat, though. If these packets can be crafted as part of a response to an active outgoing TCP circuit/session. Then all bets are off. Because a popular web server could be hacked, adjusted to insert these packets on existing circuits/sessions in the normal response from the web server. Meaning, this could be exploited simply by visiting a website.
What about torrenting through a VPN with IPv6? Would that make you vulnerable to this exploit?
