• 1 Post
  • 104 Comments
Joined 2 years ago
cake
Cake day: June 14th, 2023

help-circle



  • Why should I use IP6 in my small home network?

    • No NAT. Especially in a home network NAT can be a hassle.
    • A bit more anonymity through changing temporary adresses.
    • Some people don’t even have a real IPv4 address anymore in their home and only connect through CGNAT. That means that if you disable IPv6 on your computer you only use CGNAT.
    • The fact that EVERYONE needs to transition to IPv6 or it doesn’t make sense.

    Or in an SMB where there are less than 100 IP’s used on a daily basis?

    • No NAT. NAT is no firewall. If you can’t set up a firewall you are honetly not qualified to be a network admin.
    • Easier VPN S2S-VPN. I had a few instances where the internal IP ranges clashed.
    • All the other advancements of IPv6
    • The fact that EVERYONE needs to transition to IPv6 or it doesn’t make sense.

    First I have to pay the cost of transition, along with the risk of things not working while I do this, and then the risk of something new being added and not working.

    You can transition step by step. Dual Stack is a thing.

    IP6 is good for backbone right now. It will slowly transition into LAN for larger environments (think Enterprise when they setup new network segments, since they’re buying new hardware anyway. But only after extensive testing.

    That makes no sense to me. Every network in itself doesn’t need IPv6. The 10.0.0.0/8 range has 16 777 216 addresses. IPv6 only makes sense if everyone uses it. We bought ourselves time with NAT and CGNAT and splitting up older ranges but that won’t last forever and is costly.

    Everyone needs to transition otherwise services will need to keep their IPv4 forever. And if the services keep their IPv4 users don’t have an incentive. Maybe we should transition BEFORE there is time pressure. Now is the time to slowly start setting everything up with enough time to plan and test firewall rules and appliances and everything else.


  • IPv6 after so many years still is a victim of the chicken-egg-problem. People don’t need it because services don’t support it because people don’t need it because … and so on and so forth. I try to enable IPv6 wherever I can and I didn’t have a propblem for ages. Dual stack is stable and there are actually a good amount of services that support it.

    I think we should all push to implement IPv6 so that IPv4 can finally be laid to rest. Using IPv4 makes everything a bit more expensive because it is so damn expensive to get a stupid number. If someone is really scared that every computer has a publicly routable IP, and if you really think you can not configure a firewall, there is a private IPv6 space and you can use NAT with IPv6. It’s not recomended but it’s possible. I’d still say using a firewall is not harder and just as safe.

    And there is the fact that you can make so many subnets which can make your internal network so much safer. You can controll better how packages are sent to groups because broadcast was dropped in favor of multicast. There is IPSec Support built in. Secure Neighbor Desicorvery to prevent attacks like ARP spoofing. There are a lot of reasons to implement IPv6 and even to switch to IPv6 only if possible.





  • Depending on your jurisdiction it is probably your responsibility to enforce your copyright. I can always just record your music off a streaming platform. You can attach a license to your song in funkwhale (see this). If you want DRM for your music then funkwhale is probably also not for your. You still have to enforce your self that nobody monetizes your works if you don’t allow it. You can delete things from the fediverse if you know the source but I don’t think funkwhale allows DRM protected music.

    If you attach a license to your works that doesn’t allow monetization and they monetize the app you can sue them. I doubt they will though. And they probably wouldn’t be very successful because the app and the server are open source. You could just build the app without monetization. And someone probably would.

    The upload and sharing copyrighted music probably falls into the hands of the instance admin. As with PeerTube it is probably not a good idea to have open signups. But everyone has to make sure that doesn’t happen.

    The fediverse is an open and very liberal space. If you want full control over your works it is probably not for you. No software with federation probably is. If you want and need to control over your works (which is legitimate) you need something with a tighter grip, maybe host the things yourself on your server with DRM. That doesn’t mean it is bad for everyone.






  • The OLED has a nicer screen. Apart from that they are all pretty much the same performance wise. The expansion via SD card works very well. You can swap the internal ssd but it’s not recommended. I’d buy it directly from valve if you don’t want to buy used. Their support is quite good.


  • There is a whole field, that looks a bit like religion to me, about how to test right.

    I can tell you from experience that testing is a tool that can give confidence. There are a few new tools that can help. Mutation testing is one I know that can find bad tests.

    Integration tests can help find the most egregious errors that make your application crash.

    Not every getter needs a test but using unit tests while developing a feature can even save time because you don’t have to start the app and get to the point where the change happens and test by hand.

    A review can find some errors but human brains are not compilers it is hard to miss errors and the more you add to a review the easier it can get lost. The reviews can mostly help make sure that the code is more in line with the times style and that more than one person knows about the changes.

    You can’t find all mistakes all the time. That’s why it is very important to have a strategy to avert the worse and revert errors. If you develop a web app: backups, rolling deployments, revert procedures. And make sure everyone know how and try it at least once. These procedures can fail. Refine them trough failure.

    That is my experience from working in the field for a while. No tests is bad. Too many tests is a hassle. There will always be errors. Be prepared.





  • There have been a few bugs in the past years that let you take over a phone without user interaction. There was one where you only need to receive an SMS (it was invisible even) and your phone is infected. Another one was a vulnerability in wifi calling and voice over lte.

    A phone is not a passive device that only gets something when you request it. You take also it with you to public places, use it in open wifi networks and you get calls. All that while being used for security critical stuff like 2FA, banking and payment.

    You shouldn’t use a phone without current security updates for much more than calling. It is a time bomb. If you want to educate yourself further you should look at “zero click vulnerabilities”.