r00ty @ r00ty @kbin.life

I'm the administrator of kbin.life, a general purpose/tech orientated kbin

---

Read more

Posts

2

Comments

1,250

Joined

2 yr. ago

Yeah but if you tick TCP and pay the extra postage you can get proof of receipt.

Yeah, but asking film/tv producers for permission would kill my content collection!

Actually how is your ISP giving out IPs to you? Mine uses IPv6 PD to give me a /48. And I then use SLAAC locally on the first /64 prefix on my LAN. Plus another /64 for VPN connections.

If you mean receiving RA/ND packets from your ISP (which are used to announce IPv6 prefixes) then you need to allow icmpv6 packets (if you don't want to be able to be pinged, just block echo requests, ICMP in v4 and v6 carry important messages otherwise).

If your ISP uses DHCPv6 Prefix delegation you will need to allow packets to UDP port 546 and run a DHCPv6 client capable of handling PD messages.

If you have a fixed prefix, then you probably don't need to use your ISPs SLAAC at all. You could just put your router on a fixed IP as

<yourprefix>

If you have a dynamic prefix.. It's a problem I guess. But probably someone has done it and a google search will turn up how they handled it.

EDIT: Just clarified that the RA/ND packets advertise prefixes, not assign addresses.

I believe the privacy concerns are made moot if all consumer level routers by default blocked incoming untracked connections and you need to poke holes in the firewall for the ports you need.

Having said that, even knowing the prefix it's a huge address space to port scan through. So it's pretty secure too with privacy extensions enabled.

But for sure the onus is on the router makers for now.

I used HE for ages until my isp gave native ipv6. I also used sixxs back then too. Both provided good connectivity for the few sites that were around using it at the time.

This is my biggest bugbear about a lot of UK isps. They are dynamically allocating ipv6 prefixes for absolutely no good reason.

I've only ever done ipv6 using Linux directly as a firewall or a mikrotik router. So cannot help with pfsense I'm afraid.

You start by adding ipv6 and serving both. One side needs to move first. Content providers or isps.

The big tech companies are using ipv6. In the UK the isps are mostly offering it too.

Host both and help us move towards dropping Ipv4 some day. It's not going to happen in a day.

"Fresher"

Don't be so sure. Piers Morgan will do whatever he thinks makes "good television" and especially good sound-bites that can have his ugly mug displayed ad-nauseam.

He saw a weakness and exploited it. I doubt he's "chosen a side" at all.

The OneUI update? You can undo most of the annoyingness. But the overall look change is downright annoying I'd agree.

Whenever anyone asks if I use AI. My answer is that, so far it hasn't ever delivered working code. However the majority of times I used it, the code it did provide sent me in the right direction.

So it's not useless. And I know tools have gotten better. But when I see companies seriously talking "AI first" and wanting vibe coding to be a main development strategy. I do really worry.

Windows is a strange game. It seems the only winning move is not to play.

I think his unrealistic 24 hour plan was to give putin what he thought he wanted. Eg all the territory he's captured so far and assurances against nato action/withdrawal of some western personnel at nato border country bases. You know putin's public story.

He just didn't know putin's real objective. Maybe now he's getting a bit of an idea. He's too simplistic to fathom that there could have been an ulterior motive.

I never heard that. But it seems entirely believable.

It's for backup purposes mainly. A lot of cloud backup providers don't store permissions.

So if I restore the data I can then restore the permissions after. So these are the folders I am backing up (with some exceptions in /var)

OK so it's fairly simple. You need to install the acl package (or whatever equivalent package contains getfacl/setfacl. Then you can use that to dump the data from an entire structure into a file (I also then bzip that). Then I backup all installed packages to help with a restore too.

So the script looks like:

    
#!/bin/bash
cd /etc
/usr/bin/getfacl -R . | /usr/bin/bzip2 -9 >PERMISSION_BACKUP.bz2
chmod 600 PERMISSION_BACKUP.bz2
cd /home
/usr/bin/getfacl -R . | /usr/bin/bzip2 -9 >PERMISSION_BACKUP.bz2
chmod 600 PERMISSION_BACKUP.bz2
cd /root
/usr/bin/getfacl -R . | /usr/bin/bzip2 -9 >PERMISSION_BACKUP.bz2
chmod 600 PERMISSION_BACKUP.bz2
cd /var
/usr/bin/getfacl -R . | /usr/bin/bzip2 -9 >PERMISSION_BACKUP.bz2
chmod 600 PERMISSION_BACKUP.bz2
/usr/bin/apt list --installed | /usr/bin/bzip2 -9 >/root/INSTALLED-PACKAGES.bz2
chmod 600 /root/INSTALLED-PACKAGES.bz2

  

To restore you change to the folder the backup was taken from, unbzip the file (or uncompress live via pipe) and use setfacl --restore=

<file>

Yeah. Only on my phone right now but will get it and post here later/tomorrow.

I mean, too late for you now. But I have a script that backs up just the permissions and owners for a given folder hierarchy.

I use it because I backup to a cloud backup platform that doesn't save them. So these files are backed up with the data so the files and permissions/owners can be restored in an emergency.

But you could of course also use the file to restore permissions after a user generated mistake too.

Pretty sure one of the first things musk did was kill off an entire (or more than one?) data centre. Pointing out with glee that it worked fine without it.

This is probably why it existed.

Still it's only twitter. No real loss.

I did defederate from hexbear for a while a year or so ago. Just because at the time their users were generally just actively trolling for reactions in pretty much every community, and it just got too the point I defederated. I've since removed them from the defed list.

Generally I agree. But ML seems to have become a bit more clearly biased in their moderation. To me it's not a reason to defed, but a reason to view the content they do allow in their hosted communities with that bias in mind.