Today, I learned the shortest command which will determine if a ping from your machine can reach the Internet:

ping 1.1

This parses as 1.0.0.1, which thanks to Cloudflare, is now the IP address of an Internet-facing machine which responds to ICMP pings.

Oh, you can also use this trick to parse 10.0.0.x from `10.x` or 127.0.0.1 from `127.1`. It's just like IPv6's :: notation, except less explicit.

A tcp packet walks in to a bar and says “I want a beer”, barman says “you want a beer?” and tcp packet says “yes, a beer” .

In high society, TCP is more welcome than UDP. At least it knows a proper handshake.

A bunch of TCP packets go into a bar, until it’s overcrowded. The next day, half as many go in.

A bunch of TCP packets walk into a bar. The bartender says, “Hang on just a second, I need to close the window.”

When I try to send SYNs to chicks, I don’t get any ACKs. Just FINs and RSTs.

IP packet with TTL=1 arrives at bar. Bartender: “Sorry, can’t let you leave…and you don’t get any beer either…” 

The worst part about token ring jokes is that if someone starts telling one while you are telling yours, all joking stops.

The great thing about TCP jokes is that you always get them.

The problem with TCP jokes is that people keep retelling them slower until you get them.

I would tell some UDP jokes too but I never know if anyone gets them

The best thing about UDP jokes is that I don’t care if you get them or not.

I had a funny UDP joke to tell, but I lost it somewhere...

The sad thing about IPv6 jokes is that almost no one understands them and no one is using them yet.

I tried to come up with an IPv4 joke, but the good ones were all already exhausted.

A DHCP packet walks into a bar and asks for a beer. Bartender says: “here, but I’ll need that back in an hour!

DHCP jokes only work when there is only one person telling them

The worst part of SSH jokes is that, even when they're not funny, you suck it up and just pretend they were anyway.

The problem with token ring jokes is you need to wait your turn to laugh

I’d make a joke about UDP, but I don’t know if anyone’s actually listening…

Sister comes into my room

"Can you look at moms laptop, it stopped working I'm scared I broke it"

Ask why

"Idk it just stopped working, all I did was install adobe flash player I dont think that could do it could it?"

Top kek

Take a look

"EFI IPV4 0 (error code) failed to boot"

Weird. Enter bios

"Hard drive: [Not detected]"

Well, that's no bueno

Pop open back, hard drive is loose

Pfft, push that fucker back in

Boot -> works

"Mom is going to kill me I broke it im so worried" -> relieved laughter

Adobeflashplayerkilledmyharddrive.jpg

Shook.exe

User Ip Address is too long (maximum is 30 characters).

Okay, dear third-party API, I guess users with IPv6 don't deserve the service... And wtf is 30-char limit for an IP address, when IPv4 can be only 15 characters long, and IPv6 can be up to 39 characters? Did you calculate a weighted average of IP length to get that number?

IPv4 combat!!!

Data scientist: we need to whitelist a pod to connect to a database
Me: Whitelist? We don't use whitelists on private databases
DS: It's the new data warehouse database
Me: is it on <X> VPC?
DS: I'm not sure what that means but its ip is <real world ipv4>
Me: Are you hosting a publicly accessible database with all our end users information?!
DS: ...
Me: There goes our SOC2 audit controls...
DS: how long until you can white list it?
Me: I won't be whitelisting it. You need to put it on a private VPC and peer with the cluster, you'll have to rebuild all the Terraform and redeploy
DS: We didn't use Terraform because it takes too long, just white list the pods IP.
Me: No. I'm contacting the CISO and CTO...

Wait. So we have IPV4 and IPV6. What the fuck happened to 5?

Here are the reasons why I don't like IPv6.

Now I'll be honest, I hate IPv6 with all my heart. So I'm not supporting it until inevitably it becomes the de facto standard of the internet. In home networks on the other hand.. huehue...

The main reason why I hate it is because it looks in every way overengineered. Or rather, poorly engineered. IPv4 has 32 bits worth, which translates to about 4 billion addresses. IPv6 on the other hand has 128 bits worth of addresses.. which translates to.. some obscenely huge number that I don't even want to start translating.

That's the problem. It's too big. Anyone who's worked on the internet for any amount of time knows that the internet on this planet will likely not exceed an amount of machines equal to about 1 or 2 extra bits (8.5B and 17.1B respectively). Now of course 33 or 34 bits in total is unwieldy, it doesn't go well with electronics. From 32 you essentially have to go up to 64 straight away. That's why 64-bit processors are.. well, 64 bits. The memory grew larger than the 4GB that a 32-bit processor could support, so that's what happened.

The internet could've grown that way too. Heck it probably could've become 64 bits in total of which 34 are assigned to the internet and the remaining bits are for whatever purposes large IP consumers would like to use the remainder for.

Whoever designed IPv6 however.. nope! Let's give everyone a /64 range, and give them quite literally an IP pool far, FAR larger than the entire current internet. What's the fucking point!?

The IPv6 standard is far larger than it should've been. It should've been 64 bits instead of 128, and it should've been separated differently. What were they thinking? A bazillion colonized planets' internetworks that would join the main internet as well? Yeah that's clearly something that the internet will develop into. The internet which is effectively just a big network that everyone leases and controls a little bit of. Just like a home network but scaled up. Imagine or even just look at the engineering challenges that interplanetary communications present. That is not going to be feasible for connecting multiple planets' internets. You can engineer however you want but you can't engineer around the hard limit of light speed. Besides, are our satellites internet-connected? Well yes but try using one. And those whizz only a couple of km above sea level. The latency involved makes it barely usable. Imagine communicating to the ISS, the moon or Mars. That is not going to happen at an internet scale. Not even close. And those are only the closest celestial objects out there.

So why was IPv6 engineered with hundreds of years of development and likely at least a stage 4 civilization in mind? No idea. Future-proofing or poor engineering? I honestly don't know. But as a stage 0 or maybe stage 1 person, I don't think that I or civilization for that matter is ready for a 128-bit internet. And we aren't even close to needing so many bits.

Going back to 64-bit processors and memory. We've passed 32 bit address width about a decade ago. But even now, we're only at about twice that size on average. We're not even close to saturating 64-bit address width, and that will likely take at least a few hundred years as well. I'd say that's more than sufficient. The internet should've really become a 64-bit internet too.

Me: “I’ve done Kubernetes before what could possibly go wro-“

(cni0 breaks IPv4 routing serverside by containerd)

Me:

The solution for this one isn't nearly as amusing as the journey.

I was working for one of the largest retailers in NA as an architect. Said retailer had over a thousand big box stores, IT maintenance budget of $200M/year. The kind of place that just reeks of waste and mismanagement at every level.

They had installed a system to distribute training and instructional videos to every store, as well as recorded daily broadcasts to all store employees as a way of reducing management time spend with employees in the morning. This system had cost a cool 400M USD, not including labor and upgrades for round 1. Round 2 was another 100M to add a storage buffer to each store because they'd failed to account for the fact that their internet connections at the store and the outbound pipe from the DC wasn't capable of running the public facing e-commerce and streaming all the video data to every store in realtime. Typical massive enterprise clusterfuck.

Then security gets involved. Each device at stores had a different address on a private megawan. The stores didn't generally phone home, home phoned them as an access control measure; stores calling the DC was verboten. This presented an obvious problem for the video system because it needed to pull updates.

The brilliant Infosys resources had a bright idea to solve this problem:

- Treat each device IP as an access key for that device (avg 15 per store per store).
- Verify the request ip, then issue a redirect with ANOTHER ip unique to that device that the firewall would ingress only to the video subnet
- Do it all with the F5

A few months later, the networking team comes back and announces that after months of work and 10s of people years they can't implement the solution because iRules have a size limit and they would need more than 60,000 lines or 15,000 rules to implement it. Sad trombones all around.

Then, a wild DBA appears, steps up to the plate and says he can solve the problem with the power of ORACLE! Few months later he comes back with some absolutely batshit solution that stored the individual octets of an IPV4, multiple nested queries to the same table to emulate subnet masking through some temp table spanning voodoo. Time to complete: 2-4 minutes per request. He too eventually gives up the fight, sort of, in that backhanded way DBAs tend to do everything. I wish I would have paid more attention to that abortion because the rationale and its mechanics were just staggeringly rube goldberg and should have been documented for posterity.

So I catch wind of this sitting in a CAB meeting. I hear them talking about how there's "no way to solve this problem, it's too complex, we're going to need a lot more databases to handle this." I tune in and gather all it really needs to do, since the ingress firewall is handling the origin IP checks, is convert the request IP to video ingress IP, 302 and call it a day.

While they're all grandstanding and pontificating, I fire up visual studio and:

- write a method that encodes the incoming request IP into a single uint32
- write an http module that keeps an in-memory dictionary of uint32,string for the request, response, converts the request ip and 302s the call with blackhole support
- convert all the mappings in the spreadsheet attached to the meetings into a csv, dump to disk
- write a wpf application to allow for easily managing the IP database in the short term
- deploy the solution one of our stage boxes
- add a TODO to eventually move this to a database

All this took about 5 minutes. I interrupt their conversation to ask them to retarget their test to the port I exposed on the stage box. Then watch them stare in stunned silence as the crow grows cold.

According to a friend who still works there, that code is still running in production on a single node to this day. And still running on the same static file database.

#TheValueOfEngineers

Okay, so I was helping an elderly woman with her laptop + internet today (with payment). Problem: Laptop connects to WiFi, shows internet connection, but you couldn't even go to google.com.

The router wasn't the issue as my phone worked on the same WiFi. After a lot of troubleshooting steps, I noticed that Windows forced IPV6 for all WiFi connections for some reason. The router doesn't even support IPV6... So I disabled it and everything started working again.

WHY THE FUCK DID WINDOWS NOT TRY TO LOOKUP A IPV4 ADDRESS IF THE IPV6 FAILS? BOTH WERE ENABLED! WHO AT THE FUCKING WINDOWS 10 DEVELOPMENT TEAM THOUGHT IT WAS A GOOD IDEA?

Domain server goes down, it's the gateway and DNS too.

Ok I'll just remove the domain, it's been orphaned really since you went to the cloud.

Don't have local admin password.

Ok call old it company who set up gear

Out of business

Ok boot to Linux and reset

Usb boot locked

Don't have bios password

Call old it company

Still out of business.

Wait, can I just set manual ipv4 ? Ok domain without a domain controller... If it works it works.

Well I WAS going to develop a side project on my day off today (a network of Arduinos and a Raspberry Pi) but the woman my wife hired to clean our house flaked-out, so now I get roped in to fucking housecleaning.
This was going to be an awesome day. Was gonna work on my project, chew some tobacco, and then go shooting, and out for wings for dinner. (where I live, chicken wings can be an entire meal)
Now I'm cleaning the shitter and scrubbing countertops because the little precious snowflake of a cleaning lady is in the middle of a (so-far) 3-day emotional breakdown.
Dear snowflake cleaning lady: Fucking learn IPv4 socket programming on the fly, when you've got an imminent deadline, and a crying, teething baby in the next room, at 3am, and don't fucking lose your cool at any point during all of this, then tell me about your fucking "emotional breakdown."

Should I be excited or concerned?

Newbie dev(babydev) who just learned string vs int and the word "boolean", is SUPER into data parsing, extrapolation and recursion... without knowing what any of those terms.

2 ½ hrs later. still nothing... assuming he was confused, I set up a 'quick' call...near 3 hrs later I think he got that it was only meant so I could see if/where he didnt understand... not dive into building extensive data arch... hopefully.

So, we need some basic af PHP forms for some public-provided input into a mySQL db. I figured I'd have him look up mySQL variables/fields, teach him a bit about proper db/field setup and give him something to practice on his currently untouched linux container I just set up so he could have a static ipv4 and cli on our new block (yea... he's spoiled, but has no clue).

I asked him to list some traits of X that he thinks could be relevant. Then to essentially briefly explain the logic to deciding/returning the values/how to store in the db... essentially basic conditionals and for loops... which is also quite new to him.

I love databases; I know I'm not in the majority... I assumed he'd get a couple traits in his mind and exhaust himself breaking them down. I was wrong. He was/likely is in his sleep now, over complicating something that was just meant as a basic af.

Fyi, the company is currently weighted towards more autistics (him and myself included) than neurotypicals.

I know I was(still am) extremely abnormal, especially when it comes to things like data.

So, should I be concerned/have him focus elsewhere for a bit?... I dont want to have him burnout before he even gets to installing mySQL

I normally just have nightmares about the projects I'm working on, especially when I struggle with a bug for days. Those are usually about just me stressing out about it. However, I have a lot of dreams about computers/technology, not necessarily coding-related:

- datacenters were just potato fields. If you go work the field, you'd go data mining

- in Biology, when being taught how having children works, you only tell that "parenting is only chmod-ing the rights of your children until they become the owners themselves"

- IP addresses with emojis instead of numbers were a standard now and they actually managed to replace IPv4, because everyone was so into emojis. They named it IPvE

- I witnessed a new Big Bang when the 32-bit Unix time overflown in 2038, and we were all quantum bits

@netikras
not sure why, but you tend to appear on google search "devrant". i thought it was a random user each time when i first saw it... tried on different devices/ips... 80% of them, you showed up.

are you aware of this?
anyone else have similar, or totally different, insight on this?

though it was different IPs, i should mention that they were all on the same subnet... not local, public IPv4 /28 subnet

It all started with an undelivereable e-mail.

New manager (soon-to-be boss) walks into admin guy's office and complains about an e-mail he sent to a customer being rejected by the recipient's mail server. I can hear parts of the conversation from my office across the floor.

Recipient uses the spamcop.net blacklist and our mail was rejected since it came from an IP address known to be sending mails to their spamtrap.

Admin guy wants to verify the claim by trying to find out our static public IPv4 address, to compare it to the blacklisted one from the notification.
For half an hour boss and him are trying to find the correct login credentials for the telco's customer-self-care web interface.
Eventually they call telco's support to get new credentials, it turned out during the VoIP migration about six months ago we got new credentials that were apparently not noted anywhere.

Eventually admin guy can log in, and wonders why he can't see any static IP address listed there, calls support again. Turns out we were not even using a static IP address anymore since the VoIP change. Now it's not like we would be hosting any services that need to be publicly accessible, nor would all users send their e-mail via a local server (at least my machine is already configured to talk directly to the telco's smtp, but this was supposedly different in the good ol' days, so I'm not sure whether it still applies to some users).

In any case, the e-mail issue seems completely forgotten by now: Admin guy wants his static ip address back, negotiates with telco support.
The change will require new PPPoE credentials for the VDSL line, he apparently received them over the phone(?) and should update them in the CPE after they had disabled the login for the dynamic address. Obviously something went wrong, admin guy meanwhile having to use his private phone to call support, claims the credentials would be reverted immediately when he changed them in the CPE Web UI.

Now I'm not exactly sure why, there's two scenarios I could imagine:
- Maybe telco would use TR-069/CWMP to remotely provision the credentials which are not updated in their system, thus overwriting CPE to the old ones and don't allow for manual changes, or
- Maybe just a browser issue. The CPE's login page is not even rendered correctly in my browser, but then again I'm the only one at the company using Firefox Private Mode with Ghostery, so it can't be reproduced on another machine. At least viewing the login/status page works with IE11 though, no idea how badly-written the config stuff itself might be.

Many hours pass, I enjoy not being annoyed by incoming phone calls for the rest of the day. Boss is slightly less happy, no internet and no incoming calls.

Next morning, windows would ask me to classify this new network as public/work/private - apparently someone tried factory-resetting the CPE. Or did they even get a replacement!? Still no internet though.
Hours later, everything finally back to normal, no idea what exactly happened - but we have our old static IPv4 address back, still wondering what we need it for.

Oh, and the blacklisted IP address was just the telco's mail server, of course. They end up on the spamcop list every once in a while.

tl;dr: if you're running a business in Germany that needs e-mail, just don't send it via the big magenta monopoly - you would end up sharing the same mail servers with tons of small businesses that might not employ the most qualified people for securing their stuff, so they will naturally be pwned and abused for spam every once in a while, having your mailservers blacklisted.

I'm waiting for the day when the next e-mail will be blocked and manager / boss eventually wonder how the 24-hours-outage did not even fix aynything in the end...

I'll post a rant (will be long) soon-ish on the root of the asinine problem...

TL;DR
Anyone got a better suggestion of killing a WLAN router signal than a Faraday Cage?
-----------------------
As to the point as I can manage atm...
My ISP forces a proprietary router/modem for them to script my static IPv4 block (/28, aka 13 usable). Modifying this equipment in any way or using the vast majority of tactics to modify its behaviour = Federal Felony... with my history, it couldn't be construed as mistake/ignorance of this fact, so I'd likely end up working for some branch of the gov to mitigate the costs of standard prison (on both ends... handicapped af = expensive af to comply with base human rights laws... plus I'd be a dangerous prisoner from what I've been told).

I NEED the ipv6 functionality TOTALLY off... I've written this into every kernel and every container config at kernel level.

The issue is, I don't trust their shit device (which "should" also be set to no ipv6 via gui... non-GUI = fed felony).

This horrid device, they apparently made them for home use initially (to be fair it has decent specs and tolerable RAM), so included WiFi... that comes on by itself.
Disable the WiFi!... except I cant (at least not without 'tampering').
Why? Well acc to the GUI it's not enabled in the first place. Acc to the 'tech support' it's apparently a paid feature (yes, nonsense) that I have not paid for (nor would I), meaning on their end's GUI and DBs I also don't have WiFi ability from that dev.

So... Not trusting the other settings and the dev, being something im not allowed to directly config outside of their GUI that doesn't realise it's putting out a usable signal despite registering DHCP on behalf of that non-existent signal. I NEED to kill those signals.

I realise it likely sounds extreme to make and use a Faraday Cage for a router/modem (secondary modem, it parses the initial modem's output, via script, to allow the static block to be accessed). I really dont know any other way that's legal to restrict it.

Oh, in case unclear, I have tried so many ways to get them to just allow me to use any device (pref. mine, but even their's) that i can simply script myself... it's a no-go.

One of the big ISP/entertainment companies dug up the roads a few months back and laid fibre optic cables (cutting through a power cable in the process but that's another story).

Recently had someone turn up at my door to chat about their services. All sounded very good, I took a card and gave it some thought and did some research.

So, it'd be a little cheaper than my current provider (FTTC setup). It'd be faster for downloads, slightly slower for uploads (I want fast upload). IPv6 is only on their business packages. I use IPv6 a lot. I also have several static IPv4 addresses.

It would involve getting a cable in to where my equipment rack is, and one to where the TV is (which I spent ages building a TV unit with power, network etc.)

To record/watch TV in another room with their service, I'd need to pay extra. The service just provides HD channels that I can already get, unless I pay more. At the moment I have MythTV handling all the recording of TV shows I want, and Kodi to play them back on different TVs, via CAT6 I spent ages installing into the walls.

Then there's the uncertainty of how nicely their equipment will play with my relatively complicated setup.

I decided, it isn't worth it really for me. I would have to change a load of stuff just to end up with what I already have... But with more limitations.

Anyway, the guy turned up again a few days later, I told him of my decision and away he went.

Since then I have been visited by 2 other employees of this company to try to sell me the service.

It is probably great and convenient if you are not like me and DIY all your home network and media distribution setup...

Also the ISP I'm with is quite small. They are very knowledgeable and friendly and I can get through to someone quickly if i phone. What I use meets my needs, so I prefer to support the smaller company in this case.

When nginx decides to just NOT answer to any IPv4 requests, áfter 2 weeks of having it set up for IPv6, just because I updated the Let's Encrypt certificate..

self::facepalm();

I was just flicking through my new android phone, ended up on my I.P address, and it had 6 addresses?!?

One IPv4
One IPv6
4 IPv6 with single colons

I might be a bit thick, but shouldn't a device have 2 I.P's at max? Or am I wrong?

Word is spreading that CNN, which is owned by Time Warner, got a reddit users IP from their mods, and with their relation to Time Warner, got his identity.

Then extorted him to apologize or be revealed.

This is huge, and we don't even know its the only time it has happened.

VPNs may not even truly protect you if the ISP can connect the dots over time, with time stamps.

Holy shit, CNN just weaponized ipv4

So I reinstalled Ubuntu server and set the ip to 204, but I forgot that I assigned a static ip to it in my dhcp. I guess it has two IPv4 addresses now? How? Only one NIC 🤔

So, my internet (business class with a /28 ipv4 block) went out for 15-30min during the snowstorm yesterday.
Due to previous issues i wanted to be sure it was an actual outtage.
1st- login page got a error for unavailable resource.
2nd- their link to more info was this 404

I seriously need to find a more sane solution.

GOOGLE, I WANT TO FUCK YOUR ASS, WHY THE HELL THE NEWER VERSIONS OF ANDROID ARE NO LONGER ABLE TO OPEN THE FUCKING WEB APPS ON LOCAL NETWORKS, THE SAME APP IS ACCESSIBLE FROM IOS AND FUCKING ANDROID CAN’T FIGURE OUT THE CORRECT DNS OF THE LOCAL IP ADDRESS BECAUSE YOU DROPPED IPV4 SUPPORT YOU ASSHOLES.

1. Universal switch to IPv6 with back compatibility to IPv4.

2. A new universe of easy and convenient personal softwares that are served from your own home (aka, every client is a server).

3. More 3 wishes 😏

I reset my Linode VPS to vanilla Arch after the blundered attempt to use an unsupported Linux distro. Now I'm reinstalling OpenVPN and decided to try out IPv6 networking over the tunnel. Got my free address block and it is SO AWESOME, even typing the addresses feels nicer. I never want to touch IPv4 octets again.

I love Mikrotik. Just fucking love them. I also love my residential fiber service. Small company. Synchronous 125M service. No caps. Bandwidth is always there.

BUT... They use PPPOE (seriously guys?), and the IP changes on *every single re-connect*. Also: no IPv6 support. I know. I don't need it. But I want it.

Enter DNSMadeEasy's DDNS, Hurricane Electric's 6to4 tunnel service, and my Routerboard AH100x4. I wrote a script that runs on the router whenever my IP changes. It updates my DDNS record, updates my 6to4 tunnel IP using HE's API, and updates my local 6to4 interface's IP.

It just works. My public IPv4 may change, but the /48 IPv6 networks on my LAN side stay fully routeable.

Coding would be fun right now.
But seems like i gitta do a night shift to rock network technology test tomorrow. The most annoying thing about this test is, that we have to calculate ip addresses by hand. Not too hard, but damn.. We are not allowed to write it down in hex, only binary (while calculating). And he wants to see interim steps in our calculations.. Even with IPv4 addresses it will be a great amount of 0s and 1s to write.
I better look for a second pen to take with me..

Fuck DS-Lite with a rusty rod covered in sand. Also fuck 4to6tunnel.

Boy I really need to take a networking class, this is driving me nuts

Accidentally bridged the only interface with a manual IPv4 address on a production box. With only public key access, my only choice was to calculate and ssh via its IPv6 link local address address.

Thanks god it worked.

Bought the HELIO Amped router and low n behold.. ipv4 and ipv6 not connected to the internet. I have a project due. I tried everything from uninstalling/installing drivers to using command flushdns. I’m starting to have my suspicions on the modem?

Fuck you Windows 10!
Trying to help a sales guy setup his adapter to work on a manual network setup (not DHCP). It shows familiar IPV4 settings and then I see this:
"IPV4 Subnet Prefix Length" I decided it was related to netmask "255.255.255.0" or whatever. Tried the number 3. Worked fine. Talked to a colleague and he said it should be the bits of the netmask. So 24.

So WHY THE FUCK does Windows 10 on an update change the way we setup manual networks that has been in use for 40 years?! I realize you can still do the netmask version via Control Panel. I get that. However, the last time I helped this sales person it asked for netmask using the exact method for setting up manual network setting. So why change this on an update?

I like Windows 10 mostly, but this kind of fuckery is stupid. Stop changing shit just to change shit!

has anyone created a database of portscans of public ipv4 and ipv6 addresses yet ?

I already searched for a while and couldn't find a viable solution.
I setup a service with docker-compose, and published it on port 80.
However port 80 is only published on ipv4 networks, not ipv6.

How can I make docker publish the service on ipv6 networks as well.