Forgot your password?

Comment: BCP38 (Score 1) 170

by fuzzel (#45541985) Attached to: Spamhaus Calls for Fining Operators of Insecure Servers

Can we change that at first to just start with the very simple:

Organisations transferring IP packets should be kicked off the Internet if they do not implement BCP38.

That would make al kind of spoofed attacks already impossible, that being the DNS, NTP, Quake-alike and many many others...

But, as there is no money to be earned with this, ISPs do not enforce it.

(and yes, it does cost some cash to implement as not all routers support it unfortunately..... )

Comment: Use RPZ! / Why Google PDNS / is not GPDNS (Score 3, Informative) 82

by fuzzel (#44844959) Attached to: Raspberry Pi As an Ad Blocking Access Point

Instead of shoving a list of addresses into a DNS server (dnsmasq) in this case, it would be better to use RPZ (

Next to that:

> Open the file with sudo nano /etc/resolv.conf and replace the contents with the following:
> nameserver
> nameserver
> nameserver = apparently the address of the fake webserver (would be great if they configured that somewhere before making test queries....) = Google Public DNS, no ads maybe but running all your DNS queries through Google is not helping much now does it. = is not a valid DNS server, likely they meant which is the secondary Google Public DNS address.

If you have a DNSmasq anyway, just let it recurse and play caching resolver, much better idea.

> iface wlan0 inet static
> address
> netmask
> post-up ip addr add dev wlan0

One just has to wonder which IP the box will be using for outgoing queries, depends a lot on the kernel....
Now if that was the .1 would always be chosen, but as a /24 magical things will happen

Etoomanypitholes and lots of people will be bitten.

Comment: Background information on Delay Tolerant Networks (Score 1) 42

by fuzzel (#41929639) Attached to: NASA Fires Up Experimental Space Internet For Robot Control

Related links for this article:
DTN Research Group:
lots of docs:
overview presentation:

The book:

Source code:

Oh and yes, theoretically this extends the Internet in the same way that various other protocols do, eg 6lowpan etc.
And yes, as it is store-and-forward it looks an awful lot like SMTP.

Enjoy ;)

Comment: Re:Because sixxs is easy to get if you just read! (Score 1) 203

by fuzzel (#41397779) Attached to: UK's 'Unallocated' IPv4 Block Actually In Use, Not For Sale

There are actually only few out of the 30.000+ people who signed up with a proper essay, and the ones that did always earn quite a few extra credits for when they actually do write something more than just "I need IPv6".

If you where not able to get a SixXS account you likely just did not read the text on the signup page, most likely then proceeded by providing garbage details which is definitely not accepted and any such request simply gets rejected.

But if you are unable or willing to read the signup page, most likely you won't get IPv6 working either as you'll be doing all kinds of things that will break the configuration, thus reading is essential.

We (SixXS) have tried to make it as easy as possible by bringing AICCU into the world and working together with various vendors though so that they support IPv6 tunnels out of the box, but even then some problems need reading for a bit to get them resolved. Thus if you can't read at signup you likely won't pass for the rest either.

Comment: Re:Because sixxs is a pain in the ass to get (Score 1) 203

by fuzzel (#41397717) Attached to: UK's 'Unallocated' IPv4 Block Actually In Use, Not For Sale

sixxs dont require a linkedin account (or something changed since i created mine and several friends accounts)

Indeed SixXS never required a LinkedIn/XING/etc account.

Those links where only requested at the time so that one would get extra credits (ISK) donated to the person when they signed up, they got the credits because they proved a little bit more that they where real (as we, that is SixXS, could check the trust-graph in those websites) and more importantly as the people who did that actually read the signup page, which is something a lot of people clearly do not do even with colorful indicators.

This solved a small catch-22 with people who got flashy new IPv6 enabled routers (read: AVM Fritz!Box at the time) and thus for whom a tunnel alone was not enough. As since the beginning of 2012 the new sixxsd v4 software was deployed, this was not needed anymore as one then automatically has a routed /64 next to the tunnel space.

Comment: Re:Because 32bits of addressing... (Score 1) 460

by fuzzel (#39698493) Attached to: Apple Under Fire For Backing Off IPv6 Support

> Win7 requires me to kill ipv6, because there's no good way to tell the system to prefer ipv6.

If you have tunneled connectivity, thus non-native being announced on an Ethernet interface you will likely have to set in the registry:

SYSTEM\CurrentControlSet\services\Dnscache\Parameters\AddrConfigControl = 0 (DWORD)

That way AAAA lookups are always performed and also preferred. Though it still depends on the application if it actually uses getaddrinfo() at all and does not resort addresses itself, which some applications do and some others do not.

> Let me easily set priority of v4 vs. v6.

With Lion Apple has implemented a variant (quite unrelated to the IETF drafts) of Happy Eyeballs in their systems. As such, depending on previous connection history, latency and other factors you might get IPv4 or IPv6 connections at random. And nope, there is no knob at all to turn off that behavior. Right back at you.

(oh and yes, I have a Mac too, which is why it kinda annoys me, but if you just slow down IPv4 a bit on the outbound router you always get IPv6 as the Mac thinks that IPv4 is "slower" than IPv6... still a knob would be useful, yes, bug reported a long time ago)

Comment: Re:peer-to-peer = loss of control (Score 1) 460

by fuzzel (#39698465) Attached to: Apple Under Fire For Backing Off IPv6 Support

Banning people from IPv6 service for forking their connectivity software seems quite abusive to me.

You mean relicensing SixXS software (AICCU) under a more restrictive license? Yes, that is indeed quite abusive, be happy that the copyright enforcers are not coming down your neck for that.

It is great to make websites with all kinds of 'facts' but without actually showing both sides of a story and including all the details, they are not facts and they are effectively just biased statements from a pissed off person.

To quote slimjim8094:

aside from people who were pissed that they got cut off for abuse.

As that is what those "true stories" are about, nothing else.

Dear anonymous poster, please move along or get an account with your real name and details instead of just posting fact-less and out of context inflammatory remarks. Kthx!

Comment: Re:peer-to-peer = loss of control (Score 1) 460

by fuzzel (#39698443) Attached to: Apple Under Fire For Backing Off IPv6 Support

> And it's no coincidence that half of abusive SixXS is half-run by a Google employee.

What you mean with "abusive" here is the "half" that cuts people off when they abuse the service. That "half" would be me, not the "half" that you try to implicate.
There are actually even websites dedicated to this about it which only name me. The other "half" is a true voice of reason, so don't say bad things about him that have no backing at all.

Thus really the 'co-incidence' seems to be merely in the fact that you are an anonymous poster, who likely was abusive him/her/itself, got cut off yourself and likely that is why he/she/it cannot even post on slashdot with a real account as here you also got kicked out already.

Comment: Makes sense for several years already.... (Score 1) 173

by fuzzel (#36349370) Attached to: IPv6-only Hosting Won't Make Sense For Years

It makes sense for several years already, as a lot of "firewalls" (eg, that nice Great Chinese Firewall) and various other such country-wide blockades to the Internet, do not have a single bit of understanding of IPv6, and as long as they remain that way, IPv6 will work like a charm......

Next to the other thing for home users: everything becomes accessible, instead of having to get IPv4 addresses from your home ISP (which generally they won't do, but indeed there are cases where they do), or getting a private server outside in a network, which is not home. For years already: set up an IPv6 tunnel, get a prefix, use it from anywhere.

Those who can, do; those who can't, simulate.