Mastodawn

Ryan Castellucci (they/them)

Coworker: ...and the IP address are compared with a string match.
Me: grinning manically
Coworker: Why are you looking at me like that?
Me: Open up a terminal and type ping 4.2.514 and hit enter.
Coworker: ...what's the fourth number?
Me: grin widens Just hit enter.
Coworker: WTF!?

Jan Schaumann Apr 23, 2025

@ryanc @0xabad1dea :-) For those in the thread looking for even more shenanigans with inet_aton(3): https://www.netmeister.org/blog/inet_aton.html

IPv4 addresses are silly, inet_aton(3) doubly so.

For historical reasons, inet_aton(3) accepts IPv4 addresses in several silly formats. Let's see what we can do with those...

Rob Landley Apr 23, 2025

@jschauma @ryanc @0xabad1dea Back in 2018 Dave Taht and a few other people tried to reclaim the "class E experimental" address range and most of multicast, which together are about 1/8 of the IPv4 address space.

https://landley.net/notes-2018.html#25-10-2018

The ipv6 stans FREAKED OUT because the only argument their terrible tech ever had was ipv4 exhaustion, largely due to poor initial allocation back in the 1980s (giving korea 64k total addresses, for example).

Rob Landley's Blog Thing for 2018

@landley @jschauma @ryanc @0xabad1dea I think #IPv6 would've gotten more acceptance if it was merely a 4x long #IPv4 annotation instead of doing hexadecimals.

I mean, worse would've only been #base32hex or #base64hex for IPv6 addresses...

Rob Landley Apr 25, 2025

@kkarhan @jschauma @ryanc @0xabad1dea Nope, ipv6 is fundamentally flawed because you can't persistently identify an internet access point in a useful way. That's why wikipedia blocked the entire IPv6 address range for anonymous edits. (May still do, haven't checked.)

You could instead have subdivided the port space without ANY protocol change, and done 1.2.3.4.[0-16] to give each NAT user their own 4096 public ports. 1.3.2.4.2 port 80 is a web server on host port 8192+80...

Rob Landley Apr 25, 2025

@kkarhan @jschauma @ryanc @0xabad1dea Ahem, [0-15].

As the saying goes: the two fundamental problems in computer science are cache invalidation, naming things, and off by one errors.

Rob Landley Apr 25, 2025

@kkarhan @jschauma @ryanc @0xabad1dea There's only about twice as many people on the planet as there are IPv4 addresses NOW. Increasing the address space by 16x would mean each person (including infants and the illiterate) could have 8 public devices online fulltime without sharing or dynamic provisioning.

Giving each grain of sand in the solar system its own subnet was unmanageable futurism BS to extend the address range to a star trek future with zillions of planets talking via instant FTL.

@landley @jschauma @ryanc @0xabad1dea yeah, the exhaustion problem would've been shoved back with a #64bit or sufficiently delayed by a 40bit number.

Unless we also hate #NAT and expect every device to have a unique static #IP (which is a #privacy nightmare at best that "#PrivacyExtensions" barely fixed.)

I mean they could've also gone the #DECnet approach and use the #EUI48 / #MAC-Address (or #EUI64) as static addressing system, but that would've made #vendors and not #ISPs the powerful forces of allocation. (Similar to how technically the #ICCID dictates #GSM / #4G / #5G access and not the #IMEI unless places like Australia ban imported devices.

I guess using a #128bit address space was inspired by #ZFS doing the same before, as the folks who designed both wanted to design a solution that clearly will outlive them (way harder than COBOL has outlived Grace Hopper)...

Personally I've only had headaches with #IPv6 because not only do I only have #IPv4only #Internet but my #ISP refuses to allocate even a singe /64 to me (but has no problem throwing in a free /29 of #IPv4's in with my contract!)and stuff like #HurricaneElectric / #HEnet's #Tunnelbroker fail face first due to #Geoblocking and the fact that #ASNs get geolocated, not their #PoPs...

If I was @BNetzA I would've mandated #DualStack and banned #CGNAT (or at least the use of CGNAT in #RFC1918 address spaces) as well as #DualStackLite!

@landley @jschauma @ryanc @0xabad1dea
I guess the only way "out of this mess" for me would be to cough up €500 p.a. in @ripencc membership fees and start my own #ASN and get a /48 of #IPv6 & /24 of #IPv4 allocated.

TBH, I have more pressing dues to pay for and I shouldn't have to worry about this at all...

Chris 🏃 🐧Apr 26, 2025

@kkarhan @landley @jschauma @ryanc @0xabad1dea @ripencc
I wish it was only 500 EUR annually and you’d get IPv4 as well. Reality is that it’s almost 2k EUR and there’s a huge waiting list for IPv4 allocations (or the more expensive secondary market).

@cr @landley @jschauma @ryanc @0xabad1dea @ripencc so it's even less of an option.

Thanks for letting me know.

Rob Landley Apr 25, 2025

@kkarhan @jschauma @ryanc @0xabad1dea @BNetzA The trick I mentioned could have been done entirely in userspace. (Still can, really.) It's a libc wrapper. They did a more intrusive solution because they wanted to (projecting exponential growth forward forever instead of the inevitable s-curve), and the IPv6 supporters fought against any attempt to fix up IPv4, as recently as 2018's attempt to reclaim 500 million unused addresses.

@landley @jschauma @ryanc @0xabad1dea I think redistributing the /8 subnets that #DoD holds hostage would've been a strategy, alas I do expect the Orange Tyrant to fuck up the #Internet by messing up #IANA & #ICANN, breaking it with #cyberfacism…

Karl Auerbach Apr 25, 2025

@kkarhan @[email protected] @jschauma @ryanc @0xabad1dea Before he recently died Dave Taht was pushing for the re-allocation of almost all of the IPv4 class D (multicast) space as well as for much of the 127./8 loopback space. (I thought that Dave's ideas were good ones.)

My experience with the IP address RIRs is that they are reasonable and reasonably well run. On the other hand, the domain name space under ICANN is well captured by the domain name selling and trademark protection industries, and, to a rather lesser degree, by people who claim to represent (without solid credentials to prove it) governments and governmental bodies.

Patrick Mevzek Jul 21, 2025

@landley @kkarhan @jschauma @ryanc @0xabad1dea "would mean each person (including infants and the illiterate) could have 8 public devices online fulltime without sharing or dynamic provisioning." That is already FAR too low. Consider all ioT devices all around the houses, every piece of furniture wants its IP and connection to the world-wide Internet (and don't reply: NAT!). Extending the space was one, but absolutely not the only goal of IPv6.

@pmevzek @landley @jschauma @ryanc @0xabad1dea still, a #64bit #AddressSpace would've been more than sufficient as we can see by the fact that /64 is the default #IPv6 allocation for basically any consumer connection.

A #128bit address space is quite inefficient given we ain't saturating even half of it.

#ZFS does have that problem, abeit #Sun engineers at the time expected #64bit to be as quickly deprecared as #16bin and #32bit.

Patrick Mevzek Jul 21, 2025

@kkarhan @landley @jschauma @ryanc @0xabad1dea "still, a #64bit #AddresaSpace would've been more than sufficient". Yes, the famous "640KB should be enough for everyone". "A #128bit address space is quite inefficient" Why/where/how inefficient? Do DFZ routers have problems? Is storage SO constrained nowadays that we can't store 128bits values? Or is this again the revenge of "oh my god IPv6 is so difficult, I can't remember all those long addresses like I did in IPv4"?

@pmevzek @landley @jschauma @ryanc @0xabad1dea no, it's just absurd to skip #64bit...

I'd not be pissed if #IPv6 was widely available.

I can't even get a /64 but my ISP is happy to give me /28 subnets of IPv4...

Patrick Mevzek Jul 21, 2025

@kkarhan @landley @jschauma @ryanc @0xabad1dea "I can't even get a /64 but my ISP is happy to give me /28 subnets of IPv4...". Which means bad ISP not bad IPv6 protocol.

@pmevzek @landley @jschauma @ryanc @0xabad1dea Add to that not every endpoint I want to connect even has #IPv6 and not every application I have to use works with IPv6 - some won't even work with #CGNAT!

Rob Landley Jul 21, 2025

@pmevzek @kkarhan @jschauma @ryanc @0xabad1dea Some friends in Tokyo talked to a hosting place at the top of a skyscraper in shinjiku to get 3U of rack space last week, and part of the negotiation was how many IPv4 addresses they should get for the servers. (They were offered up to 8 depending on what they wanted to pay.)

I asked: the japanese translated in their .en PDF as "publicly routable" meant ipv4. IPv6 isn't even used internally there (it's 192.168.x.x or something behind the firewall).

@landley @pmevzek @jschauma @ryanc @0xabad1dea And that is espechally baffling considering that #APNIC as #RIR ran out of #IPv4|s first.

And right now I'm between a rock and a hard place and either become a @ripencc member or cough up equal amounts in monthly installments just to get some properly geolocated #IPv6.

Cuz people telling me "Oh, just use HEnet's Tunnelbroker"" never experienced the shitshow that is #Geoblocking and #GDPR-#Noncompliance with #Malvertising to slap their faces!

Cuz believe me, I tried, but since some idiots decided to #GeoIP entire #ASN|s and not #IP - #Allocations the PoP in FRA (FFM actually) will get me mislocated to the #USA!

Kevin Karhan :verified: (@[email protected])

@[email protected] @[email protected] @[email protected] @[email protected] @[email protected] no, it's just absurd to skip #64bit... I'd not be pissed if #IPv6 was widely available. - I can't even get a /64 but my ISP is happy to give me /28 subnets of IPv4...

Infosec.Space

@landley @pmevzek @jschauma @ryanc @0xabad1dea @ripencc Tho scratch that.

I'm getting shafted by my #ISP which is a #cable #monopolist and basically offering me a 109% increased bill with worse contract terms or cancelling me as a client.

Almost as if my objections at @BNetzA & @[email protected] / @[email protected] / #Bundeskartellamt were 100% justified, cuz noone likes #Vodafone!

And the only alternatives are unusably slow and expensive #4G / #5G connectivity and slower #xDSL because OFC the #landlord won't let me install a #fiber to my place (even if I could afford it!)...

@landley @pmevzek @jschauma @ryanc @0xabad1dea @ripencc @BNetzA I really need to look if I can dig up my #objection against #Vodafone being allowed to acquire #Unitymedia and see what I can do about that.

Rob Landley Jul 21, 2025

@kkarhan @pmevzek @jschauma @ryanc @0xabad1dea @ripencc j-core.org is 5.8.71.57, and landley.net is 67.205.27.143. Neither had trouble getting or keeping an ipv4 address for many consecutive years. There's over a billion of them, even with IPv6 advocates keeping hundreds of millions of multicast and class e addresses out of use.

We haven't suddenly needed to quadruple the length of phone numbers or credit card numbers either. That's not how humans work.

@landley @pmevzek @jschauma @ryanc @0xabad1dea @ripencc mostly because addresses get reused (Dynamic IPs were always the norm for consumers!) and because big block allocations get sold off and deallocated.

The fact that the #US #DoD has multiple /8 blocks hoarded that ain't even publicly routed is the most extreme example: The have enough static IPv4's to assign every past and current servicemember and every military vehicle one and would still have enough to spare.
In fact they have enough static #IPv4's to give everyone in the USA one and would still have propably more to spare than the entire rest of #NATO & #ANZUS / #14Eyes' #MILINTEL have combined.

Instead we have a giant cottage industry that deals with the artificial scarcity of IPv4's like digital real estate brokers, collecting value-removing fees for every transfer they can make which is explicitly rewarding #GAFAMs like #Apple that got a /8 early on and are now propping up their corporate valuation because that address block alone is propably worth a billion if not more.

List of assigned /8 IPv4 address blocks - Wikipedia

Named Bird Jul 21, 2025

@kkarhan @landley @pmevzek @jschauma @ryanc @0xabad1dea @ripencc An IPv4 /8 block won't be worth a billion if everyone is using IPv6.
The moment that the bigger IPv6 shift begins, it'll start to snowball and reduce the need for IPv4. Lower demand means lower value. (Especially if the supply keeps increasing from all those ISP's that are selling their remaining IPv4 blocks.)

At least, that is what i suspect will happen.

Rob Landley Jul 21, 2025

@namedbird @kkarhan @pmevzek @jschauma @ryanc @0xabad1dea @ripencc The first presentation I saw about IPv6 was in 1998. IPv4 was ~15y old at that point. It's been about 30y since then.

I hear less about ipv6 now than in 2011. Passive consumers of data NATed behind firewalls don't really _have_ meaningful addresses, whether they see themselves as 10.x.x.x or something with colons is irrelevant. Public facing boxes don't have a hard time getting IPv4, https://www.lightwavenetworks.com/our-services/raspberry-pi-colocation/ is $7/month for 5.

US Raspberry Pi Colocation & Hosting | LightWave Networks

At LightWave Networks, we offer space saving Raspberry Pi colocation and Raspberry Pi hosting server rentals at a low monthly price Contact us to learn more!

LightWave Networks

Patrick Mevzek Jul 21, 2025

@landley @namedbird @kkarhan @jschauma @ryanc @0xabad1dea @ripencc "Public facing boxes don't have a hard time getting IPv4," Yeah yeah for sure. And then: https://aws.amazon.com/blogs/aws/new-aws-public-ipv4-address-charge-public-ip-insights/. Not hard to get IPv4 addresses still today, FOR SURE. Yet, becoming more and more costly. I wonder why…

New – AWS Public IPv4 Address Charge + Public IP Insights | Amazon Web Services

We are introducing a new charge for public IPv4 addresses. Effective February 1, 2024 there will be a charge of $0.005 per IP per hour for all public IPv4 addresses, whether attached to a service or not (there is already a charge for public IPv4 addresses you allocate in your account but don’t attach to […]

Amazon Web Services

Patrick Mevzek Jul 21, 2025

@landley @namedbird @kkarhan @jschauma @ryanc @0xabad1dea @ripencc "Passive consumers of data NATed behind firewalls" The Internet was built with end to end as principle, which is restored with IPv6. Some may consider everything else to not be the Internet but some closed silo. Which of course suits big silo-ed providers and ecosystems where individuals are not expected to produce anything from their side, just through the provider.

Patrick Mevzek Jul 21, 2025

@kkarhan @landley @jschauma @ryanc @0xabad1dea @ripencc "The fact that the #US #DoD has multiple /8 blocks …" It is interesting to see in a thread mostly focusing on IPv6 space allocation growth from IPv4 and thinking that is its only goal, to exactly see another of the problems. IPv4 started class full (not per protocol, but some assignment strategy had to be found), and yes that became a bad idea, and it took years to upgrade everything to classless. An error not made again in IPv6.

Rob Landley Jul 21, 2025

@pmevzek @kkarhan @jschauma @ryanc @0xabad1dea @ripencc I said "over a billion". The address space is 4 times that. Why should I care about 30-year-old DOD hoarding or Class E and multicast still being locked up for no reason? (If YouTube, Netflix, and Spotify aren't using multicast nothing ever will. Release it to GenPop already.)

IPv6 believers have been warning for 30 years about a critical shortage of a resource currently available for less than $2 a month, and it's always "real soon now".

Patrick Mevzek Jul 21, 2025

@landley @kkarhan @jschauma @ryanc @0xabad1dea @ripencc "Class E and multicast still being locked up for no reason? " For no reasons? Except all the broken middleboxes and other equipments that 1) will never be updated and 2) encode old conceptions that we now want to remove but you can't rewrite history. Look at the hoops TLS 1.3 or QUIC, had to go just because of broken middleboxes.

Patrick Mevzek Jul 21, 2025

@landley @kkarhan @jschauma @ryanc @0xabad1dea @ripencc "IPv6 believers have been warning for 30 years about a critical shortage" Which is exactly there, since a long time. It is just a fact. But then since technology and Internet does not appear and run in a bubble but in current market conditions, being a capitalist one in majority, then the market adapts around scarcity by bringing prices up. The fact that you can buy but at higher cost does not mean the resource is not scarce.

Patrick Mevzek Jul 21, 2025

@kkarhan @landley @jschauma @ryanc @0xabad1dea @ripencc "which is explicitly rewarding #GAFAMs like #Apple that got a /8 early" Internet is full of "first mover advantage" cases. You can't rewrite the history. Better to just define new things that don't repeat the same errors.

Rob Landley Jul 21, 2025

@pmevzek @kkarhan @jschauma @ryanc @0xabad1dea @ripencc IPv6 is only "new" the way the Dvorak keyboard is new. It's from last century. It predates the iMac.

Patrick Mevzek Jul 21, 2025

@landley @kkarhan @jschauma @ryanc @0xabad1dea @ripencc IPv6 seems still new for some minds, even in classrooms some seem to artificially want to cling to obsolete historical technologies for no other reasons than 1) not wanting to evolve and learn new things (this is the "oh my god these addresses are now so long I can't remember them!") and 2) "employability" (so chicken and egg problem like for any technological upgrade). IETF did an error indeed by saying mission complete too early.

Patrick Mevzek Jul 21, 2025

@landley @kkarhan @jschauma @ryanc @0xabad1dea @ripencc I remember some discussions even 10 years ago with network guys claiming "oh it is so hard to maintain all the internal network dual stack" (ACL madness, etc.) to which the only sane answer is "internally, you don't need IPv4 AT ALL, and ditch all broken software and hardware not doing IPv6, just keep some external IPv4 for external communications". Facebook did exactly that long time ago: https://www.internetsociety.org/resources/deploy360/2014/case-study-facebook-moving-to-an-ipv6-only-internal-network/

Case Study: Facebook Moving To An IPv6-Only Internal Network - Internet Society

At the 2014 v6 World Congress in Paris, Facebook’s Paul Saab outlined how Facebook is well on the path toward moving to an IPv6-only internal network. He makes the point that why should you deal with the headache of maintaining a dual-stack (IPv4/IPv6)? Instead just move your internal network to be IPv6-only and then have […]

Internet Society

@pmevzek @landley I wish I had this luxury.

Cuz I often have to deal with fucked-up networks that are #IPv4only and sometimes going #DualStack is flatout not being allowed and even having #IPv6 at the public-facing side is seen as a problem.

And I'm more often than not not the guy who gets to make that decision.

I was only able to get IPv6 allowed WAN-side at one place after my employer encountered the problem that some workers have shitty #CGNAT that bricks #OpenVPN so they could not #VPN to the HQ.

Patrick Mevzek Jul 21, 2025

@landley @kkarhan @jschauma @ryanc @0xabad1dea @ripencc "We haven't suddenly needed to quadruple the length of phone numbers or credit card numbers either." You are seriously comparing the rate of human growth to the rate of number of devices wanting to be interconnected? And you think they are similar? Oh my…

@landley @jschauma @ryanc @0xabad1dea I should see if the #IPv4 numbering trick also applies to #IPv6 and make a "notation coverter" afterwards.

Just for teh lulz...

Ryan Castellucci :nonbinary_flag: (@[email protected])

Coworker: ...and the IP address are compared with a string match. Me: *grinning manically* Coworker: Why are you looking at me like that? Me: Open up a terminal and type `ping 4.2.514` and hit enter. Coworker: ...what's the fourth number? Me: *grin widens* Just hit enter. Coworker: WTF!?

Infosec Exchange

@landley @jschauma @ryanc @0xabad1dea well, #CGNAT has it's own problems and bricks connectivity forr many applications.

@landley Nope, it's much easier to block a /64 than a client behind a big CGNAT.

@Jarek @landley that assumes #IPv6 addresses are static (Providers in #Germany do "pseudostatic" alike #IPv4 and unless one's a business customer, will forcibly disconnect once each 24 hours and reassign a new IP) and that applications ain't configured to prefer IPv4 over IPv6 just to avoid timeouts and having to check if IPv6 exists since the only "#IPv6only" #ISP I know is #Starlink (and even they do #CGNAT due to customer complaints…)

@kkarhan no, it's just pointing the blocking argument is invalid in the times of CGNATs. From my experience IPv6 addresses change less frequently than IPv4 though.

@Jarek personally, I tend to block entire ASNs instead if single IPs or CIDR blocks like /24...

@kkarhan I like the "gradual" algorithm — start with /32 for v4 or /64 for v6, then block bigger blocks if there are few smaller blocks from a single bigger one. With bigger ISPs it's often undesirable to block too many innocent users just because one or few abusers.

That really depends on the use case though, I definitely can think of cases when blocking ASNs would be a good strategy.

@Jarek I mean, I have entire #ASN|s on my blocklist due to being #RogueISP|s that refuse to handle #AbuseReports at all (or only upon LEA subopenas for CSAM & terrorism as in armed masked SWAT units kick in their doors and hold staff at gunpoint)…
https://github.com/greyhat-academy/lists.d/blob/main/drop.asn.block.list.tsv

lists.d/drop.asn.block.list.tsv at main · greyhat-academy/lists.d

List of useful things. Contribute to greyhat-academy/lists.d development by creating an account on GitHub.

GitHub