Antonis Chariton

@antonis
246 Followers
427 Following
879 Posts
R&D at Cisco
Bloghttps://blog.daknob.net
LocationZürich, Switzerland
Signalroot.1337
AS4601, 210312, 4492
Antonis Chariton12h ago
Kind of a Bingo Prodigy1d ago
Sufficiently advanced adtech is indistinguishable from malware
Antonis Chariton2d ago
Bryton Herdes3d ago

Let’s talk malformed AS_PATHs. Unless you’re enforcing the “First AS” of received routes, you’re vulnerable to hijacks that not even ASPA validation can prevent.

Read more here, and enforce the First AS in BGP.
https://blog.cloudflare.com/enforce-first-as-bgp/

Enforcing the First AS in BGP AS PATHs

BGP is vulnerable to routing hijacks and path leaks that negatively impact traffic on the Internet. RPKI helps solve some of these problems, but for some forged paths, we need to rely on a simpler mechanism: First AS enforcement in BGP.

The Cloudflare Blog
Antonis Chariton6d ago
Julia  6d ago
New signal vulnrubility: in the app, you can read your messages in plaintext!!! Matrix prevents this
Antonis CharitonMay 28
goetzMay 28

Want to help testing #CLAT on Linux and run #networkmanager?

Please tryout:
https://ipv6-pod.info/2026-02/network-manager-clat.html

#IPv6only #IPv6 #464XLAT

Testing NetworkManager CLAT support

NetworkManager CLAT support has been merged! What is a CLAT? In IPv6-only or IPv6-mostly networks, access to IPv4 resources is often required. The most promising way IPv4 access can be provided is through a 464xlat deployment in the network, which provides IPv4 over the top of an IPv6-only infrastructure infrastructure. A key piece in this deployment is a CLAT (or Client-side Translator), which translates IPv4 traffic to IPv6 so it can be sent to the PLAT (or Provider-side Translator). Operating Systems that include CLATs today iOS macOS Android ChromeOS Windows (on LTE/5G interfaces only) In fact, a major LTE/5G provider in the US has been using 464xlat to provide IPv4-over-IPv6 for well over a decade, allowing them to operate a majority of their mobile network infrastructure as IPv6-only. There has been a concerted effort to bring CLAT functionality to more devices, and NetworkManager has recently merged in initial CLAT support, bringing Linux systems closer to an IPv6-only world. Can I Test It? This feature has not been released yet, but if you're keen to try it out, the NetworkManager nightly RPM builds makes this easy. Note that nightly builds are experimental and can break unexpectedly -- be sure to test on a system you're ok breaking. First you'll need a network with NAT64, PREF64, and DHCPv4 Option 108 enabled. If you don't have these deployed in your network the IPv6 Test Pod Project is here for you! After you have a 464xlat-ready network, you'll need to install the nightly build of NetworkManager, below are some command snippets that will work on Fedora and RHEL-based Linux distributions. nmcli --version # 1.54.3-2.fc43 sudo dnf install -y copr sudo dnf copr enable networkmanager/NetworkManger-main sudo dnf upgrade # Upgrade to nightly build reboot nmcli --version # 1.57.2~dev-34410.fc43 # Enable CLAT and DHCP Option 108 sudo nmcli connection show sudo nmcli connection show "Wired connection 1" | grep -E 'clat|ipv6-only' sudo nmcli connection modify "Wired connection 1" \ ipv4.clat auto \ ipv4.dhcp-ipv6-only-preferred auto sudo nmcli connection up "Wired connection 1" # View CLAT configuration ip -4 addr ip -4 route # Check CLAT functionality curl -6v canhazip.com curl -4v canhazip.com traceroute -4 canhazip.com Note that to enable the CLAT 1) The PREF64 attribute must be present in an IPv6 Router Advertisement and 2) DHCPv4 option 108 must be enabled in the network -or- there DHCPv4 services must be disabled in the network. After enabling and activating the CLAT, you should see something like the following: What happens next? CLAT functionality is slated to be in NetworkManager release 1.58. Until it's more thoroughly tested, the CLAT will be disabled by default. This is a big step forward in readying Linux for an IPv6-only future. Until then, it's worth testing this feature if you have a spare desktop/laptop/vm and 464XLAT available on your network. If you'd like to follow further CLAT improvements in NetworkManager, keep an eye out CLAT related for issues and merge requests And don't wait for this feature to be available everywhere. With the advent of [RFC8925 - IPv6-Only Preferred Option for DHCPv4][5], aka DHCP option 108, aka "IPv6 Mostly", you can gradually deploy IPv6-only networks on your network to devices that support it.

IPv6 Test Pod
Antonis CharitonMay 26
Gemini 3.5 Flash has been system prompted to output LaTeX to show nicer math to the user but it looks like they forgot the terminal doesn't natively render it…
Antonis CharitonMay 25
Jeroen BaertMay 25
Holding a veritable piece of nerd history :O
Antonis CharitonMay 22
Kajetan StaszkiewiczMay 20

Slowly working on removing Legacy IP networks at $WORK

```
# sudo pfctl -qsr | grep 64:ff9b::/96 | grep af-to | wc -l
312
```

#ipv6 #pf #freebsd

Antonis CharitonMay 16

Every single working day that passes I can’t comprehend how people pay for Office 365 when it’s so horrible. Probably they don’t care about the UX at all.

But PowerPoint is probably Teams-level crap.

Today’s issue:
- You can’t have emojis in your slides or they silently break, fine
- You replace all emojis with PNGs, sure
- *The saved PPTX has wrong image order despite showing fine*

Basically if I quit PowerPoint now I need to re-order all of the images again.

Antonis CharitonMay 13
IPng NetworksMay 12

Automation is such a beautiful thing, when done safely.

#vpp #gitea #selfhosting

Antonis CharitonMay 11
equinoxMay 10

Just in case anyone was wondering how BGP is doing…

(The graph only includes functions that either call each other in a cycle or are called directly by the event loop.)