Mastodawn

Litchralee_v6

@litchralee_v6@ipv6.social

80 Followers

52 Following

936 Posts

Hello (IPv6) world!

This is my sub-account for #IPv6 and related things. My main account is @litchralee

He/him

Pronouns

Litchralee_v6 1d ago

geekysteven Jul 7

Due process isn't as exciting to talk about, but it's a load-bearing right. If you don't have that one, you don't have the other ones either

Litchralee_v6 3d ago

lT security 101: Don't leave your company laptop with authentication smart card inserted, applications open and without screensaver at your seat when using the lavatories on a train. Unbelivable...

Litchralee_v6 4d ago

Mathy Vanhoef 5d ago

Yikes. Turns out you can send a plaintext radio signal to cause any train in the USA to do an emergency break. The original 'security' was just a checksum, no encryption or authentication. Reporting this took them 12 years (!) because the vendor dismissed it initially https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-10

Litchralee_v6 5d ago

Nivex 🐧 📻5d ago

@jima Minnesota and #IPv6 represent: https://openriver.winona.edu/rca/2025/schedule/92/

I wish we could see their code. I see lots of chatter about NAT64 and eBPF but I haven't yet found anything I can actually load.

An Implementation and Comparison of NAT64 using eBPF and the Jool Kernel Module.

IPv4 exhaustion has been a prevalent problem for years, as organizations and service providers have fought against the scarcity of IPv4 address space on the internet. NAT64 is increasingly deployed as a solution to this problem. As a result, it becomes increasingly important that the deployment of NAT64 technologies is easy and performant. Numerous implementations of NAT64 technologies already exist, and some new implementations use eBPF as well. In this research, we implemented a CLAT with an eBPF TC classifier and compared its performance to Jool, a widely used kernel module. We did this using a series of virtual machines on two networks, and a VyOS router. Using iperf3, we compared throughput in TCP and UDP and analyzed throughput and performance loss. Deployment is trivial – essentially loading the program to the appropriate interfaces – and the overhead is minimized because both approaches stay entirely within kernel space.

OpenRiver

Litchralee_v6 5d ago

Stefan Baur 7 * 💉5d ago

@leyrer @nico will only be interested if it also does IPv6 😉

Litchralee_v6 Jul 10

The #homeautomation protocol is named #Thread, perhaps that is a typo as #Threat is more apt and accurate. If you roll your own device you might very well experience the full force of their blood thirsty lawyers.

What the actual F.

Thread - the tech we can't use or teach - Dennis Schubert

Random thoughts, articles and projects by a chronic overengineer.

Litchralee_v6 Jul 10

Nivex 🐧 📻Jul 9

If you believe that AI is inevitable but #IPv6 is not, well, you're probably not even reading this since we don't live in the same reality.

Litchralee_v6 Jul 9

I used to think Kubernetes was complex machinery solving scalability problems I would never have. I was wrong.

Kubernetes has less moving parts than my handmade deployments. It's sturdier than my hand written playbooks. It solves problems I already have.

https://ergaster.org/posts/2025/07/09-kubernetes-black-friday/

#kubernetes #selfHosting #homelab

Kubernetes is not just for Black Friday

I self-host services mostly for myself. My threat model is particular: the highest threats I face are my own incompetence and hardware failures. To mitigate those risks used to rely on podman containers to "standardize" my services, and on ansible to automate the deployment on my VPS.

Litchralee_v6 Jul 7

Nivex 🐧 📻Jul 7

Some back-of-the-napkin math for those worried that we might still exhaust #IPv6 if we're not careful:

We are currently numbering out of 2000:/3, but effectively it's been 2000::/4 so far. The smallest amount of space that can be announced in BGP is a /48.

4 bits off the top and 16 bits off the bottom leaves us with 2^28 individual /48 networks we _could_ issue (obviously we're issuing larger chunks where possible, eg: /32 for many ISPs). This is representable without having to go to engineering notation: 268,435,456.

Last night's bgp.tools dump shows 117,731 active ASNs. We could issue every org with an ASN a starter /48 and still have several orders of magnitude worth of room for growth. And that's even before we get to 3000::/4.

So, don't worry about filling up the pool. Grab what you need (and maybe a bit more) and build the network you've been dreaming of.

Litchralee_v6 Jul 7

Eric Lawton Jul 7

I just got a microphone. Looking forward to reading some, to make free audiobooks for librivox.org.

@PhoenixSerenity

×

lT security 101: Don't leave your company laptop with authentication smart card inserted, applications open and without screensaver at your seat when using the lavatories on a train. Unbelivable...

Maximilian Golla Jun 30

@LaF0rge Way way crazier is this computer mouse 😅

Christian Vogel Jun 30

@LaF0rge or, as we say as “Businesskasper”… Monday.

Abdelkader Boui Jun 30

@vogelchr Das ist kein Businesskasper. Man achte auf die Smartcard im Laptop. @LaF0rge

1000millimeter Jun 30

@abdelkader_boui @vogelchr @LaF0rge Wenns die Firma für alle verlangt braucht auch ein Businesskasper ne Smartcard

Johannes Jun 30

@1000millimeter @abdelkader_boui @vogelchr @LaF0rge Nein, das interessante daran ist nicht, dass das eine Smart card ist, sondern nach welcher Smartcard das aussieht.

@JmbFountain Hilf uns auf die Sprünge.. ich erkenne da nichts 😅

Johannes Jun 30

@hundertzwoelf siehe hier:
https://mastodon.social/@bkastl/114770875578877842

@JmbFountain uff 🥲

M Schommer Jun 30

@JmbFountain @hundertzwoelf @bkastl
Vorsicht, könnte ein Honeypot sein :D

Lucas Treffenstädt Jun 30

@LaF0rge have you sent an email promising cake to their whole company? That's what we do when someone leaves their workstation unlocked 😅

lobingera Jun 30

@lucas @LaF0rge my colleagues just sent an email to everyone to invite for a drink when they found an unlocked computer. The percentage of unlocked computers dropped drastically

That's what we did at a previous job: Send that promise into a specially created group "Cake News".

Stefan Offermann Jun 30

@isotopp @lucas @LaF0rge I am still waiting for an unlocked notebook to establish this group in my company.

Damn colleagues! Hitting WIN+L every time they leave their hardware... ;-)

schrotthaufen Jun 30

@lucas That’s questionable within the own company, and likely a crime if you do it on a train. @LaF0rge

TheConstructor (he/him)Jun 30

@lucas @LaF0rge at university they messed with the desktop wallpaper. We had cases where it was replaced by a screenshot of itself, then icons hidden and taskbar minimized, and cases with pictures thought to be not in the taste of the person not locking the desktop… Very few persons had this happen to them twice. Less cake, though.

thunfisch Jun 30

@LaF0rge Well, there's only honest and law-abiding people travelling in first class, so there's nothing to worry about here! /s

lobingera Jun 30

@thunfisch @LaF0rge i seriously like your sense of humor

Riku Voipio Jun 30

@thunfisch @LaF0rge This is one of the security holes the 9/11 attackers exploited.

@LaF0rge failure on layer 8, the meat space is a tough ground for IT-security. It is so hard to teach users to do the right things. There are cultural barriers between IT departments and basically the rest of their surrounding organisations.

Marcus Müller Jun 30

@daccle @LaF0rge not that I'd generally disagree, but this is quite literally equivalent to leaving a company car with company keyring on the dashboard unlocked at a highway resting area while you're taking a leak. Not hard to communicate at all.
Someone here just doesn't care.

@daccle @LaF0rge

The 8th layer should be part of the OSI model.
Do you mind if I start an internet draft? 😂

@jean_dupont @LaF0rge go for it, but I guess it is already existing

@jean_dupont @daccle @LaF0rge Layers 8 and 9 have been religion and politics for as long as I can remember. Maybe you’re looking at Layer 10.

@timoj @jean_dupont @LaF0rge then we will need a standardisation committee, since in my bubble layer 8 is and always has been the user.

@LaF0rge @daccle @jean_dupont Fine, then you can moderate the inevitable, neverending debate as to when it’s best to hold the requisite ISO standards conference in Switzerland, followed by whatever inevitable argument they’ll have with the NIST folk in Gaithersburg, provided those people still exist.

@LaF0rge Karte ziehen und kurz nen Kaffee trinken gehen.

1000millimeter Jun 30

@ccchris @LaF0rge Wieso gehen? Das Spektakel würd ich mir anschauen wollen

kamikadse Jun 30

@ccchris @LaF0rge Nimm die Kiste komplett mit und schick Karte und Workstation separat mit insgesamt einer Grußkarte ans BSI. Dann gibt‘s ne Gaudi, das sag ich dir

kamikadse Jun 30

@LaF0rge @ccchris #SINASafari #SINAZwangsbremsung

@kamikadse @ccchris na das wäre vmtl wahlweise Unterschlagung, Nötigung oder Diebstahl. Nein danke :/

kamikadse Jun 30

@ccchris @LaF0rge Wieso Nötigung?

Und für Unterschlagung und Diebstahl liegt nicht die erforderliche Zueignungsabsicht vor :p /j

DrScriptt Jun 30

@LaF0rge that’s when I do something like moving / rotating the computer. Something obvious so that they know someone did something but they have no idea what else was done.

Actual smart card. So someone else takes security more seriously than your fellow passenger.

die_christine Jun 30

@LaF0rge As I can see: It's a Lenovo with sensor for fingerprints. You can lock and unlock it within milliseconds.

@die_christine @LaF0rge Yes, but the user of the computer didn’t do that. The screen is clearly indicating the computer is not locked.

die_christine Jun 30

@stadsplanering I can see that. I only wanted to point out that locking and unlocking is so easy. I can'*t understand that he didn't do it. @LaF0rge

@die_christine @stadsplanering @LaF0rge probably not. If the previous commentors are right, then that the Laptop is a Sina Workstation that is running a custom "secure" OS.
Fingerprint is usually not supported on those. You are supposed to pull out the Smartcard which will lock the device automatically. In my opinion that is even easier than biometrics, but still doesn't help if the users don't do it.

@die_christine @stadsplanering @LaF0rge BTW since those devices are built for dealing with confidentiality material it could be even a violation of the german law to leave the laptop unlocked and unattended (if confidential material IS on the device)

@tuxflo @die_christine @LaF0rge I assume it is a violation just leaving it unlocked even if you do not handle confidential information on it at the moment. It is acting as a point of entry to the entire secure system it is connected to. 🤦‍♂️

And yes, just pulling the card out is so easy and locks it right away (had similar system on a work computer a while back).

They should also have those privacy filters installed just to limit the view of the screen.

@LaF0rge They don't care and transform every public space into the cubicle from hell. Encryption is useless with them as they spill all the beans over the air and plain old shoulder surfing and -a pair of working ears- scratch that: a half decent mic and a recording device is all you need.

@maz @LaF0rge Also people entertaining the whole train with their medical problems or relationship drama on their phone. Better than soap operas....

Christian Horn Jun 30

@LaF0rge Don't underestimate this setup of a honeypot to see what comes by..

@LaF0rge "sicher im Rechtssinne"

Alerta! Alerta!Jun 30

@LaF0rge It'd be interesting to see what happens should the smart-card suddenly be lost... 🙈

Bianca Kastl Jun 30

@LaF0rge 🤨 no worries, it’s just government grade authentication 🫣

me·ta·phil, der Jun 30

@bkastl @LaF0rge 🫣

Rationalgarde Jun 30

@metaphil @bkastl @LaF0rge

omg

jan guerillahandwerker ullrich Jun 30

@rationalgarde @metaphil @bkastl @LaF0rge die besten der besten, sir!!

Aki Dockhard Jun 30

@rationalgarde @metaphil @bkastl @LaF0rge
Unverantwortlich! Das Gerät hat keine Blickschutzfolie.

me·ta·phil, der Jun 30

@qwertziop Die braucht's nicht, da Scheuklappen zur Arbeitsplatzausstattung gehören 💪

@bkastl @LaF0rge No worries. Now we are just curious, which certificate is stored on the card.

kamikadse Jun 30

@bkastl @LaF0rge And technical equipment designed to handle information classified as restricted.

010011000101010101011000 Jun 30

@LaF0rge Lenovo mit Sinacard und Billigmaus. Das sieht nach Standardausstattung Bundesministerien aus.

Sven Geggus Jun 30

@hlux @LaF0rge Weil Mäuse laut BMVg maximal 20€ kosten dürfen...

Joshua Barretto Jun 30

@LaF0rge Don't worry, they probably have a dvorak keyboard layout or something

@LaF0rge Open Notepad and type "Ich soll meinen Computer sperren!" into it. Then leave it like that.

Harald Hannelius

@truls46 @LaF0rge at work we tend to open playboy dot com or some such. Open landscape. They won't forget

stefanrower Jun 30

@LaF0rge Bitte nimm den Laptop schreib eine Mail an alle@his-Company.tld mit folgendem Inhalt:

Hallo

[Company]Ich bin ein Laptop der im Zug verlassen und nicht gesperrt wurde.
Ein Unternehmens-Fremder schreibt gerade eine Mail in meinem Namen.
Jeder der auf diese Nachricht innerhalb von 5 min antwortet bekommt eine große Mageritapizza vom Absender ausgegeben.

Einen guten Wochenstart
ein Fremder

Androcat Jun 30

@LaF0rge Honeypot detected

(I hope)

Joerg Moellenkamp Jun 30

@LaF0rge I had a lockscreen displaying a fake spreadsheet for a fake company (something along the line of ACME, but less obvious) for a while. One line at the end there was a line with the value "Curiosity killed the cat" right after "Total revenue projection FY14:". That said, I stopped using it, after realizing I take the the notebook with me even for the shortest moment ....

Joerg Moellenkamp Jun 30

@LaF0rge In the ICE between Hamburg and Berlin this is a frequent occurrence .... besides the even worse habit of shouting company internals through the train ...