From the manual:
curl http://........ | sudo bash
Sure. People doing that without checking also click on attachment ending with .exe under windows.
But wait. I’m not finished. I downloaded the shell script, checked it was harmless. Just adding something to
/etc/apt/apt.conf.d and running
apt-get update. Well actually
apt-get update &> /dev/null. Without checking the return value. Which is bad when it fails.
RFC1883 (Internet Protocol, Version 6 (IPv6) Specification) was published in December of 1995. So congratulations IPv6.
Some time ago I read this mail.
First things first: You can run but you can not hide. IPv6 is here. You’ll have to work with it sooner or later. (alt least if you still want to work in IT in the next couple of years). About 20% of all users from Germany access Google via IPV6..
But: If you don’t take it seriously don’t do it. Implementing dual-stacked services is more work.
1. Monitor your dual-stacked service and take care if something breaks.
2. Use IPv6 on your work computer. It’s a good way too learn, maybe the only way to notice if something is broken and enables you to troubleshoot problems
3. Spread the knowledge. If you are the only person who knows and cares about IPv6 you have a problem.
After reading about this mail on a mailing list I decided too see if you could build something small like Linux from Scratch (LfS) in an IPv6 only environment. The answer is: No.
LfS provides a list of files you’ll have to download to make the project work. Using some shell commands I came up whit a list of 25 different host. Two of them where ftp and only ftp.vim.org has a AAAA-record, ftp.astron.com has not.
Out of the remaining 23 only these 7 answered to HTTP requests via IPv6:
alpha.gnu.org HTTP OK: HTTP/1.1 200 OK
dev.gentoo.org HTTP OK: HTTP/1.1 302 Found
ftp.gnu.org HTTP OK: HTTP/1.1 200 OK
www.bzip.org HTTP OK: HTTP/1.1 200 OK
www.cpan.org HTTP OK: HTTP/1.1 200 OK
www.iana.org HTTP OK: HTTP/1.1 200 OK
www.kernel.org HTTP OK: HTTP/1.1 301 Moved Permanently
And here are the remaining 15:
anduin.linuxfromscratch.org Name or service not known
cpan.metacpan.org Name or service not known
download.savannah.gnu.org Name or service not known
downloads.sourceforge.net Name or service not known
launchpad.net Name or service not known
pkgconfig.freedesktop.org Name or service not known
pkg-shadow.alioth.debian.org Name or service not known
prdownloads.sourceforge.net Name or service not known
sourceforge.net Name or service not known
tukaani.org Name or service not known
www.greenwoodsoftware.com Name or service not known
www.infodrom.org Name or service not known
www.mpfr.org Name or service not known
www.multiprecision.org Name or service not known
www.zlib.net Name or service not known
If someone is looking for IPv6 training, there are two open trainings in the next couple of month:
Munich: September 28th-30th.
Berlin: November 9th – 11th
with this Cisco field notice.
Certain types of snagless Ethernet cables have protective boots that extend too far forward and above the plastic latching tab.
When this type of cable is installed in Port 1 of any 48-port model of the Cisco Catalyst C3650 or C3850 Series switches, the boot might press and hold the Mode button, which invokes Express Setup and reboots the system.
Monitoring by customer is one way to monitor services. In some cases customers will start looking for similar service somewhere else, in some cases you are in trouble because you break your SLAs.
Ans do monitor all related services. One common example are SSL certificates. Here are three other examples:
1. When you are running an IRC Server and have your domain secured with DNSSEC monitor your server, your service and your DNSSEC signatures.
2. When you are running DNSSEC secured domains for a customer and are using an HSM (Hardware Security Module), monitor your servers, your services, your DNSSEC signatures and the rest of the infrastructure including the HSM.
3. If you are using DANE (for SMTP) and are communicating with other people using DANE your communication will fail when your DNSSEC signatures are expired. And when you fixed your setup do not wonder about all the mail you are getting. And on the other side you should monitor your log files.
And when you do monitor DNSSEC: When the signatures are expired it’s too late. You should get a warning
For 1 and 2: I’m using check_dnssec_expiration (https://github.com/MonitoringPlug/monitoringplug)
For 3: status=deferred (Server certificate not trusted) should be the correct term in you postfix log file.
It’s the last Friday of July so Happy Sysadminday to you all
Looks like ARIN is (almost) out of IPv4 space. When I checked they had 88 /23 and 440 /24 networks left.
A story I was told recently and loosely related to todays other post
Boss is telling one of his admins that there is plenty of time to implement IPv6. At least a couple of years. A week later one of their sales people sold IPv6 support to a big customer.