If you have the August 13, 2024—KB5041580 update. You’re good.
Hah! Joke’s on you. I accidentally restarted my PC and updated it without wanting to.
Yeah? Well I was playing a game and it rebooted in the middle of a boss fight!
I was mid-proposal. She said, “Yes, as long as this call doesn’t e…” Thanks a lot, Microsoft!
😏🐧
People always talk about Arch. I wonder what people think of other oses and the people who run them lol. Like I’m a bearded Debian user (closer to the look of the Dilbert comic unix guy).
If Linux is so great, then explain why I can’t even install this latest security patch for Windows on my Tumbleweed??
Great, it worked!
But now I have ads on my desktop, tiler, and all the menues feature ‘sponsored’ content instead of my shit.
As a networking nerd, I am endlessly frustrated with how many otherwise smart people are just ‘fuck ipv6 lmao’
Giving me goddamn flashbacks to this https://www.youtube.com/watch?v=v26BAlfWBm8
IPv6 genuinely made some really good decisions in its design, but I do question the default “no NAT, no private network prefixes” mentality since that’s not going to work so well for average Janes and Joes
No NAT doesn’t mean no firewall. It just means that you both don’t have to deal with NAT fuckery or the various hacks meant to punch a hole through it.
Behind NAT, hosting multiple instances of some service that uses fixed port numbers requires a load-balancer or proxy that supports virtual hosts. Behind CGNAT, good luck hosting anything.
For “just works” peer to peer services like playing an online co-op game with a friend, users can’t be expected to understand what port forwarding is, let alone how it works. So, we have UPnP for that… except, it doesn’t work behind double NAT, and it’s a gaping security hole because you can expose arbitrary ports of other devices if the router isn’t set up to ignore those requests. Or, if that’s not enough of a bad idea, we have clever abuse of IP packets to trick two routers into thinking they each initiated an outbound connection with the other.
can you tell me if any device in an IPv6 LAN can just assign itself more IP v6 adresses and thereby bypass any fw rule?
Routers simply need to block incoming unestablished packets (all modern routers allow for this) to replicate NAT security without NAT translation. Then you just punch holes through on IP addresses and ports you want to run services on and be done with it.
Now, some home routers aren’t doing this by default, but they absolutely should be. That’s just router software designers being bad, not IPv6’s fault, and would get ironed out pretty quick if there was mass adoption and IPv4 became the secondary system.
To be clear, this is not a reason not to be adopting IPv6.
Routers simply need to block incoming unestablished packets
This is called a firewall
Not the person you were replying too, but I was there when we had modems and raw-dogged the internet.
The average person clicks “Yes” on everything without reading it, has no idea what a firewall is, and they never update anything unless it does it without asking.
Having things accessible from outside your network is great if you’re a network nerd and that’s what you want, but most people are going to be in a world of unprotected shit. Especially in a world of pointlessly online devices. I don’t trust any of those fuckers to have their shit in order.
Honestly the more I think about it the more I realize I’m wrong. I was thinking someone could enable a server on their client device without realizing it but the firewall on the router would still need to be modified in that situation, and anything not requiring firewall modifications would be just as much of a security hole on IPv4
As a tech nerd who self hosts stuff, I’m more like “what is IPV6 and why is it causing me issues, I can’t figure this out, I guess I’ll disable it, wow my problems are fixed now.”
I guess I can see why people don’t like it, as it’s caused me issues, but just because I don’t understand it doesn’t mean it’s dumb. I’d need to understand how it works before I could say anything about it, positive or negative. I guess all I could say is that it’s been way less intuitive to me, I can’t memorize the numbers, and the reason it exists makes sense. Beyond that, I unno.
I should probably spend the time to learn about it, but I already have a full time job where I work on computers all day, I’d rather focus on my other hobbies while I’m at home.
It’s not terribly difficult to learn when you avoid trying to relate it to IPv4 concepts. Particularly: forget about LAN addresses and NAT, and instead think about a large block of public addresses being subdivided between local devices.
instead think about a large block of public addresses being subdivided between local devices.
Thinking about all my devices being exposed like that gives me the heebie jeebies. One public facing address hiding everything else on a private network is much less frightening to my monkey brain.
Back in the days I had an ISP that offered me IPv6 network, it was really easy to self host things over the internet, because IPv6 is unique to all devices, so the server had its own IPv6 global address, which I could access from anywhere with IPv6 connectivity. No more dealing with port forwarding (considering that the ISP didn’t block the forwarding of ports). Just a firewall setting and voila, the service was accessible. It’s that simple.
IP4 is running out, that’s the problem. Or better, IP4 is hoarded by companies and they don’t give them up. The insane amount of network devices every human being uses on a daily basis doesn’t make the situation better. It exploded the last 10 years and only gets worse. The fuckery ISPs are doing to solve it without IP6 is insane, fuck cgnats and co. The whole networking world would be so much better to get it over with and adopt IP6 everywhere and let the hoarders drown in their mountain of IP4.
Old tale, I know, but just cause v4 is running out on the internet it doesn’t stop anyone from using it in their homes. I manage some ASNs on the internet. I have no need yet to worry about implementing v6 on the inside.
Is this for Windows 11?
My windows XP laptop is good right?
Just anyone with a windows xp machine really
“Compromises all devices running … an IPv6 address.”
Oh so no one is effected. (other then network nerds, and they are not real)
IPV6 is already rolled out in parts of the world. My provider has a Dual Stack lite architecture, the home connection is over IPV6, IPV4 is normally being tunneled via V6 through a provider grade NAT.
As I AM a network nerd, I pay for a dedicated IPV4 address every month, so I can reach my stuff from outside from old IPV4 only networks.
So when I plug in my router, connect a windows machine and just google stuff then all this traffic will be IPV6 without me configuring anything.
It’s so great fun having the attack surface being doubled by dual stack setups.
Why not instead use the money to pay for a domain name and use a router with a dynamic DNS daemon?
Because behind the carrier grade NAT I don’t get a routable IPV4 at all, so no inbound connections.
With the IPV4 I use I do use dyndns now, so I can resolve it from outside.
IPv6 is enabled by default on windows.
EDIT Here’s how to disable it. If you can’t on your modem/router. Open the network menu from the icon in bottom right of screen > right click on the network you are connected to and click “status” > In the popup click on the “Properties” button > You’ll get another popup with the name of your network adapter in a top line/box and a secondary box with a list of things in it > Look for the entry “Internet Protocol Version 6 (TCP/IPv6)” and uncheck the box in front of it > click OK.
you can have both addresses at the same time - this site shows both if you have them: https://whatismyipaddress.com/
Unfortunately (or fortunately, it depends on how you see it), some providers are already on IPv6. My Italian ISP has IPv6 with CGNAT, so all its users are on IPv6 without even knowing what it is.
