AT&T Gigapower and IPv6

I am very frustrated by AT&T’s support of IPv6. First, they don’t even support native IPv6, they run tunrd on the gateway (router). I can see from the gateway’s webpage that the tunrd process is allocated an entire /60 network (16 subnets), which would be plenty for me, and it only uses the first one on the LAN interface. But there is no way to define an IPv6 static route on the gateway, so that I can use any of the other 15 subnets. On top of that, the firewall in the gateway only allows you to poke holes through the IPv4 firewall. It always blocks all incoming IPv6 traffic. Boo.

The only configurations that work when using AT&T’s IPv6, are if you only have a single LAN (wasting the other 15 subnets they allocate everyone), and rely on their gateway to be your sole firewall, or if you setup a transparent, bridging firewall, instead of a routing firewall. The latter is much harder, and while I had it working, I was not happy with the complexity, and just a single lan.

I ended up shutting off AT&T’s IPv6, and setting up my own 6to4 tunnel to Hurricane Electric, who allocated me an enormous /48 network (65k subnets). They also let me setup my own reverse DNS server. Works like a champ. And since the tunnel terminates at my own firewall, I get to control what is allowed in.

The more I use IPv6, the more I like it. I wonder how long before we stop running dual-stack systems?

Home routers under attack in ongoing malvertisement blitz

I disagree with the description of this using a technique called Steganography, which is the art of hiding something inside something else, such as an encrypted file in a JPEG image. Steganography is used to transport information secretly. This is just plain buffer overruns in internal browser or os code. They aren’t “hiding” the exploit in the graphic, they are using corrupt graphic data to exploit a software bug.

I doubt it actually displays a graphic image, such that people who aren’t infected don’t notice a problem. If it does, then I guess this description would be correct. But steganography usually betrays itself in the size of the container, because they are usually much larger than a “normal” container.

If you ask me, this kind of blanket attack is very likely to succeed in a large number of cases. Way too many people think they are not rich and interesting enough for crackers to steal their money, but they’re wrong.

This is why my firewall protects my router from internal threats, in addition to external threats. You never know when you’ll be tricked into clicking something malicious. It’s fascinating how many devices do try to connect to the router.

DNSChanger causes network computers to visit fraudulent domains.

Source: Home routers under attack in ongoing malvertisement blitz

Wisdom for the “post-fact” world

“Scientific evidence does not rely on trusting the authority of the person who made the discovery,” team member Angela Attwood, a psychology professor at the University of Bristol, said in a statement “Rather, credibility accumulates through independent replication and elaboration of the ideas and evidence.”

BBC – Future – Why vitamin pills don’t work, and may be bad for you

We dose up on antioxidants as if they are the elixir of life. At best, many of these supplements are ineffective. At worse, they may just send you to an early grave.

Source: BBC – Future – Why vitamin pills don’t work, and may be bad for you

HDHomeRun Connect was so easy to setup

If you are looking to cut the cord, consider getting a 2-tuner HDHomeRun Connect and a tv antenna and using the Kodi app to watch and record live broadcast TV.

You just connect the antenna, an ethernet cable, and power, and any device on your LAN or wifi can get up to 2 channels of Live TV in the free Kodi app on your Roku, Raspberry Pi entertainment center server, laptop, tablet and/or phone.

Just add more HDHomeRun Connect boxes anywhere in the house and clients find them all automatically, and can watch live and record more channels simultaneously. Hardware setup was incredibly painless and automatic. Kodi setup isn’t hard, but may require a little googling and youtube video watching before you figure it all out. There are pre-built Raspberry Pi images available to make a Kodi Entertainment Center. Add USB2 hard drives to the Pi and it can start recording Live TV today. Add a Roku or Raspberry Pi to each television set in the house, and any location can watch any recording or live channel anywhere on the home LAN.

Very slick.