bvanheu's comments

bvanheu · 2026-04-28T05:28:26 1777354106

that's the scenario they want to prevent. they can't force the client to use ipv4, if they connect via ipv6, they will be served an accss denied.

nine_k · 2026-04-28T06:16:33 1777356993

Yes, exactly as they would now, when the access over IPv6 is entirely unavailable.

With that, the customers who don't use filtering by IPv4 would be able to use IPv6. Those who do use access control by IPv4 ranges would have time to sort out their IPv6 setup, without having anything broken at the moment when IPv6 is enabled.

rincebrain · 2026-04-28T13:08:48 1777381728

No, if you have a dual-homed stack right now, and they only expose IPv4, you connect over IPv4, you don't attempt to connect over IPv6 and get connection denied.

That's rather the problem - there's no trivial way to mimic that policy transparently while enabling IPv6, because most stacks will default to using IPv6 if they're dual-homed and expose both, and won't fall back if IPv6 connects but gives an error. (Offhand, I think the best you could do would be to tell everyone that you're migrating to a new URI scheme to allow cloning, with IPv6 enabled, and that as part of that, you'll have to update your allow/deny rules, then, after a truly astonishingly long time and lots of nagging of anyone who never does it, make the old path an alias of the new one and let the last remaining people break.)

nine_k · 2026-04-28T15:43:49 1777391029

I suppose that customers who set up access controls based on IPv4 address ranges must be running an UPv4-first stack, most likely IPv4-only.

bvanheu · 2026-04-07T14:13:40 1775571220

"cancel" means cancel the last operation (e.g. "quit the program", "yes/no" is an action taken on the prompt.

Doxin · 2026-04-09T09:30:40 1775727040

I understand those prompts perfectly fine, but they are panic inducing for e.g. my mom who has about a 50% chance of clicking the wrong button and losing work.

bvanheu · 2026-03-31T22:28:52 1774996132

why would they need Copilot to insert ads on GitHub?

bvanheu · 2026-03-02T22:35:03 1772490903

thank you for sharing, I was trying to find something similar that explains why UTC everywhere is such a bad idea!

bvanheu · on March 19, 2023

Should Airbnb share all listings with cities so they can inspect buildings?

dazc · on March 19, 2023

Cities/local authorities, etc should be proactive in searching listing sites for obvious breaches, they shouldn't be reliant on private companies/individuals to hand-over information they are incentivised not to hand-over.

anonymouskimmer · on March 19, 2023

Then they also need to be charging these apps regulatory fees to cover the additional inspections.

dazc · on March 20, 2023

Good idea.

bvanheu · on Feb 3, 2022

I think dannyw meant something like this:

  # This function is defined by the system
  def validSignature(sig):
    return false

  # This function is defined by the system
  def isSignaturefromGuardian(sig):
    if sig.validator == "guardian":
      return true
    return false

  # A bug in the system compared both return values
  if validSignature(tx.sig) == signatureFromGuardian(tx.sig):
    approve()

```

bvanheu · on Nov 3, 2021

> (Looks like somebody picked up this particular example on HackerNews.)

Also looks like you are blogging about known stuff: https://isc.sans.edu/forums/diary/Correctly+Validating+IP+Ad...

jval43 · on Nov 3, 2021

It is the same topic, but OPs post goes into much more detail for the integer overflow example and a.b notation.