New SystemD Vulnerability Discovered (theregister.co.uk) 204
The Register reports that a new security bug in systemd "can be exploited over the network to, at best, potentially crash a vulnerable Linux machine, or, at worst, execute malicious code on the box" by a malicious host on the same network segment as the victim. According to one Red Hat security engineer, "An attacker could exploit this via malicious DHCP server to corrupt heap memory on client machines, resulting in a denial of service or potential code execution." According to the bug description, systemd-networkd "contains a DHCPv6 client which is written from scratch and can be spawned automatically on managed interfaces when IPv6 router advertisements are received."
OneHundredAndTen shared this article from the Register: In addition to Ubuntu and Red Hat Enterprise Linux, systemd has been adopted as a service manager for Debian, Fedora, CoreOS, Mint, and SUSE Linux Enterprise Server. We're told RHEL 7, at least, does not use the vulnerable component by default.
Systemd creator Leonard Poettering has already published a security fix for the vulnerable component -- this should be weaving its way into distros as we type. If you run a systemd-based Linux system, and rely on systemd-networkd, update your operating system as soon as you can to pick up the fix when available and as necessary.
OneHundredAndTen shared this article from the Register: In addition to Ubuntu and Red Hat Enterprise Linux, systemd has been adopted as a service manager for Debian, Fedora, CoreOS, Mint, and SUSE Linux Enterprise Server. We're told RHEL 7, at least, does not use the vulnerable component by default.
Systemd creator Leonard Poettering has already published a security fix for the vulnerable component -- this should be weaving its way into distros as we type. If you run a systemd-based Linux system, and rely on systemd-networkd, update your operating system as soon as you can to pick up the fix when available and as necessary.
Really, is anyone surprised? (Score:5, Insightful)
Re: Really, is anyone surprised? (Score:5, Funny)
New SystemD Vulnerability Discovered...
The vulnerability they discovered... was SystemD. It's recursive or a paradox or something. Either way, very fascinating...
Re: (Score:2)
The majority opposition to it should have been a clue.
Nothing at all surprising about this.
Re: (Score:1)
They don't run the modules on privilege-separated processes with minimal privileges?!
Re: (Score:2)
SIOCSIFADDR SIOCSIFFLAGS SIOCSIFFLAGS and Opening a socket for LPF requires root... unless you do this "sudo setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW=+ep" which no one does, because every upgrade they would have to reset the cap
So yes the client and the server have to run as root, you would think because they are reinventing the wheel here, they would fix this so it can be run be a user with minimal privileges, so even if a bug like this does happen, they are still limited to what they can do.
Re: (Score:1)
That this is not a weekly occurance. (Well, weekly Public occurance...)
Re: (Score:2)
This is what happens when you reinvent everything you possible can, just 'cuz' but to put the icing on the cake, you run everything as root when you do it...
Just imagine what they'd say if it had 12 intentional exploits added! Planet Neckbeard would assplode, probably wipe out the entire Klingon-speaking population of this galaxy.
Re: (Score:2)
This is what happens when you reinvent everything you possible can
New software has bugs? ZOMG someone stop the presses, we need to tell EVERYONE.
just 'cuz'
just 'cuz' the old init system didn't meet the requirements set out by a modern OS and there have been no less than 15 other projects attempting to replace it already. But hey, one of them gained traction, so let's pick on that one.
Re:Really, is anyone surprised? (Score:5, Insightful)
That's the thing, isn't it? The millionth windows vulnerability and still saying "well any code has bugs". Sure it does. But the rebuttal is essentially saying that all code is created equal. That's just not true. Some code is very much more equal than others.
This guy doesn't merely write crap code, he has a track record of not playing well with others, refusing to acknowledge bugs, expecting other software projects to work around and make up for his mistakes, and so on, and so forth. Next to his track record, there are multiple reasons why his code has more and more pernicious bugs than other code. One of the reasons is as GP says: The code tries to do too much and fails to make use of built-in fall-out protection, deliberately. That's just stupid. The guy has been told, and he still thinks it's a good idea. He really believes his shit does not stink. Ergo, the guy is stupid, as well as an asshole.
If I get a choice at all, it is clear: I do not want any of his code running on my systems if I can at all help it.
Re:Really, is anyone surprised? (Score:5, Insightful)
This guy doesn't merely write crap code, he has a track record of not playing well with others, refusing to acknowledge bugs, expecting other software projects to work around and make up for his mistakes, and so on, and so forth.
All of that's a valid reason for not liking SystemD, and touches on my own dislike for it as well. However, the fact that it had a vulnerability in it isn't a good reason to dislike it for the sake of that reason alone, unless you're willing to dislike any other software that has had a vulnerability equally much. Don't conflate dislike of a thing for valid reasons with reasons that you wouldn't use or apply in other cases.
To put it another way, if you found out that a person you already disliked once ran over someone's dog, you might use that act itself to condemn them as a terrible person. However, it's unlikely that if your friend ran over someone's dog that you'd think using that act to condemn them as a terrible person would be justified. If you want to think less of a person for running over a dog, do it in equal amounts irrespective of how you felt about that person prior to them running over someone's dog.
That's the thing, isn't it? The millionth windows vulnerability and still saying "well any code has bugs". Sure it does. But the rebuttal is essentially saying that all code is created equal.
It obviously isn't, and I don't think anyone would honestly argue that all code (or designs, or programmers, etc.) is equal with a straight face. No one's forcing anyone to use crap code, especially in the open source community. If this were Windows, you'd just be stuck with it like all of the other crap that Microsoft has shoved off on people over the years.
Re: (Score:2)
However, the fact that it had a vulnerability in it isn't a good reason to dislike it for the sake of that reason alone, unless you're willing to dislike any other software that has had a vulnerability equally much.
I think you are missing that any vulnerability in SystemD is a root level vulnerability. That also goes for its "modules". The blindness and arrogance evident in the main component allows for misplaced trust in its modules, so if you can violate any of the "modules", you can violate the system as a whole.
There is a reason organic life expresses great variation, even within species. But yeah, SystemD will be the one thing in the universe to find security without variation.
Re: (Score:2)
> Get me a poettering-free linux with a non-stupid X and a decent
> browser. Can you do it with an established distribution at all or
> is it linux-from-scratch time with a whole lot of work tacked on top?
Gentoo https://gentoo.org/get-started... [gentoo.org] has systemd as an option, not a requirement. If that's too much like LFS for you, there's Devuan https://devuan.org/ [devuan.org] which was forked from Debian. Like Debian, it is also the base for several specialized spin-offs https://devuan.org/os/partners... [devuan.org]
Re: (Score:2)
Just one data point chiming in, I've been running Devuan at home and at work, as well on a few machines that I admin (friends, parents), it's solid.
It's almost as if someone had taken Debian and removed systemd from it, as well as compiling out the systemd dependencies of a few packages. Oh wait.
Re:Really, is anyone surprised? (Score:5, Insightful)
The code tries to do too much and fails to make use of built-in fall-out protection, deliberately. That's just stupid. The guy has been told, and he still thinks it's a good idea. He really believes his shit does not stink. Ergo, the guy is stupid, as well as an asshole.
All classical beginner's mistakes. This guy is not a beginner, but still makes bad beginner's mistakes. Because of his unlimited arrogance, he does not learn. Classical Dunning-Kruger sufferer. Now how anybody ever thought using code from this person was a good idea is beyond me.
We can also expect this stuff to go bad exceptionally fast when Poettering loses interest, as the code is too complex and to badly documented to be maintainable.
If I get a choice at all, it is clear: I do not want any of his code running on my systems if I can at all help it.
Depending on the defaults, I either rip this crap out after installation or do not install it in the first place. My employer does the same as a matter of policy. Has not caused any problems so far and probably prevented a ton of them. Usually the problems with systemd start right after installation for me, as I do have a network-setup that is not quite standard. The only other system that has these problems is Windows, and it has it to a lesser degree these days.
Re: (Score:3)
Although in this case the person responsible seems to be Patrik Flykt, who added the code with this commit about 4 years ago: https://github.com/systemd/sys... [github.com]
Poettering committed the fix.
Re: (Score:3)
This guy doesn't merely write crap code, he has a track record of not playing well with others, refusing to acknowledge bugs, expecting other software projects to work around and make up for his mistakes, and so on, and so forth.
Exaggerations aside, the key point is that even the best programmers with the best intent cannot reinvent the wheel without consequences. The motivation for reinventing the wheel is that the current code is ugly and hard to maintain. So off they go writing the replacement temple. What happens is that all the stuff that they thought was ugly was a bugfix or in another way necessary. Their temple grows ugly. The bugs were reinvented too.
Re:Really, is anyone surprised? (Score:5, Insightful)
While no one writes perfect code, when rewriting code for no good reason either then wanting to, the code itself should have at least be as good as the previous implementation, and as it stands dhclient6 and isc-dhcp-server do not have this problem.
I don't have a problem with SystemD, I have a problem with anyone who tries to modernize some software but doesn't take into account of why things were written the way they were in the fist place... it's like the DNS resolve bugs... had the developers even bothered to look into bind's history, they would have never made the same mistakes... why take 1 step forward and all the steps back, just to rewrite software that has worked in the first place? This goes for any project, not just SystemD, not just Wayland or any of the "next-generation"projects... all reincarnations of software should take into the account of the previous implementations bugs, doing anything else is completely irresponsible and childish on the developers part, it sends a massage of "I can write better code then you" while in reality making all the mistakes the previous implementation made and more.
This whole "I am better then thou" s**t should end, it only makes people look like idiots
Re: (Score:2)
when rewriting code for no good reason either then wanting to
You left out the bit where various distributions have been attempting to replace sysvinit with something workable for years due to its technical limitations.
This goes for any project, not just SystemD, not just Wayland or any of the "next-generation"projects... all reincarnations of software should take into the account of the previous implementations bugs
And yet we are discussing a bug that is due to functionality that doesn't exist in other implementations. It's easy to criticise repeating mistakes of the past until you look closely and realise that quite often the mistakes of the past weren't repeated, but rather implemented in a completely different way under a different scenario.
Re:Really, is anyone surprised? (Score:5, Informative)
Re: (Score:2)
Re: (Score:2)
Which is why rewriting basic system utilities from scratch, repeatedly, instead of relying on the battle-hardened code which has already had its fair share of vulnerabilities exploited and patched over a long lifespan, is likely to increase the attack surface.
systemd's apparent need to replace/rewrite basic system utilities which have worked for decades (in some cases) and don't need changing IS part of the problem.
First of many (Score:5, Insightful)
This is the tip of the iceburg as more spaghetti code will be found. Tell me again why a startup manager also does DNS resolution?
Re: (Score:3)
I imagine, in Poettering’s long-term plan, systemd is eventually going to include its own X server and its own graphical desktop manager.
Wish I was joking.
Re: (Score:2)
Re:First of many (Score:5, Informative)
It's worse than just doing DNS resolution.
It has a hardcoded fallback to Google's servers:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761658
In spite of repeated explanations about why that is a horrid idea, the maintainers chose to ignore all the objections and proceed full steam ahead.
Re: (Score:2)
It's worse than just doing DNS resolution.
It has a hardcoded fallback to Google's servers:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761658
In spite of repeated explanations about why that is a horrid idea, the maintainers chose to ignore all the objections and proceed full steam ahead.
It is mind blowing to read that to begin with but what was worse is reading the refusal to acknowledge the privacy issue and fix it.
Re:First of many (Score:5, Insightful)
Fascinating. Hardcoded defaults like that are a catastrophe in the making and are only done by complete and utter amateurs with no experience.
Re: (Score:2)
are only done by complete and utter amateurs with no experience.
Idiots, maybe. Reckless people, definitely. But calling the person whose code has for many years now underpinned core functionality of multiple distributions "amateur with no experience" is a self defeating insult.
Re: (Score:3)
The thing about Poettering is apparently that he has not acquired any experience in all these years and still only qualifies as an amateur. It is pretty surprising how somebody can be that resistant to learning. So, no, not "self defeating", just accurate in describing his capabilities, if not his history.
Re: (Score:2)
The thing about Poettering is apparently that he has not acquired any experience in all these years and still only qualifies as an amateur.
On account of the fact that he is both paid for his work and continues to do it your insult remains self-defeating. Common pick something more appropriate.
Re: (Score:3)
I was commenting on demonstrated skill-level, not employment history. I am well aware were he works.
Re: (Score:3)
I think it strongly implies something very specific. But good to know, so I will continue to ignore Docker.
Re: (Score:2)
Fascinating. That is probably the most stupid thing I have heard in some time with regards to security.
Re: (Score:3)
Because the designer is a smart moron that does not learn and never grasped why KISS is so essential to all good engineering. An amateur at work.
Re: (Score:2)
My apologies. I will instead call him an utter incompetent then. Better?
QA nightmare (Score:2)
This is the tip of the iceburg as more spaghetti code will be found. Tell me again why a startup manager also does DNS resolution?
I've been in software QA since '93 and a *nix user just as long... here's where there is real danger in systemd. Because the more complex, intertwined, and less elegant the codebase, the more likely fixing bugs will introduce or uncover more. People have always ignored this aspect of the *nix philosophy, or rather maybe just inherently understood it. I don't know how many times over the years I have seen a bugfix cause havoc in a monolithic spaghetti codebase. Then of course, you try to quickly fix thos
Re: (Score:2)
Hi Poettering.
Re: (Score:2)
Silly me thinking the kernel handled network connections...
Re: First of many (Score:2)
Found the Ubuntu release-namer reject.
Slackware: not affected. (Score:5, Insightful)
Slackware does not use systemd and therefore is not affected by this vulnerability.
At least in this case, the KISS philosophy paid well.
Re: Slackware: not affected. (Score:4, Funny)
It's a relief to hear that all four of you are safe.
Re: Slackware: not affected. (Score:4, Funny)
I'm offended, there are six of us.
Re: (Score:2)
Re:Slackware: not affected. (Score:5, Informative)
I used Debian for over a decade before systemd and loved it. I'm not qualified to judge the merits of systemd, but when it was brought into Debian many things I was used to were suddenly different, with knowledge I learned over the years no longer of value. I don't mind learning new things, but I don't like them foisted on me gratuitously for no reason, especially since I had a lot more important stuff going on at the time.
I switched my server to Devuan and am extremely happy with it. It was a breath of fresh air to see what I thought of as "Debian" back again. So far I've had zero problems, from installation to daily use, and I don't expect I will use Debian again.
Re: (Score:3)
I am currently still with Debian and just rip out the cancer. When that stops working, I will move to Devuan.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Slackware does not use systemd and therefore is not affected by this vulnerability.
Ubuntu uses systemd and like all other reasonable distributions patched the bug straight away and is therefore not affected by this vulnerability.
Laughs (Score:3)
Goes back to working on some FreeBSD vms.
Re: (Score:3)
Goes back to working on some FreeBSD vms.
I'll just leave this here https://www.cvedetails.com/vul... [cvedetails.com]
Re: (Score:2)
*Laughs* Goes back to working on some 300+ Slackware VMs.
BTW, the site only lists 2 vulnerabilities for CentOS since 2012, so I don't think it uses as complete a dataset as you think. As an example there has been at least 10 high severity OpenSSL vulnerabilities which affected CentOS since 2012 and neither of the 2 CentOS vulnerabilities listed on site you provided are for OpenSSL packages.
Re: (Score:2)
*Laughs* Goes back to working on some 300+ Slackware VMs.
BTW, the site only lists 2 vulnerabilities for CentOS since 2012, so I don't think it uses as complete a dataset as you think. As an example there has been at least 10 high severity OpenSSL vulnerabilities which affected CentOS since 2012 and neither of the 2 CentOS vulnerabilities listed on site you provided are for OpenSSL packages.
Whoosh. Your "Ermagherd. I use FreeBSD so I am superior and safe" is just the opposite side of the coin of the Windows fanbois who strut around like cock-a-whoops when some other OS has any vulnerability at all, as if a few is somehow the equivalent of the hella batch of Windows problems.
So anyhow, if you want to believe that you are immune from the problems that us Proles have, by all means, crack open a cold one, and toast your wisdom in picking the system that is safe. Laugh away.
Re: (Score:1)
Re: (Score:1)
None of the vulnerabilities listed which are against currently supported versions of FreeBSD allow the attacker to gain access level, unlike this SystemD bug.
Well then FreeBSD is impervious to attack, and will never suffer. I don't care what the dates are, Im tryingf to impress you with the fact that laughing at other vulnerabilities is the old pride goeth before a fall. But don't let me stop you. Most of the FreeBSD users I've met have a nasty whiff of superiority. Doesn't really smell all that good.
Seriously, are you FreeBSD users so arrogant that you refuse to believe your vaunted OS can be compromised? And if yo udon't understand or get that, well good on
Re: (Score:2)
We feel superior because we fucking are.
Now I can laugh.
Our code is hardened and written with security in mind. Can you say that about your OS?
You and your attitude of imperviousness would get your ass fired if you worked for me. Not that you'd care - a superior being like yourself will be commanding 8 or more figures since you use an impervious OS.
Meanwhile - thanks for the LuLz Coward!
Re: (Score:2)
Devuan! (Score:2, Informative)
one more reason to run Devuan!
Oh Pottering. (Score:5, Interesting)
I am not sure I'd consider this much of a problem. Yeah, it's a UNIX pitfall, but "rm -rf /foo/.*" will work the exact same way, no?
tmpfiles: R! /dir/.* destroys root [github.com]
Yes, as you found out "0day" is not a valid username. I wonder which tool permitted you to create it in the first place. Note that not permitting numeric first characters is done on purpose: to avoid ambiguities between numeric UID and textual user names.
So, yeah, I don't think there's anything to fix in systemd here. I understand this is annoying, but still: the username is clearly not valid.
systemd can't handle the process previlege that belongs to user name startswith number, such as 0day [github.com]
I tested Ubuntu, Debian, FreeBSD, and OpenSolaris, 0day is a perfectly valid username.
How did anyone that lacked that much understanding about UNIX get in charge of the init system?
Re: (Score:1)
how is it that many of the major Linux distributions picked up systemd?
Not only was it a terrible idea, but people who should know better put it into their systems knowing it was a terrible idea.
Re: (Score:2)
This is actually the question that's asking for an answer.
People develop shabby software for Linux all the time. That happens daily, multiple times. For every good project there's at least 100 crappy ones. So it should be no surprise that there is of course also a crappy init process.
The actual question is why it became the go-to init process for all major distributions.
Re:Oh Pottering. (Score:5, Informative)
Yes, as you found out "0day" is not a valid username.
I tested Ubuntu, Debian, FreeBSD, and OpenSolaris, 0day is a perfectly valid username.
Oh it's more than just that, I checked the POSIX standard and this rule of his is entirely invented.
per the POSIX standard: [opengroup.org]
A string that is used to identify a user; see also User Database. To be portable across systems conforming to POSIX.1-2017, the value is composed of characters from the portable filename character set. The <hyphen-minus> character should not be used as the first character of a portable user name.
so what's the portable filename character set? [opengroup.org]
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 . _ -
What's this mean? On POSIX your username can be "007", "4-8_" or "._-" if you want it to be.
Lennart is full of shit and cannot admit he didn't even consider the standard when designing systemd.
You can have my Devuan.... (Score:2)
when you pry it out of my cold dead hands.
So glad I ditched SystemD distros for my servers....
SystemD reminds me of all the old Emacs jokes (Score:2)
Emacs was said to be a perfectly good OS with built-in text editor.
When handling modular software, one module should do one thing and do it well, but the framework is responsible for ensuring deadlocks, crashes and security defects are confined to the module suffering them. Do that and it doesn't matter how buggy a component is, there's no contagion.
Give OpenBSD a shot! (Score:2)
Re: (Score:1)
One of the less appreciated aspects of OpenBSD is the quality of its documentation. They spend an enormous amount of effort to make the manual pages a complete, definitive, and readable reference for the system.
Countless times I've solved a problem or performed a new task in OpenBSD only by consulting manpages, where in other systems I would be searching stackoverflow, reading an out of date random howto, or checking some shitty web forum. Until you've experienced it you don't know how much time that saves.
Re: (Score:2)
Inteded behavior (Score:1)
Won't fix. Just like all other systemd bugs.
Re: (Score:3)
Won't use. I do not want to have anything to do with systemd, or Lennart Poettering, if I can help it. I am very happy with Devuan.
Re: (Score:2)
Because gnome practically requires it at this point. Several distros tried various workarounds to stay systemd free, but Gnome went out of their way to break them. Eventually the distros gave in because it was too hard, but they wanted gnome support to avoid pissing off users.
Which just raises the question of why Gnome wanted systemd
Re: (Score:2)
Cause Red Hat is a big benefactor.
I figured it out. (Score:2)
It's not re-inventing that they keep doing.
It's laziness.
"Why do I have to READ someone ELSE's manual and learn some large API I can't easily understand... when I could do something FUN like parse XML's using regular expressions!"
Re: (Score:3)
The hallmark of utter amateurs. All great engineers stand on the shoulders of giants. These here crawl in the mud while congratulating themselves how great they are.
Re: (Score:2)
Re: (Score:2)
That was the joke. :P
Re: (Score:2)
Re: (Score:2)
use www.devuan.org (Score:3)
It has been done to avoid all of this.
Support and donate, otherwise the systemd cancer will kill Linux
This was the plan all along
martin f krafft has some crazy ideas (Score:2)
I was reading through the discussion on the Debian bug site [debian.org] and Martin has some crazy ideas. He thinks that eventually the default mail router should be gmail and that /etc/resolv.conf will be removed.
Re: When was last time (Score:2)
The best possible/the most secure - these are relative concepts, not absolute.
Besides, systemd is no more Linux than Emacs or KDE.
Re: This is why ipv6 should be disabled by default (Score:3)
IPv6 should be the only protocol running. Your router can transparently convert to legacy formats.
Re: (Score:2)
Alternatively, I can still just give the finger to IPv6 and block it completely and be rid of the complexity it brings. Yes, I have several static IPv4 addresses.
Re: This is why ipv6 should be disabled by defaul (Score:2)
There is no extra complexity.
Fields are properly aligned and have fixed meaning, making processing easier.
Routing is strictly hierarchical, so only four bytes need ever be examined - same as IPv4.
The header has a much simpler structure.
Addresses are (protocol):(location):(unique identifier). How much simpler can you get? Technically, all you have is the identifier, which you can take between ISPs that have IPv6 correctly configured. This guarantees mobility between ISPs without losing connection.
Configuring
Re: (Score:2)
If that is your level of insight, I should probably give you the finger as well....
Re: (Score:2)
This is one of the things that drives me nuts about IPv6 proponents. They go all crazy defensive if you criticize anything about their protocol, even when the criticism is fair. I haven't seen anything from you that isn't fair and I have seen the opposite from jd.
It's a fact that IPv6 is much more complicated than IPv4.I would have just made a new protocol that corrected IPv4's mistakes, addresses would be 64bit long and used CIDR notation. Broadcast would have been kept since it's stupid simple to use the
Re: (Score:2)
This is one of the things that drives me nuts about IPv6 proponents. They go all crazy defensive if you criticize anything about their protocol, even when the criticism is fair. I haven't seen anything from you that isn't fair and I have seen the opposite from jd.
Thanks.
It's a fact that IPv6 is much more complicated than IPv4.I would have just made a new protocol that corrected IPv4's mistakes, addresses would be 64bit long and used CIDR notation. Broadcast would have been kept since it's stupid simple to use the last address, with all FF's for the MAC. DHCP would still exist and would be the main way for a dynamic addresses would be assigned Dhcpv6 has a cool feature, a router can request to get a routable subnet.
IPv6 has two main mistakes. Trying to do too much for the layer it is in the network stack, and not learning from past mistakes.
Indeed. Beginners mistakes. Brooks calls this "The Second System Effect". We are seeing a lot of that on the IT world.
They should basically just have extended the address range and kept everything essentially as it is with IPv4, as IPv4 is not broken.
Re: This is why ipv6 should be disabled by defaul (Score:2)
Exactly ipv4 needed address extension and simplification. People have a hard enough time understanding VLANs and subnets. Let alone trying to figure out how to calculate how much I can works.
Re: (Score:2)
How is it not CIDR?
Name a complexity added.
You claim he's being reasonable but all I see is hand-waving, abuse and mysticism. Offer something solid or admit you can't.
I use the protocol. I use both. I have experience where all you offer is allegation. You want me to take you seriously? Offer a reason for your claim. A real reason.
Extended IPv4 was rejected for many good reasons. You never bothered to look them up, I see. I tend to listen to those who bother. Even if I disagree, I'll listen to those who both
Re: (Score:2)
I don't think you are quipped to understand my reasons. Sorry, KISS is for advanced players only. And no, experience does not make you an advanced player, what you learn from experience may or may not make you one. Hence I will not waste time on this and you get the satisfaction to cry "But you do not have any actual arguments!" loudly. I do not really care.
Re: This is why ipv6 should be disabled by defaul (Score:2)
I should add I've also several static IPv4 addresses, but also several IPv6 addresses since 1996. Please play again.
Re: (Score:2)
Re: (Score:2)
Only the utterly dumb equal "newer" with "better"...
Re: This is why ipv6 should be disabled by defaul (Score:2)
How is it a security nightmare? It's simpler and more secure. I should know, I was one of the earliest adopters.
Re: (Score:2)
If you have IPv6 correctly installed, all reconfiguration is strongly authenticated.
If you don't have it correctly installed, sounding like a defeated Joker won't fix your problems.
Re: (Score:2)
I'm atheist and don't give a damn about protocol religion.
Only thing that matters is facts. Fact is, it is simpler. The primary header has word-aligned headers with simpler semantics, and none of the semantics that complicates things about IPv4. One word does one thing and does it well.
You've offered no contradiction to this, just some mysticism. IPv6 is simpler because each piece does less and there are fewer mandatory pieces.
Re: (Score:3, Funny)
I pronounce it as "shit head".
Re: (Score:2)
Re: (Score:2)
The problem started with a group of SJW feminazis on Debian that couldn't code, that were given a megaphone. You can see how everything went downhill from there.
Re: (Score:2)
Cause it wasn't quite bad enough for systemF.
Close - but not quite there... yet.