-
Finally getting around to upgrading my home server from Debian bookworm (12/oldstable) to trixie (13/stable).
`apt upgrade --without-new-pkgs` went smoothly enough, just a few config files with local tweaks.
Currently wishing I had FTTP for the `apt full-upgrade` downloads. I'm "languishing on only 80Mbps FTTC".
I expect to have some issues to sort out once this bit is done, and I still need to re-activate/update my third-party repositories....
-
FWIW I just used https://calculator-apps.com/networking-calculators/mtu-mss-calculator to calculate 'proper' MTU/MSS values for my ip(6)tables rules.
Being paranoid about TCP Timestamps and SACK that's 1420 and 1440. I've set those and will need to remember to check if I see any weird issues....
-
Well, now I feel stupid. I finally figured out why, since upgrading to Debian 13/trixie, there are some websites I couldn't connect to, but only over IPv6, they work fine on their IPv4 address.
Fucking MTU.
I'd for a long time had an IPv4 iptables rule to force the MSS (maximum segment size) on outbound packets to `1400`. But I never put in an equivalent for IPv6.
I use 'jumbo packets' on the LAN between desktop and server, which means an MTU of 4088 (for that pair of NICs). So anything forwarded out was using an MSS of 4088 as well.
The issue only showed up for *some* sites, and only for IPv6, and only on 13/trixie because:
1. 13/trixie uses openssl 3.x, not the older version, which has slightly different cipher suites etc in the default config.
2. IPv6 addressing makes packets that little bit bigger.
3. I've only ever observed the issue with MS Azure/Edge hosts.What was happening was that the first part of the "Server Hello" after a "Change Cipher Spec, Client Hello" from my end was being lost, as the TCP level packet was too large and fragmented... but the first fragment was too large for my PPP link.
So, added an ip6tables rule to do the set-mss thing as well, and now it works.
-
About fucking time... Android finally doing proper DHCPv6. When this is live on my phone I can turn off SLAAC, and not have Windows insist on using it (yes, there's meant to be ways to stop Windows from using SLAAC, so it only uses DHCPv6, but I never saw any of them work). *I* don't want 'random' addresses, I want predictable ones for firewalling and ACLs: https://android-developers.googleblog.com/2025/09/simplifying-advanced-networking-with.html?m=1
-
For some reason a LOT of Microsoft-tagged (whois) IPs are **very** interested in the query "IN ANY fysh.org".
I'm seeing *thousands* of TCP connections to the name server at once, all for that same query.
I'm still going through the list of IPs from about 30 minutes ago, but so far whois is mostly saying "Microsoft", sometimes with a "cloud" tag. There's one bunch of Google in there too, but for all I know they're just because the MSFT ones are causing a lot of:
named[2218860]: Accepting TCP connection failed: quota reached
So, are Microsoft cloud IPs known to do something like this, perhaps some web scraper gone wrong? Or is someone leveraging Azure for some sort of DoS attack ? It's not *incredibly* effective if so, no immediate sign of other issues with fysh.org services, but I've not gotten to checking that in detail yet.
-
A question relating to VR use for people with an optical prescription has had me realise that I might have missed the time window for when I'd have been able to enjoy it.
I've had myopia, increasingly so, since age ~10.
For the past 5+ years I've also had presbyopia (where your eye's lenses stiffen as you age, reducing your focal range).
I mostly wear my "intermediate" glasses around home, as I spend most of my time at the computer. With these I can comfortably focus from around 20cm away up to maybe 2 metres.
I have a pair of varifocals as well for "out and about". They do *not* work for close up other than something I'm holding low in my vision because I have to be looking out the very bottom of the lenses, and that would mean tilting my head back uncomfortably for viewing a screen around stretch-out-arm fingertip distance away.
So, any VR is going to have a mix of close up and distance things rendered, yes ? I'm only going to be able to focus on some of that. And given it's whole-scene, and moving my head moves the entire point of view, varifocals wouldn't help. There's no sort of correction that would address this.
So, it's likely a waste of time me even thinking about VR now.
-
It turns out this, and the "oh actually it's this" I later found are/were spam/impersonator accounts relaying the actual stream. See replies below. The rest of my original toot, slightly edited, continues below:
Re: that #Ariane6 launch today (18:00 UTC)... the #ESA YouTube stream is ... having issues. Keeps going to a:
Stream unavailable
Stream suspended for policy violationsscreen. Although all it's playing, when it works, currently is a loop of a 'trailer' for the launch/rocket.
This was at https[:]//www[.]youtube[.]com/watch?v=o4zk5WZSpOg
I guess I may well end up watching the #EverydayAstronaut stream instead, which is at https://www.youtube.com/watch?v=z1WGk5XSNXk
-
I've just signed this petition from the Electoral Reform Society to change the voting system in the UK to be fairer and more representative:
https://www.electoral-reform.org.uk/campaigns/electoral-reform/
Yes, we had a chance at this with a referendum in 2011, but that just means it's time to bring this up again.
Especially in light of the rise of smaller parties, and some independent candidates, in the 2024 #GeneralElectionUK it's high time voters had a better guarantee of proper representation.