| 21 Aug 2021 |
 6aa4fd | maybe I misunderstood your network topography | 02:58:23 |
 matthewcroughan - nix.zone | In reply to @6aa4fd:tchncs.de
BTW if you have a server center where you have ipv6 without HE, you don't need HE at home, you can just tunnel to that DC Tunnel to it how? | 02:58:37 |
| matthewcroughan - nix.zone | You mean use it as my ipv6 provider instead of hurricane electric? | 02:58:47 |
| 6aa4fd | In reply to @matthewcroughan:defenestrate.it
You mean use it as my ipv6 provider instead of hurricane electric? yeah. that is all you are paying he for, using their servers as endpoints | 02:59:21 |
| matthewcroughan - nix.zone | I suppose. Though I actually can't do that, because I don't have control over the network there. | 02:59:43 |
| matthewcroughan - nix.zone | Additionally, they only have a /64 block, so they can't actually do that. | 02:59:51 |
| 6aa4fd | a data center with only a /64? what a joke | 03:00:11 |
| matthewcroughan - nix.zone | Well, it's just a business connection. | 03:00:22 |
| matthewcroughan - nix.zone | BT (British Telecom) | 03:00:27 |
| 6aa4fd | that is like a v4 network with only one vlan | 03:00:30 |
| matthewcroughan - nix.zone | Yup :D | 03:00:35 |
| matthewcroughan - nix.zone | Horrible. | 03:00:36 |
| matthewcroughan - nix.zone | and the network administrator is a BOFH | 03:00:54 |
| 6aa4fd | do they just use Mac based firewalling? | 03:01:01 |
| matthewcroughan - nix.zone | Not sure about the firewall details, it's a free for all. | 03:01:18 |
| matthewcroughan - nix.zone | https://youtu.be/GE94BJg3U1Q | 03:01:26 |
| matthewcroughan - nix.zone | This video should explain it. | 03:01:28 |
| 6aa4fd | In reply to @matthewcroughan:defenestrate.it
Not sure about the firewall details, it's a free for all. time to get ya shit out brotha | 03:06:05 |
| matthewcroughan - nix.zone | I'm not that paranoid really. | 03:06:16 |
| 6aa4fd | anyways good luck with the tunnel, ping me if it hisses | 03:06:37 |
| matthewcroughan - nix.zone | A NixOS machine is a pretty good and secure internet facing base. | 03:06:39 |
| 6aa4fd | sure unless they get any user with read access | 03:07:00 |
| matthewcroughan - nix.zone | Only two users on the machine. Me and the other Administrator. | 03:07:31 |
| 6aa4fd | until we have granular store permissions its pretty dicey as production | 03:07:37 |
| matthewcroughan - nix.zone | Two users with a shell, and ssh access, ssh keys only. | 03:07:47 |
| matthewcroughan - nix.zone | In reply to @6aa4fd:tchncs.de
until we have granular store permissions its pretty dicey as production How do you figure? What does the store have to do with it? | 03:08:08 |
| matthewcroughan - nix.zone | Nothing sensitive is in the nix store. | 03:08:19 |
| 6aa4fd | yeah well if you don't expose anything but ssh, back ports are the only thing that matters, its not exactly a conpetjtkve field | 03:08:26 |
| 6aa4fd | well sure but a shit load of services you configure with the nix store do have write-sensitive information in the store | 03:09:10 |
| 6aa4fd | so not actually true, though it would be nice | 03:09:28 |
