> this could invalidate the information contained in that in the man file.
No, it doesn't. The point of modetc is precisely keep both myself and the programs happy: the files are actually stored where I like to keep them, but they can be accessed as if they were stored where the developer intended.
Well, it's just the natural extension of the FHS convention to the home directory.
I didn't come up with this idea, though, I think I saw this in a reddit thread and started doing it myself: I like that the directories are visible and follow the usual structure.
Why not push it under a hidden directory? Like ~/.local/etc? If we're reconstructing some of the hierarchy I think it makes sense to group and hide. Isn't the problem that the home folder is getting cluttered?
Why would I hide them? They're not really special and since I'm organising them with modetc they're not cluttered.
For reference, my home looks something like this
~
├── bin binaries and scripts
├── etc configuration files
├── var
│ ├── lib program data
│ └── cache program caches
├── src git repositories
├── img pictures
├── mail email in maildir format
├── note text notes, todo
├── doc documents
└── down downloads
I mean we hide in the first place because configs and we don't want to clutter
But more I was thinking that having ~/bin ~/etc ~/src and so on is just clutter. I use ~/.local/{bin,build,lib} so it's compact and reduces clutter in my home
Hi, author here: whether it's a valid use case depends on your level of OCD, but the difference compared to symlinks or bind mounts is that you will have a clean home: e.g. `ls -la` won't show any "hidden" files.
Also, completely unrelated to my motivation, someone pointed out that modetc could be used to quickly hotfix packages built with Nix.
Say that you need to fix a CVE in openssl, normally that would require to rebuild all dependent packages, which takes a long time. Instead with something like modetc you could build just openssl and rewrite /nix/store/<hash>-openssl-3.6.0/ -> /nix/store/<hash>-openssl-3.6.0-hotfix/.
Another application might be replacing some configuration file with placeholders for secrets, with one file with the secrets substituted in, without having to modify it in place, possibly only for a specific UID. This is something you might find useful on NixOS.
Ok, I'll bite: why do you say that IPv6 lacking NAT (which is not true by the way) would be annoying? We can finally get rid of an ugly workaround from 30 years ago that broke one core principle of the Internet (end-to-end connectivity) and a ton of protocols that required even uglier hacks (FTP and SIP ALGs, TURN/STUN, etc.) to barely work. Why would this be annoying?
At my previous place IPv6 was useable (I was getting /60 prefix rather than /64 I’m getting now) but the prefix was changing often - several times per day. This was annoying because every prefix change all addresses of my devices changed too. So in practice I always used private IPv4 addresses to connect to them.
A NAT would solve this issue.
Well, delegated IPv6 prefixes are supposed[1] to be static or somewhat persistent, but some ISPs do this, yes. This is most likely a practice carried over from IPv4 where there is a small pool of addresses. Fortunately in my experience it's not too common: most ISPs that deployed IPv6 did it the right way.
Anyway, to get persistent addresses you can set up a ULA prefix (the equivalent of RFC 1918 addresses) and a simple prefix translation[3]. This is a form of NAT, but unlike the usual IPv4 NAT (actually NAPT) it doesn't deal with ports, so it's slightly less annoying problematic. There also are a few more techniques, like using mDNS and writing firewall rules that match the suffix of the client addresses, but not many CPE allows for this.
Right, the ULA prefix theoretically has lower preference, so it should only be selected to reach hosts in the LAN and the GUA for everything else, but I don't know how well softwares handle this in practice.
Source address selection is usually left to the kernel, so that part should be okay. It'll pick a GUA source for a GUA destination unless you've changed the labels with `ip addrlabel`.
Well, you're not supposed to use Tor from browsers that don't explicitly support it. Tor Browser, Brave, and I'm sure some others really wouldn't mind HTTP hidden service traffic.
I didn't know BSD had an IPv4/IPv6 translation mechanism built-in. On Linux the state of the art seems to be Jool[1], which is unfortunately an out-of-tree kernel module. IIUC, they currently share the limitation of not being able to translate locally-originated packets, which can be annoying unless you have a machine to dedicate to the translation.
Wait this looks interesting. I am a biologist so I might get the terminology wrong. Would this allow me to run a ipv4 to ipv6 and back service?
I got some services with only ipv6 addresses and want clients with only ipv4 (sadly still exists) to at least be able to reach them. So could I dedicate a machine to translating for them using this tool?
Yes, translating packets between IPv6 and IPv4 is precisely what Jool does.
From what you're describing I think you have to options: if you have enough IPv4 addresses at your disposal to cover your IPv6-only machines, you can use the so called "SIIT-DC" mode [1].
Otherwise, if you have less IPv4 addresses, say just one on your router, and multiple IPv6 machine you can setup a stateful NAT64 [2] with some static BIB entries. NAT64 is basically the familiar NAT, just with IPv6 in the LAN instead of private IPv4 addresses (say 192.168.1.0), and static BIB entries are the equivalent of port forwarding.
In this case you would run Jool on your router.
I am using socat right now to achieve this translation but it is rather slow. So o hope a proper solution using tool might be more powerful. But it seems it requires at least a bit more networking insight than what I have at this moment.
It's an opportunity to learn something new for me
Right now I simply rent a hetzner machine including a v4 ip to route the traffic to my V6 services.
However, I personally would just do it in userspace, especially for that simple of a use. I'm doing the opposite; I have a webapp that somehow doesn't handle IPv6, so to access it over a pure-v6 network I just run this on the same host:
socat TCP6-LISTEN:8002,fork TCP4:127.0.0.1:8000
I believe you could trivially reverse this;
socat TCP4-LISTEN:8002,fork TCP6:[::1]:8000
should serve [::1]:8000 as 0.0.0.0:8002 (I don't remember if changing ports was strictly required; that may be a quirk of my exact setup).
The point of Jool and similar tools (there is also one called Tayga that runs in userspace, if you want) is to translate network traffic between multiple hosts, where some only have IPv6 and others only IPv4 addresses.
If your machine has both IPv6 and IPv4 addresses you don't need to any translation.
I interpreted "services with only IPv6 addresses" as IPv6-only servers, in which case some sort of translation is needed, but if these are just processes in a dual stack server, then yes.
6to4 solves a different problem: it's a way to provide IPv6 internet access to some host with only IPv4 internet access. It's basically a VPN you need to configure on the client.
NAT64 and SIIT (what Jool and af-to are implementing) instead are a way to let (potentially) any IPv4-only client to connect to some IPv6-only machine you control. The client need to be aware its actually talking to an IPv6 machine, because there is a translator (typicall a router between them) that transparently translate the packet so they understand each other.
As much as Americans like to think everything is about America, I doubt this is somehow connected. These goverment-appointed officials, like the Secretary General of the Privacy Watchdog, tend to be incompetent and corrupt buffoons.
Just two months ago, the previous Secretary General was forced to resign[1] after he tried to spy on his own employees in a botched attempt to find a whistle-blower that had exposed his corruption. He couldn't get away with it only because the head of IT (who he ordered to carry out the actual spying) happened to be the son-in-law of the President of the Republic, which is practically the last remaining institution with some integrity in the political landscape.
To understand the magnitude of the incompetence of that fool, just know that he had asked IT to retrieve employees access logs and all emails for the past 25 years (hundreds of TB of data) and put them on a DVD so he could check them out [2].
I mean in a normal math curriculum you would define only the multiplicative inverse and then there is a separate way to define fraction, if you start out with certain rings. It is kind of surprising to me that they did a lazy definition of division.
No, it doesn't. The point of modetc is precisely keep both myself and the programs happy: the files are actually stored where I like to keep them, but they can be accessed as if they were stored where the developer intended.
reply