Posted on

MAC address to IPv6 link-local address online converter

The converter

It can also be addressed directly via:
https://ben.akrin.com/ipv6_mac_address_to_link_local_converter/?mode=api&mac=52:74:f2:b1:a8:7f
for all your API needs.

The math

Link-local IPv6 addresses are used as part of the IPv6 network auto-configuration process. Instead of getting an address via DHCP, a NIC will hop on the network with a link-local IPv6 address and with this will have to ability to do further configuration automatically (soliciting neighbors, router, et cetera).

This link-local IPv6 is infered from the NIC’s mac address.

A mac address is 48 bits, an IPv6 address is 128 bits. Here’s the conversion process step by step:

  1. take the mac address: for example 52:74:f2:b1:a8:7f
  2. throw ff:fe in the middle: 52:74:f2:ff:fe:b1:a8:7f
  3. reformat to IPv6 notation 5274:f2ff:feb1:a87f
  4. convert the first octet from hexadecimal to binary: 52 -> 01010010
  5. invert the bit at index 6 (counting from 0): 01010010 -> 01010000
  6. convert octet back to hexadecimal: 01010000 -> 50
  7. replace first octet with newly calculated one: 5074:f2ff:feb1:a87f
  8. prepend the link-local prefix: fe80::5074:f2ff:feb1:a87f
  9. done!

Going the other way

A converter to do the same operation in reverse is available here.

Comments

There have been a few interesting comments on this post, I encourage you to read them if you want to learn more about this mechanism. Specifically:

Posted on

Top-bar beehive design

Here’s a Google Sketchup design for a simple top-bar beehive.

Some pics:


Notes:

Only 2 measurements really matter in the design of a top-bar beehive: the angle of the side panels (70 degrees) & the width of the top bars 35mm. They both pertain to bee behavior and this design has them both optimized. From what I gather, other measures are quite forgiving.

This design is simple & well researched, I do not know yet how it will fare in practice, more to come on that.

Material:

All you’ll need as far as wood is concerned is a couple of 2x12x16 and a 3/4″ sheet of plywood:

Lastly, all units are in millimeters but based on standard lumber sizes available at the hardware store.

Posted on

Poor man’s 2FA: a simpler 2-factor authentication mechanism for SSH

The problem with PAM based 2FA:
  • PAM does not get called when the SSH daemon does key based authentication. So your 2FA there only works with password authentication. This might be something you want but maybe not.
  • A PAM module based solution to 2FA is harder to implement
The solution: Poor man’s 2FA!

It is possible to add the ForceCommand directive to your sshd_config. Like the name suggests it simply runs a command after authentication and before the shell is spawned. This is a good spot to add an extra check, say another factor for authentication.

The code:
#!/bin/bash
trap "echo "I'm sorry Dave. I'm afraid I can't do that."; sleep 1 ; kill -9 $PPID ; exit 1" 2 20
code=`od -a -A n /dev/urandom | head -2 | tr -d ' ' | tr -d 'n' | sed 's/[^a-zA-Z0-9]//g' | awk '{print substr($0,1,5)}'`
echo -e "Subject:$code\nFrom:root@server <root@server.com>\n2FA code in subject" | sendmail phone_number@carrier.com
read input
if [ $code = $input ];
then
    `awk -F: '($1 == $LOGNAME) { print $7 }' /etc/passwd`
else
kill -9 $PPID
fi

That’s it really, save this to an executable file, replace the obvious variables and ForceCommand its ass.