--- Log opened Tue Apr 24 00:00:06 2018 --- Day changed Tue Apr 24 2018 00:00 < djph> Lord-Kamina: that's for everyone though, I mean, they're just pulling rajakumar off the street while he's on his way to his ... whatever correlates to a burger-flipping job over in India ... 00:00 < sammyg> i guess pptp is better than nothing, but how secure or insecure is it? when should i avoid using it and when is it ok to use? 00:00 < qman> very, very, very insecure 00:00 < qman> do not use PPTP, at all, ever 00:01 < djph> ^ 00:01 < sammyg> haha lol 00:01 < djph> use openvpn at the very least 00:01 < SporkWitch> djph: not fond of that stereotype; i've met quite a few middle eastern tech support types, from iraq, india, and elsewhere, and they're not stupid, they just sometimes have a thicker accent, and worse, are almost always hamstrung by a bad script they're forced to follow 00:01 < qman> like, PPTP should not even be available in the interface anymore, that's how broken it is 00:01 < Maarten> pptp? It's like securing your vault with a paper door that has a lock drawn on to it. It "looks" secure, but a 1 second punch and the safe is cracked ;) 00:02 < sammyg> i managed to connect to my computer but using pptp, but i guess then i have to start all over with openvpn :( 00:02 < djph> SporkWitch: I work with the "good" ones. They also confirm they helldesk across the street does that, so ... 00:03 < djph> ... we've also got some of the thick ones, but at least the good ones generally stick them in the corner where they can't mess anything up. 00:03 < lupine> I recently upgraded my one-inch punch to a six-inch punch 00:04 < SporkWitch> lupine: how much did that penis enlargement surgery cost? :P 00:05 < lupine> :3 00:05 < lupine> I'm just trying to imagine a 1-second punch 00:05 < lupine> how does that even work 00:05 < Maarten> I don't know but I don't need much time to swing my fist to someone's face ;) 00:05 < lupine> I'm imagining slo-mo or elastic arms 00:05 < SporkWitch> lupine: they have those on dragonball; how do you think they stretch a single 30 second fight across an entire season? 00:06 < lupine> the punch is still fast, eliding all the unnecessary replays 00:06 < lupine> they just talk about it a lot 00:06 < lupine> have you seen the live action version with james marsters? it's surprisingly good 00:06 < lupine> I'm used to hokutu shin-ken levels of live action 00:07 < SporkWitch> i have a sudden urge to dub over dragonball and have them debate the minutiae of some really inane point of music preference lol 00:07 < lupine> I'm sure AMV Hell have that covered already 00:07 < SporkWitch> probably 00:08 < lupine> CRAWWWWWWWWWLING INNNNN MYYY SKIIIIIIIN 00:08 < SporkWitch> gods, college flashbacks... 00:10 < djph> ha 00:11 < wiresharked> Well, I guess I should not use hotspot shield in school. The speed of their wifi through it is 4mbps 00:12 < djph> lupine: Forfeit the game ... 00:12 < SporkWitch> godammit, you just made me lose the game, and now all of you lose too 00:12 < lupine> I think you underestimate my levels of cognitive dissonance 00:14 < wiresharked> djph: I feel that hotspot shield is a bad VPN anyway 00:15 < djph> probably 00:15 < wiresharked> djph: Why? 00:16 < djph> SporkWitch: what the hell are you talking about, that's the opening lyric to 'A Place for My Head" 00:16 < SporkWitch> djph: yes, but you made me lose the game 00:16 < djph> er Pts. of Authrty. 00:17 < djph> feh, been too long since I've listened to them 00:17 < djph> SporkWitch: the ... what? 00:17 < SporkWitch> http://ilostthegame.org/ 00:17 < djph> you're not like a ... crazy person are you? 00:17 < wiresharked> I thought that he was talking about fortnite 00:17 < SporkWitch> see the link :) 00:18 < djph> SporkWitch: I refuse to follow your obvious link to goatse 00:18 < SporkWitch> djph: you have my word that it is 100% SFW 00:19 < wiresharked> SporkWitch: Fortnite though, not so much most of the time 00:20 < djph> SporkWitch: why should I trust you? 00:20 < djph> SporkWitch: also, this 'game' you spoke of ... 00:20 < SporkWitch> djph: because i'm a trustworthy anonymous person on the internet? lol 00:20 < djph> SporkWitch: quite 00:21 < SporkWitch> djph: in short, you are playing the game from the time you first hear about it. You are all now playing. The game is quite simple: if you think about the game, you lose. 00:21 < qman> it's a crappy 4chan thing from a decade ago, and it ended anyway 00:21 < djph> hehehe 00:22 < SporkWitch> qman: i don't believe it originated on 4chan. I want to say it actually started at a university in the context of "mind viruses" e.g. "memes" in their original academic sense 00:22 < djph> damn, I haven't thought of the game in like 15 years ... 00:22 < djph> fuck you SporkWitch 00:22 < SporkWitch> djph: you're welcome :) 00:22 < djph> took for fucking ever to get politician-level cognitive dissonance 00:23 < SporkWitch> my record is something like 5 years 00:23 < Apachez> https://www.youtube.com/watch?v=LdgMFumDV-c 00:24 < SporkWitch> Apachez: lol, top comment: There should be a constitutional amendment that if you film, you have to hold your camera horizontally. 00:26 < Quatermass> Charming 00:27 < Apachez> SporkWitch: yeah, I believe there is a genetic defectin apple users :) 00:27 < Apachez> which is shown by filming vertically :P 00:27 < SporkWitch> Apachez: i mean, they are apple users... lol 00:27 < SporkWitch> Apachez: i'd argue their use of apple in the first place is also symptomatic of the defect lol 00:29 < Johnjay> lol the game is kind of like fight club 00:29 < Johnjay> except not for gay guys 00:31 < djph> wait, what kind of a bastard are you, keeping gays out of the game? 00:32 < SporkWitch> djph: only guy GUYS; apparently gay girls are fine 00:32 < SporkWitch> so we're probably dealing with a feminist here, possibly a TERF 00:33 < djph> SporkWitch: wait, since when were ladies "gay"? aren't they the "L" in that moniker? 00:36 < dexterfoo> "new WebSocket()" from the web browser will always initiate a new TCP connection, even if there already exists a keep-alive connection to the server, right? 00:36 < Johnjay> no fight club was the gay club, watch the movie it's all over the place 00:39 < Quatermass> Wow. A plethera of yank rednecks... 00:39 < Quatermass> It's no wonder america is mosthated 00:40 < SporkWitch> djph: like most "masculine" terms, it's actually unisex. All lesbians are gay, but not everyone that is gay is a lesbian 00:40 < djph> SporkWitch: ah, I just figured they got their knickers in a twist having to share a word with men 00:40 < SporkWitch> djph: (i find pedantry on identity politics bullshit an entertaining way of taking apart the stupidity of it in the first place lol) 00:40 < SporkWitch> djph: precisely, hence making a special word all their own lol 00:41 < djph> hehehehe 00:45 < Apachez> SporkWitch: the sad thing is that I have nothing that proves you wrong ;) 00:45 < SporkWitch> hehe 00:46 < SporkWitch> Apachez: so, bets on how long before we find out the van driver is a "refugee" and/or new convert? 00:47 < Apachez> or a Justin Trudeau supporter 00:47 < lupine> some shithead says this every time 00:47 < lupine> and then in the instances where it's motivated by something else, they MYSTERIOUSLY GO QUIET 00:47 < lupine> being right by accident is not something to applaud 00:48 < SporkWitch> not about being right, it's about statistics. unlike gambling, the odds are in our favour lol 00:48 < lupine> well, that's debatable 00:49 < lupine> even when so many categories of terrorism magically become not-terrorism when someone local does it 00:50 < SporkWitch> motive determines whether it's terrorism, not where they're from or whether they're native. terrorism is defined as the use or threat of violence to achieve a political goal 00:50 < lupine> right, but when locals engage in that, it gets magically called not-terrorism 00:51 < lupine> (note that the definition in law in .uk is much wider, btw) 00:51 < SporkWitch> often, yes, though that applies to both sides. i won't deny that it almost only gets applied to violence perpetrated by islamists, but antifa and BLM enjoy the same protection as other non-islamic terrorist organizations and individuals 00:52 < SporkWitch> though it's worth noting that the unibomber DOES get the terrorist label on the rare occasions it still comes up, and he's a straight, white male :) 00:52 < lupine> indeed, sometimes they get it right 00:52 < lupine> usually adding a written manifesto and premediation means you'll meet the bar, no matter what 00:53 < SporkWitch> i would tend to agree, since having a manifesto is rather axiomatic of political motives 00:53 < lupine> anyone else miss the good old days of the IRA? 00:53 < WishBoy> [23/04/2018 16:18:56] Rip to net neutrality 00:53 < WishBoy> :( 00:53 < SporkWitch> lupine: thanks for mentioning another non-islamic terrorist group that regularly gets the title :) 00:53 < lupine> sure, they clearly exist 00:54 < lupine> but if this dude does turn out to be a muslim, you can guarantee nobody will be arguing "no manifesto -> not a terrorist" 00:55 < SporkWitch> lupine: no, because using vehicles to target pedestrians is now a very COMMON tactic of islamic terrorists whose motive is their religion and hatred of western society 00:55 < lupine> it's also a very COMMON tactic of non-islamic terrorists whose motives vary but include religion and hatred of western society 00:56 < SporkWitch> lupine: i'm hard-pressed to think of any clearly deliberate vehicle attacks that didn't turn out to be motivated by islam... 00:56 < SporkWitch> lupine: i think in the past it was mostly that it was small-scale one-off incidents, like a bible thumper bombing an abortion clinic or going after a doctor; occasionally it gets labeled what it is, but for the most part, they didn't want the association of their own beliefs with those of the bad apples. 00:57 < lupine> SporkWitch: are you? dear me 00:57 < SporkWitch> lupine: these days i think the main reason non-islamic terrorist attacks, regardless of side, don't get the label is because of how popular BLM and antifa are, and calling out right wing terrorism would quickly backfire since the groups they support fit even better 00:59 < SporkWitch> lupine: literally the only example that comes to mind is charlottesville, and there's no evidence of intent, let alone pre-meditation, as is often ascribed to it. Panic after being attacked by left-wing terrorists is a very plausible explanation, and in the absence of evidence i'll give the benefit of the doubt. 00:59 < lupine> here's one from this month: https://aa.com.tr/en/middle-east/daesh-prepared-bombs-used-in-recent-pkk-attacks-locals/1083555 00:59 < backnforth> Hi, can websites know if I'm using a same network of another user in that network 01:00 < Apachez> bash prepared bombs 01:00 < Apachez> backnforth: sure 01:00 < lupine> sure, but that's just contracting-out to specialists 01:00 < lupine> here we have politically-motivated violence in support of an ideology radically opposed to ye olde islam 01:00 < Apachez> backnforth: they see your srcip and your friend next to you will most likely use similar sourceip on the internet 01:01 < lupine> although they did park politely before blowing it up 01:01 < Apachez> yeah you dont want to end up with a ticket if your bomb fails :P 01:01 < Apachez> like one of the first terrorists in modern swedish history 01:01 < Apachez> he put his car on fire 01:02 < Apachez> of course the gas tubes never exploded 01:02 < lupine> poor sod 01:02 < Apachez> and then moments before he was about to explode the pressure cocker he took a right turn to adjust it 01:02 < Apachez> guess what? 01:02 < Apachez> that pressure cocker went off 01:02 < Apachez> killing only the terrorist :D 01:02 < Apachez> funny note 01:02 < lupine> anyway, there's certainly a lot of muslim terrorism going around. the point is merely that there's also a lot of non-muslim terrorism going around 01:03 < Apachez> some hours before he had emailed his plans to the swedish secret service 01:03 < SporkWitch> lupine: reading the article, and doing some digging on YPG, 1) the article says it was a bombing, not a truck-of-peace style attack, 2) it implies ethnic/religious motives for the group, as well as possible alliance with ISIS... as far as i can tell, your link reinforces my point, rather than undermining it 01:03 < Apachez> however nobody watched that inbox... 01:03 < Apachez> they got some complains about that :P 01:03 < lupine> SporkWitch: YPG at a semi-marxist set of kurdish nationalists who are diametically opposed to ye olde islam 01:03 < Apachez> what about YMCA ? 01:04 < lupine> but yes, it was a carbombing 01:04 < Apachez> is YMCA the gay part of YPG ? 01:04 < lupine> YMCA use insidious propaganda, which counts as terrorism in .uk if the state disapproves 01:04 < SporkWitch> lupine: no one is saying there isn't any non-islamist terrorism, but the numbers certainly seem to demonstrate that islam is the dominant motivator 01:04 <+catphish> maybe if y'all stopped publishing the motives, they'd have less incentive, they're all just murderers and should be quietly sent to jail 01:05 < Apachez> SporkWitch: you mean like muricans travelling half around the globe into some dessert to kill civilians? :P 01:05 < lupine> SporkWitch: not the overwhelmingly dominant motivator 01:05 < lupine> not even the dominant one 01:05 <+catphish> who cares what colour the murderer is 01:05 < Apachez> the iraqi body count passed 100k some years ago 01:05 <+catphish> or religion, straight to jail 01:05 < SporkWitch> lupine: yes, i can see that, the kurds being a racial group and subgrouping of islam, using violence to achieve their political goals... 01:05 < lupine> they're, um 01:05 < lupine> oh never mind 01:06 < SporkWitch> sorry, ethnic, not racial 01:07 < lupine> they're fighting for a secular state 01:09 <+catphish> "the numbers certainly seem to demonstrate that islam is the dominant motivaton" citation? 01:09 < SporkWitch> i'll take your word on that, but the materials coming from ISIS is pretty damning 01:09 < lupine> YPG aren't ISIS 01:09 < lupine> they fought a hell of a war against them 01:10 < lupine> swapping captives for bombs doesn't make them part of that grouo 01:10 < djph> SporkWitch: "May the odds ever be in your favor"? 01:10 < djph> ... err, oops ... stupid scrollback 01:11 < Quatermass> I agree with catphish. Don't give them the massive sustained CNN time. It isn't deserved and only serves to glorify whatever was done. 01:11 < Quatermass> But no...greedy people doin' greedy things to make money 01:12 < SporkWitch> catphish: unsure of credibility, one of the first hits when seeking numbers by motive. in its "terrorist groups" breakout the three (presumably highest numbers, but admittedly uncertain) are al qaeda on 9/11, ISIL total people killed in 2016, and ISIL attacking other terrorists in 2016 https://www.statista.com/topics/2267/terrorism/ 01:12 < SporkWitch> continuing to look for better 01:13 < SporkWitch> the search string used was "percentage of terrorist attacks by motive" 01:13 < SporkWitch> (so you know i'm not trying to bias the results that turn up) 01:13 < SporkWitch> well, unless you consider the use of the term terrorism itself biasing, but the actual organizations that track these things tend to call spades spades, and don't play the "we can't call BLM terrorists" game 01:14 <+catphish> i do believe by not publicizing the cause, you disuade the terrorism, but the media are having none of that, they love finding out who did it and why and making both famous for a day 01:14 <+catphish> SporkWitch: https://ourworldindata.org/terrorism seems to be a good read, it suggests most terrorism is islamist in-fighting in / from iraq 01:15 <+catphish> SporkWitch: so i believe you are correct, though i didn't check numbers on attack western countries 01:16 <+catphish> imo all terrorism in countries not at war should merely be brushed off as crime and punushed as such 01:16 < SporkWitch> catphish: yeah, i don't discriminate, i don't care whether they're killing each other or non-muslims; my point is solely in terms of the most common motivating factor. As far as publishing the motives? Eh. Something to be said for not making a big deal of it in the media, but it's absolutely essential for the governments, law enforcement, and counter-terrorist agencies to track it in order to 01:16 < SporkWitch> effectively combat and prevent it 01:17 <+catphish> of course, some western countries *are* at war with iraq (or certain groups in it) so i class terrorism by those groups simply as "war" 01:17 < SporkWitch> catphish: the problem with that is that most crimes (excluding crimes of passion, e.g. wife cheated, car got keyed, etc.) have some motivation that can be reasonably addressed. There's a reason that most crime happens in poor areas: desperate situations result in desperate people taking desperate action. Improve the overall average standard of living for your society and crime as a whole tends 01:18 < SporkWitch> to trend down (and HAS BEEN; despite hearing about it more these days than 30 years ago, crime rates across the board in the developed world are actually down) 01:18 <+catphish> SporkWitch: that's true 01:19 <+catphish> in other news, http://www.bbc.co.uk/news/world-us-canada-43873058 01:19 < SporkWitch> catphish: the motives for terrorism, however, CANNOT be addressed directly, because to do so is to encourage the acts, as the only way to eliminate the motive is to give them what they want. now you have a cycle of "if i blow things up i get my way, i should blow more stuff up" 01:20 < Quatermass> some western countries have been at war since before WW2... :/ 01:20 < SporkWitch> as such, terrorism MUST be treated as the distinct category that it is 01:20 < Quatermass> Either causing or encouraging 01:20 < djph> SporkWitch: a cry for help, and taking sheets off your head? 01:20 < SporkWitch> djph: i'm sorry, i don't follow :( 01:20 < djph> SporkWitch: terrorism ... distinct category ... something ... <-- a cry for help 01:21 * SporkWitch shrugs 01:21 <+catphish> i also don't follow 01:21 < lupine> in general, you should negotiate with terrorists 01:22 < lupine> > Doctors said the donor testicles were not transplanted, due to ethical considerations. 01:22 < lupine> interesting 01:22 <+catphish> lol ironically yes, though not necessarily in the way they want 01:22 < drathir> djph: cry for help mostly is harm herself not dozen of innocent ppl... that isnt cry for help... 01:22 < lupine> there was a penis transplant in india some moons ago, but in the end they removed it because the recipient's wife didn't like it 01:22 <+catphish> lol how odd 01:22 < SporkWitch> ignoring excluding the sudden jump to testicles and penises, i am always pleased when we can have these discussions maturely :) 01:23 < SporkWitch> s/excluding// 01:23 <+catphish> i can't do anything maturely 01:23 <+catphish> i refuse to adult 01:23 < irwiss> haha penis! 01:23 < SporkWitch> catphish: sounds like my roommate; he's a decade older than me, yet i have to constantly pick up the slack on rent because he's always late >_< 01:24 < drathir> SporkWitch: You never know where discusion will goes... ;p 01:24 <+catphish> SporkWitch: i'm more like a child with money for toys 01:24 < SporkWitch> catphish: just paid off the overdue, told him it's a loan, and that if he's ever late again, now that i've caught it all up FOR HIM, i'm finding someone to replace him 01:25 <+catphish> being incompetent isn't the same as being immature :) 01:25 < SporkWitch> only reason i hadn't booted him already si that he does at least pay SOME, so i have nothing to gain by booting him before i find a replacement 01:25 < drathir> SporkWitch: keep on mind murphys law there is a chance You chose worse than now... ;p 01:25 <+catphish> why not just pay for him indefintiely? 01:26 <+catphish> let him spend his money on better things 01:26 < SporkWitch> drathir: possible, but "worse than now" is only a couple hundred bucks more out of my pocket 01:26 < drathir> SporkWitch: aka trusted ground... 01:27 < SporkWitch> drathir: again, it's enough to make me look for a replacement before booting, but not enough to make me put up with it indefinitely 01:27 < lupine> why would you... share a house? 01:27 < SporkWitch> my credit's already fucked, i don't need him being late making it worse 01:27 <+catphish> i share a house, my housemate pays nothing, fortunately for her, we're married and i like her :) 01:27 < drathir> catphish: lol 01:28 < SporkWitch> lupine: location and means. finding someplace close enough to where i work that i can afford by myself is EXTREMELY difficult. i have a place already that's very close, not outrageously expensive, and has space for roommates to offset my individual cost 01:28 < drathir> catphish: will not sounds strange as much w/o we're married included ^^ 01:30 < drathir> SporkWitch: ofc keeps fingers crossed to find better one... 01:31 <+catphish> rain tomorrow :( 01:31 < SporkWitch> drathir: on the upside, i did finally fill the 3rd room, so that'll help. bouncer at a few of the local bars and someone i know reasonably well. even if i have to keep picking up the slack, i'll at least have enough to actually start working on savings again. with any luck i'll actually be able to build a new ocmputer and pick up a vive pro bundle this fall/xmas like i'd planned 01:32 <+catphish> i really should play with my vive more 01:32 < lupine> I can strongly recommend remote work 01:32 < lupine> it lets me live somewhere the houses are five figures \o/ 01:33 < SporkWitch> i work remote on the weekends, but onthe weekdays they like us in the office, at least for part of the day, for team meetings and the like 01:33 < SporkWitch> i'm actually home right now, usually come back during my lunch break 01:33 < lupine> work at the weekends? 01:33 < lupine> what even is this? 01:33 < SporkWitch> lupine: i work 4x10's, Saturday through Tuesday. I get a 3 day weekend every week :) 01:34 < SporkWitch> and the weekends usually involve a lot of reading books and watching netflix, because nothing's exploded recently, so there's not a lot of work that needs doing :) 01:34 <+catphish> seems fair 01:34 < drathir> lupine: yea for that probably not so easy... 01:34 < SporkWitch> yup; don't get fuck all done after work, but i get a full, uninterrupted day to do home stuff / chores / errands, and still have two free days to have / recover from fun with :) 01:35 < lupine> now I remember why I reacted to negatively to your pre-emptive assignment of blame 01:35 < lupine> munster, earlier this month 01:35 <+catphish> i'm trying to find a new project at the moment 01:35 < lupine> same narrative, eventually filed as not a terrorist attack at all 01:35 <+catphish> probably something in electronics 01:36 < SporkWitch> catphish: my current is finding a decent forum solution for a discord community i admin. i don't know what kind of adoption we'll have so i can justify the 250 for vbulletin, but nothing else i'm finding meets my standards. I'm thinking about going with their other-people's-computers solution for 20/mo to start, then if adoption is sufficient, migrate to self-hosted. They'll support that 01:36 * redrabbit is burried under electronic projects 01:36 <+catphish> redrabbit: anything cool? 01:37 < SporkWitch> migration, so it makes sense; they no longer support their migration tools for other platforms, like phpbb, so it would be high risk to start with one of them and try to move after finding out there's enough demand 01:37 < redrabbit> you could get into LoRa 01:37 < lupine> SporkWitch: don't like discourse? 01:37 < redrabbit> and LoRaWAN 01:37 <+catphish> SporkWitch: aren't there a ton of open source forums? 01:37 < SporkWitch> lupine: flat forums? no thanks 01:37 < lupine> well, it has categories 01:38 < drathir> mumble vs discord ^^ 01:38 < SporkWitch> catphish: most are crap, it pretty much comes down to smf and phpbb3. SMF hasn't improved in years that i can tell, can't even connect securely to SMTP to send notifications. 01:38 < lupine> I miss the internet of forums 01:38 < lupine> times were, there was an active community forum for everything 01:38 <+catphish> SporkWitch: these days i just write what i need 01:38 < SporkWitch> lupine: but not nesting. it's a terrible interface. fine if you want something like tumblr or pinterest, but not if you want any semblance of useful organization 01:38 < lupine> now it's all facebook groups 01:38 < redrabbit> fuck fb 01:38 < drathir> mastodon so far is a future i guess... 01:38 <+catphish> facebook has killed some nice corners of the internet :( 01:39 <+catphish> redrabbit: lora looks cool, but need something to do with it i guess 01:39 < lupine> mastodon is 1/3rd sex workers at the moment 01:39 < lupine> not that I'm complaining 01:39 <+catphish> redrabbit: so you doing anything good? 01:39 < redrabbit> catphish: 01:40 < drathir> SporkWitch: just mediawiki+webirc ^^ 01:40 < redrabbit> LoRaWAN devices 01:40 < SporkWitch> lupine: it's a discord community for Ark: Survival Evolved. A lot of our channel clutter results from no cross-play, so we have 3 each (one per platform: xbox/win10-store, ps4, and steam) of: server ads, tribe recruiting / looking for tribe, and trades. There's also demand for separating it by official and unofficial servers, and even pve and pvp servers, but that would increase the number of 01:40 <+catphish> redrabbit: what do they do? 01:40 <+catphish> generic IoT type things? 01:40 < djph> SporkWitch: pve servers? filthy casuals. 01:41 < lupine> SporkWitch: right, you can use categories to resolve this kind of multidimensional tangle 01:41 < lupine> I miss tag clouds too 01:41 < wiresharked> lupine: Do you play fortnite? 01:41 < drathir> lupine: only at switter server mostly, and also not bother me that, bc there is freedom of choice for servers... 01:41 < lupine> blogs always used to have tag clouds 01:41 < redrabbit> catphish: 6000 meters of reach with a 5 usd radio 01:41 < lupine> drathir: it's federated 01:41 < drathir> SporkWitch: soon will go online decentralized instagram like service... 01:41 < lupine> choice of server does affect what traffic you receive, but a sizeable group on one server will affect what you read 01:42 < SporkWitch> lupine: channels even more. Without nesting, it's simply not feasible, too much clutter. With proper forums, though, I can set a hierarchy: official / unofficial at tier 1, each can have pvp / pve at tier 2, and then inside each pvp / pve we can have the server ads, tribe recruitment, and trade (and actually only need two each, since server ads don't apply to official, and trades are impractical 01:42 < SporkWitch> on unofficial) 01:42 < lupine> I see duplication 01:42 < redrabbit> atm i get outdoors and do coverage maps 01:42 < lupine> chill, I've got this. pass me a fat consultancy fee and I'll set it up for you 01:42 < wiresharked> No, fortnite is better 01:43 < SporkWitch> lupine: in what sense do you see duplication? it starts broadest scope and narrows down. 01:43 < SporkWitch> lupine: and sorry, tier 1 in that tree would be platform, not official / unofficial, but you see what i mean 01:43 < wiresharked> Apachez: Do you use a VPN? 01:43 < redrabbit> catphish: its fun to go outdoors and see how far you 01:44 <+catphish> i'm trying to understand lora and failing so far 01:44 < lupine> draw it as a tree. observe that the second level of the tree repeats categories twice, and so on 01:44 < SporkWitch> lupine: doing that with tags is just ugly, and requires people properly marking everything; much easier to direct them to the right place 01:44 < redrabbit> can go. 01:44 < lupine> clearly we have differing aesthetics :p 01:45 < SporkWitch> lupine: it does, but it's because of scope. you're going to have that duplication no matter what, because what you really have is: official pvp, official pve, unofficial pvp, and unofficial pve. 01:45 < lupine> unless your categories are flat ;) 01:46 < lupine> then you have official, unofficial, pve, pvp 01:46 < SporkWitch> lupine: structuring it as nested boards, rather than just labels, also allows for general and then more narrowly focused discussions as you work down the tree. 01:46 < lupine> and topics can be any combination thereof 01:46 < Project86__> Odd question, but if anyone has a Verizon phone, could you tell me the APN used? I unlocked a us cellular phone and have Verizon on it but can't send pics without the right SON. None of the ones I found online work. 01:46 < lupine> ISTR you can create views for specific combinations 01:46 < Project86__> *APN 01:46 <+catphish> lora looks like it's just a gateway between wireless lans and a central server 01:47 < SporkWitch> lupine: yeah, and then a million people tagging their post "pve" to which the next question is "official or unofficial?" it's an ugly way to do things when there IS a clearly defined scope and structure. I'm not saying flat forums don't have their place, but they're a poor fit for this context 01:47 < redrabbit> catphish: well isnt that a good reason to get into it 01:47 < lupine> I suppose there's no accounting for stupid people 01:47 <+catphish> i think this page says it all https://lora-alliance.org/resource-hub/lorawantm-101-technical-introduction 01:47 < redrabbit> so you get to know 01:47 < drathir> Project86__: for pictures You probably need apn+proxy data... 01:48 < SporkWitch> lupine: we are largely in that situation already with the chats, depending on people to include in their post whether it's official or unofficial, pve or pvp. it doesn't work. if the structure is right there in their face, you're more likely to see things put in the right place. you'll still see issues, but it's a lot easier to spot and address, since you spot the out of place post and just 01:48 < redrabbit> its not ip based 01:48 < SporkWitch> move it; depending on them to tag everything, spotting missing tags, figuring out what they are, and adding them, is a much more involved process, since it's not readily obvious 01:49 < Project86__> drathir: didn't know they used proxies. Do u have verizon? 01:49 < SporkWitch> lupine: it's not like i haven't considered them; i did look at discourse and a few others, and dismissed them for this reason. It simply moves the same problem we already have, it doesn't actually address it. 01:49 <+catphish> it seems that lora is just a corporate nonsense, a parent troll 01:49 <+catphish> if they have any useful tech they hide it well 01:50 < SporkWitch> i see lorem ipsum on the link... 01:50 <+catphish> "The LoRa physical layer protocol is closed and proprietary, therefore there is no official documentation" 01:50 <+catphish> i think i'll be moving along 01:50 < redrabbit> that e 01:51 < redrabbit> ressource is bs 01:51 < drathir> Project86__: mms often using proxy and port for sedding messages... 01:51 < redrabbit> lol 01:51 < SporkWitch> catphish: maybe it's a pet project of ajit pai? lol 01:51 <+catphish> although it does make me think there must be a place for a nice open IoT wlan+wan standard 01:52 < redrabbit> the radios are closed 01:52 < SporkWitch> catphish: guarantee the trolls already have the patents lol 01:52 < Project86__> damn, well who can tell me the APN and proxy for verizon? 01:52 <+catphish> things like zigbee may have this 01:52 < redrabbit> the community isn't 01:52 < SporkWitch> Project86__: google 01:52 <+catphish> redrabbit: a closed patented protocol can have no worthwhile community 01:53 < SporkWitch> ^ 01:53 < Project86__> SporkWitch: I've tried about 20 from Google, none worked. That's why I was asking someone with Verizon to just tell me what the APN in their phone ia 01:53 < Project86__> *is 01:53 <+catphish> i guess they made the upper layers accessible to developers, but not really my cup of tea 01:53 < SporkWitch> i have no innate issue with closed-source, but anything that's supposed to interoperate SHOULD be open, at least the parts that talk. do whatever you want under the hood, but once it's talking to something outside of itself, that needs to be open and documented 01:54 < redrabbit> https://www.thethingsnetwork.org/forum/ 01:54 <+catphish> i might look into building something with zigbee, z-wave, or similar, whatever's open and works well 01:54 < drathir> catphish: i see one issue in https://lora-alliance.org/resource-hub/lorawantm-101-technical-introduction to ahieve that anyway is needed stuck at one provider hw.... 01:57 <+catphish> zigbee seems the answer, 1) philips uses it 2) it works really well 3) its an open standard 01:57 < drathir> catphish: yep probably.... 01:57 < redrabbit> this is a lot of fun if you're into radios and electronics. range is crazy 01:58 <+catphish> that low power long range stuff does look cool 01:59 < redrabbit> zigbee has a low range 01:59 < Johnjay> yeah i don't get it really well 01:59 <+catphish> fairly, it has cool meshing though 01:59 < Johnjay> but i can make a low power radio signal in my work room that goes out to the street? 01:59 < Johnjay> like FM lol 02:00 < djph> Johnjay: legally? probably not. Realistically? yeah, probably. 02:02 <+catphish> you can make any signal with an SDR :) 02:02 < Johnjay> i mean it's not much of a station if people can only hear you for 10 seconds 02:02 < Johnjay> but that would still be interesting 02:02 <+catphish> i was amazed actually how far an extremely low power fm audio signal can travel 02:03 <+catphish> 10mW gets you a way down the street 02:04 < drathir> kinda gps for lower range ;p 02:04 < redrabbit> sure its owned by semtech. so you buy products with their chips, the cheapest module cost 5usd and reaches 3000 meters easily. that range for that price is unprecedented. 02:05 < redrabbit> no wonder why its guarded with china 02:06 < redrabbit> and batteries las forever 02:06 < Johnjay> what's the physics behind it, i thought radio transmission was always limited before? 02:06 < drathir> redrabbit: china would copy anything and at lower price ;p 02:06 <+catphish> you can do 22km LOS :) 02:07 < redrabbit> 500km even 02:07 <+catphish> i doubt it's unique, the key is the low data rate 02:07 <+catphish> no, it can't do 500km 02:07 < redrabbit> but you get a solid 3000 02:07 < irwiss> Johnjay: tbh radio is mostly limited by the fact your local broadcasting authority will whoop your ass if you transmit on frequencies you're not authorized or at power levels you're not authorized 02:08 < redrabbit> more has been done catphish 02:08 < Johnjay> i see 02:08 <+catphish> thats hardly the same thing 02:08 < redrabbit> 3000m 02:08 <+catphish> yes, 3000m < 22km 02:08 < redrabbit> it has been done 02:08 <+catphish> what has? 02:09 < drathir> its sounds like that rados maded almost from nothing and station propagation of half world ;p 02:09 < redrabbit> more than 500km 02:09 <+catphish> redrabbit: no, i don't believe that for a moment 02:10 < redrabbit> https://www.thethingsnetwork.org/article/ground-breaking-world-record-lorawan-packet-received-at-702-km-436-miles-distance 02:10 < redrabbit> you don't have to 02:11 < drathir> btw as i saw that pretty fresh still probably wifi on small board with builid in antenna at Yt where guys wardriving from running car at street in km+ ranges that was impressive ;p 02:13 <+catphish> redrabbit: that's awesome, not quite the fair test (not in normal air at ground level) but very impressive anyway! 02:13 < redrabbit> indeed 02:14 <+catphish> i don't really understand how that works 02:14 <+catphish> the noise would be insane 02:14 < redrabbit> its enough to walk your ass off when range testing 02:15 <+catphish> specs say 25mW TX, -134 dBm sensitivity 02:15 < redrabbit> it has strong anti interference 02:15 <+catphish> i believe that's impressive, but i don't know the details 02:15 < redrabbit> works under the noise levels 02:15 <+catphish> there's some cool technology you can use to achieve this 02:16 < redrabbit> and at a low cost 02:16 < redrabbit> its 02:16 < redrabbit> a rabbit hole 02:17 <+catphish> i sleep now 02:17 < redrabbit> gn 02:18 < redrabbit> its getting popular right now 02:25 < superkuh> None of this long distance records mean anything. 02:25 < superkuh> er, s/this/these/ 02:25 < superkuh> They all use contrived setups for actual line of sight with clear fresnel zone. And that never happens in reality. Not unless you pay the big bucks for tower or building top rental. 02:26 < superkuh> Also, that's not the record, I believe someone has done lora from earth surface to geo. 02:27 < superkuh> https://hackaday.com/2018/02/22/at-71572-km-you-wont-beat-this-lora-record/ 02:27 < superkuh> https://store.outernet.is/blogs/the-official-outernet-blog/world-record 02:29 < superkuh> Unless you're doing HF <30 MHz the only thing that matters is antenna heights. 02:30 < Queenslayer> HF? 02:33 < irwiss> high frequency, over around 30mhz you need mostly line of sight to receive signal as you lose all the effects that may make radio wave bounce off ionosphere 02:34 < Queenslayer> What's this for? Metro? 02:42 < superkuh> What I have said is a universal truth for all radio communications anywhere. 02:42 < VincentHoshino> yep 02:42 < drathir> superkuh: check esp8266 ^^ 02:44 < superkuh> I do use esp8266 devices. Mostly with the NodeMCU firmware. 02:45 < drathir> superkuh: if that smll beast could take that ranges who know what they invent new... 02:45 < superkuh> I'm wasn't trying to say LoraWAN is bad. It's great. Far better than wifi for long range and low power. 02:45 < superkuh> But they're all mostly constrained by line of sight and so antenna height. 02:46 < superkuh> And that won't change. 02:48 < drathir> superkuh: the biggest issue there is bidirectional communication in my opinion... 02:48 < lupine> informal suggestion that he was a redpiller 03:47 < jim> drathir, hi... and thanks :) if someone has a pointopoint interface, could you pastebin the output of ip address so I can see how it shows the peer address? 03:48 < jim> for ipv4 right now... 03:52 < sysfault> has anyone read tcp/ip in 24 hours? 03:53 < Quatermass> haha 03:53 < sysfault> disorganized is an understand for the tanenbaum recommendation in the topic. however its an intense in depth study compared to the aforementioned 03:53 < sysfault> im just going to dive into it again and just grasp what i can. 03:54 < sysfault> Quatermass: those darn 24 hours books heh? smh 03:54 < Quatermass> sysfault: are you using 3 fingers or all 5 for grasp of this 03:54 < sysfault> Quatermass: good question 03:55 < sysfault> i'll try using all tejn 03:55 < sysfault> ten rather 05:14 < kujo> anyone know if SSHv1 supports tunneling (dynamic, local, and remote)? 05:14 < kujo> i know sshv2 does 05:16 < Peng_> Why 05:30 < kujo> research 05:32 < Project86__> "Research" is always fun and exciting 06:33 < psprint> Hello. Is it possible to forward ARP packets from local network to additional host behind NAT? 06:34 < grawity> psprint: wha? why ­— I mean, what does your network's layout even look like 06:35 < grawity> kujo: this functionality was present in the initial revision of OpenSSH, based on ylo's 1.2.12 06:35 < kujo> grawity: thank you! 06:35 < psprint> grawity: local network at wifi router, plus a host connected to mac mini's ethernet port, which has NAT, to be able to talk to other hosts in the plain WiFi local network. I would like to analyze network's ARP packets on that attached host 06:36 < grawity> kujo: the included pre-openssh ChangeLog cuts off before it got added, but clearly before 1.2.0 06:36 < grawity> kujo: for future reference https://anongit.mindrot.org/openssh.git https://git.tartarus.org/simon/putty.git 06:37 < kujo> grawity: thats fantastic. thanks so much 06:37 < grawity> psprint: yeah, no, certainly not for that purpose 06:38 < grawity> psprint: ARP is normally entirely link-local, and while ARP proxying by routers exists (and not sure if it does on macOS), the proxied requests would look a bit different than the originals 06:39 < grawity> psprint: what's mac mini's uplink – wifi? 06:39 < psprint> grawity: yes 06:40 < grawity> that's yet another problem; many wifi access points won't even *give* you the ARP requests – they'll automatically proxy and answer those in the interests of saving power and airtime 06:40 < grawity> well, some of the ARP requests, not all of them 06:40 < grawity> generally, if you're planning on running some packet capture software on the monitoring host 06:40 < grawity> well, you can run it over ssh elsewhere, and stream the pcap back into the monitoring host 06:41 < grawity> that'll give you all the packets that the capturing host is able to receive, ARP or not ARP 06:42 < psprint> grawity: yes I thought about some program on mac mini, to do the ARP capture and forward job, but OS X has pf firewall, it's rather a good piece of swiss knife stuff, and it feels like "copy ARP to eth0" is just a basic rule for pf 06:42 < grawity> it might be 06:43 < grawity> still, ssh foo "dumpcap -i eth0 -f 'not port 22' -w -" | wireshark -k -i - 06:43 < grawity> s/dumpcap/tcpdump -U/ if that's the only thing available 06:45 < psprint> interesting commands, thanks. I should look for an option to make this act only on ARP? 06:46 < grawity> -f 'arp' 06:46 < grawity> standard libpcap filter syntax for both tools 06:49 < psprint> thanks 06:50 < psprint> maybe dumpcap/tcpdump has also option to just write the packets to an interface, that would fix whole topic 06:51 < psprint> OS X has dumpcap, great 06:52 < psprint> ah, it's wireshark from homebrew 06:56 < psprint> read dumpcap manual, no target-interface option 06:57 < grawity> nope, that's not its job 06:57 < grawity> you could probably pipe the pcap into |tcpreplay, though 07:05 < psprint> that's a nice solution, thanks 07:57 < LissajousPattern> so I just built my own 4g lte modem/router using an android phone. 07:57 < LissajousPattern> and it does not even have a sim card 07:59 < Arjun_NM> Can anyone help me out with Omnetpp ?? i am trying to do a project using that. it would be very much greatful if you could help mme. 08:00 < Arjun_NM> i am stuck with an error since last one week, help me out. ! 08:01 < Arjun_NM> is anyone even reading this /? 08:01 < Arjun_NM> i heard that someone here could help me out thats why i am here. 08:03 < LissajousPattern> well I guess it trickier than just calling it a 4g lte modem/router because actually its not because like I said it has no sim. 08:03 < LissajousPattern> but now I have full throughput from my 4g lte connection no matter what and I did not have to use a VPN. 08:04 < LissajousPattern> Using my hotspot 08:04 < LissajousPattern> which before I was getting throttled hard to where I could only playback 480p 08:05 < LissajousPattern> I am sure someone has done this before but it seems so simple yet I have never seen anyone else using this method before 08:08 < Hooloovo0> a modem/router is independent of whether it has a sim 08:29 < merokoyui> hello 08:29 < merokoyui> anyone here who has experience in using wirecast for live streaming and leased line 08:29 < purpleninja> hi merokoyui and no 08:29 < merokoyui> aww 08:30 < merokoyui> ok 08:30 < merokoyui> just wondering why when we have 3 camera setup, the bandwidth usage of the software spikes up to 20mbps 08:30 < merokoyui> however, if we're only sstreaming an already recorded file 08:30 < merokoyui> it only consumes 5 mbps 08:31 * merokoyui shrugs 08:31 < purpleninja> hmm interesting merokoyui 08:31 < merokoyui> right? 08:31 < merokoyui> i wonder if the live thing has something to do with it 08:31 < purpleninja> that's exactly what i was thinking 08:35 < merokoyui> wonder how the technicality of that works 08:35 < merokoyui> is it because the it's waiting for the next set of data (feed) 08:35 < detha> different codecs, probably 08:36 < Project86__> Idk if its already been done, but was wondering if it's possible to know which direction an AP is while scanning? Probably not stationary, but if you were to walk a foot, or even better, extend device in outstretched hand while making one full rotation, then couldn't you find a way to see the direction? Like when signal spikes, obviously moving closer, when signal shows no gain or loss, those are the left and right of 08:36 < Project86__> the AP 08:37 < Project86__> Can I make my scan see this? Or would i need to create my own script that just used the scan data, then applied the math to give direction? 08:38 < detha> Project86__: the old way: take a grid or dish, rotate and watch signal level. The modern way: SDR with multiple chains, and software that looks at phase differences 08:38 < Project86__> detha: I didn't even think of sdr, I have an sdr scanner 08:39 < Project86__> What do you mean by multiple chains though 08:39 < detha> multiple receivers 08:39 < Project86__> Oh to triangulate 08:40 < detha> so you can connect two antennas, and look at the phase difference between signal from each antenna 08:40 < detha> (the fancy stuff they use for tracking vehicles seems to have 4 chains) 08:41 < merokoyui> anyone has CCNA softcopy reviewer for exam? 08:50 < chiru> Hi people, can anyone help me get the source code/understand how the host command does the reverse dns lookup? 08:54 < Project86__> Thanks d 09:11 < stoian> Here's a funny problem, I can't play Warcraft III on my LAN, and I can't figure out why. Wondering if you guys could help me debug this. So I turned off the firewall on both sides, and the PCs can ping each other. It's not a router firewall problem, since other games work on LAN. Any idea? 09:14 < GenteelBen> Which OSes? 09:15 < Irritiable|LT> GenteelBen: Probably Windows... WarCraft III's a Windows-only game (Blizzard Entertainment, 2004). 09:16 < Irritiable|LT> stoian: What do you mean you "cannot play?" 09:16 < Irritiable|LT> The two machines do not see each other? The connection is refused (UDP packet error 4115 or whatever)? 09:17 < stoian> Irritiable|LT: Whoever creates a game, the other one doesn't see a available game to join to 09:17 < stoian> Irritiable|LT: Well, the machines can ping each other so... 09:17 < Irritiable|LT> stoian: Check the router's firewall settings. You mentioned you disabled the local firewall (or at least allowed the application). 09:17 < phocking> icmp doesn't mean they can do tcp/udp on the designated port 09:18 < Irritiable|LT> stoian: Just because they can ping each other doesn't mean the required ports for transfering data is open. 09:18 < stoian> phocking: aha, ok I see 09:18 < Irritiable|LT> That just means the default port that ping's running on is open. 09:18 < Irritiable|LT> ICMP's disabled on my router. T_T 09:19 < stoian> phocking: And what should I check at the router firewall? 09:19 < phocking> Irritiable|LT: icmp isn't a 'port' - ICMP is part of the IP layer of the stack 09:19 < stoian> phocking: That's right ^_^ 09:20 < phocking> stoian: are these both windows systems? 09:20 < stoian> phocking: yup 09:20 < Irritiable|LT> phocking: I'm aware. I said that ICMP is disabled on my router. 09:20 < phocking> are they on the same network segment? 09:22 < Irritiable|LT> Blizzard games are notorious for not playing nicely on the LAN. 09:23 < phocking> http://www.tomshardware.com/answers/id-1752655/warcraft-local-area-problems.html 09:23 < Irritiable|LT> That link merely states it's a firewall issue. He said his FW was disabled. 09:24 < Irritiable|LT> "So I turned off the firewall on both sides, and the PCs can ping each other. It's not a router firewall problem, since other games work on LAN. Any idea?" 09:24 < phocking> im guessing if what that poster describes is happening that you haven't disabled the firewall or adequately put in an exception 09:24 < phocking> Irritiable|LT: im aware of what stoian said, however, it stands to reason that perhaps this configuration change has not been applied properly 09:25 < Irritiable|LT> My next assumption was equally that; Windows Firewall and/or external application. I immediately assumed it was a router-related firewall (I doubt he's using a PCI-E firewall). 09:25 < phocking> wc3 was around before we had fancy dancy windows firewall stuff lol 09:25 < stoian> phocking: yup same subnetwork 09:25 < Irritiable|LT> WarCraft III was around after that... 09:25 < Irritiable|LT> It was on Blizzard's FAQ early on in the release. 09:26 < stoian> phocking: I know, sorry did not mean to be a smartass ^_^ 09:26 < phocking> it's all good bruh 09:26 < Irritiable|LT> Windows XP: August 24, 2001 09:26 < GenteelBen> I MEANT WHICH VERSION OF WINDOWS OBVIOUSLY IT'S WINDOWS YOU CAN'T GAME ON LINUX 09:26 < stoian> Irritiable|LT: sorry, that last was for you 09:26 < Irritiable|LT> WarCraft III: 2004 09:26 < phocking> lol i've been off irc for a while haha 09:26 < Irritiable|LT> Looks delayed by ~3yrs. In fact: Diablo II: LoD had firewall issues. 09:27 < Irritiable|LT> [02:26:22] I MEANT WHICH VERSION OF WINDOWS OBVIOUSLY IT'S WINDOWS YOU CAN'T GAME ON LINUX 09:27 < Irritiable|LT> What? 09:27 < Irritiable|LT> WC: III runs fine under WINE on Linux... 09:27 < Irritiable|LT> "You can't game on Linux." Okay... The way advanced replica of Age of Empires III that I recently played and way improved CS: GO also on Linux are a sure testimony against anything you just said. Lol'd 09:28 < Irritiable|LT> Speaking of: Back to my video game. 10:14 < stoian__> Irritiable|LT, phocking: I think I got it, it might be thath my virtual box network adapter is "interfering" with the game, will try to disable that adapter and tell you the results 10:16 < stoian__> Irritiable|LT, phocking: But I', wondering how does the router firewall affect LAN games? Simply by blocking ports? Or is it something else? NAT? ARP? 10:22 < snake2k> stoian__: NAT or port blocking shouldn't affect anything that happens on the LAN. Individual system firewalls can have a hand in LAN games. 10:23 < snake2k> NAT, Router Firewall, Port Forward/Blocking, and all that other stuff should be for things going in and out of your network. 10:24 < snake2k> stoian__: If you're having problems connecting games to work on LAN, check individual system firewalls and arp tables. 10:34 < stoian__> snake2k: Actually makes sense, thanks! :) 10:38 < snake2k> stoian__: no problem :) 10:39 < Lope> I've not done shaping for a while. On Ubuntu 16.04, I ran this: `tc filter add dev br0 parent 1:0 protocol ip prio 10 u32 match ip tos 0x10 0xff flowid 1:10` and got "RTNETLINK answers: Invalid argument" 10:39 < snake2k> stoian__: try using a switch for simplicity sake to just things to work lol 10:41 < Lope> maybe it's not possible to shape a bridge? 10:42 < dreadkopp83> hey guys. anyone might be able to help me set up network bonding on a ubuntu server ? 10:42 < dreadkopp83> this is my /etc/network/interfaces: https://hastebin.com/afulireqen.php 10:42 < dreadkopp83> when i run a 'systemctl restart networking' i read that 'No slave joined bond0' , dmesg says APv6: ADDRCONF(NETDEV_UP): bond0: link not ready 10:42 < dreadkopp83> 'ip link list' does not show the bond0 interface 10:43 < snake2k> Lope: I have no idea about that stuff lol 10:44 < snake2k> dreadkopp83: what interfaces are you trying to bond? 10:44 < dreadkopp83> em1 - em4 10:45 < snake2k> dreadkopp83: what does /etc/network/interfaces look like? Any mention of bond0 in there? 10:45 <+sep> dreadkopp83, this is my config. https://hastebin.com/ujadajuqul.css ;; i do not specify bond on each interface. and i assume you have the package installed ? 10:46 <+sep> you need the "ifenslave" package installed if you do not have it. 10:46 < dreadkopp83> snake2k +sep bonding module is present and loaded, this is my network/interfaces: https://hastebin.com/afulireqen.php , ifenslave, ethtool and net-tools are installed 10:47 < dreadkopp83> NICs are Broadcom NetXtreme BCM5719 if that information has any value 10:47 <+sep> dreadkopp83, bond-master or bond-slaves i do not think i have ever seen both in use 10:48 <+sep> if you want to use bond-slave you need to first make the bond interface then add the interfaces. so i prefer my example :: https://hastebin.com/ujadajuqul.css 10:49 < snake2k> dreadkopp83: tried this stuff? https://askubuntu.com/questions/858824/ubuntu-16-04-lts-network-does-not-start-on-boot-bonding/862630 10:49 <+sep> dreadkopp83, you have installed the firmware's i assume 10:51 < dreadkopp83> sep okay, removed the bond-master entries from then interfaces config. lemme read that link real quick 10:51 < dreadkopp83> sep the BCM5719s run fine without bonding 10:52 <+sep> dreadkopp83, also networking restart is not quite the same as reboot. so i would want to test a reboot as well since you really want it to come up when things boot :) 10:52 < dreadkopp83> rebooted a few times... takes ages though XD 10:53 <+sep> once after everything works is enoughf to test that it works on boot. 10:54 <+sep> i have lots of machines with basicaly the same config i pasted there. and they all function without problem. but that is regular debian and not the ubuntu flavour. i assume it is fairly similar. 10:54 < dreadkopp83> currently rebooting... eta 2 mins 10:55 < dreadkopp83> i used this config on a desktop pc with a additional dual-gbit ethernet card to test bonding and that worked fine.. https://hastebin.com/ovegavayit.css 11:03 <@pppingme> dreadkopp83 do you really mean an mtu of 9000 and are you **SURE** the hardware supports it? 11:04 < dreadkopp83> pppingme where have i set a mtu of 9000 ? 11:05 <@pppingme> https://hastebin.com/ujadajuqul.css 11:05 <@pppingme> oops, thats not yours.. 11:05 < dreadkopp83> that's not my config though :P 11:05 <@pppingme> as I look closer.. 11:05 < dreadkopp83> this is my current config: https://hastebin.com/ototedaviz.php 11:07 <@pppingme> I don't really do interfaces files.. but.. shouldn't the four interface lines have a header?? 11:07 <@pppingme> iface em1 inet manual 11:07 <@pppingme> should have "auto em1" before it?? 11:08 <@pppingme> and so on? 11:08 < dreadkopp83> i had 'allow emX' on it before however since that was not set in the config sep provided 11:09 < dreadkopp83> maybe i just set up a pfsense vm and let it manage the heavy lifting XD something is definitely weird here 11:09 <@pppingme> this is on a vm? 11:10 < dreadkopp83> no, this is the server which should host a bunch of vms soon :) 11:12 <@pppingme> ok, with that interfaces file, its not shoing up when you do "ip link" ?? 11:13 < dreadkopp83> correct. bond0 is not showing up 11:15 <@pppingme> do the individual interfaces show the word "SLAVE" ? 11:15 <@pppingme> example: 2: enp2s0f0: 11:15 <+sep> pppingme, i have never needed to have a auto line for the member interfaces 11:16 <@pppingme> sep interfaces file is kinda out of my realm, I'm more of a redhat man, ifcfg files.. makes more sense 11:16 <+sep> but i only have this identical config on 20-30 ish machines. but as i said. there can perhaps be debian ubuntu differences. 11:17 <+sep> dreadkopp83, try upping the bond manually with verbose (ifdown bond0 ; ifup -v bond0) 11:17 <+sep> also try to make the bond manually. there must be some reason why it is not created. 11:18 < dreadkopp83> .... cat /sys/class/net/bond0/bonding/slaves \n sleep 0.1 \n count=113 .... and so on 11:19 <+sep> also doublecheck your firmware is installed.. something like dpkg -la | grep bnx2 11:20 < thothcastel_> why the hell am I only able to ping one way to the management0/0 interface? asa 5525 11:20 < thothcastel_> I am trying to upgrade its software to latest version 11:20 < thothcastel_> but communication seem to only be one way! 11:21 < dreadkopp83> sep will do. if that fails, i simply pass all the nics to the pfsense vm and let it do the job XD 11:23 < dreadkopp83> bnx2 is loaded 11:24 <+sep> dreadkopp83, i usualy put a vlan aware bridge on the bond. then make vlans on the bridge for host traffic. and have all vlans available for vm's 11:29 < psprint> How come arp-scan shows strings like "ASUSTek COMPUTER INC." next to Mac ? 11:29 < Gollee> psprint: what 11:29 < djph> because they're using an asus-branded nic. 11:29 < djph> *NIC 11:29 <@pppingme> psprint the first three bytes of a mac indicate the manufacturer 11:29 < psprint> Gollee: 192.168.1.101 f4:6d:04:b1:07:c0 ASUSTek COMPUTER INC. 11:29 < psprint> pppingme: ahso 11:30 < Gollee> psprint: https://www.wireshark.org/tools/oui-lookup.html 11:30 <@pppingme> so in this case, f4:6d:04: indicates ASUSTek COMPUTER INC 11:30 < thothcastel_> I have solarwinds installed and configured 11:30 < thothcastel_> from the cisco asa5525 I cannot ping laptop's ip address 11:30 < thothcastel_> I have tried adding a default route but still unable 11:30 < thothcastel_> route management 0 0 192.168.2.2 11:30 < thothcastel_> 192.168.2.2 is the ip address for the laptop 11:30 < thothcastel_> 192.168.2.1 is the ip address for the management 0/0 on the asa 11:31 < Gollee> what does solarwinds have to do with anything? 11:31 < psprint> pppingme: is there some C header file with this database? 11:31 <@pppingme> not that I'm aware of, but not saying there isn't 11:32 <@pppingme> but seems pointless to me 11:33 < thothcastel_> https://pasteboard.co/Hi4O3Jr.png 11:34 < djph> pppingme: if you've got nmap installed, I believe it has a text file of OUI prefixes. I'd imagine other tools do similar things. 11:34 < tds> psprint: it looks like arp-scan just uses a list in a text file: https://github.com/royhills/arp-scan/blob/master/ieee-oui.txt 11:34 < psprint> If I use Fing iOS app, I get like 7 hosts. There are more hosts, but this is a nice number. nmap -sP returns 2 hosts most of the time. My hand-made Raw Sockets app that mimics nmap -sP (i.e. ping scan) returns 4-9 hosts, gradually increasing for even hours. arp-scan returns 4 or 5 hosts. I never had this problem, ping scanning is such a reliable method except for icmp response blockage on host, why I 11:34 < psprint> just cannot see hosts in network? What can be the cause? 11:35 < psprint> or is this normal 11:35 < djph> sounds like their firewalls are blocking you (or they're off / sleeping / whatever) 11:36 < thothcastel_> rrrr this is driving me maddd 11:36 < psprint> tds thanks 11:36 < psprint> djph: yeah but Fing almost never fails, and nmap (yeah, >>nmap<<) almost always fails 11:38 < galileo_> whys my email not workin 11:38 < djph> something special with your router / AP / etc. then 11:38 < galileo_> are you sure 11:38 < galileo_> how do you know 11:38 < djph> galileo_: because you touch yourself. 11:39 < galileo_> that's not why 11:39 < trae32566[w]> how do you know? 11:41 < psprint> that arp-scan text database is quite outdated as for today, misses e.g. 5c:51:81 for Samsung Electronics 11:41 < easy_ref123> in dhcpd.conf, what path is the value of the "filename" directive relative to? 11:44 < galileo_> trae32566[w] good point 11:44 <@pppingme> easy_ref123 the root of the tftp server 11:44 < galileo_> mail from my forum is being marked as spam though and i don't know why 11:45 < galileo_> spf record, dnssec, reverse dns, authenticated sender 11:45 < galileo_> im only on 1 blocklist 11:46 < djph> apparently your forum is spam 11:46 <@pppingme> galileo_ where is your forum hosted? 11:47 < galileo_> new jersy pppingme 11:48 <@pppingme> galileo_ at a major web host? on a vps? 11:48 < galileo_> vps 11:50 <@pppingme> probably just a very low IP reputation 11:51 < galileo_> it's killing my forum 11:52 < djph> let's be honest here, your harrypotter erotica fanfic forum isn't dying because emails are "spam" ... nor is that a new(tm) issue for forums. 11:53 < trae32566[w]> wat 11:53 < trae32566[w]> is ... is that a joke? 11:53 < thothcastel_> why unable to ping laptop from asa 11:53 < trae32566[w]> please say yes. 11:54 < galileo_> it is dying because emails are spam 11:54 < galileo_> nobody is coming back 11:54 < galileo_> because of the emails 11:54 < galileo_> they need to be constantly reminded this place exists 11:54 < galileo_> i'm thinking of scraping the whole email thing 11:55 < galileo_> and i'll use service workers 11:55 < djph> trae32566[w]: at least I hope it's a joke. 11:55 <@pppingme> if its on a blacklist, someone has reported it 11:55 < galileo_> push notifications 11:56 < galileo_> pppingme: if it's listed on 1 server, is that a big deal? 11:56 < trae32566[w]> yeah, you need to: A. Remove it from the blacklist, and B. make sure you're offering an unsubscribe button, and verify that the content is not "spammy" (I think there are websites that can help with that, but some email formats can trigger automatic spam filters) 11:56 <@pppingme> if mail servers use that list, yes 11:56 <@pppingme> what list is it on? 11:56 < djph> depends on how many people use that list to determine "spamminess" 11:56 < galileo_> barracudacentral 11:57 < trae32566[w]> ew barracuda 11:57 < galileo_> pppingme 11:58 < easy_ref123> pppingme, how can I find the root of tftpserver. as far as I know, it is dhcpd. 11:58 < galileo_> i just used some mail testing thingy and it says my setup isn't complete shit 11:58 < galileo_> https://www.mail-tester.com/web-ayt2n 11:58 <@pppingme> easy_ref123 that'd be part of the tftp server config 11:59 <@pppingme> galileo_ barracuda has three lists, personally I think they are all crap, but a lot of people seem to use them, especially hardware based devices 11:59 < galileo_> i think i'll setup DMARC next 11:59 < thothcastel_> anybody to help? 11:59 < galileo_> pppingme: hmm, might be worth trying to get unblocked 12:00 < trae32566[w]> it shouldn't be too hard, esp. if it's your first time 12:00 < trae32566[w]> usually they have mercy the first few times. 12:01 < easy_ref123> pppingme, I'm on Centos. Can't find any mention of the tftp server. I think it is part of the dhcpd process, but I can't find any configuration block for tftp in the dhcpd.conf 12:02 <@pppingme> tftp is a separate service from dhcpd.. are you even sure you have one running? 12:02 < thothcastel_> rrr this is driving me maaad 12:03 < thothcastel_> traffic seems to be dropped on the outbound 12:04 < Emperorpenguin> don't talk about dropped traffic 12:04 < Emperorpenguin> this was yesterday 12:04 < Emperorpenguin> !.!!.!!!!.!!..!!!!!!!!!!!!!!!!!!.!!!!.!!!!!!.!!!!.!!!!.!!..!.!!!.!!!!. 12:04 < Emperorpenguin> .!!!!.!!.!!..!!!!!.!!!!.!.!.!!!!!!.!!!!!!!!!!!!!!!!..!!!...!.!.!..!..! 12:04 < Emperorpenguin> !!.!!!!..!..!!!!!.!!!!!!!!.!!!.!!!!!!!!!..!!!!!!.!!!!!!!!.!..!!..!!!!! 12:04 < Emperorpenguin> !!..!!!!!!.!!!!!.!.!!!!!!.....!!!!...!!!!.!!!!!!!!!!..!!!!!!..!!!!!!.! 12:04 < Emperorpenguin> !!!.!.!.!!!!..!!!!!.!.!!.!.!.!!!.!!!!.!...!.!!!!!!!!.!.!!!..!!..!.!!.! 12:04 < Emperorpenguin> !!!!!!!!!!!.!..!!!!!!.!!!.!.!!..!!!!!!!!!!!.!!.!!!!!.!.!!.!.!!!!!..!.! 12:04 < Emperorpenguin> !!!..!.!!.!!...!!!.!.!!!!!!!.!!!!!!!!.!!!!.!..!.!!!!!..!!..!!!!!!.!.!. 12:05 <@pppingme> Emperorpenguin learn what pastebin is 12:05 < Emperorpenguin> wouldn't have had the same impact I am afraid 12:06 < Emperorpenguin> jokes need good timing too 12:06 <@pppingme> no, but a ban would 12:06 < Emperorpenguin> but ok I'll post 2 lines at most 12:06 < CWNE88> it's only a few lines... saved me clicking a pastebin 12:06 < Emperorpenguin> yeah I got the spam notice from Sigyn. Sorry. 12:11 < galileo_> would adding a fake unsubscribe link to my email improve my spam assassin rating? 12:11 < djph> no, but a real one would. 12:11 < djph> well ... it might 12:11 < TotallyNotKim> galileo_: do dkim too, adds fancy green marks in mailers and a good point when checking for spam 12:12 < galileo_> dkim seems hard to setup, got halfway then gave up 12:12 < galileo_> i'll make another attempt tomorrow 12:12 < galileo_> i'll try the fake unsub link 12:12 <@pppingme> galileo_ the fact that you're talking about a fake unsub link confirms this is spam 12:12 < mawk> it's not that hard 12:13 <@pppingme> and probably appropriately reported as such to get you on the blacklists to start with 12:13 < galileo_> pppingme: this is my first time sending emails though 12:14 < galileo_> i've never faked an unsub link before 12:14 < galileo_> or anything else that could be defined as sketchy behavior 12:14 < TotallyNotKim> keep that peace 12:14 < galileo_> i just want to get my emails working with the least amount of effort 12:15 < galileo_> not trying to be malicious or anything 12:15 <@pppingme> then why fake an unsub link? make it real and make it work 12:15 < djph> ^ 12:15 < TandyUK> use something like mailman, which does this shit for you 12:15 < galileo_> sounds hard 12:15 < djph> or hell a "hey forum-goers, check your junkbox if you don't get mail" 12:16 < djph> if you *really* have a desire to run it yourself 12:19 < galileo_> djph: i've taken your advice and just sent out an email to tell them to check their junkbox if they don't get emails 12:20 < djph> ... I said put a notice on the forum, not send an email from it 12:20 < galileo_> uh nope 12:20 < galileo_> you probably thought it 12:21 < galileo_> didn't say it 12:21 < djph> meh, 12:21 < djph> now they got another spam email saying "hey forumgoers, check your spam for forum mail" 12:22 <@pppingme> if your users aren't getting emails, sending more emails is counter-productive.. there's no other conclusion you could have drawn from his statement 12:23 < galileo_> is there another way i can get my forum to send emails through googles smtp or something 12:23 < djph> pppingme: meh, his HP erotica fanfic forum loss, not ours. 12:24 <@pppingme> I heard it was goat porn 12:24 < galileo_> it's neither 12:24 < galileo_> it's a runescape community 12:24 < djph> I always thought it was a shame goatse went and died. 12:24 < djph> aren't there enough of those as it is already? 12:25 < galileo_> not sure 12:25 < galileo_> this was one of the first 12:25 < galileo_> created in 2002 12:25 < djph> and yet, you're *still*(??!?!?!) considered a spammer, 16 years later 12:25 < galileo_> i changed hosts 3 years ago and it screwed up 12:26 < galileo_> that's my guess at least 12:26 < galileo_> i never got emails ever 12:26 < galileo_> never supplied my real email 12:26 < galileo_> i just got told by one of my users awhile ago it wasn't working 12:26 < djph> one would imagine that the administrator of a site would, y'know, have a valid contact email. 12:27 < galileo_> not this site 12:27 < galileo_> i do now though 12:30 < galileo_> right now i just have a script that mass emails all my members every day 12:31 < galileo_> it uses googles smtp and my private email so it doesnt get marked as spam 12:35 < `whoami`> hi, how would you slow down a dhcp server ? 12:35 < mAniAk-_-> put it far away 12:35 <+xand> why would you do that? 12:35 < galileo_> put it near the event horizon of a black hole 12:35 < mAniAk-_-> in the yonder 12:35 < anonymip> how fast is it moving? 12:36 < `whoami`> how would you slow down responses from a dhcpd server 12:36 <+xand> `whoami`: why would you? 12:36 < `whoami`> science 12:37 < djph> ? 12:37 < detha> `whoami`: run it on a 386, with the lease file on an nfs share on another continent 12:38 < anonymip> ant then send alot of dhcp requests 12:38 < djph> detha: accessible by dial-on-demand. 12:38 < detha> with as 1200-baud modem 12:38 < detha> *a 12:39 < djph> 1200 O_O damn, we're rich! 12:39 < detha> the 1200 is only one-way, other way is 75. If you want symmetrical, 300/300 12:41 <@pppingme> detha there was more than one 1200 standard.. 12:41 < detha> pppingme: yeah, bell, european 1200, viditel 1200/75, etc. 12:42 < detha> I /think/ I still have a box that can do all of those 12:57 < ice9> i'm facing extreme slow speed when using wifi extender, any suggestions? 12:58 < djph> don't use a wifi extendre. 12:58 < djph> *extender 12:58 <@pppingme> ice9 so called "extenders" are crap, and multiply problems while cutting severely (more than half) into speed 13:00 < ice9> pppingme, so how do i properly cover the desired region? 13:00 <@pppingme> usually a 2nd AP thats setup properly 13:00 < djph> pppingme: *wired in* second AP 13:01 < djph> pppingme: apparently we have to be quite specific in this channel 13:01 < thothcastel_> cisco asa5525 unable to access via a browser / asdm error 504 Gateway Timeout 13:01 < thothcastel_> help please 13:03 < TandyUK> reboot it? 13:14 < ice9> tp-link vs d-link as wifi dsl modem/router? 13:15 < djph> both are doorstops 13:15 < TandyUK> poor doors 13:16 < djph> TandyUK: could be worse 13:16 < TandyUK> bt home hub?? 13:16 < TandyUK> ooh virgin "superhub" lmao 13:17 < TandyUK> my door would never want to close lol 13:17 < djph> I was more talking like something built in the 80s, where it'd break the door 13:17 < TandyUK> oh i was feeling sorry for the door having to touch that shit 13:18 < djph> well, yeah, there is that with tp-stink, etc. 13:18 < TandyUK> ice9: if you cant tell, we have a relative loathing of those shitty devices 13:19 < TandyUK> for home users, who dont care (or wouldnt notice) the crapness of them, theyre 'ok' 13:19 < djph> what's the go-to for (residential) DSL these days? draytek + 'tik/ubnt 13:19 < djph> ? 13:19 < djph> + APs, of course 13:20 < TandyUK> draytek 2760 is our goto home router 13:20 < TandyUK> 2860 if its a business or home office 13:20 < TandyUK> well 2862 now 13:20 < TandyUK> 2762 is coming soon too, wireless AC, and basic inbound vpn support (2 tunnels iirc) 13:20 < TandyUK> the old 2760 could only dial out for vpns 13:21 < djph> oh, they're routers too? 13:22 < tds> djph: I've heard of some people using vdsl/adsl SFP modems now, which look rather neat 13:22 < TandyUK> yeah 2760/2860 are the old stalwarts of the draytek range 13:22 < tds> iirc they draw significantly more power than allowed by the spec, though 13:22 < TandyUK> 2862 and soon 2762 are replcing them 13:24 < djph> nice 13:24 < TandyUK> tds: huh?? you mean like an xdsl modem in SFP form factor? 13:24 < TandyUK> would go nicely with a layer3 managed switch tbh 13:25 < TandyUK> or do you mean for FTTP 13:25 < tds> TandyUK: yes - http://www.proscend.com/en-gb/product/vdsl2/180t.html 13:26 < tds> doesn't do nat or anything though so a plain l3 switch won't be sufficient, you probably just want to trunk it back to a router 13:27 < TandyUK> hmm ok, but still a nice step up from shitty modems 13:27 < TandyUK> mush easier to battery backup and monitor via snmp im sure 13:27 < TandyUK> just UPS the switch, job done 13:27 < TandyUK> same for snmp, monitor the sfp port 13:27 < TandyUK> would be very very nice if it reported the sfp link speed as the sync rate 14:02 < thothcastel_> unable to access asdm nor web interface of asa5525 - ERROR 504 - Server error 14:02 < thothcastel_> help please?! 14:02 < thothcastel_> got all configured 14:02 < thothcastel_> I guess 14:02 < thothcastel_> :) 14:04 < TandyUK> thothcastel_: reboot it, or ssh in (or go via console cable) and restart the web gui 14:05 < TandyUK> 504 is gateway timeout 14:07 < thothcastel_> I have done that various times 14:07 < thothcastel_> TandyUK: it is a new firewall 14:07 < thothcastel_> never able to browse to it 14:07 < thothcastel_> rebooted 14:07 < thothcastel_> still unable ? 14:07 < TandyUK> then file a ticket with cisco 14:07 < TandyUK> its clearly fucked 14:24 < Lope> I tried disabling IPv6 in /etc/systemctl.conf a debian systemd container on an ubuntu host. These commands normally do the trick, but the container still gets IPv6 stuff. 14:28 < Phil-Work> catphish about? 14:34 < CaptainPirate> Hello, I was wondering if there is a simple way to redirect a website to another website in my browser? The context is, I don't like the new reddit interface, and as far as I know, the only way to have the old interface back is to go to old.reddit.com instead of www.reddit.com, so I'd like my browser to automatically redirect all request to www.reddit.com to old.reddit.com 14:35 <+catphish> Phil-Work: yep 14:36 <+catphish> CaptainPirate: log in, it will remember 14:36 <+catphish> CaptainPirate: you can also tell them why you don't like it (i don't either) 14:36 < Phil-Work> catphish, what do you see as the route to 205.251.192.163 from your kti? 14:37 <+catphish> well from my house, its a mess of routers who don't send TTL expired messages 14:37 <+catphish> i'll check my table 14:37 < Phil-Work> *kit 14:37 < Phil-Work> I see it as a /24 from AS 10297 via HE 14:37 < Phil-Work> I don't believe they should be advertising AWS's address space :S 14:38 <+catphish> i have 205.251.192.0/23 via "60899 39326 16509" and "60899 174 16509" 14:38 < Phil-Work> that's right 14:38 <+catphish> i don't see the /24 from HE 14:38 < Phil-Work> you peer with HE? 14:38 <+catphish> yes 14:38 < Phil-Work> interesting 14:38 < Phil-Work> 205.251.192.0/24 *[BGP/170] 01:32:54, localpref 70 14:38 < Phil-Work> AS path: 6939 10297 I, validation-state: unverified 14:38 < Phil-Work> that's all I've got 14:39 <+catphish> i don't see it on peering at all 14:42 < Phil-Work> catphish, odd 14:42 < mAniAk-_-> Phil-Work: i got the /23 only 14:43 <+catphish> ask HE i guess 14:43 < Phil-Work> I'm guessing this is something to do with the shitstorm that is AWS DNS at the moment 14:43 < Phil-Work> smells like a route leak 15:03 < Atro> What's the point in giving me a WAN link with an ip in a /21, then spamming me with Gratuitous ARP, but L3 connectivity works to hosts directly? 15:04 < Atro> Are you forcing all subnet traffic via default gw? 15:04 < Atro> Is this some shitty attempt to prevent subnet floods? 15:08 < mAniAk-_-> subnet floods? 15:09 < Atro> mAniAk-_-: like ARP poisoning 15:09 < Atro> ARP Poisoning a /21 with real customers would cause real damage 15:14 < mAniAk-_-> no, you more effective stuff to block that 15:16 < strixdio> Hey, I'm connected to a "filtered" network, but connected to my home network through VPN. There are some sites I cannot access (just keeps loading). resolv.conf is pointing to my dns, my vpn is definitely working. What could I be missing? 15:21 < luxio> If a website has a database, and it has multiple servers so it's not slow, how is it ensured that each server has the same database? 15:22 < Yamakaja> Hey everybody, i have a small question: With services like cloudflares 1.1.1.1, there seems to be some kind of system in place that allows 1.1.1.1 to be routed to many different devices depending on your physical location. How are such systems implemented? 15:22 < tds> Yamakaja: the term you want to google is "anycast" :) 15:22 < Yamakaja> I'll take a look at that! Thx 15:23 < ||cw> luxio: you either need replication, or more commonly a central database server. relational databases scale up more easily than they scale out. 15:24 < ||cw> luxio: often mixing application an db server workloads on the same system comes with a performance penalty anyway 15:24 < luxio> where can I read more about load balancing? 15:24 < Aeso> luxio, that's a _really_ hard question. If you find an easy answer distributed systems guys will pay you lots of money :) 15:24 < ||cw> luxio: you buy a load balancer 15:25 < ||cw> luxio: is there a performance issue you're trying to solve? 15:25 < luxio> no just curious 15:27 < ||cw> there isn't a simple answer to any of it, and db clustering and load balancing are very much not early in the things in you try. you have to have a very large workload to justify the costs, and you hire specialists to implement it. it takes years. 15:29 < infinmed> Wow, https://en.chinacache.com/ says that most sites in china fail to load in under 5s. What are so many people doing wrong!? Logiplex loads in just over 2 seconds from Hong Kong and it is located in New Jersey. Wtf 15:29 < infinmed> I never knew that. 15:29 < UncleDrax> infinmed: great firewall issues? (no idea.. just guessing) 15:29 < infinmed> Heh! 15:30 < ||cw> infinmed: unoptimized images, streaming html5 video banners, etc 15:30 < ||cw> I'm guessing the cache doens't consider it loaded until the video is complete 15:30 < infinmed> Well I have seen pages not load until a bunk ad loads and is finished. I think that is it. The unoptimized part is deffinitely part of it 15:30 < UncleDrax> oh so just major poor design choices. fair enough. I thought we left all that back in the 90s 15:30 < UncleDrax> and the web-2.0 'everything must be flash' 15:31 < infinmed> I wish microsoft silverlight had gotten more attention at this point. It seems like a much better alternative to flash 15:31 < UncleDrax> (now we just have people using 3MB gifs to say 6 words in teh form of a me-me. 15:31 < infinmed> I'm sure there are other competitors too. html5 already taking video users from flash to itself on youtube and the like 15:32 < ||cw> also placement of javascript and page formating choices can cause blocking operations. 15:33 < infinmed> Exactly. I feel like a lot of websites, especially the smaller ones, had a person with money and not much know how and they paid for it years in advance with little to do towards updates and maintaining it 15:33 < ||cw> infinmed: silverlight could have won easily if they had better linux support from the start. there's a fair amount of flash content that server generated on linux systems. 15:33 < infinmed> Maybe they modify news items via a cms or something that is outdated and borked 15:34 < infinmed> Yep. And flash, well they are like 'sure we will release libraries for android' or this and that, and then stop in the future 15:34 < infinmed> LoL I wonder what that business model is all about 15:35 < infinmed> Is Adobe Flash supported on Android? 15:35 < infinmed> Adobe Flash Player hasn't been supported on Android since version 11.1, so if you wish to view Flash content, you must use a third-party browser. Some websites may claim to offer an APK package that will install Flash on your device, but do not be fooled – these are often malware.Dec 9, 2016 15:35 < infinmed> LoL! 15:36 < luxio> I think it's for the better that Flash isn't supported on Android 15:36 < ||cw> a few years ago management hired someone to redo our site on a CMS, their first mock up had the full 10Mpixel source images img tag sized on the page. they said "huh, the images load fast for us" well yeah you're on the same LAN. 15:37 < ||cw> this wasn't some small company either 15:37 < infinmed> Yea 10MPixel is a little high, i'd try with half that and still think I was targetting the users I wanted to 15:38 < ||cw> well, you should resize the image to match the img tag size 15:40 < infinmed> imho primary images on even a desktop version of a site should be less than 1mibyte for business use. 15:41 < UncleDrax> the reality is the didn't even understand that it was a concern.. which immediate I'd find someone else. 15:41 < UncleDrax> if they were 'the mock up is unoptimized for internet', that'd be somethign else 15:42 < infinmed> Yea I mean I don't see what is wrong for serving a few renderings of the page either 15:42 < UncleDrax> (I might ask what they would do to optimize it.. just ot make sure they are not complete tools though) 15:42 < infinmed> Maybe at least a repository for larger versions of images 15:44 < ||cw> UncleDrax: I wish it was my choice. 15:44 < ||cw> I totally would have accepted "yes we'll optimize it when the design is final" 15:45 < UncleDrax> ||cw: fair enough.. but at least you can voice your conern, and be ready when the shit comes to you 'The network is down' [because the crapwebsite runs slow] 15:45 < ||cw> but instead I got confusion, so i checked every image (there weren't that many) when it went live and still found a few 15:46 < ||cw> it also came with a hosting contract that I later found out was pretty outrageously priced. like $60/month for a low volume hosted CMS 15:47 < ||cw> we ended up slurping the html, some minor fix-up to remove their CMS hooks, and self-hosting. luckily boss is smart enough to make sure he owned the design 16:02 < easy_ref123_> how can I find the MAC vendor prefix for Widget Corp? 16:02 < Sout> ah iee list them all 16:02 < UncleDrax> or use one of a billion 'MAC vendor lookup' websites 16:03 < Sout> http://standards-oui.ieee.org/oui.txt <-- really large text document. ^^ that to 16:03 < redrabbit> 'OUI lookup' 16:04 < Yamakaja> Mhm, are there any big hosting providers that offer anycast addresses in multiple of their locations? 16:04 < redrabbit> https://www.wireshark.org/tools/oui-lookup.html 16:04 < Yamakaja> I.e. provider advertising one of their address blocks as anycast and routing that to multiple of their locations and then selling the ips in that block to their customers 16:07 < tds> Yamakaja: you can do it pretty cheaply yourself for IPv6, v4 is going to be more difficult/expensive 16:07 < Yamakaja> tds Which blocksize is usually accepted by routers? (Like needing an /24) for most routers to accept your route 16:08 < Yamakaja> with ipv4* 16:08 < tds> yeah, /24 for v4, /48 for v6 16:08 < Yamakaja> What do ipv6 blocks go for? 16:08 <+catphish> go for? 16:08 < Yamakaja> Well, i'd assume they're being sold by the registrie 16:08 < Yamakaja> registries* 16:09 <+catphish> they're not 16:09 < tds> iirc vultr will let you announce /32s (v4) of their own space back to them, I don't know if they'll allow that with VMs in multiple locations though 16:09 <+catphish> they're worthless, like ipv4 was until it became scarce 16:09 < thothcastel_> cisco asa 5525-x error 504 remain - can anybody help? 16:09 < Yamakaja> catphish can i claim a block for free? 16:09 <+catphish> since they're essentially unlimited, it's hoped that they'll never need to be rationed or have any financial cost 16:10 <+catphish> Yamakaja: you should be able to, you'll need to be a member of a registry, else your ISP should give you some 16:10 < tds> you can get PI space from a registry (with a sponsoring LIR) pretty cheaply, various organisations lease PA space for next to nothing (or free) 16:10 < easy_ref123_> anybody have experience configuring dhcpd? 16:11 <+catphish> or yeah, you could get some PI via someone else who is a member of a registry, they will likely charge an admin fee for their time, but the IPs should be free 16:12 < UncleDrax> for IPv6, just get your own block if you are a business. talk to your regional issuer for pricing and rules 16:12 <+catphish> they really should be free, though there may be admin costs 16:12 < UncleDrax> but make sure your upstream can do it first.. most should.. but most is not 'all' 16:14 < tds> Yamakaja: also, if this is just for educational purposes/fun, you might want to look into dn42 as well 16:14 < Yamakaja> UncleDrax / catphish: I'm not a business, i'm a private individual playing with what would be possible without paying a fortune 16:14 < Yamakaja> tds it is ^^ 16:14 <+catphish> Yamakaja: as an individual you should be just getting them from an ISP 16:15 <+catphish> the whole point of IPv6 addressing is that ISPs have LOADS, they should be happy to just hand them out to customers 16:15 < ^7heo> that and "no more NAT" 16:16 < easy_ref123_> in dhcpd.conf can I do "match if a or b or c" inside of a class block? 16:18 < ^7heo> I feel like going for the "network classes are long dead, 1993 called to have them back." troll 16:18 < ^7heo> but it's too obvious you're not talking about network classes, so it's a little too forced a troll =/ 16:18 < ^7heo> And also we're not trollday. 16:19 < tds> Yamakaja: if you want to play around with doing anycast properly it's pretty cheap anyway (for ipv6 at least), various VPS providers have BGP support 16:20 < Yamakaja> I see. Looking at dn42 it seems to be just what i was looking for :D A free method to play around with the various internet routing methods 16:25 < mAniAk-_-> easy_ref123_: subclasses 16:29 <+catphish> easy_ref123_: we don't do classes, and i'm not totally ‎sure i understand anyway 16:32 <+catphish> easy_ref123_: ah, i understand now, seems like you want subclasses, i don't know how to use them though 16:35 < oo_miguel> Do some registries run public epp services? Or is there any other way to find out if a given domain is registered without going throug a registrar? 16:44 < fryguy> whois should be a good start 16:46 < oo_miguel> yeah I use whois and dns now, but read they are not always accurate 16:47 < oo_miguel> is epp reserved for registars only? 17:12 < djph> whois and DNS will be accurate to an entry to within 24 hours or so 17:26 < oo_miguel> ok good to know, still I wonder about my first question about "epp availability" 17:29 < mloza> Hi anyone familiar with brocade switches? I have L3 brocade switch. I configured it with DHCP server has a default route to the internet. When I plugin the client, the clients get an IP because doesn't reach the internet. 17:30 < mloza> but it doesn't reach the internet* 17:42 < alphaone> Hey guy, I'm having difficulty configuring some networking equipment 17:42 < alphaone> I have Unifi stuff that wants to be all on vlan=1, but a proxmox vm server that wants to be native 17:43 < alphaone> however, the kicker, the unifi controller is on the Proxmox Server in a VM 17:43 < alphaone> I'm having trouble getting the controller on the vlan=1 17:45 < alphaone> so, how do I allow the vm access to the vlan1 natively, and the vm server on vlan300 natively? 17:46 < Ruint> yo, looking to upgrade my home network since my isp provided adsl router is a crock of steaming dung 17:46 < Ruint> https://www.amazon.co.uk/NETGEAR-DM200-100EUS-High-Speed-Broadband-Modem/dp/B01GL3YPHI/ref=sr_1_1?ie=UTF8&qid=1524584385&sr=8-1&keywords=simple+adsl+router https://www.amazon.co.uk/Ubiquiti-Networks-UAP-AC-LITE-Access-Point/dp/B016K4GQVG/ref=sr_1_1?ie=UTF8&qid=1524583997&sr=8-1&keywords=ubiquiti+unifi 17:46 < Ruint> does this seem good? 17:47 < tds> alphaone: ah, so do you want proxmox's management on one VLAN, but VMs on other VLANs, effectively? 17:47 < Ruint> always wanted an ubiquiti access point, so pretty stuck on that, but finding an adsl modem that can supply power over ethernet would be absolutely golden 17:47 < alphaone> tds: yes! 17:48 < heller_> hey guys 17:48 < skyroveRR> Hi gal 17:48 < heller_> im setting up a debian as dhcp and router 17:48 < tds> alphaone: do you need VMs on VLAN 300 as well? 17:48 < system16> can i connect my calculator to the internet ? 17:48 < alphaone> tds: yes. 17:48 < skyroveRR> heller_: great! 17:49 < alphaone> tds: At the moment, I have the port going to the vm server marked as, native=300(server vlan), tagged=1,400,etc 17:49 < heller_> but what is going on, why does the client pc see router as 10.0.2.0, even if its 10.0.2.1 17:49 < tds> alphaone: ah, I've had issues trying to do that in the past, I ended up switching my hosts to openvswitch and then using an intport for the host's management interface 17:49 < tds> (then I just run all vlans tagged to hosts) 17:49 < alphaone> tds: I'm hoping to avoid openvswitch for the moment, I came across several articles mentioning it 17:50 < skyroveRR> heller_: which DHCP server are you using? dnsmasq or dhcpd? 17:50 < tds> alphaone: hmm, it might be worth asking in ##proxmox, I'm not sure if there's a nice solution with normal linux bridges 17:50 < heller_> dhcpd 17:50 < alphaone> tds: I'm not entirely sure what the problem is honestly 17:50 < skyroveRR> heller_: Paste its configuration, please 17:51 < heller_> https://pastebin.com/PFpdcpRQ 17:51 < tds> alphaone: if you have the bridge with "vlan capable" mode enabled or whatever, you might be able to create a vlan interface (eg vmbr0.300) for management, but I don't know if that will break connectivity to VMs on that VLAN 17:51 < alphaone> tds: native=300, set proxmox bridge to "vlan aware", then when I define a VM network interface, set the vlan id=1 17:51 < tds> ah, if you're OK with running an untagged/native vlan to the host, then it should be possible like that 17:52 < tds> just keep in mind any VMs on vlan 300 (since I guess you won't specify a tag for them) will be able to add tags and will effectively have access to a trunk port 17:54 < system16> srsl can i ? 17:55 < system16> its not a strange thing because even toilets can connect to the internet these days 17:55 < heller_> skyroveRR: https://ibb.co/ksiJJc and this is what client gets 17:55 < heller_> DHCP server 10.0.2.0 ? 17:56 < skyroveRR> What does tcpdump show? 17:56 < heller_> client or server? 17:57 < skyroveRR> The client. 17:57 < heller_> its a windows client 17:57 < heller_> i dont have tcpdump 17:57 < heller_> and cant install because no internet :p 17:57 < skyroveRR> Sorry, the server. 17:59 < heller_> im listening on the eth1, which is for LAN 17:59 < heller_> https://pastebin.com/5defRQjh this is what i get when i run /renew on windows client 18:00 < skyroveRR> Release and then renew. 18:01 < heller_> https://pastebin.com/Rz2wEDtA 18:01 < heller_> little bit different 18:02 < skyroveRR> Stuff isn't adding up :( 18:03 < heller_> i dont get it, that why does the windows claim dhcp server being .0 18:03 < heller_> ill check out more after im done eating 18:03 < heller_> thanks anyway skyroveRR 18:09 < Ruint> so, any advice on an adsl modem to pair with a good microtik or ubiquiti AP? looking for install + forget, since i will probably replicate my setup at work where we hve truly awful guest wifi 18:12 < ||cw> Ruint: an AP is an AP, the modem/router doens't matter. that's the whole point. 18:13 < E1ephant> get the turbo model 18:13 < E1ephant> for extra boost 18:17 < ||cw> but if you want a proper guest wifi you need a router that supports that 18:17 < ||cw> the modem has nothing to do with it 18:21 < Phil-Work> catphish, the plot thickens 18:21 < Phil-Work> route leak was part of a DNS hijack of MyEtherWallet.com, from which $18m has been stolen 18:21 < Phil-Work> it didn't seem coincidental that those particular routes were leaked 18:22 < E1ephant> O_O 18:24 < skyroveRR> Heya E1ephant 18:24 < E1ephant> howdy! 18:26 < marshall9779> Im having trouble finding a cctv server on my network.. Whats a way i could find it? 18:27 < marshall9779> Im having trouble finding a cctv server on my network.. Whats a way i could find it? 18:27 < E1ephant> nmap? 18:29 < nicomachus> hi guys. I can't seem to get an ssh connection to go through to my rpi. hostname and IP are correct, it's online (according to the router web portal), and it worked yesterday.... but I'm getting connection timeouts anytime I try 18:30 < skyroveRR> nicomachus: can you ping your rpi? 18:32 < nicomachus> skyroveRR: I can ping the network IP, can I ping a single host on the network? 18:33 < grawity> pinging the network IP doesn't generally make sense 18:34 < nicomachus> grawity: maybe I'm wording that poorly. how can I ping the specific device on the network instead of just the network address? 18:35 < nicomachus> just host@ip? 18:35 < ||cw> nicomachus: you can ping the pi? has it rebooted? a router can only know if the port is active, not if the OS is actually responding 18:35 < grawity> nicomachus: wat? 18:35 < skyroveRR> nicomachus: no, just the IP. ping 18:35 < nicomachus> skyroveRR: well that works. 18:35 < skyroveRR> Ok. 18:35 < skyroveRR> Well, did you bind 22 globally on your SSH server? 18:36 < nicomachus> it's a large range of ping times though. 70-433ms 18:36 < ||cw> you'll need to check the console 18:36 < skyroveRR> 22 as in, port 22. 18:36 < ||cw> also, is it wired or wifi? 18:36 < skyroveRR> nicomachus: ^ 18:36 < nicomachus> skyroveRR: no I have it on a different port, but it is set up on that port. 18:36 < nicomachus> ||cw: wired. 18:36 < skyroveRR> nicomachus: what IP is it binded to? 18:36 < ||cw> well, check console.sounds like it's crashed 18:36 < nicomachus> it worked yesterday and I didn't do anything besides a reboot, which is why I don't know why it's not working. 18:38 < nicomachus> ||cw: I don't have physical access atm, so I may have to wait until I get home tonight and diagnose I suppose. 18:39 < ||cw> stuff works until it don't :( 18:39 < nicomachus> firefox kept crashing on it everytime I tried to open it yesterday, which is what I wanted to diagnose while at work today. but if I can't reach it... 18:39 <+catphish> is there some mail client that sends replies containing just the word "UNSUBSCRIBE" when you press a button? We get these sometimes, seems very rude 18:40 < nicomachus> catphish: could be one of the smart replies in Gmail now 18:40 <+catphish> why not at least generate some friendly wording 18:44 < nicomachus> catphish: who knows. could also be someone just not seeing an unsubscribe button and just hoping you get the message. lol 18:44 < ||cw> catphish: look at the mail headers 18:44 <+catphish> nicomachus: it's not something they can unsubscribe from so it makes no sense 18:45 <+catphish> we sent out bulk emails updating our terms and conditions today, got at least 3 responses like this 18:45 < nicomachus> ||cw's got the right idea. 18:45 < ||cw> catphish: so respond and say so. if they don't want the email, they can delete their account. 18:46 <+catphish> ||cw: that's exactly what they all got 18:46 <+catphish> but it just seems really rude 18:46 < ||cw> but, most mail clients stamp the headers, so check there is you're curious 18:46 <+catphish> that's a good point! 18:46 <+catphish> i'll check 18:46 <+catphish> didn't think of that 18:46 < ||cw> man you have no idea. I get so much shit email, politeness is gone on that platform 18:48 < ||cw> the number of people that get their email address wrong is mind boggling. I'm now on 2 little league lists that are just a giant to: field of emails and there's no way off it 18:50 < redrabbit> i get a ton of garbage like that. my gmail address is quite short as i was an early adopter 18:50 < ||cw> me too. 6 chars 18:50 < compdoc> ^ risk taker 18:51 < redrabbit> same 18:51 < ||cw> seems to have increased a lot in the last 2-3 years though 18:53 < redrabbit> been using it since february 2006 18:54 < redrabbit> it never decreased 18:54 < redrabbit> there is somethun 18:55 < redrabbit> there is something like 5 fb accounts and 3 twitters 18:55 < heller_> oh debian whats wrong with you 18:55 < redrabbit> none are mine of course 18:57 < redrabbit> assurances, car salesmans, pet registration, basketball team, 18:57 < redrabbit> all that crap because other people us 18:58 < UncleDrax> I found having a more verbose email address is useful for not getting on lists by legitimate typo 18:58 < redrabbit> e my address. fuck this return key is way sensitive 18:58 < UncleDrax> also makes ppl really _want_ to email you 18:59 < redrabbit> mine is a common abbreviation for my name and two numbers 19:00 < redrabbit> never had to repeat it 19:04 < sammyg> should the server ip for vpn be the same as the ip of gateway? i want to setup vpn on my router 19:05 < sammyg> if gateway is 192.168.1.1 should the vpn server ip be 192.168.1.1 as well? 19:07 < compdoc> is 192.168.1.1 a vpn server? 19:08 < sammyg> no 19:08 < compdoc> you want to connect to a local address? 19:08 < compdoc> probably the remote address 19:08 < sammyg> i want to vpn to my home 19:08 < sammyg> home lan 19:09 < compdoc> do you know the current ip of home? 19:09 < sammyg> the wan ip? yes i know 19:10 < redrabbit> id use some kind of dyn dns 19:10 < compdoc> your firewall/nat either has to support vpns, or port forward to a machine that does 19:10 < heller_> skyroveRR: guess what was the fault 19:10 < heller_> i configured my eth1 to be 10.0.2.0... 19:10 < compdoc> * your home firewall/nat 19:10 < sammyg> it does support vpn server and client 19:10 < heller_> eth0 is for WAN and eth1 is for LAN 19:10 < Maarten> that's the IP you connect to to create a VPN tunnel. As far as what is reachable inside your network, it depends on the routes yu have added to the VPN. (Note that if your home network is 192.168.1.1 and the internal network you are connecting from is 192.168.1.1, you may not be able to connect to some resources.....) 19:10 < Flax\> Hi everyone, I have a modem router and activated ssh keys access, but key par generated from my computer just do not work, and I get "Access denied (Publickey)" message. How can I reocover access? 19:10 < compdoc> then should be no problems 19:11 < skyroveRR> heller_: heh 19:11 < heller_> it works now 19:11 < heller_> thanks, eh.. 19:12 < redrabbit> Flax\: thanks for the lols 19:12 < skyroveRR> heller_: thanks 19:12 < sammyg> so if the router ip is 192.168.1.1 then the vpn server ip can be the same? i don't need to use a high number like 192.168.1.100 to avoid conflicting ip? 19:13 < redrabbit> no 19:13 < Flax\> redrabbit: So you have no idea wise guy uh? 19:14 < sammyg> ok 19:14 < redrabbit> Flax\: you disabled pw auth? 19:14 < Flax\> redrabbit: Access mode seems to be mutually exclusive 19:15 < Sout> ah how did you generate the ssh keys? aka are you using putty? 19:15 < redrabbit> doesnt answer my question 19:16 < Maarten> sammyg, it depends. If your router is ALSO the VPN server, then that is what you will have as your route internally for your VPN tunnel.... typically VPN exists on a separate network from your existing home network so you don't mix and match, but you can obviously create routes to make everything reachable. E.g. your VPN addreses are 192.168.133.x, where 133 could be your all time favorite number between 2 and 254, and you have a route to the .1 19:16 < Maarten> network. I'm not a networking expert though, so I could have that slightly wrong. 19:16 < Flax\> SOut: ssh-keygen 19:17 < sammyg> ok 19:17 < Flax\> redrabbit: I did not explicitly disabled pwd login, yet if I try to ssh as usual, still get the PublicKey error 19:20 < Sout> so assuming your authorised key is the on the box. (ie in the authorized_keys for openssh). try ssh -i ~/path/to/your/private_key host just incase openssh is using a different private key 19:21 < redrabbit> remove the keys try pure pw login 19:22 < Flax\> redrabbit: Do you mean keys within client? 19:22 < redrabbit> yes 19:26 < Flax\> redrabbit: I removed them from .ssh folder aswell as known_hosts. And after getting the device's foot print still getting the publickey error 19:29 < heller_> hmm guys 19:29 < compdoc> hmm gals 19:29 < heller_> trying to setup openvpn, but where is my openvpn config files? 19:29 < heller_> /etc/openvpn only has update-resolv.conf 19:30 < tds> heller_: you want to add your config files in that directory 19:30 < tds> openvpn can run multiple servers and clients simultaneously, so you can put multiple files in there if you want 19:31 < heller_> but i'd like to have something to start with 19:31 < alphaone> damn it zap 19:31 < tds> heller_: you probably want to look in /usr/share/doc/openvpn/examples/sample-config-files/ 19:32 < sammyg> i have dd-wrt... but i have a question here, my build is v24sp2 build 23320 19:33 < sammyg> it's dated 01/10/14 19:33 < sammyg> when i look on dd-wrt website, i find a beta v24 build 21061 19:33 < sammyg> dated 2017-09-07 19:34 < sammyg> if i get this newer build, am i upgrading or downgrading? i don't get these numbers 19:37 < UncleDrax> I would presume it's an older code release, just built more recently. 19:38 < Maarten> sammyg, dd-wrt is hopelessly outdated. Its still being maintained for some router models, but you would do better to upgrade to a different router model. ASUS makes really good ones if you are on a budget, and they have a custom firmware named "Merlin" that is pretty good. I'm no fan of anything Linksys these days to be honest. The last "good" Linksys were them old WRT54G routers! Hopelessly obsolete of course now, but still good. 19:39 < sammyg> why would someone do that? and why call it "beta"? with this logic, my current build is newer and it's not beta 19:40 < Maarten> sammyg, dd-wrt is maintained by volunteers. Hell, there have been linux projects that started in the 1990s, and STILL have a v0.xx version scheme with "beta" in the name 20 years later :P 19:41 < Flax\> ls 19:41 < sammyg> Maarten, yeah probably need a new router, but this one still serves me well 19:41 < Maarten> all good :) 19:41 < sammyg> it's 10 year old d-link :p 19:41 < tds> it might be worth looking into openwrt/lede as well :) 19:41 < Maarten> d-link..... *brrr* :D 19:42 < sammyg> hehe i picked this one specifically because it was on the dd-wrt support list, and i could not have made a better decision back then 19:42 < sammyg> i mean the hardware was top notch, but the firmware was total crap 19:43 < sammyg> kept dropping connections and rebooting like crazy 19:44 < sammyg> i replaced it at retail store, got a new one, the same problem with that one, then i got a new one from the same store chain but different store, same problem 19:45 < heller_> tds: thanks 19:45 < nicomachus> fixed the rpi 19:45 < nicomachus> the rpi couldn't reach anything outside the network because THE BLUETOOTH WAS ON 19:45 < nicomachus> yea. 19:45 < UncleDrax> running IP on the BT? 19:46 < sammyg> then i got a new one from dlink support, same problem, then i got yet another model from dlink european headquarter in england, guess what? same problem :p 19:46 < UncleDrax> or just something weird like 'not enough power to run both at the same time' 19:46 < nicomachus> no, I think it just doesn't have enough power to run bt and etho at the same time 19:46 < nicomachus> yea ^ 19:46 < sammyg> then i got tired of it and installed dd-wrt on it, and guess what? all symptoms of sickness gone! :p 19:48 < sammyg> it's been ticking for 10 years now, no major problems, almost no downtime, i usually have to reboot it maybe once in 3 to 6 months due to troubleshooting or power loss 19:48 < sammyg> when troubleshooting it usually truns out that the computer was the problem, or most often my isp, not the router 19:51 < sammyg> but it looks like i should be able to install openwrt on it now, it was not available back then 19:51 < sammyg> is openwrt better maintained than dd-wrt? 19:54 < sammyg> Maarten, according to this one tutorial im following the local router ip should be separate from the vpn server, like 192.168.54.1 to avoid conflicts 19:54 < Maarten> sammyg, they are very likely correct :) 20:09 <+catphish> Phil-Work: bit of a mystery why we saw different versions of those routes 20:10 < Flax\> clear 20:11 <+catphish> Phil-Work: i can't find a technical explanation of all this 20:17 < heller_> hnnngh 20:17 < heller_> why is setting up a openvpn client so pain 20:20 < detha> catphish: was this around the time R53 was being hijacked? 20:30 <+catphish> detha: was it r53 related? i didnt really get the link 20:33 < detha> catphish: did it involve AS10297 ? https://doublepulsar.com/hijack-of-amazons-internet-domain-service-used-to-reroute-web-traffic-for-two-hours-unnoticed-3a6f0dda6a6f 20:37 <+catphish> detha: must be related 20:38 <+catphish> yep, MyEtherWallet.com was the target 20:38 <+catphish> can people please stop leaving their BGP routers unsecured 20:39 * mfreitag wishes providers would correctly implement BCP38 20:39 < mfreitag> ¯\_(ツ)_/¯ 20:39 <+catphish> i'm in 2 minds about BCP38, on the one hand, my source address is none of my ISPs business, but on the other hand, there really is a lot of abuse :( 20:40 < mfreitag> I'd argue there's so much abuse that for public security providers should implement BCP38 20:41 <+catphish> i'm mostly of that opinion too, but it's annoying when my own traffic gets blocked 20:41 < detha> There is a lot more abuse than legit use. 20:41 <+catphish> indeed :( 20:41 < mfreitag> also my source address block is pretty static 20:41 < mfreitag> a single /16 and a single /23 20:42 < mfreitag> and out of my whole /16 I basically have a /18 assigned to my LaBrea tarpit 20:42 < mfreitag> just because I'm not using it 20:43 < v0lZy> Hi everyone 20:43 < v0lZy> quick question for you networking gurus 20:43 <+catphish> you have a lot of IPs :) 20:43 < v0lZy> is there such a concept as NAT (changing IP address) for VLAN tags? 20:44 <+catphish> v0lZy: well you can certainly rewrite tags if that's what you mean, yes 20:44 <+catphish> VLAN1 on one trunk might map to VLAN20 on another trunk 20:44 <+catphish> it's messy but i'm sure it's done 20:44 < detha> if that is a good idea is another question. Route, or make it one vlan 20:44 < v0lZy> catphish: I'm just trying to figure out how say a datacenter that provides VLANs so that it can deploy servers in different racks gets by with the 4096 vlans.. 20:45 < v0lZy> I know of vxlan and how that works to overcam that number 20:45 <+catphish> v0lZy: VLANs don't have to be network-wide, they might only exist on that one switch 20:45 < detha> v0lZy: QinQ as well 20:45 < UncleDrax> tripple tag or gtfo ;] 20:45 <+catphish> v0lZy: simply, you might have 4094 VLANs on switch A, and another 4096 (different) VLANs on switch B 20:46 < v0lZy> catphish: Well, they would come together at the router 20:46 < v0lZy> but if you want to have one vlan per customer and have more than 4094 customers... 20:46 <+catphish> no, a data centre would likely use layer3 switches (ie every switch has its own router) 20:46 < UncleDrax> v0lZy: there is VLAN remapping 20:46 <+catphish> v0lZy: as long as those customers don't span more than one switch, you can reuse their VLAN nubmer elsewhere 20:46 < UncleDrax> if that is sorta the orginal question 20:47 <+catphish> v0lZy: i can use the same VLAN on my network as you use on yours, they're not globally unique 20:47 <+catphish> v0lZy: there's no reason why you can't reuse them, as long as it's on a different router 20:47 < v0lZy> catphish: well imagine the situation where you have 1000s of servers and customers that all grow and add more servers... but you fill rack space on a first come first serve basis 20:47 < UncleDrax> if you're doing it strictly with VLANs, you just stack tags. 20:48 < v0lZy> catphish: in that situation, you are trying to meet demands of providing a LAN for your customers, no matter which rack the server is deployed to, so that you can preserve gateway IP configuration 20:48 <+catphish> v0lZy: when you get that big, you want to look at more complicated technologies, not just a flat VLAN topology 20:48 < v0lZy> catphish: yeah, i know, im just wondering what. 20:48 < v0lZy> catphish: not that im that big, just have servers in such a big datacenter... and they dont really offer this, and im trying to figure out why 20:48 <+catphish> v0lZy: i don't know for sure, i'd look at MPLS maybe, or pseudowires 20:49 < Celmor> how is dns server configured again? some file in /etc 20:49 < UncleDrax> ^ label all the things 20:49 < v0lZy> they basically dont allow to port an IP from one rack to another, because they would have to rewrite routing tables on all upstream next hops 20:49 < Celmor> can't google since I can't connect to google... 20:49 < v0lZy> catphish: /etc/resolve.conf for dns servers 20:49 < v0lZy> erm.. I mean Celmor 20:49 <+catphish> i'd suggest modern switches can probably used labels for anything outside of a single switch, definitely look at labels and MPLS 20:49 < UncleDrax> Celmor: by default on *nix it's /etc/resolv but many distros dink with it if you run masq or whatever ubuntu does today 20:50 <+catphish> v0lZy: basically, every port has a label instead of a vlan number 20:50 < v0lZy> catphish: are labels arbitrary? in a sense that you can say, ok, port 21, add lavel "customername" and send it out to port 22 to another switch, which then sees "customername" and forwards to correct port and so on? 20:51 <+catphish> v0lZy: yes 20:51 < v0lZy> I see 20:51 < v0lZy> Thanks 20:51 < UncleDrax> v0lZy: the labels are usually set by the devince and not explicitly defined. 20:51 <+catphish> i believe that's what MPLS does, though i've not used it, so not cerain 20:51 < UncleDrax> *in mpls 20:51 < v0lZy> ditto 20:51 < UncleDrax> you then run things like LDP (label discovery protocol) so your topography can learnt 20:51 <+catphish> but i think you can just assign an arbitrary string to packets that come from a port, then define rules for where those go 20:52 < Celmor> UncleDrax, I know, that's why I originnaly made it immutable via chattr +i 20:52 < v0lZy> ok 20:52 < v0lZy> but omitting things like MPLS 20:53 < Celmor> v0lZy, thanks 20:53 <+catphish> don't omit mpls 20:53 < v0lZy> id imagine theres a NAT equivalent so that you can hide tags and reuse them downstream... although at the very top of the tree that would still only be 2042 tags... 20:53 <+catphish> like i said, you can rewrite them 20:53 < v0lZy> well even if you do 20:53 <+catphish> or you can QinQ 20:54 < UncleDrax> stack all the tags|labels 20:54 <+catphish> so you one tag that identifies the port, then another that identifies the switch 20:54 <+catphish> stack all the things 20:54 < UncleDrax> like Russian Dolls. 20:54 <+catphish> or russian hookers 20:55 < v0lZy> stacked russian hookers, lol 20:55 < UncleDrax> .. if your cumulative L2-4 headers aren't bigger then your payload, you may not doing it correctly 20:55 < UncleDrax> .. wow.. I am missing a lot of words today 20:55 < v0lZy> I think ill need to read up on this stuff 20:56 < v0lZy> never really had to work with a huge number of vlans 20:56 < v0lZy> though using openvswitch on my kvm and separating some stuff, i can see how this is something that you get into if you virtualize stuff 20:57 < v0lZy> and what is 4094 vms these days... barely a botnet :D 20:57 < UncleDrax> doing 4096*4096 vlans sounds like operational suicide. you'll want to look at something more robust then just stacking VLANs for a buildout at that scale 20:58 <+catphish> once you have 4096 customers, you can pay someone else to worry about it :) 20:58 < UncleDrax> hopefully 20:59 < v0lZy> Ehehe, im just theorizing 21:00 < v0lZy> but today, you get customers who have their own customers 21:00 < v0lZy> and want to run multiple vlans etc 21:00 < v0lZy> which ok, QinQ.. 21:01 < ||cw> vxlan is probably more what you want anyway 21:02 < v0lZy> yeah 21:02 < v0lZy> though I wonder why the DC doesnt implement it 21:03 < v0lZy> the way I see it, they could setup VXLAN capable switches in each rack 21:03 < UncleDrax> probably $ and/or time 21:03 < v0lZy> but surely VXLAN doesnt cost that much ... openvswitch 21:03 < UncleDrax> they already running that? 21:04 < v0lZy> yeah 21:04 < v0lZy> oh 21:04 < v0lZy> you mean 21:04 < v0lZy> openvswitch 21:04 < v0lZy> I dont know 21:04 < v0lZy> I just imagine that it doesnt cost much to throw in something that does vxlan into each rack 21:04 <+catphish> ultimately, you might end up wanted some more bespoke SDN these days 21:04 < v0lZy> or at least on demand. 21:05 < UncleDrax> ya so if they aren't running it today, they have to forklift. that's $ & Time 21:05 < v0lZy> UncleDrax: I'd just throw in vxlan capable hardware whenever a customer demanded it, and charge them for it 21:06 < v0lZy> essentially, customers currently have to rack their hardware together at this dc 21:06 < v0lZy> and get a physical switch 21:06 < v0lZy> so instead of doing that 21:06 < UncleDrax> so now they will be operating 2 networks. that's no fun either 21:06 < v0lZy> make them pay for that switch, but put in sometihng vxlan capable 21:06 < UncleDrax> also customers will complain about it ;] 21:06 < v0lZy> probably 21:06 < UncleDrax> because customers complain about everything. 21:07 < UncleDrax> I say that as a customer of others too ofc. 21:08 < xamithan> How would a supercomputer be virtualized 21:09 < UncleDrax> the same way you'd build one in the first place. 21:09 < xamithan> I'm just curious what kind of software handles 25,000 CPUs or more 21:10 < UncleDrax> ask the people that run all the Cloud stuff. there's not much practical difference between a 'super computer' running x86 and a Cloud provider. 21:10 < UncleDrax> 'i have a buncha computer and storage that all needs to talk to one another'.. so now it's just whose room is it being run in? 21:11 < ||cw> supercomputers these days are more like tightly integrated clusters than single systems, and you use programing techniques very similar to clusters. 21:11 < ||cw> UncleDrax: uh, yes there is. 21:11 < v0lZy> ok guys, have to run 21:11 < v0lZy> UncleDrax: eheh :D 21:11 < ||cw> cloud clusters only really share storage. super computer share ram and devices 21:12 < v0lZy> thanks for the info guys 21:12 < v0lZy> talk laters 21:12 < v0lZy> bye 21:12 < xamithan> Its for a job I applied to, Guess I'll find out if I get an interview with the tech staff 21:13 < UncleDrax> ok fair enough.. guess it's 'One large workload I need to divvy between HW' vs 'multiple discrete workloads that can share the whole enviroment'. reasonable point. I'm not a HPC guy, but I did stay at a Holiday Inn Express last night 21:14 < UncleDrax> but I mean Mainframes were virtual-machines before virtual-machines were a thing. 21:14 < UncleDrax> but I supppose that's more in the time-slice perspective 21:14 < UncleDrax> i'm rambling, I should find stop putting off this work. 21:15 < xamithan> Yes, back to work 21:16 < ||cw> Mainframe VMs were more like containers, but yeah 21:20 < bgsteiner> ok legit used draw.io to make a network diagram for a theme park wtf am i doing 21:20 < ||cw> why's that a bad thing? 21:21 < bgsteiner> no i just never thought thats would ever be a use for it on my end 21:22 < ||cw> I did mine in dia back in the day 21:23 < bgsteiner> Its mainly odd for me but i never thought i would be working on a universal themepark either 21:44 < Phil-Work> catphish, are you a HE transit customer or do you peer with them on IX? 21:45 <+catphish> Phil-Work: i peer with them at LINX, i also accept their full ipv6 table there 21:45 < Phil-Work> right 21:45 < Phil-Work> they seem to only send routes they learned via other IXs to transit customers 21:46 < Phil-Work> apparent this came from route servers at Equinix Chicago which clearly don't have any filtering 21:46 < Phil-Work> *apparently 21:47 < tds> I think I saw something saying the route servers did filtering, which suggested it must have been a direct session with HE? 21:47 <+catphish> Phil-Work: that is indeed how it works, as a peer i should really only see routes from their direct customers 21:47 < Phil-Work> yeh 21:47 <+catphish> if you take a full table, you'd see stuff they learn everywhere 21:47 < Phil-Work> explains why we saw the leaked routes and you didn't 21:47 <+catphish> so HE are failing to filter properly, both my transit providers did filter it properly 21:48 <+catphish> honestly, HE are not doing a good job lately 21:49 < Phil-Work> HE are clearly failing to filter properly, but there's no guarantees that your other providers peer at Equinix Chicago 21:49 < Phil-Work> or, if they do, whether they'd carry the routes to the UK for you 21:49 <+catphish> if they did, and they saw a valid /24, they'd use it 21:50 < Phil-Work> though HE have pointed out that Google must have learned the route via another means 21:50 < Phil-Work> so Google don't filter properly either 21:51 <+catphish> well i can't complain, i don't filter IX routes 21:52 <+catphish> though LINX does now at least on their route servers 21:52 < Phil-Work> likewise 21:52 < Phil-Work> yeh, I'm somewhat trusting of LINX to do it for me 21:52 < Phil-Work> used to get all manner of shit leaked across LINX before they implemented filtering a year or so ago 21:55 < detha> Phil-Work: while that hijack was going on, what happened to DNS requests to your nameservers? 21:55 < Phil-Work> detha, nothing, as far as I saw 21:56 < detha> resolved normally? 21:56 < Phil-Work> traceroute stopped somewhere inside the network of the AS who was leaking the routes 21:56 < Phil-Work> no - didn't reach a valid NS 21:56 < detha> ah. one more piece of the puzzle - they were only answering to things they were interested in 21:57 < Phil-Work> yeh 21:57 < Phil-Work> gotta wonder if it was just that crypto site or whether there were others 21:58 < detha> Yeah, people are starting to wonder if the crypto-site was just a smokescreen 21:58 < Phil-Work> the self signed ssl certificate on that puzzled me a bit 21:59 < Phil-Work> if you control DNS, then lets encrypt will give you a legit certificate 22:00 < detha> Yup. But maybe they didn't think it would last this long. Or they didn't want to draw attention to that fact. 22:00 < detha> 22:00 < Phil-Work> I blamed Putin 22:01 < tds> I'd be interested to know if they modified irr data beforehand, or just relied on sessions being unfiltered 22:01 < Phil-Work> then saw the self signed certificate and decided it probably wasn't him 22:02 < Phil-Work> tds, unfiltered route servers apparently 22:02 <+catphish> i experienced some serious assholery on facebook today https://i.imgur.com/cFbTzGF.png 22:03 < SporkWitch> catphish: wouldn't the bigger news be NOT seeing it? 22:04 < detha> facebook? you're giving your age away ;) 22:04 <+catphish> i see a lot i guess, but usually it's not so personal 22:04 < Apachez> any of you who have seen ddos where tcp is being used and SPEC or SPC as flagcombo? 22:05 < Quatermass> poor as roma 22:07 < hweaving> Stupid question 22:07 < hweaving> When my program does a IPV6_JOIN_GROUP for multicast, I see two identical ICMPv6 multicast listener report packets 22:08 < hweaving> Are two packets just sent for reliability, or is there something else going on here? 22:08 < hweaving> The same thing happens when leaving the group 22:10 < hweaving> My program has bound to a single interface before joining the group, if that makes a difference. 22:11 < AlexPortable> is it possible to somehow do wifi shaping? 22:11 < AlexPortable> and get wifi only inside the house 22:12 < SporkWitch> foil-lined walls 22:13 < AlexPortable> that's rather ugly 22:13 < AlexPortable> won't that just reflect the signal in a bad way? 22:13 < AlexPortable> or maybe reduce the range? 22:14 <+xand> why 22:15 < AlexPortable> no idea 22:15 < AlexPortable> hmm, that should also make the house better for wifi interference of neighbours no? 22:15 < AlexPortable> since there are like 30 networks here in my list 22:16 < redrabbit> ethernet cables 22:16 < AlexPortable> ethernet cables to phones? 22:16 < tds> you can do it with a USB NIC and a micro USB OTG adapter ;) 22:16 < redrabbit> yep 22:16 < SporkWitch> AlexPortable: it's a radio signal, you're always going to have leakage no matter how directional your antenna, and the power required for optimal performance is also enough for passable performance nearby 22:17 < Maarten> there are ethernet adapters for both iPhones and Androids. ;) 22:17 < AlexPortable> that's a bit tedious tds 22:17 < SporkWitch> AlexPortable: your goal is a lost cause; use WPA2 and a strong passphrase 22:17 < AlexPortable> it's not about security 22:17 < AlexPortable> more about reducing interference with neighbours (and also prevent them from interfering with my network) 22:18 < SporkWitch> operate on a channel far away from what the neighbours are using 22:18 < AlexPortable> everything is full 22:18 < AlexPortable> can't switch to 5 GHz because of some devices 22:18 < Maarten> AlexPortable, there is another solution. Move out to the country with no neighbors for at least 1km in any direction. You will almost guaranteed be the only SSID you will see, with the occasional exception of a wifi enabled car that drives by. 22:18 < redrabbit> use 5ghz 22:18 < SporkWitch> your router only supports one at a time? O.o 22:18 < AlexPortable> no my devices only support 2.4 22:18 < Maarten> you can use 2.4 Ghz and 5Ghz at the same time. My house is about 50/50-ish. 22:18 < SporkWitch> use 5 for anything that can 22:19 < WishBoy> https://www.youtube.com/watch?v=F1I-nHfXmQI 22:19 < AlexPortable> how about channel width on 2.4? 20 or 40 mhz? 22:19 < WishBoy> bf machine. 22:19 < Maarten> AlexPortable, are all your devices pre-2012 or something? 22:19 < SporkWitch> .t 22:19 < redrabbit> you don't switch, you use both 22:19 < Maarten> yep you use both. I have devices that jump between the two depending on distance to one of my AP's. 22:20 < SporkWitch> Maarten: you'd be surprised how many modern things don't support 5GHz. The radios in the current generation of game consoles are impressively bad 22:20 < S_SubZero> if you're using wireless with a gaming anything.. sigh.. 22:20 < Maarten> SporkWitch, yeah I have a bunch of iOT's that are 2.4 Ghz only, but they also are very low in traffic so it doesn't matter. (Think thermostat, sprinkler timer etc) 22:20 < tds> if the main reason for wanting wifi is phones/laptops, I'd expect those to support 5ghz these days 22:20 < SporkWitch> S_SubZero: don't always have a choice; not everyone has ports on their walls 22:21 < SporkWitch> i literally have a cable running along the stairs from the router to my ps4... 22:21 < Harlock> just get .11ac stuff 22:21 < Harlock> then you know it is 5ghz 22:21 < redrabbit> heh ac has a low ping 22:21 < Maarten> SporkWitch, but cables can always be ran! Sometimes it requires a lot of dry-wall holes and repatches, plus painting it over.... but its not impossible :P 22:21 < S_SubZero> SporkWitch: make such a port appear! I did! 22:22 < SporkWitch> S_SubZero: must be nice to own your own house; most of the population can't afford that in the US these days 22:22 < SporkWitch> hell, most of the last couple generations has simply accepted the fact we will never own our own homes 22:23 < tds> making ports appear sounds easier than making an entire flat into a faraday cage, though 22:24 < SporkWitch> tds: i didn't suggest that seriously, i suggested it as the only real way to do what he seemed to be asking 22:24 <+catphish> i get pretty sucky range with 5g in my house, mostly use 2.4 unless im in the room with the AP 22:26 < AlexPortable> how about channel width on 2.4? 20 or 40 mhz? 22:27 < Harlock> if you use the same channel as someone you do time sharing instead of interference 22:27 < AlexPortable> oh 22:27 < hweaving> Answering my question with a reply from #ipv6, it appears duplicate ICMPv6 membership reports are likely due to reliability as suggested by RFC 2710 page 5 etc. 22:31 <+catphish> AlexPortable: i always suggest 20, usually the lack of interference trumps the extra bandwidth 22:31 < AlexPortable> and on 5 ghz to 40 ? 22:31 < Harlock> if you want to get better speed pick a channel few or no one is using and talk louder than everyone else 22:31 <+catphish> AlexPortable: i just go with whatever the lowest is 22:32 < AlexPortable> uh 22:32 <+catphish> i thought it was always 20 22:32 <+catphish> but YMMV 22:32 < AlexPortable> And what's 802.11a ? 22:32 < AlexPortable> I can only find information about 802.11AC 22:33 < Harlock> 11a is old 22:33 < Harlock> 54mbps on 5ghz iirc 22:34 < AlexPortable> ah yes 22:34 < AlexPortable> b -> a -> g -> n 22:34 <+catphish> 11a is an old 5GHz standard, rarely used afaik 22:35 <+catphish> g was much more popular for some reason 22:35 <+catphish> i guess it was cheaper to stick with one band 22:36 < AlexPortable> Whew 5 GHz range is really bad 22:36 < AlexPortable> can't even receive it after setting it up 22:37 < djph> in ideal conditions, it'll attenuate roughly twice as fast as 2.4 GHz with the same settings. 22:38 <+catphish> i find it to be sucky through the thick walls of my old house, 2.4GHz seems much less impacted 22:38 <+catphish> though it's far superior at short range 22:41 < AlexPortable> Getting around 100 Mbps on 5 GHz 22:41 < AlexPortable> Is that any good? 22:41 <+catphish> about average :) 22:41 <+catphish> i get roughly the same 22:41 < Lope> I'm trying to do this and I'm getting a message "We have an error talking to the kernel": `tc filter add dev ppp0 parent 1:0 protocol ip prio 10 u32 match ip tos 0x10 0xff flowid 1:10` 22:42 < Lope> Ubuntu 16.04 22:42 < Lope> ipv6 is disabled on this computer, if that makes any diff. 22:43 < Maarten> AlexPortable, It depends on where I am in the house, but I can get 500 Mbps on 5Ghz in many places, but it drops to 100-200 Mbps in different rooms. I have 2 managed AP's though not just a home office router. 22:45 < SporkWitch> i fluctuate between 300-600 Mbps on my laptop in the room above the router 22:45 < SporkWitch> Asus AC-3100 router 22:50 < weyland|yutani> SporkWitch, isnt that the router who looks like he would murder you at night while whispering " sorry SporkWitch i cant let you view this website" 22:57 < SporkWitch> weyland|yutani: https://i.ytimg.com/vi/BXvugf4T2RY/maxresdefault.jpg 22:58 < sammyg> space ship! 22:58 < weyland|yutani> lock your door SporkWitch :D 22:59 < Aeso> it's okay, the crab is clearly on it's back so it won't be able to crawl away 23:00 < sammyg> hehe crab 23:00 < sammyg> i was thinking more of asgard battle ship 23:00 < sammyg> i like simple boxes for routers 23:00 < degenerate> whats the name for: neighbourhood with same ip, like all the neighbourhood shares 1 ipv4, its like NATsomething 23:02 < SporkWitch> this one looks far more evil https://www.amazon.com/RT-AC5300-Wireless-Tri-Band-AiProtection-Complete/dp/B0167HG1V6/ref=as_li_ss_tl?ie=UTF8&qid=1483932935&sr=8-3&keywords=gaming+routers&linkCode=sl1&tag=popularreviews0b-20&linkId=89ba662801ef05e0128c4717155a5ff4 23:02 < SporkWitch> i kind of want it... 23:03 < degenerate> Carrier Grade NAT 23:03 < Lope> I have ubuntu 16.04 and can't run the wondershaper script. "We have an error talking to the kernel." any ideas? Are there kernel modules I need to load? 23:03 < degenerate> finally got it 23:03 < weyland|yutani> SporkWitch, thats a NSA mind control device 23:03 < forgotten> carrier grade nat? 23:03 < forgotten> oh ya. sorry. someone already said it :) 23:03 < sammyg> SporkWitch, now THAT's an asgard ship! :) 23:03 < sammyg> or worse! 23:03 < sammyg> ori ship 23:04 < weyland|yutani> sammyg, more like replicators 23:05 < sammyg> oh yeah 23:05 < sammyg> forgot about those little bastards :) 23:07 < sammyg> asus ac5300 : https://vignette.wikia.nocookie.net/stargate/images/c/ca/MortalCoilCity-ship.jpg 23:07 < sammyg> :p 23:07 < wiresharked> So is hotspot shield a good VPN? 23:08 < weyland|yutani> is that 9 THz antennas sammyg ? 23:08 < sammyg> hah lol yeah something like that 23:13 < wiresharked> Apachez: So apparently a lot of NIC's have an option to do wake-on-LAN when the computer is turned off as well 23:16 < ben_s> Hello, this is my first time using IRC. My end goal is to host a helloworld html page accessible to the internet. Right now I'm trying to set up port forwarding for https. I get a connection (on canyouseeme.org) for http when I add the virtual server with Service Port 80, Internal Port 80, my IP, TCP, status enabled, but no connection when I do the same for port 443. Anything I should look into? 23:17 < audia5> would you like to live on a place like this your own beach house and Beautiful view http://i68.tinypic.com/fk7eix.jpg 23:18 < wiresharked> ben_s: Is port 443 allowed for both inbound and outbound traffic? 23:19 < sammyg2> how do you wake a pc over internet? 23:19 < sammyg2> wake on wan? 23:19 < wiresharked> sammyg2: Through a magic packet 23:20 < sammyg2> can you pass a magic packet through the internet? 23:21 < sammyg2> i can normally do it locally 23:21 < wiresharked> I'd think that WoWLAN would work fine 23:22 < sammyg2> why wowlan? 23:22 < sammyg2> i have wired connections 23:23 < wiresharked> So then use the regular wake-on-lan then 23:23 < yates> i have a question on a complex networking scenario. 23:24 < yates> i am at work, and i am running a server on my local machine. 23:24 < sammyg2> wiresharked, send the magic packet to wan ip of router? and then route it to the intended pc? 23:24 < wiresharked> sammyg2: That might work, does your router have wake-on-lan enabled? 23:24 < yates> i ssh'ed into my home machine and started a vpn (netExtender from SonicWall) to give access to my work network 23:26 < yates> i've NAT-redirected port 44222 on my outside home router network interface to my internal machine and an running sshd on that internal, home machine 23:26 < wiresharked> yates: Speaking of a VPN, should I use one at my school? 23:26 < yates> hang on, i'm mid-statement.. 23:27 < yates> i then ran a client on my home maching to connect to a machine on my work network. 23:27 < Maarten> yates, from what I read so far it seems a very redneck-hacky way of doing things..... 23:27 < yates> the thing that's baffling me is that a wireshark capture on the work machine where the sever is running is reporting packets from my home machine being sent over port 44222. 23:28 < yates> why? 23:28 < yates> what does that port have to do with the vpn connection? 23:28 < sammyg3> i would think udp 9 is filtered across internet? 23:28 < yates> Maarten: it may seem that way, but you don't understand the situation. 23:28 < wiresharked> yates: Port 44222 is not the one that SSH listens on though 23:29 < yates> i'm NAT redirecting 44222 to the proper port on my machine via router rules. 23:29 < wiresharked> Correct 23:29 < yates> i know that's correct. 23:29 < sammyg3> i get the impression that one needs to setup vpn for just about anything and everything these days, both for privacy and for security and to get the services working at all 23:30 < yates> doesn't this seem strange? 23:30 < wiresharked> sammyg3: Or sometimes a VPS 23:30 < sammyg3> yup 23:31 < xamithan> You think the average user cares about privacy? 23:31 < wiresharked> sammyg3: And some people are using a VPN to get around fortnite being blocked on school wifi 23:31 < yates> wiresharked: do you mean should you use one at home to get access to your school network? i would think that's better than ssh directly in. 23:32 < wiresharked> yates: I don't think I would use a VPN to hack into my school's network.. 23:33 < sammyg3> you will unlikely setup a vpn server on your school network 23:33 < sammyg3> he meant the other way around 23:33 < yates> i don't think you should hack in to your school's network, period. 23:33 < Maarten> yates, if you have netextender setting up a tunnel to your work, the nat port redirection isn't going to help you anything. 23:34 < Maarten> xamithan, anyone who has a smart phone of ANY kind, has already shown they don't care about privacy :P 23:34 < sammyg3> who said anything about hacking? 23:34 < yates> Maarten: yes, that's what i am doing, but i see that port number in the wireshark capture.. weird! 23:34 < yates> sammyg3: wiresharked did. 23:34 < wiresharked> yates: Using a VPN to access snapchat and instagram on my school's wifi is not a bad thing, a lot of people do that 23:35 < yates> sammyg3: yes, i see that now. yes, wiresharked, if you're concerned about privacy, that's a good way, in my opinion. 23:35 < Maarten> wiresharked, just because 10 people in front of you jump in the muddy lake, that doesn't mean you have to as well :P the "but everyone else does it" defense isn't a good reason to abuse your school network for things your school does not want on their network. Get a dataplan for your phone. 23:36 < sammyg3> yates i want to access my pc at home, from school or work, and i cannot do it many times because internet providers (the middle man) are filtering certain services or ports 23:36 < sammyg3> that's not really hacking the way i see it 23:36 < sammyg3> vpn use has become the new normal 23:36 < wiresharked> Maarten: Well, you know how bad the social media addiction epidemic is 23:37 < wiresharked> sammyg3: And some people here use PIA 23:37 < Maarten> wiresharked, no excuse to not simply get a data plan for your phone. You can do whatever you want and no school network is going to bug you. 23:37 < wiresharked> Maarten: I don't like you 23:38 < wiresharked> And sometimes my LTE signal is not that good in school.. 23:38 < yates> sammyg3: if you do like i did, nat redirect a high port number, i don't see how they could filter that. 23:38 < Maarten> wiresharked, be that as it may, it's the best solution! You will own your own data, have your own connection to a cellular network.... its all good! 23:38 < yates> i've used that approach to ssh to home for over a decade and at least two different home ISPs (time-warner and centurlink) 23:39 < yates> Maarten bring up a good policy consideration 23:39 < yates> brings 23:39 < Maarten> I don't use a VPN. I use obscure ports only I can remember to RDP into my home PC, and from there I can reach anything else. 23:40 < yates> Maarten: +1. i used a port that is the furthest metric from a binary search... 23:40 < sammyg3> Maarten, no vpn? and you use rdp? 23:41 < Maarten> sammyg3, yeah. But I am also the network administrator at my work, so putting in a rule that allows me to do things I want on the internet isn't a big problem. ;) 23:42 < sammyg3> well youre not internet admin are you? :o 23:42 < sammyg3> high port numbers are no protection 23:43 < yates> they are *some* protection 23:43 < sammyg3> how many hops between your work pc and your home pc? 23:43 < MACscr|lappy> any ideas what im doing wrong with this vlan? always says vlan10 doesn exist when i try to bring up br2 23:43 < MACscr|lappy> http://paste.debian.net/1021884/ 23:43 < MACscr|lappy> its a debian 9 system 23:44 < sammyg3> Maarten, i tried to do the same if you recall, but i was unable to, because i seem to be hitting a firewall at some node 23:45 < sammyg3> Maarten, so you are remoting into a windows pc? do you also have to use the xxx.xxx.xxx.xxx:port notation? 23:46 < Maarten> sammyg3, probably the firewall at your work. Don't try to circumvent it, it will only PISS OFF your work's sysadmins, and it is likely in the employee manual as a fireable offense. (tampering with IT systems). Ask your netowrk admin for a open port. I have done that for people that had a legal purpose to do so, such as testing websites we host from a outside connection. 23:47 < sammyg3> i noticed that mstsc is defaulting to 3389 and if one is like you and you use a high port num you will have to use the ip:port notation to enforce connection through that specific port 23:47 < Maarten> sammyg3, in my case its a domain name, but yes, basically. My IP is semi-permanent (bound to my account) so I just pointed a domain to it. 23:48 < Maarten> sammyg3, yes. You would have a NAT rule in your firewall at home that NATs say port 54321 to 3389 on your local PC. 23:48 < sammyg3> aha ok 23:49 < sammyg3> well the network in question is LTE contract 23:49 < sammyg3> my own that is, my own phone contract, i connect out to the internet via my phone 23:49 < sammyg3> exactly because of the network policy at work 23:50 < sammyg3> so it must be my mobile carrier who does the filtering 23:50 < sammyg3> but over vpn it works just fine 23:50 < Maarten> Verizon doesn't, I use my phone to access my RDP at home all the time. 23:52 < sammyg3> yeah i read your suggestion to the other guy to get his own contract, so i assumed you do the same... hmh 23:52 < sammyg3> well i don't know about verizon, i am across the pond 23:53 < Maarten> right. Well I know Vodafone doesn't either, at least not in the UK and Netherlands, as employees in the company I work for have used it to connect to RDP as well. But of course I don't know your carrier. 23:54 < sammyg3> tele2 23:56 < Maarten> So... Sweden, Netherlands, Italy, UK, Croatia, Lithuania, Estonia, Kazachstan, Latvia, Russia or Germany. :P 23:56 < Maarten> I can see the Russians blocking things. :P 23:56 < sammyg3> haha lol surprise! 23:57 < sammyg3> sweden in my case 23:57 < hugge> maarten bollen? --- Log closed Wed Apr 25 00:00:38 2018