--- Log opened Wed Apr 25 00:00:38 2018 --- Day changed Wed Apr 25 2018 00:00 < sammyg3> haha Maarten someone is looking you up :) 00:00 < sammyg3> you have a fan! weee 00:00 < hugge> well how many maarten could it be working for vodafone :p 00:01 < hugge> (i guess a few actually) 00:01 < sammyg3> haha 00:01 < hugge> also we probably met atleast twice :P 00:02 < haduken> greets 00:02 < sammyg3> see! internet is such a small place! :P 00:02 < sammyg3> not to mention the IRC part of it 00:06 < hugge> yeah the DFZ is a small duckpond of people 00:06 < MACscr|lappy> shouldnt these vlans be abl eto talk to each other? both are vlan 10, right? http://paste.debian.net/1021886/ 00:07 < MACscr|lappy> cant ping on 10.10.0.x 00:07 < AlexPortable> How do I know if a router is good for routing (consumer grade)? 00:07 < AlexPortable> I mean high price doesn't always equal good performance 00:08 < haduken> is anyboy familiar with virtual eth pairs? which practical use do they have? 00:13 < Maarten> hugge, I don't work for Vodafone :) 00:14 < hugge> Maarten: ah, i read it the wrong way, then disregard :P 00:14 < Maarten> I'm not even in the right continent to work for Vodafone. :P 00:14 < MACscr|lappy> someone must have vlan experience here =P 00:16 < Maarten> MACscr|lappy, wait you want to have a network 10.10.0.0/16 talking to ANOTHER 10.10.0.0/16 network on a different location? Or am I not reading the routes right? 00:16 < MACscr|lappy> same switch 00:17 < Maarten> but both 10.10.0.0/16 networks, different ones? Not sure if that will ever work that way 00:24 < MACscr|lappy> Maarten what am i dong wrong? i. just just need 10.10.0.100 and 10.10.0.101 to be able to communicate with each other on vlan10 00:24 < MACscr|lappy> all of my debian 8 systems can talk to each other fine on it, but im failing on this new debian 9 system 00:25 < Maarten> Hmm.... well if it works on debian 8 I would assume it should work on 9. If they are on the same switch, same vlan.... I don't see a problem, unless there is some sort of IP conflict. 00:28 < drac_boy> hi 00:35 < haduken> drac_boy: hei 00:36 < haduken> is it normal for linux bridge to duplicate hardware nic mac address? 00:36 < haduken> using iproute2 00:37 < drac_boy> no idea..don't use linux so much at all due to their act sorry :-s 00:37 < haduken> sometimes it even duplicates the mac address on a vlan attached to it. 00:37 < haduken> drac_boy: what act? 00:37 < haduken> drac_boy: it's ok, I was throwing open the issue not just you. 00:37 < tds> haduken: iirc the bridge will take the smallest mac address of all member interfaces 00:39 < haduken> sometimes the duplicate jumps onto first vlan attached to the bridge and the bridge gets a different address. 00:39 < drac_boy> yeah np anyway .. I guess you got answered now anyhow haduken 00:39 < haduken> it's arbitrary. 00:40 < haduken> sometimes I've seen, when all down, different mac addresses, but when upped the hardware mac address get's duplicated randomly. 00:41 < haduken> tds: is it safe to give the bridge a unique mac address? 00:41 < tds> I don't see why not 00:42 < haduken> I can reproduce this. 00:46 < Guest86812> Could someone explain port forwarding to me? 00:47 < haduken> Guest86812: when you're behind a firewall you allow data back out. 00:47 < haduken> *traffic 00:47 < Maarten> http://lmgtfy.com/?q=how+does+port+forwarding+work 00:48 < haduken> Guest86812: so the outside can reliably communicate within your subnet. 00:48 < haduken> something like that. 00:48 < Guest86812> So I have a server running and I port forwarded to my internal ip using a command. 00:48 < Guest86812> Now when I port forward in the router it doesn't show up on my external ip. 00:48 < haduken> Guest86812: port forwarding has to be enable in the kernel first. 00:48 < haduken> Guest86812: which OS are you using? 00:49 < Guest86812> I am using Windows... 00:49 < drac_boy> windows what? 00:49 < Guest86812> 10 00:49 < djph> and W10 is hosting something on whatever port? 00:50 < Guest86812> So I port forwarded localhost to 192.168.1.... 00:51 < Guest86812> Now I port forwarded that on my router. Shouldn't I see something on my external ip? 00:51 < djph> actually, before we waste too much time -- check your router. Is the IP address is any of the ranges 10.0.0.0-10.255.255.255; 100.64.0.0-100.127.255.255; 172.16.0.0-172.31.255.255; or 192.168.0.0-102.168.255.255 ? 00:51 < djph> *the WAN IP Address 00:52 < Guest86812> So I am new to this you WAN is your external ip address? 00:52 < SporkWitch> yes 00:52 < SporkWitch> Wide Area Network, as opposed to Local Area Network 00:53 < djph> Guest86812: well, yes -- but checking somewhere like "whatismyip.com" is not necessarily going to give you the right info 00:53 < Guest86812> No it doesn't 00:54 < Guest86812> Oh really whatismyip won't show me my external public ip? 00:54 < Maarten> Guest86812, say you have something that requires port 1234 to be open from the inside, and the computer hosting that something is 192.168.1.20 - you would go log on to your router, go to the port forwarding sections (sometimes called pinholes as well), and put in a port forward for point 1234 to 192.168.1.20 - now anyone on the internet can reach your WAN IP (whatever that is) on port 1234, and it will forward that traffic to 192.168.1.20 00:54 < djph> It depends on your ISP. Some smaller ones use NAT. 00:54 < djph> Guest86812: ^ 00:55 < djph> Guest86812: and because of that, you have to check on the ROUTER ITSELF 00:55 < Guest86812> Yes I did that. 00:55 < Guest86812> My isp is saying port 80 is blocked though. 00:55 < djph> well, many ISPs block port 80 00:56 < Maarten> some ISP's block some ports indeed.... 25 is most often blocked (smtp), but some residential ISP's block ports that are often used for servers. You may want to check your TOS to see if you are allowed to run servers. You can always run it on another port though. 00:57 < Guest86812> So I went through 192.168.1.1 I went to the port forwarding section and I put in 192.168.1.... on port 80. 00:57 < djph> and that machine has something *running* on port 80? 00:57 < Guest86812> Yes it has something running on port 80. 00:57 < SporkWitch> if you're in the US and it's not a business connection I'll tell you right now your TOS prohibits hosting servers, though not all actually care if you do it anyway 00:57 < Maarten> if port 80 is blocked use another port, e.g. port 81 - you should be able to forward port 81, and forward it internally to port 80 on your own machine. 00:58 < Guest86812> I usednetsh interface portproxy add v4tov4 00:58 < Guest86812> I used netsh interface portproxy add v4tov4 00:58 < djph> SporkWitch: AT&T doesn't, pre=-merger TWC didn't 00:58 < djph> Guest86812: that means absolutely nothing 00:58 < SporkWitch> even my ISP technically says "don't run servers," yet they sell a connection with 100Mbps upstream and sell static IPs for 10 bucks/mo lol; wtf would i be paying for that fat pipe and a static IP if i didn't plan to host something on it? lol 00:58 < djph> Guest86812: what're you running on port 80? apache or something? 00:59 < djph> SporkWitch: IKR :) 00:59 < Maarten> SporkWitch, AT&T doesn't care, I checked with them. You can even get a block of static IP's if you want. The kicker, and this is the case with most ISP's..... is whether you make MONEY using that website. If it is a private website full of pictures of cats, no one cares. If it is a small webshop selling knitted hats for cats, they care and they want you to get a business account. 00:59 < Guest86812> What does TOS mean? 00:59 < drac_boy> spork..you ever heard of the thing called 'streaming' or 'users beign crazy with ethernet-not-cable tvs? ;) 00:59 < Maarten> Guest86812, terms of service 00:59 < djph> Guest86812: Terms of Service 01:00 < djph> drac_boy: UPLOAD 01:00 < djph> drac_boy: do try to keep up 01:00 < djph> :) 01:00 < drac_boy> djph you're not keeping up :P 01:00 < djph> :P hahahaha 01:00 < SporkWitch> djph: i think they put it there in case you end up with enough traffic that you actually use a significant portion of your connection a significant portion of the time, not because they really care 01:00 < drac_boy> streaming means either/both up or down anyway ;) 01:01 < SporkWitch> drac_boy: tab-completion is your friend, and you don't need a static ip for that. It's the static ip that reall clinches it for me: THEY KNOW you plan to host something lol 01:01 < Guest86812> So I am running an asp server I used apache before but for some reason I can't host anything. 01:02 < drac_boy> actually yes you -do- use static ip on certain video services 01:02 < drac_boy> it makes for much easier connection especially to guest boxes 01:02 < Guest86812> So could someone tell me if I am doing something wrong or if it is my isp? 01:21 < whatsupdoc> someone plz help http://dpaste.com/3BN6DRV.txt 01:22 < SporkWitch> no one's going to click a paste with zero context, kid 01:22 < whatsupdoc> text? 01:23 < whatsupdoc> first of all what is delay???? 01:23 < SporkWitch> ... 01:24 < whatsupdoc> whois can give me AS 01:25 < SporkWitch> do you have like a typing version of tourettes? 01:25 < E1ephant> is that like up dog? 01:25 < whatsupdoc> lol 01:25 < SporkWitch> i feel like i should feel proud i don't know what "up dog" is... 01:26 < whatsupdoc> someone just tell me plz what it's asking 01:26 < whatsupdoc> this is an impossible question 01:26 < Quatermass> whatsupdoc: You're not going to get any help while you're behaving like an entitled ass 01:26 < whatsupdoc> you cannot measure the delay 01:27 < SporkWitch> how can you have any pudding if you don't eat your meat? 01:27 < whatsupdoc> because to measure the delay you have to be at one of the hosts 01:27 < whatsupdoc> You have to be at the AS 01:27 < SporkWitch> to eat your meat? 01:27 < E1ephant> it kinda spells it out 01:27 < E1ephant> use traceroute 01:27 < E1ephant> record each hop 01:27 < E1ephant> figure out which hops the ASN is changing 01:27 < whatsupdoc> Experiment 1) drive or take plane to where you want to measure delay 2) ping 01:27 < E1ephant> grab latency delta along path 01:28 < E1ephant> for each ASN 01:28 < tds> is this homework by any chance? 01:28 < whatsupdoc> ...no 01:29 < SporkWitch> tds: who knows? he just posted a link and demanded help; no context, then random inane outbursts that make no sense due to lack of any context 01:29 < whatsupdoc> ...maybe 01:29 < Quatermass> lol of course it is. notice the demeanor of the Entitled Generation that's telling people to answer immediately 01:29 < whatsupdoc> our generation is better than yours tho 01:29 < SporkWitch> whatsupdoc: don't feed the troll 01:29 < whatsupdoc> i'm legit asking for help 01:30 < E1ephant> yeah just ignore quarter 01:30 < E1ephant> they are unhelpful on purpose 01:30 < E1ephant> they find it entertaining for some reason 01:30 < SporkWitch> whatsupdoc: and i'm legit telling you to improve HOW you ask 01:31 < tds> if you're using mtr, --aslookup may also be helpful, much nicer than running whois manually for each hop 01:31 < whatsupdoc> I don't understand how finding the latency between ASN gives you any useful information 01:31 < whatsupdoc> because it's always going to be between your ASN and some random ASN, not some random ASN and another random ASN 01:32 < E1ephant> I mean sounds like a thought experiment more than anything 01:33 < E1ephant> but yes it aboslultely matters what latency an ASN is delivering to your destination, as you might have multiple routes (ASNs) to pick from. 01:34 < E1ephant> or seeing different ASNs, and what they're adding to the same given destination 01:35 < djph> ^ 01:36 < whatsupdoc> ok thanks E1ephant 01:37 < E1ephant> I've helped bugs bunny today, day complete. 01:38 < SporkWitch> E1ephant: makes me hungry; i haven't had rabbit in years 01:39 < djph> shhhh, I'm hunting wabbit 01:40 < drac_boy> djph I always found the language used by tweety a bit funny .. you know how it goes? "I taught I taw a cat" 01:40 < drac_boy> forgot exact spelling but I'm sure of the 'taw' word :) 01:41 < djph> drac_boy: "I tawht I tawh a puddy-tat" 01:41 < djph> drac_boy: "I did! I did tawh a puddy-tat!" 01:42 < drac_boy> heh yeah that's it .. been a long time I watched the tv series :P 01:42 < drac_boy> djph and it was always funny how many times the cat was so close but then the grumpy big dog was right behind the cat :) 01:42 < djph> haha, IKR 01:42 < djph> now it's "too violent" for kids 01:42 < djph> or something 01:43 < drac_boy> djph or how about the fact that the brain-dumb coyote never could get at the roadrunner no matter how wild of an "acme" item he ordered .. there was that one time the coyote almost had the roadrunner only to realize the size-altering tube didn't function "properly" 01:44 < djph> the funny thing is, a cartoon from back then was super-progressive. I mean, the number of times Bugs dressed up as a chick and kissed Elmer or Yosemete Sam or ... 01:44 < drac_boy> of course the coyote running off cliff and just standing there .. snaps out a white flag .. then WHOOSH normal gravity takes over :) 01:45 < djph> "bye. bye." 01:46 < drac_boy> and also I still like the silly muppet family even if they had certain weirdness to each :) (grouchy garbage character .. the cookie loving monster .. or even the "hate and loves frog at same time confusingly" miss.piggy ;) 01:47 < drac_boy> always found it so silly when miss.piggy would get physical with frog .. then only a few seconds later suddenly kiss him way too much :) 01:47 < cluelessperson> Hi all, when I connect my security gateway to the internet/wan uplink, should I maybe pass it through a WAN vlan on my switch? 01:47 < cluelessperson> in case I need direct access to the WAN for some reason? 01:47 < cluelessperson> drac_boy: children's shows have a tendency to exagerate character traits 01:48 < drac_boy> yeah.. but anyway as for your network question I'm sure it might be for the best to not allow wan access 01:48 < djph> no? 01:49 < cluelessperson> djph: no what? 01:49 < djph> cluelessperson: so *thats* why kids shows these days all have super-annoying shits as the main characters 01:49 < djph> cluelessperson: "no passing thru the WAN" 01:49 < cluelessperson> djph: ah. Probably a good idea. I notice a bunch of unknown clients showing up on the switch interfaces. 01:49 < cluelessperson> MACs of various neighbors, random pings and such 01:50 < cluelessperson> I'm an in apartment, a wardriving wet dream 01:51 < cluelessperson> djph: drac_boy I mean, I can see 36 clients on that port 01:57 < dogbert2> hey djph 02:00 < djph> heyo dogbert2 02:00 < drac_boy> anyway I'm off for tonight 02:21 < dogbert2> whazzzup, djph 02:22 < jasonb> Hello everyone, I have a question, it's kind of long so I pasted it here : ttps://paste.debian.hnet/plain/1021895. Hope some guru could help me out. Many thanks ! 02:22 < djph> dogbert2: not much, chillin mostly 02:22 < dogbert2> had to work overtime the last 3 work days (Fri, Mon-Tues) 02:23 < djph> ouch 02:23 < djph> that's never fun 02:24 < dogbert2> well, unless I get an override from my regional mgr, no more overtime this week :P 02:24 < CuriosTiger> djph: When it's paid overtime it is. 02:25 < dogbert2> CuriosTiger...when you have a switch fail to come back online, no it ain't :) 02:26 < CuriosTiger> jasonb: So, perhaps a silly question -- but do your CLIENTS have their default routes configured correctly? 02:26 < CuriosTiger> dogbert2: Well..yeah. 02:26 < dogbert2> and I've had to get up at 0345 the past three work days... 02:27 < dogbert2> was able to get it back online (the bad switch) by wiping out all configs, etc...was throwing bad inode errors during boot 02:27 < djph> CuriosTiger: yeah, but 3 days straight of it still suck 02:28 < dogbert2> LOL...that would suck ass, even at 2.5x pay rate 02:30 < CuriosTiger> dogbert2: I had my dogfood firewall start doing that. Turned out to be a bad HDD. To which my response was, who puts a HDD in a firewall? 02:30 < dogbert2> only an idiot, CuriosTiger 02:30 < forgotten> waba luba dub dub! 02:34 < CuriosTiger> dogbert2: On the one hand, I'm inclined to agree. On the other hand, Palo Alto has kind of impressed me with their platform. 02:34 < CuriosTiger> I just think they need to retire the PA-200 out of their lineup, and they'll be good. That's their only box that still ships with an HDD. 02:34 < dogbert2> heh 02:34 < CuriosTiger> Well, that, and they need to get on the ball with IPv6. 02:35 < dogbert2> replace HDD with Flash HD 02:35 < CuriosTiger> My current IPv6 setup is to run a VirtualWire from my inside network through the Palo Alto to a Cisco router that handles IPv6 routing. 02:35 < forgotten> CuriosTiger: with wildfire? 02:35 < CuriosTiger> forgotten: I do have wildfire, yes. And advanced threat protection. 02:35 < forgotten> nice do you find that pretty usefull? 02:36 < forgotten> like does pickup lots of the bad? 02:36 < CuriosTiger> forgotten: Well, they stopped a piece of israeli spamware from phoning home at work the other day 02:36 < CuriosTiger> so they do pick up some. 02:36 < forgotten> do you have anything else inline besides that? 02:36 < CuriosTiger> I'm still not sure about their success rate, as I try hard not to have bad on the network in the first place, either at home or at work. 02:37 < jasonb> CuriosTiger: the clients has default route to the wlan0_1 (192.168.20.1), and /etc/resolv.conf points to the remote VPN server tun interface (192.168.120.1) for DNS 02:39 < CuriosTiger> jasonb: OK. Just had to ask, because I've very often seen a missing default route on the CLIENT be the cause of being unable to ping beyond the local gateway 02:39 < CuriosTiger> ...and then driven myself crazy looking for a gateway config issue that wasn't there. 02:41 < jasonb> CuriosTiger: Yeah. I've been with this setup for weeks. Still can't figure out why. It's so unstable. Sometimes the clients can connect to Internet (restarting dnsmasq + vpn client on the router a couple of times). It's so strange. 02:41 < jasonb> paste it here again in case some guru walks by and could throw me 2 cents : https://paste.debian.net/plain/1021895 02:46 < djph> probably a mix of dnsmasq, systemd, vpn ... 02:47 < djph> jasonb: short version, you need 0.0.0.0/1 and 128.0.0.0/1 via the vpn tunnel, like what oVPN does 02:49 < jasonb> djph: Hi. but, where should I set that ? 02:49 < jasonb> if I set that on the router, other traffic will end up routed through the VPN tunnel 02:49 < jasonb> this is not what I wanted 02:49 < jasonb> that's why I created the table vpn_table in /etc/iproute2/rt_tables 02:50 < jasonb> strange thing, applying route 0.0.0.0/1 or 128.0.0/1 or default route in that table, I cannot ping my wlan0_1 interface + remote VPN tun interface 02:50 < djph> then secondary routing tabe needs the gateway of last resort, plus more specific routes to the other subnets 02:51 < jasonb> would you mind writing down (some) example of the routing rule for that 2nd routing table ? 02:52 < jasonb> I tried rule like : 192.168.120.0/24 dev tun1 scope link (where that subnet is the subnet of the VPN tunnel, tun1 is the tun interface on my router) 02:53 < jasonb> that's for the 2nd routing table 02:53 < jasonb> # ip route add 192.168.120.0/24 dev tun1 table vpn_table 02:54 < djph> and you have a rule saying that 20.0/24 source IPs use that vpn_table 02:54 < jasonb> djph: yes I did that. 02:55 < jasonb> both 20.0/24 and 120.0/24 02:55 < jasonb> but 02:55 < jasonb> if adding 20.0/24, the client no longer be able to ping 20.1 (wlan0_1) be cause all traffic are route to 120.6 02:56 < djph> you're making a mess of your routing somewhere 02:56 < djph> and not explaining it well 02:56 < djph> the router ABSOLUTELY KNOWS about all locally connected networks 02:59 < jasonb> djph: which additional rules you suggest putting on that vpn_table aside : 02:59 < jasonb> # ip route add 192.168.120.0/24 dev tun1 table vpn_table 02:59 < djph> what networks do you want it to talk to? 02:59 < jasonb> # ip route add from 192.168.120.0/24 dev tun1 table vpn_table 02:59 < jasonb> # ip route to 192.168.120.0/24 dev tun1 table vpn_table 02:59 < djph> the table *SHOULD* show 03:00 < djph> 0.0.0.0/0 via VPN_Otherside 03:00 < djph> local_net is locally connected (repeat for all local nets) 03:00 < jasonb> let me try again 03:00 < djph> any other non-local nets via a reachable gateway 03:05 < jasonb> djph: are wifi clients supposed to be able to ping 20.1 (wlan0_1), if the default route of vpn_table is to routed to VPN_Otherside (120.1) ? 03:07 < kaltec> anyone here have experience with FortiGate devices? I have a couple questions about setting up FortiClient VPNs, and their whitepapers haven't been able to answer my question. 03:08 < SporkWitch> *nelson voice* HA HA! https://www.youtube.com/watch?v=G7EFthdV9bk 03:08 < SporkWitch> AT&T and Verizon were naughty :P 03:08 < djph> jasonb: they wouldn't route since 20.1 is on the same network 03:08 < SporkWitch> kaltec: If you have a question, just ask! For example: "I have a problem with ___; I'm running Debian version ___. When I try to do ___ I get the following output ___. I expected it to do ___." Don't ask if you can ask, if anyone uses it, or pick one person to ask. We're all volunteers; make it easy for us to help you. If you don't get an answer try a few hours later 03:11 < kaltec_> In their documentation (http://cookbook.fortinet.com/ipsec-vpn-forticlient/), they refer to a local address and local interface. I get the local interface part, but the local address is throwing me as to what it is used for. 03:11 < kaltec_> I'm creating tunnels for both employees and vendors here, so I want to make sure I'm setting it up appropriately 03:11 < SporkWitch> local address, logically, would be the address of that interface 03:12 < SporkWitch> that is, the address of the local interface 03:12 < kaltec_> you would think that, but in their video, they create a network object that is a /24 and use that as the local address 03:13 < SporkWitch> kaltec_: then it sounds like they mean network address; 192.168.0.0/24 is a network address, 192.168.0.1/24 is a host address 03:14 < kaltec> right. I have ~50 different vlans inside my firewall. The firewall itself is a /30 between it and the core switch. 03:14 < kaltec> i've tested w/ , which is a group of all our internal vlans, as well as just a single ip address in one of the ranges and i haven't had any issues with either test 03:16 < kaltec> i guess i'm just trying to figure out what that part of the config is used for 03:25 < berfondo[sw]> hi. I'm on wifi and get these ping spikes (from 15ms to >1500ms) anywhere from every 10 seconds, to once a minute or so. Really annoying for gaming. Router is suppossed to be good, I guess (not mine, but Comcast) and I cannot use ethernet cable. IS this an issue inherent to wifi, or could there be another cause? 03:26 < CuriosTiger> It's not inherent to wifi, but wifi certainly could cause it. 03:26 < ldiamond> I'm having SSL issues. https://gist.github.com/lewisdiamond/cf43dee45d1b78fdeab3f963e02f7a15 03:26 < ldiamond> Are the top ones "good enough" to allow? 03:27 < CuriosTiger> Also, latency IS inherent to wifi. But that amount of jitter is not. 03:27 < ldiamond> idk why my default nginx doesn't support anything in there 03:28 < berfondo[sw]> CuriosTiger: thanks. So this happens when I do a ping -t www.google.com and also happens simultaneously when I'm in a server in a FPS game. Pther than these ping spikes, connection is smooth and fast. 03:29 < berfondo[sw]> CuriosTiger: I live in university housing so internet is provided by my university. I am lucky the wifi access point is on my roof, less than 20 feet from my laptop. But I'm probably sharing the AP with many clients. Is there a way to troiubleshoot whether the spikes are caused by my wireless adapter, or by the router (bad config), or by the router (saturated with too many clients),or something lije that? 03:33 < Evidlo> just use your wired connection 03:33 < berfondo[sw]> the access points don't have ethernet ports (excepting the WAN) 03:34 < Evidlo> they dont give you wire drops? what about people with desktops? 03:34 < Evidlo> also why do they put an AP outisde on the roof 03:34 < djph> berfondo[sw]: it's you and the 39 of your closest friends also in the vicinity hitting the same ap 03:35 < djph> Evidlo: I bet they do, and he just ignored them 03:35 < berfondo[sw]> Evidlo: they gave USB wireless adapters for them, and I meant the ceiling, not roof... 03:35 < forgotten> lol 39 03:35 < berfondo[sw]> djph: I'd think there are a few at least 03:36 < djph> forgotten: well, knowing how we set the APs up in our dorms, yeah, one AP pre 30-40 students 03:36 < forgotten> just thought it was a funny number to go to haha 03:36 < forgotten> you and 39 of your closest friends.. just funny wording lol 03:36 < djph> forgotten: at least the first year we got wifi. They added more the next summer, but ... 03:40 < berfondo[sw]> djph: so now I'm doing the ping -t in two laptops simultaneously, but only one gets the high pings/time outs.... 03:40 < djph> everything else identical? 03:41 < Evidlo> use mtr to figure out what hop is adding the latency 03:41 < berfondo[sw]> djph: no, not identical 03:41 < djph> hrdware, os, patches, installed crap, amount of porn from sketch corners of the internet, etc 03:43 < berfondo[sw]> djph: so I know it's hard, but how would you go about determining what's the cause between all those possible things? 03:43 < djph> what's the wlan cards for starters 03:44 < berfondo[sw]> djph: Intel Dual Band Wireless AC 7260 03:44 < djph> in both? 03:44 < berfondo[sw]> djph: no, just the one with the issues 03:45 < djph> that's surprising. Intel are solid cards. I'd start with updating the driver 03:45 < berfondo[sw]> djph: ok, I'll trey that 05:49 < sandman13> Hi, I have a pcap file, and I want to replay traffic on it with tcpreplay but where should tcpreplay run? On the server or any machine on the network? 05:51 < littel5t> what does curl ifconfig.me and ifconfig shows.. what is my ip address out of these 05:58 < Quatermass> You mean you are unable to find your external ip from using curl ipconfig.me? 05:59 < Quatermass> It returns your internet ip and nothing else 05:59 < Quatermass> ifconfg shows your internal, or LAN IP 06:02 < littel5t> what is the difference between internet ip and internal ip? 06:54 < LissajousPattern> is there any benefit to having a wireless AP bridged to a mobile hotspot? 06:55 < LissajousPattern> throughput wise or security wise? 06:55 < grawity> basically an AP with wireless uplink to another AP? 06:55 < LissajousPattern> yeah 06:55 < grawity> can't imagine how that would be useful 06:55 < LissajousPattern> oh 06:56 < grawity> except perhaps to extend the range or something such, but by that point, if the uplink is a cellphone hotspot, I'm guessing it's gonna be fairly overloaded 06:56 < grawity> and I mean, a phone hotspot already has infinite range in the sense that you can carry it >_> 06:57 < LissajousPattern> grawity, word 06:57 < LissajousPattern> I have used it to extend range 06:57 < LissajousPattern> it works quite well 06:58 < LissajousPattern> but I am just trying to find out it there are added benefits 06:59 < grawity> extending range this way (wireless uplink) usually costs some performance 06:59 < grawity> and extending other things (like client count) is probably a bad idea from the beginning 07:00 < LissajousPattern> noted 07:00 < LissajousPattern> so I would like to host my website from my phone... Is that possible? 07:01 < grawity> technically yes 07:01 < grawity> practically, welllllllll. 07:01 < LissajousPattern> yeah thats what I am wondering 07:02 < grawity> imagine a cellphone getting a reddit hug of death 07:02 < LissajousPattern> whats that? 07:02 < LissajousPattern> I'll google it 07:02 < grawity> like slashdotting except for 2010's 07:02 < grawity> also it depends on your mobile provider: some give you a public IP address, some don't, and some do but block all inbound connections regardless 07:03 < LissajousPattern> ah ha 07:03 < LissajousPattern> yeah it would be cool to mess with at least just for the sake of experimenting 07:04 < grawity> you can in fact host stuff on Tele2 prepaid, for example 07:04 < LissajousPattern> hmm 07:04 < grawity> also, you'll usually need a rooted phone in order to host on the standard http(s) ports 07:05 < LissajousPattern> yeah I have one 07:05 < LissajousPattern> you got me thinking 07:05 < LissajousPattern> I was gonna try it last night but got a little sleepy 07:05 < grawity> (without a compatible mobile provider, I imagine a VPN could be used to provide the same feature...) 07:08 < LissajousPattern> man I have a decent Idea 07:08 < grawity> nothing whatsoever about this is decent 07:09 < LissajousPattern> yeah well 07:09 < grawity> (obligatory https://www.youtube.com/watch?v=vQ5MA685ApE) 07:11 < LissajousPattern> brilliant 07:12 < LissajousPattern> yeah I also want to host full 1080p video on that site served by the phone as well...lol. 07:13 < LissajousPattern> I plan on running a bitcoin miner on it too. just to stay warm during the winter months 07:15 < Quatermass> lol 07:15 < LissajousPattern> I mean what do y'all do with your rooted android phones? 07:16 < Quatermass> Why not run a bittorrent site on it 07:16 < LissajousPattern> great idea 07:16 < Quatermass> Sounds like you just want attention. 07:16 < Quatermass> And good luck with that 07:20 < at0m> rooted android is great to manage iptables and systemwide adblocker, maybe a vpn client. 07:20 < Quatermass> at0m: s/he knows this. It wants attention. 07:20 < at0m> seems so. 10:08 < galileo_> good news pppingme 10:08 < galileo_> pretty sure my mail is getting through to people now 10:38 < Spice_Boy> galileo_: I'll be trying to set up an email server one day 10:38 < galileo_> if ISIS captured me and gave me a choice; 1: set up an email server or 2: be a star in their next beheading film i would definitely choose 2 10:44 < mrtnt> Let's say that I'm downloading a large file over TCP. For example "wget http://hgd-speedtest-1.tele2.net/10GB.zip". It is obvious, that when some of my ACK messages get lost, then servers TCP send window cannot slide to right, i.e server cannot send additional data once it has received acknowledgments for data it has already sent and this affects the throughput. However, how is the download speed 10:44 < mrtnt> affected if some of the packets sent by the server get lost? 10:44 < mrtnt> I guess the effect is the same because the client can not acknowledge data which it has not received and thus again, the server send window cannot slide to right. 10:48 < Spice_Boy> haha 10:55 <+catphish> mrtnt: if the client doesn't receive data, it has to be sent again, of course that slows things down, as for how much probably very much implementation dependent, and of course dependent on how many packets are lost, TCP intentionally slows down when packets are lost, that's how it reaches line speed and stays there 11:05 < mrtnt> catphish: ok, thanks! So from server(sender) point of view it doesn't matter, if its "data" packet got lost or acknowledge packet for this "data" packet sent by the client got lost? In either way, server needs to resend the data. 11:06 < dogbert2> anyone use a NAS device...looking to get a good 2 bay unit 11:06 <+catphish> mrtnt: exactly, in fact there's no possible way the sender could know if it's the data that got lost, or the ack, the result is the same 11:09 < djph> dogbert2: I just went for "old dell server" :/ 11:17 < detha> dogbert2: old server, or an old PC with a couple of sata drives 11:18 < dogbert2> heh, djph...not an option, since I don't have old servers lying around...was looking at a standalone device :) 11:20 < mrtnt> catphish: thanks! 11:20 < detha> dogbert2: $50 buys you a good enough PC off eBay, the only difference between a 'PC' and a 'NAS device' is that for the NAS device instead of skimping on the onboard NIC they skimped on the onboard video 11:21 < dogbert2> true :) 11:29 < djph> dogbert2: I picked up a server from one of those refurb sites 11:29 < dogbert2> what kind of NAS do you have set up with it? 11:32 < djph> just NFS. Not 100% sure it counts as a "NAS service", but it serves my purposes 11:38 < dogbert2> grin :) 11:44 < detha> dogbert2: cheap, fast, large: pick any two. We are cheap, so we have old servers with 15K SAS or SCSI drives for fast nfs or iscsi, and old PCs with a bunch of 7200 sata drives for lots of slow nfs or cifs 11:44 < dogbert2> LOL :)... 11:54 < adnn> Regarding the hidden node problem in ad-hoc networks, what is the limitation point which is preventing the middle node from receiving data from both ends at the same time ? 11:54 < detha> spectrum 11:56 <+catphish> adnn: you're trying to have a conversation with 2 people at once, but those 2 people can't hear each other, so they talk at the same time, and you can't understand them both at once 11:56 < adnn> can you elaborate? 11:56 < adnn> catphish: ok. So the limitation here is that I have 1 network card, right? 11:57 <+catphish> adnn: sort of, the problem is that both are transmitting on the same frequency at the same time, and the result is just a mess 11:57 <+catphish> for it to work, you'd need 2 NICs operating on different channels, so the 2 messages don't overlap 11:58 < adnn> but that solution would then prevent the edge nodes from communicating even when they come within range of each other 11:58 < adnn> they will be dependent on the middle node 11:59 <+catphish> correct 11:59 < adnn> cool, thanks 12:00 <+catphish> i don't actually know how an access point solves this problem 12:00 <+catphish> maybe it tells the clients when they should each talk 12:00 < Alexander-47u> hi all 12:00 < tapearchive> Hi 12:00 < Alexander-47u> is tthere any way to timeout CLOSE_WAIT connections in a timely manner? 12:00 < Alexander-47u> on linux 12:00 < tapearchive> have you tried google? 12:01 < Alexander-47u> yes but many different answers 12:01 < adnn> catphish: CSMA/CA ? 12:01 < Alexander-47u> but dont mind this guy he is sitting next to me 12:01 < Alexander-47u> anyone?:P 12:02 <+catphish> Alexander-47u: CLOSE_WAIT means your program isn't closing connections, the answer is just to close them 12:03 < Alexander-47u> yes, but im not there to run kill every time 12:03 <+catphish> Alexander-47u: you need to fix the program 12:03 <+catphish> or have whoever developed it fix it 12:04 <+catphish> if a program is leaving connections open, it's leaving them open, not much you can do about it, except to change the program to close them 12:05 < Alexander-47u> lol no it happends when I pull the plug on my raspberry pi 12:05 < Alexander-47u> i port forward a port from the pi to the VPS 12:06 < Alexander-47u> when I pull the plug on the Pi 12:06 < Alexander-47u> it fails to reconnect on boot 12:06 < detha> * * * * * root /bin/bash "if [ $(netstat | grep CLOSE_WAIT | wc -l) -gt 10 ]; then killall program; fi" 12:06 < Alexander-47u> because it stays open 12:06 <+catphish> fix the software to handle it 12:06 < Alexander-47u> and I wish for it to time out more quickly so that autossh can do its thing 12:06 < Alexander-47u> common son. openssh is great software. 12:07 < Alexander-47u> :P 12:07 <+catphish> Alexander-47u: look up tcp keepalive, you can enable this in ssh, and tune the timeouts 12:07 < Alexander-47u> thanks, thats a great answer 12:07 < Alexander-47u> but ah.. 12:07 <+catphish> that will close the connection after a specific timeout 12:08 < Alexander-47u> no this should be set in my vps 12:08 <+catphish> ssh may even have an internal keepalive, i'm not sure 12:08 < detha> ssh has two types of keepalive, one in the protocol, one TCP. Both can be tuned independently. 12:08 < Alexander-47u> because the raspberry pi gets shutdown inappropriately in in this use case 12:08 < Alexander-47u> yes, the TCP one, where do I configure this 12:08 <+catphish> i'd use the protocol one first, the OS TCP one isn't great 12:09 < Alexander-47u> on my VPS or Pi? 12:09 < Alexander-47u> pi doet remote port forwarding to the VPS 12:09 <+catphish> what's the actual problem here?> 12:09 < Alexander-47u> does 12:09 <+catphish> if the pi is initiating the connection when it boots, what's the problem? 12:09 < Alexander-47u> when I plug the Pi out without shutting it down properly 12:09 < Alexander-47u> the port stays CLOSE_WAIT 12:09 < Alexander-47u> so it cannot reconnect on boot 12:09 <+catphish> that's not a thing 12:09 <+catphish> SSH can accept any number of connection 12:10 < Alexander-47u> the port is blocked 12:10 <+catphish> no 12:10 <+catphish> but it's possible the port forwards are still in use, so you can't open those 12:10 <+catphish> nothing will block the ssh connection 12:10 < Alexander-47u> yes its in use by CLOSE_WAIT 12:10 < Alexander-47u> :P 12:10 <+catphish> what is? 12:10 < Alexander-47u> the port 12:10 <+catphish> what port/ 12:10 < Alexander-47u> the situation is 12:10 < Alexander-47u> the VPS is waiting for a close signal 12:11 < Alexander-47u> while the pi is trying to establish a new connection on the same port 12:11 <+catphish> that's not a thing 12:11 < Alexander-47u> that the pi abandoned in a improper fashion 12:11 <+catphish> ssh can accept any number of connections on the same port 12:12 <+catphish> also, close_wait means the remote end closed the connection but the local end didn't, so i don't see how the client disappearing would cause that on a server 12:12 <+catphish> some things here are confused 12:12 < detha> ssh keepalive would cause that 12:13 < detha> server sees client disappear, closes connection on server end 12:13 < Alexander-47u> catphish, well it doesnt reconnect till i manually kill it 12:14 <+catphish> Alexander-47u: why not? what's the error? 12:14 < detha> 'kill it'. Kill what? 12:14 <+catphish> detha: i don't think so: CLOSE_WAIT - represents waiting for a connection termination request from the local user 12:14 <+catphish> detha: is very much means the remote closed it but the local didn't 12:15 <+catphish> Alexander-47u: do you mean the client still thinks it's connected, and so doesn't reconnect? 12:15 <+catphish> Alexander-47u: if so, the ssh in-protocol keepalive will solve that 12:15 < Alexander-47u> the server things that 12:15 < detha> catphish: would need to check the state diagram, but I believe you. So client did indeed close. 12:15 < Alexander-47u> the client, brings his port to the vps 12:16 < Alexander-47u> client gets shut down violently 12:16 < Alexander-47u> but automatically reconnects on boot 12:16 < Alexander-47u> but that doesnt happen 12:16 <+catphish> Alexander-47u: what's the error? 12:16 < Alexander-47u> because the port 2222, which it uses, is on CLOSE_WAIT 12:16 <+catphish> Alexander-47u: you're wrong 12:16 <+catphish> unless maybe the client's reusing the same ephemeral port 12:16 < Alexander-47u> yes 12:16 < Alexander-47u> it is 12:17 < Alexander-47u> I said that before lol 12:17 < Alexander-47u> it connects back on the same port 2222 12:17 <+catphish> Alexander-47u: well then that's what you should fix? don't use fixed ports 12:17 < Alexander-47u> I have to in this use case 12:17 <+catphish> why? 12:17 <+catphish> that's insane 12:18 < Alexander-47u> is there any way to just have close_wait shutdown more quickly on the VPS side 12:18 <+catphish> the keepalive timeout(s) might fix that 12:19 <+catphish> but i still think you shouldn't be using a fixed source port for this connection, seems like you're creating a problem for no reason 12:20 < Alexander-47u> where do I set this keepalive timeout? It can be short, because autossh will reconnect on the pi's end 12:21 < Alexander-47u> cat /proc/sys/net/ipv4/tcp_keepalive_time 12:21 < Alexander-47u> ? 12:21 < Alexander-47u> its set to 7200 now 12:21 <+catphish> that's one of them (the system one), you also need to enable it in ssh 12:21 < Alexander-47u> 2 hours 12:21 <+catphish> but there's another keepalive in ssh itself which i'd try first 12:22 <+catphish> ClientAliveCountMax and ClientAliveInterval 12:22 <+catphish> why are you using a fixed port anyway? 12:22 <+catphish> i don't even think ssh supports this 12:23 <+catphish> an aggressive clientalivetimeout might solve it anyway 12:24 <+catphish> (ie ClientAliveCountMax and ClientAliveInterval) 12:24 < mAniAk-_-> sysctl values only applies to sockets with keepalive enabled, so the app needs to do it 12:24 <+catphish> i mentioned that 12:24 <+catphish> you can enable that in ssh, but probably best to try its internal timeouts first 12:26 < Alexander-47u> thanks will try 12:26 < Alexander-47u> the thing is 12:26 < Alexander-47u> the system timeout 12:28 < Alexander-47u> doesnt work for 7200 seconds 12:28 < Alexander-47u> because it was a few days ago that I plugged out the pi 12:28 < Alexander-47u> and today it was still on close wait xD 12:28 < mAniAk-_-> catphish: ssh keepalives are tcp keepalives 12:28 <+catphish> mAniAk-_-: no, ssh has its own protocol level timeouts, but also supports tcp keepalives 12:29 < mAniAk-_-> Alexander-47u: it only applies to sockets that use keepalives, applications must explicitly use it as an option when creating a socket 12:29 <+catphish> Alexander-47u: read what both mAniAk-_- and i told you 12:29 <+catphish> YOU HAVE TO TURN IT ON IN SSH 12:29 < Alexander-47u> -ServerAliveInterval 30" -o "ServerAliveCountMax 3 12:30 < Alexander-47u> i used these command line parameters 12:30 <+catphish> there's no point setting it on the client, the client isn't the one keeping the connection open, need to set it on the server 12:31 <+catphish> mAniAk-_-: "It is important to note that the use of client alive messages is very different from TCPKeepAlive (below). The client alive messages are sent through the encrypted channel and therefore will not be spoofable." 12:31 <+catphish> 2 different mechanisms :) 12:31 < mAniAk-_-> ah ok 12:31 < mAniAk-_-> but setting it on only client should be enough? 12:31 < detha> No. ClientAlivecount on the server 12:31 <+catphish> mAniAk-_-: nope, his client is getting powered off, it's the server holding the connection open 12:32 < Alexander-47u> do i set ths in the sshd config? 12:32 <+catphish> sshd_config, yes 12:34 < Alexander-47u> i see a line TCPKeepAlive yes 12:34 < Alexander-47u> no line ClientAlivecount 12:35 < Alexander-47u> should i add like CLientAliveCount 20? 12:41 < Alexander-47u> so i set 12:41 < Alexander-47u> ClientAliveCountMax 3 12:41 < Alexander-47u> ClientAliveInterval 15 12:41 < Alexander-47u> in sshd_config 12:42 < Alexander-47u> is that good stuff ;P? 12:43 < `whoami`> what does the man says about those options ? 13:11 < regdude> Hi! Should TZSP encapsulate also VLAN tagged packets? It is supposed to encapsulate Ethernet frames, but nothing about VLANs 13:12 < atom138> https://arstechnica.com/information-technology/2018/04/suspicious-event-hijacks-amazon-traffic-for-2-hours-steals-cryptocurrency/ 13:12 < atom138> Holy. Moly. 13:14 < lupine> the blame is with HE 13:14 < lupine> but it couldn't have happened to a nicer bunch of people 13:15 < atom138> Well they aren't the last 13:25 <+catphish> lupine: whose router did the compromise? 13:29 < mrtnt> Am I correct that TCP "receive window"(which is a "send window" for sender) has nothing to do with TCP congestion control? TCP "receive window" is solely a property of TCP flow control? 13:30 < T_r3x> Hi everyone. I'm not sure if this question belong here but I'm looking for an open source messaging platform which I can host on my personal network and also has open APIs. 13:30 <+catphish> T_r3x: what kind of messaging? 13:31 <+catphish> you could install an IRC server, or an xmpp server 13:31 < lupine> catphish: some ISP pushed routes to HE for IPS it didn't own, which accepted them 13:31 < T_r3x> I want to create a chatbot to which I can tell something to do over this this messenger. 13:31 < lupine> presumably said ISP was compromised rather than malicious, but who knows 13:31 <+catphish> lupine: i just found some info, apparantly the ISP was "eNet" 13:31 < lupine> HE shouldn't have accepted the routes 13:32 <+catphish> interesting i never received the bad route, so i'm not totally sure who accepted it and who didn't 13:34 < T_r3x> @catphish : I can use IRC but is there any more user friendly alternative because I'm not the only one who would use this chatbot. 13:36 < djph> T_r3x: y'know, there are real people on IRC, some of them can even pass a Turing Test. Loads better than a chatbot... 13:39 <+catphish> T_r3x: see also xmpp 13:39 < detha> catphish: HE claims it came from a route server at equinix. They could have done radb filtering, but that's about it 13:39 < T_r3x> @catphish : Looking into it now. 13:40 <+catphish> detha: that makes a lot of sense, not just HE then, obviously google accepted it 13:40 < detha> apparently it got into some of google's 8.8.8.8 for a while 13:41 < detha> but if google took it from HE, or directly, the story doesn't tell 13:41 < bgsteiner> Yeah but google is just a mirror comming from amazon 13:42 < bgsteiner> Well i guess dnssec wouldnt have helped 13:43 < Peng_> Equinix said it was customer equipment and nothing's their fault 13:43 < detha> dnssec would have helped here 13:44 < detha> equinix is talking about the server that hosted the fake DNS there 13:45 < Peng_> detha: Oh! Sorry. 13:45 <+catphish> dnssec would have helped, as would route server filtering, the latter is more realistic 13:45 <+catphish> i doubt google take transit from HE, but dunno 13:45 < Peng_> DNSSEC would have helped, but if the domain was using DNSSEC, the attacker could've just done something else. 13:46 <+catphish> remember, this site has TLS, users intentionally ignored the warning and logged into a wallet. they ignored a certificate warning, and logged into a waller 13:46 <+catphish> *wallet 13:46 <+catphish> there's literally no helping some people 13:47 < detha> true. but since the attacker had control over DNS for the domain, they could just as easily have put a letsencrypt cert on it, or bought a legit DV cert on a stolen credit card 13:48 < Peng_> It's not known which routes Let's Encrypt saw 13:48 <+catphish> i really hope DV providers wouldn't trust a single route to DNS 13:48 < Peng_> But yes probably some DV CA was affected 13:48 <+catphish> i'm 90% sure letsencrypt has protection against this sort of thing 13:49 < Peng_> What kind of protection? 13:49 < detha> letsencrypt goes through quite a bit of effort to get routes from multiple places 13:49 <+catphish> Peng_: checking dns from multiple ASs 13:49 <+catphish> Peng_: if they don't they really really should 13:49 < detha> they do 13:49 < Peng_> They don't, currently. 13:49 <+catphish> well i do hope they add that 13:50 <+catphish> of course, it all depends how widely you can inject your routes 13:50 <+catphish> but it would help a lot 13:50 < Peng_> Their staging environment actually does validate from multiple locations, and they're cooperating with researchers on the subject. 13:51 <+catphish> also, maybe don't run all your DNS servers on < /24 routes 13:51 <+catphish> Peng_: cool, should help a lot if they can get some good validation in place ter 13:51 <+catphish> *there 13:51 <+catphish> i thought i read they were doing it 13:51 < tds> there's an interesting paper on getting certs via prefix hijacking: https://www.princeton.edu/~pmittal/publications/bgp-tls-hotpets17 13:52 < Peng_> All of their secondary validation servers on AWS at the moment. :D 13:55 <+catphish> the most impressive thing is that they served what must have been a significant portion of amazon's DNS from a small server for 2 hours :) 13:55 <+catphish> maybe they just dropped requests they weren't interested in, but that must have been some serious PPS 13:55 < detha> not really - they dropped everything not for one or two domains 13:55 < tds> iirc weren't they returning servfail? 13:55 < tds> I may have misremembered, though 13:56 <+catphish> i guess that makes it a little easier then 13:56 < detha> they routed a couple of /24s, but dropped everything not for 3 or 4 particular addresses 13:56 <+catphish> well that's one less ISP with easily compromised BGP i hope :) 13:57 < TandyUK> lots more learnign from it and protecting themselves too i hope 13:58 < TandyUK> every time somethign like this happens, i just remind myself of when pakistan null routed youtube 14:06 < linuxmodder> lol TandyUK 14:07 < linuxmodder> that was what 2 or 3 tears ago now? 14:07 < TandyUK> if not more lol 14:08 < linuxmodder> Why dnssec + knowing your normal routings from locations can be useful 14:09 < thomas_25> what is a good cross platform tool to diagnose network problems 14:09 < thomas_25> i have a win10 and a mac and even the LAN connections are very weird 14:10 < thomas_25> at this point I have tried nc'ing from mac to the FTP server on Win10 14:10 < thomas_25> it took a few seconds to even establish the connection 14:18 < TandyUK> id check your infrastrusture (switches, cables, etc) first tbh 14:18 < linuxmodder> tshark (terminal of wireshark) ethercap or simple nc | nmap should be sufficient 14:18 < TandyUK> basic things like swap out the patch leads just to be sure 14:19 < linuxmodder> or dropping something like packet tracers on parts of the infra to confirm the traffic continuity 14:20 < flying_sausages> Hey guys, I'm trying to set up a wifi ap on a development board and run a dhcp server on it so devices connected to the wifi can talk to the router and whatever software will run on it. But I can't get my DHCP to run and my devices are self-allocating IPs it seems. 14:20 < flying_sausages> I've got a dump with all the relevant info here I hope 14:21 < flying_sausages> https://pastebin.com/raw/QVYLimuQ 14:21 < flying_sausages> if someone could take a look that would be grand :) 14:24 < dogbert2> splitsville 14:24 < light> flying_sausages: tcpdump -i mlan0 14:26 < detha> flying_sausages: looks sane, if you want the interface to be .40.10 also put that in /etc/interfaces. Otherwise what light says. 14:26 < flying_sausages> light, I'll have to re-compile an image with this package for the board, anyo other way I could gather the data you'd need? 14:27 < flying_sausages> I'll start compiling it now though 14:27 < light> wireshark on the client then 14:27 < detha> wireshark on doze, if it can handle the wlan adapter 14:30 < flying_sausages> ok guys sec gotta get it 14:31 < thms> https://blog.cloudflare.com/bgp-leaks-and-crypto-currencies/ -> How was 1.1.1.1 affected when it's 205.251.19x.0 that was hijacked ? Can anyone enlighten me ? 14:34 <+xand> I think that's just an example 14:34 < Peng_> 1.1.1.1 wasn't hijacked. They used it as an example in the article. 14:35 < Peng_> However, Cloudflare's recursive DNS servers certainly do send lots of queries to the Route 53 authoritative DNS servers, and the hijacking did have some impact. 14:35 < light> "This poisoned DNS resolvers whose routers had accepted the route. This included Cloudflare DNS resolver 1.1.1.1." 14:36 <+xand> yes it would affect 1.1.1.1's "upstream" 14:36 < light> can you use a salmon analogy? 14:36 <+catphish> 1.1.1.1 forwards queries to the authoritative servers, those are what got hijacked 14:37 < detha> So one can conclude that cloudflare buys transit from HE 14:38 <+catphish> why? 14:38 < BottomX> catphish: Wat is that 1.1.1.1 whether it's a password 14:38 < BottomX> ? 14:38 <+xand> what 14:38 <+catphish> HE arent special in all this 14:38 < detha> catphish: didn't you prove that the 'wrong' route didn't appear in your HE peering? 14:39 <+catphish> anyone who peers at the same exchange could have accepted those routes, or anyone who pays HE 14:39 <+catphish> detha: it wasnt in my HE peering, but it was in HE's full table 14:39 < detha> Therefore, CF pays HE money 14:39 < Peng_> Not sure if you've read Cloudflare's blog post, but they listed which of their locations used the bad route. 14:42 < thms> xand, Peng_ thanks :) 14:58 < mfreitag> alco catphish building on our discussion about BCP38 yesterday and how if I'm your upstream provider your prefixes are none of my business, I disagree even tho I trust you to not be malicious, I don't trust you to not fat finger something 14:59 <+catphish> mfreitag: i don't see how fat fingers are a problem 14:59 <+catphish> the only problem is with compromised hosts afaik 15:00 <+catphish> it's not like you can do any damage by misconfiguring a source address 15:00 <+catphish> but there's no arguing that most end users can't be trusted not to get their machines compromised and participate in DDoS attacks with spoofed IPs 15:00 < detha> catphish: fatfingering things in BGP announcements breaks interwebz 15:00 < TandyUK> BCP38 stops a lot of outgoing DDOS 15:01 <+catphish> detha: this was about source address filtering, not BGP 15:01 < mfreitag> maybe I misunderstood BCP38 when I read it :\ 15:01 < mfreitag> I need to read that agan XD 15:01 < mfreitag> *again 15:01 < TandyUK> BCP38 is primarily for consumer isps for example, so their DSL users cant spoof source addresses in udp traffic 15:01 < detha> bcp38 was about reverse path filtering, mainly, iirc 15:01 <+catphish> mfreitag: it's extremely simple, all it says it "don't allow packets to leave your network unless their source IP belongs on your network" 15:01 < TandyUK> so they cant send traffic claiming to be originatiing off-net 15:02 <+catphish> so it prevents DDoS attacks where hosts spoof random IPs, or the IP of the attack target as their source 15:04 <+catphish> 99.9% of the time, it's awesome, the 0.1% of the time i'm trying to do something weird using my own IPs with a residential ISP it's annoying 15:16 < dogbert2> who is your provider, catphish 15:17 <+catphish> i have several in the UK 15:22 < flying_sausages> ok, a whole different issue. I have two Ubuntu 16.04 hetzner servers both with a 1Gbps line but I'm getting like 4MB/s, can anyone try help me torubleshoot this? What tools should I get to try 15:23 < detha> an email client, to send a complaint to hetzner ? 15:24 < flying_sausages> hahaha 15:24 < flying_sausages> well, is it possible I fucked it up myself to begin with? 15:24 < flying_sausages> I'm running iperf3 and I'm gettin &MB/s 15:24 < flying_sausages> *8MB/s 15:24 < detha> between where and where ? 15:25 < flying_sausages> FSN1-DC7 and NBG1-DC1 15:25 < tds> catphish: what's the expected way for providers with downsteam customers to filter source addresses - just based off irr data? 15:25 < flying_sausages> two cities in germany I'm assuming, the latter being nurmberg..? 15:25 <+catphish> tds: for BGP, yes 15:26 < detha> flying_sausages: get speedtest-cli and see what your bandwidth to some random server is 15:27 < flying_sausages> yeah I'm iperfing bouuyhues in france and I'm getting 4MB/s 15:27 < detha> MB or Mb by the way? 15:27 < flying_sausages> all MBs sop far 15:27 < flying_sausages> NOW 15:28 < flying_sausages> 845 Mbit down and 234Mbit up to ludwigsburg 15:28 < flying_sausages> so that's my gigabit right there 15:28 < flying_sausages> let's try server 2 15:28 < afx> im pretty sure those speeds are not guarantieed 15:29 < UncleDrax> it's the Internet, nothing is guarenteed 15:29 < flying_sausages> actually I think they might be, lket me check 15:29 < afx> i mean 15:29 < flying_sausages> or some reasonable number like 100Mbit 15:29 < detha> if those are VPSs, you will probably be told "The T&C say 'up to 1Gb/s'" 15:29 < djph> UncleDrax: is that a guarantee? 15:29 < afx> it is guarantieed to hetzner but not to hetzner clients (and not anything else on the internet of course) 15:30 < afx> and i guess this 1gbps pipe is shared to tons of vpses 15:30 < UncleDrax> djph: I guarantee that nothing is guaranteed ;] 15:30 < afx> because they cant be priced so cheap if that 1gbps was dedicated :P 15:30 < flying_sausages> well I got two hetzner boxes >:( 15:30 < flying_sausages> gdermit 15:30 < afx> do you know how much 1gbps guaranteed pipe costs per month? 15:30 < afx> :) 15:30 < flying_sausages> nope 15:30 * dogbert2 gets ready for w3rk...l8r 15:30 < UncleDrax> and a 1Gbp to.. 'where'? 15:31 < flying_sausages> more than 60e/mo im assuming 15:31 < afx> also that 15:31 < afx> yea. they had to utilize (i.e. share it) 15:31 < afx> and also even the closest servers you test wit 15:31 < afx> may not be able to provide dedicated line for the same reasons 15:31 < UncleDrax> 'The Internet'? you literally cannot guarantee anything past your borders on the Internet. The next-hop can molest your packets, have way over-sub'ed links, or have failing equipment. 15:31 < flying_sausages> either way the connection is slow only between my two servers 15:33 < ZedHeadTed|> UncleDrax: Would an MITM attack be considered molesting packets? 15:33 < flying_sausages> back to the original issue at hand, what could the most likely blocks be for slow sleepds like these? 15:33 < flying_sausages> I'm using SFTP but I was getting 35MB/s before I reinstalled my destination server 15:34 < UncleDrax> ZedHeadTed|: unless it's a passive MITM, which isn't very MITM actually, then yes, you're molesting packets. 15:34 < detha> flying_sausages: buffer sizes/ 15:34 < mAniAk-_-> flying_sausages: your servers and/or anything between them 15:36 < mAniAk-_-> flying_sausages: try iperf3 and an udp test instead, try some bandwidth values, test multiple streams, see if theres any packet loss 15:42 <+catphish> ugh, wonder why my ISP feels compelled to offer such poor upload speeds seemingly without any technical reason, mine just emailed to say they're getting rid of data caps on many packages after a network upgrade, my package seems to still have a data cap, but now only 10% upload bandwidth 15:44 < UncleDrax> it's a dirty way of creating an artifical cap, and mitigating (if relvent) copyright issues and people home-servering eating up BW 15:45 < UncleDrax> that said, are they selling a higher up rate? 15:47 < pathrocle> is it posible to get a web server running on private lan to be run on https not http (posible for free ? ) 15:47 <+catphish> UncleDrax: nope, they just don't seem to offer faster speeds 15:47 <+catphish> UncleDrax: i don't think copyright is really an issue, 1) why would they care 2) you can infringe copyright perfectly well at 10Mbits :) 15:47 < UncleDrax> catphish: well that's silly. if you're gonna artifically reduce and cap Up, sell a better package at least! what's the point of only being half-evil. 15:48 <+catphish> UncleDrax: may well be aimed at discouraging things that eat bandwidth all the time though 15:48 <+catphish> one thing i'd like to do is run my CCTV server off-site, and it kinda stops me doing that 15:48 < ldiamond> pathrocle: you can make your own certificate, sign it, and add your CA cert to your client devices. 15:49 <+catphish> but there can't be many residential users that want to upload all the time 15:49 < UncleDrax> catphish: eh i dunno.. a lot of DIYs and semi-Tech people are into home-IP Cams now. plus security companies sell that too, etc. 15:50 <+catphish> UncleDrax: thats true 15:50 < UncleDrax> plus bot-netted IoT crap ofc 15:50 <+catphish> according to their website, my plan has changed from 100/50 to 100/10, hardly the upgrade the email subject promised 15:51 < UncleDrax> ya that's.. weird. 15:52 < TandyUK> [14:47] is it posible to get a web server running on private lan to be run on https not http (posible for free ? ) << Pretty sure a lets encrypt cert would work, though you might need to open it up to the world to ge tthe cert issued 15:52 <+catphish> if they can offer 350Mbps download with no data cap, why can't i have 50Mbps upload with no data cap, it costs the same (maybe even less, you have to assume since they're not a host, their upstream is less congested) 15:53 <+catphish> pathrocle: if you want the cert for free you'll need to use letsencrypt, which means opening the server publicly 15:53 < TandyUK> catphish: they probably have very asymmetric links 15:53 <+catphish> pathrocle: alternatively, just buy a cert 15:53 <+catphish> TandyUK: maybe their backhaul is asymmetric, i hadn't considered that, they share it with a company that does hosting 15:54 < TandyUK> that might even be why, but i know our DSL backaul doesnt have to by symmetric 15:54 <+catphish> i assumed they just rented a whole wave each way, but maybe not 15:54 < TandyUK> eg i can buy 10g down, 1g up 15:54 <+catphish> anyway, i asked them if they can do better 15:54 <+catphish> interesting, that's probably what they do, i'll see what they say, but that makes a ton of sense 15:56 < detha> catphish: also, down comes 80% from caches the CDNs give them, upstream they don't have a clue where it goes 15:57 <+catphish> i doubt they have any local cache, but it's certainly possible, if netflix have an off the shelf cache, they may well have one of those 15:58 < TandyUK> generally these are in the exchanges 15:58 < TandyUK> eg, anyone peering at telehouse can access any of the cdns there (once they set up peerings) 16:00 <+catphish> makes sense 16:00 < detha> if you do over 1Gb/s or so from netflix, they will ship you a cache box 16:00 <+catphish> i figured it was more about the backhaul 16:01 < thothcastel__> thanks to all who were helping me yesterday with an ASA5525-x - connection via http and asdm - I have now upgrade its image to 9.9 together with its relevant ASDM and it works -D 16:02 <+catphish> most of my upload is peered, but i guess they don't know that :) 16:02 <+catphish> my CCTV would be anyway 16:02 < pathrocle> catphish, how can i buy one for a local ip? 16:02 <+catphish> pathrocle: you can't, you need a domain name 16:02 <+catphish> pathrocle: or you can just generate your own CA and sign your own certificate 16:04 < thothcastel__> asdm 7.9.2 compatible to 7.5.2 16:06 < RogerFederer_> hey 16:06 < RogerFederer_> am i alllowed to ask a question 16:07 < UncleDrax> that was a question, and you asked it, so we'll go with 'yes'. 16:07 <+catphish> i'm glad the drbd documentation makes this clear: Data loss is, of course, inevitable even with this replication protocol if all nodes (resp. their storage subsystems) are irreversibly destroyed at the same time. 16:07 <+catphish> in case there was any doubt 16:07 <+xand> you don't exactly have to make servers public for letsencrypt... you can allow only http/80 to the world and require all real access to be via 443 16:08 < UncleDrax> catphish: I've been happy with my limited DRBD deploy thus far (using it underneth Ganeti). 'just works'. but ya, that's the obligatory 'HA != DR' reminder that too many people still need. 16:08 < RogerFederer_> is this a tennis channel 16:08 <+xand> yes definitely 16:08 <+xand> you can tell by the naem 16:09 < RogerFederer_> i have won consecutive grand slam titles 16:09 < RogerFederer_> as well as Rolland Garos 16:09 < redrabbit> what's up doctor 16:10 < UncleDrax> What does Tennis and Networking having in common.. let me ponder.. both use the term 'Net' a lot. Both: If you look you see plenty of balls (sorry, had to). some other stuff I imagine 16:10 <+catphish> i'm trying to work out if i can make a pair of linux boxes that to iscsi in a synchronous multipath manner with replicated data 16:10 <+catphish> it seems there's no off the shelf way to do this 16:10 < RogerFederer_> because i am extremely good at hitting the tennis ball over the tennis net 16:12 < rjphares> i this channel for c/c++ networking? 16:12 < rjphares> j/w 16:12 < RogerFederer_> no its for tennis 16:12 < rjphares> right on 16:12 < redrabbit> yeah 16:13 < UncleDrax> catphish: ya, that's a level of storage I haven't had to get to yet. doing something like Ceph/Gluster won't accomplish the same goal for what you need? 16:13 < RogerFederer_> at 36 years old i am still able to hit my mighty kick serve 16:14 < ZedHeadTed|> RogerFederer_: You're my favorite tennis player! <3 16:14 < RogerFederer_> this is because i am the best 16:15 <+catphish> UncleDrax: i don't think so 16:15 <+catphish> i do like gluster, but this is kinda different, separate storage nodes with iscsi 16:15 < zamba> hi! we have a protocol that is very sensitive to jitter and latency issues.. so we were thinking about setting up some sort of proxy that will introduce some buffering to iron over the jitter and latency issues 16:15 < zamba> does this sound like a proper way of addressing this? 16:15 < redrabbit> how do you deal with tennis elbow 16:16 < zamba> the latency is 600 round trip 16:16 < UncleDrax> 600 milliseconds or microseconds? 16:16 <+catphish> zamba: why not just put the buffer in the app 16:16 < zamba> and there is some jitter on the connection as well 16:16 < RogerFederer_> i use a specially designed ultra boost arm max wrist band 16:16 < zamba> catphish: unfortunately the app is written to use on LAN-grade network 16:16 < zamba> UncleDrax: milliseconds 16:17 < flying_sausages> mAniAk-_-, I tried booting into a rescue system and tried iperf there and there I get nice speeds 16:17 < flying_sausages> so I know that it's the config of the machine, somehow 16:17 < flying_sausages> nothing in between 16:17 <+catphish> zamba: well the only options are to fix it, or proxy it, you're right 16:17 < zamba> catphish: how would you go about creating the proxy? i mean which methology? 16:17 < zamba> because the speed needs to be more or less maintained 16:17 < RogerFederer_> you need a proxy to iron over your latency and jitter issues 16:17 <+catphish> it's not very hard, just a pair of sockets and a fifo 16:18 < zamba> catphish: the problem is that the LAN side of the proxy will output data faster than the incoming side of the proxy 16:18 < zamba> catphish: we need to try and maintain the timing as best as we can 16:18 <+catphish> zamba: not if you write it properly 16:18 < zamba> catphish: exactly.. so that's why i'm asking about which methology to achieve just that :) 16:19 < zamba> what tools/methods to use to try and maintain a fixed speed towards the lan side, for instance 16:19 < RogerFederer_> why dont you just iron over your protocol with a correct proxy socket 16:19 < zamba> sigh 16:19 < zamba> i can't touch either end of the protocol 16:19 < zamba> it's not MY procotol 16:19 <+catphish> well at its simplest, you just need a timer, send a packet every time it fires, stop if there are < n packets in the buffer 16:19 < zamba> black boxes at either side 16:19 < zamba> catphish: the problem is the stopping 16:20 <+catphish> until there are > x packets in the buffer 16:20 < zamba> catphish: if we stop, the connection breaks 16:20 <+catphish> zamba: well you can't do anything about that 16:20 <+catphish> you can't make packets from nowhere 16:20 < RogerFederer_> yes the problem seemes to be the buffer filling up with protocol packets 16:20 < zamba> so we need to throttle down the speed somehow 16:20 < zamba> to account for missing/late-arriving packets 16:20 < rjphares> anyone know of any c/c++ network projects for beginner?(windows) 16:20 < mAniAk-_-> zamba: stopping is throlling down... 16:20 <+catphish> are these packets send at fixed intervals? 16:20 < zamba> mAniAk-_-: true 16:20 <+catphish> if so, i already gave a solution 16:21 < zamba> catphish: so far i haven't inspected the stream itself.. i'm waiting to get access to the equipment so i can test 16:21 <+catphish> run a timer, send one packet per timer interval, if there are < x packets in the buffer stop, if there are > y packets in the buffer, start 16:21 < RogerFederer_> i think it could be a technical issue 16:22 < zamba> mAniAk-_-: but that's what i can't do, i can't stop. so i have to have a big enough buffer (guesswork) to account for all the potential jitter issues that can arise 16:22 < ||cw> zamba: you might be over thinking this 16:22 <+catphish> if you want it to be smarter, and the packet rate isn't fixed, then adjust the timer interval up or down gradually depending on the size of the buffer 16:22 < zamba> catphish: there are certain packets in the stream that has to arrive at more or less fixed intervals 16:23 < RogerFederer_> yes use a dynamic timer responsive interval implementation shit 16:23 < zamba> ||cw: oh? 16:23 < ||cw> instead of trying to account for every possible optimization, just make the basics and tweak as needed 16:23 <+catphish> zamba: the other option is to set the timer based on the size of the buffer, if it starts to get smaller, stretch out the timer interval 16:23 <+catphish> try both ways, have fun with it :) 16:23 < ||cw> simply smoothing the incoming jitter may be all you need 16:24 < detha> zamba: if you can not touch the protocol, then only 100% reliable way is to encap it in something with timestamps, proxy on both sending and receiving side 16:24 < RogerFederer_> zamba the timer and the buffer are highly related 16:24 < ||cw> you do need to make it adaptive to keep the latency down. 16:25 < ||cw> if it's a 2 way stream anyway. if it's just one way, buffer away. 16:26 < zamba> ||cw: yeah, that's what i'm thinking as well 16:26 < zamba> ||cw: but how do you "smooth the incoming jitter"? :) 16:26 < mAniAk-_-> zamba: unless there is congestion on the parts of the network path that you control you dont really need to do anything 16:26 < ||cw> make the buffer size dynamic, measure jitter as you're doing the initial buffer and make big enough to span any jitter plus a little padding 16:26 < mAniAk-_-> zamba: if there is congestion just prioritize it, give it a commited rate it can send 16:27 < RogerFederer_> zamba you need to set the congestion route to an interval the buffer can adapt at 16:27 < zamba> ||cw: how long of a sampling period do you estimate for this? 16:27 < zamba> ||cw: are we talking seconds? 16:27 < RogerFederer_> possibly 16:27 < ||cw> depends on what time delay you want to hold 16:27 < zamba> yeah, agreed 16:28 < ||cw> and the data rate 16:28 < zamba> i'll return with this project once i have some more details to work with 16:28 < zamba> for now we're going to do some initial testing to see the datarate, jitter and stuff like that 16:28 < detha> zamba: greatly depends on what the sender does. If time between packets at the sender is constant, easy. If it varies, you are stuffed 16:28 < zamba> i proposed just doing packet dump at the sender and receiving end and inspect the differences 16:29 < zamba> detha: hehe, yes 16:29 < Aeso> zamba, that's a good place to start 16:29 < zamba> ok, guys.. thanks for now! i'll be back :) 16:29 < RogerFederer_> zamba do u have any more technical questions 16:29 < zamba> RogerFederer_: i probably will, later on 16:29 < RogerFederer_> because it seems like you're just crapping on 16:30 < zamba> RogerFederer_: huh? what? 16:30 < RogerFederer_> i am highly good at tennis 16:31 < flying_sausages> hey again small recap, so I've got wo hetzner machines that should have a gigabit connection between them but they don't when trying iperf3, where I get like 53Mbit and that's it. Both machines independently perform to other speedtest servers as they should. When I boot into rescue on machine that's receiving and run iperf3 then, then I get good speeds, so the issue must be on machine 2, which is running Ubuntu 16:31 < flying_sausages> 16.04 I guess. Any idea where to start looking 16:31 < zamba> you seem more high than good 16:32 < RogerFederer_> well first of all iperf3 is not the latest edition 16:33 < RogerFederer_> that is why you are getting superior latency but not speed 16:33 < flying_sausages> I get good speeds to other servers but not my hetzner1 16:34 < flying_sausages> but that is only the case when in my ubuntu 16.04, when I boot a rescue debian the speeds are fine 16:34 < RogerFederer_> did u configure the mainframe? 16:34 < flying_sausages> sorry what? 16:34 < RogerFederer_> the mainframe 16:34 < tds> how were you performing the other speedtests, using public iperf servers or just wgeting large files or something? 16:34 < flying_sausages> tds, speedtest-cli 16:34 < detha> flying_sausages: compare sysctl values between fast and slow instances 16:34 < flying_sausages> RogerFederer_, are you EricAndreing me? 16:36 < flying_sausages> detha, /etc/sysctl.conf ? 16:36 < detha> flying_sausages: to be sure, 'sysctl -a | grep net' 16:37 < flying_sausages> okok 16:38 < flying_sausages> but how could a different OS make a difference when connecting to a specific IP..? 16:38 < flying_sausages> or OS config 16:44 < flying_sausages> radio check 16:44 < flying_sausages> detha, this is what came up, I have no idea what any of it does though :( https://www.diffchecker.com/vD7wA1ot 16:44 < flying_sausages> left is bad, right is good 16:46 < tds> what are these servers running? 16:46 < tds> if there weren't any changes in /etc/sysctl.conf, it sounds like some application is modifying them 16:47 < detha> debian vs. ubuntu, different kernel versions 16:47 < detha> (and slightly different defaults, but nothing that jumps out) 16:48 < nikitasius> morning folks, have a question to ask.. When i test with MTR and i see latency 5mc it mean 5 ms from me to target AND back (i.e. 2.5+2.5) or it's a half way and finally it will be 5+5=10 ms ? 16:48 < nikitasius> im completely bugged with.. normally it's RTT full time.. i guess 16:49 < flying_sausages> tds, Ubuntu 16.04 16:49 < detha> RTT, i.e. there and back 16:49 < flying_sausages> hetzner2 should be running nginx, znc, rtorrent, vsftpd, fail2ban, ufw, 16:49 < nikitasius> detha: well when i ping or use MTR and i see 5ms, mean there and back i.e. full road? I'm correct?.. :| 16:50 < detha> correct 16:50 < nikitasius> detha: thanks. i was worring what final time will be 2x time 16:50 < tds> the path it shows is only for the route there though, you can't know the reverse route without access to the remote system (ish) 16:51 < drathir> detha: hmmm... net.unix.max_dgram_qlen what stand for ? 16:52 < detha> drathir: I'would have to dig in kernel source, but something udp something I guess. 16:53 < flying_sausages> detha, of the list above f2b can't be a culprit, stopped it and it's fine 16:53 < drathir> detha: thanks, no no needed if thats udp connected... 16:54 < detha> flying_sausages: silly question, but are IP address, routes and MTU the same for rescue and ubuntu? 16:54 < flying_sausages> tds, uff no clue but both are untouched 16:55 < flying_sausages> sorry, I meant to ping detha 16:56 < detha> flying_sausages: doesn't mean they are the same though - different distributions set different defaults. 16:56 < detha> Also, does this affect speed both ways, or just one-way ? 16:57 < drathir> detha: yea but that could be anything fw/router traffic shaping ^^ even hijacking dns ^^ 16:57 < flying_sausages> detha, damn you're onto something, the other direction ()hetz2 -> (hetz1) the speeds are fine 16:58 < drathir> flying_sausages: try use iperf... 16:58 < flying_sausages> iperf or iperf3? 16:58 < detha> drathir: he is 16:58 < flying_sausages> i am using iperf3 16:58 < drathir> flying_sausages: can try both ^^ 16:59 < drathir> flying_sausages: pm ip of server? 16:59 < flying_sausages> drathir, for iperf3? 16:59 < drathir> flying_sausages: yep... 17:04 < drudge`> woa, that was quite the split 17:06 < drathir> thats not me i hope *hides* 17:09 < jvwjgames> why do those happen 17:10 < UncleDrax> netsplits? when IRC Server nodes can't talk to one another 17:11 < UncleDrax> for whatever reason. 17:11 <+xand> clogged tubes 17:11 < UncleDrax> legit 17:11 < UncleDrax> someone flushed something they shouldn't have into the Internet 18:09 < derp10327> Trying to plan out a fictitious network for a class and am basically done with the logical plan. Just need to add subnet and ip addresses to the diagram. Decided to check my pc's ethernet info to get a start on that business when I discovered this: 18:09 < derp10327> https://i.imgur.com/gIOkCjV.png 18:09 < derp10327> how in the fuck am I online rn lol 18:10 < paradis> my home wifi is crappy. can someone from the internet cause it? 18:10 < tds> derp10327: do you have an ip on the vethernet interface? 18:10 < derp10327> @tds, lemme check lol 18:10 < tds> I don't use windows, but that sounds like it might be some kind of bridge device attached to the physical interface 18:10 < derp10327> it's for hyper-v 18:10 < Quatermass> all the botnets are showing their undies :P 18:11 < skyroveRR> paradis: are you getting less bandwidth? 18:11 < derp10327> @tds, yeah that has my correct info in it. wtf, that's not a virtual switch then lol 18:11 < paradis> skyroveRR: yeah after I went to some webchat 18:12 < skyroveRR> paradis: what's your internet speed, and how much are you getting? 18:12 < skyroveRR> * what's your total internet speed 18:13 < paradis> my internet is not stable sometimes its okay but most of the time its crappy 18:13 < tds> derp10327: at least with linux bridges you typically don't assign IPs on the physical interfaces and put them on the bridge instead (similar to a "virtual switch I guess), I'm not familiar with how windows does it but that sounds similar 18:13 < paradis> i went to a gay channel and made fun of them 18:13 < skyroveRR> Heh 18:14 < derp10327> yeah, just caught me by surprise lol. Only created that switch the other day 18:14 < paradis> is it possible they are the reason my internet is crappy? 18:15 < skyroveRR> paradis: probably.. 18:15 < derp10327> By god this is the dumbest assignment ever though. I had the choice between doing this "network design" project or interviewing a network administrator (who I'd have to find and convince to do the interview with) for AT LEAST four hours 18:15 < derp10327> Unfortunately, I'm not a big enough dick to waste half of someone's day 18:15 < paradis> if so, how do I fix this skyroveRR 18:15 < skyroveRR> Get off the internets, they are coming for you! 18:15 < derp10327> lool 18:17 < derp10327> he's safe now 18:17 < skyroveRR> He left? I'm actively ignoring join/quit/part messages... 18:17 < derp10327> yeah lol 18:17 < skyroveRR> hah 18:18 < Demos[m]> Ok so are there sane reasons to have rsync with permissions rwsr-x-rx? 18:19 < derp10327> So I've picked a subnet for the network, 255.255.255.0, https://i.imgur.com/9Rjg3dB.png should I assign the first host to the router? 18:20 < derp10327> also welcoming all feedback on that logical plan lol 18:20 < tds> first major issue, you're using legacy IP ;) 18:21 < derp10327> What do lol 18:21 < derp10327> vs ipv6? 18:22 < tds> yes 18:22 < derp10327> we barely discussed ipv6, I think I'll save myself the hassle since it's not even a real network lol 18:23 < Dagger> it should be zero extra hassle... or in fact less hassle if your v4 plan involves NAT 18:25 < derp10327> this plan includes nothing tbh 18:25 < derp10327> I was only made aware a few days ago and have very few realistic requirements. The only true realistic requirement is pricing (yet there's no budget) 18:28 < jnewt> need some help getting local dns working properly. i have an edgerouter lite, i have use-dnsmasq set to disable and hostfile-update set to enable. dhcp is working. i can ping static hosts on the LAN by ip and name, i can ping dynamic ones by ip, but not name. i cannot ping the router by name, only ip. 18:30 < Quatermass> look at all the [m]'s lol 18:31 < MrPockets> y 18:37 < dude12312414> what kind of meme is this 18:38 < johnnyap0l> i guess the matrix irc gateway went down for a bit and then came back up 18:38 < johnnyap0l> like a mini netsplit 18:38 < grawity> that gateway gives a whole new meaning to 'a glitch in the matrix' 18:38 < johnnyap0l> rofl 18:38 < johnnyap0l> good one :) 19:04 < `whoami`> hi, when your router uses the same subnet for wireless and wired interfaces, there's still some forwarding involved, right ? 19:05 <+xand> `whoami`: they are bridged together usually 19:07 < `whoami`> mh okay, bridges is a subject I need to dig a bit, thanks ! 19:29 < Kythlo> Does Miracast affect wireless access points in anyway? Like the frequency or anything? 19:35 < CWR|90783> hi 20:29 < UncleDrax> so.. customer partial-table/default-only BGP peering.. thoughts on making my (thier upstreams) IP be VRRP.. Y/N/A/R/F? 20:30 < UncleDrax> guess I should ask the more savvy customers what they prefer and what thier expected failure state is 20:31 < obcecado> doesnt vrrp require ips for each router? besides the vip 20:31 < obcecado> public ips i mean 20:32 < detha> UncleDrax: rather think about how badly unsavvy customers can break it 20:35 < WebDoll> Can I have 3 wireless access points in my house with roaming? …so users logged into one will automatically switch to the closest access point with the strongest signal? 20:35 < E1ephant> just use the same ssid and settings 20:35 < E1ephant> and the clients will pick the best AP 20:36 < WebDoll> E1ephant: Are you sure? 20:37 < E1ephant> WebDoll: errr, are you unsure? 20:37 < E1ephant> you seem unsure 20:37 < WebDoll> I know the log in will happen with all 3, but will the clients know to keep comparing signals and switch when advisable? 20:37 < E1ephant> that is how it generally works in wifi 20:38 < detha> WebDoll: yes 20:38 < WebDoll> Sweet. 20:38 < WebDoll> Sweet Georgie Brown. 20:38 < detha> That said, the shittier the client, the later it will switch 20:38 < E1ephant> any manipulation the APs do will effectively just mess with TX power, to "scoot" a client to a new AP 20:38 < WebDoll> So then which wireless access points? 20:38 < WebDoll> What's the good stuff? 20:38 < E1ephant> yeah the client making the decision is largely your problem 20:38 < E1ephant> turning down power is often just as agood a solution as more power 20:39 < E1ephant> ruckus, aerohive? 20:40 < E1ephant> for a home though, that is pretty high end budget imho. 20:41 < WebDoll> This is for a home. I need a main router/gateway with *NO* wireless that will connect to a DOCSIS 3.0 cable modem. From there, I want to use the router's Ethernet ports to branch out to 3 locations in the home. Each location needs an 8-port switch, to which the wireless access point would connect. So that's (1) router, (3) 8-port switches, and (3) wireless access points. What's the best gear to get for all these items if I want t 20:41 < UncleDrax> detha: important point re: breaking it. 20:42 < alabaster> I have a simple yet maybe dumb question if I may ask 20:43 < UncleDrax> don't ask to ask, just ask. (which doesn't mean to imply someone knows the answer, just that it's generally OK to ask) 20:43 < alabaster> since there is a lot of companies with business solutions products how do other companies use or take advantage of that product or platform 20:43 < alabaster> generally 20:44 < alabaster> sorry... Drax I wanted to Caveat my dumb 20:44 < UncleDrax> that is a incredibly broad question. what do you mean by 'business solution products'? like 'I am a manufacturer that needs to optimize my assembly lines', or do you mean like 'office 286' ? 20:45 < alabaster> do companies run the product from the main companies server (obviously) and do they lease or sell the product to run on another companies own server if the client company has a lot of POS or customers that they are taking care of 20:45 < alabaster> say like a tax solution software or POS and customer info software solution 20:46 < alabaster> I'm actually trying to figure out what the secondary company (the client) does to run that software for their businesses) 20:47 < UncleDrax> sounds more like SaaS ? say I provide said Tax Solution, and you as a company subscribe/pay/rent to assess my tax solution and use it? 20:47 < alabaster> do they run it on their own application server? 20:47 < alabaster> yeah Drax I guess that be one case 20:47 < UncleDrax> i mean tbh it depends on how hte product is offered. some places offer 'Cloud Hosted' or "Remote Hosted".. or some make you run an Appliance/Service/device 20:48 < UncleDrax> some do both 20:48 < UncleDrax> tbh, pick a product space at random - and search around for vendors in that space and see how they provide it 20:48 < alabaster> if the product is downloadable than can a company that paid for the liscense do they or can they run it on their own server? 20:49 < UncleDrax> most vendors worth a spit will post 'we have cloud hosting or if you prefer an easy to install appliance' type stuff 20:49 < UncleDrax> depends on the specific product/vendor. 20:50 < alabaster> yeah I know most companies you pay to use the software and they offer to the company to be opened in a web page/ client app or even phone app 20:50 < UncleDrax> sure 20:50 < UncleDrax> and some companies offer server SW you run locally and your client-software talks to it. some soluitions are a bit of both 20:51 < alabaster> So I guess that answers that but say its a downloadable product what type of server does it take to run the main companies software for their own company 20:51 < alabaster> an application server? 20:51 < alabaster> a normal web server? 20:51 < UncleDrax> the company should provide a spec sheet on server/hosting requirements for thier product. 20:52 < UncleDrax> ie: 'requires windows NT4 and node.js with nginx and 1600000GB of RAM with a billion-TB of available disk' 20:52 < UncleDrax> a silly example ofc, but gets the point across 20:52 < alabaster> I guess what I am asking is in general in networking we know the main types of servers. Can a webshosting server run another companies product for the client business 20:53 < UncleDrax> a server is just a piece of software that runs on a computer somewhere. 20:53 < alabaster> yep 20:53 < UncleDrax> an 'application server' is just running specific software for a specific application. a webserver is.. as-i-see-it, just an application. 20:53 < alabaster> but would generally any server run an application for a business from another business? 20:54 < alabaster> I guess you're right so there'd be no difference 20:54 < UncleDrax> depends on specifics of the software and install 20:54 < UncleDrax> trying to abstract this to this level just makes me want to go stab my manager 20:54 < UncleDrax> ;] 20:55 < alabaster> if I needed thousands of my own store to access that software that's put on the companies server. Would you generally require an application server instead of a webserver 20:55 < alabaster> haha 20:55 < UncleDrax> me? I would look at the requirements of said software and plan accordingly. this all reeks of handy-wavy-cloud-architect-tomfoolery to me 20:56 < alabaster> Im not even working, nor involved in any business. I'm just curious 20:56 < UncleDrax> hashbrown DEVOPS hashbrown fsckitdoitlive 20:58 < WebDoll> Who makes the best wireless access points for home users that need multiple access points with seamless roaming? 21:00 < alabaster> it just seems like when you look up application servers you get a server for web apps 21:00 < jvwjgames> WebDoll: ubiquity 21:00 < UncleDrax> alabaster: yeap. to most of the world that's what 'an appserver' means. 21:00 < detha> WebDoll: 'home' budget and 'seamless roaming' do not go together. The least bad is probably ubiquity yeah 21:01 < alabaster> what if I had a program that was going to be accessed by my companies 100s of POS's than can I run a normal decent webserver for a program? 21:02 < alabaster> then* 21:02 < UncleDrax> alabaster: you should consult the POS vendor's recommendations for system requirements and follow those guidelines. 21:02 < detha> alabaster: too wide a question. 'how long is a piece of string?' 21:04 < Kythlo> How do I know how what IP address Miracast is assigning for p2p? Or what access which access point it is so i can check signal strength. using windows 10 to connect to a Sharp LCD tv 21:04 < alabaster> ok here's the deal. I know a lot of people now that work for companies that do that type of thing. especially around here. It's business solutions and people get paid a fairly decent amount an hour as a job to troubleshoot the companies clients problems with the software or POS or client's server. I'm trying to find a place to start to learn to get into a tech job like that 21:06 < alabaster> obviously each program/platform/software has its own internal problems or situations that can arise but learn enough of how the set-up usually is to be able to research and learn before hand 21:06 < E1ephant> WebDoll: ubnt? 21:06 < alabaster> so I'm trying to figure out in simplest terms the structure or general structure or set up to know where to hone into learning or researching 21:07 < Whiskey`> E1ephant: nope ubnt killed the seamless roaming 21:07 < UncleDrax> yeap. if you're aiming to be an offical support tech for $vendor/company, go get hired at that company and learn thier gear. If you want to be unaffliated, jot down a couple company names and poke around the web/support forums for those products. Everything else is just basic computer|network troubleshooting. 21:07 < E1ephant> I mean don't go for seamless roaming in a home setting 21:07 < Whiskey`> they now use .... 11r? i think 21:07 < E1ephant> client roam is fine 21:08 < Whiskey`> E1ephant: agreed 21:08 < E1ephant> 11r would be soe orchestration no? 21:08 < Whiskey`> and its a toss up for ubnt vs mt 21:08 < E1ephant> tbh I have never had to lean on controller/AP based roaming 21:08 < E1ephant> beyond TX/RX power 21:08 < Whiskey`> E1ephant: yea i rarely need it and never in a home setting 21:08 < E1ephant> meraki free gear maybe? 21:08 < Whiskey`> ewwww 21:09 < Whiskey`> but, yea that could work 21:09 < alabaster> drax that sounds like a good idea. Peruse their forums for clients bitchings. 21:09 < E1ephant> do you really need 3 switches? would a patch panel and runs to a closet work? 21:09 < UncleDrax> alabaster: if you know people that work in that space, ask if they need an intern|apprentice 21:09 < E1ephant> if your house has a mmr that is within 100m of everywhere that is far easier imho 21:09 < alabaster> And that's kinda what I figured.. if i'd been out of work for a while get certified with a simple comptia linux/network+ usual certs 21:10 < Whiskey`> E1ephant: most people cant do decent retrofit wiring 21:10 < Whiskey`> so they stick to what they have in place or can easily run 21:10 < E1ephant> yeah can be an issue 21:11 < Whiskey`> and really, 3 switches isnt much in a home 21:11 < E1ephant> I have expensive taste in switches though :P 21:11 < Whiskey`> ahh 21:11 < alabaster> Drax they either hire or they don't usually don't intern jobs that are 20-25 dollars an hour. To me that's a nice chunk of hourly. But to most people that's a scrappy almost living wage 21:11 < Whiskey`> you know MT's has hit with some damn nice looking switches 21:11 < E1ephant> I should check some out 21:11 < E1ephant> I get pretty good discount on EX2300-C 21:11 < E1ephant> but its still kinda pricey 21:12 < Whiskey`> is that jsut a 12port gige switch with 10gb uplink? 21:12 < E1ephant> I know those 'tiks are pretty popular 21:13 < E1ephant> yeaj, it does some L3, but I just do router on a stick with it 21:13 < UncleDrax> just buy the 2300c support for $70 and file a JTAC case that your switch vaporized! 21:13 < E1ephant> lol 21:14 < UncleDrax> alabaster: the whole point of an intern job is (the theory goes) you're unpaid or under paid but getting OTJ training so you can go get a real job 21:15 < Whiskey`> damn even used thats looking at $500 21:15 < Whiskey`> you can get a 24port tik for that 21:15 < Whiskey`> UncleDrax: yea thats the idea, but far to many corps dont do it that way 21:15 < UncleDrax> EX2200-C 12p? 21:15 < UncleDrax> Whiskey`: true 21:16 < UncleDrax> guess it dpeneds what features you want. I buy some $chinese basic L2 switchs for pretty cheap, but they don't take CCs or anything.. only POs 21:16 < Whiskey`> UncleDrax: looks liek newegg as it for 300, but the rest are 550~700 21:17 < Whiskey`> even on refurb 21:17 < qman__> I got some LB4Ms off ebay 21:17 < Whiskey`> you can get a 24 gige 4x sfp+ tik for 380 21:17 < qman__> cheap and do what I need 21:19 < alabaster> what do you guys think actually is Linux+ and Networking+ certification worth much now-a-days ? 21:20 < Whiskey`> always good to have a cert 21:21 < Ben64> if you don't have experience it'll help 21:21 < alabaster> I guess so. They're not hard to get. Which also adds that fear of worth 21:21 < qman__> certs aren't worth much, but if you've got nothing else, might be worth your time 21:21 < qman__> experience is the most important thing on your resume 21:21 < UncleDrax> eh, certs are OK, but if you _only_ have a pile of certs and no practical experience (even at a hobby level), that's a flag to me.. but I don't hire people 21:22 < qman__> if you want a good interview result, do work and get experience 21:22 < alabaster> I guess than add a little bit of college to that 21:22 < qman__> even if it's on your own, even if it's for charity or something 21:23 < UncleDrax> given that the cost of doing 'big important' Routing things (like setting up a BGP confed.. or something..) is near-zero today (because it can be done in emulators, simulators, or linux-deamons) and largely publically documented 21:23 < alabaster> I'm on disability. Working for free or interning would be smart. I just don't know where to find a type of thing 21:23 < qman__> call up a local charity 21:23 < UncleDrax> pick a rabbit hole and jump in 21:23 < qman__> they are always looking for help, especially free help 21:24 < qman__> failing that, do it for yourself 21:24 < qman__> think up a problem and solve it 21:24 < UncleDrax> but for Elvis's sake, try and do a good job and try and make it professional-level.. tons of charities prob get bogged down by sketch-level 'free' work 21:24 < qman__> school is far more expensive and not worth as much as experience 21:24 < alabaster> gotca 21:24 < alabaster> gotcha 21:24 < alabaster> * 21:25 < alabaster> I do want to get network+ and security before they change over to 2018 into June 21:26 < Smallville> Can anyone help me get my internet back working? Dell Vostro 460. Using Ethernet. Network tray icon says not connected, no connections available. I reinstalled the Ethernet driver from dell.com. The adapter is showing up in devices list 21:26 < qman__> certs will only get you in the door, at best 21:26 < qman__> if you actually want a job you need the knowledge and experience 21:26 < Ben64> i only ever got ccna back in the day 21:26 < xamithan> certs won't get me knowledge ? 21:26 < xamithan> And experience ? 21:27 < qman__> no 21:27 < qman__> certs prove you can memorize a test 21:27 < UncleDrax> not by themselves.. many ppl just learn how to take the Cert Exam and that is all. 21:27 < qman__> that doesn't mean you can do a job 21:27 < Ben64> it's like reading how to drive a stickshift vs actually knowing how 21:27 < xamithan> Yeah the job is easier, I can copy and paste the network configs 21:27 < UncleDrax> tbh if you copy and paste, you're doing it the hard way 21:28 < UncleDrax> automate that shizzy 21:28 < xamithan> Ok so the job is easier, I can automate it 21:28 < UncleDrax> indeed 21:28 < Ben64> have to get the job first 21:28 < qman__> the important part is that you are capable of writing that automation, and think to automate it 21:29 < qman__> certs don't do that 21:29 < UncleDrax> knowning the deets is great when you need to troubleshoot or create a thing. usually keeping it running is (hopefully) easy 21:29 < qman__> even if you do learn the material 21:50 <+catphish> the iscsi protocol is really needlessly complicated 21:50 <+catphish> every time i look at it i get scared 21:52 < Aeso> catphish, you mean the protocol itself or the configuration of targets/initiators? 21:53 <+catphish> the first one 21:53 <+catphish> perhaps one should start by learning how scsi works, and hope iscsi is just an encapsulation of it 21:57 < grawity> there's always ATAoverEthernet if you'd like 21:57 <+catphish> i love ATAoE, its's actually sane 21:57 <+catphish> but unfortunately pretty much everything uses iscsi instead 21:59 < _AxS_> hey all -- anybody here run into issues with BCM5709 nic's and current linux? Mine are triggering 'fw sync timeout' issues; google hits are all matching RHEL-5.1 and 2.6 kernels though w/versions of everything that are way older than what i'm using... 22:01 <+catphish> "Read: (four variants): Reads data from a device" 4... variants... why...? 22:11 < xamithan> BCM5709 is what dell uses. Can't say I've seen any issues with latest dell distros 22:12 < xamithan> *linux distros 22:15 < UncleDrax> catphish: I believe I was listening to a PP podcast on NVMe where they stated 'iSCSI looked complicated so thye created NVMe.. now if you look at NVMe it's crazy complicated too'. or another wya of putting it: https://xkcd.com/927/ 22:17 < _AxS_> xamithan: in this particular case it's an addon pci card. it's in a dell server but their DSU doesn't query it to check for updates or anything like that.. 22:19 < xamithan> Well update that firmware for it 22:19 < xingu> UncleDrax: https://github.com/nvmedirect/nvmedirect . you know you totally want to. 22:19 < Aeso> NVMeoF looks cool too 22:19 < UncleDrax> use Github? i avoid it when possible 22:20 < Aeso> waiting to get my hands on some NICs that support it 22:20 < UncleDrax> also I'd have to buy some NVMe disks 22:20 < Aeso> hmm, I wonder how NVMeDirect stacks up against something more generic like SPDK 22:23 < _AxS_> xamithan: thats the problem, there are no updates (and no means of updating) that i can find. the kernel's using driver 2.2.6 and 6.0.15/6.0.17/6.2.1b/6.2.3 firmware files (which seem to also be from the kernel), and i haven't found anything anywhere that's newer. 22:23 < xamithan> What kind of card is it? I thought they all had updates 22:24 < xamithan> Kind as in brand and model 22:24 < _AxS_> xamithan: Broadcom Limited NetXtreme II BCM5709 Gigabit Ethernet (rev 20) , quad nic 22:27 < xamithan> It isn't an intel ? 22:27 < qman__> intel cards generally don't use broadcom chips, no 22:28 < xamithan> Er, qlogic i mean 22:34 < xamithan> This one I think is the latest version: https://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=PX6V4 22:34 <+catphish> UncleDrax: lol indeed 22:34 <+catphish> i have a burning desire to implement an iscsi target though, so i guess i'll persist 22:38 <+catphish> i swear this protocol was designed by a committee instead of someone who actually wanted to transfer some data 22:41 < xingu> catphish: you mean the t10 committee? 22:41 <+catphish> oh god it's a real committee, what the fuck 22:42 <+catphish> but it's just block IO and a few metadata operations 22:42 < xingu> catphish: fortunately economic darwanism is collapsing it into a three-vendor circle jerk 22:42 < _AxS_> xamithan: thx! seems that's actually older than whats on the nic already (7.2.19).. i found a link for 8.7.26 so im trying that.. 22:44 < xingu> catphish: the one thing that I'm thankful for is seeing the t10 and t13 committees _merge_ 22:44 < xingu> catphish: I was expecting the whole industry to pulled into a singularity the day that actually happened 22:45 <+catphish> i'm struggling to find simple examples of how it works 22:46 < xingu> find someone from lsi 22:47 <+catphish> eventually i'll stop complaining and actually read it 22:47 <+catphish> but for now, it seems mad 22:47 <+catphish> maybe i should wireshark some 22:51 < Apachez> does www.fs.com currently work for any of you? 22:51 < Apachez> I get an ip from my dns but the server doesnt seem to work 22:51 < vexe> works fine 22:53 < Aeso> Apachez, I had one of my techs mention a problem this morning, but it's been working for me all day 22:53 < xamithan> just says unable to connect for me 22:53 < _AxS_> xamithan: 8.7.26 didn't help .. :/ older versions don't seem to like downgrading either.. the reset code error is consistent now at least, before it seemed to be rolling a randomly incrementing number. 22:56 < _AxS_> xamithan: tnx for your help.. i'll try an experimental kernel and if that doesn't get rid of this, it's time to find a new quad nic 22:56 <+catphish> Apachez: wfm 22:57 < xamithan> Get an intel, broadcom sucks for linux 22:57 < _AxS_> agreed. 22:57 < _AxS_> well, to be fair i never had an issue with any tg3's before... 22:57 < audia5> is this okay excercise desktop @work http://i64.tinypic.com/2qxvy2a.jpg 22:58 < xamithan> Yeah for the moment, give it a few years those tg3 will be as unsupported as the bcm5709 ;P 22:58 < _AxS_> oh goodie. 23:00 <+catphish> TIL donald trump, a man who runs a large country, believes vaccines cause autism 23:01 <@pppingme> catphish well, its not the vaccine itself, but all the additives that are dumped into them.. I don't know if thats an issue outside the USA, but it IS in the USA 23:01 < xamithan> I don't get the Flu shot because everyone I know who does gets the flu 23:01 <+catphish> pppingme: no, it's not, it's a myth 23:01 <@pppingme> the numbers are there.. 23:01 <+catphish> pppingme: numbers are where? 23:02 <+catphish> pppingme: you don't actually believe that do you? 23:02 <@pppingme> autism rates in vax vs unvax kids 23:02 < xamithan> You can make numbers do whatever you want depending who presents them 23:03 <+catphish> no, you really can't 23:03 <@pppingme> I believe vaccines are a good thing, I believe the way they are packages and additives and preservatives are BAD 23:03 < xamithan> Sure you can, its like all those people who say everything is causing cancer in the past "X" years 23:03 < qman__> I think a major problem with the situation is that these days, they combine a bunch of vaccines into one, and give them all at once, so if there is a complication, you can't tell where it came from 23:03 < xamithan> It really isn't, we just never diagnosed things as cancer previously 23:03 <@pppingme> the numbers are simple, autism rates are ZERO among un-vaxed kids 23:04 <+catphish> xamithan: saying it doesn't in any way mean the evidence supports you 23:04 < xamithan> But the "evidence" is the numbers 23:05 <+catphish> pppingme: if i go to the effort of finding statistics on this, will you simply disregard them as some kind of conspiracy? 23:05 < Epic|> S\a large country\the best 23:05 <+catphish> because i don't believe you, but i'm willing to check 23:05 < Apachez> wfm = ? 23:06 < qman__> "works for me" 23:06 < qman__> and it does work for me, as well 23:06 <@pppingme> catphish in the USA, autism is non-existant in the un-vax'ed, there is only one single case found in recent history (20 years or so), and that was a situation that involved adoption, and they can not absolutely confirm that the kid wasn't vax'd after birth. 23:07 <+catphish> pppingme: you didn't answer my question 23:07 < xamithan> But how many people actually DON'T get vax'd in USA, that has got to be a super small sample 23:07 < xamithan> So it would make sense if there is no autists in a really small sample 23:07 <@pppingme> so yes, I'm open to evidence that supports other theories 23:07 <+catphish> that is a small sample, but i'd be willing to bet it's still representative 23:07 < audia5> is is okay to have an excersise chair @work desktop http://i64.tinypic.com/2qxvy2a.jpg 23:07 < Apachez> https://downforeveryoneorjustme.com/fs.com 23:07 <@pppingme> there's large communities, its probably approaching 10 to 15% of kids now 23:08 < xamithan> still representative? Nah I don't believe that 23:08 < xamithan> Its pretty much required for public schools to vax 23:08 < xamithan> or was when I went 23:08 < qman__> still is 23:08 < qman__> I really doubt it's 10%, any community that doesn't vax must be home schooled 23:09 <+catphish> xamithan: i believe there is no link and hence it would still be representative of the normal population 23:09 < qman__> however, I wouldn't be surprised if the sample is large enough to be represented anyway 23:09 < xamithan> And if they are all home schooled and are enclosed, any environmental factors to cause autism might be lessened 23:09 <@pppingme> there is a religious exemption, not sure how often its used 23:09 <+catphish> most of the research is from the UK where the vaccination scare started with MMR and autism 23:09 < xamithan> That debunked multiple times research from the UK? lol 23:09 < Apachez> can it be a amazon aws bgp hijack again? 23:10 <@pppingme> the main preservative used in MMR is a mercury derivative. 23:10 < tds> Apachez: only works for me over https, I can't open a tcp connection on port 80 23:11 <+catphish> thimerosal 23:11 <@pppingme> you can request un-preserved vaccines, but most dr's won't work with you, some will, and evidence suggests (no hard numbers) that un-preserved vax'd kids do have a much lower (possibly non-existent) autism rate 23:11 <+catphish> though ironically not used in the MMR vaccine 23:11 < tds> Apachez: looks like they've got decent security (unlike the hijack yesterday) and have HSTS :) 23:12 <@pppingme> it is in the USA 23:13 < xamithan> Whenever there is a really good peer reviewed study and research published I'll entertain the vax causes autism theory. Since it has been over 20 years that it has been debunked I doubt that'll happen 23:13 <+catphish> pppingme: wouldn't it be an insane coincidence if a false rumour started in the uk where there's no link turnd out to actually be true in the usa? 23:13 < qman__> it would be pretty wild 23:14 < Apachez> https://blog.thousandeyes.com/amazon-route-53-dns-and-bgp-hijack/ 23:16 < S_SubZero> Apachez: if only they hadn't vax'd then that never would have happened 23:16 <@pppingme> You have all these facts to debunk: 1-Unvax'd kids simply don't develop autism; 2-Its very common for symptoms to start within 48 hours of a variety of different vaccines; start there, but there are many other facts to overcome too 23:17 <+catphish> the only evidence i found so far is the reverse lol https://edition.cnn.com/2018/03/26/health/vaccination-rates-children-autism-study/index.html 23:17 < qman__> the thing that bothers me in the US about it is that there's no middle ground, the anti-vaxers are basically no vaccines at all ever, with no real evidence for what specifically the problem is, while the doctors are vaccinating with whatever new product is out and sold to them, even when there's little research on the individual products 23:18 < qman__> both sides need to apply some logic and scientific method 23:18 <+catphish> still looking for stats regarding pppingme's claim, which i can't believe is true, but want facts to be sure 23:18 < qman__> eliminate variables 23:18 <+catphish> it all seems very polarized in the usual stupid western-political manner 23:18 <@pppingme> qman__ a big part of the issue with dr's is that they are basically outcast if they don't automatically take whatever the FDA and AMA put out as truth. 23:19 <+catphish> pppingme: that's because that truth is based on the best available clinical data 23:19 <@pppingme> FDA has a long history of telling the "truth" based on financial considerations 23:19 < qman__> eh, not always 23:19 <+catphish> ok, i probably should have just searched "autism unvaccinated population", that produces immediate answers 23:20 < qman__> like the whole "salt is bad for you" thing, that's not actually based on any solid evidence 23:20 < qman__> yet is still "common knowledge" 23:20 <+catphish> pppingme: while i can believe that, the FDA isn't the only body i the world, and they all reach similar conclusions 23:21 <@pppingme> because most discount the unvax'd as not being enough to be statistically relevant.. how in the world can only including vax'd make this statistically relevant?? that doesn't pass the sniff test.. 23:23 <+catphish> here's some real data: http://www.nejm.org/na101/home/literatum/publisher/mms/journals/content/nejm/2002/nejm_2002.347.issue-19/nejmoa021134/production/images/img_medium/nejmoa021134_t1.jpeg 23:23 <+catphish> from http://www.nejm.org/doi/full/10.1056/NEJMoa021134 23:24 <+catphish> pppingme: you are certainly wrong about no unvaccinated child ever being autistic, that was a pretty unrealistic fact, really 23:24 < xamithan> Wait salt is bad for you isn't based on evidence? 23:24 < qman__> no 23:24 < xamithan> But it raises blood pressure right ? 23:24 < qman__> there was one bunk study that was inconclusive back in the 50s 23:24 <+catphish> "bad for you" is way too vague 23:25 <+catphish> and "salt" is also way too vague 23:25 < qman__> and since then, someone has had an axe to grind or something, because that notion has perpetuated as common and solid, with no other evidence 23:25 <+catphish> some amount of salt is clearly bad for you in some way 23:25 < xamithan> Yeah the first 5000 google results all say salt raises blood pressure 23:25 < qman__> yes, based on what study or evidence though? 23:25 <+catphish> but you can't make such a statement without actual definitions and numbers 23:25 < qman__> you will find that there isn't any 23:26 <@pppingme> catphish look especially at autism rates among Amish. 23:27 <+catphish> pppingme: it's not a good idea to look at a specific subset like that and assume some other factor correlated 23:27 < xamithan> Ok so I found like 30 studies on the first search that salt raises blood pressure, and there was trials and everything 23:27 < xamithan> I don't know why you are saying there isn't evidence 23:28 <+catphish> better to look at a random sample, see the study i posted, seems to be the most commonly cited one with the largest evidence base 23:29 < qman__> xamithan: https://www.youtube.com/watch?v=XLZOiG4etXo 23:29 < qman__> sources in description 23:30 <+catphish> pppingme: i don't like to be so rude, but i can say with some certainty, based on the amount of effort that's gone into research into the matter, that you're wrong, this isn't opinion 23:30 <+catphish> it's evidence based medecine 23:31 <@pppingme> also look at all the kids that were struck with symptoms out of nowhere within a couple days of getting vax'd, another issue that the medical community wants to sweep under the rug 23:31 <@pppingme> by the way, CNN is NOT a reliable source of news or information 23:32 <+catphish> pppingme: vaccination causes lots of unrelated symptoms due to the stress it puts on the immune system, no doubt 23:32 < wiresharked> catphish: This has nothing to do with networking 23:32 < xamithan> Even in that video you linked in the sources it says that salt raises blood pressure?... 23:32 <+catphish> wiresharked: you have nothing to do with networking 23:32 <@pppingme> I'm talking about symptoms of autism, symptoms that don't go away 23:33 <+catphish> pppingme: evidence pls 23:33 < qman__> xamithan: they claim that, but the actual data in the studies don't support that claim 23:33 < wiresharked> catphish: Well I have been studying for the A+ 23:33 < qman__> at least not with any strong correlation 23:33 <+catphish> wiresharked: good work 23:33 < qman__> specifically, that high salt intake does not cause chronic high blood pressure 23:33 < qman__> eating salt does temporarily increase blood pressure, but it then gets filtered out of your system normally, with no proven negative effects 23:33 < xamithan> So you are saying because they did a study on people already at risk of hypertension it is faulse?.. 23:34 < qman__> no, I'm saying that the conclusions do not logically follow the data 23:34 <+catphish> pppingme: i don't think anyone claims cnn is a valid source of information :) 23:35 < wiresharked> xamithan: I know that salt can have a negative effect on your sleep 23:36 < wiresharked> catphish: They do cover networking on the test 23:36 <+catphish> there's no doubt excessive salt has unpleasant accute effects, i can't be bothered to research the evidence about long term effects :) 23:36 < qman__> people with hypertension may need to avoid salt because they already have hypertension, but there's no evidence that the average person without hypertension should limit themselves to 3000mg/day of salt, or that if they significantly exceed that, that it would have any negative long term health effects 23:37 < S_SubZero> remember when looking at an egg the wrong way caused heart attacks 23:38 <+catphish> lol 23:39 < wiresharked> qman__: So vitamin E and zinc both help with preventing alzheimer's disease, but do they ruin your sleep? 23:41 < nuka-cola_> whats the difference between VPLS and MPLS? 23:41 <+catphish> wiresharked: by the way, see the topic, regarding being off topic :) 23:41 < wiresharked> catphish: Sorry. I'm just trying to keep other people from being off topic 23:41 <+catphish> wiresharked: why? 23:41 < qman__> no, the point is that off topic is fine as long as it isn't interrupting on-topic discussion 23:41 < xamithan> VPLS is layer 2 and MPLS is 3 ? 23:42 < S_SubZero> nuka-cola_: I'm gonna paste your question into Google. then I'm going to stare angrily at you. 23:42 <+catphish> nuka-cola_: i don't know the topic, well byt it seems that VPLS is an ethernet VPN, that can run over ip or mpls 23:42 < wiresharked> xamithan: What is VPLS and MPLS? 23:42 < qman__> I only vaguely know what MPLS is, and don't know what VPLS is 23:42 <+catphish> https://en.wikipedia.org/wiki/Virtual_Private_LAN_Service explains it all 23:42 < S_SubZero> https://networkengineering.stackexchange.com/questions/30576/differences-between-mpls-and-vpls 23:42 <+catphish> wikipedia is magical 23:43 < qman__> yep, the LACP article on wikipedia is particularly excellent 23:43 < wiresharked> qman__: And isn't a VPN the same? 23:43 <+catphish> it can be 23:44 <+catphish> VPLS is a type of VPN, as the article says 23:44 < xamithan> A way better and more expensive VPN 23:44 <+catphish> better is subjective 23:44 < wiresharked> I don't think I should use hotspot shield at school. The speed through the wifi there is bad. 4mbps 23:45 < nuka-cola_> S_SubZero :D hehe just wanted to start a discussion 23:46 <+catphish> it seems you failed :) 23:46 <+catphish> i on the other hand started a pointless one 23:47 < xamithan> 99% of stuff in this channel is pointless discussion 23:47 < nuka-cola_> btw have you guys have ever used or heard of Cisco's Network Service Orchestrator, it's quite a kinky platform for managing devices, what i particularly like is that it stores each onboarded device configuration in its database, whenever you want to push a new config it first do a transaction that calculates the diff and if you are happy with it , it commits it. Though it kinda sucks you have to know YANG in order to mo 23:47 < nuka-cola_> del stuff 23:48 < redrabbit> https://www.youtube.com/watch?v=kqnvrjgyEMc 23:48 < redrabbit> lol 23:48 < nuka-cola_> though it allowes you to augment your services in Java and Python 23:49 < wiresharked> catphish: So are IP addresses between 193.x.x.x and 240.x.x.x class D? 23:49 < xamithan> There is no classes anymore 23:49 < redrabbit> that 1.1.1.1 service looks good though 23:49 < wiresharked> xamithan: For IPv6, yes 23:49 <+catphish> wiresharked: no 23:49 < redrabbit> i'm giving it a try 23:49 <+catphish> wiresharked: 224.0.0.0 to 239.255.255.255 23:50 < wiresharked> catphish: Alright 23:51 < nuka-cola_> But we ended up being a Juniper shop at the expense of Cisco. Junipers QFabric has no competitors lol 23:51 < wiresharked> nuka-cola_: And my CPE rebooted this morning, probably for a firmware update 23:51 < nuka-cola_> hehe 23:52 < nuka-cola_> JunOS > IOS lol 23:52 < wiresharked> nuka-cola_: No, I'm talking about my ISP's modem/router hybrid 23:53 < redrabbit> what do you guys think about that new cloudflare dns service 23:53 < tds> my general view is meh, I just run my own internal resolvers 23:53 <+catphish> anyone using ipv9 yet? 23:53 < nuka-cola_> the 1.1.1.1 one? I hear its faster than Googles 8s , though my ISP dns is the fastest lol 23:53 < wiresharked> catphish: IPv9? When did that come out? Also, I feel that you are not serious 23:53 < Dagger> catphish: in Australia, sure 23:54 < redrabbit> 6ms ping here 23:54 < redrabbit> on par with 8.8.8.8 23:54 < tds> 1.1.1.1 has also been a bit annoying, since people keep posting URLs with the ipv4 address in them which don't work for me ;) 23:54 < redrabbit> i wonder how expensive 1.1.1.1 was to buy 23:55 < tds> redrabbit: I think they just poked some people at apnic, it's a joint research project iirc 23:55 < wiresharked> Dagger: The average RTT for google is 38ms 23:55 <+catphish> i get wildly differing ping times to 1.1.1.1 interestingly 23:56 < Dagger> wiresharked: source? 23:56 < redrabbit> stable here 23:56 <+catphish> rtt min/avg/max/mdev = 3.456/6.697/20.548/4.731 ms 23:56 < wiresharked> Dagger: I just pinged Google's DNS server 23:56 <+catphish> also, 3.4, wow 23:56 < redrabbit> it looks legit 23:56 < Dagger> wiresharked: then that's just *your* average ping. that's a lot less interesting 23:56 <+catphish> 8.8.8.8 responds in a consistent 3.5ms 23:57 <+catphish> that's some seriously impressive RTT 23:57 < wiresharked> Of course, you can always expect higher latencies as the ISP busy period gets closer 23:57 < djph> aww 10ms 23:57 < Chojuan> 0.082/0.098/0.012 23:57 < djph> stupid ISP 23:58 <+catphish> i can't believe my rural residential connection has an RTT of 3.2ms 23:58 <+catphish> that's awesome++ 23:58 < tds> my latency to cloudflare is much worse than google, but that's just my own fault for routing it stupidly internally :P 23:58 < tds> catphish: were you in the uk? 23:58 <+catphish> tds: yes 23:58 < tds> if so, I'd be interested to know which provider that's on :) 23:59 <+catphish> tds: wessex internet, they run an ethernet to the home network in dorset 23:59 <+catphish> gigabit fibre 23:59 < Dagger> catphish: I don't even get that sort of ping to the main router here :/ 23:59 < MarkusDB1> What is a good choice for a 40gbe qsfp+ switch? 23:59 < Dagger> Reply from 192.168.1.1: bytes=32 time=5ms TTL=63 23:59 <+catphish> aww 23:59 < Dagger> powerline++ --- Log closed Thu Apr 26 00:00:03 2018