--- Log opened Sat May 05 00:00:09 2018 01:47 < ntd> so, our systems supplier just delivered less than they were supposed to and charged us for fictitious items 01:48 < ntd> and their key account manager is sick. appendectomy on the books, supposedly 01:48 < SporkWitch> fire whoever signed the delivery receipt without doing inventory 01:48 < rewt> go to the account manager's manager 01:48 < ntd> did 01:48 < ntd> "this email has words. sufficient explanation" 01:49 < SporkWitch> O.o 01:49 < rewt> inform them you won't pay the invoice until it's fixed 01:49 < ntd> oh, paid in advance 01:49 < ntd> at least 80% of it 01:49 < ntd> 180 of 200k USD 01:50 < ntd> i mean. my sympathies to whoever is gonna have an organ removed 01:50 < ntd> but, eh.... 01:51 < SporkWitch> i mean, this is primarily on the guy who signed receipt without doing full inventory 01:51 < SporkWitch> mistakes happen, that's why you do inventory before signing 01:51 < ntd> their advance payment invoice read: "in advance" 01:51 < ntd> their post-install invoice specified as mentioned 01:51 < ntd> no slip 01:51 < ntd> this is the framework i have to work within 01:52 < ntd> institutional ineptitude 01:52 < ntd> fortune 1000 org 01:53 < SporkWitch> no, that's not what i'm saying. part up front is normal, especially on large purchases like that, especially especially if you aren't a big enough player that there's no real worry of you going under / disappearing. The issue is that not everything was delivered and presumably someone signed a receipt saying it all WAS delivered. It's now your word against theirs trying to get the rest 01:53 < ntd> raise any question: words. easily cut to pieces but by then you are already perceived as a nuisance 01:55 < ntd> oh, they've specified SNs of items easily disproved having bing delivered/installed 01:55 < ntd> been 01:55 < SporkWitch> pretty hard to prove a negative; guy signed off saying the SN was delivered, they say he took it home and pawned it 01:56 < SporkWitch> like i said, this is primarily on the guy that signed without taking inventory first 01:57 < ntd> no one signed 01:57 < ntd> rep was present during install and took pics 01:57 < ntd> our rep 01:58 < ntd> yet they've invented just shy of 10K of equip 01:59 < ntd> and we had to make the rest deliver as promised 01:59 < SporkWitch> well then you're all set; shit happens and you've got the documentation to prove it 01:59 < ntd> they've even charged us 1,5K usd for facilitating for ISP delivery 02:00 < ntd> yet we had to talk to some indian for 36 hours to get it running 02:00 < ntd> well, span from issue to resolution was 36h 02:01 < ntd> we had to. they set the wrong install date (post location opening) and we had to tell the ISP what was wrong 02:01 < c|oneman> probably yeah 02:01 < c|oneman> I was scrolled back 2 dys. 02:02 < SporkWitch> lol 02:02 < ntd> too bad "shibboleth" doesn't trigger what it is supposed to 02:03 < ntd> well. the ones actually in charge have no clue and realy on those perpetuating the issue(s) 02:04 < ntd> so. do i initiate an orbital strike which might hurt the org or do i persist in documenting ineptitude? 02:04 < lupine> orbital strike 02:04 < lupine> errtime 02:04 < ntd> hoping that by doing the right thing i eventually win? 02:05 < ntd> "rely on". just spotted the typo, sorry 02:10 < MarkusDB1> So the dual wan failover on my asus 68u router works very bad, well doesn't work at all really. What other router might be worth testing? I also got an edgerouter laying around to test. 02:11 < MarkusDB1> I really want failover and had hoped for an easy solution since they have that feature marketed, but it seems to work really bad 02:15 < SporkWitch> define "really bad" and your setup 02:15 < MarkusDB1> Just their dual wan setting 02:15 < MarkusDB1> I got dual wan 02:15 < MarkusDB1> it's supposed to ping some ip, like google. and switch after like 12 failed pings, but it doesn't 02:15 < ntd> stock fw? 02:16 < MarkusDB1> yeah 02:16 < ntd> gawd 02:16 < SporkWitch> ntd: the stock asus firmware is actually really good 02:16 < ntd> better than d-link is "less worse" 02:16 < MarkusDB1> it's actually way better than dlink and tplink 02:16 < MarkusDB1> best I've used except for ddwrt 02:17 < SporkWitch> that's like saying beer is better than a piss-and-vomit cocktail 02:17 < MarkusDB1> or the "wrt's" 02:17 < ntd> i've made my statement/assertion 02:17 < MarkusDB1> so for proper fail over, should I take my edgerouter for a spin? 02:17 < MarkusDB1> Or stay with the wrt? 02:17 < MarkusDB1> I mean.. asus 02:18 < SporkWitch> if you've got one, go for it. if you enable load balancing it might work better, too, assuming both links have comparable throughput 02:18 < SporkWitch> if they don't, it might degrade performance in general 02:18 < MarkusDB1> I don't like to use the load balancing since the primary is 1000mbit and the secondary is 100mbit 02:25 < Mead> I've got a windows machine Hyper-v hosting a VM with ubuntu server on it. Anyone know how I can Remote desktop into hyper-v to get remote access to the VM from another system? 02:26 < Adior> hi 02:26 < Adior> if I spoof my mac address to be the same mac address as another mac accress that's already on the network, what's that do 02:27 < ntd> havic 02:27 < Mead> breaks your network 02:27 < ntd> havoc 02:27 < SporkWitch> Adior: https://lmgtfy.com/?s=d&q=what+happens+with+duplicate+mac+on+lan 02:27 < ntd> unless your switch is up to the task 02:28 < Adior> my switch is not up to the task 02:28 < ntd> then spoof all the macs 02:28 < SporkWitch> i remember when IRC had questions that _weren't_ search queries... 02:28 < Mead> macs addresses are meant to be unique for a reason 02:28 < ntd> or plug on port to another switch and back on another 02:28 < Adior> I'm confused cuz I had been using that ip mac address a lot 02:28 < ntd> one 02:28 < Adior> mac address 02:28 < Adior> yeah 02:28 < SporkWitch> ip != mac 02:28 < Adior> so I don't know why it broke this time 02:29 < Adior> it was like, I hit the button, and I has 90% packet loss to the router 02:29 < Adior> and it took me a while to figure out why 02:29 < Adior> weird 02:29 < SporkWitch> not weird at all 02:29 < Adior> it's weird to me 02:29 < Adior> cuz I didn't have any problems before 02:29 < SporkWitch> just because something retarded works for a while doesn't mean it's going to keep working 02:30 * Adior shrug 02:30 < Adior> also 02:30 < Adior> how hot is my switch supposed to get 02:30 < Adior> I'm concerned 02:30 < Adior> :C 02:30 < SporkWitch> newlines 02:30 < SporkWitch> are 02:30 < SporkWitch> not 02:30 < SporkWitch> a substitute 02:30 < SporkWitch> for punctuation 02:30 < Adior> /ignore and move on 02:31 < Adior> I wonder if I should install a heatsink on my switch 02:31 < SporkWitch> Adior: https://lmgtfy.com/?s=d&q=what+is+a+normal+temperature+for+a+network+switch 02:31 < Mead> Adior: just keep it in a well ventilated space and get on with your life 02:35 < Adior> I just opened it up, and it has tons of heatsinks in it 02:36 < Adior> I just don't like how hot it is 04:19 < cmj> .seen willyonwheels 04:19 < cmj> wrong channel 04:37 < gswallow> Howdy, y'all! 04:38 < gswallow> I set up two types of VPN today: one that just creates multiple tunnels with CIDR ranges on both sides, and one that sets up a virtual tunnel interface with IP addresses on each end. These are policy-based VPNs and route-based VPNs, respectively, right? 05:27 < randomusernumber> Does anyone here work in a field of computer science, and is willing to answer a couple questions about your occupation? 05:31 < ironpillow> hi all, I am running freeradius and for eap-ttls, I have server cert signed by letsencrypt. When I am using macos to connect to the wpa2-enterprise network it presents a dialog box about the certificate. I thought if I have a signed cert by public CA, there wouldn't be a dialog box. Any advice? thanks! 05:55 < Project86__> Is there a way to set a phone to boot from microsd iso? 05:56 < Project86__> Was going to boot raspian or some other arm distro to phone as main os 07:55 < at0m> Project86__: there is not. there's been lildebi and another way to run debian (forgot the name) on an android phone though, after android/lineageos is booted 07:59 < energizer> i just rebooted a remote server and now im getting 'Connection refused'. Is there a way to figure out if its awake and rejecting me or failed to boot altogether, aside from ... going there 08:00 < TV`sFrank> nmap it? 08:00 < energizer> up! 08:00 < energizer> thanks 08:00 < rudi_s> energizer: Connection refused means the service is not running. - You could ping it to see if the server is alive (however note that some firewalls/systems drop ping packets). 08:02 < energizer> alright so now can i diagnose the 'Connection refused'? 08:15 < overseer> hayyyyyyyyyyyyyyy 08:15 < overseer> does sebastian holler at you? 08:19 < overseer> does google have a rate control for how often it uses a formulae for password recovery 08:20 < overseer> sometimes it asks for phone number oher times it skips asking 08:20 < overseer> there's been times it accepts any password 08:21 < overseer> "you type uin what you want" 08:21 < overseer> accepted 08:22 < overseer> LATELY IT SEEMS TO BE RIDGID 08:22 < overseer> HIDING SOME OF THE RESET PATHWAYS 08:23 < overseer> HI TRUTHR 08:23 < truthr> hi 08:23 < overseer> TRUTHR DO YOU KNOW ANYTHING ABOUT RBIT 08:24 < truthr> no sorry 08:24 < overseer> Do you know about allison worked at a zoo? 08:24 < TV`sFrank> lol 08:25 < overseer> MoarSpaceFI my my 08:34 < overseer> applegal: hi 08:35 < overseer> do you know apple101 08:42 < overseer> do you think they have a button 08:42 < overseer> for a masonic se gauntlent 08:42 < overseer> lady in red type things 08:43 < overseer> end up like edward scizzorhands being passed around 08:43 < overseer> it is a scenario 08:43 < overseer> in a masonic trap 08:43 < overseer> sex gauntlent 08:44 < overseer> though these are evil schemes 08:44 < overseer> whats worse a trap with no voluntary pivot 08:45 < overseer> press javascript slavery 08:45 < overseer> all earth enslaved to javascript and rfid 08:45 < overseer> no voluntary pivot 08:47 < overseer> they talked abou the "great depression" 08:47 < overseer> you get junkfood rations for an rfid chip 08:52 < radicaldev> Hello! 09:22 * catchersmitt flaps glove 09:25 * catchersmitt flaps glove 09:26 < littlepython> how do we find network overhead? also do you think that NAT'ing would result in network overhead? 09:28 * catchersmitt flaps glove 09:32 * catchersmitt flaps glove 09:33 < catchersmitt> apparently each channel is full of named roaches 09:33 < catchersmitt> they spaz out sometimes 09:34 * catchersmitt flaps glove 09:35 < catchersmitt> other than that wheres a pitcher 09:36 < catchersmitt> anybody capable of throwing a ball? 09:36 * catchersmitt flaps glove 09:38 < catchersmitt> littlepython nework overhead? 09:38 < catchersmitt> snakes see heat 09:38 < catchersmitt> heatless network is stealth 09:39 < catchersmitt> littlepython: are you sub 0 09:39 < radicaldev> sub 0 is too cold 09:39 < radicaldev> need to be ~10% less than environ to fool snakes. 09:40 < radicaldev> I guess there are places that get sub 0, though. 09:42 < TV`sFrank> Man. This network never changes. 10:10 < catchersmitt> absolutely 10:10 < catchersmitt> my my my 10:11 < catchersmitt> welcome palo alto 10:11 * catchersmitt smirks 10:11 < catchersmitt> novus lux aeternam 10:12 < catchersmitt> welcome to ZION 10:12 < catchersmitt> JT 10:12 < catchersmitt> my love 10:12 < catchersmitt> the MAN bleed for your sins 10:13 < catchersmitt> tech9\ 10:13 < catchersmitt> THIS RING 10:13 < catchersmitt> welcome to ZION 10:14 < catchersmitt> LORUM IPSUM FACTUM 10:14 < catchersmitt> stay for an eternity 10:14 < catchersmitt> take a look around 10:15 < catchersmitt> might be going wool white 10:16 < catchersmitt> whatever you want 10:16 < catchersmitt> whatever you need 10:17 < catchersmitt> THIS RIIIIIIING 10:20 < catchersmitt> make you a believer? 10:20 < catchersmitt> absolutely 10:20 < catchersmitt> my my my 10:21 < catchersmitt> We read from the beginning the plan of the Creator, the pride DOMINATOR. 10:24 < catchersmitt> What is the military purpose of ZION? 10:25 < catchersmitt> goto BEGINNING 10:26 < catchersmitt> We may have heard the unfortunate news "we aren't in EDEN" 10:29 < catchersmitt> Have we envisioned the wedding of the LAMB? 10:29 < catchersmitt> SHroedingers CAT? 10:29 < catchersmitt> The LION AND THE LAMB 10:29 < catchersmitt> "We are the poisioned you" 10:41 < catchersmitt> look at the earth 10:41 < catchersmitt> Ask Lyndon Larouche about Jobe 10:55 * catchersmitt flaps mitt 10:56 < catchersmitt> throw some data 10:56 < catchersmitt> all known nucleur detonations 10:56 * catchersmitt flaps mitt 10:56 < catchersmitt> oooooh barracuda 10:57 < catchersmitt> now if you have been near me you have been corrected about assumtions 10:57 < catchersmitt> reflections on trusting trust 10:58 < catchersmitt> the likelyness of having first person accounts is nil 10:58 < catchersmitt> except for say military persons in the past century 10:59 * catchersmitt flaps mitt 10:59 < catchersmitt> throw some data 11:03 < catchersmitt> throw some data 11:03 * catchersmitt flaps mitt 11:03 < catchersmitt> justify your eistence 11:04 * catchersmitt flaps mitt 11:04 < catchersmitt> come on roach net 11:04 * catchersmitt flaps mitt 11:04 < catchersmitt> throw some data 11:05 < TandyUK2> pppingme xand fancy ending this 11:05 < TandyUK> Sometimes some access in here would be useful :P 11:06 < catchersmitt> yeah? 11:06 < catchersmitt> did you send that girl to read about catcher in the rye 11:07 < TandyUK> no, but youre about to become the 6th person i have ever ignored in 20 years of IRCing 11:07 < catchersmitt> roaches spazing out 11:08 < catchersmitt> upset for attempts at making them useful 11:08 < TandyUK> you know this is ##networking not ##bullshit right? 11:08 < catchersmitt> it all goes into the catchersmitt 11:08 < catchersmitt> what are we networking 11:08 * catchersmitt flaps mitt 11:08 < catchersmitt> throw some data 11:09 < catchersmitt> HARVEST 11:09 < catchersmitt> useful data 11:09 * catchersmitt flaps mitt 11:10 < catchersmitt> throw some data right here 11:10 * catchersmitt punches mitt 11:10 < catchersmitt> what are we wombats sucking on the power lines 11:11 * catchersmitt flaps mitt 11:12 < TandyUK> just a noob wasting bandwidth 11:12 < catchersmitt> TandyUK youve been around this network long enough 11:14 < catchersmitt> TandyUK: What do you know about nucleur technology? 11:14 < TandyUK> that it has fuck all to do with networking 11:14 < TandyUK> and that you cant spell 11:15 < catchersmitt> hanging with the goldfish to long TandyUK 11:16 < catchersmitt> pull your mind together long enough to accept a command 11:16 < TandyUK> bye 11:16 < radicaldev> any of y'all deal with commercial voice platforms? 11:16 < TandyUK> 6 ppl on my ignore list in 20+ years lmao 11:17 < TandyUK> radicaldev: such as?? Avaya IPOffice and that sort of thing, or skype kinda thing?? 11:17 < catchersmitt> after 20+ years of parasitic leeching 11:17 <+xand> catchersmitt: stop talking nonsense 11:17 < radicaldev> TandyUK: more along the lines of avaya experience portal, or genesys voice platform 11:17 < catchersmitt> have I been the other 5? 11:18 < radicaldev> my question is around the licensing practices of those, though, so IPOffice might be a close enough fit. 11:18 < TandyUK> Licensing for them is along the lines of "bend over" 11:19 < radicaldev> TandyUK: Sweet. How far? =) 11:19 < TandyUK> until you cant bend any more lol 11:19 < radicaldev> Could you estimate what someone running 6k concurrent channels would spend in a year? 11:20 < TandyUK> a shitton 11:20 < TandyUK> youd be better off building your own platform 11:21 < radicaldev> Think so? I think I'd be better off replacing that platform with something a little cheaper, and a lot better... or maybe a little more expensive. 11:22 < radicaldev> how much do you think a shitton is? 11:23 < radicaldev> <--- solution provider with no idea how to price this thing for fortune 100 companies 11:28 < radicaldev> TandyUK: No guesses? 11:35 < TandyUK> radicaldev: 6 figures 11:35 < radicaldev> a month or a year? 11:35 < TandyUK> 12 channels is like £1500 11:35 < TandyUK> it depends how you buy it 11:35 < TandyUK> clearly youre not an avaya reseller 11:36 < radicaldev> nah, I work with new stuff that everyone is antsy about. Displacing the old stuff. 11:36 < radicaldev> Well, being asked to, anyway. The price is the big question now. 11:37 < TandyUK> are all these channels in one office or what? 11:37 < TandyUK> you going with on-premp, or cloud based? 11:37 < radicaldev> hybrid 11:38 < TandyUK> example complete system on-prem with 12 phones and 6 channels is £1850, plus about £500/yr for maintenance 11:38 < radicaldev> When you say 1850, is that monthly or yearly? 11:39 < radicaldev> i'm guessing yearly, cuz that seems about right. 11:39 < TandyUK> thats just to buy the hardware 11:39 < TandyUK> you have annual maintenance on top of that 11:39 < TandyUK> plus configuration etc 11:40 < TandyUK> dont expect much change from £1000000 11:40 < radicaldev> oh, I see. so you get the IP office/setup/install/12 phones and 6 channels for 1850, then 500/year maintenance? 11:40 < TandyUK> that just for avaya 11:40 < TandyUK> other brands are very different 11:41 < TandyUK> but you need to speak to an authorised reseller of whatever platform to get any clue on actual pricing 11:41 < radicaldev> That's helpful to know. 11:41 < TandyUK> as youre not an existing customer, dont expect much discount 11:42 < radicaldev> Like I said, I'm trying to displace these guys. What we're into isn't phone systems (at least, not in this case). It's automated agents, which the client has a current product that somewhat fills their needs. 11:43 < TandyUK> https://www.ipoffice-direct.co.uk/product/avaya-ip-office-r9-sip-trunk-20-licenses-275662/ 11:44 < TandyUK> £175k or so just for the sip trunk licences 11:44 < radicaldev> but that's one time right, in the case of avaya? 11:45 < radicaldev> yeah, one time. 11:45 < TandyUK> theres an annual 'maintenance' fee on everything 11:45 < TandyUK> they dont tell you that whe nyou buy it ofc 11:45 < TandyUK> for a 40 user system, its about £1800/yr 11:45 < radicaldev> Interesting.... 11:46 < TandyUK> seriously decide what you actually want, and build it yourself 11:46 < radicaldev> Already did! 11:46 < Apachez> you speak about the actual sip trunk? 11:46 < Apachez> or the license? 11:46 < Apachez> wtf kind of "maintenance" is there on a license? 11:46 < radicaldev> maintenance would probably cover security fixes and whatnot, plus the occasional support ticket. 11:47 < TandyUK> its a license fee for using their shitty hardware 11:47 < TandyUK> and actually getting updates etc 11:47 < TandyUK> or their server based software version 11:47 < TandyUK> either way, you'll be bending over annually if you want to keep it patched 11:48 < TandyUK> for 6000 channels, youre goign to want some pretty serious HA too 11:48 < TandyUK> pretty sure your clients wont want their entire system going down because a PSU failed 11:49 < radicaldev> lol, no. 11:49 < radicaldev> they would not like that one bit 11:50 < radicaldev> I'm guessing the client didn't pay a 1 time fee for the equipment they have + the maintenance fees, because they've had their stuff in place for ~15 years or so. 11:50 < Apachez> why dont you get a grandstream box instead? 11:51 < radicaldev> I think they're on some sort of monthly or quarterly contract with the providers 11:52 < radicaldev> Apachez: grandstream box? 11:55 < Apachez> radicaldev: www.grandstream.com 11:56 < radicaldev> Yeah, they don't offer any kind of capability for a customer to have a normal conversation with a support bot. 11:56 < Apachez> ? 11:57 < radicaldev> That's my business now. I build highly available conversational bots that large companies are extremely excited about. 12:00 < radicaldev> Whereas one auto manufacturer may want a bot to schedule service appointments, another megacorp may want one to handle customer support calls that involve billing inquiries and whatnot. 12:00 < radicaldev> It's pretty much the same to me. 12:01 < TandyUK> just FYI, no customer **EVER** wants to have a conversation with a fuckign bot 12:01 < TandyUK> id speak to them once, and never use that supplier again 12:01 < Apachez> same here 12:01 < Apachez> on the other hand that bot might actually give answers 12:02 < radicaldev> I disagree. A competent bot beats someone that doesn't speak the language very well at all. 12:02 < Apachez> compared to some retarded humans where you ask like 3 questions and never gets the answer 12:02 < radicaldev> I hate bots as much as the next guy, usually. I build mine with people like me in mind. 12:03 < TandyUK> so it says "Hi, please wait while I connect you to a human" 12:03 < TandyUK> sounds like a pretty pointless bot 12:03 < radicaldev> Lol 12:04 < TandyUK> "no, giuve me a fucking human" 12:04 < radicaldev> Nah, initial greetings are usually along the lines of 'Hi, how many I help you?' 12:04 < TandyUK> "now" 12:04 < TandyUK> thats how these 'conversations' with bots go for me 12:04 < radicaldev> Before too long, you won't even know it's a bot. 12:04 < Apachez> how many I help you? 12:04 < Apachez> this bot lov you long time 12:04 < TandyUK> how to piss off every customer who ever phones you up, check 12:05 < TandyUK> 'Hi, how many I help you?' The typo would let me know its a bot lol 12:06 < TandyUK> plus how they 'speak' makes it pretty damn obvious 12:06 < radicaldev> shit, man. It's 5AM my time. 12:06 < TandyUK> its worse tha nidiots who read from a script in an indian accent 12:06 < radicaldev> Typos are a guarantee. 12:06 < radicaldev> Something bots don't experience =) 12:06 < TandyUK> if you have bots answering calls, pissed off customers are a guarantee too lol 12:07 < radicaldev> Nah, not really. To give you an example, say you're calling an auto dealer looking for a tie rod for a jeep cherokee... 12:07 < TandyUK> id prefer to spend 5 mins on hold before speaking to a human thanhave some bullshit software attempt to answer my call 12:07 < TandyUK> id be looking for 12:08 < TandyUK> "i want parts" is all the shitty bot would get 12:08 < detha> TandyUK: you are giving your age away. The youn'ones like their alexa/hi google/siri 12:08 < radicaldev> Human is gonna ask for year/make/model, maybe even has some options on the product.... Bot has the same thing... Human will take some time to think about it, look stuff up, etc... Bot has that in an instant. 12:08 < TandyUK> the young ones care not about their data lol 12:08 < TandyUK> human can make a desicision, bot has to be programmed to look it up, and when it gets it wroing, what happens? 12:09 < TandyUK> let me gues... they get a human 12:09 < TandyUK> so just give the mthe fucking human to begin with 12:09 < TandyUK> your client would do far betteri nvesting the moeny for htis syetm into some more staff to answer calls, and training them 12:10 < radicaldev> That's the nature of the beast. Sometimes you get some straight neanderthals that just can't handle the complexity of the real world, but on average people know how to ask questions that can be translated into actions. 12:10 < detha> the client doesn't need more staff. Just re-train the bunch that is currently annoying people doing cold-calling to answer people that are actually interested 12:14 < radicaldev> For sure, though.. The day is approaching when it's pretty tough to tell that you're not talking to a bot on the phone. 12:15 < detha> radicaldev: you will need very good sarcasm and humour detectors to make that happen 12:17 < radicaldev> detha: Most folks aren't into that so much initially. After getting pissed off by a response that doesn't equate to less money or problem solved, it goes there, but typically the first encounter is pretty benign and lacking in need to take it that far. 12:19 < radicaldev> Not to say we don't do our best to handle those situations. It's just not a huge use-case where a successful interaction depends on an accurate interpretation of the finer parts of human interaction over the phone. 12:20 < radicaldev> Plus, for this particular client, their customers are already dealing with shitty bots. Mine is just more-better. 12:21 < Apachez> even shitier? 12:22 < radicaldev> hate on the bots all you want... When you want some information quickly and getting a human takes 1+ hours, you'll love being able to ask a question and get an answer as if you were talking to a regular, competent human. 12:23 < radicaldev> i.e., not pressing 1 then 2 then 3 then 7 then dialing an account number, then pressing 3 and then 6 and the call drops. 12:23 < detha> I wish you good luck, maybe you will get it to a stage where calling companies becomes an option again. The current options of Press 1 for IVR or foreign-accented call-centre are enough to not even bother 12:23 < Apachez> or just phone a number and have a real human who understands the language to answer 12:24 < radicaldev> detha: That's where we're at. 12:24 < radicaldev> Apachez: This client runs 6k+ concurrent calls every-single-day most hours of the day. 12:24 < radicaldev> Just for this bot shit. 12:25 < radicaldev> That's not including their actual support staff 12:25 < Apachez> so thats 6k+ concurrent customers who dont get the help they payed for 12:25 < radicaldev> 6k customers don't pay 6k salaries. 12:25 < radicaldev> 6k customers probably don't even pay 10 salaries 12:26 < radicaldev> or maybe they do, I dunno... 6k customers != 6k employees though, that's for damned sure. 12:27 < detha> Which brings you back to the original question, how much to charge... At that scale, build-your-own will definitely beat anything you buy 12:28 < radicaldev> detha: Yep. I've got a much better idea about that, now, though. 12:30 < radicaldev> Heh, well I'm off to sleep now. Just remember, if you're ever talking to someone on the phone and realize it's not human, that fucktard from ##networking figured out the right price =) 12:31 < Apachez> so you just went from 6k+ concurrent customers to only 6k customers in total? 12:32 < radicaldev> Apachez: nah, 6k concurrent average, 10k or so peak, average call duration ~2 minutes bot interaction currently, probably less after I get in there. You can do the math. G'night! 12:36 < Apachez> well you for sure obvisouly cant 12:37 < Apachez> if a company have 10k CONCURRENT incoming customer calls they will for sure be able to pay 10k people for answering these calls 12:39 < radicaldev> Apachez: Mm.... Yeah, maybe... Assuming you paid all the support folks about 35k a year, though after you factor in health insurance and so forth, you're looking at 350,000,000 for that support staff which just answers questions like how much does X cost, or what is my remaining balance? 12:40 < TandyUK> [11:23] i.e., not pressing 1 then 2 then 3 then 7 then dialing an account number, then pressing 3 and then 6 and the call drops. <<< No, this is anpther way to piss off customers. 12:40 < radicaldev> Bot costs way less than that. 12:40 < TandyUK> How it works is" I dial 0800123456", it rings 3 or 4 times, then a human being pick up the phones and says "Hello" 12:40 < TandyUK> no need for a stupid bot or IVR 12:41 < TandyUK> use the human to make the decision istead of forcing your customers to sit through a STUPID MENU WOTH NO OPTION THAT SEEMS TO MAKE SENSE 12:41 < TandyUK> sorry caps lol, but it fitted quite well :P 12:41 < radicaldev> Apachez: For the average case, it's about 210 million dollars, but you'd need an additional 4-5k to handle shit like hurricanes and frigid winter storms that take out infrastructure. 12:42 < radicaldev> TandyUK: The bot can understand what you want to do, or what you're asking for. That's the cool part. 12:43 < radicaldev> No stupid options, just say what you want to say and things carry on from there. 12:43 < Apachez> so you seriously claim a company who yearly get 210 million dollars from their customers cannot employ 6000 people to answering calls? 12:44 < radicaldev> no, yearly they get more than 100 billion dollars. 12:44 < radicaldev> Who the fuck wants to spend 200+ million dollars on people to answer simple questions, though? 12:44 < Apachez> of course, 100 billion a year you cant obviously employ 6000 staff 12:44 < radicaldev> They already employ 10s of thousands of people to handle higher tiers of questions 12:45 < Apachez> seems to be a shitty product then 12:45 < radicaldev> Lol. I think you just haven't ever dealt with companies that have 10s of millions of customers 12:46 < radicaldev> I mean, Danielle Bregoli is a customer, ffs. That girl is pure trouble. 12:47 < radicaldev> https://www.youtube.com/watch?v=tsp7IOr7Q9A 12:47 < radicaldev> You really want to pay someone any amount of money to handle her questions about whether her cellphone goes with her gucci flip flops? 12:49 < radicaldev> or would you rather pay the miniscule cost for a bot to tell her she ought to upgrade to the latest whatever to ensure that her personal cellphone is always in style? 12:55 < Apachez> sure I have 12:55 < Apachez> I have also seen companies with stupid employees such as you who cant take critisism 12:56 < radicaldev> Apachez: Not following. Please explain. 12:57 < Apachez> I have wasted enough of time on you :) 12:57 < radicaldev> Apachez: Thank you for your time. 12:57 < skyroveRR> ODODOB 12:58 < Apachez> radicaldev: you are free to pay consultant fee's if you want my help :) 12:58 < skyroveRR> ... 12:58 < skyroveRR> oops. 12:58 < skyroveRR> Hey Apachez 12:58 < Apachez> we usually start our charges at $10k for small cases :) 12:59 < radicaldev> Apachez: Do you take dogecoin? 12:59 < myxenovia> is it not safe if a stranger knows my public IP? 12:59 < myxenovia> or it doesnt matter 13:00 < Apachez> myxenovia: why would it matter? 13:00 < Apachez> are you up into some illegal stuff? 13:00 < radicaldev> myxenovia: It's not safe, no. It can be made more safe, but having a public IP is always a dangerous thing. 13:00 < myxenovia> Apachez no lol. more people knows my public IP, and they could hack me 13:01 < Apachez> yeah I browse internt using rfc1918 addresses 13:01 < Apachez> makes me feel all warm and safe 13:01 < Apachez> myxenovia: Im sure your public ip is between 0.0.0.0 - 255.255.255.255 13:01 < Apachez> does this mean its easier for me to hack you? 13:01 < myxenovia> Apachez what if you know my exact ip 13:01 < Apachez> doesnt matter 13:02 < Apachez> helps if I want to ddos your connection 13:02 < Apachez> other than that I use public info like sending you an email with a link 13:02 < Apachez> whcih you click on 13:02 < Apachez> and download a 0day 13:02 < Apachez> who executes on your computer 13:02 < Apachez> and then connects to a proxy of mine 13:02 < Apachez> and voila 13:02 < myxenovia> you are hacker lol 13:02 < Apachez> I dont know your public ip and I dont have to since its your box who calls me and not the other way around 13:03 < at0m> Apachez: don't need email address, just spam the link here or in a query 13:03 < Apachez> whatever floats your boat 13:04 < myxenovia> im not really good at networking but im not worried now that a lot of stranger knows my public ip 13:04 < Apachez> by now we also know your mums boobsize 13:04 < radicaldev> myxenovia: That's impolite. 13:35 < Apachez> pew pew pew 13:53 < ethicalhacker> boom boom 14:05 < giaco> Hello 14:05 < giaco> cat /dev/random | netcat -u 127.0.0.1 6666 , Ncat: Connection refused. What the hell 14:06 < giaco> UDP is connectionless, there's no possible refuse 14:07 < Forst> perhaps it's referring to an ICMP port unreachable message? 14:08 < giaco> Forst: no, if I drop a netcat -l -u 6666 it works 14:10 < Apachez> sure there are 14:10 < Apachez> if you dont get a reply for the protocol in question you are being refused 14:10 < Apachez> some protocols can also refuse in the reply itself 14:11 < giaco> Apachez: how to create a UDP sink thrashing all the data if nobody is listening? 14:12 < Forst> nc -lu 12345 > /dev/null ? 14:12 < Apachez> giaco: ? 14:12 < mawk> what do you mean "if nobody is listening" giaco ? 14:12 < Apachez> dns sinkholing is a thing 14:12 < Apachez> dns uses udp 14:13 < Forst> drop relevant packets in iptables? 14:13 < giaco> A have a stream of data. I need to consume it into an UDP sink if nobody listens, else deliver the stream 14:14 < mawk> alright 14:14 < giaco> cat /dev/urandom | magic_udp_tool 14:14 < mawk> if nobody listens where ? 14:14 < giaco> cat < magic_udp_tool on the other side? 14:14 < Apachez> what do you mean by udp sink? 14:15 < compdoc> a nice way to clean udps 14:15 < mawk> lol 14:16 < mawk> how is that different from the normal behavior giaco ? 14:16 < mawk> if nobody listens the data is lost 14:16 < mawk> no need for some magic sink thing 14:16 < voidphere37> udp sink is a network sink that sends UDP packets to the network. 14:16 < voidphere37> if im not mistaken 14:16 < Forst> I'm guessing giaco wants no ICMP port unreachable messages in case a port is closed 14:16 < Forst> so that the client can't tell the difference whether it's open or not 14:17 < mawk> it's already the normal behavior 14:17 < Apachez> use multicast then? 14:17 < giaco> do you know how a character device works? I need to do the same, but in udp. It streams data continuously, even if nobody is reading the buffer. 14:17 < Apachez> when client is up switch sends the stream to the client 14:17 < Apachez> when client left then the switch is no longer sending the stream 14:17 < Apachez> or just iptables locally 14:17 < Apachez> if app is down then iptables is up 14:17 < mawk> icmp port unreachable is when the port is REJECTed 14:17 < mawk> if nothing is blocked, it has already the behavior you describe giaco 14:18 < mawk> so just allow the port in iptables and you're done 14:21 < wiresharked_> Sorry about that, my laptop almost died 14:21 < giaco> mawk: the port is not blocked, but cat /dev/urandom > netcat -u 127.0.0.1 6666 returns Ncat: Connection refused 14:22 < mawk> loopback is different 14:22 < mawk> it is explicitely for loopback that you want to do that so ? 14:23 < giaco> also doing cat /dev/urandom > netcat -u 6666 returns Ncat: Connection refused 14:23 < giaco> mawk: my target is loopback, but same netcat behavior stands for remote hosts also 14:24 < mawk> you opened the port in the remote host ? 14:24 < wiresharked_> giaco: Maybe the other host has some ICMP messages blocked 14:24 < giaco> wiresharked_: no, it is not blocket. It is netcat that thinks that UDP is TCP 14:25 < giaco> if I do cat /dev/urandom > netcat -u 6666 it waits without sending anything 14:25 < wiresharked_> giaco: Well that's a little bit weird 14:25 < mawk> yeah sorry giaco you're right 14:25 < mawk> after a little testing 14:25 < mawk> so, udp sink 14:26 < mawk> let's find an iptables match that detects if a port is bound 14:26 < mawk> or you want to do it exclusively client-side ? 14:27 < mawk> to do a correct program client-side is quite a challenge 14:27 < mawk> I'd use a netlink socket to detect when a port is bound 14:28 < giaco> mawk: I need an alternative of a character device. mknod -c is not available, so I was thinking about a local udp "sink" 14:28 < mawk> how is a character device a sink in the way you describe ? 14:29 < giaco> the camera attached to /dev/video0 is not waiting for someone to be consuming the buffer, it just streams 14:30 < mawk> it's special 14:30 < mawk> it's indeed waiting for someone to consume frames 14:30 < mawk> in the kernel a function is called when someone open() the device 14:30 < wiresharked_> mawk: Correct, because it's a virtual device according to the Linux kernel 14:31 < mawk> the two parts of your magic sink are synchronized giaco ? 14:32 < giaco> no. A should keep streaming, B should be able to attach on demand and receive real-time data 14:32 < giaco> mawk: is this what you were asking? 14:32 < mawk> why would you do that ? 14:32 < mawk> yes 14:32 < mawk> why don't you make A just do nothing unless B is attached ? 14:32 < wiresharked_> mawk: That's a bad idea 14:33 < mawk> less bad than generating useless network traffic 14:33 < wiresharked_> mawk: Group policy updates are not "useless network traffic" either 14:33 < mawk> what ? 14:34 < mawk> why is it a bad idea to wait for the right moment to send the data ? 14:34 < mawk> instead of having it sent over the wire just to be discarded later 14:35 < wiresharked_> mawk: It's not. Carrier sense is always an important part of 802.11 14:35 < mawk> I must have missed something 14:35 < mawk> why are we talking about 802.11 and group policy 14:35 < wiresharked_> mawk: OK, I'll stop talking about that in front of you 14:36 < mawk> ? 14:37 < mawk> was that a troll 14:37 < mawk> so, giaco 14:38 < giaco> I do understand that you are suggesting me that keeping the source shut is a green option and that saving the trees is important, but here I have to fire the amazon forest to build a parking lot, so A must be streaming and filling the pipe 14:38 < mawk> lol 14:38 < mawk> alright 14:39 < mawk> so you want buffering ? 14:39 < giaco> how to make netcat not behaving so polite to the wire? Is udp, ffs 14:39 < mawk> it would need to ignore the error that send() returns 14:39 < mawk> a simple patch to netcat would do it 14:40 < giaco> buffering, yes, if possible, a couple of kb would be ok 14:40 < mawk> then you need something on the side of B receiving the packets 14:40 < giaco> on the other hand, if you know another solution that is not netcat (and maybe not udp) but behaves like a character device, I'm hearing 14:41 < mawk> a fifo, for instance 14:41 < mawk> but when the buffer is full it makes an error 14:41 < giaco> a fifo is line buffered and is not consuming on the left side if there's nobody on the right 14:41 < mawk> it's not line buffered 14:42 < mawk> line-buffering depends on the receiver/emitter 14:42 < mawk> you've got a tty, also 14:42 < mawk> that's the perfect embodiment of a character device 14:43 < giaco> mawk: right 14:46 < mawk> write(32001:db8::1:54321]>, "lolilolazuofdisjdsoijfdoisjfids\n", 32) = 32 14:46 < mawk> when I write to a non-bound port, I get no error 14:47 < giaco> mawk: that is what I expect to happen, but netcat Ncat 7.70 ( https://nmap.org/ncat ) is a fluffy jigglypuff and pretends an open port 14:49 < mawk> I did it with "OpenBSD netcat (Debian patchlevel 1.190-1)" 14:51 < mawk> you can patch netcat, or do a quick thing in C 14:51 < giaco> mawk: I always end up with the wrong version of netcat. We need a separate POSIX standard for netcat alone 14:51 < mawk> well I tried with just one line, but when I send more netcat quits, but without making an error 14:52 < mawk> how do you delimitate messages to send ? 14:53 < giaco> mawk: it is a pcm audio stream, no delimitation 14:53 < mawk> so byte by byte 14:53 < mawk> ? 14:53 < giaco> or, well, kind of pcm stream 14:53 < giaco> yes 14:54 < mawk> alright then 14:54 < giaco> frame by frame in burst of 192 14:54 < mawk> you can buffer up to 64k on loopback 14:54 < mawk> ah 14:54 < mawk> so buffer by a multiple of 192 14:54 < mawk> and send 14:54 < giaco> but depends, let's consider them just bytes 14:54 < mawk> alright 14:56 < mawk> if it's exclusively for loopback use why do you want to do that with UDP ? I see dozens of other solutiosn 14:56 < mawk> like using IPC and a notification to know when to send the data 14:56 < giaco> mawk: just found a possible alternative, but not network related. If you are curious, take a look at this (https://stackoverflow.com/questions/8410439/how-to-avoid-echo-closing-fifo-named-pipes-funny-behavior-of-unix-fifos) 14:57 < giaco> but please I'm still interested into the UDP solution 14:58 < mawk> yes I was referring to that behavior when I said fifo 14:58 < mawk> you open it read-write to bypass the lock for when there are no readers 14:58 < mawk> but still, it will make an error when the buffer is filled 14:59 < giaco> no hack to make a fifo drop the exceeding buffer? 15:00 < mawk> you can read it yourself to unfill the buffer 15:00 < mawk> but it's full of race conditions 15:00 < mawk> it's not as cool as a shared circular buffer 15:01 < mawk> which would be the thing you want 15:02 < giaco> that's a very beautiful phrase, my google likes it 15:02 < mawk> lol 15:03 < mawk> maybe there's a nice ioctl for the fifo 15:03 < mawk> let me read the kernel source 15:09 < mawk> there's just one ioctl, FIONREAD 15:10 < mawk> to return the size of the buffer 15:12 < mawk> then giaco just a little C program that transforms input from stdin into datagrams 15:12 < mawk> do you need performance ? 15:12 < giaco> mawk: I've also found .tail -f myfifo > /dev/null' 15:13 < mawk> it consumes data from the fifo 15:13 < mawk> but the data is really lost 15:13 < mawk> what about a tty ? 15:15 < giaco> mawk: how to use a tty this way? I've never really messed with ttys so far. Kind of ashamed 15:19 < mawk> hm 15:19 < mawk> the sink would possess the master side, and the program wanting to read would open the slave side 15:19 < AlexPortable> 802.1Q vs port based vlan? 15:20 < Apachez> AlexPortable: two different things 15:20 < AlexPortable> which do i need 15:30 < x_> hola mi amigos... como estas? 15:31 < AlexPortable> What I want: port 1 to 6 for private network, reserve port 7 and 8 for two different vlans (which can't communicate with other vlans), have another vlan connected to the switch2 (port 5) on port 2. My setup: vlan1, tagged ports 2, member ports 1-6 | vlan2, member ports 7, tagged ports 7 | vlan3, member ports 8, tagged ports 8 15:33 < AlexPortable> x_: im fine thank you 16:03 < momomo> anyone here actuve ? 16:04 < mawk> yes 16:06 < momomo> theoretical: if my fiber broadband provider in sweden has provided me with a "tampered" router, and I am surfing the web with it using wireless, theoretically it can be eavesdropped. However, the question now refers to TOR browser and using GMAIL. If I am using TOR browser with this potentially tampered with router, wirelessly, and despite using the TOR browser, but still on wireless, is it possible that TOR won't 16:06 < momomo> necccessary help me protect my message and/or origin and/or id/ip ? 16:09 < voidphere37> momomo private message 16:15 < light> momomo: your ISP can't easily perform a man in the middle attack on gmail because your browser wouldn't trust any TLS certificate they used 16:18 < Peng> More to the point, your ISP can't MITM Tor either. 16:19 < mawk> momomo: encryption is end-to-end 16:19 < mawk> the router is just a medium 16:20 < momomo> yes, but if my 192.168.10.1 settings produces https://imgur.com/a/Suq54bk 16:20 < mawk> and ? 16:20 < mawk> it's normal 16:20 < mawk> your router interface has a self-signed tls certificate 16:21 < momomo> then theoritaclly someone can pickup that password and perhaps the wireless decryption keys ... so when I aam surfing ... between my laptop and router .. someone can get the traffic 16:21 < mawk> why ? 16:21 < light> wat 16:21 < voidphere37> no 16:21 < mawk> it's a tls connection between your router and you 16:22 < mawk> just register its CA to get rid of the message and prevent later tampering 16:23 < momomo> mawk: you saying a wireless connection with a know password shared between many people ... there is no way that I can eavesdrop on another persons wireless communication ? despite knowing the original password ? i am guessing when he/other person connects to the router, it generates a public/private key for him ... 16:24 < mawk> I wasn't talking about the wireless 16:24 < mawk> but about the https connection 16:25 < light> if you control the AP you can definitely sniff their traffic 16:25 < momomo> yes, so when I login to the router settings ... not over https ... but locally .. you are saying that no one in my surronding using wireshark for instance .. can detect the password to the router in case I update some settings so that they can regain access ? 16:26 < momomo> light: AP ? 16:29 < light> access point 16:30 < light> if you're connecting to a machine on the lan using an unencrypted protocol, like http, people may be able to sniff your traffic. but there's no need to use http when your router supports https 16:33 < varesa> momomo: that "Not secure" doesn't mean it is not encrypted or not using HTTPS 16:34 < varesa> it means that the browser can't validate the identity of the router certificate by the use of a third party Certificate Authority 16:34 < varesa> it is using a so called self signed certificate 16:38 < cluelessperson> how do you guys manage enterprise networks with ipv4 and ipv6? 16:38 < momomo> i am on two channels discussing this so I missed my part here 16:39 < momomo> come over to ##security and if you missed it I will screenshot the conversation there 16:39 < momomo> https://imgur.com/a/l4wc9pY 16:59 < cluelessperson> Does anyone know the full public ip ranges for IPV4? 17:02 < compdoc> just 3 of them, right? 17:03 < djph> cluelessperson: 0.0.0.0/0; less 10/8, 100.64/10, 172.16/12, 127/8, 192.168/16, and 224/4, dunno offhand if 240/4 is public, but it's easy enough to check. 17:04 < cluelessperson> djph: yes, but how do I list those 17:04 < cluelessperson> less 10/8 isn't valid cird :P 17:04 * cluelessperson should rephrase 17:05 < cluelessperson> does anyone know the CIDR notation public ip ranges? :P 17:05 < djph> 10/8 is just as valid shorthand as fe80::/64 17:06 < Alina-malina> how to reject all ip addresses with blackhole and then allow certain ip addresses with ip route? is there any recomended way of doing it when i am going to blackhole 0.0.0.0/0 and after start allowing certain ip addresses? 17:07 < cluelessperson> Alina-malina: reject how 17:07 < cluelessperson> firewall? dns? 17:07 < djph> cluelessperson: I litereally told you. However, it's a right fucking pain in the ass to write 0.0.0.0/5, 8.0.0.0/7 [...] 17:08 < Alina-malina> cluelessperson, send to blackhole any requests or responses 17:08 < djph> Alina-malina: rules 1-n allow; default = blackhole 17:08 < cluelessperson> Alina-malina: send to from what 17:08 < cluelessperson> sounds like firewall, set a drop policy 17:09 < cluelessperson> well, I'm wanting to allow certain subnets to access port 80,443 to the WWW 17:09 < cluelessperson> djph: ^ if I leave it as "ANY" they have access to other subnets 17:10 < Alina-malina> djph, can you be more specific please? thats cool thing, is 1-n ip address? can i do a coma separated? i assume u referring to route function? 17:10 < djph> cluelessperson: so then (1) drop to other subnets; (2) allow any. 17:10 < djph> Alina-malina: no, rule numbers ... e.g. 1,2,3, [...] -- howevermany you need 17:11 < cluelessperson> djph: Ah, then i'd need to inverse my scheme. I'm using a deny default 17:11 < djph> cluelessperson: obviously. 17:11 < Alina-malina> djph, could you please give me some real world example, not sure if i understand correctly 17:12 < djph> Alina-malina: you're creating conditionals, right ... so then create yourself a group of "allowed contact" networks, and then drop everything else. 17:12 < Alina-malina> djph, with ip route function right? and not iptables 17:13 < djph> I'd use a firewall instead of routes, since (IMO) firewalls are less messy. But a routing table could also do that. 17:13 < Alina-malina> djph, well that box i have here has issue with kernel iptables and i have to use ip route unfortunately 17:14 < mawk> if it's for filtering outgoing destinations, ip route isn't adapted 17:14 < djph> then ... replace the box? 17:14 < mawk> you want to do a filter, not real routing rules 17:15 < mawk> even though ip route works to do that, using policy routing to send to a blackhole routing table depending on some criterion, or just using blackhole routes 17:15 < Alina-malina> mawk, well all i want to do is just reject all world and allow 2 ip addresses, but i need to do that with "ip route"specifically, unfortunately i dont have other options for that box right now 17:15 < mawk> in what direction Alina-malina ? 17:16 < mawk> from the internet ? or to the internet 17:16 < mawk> just to be sure 17:17 < mawk> Alina-malina: 17:17 < Alina-malina> mawk, actually i need to allow local ip address submask and 1 external subnet mask, and reject the rest of the world 17:18 < mawk> in what direction ? 17:18 < Alina-malina> incomming direction to the router 17:18 < mawk> you want to allow these ips for connections *from* the LAN ? 17:18 < mawk> yeah but from where 17:18 < mawk> from the internet ? 17:18 < mawk> or from the LAN 17:18 < mawk> let's assume from the lan 17:18 < Alina-malina> i have both networks to deal with, so both ways 17:18 < Alina-malina> hmmm 17:18 < Alina-malina> yes 17:19 < Alina-malina> i guess its LAN 17:19 < mawk> let's also assume that you really can't use anything else than ip route 17:19 < Alina-malina> yes 17:19 < mawk> but remember it's absolutely not the right tool for that 17:19 < mawk> do you've got the command ip rule ? 17:19 < mawk> can you write to the file /etc/iproute2/rt_tables ? 17:19 < Alina-malina> yes 17:19 < Alina-malina> just a moment i check 17:20 < mawk> just check if it's here 17:22 < mawk> let's create a blackhole routing table 17:22 < mawk> printf '150\tblackhole\n' >> /etc/iproute2/rt_tables 17:22 < mawk> assuming 150 isn't taken already 17:23 < mawk> oh it's not necessary actually 17:23 < mawk> you can blackhole traffic directly from ip rule 17:23 < mawk> I forgot it 17:24 < mawk> check if the numbers I give are available using ip rule show 17:24 < Alina-malina> yes there is a file 17:24 < mawk> normally you've got 0, 32766, 32767 17:24 < mawk> if this is homework you can read man ip-rule 17:25 < mawk> to know how to use it 17:25 < mawk> even if it's not homework 17:25 < Alina-malina> i just cat that file and it said: 2 static-table 17:25 < mawk> that's weird 17:25 < mawk> it's not supposed to remove the other canonical tables 17:25 < mawk> they're hardcoded in the kernel source 17:25 < mawk> main, default, local 17:25 < mawk> let's pretend we didn't see anything 17:25 < mawk> focus on ip rule 17:26 < mawk> to add a rule you do: ip rule add priority N ... 17:26 < mawk> replace N by the rule number, between 1 and 32765 17:26 < mawk> and ... by the criterion 17:26 < Alina-malina> mawk, https://pastebin.com/raw/hiKTZU2j 17:27 < mawk> uh 17:27 < mawk> your router is doing something unfortunate 17:27 < mawk> doesn't leave us many room for new rules 17:27 < mawk> what in this static table ? 17:27 < mawk> ip route show table static-table 17:28 < mawk> maybe we can just ignore what the router is doing there 17:28 < mawk> but if the router has effectively a static table mechanism it's maybe better to use it to make your blackhole rules, dunno 17:28 < Alina-malina> no ourput for that command unfortunately 17:28 < mawk> choose the best looking option 17:28 < mawk> ah, so nothing in the table 17:29 < mawk> hmm 17:29 < mawk> so we can use it 17:29 < mawk> perfect 17:29 < mawk> just add the blackhole rules in this static-table thing 17:29 < mawk> there's maybe a web interface to do it, dunno 17:29 < Alina-malina> no web interface console 17:29 < mawk> ah 17:30 < Alina-malina> could you please show me the command to add to specific table? i just dont want to mess up anything on this, i think i should practice in virtual env first 17:30 < Alina-malina> anyways thank you so much for help mawk 17:30 < mawk> ip route add ... table static-table 17:30 < SporkWitch> Alina-malina: man ip route 17:30 < Alina-malina> SporkWitch, /bin/sh: man: not found :) anyways i will try on my other box now before practicing 17:30 < Alina-malina> thanks guys 17:31 < SporkWitch> wtf are you running that's missing man? lol 17:31 < Alina-malina> lol 17:31 < skyroveRR> My distro ;) 17:31 < skyroveRR> It doesn't have man-pages package :D 17:31 < skyroveRR> I've yet to compile one. 17:32 < SporkWitch> no, seriously, because the only non-embedded system i've ever seen without is the deliberately crippled WSL 17:32 < Alina-malina> i dont know what it is, it came with this box out of factory, its a china device storage lol 17:32 < mawk> ip route add blackhole NETWORK table static-table 17:33 < mawk> replace network by 1.2.3.0/24 to block the 1.2.3.0/24 network for instance 17:33 < mawk> if you want to do more precise matching don't use routes, use rules 17:33 < mawk> it's up to you to decide what are you needs 17:33 < mawk> using rules you can match on the source interface for instance 17:34 < mawk> for instance `ip rule add type blackhole priority 10 iif eth1 to 1.2.3.0/24' to match packets incoming from the eth1 interface 17:34 < Alina-malina> nice nice! thanks mawk i learn cool stuff today 17:35 < mawk> replace 10 by the rule number, order them like you want 17:45 < AlexPortable> I've setup VLANs now, but whenever i'm inside a vlan, i can't ping the router, what am i doing wrong? 17:46 < Harlock> sounds liek the vlan is working 17:46 < Terminus> AlexPortable: what Harlock said and also, you don't have a gateway on that VLAN. 17:46 < AlexPortable> how do i setup a gateway 17:47 < Harlock> depends what you want to do and what the switch is capable of doing 17:47 < Harlock> ie can the switch to routing 17:47 < Harlock> er do 17:47 < AlexPortable> it has vlan support 17:48 < AlexPortable> i want my vlan to access the gateway 17:48 < Harlock> but can it do intervlan routing 17:48 < Harlock> and what is your router/gateway device? 17:49 < routingloop> you need to create an interface vlan (SVI) or trunk your vlan to a router subinterface with the dot1q tag 17:49 < AlexPortable> router is isp modem/router 17:50 < AlexPortable> i can set vlan port untagged, tagged, not member 17:50 < AlexPortable> and pvid 17:50 < Harlock> well then you have no real point to use a vlan if the switch can't route 17:50 < AlexPortable> uh 17:51 < Harlock> because you have no vlan support or seperate lan interfaces on the isp gateway 17:51 < AlexPortable> true 17:52 < Harlock> now if you can get your cable gateway bridged then you can run your own router and do stuff like that 17:52 < AlexPortable> hmm i can also include port1 in the vlan config 17:53 < Harlock> i have no idea what your switch can or cannot do 17:53 < AlexPortable> well it can do that 17:56 < RefractiveIndex> Greeting, I want to set up port forwarding in privoxy. This is the addition to the file I got. My doubt. Is there a . at the end of it 17:57 < RefractiveIndex> forward-socks4a / localhost:9050 . 17:57 < RefractiveIndex> Or it could be a mistype 17:58 < sunrunner20> am I remembering 2.4 gig right, 2 and 11 if you can but 6 if you have to have a third? 17:58 < sunrunner20> (channel selection) 17:59 < Harlock> 1 6 and 11 and non overlapping 18:00 < sunrunner20> I've got stuff on 2 unfortunately 18:00 < Harlock> er are non overlapping 18:00 < sunrunner20> I can get it changed maybe 18:01 < RefractiveIndex> Anyone please? 18:02 < Forst> RefractiveIndex: https://www.privoxy.org/user-manual/config.html#SOCKS 18:03 < Forst> it documents the "dots" as well 18:07 < sunrunner20> any better ap recommendations than a unify AP AC Lite for a small 800sq foot area? 18:09 < sunrunner20> overkill probably but I'm tired of consume crap 18:09 < RefractiveIndex> Forst: I see now. Thankyou :-) 18:09 < Forst> RefractiveIndex: no prob :> 18:10 < Forst> sunrunner20: ap-ac-lite is a great choice imo, you might want to choose pro if you have 3x3:3 capable devices 18:11 < sunrunner20> Forst, I don't think I do and wifi is mostly is mostly N devices. My iPhone might be full AC/3x3 but who needs more than like 30mbit on an iphone? 18:12 < momomo> how do you find out an irc users location ? or he/shes ip address ? 18:12 < sunrunner20> momomo, that's considered rude. The closest you'll usually get is what server they were directed too 18:12 < Forst> sunrunner20: well it would make downloads faster :) but yeah, I'm guessing a lite is your best bet for now 18:12 < sunrunner20> which isn't at all reliable 18:13 < sunrunner20> and I'll just run the controller software on my desktop when I need to change a setting 18:13 < momomo> sunrunner20: rude or not, i am just asking ... is that available by default through some command? 18:13 < qman__> the whois contains that information 18:13 < sunrunner20> oh my bad 18:13 < sunrunner20> I assumed you knew whois existed :| 18:13 < qman__> whether or not the server obscures it is up to the administration 18:15 < Forst> sunrunner20: you can even run the controller on a raspberry pi, for example, if you want to collect usage stats and such 18:15 < sunrunner20> I might run it in a freebsd jail if it doesn't consume too much memory. but I've got a PfSense collecting most stats 18:16 < cluelessperson> boot 18:16 < cluelessperson> editting firewall rules on Unifi USG seems to cause it to restart or reset and reprovision sometimes 18:16 < cluelessperson> takes like 2 minutes to reload/boot 18:16 < sunrunner20> ouch 18:16 < sunrunner20> that's nasty cluelessperson 18:17 < cluelessperson> sunrunner20: does that sound normal? 18:17 < sunrunner20> no idea 18:17 < sunrunner20> I'm bad at networking 18:17 < cluelessperson> so am I apparently 18:17 < sunrunner20> I want to make my PfSense box appear transparent 18:17 < sunrunner20> but can't figure out how to do it 18:18 < cluelessperson> sunrunner20: I'm unfamiliar with PFsense, that's a network monitoring tool? 18:18 < sunrunner20> cluelessperson, freeBSD based firewall appliance 18:18 < cluelessperson> sunrunner20: could you mirror a port, so that PFsense sees the traffic, without having pipe traffic through it? 18:18 < cluelessperson> ah, firewall is active 18:18 < Forst> sunrunner20: approx 400M in my case, it requires mongo and java, so it's definitely not lightweight :D 18:18 < cluelessperson> monitoring a mirrored port would be passive, I think 18:19 < cluelessperson> Forst: I dropped, what were you trying to do? 18:19 < sunrunner20> Forst, I can spare 400meg memory. 100gb disk wouldn't be an issue but I know it won't use that much 18:19 < Forst> cluelessperson: I wasn't doing anything :) 18:20 < Forst> and a couple of gigs of storage 18:20 < cluelessperson> Forst: "400M in your case" liar! :D 18:20 < sunrunner20> hrm 18:21 < Forst> what? xD 18:21 < cluelessperson> your/my 18:21 < sunrunner20> I could put a ssd and install ESXi on the firewall box and run it there 18:21 < sunrunner20> but its a pretty puny box 18:21 < cluelessperson> sunrunner20: can't you just create a linux bridge? 18:21 < cluelessperson> isn't that what you'd be relying on esxi, as total overkill to do? : 18:21 < sunrunner20> cluelessperson, need routing and some traffic rules 18:21 < cluelessperson> ah 18:22 < Forst> unifi, esxi, I like the way you think :) 18:23 < sunrunner20> the point is for me to A: have a S2S tunnel back to other home so my two storage appliances can replicate content. B: QoS that traffic and mine in general so I don't hog the houses BW limit and annoy the people I rent from C: Isolate me from the fairly insecure network that they're providing 18:23 < sunrunner20> (appliances can replicate content and I don' thave to have openVPN running on my desktop and laptop all the time) 18:26 < sunrunner20> right now looks like the best way is to run it as a regular firewall and just deal with the double NAT 18:27 < cluelessperson> sunrunner20: I think what's happening is that I'm applying settings too quickly in the controller, and it resets the usg when the configuration doesn't seem to match up. 18:27 < sunrunner20> maybe. easy to test that 18:28 < Forst> you can avoid double nat if you can set a static route on the other device 18:28 < momomo> qman__: whois just shows freenode node 18:28 < momomo> server 18:29 < Forst> momomo: it means that the ip is hidden by the server 18:29 < sunrunner20> and their ip if they don't have it masked 18:29 < sunrunner20> check mine 18:29 < sunrunner20> its not hidden but it is masked 18:33 < AlexPortable> two dhcp servers in the same network, what will happen? 18:38 < detha> AlexPortable: whoever put the second one in will get fired. 18:39 < AlexPortable> oh 18:39 < AlexPortable> can i somehow limit it to some client? 18:41 < Kyosh> alex, first find the dhcp server 18:41 < Forst> generally you should not have multiple dhcp servers in one network segment. why would you want that in the first place? what's the final goal? 18:41 < detha> A dhcp server can be limited to one client - give it a 0-sized pool and one hardwired MAC. 18:41 < detha> however, if the client picks that up is 50/50 18:41 < AlexPortable> thing is my guest network has no support for a DNS server 18:42 < AlexPortable> and some clients just fail to auto assign their own dns 18:42 < detha> Then fix the 'has no support for a DNS server' part 18:42 < AlexPortable> as in replace the device? 18:42 < Kyosh> clients should not assign their own DNS if they are using DHCP 18:42 < Kyosh> in a guest network 18:42 < AlexPortable> true but the normal dns server is in the private network range 18:43 < Kyosh> so rhe guest network provides internet access right? 18:43 < detha> Ehm, clients are free to use whatever DNS they like. The DHCP server should however offer one 18:43 < Forst> provide public dns addresses then 18:43 < Kyosh> then assign 8.8.8.8 for the dns in the guest networks dhcp 18:43 < Forst> google, cloudflare, opendns, whatever 18:43 < Kyosh> yea 18:44 < Kyosh> dont need to offer priate, never the only option 18:44 < AlexPortable> well i mean there is no option to configure that 18:44 < AlexPortable> all dhcp options there are on the guest network are on/off, and ip range 18:45 < AlexPortable> ip, subnet, spanning tree, enable, lease time, start ip, end ip, domain name 18:46 < Forst> consumer level devices should provide dns functionality for guest networks too automatically 18:46 < Kyosh> which dhcp server? 18:46 < AlexPortable> router based 18:47 < AlexPortable> well this one doesnt 18:47 < AlexPortable> time to throw it out i guess? 18:47 < Kyosh> which router? 18:48 < AlexPortable> sitecom wl-312 18:51 < Kyosh> umm 18:53 < AlexPortable> ? 19:11 < pally> Hey guys 19:11 < pally> https://www.fs.com/passive-optical-network-tutorial-aid-202.html 19:12 < Kyosh> and? 19:12 < pally> "OLT is a terminal equipment connected to the fiber backbone. It sends Ethernet data to the ONU, initiates and controls the ranging process, and records the ranging information" 19:13 < pally> Does anyone know what kind of "ranging process" and "ranging information" they're talking about? 19:14 < Forst> pally: http://www.ad-net.com.tw/ranging-mechanism-in-gpon-upstream/ 19:17 < RefractiveIndex> Ok, so if i access someone's Router. The only identity i leave behind is my Mac Address right? 19:21 < pally> One other question, "ONU is a generic term denoting a device that terminates any one of the endpoints of a fiber to the premises network, implements a passive optical network (PON) protocol, and adapts PON PDUs to subscriber service interfaces." 19:21 < pally> What does "PDU" in "PON PDU" stand for? 19:21 < pally> I tried googling it 19:22 < Forst> protocol data unit 19:22 < Kyosh> power distribution unit? 19:22 < Forst> frames, basically 19:22 < RefractiveIndex> Forst? 19:22 < Forst> or whatever they're called in the world of PON 19:22 < pally> Kyosh, yes, that came up, but didn't seem related 19:22 < pally> Forst, thank you sir 19:23 < Forst> RefractiveIndex: all your traffic can be snooped on, so I suggest not to connect to others' network without prior consent of its owner 19:24 < Kyosh> a PON doesnt need power? 19:24 < pally> According to the article, the splitter doesn't require power 19:25 < Forst> correct, that's why it's popular in dense deployment environments 19:26 < Forst> we have such an ISP which covers whole Moscow 19:29 < Kyosh> http://www.bicsi.org/uploadedfiles/BICSI_Conferences/Winter/2015/presentations/Fundamentals_of_Passive.pdf 19:31 < Kyosh> i really wouldnt think that a protocol distrobution unit would apply to a PON since it should be protocol agnostic 19:31 < Forst> well there has to be some low-level structure that encapsulates Ethernet frames or something like that 19:38 < pally> Forst, I have a somewhat silly question about "ranging", is this ranging process performed on a per-session basis? 19:39 < pally> (And yes, I have read the link you sent me) 19:39 < Forst> honestly, I have no idea xD 19:42 < pally> The reason I brought that up is b/c the link you pasted describes the equalization delay that is calculated to simulate a virtual distance whereby each ONU's are located at the same *virtual* distance from the OLT 19:43 < pally> anyway. :-) 19:45 < Forst> well maybe it's redone for every ONU when this virtual distance has to increase/decrease? 19:46 < Forst> just guessing 20:37 < Blueking> anyone knows when ax routers will be available ? 20:44 < djph> when they are? 20:56 < ignamv> hi! 20:58 < ignamv> can anyone recommend reading material to get up to speed on ipv6? For example I just found out that it uses NDP rather than DHCP. Is there a FAQ, guide, book, etc. you recommend? 20:59 < Apachez> ignamv: google it 21:00 < ignamv> thanks! 21:02 < dogbert2> ugh...worked too many hours yesterday/today :P 21:04 < ignamv> Apachez: seriously though, is there something better than google/wikipedia? 21:04 < SporkWitch> ignamv: of course; you can find it with a search :) 21:04 < SporkWitch> read the RFCs 21:05 < ignamv> I'm tempted to keep asking to see how the advice gets worse and worse 21:05 < SporkWitch> the advice is good and will stay the same, as long as you continue to ask google questions 21:05 < ignamv> I can't imagine something worse than reading RFCs though. Except reverse-engineering my router firmware 21:06 < SporkWitch> the only change will typically be that we begin mocking your arrogance and laziness for thinking your time is more valuable than ours 21:10 < Apachez> ignamv: I doubt it, all good material I have located have been through google 21:12 < Apachez> IPv6 Neighbor Discovery (ND) Trust Models and Threats (Neighbor Discovery DoS Attack): 21:12 < Apachez> http://tools.ietf.org/html/rfc3756#section-4.3.2 21:12 < Apachez> Using 127-Bit IPv6 Prefixes on Inter-Router Links (Neighbor Cache Exhaustion Issue): 21:12 < Apachez> http://tools.ietf.org/html/rfc6164#section-5.2 21:14 * SporkWitch spanks Apachez 21:22 < tds> Apachez: is there any advantage to having global IPs on inter-router links in the first place? 21:22 < tds> all of mine are link-local only, I guess global addresses might make troubleshooting easier 21:23 < spaces> SporkWitch I like to be spanked as well 21:29 < AlexPortable> Any recommendations for blocking all traffic except http and https? 21:31 < SporkWitch> use a firewall 21:31 < n3t> AlexPortable: do you want to filter protocols or ports which these protocols use? 21:31 < n3t> But yes, use a firewall. 21:31 < AlexPortable> not sure what's the best way 21:32 < SporkWitch> there's rarely such a thing as best; it's dependent on your threat model 21:32 < AlexPortable> how so? 21:33 < SporkWitch> it's not an absolute; what is best for your situation depends on the threat model, like i said 21:34 < AlexPortable> whcih threat model requires which method 21:34 < AlexPortable> there must be one safer no? 21:35 < SporkWitch> https://lmgtfy.com/?s=d&q=introduction+to+threat+modeling 21:38 < Apachez> SporkWitch: egyptian two-ply threats? 21:38 < n3t> AlexPortable: what do you want to achieve? 21:39 < SporkWitch> n3t: copypasta that psychically identifies his needs and does everything for him 21:39 < n3t> SporkWitch: ;; 21:40 < SporkWitch> n3t: tell me i'm wrong lol 21:40 < AlexPortable> prevent people from using other things than 'normal' internet usage, like downloading torrents 21:41 < n3t> AlexPortable: disable all ports except 80 and 443 on your router to leave http(s) only. 21:41 < SporkWitch> make sure you set it on the dest port, not source port 21:42 < AlexPortable> although this could still let someone use 'service x' on port 80 21:42 < AlexPortable> for example ssh 21:42 < n3t> AlexPortable: if someone is that smart, he will bypass your restrictions anyway. 21:42 <+catphish> AlexPortable: use a firewall 21:42 < n3t> AlexPortable: someone can always tunnel all the traffic via https. 21:42 < AlexPortable> what more is there possible to bypass? 21:42 < ignamv> other links worth skimming: http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/index.html https://csrc.nist.gov/publications/detail/sp/800-119/final 21:43 < AlexPortable> well but that tunnel won't allow him to download with my ip 21:43 < ignamv> I take back what I said, the RFC for SLAAC has a nice summary at the beginning 21:43 <+catphish> AlexPortable: also consider why you are doing this, it can be an annoyance to users 21:44 <+catphish> anyway, the answer is the same, only allow the ports for the services you want to allow 21:54 < qman__> Yep, drop outbound by default and add rules for http and https, and presuming you want dns, so that too 22:06 <+catphish> yep, or run your own dns internally 22:09 < Al_nz1> Hi. I want to connect my PC to my phone's hotspot. I also want and IP camera plugged into my PC to use the phone (via the PC) as a gateway. Is this possible on windows? 22:20 < whatsupdoc> somone plz help https://i.imgur.com/Vkb226Z.png 22:22 < at0m> whatsupdoc: some plz explanation to go with that or should we all just click 22:24 < SporkWitch> whatsupdoc: If you have a question, just ask! For example: "I have a problem with ___; I'm running Debian version ___. When I try to do ___ I get the following output ___. I expected it to do ___." Don't ask if you can ask, if anyone uses it, or pick one person to ask. We're all volunteers; make it easy for us to help you. If you don't get an answer try a few hours later. 22:27 < whatsupdoc> Consider the use of the go-back-n protocol where n=3 for error control for communication from A to B. A packet from A to B, and an ACK from B to A are received in error. 22:27 < SporkWitch> homework question; read your textbook / ask your TA 22:27 < whatsupdoc> It's a weekend!! I can't wait 3 days 22:28 < SporkWitch> hope your textbook is good 22:28 < whatsupdoc> nope :( 22:28 < SporkWitch> whelp, GIYF 22:29 < whatsupdoc> I tried :( 22:30 < whatsupdoc> Does anyone know go-back-n protocol? 22:30 < SporkWitch> many people do; so does google 22:30 < whatsupdoc> If receiver receives a packet and sends a ACK but the ACK fails, does RN still get updated? 22:30 < SporkWitch> https://linuxmafia.com/faq/Essays/smart-questions.html 22:31 < whatsupdoc> https://i.imgur.com/1lComk5.png 22:33 < SporkWitch> don't worry about it, it's a simple html page 22:33 * SporkWitch debates mirroring it to head off those complaints 22:36 < whatsupdoc> Is there a bug https://en.wikipedia.org/wiki/Go-Back-N_ARQ 22:37 < whatsupdoc> Sm = N + 1 ?? 22:37 < whatsupdoc> Did they mean N - 1????? 22:38 < whatsupdoc> Why N+1?? 22:39 < whatsupdoc> I changed it 22:45 < SporkWitch> oh neat, there's an updated version ^^ http://www.catb.org/~esr/faqs/smart-questions.html 22:46 < whatsupdoc> "Please refrain from harassing or offensive comments." 22:47 < Apachez> SJW detected 22:49 < SporkWitch> whatsupdoc: instructing you how to find the answer to your homework question as well as providing materials guiding you on how to ask _good_ questions is neither harassment nor offensive. 22:51 < whatsupdoc> harassment and offense is subjective 22:51 < DoctorDick> What the fuck is wrong with you 22:51 < whatsupdoc> if i claim that i feel harassed or offended, then you have no right to say that i'm not 22:51 < hexein> a thid party may determine you were harrased 22:51 < SporkWitch> whatsupdoc: do not change wiki pages for things that you know nothing about; i've corrected the damage you did 22:51 < whatsupdoc> fml :( 22:51 < hexein> hence courts 22:52 < hexein> Shame 22:52 < SporkWitch> hexein: legality and reality don't always match up; offense can never be given, only taken, and it doesn't mean the offended party isn't a braindead snowflake 22:54 < whatsupdoc> how about instead of editing my wiki edit, you tell me why i'm wrong 22:54 < whatsupdoc> IS IT BECAUSE OF SYN AND FIN?? 22:54 < at0m> whatsupdoc: when you can't argue why you should be right, you probably shouldnt edit the wiki. 22:54 < hexein> ^ 22:55 < Apachez> no please do 22:55 < Apachez> I need something to laugh at tonight 22:55 < SporkWitch> Apachez: i already reverted his changes 22:55 < whatsupdoc> i understand the concept 22:55 < SporkWitch> Apachez: you can see them in the history, though 22:56 < Apachez> 130.86.101.181 ? 22:56 < Apachez> so now we can evil haxor whatsupdoc home connection? 22:57 < SporkWitch> university of san diego 22:57 < whatsupdoc> that ip address is a school ip address and it's not even my school 22:57 < SporkWitch> i wonder what would happen if i emailed their sysadmin to let them know someone is using them to proxy their wiki vandalism... 22:58 < Apachez> so you wnat be sad if that gets abuse reported and shutdown by the netadmin? 22:58 < whatsupdoc> i swear the things you do instead of just simply helping a random pleb 22:58 < Apachez> SporkWitch: great minds think alike ;) 22:58 < SporkWitch> it's a homework question; we've provided you help 22:58 < whatsupdoc> you think i'm dumb???? 22:58 < growp> Hello 22:59 < whatsupdoc> i'm not smart but i'm not dumb 22:59 < SporkWitch> i don't think anyone's called you dumb; lazy? absolutely 22:59 < growp> What is the best custom firmware for monitoring your network and blocking sites to guests? 22:59 < SporkWitch> growp: https://lmgtfy.com/?s=d&q=What+is+the+best+custom+firmware+for+monitoring+your+network+and+blocking+sites+to+guests? 22:59 < whatsupdoc> if i was lazy i wouldn't be trying to figure this question out and i would just guess and get partial credit 22:59 < SporkWitch> if you weren't lazy you would use the resources you've been directed to 23:00 < growp> whatsupdoc: ignore SporkWitch, that’s a stupid troll 23:00 < whatsupdoc> if you weren't lazy you'd be that resource 23:05 < hexein> lol 23:13 < whatsupdoc> https://ocw.mit.edu/courses/aeronautics-and-astronautics/16-36-communication-systems-engineering-spring-2009/lecture-notes/MIT16_36s09_lec18.pdf 23:13 < whatsupdoc> MIT IS WRONG????? 23:13 < whatsupdoc> SN_min+N-1 23:20 < mawk> go away whatsupdoc 23:20 < Anatzum> I'm about to run some cable to a room that gets terrible wifi in my house, I'll be using cat5e. I've heard that with cat6 you need a plug/connector specifically for cat6 but what about cat5 vs cat5e. Is there any difference in the connector between those 2? On amazon, I see a lot of connectors labeled for cat5/cat5e/cat6. Is this just terrible marketing? 23:21 < SporkWitch> wonder how long it'll take Mr. Oakes to track down how he's using their network and boot him 23:21 < whatsupdoc> It's because of SYN and FIN 23:21 < whatsupdoc> i'm not stupid 23:21 < SporkWitch> Anatzum: that doesn't make sense to me; RJ-45 is just a hunk of plastic and some metal, no shielding or anything... 23:21 < whatsupdoc> But that's dumb imo 23:22 < SporkWitch> whatsupdoc: ask your professor 23:22 < whatsupdoc> I don't need to ask anyone becuase i'm correct 23:22 < Forst> 8P8C 23:22 < Anatzum> SporkWitch: So it's all just a RJ-45 connector. The difference is the cable itself and the connector is the same for all of them? 23:23 < hexein> Rj-45 is the cat-5 connector 23:23 < hexein> u can buy the tool to make them yourself 23:23 < SporkWitch> Anatzum: technically speaking there's no reason you HAVE to use an RJ-45 connector, but yes, there's only one kind of RJ-45 23:23 < hexein> and find the pattern online 23:23 < hexein> get a box of wire and u have custom ethernet cables 23:25 < hexein> no special connector is nedded to receive them; all modems, routers will be ok with RJ-45 23:25 < Anatzum> That makes sense, I just though I read somewhere that cat6 needed a connector designed for it because of the larger gauge so using a plug designed for cat5e on a cat6 cable is usually not a good idea. 23:27 < SporkWitch> wat? lol 23:29 < Anatzum> http://www.cat-5-cable-company.com/faq-CAT%206%20Plugs-On-CAT5E-Cable.html this is what I read about why the difference in plugs matter. 23:29 < Anatzum> Not sure how valid that is or anything just thought I'd ask here to be sure. 23:29 < SporkWitch> that domain name doesn't sound like someone trying to sell something AT ALL lol 23:32 < Anatzum> Well if the plug doesn't matter between the cat5 and cat5e then i'm good. I've repaired cables before but this is the first time buying some bulk on amazon and I'm always wary about their descriptions on stuff. 23:34 < SporkWitch> RJ-45 == RJ-45 23:37 < Anatzum> Thank you, I understand that now. I always like to ask here to double check then question what I find on the interweb lol. 23:40 < EgoAleSum> hi, sorry if this is a stupid question. I’m thinking of buying the Netgate SG-1000 firewall ( https://www.netgate.com/solutions/pfsense/sg-1000.html ). everything should be fine, I am just concerned with the fact that throughput is only 100mbps. The place where this is getting installed has an internet uplink of 20mbps, so the internet connectivity is not an issue, but will using this firewall slow down my entire LAN? Or, for as long as I use giga 23:40 < EgoAleSum> switches, i should be able to get gigabit throughput in the LAN? 23:42 < Forst> traffic inside LAN would not leave the switch, so you'll be fine 23:51 < EgoAleSum> i’m reading a lot of bad reviews about that firewall btw. lots of people saying they don’t get anything near 100mbps, and sometimes as low as 10mbps. do you have any experience? 23:53 < mawk> why do you want that firewall in particular ? 23:53 < mawk> is it for an enterprise ? 23:53 < EgoAleSum> mawk: no, this is for a home 23:54 < EgoAleSum> mawk: they’re using pfSense already, but with a custom-made unit that doesn’t support hardware-accelerated AES, so pfSense 2.5 won’t work --- Log closed Sun May 06 00:00:10 2018