--- Log opened Sun May 06 00:00:10 2018
00:01 < SporkWitch> no hardware acceleration sounds like it explains the poor performance
00:03 < Kryczek> mawk: good to know (about libmnl, RTMGRP_IPV4_IFADDR, etc) thanks!
00:07 < SporkWitch> i need to set up SPF and DKIM but i'm LAZY >_<
00:07 < mawk> here's the minimal boilerplate Kryczek : http://paste.suut.in/ONOiRPvr.cpp
00:08 < Kryczek> awesome :) thx
00:09 < Kryczek> SporkWitch: in DNS and/or in your mail servers?
00:09 < Kryczek> the former takes 5 minutes
00:09 < SporkWitch> the latter takes about 10; like i said, i'm LAZY lol
00:09 < SporkWitch> i've done it before, it's cake
00:09 < tds> remember DMARC as well :)
00:09 < SporkWitch> yup
00:10 < tds> and might as well enable DNSSEC while you're at it
00:10 < tds> (assuming you're with a decent tld and registrar)
00:10 < spaces> SporkWitch did you spank me already ?
00:10 < SporkWitch> the email stuff first; dnssec i've never actually looked into, so that would take more time
00:10 < SporkWitch> spaces: you haven't earned it
00:10 < Kryczek> speaking of which, got my first <dkim>fail</dkim><spf>fail</spf> DMARC notification the other day :D
00:10 < spaces> SporkWitch why not ?
00:10 < Kryczek> take that, spammers!
00:17 < Kryczek> tds: do you know if there is a way to get what email address the spammer was trying to impersonate? Google's DMARC report only says some IP in Taiwan was trying to impersonate my domain but not which user@
00:18 < tds> Kryczek: is this with gmail/google apps email/whatever it's called now?
00:19 < tds> I'm not familiar with it personally, but if you take a look through the headers you should be able to find the details
00:20 < Kryczek> no no I meant I got a DMARC report from Google because the spammer was sending to Google
00:20 < Kryczek> could have been anybody else supporting DMARC
00:25 < tds> hmm, not sure - I guess if they're not included in the standard report you won't be able to get the details, unless you have access to additional google tools
00:27 < Kryczek> apparently I got only the aggregate report, not the forensic report... maybe I need to make the RUA and RUF addresses different
00:27 < SporkWitch> can't remember myself; been a while.  i know there's tools to parse them
00:28 < Kryczek> ah: "Google does not support the DMARC ruf tag for the distribution of
00:28 < Kryczek> forensic reports."
00:28 < SporkWitch> how wude
00:29 < tds> hmm, so do google just not send forensic reports at all?
00:29 < Kryczek> indeed, according to https://support.google.com/a/answer/2466563?hl=en at least
00:37 < Project86__> I changed nameserver 1 in my resolv.conf the other day, idk what the second one was. But on reboot, it changed nameserver back to hitronhub. Am I not activating dns properly?
00:38 < mawk> I get those too Kryczek
00:38 < mawk> I wonder how these spammers got my domain name
00:38 < mawk> I'm not referenced on any polite search engine
00:39 < mawk> scanning the whole ipv4 space is easy, but the whole domain space isn't
00:40 < SporkWitch> the amusing one for me is the phone spam.  Never had an issue in the past, never bothered paying the extra for the whois privacy, but the instant i register a .com i get 5+ spam calls/day lol
00:41 < SporkWitch> luckily google fi's block list is server side, so it's been decreasing as i add anything that doesn't leave a legitimate voicemail to the blocklist lol
00:56 < Peng> mawk: Domains mostly aren't secret. You can usually download or buy domain lists or zone files for many TLDs.
00:56  * spaces bitchslaps SporkWitch with a salmon 
00:57 < SporkWitch> spaces: fuck off
00:57 < spaces> SporkWitch relax man
00:57 < SporkWitch> Peng: whois listings are public, though most registrars offer "whois privacy" however that works; i just don't bother
00:57 < SporkWitch> spaces: don't ping me for no reason, man
00:58 < spaces> SporkWitch it was a reason ;) a very good one as well
00:58 < SporkWitch> sit on a cactus and spin
00:59 < spaces> SporkWitch I don't have a cactus
00:59 < SporkWitch> fuck off
00:59 < spaces> SporkWitch temper you language please
00:59 < SporkWitch> fuck off
00:59 < spaces> SporkWitch temper you language please
01:00 < SporkWitch> catphish: mind getting rid of this piece of shit?
01:00 < spaces> SporkWitch deal with it yourself and use /ignore instead to try to become friends with the ops
01:00 < SporkWitch> or you could fuck right off you kiddie diddling piece of shit
01:01 < spaces> catphish ^ you might like such behaviour :)
01:02 < Disconsented> SporkWitch> Stop throwing a tantrum on IRC please
01:03 < SporkWitch> you can fuck right off too
01:13  * spaces hugs Disconsented 
01:14 < spaces> Disconsented after the hugs the spanking starts to :P
01:14 < spaces> tho
01:40 < Apachez> what if want to fuck left on?
01:54  * dogbert2 just ordered this: https://www.synology.com/en-us/products/DS218+
01:56 < Apachez> dogbert2: now what did we tell you last time you were drunk and ordered stuff online?
01:57  * dogbert2 doesn't get drunk
02:05 < Epic|> Why such a tiny little girl nas
02:06 < Rusty78> Environment: Ubuntu 17.10x64 VM on Vultr.
02:06 < Rusty78> Problem: For the life of me I can not get my VPS to use a HTTP proxy to connect to the outside internet.
02:06 < Rusty78> Question: Any idea why I cannot get this to work? And any ideas on how I can make it work or another VPS provider I could use that would allow it to work?
02:08 < Rusty78> Context: I know how to use/setup HTTP proxies on Ubuntu. I have done it many times on my local machine. However, none of my attempts with VPS services have allowed me to connect to the outside internet using them.
02:13 < dogbert2> for home use, I don't need somethng large
02:24 < tds> Rusty78: what proxy are you attempting to connect via?
02:24 < tds> I'd be surprised if vultr were actually blocking tcp connections out to certain other services
02:25 < Rusty78> tds: I've tried DA, vultr, and EC2 and none of them are allowing me to connect
02:26 < Rusty78> I am using this curl command to test the proxy: curl -x http://146.185.200.89:8080 --proxy-user *Username*:*Password* -L https://google.com
02:26 < Rusty78> It works on my local machines but fails on all of my VPS instances
02:28 < tds> who operates that proxy? is it possible it's firewalled to only allow connections from a certain ISP?
02:29 < Rusty78> I bought a list from this service: https://buy.fineproxy.org/eng/
02:29 < Rusty78> Looking through their FAQ to see if they block any connections, I don't believe they do
02:32 < Rusty78> tds: Oh I just saw a setting that locked my IP to authorization, looking at it now. Thank you so much for the suggestion!!
02:34 < tds> Rusty78: either way, I'd probably advise against proxying your traffic via random services you've found on the internet
02:34 < tds> if you want to do something like that, I'd just do it on a VPS from a company you trust
02:35 < Rusty78> tds: It's for security-testing my software from crackers/spammers. The information is randomized and not trusted
02:43 < Project86__> When people talk about changing dns to hide activity from isp, is it just a single .conf to change, or do you need to make your machine an actual dns server?
02:45 < Project86__> Idk if u just change the resolver, or if it takes a lot more than that
02:46 < Project86__> Could use a helpful pointer
02:53 < SporkWitch> Project86__: all it "hides" is the lookup from their DNS server logs; you need to take extra measures if you're trying to hide the DNS lookup itself, and that's pretty much moot too, since you eventually need to send to those IPs.  It's not a particularly useful endeavor, IMO.  The better reason is that ISPs tend to do sketchy stuff with their lookup failure pages
02:53 < SporkWitch> Sometimes they also deliberately omit entries (e.g. piratebay)
02:54 < SporkWitch> if AOL were still an ISP i could get really creative with all the nastiness they could pull, even without forcing you to use their terrible client
02:54 < SporkWitch> s/could pull/would pull/
03:04 < UnsaneVirusez> No one is talking
03:06 < MarkusDB1> I've gotten my hands on a zyxel gs1900 smart managed switch, going to use for the gigabit part of a home lan. Is that a good switch?
03:25 < Project86__> SporkWitch: so if I were to change my dns resolver, it would hide my "piratebay" search from my isp?
03:26 < Project86__> And what extra steps to hide the dna lookup itself?
03:26 < cr1t1cal> what is the point of having mail access protocols like POP3 when a mail client on a user's computer can just invoke the mail server and retrive inbox contents whenver the client starts up
03:27 < Project86__> I saw a tut on creating your own dns server, and thought that meant I could bypass the subservers straight to one of the 12 main ones, cutting out middleman, increasing speed, and hiding what I do
03:29 < Project86__> Another thought on the topic, I've heard you can do dns resolution WITHIN your VPN. What's the point of this?
03:30 < Project86__> Isp sees your search, sends to VPN so others can't see, then make it look like it didn't come from VPN?
03:31 < Project86__> Or is it just to boost speeds?
03:32 < SporkWitch> cr1t1cal: what do you mean?
03:40 < SporkWitch> sorry, had to reboot, didn't see your response if you did response to my query
05:04 < patientplatypus> https://stackoverflow.com/questions/50195896/how-do-i-get-one-pod-to-network-to-another-pod-in-kubernetes-simple
05:09 < Project86__> SporkWitch: did u get my response?
05:11 < SporkWitch> Project86__: i did not; had to reboot and the playback on my bouncer is borked lol
05:11 < Project86__> It was a lot lol.
05:12 < Project86__> 8:25:05 PM <Project86__> SporkWitch: so if I were to change my dns resolver, it would hide my "piratebay" search from my isp?8:27:45 PM <Project86__> I saw a tut on creating your own dns server, and thought that meant I could bypass the subservers straight to one of the 12 main ones, cutting out middleman, increasing speed, and hiding what I do8:29:35 PM <Project86__> Another thought on the topic, I've heard you
05:12 < Project86__> can do dns resolution WITHIN your VPN. What's the point of this?8:30:51 PM <Project86__> Isp sees your search, sends to VPN so others can't see, then make it look like it didn't come from VPN?
05:23 < SporkWitch> if you're not using a VPN, the privacy issue isn't really a factor, they can still see it all
05:23 < SporkWitch> as to DNS within VPN, the query is sent over the VPN so origin appears to be the VPN server
06:05 < spaces> SporkWitch that depends on the VPN setup
06:05 < vrederv> Hey folks I was wondering if the DHCP option 1 (subnet mask) is compulsory. I think it has to be because how else do clients figure out their subnet mask.
06:05 < SporkWitch> spaces: standard configuration is for everything to go over VPN; split tunnels are generally discouraged and are not applicable to the case in question, as it would defeat the point
06:06 < spaces> SporkWitch you are wrong again, check openVPN it's not ;)
06:06 < spaces> all traffic is default also done over local and not VPN
06:06 < spaces> you need to add the route
06:07 < spaces> you need to add the dns servers, all of it
06:07 < spaces> but I'm off, latwer
06:07 < SporkWitch> you misconfigured your openvpn; that's not my problem.  and while you're busy pushing incorrect information, use your punctuation instead of spamming
06:08 < spaces> SporkWitch I didn't misconfigurate anything, how can you know ? it's a common question why VPN's don't work... because it's default not set. So you default statement is pretty wrong
06:08 < SporkWitch> i didn't say default configuration, i said standard configuration.  you misconfigured your openvpn
06:09 < spaces> SporkWitch it seems you are the knowall here, I see you for the first time in years, so hold back please ;)
06:09 < SporkWitch> spaces: i don't even remember you, which is surprising, i'd expec to remember someone as incompetent as you, but since you've been absent (apparently for years?) i guess it's not too surprising
06:10 < spaces> SporkWitch again, I did not configurate anything at all, can you please stop insulting people like that ? you are wrong my dear mate. You are stating sh*t without any knowledge
06:10 < spaces> stop that, more people seem to have complained earlier.
06:10 < spaces> SporkWitch some people don't have to work ;)
06:10 < SporkWitch> spaces: one should never be insulted by the truth, and the fact that you're reporting non-standard behaviour means you either misconfigured it or deliberately set it up in a non-standard way
06:11 < SporkWitch> regardless, as usual, you're wrong, now fuck off
06:11 < Disconsented> Who shat in your corn flakes?
06:11 < SporkWitch> braindead fuckwits like the above
06:11 < spaces> SporkWitch but again, good luck with it, I will ignore you as you are using too much bandwidth which could be better used for betetr people later!
06:11 < precise> Disconsented: ...me?
06:11 < precise> I thought no one was eating them
06:11 < precise> ..
06:11 < precise> sry
06:12 < spaces> precise some people take everything they can get
06:12 < precise> :/
06:12 < precise> I take all the shits I can get
06:13 < spaces> precise pass them so SporkWitch he seems to like making more out of it :P
06:13 < SporkWitch> fuck off
06:13 < spaces> ok I'm away for a nap
06:13 < skyroveRR> hah
06:13 < skyroveRR> Hi spaces
06:13 < skyroveRR> * SporkWitch
06:14 < SporkWitch> skyroveRR: don't encourage it
06:14 < Disconsented> catphish, danieldg, pppingme, StevenR or xand I see none of you are marked as away, can you please deal with ^
06:14 < precise> heh
06:14 < Disconsented> huh
06:14 < Disconsented> thats neat
06:14 < Disconsented> sigyn points out mass nick mentions
06:14 < SporkWitch> considering the number of bots that mention spam, are you surprised?
06:14 < spaces> Disconsented I just /ignored him, it's great!
06:15 < Disconsented> I thought it was still running off flooding rather than mass nicks
06:16 < SporkWitch> it's probably a combination; mass mention gets a warning, repeat mass mention triggers the kline earlier.  would make sense to differentiate between a dumbass that pasted here instead of pastebin vs blatantly obvious and intentionally disruptive spam
06:16 < kline> SporkWitch, channel ops can choose to do that
06:17 < SporkWitch> kline: i'd apologize for the mention, but you kind of bring it on yourself lol
06:17 < kline> no need to apologise
06:17 < kline> i can mute irc whenever i want
06:17 < SporkWitch> kline: basic etiquette, don't mention people for no reason :)
06:17 < kline> staff dont count
06:18 < SporkWitch> kline: i'm inclined to disagree, it just means the potential reasons are larger in number
06:18 < precise> People mention me all the time
06:18 < SporkWitch> precise: that's because it's september, unfortunately >_<
06:18 < Disconsented> I wonder why
06:18 < precise> I really need to adjust my highlight criteria
06:18 < precise> I'm too lazy
06:18 < precise> even precisely gets me a ping
06:18 < precise> lol
06:19 < Disconsented> I've had to filter out mentions that are not at the start of a message due to the bots
06:19 < Disconsented> Which seem to have given up recently
06:19 < Disconsented> Either that or I've ignored all of their messages
06:19 < SporkWitch> youch; mine ignores my name unless followed by nothing, a space, colon, comma, or period.
06:19 < precise> or kline has been busy ;)
06:19 < SporkWitch> huzzah for sane defaults
06:20 < kline> Disconsented, its exam season, all the school students who run up botnets on mommys card are busy just now
06:20 < kline> give it a few weeks
06:20 < precise> kline: that sucks :/
06:21 < Disconsented> precisely
06:21 < precise> heh
06:22 < precise> I suggest when we find sources of botnets, we send them to gulag
06:22 < Disconsented> The bitcoin mines?
06:22 < precise> Yes
06:22 < precise> But dont let them mine bitcoin
06:22 < precise> ...Make them mine dogecoin
06:23 < precise> Everytime you mine it barks memes at u
06:25 < SporkWitch> make them do it with pen (not pencil), paper, and an abacus (sp?)
06:30 < Project86__> SporkWitch: so then there's not much of a way to hide what your isp sees?
06:31 < SporkWitch> Project86__: they're the gateway, unless you tunnel everything over a VPN, they're going to see the traffic, and even then they'll know the IP of your VPN endpoint
06:32 < Project86__> That's why I was asking if I configured my machine to act as router, and be setup as a dns server, I could get around the isp altogether, no?
06:33 < SporkWitch> Project86__: think that through; where's that DNS server getting its records from?
06:33 < Project86__> True
06:33 < precise> SporkWitch: Point it to a non-ISP DNS server w/ DNSSEC?
06:34 < Project86__> Unless VPN. Then the dns is getting it from there correct?
06:34 < precise> If setup that way
06:34 < SporkWitch> precise: i've not gotten around to researching DNSSEC yet, i'm not clear on what it offers or how it works
06:34 < precise> I've seen a few that just routed the DNS through the VPN, back to the ISP DNS servers
06:34 < precise> Project86__: ^
06:34 < SporkWitch> that's hilarious lol
06:34 < precise> Yeah
06:34 < Project86__> precise: nicee
06:34 < precise> The DNS client just reuses some of the DHCP lease options
06:35 < precise> s/DNS/VPN
06:35 < precise> am tired
06:35 < SporkWitch> stuff like that always makes me think of this: http://trollscience.com/image/f/full/8c6ac6fe0aa5ec1952e8e274f6df0f5e.jpg
06:35 < skyroveRR> hehe
06:35 < precise> lol
06:35 < skyroveRR> SporkWitch: lol
06:35 < Project86__> Any tuts or links u could point me to precise ?
06:36 < precise> Project86__: To set up a VPN?
06:36 < Project86__> The way you described
06:36 < precise> One sec
06:36 < precise> Project86__: Where is Cloudflare on your reputation scale?
06:38 < Project86__> Wait, what? Idk who sent that and what it means. Or how u.did it lol
06:38 < precise> Project86__: ?
06:39 < Project86__> I gotta a little grey message thingy from someone https://usercontent.irccloud-cdn.com/file/HoSRpnNs/Screenshot_20180505-233907.png
06:40 < Project86__> Nvm lmao
06:40 < precise> Project86__: ok..?
06:40 < Project86__> precise: never used cloudfare, why?
06:41 < Project86__> (And I meant nvm to my stupidity, not to your questions and help)
06:42 < precise> Project86__: ok lol
06:43 < precise> Project86__: I cant find any straight away tutorials, but the gist is you are simply shifting trust. Do you trust a random DNS server w/ some security features more than your ISP?
06:43 < precise> Same goes to VPNS.
06:44 < precise> VPN will be most simple, as long as you can verify that your DNS traffic is being tunneled through the VPN, to the server of your choice.
06:45 < precise> Easiest, best case scenario is a paid VPN service with some privacy, then another provider for DNS with DNSSEC, DNS over TLS, etc.
06:45 < SporkWitch> Project86__: what do you mean? are you talking about the join message? lol
06:45 < SporkWitch> (grey message thingy)
06:45 < precise> Best of the best case scenario is rolling your own multinode VPN network and DNS servers
06:47 < Project86__> I prefer free for now lol. No matter how frustrating. But was hoping I could have it all, hide from isp, as well as reached sites via vpn
06:48 < Project86__> SporkWitch: now, the time thingy changed, so his 2nd message to me popped under "new messages", I thought it was like a whisper chat lol
06:48 < precise> Project86__: free VPN is logged
06:48 < precise> Always.
06:49 < SporkWitch> ah lol
06:49 < precise> If you want free, role your own, but even then, that's like $5/month
06:49 < Project86__> OpenVPN is logged by YOU
06:49 < precise> OpenVPN is just a protocol and client
06:49 < precise> You still need to run the VPN server somewhere
06:50 < precise> Project86__: If you want free but as much privacy as possible on $0, find a 3rd party DNS server that offers DNSSEC or DNs over TLS.
06:51 < SporkWitch> before we go much further down this rabbit hole, i'm compelled to point out: no one gives a shit about you, Project86__.  You are not the target of a global government conspiracy.
06:51 < precise> SporkWitch: No, but he's not afraid of the government.
06:51 < precise> SporkWitch: He stated he wants to hide his shit from his ISP.
06:51 < precise> I don't blame him.
06:51 < precise> Why pay twice for internet?
06:51 < SporkWitch> fair, i just feel compelled to point it out when we start going down this path
06:52 < precise> SporkWitch: Yeah, I get it.
06:52 < precise> I hear that alot SporkWitch ;)
06:52 < SporkWitch> SOOOOO many nuts these days
06:52 < precise> Eh
06:52 < skyroveRR> lol
06:52 < precise> People are crazy, but you cant just turn your head and cover your ears...
06:52 < skyroveRR> On IRC, you can. With /ignore.
06:52 < precise> I mean you can...
06:52 < precise> But you shouldn't
06:52 < precise> skyroveRR: lol
06:54 < SporkWitch> precise: i seem to run into the real crazy ones; had one in ##security earlier talking about how you should physically go to a store to buy hardware so "they" (presumably the illuminati) don't intercept the web order and send compromised hardware.  As if even a government is going to do something so easily detected, difficult to pull off, and cost-prohibitive.  It's literally easier to compromise
06:54 < SporkWitch> the factory and cover all the devices
06:55 < skyroveRR> SporkWitch: you realise that's too far fetched and rare?
06:55 < SporkWitch> "threat modeling" seems to be a VERY foreign concept to the current generation
06:55 < precise> SporkWitch: It's happened on a few occassions and has been linked to the NSA via leaks, but your right. Unless you are a major target, (list of <100) that would never happen.
06:55 < spaces> why the hack is IT so attractive ? I cannot sleep because of all the ideas I have again
06:56 < Project86__> I guess I'm just confused or not saying things the right way. Intended to have my own OpenVPN server running (connected somewhere) and also find a way to utilize the dns stuff, so isp of connected server, has no idea what's going out, or coming in
06:56 < SporkWitch> precise: i'm skeptical of even that; far more likely that at least a large batch were compromised.  Too easy to detect something like that by simply comparing a couple of the same model, unless we're looking at dopant-level attacks, in which case we're DEFINITELY looking at a compromised fab, so why do just one device?
06:57 < precise> SporkWitch: It was intercepted at a shipping center IIRC.
06:57 < SporkWitch> precise: that kind of goes to the "too hard to pull off and too easy to detect" parts of my comment lol
06:57 < precise> SporkWitch: If they are a high profile target...
06:57 < precise> I mean...
06:57 < precise> They deal with budgets that don't even exist...
06:58 < precise> Domestic surveilance and all
06:58 < precise> I don't want to sound cray
06:58 < SporkWitch> the problem with that hypothesis is that there are far easier ways to get their info
06:58 < precise> SporkWitch: It's not get their info
06:58 < precise> It's their communications
06:58 < Project86__> I've seen some crazy one in ##security too. L ile the guy with the heroin junkie uncle that had 60mil of bitcoin for 5 a piece lol
06:59 < precise> If they use E2E encryption 24/7, then a local keylogger or malware would be needed.
06:59 < SporkWitch> precise: even that, though then we get into the fact that if your adversary is a government and you aren't a government there's really not a whole lot you can do
06:59 < precise> Project86__: So if you run your own VPN server, you need to run it somewhere outside your network. On a VPS or something.
06:59 < precise> You cant just run a OpenVPN on your server and be protected.
06:59 < precise> A VPN is a tunnel, a tunnel needs 2 ends.
07:00 < SporkWitch> and you need to make sure your ISP isn't also the VPS provider's ISP
07:00 < precise> SporkWitch: You make a good point :/
07:00 < precise> SporkWitch: ++
07:00 < precise> And that they don't share data via 3rd partys
07:01 < spaces> Project86__ see it as a remote GW
07:01 < SporkWitch> (not feasible to make sure your ISP isn't in the path between your VPS and the DNS server)
07:01 < precise> Use 4th(?) party DNS server
07:02 < precise> So Me -> VPNn + DNSw/DNSSEC -> VPN Server -> DNSSEC requests
07:02 < SporkWitch> actually, that's silly of me, just use the VPS provider's DNS; any queries it relays would be anonymized by all the other traffic coming out of their network
07:02 < precise> Run a stub on the VPN server?
07:02 < precise> SporkWitch: Nope
07:02 < spaces> precise last time I was on a party I never saw any DNS only POV :P
07:02 < precise> SporkWitch: The DNS request has to know where to send the results.
07:02 < precise> They can match the request to the requestee with the responses destination IP
07:02 < superkuh> Yeah... you never think you're a target then one day the FBI comes knocking hard and breaks in at 6am.
07:03 < precise> heh
07:03 < superkuh> Happened to me in 2010.
07:03 < superkuh> No charges ever. They just stole all my computers, my flatemate's computers, all my media, and left. Never to be heard from again.
07:03 < precise> SporkWitch: That logic would apply to a decentralised DNS network
07:03 < SporkWitch> precise: and? VPN to VPS, DNS sent over the VPN, VPN host relays request to VPS provider's DNS, DNS provider's DNS either replies directly or does a lookup for you
07:03 < spaces> superkuh 6am damn! you can get even a decent sleept in such cases! I would so it @ 4am :D
07:03 < spaces> do
07:03 < SporkWitch> precise: one of us is missing something, but i'm pretty sure it's you, lol
07:03 < Project86__> precise: yes, I am aware of that much, and know I'll eventually need to buy hosting. The tunnel (client) is a portable device I carry. I want communications to remain discreet between the 2
07:04 < precise> SporkWitch: So, in this scenario, is my above flowchart accurate?
07:04 < superkuh> Not that doing silly things like only buying hardware in person would've helped.
07:05 < SporkWitch> superkuh: if you're doing something naughty then that would factor into your threat model.  The assumption unless otherwise specified is that piratebay is the extent of your naughtiness
07:05 < spaces> Project86__ get multiple VM's and let your VPN server send it's DNS requests to your other VM's over tunnel. Use seperate VPS companies for them all
07:05 < superkuh> I wasn't.
07:05 < superkuh> Thus the no charges thing.
07:05 < precise> spaces: Then route everything through Tor
07:05 < precise> ;)
07:05 < SporkWitch> superkuh: that's something else entirely then :P
07:05 < spaces> precise good idea!
07:05 < SporkWitch> precise: i didn't see a flowchart
07:05 < superkuh> It was just the style at the time. Occupy, Wikileaks, all that jazz really got 'em riled up.
07:06 < spaces> damn is it that difficult to watch pr0n these days ?
07:06 < precise> So Me -> VPNn + DNSw/DNSSEC -> VPN Server -> DNSSEC requests
07:06 < precise> SporkWitch: ^
07:06 < spaces> I thought beeg.com was just a simple idea
07:06 < precise> shittyflowchart(t)
07:06 < superkuh> I use multiple VPS but I only set up per-application/use socks tunnels (shadowsocks).
07:06 < precise> SporkWitch: You said use the VPS provided DNS server
07:07 < superkuh> And then use 'em as seedboxes too.
07:07 < precise> You run this VPS?
07:07 < precise> SporkWitch: ^
07:08 < SporkWitch> precise: localhost → VPN → VPN provider's DNS.  Any queries the VPN provider's DNS doesn't have cached would be looked up and lost in all the other requests, nothing tying it to your VPN server.  No point hiding the lookup of the VPN server's address, your ISP is seeing that IP no matter what you do
07:08 < SporkWitch> precise: that is, nothing outside the VPS provider's DNS logs tying you to it, but then we're back in the original boat, since they see all your traffic anyway
07:08 < precise> SporkWitch: Your lookup request to the VPN provider still needs to contain the needed domain
07:09 < SporkWitch> precise: and?
07:09 < precise> SporkWitch: I see what you mean, it's another layer of privacy.
07:09 < precise> This is a VPN service
07:09 < precise> Not a DIY VPS based VPN?
07:10 < precise> *In this scenario
07:10 < SporkWitch> applies to both, assuming the VPN provider offers DNS, but we were talking about openvpn + VPS
07:10 < precise> There is no VPN provider if you role your own
07:10 < precise> You are the provider
07:11 < SporkWitch> as an aside, the strongswan plugin for networkmanager is rubbish, it doesn't allow PSK + username + passphrase for ipsec >_<
07:11 < precise> Ok
07:11 < precise> I like mullvad
07:11 < precise> pls no bant
07:11 < precise> am not shill
07:11 < SporkWitch> precise: like i said, it applies to both a VPN service and hosting on a VPS, assuming the VPN provider offers DNS.  The VPS provider definitely offers DNS.
07:12 < precise> SporkWitch: My scenario was a role your own scenario originally. So you wouldn't want to use your VPS providers DNS servers as those are certainly logged. But VPS' are inherently compromised because you don't even have access to the hardware in most cases.
07:12 < precise> So we are kinda debating over which hole is gonna sink the ship
07:12 < Project86__> Actually thought about using the vms, client being on android in linux deploy. But going thru tor  hops is too slow for my intended needs
07:12 < SporkWitch> *roll (sorry, was bugging me)
07:12 < precise> lol
07:12 < precise> tnx
07:13 < precise> Wait
07:13 < precise> now
07:13 < precise> Role is a verb, to role
07:13 < precise> Roll is a food, a bread
07:13 < precise> Now neither of those look like words
07:13 < precise> fuck
07:13 < Project86__> Roll is also a verb, roll dice
07:13 < Project86__> Dundundunnn
07:13 < SporkWitch> precise: don't spam.  roll is a verb and a noun, role is a noun.
07:14 < SporkWitch> precise: sure, maybe the VPS provider's DNS is logged, but it doesn't matter: they see all your traffic anyway
07:14 < SporkWitch> precise: so okay, you hid the domain name lookup; they still have the IP and can do a reverse lookup
07:14 < precise> Like I said, debating which hole will sink the ship ;)
07:15 < precise> VPSes are inherently insecure.
07:15 < Project86__> This is alot to take in haha
07:15 < precise> heh
07:15 < precise> Project86__: You don't need to do all this.
07:15 < precise> If your threat model is your ISP only, just get a cheap VPN provider. You mentioned a mobile device though?
07:15 < Project86__> I know, I'm just observing and weighing pros and cons of methods
07:16 < Project86__> Ok, so here's the setup... server to client (pi0, or android) and then connecting to client via devices
07:16 < superkuh> I go through my VPS because my ISP attacks and injects malicious code into anything it can.
07:17 < SporkWitch> Project86__: sorry, we're talking at a whole other level than you're working at.  For your needs a VPN service or one you host yourself is sufficient, though i still think it's a waste of effort.  Unless they're really evil and going out of their way (most aren't, it's more trouble than it's worth) simply using another DNS provider is sufficient.  So they get some tracking data from the IPs you
07:17 < precise> superkuh: :/
07:17 < SporkWitch> visit; who cares?
07:17 < precise> SporkWitch: I care :/
07:17 < SporkWitch> it's just not worth it lol
07:17 < precise> It's easy to set up
07:18 < SporkWitch> it has cost and performance implications for such a marginal privacy gain.
07:18 < precise> Just get a VPN service, route DNS through VPN service. $5 a month, shift trust to another party. I don't like most major ISPs, so taking away a billionth of a percent of their profit margin is enough for me.
07:19 < SporkWitch> i do need to look into DNSSEC though
07:19 < precise> SporkWitch: Increased latency by what? 15-30ms? If you game or something its an issue, but for almost everything else its not.
07:19 < SporkWitch> precise: a non-trivial percentage of geeks game :)
07:19 < precise> Unless you are running some <3Mbps bandwidth, the overhead is negligable.
07:19 < SporkWitch> precise: you're also introducing a second point of failure
07:19 < precise> SporkWitch: Most decent VPN providers have clients which offer autofailover
07:19 < precise> Or for the more paranoid, killswitch.
07:20 < precise> They also have dozens of servers in various locations if you get the right one.
07:21 < Project86__> And my router/server will also be portable, so when connected to random APs I don't want them knowing there's a vpn tunnel routing on their network
07:21 < precise> Project86__: You can get VPN clients for Android and iOS to pair with most reputable VPN services.
07:21 < SporkWitch> point stands even with that; if you're that paranoid then failover is not an option
07:21 < SporkWitch> android also supports ipsec natively
07:21 < precise> SporkWitch: Yup, but in this case, I don't think Project86__ is.
07:21 < precise> SporkWitch: ++
07:22 < SporkWitch> (it's actually really annoying: android supports the ipsec implementation in the stock asus ac-3100 firmware, but i can't get it working in networkmanager lol)
07:23 < precise> Also, to the gaming point. It may not be in Project86__'s reach or desire to do, but if you can identify what ports said games use, you can route those ports at the gateway to your regular WAN link.
07:23 < Project86__> I'm not paranoid, just like to be a step or two ahead.
07:23 < precise> Project86__: I know :)
07:23 < precise> I'm the paranoid one here.
07:23 < precise> ;)
07:24 < Project86__> Lol
07:24 < precise> The above point is assuming uncommon ports, or possibly route by destination.
07:24 < precise> Which would make more sense...
07:25 < precise> Ok, it's 1:30AM localtime, Imma sleep. SporkWitch Thanks for the lively conversation. Project86__ Best of luck :) superkuh Get yourself a lawyer ;)
07:25 < superkuh> 'night. It was 2010.
07:25 < Project86__> precise: thanks for the gaming tips fam ;)
07:26 < precise> np
07:30 < Project86__> Now time for a blunt, and to dig back in this project. Ttyl guys
07:34 < SporkWitch> precise: have a good one, mate
07:41 < Curiontice> What is the alternative for OSPF's ECMP load banalcing?
07:48 < Project86__> SporkWitch: something just popped in my head.  Like precise was saying earlier, you cant just run VPN server on machine and be connected without a client to tunnel to.....BUT... what if you configured a WiFi dongle as it's own AP (and VPN client), if later is possible. In this hypothetical, could server and client safely be the same machine?
07:48 < Project86__> Or server on local, and vm as client AP? (That one sounds like it makes more sense)
07:48 < Project86__> SporkWitch: something just popped in my head.  Like precise was saying earlier, you cant just run VPN server on machine and be connected without a client to tunnel to.....BUT... what if you configured a WiFi dongle as it's own AP (and VPN client), if later is possible. In this hypothetical, could server and client safely be the same machine?
07:49 < SporkWitch> Project86__: you have it backwards; the client needs a server to connect to.  As to the rest, think it through: how is the traffic leaving the LAN?
07:50 < linux_probe> sounds like they made a new loopback lol
07:50 < linux_probe> or a very complex loopback
07:51 < linux_probe> lmao, nothing like 127.0.0.1 / localhost
07:51 < Project86__> Oops, I wrote it backwards, but I knew what i meant lol. And shit... You're right. Scratch that theory
07:51 < Project86__> Haha
07:52 < linux_probe> IRL you could do vpn server on a VM host machine and vpn client on the guest
07:52 < SporkWitch> doing so would be pointless, mind you lol
07:52 < linux_probe> mostly yes
07:52 < Project86__> Lol
07:53 < linux_probe> or from one guest to a second
07:53 < Project86__> Ok ok, let's not bash the n00b too hard lol
07:54 < SporkWitch> no one's bashed you; you've asked reasonably good questions, shown initiative, and though it occasionally takes a little prodding, exercised critical thought.  Trust me, we could use more like you lol
07:54 < Project86__> SporkWitch: thank you, I'm trying my best to learn from scratch
07:54 < SporkWitch> everyone has to start somewhere
08:04 < Project86__> I'm already learning. I was about to ask if making the vm the OpenVPN setup as a cloud service on wlanX, and using a proxy to change "who you are" on wlanY as client, if that would do the trick. Thought aboutnit, same problem..same LAN lol
08:05 < SporkWitch> Project86__: yup; no matter what you need to use a VPN to securely send the traffic somewhere your ISP can't monitor it; they'll see the VPN traffic, but not the content you send over it
08:05 < SporkWitch> Project86__: all they see is encrypted payloads in UDP packets to the VPN server's IP
08:07 < Project86__> Cool. That's good enough for me for now. That second part was part of what I wanted to circumvent, the isp knowing my VPN ip
08:08 < SporkWitch> there's no way around that
08:09 < Project86__> Was hoping to hide that too. Heard that's what dns was for
08:09 < SporkWitch> the traffic still has to go through them
08:09 < SporkWitch> no, DNS turns a domain name into an IP; you cannot communicate on the internet without a source and destination IP, so no matter what they will know, at a minimum, the IP of the VPN server
08:10 < Project86__> Can I obsucate it? Make it look like a different VPN ip? Or something else entirely?
08:10 < Project86__> I read what dns does, but people say changing it to like 9.9.9.9 or 1.1.1.1 makes it go faster and hides ur from isp?
08:12 < m1KeY_> https://dns.watch
08:12 < Lucretius> hey, not sure if this is the right channel to ask this
08:13 <+pppingme> Project86__ faster may or may not be true, hides you from isp is absolutely not true
08:13 < Lucretius> i returned to my home after a few months i found an open public wifi, do they know which site i browse or videos i watch on youtube or similar?
08:13 <+pppingme> why are you worried about hiding from your isp?
08:13 < Lucretius> since isnt mine i want to use it but im worried
08:13 < Lucretius> i now by seeing the router they see that im connected
08:13 < SporkWitch> Project86__: if you did that with a letter, what would happen?
08:13 < Lucretius> *know sorry
08:13 < linux_probe> lol
08:14  * linux_probe checks to see if Lucretius is my neighbor
08:14 < SporkWitch> Lucretius: you're on their network, they can see whatever you send over it
08:14 < Project86__> m1KeY_: thanks for link
08:14 < Lucretius> also sites and whatever?
08:14 < Project86__> SporkWitch: very good point
08:14 < Lucretius> i dont think so that one
08:14 < Lucretius> only the bandiwdth used if not mistaken
08:14 < at0m> Lucretius: SSL sites (https://) will only show the website you're on, and the amount of data your pulling in
08:15 < Lucretius> ok
08:15 < Project86__> SporkWitch: I'd send it from someone else's address, or just write a fake name with no return adress
08:15 < linux_probe> mine must think I like guns, women, booze,  mainly
08:15 < SporkWitch> Project86__: and then how does it get back to you?
08:15 < Lucretius> the line is ok i tesed it 10mb down and 9 ms ping
08:15 < Lucretius> tested*
08:16 < Project86__> Ahh
08:16 < SporkWitch> [02:14:23] <SporkWitch> Lucretius: you're on their network, they can see whatever you send over it
08:16 < linux_probe> then mix in all the various youtube, plumbing, electrical, hvacr
08:16 < Project86__> Then use someone else's address that will tell me when I get a letter in the mail to get
08:17 < Lucretius> ok thanks for the heads up
08:17 < SporkWitch> Project86__: perfect.  That person is the VPN host
08:18 < Lucretius> i see is a public network, they left it open as intended not by mistake tough
08:18 < Lucretius> i should be fine if i not abuse it
08:18 < SporkWitch> [02:14:23] <SporkWitch> Lucretius: you're on their network, they can see whatever you send over it
08:18 < Project86__> SporkWitch: I like your examples lol
08:18 < Lucretius> just light streaming and browsing for pass time
08:19 < SporkWitch> Lucretius: not necessarily; the laws are changing in some places.  Last I heard, that braindead judge that ruled that radio isn't radio hasn't been overturned, which means even open access points fall under wiretapping laws in the US if you use them without permission
08:19 < Lucretius> im in europe
08:20 < skyroveRR> So?
08:20 < at0m> Lucretius: same here. the network should be explicitly "open". but your chances are small they'll file complaint.
08:21 < at0m> explicitly, i mean, advertised as being open to anyone to use
08:21 < at0m> like in a coffeeshop
08:22 < at0m> even visiting a web page that isn't explicitly made public falls under "unauthorized computer access"
08:25 < Lucretius> thanks for the information later
09:00 < Project86__> Wiretapping for monitoring an open network? Jesus
09:01 < SporkWitch> Project86__: like i said, that ruling was retarded.  It effectively declared radio to not be radio
09:01 < Project86__> If they are willingly, against advises notifications, to NOT lock the network, they should be completely at fault
09:02 < Project86__> On what grounds is radio not radio??
09:02 < SporkWitch> Project86__: not even that, the law was already clear: nonsecured radio broadcasts are not private
09:02 < SporkWitch> Project86__: the ruling completely ignores that and classifies 802.11x without any security as "not a radio broadcast"
09:03 < SporkWitch> because open radio broadcasts aren't private; you're welcome to listen.  it's not even a hard thing to get around, even something as simple as PL codes, like some cheap walkie talkies have, meets the definition of security and makes the wiretapping laws kick back in
09:03 < Apachez> is it sending data over the air (eter)? then its a radiotransmitter
09:03 < Apachez> well we can go into freqs too
09:04 < Apachez> to rule out "lighttransmission" and stuff like that
09:05 < Project86__> Wait wait, so if 802.11 is NOT a radio broadcast, then how can one get in trouble for monitoring "nonsecured radio broadcasts" (that aren't radio)?
09:05 < at0m> SporkWitch: in US? here, it doesn't matter weither your garden is walled or not. threspassers threspass.
09:06 < at0m> be it unsecured wifi or netfacing website that isn't advertised
09:07 < Project86__> I smell some malarkey here
09:07 < SporkWitch> at0m: the scope was confined to the US earlier, yes.  the ruling in question was specifically over google recording non-secure 802.11x traffic, which is VERY clearly public under the law, as it's a non-secure radio broadcast.  The ruling completely ignores that and declares 802.11x radio broadcasts to be private; in short, you are not allowed to hear someone shouting into your ear
09:08 < at0m> but they're allowed to streetview your frontgarden eh. indeed a lil odd.
09:08 < Project86__> The level of retardation in that concept amazes me lol
09:09 < at0m> in practice, nobody will file complaint. but i just might sue gf's ex cos i can (suspected he was reading her emails, so i emailed her links to letters on my webserver instead of emailing her the full txt's. he delivered by visiting, though my pages had been removed)
09:10 < at0m> (he had also broken in to my house, twice, so yea he's a liability)
09:11 < Project86__> Use his id in several PayPal and credit card scams online. Game over lol
09:12 < Evidlo> do a murder on him
09:12 < Project86__> Should have had malware in those emailed links
09:12 < Project86__> Get in his machine
09:12 < Project86__> And do murder
09:13 < at0m> /o\
09:14 < Evidlo> send malware, then do a murder Law Abiding Citizen style
09:14 < Project86__> ^
09:14 < Project86__> Best style
09:15 < Project86__> All Punisher like
09:15 < at0m> i aint killing anyone. he might be stronger, i'm better with puters. might just get him a record, plus have his company phone records requested. his boss won't like.
09:16 < Evidlo> hack his computer and make it explode
09:16 < Project86__> Or just sign up for a bunch a gay sites with his credentials from his machine. Buy dildo in bulk, some wigs and make-up, all with his card. Screenshot the orders, post em on his social media...the works lol
09:17 < at0m> i don't plan on getting involved with him too much, and let the cops deal with that.
09:18 < at0m> but just giving an example of where prosecution may happen when folks "unauth access" to open computers or networks.
09:20 < at0m> as where mostly, those who don't publish open networks to be available to the public, wouldn't care for other people using the open wifi or non-pass protected non-published web pages.
09:20 < at0m> but strictly speaking, that's unauth'd access.
09:55 < Project86__> I had read somewhere (possibly on one of the irc channels), talking about making certain directories mountable, and unmounting it when connecting online (for extra safety). I can't recall the convo though, would you only want to encrypt and unmount the home direcory?.. Or how far up can you go and still have things work?
09:56 < Apachez> dunno what that would actually help for
09:56 < Apachez> sure you cant access whats not mounted
09:56 < Apachez> but if you got a 0day in your browser this 0day could mount stuff anyway
09:56 < Apachez> so physical separation is the only thing thats count
09:57 < Apachez> also you are expected to remount these partitions after you quick browsing?
09:57 < Apachez> how do you know that there is no 0day still running in memory waiting for you to remount?
09:59 < Project86__> You basically just unmount your important stuff in case someone gets in and is browsing I guess? Idk. I think they just said the home directory. And yes, unmount when online, when off, remount. Supposed to protect your saved work or something?
10:00 < Project86__> Like if you had really sensitive data in a subdirectory maybe? Not sure
10:00 < Project86__> It seemed to make sense
10:00 < at0m> until browser javascript mounts it again?
10:01 < Project86__> The browser still sees it?
10:01 < at0m> let alone sudo without pass
10:01 < Project86__> They were talking like it's some common thing and how to do it right
10:02 < Apachez> the thing is that makes very little sense
10:02 < Project86__> Didn't think of sudo without a pass part..
10:02 < Apachez> first off your browser depends on your home directory
10:02 < Apachez> so if you want to browse unsafe stuff use a dedicated box with no sensitive data on it
10:03 < Apachez> or better yet not even a harddrive
10:03 < Apachez> boot from a dvd or such
10:03 < Apachez> webconverger.com
10:03 < at0m> tails.iso
10:03 < Apachez> whatever floats your boat
10:03 < Apachez> webconverger doesnt seem to have the bad stuff whcih tails have had during the years
10:04 < Apachez> and was more quick to update
10:04 < Apachez> anyhow use physical separation
10:05 < Project86__> Exactly, that was the other argument Apachez ,whether it's better to just not have a hard drive. I thought that unmounting it made it look like it didn't exist or something. (On linux btw)
10:06 < SporkWitch> precise: you gave me a hard time for the tin foil warning; he's proving me justified :P
10:08 < at0m> Project86__: well, the "looks like" is where you subscribe to the obfuscation part of not mounting
10:08 < SporkWitch> Project86__: you're on linux, the security is great and it's less of a target anyone.   no one gives a shit about you.  your proposal is marginally effective and massivelly inconvenient
10:08 < SporkWitch> s/target anyone/target anyway/
10:09 < SporkWitch> Project86__: i mentioned threat modeling earlier, you need to look into it.  Also consider the CIA principle of security: https://www.techrepublic.com/blog/it-security/the-cia-triad/
10:11 < SporkWitch> actually, i don't like that link, because it ignores usability, which is an essential component of the A
10:12 < Project86__> I was just about to open it too
10:14 < SporkWitch> it's still decent, it just doesn't cover the most important point i was trying to make lol
10:17 < SporkWitch> bah, not finding one i like.  In any case, one of the most important parts of Availability is USABILITY.  Many things you do to secure something make it more inconvenient to use.  If you make it too inconvenient, your own users will circumvent security by doing things like setting batteries on the keyboard to prevent it locking and putting passwords on postits (the former I actually saw done in a
10:17 < Apachez> Project86__: again, unmounting wont help
10:17 < SporkWitch> secure facility once; huzzah politics, i was the one that got in trouble for reporting it)
10:17 < Apachez> doesnt mean you cant unmount if you want to
10:17 < Apachez> but it doesnt give you the security you imagine
10:18 < Apachez> that cia triad is actually a cial square
10:18 < Apachez> logging is often missed in that
10:19 < SporkWitch> Apachez: logging falls under integrity, but it's really too low level for the concepts CIA addresses.
10:19 < Project86__> Maybe it was the whole home directory anyways, could have been Documents folder. Where you have important details of new projects..idk lol
10:19 < SporkWitch> the CIA triad is a high-level concept of what goals a security policy strives to achieve, not a low level description of implementation and components
10:19 < Project86__> *maybe it WASN'T
10:20 < SporkWitch> Project86__: as already stated, in your compromise scenario you're boned the next time you connect
10:36 <+catphish> morning
11:27 < skyroveRR> Afternoon catphish
13:18 < Alina-malina> is it possible to scan .onion servers with nmap?
13:18 < ethicalhacker> lmao
13:20 < needle> just do it
13:20 < ethicalhacker> use tor and proxy chains
13:20 < Alina-malina> needle, nmap: nsock_core.c:1258: nsock_pool_add_event: Assertion `nse->iod->sd >= 0' failed.
13:20 < Alina-malina> Aborted (core dumped)
13:21 < needle> so it looks like it would then not work.
13:21 < needle> I never tried this out, I thought it would handle .onion like any other DNS name
13:22 < Deknos> is there a portmapper/proxy software for my internetserver which accepts ipv4 connections and reroutes them to an ipv6 connection (with a possible different port)? i know there are services, but i kind of want to install it on my vps :)
13:23 < needle> Deknos: how is that supposed to work, IPv4 and IPv6 are different address families
13:23 < needle> If a host does not "speak" IPv6 what it would be good for?
13:24 < needle> It would never be able to connect to the "rerouted" IPv6 service.
13:25 < needle> on different TCP/IP socket
13:26 < Deknos> well, there seem to be services, which translate protocols on the higher level between ipv4/v6 (sixx did this, or?) or do i misunderstand sth here?
13:27 < Deknos> ah, someone said 6tunnel :)
13:28 < needle> Sorry i have misundestood your question then.
13:31 < detha> Deknos: for tcp connections, pretty sure relayd could do that
13:31 <+catphish> Alina-malina: if you configure nmap with a socks proxy it should worl
13:32 <+catphish> (specifically the tor socks proxy)
13:33 <+catphish> Deknos: you can definitely do what you want with haproxy
13:53 < mawk> Alina-malina: for applications not supporting proxies you can use a transparent proxy
13:53 < mawk> and permit your whole LAN to resolve .onion
13:53 < mawk> it's pretty cool
13:53 < mawk> it makes the tor router map addresses in some 172.16.0.0/12 network to .onion as soon as you try to resolve them using the special tor dns server, then when the router detects a connection to that range it sends it to Tor transparently
14:57 < lucido> Hi, I'd like to set up a wifi network where I have per client authentication based on Azure AD. Will WPA2 Enterprise work with Azure AD authentication?
14:58 < mawk> probably with some kind of adapter
14:59 < mawk> or even without
14:59 < mawk> research it a bit
14:59 < lucido> basically the target is that my windows 10 pro clients can connect to wifi with SSO
14:59 < mawk> yes
15:03 < djph> sure, WPA-Enterprise + RADIUS auth against a LDAP / AD backend is pretty common.
15:04 < djph> Not 100% sure if AD has RADIUS built-in, or if it's another component of a Win-Server installation.
15:04 < lucido> djph, problem is I have no LADP/AD backend, all I have is Azure AD
15:04 < djph> "Azure AD" is still Active Directory
15:05 < tester> is there something like traceroute, but that would show me physical hardware in the way? for example, i could tell pc connects to switch1, then switch2, then routerx, then routery, or something?
15:05 < lucido> there is a complicated solution that someone tried out, but I dont understand it AzureAD + AADDS + NPS VM on Azure
15:05 < lucido> from https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/8816272-authenticating-wireless-access-points-radius-thr
15:05 < tester> specifically for the route between two nodes in the same local network
15:05 < djph> lucido: "LDAP / AD" is just "LDAP or AD" (didn't mean you needed two separate setups)
15:06 < lucido> djph, I have neither with Azure AD
15:06 < djph> lucido: I'm sorry, you don't have Active Directory with "Azure AD"?  ATF!?
15:06 < djph> *WTF!?
15:06 < lucido> I know
15:06 < dogbert2> heh, djph
15:07 < djph> the goddamn fuck is "Azure AD", if not "Active Directory"?!
15:07 < tester> a way to make money, doh
15:08 < djph> tester: You'd probably need something to read the target MAC addresses -- but even that probably won't tell you which switches it hits, since a host doesn't send "to its switch"
15:09 < djph> lucido: apparently, your correct course of action is (1) tell whoever moved to azure that he was a fuckwit, then (2) reinstall local servers that actually run services you need, rather than marketing buzzwords.
15:09 < varesa> AAD is a very limited version of AD, IIRC not structured but a flat hierarchy of users/groups
15:10 < varesa> So AD but not exactly :)
15:10 < djph> ew, and people *pay* for this reduced functionality, when they've already been using "proper AD"?
15:10 < tester> djph ultimately i need to reorganize the cabling and move some devices to a new faster switch, but i rather figure out what goes where using software and not following cables :/
15:10 < tester> am i out of luck?
15:11 < djph> tester: why bother with the cabl... ohh, you're in one of those places that the switches don't know where they are (should be) going?
15:12 < varesa> IIRC the full cloud AD is called "AD DS", while AAD is the lighter version
15:12 < djph> tester: way I've done it in the past is that switchport gets panel/port# as a description.
15:12 < tester> djph it's a mess. not too bad because it's only like 10 devices, but it's a mess. there are 2 uplinks, a couple of models, a router, switches behind it
15:12 < varesa> You can't join devices to AAD either
15:12 < lucido> djph, we never had an ad, Azure AD came default with Office 365. I'll try https://azure.microsoft.com/en-us/pricing/details/active-directory-ds/ and connect to it from my fpsense radius server
15:13 < djph> well, at least it was free.  Maybe this is the point where you put on your bigboy pants and start running things in-house.
15:13 < djph> s/free/"free(tm)"/
15:15 < djph> tester: hmm, wait, all 10 links are uplink / downlink to other network infra, or it's 2x uplink + 8x hosts (presumably workstations)?
15:16 < lucido> I'll try azure active directory services for 100/month before I deploy a local AD. I have multiple geographical locations and crap network connection
15:17 < djph> Your call.  But asking a REMOTE AD server over that "crap network connection" is going to have more downsides than asking a local AD server...
15:18 < djph> at least in the site with the AD server.  remote sites may well still be crap
15:18 < dogbert2> brb...
15:19 < lucido> I know, but at least I can rely on the cloud AD being available
15:20 < lucido> if I get a power or ISP outage, then the other locations are not affected
15:20 < lucido> I guess I could solve that with multiple local ADs too
15:20 < lucido> I mean DCs
15:29 < djph> or backup power / ISP connections
15:32 < badsekter> I have a tablet that keeps losing wi-fi and reconnecting in every couple minutes
15:32 < badsekter> is that bad for my modem?
15:33 < djph> no
15:34 < djph> although it *MAY* indicate that the Access Point is having trouble.
15:34 < badsekter> djph: thanks
16:24 < lucido> if I have a VPN in Azure that I connect to from two sites, then can the traffic be routed directly between the two sites or does it have to go trough Azure?
16:24 < djph> thru azure
16:25 < lucido> is there a way to bypass azure?
16:25 < lucido> establist a dirsct connection maybe
16:26 < lucido> I guess that depends on routing
16:26 < djph> sure, dont use azure as your VPN concentrator.
16:28 < dogbert2> hey djph
16:29 < djph> yo dogbert2
16:29 < dogbert2> gonna pick up a pair of toshiba 6TB drives for my NAS (can get them at frys)
16:30 < dogbert2> click image to see larger view
16:30 < dogbert2> Toshiba N300 6TB 3.5" NAS Internal Hard Drive - SATA 6.0Gb/s 7200 RPM 128MB Cache
16:30 < lucido> are there any wpn powered 5 port switches?
16:31 < lucido> dogbert2, how much?
16:31 < dogbert2> $175 apiece
16:31 < dogbert2> you can get VPN in the switch, you'll pay, and how often do you use it is the question? :)
16:31 < Apachez> dogbert2: why not 10TB drives while you are at it?
16:32 < dogbert2> Apachez...I've been reading some poor reviews on 10/12TB drives, even though the DS218+ can handle 'em
16:34 < Apachez> works fine here
16:35 < dogbert2> YMMV :)
16:37 < djph> "wpn powered"?
16:37 < Apachez> electricity powered
16:45 < lucido> djph, sorry poe powered 5 port switches
17:02 < ca_cabotage> hey all, I'm using unbound for DNS and was wondering if there is a way that i can config Unbound to use an outgoing port that is not 53?
17:03 < Apachez> doubt that
17:03 < Apachez> porr 53 is the dns port
17:04 <+catphish> ca_cabotage: dns servers will only respond on port 53, so no
17:04 < tds> you could probably change the outgoing port with a NAT rule if you really wanted to
17:04 < tds> as others have said though, that's not especially useful
17:05 < ca_cabotage> so if running multiple DNS servers on a network just both go out 53?
17:06 < Apachez> or PAT rule
17:06 < Apachez> since NAT only operates on src/dstip
17:06 < tds> yeah, I always forget to say that :)
17:06 < tds> I generally just assume that NAT means NAPT/whatever, even if it doesn't really
17:07 < patientplatypus> ive updated my stackoverflow question if anyone has any ideas they could add https://stackoverflow.com/questions/50195896/how-do-i-get-one-pod-to-network-to-another-pod-in-kubernetes-simple
17:08 < Apachez> whats a pod?
17:11 < Forst> ca_cabotage: defaults should work fine, connection tracking on the NAT should do all the magic
17:16 < mervin> hey. I need to enable ntp on a network used for a project, network made of two L3 switches and a SRX cluster with two fw's. I'm wondering what a 'best practice' design might look like. I'm thinking on having one device connected to a public NTP and serving also as NTP server for other devices in my network. any thought on this would be greatly appreciated.
17:16 < grawity> ca_cabotage: you can for explicit forwarders or stub hosts (using ip@port syntax), but not for general recursion
17:17 < grawity> or... was it port@ip? I can't remember.
17:17 < Peng> mervin: Can you have 3-4 NTP servers
17:17 < xingu> mervin: four is a good number of ntp things.
17:18 < grawity> four NTP servers seems a bit overkill
17:18 < xingu> mervin: ntp falseticker will eliminate one wobbly thing; three survivors will largely prevent pingponging between most and next most credible source
17:19 < Apachez> why would 4 be a good number?
17:19 < Apachez> 3 seems better
17:19 < xingu> ^^
17:19 < xingu> feel free to repeat the science, just don't do it anywhere near a network I care about.
17:19 < mervin> :))
17:20 < mervin> hi guys
17:20 < Apachez> well if you have 3 servers and one went mayhem the other two will have similar time
17:20 < Apachez> if you have an even number of servers you cant tell which time is correct
17:20 < mervin> first thing I'm considering is the contact to outside world...
17:20 < xingu> Apachez: the problem is that the downstream will pingpong with two survivors
17:20 < Apachez> nope
17:20 < mervin> and that's why I said to have only one device connected to outside world and others...
17:20 < Peng> xingu: But with 4, you can ping pong between 2 pairs of 2
17:20 < Apachez> not if these two have equal time
17:20 < mervin> connected to this one
17:21 < Peng> So, 5
17:21 < Apachez> if you got 4 servers and 2 of them went bogus you got yourself a pingpong situation
17:21 < Apachez> so even number of ntp servers is the prefered one
17:21 < Apachez> err
17:21 < Apachez> odd :)
17:21 < Apachez> like 1, 3, 5 etc
17:21 < Peng> I think 3 has disadvantages
17:21 < Peng> Well, I think 3 doesn't have advantages
17:22 < Apachez> with 1 server you will just have to accept the time it sends you
17:23 < Apachez> with 2 servers you can take the average of the two of them
17:23 < grawity> and if that's a server you manage, probably not gonna be a problem
17:23 < Apachez> the problem you have is that you cant tell which of these 2 is the most correct
17:23 < grawity> as long as the server itself has enough upstreams
17:24 < Apachez> if you got 3 then its as with 2 the average of the three of them, if one goes rogue you can tell because the other two will have similar time while the 3rd doesnt so you can ignore the 3rd server
17:24 < mervin> hey
17:24 < Apachez> then with 4 its the same situation as with 2... if one goes rogue you can tell but if two goes rogue at once you cant
17:24 < Apachez> like 2 servers says 12:00 and two says 13:00
17:24 < Apachez> which one is the correct?
17:24 < mervin> why would I need more than a server anyway
17:24 < mervin> HA ?
17:24 < Peng> mervin: Yes. In case it's down or wrong.
17:25 < mervin> ntp doesn't require that much of attention as I need it only for correct timestamp in logs
17:25 < Peng> You'll regret neglecting it if it's down or wrong.
17:25 < mervin> why? will it set a bogus time?
17:25 < grawity> why would it be wrong
17:25 < mervin> its down, ok, leave the clock as it is
17:25 < mervin> untill its up again
17:25 < mervin> isn't it like this ?
17:25 < Peng> Clocks don't stay as they are.
17:25 < Apachez> time on its own doesnt skew that much
17:26 < Apachez> unless you are heavy on vm guests
17:26 < grawity> I mean, this isn't about relying on a single *third-party* server or anything like that
17:26 < Apachez> they can skew 2 weeks in one real day
17:26 < Peng> Apachez: Don't use terrible VM platforms?
17:26 < Apachez> so having lets say 3 ntp servers (and 3 sources too) is not only redundancy but also give a statistical way for the ntp client to determine what the true time is
17:26 < Apachez> Peng: most vm plattforms have this issue
17:27 < Apachez> specially when you have "green" and shit involved
17:27 < Apachez> cpucycles goes up/down etc
17:27 < Peng> Apachez: I couldn't say, I just use KVM and Xen.
17:27 < mervin> as you say it, its better to have it set manually
17:27 < mervin> :))
17:28 < Forst> isn't syncing time with the host going to eliminate the vm problem? since the host has a proper rtc
17:29 < Apachez> Forst: thats one way to deal with that, but then you must have drivers for this installed in the vm guest and enabled this at the vm host
17:29 < Forst> that doesn't seem like a big problem to me tbh, especially if there are prebuilt packages for that
17:29 < Peng> You also have to trust that the host is correct.
17:30 < Apachez> well welcome to my world :P
17:30 < Peng> Which is fine when you're running it, but less reliable on [random VPS company]
17:30 < Forst> sync the host itself via ntp, of course
17:30 < Peng> Right right
17:30 < Apachez> hyperv seems to be the worst option when it comes to these things
17:30 < Forst> true, but I think the original question was about a self-hosted situation
17:31 < Apachez> if you dont have the hyperv driver for their nic you are stuck with some decnet 100Mbps virtual nic
17:31 < Apachez> compared to many other vm engines who uses intel pro nics as exposed to the vm guests
18:13 < ben______> Sorry for the noob question; How can i tell if my networkcables are "slow ones" without looking at them?
18:13 < djph> ben______: "slow"?
18:13 < ben______> I mean, can i tell by looking at which lights lite up on the switchport?
18:14 < djph> no
18:14 < Emperorpenguin> depends
18:14 < djph> you can tell whats been negotiated
18:14 < Emperorpenguin> ben______: you meen 100m or 1g?
18:14 < djph> e.g 10/100 vs. gbit
18:14 < Emperorpenguin> some switches light the LEDs up differently
18:14 < djph> but, that wont tell you about the *cable*
18:15 < ben______> Im new to networking,. Once i changed on of my cables and it started working much faster.. i don't know if it was because it was cat5 ?
18:15 < SporkWitch> if it's managed, it'll probably tell you the link quality as well; even my SOHO Asus routers will tell you whether the device is running 10/100 or GBE
18:15 < djph> "maybe", or a bad cable, or ...
18:16 < ben______> Emperorpenguin: yes i mean the colors of the switch.. what they mean. I don't know where to troubleshoot.
18:16 < djph> i mean, if the cable is "regular" cat5 (which hasnt been around in AGES) is 10/100 only, iirc.
18:17 < djph> read the switch manual for what they mean.  but also look at whats plugged in -- e.g. if the deviceis only 10/100 ...
18:17 < SporkWitch> correct
18:18 < ben______> I have got pretty modern network gear, but the fastest file transfer speed i get on my lan is round 40MB/sec  is that normal on a gigbit network with machines with SSD disks?
18:18 < djph> fir most consumer kit, yes.
18:19 < ben______> ok, thanks djph. Good to know
18:19 < Dagger> I can manage 80-90 MB/s just fine between two Linux machines...
18:19 < Dagger> yet I'm lucky if I can manage 40 MB/s to my Windows (XP) machine
18:19 < djph> i mean for "consumer" PCs, etc.  the *network* may still be qble to handle faster.
18:20 < tds> if you're concerned that the network is the issue, you can always test just that (and eliminate things like disk bandwidth) with iperf
18:20 < djph> ugh, damn this phone kb.
18:21 < ben______> I've heard about iperf yeah. it needs a serverside and client right?
18:21 < djph> yep, though its just options when running it
18:22 < tds> yes, though iirc iperf3 will test in both directions when you run it
18:23 < SporkWitch> djph: swiftkey is your friend
18:23 < ben______> Dagger: how do you send files at 90MB /s?  And why would winXP be slower?
18:24 < SporkWitch> ben______: because Windows' network stack is horrid and tacked onto that single-user operating system as an afterthought
18:24 < ben______> Is SMB / windows filesharing slow?
18:25 < ben______> SporkWitch: mm whats what a friend of mine at IT said once. I never understod why though. He said win machines produce alot of garbage packets on the lan?
18:25 < SporkWitch> ben______: that's more to do with the proprietary stuff like NETBEUI
18:26 < SporkWitch> windows hosts are NOT quiet neighbours
18:26 < djph> SporkWitch: no workie with connectbot
18:26 < ben______> SporkWitch: ok. Is that just related to old winXP or newer win10 too?
18:26 < ben______> ok
18:26 < Dagger> sshfs or NFS. in fact I bet samba would work at that sort of speed between two Linux machines
18:27 < SporkWitch> djph: working fine here...
18:27 < djph> ben______: win in general is slower, thanks to SMB,etc.
18:27 < Dagger> XP only supports SMB1 though, which might be related to why I never get decent speeds to that machine
18:27 < djph> SporkWitch: hmm, maybe i goofed something again
18:28 < SporkWitch> djph: dunno; i installed connectbot again the other night, hadn't used it yet, so when you said that i started it up and opened a local shell, swiftkey working fine
18:28 < grawity> when copying large files, SMB3 between Server2012 saturates 1 Gbps with no problems
18:28 < djph> SporkWitch: yup, i probably broke something
18:28 < SporkWitch> djph: been using juicessh for a while now, much nicer, though it's paid.  I reinstalled connectbot to keep an eye on it and wait for them to merge the pull request from openkeychain adding support for auth keys
18:29 < grawity> juicessh is nicer as long as you don't use mosh (terminal bugs) or in general expect any updates :(
18:29 < SporkWitch> (hopefully they add support in password-store as well; really had needing to set up client keys when i have perfectly good yubikeys holding my main keys)
18:30 < ben______> Regarding the consumer network hardware. I have two Netgear GS108T (managed) switches and one GS105( unmanaged  )  is 40MB/s as fast as they can do?
18:30 < SporkWitch> grawity: i never ran into any issues with its mosh implementation, though in fairness i've not used mosh in a long while.  i set up my zsh to automatically launch/attach-to-running tmux session and disconnect by detaching
18:30 < grawity> SporkWitch: well
18:30 < djph> ben______: test w/iperf
18:30 < grawity> weechat in tmux in mosh
18:30 < SporkWitch> s/had needing/hate needing/
18:30 < grawity> is *horribly* glitchy with current juicessh
18:31 < SporkWitch> grawity: that seems unnecessary; why combine tmux and mosh?  why not just ssh and tmux?
18:31 < ben______> djph: ok. i'll test with iperf tonight.
18:31 < grawity> SporkWitch: for faster / more transparent roaming
18:31 < grawity> I don't want to reconnect every time
18:31 < SporkWitch> grawity: that's what i suspected; makes sense.  How is mosh these days?  Like i said, haven't used it in a couple years
18:32 < grawity> especially when I'm working *with* the network, and enjoy transparently roaming between LAN and 4G whenever I break routing or something
18:32 < grawity> mosh is decent, in general
18:32 < grawity> development seems to have slowed down to near-zero though (so stuff like agent-forwarding isn't merged afaik)
18:32 < grawity> but current state works well enough
18:33 < ben______> Im also wondering. Is it possible to share my LAN at my house with my girlfriends LAN over the internet?  I was thinking shareing SMB over a SSHtunnel?
18:33 < grawity> only juicessh has a particularly bad combo of buggy terminal emulation and old mosh
18:33 < grawity> which affects even SSH, only to lesser extent
18:33 < grawity> ben______: yeah just set up a VPN
18:34 < grawity> SMB is just tcp/445, but there are some things that make it inconvenient to ssh-tunnel
18:34 < grawity> like Windows not accepting a port specification
18:34 < ben______> grawity: mm, VPN isn't easy to setup though, and I think it will force my whole laptop to use the VPN?
18:34 < grawity> uh, no
18:35 < grawity> if you want everything to go through VPN, push a default route
18:35 < grawity> if you don't want it, don't push a default route
18:35 < ben______> "push a default route"?
18:37 < grawity> generally VPN software let you choose what to route through the VPN... the same way as regular LAN routes work
18:38 < grawity> if you don't add a route that makes everything go through the VPN ... then it won't go through the VPN.
18:41 < routingloop> ran into a problem with pushing a default route to a client laptop the other day
18:42 < routingloop> seemed like the local endpoint routing table was preferring the local LAN for anything 10.0.0.0/8 because someone decided that was a good netmask to use on the wireless
18:42 < routingloop> so anything the client tried to reach starting with 10.x.x.x flooded onto the LAN instead of over the vpn tunnel adapter
18:43 < routingloop> still not sure why the coffee shop wifi the user was on decided to use a /8
18:45 < grawity> kind of a general problem with IPv4 :(
18:46 < routingloop> yeah
18:46 < routingloop> unfortunately we don't have even a long term "let's enable ipv6" plan where I work
18:47 < grawity> we almost had the opposite problem at work
18:47 < routingloop> they're fine with ipv4 and in some departments disable ipv6 on standard imaged laptops
18:47 < grawity> we *do* have IPv6, but some employees have to VPN into an external government-ish service, and the VPN client disables IPv6 while connected because Cisco thought that's not stupid at all
18:48 < grawity> screwing up all LAN access while connected
18:48 < grawity> (fortunately the same service has access via "web VPN" so we don't have to use the client...)
18:50 < ben______> Another question: For those who are alittle paranoid, how have you setup your mobile phones? do you run another OS like sailfish or lineageOS?
18:50 < routingloop> and you don't manage the external government-ish vpn?
18:50 < routingloop> or is it a cisco feature
18:50 < grawity> we just have client access to that
18:50 < grawity> and it's a cisco feature, yeah
18:53 < routingloop> im not paranoid anymore, it was too much mental energy wasted imo
18:53 < routingloop> if someone really wanted to spy on me they'd already have done it
18:53 < routingloop> best case I keep script kiddies out
18:55 < SporkWitch> routingloop: that's what i call the "no one gives a shit about you" principle, and 99% of the time it applies to the people asking
18:56 < grawity> I don't think that philosophy applies when accessing people's medical information
18:57 < routingloop> yep pretty much
18:58 < routingloop> at this point in my life I'd rather just keep my mental energy for other things to worry about
18:58 < routingloop> kind of a stoicism principle really.  worry about the things you can control
18:58 < SporkWitch> grawity: standard precautions are sufficient for the users; the target is the datacentre.  you know full well the types i'm talking about that make up the overwhelming majority of people asking how to "protect" themselves on irc
18:59 < routingloop> so yes, do some things to protect yourself against spying and protect your privacy, but don't go too deep down the rabbit hole
18:59 < grawity> SporkWitch: you know full well I was talking about employees, not users
19:00 < SporkWitch> grawity: yes, i can see that you may have been trying to shift scope
19:01 < routingloop> if we're talking a corporate work environment the datacentre is always the end goal
19:01 < routingloop> for a red team
19:02 < routingloop> but they'll likely start with a breach at the client/employee laptop level or through improperly configured network perimeters
19:02 < routingloop> then work their way up
19:02 < SporkWitch> routingloop: or just walk in the lobby and grab the first open network port lol; almost no one seems to use port security
19:03 < routingloop> im actually in the process of rolling out eap-tls 802.1x company wide
19:03 < routingloop> based on my initial proof of concept it does seem like it is a rarely used feature
19:03 < routingloop> so many people do the easy way like eap-peap instead of doing true certificate based authentication
19:04 < routingloop> luckily for me, most of our offices have physical security and no open ethernet jacks outside the badge in chokepoints
19:04 < SporkWitch> routingloop: that's one i've never gotten.  horrible as AD is, one thing it _is_ good at is PKI
19:04 < routingloop> if properly configured yeah
19:05 < routingloop> make your root ca an offline and set up intermediaries
19:05 < routingloop> which then sign certs for user laptops
19:05 < addsub> greets
19:05 < routingloop> hola
19:05 < addsub> anybody familiar with hikvision?
19:05 < SporkWitch> routingloop: as to port security, it's not like you need to go full this-port-with-this-mac; a simple mac whitelist would be plenty sufficient to defeat the random walking in and plugging in
19:06 < routingloop> absolutely would, yeah
19:06 < SporkWitch> addsub: If you have a question, just ask! For example: "I have a problem with ___; I'm running Debian version ___. When I try to do ___ I get the following output ___. I expected it to do ___." Don't ask if you can ask, if anyone uses it, or pick one person to ask. We're all volunteers; make it easy for us to help you. If you don't get an answer try a few hours later.
19:06 < addsub> something funny happened. Somebody got it installed and in order to work on his own place it needs a SHARE account/ticket from the 'associate' who did the installation in order to see the cams.
19:06 < addsub> does this sound right?
19:06 < routingloop> however that can become OpEx heavy and require constant updating, right?
19:06 < addsub> I am sure this person can go on the device and do a hard reset and start clean without the associate.
19:06 < routingloop> whitelisting or a positive security model always seems to grow exponentially in time to maintain
19:07 < SporkWitch> routingloop: i don't see why; tech refreshes tend to be on fixed schedules, so if you can get the MACs on the invoice you could automate
19:08 < routingloop> we have a lot of laptops in production that are from forever ago
19:08 < routingloop> people don't like to give them up and our IT doesn't enforce a refresh policy
19:08 < SporkWitch> routingloop: initial setup is always a pain if things weren't properly documented initially
19:08 < addsub> then when trying to figure out why it wasn't working remotely he quickly checked his 'admin' account to see whether it was working properly.
19:09 < routingloop> so for a company that has a mature security policy than it may not be a huge issue... not so much for me ;)
19:09 < routingloop> have to be smarter than the business
19:09 < SporkWitch> routingloop: though you could arguably use arp tables ss a shortcut; would catch any existing unauthorized devices and add them too, but they were on there if you did nothing anyway
19:09 < addsub> and it worked fine for him. But then he didn't wanna share his 'admin' account.
19:09 < routingloop> afk
19:10 < SporkWitch> addsub: ask the vendor; i fail to see what this device-specific question has to do with networking
19:11 < addsub> SporkWitch: remote viewing? that goes through a network.
19:11 < addsub> a series of tubes
19:11 < SporkWitch> addsub: allow me to rephrase: this is not a networking issue, talk to the vendor
19:12 < alexandre9099_> hi, doe powerlines use live or neutral for data transmission?
19:12 < alexandre9099_> (or ground)
19:12 < SporkWitch> alexandre9099_: https://lmgtfy.com/?s=d&q=doe+powerlines+use+live+or+neutral+for+data+transmission
19:12 < addsub> SporkWitch: ok, just sharing in case anybody else faced this situation.
19:13 < SporkWitch> addsub: so post it on the vendor's forums
19:13 < alexandre9099_> SporkWitch, oh, ddg did not show me any good results :D
19:14 < SporkWitch> alexandre9099_: try restructuring the query; it is a google question, though and you shouldn't have much difficulty finding results
19:14 < alexandre9099_> (i didn't knew that lmgtfy had ddg search :D)
19:14 < SporkWitch> alexandre9099_: not sure when they added it, but they did :)
19:15 < SporkWitch> now if i could just figure out why autokey keeps "falling asleep"; can't figure out any reproduction steps, it just randomly stops triggering until i open the window
19:16 < SporkWitch> (i set up a hotkey to take selected text and paste in a lmgtfy link for it :P)
19:17 < alexandre9099_> i still don't find any answer :/
19:18 < alexandre9099_> it seems to be on the phase
19:26 < SporkWitch> alexandre9099_: https://lmgtfy.com/?s=d&q=doe+powerlines+use+live+or+neutral+for+data+transmission
19:26 < SporkWitch> d'oh
19:27 < SporkWitch> alexandre9099_: "how does powerline ethernet work" turns up several that explain it
19:31  * dogbert2 puts back the old style windows XP network activity icon in windows 7 :)
19:31 < dogbert2> SporkWitch...works pretty well for ethernet access, IMO w/out pulling cables through the attic, etc
19:32 < SporkWitch> dogbert2: i have a fibre connection, i'd rather not drop back down to a couple hundred kilobits
19:33 < dogbert2> yeah...I'm talking about wiring the entire house for cat6, etc...
19:34 < SporkWitch> O.o
19:40 < dogbert2> some ph33r: 10:40:04 up 7 days,  2:43,  1 user,  load average: 0.00, 0.00, 0.00
19:40 < addsub> dogbert2: that's actually a good idea. cat6 cabel nowadays is dirt cheap.
19:41 < dogbert2> ayup...
19:50 < koops> Which is currently a better option, Puppet or Ansible?
19:51 < SporkWitch> koops: https://lmgtfy.com/?s=d&q=Which+is+currently+a+better+option,+Puppet+or+Ansible
19:52 < addsub> ha ha!
19:52 < koops> That isn't helpful.
19:52 < SporkWitch> of course it is
19:52 < addsub> SporkWitch: what about some personal opinion? in the end irc is another source of help independent from google
19:53 < koops> Especially since I did google, and I wanted to hear opinions of people who used this software.
19:53 < koops> I am completely new to both.
19:53 < addsub> is like if I google some question and I get the following result 'lmirctfy' pointing to freenode.
19:53 < SporkWitch> addsub: survey questions are generally discouraged as they are rarely, if ever, educational or productive.  The query is a google question and invitation for "mine's the best; no mine is"
19:54 < addsub> SporkWitch: though  I agree about reading a bit priorily.
19:54 < SporkWitch> addsub: if you've ever seen that, the poster is retarded.  documentation → forums → search → irc
19:54 < koops> Anyway, did anyone here use either?
19:55 < SporkWitch> koops: http://www.catb.org/~esr/faqs/smart-questions.html
19:56 < koops> I read this long time ago.
19:56 < koops> What I wanted to hear is at least some differences between these, and reasons why to choose either of them.
19:56 < SporkWitch> sounds like you could use a refresher
19:56 < SporkWitch> well that's a whole different question from the one you asked
19:56 < koops> It's insecure HTTP too.
19:56 < koops> It's 2018 already lol.
19:57 < SporkWitch> https://lmgtfy.com/?s=d&q=comparison+puppet+ansible
19:58 < koops> And if I wanted a comparison from an actual user, and not from a random guy?
19:58 < koops> infoworld as first result lol.
19:59 < SporkWitch> oh, for that: [13:57:02] <SporkWitch> https://lmgtfy.com/?s=d&q=comparison+puppet+ansible
19:59 < koops> most of results are commercial websites.
19:59 < SporkWitch> cool; read some of them
19:59 < SporkWitch> it's a shit question easily googled
20:00 < koops> Of course I'm supposed to trust commercial websites.
20:01 < rewt> koops, compare their feature lists, and look at where they differ and how those differences would be affected by your environment
20:01 < SporkWitch> so not just lazy, but intentionally obtuse
20:02 < SporkWitch> make sure you do it over tor; the government is watching you
20:02 < SporkWitch> they're out to trick you into using the wrong one
20:03 < koops> fuck you :-D
20:31 < gde33> they see you naked all the time
20:33 < hexein> eeek
20:47 < Ugly-051> Any pros and cons between netem vs wanem?
20:48 < SporkWitch> Ugly-051: https://lmgtfy.com/?s=d&q=comparison+netem+wanem
20:49 < Ugly-051> sporkwitch: Just wanting personal opinions on here, not just on web :)
20:49 < Ugly-051> sporkwitch: I have looked
20:49 < SporkWitch> Ugly-051: then go find a review site
20:51 < Ugly-051> sporkwitch: So have you personally used either of them? :)
20:51 <+catphish> SporkWitch: please stop doing that
20:51 < SporkWitch> catphish: i'll stop giving them google when they stop asking google questions
20:52 <+catphish> there's no such thing as a google question
20:52 < Ugly-051> sporkwitch: it's not a google question, I can google fine, I just know there is better knowledge in this channel for stuff like this :)
20:52 <+catphish> people are welcome to ask here, and we're welcome not to answer :)
20:52 < Ugly-051> Thank you catphish :)
20:53 < SporkWitch> there is such a thing, and that's it; but you're right, they can ask google questions, and i'll point them to the resources to answer their question
20:55 < Ugly-051> So out of curiosity sporkwitch what is your experience with these two apps?
20:55 <+catphish> i also don't know the answer, never used either, they seem to serve similar purposes
20:55 < SporkWitch> they are apps that exist for which there many resources answering your question, all easily found with your search engine of choice
20:55 < Ugly-051> So nothing then...
20:56 < SporkWitch> didn't say that, said i'm not doing your google search for you
20:56 < Ugly-051> But thanks anyway...
20:56 < Ugly-051> You didn't need to
20:56 < Ugly-051> I already did, but came here for extra advice
20:56 < SporkWitch> well you were clearly having difficulty with it
20:56 < Ugly-051> Nope
20:56 <+catphish> there's a good list of features of netem here https://wiki.linuxfoundation.org/networking/netem
20:56 < SporkWitch> Ugly-051: so if you already searched it to you have a SPECIFIC question you need help with?
20:56 <+catphish> wanem has no such feature list :(
20:57 < SporkWitch> Ugly-051: as structured, your query is answered by google; if you have something in particular you'd like to know that you didn't understand / find, that would be something productive to ask a person about
20:57 <+catphish> i'd start with the linux one personally
20:57 < Ugly-051> catphish: Aye I've used Wanem before on GNS3 and was looking for reasons to use netem
20:58 < Ugly-051> catphish: I'm probably going to use netem with a phsyical device as a bridge for alab
20:58 < Ugly-051> a lab*
20:58 < ca_cabotage> hey all - I've got several networks running Unbound for DNS resolution. One of those networks is huge, like DNS cache in the hundreds of thousands, approaching million huge. The other networks are very small, also - those other networks have fairly high latency connections, so DNS resolution is pretty high for un-cached content. pre-fetch is pretty good but i
20:59 < ca_cabotage> i want more. So my thought was, use dump_cache on the huge network to a file, send that file out to the small networks, and use load_cache on their networks at regular intervals
20:59 < ca_cabotage> this way the little networks get the benefit of the huge network cached resolutions - would this work?
21:01 < detha> ca_cabotage: possibly, depending on what is being resolved. Analyze cache misses in the small networks, check if they would have been resolved using the large cache file.
21:03 < Emperorpenguin> yeah look into it because with how dynamic DNS is nowadays you might end up loading a ton of already invalidated stuff and break things
21:03 < Emperorpenguin> or at least un-optimise them
21:04 < detha> ne'er mind CDN's steering stuff and geoloc-aware things yeah
21:04 < ca_cabotage> yeah, i might have to test with some sites with very small TTL's
21:05 < ca_cabotage> pipe size isn't really a factor, smallest pipe should still be able to transfer the cache file in less than 10 sec without putting noticeable strain on the network for other users. so maybe just doing really high-freq transfer?
21:07 < VincentHoshino> hmmm how hard is it to reset a Brocade TurboIron 24X TI-24X-AC back to factory default?
21:07 < detha> Ideal solution, if you have the bandwidth: snoop on all DNS requestst of the large network. Pipe those to the small networks, let the re-do the same thing into their cache
21:29 < sunrunner20> stupid question. I've got a VMware VM running with bridged networking. an ifconfig <if dev> 192.168.1.3 should be enough to get me access to that network segment, right?
21:29 < sunrunner20> latest fedora version if it matters
21:34 < djph> sunrunner20: netmask?
21:35 < sunrunner20> djph, didn't change from what dhcp assigned it
21:35 < sunrunner20> still a /24 CIDR
21:35 < tds> btw, ifconfig is deprecated ;)
21:35 < djph> then you should access 1.0/24 no problem.  unless youre trying to access the vm_host from the vm
21:36 < sunrunner20> nope djph
21:36 < sunrunner20> I have a 172.0.0.0/24 that I put a device with a 192.168.1.0/24 on it and I need to access it
21:37 < sunrunner20> tds, yes but it still works for simple stuff.
21:37 < djph> then route
21:37 < sunrunner20> iirc the new command its inet addr
21:37 < sunrunner20> djph, is temporary, but I'll see if I can add a route
21:38 < tds> yeah, you'd probably want to use ip address add
21:38 < tds> (and you can shorten those, I suspect ip a a would work)
22:07 < royal_screwup21> I'm trying to wrap my head around this nesting: IP header -> TCP header > (http header & data). Can someone please walk me through why it's nested the way it is? Like, what's the relation IP and tcp header?
22:08 < royal_screwup21> between*
22:09 < IhrFussel> Any idea why those lines appear when I run "sudo tcpdump" on Ubuntu? https://paste.ubuntu.com/p/krqmXSBdhr/ << especially the Bluetooth ones
22:09 < Forst> IhrFussel: because tcpdump supports capturing from Bluetooth adapters
22:10 < IhrFussel> Forst, ah thanks =) and the other lines are also common ones? Nothing to worry about?
22:11 < Forst> yes, it's absolutely normal. promiscuous mode simply means that an adapter is forced to accept any frame that it receives. the default behavior is to accept frames addressed either to it or everyone (broadcast)
22:11 < SporkWitch> royal_screwup21: you want to read up on the OSI and TCP/IP models
22:12 < Forst> you shouldn't be looking at the kernel log unless something's broken :)
22:14 < IhrFussel> Forst, well I checked dmesg and found some weird lines "Process accounting resumed" so I decided to watch it more closely ... the lines were likely caused by atop
22:15 < Forst> it all sounds normal to me :) no reason to worry
22:16 < IhrFussel> Does tcpdump slow down the machine a lot? Or is it relatively lightweight?
22:17 < SporkWitch> no more than anything else that listens on the network
22:17 < Forst> it might slow down traffic forwarding
22:18 < Forst> that's what it did in my case on an rpi
22:19 < IhrFussel> I wonder if I could monitor the traffic well with it cause of this "[9443279.493512] TCP: request_sock_TCP: Possible SYN flooding on port 80. Sending cookies.  Check SNMP counters."
22:19 < tds> depending on the options you run tcpdump with, you'll generate a load of rdns lookups as well
22:19 < sunrunner20> ended up using ip addr guys, thanks
22:19 < sunrunner20> let me add an extra IP instead of changing it completely
22:20 < Forst> ooh indeed, tds made a good point, I suggest running it with "-n" to disable rdns lookups
22:20 < IhrFussel> ^ If I only have a few of those lines... could it still have been an attack?
22:26 < Forst> could probably be some bot running an automatic scan on the web server for typical vulnerable applications
22:27 < Forst> you could check access.log to see if that's the case
22:29 < IhrFussel> I use lighttpd as web server...can't find it there only var/logs/lighttpd/error.log
22:30 < Forst> you might as well have lots of 404s for non-existing paths that were attempted
22:31 < zamanf> hello
22:32 < zamanf> I am looking to buy a new router. Do you know any router that is accessible through ssh and runs like a server? so I can run iptable rules in it
22:32 < Forst> any router that supports openwrt
22:34 < Forst> IhrFussel: if you're indeed getting lots of 404s from bots and it's troubling you, you might want to look at fail2ban
22:35 < badsekter> zamanf: you could just use an old pc with linux on it as a router
22:36 < IhrFussel> Forst, I already use fail2ban which is why I'm kinda confused that such lines appear in dmesg ... I grepped error.log and error.log.1 for "403" "404" "500" no results
22:36 < lan> Need help replacing my tp-link router with a airport express...
22:38 < lan> what's the diference between a WAN port and an ADSL port?
22:39 < Forst> IhrFussel: did you match up the times of dmesg entries and error.log entries? it might be in the older ones
22:39 < Forst> lan: WAN is basically Internet, ADSL is a specific technology to connect to it over phone lines
22:42 < lan> Forst: so are they besically two different ports?
22:42 < badsekter> lan, i am guessing the WAN port on the router is for an ethernet cable, and the ADSL port is for a phone cable... so WAN would be for fiber
22:42 < badsekter> lan, are you looking to buy a router?
22:42 < Forst> lan: WAN could be any port physically (Ethernet over twisted pair, fibre, ADSL, cable etc)
22:43 < IPoAC> I didnt see home routers supporting fiber, so I guess what you are looking for is the same thing basically, when they write WAN or Internet they basically mean Internet gateway so same thing
22:44 < lan> badsekter: I need to connect an adsl modem phone line to an airport express router
22:44 < Forst> there are definitely home routers supporting fiber, there are some GPON deployments with fiber to the house/apartment
22:45 < Forst> lan: for that you need a modem, which should usually be provided by your ISP
22:45 < IhrFussel> Forst, someone in #lighttpd told me that the web server doesn't log 403,404 and 500...
22:46 < badsekter> lan, the device has both a WAN port and an ADSL port? which one worked? did you try both?
22:46 < Forst> IhrFussel: nice webserver xD wonder what's the point of error.log if it doesn't log any errors :D
22:47 < lan> my tp-link router has an adsl port for that specific purpose while the airport express one has only a WAN port
22:47 < IhrFussel> Well it does log errors but apparently only once that are not that important...like "2018-05-06 22:46:53: (mod_fastcgi.c.2695) FastCGI-stderr: PHP Notice:  Undefined variable: smsg in /var/www/post.php on line 45
22:48 < Forst> how is that a "not that important" warning? :D
22:48  * variable logs lhunath 
22:48 < badsekter> lan, and the tp-link one is dead? so you want to use the other one for ADSL? is the WAN port on it even for the phone line?
22:48  * variable logs IhrFussel 
22:48 < Forst> lol
22:49 < IhrFussel> So it's important to init a PHP var before assigning a value?
22:49 < Forst> airport devices only have ethernet afair
22:50 < variable> IhrFussel: depends on the kernel
22:50 < variable> but you probably won't notice anything
22:50 < Forst> assigning a value is initializing, isn't it?
22:50 < IhrFussel> variable, 4.4.0-108-generic
22:50 < variable> IhrFussel: what is that?
22:51 < IhrFussel> Kernel version
22:51 < variable> what kernel?
22:51 < IhrFussel> Linux
22:51 < variable> oh. Linux traditionally has not-amazing networking perf
22:51 < variable> though it can be tuned
22:52 < lan> Forst: my current setup is a modem connected to both a phone and adsl port of the router
22:52 < zamanf> badsekter, what do you mean, use a pc as a router? how can I give wifi to other pc's?
22:53 < variable> zamanf: that is entirely doable, though with most consumer wifi cards you can not connect to wifi at the same time
22:53 < lan> badsekter:yes, that's what I'm asking myself too
22:53 < variable> you need to be ethernet or otherwise connected
22:55 < zamanf> ok, so I will connect the pc to the modem and from pc how I can share internet with other devices? let's say we need only wifi access. are there specific wifi cards that will act as a wifi access point?
22:55 < zamanf> while I get internet using wifi to connect to my modem?
22:55 < Forst> IhrFussel: I'm not sure if fail2ban will be able to determine scans then, since there is no 404 logging
22:55 < lan> Forst: they both have WAN/LAN ports
22:55 < Forst> what it does is check the logs pretty much
22:56 < variable> use blacklistd
22:56 < Forst> lan: maybe you meant a splitter?
22:56 < variable> it has integration with the  utilities
22:56 < variable> instead of scanning log files
22:57 < m|st> zamanf: you want to connect your pc to modem via ethernet and provide wifi for local bxes?
22:57 < badsekter> zamanf, google "linux as router" lots of resources
22:57 < lan> Forst: can I connecte the phone line adsl port from my modem to the WAN port of the airport express for internet connectivity?
22:58 < badsekter> m|st: he originally asked how to find a router that he can shh into and run iptables on, and i suggested just using and old pc with linux on it
22:58 < m|st> ah i see, yeah good suggestion
22:58 < Forst> lan: phone cable goes into the modem, ethernet cable goes both into modem and airport (WAN)
23:01 < variable> badsekter: personally I'd use pfsense
23:01 < variable> its tuned/designed for this use case
23:01 < lan> forst: thanks for your help
23:01 < Forst> lan: not at all :)
23:03 < sunrunner20> how bad are extra SSIDs for wifi performance?
23:04 < lan> my modem basically has two ports; adsl and telephone
23:04 < m|st> depends on ur loads sunrunner20
23:04 < Forst> lan: I have a strong suspicion that what you're describing is a splitter
23:05 < variable> sunrunner20: depends how they are implemented too
23:05 < lan> with my tplink I connect the adsl port of the modem to the adsl port of the router
23:05 < Epic|> More than a few ssids can be significant
23:05 < variable> Is it the same channel with different virtual BSSIDs ?\
23:05 < variable> different channels? same radio?
23:05 < variable> different radios, different channel
23:05 < variable> different radio, same channel
23:05 < Forst> lan: could you give us model numbers for both tp-link and modem, please?
23:05 < m|st> ^
23:05 < variable> iow not-enough-info
23:06 < variable> sunrunner20: most COTS routers do VAPs with the same channel, same radio, and different BSSIDs
23:06 < variable> this should not affect performance at all
23:06 < variable> if you have no idea what I'm talking about when I say "COTS", "VAP", and "BSSID" then this almost certainly applies to you :)
23:07 < variable> (I'm happy to explain it too if you're curious)
23:08 < Forst> what about the radio switching 2x/3x/4x times more to the lowest rate to transmit beacons?
23:08 < Forst> I'm now curious too :)
23:09 < variable> Forst: for a quick level-setting, do you know what the acronyms I used above are?
23:09 < Forst> virtual access point, basic service set identifier
23:09 < Forst> not sure what a COTS is tho
23:09 < variable> consumer off the shelf
23:09 < variable> least important one
23:10 < Forst> still nice to know, thanks :)
23:10 < variable> i.e., nothing I'm about to say applies to "pro" equipment
23:10 < IhrFussel> Forst, it was disabled by default and I had to enable a certain module to log accesses
23:10 < IhrFussel> But that doesn't help much now
23:11 < variable> Forst: you could imagine the 'bssid' as a MAC address of the hardware
23:11 < variable> (its actually a derivation, so it doesn't matter)
23:11 < variable> you can pretend to have multiple physical addresses, just like you can multiple "logical" addresses.
23:12 < Forst> I think I know how it works, all I wondered is whether sending more beacons for each SSID would increase overhead and such
23:12 <+catphish> sunrunner20: as long as you only have a small number, not bad at all, a silly large number will harm performance
23:12 < sunrunner20> variable, COTS?
23:12 < variable> Forst: in theory, yes it would, but I doubt the overhead is measureable
23:12 < variable> iow, strictly speaking, it is doing more work
23:12 < Forst> all I wanted to hear, thanks :)
23:12 < variable> so by definition, it is less performanct
23:12 < sunrunner20> catphish, three from the same AP. I'm about to request one be removed
23:13 < variable> but I doubt you'll be able to actually measure this :)
23:13 <+catphish> each SSID required a beacon to be sent at an interval, that beacon must be sent at low speed, which means it consumes some time to send, too many and you end up using up all the available time
23:13 <+catphish> sunrunner20: three wouldn't be a problem at all
23:13 < variable> catphish: sure, but sending two beacons at low speed instead of one shouldn't change a thing
23:13 < Forst> but you send approx 10 per second
23:14 < variable> unless the router switches to each SSID at different intervals
23:14 < Forst> two ssids makes 20
23:14 < variable> which would be damn near stupid
23:14 <+catphish> variable: it would change something, it would double the overhead, but for < 10 i wouldn't worry at all
23:14 < variable> Forst: there is a difference between 20 switches, and 10 switches of 2 packets a piece
23:14 < sunrunner20> variable, ubiqity AP. not sure which version
23:14 < lan> Forst, http://images10.newegg.com/NeweggImage/ProductImage/A0PG_1_20140424504967619.jpg
23:14 < Forst> that's a splitter, lan xD
23:14 < Forst> told ya
23:14 <+catphish> variable: what do routers have to do with it?
23:15 < variable> catphish: sorry, I meant AP, not router
23:15 <+catphish> the problem with SSIDs is purely a wireless one
23:15 < variable> I have a habbit of confusing the two
23:15 < variable> at least in text :)
23:15 <+catphish> the problem is that each SSID takes time to send its broadcast
23:15 < lan> https://www.tp-link.com/res/images/products/gallery/TD-W8951ND%28UN%296.0-03.jpg
23:16 <+catphish> it also depends if you have 802.11b enabled, if you do, the beacons have to be sent at crazy low speed
23:16 < lan> Forst, yes sorry, you were right
23:16 < Forst> the actual equipment "converting" a phone line to usual Ethernet is your tp-link
23:16 < Forst> it is a router/modem/access point combination
23:16 < variable> catphish: true
23:16 < Forst> so if it's broken, you have to get a separate modem if you want to use an Airport Express
23:17 < Forst> or perhaps settle with a different modem+router device
23:17 < Forst> beacons are sent at 1 Mbps for 2.4 and 6 Mbps for 5 GHz respectively by default
23:17 <+catphish> i just found a document, assuming beacons are sent at 1Mbps, 1 SSID consumes 3% of the available bandwidth, 10 SSIDs would consume 30%
23:17 < Forst> to maximize the distance
23:18 < Forst> * the distance which these frames can reach
23:18 <+catphish> 3 SSIDs, you'd lose 10% of your bandwidth
23:18 < Forst> I guess the better word would be "air time"
23:18 <+catphish> however, if you disable 802.11b compatibility, the beacons will send a lot faster and not be a problem
23:18 < Forst> not bandwidth
23:19 < variable> catphish: can I see document plz ?
23:19 <+catphish> variable: http://www.revolutionwifi.net/revolutionwifi/2013/10/ssid-overhead-how-many-wi-fi-ssids-are.html
23:19 < variable> ty
23:19 <+catphish> the document is discussed and linked there
23:19 < lan> Forst, cannot just connect the modem port of the splitter to the WAN port of the airport express
23:20 < Forst> lan: no, they are different ports physically and carry different types of signals
23:20 <+catphish> you can configure that spreadsheet for different configs, its cool
23:20 <+catphish> if you disable 11b then you only lose 1.6% bandwidth for 3 SSIDs
23:21 < sunrunner20> oh
23:21 < sunrunner20> I think we can disable b lol
23:21 <+catphish> if you have more than 3 SSIDs then that is essential
23:21 <+catphish> for 3, you can just about get away with it regardless
23:21 < variable> I disable 'b' but need to keep 'g' for $reasons :(
23:22 < Forst> sunrunner20: if you find where to disable it in the unifi controller, please tell me too :)
23:22 <+catphish> thats probably the sane config
23:23 < sunrunner20> Forst, I'll have a look later in the week. The AP in question I don't control
23:23 < Forst> nvm, I found it and it's disabled by default indeed
23:23 < Forst> Settings — Wireless Networks — edit Group — "Enable legacy device support (i.e. 11b)"
23:25 < lan> Forst, can you explain how I can connect my current setup to my airport express in order to substitute my tplink router then, please
23:25 < Forst> also, thank you for the link, catphish
23:25 < Forst> lan: you need to buy/get a modem, that on one end will receive a phone line connection (ADSL), and on the other end will provide an Ethernet connection
23:25 < Forst> you should better contact your ISP about that
23:29 < lan> Forst, thanks you've been very helpful
23:29 < Forst> lan: you're welcome :)
23:29 <+catphish> SporkWitch: lol did you get yourself banned from ##linux
23:30 < SporkWitch> happens when one of the regular trolls whinges and disrupts the channel; why remove the disruption when you can remove someone that actually contributes?
23:31 < SporkWitch> why, one of the trolls celebrating ? lol
23:32 <+catphish> SporkWitch: this just happened to me, i have no idea why: https://paste.ubuntu.com/p/NN8RY5WxgS/
23:32 <+catphish> i assume it relates to my comment last night
23:33 < SporkWitch> sounds about right
23:33 < SporkWitch> li's a dedicated troll; they actively encourage them the last few years
23:35 <+catphish> dumped it into their ops channel, i don't really have much faith in that channel :(
23:35 < SporkWitch> you shouldn't
23:35 < SporkWitch> one of the things that said last night is telling: it's apparently no longer a support channel but a "lounge"
23:35 <+catphish> i don't think that's true, given their strict rules
23:36 <+catphish> you can't really have a social channel with strict rules
23:36 < SporkWitch> if the ircops weren't just as bad these days i'd see if it were possible to get the channel taken from them; last i heard freenode IS supposed to be, first and foremost, support for FOSS software and projects, always has been
23:37 <+catphish> but sometimes i have to realise that everyone annoys people sometimes
23:37 <+catphish> i mean, i clearly annoyed the folks in ##linux last night, and you're not exactly nice to everyone around here either
23:38 < SporkWitch> ask stupid questions get stupid answers; ask google questions, get google answers.  If someone wants everything done and handed to them, they can pay for it.
23:38 <+catphish> gotta find a balance i guess, i like to help people when i can
23:38 <+catphish> SporkWitch: on that i always disagree
23:38 < SporkWitch> just because it's september doesn't mean we have to lower our standards
23:39 <+catphish> i'm here to help people, for free, i will do do as best i can
23:39 <+catphish> it's literally not september
23:39 <+catphish> in fact, it's not even close
23:39 < SporkWitch> it's always september
23:39 < SporkWitch> it's been september for almost three decades
23:40 < SporkWitch> and you're not helping them by handing things to them; you are, in fact, actively harming them
23:40 <+catphish> well you're entitled to that opinion
23:40 < SporkWitch> it's not an opinion, it's demonstrable
23:41 < SporkWitch> the more they've encouraged it, the more you see people that can't do anything for themselves, even when it IS handed to them
23:41 <+catphish> i find an answer and an explanation goes a long way to helping people learn
23:41 < SporkWitch> you see it in here too, with that one kid (i'd know his name if i saw it; i tend to braindump names once they're no longer talking), constantly asking homework questions and arguing with every answer provided
23:41 <+catphish> the second time, perhaps only the explanation :)
23:42 <+catphish> that's ok
23:42 <+catphish> asking questions and arguing with the answers is how i learn
23:42 <+catphish> i wish more people who knew more than me tolerated it :)
23:42 < SporkWitch> catphish: there's a difference between the socratic method and "nuh uh"
23:42 <+catphish> lol true
23:43 <+catphish> never knew socratic method was a thing, cool
23:43 < SporkWitch> want an example of good questions, look at that guy last night messing with VPNs
23:44 <+catphish> i struggled to follow that, then got drunk and went to sleep instead
23:44 < SporkWitch> he did his research, he asked good questions in response to the resources he was directed to and the answers he was given, and with a little bit of prodding he could be made to figure things out himself
23:44 < SporkWitch> it was actually a VERY good discussion, and i think he got a lot from it
23:44 < SporkWitch> even if one of the others and i scared him a bit by going pretty deep on theory between each other lol; had to back up and remind him he could ignore most of what we were talking about lol
23:46 < karolin> hi i like this http://www.thedubber.altervista.org/ip/
23:47 <+catphish> i'm trying to learn how iscsi works, not been able to get much help there, so just reading the overcomplicated documentation :)
23:48 <+catphish> karolin: why u share this?
23:50 < SporkWitch> catphish: usually what you've gotta do when asking a broad question about a low-level topic; that said, when one DOES read that documentation and you have at least the foundational knowledge needed, it'll generate productive questions for ##hardware
23:51 < SporkWitch> forgot who linked it a few weeks ago, but i've been loving that essay on how to ask smart questions; 30+ years of basic etiquette condensed into a 15 minute read
23:52 <+catphish> the problem is, sometimes there just aren't enough people in the world with the knowledge you seek :)
23:52 < SporkWitch> also true, especially the lower level you go
23:53 <+catphish> unless you want to do os development, in which case you can go as low and technical as you like and the geniuses in #osdev will always give you the answer :)
23:54 <+catphish> welcome back
23:55 < SporkWitch> catphish: it's not exactly the kind of place likely to get truly bad questions; if you're looking into things on that level presumably you already have a foundation
23:55 < SporkWitch> gotta love netsplits
23:55 <+catphish> SporkWitch: indeed, they're better than most at assuming competence
23:55 <+catphish> i geuss they get less annoying newbies, or they just have the tolerance of saints
23:55 <+catphish> in any case, great channel
23:56 < SporkWitch> the former; the kinds you get in ##networking, ##linux, and ##security don't find places like that
23:56 < SporkWitch> we'd get less of it too if people would actually drive home etiquette and standards.
23:57 < SporkWitch> hell, i'm sorely tempted to link that "how to ask smart questions" essay in the video game discord i admin lol
23:57 <+catphish> there are other channels that really are secret where you don't dare ask stupid questions because there are genuine experts :)
23:57 < SporkWitch> half the questions we see are literally the first google hit for their exact phrase
--- Log closed Mon May 07 00:00:11 2018