--- Log opened Thu May 24 00:00:30 2018 00:02 < kbaegis> About the only useful thing I've been able to glean is this from dmesg: netlink: 'ovs-vswitchd': attribute type 5 has an invalid length. 00:33 < patientplatypus> hey guys i have a dumb question 00:35 < z3t0> patientplatypus: whats the question 00:35 < patientplatypus> if i set up a terraform cluster and then set up a kubernetes cluster locally and deploy it to the terraform cluster how do I link the two. Ie how does kubernetes know where to put each of its pods in each of the terraform nodes? 00:35 < patientplatypus> super basic i know 00:37 < z3t0> sorry i have no clue, maybe someone else might know 00:53 < Demos[m]> does there exist a network simulator that just makes netns for each device and then uses the kernel's implementations of L2 stuff? 01:15 < mawk> you mean veth pairs Demos[m] ? 01:16 < Ruflexo> Hey guys, I have a bit of a problem with networking due to a nonstandard setup. I have a modem in my appartement building (192.168.178.1) which doles out addresses via DHCP in the 192.168.178.* range. I have an ethernet cable running from this modem to my router (goes into the WAN port of router)- 01:16 < mawk> you can use systemd-nspawn with optionnaly a btrfs filesystem to be able to spawn new containers that are part of a common L2 network in no time 01:17 < Ruflexo> This router statically requests a WAN ip from the modem of 192.168.178.2. This IP address is then put into a DMZ on the modem. The router itself doles out IPs via DHCP in the 172.16.0.* range. One the connected devices is a PS4. However, whatever I try, my PS4 always ends up with its NAT type on 3 / strict 01:18 < Ruflexo> Even when I put the PS4 on the router DMZ (and the router itself is in the modem DMZ) 01:18 < tds> Ruflexo: are you able to put that modem into some kind of "bridge mode", so it's acting as a plain modem rather than a NATing router? 01:19 < electricmilk> Just found out I need to provide a two computers for a computer lab as the area has no ports and we can't run cabling. Any suggestions for only a $50 budget. Range is not an issue here. 01:19 < Ruflexo> No I cant put the modem into bridge mode sadly since some people dont have their own router and simply rely on the modem WiFi 01:19 < tds> hmm, are you able to add static routes on the modem? 01:19 < electricmilk> Also the office is already behind double NAT. If I get an all-in-one device with router...I should be able to just disable NAT right? 01:20 < Ruflexo> Yes, I can add static routes 01:20 < tds> eliminating one layer of NAT (so making your router just do plain routing) would likely solve your issues, rather than double NAT 01:20 < tds> (just to avoid confusion, that was to Ruflexo) 01:20 < Ruflexo> but shouldn't the router being in the DMZ mean I'm effectively skipping one layer of NAT? 01:20 < electricmilk> tds, haha thanks I was confused 01:21 < electricmilk> Is there a cheap way to just get a wifi controller and AP I can plug into our router? I'm talking $50 or so 01:21 < tds> The DMZ means that incoming traffic is forwarded to your router and then to the PS4, outgoing traffic will still be NATed twice though 01:22 < electricmilk> Ah crap I'll need to put them on a VLAN but don't manage the switch... 01:22 < electricmilk> All I manage is a tiny little UBNT ER-X...I can just deploy an access list 01:23 < tds> Ruflexo: also, is there any particular reason you want to have the second router doing NAT, rather than just a switch? 01:24 < Ruflexo> I like to keep my own network and devices completely separate from the other people in the appartement building 01:24 < Ruflexo> Hence why I put the ethernet cable from the modem -> router in the WAN instead of LAN port 01:25 < tds> ah yeah, that makes sense - in that case ideally you probably want to add a static route on the upstream modem routing a subnet (eg a /24) to your router's "WAN" ip, then disable NAT on your router, and have it just act as a firewall for your devices 01:30 < Ruflexo> tds: What would that mean practically? Right now its WAN IP <-> Modem IP (192.168.178.1) <-> 'WAN' router IP (192.168.178.2 with gateway 192.168.178.1) <-> internal router IP (172.16.0.1) <-> static PS4 IP (172.16.0.104) 01:31 < kbaegis> So the good news is that I seem to have gotten my lacp interface up. The bad news is that when it is I'm seeing a broadcast storm/loop 01:31 < Ruflexo> Sorry if that is a noob question but I'm only noob level familiar with subnets and subnet masks 01:32 < WizJin> anyone here familiar with voip softswitch 01:35 < electricmilk> Is there even such thing as a device that handles wireless AP and controller without routing? 01:35 < Ruflexo> tds: nevermind, a quick Google revealed that my ISPs modem doesnt support static routing :/ Would just disabling NAT on the Modem <-> router 'WAN' connection help? 01:36 < Ruflexo> electricmilk: I dropped in halfway on your question, what is the problem? 01:42 < kbaegis> I found a workaround. Looks like resetting the interface via openrc does it 01:43 < kbaegis> idk why that's a requirement. It does fix it though 02:00 < Project86__> So, due to what I've gathered here from SporkWitch and others, I went searching for tutorials on bridging 2 routers wirelessly. However, all of them point to going into your router (that has internet connection) webpage, and allowing bridging and set one ip to .1, and the other to .2. They suggest dd-wrt and the likes as well. However, I'm doing this on a pi3, and want them to be bridged regardless of internet being 02:00 < Project86__> available. So could someone possibly point me towards a more relevant to my situation tut? 02:01 < Project86__> Or any pointers? 02:03 < Project86__> How do I do this when I'm not using my homes main router used for internet access? 02:03 < kbaegis> Project86__: You're trying to just use your WAP without routing? 02:04 < admiralspark> Project86__: what does routing in your network? 02:04 < kbaegis> Oh, wireless bridging? That's one way to break your network :) 02:05 < Project86__> I have 2 pi's, I want them both to act as routers, and both be bridged together to access 1 from the other 02:05 < Project86__> kbaegis: wym? How will that break my network? 02:07 < Project86__> admiralspark: I guess idk.. I'm still new man 02:11 < Project86__> ? 02:17 < Ruflexo_> Hmm, different solution maybe: I have access to the ISP modem, I can set up port forwarding, port triggers and DMZ but not static routes. If I connect the ethernet cable from ISP modem to my router in the LAN instead of WAN port, is there a way to still make everything that connects to my router separate from everything else connected to the ISP modem? 02:19 < Ruflexo_> I just dislike it very much if people in other appartements can see my Apple TV or NAS, even though I have those locked down tight with PIN or password 02:19 < electricmilk> Ruflexo_, I mean you could setup your router into a different subnet...does it have the ability to setup access control lists? 02:21 < electricmilk> Ruflexo_, Believe it or not some home all-in-one devices even have VLAN support nowadays but unlikely with yours 02:22 < electricmilk> Ruflexo_, Honestly...if you put your router into some strange subnet like 10.14.69.0/24 its unlikely anyone will see your NAS or Apple TV 02:23 < electricmilk> They'd have to scan the entire RFC1918 address space and then manually change their IP. 02:23 < Ruflexo_> Is that subnetting? Online they give very complicated explanations of using a netmask of 255.255.255.192 instead of 255.255.255.0 02:24 < electricmilk> Keep the subnet simple 02:24 < electricmilk> put it in a totally different address space. Make sure you disable DHCP!!! 02:24 < electricmilk> Or you could take down the whole network 02:25 < electricmilk> So if the network is using 192.168.0.1 (255.255.255.0) Use 10.14.69.0 255.255.255.0 02:25 < electricmilk> That will allow for 254 usable hosts 02:25 < Ruflexo_> Wouldn't that mean that whoever visits me and connects to my WiFi has to manually enter a static IP? 02:25 < electricmilk> again...disable DHCP..and then set your devices with static IP's 02:25 < Ruflexo_> if I disable DHCP in my router 02:25 < electricmilk> yes it would 02:25 < electricmilk> What you need then...is VLANS 02:26 < Ruflexo_> I have full control over my router and can probably setup VLAN there 02:26 < electricmilk> you never, ever want to have two devices handing out DHCP. Great way to take out the whole network 02:26 < Ruflexo_> but my ISP modem/router is locked 02:26 < Ruflexo_> don tight 02:27 < Ruflexo_> locked down tight* 02:27 < Ruflexo_> I mean it has port forwarding, dmz and port triggers but nothing exotic like VLANs 02:27 < electricmilk> Doubt your box supports VLAN's anyways 02:27 < electricmilk> (Either box) 02:27 < electricmilk> wait let me think 02:29 < electricmilk> You might be able to just setup your router on another subnet with DHCP..without DHCP relay it might not broadcast to other devices 02:29 < electricmilk> Perhaps someone else can chime in 02:29 < electricmilk> I'm not networking expert 02:29 < electricmilk> *not a 02:29 < electricmilk> If you don't mind risking taking some hosts out.... 02:30 < electricmilk> Assign the router some ridiculous network address space 02:30 < Ruflexo_> Nah, and if it does it will only be for 5 minutes 02:30 < electricmilk> assign your router the address 10.14.69.1 255.255.255.0 02:30 < electricmilk> keep DHCP 02:30 < Ruflexo_> Ok I will try now, will go offline but back in ~5 minutes (considering all the shit I have to reboot) 02:30 < electricmilk> Now that I think about it...I'm fairly certain it wont be an issue... 02:34 < Project86__> You can just change the routers default ip to anything u want? 02:35 < Project86__> Or is 10.14.69.1 something specific? 02:35 < electricmilk> well not anything you want 02:35 < electricmilk> Project86__, You want to pick something in the RFC1918 address space 02:36 < Project86__> Ah ok. No idea what that is, but good intel all the same 02:36 < electricmilk> Project86__, I chose 10.14.69.1 because it is a very random network address and Ruflexo_ is wanting to try and not be visible 02:36 < Project86__> Now if someone could possibly chime in on my queations? 02:36 < Ruflexo> It didn't work. I have ethernet cable from modem into router LAN1 port, in router I have set gateway to 192.168.178.1, but DHCP server of router gives out IPs of 172.16.0.* range 02:37 < Ruflexo> but my Mac wont connect via the router DHCP server (well it tries, but it gets no internet access) and then jumps over to the 192.168.178.* DHCP server of the modem 02:37 < electricmilk> RFC1918 address space are private address ranges. (10.0.0.0 - 10.255.255.255 ; 172.16.0.0 - 172.31.255.255 ; 192.168.0.0 - 192.168.255.255) 02:38 < electricmilk> Ruflexo, Bummer. Probably the two DHCP servers conflicting 02:38 < Project86__> electricmilk: thanks for that 02:38 < electricmilk> I apologize but I have to go. Keep trying someone in here will likely help 02:38 < electricmilk> but wait 02:38 < electricmilk> check the DHCP settings on your router 02:38 < electricmilk> I was thinking they wouldn't conflict if you have your router set to a different subnet 02:39 < electricmilk> Have a great night guys 02:39 < Project86__> No one has even tried to help me, they just made a comment about breaking the network and wouldn't explain.. 02:39 < Ruflexo> bridging routers wirelessly often gives very poor experiences 02:40 < Project86__> Such as? 02:41 < Project86__> And I suppose as an alternative, I could have one pi3 act as router with hidden AP, and just connect to via the 2nd one, couldn't I? 02:42 < Ruflexo> The least of them being it cuts your bandwidth in half because either you are both using 2.4ghz for data transfer and bridging or you are transfering data via 2.4ghz and use 5ghz for bridging (bad because it limits your 5ghz to 2.4ghz speeds) or you use your 5ghz for data and use your 2.4ghz for briding (still bad because you are limited by the 2.4ghz bridging speed) 02:43 < Ruflexo> I have a wireless bridge at my parents' attic, and whilst its okay there are semi frequent moments where it will have no connection the the main router and thus the internet 02:59 < Project86__> I see. But I don't need internet 03:00 < Project86__> I just need to control one, from the other. 03:02 < Project86__> I have Kali linux on pi3 (the one that will be the router), most analysis tools (like airmon-ng suite, doesn't need internet to monitor data) 03:02 < Project86__> I just want to control it from a distance 03:03 < Project86__> And if I do need Internet, I will connect it via one of the pis 03:08 < simbalion> Is it possible to create a static route so a machine on 10.100.100.0/24 can reach 192.168.100.0/24? 03:12 < qman__> If there's a router that kniws how to get there, sure 03:14 < simbalion> nvm I worked it out heh sorry to bother 03:43 < Project86__> K 03:51 < jvwjgames> hello 03:51 < blaster> Is it possible to use iptables on a remote server to relay SMTP through another port if your ISP blocks outbound SMTP? 03:51 < jvwjgames> I am having an issue with trying to get to 162.220.209.51 03:52 < blaster> Would iptables forwarding work for that? 03:56 < Poster> It sort of depends what you're trying to do, if you want to accept SMTP traffic on some high port and bring it down to port 25 on a local system, yes 03:57 < qman__> If you're trying to run public email, no, that won't work 03:58 < qman__> The problem is that the rest of the internet knows mail is port 25 and will only send you mail on that port 03:59 < Poster> Yeah what I was referring to was delivering mail to a specific system somewhere, not the Internet in general, 25 is it for public exchange 04:00 < xamithan> Thats why lots of email servers do port 567 04:00 < xamithan> Er 587 04:01 < jvwjgames> I am just wondering why 162.220.209.51 won't respond anymore 04:01 < jvwjgames> i have traffic route correctly through .37 04:01 < qman__> No, 587 is the mail submission port for mail clients 04:01 < qman__> 25 is for public mail routing 04:21 < Holo> Poster: port forwarding 04:27 < jvwjgames> is there a way for me to know if a subnet got routed correctly 04:27 < dogbert2> look at the routing table? 04:38 < jvwjgames> even though the subnet route is controlled by dev ops in the data center 04:42 < light> run a trace 05:17 < a|3x> i have tcp6 port bound on :::* listed in netstat output on my ubuntu server, supposedly connecting to it using ipv4 should work, but it doesn't, whats wrong? 05:17 < skyroveRR> a|3x: which process is it? 05:19 < a|3x> skyroveRR, "tcp6 0 0 :::80 :::* LISTEN 3642/docker-proxy" 05:20 < skyroveRR> Dunno much about docker, sorry. 05:20 < a|3x> this issue is not docker related 05:21 < a|3x> i can connect to it from within the host 05:21 < a|3x> but not from outside 05:21 < a|3x> tcpdump from within the host shows syn packets but no responses 05:21 < a|3x> so it seems to me the kernel does not forward ipv4 connections on port 80 to tcp6 socket 05:22 < a|3x> there is no connection refused message either 05:22 < a|3x> its like the packets are dropped 05:22 < skyroveRR> What about the firewall on the host? Is it generous or restrictive? 05:23 < a|3x> i flushed the iptables, there is nothing 05:24 < a|3x> from remote host: curl ip:80 -> No route to host curl ip:81 -> Connection refused 05:26 < a|3x> there is a response reset packet for a port 81, but not 80 05:26 < skyroveRR> What's invoking docker-proxy in the first place? 05:27 < a|3x> i guess docker service 05:29 < a|3x> the thing is, curl ip:80 works on the host 05:29 < skyroveRR> Using what options? 05:29 < a|3x> its just that it doesn't work remotely 05:31 < a|3x> not sure, /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.17.0.5 -container-port 80 05:32 < skyroveRR> Replace 0.0.0.0 with the LAN IP? 06:15 < blaster> Poster, q__man: It's a private mail server, and we plan on keeping port 25 open for public mail connections, but for developers who are working on a residential connection oftentimes they can't test mail using our server because port 25 is blocked by many ISPs. 06:15 < blaster> So we also want to accept SMTP on an alternate port for that use case. 06:16 < blaster> I was hoping to use iptables forwarding to achieve that. 06:17 < skyroveRR> blaster: how about ports 465/587? 06:19 < blaster> Well yeah I'm just providing an example we actually only use SSL/TLS anyway. 06:32 < grawity> port 25 isn't for client->server connections anymore, anyway 09:08 < vi-config> Hello everyone. I am about to build a multicore cluster of VPN servers connected with ethernet. Is MPJ Express the most recent library for this? It's 2 years old, but still the most recent thing I could find. 09:09 < vi-config> Gar. Scratch the VPN and replace it with VM. 09:16 <+pppingme> vi-config are you trying to do vm's or parallel computing? 09:16 < vi-config> parallel 09:16 < vi-config> SMP 09:18 < vi-config> Basically I need to run one jar application with as many resources as I can put together. Open to suggestions. 09:18 < vi-config> It needs 1 TB memory and 64 cores, recommended minimum. My ISP only offers VMs 1/4 that size 09:19 < vi-config> And it's a competition so I want to come up with the most robust solution 09:21 < Gollee> not a networking topic really 09:21 <+pppingme> trying to achieve "core count" by running vm's on the same hardware is self defeating 09:21 <+pppingme> so one instance requires 64 cores? 09:21 < skyroveRR> What's a core count? 09:22 <+pppingme> or you launch an instance per core or what? 09:22 <+pppingme> skyroveRR multiple cores 09:23 <+pppingme> sounds like he's trying to emulate cores by launching vm's (presumably on the same hardware), yet he claims he needs the performance of actual cores 09:23 < skyroveRR> I know that, but in the case of VMs, what's really a core count? Assigning cores to a VM? That's allocating N number of cores to a VM? 09:23 < vi-config> Yes, one instance, 64 cores 09:23 <+pppingme> 64core boxes are NOT common 09:23 < vi-config> No separate machines 09:24 <+pppingme> if you're talking separate machines, then that alone says you are talking multiple instances.. 09:24 <+pppingme> do you understand the concept of an instance? 09:25 < vi-config> Perhaps not. I have one jar file that needs 64 cores. They will be spread out over several machines. They will all use the same data directory for output. Isn't that the same instance? 09:26 < vi-config> they all have to participate in one large calculation 09:26 <+pppingme> instance in parallel computing generally refers to how many "copies" of an app are running 09:26 <+pppingme> at minimum, if you have two boxes, then you'd have to have two instances.. 09:26 < vi-config> I'm planning on using NFS to share the same copy 09:26 <+pppingme> generally, if the instances are single threaded, then you'd run one instance per core.. 09:27 <+pppingme> there is simply no way to run a single instance across two separate boxes, regardless of how many cores it can handle 09:28 <+pppingme> most parallel computing runs one instance per core, even if they are all ultimately sharing the same data store 09:29 < vi-config> how would you suggest I expand a 16 core machine running one instance? 09:29 <+pppingme> find a 64 core box 09:30 < mAniAk-_-> aws and other places have bare metal boxes as well 09:30 <+pppingme> with that question though, I'm still not sure you get the concept of an instance 09:30 <+pppingme> mAniAk-_- well, they emulate it, and they are good at it.. 09:31 < vi-config> Well I'm confused because I thought on my one machine I was running one instance of the app 09:32 < vi-config> Well I'm confused because I thought on my one machine I was running one instance of the app on all 4 cores 09:32 <+pppingme> let me give you an example.. this gets a bit away from parallel computing, but follow this.. 09:32 <+pppingme> you familiar with boinc? 09:32 < linux_probe> heh 09:32 < vi-config> no boinc 09:33 <+pppingme> you don't know what boinc is? 09:34 < vi-config> No that's the first I've heard of it, but it seems very applicable 09:34 <+pppingme> ok, I don't know if I can explain this if you aren't familiar with it, it was going to be my example 09:35 < vi-config> I'm familiar with running SETI though and I think that's very different 09:35 <+pppingme> when you get down to it, most parallel apps are single threaded, and only run on a single core.. 09:35 <+pppingme> seti is a boinc project, and has been for like 10 years.. 09:36 <+pppingme> have you looked at seti in the past 5 years? 09:36 < vi-config> Right, and what I understand is that when each person runs SETI they are working their own little space of the computing domain 09:36 < vi-config> No it's been almost 20 since I ran SETI 09:36 <+pppingme> looking at it too comlicated.. its even simpler... 09:36 <+pppingme> although 20 years ago, multi core computers weren't common 09:36 <+pppingme> so may be hard to explain.. 09:37 <+pppingme> clear your mind.. 09:37 * linux_probe yells BOINC BOINC 09:37 * skyroveRR silently listens 09:37 < vi-config> I appreciate this 09:37 <+pppingme> seti, and practically every other boinc project is (important concept here) single threaded.. 09:37 <+pppingme> basically (assuming a cpu intensive app), if you launch it, its going to max out one core, while all other cores remain idle.. 09:37 <+pppingme> make sense? 09:38 < vi-config> yup 09:38 <+pppingme> ok, lets say you have an 8 core cpu (for our example, we are ignoring hyper threading and not making a distinction between multi core and multi cpu on the same motherboard) 09:39 <+pppingme> if you want to max out that computer, you'll launch 8 **INSTANCES** of seti 09:39 <+pppingme> make sense? 09:39 < vi-config> y 09:39 < vi-config> I'm trying not to jump ahead of you and say that my app is multi threaded with several processes. 09:39 <+pppingme> if you have two 8-core boxes, then you'll launch 8 instances on each box for a total of 16 instances 09:40 < vi-config> Still with you 09:40 <+pppingme> as for a multi-threaded app, it makes no sense to have it use more threads than cores available (again, setting aside discussion of hyperthreading) 09:40 <+pppingme> does that make sense? 09:41 < vi-config> yes 09:41 <+pppingme> an app on one computer can't magically use cpu/memory on another computer.. it just doesn't work like that (at least not in the x86 world) 09:41 <+pppingme> if you want to run an app across two boxes, then you launch an app on each box, and you provide a way for them to talk to each other 09:42 <+pppingme> this can be through messaging, or, if needs are fairly simple, may be possible just by pointing all instances to the same data store.. 09:42 <+pppingme> if app is truly multi-threaded, then running one instance per physical box may be enough 09:42 < vi-config> OK. Now we're actually back to where I was a week ago when I thought it was best to run one app on each box. But I didn't think that was right. 09:43 <+pppingme> if app isn't truly multithreaded, then its generally accepted standard to keep it single threaded, and run one instance per core 09:43 <+pppingme> most massively parallel apps are actually single threaded 09:43 < vi-config> You know, this might be a lot easier solution than I thought. I might just be able to share the data directory across all machines, and then launch the app on each box? 09:44 < vi-config> I thought for sure that was gonna cause conflicts. 09:44 <+pppingme> you have to look at how it uses the data, if you need to do any kind of record or file locking, semaphore flags, or whatever.. 09:45 < vi-config> Well I would get to separate the threads that way, but most threads are minimal housekeeping. One thread does a huge computation 09:45 <+pppingme> how are you handling this in your "multi threaded" situation? 09:45 <+pppingme> whatever you're doing, its probably not a hard concept to extend the same concept across multiple instances 09:46 <+pppingme> if you only have one compute thread, then your box is sitting mostly idle.. 09:46 < vi-config> Well it's not my app, and it's a beast that I won't be able to grok any time soon 09:47 < vi-config> So if they recommend 64 cores for what is essentially one process, then it pretty much says that it its multi threaded. 09:48 <+pppingme> one might assume, or one might verify they aren't supposed to launch 64 instances of the app, and they are recommending 64 cores based on your workload 09:48 < vi-config> I can't say how much I thank you for helping me understand the general challenge I'm facing. 09:50 < vi-config> I know one company is clustering 150 servers, but I guess they are doing a hardware cluster with a hypervisor 09:52 <+pppingme> cluster is actually a vague term, but in most cases it simply means multiple boxes using a common shared storage network of some sort 09:54 <+pppingme> in the vm world (which you aren't doing) a "hypervisor" would run on each physical box (defining that as each motherboard), controlling the "vm's" that are running under it 09:55 <+pppingme> often talking to each other, and able to "stop" an instance on one box, move the memory bits to another box, then "restart" that instance on the new box (only talking about vm's here).. 09:55 <+pppingme> often, other types of clusters are simply about multiple paths to the very same data.. for example an sql cluster.. 10:03 < vi-config> Exactly, I have been using VM cluster concepts for a different parallel situation 10:03 < vi-config> Yeah, this is not at all like a sql cluster. I know MySQL very well. 10:15 <+pppingme> from your description, its probably more like a sql cluster than you realize.. 10:31 < vi-config> So no, that didn't work, running the same app on two machines sharing the same data directory 10:37 < High_Priest> hi guys, any ideas on how to debug dig that is not able to resolve stuff? (host and nslookup commands work fine) 10:37 < trae32566[w]> use verbose flags and direct it at specific resolvers 10:40 <+pppingme> High_Priest you have the working stuff in your hosts file? 10:41 < trae32566[w]> I don't remember if dig uses hosts 10:41 <+pppingme> vi-config the app would need to be aware its sharing data 10:41 < trae32566[w]> I checked, they don't 10:41 < High_Priest> pppingme, I don't have any custom entries in /etc/hosts 10:41 < trae32566[w]> /etc/hosts is not something checked by dig or nslookup 10:42 < trae32566[w]> nor is /etc/nsswitch.conf 10:42 < High_Priest> the thing is, dig doesn't work at all 10:42 < trae32566[w]> they're designed for testing resolvers specifically, *not* local config 10:42 < trae32566[w]> did you try specifying the resolver? 10:42 < vi-config> Yeah, I wonder how that is done. I think I have to write a C file to share the data / run multithreads and then rebuild the jar 10:43 < vi-config> Is there a different channel you could recommend? I hate to keep clogging this one up 10:43 < ice9> when a machine is connected to a network, the first thing is negotiated is the IP or the MAC? 10:44 < High_Priest> trae32566, yes, I have tried using local dns servers, and google's: https://paste.debian.net/1026354/ 10:44 <+pppingme> High_Priest dig should return errors or something.. pastebin the output you are getting from dig 10:45 < High_Priest> ice9, MAC is not negotiated, MAC is built-in on the NIC 10:45 < High_Priest> pppingme, https://paste.debian.net/1026354/ 10:45 < ice9> High_Priest, right, i mean communicated between the machine and router or the switch 10:45 < trae32566[w]> wait 10:46 < trae32566[w]> you said dig didn't work, but it looks to work fine 10:46 < trae32566[w]> so I'm confused here 10:46 <+pppingme> High_Priest all looks good to me.. 10:46 < trae32566[w]> ^ 10:46 < trae32566[w]> what were you expecting to see that you didn't? 10:46 < High_Priest> answer section with an IP ? 10:47 < trae32566[w]> ;; ANSWER SECTION: www.google.com. 258 IN A 172.217.18.68 10:47 <+pppingme> on the last dig you got one.. 10:47 < trae32566[w]> looks fine to me 10:47 < trae32566[w]> yeah 10:47 < trae32566[w]> it's your local resolver causing the issue 10:47 <+pppingme> ^^^ is from: dig www.google.com @8.8.8.8 10:47 < High_Priest> right 10:47 < High_Priest> it's the local one 10:47 <+pppingme> Server: 192.168.8.11 is saying: ;; WARNING: recursion requested but not available 10:47 < trae32566[w]> if you notice, the dig against your resolver, 192.168.8.11, is what's not returning it. 10:47 < trae32566[w]> yeah 10:47 <+pppingme> thats an issue with **THAT** server 10:48 < trae32566[w]> enable recursion. 10:48 < trae32566[w]> most likely just a config change in /etc/named.conf 10:48 < trae32566[w]> (on the resolver, that is) 10:49 < High_Priest> that's windows dns server 10:49 < trae32566[w]> oh. Good luck :) 10:49 < High_Priest> :D 10:50 <+pppingme> hmm... try: dig +noedns www.google.com 10:50 < High_Priest> it's working 10:51 <+pppingme> from what I've seen/heard, thats a bug in ms dns server 10:51 <+pppingme> let me guess, older ms server? 10:51 < High_Priest> right 10:51 < High_Priest> lemme ask which one exactly 10:51 <+pppingme> 2000 10:51 < High_Priest> 2008 R2 10:52 <+pppingme> https://kevinlocke.name/bits/2017/01/20/formerr-from-microsoft-dns-server-for-dig/ 10:54 < High_Priest> pppingme, thanks, that's it 10:55 <+pppingme> here's a ton of more links and more digging you can do into it, seems MS has released a patch for some instances: 10:55 <+pppingme> https://social.technet.microsoft.com/Forums/ie/en-US/4aea5fd1-4a79-4b8e-9f01-bc7d47d15da9/windows-server-2008-issue-with-dns-queries-that-contain-edns0-section?forum=winservergen 11:21 < TandyUK> anyone here used cobbler for deployment of debian systems? Im having a real hard time getting cobbler to build _any_ preseed file 11:27 < amosbird> hi, how can I find out all the ips used by gist.github.com ? 11:38 < v0Lk> amosbird: you could do a whois lookup and there would be a range of IP's or known IP's 11:40 < bezaban> wth hetzner :( 11:40 < linux_probe> poois/pooisnt 11:40 < bezaban> lost two machines for a while, think they're both in fra. Then one had rebooted and had no ipv6, the other just came back 11:40 < bezaban> power outage? 11:41 < bezaban> interestingly I just set up monitoring of these machines yesterday, so I was probably asking for it :P 11:42 < avu> same thing for me. machines kept running though, just didn't have network 11:45 < bezaban> ah right, both of mine are ion falkenstein, that they've reported a power outage at 11:45 < amosbird> hmmm 11:46 < amosbird> https://la.wentropy.com/IIMZ 11:46 < amosbird> iperf3 shows 100Mb bandwitdh over tunnel 11:46 < amosbird> however a simple curl download is limited to 10kb 12:31 < Meta> Without setting IP addresses on the switches, is there any way to confirm that all switches have synced the same VTP database? 12:31 < Meta> I've got this output: Configuration last modified by 0.0.0.0 at 3-1-93 00:05:36 12:32 < Meta> The 3-1-93 00:05:36 part is the same on all switches but I think it's a timestamp. 12:32 < djph> last config was 1993?! 12:33 < Meta> It's a virtualised environment, I haven't bothered setting up a clock. :P 12:50 < dogbert2> hey djph 13:08 < djph> yo 13:12 < Meta> Turns out I don't think you can tell any other way than management IPs. Good to know. 13:12 < Arpanet69> fortinet nse 1 - 3 what a time waste 13:17 < audia5> iam just Reading the news paper some millionaire calls a car company iam coming with helicopter to buy a car , give me place to park my helicopter :) 13:32 < spaces> why does a whole crowd @ a google conference yelling like they are getting a hard one when they are shown an new google feature ? 13:33 < djph> because google 13:33 < djph> same as an apple conf 13:33 < spaces> indeed, bunch of children 13:35 < djph> I mean, a msft conf, you just hear a lot of people grabbing their ankles, so ... 13:36 < spaces> what do you mean ? 13:36 < dogbert2> if you're getting a stiffy at the wonders at these conferences, you ain't getting laid enuf :P 13:37 < djph> microsoft people are used to the reaming, so rather than cheering and getting a chubby, they just get ready for taking whatever msft shoves their way again 13:37 < spaces> of only know it from VR :P 13:38 < spaces> djph you mean the 365 fancy consultants ? 13:46 < shtrb|laptop> Anyone have an idea about " encrypt_transmit: encrypt_transmit" HTTP headers ? 13:47 < shtrb|laptop> message body seems to be encrypted (link over HTTP and not HTTPS but headers are sent in clear) 13:49 < cheapie> ...no, but apparently "Content-Language: tlh" is a valid header because that is a thing for some reason. 13:50 < shtrb|laptop> It just, I have never seen encrypt message body but skip HTTPS 13:51 < djph> I have, although it's usually a fully plaintext http transfer with encrypted content (e.g. transferring a pgp-encrypted file) 13:51 < shtrb|laptop> djph, It is a webui, but nice think to learn 13:52 < djph> that's some weird shit then :) 13:52 < shtrb|laptop> Yes 13:54 < shtrb|laptop> I thought wireshark had a bug at first when I got: HTML Form URL Encoded: application/x-www-form-urlencoded Form item: "19d5fd7db4af447fbc9ad76bc7547e1b2da... 14:16 < shtrb|laptop> If the person who thought about that great idea of not releasing the API or using that ever arrive here, I wish you to be an xfinit customer for all your services 14:17 < djph> huh? 14:17 < djph> the API for what? 14:18 < shtrb|laptop> for the router (WebUI) 14:18 < djph> why should a closed-source application make any APIs available to you? 14:19 < djph> also, it's obviously a pretty basic hash, since your end can decrypt it without anything special 14:19 < shtrb|laptop> I thought it is the norm 14:19 < djph> not really, no. 14:19 < djph> I mean, some closed-source applications do. Others don't. 14:20 < shtrb|laptop> djph, I see 14:20 < djph> Open Source, on the other hand ... well, it provides the sourcecode :) 14:21 < shtrb|laptop> I would not be surprised if they released the code, and obfucsed that in brainfuck or something like that 15:03 < ALowther> Behind my modem, I have a .3.x network and then a .11.x network plugged into the .3.x network. The .11.x network has been assigned an .3.x IP. I want to contact a device on the .11.x network from the .3.x network. The .3.x network is a Linksys, what should I be thinking about to make this work? I just need to make a rule in the routing table to send all traffic for .11.x through the port where the .11.x router is plugged in, right? 15:03 < djph> a better router so you're not having to NAT between your two networks 15:04 < ||cw> ALowther: depends if you're doing NAT or routing. a basic linksys is going to do NAT by default, and unless it's running dd-wrt or openwrt I'm not sure you can change it 15:07 < djph> ||cw: Even there, I think the Linksys isn't going to be capable of adding another route 15:07 < ALowther> ||cw: Hmmm, I'm not familiar enough with routers. Idk what dd-wrt or openwrt are. 15:07 < djph> well, depending on how stripped-down of a *wrt instance you need. 15:07 < ALowther> Okay, bummer. 15:08 < ALowther> Am I not able to do something with a VLAN to handle this? 15:08 < djph> why do you need two networks anyway? 15:08 < ALowther> One is for a VPN 15:09 < djph> err, what? 15:10 < djph> anyway, just get something halfway decent; like a Ubiquiti EdgeRouter (etc.) that can do everything you need in one box (alternatively, mikrotik, pfsense, etc.) 15:11 < ALowther> One router handles VPN traffic that allows me to connect to other remote devices(This one is a mikrotik). The Linksys is for regular internet access when guests come over or other random devices that can't access the VPN. 15:12 < ALowther> I didn't configure the VPN network....but in saying that, I am thinking now that I could configure a VLAN on the MikroTik that could allow certain devices access to the VPN and allow other guest devices to safely connect to the same router, but on a different VLAN that does not give them access to the VPN. Am I on the right track with that thinking? 15:14 < ALowther> Also, the consensus seems to be that Linksys routers are not great for configuration? 15:16 < tds> ALowther: what do you mean by VPN network; does one network have all its traffic routed over a VPN or something, or are there some devices which are connected over VPNs that are only accessible from the network behind a router? 15:17 < tds> either way, you should be able to do it all fine on one router, for the first scenario you want policy routing, second one is just plain firewalling 15:19 < ALowther> tds: My family members all have routers at their homes so that we can access one another's internal networks. This is all done through the VPN. However, I don't want a friend, or my Amazon Firestick, or any other device to have unnecessary access to that network. 15:19 < shtrb|laptop> Is that one of the VPN gateway applience (a small router that has a vpn that pushes a default gw via the vpn service) 15:19 < shtrb|laptop> ? 15:20 < tds> ALowther: ah yeah, just running it all on one router, different subnets on different VLANs and firewalling appropriately would sort that then 15:20 < ALowther> It's a completely internal VPN, we aren't using a 3rd party service. Sorry if that was unclear. 15:22 < ALowther> tds: Okay, thanks. I've never configured a VLAN before. Should be a nice new venture. Assuming I properly configure it, my understanding is that two VLANs can be handled by the router completely separate and no-cross traffic will be allowed(unless I configure it that way). Everything can be secure that way, correct(If I properly configure it)? 15:23 < tds> ALowther: correct - the networks are isolated at layer 2, you can only pass traffic between them routed via the router, which can then firewall as well 15:23 < djph> bearing in mind of course, you need a sane router (i.e. not linksys, or other "consumer grade" router for the most part) 15:24 < shtrb|laptop> ALowther, are network delivered over WiFi or cable ? 15:24 < tds> well, you might be able to do it with openwrt/similar on a consumery router 15:25 < ALowther> djph: I should be able to handle with with a MikroTik, though, correct. It was actually recommended to me by the MikroTik channel to use a Raspberry Pi for the VPN instead of a MikroTik. Can I handle all of this on a PI and use that as my main router? 15:25 < djph> tds: yeah "it depends" is about the best you can say about them though. 15:25 < ALowther> shtrb|laptop: Both, some devices are CAT, some are Wifi. 15:26 < tds> a pi will make a pretty miserable router in terms of performance, you might be able to make it work if you really want to though 15:26 < djph> I wouldn't use a rpi as a router. OpenVPN server with some special iptables rules handling the VPN clients into your network, sure. 15:26 < shtrb|laptop> ALowther, in case of WiFi you will need differend SSID to be safe 15:27 < djph> although, it kinda sounds like you really want a bunch of site-to-site VPNs 15:27 < ALowther> djph: They told me that with OVPN on a MikroTik you are only getting about half of its capabilities. Personally, I have no idea. That is just what they said. 15:27 < djph> they might be telling the truth. if it was on the router, I'd personally go with ipsec 15:27 < shtrb|laptop> tds, but depending on how many clients he actually have (hostapd is not that bad) 15:27 < djph> although, that DOES kinda require static IP addresses 15:28 < grawity> ALowther: well yes, RouterOS doesn't do OpenVPN over UDP for example, and that's already quite annoying 15:28 < shtrb|laptop> ALowther, what half ? what does it even mean to get half /some percentage of the router ? 15:28 < ALowther> This is just my personal network. 15:28 < djph> shtrb|laptop: ovpn is CPU-bound. mikrotik (etc.) routers tend to use some variation of "offload" 15:29 < ALowther> shtrb|laptop: I can't speak to that. I don't think they were saying I get half the router, I think they were saying I only get half of OpenVPNs capabilities. I don't know for sure. Just saying that here in case the context helps. 15:29 < djph> only "half(tm)" the router's capabilities, since oVPN cannot be offloaded. 15:29 < ALowther> djph: Ah okay 15:29 < ALowther> I've got to run, thank you all for your thoughts. I'll be back later. 15:29 < shtrb|laptop> Having several openvpn installation , I honnestly can say I have never used ALL openvpn option but just a subset of them (I even had it run over a pi) 15:30 < tds> iirc the mikrotik's only support openvpn in tcp mode, not udp, maybe? 15:30 < djph> that's weird, since oVPN is udp by default. 15:30 < tds> indeed, and stacking tcp on tcp isn't fun 15:30 < shtrb|laptop> That is not that bad (for non critical mission access) 15:30 < ALowther> Also, I don't know what good specs to handle personal traffic, but the 3b+ model of the PI doesn't seem to have too bad of specs. Still don't think it will be good for performance? 15:31 < shtrb|laptop> Depend on the amount of traffic and users 15:31 < djph> ^ 15:31 < shtrb|laptop> hostapd (if you need only that) and openvpn service are not that bad, dnsmasq and bind are MUCH slower 15:32 < ALowther> Maybe 2-3 users. I live alone. If friends are here, Netflix is streaming, I am on google and I ask alexa a question, that is maybe my max load. 15:32 < shtrb|laptop> If you plan to run your radius service on the same device , you are to be blamed for the speed 15:32 < djph> ALowther: forget about the RPi as a router. 15:32 < shtrb|laptop> don't know about Alexa , but that should be ok 15:34 < tds> I'd agree with djph that for a reliable network a pi likely isn't the best choice, if you like that kind of thing then you could go openwrt, or get a little linux box as a router and a separate AP 15:36 < djph> Ubiquiti makes some real nice "little linux box" routers and separate APs 15:36 < djph> :) 15:36 < djph> I've seen 'tiks, but haven't really worked with their kit much 15:37 < ALowther> I'll look into it. Thanks. 15:43 < Lighthammer> Hello all. Anyone worked with switch port POE(power over Ethernet) 15:44 < Lighthammer> 802.3af 15:44 < regdude> it is a standard that every vendor has differently implemented it 15:46 < Lighthammer> regdude: was wondering if there is a power signature reference template already defined that attempts to identify the connected endpoint 15:47 < Lighthammer> Based on the attributes defined as part of the std 15:48 < regdude> Lighthammer: it checks the resistance between Ethernet pins, if it matches the resistance range, then it powers up the device using something between 48-57V, but there is more that is happening before it powers up fully 15:49 < regdude> there should be a citcuit already made that it designed to trigger 802.3at/af 15:51 < tds> I think you can signal it via other mechanisms as well (eg lldp maybe?) 15:53 < regdude> LLDP? Not sure why you thought it like that, but 802.3at/af is more of physical protocol and works before device is powered on 15:55 < djph> LLDP comes later, and lets a device upgrade from mode1 to mode3 (or whichever order means "hey, gimme more powah") 15:56 < tds> ah yeah, I was being stupid, that was what I was thinking of 15:58 < regdude> How often have you seen 802.1Q inside 802.1Q and how often 802.1Q in 802.1ad?That is, customer VLAN inside customer VLAN rather than customer VLAN inside service VLAN? 16:00 < Donjuanal> regdude: a lot of vendors I've worked with don't support the ethertype for 802.1ad, so it's usually several c-tags 16:01 < regdude> Donjuanal: can I know which vendors are those? 16:01 < Donjuanal> regdude: by not support I more mean they aren't configured to support it, not that they don't have the capability. 16:01 < Donjuanal> Cox, GTT, Windstream, Cogent, just to name a few 16:02 < Donjuanal> our gear also isn't configured to support 88a8 ethertype for 802.1ad do it's just several c-tags for our point-to-points that have multiple tags 16:03 < regdude> I see, it does seem to be a quite old protocol, draft made back in 2002, but for some reasons not many vendors have adopted it, like you said 16:03 < Donjuanal> for instance we have some cell tower sites that go TowerSite->provider NID->Our NID->Our Core via MPLS->Provider Handoff->??? 16:04 < Donjuanal> it's very relevant in MEF but in real world i don't see it used often 16:05 < Donjuanal> so for the cell tower sites you have the ctag from the tower, encapsulated in their provider tag, which gets encapsulated in our tag and then put into an mpls label and labelswitched to the other end for the provider handoff, so thats 3 tags, all customer tags with ethertype 8100 17:38 < lakiluki> Can anyone explain the DHCP offer in this capture? I released my IP address and the wanted to renew it, but the second, DHCP offer address is already sent to my IP? Shouldn't this go to the broadcast? 17:38 < lakiluki> https://ptpb.pw/zzem.png 17:40 <+catphish> lakiluki: dhcp offers are sent to the offered IP 17:40 < djph> lakiluki: nah, since the DHCP server and the client are talking directly via MAC address (so it doesn't matter that the DHCP server is sending an IP (L3) packet to a non-existent device yet) 17:40 <+catphish> the destination IP is pretty irreverent at this point since nothing is reading it 17:41 <+catphish> but according to https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol#DHCP_offer - the offered IP is used as the destination 17:43 < lakiluki> Oh okay, that makes a lot of sense. I just kind of assumed those would go to broadcast, but this makes sense. So, the DHCP discover message goes to broadcast and then the DHCP send the DHCP offer message directly to the client asking for it, right? 17:43 < djph> you're looking at the wrong layer. 17:43 <+catphish> lakiluki: the IPs are totally irrelivent 17:43 < regdude> yes, but it sends it using the MAC address 17:43 < regdude> 2 packets are in broadcast, 2 packets are in unicast 17:43 <+catphish> lakiluki: you need to look at the MAC addresses on those frames to see where they will actually go 17:45 <+catphish> but it's worth noting that the requests are send to the broadcast mac (and the broadcast IP reflects this) whereas the replies are send directly to the appropriate host (so the unicast IP reflects this) 17:45 <+catphish> but those IPs are purely indicative, they're not technically used for anything at all 17:45 < lakiluki> I understand they're irrelevant at this point, but I'm just trying to understand what is set as the IP in those message at that point, not what is actually used. 17:45 < lakiluki> capphish: That's what I was looking for, thank you! 17:45 <+catphish> sure, well see the wikipedia page a linked, it shows the IPs used in each packet 17:46 < lakiluki> Yeah, I see. Thanks :) 17:46 <+catphish> basically when a real MAC is used, a real IP is used, when a broadcast MAC is used,a broadcast IP is used 17:46 <+catphish> so it keeps things consistent 17:46 <+catphish> even though it may seem confusing on the face of it 17:47 < spaces> catphish are you hobbying again today ? 17:47 <+catphish> note that in the requests, the source IP is a unicast IP, but it's 0.0.0.0 because the host desn't know its real IP yet 17:47 <+catphish> spaces: what are you talking about? 17:53 <+catphish> spaces: have you considered going away, and not bothering me any more? 17:54 < Lighthammer> regdude: thx for the response earlier 17:58 < spaces> catphish not considered, isn't your work your hobby ? 17:58 <+catphish> spaces: depends what i'm going 17:58 <+catphish> *doing 17:59 < spaces> okay 17:59 < spaces> catphish about what you're going.... you mean.. you are on Crystal Meth or XTC the other day ? :P 18:00 < spaces> and going home is always good :D 18:00 < regdude> I guess everyone here that is working is doing a job related to a hobby, how else would anyone tolerate slow internet complains 18:00 <+catphish> yeah, leave me alone 18:01 < spaces> lol 18:01 < spaces> ok, to the channel... Leave catphish alone please! 18:02 < spaces> it's always fun that people who are in a crowd telling everyone to leave them alone where they can easily fix their own problem by leavving themself :P 18:02 < spaces> leaving 18:17 < zxd> have you ever experienced problem playing games online while downloading a torrent or downloading something 18:17 < skyroveRR> Yes. 18:19 < zxd> I think I have a solution 18:19 <+catphish> solution: don't saturate the connection 18:20 < zxd> on a previous company I worked for I fixed all their realtime traffic using QoS ssh, udp traffic like online gaming etc to have no delay 18:20 < zxd> Was wondering if people would pay 5$/mo for a serice that would guarantee smooth gaming experience (no affected delay ) while still downloading torrents and such at full speed simultaneously 18:21 <+catphish> that's dumb, pretty much all torrent clients have rate limit controls 18:21 <+catphish> it's easy to throttle within available bandwidth and avoid the problem 18:22 <+catphish> it's actually quite difficulty for an external service to do this automatically 18:23 < zxd> need a device on both ends of a pipe 18:23 < regdude> I have seen preconfigured home routers that charge way more then they should for predefined QoS 18:23 < zxd> between customer and ISP 18:23 < regdude> and call them as gaming ready routers 18:23 < zxd> or customer to a near site VPN 18:23 <+catphish> none of this is necessary if you just don't saturate your connection 18:24 <+catphish> but for this to work as an external service, it would have to know the speed of your connection both ways 18:24 <+catphish> of course, the best option is a QoS router at both ends of the slowest pipe 18:25 < zxd> catphish: I was thinking that maybe you would prefer to yes saturate the full potential of your bandwidth and not have to worry to throttle traffic 18:25 <+catphish> zxd: well you can only do that if you have a QoS router at both ends of the pipe 18:25 < zxd> if per example you are using netflix or something your can throttle 18:25 <+catphish> which is hard to set up for a home user 18:25 < zxd> catphish: yes 18:25 < zxd> catphish: yes it's tricky 18:26 <+catphish> afaik it's impossible for any device that isn't physically connected to the bottleneck 18:27 <+catphish> afaik the only remaining option is to know the speed of the connection and throttle 18:27 < zxd> but if there was a service that did provide a solution would you pay $5/mo ? 18:27 < zxd> catphish: 18:27 < zxd> full solution 18:28 <+catphish> well i wouldn't :) 18:28 < zxd> :) 18:28 <+catphish> but if you can work out any way to do this, you'd be winning 18:28 <+catphish> i can't see how it's possible though 18:29 < Project86__> catphish: due to what I've gathered here from SporkWitch and others (like yourself), I went searching for tutorials on bridging 2 routers wirelessly. However, all of them point to going into your router (that has internet connection) webpage, and allowing bridging and set one ip to .1, and the other to .2. They suggest dd-wrt and the likes as well. However, I'm doing this on a pi3, and want them to be bridged 18:29 < Project86__> regardless of internet being available. 7:03:31 PM How do I do this when I'm not using my homes main router used for internet access? 18:30 <+catphish> actually there is one way, if each end of a tunnel constantly reported packet loss to each other 18:30 <+catphish> you should really assume you can't bridge through a wifi client 18:31 < Project86__> catphish: at me? And why 18:31 <+catphish> though it is possible if your main AP supports WDS and you know how to set up WDS in linux, and the wireless NIC allows it 18:31 <+catphish> Project86__: yes, you 18:31 <+catphish> and because wifi doesn't support it 18:31 <+catphish> except in WDS, a non-standard extension that may work with some APs if enabled 18:33 < tds> you can probably do horrible tricks with proxy arp to make it appear like a bridged connection if you really want to 18:33 < zxd> catphish: the way I see is to put a router at the customer and have it tunnel to another router on the internet close to him geographically, and have QoS configured on both ends 18:33 < Project86__> But I've found countless tutorials on doing it. It's just that they do it by going into router setting and iptables and change stuff around. I'm not doing it on my home router tho 18:34 < ntd> just don't with the dd-wrt 18:35 < ntd> you should be able to set up "lazy-wds" with any ath, brcm, mtk or intel wnic/radio though 18:35 < ntd> beware of the realtek 18:35 < Maarten> dd-wrt.... isn't that considered "vintage" these days? ;) 18:35 < ntd> should be. very 18:36 < ntd> just not in a cool way 18:36 < Project86__> I would just make one pi the router, and then connect to it with the other. But the distant one is also going to be my OpenVPN server, and the one I keep on me, the client. So I needed the 2nd one to also be a router so I can connect to my VPN, as well as control the distant one 18:36 <+catphish> zxd: that won't work :) 18:36 < ntd> ehm, pi3 you said? not the pi3b+? 18:37 < Project86__> ntd: I have both 18:37 < ntd> that radio (rather, the drivers for that radio) are crap 18:37 <+catphish> zxd: you need to understand what QoS does, and when you do, it will become clear why that won't work 18:37 < zxd> catphish: I know what it does 18:37 < ntd> you may be able to get it going with the nexmon drivers 18:37 <+catphish> zxd: then i don't understand why you think this would work :( 18:37 < Project86__> I was told on here how it could work... 18:37 < zxd> catphish: it will work if the end of the tunnel has a bigger pipe then the customer 18:38 < ntd> dunno about the pi3 wnic and wds/lazywds 18:38 < ntd> try lede/openwrt on it 18:38 <+catphish> zxd: i don't see how, what is it going to do to packets to somehow give games priority? 18:39 < ntd> qos? 18:39 < zxd> catphish: it's going to hold a buffer on the end of the tunnel to match the customer bandwidth pipe and rearrange the queue so that games packet go first the same from the customers router 18:40 <+catphish> zxd: right, and how does it know the customers downstream speed at that moment? 18:41 <+catphish> zxd: you are absolutely right about how QoS works, but in this case, i don't see how it can match the exact speed of the customer's download pipe 18:42 < zxd> catphish: it isn't hard to setup a script on the router when it boots or on demand that sends this information to the other end of tunnel 18:42 < Project86__> Well, honestly want to use the pi Zero W (with WiFi dongle) as the client router. But that has less power and such 18:42 <+catphish> zxd: you could do a speed test at boot, but network conditions change 18:43 <+catphish> zxd: the only way i can imagine this working is if you continuously reported packet loss in each direction, then you'd know any time you were saturating and back off accordingly 18:43 < zxd> catphish: they do, it isn't exact 18:44 < zxd> catphish: it would be ideal if the tunnel ends at the ISP and not go through more hops to some random router on the internet 18:45 <+catphish> but you'd have to throttle them at well below the capability of their connection, which rather defeats the point, then they could just do this themselves in their download manager 18:45 <+catphish> thinking in detail, i think you could do this smartly, with bidirectional reporting of losses 18:45 < Project86__> https://usercontent.irccloud-cdn.com/file/PrnpNCBx/Screenshot_20180515-142200.png 18:46 <+catphish> but otherwise, all you're doing is offering people a slightly slower connection than what they can get at the worst times of the day 18:46 < Project86__> In this convo, you agreed it could work 18:46 < Project86__> catphish: 18:46 <+catphish> Project86__: i said you could do routing 18:46 <+catphish> not bridging 18:47 < Maarten> Project86__, if it is within the same building, isn't it cheaper/better to just run a wire from A to B? ;) 18:47 < Project86__> Oh, so I need to route the 2 routers together, not bridge? 18:47 <+catphish> zxd: if you can do it well, it would be cool, but i don't think the answer is just estimating their speed and then reducing it a little 18:47 < ntd> not with lazywds 18:48 <+catphish> Project86__: yes, if you do that, it can definitely work 18:48 < ntd> it will just multicast over the bridge 18:48 <+catphish> you confused me by saying "bridging" 18:48 < Project86__> catphish: sorry. I've been looking at wrong tuts lol 18:48 <+catphish> but yeah, you can do this by just connecting the client to the AP, giving both an IP, and setting up routing 18:48 < zxd> catphish: network condition don't change that much if I have at the end of the tunnel a pipe with a 1GB bandwidth and the customer has 100mbit 18:49 <+catphish> zxd: that really really depends on the provider 18:49 <+catphish> i have 100Mbit, my ISP has zero contention, it's always exactly 100Mbit, but that's not the case for a lot of people 18:49 < Project86__> Maarten: neither are in a building. And I'm not running a 500ft etho cable lol 18:49 <+catphish> many people report congestion resulting in speed drops as much as 50% at peak times 18:49 <+catphish> from cheap ISPs 18:49 < zxd> I see 18:50 <+catphish> so IMO you need to constantly monitor lost packets, in the same way TCP does, and reduce the rate accordingly 18:50 < Maarten> Project86__, 500ft? I think you should probably also look beyond the wifi protocol at that point.... maybe a point to point wireless connection. 18:50 <+catphish> if you do, i think it could work 18:51 <+catphish> this would work with a directional antenna set up ahead of use 18:51 <+catphish> or a root mounted antenna with line of sight 18:51 < Project86__> Maarten: I've asked about wireless p2p, and was told routing would be easier. 18:51 <+catphish> there are other wireless protocols that may be slower than wifi and better suited to this too 18:51 < Project86__> Or be better rather 18:52 <+catphish> is it wireless p-t-p 18:52 <+catphish> but you want to use a Pi at one and and a generic AP at the other, so you're limited by what protocols you can use 18:52 < Project86__> Both ends will be a pi 18:53 < Project86__> And both will be set up as routers 18:53 < Maarten> Project86__, if you are looking for something cheap but reliable, look at something like this: https://www.neweggbusiness.com/Product/Product.aspx?Item=9B-0ED-0005-000K2 - you could be done for less than $150, and you'd have a 150 mbps link that goes further than 500ft..... 18:53 <+catphish> ok, well in that case you probably can use bridging, as both ends should be able to do WDS 18:53 < Project86__> With hidden ap 18:53 <+catphish> consider getting some decent antennas 18:54 <+catphish> or just buy decent hardware, even if its just some SXT 18:54 < Project86__> catphish: we discussed that, I have a 9db, and a 5db alfa dongle 18:54 <+catphish> g2g now, good luck 18:56 < Project86__> But how can a router connect to another router? I make the 2 AP connect? 18:57 < Project86__> I just need a good tut 18:59 < Project86__> I don't understand. Like I couldn't make the AP of one connect to the other, and then connect to client AP with my phone can I? Wouldn't the router have to have multiple APs? 19:01 < Project86__> I want to be able to ssh into client router (on person pi), and then ssh from that router, to the distant router to control it (like using airmon) 19:04 < Project86__> And if I can do that, I could also make distant pi connect to an internet source if I needed internet, and the internet connection would relay back to the one on person, giving me internet access far beyond the normal distance 19:07 < Project86__> (And the only reason I need the on person pi to be a router, is so that when connected to it, I'm also connected to my VPN without a cloud server) 19:28 < Project86__> Do i just need to ipforward from one to the other? 19:37 < djph> what're you trying to do? 19:39 < Apachez> invent the wheel? 19:44 < Aevum> anyone here has expiriance with huawei networking equiptment ? 19:44 < Apachez> somewhat 19:45 < Aevum> i start working for them on monday 19:45 < Aevum> they told me its basically the same as 3com 19:46 < Apachez> na 19:57 < Alexander-47u> hi all 19:58 < Alexander-47u> i have placed a network adapter into my raspberry pi, this network adapter has a network interface, but im connected to wifi and want to access the web service from my personal computer 19:58 < Alexander-47u> can this be done using iptables? 20:13 < Andrew_0010bit> There's not much that can't be done with iptables, honestly. 20:13 < Andrew_0010bit> You're going to have to paint a better picture of your setup, for one. 20:14 < Andrew_0010bit> If you have various switches and your PC is connected to a switch separate from the WiFi, I'd say you could use iptables to allow it to pass through one interface, but not the other fairly easily. 20:14 < Andrew_0010bit> VLANs would be EVEN easier, but I don't want to assume your technical prowess. 20:25 < Minnebo> Is there any channel where a question about SPF could go in? 20:26 < Apachez> assumption is the mother of all fuckups 20:26 < Minnebo> : D 20:26 < sawgood> Anyone know why the #ubiquiti channel is invite only (I'd like to ask them a question) 20:27 < sawgood> they have rough-hard to get ahold of support team (and) processes 20:27 < Aevum> have you registerd your nick ? 20:28 < sawgood> yes 20:28 < Minnebo> sawgood, you can pm me, I know some ubnt as well :p 20:29 < Apachez> dont do it 20:29 < Apachez> he just want your ass 20:29 < sawgood> thanks 20:30 < sawgood> Apachez who is Minnebo? 20:30 < Minnebo> not really, just offering help.. I have knowledge about ubiquity products 20:30 < zenix_2k2> one nooby question, is the term "port forwarding" and "NAT" the same ??? 20:30 < Minnebo> yes zenix_2k2 20:30 < zenix_2k2> they seem quite the same to me 20:30 < zenix_2k2> oh ok thki 20:30 < zenix_2k2> thk* 20:31 < Minnebo> zenix_2k2, actually it is not :p 20:32 < Minnebo> NAT actually translates traffic from a one IP to another. Like your wan to lan 20:32 < Minnebo> Port forwording does the same, but on port level 20:32 < zenix_2k2> oh com'on... 20:32 < sawgood> zenix_2k2: To me they are different, but to most they are the same thing 20:32 < zenix_2k2> Oh right, yea 20:32 < sawgood> PAT vs NAT (that old topic) 20:33 < Minnebo> But when you do like natting you mostly do one or the other 20:33 < qman__> Port forwarding is NAT 20:33 < zenix_2k2> more terms ? 20:33 < zenix_2k2> PAT < 20:33 < Minnebo> more terms 20:33 < Minnebo> as in? :p 20:33 < Minnebo> What do you wanna learn today ^^ 20:34 < zenix_2k2> well i never heard of PAT before 20:34 < sawgood> Is LEDE and OpenWRT going to re-marry again? 20:34 < zenix_2k2> better do some googling now 20:34 < zenix_2k2> so is there any other term that relate to NAT or PAT ? 20:34 < Minnebo> If I have like a:server1.domainx.com a:server2.domainx.com in my spf, can I replace both entry with include:domainx.com ? 20:35 < Minnebo> zenix_2k2, SNAT & DNAT 20:35 < zenix_2k2> oh ok 20:35 < sawgood> Minnebo: I like how EdgeOS (Ubiquiti) has both OpenVPN and PPTP built into the OS 20:36 < Minnebo> Who uses PPTP... :) 20:37 < Minnebo> I config OpenVPN on my firewalls (pfsense mostly) 20:37 < sawgood> I use PPTP (reason) I like authentication (username/password) vs OpenVPN KEYS ... 20:37 < sawgood> just me though ... 20:38 < qman__> PPTP should not be used by anyone for anything, it's laughably insecure 20:39 < kottt> minnebo: it shouldnt be a problem but it means there's a greater attack surface for someone who might try to send mail from your domain illicitly 20:40 < Minnebo> sawgood, you can use OpenVPN with Radium 20:40 < Minnebo> s* 20:40 < Minnebo> thx kottt 20:40 < qman__> I'm actually baffled that they'd still even include PPTP as an option 20:40 < qman__> (They shouldn't) 20:41 < kottt> minnebo: actually... i take that back... 20:42 < kottt> http://www.openspf.org/SPF_Record_Syntax when SPF looks at an 'a' mechanism it's translating the domain into an IP address 20:42 < kottt> so if the IP addresses for server1.domain.com and server2.domain.com aren't listed in the A record for domain.com, they won't work 20:43 < kottt> but you can use something like a:domain.com/24 to say the entire /24 subnet associated with the IP addresses listed in the A record for domain.com 20:44 < Minnebo> oh i did not know that you can do a /24 on an fqdn 20:45 < Minnebo> cool 20:45 < kottt> it's specific to SPF syntax 20:45 < Minnebo> sweet 20:46 < kottt> are you running short on mechanisms to include in your SPF record though? it would probably be best to just specifically list the servers that are likely to send mail, or list the subnet that those servers are likely to be in explicitly 20:57 < Minnebo> kottt, I have too much servers :( 20:57 < kottt> all in different subnets, too? 20:58 < Minnebo> having a big travel agancy as client and they work with a lot of vendors for tickets etc 20:58 < Minnebo> I have 10 entries in my SPF 20:58 < Minnebo> and the limit is 10, I could also split it up, I have seen 20:58 < kottt> i see, i see 20:59 < Minnebo> aha, but the a: does not count as a lookup 21:00 < Minnebo> sry the ip4 and ip6 i mean 21:00 < kottt> pretty sure the a: counts as a lookup but ip4: wouldn't 21:00 < kottt> :P 21:00 < kottt> well, good luck 21:00 < Minnebo> exactly : p 21:00 < Minnebo> thanks! 21:14 <@pppingme> Minnebo why is your spf record so complicated? 21:14 <@pppingme> I highly suspect a simpler solution here 21:15 < Minnebo> please tell me :D 21:15 < Minnebo> can I pm you how it looks right now? 21:15 <@pppingme> sure 21:31 < horse> hi folks 21:34 <+catphish> morning 21:34 < horse> so i'm having a discussion on a forum in which a bunch of audiophiles reckon that a cisco 2960 improves audio quality on their streamers 21:34 < horse> absolutely bonkers 21:37 <+catphish> horse: there's no point using a 2960 unless you use gold plated rj45 plugs too 21:37 < horse> lol catphish. honestly it's crazy. when i told them that this is all rubbish i got the following reply 21:38 < horse> it does seem specific to the various Catalyst switches I have tried including layer 3 Catalyst switches... The EM response to physical differential line driver layouts and the PHY clock stability and its lack of intermodulation products would appear to be helping. The effects or otherwise are taking place before (or after depending on your perspective) of the ASIC(s) 21:38 < horse> what does that even mean? 21:38 < horse> EM response to what? huh? 21:39 <+catphish> that's utterly insane 21:39 < horse> here's the thread 21:39 < horse> http://forums.naimaudio.com/topic/cisco-switch?reply=75483718998312253#75483718998312253 21:41 < Gambit15> Hey guys. With LACP, to the load-sharing modes have to be the same on both sides, or can they be different? I've got a suspicion it only affects the Tx on the local device, and each end can use a different algorithm...? 21:41 <+catphish> horse: mad 21:42 < horse> catphish: i know right, do you understand what the hell he's going on about? 21:42 < horse> i'm lemon drizzle cake btw :) 21:42 < Apachez> Gambit15: they can be different but thats just restarded 21:42 < Apachez> normally you want the most granular loadsharing 21:43 < Apachez> which normally is srcip+dstip+srcport+dstport 21:43 <+catphish> horse: i have to assume that all ethernet audio received contain a small buffer 21:44 <+catphish> horse: so i can't imagine any difference in the ethernet signal could matter 21:44 < Gambit15> Apachez, in this case my switches only do L2, which isn't great with proxies & stuff 21:44 < Gambit15> The servers can do L3 21:44 < Apachez> which switches is that? 21:44 < Gambit15> HP 5130 21:45 < Apachez> according to the manual they do L3 loadsharing 21:45 < horse> catphish: yeah, surely the packet either turns up or it doesn't 21:45 < Gambit15> I've fixed that by retransmiting the packets from my proxy using round-robin IPs 21:45 < asdf1280> yo whats good boys 21:45 < Apachez> hell even my 5120EI does that 21:45 < horse> regardless of the switch used 21:47 < asdf1280> anyone here know a lot about the linux networking stack? 21:47 <+catphish> horse: well there's packet loss (very unlikely) and jitter (pretty unlikely, and irrelivent if you buffer) 21:47 < Gambit15> Apachez: It's odd. The switches show the option for MAC & port based balancing in the global config, however as soon as I actually try to use anything other than src-dst IP, it simply returns that it's not supported 21:47 <+catphish> asdf1280: nope, nobody knows about that 21:47 < Gambit15> On the interface level, it only shows IP based balancing 21:47 < asdf1280> catphish: joking or ? 21:47 <+catphish> asdf1280: yes :) 21:48 < horse> catphish: would tcp/ip not take care of packet loss anyway by retransmission? 21:48 < Apachez> Gambit15: did you contact support? 21:48 <+catphish> horse: depends entirely on the protocol and the size of the buffer 21:48 < horse> catphish: right 21:48 < asdf1280> catphish: lmao, ive been looking through so many docs and blogs and can't find any decent explanations 21:48 <+catphish> horse: for realtime audio, you normally use a udp stream, no retransmission, packet loss results in a small silence of reduction in quality 21:49 < asdf1280> hoping that I dont have to head to the linux sourcecode 21:49 < Apachez> unless the codec can extrapolate missing parts 21:49 <+catphish> horse: but packet loss on a gigabit switch with no load is extremely unlikely 21:49 <+catphish> a good codec may fill the gaps as best it can 21:49 < Gambit15> Apachez: Anyway, the real reason I'm here is that the balancing on the *server* side isn't working correctly. I can see my switch using all ports to transmit packets to the server, however the server is sending everything back out just a single interface. From what I've read, mode 4 bonding defaults to IP dst-src balancing, but that seems not to be happening 21:49 <+catphish> asdf1280: if you have a question, ask away 21:51 < horse> catphish: do you know what he's babbling on about here? "The EM response to physical differential line driver layouts and the PHY clock stability and its lack of intermodulation products would appear to be helping" 21:51 < asdf1280> catphish: mostly wondering about how vpns block traffic from browser and other programs, If I understand it correctly the vpn would need to be looking at the browsers socket which it can't do because modern os' keep all programs isolated from eachother 21:51 < horse> it just sounds like complete jargon to me 21:52 <+catphish> horse: some of those words make sense 21:52 < asdf1280> catphish: im trying to build a new type of vpn and Im stuck there 21:52 <+catphish> but any gigabit gigabit switch can trabsmit at a gigabit, so meh 21:52 < Gambit15> VPNs don't intereact with applications 21:52 <@pppingme> um, "new type of vpn" ? 21:52 <+catphish> asdf1280: VPNs don't do that 21:52 <@pppingme> are you trying to make a round wheel square? 21:53 < derpingit> hi guys. i'm looking to purchase a travel router that is able to work with captive portal hotspots. does anyone have a particular recomendation ? 21:54 <+catphish> asdf1280: packets from one program to another on the same host will be identified as local by the routing table, and pass through iptables (using the lo interface) 21:54 <+catphish> asdf1280: if you wanted an individual program to be isolated, you need a network namespace 21:54 < asdf1280> pppingme: the high level explanation is to split a fully formed packet into parts, send those parts out to different people connected to the network which gets forwarded around a lot before recombining and sent by a server 21:55 <@pppingme> so tor? 21:55 <+catphish> asdf1280: you can do that easily enough 21:55 <+catphish> pppingme: tor doesn't do that, it keeps flows on one route 21:55 < detha> horse: it appears to me what this chap is talking about is EM noise from the network jumping to the audio circuits, nothing to do with data on the network. Unlikely, but possible. 21:55 <@pppingme> that'd be because packets coming in out of order will eventually cause issues 21:56 < asdf1280> pppingme: LMAO, everyone I tell that too thinks its tor but its completely different. TOR takes a full packet and encrypts it multiple times and what catphish said 21:56 <+catphish> i wrote a vpn that does this: https://github.com/catphish/split-router 21:56 <+catphish> it breaks packets into parts and sends them down multiple tunnels 21:56 < asdf1280> catphish: oh fuk thats awesome 21:56 <@pppingme> outside of mtu issues, whats the advantage of breaking a packet down? 21:57 < asdf1280> pppingme: isps cant track 21:57 <+catphish> you can just encrypt the packets if you dont want ISPs reading them :| 21:57 < asdf1280> pppingme: also depending on how I do it it should be impossible to track 21:57 < Apachez> "breaking a packet down" ? 21:57 <@pppingme> isp's generally don't track, and tracking that would be WAY EASIER than you think, its simple statistics 21:58 < asdf1280> pppingme: but they do steal data 21:58 <+catphish> no they don't 21:58 <+catphish> that would be illegal in most places 21:58 < asdf1280> catphish: They just passed a law about this in US 21:58 <@pppingme> first, they don't, but assuming your paranoia, they can't if its encrypted, you should only be using https:// 21:58 <+catphish> and if it's not, you can just use ipsec to encrypt to somewhere you trust 21:59 <@pppingme> no, they didn't "just pass a law in the us" 21:59 <@pppingme> you listen to too many liberals that WANT access to your data 21:59 < Apachez> what are you talking about? 21:59 < Apachez> in most countries an isp is prohibited to look at the payload 21:59 < Apachez> unless you send stuff to their servers 21:59 < Apachez> then they can look how much they want 21:59 <+catphish> is "liberals" just a generic insult in the USA now lol 22:00 < Apachez> so when they force their customers email through their own mailservers it means they can by law look at your email 22:00 < asdf1280> catphish: and "conservative" and having any opinions apparently 22:00 <@pppingme> catphish its idiots that blindly believe everything the news and government tell them 22:01 <+catphish> i never understood this "conservative", "liberal", "left", "right" nonsense, people have different opinions on different matters 22:01 < asdf1280> all i want is a way to know for sure that no one can track me, and Im paranoid enough to believe that with quantum computers around the bend we're gonna need methods of securing data beyond "encrypt it" 22:02 <@pppingme> the only way to not be tracked is to disconnect 22:02 < asdf1280> yea believing theres such a thing as a "true" conservative and liberal is eating up government and media bs as much as being one 22:02 <+catphish> some people like spending, some like saving, some like regulation, some like free markets, some people like abortion, some don't, why do people act like there's only 2 possible categories 22:03 < S_SubZero> it's more efficient to just hate "the other side" rather than some vague number of sides 22:03 < Phil-Work> that sounds like something a bloody liberal would say, catphish 22:03 < Phil-Work> ;) 22:04 < asdf1280> lmao 22:04 <+catphish> Phil-Work: lol :) 22:04 <@pppingme> catphish a true conservative believes in a government that stays out of the way (small gov, little regulation, free markets) and doesn't allow killing others (why are we killing 1 out of 3 babies??) 22:04 < horse> detha: would a high end audio streamer not have stuff in place to prevent EM noise jumping onto the audio circuits? 22:04 <+catphish> pppingme: lol 22:04 < turtle> that sounds like some bizarre fantasyland to me 22:05 <+catphish> the old "No true Scotsman" falacy :) 22:05 < asdf1280> anyway back to networking 22:05 < detha> horse: it should. but if you can avoid the noise being there in the first place, it is even better 22:06 <+catphish> pppingme: as someone who doesn't know where your defition of "true conservative" comes from, did you just shoehorn that last bit in? 22:06 < turtle> s/regulation/consumer\ protections/ <-- fixed. 22:06 <@pppingme> which bit? I consider myself to be a true conservative.. 22:06 < asdf1280> catphish: so then how would a vpn stop outgoing traffic? does it just set up a firewall 22:07 <+catphish> asdf1280: it doesn't stop outbound traffic, it just routes it through a tunnel using the routing table 22:07 <@pppingme> asdf1280 its not the vpn's job, its the job of your filters, firewall rules, route tables, etc.. all that happens before vpn comes into play 22:07 <+catphish> pppingme: i would urge you should reconsider that 22:07 <@pppingme> reconsider whitch part? 22:08 <+catphish> pppingme: the reason i say this is because in my opinion you leave yourself vulnerable to people telling you what "a true conservative" believes 22:08 < asdf1280> catphish: that makes a ton more sense, ty for your help, and sorry for starting a political revolution in chat lol 22:09 <@pppingme> I know what I believe, its unlikely others will change my mind.. 22:09 <+catphish> pppingme: you've aligned yourself with a group, and simply assume you will believe all the same things that their comittee / leader / whatever decide you should believe 22:09 <+catphish> pppingme: right, and that's fine if it's true 22:09 <@pppingme> nah, if someone claims to be a conservative, but believes in big government, abortion, or other things, then I don't consider them a true conservative.. 22:10 <+catphish> pppingme: but i worry that because some of your views align with a group, you are vulnerable to adopting the other views of that group by default, which can lead to unnecessary polarization in society 22:10 < horse> detha: yeah true. i'm still sceptical though 22:10 <+catphish> pppingme: so *you're* the one telling people what they should believe if they want to belong? 22:10 < asdf1280> pppingme: honestly the best thing is just to go out and talk to people. The more you talk to "liberals" the more you'll find that they say some things you agree with and the more you talk to "conservatives" the more you'll find they say some things you dont agree with 22:11 <@pppingme> I'm probably more conservative than most people that call themselves conservative.. I'm conservative with a bit of libertarian (not to be confused with liberal) 22:11 < asdf1280> pppingme: i SERIOUSLY doubt you'll find someone who completely agrees with every single thing you believe just as well as you won't find someone who completely disagrees 22:11 <@pppingme> asdf1280 nah, liberals want big government, big control, free access to killing babies, and from what I've seen are some of the most racist people I've ever met.. 22:12 <@pppingme> agreed, there's no perfect candidate for office or anything else, I pick the values that are most important to me and vote for that person.. 22:12 < S_SubZero> did you just define a "true conservative" and then lump all liberals into the same bucket 22:12 < asdf1280> pppingme: but right there you've just said that tens of millions of people believe the same thing where right before you said that not all conservatives are the same, you can't have it both ways 22:13 <@pppingme> no, liberals != conservative 22:13 <+catphish> pppingme: i'm sorry, but i really dislike the polarization you're pedaling :( 22:13 <@pppingme> I'm saying there are variations in what conservatives believe, I'm what most people would call ultra-conservative, way more conservative than most of the people around me 22:13 < turtle> call me crazy but i dig food safety regulations and the like 22:14 < S_SubZero> net neutrality was kinda cool I guess 22:14 < turtle> i just can't really get behind the idea that the imaginary hand of the free market would keep corporate greed under control 22:14 < asdf1280> the one thing I don't understand about us political system is how it lumps economic ideology with social. If i want a big government why do i have to be pro abortion? 22:14 < asdf1280> cause people arent actually like that 22:15 <+catphish> asdf1280: this is the problem i have 22:15 < zolvaring> 2-party system naturally lends to that seems to me 22:15 <@pppingme> turtle free market generally drives prices down, greed assumes you're stiffing on every transaction, if you have a free market, you have competition, and you can no longer afford to be greedy 22:15 < S_SubZero> that's why religion hooks so conveniently into conservative thinking. Well we can't have big government so let's have an imaginary being do the regulating for us! 22:15 < turtle> does the imaginary hand of the free market break up monopolies to keep this competition going? 22:16 < turtle> because i thought that was big gubment anti-trust stuff 22:16 < asdf1280> pppingme: but then how do you describe the ISP and healthcare industries in the US? 22:16 <@pppingme> asdf1280 its not that they are directly linked, its just that about 80% of people tend to want those things together, they are either big government and pro abortion, or small government and pro life, I'd estimate less than 20% of people split on those issues 22:16 < detha> horse: intermodulation products are funny things. So are earth loops accidentally tuned to one frequency. 22:17 < asdf1280> pppingme: dude you gotta go out and talk to people more if you think it's 80/20 split. no where near that 22:17 < turtle> what we're hearing here is the imaginary utopia peddled by libertarians. there's no examples anywhere on earth now or in the past but allegedly if we just let the billionaire class run wild they wouldn't shit in our water and pay us pennies it would be a utopia but the damn big government liberals keep getting int eh way 22:17 <@pppingme> asdf1280 isp is easy, I live in a unique situation that I have access to 5 different hardware isp's (cable, dsl, etc), and prices are LOW, speed is HIGH (200mb/s is considered low end starting speed), and customer service is almost always same day truck roll, go to other areas and its not unusual to wait 2-5 days for a truck roll 22:18 < horse> detha: the way i see digital audio is that you either get the packets delivered to the streamer over the wire and into the buffer, or you don't, and get drop outs. 22:18 < linux_probe> what is this, actual customer service and competition? 22:18 < detha> horse: that's the digital part. But somewhere that audio gets converted to analog, and that is where the problem is. 22:19 <@pppingme> linux_probe yeah, they seem to come together, no competition, cust service is lousy, lots of competition, all of a sudden they are tripping over themselves to keep you happy 22:21 < horse> detha: yup, but once it's arrived at it's destination and the DAC does it's thing it's all gravy, right? 22:21 <+catphish> pppingme: unfortunately, with competition, you have a dilema, competition is great, but often you don't get competition without heavy government intervention / regulation :( 22:22 < linux_probe> the big question is, do the service calls and truck rolls actually do any good? 22:22 < detha> horse: not many things will have, for example, run the DAC and amp part behind an opto-coupler, completely isolated from the rest of the digital stuff 22:22 < detha> So, they share a common ground 22:23 <@pppingme> catphish around here, its government interference that is stifling competition.. government protection of monopolies isn't unusual in the isp, tv, phone industries here.. once those monopoly protections are lifted, all of a sudden things get better, in every single case 22:23 < horse> detha: so they could be affected by EM noise coming in over the network? 22:24 <@pppingme> linux_probe often its not about the truck roll itself, its about eagerness to fix the issue quickly 22:24 <+catphish> pppingme: that sounds like corruption, surely no government would publicly admit to intervening to support a monopoly against customer benefit 22:25 < linux_probe> but do they fix the actual issue? or just the standard modem swaparoo and cable hackery 22:25 <@pppingme> catphish its no secret in most of the USA, that cable companies and telco's are heavily protected monopolies.. its very well know to be the law 22:25 <+catphish> pppingme: i don't think your problem there is big government, the problem there is corrupt government 22:26 <@pppingme> linux_probe I've recently had a tech stand at my locations for 4+ hours because it wasn't working, even though it ended up not being a customer side issue but a head end issue that they couldn't find or didn't want to admit up front 22:26 <+catphish> here, we have heavy government intervention in telco, they force the biggest copper owner to rent the lines at low cost to a huge number of competing ISPs 22:27 < linux_probe> was likely an issue on pole/post/pad somewhere 22:27 < linux_probe> or at multiple homes if it was cable co 22:27 <+catphish> and now they're going further and giving grants to small ISPs to install fibre to compete 22:27 < detha> horse: it is possible. Noisy ground plane and shared power supply can introduce measurable noise in the output. How audible that is depends on how critical the listener is. 22:27 <+catphish> so it's hard for someone in my country to see big government as bad for ISP competition 22:28 <@pppingme> there is a bit of that here, but telco's are fighting it hard, and (as seen by hurricane in new england area) they are taking that opportunity to knock competition out even more by simply not replacing copper and now claim they don't have to share fiber.. 22:29 <+catphish> pppingme: ironically, we do have that problem, the new ISPs, after being bribed to install fibre and compete, find themselves being a new monopoly, without being forced to share the fibre :( 22:29 <+catphish> so maybe we're just as bad as the USA, but a few years behind 22:29 <+catphish> and we haven't seen the problem coming 22:30 <+catphish> right now, i can choose 1) really shit copper internet from 100+ competing ISPs or 2) amazing fibre, but i am stuck paying the price set by the person who owns that fibre and has no obligation to share it 22:31 <+catphish> pppingme: you make a scary point, and i might actually write to the government to complain about where this is leading 22:31 <+catphish> before, we had one huge copper provider, they were forced to share 22:31 < kevin-oculus> corrupted gov they made up a gun law so they can sell weapons and do bussnies 22:31 <+catphish> now we have lots of small fibre providers, one in each area, no sharing 22:32 <+catphish> i'm suddenly worried we could get a USA style local-cable monopoly 22:51 < spaces> catphish why would that be ? 22:59 < ScRaMbLe> catphish http://i.imgur.com/Tvh6teU.jpg 23:06 <+catphish> ScRaMbLe: i can see something similar happening here, except here the monopoly wasn't broken up, it was allowed to continue, but forced to lease out their copper, the bad news, they never upgraded to fibre, so now we have new regional providers getting grants to do fibre to replace them 23:06 <+catphish> and they're too small to be considered monopolies and forced to lease their infrastructure 23:14 < ScRaMbLe> catphish well that wasn't a breakup - it was an obfuscation ^ 23:16 < ^7heo> that's what she said. 23:50 < hmig> what protocol is P2pV2 in wireshark? 23:52 < cthulchu> it's version 2 of p2p 23:52 < hmig> youre smart 23:52 < cthulchu> kek 23:52 < cthulchu> torrent? 23:53 < hmig> got some voip phones that just sending traffic to 239.0.0.1 using p2pv2 23:53 < cthulchu> some messengers 23:53 < cthulchu> yeah 23:53 < cthulchu> that makes sense 23:53 < hmig> these phones are getting some packet loss 23:53 < hmig> cant figure out why 23:53 < hmig> i though i had a network loop or stp issue 23:53 < hmig> but nope 23:53 < cthulchu> maybe it's higher? 23:54 < cthulchu> a firewall 23:54 < hmig> maybe 23:54 < hmig> i did suspect that after rulling out switches 23:54 < cthulchu> it's the most annoying part and hard to troubleshoot. 23:54 < hmig> ive checked every device port counters 23:54 < hmig> reset and watched them 23:55 < hmig> none of ther are dropping or showing errors 23:55 < cthulchu> yeah 23:55 < cthulchu> it's most likely higher 23:55 < cthulchu> check the port listeners 23:55 < cthulchu> and local firewalls rules 23:55 < hmig> weired thing is tho, we have the same make of swithces working with these phones on the same network 23:56 < hmig> so we have a hp stack of 3 switches where these phones are experiencing issues this used eternet to connect to core swithces 23:56 < cthulchu> are they smart enough to have ssh? 23:56 < cthulchu> or... telnet? 23:57 < hmig> we have the same model of switch in stack as an independent switch, used fibre to connect to core switches - there are working the above is not 23:57 < hmig> let me check 23:58 < hmig> crap nope 23:58 < hmig> the config on the stacked switches and the independent switches is the same 23:58 < hmig> apart from the stack config of course --- Log closed Fri May 25 00:00:31 2018