--- Log opened Tue May 29 00:00:31 2018 --- Day changed Tue May 29 2018 00:00 < varesa> the first issue with device compatibility is that one bulb uses Zigbee ZLL, the next uses Zigbee HA, the next Wifi, BLE, Z-Wave, whatever else 00:00 <+catphish> yep, you need 3 or 4 radios, but they're not too expensive 00:01 <+catphish> just lots of code to write for every different protocol 00:02 < detha> now if someone would make a hub radio with firmware for all of the above protocols, it would be nice 00:02 <+pppingme> why don't you just standardize on one protocol instead of buying different stuff every time someone throws it on sale? 00:02 <+catphish> well that's the idea 00:02 <+catphish> because money i guess 00:03 < detha> because people, because money, and because there is no obvious winner in the protocol race yet 00:03 <+catphish> i think the government should just mandate one protocol that all iot must use 00:03 <+pppingme> x-10 is the winner!! 00:05 < detha> Government.... I can see PAL and NTSC iot things 00:06 <+catphish> detha: don't worry, i was only trying to troll pppingme, it didn't work :'( 00:07 < linux_probe> lol 00:08 < detha> Sorry, still mad with the government here that can't make up its mind which DVB standard to use, European, Brazilian, or some other. So the whole thing has been delayed by >5 years now 00:08 <+catphish> detha: use DVB-T2 00:08 <+catphish> there, done 00:09 <+pppingme> ntsc makes the most sense, its all you can buy here! 00:09 <+catphish> i assume ntsc is dead now? 00:10 <+catphish> along with pal, and anything that's not MPEG4 00:12 <+catphish> i think we actually transmit a combination of DVB-T (mpeg2) and DVB-T2 (mpeg4) 00:12 <+pppingme> actually I think most tv's sold here still have ntsc tuners, although they are obsolete.. they also have atsc.. 00:12 < tds> isn't there some slight stupidity with dvb-t2 in the UK where the epg is "encrypted" in order to enforce copy protection, but the content itself isn't? 00:13 < detha> PAL is still alive and kicking here, taking up valuable spectrum :( 00:13 <+pppingme> I'm not really sure what atsc carries.. if its mpeg4 or something else.. 00:13 <+catphish> tds: i don't think so 00:14 <+catphish> tds: i could be wrong, but i'm sure i've used it with open source code and pc tuners 00:14 <+catphish> PAL was dropped in the uk a few years ago 00:14 < tds> oh yeah, I run a tuner with open source software as well which works fine, I think that's just got the keys built in ;) 00:15 <+catphish> tds: well that seems a little pointless then :) 00:15 < tds> but for set top box manufacturers they'll only give you the keys/whatever if you agree to implement their copy protection, I think 00:15 <+catphish> just seems unlikely 00:15 < tds> ah, found a reg article on it: https://www.theregister.co.uk/2010/06/14/bbc_offcom_freeview_hd_controls/ 00:15 <+catphish> the part about the STBs seems plausible 00:17 < varesa> in a couple of years will have to find a new set top box (or maybe just the tuners) as dvb-t transmissions end 00:17 * varesa grumbles about the current box being only about ten years old 00:17 <+catphish> varesa: so there's literally no protection, just a pointless thing to tick boxes for international distribution rights 00:18 <+catphish> tds i mean ^ 00:18 < tds> yeah, I think that's basically the case 00:18 < varesa> I was just going to say that I'm not in the UK and have no idea about how our EPG works :) 00:19 <+catphish> lol 00:38 < lord|> hmm I see that the two major router OSes I'm looking at are x86-64 only 00:39 < lord|> what relatively easy to setup router OS would I use on the orange pi R1 00:39 < lord|> which is a uh 00:39 < lord|> cortex-a7 00:40 < lord|> hmm, MicroTik? 00:40 < varesa> lord|: looks like they provide an openwrt image for it 00:43 <+catphish> lord|: i'd look at openwrt, probably builds of that for various CPUs, otherwise you may need to configure your own on whatever linux is available for it 01:16 < Android> what was the outcome of h.e. vs. cogent? 01:17 < rewt> tbd 01:17 < Android> still ongoing fight? 01:17 < rewt> i don't think it's a fight really, just HE wanting to peer, and cogent ignoring them 01:18 < Android> is this inside a virtual net masqurading as chicago? 01:18 < Android> they think it is california 01:19 < rewt> whereever it is, i hope cogent stops being so stubborn 01:19 < Android> why? 01:19 < rewt> so we can finally have 1 unified ipv6 internet 01:19 < Android> something important needing to do with h.e. 01:20 < rewt> last i heard, cogent was filtering out HE even through 3rd party paths 01:20 < Android> it was wasnt it? 01:20 < Android> I have the mainframe. 01:21 < rewt> plug it in 01:21 < Android> Somebody blasted the bios apparently. 01:21 < Android> no screen 01:21 < Android> the rescue cd doesnt seem to bring up the interfaces blindly 01:22 < rewt> real admins don't need a screen; they do everything by the feel of the keys 01:22 < Android> no screen no shell 01:22 < Android> no shell evwnt after feeling boot commands 01:24 < Android> are you a real admin? 01:25 < Android> rewt are you a real admin? 01:26 < rewt> i am one with the shell 01:26 < Android> why arent there any bootup ssh shell images? 01:26 <+catphish> it's pretty common for people to refuse to peer, these cogent cases are only unusual because one party is refusing to send traffic at all 01:27 < rewt> use a live cd 01:27 < Android> yeah it doesn't bring up the interfaces 01:27 <+catphish> like, cogent probably wouldn't peer with me, but i'd still send traffic to their customers :) 01:28 < Android> so it starts ssh bt default but not network , "smart" aint it 01:28 < rewt> local ssh :D 01:32 <+catphish> rewt: to clarify, cogent aren't blocking anyone, HE and google are refusing to send traffic to HE through paid transit 01:32 <+catphish> *to cogent 01:34 < rewt> oh. i thought there was some filtering; traffic isn't going through common peers either 01:34 < tds> sure, but since neither side buys transit off those peers, you wouldn't expect those peers to announce either side's routes to the other, only that AS' internal routes (and any downstreams) 01:34 < rewt> been some time though, so i may be misremembering 01:34 <+catphish> rewt: it never does, settlement free peering doesn't work like that, it only allows traffic between the immediate peers and their paying customers 01:35 <+catphish> so if neither of them peer with someone who pays the other, no traffic 01:38 < spaces> catphish openIX ? 01:39 <+catphish> cogent's argument is presumably that they have more customers and more geographical diversity, so connecting to them is worth more, unfortunately they're largely in the right on all counts, and while it would be nice for everyone to get along and peer, HE have the weaker hand, and no particular moral high ground in asking for free routes 01:39 <+catphish> mutual peering is great, but not really a right at that scale 01:44 < spaces> nice thanks, that was going nowhere 01:45 <@catphish> i don't know how to express this nicely, so i'm just gonna be mean, you're annoying me, you keep tagging me, but not really contributing, i'm probably just being irritable, sorry 01:46 <+catphish> but please quit it 01:46 < spaces> how could I directly respond to your statements anyways ? indeed, that is how IRC works 01:46 <+catphish> with something useful 01:47 < spaces> that was usefull, I asked you the other day about your little carrier issue you seem to see which is not there... 01:47 < spaces> maybe you are just wrong about your way of thinking at the moment ? it's an open channel, and you could /ignore me, maybe not as an op but that is not my problem, sorry 01:49 < spaces> and about coget, they never will block anyone they only want to lift over the largers networks if they can using their open peering polity these providers have... and they get blocked because of it from time to time 01:49 < spaces> it's a known cogent issue 01:50 < spaces> less big issue now these days 01:50 < spaces> *cogent 01:51 <+catphish> that sentence didn't make much sense :( 01:51 < spaces> about the lift ? 01:51 <+catphish> yes 01:52 < spaces> you want to peer with them directly ? 01:53 <+catphish> i peer with or buy transit from all those providers 01:53 <+catphish> so not really relevent to me 01:53 < spaces> you buy transit ? 01:54 < spaces> why not connect to them directly ? most have a pop in each DC 01:55 <+catphish> 1) gotta buy transit from someone 2) cogent won't peer with me for the reasons discussed above 01:55 <+catphish> they have a policy of charging small but charging everyone 01:56 < spaces> not that I know 01:56 < spaces> maybe it's about knowing the right people there ? 01:56 <+catphish> they don't peer with many people 01:57 < spaces> you don't have to peer with them when you are connected to them 01:57 < spaces> then you peer with their customers 01:57 < spaces> you actually never peer with a customer 01:57 < spaces> oops, carrier 01:57 < tds> how do you plan to be "connected to them" if you're not peering or buying transit? 01:58 <+catphish> sure, i could build a global network, and peer with every one of cogent's customers 01:58 <+catphish> but i'm not going to 01:58 < spaces> tds transit in which way ? if you just buy an uplink from them then you are done 01:59 <+catphish> i'm happy just to pay for transit, like everyone else :) 01:59 < tds> spaces: transit as in buying an uplink from them ;) 01:59 < tds> well, getting a cross connect and then doing it over that, normally 01:59 <+catphish> it's just coincidence that cogent are one of the few transit providers in my data centre, so they get my business :) 02:00 < spaces> tds then you are peering with everyone in their network, if they didn't block you, so the customer 02:00 <+catphish> and despite their peering policies, they're pretty good, and their policies mean good value for their customers 02:00 < spaces> catphish transit providers ? what kind of providers do you have more then there ? 02:00 < spaces> this sounds like a joke 02:01 * tds is confused at this point 02:01 <+catphish> i don't think this conversation is ever going to make any sense as long as you're part of it, sorry 02:01 <+catphish> tds: i suspect there's a language barrier here 02:02 < spaces> I'm pretty sure you are just not a customer that gets a pipe form them, have your own AS and be done with it, there is more between it seems like it 02:02 < fnDross> speak in C then 02:02 < fnDross> :D 02:02 < spaces> C 02:03 < varesa> set_confusing(&conversation, false); 02:03 <+catphish> if you have an AS, you need to send traffic everywhere, you do this by a combination of getting people to accept your traffic for free, and paying them to take it, simples 02:03 <+catphish> cogent won't do the latter unless you're a very very large ISP 02:04 < spaces> what does cogent have to do with it ? they are just the carrier, it's their customer that decides it 02:04 <+catphish> decides what? 02:05 < spaces> how does your traffic goes otherwise when you are connected to them and someone else is as well and you want to send and receive data between the two of you ? 02:05 <+catphish> i don't think i can be bothered to explain how the internet works, sorry 02:05 < spaces> catphish the customer, their customer decides if they want to talk with you directly over cogent or not, not cogent that is the gatekeeper there 02:06 < spaces> I'm pretty sure that you are on a different level with them as you described 02:06 < spaces> which sucks indeed 02:06 < spaces> bbiab 02:06 <+catphish> http://i.lvme.me/pzv5j7l.jpg 02:10 < tds> I still can't seem to peer with google, they haven't replied to my emails :( 02:10 < tds> I think that's just them being slow, though, hopefully it'll get sorted eventually 02:12 < spaces> tds wasn't that on a hold with them ? 02:16 <+catphish> tds: actually i'm not peered with google, i see them via the linx route servers, good enough for me, i don't exchage any traffic with them since i have no eyeballs 02:17 < spaces> catphish I think you are refering to something else... you use their network to access other DC's ? like you normally get your own wave between whatever network you want ? 02:17 <+catphish> i buy transit from cogent 02:18 < tds> ah, I don't think google peer with the route servers at kleyrex, so I don't see them there at the moment 02:18 <+catphish> that meand i give them money, and they will accept any traffic from me, to anywhere, and they will announce my routes to all their peers 02:18 < spaces> why use cogent for that ? 02:19 <+catphish> 1) they are present in my main data centre 2) they are cheap 3) they are reliable 02:20 < tds> he recently joined the route servers though, everyone got an email saying to increase their prefix limits :P 02:20 < spaces> they are not your carrier then, they are your ISP 02:20 <+catphish> that's the same thing 02:20 < spaces> it's not 02:21 < spaces> there is a different level between them 02:21 <+catphish> you can barely speak english, lets not argue semantics 02:21 <+catphish> as well as transit providers, i also have peerings, that means people accept my traffic only for their customers, and i accept their traffic for my customers 02:21 < spaces> oh my US based client never complain and are happy to say that I speak better english then their US collegues :D 02:22 < spaces> I think you are trying to make COgent your IX 02:22 < spaces> you better get an IX where everyone peers happily that is connected 02:23 <+catphish> "everyone" 02:23 < spaces> cogent likes to act as an IX, that is their business, they needed to because other carriers didn't like their policy back the days, even Level3 blocked them totally becayse they pushed almost all data over the L3 network to get nice ping times 02:24 < varesa> I'm with catphish, I don't think you understand how transit works or you are bad at communicating it 02:24 < orlock> everybody settle down. 02:24 < orlock> it's all just ones and zero's 02:24 * orlock ducks 02:24 <+catphish> orlock: you're just ones and zeros 02:24 < orlock> shit 02:24 < orlock> i'm a bot? 02:24 <+catphish> yep 02:24 < orlock> DO MY PARENTS KNOW? 02:25 <+catphish> no, and i won't tell them 02:25 < spaces> varesa I think you guys just are on the entry level, cogent is as catphish says cheap, and you get "issues" with it for free 02:25 < orlock> ok then 02:25 < varesa> lol 02:26 < orlock> we have an issue here where out two main telco's refuse to peer with Cloudflare 02:26 < orlock> and Cloudflare will not pay to deliver traffic to theit customers 02:26 < orlock> so anybody using two out of the top 3 ISP's gets 150ms latency to Cloudflare 02:26 < orlock> everybody else? <10ms 02:27 < spaces> orlock that is why Cloudflare sucks 02:27 <+catphish> i can see how that might happen, CF are essentially a networkless content provider, i imagine people would expect them to pay 02:27 < orlock> spaces: wtf? 02:27 < orlock> spaces: No..... That's why Optus and Telstra suck, what the fuck shit are you on? 02:27 <+catphish> did i make a terrible mistake in unmiting him? 02:28 < spaces> orlock so many people that move to cloudflare that they have the power to say, ok you guys need to pay us 02:28 < orlock> spaces: It only impacts customers of those two ISP's, nobody else. 02:28 <+catphish> but its nice when everyone just gets along and peers 02:28 < orlock> ok Srs Busins time 02:29 < spaces> orlock it could be that cloudflare say, you can peer with us but you need connect directly with us starting with a 100G connection 02:29 <+catphish> they don't :) 02:30 < PenguinPerk> Anyone using the NRPEv2 module for PFSense to talk with Nagios? I need some assistance setting up the nagios side 02:30 < orlock> .. They are pretty open about it all. 02:30 <+catphish> cloudflare will peer with anyone anywhere because they're nice :) 02:30 < spaces> I think the peering policies have no meaning anymore with linespeeds these days 02:30 < spaces> and also what a wave costs 02:30 < orlock> PenguinPerk: no, pfsense or nagios channels might be better? 02:31 < PenguinPerk> Trying them as well 02:31 < orlock> used Nagios enough to hate it, never used pfsense 02:31 < spaces> Nagios is used by dinos 02:32 < spaces> I need to dev a little bit 02:32 < orlock> spaces: oh great one, enlighten us with your alternatives 02:32 < orlock> spaces: tell us what drugs will fix all our problems 02:32 < lupine> alert servers and probes are ten a penny these days 02:32 < vectr0n> icinga2 is better imo 02:32 < lupine> nagios still does the thing though 02:32 <+catphish> icinga2 is indeed better :) 02:32 < orlock> its all trivial crap 02:33 < orlock> but still very important 02:33 < orlock> spaces: what's so much better? 02:33 <+catphish> we wrote our own monitoring system for some reason 02:33 < lupine> yup, the last company I was at did the same thing 02:33 < lupine> in ruby 02:33 < spaces> orlock zabbix is best 02:34 < orlock> how is it better than nagios? 02:34 < spaces> easier to setup, 02:34 <+catphish> i hated zabbix, not sure why 02:34 < orlock> then you are useless 02:34 < orlock> stfu 02:34 < orlock> go away 02:34 < spaces> Zabbix is much better again these days 02:34 <+catphish> seemed overcomplicated 02:34 < varesa> we almost got our fairly large icinga2 deployment done with all templates etc. the way we want them when the company started throwing money at new relic, datadog, cloudhealth, pagerduty and I don't even remember what we have now 02:34 < orlock> all our work is in the checks and tests 02:35 < orlock> nagios is just a tool to run them 02:35 < spaces> LibreNMS.. meh not ideal, it's good but they have weird policies of ditching hardware 02:35 < vectr0n> librenms is decent for graphing 02:35 <+catphish> librenms can't be any worse than its parent for arbitrary decision making :) 02:35 < orlock> vectr0n: i use graphite for that 02:36 * vectr0n nods 02:36 < spaces> varesa incinga2 is nice, did it do syslogging now also? forgot 02:36 < vectr0n> many ways to get graphs 02:36 <+catphish> i use cacti because i'm a dinosaur :) 02:36 < tds> librenms' service monitoring is just some php run in a cron job that runs nagios scripts, though 02:36 < varesa> my experience with zabbix (use it at home) is that it makes basic stuff really easy, you don't have to touch configs, it autodiscovers stuff, etc. 02:36 <+catphish> varesa: wonder why i found it so complicated 02:36 < spaces> tds at the end most scripts run nagios tools but Nagios itself is really a beast and not nice 02:36 < varesa> but if you want something that quite doesn't fit the frame you might have to fight it a bit 02:37 < varesa> where as icinga2 is really a barebones framework to build upon 02:37 < vectr0n> its very versatile 02:37 <+catphish> icinga2 seemed nice 02:37 < orlock> i could probably replace nagios with graphite and collectd honestly 02:37 <+catphish> slightly saner to configure than nagios 02:38 < orlock> but 02:38 < orlock> it's all crap 02:38 < lupine> silly human, nobody uses collectd any more 02:38 < vectr0n> with monitoring there is many ways to do the same things, it just depends what works best in your env and your needs 02:38 < lupine> it's all prometheus 02:38 < orlock> everything is crap 02:38 < varesa> currently my homelab setup is librenms for network devices/SNMP, prometheus+grafana for performance metrics, zabbix for availability/alerting 02:38 < lupine> just remember to put a http server in all your client applications you want to monitor 02:38 < orlock> lupine: damn, i thought telegraf was the new hotness? 02:38 < lupine> nah, prom is hotter than TICK 02:38 < orlock> oh, hah, a joke 02:38 < orlock> i understand human humour 02:38 < orlock> el oh el 02:38 < lupine> thing is, I'm being sarcastic, but this is what people are actually doing 02:39 < orlock> lupine: because, fuck. snmp already existed, lets write something else that does the same shit, but using the tools we know instead of reading documentation for something that already exists 02:40 <+catphish> our homebrew monitoring system: https://imgur.com/a/ibPDZap it does the job nicely, everything runs over ssh only 02:40 < lupine> the worst part is that none of the usual strategies for time-series data work with prom 02:40 < orlock> when all you understand is http, everything starts looking like a webserver 02:40 < lupine> you have to learn promql and structure your data very precisely 02:40 < lupine> it's really painful 02:44 < spaces> looks good that homebrew thing :) 02:45 < Lord-Kamina> So... with these routes: https://www.dropbox.com/s/cx8fmz0rrw723af/routes.png?dl=1, requests to those IPs should be redirected to my gateway, is this wrong? 02:46 <+catphish> it works nicely :) 02:46 <+catphish> i must sleep now 02:46 <+catphish> have fun 02:47 < Lord-Kamina> Because whenever something goes the way of those IPs, instead of going to my gateway (and using my other DNS) I just get a no route to target error. D: 02:47 < spaces> just say you want a new phone then you B%^%tch https://imgur.com/gallery/7HkxYNt 03:36 < cluelessperson> how do you set the subdomain for a server? 03:36 < cluelessperson> set it as the hostname? 03:36 < cluelessperson> server.subdomain ? 03:37 < Galoyz> possible noob question: I have a system on which docker containers all live in the 172.17/16 subnet. the host lives at 172.17.0.1 and serves as the default gateway for those containers, and within any one container I can successfully send packets to the external internet, even though I've set up iptables to unilaterally reject packets pertaining to the FORWARD chain. my understanding of the FORWARD 03:38 < Galoyz> chain is that it pertains to packets for which the destination host is not the receiving host, which should apply in the case of my host receiving packets from the docker0 interface, so why are those allowed to pass? 03:38 < Galoyz> iptables on the host, that is. 03:43 < varesa> cluelessperson: you add a new DNS record in the DNS zone for the top level domain 03:43 < light> Galoyz: check your rule order 03:44 < light> also your rule set may not do what you think it does 03:44 < Galoyz> light: thanks. the FORWARD reject all chain rule is indeed the last one set, so it might be nullified by some previous, but it's also the only rule I've set pertaining to that chain 03:45 < light> iptables is first match 03:46 < Galoyz> right. but isn't chain matching mutually exclusive? i.e., a packet may match to at most one of INPUT, OUTPUT, FORWARD 03:46 < light> check which rule they matched 03:46 < light> have some packets flow in and watch the rule counters tick up 03:47 < Galoyz> ah, good idea. thanks for the tip. 03:48 < cluelessperson> varesa: I don't have a dns server yet 03:49 < cluelessperson> varesa: and the problem seems to be with the hostname reported up by the server in a monitoring tool 03:49 < cluelessperson> I figure just set "server.subdomain" in /etc/hostname ? 03:49 < varesa> cluelessperson: what do you want the subdomain for? What are you trying to accomplish? 03:50 < varesa> to just change the hostname as reported by the server to "server.domain.tld"? 03:50 < cluelessperson> varesa: I have different vlans, and subdomains route to the appropriate vlan. 03:51 < cluelessperson> varesa: For one thing, when I'm trying to rsync stuff, it's annoying that everything on the server shows up at root@server:/location/ when I need the subdomain as well on an enterprise netowrk. 03:52 < varesa> now I'm just confused :-S 03:52 < varesa> domains don't route stuff to VLANs, domains resolve to IP addresses (except you said you don't have DNS so that seems irrelevant) which may be on certain VLANs. 03:53 < varesa> and I don't quite get what you mean by everything showing at root@server:/location/ 03:54 < orlock> "enterprise network" 03:54 < orlock> "I don't have a dns server yet" 03:54 < spaces> varesa he could mean I have a subnet on vlanX where I route to 03:55 < spaces> orlock openDNs is free, or let feed us google ;) 03:55 < orlock> spaces: i was quoting cluelessperson 03:56 * orlock has too many DNS servers here, some need to be taken out the back and shot in the head 03:56 < varesa> cluelessperson: by "add subdomain to server" I assume you mean that you want "server" to be part of ".enterprise.domain"? 03:56 < Whiskey`> orlock: ill take the hardware out back 03:56 < spaces> orlock I love split horizons :D 03:57 < spaces> orlock why so many ? 03:57 < orlock> i love the sound of you shutting up 03:57 < varesa> and you either want a) the server to report the FQDN ("... hostname reported up by the server in a monitoring tool") 03:57 < orlock> spaces: multinational hyperglobal meganet enterprise 03:57 < spaces> orlock and you could not use something like FreeIPA and let them replicate all over the place ? 03:57 < varesa> or b) be able to connect to the server via server.enterprise.domain instead of just "server" or IP or something (didn't quite get the rsync part) 03:57 < orlock> cluelessperson: maybe start with getting your DNS working, then? 03:58 < orlock> spaces: Dude, just. shut. up. 03:58 < orlock> spaces: i dont have a problem that needs fixing, so.. shut up? 03:58 < spaces> orlock, you seem to have: [03:56:01] * orlock has too many DNS servers here, some need to be taken out the back and shot in the head 03:59 < orlock> Yes, and i cannot be fucked explaining the reasoning behind any of that to you seeing as you seem to intentionally mis-interpret things for your own amusement 03:59 < varesa> I am pretty sure the fix to cluelessperson's issue is a) setting the server hostname b) adding an entry to /etc/hosts c) setting up DNS 03:59 < varesa> once we can figure out the problem we can choose the correct answer ;) 04:00 < cluelessperson> orlock: I have dns server I don't control yet specifically 04:00 < orlock> cluelessperson: talk to that person then, and learn how to use tools like dig/nslookup, etc 04:00 < Galoyz> 4 04:01 < cluelessperson> orlock: huh? 04:01 < cluelessperson> I know those tools 04:01 < orlock> and you have a DNS server that you don't control? 04:01 < spaces> orlock erm, weird you say so... lots of companies have DNS servers all over the place because there was no decent way of ccreate some central management for global DNS servers 04:01 < orlock> so somebody does? 04:02 < spaces> does what ? 04:02 < spaces> who is somebody ? 04:15 < Cthu> my dudes, IP is not PII data 04:15 < Cthu> right? 04:15 < Cthu> it's a bloody routing tool 04:16 < orlock> Depends 04:16 < orlock> MPAA seems to think it is? 04:17 < spaces> lol Facebook has a new way to let people create accounts 04:17 < varesa> Cthu: well postal addresses are a routing tool as well 04:17 < varesa> and phone numbers 04:18 < varesa> IP address is actually very close to a house address or a landline number if you think about it 04:18 < orlock> Cthu: all depends on context 04:47 < new2ip> anyone really here? 04:47 < orlock> are any of us, _really_ here? 04:48 < orlock> new2ip: this is #networking, not #philosophy 05:18 < Theophilus> I'm interested in upgrading my twenty eight point eight kilobaud internet connection to a one point five megabit fibre-optic T-1 line. Will you be able to provide an IP router that's compatable with my token ring ethernet LAN configuration? 05:20 < new2ip> Its troll ban time 05:20 < Theophilus> yey 05:21 <+pppingme> He's talking about you 05:21 < Theophilus> yey 05:22 < Theophilus> well this is taking some time 05:22 < Theophilus> I might just... leave 05:23 < Theophilus> yeah, out 05:23 <+pppingme> ask a legit question and you might get legit help 05:24 < orlock> file an abuse complaint with his ISP 05:24 < orlock> DMCA 05:25 < CuriosTiger> orlock: Which copyright of ours did his trolling violate? 05:26 <+pppingme> I bet the term token-ring is still trade-marked 05:32 <+pppingme> that feels spammy 05:32 < orlock> just a tad 05:33 < orlock> WolfLarson[m]1 stuffed up though 05:33 < new2ip> what do you mean stuffed up? 05:34 < linux_probe> shhhhpamburgers 05:39 < orlock> new2ip: he got a 1 after his [m] 05:39 < new2ip> not sure what the 1, or even the [m] means? 05:41 < Kingrat> it makes it easier to find the spam bots 05:50 < varesa> the [m] are people bridged from the matrix network to IRC and who haven't changed their nick 05:58 < linux_probe> {m] for morons =p 08:22 < Android> what are we going to do call in the jedi to stop cogent? 08:22 < skyroveRR> Cogent? 08:22 < Android> cogent networks 08:23 < skyroveRR> Stop Cogent from doing what? 08:23 < Android> blocking h.e. 08:24 < Android> in an ipv6 network there isnt much for hiding 08:25 < Android> it accepts ping 08:26 < Android> some r!mnanys of operators and software functional enough to run a working firewall 08:26 < skyroveRR> What's the reason for Cogent to block HE? 08:26 < Android> any left? 08:26 < Android> can be many reasons 08:27 < Android> quaranteen 08:27 < Android> userbase providing cashflow 08:28 < Android> no control for scientific method 08:28 < Android> with criminal acts requires using the suspect 08:28 < Android> can be many reasons 08:29 < Android> securing the final plauge 08:29 < senaps> hi all, in GNU/LINUX systems, in what forms can /etc/resolv.conf be populated to be valid? DNS1, nameserver, search .... is there any other keyword? 08:29 < Android> think most of the global population possibly wiped out 08:31 < Apachez> senaps: man resolv.conf 08:35 < Android> is it vilegent? 08:36 < Android> suppose HE is going after nucleur power 08:37 < Android> there was always that physics argument 08:37 < orlock> senaps: what Apachez said 08:39 < Android> did the skull bochs break 0 law? 08:40 < Android> HE got that fire? 08:44 < Android> HE got that fire? 08:45 < Android> Did you hexy me eyes? 08:45 <+pppingme> wow.. 32tb of ram 08:46 < Android> pppingme yeah speed test it 08:46 < Android> is it real 08:46 <+pppingme> can't afford it.. I'm sure its a multi-million dollar box.. 08:46 <+pppingme> oh, its real alright.. no doubts.. 08:46 < Android> the matrix is like being in a lottery and not knowing what the prize is 08:47 < Android> how many can wait to be released from machines 08:48 < Android> 30fps for eyes 08:48 < Android> what is the speed of hearing 08:48 < Android> inverse mach speed 08:49 < Android> the time it takes for a soynd to reach mind 08:50 < Android> aw schucks truthr 08:51 < truthr> Android, what!? 08:52 < Android> 32tb of ram some headspace huh 08:53 < Android> truthr what, what!? 08:53 < truthr> Android, what is it man!? what, what! 08:54 < truthr> Android, i am just..breaking your balls for no reason 08:54 < truthr> one of those days 08:54 < Android> the speed inverse mach 08:54 < Android> why you break my balls 08:56 < truthr> just because, i thought it would be funny. 09:25 < ahyu84> anyone heard FBI asking everyone restart their own router? 09:25 < skyroveRR> lol 09:26 < skyroveRR> Probably must have served a memo to their own department. 09:26 < Phil-Work> that'd be a good reason for an outage - might even get a cheeky JunOS upgrade done in the middle of the day 09:26 < ahyu84> lol 09:26 < Phil-Work> the FBI told me to restart it, boss 09:27 < skyroveRR> "Requested" or "Ordered"? :P 09:36 < Phil-Work> skyroveRR, ordered, obviously 09:36 < Apachez> no they didnt 09:36 < Apachez> some tech article asked fbi what to do 09:36 < Apachez> and they recommended to reboot the router 09:36 < Apachez> there is no orders 09:36 < Phil-Work> Apachez, semantics 09:36 < Phil-Work> when else can you upgrade a router in the middle of the day and get away with it? :D 09:39 < cheapie> My router isn't vulnerable, at least not to that :) 09:40 < skyroveRR> Your router has already been cleared. 09:44 < Android> what phase is the moon in now? 09:45 < ^7heo> bleeding 09:45 < Android> yeah? 09:46 < ^7heo> from the ears 09:46 < skyroveRR> And the holes. 09:46 < ^7heo> while sneezing little caktii 09:47 < skyroveRR> What the hell is caktii? 09:47 < ^7heo> many times one caktus 09:49 < ^7heo> My router is so secure, my IP is 127.43.98.117. Come and get me #myrouterissupersecure 09:49 < Android> can sue for it? 09:49 < ^7heo> Android: I don't know her, and you're omitting the verb. 09:49 < cheapie> ^7heo: That's not my home IP address *or* the one I'm connecting from :P 09:50 < Android> wgat machine usbit witg 32tb ram the eix? 09:51 < Android> soynds fairly unique 09:51 < ^7heo> Android: I suggest you try using a different body part as your chosen input method. 09:51 < ^7heo> Android: the current one isn't doing a good job. 09:52 < ^7heo> skyroveRR: also apparently it's spelled cacti 09:53 < Android> l 09:53 < cheapie> I mean, my router is vulnerable to some other stuff (like Spectre, which wasn't even really a thing yet when it was last rebooted and it could use a kernel update), and probably a bunch of other stuff too. Just not that one particular issue :P 09:54 < orlock> half-bricks. 09:54 < orlock> most routers are vulnerable to a well-aimed half-brick. 09:54 < chrustler> My router is most vulnarable to power outage due to vacuum cleaner. 09:54 < Android> ^7heo how's that sovreign city state project going in texas? 09:54 < cheapie> Meh, I think mine could handle a brick being thrown at it, if you don't throw it too hard :P 09:54 < Android> it is vetter to blame the device 09:55 < Android> not my thumbs 09:56 < Android> saw a new prospective seat of the government 09:56 < Android> portable chair 09:57 < Android> can we put scarface on here? 09:58 < Android> never underestimate the power of masses of stupid people 09:59 < Android> 250,000,000 is said to be a conservative count 10:00 < Android> if the ipv6 net expands a few "good" men behind firewalls run it all 10:00 < Android> send okc type back 10:00 < Android> with the dog 10:02 < Android> there is plenty of work out there 10:02 < Android> the exponential propogation of errors 10:03 < Android> the last days terrible like no other 10:03 < Android> minds hanging on to old dreams 10:04 < Android> which machine has 32tb ram? 10:04 < Android> something to write a love letter 10:04 < Android> contained in voltage 10:05 < Android> in the hopes earth has some dance left 10:06 < Android> to think the flrsh is fooled by light 10:06 < Android> l-tryptophan 10:06 < Android> networking 10:07 < Android> see that new Time magazine cover? 10:07 < Android> My Lan 10:08 < Android> which machine has 32tb ram geffin eix? 10:10 < Android> are you being attacked by raid drone psuedo gholas? 10:10 < Android> talk about that episode of DS9 explaining demonic posession 10:10 < Android> nah 10:10 < Android> demons 10:12 < Android> eix egrega zeta 10:12 <+pppingme> Android you're all over the place, stay on topic.. 10:12 < Android> mnemonic nomenclature 10:13 < Android> loose barouqe cyphers 10:13 < Kingrat> hes on a roll man, dont stop this stimulating conversation pppingme 10:14 < Android> Kingrat on a roll are you spiking my food again? 10:16 < Android> then calling police so swarms of qbasic show up to "help" 10:16 < Android> 32tb the last refuge for the persecuted mind 10:17 < Android> where is it? 10:18 < skyroveRR> In your ass. 10:19 < TandyUK> Biggest machine I manage has 6TB ram 10:19 < TandyUK> not sure how you could physically fit 32Tb in one machine 10:20 <+pppingme> is that 6tb machine maxed out? 10:20 < TandyUK> yeah 10:20 < TandyUK> 48x128GB stick iirc 10:20 < Android> the Kolab 10:21 <+pppingme> how many physical cpu's? 10:21 < TandyUK> 4 xeons 10:21 < TandyUK> its a hp DL-580 10:21 < Android> sounds like cogent 10:21 < TandyUK> 4u ffs lol 10:21 < Android> boyd k packer 10:21 < TandyUK> Android: what?? 10:22 < Android> hp 10:22 < Android> packard-bell 10:22 < Android> ctr ciphe 10:22 < TandyUK> well youre getting better/worse 10:22 < skyroveRR> Did someone accidentally give him weed or some shit? 10:23 < TandyUK> your sentences werent making sense before, now even words arent 10:23 < Android> what is the ip addr of the 32tb machine 10:23 < Android> plug in my pae kernel 10:23 < TandyUK> 192.168.1.15 i think 10:23 <+pppingme> its somewhere on the 26/8 subnet, you'll just have to nmap it 10:24 < TandyUK> or is it 62/8 10:25 < Android> tandy are you really having trouble gathering sense from what I've sent? 10:26 < TandyUK> I dont think its just me having trouble tbh 10:28 <+pppingme> TandyUK the 64TB ram machine physically takes two racks 10:30 < TandyUK> what sort of cpu and storage does it have lol 10:31 < TandyUK> that DL580 has 48 2.5" bays 10:31 <+pppingme> the two racks doesn't include any storage 10:32 <+pppingme> 170 cores (I think its 10 cores per chip), plus almost every "subsystem" has its own cpu's on top of that, so all i/o and other stuff is offloaded 10:35 < TandyUK> thats surprisingly low give nthe amount of ram imho 10:35 < TandyUK> 2 racks id expect more like 170 chips 10:35 < TandyUK> well maybe 100 or so 10:36 <+pppingme> considering everything is offloaded, it probably does.. 10:36 < masuberu> good afternoon, could someone help to understand what this message means? shu-server.novalocal > 129.94.15.158: ICMP host shu-server.novalocal unreachable - admin prohibited, length 60 10:36 < masuberu> I am getting this from tcpdump 10:37 < masuberu> shu-server.novalocal has a web service listening to port 8787 and I am trying to access it from 129.94.15.158 10:37 <+xand> it's sending a reply saying it's not allowed 10:37 < masuberu> obviously 129.94.15.158 can access the website 10:37 <+xand> e.g. blocked by firewall with REJECT 10:38 < masuberu> ok 10:38 < masuberu> hum 10:39 <+pppingme> masuberu means a fw is dropping it 10:39 <+pppingme> TandyUK it has 5 "drawers" of pci slots, 16 each I beleive.. 10:39 < masuberu> thanks! 10:43 < TandyUK> got any specs/model number etc? 10:44 < TandyUK> or is this thing custom made 10:45 <+pppingme> https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0ahUKEwiJja2bwqrbAhWL24MKHcLwDoMQFggnMAA&url=https%3A%2F%2Fwww.ibm.com%2Fdeveloperworks%2Fcommunity%2Fwikis%2Fform%2Fanonymous%2Fapi%2Fwiki%2F33d270cb-c060-40f6-99f3-956c3cb452a3%2Fpage%2F885fd4df-c77d-4bb8-a43b-f4f44100b3ac%2Fattachment%2F7fd7adad-44dd-43c9-90d7-5c97650da544%2Fmedia%2FIBM%2520z14%2520technology%2520Pitch.pdf&usg=AOvVaw1cJLHYOXAs3zsrtvehH7Wc 10:46 < TandyUK> try an actual page lol 10:46 < TandyUK> google just gives me a white page for that 10:46 <+pppingme> hmm.. should shoot out a pdf 10:46 < TandyUK> unless the url got cut short 10:46 <+pppingme> let me see if I can find a more direct link 10:47 < TandyUK> i'll just urldecode it lol 10:47 < TandyUK> https://www.ibm.com/developerworks/community/wikis/form/anonymous/api/wiki/33d270cb-c060-40f6-99f3-956c3cb452a3/page/885fd4df-c77d-4bb8-a43b-f4f44100b3ac/attachment/7fd7adad-44dd-43c9-90d7-5c97650da544/media/IBM%20z14%20technology%20Pitch.pdf 10:54 <+pppingme> yeah, thats it.. 10:54 <+pppingme> look at page 11 and 15-16 10:59 < TandyUK> what on earth are you using it for anyway 11:04 <+pppingme> Oh, I'm not using it, my wife won't let me have one.. 11:04 <+pppingme> I have installed linux on them though 11:09 < TandyUK> fill it with GTX 1080's all fully SLI'd, and play somethign sexy in like 48K lol 11:09 < shtrb|work> at least something that could handle FF/Chrome with few open tabs 11:11 < shtrb|work> But can you install a single image over that (like just a normal Debian + plasma5 or gnome ) ? 11:12 <+pppingme> shtrb|work you can, but its rare, they are usually partitioned to at least a couple 11:13 < Apachez> https://twitter.com/cnLedger/status/1001335269180653568 11:19 < skyroveRR> shtrb|work: you want KDE and GNOME in one image? 11:22 < shtrb|work> why not ? so much ram you could even have chrome running with multiple tabs 11:26 < skyroveRR> How much RAM are you talking about? 11:26 < shtrb|work> max memory is 32 TiB 11:27 < skyroveRR> Am I misreading at GiB? 11:27 < skyroveRR> * misreading it as 11:28 < shtrb|work> Tera 11:29 < shtrb|work> the M1 start from 320 11:29 < shtrb|work> 32 GiB 11:29 < shtrb|work> *320 GiB 11:33 < Emperorpenguin> skyroveRR: I've seen a machine with 32 TiB of ram 11:33 < Emperorpenguin> it was... fun 11:33 < Emperorpenguin> and big, and spews a lot of heat 11:34 < shtrb|work> But can it run chrome :D 11:36 < shtrb|work> in a few years, maybe we will have that in laptops 11:36 < bezaban> I'm not really utilizing my 32gb 11:36 < skyroveRR> shtrb|work: Just to fucking run chrome? That's retarded. 11:37 < shtrb|work> skyroveRR, a browser gotta eat 11:38 < shtrb|work> bezaban, having 16 and 32 on different machine and I can see swap being used 11:43 <+catphish> 32TiB of RAM is a little mad 11:45 < shtrb|work> like having more than 640KiB ? 11:45 < shtrb|work> Oh hi catphish , how is the novnc going ? 11:45 <+catphish> shtrb|work: fine, i fixed it :) 11:46 < shtrb|work> I wished to ask you, did you use ws to add audio transfer ? 11:47 <+catphish> no 11:47 <+catphish> i only use VNC, and VNC doesn't support audio 11:48 < TandyUK> bezaban: im using 44% of 64GB, and for some reason windows still compresses some and is using 1.8Gb swap lol 11:49 < skyroveRR> TandyUK: chrome or IE? 11:49 < TandyUK> chrome ofc lol 11:49 < TandyUK> unless i have to manage an hp blade 11:49 < skyroveRR> How many tabs? 11:49 < TandyUK> er some lol 11:49 < skyroveRR> What's the number? ... 11:49 < TandyUK> i cant count that high on my fingers (and toes) 11:49 < TandyUK> i cant be fucked to count them 11:49 < skyroveRR> ~100? 11:49 < TandyUK> enough that on a 1920x1080 screen, you can only see the icon 11:50 < TandyUK> and theres 3 windows like that 11:50 < skyroveRR> heh 11:50 <+catphish> TandyUK: good operating systems will swap out unused memory to leave more RAM for caching 11:50 <+catphish> that's what one *should* be using swap for, not the other reason :) 11:50 < skyroveRR> catphish: he uses a better one, lol 11:50 < TandyUK> you miss the point lol, theres 40GB free ram, so wtf is it hoping to achieve :P 11:51 < TandyUK> and compressing memory to save 500Mb is just LOL 11:51 < shtrb|work> catphish, I know it doesn't that is why I asked about wc 11:51 <+catphish> i don't know about compression, that seems unnecessary 11:51 < shtrb|work> *ws 11:52 <+catphish> TandyUK: but it should be managing it intelligently, so it probably decided that cache was more useful that whatever it swapped out 11:52 <+catphish> on the other hand, maybe windows just sucks at memory management, i don't know 11:53 < skyroveRR> catphish: well, haven't you investigated? :P 11:53 <+catphish> i only know linux, which does this, but not when there's a ton of RAM available 11:53 < TandyUK> dunno it just seems rather pointless to swap out, and/or compress ram when theresa over 50% free 11:54 < TandyUK> when its running lower, sure go for it 11:54 <+catphish> my PC for example has 16GB RAM, 5GB is used for programs, 8GB is used for cache, it hasn't swapped anything out yet 11:54 < shtrb|work> catphish, if you wish to some fun caching try take ~32 GB from /dev/urandom and see how nicly it behave 11:54 < TandyUK> 13.5GB in use, 240MB compressed, 17.8GB Cached 11:54 < shtrb|work> I was hitting ~48MB/s recently on a Sata 3 link 11:55 <+catphish> TandyUK: yeah linux obviously has some threshold and won't do it pointlessly like that, like in my PC i have approx 11GB free, and it's only using 8 of that for cache, so no swapping 11:55 < TandyUK> yeah linux wont swap until it actually needs to 11:55 <+catphish> no, not *needs to* 11:55 < TandyUK> although there is a swappiness sysctl var that affects how aggressive it is 11:55 <+catphish> yes, you can indeed control it 11:56 < TandyUK> with swappiness=1, it literally will not swap until it is forced to 11:56 <+catphish> but depending on that setting, it makes a determination of what cache will be more useful than unused application ram 11:56 < TandyUK> 60 iirc is the default 11:57 < TandyUK> 5 is a more sane value imho 11:57 <+catphish> yep, 60 is the default, i don't know wxactly what that means, but it always works really well for me 11:57 <+catphish> only swaps out stuff that's not needed, and only when cache is being used 11:58 <+catphish> i'm still annoyed linux has no way to enable swap without allowing program memory use to exceed physical memory 11:58 < djph> it's too early, and I'm probably a dumbass for asking -- per a customer of an ISP in (unknown location), said ISP offers xDSL and Microwave for when the DSL fails; both of which provide the same "public(tm)" IP address. I suppose it's possible to do this, but ... I'm just not wrapping my head around it 11:58 <+catphish> because it doesn't, i can't use swap on any servers 11:59 < shtrb|work> djph, there are dual wan and virtual ip 11:59 < shtrb|work> *virtual ip package 11:59 <+catphish> djph: there are plenty of ways they could do that, most likely it just does ppp, and when one goes down, it dials over the other 11:59 <+catphish> but it's also possible both are up and they use a routing protocol to route the IP over the best available link 12:00 < shtrb|work> djph, also multi link access 12:00 < djph> catphish: yeah, the fun part is the ISP apparently doesn't provide a router to handle this 12:00 < shtrb|work> djph, I remember mlppp being advertiszed in the past 12:00 <+catphish> mlppp is great for this, and even does loadbalancing, but i can't imagine it being used over different mediums 12:00 < shtrb|work> djph, why do you need a router for that if that's mlppp or virutal ip ? 12:01 < shtrb|work> catphish, mlppp was designed for that (I think) 12:01 <+xand> my ISP will automatically route my IP blocks over L2TP if VDSL goes down 12:01 <+catphish> shtrb|work: mlppp is designed to bond phone lines afaik 12:01 <+xand> VDSL uses PPPoE 12:01 < djph> shtrb|work: because I have no fucking clue what this person is doing - he's posting on forums, and I'm sitting here reading his "requirement(tm)" and just kinda going "erruwotm8" 12:01 <+catphish> that's another option, ppp on one line and a tunnel on the other 12:01 < shtrb|work> catphish, oh thanks, I thought it was designed for any , but nice to know 12:02 <+catphish> maybe they provide details on how to configure your own router to do this 12:02 < shtrb|work> Is that Orange by any chance ? 12:02 <+catphish> shtrb|work: well i see no technical reason you couldn't use it over different types of lines, just never seen it 12:02 < shtrb|work> because I was a customer , and was getting dual wan like that from them (but with 3G and wire) 12:02 < djph> No idea. dude's being light on details 12:02 < shtrb|work> ok 12:03 <+catphish> if badgers chew through my fiber i'm screwed, no backup :( 12:04 < shtrb|work> badgers eat fiber ? I thought it's the rats which like the cables 12:04 < shtrb|work> also , fuck rats , can't they die in an easy to access places ?! 12:04 <+catphish> i was joking, i think it it mostly rats 12:04 <+catphish> though i've not heard of them chewing underground fiber 12:05 < djph> He writes too well to be in some backasswards country, but i'm envisioning his "public(tm)" IP is really CGN 12:05 < djph> but I have no proof 12:05 <+catphish> that would be pretty pointless 12:05 < djph> we've seen ISPs from backasswards countries use AOL as their CGN, so ... 12:06 < shtrb|work> "backassword" mean nothing about education , I once felt like a total fool near people from centeral africa 12:06 <+catphish> i don't think backasswards is actually a word 12:07 < ^7heo> for brits it isn't. 12:07 < ^7heo> but for the rest of the world, we're free to do ANYTHING! 12:08 < ^7heo> ENGLISH IS NOT OUR LANGUAGE, IT IS A JOKE! 12:08 < shtrb|work> I remember meeting few people from Centeral Africa , when one had applogized for only having a bachlor degree and not masters from ivy league like the rest of them 12:10 < regdude> I remember one guy from ZA cried because he didn't pass an exam in networking to get a certficiate 12:10 < shtrb|work> I would also had cried if I lived in ZA and was white 12:11 < shtrb|work> remove the white comment, someone who belived in white science 12:11 < shtrb|work> catphish, http://www.bbc.com/news/uk-scotland-highlands-islands-26480673 12:12 < djph> "white science"? 12:12 < regdude> he was black, not sure why that matters though 12:13 < shtrb|work> djph, https://www.youtube.com/watch?v=C9SiRNibD14 don't open if you have a tea in your hand or your mouth (it can cause spills) 12:13 < shtrb|work> Decallnization of science 12:19 < Apachez> and afterwards she uses her smartphone to post on facebook :D 12:19 < Apachez> both things created by those horrible horrible white scientists ;) 12:20 < shtrb|work> just to make it clear, it's not some Cape Town Uni thing, decolonization education and science is an actual thing against the "white science" 12:23 < shtrb|work> That is discussed at other places like https://www.cambridge.org/core/journals/australian-journal-of-indigenous-education/article/native-approaches-to-decolonising-education-in-institutions-of-higher-learning/E321E5482ED676EF62154F291313000E 12:24 <+catphish> idea for a product: continuous filter coffee machine 12:25 < dogbert_2> wouldn't the filter wear out? 12:25 < shtrb|work> ketting someone drink coffee and collect what get out of the other end ? 12:25 <+catphish> it just makes filter coffee continuously, perhaps using a conveyer belt made of stainless steel mesh 12:25 < shtrb|work> The filter should last fo 80 years! 12:25 < shtrb|work> catphish, why do you need to filter coffee ? 12:26 <+catphish> that's how software developers work, you put coffee in, code comes out 12:27 < shtrb|work> That a byproduct like bugs, smell, and sound 12:28 <+catphish> does posting it here stop me patenting it? 12:28 < detha> catphish: if you have a central heating system, just start pumping coffee through that, and install taps at each workstation 12:28 < detha> dual-purpose, and all that 12:29 <+catphish> still gotta brew the coffee somehow 12:29 < detha> that's the sysadmin's job, not the developers 12:29 < shtrb|work> human generate heat all the time, you could collect that 12:29 <+catphish> what if i'm all 3: sysadmin, developer, and coffee maker 12:30 < detha> then we call you Jack (of all trades) 12:30 < djph> catphish: where's my automatic networked coffeemaker? 12:30 < Apachez> and if you force everyone to wear a buttplug you can collect +37C of heat from each person (give or take) 12:30 < shtrb|work> djph, network attched coffee makers suck 12:30 < shtrb|work> they let everyone know when there is coffee in the pot , they come , and never refill 12:31 < djph> shtrb|work: yeah, because they're corporate-itized. my 1990s-era networked toaster was much better 12:31 < shtrb|work> wtf is a network toaster 12:31 < detha> a cisco device. you plug it into your network, and your network is toast 12:32 < shtrb|work> lol 12:33 < shtrb|work> That I can understand 12:34 < shtrb|work> speaking of toasted network which geniuos thought it would be agood idea to push firmware upgrade on ISP level 12:35 <+catphish> that happens all the time 12:35 <+catphish> you have a managed router, your ISP upgrades it 12:35 < shtrb|work> in the past they had been sending an email, guess GDPR has it's fun result 12:36 <+catphish> i don't think that's why 12:36 < djph> no, it was a toaster, for making toast ... that we attached to a network 12:37 < shtrb|work> someone connected the wires to the Lan ?! 12:37 < shtrb|work> that is one hell of an angry admin 12:37 < djph> ... and then made a beowulf cluster out of. But it couldn't play ... whatever the meme before "but can it play crysis" was 12:38 < djph> it was his idea 12:38 < djph> although, looking back, he *might* have meant the mac doorstops that were piled up in the corner 12:57 < banisterfiend> hi, when i run a certain program and then type 'ifconfig' the ipv6 addresses for one of my interfaces disappears 12:58 < banisterfiend> anyone know why this could be? ipv6 doesn't appear to be disabled though as i can still ping ::1 etc 12:59 < light> a certain program 13:00 < banisterfiend> light a vpn 13:00 < banisterfiend> vpn client 13:00 < shtrb|work> which one ? could it be it bring down the ipv6 address/generate a new interface / reload module ? 13:00 < light> and you think that software that changes your network settings may have changed your network settings? 13:00 < turtle> woah 13:01 < banisterfiend> shtrb|work all it apperas to do is just add ip6tables rules 13:01 < bezaban> is it a 'privacy vpn'? It could be taking down ip6 to avoid leaks because they don't support ipv6 13:01 < djph> light: networkception 13:03 < shtrb|work> banisterfiend, do you know the name for that application ? . ::1 can be answered on lo (and not your ethernet card) 13:03 < banisterfiend> shtrb|work private internet access vpn client 13:04 < shtrb|work> They have ipsec, l2tp , pptp and openvpn which one ? 13:04 < banisterfiend> shtrb|work openvpn 13:04 < shtrb|work> TUN or TAP ? 13:05 < banisterfiend> tun 13:05 < light> you can use the openvpn from your package manager 13:06 < light> just chuck all the .conf files in /etc/openvpn/client and systemctl start openvpn-client@ 13:06 < shtrb|work> does one of the scripts has "ipv6.method ignore" or conf.disable_ipv6=1 ? 13:06 < shtrb|work> but it would be better just to use the normal openvpn as light have shown you 13:07 < banisterfiend> shtrb|work normal openvpn doesn't come with killswitch etc 13:07 < shtrb|work> wtf ? 13:08 < shtrb|work> disconnect and systemctl stop does magic 13:08 < shtrb|work> so is the windows client , don't know about mac 13:08 < light> remove the original default route, if the VPN drops you will lose internet access 13:08 < light> just make sure you have a path to the VPN endpoint 13:09 < shtrb|work> light openvpn has a sane routing option to push a default gw via default gw 13:09 < light> split into two segments 13:19 < djph> because they can't use /0 (because the main default gateway ...) 13:31 < compdoc> anyone good with samba as DC or member server? 13:32 < light> yeah they do it because two /1's are more specific so they can keep the original default route in place but inactive 14:25 < transhuman> Hi! I have a Netgear GS108T maybe v2 not sure the docs read """In addition, the GS108T supports IEEE 802.3af standard for Power over Ethernet (PoE). It can obtain its power from either a PoE source or from an external AC power adapter. This gives an SMB flexibility when installing the switch in places where a power outlet is not present""" 14:25 < transhuman> does that mean I can buy some kind of power source and plug it into one of the rj45 ports? 14:26 < skyroveRR> transhuman: nope. 14:27 < transhuman> there is no way that the power adapter it has is going to power PoE devices 14:27 < transhuman> so how do I get it to work? 14:29 < transhuman> answered my own question---alternatively, unit can be powered by IEEE 802.3af PSE via Ethernet port 15:18 < djph> how the hell is its external power source *not* capable of supplying PoE voltage?! 15:22 < regdude> there are some "poe" switches that work below 48V, but require 48V for 802.3at/af to work 15:27 < detha> Also, I have seen switches that will do PoE on up to 1/3 or half of the ports on a standard PSU, and PoE on all ports with a larger/more expensive one 15:32 < djph> regdude: sure, but that's usually as simple as "go buy a 48v 3A power brick" 15:39 < Apachez> ongoing bgp hijack attack against cloudflares public dns (1.1.1.0/24) https://bgpstream.com/event/138295 15:40 < Phil-Work> Apachez, which AS is originating? 15:41 < Phil-Work> oh, that link says 15:41 < Phil-Work> I don't see it here... which would be unusual given that HE usually leaks like a sieve 16:17 <+catphish> i just has awful flashbacks to last night's attempt at conversation 16:18 < microwaved_> why is that? 16:18 <+catphish> it was just a failure 16:18 <+catphish> i think you had to be here 16:18 <+catphish> on the plus side, my new VM management system is looking very pretty 16:21 <+catphish> clim: identity crisis there? lol 16:27 < Apachez> catphish: pics or it didnt happen 16:27 <+catphish> lets pretend it didn't happen 16:28 <+xand> in here? 16:28 <+catphish> yes 16:29 <+catphish> when i should have known better and been sleeping :) 16:29 * xand is feeling rather apathetic at work... only three weeks left here and doesn't seem worth starting anything >.< 16:29 <+catphish> xand: take a guitar to work, take the time to learn to play 17:10 < grawity> hmm, how many firmware upgrades can an ubiquiti AP take before its flash starts failing 17:10 < Aleksandar86> hi 17:13 < name> your mother is a water buffalo 17:14 < v0Lk> grawity: how old is the device? 17:14 < name> right? 17:14 < name> im confused 17:14 < grawity> v0Lk: no idea, other than it's a picostation M2 17:14 < name> hi birb 17:14 < grawity> certainly a few years 17:15 < grawity> looks like just the webUI is broken for now, guess it'll do the job a while longer 17:15 < v0Lk> do you have a write count so far? 17:17 < Aleksandar86> What is good software for draw network diagrams topology 17:17 < Aleksandar86> ? 17:17 < Aleksandar86> freeware 17:17 < name> I smoked a chilum and had to call an ambulance and a coastguard. the coastcard was to tow my jaw shut again 17:18 < name> 911 ambulance and coastguard pls 17:19 < name> my twat also sounds like a kazoo 17:20 < Aleksandar86> anybody here use Edrawsoft Edraw Network Diagram? 17:20 < name> yes actually 17:20 < name> edraw max 17:21 < name> but for a resource diagram and it failed 17:22 < name> use edraw mindmap cause its free and no trail 17:22 < name> the free version that is 17:22 < name> its ba 17:22 < name> basically exactually like max 17:40 < electricmilk> Any idea why so many staff workstations are trying to connect to settings-ssl.xboxlive.com ? 17:40 < electricmilk> Does something legit use that host? Possibly something with Office 365? 17:40 < UncleDrax> windows 10? 17:40 < electricmilk> Yes sir 17:40 < UncleDrax> win10 does xbox things 17:40 < heller_> 7g #vag 17:40 < heller_> oops 17:41 < electricmilk> ah I see. Our content filter is blocking it though 17:41 < UncleDrax> i don't know details of what it does beyond it does. 17:41 < NeilHanlon> probably not the best place to ask, but anyone seeing awful loss on level3? 17:42 < electricmilk> UncleDrax, Perhaps when staff logs into their Windows account it tries to connect to Xbox server as well 17:42 < electricmilk> NeilHanlon, Nope 17:43 < UncleDrax> Level3's pretty big.. they probably have something broken somewhere at any given time. That said, obligatory reminder interp Traceroute correctly (only mention because it's common) 17:47 < NeilHanlon> yeah I'm getting like 80% packet loss on via level3 from Boston to Europe 17:55 < Riez> If any one is familiar with multipeer connectivity in iOS 7, can you explain how something like that works efficiently? 18:52 < sql00_> hello 18:56 < sql00_> I exported netflow records to Elasticsearch(ELK) and I want to detect SSH tunnels on port different 22. How can I detect SSH Tunnels, Failed SSH login attempts and Successful Logins? Thanks in advance 19:00 < strixdio> is a DMZ basically just a separate subnet? 19:01 < E1ephant> yeah I think that is the only safe assumption 19:01 < strixdio> Okay, thanks. 19:01 < E1ephant> anyone else is likely to tact on $random-default with that tho 19:01 < strixdio> ? 19:02 < E1ephant> like some vendors may extend that assumption 19:02 < E1ephant> with random settings 19:03 < strixdio> Oh, alright. Specifically I'm using pfsense, and am considering the use-case for a DMZ. 19:03 < E1ephant> as in, the DMZ also means no NAT, or doesn't hit a specific fw chain/policy 19:03 < strixdio> Ah, okay. 19:03 < E1ephant> sql00_: not sure how you could detect tunnel usage in netflow (just syslog in elk should do this?) 19:04 < electricmilk> NeilHanlon, You can also use the tool MTR to trace the path and see where the packet loss takes place. I find it a bit handier than traceroute for detecting packet loss. 19:05 < electricmilk> NeilHanlon, https://www.linode.com/docs/networking/diagnostics/diagnosing-network-issues-with-mtr/ 19:05 < NeilHanlon> electricmilk: yeah I think this might be some flapping routes with level3 to us in Somerville, MA 19:05 < NeilHanlon> not exactly sure.. contacted our Colo's NOC for them to troubleshoot 19:05 < electricmilk> Packet loss issues are the worst 19:05 < NeilHanlon> https://gist.github.com/NeilHanlon/1547427d04ec23a96640a59ea8937242 19:06 < electricmilk> Took our ISP about 3 weeks to finally fix. They just kept sending out technicians to replace the modem. Ugh 19:06 < electricmilk> At bad times we had like 80% packet loss..then it would work fine for about 15 minutes. 19:06 < NeilHanlon> yeah much easier to fix/diagnose if I have direct access to it.. this is like two hops away 19:06 < electricmilk> Yea..nothing you can do about that but complain 19:07 < NeilHanlon> some MTRs show the loss at that level3 node... some MTRs somehow show the packetloss at our border (99% sure that's MTR weirdness) 19:07 < NeilHanlon> unfortunately our origin taking >30s to respond to our CDN means a lot of our clients either wait 30+ for the page, or don't get it at all 19:07 < NeilHanlon> which means we're losing money 19:07 < NeilHanlon> https://shrug.pw 19:07 < electricmilk> What kind of loss are you getting? 19:08 < electricmilk> (percentage) 19:09 < NeilHanlon> 80% 19:10 < electricmilk> yea that's no bueno 19:11 < electricmilk> Our Internet Service options out here are horrible so we have 3 different ISP's 19:11 < detha> NeilHanlon: 80% to destination, or 80% to som intermediate hop? 19:13 < tom_ato> yeah 80% is "my service is hard down, fix it" kind of stuff.... 19:15 < NeilHanlon> detha: through some intermediate hop 19:16 < NeilHanlon> example mtr: https://gist.github.com/NeilHanlon/455e0210fd441a1a2076df6707db2b11 19:16 < Apachez> d 19:16 < detha> NeilHanlon: if the 'redacted' one is the endpoint, that's a perfectly fine link 19:17 < Apachez> just igbnore that loss 19:17 < Apachez> it only means that hop filters icmp ttl expired messages 19:17 < detha> control plane limiting in some router, doesn't concern you 19:17 < Apachez> or rather throttles them 19:21 < cortexman> My internet (Comcast + wifi) is experiencing some kind of quite regular very brief disconnects 19:21 < cortexman> What's a good tool to use (linux) to characterize this so as to plot it 19:21 < NeilHanlon> I understand that; our origin is taking way too long respond to things and we're not finding any evidence it's our application or internal network. 19:21 < cortexman> I know how regular it is because I use Citrix regularly, and it tries to reconnect every time it happens, whereas otherwise it's usually not visible (although occasionally it is). 19:22 < djph> cortexman: don't even need linux. (1) scrap the isp-supplied gateway. (2) install your own modem and router and wireless APs (preferably all different devices) 19:22 < electricmilk> also can just plug an ethernet cord directly into the box and see if the disconnect happens...rule out WiFi 19:23 < Apachez> 3) strip nude on the balcony 19:23 < NeilHanlon> sure it's not just citrix? ;) 19:23 < Apachez> 4) do the "helicopter" and call it a day 19:23 < electricmilk> lol 19:23 < NeilHanlon> oh sorry spelled citrix wrong. shitrix 19:25 < detha> NeilHanlon: you mentioned 30 seconds. that sounds almost like DNS timeout somewhere. How does the CDN connect to origin? 19:27 < NeilHanlon> not exactly 30s. CDN to origin seems fine other than them seeing a lot of "time to first byte" timeouts, which means it's taking over 180000ms to receive the first byte from our origins 19:27 < NeilHanlon> they connect over IP, not using DNS 19:28 < NeilHanlon> it really sounds like something inside our app but we can't find any evidence of that anywhere :( 19:28 < cortexman> @djph not an option, internet provided by landlady to whole complex 19:28 < djph> cortexman: well, then you're boned. 19:28 < cortexman> i just need to characterize the problem so comcast can't say the signal looks fine 19:28 < cortexman> no... they just need proof. 19:29 < NeilHanlon> comcast won't accept any proof of anything, in my experience 19:29 < cortexman> ok, but can we focus on the technical element.. 19:29 < cortexman> how do i generate a plot of this 19:29 < djph> here's the deal, comcast *will* say the signal's fine, because the signal that they care about (i.e. whatever the cable version of a DLSAM is to the modem) is *fine*. 19:30 < cortexman> i'm thinking a tool that maintains a connection to a server i control, and documents all hiccups 19:30 < djph> after that, it's you're own fucking problem. Since you said "wifi", it's quite likely "your landlady" has shit options set. 19:30 < djph> ... holy hell ... s/you're/your/ 19:30 < cortexman> no man, it's probably the cable, hanging everywhere outside the building 19:30 < NeilHanlon> cortexman: i mean `ping` would probably be your best bet. ping your wifi gw 19:30 < cortexman> could also be wifi interference 19:30 < tom_ato> yeah if you have communal wifi, its always shit 19:30 < cortexman> in any case, how do i document what i see 19:30 < detha> NeilHanlon: time for some more in-depth testing then. Hit the CDN with a bunch of unique urls you can easily pick up and timestamp in your logs, script it for one hit per 10 seconds, compare 19:31 < tom_ato> i can also say, with extreme confidence, that comcasts wifi + modem gateways are awful 19:31 < tom_ato> they don't do any band steering 19:31 < cortexman> NeilHanlon: what about the case where it's not the wifi 19:31 < tom_ato> the signal loss is awful over short distances 19:32 < djph> cortexman: if there's coax all over the building, that's still your landlady's problem (and not comcast's network) 19:32 < cortexman> the router is quite close to me. ~15 feet, although two walls inbetween 19:32 < NeilHanlon> detha: we're trying to compare with our testing tool (catchpoint) but since their tests timeout after 30s, it's hard to say for sure.... definitely still digging into it 19:32 < detha> 'walls' or real brick walls? 19:32 < tom_ato> If you're sharing it with other people...then yeah. Its hard to say how many factors could be influencing that. 19:32 < cortexman> "walls" 19:33 < djph> comcast is only responsible up to their dmarc - usually for inbound cable, where tehy have the little grounding connector on the outside of the building. 19:33 < tom_ato> How many others could be connected to it at once? 19:33 < cortexman> 6 devices atm 19:34 < cortexman> ipad iphone xbox looks like a couple of laptops 19:35 < cortexman> so, about that tool. ping seems an odd choice 19:36 < cortexman> how about a persistent connection of sorts that doesn't tolerate disconnects. maybe a particular configuration of ssh, and a script to restart it whenever it drops 19:36 < detha> NeilHanlon: no need for fancy tools, it can be as simple as while :; do curl http://...?x=$(date +%M%S); sleep 10; done 19:37 < cortexman> i think I would need it to be streaming 19:37 < djph> really, you need a *wired* box to be able to test this with 19:37 < cortexman> need to evade tcp reconnects 19:38 < cortexman> i'm not going to get a wired box, but i can see it happening in Citrix so I should be able to do it over wifi 19:38 < cortexman> i'm pretty sure it's the cabling in any case 19:40 < NeilHanlon> Citrix... desktop? receiver? 19:40 < cortexman> receiver 19:41 < cortexman> I thought it was because I was connecting to Australia. turns out it works perfectly over my phone tether 19:42 < djph> you have too many variables in this test. Wifi is one of them. 19:42 < djph> until you can rule out wifi, you can't point at the ISP and say it's their service 19:42 < detha> cortexman: brief disconnects screams 'wifi' to me. Could not be true, but it is the first thing I would eliminate yes 19:42 < djph> (granted, you also have to rule out that it's the ISP-supplied gateway) 19:42 < cortexman> they replaced the gateway this week 19:43 < djph> then not likely the gateway itself, so you're back to "wifi" 19:43 < detha> or ISP changing NAT every 5 minutes 19:43 < djph> it's comcast, they don't CGNAT (or, well, at least they didn't when I had to be a customer of theirs) 19:45 < cortexman> i'm thinking I set up a server on AWS and measure synthetic syn-ack latency to generate the plot 19:46 < cortexman> then i have comcast come in and set up a router in my apartment and we do it again 19:47 < cortexman> i'm concerned this test won't really detect the problem. it's basically ping. 19:48 < cortexman> need to stream. 19:48 < tom_ato> i mean, you could stand up a virtual firewall in aws somewhere, create an ipsec tunnel from where you are 19:48 < tom_ato> and then do a UDP iperf test and leave it up till it breaks 19:48 < tom_ato> but good luck explaining that 19:50 < djph> $10 says the problem is one of (a) the wifi, (b) other infra that's still not comcast's problem. 19:50 < cortexman> tom_ato I have an OpenVPN instance ready - could do udp iperf over that and measure disconnects 19:51 < cortexman> not sure what the point of the extra layer is 19:51 < detha> cortexman: totally different test though - openvpn keeps the tunnel interface up through quite a bit of packet loss 19:52 < tom_ato> yeah, the point is just to be able to have an iperf endpoint over the internet 19:52 < tom_ato> but in any case, have you done a packet capture on your local machine to test this at all / see if anything weird happens 19:52 < detha> for test you could do a straight iperf endpoint, firewalled down to only one address 19:53 < tom_ato> i had an issue like this once where windows power settings for my WiFi nic were at some decreased level 19:53 < tom_ato> and my NIC was not compatable, so every minute or so i would see a bunch of ARPs go out 19:53 < tom_ato> and then it would hang 19:53 < tom_ato> and then it would come back, and windows never reported anything like the NIC being disabled or going offline 19:53 < tom_ato> it was literally just pausing all i/o on it periodically 19:55 < cortexman> thanks. i will have to study what an ipsec tunnel is. i have saved this chat. 19:59 < shangul> Hi, could an address example.com point to a hostname and a port(example.net:8080). e.g. when user tries to connect to example.com, actually is connecting to example.net:8080 20:00 < DoctorDick> Yes 20:01 < shangul> DoctorDick, How? If it's possible with DNS, record name/type would be enough. 20:02 < derpingit> hi guys. i need a device that will max out my 200/40mbit pine running openvpn. (connecting to torguard) . any suggestions? 20:03 <+catphish> suggestions for what? isn't maxing out the pipe exactly what you want? 20:04 < DoctorDick> derpingit, You can do it with a reverse proxy 20:04 <+catphish> also, isn't "torguard" a rather misleading name for an "anonymizing" product that isn't based on tor? 20:05 < DoctorDick> oops wrong person 20:05 < DoctorDick> shangul, You can use a reverse proxy 20:06 < shangul> thanks, I'll search about it 20:13 < Apachez> perhaps its based on the god Tor ? 20:14 < UncleDrax> "Tor is a genus of cyprinid fish commonly known as mahseers.". TY Wikipedia! 20:15 < UncleDrax> I think the God is 'Thor'.. but I can't account for spellings in languages other then English. 20:23 < brianx> hopefully it's not me, but the link in the title says server not found and dig shows NXDOMAIN, but does have a nameserver for nanoSouffle.net. 20:23 < brianx> i'm using debian and have a public IP. i would like to do something similar to the rewrites that are done by home wifi routers where a port on the debian machine is directed to a port on an internal machine, but in my case i want the redirected port to go to another machine on the public internet and to a different port number. the source should be rewritten so that the reply goes through the debian 20:23 < brianx> machine as well. my goal is to bypass a port blocked by the isp on the target but not on the debian machine. 20:25 < brianx> can anyone point me in the right direction for this kind of rewrite? 20:27 < DoctorDick> You'd want a reverse proxy then? 20:28 < brianx> i would prefer not to use a proxy but do it in iptables. i don't want to configure software to understand the protocol. 20:30 < shangul> DoctorDick, talking with me? 20:30 < DoctorDick> shangul, Nope 20:31 < brianx> i assumed that was to me, right DoctorDick? 20:31 < DoctorDick> Yes brianx 20:32 < DoctorDick> Yeah I mean you could use iptables 20:32 < DoctorDick> But a reverse proxy is definitely easier 20:33 < brianx> DoctorDick: do you know the name of any smtp reverse proxies that handle this without creating an open relay? 20:33 < DoctorDick> no 20:33 < brianx> i'm sure sendmail can do it, but sendmail is a pita. 20:35 < brianx> DoctorDick: is there a way to rewrite at the tcp/ip layers so that the packet hits the debian box, is logged much like NAT, rewritten, sent to the real target on it's different port with the debian box as the source, then the server can reply to the debian box who would reverse the process, just like happens in NAT? 20:35 < Barones> Hi, I'm stumbling in a way to document the logical/ports topology of a ISP, is there any tool or best practice to that? 20:44 < ouemt> with freeradius, is there a way to have PSK and authed devices on the same wireless network? 20:47 <+catphish> ouemt: you'd define 2 separate ESSIDs 20:49 < ouemt> catphish: got it, so the capability requires an AP that can do that (which is what I'm lacking) 20:50 <+catphish> ouemt: i'm surprised any access point exists that can do radius but not multiple ESSIDs 20:50 < ouemt> I can have 1 each on 2.4 and 5 GHz, so I was hoping I could get away with putting both on the same 20:50 <+catphish> but if that's the case, you're probably stuck :( 20:50 < ouemt> catphish: ancient airport extreme 20:50 <+catphish> ouemt: see if you can flash it with openwrt, that might help 20:50 < ouemt> working on getting a UAP-AC-PRO 20:51 <+catphish> i use various UAPs including AC-PRO 20:51 <+catphish> they're awesome 20:52 < ouemt> I didn't think openwrt was compatible with any of the apple gear 20:53 <+catphish> ouemt: might not be, i don't know 20:54 < ouemt> kk, I'll just wait to implement radius until I get the new AP 20:54 < ouemt> maybe I can figure out a way to do PPSK then too 20:54 <+xand> no Apple stuff on their list of hardware :( 20:55 < ouemt> can't say I'm surprised 21:17 < brianx> does anyone else have any idea how i can use the iptables interface to redirect smtp email on port 25 to another public computer on a different port number? (my local isp blocks port 25, my debian box has an isp that does not but is not local. i want the email server here for fast access.) 21:17 <+catphish> brianx: you need a SNAT rule and a DNAT rule 21:18 < brianx> catphish: i've been trying SNAT and DNAT. so far, something is eluding me. 21:19 <+catphish> start with the DNAT: iptables -A PREROUTING -p tcp -m tcp --dport 25 -j DNAT --to-destination 1.2.3.4:2599 21:19 <+catphish> that will forward any packets on port 25 to 1.2.3.4:2599 21:19 < brianx> there's a problem... i was using INPUT. :-| and the DNAT? 21:19 < brianx> err SNAT? 21:19 <+catphish> INPUT won't work :) 21:20 < brianx> yeah, discovered that. gives an error. :) 21:20 < imnotfat> hi guys, does someone grok bittorent? 21:20 < brianx> the DNAT looks promising. what about the SNAT part catphish? 21:20 <+catphish> brianx: you need to follow this up with a SNAT, the easiest way to do this is like this: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 21:21 <+catphish> that will make anything that leaves eth0 get rewritten with eth0's IP address 21:21 <+catphish> replace with the appropriate interface 21:21 <+catphish> finally, you need to make sure you have IP forwarding enabled 21:21 < brianx> catphish: thank you. i'll have to use the port number to make only that port get changed but i can live with everything leaving to the selected port or from the selected port (whichever works) ends up rewritten. 21:22 <+catphish> "net.ipv4.ip_forward = 1" in /etc/sysctl.conf, and run sysctl -p to apply it 21:22 <+catphish> does this host forward other traffic? 21:22 <+catphish> i was assuming it didn't :) 21:23 <+catphish> anyway, you can make that SNAT way more specific if you want 21:23 < brianx> ahh, i had only done forwarding temporarily. knew i needed to look up the way to make it permanent. thanks for that too. 21:24 < brianx> not at the moment, but i'd prefer to have flexibility on what gets forwarded when and to where. i'm guessing the -m tcp --dport 2599 would work on the SNAT. 21:24 <+catphish> iptables -t nat -A POSTROUTING -o eth0 -d 1.2.3.4 -j MASQUERADE 21:24 <+catphish> that would only NAT things to that specific host 21:24 <+catphish> you should add the port to that too 21:24 < brianx> that works too. :) 21:25 <+catphish> hopefully that all makes sense :) 21:25 < brianx> it does. thank you. 21:25 <+catphish> cool 21:25 < brianx> i was using the wrong table. stupid error on my part. 21:25 <+catphish> ah yes 21:25 <+catphish> did you test it? hopefully all works 21:26 < brianx> be a few minutes before i can apply it but i'm hopeful now. 21:26 < imnotfat> ok guys, does someone grok uTP connections at least? 21:27 <+catphish> brianx: good luck :( 21:27 <+catphish> * :) 21:27 < brianx> :) thank you. 21:28 < brianx> if i timeout... something went wrong. :-p 21:32 < imnotfat> guys i have some options that says ""Apply rate limit to uTP connections"" and there is no documentation. IF you have any ideas what this may mean, pls sayy 21:36 < djph_> imnotfat: Apparently, it "rate limits UTP connections" 21:37 < imnotfat> djph_, i was downloading with Bittorent, i removed that option, and my download speed increased 10x times. I wonder why they would such an option on purpose 21:38 < djph_> so that BT isn't the only thing that's using your bandwidth 21:38 < imnotfat> djph_, you mean so i can use other apps and stuff? 21:39 < djph_> no, mostly because "ew, fucking hipsters and their apps" ... but I suppose so. 21:40 < imnotfat> i wonder why would they do it by default. It's a terrible design. I spent 3 years waiting for downloads, and it got suspicious how i always download everything with 1 mb, so i went into settings and it was that option's fault. They could have done something like "full bandwidth" and "normal" mode. This way a person can see what mode he wants 21:41 < brianx> is "uTP" UTP, or is it something torrent specific? 21:41 < UncleDrax> so for the record, it's µTP (micr transport protocol) 21:41 < UncleDrax> vs the wire 21:41 < UncleDrax> :] 21:41 < brianx> thanks UncleDrax. 21:42 < imnotfat> I think they have something they win when they limit that, its not only other app usage 21:42 < pekster> In theory it's supposed to share bandwidth better with other applications, but in practice it doesn't do much, moreso if it's used in conjunction with standard TCP as an underlying delivery layer 21:43 < pekster> It's also only used with supporting peers, as not all clients support it 21:43 < imnotfat> got it, thanks. Such a useless option, probably millions of people have it and they download slowly :( 21:43 * pekster was referring to µTP in general, fwiw 21:43 < UncleDrax> NAPSTER BAD... wait.. agian.. i keep forgetting it's not 2000 21:44 < pekster> I'd love to see the DMCA complaint for my FOSS seeding ;) 21:44 < imnotfat> pekster, "If you don't have "Apply rate limit to uTP connections" checked, uTP peers+seeds can EXCEED your download and upload max speed limits in qBT! (usually this is undesirable, but not always) So usually it's best to have that enabled." 21:44 < evilbug> anyone have experience with the ubiquiti UAP-AC-PRO-E ap? 21:44 < imnotfat> what does he mean by undesirable? 21:45 < UncleDrax> not desired. unwanted. ill-conceived. 21:45 < imnotfat> :D 21:45 < imnotfat> i mean why is it undesirable, is it undesirable for the system (all peers as a whole) or just for me 21:46 < evilbug> i'm looking to cover a 1600 sq. ft. house on a 9500 sq. ft. property, would i need more than two of those? 21:46 < imnotfat> if its undesirable for the system but ok for me, im gonna use it, because fuck the system, thats why 21:47 < imnotfat> guys also, when i use TOR, is there some software that the ISP can use for traffic analysis and then find me out? 21:47 < imnotfat> or they do that just for bad guys specifically 21:47 < Maarten> evilbug, two should do fine for the house. If you desire wifi at the edges of the property, you may also want to look into one outside AP, but if 50-100 Mbps at the edge of your property is fine, those should do the job just fine. 21:48 < evilbug> two of those just for the house? 21:48 < UncleDrax> also obligatory "it depends", but 2 in 1600sqft sounds like a reasonable guess. 21:48 < pekster> imnotfat: traffic analysis is a thing (trying to correlate encrypted traffic with monitored traffic onto a clearnet host) but that's a tough challenge, and much harder if you're visiting a .onion hidden-service. A bigger issue is often good opsec when using tor 21:48 < evilbug> Maarten: and yeah, an outside one i'm sure would be required. 21:49 < UncleDrax> is your house metal stud in the middle of 10in thick earth-rammed brick? if so, you'll prob want an AP in every room. 21:49 < evilbug> irl i'd like to have amazing coverage on the property because there's no cellular service in that area. 21:49 < Maarten> evilbug, sure. I have a 1950 sqft property (one floor) with two Unifi AP Pro AC's inside the house, and I get 500+ near the AP's, 200-300 behind 1 wall, 150-200 behind two walls, and 100 Mbps+ on pretty much all of the property. (7,000 sq ft) 21:49 < evilbug> UncleDrax: nah, this is california so everything is made of wood. 21:50 < imnotfat> pekster, how do ISPs in germany and other countries find people that download stuff, do they just check if a .torrent file has been downloaded, what if i use VPN, then im invisible right? 21:50 < imnotfat> im just asking in case you know* 21:50 < Maarten> I am also in CA (SoCal) - wooden house also. 21:50 < pekster> imnotfat: Um, torrenting over tor is a _really_ bad idea. The tor project has an entire page dedicated to why 21:51 < evilbug> crap, ok. in this case i'd need 3-5 (in case the storage basement gets turned into a living space). 21:51 < pekster> Tor will, very anonymously, publish your actual IP to trackers in many cases. Plus it's basically abuse of the limited resources that is tor bandwidth :\ 21:51 < Maarten> imnotfat, I don't do a LOT of torrenting anymore, but I basically have a dedicated VM on a server that is *always* connected over VPN to Canada, and I do my torrenting on it. I use PIA for it as PIA supports port forwarding, which is kind of crucial for good torrenting. 21:52 < LWong> How efficiently can a server check if a given device is in the same county at all times? 21:52 < UncleDrax> efficiently? you mean effectively? you can't. but you can make some guesses based on the Public facing IP of that device. 21:53 < UncleDrax> unless you have a state mandated inspection of all ingress/egreess to the area and can say 'device is on inside or outside of this split' 21:53 < UncleDrax> and even then you can get around it 21:53 < UncleDrax> see: tunneling 21:54 < imnotfat> guys another unrelated question, why do DDoS attacks work when every router can just use IP filtering and then it makes spoofing impossible? 21:54 < brianx> lol, blocking port 25 is so common that i forgot my test client has it blocked too. :-/ 21:55 < pekster> Often ddos nodes are legit machines infected with malware; there's no amount of anti-spoofing protection that can stop that 21:55 < imnotfat> pekster, so ip spoofing is old stuff that doesnt work anymore right? 21:55 < UncleDrax> IP Filtering how? or are you asking about BCP38 stuff? 21:55 < pekster> Other times it's an exploit on BGP ACLs or loose firewalling from parts of the world that don't do good filtering to begin with 21:56 < pekster> Any/all of the above can be a factor in the generation of ddos traffic 21:56 < Maarten> brianx, people shouldn't be using port 25 anymore anyways, its pretty clear text and sniffable.... use encryption on port 465, pretty much no provider blocks that. 21:56 < imnotfat> UncleDrax, i dont know what BCP38 is, just asking out of curiosity 21:57 < UncleDrax> imnotfat: https://tools.ietf.org/html/bcp38 Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing @ alauchacounty.us 21:57 < evilbug> Maarten: how's the uptime on the uaps? 21:57 < UncleDrax> ignore that last part. bad paste. 21:57 < imnotfat> haha i saw that paper, looked too scary ;d 21:57 < brianx> Maarten: incoming mail still comes on port 25. i'm not sending it. 21:58 < Maarten> evilbug, well.... UBNT comes out with new firmwares once or twice a month, but I've never seen one reboot by itself. 21:58 < UncleDrax> basically it's what you said. BCP just means Best Current Practice. it's a recommendation for netork operators to ..well.. do that. 21:58 < evilbug> gotcha, that's decent. Maarten 21:59 < LWong> UncleDrax: Effectively in the sense to have very little cost for doing so. 21:59 < Maarten> brianx, ah :) ask your provider to lift the port 25 block on your account. AT&T will do that, not sure about other providers. if its business provider they have no business blocking port 25 22:01 < UncleDrax> LWong: gotcha. Geo-Locate by IP is a thing. I have not done it so I don't know if people publish easy to use services for free. someone else here might have a better idea. 22:01 < brianx> Maarten: comcast doesn't even know what port 25 is until you pay for an extended support ticket. then they just say, buy a business line for 5x as much. 22:01 < Maarten> evilbug, run the controller on a linux box (free), or get the cloudkey which runs a controller for you if you don't have a linux box. It is said the controller runs on Windows too, but I have never tested. 22:02 < brianx> apparently in a comcast world, nobody runs their own mail server unless they're a business. 22:02 < evilbug> Maarten: that's the ubiquiti software? 22:02 < imnotfat> thanks for help pekster, UncleDrax 22:10 < evilbug> Maarten: ? 22:10 < brianx> evilbug: yes the controller is a ubiquiti program 22:10 < TandyUK2> brianx: spend $5/mo on a VPS and put it in a datacenter 22:11 < TandyUK2> even if the thing in the DC is just essentially a port forwarder 22:11 < brianx> TandyUK2: that's exactly what i have. now i need it to send my data here so i can use it. 22:11 < TandyUK2> vpn tunnel between your location and dc then 22:11 < TandyUK2> no way comcast can block that 22:11 < TandyUK2> give your local machine a public ip from the DC range too if you need to 22:12 < brianx> i gave up on openvpn and their magic un-diagnosable routing. 22:12 < TandyUK2> pfsense on a $5 vps would do that no problem 22:12 < TandyUK2> oh fuck openvpn 22:12 < UncleDrax> brianx: tbh, I see way more 'we are running a open relay mail server? what's that?' then I see 'We need to run a mail server'. but for our BizClass that's jsut raw Inet. 22:12 < TandyUK2> ipsec is all i use 22:12 < deepy\ito> Lots of people think 'hey I want to run a mail server' but they're mistaken and wrong 22:13 < deepy\ito> Some people when they hear this think 'But hey, I know better, I need to run a mail server', they are the ones who are especially wrong and really shouldn't run a mail server 22:13 < TandyUK2> lots of people genunely need something local to send email, but go down the 'run a mailserver' route, rather than just installing an smtp smarthost to forward stuff onto whatever your mail provider is 22:13 < brianx> UncleDrax: the defaults have improved since 25 years ago when i first started running one. they're usually unwilling to forward except from a private address range. 22:14 < UncleDrax> fair enough 22:14 < xamithan> So my ISP won't let me run a mailserver from home? 22:14 < evilbug> brianx: thanks. 22:14 < deepy\ito> xamithan: odds are good that they won't 22:14 < TandyUK2> very very few consumer ISPs allow mailservers period 22:14 < xamithan> That sucks 22:14 < deepy\ito> No, it's a good thing 22:14 < deepy\ito> it helps combat spam 22:14 < TandyUK2> 99% of the time a home mailserver is just a spam source imho 22:14 < brianx> do i "need" local?? no. but i have had it forever and like that my mail is all right here. 22:14 < xamithan> I got a VPS that runs it now but I'd like to move it to home when I get better speeds 22:15 < deepy\ito> 99% of the time a home mailserver is part of a botnet 22:15 < brianx> why would a botnet want to receive mail? 22:15 < derpingit> hi guys 22:15 < brianx> control? 22:15 < xamithan> I don't see the difference between a VPS and my home running it as far as security wise 22:15 < TandyUK2> brianx: they dont, they send a hitton though 22:15 < TandyUK2> shitton* 22:15 < UncleDrax> ya i don't think we care about POP3/IMAP ports.. only SMTP 22:15 < TandyUK2> although some do recieve, to validate the eixstance of their targets, if not just dictonary attacking 22:15 < brianx> sending isn't the issue. that's easy enough to deal with. it's receiving it. 22:16 < brianx> i checked a few minutes ago, i sent 2 emails so far this year. not a big sender. 22:16 < derpingit> i am trying to offload all my routing through a pc because my router is not fast enough for openvpn . i will be building this ona windows10 withiing a hypervisor vm. do i need to install a full pledge OS to run openvpn client only? 22:16 < derpingit> like debian or ubuntu? 22:16 < TandyUK2> brianx: it surprises me that _inbound_ port 25 is being restricted 22:16 < TandyUK2> outgoing makes perfect sense 22:17 < brianx> TandyUK2: i agree, but it almost universally is. 22:17 < deepy\ito> TandyUK2: it's easy enough to just go '25 banned' 22:17 < brianx> at least in the states. 22:17 < TandyUK2> though theyre probably trying to stop idiots being open relays 22:17 < UncleDrax> derpingit: if you haven't already, look at a software package solution like pfSense 22:17 < xamithan> There is lots of things that'll run openvpn. My favorite is pfense because it is easy 22:17 < felda> YES PFSENSE IS BAE 22:17 < brianx> you can't be an open relay if you can't send. 22:17 < xamithan> You could run openwrt or opensense, clearos, bsd, whatever 22:17 < TandyUK2> derpingit: another +1 for pfsense, although a massive -1 for openvpn 22:18 < deepy\ito> What's wrong with openvpn? 22:18 < xamithan> Nothing if you use the right encryption with certs 22:18 < TandyUK2> personally ive just never got on with it 22:18 < TandyUK2> pptp/ipsec/l2tp have never given me any grief 22:18 < brianx> hate openvpn and it's magic undiagnosable routing. the encryption is solvable. 22:18 < UncleDrax> derpingit: the take away though is really - you don't need a 'full fledge OS' inside a HyperVisor, when there are plenty of purpose-built appliance-OSes that you can run instead 22:18 < deepy\ito> What I love about openvpn is that I can have any client on any operation system 22:18 < TandyUK2> dont thinks ive ever got openvpn working properly (and reliably for any length of time) 22:19 < brianx> deepy\ito: that is a big plus to it. hate it otherwise. 22:19 < TandyUK2> ipsec (for site to site) and l2tp/ipsec (for mobile clients) are just setup and forget 22:19 < deepy\ito> l2tp/ipsec on macOS is shitty though 22:19 < deepy\ito> or maybe it just was if I wanted to authenticate against AD 22:19 < TandyUK2> done use a shitty mac then 22:20 < deepy\ito> If I'm productive on a mac I'll use it, screw your conceptions about them 22:21 < TandyUK2> I look after around 3000 pcs/servers running windows/linux, and about 300 macs 22:21 < TandyUK2> the macs are more work 22:21 < deepy\ito> To do my previous job I pretty much needed a browser, terminal, and an IDE 22:21 < TandyUK2> and generally result in a much higher amount of support calls etc 22:21 < xamithan> so you needed a chromebook 22:21 < TandyUK2> mainly due to the idiots that tend to use them though imho 22:22 < TandyUK2> maybe youre one of the wierd mac users, who actually knows what hes doing 22:22 < deepy\ito> I multi-os, so I'd be the worst support call you could get 22:22 < xamithan> The standard mac user will cry for a macbook then install parallels and use windows software 22:23 < TandyUK2> indeed lol 22:23 < deepy\ito> I run Linux at work with a VM for the office suite 22:23 < TandyUK2> thatsa the first call we get from most people with a new mac... "how do i run " 22:24 < xamithan> I'm lucky the only calls I get from mac users are how to install their remote desktop software so they can login to the VDI server to do their work 22:24 < deepy\ito> Have you tried the ms remote desktop for macOS? 22:24 < Maarten> We have a hundred or more engineers running Ubuntu on the desktop.... multibooted with Windows. They always complain about Windows related stuff though.... :D 22:25 < deepy\ito> I don't remember why anymore, but I was really really positively surprised by the remot desktop on macOS 22:25 < xamithan> Yep thats the only I install. Just tell them to search for on app store 22:26 < deepy\ito> But have you used it? It's so nice 22:26 < xamithan> I have not. I'm too poor for a mac 22:26 < xamithan> I use remmina 22:26 < deepy\ito> Borrow one at work and try it out, it's so nice~ 22:26 < xamithan> My work doesn't have them. Only our clients 22:27 < deepy\ito> Ah, you're not missing out on much 22:27 < deepy\ito> well iTerm2 is by far the best terminal I've ever used and probably the reason why I still use a Mac 22:28 < deepy\ito> But beyond that all the niceties come from being Unix or are simply opinions 22:28 < xamithan> I've heard that from people. But a terminal is a terminal to me. O.o 22:28 < xamithan> As long as it has tabs I'm good 22:28 < deepy\ito> Honestly, iTerm2 is so good that it makes me cry for Linux/BSD 22:29 < Maarten> I use mRemoteNG on my windows desktop for RDP 22:29 < deepy\ito> I'm a big supporter of BSD and I use Linux at work, but there's nothing that's even close to iTerm2 22:31 < xamithan> So since you use iterm2. How does terminology compare ? 22:31 < electricmilk> Hmm. I just bought a Lenovo after years of being a Mac user for my personal laptop 22:32 < derpingit> UncleDrax afaik pfsense is a full fledge router solution. i already have a pretty intricate network setup using ubiquiti ptmp antennas + edgerouter. 22:32 < derpingit> thank you tho 22:32 < xamithan> Why not just use the openvpn appliance then? 22:32 < xamithan> If that is all you want 22:33 < deepy\ito> I'll give terminology a try tomorrow 22:33 < derpingit> the appliance is server based.. not client. correct? 22:33 < xamithan> Yeah 22:34 < brianx> catphish: had to test on port 35 because outbound 25 is blocked on my test client. but netcat is working end to end from 3rd machine to debian to local firewall. should only be a few more minutes to get the last of it set up. 22:34 < brianx> had to edit the rules to: iptables -t nat -D POSTROUTING -m tcp -p tcp -o eth0 -d 1.2.3.4 --dport 235 -j MASQUERADE and iptables -t nat -A PREROUTING -p tcp -m tcp --dport 35 -j DNAT --to-destination 1.2.3.4:235 but they were so close that the last little bit was doable. 22:34 <+catphish> brianx: cool :) 22:34 < brianx> thank you again :) 22:36 < derpingit> here is my scenario so you'd know what i want to achieve.. i want to have a public wifi at the office and have ALL that traffic routed through torguard or nordvpn . in addition i would like very much to watch netflix from the US :) .. most providers have either openvpn configuration or ipsec but only site-to-site (not with credentials). hence why i want to run the openvpn heavy lifting trhough an intel to get the most out of the 200mbit pipe 22:36 < derpingit> pardon the n00bness 22:40 < brianx> most public vpn free or paid providers in the us are blocked by netflix. i can't suggest which one, but a vps with a dedicated public ip in the us might be your only option for netflix from outside the us. 22:42 < brianx> so much for Ajit Pai's suggestion that we protect our privacy with a vpn service. to add insult to injury, netflix sends your suggested shows in plain text, not encrypted. 22:43 < LWong> If you went out of the US for a few microseconds and used a non US wifi (hypothetically), is there a way for Netflix to know? Is it even possible to find my location for that period? 22:43 < brianx> not if you kept your us ip :-p 22:45 < brianx> i think the assumption that an address on their us whitelist is probably good enough for the studios who care about where you watch from. 22:47 < LWong> brianx: Okay forget Netflix, what about something like AT&T? Would they know it (that I was outside of the US for a few microseconds) if they were my ISP? 22:47 < brianx> lol: the person "chosen by Federal Communications Commission Chairman Ajit Pai to chair a broadband advisory group was arrested last week on charges of fraud." this is a clear indication of the caliber of people at the fcc these days. :( 22:47 < lupine> geolocation based on IP connectivity data is dodgy as all hell 22:48 < lupine> don't use a company that uses it 22:48 < brianx> LWong: nope. they see you as the cell tower you're connecting through. if you're a mile outside the us, you might still reach a us tower. 22:48 < LWong> brianx: I suppose if Netflix became any more stricter with that, it would affect QoS massively. 22:48 < lupine> and if you're a mile inside the US, you might roam to a canadian or mexican tower 22:48 < brianx> you might. 22:48 < brianx> and get denied access to netflix. 22:48 < lupine> oh noes 22:48 < LWong> brianx: But if it was a non us tower? Would they know? 22:48 < lupine> however will we cope in such a dystopia? 22:48 < brianx> and monitored by the nsa instead of the fbi. 22:49 < brianx> of course they know which tower you're connected to. when you change towers, most carriers change your ip. 22:51 < mtrnoobie> mtr is showing the path between two routers in the same city in north florida are going thru virginia 22:51 < mtrnoobie> this is strange right? 22:52 < brianx> nope, not at all. 22:52 < LWong> Yeah that's there but if I was connected to a us router, is there no way THE FBI! could know I left the country? 22:52 < UncleDrax> because that physical infrastructure goes back to a physical Central Office located physically in a different country.. so if your packets now orginate from that network, they could infer you are no longer in the US. 22:53 < UncleDrax> if you have a proxy in the US and just your side of the proxy changes, not the exit point of the proxy - correct, they would likely not know 22:53 < brianx> LWong: most carriers use the tower to assign you an ip. when you change tower countries, you change ip countries. 22:54 < lupine> except for when you don't 22:54 < brianx> encrypted proxy. 22:54 < lupine> due to IP geolocation being mostly bunk 22:54 < brianx> IP geolocation should be pretty good at country. 22:54 < lupine> not IME 22:54 < derpingit> i already run all those things i want using openvpn :) .. 22:54 < electricmilk> IPV6 geolocation is a joke though 22:55 < lupine> it gets things wrong a serious minority of the time 22:55 < LWong> What if I don't change tower but country? Like I could stil connect to a US tower from right outside the border :) 22:55 < derpingit> but is to slow :/ 22:55 <+catphish> afaik netflix just stream content based on your location, if you're in the USA, you get USA content, if you're in the UK you get UK content 22:55 <+catphish> so i don't undertsand the question, if you're out of the USA for a fraction of a second, you get some other country's library for that fraction of a second 22:55 < electricmilk> Why don't they just allow you to get content from all locations 22:56 < electricmilk> ? 22:56 < brianx> LWong: if you're in the us and connect to a foreign tower, the nsa is monitoring your ass. if you're in another country but using a us tower, the fbi is monitoring your ass. 22:56 < tds> electricmilk: probably just licensing restrictions 22:56 <+catphish> electricmilk: because content is licenced on a per-region basis 22:56 < electricmilk> Ah lame 22:56 < UncleDrax> electricmilk: because the people that get money from selling/making content have different deals/rights in different countries 22:56 < brianx> exactly. the studios license content differently in different places. 22:56 <+catphish> electricmilk: basically you make a TV program, then you let the highest bidder in each country stream it 22:56 < lupine> best just to ignore the licenses entirely 22:56 < lupine> pirate everything 22:56 < LWong> brianx: How does that even work? If I connect to a US tower from outside for a fraction of a second, FBI can know that? 22:57 <+catphish> so they might be netflix in the USA, and sky in the UK, etc 22:57 < electricmilk> I'm learning Spanish and would love access to more shows. Netflix is pretty fantastic though for foreign languages. Its Hulu and Amazon prime Video that sucks. 22:57 < tds> iirc netflix block various address ranges as well (including he v6 tunnels) 22:57 < brianx> LWong: they're just monitoring all us towers. they don't care if you're on one side of an arbitrary line or the other. 22:57 < electricmilk> lupine, Seems like torrenting is pretty dead these days. You pirate with streaming sites? 22:57 <+catphish> what happens if netflix don't know what country you're in? do they have global content? or is it a total block? 22:58 < electricmilk> I just find it easier to subscribe to streaming services after many years of pirating 22:58 <+catphish> loads of people pirate content with bittorrent 22:58 < lupine> torrenting isn't dead? 22:58 < LWong> brianx: What if I was always connected to the US tower, but I just happen to venture out and back in? Can they know I did that? 22:58 < lupine> I get lots of linux isos that way 22:58 < electricmilk> Let me rephrase 22:58 < LWong> I would assume that's important information for the FBI but how do they accomplish that? 22:58 < brianx> catphish: i assume they use a whitelist. customers will bitch real fast for errors. 22:58 < lupine> don't use their service, it only encourages them 22:58 < electricmilk> Bittorrent sites with copyrighted material are pretty dead. 22:58 < brianx> LWong: your tower is your location. 22:58 < lupine> no they aren't 22:59 < LWong> If they triangulate my position by tower, I should still be in US according to them 22:59 < electricmilk> Bittorrent itsself is an awesome protocol 22:59 <+catphish> electricmilk: no they're not, thepiratebay, the biggest by far is still up 22:59 < lupine> I illegally downloaded and watched isle of dogs just today 22:59 < UncleDrax> not saying I do it, but I'm pretty sure torrenting is still alive and well, just locked behind walls. that said, UseNet remains best (as it has for 30 years) - but it's rare you find a ISP that still offers NNTP, let alone have retention needed for modern bin'ing 22:59 < electricmilk> catphish, It seems like its down often though 22:59 < lupine> kids these days, I swear 22:59 < lupine> can't even steal effectively 22:59 <+catphish> i've seen it up a good 98% 22:59 < electricmilk> lol 22:59 <+catphish> it's up right now 22:59 < electricmilk> now last night 22:59 < electricmilk> *not 23:00 < LWong> brianx: Ah so they can't do it according to my geolocation but only according to the location of the tower I'm at? 23:00 <+catphish> tower? 23:01 < electricmilk> I'm just salty after downloading IT a while back and getting a warning email. I used VPN to connect to PB, then used modern version of transmission with DHT blocked, forced encryption, had a HUGE block list, and random ports.. 23:01 < electricmilk> How the hell did they catch me? 23:01 < UncleDrax> did you seed it for a second when you weren't VPNed? 23:01 < brianx> ip geolocation is crap. i bet the fbi and nsa have pretty good lists differentiating us from non us, but if you're so close to the border that you get a cell tower and an ip from the other side, you're most likely considered on the side of the line that the tower is on. 23:02 <+catphish> electricmilk: you're clearly misunderstanding how they find people who download illegal torrents 23:02 < NeuterYourPet> same key 23:02 < electricmilk> UncleDrax, Nah I doubt it. Had the seed settings turned to WAY selfish...like 25% 23:02 < electricmilk> catphish, How do they? 23:02 <+catphish> electricmilk: they literally just fire up a BT client on a PC and pull a list of IPs from the tracker 23:02 < electricmilk> those bastards 23:02 <+catphish> electricmilk: you didnt mask your IP, so you were in that list, simple 23:02 < evilbug> is it worth going for cat 7 to wire a house? 23:02 < UncleDrax> which is why you have to trust your tracker 23:02 <+catphish> evilbug: no 23:02 < electricmilk> This was from piratebay 23:02 < electricmilk> So what you guys use VPN 23:03 < electricmilk> ? 23:03 < Maarten> electricmilk, the only way that could have happened is.... 1) you disconnected from VPN even for a SPLIT SECOND and your non VPN IP address was visible for a hort time.... or 2) Your VPN provider snitched on you. 23:03 < evilbug> catphish: why? 23:03 < tds> electricmilk: I guess it's worth checking if the VPN has both v4 and v6, and if your local network does - if you connect to the tracker over v6 over your native network, but the vpn only has v4, you'll leak your address 23:03 < UncleDrax> evilbug: cat5e for 1 GigE would be sufficient for a house imo. unless you want to look at 10G-Cu 23:03 < evilbug> vpn should provide dns leak protection. 23:03 < evilbug> well i would be interested in 10gbps 23:03 < evilbug> but is it worth going 7 over 6? 23:03 < electricmilk> Wait wait...let me explain. I didn't use VPN with torrent client 23:03 <+catphish> if you use bittorrent you have to publish a public IP, but who cares, it's not like that public IP personally identifies you 23:03 < electricmilk> Only with Piratebay 23:04 <+catphish> electricmilk: exactly, why did you bother> 23:04 <+catphish> *? 23:04 < electricmilk> catphish, Because I don't have a decent VPN 23:04 < electricmilk> Would have been too slow for the download 23:05 <+catphish> as i said, who cares, the IP is just a way to route packets to your router, it doesn't personally identify you 23:05 < electricmilk> catphish, ISP's still send warning emails and sometimes disable your internet till you call 23:05 < UncleDrax> US DMCA / Safe Habour regs 23:05 <+catphish> electricmilk: why would they do that? they're just risking you leaving 23:05 < electricmilk> I miss the good old aircrack-ng days :-p 23:05 < evilbug> also anyone recommend a powerful outdoor access point? 23:05 < UncleDrax> catphish: leaving to.. where? lack of choice in most of the US 23:06 <+catphish> what benefit does the ISP get from that? 23:06 < electricmilk> catphish, To be fair I've never heard of anyone getting it permanently disabled 23:06 < evilbug> preferably bear-proof :D 23:06 < Maarten> electricmilk, well that is the reason right there. And get a VPN that supports port forwarding.... PIA does, and I easily get speeds of 150-200 Mbit/s in downloading torrents, sometimes faster. If you can't do port forwarding it could be pretty slow. PIA just issues a random port forward and all you have to do it jot that port in your torrent client. There are others though I don't advertise one over the other. 23:06 < electricmilk> Not getting sued? 23:06 <+catphish> unless you're in the USA where ISPs both have a monopoly and also sell TV 23:06 <+catphish> electricmilk: not getting sued by who? 23:06 <+catphish> it's not illegal to sell a dumb internet pipe 23:06 < electricmilk> MPAA 23:06 < electricmilk> Well why do they send the warning letters? 23:07 < electricmilk> and disable the internet until you call and promise you'll stop? 23:07 < evilbug> not that it's not possible but it's mostly uploaders that are screwed. 23:07 <+catphish> are you sure they're not just passing on abuse reports? 23:07 <+catphish> most ISPs will pass on abuse reports to end users 23:07 < electricmilk> I was always super careful not to seed 23:07 < evilbug> electricmilk: i mean more the original uploaders not everyone else. 23:07 <+catphish> electricmilk: sounds like you broke the law, don't do that :) 23:08 < Maarten> electricmilk, because that is all they can do.... they don't want to be sued by the "industry", (who are the ones supplying them with your IP and infraction), and in a court of law an IP address isn't a person, so they can only really bully the account holder in hopes the account holder deals with it. 23:08 < UncleDrax> catphish: my understanding - the ISP has to comply with Safe Habour guidelines to prevent them (the ISP) from becoming culpable for the content themselves. I believe most ISPs here forward the reports, but take no action unless you are a repeat offender 23:08 < evilbug> Maarten: how long you had your uaps for? 23:08 <+catphish> i don't know US law, i thought safe harbour was for publishers 23:08 < Maarten> evil maybe about a year now or so? 23:08 < electricmilk> Meh I stopped downloading..I was tempted last night though 23:08 < UncleDrax> catphish: it also applies to ISPs and other 'middle men' types 23:09 < Maarten> As for torrenting, I use a dedicated VM on my ESXi server, permanently connected to VPN with a port forward.... works just fine for anything on public trackers. 23:09 <+catphish> so ISPs in the USA are required to take steps not to retransmit copyrighted content without permission? sounds annoying if true 23:09 < evilbug> Maarten: meh, not very long. do you have any recommendations for an outdoor ap? 23:10 < electricmilk> Maarten, Ah that's pretty cool 23:10 < UncleDrax> catphish: nah, Safe Habour provision says we (US ISPs) have to take reasonable steps to forward complaints from the rights owner to a subscriber 23:10 < UncleDrax> we don't have to block it or examine it 23:10 <+catphish> UncleDrax: oh ok, well that's easy enough then 23:10 < UncleDrax> some ISPs do just to lighten administrative load or de-incentivize end users 23:10 <+catphish> UncleDrax: i'd aways do that anyway, seems polite 23:11 < UncleDrax> yeap 23:11 < Maarten> evilbug, nope, in my use case 100 Mbps or so is more than enough, and I get that on my entire property and even across the street I get 50+ Mbps on my phone.... so no need. I don't need the full gig of my internet everwhere, if I need that I would go to one of my wired PCs :) 23:11 < tds> I'd be interested in how ISPs doing CGN handle torrenting and abuse - I'd guess that the huge number of connections would cause quite a bit of extra demand on whatever logging of port mapping they're doing, unless they map each customer to a static range of ports? 23:11 <+catphish> i also assume that some US ISPs are also media distributors and have an interest in encouraging users to subscribe to their TV channels 23:11 < UncleDrax> but I think there's other weird language.. IANAL 23:11 < UncleDrax> tds: they log the NAT/PAT tables 23:12 <+catphish> logging NAT tables is actually an insane amount of data, i tried it once 23:12 < tds> yeah, that was what I expected, it just seems like it would cause a lot of issues with the large number of connections torrenting makes 23:12 <+catphish> i'm amazed many people bother 23:12 < UncleDrax> catphish: don't need to assume.. it's just true. those are usually BIG orgs though so left-hand-right-hand 23:12 < Maarten> I stopped paying for cable a LONG time ago, its pretty much a ripoff..... and to paraphrase Pink Floyd, 150 channels of shit to choose from - although it was 13 in the song ;) 23:12 < tds> I feel like a static mapping to a range of ports might make more sense, though I guess it reduces the number of end users you can put behind one v4 address? 23:12 < UncleDrax> we're not doing CGNAT today, but we also need/want to do it for CALEA type compliance (ie: search warrent junk) 23:13 <+catphish> i only use netflix these days, they seem way better value than local TV networks 23:13 < electricmilk> The only thing I'm tempted to pirate these days is really expensive training courses 23:13 <+catphish> electricmilk: well don't 23:13 <+catphish> piracy is illegal and immoral 23:13 < electricmilk> Which torrent sites don't seem to have anymore anyways 23:13 < UncleDrax> many content publishers also make thier stuff available online.. BBC does it (but they are different because..) but the major US networks to it too 23:14 < tds> I think I'm still in the stupid situation where I'm only allowed to watch tv if I'm on a laptop that's unplugged :P 23:14 < lupine> electricmilk: get a better ISP 23:14 < lupine> mine refuses to pass on such notices, and operates a legal structure by which it can legitimately do so 23:14 <+catphish> i'm not allowed to watch content from BBC, illegal here 23:14 < Maarten> I have Netflix, Amazon and Hulu. Suits me fine for 90% of the content. The stuff I do pirate is mostly stuff from the UK, Canada, Australia and Netherlands that isn't legally available in the USA. 23:14 < evilbug> Maarten: ooohh 100mbps, ok. actually that's decent. again, the property i'm looking at is in an area where verizon offers the only cell service so i'd be relying on wifi calling since i'm not with them. 23:14 < lupine> catphish: illegal, sort of, in some countries 23:14 < lupine> immoral, nope 23:14 < electricmilk> meh. I think I'll just stick to Netflix, Hulu, Amazon, and Youtube 23:15 < electricmilk> For music I just use Youtube and Pandora Premium 23:15 <+catphish> lupine: illegal in all countries that subscribe to berne convention, which afaik is all of them 23:15 < lupine> catphish: not the case 23:15 < electricmilk> I'm not a big movie buff but if something comes out I REALLY want to see I can go to theatres with friends 23:15 < lupine> consider spain 23:15 < Maarten> evilbug, you only need a few Mbit/s for wifi calling though..... and Verizon does have a solution for that, they have LTE access points that essentially turns your house into a small LTE mast :P 23:15 <+catphish> lupine: go on 23:15 < spaces> windows has some real update issues since februari 23:15 < evilbug> Maarten: any good reason to go cat 7 over 6 for 10gbps home networking? from where i'm looking to place the switch i don't think any ethernet outlet will be more than 100 feet away. 23:16 < spaces> I thought I had it fixed 23:16 < evilbug> Maarten: i'd like to stay away from verizon, thank you very much :) 23:16 <+catphish> lupine: copyright law doesn't apply in spain? 23:16 < evilbug> Maarten: plus the iphone supports wifi calling so i'm good. 23:16 < spaces> evilbug cat7 over cat6 ? 23:16 < evilbug> spaces: yes. 23:16 < spaces> evilbug how would you do that ? 23:17 < evilbug> i mean "instead". 23:17 < lupine> much more leniently than it does in, say, the uk 23:17 < spaces> :) 23:17 < evilbug> 7 instead of 6. 23:17 < spaces> cat6 is allright 23:17 < spaces> for 10G you would be using fibre anyways 23:17 < lupine> in particular, making and sharing copies is generally legally if there's no profit motive. I forget the exact details 23:17 < Maarten> catphish, downloading is not illegal in all countries. UPloading is, as you are distributing material without consent of the creator.... but there are countries (among which I believe Sweden, Switserland, possibly Netherlands) where if you OWN the product and have paid for it, you are allowed to download a copy under some provision that allows people to make a copy of something as long as it stays in their home, or something funky like that. 23:17 < evilbug> cat 6 supports 10gbps up to about 180 feet/55 meters. 23:17 <+catphish> lupine: i'm struggling to believe that 23:17 < lupine> but the legality is of very little interest, given the unenforceability of the provisions in countries where it is illegal anyway 23:17 < spaces> Maarten in Dutchland downloading is illegal now as well ;) 23:18 < lupine> what actually matters is the morality, and piracy is clearly moral 23:18 < Maarten> spaces, ah.... I haven't lived there in quite some time :) 23:18 < spaces> Maarten happy, where do you live now ? 23:18 <+catphish> Maarten: what's illegal is making a copy of a copyright work, usually in the case of the internet it's the server (uploader) that's considered to be making the copy 23:18 < Maarten> California, USA 23:18 < spaces> Maarten that's better ? 23:18 <+catphish> Maarten: but obviously if you download something then copy it, that's illegal too 23:19 < evilbug> america is best. 23:19 < evilbug> #america 23:19 * spaces always experiences slow USB speeds because he dislikes to pay a lot of usb disks/stick that say they are fast and at the end are not 23:19 <+catphish> at its most basic copyright law is simple and universal, you can't make a copy of an original work without the author's permission 23:19 < spaces> evilbug you want to have some pee intervention with Trump ? 23:19 < evilbug> Maarten: why esxi instead of kvm? 23:20 < evilbug> spaces: i'm a patriot, i drink budweiser. 23:20 < Maarten> catphish, yeah there is some grey areas there in the law.... in some countries the burden of proof lays with the owner of the copyright, and since an IP address isn't a person, and you are actually legally allowed to have a full open access point, downloading anything becomes a crime that is almost impossible to connect to a person. 23:20 <+catphish> many countries have exceptions for fair use, but sharing is afaik never fair use 23:20 < spaces> evilbug Budweiser is nice! 23:20 <+catphish> Maarten: the burden of proof *always* lies with the person making the complaint 23:20 < evilbug> spaces: #america 23:20 < Maarten> evilbug, because I am trained in VMWare (from a professional level), run many hundreds of VM's on it at work..... and I am simply a lot more familiar with it. 23:21 < spaces> Maarten try oVirt! 23:21 < UncleDrax> Budweiser? for proud loyal Belgian citizens? 23:21 < lupine> IME esxi is great if you want to lose a lot of data 23:21 < lupine> also if you happen to have the very limited hardware it supports 23:21 < Maarten> ESXi 6.7 seems to be running mighty fine on my home server..... :) 23:21 < evilbug> Maarten: ah. i'm definitely a fan of vmware workstation over other options but server-wise i'd go kvm especially due to cost. 23:21 < lupine> kvm uber alles 23:22 < spaces> oVirt!! 23:22 < Maarten> evilbug, ESXi has a free version, which is what I use at home. I have some familiarity with KVM, as Nutanix Acropolis is based on it, and I am running that in several datacenters now. 23:22 < spaces> my external disks are slow as shit 23:22 < evilbug> in terms of running a desktop gui vmware is much smoother than virtualbox. 23:22 < UncleDrax> the number of KVM-turnkey server solutions is growing.. that's a good thing. that said, I'm currently moving from VMware->Ganeti/KVM 23:22 < evilbug> Maarten: ah, gotcha. 23:22 < UncleDrax> but that's mostly $ reasons 23:23 < evilbug> digital ocean is running kvm and their on top things. 23:23 < evilbug> they're ** 23:23 < tds> UncleDrax: Ganeti looks interesting - does that sit on top of libvirt/similar, or tie directly into kvm/qemu? 23:24 < UncleDrax> tds: Ganeti is your cluster-of-KVM nodes management.. sorta like ESXi vs vSphere in VMWare 23:24 < UncleDrax> but imo, Service providers will usually lean towards cheap/FOSS software solutions since they need to push down costs 23:25 < UncleDrax> vs Enterprise is largely is a giant overhead to an org 23:25 < UncleDrax> (as to why DigiOcean is running KVM) 23:25 < tds> ah, just found some slides on it, "started before libvirt" so I guess that explains that one ;) 23:25 <+catphish> Maarten: an expert could testify in court that an IP address is proof that someone at a property was responsible for an activity, IMO (IANAL) it would be impractical to sue someone for aleged copyright infringement based on that alone 23:26 < evilbug> ok, looks like cat 6a is gonna be the winner. 23:26 < UncleDrax> catphish: true, but contractually, a Person signed a contract for the service. and one could argue that person is responsible for that service. 23:27 < Maarten> catphish, they really can't convict anyone based on being the account holder of an IP address..... it would be end of free airport, hotel, coffeeshop, or anywhere wifi. 23:27 <+catphish> UncleDrax: you could argue that, but afaik only german law brings such responsibility 23:27 < UncleDrax> catphish: they tried it here in the US.. there were stories for a while (yearssss ago) about little olde ladies being dragged into court 23:27 <+catphish> Maarten: in germany i believe ISPs are responsible for identifying the end user, but not the rest of the world 23:28 <+catphish> UncleDrax: i believe in the USA some people were successfully sued because they testified in court that their children did it 23:28 < UncleDrax> ha.. why the hell would you admit that?! 23:28 < UncleDrax> silly people 23:28 <+catphish> i guess they got crappy legal advice 23:29 <+catphish> i don't know the details though, i may be talking nonsense 23:29 < Maarten> catphish, German ISP's can identify the account holder attached the IP address, but the account holder may not be the offender. Would you just go and pay a hefty fine because you let your friend on your wifi network with his laptop.... and for a mere 5 minutes he didn't disable his torrent and uploaded parts of a popular movie? 23:29 < UncleDrax> 'my child did it'.. 'so your child, that youa re legally responsible for did it?' 'yes'. 'ok then, we will charge you' 23:29 < evilbug> that's why it's sensible to run a vpn at the router level ;) 23:29 < evilbug> get that pfsense going on. 23:30 <+catphish> Maarten: first, you have to realise that if you have a home network, and let people use it, you *are* an ISP 23:30 < Maarten> UncleDrax, "I have a coffee shop, it must have been one of my THOUSANDS of customers". - If ANY court convicts the coffeeshop holder, it would be the end of free wifi everywhere. 23:30 <+catphish> Maarten: and in germany, i believe, though i don't know the details, that all ISPs are responsible for identifying end users 23:30 < UncleDrax> Maarten: agreed, but also as Cat said, now you're an ISP 23:30 < evilbug> irl though having a separate guest network isn't a bad idea. 23:31 <+catphish> Maarten: afaik coffeeshop wifi withut login isn't a think in germany 23:31 < evilbug> have that shit routed permanently through a vpn. 23:31 <+catphish> but maybe someone from germany knows the details better 23:31 < UncleDrax> also most coffeeshop wifi is crap, so trying to DL a 1080p rip of whatever-latest-movie-is prob won't cut it 23:31 < evilbug> UncleDrax: yeah but all the authorities care about is the ip showing up. 23:32 < UncleDrax> and at the cafes i've been to, they usually try and filter out that sorta stuff just to keep it usable for other patrons 23:32 <+catphish> depends on the coffeeshop, plenty here just buy a residential 80Mbit connection and open it up for whatever 23:32 < UncleDrax> true 23:32 <+catphish> for a large chain, they may have something more restrictive 23:32 < UncleDrax> yeap, prob dedicated IT staff too 23:32 <+catphish> kinda depends on your country's attitude to liability :) 23:32 < Maarten> UncleDrax, that's not the point.... students have torrent clients running all the time. They may just be there for a cup of coffee and a book study..... and forgot it is still uploading stuff from your system tray. Even uploading mere SECONDS of a movie is a crime.... and can trigger a "warning" letter - or worse. 23:33 < evilbug> Maarten: have you run cable through your house and if so how much did it cost? 23:33 < lupine> GASP 23:33 < lupine> get a better isp 23:33 < lupine> it's not that hard 23:33 < evilbug> lupine: :| 23:33 < Maarten> evilbug, I did it myself. I have a crawlspace under the house. 23:33 < evilbug> lupine: you clearly aren't in america. 23:33 < lupine> right, if I were, I'd have moved long ago 23:33 <+catphish> USA has pretty nasty ISP monopolies 23:33 <+catphish> i fear my country may go that way too 23:34 < evilbug> all of you must stop speaking ill of the greatest country in the universe. ty 23:34 < lupine> .eu has mostly protected us against that kind of thing 23:34 < lupine> although most ISPs are still absolute trash 23:34 <+catphish> but we won't have ISP monopolies with TV monopolies at least 23:34 < lupine> capitalism is like that 23:34 < Maarten> I live in the USA. It is NOT the greatest country in.... well.... most things, besides gun ownership, school shootings and military power. ;) 23:34 <+catphish> TV here already has monopolies separate from ISPs :) 23:34 < UncleDrax> Maarten: true re: warnings. good question though, what do most Small Bizs do with DMCA Compaints.. I know a few of my customers freak-out and call us wanting to know what to do.. but most we never hear from 23:34 < evilbug> Maarten: difficult? i actually don't have any experience cutting walls and stuff. 23:35 < lupine> with a couple of simple steps you can simply blackhole them all 23:35 < evilbug> or i think i might need to run cables through existing walls :/ might want to have a contractor do it. 23:36 <+catphish> i replied to a complaint letter once, i explained that i didn't know who did the illegal uploading, but also told them the content in question wasn't available via any legal channel in my country 23:36 < Maarten> evilbug, I went under the house. Identified the wall I wanted a port into. Drilled straight UP into the wall. Then stuck a cable through the hole so its in the wall. Cut out a electrical outlet sized hole in the wall with a drywall saw. Inserted a box, hooked wire to plate, screwed on the plate, and done..... Best to cut the hole right next to a stud to mount the box. 23:36 <+catphish> they ignored me, but i hope they took it on board, they seem to have improved now with regard to global rights 23:37 < Maarten> catphish, I have had one complaint letter a long time ago. I pretty much ignored it. Was a different ISP anyways. That's when I just built a dedicated torrent VM with permanent VPN, and called it a day. 23:37 < UncleDrax> evilbug: Maarten if you're doing data, you can get low-voltage retrofit gang boxes (really just a plastic frame you can screw a faceplate to). Can't speak to Cali blfg code, but here it's fine for low-voltage. 23:38 <+catphish> i just read about copyright law in spain, wikipedia claims: "The law explicitly allows to make private copies of copyrighted work without the author's consent for published works if the copy is not for commercial use" 23:38 < Maarten> UncleDrax, I got the blue boxes. Not really needed for CAT cabling, but whatever.... they were cheap :P 23:38 < UncleDrax> the low-volt retro 'gang boxes' just clamp onto your drywall, so you can do it away from a stud 23:38 <+catphish> so there is essentially no copyright law for "sharing" in spain, mad 23:38 <+catphish> "To compensate authors, the law establishes a compensatory tax associated with certain recording media (CDs, DVDs, cassettes)" 23:39 <+catphish> i never knew that, i guess that exception was made before the internet! 23:39 < tds> hmm, so do you have to pay that tax if you're burning backups to DVDs? 23:39 <+catphish> tds: yes 23:39 < Maarten> catphish, that means you can copy for personal use.... it does NOT mean you can spread using torrents to the rest of the world though. There are other countries with similar laws where this "home copy" is a grey area when it comes to "making the copy" using something that doesn't upload, such as usenet (or a strictly configured torrent client). 23:40 <+catphish> tds: but who cares, you can download copyright material from torrents at will and make as many copies as you like for your friends legally :D 23:40 < tds> heh 23:40 <+catphish> Maarten: no, it says "non commercial", it seems as long as you don't have commercial intent, you're good 23:40 < Maarten> catphish, those exceptions were typically made when CD-R's were a thing, and people wanted copies for the car. (Which I used to do all the time, because the California sun can be MURDEROUS to CD's..... 23:41 <+catphish> Maarten: exactly, the law was written without regard for the consequences of the internet 23:42 <+catphish> but at face value, it would seem that all non commercial sharing is ok there 23:43 < Maarten> well.... the internet is 25+ years old (as a consumer product) - I remember when I got my first "cable modem" (a proprietary system) back in 1996 and half the town was running FTP servers, and the other half had Windows 95 with open shares to the world, and no block on SMB ports.... :D - Them were the days of copying shit from all sorts of places :D 23:43 <+catphish> i'm just reading wikipedia :) 23:44 <+catphish> in any case, there's certainly an argument that creators should be compensated 23:44 <+catphish> but you could argue all day about who should set the levels of such compensation 23:45 < lupine> sure, but market-based compensation is literally the worst option 23:45 < lupine> piracy is at least 10x better 23:45 <+catphish> piracy would appear not to lead to any compensation except by the author doing other work 23:48 < Maarten> the reality is that piracy isn't going to be stopped.... the industry has poured millions if not billions of dollars in trying to prevent it, and have had no success. The key into minimizing piracy is to not make it so difficult for people to watch thing. Example, if you forgot to DVR something, you are typically out of luck as the big networks aren't repeating the same prime time show any time soon. If you have a DVR and switch providers, you 23:48 < Maarten> can't keep your recordings. The industry makes it deliberately hard for people to watch their content, and piracy is SO easy these days, it is often used to make those things happen. 23:49 < FrostCyborg> been scratching my head over this... problem with wearing too many hats :(... HP 3810M x2 in basic stack. Only configs on switch is STP enabled and VLANs assigned to ports, plus switch IP assigned on the VLANs, very simple keeping it layer 3, just need 10Gb for VM hosts and storage. Ports are showing up, show connected, but won't respond on ping and won't forward/pass traffic. What's the best way to troubleshoot that without 23:49 < FrostCyborg> bouncing the switch? 23:49 < Maarten> The answer in solving piracy has to start with more flexibility in content ownership and/or watching by the industry.... because as long as they restrict it in all manner of ways to make it unfriendly to watch, piracy will continue to flourish. 23:49 < qman__> market-based compensation is the best way human kind has ever come up with 23:50 < FrostCyborg> keeping it layer 2 NOT layer 3 23:50 < qman__> It's not perfect, but all the other ways have proven worse 23:56 < djph> qman__: market-bas... you ean like "$1" isn't "1 EUR" 23:57 < Panda_Dub> Hi, is there any vulnerability to a switch layer3 be the first equipament to receive the wan link? 23:57 < qman__> No, I mean selling things earns what people are willing to pay 23:58 < djph> oh, right 23:58 < qman__> ratjer than fixed prices 23:58 < djph> Panda_Dub: sure 23:58 < electricmilk> Panda_Dub, I mean what prevents a layer 3 switch from being the device that handles the WAN link? 23:59 < Panda_Dub> djph, how come? The bgp is in a router behind this switch, I was wondering if there is any vulnerability in that 23:59 < djph> Panda_Dub: well, if you're a retard, and make it accessible from "the internet" 23:59 < Panda_Dub> electricmilk, this layer3 switch isn't the bgp session device --- Log closed Wed May 30 00:00:37 2018