--- Log opened Sun Jun 03 00:00:28 2018 --- Day changed Sun Jun 03 2018 00:00 < zenix_2k2> one question, i read somewhere HTTP is a stateless protocol, does that mean when i send a request to a server, the server doesn't know my IP address ? 00:00 < zenix_2k2> and i am quite new to this protocol so pls correct me if i am wrong 00:00 < Stranger789> no 00:01 < Stranger789> server will know the sender ip in any case 00:01 < zenix_2k2> so what does "stateless" even mean 00:02 <+pppingme> zenix_2k2 to simplify, stateless just means it doesn't keep track of the connection, sometimes means it doesn't keep track of the session.. 00:03 < Stranger789> as protocol, but there are cookies for that job. right ? 00:03 <+pppingme> that does NOT mean it doesn't log it.. 00:03 <+pppingme> right.. 00:03 < zenix_2k2> oh 00:05 < zenix_2k2> and protocols like TCP, UDP does retain the track of their connections ? 00:06 <+pppingme> udp, no, tcp, yeah.. 00:06 <+pppingme> but only for the duration of that individual connection 00:06 < tds> multiple http requests won't use the same tcp connection though (and there's no requirement to do http over tcp in the first place), so http itself is stateless 00:08 <+pppingme> but don't forget, stateless at layer4 doesn't mean applications at layer5 and higher don't track state.. 00:09 <+pppingme> so stateless from a network perspective does not mean stateless from an application perspective 00:09 < tds> yeah, eg many sites will use cookies, so at that point you have state 00:10 < zenix_2k2> ok so let's me be clearer a bit.. so "stateless" means that it doesn't establish a connection right ? 00:14 <+pppingme> yes and no.. 00:14 < Apachez> tds: if you use pipelining then multiple http requests will use the same tcp connection 00:14 < Apachez> and http do have state 00:14 < Apachez> since its request based 00:14 < Apachez> you wont get an answer from the server unless you first queried it 00:14 < Apachez> hence it got a state 00:15 < zenix_2k2> so in which case it is a "no" ? 00:17 < rewt> stateless wrt http just means that the server doesn't link multiple requests at the protocol level, which is why there are cookies and/or query parameters with the session id that the server can use to link the requests 00:17 < tds> Apachez: was pipelining introduced with http2? 00:17 < Apachez> nope 00:17 < Apachez> its like 20 years old 00:17 < ryao> https://xkcd.com/869/ 00:18 < tds> Oh, I'm getting it mixed up with the multiplexing in http2 00:18 < ryao> I think pipelining was introduced in HTTP 1.1, but I am not sure. 00:18 < tds> Wikipedia agrees with you :) 00:19 < tds> That suggests software support (at least by default) is pretty rare though 00:20 < Apachez> its not 00:20 < Apachez> its common since 20 years or so 00:20 < Apachez> for both servers and browsers 00:21 < Stranger789> btw: https://pastebin.com/aWsS8QD3 00:22 < Stranger789> i dont hop 3 will chain a "bad" route 00:23 < Stranger789> *i dont believe that hope 3... 00:24 < Stranger789> i dont really know what happening but the delay is there 00:25 < zenix_2k2> anyway one other question, is it possible to set a hidden service through a TCP server ? 00:26 < Stranger789> what do you mean hidden ? hidden from who ? 00:26 < zenix_2k2> hidden service i mean, like Tor 00:26 < zenix_2k2> Tor is cool with HTTP servers i think but not sure with SocketServer 00:26 < zenix_2k2> that uses TCP 00:26 < Stranger789> tor i think use tcp too 00:27 < mAniAk-_-> Apachez: pipelining is not common, maybe youre thinking of keepalive 00:27 < zenix_2k2> wut... now that is new 00:27 < Stranger789> https://www.google.gr/search?q=how+tor+works&rlz=1C1CHBF_enGR795GR795&source=lnms&tbm=isch&sa=X&ved=0ahUKEwjHidqng7bbAhUG_SwKHV7IDOgQ_AUICigB#imgrc=mKRtzWN7pyYwNM: 00:28 < Stranger789> i dont know, but i suppose that the connection between nodes are tcp 00:28 < rewt> connection between nodes doesn't matter; what matters is what the tor tunnels can carry 00:29 < Stranger789> in other words, the multi encrypted data in it 00:35 < Apachez> mAniAk-_-: nope pipelining, and its common 00:36 < Apachez> when you visit a site that has like 200 pictures or such you dont see 200 concurrent connections from your client to the server 00:36 < Apachez> you normally see 4 or 8 depending on browsersettings 00:36 < Apachez> or even fewer 00:36 < Apachez> because the requests are being pipelined 00:36 < mAniAk-_-> Apachez: http pipelining is something else though, its old an unused 00:37 < Apachez> quic goes even further and use a single connection because the initial handshake is costly when you exchange public keys and whatelse 00:53 <+catphish> pipelining isn't that common 00:54 < spaces> pipelining ? 00:54 <+catphish> " you dont see 200 concurrent connections...you normally see 4 or 8" 00:54 <+catphish> that's not pipelining, that's keepalive 00:55 <+catphish> Apachez: pipelining is when you send all the requests before you start getting the responses 00:55 < tds> ah, so you keep one connection open and reuse it for requests after one's completed, whereas with pipelining/http2 multiplexing you send multiple requests at once over a single connection? 00:55 < Apachez> no thats pipelining 00:55 < Apachez> keepalive is just so the connection doesnt closes upon you 00:56 <+catphish> Apachez: no 00:56 < Apachez> "keep this session open in case I want some more data" 00:56 <+catphish> pipelining is queueing up multiple requests 00:56 <+catphish> as opposed to one at a time 00:57 <+catphish> tds: with http/1.1 and pipelining you only get one response at a time, in order, with http/2 i think they're fully multiplexed 00:57 <+catphish> Apachez: https://en.wikipedia.org/wiki/HTTP_pipelining 00:57 <+catphish> specifically https://en.wikipedia.org/wiki/HTTP_pipelining#/media/File:HTTP_pipelining2.svg 00:58 <+catphish> it's great if you have high latency 00:59 <+catphish> "As of 2017, HTTP pipelining is not enabled by default in modern browsers, due to several issues including buggy proxy servers" 01:01 * spaces is going to open his pipeline and let the water flow 01:01 <+catphish> fun story, i tried to use pipelining in haproxy, discovered it often responded with uninitialized memory, my one and only CVE, and only of the only serious security bugs in hproxy 01:02 < spaces> let us talk about github :P 01:03 < Apachez> lets talk about you and me 01:03 < spaces> Apachez love is in the air! 01:03 < spaces> What a feeling!! 01:03 <+catphish> http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=7ec765568883b2d4e5a2796adbeb492a22ec9bd4 01:05 <+catphish> Apachez: you can go ahead and admit you were wrong any time 01:07 < Apachez> spaces: https://www.youtube.com/watch?v=ydrtF45-y-g 01:08 < spaces> Apachez I get an advertisement about MicroLax, everything allright ? 01:08 < Apachez> thats based on your previous searches 01:08 < Apachez> so right back at ya 01:08 < spaces> Oh, yes let's talk! 01:09 <+catphish> that song has not aged well 01:09 < spaces> Apachez I was only looking for Diabetics 01:09 < spaces> not aged well ? 01:10 < VincentHoshino> considering it has been what 18 years since I last heard of it.. 01:12 < VincentHoshino> here have this instead https://www.youtube.com/watch?v=7Jw4-AEiafg 01:25 <+catphish> VincentHoshino: i have a lot of love for that song 01:27 <+catphish> for weird reasons i consider it to be me and my business partner's song, i don't know if he feels the same way lol 02:09 < iza> I need help 02:09 < Stranger789> on? 02:09 < iza> Bandwidth: average load, peak load and cost constraint 02:10 <+catphish> what kind of help? 02:11 < goldstar> I have a macvlan interface which uses the right mac-addr for ARPing (arp_ignore=1, arp_announce=2, rp_filter=2, ip_forward=1) but IP traffic is sent with the physical interface mac-address - what gives ? 02:11 < iza> general rools 02:12 <+catphish> iza: choose a % utilization you're comfortable with, any time you exceed it, upgrade the links 02:12 < iza> I have made a lan in packet tracer and that is what I 02:12 < iza> need to include 02:13 < iza> not practic just teoretical 02:13 < iza> |I stock on that point:( 02:14 < iza> i know what it is 02:15 <+catphish> goldstar: maybe you accidentally left a route on the physical interface, check routing table 02:15 <+catphish> goldstar: if in doubt, paste "ip addr" and "ip route" 02:16 < goldstar> catphish, just did a ip route get and wala, the physical int popped up 02:16 < goldstar> thanks dude 02:16 <+catphish> i don't know macvlan, but if its anything like a bridge interface it should be ok, just need to make sure there's no ip config on the pysicl interface 02:17 < goldstar> catphish, interesting - so you leave the phy int empty ? 02:17 <+catphish> goldstar: start by making sure you delete any IPs from the phy interface, routes should go away on their own 02:18 <+catphish> well if you're trying to communicate using some kind of sub interface, yes, you can't have your config on both 02:18 < goldstar> catphish, what about seperate IP networks ? 02:18 < goldstar> that should work, albeit messy 02:18 <+catphish> that should be ok, with the right settings 02:19 <+catphish> as long as the routing table shows that for the network you're accessing, the route is on the right interface 02:19 <+catphish> and things come in the right way 02:19 <+catphish> anywy, must sleep, sorry 02:20 < goldstar> catphish, right, it is a bit complicated but I'll figure it out 02:20 < goldstar> have a good night 02:24 < MatCat> Running Windows 10, I am getting internet from USB tether via PDANET+, I have WRT54G v8 plugged into ethernet, and computer connected to said router also on wifi. I am trying In windows I have my internet connection from PDANET+ shared to the ethernet adapter connected to the WAN port of the router, now I am stuck at the point of how do I get this router to get internet from my computer, 02:24 < MatCat> and provide wifi to devices connected (I am only connected to it via wifi so I can access IP addresses of things on the router) 02:36 < iza> ?? 02:54 < spaces> today I found out that life sucks 02:56 < alabaster> how is everyone? 02:58 < alabaster> I guess no one is alive 03:06 < EvanR> true 03:08 < alabaster> hey you guys anyone ever use VIRL? 04:10 * spaces is alive 04:10 < spaces> EvanR still breathing ? 04:10 < EvanR> nop 04:11 < spaces> are you holding up then ? 04:14 < spaces> EvanR it's bad to hold up, you need to let it all float out! 05:20 < c50a326> hey what's up with this https://en.wikipedia.org/wiki/List_of_Internet_top-level_domains#ICANN-era_generic_top-level_domains there are a lot whose operator is this "Donuts" company, yet if I look at all the registryOperator in https://www.icann.org/resources/registries/gtlds/v2/gtlds.json there isn't a single entry with "onuts" in 05:22 < Peng_> c50a326: Donuts used shell companies with wacky names. Usually a different company for each TLD. Not sure why. 05:22 < c50a326> dodgy if you ask me 05:22 < c50a326> what a mess 05:22 < Peng_> http://domainincite.com/22675-donuts-scraps-200-companies-consolidates-under-binky-moon 05:22 < c50a326> ah ty 05:23 < c50a326> I'm trying to figure out the politics of using each tld 05:23 < c50a326> the fucking politics man everybody's forgotten about the politics and now look at the fucking internet 05:23 < c50a326> it's time to get active again 05:23 < linux_probe> pooplytics 05:23 < linux_probe> flush they congressional toilets 05:24 < linux_probe> swish and out with all the turds that vited themselves into everythign and more for the shitty work they provide 06:07 < spaces> linux_probe go to sleep ;) 06:37 < poent> Hey Guys. I am working on my home lab trying to learn vlans and routing better and have ran into a situation I don't understand. I have a firewall and a managed switch and have added vlan 250 to each. I've have a device connected over the switch on the vlan and it has gotten dhcp from the firewall, but I'm unable to communicate outbound to the internet. When I am looking at the traffic flow debug logs on the firewall I get the 06:37 < poent> error "reverse path check fail, drop". After some research it appears that the firewall I'm using is dropping packets due to a default "anti-spoofing" policy - and I have been able to prove it by getting internet connectivity by turning that feature off. Since turning off anti-spoofing isn't recommended I'd like to know what I may be missing to inform the firewall that traffic comming from the switch is not spoofed. I believe it's 06:37 < poent> a routing misconfiguration but I'm not sure where to go from there. Any thoughts on what I could be missing? 07:16 < linux_probe> see what you did spaces 07:16 < linux_probe> made me all nasty talk 07:16 < skyroveRR> What did he do? 07:17 < linux_probe> over in pfsense lol 07:17 < skyroveRR> heh 07:17 < spaces> linux_probe me ? 07:17 < linux_probe> time to improperly dfisclose some 0days sploits 07:17 < linux_probe> :)))) 07:17 < spaces> ej, don't blame me 07:17 < linux_probe> you lured me there 07:18 < linux_probe> meh, too busy guiding other to relase multiple other exploits that rock the whole industry ;) 07:18 < spaces> linux_probe that is what friends are for ;) 07:18 < linux_probe> gee thanks 07:19 * linux_probe DDoS's freenode 07:19 * linux_probe further quits paying hsting bills 07:19 < spaces> linux_probe I said ealier, never talk about my mum, you don't know her power 07:19 < linux_probe> ur muj has no power 07:19 < linux_probe> if she needs me to show that to her outright I will 07:19 < spaces> :| 07:20 < linux_probe> I rarelt get cranky enought to wreak havoc, so all is well 07:20 < spaces> IRC is too much joke these days, you can find everything online 07:20 < linux_probe> and if I do, everyone would know it 07:20 < linux_probe> but it wouldn't be me doing it directly either :)) 07:21 < spaces> linux_probe wtf you are drunk :P 07:21 < linux_probe> no are you? 07:23 < spaces> no I'm sleepy 07:23 < spaces> zo gonna catch that nap! 07:23 < spaces> so 07:23 < spaces> l8er 07:24 < linux_probe> over the years I've metnioned about coke zero having a weird medicinal aftertaste and it possibly being the caffeine content or artificial sweetener, the last was about 4 months before they changed the cans and formula supposedly 07:24 < linux_probe> maybe they just changed the "water" suplied in it :))) 07:25 < linux_probe> chlorinated sity water poo I have a feeling 07:25 * linux_probe really debates pushing a few new exploits 07:25 < linux_probe> they would 0 day pfsense and anythign freebsd royaly 07:25 < linux_probe> :))))))))))))))))))))))))), but no, I wont 07:26 < linux_probe> I'll push the issue to others whom will do more reaserch and properly disclose ;) 07:26 < linux_probe> I want no =credit for any of the fuckery 07:26 < petemc> clearly 07:27 < linux_probe> i;d rather be a brok brilliantcrazy fucker 07:36 < linux_probe> https://www.youtube.com/watch?v=QHs3NuQjyRQ 07:36 < linux_probe> TEST HITS IN MEXICO BEFORE THE SPP NO PREP RACE | Clayton's Turbo SBF Mustang on the STREET 07:37 < linux_probe> youtube SPPTV Published on May 30, 2018 07:46 < burbamate> ##corelan 07:49 < skyroveRR> #fail 07:49 < linux_probe> heh 07:49 < skyroveRR> #heh 07:52 < spaces> #woei 10:25 < AlVal> just switched netgear nighthawk r7000 to using tomato, but port forwarding doesnt seem to be working for me 10:25 < AlVal> Jun 3 09:23:35 Croupiero kern.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=64.237.55.3 DST=89.242.6.195 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=40902 PROTO=TCP SPT=47620 DPT=32400 SEQ=1446131420 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A1871AFF80000000001030307) 10:26 < AlVal> thats what the log shows, even though there is a port forwarding rule in place for tcp port 32400 10:27 < AlVal> and on the internal network using the local network address 192.168.0.226 the service works fine 11:04 < ius> Trying to debug a linux routing issue. ICMP echo goes from A->B, but replies leave the wrong interface. Must be overlooking something obvious. https://p.6core.net/p/uKMYXunAiBeyol32e54OBUqQ 11:05 < ius> `ip route get 10.10.0.2` returns '10.10.0.2 dev wg src 10.10.0.3 uid 0' as well, so what's the traffic doing on eth0? 11:11 < snpresent> anyone alive here? 11:11 < light> no 11:11 < Apachez> nope 11:12 < brianx> just us vampires. 11:12 < brianx> oh, hold it... we're not alive. 11:12 < xingu> none of us would pass the turing test anyway. 11:13 < light> ius: ip a 11:13 < snpresent> i want to ask anyone familiar with minerva schools? 11:14 < light> sounds like some kind of IUD 11:15 < snpresent> ok.....here:www.minerva.kgi.edu/ 11:15 < snpresent> if someone know please let me ask this person 11:15 < snpresent> :) 11:17 < ius> light: https://p.6core.net/p/zU6EclAtIU1llSw7L04zK6IH 11:18 < snpresent> too obviously... 11:18 < JPT> ius: So you're sending an echo request from 10.10.0.2 to 192.168.100.16 and the reply goes back the wrong way? 11:18 < ius> yes 11:19 < light> ip r on the remote host 11:19 < Apachez> ius: how are your interfaces defined? 11:19 < Apachez> output of netstat -n 11:19 < Apachez> output of netstat -rn 11:19 < ius> Apachez: how do you mean 'defined'? see https://p.6core.net/p/zU6EclAtIU1llSw7L04zK6IH for ip addr 11:21 < Apachez> you have all sort of bridges defined 11:21 < ius> light: oh (..) thanks, i suddenly realize whats up after checking the remote routes 11:21 < ius> yes, thats the issue 11:21 < light> lol 11:21 < Apachez> 13: wg: mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000 11:21 < Apachez> link/none 11:21 < Apachez> inet 10.10.0.3/24 scope global wg 11:21 < Apachez> valid_lft forever preferred_lft forever 11:22 < Apachez> and output from netstat -rn ? 11:22 < ius> traffic leaves eth0 because thats the one thats bridged to the vms 11:22 < ius> and they're addressing the router, as specified in *their* routing table ;) 11:23 < ius> tl;dr user error, thanks - or actually, i forgot how my overly paranoid network setup worked 11:26 < ius> note to self: use tcpdump -e next time.. 11:39 < ikonia> anyone got an ideas for working out what device in my house is connected to my wifi access point, I've got a load of devices that are connected to my AP, but there is one listing as a genric HonHaiPr device, I can't "think" of anything that could be an android device apart from one TV, but I'd expect that to advertise it's hostname 11:41 < Apachez> change WPA2-PSK 11:41 < Apachez> change the passphrase on your devies 11:41 < Apachez> then you will find out which device suddently "doesnt work" 11:41 < Apachez> and hey presto 11:42 < ikonia> on what device ? 11:42 < Apachez> all devices 11:42 < ikonia> I assume you mean the TV it "could" be 11:42 < Apachez> lets say you got 2 laptops, 3 phones and a tv 11:42 < Apachez> but you see 7 devices in your AP 11:42 < ikonia> I see what you're saying 11:42 < Apachez> so you change the passphrase for the WPA2 in your AP 11:42 < Apachez> you change the passphrase to this new passphrase in your 2 laptops, 3 phones and your tv 11:42 < ikonia> I have approx 40 devices, some of them like IOT bridges are tricky to change 11:43 < Apachez> now whats left is this 7th unknown device 11:43 < ikonia> I'll try the TV manually as that's the only android device I can think of in the house 11:43 < Apachez> 2 days later you find out that your fridge cannot sync to your instagram any longer 11:43 < ikonia> I'm just surprised it's not advertising the hostname 11:43 < Apachez> you see the devicename in the dhcp request 11:43 < ikonia> yes, I'm currently checking that 11:44 < Apachez> so what do you see for this device then? 11:44 < Apachez> and what mac does it got? 11:44 < ikonia> I see it in the AP admin menu 11:44 < ikonia> I'm going through the DHCP server for the mac now 11:47 < Apachez> https://blog.erratasec.com/2009/10/hon-hai-foxconn.html 11:48 < ikonia> useful 11:50 < ikonia> interesting the dhcp server shows the client hostname as android-7e8bdbf6e9ef6a08 11:50 < ikonia> which is really helpful, 11:50 < ikonia> that makes me think it's not the TV, as the I've just renamed the TV to be "sonytv" 11:55 < ikonia> it is the TV 11:55 < ikonia> just managed to find the TV mac menu 11:55 < ikonia> it just doesn't broadcast the device name 11:55 < Apachez> there ya go 11:56 < ikonia> what a weak device 12:11 < snpresent> what was this ip do,: 54.230.11.237,??? belong to amazon..........US... 12:12 < snpresent> this ip wanted to connect to my computer...but RST by my ISP 12:18 < rainbow_pony> how do i install google chrome on suse leap? 12:18 < rainbow_pony> yast2 refuses to work 12:18 < rainbow_pony> sorry i mean rpm 12:19 < shtrb> #suse would be a good start 12:42 < snpresent_> why my laptop got two ips by my wifi router?one is 192.168.X.137,another is 192.168.X.135???? 12:43 < shtrb> how many interface have you declared ? 12:43 < snpresent_> only wifi 5G now 12:43 < snpresent_> one interface i believe 12:45 < shtrb> can you check what mac address got them , and on your laptop check the outpuf of ifconfig -a / ipconfig /all 12:45 < snpresent_> sure 12:46 < snpresent_> wifi interface is 192.168.X.135,confirm 12:46 < snpresent_> can't find 192.168.X.137 still... 12:47 < snpresent_> only one mac address 12:47 < snpresent_> but two ips???????why? 12:47 < shtrb> in ifconfig do you see the 137 ? 12:48 < snpresent_> no another is lo 12:48 < shtrb> lo is loopback , maybe you had 137 in the past , the lease had ended and you asked a new one 12:48 < shtrb> If the mac is the same (*) 12:49 < snpresent_> i entered my router one mac address but have two ips... 12:50 < snpresent_> do i need to restart my router? 12:51 < snpresent_> let me try... 12:51 < snpresent_> one moment 12:53 < AlVal> advancedtomato dropping connections even though port forwarding is set up for tcp port 32400 12:54 < AlVal> Jun 3 11:48:29 croupiero kern.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=85.93.xxx.xxx DST=89.242.xxx.xxx LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=46454 PROTO=TCP SPT=60938 DPT=32400 SEQ=2026590097 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A4D67FAE70000000001030307) 12:55 < AlVal> within the lan, the service is up and running fine on port 32400, but externally the router is still dropping as per what the log is also saying above 12:58 < AlVal> https://i.imgur.com/7pB75Cz.jpg 12:59 < cuppaflow> hey there, can anyone give me a recommendation between the edge router lite and USG for a home network? 13:00 < snpresent_> why i can't open this still :https://www.mossad.gov.il 13:00 < snpresent_> the page shows:לא מצאנו את מה שחיפשת. 13:00 < snpresent_> כדאי לבדוק אם הכתובת שהזנת נכונה 13:00 < snpresent_> נשמח לסייע בכתובת info@gov.il 13:14 < Apachez> mossad doesnt like you 13:14 < AlVal> snpresent_: it says: We did not find what you were looking for. 13:14 < Apachez> being racist and all that 13:14 < Apachez> they only love the "god people" 13:14 < Apachez> and shit like that 13:14 < Apachez> ooh and trump :) 13:15 < snpresent_> AlVal, thanks 13:15 < AlVal> snpresent_: Please check if the address you entered is correct. 13:15 < AlVal> snpresent_: We will be happy to assist you at info@gov.il 13:15 < snpresent_> AlVal, thank you very much 13:16 < afx> happy to assist != god people doesnt like you 13:16 < afx> :D 13:17 < Apachez> according to google translate its about the same 13:18 < shtrb> someone is going to be loosing his social credit 13:20 < shtrb> snpresent_, the Social Credit actually exist or is just bullshit ? ( https://en.wikipedia.org/wiki/Social_Credit_System ) ? 13:20 < Apachez> shtrb: what did you do this time? 13:21 < shtrb> not me ,him 13:21 < shtrb> for me it is just a reboot away (shtrb=shit reboot 13:22 < snpresent_> shtrb, what's that? 13:24 < shtrb> You are not with Jiangsu province network ? 13:26 < snpresent_> shtrb, of course i am in 13:26 < shtrb> 社会信用体系 13:26 < snpresent_> finally 13:26 < snpresent_> :) 13:27 < snpresent_> of course shit 13:27 < shtrb> :) 13:27 < snpresent_> i mean social credit 13:27 < snpresent_> :) 13:28 < snpresent_> shtrb, can you open this URL : www.mossad.gov.il,give me a feedback please... 13:28 < shtrb> not going even to try 13:29 < snpresent_> it's mossad 's home page 13:29 < snpresent_> because i can't open it from jangsu 13:29 < snpresent_> jiangsu 13:29 < shtrb> how do you even have IRC access over GCF ? 13:29 < shtrb> *GFW 13:30 < snpresent_> shtrb, just open irc client, then it do connect... 13:30 < snpresent_> :) 13:31 < Bowl323> how many networkfags use windows server? 13:31 < Bowl323> accidently underlined eek 13:31 < snpresent_> i don't use windows at all 13:31 < snpresent_> cheers 13:31 < Bowl323> what do you use 13:31 < snpresent_> not any more 13:32 < snpresent_> windriver 13:32 < snpresent_> cisco 13:32 < Bowl323> i see 13:32 < snpresent_> etc 13:32 < snpresent_> :) 13:32 < Bowl323> uwu 13:34 < Bowl323> is a raspberry pi good enough for RAID backups 13:34 < shtrb> depends 13:34 < snpresent_> yes depends 13:35 < shtrb> also raid != backup 13:35 < Bowl323> using raid for backups is a good idea? 13:35 < Bowl323> i thought it was bad practice 13:35 < snpresent_> he mean RAID only... 13:35 < skyroveRR> RAID is not for backup. 13:35 < linux_probe> lol 13:35 < shtrb> raid 0 is the best backup ! 13:35 < Bowl323> didnt see the ! lol 13:35 < linux_probe> jah rly 13:36 < linux_probe> raid n0 is more fitting 13:36 < Bowl323> i could just buy ext hdds i guess 13:37 < skyroveRR> External hdds are more prone to failure than internal ones, Bowl323 13:37 < skyroveRR> So don't use them for RAID. 13:37 < Bowl323> thanks! 13:37 < shtrb> Bowl323, I was joking do not use raid0 if you care about surviability 13:37 < Bowl323> yeah 13:37 < skyroveRR> shtrb: well, he can eat food to survive. 13:37 < Bowl323> RAID5 is the best iirc 13:37 < linux_probe> i preefer raid-1 ( mirroring)on my desktop/workstations, but of course alsways have backups yet 13:38 < linux_probe> the usefullness of raid5 ended ain about year 2003 13:38 < Bowl323> my files dont change much so im thinking of just making occasional system images 13:38 < shtrb> why not just good old nesting ? 13:39 < snpresent_> anyone use tapes for storage? 13:39 < shtrb> I have (for long time) 13:39 < snpresent_> i mean modern tapes 13:40 < snpresent_> more modern 13:40 < shtrb> LTO is not good enough ? 13:40 < shtrb> I think it was like 1 TiB per tape 13:41 < snpresent_> Tb???? 13:41 < Bowl323> how expensive are tapes nowadays 13:41 < snpresent_> cheaper 13:41 < snpresent_> :) 13:41 < shtrb> ~$800 13:42 < Bowl323> your paying for the reliability right? 13:42 < shtrb> mofo 13:43 < snpresent_> tapes larger and cheaper than hard drives today 13:43 < shtrb> the price dropped to less than $300 for older models (I was talking from memory) LTO-7 cost ~600-700 13:43 < shtrb> you don't buy a single tape normally (you get few boxes) , make dual backup , check upload and put in a box 13:44 < snpresent_> and data can keep more than hundreds years 13:44 < shtrb> single LTO-6 costs $26 including shipment 13:44 < shtrb> lol yeh , you wish 13:44 < snpresent_> yeah 13:45 < snpresent_> but slower maybe than harddrives 13:46 < shtrb> something something , it all depends on the env 13:46 < snpresent_> but faster ram will helpful 13:47 < shtrb> stuff that designed to work over 70C would be better 13:50 < AlVal> didnt anonymous hack that mossad site like 5 years ago 13:50 < AlVal> https://www.hackread.com/opisrael-mossad-website-breached-person-details-of-over-30000-agents-leaked-by-anonymous/ 13:51 < snpresent_> until now??? 13:51 < shtrb> A ddos gave them access to a DB ? 13:52 < snpresent_> ddos database??? 13:52 < snpresent_> noway 13:52 < shtrb> that is what the page says " massive ddos, got accounts .." 13:53 < snpresent_> only ddos can not gt accouts 13:53 < shtrb> srsly ?! 13:53 < snpresent_> i thought so 13:55 < snpresent_> they mean massive ddos hmmmmmm,contain a lot information 13:55 < AlVal> guess i missed the conversation 13:56 < shtrb> someone should tell that site about oxford comma 13:56 < AlVal> snpresent_: that site is back up 13:57 < snpresent_> AlVal, how to access it? 13:57 < AlVal> https://www.mossad.gov.il 13:57 < AlVal> https://www.mossad.gov.il/Pages/default.aspx 13:58 < AlVal> snpresent_: pure recruitment site? 13:58 < snpresent_> i knew it ,still can't open it too 13:58 < snpresent_> :( 13:58 < AlVal> snpresent_: you need something from off there? 13:59 < snpresent_> yes 14:00 < shtrb> one comma and someone got a $10 M ( https://www.upi.com/Top_News/US/2017/03/17/Lack-of-comma-in-Maine-law-results-in-10M-overtime-pay-for-employees/2501489761824/ ) I need to check some contracts :-( 14:00 < AlVal> snpresent_: any form i can send to you etc? 14:00 < shtrb> you could use DCC to interact (files etc) 14:01 < AlVal> snpresent_: meh.. it's all mostly online forms, not many downloadable things, so you're best using a vpn or something 14:01 < shtrb> snpresent_, have you tried using a proxy / vpn ? 14:01 < snpresent_> AlVal,even TOR still can't open that damn site..... 14:02 < shtrb> why would a sane IT person leave access from tor to their site ?! 14:03 < snpresent_> do i look like sane...? 14:03 < snpresent_> and i am not IT guy 14:03 < snpresent_> :) 14:03 < shtrb> so it does not apply to you 14:04 < snpresent_> i tried vpn ssh every kind of protocol ,just can't open that site from here,why i want to know why??? 14:05 < c0rn3j> Hiya, I have a weird issue. At one point IPv6 on my TP-LINK modem stopped working when initiated from my LAN>WAN. WAN>LAN still works fine. If I for example try to curl an ipv6 address from LAN I get curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to ipv6.c0rn3j.com:443 14:05 < shtrb> snpresent_, 防火长城 14:06 < snpresent_> shtrb, i can access youtube ,google too 14:06 < c0rn3j> It works fine if I try to use another (ISP provided) modem. Is it possible my ISP did something on their side and I need to do some additional setup now or they're outright blocking it? 14:07 < linux_probe> tp-stink :)))) 14:07 < shtrb> lol 14:07 < shtrb> snpresent_, check your DNS is also via the vpn 14:07 < c0rn3j> linux_probe: Yeah, sadly had a hard time finding a VDSL2 modem that also supported OPENWRT. 14:08 < snpresent_> shtrb, socks5 dns over proxy yes ofcourse 14:08 < linux_probe> bridge mode or bust 14:08 < linux_probe> but the iss want aLL CONTROL NOW DAYS 14:08 < linux_probe> isp;s 14:08 < linux_probe> oh ffs, hand y u tytpo 14:08 < shtrb> c0rn3j, TDW9970 and friends support (but it also sucks) 14:09 < shtrb> don't know if it support the correct profile (vDSL2 has many different profiles ) 14:09 < snpresent_> and what does TR069 does 14:09 <+catphish> shtrb: that article seems to imply that there *should* have been a comma in that legislation 14:10 < shtrb> catphish, it should, there wasn't, people got 10 m because they have found it 14:10 <+catphish> shtrb: how do you know? because i disagree 14:10 < c0rn3j> linux_probe: I've noticed bridge mode, and I have an OpenWRT router on the network. What are you implying exactly, can I somehow throw the protocol(PPPoe?) thingamagick on my OpenWRT router? 14:10 < shtrb> c0rn3j, strike that out I think I had TD 8980 14:10 < shtrb> catphish, what ? 14:11 < c0rn3j> shtrb: Yeah I have a TD-W9980B which was apparently intended for german market and has no firmware updates. 14:11 < linux_probe> openwrt should support being an PPPoE client 14:11 < linux_probe> unless it's the slimest setup without it 14:12 < c0rn3j> linux_probe: Eh, I have 4GB of storage on the router so installing extra packages is not an issue (and it's actually LEDE right now, so it should surely be supported) 14:12 < linux_probe> now days, most ISP stuff doesnt allow a true bridge mode, because they want control over everything and have voip/vlans for tv streaming shart integrated 14:12 <+catphish> shtrb: i mean i agree with the judge regarding the intended meaning, but the author of the article seems to imply that the comma should have been there 14:12 < shtrb> c0rn3j, the w9980 is listed (don't know what the B ) give 14:12 < linux_probe> and do packet/traffic shaping 14:13 <+catphish> but it's a badly written sentence anyway 14:13 < c0rn3j> linux_probe: I couldn't even get their VLAN for TV working at all. I think they blocked it at one point, cause I followed a tut for this ISP for this exact modem from some guy. 14:13 < dogbert_2> that makes little sense...I have a SB6183 cable modem, it's in bridge mode by default 14:13 < shtrb> catphish, oxford comma is a great thing 14:14 < c0rn3j> shtrb: Requires soldering and ends up having no wi-fi though. 14:14 < linux_probe> they change things once too many people can work around it 14:14 < linux_probe> many have some special authentication mechanisisms in place now 14:14 < shtrb> c0rn3j, also #lede 14:14 < linux_probe> it's all part of anti-theft of video services 14:15 < c0rn3j> But yeah I was more concerned about figuring out why the hell outbound IPv6 won't work on it anymore 14:15 <+catphish> #lede sounds like it needs a redirect :) 14:15 < c0rn3j> Any idea where I could start further troubleshooting? 14:15 < c0rn3j> shtrb: afaik LEDE should be fully merged into OpenWRT now, no? 14:15 <+catphish> yes, it is 14:16 <+catphish> the current release may still be called lede, but it's the same thing as openwrt 14:16 < shtrb> c0rn3j, should 14:23 < c0rn3j> Think I'll just call my ISP about the v6 thing and listen to them telling me how I should just use their provided modem instead. 14:23 < shtrb> bridge mode for the masses 14:23 < c0rn3j> Maybe they'll slip up and accidentally tell me how to make it work, just like with the IPTV. 14:25 < Apachez> did you try to reboot it? 14:25 < Apachez> if you really didnt do any config change it sounds more like running out of resources 14:26 < c0rn3j> Apachez: I tried factory reset even. 14:26 < c0rn3j> It's set to reboot daily at 4am since it actually did run out of resources or whatever after a few days. 14:29 < Apachez> then why dont you bridge it? 14:29 < Apachez> this way your modem doesnt need to keep track of states 14:34 < c0rn3j> Apachez: might as well look into that after i'm done calling with them. Got any resources for that? So far I found stuff not pertaining to VDSL 14:34 < c0rn3j> and openwrt's wiki seems down for the moment 14:41 < tds> morning 14:41 < jadesoturi> Hi guys. So I'm still having issues with network access at this Moroccan hotel that you helped me troubleshoot a few days back. 14:42 < shtrb> c0rn3j, are you connected over llub (several companies using the same physical cable to provide access, last mile share ) ? 14:42 < jadesoturi> At first I was thinking WiFi signal stregths is the problem. But if I ping the 10.2.0.1 e.g. the local gateway, there is no packet loss. However. At the same time no traffic gets past that as pinging google.com timed out 9 ogbof 10 times.. 14:43 < jadesoturi> My vpn sets correct DNS servers but half the time I can't reach them. 14:44 < shtrb> c0rn3j, *line sharing 14:44 < c0rn3j> shtrb: well uhh it's VDSL, it's over a phone line, how would I know how to answer your question? 14:44 < jadesoturi> I just don't get what the problem is.. is it this hotspot system they have that is wack or what can it be? No help from the hotel staff as they have no clue what I'm talking about... 14:44 < tds> jadesoturi: if you're able to talk to the gateway fine, that sounds rather like they're seeing packet loss on the upstream connection, or it could be issues with the router I guess 14:44 < tds> does it affect other devices as well? 14:44 < shtrb> c0rn3j, you normally know (it's cheaper ) , if you don't I guess it's not the case 14:45 < c0rn3j> Hmmmmmmmm https://ipv6.google.com works 14:46 < c0rn3j> This really seems to be something to do with TLS in the end 14:46 < jadesoturi> Can't say for sure.my gf has this problem on here phone to, where she either gets the cert error or just can't access pages.(no vpn). My phone works pretty ok as far as I can see. I little slow sometimes, but haven't gotten a single page I can't load. 14:46 < c0rn3j> seznam.cz does not work, ipv6.c0rn3j.com does not work (my scaleway VPS) and bunch of mirrors also don't work. 14:46 < jadesoturi> I have the same vpn setup on the phone as on the laptop 14:46 < shtrb> c0rn3j, I see that Gereman wikipedia does point you might have it (https://de.wikipedia.org/wiki/Entb%C3%BCndelung ) - you need to start complaining 14:47 < Dagger> c0rn3j: possibly pMTUd related. I think google use a fixed 1280, and so avoid that 14:47 < c0rn3j> shtrb: I'm not german, I'm actually Czech. I've no clue how this modem even got to retailers in here. 14:47 < shtrb> c0rn3j, :-/ 14:47 < c0rn3j> Sorry for confusing you with that ^^ 14:48 < shtrb> ok , call your ISP and act intellectually chalenged and slow 14:48 < jadesoturi> It's like it works for 5-10 min MAX and the it doesn't work for like at least amotherb10-15 min 14:48 < shtrb> make few dozen calls until they fix it 14:49 < shtrb> if you nagg enough time , you ruin their daily call center quiality service coef, they will be annoyed enough just to guide you and fix it 14:49 < linux_probe> lol 14:49 < shtrb> linux_probe, it's stupid, but when everything else had failed , nagging works 14:50 < shtrb> just hope you get into the same call center each time 14:50 < linux_probe> it's what you havw to do to get them to repair lines/areawide issues 14:51 < linux_probe> back in the 90's I threatened to cut all the tlines off the poles down the street including the hardline 14:51 < shtrb> anything is possible if enough complains are done (and they start loosing bonouses ) 14:51 < shtrb> linux_probe, and didn't call the feds / cops ? 14:51 < linux_probe> , they guy didnt want to take ladder off truck and go up the pole to replace a bad connector 14:51 < jadesoturi> tds, when it works it works well. Maybe a little high ping(around 100ms) but no packet loss... 14:51 < linux_probe> no, he got his ladder and took his happy as sup the pole :)) 14:52 < linux_probe> cut off some 6" of wire and the corroded connector 14:52 < c0rn3j> shtrb: The worst thing is that it works with their own supplied modem. They'll nag me to all hell to use that instead >.< 14:52 < linux_probe> said, "you was right, I should have known that" afterwards 14:52 < shtrb> c0rn3j, you can say you are using it 14:53 < c0rn3j> shtrb: They can see 14:53 < shtrb> c0rn3j, you over estimate automated biolgeical script 14:53 < c0rn3j> It's their own in-house modem, they can telnet into it (or SSH I hope). 14:53 < shtrb> automated biological script 14:54 < linux_probe> they can call all the cops and feds they like 14:54 < c0rn3j> Nah, one of the calls the technician actually connected to it and was surprised he can only see one device connected (I connect it only to a switch). 14:54 < linux_probe> but they have to see and prove you damaged something forst ;) 14:55 < c0rn3j> linux_probe: but you were threatening to damage their property, sounds illegal even in the 90s. 14:55 < shtrb> linux_probe, that sound like some fairy tale, a cop that thinks ?! 14:55 < linux_probe> if you know it's an area issue, get all the neighbors to complain 14:55 < shtrb> linux_probe, and phone lines are state owned and used 14:55 < linux_probe> was no cops, that was the cable tech guy 14:56 < shtrb> You expected decentcy , that sound odd 14:56 < linux_probe> no, I expcted the line to be fixed after the first call 14:56 < linux_probe> I wasnt there and they did the typical modem swap and claied a splitter was bad 14:57 < c0rn3j> shtrb: I think I'll go with your daily call strategy. Still have some 8K pages in my book series left and 22 more days of vacation. 14:57 < linux_probe> aftre that call the tv was dropping out worse, I found they changed the coax connector and had a single strand of shield wire not ct off and wrapped in around the center conductor 14:58 < shtrb> c0rn3j, you can make multpile call per same day 14:58 < linux_probe> byt then I was livid and called back leaving hate and talked to managers 14:58 < linux_probe> so again I wasnt there and they returned and still didnt fix the issue 14:58 < shtrb> c0rn3j, you can even use sips to automate call and drop call 14:58 < linux_probe> by the third call I made sure I was there and A. it was going to be fixed or B. they were going to have major issues 14:59 < c0rn3j> shtrb: Will do. maybe sometimes I could play dumb and sometimes smart with T2s+ hoping I get someone competent? 14:59 < shtrb> *sipp 15:00 < shtrb> the idea is to play dumb enough for them to get angry, but you also need to talk very very very slow 15:00 < shtrb> My personal record was 40 minutes on modem reset (after the amazing system forgot to unblock me in radius ) 15:00 < linux_probe> lol 15:02 < shtrb> and 30 minutes with someone who tried to sell me an inurance 15:02 < linux_probe> I have no patience for phone calls nor bullshittery 15:02 < shtrb> we had a scorebord in the office 15:02 < shtrb> linux_probe, so how do you react when you get a sales call 15:03 < linux_probe> why answer the phone? 15:03 < c0rn3j> oh i cant talk slow :D 15:03 < lupine> This is apparently a generational thing 15:03 < linux_probe> if the same number keeps calling I genade them 15:03 < shtrb> c0rn3j, try, it comes with practise 15:03 < linux_probe> grenade** 15:03 < lupine> The good simply don't pick up in general 15:03 < lupine> Yoof* 15:03 < shtrb> oh 15:05 < shtrb> they: you have virus on your pc! , me: should I take it to the doctor ? 15:05 < Apachez> kill it with fire 15:06 < shtrb> but how ? 15:06 < xingu> in his case take it to the clap clinic 15:06 < shtrb> oh the clap, it still exist ? 15:06 < djph> shtrb: "this is bob from microsoft calling, you're about to lose your license for your windows vista machine!" me: good riddance, I put linux on that fucker 12 seconds after unboxing it. 15:07 < Bowl323> djpg: don't you mean gnu/linux 15:07 < djph> Bowl323: shutup RMS. 15:07 < shtrb> WinNt/Linux 15:08 < shtrb> Sorry Gnu/WinNt 15:08 < djph> lulz 15:08 < linux_probe> on occasion I do answer the phone 15:08 < shtrb> https://www.microsoft.com/en-us/p/debian-gnu-linux/9msvkqc78pk6 15:08 < linux_probe> i then set ti by speaker playingporn 15:08 < linux_probe> lol 15:08 < Bowl323> windows 10 is ugly 15:08 < Bowl323> imo 15:08 < linux_probe> cheesey porn music and uhhh uhhh uhh uhhh 15:08 < shtrb> that is nasty 15:09 < djph> had one like that ... "okay, fine; what's my current license agreement number .. " had the fucker spinning his wheels for like 10 minutes 15:09 < Bowl323> xp had the best design 15:09 < shtrb> djph, why didn't you ask for the current licnce key ? 15:09 < linux_probe> if they keep at it, answwrr as "detective blah with blah blah department, 15:10 < shtrb> Yes, because some guy in Bangladesh would care about a US detective 15:11 < linux_probe> when they stumble and stutter sayign is this xxxxx, I say howd you get this number, what's your full name, company, and employee identification number 15:12 < linux_probe> they stutter more and I then say this is a blacklisted number, it;s been traced 15:12 < shtrb> We need the phone zapper 15:12 < linux_probe> perhaps mention about it being tied back to terrorist activities :)) 15:13 < shtrb> you press on a button and caller get zapped 15:13 < linux_probe> in general, you hear "click" and get removed from the list 15:14 < djph> shtrb: I did - he was calling one of the places I volunteered (they had a charity freebie license, I had the paperwork; I wanted to fuck with the guy) 15:15 < shtrb> license number != license key 15:15 < Rayben> #boobpedia join channel 15:16 < djph> shtrb: ah, misread :) 15:18 < linux_probe> lol 15:18 < linux_probe> someone said booobs 15:18 * linux_probe faps wildly 15:20 * shtrb grabs his calculator 15:21 < linux_probe> what are you calculating 15:21 < turtle> gizmos and doo-dads 15:26 < Rayben> websites: boobpedia, straightstud 15:26 < shtrb> 8008s 15:26 < shtrb> 80085! 15:26 < dogbert_2> LOL 15:26 < linux_probe> jah @ shtrb 15:27 * linux_probe pulls out the graphing TI80 15:27 < linux_probe> whoops TI-80 15:27 < shtrb> arnold nods 15:27 < shtrb> oh it was T800 15:27 < linux_probe> i justy showed my age 15:28 < linux_probe> :( 15:29 < linux_probe> satill have a ti-81 15:29 < linux_probe> from 1994 15:29 < linux_probe> what are teh algebra dn calculus 15:30 * shtrb look on a CA53W 15:30 < linux_probe> hehe 15:31 < shtrb> That I call a smart watch 15:33 < shtrb> Now I need to check If I can still get a palm pilot 15:33 < linux_probe> lol 15:33 < linux_probe> had a handfull of the smart wathces over the years 15:34 < shtrb> but where the real deal or cheap android/apple knowkoffs ? 15:34 < linux_probe> what they made me conclude was, technology sucks, wearing a watch sucks worse and they're made for micor-asian fingers 15:34 < linux_probe> muicro88 15:35 < shtrb> I guess you really like the 10"-13" laptops 15:35 < djph> palm pilots have been dead for ages 15:35 < shtrb> just switch the AA batteries , 15:36 < shtrb> sorry AAA batteries 15:37 < djph> I meant the product, dimwit :P 15:37 < shtrb> I almost spilled my coffee when I have seen an asus laptop battery , it was plain batteries and not the smart feces 15:37 < djph> thats typically *all* laptop batteries. 15:37 < shtrb> djph, lol no 15:38 < linux_probe> craptop 15:38 < linux_probe> I hate the things 15:38 < linux_probe> idiot phoneds evern worse 15:38 < shtrb> djph, modern laptops have a builtin fuse , have "smart" circuit that if you open the battery casing it will no longer work 15:38 < djph> once you crack into the housing, it's just a series/parallel arrangement of 18650s. dumb as hell; with a charge controller. Unless they're NiCd / NiMh 15:39 < shtrb> yes, but the fucker had a wire (when you brake the casing it's dead , the asus had no "casing" 15:39 < linux_probe> lol 15:39 < shtrb> moment I will try to show how it looks 15:39 < linux_probe> so, jumoer it back? 15:39 < linux_probe> jumper** 15:40 < djph> (by casing, I mean the entire replaceable module that laptops have, not anything specific to the cells INSIDE of that case) 15:40 < shtrb> I'm talking about internal batteries 15:41 < djph> then yeah, they wouldn't have any special casing 15:46 < shtrb> oh crap , can't find the exact one it was like https://www.bigupbattery.com/Asus-0B110-00440000-VivoBook-Max-X541SA-Battery-p/batt-010805.htm but with a sleeve you could just put them in 15:48 < shtrb> And that is how they normally look (https://mcs.com.bd/product/laptop-battery-asus-x451-x451c-x451ca-x451m-x451ma-x551-x551c-x551ca-x551m-x551ma-series-a31n1319-a41n1308/ ) 16:00 < dogbert_2> hey djph 16:02 < Rayben> Sacred prostitution, temple prostitution, cult prostitution,[1] and religious prostitution are general terms for a sexual rite consisting of sexual intercourse or other sexual activity performed in the context of religious worship, perhaps as a form of fertility rite or divine marriage (hieros gamos). Some scholars prefer the term sacred sex to sacred prostitution in cases where payment for services was not involved. 16:04 < shtrb> can we claim divine irc support ? 16:09 < AlVal> netgear nighthawk r7000 running advanced tomato Tomato Firmware 1.28.0000 -3.5-140 K26ARM USB AIO-64K at 192.168.0.254 server on the internal lan at 192.168.0.226 successfully running a service on port 32400 port forwarding set up to forward port 32400 to this server the above all shown on this screenshot https://i.imgur.com/7pB75Cz.jpg yet I can't connect to this service from the external internet via the router's public ip on 16:10 < Rayben> Sex magic (sometimes spelled sex magick) is any type of sexual activity used in magical, ritualistic or otherwise religious and spiritual pursuits. One practice of sex magic is using the energy of sexual arousal or orgasm with visualization of a desired result. A premise posited by sex magicians is the concept that sexual energy is a potent force that can be harnessed to transcend one's normally perceived reality. 16:10 < AlVal> that the advancedtomato firewall is dropping the connection requests, and I don't understand why. 16:10 < Rayben> straightstud.com 16:10 < AlVal> Jun 3 11:48:29 croupiero kern.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=85.93.xxx.xxx DST=89.242.xxx.xxx LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=46454 PROTO=TCP SPT=60938 DPT=32400 SEQ=2026590097 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A4D67FAE70000000001030307) 16:10 < shtrb> AlVal, CGNAT ? 16:10 < AlVal> Even if I put the machine in the DMZ, the logs still show DROP as above. Any ideas? Thanks 16:11 < AlVal> shtrb: I'll go google that 16:11 < linux_probe> holy spamshart 16:11 < AlVal> linux_probe: sorry 16:11 < shtrb> AlVal, never mind , it was sent before you sent it was dropped inside 16:12 < linux_probe> err not spam but long line =p 16:12 < linux_probe> block of text lol 16:13 < AlVal> linux_probe: well I thought better than a scattering of messages that can be hard to piece together 16:13 < linux_probe> Rayben's text wall blended in 16:13 < linux_probe> blame it/him/they 16:14 < linux_probe> it looks like your tomato isnt taking the accept all rule and applying it to the ppp0 interface 16:16 < linux_probe> flush tomato down the throne, dinosaur junk =p 16:17 < shtrb> If it works , why to touch it 16:17 < linux_probe> working with exploiots and holes? 16:17 < shtrb> If you expect your router to give you a good firewall you are not going to have fun 16:18 < shtrb> It's like connecting your A/C to your WiFi that a internet access 16:18 < linux_probe> or your car having onstar/etc etc etc 16:18 < linux_probe> COUGH 16:18 < linux_probe> that built in bluetooth "hands free phone cruft 16:19 < shtrb> it's not that bad 16:19 < shtrb> you can pair your car with kde :) 16:19 < linux_probe> and satelite radio, cellular data, blah balh' 16:19 < linux_probe> 100% traking and spying setup 16:19 < shtrb> you have satelite radio in your car ?! 16:20 < linux_probe> I domt, but pretty much every new vehicle has that all ijhtegrated 16:20 < linux_probe> and has for 8+ years now 16:20 < shtrb> I was talking about how home appliances that connect to your router are chatty , and sometimes can be rendered non functional if you loose internet connection 16:21 < linux_probe> same difference 16:21 < linux_probe> IoT cloud fudge and automotive connectivity 16:21 < linux_probe> vast majority of cars have their own "wifi hotspot" ibuilt now too 16:21 < shtrb> You car need more to connect to the internet than your hvac 16:22 < shtrb> you need to put the phone in range 16:22 < linux_probe> the hvac stuff uses oyour home connection, 16:22 < shtrb> I know, that is my point 16:22 < linux_probe> home wifi connection.... 16:22 < AlVal> linux_probe: i haven't touched the routing settings myself, my understanding is that I shouldnt have to 16:22 < shtrb> you always have wifi connection at home 16:22 < AlVal> linux_probe: does it look lilke it's badly set up? https://i.imgur.com/kFBo4Un.jpg 16:23 < linux_probe> im guessng it's the way the firewall rules are being created @ AlVal 16:23 < linux_probe> probably some tomato bug. or the isp is playing foobar games 16:24 < shtrb> linux_probe, I was talking about stuff like that https://www.techspot.com/news/72517-isp-customers-piracy-allegations-could-affect-smart-thermostats.html (which sound to me as BS there but still) 16:24 < linux_probe> yes and I pointed out most all vehilces are connected tot he internet now also 16:25 < linux_probe> so they are part of the same junk issue 16:25 < linux_probe> it;s all IoT garbage 16:25 < shtrb> I thought the cars needed your phone to access the internet (not the cars with E-Call installed at least) 16:25 < linux_probe> swiss cheese garbage of anti-privacy :) 16:25 < linux_probe> no shtrb 16:26 < shtrb> It's not about privacy, it's about your equipment stop working if DNS goes down for example 16:26 < linux_probe> most do opposite now 16:26 < linux_probe> the car has built in cellular data and wifi hotspot 16:26 < shtrb> the new cars have E-Call (which is a modem that dial out) 16:26 < shtrb> *If you are in the EU 16:26 < linux_probe> even the one that dont, are still 100% remote monitorable 16:27 < linux_probe> on-star/other similar services 16:27 < linux_probe> they can connect at any time and monitor anything within the vehicls 16:27 < shtrb> Isn't onstar only for luxery cars ? 16:27 < linux_probe> even deactivated ones 16:27 < linux_probe> no, onstar has been in most all cars for many years now 16:27 < AlVal> linux_probe: I just wanted this firmware so i could use the adblock features to stop the samsung tvs in the house acting as internet media servers for samsung and all the other filth they do 16:28 < linux_probe> lol, maybe the adblock is blocking you @ AlVal 16:28 < shtrb> AlVal, check the hosts files that block everything 16:28 < AlVal> linux_probe: but I guess I'll have to put it back to the equally filthy netgear stock firmware and persevere with getting pi-hole working 16:28 < shtrb> AlVal, https://github.com/StevenBlack/hosts 16:28 < AlVal> linux_probe: yeah I considered that , and disabled adblock 16:29 < linux_probe> still the same packets hitting and being dropped? 16:29 < shtrb> You can even disable most facebook ads with hosts file 16:29 < AlVal> shtrb: yeah but across all devices on the network 16:30 < shtrb> That is the idea 16:30 < shtrb> you install that hosts file on the router and forget it 16:30 < shtrb> And if you need to enable it on one router you setup a custom DNS resolver ( to avoid the dhcp one) 16:31 < linux_probe> i layer ad blocking 16:31 < linux_probe> dns black list, other lists and blocking on the browser also 16:31 < shtrb> some ad blockers (like ad block plus) have "acceptable ads" which is annoying if you do not expect it 16:31 < shtrb> linux_probe, that is the goal of that hosts file 16:32 < linux_probe> disable it? 16:32 < linux_probe> hosts file alone is no good 16:32 < linux_probe> not all of them uodate frequently enough ;) 16:32 < shtrb> If you know about it you can disable it 16:32 < linux_probe> like youtube ads, what ads 16:32 < linux_probe> :))) 16:33 < shtrb> It's like free 5G wifi, you will not be using it if you didn't know about it 16:33 < linux_probe> excet the ones people actually put in the videos while they make them 16:33 < linux_probe> to whic, I kindly quit watching them period end 16:33 < linux_probe> fuck them 16:34 < linux_probe> as far as Im concerended "paying" for tv/internet monthrly should eman i dont have to watch commercials 16:35 < linux_probe> heh, need to look at what im typing 16:35 < shtrb> Yes, and your phone should not share your location data with the vendor ? 16:35 < linux_probe> sue, but I know it does 16:35 < linux_probe> by default and even if disabled your tracked 16:35 < AlVal> shtrb: yeah but I won't be able to install that on stock netgear firmware 16:35 < linux_probe> knowing abou tti and still using it is one thing 16:35 < shtrb> by default it's enabled (LG for example) 16:36 < linux_probe> not knowing/mas public sheeple is a whole different ballgame 16:44 < rantic> Hey everyone, I've setup a Win2012 R2 DC with DHCP and I'm running into an issue where all nameserver lookups show Non-authoritative answer: 16:44 < rantic> Name: google.ca.mydomain.com 16:44 < rantic> Address: my.ip.address.here 16:44 < rantic> Kind of baffled. I setup the domain as a subdomain (ad.bla.com) of a domain I actually do own. 16:45 < rantic> It looks like my DHCP clients do still resolve google (somehow) - wondering if anyone has seen this or know's what is happening 16:55 < d0nde> have you tried a flushdns? 16:56 < linux_probe> /flushpoop 16:58 < rantic> d0nde, Yeah I have 16:59 < rantic> d0nde, If I append a . at the end of the nslookup - it works as expected 17:00 < d0nde> is your DHCP giving the devices an appropriate DNS server? 17:01 < brianx> the . says misconfigured recursive resolver but no clue about windows. 17:02 < rantic> d0nde, It's giving back the DC running DNS and my home router, also running DNS 17:11 < alabaster> hello anyone awake/ alive? 17:11 < superkuh> Not even you. You're asleep and late for work. Hurry, wake up. 17:11 < sigsts> heh 17:11 < sigsts> oopsie 17:11 < d0nde> @rantic: is your DC able to resolve name lookups? 17:12 < shtrb> Anyone have a link to consumer level LTE modem that allow me access IMS (Ip Multimedia Subsystem)? 17:12 < shtrb> even a name is good, I found one that cost ~$400 and I think it's too much 17:12 < alabaster> anyone ever use VIRL? 17:15 < leal> hey! 17:16 < linux_probe> is for horses @ leal 17:16 < leal> 😀 17:16 < redrabbit> is there a way to keep older versions of a backup with google drive 17:17 < redrabbit> so if everything gets deleted you can go back in time 17:17 < leal> @ linux_probe what do you mean 17:17 < linux_probe> backup localy and upload it as seperate files? 17:17 < linux_probe> I dont fiddle nor trust google otherwise :)) 17:17 < redrabbit> i use rclone atm 17:18 < redrabbit> id rather keep my work in case something goes south 17:18 < redrabbit> vs hanging to my tinfoil hat 17:18 < redrabbit> lol 17:19 < redrabbit> so.. i guess ill look for software to do it locally 17:19 < linux_probe> I suggest not using the herp-derp cloud then, except for second/third backup level 17:19 < d0nde> i know onedrive now has that option, not sure about g drive 17:19 < redrabbit> its exactly that 17:19 < alabaster> Anyone ever use Cisco VIRL or no? 17:19 < redrabbit> i have 2 other backups 17:19 < xdroop_> anyone here have mosh working throuh a Juniper SRX? 17:20 < linux_probe> lol, neighbors dogs barking up a storm, clapped hands out windo loud 3 times and quiet 17:21 < linux_probe> they bark at me outisd enow and them I just look at them and clap the same lol 17:21 < redrabbit> what do you use for offsite backup 17:21 < linux_probe> my vehicle? 17:21 < d0nde> lol 17:21 < redrabbit> i dont mind paying a bit 17:22 < redrabbit> heh 17:22 < linux_probe> casue it's were I am 17:22 < superkuh> I let the FBI store my old servers. 17:22 < linux_probe> if im home and a huge distater hits, likjely I will be gone with the house and vehicle 17:22 < superkuh> Good security for offsite backup. Lots of latency when I try to recover form it though. 17:22 < linux_probe> so, no worries lol 17:22 < superkuh> from. 17:22 < linux_probe> lol superkuh 17:22 < superkuh> Not joking. 17:22 < redrabbit> ah, intersting 17:22 < d0nde> azure 17:22 < superkuh> I'm still trying to get the servers/media they stole back in 2010 back. 17:23 < d0nde> doesn't cost that much to cold store 17:23 < linux_probe> lol, i also run raid-1 arrays 17:23 < linux_probe> for primary less chance of loss, followed by local external e-sata backup 17:23 < redrabbit> iirc i have 300$ to spend on google cloud 17:23 < linux_probe> followed with oher backups 17:24 < redrabbit> maybe theres good storage ther 17:24 < shtrb> Wait, can you legit send them a file and then demand it over freedom of information ? 17:24 < linux_probe> i trust nothing but whT i HAVE DIRECT CONTROL OVER 17:24 < alabaster> I wonder if anyone can even see me? Is my text invisible or something? 17:24 < linux_probe> you are hideen like tiger @ alabaster 17:24 < redrabbit> alabaster: hi its ghost town 17:25 < linux_probe> cisco is yesrdecade 17:25 < linux_probe> yesterdecade** 17:25 < alabaster> huh how so? 17:25 < linux_probe> as they fail to meet the times, they get flushed away and are on shart list 17:26 < alabaster> what cos are more or less antiquated now? 17:26 < linux_probe> it's not all ciscos fault 17:27 < linux_probe> but consumers thiunking wee many years last 17:27 < alabaster> I'm trying to study for Network admin/Engineering/tech etc etc.. Which companies are more in the now or future??? 17:27 < d0nde> what's a better alertnative iyo? 17:28 < linux_probe> tossup between all the vendors IRL 17:29 < redrabbit> alabaster: who cares about the big boxes, learn by designing your own projects. 17:29 < redrabbit> get shit done 17:30 < redrabbit> find something you desire to achieve and do it 17:56 < xochilpili> hi all 17:57 < alabaster> anyone have any experience with Cisco VIRL? 17:58 < xochilpili> does anyone have an idea how to connect to management usb port of a fortigate without fortiExplorer ? 17:58 < xochilpili> i have been hacked and someone reset or change my admin password 17:59 < xochilpili> i cant download fortiExplorer for windows, there's only for ios and i have no admin password 18:01 < compdoc> reset to defaults? contact fortigate? 18:02 < xochilpili> if i reset to defaults i lost all config 18:02 < alabaster> I take that as a no? 18:02 < xochilpili> there're config that i dont even remember 18:03 < xochilpili> also there's an user & pass for my adsl ISP 18:05 < xochilpili> connecting the usb to my computer i only have this: New USB found ... fortigate ... using tail -f /var/log/messages 18:05 < xochilpili> but there's no /dev/ttyUSB0 or something to be able to access 18:13 < Apachez> use dmesg 18:13 < Apachez> dmesg 18:13 < Apachez> connect the usb device 18:13 < Apachez> dmesg again 18:13 < xochilpili> Apachez, i did that, but there's no ttyUSB 18:13 < xochilpili> there's only new USB port ... Fortigate serial ... etc 18:14 < xochilpili> but there's no ttyUSB or something 18:14 < Apachez> perhaps its /dev/fortigateserial ? 18:14 < shtrb> Which genius thought it is a good idea to write please use letters from the upper register?!. 18:15 < xochilpili> Apachez, also, there is another port called "Console" which is a Ethernet port, but is this working with a normal ethernet cable? 18:15 < xochilpili> or those Ethernet<->Serial cable? 18:15 < tds> that's likely rs232 just with an rj45 port 18:15 < xochilpili> i havent that cable 18:15 < xochilpili> so using USB is not possible? 18:19 < xochilpili> everything i find googling said that USB management port requires FortiExplorer and there's no option in forti's webpage about fortiExplorer for windows or mac to download 18:19 < Apachez> I dont get it 18:19 < Apachez> what is it you are trying to connect to your computer? 18:19 < Apachez> put it in imgur.com or something 18:20 < Gurkenglas> Can I use my home router's flatrate to make phone calls from my mobile phone over the internet? 18:22 < xochilpili> Apachez, what, i dont get what u mean? 18:24 < xochilpili> Apachez, take a look, this is almost the same backside of my fortinet: http://cookbook.fortinet.com/wp-content/uploads/sysadminnotes/USB%20Mgmt%20port/FG-60C_Bk-USB-ports.png 18:25 < xochilpili> then, i have connected that USB port to my computer and then i have use tail -f /var/log/messages and New USB appears, but looking in ls -lia /dev/ there's nothing to connect to, or at least no idea how to connect to that port 18:26 < brianx> alabaster: stop asking the same non question over and over. ask what you want to know, nobody is going to blanket say that they are familiar with some shit. 18:26 < xochilpili> every webpage i found about it said that using that USB management port is for some software called "fortiExplorer" but i cant download it from fortinet's webpage 18:26 < Apachez> yeah that read one sure looks like a host port 18:26 < alabaster> I really don't know what to ask ... 18:27 < Apachez> and you should be able to connect a fitting cable to that and a regular usb-a connector at the other end to your computer 18:27 < Apachez> and the device should popup 18:27 < Apachez> however I dunno if your firmware supports that 18:27 < Apachez> perhaps its just some debug for vendor thingy? 18:27 < alabaster> I can't even get it to run. So theres that 18:27 < Apachez> better to use a usb to serial and then use serial to connect to your device 18:27 < alabaster> I asked twice by the way. I'm sorry? 18:28 < xochilpili> Apachez, i have no USB-Serial cable available and also, it's sunday everything is closed 18:29 < brianx> there's a basis for a question. ask if google knows the exact error message that you get when attempting to install alabaster. 18:29 < Apachez> ask a neighbour, they will for sure have one 18:29 < alabaster> Its installed 18:30 < alabaster> nevermind 18:30 < s4scha> xochilpili I guess you need a Fortinet Support account to download FortiExplorer. I can see it in the download portal 18:30 < Apachez> fortiExplorer is probably only accessible when you login through supportaccount 18:31 < brianx> poor questions get poor answers alabaster. i wish you luck in creating a better question. 18:33 < xochilpili> s4scha, i did register but in the download section of firmware i got: Sorry, you don't have any product covered by Fortinet support contract. 18:33 < s4scha> Ok, hold on. 18:35 < Apachez> then get a support contract 18:35 < Apachez> och switch vendor 18:41 < jorja> Hello 18:42 < jorja> I have a Linksys E1200 and I keep losing the wifi from it. When I connect to a wifi device it will say saved, securd everytime it tries to connect. Is there a way to stop this from hoping? 18:44 < Kingrat> try a firmware update, or replace it, its a pretty old low end router it could be going bad 18:45 < jorja> The router is almost brand new 18:45 < jorja> and it shows the firmwarte is up to date 18:46 < brianx> try the prior version then. the latest could have a bug. 18:47 < zapan> greets 18:49 < zapan> is this reccomended? two cat6 bare wires under the same sleeve? 18:49 < Apachez> same sleeve=? 18:49 < zapan> plastic wrap? 18:49 < zapan> plastic tube? 18:50 < Apachez> I still dont understand 18:50 < Apachez> wtf is a "cat6 bare wire"? 18:50 < Apachez> with no insulation whatsoever? 18:50 < zapan> I have to say that none worked properly. I think it was due to cutting corners and convenince or the dude thought CAT6 is same as CAT3 18:51 < zapan> Apachez: individual wires with it's own plastic wrapping. 18:52 < Apachez> thats not a cat6 cable 18:52 < Apachez> cat6 cable have insulation on each wire, 2 wires are wrapped around each other and forming 4 pairs, which then are wrapped around each other and then you have an outer insulation 18:52 < Apachez> if its shielded then each pair or the whole cable can have a net or a foil 18:53 < Apachez> henced twisted pair or shielded twisted pair 18:54 < jorja> And if that does not fix the issue 18:55 < Apachez> jorja: download wifi analyzer to your phone and check the air 18:55 < Apachez> select a less crowded channel 18:55 < Apachez> if possible use 5ghz instead of 2.4GHz 18:55 < Apachez> check the powersupply, failing supplies often gives odd results in the router 18:56 < jorja> donnt have a phone that can do that 18:56 < Apachez> use latest firmware 18:56 < Apachez> verify settings 18:56 < Apachez> make sure you have proper cooling around your router, overheating is a common cause to "wifi is going down" 18:56 < Apachez> use a cable instead of wifi 18:56 < jorja> I am connect ethernet cable to the router right now 18:56 < Apachez> jorja: you dont have a smartphone around? 18:57 < jorja> tthere is nothing around the router but the desk it is sitting on 18:57 < jorja> nope 18:58 < zapan> Apachez: thanks, I tested with single wire, no the two-in-one, and everything connected correctly. 19:04 < xochilpili> s4scha, now i have connected with fortiExplorer and USB 19:08 < xochilpili> s4scha, do you know how to reset admin password? 19:08 < xochilpili> i have in console mode, and ask me for a password reading this: https://docs.fortinet.com/uploaded/files/1708/Resetting_a_lost_admin_password.pdf 19:09 < pankaj> Somebody here? I need help with my TP Link router. 19:09 < xochilpili> user maintainer and password bcpn+Serial not working at all 19:10 < xochilpili> anyone? 19:11 < s4scha> xochilpili Maybe try the maintainer again? I don't think there is another way 19:12 < xochilpili> s4scha, i will try restarting and "Note: On some devices, after the device boots, you have only 14 seconds or less to type in the username and password. I" 19:13 < zapan> now that Intel IME has been cracked is it a good idea to got an intel CPU? 19:13 < zapan> for 'always-connected' solutions 19:14 < Apachez> just disable intel IME 19:14 < jorja> It gets old having to unplug the router everytime this happens 19:15 < zapan> Apachez: no, use the IME for custom programs/utilities 19:15 < Apachez> ? 19:16 < db`> Holaz 19:16 < db`> How do I use a backdoor shell as a proxy server ? 19:17 < db`> backdoor shell runs on http (PHP) 19:17 < zapan> db`: that confusing 19:18 < db`> Well, what exactly? 19:18 < zapan> backdoor shell proxy server http (PHP) 19:19 < db`> Well, I have a php based shell uploaded on my vps 19:19 < db`> shell = backdoor shell 19:20 < db`> i am now wanting to use that shell as a proxy server 19:20 < db`> instead of a regular openVPN or PPTP vpn. 19:20 < zapan> db`: where to get a cheap vps? with vps it's possible to install full blown linux? 19:20 < db`> yea, but what kind of a query was that lol? 19:21 < db`> zapan: ? 19:22 < zapan> db`: query? 19:22 < db`> zapan: Yea, 19:22 < zapan> db`: I didn't database though 19:22 < db`> zapan> db`: where to get a cheap vps? with vps it's possible to install full blown linux? 19:22 < db`> I'm not a Bot. 19:23 < zapan> looking for some recomendation 19:23 < db`> on what? 19:23 < zapan> vps 19:23 < db`> lowendbox.com 19:23 < db`> not advertising, just letting him know. @ops. 19:23 < zapan> db`: for an always on email server. 19:23 < db`> anything at all, zapan. 19:24 < db`> Its a community like freenode. 19:24 < db`> join their irc channel for some reviews on who's best/worst/etc 19:24 < db`> Now, what about my shell? 19:24 < tds> you'll have to be slightly more careful for sending mail, eg the very dodgy providers might have their ip space blacklisted already 19:24 < zapan> db`: wow nice 1.87/mo 19:25 < zapan> tds: what?? --> 'the very dodgy providers' 19:25 < zapan> tds: this email server needs to robust. 19:25 < db`> true that tds. 19:26 < tds> with super cheap providers quite often people are abusing the vpses for spamming and whatnot, so it's possible large companies (eg gmail) will blacklist their address space 19:26 < db`> there are specific email server services too. 19:26 < hiya> What is slave DNS? 19:26 < db`> idk abt gmail but msn blocks everyone 19:26 < zapan> tds: what did you mean ? the entire lowendbox.com is a 'dodgy provider'?? 19:26 < db`> :/ 19:26 < hiya> Can someone help me understand in nutshell? 19:26 < db`> leb is a community, zapan 19:26 < tds> ^ 19:26 < tds> there's lowendtalk which is the forum to go with it 19:27 < zapan> got it 19:27 < db`> zapan: go with the user reviews before blindly buying from shithead hosts 19:27 < tds> there are loads of providers on both with varying cheapness/dodginess :) 19:27 < lupine> scaleway is EUR2 and not terrible 19:27 < zapan> db`: where's the irc channel? 19:27 < lupine> go enjoy 19:27 < db`> idk if I can mention it here. 19:27 < db`> goto their website 19:27 < zapan> lupine: thanks, better EU for this case. 19:27 < db`> and follow up 19:28 < tds> zapan: scaleway are run by online.net iirc, so they're fr 19:28 < db`> tds: Using a backdoor shell for a proxy server. How? 19:28 < db`> What's this BINDSHELL thingy? 19:28 < db`> I got an option to start a bindshell service on my vps. 19:29 < db`> can I then connect to that bindshell port via SSH? (Putty 19:30 < zapan> lupine: insanely cheap!! I thought this sort of thngs where expensive. 19:37 < lupine> zapan: no, they're commodity things now 19:38 < zapan> lupine: I am surprise how the ARM option is cheaper and higher specs. 19:38 < zapan> lupine: is ARM ok for low traffic email server? 19:38 < lupine> sure 19:38 < jadesoturi> Td 19:38 <+catphish> sure 19:39 < lupine> they have ARM for €2.99 that is actually dedicated hardware, also 19:39 <+catphish> who has arm servers? 19:39 < zapan> thanks 19:39 < lupine> scaleway 19:39 <+catphish> are these low spec arm devices like RPi type things, or high spec server boards? 19:39 <+catphish> i guess if they're VPS it must be the latter 19:39 < lupine> the VM ones are the latter; the dedi ones are like the former, but better than RPis 19:39 < lupine> custom design 19:40 < lupine> (scaleway are a brand of online.net) 19:41 <+catphish> where does one buy an arm server? 19:41 <+catphish> they sound sexy 19:41 < lupine> hardware to have yourself? 19:41 <+catphish> yeah 19:41 <+catphish> who makes the CPUs and boards? 19:41 < Apachez> the russians 19:41 < jadesoturi> tds, so I talked to the hotel "techie" who sais there is no problem and their line is stable, and that he is sure that it's my computer. I highly doubt it, since never had that problem ever. But, his main argument was that since my phone works fine then it must be the computer., Completely ignoring the fact that my gf 's phone has the same problem.. 19:41 <+catphish> Apachez: can you be more specifical? 19:42 < Apachez> catphish: the evil russians 19:42 <+catphish> qualcomm maybe? 19:42 < zapan> no-name arm 19:43 < xochilpili> s4scha, Apachez thanks a lot for your help! 19:43 < lupine> consider http://www.ambedded.com/downloads/Mars200_arm_server_spec.pdf 19:43 < jadesoturi> But he does have a point. My cell works pretty much flawlessly. Tried pinging all the same ips and hosts from it and only a few packets were lost. On pc it's like 0-150 packets ok, then total loss untill packet 400+, then ok for another 150 or so packets, then again total drop... 19:43 <+catphish> i found some info on a cavium_gigabuye thing 19:43 < lupine> ARM is an IP company, not a silicon company 19:43 < lupine> anyone can license the designs, choose a silicon company and get cracking 19:43 <+catphish> lupine: "get cracking" lol 19:43 < Apachez> its like a closed source cpu design cad 19:44 < zapan> Apachez: verilog 19:44 <+catphish> i think quite a lot of money and expertise is required to get a CPU fab'd 19:44 < Apachez> go for vRISC if you want some open stuff 19:44 < VincentHoshino> think I saw a review of a ARM server on either anand or servethehome 19:44 < lupine> for sure, but the poor don't count as people 19:44 < jadesoturi> Can this have something to do with mtu or packetsizes or something? I'm still gonna be here for another week and would really like to have this sorted as I got some work that needs doing... 19:44 <+catphish> can anyone download an ARM core and run it? 19:44 <+catphish> or do you need some commercials in place? 19:44 < zapan> catphish: qemu? 19:45 <+catphish> no, i mean a real one 19:45 < s4scha> xochilpili Glad it helped! 19:45 < xochilpili> :D 19:45 < VincentHoshino> ahh here it is https://www.anandtech.com/show/12694/assessing-cavium-thunderx2-arm-server-reality 19:45 <+catphish> cavium do seem to be the main people making them 19:46 < Apachez> cavium does all kind of magic 19:46 < Apachez> their octanes sits in paloalto gear 19:46 <+catphish> wel i look forward to arm servers being a serious option 19:46 <+catphish> because while i like intel, i don't like x86 19:47 < lupine> the designs are proprietary 19:47 < lupine> there are four-freedom chip designs I believe 19:48 <+catphish> i wonder if it's worth designing a CPU for educational learnings 19:48 <+catphish> i often see it presented as a good project 19:48 < tds> I seem to remember online.net themselves were selling the arm boards they use, just getting one of those and plugging it in isn't much of a project though :) 19:49 <+catphish> 2 very different things :) 19:49 <+catphish> i'm interested in arm servers for professional usage 19:50 <+catphish> also, who doesn't want to run risc os :) 19:50 < VincentHoshino> risc is the future lol 19:50 <+catphish> well that much is clear 19:51 < zapan> VincentHoshino: zukunft when? 19:51 <+catphish> i mean, it already dominates basically everything that's not server/desktop 19:52 < VincentHoshino> it really does 19:53 < tds> I saw something about cloudflare using arm servers, I'd be interested in what hardware they're using for that 19:53 <+catphish> ask them :) 20:00 < jadesoturi> Anyone? Really frustrating sitting here trying to figure it out. But just don't get it why it works on my phone but not the laptop at the same time. They are like 20 cm from one another.. 20:00 < djph> jadesoturi: what're you breaking? 20:01 < jadesoturi> Hotel hotspot problems 20:02 < jadesoturi> Can ping the gateway but traffic beyond that only works for like 150 packets at a time(pinging) then drop for another 200 packets. Then back on again and so on and so on 20:02 < djph> oh, those're fucked 9 ways to sunday. 20:02 < jadesoturi> My phone however has no problems(hardly any packet loss) 20:02 < djph> and likely the reason that the phone is "working(tm)" is that it's falling back to LTE 20:02 < jadesoturi> My gf's same as my pc.. 20:02 < jadesoturi> No 20:02 < jadesoturi> Cellular data is of 20:02 < s4scha> jadesoturi IP address conflict? 20:03 < jadesoturi> s4scha hmmm how could I check that? 20:04 < jadesoturi> I think client isolation is on, so not sure if I can see others on the same network... 20:04 < jadesoturi> The hotel "techie" sais there are no problems.. 20:05 < s4scha> Turn wifi on your phone off and then manually set the IP address on your pc to that what your phone had 20:06 < jadesoturi> Hmm.. well I know the phone and the pc has different ips.. but I'll try that. Well loose connection to znc then since that's how I'm on irc but will be back as soon as I can ;) 20:07 < s4scha> jadesoturi Or maybe use the IP of your gf's phone it works now? 20:08 < jadesoturi> My phone is the only one that's seems stable. She has the same problems on her phone as I have on my pc. 20:08 < s4scha> Ah, ok 20:37 < jadesoturi> s4scha, oki. so set the same IP on pc as on phone, didnt really help. still lagged out after pinging around 150-170 packets..(pacman -Syu managed to finish though in the mean time) 20:38 < jadesoturi> but now i cant get online with the phone, even if i disconnect the pc.. get (NETWORK_SELECTION_DISABLED_DHCP_FAILURE)and after a while it adds (NETWORKS_SELECTION_TEMPORARY_DISABLED, 5m 15s) in the android wifi settings... 20:48 < jadesoturi> now ive set the same ip settings on the phone that was n the laptop. gets connected, but cant get online.. 20:50 < quebre> hello all 20:53 < quebre> is there a way to change IPSec VPN server listening port? the default is 500 20:58 < dminuoso> quebre: If your server has a configurable option for it, then yes. 21:00 < quebre> how about windows10 builtin VPN client? possible to change source port? because it's also 500 21:07 < jadesoturi> s4scha, ok. so no, changing IP to that of the phone didnt really help. still same behaviour on the laptop. and swapping IPs didnt really do anything. had some trouble getting online on the phone with the static IP from the PC, but when on, it works no problem, just like with DHCP.. 21:07 < dminuoso> quebre: Refer to the documentation. 21:07 < s4scha> jadesoturi Hm, strange 21:10 < jadesoturi> Yeah. It is..I just don't get it... I took the laptop to the airport earlier today to test the hotspot there, worked no problem... 21:11 < phre4k> my PTR record is not pointing to my mail server's hostname, is that a bad thing? I don't want to separate mail- and webserver 21:11 < tds> you're probably fine as long as it points to a hostname with an a/aaaa record pointing back to the original address 21:12 < quebre> dminuoso: i ask here ;D 21:12 < quebre> dminuoso: but if you can point me to that documentation i can read it ;) 21:12 < dminuoso> quebre: If you want to know how to configure your software, its not too much to ask you to refer to the documentation. 21:12 < dminuoso> That's fair enough 21:13 < dminuoso> quebre: Realistically I do not think you can configure the source port 21:13 < phre4k> quebre: IPSec is shit, use OpenVPN 21:13 < dminuoso> You can rarely configure it, if ever, in software. 21:13 < phre4k> literally all my little problems with IPSec were solved by using OpenVPN and every maintained OS supports it nowadays 21:13 < jadesoturi> s4scha, can it be that my phone really also has the same problem, but because of some android settings it check if the link is OK, and if not, just drops and reconnects silently in the background so i dont notice the "drops" other then a little slow loading of pages etc? 21:13 < jadesoturi> but then again, i would disconnect my vpn and znc, no ? 21:14 < jadesoturi> it would* 21:14 < quebre> phre4k: yes i just don't like the OpenVPN client.. can i use other client for OpenVPN ? 21:14 < phre4k> quebre: why do you not like it? 21:15 < quebre> phre4k: i'll be honest, i like it, my boss don't, he would preffer to use built in windows10 VPN, but we have system that blocks connections if the source and destination port is the same, with IPSec the udp/500 is source and destination, with OpenVPN i'm able to add 'nobind' to the client config and then the src port is random, damn, if i could do the same with IPSec... 21:17 < phre4k> quebre: you probably can, but I wouldn't bother and just tell your boss that the software isn't able to do that and the only viable option is OpenVPN, Wireguard (which is in beta) and a third-party, costly, proprietary VPN solution (see alternativeto.net). 21:17 < phre4k> You always have to provide 3 options where the option you want to "sell" is the middle ground (in this case: OpenVPN – doesn't cost anything and is not beta) 21:17 < jadesoturi> <3 wireguard 21:19 < phre4k> tbh I don't know any proprietary self-hosted/SaaS VPNs apart from Hamachi 21:36 < Apachez> quebre: didnt you confuse that with blocking i srcip==dstip ? 21:37 < Apachez> blocking just because source and destination PORT is the same sounds retarded beyond recognition 21:37 < Apachez> blocking when source and destination IP is the same is sane 21:38 < quebre> Apachez: https://docs.cumulusnetworks.com/display/DOCS/Configuring+Hardware-enabled+DDOS+Protection 21:39 < quebre> Apachez: i agree with you tho 21:39 < quebre> i would preffer to have that "protection" off 21:39 < quebre> but it's not up to me ;) 21:44 < Apachez> that is just broken 21:45 < Apachez> dos.tcp_ports_eq = false 21:45 < Apachez> dos.udp_ports_eq = false 21:45 < Apachez> set those configs and you are set 21:46 <+catphish> "UDP source PORT matches the destination PORT" seems like that inparticular would break several old implementations of standard protocols 21:46 <+catphish> and probably some p2p stuff 21:46 < xingu> also ntp. 21:46 <+catphish> does nto still do it? 21:46 < xingu> yup 21:46 <+catphish> i know DNS doesn't any more 21:47 < Apachez> would break all sort of things 21:47 < xingu> iirc many embedded syslog clients do too 21:47 < Apachez> any service that listens on >1023 would be broken by a 1:10000 probability 21:48 < Apachez> err 1:16383 21:48 < Apachez> ephream ports are today defined as 49152-65535 21:48 < Apachez> old standard was 1024-65535 21:48 < Apachez> that is the srcport the client uses when establishing a connection 21:49 < xingu> might as well block based on the value of the security flag. 21:50 < zeldafan78> Is there some way to instruct the e-mail client (through the e-mail) that the user can unsubscribe by clicking a button which sends an e-mail back as a reply with a specific subject line filled in, so the user doesn't need to type "unubscribe" in the subject line themselves? Plaintext only. No HTML. 21:50 < xingu> email clients have buttons? 21:51 < rewt> zeldafan78, no, that's not part of the email protocol 21:51 < zeldafan78> xingu: Um... yes. 21:52 < zeldafan78> rewt: And not some kind of modern "RFC" either? 21:52 < rewt> the email protocol is in RFCs 21:52 < xingu> the world went to crap when pine dropped. 21:52 < xingu> elm forever 21:52 < zeldafan78> Never heard of either. 21:52 < zeldafan78> I assume they are CLI e-mail clients from the 1960s. 21:53 < rewt> pine is from 1990s 21:53 < rewt> elm is from 1980s 21:54 < zeldafan78> The thing is, I don't want to have a website with hosting and stuff and having to include a HTTPS hyperlink in the bottom of each e-mail for unsubscribing. I can very well imagine that many users will be annoyed and confused by the lack of such a hyperlink, and won't understand how to reply to the e-mail with "UNSUBSCRIBE" as the subject, resulting in them just marking it as SPAM instead, which affects me negatively. So that's why I would love 21:54 < zeldafan78> a standard way to instruct their e-mail client how to unsubscribe. 21:55 < rewt> how about having opt-in instead of opt-out? 21:55 < xingu> how about just not sending unsolicited bulk email at all? 21:55 < zeldafan78> (Also, including any links makes it more likely to be seen as spam.) 21:55 < zeldafan78> How do you know it's unsolicited? 21:55 < rewt> and what does a website have to do with having HTML in the email? 21:55 < zeldafan78> rewt: It has to handle the unsubscribe request. 21:56 < rewt> no, it doesn't... 21:56 < zeldafan78> ? 21:56 < zeldafan78> If a hyperlink is used, that is. 21:56 < rewt> look up email: links 21:56 < zeldafan78> rewt: I can't find any reference to "email:". Do you mean "mailto:"? 21:57 < rewt> sure 21:57 < zeldafan78> Well, that makes equally little sense. 21:57 < rewt> why? 21:57 < zeldafan78> I don't send HTML e-mails, and I don't want the links in the e-mails... that was the whole point of asking? :/ 21:58 < rewt> mailto: links don't need any server anywhere; it's all handled by the email client 21:59 < zeldafan78> Yes, but it requires me to use HTML. 22:00 < zeldafan78> I'm opposed to that for both philosophical and practical reasons. 22:00 < rewt> btw, i mark spam as spam even if it has an unsubscribe link, because most of those are just a way of saying "yes, my email is valid and goes to a real person, please add it to all the email lists you sell to everyone" 22:00 < zeldafan78> Sending e-mail has become a highly complex and frustrating science. 22:01 < zeldafan78> They have extremely harsh rules and won't even send e-mails if they detect that you are sending to people who don't want it, which they detect in numerous semi-evil ways. 22:01 < rewt> interesting that you're philosophically opposed to using html for email but not to spamming everyone 22:01 < zeldafan78> Never said anything about spamming anyone. 22:01 < rewt> if it's not spam, it doesn't need an "unsubscribe" button/link 22:01 < zeldafan78> But even if that were the case, the explanation would be that it's impossible to get people to opt in. 22:02 < rewt> have the people /actively/ opt-in (not just check opt-in by default when they fill out a form) 22:02 < zeldafan78> "if it's not spam, it doesn't need an "unsubscribe" button/link" <-- So you literally never change your mind? You sign up for some newsletter at age 13 in year 1993, and you never will want to unsubscribe in the future? 22:02 < rewt> i don't sign up for spam 22:03 < rewt> and legit sites that do have opt-in also have an online account setting area where you can uncheck the opt-in box 22:12 < Apachez> of course not 22:13 < Apachez> only pedophiles unsubscribes 22:13 < Apachez> I mean what do you have to hide? 22:26 < jason85> In TCP Tahoe congestion avoidance, what does it mean that cwnd will be increased by MSS/cwnd for every incoming ACK? 22:33 < Apachez> cwnd = c window? 22:33 < Apachez> client widnow? 22:34 < Apachez> normally small windows = little amount of data "in transit" (aka onto the wire which didnt ack from the other side yet) 22:34 < Apachez> the goal is to have as small windows as possible (since they waste ram) yet large enough to fill the link between client and server 22:34 < Apachez> and the link is defined by speed and latency 22:35 < Apachez> so normally you start small and then try to increase the effective speed until you hit the roof 22:35 < Apachez> because if you send too much data onto the wire packets might start to get dropped along the road 22:36 < jason85> Apachez: Okay, how could I calculate the theoretical maximum window size of a given link defined by speed and latency? 22:36 < Apachez> there is this bandwidth delay product 22:37 < Apachez> https://en.wikipedia.org/wiki/Bandwidth-delay_product 22:37 < Apachez> note however that the BDP doesnt take into account various optimizations which exists today such as selective acks, delayed acks etc 22:38 < Apachez> SACK and DACK makes you need small window size to remain at full speed for a specific bandwidth and latency 22:38 < Apachez> in other terms you need less mem than defined by the BDP to do the same :) 22:41 < jason85> Apachez: Thank you, this helped :) 22:42 < Apachez> np 22:44 < Apachez> so the various congestion methods is about how fast you go up to full speed and how to behave when you detect that packets starts to get dropped (for whatever reason) along the road 22:44 < Apachez> cubic is default in linux 22:44 < Apachez> while bbr is the newest cool kid in the class 22:47 < Apachez> this is a really good writeup on this subject https://blog.apnic.net/2017/05/09/bbr-new-kid-tcp-block/ 23:17 < Apachez> its about location when you place your ads https://twitter.com/LaloDagach/status/1003361997432467456 ;-) --- Log closed Mon Jun 04 00:00:44 2018