--- Log opened Wed Jun 06 00:00:46 2018 00:30 < drac_boy> hi 03:29 < Rayben> twelve Olympians of twelve gods 03:29 < Rayben> The twelve astrological signs of the zodiac 03:29 < Rayben> The Twelve Labours of Heracles 03:29 < Rayben> Twelve Heavenly Generals or Twelve Divine Generals 03:33 < compdoc> six of that or half dozen of another 03:40 < dogbert_2> hey compdoc 03:41 < compdoc> howdy 03:43 < dogbert_2> whazzup? 03:43 < compdoc> learning samba 03:43 < compdoc> you? 03:44 < dogbert_2> heh..too much w3rk 03:45 < dogbert_2> and writing bad reviews at various places that I've eaten at here locally 03:45 < compdoc> heh 03:45 < compdoc> will they know it was you? 03:46 * dogbert_2 shrugs...it seems as if service has gone in the toilet anymore, and I tip pretty good 03:47 < dogbert_2> I've tipped up to 100% on a given meal 03:48 < hagbard> I've tipped 200% of the bill, but that's because the bartender wasn't really recording what drinks we ordered very carefully. I don't know if it was intentional or not, but I felt better paying for the drinks we drank. 03:48 < hagbard> Then again, I think she was also drinking on the job and/or didn't care. 03:49 < hagbard> the drinks were great, though. 03:49 < dogbert_2> LOLZ 03:49 < dogbert_2> well, it's pretty bad in a lot of places, and I live in Vegas 03:49 < spaces> dogbert_2 trying to get rich ? 03:51 < dogbert_2> naww...just hate bad service is all... 03:51 < EchelonX> Hey guys 03:51 < spaces> yeah me too but I mean @ vegas :P 03:52 < spaces> aren't you getting tired there because of all money people ? 03:53 < EchelonX> I have a question about my home network configuration 03:54 < EchelonX> My setup uses an old desktop with a PCI Dual Gigabit Ethernet Nat Card, Running Arch32, as a router. 03:54 < EchelonX> But there is a problem... 03:55 < EchelonX> Under high load.... 03:55 < EchelonX> Say, nice servers or torrents 03:56 < EchelonX> I have trouble creating and maintaining additional stable connections 03:56 < dogbert_2> probably needs tuning... 03:58 < EchelonX> I'm sure it's some priority given to the first socket connection or something, but I need a way to trace down where the bottleneck is and then how to prioritize distribution of bandwidth across them 03:58 < EchelonX> Do you have any guidance on where/how to start? 03:59 < dogbert_2> not really, I haven't used a linux box for a router in more than 8-10 years 04:00 < EchelonX> Well...I'm not even sure if I can blame the box. Could it be the way the ISP is handling the connections? 04:00 < EchelonX> Unfortunately, I'm not a network expert 04:02 < EchelonX> I say this because I had a similar problem with the Cisco 2621 I used to use before I switched to the Linux PC 04:02 < EchelonX> That's one of the reasons I switched 04:02 < EchelonX> I figured the 20 year old router was the bottleneck lol 04:03 < EchelonX> Those things are bricks 04:03 < EchelonX> They just run and run 04:05 < dogbert_2> possible... 04:05 < EchelonX> Actually, now that I think back, I'm fairly sure that was at least part of the problem. Because under load, it would not accept a telnet connection from the local internet. 04:05 < EchelonX> *network 04:05 < hagbard> Aren't 2621's from the bronze age? 04:05 < dogbert_2> EchelonX...you'd be better off getting a dedicated device (a consumer router from Netgear, D-Link, Buffalo, etc) 04:06 < dogbert_2> what are you using for a internet connection? 04:06 < EchelonX> You can hate, but I'll trust them over a consumer grade plastic box any day 04:06 < EchelonX> I gave up of those after they would go out after a year 04:07 < EchelonX> Each new one, lasted a shorter amount of time than the last 04:08 < dogbert_2> I have an Arris Surfboard SB6183 and a D-Link AC1750 04:08 < EchelonX> But since I run a custom DNS server for the local network, I would still have to have a 2nd device. Even if it was a RPI. If I switched to a new traditional home device 04:09 < DoctorDick> Build a pfsense box 04:10 < EchelonX> Hahaha 04:10 < EchelonX> Those are all the hype in the tech circles I hear 04:11 < dogbert_2> yeah, pfsense might do the trick in this case 04:11 < EchelonX> You guys might also get a kick out of the fact that I am also using an Cisco Aironet 1200 as an AP 04:11 < dogbert_2> man, that's pretty old 04:11 < EchelonX> haha 04:12 < EchelonX> I'm telling you guys. This old business equipment lasts 04:12 < EchelonX> It just might not support the latest standards and speeds 04:13 < Kingrat> like wpa2 04:13 < EchelonX> Let me double check Kingrat 04:13 < tds> I'm not familiar with arch but I do run linux routers - assuming you're doing firewalling and/or nat, you might want to look at the max number of entries conntrack is set to record 04:14 < tds> since torrenting will generally open a large number of connections at once 04:14 < EchelonX> Actually, it does support WPA2 04:14 < EchelonX> My network is WPA2-PSK 04:14 < EchelonX> But it only supports 54Mbps 04:15 < Kingrat> wow, not bad then 04:15 < EchelonX> I'll look into that now tds 04:15 < EchelonX> Hang on 04:15 < dogbert_2> u can tune some kernel params with sysctl 04:15 < Kingrat> i figured itd be regular wpa at best 04:16 < dogbert_2> yeah, but probably won't be able to do WPA3 unless they put out a firmware update 04:16 < EchelonX> You know those Torrent firmware images 04:16 < EchelonX> lol 04:16 < EchelonX> Just about the only way to get updates as a consumer 04:16 < EchelonX> haha 04:17 < EchelonX> That was the problem with the 2621. Didn't have enough ram to run the newer images 04:17 < tds> oh actually, what do you mean by "high load... Say, nice servers"? 04:17 < EchelonX> Ran out of space during decompression 04:17 < tds> I wouldn't expect servers to generate a load of sessions like that, unless you're running something relatively high traffic or torrenting or something 04:17 < EchelonX> Like...Game downloads... 04:18 < EchelonX> Or popular torrents 04:18 < EchelonX> Right now the "AMD64 Debian Stable iso" Torrent download is causing my music streaming to buffer 04:19 < EchelonX> Running about 4Mbps 04:19 < EchelonX> Trouble is, the first connection seems to get priority (speed) 04:19 < EchelonX> The other drop 04:19 < EchelonX> timeout 04:19 < EchelonX> Or barely run 04:20 < Kingrat> you need some type of fair queue, like cake or pie if you want simple 04:21 < EchelonX> Interesting 04:22 < EchelonX> Let me put a bandwidth limit on my bittorrent client so I can look that up lol 04:22 < EchelonX> one sec 04:28 < EchelonX> Kingrat 04:29 < EchelonX> I think Network Traffic Control (tc, the linux kernel network scheduler, etc...) is what I need to look into 04:29 < EchelonX> Thank you for the suggestion 04:29 < EchelonX> I'll have to start doing some reading now 04:29 < Kingrat> yeah you will be using tc and marking packets with iptables most likely 04:30 < Kingrat> been a long time since i did it manually in linux, back then htb was the most advanced queue 04:32 < EchelonX> Well i'll hope there has been some progress on it 04:32 < EchelonX> lol 04:32 < EchelonX> Thanks again 04:35 < EchelonX> And thanks everyone who contributed 04:35 < EchelonX> Have a great night everyone 04:35 < EchelonX> :) 04:41 < Rayben> Castor and Pollux 04:41 < Rayben> Dioscuri 04:41 < Rayben> Romulus and Remus 04:41 < Rayben> Trojan War 04:43 < spaces> dogbert_2 is Vegas only city or do you have areas there where you don't see the strip at all ? 04:44 < Raybin> Castor and Pollux 04:44 < Raybin> Dioscuri 04:44 < Raybin> Romulus and Remus 04:44 < dogbert_2> you can see the strip from most areas, not all 04:44 < Raybin> Trojan War 04:46 < spaces> dogbert_2 but do you have these rampeage tourists there as well ? so I mean can you actually live there a normal life as well ? 04:47 < dogbert_2> yeah...it's like any other place... 04:48 < spaces> ok, soundsw good 05:05 < spaces> dogbert_2 how often do you visit that strip when you live there ? 05:07 < dogbert_2> I don't...with the rise of paid parking, I rarely go on the strip at all 05:08 < spaces> yeah that wil be expensive I uess 05:08 < spaces> guess 05:20 < sielicki> there's a gentleman in my ham radio club that is pushing 90+ years old, and at the last meeting he expressed frustration at not being able to hear anything. He has hearing aids, but they can only do so much in a large room. 05:21 < sielicki> He's offered to buy something for the group so that he could listen, some kind of microphone, but it's a bother to setup and pass a microphone so it ultimately doesn't happen 05:21 < sielicki> I was thinking it would be really simple for me to make a smartphone app that records from the mic and could relay it to a device that he could use with a pair of earbuds. 05:21 < Epic|> See if his hearing aids have Bluetooth 05:22 < sielicki> I'm thinking about the networking side of this and how I can get this done. Android doesn't have support for 802.11s so that's out. Bluetooth is a thought, but I think it's also not as well developed. 05:22 < sielicki> Well what would be really great is if everyone in the room could use the same app, and he could pick and choose from a list of who he wants to listen to. 05:22 < sielicki> Conversation goes around the room pretty easily. 05:23 < Epic|> A guy I worked with wore a mic with good processing and sensitivity on a cord around his neck for noisy environments 05:23 < Epic|> That send audio over Bluetooth to his hearing aids 05:23 < Epic|> Also worked with his tablet 05:24 < sielicki> Practically, that might be the best solution. But I'm wondering, assuming you wanted to go forward with this smartphone idea, what am I missing about 802.11n/ac that would make this possible or impossible? 05:26 < sielicki> if you had a single AP and 16+ clients all trying to stream opus to a multicast group, where one select device was subscribing to the groups, what happens with carrier-sense-multiple-access? 05:26 < sielicki> to separate multicast groups, one per phone, let's say. 05:27 < sielicki> in practice, you just end up with horrible issues, no? I mean we're not talking about a ton of data but I can't imagine that without something much more concerted in terms of organization of time slots and who-goes-when, you're just going to have chaos, yeah? 05:27 < Spice_Boy> you can pump a fair bit of data through wifi if done right 05:27 < Spice_Boy> and if it's only 16 audio streams, shouldn't be hard 05:28 < Spice_Boy> if you're going multicast though, you'll want an AP that can convert it to unicast in the air 05:28 < hagbard> say whaaaaat? 05:28 < Epic|> You'll want something that handles airtime fairness like a baus 05:29 < Epic|> (psst... Ruckus) 05:29 < hagbard> convert multicast to unicast in the air? like, with a magic wand? 05:29 < Spice_Boy> no, with multicast to unicast function like an Aruba AP does 05:29 < precise> lol 05:29 < precise> The shit I see scrolling through chans 05:29 < precise> hagbard: ++ 05:29 * hagbard bows. 05:31 < sielicki> Spice_Boy: the issue isn't just pushing 16 audio streams to one device, but moreso inputting 16 streams via 802.11n. 05:31 < Spice_Boy> still, what's your overall bandwidth? 05:31 < hagbard> sielicki: The shocking thing is that a HAM isn't considering just using, "a radio." 05:32 < sielicki> Epic|: Airtime fairness usually refers to an AP TX'ing rather than deciding when to input, right? as I understand it (which isn't saying much), clients just naively look for a carrier and if they see it, they wait for it to go away before they go 05:32 < sielicki> if you put 20+ phones all trying to do that, and it's very latency sensitive considering we're talking about a sort of hearing aid, can it really work out? 05:32 < sielicki> I'm fully willing to believe I'm just underestimating modern wireless access points, but i'm skeptical. 05:33 < sielicki> modern wireless PHYs, I should say. 05:33 < Spice_Boy> I can do multicast video (to unicast in the air) of multiple channels at once, and compared to a wired one running next to them, there's no visible delay 05:33 < sielicki> hagbard: have to identify every 10 minutes, and you can't cuss. :S 05:33 < hagbard> Well, whatever devices are recording, packetizing, and transmitting should absolutely have some form of push to talk or, at minimum, a squelch. There's no value in transmitting silence and background noise. 05:34 < Spice_Boy> so yeah it can be done, if done right though 05:34 < hagbard> sielicki: You can on unlicensed spectrum. I'm a ham, btw. KD8LVZ. 05:35 < hagbard> sielicki: Personally, I'd approach the problem by having the devices all stream to a single, master device, which could well still be a phone. That master device chooses which one, if any, of the input streams shall be rebroadcasted out. 05:35 < hagbard> This prevents people from talking over each other. 05:35 < hagbard> It's also how a master selector in a trunked repeater system works. 05:37 < hagbard> As to latency, anything digital, packetized, and processed will have orders of magnitude more delay than just analog FM. 05:38 < hagbard> But if the programmer is concientous and careful to keep queue sizes and buffering short and small, I don't imagine the delay/latency would be an issue. 05:38 < sielicki> hagbard: but strictly on the question of having the devices all stream to a single master device, you wouldn't expect issues with "airtime fairness" in terms of all these clients talking to a single AP without some sort of coordination better than CSMA/CA? 05:38 < hagbard> Btw, I'd suggest you ask the guys on #hamwan. 05:38 < sielicki> W9NLS here by the way. 05:38 < hagbard> sielicki: RTS all the way. 05:39 < hagbard> sielicki: Also, I do believe the 802.11n multimedia QOS parameters are meant for a situation very much like this? 05:39 < hagbard> Don't forget that voice is a trivial, almost insignificant amount of data. 05:39 < sielicki> I found a paper earler about research into hearing aids and what sort of delay is acceptable for hearing aids, from the ADA of all people, and 25ms was self reported as unnoticeable in their study.. 05:40 < hagbard> Also, airtime fairness, I'm almost certain relates to how an AP distributes transmission timeslots to clients using different modulations. An 802.11N client can transmit way more information per unit time than an 802.11B client. 05:40 < sielicki> Opus can be as low as 2.5ms, as high as 22ms, but still probably very usable from an encoding perspective. 05:41 < hagbard> if 2.5ms is too extreme, the SBC codec used in the bluetooth A2DP profile should have much less encoding overhead. 05:42 < hagbard> Don't forget, for speech, you only need 8kHz of bandwidth. 05:43 < hagbard> Has the gentleman consider using a directional microphone and a portable headphone amplifier? 05:43 < hagbard> *considered 05:44 < hagbard> sielicki: Oh, one last point. Audio uses such a trivial amount of bandwidth, especially at 8kHz mono, that I wouldn't worry about CSMA issues. 05:45 < hagbard> 8kHz sampling rate, 2 bytes per sample, uncompressed is only 16kB. Even if all 16 clients are streaming simultaneously, that's only 256kB/s of data. 05:47 < sielicki> I am out of my element here, I need to read more about just how 802.11 works. I definitely appreciate how little data is ultimately coming through, it's really a question of worst-case latency for any particular stream. 05:48 < sielicki> I wish I had 20+ devices next to me, where I could just TIAS 05:48 < hagbard> Talk in a Sack? 05:48 < sielicki> Try it and see 05:48 < hagbard> Oh, right. 05:48 < sielicki> :S 05:48 < hagbard> Think of it from a perspective of channel capacity. 05:49 < sielicki> The whole idea of how multicast works on wireless has always been a little bit fuzzy to me. 05:49 < hagbard> Let's assume, for a moment, that your ham club meetings are happening somewhere without ridiculous RF interference or any extraordinary conditions. 05:49 < hagbard> Oh, I wouldn't bother with multicast for your project at all. 05:50 < hagbard> Further, let's assume we can do 802.11g at 54Mbps. 05:51 < hagbard> Hold on, I'm going to see if I can pull up a better number for how many bits of data you can reasonably expect to transmit on an unloaded 802.11g channel. 05:51 < Spice_Boy> sielicki: https://youtu.be/fIg_9wJlQX4?t=211 05:54 < hagbard> sielicki: Ok, the internet concensus is that 22Mbps a reasonable expectation for a 54Mbps 802.11g network. That's 2.75MBps. We need 256kBps. So, imagine an interstate highway where there are 10 car-lengths in between every cary on the road. 05:55 < hagbard> sielicki: Sure, as you're pulling up the on ramp, you run a chance that someone will be in the left lane and delay you a car length. There's still a lot of empty road. 05:55 < hagbard> pardon, I meant the right lane. 05:57 < sielicki> hagbard: what you mostly illustrated there to me is how I have been sort of thinking about "audio streams" rather than _packets_, and now that I realize that, things seem much clearer. 05:58 < hagbard> Yes, correct. 05:58 < hagbard> Ha, yes, I can see why you were more fixated on collisions and channel contention. 05:59 < sielicki> thanks much for the advice and help, I really appreciate it. 06:00 < hagbard> One consideration for you, btw. Please believe me when I say 16bit 8kHz, mono is more than sufficient. 2.5ms is 400 packets a second. At that rate, each packet will only have 20 samples in it, which is 40 bytes of data uncompressed. When you factor in the 802.11, IP, and UDP headers on top of that, your payloads are really inefficient. 06:02 < hagbard> Again, for the hard of hearing elmer in your club, though, please consider the solution: a directional (maybe even hand-held parabolic) microphone, headphone amplifier, headphones. That way he can aim and choose whom he wants to speak to. 06:03 < sielicki> Well the other advantage of this sort of distributed setup is that we would get a mechanism for recording our presentations and meetings, which would be nice. 06:04 < sielicki> The OM in question is a WWII marine veteran, seems a bit undignified to have him be pointing a parabolic dish around the room. 06:05 < hagbard> I'm a poor judge of taste, I'll admit. 06:05 < sielicki> and if I have the excuse of being able to say, "we're doing this for other reasons", kind of a nice "out" to have him not feel as though he's burdening everyone. 06:05 < sielicki> And of course he wouldn't be burdening anyone, anyway. Man, old hams are just the best. 06:06 < hagbard> old Marines will be damned before they need anyone's help. 06:06 < hagbard> I appreciate your respect for his, well, self-respect. 06:07 < hagbard> I'm just concerned about the practical details through all of this. So, as I understood your initial idea, you wanted all, say 16, devices streaming simultaneously. Does the receiver decode and play back all of them, does it choose the loudest of all the streams, or will you have a PTT of some sort? 06:09 < sielicki> Well I was thinking you'd make up a diagram of the room you're in, and then when people open the app to allow their mic to record, they select where in the room they are. And then he (or any listener) could select what source to switch to based on the diagram. 06:09 < hagbard> Just mixing all the channels together will simply raise your noise floor by 12dB. (I think 12dB.) 06:10 < hagbard> Choosing the loudest stream is still a bit frought with problems - people shuffling or moving their chair may inadvertantly usurp the current speaker between words? 06:11 < hagbard> Also, are people going to be holding their phones up to their mouths as if they're making a phone call? (That, after all, is how they're intended to be used.) 06:11 < hagbard> Even the last option, with an explicit PTT will be problematic until people get the hang of it. 06:12 < sielicki> I wonder how bad it would be if you just had the phone's mic recording in "speaker phone" mode, I've found that newer phones are able to pick up really well. 06:12 < hagbard> I imagine that if the listener has to choose which microphone to listen to, any type of back and forth discussion will be hard to follow. 06:13 < hagbard> Here's another option. Have a podium with a podium microphone. 06:13 < hagbard> Put a video camera at the other end of the room and give your elmer a headphone off the mixer board. Make everyone with something of value to say go up to the podium. 06:13 < hagbard> like civilized people. 06:14 < sielicki> hahah, that's probably the best solution. 06:14 < hagbard> You'll need to remind anyone at the podium to repeat any questions asked before answering them. 06:14 < hagbard> Actually, you know, you could use a low-power FM transmitter and a set of FM radio headphones to make them wireless. 06:15 < hagbard> Nice feature of staying analog is it's effecitvely latency-less. 06:16 < sielicki> I don't mind playing around with the idea. In terms of whether things would be mixed together, and how you handle a back-and-forth, I think if you took the core idea to fruition and it seemed to work out okay, the rest of it could be fixed with a good enough UI 06:17 < sielicki> But yeah, you're right, the simple solutions do exist and they're likely to be much better than anything I could put together in the short term. 06:17 < hagbard> Imagine the situation. One person has finished speaking. Now, someone else has started speaking and before you can hear them, you need to spot who in the room it is, identify which microphone is the closest, and press the button. 06:18 < hagbard> Just think of how frustrating cellphone conversations become when people are cutting out for even fractions of a second. 06:20 < hagbard> If I were doing this in a manner as you're describing, I'd go for a system that selects the loudest microphone input and then holds on to that input until it is no longer the loudest for some timeout. 06:20 < sielicki> Well you're definitely right about that. But a lot of these issues exist with passing microphones as well. 06:20 < hagbard> Ie, once someone starts speaking, it will stay with them until they stop. 06:20 < hagbard> A bit like how 2m/70cm repeaters work. 06:21 < hagbard> It won't be perfect, agreed. 06:21 < sielicki> The issue with that approach is that an audio level depends on how sensitive a microphone on a particular phone, and how you balance for that across all inputs, and the complexity starts going through the roof 06:22 < hagbard> Btw, my earlier suggestion regarding the directional microphone suffers from the same problem as the choosing the microphone input. The OM's gonna go batty looking around to spot who's next every time someone stops speaking. 06:23 < VincentHoshino> btw these are really nice https://www.adafruit.com/product/1713 06:23 < hagbard> And the complexity will continue asymptotically if you're aiming for perfection. 06:23 < hagbard> But, yes, you're right that perfectly matched microphones/phones is impractical. 06:25 < hagbard> I suppose, at that point, I'd have the microphone constantly recording and calculating instantaneous power while tracking a short-term, weighted average. When that average changes abruptly, I'd call that a start event. 06:26 < hagbard> Also, I'd use the ratio between the minimum average and the maximum average as an intensity gauge. 06:26 < VincentHoshino> I use a few of those to add audio to my CCTV system things have some super gain.. can lock onto a convo in another room 06:26 < hagbard> rather quickly, though, I'd probably go ask someone who knows more DSP than I do. 06:26 < Tegu> I scrolled the backlog a bit (but not entiely). would something like a throwable soft mic cube work? https://getcatchbox.com/ 06:27 < hagbard> VincentHoshino: Interesting 06:28 < hagbard> VincentHoshino: When you say it will lock on to a conversation in another room, you still mean while your room is perfectly still and quiet, right? Or are these little microphones very selective? 06:29 < Tegu> except that box seems to be quite expensive :( 06:29 < VincentHoshino> realatively quiet.. still have AC and other stuff going.. but it will lock onto whatever is loudest and AGC it 06:29 < hagbard> While that makes getting the microphone around the room a lot easier, it still breaks down if people are too excited to speak and don't wait for it. 06:30 < hagbard> Tegu: Ok, yeah, holy crap that's expensive. 06:30 < sielicki> But they created 12,000,000+ smiles, guys. 06:31 < Tegu> if it's a ham club, you can buld something like that on your own :D 06:37 < sielicki> you have to feel for people with hearing loss, I think it's really unique versus other types of sensory loss. If you have poor vision, things aren't constantly morphing around you. If you sit at a baseball game, you can understand that the brown blob is the diamond and the green part is the outfield and you maybe won't have clarity of it but the world isn't constantly shifting around you. 06:38 < sielicki> versus with language, you might mishear something and you are constantly trying to map meaning to what you hear, and if you mishear something you have to hold all these variables in your head and try to regress back and remember what you misheard, and i can't imagine how mentally taxing that gets over time.. 07:41 < _PRaETor> heyo 07:42 < _PRaETor> I'm working on an IRC server in Python's Twisted library, and I have a question about ports: Freenode lets you connect on ports 6665-6667 and 8000-8002 for plaintext, as well as 6697, 7000, and 7070 for SSL. My question is, why have multiple ports? From what I understand, a port represents a service on a system, so is this some form of load balancing? If one server is overwhelmed, it reroutes the client to listen to a port on 07:42 < _PRaETor> another server? 07:47 <+pppingme> _PRaETor port usage on irc is more about paranoia, stupid isp's, clueless network admins, and such.. its not about any kind of load balancing in most cases 07:50 < _PRaETor> pppingme ah. So then how do networks like Freenode do the whole 'multiple server' thing? Right now it says "Your host is adams.freenode.net", what determines what host I get? How do the separate hosts communicate with each other their hosts' details (like what nicknames they have logged, etc) 07:50 < _PRaETor> I have been unable to find any information on that 07:50 < _PRaETor> Is it some sort of seperate protocol entirely? 07:50 <+pppingme> round robin dns, extremely simple 07:50 < VincentHoshino> redirect on connect does do load balancing 07:51 <+pppingme> irc doesn't do redirect, not part of the protocol 07:52 < _PRaETor> Ah I see 07:52 < _PRaETor> Thanks 07:53 <+pppingme> _PRaETor the good side of round robin dns is its simplicity, the bad side is it doesn't take any kind of traffic or serverload into consideration 07:53 < _PRaETor> pppingme Well then, are there any practical uses of having multiple ports for a network? 07:53 <+pppingme> that is unless your app somehow rewrites dns as needed, freenode doesn't do anything like that 07:53 < _PRaETor> Like surely Freenode doesn't run all those ports for no reason right? 07:53 <+pppingme> _PRaETor port usage on irc is more about paranoia, stupid isp's, clueless network admins, and such.. its not about any kind of load balancing in most cases <<< read this again.... 07:53 < _PRaETor> But that is what I mean 07:54 < _PRaETor> Are you saying that Freenode is just stupid? 07:54 < _PRaETor> Or their ISP is dumb 07:54 < _PRaETor> Etc 07:54 <+pppingme> there is a reason, idiots routinely block port 6667 and a few others out of paranoia 07:54 < _PRaETor> ahhhh 07:54 <+pppingme> freenode is smart for giving alternative ports to get around the idiot admins that are outside of freenodes control 07:55 < spaces> morning! 07:55 * spaces pings pppingme as he seems to ask for it all the time 07:55 < _PRaETor> so I guess what I will do then as far as ports are concerned is, restrict plain text ports to 6665-6669 + 8000-8002, and ssl ports 6697, 7000 and 7070, as per the rfc standards. 07:56 < RustyJ> you mean people who think evil lurks on IRC? 07:56 < _PRaETor> I'll just let whoever is setting up the server decide what he wants, as long as it falls into that 07:56 < _PRaETor> wait 07:56 < _PRaETor> pppingme "idiots routinely block port 6667 and a few others out of paranoia" but... paranoia of what? 07:56 < light> why put any restrictions on it at all? 07:56 < light> I can tell apache to listen on 6667 if I want 07:56 < _PRaETor> I want to make sure it follows the RFC standards is all 07:57 < spaces> RustyJ evil ios one of my many many names :P 07:57 < _PRaETor> Seems the standard indicates you should use 6667 07:57 <+pppingme> there's this misconception that IRC is at the root of all bots and other bad protocols 07:57 < _PRaETor> But then again I guess I could just let the person running it decide if he wants to follow the standard or be dumb or whatever 07:57 < RustyJ> spaces, evil ios huh? drank tooooo much cisco? 07:58 < _PRaETor> or if I do add a restriction, I guess 0-1025 will be it, since from what I've read those are reserved for root services or whatever 07:58 < VincentHoshino> ahh here it is.. numeric 005 RPL_BOUNCE RFC2812 07:58 < _PRaETor> lol 07:58 < spaces> RustyJ no eating my lovely breakfast ;) 07:58 < RustyJ> whatcha having? 07:58 < VincentHoshino> but yeah dns round robin mostly 07:59 < _PRaETor> I might be getting ahead of myself, I don't even have ISUPPORT or CAP implemented 07:59 < _PRaETor> lel 07:59 < _PRaETor> my code is a mess too 07:59 < spaces> RustyJ fresh baked pistolet, banana and water atm :) 07:59 < _PRaETor> spaces should eat some muffins 07:59 < _PRaETor> get some nice lemon muffins 07:59 < spaces> _PRaETor too much fat 07:59 < _PRaETor> i have fast metabolism so more for me 07:59 < _PRaETor> :3 08:00 < _PRaETor> then again i have been sick to my tummy lately so maybe that line of thinking is not good 08:00 < spaces> _PRaETor me as well but you get lazy and tired because of it 08:00 <+pppingme> VincentHoshino yeah, i've seen that, but its not widely implemented (I've never actually seen it in the wild) 08:01 < _PRaETor> spaces well lately i just havent been eating much period. its bad, but im on adderall and i work so much i just dont ever want to break away to eat. which aint so good with type 1 diabeetus heh. 08:01 < RustyJ> off subject.... i'm doing an email migration... their accounting woman has 77 subfolders and emails back to '05 08:01 < _PRaETor> been thinking of getting soylent lately just so i dont have to get up and make any food 08:01 < _PRaETor> srry to cut you off rusty 08:02 < RustyJ> she even has a folder named 'apple' with survey emails and passwd changes in it.... how fun must this woman be at parties. 08:02 < light> She sounds very organized. 08:03 < RustyJ> she sent me an email with a note of caution.... please keep my folders neat, i am the person who will cut your final check. 08:04 < light> You better listen to her then 08:04 < RustyJ> ya think.... she threatened to not pay my company if i fack it up 08:04 <+pppingme> VincentHoshino read this: https://stackoverflow.com/questions/23144371/confusion-about-the-005-irc-numeric-and-general-rfc 08:04 < potatoe> sounds like I can learn from her then 08:04 < potatoe> my email folder looks like crap 08:05 < RustyJ> i have two folders... in/sent 08:05 < RustyJ> and a jillion emails by date 08:05 < potatoe> i have so many spam emails from CI/CD, confluence and shit 08:05 <+pppingme> VincentHoshino and especially the first reply 08:05 * Mead turns on his oven to 425 and starts scrubbing potatoe with a vegitable brush 08:06 < RustyJ> make a rule.... i get spammed by jira constantly... everytime someone opens something or signs in 08:06 * potatoe kindly informs Mead that he prefers the deep fryer 08:07 < _PRaETor> so uh, just for the record, I should probably restrict ports below 1024 right? since those are for root only? is it a bad idea to run a server app on root (i think i already know that answer but im curious) 08:07 < potatoe> RustyJ I made a rule for confluence, but then it also filtered my mentions.. plus for some reason the confluence settings dont have "alert me only for mentions" 08:08 <+pppingme> _PRaETor there are ways to get services to run <1024 as non-root, but IRC has always had a higher port number 08:08 < _PRaETor> I am just having trouble deciding if I should leave it up to the user if he wants to be dumb and do a port number like that, or if I should somehow warn him when he tries to use the number 08:08 <+pppingme> _PRaETor why are you trying to re-invent the wheel? There are lots of irc daemons out there, most can be brought up on a single host in less than 10 minutes 08:08 < _PRaETor> pppingme because its fun 08:09 < RustyJ> the higher port number is per the RFC... plus the lower port numbers are all busy with traffic.... i do run my znc servers on odd ports tho 08:09 < potatoe> btw networking related, I'm transferring files between two hosts, both are on 1000BaseT full duplex. when I do pv /dev/urandom | ssh hostB cat >/dev/null on host A, i get 7MB/s, when I do the same on hostB, i get 60MB/s 08:09 < potatoe> any idea whats up with this? 08:09 < _PRaETor> this is so far the biggest thing i've worked on and i'm learning stuff about structuring bigger projects like this by doing it, so its worth it to me 08:09 <+pppingme> potatoe by definition, 1000baseT is ALWAYS full duplex 08:09 < potatoe> pppingme ah I see 08:09 < potatoe> pppingme whats baseSX 08:09 < potatoe> or something similar 08:10 <+pppingme> 60MB works out to 480 mb/s, and I'm betting you aren't taking ssh overhead into account (are you maxing out a core??) 08:10 < potatoe> oh its optical fiber 08:11 < potatoe> pppingme but host A has the better CPU 08:11 < potatoe> 60MB is fine, but I'm wondering why does host A -> B only get 7MB/s 08:12 < potatoe> host A out via HTTP/rsync parallel etc all get 60MBs out 08:13 <+pppingme> to test speeds between two hosts, use something with little to no overhead, like iperf 08:13 < myxenovia> hi 08:13 < javi404> iperf is your friend 08:13 <+pppingme> after you do that, then troubleshoot speed issues 08:13 < javi404> iperf3 08:13 < myxenovia> does binding a socket to a ipaddress means that the socket will only receive packets from that ipaddress? 08:13 < potatoe> pppingme iperf single thread maxed out at 100Mbit or so, parallel iperf got 940Mbps or so 08:13 <+pppingme> and I'll bet you find most issues aren't related to network, but rather cpu bounding or something 08:14 < javi404> potatoe: what is parrallel iperf? 08:14 < potatoe> javi404 threaded iperf* 08:14 <+pppingme> iperf isn't threaded 08:14 < javi404> potatoe: what is the name of this package? 08:15 < javi404> I am only aware of the regular iperf and iperf3 08:15 <+pppingme> do you mean -P (multiple STREAMS)?? 08:15 < potatoe> pppingme yes 08:16 < potatoe> sorry wrong terminology 08:17 <+pppingme> that almost always suggests you're shaping.. or you're extremely cpu bound 08:18 < potatoe> pppingme I'm not maxing out a core iirc, but I can test again 08:18 <+pppingme> look at BOTH ENDS, don't assume just because one side you don't have an issue that the other side isn't causing it.. 08:18 <+pppingme> you're either cpu bound, or you're throtteling.. 08:18 <+pppingme> describe EVERYTHING between the two hosts.. 08:19 <+pppingme> are they plugged into the same switch? are there 8 switches and two routers between them, or what? 08:19 < potatoe> well theyre in different DCs, but im using the 60MB/s I'm getting from parallel rsync as a baseline here 08:19 < RustyJ> bad cable? a cat lessthan fast? 08:21 <+pppingme> depending on how you have rsync setup, its probably encap'd within ssh, and again, 60MB/s is 480mb/s 08:21 < detha> potatoe: what is the latency between the hosts? have you tried iperf with different -W values ? 08:21 <+pppingme> and if you're seeing multiple streams get more bandwidth than a single stream, I'd start to bet that one of the dc's or carriers between is shaping.. 08:22 <+pppingme> are these all physical machines, or vm's or what? 08:24 < potatoe> physical machines, dedicated 08:25 < potatoe> detha I'll experiment with different -W values after my current transfer is done 08:26 < detha> potatoe: i checked man page, it actually is -w (or some env variable). Anyway, force it to use a larger window size 08:27 < variable> \o/ 08:29 < detha> mtr 8.8.4.4 08:29 < detha> oops, sorry 09:17 < smallville> I'm building a network and I meed ethernet cable. I'm buying this one http://urly.fi/YKc 09:18 < smallville> Is it good enough? 09:19 < RustyJ> thats insanely cheap! 09:19 < RustyJ> or should i say inexpensive 09:19 < smallville> you're saying it's crap? 09:20 < smallville> inexpensive. got it 09:21 < smallville> How about cable ends? People reviewing them are always complaining about them not crimping well 09:22 < RustyJ> honestly i don't crimp much.... everything is pre-made or punchdown... but i do have a big bin of them from Ideal they seem fine. 09:24 < smallville> what do you mean by pre-made? You buy cables at exactly the length you want with the ends already assemnled? 09:24 < smallville> Thats not doable when cabling an office 09:25 < RustyJ> yes it is from outlet punch down to computer 09:25 < RustyJ> the only place i use cables is at end points and in racks 09:25 < detha> smallville: you terminate on a patch panel, or on a wall jack. Then you use pre-made patch cables. 09:26 < smallville> yeah that makes sense 09:26 < tehjanosch> smallville, of course it is. you measure everything and tell the manufacturer what you need 09:27 < smallville> ok 09:27 < tehjanosch> it's just a matter of time and cost :> 09:28 < smallville> detha: you just gave me a great reason to get a patch panel 09:28 < RustyJ> you need a reason for a patch? 09:29 < RustyJ> easier, faster, more simple, less messy 09:29 < tehjanosch> RustyJ, depending on the company you work for... i can imagine that he needs to explain such expenses 09:29 < smallville> I always thought they were unnecessary, plug all the cables straight into the switches\ 09:29 < tehjanosch> if you want to do proper and structured cabling there is no other way to achieve that 09:30 < tehjanosch> it also saves you switches 09:30 < tehjanosch> or let's you spend budget on better switches 09:31 < smallville> I realize that if I plug them straight into the switch, then I need to crimp the ends. If I use a patch panel, no crimping needed] 09:33 < smallville> if i'm not gonna be crimping, should I get the 09:33 < smallville> TRENDnet crimper anyway just in case I need to repair a cable end? 09:42 < smallville> is 250 feet of ethernet cable enough to run it though the walls and ceiling for a small office of 4 rooms? 09:42 < light> why don't you measure? 09:43 < smallville> I'm not at the site right noe 09:44 < smallville> please give me a rough idea of what length is required. 09:44 < smallville> 4 offices, and 1 server room 09:48 <+xand> smallville: as if we could answer that. 09:49 < myrat> what's up 10:00 < Popzi> We have a Guest network being broadcasted from an AP (isolated) and our actual network, for some reason, despite me changing nothing, my computer is connecting to our guest network when plugging the ethernet cable in, yet others on the same switch are connecting to the proper network? Is there a way to prevent ethernet connections to a guest network or is windows 10 just shit? I couldn't find any setting regarding routing and the guest network any 10:07 < bezaban> Popzi: is it a managed switch with ports as access ports to different vlans? 10:08 < Popzi> bezaban: nope, to make things even more fun, it's all Draytek Vigor routers and a Draytek AP :( 10:09 < Volis> Hello Folks, I am trying to remote desktop into a machine on local network but cannot. However, I am able to ping to it. 10:10 < tehjanosch> is rdp allowed? 10:10 < Volis> This is unusual because I am the only person who connects to this machine and only using remote desktop. I connected to it this morning and since then nothing has been changed 10:10 < Volis> tehjanosch: yes, rdp is allowed 10:11 < Volis> Both the machines (the one I'm on, and the remote one) are running Windows 2008 Server 10:16 < tehjanosch> try to restart the rdp service if something like this exists, but i bet it does 10:16 < tehjanosch> my other suggestion would be to perform a reboot as this usually helps on a windows machine ;) 10:21 < Volis> tehjanosch: i've been facing this problem since last three days and it gets resolved with a reboot 10:22 < Volis> but i wonder if there's something i can fix somewhere to actually fix this 10:28 < dminuoso> Volis: Before you go about fixing things, you need to debug it. 10:28 <+pppingme> Volis so this used to work without issues and the problem recently started? 10:29 < Volis> dminuoso: I'm not sure how to debug or diagnose this though 10:30 < dminuoso> Volis: Check out services.msc, see if there's anything in the log output there 10:30 < dminuoso> Volis: wait sec, I meant the event viewer 10:30 < Volis> Okay, I'll have to physically reboot it somehow first 10:31 < dminuoso> Volis: Though you could check out services too, its possible there's some issue with the RDP service 10:31 < dminuoso> (Perhaps restarting that service might be enough, rather than rebooting the entire machine) 10:31 < dminuoso> physical reboots are rarely, if ever, necessary 10:31 < Volis> Yes but it is a headless server and I have no means to access it other than remote desktop 10:32 < dminuoso> Volis: anyway to unheadless it? 10:32 < dminuoso> (even if just temporary for debugging) 10:33 < Volis> I'll have to see if we have a spare monitor lying around but probably not 10:36 < ppf> why do i need two NS to control a zone? 10:43 < Apachez> you dont 10:43 < Apachez> but most TLD's have that as a demand 10:43 < Apachez> its for redundancy 10:44 < Apachez> if one server is down if you only have one then new clients wont find to your servers 11:37 < marcopolo7> Hello! 11:37 < djph> hi marcopolo7 11:37 < marcopolo7> so i am trying to create a vpn-ipsec tunnel 11:38 < marcopolo7> my router doesn't support something like that(and does not allow open source firmware), should i go with making it on a computer(use it as a server)? 11:38 < djph> or get a better router. 11:39 < marcopolo7> good point, i will defiently do this in the future 11:39 < marcopolo7> but as a now option, should i do this? 11:39 < djph> well, it depends on what you want to do with this vpn tunnel 11:40 < marcopolo7> Implement a University exersize that we have done in the lab 11:41 < djph> is it just for getting back to a "known trusted" location (i.e. your home/office) for internet banking and the like; is it for a tunnel between two offices, what? 11:41 < djph> .... or 'just learning'? 11:41 < marcopolo7> but we used cisco router there(which i dont have :P) 11:41 < marcopolo7> just for learning. 11:41 < djph> in which case, the computer should be fine 11:42 < marcopolo7> but it could be in a good use in an office, if you dont want to be seen your traffic 11:42 < djph> "Office" computers are the property of your employer. I wouldn't advise doing things you think you have to hide from them 11:42 < marcopolo7> i will use a rpi that i have, that is sitting in my net without doin pretty much nothing(well except some file transfering) 11:45 < marcopolo7> true, by the way with this techique you can hide your traffic from your isp also right? 11:46 < djph> "hide" 11:46 < Apachez> on "your" net ? 11:47 < marcopolo7> of the client user 11:47 < marcopolo7> accessing through the vpn-ipsec 11:48 < djph> the comms between the vpn_client and vpn_server are encrypted, yes. The operator or the VPN server knows what you're doing. The operator of the client's network knows where they're connecting (and that it's a VPN) 11:49 < marcopolo7> true! Thank you for the usefull answers! 12:03 < spaces> the blockchain hype, can I throw over please ? 12:04 < djph> have at it 12:05 < spaces> have ? 12:05 < djph> colloquialism for "go right ahead" 12:06 * spaces floods the channel 12:13 < skyroveRR> . 12:13 < spaces> skyroveRR you want some more ? 12:13 < skyroveRR> What? 12:14 < skyroveRR> Some more of what? 12:14 < spaces> read back 12:14 < skyroveRR> Tell meeeh 12:16 < spaces> no, you seem to be lazy, so am I :P 12:16 < skyroveRR> :| 12:17 < spaces> why should I do double work if you need to read it anyways ? 12:18 < skyroveRR> You asked me first, not the other way around. 12:18 < spaces> no you were pointless 12:18 < spaces> you wanted attention 12:20 < skyroveRR> Nope. 12:20 < skyroveRR> Just by putting a "dot", I'm not seeking attention. 12:21 < spaces> what is the purpose of that dot then ? 12:22 < Apachez> . 12:22 < skyroveRR> . 12:22 < skyroveRR> spaces: well, no purpose really. 12:23 < spaces> Apachez you biatch, you are always up to such thing :P 12:23 < djph> ? 12:23 < spaces> it doens't make out relation better :P We cannot reach the next level by doing so ;) 12:23 < spaces> *our 12:24 < skyroveRR> "relation"? spaces, are you his wife? 12:24 < shtrb> that is such a cisgender thing to say ... 12:24 < spaces> skyroveRR no he wants to be 12:26 < Apachez> skyroveRR: spaces is my biatch 12:27 < spaces> Apachez he roleplaying doesn't mean you are allowed to change your role with mine! 12:28 < spaces> go back in your cage! 12:34 < djph> both of you, back in the gimp-boxes. 13:10 < OliverUK> What would you peoples recommend for a hardware firewall in a home? 13:10 < light> cinder blocks filled with concrete 13:10 < kottt> a software firewall <_<; 13:11 < kottt> what's the actual use case? 13:11 < kottt> and why not just run a SOHO router with a basic FW? 13:11 < skyroveRR> OliverUK: there's no such thing called a hardware firewall in the first place. 13:12 < skyroveRR> A firewall is a "software". What firewall you are looking for depends on its use. Most houses don't need chip-level firewall. 13:12 < shtrb> kottt, SOHO as in the ones given by the ISP ? 13:13 < Roq> OliverUK: Depends on your needs and budget. A router with basic filtering for home use you can use Ubiquiti edge router, or a mikrotik rb750. Don't know if you have a vendor preference 13:13 < OliverUK> kottt: Thinking of other protections like web traffic filtering and some basic intrusion protection 13:13 < shtrb> because if you trust the ones give by the ISP I have bad news for you 13:13 < light> half your web traffic will be tls encrypted 13:13 < OliverUK> skyroveRR: OK, I am looking for a physically separate box to put in that will serve as a perimeter firewall 13:13 < regdude> everyone seems to love UBNT, go with that, they should be configurable enough 13:13 < Dalton> Ubiquiti USG 13:14 < light> mikrotiks are cheap 13:14 < regdude> everyone hates them here 13:14 < kottt> shtrb: SOHO meaning small office home office; skyroveRR: HW firewall implies a dedicated firewall appliance. OliverUK: Maybe spin up an old desktop with PFSense? 13:14 < Dalton> model depending on your current/planned network speed 13:14 < light> get a cisco then 13:14 < kottt> proxy-based web filters are shit shows though and you should really just use a DNS-based solution IMO 13:14 < Roq> Ive seen mikrotiks work on smaller remote sites without issues 13:15 < OliverUK> I've used MikroTik but they don't offer great web filtering, intrusion prevention or even better features like inspecting HTTPS traffic 13:15 < regdude> well Im using them where ever I can, but you will be blackmailed by using them 13:15 < shtrb> kottt, I know what SOHO mean , but many ISP give you ones 13:15 < regdude> inspecting HTTPS? 13:16 < shtrb> what possible could go wrong if you MITM yourself ? (using a custom CA) 13:16 < Dalton> OliverUK: do you have a budget? 13:16 < OliverUK> regdude: Yeah, basically a firewall performing man in the middle attacks on all of your traffic 13:16 < kottt> regdude: Why does everyone there hate UBNT? 13:16 < regdude> no, everyone here loves UBNT 13:16 < light> shtrb: you might not know that a certificate is bad 13:16 < Roq> Doesnt Ubiquiti have a firewall device aswell? 13:16 < OliverUK> Dalton: Not at the moment, just thinking about it at the moment 13:16 < Roq> oh USG, like Dalton said 13:17 < Dalton> ;) 13:17 < shtrb> light, I know it a bad idea (when you install the custom CA ) 13:17 < kottt> regdude: oh, everyone hates mikrotik is what you meant before? 13:17 < regdude> yes, sorry if was misleading 13:17 < Dalton> i don't hate mikrotik, cause I've not used it 13:17 < shtrb> light, ... sarcasm 13:18 < kottt> just confusing =) we've got 800+ ubiquiti routers deployed here, and apart from some occasional issues with the flash memory failing they've been beautiful 13:18 < trae32566[w]> jesus christ 13:18 < Dalton> kottt: that's the early model low end egderouters? 13:18 < trae32566[w]> HA pairs or singles? 13:18 < OliverUK> I am thinking of putting in a VPN server so I can get access to home network things you see, so to tighten it up I was going to have two firewalls, one for the perimeter to the internet and another protecting all of the home network with a DMZ in the middle 13:18 < trae32566[w]> EdgeRouters I take it? 13:19 < kottt> yes, the EdgeRouter Lites and Pros 13:19 < light> 800 routers is too many because the ttl on linux is only 64 so your packets won't get through them all 13:19 < kottt> and we've just got a batch of the ER4s and Infinity's in 13:19 < trae32566[w]> they definitely have limitations and bugs 13:19 < Dalton> oooooh 13:19 < trae32566[w]> I have an ER4 13:19 < kottt> light: oh no 13:19 < trae32566[w]> it's good at most things 13:19 < shtrb> kottt, please tell us it's not 800 NAT system 13:19 < kottt> why not 13:19 < Dalton> got any Infinity's in prod yet? i think i have to RMA mine (fan died) 13:19 < kottt> is there something wrong with an 800 NAT system? <_< 13:20 < Dalton> nope, only double nat, 800 is fine 13:20 < kottt> phew 13:20 < shtrb> *consecutive 800 NATs 13:20 < trae32566[w]> you using them for anything other than basic routing and whatnot? 13:20 < Dalton> if it gets past the the 2nd one you're golden 13:20 < trae32566[w]> their IPsec is absolute garbage 13:20 < kottt> =) we're an ISP for schools & libraries, we use them for routing and firewall 13:21 < trae32566[w]> yeah, I could totally see that then 13:21 < kottt> occasionally we'll set up a basic DHCP server on them for idiots who can't figure out how to spin up a DHCP server of their own 13:21 < regdude> OliverUK: for your requirements I would recommend a highly configurable router, everyone here seems to like UBNT, you should go with them. Don't expect great filtering features with HTTPS, it is supposed to be unfilterable, though some firewalls will provide the option to limit through TLS and not just the IP 13:21 < trae32566[w]> yeah be careful though 13:22 < djph> kottt: whereabouts are you? 13:22 < kottt> Maine 13:22 < djph> note to self, next time in maine, poke around in the libraries 13:22 < Dalton> haha 13:22 < trae32566[w]> lol 13:22 < kottt> <_< 13:23 < Dalton> East Side! 13:23 < shtrb> kott why not spin B.A.T.M.A.N on them and have only one gateway connected to the internet 13:23 < trae32566[w]> I use the DHCP server on mine, because home use 13:23 < shtrb> just imagine all the gun 13:23 < djph> although, the closest I'm liable to get is Cape Cod ... I get distracted easily, and, well, tasty tasty food 13:23 < shtrb> *fun not gun 13:23 < regdude> someone actually uses it? 13:23 < trae32566[w]> what, DHCP on the ER? yeah 13:23 < trae32566[w]> tons of people 13:23 < Dalton> it works fine 13:23 < Dalton> multiples even 13:23 < trae32566[w]> I'm surprised people use DNS on it O_O 13:23 < regdude> no, I mean BA] 13:23 < trae32566[w]> but they do 13:23 < regdude> *batman 13:23 < shtrb> yes, batman is used 13:23 < kottt> it's better than the DHCP server on Mac server anyway <_< 13:24 < shtrb> (there are better and worse, but batman is the most known) 13:24 < shtrb> I think it is the most known one 13:24 < shtrb> But to see it on an 800 installation would be amazing 13:24 < regdude> I assume it is not very scalable? 13:25 < djph> regdude: "what" isn't? 13:25 < shtrb> It was desgiend to be scalable 13:25 < kottt> :P i don't think B.A.T.M.A.N. fits our use case 13:25 < shtrb> RIP engrish 13:26 < shtrb> kottt, you could teach people to use mesh networks (and ask them to install their own routers ) :) 13:26 < trae32566[w]> ew no 13:26 < trae32566[w]> just no 13:26 < kottt> alas, i remain an underpaid NOC tech monkey with no authority 13:27 < turtle> burn it all down 13:27 < shtrb> kottt, I don't know how to weaponize/comercilize that but it could be a fun thing to see 13:27 < Dalton> yay for monkeys 13:28 < kottt> trae32566[w]: ew what? mesh networks? 13:28 < shtrb> monetize not weaponize 13:29 < OliverUK> I was thinking of possibly a Watchguard firewall, any objections? 13:31 < OliverUK> I have used them before and they don't seem bad 13:32 < Dalton> never heard of them 13:33 < Dalton> but that's just me, who knows the kind of stuff you get across the pond 13:37 < regdude> pfsense is very popular 13:46 < OliverUK> regdude: To be fair I was thinking of maybe putting pfSense as the firewall between the DMZ and the internal network but for the perimeter firewall I was thinking of something a little 'beefier'. This is only a home network though so the risks are a lot lower 13:50 < regdude> you could go with a device that supports firewall RAW tables, in most cases it is sufficient to use them instead of full connection tracking, though not sure how many devices support raw tables. You can always go for a dedicated x86 box 13:51 < regdude> and I always like to separate networks using VLANs (don't like to use split-horizon or bridge tables) 13:52 < Apachez> https://www.youtube.com/watch?v=ZmB-h7OpdU8 13:52 < regdude> hopefully this one won't explode 13:57 < dogbert_2> they recalled the judge in California...LOLZ 14:01 < Apachez> who? what judge? for what? 14:04 < dogbert_2> google Aaron Persky (he's the judge in the Stanford swimmer case (Brock Turner)...who was convicted for raping an unconcious woman) 14:12 < TandyUK> OliverUK: you'll need to be spening about £5k before you get a firewall for your edge that is 'beefier' than a pfsense. Its a mighty OS when installed on sensible hardware :) 14:12 < regdude> rocket didn't explode 14:13 < Epic|> Good, that judge fucked that case hard 14:17 < dogbert_2> yeah, if he would have given the guy say 2.5/3 years, he'd probably still be on the bench 14:18 < dogbert_2> the prosecution wanted 6-7 years...so something in the middle would have been appropriate 14:18 < Apachez> so you mean its against the law to rape uncouncious women? 14:20 < dogbert_2> Apachez...well, the judge did follow the law in his sentencing, but due to the outrage, the CA legislature changed the definition of rape in CA to include unconcious persons, and now the mandatory minimum for that offense is 3 years in prison 14:20 < dogbert_2> (or more) 14:20 < Apachez> only in murica :) 14:20 < Apachez> "if a tree falls in the forrest, did it actually fell?" 14:20 < dogbert_2> so you could say the judge ruined it for every other jurist in CA 14:20 < Apachez> "if a woman is raped while unconcious, was she actually being raped?" 14:21 < TandyUK> only 3 lol, i think its 7 years minimum in the uk, which i still think is too short 14:21 < dogbert_2> the minimum is 3 years, the max can be whatever the judge decides 14:22 < dogbert_2> i.e. - no more Brock Turner wuss sentences 14:22 < TotallyNotKim> cheapest 12x fiber 10G switch? Is there even such a thing for < 10k? 14:22 < TotallyNotKim> scrap cheapest, best buy 14:23 < Apachez> sure 14:23 < Apachez> www.ubnt.com edgeswitch 10G 14:23 < Dalton> ^^ 14:23 < TotallyNotKim> ay 14:23 < dogbert_2> yeah, ubnt! 14:23 < TotallyNotKim> didnt think of them 14:23 < TotallyNotKim> ty 14:23 < dogbert_2> though I wished they made a wireless edgerouter :) 14:23 < TotallyNotKim> lol 14:24 < Apachez> https://www.ubnt.com/edgemax/edgeswitch-16-xg/ 14:24 < dogbert_2> they could do it... 14:24 < Apachez> about $600/each 14:24 * dogbert_2 looks 14:25 < regdude> you should be able to find cheaper ones as well 14:25 < dogbert_2> nice hunk of gear, Apachez 14:26 < TotallyNotKim> wtf 14:26 < TotallyNotKim> these are cheap actually 14:26 < Apachez> these ones are nice if you need 19/2 gear http://www.alliedtelesis.com/products/switches/xs916mxs 14:26 < Apachez> http://www.alliedtelesis.com/products/switches/x550-series/x550-18xsq 14:27 < dogbert_2> yeah, they make some decent gear, Apachez 14:30 < dogbert_2> LOL...cut rental fees with cable internet...get an Arris SurfBoard 14:30 < dogbert_2> it's a good piece of gear...I have an SB6183 14:32 < msdsos> i need to make a network map for a project, anybody know a good program that will make a graphical info or a text file? 14:33 < TotallyNotKim> msdsos: paint 14:33 < TotallyNotKim> jk, since your name is msdos I'd say Viso? 14:33 < Roq> Visio, draw.io 14:34 < Apachez> msdsos: mermaidjs 14:34 < dogbert_2> Gliffy does a decent job for small network diagrams 14:34 < dogbert_2> works in chrome...and is free 14:35 * dogbert_2 spins The Ozark Mountain Daredevils - Jackie Blue (1975) 14:35 < msdsos> i need it to scan the network 14:35 < dogbert_2> then gliffy isn't gonna do the job 14:36 < Donjuanal> so you want it to scrape the network and build a map for you? 14:36 < msdsos> yeah 14:36 < Apachez> draw.io exists in an offline edition 14:36 < msdsos> i have full admin right to the network 14:37 < Apachez> "sure" 14:37 < Donjuanal> msdsos: is all your gear from the same vendor? 14:37 < msdsos> "mom always said dont trust strangers" 14:38 < Roq> I think mikrotik's "the dude" has that kind of functionality 14:38 < Dalton> what's the best way to back up some VMware VMs 14:39 < msdsos> Donjuanal, its mostly HP and some dell 14:39 < Roq> Dalton: we use Veeam 14:39 < Dalton> Roq: issues with consolidation? we're having heaps 14:40 < Donjuanal> msdsos: you could probably do it with observium and some observium addons/plugins 14:40 < Roq> Dalton: Not to my knowledge, but I'm not the vmware person 14:40 < tehjanosch> 14:36:45 < Roq> Dalton: we use Veeam <- i would have suggested the same :P 14:41 < Donjuanal> msdsos: there seems to be an observium map generator on github 14:41 < TandyUK> ^^ me too :) 14:41 < tehjanosch> might be there is a better software for that, but it's easy to handle and their support is just great 14:41 < TandyUK> im a veeam reseller if you want to buy it froma friendly irc person :P 14:42 < tehjanosch> haha, that's how you generate business :D 14:42 < TandyUK> but the free version does well for most small/non-production setups 14:42 < TandyUK> ive never advertised lol, youd be amazed how much work comes via IRC :) 14:42 < djph> veeam? 14:42 < TandyUK> vm backup software 14:43 < TandyUK> point it at the host, every vm sorted :) 14:43 < djph> ugh, typical horseshit marketing buzzword website 14:43 < djph> why do i even fucking bother anymore 14:43 < dogbert_2> Ho, Ha, Ha, Guard, Turn, Parry, Dodge, Spin, Ha, Thrust! 14:43 < Dalton> we (client) has the paid version and it's been nothing but issues as far as snapshots consolidation 14:43 < djph> ... not to mention this new bout of "we use cookies!" nonsense. It's not 1995, OF COURSE YOU USE COOKIES 14:43 < TandyUK> speak to suppor then, theyre usually very good 14:44 < dogbert_2> djph...we'll never get anywhere if you keep holding back about how you REALLY feel about the website :P 14:44 < Roq> dogbert_2: haha 14:44 < dogbert_2> :-) 14:44 < TandyUK> djph: tell that to the retartds who insitgated this 'cookie law', and the other retards who plasters "we need your permission to use cookies" over every website, regardless what the cookies are for (session cookies are expressly excluded fro mthe legislation) 14:45 < djph> dogbert_2: hang on, busy wrapping this box of horseshit for the marketing director 14:45 < djph> TandyUK: the EU, right? 14:45 < dogbert_2> oh, you me the EUrinal GDPR shit? 14:45 < dogbert_2> mean, even 14:45 < TandyUK> no, the cookie law is something else lol 14:45 < dogbert_2> cookies are for eating, esp. if they're deep fried oreos 14:46 < TandyUK> give it a few years, and the EU will require you to ask permission before oyu can wipe your ass 14:46 < dogbert_2> LOLOL 14:46 < djph> TandyUK: good thing UK's getting out, amirite? :) 14:46 < dogbert_2> that's why I'm across da pond in the US of A 14:46 < Roq> The cookie thing is annoying, but it's mandatory by law ( https://www.cookielaw.org/the-cookie-law/ ) GDPR is related to the data a company has on a person ( email, address data etc) 14:46 < msdsos> Donjuanal: Thanks i will check it out :) 14:46 < TandyUK> yup, very good thing imho 14:47 < regdude> but please keep our strawberry pickers, we don't want them back 14:47 < TandyUK> Roq: its mandatory if you actually use cookies. session cookies (which is all the vast majority of sites use) are excluded from the legistlation 14:47 < djph> ugh, this "AOL 2.0" stuff makes me die inside 14:47 < dogbert_2> djph, did you need some liquid ass? :) 14:48 < dogbert_2> who the hell uses Assholes OffLine anymore 14:48 < TandyUK> http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm 14:48 < TandyUK> find the section "However, some cookies are exempt from this requirement. Consent is not required if the cookie is:" 14:51 < dogbert_2> LOL...another song of the 70's Starland Vocal Band - Afternoon Delight 14:52 < djph> dogbert_2: facebook (etc) are the nouveau-AOL 14:53 < dogbert_2> bwhahahaha, djph 14:54 <+catphish> morning 15:11 < [diablo]> Good afternoon ##networking 15:11 < [diablo]> guys I'm trying to find a Linux based tool that could make say 2000 connections from a machine, to a target IP and port 15:12 < Roq> iperf can do multiple streams 15:12 < [diablo]> does anyone know of anything that could do this please? 15:12 < [diablo]> hi Roq well 15:12 < [diablo]> on the target there's qdrouterd ... an amqp router ... 15:12 < [diablo]> I can't run iperf on the target 15:12 < msdsos> sounds like ddos 15:13 < [diablo]> hehe nope 15:13 < msdsos> sure then ;) 15:13 < [diablo]> what it is , is that the qdrouterd is running on Red Hat Satellite 6 15:13 < [diablo]> but it has HAproxy's in front ... we think there might be an issue with the amount of maxconn's 15:13 < [diablo]> limiting it to 1024 15:14 < mawk> [diablo]: ab maybe 15:14 < mawk> apache benchmark 15:14 < [diablo]> thus, wanted to attempt to get a bunch of extras to see if they establish 15:14 < [diablo]> ah, dunno that one 15:14 < TandyUK> if its http requests, ab would do it 15:14 < [diablo]> it's AMQP 15:14 < TandyUK> possibly might need more than one source to get 2k connections 15:15 < TandyUK> like raw AMQP, not wrapped in an http tunnel? 15:15 < [diablo]> TandyUK tbh, no idea mate 15:15 < [diablo]> just listens on 5647 ... that's all I know 15:15 < [diablo]> but we see the connectoins coming into it from the HAproxy 15:15 < TandyUK> yeah thats amqp then 15:16 < TandyUK> i assume the haproxy is just doing round robin rather than anything complicated 15:16 < TandyUK> (even if it is with 1 host behind) 15:16 < [diablo]> actually it's not HA 15:16 < [diablo]> we had to us it tho' to get thru some network segments 15:16 < TandyUK> ah ok 15:16 < [diablo]> so all RHEL boxes in zones could reach teh RHS 15:17 < [diablo]> but I think there's a bottle neck on the HA's 15:17 < TandyUK> id check a few things, a) how the haproxy is configured, whether it is causing the liit, b) how amqp is configured, again this has a connection limit 15:17 < [diablo]> traffic goes via 3 x HA's before hitting the RHS 15:17 < [diablo]> TandyUK yup we've done all that... 15:17 < [diablo]> problem is we have around 1000 RHS client machines RHEL 5/6/7 15:18 < TandyUK> theres also max connections per host, which if youre going stuff > haproxy > haproxy > haproxy > amqp, you could well be hitting 15:18 < [diablo]> we see it teeter around the 1022 ~ mark 15:18 < TandyUK> the final ha proxy would see everything coming from the second for example 15:18 < [diablo]> but if we can stress test it with a few more connections ... we can be clear 15:18 < TandyUK> 1024 seems like a fairly sane limit if it hasnt been changed from defaults 15:18 < [diablo]> well the maxconn on the HA's is at 30000 15:18 < [diablo]> on all 3 x 15:19 < TandyUK> yes, but thats TOTAL 15:19 < TandyUK> not from a single host 15:19 < [diablo]> hmmm 15:19 < [diablo]> I asked in #haproxy ... and tbh they gave it the A-OK on the setup 15:20 < TandyUK> hmm, in that case, go chech the amqp setup 15:20 < [diablo]> well we need more connections :) 15:20 < TandyUK> again i think its goign to be the fact that it sees ALL these connections coming fro ma single host that is the issue 15:20 < [diablo]> I don't wanna fire up 100 x VM's just to see 15:22 < TandyUK> another one to check would be the open files limit o nthe host runnign amqp 15:22 < TandyUK> it could be hitting its limit there 15:23 < [diablo]> :) also done 15:23 < TandyUK> hmm lol 15:23 < [diablo]> and validated by RH support 15:23 < [diablo]> really, I just need to try esbtalishing more connection s... 15:23 < [diablo]> see if they get thru , and if not, find out the bottle neck 15:23 < [diablo]> was hoping nmap might do it, but seems not 15:24 < [diablo]> might just write a python script to do it 15:25 < TandyUK> tcp_listen_options.backlog on the amqp host? 15:25 < [diablo]> hmm let me check 15:25 < TandyUK> net.core.somaxconn is another one 15:25 < [diablo]> net.core.netdev_max_backlog = 1000 15:25 < [diablo]> net.ipv4.tcp_max_syn_backlog = 2048 15:26 < TandyUK> tcp_listen_options.backlog on the amqp host? (this is amqp config, not the host itself) 15:26 < [diablo]> net.core.somaxconn = 128 15:26 < TandyUK> ok that could be it, id set that at 2048+ 15:26 < TandyUK> thats "128 people may be trying to establish a connection at once" 15:27 < [diablo]> well, tbh we need to cover it for say potentially 3000 client machines (RHEL's) 15:27 < [diablo]> it will scale to that over the next year or so 15:27 < [diablo]> as VM's are spun up 15:28 < TandyUK> yes, but note that is specifically for connecting being opened, once open they dont count gaainst that limit 15:28 < [diablo]> ah ok 15:29 < [diablo]> brb 15:32 < [diablo]> so, I think I'm right in that if I can generate enough ESTABLISHED connections to the qdrouterd ... It'll give me some clarity no? 15:42 < gde33> my advise for the EU would be to first start a citizen email service with mail that you have to read, then do oauth, then a shopping website with mandatory participation for all products and services from all companies in the EU complete with prices, then a social network where you must post your resume, then a github fork (with support for more than just git) where developers must go live... 15:43 < gde33> then a cloud hosting service that you must use 15:43 < gde33> lets also do e-lurning that you must participate in 15:44 < djph> gde33: ... what ... ? 15:44 < TandyUK> djph: you beat me to it lol 15:44 < gde33> it will be glorious 15:44 < TandyUK> i was jus tre-reading to see if there was anything logical in there 15:45 < gde33> not at all, it just would be hilarious 15:45 < djph> TandyUK: re-reading was your second mistake. Expecting any logic on IRC was your first. 15:45 < TandyUK> its certainly the sort of thien the EU would waste money on 15:45 < Apachez> assumption is the mother of all fuckups 15:45 < TandyUK> djph: tbh the IRC protocol is quite logical, its just what its used for that is depressing half the time :P 15:46 < gde33> the EU should do an irc server 15:46 < djph> TandyUK: oh I wasn't talking about the protocol. (Also, I proved my own point, I think) 15:46 < TandyUK> gde33: is there anythign the EU shouldnt do? 15:46 < TandyUK> im thinking this might be a smaller list 15:46 < djph> TandyUK: GDPR? 15:47 < gde33> TandyUK: give money to the greeks 15:49 < Apachez> Give Danishpeople Porn Regullary ? 15:51 < Apachez> "what do you mean by turning sun rays into lazorz?" https://www.youtube.com/watch?v=gGk2rj_T5js 15:51 < Apachez> somebody at that official sponsor watercompany who dun goof 16:06 < TandyUK> ouch lol 16:13 < Rayben> Romantic orientation, also called affectional orientation, indicates the sex or gender with which a person is most likely 16:13 < Rayben> to have a romantic relationship or fall in love. It is used both alternatively and side-by-side with the term sexual 16:13 < Rayben> orientation, and is based on the perspective that sexual attraction is but a single component of a larger dynamic. 16:13 < Apachez> https://twitter.com/SecureBio/status/1004118130556309509/photo/1 "nothing to worry about, its just highly radioactive wood thats on fire - nothing to see, circulate!" 16:16 < regdude> that is just what they said to us when forced us to go clean it all up in 80s. It is just dust, don't worry 16:17 < djph> regdude: "you'll be fine..." 16:18 < TandyUK> its only cancer, what are you worried about 16:18 < Apachez> are you a terorist or something? 16:19 < regdude> nothing that a bottle of vodka can't cure 16:19 < djph> TandyUK: that's what the clones are for 16:19 < TandyUK> is that what russian fire engines use for putting out fires? 16:20 < regdude> actually I remember one guy in the hospital after heavy radiation exposure. He yelled: don't give me these pills, give me vodka and I will be fine 16:20 < TandyUK> yeah vodka solves everything :) 16:21 < Apachez> When in doubt, get drunk! 16:21 < Apachez> Texas official slogan 16:37 < backtrack_> hello 16:38 < backtrack_> does somebody use bluetooth? 16:38 < SwedeMike> backtrack_: most people do. 16:38 < backtrack_> i want to ask you: if i have an associeted BT accessory, i turn on the accessory, and later i turnon also the smartphone; the accessory keep searching the associated smartphone? 16:39 < backtrack_> or it searchs for it only when i enable the accessory itself? 16:47 < TandyUK> depends on the device tbh 16:47 < TandyUK> id expect most to keep polling every so foten 16:49 < njbair> please tell me if my understanding is correct about ipv6, that if Router Advertisement is enabled then prefix delegation should happen by default on clients? And there's no need for DHCPv6 on the LAN? 16:50 < TandyUK> provided its configured properly, that is the theory yes, and also provided the client actually asks for a prefix rather than just an address 16:51 < njbair> i'm mainly concerned about Windows 10 clients 16:51 < Aeso> njbair, end users typically don't participate in prefix delegation 16:51 < Aeso> but win 10 clients support SLAAC just fine, yes 16:51 < Aeso> so long as your RA includes the appropriate subnets 16:51 < TandyUK> ^^ win 10 doesnt need PD 16:52 < njbair> ok yeah sorry I mixed up PD and SLAAC 16:52 < TandyUK> a windows server with vpn users or somethng, possibly, but really you should be assigning that statically 16:53 < njbair> yeah I was wondering about that....I have several Windows servers that are statically-addressed in IPv4, and wondering what the standard is for SLAAC vs static 16:53 < njbair> because isn't SLAAC basically static based on MAC address or something? 16:53 < SwedeMike> njbair: there is one way of creating addresses called EUI64 that does that. It's not the only one. 16:53 < backtrack_> TandyUK, in your case how does it work? 16:54 < njbair> is it a good practice to statically assign IPv6 addresses to servers then? 16:54 < SwedeMike> Windows (vista and later) will only ask for PD if "Internet connection sharing" is enabled (at least this was the case with Vista) 16:54 < TandyUK> backtrack_: your BT shit?? like i said, it depends on the device 16:54 < Aeso> njbair, most IPv6 clients have many IPv6 addresses 16:55 < TandyUK> njbair: for servers, yes imho 16:55 < SwedeMike> njbair: I have some that have static addresses, I have some that do not. It depends on the use-case. 16:55 < SwedeMike> njbair: both have pro:s and con:s. 16:55 < TandyUK> if anything connects TO them, make it static imho 16:55 < Aeso> once they've got their EUI64 address via SLAAC, they'll use DAD to create themselves a handful of privacy addresses which they'll use to actually access other networks 16:55 < njbair> so DC's would be static for sure 16:56 < SwedeMike> Aeso: actually, latest versions of most modern OSes do not use EUI64 anymore. Default in Ubuntu 16.04 has changed, some others as well. 16:56 < backtrack_> TandyUK, you mean that there are accessories which ssarchs for devices every X time ? 16:56 < njbair> and I guess the rest would depend on how well Windows' DNS server handles SLAAC-assigned clients... 16:56 < TandyUK> backtrack_: yes and no, it depends on the device 16:56 < Aeso> SwedeMike, ah, good to know. I've got some catching up to do. 16:56 < TandyUK> some do, some dont 16:56 < backtrack_> and accessory that search for device only when enabled? 16:57 < backtrack_> TandyUK, yes, and i want to know the cases 16:57 < SwedeMike> Aeso: https://tools.ietf.org/html/rfc7217 16:57 < TandyUK> it depends onthe fucking device 16:57 < njbair> ok so now I just need to figure out why my clients aren't getting the proper prefix 16:57 < backtrack_> YES and i want to know all the cases 16:57 < TandyUK> there are thousands of different bluetooth devices 16:57 < backtrack_> maybe i'm not able to express myself in english language 16:57 < TandyUK> well, ALL the cases are' go buy every single bluetooth device o nthe market' and have fun making a database 16:57 < njbair> backtrack_, there is no way to know. just try it and see 16:58 < SwedeMike> njbair: you can run "rdisc6" on Linux boxes to see what's in the RA. Or yuo can do tcpdump -vvv icmp6 and see what's in it. Look for Prefix Information Option. 16:58 < TandyUK> I even get different results from the SAME device on occasion (thinking of my in car bluetooth). 16:58 < njbair> SwedeMike, thanks 16:58 < SwedeMike> njbair: clients need an RA with PIO and the A flag being 1, then they'll know the prefix and that they can assign themselves addresses from it. 16:58 < TandyUK> sometimes it reconnects by itself, sometimes on my phonei have to ge tell it to use it 16:59 < backtrack_> TandyUK, and CAR bluetooth is what i'm talking about 16:59 < TandyUK> which car bluetooth 16:59 < backtrack_> my car bluetooth search for devices only when turn on the CAR 16:59 < TandyUK> it depends on the SPECIFIC device 16:59 < backtrack_> yes 17:00 < TandyUK> so how your car bluetooth behaves, and how my car bluetooth behaves is quite likely different 17:00 < backtrack_> TandyUK, it's random china shitty hardware without brand 17:00 < TandyUK> how exactly my car bluetooth behaves seems to depend on which way the wind is blowing 17:00 < backtrack_> TandyUK, in your case, for example, how the device search for devices? 17:01 < backtrack_> i hate mine because the only way to make it connect is that the bluetooth on my smartphone must be on while turning the ignition to on 17:01 <+catphish> SwedeMike: clients don't use EUI64? what other options exist? 17:01 < njbair> TandyUK, my JVC car stereo always connects, then disconnects, then reconnects. This process takes upwards of 45 seconds and often results in my Android phone not assigning the media output correctly. 17:02 < njbair> I've disabled BT autoconnect in my car and I connect it manually every single time. It's faster that way. 17:02 < backtrack_> njbair, if you enable your smartphone bluetooth after turning on the radio, it connects? 17:02 <+catphish> SwedeMike: or do they just have no consistent global IP at all? 17:02 < njbair> backtrack_, BT is always enabled on my phone. If i disable then reenable, yes it will usually connect 17:03 < njbair> backtrack_, but more often i go into BT settings on my phone, click the gear icon next to my JVC stereo, and click Connect. 17:03 < backtrack_> njbair, then you're luck 17:03 < backtrack_> y 17:03 < njbair> backtrack_, that is the only sure-fire way to get it to work 17:08 < michagogo> I'm seeing something really weird. There's ~a site~ an entire domain with various subdomains that I 17:08 < michagogo> 'm not able to reach on my home internet connection, but it works on my phone 17:08 <+catphish> routing problem, or they blocked you 17:08 < michagogo> And when I tether my phone to my computer, and when I try from a couple different VOSes 17:08 < michagogo> VPSes 17:09 < michagogo> To be clear, it's DNS resolution that's failing 17:09 < michagogo> Even when I try dig @1.1.1.1 or dig @8.8.8.8 17:09 <+catphish> well that's easily fixed by using better DNS servers 17:09 < SwedeMike> catphish: https://tools.ietf.org/html/rfc7217 17:09 < michagogo> catphish: Better than Google or Cloudflare? 17:09 <+catphish> no, those should work 17:09 <+catphish> unless your ISP intercepts dns reqiests 17:09 < SwedeMike> catphish: SLAAC with A=1 on the PIO, means the clients choose its own addresses, and they can basically use whatever algorithm they want. EUI64 is just one. 17:10 < michagogo> That did occur to me 17:10 < michagogo> So I decided to try cloudflare via HTTPS 17:10 <+catphish> SwedeMike: i know what, i just didn't realise any mechanisms other than EUI64 and privacy addresses were used 17:10 < michagogo> And this is really bizarre: 17:10 < TandyUK> DNS !== HTTP(S) you know that right? not seeing how cloudflare via HTTPS is going to make any differenc 17:11 < michagogo> I'm trying to query DNS via HTTPS 17:11 < TandyUK> huh? 17:11 < michagogo> https://developers.cloudflare.com/1.1.1.1/dns-over-https/json-format/ 17:11 <+catphish> TandyUK: he's trying to do DNS over HTTPS, can't you read man 17:11 < TandyUK> ok then, wtf is that lol 17:11 < michagogo> Anyway, get this. On my computer: $ curl 'https://cloudflare-dns.com/dns-query?ct=application/dns-json&name=madim.atal.idf.il&type=A' 17:11 < michagogo> {"Status": 2,"TC": false,"RD": true, "RA": true, "AD": false,"CD": false,"Question":[{"name": "madim.atal.idf.il.", "type": 1}]} 17:12 <+catphish> some DNS providers offer it :) 17:12 < michagogo> On EC2: 17:12 < TandyUK> wierdness lol 17:12 < michagogo> $ curl 'https://cloudflare-dns.com/dns-query?ct=application/dns-json&name=madim.atal.idf.il&type=A' 17:12 < michagogo> {"Status": 0,"TC": false,"RD": true, "RA": true, "AD": false,"CD": false,"Question":[{"name": "madim.atal.idf.il.", "type": 1}],"Answer":[{"name": "madim.atal.idf.il.", "type": 1, "TTL": 286, "data": "147.237.0.19"}]} 17:12 < michagogo> So my question now is: WTF? 17:12 < TandyUK> maybe different CF nodes, one has it cached, the other hasnt, and whatever provides "idf.il"'s DNS is down? 17:13 < michagogo> The thing is, it's the same when I do a DNS query to 8.8.8.8 17:13 <+catphish> michagogo: some of that site's DNS servers are down 17:13 < TandyUK> intodns.com is quite useful :) 17:13 <+catphish> err 17:13 < michagogo> Really? How can that cause this observed behavior? It's not new either 17:14 < michagogo> For weeks and weeks now, it's never worked on my home connection 17:14 <+catphish> i'm really confused now 17:14 < michagogo> And it's always been fine on my cellular connection 17:14 < TandyUK> 2 out of their 3 listed nameservers are down according to intodns's check 17:14 < michagogo> I would think that if some of the servers were down it would sometimes fail on my phone and/or sometimes work at home... 17:15 < TandyUK> well, 2 out of 5 ips, that is 17:15 <+catphish> i can't explain this: https://paste.ubuntu.com/p/brgR7byFws/ 17:15 < michagogo> charlie@charlie-pc ~ $ dig tdim.atal.idf.il @ns1.idf.il. 17:15 < michagogo> should be madim 17:15 < TandyUK> looks to me like theyre in the middle of some migration, and its oging horribly wrong tbh 17:16 <+catphish> how come i get A records when i use +trace, but not when querying direct? 17:17 < michagogo> catphish: your second command was typo'd 17:17 < michagogo> charlie@charlie-pc ~ $ dig tdim.atal.idf.il @ns1.idf.il. 17:17 < michagogo> Not madim.atal.idf.il 17:17 <+catphish> oh yeah 17:18 < michagogo> VPS: https://www.irccloud.com/pastebin/Cv8N9Wzu/ 17:18 <+catphish> in any case, some of their DNS servers are down, probably bad enough to cause some failures 17:18 < michagogo> PC: $ dig madim.atal.idf.il @ns1.idf.il 17:18 < michagogo> dig: couldn't get address for 'ns1.idf.il': failure 17:19 < kottt> if it's not too much of a distraction to ask: On Monday we had an issue where SSL services were selectively failing for clients around the state. It looked like maybe packets were being corrupted on the return path, but for the entire day, HTTPS web pages and apps with encrypted components (eg user auth) were either failing to load, loading completely, and occasionally (!) after several attempts, loading properly, only to fail again moments later. 17:19 < kottt> Problem resolved itself overnight, we never found a cause 17:19 <+catphish> michagogo: i guess there's some routing problems to that DNS server 17:19 < kottt> anybody seen anything like that before? 17:19 <+catphish> dns3.gov.il is down for me 17:20 <+catphish> kottt: that's usually indicative of a MTU problem 17:20 < TandyUK> ns1.idf.il abd ns2 both have 2 ips listed, but only the 62.219 range is replying 17:20 <+catphish> ah ok 17:20 <+catphish> so yeah, their network / dns are fucked :( 17:20 <+catphish> you can always use a hosts entry as a workaround 17:21 < kottt> catphish: Had a customer try reducing the MTU on their PC without change 17:21 <+catphish> kottt: that's a terrible workaround, but it would usually work 17:21 < kottt> it was just for troubleshooting purposes but it very much did not work 17:21 < kottt> :[ 17:21 * catphish shrug 17:22 * kottt shrug 17:23 < michagogo> catphish: So I should try and figure out how to get in touch with the IDF's tech team? It's just really bizarre that this would happen the way it's happening - namely, that querying several different recursive resolvers would always fail on my home connection, and never fail on my cellular connection and multiple different VPSes 17:24 < michagogo> Over a period of weeks 17:24 < michagogo> Actually, I think it's more like months 17:24 <+catphish> yes that is inexplicable 17:25 < michagogo> Dammit, I even looked up and tried another resolver (9.9.9.9) and that's the same way 17:26 < michagogo> Is there any DNS server that returns (or lets you see out of band with some kind of unique ID) the source address of queries to it? 17:28 < tpr> dns server software or dns service? 17:28 < tpr> if service, then e.g. dig +short myip.opendns.com @resolver1.opendns.com 17:28 < michagogo> Service 17:29 < michagogo> Specifically I'm looking for one that I can use with a recursive resolver 17:31 < detha> michagogo: dig +short whoami.akamai,net 17:36 <+catphish> michagogo: every resolver i try can resolve that site 17:36 <+catphish> michagogo: the only conclusion i can reach is that your ISP intercepts your DNS requests and passes them to its own resolver 17:37 <+catphish> there's no way they're all coincidentally failing only from your location 17:42 < michagogo> That's what I was thinking too 17:42 < michagogo> But that's impossible, because it failed with DNS-over-HTTPS too! 17:43 < michagogo> 😖 17:43 < detha> What does dig report the server as? 17:46 < lithiumpt> what IP address does ns1.idf.il resolve to? (on your home connection) 17:57 < qman__> Is there a tool to automatically condense a list of CIDRs into the fewest number possible? i have a list that has a bunch of /32s right next to each other and want to reduce the number of rules I need 17:57 < qman__> Without spending a bunch if time doing it manually 17:58 < Aeso> qman__, what you're describing is route compression, and I'd wager there's probably some free tools to do it 17:59 < kerframil> qman__: aggregate, aggregate-flim 18:00 < detha> qman__: one or another of python's ipaddress libraries can do that 18:01 < qman__> Thanks, aggregation lead me to this, exactly what I need https://tehnoblog.org/ip-tools/ip-address-aggregator/ 18:32 < doppleherz> What do people here use to keep a history of configuration changes to switches and routers, and physical or logical network changes? 18:34 < detha> rancid. and a wiki 18:36 < Donjuanal> rancid 18:37 < microwaved_> rancid 18:38 < doppleherz> Alright, I'll give rancid a look. 18:39 < detha> doppleherz: for a new setup, look at oxidized 18:39 < microwaved_> it works perfectly 18:39 < microwaved_> detha: what is that? 18:40 < detha> microwaved_: https://github.com/ytti/oxidized then same, but more modern/devops/git/ruby 18:42 < doppleherz> Looks interesting as well. 18:42 < microwaved_> detha: it supports not only Juniper? also cisco / mikrotik / etc etc? 18:42 < doppleherz> Gonna read on both and setup some tests. 18:43 < microwaved_> doppleherz: keep me updated on the oxidized one 18:43 < detha> microwaved_: I have no personal experience with it, but juniper definitely, mikrotik maybe. 18:43 < microwaved_> i barely work with JUNOS 18:43 < microwaved_> mostly with CISCO 18:43 < microwaved_> ios 18:47 < detha> given the source, I'd expect them to have some cisco left in their network 18:56 < E1ephant> oxidized++ 19:00 < Sven_vB> hi! what's the correct way to signal the end of the HELP list for tcpmux, and which other end-of-list signals should my proxy understand? 19:08 < clon3man> how do my polycom phones know about the existance of the voice VLAN automatically 19:08 < clon3man> they seem to discover it even if I wipe them fresh 19:13 < slickerjet> is there a quiet 10gb switch? 19:14 < slickerjet> or are they all 1U or 2U and loud as hell 19:14 < slickerjet> i wanted a desktop 1U switch 19:15 < FrozenFire[alt]> I have an outdoor CAT6 run (will upgrade to CAT6a soon) that is to supply PoE power and ethernet to an area of my property with no available power, where I have a wireless access point and two PoE security cameras. What would be the most effective way to terminate this in a small form factor? Is there such thing as a PoE switch which takes input PoE power and ethernet and distributes it as PoE to multiple devices? 19:15 < FrozenFire[alt]> All PoE switches I'm seeing are ones which take a separate DC input. 19:16 < E1ephant> slickerjet: how much 10G? EX2300? 19:16 < slickerjet> im not sure what that is 19:16 < E1ephant> errr EX2300-C will be silent even 19:16 < slickerjet> ill have to google it 19:16 < E1ephant> juniper products 19:16 < E1ephant> yes 19:17 < slickerjet> 900$ switch phew, that's a little pricey 19:17 < slickerjet> does it require a lot of config? 19:17 < slickerjet> i'm noob and i use unifi for almost everything 19:17 < slickerjet> i'm trying to make 2 desktops connect to each other using a 10gb or 10gbe switch so i'll buy the parts today to take advantage of the ebay 20% coupon 19:17 < E1ephant> ah just skip the switch and connect the hosts directly 19:18 < E1ephant> it'll be much cheaper 19:18 < detha> FrozenFire[alt]: one PoE port can only feed so much.... I think a switch plus two cams plus an AP would be pretty close to or over maximum 19:18 < E1ephant> 40G NIC and DACs aren't too much more either if that is your thing 19:19 < E1ephant> but getting 10G rolling between two hosts can be as cheap as $60 ~ 80 USD 19:19 < E1ephant> I use mellenox NICs, but chelsio is also very popular in the budget space 19:20 < slickerjet> 40gbps? 19:20 < slickerjet> should i just skip 10gbps and move to 40gbps 19:21 < E1ephant> I mean what do you need this for? 19:21 < slickerjet> well the two desktops are "servers" like for plex and shit 19:21 < slickerjet> i dont "need" it just want it, and since ebay is doing 20% off, why not jump in now 19:21 < E1ephant> how does plex need 10G? 19:21 < detha> ^ 19:21 < slickerjet> sometimes moving those movies around 19:22 < E1ephant> I mean I would make sure you have I/O performance to warrant it first, but yeah just host to host 10G, it's cheap and simple 19:22 < slickerjet> i know that my Synology NAS goes more than 1gbps 19:22 < slickerjet> my at&t fiber is 1gbps 19:22 < slickerjet> 1gbps is kinda my bottleneck for sure 19:22 < E1ephant> lol 19:23 < j-fish> Recommendation for a built in antenna(wireless) access point ? 19:23 < E1ephant> like NAD as in spinning hard disks? 19:23 < E1ephant> NAS even 19:23 < MissionControl> In CEPH arangements perhaps a 40G would be a reasonable consideration over 10G 19:23 < E1ephant> or you have actual flash in there? 19:23 < E1ephant> j-fish: idk, anything? unifi uap? super cheap. 19:24 < slickerjet> NAS has spinning disks yeah 19:24 < slickerjet> ive recently started moving everything over from the 60TB nas to stablebit clouddrive hosted gdrive 19:24 < slickerjet> that really taxes my 1gbps connection 19:24 < E1ephant> and how many spindles at what speed are you pushing 1gbit plus with? 19:24 < slickerjet> well i know that copying from my nas to my plex computer maxes out 1gbps link 19:24 < slickerjet> and that's internal network 19:25 < slickerjet> i could do 4x1gbE LACP from the Synology to the switch 19:25 < slickerjet> and then 10gbps from the plex machine to the switch 19:25 < slickerjet> 10gbps from my desktop to the switch 19:25 < slickerjet> and 1gbps for everything else, like ps4, xbox, hue bridge, etc 19:25 < slickerjet> i guess i only have 2 items that would do 10gbps or 40gbps 19:25 < E1ephant> I mean lacp isn't going to buy you single flow performance 19:25 < slickerjet> correct 19:25 < slickerjet> on other hand, screw this 19:25 < slickerjet> ill just order nothing 19:25 < slickerjet> save my money for christmas 19:26 < E1ephant> I would be more concerned with getting 10G straight from the storage source/NAS 19:27 < E1ephant> but yeah, tbh it is slower, but still quite quick for home usage. 19:27 < slickerjet> i know that the new synology has 10gb built in 19:27 < E1ephant> idk I am streaming everything today 19:27 < E1ephant> maybe 2TB of onprem flash storage 19:27 < E1ephant> for VMs 19:28 < E1ephant> r/datahoarder may have more insight 19:28 < E1ephant> I think they generally have good direction for cheap fast (possibly dirty!) storage 19:29 < E1ephant> last I was looking at huge onprem zfs was all the rage 19:52 < kenlumbo> anyone use Ruckus with multiple tenants? I'm going through the documentation and it seems it might be kind of a pita if you have 50 customers with a single AP each 19:52 < kenlumbo> pita because of how you have to do the initial setup to get the AP to boot up and know where to find the zonedirector 19:53 < kenlumbo> just wondering if anyone has a similar situtation and if there was a different way that I'm not finding 20:48 < Zexaron> Hello 20:48 < Zexaron> does POE need special ethernet cable or will any existing one do ? 20:56 < detha> PoE works over standard cat5 or cat6 20:57 < Kingrat> just try to avoid using it on copper clad aluminum or 26awg, the bad stuff i have seen can not be unseen 21:05 < Aeso> even CCA or thin-gauge cables will do PoE okay 21:05 < Aeso> bundled cables (especially in conduit) is where that stuff will bit you though 21:05 < Aeso> bite* 21:13 < ic3cube> anyone good with network policy server stuff? 21:27 < kenlumbo> depends... 21:32 < Zexaron> tnx 21:40 < Apachez> network policy server? 21:40 < Apachez> what on earth is that? 21:40 < Apachez> a new snakeoil buzzword from the marketing departments? 21:43 < TandyUK> sounds like it 21:44 < TandyUK> the network policy is a document if anything 21:44 < TandyUK> fuck knows why it would need its own server 21:44 < TandyUK> having google it, im just gonna leave you with 21:44 < TandyUK> "s the Microsoft implementation of".... 21:45 < TandyUK> its radius 21:45 < TandyUK> tied with a vpn i think 21:45 < Donjuanal> so shit 21:45 < Donjuanal> thats what you meant by "s the Microsoft implementation of" right? 21:45 < TandyUK> oh no, its just some bullshit proxy for radius (and their own diagram shows the actual radius servers sitting behind it) 21:46 < Donjuanal> so it's even worse that I thought 21:46 < TandyUK> indeed lol 21:46 < TandyUK> "Network Policy Server (NPS) is the Microsoft implementation of a Remote Authentication Dial-in User Service (RADIUS) server and proxy." 23:10 < switchnode> I have a question about the physical interpretation of the Shannon-Hartley theorem, in particular how the bandwidth relates to the data rate. 23:15 < switchnode> What is the relationship between capacity per sample (the C = 1/2 log2(1+S/N) formulation), bandwidth, and bits per second (the C = B log2(1 + S/N) formulation)? What, physically, causes a bit to require a certain duration to receive? 23:29 < djph> the speed of light. Also the number of bits per symbol on the wire (as well as the symbol rate) 23:29 < djph> but mainly, the speed of light ;) 23:30 < switchnode> Ignore the propagation, I'm just talking about the sampling. 23:30 < switchnode> What enforces the symbol rate? 23:31 < switchnode> (The bandwidth, obviously, but I don't really understand how a relative s^-1 becomes an absolute one.) 23:36 <+catphish> i wish i understood the relationship between bandwidth and data rate 23:36 <+catphish> or "how the hell does QAM get 100+Mbps into 20MHz" 23:37 < switchnode> Oh, it's just the Nyquist rate for the frequency interval. Otherwise you get aliasing. Nvm 23:37 < djph> symbol rate is a factor of the encoding scheme on the wire. e.g. Manchester Encoding - data XOR clock 23:38 < switchnode> for a specific scheme, yeah, but I was asking about the upper limit 23:38 < djph> you'd have to look at e.g. 256QAM 7/8 or something 23:39 < djph> really, the "limit" is how fast can we send the encoded signal, and still make sense of it 23:41 <+catphish> i just don't understand how you can send more data in the same bandwidth 23:41 < djph> bear in mind, of course, that the symbol rate is effectively just how fast we can modulate the signal ... e.g. a 300 baud modem has a symbol rate of 300 cycles / second ... and IIRC, 1 bit / symbol 23:44 < djph> as opposed to DOCSIS 3.0, which is ... 127 7-bit out of 128 FEC ("Forward Error Correction) symbols ... With overhead and "standard" framing, this results in 38.8 mbps per 6 MHz channel 23:45 < djph> and the arris paper on this is ... holy hell heavy on math 23:45 <+catphish> i just can't get my head around the basic relationship 23:47 < djph> it all comes down to QAM 23:47 < djph> or rather whatever modulation it's using on the physical 23:51 < djph> I'm honestly not an expert on it ... but effectively QAM is taking a pair of carrier waves that're out of phase 90 degrees ... and then applying amplidude modulation to the carrier pairs in response to the data signal 23:54 < djph> IIRC, there's also more than a little "cut the carrier into a whole bunch of subcarriers, and have at it) 23:55 < djph> e.g. wifi @ 2412 MHz isn't "just" a single 20 MHz-wide carrier ... but rather 20x 1 MHz-wide subcarriers (note - I'm making it up to try and explain it ... I don't think it's cut up quite that cleanly) 23:57 <+catphish> that's OFDM and is indeed part of the magic 23:58 < djph> yeah, there's a lot of black magic and heavy math when you get into the carriers / symbol rate / etc --- Log closed Thu Jun 07 00:00:48 2018