--- Log opened Sat Jun 09 00:00:42 2018 --- Day changed Sat Jun 09 2018 00:00 <+catphish> without user interaction, /dev/random will be useless, but i believe /dev/random will contain data from somewhere enough to seed urandom 00:01 <+catphish> small random timings that occur during disk access timings durng boot maybe, i'm not sure 00:08 < spaces> I hate Humidity 00:09 < Epic|> Yes fuck humidity 00:12 < spaces> Epic| erm, you need some higly local humidity on a spot if you like to fuck but otherwise I wouldn;t know what you mean :P 00:15 < Johnjay> well i'm "interacting" by typing t hings like ls and dd at the command prompt 00:15 < Johnjay> that's about it 00:16 < Johnjay> if i'm reformatting my drive and it already has linux on it, i guess i could copy the /dev/random file on the disk 02:01 * spaces kicks linux_probe 02:43 < jvwjgames> find the ipv6 gateway if the DC won't give it to me 02:47 < mgolisch> ? 02:48 < mgolisch> how does the dc relate to your network configuration? 03:01 < jvwjgames> cause they gave me the v6 address but all the gave me was this 2607:fa18:1000:10::1/64 03:06 < mgolisch> and whats wrong with that address? 03:09 < light> the problem is it's actually 18 billion billion IPv6 addresses 03:09 < pekster> Erm, no. It's an address along with a CIDR mask, exactly the same as the IPv4 version 03:10 < jvwjgames> thats all the info they gve me but i need the gateway 03:10 < pekster> 192.168.0.1/24 is that particular address on a /24 subnet, with 2^24 bits for the network, and 2^(32-24) bits for the hosts. Works the same in IPv4 too ;) 03:10 < light> -.- 03:11 < pekster> jvwjgames: Presumably that's the gateway, but why isn't your site using SLAAC or DHCPv6 here? If you're staticly configuring things, you need to be given the next-hop router and the address/CIDR mask in use. Plus presumably the DNS servers to use too 03:11 < Peng_> jvwjgames: You could ask them 03:12 < jvwjgames> the DC just gave me that 03:12 < pekster> If you don't use automatic methods of configuration, you need to ask your netadmin for details 03:12 < jvwjgames> here ios a snip of the email Are they wanting to add IPv6, or move entirely to IPv6? I would imagine the latter. I've added address 2607:fa18:1000:10::1/64 to their interface for them to use. 03:13 < pekster> That alone is not enough info to configure things, no 03:13 < jvwjgames> that is all the admin gave me i can try to call and see if i can get them to give me the rest of it 03:13 < pekster> You need a next-hop (though in special cases with a Point-to-Point configuration, the next-hop is simply on-link via the device. That's not as common as traditional next-hop though, with an actual address. Sometimes link-local even) 03:14 < Peng_> Also gives you the chance to ask if they run IPv6 nameservers :D 03:14 < pekster> Regardless, you still need a next-hop, even if your setup is PtP. You simply haven't been given complete details if that's the sum total of what you've been told 03:14 < jvwjgames> but the last time i tried to call they said you have a /64 that should be enough 03:14 < jvwjgames> and i was like -_- 03:14 < pekster> Sadly, lots of ISPs remain mostly clueless about IPv6. They've "only" had 2 decades to figure this out, so you'd really hope the people that run networks would be less clueless 03:15 < Peng_> Maybe they actually did enable SLAAC? 03:15 < Peng_> or DHCPv6? 03:15 < pekster> Also, no, a /64 is not "enough". See RFC6177 03:16 < jvwjgames> i acctually signed up with ARIN and i am waiting for them to give me a V6 address block 03:16 < pekster> /56 is the recommended minimum to end-sites, and that may be too small for business consumers depending on what they're doing. But again, see my above point about ISPs being pretty clueless here 03:16 < jvwjgames> so that way i can configure and manage everything my self 03:17 < pekster> With a transit provider that offers peering or BGP services, yes 03:18 < jvwjgames> the DC has aggreed to advertise my address space 03:23 < tds> ideally you don't really want the DC to announce your space, having sessions with their routers and announcing the space yourself will make migrating around and scaling easier 03:24 < jvwjgames> i thought that i can't do anything without them announcing it 03:29 < tds> somebody needs to announce it in order for anyone to send traffic to you - I was just saying if you may want to switch provider later, add another transit provider/peers/whatever etc, it may make life easier to have your own asn and sessions with their routers, and announce the space yourself 03:30 < jvwjgames> ah ok 03:30 < jvwjgames> but i would need to be multi homed and in a DC enviroment it almost inpossible 03:35 < jvwjgames> or am i wrong about that tds 03:39 < spaces> linux_probe !! 03:40 < tds> well I'd hope in most decent DCs you have a selection of transit providers and possibly IXs, if you mean you're using some kind of dedicated server or a single colo'd box you may need to talk to your current provider 03:47 < jvwjgames> i have ipv6 setup now 03:47 < jvwjgames> that string 2607:fa18:1000:10::1/64 was all i needed 03:48 < jvwjgames> cause that first 2607:fa18:1000:10::1 was all i needed cause that address is the gateway 03:51 < Dagger> I hope you only need the on-link subnet, then 03:52 < Dagger> if you were planning to do any routed VMs or OpenVPN etc then you'll also be needing the routed prefix, and you'll need to know what address they're routing the prefix to so you can be using that address 03:57 < xochilpili> hello everyone 03:57 < xochilpili> somebody who please give me a hand with proxmox and networking ? 03:57 < xochilpili> i have all set but from linux container i havent internet access 03:59 < DoctorDick> Oh hey I know this 03:59 < DoctorDick> What is proxmox installed on? 03:59 < xochilpili> DoctorDick, in debian 8 (in a dedicated server) 03:59 < DoctorDick> A VPS? 03:59 < xochilpili> DoctorDick, thanks for answer 03:59 < DoctorDick> Or an actual server? 04:00 < xochilpili> actual server, i have install manually proxmox since (server's provider) has no longer the proxmox's iso 04:00 < xochilpili> DoctorDick, anyway i have installed proxmox from deb packages, now, i have only one linux container (centos) 04:01 < xochilpili> i have created vmbr0 and i can ping from proxmox (debian: 10.0.1.1) to linux container (centos: 10.0.1.50) 04:01 < xochilpili> from linux container i have setted ipaddr = 10.0.1.50 netmask=255.255.255.0 gateway = 10.0.1.1 04:01 < DoctorDick> You did do this correct? 04:01 < DoctorDick> https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_Stretch 04:02 < xochilpili> DoctorDick, yes 04:02 < mgolisch> but the host can access the internet? 04:02 < xochilpili> DoctorDick, the only part i have omitted is ipv6 04:02 < xochilpili> yes, i have connected to it via ssh 04:02 < DoctorDick> And you have only one public IP right? 04:03 < xochilpili> yes 04:03 < mgolisch> and it actualy has ipv4 internet? 04:03 < xochilpili> yes 04:03 < DoctorDick> https://pve.proxmox.com/wiki/Network_Model, follow Masquerading (NAT) with iptables 04:03 < xochilpili> Masquerading (NAT) with iptables < 04:04 < xochilpili> DoctorDick, i have done that 04:04 < DoctorDick> It should work then 04:04 < xochilpili> but still i havent internet access from linux container 04:04 < spaces> I need to pee 04:04 < DoctorDick> Pastebin your /etc/network/interfaces 04:04 < xochilpili> DoctorDick, done... 04:05 < DoctorDick> Link them or you can PM me 04:07 < mgolisch> its because you tell iptables to nat outgoing stuff using vmbr0 instead of the actual external interface atleast it looks like that from what you posted in #proxmox 04:08 < DoctorDick> Yeah I just told him that lol 04:25 < xochilpili> still havent access to internet from container 04:26 < mgolisch> check your iptables rules 04:26 < mgolisch> did you remove the old ones? 04:31 < xochilpili> mgolisch, issue solved, thanks to DoctorDick :D :D :D 04:31 < xochilpili> was a typo :D 05:07 < potatoe> ew netfilter disgusting 05:19 < mgolisch> why? 06:05 < spaces> I'm so sexy I don't even need sleep 07:16 < linux_probe> [06/08/18 9:39:37PM]<spaces> linux_probe !! 07:16 < linux_probe> wtf punk' 07:16 < linux_probe> oh dear oi copy-pasta'd in colours 07:16 < linux_probe> lel 07:53 < scientes> how do i remove an interface in linux 07:57 < cluelessperson> question, what's a good way to ddos protect a non-web application? 07:57 < cluelessperson> scientes: why? what do you want to do? 08:02 < scientes> i was removing a 6to4 to go for HE tunnel 08:03 < DirtyTaco> ? 08:04 < scientes> i'm setting up ipv6 08:04 < scientes> it was a virtual tunnet 08:04 < scientes> i found the answer: ip link delete 08:06 < spaces> linux_probe :O 08:07 <+pppingme> cluelessperson not piss people off 08:08 < spaces> pppingme eh ? 08:14 < Apachez> pppingme: now see what you did, you made spaces confused :( 08:15 < Mead> I'me sorting out all the devices connected to my home access point, collecting hostnames, mac & Ip addresses. What is the best way to figure out what wireless standards the of all the clients connected to it? 08:15 <+pppingme> spaces question, what's a good way to ddos protect a non-web application? 08:16 <+pppingme> Mead if the AP doesn't report it (some do, some don't), there is no way, unless you check each client individually 08:17 < Mead> and if the client is a tv or blueray player? I've gotta go dig up it's specs with google? 08:18 <+pppingme> Mead most devices will support at least a couple wifi standards, so just knowing specs doesn't tell you whats in use 08:25 < Mead> well the way I understand it, between the b/g/n/ac a client and access point will negociate the highest common standard that all the clients can handle, although AC has stuff built in that might allow it to connect via multiple different standards 08:41 < sigsts> Afternoon. 08:48 < spaces> Apachez fix me! 08:49 < sigsts> heh 08:49 < sigsts> you are unfixable ;P 08:50 < wyseguy> lol 08:59 < spaces> sigsts Cold PLay thinks different 09:04 < sigsts> spaces: ba dum tish! 09:12 < Mead> the only information I can get about my tv is that it has wifi... nothing about if it is N or AC 09:15 < linux_probe> wifail 09:15 < linux_probe> what TV is it? 09:15 < linux_probe> under $750 USD? 09:16 < Mead> under $300 less than a year ago. Westinghouse WD42FB2680 09:16 < mgolisch> whats that even 09:16 < mgolisch> also cable > * 09:16 < linux_probe> lol and you expect to have beyond wifi G? 09:17 < linux_probe> N at abosult ebest 09:17 < linux_probe> 2.4G only 09:18 < linux_probe> ancient tech, piss panels spewn to cheapos 09:18 < Mead> I would be really surprised it was G or AC 09:18 < linux_probe> G is ancient, now 09:18 < linux_probe> N is just as anceint 09:20 < linux_probe> asnd for $300, AC that works? nope 09:20 < linux_probe> if it has wired, plu g it in and be done lol 09:20 < crutchy> i have a vpn question. is this the right place to ask? 09:21 < Mead> crutchy: ask here and if we can't answer it we can point you to the channel that would 09:21 < linux_probe> Virtual Polack Network 09:22 < linux_probe> hehe 09:22 < Mead> is the network attacking tanks on horseback? 09:22 < linux_probe> lol 09:22 < linux_probe> hey, them tanks can oly fire so many mortars in 20 minutes 09:22 < crutchy> what ip address would a web service on a LAN see for a VPN client accessing through a VPN server? 09:22 < Mead> Did the British make a deal with Russia to give them control of the Network? 09:23 < crutchy> its a noob question 09:23 < linux_probe> so horseback is plausiable, so long as they're hauling large C4 or other explsoive charges lol 09:23 < linux_probe> ( back in ww2 era) 09:24 < Mead> crutchy: can you elaborate a little more "web service on lan" 09:24 < crutchy> hmm. actually i think i might be able to test directly 09:25 < crutchy> err. an intranet site 09:25 < Mead> linux_probe: it is all fun ang games till the germans shoot your horse with a machine gun 09:25 < crutchy> a website served on say 192.168.0.188 or something 09:25 < linux_probe> horses! 09:25 < linux_probe> one tsnk hundred horses 09:25 < linux_probe> dont forget to fire at them 09:26 < Mead> would you rather right 1 tank size horse or 100 horse sized tanks? 09:26 < linux_probe> if that machin gunner cannot get out the tank to fir eback, solved 09:26 < linux_probe> I'm sneaky 09:26 < Mead> err fight 09:26 < crutchy> medievel times must have been pretty horrible for horses 09:26 < linux_probe> I;d lure the tank overtop a trap 09:26 < wyseguy> crutchy so random but true 09:26 < linux_probe> tank in large trap=hole game over 09:27 < crutchy> thanks Mead i know you didn't directly answer my question but you made me think about it 09:28 < crutchy> in this case you were the rubber ducky :p 09:28 < Mead> crutchy: if you are connected to a VPN, the host believes it is on that network and not the local network . So you probably wouldn't get access to local resources via private IP's. 09:28 < crutchy> i can access the service from the VPN client no problem 09:29 < crutchy> what i'm trying to do is actually see if i can access vpn client shares using smbnetfs 09:29 < crutchy> based on ip address from the web service 09:30 < crutchy> nothin sneaky or illegal. its for a corporate server-side backup service 09:30 < crutchy> feasability stage :p 09:30 < crutchy> it works over regular LAN clients, but i also have to deal with the VPN spanner in the works 09:31 < linux_probe> Virtual Phail Network 09:31 < crutchy> i'm not a vpn guy and i don't manage the vpn server, so i'm sorta learning the ropes 09:31 < linux_probe> about like IoT and the cloud, swiss-cheese bullshit, mainframe relaibailty :)) 09:32 < crutchy> i'm also a coder, not really a sysadmin 09:32 < linux_probe> coderp 09:32 < linux_probe> see, thats the issue, coderps have no clue about admin/hardware/other layers 09:32 * spaces bitchlaps linux_probe like a real biatch 09:33 * linux_probe purges ,egs whizz into spaces 09:33 < linux_probe> mega** 09:33 < crutchy> i'm trying to learn. i'm just not paid to know it mostly :p 09:33 < spaces> heh, he is out of order because if my sissieslaps :P 09:33 < spaces> *of 09:33 < spaces> I'm gonna take a nap 09:33 < spaces> later 09:34 < linux_probe> paid to know = useless 09:34 < linux_probe> being stuoid and drolling through X work = piss pay 09:35 < linux_probe> thena gain, they paty a premium for idiot output these days 09:35 < Mead> what I don't know, I can find out if needed 09:35 < crutchy> yeah i couldn't do sysadmin for a job 09:35 < linux_probe> and I see no reason for it other than tax write off and fat cat pocket padding upstream 09:35 < crutchy> coding is at least fun 09:35 < pikaro> hi! I'm trying to set up dnsmasq with dnscrypt-proxy. however, it's failing dnssec on every single query and I haven't found out why. config looks like this: https://pastebin.com/K9agEsUx, also includes dnsmasq log. downgrading to the stable versions (I'm on debian unstable) changes nothing. neither does using another resolver or using dnssec-proxy. result always: " dnssec-query[DS] com to 127.0.2.1 - reply com is BOGUS DS" 09:35 < pikaro> any advice? 09:35 < pikaro> hope this is channel-appropriate but I think it's more of a concept / understanding issue than a linux one 09:35 < linux_probe> purest of stupidity in aworld of brainwahsed dopehead idiots 09:39 < Mead> linux_probe: did you stop taking your meds recently? 09:40 < linux_probe> no, am I being to truthfull and hurting some AHDH dope eatuing morons feelings? 09:40 < linux_probe> ADHD' blah blah 09:50 < detha> crutchy: your only concern would be if the backup service needs L2 adjacency. If so, it limits your options a bit, if not, things should work (at least when sufficient clue-bats are applied to firewall and vpn admins) 09:56 < crutchy> if the corporate lan is on 192.168.0.0/24 i assume it would be possible to set up the vpn server to give vpn clients a virtual ip on the same subnet 09:56 < crutchy> must admit i have nfi how our vpn is set up 09:57 < crutchy> i'll find out a bit later on though 10:00 < detha> crutchy: what IP they get doesn't matter, as long as the proper routes are in place. 10:01 < crutchy> mkay yeah i guess 10:01 <+pppingme> crutchy an IP out of the same subnet would suggest a bridged layer2 vpn, a BAD idea in most cases.. 10:03 < crutchy> i'm guessing its a different subnet, but yeah that probably doesn't matter as long as i can access it 10:14 < Apachez> oh noes https://www.washingtonpost.com/world/national-security/china-hacked-a-navy-contractor-and-secured-a-trove-of-highly-sensitive-data-on-submarine-warfare/2018/06/08/6cc396fa-68e6-11e8-bea7-c8eb28bc52b1_story.html?noredirect=on 10:17 < crutchy> probably means it happened 5 years ago 11:16 < Apachez> this will be fun https://henrikalexandersson.blogspot.com/2018/06/eus-lankskatt-och-natcensur-lanksamling.html 11:34 < GodOfsea> hi 11:35 < GodOfsea> what Linux OS do yall use for daily sysadmin stuff ? 11:36 < mos6502> GodOfsea: GNU/Linux 11:36 < mos6502> sometimes musl/Linux 11:36 < GodOfsea> lemme rephrase 11:37 < GodOfsea> What Linux distro do yall use for daily sysadmin stuff 11:37 < mos6502> exherbo 11:41 < GodOfsea> mos6502: you use gentoo for daily sisadmin stuff ? 11:41 < GodOfsea> You deserve a medal 11:42 < mos6502> kek 11:56 < mossad_did_9-11> JEWS DID 9-11 12:08 < rainrainbow> Hi all 12:09 < Mcavendish> hello 12:10 < rainrainbow> I have a question. 12:12 < rainrainbow> Some ISPs, share a certain bandwidth between users. Say for example, they allocate 20 mbps for 8 users. Now I want to know, is there a tool or software which would be able to show how many users the internet is being share between and how much allocated bandwidth is left if any of these users are using or are not using the internet? 12:12 < Apachez> no you cant 12:13 < rainrainbow> Why? 12:13 < Apachez> you have no idea of how many for example switches there is between you and that 10G router 12:13 < Apachez> or 1G router or wahtever the isp is using 12:13 < rainrainbow> Isn't it possible to scan server or something? 12:13 < Apachez> you can have star networks and cascading networks with same amount of interfaces, star networks will due to fewer physical hops have higher bandwidth per user in average 12:13 < Apachez> nope 12:14 < Apachez> you can ask the provider how the uplinks are connected 12:14 < rainrainbow> That they will tell for sure :D 12:14 < rainrainbow> Thank you 12:15 < Apachez> a rule of thumb when you design access networks is that you can normally put 10:1 12:15 < Apachez> any higher ratio than that will be noticed by the customers 12:15 < Apachez> sneaky isps try to do 50:1 or 100:1 or even 500:1 or shit like that 12:16 < rainrainbow> Well they've stated on their website it's 8:1. Now what I want to know is the fact that how much of bandwidth is idle at certain times of a day. 12:16 < Apachez> ask for stats 12:16 < Apachez> they most likely have stats of their links 12:16 < rainrainbow> Would they give me? 12:17 < Apachez> but its usually not the internal speed of an isp (depending on size of course) thats the issue 12:17 < Apachez> its the uplinks towards other networks 12:17 < Apachez> like how much bandwidth and to which IX's 12:17 < Apachez> any private peers and how much bandwidth there etc 12:17 < Apachez> well if you never ask you dont know 12:17 < Apachez> some ix'es have public stats 12:18 < Apachez> but normally the curves goes that bandwidth goes up at 06 AM when people start to wake up 12:18 < Apachez> full action around 8-9 AM 12:18 < Apachez> then people must "work" 12:18 < Apachez> then you see another raise at lunchtime so 11-12 AM 12:18 < Apachez> then it goes down again to the 14 PM fika 12:18 < Apachez> and then people start to leave work at 15 PM 12:19 < Apachez> when they arrive home at 1800 the bandwidth goes up again due to spotify, netflix, pornhub and whatelse 12:19 < Apachez> around 2200 it starts to drop because people fall asleep 12:19 < Apachez> and then repeat the next day 12:19 < rainrainbow> Hmmmmm 12:19 < rainrainbow> You're right. 12:20 < Apachez> https://ams-ix.net/technical/statistics 12:20 < rainrainbow> The best way to know their stats is to recognize people's habit of spending time. 12:20 < Apachez> https://www.sthix.net/index.php/statistics-day/ 12:21 < Apachez> http://www.solix.se/stats.php 12:21 < rainrainbow> Thank you so much 12:21 < Apachez> https://www.netnod.se/ix-stats/sums/All.html 12:21 < rainrainbow> Have you ever noticed sudden download of a big file after pressing download button that would've taken a lot more time to download? 12:22 < Apachez> so the rule of thumb I mentioned earlier of 10:1 is because all customers wont use the network at exactlty the same time 12:22 < Apachez> so with 10:1 overprovision they will still be able to do speedtest and get max result 12:22 < Apachez> but sure if all 10 would do speedtest at exactly the same time they get 0.1Gbps as result instead of 1Gbps 12:23 < Mcavendish> anyone here work with brocade mlx or netiron os? 12:23 < Apachez> we have here 100 customers at 1G each sharing a signle 10G link 12:23 < detha> except when the ISP has paid for a speedtest server inside their network 12:23 < Apachez> Im talking about first hop overprovision 12:24 < rainrainbow> I understand thank you 12:24 < Apachez> you have no idea how the network looks further down the road 12:24 < Apachez> like the ISP we use got multiple 100G links to the distrouter we are connected to 12:24 < Apachez> but we have no idea of how many 10G customers they have to this particular distrouter 12:25 < Apachez> all we know is that the bandwidth towards netflix is good enough 12:25 < Apachez> using fast.com as test 12:25 < Apachez> max out the 1G link the customers have 12:25 < rainrainbow> Then what about sudden download of a file? What causes it? 12:26 < Apachez> ? 12:26 < Apachez> what causes a sudden download of a file? 12:26 < Apachez> usually because the customer clicked on a link or scheduled a download? 12:26 < Apachez> I dont get your question =) 12:26 < rainrainbow> No no 12:26 < detha> CDN caches, probably 12:27 < rainrainbow> I've noticed that sometimes when I just press the download button on my download manager, a file as big as 4gb which would have taken 20 mins to download, is downloaded suddenly. 12:27 < Apachez> well your download manager is a malware? :P 12:27 < rainrainbow> I want to know how this phenomenon occurs. 12:27 < rainrainbow> No, it really happens. 12:27 < Apachez> how do you know? 12:27 < rainrainbow> It just happened mins ago. 12:27 < Apachez> you cant download faster than the linkspeed 12:28 < Apachez> what can be done is to precache things 12:28 < rainrainbow> I thought it could be the free bandwidth left by users not using internet. 12:28 < detha> caches. somewhere. either on your machine, or close upstream 12:28 < Apachez> like steam does upon releases of games 12:28 < Apachez> so during 2 weeks people can predownload the game 12:28 < rainrainbow> No, I didn't pre-download anything. 12:28 < Apachez> so onto the release date 1st july most of the eager customers have already downloaded the game and can start playing direcftly 12:29 < Apachez> if you got a 1G link you cant download faster than 1G 12:29 < rainrainbow> it's like a much sudden increase in speed. 12:29 < Apachez> what can be done is realtime compression aka deflating 12:29 < Apachez> but a zipped file is already compressed 12:29 < Apachez> compared to a textfile which can be compressed in realtime 12:29 < Apachez> so you then can move a 4G textfile in like seconds 12:30 < rainrainbow> Interensting 12:30 < rainrainbow> Interesting* 12:31 < detha> rainrainbow: also, I wouldn't be so sure you haven't cached that file already. some browsers do this behind your back 12:31 < rainrainbow> Thank you so much for being patient and helping me so much. 12:31 < rainrainbow> detha, It was in my download's manager. It took the link in one second then I pressed the download button and 4gb file has been downloaded suddenly. 12:32 < detha> cached. somewhere. 12:32 < Apachez> perhaps your download manager picked up that pornsite you visited 12:32 < Apachez> and started to predownload the pornflics 12:32 < Apachez> so when you actually clicked a link that was already cached locally 12:33 < rainrainbow> hahahaha 12:33 < rainrainbow> No 12:33 < rainrainbow> It was a show, Dark Matter, if you'd like to watch. 12:34 < rainrainbow> It has something with bandwidth I think. 12:36 < detha> over what type of internet connection (and with what contract rate) ? 12:39 < Apachez> can also be that your manager used bittorrent or such 12:39 < Apachez> that is instead of using a single server that perhaps only have 10Mbps left for you 12:40 < Apachez> it uses 100 concurrent connections so the sum at your end max your 1G link 12:40 < Apachez> 100 concurrent connections to different servers at once 13:00 < Lookme> https://tinyurl.com/ya79dnx5 13:03 < rainrainbow> detha, PPPOE 13:03 < rainrainbow> Apachez, Could be the case. 13:03 < rainrainbow> detha, I don't understand contract rate. 13:04 < rainrainbow> Thank you all 13:04 < rainrainbow> Bye 13:19 < darsie> Is 'web' a synonym for internet? 13:19 < darsie> Matrix targets use cases like Voice over IP, Internet of Things and instant messaging, including group communication, along with a longer-term goal to be a generic messaging and data synchronization system for the web. 13:20 < Apachez> the web 13:20 < Apachez> the intercontinental inter networks of networks 13:41 < jason85> What is the most effective query for DNS amplification? 13:43 < Apachez> dnssec 14:02 < jason85> Apachez: I'm getting amplification of about 4x, can it be a lot more? 14:23 < dogbert_2> m00000000000000000 14:30 < djph> 'sup dogbert_2 14:30 < dogbert_2> just ripping some more DVD's is all, how about u? 14:31 < djph> drinkin' coffee waiting for the noise ban to lift so I can mow the lawn 14:35 < dogbert_2> no mowing too early huh :P 14:39 < dogbert_2> was upgrade HP Prodesk Mini's at work yesterday (celeron 39xx dual core @ 2.4-7 Ghz...4GB SO-DIMM and mechanical HDD)...upgraded to 8GB and a 128GB SSD...much faster response 14:44 < dogbert_2> for lower end h/w if you wanna keep using it, solid state drive and more ram are cheap options 14:57 < djph> yup, can't fire-up the small engines til 9 or 9.30 14:58 < dogbert_2> meh...who is still asleep at 0900-0930 :) 14:58 < mawk> I woke up at 1 pm 14:58 < mawk> what do you have to say about that dogbert_2 14:59 < djph> dogbert_2: that's the point 14:59 < dogbert_2> mawk..wake up sooner :P 15:00 < mawk> I live by the night 15:00 < dogbert_2> found a snickers bar with a "MEH" wrapper on it yesterday...got a good picture of it 15:00 < mawk> so overall it's just shifted 15:01 < dogbert_2> dang...i9 processor unlocked with 12 cores...heh 15:05 < screwsss> why didnt anyone tell me about ftp sooner. 15:06 < mawk> you're some decades late 15:08 < dogbert_2> ftp is about 35+ years old :) 15:09 < djph> and about 25 years outdated. 15:09 < djph> waaait, are you talking about FTP the protocol, or FTP, the new name for STP cabling? 15:11 < Apachez> "new name"? 15:11 < Apachez> STP = metallic socket 15:11 < Apachez> FTP = foil 15:11 < Apachez> socket=sock 15:12 < Apachez> sock = mesh :) 15:13 < djph> Apachez: and "STP" cabling in the past was cable with an extra foil jacket surrounding the pairs 15:14 < djph> so yeah, it's a newish (more specific) name -- probably because there's some kind of newer "shielding" that they wanted to make a distinction for 15:14 < Apachez> nope 15:14 < dogbert_2> dang...that i9 costs $1000 15:14 < Apachez> STP is shielded tp 15:15 < Apachez> aka a mesh as a shield 15:15 < Apachez> FTP is foilshielded tp 15:15 < Apachez> aka a solid foil as a shield 15:15 < Apachez> and then you have combos like if you prefer to have the mesh around each pair + foil then its S/FTP 15:16 < Apachez> or the other way around foil around each pair and mesh around the whole cable then its F/STP 15:16 < Apachez> S/FTP and F/STP = aka doubleshielded 15:17 < djph> so yeah, they made a new shield, and hcanged the name ... 15:17 < djph> it's all good 15:18 < djph> took me a while to wrap my head around it when people were asking about "installing ftp cable" (errr, what? :) ) 15:21 < Apachez> then we have SFTP and FTPS but thats protocols/software :) 15:21 < Apachez> SFTP = FTP using SSH 15:21 < Apachez> FTPS = FTP using SSL 15:29 < frodo> How is it possible for a non-NATing gateway router to have a different internal ip address (say 203.0.113.1/24) and another external ip address (say 198.51.100.78)? How can hosts on the internal network even connect to the internet? 15:32 < light> frodo: you mean like a binat situation? 15:33 < light> oh, I misread, it's just routing 15:33 < VincentHoshino> nope those are all external routable IPs 15:33 < VincentHoshino> yep just routing 15:50 <@xand> frodo: that's the normal way routers work, without NAT 15:51 <@xand> different network on each interface 15:55 < frodo> xand: but how does one reach hosts on the internal network without NAT? 15:56 <@xand> using their IP addresses 15:57 <@xand> the network isn't exactly "internal" 15:58 < light> frodo: packets can flow as long as there is a route for them to take 15:58 <@xand> yes, the ISP would set 198.51.100.78 as the route to 203.0.113.0/24 16:00 < frodo> Ah I see, thanks 17:00 < zenix_2k2> one question, is "Access point" a type of software or hardware ? i am still kinda confused 17:03 < Apachez> zenix_2k2: its a mediaconverter between wifi and ethernet 17:04 < Apachez> or better yet 17:04 < Apachez> a mediaconverter between wireless ethernet and wired ethernet 17:07 < zenix_2k2> so basically, it is a hardware then 17:10 < djph> zenix_2k2: it is absolutely hardware. One "side" of the device is 802.3ab (gbit ethernet), the other is 802.11a/b/g/n/ac 17:11 < djph> Note that older APs may only have 802.3u (Fast Ethernet), and a smaller set of 802.11 wifi standards (e.g. only 802.11b/g) 17:12 < dogbert_2> just depends on when the hardware was made 17:15 < djph> or what price point the mfg wanted to hit -- e.g. the original UAP (released 2012 or so) was fast ethernet / 802.11b/g/n 17:19 < drathir> Apachez: kinda, bc routing iinvolved clear converters are similar tofiber-eth where just medium switchin i guess... 17:22 < Apachez> routing is not involved in an AP per definition 17:22 < Apachez> AP is pure L2 on its own 17:22 < Apachez> but your device might have a nat-router builtin for other prupose 17:24 < zenix_2k2> and also one more question, how can the router remember who i am after my first password's input ? you know like when i first connect to a router or an access point, it is gonna ask me for the authentication and after that i can automatically re-connect 17:24 < zenix_2k2> does that depends on the router or my device ? 17:24 <@xand> errr what kind of password input 17:24 < djph> zenix_2k2: your device saves the key for the SSID. 17:24 < varesa> the router doesn't, your device just saves the password for further reuse 17:24 < zenix_2k2> oh 17:24 < zenix_2k2> ok 17:25 < drathir> Apachez: in bridging mode most devices from wifi to 1eth doing routing just allowing switch connect aka wisp mode... but yea good point... 17:27 < drathir> Apachez: often also ap client ap router being marked... 17:28 < drathir> client/ client router too sometimes... 17:29 < Apachez> again AP on its own is a mediaconverter between wifi and wired ethernet 17:30 < Apachez> somebody saying "we set this up in AP mode" means L2 mode 17:30 < Apachez> no routing, no nating 17:30 < Apachez> just "switching" between wireless and wired 18:40 < silentfury-s4pro> anyone here dealt with watchguard firewalls? 18:52 < DocScrutinizer05> anybody share some hint why a ssh login to a remote server hangs with http://paste.ubuntu.com/p/Z2MvVnDGQy ? 18:53 < DocScrutinizer05> some response from remote never seems to arrive, but that's well within ssh negotiation aiui 18:54 < djph> DocScrutinizer05: server's setup wrong? 18:54 < DocScrutinizer05> another loosely related question: shouldn't my local ssh client time out eventually 18:54 < DocScrutinizer05> djph: no idea, ask TimRiker ;-) 18:54 < detha> DocScrutinizer05: MTU? 18:55 < DocScrutinizer05> detha: I don't think *I* changed anything, maybe something changed on server end 18:55 < DocScrutinizer05> this worked, since years 18:55 < DocScrutinizer05> unless Tim's uplink was down 18:56 < detha> can be anything inbetween them that started blocking icmp 18:56 < DocScrutinizer05> if you wonder, Timriker = owner of infobot 18:57 < DocScrutinizer05> oooh "debug1: SSH2_MSG_SERVICE_REQUEST sent" is ISMP related? 18:57 < DocScrutinizer05> ICMP even 18:58 < detha> no, but my first instinct with http or ssh connections that seem to connect fine, but then hang, is 'MTU issues' 18:58 < DocScrutinizer05> :nod: 18:58 < DocScrutinizer05> quite possible, Tim's ISP seems particularly nasty one 18:59 < DocScrutinizer05> could you check? 19:00 < DocScrutinizer05> "Connecting to rikers.org" 19:02 < DocScrutinizer05> MEH nevermind, packet loss like mad 19:03 < DocScrutinizer05> I bet his ISP scheduled some service "downtime" 19:04 < DocScrutinizer05> which also explains why infobot went offline 19:05 < DocScrutinizer05> thanks guys! 19:06 < DocScrutinizer05> remains my other question: Why The Heck doesn't my local ssh client time out, ever? (30min niow) 19:07 < DocScrutinizer05> smells like bugticket 19:08 < djph> check your local settings 19:09 < DocScrutinizer05> which ones? 19:09 < DocScrutinizer05> my network connections are supposed to time out within 60s 19:10 < detha> seeing the packet loss I get to there, ddos or something really broken 19:13 < DocScrutinizer05> the latter I guess, seen this frequently with his ISP messing up stuff 19:16 < DocScrutinizer05> which settings would I check to see why and when a stale ssh connect should time out? 19:17 < DocScrutinizer05> (linux) 19:17 < DocScrutinizer05> an unestablished ssh connect stale in negotiation 19:20 < Atro> just use -vvv 19:22 < DocScrutinizer05> I did, http://paste.ubuntu.com/p/7T29997Drx/ is what I'd expect. however stale on http://paste.ubuntu.com/p/Z2MvVnDGQy/ since over 40 minutes is what I got 19:23 < Atro> interesting 19:25 < DocScrutinizer05> seems like an established TCP connection doesn't time out ever in ssh, waiting for reply indefinitely 19:26 < Atro> i'd try some mix of -vvv and tcpdump 19:28 < DocScrutinizer05> I guess there are some parameters in TCP stack to tear down a connection once a sufficient number of retries to deliver a packet occurred. However when the request been sent and delivered by ssh client and the reply from server gets lost due to packet loss, ssh client seems to not bother much and wait indefinite time happily 19:30 < Atro> TCP shou;dn't care about retrasmissions 19:30 < DocScrutinizer05> IOW error handling aka timeout on application level protocol seems non-existent during negotiation 19:30 < Atro> you either die as a SYN or die as a RST 19:30 < Apachez> but you will always die with URG 19:31 < Atro> unless you live a happy normal death by a FIN 19:31 < DocScrutinizer05> when would an established TCP connection time out? 19:31 < mawk> DocScrutinizer05: set a sensible value for ServerAliveInterval 19:32 < Atro> cause its not getting a reply and the timer runs out 19:32 < DocScrutinizer05> mawk: I do 19:32 < mawk> to how much ? 19:32 < DocScrutinizer05> mawk: I don't think it applies to negotiation 19:33 < mawk> yeah, maybe 19:33 < mawk> well the other setting ConnectTimeout applies when the host never responded 19:34 < DocScrutinizer05> yeah, but what applies when server responded but then goes down during negotiation 19:35 < rewt> "don't worry about that. it will never happen." 19:35 < Peng_> is TCPKeepAlive in play? 19:36 < DocScrutinizer05> http://paste.ubuntu.com/p/3YtMnM62TM 19:38 < DocScrutinizer05> Peng_: prolly not really, I invoke with ssh -vvv user@riker.org 19:39 < DocScrutinizer05> ok, my ssh client is a tad dust covered, but still... 19:41 < DocScrutinizer05> ooooh infobot is back 19:42 < DocScrutinizer05> so I guess either ISP fixed their crap, or a DDoS stopped 19:43 < DocScrutinizer05> on the pragmatic side: is there a unix command to run a process for a limited time only, then kill it? 19:44 < DocScrutinizer05> loke `killafter 60 ssh foo@bar` 19:44 < DocScrutinizer05> like* 19:46 < DocScrutinizer05> nm, timelimit is it 19:48 < DocScrutinizer05> err timeout 20:34 < GTAXL> I have a client getting fatal radio errors on his Ubiquiti WAP. I think it may be due to the channel and width he is using. What channels in the UK can we use 80Mhz wide for 802.11ac? Does DFS play a role in this? 21:01 < chezidek> is there a way i can get ansible to detect if something is running ios vs nxos and run commands based on that 21:21 < Apachez> chezidek output of "show version" 23:55 * spaces bitchslaps Apachez with his box of medicines --- Log closed Sun Jun 10 00:00:52 2018