--- Log opened Tue Jun 12 00:00:54 2018 00:14 < nojeffrey> mgolisch multiple spanning tree 00:27 < mgolisch> does it loose link? 00:27 < stonelore> lose* 00:28 < nojeffrey> Well yeah, blocking blocks the port 00:29 < zenix_2k2> one question, once i try "ping google.com", what protocol does it use to ping the server ? 00:29 < nojeffrey> Need to find whats on the other end, some parts of this network are like a rabbit warren 00:29 < nojeffrey> icmp 00:31 < zenix_2k2> ok thk 00:36 < mgolisch> nojeffrey: if its a switch or other network gear it will probably speak lldp/cdp, or look if it learned a mac on that port 00:43 < bitcycle> Hey all. I've got a nat instance in its own subnet but that can be reached from other subnets (i.e. "internal subnet"). The internal subnet's traffic is able to reach the NAT and to the destination, but then the response isn't getting back through the NAT. Can someone here advise as to how I might further troubleshoot? 00:54 < tds> what do you mean by a 'nat instance'? is this a vm/container/similar? 01:08 < help_pl0x> I'm trying to setup a fax machine. When the phone line is not plugged into the fax the modem isn't freaking out but when I plug it into the fax all the modem lights start blinking. I know the phone line on the modem is good because I get a dial tone and can call out when hooking up an extension to it Any ideas? 01:13 < bitcycle> tds: yeah, its a virt that has iptables configured. 01:14 < tds> are you able to upload the interface config (say the output of ip a and brctl show) and the iptables config (iptables-save output), and describe which subnets communication fails between? 01:16 < bitcycle> So, I can communicate outbound from [internal-node] => [NAT ens3] => [NAT ens4] => [destination:port], and I can see the traffic returning: [destination] => [NAT ens4], but it doesn't get from ens4 => ens3 on the response. 01:16 < bitcycle> I'll dump my iptables to pastebin. 01:17 < bitcycle> https://pastebin.com/ve6wGV2f 01:19 < tds> those two forward rules are a bit useless, since the default policy on the chain is accept anyway 01:22 < bitcycle> What kinds of rules should I be using? Should I get more fine-grained in terms of the src and dst? 01:22 < tds> You can if you like, it depends what you want 01:22 < bitcycle> I just want something that works, at this point. 01:22 < tds> but you should either end the chain with a drop/reject/whatever, or set the default policy to be that 01:23 < tds> so are all of the connections that are incoming on ens3 directly from that on-link subnet? 01:23 < bitcycle> internal-node is on a different subnet than the NAT ens3. 01:24 < bitcycle> Here's the kernel routing table: https://pastebin.com/1BMJtsJe 01:25 < tds> ah, that's more useful :) 01:25 < tds> so devices in the 100.125... subnet are making connections to stuff in 10.196...? 01:26 < tds> and those packets get routed fine from ens3 -> ens4, but nated on the way back from ens4 -> ens3? 01:27 < tds> if so, excluding that specific subnet from the snat rule might solve your issues? 01:27 < bitcycle> how would I exclude that specific subnet from the snat rule? 01:28 < tds> you want an exclamation mark... somewhere :) 01:29 < tds> I think you want something like ! -d 01:30 < bitcycle> kk. Sounds good, tds. Thanks for walking me through it. I have to get to the bus, but I'll give that a shot. 01:30 < tds> that's entirely relying on me correctly understanding what you said, which I suspect I might not have done correctly, but good luck 01:31 < tds> also, seeing as this is all private address space and it sounds like you have devices with routes pointed back towards this from the ens3 side, might it make more sense to do the nat on the upstream gateway (ie 100.125.5.129)? 01:38 < TimeVirus> use ipv6 - no need for nat 01:38 < TimeVirus> pffft 01:39 < tds> ^ v6 is always much nicer than deploying nat44 everywhere :) 01:40 < tds> there is nat64, but that's much less painful to deal with than nat44 02:12 < Apachez> potus have left the hotel... 02:12 < Apachez> shit gets real with rocket man and mr fire and fury :D 02:13 < Apachez> what a nightmare for all involved secret services... so many who wants to see this fail 02:14 < compdoc> theyre about to meet? 02:16 < S_SubZero> as an American I apologize profusely for all of this 02:21 < TimeVirus> no reason for that nut to have nukes 02:21 < TimeVirus> none 02:21 < TimeVirus> any nut for that matter 02:23 < Apachez> compdoc: in 37 min 02:58 < SovietBeer> ||cw: with nmap, how can i also get the hosts' mac addr in the output? 03:01 < SovietBeer> when using -p to scan only 1 port 04:25 < SovietBeer> is it still necesary nowadays to run a cmd in ssh to keep a reverse tunnel open? 04:25 < SovietBeer> so that the connection isn't closed 04:28 <+pppingme> its never been necessary.. 04:29 <+pppingme> if you're having connections close, its probably not because of ssh, but rather some firewall or nat timeout 04:32 < Haxxa> Opinions? I am starting a blog to document my hobbies for future employees and just for personal ambition: Are the new fancy TLD like .tech, etc. worth having or best to stick with a longer.com name? 04:36 < light> get a .luxury so they know you're a baller 04:37 < Haxxa> I already own the domain I want to use for my blog but I have it connected to my home server with heaps of lets encrypt scripts and hard coded url scripts so I can't be bothered moving it, I even considered reverse proxy but it will be too slow for my crappy aussie internet 04:38 < light> or just use a subdomain like blog.haxxa.com 04:38 < light> then you don't have to move anything 04:39 < demio> speaking of blogs 04:39 < demio> dont do what this fucker did 04:39 < demio> https://twitter.com/carloslage/status/1006354353572274176 04:39 < light> yeah don't do twitter 04:39 < demio> err 04:39 < demio> read the tweet 04:39 < demio> :P 04:39 < demio> he wrote a dev blog 04:39 < demio> and put a cryptominer in it 04:40 < demio> in a fucking dev blog 04:40 < demio> did he not expect other devs to notice 04:40 < light> lol 04:40 < Haxxa> light, yeah but that gets messy doesn't it, also I think it may be better to seperate my home server url to my blog for security 04:40 < demio> the cryptominer code is even properly indentend 04:40 < demio> so its not like he was hacked or something 04:40 < demio> or some kind of cross-site injection 04:42 < light> some people use ads, others use mining 04:42 < light> got to pay for your site somehow 04:43 < demio> well 04:43 < demio> maybe just pay for it out of your own pocket? 04:43 < demio> i pay 200 bucks a year to wordpress 04:44 < demio> i dont even have google analytics on my blog 04:44 < demio> no ads 04:44 < demio> no tracking no nothing 04:44 < demio> i think... 04:44 < demio> http://carloslage.net 04:44 < demio> you can audit it if you want 04:44 < demio> :P 04:44 < demio> if it has google anlytics, i will remove it 04:44 < demio> but i dont think i set up google analytics 04:45 < demio> 200 a year is less than 20 a month 04:45 < demio> with a world-class CDN in front of it 04:46 < demio> if you cant afford 20 a month to run a blog and need to resort to shady shit like cryptomining 04:46 < demio> you dont deserve to blog 04:46 < demio> or use a free platform 04:46 < demio> without a custom domain 04:48 < Haxxa> light I am going to do as you suggest and use wildcard ssl - and maybe just auto redirect from domain.com to blog.domain.com 04:48 < Haxxa> will this cause any issues with wordpress (i.e. running on subdomain) 06:34 < Haxxa> I need some advice, due to my setuo I can't use url or dns forwarding to redirect from domain.com to sub.domain.com, as a result I need to run a web server that will redirect all requests from domain.com to sub.domain.com. I am setting up a VM for this purpose (what is the lowest resource web server that would handle a large number of requests)? 06:35 < scientes> pretty much any wab servercan handle that 06:37 < Haxxa> yeah but I feel like a full debian lamp server is overkill for this purpose - is there anything lighter I can use with less maintence? 06:37 < scientes> yeah nginx 06:38 < Haxxa> I mean from the stand point of maintence of the os, anyway I can avoid having to install unattended upgrades and manage a full web service? also I want it locked down as possible i.e. it servers port 80 and nothing else 06:40 < scientes> you are overthinking it 06:41 < Haxxa> sure, so how do I underthink it? :) 06:43 < Haxxa> whats the easiest way to redirect a url pointed at my home server somewhere else? also do I run the risk of DDOS attacks I would be opening my firewall on my home router (port 80) to point to this server 06:43 < scientes> if its just nginx with listening ports, and no cgi its pretty secure 06:43 < scientes> especially if you use nginx-minimal 06:43 < Haxxa> any recommendations for guest OS 06:45 < scientes> i would just use debian 06:45 < scientes> or ubuntu 06:49 < Haxxa> screw it I'm just going to buy another domain, I really don't like the idea of running a blog on the same url that my private plex server etc. are running on anyway 07:15 < scientes> how does that solve anything? 07:15 < scientes> Haxxa, ^ 07:16 < Haxxa> scientes, I am not going to use the same domain which points to my home server and it will be the root CNAME 07:17 < scientes> you need a server for alot of things 07:17 < scientes> just use a server 07:19 < Haxxa> I am using digitalocean vps but regardless I am not sharing the same domain I use for my IRC Bouncer, VPN etc. with the same I plan to use for my blog 07:22 < scientes> why not? 07:30 < pabed> hi guys , I need a GSM modem whithout hanging and freezing and that is too hard access to it becacuse of its place is near the peak of mountain at TV station , what satable GSM modem do you recommend ? 07:33 < detha> pabed: Sierra, or wavecomm/Maestro if you want to go cheap 07:44 < pabed> detha: what is you idea about dlink or tplink? 07:47 < detha> pabed: you said remote mountain-top. If you deploy tp-link or dlink to that, deploy about 4 of them, with some remote-controlled power-cycling setup 07:47 < detha> In other words, Don't. 07:49 < pabed> we have electricity there , what you mean about "4 of them "? 07:51 < pabed> detha: and there is BTS near the TV station 07:55 < detha> pabed: if you have 4 of them, you can be fairly sure at least one will probably keep working 08:00 < pabed> detha: but , it doesnot lan port for coneccting modem to the switcg is connected to TV transmitter 08:00 < pabed> http://update.maestro-wireless.com/M100/M100%20485%20Series%20-%20Product%20Brief%20-%20V2.pdf 08:03 < MrNaz> i want to set up a raspberry pi as a "probe" which I can attach to any network to provide me insider access. i was thinking of setting the pi up so that it immediately connects to my office vpn. is it possible for me to do that, and then ssh to the vpn IP of the raspi and then have an interface on the raspi that allow me to access the LAN that the raspi is connected to physically ? 08:03 < grawity> sure 08:03 < MrNaz> (this is not some kind of hack attempt, these would be used on networks that we manage) 08:03 < grawity> people literally sell that as commercial products 08:04 < detha> pabed: that's 485 ones, for LAN you need E200 series 08:04 < MrNaz> grawity if there's a PoE enabled version of such a device, i'm all ears :D 08:04 < pabed> detha: rs485 has to connect to pc? 08:05 < scientes> are wireless APs smart when it comes to having multiple APs with the same SSID? 08:05 < grawity> MrNaz: buy a poe adapter 08:05 < grawity> scientes: smart in what sense? 08:05 < scientes> like my device will just use the one with the highest signal? 08:06 < grawity> yeah that's the smartness of the client, not of the AP 08:06 < scientes> and they will automatically be on differn't channels? 08:06 < grawity> plain APs don't *have* to be smart about this, except when you want to make roaming faster (802.11r I think) 08:06 < detha> MrNaz: quick skim of the specs says Tosibox has PoE. Not in the same price range as a raspi though 08:06 < grawity> scientes: this has nothing to do with channel selection at all 08:06 < grawity> if your two APs would have used different channels otherwise, they'll use different channels now, no matter the SSIDs 08:07 < scientes> like i was going to have an apartment building with 5 802.11n wifi boxes with the same SSID, connected with MoCA 1.1 08:07 < scientes> and what if some of those wifi boxes are 802.11ac? 08:07 < grawity> what about it? 08:07 < grawity> still doesn't matter 08:07 < grawity> your clients choose whatever AP they think offers the best connection 08:18 < pabed> detha: why http://www.maestro-wireless.com/e200-series-technical-specifications/ is more stable than https://www.tp-link.com/no/download/Archer-MR200_V1.html , because of e200 is Industrial grade and dlink and tplink is Commercial Grade? 08:21 < detha> pabed: you could say it like that. I would say plastic crap versus solid metal case. 08:22 < pabed> ah that is big difference 08:22 < detha> Things like E200 and sierra LS-300 are made for mobile applications, can handle wide temperature range and some vibration. 08:23 < detha> (and are less sensitive to dirty power) 08:24 < detha> Also, near a TV xmitter adds some challenges for the radios - that's a lot of RF in a different band it has to suppress 08:25 < Apachez> the one with most TX power wins 08:26 < Apachez> so you buy one of those "FUCK FCC" stickers and plug it onto your gear 08:26 < Apachez> and then you overdrive the TX transmit power :) 08:26 < detha> The one with the best selectivity in the input stage wins :/ 08:27 < squ> are we talking about intermodulation 08:27 < Haris> hello all 08:28 < pabed> yes ,good , I think I have to choose industerial grade , thanks alot 08:28 < Haris> ASA 5520 says ---> Booting system, please wait... <--- is this an indication of boot system not having been found or a hardware issue ? There may have been a power outage in the last 24 hrs. I did a hard reboot, pressed escape to get to rommon. but all I get is ---> Booting system, please wait... <--- no change in OS image was done recently. only minor config change related to ACL or nat 08:28 < detha> Chances of winning from a TV station in raw power are slim..... But there's always linear boosters 09:02 < dminuoso> Haris: Have you tried entering rommon mode? 09:03 < dminuoso> Its possible the firmware is somehow bricked, so you might have to flash it anew. 09:03 < dminuoso> Oh wait hah. You just said you did. 09:04 < Haris> when I turn the device on, on console, I keep pressing Escape. but nothing happens. I keep getting that message on repeat 09:16 < dminuoso> Haris: Mmm do you have any spare ram? 09:25 < Haris> ram ? 09:25 < Haris> yes 09:25 < Haris> can asa take it ? 09:30 < Haris> ram got fried between electricity outage and coming back ? 09:30 < Haris> its on ups. ups may not be online 09:36 < mos6502> hi, im trying to use an openbsd box as my gateway 09:36 < mos6502> so far i have ipv4 nat setup and it works great, and now im trying to setup ipv6 09:37 < mos6502> my ISP wants me to use DHCPv6 so I am tried to use wide-dhcpv6 09:38 < mos6502> when i tried running it on the interface it errored out, and I tried everything (i removed the ipv6, tried autoconf, tried eui64) but it always kept saying "client6_send: transmit failed: No route to host" 09:38 < mos6502> i found https://marc.info/?l=openbsd-misc&m=151116733431051&w=2 and tried the second command (without the -T 4 because that was an internal table for him) 09:38 < mos6502> and even slaacd gave the no route to host message 09:39 < mos6502> i tried removing wide-dhcpv6 and installing dhcpcd but it still resulted in the same issue 09:39 < mos6502> any idea what could be causing this? 09:43 < squ> error is "no route to host" ? 09:43 < mos6502> yes 09:43 < mos6502> every dhcp/slaac client ive tried 09:43 < mos6502> fails with that 09:43 < squ> I think guys here will help you with that 09:45 < squ> or #freebsd 09:45 < mos6502> actually #openbsd 09:46 < squ> they use different software? 09:46 < mos6502> and they have helped a lot but not (yet) for this issue 09:46 < system16> i actually installed ubuntu on it 09:46 < mos6502> umm openbsd and freebsd are actually completely different operating systems 09:46 < system16> oh sorry wrong channel 09:46 < detha> squ: that is somewhat different yes 09:46 < mos6502> they are forked from a common source so lots of similarities 09:46 < squ> yes but networking software is different too? 09:47 < mos6502> yeah they have their own pf and stuff 09:47 < detha> mos6502: slaac was moved out of the kernel in 6.2, so all that stuff now runs userland. Maybe pf getting in the way now? 09:47 < mos6502> they are similar but openbsds pf is a little cooler feature wise and freebsd pf is faster 09:48 < mos6502> detha: possibly bad idea but should i move to 6.1 and try this again? 09:48 < detha> I wouldn't move to 6.1. Maybe put a temp rule allowing all proto ipv6 ? 09:49 < mos6502> hmm 09:49 < mos6502> ill try that 09:49 < mos6502> but the error isnt packet loss or resets 09:49 < mos6502> its no route to host 09:49 < detha> sometimes software reports that if the firewall rejects it 09:49 < mos6502> hmm 09:50 < detha> there's also a whole lot of net.inet6 sysctls that may need tweaking 09:52 < mos6502> detha: pass in on egress inet6 and pass out on egress inet6 should do? 09:52 < mos6502> holy shit it worked 09:52 < mos6502> detha: thanks man 09:52 < squ> :) 09:53 < mos6502> i kept ruling out pf because of the route thing, i assumed that pf would only hang packets or reset them outright (as i setup 09:53 < detha> it's multicast, so 50/50 firewall or it doesn't use the right interface 09:54 < detha> now to narrow rules down a bit, but you can at least run tcpdump, and see what you have to allow 09:55 < mos6502> neighbradv and neighbrsol should be allowed yea? 09:55 < mos6502> routeradv and sol as well 09:55 < mos6502> adn then echoreq 09:55 < detha> yup 09:55 < dminuoso> Haris: Its possbile indeed. 09:55 < detha> and packettoobig or whatever it's called 09:56 < Haris> opening it up. its out of warranty anyway 10:23 < mos6502> goddamnit my isp rate limited my dhcp 10:29 < Atro> wat 10:29 < mos6502> that or i screwed something up adn i suspect that may be the case 10:34 < craz> Is there any valid reason to why ifAdminStatus is 1 and ifOperStatus is 2, or does that always indicate a problem? 10:38 < dminuoso> craz: admin status just indicates whether its *available* for operation 10:39 < dminuoso> craz: oper status however indicates whether there's an active link. 10:40 < dminuoso> iow: An "admin up" status is necessary but not sufficient for a link. 10:40 < mos6502> detha: i have no idea what i did but now it just sits at "soliciting a DHCPv6 lerase" 10:40 < mos6502> lease* 10:40 < craz> dminuoso, okay, so for monitoring purposes I have to know if oper status 2 for an interface is bad or not, I cant deduct it from the other values? 10:40 < mos6502> even with the more liberal rules back in (pass in on egress inet6, same but out) 10:40 < dminuoso> craz: I dont know what you want to monitor for exactly. 10:41 < dminuoso> craz: admin down means someone "shut down the port" 10:41 < dminuoso> craz: oper down means "there is no link" 10:41 < dminuoso> (for whatever reason) 10:41 < dminuoso> admin down is sufficient for oper down. admin up is necessary for oper up. 10:42 < detha> mos6502: tcpdump, see if it actually gets a lease from the isp 10:45 < dminuoso> craz: So whether oper status 2 is bad depends on what you are monitoring. oper status 2 might happen if someone pulls the plug. or if they shut down the link on their end 10:45 < dminuoso> It might indicate a problem if you live on the assumption that the link must, at all times, be up. 10:47 < mos6502> detha: i dont see dhcpv6 packets but i may doing this wrong 10:48 < mos6502> i only see solicit packets 10:54 < detha> mos6502: if you are sending solicits, and the ISP isn't sending you anything that looks like a lease, I would blame the ISP 10:54 < mos6502> detha: i think ill test by plugging into something else 10:54 < mos6502> hold on 11:03 < mos6502> ... it works with a different device 11:12 < djph> is that "different device" perhaps the one that was plugged in previously? 11:13 < detha> mos6502: what size subnet does it give you? 11:15 < mos6502> 64 11:19 < detha> in your dhcpd config, are you asking for any particular size or just 'give me something please' ? 11:19 < mos6502> give me something please 11:19 < detha> theory says it should work then.... dunno. 11:20 < detha> is there a way you can see what the other device sends out as request? 11:21 < mos6502> i have nothing on that device to test with 11:21 < mos6502> i could try tho 11:21 < mos6502> but hold on 11:22 < mos6502> this worked fine a few minutes ago 11:22 < mos6502> and it just went bad 11:23 < linux_probe> DHCPv^ towards ISP? 11:23 < linux_probe> what ISP 11:23 < mos6502> act fibernet (india) 11:23 < linux_probe> most only allow certain specific sizes 11:23 < linux_probe> and india, do they even have ipv6? 11:23 < mos6502> i suspect they rate limited me or something 11:23 < mos6502> yeah they do 11:24 < mos6502> it works on a different device 11:24 < linux_probe> I cannot help there, youre one of the first Ai;ve seen heere asking 11:25 < mos6502> they wo 11:25 < mos6502> wont put me through to acutal support 11:25 < mos6502> i subbed to a static ipv4 address 11:25 < linux_probe> kind of sounds like touyr ISP isnt sure what to do 11:26 < mos6502> they only want to tell me 11:26 < mos6502> what my ipv4 is 11:26 * linux_probe look sat hands and kjeybord, y u phail! 11:26 < mos6502> "just set the ipv4 to dhcp and it will be fine" 11:26 < linux_probe> they likely dont know what ipv6 is 11:26 < mos6502> yet they implement it 11:27 < linux_probe> it may be link local only 11:27 < linux_probe> from routing node to you 11:27 < mos6502> its not, its global scope, routed and everything 11:27 < mos6502> ive hosted shit on it for the past week 11:27 < linux_probe> lol 11:28 < linux_probe> orly 11:28 < mos6502> pfsense had it all working fine but pfsense has its own issues 11:28 < linux_probe> LOL 11:28 < linux_probe> ISP \ 11:30 < TandyUK> mos6502: youre the first indian isp users a) ive even seen with static ipv6, b) who gets v6 _at all_ 11:31 < TandyUK> er static ipv4** 11:31 < TandyUK> most of your country is buried behind the evils of CGN 11:31 < mos6502> it would be great if they didnt use 10.0.0.0/8 for CGN lol 11:31 < mos6502> but yea 11:31 < mos6502> when i got hit with it i bought the ipv6 package 11:31 < mos6502> and then last month, wham, ipv6 11:31 < TandyUK> yeah its not like 100.64 is designated for anything ;) 11:32 < mos6502> but i may have a hunch on how to make pfsense not suck a lot anymore 11:32 < mos6502> i really don't want to though 11:32 < mos6502> because i'd rather control my firewall completely 11:33 < mos6502> and understand it all 11:34 < linux_probe> nogh said? https://www.nextnature.net/2014/05/diy-wire-networks-in-india/ 11:34 < linux_probe> lel 11:34 < mos6502> TandyUK: a lot of mobile carriers are switching to ipvt6 a lot tho 11:35 < squ> linux_probe: images not loading 11:35 < linux_probe> likely a good thing or blcoked by cbineisum/indian country :)) 11:35 < squ> https://www.economist.com/node/21559977 11:36 < squ> more pics here 11:36 < djph> have a feeling said carriers are gonna get it wrong 11:36 < mos6502> thats not entirely inaccurate 11:36 < djph> I mean, hell, even here they get it wrong :( 11:36 * linux_probe hets cranky and rids of said carriereas 11:36 < squ> https://www.economist.com/sites/default/files/blackout11.jpg 11:36 < squ> :) 11:36 < linux_probe> thenw gaun they all get psissy when bought t and cry wolf 11:37 < linux_probe> >_> AS IF THEIR GARBAGE WAS GOOD TO START WOITH 11:38 < linux_probe> perhaps we should just quit blowing %$$$$ as a whole , meaning USA no longr provide releief, help, antibiotics and water to any 11:38 < linux_probe> why keep helping to curb natural selection and poor areas 11:38 < linux_probe> >_< 11:39 < linux_probe> go agaimst nature too much? natue fughts back 11:39 < linux_probe> nature will win in the end 11:39 < mos6502> linux_probe: heaven forbid lack of foreign aid might force these economies to develop 11:39 < linux_probe> welcome to the planet earth 11:40 < TandyUK> I didnt realise electricians was a needed type of foreign aid! 11:40 < TandyUK> I look at that pylon photo and am suddenly in a cold sweat 11:40 < linux_probe> ovre-developed earth = earth itself curbing it 11:40 < squ> common sense is rare resource 11:40 < linux_probe> natural disasters? 11:40 < mos6502> out houses have very little wood 11:40 < mos6502> our* 11:40 < linux_probe> as they scream GLOBAL WRMING 11:40 < TandyUK> mos6502: you think thats why im concerned? 11:41 < mos6502> most electrical issues are safer 11:41 < mos6502> TandyUK: lol 11:41 < linux_probe> how does thast brick work out in earth quakes, flooding and massive fires 11:41 < linux_probe> lepoof 11:41 < mos6502> very very few earthquakes 11:41 < linux_probe> "lilpig lil pig, let me in" 11:41 < linux_probe> coming soon 11:42 < linux_probe> brim andfire to india =p 11:42 < mos6502> re massive fires: they dont really happen 11:42 < linux_probe> no tmuch haoens in india it seems 11:42 < mos6502> floods tho 11:42 * mos6502 shudders 11:42 < linux_probe> I need to give uo and go sleep some, my old man hands are stuppered 11:42 < djph> getting zapped by 220 VAC because the shithead who put in the service? 11:43 < linux_probe> and by old man I mean not age 41 >_< 11:43 < Mead> the funny thing about modern brick buildins is that it is just a facad and not structural, most are still wood frames and burn just as easily. 11:43 < linux_probe> djph~ own fault 11:43 < TandyUK> Mead: speak for your own country lol, in the UK at least, we still know how to build houses 11:44 < squ> india should use weaker electricity power perhaps, for safety 11:44 < Mead> TandyUK: I thought the council stopped new construction in the 1990's 11:44 < TandyUK> put the whole country on 48v ac lol 11:44 < TandyUK> Mead: who said anything about them being council houses? 11:44 < squ> TandyUK: why not 11:44 < TandyUK> you are allowed to build your own you know lol 11:45 < Mead> TandyUK: don't you need planning approval? 11:45 < Mead> from the nanny state? 11:45 < TandyUK> as with _any_ building, yeah 11:45 < mos6502> we are pure 240v 11:45 < detha> squ: please enforce that law 11:45 < squ> detha: ok 11:45 < mos6502> we have a nanny state 11:45 < mos6502> just a drunk, overworked, ignorant nanny 11:46 < mos6502> who occationally locks us in our room 11:46 < mos6502> but then sets fire to the couch 11:46 < mos6502> and tries to blame us 11:46 < Mead> sounds down right awful, so glad my ancestors left in the 16th century. They would rather deal with Indian attacks and starvation than be in the UK. 11:46 < TandyUK> hmm we'll have to agree to disagree there. I prefer building codes that mean we dont have building built so cheaply they randomly collapse under their own weight 11:47 < squ> if people like it, why not? 11:47 < TandyUK> oh no, sorry it seems that is your neighbours in bangladesh that suffered that one 11:48 < Mead> Yeah... building codes. https://en.wikipedia.org/wiki/Ronan_Point https://en.wikipedia.org/wiki/Grenfell_Tower_fire 11:48 < squ> TandyUK: we have houses here with 1 meter thick walls, but somewhy people like thin walls or even glass buildings 11:48 < TandyUK> though there have been plenty of similar, just less severe in india 11:49 < TandyUK> Mead: yes, and those building codes are what mean the people responsible for that a) will never be building again, b) are likely to get long prison sentences 11:50 < TandyUK> theres also a whole load of buildings that have been stripped because of the very same codes 11:50 < djph> TandyUK: (c) pay shittons of money to people 11:50 < TandyUK> djph: dont hold oyur breath on the last one 11:50 < djph> TandyUK: well, yeah, after the raping that they get from the courts .... 11:50 < squ> any ubiquiti users here? 11:51 < mcdnl> yes 11:51 < squ> mcdnl: check out how it is made https://www.youtube.com/watch?v=dTPN0eHo_bg 11:51 < mcdnl> though you'd be better grabbing a firethrower and burning them down 11:54 < squ> https://twitter.com/doctorow/status/988515441550286850 11:54 < squ> mos6502: are step wells still popular ? 11:55 < djph> mcdnl: now now, in the interests of international trade, it's "not a flamethrower" 11:56 < mcdnl> i meant the ubiquiti devices 11:56 < mcdnl> not the users, my bad :< 11:59 < djph> mcdnl: I was making a joke about the Boring Company's "Not a Flamethrower" that Elon Musk put out 12:00 < mcdnl> oopsie 12:01 < squ> what joke? 12:01 < squ> :) 12:27 < gallax> new Melon car model "Tesla Rapid Immolation" 12:28 < TotallyNotKim> Melon Eusk? 12:28 < gallax> TotallyNotKim: Melon Mask 12:29 < gallax> "Tesla with built-in flamethrower' 12:29 < TotallyNotKim> but they point behind and are merlin engines 12:30 < TotallyNotKim> that would be one kind of a "car", for sure 12:50 < huwjr> is there a work around or enterprise feature for this? https://support.cloudflare.com/hc/en-us/articles/200169076-Can-I-CNAME-a-domain-not-on-Cloudflare-to-a-domain-that-is-on-Cloudflare- 12:51 < huwjr> customer domain -> cname -> my domains A record (with proxy on) 12:51 < huwjr> a redirect is not an option and i’d rather not disable cloudflare 12:58 < detha> huwjr: cloudflare serves what the Host: header asks for. Tell them your customer's domain, and they will serve it. 12:59 < huwjr> where/how? 12:59 < detha> Tell cloudflare that yourcustomer.example.com is backed by your server 13:00 < huwjr> is there an api for that? under specific plans 13:00 < detha> no idea, ask their support 13:01 < huwjr> that’s why i’m here :) 13:01 < huwjr> but thanks - good to know it is possible! was starting to worry 13:02 <@xand> this isn't cloudflare support 13:02 < detha> as far as I remember, cloudflare is one of the cdns that wants to take over your DNS to put their cnames in, but I could be wrong 13:03 < detha> so you might have to delegate customer's DNS to them 13:08 < pavel_odintsov> Cloudflare has options to use their CDN without changing DNS 13:09 < pavel_odintsov> https://support.cloudflare.com/hc/en-us/articles/200168706-How-do-I-do-CNAME-setup- 13:17 < mos6502> What the fuck my ISP is setup to let me PXE boot to a cracked windows 10 installer 13:18 < Haris> does strongswan support 3des, md5, dh gr 2 ? 13:18 < gallax> mos6502: looks highly practical 13:18 < mos6502> HAHAHAHAHA WHAT WERE THEY THINKING 13:19 < gallax> mos6502: helping you out with free functionality 13:20 < mos6502> Lol 13:20 < gallax> mos6502: is it hard to configure m$10 to do PXE boot? 13:20 < mos6502> I don't know 13:20 < gallax> for linux loos hard as hell. 13:22 < TandyUK> gallax: neither are particularly hard to setup once you understand how PXE/tftp works 13:22 < TandyUK> the more annoying thing is windows lack of case sensitivity, and making sure all files are named how windows clients actually ask for them 13:23 < TandyUK> i use cobbler for all my linux deployments, and WDS for anything windows 13:23 < TandyUK> plain debian install from pressing power button, to working OS is about 5 mins tops 13:23 < TandyUK> windows is a lot longer, but still nothing like as slow as installing off a cd / slow usb stick 13:23 < gallax> TandyUK: in which situation is useful PXE? (I am a desktop user) 13:24 < TandyUK> PXE is useful for deploying lots of machines 13:24 < squ> TandyUK: some recent ryzen supported nvme raid 13:24 < TandyUK> eg, you run a business and have 50 machines, and want them all identical, you need a single pxe option, which can then be scripted to pre-install all relevant software you need, join pcs to domain, etc etc 13:25 < TandyUK> also when a machine fails, screw trying to fix windows, just f12, network boot, and reinstall a clean OS 13:25 < TandyUK> 10 mins later, youre back to 'normal' whatever that is 13:25 < gallax> rofl! 50 m$$ bootnig out of one mbr?? 13:25 < TandyUK> just obviously make sure no data is stored locally 13:25 < TandyUK> gallax: wtf?? 13:26 < TandyUK> the mbr is on the machine you are deploying _TO_ 13:26 < gallax> -> single boot, multiple instances. 13:26 < TandyUK> so you have 50 machines, with 50 mbrs, and 50 seperate windows install 13:26 < gallax> interesting. 13:26 < TandyUK> PXE can also be very useful for booting various live cd's, recovery cd's etc etc 13:27 < huwjr> The main problem i see here is windows 13:27 < huwjr> :D 13:27 < TandyUK> go google Windows Deployment Services (WDS) 13:27 < TandyUK> and/or cobbler for any sort of *nix distro 13:27 < gallax> TandyUK: thanks 13:27 < tds> ^ if you've got every machine attached to a console server, being able to reboot the box remotely, pxe boot a linux distro and go and fix whatever is very useful 13:28 < TandyUK> personally i have everythign pxe boot from my cobbler machine, and chain load this off to the windows server from a menu option 13:28 < TandyUK> eg, you boot (and with no profile assigned), get a nice "which OS would you like" menu, with Debian, Ubuntu, Centos, and Windows 13:29 < TandyUK> choose widows, and it goes off to speak to the WDS box, which gives a windows specific version of the same thing 13:29 < gallax> TandyUK: is cobbler a liveCD?? 13:29 < squ> can you come into office and boot home os, instead of carrying laptop from home 13:29 < TandyUK> if you assign profiles/systems, you can identify machines by MAC, and auto deploy the relevant OS, iuncluding for example NIC settings 13:29 < TandyUK> gallax: no 13:30 < TandyUK> cobbler is an application (family) 13:30 < TandyUK> http://cobbler.github.io/ 13:31 < TandyUK> it also integrates fairly well with ansible (ansible site.yaml == exported cobbler list of systems) 14:00 < spaces> all networks sexy ? 14:00 < mawk> of course 14:00 < spaces> pics or it didn't happen 14:04 < CuriosTiger> Careful what you wish for. 14:07 < TandyUK> spaces: sexy networks: https://i.redd.it/lzaw43ery7311.jpg 14:16 < regdude> can I have more of this type of porn? 14:19 < Haris> anyone established strongswan <-> ASA ipsec l2l tunnel ? 14:20 < Haris> stuck at ---> charon: 05[IKE] received INVALID_ID_INFORMATION error notify 14:21 < TandyUK> regdude: reddit.com/r/cableporn 14:22 < regdude> turns out that is a thing 14:22 < zamba> we have a strange issue.. i can see the ntp client request going out.. i can see it coming in on the ntp server and i can see the ntp server response leaving the ntp server.. but it never arrives at the client.. 14:22 < zamba> any idea how to debug this? 14:22 < zamba> i can ssh just find 14:23 < zamba> fine* 14:23 < zamba> and i can icmp ping just fine 14:23 < TandyUK> zamba: find the firewall in between that is dropping it 14:24 < zamba> TandyUK: same subnet 14:24 < TandyUK> so? 14:24 < zamba> meaning: no firewall 14:24 < TandyUK> you dont need a _router_ but nothing says you cant have multiple firewalls between the 2 hosts 14:24 < TandyUK> like the one on the ntp server, and the host making the request, for a start 14:25 < zamba> TandyUK: if i tcpdump on the ntp server side and i can see the ntp server request going out, then that's after the firewall 14:25 < zamba> so it has to be on the ntp client side 14:26 < TandyUK> or its somethign in between 14:26 < TandyUK> follow the cables 14:27 < dogbert_2> m000000000000000000 14:33 < spaces> dogbert_2 methane gas out of your ass ? 14:34 < dogbert_2> nawwww 14:34 < spaces> is it burning baby ? 15:39 < skyroveRR> Ahoy TandyUK 16:45 <+catphish> i'm back 16:46 < UncleDrax> welcome back kotta 16:53 < iateadonut> i'd like to point a domain to one server (with an ip address) and have it serve content from another server. is there a way to do this, like a squid proxy? 16:54 < kottt> uh... well, there's a few... can you be more specific about what you're trying to do? 16:54 < cyberz> hello, anyone with a bit of experience in Ubiquity hardware? I've got an ubiquiti long range AP, and I'm feeling happy with it; so now I'd like to get an ubiquiti repeater that I can also manage from the wifi controller. Which product should I use then? 16:55 < kottt> what kind of content is being served, how is it accessed? 16:55 < kottt> @iateadonut 16:55 < iateadonut> kottt, our web service provider serves WP sites. they can only grant 1 ip address to be directed to this server. 16:56 < iateadonut> one customer wants a different ip address for each site (for reasons unknown), so i was thinking we could point the DNS to an ip address on one of our servers, and tunnel through to the WP service provider. 16:57 < kottt> so no matter what in that situation, content is going to come originally from the WP service provider 16:57 < iateadonut> correct. 16:58 < kottt> find out why the customer thinks this is important i guess 16:58 < tds> I'd certainly do that first before potentially wasting v4 space like that 16:58 < kottt> yes... 16:59 < iateadonut> right. it's pretty dumb. but is it possible besides through squid3 or do you think there's another way? 16:59 < kottt> but i mean... 301 redirects maybe? set up apache websites that re-host the WP pages in an HTML frame (lol ew) 16:59 < tds> there are lots of options for http reverse proxies (eg haproxy, nginx, apache, whatever) if that's what you want 16:59 < tds> heh, I guess a redirect would do it as well 17:00 < iateadonut> kott, yeah, that sounds like a really bad way to do it. 17:00 < iateadonut> so i should google 'reverse proxy'... 17:06 < iateadonut> but it's all pretty silly because a apache reverse proxy is supposed to be a gateway on a LAN, right, so this would slow down page load times by half. 17:11 < tds> that would be a forward proxy - a reverse proxy is designed for this purpose (eg you might use it to load balance between multiple backend servers, terminate ssl in front of a http only web server, etc) 17:11 < tds> the apache docs for mod_proxy have a nice explanation 17:21 < rtmataeu34> hi i had a silly question- what IRC on linux do ya'll like using? 17:22 < compdoc> freenode 17:22 < rtmataeu34> you mean the web IRC compdoc 17:22 < rtmataeu34> ? 17:22 < compdoc> you must mean irc client :0 17:22 < rtmataeu34> :D 17:23 < rtmataeu34> i walked right into that 17:23 < rtmataeu34> yes 17:23 < rtmataeu34> no sleep* 17:24 < djph> rtmataeu34: irssi, though I hear weechat is decent 17:25 < tpr> weechta is nice, allows also remote connections (e.g. via a mobile app) 17:25 < tpr> irssi used to be the client back in the days, but weechat has overtaken it some years back (allows also nicer scripting etc.) 17:26 < djph> tpr: I just have irssi chilling in a screen session most of the time 17:26 < redrabbit> irssi > * 17:26 < djph> also, I don't want to learn new keybindings :) 17:26 < rtmataeu34> whats the remote connections for i might ask 17:27 < djph> so you're you when you're not at home (or whatever) 17:27 < redrabbit> i use juicessh for mobile use 17:27 < rtmataeu34> starting to understand now 17:28 < rtmataeu34> been putzing on hexchat so far 17:28 < tds> if you don't mind a fancy modern node.js client, thelounge works quite nicely for use between multiple devices 17:28 < djph> use connectbot here. yeah, people have mixed feelings about it 17:28 < rtmataeu34> tried bitchx and didnt like it much 17:29 < redrabbit> irssi is still in dev 17:29 < redrabbit> not deprecated at all 17:29 <+catphish> rtmataeu34: hexchat 17:29 < djph> redrabbit: who said it was deprecated? 17:29 < rtmataeu34> yeah! 17:29 <+catphish> i wish hexchat had more functionality, like inline content 17:29 <+catphish> but i really like it 17:30 < rtmataeu34> ive been ok with it 17:30 < redrabbit> djph: idk 17:30 < tpr> djph: yeah, I used to have too. nowadays it's weechat chilling in a screen session :P 17:30 < tpr> djph: iirc i just simply adjusted the bindings to what I used to have in irssi 17:30 < tpr> djph: although I nowadays prefer much more to use alt+a instead of, e.g., alt+r or so 17:30 < djph> tpr: yeah, but this works :) 17:30 < tpr> (for taking me to window 14) 17:31 < redrabbit> i like irssi for its lean nature 17:31 < tpr> weechat is also lean ;-) 17:32 < tds> I used to use znc + hexchat, I've found thelounge much nicer though 17:32 < tds> but that's the complete opposite of weechat/irssi ;) 17:46 < rtmataeu34> changed the interface for like a black grey /solarized sort of thing 17:46 < rtmataeu34> just the main window is still slate gray 17:46 < rtmataeu34> :D 17:46 < rtmataeu34> and all the trims 17:46 < sameh4> dumb question here: I am researching Pi Zero to Pi Zero communication (without an intermediate; a WiFi router or the like). One option is wireless serial, but I am curious, can two WiFi cards talk to each other without a router? 17:47 < skyroveRR> sameh4: google "ad hoc wireless networking" 17:47 < sameh4> thanks man! 17:47 < sameh4> checking now 17:48 < sameh4> skyroveRR: exactly what I needed! thanks! 17:48 < skyroveRR> :) 18:07 < will917823> Hey 18:07 < skyroveRR> Howdy 18:07 < acos> Hola 18:07 < will917823> I noticed something odd just now 18:07 < skyroveRR> Ok 18:07 < will917823> http://excess-baggage.heathrow.com/ <-- goes straight to an iDRAC? 18:08 < skyroveRR> lol 18:08 < will917823> this is an Airport 18:08 < acos> Wrong port haha 18:08 < will917823> yeah err how should could I inform that something has gone awry? 18:09 < skyroveRR> will917823: how did you notice? :P 18:09 < acos> Call their tech contact? 18:09 < will917823> is that in the whois? 18:09 < will917823> @skyroveRR literally wanted to check excess baggage 18:12 < acos> Hope nobody guesses the password and shuts down a server 18:12 < Sout> dm people on twitter, that is how everthing is done these days 18:12 < skyroveRR> DM the important ones responsible. That shouldn't be /s. 18:16 < Haris> strongswan output for an ikev1 peer says ---> received NO_PROPOSAL_CHOSEN error notify <--- what does it mean ? 18:16 < acos> https://www.heathrow.com/more/contact-us 18:16 < acos> https://mobile.twitter.com/heathrowairport 18:17 < will917823> Have emailed the webmaster and put in a query ticket 18:17 < acos> Then you all set 18:18 < will917823> fingers crossed they sort it 18:18 < will917823> did scour that page for a tech contact but there's none on there 18:19 < craz> So I have this physical machine that someone else installed and they say eth0 and eth1 are both connected, and I am now trying to create a bond and get the network working (connecting via ilo). The bond gets created, and from what I can see (not very good at this), things look fine, but I cant ping the gateway. Anyone able to give any clues to what could be wrong? 18:21 < acos> Their server is under warranty till 2020 haha so they set 18:21 < will917823> :P 18:22 < acos> Good on them leaking the service tag 18:23 < will917823> Remember the ebay scams where they would transfer the service tag into another account? 18:23 < TandyUK> yeah someone plugged the network cables in back to fron methinks 18:23 < acos> Not going to check if they left default password. 18:23 < TandyUK> stupid "smart hands" lol 18:23 < TandyUK> I had a 'smart hand' kill the power to the wrong _rack_ once before lol 18:24 < TandyUK> 2 racks, one making shitton of noise, the other virtual silent (as everything pretty much was off) 18:24 < TandyUK> which do you reckon they pulled from the busbar lol 18:24 < will917823> the quiet one? 18:24 < TandyUK> ofc not :) 18:24 < will917823> hahaha 18:24 < TandyUK> this is why you arent a "smart hand" 18:25 < TandyUK> antoher classic is them pulling the GOOD drive in a raid1 array with a failed disk 18:25 < TandyUK> had that on more than one occasion 18:25 < TandyUK> ^^ exemplifies why "RAID IS NOT A BACKUP" 18:25 < rtmataeu34> craz are you missing your gateway listing in the bond? 18:26 < craz> rtmataeu34, my ifcfg-bond0 contains GATEWAY="10.0.0.1" if thats what you are asking 18:26 < rtmataeu34> what about the routing table 18:26 < acos> If the good drive is pulled can it be reinstated? 18:26 < rtmataeu34> current routing table* 18:28 < craz> default via 10.0.0.1 dev bond0 proto static metric 300 18:29 < TandyUK> acos: with some much more careful hands, usually yes 18:29 < TandyUK> depends what it was doing though 18:29 < acos> It might be marked GONE 18:30 < acos> On the controller lol 18:30 < TandyUK> if it was a db server for example, expect it to be fubar 18:30 < acos> Makes sense. Good luck craz 18:48 < yuppie> hello all 18:48 < yuppie> anyone have suggestions on a medium sized business network gateway? 18:50 < TandyUK> what do you call medium sized? 18:50 < TandyUK> 100 clients, 1000? 18:50 < UncleDrax> and are you just doing NAT/Firewall, or also expecting a ton of VPN sessions too? 18:50 < TandyUK> ^^ and this, and do you want any 'L7' features, eg blocking facebook 18:52 < yuppie> well we currently have a Ubiquiti USG 4 Pro 18:52 < yuppie> and its rebooting under high throughput conditions 18:52 < yuppie> so we're thinking we need to upgrade 18:53 < yuppie> also, it'd be nice to have high VPN throughput, as close to 1Gbps as possible 18:53 < yuppie> i was looking at the meraki MX 250 but they're saying its a little too expensive 18:53 < yuppie> i wish the USG XG 8 was available but its still in beta/sold out 18:54 < yuppie> currently we have 100 clients 18:54 < yuppie> but we're adding more 18:59 < yuppie> its kinda lame how Unifi does not list their VPN throughput speeds 18:59 < Haris> I think they require their gateway device to do that 18:59 < Haris> spend $$$ 19:00 < yuppie> Haris: yeah their gateway is what i have USG 4 Pro 19:01 < Haris> that was a sadistic joke .. as per the knowledge I have of what they want one to do 19:08 < acos> Sonic wall tz? 19:15 < TandyUK> VPN speed will vary depending how strong the encryption is 19:15 < TandyUK> better encryption == slower basically 19:15 < TandyUK> noone wants to tell the world they can only handle 20mbps throughput at 4096bit 19:18 < Haris> even with the aesni chips ? 19:18 < Haris> I make my ssh keys 4096 bit 19:18 < Haris> I can see how much time they take in getting checked when I connect somewhere 19:19 < TandyUK> indeed, so imagine that on every single packet 19:21 < pavel_odintsov> number of NICs can do compression on near line rate 19:21 < pavel_odintsov> but usually they are expensive as hell (thousands of bucks) 19:21 < alesan> about SSL and redirects: I would like to connect to a SSL connection through a SSH port forwarding (-L option) 19:21 < pavel_odintsov> I mean encryption, sorry :) 19:21 < alesan> the SSL connection complains but this is what I would like to do 19:49 <+catphish> alesan: SSL TLS is likely complaining about the hostname not matching, the only fix is to add a hosts entry 19:54 < alesan> catphish, interesting 19:54 < alesan> so I add a hosts entry that matches the remote host name to 127.0.0.1? 20:05 <+catphish> alesan: yes, then if you use the name, it should be happy 20:06 <+catphish> one of the main things TLS checks i sthe hostname matches the certificate, else it wouldn't be much use for protecting anything :) 20:07 <+catphish> *checks is the 20:14 < spaces> lol tehese people that are complaining that instagram is having issues... get a life ? 20:19 < djph> spaces: maybe we'll get lucky and it'll be dead for a while 20:28 < spaces> djph let's hope so! 20:37 < fly_agaric> hello guys, are there any disadvantage if you build a ring with single mode cables instead of multimode cables? specially with san switches and normal network core and edge 20:38 <+pppingme> fly_agaric cost of optics.. how big of a ring? 20:39 < fly_agaric> 8 switches and 2 core switches 20:40 < fly_agaric> no san switches right now 20:40 <+pppingme> I mean distance.. 20:41 <+pppingme> is this a ring of floors? a ring of buildings? a ring around the city? or what? 20:41 < fly_agaric> more then 300 meters 20:41 <+catphish> fly_agaric: there's no disadvantage, i have no idea why you'd use MM 20:41 <+pppingme> 300 meters for total ring, or longest hop? 20:41 <+catphish> maybe it's cheaper, but the difference sees negligable 20:41 < fly_agaric> longest hop maybe more 20:42 < fly_agaric> it can vary its in the planning right now 20:42 <+catphish> the resounding opinion i hear is that SM is better 20:42 < Apachez> a starfleet command of apartments 21:27 < tonsofpcs> Looking for suggestions on an NMS that can handle snmp from non-standard (not HP, not Cisco, not anything you've ever heard of) systems and automated logging on a specific timetable (say every n hours). Suggestions? Web-based interface preferred but I'll run it on any platform imaginable. 21:37 < ALowther_> What are the best resources/recommendations for learning ipv6? 21:38 < Apachez> https://www.youtube.com/watch?v=Vl1VTm5vtnY look at ma car! look at it!!! 21:38 < Apachez> ALowther_: various design guides out there 21:41 < ALowther_> Apachez: Different network implementations, I presume? I understand the basics, I am looking maybe for a good book/articles to help me move forward in the theory of it. 21:44 < SwedeMike> ALowther_: you can start with something like https://www.ripe.net/support/training/material/basic-ipv6-training-course/BasicIPv6-Slides.pdf 21:44 < ALowther_> SwedeMike: 138 slides. Okay, thanks. :) 21:46 < SwedeMike> ALowther_: ripe has other ipv6 training material if you prefer other format 21:46 < SwedeMike> there are other orgs that have training material as well 21:54 < ALowther_> SwedeMike: This seems cool! Do you have the names of some of the other organizations? 21:56 < tds> he have their little cert thing which is nice for learning the basics (and you get a t shirt :), and there's their 6in4 tunnelbroker if you don't have native v6 as well 21:57 < TandyUK> im tempted to redo the he cert just to get a new tshirt 21:57 < TandyUK> my old one is rather worn lol 21:58 < ALowther_> I'll check it out. I've heard HE's cert, from a learning/theory standpoint is rather basic. 21:59 <+catphish> yeah it's pretty pointless 21:59 < tds> ...but you get a t shirt, I wouldn't call it pointless ;) 22:00 < ALowther_> tds: :p 22:00 <+catphish> you do get a t-shirt :) 22:00 <+catphish> i have one! 22:00 < ALowther_> I don't really care about a cert that is recognized by the industry. I am more looking for understanding for self-development 22:00 <+catphish> just build your own network 22:02 < ALowther_> Is this the latest, as far as you all are aware? 22:02 < ALowther_> https://tools.ietf.org/html/rfc8200 22:10 <+catphish> ALowther_: i doubt the rfc is a great way to learn about ipv6, but yes, i think that rfc you linked to is the current standard 22:10 < ALowther_> When something is brand new(I know IPv6 isn't), how do people first come to learn about things? 22:12 <+catphish> regardless of age, the obvious answer is to play with them, run them, maybe even implement them 22:13 < alesan> the wikipedia page about something usually helps too 22:14 <+catphish> as far as getting information, there's wikipedia, the RFC, and other simpler guides people write explaining them that can be found with google, also manuals for existing implementations 22:16 < ALowther_> catphish, alesan: Good thoughts, thank you. 22:16 <+catphish> good luck! 22:19 < detha> ALowther_: on your 'when something is brand new' question: people sit on the standard committee and define it, or follow the standards committee's mailing list and drafts. 22:19 < detha> (some have said standards are like sausages - it's better not to know how they are made) 22:31 < logit3ch> hi there...i need someone to teach me something about wordpress...please, if you think that you are a crack in the deep wordpress, please, send me a pv 22:32 < sameh4> I am reading about ad hoc wireless networks and their auto conf. This IETF is pretty simple and easy to follow, but it's from 2010 https://tools.ietf.org/html/draft-perkins-manet-autoconf-00 22:33 < sameh4> I am curious if anyone has experience with this type of thing? My aim is that when an Rpi zero is turned on for the first time, it joins an ad hoc LAN without knowing the subnet being used. Which I don't think is possible, right? 22:34 < sameh4> btw that internet draft says to randomly pick an addr in 169.254/16, but that seems like it's too hard to get many manufacturers to do that! 22:41 <+catphish> sameh4: it's completely up to you, choose whatever IPs / subnet you want 22:42 < sameh4> @catphis but how can I reach devices of other manufacturers? 22:42 <+catphish> sameh4: i'm pretty sure it would be possible to configure linux to choose a random IP from 169.254/16, but it's 2018 so you should really just use ipv6 LL addresses 22:43 <+catphish> sameh4: what do manufacturers have to do with it? 22:43 <+catphish> it seems like you're confusing layers here 22:43 < patarr> What protocol is used underneath the SSL in Cisco AnyConnect? 22:43 < sameh4> @catphish I think you are right 22:44 <+catphish> sameh4: ip addressing has absolutely nothing to do with the physical card / manufacturer or whether the network is ad-hoc or has an access point 22:44 <+catphish> you configure the *physical* network first, then simply choose whatever IP addresses you like on top 22:44 < sameh4> so let's say I manufacture a device that wants to connect to other devices from other manufacturers; the devices no nothing about each other and have no addresses 22:44 < purplex88> i need a small utility 22:45 < purplex88> to tell me download / up speed in system tray (windows 8) 22:45 < purplex88> i guess all of you know of such thing 22:45 < sameh4> I turn my device on, and another device from another manufacturer, how can they find each other without some standardized addressing 22:46 < sameh4> these are headless devices btw 22:47 < detha> sameh4: there are a number of discovery protocols, most relying on broadcast or multicast 22:47 <+catphish> sameh4: with ipv6, this is solved, devices will all have a random ipv6 address, and you can use local multicast addresses to communicate 22:48 < sameh4> @catphish @detha I see, OK, you've answered my questions! 22:48 < sameh4> thanks guys! 22:48 <+catphish> but even then, you still need a way to discover the addresses of the other devices 22:48 <+catphish> same with ipv4, except there's no standard addressing scheme, apart from 169.254/16, 22:48 <+catphish> which many devices won't use 22:48 < sameh4> what's the name of a good/simple discovery protocol in your guy's opinions @catphish @detha 22:48 <+catphish> imo theres no way to achieve this unless you control all the devices 22:49 <+catphish> but you probably do, since they probably all run the same software 22:49 <+catphish> no, you don't do this unless *you* are making the software 22:49 < quesker_> I am on the same segment with a box that either has some random static ip or dhcp. how can I connect to it without knowing the ip? 22:49 <+catphish> quesker_: you can't 22:49 < sameh4> catphish : that was my concern! I wont control all the software 22:49 <+catphish> quesker_: you can try to figure out its IP by sniffing its packets 22:50 < redrabbit> nmap 22:50 <+catphish> sameh4: so, what's the purpose of this? 22:50 <+catphish> you can't realistically nmap 0.0.0.0/0 22:50 <+catphish> maybe with different specialized software 22:50 < sameh4> distributed compute by IoT devices 22:50 < Peng_> [ catphish's printer explodes ] 22:50 < quesker_> ok. I thought I read something that suggested that if you know the mac you could add an entry to your arp table and assign an ip to it so you could telnet to it. sounded too good to be true 22:51 <+catphish> sameh4: right, but IoT devices traditionally run known software, that's designed to communicate together 22:51 <+catphish> sameh4: you can't just put 2 IoT devices near each other and hope they know what to talk about 22:51 < sameh4> @catphish yeah I get your point! I can't just look for other devices and ask them to do things unless they have my software 22:51 < redrabbit> I use node red for iot 22:51 <+catphish> sameh4: or maybe you know *their* software 22:52 < sameh4> right! 22:52 <+catphish> sameh4: either way, you need some agreed protocols 22:52 < redrabbit> Try it 22:52 < sameh4> yeah! 22:52 <+catphish> which includes addressing and discovery schemes 22:52 < sameh4> catphish: thanks! nice to have this discussion! 22:55 < MarkusDBX> What did just happen to freenode? 22:55 < MarkusDBX> A ton of people DC at the same time? 22:57 < DoctorDick> those are matrix users 22:57 <+catphish> MarkusDBX: they're all "matrix" users, i guess one large host that houses lots of clients 22:58 <+catphish> https://matrix.org/blog/home/ 22:59 < MarkusDBX> I see 23:01 <+catphish> kinda (completely) off topic, can anyone recommend a beginner text on medicine? i'm looking for a good intro 23:02 <+catphish> been trying to read harrisons internal medecine, but it's more like a reference, i want something that can be read more linearly 23:08 < Mattx> Hey all. I need to send a few post requests to the same rest server. What are the things I should consider to make that as fast as possible? 23:08 < Mattx> First thing I thought is the requests should be made async, and I should use HTTP2 so the socket is reused 23:09 < Mattx> but there may be other things I'm not aware of, like compression 23:09 < Toadisattva> trying to connect to wifi via debian command line with wpa_supplicant, I'm getting a connection then it disconnects with reason code 3 and gives the following error: CMD_RESP: cmd 0x10f error, result=0x2 23:10 <+catphish> Mattx: there are a few things to consider, the most obvious one is how fast can the server at the other end actually process your requests 23:10 < lupine> 2 is possible ENOENT 23:11 < lupine> probably not though 23:11 < Mattx> catphish, that is not that important. I don't need to get the response fast, I need to send the requests fast, as they are processed in fifo order 23:12 <+catphish> Mattx: then you basically want to 1) reuse connections, HTTP 1.1 and later can do this 2) choose an optimal number of connections (simultaneous requests) 23:12 <+catphish> Mattx: that is extremely important 23:13 <+catphish> Mattx: i interpreted this as you wanting to do lots of requests, not just one request as fast as possible 23:13 < Mattx> yes, in general it's 3 requests, and then I have plenty of time to read the response. but those 3 should be processed asap, and in order 23:14 < Mattx> multiple connections won't guarantee they are in order, so that can't be done 23:14 <+catphish> Mattx: well if you want to guarentee they're in order then you need to wait for each one to return before you make the next 23:14 < Mattx> why? can't I just put them in the same socket in order and expect them to be received in that order? 23:15 <+catphish> Mattx: no 23:15 <+catphish> Mattx: not unless you know how the remote infrastructure works 23:16 <+catphish> you could try just sending all 3 down the same HTTP/1.1 socket using pipelining, it will *probably* process them in order, but no guarantee 23:23 < Mattx> catphish, I'm not getting you. how could they reach the server in a different order if I use the same socket? 23:23 < Mattx> specially if it's http2 23:25 < spaces> wtf is wrong with this world, people don't have inspiration for food until they bought a cookingbook again and need to share it on instagram... isn't that like: I actually have no joy in my life on my own at all ? 23:25 < Mattx> catphish, there was a net split. I'm still here, don't know if you replied 23:25 <+catphish> Mattx: i don't know http/2, but regardless of protocol, you shouldn't assume that the other they reach the server is the order they will be processed, servers will handle requests in parallel 23:25 <+catphish> *order 23:26 < Mattx> well even if that's the case I can't change that. I'm trying to improve things in my end 23:27 < Mattx> I wonder for instance if sending the params as part of the URL or as part of the POST body makes any difference 23:27 <+catphish> Mattx: no differece 23:27 < Mattx> even if the body is compressed? 23:27 <+catphish> i can't think how that would matter 23:28 < Mattx> sending less data is always better 23:28 <+catphish> there are things you can try, 1) pipeline requests (this is very standard in http/2, less so, but possible in http1.1 23:29 <+catphish> 2) request and send different compression, sending less data is only better when you have less bandwidth than processing power 23:30 < Toadisattva> wpa_cli got me fixed up 23:30 <+catphish> when it comes to pipelining you're basically guessing how the remote will order requests, but its reasonable to guess they'll be processed in order until proven otherwise 23:30 <+catphish> hard to test though 23:31 < Mattx> it's not hard to test in this case I think, I can check the response and see the id they assigned to each 23:31 < Mattx> anything else you can think of? 23:33 < koala_man> spaces: Instagram is just The Sims where you create a fantasy life for yourself. https://i.pinimg.com/originals/99/45/9f/99459fce9f2b000ef6564b77383108b1.jpg 23:37 < spaces> koala_man yeah the werid thing is that relationships are also based on it, conversations that you have such a great life and people tell you you are fine and have a great life because they like to receive that back as well 23:37 < spaces> koala_man lol that link is pretty it :) 23:47 < koala_man> there was some study that said that if you win a median annual income in the lottery, it increases the bankruptcy rate of your neighbors by 6.59% over 3 years as they try to keep up with you. Like animals with mating displays. 23:47 < spaces> that's true ! 23:50 < yates> is there an option to dig or nslookup that makes it return just the ip address so you can substitute it in a bash command, e.g., "blow-up-this-site `nslookup -cli a.badsite.com`" 23:51 < yates> i looked but didn't see any 23:51 < koala_man> does your tool not accept hostnames? 23:52 < yates> no, it don't 23:56 <+catphish> Mattx: nothing else obvious, just make sure you know how to correctly pipeline requests with http 1 and http 2 23:57 <+catphish> if you have a way to test the order, ideal 23:57 <+catphish> but just be wary that web servers don't process requests one at a time --- Log closed Wed Jun 13 00:00:56 2018