--- Log opened Wed Jun 13 00:00:56 2018 00:08 < spaces> koala_man what I also don't understand is that all these instagram people look like hoo's and yell #meToo when they can 00:40 < jif> best vpn? 00:41 <+pppingme> jif how are you using it? 00:41 < jif> at home, casual, nothing illegal 00:42 <+pppingme> so you're trying to get back into your home net from remote? 00:43 < jif> im at home but just wanrt extra privacy 00:44 <+pppingme> so what are you connecting to? 00:45 < jif> i just want it for more anonymous internet access 00:45 <+pppingme> no such thing 00:45 <+pppingme> vpn's are about making a *secure* connection between two points, they have nothing to do with privacy 00:47 < jif> do you use anything? 00:47 <+pppingme> do I use vpn's? Yeah, for connecting remote sites and being able to work securely to my servers when I'm away from the office 00:49 < jif> would you say a vpn plus incognito mode is better than nothing? what about a vpn + tor/? 00:50 <+pppingme> wtf is a vpn plus incognito mode? 00:50 < spaces> why do I always need to p00p when I'm just in bed ? 00:50 <+pppingme> what exactly are you trying to accomplish with a vpn? 00:50 < jif> more anonymous internet access 00:51 <+pppingme> again, vpn's do NOT give you "anonymous internet access", there simply is no such thing 00:51 < jif> thats why i said more 00:51 < spaces> use windscribe, they are pretty good at it 00:51 <+pppingme> before you start throwing solutions, you have to address your needs.. 00:51 <+pppingme> what or who are you trying to hide from? 00:51 < djph> jif: you just move the "who knows the deviant porn you're watching" from "yr ISP" to "your VPN provider" 00:52 < jif> djph: that's my primary concern 00:53 < djph> that your ISP cares you're watching porn? 00:53 <+pppingme> so you'd rather move who can see what you're doing from someone who doesn't really care (your isp) to someone that probably has some kind of vested interest in your traffic (vpn provider) by injecting malware into your traffic stream, or making it EASIER to track you and your traffic and selling that info? 00:54 < jif> mallware in traffic stream. is that a thing? 00:54 < djph> can be 00:54 <+pppingme> yes its a thing, and many so called "hide your ass vpn providers who swear they don't log" have been caught doing it 00:55 < djph> e.g. redirect ads to their malware server 00:55 < jif> oh im sure 00:55 < jif> they consolidate people that want privacy 00:56 <+pppingme> think about your last statement 00:56 < s7rawman> jif: First you need to figure out your threat model, then asses whether a vpn provides that security. 00:56 <+pppingme> fuse.net could care less if you're watching goat porn or kitty porn, they simply don't care 00:57 <+pppingme> and every vpn provider out there will hand your info over in a heartbeat.. they DON'T protect or hide your info 00:58 <+pppingme> they are more afraid of getting raided than you 00:58 < jif> hmm, well im glad we had this talk 01:22 < wadadli> how does DHCP resolve ip address conflicts? 01:23 < djph> no 01:23 < djph> don't make addr conflicts 01:24 < wadadli> curious, saw the question on glassdoor for data center tech role 01:24 < wadadli> dhcp would just assign a new address I'd assume 01:24 < wadadli> issue resolved =P 01:25 < djph> no 01:25 < djph> if you're a fucktard, and create a conflict, DHCP won't help you. 01:25 < obcecado> if two machines have the same static ip configured, there's not much dhcpd can do 01:25 < djph> or hell, one DHCP and one static 01:26 < obcecado> some implementations will arp for the ip being leased 01:26 < obcecado> to check if its configured elsewhere 01:27 < djph> though a static device being down at that moment or the DHCP server not doing that will still result in "conflict" 01:28 < wadadli> djph ▶ in that case dhcp is responsible for the conflict 01:28 <+pppingme> wadadli its not dhcp's job.. 01:28 < djph> nope, the fucktard putting a static assignment inside the DHCP pool is. 01:28 < wadadli> djph ▶ true that 01:30 < obcecado> it wont surely prevent op stupidity 01:36 < djph> ^ 02:56 < jorja> Hello 02:57 < jorja> I am having issues with my router items that had wifi then I stopped the wifi and am now trying to reconnect cannot. So I thought maybe a firmware update again but I cannot get to the 19.... site that is shown on google and was wondering if anyone can help me with this issue 02:58 < djph> jorja: turn the router's wifi back on? 02:59 < jorja> Wifi was never turned off 02:59 < jorja> I have a tablet that has wifi but my phone which had wifi at 7 now does not 03:00 < djph> so the router's wifi bit it? reboot the router 03:01 < jorja> I STILL HAVE WIFI 03:01 < jorja> Tried reset does not work 03:03 < djph> then sounds like the router's fubar 03:03 < jorja> the router's what 03:07 < Spektrum> fuggedup beyond all repair 03:07 < jorja> it is new 03:15 < dogbert2> hey djph 03:15 < jvwjgames_> Hello 03:15 < jvwjgames_> is a VPS provider considered an ISP 03:17 < dogbert2> not much ph33r: 18:17:14 up 6 days, 13:40, 1 user, load average: 0.00, 0.00, 0.00 03:18 < cheapie> 20:17:57 up 374 days, 16:10, 1 user, load average: 0.00, 0.00, 0.00 03:18 < dogbert2> spent most of the afternoon playing with Bosch IP cameras 03:18 * cheapie should probably reboot that one of these days 03:18 < dogbert2> pretty good, more than a year 03:19 < cheapie> I had a VPS get to 451 days before, but 374 days is my current record for anything in my house. 03:19 < cheapie> Still going too :P 03:21 < dogbert2> was working on a camera in Spain this afternoon 03:23 < obcecado> 3750-01 uptime is 12 years, 18 weeks, 3 hours, 19 minutes 03:23 < obcecado> its not a camera, but got a decent uptime 03:24 < dogbert2> sheesh...how about some firmware updates? 03:27 * dogbert2 spins Stampeders - Sweet City Woman 04:05 < obcecado> hi 04:06 < obcecado> after finishing an installation (pxeboot + auto_install) is there a simple way to install a bunch of packages? 04:06 < obcecado> on the firstboot 04:15 < rewt> obcecado, that would depend on what you're installing... you'll probably have better luck asking in the relevant channel 05:12 < spaces> dogbert2 stop spinning that women, she might get sick 05:12 < dogbert2> LOL 05:12 < spaces> obcecado fans are stil OK from that device ? 05:17 < SwedeMike> ALowther_: just google for ipv6 education, there are lots of hits. For instance https://www.linkedin.com/learning/learning-ipv6 05:34 < spaces> obcecado dogbert2 and I want info :P 05:38 < spaces> dogbert2 hackhis old firmware :P 05:38 < dogbert2> heheehe 05:38 < spaces> 12 years of exploits would be a good start :D 05:39 < spaces> I think the NSA can simply go to it's IP and sees it all :D 05:39 < spaces> console port sends it out though wifi :P 05:41 < spaces> with wep encrytion I believe 05:49 < alesan_> hey - is there a way with ethtool or similar, to see the *partner* advertised modes 05:49 < alesan_> like what the "switch" offers as autonegotiation, not the local NIC? 06:04 < TheBlueWizard> I have a simple goal: connect two computers, one a Win box and another a Linux box (currently running Trisquel), and I configured Win box to use IP address 10.0.0.1, mask 255.255.255.0 and gateway 10.0.0.2; and on Trisquel I select manual, then edit Ethernet property to IP 10.0.0.2, mask 255.255.255.0 and left gateway blank. So far I could not ping each other machine. What did I do wrong here? 06:07 < TheBlueWizard> oops...I left out the goal: send files between two computers, using Python simple web server 06:36 < sharkasdf> I have an asus rt-n66r with that merlin custom firmware. I made a security change to the router that I thought was only going to allow a computer to be connected locally through ethernet, but instead I've made it impossible to connect to my router. I can ping it, but can't connect with https, http, IE, firefox, chrome. Firefox can’t establish a connection to the server at 192.168.1.11. (192.168.1.11 is my router ip). 1.11 als 06:36 < sharkasdf> o doesn't work. Any ideas? 06:51 < Apachez> sharkasdf: you done goof, so factory reset the box and reapply your settings 06:52 < Haris> I have an interface with public IP on a linux box. Is it possible to limit forwarding to vpn only on this box ? and deny all the rest from wan and lan other than the vpn traffic from/to lan ? 06:52 < Haris> limit forwarding to vpn traffic only 06:52 < sharkasdf> Apachez, there is no other way? 06:52 < Haris> forwarding as well as natting 06:53 < sharkasdf> I don't have a backup of settings :\ 06:55 < Apachez> sharkasdf: the other way is to find out wtf you actually put in as a "security change" 06:55 < Apachez> exactly which setting did you alter into what? 06:56 < sharkasdf> Let me see if I can find it somehow 06:57 < sharkasdf> Also, were the custom firmware routers hit with that china hack? 06:59 < BenderRodriguez> man 06:59 < BenderRodriguez> Arista did me dirty with their stock 06:59 < BenderRodriguez> It's a shame they are in so much trouble right now 07:02 < Krikey_Sanchez> hello 07:03 < Krikey_Sanchez> I'm trying to configure a world-reachable ipv6 address behind a comcast router 07:03 < Krikey_Sanchez> I originally got an address from ipv6 dhcp that I could ping from the outside world 07:03 < Krikey_Sanchez> but now I get destination unreachable: no route when I try to ping it from an external computer, even though the host in question can ping ipv6.google.com 07:03 < Krikey_Sanchez> just fine 07:04 < Krikey_Sanchez> I notice that my routing table has two default routes on that interface, both of which have the same fe80: address 07:08 < Dagger> sure you're using the right address? privacy addresses are abandoned after no more than a week 07:09 < Haris> how to snat traffic to a source before forwarding to s-t-s vpn tunnel on the same box ? 07:09 < Haris> on linux 07:10 < Dagger> (although you wouldn't normally get privacy addresses when getting an address from DHCPv6, unless you're also getting an address via SLAAC) 07:15 < Krikey_Sanchez> Dagger, maybe I'm not 07:15 < Krikey_Sanchez> I actually don't know how to use SLAAC on a linux box, using whatever andom address dhcp6 gave me has worked before 07:16 < Krikey_Sanchez> but it's probably not the right way to do things 07:16 < Dagger> the kernel has a built-in client. it's automatic so long as forwarding is disabled 07:16 < Dagger> (and you can set the accept_ra=2 sysctl to enable it even then) 07:17 < Krikey_Sanchez> how do I force it to assign itself a SLAAC address? 07:17 < Krikey_Sanchez> let's say I clear all my networking state now and bring down the current interfaces to get myself into a clean state 07:18 < Dagger> bringing the interface up should be enough, assuming default settings 07:19 < Dagger> the kernel will send a router solicitation, which should trigger a router advertisment from the router. the kernel configures itself an address when it receives the RA 07:20 < Krikey_Sanchez> I just brought down and up the interface 07:20 < Dagger> (assuming the RA tells it too, and assuming the network prefix is /64) 07:20 < Krikey_Sanchez> oddly enough it has a v4 address, but not a v6 one 07:20 < Krikey_Sanchez> I don't know where the v4 address is coming from 07:21 < Krikey_Sanchez> oh probably systemctl networkd 07:22 < Dagger> I believe systemd-networkd will (or can?) take over processing of RAs, which would invalidate anything I know about the in-kernel client 07:25 < Maarten> woosh I got a free meraki ms220-8p with 3 years support from my rep for watching a 45 minute webinar :D 07:31 < Harlock> Maarten what about the AP? 07:32 < Maarten> that webinar is tomorrow - security gateway is next week..... supposedly I will get both of those too 07:37 < Harlock> is it only a year support on the AP or 3 years? 07:38 < Harlock> oh it is 3 07:41 < Maarten> Harlock, 3 years... not going to criticize a gift, after 3 years there is probably something newer/bigger/faster I must have :P And the licenses arent terribly expensive by the looks of it 07:52 < Harlock> flash it with openwrt when the support is over 07:55 < Krikey_Sanchez> if my default route is a fe80 one, should I expect to be able to ping my device from the outside? 07:55 < Krikey_Sanchez> that's what v6 dhcp seems to want to give me 07:55 < Krikey_Sanchez> I don't know what I should assign manually otherwise 07:55 < Harlock> that is your LL 07:56 < Harlock> but LL are nrmal to be used for a gateway 07:58 < Harlock> but you also need a global address to access the internet and be accessable from the internet 07:58 < Krikey_Sanchez> it looks like systemd-networkd just doesn't want to give me one 09:34 < winsoff_> Will access points typically refuse to put frames to unassociated mac addresses on the air, or do they act as hubs by nature? 09:40 < detha> would they go through the entire trouble of negotiating associations when the AP would broadcast everything anyway? 09:41 < grawity> keeping track of clients is kind of a requirement once you need to add security mechanisms 09:42 < grawity> so since APs track clients anyway, they *will* drop everything they don't recognize, because what's the point of sending it? 09:42 < grawity> airtime clutter 09:43 < grawity> though things change if the connection is in WDS mode 09:50 < spaces> grawity tell me why my pee is always falling down when I'm @ the toilet 09:57 < xormor> spaces, you are confused. have a pill. 09:57 * xormor hands spaces a pill. 10:15 < epitamizor> would it be good idea to have load balancer between two remote sites that have vpn connect? 10:17 < winsoff_> grawity: Is this commonly implemented, then, or is it not default behavior in common equipment? I guess there's an easy way to find out, right? I could connect with one AP/ethernet on machine A, then connect to another AP with machine B and start making traffic on machine A, and then I could put machine B into promiscuous mode and see if I can see traffic from A? 10:18 < detha> epitamizor: without more context, that does not make sense 10:18 < winsoff_> Or are there other things in place that could spoil the test? Furthermore, what happens when a switch sees the same IP on 2 ports? Does the address/port db update? 10:18 < winsoff_> Agreed with detha 10:30 < grawity> switches don't care about IPs though 10:31 < winsoff_> I thought you configured vlans on switches? 10:31 < grawity> aaand? 10:32 < detha> vlans are an L2 concept. IP addresses are an L3 concept 10:32 < grawity> you also connect ethernet cables to switches, doesn't mean the cables care about IP, and doesn't mean switches care about IP 10:32 < winsoff_> Am I an idiot? I thought you could vlan-together certain IP addresses. You can't, I guess? 10:32 < winsoff_> You can only vlan PORTs together, then? 10:33 < winsoff_> So with that in mind, a switch only associates a mac address with ports, then. 10:33 < detha> correct 10:33 < winsoff_> Sweet. Also, thanks for not ignoring me after I forgot to phrase it as a question. 10:33 < winsoff_> With that in mind, how does a switch handle seeing the same MAC address on two different ports? 10:34 < grawity> it updates the MAC forwarding table for the new port 10:34 < detha> Badly 10:34 < winsoff_> This sounds like it's super exploitable. 10:34 < detha> It flips traffic for that port to wherever it saw the mac address last 10:34 < winsoff_> Of course, it also sounds like it just busts the network, making it pretty useless, unless the attacker has a backup link/a way out to the internet. 10:35 < meowschwitz> arpwatch is your friend and, if someone physically on your network is doing that you have bigger problems 10:35 < winsoff_> Oh, but does the MAC table get updated really quickly, every single time it sees frames? Does that mean it'll just flipflop between ports and start wreaking havoc on the network? 10:35 < detha> generally yes 10:35 < grawity> (fwiw, some switches do have IP-based VLANs, but that's not a standard feature, and quite frankly weird) 10:35 < meowschwitz> and yes, two boxes with same IPs or MACs has.. interesting side effects. 10:36 < winsoff_> Do switches typically come with modern protections for this, or is that up to a firewall/IDS? 10:36 < detha> side effects as in 'things go sideways' 10:36 < winsoff_> detha: lol 10:36 < grawity> huh, I didn't know 4addr mode was this complex http://www.ieee802.org/1/files/public/docs2008/avb-nfinn-802-11-bridging-0308-v3.pdf 10:36 < grawity> winsoff_: managed switches tend to have features like "port security" 10:36 < grawity> "sticky MAC learning" 10:36 < grawity> etc. 10:37 < winsoff_> Dang, but also nifty. 10:37 < gallax> winsoff_: same mac address on 'two' different ports makes sense. It'b be wrong two on 'same' port. 10:37 < grawity> wat? 10:37 < grawity> a port can easily have multiple MAC addresses 10:38 < detha> gallax: uplinks have many macs on one port. So do virtualization hosts 10:38 < grawity> and as we're talking about switch ports, I'd be surprised if they couldn't 10:38 < meowschwitz> oh shit i forgot to to turn off stp on iscsi ports 10:38 * meowschwitz derp 10:42 < winsoff_> I think gallax was pointing out that the only case where two instances of the same mac address can actually exist to a switch is when these instances are found on two different ports. 10:43 < winsoff_> is there a way to ask a router nicely what addresses it holds behind it, if I'm on the "behind" side? 10:43 < Razva> Hey! Let's suppose that I have a DNS round-robin A-entry (domain.tld) pointing to multiple IPs (1.1.1.1, 2.2.2.2 and 3.3.3.3). If 1.1.1.1 is not responding, will the visitor/client machine just ignore it and point/direct only to 2.2.2.2 and 3.3.3.3, or do I need to manually remove 1.1.1.1 it from the round-robin? 10:44 < grawity> winsoff_: as in, what subnets & routes it has? 10:44 < grawity> Razva: well it won't know that 1.1.1.1 is not responding until it tries 10:44 < grawity> Razva: *most* programs will go try the 2nd and 3rd addresses after a timeout 10:44 < winsoff_> grawity: yes indeed 10:44 < grawity> and as to which one will be tried first, it's random 10:44 < Razva> grawity: programs = ? 10:44 < eirirs> Razva: dns don't check whether host are up before giving you host 10:45 < meowschwitz> winsoff_: this isn't really a router problem. Same MAC address on more than one port means something is very wrong and either there's a loop somewhere or something else is broken 10:45 < grawity> Razva: literally, programs which connect to your service 10:45 < grawity> the machine doesn't care 10:45 < grawity> the OS doesn't care much, either 10:45 < grawity> each individual program decides how to handle multiple IPs on a single domain name 10:45 < grawity> winsoff_: from the outside, no 10:46 < grawity> winsoff_: (well I'd say "SNMP" but not many routers run that) 10:46 < Razva> here's the thing. I'm looking to build a HA cluster with multiple providers. I have multiple load-balancers at multiple providers, but I don't know how should I remove the non-functional load-balancers (without an extra..ehm..load-balancer). somewhere on the food chain DNS needs to be involved because a load-balancer is a fail point by itself. 10:47 < grawity> maybe have a backup load-balancer at each site 10:48 < mgolisch> i think the scenario Razva tries to tackle is an entire provider going down i would asume 10:48 < Razva> mgolisch: exactly. 10:48 < Razva> there are numerous cases when an entire Zone got offline. Amazon had it, OVH had it etc. 10:49 < Razva> so I cannot base on floating IPs, because those are provider specific. if the provider goes down, so goes the floating IP, VLANs etc. 10:49 < winsoff_> grawity: I think I've seen snmp on a few networks. I guess I should just read about snmp, then? Also, arp can only get me to the switch level, right? 10:50 < regdude> winsoff_: most switches should have protection against having same MAC address on multiple ports. If a device is connected directly, then if you disconnect it, then it should flush the MAC table on that port 10:50 < mgolisch> i have been thinking about the same but i have not realy come up with a great answer yet 10:51 < regdude> if the device is not connected directly, then you will have to depend on the MAC table aging timer. Between that time traffic might not reach the right port 10:51 < regdude> though some switch chips have a mechanism that will update the MAC table manually if a MAC address has appeared on a different port 10:51 < grawity> mgolisch: I suspect the answer would involve BGP or equivalent 10:52 < grawity> regdude: I think RSTP has a thing where the entire network is asked to purge its MAC tables 10:54 < regdude> grawity: sort of, yes. The topology change notification might change the ports state at that will flush the table, but only if the state changes. There are cases where the state will stay the same 10:56 < winsoff_> Why does a streaming protocol have the ability to talk about network topology? 10:56 < Razva> mmmm...folks...? 10:59 < regdude> winsoff_: not sure what you mean, but streaming protocols are either broadcast or multicast traffic, which is sent to all network nodes in a Layer2 domain 11:01 < winsoff_> Seriously? 11:01 < winsoff_> That's really interesting. Hmm. 11:01 < jvdmr> Razva: for your original question: round-robin will work, but visitor machines will keep trying the failing ip as long as it is in DNS and getting timeouts, then (depending on client implementation) trying the other ip's. 11:02 < winsoff_> Also, be back later! 11:02 < jvdmr> Razva: you may want to implement some kind of monitoring that removes the failing ip from DNS if it is offline for more than x time and re-adds it when it comes back online 11:03 < jvdmr> (or monitoring that alerts you to remove the ip manually, if automation is not possible) 11:09 < detha> Razva: this is why they invented anycast..... 11:09 < Razva> jvdmr: yup, can do that via Route53, but I was looking at a better way of doing this... 11:10 < Razva> detha: mmmm...can you please explain? 11:11 < detha> Razva: in brief: you have one public IP address, you set that on each load balancer. You announce the /24 that address is in over BGP from each site. 11:13 < Razva> ahaaaa! so each LB has the same IP? doesn't that involves a single provider? I don't know if there's any option/product out there that can do that. 11:13 < detha> You will need your own IP range, and hosting providers that let you announce that range over BGP 11:14 < Razva> ehm, that's not in my price league I guess. I have my own IP class but finding two providers that want to - at least! - announce it seems like a dead-end. 11:15 < Razva> when using a single provider + anycast, is there any way for that anycast IP to "get offline"? 11:15 < detha> single hoster? if you drop your BGP session, it'll be offline 11:16 < detha> Also if your load balancer stops responding, it'll be offline 11:16 < Razva> https://buyvm.net/anycast-vps/ < was previously looking at this... 11:17 < Razva> dropng a BGP session seems like a stretch to me (still I'm no expert so it might happen). 11:17 < Razva> regarding the load-balance, are you talking about my load-balancer (I will have at least 3) or some other networking balancer (I might just have said something very stupid) 11:17 < detha> With that setup, you don't need to worry about BGP, they have an anycast range, and give you one address out of that. 11:18 < TandyUK> Razva: If an ISP tells you they cant announce a prefix for you, imho find a better ISP (Unless its consumer grade crap in which case well...) 11:19 < detha> Their FAQ doesn't say how they detect your VM being down.... 11:21 < Razva> TandyUK: if you know any consumer ISP that can provide dedicated/colocated with my own IP class...I'll be very grateful! 11:23 < Razva> detha: from their FAQ it seems that they push you into getting 3 VMs in 3 different zones and they do the rest. I'm asking for extra information on their IRC channel. 11:23 < dminuoso> Your ISP has an IRC channel? 11:23 < Razva> dminuoso: seems that buyvm has? 11:23 < dminuoso> Im not sure whether that's cool or antiquated. 11:24 < Razva> dminuoso: well...we're all taking here on IRC so I guess it's cool? :) 11:24 < Razva> from your experience, would you rather go with some anycast VM provider and o the load-balancing there, or go with Route53 + monitors + low-TTL A-entries? 11:24 < dminuoso> Razva: Im not suggesting IRC is inherently bad - but it may not be the best solution for customer support.. 11:24 < detha> Razva: that one looks to be more about latency than about failover 11:24 < djph> dminuoso: hey, if it gets you talking to the right person without going through 37 layers of people who either can't understand the problem, and/or do phone transfers correctly ... 11:25 < Razva> detha: yup, seems so. 11:25 < detha> Razva: look for the 'Anycast on a shoestring' nanog presentation from a few years ago 11:26 < detha> anyway, without getting into building your own CDN, low-TTL DNS and monitoring is about the best you can do 11:26 < dminuoso> djph: Ah it seems that its just a community chat, not an official support place. 11:30 < Razva> detha: well, Route53 offers monitoring + low-TTL DNS, currently using it for a round-robin storage cluster (I'm removing non-working nodes from the A-entry). but I was wondering if there isn't any other (more simple) solution. it seems that there isn't (except anycast). :\ 11:33 < djph> dminuoso: aww :( 11:40 < grawity> regdude: on a related note, I noticed that some devices broadcast a management frame thingy to announce that they're connected 11:40 < grawity> regdude: wi-fi clients in particular (I think I saw where that's required), but seen wired devices send out a slightly different one as well 11:41 < grawity> dminuoso: IRC isn't much worse than all the "live support chat" thingies companies have on their websites 11:41 < grawity> regdude: I suppose that's also meant for updating MAC tables 11:42 < regdude> grawity: do you have more about what kind of packets are they? Generally DHCP Client will be sufficient to update a MAC table 11:43 < Razva> fyi, about BuyVMs anycast IP procedure: https://gist.github.com/Razva/6b104746aa7e6adbc01b93565d6fe497 11:47 < TandyUK> [10:21] TandyUK: if you know any consumer ISP that can provide dedicated/colocated with my own IP class...I'll be very grateful! <<< I know plenty of proper ISPs who can do that, but none are consumer shit (Talktalk, plusnet, that kind of thing) 11:48 < TandyUK> as for IP's you need to get those yourself if you want PI space which you have announced via BGP 11:49 < TandyUK> dminuoso: I have a proper IRC support channel, as an ISP 11:49 < TandyUK> I dont think Ive ever seen non-staff in it lol 11:50 < Razva> TandyUK: yeah, I have my own IP class, I'm currently routing it to...nowhere, as my previous ISP dropped the "custom IP classes" option (horray). 11:51 < Razva> TandyUK: if possible can you PM me at least 2-3 providers? I'm really interested... 11:52 * djph wants to join tandy's IRC channel just to whine about ISPs in general 11:53 < anonymip> anyone here using ubiquitit unif switches? 11:53 < djph> have in the past 11:53 < djph> they're alright 11:54 < anonymip> ok, it seems very easy to manage them in the unifi controller 11:54 < djph> it is 11:55 < djph> I prefer the Edge series though 11:55 <+xand> edge stuff is better featured but unifi is nicer to manage multiple devices 11:55 < djph> more or less identical, but "traditional(tm)" command interface (i.e. each one on its own) 11:55 < anonymip> are they also mannaged in the unifi controller 11:56 < anonymip> I with all mannaged switches had the abiltity to show what's connectet to each port, it's a really nice feature in the unifi controller 11:57 < rtmataeu34> hello 11:57 < anonymip> *wish 11:58 < anonymip> hello rtmataeu34 11:58 < rtmataeu34> got nothin really to chime in im pretty newb at networking 11:58 < rtmataeu34> :D 11:58 < rtmataeu34> with* 12:04 < rtmataeu34> did anyone here get their net+ 12:05 < rtmataeu34> to get into networking* 12:05 < rtmataeu34> or just went straight cisco 12:08 < djph> anonymip: no, Edge* do not show up in UniFi. 12:08 < djph> rtmataeu34: didn't do either. 12:09 < rtmataeu34> so how'd you start 12:10 < djph> the local library 12:11 < djph> got noticed in high school as ... proficient enough ... to get into the "tech support class(tm)" (essentially a gopher for the highschool's admin, but hey) 12:11 < anonymip> djph, ok 12:11 < djph> then just kept reading through college, worked for the IT department there ... got a job entirely not in networking, but still try keeping up. 12:12 < anonymip> Then I'll probably check out the UniFi US-24 12:16 < mcdnl> rtmataeu34: trial and error. i've learnt a lot trying to do things with mikrotik devices too 12:17 < rtmataeu34> I've been studying for the N+006 - its about to get retired for the 007 12:17 < mcdnl> best way of learning something is doing it 12:17 < regdude> I poked everything I saw 12:17 < regdude> until they poked back 12:17 < rtmataeu34> havent really had much exposure that way* 12:17 < mcdnl> if you wanna learn the fast and hard way, test things in production :) 12:17 < mcdnl> xD 12:18 < mcdnl> ps: don't 12:18 < rtmataeu34> yeah i think I'll skip over that one :) 12:18 < regdude> be an intern in an ISP, start testing BGP and announce all prefixes 12:19 < mcdnl> lol 12:22 < rtmataeu34> so id literally be a speaker node 12:22 < rtmataeu34> is what you are telling me 12:23 < rtmataeu34> * imagines a soapbox and being in a period piece set in the 1800's 12:33 < rtmataeu34> mcdnl not offtopic but that mikrotik routerboard looks pretty sweet on amwzon 12:35 < squ> how sweet? 12:35 < regdude> bitter sweet 12:35 < djph> I hear mexed reviews about 'tik (although, suppose that's same as any manufacturer). Though, as I understand it, their licensing scheme is backasswards. 12:36 < squ> what router price is sweet 12:36 < squ> djph: why do you care about license? 12:36 < regdude> there is a reason why SFP+ switch costs 3 times less 12:36 < djph> squ: for me, the "lower end(tm)" of the UBNT ER series. I mean, $50 for an ER-X? c'mon 12:37 < djph> regdude: hmm? 12:37 < squ> regdude: and this reason is it is not produces in america? 12:38 < regdude> mostly yes, underpay programmers and engineers in a very poor country to manufacture devices 12:38 < regdude> not sure why would anyone care about licenses there though 12:39 < squ> regdude: other opinion is fat and rich americans can't do anything useful 12:40 < regdude> true, a small company with few workers are competing with multi million/billion companies 12:41 < squ> I accidentally discovered ubiquity devs are in same country as mikrotik 12:41 < gallax> squ: is that good or bad? 12:41 < squ> idk, posted youtube video yesterday 12:41 < regdude> I think you misread it, the director is from the same company 12:41 < regdude> *country 12:43 < squ> all inside parts cost dollar-cents, and are made in China 12:43 < regdude> oh, some actually are from there, so yeah, outsourcing 12:43 < rtmataeu34> they sell just the mikrotik board without the case and antenna ? 12:44 < rtmataeu34> is that a thing? 12:44 < squ> afaik even iPhones are made this way 12:44 < regdude> for OEM reasons this is very common 12:46 < rtmataeu34> theres this routerboard for 89 but theres also a WAP ac for the same price and its- assembled. lol 12:47 < djph> squ: because if I have to purchase a different ("better") license to use "all the features of the device", that's a pain in the fucking ass. 12:47 < regdude> djph: what feature were you missing in a lower level license on the device you got? 12:48 < djph> regdude: none, since I never bought mikrotik. I could well be mistaken on their licensing model. 12:48 < regdude> rtmataeu34: the PCBs are not meant for home users 12:49 < regdude> djph: well for average SOHO router you get VLANs, VPN, load balance ,firewall and whatever else you can think of, but you are missing MPLS, BGP and support for 1k hotspot users. I guess some people want to run an ISP off a 50$ router 12:49 < squ> djph: what for do you need license? 12:49 < detha> djph: there are license levels yes. But the 'default' license level normally corresponds with what a sane person would use the device for, only if you take something that was obviously meant as CPE and want to hand it on a tower you run into that 12:50 < squ> djph: sorry didn't read answer 12:50 < rtmataeu34> so what is a "sane setup" nowadays for a basic tinkerer 12:51 < regdude> I did once saw someone complaining that his router is not capable of running 1000 routes using OSPF and wanted to use BGP, but was not available in that license, he bought a router that costs 70$ 12:51 < rtmataeu34> pretty sure theres a reddit for that 12:51 < detha> 'sane setup' is relative, just look at /r/homelab 12:52 < regdude> rtmataeu34: all of their devices are highly configurable, they use the same software on a 20$ and on a 3k$ router 12:55 < squ> using 2 hAP ac https://mikrotik.com/product/RB962UiGS-5HacT2HnT 12:56 < squ> configured everything as I wanted, have no complains 12:56 < regdude> 5G is reaching high speeds? 12:56 < rtmataeu34> i was gonna try to get a router but not like a prosumer one 12:56 < squ> rtmataeu34: I don't think its pro 12:57 < regdude> get any of them, just don't go into sections you don't need to 12:57 < squ> regdude: did not bothered to measure, and the connection from ISP is only 1 mb/s 12:58 < rtmataeu34> sections? 12:58 < squ> one of interesting feature I thought to use is, DHCP logs 12:58 < squ> theoretically possible to connect to router via shell and notify me when certain user iPhone connects to wifi 12:58 < regdude> like I said, a 20$ router has the same software as 3k$ router, you will see options to configure features that are more likely only relevant to ISPs 12:59 < squ> or look logs to see when user left the area for example 12:59 < regdude> you can use scripts to email you when that happens 12:59 < rtmataeu34> squ: sorry i was segwaying, yes its not prosumer* 13:03 < djph> detha: ah, fair enough. 14:29 < mcdnl> rtmataeu34: the hAP AC is pretty good 14:29 < grawity> regdude: "sufficient" – assuming the device uses DHCP... 14:29 < mcdnl> sfp, 5 gigabit ethernets, dual chain 14:29 < mcdnl> i mean, dual band, triple chain for 2ghz and double chain for 5ghz 14:29 < grawity> regdude: IIRC, both kinds of the frame I've seen were raw-ish LLC stuff 14:30 < regdude> mcdnl: triple for both 14:31 < regdude> grawity: must be something vendor specific, though LLDP delivers packets using LLC as well 14:32 < mcdnl> ah yes, both triple, 5HacT2HnT 14:32 < mcdnl> pity it isnt multicore 14:32 < regdude> that is why hAP ac2 exists 14:32 < grawity> regdude: oh, in case of Wi-Fi, I think the name is "Layer-2 Update Frame" 14:32 < mcdnl> oh 14:32 < mcdnl> that's new 14:33 < mcdnl> what about hardware acceleration for encryption? 14:33 < grawity> > forged by the AP 14:33 < grawity> regdude: https://superuser.com/a/696886/1686 14:33 < mcdnl> ill have to check out, i hope it supports aes-gcm 14:33 < regdude> mcdnl: the CPU has a built-in acceleration for IPsec 14:34 < grawity> yeah but which ciphers is it capable of accelerating... 14:34 < mcdnl> yeah, but not all ciphers 14:34 < grawity> https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Hardware_acceleration 14:34 < mcdnl> mostly aes-cbc sha1/sha256 14:35 < mcdnl> yes, i was just checking that 14:35 < regdude> mcdnl: what ciphers do you need? 14:35 < grawity> unfortunately, RouterOS sends different cipher IDs for AES-GCM than strongSwan expects 14:35 < regdude> *wnt 14:35 < grawity> so that's garbage 14:35 < mcdnl> regdude: i'd just like it to have aes256-gcm-sha256-dh2 14:35 < regdude> grawity: this is an interesting packet, not have seen it before, thanks! 14:35 < mcdnl> 0 14:36 < mcdnl> dh20 14:36 < grawity> mcdnl: dh2048? 14:36 < grawity> waste of cpu tbh; ecp256 is enough 14:37 < mcdnl> group 20, i dont remember the modp 14:37 < grawity> ah, group 2 is ecp386 then 14:37 < grawity> 20* 14:37 < grawity> regdude: so yeah, by "LLC" I also meant that it's a LLC control frame, not just in LLC encapsulation 14:37 < regdude> that is a bit overkill for a soho router, but the CPU simply does not have any logic for that cipher, maybe someone will manufacture one 14:38 < grawity> the table says it does 14:39 < mcdnl> meh, i dont really care, it's just i wish. if i had to do strong ipsec tunneling with mikrotik id go for rb1100ahx4 14:39 < mcdnl> anyway, it's not fully realiable still, i've seen hangs that need a reboot on both sides to work again 14:40 < regdude> the CPU can cipher anything, but the built-in logic won't be able to offload SHA256 for GCM 14:41 < regdude> mcdnl: you should report that issue, they tend to fix such issues quite fast 14:41 < mcdnl> yeah i know 14:41 < mcdnl> i'm mt cre/cwe/tce 14:41 < mcdnl> maybe someday ill do the trainer 15:32 < Thuryn-> j0 16:18 < mh_le> is there any reason to have 2.4GHz wifi on if ones devices uses 5GHz? 16:19 < Kingrat> if devices get too far away for 5ghz 2.4 will still work as a fallback 16:19 < mh_le> Kingrat: what distances are we talking about? I live in an apartment 16:20 <+catphish> mh_le: there's no good reason to have 2.4GHz on if none of your devices need it, no 16:20 < Kingrat> 5ghz doesnt go through walls very well, if you still have a very good signal everywhere on 5ghz i guess you could turn it off 16:20 <+catphish> but if you have problems with range, you may want to reconsider 16:21 <+catphish> as Kingrat says 16:21 < mh_le> right, thanks for the adivice :) 16:21 < Aeso> yeah, it's heavily dependent on the environment, but if you don't have a device/location that needs 2.4, it's preferrable to turn it off 16:22 < mh_le> everyone of my devices are not connected with 2.4 16:22 <+catphish> 2.4GHz is congested, so i guess it's polite not to broadcast on it if you aren't using it 16:22 <+catphish> mh_le: then you can almost certainly turn it off :) 16:22 <+catphish> if you find you need more range, you can always turn it back on later 16:23 < Kingrat> catphish, polite? like neighbors using 40mhz 2.4ghz channels, screw that turn it on and waste their air time ;) 16:23 < Aeso> as far as range goes, you can also tune your channel width to support 5GHz at longer ranges 16:23 <+catphish> Kingrat: no, not like neighbors using 40MHz, polite is the opposite of that 16:23 <+catphish> Aeso: channel width should always be 20MHz :) 16:24 <+catphish> unless you have a really really good radio environment and need the extra speed i guess 16:24 <+catphish> but i've never seen any benefit from it myself 16:25 < Aeso> With APs that support the DFS channels you can run wider channels to improve throughput and limit distance without trouncing all over your neighbors 16:25 < Aeso> but it's purely optional, of course 16:25 < mcdnl> normal people doesnt care about stomping others airtime 16:26 < mcdnl> dont* care 16:26 < Aeso> mcdnl, there's no personal benefit to seeding torrents either, an yet it happens :) 16:26 < mh_le> My ISP finaly gave me a decent router :D 16:27 < Aeso> It's all part of being good neighbors. 16:27 <+catphish> mcdnl: i'd imagine they do, because it goes both ways equally, most people just dont know 16:27 < mcdnl> yeah, but people who usually use bittorrent might know about what seeding is for 16:27 <+catphish> if they understood, they'd care 16:27 < mcdnl> that's the point 16:27 < regdude> when my neighbors get loud, I just turn on a high gain antenna with the same frequency, then they are busy figuring out why wifi is not working 16:27 <+catphish> regdude: that's astonishingly illegal 16:27 < Aeso> regdude, why bother with all that effort when you can just spam deauth packets at their clients? 16:28 < Aeso> >:) 16:28 <+catphish> also illegal :) 16:28 < mcdnl> regdude: so do I. 3 1W aps 16:28 < regdude> my country doesn't care about that, I use 1x 1W transmitter 16:29 <+catphish> i doubt that's technically legal anywhere, but i'm sure there are plenty of places it doesn't matter 16:29 < Aeso> mcdnl, don't mind me as I drive by on the street and grab enough packets to run an offline dictionary attack against 16:29 <+catphish> but there's little value in it 16:29 < regdude> but when you turn on a 24GHz antenna, then traffic cops get really serious 16:29 < mcdnl> Aeso: i just turn them on with an open ssid, ch1 ch6 ch11 16:30 < Aeso> mcdnl, you monster 16:30 < mcdnl> :D 16:30 < meowschwitz> yall should look up guns they make from microwaves to... quell overzealous neighbours 16:31 < mcdnl> Aeso: i dont usually do it, but there was a party once, and at 2 am i was pissed enough already. turn on aps, music stops 16:31 < Thuryn-> lol 16:31 < Thuryn-> i guess they were streaming their music? 16:31 < mcdnl> yes 16:31 < mcdnl> iphone i guess 16:31 < Thuryn-> headshot 16:32 < mcdnl> bunch of snobs xd 16:32 < regdude> you can deal with iPhones in a more sophisticated manner. Buy a router from a different region and place it near the phone. It has a country code scanner and will try to switch between regions 16:33 < mcdnl> ooh, that's new 16:33 < Thuryn-> protip: turn off YOUR iphone first 16:33 < regdude> not sure if I should have told that, but have fun 16:38 < LunaLovegood> Can I rate limit a specific VLAN? like with 16:38 < LunaLovegood> tc qdisc add dev eth4.100 root tbf rate 150mbit burst 4mbit latency 50ms mpu 64 16:39 < mcdnl> i guess you should be able, haven't tested with a standard linux 16:39 < LunaLovegood> cool 16:40 < mcdnl> test it, always the fastest route 16:40 < LunaLovegood> Also can I put CoDel before that TBF or will it do nothing? 16:41 < mcdnl> i have no idea xD haven't used queuing that much 16:42 < LunaLovegood> I want to route to a bunch of vlans, each with a specific rate limit, and I'd like to have codel too on each. 16:42 < LunaLovegood> gues I'll go ahead and test stuff 17:39 < woodruff> Hello, is there a way to add secondary IP address to the lo interface using DHCP? 17:41 < detha> that sounds like an odd requirement. Why would one want to do this? 17:43 < detha> (and no, unless you are on the machine running the DHCP server and set up the dhcp server to listen on lo) 17:45 < system16> hi. i have enabled ap mode on my router. but almost everything is locked. mac filter is locked. parental control is locked etc. 17:45 < system16> is this normal ? 17:46 < djph> no. 17:46 < system16> i have a modem router combo . but since its wifi range sucks i had to use another router in order to extend wifi 17:46 < djph> well, unless it shows you a status page when you're not actually logged in. 17:47 < system16> no. i am logged in as admin right now 17:47 < system16> sucked* 17:48 < system16> isp>>modem-router combo>>router 17:48 < system16> how can i unlock these options 17:49 < system16> i really need them. especially url filter 17:49 < system16> and mac filter 17:49 < detha> is that an ISP-provided device? 17:50 < system16> that modem router combo ? yes 17:50 < detha> either ask the ISP, or see if you can get it in bridge mode and do things on a device you control 17:50 < system16> that router was provided by an old isp. they dont exist anymore 17:51 < system16> can i manually put it in ap mode ? 17:51 < kottt> maybe 17:51 < kottt> but we can't answer that 17:51 < system16> like disabling nat and... 17:51 < kottt> since different ISPs will lock down their gear differently 17:52 < system16> kottt, really ? 17:52 < kottt> if you've tried factory defaulting the router and logging into it and you can't find the settings you want 17:52 < kottt> then there's nothing we can tell you that will help 17:53 < kottt> you'll have to do your own research, maybe somebody else figured out how to unlock whatever router/isp device you're trying to use 17:53 < kottt> personally i'd just shell out the $50 for a n AP 17:53 < kottt> <_<; 17:53 < system16> those options will get disabled when i enable ap mode. i dont think it has something to do with the isp 17:54 < system16> they are accessible y default 17:54 < system16> by* 17:54 < kottt> oh... wait what are you trying to do exactly? 17:54 < kottt> of course those settings get locked in AP mode 17:55 < kottt> an AP mode is essentially just a wireless switch 17:55 < kottt> s/mode/ 17:55 < kottt> by default, do not expect an AP to provide any network service other than layer 2 connectivity 17:56 < system16> so its normal kottt ? 17:56 < kottt> yes 17:56 < kottt> so what are you trying to do? 17:56 < detha> mac filter is a standard AP feature. But anyway, sounds like the usual shitty firmware, ditch it and get something decent 17:57 < djph> detha: and it's trivial to get around, so not exactly a dealbreaker 17:58 < detha> djph: ssst, people like their mac filters. Keeps unwanted neighbours out 17:58 < system16> kottt im trying to activate those options but looks like i cant. 17:58 < kottt> fgsfds WHY do you want to activate those options 17:58 < djph> detha: so does "PassWord123" 17:58 < kottt> what are you trying to do in the grand scheme of things with this modem+router 17:59 < system16> and that pos modem router combo doesnt have parental control and access time etc. 18:00 < system16> nvm. 18:01 < system16> i got my answer. 18:01 < system16> thanks 4 your help 18:18 < efb> Ok if EOC is ethernet over copper what the heck is FE? 18:20 < Thuryn-> Final Ethernet 18:20 < Thuryn-> (where are you seeing EOC or FE?) 18:22 < Aeso> efb, I have no idea what your context is, but considering the other option, FE might be Fiber Ethernet? 18:22 < grawity> I would guess "Fast Ethernet", as in 100BASE-T 18:23 < efb> Thats what I am assuming as well Fast Ethernet 18:23 < grawity> well, -TX 18:23 < efb> but Fiber Ethernet makes sense too especially if they are listing off two options as EOC and FE 18:23 < grawity> ...or I guess just any 100BASE-X 18:24 < grawity> I mean, there are like four variants of 100BASE- 18:24 < Thuryn-> SX, LX, and... ? 18:25 < grawity> https://en.wikipedia.org/wiki/Fast_Ethernet#Fiber_optics 18:26 < grawity> most FE and GE links at $work are -BX 18:26 < Thuryn-> aren't those the single-connector type? 18:27 < grawity> yes 18:27 < Thuryn-> single strand, rather? 18:27 < grawity> yes 18:27 < Thuryn-> that's cool stuff 18:27 < grawity> ¯\_(ツ)_/¯ I mean, why not 19:18 < dunpeal> How reliable is TCP/IP in practice? 19:18 < dunpeal> What are the odds that a message will be undetectably corrupted? 19:19 < dunpeal> (Different / missing / extra bits) 19:21 < djph> "very" 19:21 < djph> "not very" 19:22 < djph> I mean, yes it happens, but not all that often 19:23 < djph> for example, my router's transmitted 1,306,183,251 packets, with zero errors 19:24 < dunpeal> djph: What's "an error" in this context? 19:24 < djph> and received 1,543,308,079 packets with zero errors. 19:25 < djph> errors are malformed frames 19:25 < dunpeal> So even these are detectable errors, or your router wouldn't be able to count them :) 19:26 < djph> yup 19:27 < djph> although that might be "ethernet frames" (L2) rather than "IP Packets" (L3) ... 19:27 < djph> but in either event 1.5 billion of them with zero errors 19:28 < detha> dunpeal: do the math. TCP checksum is 16 bits. chances of an undetected single bit error should be ~ 1 in 65536, per packet. 19:30 < dunpeal> detha: thanks. that's not that low 19:31 < detha> dunpeal: no. but that is on top of L1/L2 error detection. 19:32 < detha> Also, bit errors are like tequilas. They seldom come alone. 19:32 < dunpeal> What's that? I assume the checksum is just that: a hash of the packet, 16 bits in length. What's L1/L2? 19:32 < detha> layer 1 and 2 19:32 < dunpeal> Oh, I guess you mean the lower level layers 19:58 < wadadli> Is there a way to extract the pppo user and password from a modem? 20:30 < Nothing4You> can you recommend me a way to figure out which tls versions / ciphers an application supports? 20:30 < Nothing4You> not sure if this fits this chan but it kinda is network related 20:31 < Nothing4You> i'm probably just looking for a simple tool providing a listening port and checking what the client sends as supported ciphers 20:32 < Aeso> Nothing4You, nmap --script ssl-enum-ciphers -p 443 yourtest.app 20:33 < Nothing4You> Aeso: that's for scanning a server, right? 20:33 < Nothing4You> my first message was ambiguous, i'm trying to figure out what a client supports 20:34 < Aeso> oh, jeez 20:34 < detha> Nothing4You: openssl s_client with high enough debug level may show that 20:35 < Nothing4You> detha: that also would test the server, not the client 20:35 < detha> Nothing4You: sorry, s_server 20:35 < Nothing4You> i've never used s_server, i'll give that a try, thanks 20:37 < detha> not a quick test, you have to give it some certs etc, but debug level can be set to 'ridiculously verbose' 20:37 < Nothing4You> ok 20:37 < Nothing4You> i'm fine with that 20:54 < Thuryn-> grawity, is there much of a price increase for the -BX optics? 20:54 < Thuryn-> and are they available for 10 Gb yet? 20:54 < Thuryn-> -BR? 20:56 < Apachez> -BD 20:58 < arooni> anyway given a web audio stream to determine how many kbps it actually is? 20:58 < Thuryn-> *any way. two words. 20:59 < arooni> thanks :P 20:59 < Thuryn-> if you have the packet capture, Wireshark can give you those stats 20:59 < arooni> is there another way? wireshark sort of requires me to find which part of the traffic it is 20:59 < Thuryn-> actual data throughput, of course. it's not going to tell you the encoded bit rate (audio quality) 21:00 < arooni> thats what im after 21:00 < Thuryn-> no, you'd have to have the actual stream to see that. 21:00 < arooni> well i have the url to the stream 21:01 < arooni> just most audio players ive tried dont tell me hat it actually is 21:01 < tds> If you open it in something like VLC I'd expect it to show that? 21:01 < Thuryn-> depending upon the application, the player might be able to change bit rates based on available bandwidth, loss, jitter, etc. 21:01 < Thuryn-> VLC should be able to, yes. 21:02 < arooni> is a FLAC always uncompressed 21:02 < Thuryn-> Cmd-I on the Mac. not sure on Windows (but "get info" basically) 21:02 < arooni> and is it the best i could expect to stream? 21:02 < arooni> ive got a mac and ubuntu here 21:03 < Thuryn-> FLAC is lossless. that doesn't mean the data stream is NECESSARILY uncompressed (though it probably is) 21:05 < Thuryn-> https://www.magneticmag.com/2018/03/flac-and-the-future-of-audio-streaming/ 21:06 < Aeso> lossless compression happens all the time (see: zip files) 21:18 < Thuryn-> that's what i said. 21:18 < arooni> flac would be the best i could expect streaming radio right 21:18 < Thuryn-> for varying definitions of "best," yes. 21:18 < Thuryn-> best *quality* audio for the least bandwidth that I know of, in that order of precedence. 21:19 < TandyUK> OPUS is probably the best for size, flac is almost certainly best for audio quality 21:20 < TandyUK> OPUS gets surprising good sounding audio in a shocking small bitrate 21:20 < TandyUK> OPUS is fast becoming the preference for anything VOIP for a reason :) 21:21 < Thuryn-> yeah if you reverse the precedence order of the requirements and minimize bandwidth, there are plenty of formats that are "just fine" within the levels of audio quality that most people can hear (and that most audio equipment can reproduce in a random playback environment) 21:21 < Thuryn-> everything else being equal, you can drop the bit rate if playback occurs in a noisy room 21:22 < TandyUK> and drop stereo to mono, most people would never notice the difference 21:22 < TandyUK> especially on voip, when theres only 1 speaker ;) 21:22 < Aeso> the problem with FLAC (imo) is that people often provide 24-bit, 192KHz which is wholly unnecessary. You could throw away 90% of that extra resolution and have no measurable difference under Nyquist 21:23 < TandyUK> Aeso: "But it wasnt the highest quality choice it gave me" lol 21:23 < Thuryn-> "extra" above what? 21:23 < TandyUK> like when people used to rip cds to 256bit mp3s 21:23 < TandyUK> the cd ofc is only recorded at 96kbit 21:23 < Thuryn-> 384kbps, baby! 21:23 < detha> TandyUK: One of these days VOIP will figure out how to properly do conference calls, so there can be more than one speaker (and shouting) 21:24 < TandyUK> detha: I thought we solved that years ago 21:24 < Thuryn-> detha, it's all in the codec. Polycom phones are pretty good at it. 21:24 < TandyUK> we do 20+ person conferences all the time, no issues with people speaking over each other 21:25 < detha> Most conf calls still have too much echo suppression 21:25 < TandyUK> whe nit gets annoying, moderation goes on and the person running it essentially voices people like on irc :) 21:25 < Thuryn-> TandyUK, is that just because the attendees aren't assholes to each other? 21:25 < TandyUK> Thuryn-: that probably does have an impact on it 21:25 < Thuryn-> :D 21:25 < TandyUK> 20 people who actually want to all talk (and more importantly listen) to each other 21:29 < Aeso> Thuryn-, consider: The human ear can't hear anything north of ~22KHz. The Nyquist theorem tells us that you only need to double the sample rate of the highest frequency content in the sample to characterize a unique waveform. 21:30 < Aeso> Thus, you only need a 44KHz sample rate to capture and reproduce a waveform with frequency content >=22KHz. 21:31 < Aeso> As for sample bit depth, it's a matter of dynamic range. 16 bits gives you enough resolution to represent a 120dB range. Any sound beyond that volume range is a threat to your hearing safety. :P 21:32 < Aeso> (whoops, turns out 16 bits is 96dB range, but the gist is the same) 21:33 < Aeso> Unfortunately, most people follow the 'more bits, more better' philosophy and fall prey to the placebo effect. 21:35 < detha> 16 bits normalized. For intermediate stuff or recording you need more, for the final product 16 bits is more than sufficient. 21:36 < TandyUK> 96dB is still pretty fking loud 21:36 < TandyUK> and tbf if you want more than that, it aint comng from the source, you amplify it 21:37 * TandyUK thinks it is time to get out 'the rig' again soon 21:37 < detha> Quite so. But amplifying low bit rates ives quantization noise 21:37 < detha> *gives 21:37 < TandyUK> 12.5KW of beautiful sound (assuming its turned up!) 21:37 < TandyUK> yeah, vinyl ftw 21:38 < TandyUK> and XLR / SpeakOn's throughout for plugging stuff in 21:38 < Aeso> detha, true, but you can shift all of your quantized frequency content to a range that's less intrusive in most cases 21:38 < TandyUK> I cry when i see "DJ"s using phono connectors 21:39 < Aeso> You can also play back the audio without quantization, but you get these weird multi-order harmonics. It's pretty neat, actually. 21:39 < detha> Aeso: true. but that means fiddling with the content. True audiophools want 1:1 from source to sound 21:40 < TandyUK> *true* audiophiles will still use analog sources and valve based amps 21:41 < TandyUK> digitally reproduced sound is probably like 99.9% as good as it can ever get by now, but it can never match the 'warmth' of analog sound imho 21:41 < Aeso> detha, that's when you remind them that musicians don't record with binaural mics strapped to a head mannequin and the sound stage they're hearing is totally manufactured anyways :P 21:42 < TandyUK> unless ofc theres more digital fuckery going on to fake that 'warmth' 21:42 < Aeso> TandyUK, fools and their money are easily parted, and all that. :P 21:43 < TandyUK> aye, i did a gig for some like that once 21:43 < TandyUK> played a couple of tracks via 3.5mm jack to phonos from spotify on my phone just to test if they would notice 21:44 < TandyUK> with all the 'better' quality options spotify has ofc, and no, they didnt notice one bit lol 21:45 < detha> Blind tests is cheating ;) 21:45 < detha> You have to include the 'it looks like expensive gear' in the experience 21:46 < TandyUK> https://www.bbc.co.uk/news/technology-44457166 21:46 < TandyUK> when will people learn lol 21:47 < TandyUK> that just makes me think of the customer who now has somewhere in the region of £1000 worth of wired/wireless kit in their house, to make one of those 'ring' wireless doorbells work properly 21:48 < TandyUK> they seemed surprised when they found out the front door has shit wifi signal (There was maybe 12 feet of concrete between it and the nearest AP) 21:48 < TandyUK> and i just cant fathon why they dont make a wired POE version of it - then i would probably quite like one 21:49 < TandyUK> fathom* 21:50 < detha> The current version will have batteries. No thanks. PoE would be nice though. 21:51 < TandyUK> yup lol, i get calls from her occasionally complaining its not working, and i have to remind her to charge the fker 21:51 < ||cw> except it's targeted at average consumers, and average consumers don't want to run wires 21:52 < TandyUK> it just gives them false sense of security though 21:52 < TandyUK> all the video recording is cloud based, it has no local storage, and average consumers dont realise how trivial it is to completely jam wifi for a short period, thereby rendering it utterly useless 21:53 < TandyUK> its lucky im not a criminal really lol 21:54 < TandyUK> between my security engineer and locksmithing roles, i doubt theres much i couldnt get into 21:54 < TandyUK> but criminals need to worry about leaving fingerprints and stuff 21:56 < TimeVirus> so Glad I'm not your average consumer - By far I prefer cabled LAN 21:56 < TimeVirus> lol 21:57 < TandyUK> Amen to that 21:57 < TandyUK> need wifi? heres a 100ft cable that reaches every square inch of the building 21:58 < Apachez> praise the lord 21:58 < Apachez> hallelulja 21:58 < dunpeal> detha: btw, I just realized that the odds of an undetectable corruption are lower than 1/2**16 21:58 < Apachez> all your bgp belong to us 21:59 < dunpeal> Because we have to multiply that by the odds that any corruption will occur. 21:59 < dunpeal> Also, TCP packets are of known size, right? 22:00 < detha> dunpeal: checksum goes over a 'fake' header, including length fields etc. 22:00 < dunpeal> (The 1/2**16 does mean that if the network is prone to packet corruption, then a relatively high portion of these corruptions would be undetectable) 22:01 < detha> but it is a simple checksum, not a CRC 22:01 < dunpeal> OK, so size changes will be detected. 22:03 < detha> undetectable is probably actually lower yes, 2^16 * packetlen * something, single bit error in packet, and single bit error in checksum 22:04 < mgrech> hi, i've been having issues with the connections to my irc bnc for quite a while now. from the gui view the connection just "goes away" after a while and this happens fairly regularly for no obvious reason. i've captured a wireshark trace of the problem but i'm not really sure what to make of it, it's just obvious that something is wrong... 22:04 < mgrech> trace looks like this: https://i.imgur.com/GVDHxAl.png 22:05 < mgrech> could anyone help me make sense of it? 22:14 < Apachez> mgrech: then you will love this https://i.imgur.com/yXEj1BF.png 22:14 < mgrech> Apachez: yeah... what's wrong with the way i'm asking? 22:15 < detha> nothing. that looks like two very confused machines doing a 'I was first' 'No I was first' dance with sequence numbers 22:17 < mgrech> it's weird, it seems to happen spontaneously. and when it does, my two other connections to the bnc get disconnected too, most of the time, but not always. and the traces for those connections look different. one has retransmissions but no duplicate ACKs and no RST, the other just goes RST directly without any obvious issues... 22:18 < mgrech> https://i.imgur.com/GjEVs6E.png -- third connection, this time the server seems to send RST 22:18 < mgrech> this all happened at the same time 22:20 < mgrech> my bnc is behind an nginx proxy if that matters 22:22 < detha> the first one seems to be the cause, the others could be the server deciding 'this client is broken, kill all connections from it' 22:22 < mgrech> yeah, looks like it 22:22 < mgrech> i've also had this issue back when my bnc was on a completely different machine 22:23 < detha> But in the first one, both sides transmit at the same time, then don't ACK but do early retransmits with the old sequence number 22:24 < detha> maybe play with no_push option on the nginx side, or things like that 22:30 < grawity> Thuryn-: for 1G there doesn't seem to be any difference; for 10G dunno, according to fs.com listings they're available but slightly more expensive 22:35 < Apachez> grawity: what are you answering? 22:35 < Apachez> something from last decade? 22:36 < BrianBlaze> hey guys, I have a stupid networking issue... I am trying to allow access to a network folder on windows via ftp... 22:37 < BrianBlaze> I can see the folder and go into it and take files from it 22:37 < BrianBlaze> but I can't put files into the folder I get 550 permission denied 22:37 < BrianBlaze> I am not sure what to do to allow write 22:37 < Apachez> on the ftp server software 22:44 < BrianBlaze> so simple 22:44 < BrianBlaze> thanks Apachez 22:44 < BrianBlaze> <3 23:33 < Apachez> https://www.youtube.com/watch?v=ljOoGyCso8s Inside a Huge PCB Factory - in China 23:42 <+catphish> cool 23:43 < djph> catphish: how's that router you're designing coming along? o 23:45 <+catphish> djph: i found some decent hardware (lanner) and wrote a basic bootable system that could swich, i couldn't be bothered to write the routing layer, so i gave up there, and decided that linux would be perfectly good for that 23:46 < djph> haha, guess that works 23:47 <+catphish> so, it could probably do switching with a custom OS, or routing with linux 23:47 <+catphish> but i don't think there's a worthwhile market or project there 23:48 <+catphish> however i then got more interested in azonenberg's open source switch, so gonna wait for his hardware design and see if a cool open source managed ethernet switch can be made 23:48 < alesan> azonenberg's open source switch? what is that? 23:48 <+catphish> i'll be looking to work on some software for that time and money permitting 23:48 <+catphish> alesan: i think all the words are self explanatory 23:49 <+catphish> it's an open source ethernet switch 23:49 < alesan> it's a open source VHDL design? 23:49 < alesan> or whatever hardware description language 23:50 <+catphish> verilog for the fpga, and a hardware design to go with it 23:50 <+catphish> for the ports etc 23:50 < alesan> interesting 23:50 <+catphish> it's quite involved, and mostly beyond my level of expertise 23:50 < alesan> azonenberg, do you have a home page for this project? 23:50 < ||cw> link? 23:52 <+catphish> lots on his twitter and github 23:52 < alesan> name of the project catphish 23:52 < alesan> well would you be so kind to give us a name or a link 23:52 < alesan> I'm not sure how to find azonenberg's twitter 23:52 <+catphish> really? 23:52 < alesan> OK you know what 23:52 < alesan> forget about it 23:53 < ||cw> I don't want to crawl twitter and irc logs. and the github only has some core fpga stuff and some uncommented board designs 23:54 < ||cw> i see nothing that leads to a open source network switch being anywhere near a reality 23:55 < ||cw> closest thing I've seen to one is some of the openwrt boards 23:55 <+catphish> i don't believe there's an openwrt device with a worthwhile switch 23:55 <+catphish> :( 23:56 < ||cw> they are fine for home/small lab use 23:56 < ||cw> only fine though 23:56 <+catphish> like what? 23:56 <+catphish> i wasn't aware of anything beyond 5 ports 23:56 < ||cw> like the ones with hardware vlan support 23:57 < ||cw> true, 5 ports is about all you get 23:57 < alesan> can VLAN be a software feature? 23:57 < ||cw> yes 23:57 <+catphish> alesan: yes 23:57 < alesan> how comes 23:57 <+catphish> but it'll be much slower if its implemented in a cpu vs an asic 23:57 < ||cw> vlans are software on linux hosts... 23:58 < alesan> but in linux hosts VLAN pretty much means the packets are tagged in a given way 23:58 <+catphish> any linux system can do vlans, but it won't be as fast as a switch IC 23:58 < alesan> there is no VLAN broadcast domain processing no? 23:58 <+catphish> alesan: yes, that's what a VLAN is 23:58 <+catphish> i don't know what you mean by that 23:58 < alesan> that's a very small part of what VLAN is 23:59 <+catphish> vlan is just tagging frames with a number and separating them accordingly 23:59 < alesan> VLAN in itself is a way to specify how packets are forwarded on a switch ports 23:59 <+catphish> making multiple logical switches from a single physical piece of hardware 23:59 <+catphish> nothing more complicated than that 23:59 < alesan> yeah that is the broadcast domain you have described --- Log closed Thu Jun 14 00:00:11 2018