--- Log opened Fri Jun 22 00:00:08 2018 00:00 < TandyUK> who clicks random urls anyhow 00:00 < TandyUK> (in here at least) 00:08 <+catphish> tomreyn: how'd you gather that so fast? 00:09 <+catphish> oh it's thedubber.altervi--sta.org, he posts that regularly, i still have no clue why 00:10 < Jonta> Probably catfishing 00:11 < Jonta> I mean… 00:11 < Jonta> Woops 00:11 < Jonta> That joke must be very tired. A apologise 00:29 < E1ephant> spearfishing for cats 00:34 < ryao> I was just tech support for one of my neighbors. I had changed his address space yesterday. He had one Windows machine that insisted on using the old IP address, even if I tried manually setting it. `ipconfig /release` and `ipconfig /renew` made it cooperate, but this was ridiculous. 01:12 < banisterfiend> hi there, when doing an 'ipconfig /all' on windows it shows the 'gateway ip' for each interface..what determines this? does it just figure it out from the routing table? and how come some interfaces do not have a gateway ip yet they still clearly work? 01:13 < adleff> the gateway is assigned by dhcp or manually configured 01:13 < tds> don't forget about ipv6, router advertisements are a thing :) 01:13 < adleff> in ipv6, the gateway is learned via periodic messages sent by the routers 01:13 < banisterfiend> adleff in the case of tap devices, do they get given a gateway by 'dhcp' too? 01:13 < tds> actually, iirc v4 router advertisements are a thing as well, just nobody uses them 01:13 < adleff> banisterfiend, if they are bridged into the same lan, yeah 01:14 < adleff> you also have to configure an interface to receive dhcp configuration 01:14 < adleff> if there's no such config for the tap interface it won't seek an ip address 01:14 < E1ephant> (to ask for dhcp) 01:14 < banisterfiend> but why do 'gateway ip's even need to be assigned to an interface? can't it also be derived from the routing table? 01:14 < E1ephant> the client requests in dhcp 01:15 < E1ephant> banisterfiend: it is derviced from the route table, you can't actually have multiple def gws 01:15 < E1ephant> windows used to not allow this at all, I assume for dhcp it uses weights and time to pick 01:16 < banisterfiend> i guess my quesiotn is why does windows bother to assign gateway ips to an interface, when the OS can just do all the work by examining the routing table, why is it even a thing? 01:16 < E1ephant> it's just storing a value it received from DHCP, in case it's needed in the future 01:17 < E1ephant> would be my assumption, so if your normal gw goes away 01:17 < E1ephant> that one could be installed in the route table 01:17 < banisterfiend> the 'gateway' ip is just the default route right? 01:17 < E1ephant> yes 01:17 < banisterfiend> what if the default route is setup differently, as it is often with vpns 01:17 < E1ephant> or rather, the host IP where you want to next-hop to 01:17 < qman__> Gateways are stored per connection because logically if that connection was down, that gateway would be unavailable 01:18 < banisterfiend> in the case of vpns where they divide the network up to use the 0-> 128.0.0.0 and then 128 -> 255.255.255.255 01:19 < E1ephant> that is one way to do it 01:19 < banisterfiend> there is no 'default route' in that case 01:19 < E1ephant> yeah there is 01:19 < E1ephant> it's just two routes 01:19 < E1ephant> it's effectively your default 01:19 < banisterfiend> but windows can figure that out and assign the right ip to your interface? 01:19 < qman__> That's a hack to get a better priority route via the vpn 01:20 < E1ephant> what IP is "right"? 01:20 < E1ephant> smelling heavy x/y problem at this point 01:20 < E1ephant> what is the actual issue? 01:20 < E1ephant> another way is to point the default up the tunnel, then have a desctinct route to your vpn endpoint /32 to your real gateway 01:20 < banisterfiend> E1ephant i'm just trying to understand why my (tap) interface doesn't have a gateway ip yet it still works 01:21 < E1ephant> because a TAP is a bridghe 01:21 < E1ephant> not routed 01:21 < banisterfiend> E1ephant can you explain more what you mean by that? like i'm 5 :D 01:21 < qman__> default gateway (and routes) are optional settings for interfaces 01:22 < qman__> The vpn doesn't have to assign a default gateway 01:22 < E1ephant> it's routing (layer 3, IPs, packets), and bridging (layer 1/2, MACs/DLCIs/VC-IDs, frames) 01:23 < E1ephant> tap is extending a broadcast domain, tun is creating an individual broadcast domain. 01:23 < E1ephant> (for ethernet) 01:24 < banisterfiend> E1ephant that sounds very cool but can you explain it in a way a dumbass like me can understand it? :) 01:24 < E1ephant> which part is confusing? 01:24 < E1ephant> tbh there are books worth of information on the subject :) 01:24 < E1ephant> the OSI model, or the TCP/IP DoD model is a good start 01:24 < qman__> If you don't understand that, you need to spend time learning how IP networks function 01:25 < E1ephant> keep in mind it is just a model, so not extact 1:1 with technology/implementation 01:26 < banisterfiend> i'm not familiar with what a 'bridge' is exactly in relation to a router 01:26 < banisterfiend> and what you mean by "extending a broadcast domain" 01:26 < E1ephant> yeah, a bridge wouldn't be a router at all, it would be more like a switch, or a repeater/hub 01:26 < E1ephant> https://en.wikipedia.org/wiki/Broadcast_domain 01:29 < banisterfiend> qman__ so in the case the vpn does not assign a gateway to the tap interface, then the routing table is just consulted instead? 01:31 < banisterfiend> wiat a sec, the tap device itself is the default gateway right? 01:31 < banisterfiend> for a vpn 01:31 < qman__> No 01:31 < banisterfiend> since all traffic goes through it 01:34 < adleff> banisterfiend, you need to spend some time reading up on network 101 and the OSI model 01:34 < adleff> but in a nutshell, just picture a tap interface like an ethernet link 01:35 < adleff> https://backreference.org/2010/03/26/tuntap-interface-tutorial/ 01:36 < adleff> https://en.wikipedia.org/wiki/TUN/TAP 01:37 < adleff> https://en.wikipedia.org/wiki/Bridging_(networking) 01:37 < banisterfiend> thanks 01:38 < adleff> banisterfiend, in general, you can close the network 101 gap a little faster if you read a structured reference, like a certification reference 01:38 < adleff> so that would be a network+ book or ccna 01:38 < banisterfiend> i know a fair amount about it, i'm a programmer, but i never bothered to learn the fiddly bits 01:39 < banisterfiend> thanks though that link with the C code should be great 01:41 < adleff> he knows a fair amount but he is confused by the term "bridged" 01:41 < adleff> hmm 01:58 < E1ephant> adleff: read: doesn't actually know yet how much they don't know. 02:00 < adleff> I understand things! I'm a progammer! 02:01 < E1ephant> yeah I am a bit miffed 02:01 < E1ephant> because I know I don't know shit about advanced CS :) 02:01 < adleff> I am totally lost on this bridging concept but I'm sure this C code you linked will clear it all up! 02:01 < E1ephant> I am not trying to instruct on object/struct/class relations in scala (uh my head hurts.) 02:02 < E1ephant> read: I still don't fully get scala It think, need to plug ahead with books! 02:02 < E1ephant> minus t 03:32 < Abbott> I'm not sure if this is right place for this question, but I'm trying to understand my home internet connection. My parents place has two modem/router combo devices, both with coax cable coming in from the service line. My stepdad says that we only have one active connection, so how could we have two modems? isn't the service line a one-on-one type communication line that only one modem can use? 03:33 < light> Why don't you unplug them one at a time to see which is used? 04:03 <+pppingme> Abbott you sure they are both modem/router devices? Grab the model number off each of them 04:44 < creater> anyone here have linux shell for rent? 04:48 < Maarten> creater, http://bfy.tw/IibG 06:10 < tave> I recently completed this guide https://www.m00nie.com/2011/03/steps-to-configure-an-ipsec-site-to-site-vpn-on-a-cisco-ios-device-gns3-lab/ and the vpn connection is established, but now I want to prevent the inside network from accessing anything except for the inside network on the other router. What do I need to read in order to accomplish this? 06:11 < light> just firewall it off 06:12 < tave> @light, sorry but I'm just learning about cisco routers, do you have a reference that you could point me to by any chance? 06:13 < CuriosTiger> tave: Google "Access Control List" 06:13 < tave> thank you! 06:35 < iateadonut> i am working to add a second iface eth1. problem is- i accidentally changed the default to eth1 instead of eth0 06:35 < iateadonut> 'ip route list' shows 'default via 10.0.0.1 dev eth1' when it used to show eth0 06:37 < light> so change it back 06:40 < iateadonut> light, thanks, how do i change it? 06:41 < light> undo what you just did 06:48 < iateadonut> wiser words were never spoken 08:15 < zamba> anyone using ntopng here? i'm struggling to create a graph for the historic flows 08:28 < zamba> alternatively.. i need a tool that can do a pretty granular graphing of network throughput 08:28 < zamba> running locally 09:11 < Apachez> https://www.youtube.com/watch?v=AIf1fydxrfo IKEA - Swedish Midsummer Fest - Banned Commercial From Germany 09:12 < Apachez> Anyone wants to buy the batmobil? https://auktion.kronofogden.se/auk/w.Object?inC=KFM&inA=20180615_1058&inO=1 09:13 < Atro> it looks shitty 10:37 < spaces> why are all these stupid schools and companies overrating Blockchain ? don't they have better education ? 10:38 < mjauschwitz> doing what 10:41 < iateadonut> spaces, objectively rate blockchain; objectively measure how stupid schools and companies rate blockchain; compare the two. 10:42 < spaces> iateadonut which gives output ?? 10:44 < mjauschwitz> omg i want a donut 10:45 < spaces> mjauschwitz I just made a donut 10:46 < spaces> it's chocolate brown and I was about to flush it... so be quick! 10:50 < mjauschwitz> oh my god you are SOOOO funny 10:50 < mjauschwitz> you should have like a show on netflix 10:50 < spaces> nah, I like to have a fun life 10:51 * mjauschwitz bangs head on table 10:52 < Atro> lol 11:21 < monkeynuts> rrdtool monitoring traffic from /proc/net/dev...that would be Bps yah?...would need to *8 for bps? 11:24 < metheo_irc> hi ppl 11:24 < metheo_irc> any LIRs here ? RIPE/ARIN ? 11:30 < mjauschwitz> what, you want to ask for an allocation on IRC? 11:31 <+xand> my ISP gives out allocations over IRC 11:31 <+xand> :3 11:33 <+catphish> A&A might if you're into that kind of thing :) 11:35 < Apachez> mjauschwitz wanna hug? 11:36 < metheo_irc> mjauschwitz, no, just interesting what is the upper border for ipv6 assignments made by LIRs to end users/isp's 11:36 < metheo_irc> as a best practice 11:37 < Dagger> xand/catphish: can confirm, got my v4-/27 over IRC 11:38 < metheo_irc> RIPE assignment policy does point only on minimal end-user assgnments - /64. 11:39 < Dagger> pretty sure RIPE's policy makes it rather clear that /64 is too small 11:39 < Dagger> https://www.ripe.net/publications/docs/ripe-690/#4-2-3--prefixes--longer-than--56 "It is strongly discouraged to assign prefixes longer than /56 unless there are very strong and unsolvable technical reasons for doing this." 11:40 < Dagger> (the max general assignment size to end users should be about /48, although bigger is perfectly fine if the user needs it) 11:42 < metheo_irc> Dagger, yep, thanks for the remind 11:45 <+catphish> metheo_irc: as Dagger says, you should always assign between /48 and /56 depending on the type of customer 11:45 <+sep> metheo_irc, we use /56 for private house ; /48 for any business as default, without a special need. business with special need get whatever they want/can argument for. 11:45 <+catphish> i would recommend what sep said 11:47 <+catphish> /56 is plenty for one building / home, /48 is a good idea for anyone who might have multiple logical units within their network 11:47 < metheo_irc> guys, thank you all for clarification! 11:47 * mjauschwitz is facepalming repeatedly as the access control people finally find the door controller on the 1st floor, and trace its serial cable to 9th 11:47 <+sep> metheo_irc, altho we do reserve a /44 for each /48 business in the ipam tho..... :) 11:48 < metheo_irc> yes, customer asked for ipv6 prefix "as large as possible" ) 11:48 <+catphish> metheo_irc: it's worth mentioning that none of this changes the fact that one should always use exactly one /64 per broadcast network 11:48 < metheo_irc> usually, assign /56, /48 in special cases too 11:49 <+catphish> yep 11:49 < metheo_irc> up to /48 - not a problem, just assign and register in db 11:49 < metheo_irc> and policy says 11:49 < metheo_irc> https://www.ripe.net/publications/docs/ripe-699#5 11:49 < metheo_irc> 5.4.3 11:50 <+catphish> so if you're a home user and you get allocated /56, you should then use /64 for your wifi, another /64 for your guest wifi, etc 11:50 < metheo_irc> oops 5.4.2 11:50 < metheo_irc> "When a single End Site requires an assignment shorter than a /48, it must request the assignment with documentation or materials that justify the request. " 11:50 <+catphish> anything between /56 and /48 is fine, depending on your opinion and the customer's requirements 11:50 < mjauschwitz> just give all these bastards a /48 11:50 < Apachez> define "end site"? 11:50 < Apachez> we got one site at floor 4 and another site at floor 5 11:50 <+sep> metheo_irc, without knowing the company... /48 unless they have lots of sites and different classes of networks. it is 64k /64 subnets. but you want hirarcial structure, so if they have lots and lots of locations and types of network you might give more 11:51 <+catphish> Apachez: that's clearly one site 11:51 < Apachez> "usually" you go /32 per organisation and /48 per building/site 11:51 <+catphish> Apachez: no, that's insane 11:51 < Apachez> catphish: no its not, floor4 is company X site A and floor5 is company Y site B 11:51 < Apachez> so two different sites 11:51 <+catphish> /48 per org, /56 per building 11:51 < Apachez> no 11:51 < Apachez> thats insane 11:52 <+catphish> Apachez: you can disagree with ripe and everyone else as much as you like 11:53 <+sep> i guess it depends on the size of the org/building. if you need to split nibbles to get a sane structure and hirarchial routing then you have to small prefix. and you should have room to grow on each nibble. 11:53 <+catphish> of course, if you're a megacorp, an ISP might assign you a /48 for each of your sites, that's perfectly reasonable 11:53 < metheo_irc> well, previously, for v4, there was ripe-384 form , here not clear about "documentation or materials that justify the request" 11:54 <+sep> if you are a big corp you better get your own PI space tho 11:54 < Apachez> catphish: ripe says /32 per org too 11:54 < Apachez> so YOU can disagree with ripe and everybody else since you are insane 11:54 < Apachez> metheo_irc: "our routers can only configure /32" ? ;) 11:55 < metheo_irc> ))) 11:55 <+catphish> lol 11:56 <+catphish> i can't see how /32 per org makes sense unless it's PI 11:57 <+catphish> normally you take a DSL of some kind from an ISP, they allocate /56 or /48 per line, depending on your needs 11:57 < Apachez> enterprise dont use dsl 11:57 <+catphish> yes they do 11:57 < Atro> ha 11:57 < Atro> ofc they used sl 11:57 <+catphish> they gotta connect somehow 11:58 <+catphish> the tech doesn't matter 11:58 < tds> afaik RIPE will never do PI allocations anywhere near /32s 11:58 < tds> it's /48 by default, you might be able to get a /45 or so with sufficient documentation 11:58 <+catphish> tds: i didn't know that, i assumed PI would be bigger than a normal PA assignment from an ISP 11:59 < Atro> catphish: i work via Pidgeon Carriers, but they dont work in bad weather :( 11:59 < Roq> That's not true, we have a /32 from ripe 11:59 < tds> of PI space? 11:59 <+catphish> Roq: PI? or are you an ISP? 12:00 < Roq> oh sorry, yeah isp 12:00 <+catphish> yeah ISPs get between /32 and /29 12:00 <+catphish> but that's to allocate to other people :) 12:00 < Roq> I should read more than two lines up 12:00 <+catphish> lol 12:00 < Roq> haha my bad 12:05 < shanee> Hi. I'm trying to get an embedded device that can make HTTPS requests. Do I need to include all root CA certificates? Where can I get a list? It seems like there's quite a lot? 12:07 < Wulf> shanee: grab them from mozilla 12:08 < Wulf> I think it's https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt 12:10 < shanee> Wulf, Looks good. Do I need all 150? I'm a bit short on space and 200kb is hard to find. 12:10 < Wulf> https://wiki.mozilla.org/CA/Included_Certificates 12:10 < Wulf> shanee: Do you know in advance to which hosts you need to make requests? 12:10 < shanee> Wulf, No. Not really. 12:10 < Wulf> shanee: do you have plenty of RAM? 12:11 < shanee> Wulf, Yes. About 300kb free. 12:14 <+catphish> if you want to make HTTPS requests to any site you will need all the common root CAs in your flash :( 12:14 < Wulf> shanee: you could try to cheat a little 12:15 < shanee> Ok. Thank you. I was hoping that perhaps all roots were signed by another certificate or something. 12:15 < shanee> Wulf, How might I do that? I was thinking I could set up an API that validates certificates? Then I'd only need my APIs root. 12:16 < Wulf> shanee: that would be one way too 12:16 < Wulf> shanee: and probably not a bad one 12:16 <+catphish> shanee: unfortunately the point of a "root" certificate is that it's the absolute top of the tree, you must trust it explicitly 12:17 < shanee> Wulf, What were you thinking of? 12:17 < Wulf> shanee: you can make an api to which you send the the first certificate you receive from a tls server. You API replies with the corresponding root cert. Then you tell your tls library to use the root cert for verification 12:17 <+catphish> with that said, you could definitely cheat by making your own CA that signs all the root CAs that you want to trust, then you could just put that cert in your device, and download other CAs in demand 12:17 < Wulf> shanee: I was thinking of storing only the public keys. In binary format. 12:18 <+catphish> yeah, as Wulf says, you can make an API that provides the root certs, then you only need a single CA to authenticate that API 12:19 < shanee> Wulf, Humn. Wouldn't that make it pretty trivial to break? 12:19 < varesa> another way could be to relay the traffic through a proxy server that re-encrypts the traffic with a single CA 12:20 <+catphish> also possible, but unpleasant 12:20 < Wulf> shanee: The self-signature inside the root certs is useless 12:20 < Wulf> shanee: and many libs don't look at it at all 12:21 < shanee> Wulf, Oh. So if I have a roots public key I can validate that another certificate was signed by it? 12:21 <+catphish> yeah you can definitely save a lot of space by storing the certs in the right format 12:21 <+catphish> you could just not bother to verify servers at all ;) 12:22 < Wulf> shanee: you could strip down the root certs to a total of about 100kb 12:22 <+catphish> ^ this is likely the best idea 12:22 <+catphish> also, you could likely drop 50% (more?) of the root CAs because they're so obscure and nobody's using them 12:23 < Wulf> shanee: well, not the public key, but the "tbs certificate" which includes the pubkey. You also need the subject and the subject key identifier 12:23 <+catphish> i'm not sure though 12:23 < Wulf> catphish: yep, only few root certs are actually used. 12:24 <+catphish> so yeah, find a list of root CAs that actually matter, and store the minimum required binary data 12:24 < Wulf> That API thing isn't bad either 12:25 < shanee> What's the minimum binary data? At the moment I use the "PEM info". Which starts --BEGIN CERTIFICATE--. Assuming I un-base64 this, am I storing more data than I need? 12:25 < Wulf> shanee: you can use the DER encoding of the tbs_certificate. 12:25 < Wulf> shanee: or you can use even less information. 12:26 < Wulf> shanee: like I said: public key, subject, subject key identifier. 12:26 <+catphish> shanee: DER is probably the format you want 12:26 <+catphish> obviously the bytes "--BEGIN CERTIFICATE--" are a huge waste of space to begin with, then base64 encoding is wasting space too 12:26 <+catphish> DER is a raw binary format 12:27 < shanee> Ok. Thank you. I've learnt a lot. :) 12:27 <+catphish> great 13:11 < h0dgep0dge> would anyone care to recommend a robust setup for a pppoe internet connection? I have previously used a standard linux box, but the pppoe software i was using was so inefficient that the computer's cpu almost bottlenecked the internet speed, which was 100mbit. I'm reluctant to trust an ordinary domestic off the shelf solution, perhaps something business grade? I have (and love) a ubiquiti ap, but i've heard their USG is a PITA, woul 13:11 < h0dgep0dge> d love to hear an opinion on that specifically. 13:12 <+catphish> h0dgep0dge: use an edgerouter 13:13 < h0dgep0dge> seems like overkill, is there any reason i'd use that over the usg? 13:14 < h0dgep0dge> i don't even need gigabit, and i think the smallest edgerouter has 5? 13:15 < varesa> edgerouter lite has 3x interfaces 13:15 <+catphish> i use the edgerouter lite for most sites 13:16 <+catphish> 3 interfaces, only like $99 13:16 <+catphish> just because it *can* route at gigabit doesn't mean it's only suitable for when you have those speed requirements, most of my sites have 80Mbit DSL 13:17 <+catphish> there's also the edgerouter X, which i'd probably recommend over the lite for low speed applications 13:17 < bezaban> where low speed <1gb? 13:17 <+catphish> yes 13:17 < bezaban> mm +1 13:18 <+catphish> i don't actually know the throughput of the ER-X, but its got less advanced hardware acceleration 13:18 <+catphish> its plenty capable of 100Mbit though :) 13:18 < h0dgep0dge> yeah, the edgerouter x is only $49, i'd assumed it would cost more given that it looks like it has more to it than the usg 13:19 < h0dgep0dge> what's it missing that accounts for the lower price? 13:20 <+catphish> it has less hardware acceleration, may not do hardware ipsec, not sure 13:20 < bezaban> the erx has a switch iirc 13:21 < lupine> best avoided 13:21 < lupine> grab an APU2 or so instead 13:23 < h0dgep0dge> lupine: are they open source? i am a fan of that kind of design philosophy, but I have already bought into the ubiquiti ecosystem 13:24 < h0dgep0dge> catphish: so less performance, but not something i'd feel at 100mbit, correct? 13:24 < lupine> h0dgep0dge: far more so than ubnt are 13:24 < bezaban> I was a bit dissapointed by the ER, the cli was less streamlined than I expected and seeing the debian underneath it was a bit frustrating to get the config I wanted via custom parameters when I would much rather just tweak everything directly like I would on an apu 13:25 < lupine> the edgerouters are crap hardware, running locked-down, stale debian without any of the good bits of debian, with a hacked-up vyatta in the way of most things, and a crap web UI 13:25 < bezaban> web dashboard makes it a bit more available to others though 13:25 < Dalton> yeah but edgerouter vs apu price? 13:25 <+catphish> h0dgep0dge: i'd say that was correct, though if you are intending to do ipsec, i'd suggest the higher spec device 13:25 < lupine> apu2 is about twice the price, and about 10x the value 13:26 < varesa> I wonder if VyOS would run on an APU2 13:26 < lupine> when price-conscious, I buy some consumer hardware that runs openwrt and use that instead. various buffalo routers have been great for that 13:26 < varesa> can't really see a reason why it wouldn't 13:26 <+catphish> oh yeah, the erx has a switch if you need that, you probably don't 13:26 < lupine> (about 1/2 the price of an edgerouter, and about 3x the value) 13:27 <+catphish> the benefit of the edgerouter is the hardware acceleration, it can achieve high throughput, including ipsec, for a low cost 13:27 <+catphish> but there really aren't many other business products in that price range anyway, maybe mikrotik, but i personally don't like their proprietary interface 13:28 < h0dgep0dge> yeah, how do the APUs handle pppoe? Would I have to do it all in hardware? 13:28 < h0dgep0dge> all in software, sorry 13:28 <+catphish> a lot of it comes down to taste, in all honesty, you're not going to get anything better than residential quality at this price 13:28 < varesa> APUs are basically small x86 PCs 13:28 <+catphish> h0dgep0dge: by the way, pppoe is not expensive, if you just run linux and the standard client, it should work fine 13:28 <+catphish> no idea why you had such trouble before 13:29 < h0dgep0dge> hm. that's good to know 13:29 <+catphish> anyway, my recommendation is generally an edgerouter (or lite or x) as they are so featurefull and can scale for performance, they're still "cheap" hardware though, not enterprise quality 13:30 <+catphish> if you're into open source / linux / PC servers, you may want to just try building your own again with better software 13:32 < h0dgep0dge> i was also using vlans and a switch to bodge not having 2 NICs, perhaps that was causing issues 13:33 < h0dgep0dge> i'll do some experiementation, in typical nerd fashion i have linux boxes lying around, i'll have a go using one of those before buying anything 13:34 < h0dgep0dge> the APU do appeal to the networking nerd masochist in me, though 13:36 <+catphish> i like the edgerouter, but unfortunately because of the proprietary hardware forwarding they have to run a rather proprietary OS, however i like it, the CLI is nice, and you can access it's underlying linux pretty freely 13:39 < mjauschwitz> lupine: memes 13:41 < h0dgep0dge> thanks for the help y'all, i'm glad to be turned onto these pc engines people 13:41 < h0dgep0dge> i might be back if i need help when my fibre gets installed 13:59 < spaces> so the internet sucks, blockchain has no future and we are all gonna die().... 13:59 < brahmana> Hi all, is there a way for me to check how many connections are waiting to be accepted on a listening TCP socket? (i am on Ubuntu server 16.04) 14:00 < Apachez> netstat ? 14:02 <+catphish> netstat might help, can't think of any other way :( 14:03 < Roq> 'ss' works, but im not sure if that's just for established 14:03 <+catphish> i don't even know how netstat would class things in the backlog, linux actually pre-accepts them 14:04 <+catphish> since there's no api to reject them, linux just goes ahead and accepts them before you even call accept() 14:04 <+catphish> i always thought it would be cool if you could pre-screen connections and reject them, but you can't :( 14:04 < brahmana> Apachez: netstat shows info on connections awaiting to be accepted? 14:05 < mjauschwitz> X-Y problem and so on 14:05 < h0dgep0dge> according to the netstat manpage: " Recv-Q 14:05 < h0dgep0dge> Established: The count of bytes not copied by the user program con‐ 14:05 < h0dgep0dge> nected to this socket. Listening: Since Kernel 2.6.18 this column con‐ 14:05 < h0dgep0dge> tains the current syn backlog." 14:05 < moog> hi , "ss" does etstablished/wait/listen/close/Last-ack/ and probably others 14:05 <+catphish> netstat shows information about all network sockets 14:05 < balder> ss -t state syn-recv 14:05 <+catphish> h0dgep0dge: handy 14:05 < h0dgep0dge> "the current syn backlog" sounds like what you want 14:05 <+catphish> indeed, though i'd test it to be wary of the pre-accept i mentioned 14:06 <+catphish> they may not be in a "syn backlog" 14:06 < h0dgep0dge> but you have to ask yourself one question, do you feel like writing a test program to determine if the number corresponds to backlogged connections that haven't been accepted yet? do ya, punk? 14:07 < brahmana> catphish: So there is no easy way for me to know how many connections are awaiting for my app server to be picked up and served? 14:07 < h0dgep0dge> it's only 00:07, i could write a quick c program 14:07 <+catphish> brahmana: i don't know, h0dgep0dge's suggestion might work 14:08 < h0dgep0dge> detective h0dgep0dge is on the case! 14:08 < brahmana> h0dgep0dge: I am would be more than happy to run the code or of be any such help.. ! 14:08 < brahmana> s/am would/would 14:08 <+catphish> h0dgep0dge: how do you get that value from netstat? 14:08 < h0dgep0dge> haven't a clue, i'll burn that bridge when i get to it 14:08 <+catphish> oh, its one of the columns :) 14:09 < h0dgep0dge> i haven't written int main() in so long, feels like the touch of an old lover 14:09 <+catphish> i have an answer 14:10 < h0dgep0dge> let's see if i can finish my program, compile, and run it before you finish typing 14:10 < moog> If someone needs a netstat look for ss with many options, may i suggest you https://agmen.org/netsstat , a netstat for ss 14:10 <+catphish> https://i.imgur.com/BgPJERD.png 14:11 <+catphish> the answer is linux accepts them and they show up as ESTABLISHED 14:11 <+catphish> up to some limit anyway 14:12 < h0dgep0dge> i don't think that shows the column that i found 14:13 <+catphish> it does 14:13 < h0dgep0dge> because it should also have a column for the largest possible backlog 14:13 <+catphish> Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name 14:13 <+catphish> those are the columns 14:13 < EdLin> hi. I'm having difficulty flashing my router in dd-wrt using a web-browser, it's over a NIC, but no matter what browser I use I get a reset connection and the flash fails early-on 14:14 < h0dgep0dge> what's the protocol here? take a number, wait your turn? lol 14:14 < lupine> catphish: the hardware acceleration in the edgerouter is pretty rubbish 14:14 < h0dgep0dge> sorry edlin, we're just sorting someone else out 14:14 < lupine> APU2 does well with encryption and *also* does well with rp-pppoe 14:14 <+catphish> brahmana: anyway, IMO the only way you can do this is to have a thread in your application that accepts all connections immediately and puts them in a queue, then worker threads that handle connections in the queue, then you can see the queue size yourself 14:14 < EdLin> no problem, mention my nic when you're ready. 14:15 < EdLin> my nick* 14:15 < h0dgep0dge> catphish: why is send-q 0? it should be the maximum size of the syn backlog 14:15 <+catphish> lupine: you'll have to define "pretty rubbish" because it does what it's supposed to do, forwards 1Mpps in a $99 device :) 14:16 <+catphish> lupine: it even supports ipsec, gre, vlans, pppoe, nat, iptables 14:16 <+catphish> so really, it's pretty impressive 14:16 <+catphish> h0dgep0dge: dunno! thats just what it is on my pc 14:17 <+catphish> lupine: there are reasons not to like it, but i certainly wouldn't call it rubbish 14:18 < h0dgep0dge> i forget who asked the question, but whoever you are, i'm going to continue investigating and see what i can find. maybe pm me so i can pm you back when i come to a conclusion 14:18 <+catphish> brahmana ^ 14:18 < h0dgep0dge> okay, are we cool to open the floor to the next in line? 14:18 <+catphish> https://www.quora.com/How-can-I-check-TCP-backlog-queue-for-a-specific-process-on-Linux 14:18 <+catphish> that might help 14:18 < EdLin> hi :) 14:19 < brahmana> h0dgep0dge: That would be me 14:19 < EdLin> aww 14:19 <+catphish> EdLin: you could try a lower MTU in case it's that, but sounds like maybe just the software receiving the code is broken :( 14:19 < h0dgep0dge> ugh i'm going to be so upset if i'm proved wrong by a goddamn quora thread 14:20 <+catphish> brahmana: that link was for you by the way: https://www.quora.com/How-can-I-check-TCP-backlog-queue-for-a-specific-process-on-Linux 14:20 < brahmana> EdLin: I actually meant I am the guy whom h0dgep0dge is helping.. you are actually next in line... :) 14:20 < brahmana> yup.. checking.. 14:20 < EdLin> catphish, does that mean I won't be able to flash via the web interface anymore? 14:21 < EdLin> is there another way to do it reliably? Maybe tftp or something? 14:21 <+catphish> EdLin: i'd try via a different mechanism if possible, once it's flashed once it'll probably be ok with the non broken new firmware 14:21 <+catphish> depends on the device, not sure 14:21 < EdLin> the problem is I'm flashing stock firmware, I'm not sure if that can be done via tftp on this 14:22 < EdLin> was switching to that, then to tomato for SIP ALG 14:22 < EdLin> because my SIP phone isn't working on outgoing calls with my voice 14:22 <+catphish> your stock formware doesn't allow you to disable SIP ALG? nasty :( 14:22 < EdLin> if I can solve that issue, maybe I don't need new firmware 14:23 < EdLin> catphish, no, I actually wanted SIP ALG, because I can't get my SIP phone to work otherwise. 14:23 <+catphish> you really don't want that 14:23 < EdLin> then what do I want to do? 14:23 <+catphish> well you should probably ask your SIP provider, but normal advice is to make sure SIP ALG is disabled 14:24 < EdLin> dd-wrt has no SIP ALG. 14:24 <+catphish> and if it definitely is, you should be fine 14:24 < EdLin> nope, it isn't working, when I call out, people can't hear anything I say 14:24 < lupine> catphish: it doesn't support openvpn, or didn't when I was using it 14:24 < EdLin> I can hear them, they can't hear me. 14:24 < lupine> the hardware crypto acceleration in the apu2 does 14:24 <+catphish> that's a very unusual problem, outbound audio shouldn't be affected by NAT :( 14:25 < ne2k> EdLin, did you accidentally leave headset mode on without a headset connected? 14:25 <+catphish> oh, i suppose the remote could be rejecting it 14:25 <+catphish> EdLin: who is the SIP provider? seems like they aren't supporting NAT properly :( 14:25 < ne2k> NAT = teh bad 14:26 < EdLin> ne2k, no way, because when it's enabled, an LED is lit 14:26 <+catphish> any good provider should accept your audio even if it's being NAT'd 14:26 < ne2k> EdLin, is the microphone broken 14:26 < EdLin> catphish, I am using anevo 14:26 < ne2k> or the cord 14:26 < EdLin> ne2k, could be, but then why does SIP ALG fix it? 14:26 < ne2k> lel 14:26 < EdLin> anveo* 14:26 <+catphish> any chance you could just try a different provider? 14:26 < ne2k> EdLin, sorry, I'm too used to providing support to idiots 14:26 < lupine> ISTR you're also bound to the ubnt-provided kernel by the hardware crypto module they provid 14:27 <+catphish> SIP ALG *may* actually fix this, they may rewrite your address in the SIP packets which would make the remote accept the audio 14:27 < EdLin> catphish, I'd really prefer not to. I have $30 in their account, and can't really afford to start all over payment-wise with someone else 14:27 <+catphish> but this isn't how SIP providers usually operate any more 14:28 <+catphish> EdLin: i see :( well i guess they're doing SIP in a NAT-unfriendly way, so i guess you *do* need SIP ALG 14:28 < EdLin> plus I'd need to transfer the number, and that takes over a week for a SIP line 14:28 <+catphish> i guess it's worth trying 14:28 <+catphish> but i can't provide much more assistance with the flashing 14:29 <+catphish> you could see if openwrt supports the device, they often have good instructios 14:29 <+catphish> *instructions 14:29 < EdLin> openwrt doesn't support the device, well, it supports the wired switch, but not the wifi 14:29 < EdLin> open source religion wrt the wifi chip 14:29 <+catphish> makes sense 14:30 < lupine> *sometimes* you can replace the wifi adapter in consumer routers. worth opening it up to have a look 14:30 < lupine> sometimes they're just plugged in via miniPCIe or so 14:30 < EdLin> lupine, is that the case for a netgear r6400? 14:31 <+catphish> EdLin: by the way, have you asked the SIP provider? they may be able to enable some kind of NAT mode for your line from their end 14:31 < EdLin> catphish, I'll talk to them. 14:32 <+catphish> it's worth asking, SIP providers deal with this problem constantly 14:32 < EdLin> yeah, I hear some horror stories about anveo's customer support tho, I wanted to go with them because they are both reliable server-wise and cheap 14:32 < EdLin> I'll try anyway. 14:33 < EdLin> thanks for your help 14:34 < lupine> EdLin: no idea. get a screwdriver 14:35 < lupine> kids these days :D 14:45 < zuthu> could sb maybe tell me if I did that right: https://img1.picload.org/image/dowarida/nw.jpg 14:45 < k_sze> I'm trying to setup docker-mailserver (https://github.com/tomav/docker-mailserver). Could somebody explain to me why I would want to enable SASLAUTHD? 14:46 < ne2k> whois zuthu 14:47 < zuthu> ./ 14:47 < ne2k> :-D 14:47 < zuthu> ;) 14:47 < ne2k> zuthu, I've answer my question by loading your image 14:48 < zuthu> what do you mean? 14:48 < ne2k> zuthu, I was trying to establish whether you were a native speaker of German because of the way you worded something. it's something a lot of German's say. you used "that" instead of "this" 14:48 < ne2k> Germans* 14:48 < zuthu> haha 14:48 < zuthu> okay 14:48 < ne2k> zuthu, it's extremely minor and no-one would ever misunderstand what you meant, but it just sounds a little odd 14:49 < zuthu> I'm going to repeat THAT until everyone is using it 14:49 < zuthu> ne2k: thx for the advice :) 14:49 < ne2k> kp 14:50 < ne2k> is this homework, btw? 14:51 < zuthu> preparation for a course 14:52 < zuthu> I wanted to test it with cisco packet tracer (no way to get it for free) or GNS but it's way too complicated for a beginner 15:11 < h0dgep0dge> catphish: you were right about the backlogs 15:11 < h0dgep0dge> there are 2 queues, one for connections pending completion of the handshake, and one for connections pending being accepted 15:12 < h0dgep0dge> and it seems like if anyone, netstat gives information about the prior, and there's no good way to get to the latter 15:12 < h0dgep0dge> ^anyone^anythign 15:12 < h0dgep0dge> ^anythign^anything 15:15 <+catphish> h0dgep0dge: i'm always right 15:16 < h0dgep0dge> 01:16, time for bed 15:16 < h0dgep0dge> goodnight all 15:16 <+catphish> enjoy :) 15:20 < regdude> Has anyone used MAC address masks? If I wanted to match 01:80:C2:xx:xx:xx, then I would use /FF:FF:FF:00:00:00 ? 15:23 < ellyacht> regdude: what do you mean match? 15:24 < Apachez> match where? 15:25 < spaces> Apachez we match 15:25 < spaces> it's a perfect fit you know 15:25 < regdude> nvm figured it out, was like I said 15:26 < ellyacht> spaces: lol? 15:30 < Thanos> Q: I want to take my current background of bedside healthcare and move into healthcare IT. Anyone know of a reasonable in demand path for an RN in such a position? 15:30 < Apachez> woot? 15:30 < Apachez> Thanos: dont drink and irc 15:31 < Thanos> I don 15:31 < Thanos> er, don't drink 15:35 < djph> start. 15:42 < mjauschwitz> Thanos: healthcare IT is about the worst case of IT there is 15:43 < mjauschwitz> archaic, underbudgeted and there are regulations so deep up your arse they'd arrest your family if you so much as a twich 15:43 < mjauschwitz> if this sounds appealing to you it'd probably easier and at least as enjoyable to pay a fat woman to tie you up and whip you 15:44 < spaces> ellyacht always ufn 15:44 < spaces> fun 15:47 < djph> mjauschwitz: easier yes. but dealing with fatties is never enjoyable. 15:47 < mjauschwitz> try PCI DSS *and* HIPAA 15:47 < Thanos> It has to be healthcare IT. I'm not going to abandon my current career 15:48 < Thuryn> and PCI DSS was written by half-trained monkeys. 15:48 < djph> you're leaving "bedside healthcare"... and want to move into "IT". Those are two entirely different career paths 15:48 < Thuryn> i think it would have been better if the monkeys had been completely untrained, because then everyone would KNOW they were full of shit 15:49 < Thuryn> but these monkeys knew just enough to sound as though they knew what they were talking about. 15:49 < djph> at least PCI has teeth for when you "accidentally(tm)" have a breach. 15:49 < djph> or did they take that out now too? 15:51 < Thanos> djph: not really. You can expand from bedside into any huge range of healthcare related fields and retain your healthcare status. 15:51 < Thanos> which is actually the ideal. 15:51 < djph> ... and yet another reason why healthcare is fucked. 15:52 < Thanos> yeah, cause why would you want the people who have worked on the floor to have any input into the system on which they depend, right? /s 15:52 < djph> if you leave "nursing" to go to "IT" the time in "IT" should not count towards experience anywhere else. 15:53 < Thanos> I didn't say leave nursing. I said expand nursing into IT related field. 15:53 < djph> I mean, look, if you're just saying "experience in healthcare" with "healthcare" being an umbrella for all jobs that touch it ... meh fine. I mean, you can do that in most any industry. 15:53 < djph> oh, fuck no. 15:54 < RustyJ> IT RNs is the easiest RN 15:54 < Thanos> I'm sure there are medical records jobs or other IT related fields to explore. I was just trying to find a good baseline/someone knowledgeable. 15:55 < RustyJ> lol, I'm IT/BIS and my wife is a APRN... so i know a little bit 15:55 < djph> every org I've ever seen has been "nurses over here", "IT over there", "record entry monkeys over there" 15:56 < djph> and while they interact; the "nurses" aren't "IT" or "Record Monkeys" (or vice-versa) 15:56 < Thanos> to at least some degree they are. Not enough of one however. When they aren't you get horrible products like soarian. 15:57 < Thanos> RustyJ: what is a reasonable career path for an RN wanting to move into healthcare IT? any opinions? 15:58 < djph> can guarantee the people writing it probably hated the manglement decisions just as much as the people using it. 15:58 < RustyJ> EMRs typically aren't handled by RNs, and neither is coding (ICD10).... Thats the data entry folks 15:58 < node808> informatics 15:58 < node808> health information management 15:59 < RustyJ> But there is telemetry jobs that do require a clinical background 15:59 < Thanos> are HIM jobs in demand? 15:59 < node808> a friend of mine is an RN who recently completed a masters in informatics...I think thats as close as it gets for medical field/IT field 16:00 < node808> She's having trouble getting into an HIM position. 16:00 < Thanos> ah 16:00 < RustyJ> what kind of nurse are you? RN 2/4 or LPN? 16:00 < Thanos> RN2/years of medsurg 16:00 < RustyJ> typically they are NOT entry level jobs, and are lead positions 16:01 < Apachez> isnt lead forbidden nowadays? 16:01 < node808> I think the HIM stuff is better as an additional skillset for current IT people than it is for current medical people 16:02 < node808> gets IT pros into the medical IT field better than the other way around 16:02 < RustyJ> ^ 16:02 < potatoe> are file handles and file descriptors effectively the same metric i should be chasing when debugging too many open files? 16:03 < potatoe> is checking /proc/sys/fs/file-nr enough for both? 16:03 < potatoe> on linuxi 16:03 < potatoe> linux* 16:04 < Thanos> I want to retain some bedside enough to do it and see it and stay *able* to do it, but an IT job would be fun and possibly less stress to boot. 16:04 < RustyJ> Honestly, your better path is RN 4 and a supervisory role. 16:06 < Thanos> bleh. supervisory never thrilled me. 16:15 < node808> what about going into PA or CRNA 16:33 < dnanib> potatoe: they are essentially the same. I think "handle" is a windows-side term 16:34 < dnanib> file-nr is the right place to look; the first number is the one you have currently open 17:28 < wind_swept> Tintri is about to go under 17:28 < wind_swept> good riddance i say 17:29 < wind_swept> when the storage admin told me he wanted to shoehorn storage traffic onto my existing network (isntead of the FC network) i was against it. 17:30 < wind_swept> now he gets his comuppance 17:34 < komanda3> 65 17:40 < djph> wind_swept: eh? 17:40 < wind_swept> https://www.theregister.co.uk/2018/06/19/tintri_ceo_quits/ 17:41 < zenix_2k2> uhm one question, is there anyhow i can check my IP address beside going to an online site ? cause i tried https://whatismyipaddress.com and it gave me some really inaccurate details about my IP 17:41 < zenix_2k2> i think it has something to do with the modem or modem-router in my case, doesn't it ? 17:42 < djph> zenix_2k2: what'd it tell you your IP was? 17:42 < djph> zenix_2k2: and what do you think your IP is? 17:43 < djph> ... err, I suppose the better question is "what does the router say it's ISP-side interface's IP is" 17:43 < wind_swept> you can google "what's my ip" and it will return the ip the request came from 17:43 < djph> wind_swept: $5 says he's behind CGN 17:44 < zenix_2k2> actually i think my IP was what it told me, but the point is it gave me wrong info about my IP adress 17:44 < djph> what'd it tell you teh IP was? 17:45 < zenix_2k2> 42.113.189.247 17:45 < djph> wait ... the IP is what it told you, but the info was wrong? 17:45 < zenix_2k2> yea 17:45 < djph> what "info"? 17:45 < zenix_2k2> it told me that i am living in another city which i am not 17:45 < zenix_2k2> and state 17:45 < djph> oh, that's based off who owns the IP 17:45 < djph> not "you" 17:46 < zenix_2k2> wait wut... so i am not the one who owns it ? 17:46 < djph> nope, your ISP owns it. 17:46 < zenix_2k2> and is that also applicalbe to every country ? or only mine ? 17:47 < tds> I mean you could own it, but if you do you probably know about it 17:47 <+catphish> zenix_2k2: geographical info for an IP is only a guess, it's rarely exactly correct 17:47 < tds> oh, missed that you actually posted an ip, ignore me 17:47 < zenix_2k2> if that is the case then how can people like cops track who am i ? 17:47 < zenix_2k2> and where i am 17:48 < djph> zenix_2k2: 42.113.176.0 - 42.113.191.255 is owned by FPT Telecom Company 17:48 <+catphish> zenix_2k2: they ask your ISP who is using that IP 17:48 < zenix_2k2> yea, i do know that it was my ISP, but the city was wrong 17:48 < djph> ^ 17:48 <+catphish> zenix_2k2: only the ISP has that information, nobody else 17:48 < djph> 2nd floor FPT Building, Pham Hung Road, Cau Giay District, Hanoi 17:48 < zenix_2k2> but a few days ago, the city info that that site gave was correct, and now it is wrong 17:49 <+catphish> zenix_2k2: again, that info is not accurate 17:49 < djph> it got updated. it happens 17:49 < zenix_2k2> and actually ... it was wrong in "2 ways", when i tried with local database using pygeoip ( python' 17:49 < zenix_2k2> s module ) 17:49 < zenix_2k2> it was showing another city 17:49 < zenix_2k2> and now another 17:49 < djph> it doesn't matter 17:49 <+catphish> zenix_2k2: you really don't need to worry / care about that info, it's just a database someone made from guesswork 17:50 <+catphish> it doesn't mean anything 17:50 < djph> the closest accuracy that you can realistically expect is the region - e.g. NA or EU or Africa (etc.) 17:50 <+catphish> the only thing that actually matters is the country, sometimes content is restricted by country and they use that data 17:50 < zenix_2k2> but about the Latitude and Longitude ? will it also be rarely correct ? 17:50 <+catphish> zenix_2k2: it will almost always be way off, there's no way they could know your exact location 17:51 < djph> NOTHING beyond "x.x.x.x is assigned to a regional RIR" is ever 100% accurate. 17:51 < zenix_2k2> HHHmmm... but i still understand why lots of people on the internet still advises people to cover and do not expose their IP address when only the ISP knows 17:51 < zenix_2k2> don't understand* 17:52 < djph> they're fucking morons. 17:52 < zenix_2k2> well, ok then... what a relief 17:54 < djph> There are reasons to use VPNs, sure. But all the nonsense about "it'll protect you from whatever government actor" ... if you're under investigation for breaking the law, the cops will do thier thing. 17:55 < zenix_2k2> so you mean that cops still know who i am behind the VPN's wall ? 17:55 < zenix_2k2> proxies,... 17:55 < djph> sure, do you really think those "free" VPNs aren't tracking you themselves? 17:56 < djph> or that if cops are digging into your financial records, they won't find you paying for one of the paid ones 17:56 < zenix_2k2> no no no i don't mean "free", i mean paid 17:56 < zenix_2k2> of cause "free VPNs" come with "free risks" 17:57 < zenix_2k2> actually, all risks are free 17:57 < djph> but realistically it comes around to "are you giving the cops a reason to dig into your activity". 17:57 < Thanos> a good vpn will protect you tho. 17:57 < Thanos> at least in court. 17:57 < Thanos> some already have 17:57 <+catphish> there are reasons to hide your IP, for example if you're breaking the law, authorities would be able to take your IP to your ISP and they'd then provide the physical address that IP was routed to 17:57 < djph> I mean, the internet isn't *private* space -- it's like walking around in a mall. 17:57 <+catphish> also, some people have a persistent IP and they just don't want their web usage to be linked together 17:58 < zenix_2k2> wait, so how about Tor's proxies ? 17:58 < djph> but they're *totally* okay logging into gmail / facebook anyway 17:58 <+catphish> like if you buy something from an online store, they now have your IP and your address, if their database got hacked, someone else could use that to track your IP to your location 17:58 < djph> well "location" 17:59 <+catphish> well, your delivery address you provided 17:59 < Thanos> then someone from outside can scream into the phone "they're in the house!" 17:59 < zenix_2k2> well but that is unlikely to be a normal scenario 17:59 <+catphish> so, it's not totally insane to want to change IP at regular intervals 18:00 < djph> yeah, but if you're talking about "oh they hacked the customer database" ... the IP address part is kinda the least important thing there... 18:00 <+catphish> also just general advertizing tracking 18:00 < zenix_2k2> also, Tor is pretty close to a "free VPN", is it risky ? 18:00 < m0dshalp> catphish, i'm reporting you to the feds 18:00 < zenix_2k2> Hm, more like Firefox with 3 proxies 18:00 <+catphish> tor is by far the best tech if you nee serious anonymity 18:01 < zenix_2k2> yea, i still don't understand how it works 18:01 < zenix_2k2> where are those proxies located at 18:01 <+catphish> it works like an onion :) 18:01 <+catphish> the proxies are all over the world, you route your connection through 3 or more of them 18:01 < zenix_2k2> i know but each "layer" of an onion still equal to a host right ? 18:01 < zenix_2k2> and if there is a host, there is a locatipon 18:01 < zenix_2k2> location* 18:02 < zenix_2k2> "all over world" sounds really magical in networking senses 18:02 <+catphish> no one host knows both the source and the destination of the connection 18:02 <+catphish> that's the key to tor 18:02 <+catphish> well, except the person using it 18:02 < rocketmagnet> hi everyone, short question: when using a vpn i can only choose between udp or tcp, how can i hidde my ip when it only works with one of those and not both ? 18:03 < rocketmagnet> or can i create a firwall rule to handle this kind of problem ? 18:03 <+catphish> ugh 18:04 < m0dshalp> catphish, don't worry - you'll be behind bars soon 18:04 <+catphish> rocketmagnet: that's the protocol it uses to carry the packets, what it actually carries inside is IP (includes both TCP and UDP) 18:04 * catphish reports m0dshalp to his mom 18:04 < zenix_2k2> someone is going to his room 18:05 < rocketmagnet> ah, so it doesn't reveal my ip, no matter if udp or tcp... why can i choose then ? 18:05 < zenix_2k2> :P 18:05 < m0dshalp> catphish: u think i'm fucking joking kid 18:05 * tds is disappointed at catphish's use of american english 18:05 <+catphish> rocketmagnet: because udp is better, but sometimes you can onlyuse tcp, so they support both 18:05 < zenix_2k2> i think both UDP and TCP reavel the IP ? 18:06 < zenix_2k2> reveal* 18:06 < rocketmagnet> so if i can choose it's better to use udp... can you explain in short why ? 18:06 <+catphish> tds: i choose not to believe in american english, i just use english and spell things how i like 18:06 < skyroveRR> catphish: :) 18:06 <+catphish> rocketmagnet: because if you put one TCP connection inside another TCP connection, it can cause problems with performance 18:07 < zenix_2k2> rocketmagnet: i believe there is no such protocol as the best, they all have their own set of needs 18:07 < skyroveRR> Like, recognise instead of "recognize", catphish ? ;D 18:07 <+catphish> skyroveRR: that's a different matter entirely, both of those are valid in traditional "British English" 18:07 < skyroveRR> Oh? Hmm. 18:08 <+catphish> -ise vs -ize is a decades old debate in British English 18:09 < Thanos> generally if the government wants to know what you're doing they will find out. it just depends on how hard they want to pursue it. 18:09 < Thanos> which would depend on what you're suspected of. 18:09 <+catphish> tor is pretty impressive, but it only takes one misake to get caught if people with enough resources are hunting you 18:10 < Thanos> if you're just downloading game of thrones just get a non-logging vpn and go merrily on your way. 18:10 < skyroveRR> catphish: yeah, like logging into facebook using that shit. 18:10 < m0dshalp> catphish: what kind of mistake? 18:10 < skyroveRR> m0dshalp: what I said. 18:10 <+catphish> like logging into facebook using that shit 18:11 < m0dshalp> you must have the iq of a goldfish to do that 18:11 <+catphish> or using a nick on a forum that you once used on another forum where you used a non-tor connection 18:11 <+catphish> (that's how DPR got caught) 18:11 < m0dshalp> wow lol 18:11 < m0dshalp> what a dumb cunt 18:11 < skyroveRR> DPR? 18:11 <+catphish> https://en.wikipedia.org/wiki/Ross_Ulbricht 18:11 < skyroveRR> Oh, that asshole. 18:11 <+catphish> lol 18:11 < skyroveRR> Dread Pirate Roberts. 18:11 < skyroveRR> And Sabu, too. 18:12 < Thanos> but but but ....facebook said they were going to be nice now! /s 18:13 < zenix_2k2> wow... since when they weren't nice ? 18:14 <+catphish> rocketmagnet: you might want to learn a little about IP, TCP and UDP protocols, and how a tunnel encapsulates one protocol inside another, just an overview, so you understand what you're building 19:20 < Apachez> https://www.yahoo.com/news/obama-cyber-chief-confirms-stand-order-russian-cyberattacks-summer-2016-204935758.html 19:28 <+catphish> how are people mirroring thepiratebay? 19:30 < skyroveRR> MAGIC! 19:32 <+catphish> i'd quite like my own copy :) 19:33 < Thanos> torrents. yuck. 19:33 < skyroveRR> catphish: The CPS will be all over you in hours. 19:33 <+catphish> that seems unlikely 19:33 < skyroveRR> Why not? 19:34 <+catphish> well maybe if it was public, someone would probably complain, but it wouldn't be, and CPS? 19:34 < skyroveRR> Crown Prosecution stuff? Scot Yard? 19:34 <+catphish> they are prosecutors for criminal cases 19:35 <+catphish> they don't investigate things, or deal with civil matters 19:35 <+catphish> though i did wonder if that's who you meant 19:37 <+catphish> but anyway, i wasn't thinking to make it public, that *might* be illegal, don't totally understand the law on links, just for reasearch / personal use 19:38 < skyroveRR> They won't allow you to use google in custody now, will they? Except perhaps for a bottle of water and dinner. 19:38 < Maarten> most mirrors are on domains of countries that don't really cooperate well with western civil authorities. And the mirror itself might not even exist in the country the domain extension is supposed to represent, so it becomes a convoluted mess..... you could get a slovakia domain name, point it to an IP in peru, that proxies to a server in finland, which connects on the back-end to an actual database in russia, and..... well.... its messy. :D 19:39 < Maarten> If you think about saying: "hey I have a server with 10TB, and a domain name, can I has piratebay mirror please" and it can be traced to YOUR name.... expect trouble. :P 19:39 <+catphish> Maarten: my real question was: how do they get the data? 19:39 < Maarten> catphish, tcp/ip? ;) 19:39 <+catphish> private arrangement? 19:40 < djph> they don't have any of the data - torrent trackers never did. 19:40 < Jonta> They do. The data is the magnet-links etc. 19:41 < Maarten> they just have .torrent files and magnet links.... but those do NOT contain ANY copyrighted material at all. 19:41 <+catphish> there must be some data, name and hash at least 19:41 < Jonta> Pretty sure a mod on ##networking knows that 19:41 < Apachez> however they run trackers that technically is involved in this 19:41 < Maarten> name, maybe..... but so do movie review & ticket sites. And TV Guides. 19:42 < djph> the *torrent files are just "eh, here's some metadata" 19:42 <+catphish> anyway i was just curious, i originally assumed it was just one centralized site, but now i see there are mirrors, so i wondered how it worked 19:42 < Apachez> so are the chunks 19:42 < Apachez> "eh, here's some chunkdata" 19:43 < Jonta> catphish: https://proxybay.github.io/setup.html 19:43 < Maarten> A torrent file is nothing more than a TV guide, really..... it tells you: This here TV show can be found using this here information. It doesn't contain the actual TV show, not a single bit of it. Sueing someone for having a torrent file, would in a legal sense be the same as sueing a newspaper for showing what's on TV tonight. 19:43 <+catphish> Jonta: i found that, but it just describes setting up a proxy to https://thepiratebay.org/ which isn't much use if its down 19:43 < zumba_ad_> folks, it's been many years and I've forgotten subnets. What I wanted to know is how can I tell if a host in 172.20.0.0/18 will never be in 172.20.64.0/20 If let's say I connect 2 machines using back-to-back cable and I assigned them 172.20.64.1/18 and 172.20.64.2/20, will they be able to ping each other? My guess is not because of subnet mask. However, I am not sure 19:45 <+catphish> zumba_ad_: 172.20.64.2 is in 172.20.64.1/18 and 172.20.64.1 is in 172.20.64.2/20, so they will communicate fine 19:45 < zumba_ad_> got it. That's where I was confused 19:46 <+catphish> zumba_ad_: you should never configure a network like this, but those particular hosts will both see each other as local so it will work 19:46 < zumba_ad_> it's in our routes 19:46 < zumba_ad_> those are the cidr I saw in the internal chat right now 19:46 < Apachez> catphish: plz stop pasting my ip ranges in public mkey? 19:46 < Jonta> catphish: How about https://github.com/shaderzak/openbay-db-dump-master 19:47 <+catphish> Jonta: well thats cool, doesn't really answer the question, but cool source 19:48 < Jonta> catphish: How do we know there are mirrors, and not just proxies? 19:48 <+catphish> Jonta: if they were proxies, they wouldn't work when the main site was down 19:48 < Jonta> Ah 19:48 < Apachez> if the main is down and the others work then they are most likely mirrors 19:49 < Jonta> Main's been blocked here for quite a while now 19:49 <+catphish> unless the only reason it's down is local problems with cloudflare, but i doubt that 19:49 <+catphish> unless the main site is anycast and its only down in some places 19:49 <+catphish> that's plausible 19:50 < Apachez> great way for cloudflare to sell info of who is downloading what :) 19:51 <+catphish> they're definitely not allowed to do that 19:53 < Apachez> why not? 19:53 < Apachez> try read their EULA :) 19:53 < Apachez> oh wait there is none for clients using a server who is behind cloudflare :D 19:53 <+catphish> exactly 20:04 < Apachez> https://www.reddit.com/r/Steam/comments/8pud8b/psa_red_shell_spyware_holy_potatoes_were_in_space/ 20:12 < d9867eb> hi mates 20:12 < d9867eb> n.la' has no address records (A or AAAA)". I am using Devuan ascii. 20:12 < d9867eb> 19:45 < d9867eb> my /etc/bind/zone/domain.db file https://pastebin.com/raw/2Z4Ss7fY 20:12 < d9867eb> 19:45 < d9867eb> my named-checkconf -zj output: https://pastebin.com/raw/qUfBjGaS 20:12 < d9867eb> [19:45] [d9867eb(+Zi)] [5:Freenode/#devuan(+cnt)] [Act: 1,2] 20:12 < d9867eb> [#devuan] please ask for more information if you need to knon.la' has no address records (A or AAAA)". I am using Devuan ascii. 20:12 < d9867eb> 19:45 < d9867eb> my /etc/bind/zone/domain.db file https://pastebin.com/raw/2Z4Ss7fY 20:12 < d9867eb> 19:45 < d9867eb> my named-checkconf -zj output: https://pastebin.com/raw/qUfBjGaS 20:12 < d9867eb> [19:45] [d9867eb(+Zi)] [5:Freenode/#devuan(+cnt)] [Act: 1,2] 20:16 < jason85> Is IP source routing actually being used today? 20:16 < lupine> yes. I use it 20:18 < jason85> But isn't it considered bad practice? An attacker could not only spoof the source IP of a packet but also MitM that ip address 20:18 < lupine> depends on how you set it up, and whether you use reverse path filtering and so on 20:19 < lupine> in my use case, it's for packets *originated* from a box 20:20 < lupine> if someone sends an ICMP echo request to my router's public IP, without source-based routing, the echo reply goes out via the default route, which is the vpn tunnel 20:20 < lupine> with source-based routing, the reply goes out on the same interface as the request came from 20:25 < detha> I suspect we are talking about two different concepts that both could be called 'source based routing' 20:28 <+catphish> lupine: i don't think you're describing source routing 20:28 < lupine> catphish: sure I am. the destination for the packet depends on the source address of the packet 20:28 <+catphish> jason85 is talking about "source routing", i believe you are referring to routing rules based on source IP 20:29 <+catphish> lupine: yeah, that's not source routing 20:29 < lupine> hmm, how does it differ then? 20:29 <+catphish> lupine: source routing is when the source host chooses the whole route 20:29 < lupine> oh my. that sounds insane 20:29 <+catphish> lupine: it is, nobody uses it :) 20:29 < lupine> :D 20:29 <+catphish> https://en.wikipedia.org/wiki/Source_routing 20:29 < lupine> I have definitely seen what I'm talking about described as source-based routing though. 20:30 <+catphish> in theory IP supports it, but i don't think anyone uses it 20:30 < lupine> ah, wiki calls mine policy-based routing 20:30 < lupine> I stand corrected! 20:30 <+catphish> i call it policy routing, yeah, and you can route based on almost anything in policy routing 20:37 < d9867eb> hi mates, I have a problem. I need to set up my own DNS server. I chose to use BIND9. However I get the error "ns1.domain.la' has no address records (A or AAAA)". I am using Devuan ascii. 20:37 < d9867eb> my /etc/bind/zone/domain.db file https://pastebin.com/raw/2Z4Ss7fY 20:37 < d9867eb> my named-checkconf -zj output: https://pastebin.com/raw/qUfBjGaS 20:37 < d9867eb> please ask for more information if you need to know more help me. thanks 20:43 < Poster|n> so there are no registered nameservers for domain.la, you would typically go to your registrar to do so 20:43 < Poster|n> the top level domain (.la) has to know where to send queries 20:47 < d9867eb> Poster|n: what do you mean? 20:48 < Poster|n> Contact the company you purchased the domain "domain.la" and ask how to register nameservers 20:48 < Poster|n> Until the nameservers are registered, the Internet does not know where to go to submit DNS queries 20:48 < d9867eb> I did register my nameserver as ns1.domain.la under their support page 20:49 <+catphish> d9867eb: what gives you this error? 20:49 < Sout> ahah. but how do they know where domain.la 20:50 <+catphish> works for me: ns1.domain.la. 60 IN A 173.230.141.80 20:50 < d9867eb> catphish: named-checkconf -zj 20:50 < Poster|n> when I execute "host -t ns domain.la" I get nothing coming back, if the nameserver is registered, the domain must then be updated to use it 20:51 <+catphish> d9867eb: oh yeah, the error is accurate, there is no A record for ns1 in your zone file 20:51 < d9867eb> the domain isnt really domian.la but smth else because i wanted stay private 20:51 <+catphish> d9867eb: seems self explanatory and correct 20:51 < d9867eb> it is apelsin.la 20:51 <+catphish> add the NS records eg: ns1 IN A x.x.x.x 20:52 <+catphish> and then it'll be happy :) 20:52 <+catphish> otherwise how's it supposed to know the IPs for those hosts! 20:54 < d9867eb> catphish: I have the records added already 20:54 <+catphish> no you don't 20:55 < d9867eb> ? 20:55 < d9867eb> where should i add them? 20:55 < E1ephant> you need it at TLD level 20:55 <+catphish> by the way, when you publish your IP addresses in DNS they won't be secret any more, don't see why you redacted them 20:55 < E1ephant> "DNS Glue" 20:55 < E1ephant> if the records are within that zone 20:56 < d9867eb> what do yo mean by TLD level? 20:56 < E1ephant> Top Level Domain 20:56 < E1ephant> so where your NS records are 20:56 <+catphish> https://paste.ubuntu.com/p/dNmJH2dZrj/ 20:56 < E1ephant> you will need an A record for your ns1/ns2 in that server 20:57 <+catphish> needs to look like that, assuming the nameservers are inside that same domain name 20:57 <+catphish> and if that's the case, you will also need glue records as E1ephant says 20:57 < d9867eb> glue records? 20:57 < E1ephant> yes DNS Glue records 20:57 < E1ephant> Affermative 20:57 < E1ephant> positive response 20:57 < Apachez> glue records = A records stored in tld dns servers 20:57 < d9867eb> E1ephant: what? 20:58 <+catphish> d9867eb: yes, glue records, they allow things to find your nameservers without having to already know where they are to look them up from themselves :) 20:58 < Apachez> they are used when you host your own dns servers 20:58 < E1ephant> d9867eb: it's pride week! 20:58 < Apachez> like ns1.example.co ns2.example.com for example.com 20:58 < E1ephant> woohoo party time 20:58 <+catphish> what are we proud of? 20:58 < Apachez> you cant resolve subdomain.example.com without accessing ns1 or ns2.example.com 20:58 < E1ephant> lbgtqdns 20:58 < Apachez> so you cant find out what the ip of ns1 and ns2.example.com is without getting to the ip of ns1 and ns2.example.com 20:58 <+catphish> E1ephant: i'm none of those :( 20:59 < Apachez> so the TLD stores this in their dns servers 20:59 < Apachez> aka glue records 20:59 < E1ephant> catphish: not a network nerd or dingo? 20:59 <+catphish> E1ephant: never thought my sexuality was really something to be proud of, just a genetic fluke 20:59 < E1ephant> I extended it for the channel with the dns part 20:59 < E1ephant> yeah I am pretty cis as they come 20:59 < E1ephant> but meh down to party and support :) 20:59 < d9867eb> catphish: :) 20:59 <+catphish> me too, i'm way boring 21:00 <+catphish> but i'll still party with the gay bros 21:00 < E1ephant> yes, they are professionals 21:00 < E1ephant> teaching me the ways of the wine day drinking 21:00 < d9867eb> ok so i should add those nameservers 21:00 <+catphish> i'm drinking merlot 21:00 < E1ephant> dang, two steps ahead of me :) 21:00 < E1ephant> still on nitro coffee, but it's noon now! 21:01 * E1ephant switches drugs 21:01 < d9867eb> for fag discussions I recommend the subreddit: /r/askgaybros 21:01 < d9867eb> very nice 21:01 < d9867eb> theu are very nice there i think 21:01 < E1ephant> brb though, lunchtiem! 21:02 <+catphish> https://i.imgur.com/KqLj4uW.jpg 21:02 < E1ephant> niiiice 21:03 < tds> I see you're having a good friday night :) 21:03 <+catphish> yar 21:07 < d9867eb> service still wont start 21:08 < tds> that's not a great deal of use, what's the error/output? 21:09 <+catphish> whats the error? 21:09 < d9867eb> zone localhost/IN: loaded serial 2 21:09 < d9867eb> zone 127.in-addr.arpa/IN: loaded serial 1 21:09 < d9867eb> zone 0.in-addr.arpa/IN: loaded serial 1 21:09 < d9867eb> zone 255.in-addr.arpa/IN: loaded serial 1 21:10 < d9867eb> zone apelsin.la/IN: loaded serial 2018062203zone localhost/IN: loaded serial 2 21:10 < d9867eb> zone 127.in-addr.arpa/IN: loaded serial 1 21:10 < d9867eb> zone 0.in-addr.arpa/IN: loaded serial 1 21:10 < d9867eb> zone 255.in-addr.arpa/IN: loaded serial 1 21:10 < d9867eb> oops using pastebin isntead 21:11 <+catphish> serial 1? that's a poor choice of serial number 21:11 < d9867eb> https://pastebin.com/raw/AtHteg6b 21:11 <+catphish> but technically valid 21:12 <+catphish> oh they're the built in zones, ok 21:12 <+catphish> well there's no errors there, they must be in the logs 21:12 <+catphish> oh wait 21:12 <+catphish> you tried to restart it 21:12 <+catphish> but its not running 21:12 <+catphish> try starting it! 21:15 < d9867eb> i did, I ran service bind9 start and it didnt start 21:15 < d9867eb> I got the error Starting domain name service...: bind9 failed! 21:15 < d9867eb> catphish: 21:16 <+catphish> find the logs then 21:16 < d9867eb> NOTHING THERE 21:16 < d9867eb> sorry caps lock by msitak 21:16 < d9867eb> mistake 21:17 <+catphish> maybe try to run bind in the foreground, see if it gives any good errors 21:17 <+catphish> dunno how 21:18 < d9867eb> could smth with serial be wrong? 21:18 < d9867eb> catphish: 21:19 < tds> there are a lot of things it could be, debugging with error messages from bind will be a lot easier than modifying the config and guessing 21:19 <+catphish> i don't think so 21:19 < d9867eb> ok 21:20 < d9867eb> i dont find anymore error messages 21:20 < tds> what os/version is this? 21:21 < tds> if it's systemd, you may be able to get logs with journalctl 21:21 < d9867eb> are there any more files than named.conf, named.conf.options and zone/apelsin.la.db to configure? 21:21 < d9867eb> i am using Devuan, a debian fork without systemd 21:22 < d9867eb> seems like I am 9.10.3 21:22 < d9867eb> I am on 9.10.3 21:23 < tds> running named with -g might help, since that should log to stderr? 21:24 < d9867eb> running named with in the init file? 21:24 < d9867eb> tds: ? 21:24 < d9867eb> with -g 21:25 < tds> no, just directly, look at the man page for named to see 21:25 < tds> though you'll probably want to pass it whatever options your init script gives it normally 21:26 < d9867eb> error permission denied for some stuff 21:26 < d9867eb> should I change permissions? 21:26 < tds> probably not, what user are you running it as? 21:27 < tds> I think named is normally started as root, binds to port 53 and stuff, then drops down to another user (set by -u) 21:30 < d9867eb> -u bind is in my config file 21:33 < d9867eb> in /etc/default/bind9 21:48 < tds> d9867eb: did you get it sorted in the end? 21:49 < d9867eb> tds: no i found some new errors 21:49 < d9867eb> https://pastebin.com/raw/hmFMfFAa 21:49 < tds> what user did you run bind as? 21:49 < tds> you should probably be running it as root, then with -u bind so it'll drop privileges 21:50 < d9867eb> tds: yes I think that is correct 21:50 < d9867eb> I do that 21:55 < d9867eb> tds I also made sure the key file and the log are readable and the log file writable 21:55 < tds> it looks a lot like those issues were with running it as non-root, not with permissions 21:56 < d9867eb> i tried running it as root too 21:56 < tds> if you've made keys world readable or configs world writable, you should probably revert that 21:58 < d9867eb> tds: ok i reverted that but I want a solution to this crap 21:58 < d9867eb> pls 21:59 < tds> what's the output if you run "named -g -u bind" or something like that as root? 22:00 < d9867eb> tds: the IP errors went away 22:00 < d9867eb> tds: it is the same as the output I sent you earlier but without the IP errors 22:03 < d9867eb> tds: https://pastebin.com/raw/1Wfmg4Cq 22:05 < thevishy> tcpip is not 100% reliable? like there is a small chance that the data that is transferred is not the same? similar to hash collision concept? 22:06 < thevishy> https://stackoverflow.com/questions/3830206/can-a-tcp-checksum-fail-to-detect-an-error-if-yes-how-is-this-dealt-with 22:09 < Apachez> well sure 22:09 < Apachez> you got 1522 bytes of data squeezed into a 32 bit crc32 checksum 22:12 < thevishy> so you mean it is not 100% reliable? 22:15 < adleff> thevishy, this is part of the reason why you see md5 or sha checksums posted next to a file download 22:15 < adleff> in the unlikely event that your transfer is corrupted 22:15 < thevishy> okay adleff, yes I was thinking that this is for interrupted downloads 22:16 < thevishy> and not something you would use otherwise 22:21 < thevishy> it is a bit of scary that means there is a likely hood of someone getting a million dollar in his bank however unlikely? 22:22 < thevishy> a 0 turning into 1 over a network is likely would mean something like this is theoretically possible no? 22:22 < thevishy> i know it is not specific to network, even in ram or hdd this could happen 22:24 < Poster|n> possible yes, but I would guess financial institutions have multiple layers of ensuring data integrity 22:24 < Poster|n> and you're looking at a single packet, not many transactions occur on just one 22:24 < thevishy> alright, *possible* is what I wanted to know. theoretically i couldn't think of a logic that would be 100% reliable 22:25 < thevishy> no matter what logic you can make, you can argue otherwise 22:25 < Poster|n> but as adleff mentioned, verifying integrity of the transfer after it has been transferred is relatively inexpensive insurance 22:26 < thevishy> right Poster|n 22:26 < Poster|n> past that you can have things like "man in the middle" or other manipulation happening 22:26 < d9867eb> Poster|n: hey 22:26 < Poster|n> which there are other encryption/authentications which help 22:26 < d9867eb> any idea about my dns problem? 22:28 < E1ephant> d9867eb: seems to be stuck trying to write to /var/log/bind9/ eh? 22:29 < thevishy> logically it seems impossible to construct a way to make a network transfer 100% reliable. for any mechanism you can come up there is this question what if that fails? 22:30 < thevishy> so yes got the points, quite intersting 22:31 < d9867eb> E1ephant: also, it cant load the key correctly. the log dir has 0751 as permissions 22:33 < E1ephant> and the process running the service is the owner? 22:33 < E1ephant> (of that dir and subs) 22:34 < d9867eb> E1ephant: yes 22:35 < d9867eb> ofc 22:35 < ellyacht> can someone tell me how to install an already downloaded driver? But without their suggestions and without their opinions please. 22:36 < Jonta> Yes 22:36 <+catphish> ellyacht: i suggest you figure it out yourself 22:36 <+catphish> ellyacht: my opinion is that you're rude 22:45 < comrumino> Does anyone know a list of protocols which have a sub-type? An example would be ICMP which has multiple message types. 22:47 < d9867eb> E1ephant: do you have any idea? 22:47 < Poster|n> IP has several, igmp is type 2, tcp is type 6, udp is type 17 22:51 <+catphish> comrumino: i don't think you could easily make a list, at higher layers it gets pretty complicated 22:52 < d9867eb> catphish: hey 22:52 < comrumino> catphish, makes sense. thanks! 22:52 < d9867eb> my issue still isnt solved 23:15 < AaronTTT> Hi All, I've recently bought a 12U server rack, I'm planning it out now before I go university, Can anyone provide criticism to my plan? Any is appreciated :) https://imgur.com/a/asTJr5K 23:18 < ryao> Ambient Noise level: -37dBm. -_- 23:19 < S_SubZero> AaronTTT: looks fine I guess? What's it for 23:24 < AaronTTT> #S_SubZero Its for my workstation, and a virtualisation server (for development) and some networking equipment to link it up. (I'm going for a network course at university and like to tinker around with making software) 23:29 < S_SubZero> some serious stuff there, go for it 23:29 < S_SubZero> probably use more power than my whole house 23:30 < AaronTTT> S_SubZero: The accommodation has power included, and no policy against running servers :) 23:33 < adleff> AaronTTT, hi aaron. your rack sucks. fuck your rack bro 23:33 < adleff> ;) 23:33 < AaronTTT> adleff: ruuuuudeeeeeeeeee xD 23:33 < adleff> is this a wall mount rack? 23:33 < adleff> where is it going 23:34 < AaronTTT> adleff: Under my desk, 12u is the perfect size, and nope its for le floor 23:37 < Ouroboros> just learned about 1.1.1.1, interesting 23:38 < drudge`> o.O 23:38 < adleff> he must mean the cloudflare service 23:38 < drudge`> oooh, right 23:39 < drudge`> did you leanr about 9.9.9.9 while you were at it? 23:40 < S_SubZero> 127.0.0.1 best IP 23:41 < Ouroboros> drudge`: yes, but meh 23:41 < Ouroboros> also looking at opennic 23:42 < ryao> This is just ridiculous: https://www.quora.com/Is-this-true-that-if-we-keep-a-fan-behind-a-Wi-Fi-router-the-signals-travel-faster-than-usual-because-of-air-pressure 23:42 < Ouroboros> hmm 23:43 < ryao> Ouroboros: Did you learn about 4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4 and 4.2.2.5 too? What about 8.8.8.8 and 8.8.4.4? 23:46 < Ouroboros> yeah, i know all kinds of ips, even some with colons 23:48 < Ouroboros> ryao: not clicking, but reminds me of that plane on a treadmill thing 23:49 < ryao> AaronTTT: Make storage ZFS and a 3U. :P 23:50 < Ouroboros> ryao: i am finally going to try ZoL shortly 23:50 < AaronTTT> ryao: What can i do to reduce on space to fit it? My main PC needs to be 4u as I just found out, the GPU doesnt fit in a 3u right :/ 23:51 < AaronTTT> ryao: Cheers for the advice btw :) 23:52 < ryao> AaronTTT: Remove the storage 1U and storage 2U and use a 3U. 23:52 < ryao> Ouroboros: Cool. 23:53 < ryao> AaronTTT: Oh, I see how you did it now. Nevermind. 23:53 < AaronTTT> ryao: Ahhhh my bad, The colours refer to an individual box 23:53 < AaronTTT> ryao: yeh my bad, should have labeled it 23:53 < ryao> AaronTTT: Still use ZFS. 23:53 < ryao> AaronTTT: You did label it. That is why I was confused. :P 23:53 < ryao> AaronTTT: Line 8 says a 2U while line 7 looks like a 1U 23:54 * ryao regrets not counting them. 23:55 < AaronTTT> ryao: Ahh no worries :P, Thats why i tried to colour code it because it confused me too just reading the list 23:55 < ryao> AaronTTT: You can in theory virtualize your main PC. If you need to play games, there is VFIO. Unfortunately, I know from experience that it would be a headache. :/ 23:55 < zOthix> i want to connect to google from my terminal, and enter something to search as well then extract data from the output using open ssl, is this possible? if so can anyone help me with this? 23:56 < zOthix> all this within a bash script 23:56 < Ouroboros> ryao: i will ping you when things go horribly wrong :P 23:56 < AaronTTT> ryao: Ah could do that, Hmm Maybe I could combine the virtualized server and the storage one together? is that a good practice thing to do? 23:57 < ryao> Ouroboros: We have #zfsonlinux. Ping me there. 23:57 < Ouroboros> best practice is one vm per service 23:57 < Ouroboros> ryao: i know 23:57 < ryao> AaronTTT: It can be done. I don't know if I'd call it good or bad practice though. 23:59 < kuahara> If I have multiple machines connecting via openvpn and all of them have 1Gbps interfaces on their nic, but the connection (as reported by Windows) is a 10Mbps connection, is Windows reporting the wrong connection speed or is there a 10Mbps bottleneck somewhere? --- Log closed Sat Jun 23 00:00:09 2018