--- Log opened Fri Jul 13 00:00:36 2018 00:04 < spaces> varesa yoyoy! 00:04 < spaces> how are you doing ? 00:04 < mib_mib_> varesa: well - let me figure out how to get that part to work - since tunnelling all traffic isn't going to work for me now 00:05 < varesa> spaces: working (or chatting on IRC when I'm supposed to be working) 00:06 < varesa> not like here is much to do when customers and own employees alike are having vacations 00:06 < spaces> varesa perfect combination :P keep it leveled the IRC side 00:06 < spaces> varesa heh, always the same 00:07 < mib_mib_> varesa: so check this out - this is netstat -nr on the client while connected to the VPN 00:07 < mib_mib_> varesa: https://pastebin.com/PsbXT2bp 00:08 < varesa> what's the ip of utun1? And what's the IP of the server? 00:09 < varesa> those first two routes seem a bit weird 00:10 < mib_mib_> do you mean the public or private 00:10 < mib_mib_> i'd prefer not to disclose the public ip if possible =d 00:11 < mib_mib_> varesa: how do i find the ip of utun1 00:11 < varesa> the tunnel IP of the VPN server 00:11 < varesa> e.g. 10.8.0.x? 00:11 < varesa> try ifconfig (not sure what works on macos and what doesn't) 00:13 < mib_mib_> varesa: so: https://tunnelblick.net/cConnectedBut.html#if-openvpn-is-connected-to-the-server-but-your-ip-address-does-not-change according to this, it reccomends 'pushing' the data from the VPN to the client 00:14 < varesa> mib_mib_: that is only setting the "tunnel all traffic through VPN" which you've already tried but don't want 00:14 < mib_mib_> varesa: yah utun1 is 10.8.0.6 00:14 < spaces> heh why do these people who have a lot influence but are nerdish and not really nice and typical always a t-sahirt with a print like a child and have a float under it ? 00:15 < mib_mib_> varesa: well, the --redirect-gateway is, yes, but maybe it needs this to be able to properly route traffic back to the client? 00:15 < varesa> mib_mib_: if nothing appeared in the tcpdump on the VPN server, we can ignore return traffic for now 00:16 < mib_mib_> yah you're right 00:16 < varesa> what if you enable that (route all traffic) and then look at the routing table? 00:16 < mib_mib_> let me see that 00:17 < varesa> that 10.8.0.5 10.8.0.6 line looks pretty wrong to me 00:17 < varesa> unless macOS just does things in a weird way 00:17 < mib_mib_> utun1: flags=8051 mtu 1500 inet 10.8.0.6 --> 10.8.0.5 netmask 0xffffffff 00:17 < varesa> so I'd like to see a working setup (even if different) 00:17 < mib_mib_> varesa: yah, maybe it will just be the same? not sure lets see 00:17 < mib_mib_> what i just pasted was the full utun1 when NOT working fyi 00:18 < varesa> spaces: what have you been upto? 00:19 < spaces> varesa myself ? doing what ? 00:20 < varesa> spaces: yes, you :) Just in general 00:21 < spaces> I have been busy with my geo backend and caching backend :) still not doing the dishwash, visted some friends here and experienced my dog got into her season :P 00:21 < spaces> and did some gardening :) 00:21 < spaces> in my forest :D 00:22 < varesa> nice 00:22 * varesa thinks of the pile of dishes at home 00:22 < spaces> and you ? setup another cluster ? 00:22 < spaces> varesa here the same, I don't have any plate left ;) 00:23 < varesa> time to start eating out ;) 00:23 < spaces> I clean what I need atm :D 00:23 < spaces> I have been suffering real bad diabetics so I have a "reason" 00:23 < varesa> I've not done that much in a while. Vacationing (family summer cottage at a lake), visiting some friends, playing video games 00:24 < spaces> sounds good! 00:24 < spaces> you have your own cottag e@ a lake ? 00:24 < varesa> added a syslog input to logstash today so I can forward all network logs to ELK 00:24 < spaces> yeah ELK is nice! 00:24 < spaces> didn't look into GREYLOG ? 00:25 < varesa> I've been planning to set it up in the lab but haven't got around to do it. ELK does all I need it to do 00:25 < spaces> yeah I don't know anymore if I did ELK or GREYLOG 00:25 < mib_mib_> varesa: https://pastebin.com/gDVuWQMR 00:25 < varesa> now I can search logs for example IPsec tunnel errors/drops, even see both ends at once! 00:26 < spaces> oh nice! 00:26 < spaces> varesa about the cottage ? your own ? 00:27 < varesa> spaces: a small one owned by family/some relatives 00:29 < mib_mib_> varesa: so i dont see anything in here - it would be interesting to try to remove the 0/1 route, and see if it still worked - i imagine thats whats forwarding everything? 00:29 < spaces> varesa nice! I have a pool in front of my cottage 00:29 < varesa> mib_mib_: yes, the 0/1 and 128/1 00:29 < spaces> varesa can you swim in that lake >? 00:29 < varesa> looks like the same "weird" routes are still there except the flags are different? 00:30 < varesa> spaces: yup 00:30 < spaces> varesa nice! 00:30 < spaces> are there sharks ??? :P 00:30 < varesa> in a lake? lol no 00:31 < spaces> varesa logness ? 00:31 < spaces> you never know :P 00:31 < spaces> salmon ? 00:32 < mib_mib> varesa: why are they weird? 00:33 < mib_mib> it seems to point everything at 10.8.0.5, then point that to 10.8.0.6 00:33 < mib_mib> its osx if that helps - would you think they would be like 192.168.x.x? 00:33 < varesa> spaces: some perch/bass(?), maybe pike, that kind of stuff 00:34 < varesa> mib_mib: the pointing to 10.8.0.6 is the weird one 00:34 < varesa> like why would it route traffic towards the VPN gateway towards your own IP?? 00:34 < spaces> varesa brass ? 00:35 < spaces> varesa I would have expected a whale at least 00:35 < mib_mib> are you saying that 10.8.0.6 is my ip then, i.e. utun1? 00:35 < mib_mib> utun1: flags=8051 mtu 1500 inet 10.8.0.6 --> 10.8.0.5 netmask 0xffffffff 00:36 < varesa> mib_mib: that's what you said at least :) varesa: yah utun1 is 10.8.0.6 00:36 < varesa> tbh I'm not 100% sure how to read that inet 10.8.0.6 -> 10.8.0.5 00:36 < varesa> but it'd make sense that .0.6 is the local address and .0.5 is the peer address (which would be confirmed by the routes) 00:39 < varesa> mib_mib: just for reference this is more or less what it looks like on linux: https://paste.fedoraproject.org/paste/Otlrvz0Y6VVNuwM074vL~Q 00:39 < varesa> spaces: https://i.imgur.com/sDLOCeJ.jpg 00:40 < spaces> varesa holy cow that is really great! 00:41 < spaces> varesa do you own a lot of forest there with the family ? 00:42 < varesa> spaces: the lake is also a lot larger than it seems, there is this smaller bay that connects to the bigger part of the lake at a few points 00:42 < varesa> so if you've got a boat or something similar you can go quite far 00:42 < spaces> yeah I see that 00:42 < spaces> nice 00:43 < mib_mib> veragoing to try restarting =D 00:44 < varesa> spaces: not much forest near the cottage (the couple trees around the cottage :P) 00:44 < spaces> hehe, but a lot of lang in owning ? 00:45 < varesa> the whole lake is some 200km away from where my parents live, a bit more from where I live. The parents do have a fair bit of forests and fields near their home 00:45 < ozzhates> .g evilcowgod 00:45 < spaces> varesa nice 00:50 < mib_mib> varesa: yeah running out of ideas. I installed another vpn client, with the same issue 00:54 < mib_mib> varesa: do you think this could be related? https://github.com/Tunnelblick/Tunnelblick/issues/367 00:58 < varesa> mib_mib: what does 'route -n get ' say? 00:58 < mib_mib> varesa: when connected to the vpn in 'only forward necessary traffic' mode 00:58 < mib_mib> ? 00:58 < varesa> yeah 01:00 < mib_mib> https://pastebin.com/Zi7ZWs7g 01:00 < mib_mib> i tried using viscosity vpn client which people said worked, but doesnt either 01:00 < mib_mib> i'm using 'high sierra' 01:01 < varesa> unfortunately macOS is pretty far from my area of expertise so I won't be able to help that much any more 01:02 < varesa> though, checking your pastebin above, it seems that it is indeed using the wrong gateway 01:02 < varesa> what if you do that route change command from the Tunnelblick github issue? 01:06 < mib_mib_> varesa: hmmm - so im not sure what to actually run according to this github post - i appreciate all your time helping though thank you 01:10 < varesa> mib_mib_: maybe 'route change 172... 10.8.0.5 255.255.255.0' 01:11 < varesa> oh wait 01:11 < varesa> I think I spotted it 01:12 < varesa> You push a route of 172.31.0.0/24 right? 01:12 < varesa> and the web server is at 172.31.34.16? 01:12 < mib_mib_> hmmm 01:13 < mib_mib_> on the openvpn server? 01:13 < varesa> 172.31.0.0/24 only covers 172.31.0.0 - 172.31.0.254. Not 172.31.1-255.* 01:14 * spaces sexy 01:14 < varesa> you'll want something like 172.31.0.0/16 or whatever the VPC subnet is (something like 172.31.34/24 or maybe /22-/20?) 01:15 < mib_mib_> ah 172.31/24 01:15 < mib_mib_> that doesnt cover it if i leave off the .0.0 01:15 < mib_mib_> how can i just do all of them, i.e. up to 172.31.255.255 01:15 < mib_mib_> thats /16 right 01:15 < varesa> yup 01:15 < mib_mib_> i always forget what the syntax means, okay, like 8 bits and 8 bits = 16 01:16 < mib_mib_> what does the 24 means? 01:16 < varesa> that's the number of 1s (in bits) in the network mask 01:16 < mib_mib_> oh right the number of leading bits 01:17 < mib_mib_> i guess i was confused and thought i twas trailing, okay let me try that 01:17 < varesa> e.g. /8 means x.*.*.*, /16 is x.x.*.* and /24 is x.x.x.* 01:17 < varesa> /0 being "everything" and /32 being a single host (no network) 01:19 < mib_mib_> varesa: so where again did i specify this 01:20 < varesa> mib_mib_: openvpn server config probably 01:20 < varesa> if you're pushing the route 01:21 < mib_mib_> well, my server.conf has push route "172.31.0.0 255.255.255.0" 01:21 < whatsNext_> closest you can get to single host is /30 isnt it? /32 would be no network or broadcast address? 01:22 < mib_mib_> varesa: https://pastebin.com/BRwiUhz7 01:22 < tds> whatsNext_: openvpn tun devices don't have like a traditional ethernet interface, so it's quite common to have a /32 on-link 01:23 < whatsNext_> ahh yes thx :) 01:23 < tds> s/have/behave/ 01:23 < mib_mib_> varesa: it seems that it always adds a /24? 01:23 < varesa> indeed /32 is no network, just the CIDR/route of a single host 01:23 < varesa> mib_mib_: 255.255.255.0 means /24. Change that to 255.255.0.0 01:24 < mib_mib_> push route "172.31.0.0 255.255.0.0" then 01:26 < mib_mib_> varesa: YASSSSS 01:27 < varesa> :) 01:38 < spaces> everyone sexy ? 01:44 < spaces> ^ varesa you should respond with a positive boolean here :P 01:44 < varesa> lol :P 01:47 < lenarhoyt> Hi. Which protocol is responsible for broadcasting hostnames on LAN? I can do an nslookup on my Mac, but I cannot do it on a secondary OpenWRT router in the network (which I would like to do; the secondary one is not an DHCP server). 01:47 < spaces> lenarhoyt depends, could be winbond, whatever 01:47 < spaces> or apple shit 01:48 < spaces> lenarhoyt just run an internal DNS server and be done :) 01:50 < varesa> lenarhoyt: while there are other protocols like mDNS which is more of a broadcast type thing I think nslookup just goes to the plain old DNS 01:50 < varesa> does the mac have the same DNS resolvers setup as the router? 01:50 < spaces> was winbond not doig the wame ? 01:50 < spaces> *doing 01:50 < spaces> *same 01:50 < spaces> (I should go to bed I guess 01:50 < lenarhoyt> varesa: both my Mac and the OpenWRT device are configured to use the same DNS server (the main router) though 01:51 < varesa> spaces: there are indeed other protocols as well (I don't know how they work under the hood) but I think in any case nslookup is just DNS 01:51 < varesa> lenarhoyt: can they both resolve external addresses? 01:51 < lenarhoyt> yes 01:53 < lenarhoyt> what's curious is also that the OpenWRT device assigns itself a different LAN tld: localhost.lan, the rest of the LAN is actually .fritz.box 01:55 < spaces> lenarhoyt read about dns and hostname 01:55 < spaces> s 01:56 < varesa> could be different DHCP or the other one just not caring about DHCP provided suffix at all 01:57 < lenarhoyt> varesa: the OpenWRT machine is not a DHCP client. that might the the problem. but it does not seem to have a DHCP+static IP hybrid option :/ 01:57 < lenarhoyt> which is what i want 01:59 < varesa> lenarhoyt: it doesn't have to be, that just explains the different suffix 01:59 < varesa> you should be able to enter all the relevant information by hand as well 02:00 < varesa> lenarhoyt: what does the output of nslookup on the mac look like? Can you paste it? 02:01 < lenarhoyt> https://pastebin.com/raw/9qguwD7G 02:01 < lenarhoyt> but on the OpenWRT device: ** server can't find ... NXDOMAIN 02:02 < varesa> lenarhoyt: tried ip -> hostname on the openwrt as well? 02:02 < lenarhoyt> yes, "server can't find .." 02:03 < varesa> I had an idea about the DNS suffix and domain search paths but that only applies to forward lookups (name -> IP) 02:03 < varesa> so the issue here is something else 02:04 < varesa> you're sure the openwrt is also using 192.168.178.1? 02:04 < lenarhoyt> openwrt is on .201 02:05 < varesa> but it should be using .1 as its DNS resolver, right? 02:06 < mchammerdad> Hey guys, I came into an opportunity to provide internet to a apartment complex (thats being constructed). What devices would you recommend to allow everything their own VLAN/isolated internet connection and how would you best set it up (50 apartments). 02:06 < lenarhoyt> yes both mac and openwrt use .1 as DNS resolver 02:10 < spaces> ah my poor dog 02:12 < spaces> varesa she came to tell me she really wanted to go to bed now she is having her period, lying against my legs even more then ever :P 02:16 < varesa> spaces: did you go with her? 02:18 < thatlizdude> What would be better for transferring files locally - Samba or FTP? 02:19 < varesa> SFTP ;p 02:20 < thatlizdude> I did try Samba before but couldn't connect from macOS to Ubuntu... is SFTP easy to setup> 02:20 < varesa> SFTP is very easy to setup, at least on linux 02:21 < varesa> if you've got SSH working, you've got SFTP as well 02:23 < spaces> varesa sure we are in bed now, she lying on the blanchet (which needs another wash again tomorrow... it's a white one... :S) 02:23 < thatlizdude> I did get SSH working on another machine before 02:24 < spaces> varesa she always sleeps on my bed since I got the diabetics, she checks me out 02:25 < varesa> spaces: :) 02:25 < varesa> take care of each other 02:26 < spaces> varesa she is a real smart one, she has a real character like it could be your human friend 02:27 < spaces> if I sneeze, she wakes up, checks me out and goes back to sleep, when I walk around she always checks if people are where she saw them last or the day before, etc... thinks, walks further 02:27 < spaces> etc 02:27 < riff-IRC> Hey 02:27 < spaces> varesa like looking around the corner, she really does that 02:28 < riff-IRC> holy cow 02:28 < riff-IRC> it's been 8 months since I was in here 02:28 < varesa> welcome back 02:28 < spaces> nothing changed 02:29 < spaces> varesa only when he brought the beer 02:29 < riff-IRC> thx 02:29 < riff-IRC> @seen pos 02:29 < riff-IRC> !seen pos 02:29 < riff-IRC> .seen pos 02:30 < riff-IRC> ._. 02:30 * spaces bitchslaps pos 02:30 < spaces> riff-IRC he is hiding ;) 02:31 < riff-IRC> anyone wanna see some system specs? 02:31 < spaces> only if they are sexy 02:31 < riff-IRC> inbound 02:31 < riff-IRC> Client: HexChat 2.12.4 • OS: Ubuntu "xenial" 16.04 • CPU: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz (4.33GHz) • Memory: Physical: 7.6 GiB Total (4.9 GiB Free) Swap: 7.5 GiB Total (7.5 GiB Free) • Storage: 929.2 GB / 2.1 TB (1.1 TB Free) • VGA: 1002:67df @ Intel Corporation 4th Gen Core Processor DRAM Controller • Uptime: 3h 49m 15s 02:32 < spaces> MORE MEM! 02:32 < riff-IRC> yeah, I'm going to max the board when I get the dough 02:32 < riff-IRC> 32GB max 02:32 < spaces> 16G would be anough already, I"m on 20G nw 02:32 < spaces> now 02:33 < riff-IRC> eh 02:33 < spaces> riff-IRC upgrade 10 18.04 as well, much faster 02:33 < riff-IRC> I'm gonna throw 64 into a file server build that's coming up on the horizon 02:33 < spaces> *to 02:33 < varesa> nowadays all these electron apps eat tons of RAM 02:33 < varesa> I think I've managed to run out of the 32GB on my desktop a few times 02:33 < riff-IRC> o_O 02:34 < riff-IRC> ok 02:34 < spaces> wtf, my dog is always sleeping over 2/3 of the bed, it's that I'm small :P 02:34 < spaces> maybe I should start sleeping in the middle of the bed 02:34 < riff-IRC> your dog is either big or your bed is small 02:34 < spaces> riff-IRC no she wants to sleep against me 02:34 < riff-IRC> oh ok 02:34 < spaces> so when I move she moves too 02:34 < riff-IRC> XD 02:35 < riff-IRC> That fileserver build is going to happen when I fill up my 8TB backup drive 02:35 < spaces> she is actually in strech mode now so her legs are linda long 02:35 < spaces> *kinda 02:35 < varesa> riff-IRC: wanna hear the specs of the host my shell/IRC are running on? ;P 02:35 < riff-IRC> sure, send 'em 02:36 < spaces> varesa you are cheating, you cluster :P 02:36 < varesa> Xeon E5-2650Lv2 (10 core), 128GB DDR3 ECC, 2x 500GB SSD, 3x 2TB HDD, 10G ethernet 02:36 < varesa> (sure, it is running quite a few other VMs as well) 02:36 < riff-IRC> o_o 02:36 < riff-IRC> O_O 02:37 < spaces> you get that with 250+ channels 02:37 < riff-IRC> I mey get a dual sucket Threadripper board(if they even exist) 02:37 < riff-IRC> s/mey/may/ 02:37 < riff-IRC> s/mey/may 02:37 < spaces> meh this dog is the type you cannot stop hugging 02:38 < riff-IRC> what breed? 02:38 < spaces> mix of bordercollie/labrador and herder 02:39 < spaces> so she is black with grey lines after her shoulder and also her back legs and has a white chest and stomach and 4 white toes each foot and a small shite tip on her tail 02:40 < riff-IRC> a small what? 02:40 < spaces> white 02:40 < riff-IRC> huh 02:40 < spaces> sec 02:41 < spaces> https://1drv.ms/u/s!AgHz6t0lBvQzgykdvCziDt8wYp-c 02:41 < riff-IRC> onedrive can go die 02:41 < spaces> https://1drv.ms/u/s!AgHz6t0lBvQzg02lCv9YDK7XYy8m 02:42 < spaces> but that is her 02:42 < spaces> perfect build actually 02:43 < spaces> and that social, never seen that before... so happy and forward going 02:44 < varesa> https://i.imgur.com/CFhWe4A.jpg 02:44 < spaces> oohhh!! adorable! 02:44 < spaces> varesa same type of mix almost 02:45 < varesa> that's german shepherd / tibetan mastiff 02:45 < spaces> kewl! 02:46 < spaces> I have another one well, don't be afraid: https://1drv.ms/u/s!AgHz6t0lBvQzg1blxs4IECp9gtSn 02:46 < thatlizdude> how come I have a sshd_config file on my Ubuntu but I don't seem to have sshd installed? 02:46 < thatlizdude> is that normal? 02:47 < varesa> thatlizdude: how did you determine sshd is not installed? 02:47 < spaces> thatlizdude client installs it I thought as well 02:47 < thatlizdude> "which sshd" won't show anything 02:47 < thatlizdude> and I can't do "sudo systemctl restart sshd" 02:48 < spaces> varesa that last one, nice hug 02:48 < spaces> *huh 02:48 < spaces> and indeed it was a hug of a goose 02:48 < varesa> fair enough. I don't use ubuntu so can't comment much on how they're packaged 02:48 < varesa> spaces: ouch 02:48 < spaces> varesa she didn't gave a kick 02:49 < spaces> I noticed it after a hour as it was dark 02:49 < spaces> and I wanted to go to sleep, during the winter she sleeps in the kitchen, my bedroom is freaking cold then 02:49 < spaces> so, bedtime kiss and I noticed it 02:50 < spaces> she ran away when letting her out, clip went lose and I thought it was egg or something when I saw it as I found he on my second search on her favorite vegetable pile nearby a house 02:51 < spaces> so I was freaked out, in the middle of the night @ the vet 02:51 < thatlizdude> nvm I figured I was editing ssh_config instead of sshd_config... 02:51 < spaces> but you don't se anything of it anymore 02:52 < spaces> thatlizdude yeah it's confusing sometimes 02:57 < thatlizdude> I am getting a "Connection to 127.0.0.1 port 22: Broken pipe" - what can I do about that? I setup the SFTP by this guide: https://www.digitalocean.com/community/tutorials/how-to-enable-sftp-without-shell-access-on-ubuntu-16-04 02:57 < Fizzik> pihole 02:57 < thatlizdude> ? 02:57 < spaces> varesa but their noses... oh my you can touch them all day long :P 02:57 < Fizzik> wrong window. 02:58 < spaces> and ears 02:58 < varesa> thatlizdude: are you getting it immediately or after a minute or two? 02:59 < thatlizdude> immediatelly 03:01 < spaces> varesa yoru dog ever slept on bed ? 03:02 < varesa> she likes to sleep under the bed for some reason 03:02 < varesa> and that's actually my sister's dog, not mine 03:05 < spaces> varesa sounds like a safe place :) 03:08 < thatlizdude> might it have something to do with permissions? 03:09 < varesa> thatlizdude: try checking the sshd server logs 03:10 < varesa> thatlizdude: how are you testing it? 03:15 < thatlizdude> one sec, I'll mess with the permissions again and see if it works 03:20 < thatlizdude> yeah it's perms 03:21 < thatlizdude> varesa: it says "fatal: bad ownership or modes for chroot directory "/var/sftp/myfolder"" 03:22 < varesa> sounds like simple enough to fix 03:23 < thatlizdude> sounds simple but still not working :/ 03:26 < thatlizdude> oh got it to work 03:26 < thatlizdude> thank you :) 03:27 < varesa> you're welcome (not that I did much) 03:28 < varesa> chrooted SFTP has those few extra steps. SFTP with shell access is pretty much "$package_manager install openssh-server && systemctl start sshd" and you're good to go 03:34 * varesa yawns at 4:30AM and takes some ice cream from the work freezer 03:54 < spaces> varesa you are a lowsy piece of shit again :P 03:56 < spaces> varesa am ? where are you located ? 03:57 < varesa> in a 5AM-right-now timezone :) 03:57 < spaces> 4 am here, but are you in Poland or so ? 03:58 < varesa> much more to the north 03:58 < spaces> wtf, just tell me :P 03:58 < varesa> like 5 countries up 03:58 < spaces> why are you working during the night ? 03:58 < varesa> starts with Fin and ends up in land 03:58 < varesa> ;P 03:59 < varesa> the company is manned 24/7 03:59 < varesa> I was just running updates to some production systems 03:59 < varesa> (and eating ice cream) 03:59 < spaces> haha nice 04:00 < spaces> yeah Finnish people are crazy, we know it 04:02 < spaces> varesa what type of company ? 04:03 < varesa> one that runs a lot of stuff from datacenter colocation, openstack cloud, AWS support services, solutions architecting, etc. 04:03 < varesa> + the whole dev side I don't know much about 04:03 < spaces> sounds nice 04:04 < spaces> how does openstack perform ? 04:04 < varesa> fairly well most of the time 04:05 < varesa> though it is quite a beast to deploy, update and manage 04:05 < spaces> nice, I don't like it but everything has it's cons I think 04:05 * dogbert2 works on some more patch-fu 04:06 < dogbert2> bwhahahaaha (youtube) - Worst Football Nut Shot Compilation 04:10 < fareast> ok i just took a network + practice exam and passed it without any formal education or study. Only field experience. I suppose I am g2g? 04:11 < dogbert2> farmast, N+ isn't that hard, or A+ or Linux+, etc 04:11 < fareast> what about system+ 04:11 < fareast> isn't that just managing AD and domain? 04:12 < fareast> and hardware I suppose.... 04:12 < fareast> like knowing what a raid array is 04:12 < fareast> partitioning schemes and deployment techniques. 04:13 < spaces> dogbert2 how is the farting today ? 04:13 < dogbert2> bwhahahaha....this stuff is too funny... 04:13 < dogbert2> https://www.youtube.com/watch?v=F3Z6pslRIdY 04:16 < spaces> dogbert2 how can that be SOOO painfull for them ? everything is tiny with them 04:17 < dogbert2> spaces, it's just funny 3rd or 4th one in the guy gets kicked right in da junk 04:17 < spaces> yeah I saw it 04:18 < thatlizdude> I got a message "Another device on the network is using your computer’s IP address" - any way to trace what could've happened? 04:18 < fareast> wow kicked in the balls 04:19 < spaces> thatlizdude check arp table 04:19 < fareast> hey can someone open a dcc with me? 04:20 < spaces> only if we can kick you in tha balls 04:20 < fareast> I will let you kick me in the balls hard as you can 04:20 < thatlizdude> spaces: wanna give me more than that? I'm not an expert :D 04:20 < spaces> no I let dogbert2 pay me so he can do it, I'm a business man ;) 04:22 < spaces> thatlizdude all I can say for now 04:23 < thatlizdude> should I just ignore the message then? 04:23 < thatlizdude> I mean something has to be broken if the router assigns something an already used IP doesn't it? 04:26 < xamithan> It only does whatever you set it up to do 04:27 < varesa> thatlizdude: either the router is buggy, something is configured with a static IP that overlaps the DHCP pool or some DHCP client is misbehaving 04:28 < thatlizdude> varesa: I have a Plex server configured, but that's for .25, not for .14 (which errored) - could that be related to it? 04:31 < Droog0x> I am still getting 355mbps+ from Spectrum, going on 18mo now. Paying for 300 04:32 < fareast> yeah 04:32 < fareast> don't overlap the dhcp scope 04:32 < fareast> with a static address without reservation 04:32 < varesa> shouldn't be 04:33 < fareast> else you disconnect your static address and dhcp takes it then you power it back up and conflict arises 04:33 < thatlizdude> so what should I do if I want a single device that has a static IP 04:34 < fareast> minimize the dhcp scope 04:34 < fareast> go above it 04:34 < fareast> or below the set values 04:34 < thatlizdude> well the limit is .0-.255 isn't it? 04:34 < fareast> yeah limit it to 200 04:34 < fareast> leave your 50 for static 04:34 < fareast> or 55 04:34 < fareast> or go from like 10-255 04:34 < thatlizdude> so .25 was a bad idea? 04:35 < fareast> yeah 04:35 < fareast> if you put it .26-255 04:35 < fareast> you would be good 04:35 < thatlizdude> oh I didn't configure anything on the router when i was setting the static IP 04:35 < thatlizdude> was I supposed to... 04:36 < thatlizdude> but even if it was set to .25, the error was with .14 - shouldn't it error with .25 only? 04:36 < fareast> yea 04:36 < fareast> if you want static you can't have the scope from like 2-255 04:37 < fareast> well you can just you will get a conflict if a dhcp occurance happens 04:37 < fareast> you are putting in manual stuff where the automatic is reserved 04:38 < thatlizdude> so it would be the Starting and Ending IP addresses in LAN setup? 04:38 < fareast> it happens more on networks with lots of stuff like phones printers and wireless devices wired pc 04:38 < fareast> yep 04:38 < fareast> so start static before the start 04:38 < fareast> or after the end that you set 04:38 < fareast> its called a dhcp pool 04:39 < fareast> don't throw static in the pool 04:39 < thatlizdude> I can leave the start alone at .2 and decrease the ending to like .230 04:39 < fareast> yeah or whatever you want static reservations to fill 04:39 < thatlizdude> then I'd set the static IP to .240 04:39 < thatlizdude> ok that makes sense 04:39 < fareast> I usually do like 230 04:39 < fareast> leave like 25 empty for statics 04:39 < thatlizdude> and do I need to restart the router for this? 04:39 < fareast> not really 04:40 < fareast> it should reboot itself when you apply 04:40 < thatlizdude> what if I change it and there's a device with .240 04:40 < thatlizdude> it just gets quickly disconnected and reconnected? 04:40 < fareast> yeah 04:40 < thatlizdude> ok cool :) 04:40 < fareast> its just pulling the uplink off and rerouting it on reboot 04:41 < DocScrutinizer05> are favicons not trendy anymore? or did there change anything during last 10 years so my browser doesn' 04:41 < DocScrutinizer05> t show them often 04:45 < thatlizd1de> test 04:45 < thatlizd1de> what the hell why did my nick change 04:46 < meingtsla> You reconnected and your previous connection hadn't timed out yet. 04:46 < thatlizd1de> uhh I guess that has something to do with the router lol 04:46 < thatlizd1de> well everything finally works now 04:47 < thatlizd1de> thank you!! 04:50 < DocScrutinizer05> meh, answering my own question above, it seems Konqueror had isses with verifying validity of https certs and for some weird reason that resulted in favicons not showing 05:13 < fareast> fuck shit! 06:03 < scientes> ewww 06:04 < linux_probe> ur mu was eeeeew too 08:03 < mikey_> Hi 08:03 < mikey_> I have setup proxy on my android device but one 3rd party application gets stuck at some point with an error: "Unable to connect". I am not getting any workaround for this so please help! 08:05 <+pppingme> mikey_ sounds like the app isn't using the proxy, likely trying to handle its own connection. 08:06 < mikey_> But rest of the packets are going via proxy, So how can i handle it? 08:06 <+pppingme> from the same app? 08:07 < mikey_> yes 08:07 <+pppingme> I'd report it to the app developer as a bug 08:08 < mikey_> +pppingme like when i did signup it sent me the OTP and then verified that OTP via proxy but at the very next step it showed "Unable to connect" error. 08:08 <+pppingme> I'd report it to the app developer as a bug 08:09 < mikey_> +pppingme oh so i can't solve this? 08:09 <+pppingme> not easily 08:11 < updated> hi there, I am trying to redirect UDP traffic being forwarded through my host to a local port on my computer with the following iptables command "iptables -t nat -A PREROUTING -p udp --dport 5000:5500 -j REDIRECT --to-port 5213" 08:11 < updated> however it does not seem to match any packets 08:12 < mikey_> +pppingme ohk thanks 08:13 < updated> running tcpdump shows the packets however, I have also tried erasing conntrack cache which helped some people online but it does not make any difference 08:13 < detha> updated: are you letting those packets through the INPUT chain? 08:13 < updated> yeah INPUT and FORWARD have an ACCEPT policy 08:14 < updated> I think the packets are being forwarded through without any modification 08:14 < updated> based on the behaviour of the application generating the traffic 08:14 < detha> and iptables -t nat -vnL counters show 0? 08:15 <+pppingme> pastebin "iptables-save" 08:15 < detha> that'd be good too 08:16 < password2> hi 08:23 < updated> damn, after two or three hours of debugging it finally started working with me not changing anything whatsoever, might have been related to connection tracking after all 08:23 < XCE> rofl 08:24 < XCE> after countless hours of fixing, it now works in its original form and I still dont know what the problem was 08:24 < updated> :\ 08:24 < updated> must have done somethign right 08:24 < XCE> gotta document it at least 08:24 < XCE> so next time you know to check 08:26 < cpplearner> What is a "routing domain" in routing? It seems that a metric is associated with a routing domain, but with "route" in ubuntu I don't see a column domain in routing table. =( 08:27 < cpplearner> *column named "routing domain" 08:47 < MikeSeth> cpplearner: a domain is a more general concept than DNS domains if that is what you're asking 08:48 < MikeSeth> cpplearner: in most trivial way, all your routers on the same network[s] are a routing domain 08:49 < MikeSeth> cpplearner: if you use RIP/OSPF etc they have their own protocol level conception of what constitutes a routing domain 08:50 < MikeSeth> a domain, in principle, is a partition of some global space 08:53 < cpplearner> MikeSeth: I'm briefly reading through a static routing part of RFC1812, and it states "For static routes not put into a specific routing domain, the route lookup algorithm is: ...". So I thought "what's a routing domain in the first place?" 08:54 < cpplearner> So I just type "route" in my ubuntu, but no column named "routing domain" exists. 08:55 < MikeSeth> cpplearner: under linux, you would create routing domains with e.g. policy routing and netns 08:56 < MikeSeth> http://linux-ip.net/html/routing-tables.html 08:59 < OlofL> Can Cisco CSR1000v run VXLAN? 09:05 * Atro did you even bother to google > https://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/vxlan/m_csr-vxlan-support-book.html 09:05 < BatmansAdversary> hey can i ask a question 09:05 < Atro> no 09:05 < BatmansAdversary> but its important 09:06 < cpplearner> =D 09:06 < cpplearner> MikeSeth: Thank you. I'll look into it! 09:07 < my_mind> hey i'm using rdesktop to remote into a windows 10 machine from a Kubuntu 18.04 machine but it's really slow 09:08 < my_mind> my int speed is 100mbps in both locations 09:08 < my_mind> i even made the resolution 1024x768 09:09 < BatmansAdversary> then fix it up 09:09 < my_mind> i don't know what's wrong 09:10 < BatmansAdversary> sux 2 b u 09:10 < my_mind> BatmansAdversary: not cool man 09:10 < BatmansAdversary> not my problem bro 09:21 < MikeSeth> my_mind: reduce color and resolution, turn off multimedia relaying or whatever garbage rdesktop pushes by default 09:21 < MikeSeth> also, stop using rdesktop, it's deprecated, use remmina or something 09:31 < OxFEEDBACC> ya, thanks... 09:49 < my_mind> hey what would make a ping take a long time? I'm pinging my office from my home pc and it's slow. I've remoted into my office pc, and found out the rdp connection was slow, but the internet speed was fast 09:53 < monoxane> my_mind ping/latency is a function of both distance and number of routers and network devices between you and the endpoint that the traffic flows between, and the speed of those connections 09:55 < Surre> Hey guys, this may be a silly question but I know almost nothing about IPv6 so bear with me. 09:56 < Surre> If I setup a network interface with an IPv6, and possibly no IPv4, and I send an HTTP to a server, does the server get my IPv6 the same way it would have gotten my IPv4? 09:58 < h0dgep0dge> lulz 09:58 < Surre_> Sorry, got disconnected 09:58 < Surre_> And second question, if I setup a network interface with TWO IPv6, the way to select one or another is by their local address? 09:58 < h0dgep0dge> so, what do you mean by "get my ipv6"? 09:59 < h0dgep0dge> i mean, sure you set yourself up with an ipv6, then you send an http, with you so far lol 10:02 < Surre_> let me rephrase 10:02 < h0dgep0dge> if i can do some interpretting, you're asking if you connect to an http server using ipv6, does the http server know your ipv6 address? the answer to that question would be yes 10:02 < Surre_> when you send an http request it's easy to get your ip on the server side, you cannot "hide" it (other than through a proxy), does it work the same way with IPv6? 10:03 < h0dgep0dge> yes. if the server doesn't know your ip address, irrespective of the version, how is it going to get packets back to you? 10:03 < Surre_> well, that makes sense :9 10:03 < Surre_> :) 10:03 < Surre_> never mind, that was silly haha 10:03 < Surre_> second question is more interesting 10:03 < h0dgep0dge> shoot 10:04 < Surre_> If I setup a network interface with TWO IPv6, the way to select one or another is by their local address? 10:04 < Surre_> I never did that but I'm guessing I would have to associate each IPv6 to a private IPv4, right? 10:04 < Surre_> I never heard of a "private IPv6", but don't know really 10:05 < h0dgep0dge> yeah, private ipv6 doesn't really exist in the same way private ipv4 does, because ipv6 is deigned to be globally routable 10:05 < monoxane> ipv6 typically doesnt have NAT done to it, you get a large block of ipv6 addresses your router hands out to everything and all of them are public 10:06 < h0dgep0dge> you have link local addresses, but they're almost fundamentally different than what you think of as your private ipv4 network addresses 10:06 < Surre_> how does a local address for an ipv6 looks like? 10:06 < h0dgep0dge> starts with fe80 10:07 < h0dgep0dge> i believe that's it, i'd have to double check 10:07 < Surre_> oh I see, I actually got one in this computer 10:07 < Surre_> inet6 fe80::... 10:07 < h0dgep0dge> so i'm not really grasping what you mean by "select one or another" address 10:08 < Surre_> so by selecting that local address I'll be using that public IPv6 associated to it 10:08 < Surre_> h0dgep0dge, I mean when connecting to a server, using an http client 10:08 < Surre_> I would put that local address to send the request through that interface 10:09 < h0dgep0dge> put it where? 10:09 < h0dgep0dge> and which interface? we're talking about more than one interface now? 10:09 < h0dgep0dge> are you talking about having 2 ipv6 addresses on a single interface, or more than one interface? 10:09 < Surre_> does it matter? I think it's the same regardless of 1 interface with 2 ips or 2 interfaces with 1 ip 10:10 < h0dgep0dge> well, to a certain extent it informs the context of the question 10:10 < Surre_> for ipv4 at least I think the way you use them is the same, when opening a connection you set what local address to use 10:12 < h0dgep0dge> i mean, you can use a bind() call? 10:13 < Surre_> I have done that to select a private IPv4 local address, not sure for IPv6 that's why I was asking 10:20 < Surre_> ah, and last question! 10:22 <+catphish> Surre_: the process for ipv6 is the same as ipv4, but in no way linked to ipv4 10:22 < Surre_> yeah I got, I think 10:23 <+catphish> also, it's worth noting that 2 interfaces with 1 ip each is not really a valid configuration in most cases 10:23 < Surre_> I want to connect to a server that doesn't seems to have an IPv6. Does it mean I can't connect to it using this interface I have which does have an IPv6? 10:23 < Surre_> I'm not sure how that works because you know, in general you have an IPv4, they have an IPv4, everything works, no problem at all 10:23 <+catphish> if you connect to a server that only supports ipv4 then you will need to connect from an ipv4 address 10:24 <+catphish> it's like 2 totally separate internets, you use one or the other 10:24 <+catphish> if the server supports ipv6 you use your ipv6 address, if not, you use an ipv4 address 10:24 < Surre_> I'm not sure it has an IPv6, I know it doesn't have an AAAA but maybe they do have one 10:24 <+catphish> you don't really need to know 10:24 <+catphish> the system handles this for you and selects an appropriate address on your side automatically 10:25 < Surre_> how? 10:25 < XCE> automagically 10:25 <+catphish> ideally you should have both an ipv6 address and an ipv4 address, you look up a server in DNS, if it has an AAAA record, then your system makes a connection from your ipv6 address to their ipv6 address 10:26 <+catphish> if it only has an A record, then your system makes a connection from your ipv4 address to their ipv4 address 10:26 < Surre_> right, but I'm saying it doesn't have a AAAA record 10:26 <+catphish> see above 10:26 < Surre_> is there any way to tell if a server for which you only have an IPv4, has an IPv6 as well? 10:26 <+catphish> no 10:26 < Surre_> (apart from checking its DNS of course) 10:26 <+catphish> they're in no way connected 10:26 < Peng_> Email their sysadmins? 10:26 < Surre_> yeah. will do, just wanted to be sure 10:27 <+catphish> well, in theory you should be able to do a dns lookup on the IP 10:27 <+catphish> and that name might point back to an ipv6 address 10:27 < XCE> can you ssh into one with ipv6 through your ipv4 then check 10:27 <+catphish> like this: 10:27 <+catphish> charlie@charlie-XPS ~ $ host 185.22.208.134 10:27 <+catphish> 134.208.22.185.in-addr.arpa domain name pointer charlie.infra.atech.io. 10:27 <+catphish> charlie@charlie-XPS ~ $ host charlie.infra.atech.io. 10:27 <+catphish> charlie.infra.atech.io has address 185.22.208.134 10:27 <+catphish> charlie.infra.atech.io has IPv6 address 2a00:67a0:a:2::9 10:27 < Peng_> Back in the day it wasn't unusual to have IPv6 on a separate hostname. Like https://ipv6.google.com/ . 10:28 <+catphish> also true 10:28 < Peng_> Which would, one hopes, be in the documentation for whatever 10:28 <+catphish> most people don't have dns set up perfectly like that though, so i wouldn't rely on it 10:28 < Surre_> it looks like they're running on AWS which seems to provide a default IPv6 on interfaces, they should have one even if it's not public 10:28 < Peng_> Depends. Pre-VPC EC2 doesn't support IPv6. 10:28 < Surre_> don't know if their server is configured to listen to them, or if it's done by default - no idea 10:29 < Peng_> And you can certainly turn IPv6 off. 10:30 < Surre_> catphish, I did what you mentioned but ec2 hosts would only show one IPv4 when you run "host" on them :( 10:32 < Peng_> Yeahhh. EC2's pretty useless for rDNS. 10:50 < tds> if you do want to connect to v4 only stuff from a v6 only machine, you can run your own dns64 + nat64 servers, that'll synthesise aaaa records for domains without them 10:50 < tds> that's only really useful if you run an ipv6-only network, if the network supports v4 as well it's much easier to just enable v4 11:09 < Surre> if you do want to connect to v4 only stuff from a v6 only machine, you can run your own dns64 + nat64 servers, that'll synthesise aaaa records for domains without them 11:09 < Surre> interesting 11:10 < Surre> I guess the idea is from my machine to that nat server through v6, and then through that nat server to the endpoint using v4? 11:11 < Surre> I won't do that, it's not that necessary. just being curious 11:16 < backes> hey! what causes the traceroute to repeat the same host multiple times, like here https://pastebin.com/TACFqmS9 ? 11:16 < backes> https://paste.debian.net/1033525/ the same on paste.debian.net 11:20 < detha> that is ..... crafty. Some routing loop 11:26 < grawity> backes: the 3rd-hop router is lying to you and returning fake ICMP errors 11:26 < Arpanet69> heey guys ... am working here at an office we using about 65 accesspoints from Sophos. 2,4Ghz plan is implemented and works fine.. but 5Ghz doesnt implement our channelplan cause of DFS. Also we are restricted to use 80MHZ (thanks to Sophos). When modifying the channels to DFS channels according to our plan it ntice interference and jumps back to non DFS channels .... how can i fix this? 11:29 < Arpanet69> wish i could disable this dfx 11:29 < Arpanet69> dfs 11:29 < Arpanet69> ...but i cant :) 11:29 < Arpanet69> how do you guys setup 5ghz channelplan ? 11:30 < backes> grawity: so this might be an entry to/load balancer to google's internal servers and it changes all the ICMP messages to obfuscate their architecture? 11:30 < grawity> no, it's something your sysadmin or your ISP screwed up 11:31 < kalebris_> Arpanet69: with fiber :) 11:31 < Spice_Boy> Arpanet69: why do you have to use 80MHz channels? 11:31 < Spice_Boy> if you are forced to 80MHz channels, and don't use DFS channels, then you're pretty much stuck 11:31 < dogbert2> it's amazing how local leaders here seem to think everyone can learn to code without understanding the issues behind writing software...the local comm. college is starting to teach swift, but local business leaders make it sound like "anyone can do this"... 11:31 < Arpanet69> Spice_Boy, dunno ask Sophos... were limited to that 11:31 < Arpanet69> Spice_Boy, yes to 1 channel lo; 11:31 < Spice_Boy> who/what is sophos? 11:32 < Arpanet69> its an firewall with build in WLC 11:32 < Arpanet69> like Fortinet 11:32 < Arpanet69> has its buildin WLC too 11:32 < sk_tandt> Greetings everyone! I'm a bit of a pinch: I am reaching a remote LAN through OpenVPN, and some nodes work just fine, but 3 just won't hear reason 11:32 < Arpanet69> am considering to disable 5,Ghz 11:33 < grawity> backes: here's what a proper trace to that host looks like: https://ptpb.pw/VBmi.txt 11:33 < sk_tandt> Among the nodes that work, there is at least one on the same switch 11:33 < Arpanet69> but thats a shame the AP are brand new 11:35 < dogbert2> grawity to da rescue :) 11:35 < backes> grawity: okay that is indeed quite different 11:41 < purplex88> what are network packet statistics? 11:44 < grawity> [oh, ignore the silly rDNS I'd put in my /etc/hosts for that .115 thing] 11:45 < sparrowsword> anyone familiar with rootnerds vps? trying to apt-update and having a heck of a time... dont think dhcp is working properly... cant ping google.com, my only /etc/resolv.conf line is nameserver 8.8.8.8, when i try apt-update it just says Failed to fetch http://ftp.us.debian.org/.. tried with ftp://ftp doesnt work either Temporary failure resolving 'ftp.us.debian.org' 11:45 < sparrowsword> however, i can ping 8.8.8.8 12:25 < sparrowsword> anyone able to help? 12:30 < djph> what do you get when you dig / nslookup ftp.us.debian.org? 12:34 < ne2k> why do dotted quad subnet masks still exist as a thing? 12:36 < djph> because fuck you, that's why. Also Cisco. 12:37 < ne2k> the number of times I hear people saying down the phone "two-five-five dot two-five-five dot two-five-five dot two-four-eight" instead of "twenty-nine" 12:37 < SwedeMike> ne2k: legacy reasons. People still call /24 a "class C", because... something. 12:37 < ne2k> SwedeMike, because their dumb 12:37 < ne2k> (yes, I did that on purpose) 12:37 < SwedeMike> ne2k: their hearing is just fine. 12:37 < SwedeMike> also speech 12:37 < ne2k> wut 12:38 < SwedeMike> (yes, I did that on purpose) 12:38 < SwedeMike> https://en.wiktionary.org/wiki/dumb "From Middle English dumb, from Old English dumb (“silent, speechless, mute, unable to speak”)" 12:39 < dogbert2> calling it class C space (which it was) is legacy :) 12:39 < ne2k> https://en.oxforddictionaries.com/definition/dumb #3 12:40 < ne2k> dogbert2, even worse is people calling 10.37.58.0/24 a Class C. no. no it's not. not in any sense of anything 12:41 < djph> ne2k: I do that because when I call somewhere, the person on the other end is a moron. 12:41 < dogbert2> yeah, that's not a class C at all, it's technically RFC 1918 class A space :) 12:41 < dogbert2> djph...bwhahahaha! 12:41 < SwedeMike> for some reason this class thing refuses to die, even though it became obsolete mid 90ties. It still shows up in books etc. 12:41 < djph> although, when I get to someone who knows what they're doing, I'll just give the last octet (because I suck at conversion from dotted-decimal to CIDR) ... 12:42 < ne2k> SwedeMike, 1993. TWENTY-FIVE YEARS AGO 12:42 < grawity> I thought it couldn't get worse than "10.x.y.0/24 is wrong because 10.x is class A" 12:42 < djph> grawity: where have you been lately? bahahaha 12:43 < ne2k> grawity, what's wrong with that? that's actually correct, surely? 12:43 < dogbert2> saw a funny comment this morning by the CIO of switch (data center) about learning swift and other programming languages: Speaking at an event Thursday about the new course, Missy Young, chief information officer for Las Vegas-based Switch, said this program can help fill those in-demand, high-paying jobs. “You can be instantly employable in a field that cannot possibly find enough talented and qualified individuals to do thes 12:43 < dogbert2> e jobs,” she said. 12:43 < grawity> ne2k: how long has subnetting been around for, again? 12:43 < dogbert2> LOL, grawity 12:44 < ne2k> grawity, as in, if you're saying "it is class A", and you are following the class system, then that /is/ wrong. 12:45 < dogbert2> yeah :) 12:45 < ne2k> anyway 12:45 < nostrora> hi! i have ap ac pro and wifi is always disconnecting/reconnecting, i'm from 1 meter and "wifi power" is very high 12:45 < nostrora> how can i debug this kind of disconnection ? i'm on linux 12:45 < ne2k> I don't get why people would ever want dotted quad subnet masks for any purpose. why isn't it just an integer in all places where a subnet mask is wanted? 12:45 < SwedeMike> ne2k: for IPv6 at least it is. 12:46 < grawity> SwedeMike: ...usually. I have seen a thing or two use "/ffff:ffff:ffff:ffff::" 12:46 < ne2k> grawity, VLSM mentioned here https://tools.ietf.org/html/rfc950 (1985) 12:46 < grawity> ne2k: maybe it was born when someone still allowed non-contiguous masks, and now everyone's just used to it 12:46 < SwedeMike> grawity: ew. 12:49 < ne2k> CIDR removed non-contiguous masks as an option 12:50 < ne2k> An implementation following these rules should also be generalized, 12:50 < ne2k> so that an arbitrary network number and mask are accepted for all 12:50 < ne2k> routing destinations. The only outstanding constraint is that the 12:50 < ne2k> mask must be left contiguous. Note that the degenerate route 0.0.0.0 12:50 < ne2k> mask 0.0.0.0 is used as a default route and MUST be accepted by all 12:50 < ne2k> implementations. 12:50 < ne2k> ooh, sorry for flood 12:50 < djph> eh,wot? 12:51 < grawity> I think that's already present in RFC 1338 a year earlier 12:56 < dogbert2> w00t...just found and fixed 5 potential null pointer dereferences in BIND :) 12:58 < djph> yay? 12:58 < djph> dogbert2: which (major) version? 12:58 < dogbert2> BIND-9.12.1-P2... 13:00 < Apachez> its people like dogbert2 who is responsible for why we cant have a nice vacation without major vulns... 13:00 < djph> bit farther along than me ... I'm only running 9.9 13:00 < djph> :| 13:00 < djph> stupid debian stable 13:00 < dogbert2> bwhahaha... 13:01 < dogbert2> who the hell takes a vacation in IT :P 13:02 < mspro> the manager 13:07 < dogbert2> muhahahaha - https://gitlab.isc.org/isc-projects/bind9/issues/413 13:10 < djph> I do - screw the users, I'm going to a beach somewhere where the nearest cell reception is 400 miles away. 13:13 < Apachez> dogbert2: shouldnt there be a syntax in the compiler who can check this stuff for the devs? 13:14 < dogbert2> Apachez...I find shit that coverity and clang-analyzer just plain miss... 13:14 < grawity> Apachez: iirc C is too flexible to have this checked 100% at compile time 13:14 < dogbert2> exactly :) 13:14 < grawity> (and if you integrate the static analysis into compilers, I imagine it being a little slow) 13:14 < dogbert2> though if C had compile time bounds checking :) 13:15 < grawity> well, there's always Rust 13:17 < Apachez> sure but checking if a function can return null should be something that the precompiler can check for 13:17 < Apachez> and if so verify if all uses of this function checks for null 13:17 < Apachez> and if not throw out an warning while compiling 13:20 < dogbert2> Apachez...well, it couldn't find the memory leak I found earlier in the week :) 13:21 < Apachez> well thats what Im saying why isnt there some flag to make the precompiler look for this shit? 13:21 < Apachez> I mean its easy 13:25 < dogbert2> the pre-compiler would probably die a fugly death 13:29 < dogbert2> djph...I usually do my bug-fu finding on downloaded tarballs...then I submit and let the upstream ninjas make sure it gets where it needs to go :P 13:30 < Apachez> how are those functions defined? 13:30 < djph> dogbert2: yay :) 13:30 < Apachez> void functioname(stuff); ? 13:30 < Apachez> because int functionname(stuff); shouldnt allow for null in returns 13:30 < Apachez> or did I miss something? 13:31 < dogbert2> well, the first one doesn't have a return value...the 2nd expects a return of an int 13:31 < grawity> the 2nd one doesn't return a pointer in the first place 13:31 < grawity> though nothing says it can't return a zero, but it's still not a pointer 13:33 < dogbert2> yeah... 13:33 < dogbert2> welp...lemme go back to bed for about an hour...finding bug-fu on friday the 13th...hmmmmm! 13:38 < BatmansAdversary> i took a shit 13:38 < eirirs> Toblerone is the shit. 13:46 < _noblegas> Hi all 13:46 < _noblegas> Just going crazy trying to configure squid on my windows machine 13:51 < djph> _noblegas: format and upgrade to Linux. 13:53 < _noblegas> Can't my work pc 13:56 < _noblegas> Also I sit behind Corp network 14:01 < AlexCDev> Hi 14:02 < djph> _noblegas: then why're you installing squid on it? 14:02 < _noblegas> Uh, it's a long story but I'll try to explain 14:04 < spaces> varesa yoyo! 14:10 < _noblegas> Also I don't know the whole 'why', as I was told to 'follow the instructions'. Anyway, I have a linux virtual machine on my windows. In that virtual machine configuration it says to use proxy - address of the host machine with squid port. I assume it was done for a reason, so that VM could connect to external network - for example so I could run yum install. So I 'followed' the instructions - installed squid. Now when I 14:10 < _noblegas> do curl from the VM - I see it in squid access.log, but the results is 'dns server:' 'no name found' . Also I tried to see if squid works - from the host machine by configuring Firefox to use it as a proxy and also by running the squid client. Basically, my understanding - is that because I sit behind Corp network/proxy/whatever - applications that need to reach the outside network should go through squid as it should 14:10 < _noblegas> "magically" go through Corp proxy/whatever. 14:11 < djph> none of that makes any sense, or is right in the slightest way. 14:12 < djph> I mean, you can simply set up the networking to NAT via the host machine 14:12 < _noblegas> Yes, as I told, I don't understand why 14:13 < djph> something with your instructions sounds extremely wrong - at this point, your best bet is to reconfirm with the IT guys / whoever wrote that howto WTF they're smoking. 14:13 < _noblegas> Yeah 14:16 < _noblegas> You're right 14:38 < _noblegas> Actually 14:39 < _noblegas> I think it all boils down to the fact that from the local machine certain programs cannot reach the outside world because of proxy 14:39 < _noblegas> Or whatever 14:39 < _noblegas> So maybe if I run a program in VM and it uses NAT - then they still won't be able to go through 14:40 < regdude> I have seen some companies have set up quite strict intranet, where some computer have access to the Internet and some don't and since no one wants to hire anyone who understands something, then they just setup proxy on their computers and can have Internet access on a computer in an intranet, might be your case 14:40 < djph> and if that's the case, then you have to configure the VM to talk to the corporate proxy, not some randomly setup proxy on your hsot. 14:41 < _noblegas> Well 14:41 < _noblegas> From what I understand Corp proxy works through pac file 14:41 < _noblegas> Ok I will try that also 14:42 < _noblegas> Thanks 15:03 < _noblegas> A bit stupid question, but what is resolved first - proxy or dns 15:08 < Apachez> who are "they"? 15:08 < MikeSeth> _noblegas: the proxy will decide how it does that 15:08 < MikeSeth> assuming you're talking HTTP[s] 15:11 < _noblegas> Ok 15:11 < _noblegas> What I did so far 15:11 < ||cw> there are a few ways to restrict internet, and installing squid on your VM host doens't have anything to do with any of them 15:12 < _noblegas> I found the POC file 15:12 < _noblegas> I downloaded it 15:12 < _noblegas> From it I found what the proxy is 15:12 < _noblegas> *pac file 15:13 < _noblegas> I set this proxy in my guest Linux machine settings 15:13 < _noblegas> Now it says: proxy authentication required 15:15 < lupine> sounds like the proxy requires authentication 15:15 < _noblegas> Omg now it works from curl 15:17 < _noblegas> Ah, no its the webpage from the proxy 15:18 < _noblegas> Saying that authentication is required 15:18 < _noblegas> But how do I find out what authentication it needs? 15:21 < djph> probably your network username ( and password) 15:21 < _noblegas> Says 'kerberos with ntlm fallback' 15:22 < _noblegas> Probably proxy uses windows something to authenticate 15:22 < MikeSeth> Kerberos GSSAPI, yes 15:23 < _noblegas> That's probably why there is no way to set up the proxy configuration from guest Linux machine. Probably, it's why guest Linux machine should connect to squid - and squid will authenticate with the proxy. 15:24 < _noblegas> *squid running on the host machine 15:24 < MikeSeth> You can authenticate against a Windows domain with samba and krb5 15:24 < _noblegas> Thanks a lot I will search for this 15:25 < MikeSeth> You probably do not want to induce your guest vm into the domain just for this 15:25 < MikeSeth> though I am not sure it is required in your use case strictly speaking 15:26 < _noblegas> What I meant earlier is that from what I understood - the idea was that guest VM connects to squid on the host machine - and squid will do the authentication against the proxy 15:26 < _noblegas> As squid is running within windows environment 15:27 < MikeSeth> is this in the lab? 15:27 < MikeSeth> cause it makes no sense to me otherwise 15:27 < Apachez> _noblegas: but why? 15:27 < _noblegas> But how otherwise I can connect from guest VM application to the outside world 15:28 < MikeSeth> er 15:28 < MikeSeth> NAT or bridged interface? 15:28 < MikeSeth> I think it's time for xyproblem 15:28 < MikeSeth> _noblegas: http://xyproblem.info/ 15:28 < _noblegas> Let me try 15:29 < Apachez> _noblegas: the vm guest runned on your host can either be bridged or nated 15:29 < Apachez> in any case you dont need any proxy on your host 15:29 < _noblegas> Well, the issue is - was told if Nat is used - then not urls are accessible 15:29 < MikeSeth> by whom 15:29 < _noblegas> Previous people who tried to set it up 15:29 < Apachez> who told you this? 15:29 < _noblegas> That's why they introduced squid 15:30 < Apachez> which incompetent moron told you this? 15:30 < Apachez> if you configure it as a bridge (if we talk virtualbox now) the bridge will use the same drivers as the host nic 15:30 < Apachez> so if your host use 192.168.0.1/24 your vm guest will use for example 192.168.0.2/24 15:30 < _noblegas> They are highly competent. It's just that I can't explain the problem clearly here as I am incompetent :( 15:31 < MikeSeth> Is this a high security environment? 15:31 < _noblegas> Yes 15:31 < Apachez> the other method when using nat then the traffic is nated to the host ip and the vm guest gets another range like 10.0.0.1/24 15:31 < MikeSeth> sigh 15:31 < Apachez> depending on how your nat is setup 15:31 < Apachez> in those case it will be a vbox nic 15:31 < Apachez> normally intel e1000 15:31 < MikeSeth> _noblegas: so web traffic is blocked and an interdicting proxy is forced on it? 15:32 < _noblegas> Probably, but I didn't understand what is interdirecting proxy is 15:32 < MikeSeth> _noblegas: well, a web proxy that examines your traffic and can't be avoided 15:33 < MikeSeth> in the sense that if you do not use it you can't have access at all 15:33 < _noblegas> Yes 15:33 < _noblegas> You're right 15:33 < _noblegas> So from browser I can access the outside world 15:34 < _noblegas> But applications cannot access the outside world (Google.com etc) 15:34 < MikeSeth> _noblegas: so you need to configure a browser under Linux to do NTLM authentication to the proxy 15:35 < _noblegas> Yes probably, what they told me I need to install squid or cntlm 15:35 < _noblegas> But there are some problems with cntlm - they told me. That's why I installed squid. 15:35 < MikeSeth> squid is not pretty on configuration 15:35 < _noblegas> In the past I managed to make it work with setting up fiddler as a reverse proxy 15:36 < _noblegas> MikeSeth: I am so happy that you understand my problem 15:36 < MikeSeth> if this is a high security set up, are you actually authorized to do this? 15:37 < MikeSeth> https://superuser.com/questions/128243/how-do-i-configure-ntlm-authentication-in-firefox-on-linux 15:37 < _noblegas> Yes it's a high security set up. 15:37 < _noblegas> So I am an application dev 15:37 < _noblegas> But I am working on my work computer that is connected to this high security network 15:38 < MikeSeth> see above 15:39 < _noblegas> Thank you 15:41 < _noblegas> Ok but I cannot install packages 15:42 < _noblegas> Because no Internet access 15:42 < _noblegas> Ok, I'll try downloading it and copying to machine 15:44 < nostrora> Hi someone know how unifi controller is working ? Because i'm connected on UAC AP PRO but Unifi controller dsn't see my UAC AP PRO :/ 15:45 < eeee> Hi. I have wrt54gl router. Is it possible to configure wrt router to have standalone switch and separate router with ap via wan port? 15:46 < lupine> probably. if nothing else, slap openwrt on it. that will support it 15:47 < eeee> lupine: could it be done in dd-wrt? 15:47 < lupine> sure 15:50 < tds> It looks like that has a built in 5 port switch, so you can just put the wan port on one vlan, all the LAN ports on another, and then bridge the wan vlan interface on the cpu to the WiFi interface 15:54 < eeee> tds: can u link more detailed information on that 16:05 < ||cw> eeee: you want the switch ports to not connect to the router? 16:05 < eeee> ||cw: y 16:06 < black_13> how would I test echo or an echo server using nc 16:08 < ||cw> so, the default is that the 4 switch ports are vlan0, the wan port is vlan 1, both are tagged to the CPU on eth0, and the wifi is eth1 or wl0. vlan0 and wl0 are bridged, and vlan1 then that's routed/nat'd to vlan1 16:09 < ||cw> you need to modify the config, likely from wifi, to remove vlan0 from the bridge. technically that's all you should need to do, but be prepared to factory reset 16:09 < ||cw> black_13: connect to the port and type in the protocol commands 16:10 < black_13> is this right to place to ask about this question 16:11 < ||cw> black_13: sure, but nc is pretty simple, you might say what you tried that isn't working 16:11 < hatmadderz> I've developed a software which relies on being able to send and receive e-mail through an external API of some sort. That is, the program handles everything locally besides the actual sending of individual e-mails, and grabbing incoming e-mails from some always-on server. My program is not "always online" but run on a desktop computer daily. I don't need or want any fancy "managed mailing list", "e-mail templates" or any of that stuff -- 16:11 < hatmadderz> just to talk to an API hosted by some company that handles all of the details of actually delivering/receiving and temporarily storing e-mails. I originally made this to support Mailgun, but their site has apparently stopped working or they silently deleted my account without any kind of notice, and all of their competitors either only allow "transactional" e-mails, don't support incoming e-mails at all, or both. I've visited numerous of 16:11 < hatmadderz> these dumbed-down websites now and feel as if I'm missing something. They all seem to be for a fully "managed" solution where they host everything and automate everything for a specific task (such as sending out "promotional" bulk e-mails). I'm looking for a generic, barebones thing that simply allows me to send and receive e-mail and it's entirely up to me whether I will get blocked by ISPs as a spammer if I behave in a way they don't like. 16:12 < hatmadderz> (Probably means I'm forced to buy a dedicated IP address from them, which is okay with me as long as it doesn't cost a fortune.) Please let me know if you can recommend something, or how I could possibly make this happen in some way without having to deal with setting up my own e-mail servers and all that headache. 16:12 < black_13> I am writing or trying to write an echo server using winsock and check it works correct with nc 16:12 < hatmadderz> I've developed a software which relies on being able to send and receive e-mail through an external API of some sort. That is, the program handles everything locally besides the actual sending of individual e-mails, and grabbing incoming e-mails from some always-on server. My program is not "always online" but run on a desktop computer daily. I don't need or want any fancy "managed mailing 16:12 < hatmadderz> list", "e-mail templates" or any of that stuff -- just to talk to an API hosted by some company that handles all of the details of actually delivering/receiving and temporarily storing e-mails. I originally made this to support Mailgun, but their site has apparently stopped working or they silently deleted my account without any kind of notice, and all of their competitors either only allow 16:13 < hatmadderz> "transactional" e-mails, don't support incoming e-mails at all, or both. I've visited numerous of these dumbed-down websites now and feel as if I'm missing something. They all seem to be for a fully "managed" solution where they host everything and automate everything for a specific task (such as sending out "promotional" bulk e-mails). I'm looking for a generic, barebones thing that simply 16:13 < hatmadderz> allows me to send and receive e-mail and it's entirely up to me whether I will get blocked by ISPs as a spammer if I behave in a way they don't like. (Probably means I'm forced to buy a dedicated IP address from them, which is okay with me as long as it doesn't cost a fortune.) Please let me know if you can recommend something, or how I could possibly make this happen in some way without having 16:14 < DocScrutinizer05> lolwut? 16:14 <+xand> WTF 16:16 < tonyt> hatmadderz you shouldnt be spamming. people dont like that 16:16 < ||cw> black_13: but what nc commands did you try? 16:17 < black_13> sorry I am being distracted 16:17 < ||cw> black_13: you might also try nc against a known working echo server just in case the issue is that your server isn't working 16:23 < gkwhc> hey guys, i was wondering why most proxy configurations ignore localhost/127.0.0.1? 16:38 < DocScrutinizer05> waaah, netstat not found :-O ~> LC_ALL=C cnf netstat The program 'netstat' can be found in following packages: * net-tools-deprecated [ path: /bin/netstat, repository: zypp (download.opensuse.org-oss_2) ] --- DEPRECATED??? WHY? what else I'm supposed to use? 16:39 <+xand> use "ss" 16:40 <+xand> like you'd use "ip" instead of "ifconfig" 16:40 < DocScrutinizer05> I hate ip 16:40 < DocScrutinizer05> thanks anyway 16:40 <+xand> that's nice, but ifconfig doesn't work properly anymore. 16:40 < DocScrutinizer05> any hint *why* it's deprecated? 16:40 < DocScrutinizer05> ohmy 16:41 <+xand> e.g. ifconfig won't show secondary IPv4 addresses, and it can't handle some hardware addresses 16:41 < DocScrutinizer05> DAMN! 16:44 < DocScrutinizer05> all those monolithic monster programs like ip, systemd, whateverthename. their man pages could get published as a book, each one of them 16:47 < eeee> ||cw: thanks for help, what its bridged to what is kind of confusing at first. 16:47 < DocScrutinizer05> loosely related: do you know of any still working command sequence that compares your sysclock to the cmos clock and the NTP time, without changing any of the three? 16:47 < ||cw> yeah, especially they way dd-wrt's admin pages present it 16:49 < ||cw> DocScrutinizer05: that's OS specific 16:49 < DocScrutinizer05> linux 16:50 < ||cw> hwclock 16:53 < DocScrutinizer05> yeah, hwclock still works, but how do I get NTPtime without same time setting my local clocks ? 16:54 < Apachez> hwclock stores current time into rtc module 16:54 < Apachez> if you dont run hwclock your old clock will be shown after reboot and no ntp to sync against 16:54 < DocScrutinizer05> hm? 16:54 < Apachez> you can use ntpdate to manually query a ntp server 16:54 < DocScrutinizer05> hwclock transfers systime to cmos, or vice versa, or shows cmos time 16:55 <+pppingme> most distribs have "hwclock --systohc" somewhere in the shutdown scripts 16:55 < DocScrutinizer05> and it might adjust the adjtime file offsets 16:55 < DocScrutinizer05> my problem is NTP, not cmos clock 16:55 < Apachez> so whats your problem from the beginning then? 16:55 < DocScrutinizer05> ^^^ 16:55 < Apachez> what kind of issue is it you are trying to solve? 16:56 <+pppingme> but how do I get NTPtime without same time setting my local clocks ? << that not your question? 16:56 < Apachez> you use ntpdate 16:56 < DocScrutinizer05> how do I get NTPtime without same time setting my local clocks ? 16:56 < Apachez> already answered 16:56 < Apachez> NEXT! 16:56 < DocScrutinizer05> ooh I missed that answer 16:57 < DocScrutinizer05> no manpage for ntpdate 16:58 <+pppingme> not much to ntpdate... literally "ntpadate server" and it tells you what it did 17:01 < DocScrutinizer05> what been the canonical "for lusers" NTP server URL? 17:01 <+pppingme> are you just trying to "see" the time on a remote ntp server? 17:01 < DocScrutinizer05> yep 17:01 <+pppingme> without doing anything locally (hwclock or system time)? 17:01 < DocScrutinizer05> yep 17:01 <+pppingme> ok, run "ntpdate -q remotentpserver" 17:01 < DocScrutinizer05> pool,ntp.org? 17:01 <+pppingme> the -q means query only.. 17:02 < DocScrutinizer05> aah -q, thanks 17:02 < ||cw> DocScrutinizer05: ntpdate can do that 17:02 <+pppingme> it won't adjust sysclock or hwclock 17:02 < DocScrutinizer05> can you help me out with the URL? 17:03 < ||cw> DocScrutinizer05: I'm curious, what tools have you been check man pages on? 17:03 < DocScrutinizer05> please rephrase 17:03 < ||cw> why are you asking questions about the use of the standard linux date/time/ntp tools? 17:04 < DocScrutinizer05> I know there been ntpdate, ntptime, netdate and possibly nettime. I tried manpages for all of them 17:04 < ||cw> what are you looking at that the answers arne't clearly there? 17:04 < DocScrutinizer05> this suse leap15 has ntpdate but no manpage for it 17:05 <+pppingme> what command/syntax are you using to try it? 17:05 < ||cw> that's kinda lame, but, you can google man pages. 17:05 < DocScrutinizer05> a decade ago I used one of the 4 commands I quoted above, without providing a server URL 17:06 < ||cw> one of the core ntp commands can probably do that 17:06 < DocScrutinizer05> prolly it's not configured anymore, since systemd ate NTP 17:07 < ||cw> yeah, ntp is generally only run on ntp servers now, so many lighter alternatives 17:08 < Sout> most are going with chrony. and re the command ntpdate -q pool.ntp.org 17:09 < ||cw> or whatever ntp server you use 17:15 < DocScrutinizer05> that's the 1 million dollar question ;-) just tried pool.ntp.org and it seems like suffering a "DDoS" - takes 6 seconds to finish 17:16 < Poster> that's not uncommon, the synchronization has to do tests to calculate the latency between the client and server and apply that delta to whatever time is ultimately set 17:17 <+pppingme> DocScrutinizer05 by default, ntpdate does at least 4 queries, it will take a few seconds 17:18 < DocScrutinizer05> just a `date;ntpdate;date` a 10 years ago usually allowed me to estimate accuracy of local clock since first and seconfd `date` were no more than 0.2s apart 17:18 <+pppingme> time ntpdate -q pool.ntp.org takes real 0m6.979s 17:18 < Poster> you can see it in action if you run a tcpdump, otherwise your clock settings would be off by whatever latency existed between you and your time source 17:18 < DocScrutinizer05> real 0m6.738s :-) 17:18 <+pppingme> so nothing out of the normal 17:19 < linux_probe> lol 17:19 <+pppingme> why not just run it directly, it will tell you with high accuracy... 17:19 < DocScrutinizer05> yeah, I guess my config was "faster" back when ntpdate didn't need any parameters but used some /etc/ config files 17:19 <+pppingme> sudo time ntpdate pool.ntp.org 17:19 <+pppingme> 13 Jul 10:19:21 ntpdate[14285]: adjust time server 108.59.2.24 offset -0.005859 sec 17:22 < DocScrutinizer05> nah, sth changed in ntpdate, I guess. Even a /usr/sbin/ntpdate -q 192.168.4.1 takes 6s 17:23 < DocScrutinizer05> wireshark rime 17:23 < DocScrutinizer05> time 17:23 <+pppingme> you could add "-p 1" to shorten time, but results won't be as accurate 17:23 < DocScrutinizer05> oooh, thanks 17:24 < DocScrutinizer05> OHYEAH! 17:24 < DocScrutinizer05> real 0m0.119s 17:24 <+pppingme> but like I said, results not as accurate 17:24 < DocScrutinizer05> changed from "offset -0.002081 sec" to "offset -0.001835 sec" 17:25 <+pppingme> those are reasonably close 17:25 < DocScrutinizer05> thanks guys for the patience with me 17:25 <+pppingme> you'll get more varience than that just between ntpdate runs 17:26 < DocScrutinizer05> --- 192.168.4.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4095ms rtt min/avg/max/mdev = 0.171/0.183/0.205/0.021 ms 17:31 < DocScrutinizer05> do you know if default changed from -p1 to -p6 or whatever during last decade? 17:33 < DocScrutinizer05> Poster: do you know how the latency compensation works? a simple RTT/2 ? 17:36 < detha> with -p1, that is all it can do 17:36 < DocScrutinizer05> yeah, that's what I thought 17:37 < DocScrutinizer05> maybe do some magic in server, calculating own process runtime between receiving request and sending out reply, or somesuch 17:38 < detha> meh. that's going into PTP territory 17:38 < DocScrutinizer05> PTP? 17:38 < detha> precision time protocol 17:38 < DocScrutinizer05> hehe 17:39 < detha> server sends packet, NIC corrects timestamp 17:39 < DocScrutinizer05> I'm just genuinely curious. Not like a second off on my local time would matter 17:44 < detha> DocScrutinizer05: ntp and friends work off statistics. the more samples they have, over a long period, the more accurate they get 17:46 < Some_Person> What should I do with 100 ft of "Cat5e" cable that appears to contain no copper? 17:46 < detha> Call it fiber 17:50 < foxdie> lol detha 17:50 < ||cw> Some_Person: wait, what? 17:51 < Apachez> perhaps its using some aluminium instead of copper? 17:51 < DocScrutinizer05> a hoax? 17:51 < DocScrutinizer05> aah, alu. yeah 17:51 < DocScrutinizer05> Some_Person: what do you *want* to do with it? 17:52 < spaces> IRC is not that sexy on a friday afternoon 17:52 < Apachez> no the question is what spaces can do with it for *you* 17:52 < spaces> Apachez are you drunk again ? 17:52 < Some_Person> ||cw: Cheap ass cable I bought on ebay years ago. Got a refund, was told to keep it, and I still have it 17:52 < DocScrutinizer05> don't ask what your cable can do for you, ask what you can do for your cable 17:53 < ||cw> Some_Person: use it for a 100m link where performance doens't matter? 17:53 < Some_Person> I suspect it's probably aluminum, but have no way of knowing for sure 17:53 < my_mind> DocScrutinizer05: throw it away 17:56 < DocScrutinizer05> to construe a topical relevance: freenode has a new service https://www.linuxjournal.com/content/freenode-launches-new-job-board-two-more-spectre-security-holes-discovered-debian-joins 18:07 < lizardlarry> For some reason my wireless LAN is hardblocked. Will resetting the BIOS fix this? I am running Debian. 18:11 < compdoc> doubtful the bios is involved 18:13 < lizardlarry> what remedies would you suggest? 18:14 < compdoc> what do you mean by hardblocked' 18:14 < spaces> compdoc long time no see :) 18:14 < compdoc> still kickin 18:14 < lizardlarry> as in I run rfkill and phy0 is hardblocked 18:14 < spaces> compdoc good to hear! 18:15 < compdoc> :) 18:15 < spaces> just try to stay sexy 18:15 < spaces> it's all you need 18:17 < compdoc> heh, harder to do as time goes by 18:18 < lizardlarry> I can toggle the softblock on and off using f12 on my keyboard, but rfkill unblock doesnt fix the hardblock issue