--- Log opened Sun Apr 22 00:00:53 2018 01:19 < wadadli> Hi ISP ADSL+ modem/router does not support bridge mode or IP passthrough. Can someone recommend a great replacement with this functionality. 01:19 < SporkWitch> it's an all-in-one? 01:21 < redrabbit> DMZ 01:22 < redrabbit> ? 01:22 < redrabbit> get separate devices. 01:23 < tds> if you really want to do it "all in one", get a linux box, add a NIC with an SFP slot, and get one of those SFP ADSL modems ;) 01:27 < SporkWitch> think you're both missing it, if i'm reading it right, he's got an all-in-one and an actual router that isn't completely shit, but the all-in-one doesn't have a bridge/dumb mode to work as JUST a modem, so he can use the real router 01:27 < wadadli> Yes! 01:27 < SporkWitch> if that's the case, the fix is to buy a dedicated ADSL modem (or ask the ISP; sometimes even the shitty ones will give you one) 01:28 < wadadli> Yes so I have never bought an ADSL modem! Can someone suggest a few? 01:28 < tds> well I'd say if you do want a plain modem, those SFP ones seem like a rather neat solution, though rather expensive iirc 01:29 < wadadli> Yes just a plain modem, doesn't need to act as an AP. 01:30 < SporkWitch> wadadli: if it was cable I could say "make sure it supports DOCSIS3.0" and be done with it; not sure the ADSL equivalents that you need to check for 01:31 < dogbert2> you want a good mid-range cable modem...Arris Surfboard SB6183 01:31 < tds> for adsl (at least in the UK) I've heard good things about DrayTek, it's probably best to look for reviews (and specifically ones from people who use your ISP) though 01:45 < wadadli> SporkWitch: It's actually using the telephone cable. 01:45 < wadadli> Not sure of ADSL implied that heh. 01:46 < SporkWitch> DSL, by definition, is copper telephone lines 01:46 < SporkWitch> the cable comment was a comparison AGAINST DSL 01:52 < wadadli> OK, I need to shop around for an DSL modem then :) 01:57 < SporkWitch> wadadli: talk to your ISP first to make sure of what it needs to support 01:58 < wadadli> OK surely. 02:20 < Apachez> finally managed to get something useful out of graphviz (regarding creating network diagrams) https://www.reddit.com/r/networking/comments/8dbucs/tools_to_create_maintainable_network_diagrams/dxr8azc/ :) 02:38 < hyper944> i am trying to connect another subnet on my computer (public IP addresses, 4) with my internet connection. what are my best bets to do it 04:01 < Hackira> Hello guys, here is the statement. I have a motherboard with 2 ethernet intakes, my goal is to use it as a firewall among other stuff. I bridged the two interfaces, I have connectivity on the bridge but the server (lets name that) lost it, could you help me figure out what I'm doing wrong ? 04:02 < mellotto> Hi Hackira. what exactly you want? (goal) 04:04 < Hackira> Using my server as a bridge/firewall for my network, don't know if I'm clear 04:05 < mellotto> the 'term' bridge you are using as it is the same for 'firewall'? 04:05 < mellotto> do you want a bridge or a firewall? 04:05 < Hackira> Can't I have both ? 04:06 < Hackira> Well I guess the firewall part of the project isn't important for the moment ? 04:06 < mellotto> Possibly yes. how many network interfaces you have on that server? 04:06 < Hackira> I bridged the interfaces with systemd-networkd & archlinux, for the record. 04:06 < Hackira> 2 ethernet interfaces. 04:11 < mellotto> the end point, is connected to the internet? and the server is not. You want the server (bridge) to have internet access as well? 04:12 < Hackira> Yep. 04:13 < mellotto> Bridging, for example, links the two network adapters so that Ethernet frames flow freely between them, just as if they were connected on a simple hub. All of the traffic heard on one interface is passed through to the other. 04:14 < mellotto> You can set up a bridge so that the computer itself does not participate in the network at all, essentially transforming the computer into an overpriced Ethernet repeater. But more likely you will want to access the Internet as well as bridge traffic between the ports... i assume.... That isn't complicated, either... 04:15 < mellotto> you will need bridge-utils package, I assume you already have it 04:15 < mellotto> what distro are you using? 04:16 < rewt> Hackira, if you want it to be a firewall, the interfaces must not be bridged; you must route between the interfaces 04:17 < Hackira> archlinux for the os, systemd-networkd for managing interfaces 04:18 < mellotto> rewt: He answered that firewall project will be treated later (I started asking about his goal first) firewall or bridge 04:18 < rewt> sounded more like he wants the traffic go through first, then add the firewall... but he can't add the firewall if it's bridged; he'll have to start from the beginning 04:19 < mellotto> sure, i agree. 04:20 < mellotto> I am suggesting based on the answers I get :) trying to understand his goal. 04:22 < mellotto> for the bridge part: you may want to run 'ifdown eth0' and 'ifdown eth1' from the command line 04:23 < mellotto> then # brctl addbr bridge0 04:23 < mellotto> # brctl addif bridge0 eth0 04:23 < mellotto> # brctl addif bridge0 eth1 04:23 < Hackira> The route by itself works, I have connectivity on the switch, just try to understand why the server itself lost connection. 04:24 < mellotto> Done. the bridge is setup and you can get IP (mannually or via HDCP) 04:24 < mellotto> # dhclient bridge0 04:24 < Quatermass> sounds more like they need to read up on the theory of what they're trying to accomplish rather than have someone do it for them 04:24 < rewt> exactly; i'm guessing there are false assumptions at play 04:26 < mellotto> Hackira: do you have a ethernet switch where your 'network clients' are attached to? 04:26 < Hackira> Yep. 04:27 < mellotto> if you have a switch hybrid, you may want to skip the 'bridge' and setup a firewall instead. 04:27 < mellotto> why do you really want a bridge? 04:27 < Hackira> That's not a managed one unfortunately. 04:31 < mellotto> still not clear. Why do you want a linux server acting as a ethernet bridge? 04:32 < rewt> better question might be what is to be attached to the 2 interfaces; bridging just may not work at all depending on the scenario 04:34 < Hackira> mellotto: To firewall & log home network. 04:36 < mellotto> Please, describe what is 'log home network' 04:37 < mellotto> your home network is connected to a hub? you want all the traffic to be 'snooped'? 04:37 < Hackira> More like the server act as a router 04:38 < mellotto> Ok, server is a router (and lets say you will have a firewall here). 04:39 < mellotto> server is attached egress towards internet and igress towards your 'ethernet hub / switch' 04:39 < mellotto> is that so? 04:39 < Hackira> Yes. 04:39 < mellotto> and then you have other network clients attached to the same switch. 04:40 < Hackira> Exactly. 04:40 < mellotto> if it is a hub, the server will be listenning to all igress traffic 04:41 < mellotto> if it is a switch, you will listen only to brodcasts, for the internal requests (10.0/8) whaever is your net/subnet 04:42 < mellotto> i dont see a reason for bridge the server. You may want to use a firewall instead. 04:42 < mellotto> tell me, what is it that you want to achieve with a bridge in that server? 04:44 < Johnjay> can someone explain how using a usb->ethernet adapter can give more throughput than the onboard raspi ethernet? 04:44 < Johnjay> that's what this blog post is saying without really explaining it: https://www.jeffgeerling.com/blogs/jeff-geerling/getting-gigabit-networking 04:45 < Hackira> mellotto: Ok, that's a hub then. 04:46 < dogbert2> do they even make hubs anymore? 04:46 < mellotto> they dont. I believe only switches by now 04:51 < dogbert2> yeah...they don't even make uplink ports on switches these days since most have auto-sense and MDX 04:51 < Johnjay> i see that word auto sense a lot dogbert2 04:52 < Johnjay> is that referring to crossover cable? 04:53 < dogbert2> yeah, you rarely need a crossover cable these days...I just bought a D-Link 8 port GigE switch (all metal) $30 at Frys...used a std cat-6 cable to connect 'em 04:54 < dogbert2> Arris SB6183 <-> D-Link AC1750 <-> D-Link 8 port switch 04:57 < Johnjay> how fast throughput do you get on that ac1750? 04:57 < Johnjay> i mean ac band as opposed to 2ghz band 05:01 < dogbert2> pretty good, though only wireless devices which use the AC band are the smartphone and the garage door opener...you can imagine which one is the b/w hog 05:02 < dogbert2> though the garage door is restricted to 2.4Ghz band only 05:02 < Johnjay> ah ok. 05:02 * Johnjay vaguely has thought about building his own garage door opener 05:03 < dogbert2> have a desktop, ethernet printer, Libre Computer (Pi Clone), smart phone, and the garage door opener for the 5 devices 05:06 < wrenny> Hi, there an easy guide somewhere to help convert my ipv4 home network to ipv6 ? 05:06 < Johnjay> ethernet printer huh? sounds nice 05:07 < SporkWitch> wrenny: unless your ISP has complete support, don't bother, just introduces headaches and slowdowns 05:07 < Dagger> Comcast 05:07 < Dagger> so, it works well enough for tens of millions of Americans 05:08 < Quatermass> lol americans 05:09 < Dagger> wrenny: you don't "convert" the network. first you deploy v6, and then you undeploy v4 when you no longer need it 05:09 < Dagger> you don't have to do those two things at the same time 05:09 < mast> Does anyone ever get this problem in vmware 6.5, where after creating a VM, when you go in again to edit the sttings the ram limit shows up as -1048576, and everything else is blank? 05:10 < Quatermass> have you also asked in #vmware? 05:11 < dogbert2> The printer is a Lexmark MS415dn...cost $80 with rebate 05:11 < wrenny> yea I'm a noob to networking so, that's all greek to me... 05:12 < dogbert2> why implement IPv6 unless you have to :) 05:12 < wrenny> yes I know but... sooner or later I guess, just wanted to mess with it 05:12 < dogbert2> as long as my ISP hands me a IPv4 addr, I'll leave the home network at IPv4 :) 05:12 < wrenny> is it complex for the average home user? 05:13 < Dagger> dogbert2: useless question, because you do have to. the entire damn internet needs to do it 05:13 < Hackira> For the record, my config needed a ebtables rule. 05:13 < Hackira> Have a good one guys. 05:13 < SporkWitch> wrenny: on your router, set ipv6 to native, go to an ipv6 checker site, and if it DOES NOT say you're doing any kind of tunneling, then you're probably fine; if it says you're using tunneling, disable ipv6 again 05:13 < wrenny> and does the ISP have to be the first to start the process? 05:14 < dogbert2> Dagger...until my ISP forces IPv6 to my router, not much of a point 05:14 < Dagger> and no, it shouldn't be hard. most v6-supporting routers ought to just work out of the box on Comcast 05:14 < Dagger> (router will need DHCPv6-PD support) 05:14 < SporkWitch> Dagger: at least until comcast realizes they can do things intentionally wrong and force you to use their POS lol 05:14 < dogbert2> use Cox here 05:15 < Dagger> "keeping the internet functioning" seems like it'd be a bit of a point to me, but what do I know? 05:15 < wrenny> Comcast here, err (Xfinity) and beyoooond 05:16 < dogbert2> the internet has been working 30+ years with IPv4, and is slowly adopting IPv6 05:16 < wrenny> I'm using the Asus RT-AC56U 05:16 < SporkWitch> Dagger: they only have to do it "right" at the edge to talk to everyone else; doesn't stop them doing things "wrong" at the last mile to force you to use their garbage. We are talking about THE go-to example of why we need net neutrality legislation lol 05:17 < SporkWitch> wrenny: then it's EXACTLY what i said: go in, set ipv6 to native, go to an ipv6 checker site, and if it says you're using any kind of tunneling, set it back to disabled. If it doesn't mention tunneling, you're probably fine 05:17 < wrenny> then what 05:17 < Dagger> SporkWitch: but as far as I'm aware, that's not currently the case. it is just DHCPv6 for the WAN address and DHCPv6-PD for the prefix 05:17 < dogbert2> SporkWitch...the current a-hole in charge of the FCC is an example of how ****ed up things are :) 05:17 < SporkWitch> Dagger: like i said, UNTIL THEY REALIZE 05:18 < SporkWitch> Dagger: if they have complete support right now, that makes them one of VERY few in the US right now, it's a selling point. once support is a given, they no longer have an incentive to "just work," they can afford to screw people and try to force you to use their rented all-in-one shitboxes 05:19 < Dagger> other than Verizon, most major ISPs in the US do appear to be doing v6 in some form or another 05:19 < Fl4w1mm4n3nt> 10:16 PM the internet has been working 30+ years with IPv4, and is slowly adopting IPv6 05:19 < Fl4w1mm4n3nt> Lol 05:19 < Quatermass> 30+? haha young pup 05:20 < Fl4w1mm4n3nt> Maybe because more and more ip ranges are needed now that iot and whatnot are around? 05:20 < SporkWitch> Dagger: the problem is most of the implementations are BAD. TWC being a prime example (and the portions of Spectrum that used to be TWC). Which is exacerbated by their all-in-one box not actually disabling ipv6 when you disable ipv6 on it lol 05:20 < dogbert2> yeah, well, I was using the internet back in the early 80's via unix, telnet, ftp, gopher, archie, veronica, etc 05:20 < Johnjay> dogbert2: what did you think when gnu/linux became a thing? 05:21 < dogbert2> good way to have unix like systems at low/no cost :) 05:21 < SporkWitch> also, penguins rock 05:22 < Fl4w1mm4n3nt> ^ 05:22 < Fl4w1mm4n3nt> Lol 05:22 < dogbert2> true 05:22 < Fl4w1mm4n3nt> That was the main selling point to me. Saw a penguin, and was like, "yeah, I need that" 05:23 < Quatermass> Nothing much astounds me more than the arrogance of some folks on this network 05:23 < SporkWitch> you're easily impressed... 05:23 < Dagger> SporkWitch: but they're good enough that they work for... 35% or 45% of the US internet population, depending on which stats I look at 05:24 < dogbert2> well, the best invention lately is the RPi (or clones) 05:24 < SporkWitch> Dagger: i'd have to see methodology to get the numbers; i suspect your average user just eats the random slowdowns because of improper implementation. that extra 15 seconds to load images on grubhub? damn spyware (even when it's not) 05:25 < Dagger> SporkWitch: Google's measurements put the latency impact at 0ms in the US 05:25 < wrenny> ]I changed to IPv6 in router, checker site says the same.. just using ipv4 05:26 < Dagger> and at -40ms in Brazil, for a random comparison 05:26 < SporkWitch> Dagger: again, i'd be curious to see methodology. when it works it works, but even the ones that work don't ALWAYS work 05:26 < Dagger> (well... yeah. not random. I waved the mouse around until I found a big negative value) 05:26 < SporkWitch> Dagger: the 15s example was actually an understatement; remember my ipv6 experiment earlier today? 5 full minutes for the images to load on the first page of grubhub search results. disable ipv6? comes right up 05:27 < Dagger> I didn't see that 05:27 < SporkWitch> Dagger: you were here for the experiment, i think, but i didn't give specifics about how bad it was lol 05:27 < Dagger> but if I had to debug the problem without knowing anything else about it, I'd bet they don't have working path MTU discovery 05:28 < Peng_> I still use tunnelbroker.net. :T 05:28 < Fl4w1mm4n3nt> 5mins is horrible 05:28 < Peng_> How is 5 mins even possible 05:29 < SporkWitch> Dagger: entirely possible, but that's just one example. My most recent experience with post-Spectrum TWC was similar, with lots of drops. My previous experience was TWC in 2013 with just incredibly high packet loss, even spiking up to 100% loss for multiple minutes at a time, and then it works fine for 30 minutes. 05:30 < SporkWitch> Peng_: may have been closer to three, but it was no less than that. The colours and text and formatting loaded fine, but images weren't (so maybe a combination issue with that particular site: ipv6 on the main site, ipv6 on the CDN?) 05:30 < Dagger> is this grubhub.com? that site isn't even using v6 05:30 < SporkWitch> Dagger: grubhub.com, yep. okay, so there we're looking at failure of things to fail over to ipv4 05:31 < Dagger> unless their assets come from res.cloudinary.com (rather than, say, assets.grubhub.com) 05:31 < Dagger> I like how v6 somehow gets the blame for a problem that it's not involved in at all 05:31 < SporkWitch> didn't dig too deep, the impact was severe enough, and able to be tied to ipv6 vs no ipv6 05:32 < SporkWitch> Dagger: it gets the blame because enabling it results in the issue, disabling it clears it instantly 05:33 < SporkWitch> Dagger: shouldn't take long to see there's no AAAA and fail over to A, and yet... 05:33 < Peng_> Dagger: They do come from res.cloudinary.com, apparently. 05:33 < Dagger> okay, my bad, apparently they do load their images from res.cloudinary.com 05:33 < Peng_> Which is Akamai and does support IPv6. 05:33 < Fl4w1mm4n3nt> Twins 05:34 < Dagger> Peng_: as I was _just typing_. blah 05:34 < Dagger> Akamai have definitely had pMTUd problems in the past 05:34 < Dagger> for months and months, somehow 05:34 < SporkWitch> that would explain the symptoms, then: the ipv4 assets come up right away, the ipv6 take minutes 05:35 < Peng_> Dagger: Lovely. 05:35 < Peng_> One of America's only ISPs, one of the world's biggest CDNs, and nobody can IPv6 PMTUD!?!?! 05:35 < Peng_> If that's the issue. 05:36 < SporkWitch> Peng_: well i'm not on TWC/Spectrum now, todays example was with Greenlight Networks, a local fibre ISP that doesn't officially support ipv6 yet; i just thought i'd do some experimenting 05:36 < Peng_> Oh 05:36 < Dagger> IPv6alizer says pmtud-success though (but it might be seeing a different CDN node) 05:36 < SporkWitch> Peng_: TWC/Spectrum example was from about 6 months ago, previous pure-TWC example was 2013 05:43 < wrenny> SporkWitch: Do I have to have a static IP to use IPv6? 05:43 < SporkWitch> no 05:43 < da7niel> Question: does the Window Size field in TCP header account for the size of the TCP header, or only payload? 05:46 < wrenny> yea I changed in the router but IPv6 checker still says it only detects ipv4 05:47 < SporkWitch> set it to native? 05:47 < wrenny> in Win7 IPv6 shows installed 05:47 < SporkWitch> made sure ipv6 isn't disabled on your OS? 05:47 < wrenny> Native yea 05:48 < wrenny> properties in the local area connection but I guess I have to find ISP settings for the router? 05:48 < SporkWitch> shouldn't; if the ISP were set up right, setting it to native and enabling DHCPv6-PD should have been sufficient 05:50 < Dagger> you can check `ipconfig /all` to see if you're getting any v6 config on the client machine... but you also need to check what the router is getting, because nothing is going to work if the router itself isn't getting v6 05:51 < wrenny> hm looks ok now 05:51 < wrenny> toggles the setting again 05:52 < wrenny> now I wonder about all the devices on my network 05:54 < wrenny> wow and I though mac addresses were long and complex... 05:55 < Dagger> you can pick shorter addresses if you want 05:56 < Dagger> you can also put them in DNS. I have no idea what the v6 addresses of most of my servers are, yet I can connect to them over v6 just fine 05:57 < bleb> hey so i'm trying to set up my own router following this guide https://github.com/drduh/PC-Engines-Debian-Router-Guide i have a working access point which i can connect to, but it does't function as a router: i can only ping the apu2 which is broadcasting the access point 05:57 < Dagger> (if I *did* need to commit them to memory then I could arrange it so it was possible -- I know the IPs of my routers, for example. I just don't need to) 05:57 < bleb> this is after sysctl -w net.ipv4.ip_forward=1 05:57 < bleb> which i expected would make this forwarding work 05:57 < Peng_> www.sprint.net has a short IPv6 address though 05:58 < bleb> interestingly, i can ssh into the apu2 then ping the outside world (apu2 is connected to my isp router) 05:58 < bleb> so connectivity is fine; there is some configuration issue preventing the apu2 from acting as a router 05:58 < bleb> anyone have ideas for diagnostics? i am new at this networking stuff 06:01 < wrenny> Dagger: good to know thnx 06:02 < wrenny> so now even things like wifi to my cellphones on the same network are speaking IPv6 now or hows that work? 06:02 < Dagger> depends on the phone, but probably/hopefully 06:04 < wrenny> used Chrome Browser on my phone to the same checker. says supported 06:04 < wrenny> for the browser anyway 06:05 < wrenny> Plex server still works 06:05 < SporkWitch> re: DNS, Asus stock firmware will do local resolution, just set a local domain and you can use hostname.local (if you set the local domain as "local") 06:06 < wrenny> no idea if the change affects the printer? 06:06 < SporkWitch> if the device is set to use DHCP and supports ipv6, it should get ipv6 addresses 06:06 < Dagger> some printers will do v6 06:07 < wrenny> if not it defaults to v4? 06:07 < SporkWitch> yep 06:07 < Dagger> I'd bet that SLAAC support is more common than DHCPv6 support in printers, mind 06:07 < wrenny> k 06:07 < wrenny> no way to verify I guess 06:07 < wrenny> or see it 06:08 < SporkWitch> Dagger: the asus firmware defaults to stateless 06:08 < SporkWitch> Dagger: it uses DHCPv6-PD for WAN 06:08 < wrenny> stateless yea 06:08 < Dagger> PD for the WAN sure, but the LAN side will be using SLAAC and may also have DHCPv6 available 06:09 < Dagger> it's just that I'd bet most v6-supporting printers do SLAAC and don't do DHCPv6 06:09 < SporkWitch> wrenny: SLAAC refers to StateLess Automatic Address Configuration 06:09 < wrenny> yup 06:09 < wrenny> default here 06:09 < SporkWitch> was just making sure you didn't think it was referring to something else :) 06:10 < SporkWitch> i know the defaults, because i have an AC-3100 and an RT-N66R in my network :) 06:10 < wrenny> heh ok 06:11 < SporkWitch> asus hit the market running; i can't say that i'd even look at anything else for SOHO at this point. The only step up is enterprise hardware 06:11 < wrenny> love my Asus 06:12 < SporkWitch> well, except maybe if you need POE; there's some SOHO POE stuff out there, but none from Asus i know of 06:14 < wrenny> I need to try this AiCloud 06:14 < SporkWitch> in the past there have been some security issues with it, but i believe those have since been resolved; i've never messed with it much. i use plex to stream my media 06:15 < wrenny> Yea it has a remote feature too 06:15 < wrenny> I use at home 06:15 < SporkWitch> i am tempted to try out the aimesh stuff, but need to get a decent length GBE-rated cable first to give it a point 06:15 < wrenny> subscription tho 06:15 < SporkWitch> it requires a subscription now? O.o 06:16 < SporkWitch> or you mean plex? 06:16 < wrenny> for remote 06:16 < wrenny> yea 06:16 < wrenny> home streaming is free with nags 06:16 < SporkWitch> subscription for plex is only needed for mobile devices, not browser / ps4 06:16 < SporkWitch> in any case, just buy the lifetime pass, it's more than worth it 06:17 < wrenny> I'm just pissed they won't include a feature that lets you fit to screen 06:17 < SporkWitch> ?? 06:17 < wrenny> for movies 06:17 < wrenny> fill screen, get rid of black bars in movies 06:17 < SporkWitch> ummm, it does fit to screen... especially if you click the full-screen button... 06:17 < wrenny> where 06:17 < SporkWitch> OH! i suspect that's a very rarely requested feature 06:17 < wrenny> no 06:18 < wrenny> even youtube does it 06:18 < SporkWitch> chop off part of the video to get rid of bars? O.o 06:18 < wrenny> and even my 9 yr old dvd player does it 06:18 < Quatermass> wrenny: I don't think anyone here is going to help you pirate movies/tv shows... 06:18 < SporkWitch> Quatermass: that's not what he's asking 06:18 < Quatermass> Best you move n to a ##networking topic if you have one. 06:18 < wrenny> na I'm just rambling 06:19 < Quatermass> That's for your blog, not ##networking.\ 06:19 < wrenny> plex IS part of networking..that's what we're chatting about 06:19 < SporkWitch> wrenny: it's not, but ignore him; this channel has never cared about offtopic unless it disrupts topical discussion 06:19 < Quatermass> Also the enter key is NOT punctuation. Less enter, more on-topic conversation. 06:20 < Quatermass> wrenny: Being registered for 9+ years you ought to know better... 06:20 < wrenny> Christ, Chill 06:20 < SporkWitch> wrenny: ignore him 06:21 < wrenny> OP? 06:21 < SporkWitch> nope 06:21 < wrenny> and I rarely even chat in #networking 06:21 < SporkWitch> wrenny: again, don't worry about it, you're fine and did nothing wrong 06:21 < Quatermass> It's ##networking, and piracy in general is off topic on the network 06:22 < SporkWitch> no piracy has been discussed, as you're well aware 06:22 < wrenny> Quatermass: why do you accuse me of pirating? 06:22 < Fl4w1mm4n3nt> When did quartermass lose his op? 06:22 < SporkWitch> wrenny: because he's trolling you, and discussion of any kind of video streaming is automatically piracy in some people's eyes 06:22 < wrenny> Plex is a legit streaming tool, FOOL 06:23 < Quatermass> I was never an op. Smarten p Fl4w1mm4n3nt 06:23 < Quatermass> up* 06:23 < SporkWitch> wrenny: don't sink to his level, mate 06:23 < SporkWitch> wrenny: you've given him exactly what he wanted: you bit the bait and got driven off track 06:23 < wrenny> *ignored 06:23 < Quatermass> Folks who go out of their way to discuss piracy put the network at risk. Simple as that. 06:24 < SporkWitch> by that definition, you are putting the network at risk, because you are the only person to bring up piracy 06:24 < wrenny> hah 06:24 < Quatermass> LOL registered for 20 hours. Yeah, move along Fl4w1mm4n3nt 06:24 < wrenny> ok 06:24 < wrenny> pfft 06:24 < Fl4w1mm4n3nt> I thought he banned me once. Now I remember he's just a bitter bitxh 06:24 < wrenny> thought he was not an OP? 06:24 < Fl4w1mm4n3nt> Quatermass: 17th account. Been here ages. Move along 06:25 < SporkWitch> wrenny: in any case, plex, by default, will fit the screen, with bars. Fullscreen will do the same. It does not have an option to crop the video to eliminate bars (and wouldn't necesarily be able to, if the file itself includes the bars as part of the video), and is unlikely to get it, as most videophiles would rather have the full image than pan-and-scan (or worse, literally chopping the sides 06:26 < SporkWitch> off, as automated tools to get rid of bars do) 06:27 < wrenny> well like with VLC and MPC-HC you can crop easily. I know all the opinions on cropping but thats whats keeping me from buying Plex 06:27 < SporkWitch> Fl4w1mm4n3nt: nope; he's sutekh, and so far as my memory serves, he's not an op. If he were and he actually believed piracy were being discussed, we'd see a +o long before this point 06:27 < SporkWitch> wrenny: fair enough, but i wouldn't hold your breath waiting for it; the overwhelming majority have no interest in it lol 06:27 < wrenny> I have huge TVs and want to fill the realistaste 06:27 < wrenny> Realistate 06:28 < SporkWitch> wrenny: if you have huge TVs, then the bars are even less of an issue lol 06:28 < SporkWitch> only time i ever complained about letterbox was on tiny screens that made the screen effectively tinier lol 06:28 < wrenny> but yea I hate empty space and could care less if I cut a bit off gthe sides to do it, it's been a feature of media player for years 06:28 < wrenny> fill screen 06:29 * SporkWitch shrugs 06:29 < wrenny> all my PC media players have the feature so someone must be using it 06:30 < SporkWitch> just sayin', it's not a feature with much demand, it doesn't surprise me that it's not offered 06:30 < wrenny> so I have no problem filling the screen on movies if I watch them on the HTPC, which is connected to a 4K 55" TV 06:31 < wrenny> just want the feature when streaming to the TV downstairs 06:31 < wrenny> but yea they may never add the feature but I've seen also many requests for it in their forums 06:31 < wrenny> we'll see 06:33 < Fl4w1mm4n3nt> This sounds like piracy 06:33 < Fl4w1mm4n3nt> Lol 06:33 < SporkWitch> Fl4w1mm4n3nt: i know, right? if you stream a video it MUST be piracy! there's of course no means whatever of having LEGAL video content lol 06:34 < Fl4w1mm4n3nt> Netflix is a piracy Corp. Everyone knows this 06:34 * SporkWitch frantically deletes all that incriminating footage he shot himself, made legal backups of, captured gameplay footage, items under copyleft licenses... 06:35 < Fl4w1mm4n3nt> Full wipe down time 06:35 < SporkWitch> Fl4w1mm4n3nt: well there is the Disney v Redbox case lol; they're trying to argue that the digital copy codes in the box copies aren't covered under first-sale doctrine 06:36 < Quatermass> lol. The rage of the young and ignorant. 06:36 < Fl4w1mm4n3nt> SporkWitch: didn't know about that. He ridiculous 06:36 < SporkWitch> Fl4w1mm4n3nt: redbox has been using them to get around the fact that disney doesn't want to license them directly as an anticompetitive measure to protect their first-party offerings. They'd stop them renting physical copies too, if it weren't for first-sale 06:36 < Fl4w1mm4n3nt> *how 06:37 < Quatermass> Fl4w1mm4n3nt: Why don't you go ahead and write another Hacker Manifesto. Be a big name in the community. 06:37 < SporkWitch> Fl4w1mm4n3nt: well it's actually an interesting case; it doesn't have clear law or precedent one way or the other; leonard french (legal masses cast on youtube) has been covering it 06:38 < Fl4w1mm4n3nt> I like Disney because for where they took marvel, other than that, they suck 06:39 < Fl4w1mm4n3nt> *scratch out "because" 06:39 < SporkWitch> Fl4w1mm4n3nt: even that's starting to get a bit bland; the damage to star wars is unforgivable. Maybe the goal was the make the prequels not look like shit? lol 06:40 < Fl4w1mm4n3nt> SporkWitch: you're right lol. I forgot it started there 06:40 < SporkWitch> hardly, the new star wars are just particularly egregious examples lol 06:41 < Quatermass> Fl4w1mm4n3nt: Why don't you tell everyone everything you know about the Infocalypse 06:42 < Quatermass> 06:43 < Fl4w1mm4n3nt> Quatermass: how'd you know I wrote "The Conscious of a Hacker"? 06:44 < SporkWitch> catphish: can we get some troll spray? 06:44 < Fl4w1mm4n3nt> Infoacalypse? Nah, grey death scenario all the way 06:44 < Fl4w1mm4n3nt> Lol 06:45 < SporkWitch> Fl4w1mm4n3nt: https://www.xkcd.com/865/ 06:46 < Fl4w1mm4n3nt> SporkWitch: do you think he's only angry because his *cough* is at a quarter mast. Always 06:46 < SporkWitch> Fl4w1mm4n3nt: i reserve overt mockery for stupidity, not sub-par trolling 06:47 < Fl4w1mm4n3nt> Fair enough. 06:47 < Fl4w1mm4n3nt> I shall not sink 07:13 < Fl4w1mm4n3nt> SporkWitch: just saw your little comic btw lol (I was eating, sorry for the delay) 07:17 < mast> Does anyone ever get this problem in vmware 6.5, where after creating a VM, when you go in again to edit the sttings the ram limit shows up as -1048576, and everything else is blank? 07:18 < SporkWitch> mast: as previously instructed, ask #vmware 07:18 < mast> As previously tried, no answer 07:18 < SporkWitch> doesn't mean to but us again 07:18 < SporkWitch> s/but/bug/ 07:20 < mast> You're right. The channel is very busy right now so I should avoid doing that 07:21 < SporkWitch> which makes your bugging us again even more stupid: when it WAS active no one knew and you were told to ask in the RIGHT place, what makes you think when it's DEAD you'll miraculously get an answer in a channel with literally NOTHING to do with the software or type of issue? 07:25 < mast> Seemed worth trying. Worst thing I figured could happen would be that I'd get yelled at by a very important person. 07:30 < adamz> Hey everyone. I have a IP camera connected over wifi that cycles between reachable and not. I can ping it for about 10 seconds before it becomes unreachable for about 30-40 seconds, after wich it becomes reachable again for about 10. Rinse and repeat. Watching the ARP cache i see the cam's entry switch from DELAY->PROBE->INCOMPLETE. 07:30 < adamz> Wireshark shows constant ARP requests from my server looking for the camera. 07:31 < adamz> I have other cameras of the same make/model on the same wifi network that work reliably. 07:32 < adamz> Any suggestions on how to debug this further? 07:36 < light> adamz: move it closer to the AP to test 07:37 < adamz> Woops. Forgot to mention that. I moved the cam right next to the AP 07:37 < SporkWitch> funnily, too close can also be an issue sometimes lol 07:37 < adamz> the AP (a Unifi) shows good signal strength 07:37 < light> isolate it by removing all other devices 07:37 < light> or use a different ap 07:37 < adamz> hm. i might try that 07:38 < SporkWitch> also see if the camera itself has any log info you can pull 07:38 < adamz> regretably it doesn't offer much in the way of a syslog. I was hoping for ssh/telnet access but it doesn't provide that 07:39 < SporkWitch> w/e application or web interface you use to access it may have something (or it might not; i love polycoms because they have good logs, i hate most ATAs because they don't) 07:40 < adamz> it has a log section, but its pretty much empty. No option to increase the verbosity either 07:40 < adamz> i guess thats what i get for buying $30 cameras :P 07:43 < SporkWitch> heh 07:43 < adamz> and looking at the AP logs, i can't see it associating/disassociating with the AP continuously. If I manually toggle wifi on the camera (via the ethernet interface) i can see it reassociate with the AP. 07:43 < SporkWitch> already tried searching with a string including the camera model and the issue? 07:44 < adamz> yep. nothing much 07:44 < adamz> i even tried factory reset of the camera 07:44 < SporkWitch> you have multiple of this model and only one is affected? 07:45 < adamz> yep 07:45 < adamz> 5 of them. only one is doing it 07:45 < adamz> started about a week ago 07:45 < adamz> im starting to think h/w failure 07:46 < SporkWitch> if it persisted through a factory reset, and taking down one of the others (e.g. "crowding" issue), you're probably looking at a hardware issue 07:46 < adamz> i really wish i could see its kernel/syslog 07:47 < adamz> might see if there is new firmware for it 07:56 < adamz> huh. well how about that, reinstalling the firmware (no new version) "seems" to have fixed it 07:57 < adamz> maybe it was runing crypto mining software -- tho, its on a wifi network that doesn't have internet access 08:28 < applegal> hi does anyone know why my internet loss connection after system sleep and woke up? when ping google getting 75% loss, problem resolved when I restart my modem 08:31 < light> maybe while your machine was asleep another computer was assigned the IP address you were using causing a conflict 08:32 < Quatermass> if your OS is apple based who knows what it does to the interfaces (such as network interface(s)) while it's asleep 08:33 < Quatermass> Sounds like an apple thing best you contact them and ask 08:34 < applegal> Im using windows 7.. I dont have this issue when using my router with this modem... but I decided to go without using router 08:34 < SporkWitch> applegal: ignore him, he's been trolling all night. Depending on the type of sleep, there may have been some lag between the computer coming back up, and the interface reestablishing connection, especially if wifi 08:35 < SporkWitch> applegal: what do you mean by "not using" your router? O.o 08:36 < applegal> means I kept the router away and connect cat 5 from my pc to the modem 08:37 < SporkWitch> applegal: you removed the router and you're connecting directly to the cable/dsl/fibre modem? If so, that likely answers it right there. The modem doesn't get an IP itself, it just translates transmission media (simplification). When the computer comes back up, it needs to wait on the ISP to give it a new address, after re-verifying the MAC on the modem to see if you're allowed an IP. It's not 08:37 < SporkWitch> an issue with your router, because the router doesn't give up the public IP when your laptop sleeps 08:37 < applegal> OHHHHHHHHHHH that explains why 08:38 < applegal> is there any workaround for this situation? 08:38 < SporkWitch> applegal: yup, meanwhile your PC assumes the IP it had was still good, so it starts transmitting anyway, rather than saying no connection. If it had actually shut down, it likely would just refuse to try to ping until it's sorted. 08:39 < SporkWitch> yeah, use the router lol 08:40 < applegal> what about setting static IP? 08:40 < SporkWitch> wouldn't do any good unless the ISP is issuing you a static IP, and even then i'm not sure it would resolve the issue 08:41 < SporkWitch> a static IP would definitely ensure you would NOT get a "no connection" message, though, because as far as the computer is concerned it has the addressing information it needs in order to send 08:42 < applegal> thanks for the help! 08:43 < SporkWitch> np 09:01 < hetii> hi ;) 09:07 < Fl4w1mm4n3nt> I've spent about a year (haphazardly) learning everything I can to create my own cloud based AI. Now I find out Mycroft has a pi image, and it's basically everything I wanted. Now I feel shorted that I'm just customizing PiCroft for my own needs instead of building my own 09:09 < SporkWitch> Fl4w1mm4n3nt: gotta be fast :P 09:11 < Fl4w1mm4n3nt> SporkWitch: yeah, this always happens with my ideas lol. I shoulda got on it more 5 yrs ago when I had the idea. 09:11 < Quatermass> Why are you blogging this here 09:12 < SporkWitch> Fl4w1mm4n3nt: when will september end? :'( 09:12 < Quatermass> Fl4w1mm4n3nt: If you have a ##networking question please ask it. Otherwise post your personal thoughts on your blog 09:14 < Fl4w1mm4n3nt> Eh, it's not too late, mycroft has a lot of great stuff, but it's still mostly geared towards being a digital assistant and home automation system. So maybe I'll just build off it for a rough draft of my own 09:15 < Fl4w1mm4n3nt> Quatermass: i need an encrypted IPv6 network using public-key cryptography for address allocation and a distributed hash table for routing. Any ideas? 09:15 < Quatermass> Fl4w1mm4n3nt: Your blog should be hosted off your own website and/or some third party site like blogspot. Not freenode. Please learn and understant these facts. 09:15 < SporkWitch> Fl4w1mm4n3nt: something to be said for breaking from google; not gonna lie, i do love my google home, but there are definitely issues. I'm less worried about hte privacy implications, though, compared to financially supporting a company taking an ideological position against subsets of their own users 09:16 < Quatermass> Fl4w1mm4n3nt: Again, if you have a ##networking question please ask it. If not please post to your blog. 09:16 < Quatermass> Fl4w1mm4n3nt: Also make copious use of the SEARCH ENGINE. 09:16 < Quatermass> *of your choice 09:17 < Quatermass> Fl4w1mm4n3nt: Since you a NEW here you need to learn 09:18 < Fl4w1mm4n3nt> SporkWitch: privacy is my major concern of mine for my project (one of the main reasons I settled temporarily with mycroft) 09:19 < Fl4w1mm4n3nt> Privacy on the interwebs is network talk 09:19 < Quatermass> Fl4w1mm4n3nt: No, it is ##security talk. Take it there. 09:20 < SporkWitch> Fl4w1mm4n3nt: thing is, most stuff is just prohibitively difficult to actually protect, and it's probably in a DB somewhere anyway. in terms of privacy, companies like google at least don't sell it on to third parties directly, but rather make you available to third parties; contrast with something like facebook which actually does sell your data outright 09:20 < Quatermass> Even though it is made up for effect. They are more equipped to deal with it. 09:20 < SporkWitch> Fl4w1mm4n3nt: a private company that only hands it over with a court order is about the best one can hope for these days, without going to full-blown tinfoil degrees of paranoid and usability-impacting measures 09:22 < Fl4w1mm4n3nt> Quatermass: wdym "made up for the effect"? 09:22 < SporkWitch> Fl4w1mm4n3nt: don't feed it 09:24 < Fl4w1mm4n3nt> It was in my dm 09:24 < SporkWitch> ?? 09:24 < linux_probe> derp mind 09:25 < Fl4w1mm4n3nt> He jumped in my direct messages for some reason. Guess he thought it'd make him doubly effective 09:27 < SporkWitch> Fl4w1mm4n3nt: +g is your friend 09:28 < Fl4w1mm4n3nt> I need to learn these irc commands lol 09:28 < Fl4w1mm4n3nt> Now I know 2. + g, and /me 09:28 < Quatermass> It would seem there is a great deal you need to learn. "lol" 09:28 < SporkWitch> Fl4w1mm4n3nt: https://freenode.net/kb/answer/usermodes 09:28 < noorul[m]> Is it good practice to use subnet mask for better security ? 09:29 < SporkWitch> noorul[m]: that is a nonsensical query 09:29 < SporkWitch> noorul[m]: https://www.iplocation.net/subnet-mask 09:31 < noorul[m]> SporkWitch: Hey, I keep reading about subnet mask and I am not picking fast. 09:31 < noorul[m]> Kind of lack interest in networking. I am looking into network options to boost security. 09:32 < Fl4w1mm4n3nt> Sounds like a ##security query 09:32 < Quatermass> lol, forever unoriginal 09:32 < andraw> how can one theoretically unmask VPN users' IP addresses? 09:32 < SporkWitch> that actually IS a security query, noorul[m], but in short, subnetting has nothing to do with security 09:33 < andraw> is it getting users to connect without vpn? 09:33 < SporkWitch> andraw: without access to the endpoints themselves, monitoring them and doing traffic analysis 09:35 < andraw> I see 09:35 < noorul[m]> Good to know. I have started reading about networking just recently. All I have been plug and play :) 09:35 < noorul[m]> https://security.stackexchange.com/questions/33146/do-different-subnet-masks-on-home-network-provide-any-security 09:35 < noorul[m]> After coming across this, I wanted to give focus on subnet mask 09:36 < Quatermass> Ah excellent, glad the resident DUI felon chris (aka linux_probe) is sober enough to grace us with his presence... 09:36 < Johnjay> someone just asked why his pi zero doesn't connect to 5 ghz band wifi 09:37 < Johnjay> i feel like it would take a lot of power to do ac band... 09:37 < SporkWitch> noorul[m]: what that's talking about is isolating networks so they cannot communicate between each other; that has less to do with subnetting than with routing: without a route, you can't talk to a network 09:37 < SporkWitch> 5Ghz != AC 09:37 < Fl4w1mm4n3nt> Just a dui felon? Weak rap sheet bro 09:38 < SporkWitch> catphish: please wake up, this is getting fucking ridiculous 09:38 < linux_probe> hurr hurr 09:38 < Fl4w1mm4n3nt> Who's catphish 09:38 < SporkWitch> Fl4w1mm4n3nt: the most active op 09:38 < Fl4w1mm4n3nt> Ah 09:38 < linux_probe> I like to drink and raise hell, but no DUI or felonies 09:38 < noorul[m]> oh. I see 09:39 < xingu> damn, I was gonna ask if you were interested in a driving side gig, I need a chauffeur for a couple of days 09:40 < SporkWitch> noorul[m]: realistically, you're probably approaching things in the wrong order. the first step in security is building a threat model. what are you worried about? who's after you? what are the costs if a given type of compromise occurs? 09:42 < SporkWitch> noorul[m]: once you have the answers to those questions, THEN you can start evaluating what makes sense in terms of securing your systems. Slapped-together example: we lock our doors because the cost (money and inconvenience) is negligible, it is effective against casual threats (random trying to get in), so there's no reason not to. Meanwhile, adding 5 additional locks to the door is probably 09:42 < andraw> SporkWitch: I'm behind a VPN now, can anyone know my real IP through IRC? 09:42 < SporkWitch> an unnecessary monetary and accessibilty cost, unless you either have targeted threats against you, or are in a particularly bad area. 09:42 < SporkWitch> andraw: asked and answered 09:43 < noorul[m]> Yes. Very much in wrong order. On sudden, I was push networking side role recently and I am really going crazy to grasp all about it. No backend support and time is limited which is why I cant take deep understanding of networking or network security 09:44 < andraw> I mean are there any special defences I need to employ on IRC to mask my real ip? 09:44 < SporkWitch> noorul[m]: security is definitely something to have in the forefront while you're learning networking, systems administration, and even programming, but at the same time, you have to at least understand the fundamentals to be able to START thinking about security in those contexts. And at the end, when it comes down to figuring out what you should do for your setup, the first step is building 09:44 < SporkWitch> that threat model 09:45 < noorul[m]> SporkWitch: i am really at initial stage. Trying to 2 switch for IP cameras/nvr and home server 09:45 < Quatermass> andraw: Indeed. Use TOR or some VPN 09:45 < SporkWitch> andraw: your real IP is already masked because you're using a VPN; this is not a perfect protection, as i already explained earlier 09:46 < SporkWitch> noorul[m]: no disrespect intended, this is probably a bit above your level, but a brief skim of the first page makes me feel like it's probably at least a decent introduction to the concepts i'm trying to explain https://securityintelligence.com/threat-modeling-in-the-enterprise-part-1-understanding-the-basics/ 09:47 < andraw> ok, thank you 09:47 < andraw> I just want to know how you networking guys use IRC safely, that's all 09:48 < xingu> with our eyes shut mostly. 09:48 < Fl4w1mm4n3nt> Lol 09:48 < Quatermass> might want to also ask in ##security. When it comes to security, they're full of it 09:49 * Fl4w1mm4n3nt blatantly obnoxious eyeroll 09:49 < SporkWitch> andraw: the only thing you could do to make it marginally more difficult is to go to #freenode and request a cloak; otherwise, you have been answered repeatedly. your query is overly broad, and while quater is an overt and dedicated (while impressively low-quality) troll, he's actually right in that it's a better query for ##security 09:49 < Quatermass> How...childish. 09:52 < noorul[m]> SporkWitch: no problem. I have taking notes and bookmarking the links. 09:52 < noorul[m]> if I could last long for next 2 weeks in networking, I will resume reading all these. I will be get relieved soon probably. 09:52 < noorul[m]> I am basically security concern for my personal activities. 09:53 < SporkWitch> noorul[m]: think we're running up against a translation issue there, heh; had a hard time parsing that. 09:53 < noorul[m]> SporkWitch: Agreed 09:54 < SporkWitch> sprecht du deustch? 09:54 < noorul[m]> SporkWitch: pardon me 09:54 < SporkWitch> *deutsch 09:54 < noorul[m]> I am better in English 09:55 < SporkWitch> my technical german is far from great myself, but if german was better for you, there are excellent articles in german on the topics as well; there's an impressive computer security community in germany 09:55 < SporkWitch> why i asked 09:57 < noorul[m]> SporkWitch: Its ok. I appreciate your effort. My head is spinning with already unknown terms and tech. 09:57 < noorul[m]> Please allow me to take in slow pace 09:57 < Fl4w1mm4n3nt> Where's the Chinese community? That'd be the place to learn 09:57 < SporkWitch> hehe 09:57 < SporkWitch> aren't they all government employees? :P 09:57 < Quatermass> Fl4w1mm4n3nt: Off topic for ##networking 10:00 < Fl4w1mm4n3nt> Yes. Yes they are. 10:01 < Quatermass> Sigh. The Entitled Generation. 10:02 < Fl4w1mm4n3nt> Sigh, the "Imma cranky old man, Mildred, grab the binocular so I can see if the neighbor picks up after his dog" generation 10:02 < SporkWitch> Fl4w1mm4n3nt: stop feeding it 10:03 < Fl4w1mm4n3nt> Ok ok I'm done 10:18 < conjunctivitis> does anyone know on linux how to set permissions for nm-applet so it works with openvpn? i can currently connect successfully to my vpn with nm-applet, but cannot subsequently access the internet (can't ping 8.8.8.8) 10:18 < conjunctivitis> if i launch from command line the connection fails as a regular user, but using sudo it works properly 10:18 < conjunctivitis> launching nm-applet as sudo doesn't help. 10:23 < SporkWitch> conjunctivitis: are you also running the vpn server? if so, you probably don't have forwarding on that host configured correctly 10:24 < conjunctivitis> SporkWitch, no i am using a paid vpn service with servers throughout the world 10:24 < detha> SporkWitch: contradicts the "but using sudo it works properly" part 10:25 < SporkWitch> missed that part, detha 10:25 < GotShrekt> hello mates 10:25 < GotShrekt> is this a networking only irc ? 10:25 < SporkWitch> next question is WHAT is he running with sudo that makes it work 10:25 < GotShrekt> oh so it's a linux networking irc! 10:26 < GotShrekt> anyway.Does anyone know why NetworkManager reverts my spoofed mac address 10:26 < SporkWitch> GotShrekt: it's networking in general 10:27 < SporkWitch> GotShrekt: that's more specific to that application itself; his original query was a networking question 10:27 < SporkWitch> GotShrekt: you don't have a network issue, you have an application issue 10:31 < conjunctivitis> SporkWitch, the command i am using to make it work is 'sudo openvpn --config /path/to/config' 10:31 < conjunctivitis> if i execute the command as a regular user it fails with the following error: ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1) 10:32 < conjunctivitis> is there a way to launch nm-applet such that it gives me detailed output in the terminal? 10:32 < SporkWitch> conjunctivitis: gotcha, i know the issue you're PROBABLY running into, and that's that the openvpn support in openvpn has some issue importing the config file properly. I don't recall how i resolved it off the top of my head, unfortunately, but you might be able to find support in #kde 10:33 < GotShrekt> anyone know the irc for anything like xfce ? 10:33 < Fl4w1mm4n3nt> GotShrekt: use /alis 10:34 < GotShrekt> thanks for your help 10:34 < conjunctivitis> SporkWitch, thanks, i'll try asking there then 10:35 < SporkWitch> conjunctivitis: openvpn support in networkmanager, i meant, but i assume you figured that out 10:35 < conjunctivitis> yes 10:36 < conjunctivitis> SporkWitch, its strange because the previous version of the same os had a permissions problem, but once i resolved that by adding my user to some groups it worked perfectly. seems like some update broke it. 10:36 < Fl4w1mm4n3nt> conjunctivitis: well, I was just going to suggest adding the user to group...nvm 10:37 < conjunctivitis> i'll try that 10:37 < conjunctivitis> i just checked and actually both computers are running the same versions of openvpn, network manager openvpn etc 10:37 < Fl4w1mm4n3nt> But you said you've already done that? 10:37 < SporkWitch> also possible; i know there were issues with importing the openvpn config file in the past using the netman gui interface, but it's been a while since i messed with it, so i don't recall what all i did to fix it and make it all work 10:38 < conjunctivitis> SporkWitch, nvm doesn't exist on my computer 10:38 < conjunctivitis> (os is based on debian stretch) 10:41 < conjunctivitis> Fl4w1mm4n3nt, nvm doesn't exist on my computer, it's based on debian stretch 10:41 < conjunctivitis> guys i have to run now, i'll leave the chat up and check in later, if you get any other ideas please write me in a dialog window. thanks for your help! 10:56 < azonenberg> http://thanatos.virtual.antikernel.net/unlisted/latentred-05.png 10:56 < azonenberg> http://thanatos.virtual.antikernel.net/unlisted/latentred-06.png 10:57 < azonenberg> 8-port 10/100/1000 base-T line card is taking shape, slowly 11:03 * catphish just woke up 11:04 * azonenberg places catphish back in the TCP stream and watches him swim around 11:18 < SporkWitch> catphish: sorry to piss in your cheerios first thing after waking, but if you could look over Quatermass's "contributions" over the past several hours, it's been some impressively dedicated and disruptive trolling, if the typical low quality of today's trolls 11:19 < SporkWitch> including outright personal attacks and accusation of felonies out of nowhere 11:31 < Apachez> me learning graphviz https://i.imgur.com/tnsldNZ.gif 11:37 <+catphish> SporkWitch: yeah, i read it :( 11:43 < SporkWitch> catphish: tell me to shut up if i'm wrong, but it warranted op action 11:44 < Fl4w1mm4n3nt> Hit him with the ban hammer. He took to personal attacks in my inbox when I attempted to ignore here in channel 11:44 < SporkWitch> Fl4w1mm4n3nt: like i said, for that, +g is your friend 11:45 < Fl4w1mm4n3nt> True, but all the same. And I didn't know about that when it started 12:23 < mint> can someone explain to me why from time to time Ubuntu (Mint) can't see 3G/4G USB-modem? 13:08 < bonhoeffer> on my local network by google wifi, i can't seem to ping anything 13:15 < bonhoeffer> i'm trying to change my wireless printer and can't connect to the local ip 13:17 < djph> bonhoeffer: is your PC (or the printer) on the right subnet? 13:18 < bonhoeffer> no, no it isn't crap -- sorry 13:18 < djph> easy fix then, yeah :) 14:31 < mawk> I'm recoding openvpn 14:31 < mawk> because it's fun 15:16 < Arpanet69> hey guys looking for a router with backup 4g capabilities... is this a router that can support a 4g dongle over its usb port? https://mikrotik.com/product/RB750UPr2#fndtn-specifications 15:16 < djph> no idea 15:17 < djph> I'd honestly go with a cradlepoint 4G modem ... 15:17 < rocketsurgeon> anybody else notice sometimes the internet is faster if you use a VPN over a shitty router? 15:18 < light> no 15:18 < Arpanet69> djph, thanks for the tip but thats a pricy one then i rather go for a sonicwall tz300 15:18 < Arpanet69> mikrotik is like 60 bucks 15:19 < detha> Arpanet69: technically yes. However given a random 3G/4G modem you have a 50/50 chance of tik supporting it. 15:21 < Arpanet69> detha thanks ....some list of supported 4g dongles should be somewhere 15:23 < detha> Arpanet69: best bet is to go through the release notes and look for 'support for X USB modem added'. Or ask in their forums. 15:23 < djph> Arpanet69: your choice to go for a sonicfail. 15:23 < djph> or what detha said 15:28 < Arpanet69> thanks guys! 15:29 < dogbert2> hey djph 15:29 < djph> 'sup dogbert2 15:47 < dogbert2> well, looks like my libre computer is kaput...won't boot back up... 15:47 < dogbert2> and I don't have a UART serial cable (3-4 pin) to get a console reading on it 15:51 < Apachez> shame on you 16:01 < dogbert2> re-flashed the microSD...working again (strange) 16:02 < dogbert2> yeah, I need to order one of those, any recommendations on that, Apache? 16:02 < rocketsurgeon> 9/11? 16:02 < rocketsurgeon> Apachez sorry about that 16:02 < rocketsurgeon> who are you referring to? 16:09 < ibanja> I have a linux server running dokuwiki. I just updated a page and it shows the update from within the lan, but when I access it from the wan side of my router from my android (port forwarding on the router) it doesn't show the update even if I refresh the page. Any ideas where this is breaking down? I am thinking a cache somewhere. 16:10 < ibanja> don't know if it's relevant, but I just installed openvpn on the router. 16:11 < ibanja> accessing with a vpn or directly with vpn turned off (on client android, on router, or both) makes no difference 16:13 < Apachez> you probably have some broken cache somewhere 16:13 < Apachez> either at your isp or at your server 16:17 < ibanja> thanks, but I think I just figured it out. 16:18 < ibanja> I have a proxy-pass set up and it is directing an incoming https://server1 to http://server2... 16:19 < ibanja> but because server two is not ssl it is using the old dokuwiki on server1 16:19 < ibanja> I think that is what is happening... I will set up the server2 for ssl and find out. 16:19 < ibanja> thanks for the response. 16:21 < Apachez> np 16:21 < Apachez> while you are at it verify the http headers being used 16:24 < rocketsurgeon> Apachez shame on who for what? 16:28 < Apachez> well, looks like my libre computer is kaput...won't boot back up... 16:28 < Apachez> and I don't have a UART serial cable (3-4 pin) to get a console reading on it 16:28 < Apachez> shame on you 16:28 < Apachez> go figure... 16:28 < rocketsurgeon> lol for what? 16:29 < dogbert2> heh, Apace :P 16:29 < dogbert2> Apachez, even :) 16:29 < Apachez> hi dog 16:31 < rocketsurgeon> shame on you Apachez 16:32 < rocketsurgeon> gaslighter 16:32 < rocketsurgeon> i would never gaslight anyone for any reason, and I never will 16:32 < rocketsurgeon> shame on you 16:34 < dogbert2> LOL 16:39 < rocketsurgeon> Apachez shame on who for what? 16:40 < Apachez> rocketsurgeon: I already explained, try google translate if you dont understand 16:41 < rocketsurgeon> i understand who should be ashamed 16:42 < Apachez> no you dont since its like 2nd or 3rd time you ask 16:42 < mawk> I want to filter a container that is plugged in on a bridge 16:42 < mawk> the first thing I tried was to prevent bridging by using the BROUTING chain with ebtables 16:42 < AndroUser> Hi. Is there a way to find out the IP of the DSLAM that my VDSL router is connected to, considering that the DSLAM operates on layer 2. Basically I want to know the DSLAMs management subnet IP 16:42 < mawk> but I don't really know how to use it 16:43 < mawk> I just put -j DROP to force routing, but in my iptables I see nothing related to that bridge port 16:44 < Apachez> you need ebtables for bridges 16:44 < rocketsurgeon> Apachez? 16:44 < rocketsurgeon> huh, wut 16:45 < BitShack> Hello 16:45 < Apachez> hi 16:45 < skyroveRR> There's a program called "ebtables" for managing bridges, that's what Apachez is telling you. 16:45 < skyroveRR> rocketsurgeon: ^ 16:45 < rocketsurgeon> i understand metaphore, but that doesn't help me 16:45 < BitShack> I have a network bridge/router that I am trying to configure so that devices connected to it will be assigned an IP address by the main router 16:45 < Ruflexo> Hey guys, I have a networking problem 16:46 < rocketsurgeon> I'm sure the homeless guy shitting his brains out against concrete under a bridge is rich metaphorically 16:46 < rocketsurgeon> but I am not interested in that 16:46 < rocketsurgeon> and shame on you assholes for trying to sell that to me 16:46 < rocketsurgeon> bullshit liars 16:46 < rocketsurgeon> deception scientists 16:46 < rocketsurgeon> fuck off get out of my life and give me my money 16:47 < Ruflexo> Just moved into a new appartement, have my own router connected to the modem (LAN1 port modem to LAN1 port router). Can't access the modem config. I want everything that connect to my router be separate/cordoned off from the rest of the LAN 16:47 < BitShack> idk if anyone can help me configure the bridge so it gives its devices an IP address from the router the bridge is connected to 16:47 < Ruflexo> Should that be done with a subnet mask? 16:47 < mawk> yeah I'm talking about ebtables Apachez 16:47 < mawk> which has the BROUTING chain 16:49 < mawk> but using the br_netfilter module it seems I can do what I want to achieve using iptables 16:49 < mawk> but that just filters ipv4 and ipv6, not the rest 16:49 < mawk> I'm still subject to things like arp spoofing I guess 17:23 < wiresharked> So will 802.11ax help with performance that much, or make it worse? 17:25 < `whoami`> hey, about arpspoof; I was wondering if setting up a rogue dhcpd with your ip as gateway would be stealther or something ? 17:26 < `whoami`> if your dhcpd responds faster, ofc 17:26 < wiresharked> You are probably correct, although why would you want to do an ARP spoofing attack anyway? 17:26 < BitShack> I have a question 17:27 < BitShack> I am trying to setup a network switch so that the devices connected to it are assigned IP addresses from the router 17:27 < BitShack> so that they appear on the router client list 17:28 < `whoami`> wiresharked: Good question. To block ads, deny .exe download on non-https streams, etc 17:28 < `whoami`> or not 17:29 < wiresharked> Why can't you just use an ad blocker? 17:29 < Apachez> think of the children! 17:29 < Apachez> only nazis use adblockers 17:29 < `whoami`> wiresharked: I don't have access to people's computer :) 17:29 < Apachez> and we all know that nazis eats children for breakfast 17:29 < `whoami`> like on a public wifi in a hotel 17:29 < Apachez> which means that you eat children for breakfast when you use adblockers 17:30 < wiresharked> djph: And we all know about fortnite 17:31 < wiresharked> Do you know that some people are using a VPN to get around the fact that fortnite is blocked at school? 17:32 < Apachez> no wai! 17:32 < Apachez> do you know that some schools blocks all vpn services 17:32 < Apachez> and have the students deposite their computers etc so they will actually learn stuff while in school? 17:32 < Apachez> instead of just browsing latest instagram pics 17:32 < wiresharked> Apachez: Well, people at my school use a VPN to get around Snapchat and instagram being blocked 17:33 < Testtest23> hi 17:33 < wiresharked> And I don't think that schools will ever really stop people from using social media anyway 17:33 < Apachez> wiresharked: why are they at school then? 17:33 < Apachez> well its up to you what you do at your lunchbreak 17:34 < Apachez> but if you up for 60min math lesson then I expect that the moron will actually attempt to learn math 17:34 < Apachez> and not just browse pornhub 17:34 < wiresharked> Apachez: Which I know is prone to interference from having too many devices on the network 17:34 < Apachez> schools should setup a vpn based wifi 17:34 < tds> nah, the whole point of blocking VPN services is to make students learn about networking, right? ;) 17:34 < Apachez> so you must use the vpn of the school to use the schools wifi 17:35 < Apachez> just put openvpn server inline with the wifi uplink 17:35 < Apachez> done! 17:36 < detha> Apachez: who says the school wifi needs to provide internet access, beyond what the school uses for teaching materials? 17:44 < Apachez> detha: nothing, but if the students use vpn services to bypass instagram blocks I suspect the school wifi gives more than a local lan :P 18:00 < djph> Apachez: so then fix that "internet access" problem 18:08 < superkuh> I have a (wireless) SLIP connection from Client (192.168.5.2 dev sl0) to Host (192.168.5.1 dev sl0 | 192.168.1.125 dev eth0). I have set up internet connection sharing on Host with ipv4 forwarding and masquerade (as outlined in http://superkuh.com/SLIP-serial-internet-sharing.txt). On Client I'm attempting to set an IP add routes so that it can use the gateway (192.168.1.1 on dev eth0 of Host) through the SLIP connection (Client sl0 192.168 18:08 < superkuh> .5.2<->192.168.5.1 sl0 Host). 18:08 < superkuh> 192.168.1.0/24 is the network I want to access. 192.168.5.0/24 is the SLIP network with two IPs (.1 client, .2 host) connected via sl0 on both Client and host. Is this the correct format for the route? 18:08 < superkuh> ip route add 192.168.1.0/24 via 192.168.5.1 dev sl0 18:08 < superkuh> Additionally, do I need to set any static routes on the Host side? 18:12 < superkuh> I just get "Operation not permitted" 18:12 < tds> superkuh: you need to run ip as root to add/delete routes 18:13 < superkuh> Oh. Duh. Thanks. 18:13 < superkuh> I can ping 192.168.1.1 now. 18:15 < superkuh> And load up webservers on the LAN. Great. Now I just have to get internet/dns working. 18:27 < skyroveRR> Hey superkuh, what are you working on, dude? 18:29 < superkuh> Same thing as yesterday. 18:30 < superkuh> Back-up slow speed (56k) internet link over 915 MHz using usb/serial telemetry dongles meant for FPV with quadcopters. 18:30 < fnDross> "to try and take over the world!" 18:32 < skyroveRR> superkuh: for some reason I can't open your site or ping your domain.. 18:32 < superkuh> Huh. Yeah. 18:32 < superkuh> Something has gone wrong in the last 30 minutes it seems. 18:32 < skyroveRR> Are you on dynamic DNS, dude? 18:33 < superkuh> Always. My IP changes about once or twice per year. But my modem hasn't power cycled today. 18:33 < skyroveRR> How much TTL do you set? 18:33 < drathir> superkuh: first better ccheck if power on encrypton in that freq isnt prohibited... 18:33 < superkuh> drathir, yes, yes, I'm well below part 15. 18:33 < drathir> fnDross: and music in background ^^ 18:34 < drathir> superkuh: bc get something done and guys in black suits come not so funny scenario ^^ 18:35 < superkuh> Wouldn't be the first time feds bust down my door. 18:35 < skyroveRR> superkuh: Now it opened.... 18:35 < drathir> superkuh: oh that sad honestly... 18:36 < superkuh> I think Comcast is being fucky. 18:36 < superkuh> They briefly blocked port 80 for me for the first time in 20 years this week. 18:36 < superkuh> Might have been a sign of things to come. 18:36 < superkuh> I still can't access my site from remote IPs. 18:37 < skyroveRR> About a min back, it opened. Now it doesn't. 18:40 < superkuh> Does 443/https work for you? 18:40 < superkuh> And yes, I self sign. And yes, I use sha1. It's just a speed bump for massive surveillance. 18:51 < skyroveRR> What's your SHA-256 fingerprint? 18:51 < skyroveRR> The first 4 digits and the last 4 digits? :D 18:54 < Eagleman> What might cause slow read speeds over NFS when writes speeds are 2/3x the speed of the read speeds? 19:14 <+catphish> Eagleman: network congestion? hard to say though, read being slower is pretty unusual 19:50 < miguel2018> what type of wireless g antenna should I get to get a boost 19:52 < drathir> miguel2018: probably directional one... 19:59 < mawk> router solicitations are sent with the fe80::/64 address, and neighbor advertisements are sent with the routable address, and neigbor solicitations are sent with the fe80::/64 address 19:59 < mawk> correct ? 20:06 < tds> mawk: that sounds right to me (though ndp is also used for link local communication, so the "routable address" could actually be a non-routable ll ip) 20:07 < mawk> but there wouldn't be neigbour solicitations if only LL address is used right ? 20:08 < tds> neighbour solicitations/advertisements are still used for communication with ll addresses 20:37 < GodOfSea> Hi 21:18 < afx_> Having this topology https://imgur.com/a/DSZoCi7 , I am getting Line protocol up /down on ports 3/4 on the Cisco 3600 21:19 < afx_> I also have input and crc errors on that ports. 21:19 < afx_> Please someone help 21:20 < afx_> also both hirshman switches have stp enabled and one of them is set as the root bridge 21:21 < afx_> could stp be the problem? 21:28 < detha> afx_: unlikely. CRC and input errors points to bad cabling or speed/duplex mismatches 21:29 < nobody> hi everyone :) 21:30 < detha> afx_: easy enough to see if STP is the root of the problem - remove the link between the hirschmann switches, if the problem goes away it is stp, if not keep looking. 21:31 < afx_> detha, cabling is checked and speed/duplex is set manualy 21:31 < drathir> detha: how about mtu? 21:32 < afx_> detha , will do that tomorrow. Actually I was thinking of removing the 2nd hirschman switch completely . Should I disable stp on that switch too ? 21:32 < detha> drathir: possible, if one switch is set for jumbe frames and the other to 1500-something 21:33 < detha> a decent switch would just drop the frame without disabling the port, but it is cisco we are talking about, so who knows. 21:34 < afx_> also devices connected to the 3600 switch report loss of communication when this flapping occurs. 21:34 < detha> loss of L1, or detected in some protocol? 21:35 < SporkWitch> devices lose connection when the connection flaps?! WHAT?! i don't believe this! 21:35 < SporkWitch> (sorry, but obvious thing is obvious lol) 21:35 < afx_> cisco only reports problems with port 3/4 . But devices connected to other ports report connection loss too 21:36 < afx_> but like I said , cisco logs report line protocol down / up on gi0/3-4 21:37 < drathir> afx_: im wonder if it allow dmesg ? maybe hw issue memory corruption? 21:37 < afx_> on 3600? 21:38 < detha> "debug all" is as much as you'll get from it 21:39 < drathir> thats guess ofc bc when 'obvious' ideas ends the crazy ones good check... 21:39 < afx_> I am going to remove the 2nd switch for now . Should I disable stp on the other Hirschman left ? 21:39 < detha> no need to I'd say 21:40 < afx_> ok 21:40 < detha> but... try it, you could be hitting some weird 'happens only between those vendors' bug 21:40 < afx_> you mean no need to remove the switch or the setting? 21:41 < detha> theoretically it should work fine with STP enabled and no loops. 21:41 < afx_> detha 21:41 < afx_> ok 21:42 < afx_> will do this tomorrow mornign , will let you know guys (in case you re europe - same timezone) 21:42 < detha> I would try first by just removing the loop, preferable between the two hirschmann switches. If it is STP causing funnies, behavior should changes 21:43 < afx_> detha the problem is that this is happening randomly , ca once every hour or so 21:45 < detha> afx_: intermittent problems can take a while to debug yeah. Change one thing, wait. Change one more thing, wait. 21:45 < drathir> afx_: sure feell free inform, interesting issue... 21:46 < drathir> matrix klined again ? ^^ 21:46 < drathir> or netsplit ongoin? 21:47 < detha> what's the undoing of a netsplit? netjoin? 21:47 < afx_> drathir, will do 21:47 < afx_> thank you all 21:49 < drathir> detha: yea not saw information somtimes laggy, but should spawn already than k-lined matrix more like... 21:50 < drathir> afx_: np and gl ofc... 21:50 < afx_> thanks 21:50 <+catphish> why do all those users have [m]? 21:51 <+catphish> something about matrix.org i guess 21:56 < SporkWitch> catphish: ##linux just did a blanket ban on the hostmask; they've been flooding in and out all day 21:58 <+catphish> SporkWitch: guess they're having some issues 21:58 <+catphish> meh 21:59 < drathir> catphish: m its matrix gateway mostly i guess... 22:11 < Odium_> Can somebody help me with a subnetting problem? 22:14 < at0m> Odium_: only if people actually know your specific problem 22:17 < Odium_> I'm creating a mock network for a project, I have 3 remote sites, One has 50 hosts (25 pc, 25 VoIP phones), the other two have 26 hosts (13 pc, 13 VoIP phones). I want to create 3 VLANs (1 for data, 1 for VoIP traffic, 1 for management). I'm not familiar with remote site subnetting, so I'm wondering if each site needs its own network scheme (including VLAN subnets), or if I can create one large network that encompasses all sites 22:18 <+catphish> VLANs are a local concept, you'll need 3 VLANs, each with subnets, at each site 22:19 < Apachez> you should have one range per site 22:19 < Apachez> so you can route properly 22:20 < Apachez> thats one range per vlan per site 22:20 < Apachez> often you want something "smart" 22:20 < Odium_> Does each site require it's own network? Say site 1 is 192.168.0.0 /24, site 2 is 192.168.1.0 /24, site 3 is 192.168.3.0/24. Or can I make them all with 192.168.0.0 /23 22:20 < Apachez> like lets say you use 192.168.x.x for mngmt 172.x.x.x (whatever range it is in rfc1918) and then 10.x.x.x for produktion 22:20 < Odium_> Ah, okay 22:21 < Apachez> so 10.1.0.0/16 allocationwise is site 1 22:21 < Apachez> 192.168.1.0/24 is mgmt for site 1 22:21 < Apachez> 172.21.0.0/16 (or whatever range it is in rfc1918) is voip for site 1 22:21 < Apachez> or just chunk up 10.0.0.0 instead 22:21 < Apachez> 10.1.0.0/16 is allocated to site 1 22:22 < Apachez> where 10.1.0.0 -> 10.1.99.255 is for production, 10.1.100.0 -> 10.1.199.255 is for voip and 10.1.200.0 -> 10.1.255.255 is for mgmt and p2p links and whatelse 22:22 < Apachez> so site 2 becomes 10.2.x.x 22:23 < Apachez> this design will of course break once you hit more than 255 sites :P 22:23 < Odium_> That's how I was thinking of doing it, I just wanted to make sure if sites wouldn't route if in the same subnet 22:23 < Odium_> Thanks for the help. 22:24 < drathir> Odium_: trunk to switch and untagged data+tagged voice probably... 22:25 < Apachez> Odium_: well thats why you should have unique ip ranges 22:26 < drathir> Odium_: vlan at least should You give solid separation bbetween pools... 22:26 < Apachez> so stuff can be routed 22:38 < drac_boy> hi 22:40 < drathir> drac_boy: hi, hi... 22:43 < drac_boy> what doing atm? 23:59 < drathir> http://www.juliadavisnews.com/articles-about-russia/russia-warms-up-the-public-to-the-idea-of-virtual-borders/ 23:59 < drathir> geez... --- Log closed Mon Apr 23 00:00:36 2018