--- Log opened Wed Apr 25 00:00:38 2018
--- Day changed Wed Apr 25 2018
00:00 < sammyg3> haha Maarten someone is looking you up :)
00:00 < sammyg3> you have a fan! weee
00:00 < hugge> well how many maarten could it be working for vodafone :p
00:01 < hugge> (i guess a few actually)
00:01 < sammyg3> haha
00:01 < hugge> also we probably met atleast twice :P
00:02 < haduken> greets
00:02 < sammyg3> see! internet is such a small place! :P
00:02 < sammyg3> not to mention the IRC part of it
00:06 < hugge> yeah the DFZ is a small duckpond of people
00:06 < MACscr|lappy> shouldnt these vlans be abl eto talk to each other? both are vlan 10, right? http://paste.debian.net/1021886/
00:07 < MACscr|lappy> cant ping on 10.10.0.x
00:07 < AlexPortable> How do I know if a router is good for routing (consumer grade)?
00:07 < AlexPortable> I mean high price doesn't always equal good performance
00:08 < haduken> is anyboy familiar with virtual eth pairs? which practical use do they have?
00:13 < Maarten> hugge, I don't work for Vodafone :)
00:14 < hugge> Maarten: ah, i read it the wrong way, then disregard :P
00:14 < Maarten> I'm not even in the right continent to work for Vodafone. :P
00:14 < MACscr|lappy> someone must have vlan experience here =P
00:16 < Maarten> MACscr|lappy, wait you want to have a network 10.10.0.0/16 talking to ANOTHER 10.10.0.0/16 network on a different location? Or am I not reading the routes right?
00:16 < MACscr|lappy> same switch
00:17 < Maarten> but both 10.10.0.0/16 networks, different ones? Not sure if that will ever work that way
00:24 < MACscr|lappy> Maarten what am i dong wrong? i. just just need 10.10.0.100 and 10.10.0.101 to be able to communicate with each other on vlan10
00:24 < MACscr|lappy> all of my debian 8 systems can talk to each other fine on it, but im failing on this new debian 9 system
00:25 < Maarten> Hmm.... well if it works on debian 8 I would assume it should work on 9. If they are on the same switch, same vlan.... I don't see a problem, unless there is some sort of IP conflict.
00:28 < drac_boy> hi
00:35 < haduken> drac_boy: hei
00:36 < haduken> is it normal for linux bridge to duplicate hardware nic mac address?
00:36 < haduken> using iproute2
00:37 < drac_boy> no idea..don't use linux so much at all due to their act sorry :-s
00:37 < haduken> sometimes it even duplicates the mac address on a vlan attached to it.
00:37 < haduken> drac_boy: what act?
00:37 < haduken> drac_boy: it's ok, I was throwing open the issue not just you.
00:37 < tds> haduken: iirc the bridge will take the smallest mac address of all member interfaces
00:39 < haduken> sometimes the duplicate jumps onto first vlan attached to the bridge and the bridge gets a different address.
00:39 < drac_boy> yeah np anyway .. I guess you got answered now anyhow haduken
00:39 < haduken> it's arbitrary.
00:40 < haduken> sometimes I've seen, when all down, different mac addresses, but when upped the hardware mac address get's duplicated randomly.
00:41 < haduken> tds: is it safe to give the bridge a unique mac address?
00:41 < tds> I don't see why not
00:42 < haduken> I can reproduce this.
00:46 < Guest86812> Could someone explain port forwarding to me?
00:47 < haduken> Guest86812: when you're behind a firewall you allow data back out.
00:47 < haduken> *traffic
00:47 < Maarten> http://lmgtfy.com/?q=how+does+port+forwarding+work
00:48 < haduken> Guest86812: so the outside can reliably communicate within your subnet.
00:48 < haduken> something like that.
00:48 < Guest86812> So I have a server running and I port forwarded to my internal ip using a command.
00:48 < Guest86812> Now when I port forward in the router it doesn't show up on my external ip.
00:48 < haduken> Guest86812: port forwarding has to be enable in the kernel first.
00:48 < haduken> Guest86812: which OS are you using?
00:49 < Guest86812> I am using Windows...
00:49 < drac_boy> windows what?
00:49 < Guest86812> 10
00:49 < djph> and W10 is hosting something on whatever port?
00:50 < Guest86812> So I port forwarded localhost to 192.168.1....
00:51 < Guest86812> Now I port forwarded that on my router. Shouldn't I see something on my external ip?
00:51 < djph> actually, before we waste too much time -- check your router.  Is the IP address is any of the ranges 10.0.0.0-10.255.255.255; 100.64.0.0-100.127.255.255; 172.16.0.0-172.31.255.255; or 192.168.0.0-102.168.255.255 ?
00:51 < djph> *the WAN IP Address
00:52 < Guest86812> So I am new to this you WAN is your external ip address?
00:52 < SporkWitch> yes
00:52 < SporkWitch> Wide Area Network, as opposed to Local Area Network
00:53 < djph> Guest86812: well, yes -- but checking somewhere like "whatismyip.com" is not necessarily going to give you the right info
00:53 < Guest86812> No it doesn't
00:54 < Guest86812> Oh really whatismyip won't show me my external public ip?
00:54 < Maarten> Guest86812, say you have something that requires port 1234 to be open from the inside, and the computer hosting that something is 192.168.1.20 - you would go log on to your router, go to the port forwarding sections (sometimes called pinholes as well), and put in a port forward for point 1234 to 192.168.1.20 - now anyone on the internet can reach your WAN IP (whatever that is) on port 1234, and it will forward that traffic to 192.168.1.20
00:54 < djph> It depends on your ISP.  Some smaller ones use NAT.
00:54 < djph> Guest86812: ^
00:55 < djph> Guest86812: and because of that, you have to check on the ROUTER ITSELF
00:55 < Guest86812> Yes I did that.
00:55 < Guest86812> My isp is saying port 80 is blocked though.
00:55 < djph> well, many ISPs block port 80
00:56 < Maarten> some ISP's block some ports indeed.... 25 is most often blocked (smtp), but some residential ISP's block ports that are often used for servers. You may want to check your TOS to see if you are allowed to run servers. You can always run it on another port though.
00:57 < Guest86812> So I went through 192.168.1.1 I went to the port forwarding section and I put in 192.168.1.... on port 80.
00:57 < djph> and that machine has something *running* on port 80?
00:57 < Guest86812> Yes it has something running on port 80.
00:57 < SporkWitch> if you're in the US and it's not a business connection I'll tell you right now your TOS prohibits hosting servers, though not all actually care if you do it anyway
00:57 < Maarten> if port 80 is blocked use another port, e.g. port 81 - you should be able to forward port 81, and forward it internally to port 80 on your own machine.
00:58 < Guest86812> I usednetsh interface portproxy add v4tov4
00:58 < Guest86812> I used netsh interface portproxy add v4tov4
00:58 < djph> SporkWitch: AT&T doesn't, pre=-merger TWC didn't
00:58 < djph> Guest86812: that means absolutely nothing
00:58 < SporkWitch> even my ISP technically says "don't run servers," yet they sell a connection with 100Mbps upstream and sell static IPs for 10 bucks/mo lol; wtf would i be paying for that fat pipe and a static IP if i didn't plan to host something on it? lol
00:58 < djph> Guest86812: what're you running on port 80? apache or something?
00:59 < djph> SporkWitch: IKR :)
00:59 < Maarten> SporkWitch, AT&T doesn't care, I checked with them. You can even get a block of static IP's if you want. The kicker, and this is the case with most ISP's..... is whether you make MONEY using that website. If it is a private website full of pictures of cats, no one cares. If it is a small webshop selling knitted hats for cats, they care and they want you to get a business account.
00:59 < Guest86812> What does TOS mean?
00:59 < drac_boy> spork..you ever heard of the thing called 'streaming' or 'users beign crazy with ethernet-not-cable tvs? ;)
00:59 < Maarten> Guest86812, terms of service
00:59 < djph> Guest86812: Terms of Service
01:00 < djph> drac_boy: UPLOAD
01:00 < djph> drac_boy: do try to keep up
01:00 < djph> :)
01:00 < drac_boy> djph you're not keeping up :P
01:00 < djph> :P hahahaha
01:00 < SporkWitch> djph: i think they put it there in case you end up with enough traffic that you actually use a significant portion of your connection a significant portion of the time, not because they really care
01:00 < drac_boy> streaming means either/both up or down anyway ;)
01:01 < SporkWitch> drac_boy: tab-completion is your friend, and you don't need a static ip for that.  It's the static ip that reall clinches it for me: THEY KNOW you plan to host something lol
01:01 < Guest86812> So I am running an asp server I used apache before but for some reason I can't host anything.
01:02 < drac_boy> actually yes you -do- use static ip on certain video services
01:02 < drac_boy> it makes for much easier connection especially to guest boxes
01:02 < Guest86812> So could someone tell me if I am doing something wrong or if it is my isp?
01:21 < whatsupdoc> someone plz help http://dpaste.com/3BN6DRV.txt
01:22 < SporkWitch> no one's going to click a paste with zero context, kid
01:22 < whatsupdoc> text?
01:23 < whatsupdoc> first of all what is delay????
01:23 < SporkWitch> ...
01:24 < whatsupdoc> whois can give me AS
01:25 < SporkWitch> do you have like a typing version of tourettes?
01:25 < E1ephant> is that like up dog?
01:25 < whatsupdoc> lol
01:25 < SporkWitch> i feel like i should feel proud i don't know what "up dog" is...
01:26 < whatsupdoc> someone just tell me plz what it's asking
01:26 < whatsupdoc> this is an impossible question
01:26 < Quatermass> whatsupdoc: You're not going to get any help while you're behaving like an entitled ass
01:26 < whatsupdoc> you cannot measure the delay
01:27 < SporkWitch> how can you have any pudding if you don't eat your meat?
01:27 < whatsupdoc> because to measure the delay you have to be at one of the hosts
01:27 < whatsupdoc> You have to be at the AS
01:27 < SporkWitch> to eat your meat?
01:27 < E1ephant> it kinda spells it out
01:27 < E1ephant> use traceroute
01:27 < E1ephant> record each hop
01:27 < E1ephant> figure out which hops the ASN is changing
01:27 < whatsupdoc> Experiment 1) drive or take plane to where you want to measure delay 2) ping
01:27 < E1ephant> grab latency  delta along path
01:28 < E1ephant> for each ASN
01:28 < tds> is this homework by any chance?
01:28 < whatsupdoc> ...no
01:29 < SporkWitch> tds: who knows? he just posted a link and demanded help; no context, then random inane outbursts that make no sense due to lack of any context
01:29 < whatsupdoc> ...maybe
01:29 < Quatermass> lol of course it is.  notice the demeanor of the Entitled Generation that's telling people to answer immediately
01:29 < whatsupdoc> our generation is better than yours tho
01:29 < SporkWitch> whatsupdoc: don't feed the troll
01:29 < whatsupdoc> i'm legit asking for help
01:30 < E1ephant> yeah just ignore quarter
01:30 < E1ephant> they are unhelpful on purpose
01:30 < E1ephant> they find it entertaining for some reason
01:30 < SporkWitch> whatsupdoc: and i'm legit telling you to improve HOW you ask
01:31 < tds> if you're using mtr, --aslookup may also be helpful, much nicer than running whois manually for each hop
01:31 < whatsupdoc> I don't understand how finding the latency between ASN gives you any useful information
01:31 < whatsupdoc> because it's always going to be between your ASN and some random ASN, not some random ASN and another random ASN
01:32 < E1ephant> I mean sounds like a thought experiment more than anything
01:33 < E1ephant> but yes it aboslultely matters what latency an ASN is delivering to your destination, as you might have multiple routes (ASNs) to pick from.
01:34 < E1ephant> or seeing different ASNs, and what they're adding to the same given destination
01:35 < djph> ^
01:36 < whatsupdoc> ok thanks E1ephant
01:37 < E1ephant> I've helped bugs bunny today, day complete.
01:38 < SporkWitch> E1ephant: makes me hungry; i haven't had rabbit in years
01:39 < djph> shhhh, I'm hunting wabbit
01:40 < drac_boy> djph I always found the language used by tweety a bit funny .. you know how it goes? "I taught I taw a cat"
01:40 < drac_boy> forgot exact spelling but I'm sure of the 'taw' word :)
01:41 < djph> drac_boy: "I tawht I tawh a puddy-tat"
01:41 < djph> drac_boy: "I did! I did tawh a puddy-tat!"
01:42 < drac_boy> heh yeah that's it .. been a long time I watched the tv series :P
01:42 < drac_boy> djph and it was always funny how many times the cat was so close but then the grumpy big dog was right behind the cat :)
01:42 < djph> haha, IKR
01:42 < djph> now it's "too violent" for kids
01:42 < djph> or something
01:43 < drac_boy> djph or how about the fact that the brain-dumb coyote never could get at the roadrunner no matter how wild of an "acme" item he ordered .. there was that one time the coyote almost had the roadrunner only to realize the size-altering tube didn't function "properly"
01:44 < djph> the funny thing is, a cartoon from back then was super-progressive.  I mean, the number of times Bugs dressed up as a chick and kissed Elmer or Yosemete Sam or ...
01:44 < drac_boy> of course the coyote running off cliff and just standing there .. snaps out a white flag .. then WHOOSH normal gravity takes over :)
01:45 < djph> "bye. bye."
01:46 < drac_boy> and also I still like the silly muppet family even if they had certain weirdness to each :)  (grouchy garbage character .. the cookie loving monster .. or even the "hate and loves frog at same time confusingly" miss.piggy ;)
01:47 < drac_boy> always found it so silly when miss.piggy would get physical with frog .. then only a few seconds later suddenly kiss him way too much :)
01:47 < cluelessperson> Hi all, when I connect my security gateway to the internet/wan uplink, should I maybe pass it through a WAN vlan on my switch?
01:47 < cluelessperson> in case I need direct access to the WAN for some reason?
01:47 < cluelessperson> drac_boy: children's shows have a tendency to exagerate character traits
01:48 < drac_boy> yeah.. but anyway as for your network question I'm sure it might be for the best to not allow wan access
01:48 < djph> no?
01:49 < cluelessperson> djph: no what?
01:49 < djph> cluelessperson: so *thats* why kids shows these days all have super-annoying shits as the main characters
01:49 < djph> cluelessperson: "no passing thru the WAN"
01:49 < cluelessperson> djph: ah.  Probably a good idea.  I notice a bunch of unknown clients showing up on the switch interfaces.
01:49 < cluelessperson> MACs of various neighbors, random pings and such
01:50 < cluelessperson> I'm an in apartment, a wardriving wet dream
01:51 < cluelessperson> djph: drac_boy I mean, I can see 36 clients on that port
01:57 < dogbert2> hey djph
02:00 < djph> heyo dogbert2
02:00 < drac_boy> anyway I'm off for tonight
02:21 < dogbert2> whazzzup, djph
02:22 < jasonb> Hello everyone, I have a question, it's kind of long so I pasted it here : ttps://paste.debian.hnet/plain/1021895. Hope some guru could help me out. Many thanks !
02:22 < djph> dogbert2: not much, chillin mostly
02:22 < dogbert2> had to work overtime the last 3 work days (Fri, Mon-Tues)
02:23 < djph> ouch
02:23 < djph> that's never fun
02:24 < dogbert2> well, unless I get an override from my regional mgr, no more overtime this week :P
02:24 < CuriosTiger> djph: When it's paid overtime it is.
02:25 < dogbert2> CuriosTiger...when you have a switch fail to come back online, no it ain't :)
02:26 < CuriosTiger> jasonb: So, perhaps a silly question -- but do your CLIENTS have their default routes configured correctly?
02:26 < CuriosTiger> dogbert2: Well..yeah.
02:26 < dogbert2> and I've had to get up at 0345 the past three work days...
02:27 < dogbert2> was able to get it back online (the bad switch) by wiping out all configs, etc...was throwing bad inode errors during boot
02:27 < djph> CuriosTiger: yeah, but 3 days straight of it still suck
02:28 < dogbert2> LOL...that would suck ass, even at 2.5x pay rate
02:30 < CuriosTiger> dogbert2: I had my dogfood firewall start doing that. Turned out to be a bad HDD. To which my response was, who puts a HDD in a firewall?
02:30 < dogbert2> only an idiot, CuriosTiger
02:30 < forgotten> waba luba dub dub!
02:34 < CuriosTiger> dogbert2: On the one hand, I'm inclined to agree. On the other hand, Palo Alto has kind of impressed me with their platform.
02:34 < CuriosTiger> I just think they need to retire the PA-200 out of their lineup, and they'll be good. That's their only box that still ships with an HDD.
02:34 < dogbert2> heh
02:34 < CuriosTiger> Well, that, and they need to get on the ball with IPv6.
02:35 < dogbert2> replace HDD with Flash HD
02:35 < CuriosTiger> My current IPv6 setup is to run a VirtualWire from my inside network through the Palo Alto to a Cisco router that handles IPv6 routing.
02:35 < forgotten> CuriosTiger: with wildfire?
02:35 < CuriosTiger> forgotten: I do have wildfire, yes. And advanced threat protection.
02:35 < forgotten> nice do you find that pretty usefull?
02:36 < forgotten> like does pickup lots of the bad?
02:36 < CuriosTiger> forgotten: Well, they stopped a piece of israeli spamware from phoning home at work the other day
02:36 < CuriosTiger> so they do pick up some.
02:36 < forgotten> do you have anything else inline besides that?
02:36 < CuriosTiger> I'm still not sure about their success rate, as I try hard not to have bad on the network in the first place, either at home or at work.
02:37 < jasonb> CuriosTiger: the clients has default route to the wlan0_1 (192.168.20.1), and /etc/resolv.conf points to the remote VPN server tun interface (192.168.120.1) for DNS
02:39 < CuriosTiger> jasonb: OK. Just had to ask, because I've very often seen a missing default route on the CLIENT be the cause of being unable to ping beyond the local gateway
02:39 < CuriosTiger> ...and then driven myself crazy looking for a gateway config issue that wasn't there.
02:41 < jasonb> CuriosTiger: Yeah. I've been with this setup for weeks. Still can't figure out why. It's so unstable. Sometimes the clients can connect to Internet (restarting dnsmasq + vpn client on the router a couple of times). It's so strange.
02:41 < jasonb> paste it here again in case some guru walks by and could throw me 2 cents : https://paste.debian.net/plain/1021895
02:46 < djph> probably a mix of dnsmasq, systemd, vpn ...
02:47 < djph> jasonb: short version, you need 0.0.0.0/1 and 128.0.0.0/1 via the vpn tunnel, like what oVPN does
02:49 < jasonb> djph: Hi. but, where should I set that ?
02:49 < jasonb> if I set that on the router, other traffic will end up routed through the VPN tunnel
02:49 < jasonb> this is not what I wanted
02:49 < jasonb> that's why I created the table vpn_table in /etc/iproute2/rt_tables
02:50 < jasonb> strange thing, applying route 0.0.0.0/1 or 128.0.0/1 or default route in that table, I cannot ping my wlan0_1 interface + remote VPN tun interface
02:50 < djph> then secondary routing tabe needs the gateway of last resort, plus more specific routes to the other subnets
02:51 < jasonb> would you mind writing down (some) example of the routing rule for that 2nd routing table ?
02:52 < jasonb> I tried rule like : 192.168.120.0/24 dev tun1 scope link (where that subnet is the subnet of the VPN tunnel, tun1 is the tun interface on my router)
02:53 < jasonb> that's for the 2nd routing table
02:53 < jasonb> # ip route add 192.168.120.0/24 dev tun1 table vpn_table
02:54 < djph> and you have a rule saying that 20.0/24 source IPs use that vpn_table
02:54 < jasonb> djph: yes I did that.
02:55 < jasonb> both 20.0/24 and 120.0/24
02:55 < jasonb> but
02:55 < jasonb> if adding 20.0/24, the client no longer be able to ping 20.1 (wlan0_1) be cause all traffic are route to 120.6
02:56 < djph> you're making a mess of your routing somewhere
02:56 < djph> and not explaining it well
02:56 < djph> the router ABSOLUTELY KNOWS about all locally connected networks
02:59 < jasonb> djph: which additional rules you suggest putting on that vpn_table aside :
02:59 < jasonb> # ip route add 192.168.120.0/24 dev tun1 table vpn_table
02:59 < djph> what networks do you want it to talk to?
02:59 < jasonb> # ip route add from 192.168.120.0/24 dev tun1 table vpn_table
02:59 < jasonb> # ip route to 192.168.120.0/24 dev tun1 table vpn_table
02:59 < djph> the table *SHOULD* show
03:00 < djph> 0.0.0.0/0 via VPN_Otherside
03:00 < djph> local_net is locally connected (repeat for all local nets)
03:00 < jasonb> let me try again
03:00 < djph> any other non-local nets via a reachable gateway
03:05 < jasonb> djph: are wifi clients supposed to be able to ping 20.1 (wlan0_1), if the default route of vpn_table is to routed to VPN_Otherside (120.1) ?
03:07 < kaltec> anyone here have experience with FortiGate devices? I have a couple questions about setting up FortiClient VPNs, and their whitepapers haven't been able to answer my question.
03:08 < SporkWitch> *nelson voice* HA HA! https://www.youtube.com/watch?v=G7EFthdV9bk
03:08 < SporkWitch> AT&T and Verizon were naughty :P
03:08 < djph> jasonb: they wouldn't route since 20.1 is on the same network
03:08 < SporkWitch> kaltec: If you have a question, just ask! For example: "I have a problem with ___; I'm running Debian version ___. When I try to do ___ I get the following output ___. I expected it to do ___." Don't ask if you can ask, if anyone uses it, or pick one person to ask. We're all volunteers; make it easy for us to help you. If you don't get an answer try a few hours later
03:11 < kaltec_> In their documentation (http://cookbook.fortinet.com/ipsec-vpn-forticlient/), they refer to a local address and local interface. I get the local interface part, but the local address is throwing me as to what it is used for.
03:11 < kaltec_> I'm creating tunnels for both employees and vendors here, so I want to make sure I'm setting it up appropriately
03:11 < SporkWitch> local address, logically, would be the address of that interface
03:12 < SporkWitch> that is, the address of the local interface
03:12 < kaltec_> you would think that, but in their video, they create a network object that is a /24 and use that as the local address
03:13 < SporkWitch> kaltec_: then it sounds like they mean network address; 192.168.0.0/24 is a network address, 192.168.0.1/24 is a host address
03:14 < kaltec> right. I have ~50 different vlans inside my firewall. The firewall itself is a /30 between it and the core switch.
03:14 < kaltec> i've tested w/ <companyNetwork_all>, which is a group of all our internal vlans, as well as just a single ip address in one of the ranges and i haven't had any issues with either test
03:16 < kaltec> i guess i'm just trying to figure out what that part of the config is used for
03:25 < berfondo[sw]> hi. I'm on wifi and get these ping spikes (from 15ms to >1500ms) anywhere from every 10 seconds, to once a minute or so. Really annoying for gaming. Router is suppossed to be good, I guess (not mine, but Comcast) and I cannot use ethernet cable. IS this an issue inherent to wifi, or could there be another cause?
03:26 < CuriosTiger> It's not inherent to wifi, but wifi certainly could cause it.
03:26 < ldiamond> I'm having SSL issues. https://gist.github.com/lewisdiamond/cf43dee45d1b78fdeab3f963e02f7a15
03:26 < ldiamond> Are the top ones "good enough" to allow?
03:27 < CuriosTiger> Also, latency IS inherent to wifi. But that amount of jitter is not.
03:27 < ldiamond> idk why my default nginx doesn't support anything in there
03:28 < berfondo[sw]> CuriosTiger: thanks. So this happens when I do a ping -t www.google.com and also happens simultaneously when I'm in a server in a FPS game. Pther than these ping spikes, connection is smooth and fast.
03:29 < berfondo[sw]> CuriosTiger: I live in university housing so internet is provided by my university. I am lucky the wifi access point is on my roof, less than 20 feet from my laptop. But I'm probably sharing the AP with many clients. Is there a way to troiubleshoot whether the spikes are caused by my wireless adapter, or by the router (bad config), or by the router (saturated with too many clients),or something lije that?
03:33 < Evidlo> just use your wired connection
03:33 < berfondo[sw]> the access points don't have ethernet ports (excepting the WAN)
03:34 < Evidlo> they dont give you wire drops?  what about people with desktops?
03:34 < Evidlo> also why do they put an AP outisde on the roof
03:34 < djph> berfondo[sw]: it's you and the 39 of your closest friends also in the vicinity hitting the same ap
03:35 < djph> Evidlo: I bet they do, and he just ignored them
03:35 < berfondo[sw]> Evidlo: they gave USB wireless adapters for them, and I meant the ceiling, not roof...
03:35 < forgotten> lol 39
03:35 < berfondo[sw]> djph: I'd think there are a few at least
03:36 < djph> forgotten: well, knowing how we set the APs up in our dorms, yeah, one AP pre 30-40 students
03:36 < forgotten> just thought it was a funny number to go to haha
03:36 < forgotten> you and 39 of your closest friends.. just funny wording lol
03:36 < djph> forgotten: at least the first year we got wifi.  They added more the next summer, but ...
03:40 < berfondo[sw]> djph: so now I'm doing the ping -t in two laptops simultaneously, but only one gets the high pings/time outs....
03:40 < djph> everything else identical?
03:41 < Evidlo> use mtr to figure out what hop is adding the latency
03:41 < berfondo[sw]> djph: no, not identical
03:41 < djph> hrdware, os, patches, installed crap, amount of porn from sketch corners of the internet, etc
03:43 < berfondo[sw]> djph: so I know it's hard, but how would you go about determining what's the cause between all those possible things?
03:43 < djph> what's the wlan cards for starters
03:44 < berfondo[sw]> djph: Intel Dual Band Wireless AC 7260
03:44 < djph> in both?
03:44 < berfondo[sw]> djph: no, just the one with the issues
03:45 < djph> that's surprising. Intel are solid cards.  I'd start with updating the driver
03:45 < berfondo[sw]> djph: ok, I'll trey that
05:49 < sandman13> Hi, I have a pcap file, and I want to replay traffic on it with tcpreplay but where should tcpreplay run? On the server or any machine on the network?
05:51 < littel5t> what does curl ifconfig.me and ifconfig shows.. what is my ip address out of these
05:58 < Quatermass> You mean you are unable to find your external ip from using curl ipconfig.me?
05:59 < Quatermass> It returns your internet ip and nothing else
05:59 < Quatermass> ifconfg shows your internal, or LAN IP
06:02 < littel5t> what is the difference between internet ip and internal ip?
06:54 < LissajousPattern> is there any benefit to having a wireless AP bridged to a mobile hotspot?
06:55 < LissajousPattern> throughput wise or security wise?
06:55 < grawity> basically an AP with wireless uplink to another AP?
06:55 < LissajousPattern> yeah
06:55 < grawity> can't imagine how that would be useful
06:55 < LissajousPattern> oh
06:56 < grawity> except perhaps to extend the range or something such, but by that point, if the uplink is a cellphone hotspot, I'm guessing it's gonna be fairly overloaded
06:56 < grawity> and I mean, a phone hotspot already has infinite range in the sense that you can carry it >_>
06:57 < LissajousPattern> grawity, word
06:57 < LissajousPattern> I have used it to extend range
06:57 < LissajousPattern> it works quite well
06:58 < LissajousPattern> but I am just trying to find out it there are added benefits
06:59 < grawity> extending range this way (wireless uplink) usually costs some performance
06:59 < grawity> and extending other things (like client count) is probably a bad idea from the beginning
07:00 < LissajousPattern> noted
07:00 < LissajousPattern> so I would like to host my website from my phone... Is that possible?
07:01 < grawity> technically yes
07:01 < grawity> practically, welllllllll.
07:01 < LissajousPattern> yeah thats what I am wondering
07:02 < grawity> imagine a cellphone getting a reddit hug of death
07:02 < LissajousPattern> whats that?
07:02 < LissajousPattern> I'll google it
07:02 < grawity> like slashdotting except for 2010's
07:02 < grawity> also it depends on your mobile provider: some give you a public IP address, some don't, and some do but block all inbound connections regardless
07:03 < LissajousPattern> ah ha
07:03 < LissajousPattern> yeah it would be cool to mess with at least just for the sake of experimenting
07:04 < grawity> you can in fact host stuff on Tele2 prepaid, for example
07:04 < LissajousPattern> hmm
07:04 < grawity> also, you'll usually need a rooted phone in order to host on the standard http(s) ports
07:05 < LissajousPattern> yeah I have one
07:05 < LissajousPattern> you got me thinking
07:05 < LissajousPattern> I was gonna try it last night but got a little sleepy
07:05 < grawity> (without a compatible mobile provider, I imagine a VPN could be used to provide the same feature...)
07:08 < LissajousPattern> man I have a decent Idea
07:08 < grawity> nothing whatsoever about this is decent
07:09 < LissajousPattern> yeah well
07:09 < grawity> (obligatory https://www.youtube.com/watch?v=vQ5MA685ApE)
07:11 < LissajousPattern> brilliant
07:12 < LissajousPattern> yeah I also want to host full 1080p video on that site served by the phone as well...lol.
07:13 < LissajousPattern> I plan on running a bitcoin miner on it too. just to stay warm during the winter months
07:15 < Quatermass> lol
07:15 < LissajousPattern> I mean what do y'all do with your rooted android phones?
07:16 < Quatermass> Why not run a bittorrent site on it
07:16 < LissajousPattern> great idea
07:16 < Quatermass> Sounds like you just want attention.
07:16 < Quatermass> And good luck with that
07:20 < at0m> rooted android is great to manage iptables and systemwide adblocker, maybe a vpn client.
07:20 < Quatermass> at0m: s/he knows this.  It wants attention.
07:20 < at0m> seems so.
10:08 < galileo_> good news pppingme
10:08 < galileo_> pretty sure my mail is getting through to people now
10:38 < Spice_Boy> galileo_: I'll be trying to set up an email server one day
10:38 < galileo_> if ISIS captured me and gave me a choice; 1: set up an email server or 2: be a star in their next beheading film i would definitely choose 2
10:44 < mrtnt> Let's say that I'm downloading a large file over TCP. For example "wget http://hgd-speedtest-1.tele2.net/10GB.zip". It is obvious, that when some of my ACK messages get lost, then servers TCP send window cannot slide to right, i.e server cannot send additional data once it has received acknowledgments for data it has already sent and this affects the throughput. However, how is the download speed
10:44 < mrtnt> affected if some of the packets sent by the server get lost?
10:44 < mrtnt> I guess the effect is the same because the client can not acknowledge data which it has not received and thus again, the server send window cannot slide to right.
10:48 < Spice_Boy> haha
10:55 <+catphish> mrtnt: if the client doesn't receive data, it has to be sent again, of course that slows things down, as for how much probably very much implementation dependent, and of course dependent on how many packets are lost, TCP intentionally slows down when packets are lost, that's how it reaches line speed and stays there
11:05 < mrtnt> catphish: ok, thanks! So from server(sender) point of view it doesn't matter, if its "data" packet got lost or acknowledge packet for this "data" packet sent by the client got lost? In either way, server needs to resend the data.
11:06 < dogbert2> anyone use a NAS device...looking to get a good 2 bay unit
11:06 <+catphish> mrtnt: exactly, in fact there's no possible way the sender could know if it's the data that got lost, or the ack, the result is the same
11:09 < djph> dogbert2: I just went for "old dell server" :/
11:17 < detha> dogbert2: old server, or an old PC with a couple of sata drives
11:18 < dogbert2> heh, djph...not an option, since I don't have old servers lying around...was looking at a standalone device :)
11:20 < mrtnt> catphish: thanks!
11:20 < detha> dogbert2: $50 buys you a good enough PC off eBay, the only difference between a 'PC' and a 'NAS device' is that for the NAS device instead of skimping on the onboard NIC they skimped on the onboard video
11:21 < dogbert2> true :)
11:29 < djph> dogbert2: I picked up a server from one of those refurb sites
11:29 < dogbert2> what kind of NAS do you have set up with it?
11:32 < djph> just NFS.  Not 100% sure it counts as a "NAS service", but it serves my purposes
11:38 < dogbert2> grin :)
11:44 < detha> dogbert2: cheap, fast, large: pick any two. We are cheap, so we have old servers with 15K SAS or SCSI drives for fast nfs or iscsi, and old PCs with a bunch of 7200 sata drives for lots of slow nfs or cifs
11:44 < dogbert2> LOL :)...
11:54 < adnn> Regarding the hidden node problem in ad-hoc networks, what is the limitation point which is preventing the middle node from receiving data from both ends at the same time ?
11:54 < detha> spectrum
11:56 <+catphish> adnn: you're trying to have a conversation with 2 people at once, but those 2 people can't hear each other, so they talk at the same time, and you can't understand them both at once
11:56 < adnn> can you elaborate?
11:56 < adnn> catphish: ok. So the limitation here is that I have 1 network card, right?
11:57 <+catphish> adnn: sort of, the problem is that both are transmitting on the same frequency at the same time, and the result is just a mess
11:57 <+catphish> for it to work, you'd need 2 NICs operating on different channels, so the 2 messages don't overlap
11:58 < adnn> but that solution would then prevent the edge nodes from communicating even when they come within range of each other
11:58 < adnn> they will be dependent on the middle node
11:59 <+catphish> correct
11:59 < adnn> cool, thanks
12:00 <+catphish> i don't actually know how an access point solves this problem
12:00 <+catphish> maybe it tells the clients when they should each talk
12:00 < Alexander-47u> hi all
12:00 < tapearchive> Hi
12:00 < Alexander-47u> is tthere any way to timeout CLOSE_WAIT connections in a timely manner?
12:00 < Alexander-47u> on linux
12:00 < tapearchive> have you tried google?
12:01 < Alexander-47u> yes but many different answers
12:01 < adnn> catphish: CSMA/CA ?
12:01 < Alexander-47u> but dont mind this guy he is sitting next to me
12:01 < Alexander-47u> anyone?:P
12:02 <+catphish> Alexander-47u: CLOSE_WAIT means your program isn't closing connections, the answer is just to close them
12:03 < Alexander-47u> yes, but im not there to run kill every time
12:03 <+catphish> Alexander-47u: you need to fix the program
12:03 <+catphish> or have whoever developed it fix it
12:04 <+catphish> if a program is leaving connections open, it's leaving them open, not much you can do about it, except to change the program to close them
12:05 < Alexander-47u> lol no it happends when I pull the plug on my raspberry pi
12:05 < Alexander-47u> i port forward a port from the pi to the VPS
12:06 < Alexander-47u> when I pull the plug on the Pi
12:06 < Alexander-47u> it fails to reconnect on boot
12:06 < detha> * * * * * root /bin/bash "if [ $(netstat | grep CLOSE_WAIT | wc -l) -gt 10 ]; then killall program; fi"
12:06 < Alexander-47u> because it stays open
12:06 <+catphish> fix the software to handle it
12:06 < Alexander-47u> and I wish for it to time out more quickly so that autossh can do its thing
12:06 < Alexander-47u> common son. openssh is great software.
12:07 < Alexander-47u> :P
12:07 <+catphish> Alexander-47u: look up tcp keepalive, you can enable this in ssh, and tune the timeouts
12:07 < Alexander-47u> thanks, thats a great answer
12:07 < Alexander-47u> but ah..
12:07 <+catphish> that will close the connection after a specific timeout
12:08 < Alexander-47u> no this should be set in my vps
12:08 <+catphish> ssh may even have an internal keepalive, i'm not sure
12:08 < detha> ssh has two types of keepalive, one in the protocol, one TCP. Both can be tuned independently.
12:08 < Alexander-47u> because the raspberry pi gets shutdown inappropriately in in this use case
12:08 < Alexander-47u> yes, the TCP one, where do I configure this
12:08 <+catphish> i'd use the protocol one first, the OS TCP one isn't great
12:09 < Alexander-47u> on my VPS or Pi?
12:09 < Alexander-47u> pi doet remote port forwarding to the VPS
12:09 <+catphish> what's the actual problem here?>
12:09 < Alexander-47u> does
12:09 <+catphish> if the pi is initiating the connection when it boots, what's the problem?
12:09 < Alexander-47u> when I plug the Pi out without shutting it down properly
12:09 < Alexander-47u> the port stays CLOSE_WAIT
12:09 < Alexander-47u> so it cannot reconnect on boot
12:09 <+catphish> that's not a thing
12:09 <+catphish> SSH can accept any number of connection
12:10 < Alexander-47u> the port is blocked
12:10 <+catphish> no
12:10 <+catphish> but it's possible the port forwards are still in use, so you can't open those
12:10 <+catphish> nothing will block the ssh connection
12:10 < Alexander-47u> yes its in use by CLOSE_WAIT
12:10 < Alexander-47u> :P
12:10 <+catphish> what is?
12:10 < Alexander-47u> the port
12:10 <+catphish> what port/
12:10 < Alexander-47u> the situation is
12:10 < Alexander-47u> the VPS is waiting for a close signal
12:11 < Alexander-47u> while the pi is trying to establish a new connection on the same port
12:11 <+catphish> that's not a thing
12:11 < Alexander-47u> that the pi abandoned in a improper fashion
12:11 <+catphish> ssh can accept any number of connections on the same port
12:12 <+catphish> also, close_wait means the remote end closed the connection but the local end didn't, so i don't see how the client disappearing would cause that on a server
12:12 <+catphish> some things here are confused
12:12 < detha> ssh keepalive would cause that
12:13 < detha> server sees client disappear, closes connection on server end
12:13 < Alexander-47u> catphish, well it doesnt reconnect till i manually kill it
12:14 <+catphish> Alexander-47u: why not? what's the error?
12:14 < detha> 'kill it'. Kill what?
12:14 <+catphish> detha: i don't think so: CLOSE_WAIT - represents waiting for a connection termination request from the local user
12:14 <+catphish> detha: is very much means the remote closed it but the local didn't
12:15 <+catphish> Alexander-47u: do you mean the client still thinks it's connected, and so doesn't reconnect?
12:15 <+catphish> Alexander-47u: if so, the ssh in-protocol keepalive will solve that
12:15 < Alexander-47u> the server things that
12:15 < detha> catphish: would need to check the state diagram, but I believe you. So client did indeed close.
12:15 < Alexander-47u> the client, brings his port to the vps
12:16 < Alexander-47u> client gets shut down violently
12:16 < Alexander-47u> but automatically reconnects on boot
12:16 < Alexander-47u> but that doesnt happen
12:16 <+catphish> Alexander-47u: what's the error?
12:16 < Alexander-47u> because the port 2222, which it uses, is on CLOSE_WAIT
12:16 <+catphish> Alexander-47u: you're wrong
12:16 <+catphish> unless maybe the client's reusing the same ephemeral port
12:16 < Alexander-47u> yes
12:16 < Alexander-47u> it is
12:17 < Alexander-47u> I said that before lol
12:17 < Alexander-47u> it connects back on the same port 2222
12:17 <+catphish> Alexander-47u: well then that's what you should fix? don't use fixed ports
12:17 < Alexander-47u> I have to in this use case
12:17 <+catphish> why?
12:17 <+catphish> that's insane
12:18 < Alexander-47u> is there any way to just have close_wait shutdown more quickly on the VPS side
12:18 <+catphish> the keepalive timeout(s) might fix that
12:19 <+catphish> but i still think you shouldn't be using a fixed source port for this connection, seems like you're creating a problem for no reason
12:20 < Alexander-47u> where do I set this keepalive timeout? It can be short, because autossh will reconnect on the pi's end
12:21 < Alexander-47u> cat /proc/sys/net/ipv4/tcp_keepalive_time
12:21 < Alexander-47u> ?
12:21 < Alexander-47u> its set to 7200 now
12:21 <+catphish> that's one of them (the system one), you also need to enable it in ssh
12:21 < Alexander-47u> 2 hours
12:21 <+catphish> but there's another keepalive in ssh itself which i'd try first
12:22 <+catphish> ClientAliveCountMax and ClientAliveInterval
12:22 <+catphish> why are you using a fixed port anyway?
12:22 <+catphish> i don't even think ssh supports this
12:23 <+catphish> an aggressive clientalivetimeout might solve it anyway
12:24 <+catphish> (ie ClientAliveCountMax and ClientAliveInterval)
12:24 < mAniAk-_-> sysctl values only applies to sockets with keepalive enabled, so the app needs to do it
12:24 <+catphish> i mentioned that
12:24 <+catphish> you can enable that in ssh, but probably best to try its internal timeouts first
12:26 < Alexander-47u> thanks will try
12:26 < Alexander-47u> the thing is
12:26 < Alexander-47u> the system timeout
12:28 < Alexander-47u> doesnt work for 7200 seconds
12:28 < Alexander-47u> because it was a few days ago that I plugged out the pi
12:28 < Alexander-47u> and today it was still on close wait xD
12:28 < mAniAk-_-> catphish: ssh keepalives are tcp keepalives
12:28 <+catphish> mAniAk-_-: no, ssh has its own protocol level timeouts, but also supports tcp keepalives
12:29 < mAniAk-_-> Alexander-47u: it only applies to sockets that use keepalives, applications must explicitly use it as an option when creating a socket
12:29 <+catphish> Alexander-47u: read what both mAniAk-_- and i told you
12:29 <+catphish> YOU HAVE TO TURN IT ON IN SSH
12:29 < Alexander-47u> -ServerAliveInterval 30" -o "ServerAliveCountMax 3
12:30 < Alexander-47u> i used these command line parameters
12:30 <+catphish> there's no point setting it on the client, the client isn't the one keeping the connection open, need to set it on the server
12:31 <+catphish> mAniAk-_-: "It is important to note that the use of client alive messages is very different from TCPKeepAlive (below).  The client alive messages are sent through the encrypted channel and therefore will not be spoofable."
12:31 <+catphish> 2 different mechanisms :)
12:31 < mAniAk-_-> ah ok
12:31 < mAniAk-_-> but setting it on only client should be enough?
12:31 < detha> No. ClientAlivecount on the server
12:31 <+catphish> mAniAk-_-: nope, his client is getting powered off, it's the server holding the connection open
12:32 < Alexander-47u> do i set ths in the sshd config?
12:32 <+catphish> sshd_config, yes
12:34 < Alexander-47u> i see a line TCPKeepAlive yes
12:34 < Alexander-47u> no line ClientAlivecount
12:35 < Alexander-47u> should i add like CLientAliveCount 20?
12:41 < Alexander-47u> so i set
12:41 < Alexander-47u> ClientAliveCountMax 3
12:41 < Alexander-47u> ClientAliveInterval 15
12:41 < Alexander-47u> in sshd_config
12:42 < Alexander-47u> is that good stuff ;P?
12:43 < `whoami`> what does the man says about those options ?
13:11 < regdude> Hi! Should TZSP encapsulate also VLAN tagged packets? It is supposed to encapsulate Ethernet frames, but nothing about VLANs
13:12 < atom138> https://arstechnica.com/information-technology/2018/04/suspicious-event-hijacks-amazon-traffic-for-2-hours-steals-cryptocurrency/
13:12 < atom138> Holy. Moly.
13:14 < lupine> the blame is with HE
13:14 < lupine> but it couldn't have happened to a nicer bunch of people
13:15 < atom138> Well they aren't the last
13:25 <+catphish> lupine: whose router did the compromise?
13:29 < mrtnt> Am I correct that TCP "receive window"(which is a "send window" for sender) has nothing to do with TCP congestion control? TCP "receive window" is solely a property of TCP flow control?
13:30 < T_r3x> Hi everyone. I'm not sure if this question belong here but I'm looking for an open source messaging platform which I can host on my personal network and also has open APIs.
13:30 <+catphish> T_r3x: what kind of messaging?
13:31 <+catphish> you could install an IRC server, or an xmpp server
13:31 < lupine> catphish: some ISP pushed routes to HE for IPS it didn't own, which accepted them
13:31 < T_r3x> I want to create a chatbot to which I can tell something to do over this this messenger.
13:31 < lupine> presumably said ISP was compromised rather than malicious, but who knows
13:31 <+catphish> lupine: i just found some info, apparantly the ISP was "eNet"
13:31 < lupine> HE shouldn't have accepted the routes
13:32 <+catphish> interesting i never received the bad route, so i'm not totally sure who accepted it and who didn't
13:34 < T_r3x> @catphish : I can use IRC but is there any more user friendly alternative because I'm not the only one who would use this chatbot.
13:36 < djph> T_r3x: y'know, there are real people on IRC, some of them can even pass a Turing Test.  Loads better than a chatbot...
13:39 <+catphish> T_r3x: see also xmpp
13:39 < detha> catphish: HE claims it came from a route server at equinix. They could have done radb filtering, but that's about it
13:39 < T_r3x> @catphish : Looking into it now.
13:40 <+catphish> detha: that makes a lot of sense, not just HE then, obviously google accepted it
13:40 < detha> apparently it got into some of google's 8.8.8.8 for a while
13:41 < detha> but if google took it from HE, or directly, the story doesn't tell
13:41 < bgsteiner> Yeah but google is just a mirror comming from amazon
13:42 < bgsteiner> Well i guess dnssec wouldnt have helped
13:43 < Peng_> Equinix said it was customer equipment and nothing's their fault
13:43 < detha> dnssec would have helped here
13:44 < detha> equinix is talking about the server that hosted the fake DNS there
13:45 < Peng_> detha: Oh! Sorry.
13:45 <+catphish> dnssec would have helped, as would route server filtering, the latter is more realistic
13:45 <+catphish> i doubt google take transit from HE, but dunno
13:45 < Peng_> DNSSEC would have helped, but if the domain was using DNSSEC, the attacker could've just done something else.
13:46 <+catphish> remember, this site has TLS, users intentionally ignored the warning and logged into a wallet. they ignored a certificate warning, and logged into a waller
13:46 <+catphish> *wallet
13:46 <+catphish> there's literally no helping some people
13:47 < detha> true. but since the attacker had control over DNS for the domain, they could just as easily have put a letsencrypt cert on it, or bought a legit DV cert on a stolen credit card
13:48 < Peng_> It's not known which routes Let's Encrypt saw
13:48 <+catphish> i really hope DV providers wouldn't trust a single route to DNS
13:48 < Peng_> But yes probably some DV CA was affected
13:48 <+catphish> i'm 90% sure letsencrypt has protection against this sort of thing
13:49 < Peng_> What kind of protection?
13:49 < detha> letsencrypt goes through quite a bit of effort to get routes from multiple places
13:49 <+catphish> Peng_: checking dns from multiple ASs
13:49 <+catphish> Peng_: if they don't they really really should
13:49 < detha> they do
13:49 < Peng_> They don't, currently.
13:49 <+catphish> well i do hope they add that
13:50 <+catphish> of course, it all depends how widely you can inject your routes
13:50 <+catphish> but it would help a lot
13:50 < Peng_> Their staging environment actually does validate from multiple locations, and they're cooperating with researchers on the subject.
13:51 <+catphish> also, maybe don't run all your DNS servers on < /24 routes
13:51 <+catphish> Peng_: cool, should help a lot if they can get some good validation in place ter
13:51 <+catphish> *there
13:51 <+catphish> i thought i read they were doing it
13:51 < tds> there's an interesting paper on getting certs via prefix hijacking: https://www.princeton.edu/~pmittal/publications/bgp-tls-hotpets17
13:52 < Peng_> All of their secondary validation servers on AWS at the moment. :D
13:55 <+catphish> the most impressive thing is that they served what must have been a significant portion of amazon's DNS from a small server for 2 hours :)
13:55 <+catphish> maybe they just dropped requests they weren't interested in, but that must have been some serious PPS
13:55 < detha> not really - they dropped everything not for one or two domains
13:55 < tds> iirc weren't they returning servfail?
13:55 < tds> I may have misremembered, though
13:56 <+catphish> i guess that makes it a little easier then
13:56 < detha> they routed a couple of /24s, but dropped everything not for 3 or 4 particular addresses
13:56 <+catphish> well that's one less ISP with easily compromised BGP i hope :)
13:57 < TandyUK> lots more learnign from it and protecting themselves too i hope
13:58 < TandyUK> every time somethign like this happens, i just remind myself of when pakistan null routed youtube
14:06 < linuxmodder> lol TandyUK
14:07 < linuxmodder> that was what 2 or 3 tears ago now?
14:07 < TandyUK> if not more lol
14:08 < linuxmodder> Why dnssec + knowing your normal routings from locations can be useful
14:09 < thomas_25> what is a good cross platform tool to diagnose network problems
14:09 < thomas_25> i have a win10 and a mac and even the LAN connections are very weird
14:10 < thomas_25> at this point I have tried nc'ing from mac to the FTP server on Win10
14:10 < thomas_25> it took a few seconds to even establish the connection
14:18 < TandyUK> id check your infrastrusture (switches, cables, etc) first tbh
14:18 < linuxmodder> tshark (terminal of wireshark) ethercap or simple nc | nmap should be sufficient
14:18 < TandyUK> basic things like swap out the patch leads just to be sure
14:19 < linuxmodder> or dropping something like packet tracers on parts of the infra to confirm the traffic continuity
14:20 < flying_sausages> Hey guys, I'm trying to set up a wifi ap on a development board and run a dhcp server on it so devices connected to the wifi can talk to the router and whatever software will run on it. But I can't get my DHCP to run and my devices are self-allocating IPs it seems.
14:20 < flying_sausages> I've got a dump with all the relevant info here I hope
14:21 < flying_sausages> https://pastebin.com/raw/QVYLimuQ
14:21 < flying_sausages> if someone could take a look that would be grand :)
14:24 < dogbert2> splitsville
14:24 < light> flying_sausages: tcpdump -i mlan0
14:26 < detha> flying_sausages: looks sane, if you want the interface to be .40.10 also put that in /etc/interfaces. Otherwise what light says.
14:26 < flying_sausages> light, I'll have to re-compile an image with this package for the board, anyo other way I could gather the data you'd need?
14:27 < flying_sausages> I'll start compiling it now though
14:27 < light> wireshark on the client then
14:27 < detha> wireshark on doze, if it can handle the wlan adapter
14:30 < flying_sausages> ok guys sec gotta get it
14:31 < thms> https://blog.cloudflare.com/bgp-leaks-and-crypto-currencies/ -> How was 1.1.1.1 affected when it's 205.251.19x.0 that was hijacked ? Can anyone enlighten me ?
14:34 <+xand> I think that's just an example
14:34 < Peng_> 1.1.1.1 wasn't hijacked. They used it as an example in the article.
14:35 < Peng_> However, Cloudflare's recursive DNS servers certainly do send lots of queries to the Route 53 authoritative DNS servers, and the hijacking did have some impact.
14:35 < light> "This poisoned DNS resolvers whose routers had accepted the route. This included Cloudflare DNS resolver 1.1.1.1."
14:36 <+xand> yes it would affect 1.1.1.1's "upstream"
14:36 < light> can you use a salmon analogy?
14:36 <+catphish> 1.1.1.1 forwards queries to the authoritative servers, those are what got hijacked
14:37 < detha> So one can conclude that cloudflare buys transit from HE
14:38 <+catphish> why?
14:38 < BottomX> catphish: Wat is that 1.1.1.1 whether it's a password
14:38 < BottomX> ?
14:38 <+xand> what
14:38 <+catphish> HE arent special in all this
14:38 < detha> catphish: didn't you prove that the 'wrong' route didn't appear in your HE peering?
14:39 <+catphish> anyone who peers at the same exchange could have accepted those routes, or anyone who pays HE
14:39 <+catphish> detha: it wasnt in my HE peering, but it was in HE's full table
14:39 < detha> Therefore, CF pays HE money
14:39 < Peng_> Not sure if you've read Cloudflare's blog post, but they listed which of their locations used the bad route.
14:42 < thms> xand, Peng_ thanks :)
14:58 < mfreitag> alco catphish building on our discussion about BCP38 yesterday and how if I'm your upstream provider your prefixes are none of my business, I disagree even tho I trust you to not be malicious, I don't trust you to not fat finger something
14:59 <+catphish> mfreitag: i don't see how fat fingers are a problem
14:59 <+catphish> the only problem is with compromised hosts afaik
15:00 <+catphish> it's not like you can do any damage by misconfiguring a source address
15:00 <+catphish> but there's no arguing that most end users can't be trusted not to get their machines compromised and participate in DDoS attacks with spoofed IPs
15:00 < detha> catphish: fatfingering things in BGP announcements breaks interwebz
15:00 < TandyUK> BCP38 stops a lot of outgoing DDOS
15:01 <+catphish> detha: this was about source address filtering, not BGP
15:01 < mfreitag> maybe I misunderstood BCP38 when I read it :\
15:01 < mfreitag> I need to read that agan XD
15:01 < mfreitag> *again
15:01 < TandyUK> BCP38 is primarily for consumer isps for example, so their DSL users cant spoof source addresses in udp traffic
15:01 < detha> bcp38 was about reverse path filtering, mainly, iirc
15:01 <+catphish> mfreitag: it's extremely simple, all it says it "don't allow packets to leave your network unless their source IP belongs on your network"
15:01 < TandyUK> so they cant send traffic claiming to be originatiing off-net
15:02 <+catphish> so it prevents DDoS attacks where hosts spoof random IPs, or the IP of the attack target as their source
15:04 <+catphish> 99.9% of the time, it's awesome, the 0.1% of the time i'm trying to do something weird using my own IPs with a residential ISP it's annoying
15:16 < dogbert2> who is your provider, catphish
15:17 <+catphish> i have several in the UK
15:22 < flying_sausages> ok, a whole different issue. I have two Ubuntu 16.04 hetzner servers both with a 1Gbps line but I'm getting like 4MB/s, can anyone try help me torubleshoot this? What tools should I get to try
15:23 < detha> an email client, to send a complaint to hetzner ?
15:24 < flying_sausages> hahaha
15:24 < flying_sausages> well, is it possible I fucked it up myself to begin with?
15:24 < flying_sausages> I'm running iperf3 and I'm gettin &MB/s
15:24 < flying_sausages> *8MB/s
15:24 < detha> between where and where ?
15:25 < flying_sausages> FSN1-DC7 and NBG1-DC1
15:25 < tds> catphish: what's the expected way for providers with downsteam customers to filter source addresses - just based off irr data?
15:25 < flying_sausages> two cities in germany I'm assuming, the latter being nurmberg..?
15:25 <+catphish> tds: for BGP, yes
15:26 < detha> flying_sausages: get speedtest-cli and see what your bandwidth to some random server is
15:27 < flying_sausages> yeah I'm iperfing bouuyhues in france and I'm getting 4MB/s
15:27 < detha> MB or Mb by the way?
15:27 < flying_sausages> all MBs sop far
15:27 < flying_sausages> NOW
15:28 < flying_sausages> 845 Mbit down and 234Mbit up to ludwigsburg
15:28 < flying_sausages> so that's my gigabit right there
15:28 < flying_sausages> let's try server 2
15:28 < afx> im pretty sure those speeds are not guarantieed
15:29 < UncleDrax> it's the Internet, nothing is guarenteed
15:29 < flying_sausages> actually I think they might be, lket me check
15:29 < afx> i mean
15:29 < flying_sausages> or some reasonable number like 100Mbit
15:29 < detha> if those are VPSs, you will probably be told "The T&C say 'up to 1Gb/s'"
15:29 < djph> UncleDrax: is that a guarantee?
15:29 < afx> it is guarantieed to hetzner but not to hetzner clients (and not anything else on the internet of course)
15:30 < afx> and i guess this 1gbps pipe is shared to tons of vpses
15:30 < UncleDrax> djph: I guarantee that nothing is guaranteed ;]
15:30 < afx> because they cant be priced so cheap if that 1gbps was dedicated :P
15:30 < flying_sausages> well I got two hetzner boxes >:(
15:30 < flying_sausages> gdermit
15:30 < afx> do you know how much 1gbps guaranteed pipe costs per month?
15:30 < afx> :)
15:30 < flying_sausages> nope
15:30  * dogbert2 gets ready for w3rk...l8r
15:30 < UncleDrax> and a 1Gbp to.. 'where'?
15:31 < flying_sausages> more than 60e/mo im assuming
15:31 < afx> also that
15:31 < afx> yea. they had to utilize (i.e. share it)
15:31 < afx> and also even the closest servers you test wit
15:31 < afx> may not be able to provide dedicated line for the same reasons
15:31 < UncleDrax> 'The Internet'? you literally cannot guarantee anything past your borders on the Internet. The next-hop can molest your packets, have way over-sub'ed links, or have failing equipment.
15:31 < flying_sausages> either way the connection is slow only between my two servers
15:33 < ZedHeadTed|> UncleDrax: Would an MITM attack be considered molesting packets?
15:33 < flying_sausages> back to the original issue at hand, what could the most likely blocks be for slow sleepds like these?
15:33 < flying_sausages> I'm using SFTP but I was getting 35MB/s before I reinstalled my destination server
15:34 < UncleDrax> ZedHeadTed|: unless it's a passive MITM, which isn't very MITM actually, then yes, you're molesting packets.
15:34 < detha> flying_sausages: buffer sizes/
15:34 < mAniAk-_-> flying_sausages: your servers and/or anything between them
15:36 < mAniAk-_-> flying_sausages: try iperf3 and an udp test instead, try some bandwidth values, test multiple streams, see if theres any packet loss
15:42 <+catphish> ugh, wonder why my ISP feels compelled to offer such poor upload speeds seemingly without any technical reason, mine just emailed to say they're getting rid of data caps on many packages after a network upgrade, my package seems to still have a data cap, but now only 10% upload bandwidth
15:44 < UncleDrax> it's a dirty way of creating an artifical cap, and mitigating (if relvent) copyright issues and people home-servering eating up BW
15:45 < UncleDrax> that said, are they selling a higher up rate?
15:47 < pathrocle> is it posible to get a web server running on private lan to be run on https not http (posible for free ? )
15:47 <+catphish> UncleDrax: nope, they just don't seem to offer faster speeds
15:47 <+catphish> UncleDrax: i don't think copyright is really an issue, 1) why would they care 2) you can infringe copyright perfectly well at 10Mbits :)
15:47 < UncleDrax> catphish: well that's silly. if you're gonna artifically reduce and cap Up, sell a better package at least! what's the point of only being half-evil.
15:48 <+catphish> UncleDrax: may well be aimed at discouraging things that eat bandwidth all the time though
15:48 <+catphish> one thing i'd like to do is run my CCTV server off-site, and it kinda stops me doing that
15:48 < ldiamond> pathrocle: you can make your own certificate, sign it, and add your CA cert to your client devices.
15:49 <+catphish> but there can't be many residential users that want to upload all the time
15:49 < UncleDrax> catphish: eh i dunno.. a lot of DIYs and semi-Tech people are into home-IP Cams now. plus security companies sell that too, etc.
15:50 <+catphish> UncleDrax: thats true
15:50 < UncleDrax> plus bot-netted IoT crap ofc
15:50 <+catphish> according to their website, my plan has changed from 100/50 to 100/10, hardly the upgrade the email subject promised
15:51 < UncleDrax> ya that's.. weird.
15:52 < TandyUK> [14:47] <pathrocle> is it posible to get a web server running on private lan to be run on https not http (posible for free ? )  << Pretty sure a lets encrypt cert would work, though you might need to open it up to the world to ge tthe cert issued
15:52 <+catphish> if they can offer 350Mbps download with no data cap, why can't i have 50Mbps upload with no data cap, it costs the same (maybe even less, you have to assume since they're not a host, their upstream is less congested)
15:53 <+catphish> pathrocle: if you want the cert for free you'll need to use letsencrypt, which means opening the server publicly
15:53 < TandyUK> catphish: they probably have very asymmetric links
15:53 <+catphish> pathrocle: alternatively, just buy a cert
15:53 <+catphish> TandyUK: maybe their backhaul is asymmetric, i hadn't considered that, they share it with a company that does hosting
15:54 < TandyUK> that might even be why, but i know our DSL backaul doesnt have to by symmetric
15:54 <+catphish> i assumed they just rented a whole wave each way, but maybe not
15:54 < TandyUK> eg i can buy 10g down, 1g up
15:54 <+catphish> anyway, i asked them if they can do better
15:54 <+catphish> interesting, that's probably what they do, i'll see what they say, but that makes a ton of sense
15:56 < detha> catphish: also, down comes 80% from caches the CDNs give them, upstream they don't have a clue where it goes
15:57 <+catphish> i doubt they have any local cache, but it's certainly possible, if netflix have an off the shelf cache, they may well have one of those
15:58 < TandyUK> generally these are in the exchanges
15:58 < TandyUK> eg, anyone peering at telehouse can access any of the cdns there (once they set up peerings)
16:00 <+catphish> makes sense
16:00 < detha> if you do over 1Gb/s or so from netflix, they will ship you a cache box
16:00 <+catphish> i figured it was more about the backhaul
16:01 < thothcastel__> thanks to all who were helping me yesterday with an ASA5525-x - connection via http and asdm - I have now upgrade its image to 9.9 together with its relevant ASDM and it works -D
16:02 <+catphish> most of my upload is peered, but i guess they don't know that :)
16:02 <+catphish> my CCTV would be anyway
16:02 < pathrocle> catphish, how can i buy one for a local ip?
16:02 <+catphish> pathrocle: you can't, you need a domain name
16:02 <+catphish> pathrocle: or you can just generate your own CA and sign your own certificate
16:04 < thothcastel__> asdm 7.9.2 compatible to 7.5.2
16:06 < RogerFederer_> hey
16:06 < RogerFederer_> am i alllowed to ask a question
16:07 < UncleDrax> that was a question, and you asked it, so we'll go with 'yes'.
16:07 <+catphish> i'm glad the drbd documentation makes this clear: Data loss is, of course, inevitable even with this replication protocol if all nodes (resp. their storage subsystems) are irreversibly destroyed at the same time.
16:07 <+catphish> in case there was any doubt
16:07 <+xand> you don't exactly have to make servers public for letsencrypt... you can allow only http/80 to the world and require all real access to be via 443
16:08 < UncleDrax> catphish: I've been happy with my limited DRBD deploy thus far (using it underneth Ganeti). 'just works'. but ya, that's the obligatory 'HA != DR' reminder that too many people still need.
16:08 < RogerFederer_> is this a tennis channel
16:08 <+xand> yes definitely
16:08 <+xand> you can tell by the naem
16:09 < RogerFederer_> i have won consecutive grand slam titles
16:09 < RogerFederer_> as well as Rolland Garos
16:09 < redrabbit> what's up doctor
16:10 < UncleDrax> What does Tennis and Networking having in common.. let me ponder.. both use the term 'Net' a lot. Both: If you look you see plenty of balls (sorry, had to). some other stuff I imagine
16:10 <+catphish> i'm trying to work out if i can make a pair of linux boxes that to iscsi in a synchronous multipath manner with replicated data
16:10 <+catphish> it seems there's no off the shelf way to do this
16:10 < RogerFederer_> because i am extremely good at hitting the tennis ball over the tennis net
16:12 < rjphares> i this channel for c/c++ networking?
16:12 < rjphares> j/w
16:12 < RogerFederer_> no its for tennis
16:12 < rjphares> right on
16:12 < redrabbit> yeah
16:13 < UncleDrax> catphish: ya, that's a level of storage I haven't had to get to yet. doing something like Ceph/Gluster won't accomplish the same goal for what you need?
16:13 < RogerFederer_> at 36 years old i am still able to hit my mighty kick serve
16:14 < ZedHeadTed|> RogerFederer_: You're my favorite tennis player! <3
16:14 < RogerFederer_> this is because i am the best
16:15 <+catphish> UncleDrax: i don't think so
16:15 <+catphish> i do like gluster, but this is kinda different, separate storage nodes with iscsi
16:15 < zamba> hi! we have a protocol that is very sensitive to jitter and latency issues.. so we were thinking about setting up some sort of proxy that will introduce some buffering to iron over the jitter and latency issues
16:15 < zamba> does this sound like a proper way of addressing this?
16:15 < redrabbit> how do you deal with tennis elbow
16:16 < zamba> the latency is 600 round trip
16:16 < UncleDrax> 600 milliseconds or microseconds?
16:16 <+catphish> zamba: why not just put the buffer in the app
16:16 < zamba> and there is some jitter on the connection as well
16:16 < RogerFederer_> i use a specially designed ultra boost arm max wrist band
16:16 < zamba> catphish: unfortunately the app is written to use on LAN-grade network
16:16 < zamba> UncleDrax: milliseconds
16:17 < flying_sausages> mAniAk-_-, I tried booting into a rescue system and tried iperf there and there I get nice speeds
16:17 < flying_sausages> so I know that it's the config of the machine, somehow
16:17 < flying_sausages> nothing in between
16:17 <+catphish> zamba: well the only options are to fix it, or proxy it, you're right
16:17 < zamba> catphish: how would you go about creating the proxy? i mean which methology?
16:17 < zamba> because the speed needs to be more or less maintained
16:17 < RogerFederer_> you need a proxy to iron over your latency and jitter issues
16:17 <+catphish> it's not very hard, just a pair of sockets and a fifo
16:18 < zamba> catphish: the problem is that the LAN side of the proxy will output data faster than the incoming side of the proxy
16:18 < zamba> catphish: we need to try and maintain the timing as best as we can
16:18 <+catphish> zamba: not if you write it properly
16:18 < zamba> catphish: exactly.. so that's why i'm asking about which methology to achieve just that :)
16:19 < zamba> what tools/methods to use to try and maintain a fixed speed towards the lan side, for instance
16:19 < RogerFederer_> why dont you just iron over your protocol with a correct proxy socket
16:19 < zamba> sigh
16:19 < zamba> i can't touch either end of the protocol
16:19 < zamba> it's not MY procotol
16:19 <+catphish> well at its simplest, you just need a timer, send a packet every time it fires, stop if there are < n packets in the buffer
16:19 < zamba> black boxes at either side
16:19 < zamba> catphish: the problem is the stopping
16:20 <+catphish> until there are > x packets in the buffer
16:20 < zamba> catphish: if we stop, the connection breaks
16:20 <+catphish> zamba: well you can't do anything about that
16:20 <+catphish> you can't make packets from nowhere
16:20 < RogerFederer_> yes the problem seemes to be the buffer filling up with protocol packets
16:20 < zamba> so we need to throttle down the speed somehow
16:20 < zamba> to account for missing/late-arriving packets
16:20 < rjphares> anyone know of any c/c++ network projects for beginner?(windows)
16:20 < mAniAk-_-> zamba: stopping is throlling down...
16:20 <+catphish> are these packets send at fixed intervals?
16:20 < zamba> mAniAk-_-: true
16:20 <+catphish> if so, i already gave a solution
16:21 < zamba> catphish: so far i haven't inspected the stream itself.. i'm waiting to get access to the equipment so i can test
16:21 <+catphish> run a timer, send one packet per timer interval, if there are < x packets in the buffer stop, if there are > y packets in the buffer, start
16:21 < RogerFederer_> i think it could be a technical issue
16:22 < zamba> mAniAk-_-: but that's what i can't do, i can't stop. so i have to have a big enough buffer (guesswork) to account for all the potential jitter issues that can arise
16:22 < ||cw> zamba: you might be over thinking this
16:22 <+catphish> if you want it to be smarter, and the packet rate isn't fixed, then adjust the timer interval up or down gradually depending on the size of the buffer
16:22 < zamba> catphish: there are certain packets in the stream that has to arrive at more or less fixed intervals
16:23 < RogerFederer_> yes use a dynamic timer responsive interval implementation shit
16:23 < zamba> ||cw: oh?
16:23 < ||cw> instead of trying to account for every possible optimization, just make the basics and tweak as needed
16:23 <+catphish> zamba: the other option is to set the timer based on the size of the buffer, if it starts to get smaller, stretch out the timer interval
16:23 <+catphish> try both ways, have fun with it :)
16:23 < ||cw> simply smoothing the incoming jitter may be all you need
16:24 < detha> zamba: if you can not touch the protocol, then only 100% reliable way is to encap it in something with timestamps, proxy on both sending and receiving side
16:24 < RogerFederer_> zamba the timer and the buffer are highly related
16:24 < ||cw> you do need to make it adaptive to keep the latency down.
16:25 < ||cw> if it's a 2 way stream anyway.  if it's just one way, buffer away.
16:26 < zamba> ||cw: yeah, that's what i'm thinking as well
16:26 < zamba> ||cw: but how do you "smooth the incoming jitter"? :)
16:26 < mAniAk-_-> zamba: unless there is congestion on the parts of the network path that you control you dont really need to do anything
16:26 < ||cw> make the buffer size dynamic, measure jitter as you're doing the initial buffer and make big enough to span any jitter plus a little padding
16:26 < mAniAk-_-> zamba: if there is congestion just prioritize it, give it a commited rate it can send
16:27 < RogerFederer_> zamba you need to set the congestion route to an interval the buffer can adapt at
16:27 < zamba> ||cw: how long of a sampling period do you estimate for this?
16:27 < zamba> ||cw: are we talking seconds?
16:27 < RogerFederer_> possibly
16:27 < ||cw> depends on what time delay you want to hold
16:27 < zamba> yeah, agreed
16:28 < ||cw> and the data rate
16:28 < zamba> i'll return with this project once i have some more details to work with
16:28 < zamba> for now we're going to do some initial testing to see the datarate, jitter and stuff like that
16:28 < detha> zamba: greatly depends on what the sender does. If time between packets at the sender is constant, easy. If it varies, you are stuffed
16:28 < zamba> i proposed just doing packet dump at the sender and receiving end and inspect the differences
16:29 < zamba> detha: hehe, yes
16:29 < Aeso> zamba, that's a good place to start
16:29 < zamba> ok, guys.. thanks for now! i'll be back :)
16:29 < RogerFederer_> zamba do u have any more technical questions
16:29 < zamba> RogerFederer_: i probably will, later on
16:29 < RogerFederer_> because it seems like you're just crapping on
16:30 < zamba> RogerFederer_: huh? what?
16:30 < RogerFederer_> i am highly good at tennis
16:31 < flying_sausages> hey again small recap, so I've got wo hetzner machines that should have a gigabit connection between them but they don't when trying iperf3, where I get like 53Mbit and that's it. Both machines independently perform to other speedtest servers as they should. When I boot into rescue on machine that's receiving and run iperf3 then, then I get good speeds, so the issue must be on machine 2, which is running Ubuntu
16:31 < flying_sausages> 16.04 I guess. Any idea where to start looking
16:31 < zamba> you seem more high than good
16:32 < RogerFederer_> well first of all iperf3 is not the latest edition
16:33 < RogerFederer_> that is why you are getting superior latency but not speed
16:33 < flying_sausages> I get good speeds to other servers but not my hetzner1
16:34 < flying_sausages> but that is only the case when in my ubuntu 16.04, when I boot a rescue debian the speeds are fine
16:34 < RogerFederer_> did u configure the mainframe?
16:34 < flying_sausages> sorry what?
16:34 < RogerFederer_> the mainframe
16:34 < tds> how were you performing the other speedtests, using public iperf servers or just wgeting large files or something?
16:34 < flying_sausages> tds, speedtest-cli
16:34 < detha> flying_sausages: compare sysctl values between fast and slow instances
16:34 < flying_sausages> RogerFederer_, are you EricAndreing me?
16:36 < flying_sausages> detha, /etc/sysctl.conf ?
16:36 < detha> flying_sausages: to be sure, 'sysctl -a | grep net'
16:37 < flying_sausages> okok
16:38 < flying_sausages> but how could a different OS make a difference when connecting to a specific IP..?
16:38 < flying_sausages> or OS config
16:44 < flying_sausages> radio check
16:44 < flying_sausages> detha, this is what came up, I have no idea what any of it does though :( https://www.diffchecker.com/vD7wA1ot
16:44 < flying_sausages> left is bad, right is good
16:46 < tds> what are these servers running?
16:46 < tds> if there weren't any changes in /etc/sysctl.conf, it sounds like some application is modifying them
16:47 < detha> debian vs. ubuntu, different kernel versions
16:47 < detha> (and slightly different defaults, but nothing that jumps out)
16:48 < nikitasius> morning folks, have a question to ask.. When i test with MTR and i see latency 5mc it mean 5 ms from me to target AND back (i.e. 2.5+2.5) or it's a half way and finally it will be 5+5=10 ms ?
16:48 < nikitasius> im completely bugged with.. normally it's RTT full time.. i guess
16:49 < flying_sausages> tds, Ubuntu 16.04
16:49 < detha> RTT, i.e. there and back
16:49 < flying_sausages> hetzner2 should be running nginx, znc, rtorrent, vsftpd, fail2ban, ufw,
16:49 < nikitasius> detha: well when i ping or use MTR and i see 5ms, mean there and back i.e. full road? I'm correct?.. :|
16:50 < detha> correct
16:50 < nikitasius> detha: thanks. i was worring what final time will be 2x time
16:50 < tds> the path it shows is only for the route there though, you can't know the reverse route without access to the remote system (ish)
16:51 < drathir> detha: hmmm... net.unix.max_dgram_qlen what stand for ?
16:52 < detha> drathir: I'would have to dig in kernel source, but something udp something I guess.
16:53 < flying_sausages> detha, of the list above f2b can't be a culprit, stopped it and it's fine
16:53 < drathir> detha: thanks,  no no needed if thats udp connected...
16:54 < detha> flying_sausages: silly question, but are IP address,  routes and MTU the same for rescue and ubuntu?
16:54 < flying_sausages> tds, uff no clue but both are untouched
16:55 < flying_sausages> sorry, I meant to ping detha
16:56 < detha> flying_sausages: doesn't mean they are the same though - different distributions set different defaults.
16:56 < detha> Also, does this affect speed both ways, or just one-way ?
16:57 < drathir> detha: yea but that could be anything fw/router traffic shaping ^^ even hijacking dns ^^
16:57 < flying_sausages> detha, damn you're onto something, the other direction ()hetz2 -> (hetz1) the speeds are fine
16:58 < drathir> flying_sausages: try use iperf...
16:58 < flying_sausages> iperf or iperf3?
16:58 < detha> drathir: he is
16:58 < flying_sausages> i am using iperf3
16:58 < drathir> flying_sausages: can try both ^^
16:59 < drathir> flying_sausages: pm ip of server?
16:59 < flying_sausages> drathir, for iperf3?
16:59 < drathir> flying_sausages: yep...
17:04 < drudge`> woa, that was quite the split
17:06 < drathir> thats not me i hope *hides*
17:09 < jvwjgames> why do those happen
17:10 < UncleDrax> netsplits? when IRC Server nodes can't talk to one another
17:11 < UncleDrax> for whatever reason.
17:11 <+xand> clogged tubes
17:11 < UncleDrax> legit
17:11 < UncleDrax> someone flushed something they shouldn't have into the Internet
18:09 < derp10327> Trying to plan out a fictitious network for a class and am basically done with the logical plan. Just need to add subnet and ip addresses to the diagram. Decided to check my pc's ethernet info to get a start on that business when I discovered this:
18:09 < derp10327> https://i.imgur.com/gIOkCjV.png
18:09 < derp10327> how in the fuck am I online rn lol
18:10 < paradis> my home wifi is crappy. can someone from the internet cause it?
18:10 < tds> derp10327: do you have an ip on the vethernet interface?
18:10 < derp10327> @tds, lemme check lol
18:10 < tds> I don't use windows, but that sounds like it might be some kind of bridge device attached to the physical interface
18:10 < derp10327> it's for hyper-v
18:10 < Quatermass> all the botnets are showing their undies :P
18:11 < skyroveRR> paradis: are you getting less bandwidth?
18:11 < derp10327> @tds, yeah that has my correct info in it. wtf, that's not a virtual switch then lol
18:11 < paradis> skyroveRR: yeah after I went to some webchat
18:12 < skyroveRR> paradis: what's your internet speed, and how much are you getting?
18:12 < skyroveRR> * what's your total internet speed
18:13 < paradis> my internet is not stable sometimes its okay but most of the time its crappy
18:13 < tds> derp10327: at least with linux bridges you typically don't assign IPs on the physical interfaces and put them on the bridge instead (similar to a "virtual switch I guess), I'm not familiar with how windows does it but that sounds similar
18:13 < paradis> i went to a gay channel and made fun of them
18:13 < skyroveRR> Heh
18:14 < derp10327> yeah, just caught me by surprise lol. Only created that switch the other day
18:14 < paradis> is it possible they are the reason my internet is crappy?
18:15 < skyroveRR> paradis: probably..
18:15 < derp10327> By god this is the dumbest assignment ever though. I had the choice between doing this "network design" project or interviewing a network administrator (who I'd have to find and convince to do the interview with) for AT LEAST four hours
18:15 < derp10327> Unfortunately, I'm not a big enough dick to waste half of someone's day
18:15 < paradis> if so, how do I fix this skyroveRR
18:15 < skyroveRR> Get off the internets, they are coming for you!
18:15 < derp10327> lool
18:17 < derp10327> he's safe now
18:17 < skyroveRR> He left? I'm actively ignoring join/quit/part messages...
18:17 < derp10327> yeah lol
18:17 < skyroveRR> hah
18:18 < Demos[m]> Ok so are there sane reasons to have rsync with permissions rwsr-x-rx?
18:19 < derp10327> So I've picked a subnet for the network, 255.255.255.0, https://i.imgur.com/9Rjg3dB.png should I assign the first host to the router?
18:20 < derp10327> also welcoming all feedback on that logical plan lol
18:20 < tds> first major issue, you're using legacy IP ;)
18:21 < derp10327> What do lol
18:21 < derp10327> vs ipv6?
18:22 < tds> yes
18:22 < derp10327> we barely discussed ipv6, I think I'll save myself the hassle since it's not even a real network lol
18:23 < Dagger> it should be zero extra hassle... or in fact less hassle if your v4 plan involves NAT
18:25 < derp10327> this plan includes nothing tbh
18:25 < derp10327> I was only made aware a few days ago and have very few realistic requirements. The only true realistic requirement is pricing (yet there's no budget)
18:28 < jnewt> need some help getting local dns working properly.   i have an edgerouter lite, i have use-dnsmasq set to disable and hostfile-update set to enable.   dhcp is working.   i can ping static hosts on the LAN by ip and name, i can ping dynamic ones by ip, but not name.  i cannot ping the router by name, only ip.
18:30 < Quatermass> look at all the [m]'s lol
18:31 < MrPockets> y
18:37 < dude12312414> what kind of meme is this
18:38 < johnnyap0l> i guess the matrix irc gateway went down for a bit and then came back up
18:38 < johnnyap0l> like a mini netsplit
18:38 < grawity> that gateway gives a whole new meaning to 'a glitch in the matrix'
18:38 < johnnyap0l> rofl
18:38 < johnnyap0l> good one :)
19:04 < `whoami`> hi, when your router uses the same subnet for wireless and wired interfaces, there's still some forwarding involved, right ?
19:05 <+xand> `whoami`: they are bridged together usually
19:07 < `whoami`> mh okay, bridges is a subject I need to dig a bit, thanks !
19:29 < Kythlo> Does Miracast affect wireless access points in anyway? Like the frequency or anything?
19:35 < CWR|90783> hi
20:29 < UncleDrax> so.. customer partial-table/default-only BGP peering.. thoughts on making my (thier upstreams) IP be VRRP..  Y/N/A/R/F?
20:30 < UncleDrax> guess I should ask the more savvy customers what they prefer and what thier expected failure state is
20:31 < obcecado> doesnt vrrp require ips for each router? besides the vip
20:31 < obcecado> public ips i mean
20:32 < detha> UncleDrax: rather think about how badly unsavvy customers can break it
20:35 < WebDoll> Can I have 3 wireless access points in my house with roaming? …so users logged into one will automatically switch to the closest access point with the strongest signal?
20:35 < E1ephant> just use the same ssid and settings
20:35 < E1ephant> and the clients will pick the best AP
20:36 < WebDoll> E1ephant: Are you sure?
20:37 < E1ephant> WebDoll: errr, are you unsure?
20:37 < E1ephant> you seem unsure
20:37 < WebDoll> I know the log in will happen with all 3, but will the clients know to keep comparing signals and switch when advisable?
20:37 < E1ephant> that is how it generally works in wifi
20:38 < detha> WebDoll: yes
20:38 < WebDoll> Sweet.
20:38 < WebDoll> Sweet Georgie Brown.
20:38 < detha> That said, the shittier the client, the later it will switch
20:38 < E1ephant> any manipulation the APs do will effectively just mess with TX power, to "scoot" a client to a new AP
20:38 < WebDoll> So then which wireless access points?
20:38 < WebDoll> What's the good stuff?
20:38 < E1ephant> yeah the client making the decision is largely your problem
20:38 < E1ephant> turning down power is often just as agood a solution as more power
20:39 < E1ephant> ruckus, aerohive?
20:40 < E1ephant> for a home though, that is pretty high end budget imho.
20:41 < WebDoll> This is for a home. I need a main router/gateway with *NO* wireless that will connect to a DOCSIS 3.0 cable modem. From there, I want to use the router's Ethernet ports to branch out to 3 locations in the home. Each location needs an 8-port switch, to which the wireless access point would connect. So that's (1) router, (3) 8-port switches, and (3) wireless access points. What's the best gear to get for all these items if I want t
20:41 < UncleDrax> detha: important point re: breaking it.
20:42 < alabaster> I have a simple yet maybe dumb question if I may ask
20:43 < UncleDrax> don't ask to ask, just ask. (which doesn't mean to imply someone knows the answer, just that it's generally OK to ask)
20:43 < alabaster> since there is a lot of companies with business solutions products how do other companies use or take advantage of that product or platform
20:43 < alabaster> generally
20:44 < alabaster> sorry... Drax I wanted to Caveat my dumb
20:44 < UncleDrax> that is a incredibly broad question. what do you mean by 'business solution products'? like 'I am a manufacturer that needs to optimize my assembly lines', or do you mean like 'office 286' ?
20:45 < alabaster> do companies run the product from the main companies server (obviously) and do they lease or sell the product to run on another companies own server if the client company has a lot of POS or customers that they are taking care of
20:45 < alabaster> say like a tax solution software or POS and customer info software solution
20:46 < alabaster> I'm actually trying to figure out what the secondary company (the client) does to run that software for their businesses)
20:47 < UncleDrax> sounds more like SaaS ? say I provide said Tax Solution, and you as a company subscribe/pay/rent to assess my tax solution and use it?
20:47 < alabaster> do they run it on their own application server?
20:47 < alabaster> yeah Drax I guess that be one case
20:47 < UncleDrax> i mean tbh it depends on how hte product is offered. some places offer 'Cloud Hosted' or "Remote Hosted".. or some make you run an Appliance/Service/device
20:48 < UncleDrax> some do both
20:48 < UncleDrax> tbh, pick a product space at random - and search around for vendors in that space and see how they provide it
20:48 < alabaster> if the product is downloadable than can a company that paid for the liscense do they or can they run it on their own server?
20:49 < UncleDrax> most vendors worth a spit will post 'we have cloud hosting or if you prefer an easy to install appliance' type stuff
20:49 < UncleDrax> depends on the specific product/vendor.
20:50 < alabaster> yeah I know most companies you pay to use the software and they offer to the company to be opened in a web page/ client app or even phone app
20:50 < UncleDrax> sure
20:50 < UncleDrax> and some companies offer server SW you run locally and your client-software talks to it. some soluitions are a bit of both
20:51 < alabaster> So I guess that answers that but say its a downloadable product what type of server does it take to run the main companies software for their own company
20:51 < alabaster> an application server?
20:51 < alabaster> a normal web server?
20:51 < UncleDrax> the company should provide a spec sheet on server/hosting requirements for thier product.
20:52 < UncleDrax> ie: 'requires windows NT4 and node.js with nginx and 1600000GB of RAM with a billion-TB of available disk'
20:52 < UncleDrax> a silly example ofc, but gets the point across
20:52 < alabaster> I guess what I am asking is in general in networking we know the main types of servers. Can a webshosting server run another companies product for the client business
20:53 < UncleDrax> a server is just a piece of software that runs on a computer somewhere.
20:53 < alabaster> yep
20:53 < UncleDrax> an 'application server' is just running specific software for a specific application. a webserver is.. as-i-see-it, just an application.
20:53 < alabaster> but would generally any server run an application for a business from another business?
20:54 < alabaster> I guess you're right so there'd be no difference
20:54 < UncleDrax> depends on specifics of the software and install
20:54 < UncleDrax> trying to abstract this to this level just makes me want to go stab my manager
20:54 < UncleDrax> ;]
20:55 < alabaster> if I needed thousands of my own store to access that software that's put on the companies server. Would you generally require an application server instead of a webserver
20:55 < alabaster> haha
20:55 < UncleDrax> me? I would look at the requirements of said software and plan accordingly. this all reeks of handy-wavy-cloud-architect-tomfoolery to me
20:56 < alabaster> Im not even working, nor involved in any business. I'm just curious
20:56 < UncleDrax> hashbrown DEVOPS hashbrown fsckitdoitlive
20:58 < WebDoll> Who makes the best wireless access points for home users that need multiple access points with seamless roaming?
21:00 < alabaster> it just seems like when you look up application servers you get a server for web apps
21:00 < jvwjgames> WebDoll: ubiquity
21:00 < UncleDrax> alabaster: yeap. to most of the world that's what 'an appserver' means.
21:00 < detha> WebDoll: 'home' budget and 'seamless roaming' do not go together. The least bad is probably ubiquity yeah
21:01 < alabaster> what if I had a program that was going to be accessed by my companies 100s of POS's than can I run a normal decent webserver for a program?
21:02 < alabaster> then*
21:02 < UncleDrax> alabaster: you should consult the POS vendor's recommendations for system requirements and follow those guidelines.
21:02 < detha> alabaster: too wide a question. 'how long is a piece of string?'
21:04 < Kythlo> How do  I know how  what IP address Miracast is assigning for p2p? Or what access which access point it is so i can check signal strength. using windows 10 to connect to a Sharp LCD tv
21:04 < alabaster> ok here's the deal. I know a lot of people now that work for companies that do that type of thing. especially around here. It's business solutions and people get paid a fairly decent amount an hour as a job to troubleshoot the companies clients problems with the software or POS or client's server. I'm trying to find a place to start to learn to get into a tech job like that
21:06 < alabaster> obviously each program/platform/software has its own internal problems or situations that can arise but learn enough of how the set-up usually is to be able to research and learn before hand
21:06 < E1ephant> WebDoll: ubnt?
21:06 < alabaster> so I'm trying to figure out in simplest terms the structure or general structure or set up to know where to hone into learning or researching
21:07 < Whiskey`> E1ephant: nope ubnt killed the seamless roaming
21:07 < UncleDrax> yeap. if you're aiming to be an offical support tech for $vendor/company, go get hired at that company and learn thier gear. If you want to be unaffliated, jot down a couple company names and poke around the web/support forums for those products. Everything else is just basic computer|network troubleshooting.
21:07 < E1ephant> I mean don't go for seamless roaming in a home setting
21:07 < Whiskey`> they now use .... 11r? i think
21:07 < E1ephant> client roam is fine
21:08 < Whiskey`> E1ephant: agreed
21:08 < E1ephant> 11r would be soe orchestration no?
21:08 < Whiskey`> and its a toss up for ubnt vs mt
21:08 < E1ephant> tbh I have never had to lean on controller/AP based roaming
21:08 < E1ephant> beyond TX/RX power
21:08 < Whiskey`> E1ephant: yea i rarely need it and never in a home setting
21:08 < E1ephant> meraki free gear maybe?
21:08 < Whiskey`> ewwww
21:09 < Whiskey`> but, yea that could work
21:09 < alabaster> drax that sounds like a good idea. Peruse their forums for clients bitchings.
21:09 < E1ephant> do you really need 3 switches? would a patch panel and runs to a closet work?
21:09 < UncleDrax> alabaster: if you know people that work in that space, ask if they need an intern|apprentice
21:09 < E1ephant> if your house has a mmr that is within 100m of everywhere that is far easier imho
21:09 < alabaster> And that's kinda what I figured.. if i'd been out of work for a while get certified with a simple comptia linux/network+ usual certs
21:10 < Whiskey`> E1ephant: most people cant do decent retrofit wiring
21:10 < Whiskey`> so they stick to what they have in place or can easily run
21:10 < E1ephant> yeah can be an issue
21:11 < Whiskey`> and really, 3 switches isnt much in a home
21:11 < E1ephant> I have expensive taste in switches though :P
21:11 < Whiskey`> ahh
21:11 < alabaster> Drax they either hire or they don't usually don't intern jobs that are 20-25 dollars an hour. To me that's a nice chunk of hourly. But to most people that's a scrappy almost living wage
21:11 < Whiskey`> you know MT's has hit with some damn nice looking switches
21:11 < E1ephant> I should check some out
21:11 < E1ephant> I get pretty good discount on EX2300-C
21:11 < E1ephant> but its still kinda pricey
21:12 < Whiskey`> is that jsut a 12port gige switch with 10gb uplink?
21:12 < E1ephant> I know those 'tiks are pretty popular
21:13 < E1ephant> yeaj, it does some L3, but I just do router on a stick with it
21:13 < UncleDrax> just buy the 2300c support for $70 and file a JTAC case that your switch vaporized!
21:13 < E1ephant> lol
21:14 < UncleDrax> alabaster: the whole point of an intern job is (the theory goes) you're unpaid or under paid but getting OTJ training so you can go get a real job
21:15 < Whiskey`> damn even used thats looking at $500
21:15 < Whiskey`> you can get a 24port tik for that
21:15 < Whiskey`> UncleDrax: yea thats the idea, but far to many corps dont do it that way
21:15 < UncleDrax>  EX2200-C 12p?
21:15 < UncleDrax> Whiskey`: true
21:16 < UncleDrax> guess it dpeneds what features you want. I buy some $chinese basic L2 switchs for pretty cheap, but they don't take CCs or anything.. only POs
21:16 < Whiskey`> UncleDrax: looks liek newegg as it for 300, but the rest are 550~700
21:17 < Whiskey`> even on refurb
21:17 < qman__> I got some LB4Ms off ebay
21:17 < Whiskey`> you can get a 24 gige 4x sfp+ tik for 380
21:17 < qman__> cheap and do what I need
21:19 < alabaster> what do you guys think actually is Linux+ and Networking+ certification worth much now-a-days ?
21:20 < Whiskey`> always good to have a cert
21:21 < Ben64> if you don't have experience it'll help
21:21 < alabaster> I guess so. They're not hard to get. Which also adds that fear of worth
21:21 < qman__> certs aren't worth much, but if you've got nothing else, might be worth your time
21:21 < qman__> experience is the most important thing on your resume
21:21 < UncleDrax> eh, certs are OK, but if you _only_ have a pile of certs and no practical experience (even at a hobby level), that's a flag to me.. but I don't hire people
21:22 < qman__> if you want a good interview result, do work and get experience
21:22 < alabaster> I guess than add a little bit of college to that
21:22 < qman__> even if it's on your own, even if it's for charity or something
21:23 < UncleDrax> given that the cost of doing 'big important' Routing things (like setting up a BGP confed.. or something..) is near-zero today (because it can be done in emulators, simulators, or linux-deamons) and largely publically documented
21:23 < alabaster> I'm on disability. Working for free or interning would be smart. I just don't know where to find a type of thing
21:23 < qman__> call up a local charity
21:23 < UncleDrax> pick a rabbit hole and jump in
21:23 < qman__> they are always looking for help, especially free help
21:24 < qman__> failing that, do it for yourself
21:24 < qman__> think up a problem and solve it
21:24 < UncleDrax> but for Elvis's sake, try and do a good job and try and make it professional-level.. tons of charities prob get bogged down by sketch-level 'free' work
21:24 < qman__> school is far more expensive and not worth as much as experience
21:24 < alabaster> gotca
21:24 < alabaster> gotcha
21:24 < alabaster> *
21:25 < alabaster> I do want to get network+ and security before they change over to 2018 into June
21:26 < Smallville> Can anyone help me get my internet back working? Dell Vostro 460. Using Ethernet. Network tray icon says not connected, no connections available. I reinstalled the Ethernet driver from dell.com. The adapter is showing up in devices list
21:26 < qman__> certs will only get you in the door, at best
21:26 < qman__> if you actually want a job you need the knowledge and experience
21:26 < Ben64> i only ever got ccna back in the day
21:26 < xamithan> certs won't get me knowledge ?
21:26 < xamithan> And experience ?
21:27 < qman__> no
21:27 < qman__> certs prove you can memorize a test
21:27 < UncleDrax> not by themselves.. many ppl just learn how to take the Cert Exam and that is all.
21:27 < qman__> that doesn't mean you can do a job
21:27 < Ben64> it's like reading how to drive a stickshift vs actually knowing how
21:27 < xamithan> Yeah the job is easier,  I can copy and paste the network configs
21:27 < UncleDrax> tbh if you copy and paste, you're doing it the hard way
21:28 < UncleDrax> automate that shizzy
21:28 < xamithan> Ok so the job is easier,  I can automate it
21:28 < UncleDrax> indeed
21:28 < Ben64> have to get the job first
21:28 < qman__> the important part is that you are capable of writing that automation, and think to automate it
21:29 < qman__> certs don't do that
21:29 < UncleDrax> knowning the deets is great when you need to troubleshoot or create a thing. usually keeping it running is (hopefully) easy
21:29 < qman__> even if you do learn the material
21:50 <+catphish> the iscsi protocol is really needlessly complicated
21:50 <+catphish> every time i look at it i get scared
21:52 < Aeso> catphish, you mean the protocol itself or the configuration of targets/initiators?
21:53 <+catphish> the first one
21:53 <+catphish> perhaps one should start by learning how scsi works, and hope iscsi is just an encapsulation of it
21:57 < grawity> there's always ATAoverEthernet if you'd like
21:57 <+catphish> i love ATAoE, its's actually sane
21:57 <+catphish> but unfortunately pretty much everything uses iscsi instead
21:59 < _AxS_> hey all -- anybody here run into issues with BCM5709 nic's and current linux?  Mine are triggering 'fw sync timeout' issues; google hits are all matching RHEL-5.1 and 2.6 kernels though w/versions of everything that are way older than what i'm using...
22:01 <+catphish> "Read: (four variants): Reads data from a device" 4... variants... why...?
22:11 < xamithan> BCM5709 is what dell uses.  Can't say I've seen any issues with latest dell distros
22:12 < xamithan> *linux distros
22:15 < UncleDrax> catphish: I believe I was listening to a PP podcast on NVMe where they stated 'iSCSI looked complicated so thye created NVMe.. now if you look at NVMe it's crazy complicated too'. or another wya of putting it: https://xkcd.com/927/
22:17 < _AxS_> xamithan: in this particular case it's an addon pci card.  it's in a dell server but their DSU doesn't query it to check for updates or anything like that..
22:19 < xamithan> Well update that firmware for it
22:19 < xingu> UncleDrax: https://github.com/nvmedirect/nvmedirect . you know you totally want to.
22:19 < Aeso> NVMeoF looks cool too
22:19 < UncleDrax> use Github? i avoid it when possible
22:20 < Aeso> waiting to get my hands on some NICs that support it
22:20 < UncleDrax> also I'd have to buy some NVMe disks
22:20 < Aeso> hmm, I wonder how NVMeDirect stacks up against something more generic like SPDK
22:23 < _AxS_> xamithan: thats the problem, there are no updates (and no means of updating) that i can find.  the kernel's using driver 2.2.6 and 6.0.15/6.0.17/6.2.1b/6.2.3 firmware files (which seem to also be from the kernel), and i haven't found anything anywhere that's newer.
22:23 < xamithan> What kind of card is it?  I thought they all had updates
22:24 < xamithan> Kind as in brand and model
22:24 < _AxS_> xamithan: Broadcom Limited NetXtreme II BCM5709 Gigabit Ethernet (rev 20) , quad nic
22:27 < xamithan> It isn't an intel ?
22:27 < qman__> intel cards generally don't use broadcom chips, no
22:28 < xamithan> Er,  qlogic i mean
22:34 < xamithan> This one I think is the latest version: https://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=PX6V4
22:34 <+catphish> UncleDrax: lol indeed
22:34 <+catphish> i have a burning desire to implement an iscsi target though, so i guess i'll persist
22:38 <+catphish> i swear this protocol was designed by a committee instead of someone who actually wanted to transfer some data
22:41 < xingu> catphish: you mean the t10 committee?
22:41 <+catphish> oh god it's a real committee, what the fuck
22:42 <+catphish> but it's just block IO and a few metadata operations
22:42 < xingu> catphish: fortunately economic darwanism is collapsing it into a three-vendor circle jerk
22:42 < _AxS_> xamithan: thx! seems that's actually older than whats on the nic already (7.2.19)..  i found a link for 8.7.26 so im trying that..
22:44 < xingu> catphish: the one thing that I'm thankful for is seeing the t10 and t13 committees _merge_
22:44 < xingu> catphish: I was expecting the whole industry to pulled into a singularity the day that actually happened
22:45 <+catphish> i'm struggling to find simple examples of how it works
22:46 < xingu> find someone from lsi
22:47 <+catphish> eventually i'll stop complaining and actually read it
22:47 <+catphish> but for now, it seems mad
22:47 <+catphish> maybe i should wireshark some
22:51 < Apachez> does www.fs.com currently work for any of you?
22:51 < Apachez> I get an ip from my dns but the server doesnt seem to work
22:51 < vexe> works fine
22:53 < Aeso> Apachez, I had one of my techs mention a problem this morning, but it's been working for me all day
22:53 < xamithan> just says unable to connect for me
22:53 < _AxS_> xamithan: 8.7.26 didn't help .. :/  older versions don't seem to like downgrading either..  the reset code error is consistent now at least, before it seemed to be rolling a randomly incrementing number.
22:56 < _AxS_> xamithan: tnx for your help..  i'll try an experimental kernel and if that doesn't get rid of this, it's time to find a new quad nic
22:56 <+catphish> Apachez: wfm
22:57 < xamithan> Get an intel,  broadcom sucks for linux
22:57 < _AxS_> agreed.
22:57 < _AxS_> well, to be fair i never had an issue with any tg3's before...
22:57 < audia5> is this okay excercise desktop @work http://i64.tinypic.com/2qxvy2a.jpg
22:58 < xamithan> Yeah for the moment,  give it a few years those tg3 will be as unsupported as the bcm5709 ;P
22:58 < _AxS_> oh goodie.
23:00 <+catphish> TIL donald trump, a man who runs a large country, believes vaccines cause autism
23:01 <@pppingme> catphish well, its not the vaccine itself, but all the additives that are dumped into them..  I don't know if thats an issue outside the USA, but it IS in the USA
23:01 < xamithan> I don't get the Flu shot because everyone I know who does gets the flu
23:01 <+catphish> pppingme: no, it's not, it's a myth
23:01 <@pppingme> the numbers are there..
23:01 <+catphish> pppingme: numbers are where?
23:02 <+catphish> pppingme: you don't actually believe that do you?
23:02 <@pppingme> autism rates in vax vs unvax kids
23:02 < xamithan> You can make numbers do whatever you want depending who presents them
23:03 <+catphish> no, you really can't
23:03 <@pppingme> I believe vaccines are a good thing, I believe the way they are packages and additives and preservatives are BAD
23:03 < xamithan> Sure you can,  its like all those people who say everything is causing cancer in the past "X" years
23:03 < qman__> I think a major problem with the situation is that these days, they combine a bunch of vaccines into one, and give them all at once, so if there is a complication, you can't tell where it came from
23:03 < xamithan> It really isn't,  we just never diagnosed things as cancer previously
23:03 <@pppingme> the numbers are simple, autism rates are ZERO among un-vaxed kids
23:04 <+catphish> xamithan: saying it doesn't in any way mean the evidence supports you
23:04 < xamithan> But the "evidence" is the numbers
23:05 <+catphish> pppingme: if i go to the effort of finding statistics on this, will you simply disregard them as some kind of conspiracy?
23:05 < Epic|> S\a large country\the best
23:05 <+catphish> because i don't believe you, but i'm willing to check
23:05 < Apachez> wfm = ?
23:06 < qman__> "works for me"
23:06 < qman__> and it does work for me, as well
23:06 <@pppingme> catphish in the USA, autism is non-existant in the un-vax'ed, there is only one single case found in recent history (20 years or so), and that was a situation that involved adoption, and they can not absolutely confirm that the kid wasn't vax'd after birth.
23:07 <+catphish> pppingme: you didn't answer my question
23:07 < xamithan> But how many people actually DON'T get vax'd in USA,  that has got to be a super small sample
23:07 < xamithan> So it would make sense if there is no autists in a really small sample
23:07 <@pppingme> so yes, I'm open to evidence that supports other theories
23:07 <+catphish> that is a small sample, but i'd be willing to bet it's still representative
23:07 < audia5> is is okay to have an excersise chair @work desktop http://i64.tinypic.com/2qxvy2a.jpg
23:07 < Apachez> https://downforeveryoneorjustme.com/fs.com
23:07 <@pppingme> there's large communities, its probably approaching 10 to 15% of kids now
23:08 < xamithan> still representative?  Nah I don't believe that
23:08 < xamithan> Its pretty much required for public schools to vax
23:08 < xamithan> or was when I went
23:08 < qman__> still is
23:08 < qman__> I really doubt it's 10%, any community that doesn't vax must be home schooled
23:09 <+catphish> xamithan: i believe there is no link and hence it would still be representative of the normal population
23:09 < qman__> however, I wouldn't be surprised if the sample is large enough to be represented anyway
23:09 < xamithan> And if they are all home schooled and are enclosed,  any environmental factors to cause autism might be lessened
23:09 <@pppingme> there is a religious exemption, not sure how often its used
23:09 <+catphish> most of the research is from the UK where the vaccination scare started with MMR and autism
23:09 < xamithan> That debunked multiple times research from the UK?  lol
23:09 < Apachez> can it be a amazon aws bgp hijack again?
23:10 <@pppingme> the main preservative used in MMR is a mercury derivative.
23:10 < tds> Apachez: only works for me over https, I can't open a tcp connection on port 80
23:11 <+catphish> thimerosal
23:11 <@pppingme> you can request un-preserved vaccines, but most dr's won't work with you, some will, and evidence suggests (no hard numbers) that un-preserved vax'd kids do have a much lower (possibly non-existent) autism rate
23:11 <+catphish> though ironically not used in the MMR vaccine
23:11 < tds> Apachez: looks like they've got decent security (unlike the hijack yesterday) and have HSTS :)
23:12 <@pppingme> it is in the USA
23:13 < xamithan> Whenever there is a really good peer reviewed study and research published I'll entertain the vax causes autism theory.  Since it has been over 20 years that it has been debunked I doubt that'll happen
23:13 <+catphish> pppingme: wouldn't it be an insane coincidence if a false rumour started in the uk where there's no link turnd out to actually be true in the usa?
23:13 < qman__> it would be pretty wild
23:14 < Apachez> https://blog.thousandeyes.com/amazon-route-53-dns-and-bgp-hijack/
23:16 < S_SubZero> Apachez: if only they hadn't vax'd then that never would have happened
23:16 <@pppingme> You have all these facts to debunk: 1-Unvax'd kids simply don't develop autism; 2-Its very common for symptoms to start within 48 hours of a variety of different vaccines; start there, but there are many other facts to overcome too
23:17 <+catphish> the only evidence i found so far is the reverse lol https://edition.cnn.com/2018/03/26/health/vaccination-rates-children-autism-study/index.html
23:17 < qman__> the thing that bothers me in the US about it is that there's no middle ground, the anti-vaxers are basically no vaccines at all ever, with no real evidence for what specifically the problem is, while the doctors are vaccinating with whatever new product is out and sold to them, even when there's little research on the individual products
23:18 < qman__> both sides need to apply some logic and scientific method
23:18 <+catphish> still looking for stats regarding pppingme's claim, which i can't believe is true, but want facts to be sure
23:18 < qman__> eliminate variables
23:18 <+catphish> it all seems very polarized in the usual stupid western-political manner
23:18 <@pppingme> qman__ a big part of the issue with dr's is that they are basically outcast if they don't automatically take whatever the FDA and AMA put out as truth.
23:19 <+catphish> pppingme: that's because that truth is based on the best available clinical data
23:19 <@pppingme> FDA has a long history of telling the "truth" based on financial considerations
23:19 < qman__> eh, not always
23:19 <+catphish> ok, i probably should have just searched "autism unvaccinated population", that produces immediate answers
23:20 < qman__> like the whole "salt is bad for you" thing, that's not actually based on any solid evidence
23:20 < qman__> yet is still "common knowledge"
23:20 <+catphish> pppingme: while i can believe that, the FDA isn't the only body i the world, and they all reach similar conclusions
23:21 <@pppingme> because most discount the unvax'd as not being enough to be statistically relevant.. how in the world can only including vax'd make this statistically relevant??  that doesn't pass the sniff test..
23:23 <+catphish> here's some real data: http://www.nejm.org/na101/home/literatum/publisher/mms/journals/content/nejm/2002/nejm_2002.347.issue-19/nejmoa021134/production/images/img_medium/nejmoa021134_t1.jpeg
23:23 <+catphish> from http://www.nejm.org/doi/full/10.1056/NEJMoa021134
23:24 <+catphish> pppingme: you are certainly wrong about no unvaccinated child ever being autistic, that was a pretty unrealistic fact, really
23:24 < xamithan> Wait salt is bad for you isn't based on evidence?
23:24 < qman__> no
23:24 < xamithan> But it raises blood pressure right ?
23:24 < qman__> there was one bunk study that was inconclusive back in the 50s
23:24 <+catphish> "bad for you" is way too vague
23:25 <+catphish> and "salt" is also way too vague
23:25 < qman__> and since then, someone has had an axe to grind or something, because that notion has perpetuated as common and solid, with no other evidence
23:25 <+catphish> some amount of salt is clearly bad for you in some way
23:25 < xamithan> Yeah the first 5000 google results all say salt raises blood pressure
23:25 < qman__> yes, based on what study or evidence though?
23:25 <+catphish> but you can't make such a statement without actual definitions and numbers
23:25 < qman__> you will find that there isn't any
23:26 <@pppingme> catphish look especially at autism rates among Amish.
23:27 <+catphish> pppingme: it's not a good idea to look at a specific subset like that and assume some other factor correlated
23:27 < xamithan> Ok so I found like 30 studies on the first search that salt raises blood pressure,  and there was trials and everything
23:27 < xamithan> I don't know why you are saying there isn't evidence
23:28 <+catphish> better to look at a random sample, see the study i posted, seems to be the most commonly cited one with the largest evidence base
23:29 < qman__> xamithan: https://www.youtube.com/watch?v=XLZOiG4etXo
23:29 < qman__> sources in description
23:30 <+catphish> pppingme: i don't like to be so rude, but i can say with some certainty, based on the amount of effort that's gone into research into the matter, that you're wrong, this isn't opinion
23:30 <+catphish> it's evidence based medecine
23:31 <@pppingme> also look at all the kids that were struck with symptoms out of nowhere within a couple days of getting vax'd, another issue that the medical community wants to sweep under the rug
23:31 <@pppingme> by the way, CNN is NOT a reliable source of news or information
23:32 <+catphish> pppingme: vaccination causes lots of unrelated symptoms due to the stress it puts on the immune system, no doubt
23:32 < wiresharked> catphish: This has nothing to do with networking
23:32 < xamithan> Even in that video you linked in the sources it says that salt raises blood pressure?...
23:32 <+catphish> wiresharked: you have nothing to do with networking
23:32 <@pppingme> I'm talking about symptoms of autism, symptoms that don't go away
23:33 <+catphish> pppingme: evidence pls
23:33 < qman__> xamithan: they claim that, but the actual data in the studies don't support that claim
23:33 < wiresharked> catphish: Well I have been studying for the A+
23:33 < qman__> at least not with any strong correlation
23:33 <+catphish> wiresharked: good work
23:33 < qman__> specifically, that high salt intake does not cause chronic high blood pressure
23:33 < qman__> eating salt does temporarily increase blood pressure, but it then gets filtered out of your system normally, with no proven negative effects
23:33 < xamithan> So you are saying because they did a study on people already at risk of hypertension it is faulse?..
23:34 < qman__> no, I'm saying that the conclusions do not logically follow the data
23:34 <+catphish> pppingme: i don't think anyone claims cnn is a valid source of information :)
23:35 < wiresharked> xamithan: I know that salt can have a negative effect on your sleep
23:36 < wiresharked> catphish: They do cover networking on the test
23:36 <+catphish> there's no doubt excessive salt has unpleasant accute effects, i can't be bothered to research the evidence about long term effects :)
23:36 < qman__> people with hypertension may need to avoid salt because they already have hypertension, but there's no evidence that the average person without hypertension should limit themselves to 3000mg/day of salt, or that if they significantly exceed that, that it would have any negative long term health effects
23:37 < S_SubZero> remember when looking at an egg the wrong way caused heart attacks
23:38 <+catphish> lol
23:39 < wiresharked> qman__: So vitamin E and zinc both help with preventing alzheimer's disease, but do they ruin your sleep?
23:41 < nuka-cola_> whats the difference between VPLS and MPLS?
23:41 <+catphish> wiresharked: by the way, see the topic, regarding being off topic :)
23:41 < wiresharked> catphish: Sorry. I'm just trying to keep other people from being off topic
23:41 <+catphish> wiresharked: why?
23:41 < qman__> no, the point is that off topic is fine as long as it isn't interrupting on-topic discussion
23:41 < xamithan> VPLS is layer 2 and MPLS is 3 ?
23:42 < S_SubZero> nuka-cola_: I'm gonna paste your question into Google.  then I'm going to stare angrily at you.
23:42 <+catphish> nuka-cola_: i don't know the topic, well byt it seems that VPLS is an ethernet VPN, that can run over ip or mpls
23:42 < wiresharked> xamithan: What is VPLS and MPLS?
23:42 < qman__> I only vaguely know what MPLS is, and don't know what VPLS is
23:42 <+catphish> https://en.wikipedia.org/wiki/Virtual_Private_LAN_Service explains it all
23:42 < S_SubZero> https://networkengineering.stackexchange.com/questions/30576/differences-between-mpls-and-vpls
23:42 <+catphish> wikipedia is magical
23:43 < qman__> yep, the LACP article on wikipedia is particularly excellent
23:43 < wiresharked> qman__: And isn't a VPN the same?
23:43 <+catphish> it can be
23:44 <+catphish> VPLS is a type of VPN, as the article says
23:44 < xamithan> A way better and more expensive VPN
23:44 <+catphish> better is subjective
23:44 < wiresharked> I don't think I should use hotspot shield at school. The speed through the wifi there is bad. 4mbps
23:45 < nuka-cola_> S_SubZero :D hehe just wanted to start a discussion
23:46 <+catphish> it seems you failed :)
23:46 <+catphish> i on the other hand started a pointless one
23:47 < xamithan> 99% of stuff in this channel is pointless discussion
23:47 < nuka-cola_> btw have you guys have ever used or heard of Cisco's Network Service Orchestrator, it's quite a kinky platform for managing devices, what i particularly like is that it stores each onboarded device configuration in its database, whenever you want to push a new config it first do a transaction that calculates the diff and if you are happy with it , it commits it. Though it kinda sucks you have to know YANG in order to mo
23:47 < nuka-cola_> del stuff
23:48 < redrabbit> https://www.youtube.com/watch?v=kqnvrjgyEMc
23:48 < redrabbit> lol
23:48 < nuka-cola_> though it allowes you to augment your services in Java and Python
23:49 < wiresharked> catphish: So are IP addresses between 193.x.x.x and 240.x.x.x class D?
23:49 < xamithan> There is no classes anymore
23:49 < redrabbit> that 1.1.1.1 service looks good though
23:49 < wiresharked> xamithan: For IPv6, yes
23:49 <+catphish> wiresharked: no
23:49 < redrabbit> i'm giving it a try
23:49 <+catphish> wiresharked: 224.0.0.0 to 239.255.255.255
23:50 < wiresharked> catphish: Alright
23:51 < nuka-cola_> But we ended up being a Juniper shop at the expense of Cisco. Junipers QFabric has no competitors lol
23:51 < wiresharked> nuka-cola_: And my CPE rebooted this morning, probably for a firmware update
23:51 < nuka-cola_> hehe
23:52 < nuka-cola_> JunOS > IOS lol
23:52 < wiresharked> nuka-cola_: No, I'm talking about my ISP's modem/router hybrid
23:53 < redrabbit> what do you guys think about that new cloudflare dns service
23:53 < tds> my general view is meh, I just run my own internal resolvers
23:53 <+catphish> anyone using ipv9 yet?
23:53 < nuka-cola_> the 1.1.1.1 one? I hear its faster than Googles 8s , though my ISP dns is the fastest lol
23:53 < wiresharked> catphish: IPv9? When did that come out? Also, I feel that you are not serious
23:53 < Dagger> catphish: in Australia, sure
23:54 < redrabbit> 6ms ping here
23:54 < redrabbit> on par with 8.8.8.8
23:54 < tds> 1.1.1.1 has also been a bit annoying, since people keep posting URLs with the ipv4 address in them which don't work for me ;)
23:54 < redrabbit> i wonder how expensive 1.1.1.1 was to buy
23:55 < tds> redrabbit: I think they just poked some people at apnic, it's a joint research project iirc
23:55 < wiresharked> Dagger: The average RTT for google is 38ms
23:55 <+catphish> i get wildly differing ping times to 1.1.1.1 interestingly
23:56 < Dagger> wiresharked: source?
23:56 < redrabbit> stable here
23:56 <+catphish> rtt min/avg/max/mdev = 3.456/6.697/20.548/4.731 ms
23:56 < wiresharked> Dagger: I just pinged Google's DNS server
23:56 <+catphish> also, 3.4, wow
23:56 < redrabbit> it looks legit
23:56 < Dagger> wiresharked: then that's just *your* average ping. that's a lot less interesting
23:56 <+catphish> 8.8.8.8 responds in a consistent 3.5ms
23:57 <+catphish> that's some seriously impressive RTT
23:57 < wiresharked> Of course, you can always expect higher latencies as the ISP busy period gets closer
23:57 < djph> aww 10ms
23:57 < Chojuan> 0.082/0.098/0.012
23:57 < djph> stupid ISP
23:58 <+catphish> i can't believe my rural residential connection has an RTT of 3.2ms
23:58 <+catphish> that's awesome++
23:58 < tds> my latency to cloudflare is much worse than google, but that's just my own fault for routing it stupidly internally :P
23:58 < tds> catphish: were you in the uk?
23:58 <+catphish> tds: yes
23:58 < tds> if so, I'd be interested to know which provider that's on :)
23:59 <+catphish> tds: wessex internet, they run an ethernet to the home network in dorset
23:59 <+catphish> gigabit fibre
23:59 < Dagger> catphish: I don't even get that sort of ping to the main router here :/
23:59 < MarkusDB1> What is a good choice for a 40gbe qsfp+ switch?
23:59 < Dagger> Reply from 192.168.1.1: bytes=32 time=5ms TTL=63
23:59 <+catphish> aww
23:59 < Dagger> powerline++
--- Log closed Thu Apr 26 00:00:03 2018