--- Log opened Sat May 05 00:00:09 2018
01:47 < ntd> so, our systems supplier just delivered less than they were supposed to and charged us for fictitious items
01:48 < ntd> and their key account manager is sick. appendectomy on the books, supposedly
01:48 < SporkWitch> fire whoever signed the delivery receipt without doing inventory
01:48 < rewt> go to the account manager's manager
01:48 < ntd> did
01:48 < ntd> "this email has words. sufficient explanation"
01:49 < SporkWitch> O.o
01:49 < rewt> inform them you won't pay the invoice until it's fixed
01:49 < ntd> oh, paid in advance
01:49 < ntd> at least 80% of it
01:49 < ntd> 180 of 200k USD
01:50 < ntd> i mean. my sympathies to whoever is gonna have an organ removed
01:50 < ntd> but, eh....
01:51 < SporkWitch> i mean, this is primarily on the guy who signed receipt without doing full inventory
01:51 < SporkWitch> mistakes happen, that's why you do inventory before signing
01:51 < ntd> their advance payment invoice read: "in advance"
01:51 < ntd> their post-install invoice specified as mentioned
01:51 < ntd> no slip
01:51 < ntd> this is the framework i have to work within
01:52 < ntd> institutional ineptitude
01:52 < ntd> fortune 1000 org
01:53 < SporkWitch> no, that's not what i'm saying.  part up front is normal, especially on large purchases like that, especially especially if you aren't a big enough player that there's no real worry of you going under / disappearing.  The issue is that not everything was delivered and presumably someone signed a receipt saying it all WAS delivered.  It's now your word against theirs trying to get the rest
01:53 < ntd> raise any question: words. easily cut to pieces but by then you are already perceived as a nuisance
01:55 < ntd> oh, they've specified SNs of items easily disproved having bing delivered/installed
01:55 < ntd> been
01:55 < SporkWitch> pretty hard to prove a negative; guy signed off saying the SN was delivered, they say he took it home and pawned it
01:56 < SporkWitch> like i said, this is primarily on the guy that signed without taking inventory first
01:57 < ntd> no one signed
01:57 < ntd> rep was present during install and took pics
01:57 < ntd> our rep
01:58 < ntd> yet they've invented just shy of 10K of equip
01:59 < ntd> and we had to make the rest deliver as promised
01:59 < SporkWitch> well then you're all set; shit happens and you've got the documentation to prove it
01:59 < ntd> they've even charged us 1,5K usd for facilitating for ISP delivery
02:00 < ntd> yet we had to talk to some indian for 36 hours to get it running
02:00 < ntd> well, span from issue to resolution was 36h
02:01 < ntd> we had to. they set the wrong install date (post location opening) and we had to tell the ISP what was wrong
02:01 < c|oneman> probably yeah
02:01 < c|oneman> I was scrolled back 2 dys.
02:02 < SporkWitch> lol
02:02 < ntd> too bad "shibboleth" doesn't trigger what it is supposed to
02:03 < ntd> well. the ones actually in charge have no clue and realy on those perpetuating the issue(s)
02:04 < ntd> so. do i initiate an orbital strike which might hurt the org or do i persist in documenting ineptitude?
02:04 < lupine> orbital strike
02:04 < lupine> errtime
02:04 < ntd> hoping that by doing the right thing i eventually win?
02:05 < ntd> "rely on". just spotted the typo, sorry
02:10 < MarkusDB1> So the dual wan failover on my asus 68u router works very bad, well doesn't work at all really. What other router might be worth testing? I also got an edgerouter laying around to test.
02:11 < MarkusDB1> I really want failover and had hoped for an easy solution since they have that feature marketed, but it seems to work really bad
02:15 < SporkWitch> define "really bad" and your setup
02:15 < MarkusDB1> Just their dual wan setting
02:15 < MarkusDB1> I got dual wan
02:15 < MarkusDB1> it's supposed to ping some ip, like google. and switch after like 12 failed pings, but it doesn't
02:15 < ntd> stock fw?
02:16 < MarkusDB1> yeah
02:16 < ntd> gawd
02:16 < SporkWitch> ntd: the stock asus firmware is actually really good
02:16 < ntd> better than d-link is "less worse"
02:16 < MarkusDB1> it's actually way better than dlink and tplink
02:16 < MarkusDB1> best I've used except for ddwrt
02:17 < SporkWitch> that's like saying beer is better than a piss-and-vomit cocktail
02:17 < MarkusDB1> or the "wrt's"
02:17 < ntd> i've made my statement/assertion
02:17 < MarkusDB1> so for proper fail over, should I take my edgerouter for a spin?
02:17 < MarkusDB1> Or stay with the wrt?
02:17 < MarkusDB1> I mean.. asus
02:18 < SporkWitch> if you've got one, go for it.  if you enable load balancing it might work better, too, assuming both links have comparable throughput
02:18 < SporkWitch> if they don't, it might degrade performance in general
02:18 < MarkusDB1> I don't like to use the load balancing since the primary is 1000mbit and the secondary is 100mbit
02:25 < Mead> I've got a windows machine Hyper-v hosting a VM with ubuntu server on it. Anyone know how I can Remote desktop into hyper-v to get remote access to the VM from another system?
02:26 < Adior> hi
02:26 < Adior> if I spoof my mac address to be the same mac address as another mac accress that's already on the network, what's that do
02:27 < ntd> havic
02:27 < Mead> breaks your network
02:27 < ntd> havoc
02:27 < SporkWitch> Adior: https://lmgtfy.com/?s=d&q=what+happens+with+duplicate+mac+on+lan
02:27 < ntd> unless your switch is up to the task
02:28 < Adior> my switch is not up to the task
02:28 < ntd> then spoof all the macs
02:28 < SporkWitch> i remember when IRC had questions that _weren't_ search queries...
02:28 < Mead> macs addresses are meant to be unique for a reason
02:28 < ntd> or plug on port to another switch and back on another
02:28 < Adior> I'm confused cuz I had been using that ip mac address a lot
02:28 < ntd> one
02:28 < Adior> mac address
02:28 < Adior> yeah
02:28 < SporkWitch> ip != mac
02:28 < Adior> so I don't know why it broke this time
02:29 < Adior> it was like, I hit the button, and I has 90% packet loss to the router
02:29 < Adior> and it took me a while to figure out why
02:29 < Adior> weird
02:29 < SporkWitch> not weird at all
02:29 < Adior> it's weird to me
02:29 < Adior> cuz I didn't have any problems before
02:29 < SporkWitch> just because something retarded works for a while doesn't mean it's going to keep working
02:30  * Adior shrug
02:30 < Adior> also
02:30 < Adior> how hot is my switch supposed to get
02:30 < Adior> I'm concerned
02:30 < Adior> :C
02:30 < SporkWitch> newlines
02:30 < SporkWitch> are
02:30 < SporkWitch> not
02:30 < SporkWitch> a substitute
02:30 < SporkWitch> for punctuation
02:30 < Adior> /ignore and move on
02:31 < Adior> I wonder if I should install a heatsink on my switch
02:31 < SporkWitch> Adior: https://lmgtfy.com/?s=d&q=what+is+a+normal+temperature+for+a+network+switch
02:31 < Mead> Adior:  just keep it in a well ventilated space and get on with your life
02:35 < Adior> I just opened it up, and it has tons of heatsinks in it
02:36 < Adior> I just don't like how hot it is
04:19 < cmj> .seen willyonwheels
04:19 < cmj> wrong channel
04:37 < gswallow> Howdy, y'all!
04:38 < gswallow> I set up two types of VPN today: one that just creates multiple tunnels with CIDR ranges on both sides, and one that sets up a virtual tunnel interface with IP addresses on each end.  These are policy-based VPNs and route-based VPNs, respectively, right?
05:27 < randomusernumber> Does anyone here work in a field of computer science, and is willing to answer a couple questions about your occupation?
05:31 < ironpillow> hi all, I am running freeradius and for eap-ttls, I have server cert signed by letsencrypt. When I am using macos to connect to the wpa2-enterprise network it presents a dialog box about the certificate. I thought if I have a signed cert by public CA, there wouldn't be a dialog box. Any advice? thanks!
05:55 < Project86__>  Is there a way to set a phone to boot from microsd iso?
05:56 < Project86__> Was going to boot raspian or some other arm distro to phone as main os
07:55 < at0m> Project86__: there is not. there's been lildebi and another way to run debian (forgot the name) on an android phone though, after android/lineageos is booted
07:59 < energizer> i just rebooted a remote server and now im getting 'Connection refused'. Is there a way to figure out if its awake and rejecting me or failed to boot altogether, aside from ... going there
08:00 < TV`sFrank> nmap it?
08:00 < energizer> up!
08:00 < energizer> thanks
08:00 < rudi_s> energizer: Connection refused means the service is not running. - You could ping it to see if the server is alive (however note that some firewalls/systems drop ping packets).
08:02 < energizer> alright so now can i diagnose the 'Connection refused'?
08:15 < overseer> hayyyyyyyyyyyyyyy
08:15 < overseer> does sebastian holler at you?
08:19 < overseer> does google have a rate control for how often it uses a formulae for password recovery
08:20 < overseer> sometimes it asks for phone number oher times it skips asking
08:20 < overseer> there's been times it accepts any password
08:21 < overseer> "you type uin what you want"
08:21 < overseer> accepted
08:22 < overseer> LATELY IT SEEMS TO BE RIDGID
08:22 < overseer> HIDING SOME OF THE RESET PATHWAYS
08:23 < overseer> HI TRUTHR
08:23 < truthr> hi
08:23 < overseer> TRUTHR DO YOU KNOW ANYTHING ABOUT RBIT
08:24 < truthr> no sorry
08:24 < overseer> Do you know about allison worked at a zoo?
08:24 < TV`sFrank> lol
08:25 < overseer> MoarSpaceFI my my
08:34 < overseer> applegal: hi
08:35 < overseer> do you know apple101
08:42 < overseer> do you think they have a button
08:42 < overseer> for a masonic se gauntlent
08:42 < overseer> lady in red type things
08:43 < overseer> end up like edward scizzorhands being passed around
08:43 < overseer> it is a scenario
08:43 < overseer> in a masonic trap
08:43 < overseer> sex gauntlent
08:44 < overseer> though these are evil schemes
08:44 < overseer> whats worse a trap with no voluntary pivot
08:45 < overseer> press javascript slavery
08:45 < overseer> all earth enslaved to javascript and rfid
08:45 < overseer> no voluntary pivot
08:47 < overseer> they talked abou the "great depression"
08:47 < overseer> you get junkfood rations for an rfid chip
08:52 < radicaldev> Hello!
09:22  * catchersmitt flaps glove
09:25  * catchersmitt flaps glove
09:26 < littlepython> how do we find network overhead? also do you think that NAT'ing would result in network overhead?
09:28  * catchersmitt flaps glove
09:32  * catchersmitt flaps glove
09:33 < catchersmitt> apparently each channel is full of named roaches
09:33 < catchersmitt> they spaz out sometimes
09:34  * catchersmitt flaps glove
09:35 < catchersmitt> other than that wheres a pitcher
09:36 < catchersmitt> anybody capable of throwing a ball?
09:36  * catchersmitt flaps glove
09:38 < catchersmitt> littlepython nework overhead?
09:38 < catchersmitt> snakes see heat
09:38 < catchersmitt> heatless network is stealth
09:39 < catchersmitt> littlepython: are you sub 0
09:39 < radicaldev> sub 0 is too cold
09:39 < radicaldev> need to be ~10% less than environ to fool snakes.
09:40 < radicaldev> I guess there are places that get sub 0, though.
09:42 < TV`sFrank> Man.  This network never changes.
10:10 < catchersmitt> absolutely
10:10 < catchersmitt> my my my
10:11 < catchersmitt> welcome palo alto
10:11  * catchersmitt smirks
10:11 < catchersmitt> novus lux aeternam
10:12 < catchersmitt> welcome to ZION
10:12 < catchersmitt> JT
10:12 < catchersmitt> my love
10:12 < catchersmitt> the MAN bleed for your sins
10:13 < catchersmitt> tech9\
10:13 < catchersmitt> THIS RING
10:13 < catchersmitt> welcome to ZION
10:14 < catchersmitt> LORUM IPSUM FACTUM
10:14 < catchersmitt> stay for an eternity
10:14 < catchersmitt> take a look around
10:15 < catchersmitt> might be going wool white
10:16 < catchersmitt> whatever you want
10:16 < catchersmitt> whatever you need
10:17 < catchersmitt> THIS RIIIIIIING
10:20 < catchersmitt> make you a believer?
10:20 < catchersmitt> absolutely
10:20 < catchersmitt> my my my
10:21 < catchersmitt> We read from the beginning the plan of the Creator, the pride DOMINATOR.
10:24 < catchersmitt> What is the military purpose of ZION?
10:25 < catchersmitt> goto BEGINNING
10:26 < catchersmitt> We may have heard the unfortunate news "we aren't in EDEN"
10:29 < catchersmitt> Have we envisioned the wedding of the LAMB?
10:29 < catchersmitt> SHroedingers CAT?
10:29 < catchersmitt> The LION AND THE LAMB
10:29 < catchersmitt> "We are the poisioned you"
10:41 < catchersmitt> look at the earth
10:41 < catchersmitt> Ask Lyndon Larouche about Jobe
10:55  * catchersmitt flaps mitt
10:56 < catchersmitt> throw some data
10:56 < catchersmitt> all known nucleur detonations
10:56  * catchersmitt flaps mitt
10:56 < catchersmitt> oooooh barracuda
10:57 < catchersmitt> now if you have been near me you have been corrected about assumtions
10:57 < catchersmitt> reflections on trusting trust
10:58 < catchersmitt> the likelyness of having first person accounts is nil
10:58 < catchersmitt> except for say military persons in the past century
10:59  * catchersmitt flaps mitt
10:59 < catchersmitt> throw some data
11:03 < catchersmitt> throw some data
11:03  * catchersmitt flaps mitt
11:03 < catchersmitt> justify your eistence
11:04  * catchersmitt flaps mitt
11:04 < catchersmitt> come on roach net
11:04  * catchersmitt flaps mitt
11:04 < catchersmitt> throw some data
11:05 < TandyUK2> pppingme xand  fancy ending this
11:05 < TandyUK> Sometimes some access in here would be useful :P
11:06 < catchersmitt> yeah?
11:06 < catchersmitt> did you send that girl to read about catcher in the rye
11:07 < TandyUK> no, but youre about to become the 6th person i have ever ignored in 20 years of IRCing
11:07 < catchersmitt> roaches spazing out
11:08 < catchersmitt> upset for attempts at making them useful
11:08 < TandyUK> you know this is ##networking not ##bullshit right?
11:08 < catchersmitt> it all goes into the catchersmitt
11:08 < catchersmitt> what are we networking
11:08  * catchersmitt flaps mitt
11:08 < catchersmitt> throw some data
11:09 < catchersmitt> HARVEST
11:09 < catchersmitt> useful data
11:09  * catchersmitt flaps mitt
11:10 < catchersmitt> throw some data right here
11:10  * catchersmitt punches mitt
11:10 < catchersmitt> what are we wombats sucking on the power lines
11:11  * catchersmitt flaps mitt
11:12 < TandyUK> just a noob wasting bandwidth
11:12 < catchersmitt> TandyUK youve been around this network long enough
11:14 < catchersmitt> TandyUK: What do you know about nucleur technology?
11:14 < TandyUK> that it has fuck all to do with networking
11:14 < TandyUK> and that you cant spell
11:15 < catchersmitt> hanging with the goldfish to long TandyUK
11:16 < catchersmitt> pull your mind together long enough to accept a command
11:16 < TandyUK> bye
11:16 < radicaldev> any of y'all deal with commercial voice platforms?
11:16 < TandyUK> 6 ppl on my ignore list in 20+ years lmao
11:17 < TandyUK> radicaldev: such as??  Avaya IPOffice and that sort of thing, or skype kinda thing??
11:17 < catchersmitt> after 20+ years of parasitic leeching
11:17 <+xand> catchersmitt: stop talking nonsense
11:17 < radicaldev> TandyUK: more along the lines of avaya experience portal, or genesys voice platform
11:17 < catchersmitt> have I been the other 5?
11:18 < radicaldev> my question is around the licensing practices of those, though, so IPOffice might be a close enough fit.
11:18 < TandyUK> Licensing for them is along the lines of "bend over"
11:19 < radicaldev> TandyUK: Sweet. How far? =)
11:19 < TandyUK> until you cant bend any more lol
11:19 < radicaldev> Could you estimate what someone running 6k concurrent channels would spend in a year?
11:20 < TandyUK> a shitton
11:20 < TandyUK> youd be better off building your own platform
11:21 < radicaldev> Think so? I think I'd be better off replacing that platform with something a little cheaper, and a lot better... or maybe a little more expensive.
11:22 < radicaldev> how much do you think a shitton is?
11:23 < radicaldev> <--- solution provider with no idea how to price this thing for fortune 100 companies
11:28 < radicaldev> TandyUK: No guesses?
11:35 < TandyUK> radicaldev: 6 figures
11:35 < radicaldev> a month or a year?
11:35 < TandyUK> 12 channels is like £1500
11:35 < TandyUK> it depends how you buy it
11:35 < TandyUK> clearly youre not an avaya reseller
11:36 < radicaldev> nah, I work with new stuff that everyone is antsy about. Displacing the old stuff.
11:36 < radicaldev> Well, being asked to, anyway. The price is the big question now.
11:37 < TandyUK> are all these channels in one office or what?
11:37 < TandyUK> you going with on-premp, or cloud based?
11:37 < radicaldev> hybrid
11:38 < TandyUK> example complete system on-prem with 12 phones and 6 channels is £1850, plus about £500/yr for maintenance
11:38 < radicaldev> When you say 1850, is that monthly or yearly?
11:39 < radicaldev> i'm guessing yearly, cuz that seems about right.
11:39 < TandyUK> thats just to buy the hardware
11:39 < TandyUK> you have annual maintenance on top of that
11:39 < TandyUK> plus configuration etc
11:40 < TandyUK> dont expect much change from £1000000
11:40 < radicaldev> oh, I see. so you get the IP office/setup/install/12 phones and 6 channels for 1850, then 500/year maintenance?
11:40 < TandyUK> that just for avaya
11:40 < TandyUK> other brands are very different
11:41 < TandyUK> but you need to speak to an authorised reseller of whatever platform to get any clue on actual pricing
11:41 < radicaldev> That's helpful to know.
11:41 < TandyUK> as youre not an existing customer, dont expect much discount
11:42 < radicaldev> Like I said, I'm trying to displace these guys. What we're into isn't phone systems (at least, not in this case). It's automated agents, which the client has a current product that somewhat fills their needs.
11:43 < TandyUK> https://www.ipoffice-direct.co.uk/product/avaya-ip-office-r9-sip-trunk-20-licenses-275662/
11:44 < TandyUK> £175k or so just for the sip trunk licences
11:44 < radicaldev> but that's one time right, in the case of avaya?
11:45 < radicaldev> yeah, one time.
11:45 < TandyUK> theres an annual 'maintenance' fee on everything
11:45 < TandyUK> they dont tell you that whe nyou buy it ofc
11:45 < TandyUK> for a 40 user system, its about £1800/yr
11:45 < radicaldev> Interesting....
11:46 < TandyUK> seriously decide what you actually want, and build it yourself
11:46 < radicaldev> Already did!
11:46 < Apachez> you speak about the actual sip trunk?
11:46 < Apachez> or the license?
11:46 < Apachez> wtf kind of "maintenance" is there on a license?
11:46 < radicaldev> maintenance would probably cover security fixes and whatnot, plus the occasional support ticket.
11:47 < TandyUK> its a license fee for using their shitty hardware
11:47 < TandyUK> and actually getting updates etc
11:47 < TandyUK> or their server based software version
11:47 < TandyUK> either way, you'll be bending over annually if you want to keep it patched
11:48 < TandyUK> for 6000 channels, youre goign to want some pretty serious HA too
11:48 < TandyUK> pretty sure your clients wont want their entire system going down because a PSU failed
11:49 < radicaldev> lol, no.
11:49 < radicaldev> they would not like that one bit
11:50 < radicaldev> I'm guessing the client didn't pay a 1 time fee for the equipment they have + the maintenance fees, because they've had their stuff in place for ~15 years or so.
11:50 < Apachez> why dont you get a grandstream box instead?
11:51 < radicaldev> I think they're on some sort of monthly or quarterly contract with the providers
11:52 < radicaldev> Apachez: grandstream box?
11:55 < Apachez> radicaldev: www.grandstream.com
11:56 < radicaldev> Yeah, they don't offer any kind of capability for a customer to have a normal conversation with a support bot.
11:56 < Apachez> ?
11:57 < radicaldev> That's my business now. I build highly available conversational <department> bots that large companies are extremely excited about.
12:00 < radicaldev> Whereas one auto manufacturer may want a bot to schedule service appointments, another megacorp may want one to handle customer support calls that involve billing inquiries and whatnot.
12:00 < radicaldev> It's pretty much the same to me.
12:01 < TandyUK> just FYI, no customer **EVER** wants to have a conversation with a fuckign bot
12:01 < TandyUK> id speak to them once, and never use that supplier again
12:01 < Apachez> same here
12:01 < Apachez> on the other hand that bot might actually give answers
12:02 < radicaldev> I disagree. A competent bot beats someone that doesn't speak the language very well at all.
12:02 < Apachez> compared to some retarded humans where you ask like 3 questions and never gets the answer
12:02 < radicaldev> I hate bots as much as the next guy, usually. I build mine with people like me in mind.
12:03 < TandyUK> so it says "Hi, please wait while I connect you to a human"
12:03 < TandyUK> sounds like a pretty pointless bot
12:03 < radicaldev> Lol
12:04 < TandyUK> "no, giuve me a fucking human"
12:04 < radicaldev> Nah, initial greetings are usually along the lines of 'Hi, how many I help you?'
12:04 < TandyUK> "now"
12:04 < TandyUK> thats how these 'conversations' with bots go for me
12:04 < radicaldev> Before too long, you won't even know it's a bot.
12:04 < Apachez> how many I help you?
12:04 < Apachez> this bot lov you long time
12:04 < TandyUK> how to piss off every customer who ever phones you up, check
12:05 < TandyUK> 'Hi, how many I help you?'   The typo would let me know its a bot lol
12:06 < TandyUK> plus how they 'speak' makes it pretty damn obvious
12:06 < radicaldev> shit, man. It's 5AM my time.
12:06 < TandyUK> its worse tha nidiots who read from a script in an indian accent
12:06 < radicaldev> Typos are a guarantee.
12:06 < radicaldev> Something bots don't experience =)
12:06 < TandyUK> if you have bots answering calls, pissed off customers are a guarantee too lol
12:07 < radicaldev> Nah, not really. To give you an example, say you're calling an auto dealer looking for a tie rod for a jeep cherokee...
12:07 < TandyUK> id prefer to spend 5 mins on hold before speaking to a human thanhave some bullshit software attempt to answer my call
12:07 < TandyUK> id be looking for <insert part number>
12:08 < TandyUK> "i want parts" is all the shitty bot would get
12:08 < detha> TandyUK: you are giving your age away. The youn'ones like their alexa/hi google/siri
12:08 < radicaldev> Human is gonna ask for year/make/model, maybe even has some options on the product.... Bot has the same thing... Human will take some time to think about it, look stuff up, etc... Bot has that in an instant.
12:08 < TandyUK> the young ones care not about their data lol
12:08 < TandyUK> human can make a desicision, bot has to be programmed to look it up, and when it gets it wroing, what happens?
12:09 < TandyUK> let me gues... they get a human
12:09 < TandyUK> so just give the mthe fucking human to begin with
12:09 < TandyUK> your client would do far betteri nvesting the moeny for htis syetm into some more staff to answer calls, and training them
12:10 < radicaldev> That's the nature of the beast. Sometimes you get some straight neanderthals that just can't handle the complexity of the real world, but on average people know how to ask questions that can be translated into actions.
12:10 < detha> the client doesn't need more staff. Just re-train the bunch that is currently annoying people doing cold-calling to answer people that are actually interested
12:14 < radicaldev> For sure, though.. The day is approaching when it's pretty tough to tell that you're not talking to a bot on the phone.
12:15 < detha> radicaldev: you will need very good sarcasm and humour detectors to make that happen
12:17 < radicaldev> detha: Most folks aren't into that so much initially. After getting pissed off by a response that doesn't equate to less money or problem solved, it goes there, but typically the first encounter is pretty benign and lacking in need to take it that far.
12:19 < radicaldev> Not to say we don't do our best to handle those situations. It's just not a huge use-case where a successful interaction depends on an accurate interpretation of the finer parts of human interaction over the phone.
12:20 < radicaldev> Plus, for this particular client, their customers are already dealing with shitty bots. Mine is just more-better.
12:21 < Apachez> even shitier?
12:22 < radicaldev> hate on the bots all you want... When you want some information quickly and getting a human takes 1+ hours, you'll love being able to ask a question and get an answer as if you were talking to a regular, competent human.
12:23 < radicaldev> i.e., not pressing 1 then 2 then 3 then 7 then dialing an account number, then pressing 3 and then 6 and the call drops.
12:23 < detha> I wish you good luck, maybe you will get it to a stage where calling companies becomes an option again. The current options of Press 1 for IVR or foreign-accented call-centre are enough to not even bother
12:23 < Apachez> or just phone a number and have a real human who understands the language to answer
12:24 < radicaldev> detha: That's where we're at.
12:24 < radicaldev> Apachez: This client runs 6k+ concurrent calls every-single-day most hours of the day.
12:24 < radicaldev> Just for this bot shit.
12:25 < radicaldev> That's not including their actual support staff
12:25 < Apachez> so thats 6k+ concurrent customers who dont get the help they payed for
12:25 < radicaldev> 6k customers don't pay 6k salaries.
12:25 < radicaldev> 6k customers probably don't even pay 10 salaries
12:26 < radicaldev> or maybe they do, I dunno... 6k customers != 6k employees though, that's for damned sure.
12:27 < detha> Which brings you back to the original question, how much to charge... At that scale, build-your-own will definitely beat anything you buy
12:28 < radicaldev> detha: Yep. I've got a much better idea about that, now, though.
12:30 < radicaldev> Heh, well I'm off to sleep now. Just remember, if you're ever talking to someone on the phone and realize it's not human, that fucktard from ##networking figured out the right price =)
12:31 < Apachez> so you just went from 6k+ concurrent customers to only 6k customers in total?
12:32 < radicaldev> Apachez: nah, 6k concurrent average, 10k or so peak, average call duration ~2 minutes bot interaction currently, probably less after I get in there. You can do the math. G'night!
12:36 < Apachez> well you for sure obvisouly cant
12:37 < Apachez> if a company have 10k CONCURRENT incoming customer calls they will for sure be able to pay 10k people for answering these calls
12:39 < radicaldev> Apachez: Mm.... Yeah, maybe... Assuming you paid all the support folks about 35k a year, though after you factor in health insurance and so forth, you're looking at 350,000,000 for that support staff which just answers questions like how much does X cost, or what is my remaining balance?
12:40 < TandyUK> [11:23] <radicaldev> i.e., not pressing 1 then 2 then 3 then 7 then dialing an account number, then pressing 3 and then 6 and the call drops.    <<< No, this is anpther way to piss off customers.
12:40 < radicaldev> Bot costs way less than that.
12:40 < TandyUK> How it works is" I dial 0800123456",  it rings 3 or 4 times, then a human being pick up the phones and says "Hello"
12:40 < TandyUK> no need for a stupid bot or IVR
12:41 < TandyUK> use the human to make the decision istead of forcing your customers to sit through a STUPID MENU WOTH NO OPTION THAT SEEMS TO MAKE SENSE
12:41 < TandyUK> sorry caps lol, but it fitted quite well :P
12:41 < radicaldev> Apachez: For the average case, it's about 210 million dollars, but you'd need an additional 4-5k to handle shit like hurricanes and frigid winter storms that take out infrastructure.
12:42 < radicaldev> TandyUK: The bot can understand what you want to do, or what you're asking for. That's the cool part.
12:43 < radicaldev> No stupid options, just say what you want to say and things carry on from there.
12:43 < Apachez> so you seriously claim a company who yearly get 210 million dollars from their customers cannot employ 6000 people to answering calls?
12:44 < radicaldev> no, yearly they get more than 100 billion dollars.
12:44 < radicaldev> Who the fuck wants to spend 200+ million dollars on people to answer simple questions, though?
12:44 < Apachez> of course, 100 billion a year you cant obviously employ 6000 staff
12:44 < radicaldev> They already employ 10s of thousands of people to handle higher tiers of questions
12:45 < Apachez> seems to be a shitty product then
12:45 < radicaldev> Lol. I think you just haven't ever dealt with companies that have 10s of millions of customers
12:46 < radicaldev> I mean, Danielle Bregoli is a customer, ffs. That girl is pure trouble.
12:47 < radicaldev> https://www.youtube.com/watch?v=tsp7IOr7Q9A
12:47 < radicaldev> You really want to pay someone any amount of money to handle her questions about whether her cellphone goes with her gucci flip flops?
12:49 < radicaldev> or would you rather pay the miniscule cost for a bot to tell her she ought to upgrade to the latest whatever to ensure that her personal cellphone is always in style?
12:55 < Apachez> sure I have
12:55 < Apachez> I have also seen companies with stupid employees such as you who cant take critisism
12:56 < radicaldev> Apachez: Not following. Please explain.
12:57 < Apachez> I have wasted enough of time on you :)
12:57 < radicaldev> Apachez: Thank you for your time.
12:57 < skyroveRR> ODODOB
12:58 < Apachez> radicaldev: you are free to pay consultant fee's if you want my help :)
12:58 < skyroveRR> ...
12:58 < skyroveRR> oops.
12:58 < skyroveRR> Hey Apachez
12:58 < Apachez> we usually start our charges at $10k for small cases :)
12:59 < radicaldev> Apachez: Do you take dogecoin?
12:59 < myxenovia> is it not safe if a stranger knows my public IP?
12:59 < myxenovia> or it doesnt matter
13:00 < Apachez> myxenovia: why would it matter?
13:00 < Apachez> are you up into some illegal stuff?
13:00 < radicaldev> myxenovia: It's not safe, no. It can be made more safe, but having a public IP is always a dangerous thing.
13:00 < myxenovia> Apachez no lol. more people knows my public IP, and they could hack me
13:01 < Apachez> yeah I browse internt using rfc1918 addresses
13:01 < Apachez> makes me feel all warm and safe
13:01 < Apachez> myxenovia: Im sure your public ip is between 0.0.0.0 - 255.255.255.255
13:01 < Apachez> does this mean its easier for me to hack you?
13:01 < myxenovia> Apachez what if you know my exact ip
13:01 < Apachez> doesnt matter
13:02 < Apachez> helps if I want to ddos your connection
13:02 < Apachez> other than that I use public info like sending you an email with a link
13:02 < Apachez> whcih you click on
13:02 < Apachez> and download a 0day
13:02 < Apachez> who executes on your computer
13:02 < Apachez> and then connects to a proxy of mine
13:02 < Apachez> and voila
13:02 < myxenovia> you are hacker lol
13:02 < Apachez> I dont know your public ip and I dont have to since its your box who calls me and not the other way around
13:03 < at0m> Apachez: don't need email address, just spam the link here or in a query
13:03 < Apachez> whatever floats your boat
13:04 < myxenovia> im not really good at networking but im not worried now that a lot of stranger  knows my public ip
13:04 < Apachez> by now we also know your mums boobsize
13:04 < radicaldev> myxenovia: That's impolite.
13:35 < Apachez> pew pew pew
13:53 < ethicalhacker> boom boom
14:05 < giaco> Hello
14:05 < giaco> cat /dev/random | netcat -u 127.0.0.1 6666 , Ncat: Connection refused. What the hell
14:06 < giaco> UDP is connectionless, there's no possible refuse
14:07 < Forst> perhaps it's referring to an ICMP port unreachable message?
14:08 < giaco> Forst: no, if I drop a netcat -l -u 6666 it works
14:10 < Apachez> sure there are
14:10 < Apachez> if you dont get a reply for the protocol in question you are being refused
14:10 < Apachez> some protocols can also refuse in the reply itself
14:11 < giaco> Apachez: how to create a UDP sink thrashing all the data if nobody is listening?
14:12 < Forst> nc -lu 12345 > /dev/null ?
14:12 < Apachez> giaco: ?
14:12 < mawk> what do you mean "if nobody is listening" giaco ?
14:12 < Apachez> dns sinkholing is a thing
14:12 < Apachez> dns uses udp
14:13 < Forst> drop relevant packets in iptables?
14:13 < giaco> A have a stream of data. I need to consume it into an UDP sink if nobody listens, else deliver the stream
14:14 < mawk> alright
14:14 < giaco> cat /dev/urandom | magic_udp_tool
14:14 < mawk> if nobody listens where ?
14:14 < giaco> cat < magic_udp_tool on the other side?
14:14 < Apachez> what do you mean by udp sink?
14:15 < compdoc> a nice way to clean udps
14:15 < mawk> lol
14:16 < mawk> how is that different from the normal behavior giaco ?
14:16 < mawk> if nobody listens the data is lost
14:16 < mawk> no need for some magic sink thing
14:16 < voidphere37> udp sink is a network sink that sends UDP packets to the network.
14:16 < voidphere37> if im not mistaken
14:16 < Forst> I'm guessing giaco wants no ICMP port unreachable messages in case a port is closed
14:16 < Forst> so that the client can't tell the difference whether it's open or not
14:17 < mawk> it's already the normal behavior
14:17 < Apachez> use multicast then?
14:17 < giaco> do you know how a character device works? I need to do the same, but in udp. It streams data continuously, even if nobody is reading the buffer.
14:17 < Apachez> when client is up switch sends the stream to the client
14:17 < Apachez> when client left then the switch is no longer sending the stream
14:17 < Apachez> or just iptables locally
14:17 < Apachez> if app is down then iptables is up
14:17 < mawk> icmp port unreachable is when the port is REJECTed
14:17 < mawk> if nothing is blocked, it has already the behavior you describe giaco
14:18 < mawk> so just allow the port in iptables and you're done
14:21 < wiresharked_> Sorry about that, my laptop almost died
14:21 < giaco> mawk: the port is not blocked, but cat /dev/urandom > netcat -u 127.0.0.1 6666 returns Ncat: Connection refused
14:22 < mawk> loopback is different
14:22 < mawk> it is explicitely for loopback that you want to do that so ?
14:23 < giaco> also doing cat /dev/urandom > netcat -u <other_host_not_listening> 6666 returns Ncat: Connection refused
14:23 < giaco> mawk: my target is loopback, but same netcat behavior stands for remote hosts also
14:24 < mawk> you opened the port in the remote host ?
14:24 < wiresharked_> giaco: Maybe the other host has some ICMP messages blocked
14:24 < giaco> wiresharked_: no, it is not blocket. It is netcat that thinks that UDP is TCP
14:25 < giaco> if I do cat /dev/urandom > netcat -u <non_existing_host> 6666 it waits without sending anything
14:25 < wiresharked_> giaco: Well that's a little bit weird
14:25 < mawk> yeah sorry giaco you're right
14:25 < mawk> after a little testing
14:25 < mawk> so, udp sink
14:26 < mawk> let's find an iptables match that detects if a port is bound
14:26 < mawk> or you want to do it exclusively client-side ?
14:27 < mawk> to do a correct program client-side is quite a challenge
14:27 < mawk> I'd use a netlink socket to detect when a port is bound
14:28 < giaco> mawk: I need an alternative of a character device. mknod -c is not available, so I was thinking about a local udp "sink"
14:28 < mawk> how is a character device a sink in the way you describe ?
14:29 < giaco> the camera attached to /dev/video0 is not waiting for someone to be consuming the buffer, it just streams
14:30 < mawk> it's special
14:30 < mawk> it's indeed waiting for someone to consume frames
14:30 < mawk> in the kernel a function is called when someone open() the device
14:30 < wiresharked_> mawk: Correct, because it's a virtual device according to the Linux kernel
14:31 < mawk> the two parts of your magic sink are synchronized giaco ?
14:32 < giaco> no. A should keep streaming, B should be able to attach on demand and receive real-time data
14:32 < giaco> mawk: is this what you were asking?
14:32 < mawk> why would you do that ?
14:32 < mawk> yes
14:32 < mawk> why don't you make A just do nothing unless B is attached ?
14:32 < wiresharked_> mawk: That's a bad idea
14:33 < mawk> less bad than generating useless network traffic
14:33 < wiresharked_> mawk: Group policy updates are not "useless network traffic" either
14:33 < mawk> what ?
14:34 < mawk> why is it a bad idea to wait for the right moment to send the data ?
14:34 < mawk> instead of having it sent over the wire just to be discarded later
14:35 < wiresharked_> mawk: It's not. Carrier sense is always an important part of 802.11
14:35 < mawk> I must have missed something
14:35 < mawk> why are we talking about 802.11 and group policy
14:35 < wiresharked_> mawk: OK, I'll stop talking about that in front of you
14:36 < mawk> ?
14:37 < mawk> was that a troll
14:37 < mawk> so, giaco
14:38 < giaco> I do understand that you are suggesting me that keeping the source shut is a green option and that saving the trees is important, but here I have to fire the amazon forest to build a parking lot, so A must be streaming and filling the pipe
14:38 < mawk> lol
14:38 < mawk> alright
14:39 < mawk> so you want buffering ?
14:39 < giaco> how to make netcat not behaving so polite to the wire? Is udp, ffs
14:39 < mawk> it would need to ignore the error that send() returns
14:39 < mawk> a simple patch to netcat would do it
14:40 < giaco> buffering, yes, if possible, a couple of kb would be ok
14:40 < mawk> then you need something on the side of B receiving the packets
14:40 < giaco> on the other hand, if you know another solution that is not netcat (and maybe not udp) but behaves like a character device, I'm hearing
14:41 < mawk> a fifo, for instance
14:41 < mawk> but when the buffer is full it makes an error
14:41 < giaco> a fifo is line buffered and is not consuming on the left side if there's nobody on the right
14:41 < mawk> it's not line buffered
14:42 < mawk> line-buffering depends on the receiver/emitter
14:42 < mawk> you've got a tty, also
14:42 < mawk> that's the perfect embodiment of a character device
14:43 < giaco> mawk: right
14:46 < mawk> write(3<UDPv6:[2001:db8::cb3:47fe:21e4:b031:37159->2001:db8::1:54321]>, "lolilolazuofdisjdsoijfdoisjfids\n", 32) = 32
14:46 < mawk> when I write to a non-bound port, I get no error
14:47 < giaco> mawk: that is what I expect to happen, but netcat Ncat 7.70 ( https://nmap.org/ncat ) is a fluffy jigglypuff and pretends an open port
14:49 < mawk> I did it with "OpenBSD netcat (Debian patchlevel 1.190-1)"
14:51 < mawk> you can patch netcat, or do a quick thing in C
14:51 < giaco> mawk: I always end up with the wrong version of netcat. We need a separate POSIX standard for netcat alone
14:51 < mawk> well I tried with just one line, but when I send more netcat quits, but without making an error
14:52 < mawk> how do you delimitate messages to send ?
14:53 < giaco> mawk: it is a pcm audio stream, no delimitation
14:53 < mawk> so byte by byte
14:53 < mawk> ?
14:53 < giaco> or, well, kind of pcm stream
14:53 < giaco> yes
14:54 < mawk> alright then
14:54 < giaco> frame by frame in burst of 192
14:54 < mawk> you can buffer up to 64k on loopback
14:54 < mawk> ah
14:54 < mawk> so buffer by a multiple of 192
14:54 < mawk> and send
14:54 < giaco> but depends, let's consider them just bytes
14:54 < mawk> alright
14:56 < mawk> if it's exclusively for loopback use why do you want to do that with UDP ? I see dozens of other solutiosn
14:56 < mawk> like using IPC and a notification to know when to send the data
14:56 < giaco> mawk: just found a possible alternative, but not network related. If you are curious, take a look at this (https://stackoverflow.com/questions/8410439/how-to-avoid-echo-closing-fifo-named-pipes-funny-behavior-of-unix-fifos)
14:57 < giaco> but please I'm still interested into the UDP solution
14:58 < mawk> yes I was referring to that behavior when I said fifo
14:58 < mawk> you open it read-write to bypass the lock for when there are no readers
14:58 < mawk> but still, it will make an error when the buffer is filled
14:59 < giaco> no hack to make a fifo drop the exceeding buffer?
15:00 < mawk> you can read it yourself to unfill the buffer
15:00 < mawk> but it's full of race conditions
15:00 < mawk> it's not as cool as a shared circular buffer
15:01 < mawk> which would be the thing you want
15:02 < giaco> that's a very beautiful phrase, my google likes it
15:02 < mawk> lol
15:03 < mawk> maybe there's a nice ioctl for the fifo
15:03 < mawk> let me read the kernel source
15:09 < mawk> there's just one ioctl, FIONREAD
15:10 < mawk> to return the size of the buffer
15:12 < mawk> then giaco just a little C program that transforms input from stdin into datagrams
15:12 < mawk> do you need performance ?
15:12 < giaco> mawk: I've also found .tail -f myfifo > /dev/null'
15:13 < mawk> it consumes data from the fifo
15:13 < mawk> but the data is really lost
15:13 < mawk> what about a tty ?
15:15 < giaco> mawk: how to use a tty this way? I've never really messed with ttys so far. Kind of ashamed
15:19 < mawk> hm
15:19 < mawk> the sink would possess the master side, and the program wanting to read would open the slave side
15:19 < AlexPortable> 802.1Q vs port based vlan?
15:20 < Apachez> AlexPortable: two different things
15:20 < AlexPortable> which do i need
15:30 < x_> hola mi amigos... como estas?
15:31 < AlexPortable> What I want: port 1 to 6 for private network, reserve port 7 and 8 for two different vlans (which can't communicate with other vlans), have another vlan connected to the switch2 (port 5) on port 2. My setup: vlan1, tagged ports 2, member ports 1-6 | vlan2, member ports 7, tagged ports 7 | vlan3, member ports 8, tagged ports 8
15:33 < AlexPortable> x_: im fine thank you
16:03 < momomo> anyone here actuve ?
16:04 < mawk> yes
16:06 < momomo> theoretical: if my fiber broadband provider in sweden has provided me with a "tampered" router, and I am surfing the web with it using wireless, theoretically it can be eavesdropped. However, the question now refers to TOR browser and using GMAIL. If I am using TOR browser with this potentially tampered with router, wirelessly, and despite using the TOR browser, but still on wireless, is it possible that TOR won't
16:06 < momomo> necccessary help me protect my message and/or origin and/or id/ip ?
16:09 < voidphere37> momomo private message
16:15 < light> momomo: your ISP can't easily perform a man in the middle attack on gmail because your browser wouldn't trust any TLS certificate they used
16:18 < Peng> More to the point, your ISP can't MITM Tor either.
16:19 < mawk> momomo: encryption is end-to-end
16:19 < mawk> the router is just a medium
16:20 < momomo> yes, but if my 192.168.10.1 settings produces https://imgur.com/a/Suq54bk
16:20 < mawk> and ?
16:20 < mawk> it's normal
16:20 < mawk> your router interface has a self-signed tls certificate
16:21 < momomo> then theoritaclly someone can pickup that password and perhaps the wireless decryption keys ... so when I aam surfing ... between my laptop and router .. someone can get the traffic
16:21 < mawk> why ?
16:21 < light> wat
16:21 < voidphere37> no
16:21 < mawk> it's a tls connection between your router and you
16:22 < mawk> just register its CA to get rid of the message and prevent later tampering
16:23 < momomo> mawk: you saying a wireless connection with a know password shared between many people ... there is no way that I can eavesdrop on another persons wireless communication ? despite knowing the original password ? i am guessing when he/other person connects to the router, it generates a public/private key for him ...
16:24 < mawk> I wasn't talking about the wireless
16:24 < mawk> but about the https connection
16:25 < light> if you control the AP you can definitely sniff their traffic
16:25 < momomo> yes, so when I login to the router settings ... not over https ... but locally .. you are saying that no one in my surronding using wireshark for instance .. can detect the password to the router in case I update  some settings so that they can regain access  ?
16:26 < momomo> light: AP ?
16:29 < light> access point
16:30 < light> if you're connecting to a machine on the lan using an unencrypted protocol, like http, people may be able to sniff your traffic. but there's no need to use http when your router supports https
16:33 < varesa> momomo: that "Not secure" doesn't mean it is not encrypted or not using HTTPS
16:34 < varesa> it means that the browser can't validate the identity of the router certificate by the use of a third party Certificate Authority
16:34 < varesa> it is using a so called self signed certificate
16:38 < cluelessperson> how do you guys manage enterprise networks with ipv4 and ipv6?
16:38 < momomo> i am on two channels discussing this so I missed my part here
16:39 < momomo> come over to ##security and if you missed it I will screenshot the conversation there
16:39 < momomo> https://imgur.com/a/l4wc9pY
16:59 < cluelessperson> Does anyone know the full public ip ranges for IPV4?
17:02 < compdoc> just 3 of them, right?
17:03 < djph> cluelessperson: 0.0.0.0/0; less 10/8, 100.64/10, 172.16/12, 127/8, 192.168/16, and 224/4, dunno offhand if 240/4 is public, but it's easy enough to check.
17:04 < cluelessperson> djph: yes, but how do I list those
17:04 < cluelessperson> less 10/8 isn't valid cird :P
17:04  * cluelessperson should rephrase
17:05 < cluelessperson> does anyone know the CIDR notation public ip ranges? :P
17:05 < djph> 10/8 is just as valid shorthand as fe80::/64
17:06 < Alina-malina> how to reject all ip addresses with blackhole and then allow certain ip addresses with ip route? is there any recomended way of doing it when i am going to blackhole 0.0.0.0/0 and after start allowing certain ip addresses?
17:07 < cluelessperson> Alina-malina: reject how
17:07 < cluelessperson> firewall? dns?
17:07 < djph> cluelessperson: I litereally told you.  However, it's a right fucking pain in the ass to write 0.0.0.0/5, 8.0.0.0/7 [...]
17:08 < Alina-malina> cluelessperson, send to blackhole any requests or responses
17:08 < djph> Alina-malina: rules 1-n allow; default = blackhole
17:08 < cluelessperson> Alina-malina: send to from what
17:08 < cluelessperson> sounds like firewall, set a drop policy
17:09 < cluelessperson> well, I'm wanting to allow certain subnets to access port 80,443 to the WWW
17:09 < cluelessperson> djph: ^ if I leave it as "ANY" they have access to other subnets
17:10 < Alina-malina> djph, can you be more specific please? thats cool thing, is 1-n ip address? can i do a coma separated?  i assume u referring to route function?
17:10 < djph> cluelessperson: so then (1) drop to other subnets; (2) allow any.
17:10 < djph> Alina-malina: no, rule numbers ... e.g. 1,2,3, [...] -- howevermany you need
17:11 < cluelessperson> djph: Ah, then i'd need to inverse my scheme.   I'm using a deny default
17:11 < djph> cluelessperson: obviously.
17:11 < Alina-malina> djph, could you please give me some real world example, not sure if i understand correctly
17:12 < djph> Alina-malina: you're creating conditionals, right ... so then create yourself a group of "allowed contact" networks, and then drop everything else.
17:12 < Alina-malina> djph, with ip route function right? and not iptables
17:13 < djph> I'd use a firewall instead of routes, since (IMO) firewalls are less messy.  But a routing table could also do that.
17:13 < Alina-malina> djph, well that box i have here has issue with kernel iptables and i have to use ip route unfortunately
17:14 < mawk> if it's for filtering outgoing destinations, ip route isn't adapted
17:14 < djph> then ... replace the box?
17:14 < mawk> you want to do a filter, not real routing rules
17:15 < mawk> even though ip route works to do that, using policy routing to send to a blackhole routing table depending on some criterion, or just using blackhole routes
17:15 < Alina-malina> mawk, well all i want to do is just reject all world and allow 2 ip addresses, but i need to do that with "ip route"specifically, unfortunately i dont have other options for that box right now
17:15 < mawk> in what direction Alina-malina ?
17:16 < mawk> from the internet ? or to the internet
17:16 < mawk> just to be sure
17:17 < mawk> Alina-malina:
17:17 < Alina-malina> mawk, actually i need to allow local ip address submask and 1 external subnet mask, and reject the rest of the world
17:18 < mawk> in what direction ?
17:18 < Alina-malina> incomming direction to the router
17:18 < mawk> you want to allow these ips for connections *from* the LAN ?
17:18 < mawk> yeah but from where
17:18 < mawk> from the internet ?
17:18 < mawk> or from the LAN
17:18 < mawk> let's assume from the lan
17:18 < Alina-malina> i have both networks to deal with, so both ways
17:18 < Alina-malina> hmmm
17:18 < Alina-malina> yes
17:19 < Alina-malina> i guess its LAN
17:19 < mawk> let's also assume that you really can't use anything else than ip route
17:19 < Alina-malina> yes
17:19 < mawk> but remember it's absolutely not the right tool for that
17:19 < mawk> do you've got the command ip rule ?
17:19 < mawk> can you write to the file /etc/iproute2/rt_tables ?
17:19 < Alina-malina> yes
17:19 < Alina-malina> just a moment i check
17:20 < mawk> just check if it's here
17:22 < mawk> let's create a blackhole routing table
17:22 < mawk> printf '150\tblackhole\n' >> /etc/iproute2/rt_tables
17:22 < mawk> assuming 150 isn't taken already
17:23 < mawk> oh it's not necessary actually
17:23 < mawk> you can blackhole traffic directly from ip rule
17:23 < mawk> I forgot it
17:24 < mawk> check if the numbers I give are available using ip rule show
17:24 < Alina-malina> yes there is a file
17:24 < mawk> normally you've got 0, 32766, 32767
17:24 < mawk> if this is homework you can read man ip-rule
17:25 < mawk> to know how to use it
17:25 < mawk> even if it's not homework
17:25 < Alina-malina> i just cat that file and it said: 2 static-table
17:25 < mawk> that's weird
17:25 < mawk> it's not supposed to remove the other canonical tables
17:25 < mawk> they're hardcoded in the kernel source
17:25 < mawk> main, default, local
17:25 < mawk> let's pretend we didn't see anything
17:25 < mawk> focus on ip rule
17:26 < mawk> to add a rule you do: ip rule add priority N ...
17:26 < mawk> replace N by the rule number, between 1 and 32765
17:26 < mawk> and ... by the criterion
17:26 < Alina-malina> mawk, https://pastebin.com/raw/hiKTZU2j
17:27 < mawk> uh
17:27 < mawk> your router is doing something unfortunate
17:27 < mawk> doesn't leave us many room for new rules
17:27 < mawk> what in this static table ?
17:27 < mawk> ip route show table static-table
17:28 < mawk> maybe we can just ignore what the router is doing there
17:28 < mawk> but if the router has effectively a static table mechanism it's maybe better to use it to make your blackhole rules, dunno
17:28 < Alina-malina> no ourput for that command unfortunately
17:28 < mawk> choose the best looking option
17:28 < mawk> ah, so nothing in the table
17:29 < mawk> hmm
17:29 < mawk> so we can use it
17:29 < mawk> perfect
17:29 < mawk> just add the blackhole rules in this static-table thing
17:29 < mawk> there's maybe a web interface to do it, dunno
17:29 < Alina-malina> no web interface console
17:29 < mawk> ah
17:30 < Alina-malina> could you please show me the command to add to specific table? i just dont want to mess up anything on this, i think i should practice in virtual env first
17:30 < Alina-malina> anyways thank you so much for help mawk
17:30 < mawk> ip route add ... table static-table
17:30 < SporkWitch> Alina-malina: man ip route
17:30 < Alina-malina> SporkWitch, /bin/sh: man: not found   :) anyways i will try on my other box now before practicing
17:30 < Alina-malina> thanks guys
17:31 < SporkWitch> wtf are you running that's missing man? lol
17:31 < Alina-malina> lol
17:31 < skyroveRR> My distro ;)
17:31 < skyroveRR> It doesn't have man-pages package :D
17:31 < skyroveRR> I've yet to compile one.
17:32 < SporkWitch> no, seriously, because the only non-embedded system i've ever seen without is the deliberately crippled WSL
17:32 < Alina-malina> i dont know what it is, it came with this box out of factory, its a china device storage lol
17:32 < mawk> ip route add blackhole NETWORK table static-table
17:33 < mawk> replace network by 1.2.3.0/24 to block the 1.2.3.0/24 network for instance
17:33 < mawk> if you want to do more precise matching don't use routes, use rules
17:33 < mawk> it's up to you to decide what are you needs
17:33 < mawk> using rules you can match on the source interface for instance
17:34 < mawk> for instance `ip rule add type blackhole priority 10 iif eth1 to 1.2.3.0/24' to match packets incoming from the eth1 interface
17:34 < Alina-malina> nice nice! thanks mawk i learn cool stuff today
17:35 < mawk> replace 10 by the rule number, order them like you want
17:45 < AlexPortable> I've setup VLANs now, but whenever i'm inside a vlan, i can't ping the router, what am i doing wrong?
17:46 < Harlock> sounds liek the vlan is working
17:46 < Terminus> AlexPortable: what Harlock said and also, you don't have a gateway on that VLAN.
17:46 < AlexPortable> how do i setup a gateway
17:47 < Harlock> depends what you want to do and what the switch is capable of doing
17:47 < Harlock> ie can the switch to routing
17:47 < Harlock> er do
17:47 < AlexPortable> it has vlan support
17:48 < AlexPortable> i want my vlan to access the gateway
17:48 < Harlock> but can it do intervlan routing
17:48 < Harlock> and what is your router/gateway device?
17:49 < routingloop> you need to create an interface vlan (SVI) or trunk your vlan to a router subinterface with the dot1q tag
17:49 < AlexPortable> router is isp modem/router
17:50 < AlexPortable> i can set vlan port untagged, tagged, not member
17:50 < AlexPortable> and pvid
17:50 < Harlock> well then you have no real point to use a vlan if the switch can't route
17:50 < AlexPortable> uh
17:51 < Harlock> because you have no vlan support or seperate lan interfaces on the isp gateway
17:51 < AlexPortable> true
17:52 < Harlock> now if you can get your cable gateway bridged then you can run your own router and do stuff like that
17:52 < AlexPortable> hmm i can also include port1 in the vlan config
17:53 < Harlock> i have no idea what your switch can or cannot do
17:53 < AlexPortable> well it can do that
17:56 < RefractiveIndex> Greeting, I want to set up port forwarding in privoxy. This is the addition to the file I got. My doubt. Is there a . at the end of it
17:57 < RefractiveIndex> forward-socks4a / localhost:9050 .
17:57 < RefractiveIndex> Or it could be a mistype
17:58 < sunrunner20> am I remembering 2.4 gig right, 2 and 11 if you can but 6 if you have to have a third?
17:58 < sunrunner20> (channel selection)
17:59 < Harlock> 1 6 and 11 and non overlapping
18:00 < sunrunner20> I've got stuff on 2 unfortunately
18:00 < Harlock> er are non overlapping
18:00 < sunrunner20> I can get it changed maybe
18:01 < RefractiveIndex> Anyone please?
18:02 < Forst> RefractiveIndex: https://www.privoxy.org/user-manual/config.html#SOCKS
18:03 < Forst> it documents the "dots" as well
18:07 < sunrunner20> any better ap recommendations than a unify AP AC Lite for a small 800sq foot area?
18:09 < sunrunner20> overkill probably but I'm tired of consume crap
18:09 < RefractiveIndex> Forst: I see now. Thankyou :-)
18:09 < Forst> RefractiveIndex: no prob :>
18:10 < Forst> sunrunner20: ap-ac-lite is a great choice imo, you might want to choose pro if you have 3x3:3 capable devices
18:11 < sunrunner20> Forst, I don't think I do and wifi is mostly is mostly N devices. My iPhone might be full AC/3x3 but who needs more than like 30mbit on an iphone?
18:12 < momomo> how do you find out an irc users location ? or he/shes ip address ?
18:12 < sunrunner20> momomo, that's considered rude. The closest you'll usually get is what server they were directed too
18:12 < Forst> sunrunner20: well it would make downloads faster :) but yeah, I'm guessing a lite is your best bet for now
18:12 < sunrunner20> which isn't at all reliable
18:13 < sunrunner20> and I'll just run the controller software on my desktop when I need to change a setting
18:13 < momomo> sunrunner20: rude or not, i am just asking ... is that available by default through some command?
18:13 < qman__> the whois contains that information
18:13 < sunrunner20> oh my bad
18:13 < sunrunner20> I assumed you knew whois existed :|
18:13 < qman__> whether or not the server obscures it is up to the administration
18:15 < Forst> sunrunner20: you can even run the controller on a raspberry pi, for example, if you want to collect usage stats and such
18:15 < sunrunner20> I might run it in a freebsd jail if it doesn't consume too much memory. but I've got a PfSense collecting most stats
18:16 < cluelessperson> boot
18:16 < cluelessperson> editting firewall rules on Unifi USG seems to cause it to restart or reset and reprovision sometimes
18:16 < cluelessperson> takes like 2 minutes to reload/boot
18:16 < sunrunner20> ouch
18:16 < sunrunner20> that's nasty cluelessperson
18:17 < cluelessperson> sunrunner20: does that sound normal?
18:17 < sunrunner20> no idea
18:17 < sunrunner20> I'm bad at networking
18:17 < cluelessperson> so am I apparently
18:17 < sunrunner20> I want to make my PfSense box appear transparent
18:17 < sunrunner20> but can't figure out how to do it
18:18 < cluelessperson> sunrunner20: I'm unfamiliar with PFsense, that's a network monitoring tool?
18:18 < sunrunner20> cluelessperson, freeBSD based firewall appliance
18:18 < cluelessperson> sunrunner20: could you mirror a port, so that PFsense sees the traffic, without having pipe traffic through it?
18:18 < cluelessperson> ah, firewall is active
18:18 < Forst> sunrunner20: approx 400M in my case, it requires mongo and java, so it's definitely not lightweight :D
18:18 < cluelessperson> monitoring a mirrored port would be passive, I think
18:19 < cluelessperson> Forst: I dropped, what were you trying to do?
18:19 < sunrunner20> Forst, I can spare 400meg memory. 100gb disk wouldn't be an issue but I know it won't use that much
18:19 < Forst> cluelessperson: I wasn't doing anything :)
18:20 < Forst> and a couple of gigs of storage
18:20 < cluelessperson> Forst: "400M in your case" liar! :D
18:20 < sunrunner20> hrm
18:21 < Forst> what? xD
18:21 < cluelessperson> your/my
18:21 < sunrunner20> I could put a ssd and install ESXi on the firewall box and run it there
18:21 < sunrunner20> but its a pretty puny box
18:21 < cluelessperson> sunrunner20: can't you just create a linux bridge?
18:21 < cluelessperson> isn't that what you'd be relying on esxi, as total overkill to do? :
18:21 < sunrunner20> cluelessperson, need routing and some traffic rules
18:21 < cluelessperson> ah
18:22 < Forst> unifi, esxi, I like the way you think :)
18:23 < sunrunner20> the point is for me to A: have a S2S tunnel back to other home so my two storage appliances can replicate content. B: QoS that traffic and mine in general so I don't hog the houses BW limit and annoy the people I rent from C: Isolate me from the fairly insecure network that they're providing
18:23 < sunrunner20> (appliances can replicate content and I don' thave to have openVPN running on my desktop and laptop all the time)
18:26 < sunrunner20> right now looks like the best way is to run it as a regular firewall and just deal with the double NAT
18:27 < cluelessperson> sunrunner20: I think what's happening is that I'm applying settings too quickly in the controller, and it resets the usg when the configuration doesn't seem to match up.
18:27 < sunrunner20> maybe. easy to test that
18:28 < Forst> you can avoid double nat if you can set a static route on the other device
18:28 < momomo> qman__: whois just shows freenode node
18:28 < momomo> server
18:29 < Forst> momomo: it means that the ip is hidden by the server
18:29 < sunrunner20> and their ip if they don't have it masked
18:29 < sunrunner20> check mine
18:29 < sunrunner20> its not hidden but it is masked
18:33 < AlexPortable> two dhcp servers in the same network, what will happen?
18:38 < detha> AlexPortable: whoever put the second one in will get fired.
18:39 < AlexPortable> oh
18:39 < AlexPortable> can i somehow limit it to some client?
18:41 < Kyosh> alex, first find the dhcp server
18:41 < Forst> generally you should not have multiple dhcp servers in one network segment. why would you want that in the first place? what's the final goal?
18:41 < detha> A dhcp server can be limited to one client - give it a 0-sized pool and one hardwired MAC.
18:41 < detha> however, if the client picks that up is 50/50
18:41 < AlexPortable> thing is my guest network has no support for a DNS server
18:42 < AlexPortable> and some clients just fail to auto assign their own dns
18:42 < detha> Then fix the 'has no support for a DNS server' part
18:42 < AlexPortable> as in replace the device?
18:42 < Kyosh> clients should not assign their own DNS if they are using DHCP
18:42 < Kyosh> in a guest network
18:42 < AlexPortable> true but the normal dns server is in the private network range
18:43 < Kyosh> so rhe guest network provides internet access right?
18:43 < detha> Ehm, clients are free to use whatever DNS they like. The DHCP server should however offer one
18:43 < Forst> provide public dns addresses then
18:43 < Kyosh> then assign 8.8.8.8 for the dns in the guest networks dhcp
18:43 < Forst> google, cloudflare, opendns, whatever
18:43 < Kyosh> yea
18:44 < Kyosh> dont need to offer priate, never the only option
18:44 < AlexPortable> well i mean there is no option to configure that
18:44 < AlexPortable> all dhcp options there are on the guest network are on/off, and ip range
18:45 < AlexPortable> ip, subnet, spanning tree, enable, lease time, start ip, end ip, domain name
18:46 < Forst> consumer level devices should provide dns functionality for guest networks too automatically
18:46 < Kyosh> which dhcp server?
18:46 < AlexPortable> router based
18:47 < AlexPortable> well this one doesnt
18:47 < AlexPortable> time to throw it out i guess?
18:47 < Kyosh> which router?
18:48 < AlexPortable> sitecom wl-312
18:51 < Kyosh> umm
18:53 < AlexPortable> ?
19:11 < pally> Hey guys
19:11 < pally> https://www.fs.com/passive-optical-network-tutorial-aid-202.html
19:12 < Kyosh> and?
19:12 < pally> "OLT is a terminal equipment connected to the fiber backbone. It sends Ethernet data to the ONU, initiates and controls the ranging process, and records the ranging information"
19:13 < pally> Does anyone know what kind of "ranging process" and "ranging information" they're talking about?
19:14 < Forst> pally: http://www.ad-net.com.tw/ranging-mechanism-in-gpon-upstream/
19:17 < RefractiveIndex> Ok, so if i access someone's Router. The only identity i leave behind is my Mac Address right?
19:21 < pally> One other question, "ONU is a generic term denoting a device that terminates any one of the endpoints of a fiber to the premises network, implements a passive optical network (PON) protocol, and adapts PON PDUs to subscriber service interfaces."
19:21 < pally> What does "PDU" in  "PON PDU" stand for?
19:21 < pally> I tried googling it
19:22 < Forst> protocol data unit
19:22 < Kyosh> power distribution unit?
19:22 < Forst> frames, basically
19:22 < RefractiveIndex> Forst?
19:22 < Forst> or whatever they're called in the world of PON
19:22 < pally> Kyosh, yes, that came up, but didn't seem related
19:22 < pally> Forst, thank you sir
19:23 < Forst> RefractiveIndex: all your traffic can be snooped on, so I suggest not to connect to others' network without prior consent of its owner
19:24 < Kyosh> a PON doesnt need power?
19:24 < pally> According to the article, the splitter doesn't require power
19:25 < Forst> correct, that's why it's popular in dense deployment environments
19:26 < Forst> we have such an ISP which covers whole Moscow
19:29 < Kyosh> http://www.bicsi.org/uploadedfiles/BICSI_Conferences/Winter/2015/presentations/Fundamentals_of_Passive.pdf
19:31 < Kyosh> i really wouldnt think that a protocol distrobution unit would apply to a PON since it should be protocol agnostic
19:31 < Forst> well there has to be some low-level structure that encapsulates Ethernet frames or something like that
19:38 < pally> Forst, I have a somewhat silly question about "ranging", is this ranging process performed on a per-session basis?
19:39 < pally> (And yes, I have read the link you sent me)
19:39 < Forst> honestly, I have no idea xD
19:42 < pally> The reason I brought that up is b/c the link you pasted describes the equalization delay that is calculated to simulate a virtual distance whereby each ONU's are located at the same *virtual* distance from the OLT
19:43 < pally> anyway. :-)
19:45 < Forst> well maybe it's redone for every ONU when this virtual distance has to increase/decrease?
19:46 < Forst> just guessing
20:37 < Blueking> anyone knows when ax routers will be available ?
20:44 < djph> when they are?
20:56 < ignamv> hi!
20:58 < ignamv> can anyone recommend reading material to get up to speed on ipv6? For example I just found out that it uses NDP rather than DHCP. Is there a FAQ, guide, book, etc. you recommend?
20:59 < Apachez> ignamv: google it
21:00 < ignamv> thanks!
21:02 < dogbert2> ugh...worked too many hours yesterday/today :P
21:04 < ignamv> Apachez: seriously though, is there something better than google/wikipedia?
21:04 < SporkWitch> ignamv: of course; you can find it with a search :)
21:04 < SporkWitch> read the RFCs
21:05 < ignamv> I'm tempted to keep asking to see how the advice gets worse and worse
21:05 < SporkWitch> the advice is good and will stay the same, as long as you continue to ask google questions
21:05 < ignamv> I can't imagine something worse than reading RFCs though. Except reverse-engineering my router firmware
21:06 < SporkWitch> the only change will typically be that we begin mocking your arrogance and laziness for thinking your time is more valuable than ours
21:10 < Apachez> ignamv: I doubt it, all good material I have located have been through google
21:12 < Apachez> IPv6 Neighbor Discovery (ND) Trust Models and Threats (Neighbor Discovery DoS Attack):
21:12 < Apachez> http://tools.ietf.org/html/rfc3756#section-4.3.2
21:12 < Apachez> Using 127-Bit IPv6 Prefixes on Inter-Router Links (Neighbor Cache Exhaustion Issue):
21:12 < Apachez> http://tools.ietf.org/html/rfc6164#section-5.2
21:14  * SporkWitch spanks Apachez
21:22 < tds> Apachez: is there any advantage to having global IPs on inter-router links in the first place?
21:22 < tds> all of mine are link-local only, I guess global addresses might make troubleshooting easier
21:23 < spaces> SporkWitch I like to be spanked as well
21:29 < AlexPortable> Any recommendations for blocking all traffic except http and https?
21:31 < SporkWitch> use a firewall
21:31 < n3t> AlexPortable: do you want to filter protocols or ports which these protocols use?
21:31 < n3t> But yes, use a firewall.
21:31 < AlexPortable> not sure what's the best way
21:32 < SporkWitch> there's rarely such a thing as best; it's dependent on your threat model
21:32 < AlexPortable> how so?
21:33 < SporkWitch> it's not an absolute; what is best for your situation depends on the threat model, like i said
21:34 < AlexPortable> whcih threat model requires which method
21:34 < AlexPortable> there must be one safer no?
21:35 < SporkWitch> https://lmgtfy.com/?s=d&q=introduction+to+threat+modeling
21:38 < Apachez> SporkWitch: egyptian two-ply threats?
21:38 < n3t> AlexPortable: what do you want to achieve?
21:39 < SporkWitch> n3t: copypasta that psychically identifies his needs and does everything for him
21:39 < n3t> SporkWitch: ;;
21:40 < SporkWitch> n3t: tell me i'm wrong lol
21:40 < AlexPortable> prevent people from using other things than 'normal' internet usage, like downloading torrents
21:41 < n3t> AlexPortable: disable all ports except 80 and 443 on your router to leave http(s) only.
21:41 < SporkWitch> make sure you set it on the dest port, not source port
21:42 < AlexPortable> although this could still let someone use 'service x' on port 80
21:42 < AlexPortable> for example ssh
21:42 < n3t> AlexPortable: if someone is that smart, he will bypass your restrictions anyway.
21:42 <+catphish> AlexPortable: use a firewall
21:42 < n3t> AlexPortable: someone can always tunnel all the traffic via https.
21:42 < AlexPortable> what more is there possible to bypass?
21:42 < ignamv> other links worth skimming: http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/index.html https://csrc.nist.gov/publications/detail/sp/800-119/final
21:43 < AlexPortable> well but that tunnel won't allow him to download with my ip
21:43 < ignamv> I take back what I said, the RFC for SLAAC has a nice summary at the beginning
21:43 <+catphish> AlexPortable: also consider why you are doing this, it can be an annoyance to users
21:44 <+catphish> anyway, the answer is the same, only allow the ports for the services you want to allow
21:54 < qman__> Yep, drop outbound by default and add rules for http and https, and presuming you want dns, so that too
22:06 <+catphish> yep, or run your own dns internally
22:09 < Al_nz1> Hi. I want to connect my PC to my phone's hotspot. I also want and IP camera plugged into my PC to use the phone (via the PC) as a gateway. Is this possible on windows?
22:20 < whatsupdoc> somone plz help https://i.imgur.com/Vkb226Z.png
22:22 < at0m> whatsupdoc: some plz explanation to go with that or should we all just click
22:24 < SporkWitch> whatsupdoc: If you have a question, just ask! For example: "I have a problem with ___; I'm running Debian version ___. When I try to do ___ I get the following output ___. I expected it to do ___." Don't ask if you can ask, if anyone uses it, or pick one person to ask. We're all volunteers; make it easy for us to help you. If you don't get an answer try a few hours later.
22:27 < whatsupdoc> Consider the use of the go-back-n protocol where n=3 for error control for communication from A to B. A packet from A to B, and an ACK from B to A are received in error.
22:27 < SporkWitch> homework question; read your textbook / ask your TA
22:27 < whatsupdoc> It's a weekend!! I can't wait 3 days
22:28 < SporkWitch> hope your textbook is good
22:28 < whatsupdoc> nope :(
22:28 < SporkWitch> whelp, GIYF
22:29 < whatsupdoc> I tried :(
22:30 < whatsupdoc> Does anyone know go-back-n protocol?
22:30 < SporkWitch> many people do; so does google
22:30 < whatsupdoc> If receiver receives a packet and sends a ACK but the ACK fails, does RN still get updated?
22:30 < SporkWitch> https://linuxmafia.com/faq/Essays/smart-questions.html
22:31 < whatsupdoc> https://i.imgur.com/1lComk5.png
22:33 < SporkWitch> don't worry about it, it's a simple html page
22:33  * SporkWitch debates mirroring it to head off those complaints
22:36 < whatsupdoc> Is there a bug https://en.wikipedia.org/wiki/Go-Back-N_ARQ
22:37 < whatsupdoc> Sm = N + 1 ??
22:37 < whatsupdoc> Did they mean N - 1?????
22:38 < whatsupdoc> Why  N+1??
22:39 < whatsupdoc> I changed it
22:45 < SporkWitch> oh neat, there's an updated version ^^ http://www.catb.org/~esr/faqs/smart-questions.html
22:46 < whatsupdoc> "Please refrain from harassing or offensive comments."
22:47 < Apachez> SJW detected
22:49 < SporkWitch> whatsupdoc: instructing you how to find the answer to your homework question as well as providing materials guiding you on how to ask _good_ questions is neither harassment nor offensive.
22:51 < whatsupdoc> harassment and offense is subjective
22:51 < DoctorDick> What the fuck is wrong with you
22:51 < whatsupdoc> if i claim that i feel harassed or offended, then you have no right to say that i'm not
22:51 < hexein> a thid party may determine you were harrased
22:51 < SporkWitch> whatsupdoc: do not change wiki pages for things that you know nothing about; i've corrected the damage you did
22:51 < whatsupdoc> fml :(
22:51 < hexein> hence courts
22:52 < hexein> Shame
22:52 < SporkWitch> hexein: legality and reality don't always match up; offense can never be given, only taken, and it doesn't mean the offended party isn't a braindead snowflake
22:54 < whatsupdoc> how about instead of editing my wiki edit, you tell me why i'm wrong
22:54 < whatsupdoc> IS IT BECAUSE OF SYN AND FIN??
22:54 < at0m> whatsupdoc: when you can't argue why you should be right, you probably shouldnt edit the wiki.
22:54 < hexein> ^
22:55 < Apachez> no please do
22:55 < Apachez> I need something to laugh at tonight
22:55 < SporkWitch> Apachez: i already reverted his changes
22:55 < whatsupdoc> i understand the concept
22:55 < SporkWitch> Apachez: you can see them in the history, though
22:56 < Apachez> 130.86.101.181 ?
22:56 < Apachez> so now we can evil haxor whatsupdoc home connection?
22:57 < SporkWitch> university of san diego
22:57 < whatsupdoc> that ip address is a school ip address and it's not even my school
22:57 < SporkWitch> i wonder what would happen if i emailed their sysadmin to let them know someone is using them to proxy their wiki vandalism...
22:58 < Apachez> so you wnat be sad if that gets abuse reported and shutdown by the netadmin?
22:58 < whatsupdoc> i swear the things you do instead of just simply helping a random pleb
22:58 < Apachez> SporkWitch: great minds think alike ;)
22:58 < SporkWitch> it's a homework question; we've provided you help
22:58 < whatsupdoc> you think i'm dumb????
22:58 < growp> Hello
22:59 < whatsupdoc> i'm not smart but i'm not dumb
22:59 < SporkWitch> i don't think anyone's called you dumb; lazy? absolutely
22:59 < growp> What is the best custom firmware for monitoring your network and blocking sites to guests?
22:59 < SporkWitch> growp: https://lmgtfy.com/?s=d&q=What+is+the+best+custom+firmware+for+monitoring+your+network+and+blocking+sites+to+guests?
22:59 < whatsupdoc> if i was lazy i wouldn't be trying to figure this question out and i would just guess and get partial credit
22:59 < SporkWitch> if you weren't lazy you would use the resources you've been directed to
23:00 < growp> whatsupdoc: ignore SporkWitch, that’s a stupid troll
23:00 < whatsupdoc> if you weren't lazy you'd be that resource
23:05 < hexein> lol
23:13 < whatsupdoc> https://ocw.mit.edu/courses/aeronautics-and-astronautics/16-36-communication-systems-engineering-spring-2009/lecture-notes/MIT16_36s09_lec18.pdf
23:13 < whatsupdoc> MIT IS WRONG?????
23:13 < whatsupdoc>  SN_min+N-1
23:20 < mawk> go away whatsupdoc
23:20 < Anatzum> I'm about to run some cable to a room that gets terrible wifi in my house, I'll be using cat5e. I've heard that with cat6 you need a plug/connector specifically for cat6 but what about cat5 vs cat5e. Is there any difference in the connector between those 2? On amazon, I see a lot of connectors labeled for cat5/cat5e/cat6. Is this just terrible marketing?
23:21 < SporkWitch> wonder how long it'll take Mr. Oakes to track down how he's using their network and boot him
23:21 < whatsupdoc> It's because of SYN and FIN
23:21 < whatsupdoc> i'm not stupid
23:21 < SporkWitch> Anatzum: that doesn't make sense to me; RJ-45 is just a hunk of plastic and some metal, no shielding or anything...
23:21 < whatsupdoc> But that's dumb imo
23:22 < SporkWitch> whatsupdoc: ask your professor
23:22 < whatsupdoc> I don't need to ask anyone becuase i'm correct
23:22 < Forst> 8P8C
23:22 < Anatzum> SporkWitch: So it's all just a RJ-45 connector. The difference is the cable itself and the connector is the same for all of them?
23:23 < hexein> Rj-45 is the cat-5 connector
23:23 < hexein> u can buy the tool to make them yourself
23:23 < SporkWitch> Anatzum: technically speaking there's no reason you HAVE to use an RJ-45 connector, but yes, there's only one kind of RJ-45
23:23 < hexein> and find the pattern online
23:23 < hexein> get a box of wire and u have custom ethernet cables
23:25 < hexein> no special connector is nedded to receive them; all modems, routers will be ok with RJ-45
23:25 < Anatzum> That makes sense, I just though I read somewhere that cat6 needed a connector designed for it because of the larger gauge so using a plug designed for cat5e on a cat6 cable is usually not a good idea.
23:27 < SporkWitch> wat? lol
23:29 < Anatzum> http://www.cat-5-cable-company.com/faq-CAT%206%20Plugs-On-CAT5E-Cable.html this is what I read about why the difference in plugs matter.
23:29 < Anatzum> Not sure how valid that is or anything just thought I'd ask here to be sure.
23:29 < SporkWitch> that domain name doesn't sound like someone trying to sell something AT ALL lol
23:32 < Anatzum> Well if the plug doesn't matter between the cat5 and cat5e then i'm good. I've repaired cables before but this is the first time buying some bulk on amazon and I'm always wary about their descriptions on stuff.
23:34 < SporkWitch> RJ-45 == RJ-45
23:37 < Anatzum> Thank you, I understand that now. I always like to ask here to double check then question what I find on the interweb lol.
23:40 < EgoAleSum> hi, sorry if this is a stupid question. I’m thinking of buying the Netgate SG-1000 firewall ( https://www.netgate.com/solutions/pfsense/sg-1000.html ). everything should be fine, I am just concerned with the fact that throughput is only 100mbps. The place where this is getting installed has an internet uplink of 20mbps, so the internet connectivity is not an issue, but will using this firewall slow down my entire LAN? Or, for as long as I use giga
23:40 < EgoAleSum> switches, i should be able to get gigabit throughput in the LAN?
23:42 < Forst> traffic inside LAN would not leave the switch, so you'll be fine
23:51 < EgoAleSum> i’m reading a lot of bad reviews about that firewall btw. lots of people saying they don’t get anything near 100mbps, and sometimes as low as 10mbps. do you have any experience?
23:53 < mawk> why do you want that firewall in particular ?
23:53 < mawk> is it for an enterprise ?
23:53 < EgoAleSum> mawk: no, this is for a home
23:54 < EgoAleSum> mawk: they’re using pfSense already, but with a custom-made unit that doesn’t support hardware-accelerated AES, so pfSense 2.5 won’t work
--- Log closed Sun May 06 00:00:10 2018