--- Log opened Fri May 11 00:00:05 2018 --- Day changed Fri May 11 2018 00:00 < voices> yes 00:00 < voices> Its been off and on again since then and the settings are still there so.. 00:01 < djph> voices: customer of NTT Communications Corporation in Japan? 00:01 < voices> Am i? No. 00:02 < djph> ... or I guess SK Broadband maybe ... 00:02 < voices> Why do you ask 00:02 < djph> well, because some shit ISPs do CGNAT with whatever the hell they feel like (e.g. one dude in India's ISP was using AOL's space) 00:03 < voices> What? I don't know what you're referring to, or why 00:04 < djph> voices: your WAN IP - you showed 180.x.x.x 00:04 < voices> That's right 00:04 < tds> looks like there are a whole load more small allocations in 180/8, though 00:04 < djph> that entire range *should* be public addresses off in Asia somewhere 00:05 < djph> tds: there are, SK broadband, something else, some chinese company ... but I'm only up thru 75 00:05 < voices> It's a 4G/LTE connection. South of Asia. You might call it Australasia. 00:06 < djph> oh, 4g 00:06 < tds> for 4g I'd probably expect cgnat, but it may depend on the provider 00:06 < tds> if you get a decent one, they might do it nicely with v6 only and nat64/464xlat :) 00:06 < voices> Yeah the router has a simcard like a cell phone 00:06 < djph> that might actually be CGN then .. but can't tell without the second octet 00:07 < voices> 216 00:08 < tds> third octet less than 128? 00:08 < voices> More than 00:08 < tds> ah actually, looks like it's all one provider, just done in lots of weird small allocations 00:09 < djph> Vivid Wireless 00:09 < voices> that's right 00:09 < djph> yeah, they have the full /16 00:10 < djph> they're just being fun with the allocations below 142 00:10 < voices> they were bought by TPG recently i think if that helps. 00:10 < djph> nah, but it all looks to be on the up and up. HOWEVER, your ISP may be blocking inbound unsolicited comms on *any* port 00:11 < voices> okay, well X is actually on the same network as Z 00:12 < tds> heh, if it's all behind cgnat on the same provider you might be able to route stuff around on the internal v4 space they use 00:14 < voices> well 192.168.0.101 can connect to 192.168.0.102 00:15 < mlk> hi! 00:15 < djph> OK, so then it must be your ISP blocking ports upstream of you 00:16 < voices> then what's the point of providing port forwarding capabilities 00:16 < djph> on your CPE router? they're probably just using a generic model from one of the bigger providers 00:17 < Apachez> the point is so you can run services behind that CPE router 00:17 < tds> hang on a sec, so is this provider using rfc1918 space for cgnat? 00:17 < voices> but it seems i can't 00:17 < Apachez> there is a dedicated CGNAT space one can use 00:18 < djph> tds: no, he *apparently* has a proper public on the router (180.whatever), 192.x is his LAN 00:18 < voices> tds: not sure. You miggt have to explain that one to me 00:19 < djph> voices: given that the router is (apparently) generic, it's going to allow you to do whatever. that being said, just because your CPE allows it doesn't mean that upstream is locked off. 00:19 < voices> Yeah the lan is 192.168.0.1/24 00:19 < voices> Hmm 00:19 < voices> I emailed them 00:19 < djph> and just for giggles - the router shows 180.x.x.x on its "WAN" port right? 00:20 < voices> to get the public IP i just did: curl icanhazip.com 00:20 < djph> that doesn't mean YOU have a public IP 00:21 < tds> ^ look at the ip which is actually on the interface 00:21 < djph> go look at what the router says it is. If it's in 10/8, 100.64/10, 172.16/12, or 192.168/16, then your provider is doing CGNAT 00:22 < tds> (or if it's just anything other than 180.x.x.x, maybe they're using some other random address space if they're stupid enough) 00:23 < djph> true, but they're in Oz, so I'd hope not 00:24 < voices> It's the same. That's the WAN IP for the router 00:25 < voices> Reported by the http interface 00:28 < voices> Looking for a netmask or CIDR or something, but it's not shown 00:33 < voices> here, it's WAN IP: 180.216.152.125 00:33 < voices> Does thst help 00:36 < DoYouKnow> my logic is really bad sometimes 00:37 < S_SubZero> That, we do know 00:38 < djph> voices: hm, I can only traceroute as far as OPTUSCOM (119.225.139.58) 00:38 < djph> voices: sounds like you're waiting on the ISP then 00:39 < DoYouKnow> voices: are you using a UDP/TCP based traceroute or ICMP? 00:39 < voices> optus is the actual telecom company. They probably use their cellular infrastructure 00:41 < voices> DoYouKnow: umm, well, i haven't done. Not sure what you mean 00:42 < voices> djph: did the traceroute 00:44 < voices> Does that answer your question? 00:44 < voices> Or is everyone preoccupied trying to compromise the router now 00:49 < voices> djph: so was it cgnat? Whatever that is 00:53 < voices> Crickets 00:54 * drudge` toots 00:55 < drudge`> im watching a customer struggle to login to their firewall via a webex....id rather eat an onion 00:56 < electricmilk> password is probably "admin" ;-) 00:56 < drudge`> the strugle is they can't browse by IP to the mgmt interface 00:56 < electricmilk> why's that? 00:57 < drudge`> i dunno, they are using the wrong IP, they are being blocked by an access list, it's down, MGMT is disabled.....any one of those 00:58 < electricmilk> Meh. Time to have them bust out nmap 01:00 < drudge`> they will try a different computer, hehheh 01:00 < electricmilk> hehe 01:00 < electricmilk> Well if it has a console port they could connect that way as well 01:01 < electricmilk> I have my firewall web interface running on non-standard ports and also require HTTPS without any forwarding 01:01 < electricmilk> Did they at least try https:// and http://? 01:02 < drudge`> must have been an ACL, this other computer works 01:04 < electricmilk> Ah I see 01:06 < electricmilk> I need to setup ACL's for a computer lab over here 01:06 < electricmilk> You just reminded me 01:19 < djph> voices: it could be CGN, although it's more likely your ISP blocking things 01:20 < djph> drudge`: are they just bad at internet-ing? 01:22 < voices> djph: i'll ask them. The weird thing is it actually worked the first time, a few hours ago 01:22 < michagogo> Hm, there's something really weird going on 01:22 < michagogo> There's a site I can't seem to get to on my home network, only on my mobile connection 01:23 < michagogo> I first noticed that the app on my phone only worked when I turned off wifi, then I tried on my computer and it failed, until I switched to tethering 01:24 < michagogo> I tried `dig` and on my home connection I'm seeing SERVFAIL 01:24 < michagogo> But the same command (with @8.8.8.8) works on my mobile connection 01:24 < michagogo> What could be happening here? 01:24 < drudge`> they are all sorts of bad at computing 01:24 < voices> djph: also,i noticed some random http get requests coming in. 01:32 < djph> voices: dunno 01:32 < tds> michagogo: are you getting servfail for a specific domain, or just for any domain? 01:32 < djph> is this a http server? does your router log what it's doing? 01:32 < tds> if it's something specific, can you post what it is? 01:32 < michagogo> One specific site 01:32 < michagogo> www.idf.il 01:33 < voices> djph: like this https://www.irccloud.com/pastebin/S1gG8dqz 01:33 < djph> ;; AUTHORITY SECTION: 01:33 < djph> idf.il. 300 IN SOA ns1.idf.il. dnsadmin.mail.idf.il. 2011082320 300 300 4320000 300 01:34 < voices> No, it's not. But maybe it's only letting http traffic to port 8080 01:34 < djph> voices: looks like random garbage scans 01:34 < voices> djph: what's that authority section thing 01:35 < djph> voices: for michagogo 01:35 < voices> Yeah, just people doing random banner grabbing etc probably 01:35 < djph> what's supposed to be running on port 8080? 01:36 < voices> But they were forwarded to the internal host is my point 01:36 < djph> OK, so the forward is working. What server is listening to port 8080? 01:36 < SoniEx2> https://stackoverflow.com/questions/50279305/sending-partial-updates-additions-for-potentially-very-large-text-files 01:37 < michagogo> djph: That seems to be the SOA? 01:37 < voices> for me? Right now it's just a generic netcat listener 01:37 < michagogo> Oh, that's the authority section 01:37 < michagogo> Anything in the response? 01:37 < djph> voices: that's constantly running? 01:38 < djph> michagogo: if there was, I would've sent it 01:38 < tds> michagogo: looks like some of the name servers aren't replying: http://dnsviz.net/d/www.idf.il/dnssec/http://dnsviz.net/d/www.idf.il/dnssec/ 01:38 < michagogo> Hmm 01:38 < voices> It's off now, but yes it was for a while, or it is when i'm testing it 01:38 < tds> I'd suspect your resolver is just using enough of the ones that don't respond, and eventually returning servfail 01:38 < michagogo> Interesting 01:39 < djph> voices: well, then it'll always show as 'closed' (IIRC, it's been a while since I've done netcat) 01:39 < tds> either way, it's a problem for whoever runs those nameservers, there's not a great deal you can do about it 01:39 < michagogo> But why would `dig @8.8.8.8 www.idf.il` be working on my cellular connection and failing on my home network? o_O 01:39 < voices> djph: i can do if again if you want to try sending some packets 01:40 < tds> google dns is anycasted, you're probably hitting different resolvers, one tries one set of name servers and works, another has tried a different set of name servers and failed 01:40 < djph> voices: meh, not that concerned about it 01:40 < djph> voices: but if you want me to toss something over netcat, i can 01:40 < michagogo> Weird. It seems pretty consistent. 01:40 < voices> Maybe it failed because it came from a LAN host to the WAN IP 01:41 < voices> Okay, hang on 01:43 < voices> djph: 01:43 < voices> Okay its on 8081 now 01:43 < voices> same ip 01:43 < djph> ... well, it's sittin there 01:45 < voices> djph: what is 01:45 < djph> the command 01:45 < djph> (UNKNOWN) [180.216.152.125] 8081 (tproxy) : Connection timed out 01:47 < voices> djph: try now 01:47 < djph> processing ... 01:47 < drathir> Demo of Detroid is crashing, amazing game... 01:47 < drathir> sad isnt pc one... 01:48 < voices> Now sorry 01:48 < djph> drathir: I read that as "Detroit" :| 01:48 < djph> you breakin' your crap there, voices ? 01:48 < voices> djph: lol what do you mean 01:48 < djph> it's still just sittin and spinnin 01:49 < drathir> djph: yep t* 01:49 < voices> I wonder how the others got through 01:49 < djph> are you seeing anything at all when I'm tryin' to hit you? 01:50 < djph> nc is pretty simple 01:50 < voices> djph: nothing at all 01:53 < voices> djph: i was able to receive a bash shell from another device when running it internally, 01:53 < drathir> djph: brain fried bc of amused by it ;p even if thats a make a choice game similar to Life is Strange which was amazing too... 01:54 < voices> Kind of like telnet 01:54 < djph> drathir: you should probably go to sleep bud, that last thing didn't make any damn sense 01:54 < djph> voices: well, seems you're not listening at all - maybe a bot's hitting you before I can 01:55 < drathir> voices: You sure isnt behind nat? 01:56 < voices> drathir: it is 01:56 < drathir> voices: wireless networks rarely offer incoming/static ip... 01:56 < drathir> voices: k thats good if You sure... 01:56 < voices> there's a NAT for sure 01:57 < voices> djph: i can see when a bot hits it. I'd say they were bots that sent http requests earlier 01:57 < djph> drathir: his device is *apparently* using a public IP (errr, his router is) 01:58 < voices> Well it's connected to the internet, it must have a public ip 01:59 < djph> nah 02:00 < djph> it could be CGN 02:00 < djph> (it doesn't appear to be though) 02:01 < voices> okay, i'll try enabling a dmz 02:07 < drathir> as i good see ip isnt static... its lte connection and no word about allowed incomming connections aka open incoming ports at fw... 02:08 < drathir> but that only guessing... i hope im wrong... 02:10 < djph> drathir: seems that it's an aussie provider that uses 3/4g rather than a more traditional ptmp microwave link 02:10 < voices> it used to be WiMax. Now it's LTE/4G 02:11 < voices> drathir: sorry can you say that again? I don't think i understood that 02:12 < djph> voices: pretty much he's saying what we said before -- since they're cell based, they may not allow inbound at all (although your "i see this crap from Mexico" stuff disproves that idea) 02:13 < drathir> djph: yep only at Vividwireless 4G LTE network 02:14 < drathir> djph: and Optus 4G Plus looks like... 02:14 < voices> yeah, where did they come from then 02:14 < voices> drathir: that's right 02:18 < michagogo> djph: Weird. Just tried SSHing into an EC2 instance and digging from there 02:18 < drathir> voices: i dont see anything about open ports for incomming connections, but djph dmz or only connect one device to it i guess the best to check that by Yourself... 02:19 < michagogo> `dig @8.8.8.8 idf.il` is giving me NOERROR but only authority section, `dig @1.1.1.1 idf.il` is giving me SERVFAIL 02:19 < michagogo> But just plain `dig www.idf.il` is working fine... 02:20 < drathir> michagogo: lol idf.il. 300 IN NS dns3.gov.il. 02:20 < michagogo> Why is that funny? 02:23 < drathir> michagogo: nvm but there no A record for idf.il only for ns1.idf.il. and ns2.idf.il. 02:24 < michagogo> That's really weird 02:24 < michagogo> This is from an EC2 instance: https://www.irccloud.com/pastebin/UP8KYcld/ 02:25 < michagogo> And dig +trace gave me the A records from ns2.idf.il 02:25 < michagogo> And now from ns1 too 02:26 < drathir> michagogo: also if changes planned You need wait a 'little' bc of ns1.idf.il. 86053 IN A 02:26 < michagogo> It's not my site 02:27 < michagogo> I'm just trying to access it - someone sent me a link to an article there 02:28 < tds> michagogo: as I said earlier - since it looks like the nameservers are just not responding, why not contact whoever operates them and leave it? 02:28 < drathir> michagogo: also funny part someone playing with dns3.gov.il. 86085 IN A ||vs|| dns3.gov.il. 598 IN A 02:28 < michagogo> tds: Except that dig +trace just did get As 02:29 < michagogo> from ns1 and ns2 02:29 < tds> michagogo: sure, it depends on which nameservers you hit 02:29 < michagogo> Huh? 02:30 < michagogo> The same nameserver is giving me results on an EC2 instance but not on my PC 02:30 < tds> oh, that's more interesting, which nameserver is that? 02:30 < michagogo> ns1.idf.il 02:30 < tds> which IP? 02:31 < tds> it has two A records, one responds and the other doesn;t 02:31 < michagogo> EC2: https://www.irccloud.com/pastebin/Hc06tnV0/ 02:31 < michagogo> PC: https://www.irccloud.com/pastebin/YAByq3ks/ 02:31 < drathir> michagogo: isp dns hijacking? 02:32 < michagogo> No idea. Just tried talking to them, they said they didn't see any reason this should be happening, told me they did something and to try again a couple times 02:32 < michagogo> Then they told me I should try wiping my router 02:33 < tds> lol, a traceroute to that IP shows something responding with a source of 192.168.254.1 02:33 < tds> can you try doing a traceroute to that IP from both ec2 and the pc? 02:34 < drathir> michagogo: dig @62.219.28.31 www.idf.il looks fine... 02:36 < drathir> but honestly no idea what "status: FORMERR" mean... 02:38 < tds> also, is there any difference if you run dig with +noedns? 02:38 < tds> since I've had some servers that return formerr with edns before 02:40 < voices> Does reverse ssh require an intermediate host between source & destination? 02:42 < xamithan> Nah, just need your destination to execute the connection 02:42 < drathir> voices: btw if You just search ssh access to home pc maybe check cjdns... 02:47 < voices> Xamithan: Thats what i thought, but i've never actually done it before. So i googled it. And all the tutorials say i need an intermediate vps 02:48 < voices> voices: cjdns? 02:48 < voices> drathir: cjdns? 02:49 < xamithan> Well you can do it that way too, I guess. If both servers are behind firewalls|Nat 02:49 < drathir> voices: yep that could be easier and bypass almost any nat... 02:49 < voices> xamithan: yeah, both client and server are behind residential NATs 02:50 < xamithan> You going to need intermediate then 02:50 < xamithan> cjdns, hamachi, another server, vpn 02:50 < xamithan> Whatever works 02:51 < tds> you might be able to do weird nat traversal tricks, but yeah, just going via something intermediate sounds much easier 02:51 < voices> tds: i thought the exact opposite 02:52 < xamithan> Pretty easy to spin up a cloud server 02:52 < xamithan> vs trying to hack NAT 02:53 < voices> would a free google vps work 02:54 < xamithan> If you can open a porn, it'll work 02:54 < xamithan> *port 02:57 < drathir> voices: https://github.com/cjdelisle/cjdns/ 03:04 < voices> have you seen https://console.cloud.google.com 03:09 < voices> drathir: wow that looks.. complicated 03:17 < drathir> voices: honestly isnt, only configuration syntax could bring at start some problems, but from 'older network peers' You probably get cp/paste like credentials to use into config file... 04:28 < voices> xamithan: you said it's easy to spin up a cloud server. can you recommend one? 04:28 < xamithan> vultr is pretty cheap 04:30 < voices> I tried to do it with this google cloud console, but it looks like they've made it difficult 04:33 < drathir> voices: use DO/online/ovh/ 04:33 < drathir> xamithan: voices linode/vultr could be too... 04:34 < xamithan> I don't know the other prices but vultr is only 2.50/mo 04:40 < voices> drathir: what is DO/online/ovh/ 04:40 < xamithan> digitalocean, online.net, ovh 04:41 < xamithan> They all do hosting 04:41 < voices> ohh, right i thought it was some kind of command syntax lmao 04:41 < redrabbit> ovh and vultr are fine 04:41 < voices> I'm a broke-ass student so i'll look for the cheapest one 04:42 < E1ephant> virtualbox? 04:42 < redrabbit> been at ovh like a decade 04:42 < voices> Vultr looked nice but they're sold out of the $2.50 deal 04:42 < drathir> voices: them are major ones searching vps + name should be close to first position... 04:42 < xamithan> That sucks. I just pick something cheap on lowendbox.com 04:43 < redrabbit> vultr is the cheapest that isnt crap 04:43 < E1ephant> depends how you define crap 04:43 < voices> Cool i will check em all out 04:43 < xamithan> PNZhost doing a deal 1.95/mo right now on that site 04:43 < redrabbit> i tried it 04:43 < xamithan> Don't know how good they are though 04:43 < drathir> voices: for start not worth sent too much... 04:43 < E1ephant> look for something "close" to you network wise 04:44 < drathir> spent& 04:44 < redrabbit> vultr, its fine 04:44 < E1ephant> closest latency will be the best experience 04:44 < voices> Man i can't wait til i'm not a student anymore. I'm so over scrounging for the cheapest everything 04:44 < E1ephant> eh 04:45 < E1ephant> a collection of 4 or 5 512MB/1G VPSes could go pretty far :) 04:45 < E1ephant> https://ripe69.ripe.net/presentations/36-Anycast-on-a-shoe-string-RIPE69.pdf 04:45 < xamithan> Hehe, even a student can afford 2-3 bucks a month 04:45 < xamithan> Eat ramen for one meal you got it 04:45 < redrabbit> 2.5$ 04:48 < CHENG08> guys can you help me to turn my openwrt to failsafe mode, I follow all the docs in wiki.openwrt but not working. 04:49 < voices> 2-3 bucks ? I'd take that 04:49 < redrabbit> vultr. 04:49 < E1ephant> I will give you a free VPS with v6 only 04:49 < xamithan> https://harmony.pnzhost.com/cart.php?a=confproduct&i=1 04:49 < xamithan> 1.95 04:49 < E1ephant> private/20 ports of v4 04:49 < voices> sold out, i said redrabbit 04:49 < redrabbit> that sucks 04:50 < voices> Ya. it'sletting me go as low as $10/mo 04:51 < voices> E1ephant: haha what's the catch 04:53 < redrabbit> ipv6 only is a big catch for if its free... 04:53 < drathir> voices: fair use of resources probably... 04:53 < redrabbit> cant complain 04:53 < drathir> if that count as 'catch' ;p 04:54 < redrabbit> s/for/but 04:54 < CHENG08> how can I fix openwrt when I change the br-lan to wlan0 before it sets to eth0/ 04:55 < drathir> redrabbit: sadly You will be surprsed how much ppl does sadly, even when other share good heart and spare resources... 04:55 < voices> redrabbit: whay's wrong with v6 04:55 < CHENG08> ? 04:55 < redrabbit> nothing 04:55 < E1ephant> voices: idk, may turn it off after 5 years or something? 04:55 < E1ephant> it's on a dual X5650 box with 128G of RAM 04:56 < redrabbit> you dont get ipv4 04:56 < drathir> voices: honestly nothing at all.. 04:56 < E1ephant> I mean it has ipv4, just rfc1918 04:56 < E1ephant> anything useful has v6 :P 04:57 < redrabbit> 4g/3g rarely has it 04:57 < E1ephant> WHAT 04:57 < E1ephant> mobile is on the forefront 04:57 < redrabbit> theres he.com though 04:57 < E1ephant> tmobile doesn't even have v4 on handsets 04:57 < E1ephant> it's 464xlat 04:57 < redrabbit> ah, not here 04:57 < redrabbit> EU 04:57 < E1ephant> really? 04:58 < E1ephant> do you have it at home? 04:58 < drathir> redrabbit: them mostly does this days nats for v4 over ipv6 i thought... 04:58 < E1ephant> maybe us and EU is kinda backwards in that regards :) 04:58 < E1ephant> home is dragging, mobile is on it. 04:58 < redrabbit> no ipv6 at all 04:58 < E1ephant> but lots of home providers here do it, and prefix-delegation too 04:58 < E1ephant> so you get a /56 or whatever 04:59 < drathir> redrabbit: keep on mind that often ipv6 at differ apn occur too... 04:59 < redrabbit> isps are lazy here 04:59 < redrabbit> but its super cheap 05:00 < E1ephant> yeah, I am actually using he.net, for the fixed /48 05:00 < E1ephant> latency/goodput is okay 05:00 < redrabbit> same 05:00 < redrabbit> its good 05:01 < E1ephant> certainly can't complain for free at all :D 05:03 < E1ephant> I need to finish this webhost portal I am writing 05:03 < E1ephant> would make it easy, can just give out accounts and credit 05:03 < E1ephant> v6 for everyone! 05:12 < kjura> hi 05:13 < E1ephant> howdy 05:14 < kjura> am studying for icnd2 currently, anyone else doing the same? 05:15 < drathir> E1ephant: never too much free vps... 05:18 < Evan1929838483> Hi 05:18 < DoYouKnow> hi Evan1929838483 05:19 < Evan1929838483> Hi DoYouKnow: 06:18 < pepee> bye Evan1929838483 06:25 < tezogmix> what qualities in a cat 5e cable should one look for? looking through amazon's listings and there are many... distance needed was ~7ft/2m and between devices (not through walls, apartment use) 06:36 < c|oneman> wht cat5e? 06:36 < c|oneman> and not cat6 06:37 < c|oneman> I like the C2G Slim cat6, especially for phones 06:37 < c|oneman> much thinner cable easier to manage 06:48 < tezogmix> hey c|oneman thanks for replying... I haven't considered the cat6 06:48 < tezogmix> I'm on a 300Mbps broadband connection 06:53 < pekster> tezogmix: Mind local building codes depending on where you run cable; if it goes through a "plenum" space (like HVAC) you usually need special cable that won't produce toxins if it burns. Otherwise Cat5e is fine up to 1 Gbps, though you get a tad more future-proofing with Cat6 as it can do 10Gb 06:54 < pekster> Oh, "not through walls" - then you're OK to buy pretty much whatever (I read that backwards) 06:55 < tezogmix> hey pekster , thanks for those thoughts... right now, this is for my apartment, so no running through walls... but at the same time... it's good to keep in mind. The only thing I can think of one day was possibly setting up a home nas but not sure if the cat6 for short distances would matter over cat5e 06:56 < tezogmix> router, i have an asus rtn 66u/ac86u and a tp-link unmanaged switch 06:57 < tezogmix> not sure what to do with the rtn66u (just recently purchased the ac86u and noted the merlin firmware options and snb forums) 06:58 < eahm> cool one eh, been testing it for few months 06:58 < eahm> i always sell the older ones, are you in usa? craigslist works well for that 06:58 < eahm> i sell it to customers though 07:02 < pekster> tezogmix: Won't matter one bit unless you plan to re-use this cable later for 10Gb. By then you can just replace it anyway :) 07:02 < tezogmix> eahm, are you talking about selling the router on craigslist? I called up asus to ask what I could do with it, and they did mention I could use it as another switch and they gave me the how to on that 07:03 < tezogmix> otherwise eahm , I'm on a vpn service and craigslist is forcibly slowing down access to its pages to literally sub-par dial-up speeds right now 07:04 < tezogmix> and I've lived through that era in a cool way from the 90's :P 07:04 < eahm> do it with your phone :P take off the wifi to list it 07:04 < tezogmix> I have vpn on the phone too 07:05 < tezogmix> but perhaps you've experienced the vpn throttling on that particular site? 07:05 < eahm> give it to a neighbor? offerup? mercari? letgo? 07:05 < tezogmix> that's a bit off topic but since you happened to mention it, it's a known topic right now on the vpn provider service forums 07:06 < tezogmix> ah I don't know about that, I think the extra router could be useful 07:06 < tezogmix> plus it's one that I had since its original launch date years back... 07:06 < tezogmix> merlin won't be updating that router with customs though 07:07 < eahm> if it supports tomato i always go tomato. 07:07 < tezogmix> understandably.... (way beyond end of life) 07:08 < eahm> freshtomato.org for the most updated right now 07:08 < eahm> lol of course, he doesnt have the n66u there 07:09 < Kalecgos> Hey there friends, working on my subnetting final, and I'm totally blanking on VLSM, specifically finding cidr. This is the question I'm wokring on https://i.imgur.com/NpAU3b6.png . Largest subnet would be the 9500 host + 1200 host one, which means I need a 16384 host subnet right? 07:09 < eahm> ohh ok he only does arm, shibby has n66u anyway 07:09 < tezogmix> ah yeah, I will have to check that eahm - only personal issue is trying to keep up with all the non-stock firmwares... I'm in the medical field (medical school) so it's not an area I can always check on for things... similar to all things android - I use to do a lot of the custom rom/roots from xda forums and I still do on some devices but from the router side, updates are much more aggressive (in a good way) and also 07:09 < tezogmix> more things that may not be working unless you check those forums or irc freenode channel regularly 07:09 < eahm> http://tomato.groov.pl/download/K26RT-AC/ 07:11 < eahm> OR if you want shibby with a better interface: https://advancedtomato.com/downloads 07:11 < eahm> better is subjective, i like the default more 07:11 < eahm> lets say visually richer interface 07:12 < eahm> but yeah, merlin may be easier for you since you dont want to stay behind it too much, control from you phone etc. 07:15 < Kalecgos> Since the network in that question is 10.0.0.0, does that make it a /8 network or am I not thinking far enough into the question? 07:22 < Kalecgos> Oh wait no, I'm looking for the cidr of each subnet, so I'd want like 10.0.0.0 /18 for my largest network, wouldn't I? 07:28 < tezogmix> Thanks a lot for the time in sharing those points eahm - I'll have to explore those tidbits further! 07:28 < eahm> :) 07:28 < tezogmix> merlin on the snb forums mentioned that they wouldn't be maintaining some of the older asus routers - 07:29 < tezogmix> they have so much other things to keep up with 07:30 < eahm> he has a chan here too btw 07:30 < tezogmix> and even with the new router i picked up, merlin's maintaining and contentiously updating but for myself and reading through the thread and the savvy folks, it's way too much upkeep to do and be aware of on a day-day basis 07:30 < tezogmix> yes eahm , definitely know that - I'm glad asus is working with merlin for many things 07:31 < tezogmix> continuously* typo sorry :) 07:31 < eahm> ohh ok ok i see you there, yeah they keep supporting old ones yeah, drivers update etc., understandable 07:31 < eahm> and again, i like tomato more anyway on older ones but it may be just me 07:32 < eahm> i find it much much snappier 07:32 < tezogmix> I'm a medical student :P now if I was in the network scene with work, that may be differnt eahm 07:32 < tezogmix> respectfully saying ^ 07:32 < eahm> i switched to merlin only because my old 68U didnt support tomato 07:32 < eahm> it was the B3 or v3 or whatever, the AC1900P 07:33 < eahm> for sure yes, i in fact only install merlin for home customers 07:33 < eahm> tomato just for business 07:33 < tezogmix> the only reason I purchased this router [ac86u] was apparently that it supports vpn encryption with their chipsets 07:33 < tezogmix> very few consumer routers did 07:33 < eahm> ah nice, didnt even know that 07:33 < eahm> but its a powerful one for sure 07:34 < tezogmix> but I'm using the software route right now on windows and on my ubuntu guest via vmware over windows host, and on my raspberry-pi (ubuntu-mate), I'm using the default linux-based settings to have the vpn working, 07:35 < eahm> installed the app today too and im noticing actually that the RAM is constant at 95% use, i have to ask merlin about it 07:36 < tezogmix> I was exploring the pfsense world and got a general overview of it for my vpn-on and true-isp-ip needs (mainly for services/websites that disallow vpn usage) - I bookmarked a few pages on searching for a quad-nic non-fake intel card 07:37 < tezogmix> the vpn service I have also has a guide on setting up pfsense... 07:37 < eahm> pfsense rocks too 07:37 < tezogmix> and there's #pfsense on freenode 07:37 < tezogmix> but my level of appreciating pfsense and networking in general is very poor/weak 07:38 < eahm> pfsense is a firewall though, do you need that? 07:38 < tezogmix> I accepted this and just need to find time to properly find a way to learn from the ground up 07:39 < tezogmix> eahm, in the sense that I need specific websites/devices to connect with my ISP-IP and others to where I would prefer to be on VPN 07:39 < eahm> ok 07:39 < tezogmix> so I took a sidestep with running some of this over vmware player 07:39 < tezogmix> with ubuntu 07:39 < tezogmix> just a very basic setup 07:39 < tezogmix> I have firefox esr running on that 07:40 < tezogmix> and on my raspberry pi 07:40 < tezogmix> eahm, for example... I'm subscribed to both netflix & amazon streaming services = no vpn allowed 07:41 < tezogmix> for at least the long run, I have an nvidia shield tv pro unit hooked up to the router for that 07:41 < eahm> they dont allow vpns? lol why? why do they even care? 07:41 < tezogmix> ah the world of DRM :P 07:42 < tezogmix> even on android rooted devices for netflix = no go 07:42 < tezogmix> but***\ 07:42 < eahm> the drm is in the media though 07:42 < tezogmix> there are workarounds... 07:42 < eahm> maybe not, maybe its in some frame they send before starting the media and the browser needs to accept it etc. 07:42 < tezogmix> ah yeah, sorry eahm I meant - I'm usually 24/7 on vpn but things like amazon/netflix don't work on vpn.... 07:43 < tezogmix> also, I purchase frequently through amazon and you can't buy over a vpn' 07:43 < eahm> now, let me ask you this, because we talked about vpns today 07:43 < tezogmix> I can't even pay my apartment rent over vpn 07:43 < eahm> why are you using vpns? 07:44 < tezogmix> oh for reasons of not wanting every bit of transferred data to be visible to the isp 07:44 < Kaidok5797> UnsaneVirusez can you answer here? lol 07:44 < tezogmix> and also at times, for sites to not just know my general location 07:44 < tezogmix> even here on irc 07:45 < tezogmix> sometimes 07:46 < eahm> talking to understand here eh, not trying to criticize 07:46 < UnsaneVirusez> mabye 07:46 < UnsaneVirusez> I dunno 07:46 < tezogmix> but freedone already masks a lot of that with their cloaking and vpn partnership with the same service I'm using 07:46 < Kaidok5797> lol 07:46 < Kaidok5797> please? 07:46 < UnsaneVirusez> Kaidok5797: ask, someone will help 07:46 < eahm> why do you care if they know your general location? 07:46 < UnsaneVirusez> won't find ab etter channel for networking 07:46 < UnsaneVirusez> talk 07:46 < tezogmix> oh not taken in a negative way eahm 07:46 < eahm> I mean, your isp already does anyway 07:46 < Kaidok5797> All I want to know is why a host wouldn't want to add a ptr record? 07:46 < Kaidok5797> I have know idea what a ptr record is. 07:46 < UnsaneVirusez> could be many reasons 07:46 < Kaidok5797> but apparently its some big stumpbling block 07:46 < eahm> and the websites wouldn't know your address but just the area 07:46 < UnsaneVirusez> maybe they don't want people sending out lots of emails from their server 07:46 < tezogmix> more for the fact of being able to possibly control some portions than none 07:47 < tezogmix> as an end-user 07:47 < UnsaneVirusez> email services cost money 07:47 < UnsaneVirusez> no one would run that headache for free 07:47 < UnsaneVirusez> so mabye tht's why 07:47 < UnsaneVirusez> could e many reasons' 07:47 < UnsaneVirusez> just use zoho for now or something 07:47 < UnsaneVirusez> I ran my own exim4 server cuz I can't afford email services 07:47 < eahm> got it, whatever works for you of course 07:48 < Kaidok5797> I mean even thats not free though UnsaneVirusez 07:48 < tezogmix> anyways eahm , there's sites I don't mind or have obligations to have a real ISP-IP and others to where I'd prefer not to be as precise :P 07:48 < Kaidok5797> That actually has to cost a lot in machinery 07:49 < UnsaneVirusez> indeed. 07:49 < UnsaneVirusez> they are a small operation, providing free servics 07:49 < UnsaneVirusez> they probably can't provide heavy email lifting 07:49 < UnsaneVirusez> check sendgrid or zoho (free_) 07:49 < eahm> for sure, you know better, its your stuff of course 07:49 < tezogmix> fortunately, my net speeds over standard openvpn protocol isn't too bad and maxes out my 300mbps down but on windows, the tap driver has a limitation of ~100-150mbps 07:50 < eahm> openvpn rocks too yes 07:51 < tezogmix> and eahm it's like $40/year or a bit lower - I'm on privateinternetaccess (same sponsors of freenode irc) - not promoting but figure by this time of our conversation to share that... 07:52 < eahm> yeah we've been through some lists too today :) I use that one with few customers 07:52 < tezogmix> a bit lower I mean, because it seems the company has some promos running 07:52 < tezogmix> every now and then... 07:52 < Kaidok5797> UnsaneViruzes I guess running my own email is prolly out of the question then? lol 07:52 < thekrynn> anyone know if there's a good channel for discussing GDPR... the gdpr channel itself seems quite dead 07:52 < tezogmix> eahm, there's a good annual vpn review on torrentfreak dot com too 07:53 < eahm> https://thatoneprivacysite.net/vpn-section/ 07:53 < tezogmix> and that brings up the other vpn companies worth checking, of course - if it's an internal business/network, none of these 3rd party companies should be compared to.... 07:53 < eahm> check that website when you have 5 mins 07:54 < tezogmix> meaning eahm ^^ like while I am at the hospital, they have their own vpn services - 07:54 < tezogmix> they're not running private internet/PIA vpn :P I mean 07:54 < tezogmix> maybe windows xp though hehe 07:55 < eahm> yes understandable 07:56 < tezogmix> but no, most have shifted to windows 7 at least... not many health companies/hospitals/outpatient practices have upgraded to windows 10... there is the LTSB branch which mitigates some of this with regards to removing all the windows store-cortana things 07:56 < tezogmix> I'm still on w7 - not sure yet on when I'll move to w10 07:57 < eahm> not sure they will :P 07:57 < eahm> too many bs, start page etc. 07:57 < tezogmix> for med school, many of our related classwork/exam preparation software is only for mac/win 07:57 < eahm> MS is making minimal versions of 10, lets see 07:58 < eahm> no yeah I didn't mean linux 07:59 < tezogmix> hah minimal? please that will be the day eahm - I couldn't fathom nor believe anything beyond win 7 to be a true-OS in that there's no darn non-uninstallable ecom shop and assistant manager (cortana) 07:59 < tezogmix> I'm a big fan of the /r/privacy subreddit 07:59 < eahm> :) 08:00 < tezogmix> but that said, from my own observations... I just don't think I'll feel fully like I am with how I've been on win7 if switching to anything higher 08:00 < tezogmix> and I started with ms-dos/win 3.1 :P 08:02 < tezogmix> frankly, it's just like the facebook congressional hearings - the tech sector has the advantage over the general uninformed consumer 08:03 < eahm> what do you mean? whats the biggest disadvantage for you between 7 and 10? 08:03 < tezogmix> and everything that ended from those sessions practically gave those entities even more power to do (i.e. analytics) 08:03 < eahm> because 10's drivers are pretty much better in every area, faster etc. 08:04 < tezogmix> I haven't jumped onto w10 eahm - but I will have to bow down if I was a gaming enthusiast 08:04 < eahm> oh they've been doing that and they will keep doing that 08:04 < eahm> now we know more just because they ask more what you'd like to do with your data 08:04 < tezogmix> because w10 only has the newest dx support in those regards 08:05 < eahm> yeah I don't care about games either 08:05 < tezogmix> I'm just not a personal fan eahm of advertisements, tracking, etc; hence why I've been running noscript-ublock origin on firefox, adaway/xposed on android devices.... 08:06 < eahm> I like win on the desktop, Macos on the laptop and linux/bsd on servers 08:06 < eahm> for sure, been doing that since day1 decades ago :P 08:06 < tezogmix> the latter on android is tougher though from the companies making it more difficult - now there's magisk root/unroot/magisk hide... 08:06 < eahm> now if you disable the ads-blocking add-on its just impossible to browse 08:09 < tezogmix> on my samsung galaxy tab s3, I've rooted with twrp/super-su but neflix wouldn't load - I had to add a few lines via terminal into one of the system files and now netflix works but it still limits you to 720p, the tablet I have was capable of HDR/2160p - I can still play via offline OTG those files and bitrates tested up to ~30000kbps 08:09 < eahm> this is the thing though 08:09 < eahm> technology is useful if you keep it useful 08:10 < eahm> you can't work a week just to load a movie on Netflix, just make it 1 click easy to just watch the thing and live your life 08:10 < eahm> no? 08:15 < tezogmix> That's true eahm - which is why I purchased a standalone non-bloated media player for amazon/netflix (the shield tv that' connected to my router directly/hardwired) 08:15 < eahm> :) but for example that craigslist 08:15 < tezogmix> I was just in awe with what many are doing with pfsense 08:16 < eahm> you should be able to just open it, post your stuff and go outside :) 08:16 < tezogmix> ah eahm I check craigslist maybe 1-2x/month or every few months like that 08:16 < eahm> most of what we "try to block" is unnecessary and unneeded paranoid 08:16 < eahm> *paranoia 08:17 < tezogmix> usually on the pc I'm already connected to on vpn that may be already transferring data which I couldn't disconnect 08:17 < eahm> which data? 08:17 < tezogmix> just in general 08:17 < tezogmix> typically transferring/downloading a few tb's/month 08:18 < eahm> like for the isp? general user on the internet? websites? nsa? 08:18 < eahm> because if you're worried about the last one, VPNs won't protect you there :) 08:18 < eahm> ohh ok not personal data ok ok 08:18 < tezogmix> oh no not at all... I got that part. 08:18 < tezogmix> I know what a vpn can/can not do 08:19 < tezogmix> in the general sense 08:19 < eahm> I like networking to keep the customer working with 0 issues, all I care is to keep the customers happy and not worry about bs I should worry about because they pay me 08:19 < jarlopez> The HTTP/2 spec offloads the implementation details of stream priority management to the application. Does anyone know how specific browsers/servers/other clients respect the priorities? 08:20 < tezogmix> this was more about being able to manage-customize traffic on vpn/non-von and definitely not with socks5 proxy's 08:20 < tezogmix> I'm running static IP's on all my devices 08:20 < eahm> yeah me too for some, I like dhcp-static from the router 08:21 < tezogmix> still to this degree, I'm not fully sure if pfsense would be the route I need.... 08:21 < eahm> I don't want to go through each one, just get the mac and assign it and thats it 08:21 < tezogmix> and also for the fact that my knowledge is tremendously lacking (uninformed) 08:22 < jarlopez> Answering my own q: H2O claims full impl. of HTTP/2 prioritizzation (https://h2o.examp1e.net/configure/http2_directives.html) and uses "a O(1) scheduler" 08:22 < eahm> try it, why not, its fun to test :) 08:22 < tezogmix> so just bouncing off thoughts that I have to read more on.... 08:22 < eahm> its free anyway, get an used machine and test :) 08:22 < tezogmix> have to find an authentic-used quad-intel nic 08:24 < tezogmix> I found a few on ebay and there's this thread I have bookmarked eahm that was an initial guiding point, I also have to double check back on the pfsense subreddit , the cpu isn't the issue as an i5/i3 can be found - 08:25 < tezogmix> https://forums.servethehome.com/index.php?threads/comparison-intel-i350-t4-genuine-vs-fake.6917/ - so the i350 quad port intel nic 08:26 < tezogmix> I'm starting a new cardiology rotation next week for med school eahm , so this might be on the to-do list :P 08:26 < eahm> lol didn't even know they make fake ones but yeah ...of course they do. 08:27 < tezogmix> ah yeah eahm - so that link was just a cursory guiding point* 08:27 < eahm> ahah :) good luck on that, you seem to be a hard worker 08:31 < tezogmix> only and that if you ever query the question within the official pfsense communities, be expected that many will suggest to purchase their own hardware official - not that this is bad, but we're talking at least a $300usd difference - that said, pfsense has a members-only community which is like ~$100usd or something around that for enthusiasts and I think I would do that more than buying their own device - plus I'm not 08:31 < tezogmix> sure if pfsense hardware sold from their own sector has been patched/firmware updates available for the meltdown/spectre CVE's\ 08:32 < tezogmix> the lower cost from pfsense is an annual or something in those regards - 08:32 < tezogmix> that's not so bad though 08:33 < eahm> I hate recurring payments 08:33 < tezogmix> hah I hear you eahm 08:33 < eahm> test it on some hw, do whats best for you 08:33 < eahm> of course people will suggest its own hw, thats what probably works best but you may not need that at all 08:33 < eahm> especially for testing 08:33 < tezogmix> now eahm , it's worse - lifetime subscriptions for software = really 2-3 years 08:34 < tezogmix> a ton of companies are doing this now ^^ 08:34 < detha> I hate recurring payments - So do employers. Paying those salaries every month,,,,, 08:34 < eahm> thats different :P 08:34 < eahm> I don't pay for anything 08:35 < eahm> I mean ...there is one thing I just paid for actually, testing irc cloudfor 1year 08:35 < eahm> and let me clarify that lol 08:35 < eahm> I don't pay for anything I don't really need and try to avoid recurring subscriptions at all costs 08:36 < tezogmix> paying employees doesn't represent lifetime offerings from the company to the end-user; that's poor-play from the company and in no way, ultimately be put onto burden for their own employees or end-users 08:36 < eahm> I think he was joking :) of course its different 08:36 < tezogmix> inherently, this is the company's fault - but eahm many companies exploit this though 08:37 < eahm> what do you mean? 08:37 < tezogmix> malwarebytes finally honored lifetime licenses 08:37 < tezogmix> after a huge debacle 08:37 < detha> Only to a degree. Companies need a steady cash flow to keep updates going, and bring out the newer, better (and buggier) versions. 08:39 < eahm> I know why they do it of course, I personally don't like recurring payments 08:39 < eahm> especially monthly 08:39 < detha> neither do I 08:39 < tezogmix> there are a lot of medical school/medical student services that exploit us [me] in this case all because of savvy marketing and self-justification that they can do things like facebook 08:39 < eahm> they add up quickly, you think "eh, its only $10" then you end up paying $1000 08:39 < eahm> testing many of them 08:40 < eahm> what did/does facebook do? 08:40 < tezogmix> my medical board examination practice tests cost $130/30 days which was fair - now it's $230/30 08:41 < tezogmix> check out uworld dot com 08:41 < tezogmix> prices have doubled nearly; 08:42 < tezogmix> you have over 100K+ people subscribing to their service,. 08:42 < eahm> people keep mentioning facebook but they don't understand they agreed on that eheh, thats how they survive, do things, its a closed platform and they do whatever they won't with the data 08:43 < tezogmix> yes eahm , it's beyond boiler-plate terms of service (tos) 08:44 < eahm> now there is this hype against companies and people just follow, everyone does that 08:44 < eahm> google is different than facebook now? 08:44 < tezogmix> facebook even themselves felt setback on something weeks after the congressional hearing this past month for not reading through that company's tos lol 08:44 < eahm> wouldn't you 08:44 < eahm> ? 08:45 < tezogmix> it doesn't matter though - the tech sector and facebook specifically won; they will continue to exploit every marketing parameter to know their end-user. 08:45 < eahm> its facebook though, people really think they're private online? in the public like that? or even, people really post very private stuff on facebook? 08:46 < detha> they do 08:46 < eahm> well, its on them 08:47 < tezogmix> eahm, we're talking about neighbors, non-tech savvy people, we can't blame them for what they're seeing - and it's sad that we live in the world now to where finding practical and important information online, could be true or otherwise. 08:48 < tezogmix> Thanks to noscript/ublock origin, I became a bit more aware... 08:49 < detha> people generally fail to think through the consequences of they do/post 08:49 < tezogmix> but now it dives deeper into youtube marketing and elsewhere.... 08:50 < tezogmix> yeah detha but here you are on irc :P this is far from people being on irc - we're micro percentages 08:50 < eahm> its not about ads, we're not talking about ads here tezogmix, its about what they say, type etc. while they're using a service like that etc. 08:51 < eahm> they get so surprised that a pizza comes up because they think they're talking privately to a friend about going to eat a pizza for dinner 08:51 < eahm> well 08:51 < eahm> why not, thats how advertising work 08:51 < eahm> they make money with that, they create jobs with that 08:51 < eahm> do they violate your privacy? you agreed on that when you signed up, its a closed ecosystem 08:52 < eahm> I don't mind that kind of stuff at all, irc is not the same? logging and posting publicly? 08:52 < eahm> take your own measures to talk privately to someone 08:52 < detha> /iff/ you ever signed up. I have never signed up for facebook. They still try to track me through beacons on other sites, so they already have the data should I decide to sign up one day 08:53 < purpleunicorn> hi 08:53 < eahm> agree and thats a little different and I don't like that at all 08:54 < purpleunicorn> i just found this and thought you guys should know if you use signal and have a mac of course. 08:54 < purpleunicorn> https://motherboard.vice.com/en_us/article/kzke7z/signal-disappearing-messages-are-stored-indefinitely-on-mac-hard-drives 08:55 < eahm> is that apple doing that? how they store/receive messages? snapshots etc. with the new filesystem? 08:55 < eahm> does it happen on macOS before apfs? 08:56 < tezogmix> eahm, I can't disagree with what you thoughtfully shared, you are right across many accounts - I just don't think many companies are doing their own part in properly informing the non-tech savvy consumer... does it take me 30 non-relevant tracking urls to make a payment? :P 08:56 < detha> looks like a side effect of how 'notifications' works 08:56 < purpleunicorn> idk what apfs is but i think its when using the app only. I also think its because the app is mostly for mobile. eahm 08:57 < purpleunicorn> yes that's what it is. If you turn on the neither name or message the name of the contact you are speaking to won't be displayed outside of the desktop 08:57 < eahm> apfs snapshots in real time for what I understood, you can copy GBs of data instantly etc. and updating in real time, even msgs etc. I think its the issue here 08:58 < purpleunicorn> yes that's probably what it is. Thanks for clarifying eahm 08:59 < eahm> and now signal needs to find a way to bypass that 08:59 < eahm> wtf lol, does anyone know what private is today? eheh 08:59 < tezogmix> a payment on a website that is, like my apartment - resident portal, literally there's almost 20 url's that direct on the homepage... after being somewhat comfortable with noscript through the years, I only learned that I needed 4 urls toal to get my payment sent from my checking bank account to them. For these kinds of tactics and services, I always manually temporarily allow them; usually main domain-url and then the 08:59 < tezogmix> CDN conten delivery network related listings.... 09:00 < purpleunicorn> no such thing as private anymore eahm 09:00 < tezogmix> eahm, I guess I get a little ticked on the topic; much like how when I see patients in a medical sense being scammed or misleaded 09:01 < eahm> a very private way to make conversation with someone are DCC chats, 1to1 direct connection. now, who can read that? well, is MS really keylogs Windows that them, can the ISP intercept the packages that go through that connection? maybe, for sure and of course bigger agencies. 09:01 < eahm> but, you could 1) use linux, no keylogging, and use a form of encrypt/OTR so you're safe there 09:01 < eahm> you two know the password, I still think thats one of the most private forms 09:02 < tezogmix> and that hurts me more because that audience of influencers are completely cutthroat and will exploit one until their last breath and death. 09:02 < purpleunicorn> what about pgp eahm is that similar 09:02 < tezogmix> but eahm , I am really thankful for you on brining up a lot of perspectives and reminders, thank you :_ 09:03 < eahm> yeah tezogmix, I care about that targeted stuff up to a point, once I'm in the browser I'm in the open, I go through my things etc. I rarely really need to share something very private 09:03 < purpleunicorn> i've had signal for a while on my phone but never used it because no one else i know uses it and its pointless when its a one way connection 09:03 < eahm> you could setup something like proton mail to encrypt emails etc. though 09:03 < eahm> tezogmix: of course :) thank you for the conversation :) 09:03 < purpleunicorn> could you use that for texting 09:04 < purpleunicorn> emails are pretty important though. You can tell so much about a person by just looking through their email. 09:04 < tezogmix> eahm, hopefully some of the aforementioned also helped with my own end-user context when sharing :) really, your points are personally acknowledged and taken to think more about! 09:05 < eahm> you could use pgp if you two have a texting relay server, you could encrypt that one 09:05 < eahm> and you would have to go through that instead of Verizon etc. 09:05 < eahm> you could even text your server, the server encrypts and sends it to the other server that decrypts it and sends it back to the other user 09:05 < eahm> BUT 09:06 < eahm> how do you send the text to the server? 09:06 < tezogmix> well pgp still needs a 2-player+ scenario right eahm ? 09:06 < eahm> that msg will be seen by your wireless isp, you could text directly from the server I guess 09:06 < purpleunicorn> i have no idea eahm 09:06 < tezogmix> I see a lot of newcomer email providers touting pgp 09:06 < purpleunicorn> i know back in 2013 i think snowden and his journalists would use pgp 09:06 < tezogmix> purpleunicorn, have you checked out privacytools dot io 09:06 < tezogmix> ? 09:06 < eahm> protonmail has two passwords to login, one for the account and one for the pgp key 09:07 < purpleunicorn> no tezogmix 09:07 < eahm> other services are like that, not just that one, I just like that one because its in CH 09:07 < purpleunicorn> ah okay... 09:07 < tezogmix> purpleunicorn, this is the proper link in case I mistyped : https://www.privacytools.io/ 09:07 < purpleunicorn> i can't delete my gmail accounts though than i'd have to restart so many applications etc etc 09:08 < eahm> purpleunicorn: I read many years ago pgp had to change the length of the keys because the NSA wasn't able to crack them 09:08 < purpleunicorn> thanks tezogmix 09:08 < eahm> so yeah, maybe GnuPG? 09:08 < purpleunicorn> damn 09:08 < purpleunicorn> i've never used pgp anyways 09:08 < eahm> what kind of privacy are we talking about though 09:08 < eahm> what do you really need to send 09:09 < purpleunicorn> it's just general privacy 09:09 < eahm> DCC chat is private enough to me 09:09 < eahm> its over irc, if you both have a client /dcc nick chat 09:09 < purpleunicorn> i shouldn't even be on here i feel like...my vpn expired 09:10 < tezogmix> not the point purpleunicorn , use those sites listed as adjuncts - I'd still externally research them - search https://www.reddit.com/r/privacy (ideally within the year 09:10 < tezogmix> for example/ 09:10 < tezogmix> stackexchange/ghacks comments yield other points too 09:11 < tezogmix> that may be important 09:11 < eahm> purpleunicorn: lol 09:11 < purpleunicorn> lol eahm ssssh don't tell 09:11 < eahm> I don't use vpns at all, just occasionally 09:11 * purpleunicorn tapes eahm mouth shut 09:12 < eahm> ahah 09:12 < tezogmix> eahm, is this a joke and purpleunicorn is the master IRC op of freenode and has their own email service? :P 09:12 < purpleunicorn> haha tezogmix 09:12 < gde33> vpn is like wearing cloths, only gets in the way 09:12 < purpleunicorn> im far less tech savvy than you guys are. Don't get ahead of yourself there tezogmix 09:13 < purpleunicorn> people have told me if im cloaked im okay 09:13 < tezogmix> well nicely gets in the way on anything google dot com gde33 - I can spend literally 2-3 minutes on a google captcha to perform a search on their network.\ 09:14 < gde33> use startpage 09:14 < tezogmix> and afterwards, there's a time lock expiration that from what I've noticed, is less than 30minutes 09:15 < purpleunicorn> i use google a lot sometimes but when im using firefox's epic web browser it shows how much they really track....especially facebook. facebook tracks everything. 09:15 < gde33> I'm stil waiting for the distributed search engine, maybe the vpn people are interested in that 09:15 < tezogmix> gde33, vaguely familiar with startpage - thought I saw some other issues/negatives from months back on several privacy (/r/privacy 09:15 < tezogmix> comments 09:16 < tezogmix> please correct-update briefly gde33 09:16 < tezogmix> I've been alternatively using duckduckgo/bing + duckduckgo's !bang searches but the results suck 09:17 < tezogmix> bing is ok for things that google may block though 09:17 < tezogmix> but you have to customize the search filters; no need to sign-in to do those 09:18 < eahm> I also think they have their hands everywhere, in every piece of hardware you own, starting with the cpu 09:18 < purpleunicorn> I feel very stupid right now 09:18 < eahm> now, do they do it all the time? no but there can be mistakes and they can do it on request for sure 09:18 < eahm> don't think because they work there they know so much 09:19 < purpleunicorn> yes that's true. They do have their hands on everything eahm 09:19 < eahm> and its ok, I bought a closed hw cpu, Intel and I am in a way agreeing on that 09:19 < eahm> can't complain when something happens 09:20 < purpleunicorn> if i ever use a vpn again im never going to use one that's apart of five-eyes or nine-eyes....maybe fourteen eyes 09:20 < eahm> there are only two good ones, if you want the most private 09:21 < purpleunicorn> also the other reason why im asking these questions now is because im going into journalism and while im still a newb...i want everything on my hardware to be as secure as possible 09:21 < tezogmix> how is statpage's search results? same to google's? I only used it personally a handful of times years back and noted the delay and proxys it goes through - not complaining on that but am sure it's better than the assholes who designed recaptcha-google with the fading time delay and multiple mouse clicks 09:21 < eahm> BolehVPN is probably n1, the best of all 09:21 < eahm> then NordVPN 09:21 < tezogmix> duckduckgo/bing search results suck big time 09:21 < purpleunicorn> tezogmix: you were right before. duckduckgo does suck when it comes to its results 09:21 < purpleunicorn> google is much better when it comes into competition with that 09:22 < purpleunicorn> i've used NordVPN 09:22 < purpleunicorn> it's pretty good. The app isn't that great on mac's though 09:22 < purpleunicorn> my friend used to use tunnelblick 09:22 < eahm> lol tezogmix, bing is better than google today 09:22 < eahm> much better. 09:22 < purpleunicorn> they're great as well 09:22 < purpleunicorn> really? eahm 09:22 < tezogmix> bing doesn't always apply explicit "quoted fields" or "-exclusions" 09:22 < eahm> yeah 09:23 < eahm> better, less filtered searches 09:23 < tezogmix> and their + plus word query on bing doesn't work 09:24 < tezogmix> doesn't always work I mean eahm 09:24 < gde33> tezogmix: just found https://www.presearch.io 09:24 < eahm> nice one 09:24 < eahm> now we have to see how it searches stuff lol 09:25 < tezogmix> bing is my backup and I've had a lot of luck on obscure search queries 09:25 < eahm> but don't take my words on that, use whatever works best for you, I use google too 09:25 < gde33> eahm: it acts like a meta engine as well 09:25 < eahm> niec 09:25 < eahm> nice 09:25 < purpleunicorn> have any of you heard of proton vpn its based from switzerland 09:26 < gde33> I'm usually a critic but the way things look I not just like it but would have done it the same way 09:26 < tezogmix> I'm just ticked that it often takes me more than 2 minutes to do a simple google search via google dot com over vpn 09:26 < purpleunicorn> yeah it is slower. That's how it usually is when it comes to having more security. 09:26 < eahm> tezogmix: well, if you want to go into details, I think its because google is becoming, or very well already is, an sjw company and they get offended by everything so they block everything as well 09:27 < tezogmix> I've selected less known vpn servers to minimize this but it's only a temporary bandaid 09:27 < eahm> purpleunicorn: or in that case, less users? :) 09:27 < eahm> it'll get better 09:27 < purpleunicorn> for example, ive heard that phone named blackphone 2 came out a couple years ago and is un hackable which is untrue because it still can be. They are slower than other smartphones such as iphones and samsung 09:28 < detha> fewer users == less noise to hide in 09:28 < eahm> that black phone was ideally an awesome project yes, not sure is its still alive 09:28 < purpleunicorn> yeah that's true. But if you don't hide where there are less users won't they look for you or find you faster or easier 09:29 < tezogmix> yeah eahm , if I want to stereotype and get pissed - it's some high level tech that just enforced rules saying "uhmm nope, VPN = bad and we will implement time consuming captchas" 09:29 < purpleunicorn> it's still like $800 09:29 < eahm> I moved from EU to USA a while ago, in EU everything is so hard to do, here everything is very simple and easy but there is always a price yeah 09:29 < gde33> tezogmix: they sell big queries 09:29 < eahm> ahah yeah 09:29 < purpleunicorn> what do you mean eahm 09:29 < purpleunicorn> what's hard? 09:30 < tezogmix> eahm, I had a few services that tried to block vpn and the community got pissed - some services wanted your exact vpn IP 09:30 < tezogmix> well that's a problem if you're on a shared IP : 09:30 < tezogmix> ) 09:30 < eahm> when I moved it was different, my god, only 15 years make so much difference, for example buying stuff online, good luck 09:30 < eahm> now there is amazon everywhere of course, its all the same 09:31 < eahm> there is a general paranoia of everything and everyone in Europe that I hate 09:31 < eahm> usa is more simple but people follow hype much more, sacrifice privacy for comfort etc. 09:32 < tezogmix> amazon gotta buy on mobile IP or real ISP IP, can't do on VPN - maybe a few purchases will slip through but it's sure to be blocked 09:32 < tezogmix> I've been using amazon since early 2k, vpn's since mid-2k 09:32 < purpleunicorn> yes we very much do but its very sad. i guess you can't always get what you want. Their are places that are of two sides of the spectrum 09:32 < eahm> ahah not worry about amazon who cares :P what are they going to show me, the new product of what I bought in few months? great 09:32 < norkle> LOL amazon 09:33 < norkle> they got some good books. 09:33 < norkle> dunno about there IT situation. 09:33 < norkle> department even. 09:33 < norkle> btw RAPE! 09:34 < tezogmix> but we have to remember everyone is located in different places/different laws, etc... I really found this article helpful to narrow vpn options depending on needs from torrentfreak: https://torrentfreak.com/vpn-services-anonymous-review-2017-170304/ + https://torrentfreak.com/vpn-services-keep-anonymous-2018/ = this is 2017 and 2018 09:35 < tezogmix> I'm personally using PIA 09:36 < eahm> pia is good 09:36 < tezogmix> since they ever started, I tried mullvad 09:36 < tezogmix> too from when I 1st heard about the vpn term 09:38 < tezogmix> but at least with pia, I never had to worry about dns/true-ip leaks (i.e. if connected to vpn and connection lost to reveal real, non-vpn IP) and it always max's out my ISP bandwidth except on windows due to the tap driver-open vpn limit of 100-150mbps 09:39 < tezogmix> we actually troubleshooted the above when I made a linux-ubuntu usb live flash drive and installed the same von - was able to reach 300mbps 09:39 < purpleunicorn> omg i can't believe i have to wait in line if i use cyberghost...apparently their aren't any free slots! 09:39 < tezogmix> free slots for what? 09:39 < tezogmix> purpleunicorn, ^^ 09:41 < purpleunicorn> sorry it froze for a second there 09:41 < purpleunicorn> i was saying the free slots are for people to use the dang vpn 09:41 < purpleunicorn> anyway cyberghost is an american company right 09:42 < tezogmix> oh I was just trying to do a ctrl-F search for cyberghost or cyber and it didn't even show up from the last 2 torrentfreak vpn articles I linked 09:43 < tezogmix> purpleunicorn, 09:43 < tezogmix> ^^\\ 09:43 < purpleunicorn> interesting...why? 09:43 < tezogmix> also be very careful of the /r/vpn user comments on reddit 09:43 < purpleunicorn> i dont use reddit that much but thanks 09:43 < eahm> check if its here https://thatoneprivacysite.net/ 09:44 < tezogmix> but just in general, the user comments; like usual... you have to be careful who's saying anything - 09:44 < purpleunicorn> yes that's true 09:44 < tezogmix> but for big services, and tasks like vpn... 09:45 < purpleunicorn> should i use a vpn service that's not in the US 09:45 < tezogmix> I'd probably start from the 2017 and 2018 review links and see what's best for your case\\ 09:45 < purpleunicorn> i've already used nord vpn but its expensive for me 09:46 < tezogmix> VPN based in U.S. or not, may or may not be there in a legal sense... I don't think nord and pia are so different in pricing> 09:46 < tezogmix> ? 09:46 < purpleunicorn> cyberghost is cheaper 09:46 < tezogmix> all I'll say purpleunicorn , I download more than a few terabytes a month via VPN through PIA - 09:46 < tezogmix> and this is over many years 09:47 < purpleunicorn> its $3.79/month for 3 years 09:47 < purpleunicorn> *2 09:47 < tezogmix> PIA's is like $40/year 09:48 < tezogmix> so it's like $0.70cents cheaper (I just divided $40/12) 09:48 < tezogmix> or 40cents rather :P 09:48 < purpleunicorn> lol 09:48 < purpleunicorn> smh your math skills are horrible 09:49 < tezogmix> hah that's true for medical students 09:49 < purpleunicorn> tezogmix: i'm jk :P 09:49 < tezogmix> I just imprecisely imputed into windows os calculater 09:50 < purpleunicorn> is pia private internet access 09:50 < tezogmix> anyways, purpleunicorn - I can certainly attest to the PIA 09:50 < purpleunicorn> haha your funny. its okay. i suck at math too tezogmix 09:50 < tezogmix> they have an irc support channel here too 09:50 < purpleunicorn> really? that's nice 09:51 < tezogmix> #privateinternetacces + it's also the official freenode IRC vpn sponsor 09:51 < tezogmix> they always answer my questions whenever I need - 09:52 < purpleunicorn> oooh aren't you special tezogmix 09:53 < tezogmix> haha no purpleunicorn , but just I am very picky with these kind of services and require certain things... aside from the google captchas appearing and select websites outright banning vpn, it's been great. 09:54 < purpleunicorn> their's websites that ban vpns? tezogmix 09:54 < purpleunicorn> they're* 09:54 < tezogmix> I rarely get disconnected - I have one desktop still connected on the same vpn pia from over 10 days and stil transferring data as we chat 09:54 < purpleunicorn> is it slow 09:55 < tezogmix> purpleunicorn, typically vpn's are being banned on financial networks 09:55 < purpleunicorn> i like how they have the net neutrality banner on their site 09:55 < IamTrying> I need to prove "IA certification based on your assigned IAT level". How do i get IA certificate, does anyone here IA certified know what are the steps to get started (books to read and approximate time to get ready for exam)? 09:55 < tezogmix> e.g. banks 09:55 < tezogmix> slow, no - I'm downloading consistently on windows ~20-25 MB/s 09:56 < tezogmix> on vpn and PIA 09:56 < tezogmix> I have a 300mbps connection but that's double on linux 09:56 < tezogmix> there's a bottleneck with the tap adapter driver for windows 09:56 < tezogmix> that limits it to the speeds I mentioned 09:57 < tezogmix> I can still have desktop/laptop on vpn, non-vpn on other free ports through router 09:58 < purpleunicorn> i wonder if it'll be all the same for macs too? tezogmix 09:58 < tezogmix> and all is good... I have the kill switch enabled on windows machines (the software provided and adjusts those settings if by chance your VPN connection fails); 09:59 < tezogmix> Oh I don't know that purpleunicorn = that's an important question because I have seen from their forums, off and on issues with Mac/apple units but they always fixed it 10:00 < purpleunicorn> oh ok tezogmix that makes me a bit wary though but i'll ask them 10:00 < tezogmix> I don't use Mac stuff personally purpleunicorn - I'm the outcast also in the hospital healthcare network too.. 10:00 < purpleunicorn> what's their channel called 10:00 < tezogmix> one day I will have to go that route I imagine. 10:01 < purpleunicorn> i thought most hospitals use windows? or do you mean the staff? 10:01 < tezogmix> for some things but I love android/windows 7 too much 10:01 < tezogmix> #privateinternetaccess 10:01 < purpleunicorn> yes you will and it will be better because at least you're not that vulnerable when using windows 10:02 < tezogmix> purpleunicorn, try the weekdays for live irc chat 10:02 < purpleunicorn> it is a weekday lol tezogmix 10:02 < tezogmix> it's mother;s day weekend for many :P 10:03 < purpleunicorn> true 10:03 < purpleunicorn> im late as fuck. tezogmix 10:03 < purpleunicorn> still haven't gotten my mom anything lol. 10:08 < IamTrying> A+, Network+, SSCP, Security+, SSCP, CISSP, CISA - certification cost how many weeks? 10:08 < IamTrying> Sorry. "A+, Network+, SSCP, Security+, SSCP, CISSP, CISA, CAP, CISM" - certification cost how many weeks? 10:10 < Roq> Exactly 136 weeks 10:12 < Roq> It will depend on the person and a bunch of other factors. Knowledge, experience, time available to study etc 10:12 < tezogmix> me neither purpleunicorn - but I am sure your soon to be presence and/or phone call wishes to her, being more than anything :) 10:13 < IamTrying> Holly ... almost 3 year? i am 20j software programmer kid Roq. wow 3 year?? 10:13 < purpleunicorn> aww thanks. I live with her so i think i have to get her something even though im broke af right now. tezogmix 10:13 < Roq> IamTrying: It was a joke. There is no set timeline for everyone 10:14 < IamTrying> Boy o boy you got me there for a second Roq 10:14 < IamTrying> i have a military pilot project. They need a prove Roq. 10:14 < IamTrying> i am coder i cant prove those certificates 10:14 < IamTrying> So i was estimating the cource time 10:15 < Roq> But CCISP alone requires 5 years of work experience in at least two domains of CBK 10:15 < tezogmix> hey Roq , I'm curious - I am almost finishing up with a doctor of medicine (medical degree) - what kind of options related to IT, could I be a meaningful bridge to? 10:16 < IamTrying> That is impossible to spend i am in my 40+ Roq 10:16 < Roq> IamTrying: https://www.isc2.org/Certifications/CISSP 10:16 < IamTrying> I think the best option is to hire someone isn't it Roq? they just need prove, but the guy do not have to do anything, the whole software i have to code. 10:17 < tezogmix> so I've done nearly 8 years of school (undergraduate/graduate) 10:17 < tezogmix> I know a little about tech-topics... and always eager to learn more. 10:18 < Roq> tezogmix: I have no idea what could be benifital to bridge like that sorry 10:18 < IamTrying> Military ICT needs prove that the Linux box is in safe hand, the software that runs inside is just a P2P application via intranet. I think i need a temporary certified person to hire and show the approval to the project formality 10:19 < Lope> in openvpn is it possible to have multiple computers on the tun LAN using a static key? 10:19 < Roq> tezogmix: There are probably medical robotics fields, or VR options that could give a great overlap between technology and medicince 10:19 < tezogmix> I know we have electonic health records, telemedicine, lots of health-based startup companies developing software/mobile apps but they themselves may not have as much medical education in where I may be able to fit in to assist 10:20 < purpleunicorn> 8 years? tezogmix what do you do 10:20 < purpleunicorn> i used to be very into this stuff but its just so hard to decide and im wasting so much time so i decided to go with majoring in journalism/political science 10:21 < tezogmix> last year of medical school purpleunicorn - 4 years college undergraduate, 4 years graduate for medical school 10:22 < purpleunicorn> i know you have no reason to lie but a lot of people like to boast on here which is why im skeptical....my apologies 10:22 < IamTrying> Thank you Roq, i am disqualified for the project for sure. Google said certificates are just trash but now it proves they were wrong, they Google hire people with experience and Military ICT hire people with "paper approval" 10:22 < tezogmix> a bit longer with medical school by some months, thanks to being here in a networking #irc channel :P 10:23 < tezogmix> no boasting purpleunicorn - I am highly fond of the fellow folks here 10:23 < purpleunicorn> what do you do? tezogmix 10:23 < tezogmix> and just want to appreciate it more as able 10:24 < purpleunicorn> im curious 10:24 < purpleunicorn> not trying to be nosy tezogmix just so you know 10:24 < Roq> IamTrying: It depends on the project / function I suppose. Some projects require the right people with the matching expierence and often certs 10:25 < doomistic> very simple question. cidr gives you the network id portion. Questions is, how do you know the value you'd assign to the network id portion? 10:26 < doomistic> do you just choose random number that are below 255 for each octet? 10:28 < IamTrying> Ture Roq, i can understand. They are very strict and they have to be because they are the core of security level. 10:29 < purpleunicorn> i guess i either weirded you out or scared you off lol tezogmix 10:30 < IamTrying> To resolve this issue (that i am being coder but not certified as there requirement), i need to hire a certified person as team member and then use him as mentor for reference related to any security issues. Anything related to Level1, 2, 3 goes to my hired person, coding part is mine. does that make sense Roq? 10:30 < tezogmix> I'm in my last year of med school, so right now I'm continuing clinical-patient interactions... these are assigned 4 week blocks (i.e. electives) of our own choosing - I just finished 4 weeks of dermatology and going into 4 weeks of endocrinology , so we see patients that have those specific problems.... in 3rd year, we do broader rotations in internal-adult medicine, pediatrics, psychiatry, family medicine, obstetrics 10:30 < tezogmix> & gynecology and general surgery;;; 1st 2yrs med school is like anatomy, physiology, genetics, biochemistry, microbiology, pathology, pharmacology 10:30 < doomistic> never got anyone to answer the question. I am not a networking specialist, but I need to understand this in order to consolidate my basic understanding of making basic netoworks. 10:30 < tezogmix> to purpleunicorn ^^ may have missed a few things but this is off the top of my head at 4am my time :P 10:33 < tezogmix> In our 4th/last year of med school, we can pick 4-week block electives on an array of topics like: nephrology, neurology, cardiology, rheumatology , pulmonary, etc like you hear or see on tv 10:33 < tezogmix> :) 10:33 < doomistic> why the fuck are you people talking about medicine in a computer network dedicated channel? 10:33 < doomistic> networks* 10:34 < tezogmix> because I had computer network dedicated questions doomistic ? :P 10:34 < purpleunicorn> that's cool. I've read about the rotations and stuff because i too years ago wanted to go into medicine but idk if im really into being that close with people and was struggling with some of the subjects so i had to go 10:35 < doomistic> ok, I may have overreacted a little 10:35 < purpleunicorn> isn't it weird that i have a cardiology and a clinician's guide specifically about cardiac pathologies lol...maybe i should give them to you or sell it tezogmix 10:35 < tezogmix> oh it's a lot of responsibility purpleunicorn - I typically see around 30 patients a day right now 10:35 < doomistic> I apologize 10:35 < doomistic> now... ANSWER THE FUCKING QUESTION!!!!! 10:35 < tezogmix> almost 10-12hrs 10:35 < purpleunicorn> doomistic: we were talking about security before if you scroll up doomistic 10:36 < doomistic> alrighty, I may have reacted a slightly more 10:36 < doomistic> now... PLEASE ANSWER THE FUCKING QUESTION :'( 10:36 < tezogmix> oh yeah doomistic , I had a lot of other network related queries, I just didn't randomly choose this channel, we got off-topic for a moment :P 10:36 < doomistic> comprende 10:37 < purpleunicorn> can you chill dude. 10:37 < tezogmix> doomistic, I've been using irc since the 90's 10:37 < tezogmix> from efnet time era 10:37 < purpleunicorn> wow....how old are you? lol 10:37 < tezogmix> but I still don't know much :P 10:37 < doomistic> how may grand kids do you have? 10:37 < IamTrying> tezogmix: me too 90+ 10:38 < purpleunicorn> did you just start using them when you were like 10 or 6 or 12 or 14 10:38 < doomistic> so guys how do you decide the value for the network part of an ip address? 10:38 < purpleunicorn> i dont think he's that old doomistic 10:38 < purpleunicorn> don't hurt his feelings 10:38 < doomistic> ok, how many grand parents do you have Tez 10:39 < doomistic> this reverses the insult I think 10:39 < tezogmix> Ah yeah, on irc dial-up bbs's and ran a few renegade/pc-board BBS's during high school around that time, probably in my 13-15 teen years 10:39 < doomistic> I remember dial up in the 90s 10:39 < doomistic> good time they were 10:39 < purpleunicorn> me too 10:39 < IamTrying> I started my first internet using dial ups modem lol 10:39 < tezogmix> almost 40 now, did some other work with family in between 10:40 < doomistic> times 10:40 < purpleunicorn> i remember dial up for email though 10:40 < doomistic> I'm almost 30 now 10:40 < IamTrying> lol 10:40 < purpleunicorn> aol and myspace 10:40 < IamTrying> old days 10:40 < purpleunicorn> oh 10:40 < purpleunicorn> you're not old 10:40 < linux_probe> old ass farts 10:40 < doomistic> gamefaqs used it to get cheats for ps2 games and dreamcast 10:40 < doomistic> gamewinners 10:40 < bezaban> doomistic: either you own or are delegated an address range, or you pick something from rfc1918 if you want private space 10:40 < purpleunicorn> im trying to sell my xbox one s on craigslist 10:41 < purpleunicorn> no one's buying it even though its pretty new :( 10:41 < tezogmix> but yeah doomistic , i thrived on many efnet and related irc channels, familiar with dcc file servers... telnet 10:41 < linux_probe> $5 you pay the shipping :)) 10:41 < purpleunicorn> lol 10:41 < purpleunicorn> i have 9 games that's included linux_probe 10:41 < linux_probe> should only cost you about %15 to to get rid of it then lol 10:41 < tezogmix> \and lived through all those free aol shipments and dial-ups, had plenty of us robotics modems :P 10:41 < doomistic> bezaban, assume that I have a company and one public ip address for the internet and I want 5 subnets for 0 persons each 10:42 < purpleunicorn> but i only offer it to people within my area. no offense but any of you can be scammers 10:42 < doomistic> 10 persons 10:42 < tezogmix> but still in the net scene in some weird and awkward capacity :P 10:42 < doomistic> my understanding goes like this, you give 3 bits for the subnets, 4 bits for the hosts 10:42 < linux_probe> scammers online/irc never!!!! 10:42 < doomistic> means 7 bits, so the subnet mask will become 32-7 = 25 10:42 < purpleunicorn> you never know 10:43 < linux_probe> id be more worried about craiglist local yahoo's 10:43 < linux_probe> rofl 10:43 < bezaban> doomistic: you would do nat behind the single ip address and can pick any subnet or range within rfc1918 space that you desire 10:43 * bezaban yawns 10:43 < doomistic> why do I have to use the ones in rfc 1918? 10:43 < tezogmix> so nowadays I come onto this channel to ask the pro's on things I could far from keep up from and/or to hear perspectives to learn more about. 10:44 < purpleunicorn> im selling it for $300 10:44 < doomistic> is there a logic for that? 10:44 < bezaban> doomistic: because if you don't you won't be able to route the real ip addresses that you squat on 10:44 < bezaban> also may be blocked egress 10:45 < bezaban> well, they can't communicate bi directionally anyway 10:45 < doomistic> bezaban, I'm not a native speaker so squat on sounds like squatting in bb 10:45 < tezogmix> linux_probe, scroll up further for other randomly related topic talk on craigslist (mainly with vpn usage and craigslist throttling any access to their site domain if you're on vpn, literally dial-up speed-0 10:46 < linux_probe> lol 10:46 < linux_probe> must be a "public" von thing 10:46 < linux_probe> vpn** 10:46 < linux_probe> or do they have some bad config and spewing fragmented packets 10:47 < tezogmix> and worth mentioning, don't ever publish-post or make transactions via vpn to services that will not honor the IP-connection logged. 10:47 < purpleunicorn> im too poor to buy pia or other vpns 10:47 < purpleunicorn> how do you know they won't honor the ip connection tezogmix 10:48 < tezogmix> firstly the payment transaction may not go through 10:48 < purpleunicorn> i also forgot to ask you, what do you think you'll specialize/fellowship in? tezogmix 10:48 < purpleunicorn> okay well all the transactions ive done so far has gone through when i used to use nord vpn 10:49 < tezogmix> sometimes, on sensitive transactions, I shift to using google chrome (i.e. since its not running my firefox noscript/ublock origin adblocker and a few other select quantum firefox addons) 10:49 < tezogmix> purpleunicorn, ^^ 10:50 < purpleunicorn> ah okay that's understandable. tezogmix 10:52 < tezogmix> also purpleunicorn , this is spread across transactions and billing companies that accept bitcoin, prepaid credit cards and standard/traditional credit cards - so it varies, I've been using VPN since I 1st learned about mullvad/pia 10:53 < tezogmix> so you can check their wikipedia times of when they started.. mullvad was my first.. through bitcoin, been using that since bitcoin ever 1st came out\\ 10:54 < tezogmix> but my needs and daily usages were much more demanding so I shifted to PIA 10:56 < linux_probe> Pain In Ass 10:56 < tezogmix> probably through this time with PIA, it's been countless terabytes...what's a 100 terabytes+? , right now, I do a few terabytes a month in downloads\\ 10:56 < linux_probe> :))) 10:56 < linux_probe> vpn providers, security by obscurity 10:56 < linux_probe> lawlz 10:57 < purpleunicorn> ah okay. tezogmix 10:57 < tezogmix> true linux_probe - vpn is never anonymous to ISP and the services knowing you're on vpn 10:58 < tezogmix> that's the limiting factor tradeoff \ 10:58 < linux_probe> not worth the hassle 10:59 < tezogmix> depends on what one is transferring back and forth though too linux_probe - if it's just linux distros, then :P 10:59 < linux_probe> a vpn doesnt make it magically safe anyway 11:01 < tezogmix> it's a broad statement, dedicated vpn, shared vpn? does the end user have a set up to bind that vpn to that current IP and if disconnected, have other browser-software stop if needed 11:02 < tezogmix> ? then there's the classic udp/tcp ports and selection (i.e. tcp 443) 11:03 < purpleunicorn> i know no one cares but i'm finally back to using textual, yes! the socket wasn't working for some reason and it said someone unplugged me 11:03 < tezogmix> but I don't much in the topic to dive too deep. always learning :) 11:05 < tezogmix> what's the goal/case use purpose purpleunicorn (you can give a generic example of why it's good/nice to use), also... are those protocols patched/updated often if need be? 11:08 < purpleunicorn> are you asking why do i use irc? tezogmix 11:08 < tezogmix> Oh textual was an irc client? 11:09 < purpleunicorn> yeah it still is tezogmix 11:09 < purpleunicorn> im probably going to switch back to that now because this always asks for my password every couple of hours 11:10 < tezogmix> lol gotchya purpleunicorn , thanks... I started with mirc, and have stuck with to current on hexchat 11:11 < purpleunicorn> hexchat was soooo complicated as well as limechat i hated that one. The split windows just fucked me up lol tezogmix 11:11 < purpleunicorn> anyway you didnt answer my question 11:11 < tezogmix> for standalones that is, sometimes depending on the irc network or for example registering on freenod via vpn, you have to use the web client 11:12 < tezogmix> and then afterwards, you can log into you irc supported standalone client \\\\ 11:15 < tezogmix> totally know what you mean with user experience change purpleunicorn - I just needed an open source mirc replacement that kind of looked the same on windowsl 11:16 < tezogmix> and one that could manage my different network aliases, passwords...... 11:17 < wolfshappen> tezogmix, how about hexchat? 11:17 < tezogmix> and has a spell-check addon. 11:17 < tezogmix> wolfshappen, that's what I'm using :P 11:19 < tezogmix> it's [hexchat] not that different from mirc - almost looks like it was since the mid-90's, I like the basic layout of irc 11:19 < purpleun_> <---- this is my textual nick 11:19 < purpleun_> i used to have irssi and man that was really basic. i hated it so much lol tezogmix 11:20 < wolfshappen> tezogmix, true - but i do like to use the monokai theme for it to style it better than the 90's 11:20 < tezogmix> one of my coolest tips was to partially type the username within the channel and hit the "tab" key to properly address :PP 11:21 < wolfshappen> you can spot that by the "," often though if you do it at the beginning of the sentence 11:22 < tezogmix> I'll have to check it out wolfshappen - I often lean towards the most ugly/basic fonts 11:22 < at0m> purpleun_: irssi is basic untill you customize it with scripts. then it grows on you to fit like a glove 11:24 < tezogmix> granted wolfshappen , that all my laptops/machines are more than 8-9yrs old; obviously not a gamer/graphics fellow 11:25 < tezogmix> the most high end game I still have is cs 1.6 that's running some scripted bots 11:26 < at0m> tezogmix: then you know nick hilights work best when at the start of a line 11:26 < at0m> unless people configured their client to also hilights in the middle of a line somewhere 11:27 < tezogmix> right now by default at0m , shows your auto-nick announce to me as green 11:27 < at0m> many clients, tezogmix, won't hilight if nick is in the middle somewhere. totally killing the purpose of hilights 11:27 < tezogmix> and with an audible ding 11:27 < Apachez> funny how all those who argued that putting all eggs in the same basket is a good idea suddently went mute due to meltdown, spectre and spectre-ng... 11:28 < at0m> Apachez: and more to come /o\ 11:28 < tezogmix> ah at0m does hexchat do this or what client are you on 11:28 < tezogmix> ? 11:30 < at0m> yes client handles hilights. you can hilight any word, phrase, regexp. nick is hilighted by default in most clients 11:30 < at0m> /help hilight 11:30 < tezogmix> I personally haven't observed what you're saying and think the other channel users may have called out the username to flag/alert the recipient (unless they chose otherwise) 11:31 < tezogmix> at0m, call my username in the example scenario you mentioned 11:31 < tezogmix> let me see... 11:31 < at0m> so like saying tezogmix in the middle of a line? 11:32 < tezogmix> ok it came highlighted and dinged (windows OS ding sound) 11:32 < tezogmix> hexchat v2.12.4 w7-64 11:33 < tezogmix> nevertheless at0m , you raised an important tip and point...... 11:34 < at0m> tezogmix: that's most basic irc usage. 11:34 < tezogmix> and can definitely understand where issues could arise 11:36 < tezogmix> ok all, thanks so much for the conversations and tips throughout - will stop by again... have a good weekend :) 11:37 < at0m> if you use a dedicated hilight window, you don't even need to be in the channel window to discuss there, you'd just [tab] and talk 11:40 < purpleunicorn> okay same here tezogmix 11:41 < at0m> he's long gone 11:42 < purpleunicorn> :( i liked him at0m 11:44 < jellycat1> hiya, looking for some advice. I need to setup a few edge-devices for our network that need to be accessible with a single IP/A-record. The IP/A-record can't be updated easily (sometimes 2-3 months can pass before it can be done). Multiple IP's with the same A-record could work (although it wouldn't be a perfect solution) but multiple machines with the same IP would be preferrable if that's possible. These devices would be d 11:45 < jellycat1> Anyone have some advice or something for me to look over (articles, blog posts, videos)? 11:48 < purpleunicorn> fuck im not even cloaked on textual 12:02 < detha> jellycat1: that is an odd requirement. Forget about sticking the same IP on multiple devices, unless you only want one at a time to be accessible. What makes updating the address a problem? If DNS, use CNAMEs to something you can update easily. 12:06 < jellycat1> detha: well these are hw-devices that can be out of cell-service for upto a few months and need to be able to contact our edge-devices as soon as they get a cell-signal. I will look into using DNS and then have some updating script that updates the IP's behind the dns-record. 12:07 < linux_probe> heh, it was so stupid a request/idea, nobody wanted to answer ;) 12:08 < ljc> i've got 2 computers on my LAN but neither are resolving their hostnames 12:08 < ljc> er, *neither are resolving each other's hostname 12:09 < purpleunicorn> what do i do if i don't remember my password for znc bouncer 12:09 <+xand> ask whoever runs the bouncer 12:12 < detha> jellycat1: depending on how much intelligence you have in the remote devices, look at things like zerotier, or add a something like a tosibox to the remotes 12:16 < jellycat1> detha: alright, will look into those. But yeah the HW-devices should have as little intelligence as possible, preferrably they should only collect stats and phone home when they have cell-service. 12:22 < TandyUK> anyone aware of a nice, multi channel (preferably 8) HDMI over Ethernet unit. In the 'core' we have 8 HDMI outputs, these ideally would all go HDMI>Ethernet via a single unit, with then 8 single output slave units around the site, connected to tv's 12:22 < TandyUK> note **HDMI over Ethernet** and NOT HDMI over cat5/6 - this needs to be sent over a tcp/ip network, via several switches 12:25 < Emperorpenguin> TandyUK: I don't think a gigabit ethernet cable has enough bandwidth for HDMI video 12:25 < Emperorpenguin> I mean, uncompressed 12:27 < TandyUK> well if it needs to encode to h264 and decode the other end or whatever, fine 12:28 < TandyUK> I can find a couple of single channel units for this 12:28 < TandyUK> and plenty of multi channel 'over cat5/6' units, but no multichannel ones whcih actually use tcp/ip 12:29 < TandyUK> the sheer size of this site (300,000sqm) is causing us the biggest problems 12:30 < TandyUK> theyve got 8 locations they want CCTV monitors, and the NVR has an 8hdmi output module 12:30 < TandyUK> but its how to get those 8 hdmi signals the 200 - 1600m they need to go to get to the relevant TVs (Via about 4km of fibre backbone, and 20+ switches) 12:31 < TandyUK> the other option ive played with, is putting a basic NVR by each tv, for live playback only, but each of these (for the number of cameras) is using in the region of 300mbps bandwidth 12:32 < TandyUK> so once we have more than 1 of these, we start running out of bandwidth on the network (Dedicated 1gbps fibre ring for the cctv) 12:32 < TandyUK> total bandwidth from the cameras to the NVR takes about 500-600mbps constantly 12:33 < TandyUK> If necesary, I could even use an extra fibre core just for the hdmi shit 12:33 < TandyUK> but without replacing all the switches, we still have a 1gbps upper limit 12:34 < eahm> not even 10gbps is enough: https://en.wikipedia.org/wiki/HDMI#Version_comparison 12:34 < eahm> hdmi 2.1 is 48gbps 12:34 < TandyUK> clearly it needs encoding then lol 12:35 < TandyUK> 1080p in h264 is about 35Mbps 12:35 < TandyUK> (thats what the cameras output in) 12:35 < detha> fun. doesn't HDMI have a 100Mb/s ethernet channel hidden in it somewhere? So you'd get ethernet over hdmi over ethernet 12:36 < TandyUK> lol, that could actually be useful for PTZ contral and stuff, but no :P 12:36 < eahm> 1.4 to 2.1 yes 12:37 <+catphish> TandyUK: my hikvision cameras run 1080p at 5Mbps 12:38 <+catphish> they can run much higher, but you get a decent picture at that rate 12:39 <+catphish> i've been trying to device whether to run my home CCTV over WAN 12:40 < veek> how exactly does bridge mode work? does the wifi pkt travel up/down the modem n/w stack before it's converted to atm/adsl 12:40 <+catphish> bridge mode on a modem/router? 12:40 < ljc> so my router is a POS and needs rebooting every day because i can't connect via wifi to it 12:40 < veek> yep 12:40 < ljc> can anyone recommend a good one? linux based preferably 12:41 <+catphish> veek: it really depends completely on the protocol the ISP is using 12:41 <+catphish> i used to use "bridge mode" over pppoa over adsl, which basically just meant it was doing fake arp for the network and routing over the ppp connection 12:42 < veek> catphish, they'r using adsl/atm.. it's an adsl modem with a wifi feature so.. if I set the mode as bridge for the adsl.. what exactly does it do 12:42 < veek> with pppoe on the modem.. the pkt will travel the modem stack 12:42 <+catphish> i don't really know what that means 12:43 < sliddis> anyone know if there are any spectrum analyzers like these but that works on ubuntu? https://www.metageek.com/products/wi-spy/ 12:44 <+catphish> sliddis: i use bladerf for this 12:44 <+catphish> not really wifi specific, but serves the purpose 12:45 <+catphish> there are likely much better tools that are actually designed for wifi and would work 12:46 < TandyUK> [11:38] <+catphish> TandyUK: my hikvision cameras run 1080p at 5Mbps yeah thats about right for 1080p. Some of our cameras are 4k, and in total theres about 80 cameras 12:46 < eahm> inSSIDer maybe? From the same company, they’re among the best in the business 12:47 < sliddis> eahm: its not available on linux, and it only looks at 802.11 frames, doesnt it? 12:47 < sliddis> I need to see if there are interference from non wifi devices 12:48 < eahm> Not sure, haven’t tried them in a long time, let me change that then, they use to be among the best 12:50 <+catphish> TandyUK: i mentioned it because you said "1080p in h264 is about 35Mbps", this likely true for a high quality broadcast, but for CCTV at 15fps, one can get away with much less 12:55 < Apachez> sure 12:55 < Apachez> and that cctv can compress even further 12:56 < Apachez> and have more I frames than P frames etc 12:56 < Apachez> CCTV images are fairly static 12:56 < Apachez> err videos 12:56 < Apachez> sometimes the panoram left/rigth up/down or zoom in/out 12:56 < Apachez> but mostly they sit there 12:56 < Apachez> and then some dude/dudette passes by 12:57 < Apachez> in those cases you could get away with P-frames every 10 second or so 12:57 < Apachez> while in a hollywood or netflix flic you have fast scene snapshots back and forth 12:57 < Apachez> lenseflares when specific directors are invovled and other shit 12:57 < Apachez> in those cases you must have AT LEAST one P frame once a second 12:57 < Apachez> or even more 12:58 < Apachez> and that will increase the bandwidth needed dramatically 12:58 < Apachez> 1080p from bluray goes (is that h264?) goes at in average 60Mbps 12:58 < mnemon> catphish: and actually <9mbps is pretty common for 1080p h264 for IPTV etc. 13:00 <+catphish> Apachez: intetersting, there's only a certain amount of config my cameras support, but i think i found a reasonable balance between framerate, compression artifacts, and bandwidth 13:00 < Apachez> yeah 13:00 <+catphish> mnemon: that surprises me, while it's ok for CCTV, there's no way i'd be happy to watch TV at that quality, but maybe they have other optimizations 13:00 < Apachez> so if you can lower framerate to lets say 15 fps or even lower you can cut stuff on the bandwidth by close to 50% 13:01 <+catphish> Apachez: yeah i use 15fps, 1080 13:01 < mnemon> catphish: they just have good encoders 13:01 < Apachez> for tv some cheats with 1080i aswell 13:01 < Apachez> so you get half the lines vertically 13:01 <+catphish> well there's only so good h264 can go 13:01 < Apachez> so another 50% drop 13:01 < veek> in those $20 adsl+wifi(BGN) modems, are they likely to switch the received frame from one port to the next using custom ASICs (broadcom IC bcm 47xx etc) or do they process the received frame in linux (using it's tcp/ip stack), generate a new frame (basically strip all the old headers) and then transmit the new frame on whatever port it has to go out through 13:02 < Apachez> around here the HD tv transmissions are at 720p or 1080i 13:02 < Apachez> no broadcaster transmits at 1080p 13:03 <+catphish> veek: those devices are usually made up of a linux soc, a wifi NIC, a modem, and a switch ASIC 13:03 < Apachez> also since CCTV are livestreams you cant really do much with 2pass encoding 13:03 < Apachez> where a movieflic can analyse the stream and on the 2nd pass use optimized settings every second (if needed) 13:03 <+catphish> veek: anything that is routed obviously needs new headers, anything on a different protocol obviously needs new headers, those will very likely all be done in linux on the cpu 13:03 < Apachez> which also comes down to quality, many cctv implementations are just shitty 13:04 < Apachez> shitty gear, shitty optics, shitty settings 13:04 <+catphish> veek: switching between LAN ports will be done in ASIC 13:04 < Apachez> so it becomes virtually useless to identify a burglar or similar 13:04 <+catphish> Apachez: that makes sense too 13:04 < Apachez> "yeah the dude was about 1.75-2.00m height and black and were wearing a red skirt" 13:04 < Apachez> and thats about it 13:04 < veek> catphish, thank you :) :) 13:05 < Apachez> no identifying pics of the face itself other than "it was a black dude" (or white for that matter or asian or whoever tends to rob you :P) 13:05 < Apachez> there is some "forensic standard" regarding pics and videos 13:06 < Apachez> like a 1x1 meter testsample which is to be placed at different distances and the pic/video shall still be able to pick up how many lines there are etc 13:06 < Apachez> shitty gear/optics/settings gets blurry fast 13:07 <+catphish> this is what 5Mbps affords you with a low end hikvison: https://i.imgur.com/5O4M0DN.png 13:07 <+catphish> i'm pretty happy with it 13:18 < mnemon> Apachez: there's some channels also with 1080p in here but it's generally the "higher end" ones(25fps@~7.3mbps). 13:19 < Apachez> catphish: https://i.imgur.com/removed.png 13:20 < mnemon> but there's a big difference between your average CCTV encoders and half a mil ASIC/FPGA encoder/transcoder :) 13:21 <+catphish> mnemon: probably 13:21 <+catphish> of course, if you aren't doing realtime you can use use a cluster 13:21 < mnemon> yeah 13:22 < mnemon> and just take your time encoding 5 hours for every 1 hour of video or whatever 13:23 <+catphish> yeah 13:31 < mnemon> there has been a lot of progress with the (near-)realtime encoding in last couple of years so you can get even 4k h265 streams down to something like 18mbps. 14:46 < strixdio> hm, anyone here good with POTS? 14:46 <+pppingme> just ask your question 14:46 < strixdio> is there a difference between "telco" and "demarc"? 14:46 < strixdio> as far as written on a POTS punch block 14:51 < linux_probe> same difference as far as they're concerned 14:53 <+pppingme> really just different views of the same thing in this context.. dmarc is very simply the point where responsibility goes from them to you.. telco is just marking their side of the dmarc 14:53 < SoniEx2> does LTE count as networking? 14:53 < mAniAk-_-> not really 14:54 < regdude> lol 14:58 < SoniEx2> does LTE protocol count as networking? 14:59 < Apachez> telco <-> demarc <-> customer 15:01 < linux_probe> much of the "telco" demarc boxes junk around here have two side, one side "customer access, the other says "telco access" 15:02 < linux_probe> lol.. https://en.wikipedia.org/wiki/Demarcation_point#/media/File:Network_interface_device_ameritech.jpg 15:02 < Aeso> SoniEx2, if you're designing or implementing some part of the LTE stack, absolutely 15:02 < Aeso> if you're a customer using LTE, absolutely not :P 15:03 < SoniEx2> okay 15:03 < Aeso> if I had a dollar for every resume I saw with MPLS experience listed... 15:03 < SoniEx2> how do I send/encode a cell change order 15:04 <+catphish> SoniEx2: does it matter what counts as networking? 15:04 < regdude> should be possible with AT commands 15:05 < SoniEx2> (sadly this thing doesn't use asn.1 so I need to do everything by hand) 15:05 * catphish knows nothing about LTE :( i meant to build myself a cell base station but never had the time :( 15:06 <+catphish> i'm never sure if i should try to build a GSM base station, or skip straight to LTE 15:06 <+catphish> both seem complicated though 15:18 < SoniEx2> anyone? 15:20 < mschorm> Hi guys 15:22 < mschorm> I've got 2 Linux computers (Fedora). One of them will be in a LAN, getting dynamic IP after each reboot. The second will ocasionally connect to the same LAN and want to find the device without knowing its current IP. 15:23 < mschorm> The network isn't administrated by me, so I can't do any changes to it. 15:23 < mschorm> Is there any good way for the devices to find each other fast & quick each time they connect to the network? 15:24 <+pppingme> mschorm is there any kind of dynamic dns on the lan, or does dhcp update dns? 15:24 < mschorm> how can I check it? 15:24 < regdude> ARP table? 15:34 < ij> Why could a mDNS avahi record be cached? I tried to restart nscd and avahi-daemon. 15:41 < ij> Ah, no it was just ssh multiplexer's fault. God damn it. :D 15:41 < ij> For three days it hadn't occurred to me. 15:47 < linux_probe> lol 15:48 < mast> My server is somehow already out for delivery 15:50 < compdoc> i could wait for it if you like 15:51 < mast> I was thinking of taking a nap so that might be nice 15:52 < mast> I wish they gave you the GPS for the delivery truck 15:52 < mast> Like I get why they don't but I wish they did 16:24 < SoniEx2> idk what I'm doing, but it doesn't seem to be working 16:25 < Roq> Maybe the two are related 16:25 < SoniEx2> you think 16:25 < Roq> Whats up? 16:26 < ||cw> what's a cell change order 16:35 < Evan1929838483> Hi 16:36 < mast> high 16:39 < SoniEx2> ||cw: LTE thing 16:43 < ||cw> SoniEx2: it sounds like something you have to be an operator to use, so IDK why you'd ask here 17:01 < electricmilk> Anyone know if some providers don't allow the @ symbol for domain MX records under hostname? If I remember correctly Dreamhost doesn't allow...do I just leave that field blank? 17:06 < petemc> electricmilk: ? 17:07 < electricmilk> petemc, Some DNS management systems allow the @ symbol for the field and if I remember correctly this is the case for dreamhost. 17:07 < electricmilk> Was just trying to confirm 17:07 < electricmilk> Pretty sure from Google searches I'll just leave blank. Sadly, someone else manages our domain and want to have clear instructions for him. 17:08 < petemc> you mean bind's origin? 17:10 < electricmilk> petemc, I have no clue. I need to learn more about DNS..but migrating to O365 this afternoon 17:10 < petemc> http://www.zytrax.com/books/dns/apa/origin.html 17:11 < electricmilk> Type: MX Priority: 0 Hostname: @ Points o address or value: foobar-org.mail.protection.outlook.com TTY: 1 Hour 17:11 < electricmilk> Thats an example of one of the entries 17:12 < realhuman33> Hello. I'm trying to add a port forwarding rule in my router, but not having much luck. My machine is .196 and I've followed this guide: https://www.balticnetworkstraining.com/mikrotik-port-forwarding/ 17:13 < realhuman33> Here's my /export: https://paste.debian.net/1024274/ 17:15 < electricmilk> realhuman33, First can you access the service locally from another machine on the network? 17:16 < veek> when you are transmitting pppoEoA ethernet is 1500 byte payload and ppp has a 8 byte hdr so 1492 byte should be the PPP MTU with ATM/DSL seeing 1500 bytes (ethernet frame) - therefore since atm has 48 byte cells, it's 1500/48? why then is this guy getting a 1518byte ethernet frame?? 17:17 < electricmilk> ugh PPP and ATM 17:17 < veek> oh nm .. ethernet hdr is also carried 17:19 < realhuman33> electricmilk: yeah, just tried it now, accessing my .196 from another internal PC works fine 17:20 < electricmilk> realhuman33, Have you ruled out human error as well? 100% certain you entered the correct IP address and port? 17:20 < electricmilk> realhuman33, I notice a lot of the time this is the issue with port-forwarding errors 17:20 < electricmilk> I've never setup port-forwarding with Microtik so that's all I can offer I'm afraid 17:22 < realhuman33> electricmilk: yeah, just confirmed and all the numbers are the same, none of the dots are commas, etc 17:22 < electricmilk> I once had a device with the wrong default gateway but was in the same subnet. This allowed me to access it locally but wouldn't forward the port 17:23 < electricmilk> Correct default gateway on the device? 17:23 < electricmilk> (On the host you are setting up the port forward for) 17:25 < Apachez> electricmilk: 1518 or 1522 is when using 802.1q ? 17:25 < Apachez> a regular ethernet frame is 1518 17:25 < Apachez> 1522 with 802.1Q tagging (vlan) 17:26 < regdude> realhuman33: are you checking if port is forwarded by accessing the device using a public IP? 17:27 < realhuman33> electricmilk: just checked the routes and I'm not 100% sure what I'm looking at: https://u.teknik.io/qKrAr.PNG 17:27 < realhuman33> regdude: yep 17:27 < regdude> Hairpin NAT 17:28 < pekster> Using DNS to do the right thing (return RFC1918 addressing) is often a better fix compared to hairpin-NAT; hairpin causes the destination to no longer have access to the sender and is otherwise unnecessary 17:29 < pekster> ie: split-horizon DNS based on where the query comes in. Externally you use the public IP with NAT if you don't have enough IPv4 addressing, but internally you presumably have direct control of both DNS and inter-subnet routing 17:30 < regdude> realhuman33: you also have the same forward rule twice for established traffic. It seems you have disabled firewall for forward chain either way, so that is not very good, but add a Hairpin NAT rule first and make sure the port is working properly, then you can improve the firewall 17:30 < regdude> realhuman33: and update your router!!!!! 17:33 < realhuman33> regdude: So I'm adding the 3 rules in here? https://wiki.mikrotik.com/wiki/Hairpin_NAT 17:33 < realhuman33> And s/WAN/pppoe-out1 or does it need to be WAN 17:35 < regdude> MPLS 17:35 < regdude> sry, realhuman33: only the last rule at the bottom of the page, you already have those first 2 17:41 < merc88> My ISP provides me with 200 mbps 17:42 < merc88> But when I remove the cable from router and attach it directly to my pc 17:42 < merc88> and configure a PPPoE connection 17:42 < merc88> the speed is somehow below 100 mbps always 17:42 < merc88> But on router I get about 144 mbps 17:42 < merc88> why is this happening? 17:43 < realhuman33> regdude: thanks, will give it a go 17:44 < Apachez> We are sooo fucked: https://www.youtube.com/watch?v=vjSohj-Iclc https://www.youtube.com/watch?v=Ve9kWX_KXus boston dynamics in progress again... 17:45 < merc88> Please help me with my issue 17:46 < E1ephant> merc88: how and what are you testing too? 17:46 < merc88> Meaning? 17:47 < regdude> most probably running speedtest.net 17:47 < E1ephant> it's a question 17:47 < E1ephant> like what is your internet protocol destination address 17:47 < E1ephant> and the path it takes to get there 17:48 < E1ephant> what tools are you using to dervice throughput numbers 17:56 < merc88> Is it normal for a 200 mbps connection to have 144 mbps on a speedtest? 17:56 < E1ephant> "it depends." 17:56 < merc88> on? 17:56 < merc88> I never reach speeds above 144 17:56 < eahm> only under a vpn. 17:56 < eahm> router you have? 17:56 < merc88> yes 17:56 < eahm> which one lol 17:56 < merc88> TP-Link Archer c1200 17:57 < merc88> eahm: What I fail to understand is that 17:57 < electricmilk> Ugh staff is freaking out for me blocking games and wants access to king.com. Whats best way to look up a sites reputation? I usually just use virustotal.com and noticed King has a bad community score. 17:57 < eahm> usa? 17:57 < merc88> When the modem is plugged in to my router 17:57 < eahm> cable internet? 17:57 < merc88> I get 144 mbps over wifi 17:57 < eahm> wait, you should test with a cable though 17:57 < E1ephant> electricmilk: lol pick your battles, but I think that sounds pretty close to the get stuff caategory :) 17:57 < merc88> when I directly attach the modem to my pc and make a PPPoE connnection 17:57 < eahm> test with a cable straight from the modem 17:57 < E1ephant> get stuffed even 17:57 < merc88> it is always below 100 mbps 17:58 < merc88> eahm: That is the problem 17:58 < E1ephant> do you have a 100mbps interface in your PC? 17:58 < eahm> straight from the modem you get 200? 17:58 < E1ephant> (is it only negotiating to 100mbit?) 17:58 < E1ephant> they say they get less direct to the modem 17:58 < merc88> E1ephant: yes 17:59 < electricmilk> E1ephant, haha yea. This is a damn business. Surprised they have enough balls to request. 17:59 < merc88> my laptop is HP Probook 440 G2 18:00 < eahm> oh ok well, thats why i said only under a vpn ...assuming everything else is in place but you dont even have a gigabit nic and youre testing with wifi too 18:00 < strixdio> i need to whitelist 3 domains, and redirect all others to a custom page. pihole, or just a linux dns server? i dont need any extra features, but it needs to be "easy" to manage. 18:00 < merc88> eahm: I don’t follow 18:00 < strixdio> any thoughts? :) 18:01 < regdude> strixdio: you could look for a transparent proxy, but haven't done that on x86 machine 18:02 < strixdio> transparent proxy work with https? and no certs needed? 18:03 < strixdio> it doesnt need to be hack proof, idc if people go to sites by ip, it just needs to deter the majority of people 18:03 < merc88> eahm: What to do now 18:04 < eahm> not sure, your laptop has gbit nic though 18:04 < eahm> it only connects at 100mbps you said? 18:04 < merc88> yes man 18:05 < merc88> even my mac 18:05 < merc88> Same story 18:05 < merc88> less than 100 mbp 18:05 < merc88> mbps* 18:05 < regdude> strixdio: some do work with HTTPS, but again, haven't did that on x86 with linux. Another option is to force everyone to use the same DNS server that you control. The last option is to rewrite IP for all IP addresses using Firewall 18:05 < merc88> But the router gives 144 mbps 18:05 < merc88> So strange 18:06 < eahm> say everything from the begin, i just came in 18:06 < eahm> cable modem? 18:06 < merc88> wait 18:06 < merc88> copy pasting 18:06 < merc88> My ISP provides me with 200 mbps 18:06 < merc88> But when I remove the cable from router and attach it directly to my pc or mac 18:06 < eahm> which isp[ 18:06 < merc88> and configure a PPPoE connection 18:06 < merc88> the speed is somehow below 100 mbps always 18:06 < merc88> But on router I get about 144 mbps 18:07 < merc88> It is a local one where I live 18:07 < eahm> how do you know the router gives 144 18:07 < eahm> dsl router with integrated modem i imagine since you said pppoe 18:07 < eahm> correct? 18:08 < merc88> I don’t know 18:08 < merc88> there is cat5e cable 18:08 < merc88> which comes from the modem 18:08 < merc88> and is connected into the internet port in the router 18:08 < eahm> the modem is another box? 18:08 < merc88> yes 18:08 < merc88> modem is a different box 18:08 < eahm> so ITS NOT integrated in the router, do you get what im saying? 18:09 < merc88> yes got it 18:09 < merc88> My bad 18:09 < merc88> not integrated 18:09 < eahm> they gave you that modem? 18:10 < merc88> Nope 18:10 < eahm> which modem? 18:10 < merc88> I live in an apartment 18:10 < merc88> Yes 18:10 < merc88> sorry 18:10 < merc88> they gave it 18:10 < merc88> Actually 18:10 < merc88> this is the setup 18:10 < eahm> ok 18:10 < merc88> I am in an apartment 18:10 < eahm> did they give it to you when you already had 200mbps? 18:10 < merc88> I live on the 1st floor 18:10 < merc88> The modem is installed on 11th floor 18:11 < merc88> There is cable cat 5e running down to 1st floor 18:11 < merc88> which is the cable I am referring to 18:12 < Eded123> hi, there is a website.com, on it there is an element sitecdn.com/image.jpg, I need to somehow redirect the request in browser(or firewall?) so when webiste.com is loaded, sitecdn is actually resolved as my own ip or localhost and the image is loaded from my server instead? how do I do this? I tried hosts file, but its still resolved with dns (I am on windows 8) 18:13 < eahm> merc88: that last question 18:13 < merc88> Umm 18:13 < merc88> They came to my house 18:13 < merc88> and said 18:13 < merc88> this is the wire from the modem 18:13 < merc88> if it makes sense lol 18:13 < eahm> lol i dont care 18:13 < merc88> and attached that to the router 18:13 < eahm> WHEN? 18:13 < eahm> after you had 200mbps? 18:14 < eahm> you always had 200mbps? 18:14 < merc88> No 18:14 < merc88> at the time of installation 18:14 < merc88> I had nothing thenn 18:14 < merc88> never no 18:14 < merc88> I just recently paid for the broadband 18:14 < eahm> ok you said the router gets 144mbps, how do you know that? 18:14 < eahm> is there an integrated speed test in the router admin page? 18:15 < merc88> speedtest.net 18:15 < merc88> my router is tp link archer c1200 18:15 < eahm> youre not following at all, i want to know step by step 18:15 < eahm> or this is not gonna work 18:15 < eahm> how did you test 144mbps, how did you get that 18:16 < merc88> The cable was attached to my router 18:16 < merc88> after they set up the modem 18:16 < merc88> on the 11th floor 18:16 < merc88> then 18:16 < merc88> I connected to the wifi created by my router 18:16 < merc88> opened speedtest.net 18:16 < merc88> then boom 144 mbps 18:17 < eahm> so how do you get 100 now, its not the same wifi when you used to get 144? 18:17 < eahm> also you cant speed test on wifi 18:17 < merc88> yes 18:17 < merc88> here is where the problem comes in 18:17 < merc88> My speed is always near to 140 mbps on wifi 18:17 < merc88> but 18:18 < merc88> when I remove that cable which is feeding internet into my router 18:18 < merc88> and attach to a windows or a mac (tried both) 18:18 < merc88> the speed never goes above 100 mbps 18:18 < merc88> stays at about 94 mbps 18:18 < Apachez> thats because your wifi is linkspeed 800mbps or whatever and your cable is linkspeed 100mbps 18:18 < Apachez> so you get 140mbps out of 800 over wifi and 100 out of 100 over cable 18:19 < merc88> both my mac (2017 13 inch) and windows (hp probook 440 g2) have gigabit ethernet ports 18:19 < Apachez> get some 1g nic's and verify you have a cable able to push 1gbps and you will get 1Gbps in the test between the boxes 18:19 < eahm> yes thats for sure the cable 18:19 < merc88> it is a cable issue? 18:19 < Apachez> bad cable and/or bad connectors at one or both ends 18:19 < eahm> 144 may also be ok since you seem to use a smaller provider, they say 200 but they wont guarantee it 18:19 < Apachez> get a short cable and connect straight between the boxes 18:19 < eahm> and use testmy.net not speedtest.net 18:20 < Apachez> ethtool or similar to verify what speed the link up at 18:20 < Apachez> www.bredbandskollane.se 18:20 < Apachez> www.bredbandskollen.se 18:20 < Apachez> fast.com 18:21 < Apachez> fast is mainly download but still 18:21 < eahm> testmy.net uses a different system, its one of the most precise 18:21 < merc88> Apachez: between the boxes as in the pc and the modem right? 18:21 < merc88> testing on testmy.net 18:24 < ScriptGeek> are there any alternatives to the alfa R36 wifi extender for the alfa awus036nh? 18:25 < E1ephant> if the alfa isn't cutting it, then you want to avoid extenders 18:25 < E1ephant> and get an AP, run line. 18:25 < merc88> lol 18:25 < merc88> testmy.net gave me 19 mbps download speed 18:25 < E1ephant> alfa is good stuff 18:27 < ScriptGeek> E1ephant, I have the awus036nh, but not the r36. I'm curious about running something like an AP off the awus036nh, but not sure if the r36 is what I should get 18:28 < eahm> merc88: that may be the server automatically picked etc. but lets say the others tell you more what you want to see other than giving you accurate speed test 18:28 < E1ephant> hmmmmm, I am not familiar with the device, but appears somewhat suitable? 18:28 < E1ephant> hell yes https://www.amazon.com/Antenna-18dBi-ALFA-Super-Booster/dp/B01G6E6NCM/ref=pd_sbs_23_5?_encoding=UTF8&pd_rd_i=B01G6E6NCM&pd_rd_r=15HCHFEK2JC8TGNQF89N&pd_rd_w=HZWsG&pd_rd_wg=d2MKq&psc=1&refRID=15HCHFEK2JC8TGNQF89N 18:30 < SoniEx2> idk if I'm sending the CCO correctly 18:30 < ScriptGeek> E1ephant, That's the adapter I have. I ended up getting a panel antenna from Simple Wifi and it works way better than the omni antennas I have 18:30 < merc88> eahm: 18:30 < merc88> What to do now? 18:30 < eahm> first thing, try a different cable 18:31 < eahm> ask your isp to check the connection and see if you can get 200 18:31 < eahm> because i dont believe they give you 200 at all 18:31 < Apachez> merc88: box1 <-> cable <-> box2, now test and verify speed between box1 and 2 18:31 < Apachez> if thats 1Gbps 18:32 < Apachez> now switch to that long cable 18:32 < Apachez> if the link now becomes 100Mbps then its a bad cable 18:32 < Apachez> if the link is 1Gbps but you now went from 1Gbps throughput to 100Mbps throughput then check the interface counters, most likely a bad cable again (bad cable = bad cable and/or connector(s)) 18:33 < ScriptGeek> It's strange to me that the RSSI is lower on my panel antenna than my omni antenna, but I can actually get a connection with the panel 18:34 < ScriptGeek> Or maybe my observation is flawed and I have bad data 18:34 < E1ephant> ah rockin 18:34 < E1ephant> hmmm is SNR better? 18:35 < E1ephant> maybe you pick up less noise 18:35 < E1ephant> what kinda rssi to begin with? 18:35 < merc88> Apachez: ok 18:36 < ScriptGeek> I was getting about 63-65 RSSI with the omni and it was unable to connect. With the panel the RSSI was 71-73 and I had a solid 3Mbps down and 5Mbps up 18:37 < E1ephant> hehehe dang yeah 73 is really close to shit 18:37 < E1ephant> but yeah maybe a lot less noise? 18:37 < E1ephant> idk 18:37 < E1ephant> killing everyone elses datarates lol :P 18:39 < E1ephant> are you in a pretty noisy envirnment? 18:39 < ScriptGeek> not sure, maybe the panel helps filter out interference for me and the awus036nh hinders everyone else 18:40 < ScriptGeek> I did notice I pick up about 50 more networks with the panel attached, so I suspect it's noisy 18:43 < ScriptGeek> This is the panel I have: https://www.amazon.com/Simple-WiFi-P2415T-Antenna-Tripod/dp/B018E1HBGW 18:46 < ishan_> Hello folks, I have a question related to UDP and Captive portals. I have a 5ghz wifi AP in my dorm that uses a captive portal. To access internet, I have to login using my Phone number, Each phone number gives 1gb data. Few weeks ago, I had a torrent client running in background, I wasn't logged in to the portal but the torrent was still downloading! I found it interesting and noticed that all the peers that I was connected to were using UDP. 18:47 < ishan_> Then I checked a "channels" feaure in that torrent client which can also use UDP and it was also working just fine. I was able to talk to some other people in some channels. 18:47 < ishan_> This made me believe that the people who built the network forgot to block UDP and that's why I can access the internet. 18:48 < kottt> that's interesting. In order to get a captive portal you have to be assigned an IP address, but typically it would be a network that doesn't have outside connectivity 18:48 < kottt> it might only hijack port 80/443 traffic or something. 18:48 < ishan_> Then after a few days, I used netcat to start a UDP server on one of my VPS and then tried to send messages from my machine to that VPS but that didn't work! 18:49 < ishan_> So, I figured maybe only uTP works without login, So, I setup a uTP server and tried to talk to it but I couldn't! It just kept timing out. 18:49 < ishan_> Now I don't understand why is it that torrent client can talk to it but I can't? 18:50 < tds> is it possible their captive portal only modifies dns responses, but doesn't actually change routing/filtering at all? 18:50 < tds> if you had an already cached list of peers for the torrent, that could keep downloading while other applications would get the captive portal's IP as the result of any dns lookups 18:50 < ishan_> tds: No, If I am not logged in and do a DNS lookup, It reports correct IP addresses. 18:51 < kottt> welllll... without knowing how their captive portal works, it's hard to guess.... torrent protocol is kind of just insanely good at circumventing network restrictions 18:51 < tds> oh, that's interesting, are they just redirecting any http connections to their captive portal then? 18:51 < ishan_> tds: The Torrent client is able to talk to UDP Trackers too! 18:51 < SoniEx2> maybe you get a public address? 18:52 < ishan_> tds: Yes, That's correct. They hijack http connections and redirect it to their login page. HTTPS page report a secure connection failed error. 18:52 < SoniEx2> that doesn't sound right 18:52 < ishan_> SoniEx2: No, They only assign a class A private ip addresses to all devices. 18:54 < SoniEx2> what ports are you using? 18:55 < ishan_> I tried couple of different ports like 22, 23, 24, 4000, 5000, 6000, 7000, 40000, 50000, 51000 18:55 < SoniEx2> does OpenVPN UDP work? 18:55 < ishan_> SoniEx2: No it also fails to connect to the server. 18:56 < tds> ishan_: if you run something like mtr -bzTP 80 google.com, do you see that hitting an actual public IP for google, but a very short number of hops away? 18:58 < ishan_> tds: I am not sure what mtr does. "dig A google.com" reports 172.217.166.174 and "mtr -bzTP 80 google.com" reports final hop(at number 4) "bom07s16-in-f14.1e100.net (172.217.160.206)" 18:59 < ishan_> ohh. 18:59 < ishan_> it's just traceroute.. 18:59 < tds> ishan_: it just performs a traceroute (but with tcp syn packets with destination port 80, so I'd expect their captive portal to capture those) 19:00 < ishan_> let me logout and try again.. I'll rejoin this channel after performing the test. 19:00 < tds> if possible, save a copy of the hops in between, since that's the interesting bit :) 19:05 < UncleDrax> ya if it's a Captive portal that doesn't block UDP, that's sorta a crappy captive portal.. unless it's an intentional limitation to prevent support calls about torrents and gaming devices, etc. 19:06 < UncleDrax> anyone here by chance have/use a WifiMETRIX handheld? Curious if you can tether it to a lappy to have it act as a spectrum tool for heatmapping, or if it's _only_ a handheld 19:06 < UncleDrax> I mean, I grabbed 2 anyway, really just curious if I need another device for heatmapping 19:07 < king_button> What does it mean when people say that the UDP checksum is required in IPv6? 19:07 < merc88> Apachez: There> 19:07 < merc88> ? 19:07 < king_button> Why would IPv6 have anything to say about UDP? 19:08 < E1ephant> who are these people? 19:08 < E1ephant> would be cool to learn about 19:08 < UncleDrax> part of RFC2460> Unlike IPv4, when UDP packets are originated by an IPv6 node, 19:08 < UncleDrax> the UDP checksum is not optional. 19:08 < ishan_> tds: I performed traceroute when I was logged in to the portal(This is the result, https://hastebin.com/kuxiqusuyu.css). The trace route results in timeout on all 30 hops and exits when I am not logged in. 19:09 < E1ephant> oh so its that simple 19:09 < ishan_> Also, The Ping section in mtr UI results a 95-100 ping to google.com which is about what I get(using ping) when I am logged in. 19:09 < UncleDrax> king_button: I'd presume, and hope, that there was a good reason they added that requirement in IPv6. 19:09 < ishan_> Is this channel's messages logged somewhere? 19:09 < UncleDrax> No, i do not know what it is or could be. 19:10 < UncleDrax> ishan_: i'm not aware of any offical log, but there's nothign to stop anyone from archiving it 19:11 < ishan_> I guess it would be cool to add logbot to archive this channel. 19:11 < skyroveRR> ishan_: don't log without the permission of the ops.. 19:12 < ishan_> yes, I will not log it without ops permission. 19:12 < skyroveRR> ishan_: reliance jio se connect kar rahe kya bhai? 19:12 < ishan_> I am asking them to add logbot to this channel. 19:12 < ishan_> haan 19:12 < UncleDrax> and don't add bots without the same (since many people think chatty bots are 'Nifty' but in reality they annoy any moderately busy channel) 19:12 < skyroveRR> * rahe ho 19:13 < skyroveRR> ishan_: .... hmm... it should be connecting to freenode's IPv6.... 19:13 < ishan_> skyroveRR: I asked a question related to jionet hotspots moments ago.. Do you use those wifi hotspots? 19:13 < skyroveRR> ishan_: I do. 19:13 < ishan_> skyroveRR: No, Jionet hotspot only assigns a private IPv4 address.. 19:13 < skyroveRR> "jionet"? 19:13 < skyroveRR> I use jiofi. 19:14 < ishan_> And JioPrivateNet only assigns a IPv6 address.. 19:14 < ishan_> skyroveRR: Yeah, I am talking about the public wifi hotspots they have placed in colleges and other public locations.. 19:14 < skyroveRR> Oh 19:15 < skyroveRR> Heh, I don't use that. 19:15 < skyroveRR> But I'd guess the functionality/connectivity would be the same. 19:16 < ishan_> skyroveRR: My college Wifi network is terrible and Jionet is just 1 Gb * (number of phone numbers you can collect) amount of free 100mbps connection.. 19:16 < merc88_> eahm: went to the 11th floow 19:16 < merc88> And used a differenct cable to connect my laptop to the modem 19:17 < merc88> Got a speed of about 140 mbps again 19:17 < merc88> ISP issue? 19:17 < ishan_> skyroveRR: Sort of.. Both Wifi networks and Jiofi are very different.. 19:17 < skyroveRR> ishan_: yeah, it's shitty, unless you can somehow control the hotspot and gain access to its LTE band management. 19:17 < ishan_> Damm, This channel is so active! How did I not find this earlier.. 19:20 < Dagger2> UncleDrax: v6 doesn't have a checksum in the IP packet header, because it would be redundant with the checksum in TCP/UDP/etc 19:20 < Dagger2> which means UDP can't just rely on the checksum in the IP packet header and has to provide its own 19:22 < UncleDrax> Dagger: I just spit out the RFC2460 text man. which to me doesn't imply anythign other then 'UDP must have a checksum'.. not that it's part of the L3 header 19:23 < UncleDrax> that said, I haven't mucked at the packet layer for v6 much, so entirely possible a later RFC revoked that requirement or something.. I got no idea 19:23 < Dagger> UncleDrax: it must have a checksum... and in v6 the checksum can't be in the L3 header, so it has to be in the UDP header 19:24 < UncleDrax> I agree. 19:25 < UncleDrax> I didn't think (or mean) to imply the L3 header had the L4 checksum 19:26 < E1ephant> I guess I don't understand why still not make it optional 19:26 < E1ephant> for something like voice, maybe you don't care if you tx garbage audio 19:26 < E1ephant> but yeah not so motivated to go dig through ietf working group threads 19:26 < Dagger> I mean, this is why the requirement was added in v6... or technically I guess it's not a v6 requirement but a UDP requirement driven by v6's design 19:27 < E1ephant> I should just do it 19:27 < E1ephant> right I'm saying there may be use case where getting garbage is fine? 19:27 < E1ephant> or you don't care rather 19:30 < Dagger> best answer I have there is that UDP is simply not the protocol you want in that case 19:31 < ScriptGeek> I like garbage, it's good with ketchup 19:32 < E1ephant> yeah I suspect ietf doesn't want to let people be stupid, because they will. 19:32 < electricmilk> After I switch to office 365 today should I switch our main internet IP to another address in our block? We were using our main IP for mail.foobar.org..I figure it might cut down on relentless port scans 19:32 < E1ephant> and they're probably right 19:33 < Dagger> in most cases you're probably still better off rejecting corrupted packets. the receiving code will be well-tested against missing packets, but you know what C programmers are like about writing code that doesn't break when fed random data 19:34 < electricmilk> Also, what's it called with NAT when you share multiple external IP's in a block? Is it totally pointless to do this with a network of like 30 users? My thinking is I have the addresses...why not use them. 19:35 < electricmilk> Ah its a NAT Pool right? 19:35 < Dagger> (I mean everybody's bad in any language, but C is in that nasty spot where it's hard to get right *and* it can go spectacularly wrong) 19:35 < E1ephant> yeah absolutely 19:35 < E1ephant> I would say at that level you don't even have to be doing stupid stuff 19:36 < E1ephant> it's easy to fall into traps with memory mgmt 19:38 < atsu> electricmilk, Carrier Grade NAT (CGN) or NAT444 19:39 < electricmilk> atsu, Do you recommend using with such a small network? I highly doubt we are anywhere even close to using all 65535 ports 19:39 < electricmilk> Probably only 12 devices MAX at a time being used 19:40 < atsu> Single IP is plenty for 30 users, but can't hurt to manually split them up so they don't hit problems with IP blocks 19:40 < atsu> Some services like PSN and Craigslist love to do blocks 19:42 < electricmilk> I almost feel guilty having 3 blocks of /28 19:42 < electricmilk> And using one address per block 19:44 < E1ephant> why? 19:45 < atsu> Because of IPv4 exhaustion I'm guessing 19:45 < E1ephant> I mean it's gone already 19:45 < E1ephant> 3 /28s isn't gonna save the pool 19:45 < E1ephant> 3 /8s isn't going to save the pool 19:47 < atsu> I'd kill for 3 more /28s and I've got multiple large blocks. Things are getting tight for those of us not grandfathered in with really huge blocks 19:48 < E1ephant> so ipv6? 19:48 < Dagger> people are happy to commit murder for more v4, but deploy v6? pff 19:48 < E1ephant> anything less than /24 isn't even useful for BGP 19:48 < atsu> More stuff needs to support it. I mean, PS4 still doesn't even 19:48 < E1ephant> lol right? 19:49 < atsu> so people still cry, even with v6 19:49 < electricmilk> I thought v6 is a shit storm for most networks though 19:49 < E1ephant> lol sony must be in the past 19:49 < qman__> v6 works fine, the problem is lack of adoption 19:49 < E1ephant> surprising that they have no support yet 19:49 < Dagger> doing v6 won't get you completely away from v4 immediately, but it's the only way to get away from it, so what choice do you have? 19:50 < atsu> qman__, exactly 19:50 < qman__> If you're v6 only you're missing the majority of the internet 19:50 < E1ephant> they can sit in pools of NAT, as second class citizens 19:50 < electricmilk> lol 19:50 < E1ephant> I mean I wouldn't say majority 19:50 < E1ephant> by bit volume especially 19:50 < Dagger> electricmilk: it's really not. there's just a bunch of network admins that are scared of the unknown 19:50 < E1ephant> given 60%+ is netflix/facebook/google 19:51 < E1ephant> all v6 enabled 19:51 < Dagger> except it isn't really unknown, because v6 is mostly just v4 with longer addresses. they already have a good idea of how it works from knowing how v4 works 19:51 < electricmilk> Don't a lot of people use NAT as a sort of firewall? 19:51 < E1ephant> yeah and suddenly you have an abundance of IP space so you can address properly 19:51 < Dagger> (or maybe that's the problem -- that a lot of our network admins just have no idea how v4 works in the first place, so of course they don't get v6 either) 19:51 < E1ephant> and all these lame issues NAT brought on go away 19:52 < grawity> electricmilk: nearly all of them have a stateful firewall anyway though, don't they? 19:52 < Dagger> electricmilk: hopefully not, because it doesn't work as a firewall. people use it because they don't have enough v4 addresses, and they don't want to use proxies to talk to the internet 19:52 < qman__> Dagger: precisely 19:52 < grawity> I mean, chain input { ct state established accept; reject; } isn't that hard 19:53 < revoltingPeasant> I'm working with server software that's running in a virtual machine. the software was configured by a third party and requires a static ip. This is fine in work on a 10.0.0.1 network but when 19:54 < revoltingPeasant> woops -- more to follow 19:54 < qman__> There are other problems with v6, like lack of dhcpv6 support, and the fact that several.standards are just bowing massive address spaces on nothing, but none of that matters much today as much as just general adoption 19:55 < Aeso> v6 is permanently in a chicken vs egg situation 19:55 < E1ephant> I mean you can either move forward with technology 19:55 < electricmilk> Dagger, But I mean it does keep rfc1918 addresses services from the public internet 19:55 < E1ephant> or remain in the past 19:55 < atsu> Exhaustion is going to keep getting worse, so hands are going to be forced 19:55 < revoltingPeasant> when I'm at home my network is 192.168.1.1 network so the vm's bridged connection doesn't work, is there some way I can route the packets from my host to the vm without changing the vm's ip? 19:55 < grawity> electricmilk: but not necessarily from your direct neighbours 19:56 < Dagger> electricmilk: no it doesn't 19:56 < qman__> Until we get to the point where you can do 95%+ of everything ob v6 only, it's going to be a struggle 19:56 < grawity> revoltingPeasant: instead of bridged, put it in a host-only network 19:56 < E1ephant> it's easy to vote with your dollar today to get v6 19:56 < E1ephant> so your business is 95% 19:56 < electricmilk> Dagger, But if I have a host with address 192.168.1.51 running port 8080...On the outside how would someone access it with NAT enabled? 19:57 < revoltingPeasant> grawity: thanks I'll give it a shot. I'll most likely be back 19:57 < electricmilk> ISP's should lower costs to customers that use v6 19:57 < Aeso> electricmilk, dstnat rules on the NAT device 19:57 < Dagger> electricmilk: they'd send a packet to your router with the dest IP set to 192.168.1.51 and the dest port set to 8080 19:57 < atsu> revoltingPeasant, If I'm understanding you correctly, you can add a 10.0.0.x IP as a second address. Windows supports having multiple IPs on the same NIC 19:57 < qman__> I have no choice in ISP, if that's what you're suggesting 19:57 < atsu> If you only need it from one host 19:57 < electricmilk> Dagger, ah I see 19:57 < qman__> Neither does most of the US geographically speaking 19:57 < E1ephant> there are tunnels to supplement 19:57 < grawity> atsu: it does, if you're not using DHCP 19:58 < compdoc> over the last couple years Ive tried enabling v6, had problems so I disable it and tried again later. Could never get it right, I guess. But a couple months ago I enabled it, and now cant tell its there. which is how it should be 19:58 < Dagger> the only thing NAT does is rewrite the apparent source address on outbound connections. it doesn't pick and choose which connections are allowed 19:58 < E1ephant> and you can get it from plenty of US ISPs, and most mobile providers. 19:58 < E1ephant> mobile traffic being a leading sector 19:59 < SoniEx2> try to pass laws banning v4 19:59 < Dagger> if anything, the point of NAT is to make it possible to make certain connections when they otherwise wouldn't be, so it makes you *less* secure than not having it 19:59 < electricmilk> Dagger, Is it possible with a tool like nmap to send packets to router to every potential destination IP RFC1918. That way they could discover services within the private address space? 20:00 < electricmilk> and are there a lot of networks out there that only have NAT and no firewall? 20:00 < Dagger> that's just normal nmap 20:00 < E1ephant> electricmilk: your provider should be blocking/filtering any rfc1918 over the DFZ 20:01 < E1ephant> that is why it isn't just internet routable itself 20:01 < atsu> electricmilk, You can't send packets to the RFC 1918 addresses inside a NAT unless you're on that network or on the same layer 2 as the WAN 20:01 < E1ephant> I mean you can if someone is not filtering like they should 20:01 < atsu> electricmilk, That is, packets with a destination of RFC 1918 20:02 < E1ephant> if you share the same upstream ISP, for instance, and they are using said rfc1918 space, but not filtering traffic from customers. 20:02 < Dagger> I imagine most people do in fact use a firewall -- and in any case you can't get this traffic to go over the internet because it's RFC1918 and there isn't going to be a route to you 20:02 < E1ephant> it is just bits 20:03 < Dagger> but that does *not* mean that NAT is blocking any connections. if somebody does manage to send you a packet destined to the IP of one of your LAN machines then it'll make it through unless there's a firewall 20:03 < atsu> There is some risk of your neighbors doing static routes to you, if they are on the same WAN layer 2. And if your router isn't dropping packets without the "established" flag 20:03 < Dagger> as pointed out already, your ISP can do that easily, as can anybody with access to your immediate upstream network 20:04 < electricmilk> I think I get it 20:04 < Dagger> or anybody who can force or trick those people to cooperate, or anybody that can manage to get access to them without authorization... 20:04 < electricmilk> Well good thing we have firewalls 20:04 < Dagger> (who wants to bet that the physical security of most phone/cable networks is kinda terrible?) 20:05 < electricmilk> You think DPI-SSL is going to become necessary with SSL becoming more and more the norm? 20:05 < electricmilk> Everyone hates on DPI-SSL which has made me hesitant to implement 20:05 < UncleDrax> most telecom/cable peds are pretty accessible.. half the time I see them knocked over or uncovered for days just on the side of the road. 20:08 < atsu> electricmilk, SSL decrypt and re-encrypt is pretty normal in corp and education. But since you have to have a CA cert on the user device, it's a pain to implement. You have to have control of the end user devices 20:08 < atsu> I'm assuming that's what you're talking about 20:10 < SoniEx2> just use Firefox, it just asks you to install certs if you try to open them 20:10 < electricmilk> atsu, Yes it is. We offer a computer lab for the homeless that are amazingly good at getting malware. Even with content filtering, standard access (can't install exe's), and virus protection. Was thinking it would certainly help to have DPI-SSL..my main concern is setting up on mobile phones 20:11 < electricmilk> I also need to restrict Google chrome to not allow add-ons to be installed which looked like a pain in the arse. 20:11 < atsu> Yeah, filtering is pretty painful when you don't have control of end devices, in this day and age 20:11 < atsu> Everything has gone SSL 20:12 < Dagger> why is it even running Windows? I assume the main use is web browsing, which really doesn't need to be done on Windows 20:12 < electricmilk> Good point Dagger but they also need Office and you know how people are with LibreOffice 20:12 < electricmilk> ANYTHING different and they freak out 20:12 < revoltingPeasant> grawity: do I need to add a routing rule to my windows machine? I have no internet connection on the vm and it's not recieving the packets. 20:13 < electricmilk> And installing through wine if quite buggy 20:13 < grawity> revoltingPeasant: you'd need to enable IP forwarding in general on the host 20:13 < grawity> revoltingPeasant: and... either enable NAT on the host, or teach your router about where 10.0.0.0/xx is 20:13 < atsu> Maybe have different systems with Windows and most with Linux/Libre 20:14 < UncleDrax> electricmilk: tbh you should use VM desktops and nuke them regularlly 20:14 < revoltingPeasant> grawity: ok thanks again, I'll have to do a bit of reading 20:14 < grawity> revoltingPeasant: the former is probably tricky on Windows, and in general I'd prefer the latter... as long as the router isn't completely shit 20:14 < eahm> you put linux and libre together but not many distro are truly libre 20:14 < revoltingPeasant> grawity: there's a high possibility that the router is shit 20:15 < grawity> well, as long as it lets you add "static routes" 20:15 < SoniEx2> so uh how do I tell if the UE/phone is getting my messages correctly? 20:15 < electricmilk> I hate to admit this but I've stalled setting them up on a VLAN with ACL's. They aren't on the domain but yea...dumb I know 20:15 < revoltingPeasant> ok, ta 20:15 < grawity> (to 10.0.0.0/xx via 192.168.) 20:15 < atsu> Oh yeah, there's a bunch of software that will restore state after reboot on Windows. That's what Internet cafes use. I remember hearing about Deep Freeze in the past 20:16 < electricmilk> Thats pretty cool 20:16 < SoniEx2> (this is what happens when you don't use ASN.1 and decide to code every message manually) 20:16 < grawity> eahm: frankly there's no "libre" as long as rms is screwing around with glibc with his supreme dictator hat on 20:16 < electricmilk> If it keeps happening I'll consider just giving them linux 20:16 < electricmilk> I'll still need to restrict Chrome from allowing extensions 20:16 < SporkWitch> email question: if I allow a third party to send on my behalf, i just need to set up the SPF entry on my DNS records, and they set up dkim and dmarc on theirs, right? 20:17 < eahm> of course there is https://www.gnu.org/distros/free-distros.en.html#for-pc 20:17 < grawity> SporkWitch: no, both dkim and dmarc still go on your domain 20:17 < atsu> SporkWitch, Yes, they need to setup the DKIM sign but you still need to setup the DNS TXT record for it 20:18 < grawity> SporkWitch: though they *do* have to sign dkim on their own as well 20:18 < SporkWitch> well balls... using the vbulletin cloud solution, since it's cheap enough to gauge interest and they'll assist with migrating to self-hosted if i see enough interest to justify the license, but the emails originate from their mailservers >_< 20:19 < SporkWitch> any advice on the best way to track down all their entries to mirror them? they do sign them, that's part of the problem heh 20:19 < SporkWitch> instead of jsut no sig, it's seen as an invalid sig, so i'm trying to set up my records to allow them and i to both send 20:20 < SoniEx2> how do I debug LTE RRC with my phone? 20:21 < grawity> SporkWitch: what's their signature header like? 20:21 < grawity> SporkWitch: and do they generate their own dkim key? 20:24 < SporkWitch> grawity: http://termbin.com/wqte and yes, it's their own key. it's all preconfigured on their side, i need to set up my entries so they're allowed to send on my behalf (and also set up my own entries so i can still send out) 20:25 < SporkWitch> setting up my own is easy, the interesting part is trying to figure out how to let them send too, heh 20:26 < grawity> ah, so dmarc=fail because the DKIM signer domain *must* match the 'From:' domain 20:26 < SporkWitch> looking at those headers, that's why i was thinking i might only need to add an SPF entry for them; it seems to be properly validating their key, it's that they're not an authorized sender that fails it 20:27 < grawity> adkim=r will not help with this (it only permits subdomains of your own) 20:28 < SporkWitch> i think i'm actually going to try just adding spf anyway, if only to see if the fail reasons differ and how 20:43 < SporkWitch> grawity: so it looks like i was right; simply adding an include:vbulletin.net to my spf entry fixed the spf fail, and the rest is validated against their own dkim entry, i don't need to find and add that 20:44 < SporkWitch> should have just tried it in the first place, but hey, now we both learned something lol 20:47 < djph> i hate everyone. especially people who're vague at best, then whine that I understood their vagueness as "you designed a shit network, unfuck it" 20:48 < kiokoman> lol 20:49 < sudormrf> trying to figure out why this is happening on pfsense. setup ipsec vpn. can connect to it from clients just fine. clients can try to request stuff (tried 1.1.1.1) all of that traffic is being allowed by the firewall, but the client is never receiving anything back. #pfsense is dead. anyone have any sueggestions? I followed this to get it set up: https://www.thegeekpub.com/5855/pfsense-road-warrior-ipsec-config-works/ 20:50 < UncleDrax> is it explicitly and only for quad 1 ? 20:51 < SoniEx2> how do I debug my LTE implementation? 20:51 < djph> ... worst part was after half an hour of "okay fine, maybe you didn't fuck up" trying to calm this guy down, he finally shows me, and we're right back to "nope, you fucked up even worse than I thought" 20:53 < UncleDrax> nice 20:53 < UncleDrax> well not. but ya.. been there.. done that.. sucks 20:55 < djph> yep, now "whadda you know, you're just trying to squeeze me for more money" 20:56 < kiokoman> sudormrf: with an iphone? 20:56 < electricmilk> Anyone know how/when SonicWALL updates content filtering database? I see nothing related to updating...is it likely just updated with firmware? 21:00 < Project86__> 2 questions: 1) I was looking into 2fa, was suggested yubikey (which needs to be on machines and has no app), and authy (which allows online generated tokens)... I downloaded the authy app, to find that it's 2fa requires the same phone number registered to all accounts you want 2fa for. The problem with this, is I use burner numbers, or expirable email for my signups. As putting your phone number in another database 21:00 < Project86__> is kind of counterintuitive to "security". So to sum up the question, are there any good 2fa suggestions that you Don't need a phone number for? (Using android) 21:01 < Project86__> 2) I forget now... 21:02 * Project86__ the 2nd was more important. Why brain, why? 21:03 < tds> Project86__: TOTP would make a lot more sense to me than SMS based auth 21:05 < UncleDrax> phones are usually the default 2nd out of band token mechanism just because it has a wide userbase already. 21:05 < ||cw> Project86__: how do you propose you prove that the "something you have" is actually something you have and not just a copy of a clone or whatever? 21:05 < ||cw> UncleDrax: and it's also less trivial to clone as a receiving device 21:05 < Project86__> Oh, 2, I want to make my OpenVPN server online (vps) to be able to reverse VPN behind public NAT. I've found a few (very few) free vps. Most off very low bandwidth for free. I'll only mostly use it to be sending text commands to initiate scripts from one to another. How much bandwidth would you think I need? 21:06 < UncleDrax> ||cw: agreed.. it's "good enough for todays need". 21:07 < Project86__> tds: it doesn't use sms, it's an app that generates the 2fa, but to register, I need a phone number, and the same number used on all apps I wish to protect 21:07 < UncleDrax> Project86__: that would depend on the mechanism you're using and output you're returning from the scripts 21:08 < E1ephant> Project86__: |====== | this much 21:08 < detha> Project86__: length(command) * (#commands-per-second) 21:08 < UncleDrax> tbh start a packet capture of some sample remote script execution conversations.. do math. 21:08 < Project86__> E1ephant: that's alot lol 21:08 < E1ephant> yeah more than I thought it would be! :D 21:08 < UncleDrax> if you're going to try and keep it dialed down that much, you need to measure 21:09 < Project86__> ||cw: why can't I use email? 21:09 < E1ephant> include headroom a plenty I would think 21:10 < E1ephant> Project86__: they are suggesting to use an app that stores a private key, and generates a time based password off that, rather than in-band 1fa. 21:10 < E1ephant> errr 21:10 < E1ephant> 2fa even 21:10 < E1ephant> which sounds pretty reasonable 21:11 < E1ephant> I have done google 2fa with libs and from scratch, it's dead simple, and one extra db column 21:11 < Project86__> But again. I never sign up to anything with my number. And when I do, it's a voip number 21:12 < Project86__> And one of the 2fa is for github, u don't even register a number there, so I'm a bit lost 21:13 < Project86__> or does this not mean what I thought it did? https://usercontent.irccloud-cdn.com/file/Nq7BvAcP/Screenshot_20180511-141237.png 21:13 < E1ephant> I mean authy is okay 21:13 < E1ephant> what is wrong with standard totp apps? 21:13 < E1ephant> like google authenticator? 21:13 < E1ephant> you don't need a phone number at all 21:14 < Project86__> I'm new to all of this lol, never heard of totp 21:14 < sudormrf> kiokoman, iphone for now, but would be using other clients also 21:15 < sudormrf> kiokoman, iphone is easy to test with 21:15 < Project86__> And Google is a future military contractor for human hunting robots (Boston dynamics), I avoid their services wherever possible lmao 21:15 < E1ephant> I am sure they are not the only totp app out there 21:15 < Project86__> sudormrf: I'm an android user 21:16 < sudormrf> Project86__, cool. no one asked. 21:16 < E1ephant> but you're on android... 21:16 < E1ephant> >afraid of google 21:16 < E1ephant> >uses their no doubt, highly user tracking mobile OS 21:17 < Project86__> E1ephant: I jailbreak, root, and deactivate all Google services 21:17 < kiokoman> i had similar config long time ago, let me check it 21:17 < Project86__> As much as I can 21:17 < E1ephant> Project86__: so you use 5 year old technology and phones? 21:18 < E1ephant> because it's all been locked down for a while now, no? 21:19 < Project86__> Nope. I realise about the hardware I can't do anything. But you'd be able to find if u dig around deep enough in their settings. All the voice logs, travel logs..etc 21:19 < E1ephant> okay... 21:19 < E1ephant> if you say so 21:19 < E1ephant> >can audit a mobileOS 21:20 < E1ephant> >cannot audit single mobile application 21:20 < Project86__> I hate apple more. Choice is android lol 21:20 < S_SubZero> I found having an overwhelming all-encompassing fear of things on the internet really inhibited my ability to use the internet 21:20 < E1ephant> ^ 21:20 < E1ephant> be reasonable about security 21:20 < E1ephant> not unknowingly paranoid 21:20 < atsu> You're not alone 21:21 < Aeso> Now there's an interesting question: Could someone build a security-first distro from the AOSP? Does such a thing already exist? 21:21 < S_SubZero> "Google knows I like computers. Is that really a bad thing for them to know? Don't most people who just see me in Fry's safely make that assumption anyway?" 21:21 < E1ephant> if you say you avoid google services, do that, don't use them and say you're avoiding them to disquality a small, easily audited application. 21:21 < xamithan> You talk to people in stores and know who they are? 21:21 < Project86__> I'm not unknowingly paranoid, but they're the information people of the world, have whole profiles on everyone, then when they bought Boston Dynamics (and 9 other robotic companies),I was like...well shit. Skyne t is coming 21:22 < xamithan> I didn't know fry's had stores in small towns 21:22 < E1ephant> so more FUD 21:22 < E1ephant> cool well I guess I should invest in tinfoil 21:23 < Project86__> Lol 21:23 < Project86__> Anyways 21:24 < Project86__> Imma check out totp 21:24 < Project86__> Thanks for the tip man 21:24 < Project86__> Also, selling tinfoil at halfprice 21:25 < Project86__> xamithan: I don't talk to people I don't know actually. In fact, I'm one of tgose people that very rarely speak period. I'll respond if needed. But I'd rather just observe 21:27 < electricmilk> Hmm I wonder if setting up ad blocking through content filtering will cause issues 21:27 < Project86__> Aeso: isn't that what Ubuntu did with the Ubuntu phone prototype? 21:27 < E1ephant> sounds like everyone here integrates with society well 21:27 < E1ephant> hooray progress! 21:27 < E1ephant> electricmilk: pretty common afaik 21:27 < electricmilk> Pretty much everyone on Freenode as a dude with aspergers :-) 21:28 < electricmilk> *is 21:28 < E1ephant> even dudes with aspergers can go outside 21:28 < electricmilk> haha 21:28 < E1ephant> breaking out is possible, hard as it is :) 21:28 * electricmilk starts counting toothpicks 21:28 < Project86__> Lol 21:28 < UncleDrax> Google sold off Boston Dynamics.. (i'd guess it was just a patent aquisition) 21:29 < Project86__> UncleDrax: did they? When did that happen? 21:29 < SoniEx2> can I send in-band 2fa over mastodon DMs or should I use gmail instead? 21:29 < UncleDrax> > On 8 June 2017, Alphabet Inc. announced the sale of the company to Japan's SoftBank Group for an undisclosed sum. 21:29 < xamithan> What happens to all those patents google doesn't use? 21:29 < Project86__> ^ 21:29 < xamithan> Do they just sit in dust for 50 years ro so ? 21:29 < UncleDrax> xamithan: they sit there so others can't use them. that's how patents work. 21:30 < xamithan> That is really lame 21:30 < E1ephant> SoniEx2: use carrier pidgeons 21:30 < UncleDrax> sorry.. I mean, "That's how patents work in the modern era" 21:30 < E1ephant> siq out of band 21:30 < Project86__> E1ephant: carrier pigeons. This man is a genius. 21:30 < Aeso> IP over avian carriers? 21:31 < tds> high latency but pretty good bandwidth ;) 21:31 < Aeso> RFC 2549, iircf 21:31 < E1ephant> Project86__: common joke :) https://www.ietf.org/rfc/rfc1149.txt 21:31 < E1ephant> 2549 is QoS over avian carrier 21:31 < E1ephant> :P 21:31 < Aeso> ah, that's right 21:31 < Sout> ah ip for burrito's :D 21:31 < UncleDrax> tbh, I prefer RFC3514 21:31 < E1ephant> set that evil bit 21:31 < SoniEx2> ugh 21:32 < UncleDrax> E1ephant: yes. in fact I should set my border ACLs to throw away non-RFC3514 compliant traffic 21:32 < SoniEx2> seriously tho can I send 2fa over mastodon DMs and is it a good idea? 21:32 < E1ephant> :D 21:33 < E1ephant> I think we literally just discussed that is better to do that out of band 21:33 < E1ephant> rather than in band 21:33 < E1ephant> but sure, if you ask enough, maybe? 21:33 < E1ephant> do you trust mastadon? 21:35 < Sout> https://tools.ietf.org/html/draft-lohsen-ip-burrito-00 <-- there we go found ip over burrito :D 21:36 < E1ephant> >preexisting 21:36 < E1ephant> burrito delivery infrastructure 21:36 < E1ephant> I need this in my life 21:36 < E1ephant> also that datagram :D 21:37 < Sout> i know right :D 21:38 < Sout> I really want to try to order a burrito / make one and see if i can make it to the spec :D 21:38 < Aeso> Sout, you'll have to let us know if you can taste the bitfields :) 21:38 < UncleDrax> I object to the lack of non-Beef/Chicken fillings in that Burrito. Clearly the authors have never had a real burrito 21:40 < UncleDrax> clearly we need IPoBCv6 that will support 6 filling options. beef, chicken, pork, chorizo, tempeh, and NULL 21:40 < Dalton> i want all of the above other then null 21:41 < S_SubZero> spicy pork is the last one of course 21:45 < atsu> I glanced over and thought I joined a cooking channel 21:46 < Project86__> Most "totd" searches point to Tweet of the Day 21:46 < Sout> :D 21:48 < kiokoman> ok he tutorial is good 21:48 < kiokoman> *the 21:48 < Project86__> E1ephant: send a link for totd services? 21:48 < kiokoman> it's working for me but i'm using android 21:49 < kiokoman> with pfsense 2.4.3 21:51 < E1ephant> Project86__: what do you mean? 21:51 < E1ephant> Project86__: https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm ? 21:51 < eliran> But even Sheryl Sandberg, Facebook’s operations head, admits that there are Facebook users who don’t know they’re on the internet. So is Facebook succeeding in its goal if the people it is connecting have no idea they are using the internet? And what does it mean if masses of first-time adopters come online not via the open web, but the closed, proprietary network where they must play by Facebook 21:51 < eliran> CEO Mark Zuckerberg’s rules? 21:52 < eliran> https://qz.com/333313/milliions-of-facebook-users-have-no-idea-theyre-using-the-internet/ 21:53 < UncleDrax> ... 21:53 < kiokoman> maybe double check config like virtual address poll should be /27, dns server and firewall rules under ipsec tab 21:53 < sudormrf> kiokoman, yeah, the latest 21:54 < sudormrf> kiokoman, so did a pcap and you see the traffic going out and you see the traffic coming in but the client doesn't receive it 21:55 < king_button> If all people use is Facebook, that's their loss. If people get no urge to explore the wider net, their IQ might be very low anyways. I for one am thankful that they stay inside the theme park. 21:55 < NubNub> hello 21:56 < NubNub> for greenfield VPLS, should I use LDP or BGP? 21:56 < NubNub> mostly using juniper routers 21:56 < kiokoman> do you have another device to try it ? 21:57 < atsu> LDP if you don't need scale. BGP if you need it 21:57 < NubNub> so for under 1000 MX routers, LDP is fine? 21:57 < atsu> Not routers 21:58 < UncleDrax> just curious, whereabouts does LDP breakdown at scale? (1000 nodes? 10k?). I got a smaller regional metro VPLS so just curious 21:58 < atsu> VPLS tunnels need full mesh with LDP 21:58 < atsu> Do you care about that 21:58 < NubNub> what do you mean not routers 21:58 < NubNub> we already have juniper mx 21:58 < atsu> Tunnel mesh is the problem 21:58 < atsu> Sorry, O 21:58 < NubNub> so use a switch? 21:59 < atsu> I'm playing a game at the same time 21:59 < sudormrf> kiokoman, you mean a non-apple device? no. 21:59 < UncleDrax> ok that makes sense re: Mesh. (we actually do a HVPLS and I'd agree full mesh for everything would be.. not ideal) 21:59 < NubNub> seems it doesn't have featureset for vpls 22:00 < atsu> With LDP you need full mesh 22:00 < atsu> If you have a customer that needs 6 end points 22:00 < NubNub> you still have full mesh for datapath 22:00 < NubNub> with bgp 22:01 < NubNub> but also bgp overhead on top 22:02 < atsu> I haven't deployed it so I cannot answer on BGP 22:02 < atsu> I thought BGP fixed the mesh problem 22:03 < NubNub> fixes the configuration mgmt part 22:03 < NubNub> IE you can signal to other sites when a new site comes up, rather than touch all endpoints 22:03 < NubNub> I believe? 22:04 < NubNub> idk we use templates to roll everything out, so seems configuration isn't actually that large of a pain point 22:05 < NubNub> but maybe having bgp will help for future l3vpn product or similar 22:39 < Apachez> T minus 24min and counting... https://www.youtube.com/watch?v=rQEqKZ7CJlk 22:40 < GenteelBen> Bangladesh has a space programme? 22:40 < GenteelBen> dafuq 22:41 < djph> o_O 22:41 < djph> THEY DO NOW! 22:41 < GenteelBen> SpaceX is democratising space programmes. 22:50 < Adie> I need help. I have a BRAND NEW COMPUTER and when I install my network card, it takes like 100x longer to boot, and idk what 2 do 22:51 < bezaban> so many questions 22:55 < seify> Adie, did you check boot order to ensure it is not waiting for a reply from a nonexistent network boot source? 22:56 < seify> Otherwise I guess you will need to further specify the details of your configuration 22:56 < Adie> all 4 Intel network boot devices are disabled in my boot priorities 22:56 < Adie> only my nvme drive is enabled 23:00 < qman__> Did you disable boot option ROMs? That's what loads bootable features of addon cards 23:01 < Adie> probably not 23:01 < Adie> I wouldn't know how 23:05 <+catphish> you should be able to see on the screen what's taking the time during the boot 23:05 < Adie> It's just on my POST screen, all I see are some codes in the corner 23:06 <+catphish> pressing escape may display more info 23:06 <+catphish> also, look up those codes if you can 23:07 < Adie> I've tried a bit 23:07 < Adie> about 20 seconds on 92, and another 20 seconds on A2 23:07 < Adie> without the card, it's booting within a second 23:09 <+catphish> 92 = PCI Bus initialization is started 23:09 <+catphish> A2 = IDE Detect 23:09 <+catphish> there's no sane reason those should take longer with a NIC installed 23:10 <+catphish> so i'd suggest something's wrong, though it's possible those codes are nonsense 23:10 <+catphish> see if you can press escape to display raw outout 23:10 < Adie> using Intel bootutil, both cards flash firmware says "UEFI,PXE Enabled" 23:10 <+catphish> the normal reason for slow boot after adding a NIC is that the NIC is trying to do a network boot 23:10 < Adie> mhmm 23:11 <+catphish> PXE = network boot 23:11 <+catphish> that *will* cause this 23:11 <+catphish> you need to disable PXE / remove network from your boot order 23:12 < Adie> okay 23:12 < Adie> I jist did a thing 23:12 < Adie> ayy, it's fixed 23:13 < Adie> I hit it with bootutil -ALL -FD 23:13 < Adie> which disabled all the flash stuff on all the cards? 23:14 <+catphish> i don't know much about that 23:14 <+catphish> but disabling the network boot will definitely fix this 23:14 <+catphish> anyway, great 23:14 < Adie> boots up nice n quickly now 23:14 <+catphish> cool 23:14 < Adie> I wonder if I even have any use for network boot 23:15 < Adie> I'm not sure if I could actually boot persistant OS over the network or something 23:15 < Adie> idk anything about network boot 23:15 < Adie> all I know is that my network is speeeeedy 23:15 < Adie> But probably could have been more speedy if I got a different kind of 10G 23:15 < Adie> o well 23:15 < eliran> the streamification of the internet 23:16 < Adie> yeah! 23:34 < spaces> are there fools around here ? 23:36 < Gollee> no, only sane people in here 23:42 < S_SubZero> and fools shine on --- Log closed Sat May 12 00:00:17 2018