--- Log opened Mon May 21 00:00:12 2018 --- Day changed Mon May 21 2018 00:00 < dirac1> Hello guys I found a SSD, with the name uSATA, what's the difference between a uSata and a mSATA? 00:00 < dirac1> Oh wait.. wrong chat. 00:00 < halftroll> it happens for all ssid 00:02 < SporkWitch> halftroll: #android 00:03 < halftroll> SporkWitch: Ok thanks 00:05 < halftroll> SporkWitch: I think it's a problem with the tp link router 00:05 < halftroll> dhcp isn't working 00:05 < halftroll> and something in the router might be blocking devices from using static ips :\ 00:07 < SporkWitch> that's not possible 00:07 < halftroll> Ok 00:09 < Apachez> zeldafan78: perhaps there are no seeder with 100% available? 00:09 < Apachez> or your box cannot reach that seeder with the remaining % ? 00:09 < SporkWitch> to be clear, DHCP not working is possible, something on the router preventing you from ENTERING static addresses on the device itself is not. or did you mean that you were trying to set static leases from the router? you made it sound like you were trying to set IP on the phone itself 00:09 < Apachez> or its a fake seeder so downloaded chunks are discarded 00:09 < Apachez> the mediamaffia is trying to break torrents in all sort of ways 00:15 < halftroll> SporkWitch: DHCP is not working, I did put a static ip and managed to connect 00:16 < halftroll> SporkWitch: you're eright, I meant that I was trying to set IP on the phone itself 00:16 < halftroll> anyway sry for the spam 00:27 < zeldafan78> Whatever the reason is, it has made torrents extremely unreliable. 00:28 < alabaster> I know this sounds like an odd problem but has anyone ever lost files doing a folder move??? 00:55 < Apachez> https://twitter.com/Tesla/status/998233121660190720 00:55 < Apachez> "shut up and take my money!" :D 00:56 < zeldafan78> I wouldn't sit down in front of a steering wheel and drive a car anywhere no matter what they paid me. 00:58 < SporkWitch> O.o 01:07 < spaces> Apachez ok, gimme your money then, bitcoins please :P 01:27 < infinisil> Oh god 01:27 < infinisil> Just look at the DNS packets my ISP is sending: https://gist.github.com/Infinisil/9da62de79bf21db0b69715bd5b0d208c 01:32 < linux_probe> in your case, lets call them an Internet DisService Provider 01:32 < linux_probe> are you sure you dont have some ugly frabmentation/connection issues 01:41 < spaces> linux_probe no-one is ugly here 01:41 < spaces> except the people in words I ignored ;) 01:42 < infinisil> Oh actually, it might be this powerline thing that's inbetween my machine and the router 01:43 < linux_probe> lol 01:43 < linux_probe> "powerline thing" :)) oh lord 01:43 < spaces> linux_probe you called me my exelence ? 01:43 < linux_probe> or your router itself is emitting poo 01:44 < spaces> linux_probe dirty words for an exelence, you will be placed in to scaffold for a day 01:45 < Apachez> funny with the amount of haters at /r/networking :D 01:45 < infinisil> linux_probe: Or that, yeah 01:45 < Apachez> got downvoted for pointing out a working workaround for 802.1x with no radiusserver 01:45 < infinisil> There's admittedly still lots of stuff that could go wrong on the way to the ISP 01:45 < spaces> Apachez haters are here as well, on whole IRC and it's going to be worse 01:45 < Apachez> its sad when people answers threads/question without reallife knowledge of how things actually works 01:46 < linux_probe> you'll have that 01:46 < spaces> Apachez isn't that what the rusted people that cannot think out of their comfortbox anymore and live only on IRC has as issue ? they are getting too old 01:46 < spaces> it's like the old windows admin backt he days... ooeeehhh linux, I go get some coffee 01:46 < Apachez> spaces: mmm its like visiting the #perl channel at any irc network :P 01:47 < spaces> Apachez or ##php or #mysql or #httpd 01:47 < Apachez> yeah and still microsoft stole the whole cli idea from the *nix world :) 01:47 < spaces> I have seen this channel and cisco also these days asl flexible... ##javascript is really cool! 01:47 < Apachez> na #perl is in its own league :) 01:48 < Apachez> also seems like I stired up some haters in my per-packet thread 01:48 < spaces> I like the guys that throw in words on these channels that don't apply to the discussion and try to showoff their tesicles 01:48 < Apachez> people who "learned" that per-flow is the only way and then gets mad at me that linuxkernel obviously have no issue with out of order packets sine oct 2014 01:48 < spaces> Apachez :P 01:49 < Apachez> I get that in some threads there are like cisco fanboys who tries to skew the discussion to avoid shortcomings in cisco gear 01:49 < Apachez> but this wasy just hillarious 01:49 < Apachez> -y 01:50 < spaces> Apachez in ##php there are odd devs, working @ home sometimes for large companies but don't like to admit they are just a number and have issues when you ask questions that are based on scaling and they are there only to do what their devops ask them to do :P 01:50 < spaces> Apachez yes Cisco, it's less now these days 01:50 < spaces> I like to work witht he things I have and make the best out of it 01:50 < Apachez> yeah 01:51 < Apachez> we often do "non kosher" solutions at my place :) 01:51 * linux_probe looks at spaces, im afraid your brain is corrupt 01:51 < Apachez> thinking outside the box and utilizing features in a way not many do 01:51 < spaces> linux_probe I got it cloned from yours with optimizations enabled... wonder how your thoughts are ;) 01:52 < spaces> Apachez indeed 01:52 < spaces> Apachez the issue is some are not allowed to and are actually ajlous 01:52 < spaces> jalous 01:52 < spaces> it's no joke, I see that a lot in IT 01:52 < Apachez> protectionism or whatever its called 01:53 < spaces> indeed, that also 01:53 < Apachez> sharing is caring 01:53 < Apachez> but on /r/ it can often be seen when consultants are in action 01:53 < Apachez> trying to "protect" their customers to gain info for themselfs 01:53 < Apachez> I had a similar experience with an ISP some years ago 01:54 < Apachez> they claimed how hard it is to maintain a internet network for endusers 01:54 < Apachez> and they could of course "free of charge" take over our network for us 01:54 < Apachez> so I pointed out its not hard at all, in average we have like a call a month when there is somebody who is moving in and the one who moved out didnt leave the network details 01:54 < Apachez> "- how do you know that?" 01:55 < Apachez> "- becaise Its I who is in charge of this network and maintenance it" 01:55 < Apachez> all went silent :P 01:55 < Apachez> do I have to tell that this ISP was of no interrest for us and they didnt get the uplink contract? :P 01:56 < spaces> I must say it's odd that a lot of people say, hey we can do che aper and people move 01:56 < spaces> I also dislike when people who at the end don't invest a penny because they move their customer to "the cloud" only to get a profit and actually to force them not to leave anymore 01:57 < spaces> I actually HATE them 01:59 < linux_probe> "the cloud" == blowing smoke up everyone ass 02:00 < spaces> linux_probe you like that, you like to have a warm feeling inside yourself 02:01 < linux_probe> fitting loo.. https://www.rawstory.com/2016/05/doctors-used-to-literally-blow-smoke-up-your-ass-with-18th-century-medical-treatment/ 02:01 < linux_probe> they thought it helped revive folks 02:02 < spaces> the germans thought the same with a waterhose, dumbasses 02:02 < linux_probe> lol 02:03 < Apachez> linux_probe: should we be afraid that you had that link already in your copybuffer? :P 02:03 < Apachez> isnt that waterhose up your ass an murican thingy? 02:03 < Apachez> popular in snowflakeareas of california and such? 02:04 < Apachez> "intestinal lavage" 02:04 < eahm> they probably still do it in california and oregon :) 02:09 < spaces> I need to shave myself 02:09 < spaces> any volunteers ? 02:10 < Drakonan> so dumb question if i put this modem in bridge mode is there a way i can still access it from behind my router? 02:11 < siix> unless it still reserves an IP for itself (unlikely) then you'll have to reset it first 02:14 < spaces> Drakonan yeah that is the shitty part of it, you can't most of the time unless you have some HW-address config tool 02:14 < spaces> but it's what siix says 02:15 < spaces> at the other end you want it to be dumb 02:16 < spaces> linux_probe is our bridge in here 02:19 < linux_probe> lol @ Apachez :)) 02:20 < Apachez> spaces: face shaving or more "delicate" areas? 02:20 < Apachez> Drakonan: yes and no 02:20 < Apachez> Drakonan: some modems needs factory reset to get back from bridge mode 02:20 < Apachez> Drakonan: some others will still have like 192.168.0.1/24 or such as ip on the lan side even if its in bridge mode 02:21 < linux_probe> Drakonan, if it;s a cable modem, it should still be available @ 192.168.100.1 02:21 < Apachez> that ip will be for mgmt purpose only like login and change config but also to get snmp stats etc 02:21 < linux_probe> with DSL or other it's a 50/50 crap shoot 02:21 < Apachez> for the later case your firewall or whatever you connect to the modem will need to configure two ip's 02:21 < siix> you can google "bridge mode web ip " or some such and /crossfingers 02:21 < Apachez> one for the internet access (like dhcp or whatever) 02:22 < siix> and i do recommend /crossfingers rather than /holdbreath 02:22 < Apachez> and then a subinterface configed to 192.168.0.2/24 or whatever range and unused ip in that range your cable modem used 02:22 < Apachez> google delivers 02:23 < Apachez> Did you mean: "bridge mode web ip " or some such and /cross fingers 02:23 < tds> I think I've seen some modems that can bridge to one vlan, and expose a management web ui and snmp on another 02:23 < Apachez> no results for "bridge mode web ip " or some such and /crossfingers 02:23 < Apachez> Result for bridge mode web ip or some such and /crossfingers is shown instead 02:23 < Apachez> :D 02:25 < linux_probe> i suggest crossing your nut sinstead 02:25 < linux_probe> dont tie them in a not thought 02:26 < spaces> Apachez face, I have a bare buttocks face so you catch 2 flies @ once :P 02:27 < spaces> Apachez I advise to use a mowler, a new one I think 02:27 < spaces> mower 03:05 < spaces> linux_probe ? 03:12 < linux_probe> you rang? 03:25 < spaces> linux_probe I didn't use my phone 03:44 < spaces> linux_probe not your mother ? 04:53 < Supertanker> My ISP is giving me IPv6 routes via RA with a lifetime of 30 seconds. As a result, wan6 keeps dying about every 30 seconds until it gets a new route via a RA. Any way I can make this more stable? 04:53 < Supertanker> (running openwrt, but it shouldn't matter--the RAs aren't coming fast enough :( ) 04:54 < tds> Supertanker: have you contacted them about either decreasing the interval between advertisments, or increasing the lifetime? 04:54 < SporkWitch> if you're ISP can't do things right themselves, it's easier and less headache to just disable ipv6 04:55 < SporkWitch> s/you're/your/ 04:56 < linux_probe> 30 second lifetimes lol 04:56 < tds> also, I'd probably do a packet capture just to confirm your side is working ok - iirc openwrt has a slightly non-standard setup with RAs intercepted by a dhcp client which then adds the routes, rather than using the stuff built into the kernel 04:56 < linux_probe> openshart >_> 04:56 < Supertanker> lol 04:57 < linux_probe> let me guess comcast ? 04:57 < Supertanker> tds, that's my point, I did a tcpdump and the router-lifetime is set to 30s :( 04:57 < Supertanker> No, sadder. 04:57 < linux_probe> oh noes 04:57 < Supertanker> Hughe'sNuts 04:57 < Supertanker> I mean 04:57 < Supertanker> Hughesnet 04:57 < tds> and 30 second lifetimes sound reasonable if they're relying on them for failover, they should certainly be sending them more often though 04:57 < Supertanker> Actually let me try again and note the timing 04:57 < linux_probe> shartelite 04:57 < Supertanker> Opensh!t may not be processing them fast enough 04:57 < Supertanker> brb though tacos 04:59 < tds> also, short lifetimes really don't help when your switch drops v6 multicast traffic randomly and suddenly your servers keep losing default routes ;) 05:00 < linux_probe> yeah lol 05:06 < Supertanker> Okay let me see how often the RAs are coming in 05:10 < Supertanker> I mean 05:10 < Supertanker> Okay 05:10 < Supertanker> tds, I'm getting advertisements...every 4-6 seconds :P 05:10 < Supertanker> So opensh!t is not processing them like it should be 05:10 < tds> lol 05:10 < Supertanker> Weirdly I don't recall having this issue a few weeks ago so I must've changed something :( 05:11 < tds> if you want to use the sane linux implementation rather than udhcp or whatever it is, you can just manually change the accept_ra sysctl 05:12 < tds> ah, it's odhcp6c 05:13 < Supertanker> Yes 05:13 < Supertanker> tds, does it do prefix delegation? 05:13 < linux_probe> router lifetime 1800s, reachable time 3600000s, retrans time 0s 05:13 < linux_probe> lol 05:14 < Supertanker> Also, which icmp6 packet type does default route? Is it the RA or the neighbor discovery packets? 05:14 < Supertanker> I'm new to IPv6 05:14 < Supertanker> ish 05:14 < linux_probe> an isp that isnt herp-derp 05:14 < Supertanker> lol herpdederp 05:16 < linux_probe> are you sure it's not 6RD or some isp tunneling terminated on the isp modem side 05:16 < linux_probe> erm 6 to 4 tunnel. the 30S makes sense for it being local device 05:17 < Ashstar> herpies, hispieces 05:17 < tds> Supertanker: does what do prefix delegation? 05:17 < Ashstar> yikes 05:17 < tds> I don't think there anything built into linux for it, so you'll need an extra client for pd 05:17 < Supertanker> tds, the accept_ra kernel mechanism 05:17 < Supertanker> :( 05:17 < Supertanker> Hmm this is odd 05:18 < Supertanker> It's giving me 3 default routes 05:18 < Supertanker> And by it I mean openwrt 05:18 < tds> accept_ra should get you a default route though, and the dhcp client can continue to do prefix delegation 05:18 < Supertanker> tds, sounds like a decent solution, I will look at that 05:18 < tds> multiple default routes sounds pretty typical if they're using short lifetime RAs from different routers for redundancy 05:19 < Supertanker> tds, would I see multiple RAs for that? Because they're all coming from the same source IP 05:19 < tds> yes, you'd see multiple RAs from different link local addresses 05:20 < Supertanker> Yeah that's not happening :( 05:20 < Supertanker> I think openwrt is completely misinterpreting these responses somehow 05:20 < Supertanker> I can't even see what's different on each one 05:20 < tds> what routes has it added? 05:21 < Supertanker> default from 2001:5b0:230f:nope::/64 via fe80::280:aeff:feee:nope dev eth0 proto static metric 512 pref medium 05:21 < Supertanker> default from 2001:5b0:230f:nop8::/61 via fe80::280:aeff:feee:nope dev eth0 proto static metric 512 pref medium 05:21 < Supertanker> default from fd0d:edc3:nop6::/64 via fe80::280:aeff:feee:nope dev eth0 proto static metric 512 pref medium 05:21 < Supertanker> Some numbers changed 05:21 < Supertanker> Okay so 05:21 < Supertanker> to protect the innocent ;) 05:22 < linux_probe> >_> 05:22 < Supertanker> First From is my PD-assigned LAN prefix 05:22 < Supertanker> Second one is 05:22 < Supertanker> Another PD assigned one 05:22 < Supertanker> I have no idea why I get the fd0d addresses too but hey bonus 05:22 < Supertanker> ANYWAY 05:22 < Supertanker> They all point to the same next-hop 05:22 < Supertanker> (modem) 05:23 < Supertanker> Er sorry no that's wrong 05:23 < Supertanker> First one is the WAN address 05:23 < Supertanker> Second one is the PD for my LAN network 05:23 < Supertanker> Third one is still ?!?!?! but it's also assigned to my WAN and has been that way for weeks, so I think it's a red herring. 05:23 < linux_probe> hmm @ unique local prefix 05:23 < Supertanker> The fd0d? 05:23 < tds> I guess the ISP must also use ULA space for stuff? 05:24 < linux_probe> yeah it's ULA 05:24 < Supertanker> No idea, they're so dumb 05:24 < Supertanker> CGN on the IPv4 WAN :( 05:24 < Supertanker> I get a 100.64.x.x addr 05:24 < tds> googling "fd0d:edc3" gets some other results about the same ISP 05:24 < linux_probe> lol 05:24 < Supertanker> massive sadness 05:24 < fnDross> nat 05:24 < Supertanker> It's probably a management IP or something 05:24 < tds> at least they're not doing cgnat in rfc1918 space, I guess 05:24 < Supertanker> ...hey I wonder if I can still SSH into the router using that 05:24 < Supertanker> er modem 05:24 < Supertanker> anyway 05:25 < linux_probe> going to guess it;s done at the modem side 05:25 < linux_probe> and hughes likely doing 6t4 tunneling 05:25 < Supertanker> So the modem is sending RA like a good boy 05:25 < linux_probe> yeah, it;s probbaly all from the modem 05:25 < Supertanker> I don't understand why openshift is making all these default routes 05:25 < Supertanker> Is the "from" referring to the source network as in, if packet is from here, go here? 05:26 < Supertanker> Or is "from" saying that this network is somehow setting this route 05:26 < linux_probe> never dealt with hughesnet, so I cannot be 100% 05:26 < tds> the from seems weird, I've used it with ip rule, but not ip route 05:26 * tds looks at the man page 05:27 < Supertanker> ip -6 route on openwrt has a slightly different syntax than on my ubuntu box it looks like 05:27 < Supertanker> Thanks for helping me dig into this btw :) 05:27 < tds> it's busybox iirc? 05:27 < Supertanker> yes 05:28 < tds> I think you can install "real" ip if you want 05:28 < Intensitea> Hi. I'm working with iptables on Qubes (a Debian 9 instance), and I'd like to understand why my "iptables -t nat -I POSTROUTING 1 -j SNAT" rule (which includes --destination 1.1.1.1) isn't matching packets coming from another interface. 05:28 < Supertanker> ::/0 fe80::280:aeff:feee:nope UG 512 0 0 eth0 05:28 < Supertanker> ::/0 fe80::280:aeff:feee:nope UG 512 1 1 eth0 05:28 < Supertanker> ::/0 fe80::280:aeff:feee:nope UG 512 0 0 eth0 05:28 < Supertanker> really? 05:28 < Supertanker> Thanks route 05:29 < tds> ah, package is ip-full if you want actual ip rather than busybox 05:29 < Supertanker> Let me give that a whirl 05:29 < Intensitea> To be specific, this "qube" (a host I'll call "R" for router) is establishing a VPN tunnel, and I'd like to route traffic from another "qube" (host) through R's tun0. Any help would be appreciated - I can share more. 05:32 < Supertanker> didn't help much tds, same output 05:33 < dogbert2> heh...finally got my python bug-fu/patch-fu into python (only took 'em 3 years) :P 05:33 < linux_probe> hehe. ICMPv6 Option (Recursive DNS Server 2001:470:c058:100::1) Type: Recursive DNS Server (25) Length: 3 (24 bytes) Reserved Lifetime: 20 Recursive DNS Servers: 2001:470:c058:100::1 05:47 < dogbert2> LOL...employers where I live are having a hard time finding skilled workers, due to a piss poor public educational system in terms of ranking 05:54 < zeldafan78> I want somebody to just start e-mailing me tasks, and then I send back the finished script and then they pay me in Bitcoin. 05:54 < zeldafan78> That would rock. 07:21 < Ashstar> https://en.wikipedia.org/wiki/Flatland 08:36 < purplex88> if a switch can't find destination of packet, what does it? 08:36 < purplex88> do 08:39 < detha> send it out all ports 08:39 < longxia> purplex88: the frane gets sent to every port (flooded), except for the one it arrived on. 08:41 < purplex88> does it happen everytime? or switch eventually learns next time that theres no need to flood? 08:42 < detha> the switch learns which MAC is at which port by looking at traffic coming in on that port 08:43 < purplex88> so next time say it doesn't flood and i silently add another computer 08:44 < TheSilentLink> Hi I want to set up a reverse proxy. I’ve heard using ssl is a pain so I was wondering if I use https and then connect to the internal server using http is it still encrypted to the outside world. 08:46 < detha> TheSilentLink: it is fairly common to terminate ssl on a reverse proxy/loadbalancer and use plain http inside your network yes 08:47 < longxia> purplex88: the new computer should have a different MAC address and so should not be interested in the frames which were previously flooded. 08:48 < purplex88> ok so it will flood only new computers next time 08:50 < longxia> purplex88: it will only flood frames for which the switch does not know which port to send them to, either because the destination MAC is new, or it has dropped from the MAC table because of expiration or table overflow. 08:51 < detha> purplex88: and even then, rarely. With dhcp, the first thing a new computer does is ask for a lease, so the switch already knows its mac address from the dhcp resquest. With statics the first packet is often arp who-has, the new machine responds, and the switch also knows now. 08:52 < detha> if machines are very quiet, mac entries can expire, or with many machines on a segment the mac table can overflow, and oldest entries get kicked out 08:56 < TheSilentLink> detha: thank you so if I use http inside the network and does the proxy encrypts it before it sends it over the internet to the client? 08:56 < detha> correct, /iff/ you have a proxy that speaks https on the internet side, 08:57 < TheSilentLink> Great thank you for helping! 09:04 < Jmabsd> err, what do you use a "timestamped" NIC for? http://www.silicom-usa.com/pr/server-adapters/programmable-fpga-server-adapter/capture-fpga-server-adapters/ts-100-gigabit-capture-server-adapters/pe3100g2f2tstc4/ 09:04 < Jmabsd> http://www.silicom-usa.com/wp-content/uploads/2016/08/PE3100G2F2TSTC4-100G-Capture-Server-Adapter.pdf 09:08 < detha> Jmabsd: for hft applications. PTP and such stuff 09:08 < Jmabsd> detha: high-frequency trading?? 09:08 < detha> yes 09:09 < Jmabsd> aha. what's PTP here? 09:09 < detha> precision time protocol 09:09 < Jmabsd> ah. 09:09 < detha> think NTP but an order of magnitude or two better 09:09 < Jmabsd> so the point would be that by having higher granularity of timing of trading data arrival, your algorithms have better data. 09:09 < Jmabsd> however, like, there should be various weird delays in the data feed from any financial system anyhow no? 09:10 < Jmabsd> also you have real time software that could do the timestamping in software, no?? 09:10 < Jmabsd> this must be for usecases where some microseconds make a big difference ?? 09:10 < Jmabsd> or just for lazy devs to move a software function to hardware?? 09:11 < detha> people try to minimize that. Also, the more accurate your timestamps are, the more accurate you can determine first derivative 09:13 < detha> nothing to do with lazy devs, the software can not know the buffers and the delay in the NIC, so there's nothing the devs could do about that. 09:16 < tezogmix> needed input, what might be the causes for a multi-connection/multi-threaded download (using internet download manager via windows) freezing your entire internet connection near the last few seconds? 09:16 < tezogmix> I have a 300mbps connection/usb 3.0 hdd's 09:18 < tezogmix> I've allowed the software within windows firewall, other active monitoring software I have is malwarebytes/microsoft security essentials 09:18 < tezogmix> I tried googling this query but I don't think my keywords helped me troubleshoot this better. 09:19 < tezogmix> not sure if it's a router/tcp/mtu/dns issue - I'm on a static IP, google dns - 09:20 < detha> Justice ;) Things trying to grab more than their fair share of bandwidth getting their payback 09:20 < tezogmix> I'm not sure if it was some other network related oversight that I may have changed which could have affected that. 09:21 < tezogmix> the download will resume along with other net activity, but sometimes it will stall for several minutes... 09:22 < tezogmix> it's definitely internet download manager/IDM, if I exit the program, net activity is normal. 09:22 < tezogmix> transfers from temporary to destination sources are on separate hdd's 09:23 < tezogmix> I've done the netsh winsock/tcp ipv4 resets 09:23 < tezogmix> and also put back the MTU to 1500 default. 09:24 < tezogmix> I'm not that knowledgeable on this topic but hopefully someone here knows to shed some feedback on what else to check 09:24 < tezogmix> thanks in advance ^ 09:24 < at0m> why would you fiddle with MTU again!? 09:25 < tezogmix> oh hey at0m , it was just one of those networking default endpoints 09:25 < regdude> I wonder how many connections does that "good" software create at the end 09:26 < tezogmix> and I also realized that while on vpn service the MTU didn't matter. connection-wise, I've tried just a single-multi part x 8 connection but that software somehow stalls at the end. 09:26 < tezogmix> I;ve used it for several years without a hitch 09:27 < tezogmix> but I couldn't pinpoint where I may have changed a network setting within windows or through my router to where idm was affected. I have jdownloader too and that works fine. 09:28 < tezogmix> the software is also up to date. 09:30 < tezogmix> regdude, do you have an alternative software that's worth checking, possibly freeware? I have the ad-free version of jdownloader but it doesn't function like idm does 09:31 < tezogmix> at least then,, I can test whether it is an idm issue better over another multithreaded download manager 09:31 < regdude> I'm sorry, I do not support using any "Internet Download Manager" 09:31 < tezogmix> what do you support then? 09:31 < at0m> fixed until broken 09:31 < tezogmix> I saw uget as one option... 09:32 < tezogmix> what's fixed until broken mean? at0m 09:32 < tezogmix> :) 09:32 < tezogmix> maybe I failed to read between the lines... 09:32 < regdude> it is not nice to use either of these applications 09:33 < tezogmix> well one is paid for, the other [jdownloader] is a community driven project (i use it for ftp things) 09:33 < at0m> tezogmix: you're on freenode, it shouldnt be a surprise to you that most people here use and support free and open source 09:34 < tezogmix> my question was more on why a multithreaded download could cause net disconnect temporarily and then resume. 09:34 < tezogmix> and mentioned the other potential bottlenecks, e.g. hdd 09:34 < regdude> check how many active connections are on your router 09:34 < at0m> did your client PC disconnect from your router? 09:35 < tezogmix> practically all net activity stopped on the active device 09:36 < tezogmix> running windows os, other activity like my nvidia shield tv/raspberry pi on the route (it's an asus ac86u, stock firmware) still functions along with my other desktop connected to it 09:37 < tezogmix> so I'm certain it's something on the machine network setup that I tinkered with unknowingly but just can't seem to back trace it 09:39 < tezogmix> regdude, all the other devices are just single connections to the router and on their own static ip's 09:40 < regdude> I meant how many established connections are on the router. Not sure if this can be done on most home routers 09:41 < regdude> though some interesting things should be visible on the Windows PC, unless it is compromised 09:41 < tezogmix> ah yeah you're right regdude - by established connections, I can see all the above devices fine connected fine, no other questionable connections - I'm not able to monitor multithreaded-download connections through the router though. 09:42 < tezogmix> the pc shouldn't be compromised (e.g. malware if you mean) 09:43 < tezogmix> and software is self purchased/paid that I still receive updates to (internet download manager in this case) 09:44 < regdude> I would guess that there are too many established connections created by that IDM and your router is not able to handle any more (might be a router bug though), but you should find a way to check how many established connections are there 09:44 < regdude> when the connection freezes 09:44 < tezogmix> I use it time to time for batch downloads in where I can maximize by bandwidth over just a single connection transfer 09:46 < tezogmix> but even then, I've reduced it to just 1 x 1, 1x 4 , 1x8 (which always worked but now stops all net activity near the last few seconds), the only active monitoring software I have is still the same malwarebytes/mse on windows 09:46 < tezogmix> this happens on any site 09:47 < regdude> check if you can connect to the router and to the Internet from a different device when the connection freezes 09:47 < tezogmix> yeah regdude , that works - I did check that. 09:48 < tezogmix> and on the troubled pc, I did reset all the network defaults 09:48 < regdude> then the problem is not very likely to be caused by "networking" 09:48 < tezogmix> like netsh winsock reset/etc 09:49 < tezogmix> yeah I figured, I have been back and forth with the company's tech but through the last emails, it's been more of generic troubleshooting (not that it could be an issue, but I really did try to trace and check on what I could think of). 09:50 < tezogmix> their responses were windows firewall/antivirus software but that's definitely not the issue 09:51 < tezogmix> I thought it was some dns issue and I swapped dns addresses during those freezes and did the elevated command prompt ipconfig /flushdns 09:51 < tezogmix> but didn't help 09:52 < tezogmix> I still get the requested data in full uncorrupted 09:54 < tezogmix> if you had other keywords that I can web search other than multihtread(ed) multipart/multiconnection transfers in a better terminology sense, maybe I could find a better search result but I couldn't find one best suited with the phrases I tried. 09:55 < tezogmix> I've also applied the boolean (and) with idm and also without it to get more general query results... but couldn't pinpoint a good topic on this. 10:21 < Miguel2013> any website I can check for isp plans 10:21 < Miguel2013> I need fast upload 50mb or more 10:21 < linux_probe> lol, good luck? 10:24 < Miguel2013> how come 10:24 < Miguel2013> I hate my 5mbit upload I wanna use my unlimited google drive but it sucks with that speed 10:24 < linux_probe> because nearly none of them are designed for nor want you to "push" upstream much 10:24 < linux_probe> it costs them big bucks 10:25 < Miguel2013> aja yes that is reasonable 10:25 < Miguel2013> maybe in 10 years then I'll finish my cloud bakc up 10:25 < linux_probe> so pay $2000+ a month for the connection 10:25 < Miguel2013> what's the compmany 10:26 < linux_probe> depedns on where you are, it could be 10K+ a month 10:26 < linux_probe> and 30K install 10:26 < Miguel2013> I suppose is not listed in comercial plans that I can find on google 10:26 < purplex88> longxia: if a switch keeps receiving a packet to new destination ip address, will it keep sending arp messages to all ports to figure out who has this IP? 10:27 < Miguel2013> no budget for that neither 10:28 < detha> purplex88: switches don't care about IP addresses, only MAC addresses. Routers on the other hand do. 10:29 < regdude> purplex88: a switch will flood ARP requests to all switch ports, but the ARP request is sent out from a device that is not the switch 10:30 < purplex88> computers connected to switches has ip addresses 10:30 < linux_probe> lol 10:31 < linux_probe> non eof ther commercial suppliers are going to price quote online 10:31 < purplex88> i want to know what happens if a computer starts sending spoofed packets with random destination ip addresses. 10:31 * detha points at the ISO model. IP addresses are L3, switches are at L2. 10:31 < linux_probe> it;s customer by customer and forget anythign major in a residential area 10:32 < linux_probe> perhaps to the school nearbye or big industrial business 10:32 * Apachez points detha at L3-switches, drops mic and walks off-stage 10:34 < regdude> purplex88: a switch will send random spoofed packets to all ports 10:34 * detha tells Apachez to get off the lawn, those things were called brouters exactly to avoid this confusion, until marketing decided that didn't sound spiffy enough 10:34 < regdude> unless they are specifcally crafted (known MAC DST) 10:36 < purplex88> lets say spoofed packets don't spoof MAC dest but only dest ip address, will the switch keep flooding all ports as long as it is receiving the spoofed packets? 10:36 < purplex88> or it stops after it learns 10:37 < regdude> no, if the MAC address is learned, then all packets will be sent out only trough this one port (unless it is a special MAC address that needs to be flooded, one is a broadcast MAC) 10:37 < regdude> IP address is never checked 10:38 < dminuoso> regdude: Strictly speaking that depends on what kind of switch you have. 10:38 < dminuoso> Layer 3 switches have the ability to think in IP addresses. 10:38 < regdude> ehh 10:39 < regdude> yes, layer3 switches use the IP address to do routing decisions 10:39 < purplex88> well i think i need to do it via. simulation. is there an easy simulation? 10:39 < dminuoso> Though personally I think the name "layer 3 switches" is so misleading. THey should just be called "router with a builtin switch" 10:39 < regdude> the chance that this guy has a layer3 switch... 10:39 < dminuoso> Heh =) 10:40 < detha> dminuoso: see previous remark - they used to be called brouters :p 10:40 < regdude> you can have a switch with routing capabilities using the CPU, but switching capabilities using the switch chip, but you can also have a ASIC that does routing decisions without using CPU 10:42 < Apachez> a l3 (layer3) switch is a switch with routing capabilities 10:42 < dminuoso> Apachez: I'd call this "a router" 10:42 < Apachez> na 10:43 < Apachez> to me a router can do other than ethernet and can also fit with multiple full internet bgp routes 10:43 < Apachez> but sure in a logic diagram you should point it out as a router 10:43 < Apachez> but I would still call it SWx :) 10:44 < detha> routers speak routing protocols. L3-switches don't do much more than a few static routes 10:49 < Faraon_> https://tinyurl.com/ya79dnx5 10:51 <@catphish> i have no idea why that person keeps arriving here posting that same link 10:52 < regdude> none has check for phishing or more nice things? 10:52 < regdude> *checked 10:53 <@catphish> it seems to just be a page that tells you your IP, really odd 10:53 <+zrnd> o.O 10:53 <@catphish> i asked them once, never got a reply 10:54 < detha> collecting IP addresses of people in IRC then, murphy knows what for 10:54 <@catphish> detha: well no, because there is no correlation between a page telling the user their IP, and the owner of the server seeing it 10:55 < horse> couldn't the owner of the server see who's hitting the page from apache logs? 10:55 <@catphish> horse: yes 10:55 < horse> but not correlate that to the irc user name i guess 10:55 < detha> catphish: posting a link, seeing what user agents hit it, correlate with IRC clients that automatically dislay images inline? 10:56 <@catphish> you're missing my point 10:57 <@catphish> you shouldn't infer this from the fact the page displays the user's IP so the user, it's totally irrelevant, if they wanted to harvest details, why not post something more interesting 10:57 < purplex88> whats a correlation? 10:58 < regdude> relationship with Corel Draw 10:58 < detha> it doesn't matter what is on the page, could be anything 10:58 <@catphish> also, if people are rendering images inline the extra click seems redundant :) 10:58 < horse> regdude: lol 10:59 <@catphish> lol 10:59 <@catphish> i get it 11:01 < horse> So i have a QSFP optic. receive power reading is -2.2033dBm 11:01 < horse> i don't really understand the -2.2033dBm? what unit of measurement is that? 11:02 < Reventlov> catphish: nobody is doing that, right? 11:02 < Reventlov> (rendering image inline) 11:02 < regdude> dBm? Or maybe dB? Either way, that tells how strong is the signal you re receiving 11:03 <@catphish> Reventlov: some people do, irccloud for example does 11:03 <@catphish> i wish my client did 11:03 < horse> regdude: so would the fact that it's a minus number be good bad or indifferent? 11:03 < Reventlov> horse: a dBm is a ratio between power to one milliwatt 11:03 < regdude> a positive number is bad and should be replaced, anything below 0 means it is working 11:03 < detha> catphish: until someone finds the next exploit in some library rendering arcane graphics formats 11:04 <@catphish> horse: see https://en.wikipedia.org/wiki/DBm 11:04 < horse> cheers chaps 11:04 <@catphish> dBm is decibels relative to 1mW 11:04 < Reventlov> detha: no need, jusk ask for a svg :> 11:04 < Reventlov> (you can embed javascript in svg, or do some neat stuff like fractals) 11:05 < detha> Reventlov: poor mobile users' batteries 11:06 < detha> Didn't know that about svg. 11:27 < Apachez> it should be dBm and not DBm 11:29 < TandyUK> every work on wikipedia starts with a capital, its only the url that is wrong :) 11:29 < Apachez> horse: check the datasheet for the optic, normally positive value is bad bud the optic can often deal with up to +3.0dBm and negative it can often deal with down to -12.0dBm 11:29 < Apachez> positive numbers often means the optic is blinding itself 11:29 < Apachez> like you use a 40km optic and only 1 meter cable 11:30 < Apachez> in those cases change to 10km optic (at both ends) or put in an attenuator which will dampening the signal strenth 11:30 < Apachez> normally -3.0dBm is the average RX/TX 11:30 < Apachez> aka "perfect" 11:30 < Apachez> so -2.2 is nothing to worry about imho 11:31 < horse> cheers Apachez. Yeah it's well within range according to the spec sheet for the optic 11:31 < Apachez> -12.0dBm means it gets so close to noiselevel so it barely can see what is the signal and what is the noise 11:32 < Apachez> those numbers can also tell you when its time to clean the optic (and the fiberend) 11:32 < Apachez> because the LC/SC connectors are not like hermetical closed when connected 11:32 < horse> been seeing a few CRC errors on this particular optic 11:32 < Apachez> so dust and shit can still end up there 11:32 < Apachez> depends on for how long time 11:32 < Apachez> normally you should have like 0 crc errors 11:33 < horse> about 8000 in two weeks 11:33 < Apachez> but in one of mine equipment I recently checked with 37 weeks of uptime it had like 5 crc errors 11:33 < Apachez> most likely due to somebody at the other end of the darkfiber (or along the road) disconnected/connected the cable 11:33 < horse> all of the other optics in the port channel are showing zero errors 11:33 < Apachez> another thing to keep track on the optics is the temp 11:33 < Apachez> depending on model above +70C is usually a bad thing 11:34 < horse> not checked the temp actually 11:34 < Apachez> there are however industrial graded optics that allow for +85C and such 11:34 < Apachez> so if your optic is like at +69C then it can explain the raise in the errors 11:34 < Apachez> in short time 11:34 < Apachez> so yeah 8000+ crc errors in 2 weeks seems like something worth investigating 11:35 < horse> temp is currently sat at 40.207C 11:35 < Apachez> I guess thats 40.2 and not 40.2k ? :P 11:35 < horse> :) 11:36 < Apachez> "hotter than sun, you have a fusion reaction going on - could be a problem for more than one reason..." 11:36 < horse> heh 11:36 < horse> it's in a rack with a bunch of blades so it can get quite toasty in there 11:37 < Apachez> yeah but +40C is chill 11:37 < Apachez> in some parts of the world when temp changes rapidly during the day moisture can be a problem too 11:37 < Apachez> but in those cases all sort of errorcounters jumps not just crc 11:37 < Apachez> that is its hot and moist 11:38 < Apachez> and then the temp suddently drops 11:38 < Apachez> so all the moisture starts to form drops and stick to surfaces 11:38 < horse> it's not really doing much in the way of throughput tbh, it's a 40Gbps optic and it's doing about 11Mbit/s input and 99.00Mbit/s output 11:38 < Apachez> you mean the current workload? 11:38 < horse> yeah 11:38 < Apachez> or you benched it and the output was that bad? :P 11:38 < horse> heh, current 12:00 < pikaro> Hi! I asked yesterday about intermittent SSL_ERROR_RX_MALFORMED_SERVER_HELLO with firefox and people said they haven't seen this behavior. turns out it's a problem with TLS 1.3: https://bugzilla.mozilla.org/show_bug.cgi?id=1462303 just in case any of you have to support people getting that error 12:44 < regdude> anyone knows tools to generate IGMP messages for testing purposes? I'm looking for IGMP join mostly 12:50 < detha> regdude: scapy? 12:51 < regdude> seems like it is possible with that tool, thanks! 13:05 < shtrb|work> What would be better way to backup GMail inboxes , using imapsync or trying their backup tool and (I wish to import it to a new instance of dovecot somehow). my goal is to have as close as possible to the original headers and content 13:05 < shtrb|work> or any other better option 13:06 < shtrb|work> (~15 GB of data for each box) 13:26 < ben8472> shtrb|work : their own backup option is quite ok, used both before and now i use theirs every few weeks 13:27 < shtrb|work> Did you need to do some manipulation on the file to be able to import it to your local email server ? a 13:28 < Apachez> pikaro: thanks for returning and updating on the issue 13:28 < Apachez> shtrb|work: how does googles backup tool work? 13:28 < Apachez> or do you mean account dump? 13:28 < Apachez> also when using imapsync make sure to use imaps and not imap 13:28 < shtrb|work> account dump 13:29 < Apachez> another corner case is that if you enable pop3/imap on your gmail account that can be a way in for bruteforce 13:29 < Apachez> so that is disabled by default if I recall it correctly 13:29 < shtrb|work> There is a new feature, that suggest it will create a huge compressed file with everything inside it 13:29 < Apachez> yeah account dump 13:29 < Apachez> try that 13:29 < Apachez> downside is that it can take a few days to create 13:29 < Apachez> dunno the fileformat within 13:29 < Apachez> like if its mbox (all mails in one file) or eml (one file per email) 13:30 < Apachez> using imapsync would be more efficient to only take the diff 13:30 < Apachez> also note that imapsync would mean if something got deleted in between its gone 13:30 < Apachez> compared to popsync where the email is downloaded and even if its deleted on the servers later on you still have a copy 13:30 < Apachez> with imap that would be gone 13:32 < shtrb|work> I was under the impression that imapsync allowed download without delete on server 13:33 < tds> do you want to do this as regular backups, or one large migration? 13:33 < tds> Apachez: iirc the google export produces mbox, but I might be getting mixed up 13:34 < shtrb|work> tds, one large backup and then regular backups 13:36 < tds> ah, I'd expect imapsync to work much better for that 13:38 < dionysus69> curl: (92) HTTP/2 stream 1 was not closed cleanly 13:38 < dionysus69> what does this mean? 13:38 < dionysus69> I cant send post requests to a server anymore 13:38 < shtrb|work> link drop ? 13:38 < dionysus69> ? 13:39 < shtrb|work> dionysus69, your server might have a bad respsonce or drooped the link (RST packet for example) 13:39 < dionysus69> so what can I do? 13:39 < dionysus69> restarting doesn't help 13:40 < shtrb|work> check with -v option (to get more info), and check if your curl is the most updated 13:40 < dionysus69> I have 7.52.1 13:41 < shtrb|work> current stable is 7.60 13:41 < dionysus69> well, I am on debian xD 13:41 < shtrb|work> and github.com/curl/curl 13:42 < shtrb|work> try opening an issue (or debian bug) with curl -V or --trace 13:42 < dionysus69> http://paste.debian.net/1025644/ 13:42 < dionysus69> with -v 13:42 < dionysus69> it's not an issue with curl I am sure 13:45 < shtrb|work> Can you verify if your cert configuration is adequate ? 13:45 < dionysus69> yes 13:45 < dionysus69> it worked fine couple times 13:46 < shtrb|work> I'm not saying something is wrong , but that is just a hunche 13:46 < dionysus69> after I executed particular post successfully 13:46 < dionysus69> then it doesnt work for second time 13:47 < dionysus69> ok I may have figured it out -.- 13:47 < dionysus69> just a bad message 13:47 < dionysus69> error* 13:49 < shtrb|work> ? 13:49 < Myrl-saki> Who here has networked linux containers together? 13:51 < dionysus69> shtrb|work: it was an API error, but it threw a weird error, as if it was a protocol problem but in fact it was a request payload problem 13:54 < shtrb|work> dionysus69, so as I suggested " dionysus69, your server might have a bad respsonce or drooped the link (RST packet for example)" :) 14:04 < dionysus69> I didnt understand what you meant by then :) 14:11 < hypercore> can i use cloudflare to give a server ssl? 14:11 < shtrb|work> what does that mean ? 14:12 < Peng_> hypercore: Sure. You could also use Let's Encrypt. 14:12 < hypercore> isn't cloudflare easier? 14:12 < shtrb|work> CF has tls support (per package or the upper domain ) 14:13 < Peng_> hypercore: Not really, 14:13 < shtrb|work> hypercore, www.cloudflare.com/ssl/ 14:16 < ALowther> Hi :). I am really trying to cement OSI/layer understanding in my mind as it seems to be the centerpiece for any computer->computer communication...It seems for any application to communicate across a network the transport layer must be used so that when the information is returned, it knows which application to return to. However, a ping request for example, according to everything I've read, only uses layer 3. How? When the ping pack 14:16 < ALowther> et responds, if there is no port number assigned for the information to return to the terminal process I am currently running, how does it know where to deliver that return information? 14:17 < hypercore> thanks 14:17 < regdude> ARP uses MAC addresses to communicate, broadcast for requests, unicast for replies 14:17 < ALowther> I guess "when the ping packet responds" is poor wording. When a response to an ICMP packet is returned. 14:18 < regdude> ping uses "ICMP" ar protocol, the kernel knows where to pass it 14:20 < shtrb|work> ALowther, ICMP is transport protocol , ping is the application but there is no dialog hence no upper layers 14:20 < ALowther> But how does the kernel know where to pass it? Via the packet header? 14:20 < tds> yes, the icmp packet has an identifier in the header 14:21 < shtrb|work> ALowther, more accurate is there is no payload for the next level in the case of ping (but not for others that ride over ICMP like icmptunnel) 14:21 < dogbert2> if you look at the ICMP header/packet, it's not much in terms of payload :P 14:21 < shtrb|work> ALowther, the OS tie that information over sockets (application-socket) 14:22 < shtrb|work> dogbert2, you can transfer data over ICMP not used much but exist 14:22 < regdude> good old ICMP attacks 14:23 < shtrb|work> or obfuscation 14:24 < ALowther> shtrblwork: Okay, but that is what I am trying to figure out in my mind. It is my understanding that a "socket" only exists when an send & dest IP is coupled with send & dest port. If ping operates on level 3, doesn't level 4 establish a port? No port, therefore, no socket. Therefore, how does it know to deliver the response back to the terminal process that initiated the request? 14:25 < regdude> take Unix sockets for example, they don't use ports, they use path 14:25 < regdude> bind a socket to a protocol 14:25 < shtrb|work> ALowther, a socket can exist even without a port (that is very IP centric view) , socket is just a data structure in memory 14:25 < ALowther> I am not too familiar with Unix sockets, definitely something I plan to spend time looking into, but for the sake of this understanding, let's assume i am using Windows. 14:26 < tds> ALowther: the icmp packet has an identifier in the header, which will be used by stateful firewalls as well to identify the connection 14:26 < shtrb|work> ALowther, in windows think of named pipes 14:29 < shtrb|work> A named pipe does not have an idea of a port (it's not really a socket but close enough to understand the idea) 14:30 < ALowther> If you can route to a client without ports, then what is the purpose of the transport layer. I guess I can imagine when transferring large amounts of data, something like TCP is helpful for packet ordering and ensured delivery, and even UDP could ensure packet integrity with a checksum. But what about a DNS request? Why does a DNS request use transport. It too could get by with a unix port or piping, right?....I know I am being very pa 14:30 < ALowther> rticular. I am just really trying to understand the what, why, and how for what is going on beneath where my eyes can see. 14:33 < tds> ALowther: you can send out all sorts of kinds of ip packets - some of those have mechanisms for tracking a single connection (eg udp, tcp, icmp), while others don't 14:33 < longxia> ALowther: i think "transport" is a misnomer if you think it is required to transport a packet from host to host. It is not. 14:34 < tds> and if you want your protocol to work behind most nat/firewalls these days, then you'll likely need to run it over tcp/udp 14:34 < regdude> you can transport data without any upper layer above Layer1, you can set everything to 0 and still be able to transfer data, it only matters how the other end understands the data. The other end can easily assume to send the same data to all applications 14:35 < shtrb|work> ALowther, take me for an example right now - I'm connected over 4G (ppp connection) having an icmp tunnel to host server (different layer) that connect me over tcp/ip (IRC) to this channel 14:36 < shtrb|work> *not icmp tunnel but an ipsec tunnel (sorry for the error) 14:36 < regdude> I wanted to ask almost if your ISP is really blocking other tunnels 14:37 < shtrb|work> I have access to one that does that, beware of dragons , trolls and Altice 14:38 < ALowther> I don't understand the depths of what you are all saying right now. BUT thank you so much :) It's all slowly sinking in. 14:39 < ALowther> regdude: "Send some data to all applications". As in, the information comes in, we send this information to every application currently listening for a response & it can read the data & see if it was the data it was waiting for? 14:39 < shtrb|work> ALowther, many different protocols, each used when it best designed for, some are designed to deliver payload and other are not 14:40 < shtrb|work> ALowther, think of brodcasting for example or sending a message to a dbus channel (you send it and someone will handle it ) 14:43 < ALowther> dbus channel :(. I've never even heard of it. 14:43 < ALowther> I'll be back in a bit! Thank you all 14:43 < ALowther> If you have any recommended readings for some specifics, I'm happy to check those out. :) 14:45 < shtrb|work> Maybe ZeroMQ would be more known example in windows 14:45 < longxia> ALowther: wikipedia. I'm serious. 14:46 < shtrb|work> Or home owner assoiation (one person complain and someone will fix the issue) 14:57 < shah^> /nick nsh^ 14:57 < redrabbit> nick nick 15:13 < Apachez> altice? 15:13 < Apachez> who the fuck is altice? 15:15 < shtrb|work> Apachez, the ones that make xfinity look like having a decent customer service 15:19 < shtrb|work> Apachez, the fun part they almost got Time Warner Cable some time ago 15:34 < ash_work> has anyone heard of/taken a "network as code" approach? 15:36 < shtrb|work> cloud mambo jambo 15:36 < detha> SDN! 15:37 < shtrb|work> detha, I think you do harm to SDN when describe it as a subset of Infrastructure as Code 15:37 < ash_work> sdn? 15:37 < shtrb|work> software defined network 15:38 < ash_work> shtrb|work: can you elaborate on your critique? 15:39 < detha> shtrb|work: SDN is one of the vaguest defined things, marketing got hold of the term before engineering even had the prototype ready, so I don't thinkg it can be damaged any furtger 15:39 < detha> *further 15:39 < Apachez> "taken a network as code approach", what kind of drugs are you on? 15:39 < shtrb|work> ash_work, NaC is a declartive way to store information (c.f. puppet /chef and add meth ) , SDN has actual use and idoligy in my church 15:39 < Apachez> SDN as described by marketing is a great way to have single point of failures in your network 15:40 < meth> shtrb|work, wut? 15:40 < shtrb|work> sorry 15:40 < Apachez> sounds like a church by/for terrorists... 15:40 < Apachez> KILL HIM!!! 15:40 < Apachez> with fire... 15:40 < Apachez> as seen on terminator 2 15:40 < shtrb|work> SDN is usefull 15:40 < Apachez> yeah for the intruder :) 15:40 < shtrb|work> but saving files in git and giving it a new name ? 15:41 < Apachez> pwn internet router, pwn sdn controller, pwn inner router - profit 15:41 < shtrb|work> Apachez, yes because we are all so safe with TR069 and hardcoded access in ISP given routers 15:42 < shtrb|work> https://www.bleepingcomputer.com/news/security/hardcoded-password-found-in-cisco-enterprise-software-again/ relevent 15:42 < ash_work> the sarcasm is kind of making things hard for me 15:44 < shtrb|work> ash_work, sorry , Something as Code , is a marketing term that describe storing documentation how to deploy and orgnize a network see https://en.wikipedia.org/wiki/Infrastructure_as_Code for an example 15:44 < spaces> Apachez how is the internets today ? 15:44 < ash_work> "storing documentation" ? not a actual set of commands? 15:45 < shtrb|work> ash_work, think of git repo for all your scripts how you manage system 15:46 < shtrb|work> ash_work, you have put all your rules and scripts on some git repo ? you have some rights mangment ? did a CI env ? congrats you have IaC 15:46 < ash_work> are all network devices configurable through scripts? does that require opensource firmware? and to mock/test? 15:47 < Apachez> and think of the chiiiiiildren 15:47 < shtrb|work> wtf do children do with git ?! 15:47 < lupine> fork 15:47 < lupine> obviously 15:47 < lupine> ash_work: some devices are configurable, some are not 15:47 < spaces> Apachez Apple thought about the children today! 15:47 < lupine> some are entirely virtualized 15:47 < shtrb|work> lupine, you owe me a cup of tea 15:47 < lupine> :D 15:48 < ash_work> lupine: please continue :) 15:48 < shtrb|work> and a blanket , because I have a tea spill on my table 15:48 < shtrb|work> *napkin 15:49 < lupine> ash_work: concrete example. I worked at a hosting company a while ago. we built our own virtual machine hosting platform, as you do, and the VMs needed networking. we did this by scripting linux bridge creation., so everything up to the distribution switches was a software-defined network 15:49 < lupine> this was all old-fashion 802.1q stuff, just with automated provisioning and teardown based on what VMs were running where 15:49 * spaces is in bed 15:49 < spaces> with dog :P 15:50 < lupine> the non-SDN way of doing it would have been to manually configure all those bridges. the more-scalable-SDN method would have been to integrate the ds and core switches 15:50 < ash_work> lupine: so you had virtualized switches? 15:50 < lupine> yes, interoperating with physical ones 15:51 < lupine> often, SDN attempts to remove switching entirely, so you end up with L3 everywhere. This is because L2 is a complete pain to manage 15:51 < lupine> one proposal to switch to that, as I was leaving, was to stand up a virtual machine per customer, per physical site, to which the traffic for all their VMs would be automatially routed via L2TPv3 tunnel 15:51 < lupine> they'd come with a sane configuration by default, which the customer would be able to change by API 15:53 < ash_work> lupine: so are really switches anymore? 15:53 < ash_work> these* 15:53 < lupine> no, these would have been SDN-routers, rather than SDN-switches 15:53 < lupine> see above comment about it being a vague term 15:53 < lupine> there are all sorts of things you can do that qualify, and lots of them are really bad ideas 15:54 < lupine> unless you're looking to scale to obese unicorn sizes, it's all wasted effort IMO 15:55 * ash_work mulls over that 15:56 < skunkz> Hello, I'm trying to set local dns resolution so I can reach my raspberry pi easily. From what I understood, .local is a special domain that will be automatically resolved using Avahi. However, I read that Avahi is to be replaced by systemd-resolve, so I'd like to use this instead, but I have trouble setting up mDNS resolution with systemd-resolve. Any hints ? 15:59 < shtrb|work> lupine, what did you use for that vms ? I think I do an overkill with vboxes 16:00 < shtrb|work> and SDN is a big word for a vpn + route command 16:00 < lupine> shtrb|work: as I say, we wrote our own. the virtualizer was qemu+kvm 16:00 < shtrb|work> I was asking the virutalization 16:00 < lupine> and now you know 16:01 < lupine> as noted above, SDN is a very vague term. it includes sensible things, and it also includes 6-figure appliances that promise to do it all for you 16:02 < skunkz> Or maybe I should just stick to avahi which is working fine for now ... 16:04 < shtrb|work> throw some petrol and dish soap or Triethylaluminium at that 16:14 < spaces> I vote for Bed/Offices 16:15 < shtrb|work> you have a bed in the office ?! how much you work that your employer give you a bed to sleep in :-( 16:19 < Spice_Boy> I work with a laptop in bed sometimes 16:19 < shtrb|work> "work" 16:20 < Spice_Boy> ha, yes 16:20 < Spice_Boy> if it's too cold to get up 16:20 < shtrb|work> It is too cold for you today ? don't worry you have an AMD cpu it will make you warm at the cold nights 16:22 <+catphish> grr, why aren't cookies sent with websocket requests :( 16:23 <+catphish> how am i supposed to authenticate the meat sack who's making the connection? 16:23 < detha> because GDRP 16:23 < shtrb|work> put the data in the handshark 16:23 < shtrb|work> *handshake 16:24 < shtrb|work> also if he has a browser , just use the browser to identify the user 16:24 < shtrb|work> catphish, does it work over a browser instance ? 16:25 <+catphish> i'm using someone else's javascript, not sure if it can inject authentication, even if it can, that means giving the javascript access to the credentials which isn't ideal 16:25 <+catphish> "just use the browser to identify the user"? 16:26 < shtrb|work> catfish - https://browserleaks.com/ 16:26 < uplime> couldn't you use a JWT to authenticat them? 16:26 < sleepy6> i met an undercover cop 16:27 < shtrb|work> that is how the intellectually chalenged sites now identify your browser if you have JS enabled even after reinstalling the browser with a new account 16:27 <+catphish> uplime: yes, i probably can, it just seems like an unnecessary extra step, i already have a cookie that authenticates the session 16:28 < shtrb|work> catphish, you can always manually do ws.SetRequestHeader("OhShit","bla=$val"); 16:28 < uplime> yeah authentication over HTTP is pretty lame 16:28 < uplime> and as a result, any protocol built ontop of HTTP 16:28 <+catphish> shtrb|work: the problem there is that the javasceipt doesn't have access to the cookie 16:29 <+catphish> javascript shouldn't be doing server auth IMO :( 16:29 < shtrb|work> catphish, etag ? 16:29 <+catphish> but i guess my only option is to generate another token and have javascript send it 16:29 < shtrb|work> *does E-Tag work in your case ? 16:29 < uplime> can you generate a session UUID based on that cookie that authenticates the user? 16:30 < uplime> not sure how secure that is though, now that I think about it 16:30 < shtrb|work> or put that hash in an E-Tag ... 16:30 <+catphish> i wonder why chrome isn't just sending my cookies :( 16:30 <+catphish> i assume by design, but i wonder why 16:37 <+catphish> as far as i can see, cookies *should* be sent 16:37 <+catphish> i don't understand why they're not 16:38 < shtrb|work> forked from another place https://www.reddit.com/r/whatisthisthing/comments/8kzx5p/some_kind_of_explosive_lying_on_the_floor_of/ :D 16:38 < detha> same-origin stuff? 16:38 <+catphish> detha: it's the same server :( 16:42 < shtrb|work> who needs GDPR when people leave gifts like that in the server room 16:47 <+catphish> shtrb|work: nice bomb 16:50 < JyZyXEL> maybe it's paranoid level security.. self-destruct as a last resort :P 16:51 < shtrb|work> not mine , it must have been a great IT work, his work was a blast 16:51 < shtrb|work> or her work 16:52 < SporkWitch> go home dad, you're drunk 16:53 < shtrb|work> It's a new form of a firewall ? 16:59 < regdude> well I have a script ./firewall_panic.sh, must be similar 17:41 < AvidWolf43> hi guys 17:41 < AvidWolf43> can anyone explain ip helpers to me and how I can make them work for pxe boot? or defer me to recommended reading? 17:45 < v0Lk> is it possible to configure an interface to ping every x amount of seconds 17:45 < v0Lk> ? 17:45 < AvidWolf43> v0Lk: maybe with crontab or nagios script 17:46 < v0Lk> I had tried IP sla but every guide I find is dated 17:46 < spaces> catphish I thought you were Da Bomb in her! 17:46 < spaces> here 17:47 < spaces> or maybe her as well ;) 17:47 < v0Lk> simply want it to keep a connection alive by pinging every 10 seconds or so via a cell interface to a dns server or something like that 17:47 <+catphish> spaces: certainly not the latter 17:49 < shtrb|work> v0Lk, what is the goal ? 17:50 < v0Lk> keep alive a cell connection for testing ( temporarily ) 17:51 < spaces> catphish pics or it didn't happen :P 17:51 < v0Lk> going to try ip SLA icmp-echo 17:52 < shtrb|work> v0Lk, watch -n 10 ping 8.8.8.8 -c 2 17:52 < shtrb|work> just stop it when you don't like anymore 17:53 <+catphish> so, it seems that my javascript library is doing something that's stopping these cookies being sent :( 17:53 < shtrb|work> catphish, javascript is dead long live webassembly 17:53 <+catphish> lol 17:53 < rewt> mmm cookies 17:54 < TandyUK> lmfao 17:54 < v0Lk> shtrb: you are the man 17:54 < v0Lk> or woman 17:54 < TandyUK> thats the best joke ive heard this month :P 17:54 < TandyUK> and wtf is webassembly? 17:54 < shtrb|work> v0Lk, or apache helicopter 17:54 <+catphish> so, it turns out websockets *do* send cookies, but the novnc websocket connection doesn't :( 17:55 < shtrb|work> TandyUK, webassembly is ... assembly for the web (more like machine language but that will not be so fun) 17:56 < shtrb|work> I feces you not, the next payload is a function to execute by the browser 20 00 50 04 7E 42 01 05 20 00 20 00 42 01 7D 10 00 7E 0B 17:56 < shtrb|work> https://en.wikipedia.org/wiki/WebAssembly 17:57 < shtrb|work> It's safe, it's clear , there is no amiguity, no magic types just simple operations :D 17:58 < TandyUK> wow, someone has way too much time on their hands :P 17:59 <+catphish> is this a brand new virtual machine? 18:00 < shtrb|work> catphish, it a revolutionary thing ! no more for pesky varibales , just clear instructions, that make it web 3.0 18:01 < shtrb|work> you can even compile direct C code to a lib that will be executed by the browser, just think of compile once and run anywhere, and you can just write byte code directly 18:02 < shtrb|work> you put a blob on your server and it will be executed on client pc, it's amazing ! 18:03 < shtrb|work> And if you really like JS you can even load webassembly files 18:05 <+catphish> now my cookies aren't sending again, this is very odd / random 18:06 < shtrb|work> catphish, https://i0.wp.com/happyorhungry.com/wp-content/uploads/2011/10/cookie_monster_original.jpg?resize=800%2C600 18:08 < shtrb|work> catphish, are you working with the novnc html5 applet ? 18:08 <+catphish> shtrb|work: yes 18:08 < shtrb|work> did you remember to configure routing correctly and not via the public redirector ? 18:08 <+catphish> i don't even know what that is, but yes 18:08 < kuahara> I need help with a Windows VPN issue. This group is using SBS 2011 (not sure that's relevant) and has everything forwarded to the inside server. The error on connect is 812, says the connection was prevented due to policy on ras/vpn server; specifically the authentication method used by the server didn't match what I was using. 18:08 < kuahara> I edited the server properties in rras and set it to use only chap2 and my outgoing connection also only allows for chap2, but this error persists 18:08 < shtrb|work> lol 18:09 < kuahara> any ideas? 18:11 < shtrb|work> catphish, you have two ways to work with novnc - directly (you make sure you have routing to locally and remotly via routing) or setting using nginx/apache/public server. 18:13 <+catphish> shtrb|work: well i'm using it to connect directly to my web server (the same server that hosts the js) 18:13 < shtrb|work> catphish, same machine ? 18:13 <+catphish> yes 18:13 < shtrb|work> *client + server 18:13 <+catphish> yes, everything is localhost:3000 18:14 < shtrb|work> so that not the proxy thingy , sorry for wasting your time 18:14 <+catphish> although now i'm not even looking at novnc any more, i'm just running: ws = new WebSocket("ws://127.0.0.1:3000/ws", ["binary"]); 18:14 <+catphish> and it's not sending cookies 18:14 <+catphish> this isn't cook 18:14 <+catphish> *cool 18:16 < shtrb|work> kill the process and restart 18:18 < shtrb|work> catphish, I'm using both guamolle and novnc , maybe you would like to check the other too 18:18 < shtrb|work> *Guacamole 18:19 <+catphish> well right now this problem is happening in plain chrome :( 18:19 <+catphish> so not sure novnc is even relevant to the problem 18:19 < shtrb|work> petrol and dish soap can be applied here too 18:21 <+catphish> demo: https://imgur.com/a/LmdXVK5 18:23 < shtrb|work> are you really executing from console ? 18:23 <+catphish> yes 18:24 < shtrb|work> Can you save the code in a file , and let the browser execute it ? (long shot I know), but when you open it add a hash in the end (to avoid cache hit) 18:24 < shtrb|work> soemthing like http://localhost/foo.js?v=123 18:24 <+catphish> well i'm here in the first place because it didn't work in novnc (which is a scerpt) 18:24 <+catphish> *script 18:24 < shtrb|work> sorry again 18:25 <+catphish> thanks :) 18:55 < CutieCat> hi 18:59 < Apachez> hate when this happens https://www.reddit.com/r/whatisthisthing/comments/8kzx5p/some_kind_of_explosive_lying_on_the_floor_of/dzbu0dm/ 19:01 < obcecado> that is a nice one 19:18 < Jmabsd> guys, the 10GBASE-T RJ45 SFP+ transceivers, they will support SFP+ too right? 19:21 < meingtsla> Jmabsd: The way your question reads, it reduces to "Does an SFP+ transceiver support SFP+?" Is that what you really mean to ask? 19:22 < Jmabsd> arr. 19:22 < Jmabsd> i meant 1000base-t 19:22 < Jmabsd> meingtsla: sorry. i meant, if i plug a normal gigabit over cat7 into my 10GBASE-T SFP+ transceiver, will i get that gigabit served? 19:23 < Jmabsd> i guess the answer is *YES* (= 10gbase-t transceivers do also support stepping down to 1gbps, 100mbps, 10mbps) 19:27 < Apachez> no they cant 19:27 < Apachez> most can only do 1G/10G 19:27 < Apachez> but check the individual datasheet 19:28 < Jmabsd> aha 19:28 < Jmabsd> apachez: wait, so supporting 1G and 10G is common, but not 100mbps and 10mbps? 19:29 < Apachez> 10GBase-T SFP+ (30m RJ45) goes for $180/each https://www.fs.com/products/66612.html 19:29 < Apachez> Data Rate 10Gbps, 5Gbps, 2.5Gbps, 1000Mbps 19:29 < Apachez> 30 meters via 10Gbps, 50 meters via 5Gbps and 2.5Gbps, 100 meters via 1000Mbps. 19:29 < Apachez> so as you can see neither 100Mbps nor 10Mbps is supported on the 10G SFP+ RJ45 19:29 < Apachez> some builtin RJ45's supports 100Mbps too 19:30 < Apachez> that is 10GBase-T RJ45 who are builtin (no SFP+) 19:33 < Apachez> but personally I wouldnt recommend 10G RJ45 19:33 < Apachez> go for singlemode 19:33 < Apachez> there are some cornercases where multimode is suitable 19:33 < Apachez> but other than that singlemode ftw 19:39 < Jmabsd> apachez: wait, "singlemode" here means, optical? 19:39 < CutieCat> are chinese alfa clones any good? 19:39 < Jmabsd> apachez: you mean don't use copper, is that your advice? 19:41 < shtrb> did catphish was able to get the cookies ? 19:53 < backes> hey! my router (fritzbox) says that ipv6 should work. ping on an ipv6 address doesn't work (100% packet drop). What could be the issue? I have a direct connection to the router so there's no NAT or firewall in between 19:53 < Symmetria> heh - last I checked - the default settings on fritzbox - are to firewall out all v6 unless you explicitly turn it off 19:53 < Symmetria> ;p 19:54 < backes> would make sense... I'll double check :) 19:57 < electricmilk> Weird question but does anyone ever notice after switching to keto that the oily back of their ears smell like chocolate? I've read its quite common and has to do with what you eat. 19:57 < electricmilk> lol wrong channel sorry 19:58 < rewt> o.O 19:58 < rewt> i don't think i've ever smelled the back of my ears 19:58 < electricmilk> You should try some time 19:58 < Jmabsd> Apachez: ? 19:59 < spaces> wtf then you have 3x 27" monitor and you still have not enough space 20:00 < S_SubZero> what's the *right* channel for that question anyway 20:01 < tds> spaces: you need to go up to 3x 40" 4k or something now ;) 20:01 < electricmilk> S_SubZero, A keto diet channel 20:01 < S_SubZero> Freenode has those? o.O; 20:02 < electricmilk> Yes sir 20:03 < backes> mmh I don't know why ipv6 doesn't work. Fritzbox has "ipv6 support enabled" 20:04 < backes> and it apparently has an ipv6 connection 20:04 < tds> does the router have any kind of diagnostics that let you ping from the router itself? 20:04 < tds> also, I'd confirm that your device is getting a v6 address, has a default route out via the router, router has a default route on wan, etc 20:06 < Dagger> and check e.g. `rdisc6` to see if the router is sending RAs 20:08 < backes> it doesn't look like I can send pings from the router... The router has an ipv6 address, my devices have one as well 20:08 < purplex88> how does a switch respond if it is flooded with spoofed ip addresse (both src and dest) packets (not MACs)? 20:08 < purplex88> does it simply ignores packets because it doesn't care about IP addresses? 20:08 < Dagger> backes: what address, specifically? or at least, what does it start with? 20:09 < tds> if it's just a dumb switch and doesn't have anything enabled to look at ip packets inside ethernet frames, it won't care 20:09 < purplex88> dumb means regular switch? 20:09 < backes> Dagger: 2a02:168:2000:c: 20:10 < purplex88> like $20 switch? 20:10 < tds> yeah, I wouldn't expect that to care at all about the content of ethernet frames 20:10 < purplex88> so a switch only cares about MACs of machines connected to switch 20:11 < tds> yes, typically 20:11 < Dagger> backes: okay, so it's not that you only have ULA or anything 20:11 < tds> you can configure switches to do routing and/or look at the content of frames, but by default they won't 20:12 < purplex88> so spoofed packet with wrong ip addressses goes to switch and simply gets dropped? 20:13 < tds> the switch will just forward the ethernet frame 20:13 < purplex88> won't it initiate an ARP request to know which computer's MAC has that ip? 20:13 < tds> if the destination mac address is a router, then it's possible the router will filter source addresses, or it may not 20:13 < backes> Dagger: no, ifconfig on a device gives me a bunch of ipv6 addresses, all starting with 2a02 or fd.. fe.. and the router's ipv6 starts with 2a02 as well 20:14 < tds> if you're sending traffic on-link then yes it will attempt to resolve it via arp (for v4), otherwise it'll just be routed according to your routing table (so probably forwarded to the default gateway) 20:14 < purplex88> on-link? 20:15 < purplex88> yes i'm sending from a computer that is linked to switch 20:15 < tds> as in you've got a route for a prefix directly on an ethernet link (so it'll attempt to use ndp/arp) 20:15 < tds> eg ip r add 10.0.0.0/24 dev eth0 for linux 20:18 < Apachez> https://en.wikipedia.org/wiki/9M14_Malyutka 20:18 < Apachez> Jmabsd: yes, dont use copper for 10G and above - use singlemode fiber instead 20:19 < lupine> 10gige copper is absolutely fine 20:19 < lupine> and doesn't fail every 10 minutes 20:19 < Apachez> 10G copper is anightmare 20:19 < lupine> fite me irl 20:19 < Apachez> its no coincident that it can only reach max 30m when used in SFP+ slot 20:20 < lupine> obviously, you need to stick to the specs 20:20 < Apachez> while singlemode fiber goes 250km+ 20:20 < lupine> 30 metres is a fine distance, and most people will be well within it 20:20 < lupine> but by all means, use fibre for 10gige for distances > 30 metres 20:21 < Apachez> still bad to waste 2.5W 20:22 < Jmabsd> apachez: but it's only for latency issues isn' tit? 20:22 < Jmabsd> apachez: why copper a nightmare? i only do coiuple meters 20:24 < Jmabsd> apachez: all the Thunderbolt 10gbps ethernet adapters, give you copper only. 20:24 < Jmabsd> so you need to use a little bit of copper unfortunately. 20:25 < lupine> it's genuinely fine. It takes more than 2.5W to wipe your arse 20:25 < lupine> 60kW costs me about 8p 20:26 < Apachez> because you cant grow with copper 20:26 < Apachez> and because singlemode is more useful 20:26 < lupine> mp. 360kW 20:26 < Apachez> takes less space 20:26 < lupine> no* 20:26 < Apachez> can push more data 20:26 < Apachez> is more resilent against EMI and EMC 20:26 < Apachez> etc 20:26 < lupine> there are certainly advantages to fibre, but that doesn't mean that copper isn't suitable 20:26 < lupine> "X is better" isn't the same as "Y is not good enough" 20:26 < lupine> and the failure rate of copper is much better IME 20:27 < lupine> turns out people are *really bad* at terminating fibre 20:28 < lupine> personally, I'd say that in contexts where copper is sane (<30M, not next door to a radar base), it's actually superior. expansion is by the by, you can always mix copper and fibre and use them both in the contexts they're most suited for 20:29 < Apachez> its not "superior" at all 20:29 < lupine> I provided one metric in which my observations disagree 20:29 < lupine> I get it, fibre is space age and shiny 20:29 < lupine> but there's no need to disdain copper jsut because it's around 20:30 < Apachez> no its not 20:30 < Apachez> fiber started to be used commercially during the 80s 20:30 < Apachez> and it still works 20:30 < Apachez> you will not find a cat3 cable working for 10G :) 20:30 < lupine> right, and the space age started in the 60s 20:30 < Apachez> that was produced in the 80s 20:31 < lupine> fibre still has an aura of shiny, in the same way other space-age products like carbon fibre do 20:31 < lupine> it doesn't make a carbon-fibre toothbrush the best idea in the world 20:31 < djph> lupine: unless it's cheaper than plastic 20:31 < lupine> that'd be awesome 20:31 < lupine> at that point I would definitely disdain the plastic toothbrush 20:32 < djph> I mean, it's *not* ... but that's not the point. 20:32 < lupine> mm, cost is another thing we've not talked about in the actual object. ISTR copper is a bit cheaper than fibre, even before taking the defect rate into account 20:33 < djph> as for fiber/copper - yeah, they both have their purposes. 20:34 < zac> my dad's a ubiquiti user, and he's lost his administrator password. i've got his .unf file - is the password contained in there? is there any way to read the backup contents? 20:34 < djph> eh, they're about at parity in terms of cable these days 20:35 < Apachez> zac: since you have the config file why not perform a factory reset and then push that config back without user/pass and then manually set a new user/pass before saving and rebooting? 20:35 < djph> zac: no, use the "forgot password" link / button in the controller login. ALTERNATELY, log into the database and change it to a known hash (even if just "password") 20:35 < Apachez> while you are at it dont forget to firmware update 20:36 < zac> thanks, i'll pass those suggestion on to him. he said when he restored the backup, it used the old password again, but maybe he didn't reset it all the way or something 20:36 < djph> of course restoring a backup will restore the old password 20:52 < skunkz> Hello, I've set up an openvpn server to bypass my building's restriction and now I have trouble understanding some things: the connection in the building is very slow, will it bottleneck the one from the vpn ? I mean if I'm connected to my vpn and watching a stream on twitch.tv, which connection is used? I'd instinctively say that I shouldn't see any difference because the stream has to be downloaded 20:52 < skunkz> from the vpn back to my computer right? 20:54 < djph> it all goes over whatever the physical connection is 20:54 < djph> so if you have shit connectivity in your ... building ... it's going to be even more shit over the VPN. 20:57 < Apachez> "your buildings restriction"? 20:57 < Apachez> great way to get fired :D 20:57 < skunkz> I mean my home building 20:57 < Apachez> what kind of shady restrictions did you apply for yourself in your own home? 20:57 < skunkz> There are ethernet plugs in the wall and a wifi but they are isolated 20:57 < djph> your APARTMENT restricts what you can do?! 20:58 < djph> what the fuck? 20:58 < Apachez> :D 20:58 < skunkz> It's a residential building, for students 20:58 < Apachez> does this building speak to you? 20:58 < Apachez> whisper when you try to sleep... 20:58 < djph> Oh, a student dorm, makes sense there'd be some isolation 20:58 < skunkz> ahah sorry english isn't my 1st language 20:58 < Apachez> well it isnt for any of us in here :P 21:02 < skunkz> well it must be me but I feel like the stream buffers a lot less when I'm on the vpn, or maybe I'm just lucky and the building's connection is not that bad today lol 21:03 < hugo____> hey 21:04 < hugo____> is anyone here familiar with HP networking both procurve/aruba and comware 21:04 < hugo____> ? 21:04 < hugo____> i think im having a spanning tree issue 21:04 < Jmabsd> apachez: a question, how do you distinguish a bad from a good 10gbase-t transceiver? e.g. look at this one https://www.sfpcables.com/sfp-copper-transceiver-10gbase-t-cat-6a-7-20m , which btw supports 100mbit too 21:07 < djph> skunkz: could be that it's "better(tm)" because VPN has a higher priority than youtube 21:07 < djph> (twitch, whatever) 21:11 <+catphish> i just found myself wondering about the statistics about the portion of new businesses that fail 21:11 <+catphish> at what point does something become a new business, and at what point does it get classed as failing? 21:12 < djph> depends where you are - around here, it's <3 (<5?) years since it incorporated. Failing is "closed" 21:13 <+catphish> my first question was "when does it become a business", rather than "when does it stop being new" 21:13 <+catphish> i mean, if i spend a week on something, is that a new business? a month? what if i advertise to assess interest? 21:13 < djph> "incorporation date" would be the key trigger, I think. 21:15 <+catphish> maybe the stats are just "number of companies that form then close" 21:33 < zeldafan78> Let's say that person X wants to reach a large number of people with a message of some sort. Mr. X has no prior database of e-mail addresses and no money to buy one. He also knows very well that such lists are always low-quality and have been spammed to death already and abandoned, if they are even real to begin with. He knows that the e-mail sending company he ends up using will quickly block outgoing e-mails due to high bounce rate and spam 21:33 < zeldafan78> complaints, as well as automatic detection of "bad" traffic. To build an e-mail list properly, you already need to be able to reach out to a large number of people for them to give their active interest/consent in the first place, so how is this done in the best possible way? Is it illegal/prohibited to send one (1) single e-mail to people asking if they want to subscribe to my newsletter and, if they don't actively choose to, never e-mail 21:33 < zeldafan78> them again? Even if it is allowed, how do I find those people in the first place? It's like an eternal logic loop... 21:34 < grawity> the answer, of course, is to fuck off with your "newsletter" 21:35 * zeldafan78 signs up grawity. 21:35 < zeldafan78> No. Not really. You'd be a typical customer I don't want, because you'd mark it as spam. 21:36 < zeldafan78> I specifically don't want to bother such people. 21:37 < zeldafan78> And I hate getting garbage e-mails myself, which I do all the time, but they are always for something stupid. 21:37 < zeldafan78> Not in my case, though. 21:37 < zeldafan78> And frankly, it's the repeated e-mailing to me even after doing anything I can to block it that really pisses me off. 21:38 < zeldafan78> I don't think I would be extremely angry for 1 single e-mail, once. 21:38 < zeldafan78> And yes, not everyone can think like that because then it adds up. 21:38 < longxia> zeldafan78: why choose this channel for this type of question? 21:38 < zeldafan78> longxia: Because this is about networking and traffic? 21:38 < zeldafan78> Where else would you ask this? 21:39 < longxia> #marketing 21:39 < longxia> i don't know 21:39 < zeldafan78> Seems dead like a ghost town... 21:39 < longxia> good 21:39 < zeldafan78> Not good. 21:39 < zeldafan78> Bad. 21:39 < zeldafan78> Be happy that you apparently are able to work in a normal job for some boss, but some of us cannot do that. 21:45 < skunkz> Is is possible to have Avahi work on the vpn ? It currently works for the devices that aren't isolated but it does not between the wifi device and my ethernet connected computer , now that they're on the same network I thought it would work but.. it doesn't 21:50 < zenix_2k2> i have a question, when i connect to a switch, the switch is gonna automatically calculate my subnet right ? or it is my computer which does it 21:51 < S_SubZero> well if it's DHCP, the DHCP server gives you whatever 21:51 < zenix_2k2> was that reply for me ? 21:53 < S_SubZero> yes 21:54 < zenix_2k2> and also, router only has 1 subnet right ? 21:55 < grawity> the *switch* doesn't care about your subnet 21:55 < grawity> the *router* usually tells you your netmask / prefixlength as part of the DHCP lease, if you're configuring IP address automatically 21:57 < zenix_2k2> netmask ? 21:57 < zenix_2k2> you mean the subnet ? 21:58 < grawity> what do *you* mean by "the subnet" anyway? 21:59 < zenix_2k2> well not sure, i have just watched this guy's video --> https://www.youtube.com/watch?v=EkNq4TrHP_U&index=12&list=PLF360ED1082F6F2A5 21:59 < zenix_2k2> you tell me 22:00 < zenix_2k2> you know, something like 255.255.255.0 22:00 < zenix_2k2> that is a class C i suppose 22:00 < detha> itym that is a /24 22:00 <+catphish> don't ever suppose that 22:01 < zenix_2k2> it is just i wanna know what happen behind the scene of networking, like every time i turn on my computer, look in the network's configuration (ifconfig on Linux) and see a "255.255.255.0" there ( subnet ) 22:01 < zenix_2k2> and btw, i have already connected to the router in that scenario 22:03 <+catphish> when you turn on your computer, it sends a broadcast asking for configuration from DHCP 22:04 <+catphish> and a DHCP server replies with settings, including an IP address, netmask, gateway address, DNS servers 22:04 < zenix_2k2> Oh.. and in that case, the DHCP is located in the router right ? 22:04 < zenix_2k2> like it has to be located somewhere 22:04 < grawity> zenix_2k2: yeah that's not called a "subnet", it's the subnet *mask* or the netmask 22:05 < grawity> the DHCP server is *usually* in the router (though not necessarily) 22:05 < zenix_2k2> and what is so different between "subnet" and "subnet mask" ? 22:05 < skunkz> From what I understood I need my vpn to be configured as bridge (L2) instead of tun(nel?) (L3) to get Avahi to work out of the box, right ? 22:07 < grawity> like what's the difference between a house and between a house number? 22:08 < grawity> skunkz: generally yes, but avahi-daemon supports relaying/proxying between interfaces so you could also use that 22:08 < grawity> that is, as long as the *VPN server* is running avahi-daemon 22:09 < skunkz> this may well be that part I missed 22:09 < zenix_2k2> grawity: oh, ok i get it 22:10 < zenix_2k2> but about the how usual the DHCP server is located inside the router, has there any situation where it has been located in a computer ? 22:10 < zenix_2k2> or more likely a host 22:11 < grawity> zenix_2k2: ...or maybe more accurately, the "subnet mask" describes the *size* (dimensions) of a subnet 22:11 < grawity> zenix_2k2: as for hosting DHCP servers, well it *can* be done, but I've no clue as to whether people *normally* do that 22:12 < grawity> well, if "hosts" include dedicated servers, then yes, I'm sure that is done 22:12 < detha> if you speak of 'the router', generally the dhcp server sits on the router. 22:12 < grawity> e.g. on large LANs, or even in WANs – like an ISP might have one central DHCP server for all customers 22:12 < grawity> ¯\_(ツ)_/¯ 22:13 < tds> most dhcp servers support sync of leases and failover as well, so it's relatively common to run multiple for redundancy 22:13 < detha> some weird people run the dhcp server two routers away on an old PC. 22:14 < FlopB> are you guys talking at home or in a business for dhcp? 22:14 < detha> FlopB: yes 22:16 < skunkz> grawity: may I ask you what the configuration would look like ? The avahi-daemon on the vpn server should proxy mdns requests coming to the vpn gateway to.. the reserved subnet for the hosts gateway..? 22:18 <+catphish> azonenberg: do you happen to know if there are any off the shelf (ie not excessively complicated to source for small quantities) gigabit switch ICs? 22:21 <+catphish> azonenberg: i was thinking on your project and realised that it's probably not right for what i want to do, but it reminded me that i was interested in building a nice UI for a budget gigabit switch 22:29 < skunkz> or maybe I should play with the "reflector" section of avahi-daemon.conf ? 22:31 < hmig> Huey guys, any here able to heml me out with SPT - its doing my nut in 22:31 < hmig> https://imgur.com/a/VBFdRqV 22:32 < Aleksandar86> I wanna create white list of MAC address and protect all ports on Dlink smart switch 3630. Only MACs from white list can access in network. Some help? 22:34 < FatalFUUU> I'm looking for a gigabit PoE switch - 24+ ports. I can either get a HP V1910-24G-PoE (JE007A) or for slightly more a 48 port Alcatel OmniSwitch 6400-P48 but I know nothing about these switches 22:57 < Sepultura> hallo 22:58 < Sepultura> Is there already someone who is practically using QUIC? 23:02 < backes_> hey, I want to use proxmox. I have the following /etc/network/interfaces https://hastebin.com/qazepiluki.css but it seems that the host machine has no DNS resolver. ping on an ipv4 address works. The containers can resolve DNS but have no internet (connect: Network is unreachable) 23:04 < backes_> the latter part might be due to a wrong container setting... 23:09 < backes_> okay, setting a nameserver in resolv.conf solved the first issue 23:13 < ||cw> backes_: if your system is using resolveconf you should set those in the interfaced file with dns-nameserver entries 23:13 < ||cw> interfaces/ 23:15 < tds> backes_: how are your containers connected to the network? just bridged to that bridge? 23:17 < backes_> ||cw: okay I'll do that 23:17 < backes_> tds: yes, just bridged to it 23:24 < tds> backes_: what is the output of "ip route" in the container? 23:24 < tds> if dns works, it sounds like you at least have a route to your local network, probably just missing a default route 23:29 < backes_> tds: the container I assigned a static ip says with ip route: 192.168.178.0/24 dev eth0 proto kernel scope link src 192.168.178.99 23:33 < c|oner> why the heck can't I reach my DNSmasq server from another vlan. I can ping and trace to it... but not resolve from my wifi vlan 23:34 < tds> backes_: you should have a default route as well 23:34 < tds> did you configure it as a static ip in proxmox? 23:34 < tds> if so you need to add a gateway 23:36 < backes_> tds: with a gateway of 255.255.255.0 I can now ping 1.1.1.1 but get "Destination Host Unreachable" 23:37 < djph> your gateway is wrong 23:39 < backes_> ah shit, okay it's late... yes that's not a gateway 23:39 < backes_> thank you, with a correct gateway it works! :) 23:44 < hmig> spanning tree :( --- Log closed Tue May 22 00:00:28 2018