--- Log opened Tue May 29 00:00:31 2018
--- Day changed Tue May 29 2018
00:00 < varesa> the first issue with device compatibility is that one bulb uses Zigbee ZLL, the next uses Zigbee HA, the next Wifi, BLE, Z-Wave, whatever else
00:00 <+catphish> yep, you need 3 or 4 radios, but they're not too expensive
00:01 <+catphish> just lots of code to write for every different protocol
00:02 < detha> now if someone would make a hub radio with firmware for all of the above protocols, it would be nice
00:02 <+pppingme> why don't you just standardize on one protocol instead of buying different stuff every time someone throws it on sale?
00:02 <+catphish> well that's the idea
00:02 <+catphish> because money i guess
00:03 < detha> because people, because money, and because there is no obvious winner in the protocol race yet
00:03 <+catphish> i think the government should just mandate one protocol that all iot must use
00:03 <+pppingme> x-10 is the winner!!
00:05 < detha> Government.... I can see PAL and NTSC iot things
00:06 <+catphish> detha: don't worry, i was only trying to troll pppingme, it didn't work :'(
00:07 < linux_probe> lol
00:08 < detha> Sorry, still mad with the government here that can't make up its mind which DVB standard to use, European, Brazilian, or some other. So the whole thing has been delayed by >5 years now
00:08 <+catphish> detha: use DVB-T2
00:08 <+catphish> there, done
00:09 <+pppingme> ntsc makes the most sense, its all you can buy here!
00:09 <+catphish> i assume ntsc is dead now?
00:10 <+catphish> along with pal, and anything that's not MPEG4
00:12 <+catphish> i think we actually transmit a combination of DVB-T (mpeg2) and DVB-T2 (mpeg4)
00:12 <+pppingme> actually I think most tv's sold here still have ntsc tuners, although they are obsolete..  they also have atsc..
00:12 < tds> isn't there some slight stupidity with dvb-t2 in the UK where the epg is "encrypted" in order to enforce copy protection, but the content itself isn't?
00:13 < detha> PAL is still alive and kicking here, taking up valuable spectrum :(
00:13 <+pppingme> I'm not really sure what atsc carries..  if its mpeg4 or something else..
00:13 <+catphish> tds: i don't think so
00:14 <+catphish> tds: i could be wrong, but i'm sure i've used it with open source code and pc tuners
00:14 <+catphish> PAL was dropped in the uk a few years ago
00:14 < tds> oh yeah, I run a tuner with open source software as well which works fine, I think that's just got the keys built in ;)
00:15 <+catphish> tds: well that seems a little pointless then :)
00:15 < tds> but for set top box manufacturers they'll only give you the keys/whatever if you agree to implement their copy protection, I think
00:15 <+catphish> just seems unlikely
00:15 < tds> ah, found a reg article on it: https://www.theregister.co.uk/2010/06/14/bbc_offcom_freeview_hd_controls/
00:15 <+catphish> the part about the STBs seems plausible
00:17 < varesa> in a couple of years will have to find a new set top box (or maybe just the tuners) as dvb-t transmissions end
00:17  * varesa grumbles about the current box being only about ten years old
00:17 <+catphish> varesa: so there's literally no protection, just a pointless thing to tick boxes for international distribution rights
00:18 <+catphish> tds i mean ^
00:18 < tds> yeah, I think that's basically the case
00:18 < varesa> I was just going to say that I'm not in the UK and have no idea about how our EPG works :)
00:19 <+catphish> lol
00:38 < lord|> hmm I see that the two major router OSes I'm looking at are x86-64 only
00:39 < lord|> what relatively easy to setup router OS would I use on the orange pi R1
00:39 < lord|> which is a uh
00:39 < lord|> cortex-a7
00:40 < lord|> hmm, MicroTik?
00:40 < varesa> lord|: looks like they provide an openwrt image for it
00:43 <+catphish> lord|: i'd look at openwrt, probably builds of that for various CPUs, otherwise you may need to configure your own on whatever linux is available for it
01:16 < Android> what was the outcome of h.e. vs. cogent?
01:17 < rewt> tbd
01:17 < Android> still ongoing fight?
01:17 < rewt> i don't think it's a fight really, just HE wanting to peer, and cogent ignoring them
01:18 < Android> is this inside a virtual net masqurading as chicago?
01:18 < Android> they think it is california
01:19 < rewt> whereever it is, i hope cogent stops being so stubborn
01:19 < Android> why?
01:19 < rewt> so we can finally have 1 unified ipv6 internet
01:19 < Android> something important needing to do with h.e.
01:20 < rewt> last i heard, cogent was filtering out HE even through 3rd party paths
01:20 < Android> it was wasnt it?
01:20 < Android> I have the mainframe.
01:21 < rewt> plug it in
01:21 < Android> Somebody blasted the bios apparently.
01:21 < Android> no screen
01:21 < Android> the rescue cd doesnt seem to bring up the interfaces blindly
01:22 < rewt> real admins don't need a screen; they do everything by the feel of the keys
01:22 < Android> no screen no shell
01:22 < Android> no shell evwnt after feeling boot commands
01:24 < Android> are you a real admin?
01:25 < Android> rewt are you a real admin?
01:26 < rewt> i am one with the shell
01:26 < Android> why arent there any bootup ssh shell images?
01:26 <+catphish> it's pretty common for people to refuse to peer, these cogent cases are only unusual because one party is refusing to send traffic at all
01:27 < rewt> use a live cd
01:27 < Android> yeah it doesn't bring up the interfaces
01:27 <+catphish> like, cogent probably wouldn't peer with me, but i'd still send traffic to their customers :)
01:28 < Android> so it starts ssh bt default but not network , "smart" aint it
01:28 < rewt> local ssh :D
01:32 <+catphish> rewt: to clarify, cogent aren't blocking anyone, HE and google are refusing to send traffic to HE through paid transit
01:32 <+catphish> *to cogent
01:34 < rewt> oh.  i thought there was some filtering; traffic isn't going through common peers either
01:34 < tds> sure, but since neither side buys transit off those peers, you wouldn't expect those peers to announce either side's routes to the other, only that AS' internal routes (and any downstreams)
01:34 < rewt> been some time though, so i may be misremembering
01:34 <+catphish> rewt: it never does, settlement free peering doesn't work like that, it only allows traffic between the immediate peers and their paying customers
01:35 <+catphish> so if neither of them peer with someone who pays the other, no traffic
01:38 < spaces> catphish openIX ?
01:39 <+catphish> cogent's argument is presumably that they have more customers and more geographical diversity, so connecting to them is worth more, unfortunately they're largely in the right on all counts, and while it would be nice for everyone to get along and peer, HE have the weaker hand, and no particular moral high ground in asking for free routes
01:39 <+catphish> mutual peering is great, but not really a right at that scale
01:44 < spaces> nice thanks, that was going nowhere
01:45 <@catphish> i don't know how to express this nicely, so i'm just gonna be mean, you're annoying me, you keep tagging me, but not really contributing, i'm probably just being irritable, sorry
01:46 <+catphish> but please quit it
01:46 < spaces> how could I directly respond to your statements anyways ? indeed, that is how IRC works
01:46 <+catphish> with something useful
01:47 < spaces> that was usefull, I asked you the other day about your little carrier issue you seem to see which is not there...
01:47 < spaces> maybe you are just wrong about your way of thinking at the moment ? it's an open channel, and you could /ignore me, maybe not as an op but that is not my problem, sorry
01:49 < spaces> and about coget, they never will block anyone they only want to lift over the largers networks if they can using their open peering polity these providers have... and they get blocked because of it from time to time
01:49 < spaces> it's a known cogent issue
01:50 < spaces> less big issue now these days
01:50 < spaces> *cogent
01:51 <+catphish> that sentence didn't make much sense :(
01:51 < spaces> about the lift ?
01:51 <+catphish> yes
01:52 < spaces> you want to peer with them directly ?
01:53 <+catphish> i peer with or buy transit from all those providers
01:53 <+catphish> so not really relevent to me
01:53 < spaces> you buy transit ?
01:54 < spaces> why not connect to them directly ? most have a pop in each DC
01:55 <+catphish> 1) gotta buy transit from someone 2) cogent won't peer with me for the reasons discussed above
01:55 <+catphish> they have a policy of charging small but charging everyone
01:56 < spaces> not that I know
01:56 < spaces> maybe it's about knowing the right people there ?
01:56 <+catphish> they don't peer with many people
01:57 < spaces> you don't have to peer with them when you are connected to them
01:57 < spaces> then you peer with their customers
01:57 < spaces> you actually never peer with a customer
01:57 < spaces> oops, carrier
01:57 < tds> how do you plan to be "connected to them" if you're not peering or buying transit?
01:58 <+catphish> sure, i could build a global network, and peer with every one of cogent's customers
01:58 <+catphish> but i'm not going to
01:58 < spaces> tds transit in which way ? if you just buy an uplink from them then you are done
01:59 <+catphish> i'm happy just to pay for transit, like everyone else :)
01:59 < tds> spaces: transit as in buying an uplink from them ;)
01:59 < tds> well, getting a cross connect and then doing it over that, normally
01:59 <+catphish> it's just coincidence that cogent are one of the few transit providers in my data centre, so they get my business :)
02:00 < spaces> tds then you are peering with everyone in their network, if they didn't block you, so the customer
02:00 <+catphish> and despite their peering policies, they're pretty good, and their policies mean good value for their customers
02:00 < spaces> catphish transit providers ? what kind of providers do you have more then there ?
02:00 < spaces> this sounds like a joke
02:01  * tds is confused at this point
02:01 <+catphish> i don't think this conversation is ever going to make any sense as long as you're part of it, sorry
02:01 <+catphish> tds: i suspect there's a language barrier here
02:02 < spaces> I'm pretty sure you are just not a customer that gets a pipe form them, have your own AS and be done with it, there is more between it seems like it
02:02 < fnDross> speak in C then
02:02 < fnDross> :D
02:02 < spaces> C
02:03 < varesa> set_confusing(&conversation, false);
02:03 <+catphish> if you have an AS, you need to send traffic everywhere, you do this by a combination of getting people to accept your traffic for free, and paying them to take it, simples
02:03 <+catphish> cogent won't do the latter unless you're a very very large ISP
02:04 < spaces> what does cogent have to do with it ? they are just the carrier, it's their customer that decides it
02:04 <+catphish> decides what?
02:05 < spaces> how does your traffic goes otherwise when you are connected to them and someone else is as well and you want to send and receive data between the two of you ?
02:05 <+catphish> i don't think i can be bothered to explain how the internet works, sorry
02:05 < spaces> catphish the customer, their customer decides if they want to talk with you directly over cogent or not, not cogent that is the gatekeeper there
02:06 < spaces> I'm pretty sure that you are on a different level with them as you described
02:06 < spaces> which sucks indeed
02:06 < spaces> bbiab
02:06 <+catphish> http://i.lvme.me/pzv5j7l.jpg
02:10 < tds> I still can't seem to peer with google, they haven't replied to my emails :(
02:10 < tds> I think that's just them being slow, though, hopefully it'll get sorted eventually
02:12 < spaces> tds wasn't that on a hold with them ?
02:16 <+catphish> tds: actually i'm not peered with google, i see them via the linx route servers, good enough for me, i don't exchage any traffic with them since i have no eyeballs
02:17 < spaces> catphish I think you are refering to something else... you use their network to access other DC's ? like you normally get your own wave between whatever network you want ?
02:17 <+catphish> i buy transit from cogent
02:18 < tds> ah, I don't think google peer with the route servers at kleyrex, so I don't see them there at the moment
02:18 <+catphish> that meand i give them money, and they will accept any traffic from me, to anywhere, and they will announce my routes to all their peers
02:18 < spaces> why use cogent for that ?
02:19 <+catphish> 1) they are present in my main data centre 2) they are cheap 3) they are reliable
02:20 < tds> he recently joined the route servers though, everyone got an email saying to increase their prefix limits :P
02:20 < spaces> they are not your carrier then, they are your ISP
02:20 <+catphish> that's the same thing
02:20 < spaces> it's not
02:21 < spaces> there is a different level between them
02:21 <+catphish> you can barely speak english, lets not argue semantics
02:21 <+catphish> as well as transit providers, i also have peerings, that means people accept my traffic only for their customers, and i accept their traffic for my customers
02:21 < spaces> oh my US based client never complain and are happy to say that I speak better english then their US collegues :D
02:22 < spaces> I think you are trying to make COgent your IX
02:22 < spaces> you better get an IX where everyone peers happily that is connected
02:23 <+catphish> "everyone"
02:23 < spaces> cogent likes to act as an IX, that is their business, they needed to because other carriers didn't like their policy back the days, even Level3 blocked them totally becayse they pushed almost all data over the L3 network to get nice ping times
02:24 < varesa> I'm with catphish, I don't think you understand how transit works or you are bad at communicating it
02:24 < orlock> everybody settle down.
02:24 < orlock> it's all just ones and zero's
02:24  * orlock ducks
02:24 <+catphish> orlock: you're just ones and zeros
02:24 < orlock> shit
02:24 < orlock> i'm a bot?
02:24 <+catphish> yep
02:24 < orlock> DO MY PARENTS KNOW?
02:25 <+catphish> no, and i won't tell them
02:25 < spaces> varesa I think you guys just are on the entry level, cogent is as catphish says cheap, and you get "issues" with it for free
02:25 < orlock> ok then
02:25 < varesa> lol
02:26 < orlock> we have an issue here where out two main telco's refuse to peer with Cloudflare
02:26 < orlock> and Cloudflare will not pay to deliver traffic to theit customers
02:26 < orlock> so anybody using two out of the top 3 ISP's gets 150ms latency to Cloudflare
02:26 < orlock> everybody else? <10ms
02:27 < spaces> orlock that is why Cloudflare sucks
02:27 <+catphish> i can see how that might happen, CF are essentially a networkless content provider, i imagine people would expect them to pay
02:27 < orlock> spaces: wtf?
02:27 < orlock> spaces: No..... That's why Optus and Telstra suck, what the fuck shit are you on?
02:27 <+catphish> did i make a terrible mistake in unmiting him?
02:28 < spaces> orlock so many people that move to cloudflare that they have the power to say, ok you guys need to pay us
02:28 < orlock> spaces: It only impacts customers of those two ISP's, nobody else.
02:28 <+catphish> but its nice when everyone just gets along and peers
02:28 < orlock> ok Srs Busins time
02:29 < spaces> orlock it could be that cloudflare say, you can peer with us but you need connect directly with us starting with a 100G connection
02:29 <+catphish> they don't :)
02:30 < PenguinPerk> Anyone using the NRPEv2 module for PFSense to talk with Nagios? I need some assistance setting up the nagios side
02:30 < orlock> .. They are pretty open about it all.
02:30 <+catphish> cloudflare will peer with anyone anywhere because they're nice :)
02:30 < spaces> I think the peering policies have no meaning anymore with linespeeds these days
02:30 < spaces> and also what a wave costs
02:30 < orlock> PenguinPerk: no, pfsense or nagios channels might be better?
02:31 < PenguinPerk> Trying them as well
02:31 < orlock> used Nagios enough to hate it, never used pfsense
02:31 < spaces> Nagios is used by dinos
02:32 < spaces> I need to dev a little bit
02:32 < orlock> spaces: oh great one, enlighten us with your alternatives
02:32 < orlock> spaces:  tell us what drugs will fix all our problems
02:32 < lupine> alert servers and probes are ten a penny these days
02:32 < vectr0n> icinga2 is better imo
02:32 < lupine> nagios still does the thing though
02:32 <+catphish> icinga2 is indeed better :)
02:32 < orlock> its all trivial crap
02:33 < orlock> but still very important
02:33 < orlock> spaces: what's so much better?
02:33 <+catphish> we wrote our own monitoring system for some reason
02:33 < lupine> yup, the last company I was at did the same thing
02:33 < lupine> in ruby
02:33 < spaces> orlock zabbix is best
02:34 < orlock> how is it better than nagios?
02:34 < spaces> easier to setup,
02:34 <+catphish> i hated zabbix, not sure why
02:34 < orlock> then you are useless
02:34 < orlock> stfu
02:34 < orlock> go away
02:34 < spaces> Zabbix is much better again these days
02:34 <+catphish> seemed overcomplicated
02:34 < varesa> we almost got our fairly large icinga2 deployment done with all templates etc. the way we want them when the company started throwing money at new relic, datadog, cloudhealth, pagerduty and I don't even remember what we have now
02:34 < orlock> all our work is in the checks and tests
02:35 < orlock> nagios is just a tool to run them
02:35 < spaces> LibreNMS.. meh not ideal, it's good but they have weird policies of ditching hardware
02:35 < vectr0n> librenms is decent for graphing
02:35 <+catphish> librenms can't be any worse than its parent for arbitrary decision making :)
02:35 < orlock> vectr0n: i use graphite for that
02:36  * vectr0n nods
02:36 < spaces> varesa incinga2 is nice, did it do syslogging now also? forgot
02:36 < vectr0n> many ways to get graphs
02:36 <+catphish> i use cacti because i'm a dinosaur :)
02:36 < tds> librenms' service monitoring is just some php run in a cron job that runs nagios scripts, though
02:36 < varesa> my experience with zabbix (use it at home) is that it makes basic stuff really easy, you don't have to touch configs, it autodiscovers stuff, etc.
02:36 <+catphish> varesa: wonder why i found it so complicated
02:36 < spaces> tds at the end most scripts run nagios tools but Nagios itself is really a beast and not nice
02:36 < varesa> but if you want something that quite doesn't fit the frame you might have to fight it a bit
02:37 < varesa> where as icinga2 is really a barebones framework to build upon
02:37 < vectr0n> its very versatile
02:37 <+catphish> icinga2 seemed nice
02:37 < orlock> i could probably replace nagios with graphite and collectd honestly
02:37 <+catphish> slightly saner to configure than nagios
02:38 < orlock> but
02:38 < orlock> it's all crap
02:38 < lupine> silly human, nobody uses collectd any more
02:38 < vectr0n> with monitoring there is many ways to do the same things, it just depends what works best in your env and your needs
02:38 < lupine> it's all prometheus
02:38 < orlock> everything is crap
02:38 < varesa> currently my homelab setup is librenms for network devices/SNMP, prometheus+grafana for performance metrics, zabbix for availability/alerting
02:38 < lupine> just remember to put a http server in all your client applications you want to monitor
02:38 < orlock> lupine: damn, i thought telegraf was the new hotness?
02:38 < lupine> nah, prom is hotter than TICK
02:38 < orlock> oh, hah, a joke
02:38 < orlock> i understand human humour
02:38 < orlock> el oh el
02:38 < lupine> thing is, I'm being sarcastic, but this is what people are actually doing
02:39 < orlock> lupine: because, fuck. snmp already existed, lets write something else that does the same shit, but using the tools we know instead of reading documentation for something that already exists
02:40 <+catphish> our homebrew monitoring system: https://imgur.com/a/ibPDZap it does the job nicely, everything runs over ssh only
02:40 < lupine> the worst part is that none of the usual strategies for time-series data work with prom
02:40 < orlock> when all you understand is http, everything starts looking like a webserver
02:40 < lupine> you have to learn promql and structure your data very precisely
02:40 < lupine> it's really painful
02:44 < spaces> looks good that homebrew thing :)
02:45 < Lord-Kamina> So... with these routes: https://www.dropbox.com/s/cx8fmz0rrw723af/routes.png?dl=1, requests to those IPs should be redirected to my gateway, is this wrong?
02:46 <+catphish> it works nicely :)
02:46 <+catphish> i must sleep now
02:46 <+catphish> have fun
02:47 < Lord-Kamina> Because whenever something goes the way of those IPs, instead of going to my gateway (and using my other DNS) I just get a no route to target error. D:
02:47 < spaces> just say you want a new phone then you B%^%tch https://imgur.com/gallery/7HkxYNt
03:36 < cluelessperson> how do you set the subdomain for a server?
03:36 < cluelessperson> set it as the hostname?
03:36 < cluelessperson> server.subdomain    ?
03:37 < Galoyz> possible noob question: I have a system on which docker containers all live in the 172.17/16 subnet. the host lives at 172.17.0.1 and serves as the default gateway for those containers, and within any one container I can successfully send packets to the external internet, even though I've set up iptables to unilaterally reject packets pertaining to the FORWARD chain. my understanding of the FORWARD
03:38 < Galoyz> chain is that it pertains to packets for which the destination host is not the receiving host, which should apply in the case of my host receiving packets from the docker0 interface, so why are those allowed to pass?
03:38 < Galoyz> iptables on the host, that is.
03:43 < varesa> cluelessperson: you add a new DNS record in the DNS zone for the top level domain
03:43 < light> Galoyz: check your rule order
03:44 < light> also your rule set may not do what you think it does
03:44 < Galoyz> light: thanks. the FORWARD reject all chain rule is indeed the last one set, so it might be nullified by some previous, but it's also the only rule I've set pertaining to that chain
03:45 < light> iptables is first match
03:46 < Galoyz> right. but isn't chain matching mutually exclusive? i.e., a packet may match to at most one of INPUT, OUTPUT, FORWARD
03:46 < light> check which rule they matched
03:46 < light> have some packets flow in and watch the rule counters tick up
03:47 < Galoyz> ah, good idea. thanks for the tip.
03:48 < cluelessperson> varesa: I don't have a dns server yet
03:49 < cluelessperson> varesa: and the problem seems to be with the hostname reported up by the server in a monitoring tool
03:49 < cluelessperson> I figure just set  "server.subdomain"  in /etc/hostname ?
03:49 < varesa> cluelessperson: what do you want the subdomain for? What are you trying to accomplish?
03:50 < varesa> to just change the hostname as reported by the server to "server.domain.tld"?
03:50 < cluelessperson> varesa: I have different vlans, and subdomains route to the appropriate vlan.
03:51 < cluelessperson> varesa: For one thing, when I'm trying to rsync stuff, it's annoying that everything on the server shows up at   root@server:/location/    when I need the subdomain as well on an enterprise netowrk.
03:52 < varesa> now I'm just confused :-S
03:52 < varesa> domains don't route stuff to VLANs, domains resolve to IP addresses (except you said you don't have DNS so that seems irrelevant) which may be on certain VLANs.
03:53 < varesa> and I don't quite get what you mean by everything showing at root@server:/location/
03:54 < orlock> "enterprise network"
03:54 < orlock> "I don't have a dns server yet"
03:54 < spaces> varesa he could mean I have a subnet on vlanX where I route to
03:55 < spaces> orlock openDNs is free, or let feed us google ;)
03:55 < orlock> spaces: i was quoting cluelessperson
03:56  * orlock has too many DNS servers here, some need to be taken out the back and shot in the head
03:56 < varesa> cluelessperson: by "add subdomain to server" I assume you mean that you want "server" to be part of ".enterprise.domain"?
03:56 < Whiskey`> orlock: ill take the hardware out back
03:56 < spaces> orlock I love split horizons :D
03:57 < spaces> orlock why so many ?
03:57 < orlock> i love the sound of you shutting up
03:57 < varesa> and you either want a) the server to report the FQDN ("... hostname reported up by the server in a monitoring tool")
03:57 < orlock> spaces: multinational hyperglobal meganet enterprise
03:57 < spaces> orlock and you could not use something like FreeIPA and let them replicate all over the place ?
03:57 < varesa> or b) be able to connect to the server via server.enterprise.domain instead of just "server" or IP or something (didn't quite get the rsync part)
03:57 < orlock> cluelessperson: maybe start with getting your DNS working, then?
03:58 < orlock> spaces: Dude, just. shut. up.
03:58 < orlock> spaces: i dont have a problem that needs fixing, so.. shut up?
03:58 < spaces> orlock, you seem to have: [03:56:01] * orlock has too many DNS servers here, some need to be taken out the back and shot in the head
03:59 < orlock> Yes, and i cannot be fucked explaining the reasoning behind any of that to you seeing as you seem to intentionally mis-interpret things for your own amusement
03:59 < varesa> I am pretty sure the fix to cluelessperson's issue is a) setting the server hostname b) adding an entry to /etc/hosts c) setting up DNS
03:59 < varesa> once we can figure out the problem we can choose the correct answer ;)
04:00 < cluelessperson> orlock: I have dns server I don't control yet specifically
04:00 < orlock> cluelessperson: talk to that person then, and learn how to use tools like dig/nslookup, etc
04:00 < Galoyz> 4
04:01 < cluelessperson> orlock: huh?
04:01 < cluelessperson> I know those tools
04:01 < orlock> and you have a DNS server that you don't control?
04:01 < spaces> orlock erm, weird you say so... lots of companies have DNS servers all over the place because there was no decent way of ccreate some central management for global DNS servers
04:01 < orlock> so somebody does?
04:02 < spaces> does what ?
04:02 < spaces> who is somebody ?
04:15 < Cthu> my dudes, IP is not PII data
04:15 < Cthu> right?
04:15 < Cthu> it's a bloody routing tool
04:16 < orlock> Depends
04:16 < orlock> MPAA seems to think it is?
04:17 < spaces> lol Facebook has a new way to let people create accounts
04:17 < varesa> Cthu: well postal addresses are a routing tool as well
04:17 < varesa> and phone numbers
04:18 < varesa> IP address is actually very close to a house address or a landline number if you think about it
04:18 < orlock> Cthu: all depends on context
04:47 < new2ip> anyone really here?
04:47 < orlock> are any of us, _really_ here?
04:48 < orlock> new2ip: this is #networking, not #philosophy
05:18 < Theophilus> I'm interested in upgrading my twenty eight point eight kilobaud internet connection to a one point five megabit fibre-optic T-1 line. Will you be able to provide an IP router that's compatable with my token ring ethernet LAN configuration?
05:20 < new2ip> Its troll ban time
05:20 < Theophilus> yey
05:21 <+pppingme> He's talking about you
05:21 < Theophilus> yey
05:22 < Theophilus> well this is taking some time
05:22 < Theophilus> I might just... leave
05:23 < Theophilus> yeah, out
05:23 <+pppingme> ask a legit question and you might get legit help
05:24 < orlock> file an abuse complaint with his ISP
05:24 < orlock> DMCA
05:25 < CuriosTiger> orlock: Which copyright of ours did his trolling violate?
05:26 <+pppingme> I bet the term token-ring is still trade-marked
05:32 <+pppingme> that feels spammy
05:32 < orlock> just a tad
05:33 < orlock> WolfLarson[m]1 stuffed up though
05:33 < new2ip> what do you mean stuffed up?
05:34 < linux_probe> shhhhpamburgers
05:39 < orlock> new2ip: he got a 1 after his [m]
05:39 < new2ip> not sure what the 1, or even the [m] means?
05:41 < Kingrat> it makes it easier to find the spam bots
05:50 < varesa> the [m] are people bridged from the matrix network to IRC and who haven't changed their nick
05:58 < linux_probe> {m] for morons =p
08:22 < Android> what are we going to do call in the jedi to stop cogent?
08:22 < skyroveRR> Cogent?
08:22 < Android> cogent networks
08:23 < skyroveRR> Stop Cogent from doing what?
08:23 < Android> blocking h.e.
08:24 < Android> in an ipv6 network there isnt much for hiding
08:25 < Android> it accepts ping
08:26 < Android> some r!mnanys of operators and software functional enough to run a working firewall
08:26 < skyroveRR> What's the reason for Cogent to block HE?
08:26 < Android> any left?
08:26 < Android> can be many reasons
08:27 < Android> quaranteen
08:27 < Android> userbase providing cashflow
08:28 < Android> no control for scientific method
08:28 < Android> with criminal acts requires using the suspect
08:28 < Android> can be many reasons
08:29 < Android> securing the final plauge
08:29 < senaps> hi all, in GNU/LINUX systems, in what forms can /etc/resolv.conf be populated to be valid? DNS1, nameserver, search .... is there any other keyword?
08:29 < Android> think most of the global population possibly wiped out
08:31 < Apachez> senaps: man resolv.conf
08:35 < Android> is it vilegent?
08:36 < Android> suppose HE is going after nucleur power
08:37 < Android> there was always that physics argument
08:37 < orlock> senaps: what Apachez said
08:39 < Android> did the skull bochs break 0 law?
08:40 < Android> HE got that fire?
08:44 < Android> HE got that fire?
08:45 < Android> Did you hexy me eyes?
08:45 <+pppingme> wow..  32tb of ram
08:46 < Android> pppingme yeah speed test it
08:46 < Android> is it real
08:46 <+pppingme> can't afford it..  I'm sure its a multi-million dollar box..
08:46 <+pppingme> oh, its real alright..  no doubts..
08:46 < Android> the matrix is like being in a lottery and not knowing what the prize is
08:47 < Android> how many can wait to be released from machines
08:48 < Android> 30fps for eyes
08:48 < Android> what is the speed of hearing
08:48 < Android> inverse mach speed
08:49 < Android> the time it takes for a soynd to reach mind
08:50 < Android> aw schucks truthr
08:51 < truthr> Android, what!?
08:52 < Android> 32tb of ram some headspace huh
08:53 < Android> truthr what, what!?
08:53 < truthr> Android, what is it man!? what, what!
08:54 < truthr> Android, i am just..breaking your balls for no reason
08:54 < truthr> one of those days
08:54 < Android> the speed inverse mach
08:54 < Android> why you break my balls
08:56 < truthr> just because, i thought it would be funny.
09:25 < ahyu84> anyone heard FBI asking everyone restart their own router?
09:25 < skyroveRR> lol
09:26 < skyroveRR> Probably must have served a memo to their own department.
09:26 < Phil-Work> that'd be a good reason for an outage - might even get a cheeky JunOS upgrade done in the middle of the day
09:26 < ahyu84> lol
09:26 < Phil-Work> the FBI told me to restart it, boss
09:27 < skyroveRR> "Requested" or "Ordered"? :P
09:36 < Phil-Work> skyroveRR, ordered, obviously
09:36 < Apachez> no they didnt
09:36 < Apachez> some tech article asked fbi what to do
09:36 < Apachez> and they recommended to reboot the router
09:36 < Apachez> there is no orders
09:36 < Phil-Work> Apachez, semantics
09:36 < Phil-Work> when else can you upgrade a router in the middle of the day and get away with it? :D
09:39 < cheapie> My router isn't vulnerable, at least not to that :)
09:40 < skyroveRR> Your router has already been cleared.
09:44 < Android> what phase is the moon in now?
09:45 < ^7heo> bleeding
09:45 < Android> yeah?
09:46 < ^7heo> from the ears
09:46 < skyroveRR> And the holes.
09:46 < ^7heo> while sneezing little caktii
09:47 < skyroveRR> What the hell is caktii?
09:47 < ^7heo> many times one caktus
09:49 < ^7heo> <cheapie> My router is so secure, my IP is 127.43.98.117. Come and get me #myrouterissupersecure
09:49 < Android> can sue for it?
09:49 < ^7heo> Android: I don't know her, and you're omitting the verb.
09:49 < cheapie> ^7heo: That's not my home IP address *or* the one I'm connecting from :P
09:50 < Android> wgat machine usbit witg 32tb ram the eix?
09:51 < Android> soynds fairly unique
09:51 < ^7heo> Android: I suggest you try using a different body part as your chosen input method.
09:51 < ^7heo> Android: the current one isn't doing a good job.
09:52 < ^7heo> skyroveRR: also apparently it's spelled cacti
09:53 < Android> l
09:53 < cheapie> I mean, my router is vulnerable to some other stuff (like Spectre, which wasn't even really a thing yet when it was last rebooted and it could use a kernel update), and probably a bunch of other stuff too. Just not that one particular issue :P
09:54 < orlock> half-bricks.
09:54 < orlock> most routers are vulnerable to a well-aimed half-brick.
09:54 < chrustler> My router is most vulnarable to power outage due to vacuum cleaner.
09:54 < Android> ^7heo how's that sovreign city state project going in texas?
09:54 < cheapie> Meh, I think mine could handle a brick being thrown at it, if you don't throw it too hard :P
09:54 < Android> it is vetter to blame the device
09:55 < Android> not my thumbs
09:56 < Android> saw a new prospective seat of the government
09:56 < Android> portable chair
09:57 < Android> can we put scarface on here?
09:58 < Android> never underestimate the power of masses of stupid people
09:59 < Android> 250,000,000 is said to be a conservative count
10:00 < Android> if the ipv6 net expands a few "good" men behind firewalls run it all
10:00 < Android> send okc type back
10:00 < Android> with the dog
10:02 < Android> there is plenty of work out there
10:02 < Android> the exponential propogation of errors
10:03 < Android> the last days terrible like no other
10:03 < Android> minds hanging on to old dreams
10:04 < Android> which machine has 32tb ram?
10:04 < Android> something to write a love letter
10:04 < Android> contained in voltage
10:05 < Android> in the hopes earth has some dance left
10:06 < Android> to think the flrsh is fooled by light
10:06 < Android> l-tryptophan
10:06 < Android> networking
10:07 < Android> see that new Time magazine cover?
10:07 < Android> My Lan
10:08 < Android> which machine has 32tb ram geffin eix?
10:10 < Android> are you being attacked by raid drone psuedo gholas?
10:10 < Android> talk about that episode of DS9 explaining demonic posession
10:10 < Android> nah
10:10 < Android> demons
10:12 < Android> eix egrega zeta
10:12 <+pppingme> Android you're all over the place, stay on topic..
10:12 < Android> mnemonic nomenclature
10:13 < Android> loose barouqe cyphers
10:13 < Kingrat> hes on a roll man, dont stop this stimulating conversation pppingme
10:14 < Android> Kingrat on a roll are you spiking my food again?
10:16 < Android> then calling police so swarms of qbasic show up to "help"
10:16 < Android> 32tb the last refuge for the persecuted mind
10:17 < Android> where is it?
10:18 < skyroveRR> In your ass.
10:19 < TandyUK> Biggest machine I manage has 6TB ram
10:19 < TandyUK> not sure how you could physically fit 32Tb in one machine
10:20 <+pppingme> is that 6tb machine maxed out?
10:20 < TandyUK> yeah
10:20 < TandyUK> 48x128GB stick iirc
10:20 < Android> the Kolab
10:21 <+pppingme> how many physical cpu's?
10:21 < TandyUK> 4 xeons
10:21 < TandyUK> its a hp DL-580
10:21 < Android> sounds like cogent
10:21 < TandyUK> 4u ffs lol
10:21 < Android> boyd k packer
10:21 < TandyUK> Android: what??
10:22 < Android> hp
10:22 < Android> packard-bell
10:22 < Android> ctr ciphe
10:22 < TandyUK> well youre getting better/worse
10:22 < skyroveRR> Did someone accidentally give him weed or some shit?
10:23 < TandyUK> your sentences werent making sense before, now even words arent
10:23 < Android> what is the ip addr of the 32tb machine
10:23 < Android> plug in my pae kernel
10:23 < TandyUK> 192.168.1.15 i think
10:23 <+pppingme> its somewhere on the 26/8 subnet, you'll just have to nmap it
10:24 < TandyUK> or is it 62/8
10:25 < Android> tandy are you really having trouble gathering sense from what I've sent?
10:26 < TandyUK> I dont think its just me having trouble tbh
10:28 <+pppingme> TandyUK the 64TB ram machine physically takes two racks
10:30 < TandyUK> what sort of cpu and storage does it have lol
10:31 < TandyUK> that DL580 has 48 2.5" bays
10:31 <+pppingme> the two racks doesn't include any storage
10:32 <+pppingme> 170 cores (I think its 10 cores per chip), plus almost every "subsystem" has its own cpu's on top of that, so all i/o and other stuff is offloaded
10:35 < TandyUK> thats surprisingly low give nthe amount of ram imho
10:35 < TandyUK> 2 racks id expect more like 170 chips
10:35 < TandyUK> well maybe 100 or so
10:36 <+pppingme> considering everything is offloaded, it probably does..
10:36 < masuberu> good afternoon, could someone help to understand what this message means?     shu-server.novalocal > 129.94.15.158: ICMP host shu-server.novalocal unreachable - admin prohibited, length 60
10:36 < masuberu> I am getting this from tcpdump
10:37 < masuberu> shu-server.novalocal has a web service listening to port 8787 and I am trying to access it from 129.94.15.158
10:37 <+xand> it's sending a reply saying it's not allowed
10:37 < masuberu> obviously 129.94.15.158 can access the website
10:37 <+xand> e.g. blocked by firewall with REJECT
10:38 < masuberu> ok
10:38 < masuberu> hum
10:39 <+pppingme> masuberu means a fw is dropping it
10:39 <+pppingme> TandyUK it has 5 "drawers" of pci slots, 16 each I beleive..
10:39 < masuberu> thanks!
10:43 < TandyUK> got any specs/model number etc?
10:44 < TandyUK> or is this thing custom made
10:45 <+pppingme> https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0ahUKEwiJja2bwqrbAhWL24MKHcLwDoMQFggnMAA&url=https%3A%2F%2Fwww.ibm.com%2Fdeveloperworks%2Fcommunity%2Fwikis%2Fform%2Fanonymous%2Fapi%2Fwiki%2F33d270cb-c060-40f6-99f3-956c3cb452a3%2Fpage%2F885fd4df-c77d-4bb8-a43b-f4f44100b3ac%2Fattachment%2F7fd7adad-44dd-43c9-90d7-5c97650da544%2Fmedia%2FIBM%2520z14%2520technology%2520Pitch.pdf&usg=AOvVaw1cJLHYOXAs3zsrtvehH7Wc
10:46 < TandyUK> try an actual page lol
10:46 < TandyUK> google just gives me a white page for that
10:46 <+pppingme> hmm..  should shoot out a pdf
10:46 < TandyUK> unless the url got cut short
10:46 <+pppingme> let me see if I can find a more direct link
10:47 < TandyUK> i'll just urldecode it lol
10:47 < TandyUK> https://www.ibm.com/developerworks/community/wikis/form/anonymous/api/wiki/33d270cb-c060-40f6-99f3-956c3cb452a3/page/885fd4df-c77d-4bb8-a43b-f4f44100b3ac/attachment/7fd7adad-44dd-43c9-90d7-5c97650da544/media/IBM%20z14%20technology%20Pitch.pdf
10:54 <+pppingme> yeah, thats it..
10:54 <+pppingme> look at page 11 and 15-16
10:59 < TandyUK> what on earth are you using it for anyway
11:04 <+pppingme> Oh, I'm not using it, my wife won't let me have one..
11:04 <+pppingme> I have installed linux on them though
11:09 < TandyUK> fill it with GTX 1080's all fully SLI'd, and play somethign sexy in like 48K lol
11:09 < shtrb|work> at least something that could handle FF/Chrome with few open tabs
11:11 < shtrb|work> But can you install a single image over that (like just a normal Debian + plasma5 or gnome ) ?
11:12 <+pppingme> shtrb|work you can, but its rare, they are usually partitioned to at least a couple
11:13 < Apachez> https://twitter.com/cnLedger/status/1001335269180653568
11:19 < skyroveRR> shtrb|work: you want KDE and GNOME in one image?
11:22 < shtrb|work> why not ? so much ram you could even have chrome running with multiple tabs
11:26 < skyroveRR> How much RAM are you talking about?
11:26 < shtrb|work> max memory is 32 TiB
11:27 < skyroveRR> Am I misreading at GiB?
11:27 < skyroveRR> * misreading it as
11:28 < shtrb|work> Tera
11:29 < shtrb|work> the M1 start from 320
11:29 < shtrb|work> 32 GiB
11:29 < shtrb|work> *320 GiB
11:33 < Emperorpenguin> skyroveRR: I've seen a machine with 32 TiB of ram
11:33 < Emperorpenguin> it was... fun
11:33 < Emperorpenguin> and big, and spews a lot of heat
11:34 < shtrb|work> But can it run chrome :D
11:36 < shtrb|work> in a few years, maybe we will have that in laptops
11:36 < bezaban> I'm not really utilizing my 32gb
11:36 < skyroveRR> shtrb|work: Just to fucking run chrome? That's retarded.
11:37 < shtrb|work> skyroveRR, a browser gotta eat
11:38 < shtrb|work> bezaban, having 16 and 32 on different machine and I can see swap being used
11:43 <+catphish> 32TiB of RAM is a little mad
11:45 < shtrb|work> like having more than 640KiB ?
11:45 < shtrb|work> Oh hi catphish , how is the novnc going ?
11:45 <+catphish> shtrb|work: fine, i fixed it :)
11:46 < shtrb|work> I wished to ask you, did you use ws to add audio transfer ?
11:47 <+catphish> no
11:47 <+catphish> i only use VNC, and VNC doesn't support audio
11:48 < TandyUK> bezaban: im using 44% of 64GB, and for some reason windows still compresses some and is using 1.8Gb swap lol
11:49 < skyroveRR> TandyUK: chrome or IE?
11:49 < TandyUK> chrome ofc lol
11:49 < TandyUK> unless i have to manage an hp blade
11:49 < skyroveRR> How many tabs?
11:49 < TandyUK> er some lol
11:49 < skyroveRR> What's the number? ...
11:49 < TandyUK> i cant count that high on my fingers (and toes)
11:49 < TandyUK> i cant be fucked to count them
11:49 < skyroveRR> ~100?
11:49 < TandyUK> enough that on a 1920x1080 screen, you can only see the icon
11:50 < TandyUK> and theres 3 windows like that
11:50 < skyroveRR> heh
11:50 <+catphish> TandyUK: good operating systems will swap out unused memory to leave more RAM for caching
11:50 <+catphish> that's what one *should* be using swap for, not the other reason :)
11:50 < skyroveRR> catphish: he uses a better one, lol
11:50 < TandyUK> you miss the point lol, theres 40GB free ram, so wtf is it hoping to achieve :P
11:51 < TandyUK> and compressing memory to save 500Mb is just LOL
11:51 < shtrb|work> catphish, I know it doesn't that is why I asked about wc
11:51 <+catphish> i don't know about compression, that seems unnecessary
11:51 < shtrb|work> *ws
11:52 <+catphish> TandyUK: but it should be managing it intelligently, so it probably decided that cache was more useful that whatever it swapped out
11:52 <+catphish> on the other hand, maybe windows just sucks at memory management, i don't know
11:53 < skyroveRR> catphish: well, haven't you investigated? :P
11:53 <+catphish> i only know linux, which does this, but not when there's a ton of RAM available
11:53 < TandyUK> dunno it just seems rather pointless to swap out, and/or compress ram when theresa over 50% free
11:54 < TandyUK> when its running lower, sure go for it
11:54 <+catphish> my PC for example has 16GB RAM, 5GB is used for programs, 8GB is used for cache, it hasn't swapped anything out yet
11:54 < shtrb|work> catphish, if you wish to some fun caching try take ~32 GB from /dev/urandom and see how nicly it behave
11:54 < TandyUK> 13.5GB in use, 240MB compressed, 17.8GB Cached
11:54 < shtrb|work> I was hitting ~48MB/s recently on a Sata 3 link
11:55 <+catphish> TandyUK: yeah linux obviously has some threshold and won't do it pointlessly like that, like in my PC i have approx 11GB free, and it's only using 8 of that for cache, so no swapping
11:55 < TandyUK> yeah linux wont swap until it actually needs to
11:55 <+catphish> no, not *needs to*
11:55 < TandyUK> although there is a swappiness sysctl var that affects how aggressive it is
11:55 <+catphish> yes, you can indeed control it
11:56 < TandyUK> with swappiness=1, it literally will not swap until it is forced to
11:56 <+catphish> but depending on that setting, it makes a determination of what cache will be more useful than unused application ram
11:56 < TandyUK> 60 iirc is the default
11:57 < TandyUK> 5 is a more sane value imho
11:57 <+catphish> yep, 60 is the default, i don't know wxactly what that means, but it always works really well for me
11:57 <+catphish> only swaps out stuff that's not needed, and only when cache is being used
11:58 <+catphish> i'm still annoyed linux has no way to enable swap without allowing program memory use to exceed physical memory
11:58 < djph> it's too early, and I'm probably a dumbass for asking -- per a customer of an ISP in (unknown location), said ISP offers xDSL and Microwave for when the DSL fails; both of which provide the same "public(tm)" IP address.  I suppose it's possible to do this, but ... I'm just not wrapping my head around it
11:58 <+catphish> because it doesn't, i can't use swap on any servers
11:59 < shtrb|work> djph, there are dual wan and virtual ip
11:59 < shtrb|work> *virtual ip package
11:59 <+catphish> djph: there are plenty of ways they could do that, most likely it just does ppp, and when one goes down, it dials over the other
11:59 <+catphish> but it's also possible both are up and they use a routing protocol to route the IP over the best available link
12:00 < shtrb|work> djph, also multi link access
12:00 < djph> catphish: yeah, the fun part is the ISP apparently doesn't provide a router to handle this
12:00 < shtrb|work> djph, I remember mlppp being advertiszed in the past
12:00 <+catphish> mlppp is great for this, and even does loadbalancing, but i can't imagine it being used over different mediums
12:00 < shtrb|work> djph, why do you need a router for that if that's mlppp or virutal ip ?
12:01 < shtrb|work> catphish, mlppp was designed for that (I think)
12:01 <+xand> my ISP will automatically route my IP blocks over L2TP if VDSL goes down
12:01 <+catphish> shtrb|work: mlppp is designed to bond phone lines afaik
12:01 <+xand> VDSL uses PPPoE
12:01 < djph> shtrb|work: because I have no fucking clue what this person is doing - he's posting on forums, and I'm sitting here reading his "requirement(tm)" and just kinda going "erruwotm8"
12:01 <+catphish> that's another option, ppp on one line and a tunnel on the other
12:01 < shtrb|work> catphish, oh thanks, I thought it was designed for any , but nice to know
12:02 <+catphish> maybe they provide details on how to configure your own router to do this
12:02 < shtrb|work> Is that Orange by any chance ?
12:02 <+catphish> shtrb|work: well i see no technical reason you couldn't use it over different types of lines, just never seen it
12:02 < shtrb|work> because I was a customer , and was getting dual wan like that from them (but with 3G and wire)
12:02 < djph> No idea.  dude's being light on details
12:02 < shtrb|work> ok
12:03 <+catphish> if badgers chew through my fiber i'm screwed, no backup :(
12:04 < shtrb|work> badgers eat fiber ? I thought it's the rats which like the cables
12:04 < shtrb|work> also , fuck rats , can't they die in an easy to access places ?!
12:04 <+catphish> i was joking, i think it it mostly rats
12:04 <+catphish> though i've not heard of them chewing underground fiber
12:05 < djph> He writes too well to be in some backasswards country, but i'm envisioning his "public(tm)" IP is really CGN
12:05 < djph> but I have no proof
12:05 <+catphish> that would be pretty pointless
12:05 < djph> we've seen ISPs from backasswards countries use AOL as their CGN, so ...
12:06 < shtrb|work> "backassword" mean nothing about education , I once felt like a total fool near people from centeral africa
12:06 <+catphish> i don't think backasswards is actually a word
12:07 < ^7heo> for brits it isn't.
12:07 < ^7heo> but for the rest of the world, we're free to do ANYTHING!
12:08 < ^7heo> ENGLISH IS NOT OUR LANGUAGE, IT IS A JOKE!
12:08 < shtrb|work> I remember meeting few people from Centeral Africa , when one had applogized for only having a bachlor degree and not masters from ivy league like the rest of them
12:10 < regdude> I remember one guy from ZA cried because he didn't pass an exam in networking to get a certficiate
12:10 < shtrb|work> I would also had cried if I lived in ZA and was white
12:11 < shtrb|work> remove the white comment, someone who belived in white science
12:11 < shtrb|work> catphish, http://www.bbc.com/news/uk-scotland-highlands-islands-26480673
12:12 < djph> "white science"?
12:12 < regdude> he was black, not sure why that matters though
12:13 < shtrb|work> djph, https://www.youtube.com/watch?v=C9SiRNibD14 don't open if you have a tea in your hand or your mouth (it can cause spills)
12:13 < shtrb|work> Decallnization of science
12:19 < Apachez> and afterwards she uses her smartphone to post on facebook :D
12:19 < Apachez> both things created by those horrible horrible white scientists ;)
12:20 < shtrb|work> just to make it clear, it's not some Cape Town Uni thing, decolonization education and science is an actual thing against the "white science"
12:23 < shtrb|work> That is discussed at other places like https://www.cambridge.org/core/journals/australian-journal-of-indigenous-education/article/native-approaches-to-decolonising-education-in-institutions-of-higher-learning/E321E5482ED676EF62154F291313000E
12:24 <+catphish> idea for a product: continuous filter coffee machine
12:25 < dogbert_2> wouldn't the filter wear out?
12:25 < shtrb|work> ketting someone drink coffee and collect what get out of the other end ?
12:25 <+catphish> it just makes filter coffee continuously, perhaps using a conveyer belt made of stainless steel mesh
12:25 < shtrb|work> The filter should last fo 80 years!
12:25 < shtrb|work> catphish, why do you need to filter coffee ?
12:26 <+catphish> that's how software developers work, you put coffee in, code comes out
12:27 < shtrb|work> That a byproduct like bugs, smell, and sound
12:28 <+catphish> does posting it here stop me patenting it?
12:28 < detha> catphish: if you have a central heating system, just start pumping coffee through that, and install taps at each workstation
12:28 < detha> dual-purpose, and all that
12:29 <+catphish> still gotta brew the coffee somehow
12:29 < detha> that's the sysadmin's job, not the developers
12:29 < shtrb|work> human generate heat all the time, you could collect that
12:29 <+catphish> what if i'm all 3: sysadmin, developer, and coffee maker
12:30 < detha> then we call you Jack (of all trades)
12:30 < djph> catphish: where's my automatic networked coffeemaker?
12:30 < Apachez> and if you force everyone to wear a buttplug you can collect +37C of heat from each person (give or take)
12:30 < shtrb|work> djph, network attched coffee makers suck
12:30 < shtrb|work> they let everyone know when there is coffee in the pot , they come , and never refill
12:31 < djph> shtrb|work: yeah, because they're corporate-itized.  my 1990s-era networked toaster was much better
12:31 < shtrb|work> wtf is a network toaster
12:31 < detha> a cisco device. you plug it into your network, and your network is toast
12:32 < shtrb|work> lol
12:33 < shtrb|work> That I can understand
12:34 < shtrb|work> speaking of toasted network which geniuos thought it would be agood idea to push firmware upgrade on ISP level
12:35 <+catphish> that happens all the time
12:35 <+catphish> you have a managed router, your ISP upgrades it
12:35 < shtrb|work> in the past they had been sending an email, guess GDPR has it's fun result
12:36 <+catphish> i don't think that's why
12:36 < djph> no, it was a toaster, for making toast ... that we attached to a network
12:37 < shtrb|work> someone connected the wires to the Lan ?!
12:37 < shtrb|work> that is one hell of an angry admin
12:37 < djph> ... and then made a beowulf cluster out of.  But it couldn't play ... whatever the meme before "but can it play crysis" was
12:38 < djph> it was his idea
12:38 < djph> although, looking back, he *might* have meant the mac doorstops that were piled up in the corner
12:57 < banisterfiend> hi, when i run a certain program and then type 'ifconfig' the ipv6 addresses for one of my interfaces disappears
12:58 < banisterfiend> anyone know why this could be? ipv6 doesn't appear to be disabled though as i can still ping ::1 etc
12:59 < light> a certain program
13:00 < banisterfiend> light a vpn
13:00 < banisterfiend> vpn client
13:00 < shtrb|work> which one ? could it be it bring down the ipv6 address/generate a new interface / reload module ?
13:00 < light> and you think that software that changes your network settings may have changed your network settings?
13:00 < turtle> woah
13:01 < banisterfiend> shtrb|work all it apperas to do is just add ip6tables rules
13:01 < bezaban> is it a 'privacy vpn'? It could be taking down ip6 to avoid leaks because they don't support ipv6
13:01 < djph> light: networkception
13:03 < shtrb|work> banisterfiend, do you know the name for that application ?  . ::1 can be answered on lo (and not your ethernet card)
13:03 < banisterfiend> shtrb|work private internet access vpn client
13:04 < shtrb|work> They have ipsec, l2tp , pptp and openvpn which one ?
13:04 < banisterfiend> shtrb|work openvpn
13:04 < shtrb|work> TUN or TAP  ?
13:05 < banisterfiend> tun
13:05 < light> you can use the openvpn from your package manager
13:06 < light> just chuck all the .conf files in /etc/openvpn/client and systemctl start openvpn-client@<country>
13:06 < shtrb|work> does one of the scripts has "ipv6.method ignore" or conf.disable_ipv6=1 ?
13:06 < shtrb|work> but it would be better just to use the normal openvpn as light have shown you
13:07 < banisterfiend> shtrb|work normal openvpn doesn't come with killswitch etc
13:07 < shtrb|work> wtf ?
13:08 < shtrb|work> disconnect and systemctl stop does magic
13:08 < shtrb|work> so is the windows client , don't know about mac
13:08 < light> remove the original default route, if the VPN drops you will lose internet access
13:08 < light> just make sure you have a path to the VPN endpoint
13:09 < shtrb|work> light openvpn has a sane routing option to push a default gw via default gw
13:09 < light> split into two segments
13:19 < djph> because they can't use /0 (because the main default gateway ...)
13:31 < compdoc> anyone good with samba as DC or member server?
13:32 < light> yeah they do it because two /1's are more specific so they can keep the original default route in place but inactive
14:25 < transhuman> Hi! I have a Netgear GS108T maybe v2 not sure the docs read """In addition, the GS108T supports IEEE 802.3af standard for Power over Ethernet (PoE). It can obtain its power from either a PoE source or from an external AC power adapter. This gives an SMB flexibility when installing the switch in places where a power outlet is not present"""
14:25 < transhuman> does that mean I can buy some kind of power source and plug it into one of the rj45 ports?
14:26 < skyroveRR> transhuman: nope.
14:27 < transhuman> there is no way that the power adapter it has is going to power PoE devices
14:27 < transhuman> so how do I get it to work?
14:29 < transhuman> answered my own question---alternatively, unit can be powered by  IEEE 802.3af PSE via Ethernet port
15:18 < djph> how the hell is its external power source *not* capable of supplying PoE voltage?!
15:22 < regdude> there are some "poe" switches that work below 48V, but require 48V for 802.3at/af to work
15:27 < detha> Also, I have seen switches that will do PoE on up to 1/3 or half of the ports on a standard PSU, and PoE on all ports with a larger/more expensive one
15:32 < djph> regdude: sure, but that's usually as simple as "go buy a 48v 3A power brick"
15:39 < Apachez> ongoing bgp hijack attack against cloudflares public dns (1.1.1.0/24)  https://bgpstream.com/event/138295
15:40 < Phil-Work> Apachez, which AS is originating?
15:41 < Phil-Work> oh, that link says
15:41 < Phil-Work> I don't see it here... which would be unusual given that HE usually leaks like a sieve
16:17 <+catphish> i just has awful flashbacks to last night's attempt at conversation
16:18 < microwaved_> why is that?
16:18 <+catphish> it was just a failure
16:18 <+catphish> i think you had to be here
16:18 <+catphish> on the plus side, my new VM management system is looking very pretty
16:21 <+catphish> clim: identity crisis there? lol
16:27 < Apachez> catphish: pics or it didnt happen
16:27 <+catphish> lets pretend it didn't happen
16:28 <+xand> in here?
16:28 <+catphish> yes
16:29 <+catphish> when i should have known better and been sleeping :)
16:29  * xand is feeling rather apathetic at work... only three weeks left here and doesn't seem worth starting anything >.<
16:29 <+catphish> xand: take a guitar to work, take the time to learn to play
17:10 < grawity> hmm, how many firmware upgrades can an ubiquiti AP take before its flash starts failing
17:10 < Aleksandar86> hi
17:13 < name> your mother is a water buffalo
17:14 < v0Lk> grawity: how old is the device?
17:14 < name> right?
17:14 < name> im confused
17:14 < grawity> v0Lk: no idea, other than it's a picostation M2
17:14 < name> hi birb
17:14 < grawity> certainly a few years
17:15 < grawity> looks like just the webUI is broken for now, guess it'll do the job a while longer
17:15 < v0Lk> do you have a write count so far?
17:17 < Aleksandar86> What is good software for draw network diagrams topology
17:17 < Aleksandar86> ?
17:17 < Aleksandar86> freeware
17:17 < name> I smoked a chilum and had  to call an ambulance and a coastguard. the coastcard was to tow my jaw shut again
17:18 < name> 911 ambulance and coastguard pls
17:19 < name> my twat also sounds like a kazoo
17:20 < Aleksandar86> anybody here use Edrawsoft Edraw Network Diagram?
17:20 < name> yes actually
17:20 < name> edraw max
17:21 < name> but for a resource diagram and it failed
17:22 < name> use edraw mindmap cause its free and no trail
17:22 < name> the free version that is
17:22 < name> its ba
17:22 < name> basically exactually like max
17:40 < electricmilk> Any idea why so many staff workstations are trying to connect to settings-ssl.xboxlive.com ?
17:40 < electricmilk> Does something legit use that host? Possibly something with Office 365?
17:40 < UncleDrax> windows 10?
17:40 < electricmilk> Yes sir
17:40 < UncleDrax> win10 does xbox things
17:40 < heller_> 7g #vag
17:40 < heller_> oops
17:41 < electricmilk> ah I see.  Our content filter is blocking it though
17:41 < UncleDrax> i don't know details of what it does beyond it does.
17:41 < NeilHanlon> probably not the best place to ask, but anyone seeing awful loss on level3?
17:42 < electricmilk> UncleDrax,  Perhaps when staff logs into their Windows account it tries to connect to Xbox server as well
17:42 < electricmilk> NeilHanlon,  Nope
17:43 < UncleDrax> Level3's pretty big.. they probably have something broken somewhere at any given time. That said, obligatory reminder interp  Traceroute correctly (only mention because it's common)
17:47 < NeilHanlon> yeah I'm getting like 80% packet loss on via level3 from Boston to Europe
17:55 < Riez> If any one is familiar with multipeer connectivity in iOS 7, can you explain how something like that works efficiently?
18:52 < sql00_> hello
18:56 < sql00_> I exported netflow records to Elasticsearch(ELK) and I want to detect SSH tunnels on port different 22. How can I detect SSH Tunnels, Failed SSH login attempts and Successful Logins?  Thanks in advance
19:00 < strixdio> is a DMZ basically just a separate subnet?
19:01 < E1ephant> yeah I think that is the only safe assumption
19:01 < strixdio> Okay, thanks.
19:01 < E1ephant> anyone else is likely to tact on  $random-default  with that tho
19:01 < strixdio> ?
19:02 < E1ephant> like some vendors may extend that assumption
19:02 < E1ephant> with random settings
19:03 < strixdio> Oh, alright. Specifically I'm using pfsense, and am considering the use-case for a DMZ.
19:03 < E1ephant> as in, the DMZ also means no NAT, or doesn't hit a specific fw chain/policy
19:03 < strixdio> Ah, okay.
19:03 < E1ephant> sql00_: not sure how you could detect tunnel usage in netflow (just syslog in elk should do this?)
19:04 < electricmilk> NeilHanlon, You can also use the tool MTR to trace the path and see where the packet loss takes place.  I find it a bit handier than traceroute for detecting packet loss.
19:05 < electricmilk> NeilHanlon, https://www.linode.com/docs/networking/diagnostics/diagnosing-network-issues-with-mtr/
19:05 < NeilHanlon> electricmilk: yeah I think this might be some flapping routes with level3 to us in Somerville, MA
19:05 < NeilHanlon> not exactly sure.. contacted our Colo's NOC for them to troubleshoot
19:05 < electricmilk> Packet loss issues are the worst
19:05 < NeilHanlon> https://gist.github.com/NeilHanlon/1547427d04ec23a96640a59ea8937242
19:06 < electricmilk> Took our ISP about 3 weeks to finally fix.  They just kept sending out technicians to replace the modem. Ugh
19:06 < electricmilk> At bad times we had like 80% packet loss..then it would work fine for about 15 minutes.
19:06 < NeilHanlon> yeah much easier to fix/diagnose if I have direct access to it.. this is like two hops away
19:06 < electricmilk> Yea..nothing you can do about that but complain
19:07 < NeilHanlon> some MTRs show the loss at that level3 node... some MTRs somehow show the packetloss at our border (99% sure that's MTR weirdness)
19:07 < NeilHanlon> unfortunately our origin taking >30s to respond to our CDN means a lot of our clients either wait 30+ for the page, or don't get it at all
19:07 < NeilHanlon> which means we're losing money
19:07 < NeilHanlon> https://shrug.pw
19:07 < electricmilk> What kind of loss are you getting?
19:08 < electricmilk> (percentage)
19:09 < NeilHanlon> 80%
19:10 < electricmilk> yea that's no bueno
19:11 < electricmilk> Our Internet Service options out here are horrible so we have 3 different ISP's
19:11 < detha> NeilHanlon: 80% to destination, or 80% to som intermediate hop?
19:13 < tom_ato> yeah 80% is "my service is hard down, fix it" kind of stuff....
19:15 < NeilHanlon> detha: through some intermediate hop
19:16 < NeilHanlon> example mtr: https://gist.github.com/NeilHanlon/455e0210fd441a1a2076df6707db2b11
19:16 < Apachez> d
19:16 < detha> NeilHanlon: if the 'redacted' one is the endpoint, that's a perfectly fine link
19:17 < Apachez> just igbnore that loss
19:17 < Apachez> it only means that hop filters icmp ttl expired messages
19:17 < detha> control plane limiting in some router, doesn't concern you
19:17 < Apachez> or rather throttles them
19:21 < cortexman> My internet (Comcast + wifi) is experiencing some kind of quite regular very brief disconnects
19:21 < cortexman> What's a good tool to use (linux) to characterize this so as to plot it
19:21 < NeilHanlon> I understand that; our origin is taking way too long respond to things and we're not finding any evidence it's our application or internal network.
19:21 < cortexman> I know how regular it is because I use Citrix regularly, and it tries to reconnect every time it happens, whereas otherwise it's usually not visible (although occasionally it is).
19:22 < djph> cortexman: don't even need linux.  (1) scrap the isp-supplied gateway.  (2) install your own modem and router and wireless APs (preferably all different devices)
19:22 < electricmilk> also can just plug an ethernet cord directly into the box and see if the disconnect happens...rule out WiFi
19:23 < Apachez> 3) strip nude on the balcony
19:23 < NeilHanlon> sure it's not just citrix? ;)
19:23 < Apachez> 4) do the "helicopter" and call it a day
19:23 < electricmilk> lol
19:23 < NeilHanlon> oh sorry spelled citrix wrong. shitrix
19:25 < detha> NeilHanlon: you mentioned 30 seconds. that sounds almost like DNS timeout somewhere. How does the CDN connect to origin?
19:27 < NeilHanlon> not exactly 30s. CDN to origin seems fine other than them seeing a lot of "time to first byte" timeouts, which means it's taking over 180000ms to receive the first byte from our origins
19:27 < NeilHanlon> they connect over IP, not using DNS
19:28 < NeilHanlon> it really sounds like something inside our app but we can't find any evidence of that anywhere :(
19:28 < cortexman> @djph not an option, internet provided by landlady to whole complex
19:28 < djph> cortexman: well, then you're boned.
19:28 < cortexman> i just need to characterize the problem so comcast can't say the signal looks fine
19:28 < cortexman> no... they just need proof.
19:29 < NeilHanlon> comcast won't accept any proof of anything, in my experience
19:29 < cortexman> ok, but can we focus on the technical element..
19:29 < cortexman> how do i generate a plot of this
19:29 < djph> here's the deal, comcast *will* say the signal's fine, because the signal that they care about (i.e. whatever the cable version of a DLSAM is to the modem) is *fine*.
19:30 < cortexman> i'm thinking a tool that maintains a connection to a server i control, and documents all hiccups
19:30 < djph> after that, it's you're own fucking problem.  Since you said "wifi", it's quite likely "your landlady" has shit options set.
19:30 < djph> ... holy hell ... s/you're/your/
19:30 < cortexman> no man, it's probably the cable, hanging everywhere outside the building
19:30 < NeilHanlon> cortexman: i mean `ping` would probably be your best bet. ping your wifi gw
19:30 < cortexman> could also be wifi interference
19:30 < tom_ato> yeah if you have communal wifi, its always shit
19:30 < cortexman> in any case, how do i document what i see
19:30 < detha> NeilHanlon: time for some more in-depth testing then. Hit the CDN with a bunch of unique urls you can easily pick up and timestamp in your logs, script it for one hit per 10 seconds, compare
19:31 < tom_ato> i can also say, with extreme confidence, that comcasts wifi + modem gateways are awful
19:31 < tom_ato> they don't do any band steering
19:31 < cortexman> NeilHanlon: what about the case where it's not the wifi
19:31 < tom_ato> the signal loss is awful over short distances
19:32 < djph> cortexman: if there's coax all over the building, that's still your landlady's problem (and not comcast's network)
19:32 < cortexman> the router is quite close to me. ~15 feet, although two walls inbetween
19:32 < NeilHanlon> detha: we're trying to compare with our testing tool (catchpoint) but since their tests timeout after 30s, it's hard to say for sure.... definitely still digging into it
19:32 < detha> 'walls' or real brick walls?
19:32 < tom_ato> If you're sharing it with other people...then yeah. Its hard to say how many factors could be influencing that.
19:32 < cortexman> "walls"
19:33 < djph> comcast is only responsible up to their dmarc - usually for inbound cable, where tehy have the little grounding connector on the outside of the building.
19:33 < tom_ato> How many others could be connected to it at once?
19:33 < cortexman> 6 devices atm
19:34 < cortexman> ipad iphone xbox looks like a couple of laptops
19:35 < cortexman> so, about that tool. ping seems an odd choice
19:36 < cortexman> how about a persistent connection of sorts that doesn't tolerate disconnects. maybe a particular configuration of ssh, and a script to restart it whenever it drops
19:36 < detha> NeilHanlon: no need for fancy tools, it can be as simple as while :; do curl http://...?x=$(date +%M%S); sleep 10; done
19:37 < cortexman> i think I would need it to be streaming
19:37 < djph> really, you need a *wired* box to be able to test this with
19:37 < cortexman> need to evade tcp reconnects
19:38 < cortexman> i'm not going to get a wired box, but i can see it happening in Citrix so I should be able to do it over wifi
19:38 < cortexman> i'm pretty sure it's the cabling in any case
19:40 < NeilHanlon> Citrix... desktop? receiver?
19:40 < cortexman> receiver
19:41 < cortexman> I thought it was because I was connecting to Australia. turns out it works perfectly over my phone tether
19:42 < djph> you have too many variables in this test.  Wifi is one of them.
19:42 < djph> until you can rule out wifi, you can't point at the ISP and say it's their service
19:42 < detha> cortexman: brief disconnects screams 'wifi' to me. Could not be true, but it is the first thing I would eliminate yes
19:42 < djph> (granted, you also have to rule out that it's the ISP-supplied gateway)
19:42 < cortexman> they replaced the gateway this week
19:43 < djph> then not likely the gateway itself, so you're back to "wifi"
19:43 < detha> or ISP changing NAT every 5 minutes
19:43 < djph> it's comcast, they don't CGNAT (or, well, at least they didn't when I had to be a customer of theirs)
19:45 < cortexman> i'm thinking I set up a server on AWS and measure synthetic syn-ack latency to generate the plot
19:46 < cortexman> then i have comcast come in and set up a router in my apartment and we do it again
19:47 < cortexman> i'm concerned this test won't really detect the problem. it's basically ping.
19:48 < cortexman> need to stream.
19:48 < tom_ato> i mean, you could stand up a virtual firewall in aws somewhere, create an ipsec tunnel from where you are
19:48 < tom_ato> and then do a UDP iperf test and leave it up till it breaks
19:48 < tom_ato> but good luck explaining that
19:50 < djph> $10 says the problem is one of (a) the wifi, (b) other infra that's still not comcast's problem.
19:50 < cortexman> tom_ato I have an OpenVPN instance ready - could do udp iperf over that and measure disconnects
19:51 < cortexman> not sure what the point of the extra layer is
19:51 < detha> cortexman: totally different test though - openvpn keeps the tunnel interface up through quite a bit of packet loss
19:52 < tom_ato> yeah, the point is just to be able to have an iperf endpoint over the internet
19:52 < tom_ato> but in any case, have you done a packet capture on your local machine to test this at all / see if anything weird happens
19:52 < detha> for test you could do a straight iperf endpoint, firewalled down to only one address
19:53 < tom_ato> i had an issue like this once where windows power settings for my WiFi nic were at some decreased level
19:53 < tom_ato> and my NIC was not compatable, so every minute or so i would see a bunch of ARPs go out
19:53 < tom_ato> and then it would hang
19:53 < tom_ato> and then it would come back, and windows never reported anything like the NIC being disabled or going offline
19:53 < tom_ato> it was literally just pausing all i/o on it periodically
19:55 < cortexman> thanks. i will have to study what an ipsec tunnel is. i have saved this chat.
19:59 < shangul> Hi, could an address example.com point to a hostname and a port(example.net:8080). e.g. when user tries to connect to example.com, actually is connecting to example.net:8080
20:00 < DoctorDick> Yes
20:01 < shangul> DoctorDick, How? If it's possible with DNS, record name/type would be enough.
20:02 < derpingit> hi guys. i need a device that will max out my 200/40mbit pine running openvpn. (connecting to torguard) . any suggestions?
20:03 <+catphish> suggestions for what? isn't maxing out the pipe exactly what you want?
20:04 < DoctorDick> derpingit, You can do it with a reverse proxy
20:04 <+catphish> also, isn't "torguard" a rather misleading name for an "anonymizing" product that isn't based on tor?
20:05 < DoctorDick> oops wrong person
20:05 < DoctorDick> shangul, You can use a reverse proxy
20:06 < shangul> thanks, I'll search about it
20:13 < Apachez> perhaps its based on the god Tor ?
20:14 < UncleDrax> "Tor is a genus of cyprinid fish commonly known as mahseers.". TY Wikipedia!
20:15 < UncleDrax> I think the God is 'Thor'.. but I can't account for spellings in languages other then English.
20:23 < brianx> hopefully it's not me, but the link in the title says server not found and dig shows NXDOMAIN, but does have a nameserver for nanoSouffle.net.
20:23 < brianx> i'm using debian and have a public IP.  i would like to do something similar to the rewrites that are done by home wifi routers where a port on the debian machine is directed to a port on an internal machine, but in my case i want the redirected port to go to another machine on the public internet and to a different port number.  the source should be rewritten so that the reply goes through the debian
20:23 < brianx> machine as well.  my goal is to bypass a port blocked by the isp on the target but not on the debian machine.
20:25 < brianx> can anyone point me in the right direction for this kind of rewrite?
20:27 < DoctorDick> You'd want a reverse proxy then?
20:28 < brianx> i would prefer not to use a proxy but do it in iptables.  i don't want to configure software to understand the protocol.
20:30 < shangul> DoctorDick, talking with me?
20:30 < DoctorDick> shangul, Nope
20:31 < brianx> i assumed that was to me, right DoctorDick?
20:31 < DoctorDick> Yes brianx
20:32 < DoctorDick> Yeah I mean you could use iptables
20:32 < DoctorDick> But a reverse proxy is definitely easier
20:33 < brianx> DoctorDick: do you know the name of any smtp reverse proxies that handle this without creating an open relay?
20:33 < DoctorDick> no
20:33 < brianx> i'm sure sendmail can do it, but sendmail is a pita.
20:35 < brianx> DoctorDick: is there a way to rewrite at the tcp/ip layers so that the packet hits the debian box, is logged much like NAT, rewritten, sent to the real target on it's different port with the debian box as the source, then the server can reply to the debian box who would reverse the process, just like happens in NAT?
20:35 < Barones> Hi, I'm stumbling in a way to document the logical/ports topology of a ISP, is there any tool or best practice to that?
20:44 < ouemt> with freeradius, is there a way to have PSK and authed devices on the same wireless network?
20:47 <+catphish> ouemt: you'd define 2 separate ESSIDs
20:49 < ouemt> catphish: got it, so the capability requires an AP that can do that (which is what I'm lacking)
20:50 <+catphish> ouemt: i'm surprised any access point exists that can do radius but not multiple ESSIDs
20:50 < ouemt> I can have 1 each on 2.4 and 5 GHz, so I was hoping I could get away with putting both on the same
20:50 <+catphish> but if that's the case, you're probably stuck :(
20:50 < ouemt> catphish: ancient airport extreme
20:50 <+catphish> ouemt: see if you can flash it with openwrt, that might help
20:50 < ouemt> working on getting a UAP-AC-PRO
20:51 <+catphish> i use various UAPs including AC-PRO
20:51 <+catphish> they're awesome
20:52 < ouemt> I didn't think openwrt was compatible with any of the apple gear
20:53 <+catphish> ouemt: might not be, i don't know
20:54 < ouemt> kk, I'll just wait to implement radius until I get the new AP
20:54 < ouemt> maybe I can figure out a way to do PPSK then too
20:54 <+xand> no Apple stuff on their list of hardware :(
20:55 < ouemt> can't say I'm surprised
21:17 < brianx> does anyone else have any idea how i can use the iptables interface to redirect smtp email on port 25 to another public computer on a different port number?  (my local isp blocks port 25, my debian box has an isp that does not but is not local.  i want the email server here for fast access.)
21:17 <+catphish> brianx: you need a SNAT rule and a DNAT rule
21:18 < brianx> catphish: i've been trying SNAT and DNAT.  so far, something is eluding me.
21:19 <+catphish> start with the DNAT: iptables -A PREROUTING  -p tcp -m tcp --dport 25 -j DNAT --to-destination 1.2.3.4:2599
21:19 <+catphish> that will forward any packets on port 25 to 1.2.3.4:2599
21:19 < brianx> there's a problem...  i was using INPUT. :-|  and the DNAT?
21:19 < brianx> err SNAT?
21:19 <+catphish> INPUT won't work :)
21:20 < brianx> yeah, discovered that.  gives an error. :)
21:20 < imnotfat> hi guys, does someone grok bittorent?
21:20 < brianx> the DNAT looks promising.  what about the SNAT part catphish?
21:20 <+catphish> brianx: you need to follow this up with a SNAT, the easiest way to do this is like this: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
21:21 <+catphish> that will make anything that leaves eth0 get rewritten with eth0's IP address
21:21 <+catphish> replace with the appropriate interface
21:21 <+catphish> finally, you need to make sure you have IP forwarding enabled
21:21 < brianx> catphish: thank you.  i'll have to use the port number to make only that port get changed but i can live with everything leaving to the selected port or from the selected port (whichever works) ends up rewritten.
21:22 <+catphish> "net.ipv4.ip_forward = 1" in /etc/sysctl.conf, and run sysctl -p to apply it
21:22 <+catphish> does this host forward other traffic?
21:22 <+catphish> i was assuming it didn't :)
21:23 <+catphish> anyway, you can make that SNAT way more specific if you want
21:23 < brianx> ahh, i had only done forwarding temporarily. knew i needed to look up the way to make it permanent. thanks for that too.
21:24 < brianx> not at the moment, but i'd prefer to have flexibility on what gets forwarded when and to where.  i'm guessing the -m tcp --dport 2599 would work on the SNAT.
21:24 <+catphish> iptables -t nat -A POSTROUTING -o eth0 -d 1.2.3.4 -j MASQUERADE
21:24 <+catphish> that would only NAT things to that specific host
21:24 <+catphish> you should add the port to that too
21:24 < brianx> that works too. :)
21:25 <+catphish> hopefully that all makes sense :)
21:25 < brianx> it does.  thank you.
21:25 <+catphish> cool
21:25 < brianx> i was using the wrong table.  stupid error on my part.
21:25 <+catphish> ah yes
21:25 <+catphish> did you test it? hopefully all works
21:26 < brianx> be a few minutes before i can apply it but i'm hopeful now.
21:26 < imnotfat> ok guys, does someone grok uTP connections at least?
21:27 <+catphish> brianx: good luck :(
21:27 <+catphish> * :)
21:27 < brianx> :)  thank you.
21:28 < brianx> if i timeout... something went wrong. :-p
21:32 < imnotfat> guys i have some options that says ""Apply rate limit to uTP connections"" and there is no documentation. IF you have any ideas what this may mean, pls sayy
21:36 < djph_> imnotfat: Apparently, it "rate limits UTP connections"
21:37 < imnotfat> djph_, i was downloading with Bittorent, i removed that option, and my download speed increased 10x times. I wonder why they would such an option on purpose
21:38 < djph_> so that BT isn't the only thing that's using your bandwidth
21:38 < imnotfat> djph_, you mean so i can use other apps and stuff?
21:39 < djph_> no, mostly because "ew, fucking hipsters and their apps" ... but I suppose so.
21:40 < imnotfat> i wonder why would they do it by default. It's a terrible design. I spent 3 years waiting for downloads, and it got suspicious how i always download everything with 1 mb, so i went into settings and it was that option's fault. They could have done something like "full bandwidth" and "normal" mode. This way a person can see what mode he wants
21:41 < brianx> is "uTP" UTP, or is it something torrent specific?
21:41 < UncleDrax> so for the record, it's µTP (micr transport protocol)
21:41 < UncleDrax> vs the wire
21:41 < UncleDrax> :]
21:41 < brianx> thanks UncleDrax.
21:42 < imnotfat> I think they have something they win when they limit that, its not only other app usage
21:42 < pekster> In theory it's supposed to share bandwidth better with other applications, but in practice it doesn't do much, moreso if it's used in conjunction with standard TCP as an underlying delivery layer
21:43 < pekster> It's also only used with supporting peers, as not all clients support it
21:43 < imnotfat> got it, thanks. Such a useless option, probably millions of people have it and they download slowly :(
21:43  * pekster was referring to µTP in general, fwiw
21:43 < UncleDrax> NAPSTER BAD... wait.. agian.. i keep forgetting it's not 2000
21:44 < pekster> I'd love to see the DMCA complaint for my FOSS seeding ;)
21:44 < imnotfat> pekster, "If you don't have "Apply rate limit to uTP connections" checked, uTP peers+seeds can EXCEED your download and upload max speed limits in qBT! (usually this is undesirable, but not always) So usually it's best to have that enabled."
21:44 < evilbug> anyone have experience with the ubiquiti UAP-AC-PRO-E ap?
21:44 < imnotfat> what does he mean by undesirable?
21:45 < UncleDrax> not desired. unwanted. ill-conceived.
21:45 < imnotfat> :D
21:45 < imnotfat> i mean why is it undesirable, is it undesirable for the system (all peers as a whole) or just for me
21:46 < evilbug> i'm looking to cover a 1600 sq. ft. house on a 9500 sq. ft. property, would i need more than two of those?
21:46 < imnotfat> if its undesirable for the system but ok for me, im gonna use it, because fuck the system, thats why
21:47 < imnotfat> guys also, when i use TOR, is there some software that the ISP can use for traffic analysis and then find me out?
21:47 < imnotfat> or they do that just for bad guys specifically
21:47 < Maarten> evilbug, two should do fine for the house. If you desire wifi at the edges of the property, you may also want to look into one outside AP, but if 50-100 Mbps at the edge of your property is fine, those should do the job just fine.
21:48 < evilbug> two of those just for the house?
21:48 < UncleDrax> also obligatory "it depends", but 2 in 1600sqft sounds like a reasonable guess.
21:48 < pekster> imnotfat: traffic analysis is a thing (trying to correlate encrypted traffic with monitored traffic onto a clearnet host) but that's a tough challenge, and much harder if you're visiting a .onion hidden-service. A bigger issue is often good opsec when using tor
21:48 < evilbug> Maarten: and yeah, an outside one i'm sure would be required.
21:49 < UncleDrax> is your house metal stud in the middle of 10in thick earth-rammed brick? if so, you'll prob want an AP in every room.
21:49 < evilbug> irl i'd like to have amazing coverage on the property because there's no cellular service in that area.
21:49 < Maarten> evilbug, sure. I have a 1950 sqft property (one floor) with two Unifi AP Pro AC's inside the house, and I get 500+ near the AP's, 200-300 behind 1 wall, 150-200 behind two walls, and 100 Mbps+ on pretty much all of the property. (7,000 sq ft)
21:49 < evilbug> UncleDrax: nah, this is california so everything is made of wood.
21:50 < imnotfat> pekster, how do ISPs in germany and other countries find people that download stuff, do they just check if a .torrent file has been downloaded, what if i use VPN, then im invisible right?
21:50 < imnotfat> im just asking in case you know*
21:50 < Maarten> I am also in CA (SoCal) - wooden house also.
21:50 < pekster> imnotfat: Um, torrenting over tor is a _really_ bad idea. The tor project has an entire page dedicated to why
21:51 < evilbug> crap, ok. in this case i'd need 3-5 (in case the storage basement gets turned into a living space).
21:51 < pekster> Tor will, very anonymously, publish your actual IP to trackers in many cases. Plus it's basically abuse of the limited resources that is tor bandwidth :\
21:51 < Maarten> imnotfat, I don't do a LOT of torrenting anymore, but I basically have a dedicated VM on a server that is *always* connected over VPN to Canada, and I do my torrenting on it. I use PIA for it as PIA supports port forwarding, which is kind of crucial for good torrenting.
21:52 < LWong> How efficiently can a server check if a given device is in the same county at all times?
21:52 < UncleDrax> efficiently? you mean effectively? you can't. but you can make some guesses based on the Public facing IP of that device.
21:53 < UncleDrax> unless you have a state mandated inspection of all ingress/egreess to the area and can say 'device is on inside or outside of this split'
21:53 < UncleDrax> and even then you can get around it
21:53 < UncleDrax> see: tunneling
21:54 < imnotfat> guys another unrelated question, why do DDoS attacks work when every router can just use IP filtering and then it makes spoofing impossible?
21:54 < brianx> lol, blocking port 25 is so common that i forgot my test client has it blocked too. :-/
21:55 < pekster> Often ddos nodes are legit machines infected with malware; there's no amount of anti-spoofing protection that can stop that
21:55 < imnotfat> pekster, so ip spoofing is old stuff that doesnt work anymore right?
21:55 < UncleDrax> IP Filtering how? or are you asking about BCP38 stuff?
21:55 < pekster> Other times it's an exploit on BGP ACLs or loose firewalling from parts of the world that don't do good filtering to begin with
21:56 < pekster> Any/all of the above can be a factor in the generation of ddos traffic
21:56 < Maarten> brianx, people shouldn't be using port 25 anymore anyways, its pretty clear text and sniffable.... use encryption on port 465, pretty much no provider blocks that.
21:56 < imnotfat> UncleDrax, i dont know what BCP38 is, just asking out of curiosity
21:57 < UncleDrax> imnotfat: https://tools.ietf.org/html/bcp38  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing @ alauchacounty.us
21:57 < evilbug> Maarten: how's the uptime on the uaps?
21:57 < UncleDrax> ignore that last part. bad paste.
21:57 < imnotfat> haha i saw that paper, looked too scary ;d
21:57 < brianx> Maarten: incoming mail still comes on port 25.  i'm not sending it.
21:58 < Maarten> evilbug, well.... UBNT comes out with new firmwares once or twice a month, but I've never seen one reboot by itself.
21:58 < UncleDrax> basically it's what you said. BCP just means Best Current Practice. it's a recommendation for netork operators to ..well.. do that.
21:58 < evilbug> gotcha, that's decent. Maarten
21:59 < LWong> UncleDrax: Effectively in the sense to have very little cost for doing so.
21:59 < Maarten> brianx, ah :) ask your provider to lift the port 25 block on your  account. AT&T will do that, not sure about other providers. if its business provider they have no business blocking port 25
22:01 < UncleDrax> LWong: gotcha. Geo-Locate by IP is a thing. I have not done it so I don't know if people publish easy to use services for free. someone else here might have a better idea.
22:01 < brianx> Maarten: comcast doesn't even know what port 25 is until you pay for an extended support ticket. then they just say, buy a business line for 5x as much.
22:01 < Maarten> evilbug, run the controller on a linux box (free), or get the cloudkey which runs a controller for you if you don't have a linux box. It is said the controller runs on Windows too, but I have never tested.
22:02 < brianx> apparently in a comcast world, nobody runs their own mail server unless they're a business.
22:02 < evilbug> Maarten: that's the ubiquiti software?
22:02 < imnotfat> thanks for help pekster, UncleDrax
22:10 < evilbug> Maarten: ?
22:10 < brianx> evilbug: yes the controller is a ubiquiti program
22:10 < TandyUK2> brianx: spend $5/mo on a VPS and put it in a datacenter
22:11 < TandyUK2> even if the thing in the DC is just essentially a port forwarder
22:11 < brianx> TandyUK2: that's exactly what i have.  now i need it to send my data here so i can use it.
22:11 < TandyUK2> vpn tunnel between your location and dc then
22:11 < TandyUK2> no way comcast can block that
22:11 < TandyUK2> give your local machine a public ip from the DC range too if you need to
22:12 < brianx> i gave up on openvpn and their magic un-diagnosable routing.
22:12 < TandyUK2> pfsense on a $5 vps would do that no problem
22:12 < TandyUK2> oh fuck openvpn
22:12 < UncleDrax> brianx: tbh, I see way more 'we are running a open relay mail server? what's that?' then I see 'We need to run a mail server'. but for our BizClass that's jsut raw Inet.
22:12 < TandyUK2> ipsec is all i use
22:12 < deepy\ito> Lots of people think 'hey I want to run a mail server' but they're mistaken and wrong
22:13 < deepy\ito> Some people when they hear this think 'But hey, I know better, I need to run a mail server', they are the ones who are especially wrong and really shouldn't run a mail server
22:13 < TandyUK2> lots of people genunely need something local to send email, but go down the 'run a mailserver' route, rather than just installing an smtp smarthost to forward stuff onto whatever your mail provider is
22:13 < brianx> UncleDrax: the defaults have improved since 25 years ago when i first started running one.  they're usually unwilling to forward except from a private address range.
22:14 < UncleDrax> fair enough
22:14 < xamithan> So my ISP won't let me run a mailserver from home?
22:14 < evilbug> brianx: thanks.
22:14 < deepy\ito> xamithan: odds are good that they won't
22:14 < TandyUK2> very very few consumer ISPs allow mailservers period
22:14 < xamithan> That sucks
22:14 < deepy\ito> No, it's a good thing
22:14 < deepy\ito> it helps combat spam
22:14 < TandyUK2> 99% of the time a home mailserver is just a spam source imho
22:14 < brianx> do i "need" local??  no.  but i have had it forever and like that my mail is all right here.
22:14 < xamithan> I got a VPS that runs it now but I'd like to move it to home when I get better speeds
22:15 < deepy\ito> 99% of the time a home mailserver is part of a botnet
22:15 < brianx> why would a botnet want to receive mail?
22:15 < derpingit> hi guys
22:15 < brianx> control?
22:15 < xamithan> I don't see the difference between a VPS and my home running it as far as security wise
22:15 < TandyUK2> brianx: they dont, they send a hitton though
22:15 < TandyUK2> shitton*
22:15 < UncleDrax> ya i don't think we care about POP3/IMAP ports.. only SMTP
22:15 < TandyUK2> although some do recieve, to validate the eixstance of their targets, if not just dictonary attacking
22:15 < brianx> sending isn't the issue. that's easy enough to deal with.  it's receiving it.
22:16 < brianx> i checked a few minutes ago, i sent 2 emails so far this year.  not a big sender.
22:16 < derpingit> i am trying to offload all my routing through a pc because my router is not fast enough for openvpn . i will be building this ona windows10 withiing a hypervisor vm. do i need to install a full pledge OS to run openvpn client only?
22:16 < derpingit> like debian or ubuntu?
22:16 < TandyUK2> brianx: it surprises me that _inbound_ port 25 is being restricted
22:16 < TandyUK2> outgoing makes perfect sense
22:17 < brianx> TandyUK2: i agree, but it almost universally is.
22:17 < deepy\ito> TandyUK2: it's easy enough to just go '25 banned'
22:17 < brianx> at least in the states.
22:17 < TandyUK2> though theyre probably trying to stop idiots being open relays
22:17 < UncleDrax> derpingit: if you haven't already, look at a software package solution like pfSense
22:17 < xamithan> There is lots of things that'll run openvpn.  My favorite is pfense because it is easy
22:17 < felda> YES PFSENSE IS BAE
22:17 < brianx> you can't be an open relay if you can't send.
22:17 < xamithan> You could run openwrt or opensense,  clearos,  bsd,  whatever
22:17 < TandyUK2> derpingit: another +1 for pfsense, although a massive -1 for openvpn
22:18 < deepy\ito> What's wrong with openvpn?
22:18 < xamithan> Nothing if you use the right encryption with certs
22:18 < TandyUK2> personally ive just never got on with it
22:18 < TandyUK2> pptp/ipsec/l2tp have never given me any grief
22:18 < brianx> hate openvpn and it's magic undiagnosable routing.  the encryption is solvable.
22:18 < UncleDrax> derpingit: the take away though is really - you don't need a 'full fledge OS' inside a HyperVisor, when there are plenty of purpose-built appliance-OSes that you can run instead
22:18 < deepy\ito> What I love about openvpn is that I can have any client on any operation system
22:18 < TandyUK2> dont thinks ive ever got openvpn working properly (and reliably for any length of time)
22:19 < brianx> deepy\ito: that is a big plus to it.  hate it otherwise.
22:19 < TandyUK2> ipsec (for site to site) and l2tp/ipsec (for mobile clients) are just setup and forget
22:19 < deepy\ito> l2tp/ipsec on macOS is shitty though
22:19 < deepy\ito> or maybe it just was if I wanted to authenticate against AD
22:19 < TandyUK2> done use a shitty mac then
22:20 < deepy\ito> If I'm productive on a mac I'll use it, screw your conceptions about them
22:21 < TandyUK2> I look after around 3000 pcs/servers running windows/linux, and about 300 macs
22:21 < TandyUK2> the macs are more work
22:21 < deepy\ito> To do my previous job I pretty much needed a browser, terminal, and an IDE
22:21 < TandyUK2> and generally result in a much higher amount of support calls etc
22:21 < xamithan> so you needed a chromebook
22:21 < TandyUK2> mainly due to the idiots that tend to use them though imho
22:22 < TandyUK2> maybe youre one of the wierd mac users, who actually knows what hes doing
22:22 < deepy\ito> I multi-os, so I'd be the worst support call you could get
22:22 < xamithan> The standard mac user will cry for a macbook then install parallels and use windows software
22:23 < TandyUK2> indeed lol
22:23 < deepy\ito> I run Linux at work with a VM for the office suite
22:23 < TandyUK2> thatsa the first call we get from most people with a new mac... "how do i run <insert windows specific piece of software>"
22:24 < xamithan> I'm lucky the only calls I get from mac users are how to install their remote desktop software so they can login to the VDI server to do their work
22:24 < deepy\ito> Have you tried the ms remote desktop for macOS?
22:24 < Maarten> We have a hundred or more engineers running Ubuntu on the desktop.... multibooted with Windows. They always complain about Windows related stuff though.... :D
22:25 < deepy\ito> I don't remember why anymore, but I was really really positively surprised by the remot desktop on macOS
22:25 < xamithan> Yep thats the only I install.  Just tell them to search for on app store
22:26 < deepy\ito> But have you used it? It's so nice
22:26 < xamithan> I have not.  I'm too poor for a mac
22:26 < xamithan> I use remmina
22:26 < deepy\ito> Borrow one at work and try it out, it's so nice~
22:26 < xamithan> My work doesn't have them.  Only our clients
22:27 < deepy\ito> Ah, you're not missing out on much
22:27 < deepy\ito> well iTerm2 is by far the best terminal I've ever used and probably the reason why I still use a Mac
22:28 < deepy\ito> But beyond that all the niceties come from being Unix or are simply opinions
22:28 < xamithan> I've heard that from people.  But a terminal is a terminal to me. O.o
22:28 < xamithan> As long as it has tabs I'm good
22:28 < deepy\ito> Honestly, iTerm2 is so good that it makes me cry for Linux/BSD
22:29 < Maarten> I use mRemoteNG on my windows desktop for RDP
22:29 < deepy\ito> I'm a big supporter of BSD and I use Linux at work, but there's nothing that's even close to iTerm2
22:31 < xamithan> So since you use iterm2.  How does terminology compare ?
22:31 < electricmilk> Hmm.  I just bought a Lenovo after years of being a Mac user for my personal laptop
22:32 < derpingit> UncleDrax afaik pfsense is a full fledge router solution. i already have a pretty intricate network setup using ubiquiti ptmp antennas + edgerouter.
22:32 < derpingit> thank you tho
22:32 < xamithan> Why not just use the openvpn appliance then?
22:32 < xamithan> If that is all you want
22:33 < deepy\ito> I'll give terminology a try tomorrow
22:33 < derpingit> the appliance is server based.. not client. correct?
22:33 < xamithan> Yeah
22:34 < brianx> catphish: had to test on port 35 because outbound 25 is blocked on my test client.  but netcat is working end to end from 3rd machine to debian to local firewall.  should only be a few more minutes to get the last of it set up.
22:34 < brianx> had to edit the rules to: iptables -t nat -D POSTROUTING -m tcp -p tcp -o eth0 -d 1.2.3.4 --dport 235 -j MASQUERADE and iptables -t nat -A PREROUTING  -p tcp -m tcp --dport 35 -j DNAT --to-destination 1.2.3.4:235 but they were so close that the last little bit was doable.
22:34 <+catphish> brianx: cool :)
22:34 < brianx> thank you again :)
22:36 < derpingit> here is my scenario so you'd know what i want to achieve.. i want to have a public wifi at the office and have ALL that traffic routed through torguard or nordvpn . in addition i would like very much to watch netflix from the US :) .. most providers have either openvpn configuration or ipsec but only site-to-site (not with credentials). hence why i want to run the openvpn heavy lifting trhough an intel to get the most out of the 200mbit pipe
22:36 < derpingit> pardon the n00bness
22:40 < brianx> most public vpn free or paid providers in the us are blocked by netflix.  i can't suggest which one, but a vps with a dedicated public ip in the us might be your only option for netflix from outside the us.
22:42 < brianx> so much for Ajit Pai's suggestion that we protect our privacy with a vpn service.  to add insult to injury, netflix sends your suggested shows in plain text, not encrypted.
22:43 < LWong> If you went out of the US for a few microseconds and used a non US wifi (hypothetically), is there a way for Netflix to know? Is it even possible to find my location for that period?
22:43 < brianx> not if you kept your us ip :-p
22:45 < brianx> i think the assumption that an address on their us whitelist is probably good enough for the studios who care about where you watch from.
22:47 < LWong> brianx: Okay forget Netflix, what about something like AT&T? Would they know it (that I was outside of the US for a few microseconds) if they were my ISP?
22:47 < brianx> lol: the person "chosen by Federal Communications Commission Chairman Ajit Pai to chair a broadband advisory group was arrested last week on charges of fraud."  this is a clear indication of the caliber of people at the fcc these days. :(
22:47 < lupine> geolocation based on IP connectivity data is dodgy as all hell
22:48 < lupine> don't use a company that uses it
22:48 < brianx> LWong: nope.  they see you as the cell tower you're connecting through.  if you're a mile outside the us, you might still reach a us tower.
22:48 < LWong> brianx: I suppose if Netflix became any more stricter with that, it would affect QoS massively.
22:48 < lupine> and if you're a mile inside the US, you might roam to a canadian or mexican tower
22:48 < brianx> you might.
22:48 < brianx> and get denied access to netflix.
22:48 < lupine> oh noes
22:48 < LWong> brianx: But if it was a non us tower? Would they know?
22:48 < lupine> however will we cope in such a dystopia?
22:48 < brianx> and monitored by the nsa instead of the fbi.
22:49 < brianx> of course they know which tower you're connected to.  when you change towers, most carriers change your ip.
22:51 < mtrnoobie> mtr is showing the path between two routers in the same city in north florida are going thru virginia
22:51 < mtrnoobie> this is strange right?
22:52 < brianx> nope, not at all.
22:52 < LWong> Yeah that's there but if I was connected to a us router, is there no way THE FBI! could know I left the country?
22:52 < UncleDrax> because that physical infrastructure goes back to a physical Central Office located physically in a different country.. so if your packets now orginate from that network, they could infer you are no longer in the US.
22:53 < UncleDrax> if you have a proxy in the US and just your side of the proxy changes, not the exit point of the proxy - correct, they would likely not know
22:53 < brianx> LWong: most carriers use the tower to assign you an ip.  when you change tower countries, you change ip countries.
22:54 < lupine> except for when you don't
22:54 < brianx> encrypted proxy.
22:54 < lupine> due to IP geolocation being mostly bunk
22:54 < brianx> IP geolocation should be pretty good at country.
22:54 < lupine> not IME
22:54 < derpingit> i already run all those things i want using openvpn :) ..
22:54 < electricmilk> IPV6 geolocation is a joke though
22:55 < lupine> it gets things wrong a serious minority of the time
22:55 < LWong> What if I don't change tower but country? Like I could stil connect to a US tower from right outside the border :)
22:55 < derpingit> but is to slow :/
22:55 <+catphish> afaik netflix just stream content based on your location, if you're in the USA, you get USA content, if you're in the UK you get UK content
22:55 <+catphish> so i don't undertsand the question, if you're out of the USA for a fraction of a second, you get some other country's library for that fraction of a second
22:55 < electricmilk> Why don't they just allow you to get content from all locations
22:56 < electricmilk> ?
22:56 < brianx> LWong: if you're in the us and connect to a foreign tower, the nsa is monitoring your ass.  if you're in another country but using a us tower, the fbi is monitoring your ass.
22:56 < tds> electricmilk: probably just licensing restrictions
22:56 <+catphish> electricmilk: because content is licenced on a per-region basis
22:56 < electricmilk> Ah lame
22:56 < UncleDrax> electricmilk: because the people that get money from selling/making content have different deals/rights in different countries
22:56 < brianx> exactly.  the studios license content differently in different places.
22:56 <+catphish> electricmilk: basically you make a TV program, then you let the highest bidder in each country stream it
22:56 < lupine> best just to ignore the licenses entirely
22:56 < lupine> pirate everything
22:56 < LWong> brianx: How does that even work? If I connect to a US tower from outside for a fraction of a second, FBI can know that?
22:57 <+catphish> so they might be netflix in the USA, and sky in the UK, etc
22:57 < electricmilk> I'm learning Spanish and would love access to more shows.  Netflix is pretty fantastic though for foreign languages. Its Hulu and Amazon prime Video that sucks.
22:57 < tds> iirc netflix block various address ranges as well (including he v6 tunnels)
22:57 < brianx> LWong: they're just monitoring all us towers.  they don't care if you're on one side of an arbitrary line or the other.
22:57 < electricmilk> lupine,  Seems like torrenting is pretty dead these days.  You pirate with streaming sites?
22:57 <+catphish> what happens if netflix don't know what country you're in? do they have global content? or is it a total block?
22:58 < electricmilk> I just find it easier to subscribe to streaming services after many years of pirating
22:58 <+catphish> loads of people pirate content with bittorrent
22:58 < lupine> torrenting isn't dead?
22:58 < LWong> brianx: What if I was always connected to the US tower, but I just happen to venture out and back in? Can they know I did that?
22:58 < lupine> I get lots of linux isos that way
22:58 < electricmilk> Let me rephrase
22:58 < LWong> I would assume that's important information for the FBI but how do they accomplish that?
22:58 < brianx> catphish: i assume they use a whitelist.  customers will bitch real fast for errors.
22:58 < lupine> don't use their service, it only encourages them
22:58 < electricmilk> Bittorrent sites with copyrighted material are pretty dead.
22:58 < brianx> LWong: your tower is your location.
22:58 < lupine> no they aren't
22:59 < LWong> If they triangulate my position by tower, I should still be in US according to them
22:59 < electricmilk> Bittorrent itsself is an awesome protocol
22:59 <+catphish> electricmilk: no they're not, thepiratebay, the biggest by far is still up
22:59 < lupine> I illegally downloaded and watched isle of dogs just today
22:59 < UncleDrax> not saying I do it, but I'm pretty sure torrenting is still alive and well, just locked behind walls. that said, UseNet remains best (as it has for 30 years) - but it's rare you find a ISP that still offers NNTP, let alone have retention needed for modern bin'ing
22:59 < electricmilk> catphish,  It seems like its down often though
22:59 < lupine> kids these days, I swear
22:59 < lupine> can't even steal effectively
22:59 <+catphish> i've seen it up a good 98%
22:59 < electricmilk> lol
22:59 <+catphish> it's up right now
22:59 < electricmilk> now last night
22:59 < electricmilk> *not
23:00 < LWong> brianx: Ah so they can't do it according to my geolocation but only according to the location of the tower I'm at?
23:00 <+catphish> tower?
23:01 < electricmilk> I'm just salty after downloading IT a while back and getting a warning email.  I used VPN to connect to PB, then used modern version of transmission with DHT blocked, forced encryption, had a HUGE block list, and random ports..
23:01 < electricmilk> How the hell did they catch me?
23:01 < UncleDrax> did you seed it for a second when you weren't VPNed?
23:01 < brianx> ip geolocation is crap.  i bet the fbi and nsa have pretty good lists differentiating us from non us, but if you're so close to the border that you get a cell tower and an ip from the other side, you're most likely considered on the side of the line that the tower is on.
23:02 <+catphish> electricmilk: you're clearly misunderstanding how they find people who download illegal torrents
23:02 < NeuterYourPet> same key
23:02 < electricmilk> UncleDrax,  Nah I doubt it.  Had the seed settings turned to WAY selfish...like 25%
23:02 < electricmilk> catphish,  How do they?
23:02 <+catphish> electricmilk: they literally just fire up a BT client on a PC and pull a list of IPs from the tracker
23:02 < electricmilk> those bastards
23:02 <+catphish> electricmilk: you didnt mask your IP, so you were in that list, simple
23:02 < evilbug> is it worth going for cat 7 to wire a house?
23:02 < UncleDrax> which is why you have to trust your tracker
23:02 <+catphish> evilbug: no
23:02 < electricmilk> This was from piratebay
23:02 < electricmilk> So what you guys use VPN
23:03 < electricmilk> ?
23:03 < Maarten> electricmilk, the only way that could have happened is.... 1) you disconnected from VPN even for a SPLIT SECOND and your non VPN IP address was visible for a hort time.... or 2) Your VPN provider snitched on you.
23:03 < evilbug> catphish: why?
23:03 < tds> electricmilk: I guess it's worth checking if the VPN has both v4 and v6, and if your local network does - if you connect to the tracker over v6 over your native network, but the vpn only has v4, you'll leak your address
23:03 < UncleDrax> evilbug: cat5e for 1 GigE would be sufficient for a house imo. unless you want to look at 10G-Cu
23:03 < evilbug> vpn should provide dns leak protection.
23:03 < evilbug> well i would be interested in 10gbps
23:03 < evilbug> but is it worth going 7 over 6?
23:03 < electricmilk> Wait wait...let me explain.  I didn't use VPN with torrent client
23:03 <+catphish> if you use bittorrent you have to publish a public IP, but who cares, it's not like that public IP personally identifies you
23:03 < electricmilk> Only with Piratebay
23:04 <+catphish> electricmilk: exactly, why did you bother>
23:04 <+catphish> *?
23:04 < electricmilk> catphish,  Because I don't have a decent VPN
23:04 < electricmilk> Would have been too slow for the download
23:05 <+catphish> as i said, who cares, the IP is just a way to route packets to your router, it doesn't personally identify you
23:05 < electricmilk> catphish,  ISP's still send warning emails and sometimes disable your internet till you call
23:05 < UncleDrax> US DMCA / Safe Habour regs
23:05 <+catphish> electricmilk: why would they do that? they're just risking you leaving
23:05 < electricmilk> I miss the good old aircrack-ng days :-p
23:05 < evilbug> also anyone recommend a powerful outdoor access point?
23:05 < UncleDrax> catphish: leaving to.. where? lack of choice in most of the US
23:06 <+catphish> what benefit does the ISP get from that?
23:06 < electricmilk> catphish,  To be fair I've never heard of anyone getting it permanently disabled
23:06 < evilbug> preferably bear-proof :D
23:06 < Maarten> electricmilk, well that is the reason right there. And get a VPN that supports port forwarding.... PIA does, and I easily get speeds of 150-200 Mbit/s in downloading torrents, sometimes faster. If you can't do port forwarding it could be pretty slow. PIA just issues a random port forward and all you have to do it jot that port in your torrent client. There are others though I don't advertise one over the other.
23:06 < electricmilk> Not getting sued?
23:06 <+catphish> unless you're in the USA where ISPs both have a monopoly and also sell TV
23:06 <+catphish> electricmilk: not getting sued by who?
23:06 <+catphish> it's not illegal to sell a dumb internet pipe
23:06 < electricmilk> MPAA
23:06 < electricmilk> Well why do they send the warning letters?
23:07 < electricmilk> and disable the internet until you call and promise you'll stop?
23:07 < evilbug> not that it's not possible but it's mostly uploaders that are screwed.
23:07 <+catphish> are you sure they're not just passing on abuse reports?
23:07 <+catphish> most ISPs will pass on abuse reports to end users
23:07 < electricmilk> I was always super careful not to seed
23:07 < evilbug> electricmilk: i mean more the original uploaders not everyone else.
23:07 <+catphish> electricmilk: sounds like you broke the law, don't do that :)
23:08 < Maarten> electricmilk, because that is all they can do.... they don't want to be sued by the "industry", (who are the ones supplying them with your IP and infraction), and in a court of law an IP address isn't a person, so they can only really bully the account holder in hopes the account holder deals with it.
23:08 < UncleDrax> catphish: my understanding - the ISP has to comply with Safe Habour guidelines to prevent them (the ISP) from becoming culpable for the content themselves. I believe most ISPs here forward the reports, but take no action unless you are a repeat offender
23:08 < evilbug> Maarten: how long you had your uaps for?
23:08 <+catphish> i don't know US law, i thought safe harbour was for publishers
23:08 < Maarten> evil maybe about a year now or so?
23:08 < electricmilk> Meh I stopped downloading..I was tempted last night though
23:08 < UncleDrax> catphish: it also applies to ISPs and other 'middle men' types
23:09 < Maarten> As for torrenting, I use a dedicated VM on my ESXi server, permanently connected to VPN with a port forward.... works just fine for anything on public trackers.
23:09 <+catphish> so ISPs in the USA are required to take steps not to retransmit copyrighted content without permission? sounds annoying if true
23:09 < evilbug> Maarten: meh, not very long. do you have any recommendations for an outdoor ap?
23:10 < electricmilk> Maarten,  Ah that's pretty cool
23:10 < UncleDrax> catphish: nah, Safe Habour provision says we (US ISPs) have to take reasonable steps to forward complaints from the rights owner to a subscriber
23:10 < UncleDrax> we don't have to block it or examine it
23:10 <+catphish> UncleDrax: oh ok, well that's easy enough then
23:10 < UncleDrax> some ISPs do just to lighten administrative load or de-incentivize end users
23:10 <+catphish> UncleDrax: i'd aways do that anyway, seems polite
23:11 < UncleDrax> yeap
23:11 < Maarten> evilbug, nope, in my use case 100 Mbps or so is more than enough, and I get that on my entire property and even across the street I get 50+ Mbps on my phone.... so no need. I don't need the full gig of my internet everwhere, if I need that I would go to one of my wired PCs :)
23:11 < tds> I'd be interested in how ISPs doing CGN handle torrenting and abuse - I'd guess that the huge number of connections would cause quite a bit of extra demand on whatever logging of port mapping they're doing, unless they map each customer to a static range of ports?
23:11 <+catphish> i also assume that some US ISPs are also media distributors and have an interest in encouraging users to subscribe to their TV channels
23:11 < UncleDrax> but I think there's other weird language.. IANAL
23:11 < UncleDrax> tds: they log the NAT/PAT tables
23:12 <+catphish> logging NAT tables is actually an insane amount of data, i tried it once
23:12 < tds> yeah, that was what I expected, it just seems like it would cause a lot of issues with the large number of connections torrenting makes
23:12 <+catphish> i'm amazed many people bother
23:12 < UncleDrax> catphish: don't need to assume.. it's just true. those are usually BIG orgs though so left-hand-right-hand
23:12 < Maarten> I stopped paying for cable a LONG time ago, its pretty much a ripoff..... and to paraphrase Pink Floyd, 150 channels of shit to choose from - although it was 13 in the song ;)
23:12 < tds> I feel like a static mapping to a range of ports might make more sense, though I guess it reduces the number of end users you can put behind one v4 address?
23:12 < UncleDrax> we're not doing CGNAT today, but we also need/want to do it for CALEA type compliance (ie: search warrent junk)
23:13 <+catphish> i only use netflix these days, they seem way better value than local TV networks
23:13 < electricmilk> The only thing I'm tempted to pirate these days is really expensive training courses
23:13 <+catphish> electricmilk: well don't
23:13 <+catphish> piracy is illegal and immoral
23:13 < electricmilk> Which torrent sites don't seem to have anymore anyways
23:13 < UncleDrax> many content publishers also make thier stuff available online.. BBC does it (but they are different because..) but the major US networks to it too
23:14 < tds> I think I'm still in the stupid situation where I'm only allowed to watch tv if I'm on a laptop that's unplugged :P
23:14 < lupine> electricmilk: get a better ISP
23:14 < lupine> mine refuses to pass on such notices, and operates a legal structure by which it can legitimately do so
23:14 <+catphish> i'm not allowed to watch content from BBC, illegal here
23:14 < Maarten> I have Netflix, Amazon and Hulu. Suits me fine for 90% of the content. The stuff I do pirate is mostly stuff from the UK, Canada, Australia and Netherlands that isn't legally available in the USA.
23:14 < evilbug> Maarten: ooohh 100mbps, ok. actually that's decent. again, the property i'm looking at is in an area where verizon offers the only cell service so i'd be relying on wifi calling since i'm not with them.
23:14 < lupine> catphish: illegal, sort of, in some countries
23:14 < lupine> immoral, nope
23:14 < electricmilk> meh. I think I'll just stick to Netflix, Hulu, Amazon, and Youtube
23:15 < electricmilk> For music I just use Youtube and Pandora Premium
23:15 <+catphish> lupine: illegal in all countries that subscribe to berne convention, which afaik is all of them
23:15 < lupine> catphish: not the case
23:15 < electricmilk> I'm not a big movie buff but if something comes out I REALLY want to see I can go to theatres with friends
23:15 < lupine> consider spain
23:15 < Maarten> evilbug, you only need a few Mbit/s for wifi calling though..... and Verizon does have a solution for that, they have LTE access points that essentially turns your house into a small LTE mast :P
23:15 <+catphish> lupine: go on
23:15 < spaces> windows has some real update issues since februari
23:15 < evilbug> Maarten: any good reason to go cat 7 over 6 for 10gbps home networking? from where i'm looking to place the switch i don't think any ethernet outlet will be more than 100 feet away.
23:16 < spaces> I thought I had it fixed
23:16 < evilbug> Maarten: i'd like to stay away from verizon, thank you very much :)
23:16 <+catphish> lupine: copyright law doesn't apply in spain?
23:16 < evilbug> Maarten: plus the iphone supports wifi calling so i'm good.
23:16 < spaces> evilbug cat7 over cat6 ?
23:16 < evilbug> spaces: yes.
23:16 < spaces> evilbug how would you do that ?
23:17 < evilbug> i mean "instead".
23:17 < lupine> much more leniently than it does in, say, the uk
23:17 < spaces> :)
23:17 < evilbug> 7 instead of 6.
23:17 < spaces> cat6 is allright
23:17 < spaces> for 10G you would be using fibre anyways
23:17 < lupine> in particular, making and sharing copies is generally legally if there's no profit motive. I forget the exact details
23:17 < Maarten> catphish, downloading is not illegal in all countries. UPloading is, as you are distributing material without consent of the creator.... but there are countries (among which I believe Sweden, Switserland, possibly Netherlands) where if you OWN the product and have paid for it, you are allowed to download a copy under some provision that allows people to make a copy of something as long as it stays in their home, or something funky like that.
23:17 < evilbug> cat 6 supports 10gbps up to about 180 feet/55 meters.
23:17 <+catphish> lupine: i'm struggling to believe that
23:17 < lupine> but the legality is of very little interest, given the unenforceability of the provisions in countries where it is illegal anyway
23:17 < spaces> Maarten in Dutchland downloading is illegal now as well ;)
23:18 < lupine> what actually matters is the morality, and piracy is clearly moral
23:18 < Maarten> spaces, ah.... I haven't lived there in quite some time :)
23:18 < spaces> Maarten happy, where do you live now ?
23:18 <+catphish> Maarten: what's illegal is making a copy of a copyright work, usually in the case of the internet it's the server (uploader) that's considered to be making the copy
23:18 < Maarten> California, USA
23:18 < spaces> Maarten that's better ?
23:18 <+catphish> Maarten: but obviously if you download something then copy it, that's illegal too
23:19 < evilbug> america is best.
23:19 < evilbug> #america
23:19  * spaces always experiences slow USB speeds because he dislikes to pay a lot of usb disks/stick that say they are fast and at the end are not 
23:19 <+catphish> at its most basic copyright law is simple and universal, you can't make a copy of an original work without the author's permission
23:19 < spaces> evilbug you want to have some pee intervention with Trump ?
23:19 < evilbug> Maarten: why esxi instead of kvm?
23:20 < evilbug> spaces: i'm a patriot, i drink budweiser.
23:20 < Maarten> catphish, yeah there is some grey areas there in the law.... in some countries the burden of proof lays with the owner of the copyright, and since an IP address isn't a person, and you are actually legally allowed to have a full open access point, downloading anything becomes a crime that is almost impossible to connect to a person.
23:20 <+catphish> many countries have exceptions for fair use, but sharing is afaik never fair use
23:20 < spaces> evilbug Budweiser is nice!
23:20 <+catphish> Maarten: the burden of proof *always* lies with the person making the complaint
23:20 < evilbug> spaces: #america
23:20 < Maarten> evilbug, because I am trained in VMWare (from a professional level), run many hundreds of VM's on it at work..... and I am simply a lot more familiar with it.
23:21 < spaces> Maarten try oVirt!
23:21 < UncleDrax> Budweiser? for proud loyal Belgian citizens?
23:21 < lupine> IME esxi is great if you want to lose a lot of data
23:21 < lupine> also if you happen to have the very limited hardware it supports
23:21 < Maarten> ESXi 6.7 seems to be running mighty fine on my home server..... :)
23:21 < evilbug> Maarten: ah. i'm definitely a fan of vmware workstation over other options but server-wise i'd go kvm especially due to cost.
23:21 < lupine> kvm uber alles
23:22 < spaces> oVirt!!
23:22 < Maarten> evilbug, ESXi has a free version, which is what I use at home. I have some familiarity with KVM, as Nutanix Acropolis is based on it, and I am running that in several datacenters now.
23:22 < spaces> my external disks are slow as shit
23:22 < evilbug> in terms of running a desktop gui vmware is much smoother than virtualbox.
23:22 < UncleDrax> the number of KVM-turnkey server solutions is growing.. that's a good thing. that said, I'm currently moving from VMware->Ganeti/KVM
23:22 < evilbug> Maarten: ah, gotcha.
23:22 < UncleDrax> but that's mostly $ reasons
23:23 < evilbug> digital ocean is running kvm and their on top things.
23:23 < evilbug> they're **
23:23 < tds> UncleDrax: Ganeti looks interesting - does that sit on top of libvirt/similar, or tie directly into kvm/qemu?
23:24 < UncleDrax> tds: Ganeti is your cluster-of-KVM nodes management.. sorta like ESXi vs vSphere in VMWare
23:24 < UncleDrax> but imo, Service providers will usually lean towards cheap/FOSS software solutions since they need to push down costs
23:25 < UncleDrax> vs Enterprise is largely is a giant overhead to an org
23:25 < UncleDrax> (as to why DigiOcean is running KVM)
23:25 < tds> ah, just found some slides on it, "started before libvirt" so I guess that explains that one ;)
23:25 <+catphish> Maarten: an expert could testify in court that an IP address is proof that someone at a property was responsible for an activity, IMO (IANAL) it would be impractical to sue someone for aleged copyright infringement based on that alone
23:26 < evilbug> ok, looks like cat 6a is gonna be the winner.
23:26 < UncleDrax> catphish: true, but contractually, a Person signed a contract for the service. and one could argue that person is responsible for that service.
23:27 < Maarten> catphish, they really can't convict anyone based on being the account holder of an IP address..... it would be end of free airport, hotel, coffeeshop, or anywhere wifi.
23:27 <+catphish> UncleDrax: you could argue that, but afaik only german law brings such responsibility
23:27 < UncleDrax> catphish: they tried it here in the US.. there were stories for a while (yearssss ago) about little olde ladies being dragged into court
23:27 <+catphish> Maarten: in germany i believe ISPs are responsible for identifying the end user, but not the rest of the world
23:28 <+catphish> UncleDrax: i believe in the USA some people were successfully sued because they testified in court that their children did it
23:28 < UncleDrax> ha.. why the hell would you admit that?!
23:28 < UncleDrax> silly people
23:28 <+catphish> i guess they got crappy legal advice
23:29 <+catphish> i don't know the details though, i may be talking nonsense
23:29 < Maarten> catphish, German ISP's can identify the account holder attached the IP address, but the account holder may not be the offender. Would you just go and pay a hefty fine because you let your friend on your wifi network with his laptop.... and for a mere 5 minutes he didn't disable his torrent and uploaded parts of a popular movie?
23:29 < UncleDrax> 'my child did it'.. 'so your child, that youa re legally responsible for did it?' 'yes'. 'ok then, we will charge you'
23:29 < evilbug> that's why it's sensible to run a vpn at the router level ;)
23:29 < evilbug> get that pfsense going on.
23:30 <+catphish> Maarten: first, you have to realise that if you have a home network, and let people use it, you *are* an ISP
23:30 < Maarten> UncleDrax, "I have a coffee shop, it must have been one of my THOUSANDS of customers". - If ANY court convicts the coffeeshop holder, it would be the end of free wifi everywhere.
23:30 <+catphish> Maarten: and in germany, i believe, though i don't know the details, that all ISPs are responsible for identifying end users
23:30 < UncleDrax> Maarten: agreed, but also as Cat said, now you're an ISP
23:30 < evilbug> irl though having a separate guest network isn't a bad idea.
23:31 <+catphish> Maarten: afaik coffeeshop wifi withut login isn't a think in germany
23:31 < evilbug> have that shit routed permanently through a vpn.
23:31 <+catphish> but maybe someone from germany knows the details better
23:31 < UncleDrax> also most coffeeshop wifi is crap, so trying to DL a 1080p rip of whatever-latest-movie-is prob won't cut it
23:31 < evilbug> UncleDrax: yeah but all the authorities care about is the ip showing up.
23:32 < UncleDrax> and at the cafes i've been to, they usually try and filter out that sorta stuff just to keep it usable for other patrons
23:32 <+catphish> depends on the coffeeshop, plenty here just buy a residential 80Mbit connection and open it up for whatever
23:32 < UncleDrax> true
23:32 <+catphish> for a large chain, they may have something more restrictive
23:32 < UncleDrax> yeap, prob dedicated IT staff too
23:32 <+catphish> kinda depends on your country's attitude to liability :)
23:32 < Maarten> UncleDrax, that's not the point.... students have torrent clients running all the time. They may just be there for a cup of coffee and a book study..... and forgot it is still uploading stuff from your system tray. Even uploading mere SECONDS of a movie is a crime.... and can trigger a "warning" letter - or worse.
23:33 < evilbug> Maarten: have you run cable through your house and if so how much did it cost?
23:33 < lupine> GASP
23:33 < lupine> get a better isp
23:33 < lupine> it's not that hard
23:33 < evilbug> lupine: :|
23:33 < Maarten> evilbug, I did it myself. I have a crawlspace under the house.
23:33 < evilbug> lupine: you clearly aren't in america.
23:33 < lupine> right, if I were, I'd have moved long ago
23:33 <+catphish> USA has pretty nasty ISP monopolies
23:33 <+catphish> i fear my country may go that way too
23:34 < evilbug> all of you must stop speaking ill of the greatest country in the universe. ty
23:34 < lupine> .eu has mostly protected us against that kind of thing
23:34 < lupine> although most ISPs are still absolute trash
23:34 <+catphish> but we won't have ISP monopolies with TV monopolies at least
23:34 < lupine> capitalism is like that
23:34 < Maarten> I live in the USA. It is NOT the greatest country in.... well.... most things, besides gun ownership, school shootings and military power. ;)
23:34 <+catphish> TV here already has monopolies separate from ISPs :)
23:34 < UncleDrax> Maarten: true re: warnings. good question though, what do most Small Bizs do with DMCA Compaints.. I know a few of my customers freak-out and call us wanting to know what to do.. but most we never hear from
23:34 < evilbug> Maarten: difficult? i actually don't have any experience cutting walls and stuff.
23:35 < lupine> with a couple of simple steps you can simply blackhole them all
23:35 < evilbug> or i think i might need to run cables through existing walls :/ might want to have a contractor do it.
23:36 <+catphish> i replied to a complaint letter once, i explained that i didn't know who did the illegal uploading, but also told them the content in question wasn't available via any legal channel in my country
23:36 < Maarten> evilbug, I went under the house. Identified the wall I wanted a port into. Drilled straight UP into the wall. Then stuck a cable through the hole so its in the wall. Cut out a electrical outlet sized hole in the wall with a drywall saw. Inserted a box, hooked wire to plate, screwed on the plate, and done..... Best to cut the hole right next to a stud to mount the box.
23:36 <+catphish> they ignored me, but i hope they took it on board, they seem to have improved now with regard to global rights
23:37 < Maarten> catphish, I have had one complaint letter a long time ago. I pretty much ignored it. Was a different ISP anyways. That's when I just built a dedicated torrent VM with permanent VPN, and called it a day.
23:37 < UncleDrax> evilbug: Maarten if you're doing data, you can get low-voltage retrofit gang boxes (really just a plastic frame you can screw a faceplate to). Can't speak to Cali blfg code, but here it's fine for low-voltage.
23:38 <+catphish> i just read about copyright law in spain, wikipedia claims: "The law explicitly allows to make private copies of copyrighted work without the author's consent for published works if the copy is not for commercial use"
23:38 < Maarten> UncleDrax, I got the blue boxes. Not really needed for CAT cabling, but whatever.... they were cheap :P
23:38 < UncleDrax> the low-volt retro 'gang boxes' just clamp onto your drywall, so you can do it away from a stud
23:38 <+catphish> so there is essentially no copyright law for "sharing" in spain, mad
23:38 <+catphish> "To compensate authors, the law establishes a compensatory tax associated with certain recording media (CDs, DVDs, cassettes)"
23:39 <+catphish> i never knew that, i guess that exception was made before the internet!
23:39 < tds> hmm, so do you have to pay that tax if you're burning backups to DVDs?
23:39 <+catphish> tds: yes
23:39 < Maarten> catphish, that means you can copy for personal use.... it does NOT mean you can spread using torrents to the rest of the world though. There are other countries with similar laws where this "home copy" is a grey area when it comes to "making the copy" using something that doesn't upload, such as usenet (or a strictly configured torrent client).
23:40 <+catphish> tds: but who cares, you can download copyright material from torrents at will and make as many copies as you like for your friends legally :D
23:40 < tds> heh
23:40 <+catphish> Maarten: no, it says "non commercial", it seems as long as you don't have commercial intent, you're good
23:40 < Maarten> catphish, those exceptions were typically made when CD-R's were a thing, and people wanted copies for the car. (Which I used to do all the time, because the California sun can be MURDEROUS to CD's.....
23:41 <+catphish> Maarten: exactly, the law was written without regard for the consequences of the internet
23:42 <+catphish> but at face value, it would seem that all non commercial sharing is ok there
23:43 < Maarten> well.... the internet is 25+ years old (as a consumer product) - I remember when I got my first "cable modem" (a proprietary system) back in 1996 and half the town was running FTP servers, and the other half had Windows 95 with open shares to the world, and no block on SMB ports.... :D - Them were the days of copying shit from all sorts of places :D
23:43 <+catphish> i'm just reading wikipedia :)
23:44 <+catphish> in any case, there's certainly an argument that creators should be compensated
23:44 <+catphish> but you could argue all day about who should set the levels of such compensation
23:45 < lupine> sure, but market-based compensation is literally the worst option
23:45 < lupine> piracy is at least 10x better
23:45 <+catphish> piracy would appear not to lead to any compensation except by the author doing other work
23:48 < Maarten> the reality is that piracy isn't going to be stopped.... the industry has poured millions if not billions of dollars in trying to prevent it, and have had no success. The key into minimizing piracy is to not make it so difficult for people to watch thing. Example, if you forgot to DVR something, you are typically out of luck as the big networks aren't repeating the same prime time show any time soon. If you have a DVR and switch providers, you
23:48 < Maarten> can't keep your recordings. The industry makes it deliberately hard for people to watch their content, and piracy is SO easy these days, it is often used to make those things happen.
23:49 < FrostCyborg> been scratching my head over this... problem with wearing too many hats :(... HP 3810M x2 in basic stack.  Only configs on switch is STP enabled and VLANs assigned to ports, plus switch IP assigned on the VLANs, very simple keeping it layer 3, just need 10Gb for VM hosts and storage.  Ports are showing up, show connected, but won't respond on ping and won't forward/pass traffic.  What's the best way to troubleshoot that without
23:49 < FrostCyborg>  bouncing the switch?
23:49 < Maarten> The answer in solving piracy has to start with more flexibility in content ownership and/or watching by the industry.... because as long as they restrict it in all manner of ways to make it unfriendly to watch, piracy will continue to flourish.
23:49 < qman__> market-based compensation is the best way human kind has ever come up with
23:50 < FrostCyborg> keeping it layer 2 NOT layer 3
23:50 < qman__> It's not perfect, but all the other ways have proven worse
23:56 < djph> qman__: market-bas... you ean like "$1" isn't "1 EUR"
23:57 < Panda_Dub> Hi, is there any vulnerability to a switch layer3 be the first equipament to receive the wan link?
23:57 < qman__> No, I mean selling things earns what people are willing to pay
23:58 < djph> oh, right
23:58 < qman__> ratjer than fixed prices
23:58 < djph> Panda_Dub: sure
23:58 < electricmilk> Panda_Dub,  I mean what prevents a layer 3 switch from being the device that handles the WAN link?
23:59 < Panda_Dub> djph, how come? The bgp is in a router behind this switch, I was wondering if there is any vulnerability in that
23:59 < djph> Panda_Dub: well, if you're a retard, and make it accessible from "the internet"
23:59 < Panda_Dub> electricmilk, this layer3 switch isn't the bgp session device
--- Log closed Wed May 30 00:00:37 2018