--- Log opened Wed Jun 06 00:00:46 2018
00:30 < drac_boy> hi
03:29 < Rayben>  twelve Olympians of twelve gods
03:29 < Rayben> The twelve astrological signs of the zodiac
03:29 < Rayben> The Twelve Labours of Heracles
03:29 < Rayben> Twelve Heavenly Generals or Twelve Divine Generals
03:33 < compdoc> six of that or half dozen of another
03:40 < dogbert_2> hey compdoc
03:41 < compdoc> howdy
03:43 < dogbert_2> whazzup?
03:43 < compdoc> learning samba
03:43 < compdoc> you?
03:44 < dogbert_2> heh..too much w3rk
03:45 < dogbert_2> and writing bad reviews at various places that I've eaten at here locally
03:45 < compdoc> heh
03:45 < compdoc> will they know it was you?
03:46  * dogbert_2 shrugs...it seems as if service has gone in the toilet anymore, and I tip pretty good
03:47 < dogbert_2> I've tipped up to 100% on a given meal
03:48 < hagbard> I've tipped 200% of the bill, but that's because the bartender wasn't really recording what drinks we ordered very carefully. I don't know if it was intentional or not, but I felt better paying for the drinks we drank.
03:48 < hagbard> Then again, I think she was also drinking on the job and/or didn't care.
03:49 < hagbard> the drinks were great, though.
03:49 < dogbert_2> LOLZ
03:49 < dogbert_2> well, it's pretty bad in a lot of places, and I live in Vegas
03:49 < spaces> dogbert_2 trying to get rich ?
03:51 < dogbert_2> naww...just hate bad service is all...
03:51 < EchelonX> Hey guys
03:51 < spaces> yeah me too but I mean @ vegas :P
03:52 < spaces> aren't you getting tired there because of all money people ?
03:53 < EchelonX> I have a question about my home network configuration
03:54 < EchelonX> My setup uses an old desktop with a PCI Dual Gigabit Ethernet Nat Card, Running Arch32, as a router.
03:54 < EchelonX> But there is a problem...
03:55 < EchelonX> Under high load....
03:55 < EchelonX> Say, nice servers or torrents
03:56 < EchelonX> I have trouble creating and maintaining additional stable connections
03:56 < dogbert_2> probably needs tuning...
03:58 < EchelonX> I'm sure it's some priority given to the first socket connection or something, but I need a way to trace down where the bottleneck is and then how to prioritize distribution of bandwidth across them
03:58 < EchelonX> Do you have any guidance on where/how to start?
03:59 < dogbert_2> not really, I haven't used a linux box for a router in more than 8-10 years
04:00 < EchelonX> Well...I'm not even sure if I can blame the box.  Could it be the way the ISP is handling the connections?
04:00 < EchelonX> Unfortunately, I'm not a network expert
04:02 < EchelonX> I say this because I had a similar problem with the Cisco 2621 I used to use before I switched to the Linux PC
04:02 < EchelonX> That's one of the reasons I switched
04:02 < EchelonX> I figured the 20 year old router was the bottleneck lol
04:03 < EchelonX> Those things are bricks
04:03 < EchelonX> They just run and run
04:05 < dogbert_2> possible...
04:05 < EchelonX> Actually, now that I think back, I'm fairly sure that was at least part of the problem.  Because under load, it would not accept a telnet connection from the local internet.
04:05 < EchelonX> *network
04:05 < hagbard> Aren't 2621's from the bronze age?
04:05 < dogbert_2> EchelonX...you'd be better off getting a dedicated device (a consumer router from Netgear, D-Link, Buffalo, etc)
04:06 < dogbert_2> what are you using for a internet connection?
04:06 < EchelonX> You can hate, but I'll trust them over a consumer grade plastic box any day
04:06 < EchelonX> I gave up of those after they would go out after a year
04:07 < EchelonX> Each new one, lasted a shorter amount of time than the last
04:08 < dogbert_2> I have an Arris Surfboard SB6183 and a D-Link AC1750
04:08 < EchelonX> But since I run a custom DNS server for the local network, I would still have to have a 2nd device.  Even if it was a RPI.  If I switched to a new traditional home device
04:09 < DoctorDick> Build a pfsense box
04:10 < EchelonX> Hahaha
04:10 < EchelonX> Those are all the hype in the tech circles I hear
04:11 < dogbert_2> yeah, pfsense might do the trick in this case
04:11 < EchelonX> You guys might also get a kick out of the fact that I am also using an Cisco Aironet 1200 as an AP
04:11 < dogbert_2> man, that's pretty old
04:11 < EchelonX> haha
04:12 < EchelonX> I'm telling you guys.  This old business equipment lasts
04:12 < EchelonX> It just might not support the latest standards and speeds
04:13 < Kingrat> like wpa2
04:13 < EchelonX> Let me double check Kingrat
04:13 < tds> I'm not familiar with arch but I do run linux routers - assuming you're doing firewalling and/or nat, you might want to look at the max number of entries conntrack is set to record
04:14 < tds> since torrenting will generally open a large number of connections at once
04:14 < EchelonX> Actually, it does support WPA2
04:14 < EchelonX> My network is WPA2-PSK
04:14 < EchelonX> But it only supports 54Mbps
04:15 < Kingrat> wow, not bad then
04:15 < EchelonX> I'll look into that now tds
04:15 < EchelonX> Hang on
04:15 < dogbert_2> u can tune some kernel params with sysctl
04:15 < Kingrat> i figured itd be regular wpa at best
04:16 < dogbert_2> yeah, but probably won't be able to do WPA3 unless they put out a firmware update
04:16 < EchelonX> You know those Torrent firmware images
04:16 < EchelonX> lol
04:16 < EchelonX> Just about the only way to get updates as a consumer
04:16 < EchelonX> haha
04:17 < EchelonX> That was the problem with the 2621.  Didn't have enough ram to run the newer images
04:17 < tds> oh actually, what do you mean by "high load... Say, nice servers"?
04:17 < EchelonX> Ran out of space during decompression
04:17 < tds> I wouldn't expect servers to generate a load of sessions like that, unless you're running something relatively high traffic or torrenting or something
04:17 < EchelonX> Like...Game downloads...
04:18 < EchelonX> Or popular torrents
04:18 < EchelonX> Right now the "AMD64 Debian Stable iso" Torrent download is causing my music streaming to buffer
04:19 < EchelonX> Running about 4Mbps
04:19 < EchelonX> Trouble is, the first connection seems to get priority (speed)
04:19 < EchelonX> The other drop
04:19 < EchelonX> timeout
04:19 < EchelonX> Or barely run
04:20 < Kingrat> you need some type of fair queue, like cake or pie if you want simple
04:21 < EchelonX> Interesting
04:22 < EchelonX> Let me put a bandwidth limit on my bittorrent client so I can look that up lol
04:22 < EchelonX> one sec
04:28 < EchelonX> Kingrat
04:29 < EchelonX> I think Network Traffic Control (tc, the linux kernel network scheduler, etc...) is what I need to look into
04:29 < EchelonX> Thank you for the suggestion
04:29 < EchelonX> I'll have to start doing some reading now
04:29 < Kingrat> yeah you will be using tc and marking packets with iptables most likely
04:30 < Kingrat> been a long time since i did it manually in linux, back then htb was the most advanced queue
04:32 < EchelonX> Well i'll hope there has been some progress on it
04:32 < EchelonX> lol
04:32 < EchelonX> Thanks again
04:35 < EchelonX> And thanks everyone who contributed
04:35 < EchelonX> Have a great night everyone
04:35 < EchelonX> :)
04:41 < Rayben> Castor and Pollux
04:41 < Rayben> Dioscuri
04:41 < Rayben> Romulus and Remus
04:41 < Rayben> Trojan War
04:43 < spaces> dogbert_2 is Vegas only city or do you have areas there where you don't see the strip at all ?
04:44 < Raybin> Castor and Pollux
04:44 < Raybin> Dioscuri
04:44 < Raybin> Romulus and Remus
04:44 < dogbert_2> you can see the strip from most areas, not all
04:44 < Raybin> Trojan War
04:46 < spaces> dogbert_2 but do you have these rampeage tourists there as well ? so I mean can you actually live there a normal life as well ?
04:47 < dogbert_2> yeah...it's like any other place...
04:48 < spaces> ok, soundsw good
05:05 < spaces> dogbert_2 how often do you visit that strip when you live there ?
05:07 < dogbert_2> I don't...with the rise of paid parking, I rarely go on the strip at all
05:08 < spaces> yeah that wil be expensive I uess
05:08 < spaces> guess
05:20 < sielicki> there's a gentleman in my ham radio club that is pushing 90+ years old, and at the last meeting he expressed frustration at not being able to hear anything. He has hearing aids, but they can only do so much in a large room.
05:21 < sielicki> He's offered to buy something for the group so that he could listen, some kind of microphone, but it's a bother to setup and pass a microphone so it ultimately doesn't happen
05:21 < sielicki> I was thinking it would be really simple for me to make a smartphone app that records from the mic and could relay it to a device that he could use with a pair of earbuds.
05:21 < Epic|> See if his hearing aids have Bluetooth
05:22 < sielicki> I'm thinking about the networking side of this and how I can get this done. Android doesn't have support for 802.11s so that's out. Bluetooth is a thought, but I think it's also not as well developed.
05:22 < sielicki> Well what would be really great is if everyone in the room could use the same app, and he could pick and choose from a list of who he wants to listen to.
05:22 < sielicki> Conversation goes around the room pretty easily.
05:23 < Epic|> A guy I worked with wore a mic with good processing and sensitivity on a cord around his neck for noisy environments
05:23 < Epic|> That send audio over Bluetooth to his hearing aids
05:23 < Epic|> Also worked with his tablet
05:24 < sielicki> Practically, that might be the best solution. But I'm wondering, assuming you wanted to go forward with this smartphone idea, what am I missing about 802.11n/ac that would make this possible or impossible?
05:26 < sielicki> if you had a single AP and 16+ clients all trying to stream opus to a multicast group, where one select device was subscribing to the groups, what happens with carrier-sense-multiple-access?
05:26 < sielicki> to separate multicast groups, one per phone, let's say.
05:27 < sielicki> in practice, you just end up with horrible issues, no? I mean we're not talking about a ton of data but I can't imagine that without something much more concerted in terms of organization of time slots and who-goes-when, you're just going to have chaos, yeah?
05:27 < Spice_Boy> you can pump a fair bit of data through wifi if done right
05:27 < Spice_Boy> and if it's only 16 audio streams, shouldn't be hard
05:28 < Spice_Boy> if you're going multicast though, you'll want an AP that can convert it to unicast in the air
05:28 < hagbard> say whaaaaat?
05:28 < Epic|> You'll want something that handles airtime fairness like a baus
05:29 < Epic|> (psst... Ruckus)
05:29 < hagbard> convert multicast to unicast in the air? like, with a magic wand?
05:29 < Spice_Boy> no, with multicast to unicast function like an Aruba AP does
05:29 < precise> lol
05:29 < precise> The shit I see scrolling through chans
05:29 < precise> hagbard: ++
05:29  * hagbard bows.
05:31 < sielicki> Spice_Boy: the issue isn't just pushing 16 audio streams to one device, but moreso inputting 16 streams via 802.11n.
05:31 < Spice_Boy> still, what's your overall bandwidth?
05:31 < hagbard> sielicki: The shocking thing is that a HAM isn't considering just using, "a radio."
05:32 < sielicki> Epic|: Airtime fairness usually refers to an AP TX'ing rather than deciding when to input, right? as I understand it (which isn't saying much), clients just naively look for a carrier and if they see it, they wait for it to go away before they go
05:32 < sielicki> if you put 20+ phones all trying to do that, and it's very latency sensitive considering we're talking about a sort of hearing aid, can it really work out?
05:32 < sielicki> I'm fully willing to believe I'm just underestimating modern wireless access points, but i'm skeptical.
05:33 < sielicki> modern wireless PHYs, I should say.
05:33 < Spice_Boy> I can do multicast video (to unicast in the air) of multiple channels at once, and compared to a wired one running next to them, there's no visible delay
05:33 < sielicki> hagbard: have to identify every 10 minutes, and you can't cuss. :S
05:33 < hagbard> Well, whatever devices are recording, packetizing, and transmitting should absolutely have some form of push to talk or, at minimum, a squelch. There's no value in transmitting silence and background noise.
05:34 < Spice_Boy> so yeah it can be done, if done right though
05:34 < hagbard> sielicki: You can on unlicensed spectrum. I'm a ham, btw. KD8LVZ.
05:35 < hagbard> sielicki: Personally, I'd approach the problem by having the devices all stream to a single, master device, which could well still be a phone. That master device chooses which one, if any, of the input streams shall be rebroadcasted out.
05:35 < hagbard> This prevents people from talking over each other.
05:35 < hagbard> It's also how a master selector in a trunked repeater system works.
05:37 < hagbard> As to latency, anything digital, packetized, and processed will have orders of magnitude more delay than just analog FM.
05:38 < hagbard> But if the programmer is concientous and careful to keep queue sizes and buffering short and small, I don't imagine the delay/latency would be an issue.
05:38 < sielicki> hagbard: but strictly on the question of having the devices all stream to a single master device, you wouldn't expect issues with "airtime fairness" in terms of all these clients talking to a single AP without some sort of coordination better than CSMA/CA?
05:38 < hagbard> Btw, I'd suggest you ask the guys on #hamwan.
05:38 < sielicki> W9NLS here by the way.
05:38 < hagbard> sielicki: RTS all the way.
05:39 < hagbard> sielicki: Also, I do believe the 802.11n multimedia QOS parameters are meant for a situation very much like this?
05:39 < hagbard> Don't forget that voice is a trivial, almost insignificant amount of data.
05:39 < sielicki> I found a paper earler about research into hearing aids and what sort of delay is acceptable for hearing aids, from the ADA of all people, and 25ms was self reported as unnoticeable in their study..
05:40 < hagbard> Also, airtime fairness, I'm almost certain relates to how an AP distributes transmission timeslots to clients using different modulations. An 802.11N client can transmit way more information per unit time than an 802.11B client.
05:40 < sielicki> Opus can be as low as 2.5ms, as high as 22ms, but still probably very usable from an encoding perspective.
05:41 < hagbard> if 2.5ms is too extreme, the SBC codec used in the bluetooth A2DP profile should have much less encoding overhead.
05:42 < hagbard> Don't forget, for speech, you only need 8kHz of bandwidth.
05:43 < hagbard> Has the gentleman consider using a directional microphone and a portable headphone amplifier?
05:43 < hagbard> *considered
05:44 < hagbard> sielicki: Oh, one last point. Audio uses such a trivial amount of bandwidth, especially at 8kHz mono, that I wouldn't worry about CSMA issues.
05:45 < hagbard> 8kHz sampling rate, 2 bytes per sample, uncompressed is only 16kB. Even if all 16 clients are streaming simultaneously, that's only 256kB/s of data.
05:47 < sielicki> I am out of my element here, I need to read more about just how 802.11 works. I definitely appreciate how little data is ultimately coming through, it's really a question of worst-case latency for any particular stream.
05:48 < sielicki> I wish I had 20+ devices next to me, where I could just TIAS
05:48 < hagbard> Talk in a Sack?
05:48 < sielicki> Try it and see
05:48 < hagbard> Oh, right.
05:48 < sielicki> :S
05:48 < hagbard> Think of it from a perspective of channel capacity.
05:49 < sielicki> The whole idea of how multicast works on wireless has always been a little bit fuzzy to me.
05:49 < hagbard> Let's assume, for a moment, that your ham club meetings are happening somewhere without ridiculous RF interference or any extraordinary conditions.
05:49 < hagbard> Oh, I wouldn't bother with multicast for your project at all.
05:50 < hagbard> Further, let's assume we can do 802.11g at 54Mbps.
05:51 < hagbard> Hold on, I'm going to see if I can pull up a better number for how many bits of data you can reasonably expect to transmit on an unloaded 802.11g channel.
05:51 < Spice_Boy> sielicki: https://youtu.be/fIg_9wJlQX4?t=211
05:54 < hagbard> sielicki: Ok, the internet concensus is that 22Mbps a reasonable expectation for a 54Mbps 802.11g network. That's 2.75MBps. We need 256kBps. So, imagine an interstate highway where there are 10 car-lengths in between every cary on the road.
05:55 < hagbard> sielicki: Sure, as you're pulling up the on ramp, you run a chance that someone will be in the left lane and delay you a car length. There's still a lot of empty road.
05:55 < hagbard> pardon, I meant the right lane.
05:57 < sielicki> hagbard: what you mostly illustrated there to me is how I have been sort of thinking about "audio streams" rather than _packets_, and now that I realize that, things seem much clearer.
05:58 < hagbard> Yes, correct.
05:58 < hagbard> Ha, yes, I can see why you were more fixated on collisions and channel contention.
05:59 < sielicki> thanks much for the advice and help, I really appreciate it.
06:00 < hagbard> One consideration for you, btw. Please believe me when I say 16bit 8kHz, mono is more than sufficient. 2.5ms is 400 packets a second. At that rate, each packet will only have 20 samples in it, which is 40 bytes of data uncompressed. When you factor in the 802.11, IP, and UDP headers on top of that, your payloads are really inefficient.
06:02 < hagbard> Again, for the hard of hearing elmer in your club, though, please consider the solution: a directional (maybe even hand-held parabolic) microphone, headphone amplifier, headphones. That way he can aim and choose whom he wants to speak to.
06:03 < sielicki> Well the other advantage of this sort of distributed setup is that we would get a mechanism for recording our presentations and meetings, which would be nice.
06:04 < sielicki> The OM in question is a WWII marine veteran, seems a bit undignified to have him be pointing a parabolic dish around the room.
06:05 < hagbard> I'm a poor judge of taste, I'll admit.
06:05 < sielicki> and if I have the excuse of being able to say, "we're doing this for other reasons", kind of a nice "out" to have him not feel as though he's burdening everyone.
06:05 < sielicki> And of course he wouldn't be burdening anyone, anyway. Man, old hams are just the best.
06:06 < hagbard> old Marines will be damned before they need anyone's help.
06:06 < hagbard> I appreciate your respect for his, well, self-respect.
06:07 < hagbard> I'm just concerned about the practical details through all of this. So, as I understood your initial idea, you wanted all, say 16, devices streaming simultaneously. Does the receiver decode and play back all of them, does it choose the loudest of all the streams, or will you have a PTT of some sort?
06:09 < sielicki> Well I was thinking you'd make up a diagram of the room you're in, and then when people open the app to allow their mic to record, they select where in the room they are. And then he (or any listener) could select what source to switch to based on the diagram.
06:09 < hagbard> Just mixing all the channels together will simply raise your noise floor by 12dB. (I think 12dB.)
06:10 < hagbard> Choosing the loudest stream is still a bit frought with problems - people shuffling or moving their chair may inadvertantly usurp the current speaker between words?
06:11 < hagbard> Also, are people going to be holding their phones up to their mouths as if they're making a phone call? (That, after all, is how they're intended to be used.)
06:11 < hagbard> Even the last option, with an explicit PTT will be problematic until people get the hang of it.
06:12 < sielicki> I wonder how bad it would be if you just had the phone's mic recording in "speaker phone" mode, I've found that newer phones are able to pick up really well.
06:12 < hagbard> I imagine that if the listener has to choose which microphone to listen to, any type of back and forth discussion will be hard to follow.
06:13 < hagbard> Here's another option. Have a podium with a podium microphone.
06:13 < hagbard> Put a video camera at the other end of the room and give your elmer a headphone off the mixer board. Make everyone with something of value to say go up to the podium.
06:13 < hagbard> like civilized people.
06:14 < sielicki> hahah, that's probably the best solution.
06:14 < hagbard> You'll need to remind anyone at the podium to repeat any questions asked before answering them.
06:14 < hagbard> Actually, you know, you could use a low-power FM transmitter and a set of FM radio headphones to make them wireless.
06:15 < hagbard> Nice feature of staying analog is it's effecitvely latency-less.
06:16 < sielicki> I don't mind playing around with the idea. In terms of whether things would be mixed together, and how you handle a back-and-forth, I think if you took the core idea to fruition and it seemed to work out okay, the rest of it could be fixed with a good enough UI
06:17 < sielicki> But yeah, you're right, the simple solutions do exist and they're likely to be much better than anything I could put together in the short term.
06:17 < hagbard> Imagine the situation. One person has finished speaking. Now, someone else has started speaking and before you can hear them, you need to spot who in the room it is, identify which microphone is the closest, and press the button.
06:18 < hagbard> Just think of how frustrating cellphone conversations become when people are cutting out for even fractions of a second.
06:20 < hagbard> If I were doing this in a manner as you're describing, I'd go for a system that selects the loudest microphone input and then holds on to that input until it is no longer the loudest for some timeout.
06:20 < sielicki> Well you're definitely right about that. But a lot of these issues exist with passing microphones as well.
06:20 < hagbard> Ie, once someone starts speaking, it will stay with them until they stop.
06:20 < hagbard> A bit like how 2m/70cm repeaters work.
06:21 < hagbard> It won't be perfect, agreed.
06:21 < sielicki> The issue with that approach is that an audio level depends on how sensitive a microphone on a particular phone, and how you balance for that across all inputs, and the complexity starts going through the roof
06:22 < hagbard> Btw, my earlier suggestion regarding the directional microphone suffers from the same problem as the choosing the microphone input. The OM's gonna go batty looking around to spot who's next every time someone stops speaking.
06:23 < VincentHoshino> btw these are really nice https://www.adafruit.com/product/1713
06:23 < hagbard> And the complexity will continue asymptotically if you're aiming for perfection.
06:23 < hagbard> But, yes, you're right that perfectly matched microphones/phones is impractical.
06:25 < hagbard> I suppose, at that point, I'd have the microphone constantly recording and calculating instantaneous power while tracking a short-term, weighted average. When that average changes abruptly, I'd call that a start event.
06:26 < hagbard> Also, I'd use the ratio between the minimum average and the maximum average as an intensity gauge.
06:26 < VincentHoshino> I use a few of those to add audio to my CCTV system things have some super gain.. can lock onto a convo in another room
06:26 < hagbard> rather quickly, though, I'd probably go ask someone who knows more DSP than I do.
06:26 < Tegu> I scrolled the backlog a bit (but not entiely). would something like a throwable soft mic cube work?  https://getcatchbox.com/
06:27 < hagbard> VincentHoshino: Interesting
06:28 < hagbard> VincentHoshino: When you say it will lock on to a conversation in another room, you still mean while your room is perfectly still and quiet, right? Or are these little microphones very selective?
06:29 < Tegu> except that box seems to be quite expensive :(
06:29 < VincentHoshino> realatively quiet.. still have AC and other stuff going.. but it will lock onto whatever is loudest and AGC it
06:29 < hagbard> While that makes getting the microphone around the room a lot easier, it still breaks down if people are too excited to speak and don't wait for it.
06:30 < hagbard> Tegu: Ok, yeah, holy crap that's expensive.
06:30 < sielicki> But they created 12,000,000+ smiles, guys.
06:31 < Tegu> if it's a ham club, you can buld something like that on your own :D
06:37 < sielicki> you have to feel for people with hearing loss, I think it's really unique versus other types of sensory loss. If you have poor vision, things aren't constantly morphing around you. If you sit at a baseball game, you can understand that the brown blob is the diamond and the green part is the outfield and you maybe won't have clarity of it but the world isn't constantly shifting around you.
06:38 < sielicki> versus with language, you might mishear something and you are constantly trying to map meaning to what you hear, and if you mishear something you have to hold all these variables in your head and try to regress back and remember what you misheard, and i can't imagine how mentally taxing that gets over time..
07:41 < _PRaETor> heyo
07:42 < _PRaETor> I'm working on an IRC server in Python's Twisted library, and I have a question about ports: Freenode lets you connect on ports 6665-6667 and 8000-8002 for plaintext, as well as 6697, 7000, and 7070 for SSL. My question is, why have multiple ports? From what I understand, a port represents a service on a system, so is this some form of load balancing? If one server is overwhelmed, it reroutes the client to listen to a port on
07:42 < _PRaETor> another server?
07:47 <+pppingme> _PRaETor port usage on irc is more about paranoia, stupid isp's, clueless network admins, and such..  its not about any kind of load balancing in most cases
07:50 < _PRaETor> pppingme ah. So then how do networks like Freenode do the whole 'multiple server' thing? Right now it says "Your host is adams.freenode.net", what determines what host I get? How do the separate hosts communicate with each other their hosts' details (like what nicknames they have logged, etc)
07:50 < _PRaETor> I have been unable to find any information on that
07:50 < _PRaETor> Is it some sort of seperate protocol entirely?
07:50 <+pppingme> round robin dns, extremely simple
07:50 < VincentHoshino> redirect on connect does do load balancing
07:51 <+pppingme> irc doesn't do redirect, not part of the protocol
07:52 < _PRaETor> Ah I see
07:52 < _PRaETor> Thanks
07:53 <+pppingme> _PRaETor the good side of round robin dns is its simplicity, the bad side is it doesn't take any kind of traffic or serverload into consideration
07:53 < _PRaETor> pppingme Well then, are there any practical uses of having multiple ports for a network?
07:53 <+pppingme> that is unless your app somehow rewrites dns as needed, freenode doesn't do anything like that
07:53 < _PRaETor> Like surely Freenode doesn't run all those ports for no reason right?
07:53 <+pppingme> _PRaETor port usage on irc is more about paranoia, stupid isp's, clueless network admins, and such..  its not about any kind of load balancing in most cases  <<<  read this again....
07:53 < _PRaETor> But that is what I mean
07:54 < _PRaETor> Are you saying that Freenode is just stupid?
07:54 < _PRaETor> Or their ISP is dumb
07:54 < _PRaETor> Etc
07:54 <+pppingme> there is a reason, idiots routinely block port 6667 and a few others out of paranoia
07:54 < _PRaETor> ahhhh
07:54 <+pppingme> freenode is smart for giving alternative ports to get around the idiot admins that are outside of freenodes control
07:55 < spaces> morning!
07:55  * spaces pings pppingme as he seems to ask for it all the time 
07:55 < _PRaETor> so I guess what I will do then as far as ports are concerned is, restrict plain text ports to 6665-6669 + 8000-8002, and ssl ports 6697, 7000 and 7070, as per the rfc standards.
07:56 < RustyJ> you mean people who think evil lurks on IRC?
07:56 < _PRaETor> I'll just let whoever is setting up the server decide what he wants, as long as it falls into that
07:56 < _PRaETor> wait
07:56 < _PRaETor> pppingme "idiots routinely block port 6667 and a few others out of paranoia" but... paranoia of what?
07:56 < light> why put any restrictions on it at all?
07:56 < light> I can tell apache to listen on 6667 if I want
07:56 < _PRaETor> I want to make sure it follows the RFC standards is all
07:57 < spaces> RustyJ evil ios one of my many many names :P
07:57 < _PRaETor> Seems the standard indicates you should use 6667
07:57 <+pppingme> there's this misconception that IRC is at the root of all bots and other bad protocols
07:57 < _PRaETor> But then again I guess I could just let the person running it decide if he wants to follow the standard or be dumb or whatever
07:57 < RustyJ> spaces, evil ios huh? drank tooooo much cisco?
07:58 < _PRaETor> or if I do add a restriction, I guess 0-1025 will be it, since from what I've read those are reserved for root services or whatever
07:58 < VincentHoshino> ahh here it is.. numeric 005 RPL_BOUNCE RFC2812
07:58 < _PRaETor> lol
07:58 < spaces> RustyJ no eating my lovely breakfast ;)
07:58 < RustyJ> whatcha having?
07:58 < VincentHoshino> but yeah dns round robin mostly
07:59 < _PRaETor> I might be getting ahead of myself, I don't even have ISUPPORT or CAP implemented
07:59 < _PRaETor> lel
07:59 < _PRaETor> my code is a mess too
07:59 < spaces> RustyJ fresh baked pistolet, banana and water atm :)
07:59 < _PRaETor> spaces should eat some muffins
07:59 < _PRaETor> get some nice lemon muffins
07:59 < spaces> _PRaETor too much fat
07:59 < _PRaETor> i have fast metabolism so more for me
07:59 < _PRaETor> :3
08:00 < _PRaETor> then again i have been sick to my tummy lately so maybe that line of thinking is not good
08:00 < spaces> _PRaETor me as well but you get lazy and tired because of it
08:00 <+pppingme> VincentHoshino yeah, i've seen that, but its not widely implemented (I've never actually seen it in the wild)
08:01 < _PRaETor> spaces well lately i just havent been eating much period. its bad, but im on adderall and i work so much i just dont ever want to break away to eat. which aint so good with type 1 diabeetus heh.
08:01 < RustyJ> off subject.... i'm doing an email migration... their accounting woman has 77 subfolders and emails back to '05
08:01 < _PRaETor> been thinking of getting soylent lately just so i dont have to get up and make any food
08:01 < _PRaETor> srry to cut you off rusty
08:02 < RustyJ> she even has a folder named 'apple' with survey emails and passwd changes in it.... how fun must this woman be at parties.
08:02 < light> She sounds very organized.
08:03 < RustyJ> she sent me an email with a note of caution.... please keep my folders neat, i am the person who will cut your final check.
08:04 < light> You better listen to her then
08:04 < RustyJ> ya think.... she threatened to not pay my company if i fack it up
08:04 <+pppingme> VincentHoshino read this: https://stackoverflow.com/questions/23144371/confusion-about-the-005-irc-numeric-and-general-rfc
08:04 < potatoe> sounds like I can learn from her then
08:04 < potatoe> my email folder looks like crap
08:05 < RustyJ> i have two folders... in/sent
08:05 < RustyJ> and a jillion emails by date
08:05 < potatoe> i have so many spam emails from CI/CD, confluence and shit
08:05 <+pppingme> VincentHoshino and especially the first reply
08:05  * Mead turns on his oven to 425 and starts scrubbing potatoe with a vegitable brush
08:06 < RustyJ> make a rule.... i get spammed by jira constantly... everytime someone opens something or signs in
08:06  * potatoe kindly informs Mead that he prefers the deep fryer 
08:07 < _PRaETor> so uh, just for the record, I should probably restrict ports below 1024 right? since those are for root only? is it a bad idea to run a server app on root (i think i already know that answer but im curious)
08:07 < potatoe> RustyJ I made a rule for confluence, but then it also filtered my mentions.. plus for some reason the confluence settings dont have "alert me only for mentions"
08:08 <+pppingme> _PRaETor there are ways to get services to run <1024 as non-root, but IRC has always had a higher port number
08:08 < _PRaETor> I am just having trouble deciding if I should leave it up to the user if he wants to be dumb and do a port number like that, or if I should somehow warn him when he tries to use the number
08:08 <+pppingme> _PRaETor why are you trying to re-invent the wheel?  There are lots of irc daemons out there, most can be brought up on a single host in less than 10 minutes
08:08 < _PRaETor> pppingme because its fun
08:09 < RustyJ> the higher port number is per the RFC... plus the lower port numbers are all busy with traffic.... i do run my znc servers on odd ports tho
08:09 < potatoe> btw networking related, I'm transferring files between two hosts, both are on 1000BaseT full duplex. when I do pv /dev/urandom | ssh hostB cat >/dev/null on host A, i get 7MB/s, when I do the same on hostB, i get 60MB/s
08:09 < potatoe> any idea whats up with this?
08:09 < _PRaETor> this is so far the biggest thing i've worked on and i'm learning stuff about structuring bigger projects like this by doing it, so its worth it to me
08:09 <+pppingme> potatoe by definition, 1000baseT is ALWAYS full duplex
08:09 < potatoe> pppingme ah I see
08:09 < potatoe> pppingme whats baseSX
08:09 < potatoe> or something similar
08:10 <+pppingme> 60MB works out to 480 mb/s, and I'm betting you aren't taking ssh overhead into account (are you maxing out a core??)
08:10 < potatoe> oh its optical fiber
08:11 < potatoe> pppingme but host A has the better CPU
08:11 < potatoe> 60MB is fine, but I'm wondering why does host A -> B only get 7MB/s
08:12 < potatoe> host A out via HTTP/rsync parallel etc all get 60MBs out
08:13 <+pppingme> to test speeds between two hosts, use something with little to no overhead, like iperf
08:13 < myxenovia> hi
08:13 < javi404> iperf is your friend
08:13 <+pppingme> after you do that, then troubleshoot speed issues
08:13 < javi404> iperf3
08:13 < myxenovia> does binding a socket to a ipaddress means that the socket will only receive packets from that ipaddress?
08:13 < potatoe> pppingme iperf single thread maxed out at 100Mbit or so, parallel iperf got 940Mbps or so
08:13 <+pppingme> and I'll bet you find most issues aren't related to network, but rather cpu bounding or something
08:14 < javi404> potatoe: what is parrallel iperf?
08:14 < potatoe> javi404 threaded iperf*
08:14 <+pppingme> iperf isn't threaded
08:14 < javi404> potatoe: what is the name of this package?
08:15 < javi404> I am only aware of the regular iperf and iperf3
08:15 <+pppingme> do you mean -P  (multiple STREAMS)??
08:15 < potatoe> pppingme yes
08:16 < potatoe> sorry wrong terminology
08:17 <+pppingme> that almost always suggests you're shaping..  or you're extremely cpu bound
08:18 < potatoe> pppingme I'm not maxing out a core iirc, but I can test again
08:18 <+pppingme> look at BOTH ENDS, don't assume just because one side you don't have an issue that the other side isn't causing it..
08:18 <+pppingme> you're either cpu bound, or you're throtteling..
08:18 <+pppingme> describe EVERYTHING between the two hosts..
08:19 <+pppingme> are they plugged into the same switch?  are there 8 switches and two routers between them, or what?
08:19 < potatoe> well theyre in different DCs, but im using the 60MB/s I'm getting from parallel rsync as a baseline here
08:19 < RustyJ> bad cable? a cat lessthan fast?
08:21 <+pppingme> depending on how you have rsync setup, its probably encap'd within ssh, and again, 60MB/s is 480mb/s
08:21 < detha> potatoe: what is the latency between the hosts? have you tried iperf with different -W values ?
08:21 <+pppingme> and if you're seeing multiple streams get more bandwidth than a single stream, I'd start to bet that one of the dc's or carriers between is shaping..
08:22 <+pppingme> are these all physical machines, or vm's or what?
08:24 < potatoe> physical machines, dedicated
08:25 < potatoe> detha I'll experiment with different -W values after my current transfer is done
08:26 < detha> potatoe: i checked man page, it actually is -w (or some env variable). Anyway, force it to use a larger window size
08:27 < variable> \o/
08:29 < detha> mtr 8.8.4.4
08:29 < detha> oops, sorry
09:17 < smallville> I'm building a network and I meed ethernet cable. I'm buying this one http://urly.fi/YKc
09:18 < smallville> Is it good enough?
09:19 < RustyJ> thats insanely cheap!
09:19 < RustyJ> or should i say inexpensive
09:19 < smallville> you're saying it's crap?
09:20 < smallville> inexpensive. got it
09:21 < smallville> How about cable ends? People reviewing them are always complaining about them not crimping well
09:22 < RustyJ> honestly i don't crimp much.... everything is pre-made or punchdown... but i do have a big bin of them from Ideal they seem fine.
09:24 < smallville> what do you mean by pre-made? You buy cables at exactly the length you want with the ends already assemnled?
09:24 < smallville> Thats not doable when cabling an office
09:25 < RustyJ> yes it is from outlet punch down to computer
09:25 < RustyJ> the only place i use cables is at end points and in racks
09:25 < detha> smallville: you terminate on a patch panel, or on a wall jack. Then you use pre-made patch cables.
09:26 < smallville> yeah that makes sense
09:26 < tehjanosch> smallville, of course it is. you measure everything and tell the manufacturer what you need
09:27 < smallville> ok
09:27 < tehjanosch> it's just a matter of time and cost :>
09:28 < smallville> detha: you just gave me a great reason to get a patch panel
09:28 < RustyJ> you need a reason for a patch?
09:29 < RustyJ> easier, faster, more simple, less messy
09:29 < tehjanosch> RustyJ, depending on the company you work for... i can imagine that he needs to explain such expenses
09:29 < smallville> I always thought they were unnecessary, plug all the cables straight into the switches\
09:29 < tehjanosch> if you want to do proper and structured cabling there is no other way to achieve that
09:30 < tehjanosch> it also saves you switches
09:30 < tehjanosch> or let's you spend budget on better switches
09:31 < smallville> I realize that if I plug them straight into the switch, then I need to crimp the ends. If I use a patch panel, no crimping needed]
09:33 < smallville> if i'm not gonna be crimping, should I get the
09:33 < smallville> TRENDnet crimper anyway just in case I need to repair a cable end?
09:42 < smallville> is 250 feet of ethernet cable enough to run it though the walls and ceiling for a small office of 4 rooms?
09:42 < light> why don't you measure?
09:43 < smallville> I'm not at the site right noe
09:44 < smallville> please give me a rough idea of what length is required.
09:44 < smallville> 4 offices, and 1 server room
09:48 <+xand> smallville: as if we could answer that.
09:49 < myrat> what's up
10:00 < Popzi> We have a Guest network being broadcasted from an AP (isolated) and our actual network, for some reason, despite me changing nothing, my computer is connecting to our guest network when plugging the ethernet cable in, yet others on the same switch are connecting to the proper network? Is there a way to prevent ethernet connections to a guest network or is windows 10 just shit? I couldn't find any setting regarding routing and the guest network any
10:07 < bezaban> Popzi: is it a managed switch with ports as access ports to different vlans?
10:08 < Popzi> bezaban: nope, to make things even more fun, it's all Draytek Vigor routers and a Draytek AP :(
10:09 < Volis> Hello Folks, I am trying to remote desktop into a machine on local network but cannot. However, I am able to ping to it.
10:10 < tehjanosch> is rdp allowed?
10:10 < Volis> This is unusual because I am the only person who connects to this machine and only using remote desktop. I connected to it this morning and since then nothing has been changed
10:10 < Volis> tehjanosch: yes, rdp is allowed
10:11 < Volis> Both the machines (the one I'm on, and the remote one) are running Windows 2008 Server
10:16 < tehjanosch> try to restart the rdp service if something like this exists, but i bet it does
10:16 < tehjanosch> my other suggestion would be to perform a reboot as this usually helps on a windows machine ;)
10:21 < Volis> tehjanosch: i've been facing this problem since last three days and it gets resolved with a reboot
10:22 < Volis> but i wonder if there's something i can fix somewhere to actually fix this
10:28 < dminuoso> Volis: Before you go about fixing things, you need to debug it.
10:28 <+pppingme> Volis so this used to work without issues and the problem recently started?
10:29 < Volis> dminuoso: I'm not sure how to debug or diagnose this though
10:30 < dminuoso> Volis: Check out services.msc, see if there's anything in the log output there
10:30 < dminuoso> Volis: wait sec, I meant the event viewer
10:30 < Volis> Okay, I'll have to physically reboot it somehow first
10:31 < dminuoso> Volis: Though you could check out services too, its possible there's some issue with the RDP service
10:31 < dminuoso> (Perhaps restarting that service might be enough, rather than rebooting the entire machine)
10:31 < dminuoso> physical reboots are rarely, if ever, necessary
10:31 < Volis> Yes but it is a headless server and I have no means to access it other than remote desktop
10:32 < dminuoso> Volis: anyway to unheadless it?
10:32 < dminuoso> (even if just temporary for debugging)
10:33 < Volis> I'll have to see if we have a spare monitor lying around but probably not
10:36 < ppf> why do i need two NS to control a zone?
10:43 < Apachez> you dont
10:43 < Apachez> but most TLD's have that as a demand
10:43 < Apachez> its for redundancy
10:44 < Apachez> if one server is down if you only have one then new clients wont find to your servers
11:37 < marcopolo7> Hello!
11:37 < djph> hi marcopolo7
11:37 < marcopolo7> so i am trying to create a vpn-ipsec tunnel
11:38 < marcopolo7> my router doesn't support something like that(and does not allow open source firmware), should i go with making it on a computer(use it as a server)?
11:38 < djph> or get a better router.
11:39 < marcopolo7> good point, i will defiently do this in the future
11:39 < marcopolo7> but as a now option, should i do this?
11:39 < djph> well, it depends on what you want to do with this vpn tunnel
11:40 < marcopolo7> Implement a University exersize that we have done in the lab
11:41 < djph> is it just for getting back to a "known trusted" location (i.e. your home/office) for internet banking and the like; is it for a tunnel between two offices, what?
11:41 < djph> .... or 'just learning'?
11:41 < marcopolo7> but we used cisco router there(which i dont have :P)
11:41 < marcopolo7> just for learning.
11:41 < djph> in which case, the computer should be fine
11:42 < marcopolo7> but it could be in a good use in an office, if you dont want to be seen your traffic
11:42 < djph> "Office" computers are the property of your employer.  I wouldn't advise doing things you think you have to hide from them
11:42 < marcopolo7> i will use a rpi that i have, that is sitting in my net without doin pretty much nothing(well except some file transfering)
11:45 < marcopolo7> true, by the way with this techique you can hide your traffic from your isp also right?
11:46 < djph> "hide"
11:46 < Apachez> on "your" net ?
11:47 < marcopolo7> of the client user
11:47 < marcopolo7> accessing through the vpn-ipsec
11:48 < djph> the comms between the vpn_client and vpn_server are encrypted, yes.  The operator or the VPN server knows what you're doing.  The operator of the client's network knows where they're connecting (and that it's a VPN)
11:49 < marcopolo7> true! Thank you for the usefull answers!
12:03 < spaces> the blockchain hype, can I throw over please ?
12:04 < djph> have at it
12:05 < spaces> have ?
12:05 < djph> colloquialism for "go right ahead"
12:06  * spaces floods the channel 
12:13 < skyroveRR> .
12:13 < spaces> skyroveRR you want some more ?
12:13 < skyroveRR> What?
12:14 < skyroveRR> Some more of what?
12:14 < spaces> read back
12:14 < skyroveRR> Tell meeeh
12:16 < spaces> no, you seem to be lazy, so am I :P
12:16 < skyroveRR> :|
12:17 < spaces> why should I do double work if you need to read it anyways ?
12:18 < skyroveRR> You asked me first, not the other way around.
12:18 < spaces> no you were pointless
12:18 < spaces> you wanted attention
12:20 < skyroveRR> Nope.
12:20 < skyroveRR> Just by putting a "dot", I'm not seeking attention.
12:21 < spaces> what is the purpose of that dot then ?
12:22 < Apachez> .
12:22 < skyroveRR> .
12:22 < skyroveRR> spaces: well, no purpose really.
12:23 < spaces> Apachez you biatch, you are always up to such thing :P
12:23 < djph> ?
12:23 < spaces> it doens't make out relation better :P We cannot reach the next level by doing so ;)
12:23 < spaces> *our
12:24 < skyroveRR> "relation"? spaces, are you his wife?
12:24 < shtrb> that is such a cisgender thing to say ...
12:24 < spaces> skyroveRR no he wants to be
12:26 < Apachez> skyroveRR: spaces is my biatch
12:27 < spaces> Apachez he roleplaying doesn't mean you are allowed to change your role with mine!
12:28 < spaces> go back in your cage!
12:34 < djph> both of you, back in the gimp-boxes.
13:10 < OliverUK> What would you peoples recommend for a hardware firewall in a home?
13:10 < light> cinder blocks filled with concrete
13:10 < kottt> a software firewall <_<;
13:11 < kottt> what's the actual use case?
13:11 < kottt> and why not just run a SOHO router with a basic FW?
13:11 < skyroveRR> OliverUK: there's no such thing called a hardware firewall in the first place.
13:12 < skyroveRR> A firewall is a "software". What firewall you are looking for depends on its use. Most houses don't need chip-level firewall.
13:12 < shtrb> kottt, SOHO as in the ones given by the ISP ?
13:13 < Roq> OliverUK: Depends on your needs and budget. A router with basic filtering for home use you can use Ubiquiti edge router, or a mikrotik rb750. Don't know if you have a vendor preference
13:13 < OliverUK> kottt: Thinking of other protections like web traffic filtering and some basic intrusion protection
13:13 < shtrb> because if you trust the ones give by the ISP I have bad news for you
13:13 < light> half your web traffic will be tls encrypted
13:13 < OliverUK> skyroveRR: OK, I am looking for a physically separate box to put in that will serve as a perimeter firewall
13:13 < regdude> everyone seems to love UBNT, go with that, they should be configurable enough
13:13 < Dalton> Ubiquiti USG
13:14 < light> mikrotiks are cheap
13:14 < regdude> everyone hates them here
13:14 < kottt> shtrb: SOHO meaning small office home office; skyroveRR: HW firewall implies a dedicated firewall appliance. OliverUK: Maybe spin up an old desktop with PFSense?
13:14 < Dalton> model depending on your current/planned network speed
13:14 < light> get a cisco then
13:14 < kottt> proxy-based web filters are shit shows though and you should really just use a DNS-based solution IMO
13:14 < Roq> Ive seen mikrotiks work on smaller remote sites without issues
13:15 < OliverUK> I've used MikroTik but they don't offer great web filtering, intrusion prevention or even better features like inspecting HTTPS traffic
13:15 < regdude> well Im using them where ever I can, but you will be blackmailed by using them
13:15 < shtrb> kottt, I know what SOHO mean , but many ISP give you ones
13:15 < regdude> inspecting HTTPS?
13:16 < shtrb> what possible could go wrong if you MITM yourself ? (using a custom CA)
13:16 < Dalton> OliverUK: do you have a budget?
13:16 < OliverUK> regdude: Yeah, basically a firewall performing man in the middle attacks on all of your traffic
13:16 < kottt> regdude: Why does everyone there hate UBNT?
13:16 < regdude> no, everyone here loves UBNT
13:16 < light> shtrb: you might not know that a certificate is bad
13:16 < Roq> Doesnt Ubiquiti have a firewall device aswell?
13:16 < OliverUK> Dalton: Not at the moment, just thinking about it at the moment
13:16 < Roq> oh USG, like Dalton said
13:17 < Dalton> ;)
13:17 < shtrb> light, I know it a bad idea (when you install the custom CA )
13:17 < kottt> regdude: oh, everyone hates mikrotik is what you meant before?
13:17 < regdude> yes, sorry if was misleading
13:17 < Dalton> i don't hate mikrotik, cause I've not used it
13:17 < shtrb> light, ... sarcasm
13:18 < kottt> just confusing =) we've got 800+ ubiquiti routers deployed here, and apart from some occasional issues with the flash memory failing they've been beautiful
13:18 < trae32566[w]> jesus christ
13:18 < Dalton> kottt: that's the early model low end egderouters?
13:18 < trae32566[w]> HA pairs or singles?
13:18 < OliverUK> I am thinking of putting in a VPN server so I can get access to home network things you see, so to tighten it up I was going to have two firewalls, one for the perimeter to the internet and another protecting all of the home network with a DMZ in the middle
13:18 < trae32566[w]> EdgeRouters I take it?
13:19 < kottt> yes, the EdgeRouter Lites and Pros
13:19 < light> 800 routers is too many because the ttl on linux is only 64 so your packets won't get through them all
13:19 < kottt> and we've just got a batch of the ER4s and Infinity's in
13:19 < trae32566[w]> they definitely have limitations and bugs
13:19 < Dalton> oooooh
13:19 < trae32566[w]> I have an ER4
13:19 < kottt> light: oh no
13:19 < trae32566[w]> it's good at most things
13:19 < shtrb> kottt, please tell us it's not 800 NAT system
13:19 < kottt> why not
13:19 < Dalton> got any Infinity's in prod yet? i think i have to RMA mine (fan died)
13:19 < kottt> is there something wrong with an 800 NAT system? <_<
13:20 < Dalton> nope, only double nat, 800 is fine
13:20 < kottt> phew
13:20 < shtrb> *consecutive 800 NATs
13:20 < trae32566[w]> you using them for anything other than basic routing and whatnot?
13:20 < Dalton> if it gets past the the 2nd one you're golden
13:20 < trae32566[w]> their IPsec is absolute garbage
13:20 < kottt> =) we're an ISP for schools & libraries, we use them for routing and firewall
13:21 < trae32566[w]> yeah, I could totally see that then
13:21 < kottt> occasionally we'll set up a basic DHCP server on them for idiots who can't figure out how to spin up a DHCP server of their own
13:21 < regdude> OliverUK: for your requirements I would recommend a highly configurable router, everyone here seems to like UBNT, you should go with them. Don't expect great filtering features with HTTPS, it is supposed to be unfilterable, though some firewalls will provide the option to limit through TLS and not just the IP
13:21 < trae32566[w]> yeah be careful though
13:22 < djph> kottt: whereabouts are you?
13:22 < kottt> Maine
13:22 < djph> note to self, next time in maine, poke around in the libraries
13:22 < Dalton> haha
13:22 < trae32566[w]> lol
13:22 < kottt> <_<
13:23 < Dalton> East Side!
13:23 < shtrb> kott why not spin B.A.T.M.A.N on them and have only one gateway connected to the internet
13:23 < trae32566[w]> I use the DHCP server on mine, because home use
13:23 < shtrb> just imagine all the gun
13:23 < djph> although, the closest I'm liable to get is Cape Cod ... I get distracted easily, and, well, tasty tasty food
13:23 < shtrb> *fun not gun
13:23 < regdude> someone actually uses it?
13:23 < trae32566[w]> what, DHCP on the ER? yeah
13:23 < trae32566[w]> tons of people
13:23 < Dalton> it works fine
13:23 < Dalton> multiples even
13:23 < trae32566[w]> I'm surprised people use DNS on it O_O
13:23 < regdude> no, I mean BA]
13:23 < trae32566[w]> but they do
13:23 < regdude> *batman
13:23 < shtrb> yes, batman is used
13:23 < kottt> it's better than the DHCP server on Mac server anyway <_<
13:24 < shtrb> (there are better and worse, but batman is the most known)
13:24 < shtrb> I think it is the most known one
13:24 < shtrb> But to see it on an 800 installation would be amazing
13:24 < regdude> I assume it is not very scalable?
13:25 < djph> regdude: "what" isn't?
13:25 < shtrb> It was desgiend to be scalable
13:25 < kottt> :P i don't think B.A.T.M.A.N. fits our use case
13:25 < shtrb> RIP engrish
13:26 < shtrb> kottt, you could teach people to use mesh networks (and ask them to install their own routers ) :)
13:26 < trae32566[w]> ew no
13:26 < trae32566[w]> just no
13:26 < kottt> alas, i remain an underpaid NOC tech monkey with no authority
13:27 < turtle> burn it all down
13:27 < shtrb> kottt, I don't know how to weaponize/comercilize that but it could be a fun thing to see
13:27 < Dalton> yay for monkeys
13:28 < kottt> trae32566[w]: ew what? mesh networks?
13:28 < shtrb> monetize not weaponize
13:29 < OliverUK> I was thinking of possibly a Watchguard firewall, any objections?
13:31 < OliverUK> I have used them before and they don't seem bad
13:32 < Dalton> never heard of them
13:33 < Dalton> but that's just me, who knows the kind of stuff you get across the pond
13:37 < regdude> pfsense is very popular
13:46 < OliverUK> regdude: To be fair I was thinking of maybe putting pfSense as the firewall between the DMZ and the internal network but for the perimeter firewall I was thinking of something a little 'beefier'.  This is only a home network though so the risks are a lot lower
13:50 < regdude> you could go with a device that supports firewall RAW tables, in most cases it is sufficient to use them instead of full connection tracking, though not sure how many devices support raw tables. You can always go for a dedicated x86 box
13:51 < regdude> and I always like to separate networks using VLANs (don't like to use split-horizon or bridge tables)
13:52 < Apachez> https://www.youtube.com/watch?v=ZmB-h7OpdU8
13:52 < regdude> hopefully this one won't explode
13:57 < dogbert_2> they recalled the judge in California...LOLZ
14:01 < Apachez> who? what judge? for what?
14:04 < dogbert_2> google Aaron Persky (he's the judge in the Stanford swimmer case (Brock Turner)...who was convicted for raping an unconcious woman)
14:12 < TandyUK> OliverUK: you'll need to be spening about £5k before you get a firewall for your edge that is 'beefier' than a pfsense.  Its a mighty OS when installed on sensible hardware :)
14:12 < regdude> rocket didn't explode
14:13 < Epic|> Good, that judge fucked that case hard
14:17 < dogbert_2> yeah, if he would have given the guy say 2.5/3 years, he'd probably still be on the bench
14:18 < dogbert_2> the prosecution wanted 6-7 years...so something in the middle would have been appropriate
14:18 < Apachez> so you mean its against the law to rape uncouncious women?
14:20 < dogbert_2> Apachez...well, the judge did follow the law in his sentencing, but due to the outrage, the CA legislature changed the definition of rape in CA to include unconcious persons, and now the mandatory minimum for that offense is 3 years in prison
14:20 < dogbert_2> (or more)
14:20 < Apachez> only in murica :)
14:20 < Apachez> "if a tree falls in the forrest, did it actually fell?"
14:20 < dogbert_2> so you could say the judge ruined it for every other jurist in CA
14:20 < Apachez> "if a woman is raped while unconcious, was she actually being raped?"
14:21 < TandyUK> only 3 lol, i think its 7 years minimum in the uk, which i still think is too short
14:21 < dogbert_2> the minimum is 3 years, the max can be whatever the judge decides
14:22 < dogbert_2> i.e. - no more Brock Turner wuss sentences
14:22 < TotallyNotKim> cheapest 12x fiber 10G switch? Is there even such a thing for < 10k?
14:22 < TotallyNotKim> scrap cheapest, best buy
14:23 < Apachez> sure
14:23 < Apachez> www.ubnt.com edgeswitch 10G
14:23 < Dalton> ^^
14:23 < TotallyNotKim> ay
14:23 < dogbert_2> yeah, ubnt!
14:23 < TotallyNotKim> didnt think of them
14:23 < TotallyNotKim> ty
14:23 < dogbert_2> though I wished they made a wireless edgerouter :)
14:23 < TotallyNotKim> lol
14:24 < Apachez> https://www.ubnt.com/edgemax/edgeswitch-16-xg/
14:24 < dogbert_2> they could do it...
14:24 < Apachez> about $600/each
14:24  * dogbert_2 looks
14:25 < regdude> you should be able to find cheaper ones as well
14:25 < dogbert_2> nice hunk of gear, Apachez
14:26 < TotallyNotKim> wtf
14:26 < TotallyNotKim> these are cheap actually
14:26 < Apachez> these ones are nice if you need 19/2 gear http://www.alliedtelesis.com/products/switches/xs916mxs
14:26 < Apachez> http://www.alliedtelesis.com/products/switches/x550-series/x550-18xsq
14:27 < dogbert_2> yeah, they make some decent gear, Apachez
14:30 < dogbert_2> LOL...cut rental fees with cable internet...get an Arris SurfBoard
14:30 < dogbert_2> it's a good piece of gear...I have an SB6183
14:32 < msdsos> i need to make a network map for a project, anybody know a good program that will make a graphical info or a text file?
14:33 < TotallyNotKim> msdsos: paint
14:33 < TotallyNotKim> jk, since your name is msdos I'd say Viso?
14:33 < Roq> Visio, draw.io
14:34 < Apachez> msdsos: mermaidjs
14:34 < dogbert_2> Gliffy does a decent job for small network diagrams
14:34 < dogbert_2> works in chrome...and is free
14:35  * dogbert_2 spins The Ozark Mountain Daredevils - Jackie Blue (1975)
14:35 < msdsos> i need it to scan the network
14:35 < dogbert_2> then gliffy isn't gonna do the job
14:36 < Donjuanal> so you want it to scrape the network and build a map for you?
14:36 < msdsos> yeah
14:36 < Apachez> draw.io exists in an offline edition
14:36 < msdsos> i have full admin right to the network
14:37 < Apachez> "sure"
14:37 < Donjuanal> msdsos: is all your gear from the same vendor?
14:37 < msdsos> "mom always said dont trust strangers"
14:38 < Roq> I think mikrotik's "the dude" has that kind of functionality
14:38 < Dalton> what's the best way to back up some VMware VMs
14:39 < msdsos> Donjuanal, its mostly HP and some dell
14:39 < Roq> Dalton: we use Veeam
14:39 < Dalton> Roq: issues with consolidation? we're having heaps
14:40 < Donjuanal> msdsos: you could probably do it with observium and some observium addons/plugins
14:40 < Roq> Dalton: Not to my knowledge, but I'm not the vmware person
14:40 < tehjanosch> 14:36:45 < Roq> Dalton: we use Veeam <- i would have suggested the same :P
14:41 < Donjuanal> msdsos: there seems to be an observium map generator on github
14:41 < TandyUK> ^^ me too :)
14:41 < tehjanosch> might be there is a better software for that, but it's easy to handle and their support is just great
14:41 < TandyUK> im a veeam reseller if you want to buy it froma friendly irc person :P
14:42 < tehjanosch> haha, that's how you generate business :D
14:42 < TandyUK> but the free version does well for most small/non-production setups
14:42 < TandyUK> ive never advertised lol, youd be amazed how much work comes via IRC :)
14:42 < djph> veeam?
14:42 < TandyUK> vm backup software
14:43 < TandyUK> point it at the host, every vm sorted :)
14:43 < djph> ugh, typical horseshit marketing buzzword website
14:43 < djph> why do i even fucking bother anymore
14:43 < dogbert_2> Ho, Ha, Ha, Guard, Turn, Parry, Dodge, Spin, Ha, Thrust!
14:43 < Dalton> we (client) has the paid version and it's been nothing but issues as far as snapshots consolidation
14:43 < djph> ... not to mention this new bout of "we use cookies!" nonsense.  It's not 1995, OF COURSE YOU USE COOKIES
14:43 < TandyUK> speak to suppor then, theyre usually very good
14:44 < dogbert_2> djph...we'll never get anywhere if you keep holding back about how you REALLY feel about the website :P
14:44 < Roq> dogbert_2: haha
14:44 < dogbert_2> :-)
14:44 < TandyUK> djph: tell that to the retartds who insitgated this 'cookie law', and the other retards who plasters "we need your permission to use cookies" over every website, regardless what the cookies are for (session cookies are expressly excluded fro mthe legislation)
14:45 < djph> dogbert_2: hang on, busy wrapping this box of horseshit for the marketing director
14:45 < djph> TandyUK: the EU, right?
14:45 < dogbert_2> oh, you me the EUrinal GDPR shit?
14:45 < dogbert_2> mean, even
14:45 < TandyUK> no, the cookie law is something else lol
14:45 < dogbert_2> cookies are for eating, esp. if they're deep fried oreos
14:46 < TandyUK> give it a few years, and the EU will require you to ask permission before oyu can wipe your ass
14:46 < dogbert_2> LOLOL
14:46 < djph> TandyUK: good thing UK's getting out, amirite? :)
14:46 < dogbert_2> that's why I'm across da pond in the US of A
14:46 < Roq> The cookie thing is annoying, but it's mandatory by law ( https://www.cookielaw.org/the-cookie-law/ ) GDPR is related to the data a company has on a person ( email, address data etc)
14:46 < msdsos> Donjuanal: Thanks i will check it out :)
14:46 < TandyUK> yup, very good thing imho
14:47 < regdude> but please keep our strawberry pickers, we don't want them back
14:47 < TandyUK> Roq: its mandatory if you actually use cookies.  session cookies (which is all the vast majority of sites use) are excluded from the legistlation
14:47 < djph> ugh, this "AOL 2.0" stuff makes me die inside
14:47 < dogbert_2> djph, did you need some liquid ass? :)
14:48 < dogbert_2> who the hell uses Assholes OffLine anymore
14:48 < TandyUK> http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm
14:48 < TandyUK> find the section "However, some cookies are exempt from this requirement. Consent is not required if the cookie is:"
14:51 < dogbert_2> LOL...another song of the 70's   Starland Vocal Band - Afternoon Delight
14:52 < djph> dogbert_2: facebook (etc) are the nouveau-AOL
14:53 < dogbert_2> bwhahahaha, djph
14:54 <+catphish> morning
15:11 < [diablo]> Good afternoon ##networking
15:11 < [diablo]> guys I'm trying to find a Linux based tool that could make say 2000 connections from a machine, to a target IP and port
15:12 < Roq> iperf can do multiple streams
15:12 < [diablo]> does anyone know of anything that could do this please?
15:12 < [diablo]> hi Roq well
15:12 < [diablo]> on the target there's qdrouterd ... an amqp router ...
15:12 < [diablo]> I can't run iperf on the target
15:12 < msdsos> sounds like ddos
15:13 < [diablo]> hehe nope
15:13 < msdsos> sure then ;)
15:13 < [diablo]> what it is , is that the qdrouterd is running on Red Hat Satellite 6
15:13 < [diablo]> but it has HAproxy's in front ... we think there might be an issue with the amount of maxconn's
15:13 < [diablo]> limiting it to 1024
15:14 < mawk> [diablo]: ab maybe
15:14 < mawk> apache benchmark
15:14 < [diablo]> thus, wanted to attempt to get a bunch of extras to see if they establish
15:14 < [diablo]> ah, dunno that one
15:14 < TandyUK> if its http requests, ab would do it
15:14 < [diablo]> it's AMQP
15:14 < TandyUK> possibly might need more than one source to get 2k connections
15:15 < TandyUK> like raw AMQP, not wrapped in an http tunnel?
15:15 < [diablo]> TandyUK tbh, no idea mate
15:15 < [diablo]> just listens on 5647 ... that's all I know
15:15 < [diablo]> but we see the connectoins coming into it from the HAproxy
15:15 < TandyUK> yeah thats amqp then
15:16 < TandyUK> i assume the haproxy is just doing round robin rather than anything complicated
15:16 < TandyUK> (even if it is with 1 host behind)
15:16 < [diablo]> actually it's not HA
15:16 < [diablo]> we had to us it tho' to get thru some network segments
15:16 < TandyUK> ah ok
15:16 < [diablo]> so all RHEL boxes in zones could reach teh RHS
15:17 < [diablo]> but I think there's a bottle neck on the HA's
15:17 < TandyUK> id check a few things, a) how the haproxy is configured, whether it is causing the liit, b) how amqp is configured, again this has a connection limit
15:17 < [diablo]> traffic goes via 3 x HA's before hitting the RHS
15:17 < [diablo]> TandyUK yup we've done all that...
15:17 < [diablo]> problem is we have around 1000 RHS client machines RHEL 5/6/7
15:18 < TandyUK> theres also max connections per host, which if youre going  stuff > haproxy > haproxy > haproxy > amqp, you could well be hitting
15:18 < [diablo]> we see it teeter around the 1022 ~ mark
15:18 < TandyUK> the final ha proxy would see everything coming from the second for example
15:18 < [diablo]> but if we can stress test it with a few more connections ... we can be clear
15:18 < TandyUK> 1024 seems like a fairly sane limit if it hasnt been changed from defaults
15:18 < [diablo]> well the maxconn on the HA's is at 30000
15:18 < [diablo]> on all 3 x
15:19 < TandyUK> yes, but thats TOTAL
15:19 < TandyUK> not from a single host
15:19 < [diablo]> hmmm
15:19 < [diablo]> I asked in #haproxy ... and tbh they gave it the A-OK on the setup
15:20 < TandyUK> hmm, in that case, go chech the amqp setup
15:20 < [diablo]> well we need more connections :)
15:20 < TandyUK> again i think its goign to be the fact that it sees ALL these connections coming fro ma single host that is the issue
15:20 < [diablo]> I don't wanna fire up 100 x VM's just to see
15:22 < TandyUK> another one to check would be the open files limit o nthe host runnign amqp
15:22 < TandyUK> it could be hitting its limit there
15:23 < [diablo]> :) also done
15:23 < TandyUK> hmm lol
15:23 < [diablo]> and validated by RH support
15:23 < [diablo]> really, I just need to try esbtalishing more connection s...
15:23 < [diablo]> see if they get thru , and if not, find out the bottle neck
15:23 < [diablo]> was hoping nmap might do it, but seems not
15:24 < [diablo]> might just write a python script to do it
15:25 < TandyUK> tcp_listen_options.backlog  on the amqp host?
15:25 < [diablo]> hmm let me check
15:25 < TandyUK> net.core.somaxconn  is another one
15:25 < [diablo]> net.core.netdev_max_backlog = 1000
15:25 < [diablo]> net.ipv4.tcp_max_syn_backlog = 2048
15:26 < TandyUK> tcp_listen_options.backlog  on the amqp host?  (this is amqp config, not the host itself)
15:26 < [diablo]> net.core.somaxconn = 128
15:26 < TandyUK> ok that could be it, id set that at 2048+
15:26 < TandyUK> thats "128 people may be trying to establish a connection at once"
15:27 < [diablo]> well, tbh we need to cover it for say potentially 3000 client machines (RHEL's)
15:27 < [diablo]> it will scale to that over the next year or so
15:27 < [diablo]> as VM's are spun up
15:28 < TandyUK> yes, but note that is specifically for connecting being opened, once open they dont count gaainst that limit
15:28 < [diablo]> ah ok
15:29 < [diablo]> brb
15:32 < [diablo]> so, I think I'm right in that if I can generate enough ESTABLISHED connections to the qdrouterd ... It'll give me some clarity no?
15:42 < gde33> my advise for the EU would be to first start a citizen email service with mail that you have to read, then do oauth, then a shopping website with mandatory participation for all products and services from all companies in the EU complete with prices, then a social network where you must post your resume, then a github fork (with support for more than just git) where developers must go live...
15:43 < gde33> then a cloud hosting service that you must use
15:43 < gde33> lets also do e-lurning that you must participate in
15:44 < djph> gde33: ... what ... ?
15:44 < TandyUK> djph: you beat me to it lol
15:44 < gde33> it will be glorious
15:44 < TandyUK> i was jus tre-reading to see if there was anything logical in there
15:45 < gde33> not at all, it just would be hilarious
15:45 < djph> TandyUK: re-reading was your second mistake.  Expecting any logic on IRC was your first.
15:45 < TandyUK> its certainly the sort of thien the EU would waste money on
15:45 < Apachez> assumption is the mother of all fuckups
15:45 < TandyUK> djph: tbh the IRC protocol is quite logical, its just what its used for that is depressing half the time :P
15:46 < gde33> the EU should do an irc server
15:46 < djph> TandyUK: oh I wasn't talking about the protocol.  (Also, I proved my own point, I think)
15:46 < TandyUK> gde33: is there anythign the EU shouldnt do?
15:46 < TandyUK> im thinking this might be a smaller list
15:46 < djph> TandyUK: GDPR?
15:47 < gde33> TandyUK: give money to the greeks
15:49 < Apachez> Give Danishpeople Porn Regullary ?
15:51 < Apachez> "what do you mean by turning sun rays into lazorz?" https://www.youtube.com/watch?v=gGk2rj_T5js
15:51 < Apachez> somebody at that official sponsor watercompany who dun goof
16:06 < TandyUK> ouch lol
16:13 < Rayben> Romantic orientation, also called affectional orientation, indicates the sex or gender with which a person is most likely
16:13 < Rayben> to have a romantic relationship or fall in love. It is used both alternatively and side-by-side with the term sexual
16:13 < Rayben> orientation, and is based on the perspective that sexual attraction is but a single component of a larger dynamic.
16:13 < Apachez> https://twitter.com/SecureBio/status/1004118130556309509/photo/1 "nothing to worry about, its just highly radioactive wood thats on fire - nothing to see, circulate!"
16:16 < regdude> that is just what they said to us when forced us to go clean it all up in 80s. It is just dust, don't worry
16:17 < djph> regdude: "you'll be fine..."
16:18 < TandyUK> its only cancer, what are you worried about
16:18 < Apachez> are you a terorist or something?
16:19 < regdude> nothing that a bottle of vodka can't cure
16:19 < djph> TandyUK: that's what the clones are for
16:19 < TandyUK> is that what russian fire engines use for putting out fires?
16:20 < regdude> actually I remember one guy in the hospital after heavy radiation exposure. He yelled: don't give me these pills, give me vodka and I will be fine
16:20 < TandyUK> yeah vodka solves everything :)
16:21 < Apachez> When in doubt, get drunk!
16:21 < Apachez> Texas official slogan
16:37 < backtrack_> hello
16:38 < backtrack_> does somebody use bluetooth?
16:38 < SwedeMike> backtrack_: most people do.
16:38 < backtrack_> i want to ask you: if i have an associeted BT accessory, i turn on the accessory, and later i turnon also the smartphone; the accessory keep searching the associated smartphone?
16:39 < backtrack_> or it searchs for it only when i enable the accessory itself?
16:47 < TandyUK> depends on the device tbh
16:47 < TandyUK> id expect most to keep polling every so foten
16:49 < njbair>  please tell me if my understanding is correct about ipv6, that if Router Advertisement is enabled then prefix delegation should happen by default on clients? And there's no need for DHCPv6 on the LAN?
16:50 < TandyUK> provided its configured properly, that is the theory yes, and also provided the client actually asks for a prefix rather than just an address
16:51 < njbair> i'm mainly concerned about Windows 10 clients
16:51 < Aeso> njbair, end users typically don't participate in prefix delegation
16:51 < Aeso> but win 10 clients support SLAAC just fine, yes
16:51 < Aeso> so long as your RA includes the appropriate subnets
16:51 < TandyUK> ^^ win 10 doesnt need PD
16:52 < njbair> ok yeah sorry I mixed up PD and SLAAC
16:52 < TandyUK> a windows server with vpn users or somethng, possibly, but really you should be assigning that statically
16:53 < njbair> yeah I was wondering about that....I have several Windows servers that are statically-addressed in IPv4, and wondering what the standard is for SLAAC vs static
16:53 < njbair> because isn't SLAAC basically static based on MAC address or something?
16:53 < SwedeMike> njbair: there is one way of creating addresses called EUI64 that does that. It's not the only one.
16:53 < backtrack_> TandyUK, in your case how does it work?
16:54 < njbair> is it a good practice to statically assign IPv6 addresses to servers then?
16:54 < SwedeMike> Windows (vista and later) will only ask for PD if "Internet connection sharing" is enabled (at least this was the case with Vista)
16:54 < TandyUK> backtrack_: your BT shit?? like i said, it depends on the device
16:54 < Aeso> njbair, most IPv6 clients have many IPv6 addresses
16:55 < TandyUK> njbair: for servers, yes imho
16:55 < SwedeMike> njbair: I have some that have static addresses, I have some that do not. It depends on the use-case.
16:55 < SwedeMike> njbair: both have pro:s and con:s.
16:55 < TandyUK> if anything connects TO them, make it static imho
16:55 < Aeso> once they've got their EUI64 address via SLAAC, they'll use DAD to create themselves a handful of privacy addresses which they'll use to actually access other networks
16:55 < njbair> so DC's would be static for sure
16:56 < SwedeMike> Aeso: actually, latest versions of most modern OSes do not use EUI64 anymore. Default in Ubuntu 16.04 has changed, some others as well.
16:56 < backtrack_> TandyUK, you mean that there are accessories which ssarchs for devices every X time ?
16:56 < njbair> and I guess the rest would depend on how well Windows' DNS server handles SLAAC-assigned clients...
16:56 < TandyUK> backtrack_: yes and no, it depends on the device
16:56 < Aeso> SwedeMike, ah, good to know. I've got some catching up to do.
16:56 < TandyUK> some do, some dont
16:56 < backtrack_> and accessory that search for device only when enabled?
16:57 < backtrack_> TandyUK, yes, and i want to know the cases
16:57 < SwedeMike> Aeso: https://tools.ietf.org/html/rfc7217
16:57 < TandyUK> it depends onthe fucking device
16:57 < njbair> ok so now I just need to figure out why my clients aren't getting the proper prefix
16:57 < backtrack_> YES and i want to know all the cases
16:57 < TandyUK> there are thousands of different bluetooth devices
16:57 < backtrack_> maybe i'm not able to express myself in english language
16:57 < TandyUK> well, ALL the cases are' go buy every single bluetooth device o nthe market' and have fun making a database
16:57 < njbair> backtrack_, there is no way to know. just try it and see
16:58 < SwedeMike> njbair: you can run "rdisc6" on Linux boxes to see what's in the RA. Or yuo can do tcpdump -vvv icmp6 and see what's in it. Look for Prefix Information Option.
16:58 < TandyUK> I even get different results from the SAME device on occasion (thinking of my in car bluetooth).
16:58 < njbair> SwedeMike, thanks
16:58 < SwedeMike> njbair: clients need an RA with PIO and the A flag being 1, then they'll know the prefix and that they can assign themselves addresses from it.
16:58 < TandyUK> sometimes it reconnects by itself, sometimes on my phonei have to ge tell it to use it
16:59 < backtrack_> TandyUK, and CAR bluetooth is what i'm talking about
16:59 < TandyUK> which car bluetooth
16:59 < backtrack_> my car bluetooth search for devices only when turn on the CAR
16:59 < TandyUK> it depends on the SPECIFIC device
16:59 < backtrack_> yes
17:00 < TandyUK> so how your car bluetooth behaves, and how my car bluetooth behaves is quite likely different
17:00 < backtrack_> TandyUK, it's random china shitty hardware without brand
17:00 < TandyUK> how exactly my car bluetooth behaves seems to depend on which way the wind is blowing
17:00 < backtrack_> TandyUK, in your case, for example, how the device search for devices?
17:01 < backtrack_> i hate mine because the only way to make it connect is that the bluetooth on my smartphone must be on while turning the ignition to on
17:01 <+catphish> SwedeMike: clients don't use EUI64? what other options exist?
17:01 < njbair> TandyUK, my JVC car stereo always connects, then disconnects, then reconnects. This process takes upwards of 45 seconds and often results in my Android phone not assigning the media output correctly.
17:02 < njbair> I've disabled BT autoconnect in my car and I connect it manually every single time. It's faster that way.
17:02 < backtrack_> njbair, if you enable your smartphone bluetooth after turning on the radio, it connects?
17:02 <+catphish> SwedeMike: or do they just have no consistent global IP at all?
17:02 < njbair> backtrack_, BT is always enabled on my phone. If i disable then reenable, yes it will usually connect
17:03 < njbair> backtrack_, but more often i go into BT settings on my phone, click the gear icon next to my JVC stereo, and click Connect.
17:03 < backtrack_> njbair, then you're luck
17:03 < backtrack_> y
17:03 < njbair> backtrack_, that is the only sure-fire way to get it to work
17:08 < michagogo> I'm seeing something really weird. There's ~a site~ an entire domain with various subdomains that I
17:08 < michagogo> 'm not able to reach on my home internet connection, but it works on my phone
17:08 <+catphish> routing problem, or they blocked you
17:08 < michagogo> And when I tether my phone to my computer, and when I try from a couple different VOSes
17:08 < michagogo> VPSes
17:09 < michagogo> To be clear, it's DNS resolution that's failing
17:09 < michagogo> Even when I try dig @1.1.1.1 or dig @8.8.8.8
17:09 <+catphish> well that's easily fixed by using better DNS servers
17:09 < SwedeMike> catphish: https://tools.ietf.org/html/rfc7217
17:09 < michagogo> catphish: Better than Google or Cloudflare?
17:09 <+catphish> no, those should work
17:09 <+catphish> unless your ISP intercepts dns reqiests
17:09 < SwedeMike> catphish: SLAAC with A=1 on the PIO, means the clients choose its own addresses, and they can basically use whatever algorithm they want. EUI64 is just one.
17:10 < michagogo> That did occur to me
17:10 < michagogo> So I decided to try cloudflare via HTTPS
17:10 <+catphish> SwedeMike: i know what, i just didn't realise any mechanisms other than EUI64 and privacy addresses were used
17:10 < michagogo> And this is really bizarre:
17:10 < TandyUK> DNS !== HTTP(S) you know that right?  not seeing how cloudflare via HTTPS is going to make any differenc
17:11 < michagogo> I'm trying to query DNS via HTTPS
17:11 < TandyUK> huh?
17:11 < michagogo> https://developers.cloudflare.com/1.1.1.1/dns-over-https/json-format/
17:11 <+catphish> TandyUK: he's trying to do DNS over HTTPS, can't you read man
17:11 < TandyUK> ok then, wtf is that lol
17:11 < michagogo> Anyway, get this. On my computer: $ curl 'https://cloudflare-dns.com/dns-query?ct=application/dns-json&name=madim.atal.idf.il&type=A'
17:11 < michagogo> {"Status": 2,"TC": false,"RD": true, "RA": true, "AD": false,"CD": false,"Question":[{"name": "madim.atal.idf.il.", "type": 1}]}
17:12 <+catphish> some DNS providers offer it :)
17:12 < michagogo> On EC2:
17:12 < TandyUK> wierdness lol
17:12 < michagogo> $ curl 'https://cloudflare-dns.com/dns-query?ct=application/dns-json&name=madim.atal.idf.il&type=A'
17:12 < michagogo> {"Status": 0,"TC": false,"RD": true, "RA": true, "AD": false,"CD": false,"Question":[{"name": "madim.atal.idf.il.", "type": 1}],"Answer":[{"name": "madim.atal.idf.il.", "type": 1, "TTL": 286, "data": "147.237.0.19"}]}
17:12 < michagogo> So my question now is: WTF?
17:12 < TandyUK> maybe different CF nodes, one has it cached, the other hasnt, and whatever provides "idf.il"'s DNS is down?
17:13 < michagogo> The thing is, it's the same when I do a DNS query to 8.8.8.8
17:13 <+catphish> michagogo: some of that site's DNS servers are down
17:13 < TandyUK> intodns.com is quite useful :)
17:13 <+catphish> err
17:13 < michagogo> Really? How can that cause this observed behavior? It's not new either
17:14 < michagogo> For weeks and weeks now, it's never worked on my home connection
17:14 <+catphish> i'm really confused now
17:14 < michagogo> And it's always been fine on my cellular connection
17:14 < TandyUK> 2 out of their 3 listed nameservers are down according to intodns's check
17:14 < michagogo> I would think that if some of the servers were down it would sometimes fail on my phone and/or sometimes work at home...
17:15 < TandyUK> well, 2 out of 5 ips, that is
17:15 <+catphish> i can't explain this: https://paste.ubuntu.com/p/brgR7byFws/
17:15 < michagogo> charlie@charlie-pc ~ $ dig tdim.atal.idf.il @ns1.idf.il.
17:15 < michagogo> should be madim
17:15 < TandyUK> looks to me like theyre in the middle of some migration, and its oging horribly wrong tbh
17:16 <+catphish> how come i get A records when i use +trace, but not when querying direct?
17:17 < michagogo> catphish: your second command was typo'd
17:17 < michagogo> charlie@charlie-pc ~ $ dig tdim.atal.idf.il @ns1.idf.il.
17:17 < michagogo> Not madim.atal.idf.il
17:17 <+catphish> oh yeah
17:18 < michagogo> VPS:  https://www.irccloud.com/pastebin/Cv8N9Wzu/
17:18 <+catphish> in any case, some of their DNS servers are down, probably bad enough to cause some failures
17:18 < michagogo> PC: $  dig madim.atal.idf.il @ns1.idf.il
17:18 < michagogo> dig: couldn't get address for 'ns1.idf.il': failure
17:19 < kottt> if it's not too much of a distraction to ask: On Monday we had an issue where SSL services were selectively failing for clients around the state. It looked like maybe packets were being corrupted on the return path, but for the entire day, HTTPS web pages and apps with encrypted components (eg user auth) were either failing to load, loading completely, and occasionally (!) after several attempts, loading properly, only to fail again moments later.
17:19 < kottt> Problem resolved itself overnight, we never found a cause
17:19 <+catphish> michagogo: i guess there's some routing problems to that DNS server
17:19 < kottt> anybody seen anything like that before?
17:19 <+catphish> dns3.gov.il is down for me
17:20 <+catphish> kottt: that's usually indicative of a MTU problem
17:20 < TandyUK> ns1.idf.il abd ns2 both have 2 ips listed, but only the 62.219 range is replying
17:20 <+catphish> ah ok
17:20 <+catphish> so yeah, their network / dns are fucked :(
17:20 <+catphish> you can always use a hosts entry as a workaround
17:21 < kottt> catphish: Had a customer try reducing the MTU on their PC without change
17:21 <+catphish> kottt: that's a terrible workaround, but it would usually work
17:21 < kottt> it was just for troubleshooting purposes but it very much did not work
17:21 < kottt> :[
17:21  * catphish shrug
17:22  * kottt shrug
17:23 < michagogo> catphish: So I should try and figure out how to get in touch with the IDF's tech team? It's just really bizarre that this would happen the way it's happening - namely, that querying several different recursive resolvers would always fail on my home connection, and never fail on my cellular connection and multiple different VPSes
17:24 < michagogo> Over a period of weeks
17:24 < michagogo> Actually, I think it's more like months
17:24 <+catphish> yes that is inexplicable
17:25 < michagogo> Dammit, I even looked up and tried another resolver (9.9.9.9) and that's the same way
17:26 < michagogo> Is there any DNS server that returns (or lets you see out of band with some kind of unique ID) the source address of queries to it?
17:28 < tpr> dns server software or dns service?
17:28 < tpr> if service, then e.g. dig +short myip.opendns.com @resolver1.opendns.com
17:28 < michagogo> Service
17:29 < michagogo> Specifically I'm looking for one that I can use with a recursive resolver
17:31 < detha> michagogo: dig +short whoami.akamai,net
17:36 <+catphish> michagogo: every resolver i try can resolve that site
17:36 <+catphish> michagogo: the only conclusion i can reach is that your ISP intercepts your DNS requests and passes them to its own resolver
17:37 <+catphish> there's no way they're all coincidentally failing only from your location
17:42 < michagogo> That's what I was thinking too
17:42 < michagogo> But that's impossible, because it failed with DNS-over-HTTPS too!
17:43 < michagogo> 😖
17:43 < detha> What does dig report the server as?
17:46 < lithiumpt> what IP address does ns1.idf.il resolve to? (on your home connection)
17:57 < qman__> Is there a tool to automatically condense a list of CIDRs into the fewest number possible? i have a list that has a bunch of /32s right next to each other and want to reduce the number of rules I need
17:57 < qman__> Without spending a bunch if time doing it manually
17:58 < Aeso> qman__, what you're describing is route compression, and I'd wager there's probably some free tools to do it
17:59 < kerframil> qman__: aggregate, aggregate-flim
18:00 < detha> qman__: one or another of python's ipaddress libraries can do that
18:01 < qman__> Thanks, aggregation lead me to this, exactly what I need https://tehnoblog.org/ip-tools/ip-address-aggregator/
18:32 < doppleherz> What do people here use to keep a history of configuration changes to switches and routers, and physical or logical network changes?
18:34 < detha> rancid. and a wiki
18:36 < Donjuanal> rancid
18:37 < microwaved_> rancid
18:38 < doppleherz> Alright, I'll give rancid a look.
18:39 < detha> doppleherz: for a new setup, look at oxidized
18:39 < microwaved_> it works perfectly
18:39 < microwaved_> detha: what is that?
18:40 < detha> microwaved_: https://github.com/ytti/oxidized  then same, but more modern/devops/git/ruby
18:42 < doppleherz> Looks interesting as well.
18:42 < microwaved_> detha: it supports not only Juniper? also cisco / mikrotik / etc etc?
18:42 < doppleherz> Gonna read on both and  setup some tests.
18:43 < microwaved_> doppleherz: keep me updated on the oxidized one
18:43 < detha> microwaved_: I have no personal experience with it, but juniper definitely, mikrotik maybe.
18:43 < microwaved_> i barely work with JUNOS
18:43 < microwaved_> mostly with CISCO
18:43 < microwaved_> ios
18:47 < detha> given the source, I'd expect them to have some cisco left in their network
18:56 < E1ephant> oxidized++
19:00 < Sven_vB> hi! what's the correct way to signal the end of the HELP list for tcpmux, and which other end-of-list signals should my proxy understand?
19:08 < clon3man> how do my polycom phones know about the existance of the voice VLAN automatically
19:08 < clon3man> they seem to discover it even if I wipe them fresh
19:13 < slickerjet> is there a quiet 10gb switch?
19:14 < slickerjet> or are they all 1U or 2U and loud as hell
19:14 < slickerjet> i wanted a desktop 1U switch
19:15 < FrozenFire[alt]> I have an outdoor CAT6 run (will upgrade to CAT6a soon) that is to supply PoE power and ethernet to an area of my property with no available power, where I have a wireless access point and two PoE security cameras. What would be the most effective way to terminate this in a small form factor? Is there such thing as a PoE switch which takes input PoE power and ethernet and distributes it as PoE to multiple devices?
19:15 < FrozenFire[alt]> All PoE switches I'm seeing are ones which take a separate DC input.
19:16 < E1ephant> slickerjet: how much 10G? EX2300?
19:16 < slickerjet> im not sure what that is
19:16 < E1ephant> errr EX2300-C will be silent  even
19:16 < slickerjet> ill have to google it
19:16 < E1ephant> juniper products
19:16 < E1ephant> yes
19:17 < slickerjet> 900$ switch phew, that's a little pricey
19:17 < slickerjet> does it require a lot of config?
19:17 < slickerjet> i'm noob and i use unifi for almost everything
19:17 < slickerjet> i'm trying to make 2 desktops connect to each other using a 10gb or 10gbe switch so i'll buy the parts today to take advantage of the ebay 20% coupon
19:17 < E1ephant> ah just skip the switch and connect the hosts directly
19:18 < E1ephant> it'll be much cheaper
19:18 < detha> FrozenFire[alt]: one PoE port can only feed so much.... I think a switch plus two cams plus an AP would be pretty close to or over maximum
19:18 < E1ephant> 40G NIC and DACs aren't too much more either if that is your thing
19:19 < E1ephant> but getting 10G rolling between  two hosts can be as cheap as $60 ~  80 USD
19:19 < E1ephant> I use mellenox NICs, but chelsio is also very popular in the budget space
19:20 < slickerjet> 40gbps?
19:20 < slickerjet> should i just skip 10gbps and move to 40gbps
19:21 < E1ephant> I mean what do you need this for?
19:21 < slickerjet> well the two desktops are "servers" like for plex and shit
19:21 < slickerjet> i dont "need" it just want it, and since ebay is doing 20% off, why not jump in now
19:21 < E1ephant> how does plex need 10G?
19:21 < detha> ^
19:21 < slickerjet> sometimes moving those movies around
19:22 < E1ephant> I mean  I would make sure you have I/O performance to warrant it first, but yeah just host to host 10G, it's cheap and simple
19:22 < slickerjet> i know that my Synology NAS goes more than 1gbps
19:22 < slickerjet> my at&t fiber is 1gbps
19:22 < slickerjet> 1gbps is kinda my bottleneck for sure
19:22 < E1ephant> lol
19:23 < j-fish> Recommendation for a built in antenna(wireless) access point ?
19:23 < E1ephant> like NAD as in spinning hard disks?
19:23 < E1ephant> NAS even
19:23 < MissionControl> In CEPH arangements perhaps a 40G would be a reasonable consideration over 10G
19:23 < E1ephant> or you have actual flash in there?
19:23 < E1ephant> j-fish: idk, anything? unifi uap? super cheap.
19:24 < slickerjet> NAS has spinning disks yeah
19:24 < slickerjet> ive recently started moving everything over from the 60TB nas to stablebit clouddrive hosted gdrive
19:24 < slickerjet> that really taxes my 1gbps connection
19:24 < E1ephant> and how many spindles at what speed are you pushing 1gbit plus with?
19:24 < slickerjet> well i know that copying from my nas to my plex computer maxes out 1gbps link
19:24 < slickerjet> and that's internal network
19:25 < slickerjet> i could do 4x1gbE LACP from the Synology to the switch
19:25 < slickerjet> and then 10gbps from the plex machine to the switch
19:25 < slickerjet> 10gbps from my desktop to the switch
19:25 < slickerjet> and 1gbps for everything else, like ps4, xbox, hue bridge, etc
19:25 < slickerjet> i guess i only have 2 items that would do 10gbps or 40gbps
19:25 < E1ephant> I mean lacp isn't going to buy you single flow performance
19:25 < slickerjet> correct
19:25 < slickerjet> on other hand, screw this
19:25 < slickerjet> ill just order nothing
19:25 < slickerjet> save my money for christmas
19:26 < E1ephant> I would be more concerned with getting 10G straight  from the storage source/NAS
19:27 < E1ephant> but yeah, tbh it is slower,  but  still quite quick for home usage.
19:27 < slickerjet> i know that the new synology has 10gb built in
19:27 < E1ephant> idk I am streaming everything today
19:27 < E1ephant> maybe 2TB of onprem flash storage
19:27 < E1ephant> for VMs
19:28 < E1ephant> r/datahoarder may have more insight
19:28 < E1ephant> I think they generally have good direction for cheap fast (possibly dirty!) storage
19:29 < E1ephant> last I was looking at huge onprem zfs was all the rage
19:52 < kenlumbo> anyone use Ruckus with multiple tenants? I'm going through the documentation and it seems it might be kind of a pita if you have 50 customers with a single AP each
19:52 < kenlumbo> pita because of how you have to do the initial setup to get the AP to boot up and know where to find the zonedirector
19:53 < kenlumbo> just wondering if anyone has a similar situtation and if there was a different way that I'm not finding
20:48 < Zexaron> Hello
20:48 < Zexaron> does POE need special ethernet cable or will any existing one do ?
20:56 < detha> PoE works over standard cat5 or cat6
20:57 < Kingrat> just try to avoid using it on copper clad aluminum or 26awg, the bad stuff i have seen can not be unseen
21:05 < Aeso> even CCA or thin-gauge cables will do PoE okay
21:05 < Aeso> bundled cables (especially in conduit) is where that stuff will bit you though
21:05 < Aeso> bite*
21:13 < ic3cube> anyone good with network policy server stuff?
21:27 < kenlumbo> depends...
21:32 < Zexaron> tnx
21:40 < Apachez> network policy server?
21:40 < Apachez> what on earth is that?
21:40 < Apachez> a new snakeoil buzzword from the marketing departments?
21:43 < TandyUK> sounds like it
21:44 < TandyUK> the network policy is a document if anything
21:44 < TandyUK> fuck knows why it would need its own server
21:44 < TandyUK> having google it, im just gonna leave you with
21:44 < TandyUK> "s the Microsoft implementation of"....
21:45 < TandyUK> its radius
21:45 < TandyUK> tied with a vpn i think
21:45 < Donjuanal> so shit
21:45 < Donjuanal> thats what you meant by "s the Microsoft implementation of" right?
21:45 < TandyUK> oh no, its just some bullshit proxy for radius (and their own diagram shows the actual radius servers sitting behind it)
21:46 < Donjuanal> so it's even worse that I thought
21:46 < TandyUK> indeed lol
21:46 < TandyUK> "Network Policy Server (NPS) is the Microsoft implementation of a Remote Authentication Dial-in User Service (RADIUS) server and proxy."
23:10 < switchnode> I have a question about the physical interpretation of the Shannon-Hartley theorem, in particular how the bandwidth relates to the data rate.
23:15 < switchnode> What is the relationship between capacity per sample (the C = 1/2 log2(1+S/N) formulation), bandwidth, and bits per second (the C = B log2(1 + S/N) formulation)? What, physically, causes a bit to require a certain duration to receive?
23:29 < djph> the speed of light. Also the number of bits per symbol on the wire (as well as the symbol rate)
23:29 < djph> but mainly, the speed of light ;)
23:30 < switchnode> Ignore the propagation, I'm just talking about the sampling.
23:30 < switchnode> What enforces the symbol rate?
23:31 < switchnode> (The bandwidth, obviously, but I don't really understand how a relative s^-1 becomes an absolute one.)
23:36 <+catphish> i wish i understood the relationship between bandwidth and data rate
23:36 <+catphish> or "how the hell does QAM get 100+Mbps into 20MHz"
23:37 < switchnode> Oh, it's just the Nyquist rate for the frequency interval. Otherwise you get aliasing. Nvm
23:37 < djph> symbol rate is a factor of the encoding scheme on the wire.  e.g. Manchester Encoding - data XOR clock
23:38 < switchnode> for a specific scheme, yeah, but I was asking about the upper limit
23:38 < djph> you'd have to look at e.g. 256QAM 7/8 or something
23:39 < djph> really, the "limit" is how fast can we send the encoded signal, and still make sense of it
23:41 <+catphish> i just don't understand how you can send more data in the same bandwidth
23:41 < djph> bear in mind, of course, that the symbol rate is effectively just how fast we can modulate the signal ... e.g. a 300 baud modem has a symbol rate of 300 cycles / second ... and IIRC, 1 bit / symbol
23:44 < djph> as opposed to DOCSIS 3.0, which is ... 127 7-bit out of 128 FEC ("Forward Error Correction) symbols ... With overhead and "standard" framing, this results in 38.8 mbps per 6 MHz channel
23:45 < djph> and the arris paper on this is ... holy hell heavy on math
23:45 <+catphish> i just can't get my head around the basic relationship
23:47 < djph> it all comes down to QAM
23:47 < djph> or rather whatever modulation it's using on the physical
23:51 < djph> I'm honestly not an expert on it ... but effectively QAM is taking a pair of carrier waves that're out of phase 90 degrees ... and then applying amplidude modulation to the carrier pairs in response to the data signal
23:54 < djph> IIRC, there's also more than a little "cut the carrier into a whole bunch of subcarriers, and have at it)
23:55 < djph> e.g. wifi @ 2412 MHz isn't "just" a single 20 MHz-wide carrier ... but rather 20x 1 MHz-wide subcarriers (note - I'm making it up to try and explain it ... I don't think it's cut up quite that cleanly)
23:57 <+catphish> that's OFDM and is indeed part of the magic
23:58 < djph> yeah, there's a lot of black magic and heavy math when you get into the carriers / symbol rate / etc
--- Log closed Thu Jun 07 00:00:48 2018