--- Log opened Sat Jun 09 00:00:42 2018
--- Day changed Sat Jun 09 2018
00:00 <+catphish> without user interaction, /dev/random will be useless, but i believe /dev/random will contain data from somewhere enough to seed urandom
00:01 <+catphish> small random timings that occur during disk access timings durng boot maybe, i'm not sure
00:08 < spaces> I hate Humidity
00:09 < Epic|> Yes fuck humidity
00:12 < spaces> Epic| erm, you need some higly local humidity on a spot if you like to fuck but otherwise I wouldn;t know what you mean :P
00:15 < Johnjay> well i'm "interacting" by typing t hings like ls and dd at the command prompt
00:15 < Johnjay> that's about it
00:16 < Johnjay> if i'm reformatting my drive and it already has linux on it, i guess i could copy the /dev/random file on the disk
02:01  * spaces kicks linux_probe 
02:43 < jvwjgames>  find the ipv6 gateway if the DC won't give it to me
02:47 < mgolisch> ?
02:48 < mgolisch> how does the dc relate to your network configuration?
03:01 < jvwjgames> cause they gave me the v6 address but all the gave me was this 2607:fa18:1000:10::1/64
03:06 < mgolisch> and whats wrong with that address?
03:09 < light> the problem is it's actually 18 billion billion IPv6 addresses
03:09 < pekster> Erm, no. It's an address along with a CIDR mask, exactly the same as the IPv4 version
03:10 < jvwjgames> thats all the info they gve me but i need the gateway
03:10 < pekster> 192.168.0.1/24 is that particular address on a /24 subnet, with 2^24 bits for the network, and 2^(32-24) bits for the hosts. Works the same in IPv4 too ;)
03:10 < light> -.-
03:11 < pekster> jvwjgames: Presumably that's the gateway, but why isn't your site using SLAAC or DHCPv6 here? If you're staticly configuring things, you need to be given the next-hop router and the address/CIDR mask in use. Plus presumably the DNS servers to use too
03:11 < Peng_> jvwjgames: You could ask them
03:12 < jvwjgames> the DC just gave me that
03:12 < pekster> If you don't use automatic methods of configuration, you need to ask your netadmin for details
03:12 < jvwjgames> here ios a snip of the email Are they wanting to add IPv6, or move entirely to IPv6? I would imagine the latter. I've added address 2607:fa18:1000:10::1/64 to their interface for them to use.
03:13 < pekster> That alone is not enough info to configure things, no
03:13 < jvwjgames> that is all the admin gave me i can try to call and see if i can get them to give me the rest of it
03:13 < pekster> You need a next-hop (though in special cases with a Point-to-Point configuration, the next-hop is simply on-link via the device. That's not as common as traditional next-hop though, with an actual address. Sometimes link-local even)
03:14 < Peng_> Also gives you the chance to ask if they run IPv6 nameservers :D
03:14 < pekster> Regardless, you still need a next-hop, even if your setup is PtP. You simply haven't been given complete details if that's the sum total of what you've been told
03:14 < jvwjgames> but the last time i tried to call they said you have a /64 that should be enough
03:14 < jvwjgames> and i was like -_-
03:14 < pekster> Sadly, lots of ISPs remain mostly clueless about IPv6. They've "only" had 2 decades to figure this out, so you'd really hope the people that run networks would be less clueless
03:15 < Peng_> Maybe they actually did enable SLAAC?
03:15 < Peng_> or DHCPv6?
03:15 < pekster> Also, no, a /64 is not "enough". See RFC6177
03:16 < jvwjgames> i acctually signed up with ARIN and i am waiting for them to give me a V6 address block
03:16 < pekster> /56 is the recommended minimum to end-sites, and that may be too small for business consumers depending on what they're doing. But again, see my above point about ISPs being pretty clueless here
03:16 < jvwjgames> so that way i can configure and manage everything my self
03:17 < pekster> With a transit provider that offers peering or BGP services, yes
03:18 < jvwjgames> the DC has aggreed to advertise my address space
03:23 < tds> ideally you don't really want the DC to announce your space, having sessions with their routers and announcing the space yourself will make migrating around and scaling easier
03:24 < jvwjgames> i thought that i can't do anything without them announcing it
03:29 < tds> somebody needs to announce it in order for anyone to send traffic to you - I was just saying if you may want to switch provider later, add another transit provider/peers/whatever etc, it may make life easier to have your own asn and sessions with their routers, and announce the space yourself
03:30 < jvwjgames> ah ok
03:30 < jvwjgames> but i would need to be multi homed and in a DC enviroment it almost inpossible
03:35 < jvwjgames> or am i wrong about that tds
03:39 < spaces> linux_probe !!
03:40 < tds> well I'd hope in most decent DCs you have a selection of transit providers and possibly IXs, if you mean you're using some kind of dedicated server or a single colo'd box you may need to talk to your current provider
03:47 < jvwjgames> i have ipv6 setup now
03:47 < jvwjgames> that string 2607:fa18:1000:10::1/64 was all i needed
03:48 < jvwjgames> cause that first 2607:fa18:1000:10::1 was all i needed cause that address is the gateway
03:51 < Dagger> I hope you only need the on-link subnet, then
03:52 < Dagger> if you were planning to do any routed VMs or OpenVPN etc then you'll also be needing the routed prefix, and you'll need to know what address they're routing the prefix to so you can be using that address
03:57 < xochilpili> hello everyone
03:57 < xochilpili> somebody who please give me a hand with proxmox and networking ?
03:57 < xochilpili> i have all set but from linux container i havent internet access
03:59 < DoctorDick> Oh hey I know this
03:59 < DoctorDick> What is proxmox installed on?
03:59 < xochilpili> DoctorDick, in debian 8 (in a dedicated server)
03:59 < DoctorDick> A VPS?
03:59 < xochilpili> DoctorDick, thanks for answer
03:59 < DoctorDick> Or an actual server?
04:00 < xochilpili> actual server, i have install manually proxmox since (server's provider) has no longer the proxmox's iso
04:00 < xochilpili> DoctorDick, anyway i have installed proxmox from deb packages, now, i have only one linux container (centos)
04:01 < xochilpili> i have created vmbr0 and i can ping from proxmox (debian: 10.0.1.1) to linux container (centos: 10.0.1.50)
04:01 < xochilpili> from linux container i have setted ipaddr = 10.0.1.50 netmask=255.255.255.0 gateway = 10.0.1.1
04:01 < DoctorDick> You did do this correct?
04:01 < DoctorDick> https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_Stretch
04:02 < xochilpili> DoctorDick, yes
04:02 < mgolisch> but the host can access the internet?
04:02 < xochilpili> DoctorDick, the only part i have omitted is ipv6
04:02 < xochilpili> yes, i have connected to it via ssh
04:02 < DoctorDick> And you have only one public IP right?
04:03 < xochilpili> yes
04:03 < mgolisch> and it actualy has ipv4 internet?
04:03 < xochilpili> yes
04:03 < DoctorDick> https://pve.proxmox.com/wiki/Network_Model, follow Masquerading (NAT) with iptables
04:03 < xochilpili> Masquerading (NAT) with iptables <
04:04 < xochilpili> DoctorDick, i have done that
04:04 < DoctorDick> It should work then
04:04 < xochilpili> but still i havent internet access from linux container
04:04 < spaces> I need to pee
04:04 < DoctorDick> Pastebin your /etc/network/interfaces
04:04 < xochilpili> DoctorDick, done...
04:05 < DoctorDick> Link them or you can PM me
04:07 < mgolisch> its because you tell iptables to nat outgoing stuff using vmbr0 instead of the actual external interface atleast it looks like that from what you posted in #proxmox
04:08 < DoctorDick> Yeah I just told him that lol
04:25 < xochilpili> still havent access to internet from container
04:26 < mgolisch> check your iptables rules
04:26 < mgolisch> did you remove the old ones?
04:31 < xochilpili> mgolisch, issue solved, thanks to DoctorDick :D :D :D
04:31 < xochilpili> was a typo :D
05:07 < potatoe> ew netfilter disgusting
05:19 < mgolisch> why?
06:05 < spaces> I'm so sexy I don't even need sleep
07:16 < linux_probe> [06/08/18  9:39:37PM]<spaces> linux_probe !!
07:16 < linux_probe> wtf punk'
07:16 < linux_probe> oh dear oi copy-pasta'd in colours
07:16 < linux_probe> lel
07:53 < scientes> how do i remove an interface in linux
07:57 < cluelessperson> question, what's a good way to ddos protect a non-web application?
07:57 < cluelessperson> scientes: why? what do you want to do?
08:02 < scientes> i was removing a 6to4 to go for HE tunnel
08:03 < DirtyTaco> ?
08:04 < scientes> i'm setting up ipv6
08:04 < scientes> it was a virtual tunnet
08:04 < scientes> i found the answer: ip link delete
08:06 < spaces> linux_probe :O
08:07 <+pppingme> cluelessperson not piss people off
08:08 < spaces> pppingme eh ?
08:14 < Apachez> pppingme: now see what you did, you made spaces confused :(
08:15 < Mead> I'me sorting out all the devices connected to my home access point,  collecting hostnames, mac & Ip addresses.  What is the best way to figure out what wireless standards the of all the clients connected to it?
08:15 <+pppingme> spaces <cluelessperson> question, what's a good way to ddos protect a non-web application?
08:16 <+pppingme> Mead if the AP doesn't report it (some do, some don't), there is no way, unless you check each client individually
08:17 < Mead> and if the client is a tv or blueray player? I've gotta go dig up it's specs with google?
08:18 <+pppingme> Mead most devices will support at least a couple wifi standards, so just knowing specs doesn't tell you whats in use
08:25 < Mead> well the way I understand it,  between the b/g/n/ac a client and access point will negociate the highest common standard that all the clients can handle,  although AC has stuff built in that might allow it to connect via multiple different standards
08:41 < sigsts> Afternoon.
08:48 < spaces> Apachez fix me!
08:49 < sigsts> heh
08:49 < sigsts> you are unfixable ;P
08:50 < wyseguy> lol
08:59 < spaces> sigsts Cold PLay thinks different
09:04 < sigsts> spaces: ba dum tish!
09:12 < Mead> the only information I can get about my tv is that it has wifi...  nothing about if it is N or AC
09:15 < linux_probe> wifail
09:15 < linux_probe> what TV is it?
09:15 < linux_probe> under $750 USD?
09:16 < Mead> under $300 less than a year ago.  Westinghouse WD42FB2680
09:16 < mgolisch> whats that even
09:16 < mgolisch> also cable > *
09:16 < linux_probe> lol and you expect to have beyond wifi G?
09:17 < linux_probe> N at abosult ebest
09:17 < linux_probe> 2.4G only
09:18 < linux_probe> ancient tech, piss panels spewn to cheapos
09:18 < Mead> I would be really surprised it was G or AC
09:18 < linux_probe> G is ancient, now
09:18 < linux_probe> N is just as anceint
09:20 < linux_probe> asnd for $300, AC that works? nope
09:20 < linux_probe> if it has wired, plu g it in and be done lol
09:20 < crutchy> i have a vpn question. is this the right place to ask?
09:21 < Mead> crutchy:  ask here and if we can't answer it we can point you to the channel that would
09:21 < linux_probe> Virtual Polack Network
09:22 < linux_probe> hehe
09:22 < Mead> is the network attacking tanks on horseback?
09:22 < linux_probe> lol
09:22 < linux_probe> hey, them tanks can oly fire so many mortars in 20 minutes
09:22 < crutchy> what ip address would a web service on a LAN see for a VPN client accessing through a VPN server?
09:22 < Mead> Did the British make a deal with Russia to give them control of the Network?
09:23 < crutchy> its a noob question
09:23 < linux_probe> so horseback is plausiable, so long as they're hauling large C4 or other explsoive charges lol
09:23 < linux_probe> ( back in ww2 era)
09:24 < Mead> crutchy: can you elaborate a little more "web service on lan"
09:24 < crutchy> hmm. actually i think i might be able to test directly
09:25 < crutchy> err. an intranet site
09:25 < Mead> linux_probe: it is all fun ang games till the germans shoot your horse with a machine gun
09:25 < crutchy> a website served on say 192.168.0.188 or something
09:25 < linux_probe> horses!
09:25 < linux_probe> one tsnk hundred horses
09:25 < linux_probe> dont forget to fire at them
09:26 < Mead> would you rather right 1 tank size horse or 100 horse sized tanks?
09:26 < linux_probe> if that machin gunner cannot get out the tank to fir eback, solved
09:26 < linux_probe> I'm sneaky
09:26 < Mead> err fight
09:26 < crutchy> medievel times must have been pretty horrible for horses
09:26 < linux_probe> I;d lure the tank overtop a trap
09:26 < wyseguy> crutchy so random but true
09:26 < linux_probe> tank in large trap=hole game over
09:27 < crutchy> thanks Mead i know you didn't directly answer my question but you made me think about it
09:28 < crutchy> in this case you were the rubber ducky :p
09:28 < Mead> crutchy:  if you are connected to a VPN, the host believes it is on that network and not the local network .  So you probably wouldn't get access to local resources via private IP's.
09:28 < crutchy> i can access the service from the VPN client no problem
09:29 < crutchy> what i'm trying to do is actually see if i can access vpn client shares using smbnetfs
09:29 < crutchy> based on ip address from the web service
09:30 < crutchy> nothin sneaky or illegal. its for a corporate server-side backup service
09:30 < crutchy> feasability stage :p
09:30 < crutchy> it works over regular LAN clients, but i also have to deal with the VPN spanner in the works
09:31 < linux_probe> Virtual Phail Network
09:31 < crutchy> i'm not a vpn guy and i don't manage the vpn server, so i'm sorta learning the ropes
09:31 < linux_probe> about like IoT and the cloud, swiss-cheese bullshit, mainframe relaibailty :))
09:32 < crutchy> i'm also a coder, not really a sysadmin
09:32 < linux_probe> coderp
09:32 < linux_probe> see, thats the issue, coderps have no clue about admin/hardware/other layers
09:32  * spaces bitchlaps linux_probe like a real biatch 
09:33  * linux_probe purges ,egs whizz into spaces
09:33 < linux_probe> mega**
09:33 < crutchy> i'm trying to learn. i'm just not paid to know it mostly :p
09:33 < spaces> heh, he is out of order because if my sissieslaps :P
09:33 < spaces> *of
09:33 < spaces> I'm gonna take a nap
09:33 < spaces> later
09:34 < linux_probe> paid to know = useless
09:34 < linux_probe> being stuoid and drolling through X work = piss pay
09:35 < linux_probe> thena gain, they paty a premium for idiot output these days
09:35 < Mead> what I don't know, I can find out if needed
09:35 < crutchy> yeah i couldn't do sysadmin for a job
09:35 < linux_probe> and I see no reason for it other than tax write off and fat cat pocket padding upstream
09:35 < crutchy> coding is at least fun
09:35 < pikaro> hi! I'm trying to set up dnsmasq with dnscrypt-proxy. however, it's failing dnssec on every single query and I haven't found out why. config looks like this: https://pastebin.com/K9agEsUx, also includes dnsmasq log. downgrading to the stable versions (I'm on debian unstable) changes nothing. neither does using another resolver or using dnssec-proxy. result always: " dnssec-query[DS] com to 127.0.2.1 - reply com is BOGUS DS"
09:35 < pikaro> any advice?
09:35 < pikaro> hope this is channel-appropriate but I think it's more of a concept / understanding issue than a linux one
09:35 < linux_probe> purest of stupidity in aworld of brainwahsed dopehead idiots
09:39 < Mead> linux_probe: did you stop taking your meds recently?
09:40 < linux_probe> no, am I being to truthfull and hurting some AHDH dope eatuing morons feelings?
09:40 < linux_probe> ADHD' blah blah
09:50 < detha> crutchy: your only concern would be if the backup service needs L2 adjacency. If so, it limits your options a bit, if not, things should work (at least when sufficient clue-bats are applied to firewall and vpn admins)
09:56 < crutchy> if the corporate lan is on 192.168.0.0/24 i assume it would be possible to set up the vpn server to give vpn clients a virtual ip on the same subnet
09:56 < crutchy> must admit i have nfi how our vpn is set up
09:57 < crutchy> i'll find out a bit later on though
10:00 < detha> crutchy: what IP they get doesn't matter, as long as the proper routes are in place.
10:01 < crutchy> mkay yeah i guess
10:01 <+pppingme> crutchy an IP out of the same subnet would suggest a bridged layer2 vpn, a BAD idea in most cases..
10:03 < crutchy> i'm guessing its a different subnet, but yeah that probably doesn't matter as long as i can access it
10:14 < Apachez> oh noes https://www.washingtonpost.com/world/national-security/china-hacked-a-navy-contractor-and-secured-a-trove-of-highly-sensitive-data-on-submarine-warfare/2018/06/08/6cc396fa-68e6-11e8-bea7-c8eb28bc52b1_story.html?noredirect=on
10:17 < crutchy> probably means it happened 5 years ago
11:16 < Apachez> this will be fun https://henrikalexandersson.blogspot.com/2018/06/eus-lankskatt-och-natcensur-lanksamling.html
11:34 < GodOfsea> hi
11:35 < GodOfsea> what Linux OS do yall use for daily sysadmin stuff ?
11:36 < mos6502> GodOfsea: GNU/Linux
11:36 < mos6502> sometimes musl/Linux
11:36 < GodOfsea> lemme rephrase
11:37 < GodOfsea> What Linux distro do yall use for daily sysadmin stuff
11:37 < mos6502> exherbo
11:41 < GodOfsea> mos6502: you use gentoo for daily sisadmin stuff ?
11:41 < GodOfsea> You deserve a medal
11:42 < mos6502> kek
11:56 < mossad_did_9-11> JEWS DID 9-11
12:08 < rainrainbow> Hi all
12:09 < Mcavendish> hello
12:10 < rainrainbow> I have a question.
12:12 < rainrainbow> Some ISPs, share a certain bandwidth between users. Say for example, they allocate 20 mbps for 8 users. Now I want to know, is there a tool or software which would be able to show how many users the internet is being share between and how much allocated bandwidth is left if any of these users are using or are not using the internet?
12:12 < Apachez> no you cant
12:13 < rainrainbow> Why?
12:13 < Apachez> you have no idea of how many for example switches there is between you and that 10G router
12:13 < Apachez> or 1G router or wahtever the isp is using
12:13 < rainrainbow> Isn't it possible to scan server or something?
12:13 < Apachez> you can have star networks and cascading networks with same amount of interfaces, star networks will due to fewer physical hops have higher bandwidth per user in average
12:13 < Apachez> nope
12:14 < Apachez> you can ask the provider how the uplinks are connected
12:14 < rainrainbow> That they will tell for sure :D
12:14 < rainrainbow> Thank you
12:15 < Apachez> a rule of thumb when you design access networks is that you can normally put 10:1
12:15 < Apachez> any higher ratio than that will be noticed by the customers
12:15 < Apachez> sneaky isps try to do 50:1 or 100:1 or even 500:1 or shit like that
12:16 < rainrainbow> Well they've stated on their website it's 8:1. Now what I want to know is the fact that how much of bandwidth is idle at certain times of a day.
12:16 < Apachez> ask for stats
12:16 < Apachez> they most likely have stats of their links
12:16 < rainrainbow> Would they give me?
12:17 < Apachez> but its usually not the internal speed of an isp (depending on size of course) thats the issue
12:17 < Apachez> its the uplinks towards other networks
12:17 < Apachez> like how much bandwidth and to which IX's
12:17 < Apachez> any private peers and how much bandwidth there etc
12:17 < Apachez> well if you never ask you dont know
12:17 < Apachez> some ix'es have public stats
12:18 < Apachez> but normally the curves goes that bandwidth goes up at 06 AM when people start to wake up
12:18 < Apachez> full action around 8-9 AM
12:18 < Apachez> then people must "work"
12:18 < Apachez> then you see another raise at lunchtime so 11-12 AM
12:18 < Apachez> then it goes down again to the 14 PM fika
12:18 < Apachez> and then people start to leave work at 15 PM
12:19 < Apachez> when they arrive home at 1800 the bandwidth goes up again due to spotify, netflix, pornhub and whatelse
12:19 < Apachez> around 2200 it starts to drop because people fall asleep
12:19 < Apachez> and then repeat the next day
12:19 < rainrainbow> Hmmmmm
12:19 < rainrainbow> You're right.
12:20 < Apachez> https://ams-ix.net/technical/statistics
12:20 < rainrainbow> The best way to know their stats is to recognize people's habit of spending time.
12:20 < Apachez> https://www.sthix.net/index.php/statistics-day/
12:21 < Apachez> http://www.solix.se/stats.php
12:21 < rainrainbow> Thank you so much
12:21 < Apachez> https://www.netnod.se/ix-stats/sums/All.html
12:21 < rainrainbow> Have you ever noticed sudden download of a big file after pressing download button that would've taken a lot more time to download?
12:22 < Apachez> so the rule of thumb I mentioned earlier of 10:1 is because all customers wont use the network at exactlty the same time
12:22 < Apachez> so with 10:1 overprovision they will still be able to do speedtest and get max result
12:22 < Apachez> but sure if all 10 would do speedtest at exactly the same time they get 0.1Gbps as result instead of 1Gbps
12:23 < Mcavendish> anyone here work with brocade mlx or netiron os?
12:23 < Apachez> we have here 100 customers at 1G each sharing a signle 10G link
12:23 < detha> except when the ISP has paid for a speedtest server inside their network
12:23 < Apachez> Im talking about first hop overprovision
12:24 < rainrainbow> I understand thank you
12:24 < Apachez> you have no idea how the network looks further down the road
12:24 < Apachez> like the ISP we use got multiple 100G links to the distrouter we are connected to
12:24 < Apachez> but we have no idea of how many 10G customers they have to this particular distrouter
12:25 < Apachez> all we know is that the bandwidth towards netflix is good enough
12:25 < Apachez> using fast.com as test
12:25 < Apachez> max out the 1G link the customers have
12:25 < rainrainbow> Then what about sudden download of a file? What causes it?
12:26 < Apachez> ?
12:26 < Apachez> what causes a sudden download of a file?
12:26 < Apachez> usually because the customer clicked on a link or scheduled a download?
12:26 < Apachez> I dont get your question =)
12:26 < rainrainbow> No no
12:26 < detha> CDN caches, probably
12:27 < rainrainbow> I've noticed that sometimes when I just press the download button on my download manager, a file as big as 4gb which would have taken 20 mins to download, is downloaded suddenly.
12:27 < Apachez> well your download manager is a malware? :P
12:27 < rainrainbow> I want to know how this phenomenon occurs.
12:27 < rainrainbow> No, it really happens.
12:27 < Apachez> how do you know?
12:27 < rainrainbow> It just happened mins ago.
12:27 < Apachez> you cant download faster than the linkspeed
12:28 < Apachez> what can be done is to precache things
12:28 < rainrainbow> I thought it could be the free bandwidth left by users not using internet.
12:28 < detha> caches. somewhere. either on your machine, or close upstream
12:28 < Apachez> like steam does upon releases of games
12:28 < Apachez> so during 2 weeks people can predownload the game
12:28 < rainrainbow> No, I didn't pre-download anything.
12:28 < Apachez> so onto the release date 1st july most of the eager customers have already downloaded the game and can start playing direcftly
12:29 < Apachez> if you got a 1G link you cant download faster than 1G
12:29 < rainrainbow> it's like a much sudden increase in speed.
12:29 < Apachez> what can be done is realtime compression aka deflating
12:29 < Apachez> but a zipped file is already compressed
12:29 < Apachez> compared to a textfile which can be compressed in realtime
12:29 < Apachez> so you then can move a 4G textfile in like seconds
12:30 < rainrainbow> Interensting
12:30 < rainrainbow> Interesting*
12:31 < detha> rainrainbow: also, I wouldn't be so sure you haven't cached that file already. some browsers do this behind your back
12:31 < rainrainbow> Thank you so much for being patient and helping me so much.
12:31 < rainrainbow> detha, It was in my download's manager. It took the link in one second then I pressed the download button and 4gb file has been downloaded suddenly.
12:32 < detha> cached. somewhere.
12:32 < Apachez> perhaps your download manager picked up that pornsite you visited
12:32 < Apachez> and started to predownload the pornflics
12:32 < Apachez> so when you actually clicked a link that was already cached locally
12:33 < rainrainbow> hahahaha
12:33 < rainrainbow> No
12:33 < rainrainbow> It was a show, Dark Matter, if you'd like to watch.
12:34 < rainrainbow> It has something with bandwidth I think.
12:36 < detha> over what type of internet connection (and with what contract rate) ?
12:39 < Apachez> can also be that your manager used bittorrent or such
12:39 < Apachez> that is instead of using a single server that perhaps only have 10Mbps left for you
12:40 < Apachez> it uses 100 concurrent connections so the sum at your end max your 1G link
12:40 < Apachez> 100 concurrent connections to different servers at once
13:00 < Lookme> https://tinyurl.com/ya79dnx5
13:03 < rainrainbow> detha, PPPOE
13:03 < rainrainbow> Apachez, Could be the case.
13:03 < rainrainbow> detha, I don't understand contract rate.
13:04 < rainrainbow> Thank you all
13:04 < rainrainbow> Bye
13:19 < darsie> Is 'web' a synonym for internet?
13:19 < darsie> Matrix targets use cases like Voice over IP, Internet of Things and instant messaging, including group communication, along with a longer-term goal to be a generic messaging and data synchronization system for the web.
13:20 < Apachez> the web
13:20 < Apachez> the intercontinental inter networks of networks
13:41 < jason85> What is the most effective query for DNS amplification?
13:43 < Apachez> dnssec
14:02 < jason85> Apachez: I'm getting amplification of about 4x, can it be a lot more?
14:23 < dogbert_2> m00000000000000000
14:30 < djph> 'sup dogbert_2
14:30 < dogbert_2> just ripping some more DVD's is all, how about u?
14:31 < djph> drinkin' coffee waiting for the noise ban to lift so I can mow the lawn
14:35 < dogbert_2> no mowing too early huh :P
14:39 < dogbert_2> was upgrade HP Prodesk Mini's at work yesterday (celeron 39xx dual core @ 2.4-7 Ghz...4GB SO-DIMM and mechanical HDD)...upgraded to 8GB and a 128GB SSD...much faster response
14:44 < dogbert_2> for lower end h/w if you wanna keep using it, solid state drive and more ram are cheap options
14:57 < djph> yup, can't fire-up the small engines til 9 or 9.30
14:58 < dogbert_2> meh...who is still asleep at 0900-0930 :)
14:58 < mawk> I woke up at 1 pm
14:58 < mawk> what do you have to say about that dogbert_2
14:59 < djph> dogbert_2: that's the point
14:59 < dogbert_2> mawk..wake up sooner :P
15:00 < mawk> I live by the night
15:00 < dogbert_2> found a snickers bar with a "MEH" wrapper on it yesterday...got a good picture of it
15:00 < mawk> so overall it's just shifted
15:01 < dogbert_2> dang...i9 processor unlocked with 12 cores...heh
15:05 < screwsss> why didnt anyone tell me about ftp sooner.
15:06 < mawk> you're some decades late
15:08 < dogbert_2> ftp is about 35+ years old :)
15:09 < djph> and about 25 years outdated.
15:09 < djph> waaait, are you talking about FTP the protocol, or FTP, the new name for STP cabling?
15:11 < Apachez> "new name"?
15:11 < Apachez> STP = metallic socket
15:11 < Apachez> FTP = foil
15:11 < Apachez> socket=sock
15:12 < Apachez> sock = mesh :)
15:13 < djph> Apachez: and "STP" cabling in the past was cable with an extra foil jacket surrounding the pairs
15:14 < djph> so yeah, it's a newish (more specific) name -- probably because there's some kind of newer "shielding" that they wanted to make a distinction for
15:14 < Apachez> nope
15:14 < dogbert_2> dang...that i9 costs $1000
15:14 < Apachez> STP is shielded tp
15:15 < Apachez> aka a mesh as a shield
15:15 < Apachez> FTP is foilshielded tp
15:15 < Apachez> aka a solid foil as a shield
15:15 < Apachez> and then you have combos like if you prefer to have the mesh around each pair + foil then its S/FTP
15:16 < Apachez> or the other way around foil around each pair and mesh around the whole cable then its F/STP
15:16 < Apachez> S/FTP and F/STP = aka doubleshielded
15:17 < djph> so yeah, they made a new shield, and hcanged the name ...
15:17 < djph> it's all good
15:18 < djph> took me a while to wrap my head around it when people were asking about "installing ftp cable" (errr, what? :) )
15:21 < Apachez> then we have SFTP and FTPS but thats protocols/software :)
15:21 < Apachez> SFTP = FTP using SSH
15:21 < Apachez> FTPS = FTP using SSL
15:29 < frodo> How is it possible for a non-NATing gateway router to have a different internal ip address (say 203.0.113.1/24) and another external ip address (say 198.51.100.78)? How can hosts on the internal network even connect to the internet?
15:32 < light> frodo: you mean like a binat situation?
15:33 < light> oh, I misread, it's just routing
15:33 < VincentHoshino> nope those are all external routable IPs
15:33 < VincentHoshino>  yep just routing
15:50 <@xand> frodo: that's the normal way routers work, without NAT
15:51 <@xand> different network on each interface
15:55 < frodo> xand: but how does one reach hosts on the internal network without NAT?
15:56 <@xand> using their IP addresses
15:57 <@xand> the network isn't exactly "internal"
15:58 < light> frodo: packets can flow as long as there is a route for them to take
15:58 <@xand> yes, the ISP would set 198.51.100.78 as the route to 203.0.113.0/24
16:00 < frodo> Ah I see, thanks
17:00 < zenix_2k2> one question, is "Access point" a type of software or hardware ? i am still kinda confused
17:03 < Apachez> zenix_2k2: its a mediaconverter between wifi and ethernet
17:04 < Apachez> or better yet
17:04 < Apachez> a mediaconverter between wireless ethernet and wired ethernet
17:07 < zenix_2k2> so basically, it is a hardware then
17:10 < djph> zenix_2k2: it is absolutely hardware.  One "side" of the device is 802.3ab (gbit ethernet), the other is 802.11a/b/g/n/ac
17:11 < djph> Note that older APs may only have 802.3u (Fast Ethernet), and a smaller set of 802.11 wifi standards (e.g. only 802.11b/g)
17:12 < dogbert_2> just depends on when the hardware was made
17:15 < djph> or what price point the mfg wanted to hit -- e.g. the original UAP (released 2012 or so) was fast ethernet / 802.11b/g/n
17:19 < drathir> Apachez: kinda, bc routing iinvolved clear converters are similar tofiber-eth where just medium switchin i guess...
17:22 < Apachez> routing is not involved in an AP per definition
17:22 < Apachez> AP is pure L2 on its own
17:22 < Apachez> but your device might have a nat-router builtin for other prupose
17:24 < zenix_2k2> and also one more question, how can the router remember who i am after my first password's input ? you know like when i first connect to a router or an access point, it is gonna ask me for the authentication and after that i can automatically re-connect
17:24 < zenix_2k2> does that depends on the router or my device ?
17:24 <@xand> errr what kind of password input
17:24 < djph> zenix_2k2: your device saves the key for the SSID.
17:24 < varesa> the router doesn't, your device just saves the password for further reuse
17:24 < zenix_2k2> oh
17:24 < zenix_2k2> ok
17:25 < drathir> Apachez: in bridging mode most devices from wifi to 1eth doing routing just allowing switch connect aka wisp mode... but yea good point...
17:27 < drathir> Apachez: often also ap client ap router being marked...
17:28 < drathir> client/ client router too sometimes...
17:29 < Apachez> again AP on its own is a mediaconverter between wifi and wired ethernet
17:30 < Apachez> somebody saying "we set this up in AP mode" means L2 mode
17:30 < Apachez> no routing, no nating
17:30 < Apachez> just "switching" between wireless and wired
18:40 < silentfury-s4pro> anyone here dealt with watchguard firewalls?
18:52 < DocScrutinizer05> anybody share some hint why a ssh login to a remote server hangs with http://paste.ubuntu.com/p/Z2MvVnDGQy ?
18:53 < DocScrutinizer05> some response from remote never seems to arrive, but that's well within ssh negotiation aiui
18:54 < djph> DocScrutinizer05: server's setup wrong?
18:54 < DocScrutinizer05> another loosely related question: shouldn't my local ssh client time out eventually
18:54 < DocScrutinizer05> djph: no idea, ask TimRiker ;-)
18:54 < detha> DocScrutinizer05: MTU?
18:55 < DocScrutinizer05> detha: I don't think *I* changed anything, maybe something changed on server end
18:55 < DocScrutinizer05> this worked, since years
18:55 < DocScrutinizer05> unless Tim's uplink was down
18:56 < detha> can be anything inbetween them that started blocking icmp
18:56 < DocScrutinizer05> if you wonder, Timriker = owner of infobot
18:57 < DocScrutinizer05> oooh "debug1: SSH2_MSG_SERVICE_REQUEST sent" is ISMP related?
18:57 < DocScrutinizer05> ICMP even
18:58 < detha> no, but my first instinct with http or ssh connections that seem to connect fine, but then hang, is 'MTU issues'
18:58 < DocScrutinizer05> :nod:
18:58 < DocScrutinizer05> quite possible, Tim's ISP seems particularly nasty one
18:59 < DocScrutinizer05> could you check?
19:00 < DocScrutinizer05> "Connecting to rikers.org"
19:02 < DocScrutinizer05> MEH nevermind, packet loss like mad
19:03 < DocScrutinizer05> I bet his ISP scheduled some service "downtime"
19:04 < DocScrutinizer05> which also explains why infobot went offline
19:05 < DocScrutinizer05> thanks guys!
19:06 < DocScrutinizer05> remains my other question: Why The Heck doesn't my local ssh client time out, ever? (30min niow)
19:07 < DocScrutinizer05> smells like bugticket
19:08 < djph> check your local settings
19:09 < DocScrutinizer05> which ones?
19:09 < DocScrutinizer05> my network connections are supposed to time out within 60s
19:10 < detha> seeing the packet loss I get to there, ddos or something really broken
19:13 < DocScrutinizer05> the latter I guess, seen this frequently with his ISP messing up stuff
19:16 < DocScrutinizer05> which settings would I check to see why and when a stale ssh connect should time out?
19:17 < DocScrutinizer05> (linux)
19:17 < DocScrutinizer05> an unestablished ssh connect stale in negotiation
19:20 < Atro> just use -vvv
19:22 < DocScrutinizer05> I did, http://paste.ubuntu.com/p/7T29997Drx/ is what I'd expect. however stale on http://paste.ubuntu.com/p/Z2MvVnDGQy/ since over 40 minutes is what I got
19:23 < Atro> interesting
19:25 < DocScrutinizer05> seems like an established TCP connection doesn't time out ever in ssh, waiting for reply indefinitely
19:26 < Atro> i'd try some mix of -vvv and tcpdump
19:28 < DocScrutinizer05> I guess there are some parameters in TCP stack to tear down a connection once a sufficient number of retries to deliver a packet occurred. However when the request been sent and delivered by ssh client and the reply from server gets lost due to packet loss, ssh client seems to not bother much and wait indefinite time happily
19:30 < Atro> TCP shou;dn't care about retrasmissions
19:30 < DocScrutinizer05> IOW error handling aka timeout on application level protocol seems non-existent during negotiation
19:30 < Atro> you either die as a SYN or die as a RST
19:30 < Apachez> but you will always die with URG
19:31 < Atro> unless you live a happy normal death by a FIN
19:31 < DocScrutinizer05> when would an established TCP connection time out?
19:31 < mawk> DocScrutinizer05: set a sensible value for ServerAliveInterval
19:32 < Atro> cause its not getting a reply and the timer runs out
19:32 < DocScrutinizer05> mawk: I do
19:32 < mawk> to how much ?
19:32 < DocScrutinizer05> mawk: I don't think it applies to negotiation
19:33 < mawk> yeah, maybe
19:33 < mawk> well the other setting ConnectTimeout applies when the host never responded
19:34 < DocScrutinizer05> yeah, but what applies when server responded but then goes down during negotiation
19:35 < rewt> "don't worry about that. it will never happen."
19:35 < Peng_> is TCPKeepAlive in play?
19:36 < DocScrutinizer05> http://paste.ubuntu.com/p/3YtMnM62TM
19:38 < DocScrutinizer05> Peng_: prolly not really, I invoke with ssh -vvv user@riker.org
19:39 < DocScrutinizer05> ok, my ssh client is a tad dust covered, but still...
19:41 < DocScrutinizer05> ooooh infobot is back
19:42 < DocScrutinizer05> so I guess either ISP fixed their crap, or a DDoS stopped
19:43 < DocScrutinizer05> on the pragmatic side: is there a unix command to run a process for a limited time only, then kill it?
19:44 < DocScrutinizer05> loke `killafter 60 ssh foo@bar`
19:44 < DocScrutinizer05> like*
19:46 < DocScrutinizer05> nm, timelimit is it
19:48 < DocScrutinizer05> err timeout
20:34 < GTAXL> I have a client getting fatal radio errors on his Ubiquiti WAP. I think it may be due to the channel and width he is using. What channels in the UK can we use 80Mhz wide for 802.11ac? Does DFS play a role in this?
21:01 < chezidek> is there a way i can get ansible to detect if something is running ios vs nxos and run commands based on that
21:21 < Apachez> chezidek output of "show version"
23:55  * spaces bitchslaps Apachez with his box of medicines 
--- Log closed Sun Jun 10 00:00:52 2018