--- Log opened Tue Jun 12 00:00:54 2018
00:14 < nojeffrey> mgolisch multiple spanning tree
00:27 < mgolisch> does it loose link?
00:27 < stonelore> lose*
00:28 < nojeffrey> Well yeah, blocking blocks the port
00:29 < zenix_2k2> one question, once i try "ping google.com", what protocol does it use to ping the server ?
00:29 < nojeffrey> Need to find whats on the other end, some parts of this network are like a rabbit warren
00:29 < nojeffrey> icmp
00:31 < zenix_2k2> ok thk
00:36 < mgolisch> nojeffrey: if its a switch or other network gear it will probably speak lldp/cdp, or look if it learned a mac on that port
00:43 < bitcycle> Hey all.  I've got a nat instance in its own subnet but that can be reached from other subnets (i.e. "internal subnet").  The internal subnet's traffic is able to reach the NAT and to the destination, but then the response isn't getting back through the NAT.  Can someone here advise as to how I might further troubleshoot?
00:54 < tds> what do you mean by a 'nat instance'? is this a vm/container/similar?
01:08 < help_pl0x> I'm trying to setup a fax machine. When the phone line is not plugged into the fax the modem isn't freaking out but when I plug it into the fax all the modem lights start blinking. I know the phone line on the modem is good because I get a dial tone and can call out when hooking up an extension to it Any ideas?
01:13 < bitcycle> tds: yeah, its a virt that has iptables configured.
01:14 < tds> are you able to upload the interface config (say the output of ip a and brctl show) and the iptables config (iptables-save output), and describe which subnets communication fails between?
01:16 < bitcycle> So, I can communicate outbound from [internal-node] => [NAT ens3] => [NAT ens4] => [destination:port], and I can see the traffic returning: [destination] => [NAT ens4], but it doesn't get from ens4 => ens3 on the response.
01:16 < bitcycle> I'll dump my iptables to pastebin.
01:17 < bitcycle> https://pastebin.com/ve6wGV2f
01:19 < tds> those two forward rules are a bit useless, since the default policy on the chain is accept anyway
01:22 < bitcycle> What kinds of rules should I be using?  Should I get more fine-grained in terms of the src and dst?
01:22 < tds> You can if you like, it depends what you want
01:22 < bitcycle> I just want something that works, at this point.
01:22 < tds> but you should either end the chain with a drop/reject/whatever, or set the default policy to be that
01:23 < tds> so are all of the connections that are incoming on ens3 directly from that on-link subnet?
01:23 < bitcycle> internal-node is on a different subnet than the NAT ens3.
01:24 < bitcycle> Here's the kernel routing table:  https://pastebin.com/1BMJtsJe
01:25 < tds> ah, that's more useful :)
01:25 < tds> so devices in the 100.125... subnet are making connections to stuff in 10.196...?
01:26 < tds> and those packets get routed fine from ens3 -> ens4, but nated on the way back from ens4 -> ens3?
01:27 < tds> if so, excluding that specific subnet from the snat rule might solve your issues?
01:27 < bitcycle> how would I exclude that specific subnet from the snat rule?
01:28 < tds> you want an exclamation mark... somewhere :)
01:29 < tds> I think you want something like ! -d <subnet>
01:30 < bitcycle> kk.  Sounds good, tds.  Thanks for walking me through it.  I have to get to the bus, but I'll give that a shot.
01:30 < tds> that's entirely relying on me correctly understanding what you said, which I suspect I might not have done correctly, but good luck
01:31 < tds> also, seeing as this is all private address space and it sounds like you have devices with routes pointed back towards this from the ens3 side, might it make more sense to do the nat on the upstream gateway (ie 100.125.5.129)?
01:38 < TimeVirus> use ipv6 - no need for nat
01:38 < TimeVirus> pffft
01:39 < tds> ^ v6 is always much nicer than deploying nat44 everywhere :)
01:40 < tds> there is nat64, but that's much less painful to deal with than nat44
02:12 < Apachez> potus have left the hotel...
02:12 < Apachez> shit gets real with rocket man and mr fire and fury :D
02:13 < Apachez> what a nightmare for all involved secret services... so many who wants to see this fail
02:14 < compdoc> theyre about to meet?
02:16 < S_SubZero> as an American I apologize profusely for all of this
02:21 < TimeVirus> no reason for that nut to have nukes
02:21 < TimeVirus> none
02:21 < TimeVirus> any nut for that matter
02:23 < Apachez> compdoc: in 37 min
02:58 < SovietBeer> ||cw: with nmap, how can i also get the hosts' mac addr in the output?
03:01 < SovietBeer> when using -p to scan only 1 port
04:25 < SovietBeer> is it still necesary nowadays to run a cmd in ssh to keep a reverse tunnel open?
04:25 < SovietBeer> so that the connection isn't closed
04:28 <+pppingme> its never been necessary..
04:29 <+pppingme> if you're having connections close, its probably not because of ssh, but rather some firewall or nat timeout
04:32 < Haxxa> Opinions? I am starting a blog to document my hobbies for future employees and just for personal ambition: Are the new fancy TLD like .tech, etc. worth having or best to stick with a longer.com name?
04:36 < light> get a .luxury so they know you're a baller
04:37 < Haxxa> I already own the domain I want to use for my blog but I have it connected to my home server with heaps of lets encrypt scripts and hard coded url scripts so I can't be bothered moving it, I even considered reverse proxy but it will be too slow for my crappy aussie internet
04:38 < light> or just use a subdomain like blog.haxxa.com
04:38 < light> then you don't have to move anything
04:39 < demio> speaking of blogs
04:39 < demio> dont do what this fucker did
04:39 < demio> https://twitter.com/carloslage/status/1006354353572274176
04:39 < light> yeah don't do twitter
04:39 < demio> err
04:39 < demio> read the tweet
04:39 < demio> :P
04:39 < demio> he wrote a dev blog
04:39 < demio> and put a cryptominer in it
04:40 < demio> in a fucking dev blog
04:40 < demio> did he not expect other devs to notice
04:40 < light> lol
04:40 < Haxxa> light, yeah but that gets messy doesn't it, also I think it may be better to seperate my home server url to my blog for security
04:40 < demio> the cryptominer code is even properly indentend
04:40 < demio> so its not like he was hacked or something
04:40 < demio> or some kind of cross-site injection
04:42 < light> some people use ads, others use mining
04:42 < light> got to pay for your site somehow
04:43 < demio> well
04:43 < demio> maybe just pay for it out of your own pocket?
04:43 < demio> i pay 200 bucks a year to wordpress
04:44 < demio> i dont even have google analytics on my blog
04:44 < demio> no ads
04:44 < demio> no tracking no nothing
04:44 < demio> i think...
04:44 < demio> http://carloslage.net
04:44 < demio> you can audit it if you want
04:44 < demio> :P
04:44 < demio> if it has google anlytics, i will remove it
04:44 < demio> but i dont think i set up google analytics
04:45 < demio> 200 a year is less than 20 a month
04:45 < demio> with a world-class CDN in front of it
04:46 < demio> if you cant afford 20 a month to run a blog and need to resort to shady shit like cryptomining
04:46 < demio> you dont deserve to blog
04:46 < demio> or use a free platform
04:46 < demio> without a custom domain
04:48 < Haxxa> light I am going to do as you suggest and use wildcard ssl - and maybe just auto redirect from domain.com to blog.domain.com
04:48 < Haxxa> will this cause any issues with wordpress (i.e. running on subdomain)
06:34 < Haxxa> I need some advice, due to my setuo I can't use url or dns forwarding to redirect from domain.com to sub.domain.com, as a result I need to run a web server that will redirect all requests from domain.com to sub.domain.com. I am setting up a VM for this purpose (what is the lowest resource web server that would handle a large number of requests)?
06:35 < scientes> pretty much any wab servercan handle that
06:37 < Haxxa> yeah but I feel like a full debian lamp server is overkill for this purpose - is there anything lighter I can use with less maintence?
06:37 < scientes> yeah nginx
06:38 < Haxxa> I mean from the stand point of maintence of the os, anyway I can avoid having to install unattended upgrades and manage a full web service? also I want it locked down as possible i.e. it servers port 80 and nothing else
06:40 < scientes> you are overthinking it
06:41 < Haxxa> sure, so how do I underthink it? :)
06:43 < Haxxa> whats the easiest way to redirect a url pointed at my home server somewhere else? also do I run the risk of DDOS attacks I would be opening my firewall on my home router (port 80) to point to this server
06:43 < scientes> if its just nginx with listening ports, and no cgi its pretty secure
06:43 < scientes> especially if you use nginx-minimal
06:43 < Haxxa> any recommendations for guest OS
06:45 < scientes> i would just use debian
06:45 < scientes> or ubuntu
06:49 < Haxxa> screw it I'm just going to buy another domain, I really don't like the idea of running a blog on the same url that my private plex server etc. are running on anyway
07:15 < scientes> how does that solve anything?
07:15 < scientes> Haxxa, ^
07:16 < Haxxa> scientes, I am not going to use the same domain which points to my home server and it will be the root CNAME
07:17 < scientes> you need a server for alot of things
07:17 < scientes> just use a server
07:19 < Haxxa> I am using digitalocean vps but regardless I am not sharing the same domain I use for my IRC Bouncer, VPN etc. with the same I plan to use for my blog
07:22 < scientes> why not?
07:30 < pabed> hi guys , I need a GSM modem whithout hanging and freezing and  that is too hard access to it  becacuse of its place is near the peak of mountain at TV station  , what satable GSM modem do you recommend ?
07:33 < detha> pabed: Sierra, or wavecomm/Maestro if you want to go cheap
07:44 < pabed> detha: what is you idea about dlink or tplink?
07:47 < detha> pabed: you said remote mountain-top. If you deploy tp-link or dlink to that, deploy about 4 of them, with some remote-controlled power-cycling setup
07:47 < detha> In other words, Don't.
07:49 < pabed> we have electricity there , what you mean about "4 of them "?
07:51 < pabed> detha: and there is BTS near the TV station
07:55 < detha> pabed: if you have 4 of them, you can be fairly sure at least one will probably keep working
08:00 < pabed> detha: but , it doesnot lan port for coneccting modem to the switcg is connected to TV transmitter
08:00 < pabed> http://update.maestro-wireless.com/M100/M100%20485%20Series%20-%20Product%20Brief%20-%20V2.pdf
08:03 < MrNaz> i want to set up a raspberry pi as a "probe" which I can attach to any network to provide me insider access. i was thinking of setting the pi up so that it immediately connects to my office vpn. is it possible for me to do that, and then ssh to the vpn IP of the raspi and then have an interface on the raspi that allow me to access the LAN that the raspi is connected to physically ?
08:03 < grawity> sure
08:03 < MrNaz> (this is not some kind of hack attempt, these would be used on networks that we manage)
08:03 < grawity> people literally sell that as commercial products
08:04 < detha> pabed: that's 485 ones, for LAN you need E200 series
08:04 < MrNaz> grawity if there's a PoE enabled version of such a device,  i'm all ears :D
08:04 < pabed> detha: rs485 has to connect to pc?
08:05 < scientes> are wireless APs smart when it comes to having multiple APs with the same SSID?
08:05 < grawity> MrNaz: buy a poe adapter
08:05 < grawity> scientes: smart in what sense?
08:05 < scientes> like my device will just use the one with the highest signal?
08:06 < grawity> yeah that's the smartness of the client, not of the AP
08:06 < scientes> and they will automatically be on differn't channels?
08:06 < grawity> plain APs don't *have* to be smart about this, except when you want to make roaming faster (802.11r I think)
08:06 < detha> MrNaz: quick skim of the specs says Tosibox has PoE. Not in the same price range as a raspi though
08:06 < grawity> scientes: this has nothing to do with channel selection at all
08:06 < grawity> if your two APs would have used different channels otherwise, they'll use different channels now, no matter the SSIDs
08:07 < scientes> like i was going to have an apartment building with 5 802.11n wifi boxes with the same SSID, connected with MoCA 1.1
08:07 < scientes> and what if some of those wifi boxes are 802.11ac?
08:07 < grawity> what about it?
08:07 < grawity> still doesn't matter
08:07 < grawity> your clients choose whatever AP they think offers the best connection
08:18 < pabed> detha: why http://www.maestro-wireless.com/e200-series-technical-specifications/ is more stable than https://www.tp-link.com/no/download/Archer-MR200_V1.html , because of e200 is Industrial grade and dlink and tplink is  Commercial Grade?
08:21 < detha> pabed: you could say it like that. I would say plastic crap versus solid metal case.
08:22 < pabed> ah that is big difference
08:22 < detha> Things like E200 and sierra LS-300 are made for mobile applications, can handle wide temperature range and some vibration.
08:23 < detha> (and are less sensitive to dirty power)
08:24 < detha> Also, near a TV xmitter adds some challenges for the radios - that's a lot of RF in a different band it has to suppress
08:25 < Apachez> the one with most TX power wins
08:26 < Apachez> so you buy one of those "FUCK FCC" stickers and plug it onto your gear
08:26 < Apachez> and then you overdrive the TX transmit power :)
08:26 < detha> The one with the best selectivity in the input stage wins :/
08:27 < squ> are we talking about intermodulation
08:27 < Haris> hello all
08:28 < pabed> yes ,good , I think I have to choose industerial grade , thanks alot
08:28 < Haris> ASA 5520 says ---> Booting system, please wait... <--- is this an indication of boot system not having been found or a hardware issue ? There may have been a power outage in the last 24 hrs. I did a hard reboot, pressed escape to get to rommon. but all I get is ---> Booting system, please wait... <--- no change in OS image was done recently. only minor config change related to ACL or nat
08:28 < detha> Chances of winning from a TV station in raw power are slim..... But there's always linear boosters
09:02 < dminuoso> Haris: Have you tried entering rommon mode?
09:03 < dminuoso> Its possible the firmware is somehow bricked, so you might have to flash it anew.
09:03 < dminuoso> Oh wait hah. You just said you did.
09:04 < Haris> when I turn the device on, on console, I keep pressing Escape. but nothing happens. I keep getting that message on repeat
09:16 < dminuoso> Haris: Mmm do you have any spare ram?
09:25 < Haris> ram ?
09:25 < Haris> yes
09:25 < Haris> can asa take it ?
09:30 < Haris> ram got fried between electricity outage and coming back ?
09:30 < Haris> its on ups. ups may not be online
09:36 < mos6502> hi, im trying to use an openbsd box as my gateway
09:36 < mos6502> so far i have ipv4 nat setup and it works great, and now im trying to setup ipv6
09:37 < mos6502> my ISP wants me to use DHCPv6 so I am tried to use wide-dhcpv6
09:38 < mos6502> when i tried running it on the interface it errored out, and I tried everything (i removed the ipv6, tried autoconf, tried eui64) but it always kept saying "client6_send: transmit failed: No route to host"
09:38 < mos6502> i found https://marc.info/?l=openbsd-misc&m=151116733431051&w=2 and tried the second command (without the -T 4 because that was an internal table for him)
09:38 < mos6502> and even slaacd gave the no route to host message
09:39 < mos6502> i tried removing wide-dhcpv6 and installing dhcpcd but it still resulted in the same issue
09:39 < mos6502> any idea what could be causing this?
09:43 < squ> error is "no route to host" ?
09:43 < mos6502> yes
09:43 < mos6502> every dhcp/slaac client ive tried
09:43 < mos6502> fails with that
09:43 < squ> I think guys here will help you with that
09:45 < squ> or #freebsd
09:45 < mos6502> actually #openbsd
09:46 < squ> they use different software?
09:46 < mos6502> and they have helped a lot but not (yet) for this issue
09:46 < system16> i actually installed ubuntu on it
09:46 < mos6502> umm openbsd and freebsd are actually completely different operating systems
09:46 < system16> oh sorry wrong channel
09:46 < detha> squ: that is somewhat different yes
09:46 < mos6502> they are forked from a common source so lots of similarities
09:46 < squ> yes but networking software is different too?
09:47 < mos6502> yeah they have their own pf and stuff
09:47 < detha> mos6502: slaac was moved out of the kernel in 6.2, so all that stuff now runs userland. Maybe pf getting in the way now?
09:47 < mos6502> they are similar but openbsds pf is a little cooler feature wise and freebsd pf is faster
09:48 < mos6502> detha: possibly bad idea but should i move to 6.1 and try this again?
09:48 < detha> I wouldn't move to 6.1. Maybe put a temp rule allowing all proto ipv6 ?
09:49 < mos6502> hmm
09:49 < mos6502> ill try that
09:49 < mos6502> but the error isnt packet loss or resets
09:49 < mos6502> its no route to host
09:49 < detha> sometimes software reports that if the firewall rejects it
09:49 < mos6502> hmm
09:50 < detha> there's also a whole lot of net.inet6 sysctls that may need tweaking
09:52 < mos6502> detha: pass in on egress inet6 and pass out on egress inet6 should do?
09:52 < mos6502> holy shit it worked
09:52 < mos6502> detha: thanks man
09:52 < squ> :)
09:53 < mos6502> i kept ruling out pf because of the route thing, i assumed that pf would only hang packets or reset them outright (as i setup
09:53 < detha> it's multicast, so 50/50 firewall or it doesn't use the right interface
09:54 < detha> now to narrow rules down a bit, but you can at least run tcpdump, and see what you have to allow
09:55 < mos6502> neighbradv and neighbrsol should be allowed yea?
09:55 < mos6502> routeradv and sol as well
09:55 < mos6502> adn then echoreq
09:55 < detha> yup
09:55 < dminuoso> Haris: Its possbile indeed.
09:55 < detha> and packettoobig or whatever it's called
09:56 < Haris> opening it up. its out of warranty anyway
10:23 < mos6502> goddamnit my isp rate limited my dhcp
10:29 < Atro> wat
10:29 < mos6502> that or i screwed something up adn i suspect that may be the case
10:34 < craz> Is there any valid reason to why ifAdminStatus is 1 and ifOperStatus is 2, or does that always indicate a problem?
10:38 < dminuoso> craz: admin status just indicates whether its *available* for operation
10:39 < dminuoso> craz: oper status however indicates whether there's an active link.
10:40 < dminuoso> iow: An "admin up" status is necessary but not sufficient for a link.
10:40 < mos6502> detha: i have no idea what i did but now it just sits at "soliciting a DHCPv6 lerase"
10:40 < mos6502> lease*
10:40 < craz> dminuoso, okay, so for monitoring purposes I have to know if oper status 2 for an interface is bad or not, I cant deduct it from the other values?
10:40 < mos6502> even with the more liberal rules back in (pass in on egress inet6, same but out)
10:40 < dminuoso> craz: I dont know what you want to monitor for exactly.
10:41 < dminuoso> craz: admin down means someone "shut down the port"
10:41 < dminuoso> craz: oper down means "there is no link"
10:41 < dminuoso> (for whatever reason)
10:41 < dminuoso> admin down is sufficient for oper down. admin up is necessary for oper up.
10:42 < detha> mos6502: tcpdump, see if it actually gets a lease from the isp
10:45 < dminuoso> craz: So whether oper status 2 is bad depends on what you are monitoring. oper status 2 might happen if someone pulls the plug. or if they shut down the link on their end
10:45 < dminuoso> It might indicate a problem if you live on the assumption that the link must, at all times, be up.
10:47 < mos6502> detha: i dont see dhcpv6 packets but i may doing this wrong
10:48 < mos6502> i only see solicit packets
10:54 < detha> mos6502: if you are sending solicits, and the ISP isn't sending you anything that looks like a lease, I would blame the ISP
10:54 < mos6502> detha: i think ill test by plugging into something else
10:54 < mos6502> hold on
11:03 < mos6502> ... it works with a different device
11:12 < djph> is that "different device" perhaps the one that was plugged in previously?
11:13 < detha> mos6502: what size subnet does it give you?
11:15 < mos6502> 64
11:19 < detha> in your dhcpd config, are you asking for any particular size or just 'give me something please' ?
11:19 < mos6502> give me something please
11:19 < detha> theory says it should work then.... dunno.
11:20 < detha> is there a way you can see what the other device sends out as request?
11:21 < mos6502> i have nothing on that device to test with
11:21 < mos6502> i could try tho
11:21 < mos6502> but hold on
11:22 < mos6502> this worked fine a few minutes ago
11:22 < mos6502> and it just went bad
11:23 < linux_probe> DHCPv^ towards ISP?
11:23 < linux_probe> what ISP
11:23 < mos6502> act fibernet (india)
11:23 < linux_probe> most only allow certain specific sizes
11:23 < linux_probe> and india, do they even have ipv6?
11:23 < mos6502> i suspect they rate limited me or something
11:23 < mos6502> yeah they do
11:24 < mos6502> it works on a different device
11:24 < linux_probe> I cannot help there, youre one of the first Ai;ve seen heere asking
11:25 < mos6502> they wo
11:25 < mos6502> wont put me through to acutal support
11:25 < mos6502> i subbed to a static ipv4 address
11:25 < linux_probe> kind of sounds like touyr ISP isnt sure what to do
11:26 < mos6502> they only want to tell me
11:26 < mos6502> what my ipv4 is
11:26  * linux_probe look sat hands and kjeybord, y u phail!
11:26 < mos6502> "just set the ipv4 to dhcp and it will be fine"
11:26 < linux_probe> they likely dont know what ipv6 is
11:26 < mos6502> yet they implement it
11:27 < linux_probe> it may be link local only
11:27 < linux_probe> from routing node to you
11:27 < mos6502> its not, its global scope, routed and everything
11:27 < mos6502> ive hosted shit on it for the past week
11:27 < linux_probe> lol
11:28 < linux_probe> orly
11:28 < mos6502> pfsense had it all working fine but pfsense has its own issues
11:28 < linux_probe> LOL
11:28 < linux_probe> ISP \
11:30 < TandyUK> mos6502: youre the first indian isp users a) ive even seen with static ipv6, b) who gets v6 _at all_
11:31 < TandyUK> er static ipv4**
11:31 < TandyUK> most of your country is buried behind the evils of CGN
11:31 < mos6502> it would be great if they didnt use 10.0.0.0/8 for CGN lol
11:31 < mos6502> but yea
11:31 < mos6502> when i got hit with it i bought the ipv6 package
11:31 < mos6502> and then last month, wham, ipv6
11:31 < TandyUK> yeah its not like 100.64 is designated for anything ;)
11:32 < mos6502> but i may have a hunch on how to make pfsense not suck a lot anymore
11:32 < mos6502> i really don't want to though
11:32 < mos6502> because i'd rather control my firewall completely
11:33 < mos6502> and understand it all
11:34 < linux_probe> nogh said? https://www.nextnature.net/2014/05/diy-wire-networks-in-india/
11:34 < linux_probe> lel
11:34 < mos6502> TandyUK: a lot of mobile carriers are switching to ipvt6 a lot tho
11:35 < squ> linux_probe: images not loading
11:35 < linux_probe> likely a good thing or blcoked by cbineisum/indian country :))
11:35 < squ> https://www.economist.com/node/21559977
11:36 < squ> more pics here
11:36 < djph> have a feeling said carriers are gonna get it wrong
11:36 < mos6502> thats not entirely inaccurate
11:36 < djph> I mean, hell, even here they get it wrong :(
11:36  * linux_probe hets cranky and rids of said carriereas
11:36 < squ> https://www.economist.com/sites/default/files/blackout11.jpg
11:36 < squ> :)
11:36 < linux_probe> thenw gaun they all get psissy when bought t and cry wolf
11:37 < linux_probe> >_> AS IF THEIR GARBAGE WAS GOOD TO START WOITH
11:38 < linux_probe> perhaps we should just quit blowing %$$$$ as a whole , meaning USA no longr provide releief, help, antibiotics and water to any
11:38 < linux_probe> why keep helping to curb natural selection and poor areas
11:38 < linux_probe> >_<
11:39 < linux_probe> go agaimst nature too much? natue fughts back
11:39 < linux_probe> nature will win in the end
11:39 < mos6502> linux_probe: heaven forbid lack of foreign aid might force these economies to develop
11:39 < linux_probe> welcome to the planet earth
11:40 < TandyUK> I didnt realise electricians was a needed type of foreign aid!
11:40 < TandyUK> I look at that pylon photo and am suddenly in a cold sweat
11:40 < linux_probe> ovre-developed earth = earth itself curbing it
11:40 < squ> common sense is rare resource
11:40 < linux_probe> natural disasters?
11:40 < mos6502> out houses have very little wood
11:40 < mos6502> our*
11:40 < linux_probe> as they scream GLOBAL WRMING
11:40 < TandyUK> mos6502: you think thats why im concerned?
11:41 < mos6502> most electrical issues are safer
11:41 < mos6502> TandyUK: lol
11:41 < linux_probe> how does thast brick work out in earth quakes, flooding and massive fires
11:41 < linux_probe> lepoof
11:41 < mos6502> very very few earthquakes
11:41 < linux_probe> "lilpig lil pig, let me in"
11:41 < linux_probe> coming soon
11:42 < linux_probe> brim andfire to india =p
11:42 < mos6502> re massive fires: they dont really happen
11:42 < linux_probe> no tmuch haoens in india it seems
11:42 < mos6502> floods tho
11:42  * mos6502 shudders
11:42 < linux_probe> I need to give uo and go sleep some, my old man hands are stuppered
11:42 < djph> getting zapped by 220 VAC because the shithead who put in the service?
11:43 < linux_probe> and by old man I mean not age 41 >_<
11:43 < Mead> the funny thing about modern brick buildins is that it is just a facad and not structural, most are still wood frames and burn just as easily.
11:43 < linux_probe> djph~ own fault
11:43 < TandyUK> Mead: speak for your own country lol, in the UK at least, we still know how to build houses
11:44 < squ> india should use weaker electricity power perhaps, for safety
11:44 < Mead> TandyUK: I thought the council stopped new construction in the 1990's
11:44 < TandyUK> put the whole country on 48v ac lol
11:44 < TandyUK> Mead: who said anything about them being council houses?
11:44 < squ> TandyUK: why not
11:44 < TandyUK> you are allowed to build your own you know lol
11:45 < Mead> TandyUK: don't you need planning approval?
11:45 < Mead> from the nanny state?
11:45 < TandyUK> as with _any_ building, yeah
11:45 < mos6502> we are pure 240v
11:45 < detha> squ: please enforce that law <buys shares in copper mining>
11:45 < squ> detha: ok
11:45 < mos6502> we have a nanny state
11:45 < mos6502> just a drunk, overworked, ignorant nanny
11:46 < mos6502> who occationally locks us in our room
11:46 < mos6502> but then sets fire to the couch
11:46 < mos6502> and tries to blame us
11:46 < Mead> sounds down right awful, so glad my ancestors left in the 16th century.  They would rather deal with Indian attacks and starvation than be in the UK.
11:46 < TandyUK> hmm we'll have to agree to disagree there. I prefer building codes that mean we dont have building built so cheaply they randomly collapse under their own weight
11:47 < squ> if people like it, why not?
11:47 < TandyUK> oh no, sorry it seems that is your neighbours in bangladesh that suffered that one
11:48 < Mead> Yeah... building codes. https://en.wikipedia.org/wiki/Ronan_Point  https://en.wikipedia.org/wiki/Grenfell_Tower_fire
11:48 < squ> TandyUK: we have houses here with 1 meter thick walls, but somewhy people like thin walls or even glass buildings
11:48 < TandyUK> though there have been plenty of similar, just less severe in india
11:49 < TandyUK> Mead: yes, and those building codes are what mean the people responsible for that a) will never be building again, b) are likely to get long prison sentences
11:50 < TandyUK> theres also a whole load of buildings that have been stripped because of the very same codes
11:50 < djph> TandyUK: (c) pay shittons of money to people
11:50 < TandyUK> djph: dont hold oyur breath on the last one
11:50 < djph> TandyUK: well, yeah, after the raping that they get from the courts ....
11:50 < squ> any ubiquiti users here?
11:51 < mcdnl> yes
11:51 < squ> mcdnl: check out how it is made https://www.youtube.com/watch?v=dTPN0eHo_bg
11:51 < mcdnl> though you'd be better grabbing a firethrower and burning them down
11:54 < squ> https://twitter.com/doctorow/status/988515441550286850
11:54 < squ> mos6502: are step wells still popular ?
11:55 < djph> mcdnl: now now, in the interests of international trade, it's "not a flamethrower"
11:56 < mcdnl> i meant the ubiquiti devices
11:56 < mcdnl> not the users, my bad :<
11:59 < djph> mcdnl: I was making a joke about the Boring Company's "Not a Flamethrower" that Elon Musk put out
12:00 < mcdnl> oopsie
12:01 < squ> what joke?
12:01 < squ> :)
12:27 < gallax> new Melon car model "Tesla Rapid Immolation"
12:28 < TotallyNotKim> Melon Eusk?
12:28 < gallax> TotallyNotKim: Melon Mask
12:29 < gallax> "Tesla with built-in flamethrower'
12:29 < TotallyNotKim> but they point behind and are merlin engines
12:30 < TotallyNotKim> that would be one kind of a "car", for sure
12:50 < huwjr> is there a work around or enterprise feature for this? https://support.cloudflare.com/hc/en-us/articles/200169076-Can-I-CNAME-a-domain-not-on-Cloudflare-to-a-domain-that-is-on-Cloudflare-
12:51 < huwjr> customer domain -> cname -> my domains A record (with proxy on)
12:51 < huwjr> a redirect is not an option and i’d rather not disable cloudflare
12:58 < detha> huwjr: cloudflare serves what the Host: header asks for. Tell them your customer's domain, and they will serve it.
12:59 < huwjr> where/how?
12:59 < detha> Tell cloudflare that yourcustomer.example.com is backed by your server
13:00 < huwjr> is there an api for that? under specific plans
13:00 < detha> no idea, ask their support
13:01 < huwjr> that’s why i’m here :)
13:01 < huwjr> but thanks - good to know it is possible! was starting to worry
13:02 <@xand> this isn't cloudflare support
13:02 < detha> as far as I remember, cloudflare is one of the cdns that wants to take over your DNS to put their cnames in, but I could be wrong
13:03 < detha> so you might have to delegate customer's DNS to them
13:08 < pavel_odintsov> Cloudflare has options to use their CDN without changing DNS
13:09 < pavel_odintsov> https://support.cloudflare.com/hc/en-us/articles/200168706-How-do-I-do-CNAME-setup-
13:17 < mos6502> What the fuck my ISP is setup to let me PXE boot to a cracked windows 10 installer
13:18 < Haris> does strongswan support 3des, md5, dh gr 2 ?
13:18 < gallax> mos6502: looks highly practical
13:18 < mos6502> HAHAHAHAHA WHAT WERE THEY THINKING
13:19 < gallax> mos6502: helping you out with free functionality
13:20 < mos6502> Lol
13:20 < gallax> mos6502: is it hard to configure m$10 to do PXE boot?
13:20 < mos6502> I don't know
13:20 < gallax> for linux loos hard as hell.
13:22 < TandyUK> gallax: neither are particularly hard to setup once you understand how PXE/tftp works
13:22 < TandyUK> the more annoying thing is windows lack of case sensitivity, and making sure all files are named how windows clients actually ask for them
13:23 < TandyUK> i use cobbler for all my linux deployments, and WDS for anything windows
13:23 < TandyUK> plain debian install from pressing power button, to working OS is about 5 mins tops
13:23 < TandyUK> windows is a lot longer, but still nothing like as slow as installing off a cd / slow usb stick
13:23 < gallax> TandyUK: in which situation is useful PXE? (I am a desktop user)
13:24 < TandyUK> PXE is useful for deploying lots of machines
13:24 < squ> TandyUK: some recent ryzen supported nvme raid
13:24 < TandyUK> eg, you run a business and have 50 machines, and want them all identical, you need a single pxe option, which can then be scripted to pre-install all relevant software you need, join pcs to domain, etc etc
13:25 < TandyUK> also when a machine fails, screw trying to fix windows, just f12, network boot, and reinstall a clean OS
13:25 < TandyUK> 10 mins later, youre back to 'normal' whatever that is
13:25 < gallax> rofl! 50 m$$ bootnig out of one mbr??
13:25 < TandyUK> just obviously make sure no data is stored locally
13:25 < TandyUK> gallax: wtf??
13:26 < TandyUK> the mbr is on the machine you are deploying _TO_
13:26 < gallax> -> single boot, multiple instances.
13:26 < TandyUK> so you have 50 machines, with 50 mbrs, and 50 seperate windows install
13:26 < gallax> interesting.
13:26 < TandyUK> PXE can also be very useful for booting various live cd's, recovery cd's etc etc
13:27 < huwjr> The main problem i see here is windows
13:27 < huwjr> :D
13:27 < TandyUK> go google Windows Deployment Services (WDS)
13:27 < TandyUK> and/or cobbler for any sort of *nix distro
13:27 < gallax> TandyUK: thanks
13:27 < tds> ^ if you've got every machine attached to a console server, being able to reboot the box remotely, pxe boot a linux distro and go and fix whatever is very useful
13:28 < TandyUK> personally i have everythign pxe boot from my cobbler machine, and chain load this off to the windows server from a menu option
13:28 < TandyUK> eg, you boot (and with no profile assigned), get a nice "which OS would you like" menu, with Debian, Ubuntu, Centos, and Windows
13:29 < TandyUK> choose widows, and it goes off to speak to the WDS box, which gives a windows specific version of the same thing
13:29 < gallax> TandyUK: is cobbler a liveCD??
13:29 < squ> can you come into office and boot home os, instead of carrying laptop from home
13:29 < TandyUK> if you assign profiles/systems, you can identify machines by MAC, and auto deploy the relevant OS, iuncluding for example NIC settings
13:29 < TandyUK> gallax: no
13:30 < TandyUK> cobbler is an application (family)
13:30 < TandyUK> http://cobbler.github.io/
13:31 < TandyUK> it also integrates fairly well with ansible (ansible site.yaml == exported cobbler list of systems)
14:00 < spaces> all networks sexy ?
14:00 < mawk> of course
14:00 < spaces> pics or it didn't happen
14:04 < CuriosTiger> Careful what you wish for.
14:07 < TandyUK> spaces: sexy networks: https://i.redd.it/lzaw43ery7311.jpg
14:16 < regdude> can I have more of this type of porn?
14:19 < Haris> anyone established strongswan <-> ASA ipsec l2l tunnel ?
14:20 < Haris> stuck at ---> charon: 05[IKE] received INVALID_ID_INFORMATION error notify
14:21 < TandyUK> regdude: reddit.com/r/cableporn
14:22 < regdude> turns out that is a thing
14:22 < zamba> we have a strange issue.. i can see the ntp client request going out.. i can see it coming in on the ntp server and i can see the ntp server response leaving the ntp server.. but it never arrives at the client..
14:22 < zamba> any idea how to debug this?
14:22 < zamba> i can ssh just find
14:23 < zamba> fine*
14:23 < zamba> and i can icmp ping just fine
14:23 < TandyUK> zamba: find the firewall in between that is dropping it
14:24 < zamba> TandyUK: same subnet
14:24 < TandyUK> so?
14:24 < zamba> meaning: no firewall
14:24 < TandyUK> you dont need a _router_  but nothing says you cant have multiple firewalls between the 2 hosts
14:24 < TandyUK> like the one on the ntp server, and the host making the request, for a start
14:25 < zamba> TandyUK: if i tcpdump on the ntp server side and i can see the ntp server request going out, then that's after the firewall
14:25 < zamba> so it has to be on the ntp client side
14:26 < TandyUK> or its somethign in between
14:26 < TandyUK> follow the cables
14:27 < dogbert_2> m000000000000000000
14:33 < spaces> dogbert_2 methane gas out of your ass ?
14:34 < dogbert_2> nawwww
14:34 < spaces> is it burning baby ?
15:39 < skyroveRR> Ahoy TandyUK
16:45 <+catphish> i'm back
16:46 < UncleDrax> welcome back kotta
16:53 < iateadonut> i'd like to point a domain to one server (with an ip address) and have it serve content from another server.  is there a way to do this, like a squid proxy?
16:54 < kottt> uh... well, there's a few... can you be more specific about what you're trying to do?
16:54 < cyberz> hello, anyone with a bit of experience in Ubiquity hardware? I've got an ubiquiti long range AP, and I'm feeling happy with it; so now I'd like to get an ubiquiti repeater that I can also manage from the wifi controller. Which product should I use then?
16:55 < kottt> what kind of content is being served, how is it accessed?
16:55 < kottt> @iateadonut
16:55 < iateadonut> kottt, our web service provider serves WP sites.  they can only grant 1 ip address to be directed to this server.
16:56 < iateadonut> one customer wants a different ip address for each site (for reasons unknown), so i was thinking we could point the DNS to an ip address on one of our servers, and tunnel through to the WP service provider.
16:57 < kottt> so no matter what in that situation, content is going to come originally from the WP service provider
16:57 < iateadonut> correct.
16:58 < kottt> find out why the customer thinks this is important i guess
16:58 < tds> I'd certainly do that first before potentially wasting v4 space like that
16:58 < kottt> yes...
16:59 < iateadonut> right.  it's pretty dumb.  but is it possible besides through squid3 or do you think there's another way?
16:59 < kottt> but i mean... 301 redirects maybe? set up apache websites that re-host the WP pages in an HTML frame (lol ew)
16:59 < tds> there are lots of options for http reverse proxies (eg haproxy, nginx, apache, whatever) if that's what you want
16:59 < tds> heh, I guess a redirect would do it as well
17:00 < iateadonut> kott, yeah, that sounds like a really bad way to do it.
17:00 < iateadonut> so i should google 'reverse proxy'...
17:06 < iateadonut> but it's all pretty silly because a apache reverse proxy is supposed to be a gateway on a LAN, right, so this would slow down page load times by half.
17:11 < tds> that would be a forward proxy - a reverse proxy is designed for this purpose (eg you might use it to load balance between multiple backend servers, terminate ssl in front of a http only web server, etc)
17:11 < tds> the apache docs for mod_proxy have a nice explanation
17:21 < rtmataeu34> hi i had a silly question- what IRC on linux do ya'll like using?
17:22 < compdoc> freenode
17:22 < rtmataeu34> you mean the web IRC compdoc
17:22 < rtmataeu34> ?
17:22 < compdoc> you must mean irc client  :0
17:22 < rtmataeu34> :D
17:23 < rtmataeu34> i walked right into that
17:23 < rtmataeu34> yes
17:23 < rtmataeu34> no sleep*
17:24 < djph> rtmataeu34: irssi, though I hear weechat is decent
17:25 < tpr> weechta is nice, allows also remote connections (e.g. via a mobile app)
17:25 < tpr> irssi used to be the client back in the days, but weechat has overtaken it some years back (allows also nicer scripting etc.)
17:26 < djph> tpr: I just have irssi chilling in a screen session most of the time
17:26 < redrabbit> irssi > *
17:26 < djph> also, I don't want to learn new keybindings :)
17:26 < rtmataeu34> whats the remote connections for i might ask
17:27 < djph> so you're you when you're not at home (or whatever)
17:27 < redrabbit> i use juicessh for mobile use
17:27 < rtmataeu34> starting to understand now
17:28 < rtmataeu34> been putzing on hexchat so far
17:28 < tds> if you don't mind a fancy modern node.js client, thelounge works quite nicely for use between multiple devices
17:28 < djph> use connectbot here.  yeah, people have mixed feelings about it
17:28 < rtmataeu34> tried bitchx and didnt like it much
17:29 < redrabbit> irssi is still in dev
17:29 < redrabbit> not deprecated at all
17:29 <+catphish> rtmataeu34: hexchat
17:29 < djph> redrabbit: who said it was deprecated?
17:29 < rtmataeu34> yeah!
17:29 <+catphish> i wish hexchat had more functionality, like inline content
17:29 <+catphish> but i really like it
17:30 < rtmataeu34> ive been ok with it
17:30 < redrabbit> djph: idk
17:30 < tpr> djph: yeah, I used to have too. nowadays it's weechat chilling in a screen session :P
17:30 < tpr> djph: iirc i just simply adjusted the bindings to what I used to have in irssi
17:30 < tpr> djph: although I nowadays prefer much more to use alt+a instead of, e.g., alt+r or so
17:30 < djph> tpr: yeah, but this works :)
17:30 < tpr> (for taking me to window 14)
17:31 < redrabbit> i like irssi for its lean nature
17:31 < tpr> weechat is also lean ;-)
17:32 < tds> I used to use znc + hexchat, I've found thelounge much nicer though
17:32 < tds> but that's the complete opposite of weechat/irssi ;)
17:46 < rtmataeu34> changed the interface for like a black grey /solarized sort of thing
17:46 < rtmataeu34> just the main window is still slate gray
17:46 < rtmataeu34> :D
17:46 < rtmataeu34> and all the trims
17:46 < sameh4> dumb question here: I am researching Pi Zero to Pi Zero communication (without an intermediate; a WiFi router or the like).  One option is wireless serial, but I am curious, can two WiFi cards talk to each other without a router?
17:47 < skyroveRR> sameh4: google "ad hoc wireless networking"
17:47 < sameh4> thanks man!
17:47 < sameh4> checking now
17:48 < sameh4> skyroveRR: exactly what I needed! thanks!
17:48 < skyroveRR> :)
18:07 < will917823> Hey
18:07 < skyroveRR> Howdy
18:07 < acos> Hola
18:07 < will917823> I noticed something odd just now
18:07 < skyroveRR> Ok
18:07 < will917823> http://excess-baggage.heathrow.com/ <-- goes straight to an iDRAC?
18:08 < skyroveRR> lol
18:08 < will917823> this is an Airport
18:08 < acos> Wrong port haha
18:08 < will917823> yeah err how should could I inform that something has gone awry?
18:09 < skyroveRR> will917823: how did you notice? :P
18:09 < acos> Call their tech contact?
18:09 < will917823> is that in the whois?
18:09 < will917823> @skyroveRR literally wanted to check excess baggage
18:12 < acos> Hope nobody guesses the password and shuts down a server
18:12 < Sout> dm people on twitter, that is how everthing is done these days </sarcasm>
18:12 < skyroveRR> DM the important ones responsible. That shouldn't be /s.
18:16 < Haris> strongswan output for an ikev1 peer says ---> received NO_PROPOSAL_CHOSEN error notify <--- what does it mean ?
18:16 < acos> https://www.heathrow.com/more/contact-us
18:16 < acos> https://mobile.twitter.com/heathrowairport
18:17 < will917823> Have emailed the webmaster and put in a query ticket
18:17 < acos> Then you all set
18:18 < will917823> fingers crossed they sort it
18:18 < will917823> did scour that page for a tech contact but there's none on there
18:19 < craz> So I have this physical machine that someone else installed and they say eth0 and eth1 are both connected, and I am now trying to create a bond and get the network working (connecting via ilo). The bond gets created, and from what I can see (not very good at this), things look fine, but I cant ping the gateway. Anyone able to give any clues to what could be wrong?
18:21 < acos> Their server is under warranty till 2020 haha so they set
18:21 < will917823> :P
18:22 < acos> Good on them leaking the service tag
18:23 < will917823> Remember the ebay scams where they would transfer the service tag into another account?
18:23 < TandyUK> yeah someone plugged the network cables in back to fron methinks
18:23 < acos> Not going to check if they left default password.
18:23 < TandyUK> stupid "smart hands" lol
18:23 < TandyUK> I had a 'smart hand' kill the power to the wrong _rack_ once before lol
18:24 < TandyUK> 2 racks, one making shitton of noise, the other virtual silent (as everything pretty much was off)
18:24 < TandyUK> which do you reckon they pulled from the busbar lol
18:24 < will917823> the quiet one?
18:24 < TandyUK> ofc not :)
18:24 < will917823> hahaha
18:24 < TandyUK> this is why you arent a "smart hand"
18:25 < TandyUK> antoher classic is them pulling the GOOD drive in a raid1 array with a failed disk
18:25 < TandyUK> had that on more than one occasion
18:25 < TandyUK> ^^ exemplifies why "RAID IS NOT A BACKUP"
18:25 < rtmataeu34> craz are you missing your gateway listing in the bond?
18:26 < craz> rtmataeu34, my ifcfg-bond0 contains GATEWAY="10.0.0.1" if thats what you are asking
18:26 < rtmataeu34> what about the routing table
18:26 < acos> If the good drive is pulled can it be reinstated?
18:26 < rtmataeu34> current routing table*
18:28 < craz> default via 10.0.0.1 dev bond0 proto static metric 300
18:29 < TandyUK> acos: with some much more careful hands, usually yes
18:29 < TandyUK> depends what it was doing though
18:29 < acos> It might be marked GONE
18:30 < acos>  On the controller lol
18:30 < TandyUK> if it was a db server for example, expect it to be fubar
18:30 < acos> Makes sense.   Good luck craz
18:48 < yuppie> hello all
18:48 < yuppie> anyone have suggestions on a medium sized business network gateway?
18:50 < TandyUK> what do you call medium sized?
18:50 < TandyUK> 100 clients, 1000?
18:50 < UncleDrax> and are you just doing NAT/Firewall, or also expecting a ton of VPN sessions too?
18:50 < TandyUK> ^^ and this, and do you want any 'L7' features, eg blocking facebook
18:52 < yuppie> well we currently have a Ubiquiti USG 4 Pro
18:52 < yuppie> and its rebooting under high throughput conditions
18:52 < yuppie> so we're thinking we need to upgrade
18:53 < yuppie> also, it'd be nice to have high VPN throughput, as close to 1Gbps as possible
18:53 < yuppie> i was looking at the meraki MX 250 but they're saying its a little too expensive
18:53 < yuppie> i wish the USG XG 8 was available but its still in beta/sold out
18:54 < yuppie> currently we have 100 clients
18:54 < yuppie> but we're adding more
18:59 < yuppie> its kinda lame how Unifi does not list their VPN throughput speeds
18:59 < Haris> I think they require their gateway device to do that
18:59 < Haris> spend $$$
19:00 < yuppie> Haris: yeah their gateway is what i have USG 4 Pro
19:01 < Haris> that was a sadistic joke .. as per the knowledge I have of what they want one to do
19:08 < acos> Sonic wall tz?
19:15 < TandyUK> VPN speed will vary depending how strong the encryption is
19:15 < TandyUK> better encryption == slower basically
19:15 < TandyUK> noone wants to tell the world they can only handle 20mbps throughput at 4096bit
19:18 < Haris> even with the aesni chips ?
19:18 < Haris> I make my ssh keys 4096 bit
19:18 < Haris> I can see how much time they take in getting checked when I connect somewhere
19:19 < TandyUK> indeed, so imagine that on every single packet
19:21 < pavel_odintsov> number of NICs can do compression on near line rate
19:21 < pavel_odintsov> but usually they are expensive as hell (thousands of bucks)
19:21 < alesan> about SSL and redirects: I would like to connect to a SSL connection through a SSH port forwarding (-L option)
19:21 < pavel_odintsov> I mean encryption, sorry :)
19:21 < alesan> the SSL connection complains but this is what I would like to do
19:49 <+catphish> alesan: SSL TLS is likely complaining about the hostname not matching, the only fix is to add a hosts entry
19:54 < alesan> catphish, interesting
19:54 < alesan> so I add a hosts entry that matches the remote host name to 127.0.0.1?
20:05 <+catphish> alesan: yes, then if you use the name, it should be happy
20:06 <+catphish> one of the main things TLS checks i sthe hostname matches the certificate, else it wouldn't be much use for protecting anything :)
20:07 <+catphish> *checks is the
20:14 < spaces> lol tehese people that are complaining that instagram is having issues... get a life ?
20:19 < djph> spaces: maybe we'll get lucky and it'll be dead for a while
20:28 < spaces> djph let's hope so!
20:37 < fly_agaric> hello guys, are there any disadvantage if you build a ring with single mode cables instead of multimode cables? specially with san switches and normal network core and edge
20:38 <+pppingme> fly_agaric cost of optics..  how big of a ring?
20:39 < fly_agaric> 8 switches and 2 core switches
20:40 < fly_agaric> no san switches right now
20:40 <+pppingme> I mean distance..
20:41 <+pppingme> is this a ring of floors? a ring of buildings? a ring around the city? or what?
20:41 < fly_agaric> more then 300 meters
20:41 <+catphish> fly_agaric: there's no disadvantage, i have no idea why you'd use MM
20:41 <+pppingme> 300 meters for total ring, or longest hop?
20:41 <+catphish> maybe it's cheaper, but the difference sees negligable
20:41 < fly_agaric> longest hop maybe more
20:42 < fly_agaric> it can vary its in the planning right now
20:42 <+catphish> the resounding opinion i hear is that  SM is better
20:42 < Apachez> a starfleet command of apartments
21:27 < tonsofpcs> Looking for suggestions on an NMS that can handle snmp from non-standard (not HP, not Cisco, not anything you've ever heard of) systems and automated logging on a specific timetable (say every n hours).  Suggestions?  Web-based interface preferred but I'll run it on any platform imaginable.
21:37 < ALowther_> What are the best resources/recommendations for learning ipv6?
21:38 < Apachez> https://www.youtube.com/watch?v=Vl1VTm5vtnY  look at ma car! look at it!!!
21:38 < Apachez> ALowther_: various design guides out there
21:41 < ALowther_> Apachez: Different network implementations, I presume? I understand the basics, I am looking maybe for a good book/articles to help me move forward in the theory of it.
21:44 < SwedeMike> ALowther_: you can start with something like https://www.ripe.net/support/training/material/basic-ipv6-training-course/BasicIPv6-Slides.pdf
21:44 < ALowther_> SwedeMike: 138 slides. Okay, thanks. :)
21:46 < SwedeMike> ALowther_: ripe has other ipv6 training material if you prefer other format
21:46 < SwedeMike> there are other orgs that have training material as well
21:54 < ALowther_> SwedeMike: This seems cool! Do you have the names of some of the other organizations?
21:56 < tds> he have their little cert thing which is nice for learning the basics (and you get a t shirt :), and there's their 6in4 tunnelbroker if you don't have native v6 as well
21:57 < TandyUK> im tempted to redo the he cert just to get a new tshirt
21:57 < TandyUK> my old one is rather worn lol
21:58 < ALowther_> I'll check it out. I've heard HE's cert, from a learning/theory standpoint is rather basic.
21:59 <+catphish> yeah it's pretty pointless
21:59 < tds> ...but you get a t shirt, I wouldn't call it pointless ;)
22:00 < ALowther_> tds: :p
22:00 <+catphish> you do get a t-shirt :)
22:00 <+catphish> i have one!
22:00 < ALowther_> I don't really care about a cert that is recognized by the industry. I am more looking for understanding for self-development
22:00 <+catphish> just build your own network
22:02 < ALowther_> Is this the latest, as far as you all are aware?
22:02 < ALowther_> https://tools.ietf.org/html/rfc8200
22:10 <+catphish> ALowther_: i doubt the rfc is a great way to learn about ipv6, but yes, i think that rfc you linked to is the current standard
22:10 < ALowther_> When something is brand new(I know IPv6 isn't), how do people first come to learn about things?
22:12 <+catphish> regardless of age, the obvious answer is to play with them, run them, maybe even implement them
22:13 < alesan> the wikipedia page about something usually helps too
22:14 <+catphish> as far as getting information, there's wikipedia, the RFC, and other simpler guides people write explaining them that can be found with google, also manuals for existing implementations
22:16 < ALowther_> catphish, alesan: Good thoughts, thank you.
22:16 <+catphish> good luck!
22:19 < detha> ALowther_: on your 'when something is brand new' question: people sit on the standard committee and define it, or follow the standards committee's mailing list and drafts.
22:19 < detha> (some have said standards are like sausages - it's better not to know how they are made)
22:31 < logit3ch> hi there...i need someone to teach me something about wordpress...please, if you think that you are a crack in the deep wordpress, please, send me a pv
22:32 < sameh4> I am reading about ad hoc wireless networks and their auto conf.  This IETF is pretty simple and easy to follow, but it's from 2010 https://tools.ietf.org/html/draft-perkins-manet-autoconf-00
22:33 < sameh4> I am curious if anyone has experience with this type of thing? My aim is that when an Rpi zero is turned on for the first time, it joins an ad hoc LAN without knowing the subnet being used.  Which I don't think is possible, right?
22:34 < sameh4> btw that internet draft says to randomly pick an addr in 169.254/16, but that seems like it's too hard to get many manufacturers to do that!
22:41 <+catphish> sameh4: it's completely up to you, choose whatever IPs / subnet you want
22:42 < sameh4> @catphis but how can I reach devices of other manufacturers?
22:42 <+catphish> sameh4: i'm pretty sure it would be possible to configure linux to choose a random IP from 169.254/16, but it's 2018 so you should really just use ipv6 LL addresses
22:43 <+catphish> sameh4: what do manufacturers have to do with it?
22:43 <+catphish> it seems like you're confusing layers here
22:43 < patarr> What protocol is used underneath the SSL in Cisco AnyConnect?
22:43 < sameh4> @catphish I think you are right
22:44 <+catphish> sameh4: ip addressing has absolutely nothing to do with the physical card / manufacturer or whether the network is ad-hoc or has an access point
22:44 <+catphish> you configure the *physical* network first, then simply choose whatever IP addresses you like on top
22:44 < sameh4> so let's say I manufacture a device that wants to connect to other devices from other manufacturers;  the devices no nothing about each other and have no addresses
22:44 < purplex88> i need a small utility
22:45 < purplex88> to tell me download / up speed in system tray (windows 8)
22:45 < purplex88> i guess all of you know of such thing
22:45 < sameh4> I turn my device on, and another device from another manufacturer, how can they find each other without some standardized addressing
22:46 < sameh4> these are headless devices btw
22:47 < detha> sameh4: there are a number of discovery protocols, most relying on broadcast or multicast
22:47 <+catphish> sameh4: with ipv6, this is solved, devices will all have a random ipv6 address, and you can use local multicast addresses to communicate
22:48 < sameh4> @catphish @detha I see, OK, you've answered my questions!
22:48 < sameh4> thanks guys!
22:48 <+catphish> but even then, you still need a way to discover the addresses of the other devices
22:48 <+catphish> same with ipv4, except there's no standard addressing scheme, apart from 169.254/16,
22:48 <+catphish> which many devices won't use
22:48 < sameh4> what's the name of a good/simple discovery protocol in your guy's opinions @catphish @detha
22:48 <+catphish> imo theres no way to achieve this unless you control all the devices
22:49 <+catphish> but you probably do, since they probably all run the same software
22:49 <+catphish> no, you don't do this unless *you* are making the software
22:49 < quesker_> I am on the same segment with a box that either has some random static ip or dhcp.  how can I connect to it without knowing the ip?
22:49 <+catphish> quesker_: you can't
22:49 < sameh4> catphish : that was my concern! I wont control all the software
22:49 <+catphish> quesker_: you can try to figure out its IP by sniffing its packets
22:50 < redrabbit> nmap
22:50 <+catphish> sameh4: so, what's the purpose of this?
22:50 <+catphish> you can't realistically nmap 0.0.0.0/0
22:50 <+catphish> maybe with different specialized software
22:50 < sameh4> distributed compute by IoT devices
22:50 < Peng_> [ catphish's printer explodes ]
22:50 < quesker_> ok.  I thought I read something that suggested that if you know the mac you could add an entry to your arp table and assign an ip to it so you could telnet to it.  sounded too good to be true
22:51 <+catphish> sameh4: right, but IoT devices traditionally run known software, that's designed to communicate together
22:51 <+catphish> sameh4: you can't just put 2 IoT devices near each other and hope they know what to talk about
22:51 < sameh4> @catphish yeah I get your point! I can't just look for other devices and ask them to do things unless they have my software
22:51 < redrabbit> I use node red for iot
22:51 <+catphish> sameh4: or maybe you know *their* software
22:52 < sameh4> right!
22:52 <+catphish> sameh4: either way, you need some agreed protocols
22:52 < redrabbit> Try it
22:52 < sameh4> yeah!
22:52 <+catphish> which includes addressing and discovery schemes
22:52 < sameh4> catphish: thanks! nice to have this discussion!
22:55 < MarkusDBX> What did just happen to freenode?
22:55 < MarkusDBX> A ton of people DC at the same time?
22:57 < DoctorDick> those are matrix users
22:57 <+catphish> MarkusDBX: they're all "matrix" users, i guess one large host that houses lots of clients
22:58 <+catphish> https://matrix.org/blog/home/
22:59 < MarkusDBX> I see
23:01 <+catphish> kinda (completely) off topic, can anyone recommend a beginner text on medicine? i'm looking for a good intro
23:02 <+catphish> been trying to read harrisons  internal medecine, but it's more like a reference, i want something that can be read more linearly
23:08 < Mattx> Hey all. I need to send a few post requests to the same rest server. What are the things I should consider to make that as fast as possible?
23:08 < Mattx> First thing I thought is the requests should be made async, and I should use HTTP2 so the socket is reused
23:09 < Mattx> but there may be other things I'm not aware of, like compression
23:09 < Toadisattva> trying to connect to wifi via debian command line with wpa_supplicant, I'm getting a connection then it disconnects with reason code 3 and gives the following error: CMD_RESP: cmd 0x10f error, result=0x2
23:10 <+catphish> Mattx: there are a few things to consider, the most obvious one is how fast can the server at the other end actually process your requests
23:10 < lupine> 2 is possible ENOENT
23:11 < lupine> probably not though
23:11 < Mattx> catphish, that is not that important. I don't need to get the response fast, I need to send the requests fast, as they are processed in fifo order
23:12 <+catphish> Mattx: then you basically want to 1) reuse connections, HTTP 1.1 and later can do this 2) choose an optimal number of connections (simultaneous requests)
23:12 <+catphish> Mattx: that is extremely important
23:13 <+catphish> Mattx: i interpreted this as you wanting to do lots of requests, not just one request as fast as possible
23:13 < Mattx> yes, in general it's 3 requests, and then I have plenty of time to read the response. but those 3 should be processed asap, and in order
23:14 < Mattx> multiple connections won't guarantee they are in order, so that can't be done
23:14 <+catphish> Mattx: well if you want to guarentee they're in order then you need to wait for each one to return before you make the next
23:14 < Mattx> why? can't I just put them in the same socket in order and expect them to be received in that order?
23:15 <+catphish> Mattx: no
23:15 <+catphish> Mattx: not unless you know how the remote infrastructure works
23:16 <+catphish> you could try just sending all 3 down the same HTTP/1.1 socket using pipelining, it will *probably* process them in order, but no guarantee
23:23 < Mattx> catphish, I'm not getting you. how could they reach the server in a different order if I use the same socket?
23:23 < Mattx> specially if it's http2
23:25 < spaces> wtf is wrong with this world, people don't have inspiration for food until they bought a cookingbook again and need to share it on instagram... isn't that like: I actually have no joy in my life on my own at all ?
23:25 < Mattx> catphish, there was a net split. I'm still here, don't know if you replied
23:25 <+catphish> Mattx: i don't know http/2, but regardless of protocol, you shouldn't assume that the other they reach the server is the order they will be processed, servers will handle requests in parallel
23:25 <+catphish> *order
23:26 < Mattx> well even if that's the case I can't change that. I'm trying to improve things in my end
23:27 < Mattx> I wonder for instance if sending the params as part of the URL or as part of the POST body makes any difference
23:27 <+catphish> Mattx: no differece
23:27 < Mattx> even if the body is compressed?
23:27 <+catphish> i can't think how that would matter
23:28 < Mattx> sending less data is always better
23:28 <+catphish> there are things you can try, 1) pipeline requests (this is very standard in http/2, less so, but possible in http1.1
23:29 <+catphish> 2) request and send different compression, sending less data is only better when you have less bandwidth than processing power
23:30 < Toadisattva> wpa_cli got me fixed up
23:30 <+catphish> when it comes to pipelining you're basically guessing how the remote will order requests, but its reasonable to guess they'll be processed in order until proven otherwise
23:30 <+catphish> hard to test though
23:31 < Mattx> it's not hard to test in this case I think, I can check the response and see the id they assigned to each
23:31 < Mattx> anything else you can think of?
23:33 < koala_man> spaces: Instagram is just The Sims where you create a fantasy life for yourself. https://i.pinimg.com/originals/99/45/9f/99459fce9f2b000ef6564b77383108b1.jpg
23:37 < spaces> koala_man yeah the werid thing is that relationships are also based on it, conversations that you have such a great life and people tell you you are fine and have a great life because they like to receive that back as well
23:37 < spaces> koala_man lol that link is pretty it :)
23:47 < koala_man> there was some study that said that if you win a median annual income in the lottery, it increases the bankruptcy rate of your neighbors by 6.59% over 3 years as they try to keep up with you. Like animals with mating displays.
23:47 < spaces> that's true !
23:50 < yates> is there an option to dig or nslookup that makes it return just the ip address so you can substitute it in a bash command, e.g., "blow-up-this-site `nslookup -cli a.badsite.com`"
23:51 < yates> i looked but didn't see any
23:51 < koala_man> does your tool not accept hostnames?
23:52 < yates> no, it don't
23:56 <+catphish> Mattx: nothing else obvious, just make sure you know how to correctly pipeline requests with http 1 and http 2
23:57 <+catphish> if you have a way to test the order, ideal
23:57 <+catphish> but just be wary that web servers don't process requests one at a time
--- Log closed Wed Jun 13 00:00:56 2018