--- Log opened Wed Jun 13 00:00:56 2018
00:08 < spaces> koala_man what I also don't understand is that all these instagram people look like hoo's and yell #meToo when they can
00:40 < jif> best vpn?
00:41 <+pppingme> jif how are you using it?
00:41 < jif> at home, casual, nothing illegal
00:42 <+pppingme> so you're trying to get back into your home net from remote?
00:43 < jif> im at home but just wanrt extra privacy
00:44 <+pppingme> so what are you connecting to?
00:45 < jif> i just want it for  more anonymous internet access
00:45 <+pppingme> no such thing
00:45 <+pppingme> vpn's are about making a *secure* connection between two points, they have nothing to do with privacy
00:47 < jif> do you use anything?
00:47 <+pppingme> do I use vpn's?  Yeah, for connecting remote sites and being able to work securely to my servers when I'm away from the office
00:49 < jif> would you say a vpn plus incognito mode is better than nothing? what about a vpn + tor/?
00:50 <+pppingme> wtf is a vpn plus incognito mode?
00:50 < spaces> why do I always need to p00p when I'm just in bed ?
00:50 <+pppingme> what exactly are you trying to accomplish with a vpn?
00:50 < jif> more anonymous internet access
00:51 <+pppingme> again, vpn's do NOT give you "anonymous internet access", there simply is no such thing
00:51 < jif> thats why i said more
00:51 < spaces> use windscribe, they are pretty good at it
00:51 <+pppingme> before you start throwing solutions, you have to address your needs..
00:51 <+pppingme> what or who are you trying to hide from?
00:51 < djph> jif: you just move the "who knows the deviant porn you're watching" from "yr ISP" to "your VPN provider"
00:52 < jif> djph: that's my primary concern
00:53 < djph> that your ISP cares you're watching porn?
00:53 <+pppingme> so you'd rather move who can see what you're doing from someone who doesn't really care (your isp) to someone that probably has some kind of vested interest in your traffic (vpn provider) by injecting malware into your traffic stream, or making it EASIER to track you and your traffic and selling that info?
00:54 < jif> mallware in traffic stream. is that a thing?
00:54 < djph> can be
00:54 <+pppingme> yes its a thing, and many so called "hide your ass vpn providers who swear they don't log" have been caught doing it
00:55 < djph> e.g. redirect ads to their malware server
00:55 < jif> oh im sure
00:55 < jif> they consolidate people that want privacy
00:56 <+pppingme> think about your last statement
00:56 < s7rawman> jif: First you need to figure out your threat model, then asses whether a vpn provides that security.
00:56 <+pppingme> fuse.net could care less if you're watching goat porn or kitty porn, they simply don't care
00:57 <+pppingme> and every vpn provider out there will hand your info over in a heartbeat..  they DON'T protect or hide your info
00:58 <+pppingme> they are more afraid of getting raided than you
00:58 < jif> hmm, well im glad we had this talk
01:22 < wadadli> how does DHCP resolve ip address conflicts?
01:23 < djph> no
01:23 < djph> don't make addr conflicts
01:24 < wadadli> curious, saw the question on glassdoor for data center tech role
01:24 < wadadli> dhcp would just assign a new address I'd assume
01:24 < wadadli> issue resolved =P
01:25 < djph> no
01:25 < djph> if you're a fucktard, and create a conflict, DHCP won't help you.
01:25 < obcecado> if two machines have the same static ip configured, there's not much dhcpd can do
01:25 < djph> or hell, one DHCP and one static
01:26 < obcecado> some implementations will arp for the ip being leased
01:26 < obcecado> to check if its configured elsewhere
01:27 < djph> though a static device being down at that moment or the DHCP server not doing that will still result in "conflict"
01:28 < wadadli> djph ▶ in that case dhcp is responsible for the conflict
01:28 <+pppingme> wadadli its not dhcp's job..
01:28 < djph> nope, the fucktard putting a static assignment inside the DHCP pool is.
01:28 < wadadli> djph ▶ true that
01:30 < obcecado> it wont surely prevent op stupidity
01:36 < djph> ^
02:56 < jorja> Hello
02:57 < jorja> I am having issues with my router items that had wifi then I stopped the wifi and am now trying to reconnect cannot. So I thought maybe a firmware update again but I cannot get to the 19.... site that is shown on google and was wondering if anyone can help me with this issue
02:58 < djph> jorja: turn the router's wifi back on?
02:59 < jorja> Wifi was never turned off
02:59 < jorja> I have a tablet that has wifi but my phone which had wifi at 7 now does not
03:00 < djph> so the router's wifi bit it?  reboot the router
03:01 < jorja> I STILL HAVE WIFI
03:01 < jorja> Tried reset does not work
03:03 < djph> then sounds like the router's fubar
03:03 < jorja> the router's what
03:07 < Spektrum> fuggedup beyond all repair
03:07 < jorja> it is new
03:15 < dogbert2> hey djph
03:15 < jvwjgames_> Hello
03:15 < jvwjgames_> is a VPS provider considered an ISP
03:17 < dogbert2> not much ph33r:  18:17:14 up 6 days, 13:40,  1 user,  load average: 0.00, 0.00, 0.00
03:18 < cheapie> 20:17:57 up 374 days, 16:10,  1 user,  load average: 0.00, 0.00, 0.00
03:18 < dogbert2> spent most of the afternoon playing with Bosch IP cameras
03:18  * cheapie should probably reboot that one of these days
03:18 < dogbert2> pretty good, more than a year
03:19 < cheapie> I had a VPS get to 451 days before, but 374 days is my current record for anything in my house.
03:19 < cheapie> Still going too :P
03:21 < dogbert2> was working on a camera in Spain this afternoon
03:23 < obcecado> 3750-01 uptime is 12 years, 18 weeks, 3 hours, 19 minutes
03:23 < obcecado> its not a camera, but got a decent uptime
03:24 < dogbert2> sheesh...how about some firmware updates?
03:27  * dogbert2 spins Stampeders - Sweet City Woman
04:05 < obcecado> hi
04:06 < obcecado> after finishing an installation (pxeboot + auto_install) is there a simple way to install a bunch of packages?
04:06 < obcecado> on the firstboot
04:15 < rewt> obcecado, that would depend on what you're installing... you'll probably have better luck asking in the relevant channel
05:12 < spaces> dogbert2 stop spinning that women, she might get sick
05:12 < dogbert2> LOL
05:12 < spaces> obcecado fans are stil OK from that device ?
05:17 < SwedeMike> ALowther_: just google for ipv6 education, there are lots of hits. For instance https://www.linkedin.com/learning/learning-ipv6
05:34 < spaces> obcecado dogbert2 and I want info :P
05:38 < spaces> dogbert2 hackhis old firmware :P
05:38 < dogbert2> heheehe
05:38 < spaces> 12 years of exploits would be a good start :D
05:39 < spaces> I think the NSA can simply go to it's IP and sees it all :D
05:39 < spaces> console port sends it out though wifi :P
05:41 < spaces> with wep encrytion I believe
05:49 < alesan_> hey - is there a way with ethtool or similar, to see the *partner* advertised modes
05:49 < alesan_> like what the "switch" offers as autonegotiation, not the local NIC?
06:04 < TheBlueWizard> I have a simple goal: connect two computers, one a Win box and another a Linux box (currently running Trisquel), and I configured Win box to use IP address 10.0.0.1, mask 255.255.255.0 and gateway 10.0.0.2; and on Trisquel I select manual, then edit Ethernet property to IP 10.0.0.2, mask 255.255.255.0 and left gateway blank. So far I could not ping each other machine. What did I do wrong here?
06:07 < TheBlueWizard> oops...I left out the goal: send files between two computers, using Python simple web server
06:36 < sharkasdf> I have an asus rt-n66r with that merlin custom firmware. I made a security change to the router that I thought was only going to allow a computer to be connected locally through ethernet, but instead I've made it impossible to connect to my router. I can ping it, but can't connect with https, http, IE, firefox, chrome. Firefox can’t establish a connection to the server at 192.168.1.11. (192.168.1.11 is my router ip). 1.11 als
06:36 < sharkasdf> o doesn't work. Any ideas?
06:51 < Apachez> sharkasdf: you done goof, so factory reset the box and reapply your settings
06:52 < Haris> I have an interface with public IP on a linux box. Is it possible to limit forwarding to vpn only on this box ? and deny all the rest from wan and lan other than the vpn traffic from/to lan ?
06:52 < Haris> limit forwarding to vpn traffic only
06:52 < sharkasdf> Apachez, there is no other way?
06:52 < Haris> forwarding as well as natting
06:53 < sharkasdf> I don't have a backup of settings :\
06:55 < Apachez> sharkasdf: the other way is to find out wtf you actually put in as a "security change"
06:55 < Apachez> exactly which setting did you alter into what?
06:56 < sharkasdf> Let me see if I can find it somehow
06:57 < sharkasdf> Also, were the custom firmware routers hit with that china hack?
06:59 < BenderRodriguez> man
06:59 < BenderRodriguez> Arista did me dirty with their stock
06:59 < BenderRodriguez> It's a shame they are in so much trouble right now
07:02 < Krikey_Sanchez> hello
07:03 < Krikey_Sanchez> I'm trying to configure a world-reachable ipv6 address behind a comcast router
07:03 < Krikey_Sanchez> I originally got an address from ipv6 dhcp that I could ping from the outside world
07:03 < Krikey_Sanchez> but now I get destination unreachable: no route when I try to ping it from an external computer, even though the host in question can ping ipv6.google.com
07:03 < Krikey_Sanchez> just fine
07:04 < Krikey_Sanchez> I notice that my routing table has two default routes on that interface, both of which have the same fe80: address
07:08 < Dagger> sure you're using the right address? privacy addresses are abandoned after no more than a week
07:09 < Haris> how to snat traffic to a source before forwarding to s-t-s vpn tunnel on the same box ?
07:09 < Haris> on linux
07:10 < Dagger> (although you wouldn't normally get privacy addresses when getting an address from DHCPv6, unless you're also getting an address via SLAAC)
07:15 < Krikey_Sanchez> Dagger, maybe I'm not
07:15 < Krikey_Sanchez> I actually don't know how to use SLAAC on a linux box, using whatever andom address dhcp6 gave me has worked before
07:16 < Krikey_Sanchez> but it's probably not the right way to do things
07:16 < Dagger> the kernel has a built-in client. it's automatic so long as forwarding is disabled
07:16 < Dagger> (and you can set the accept_ra=2 sysctl to enable it even then)
07:17 < Krikey_Sanchez> how do I force it to assign itself a SLAAC address?
07:17 < Krikey_Sanchez> let's say I clear all my networking state now and bring down the current interfaces to get myself into a clean state
07:18 < Dagger> bringing the interface up should be enough, assuming default settings
07:19 < Dagger> the kernel will send a router solicitation, which should trigger a router advertisment from the router. the kernel configures itself an address when it receives the RA
07:20 < Krikey_Sanchez> I just brought down and up the interface
07:20 < Dagger> (assuming the RA tells it too, and assuming the network prefix is /64)
07:20 < Krikey_Sanchez> oddly enough it has a v4 address, but not a v6 one
07:20 < Krikey_Sanchez> I don't know where the v4 address is coming from
07:21 < Krikey_Sanchez> oh probably systemctl networkd
07:22 < Dagger> I believe systemd-networkd will (or can?) take over processing of RAs, which would invalidate anything I know about the in-kernel client
07:25 < Maarten> woosh I got a free meraki ms220-8p with 3 years support from my rep for watching a 45 minute webinar :D
07:31 < Harlock> Maarten what about the AP?
07:32 < Maarten> that webinar is tomorrow - security gateway is next week..... supposedly I will get both of those too
07:37 < Harlock> is it only a year support on the AP or 3 years?
07:38 < Harlock> oh it is 3
07:41 < Maarten> Harlock, 3 years... not going to criticize a gift, after 3 years there is probably something newer/bigger/faster I must have :P And the licenses arent terribly expensive by the looks of it
07:52 < Harlock> flash it with openwrt when the support is over
07:55 < Krikey_Sanchez> if my default route is a fe80 one, should I expect to be able to ping my device from the outside?
07:55 < Krikey_Sanchez> that's what v6 dhcp seems to want to give me
07:55 < Krikey_Sanchez> I don't know what I should assign manually otherwise
07:55 < Harlock> that is your LL
07:56 < Harlock> but LL are nrmal to be used for a gateway
07:58 < Harlock> but you also need a global address to access the internet and be accessable  from the internet
07:58 < Krikey_Sanchez> it looks like systemd-networkd just doesn't want to give me one
09:34 < winsoff_> Will access points typically refuse to put frames to unassociated mac addresses on the air, or do they act as hubs by nature?
09:40 < detha> would they go through the entire trouble of negotiating associations when the AP would broadcast everything anyway?
09:41 < grawity> keeping track of clients is kind of a requirement once you need to add security mechanisms
09:42 < grawity> so since APs track clients anyway, they *will* drop everything they don't recognize, because what's the point of sending it?
09:42 < grawity> airtime clutter
09:43 < grawity> though things change if the connection is in WDS mode
09:50 < spaces> grawity tell me why my pee is always falling down when I'm @ the toilet
09:57 < xormor> spaces, you are confused. have a pill.
09:57  * xormor hands spaces a pill.
10:15 < epitamizor> would it be good idea to have load balancer between two remote sites that have vpn connect?
10:17 < winsoff_> grawity: Is this commonly implemented, then, or is it not default behavior in common equipment? I guess there's an easy way to find out, right? I could connect with one AP/ethernet on machine A, then connect to another AP with machine B and start making traffic on machine A, and then I could put machine B into promiscuous mode and see if I can see traffic from A?
10:18 < detha> epitamizor: without more context, that does not make sense
10:18 < winsoff_> Or are there other things in place that could spoil the test? Furthermore, what happens when a switch sees the same IP on 2 ports? Does the address/port db update?
10:18 < winsoff_> Agreed with detha
10:30 < grawity> switches don't care about IPs though
10:31 < winsoff_> I thought you configured vlans on switches?
10:31 < grawity> aaand?
10:32 < detha> vlans are an L2 concept. IP addresses are an L3 concept
10:32 < grawity> you also connect ethernet cables to switches, doesn't mean the cables care about IP, and doesn't mean switches care about IP
10:32 < winsoff_> Am I an idiot? I thought you could vlan-together certain IP addresses. You can't, I guess?
10:32 < winsoff_> You can only vlan PORTs together, then?
10:33 < winsoff_> So with that in mind, a switch only associates a mac address with ports, then.
10:33 < detha> correct
10:33 < winsoff_> Sweet. Also, thanks for not ignoring me after I forgot to phrase it as a question.
10:33 < winsoff_> With that in mind, how does a switch handle seeing the same MAC address on two different ports?
10:34 < grawity> it updates the MAC forwarding table for the new port
10:34 < detha> Badly
10:34 < winsoff_> This sounds like it's super exploitable.
10:34 < detha> It flips traffic for that port to wherever it saw the mac address last
10:34 < winsoff_> Of course, it also sounds like it just busts the network, making it pretty useless, unless the attacker has a backup link/a way out to the internet.
10:35 < meowschwitz> arpwatch is your friend and, if someone physically on your network is doing that you have bigger problems
10:35 < winsoff_> Oh, but does the MAC table get updated really quickly, every single time it sees frames? Does that mean it'll just flipflop between ports and start wreaking havoc on the network?
10:35 < detha> generally yes
10:35 < grawity> (fwiw, some switches do have IP-based VLANs, but that's not a standard feature, and quite frankly weird)
10:35 < meowschwitz> and yes, two boxes with same IPs or MACs has.. interesting side effects.
10:36 < winsoff_> Do switches typically come with modern protections for this, or is that up to a firewall/IDS?
10:36 < detha> side effects as in 'things go sideways'
10:36 < winsoff_> detha: lol
10:36 < grawity> huh, I didn't know 4addr mode was this complex http://www.ieee802.org/1/files/public/docs2008/avb-nfinn-802-11-bridging-0308-v3.pdf
10:36 < grawity> winsoff_: managed switches tend to have features like "port security"
10:36 < grawity> "sticky MAC learning"
10:36 < grawity> etc.
10:37 < winsoff_> Dang, but also nifty.
10:37 < gallax> winsoff_: same mac address on 'two' different ports makes sense. It'b be wrong two on 'same' port.
10:37 < grawity> wat?
10:37 < grawity> a port can easily have multiple MAC addresses
10:38 < detha> gallax: uplinks have many macs on one port. So do virtualization hosts
10:38 < grawity> and as we're talking about switch ports, I'd be surprised if they couldn't
10:38 < meowschwitz> oh shit i forgot to to turn off stp on iscsi ports
10:38  * meowschwitz derp
10:42 < winsoff_> I think gallax was pointing out that the only case where two instances of the same mac address can actually exist to a switch is when these instances are found on two different ports.
10:43 < winsoff_> is there a way to ask a router nicely what addresses it holds behind it, if I'm on the "behind" side?
10:43 < Razva> Hey! Let's suppose that I have a DNS round-robin A-entry (domain.tld) pointing to multiple IPs (1.1.1.1, 2.2.2.2 and 3.3.3.3). If 1.1.1.1 is not responding, will the visitor/client machine just ignore it and point/direct only to 2.2.2.2 and 3.3.3.3, or do I need to manually remove 1.1.1.1 it from the round-robin?
10:44 < grawity> winsoff_: as in, what subnets & routes it has?
10:44 < grawity> Razva: well it won't know that 1.1.1.1 is not responding until it tries
10:44 < grawity> Razva: *most* programs will go try the 2nd and 3rd addresses after a timeout
10:44 < winsoff_> grawity: yes indeed
10:44 < grawity> and as to which one will be tried first, it's random
10:44 < Razva> grawity: programs = ?
10:44 < eirirs> Razva: dns don't check whether host are up before giving you host
10:45 < meowschwitz> winsoff_: this isn't really a router problem. Same MAC address on more than one port means something is very wrong and either there's a loop somewhere or something else is broken
10:45 < grawity> Razva: literally, programs which connect to your service
10:45 < grawity> the machine doesn't care
10:45 < grawity> the OS doesn't care much, either
10:45 < grawity> each individual program decides how to handle multiple IPs on a single domain name
10:45 < grawity> winsoff_: from the outside, no
10:46 < grawity> winsoff_: (well I'd say "SNMP" but not many routers run that)
10:46 < Razva> here's the thing. I'm looking to build a HA cluster with multiple providers. I have multiple load-balancers at multiple providers, but I don't know how should I remove the non-functional load-balancers (without an extra..ehm..load-balancer). somewhere on the food chain DNS needs to be involved because a load-balancer is a fail point by itself.
10:47 < grawity> maybe have a backup load-balancer at each site
10:48 < mgolisch> i think the scenario Razva tries to tackle is an entire provider going down i would asume
10:48 < Razva> mgolisch: exactly.
10:48 < Razva> there are numerous cases when an entire Zone got offline. Amazon had it, OVH had it etc.
10:49 < Razva> so I cannot base on floating IPs, because those are provider specific. if the provider goes down, so goes the floating IP, VLANs etc.
10:49 < winsoff_> grawity: I think I've seen snmp on a few networks. I guess I should just read about snmp, then? Also, arp can only get me to the switch level, right?
10:50 < regdude> winsoff_: most switches should have protection against having same MAC address on multiple ports. If a device is connected directly, then if you disconnect it, then it should flush the MAC table on that port
10:50 < mgolisch> i have been thinking about the same but i have not realy come up with a great answer yet
10:51 < regdude> if the device is not connected directly, then you will have to depend on the MAC table aging timer. Between that time traffic might not reach the right port
10:51 < regdude> though some switch chips have a mechanism that will update the MAC table manually if a MAC address has appeared on a different port
10:51 < grawity> mgolisch: I suspect the answer would involve BGP or equivalent
10:52 < grawity> regdude: I think RSTP has a thing where the entire network is asked to purge its MAC tables
10:54 < regdude> grawity: sort of, yes. The topology change notification might change the ports state at that will flush the table, but only if the state changes. There are cases where the state will stay the same
10:56 < winsoff_> Why does a streaming protocol have the ability to talk about network topology?
10:56 < Razva> mmmm...folks...?
10:59 < regdude> winsoff_: not sure what you mean, but streaming protocols are either broadcast or multicast traffic, which is sent to all network nodes in a Layer2 domain
11:01 < winsoff_> Seriously?
11:01 < winsoff_> That's really interesting. Hmm.
11:01 < jvdmr> Razva: for your original question: round-robin will work, but visitor machines will keep trying the failing ip as long as it is in DNS and getting timeouts, then (depending on client implementation) trying the other ip's.
11:02 < winsoff_> Also, be back later!
11:02 < jvdmr> Razva: you may want to implement some kind of monitoring that removes the failing ip from DNS if it is offline for more than x time and re-adds it when it comes back online
11:03 < jvdmr> (or monitoring that alerts you to remove the ip manually, if automation is not possible)
11:09 < detha> Razva: this is why they invented anycast.....
11:09 < Razva> jvdmr: yup, can do that via Route53, but I was looking at a better way of doing this...
11:10 < Razva> detha: mmmm...can you please explain?
11:11 < detha> Razva: in brief: you have one public IP address, you set that on each load balancer. You announce the /24 that address is in over BGP from each site.
11:13 < Razva> ahaaaa! so each LB has the same IP? doesn't that involves a single provider? I don't know if there's any option/product out there that can do that.
11:13 < detha> You will need your own IP range, and hosting providers that let you announce that range over BGP
11:14 < Razva> ehm, that's not in my price league I guess. I have my own IP class but finding two providers that want to - at least! - announce it seems like a dead-end.
11:15 < Razva> when using a single provider + anycast, is there any way for that anycast IP to "get offline"?
11:15 < detha> single hoster? if you drop your BGP session, it'll be offline
11:16 < detha> Also if your load balancer stops responding, it'll be offline
11:16 < Razva> https://buyvm.net/anycast-vps/ < was previously looking at this...
11:17 < Razva> dropng a BGP session seems like a stretch to me (still I'm no expert so it might happen).
11:17 < Razva> regarding the load-balance, are you talking about my load-balancer (I will have at least 3) or some other networking balancer (I might just have said something very stupid)
11:17 < detha> With that setup, you don't need to worry about BGP, they have an anycast range, and give you one address out of that.
11:18 < TandyUK> Razva: If an ISP tells you they cant announce a prefix for you, imho find a better ISP  (Unless its consumer grade crap in which case well...)
11:19 < detha> Their FAQ doesn't say how they detect your VM being down....
11:21 < Razva> TandyUK: if you know any consumer ISP that can provide dedicated/colocated with my own IP class...I'll be very grateful!
11:23 < Razva> detha: from their FAQ it seems that they push you into getting 3 VMs in 3 different zones and they do the rest. I'm asking for extra information on their IRC channel.
11:23 < dminuoso> Your ISP has an IRC channel?
11:23 < Razva> dminuoso: seems that buyvm has?
11:23 < dminuoso> Im not sure whether that's cool or antiquated.
11:24 < Razva> dminuoso: well...we're all taking here on IRC so I guess it's cool? :)
11:24 < Razva> from your experience, would you rather go with some anycast VM provider and o the load-balancing there, or go with Route53 + monitors + low-TTL A-entries?
11:24 < dminuoso> Razva: Im not suggesting IRC is inherently bad - but it may not be the best solution for customer support..
11:24 < detha> Razva: that one looks to be more about latency than about failover
11:24 < djph> dminuoso: hey, if it gets you talking to the right person without going through 37 layers of people who either can't understand the problem, and/or do phone transfers correctly ...
11:25 < Razva> detha: yup, seems so.
11:25 < detha> Razva: look for the 'Anycast on a shoestring' nanog presentation from a few years ago
11:26 < detha> anyway, without getting into building your own CDN, low-TTL DNS and monitoring is about the best you can do
11:26 < dminuoso> djph: Ah it seems that its just a community chat, not an official support place.
11:30 < Razva> detha: well, Route53 offers monitoring + low-TTL DNS, currently using it for a round-robin storage cluster (I'm removing non-working nodes from the A-entry). but I was wondering if there isn't any other (more simple) solution. it seems that there isn't (except anycast). :\
11:33 < djph> dminuoso: aww :(
11:40 < grawity> regdude: on a related note, I noticed that some devices broadcast a management frame thingy to announce that they're connected
11:40 < grawity> regdude: wi-fi clients in particular (I think I saw where that's required), but seen wired devices send out a slightly different one as well
11:41 < grawity> dminuoso: IRC isn't much worse than all the "live support chat" thingies companies have on their websites
11:41 < grawity> regdude: I suppose that's also meant for updating MAC tables
11:42 < regdude> grawity: do you have more about what kind of packets are they? Generally DHCP Client will be sufficient to update a MAC table
11:43 < Razva> fyi, about BuyVMs anycast IP procedure: https://gist.github.com/Razva/6b104746aa7e6adbc01b93565d6fe497
11:47 < TandyUK> [10:21] <Razva> TandyUK: if you know any consumer ISP that can provide dedicated/colocated with my own IP class...I'll be very grateful!   <<<  I know plenty of proper ISPs who can do that, but none are consumer shit (Talktalk, plusnet, that kind of thing)
11:48 < TandyUK> as for IP's you need to get those yourself if you want PI space which you have announced via BGP
11:49 < TandyUK> dminuoso: I have a proper IRC support channel, as an ISP
11:49 < TandyUK> I dont think Ive ever seen non-staff in it lol
11:50 < Razva> TandyUK: yeah, I have my own IP class, I'm currently routing it to...nowhere, as my previous ISP dropped the "custom IP classes" option (horray).
11:51 < Razva> TandyUK: if possible can you PM me at least 2-3 providers? I'm really interested...
11:52  * djph wants to join tandy's IRC channel just to whine about ISPs in general
11:53 < anonymip> anyone here using ubiquitit unif switches?
11:53 < djph> have in the past
11:53 < djph> they're alright
11:54 < anonymip> ok, it seems very easy to manage them in the unifi controller
11:54 < djph> it is
11:55 < djph> I prefer the Edge series though
11:55 <+xand> edge stuff is better featured but unifi is nicer to manage multiple devices
11:55 < djph> more or less identical, but "traditional(tm)" command interface (i.e. each one on its own)
11:55 < anonymip> are they also mannaged in the unifi controller
11:56 < anonymip> I with all mannaged switches had the abiltity to show what's connectet to each port, it's a really nice feature in the unifi controller
11:57 < rtmataeu34> hello
11:57 < anonymip> *wish
11:58 < anonymip> hello rtmataeu34
11:58 < rtmataeu34> got nothin really to chime in im pretty newb at networking
11:58 < rtmataeu34> :D
11:58 < rtmataeu34> with*
12:04 < rtmataeu34> did anyone here get their net+
12:05 < rtmataeu34> to get into networking*
12:05 < rtmataeu34> or just went straight cisco
12:08 < djph> anonymip: no, Edge* do not show up in UniFi.
12:08 < djph> rtmataeu34: didn't do either.
12:09 < rtmataeu34> so how'd you start
12:10 < djph> the local library
12:11 < djph> got noticed in high school as ... proficient enough ... to get into the "tech support class(tm)" (essentially a gopher for the highschool's admin, but hey)
12:11 < anonymip> djph, ok
12:11 < djph> then just kept reading through college, worked for the IT department there ... got a job entirely not in networking, but still try keeping up.
12:12 < anonymip> Then I'll probably check out the UniFi US-24
12:16 < mcdnl> rtmataeu34: trial and error. i've learnt a lot trying to do things with mikrotik devices too
12:17 < rtmataeu34> I've been studying for the N+006 - its about to get retired for the 007
12:17 < mcdnl> best way of learning something is doing it
12:17 < regdude> I poked everything I saw
12:17 < regdude> until they poked back
12:17 < rtmataeu34> havent really had much exposure that way*
12:17 < mcdnl> if you wanna learn the fast and hard way, test things in production :)
12:17 < mcdnl> xD
12:18 < mcdnl> ps: don't
12:18 < rtmataeu34> yeah i think I'll skip over that one :)
12:18 < regdude> be an intern in an ISP, start testing BGP and announce all prefixes
12:19 < mcdnl> lol
12:22 < rtmataeu34> so id literally be a speaker node
12:22 < rtmataeu34> is what you are telling me
12:23 < rtmataeu34> * imagines a soapbox and being in a period piece set in the 1800's
12:33 < rtmataeu34> mcdnl not offtopic but that mikrotik routerboard looks pretty sweet on amwzon
12:35 < squ> how sweet?
12:35 < regdude> bitter sweet
12:35 < djph> I hear mexed reviews about 'tik (although, suppose that's same as any manufacturer). Though, as I understand it, their licensing scheme is backasswards.
12:36 < squ> what router price is sweet
12:36 < squ> djph: why do you care about license?
12:36 < regdude> there is a reason why SFP+ switch costs 3 times less
12:36 < djph> squ: for me, the "lower end(tm)" of the UBNT ER series.  I mean, $50 for an ER-X? c'mon
12:37 < djph> regdude: hmm?
12:37 < squ> regdude: and this reason is it is not produces in america?
12:38 < regdude> mostly yes, underpay programmers and engineers in a very poor country to manufacture devices
12:38 < regdude> not sure why would anyone care about licenses there though
12:39 < squ> regdude: other opinion is fat and rich americans can't do anything useful
12:40 < regdude> true, a small company with few workers are competing with multi million/billion companies
12:41 < squ> I accidentally discovered ubiquity devs are in same country as mikrotik
12:41 < gallax> squ: is that good or bad?
12:41 < squ> idk, posted youtube video yesterday
12:41 < regdude> I think you misread it, the director is from the same company
12:41 < regdude> *country
12:43 < squ> all inside parts cost dollar-cents, and are made in China
12:43 < regdude> oh, some actually are from there, so yeah, outsourcing
12:43 < rtmataeu34> they sell just the mikrotik board without the case and antenna ?
12:44 < rtmataeu34> is that a thing?
12:44 < squ> afaik even iPhones are made this way
12:44 < regdude> for OEM reasons this is very common
12:46 < rtmataeu34> theres this routerboard for 89 but theres also a WAP ac for the same price and its- assembled. lol
12:47 < djph> squ: because if I have to purchase a different ("better") license to use "all the features of the device", that's a pain in the fucking ass.
12:47 < regdude> djph: what feature were you missing in a lower level license on the device you got?
12:48 < djph> regdude: none, since I never bought mikrotik.  I could well be mistaken on their licensing model.
12:48 < regdude> rtmataeu34: the PCBs are not meant for home users
12:49 < regdude> djph: well for average SOHO router you get VLANs, VPN, load balance ,firewall and whatever else you can think of, but you are missing MPLS, BGP and support for 1k hotspot users. I guess some people want to run an ISP off a 50$ router
12:49 < squ> djph: what for do you need license?
12:49 < detha> djph: there are license levels yes. But the 'default' license level normally corresponds with what a sane person would use the device for, only if you take something that was obviously meant as CPE and want to hand it on a tower you run into that
12:50 < squ> djph: sorry didn't read answer
12:50 < rtmataeu34> so what is a "sane setup" nowadays for a basic tinkerer
12:51 < regdude> I did once saw someone complaining that his router is not capable of running 1000 routes using OSPF and wanted to use BGP, but was not available in that license, he bought a router that costs 70$
12:51 < rtmataeu34> pretty sure theres a reddit for that
12:51 < detha> 'sane setup' is relative, just look at /r/homelab
12:52 < regdude> rtmataeu34: all of their devices are highly configurable, they use the same software on a 20$ and on a 3k$ router
12:55 < squ> using 2 hAP ac https://mikrotik.com/product/RB962UiGS-5HacT2HnT
12:56 < squ> configured everything as I wanted, have no complains
12:56 < regdude> 5G is reaching high speeds?
12:56 < rtmataeu34> i was gonna try to get a router but not like a prosumer one
12:56 < squ> rtmataeu34: I don't think its pro
12:57 < regdude> get any of them, just don't go into sections  you don't need to
12:57 < squ> regdude: did not bothered to measure, and the connection from ISP is only 1 mb/s
12:58 < rtmataeu34> sections?
12:58 < squ> one of interesting feature I thought to use is, DHCP logs
12:58 < squ> theoretically possible to connect to router via shell and notify me when certain user iPhone connects to wifi
12:58 < regdude> like I said, a 20$ router has the same software as 3k$ router, you will see options to configure features that are more likely only relevant to ISPs
12:59 < squ> or look logs to see when user left the area for example
12:59 < regdude> you can use scripts to email you when that happens
12:59 < rtmataeu34> squ: sorry i was segwaying, yes its not prosumer*
13:03 < djph> detha: ah, fair enough.
14:29 < mcdnl> rtmataeu34: the hAP AC is pretty good
14:29 < grawity> regdude: "sufficient" – assuming the device uses DHCP...
14:29 < mcdnl> sfp, 5 gigabit ethernets, dual chain
14:29 < mcdnl> i mean, dual band, triple chain for 2ghz and double chain for 5ghz
14:29 < grawity> regdude: IIRC, both kinds of the frame I've seen were raw-ish LLC stuff
14:30 < regdude> mcdnl: triple for both
14:31 < regdude> grawity: must be something vendor specific, though LLDP delivers packets using LLC as well
14:32 < mcdnl> ah yes, both triple, 5HacT2HnT
14:32 < mcdnl> pity it isnt multicore
14:32 < regdude> that is why hAP ac2 exists
14:32 < grawity> regdude: oh, in case of Wi-Fi, I think the name is "Layer-2 Update Frame"
14:32 < mcdnl> oh
14:32 < mcdnl> that's new
14:33 < mcdnl> what about hardware acceleration for encryption?
14:33 < grawity> > forged by the AP
14:33 < grawity> regdude: https://superuser.com/a/696886/1686
14:33 < mcdnl> ill have to check out, i hope it supports aes-gcm
14:33 < regdude> mcdnl: the CPU has a built-in acceleration for IPsec
14:34 < grawity> yeah but which ciphers is it capable of accelerating...
14:34 < mcdnl> yeah, but not all ciphers
14:34 < grawity> https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Hardware_acceleration
14:34 < mcdnl> mostly aes-cbc sha1/sha256
14:35 < mcdnl> yes, i was just checking that
14:35 < regdude> mcdnl: what ciphers do you need?
14:35 < grawity> unfortunately, RouterOS sends different cipher IDs for AES-GCM than strongSwan expects
14:35 < regdude> *wnt
14:35 < grawity> so that's garbage
14:35 < mcdnl> regdude: i'd just like it to have aes256-gcm-sha256-dh2
14:35 < regdude> grawity: this is an interesting packet, not have seen it before, thanks!
14:35 < mcdnl> 0
14:36 < mcdnl> dh20
14:36 < grawity> mcdnl: dh2048?
14:36 < grawity> waste of cpu tbh; ecp256 is enough
14:37 < mcdnl> group 20, i dont remember the modp
14:37 < grawity> ah, group 2 is ecp386 then
14:37 < grawity> 20*
14:37 < grawity> regdude: so yeah, by "LLC" I also meant that it's a LLC control frame, not just in LLC encapsulation
14:37 < regdude> that is a bit overkill for a soho router, but the CPU simply does not have any logic for that cipher, maybe someone will manufacture one
14:38 < grawity> the table says it does
14:39 < mcdnl> meh, i dont really care, it's just i wish. if i had to do strong ipsec tunneling with mikrotik id go for rb1100ahx4
14:39 < mcdnl> anyway, it's not fully realiable still, i've seen hangs that need a reboot on both sides to work again
14:40 < regdude> the CPU can cipher anything, but the built-in logic won't be able to offload SHA256 for GCM
14:41 < regdude> mcdnl: you should report that issue, they tend to fix such issues quite fast
14:41 < mcdnl> yeah i know
14:41 < mcdnl> i'm mt cre/cwe/tce
14:41 < mcdnl> maybe someday ill do the trainer
15:32 < Thuryn-> j0
16:18 < mh_le> is there any reason to have 2.4GHz wifi on if ones devices uses 5GHz?
16:19 < Kingrat> if devices get too far away for 5ghz 2.4 will still work as a fallback
16:19 < mh_le> Kingrat: what distances are we talking about? I live in an apartment
16:20 <+catphish> mh_le: there's no good reason to have 2.4GHz on if none of your devices need it, no
16:20 < Kingrat> 5ghz doesnt go through walls very well, if you still have a very good signal everywhere on 5ghz i guess you could turn it off
16:20 <+catphish> but if you have problems with range, you may want to reconsider
16:21 <+catphish> as Kingrat says
16:21 < mh_le> right, thanks for the adivice :)
16:21 < Aeso> yeah, it's heavily dependent on the environment, but if you don't have a device/location that needs 2.4, it's preferrable to turn it off
16:22 < mh_le> everyone of my devices are not connected with 2.4
16:22 <+catphish> 2.4GHz is congested, so i guess it's polite not to broadcast on it if you aren't using it
16:22 <+catphish> mh_le: then you can almost certainly turn it off :)
16:22 <+catphish> if you find you need more range, you can always turn it back on later
16:23 < Kingrat> catphish, polite? like neighbors using 40mhz 2.4ghz channels, screw that turn it on and waste their air time ;)
16:23 < Aeso> as far as range goes, you can also tune your channel width to support 5GHz at longer ranges
16:23 <+catphish> Kingrat: no, not like neighbors using 40MHz, polite is the opposite of that
16:23 <+catphish> Aeso: channel width should always be 20MHz :)
16:24 <+catphish> unless you have a really really good radio environment and need the extra speed i guess
16:24 <+catphish> but i've never seen any benefit from it myself
16:25 < Aeso> With APs that support the DFS channels you can run wider channels to improve throughput and limit distance without trouncing all over your neighbors
16:25 < Aeso> but it's purely optional, of course
16:25 < mcdnl> normal people doesnt care about stomping others airtime
16:26 < mcdnl> dont* care
16:26 < Aeso> mcdnl, there's no personal benefit to seeding torrents either, an yet it happens :)
16:26 < mh_le> My ISP finaly gave me a decent router :D
16:27 < Aeso> It's all part of being good neighbors.
16:27 <+catphish> mcdnl: i'd imagine they do, because it goes both ways equally, most people just dont know
16:27 < mcdnl> yeah, but people who usually use bittorrent might know about what seeding is for
16:27 <+catphish> if they understood, they'd care
16:27 < mcdnl> that's the point
16:27 < regdude> when my neighbors get loud, I just turn on a high gain antenna with the same frequency, then they are busy figuring out why wifi is not working
16:27 <+catphish> regdude: that's astonishingly illegal
16:27 < Aeso> regdude, why bother with all that effort when you can just spam deauth packets at their clients?
16:28 < Aeso> >:)
16:28 <+catphish> also illegal :)
16:28 < mcdnl> regdude: so do I. 3 1W aps
16:28 < regdude> my country doesn't care about that, I use 1x 1W transmitter
16:29 <+catphish> i doubt that's technically legal anywhere, but i'm sure there are plenty of places it doesn't matter
16:29 < Aeso> mcdnl, don't mind me as I drive by on the street and grab enough packets to run an offline dictionary attack against
16:29 <+catphish> but there's little value in it
16:29 < regdude> but when you turn on a 24GHz antenna, then traffic cops get really serious
16:29 < mcdnl> Aeso: i just turn them on with an open ssid, ch1 ch6 ch11
16:30 < Aeso> mcdnl, you monster
16:30 < mcdnl> :D
16:30 < meowschwitz> yall should look up guns they make from microwaves to... quell overzealous neighbours
16:31 < mcdnl> Aeso: i dont usually do it, but there was a party once, and at 2 am i was pissed enough already. turn on aps, music stops
16:31 < Thuryn-> lol
16:31 < Thuryn-> i guess they were streaming their music?
16:31 < mcdnl> yes
16:31 < mcdnl> iphone i guess
16:31 < Thuryn-> headshot
16:32 < mcdnl> bunch of snobs xd
16:32 < regdude> you can deal with iPhones in a more sophisticated manner. Buy a router from a different region and place it near the phone. It has a country code scanner and will try to switch between regions
16:33 < mcdnl> ooh, that's new
16:33 < Thuryn-> protip:  turn off YOUR iphone first
16:33 < regdude> not sure if I should have told that, but have fun
16:38 < LunaLovegood> Can I rate limit a specific VLAN? like with
16:38 < LunaLovegood> tc qdisc add dev eth4.100 root tbf rate 150mbit burst 4mbit latency 50ms mpu 64
16:39 < mcdnl> i guess you should be able, haven't tested with a standard linux
16:39 < LunaLovegood> cool
16:40 < mcdnl> test it, always the fastest route
16:40 < LunaLovegood> Also can I put CoDel before that TBF or will it do nothing?
16:41 < mcdnl> i have no idea xD haven't used queuing that much
16:42 < LunaLovegood> I want to route to a bunch of vlans, each with a specific rate limit, and I'd like to have codel too on each.
16:42 < LunaLovegood> gues I'll go ahead and test stuff
17:39 < woodruff> Hello, is there a way to add secondary IP address to the lo interface using DHCP?
17:41 < detha> that sounds like an odd requirement. Why would one want to do this?
17:43 < detha> (and no, unless you are on the machine running the DHCP server and set up the dhcp server to listen on lo)
17:45 < system16> hi. i have enabled ap mode on my router. but almost everything is locked. mac filter is locked. parental control is locked etc.
17:45 < system16> is this normal ?
17:46 < djph> no.
17:46 < system16> i have a modem router combo . but since its wifi range sucks i had to use another router in order to extend wifi
17:46 < djph> well, unless it shows you a status page when you're not actually logged in.
17:47 < system16> no. i am logged in as admin right now
17:47 < system16> sucked*
17:48 < system16> isp>>modem-router combo>>router
17:48 < system16> how can i unlock these options
17:49 < system16> i really need them. especially url filter
17:49 < system16> and mac filter
17:49 < detha> is that an ISP-provided device?
17:50 < system16> that modem router combo ? yes
17:50 < detha> either ask the ISP, or see if you can get it in bridge mode and do things on a device you control
17:50 < system16> that router was provided by an old isp. they dont exist anymore
17:51 < system16> can i manually put it in ap mode ?
17:51 < kottt> maybe
17:51 < kottt> but we can't answer that
17:51 < system16> like disabling nat and...
17:51 < kottt> since different ISPs will lock down their gear differently
17:52 < system16> kottt, really ?
17:52 < kottt> if you've tried factory defaulting the router and logging into it and you can't find the settings you want
17:52 < kottt> then there's nothing we can tell you that will help
17:53 < kottt> you'll have to do your own research, maybe somebody else figured out how to unlock whatever router/isp device you're trying to use
17:53 < kottt> personally i'd just shell out the $50 for a n AP
17:53 < kottt> <_<;
17:53 < system16> those options will get disabled when i enable ap mode. i dont think it has something to do with the isp
17:54 < system16> they are accessible y default
17:54 < system16> by*
17:54 < kottt> oh... wait what are you trying to do exactly?
17:54 < kottt> of course those settings get locked in AP mode
17:55 < kottt> an AP mode is essentially just a wireless switch
17:55 < kottt> s/mode/
17:55 < kottt> by default, do not expect an AP to provide any network service other than layer 2 connectivity
17:56 < system16> so its normal kottt ?
17:56 < kottt> yes
17:56 < kottt> so what are you trying to do?
17:56 < detha> mac filter is a standard AP feature. But anyway, sounds like the usual shitty firmware, ditch it and get something decent
17:57 < djph> detha: and it's trivial to get around, so not exactly a dealbreaker
17:58 < detha> djph: ssst, people like their mac filters. Keeps unwanted neighbours out
17:58 < system16> kottt im trying to activate those options but looks like i cant.
17:58 < kottt> fgsfds WHY do you want to activate those options
17:58 < djph> detha: so does "PassWord123"
17:58 < kottt> what are you trying to do in the grand scheme of things with this modem+router
17:59 < system16> and that pos modem router combo doesnt have parental control and access time etc.
18:00 < system16> nvm.
18:01 < system16> i got my answer.
18:01 < system16> thanks 4 your help
18:18 < efb> Ok if EOC is ethernet over copper what the heck is FE?
18:20 < Thuryn-> Final Ethernet
18:20 < Thuryn-> (where are you seeing EOC or FE?)
18:22 < Aeso> efb, I have no idea what your context is, but considering the other option, FE might be Fiber Ethernet?
18:22 < grawity> I would guess "Fast Ethernet", as in 100BASE-T
18:23 < efb> Thats what I am assuming as well Fast Ethernet
18:23 < grawity> well, -TX
18:23 < efb> but Fiber Ethernet makes sense too especially if they are listing off two options as EOC and FE
18:23 < grawity> ...or I guess just any 100BASE-X
18:24 < grawity> I mean, there are like four variants of 100BASE-<fiber>
18:24 < Thuryn-> SX, LX, and... ?
18:25 < grawity> https://en.wikipedia.org/wiki/Fast_Ethernet#Fiber_optics
18:26 < grawity> most FE and GE links at $work are -BX
18:26 < Thuryn-> aren't those the single-connector type?
18:27 < grawity> yes
18:27 < Thuryn-> single strand, rather?
18:27 < grawity> yes
18:27 < Thuryn-> that's cool stuff
18:27 < grawity> ¯\_(ツ)_/¯ I mean, why not
19:18 < dunpeal> How reliable is TCP/IP in practice?
19:18 < dunpeal> What are the odds that a message will be undetectably corrupted?
19:19 < dunpeal> (Different / missing / extra bits)
19:21 < djph> "very"
19:21 < djph> "not very"
19:22 < djph> I mean, yes it happens, but not all that often
19:23 < djph> for example, my router's transmitted 1,306,183,251 packets, with zero errors
19:24 < dunpeal> djph: What's "an error" in this context?
19:24 < djph> and received 1,543,308,079 packets with zero errors.
19:25 < djph> errors are malformed frames
19:25 < dunpeal> So even these are detectable errors, or your router wouldn't be able to count them :)
19:26 < djph> yup
19:27 < djph> although that might be "ethernet frames" (L2) rather than "IP Packets" (L3) ...
19:27 < djph> but in either event 1.5 billion of them with zero errors
19:28 < detha> dunpeal: do the math. TCP checksum is 16 bits. chances of an undetected single bit error should be ~ 1 in 65536, per packet.
19:30 < dunpeal> detha: thanks. that's not that low
19:31 < detha> dunpeal: no. but that is on top of L1/L2 error detection.
19:32 < detha> Also, bit errors are like tequilas. They seldom come alone.
19:32 < dunpeal> What's that?  I assume the checksum is just that: a hash of the packet, 16 bits in length. What's L1/L2?
19:32 < detha> layer 1 and 2
19:32 < dunpeal> Oh, I guess you mean the lower level layers
19:58 < wadadli> Is there a way to extract the pppo user and password from a modem?
20:30 < Nothing4You> can you recommend me a way to figure out which tls versions / ciphers an application supports?
20:30 < Nothing4You> not sure if this fits this chan but it kinda is network related
20:31 < Nothing4You> i'm probably just looking for a simple tool providing a listening port and checking what the client sends as supported ciphers
20:32 < Aeso> Nothing4You, nmap --script ssl-enum-ciphers -p 443 yourtest.app
20:33 < Nothing4You> Aeso: that's for scanning a server, right?
20:33 < Nothing4You> my first message was ambiguous, i'm trying to figure out what a client supports
20:34 < Aeso> oh, jeez
20:34 < detha> Nothing4You: openssl s_client with high enough debug level may show that
20:35 < Nothing4You> detha: that also would test the server, not the client
20:35 < detha> Nothing4You: sorry, s_server
20:35 < Nothing4You> i've never used s_server, i'll give that a try, thanks
20:37 < detha> not a quick test, you have to give it some certs etc, but debug level can be set to 'ridiculously verbose'
20:37 < Nothing4You> ok
20:37 < Nothing4You> i'm fine with that
20:54 < Thuryn-> grawity, is there much of a price increase for the -BX optics?
20:54 < Thuryn-> and are they available for 10 Gb yet?
20:54 < Thuryn-> -BR?
20:56 < Apachez> -BD
20:58 < arooni> anyway given a web audio stream to determine how many kbps it actually is?
20:58 < Thuryn-> *any way.  two words.
20:59 < arooni> thanks :P
20:59 < Thuryn-> if you have the packet capture, Wireshark can give you those stats
20:59 < arooni> is there another way?  wireshark sort of requires me to find which part of the traffic it is
20:59 < Thuryn-> actual data throughput, of course.  it's not going to tell you the encoded bit rate (audio quality)
21:00 < arooni> thats what im after
21:00 < Thuryn-> no, you'd have to have the actual stream to see that.
21:00 < arooni> well i have the url to the stream
21:01 < arooni> just most audio players ive tried dont tell me hat it actually is
21:01 < tds> If you open it in something like VLC I'd expect it to show that?
21:01 < Thuryn-> depending upon the application, the player might be able to change bit rates based on available bandwidth, loss, jitter, etc.
21:01 < Thuryn-> VLC should be able to, yes.
21:02 < arooni> is a FLAC always uncompressed
21:02 < Thuryn-> Cmd-I on the Mac.  not sure on Windows (but "get info" basically)
21:02 < arooni> and is it the best i could expect to stream?
21:02 < arooni> ive got a mac and ubuntu here
21:03 < Thuryn-> FLAC is lossless.  that doesn't mean the data stream is NECESSARILY uncompressed (though it probably is)
21:05 < Thuryn-> https://www.magneticmag.com/2018/03/flac-and-the-future-of-audio-streaming/
21:06 < Aeso> lossless compression happens all the time (see: zip files)
21:18 < Thuryn-> that's what i said.
21:18 < arooni> flac would be the best i could expect streaming radio right
21:18 < Thuryn-> for varying definitions of "best," yes.
21:18 < Thuryn-> best *quality* audio for the least bandwidth that I know of, in that order of precedence.
21:19 < TandyUK> OPUS is probably the best for size, flac is almost certainly best for audio quality
21:20 < TandyUK> OPUS gets surprising good sounding audio in a shocking small bitrate
21:20 < TandyUK> OPUS is fast becoming the preference for anything VOIP for a reason :)
21:21 < Thuryn-> yeah if you reverse the precedence order of the requirements and minimize bandwidth, there are plenty of formats that are "just fine" within the levels of audio quality that most people can hear (and that most audio equipment can reproduce in a random playback environment)
21:21 < Thuryn-> everything else being equal, you can drop the bit rate if playback occurs in a noisy room
21:22 < TandyUK> and drop stereo to mono, most people would never notice the difference
21:22 < TandyUK> especially on voip, when theres only 1 speaker ;)
21:22 < Aeso> the problem with FLAC (imo) is that people often provide 24-bit, 192KHz which is wholly unnecessary. You could throw away 90% of that extra resolution and have no measurable difference under Nyquist
21:23 < TandyUK> Aeso: "But it wasnt the highest quality choice it gave me" lol
21:23 < Thuryn-> "extra" above what?
21:23 < TandyUK> like when people used to rip cds to 256bit mp3s
21:23 < TandyUK> the cd ofc is only recorded at 96kbit
21:23 < Thuryn-> 384kbps, baby!
21:23 < detha> TandyUK: One of these days VOIP will figure out how to properly do conference calls, so there can be more than one speaker (and shouting)
21:24 < TandyUK> detha: I thought we solved that years ago
21:24 < Thuryn-> detha, it's all in the codec.  Polycom phones are pretty good at it.
21:24 < TandyUK> we do 20+ person conferences all the time, no issues with people speaking over each other
21:25 < detha> Most conf calls still have too much echo suppression
21:25 < TandyUK> whe nit gets annoying, moderation goes on and the person running it essentially voices people like on irc :)
21:25 < Thuryn-> TandyUK, is that just because the attendees aren't assholes to each other?
21:25 < TandyUK> Thuryn-: that probably does have an impact on it
21:25 < Thuryn-> :D
21:25 < TandyUK> 20 people who actually want to all talk (and more importantly listen) to each other
21:29 < Aeso> Thuryn-, consider: The human ear can't hear anything north of ~22KHz. The Nyquist theorem tells us that you only need to double the sample rate of the highest frequency content in the sample to characterize a unique waveform.
21:30 < Aeso> Thus, you only need a 44KHz sample rate to capture and reproduce a waveform with frequency content >=22KHz.
21:31 < Aeso> As for sample bit depth, it's a matter of dynamic range. 16 bits gives you enough resolution to represent a 120dB range. Any sound beyond that volume range is a threat to your hearing safety. :P
21:32 < Aeso> (whoops, turns out 16 bits is 96dB range, but the gist is the same)
21:33 < Aeso> Unfortunately, most people follow the 'more bits, more better' philosophy and fall prey to the placebo effect.
21:35 < detha> 16 bits normalized. For intermediate stuff or recording you need more, for the final product 16 bits is more than sufficient.
21:36 < TandyUK> 96dB is still pretty fking loud
21:36 < TandyUK> and tbf if you want more than that, it aint comng from the source, you amplify it
21:37  * TandyUK thinks it is time to get out 'the rig' again soon
21:37 < detha> Quite so. But amplifying low bit rates ives quantization noise
21:37 < detha> *gives
21:37 < TandyUK> 12.5KW of beautiful sound (assuming its turned up!)
21:37 < TandyUK> yeah, vinyl ftw
21:38 < TandyUK> and XLR / SpeakOn's throughout for plugging stuff in
21:38 < Aeso> detha, true, but you can shift all of your quantized frequency content to a range that's less intrusive in most cases
21:38 < TandyUK> I cry when i see "DJ"s using phono connectors
21:39 < Aeso> You can also play back the audio without quantization, but you get these weird multi-order harmonics. It's pretty neat, actually.
21:39 < detha> Aeso: true. but that means fiddling with the content. True audiophools want 1:1 from source to sound
21:40 < TandyUK> *true* audiophiles will still use analog sources and valve based amps
21:41 < TandyUK> digitally reproduced sound is probably like 99.9% as good as it can ever get by now, but it can never match the 'warmth' of analog sound imho
21:41 < Aeso> detha, that's when you remind them that musicians don't record with binaural mics strapped to a head mannequin and the sound stage they're hearing is totally manufactured anyways :P
21:42 < TandyUK> unless ofc theres more digital fuckery going on to fake that 'warmth'
21:42 < Aeso> TandyUK, fools and their money are easily parted, and all that. :P
21:43 < TandyUK> aye, i did a gig for some like that once
21:43 < TandyUK> played a couple of tracks via 3.5mm jack to phonos from spotify on my phone just to test if they would notice
21:44 < TandyUK> with all the 'better' quality options spotify has ofc, and no, they didnt notice one bit lol
21:45 < detha> Blind tests is cheating ;)
21:45 < detha> You have to include the 'it looks like expensive gear' in the experience
21:46 < TandyUK> https://www.bbc.co.uk/news/technology-44457166
21:46 < TandyUK> when will people learn lol
21:47 < TandyUK> that just makes me think of the customer who now has somewhere in the region of £1000 worth of wired/wireless kit in their house, to make one of those 'ring' wireless doorbells work properly
21:48 < TandyUK> they seemed surprised when they found out the front door has shit wifi signal  (There was maybe 12 feet of concrete between it and the nearest AP)
21:48 < TandyUK> and i just cant fathon why they dont make a wired POE version of it - then i would probably quite like one
21:49 < TandyUK> fathom*
21:50 < detha> The current version will have batteries. No thanks. PoE would be nice though.
21:51 < TandyUK> yup lol, i get calls from her occasionally complaining its not working, and i have to remind her to charge the fker
21:51 < ||cw> except it's targeted at average consumers, and average consumers don't want to run wires
21:52 < TandyUK> it just gives them false sense of security though
21:52 < TandyUK> all the video recording is cloud based, it has no local storage, and average consumers dont realise how trivial it is to completely jam wifi for a short period, thereby rendering it utterly useless
21:53 < TandyUK> its lucky im not a criminal really lol
21:54 < TandyUK> between my security engineer and locksmithing roles, i doubt theres much i couldnt get into
21:54 < TandyUK> but criminals need to worry about leaving fingerprints and stuff
21:56 < TimeVirus> so Glad I'm not your average consumer - By far I prefer cabled LAN
21:56 < TimeVirus> lol
21:57 < TandyUK> Amen to that
21:57 < TandyUK> need wifi?  heres a 100ft cable that reaches every square inch of the building
21:58 < Apachez> praise the lord
21:58 < Apachez> hallelulja
21:58 < dunpeal> detha: btw, I just realized that the odds of an undetectable corruption are lower than 1/2**16
21:58 < Apachez> all your bgp belong to us
21:59 < dunpeal> Because we have to multiply that by the odds that any corruption will occur.
21:59 < dunpeal> Also, TCP packets are of known size, right?
22:00 < detha> dunpeal: checksum goes over a 'fake' header, including length fields etc.
22:00 < dunpeal> (The 1/2**16 does mean that if the network is prone to packet corruption, then a relatively high portion of these corruptions would be undetectable)
22:01 < detha> but it is a simple checksum, not a CRC
22:01 < dunpeal> OK, so size changes will be detected.
22:03 < detha> undetectable is probably actually lower yes, 2^16 * packetlen * something,  single bit error in packet, and single bit error in checksum
22:04 < mgrech> hi, i've been having issues with the connections to my irc bnc for quite a while now. from the gui view the connection just "goes away" after a while and this happens fairly regularly for no obvious reason. i've captured a wireshark trace of the problem but i'm not really sure what to make of it, it's just obvious that something is wrong...
22:04 < mgrech> trace looks like this: https://i.imgur.com/GVDHxAl.png
22:05 < mgrech> could anyone help me make sense of it?
22:14 < Apachez> mgrech: then you will love this https://i.imgur.com/yXEj1BF.png
22:14 < mgrech> Apachez: yeah... what's wrong with the way i'm asking?
22:15 < detha> nothing. that looks like two very confused machines doing a 'I was first' 'No I was first' dance with sequence numbers
22:17 < mgrech> it's weird, it seems to happen spontaneously. and when it does, my two other connections to the bnc get disconnected too, most of the time, but not always. and the traces for those connections look different. one has retransmissions but no duplicate ACKs and no RST, the other just goes RST directly without any obvious issues...
22:18 < mgrech> https://i.imgur.com/GjEVs6E.png -- third connection, this time the server seems to send RST
22:18 < mgrech> this all happened at the same time
22:20 < mgrech> my bnc is behind an nginx proxy if that matters
22:22 < detha> the first one seems to be the cause, the others could be the server deciding 'this client is broken, kill all connections from it'
22:22 < mgrech> yeah, looks like it
22:22 < mgrech> i've also had this issue back when my bnc was on a completely different machine
22:23 < detha> But in the first one, both sides transmit at the same time, then don't ACK but do early retransmits with the old sequence number
22:24 < detha> maybe play with no_push option on the nginx side, or things like that
22:30 < grawity> Thuryn-: for 1G there doesn't seem to be any difference; for 10G dunno, according to fs.com listings they're available but slightly more expensive
22:35 < Apachez> grawity: what are you answering?
22:35 < Apachez> something from last decade?
22:36 < BrianBlaze> hey guys, I have a stupid networking issue... I am trying to allow access to a network folder on windows via ftp...
22:37 < BrianBlaze> I can see the folder and go into it and take files from it
22:37 < BrianBlaze> but I can't put files into the folder I get 550 permission denied
22:37 < BrianBlaze> I am not sure what to do to allow write
22:37 < Apachez> on the ftp server software
22:44 < BrianBlaze> so simple
22:44 < BrianBlaze> thanks Apachez
22:44 < BrianBlaze> <3
23:33 < Apachez> https://www.youtube.com/watch?v=ljOoGyCso8s  Inside a Huge PCB Factory - in China
23:42 <+catphish> cool
23:43 < djph> catphish: how's that router you're designing coming along?  o
23:45 <+catphish> djph: i found some decent hardware (lanner) and wrote a basic bootable system that could swich, i couldn't be bothered to write the routing layer, so i gave up there, and decided that linux would be perfectly good for that
23:46 < djph> haha, guess that works
23:47 <+catphish> so, it could probably do switching with a custom OS, or routing with linux
23:47 <+catphish> but i don't think there's a worthwhile market or project there
23:48 <+catphish> however i then got more interested in azonenberg's open source switch, so gonna wait for his hardware design and see if a cool open source managed ethernet switch can be made
23:48 < alesan> azonenberg's open source switch? what is that?
23:48 <+catphish> i'll be looking to work on some software for that time and money permitting
23:48 <+catphish> alesan: i think all the words are self explanatory
23:49 <+catphish> it's an open source ethernet switch
23:49 < alesan> it's a open source VHDL design?
23:49 < alesan> or whatever hardware description language
23:50 <+catphish> verilog for the fpga, and a hardware design to go with it
23:50 <+catphish> for the ports etc
23:50 < alesan> interesting
23:50 <+catphish> it's quite involved, and mostly beyond my level of expertise
23:50 < alesan> azonenberg, do you have a home page for this project?
23:50 < ||cw> link?
23:52 <+catphish> lots on his twitter and github
23:52 < alesan> name of the project catphish
23:52 < alesan> well would you be so kind to give us a name or a link
23:52 < alesan> I'm not sure how to find azonenberg's twitter
23:52 <+catphish> really?
23:52 < alesan> OK you know what
23:52 < alesan> forget about it
23:53 < ||cw> I don't want to crawl twitter and irc logs.  and the github only has some core fpga stuff and some uncommented board designs
23:54 < ||cw> i see nothing that leads to a open source network switch being anywhere near a reality
23:55 < ||cw> closest thing I've seen to one is some of the openwrt boards
23:55 <+catphish> i don't believe there's an openwrt device with a worthwhile switch
23:55 <+catphish> :(
23:56 < ||cw> they are fine for home/small lab use
23:56 < ||cw> only fine though
23:56 <+catphish> like what?
23:56 <+catphish> i wasn't aware of anything beyond 5 ports
23:56 < ||cw> like the ones with hardware vlan support
23:57 < ||cw> true, 5 ports is about all you get
23:57 < alesan> can VLAN be a software feature?
23:57 < ||cw> yes
23:57 <+catphish> alesan: yes
23:57 < alesan> how comes
23:57 <+catphish> but it'll be much slower if its implemented in a cpu vs an asic
23:57 < ||cw> vlans are software on linux hosts...
23:58 < alesan> but in linux hosts VLAN pretty much means the packets are tagged in a given way
23:58 <+catphish> any linux system can do vlans, but it won't be as fast as a switch IC
23:58 < alesan> there is no VLAN broadcast domain processing no?
23:58 <+catphish> alesan: yes, that's what a VLAN is
23:58 <+catphish> i don't know what you mean by that
23:58 < alesan> that's a very small part of what VLAN is
23:59 <+catphish> vlan is just tagging frames with a number and separating them accordingly
23:59 < alesan> VLAN in itself is a way to specify how packets are forwarded on a switch ports
23:59 <+catphish> making multiple logical switches from a single physical piece of hardware
23:59 <+catphish> nothing more complicated than that
23:59 < alesan> yeah that is the broadcast domain you have described
--- Log closed Thu Jun 14 00:00:11 2018