--- Log opened Fri Jun 22 00:00:08 2018
00:00 < TandyUK> who clicks random urls anyhow
00:00 < TandyUK> (in here at least)
00:08 <+catphish> tomreyn: how'd you gather that so fast?
00:09 <+catphish> oh it's thedubber.altervi--sta.org, he posts that regularly, i still have no clue why
00:10 < Jonta> Probably catfishing
00:11 < Jonta> I mean…
00:11 < Jonta> Woops
00:11 < Jonta> That joke must be very tired. A apologise
00:29 < E1ephant> spearfishing for cats
00:34 < ryao> I was just tech support for one of my neighbors. I had changed his address space yesterday. He had one Windows machine that insisted on using the old IP address, even if I tried manually setting it. `ipconfig /release` and `ipconfig /renew` made it cooperate, but this was ridiculous.
01:12 < banisterfiend> hi there, when doing an 'ipconfig /all' on windows it shows the 'gateway ip' for each interface..what determines this? does it just figure it out from the routing table? and how come some interfaces do not have a gateway ip yet they still clearly work?
01:13 < adleff> the gateway is assigned by dhcp or manually configured
01:13 < tds> don't forget about ipv6, router advertisements are a thing :)
01:13 < adleff> in ipv6, the gateway is learned via periodic messages sent by the routers
01:13 < banisterfiend> adleff in the case of tap devices, do they get given a gateway by 'dhcp' too?
01:13 < tds> actually, iirc v4 router advertisements are a thing as well, just nobody uses them
01:13 < adleff> banisterfiend, if they are bridged into the same lan, yeah
01:14 < adleff> you also have to configure an interface to receive dhcp configuration
01:14 < adleff> if there's no such config for the tap interface it won't seek an ip address
01:14 < E1ephant> (to ask for dhcp)
01:14 < banisterfiend> but why do 'gateway ip's even need to be assigned to an interface? can't it also be derived from the routing table?
01:14 < E1ephant> the client requests in dhcp
01:15 < E1ephant> banisterfiend: it is derviced from the route table, you can't actually have multiple def gws
01:15 < E1ephant> windows used to not allow this at all, I assume for dhcp it uses weights and time to pick
01:16 < banisterfiend> i guess my quesiotn is why does windows bother to assign gateway ips to an interface, when the OS can just do all the work by examining the routing table, why is it even a thing?
01:16 < E1ephant> it's just storing a value it received from DHCP, in case it's needed in the future
01:17 < E1ephant> would be my assumption, so if your normal gw goes away
01:17 < E1ephant> that one could be installed in the route table
01:17 < banisterfiend> the 'gateway' ip is just the default route right?
01:17 < E1ephant> yes
01:17 < banisterfiend> what if the default route is setup differently, as it is often with vpns
01:17 < E1ephant> or rather, the host IP where you want to next-hop to
01:17 < qman__> Gateways are stored per connection because logically if that connection was down, that gateway would be unavailable
01:18 < banisterfiend> in the case of vpns where they divide the network up to use the 0-> 128.0.0.0  and then 128 -> 255.255.255.255
01:19 < E1ephant> that is one way to do it
01:19 < banisterfiend> there is no 'default route' in that case
01:19 < E1ephant> yeah there is
01:19 < E1ephant> it's just two routes
01:19 < E1ephant> it's effectively your default
01:19 < banisterfiend> but windows can figure that out and assign the right ip to your interface?
01:19 < qman__> That's a hack to get a better priority route via the vpn
01:20 < E1ephant> what IP is "right"?
01:20 < E1ephant> smelling heavy x/y problem at this point
01:20 < E1ephant> what is the actual issue?
01:20 < E1ephant> another way is to point the default up the tunnel, then have a desctinct route to your vpn endpoint /32 to your real gateway
01:20 < banisterfiend> E1ephant i'm just trying to understand why my (tap) interface doesn't have a gateway ip yet it still works
01:21 < E1ephant> because a TAP is a bridghe
01:21 < E1ephant> not routed
01:21 < banisterfiend> E1ephant can you explain more what you mean by that? like i'm 5 :D
01:21 < qman__> default gateway (and routes) are optional settings for interfaces
01:22 < qman__> The vpn doesn't have to assign a default gateway
01:22 < E1ephant> it's routing (layer 3, IPs, packets), and bridging (layer 1/2, MACs/DLCIs/VC-IDs, frames)
01:23 < E1ephant> tap is extending a broadcast domain, tun is creating an individual broadcast domain.
01:23 < E1ephant> (for ethernet)
01:24 < banisterfiend> E1ephant that sounds very cool but can you explain it in a way a dumbass like me can understand it? :)
01:24 < E1ephant> which part is confusing?
01:24 < E1ephant> tbh there are books worth of information on the subject :)
01:24 < E1ephant> the OSI model, or the TCP/IP DoD model is a good start
01:24 < qman__> If you don't understand that, you need to spend time learning how IP networks function
01:25 < E1ephant> keep in mind it is just a model, so not extact 1:1 with technology/implementation
01:26 < banisterfiend> i'm not familiar with what a 'bridge' is exactly in relation to a router
01:26 < banisterfiend> and what you mean by "extending a broadcast domain"
01:26 < E1ephant> yeah, a bridge wouldn't be a router at all, it would be more like a switch, or a repeater/hub
01:26 < E1ephant> https://en.wikipedia.org/wiki/Broadcast_domain
01:29 < banisterfiend> qman__ so in the case the vpn does not assign a gateway to the tap interface, then the routing table is just consulted instead?
01:31 < banisterfiend> wiat a sec, the tap device itself is the default gateway right?
01:31 < banisterfiend> for a vpn
01:31 < qman__> No
01:31 < banisterfiend> since all traffic goes through it
01:34 < adleff> banisterfiend, you need to spend some time reading up on network 101 and the OSI model
01:34 < adleff> but in a nutshell, just picture a tap interface like an ethernet link
01:35 < adleff> https://backreference.org/2010/03/26/tuntap-interface-tutorial/
01:36 < adleff> https://en.wikipedia.org/wiki/TUN/TAP
01:37 < adleff> https://en.wikipedia.org/wiki/Bridging_(networking)
01:37 < banisterfiend> thanks
01:38 < adleff> banisterfiend, in general, you can close the network 101 gap a little faster if you read a structured reference, like a certification reference
01:38 < adleff> so that would be a network+ book or ccna
01:38 < banisterfiend> i know a fair amount about it, i'm a programmer, but i never bothered to learn the fiddly bits
01:39 < banisterfiend> thanks though that link with the C code should be great
01:41 < adleff> he knows a fair amount but he is confused by the term "bridged"
01:41 < adleff> hmm
01:58 < E1ephant> adleff: read: doesn't actually know yet how much they don't know.
02:00 < adleff> I understand things! I'm a progammer!
02:01 < E1ephant> yeah I am a bit miffed
02:01 < E1ephant> because I know I don't know shit about advanced CS :)
02:01 < adleff> I am totally lost on this bridging concept but I'm sure this C code you linked will clear it all up!
02:01 < E1ephant> I am not trying to instruct on object/struct/class relations in scala (uh my head hurts.)
02:02 < E1ephant> read: I still don't fully get scala It think, need to plug ahead with books!
02:02 < E1ephant> minus t
03:32 < Abbott> I'm not sure if this is right place for this question, but I'm trying to understand my home internet connection. My parents place has two modem/router combo devices, both with coax cable coming in from the service line. My stepdad says that we only have one active connection, so how could we have two modems? isn't the service line a one-on-one type communication line that only one modem can use?
03:33 < light> Why don't you unplug them one at a time to see which is used?
04:03 <+pppingme> Abbott you sure they are both modem/router devices? Grab the model number off each of them
04:44 < creater> anyone here have linux shell for rent?
04:48 < Maarten> creater, http://bfy.tw/IibG
06:10 < tave> I recently completed this guide https://www.m00nie.com/2011/03/steps-to-configure-an-ipsec-site-to-site-vpn-on-a-cisco-ios-device-gns3-lab/ and the vpn connection is established, but now I want to prevent the inside network from accessing anything except for the inside network on the other router.   What do I need to read in order to accomplish this?
06:11 < light> just firewall it off
06:12 < tave> @light, sorry but I'm just learning about cisco routers, do you have a reference that you could point me to by any chance?
06:13 < CuriosTiger> tave: Google "Access Control List"
06:13 < tave> thank you!
06:35 < iateadonut> i am working to add a second iface eth1.  problem is- i accidentally changed the default to eth1 instead of eth0
06:35 < iateadonut> 'ip route list' shows 'default via 10.0.0.1 dev eth1' when it used to show eth0
06:37 < light> so change it back
06:40 < iateadonut> light, thanks, how do i change it?
06:41 < light> undo what you just did
06:48 < iateadonut> wiser words were never spoken
08:15 < zamba> anyone using ntopng here? i'm struggling to create a graph for the historic flows
08:28 < zamba> alternatively.. i need a tool that can do a pretty granular graphing of network throughput
08:28 < zamba> running locally
09:11 < Apachez> https://www.youtube.com/watch?v=AIf1fydxrfo IKEA - Swedish Midsummer Fest - Banned Commercial From Germany
09:12 < Apachez> Anyone wants to buy the batmobil? https://auktion.kronofogden.se/auk/w.Object?inC=KFM&inA=20180615_1058&inO=1
09:13 < Atro> it looks shitty
10:37 < spaces> why are all these stupid schools and companies overrating Blockchain ? don't they have better education ?
10:38 < mjauschwitz> doing what
10:41 < iateadonut> spaces, objectively rate blockchain; objectively measure how stupid schools and companies rate blockchain; compare the two.
10:42 < spaces> iateadonut which gives output ??
10:44 < mjauschwitz> omg i want a donut
10:45 < spaces> mjauschwitz I just made a donut
10:46 < spaces> it's chocolate brown and I was about to flush it... so be quick!
10:50 < mjauschwitz> oh my god you are SOOOO funny
10:50 < mjauschwitz> you should have like a show on netflix
10:50 < spaces> nah, I like to have a fun life
10:51  * mjauschwitz bangs head on table
10:52 < Atro> lol
11:21 < monkeynuts> rrdtool monitoring traffic from /proc/net/dev...that would be Bps yah?...would need to *8 for bps?
11:24 < metheo_irc> hi ppl
11:24 < metheo_irc> any LIRs here ? RIPE/ARIN ?
11:30 < mjauschwitz> what, you want to ask for an allocation on IRC?
11:31 <+xand> my ISP gives out allocations over IRC
11:31 <+xand> :3
11:33 <+catphish> A&A might if you're into that kind of thing :)
11:35 < Apachez>  mjauschwitz wanna hug?
11:36 < metheo_irc> mjauschwitz, no, just interesting what is the upper border for ipv6 assignments made by LIRs to end users/isp's
11:36 < metheo_irc> as a best practice
11:37 < Dagger> xand/catphish: can confirm, got my v4-/27 over IRC
11:38 < metheo_irc> RIPE assignment policy does point only on minimal end-user assgnments - /64.
11:39 < Dagger> pretty sure RIPE's policy makes it rather clear that /64 is too small
11:39 < Dagger> https://www.ripe.net/publications/docs/ripe-690/#4-2-3--prefixes--longer-than--56 "It is strongly discouraged to assign prefixes longer than /56 unless there are very strong and unsolvable technical reasons for doing this."
11:40 < Dagger> (the max general assignment size to end users should be about /48, although bigger is perfectly fine if the user needs it)
11:42 < metheo_irc> Dagger, yep, thanks for the remind
11:45 <+catphish> metheo_irc: as Dagger says, you should always assign between /48 and /56 depending on the type of customer
11:45 <+sep> metheo_irc, we use  /56 for private house ;  /48 for any business as default, without a special need. business with special need get whatever they want/can argument for.
11:45 <+catphish> i would recommend what sep said
11:47 <+catphish>  /56 is plenty for one building / home, /48 is a good idea for anyone who might have multiple logical units within their network
11:47 < metheo_irc> guys, thank you all for clarification!
11:47  * mjauschwitz is facepalming repeatedly as the access control people finally find the door controller on the 1st floor, and trace its serial cable to 9th
11:47 <+sep> metheo_irc,  altho we do reserve a /44 for each /48 business in the ipam tho.....  :)
11:48 < metheo_irc> yes, customer asked for ipv6 prefix "as large as possible" )
11:48 <+catphish> metheo_irc: it's worth mentioning that none of this changes the fact that one should always use exactly one /64 per broadcast network
11:48 < metheo_irc> usually, assign /56, /48 in special cases too
11:49 <+catphish> yep
11:49 < metheo_irc> up to /48 - not a problem, just assign and register in db
11:49 < metheo_irc> and policy says
11:49 < metheo_irc> https://www.ripe.net/publications/docs/ripe-699#5
11:49 < metheo_irc> 5.4.3
11:50 <+catphish> so if you're a home user and you get allocated /56, you should then use /64 for your wifi, another /64 for your guest wifi, etc
11:50 < metheo_irc> oops 5.4.2
11:50 < metheo_irc> "When a single End Site requires an assignment shorter than a /48, it must request the assignment with documentation or materials that justify the request. "
11:50 <+catphish> anything between /56 and /48 is fine, depending on your opinion and the customer's requirements
11:50 < mjauschwitz> just give all these bastards a /48
11:50 < Apachez> define "end site"?
11:50 < Apachez> we got one site at floor 4 and another site at floor 5
11:50 <+sep> metheo_irc, without knowing the company... /48  unless they have lots of sites and different classes of networks.  it is 64k /64 subnets. but you want hirarcial structure, so if they have lots and lots of locations and types of network you might give more
11:51 <+catphish> Apachez: that's clearly one site
11:51 < Apachez> "usually" you go /32 per organisation and /48 per building/site
11:51 <+catphish> Apachez: no, that's insane
11:51 < Apachez> catphish: no its not, floor4 is company X site A and floor5 is company Y site B
11:51 < Apachez> so two different sites
11:51 <+catphish>  /48 per org, /56 per building
11:51 < Apachez> no
11:51 < Apachez> thats insane
11:52 <+catphish> Apachez: you can disagree with ripe and everyone else as much as you like
11:53 <+sep> i guess it depends on the size of the org/building. if you need to split nibbles to get a sane structure and hirarchial routing then you have to small prefix. and you should have room to grow on each nibble.
11:53 <+catphish> of course, if you're a megacorp, an ISP might assign you a /48 for each of your sites, that's perfectly reasonable
11:53 < metheo_irc> well, previously, for v4, there was ripe-384 form , here not clear about "documentation or materials that justify the request"
11:54 <+sep> if you are a big corp you better get your own PI space tho
11:54 < Apachez> catphish: ripe says /32 per org too
11:54 < Apachez> so YOU can disagree with ripe and everybody else since you are insane
11:54 < Apachez> metheo_irc: "our routers can only configure /32" ? ;)
11:55 < metheo_irc> )))
11:55 <+catphish> lol
11:56 <+catphish> i can't see how /32 per org makes sense unless it's PI
11:57 <+catphish> normally you take a DSL of some kind from an ISP, they allocate /56 or /48 per line, depending on your needs
11:57 < Apachez> enterprise dont use dsl
11:57 <+catphish> yes they do
11:57 < Atro> ha
11:57 < Atro> ofc they used sl
11:57 <+catphish> they gotta connect somehow
11:58 <+catphish> the tech doesn't matter
11:58 < tds> afaik RIPE will never do PI allocations anywhere near /32s
11:58 < tds> it's /48 by default, you might be able to get a /45 or so with sufficient documentation
11:58 <+catphish> tds: i didn't know that, i assumed PI would be bigger than a normal PA assignment from an ISP
11:59 < Atro> catphish: i work via Pidgeon Carriers, but they dont work in bad weather :(
11:59 < Roq> That's not true, we have a /32 from ripe
11:59 < tds> of PI space?
11:59 <+catphish> Roq: PI? or are you an ISP?
12:00 < Roq> oh sorry, yeah isp
12:00 <+catphish> yeah ISPs get between /32 and /29
12:00 <+catphish> but that's to allocate to other people :)
12:00 < Roq> I should read more than two lines up
12:00 <+catphish> lol
12:00 < Roq> haha my bad
12:05 < shanee> Hi. I'm trying to get an embedded device that can make HTTPS requests. Do I need to include all root CA certificates? Where can I get a list? It seems like there's quite a lot?
12:07 < Wulf> shanee: grab them from mozilla
12:08 < Wulf> I think it's https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt
12:10 < shanee> Wulf, Looks good. Do I need all 150? I'm a bit short on space and 200kb is hard to find.
12:10 < Wulf> https://wiki.mozilla.org/CA/Included_Certificates
12:10 < Wulf> shanee: Do you know in advance to which hosts you need to make requests?
12:10 < shanee> Wulf, No. Not really.
12:10 < Wulf> shanee: do you have plenty of RAM?
12:11 < shanee> Wulf, Yes. About 300kb free.
12:14 <+catphish> if you want to make HTTPS requests to any site you will need all the common root CAs in your flash :(
12:14 < Wulf> shanee: you could try to cheat a little
12:15 < shanee> Ok. Thank you. I was hoping that perhaps all roots were signed by another certificate or something.
12:15 < shanee> Wulf, How might I do that? I was thinking I could set up an API that validates certificates? Then I'd only need my APIs root.
12:16 < Wulf> shanee: that would be one way too
12:16 < Wulf> shanee: and probably not a bad one
12:16 <+catphish> shanee: unfortunately the point of a "root" certificate is that it's the absolute top of the tree, you must trust it explicitly
12:17 < shanee> Wulf, What were you thinking of?
12:17 < Wulf> shanee: you can make an api to which you send the the first certificate you receive from a tls server. You API replies with the corresponding root cert. Then you tell your tls library to use the root cert for verification
12:17 <+catphish> with that said, you could definitely cheat by making your own CA that signs all the root CAs that you want to trust, then you could just put that cert in your device, and download other CAs in demand
12:17 < Wulf> shanee: I was thinking of storing only the public keys. In binary format.
12:18 <+catphish> yeah, as Wulf says, you can make an API that provides the root certs, then you only need a single CA to authenticate that API
12:19 < shanee> Wulf, Humn. Wouldn't that make it pretty trivial to break?
12:19 < varesa> another way could be to relay the traffic through a proxy server that re-encrypts the traffic with a single CA
12:20 <+catphish> also possible, but unpleasant
12:20 < Wulf> shanee: The self-signature inside the root certs is useless
12:20 < Wulf> shanee: and many libs don't look at it at all
12:21 < shanee> Wulf, Oh. So if I have a roots public key I can validate that another certificate was signed by it?
12:21 <+catphish> yeah you can definitely save a lot of space by storing the certs in the right format
12:21 <+catphish> you could just not bother to verify servers at all ;)
12:22 < Wulf> shanee: you could strip down the root certs to a total of about 100kb
12:22 <+catphish> ^ this is likely the best idea
12:22 <+catphish> also, you could likely drop 50% (more?) of the root CAs because they're so obscure and nobody's using them
12:23 < Wulf> shanee: well, not the public key, but the "tbs certificate" which includes the pubkey. You also need the subject and the subject key identifier
12:23 <+catphish> i'm not sure though
12:23 < Wulf> catphish: yep, only few root certs are actually used.
12:24 <+catphish> so yeah, find a list of root CAs that actually matter, and store the minimum required binary data
12:24 < Wulf> That API thing isn't bad either
12:25 < shanee> What's the minimum binary  data? At the moment I use the "PEM info". Which starts --BEGIN CERTIFICATE--. Assuming I un-base64 this, am I storing more data than I need?
12:25 < Wulf> shanee: you can use the DER encoding of the tbs_certificate.
12:25 < Wulf> shanee: or you can use even less information.
12:26 < Wulf> shanee: like I said: public key, subject, subject key identifier.
12:26 <+catphish> shanee: DER is probably the format you want
12:26 <+catphish> obviously the bytes "--BEGIN CERTIFICATE--" are a huge waste of space to begin with, then base64 encoding is wasting space too
12:26 <+catphish> DER is a raw binary format
12:27 < shanee> Ok. Thank you. I've learnt a lot. :)
12:27 <+catphish> great
13:11 < h0dgep0dge> would anyone care to recommend a robust setup for a pppoe internet connection? I have previously used a standard linux box, but the pppoe software i was using was so inefficient that the computer's cpu almost bottlenecked the internet speed, which was 100mbit. I'm reluctant to trust an ordinary domestic off the shelf solution, perhaps something business grade? I have (and love) a ubiquiti ap, but i've heard their USG is a PITA, woul
13:11 < h0dgep0dge> d love to hear an opinion on that specifically.
13:12 <+catphish> h0dgep0dge: use an edgerouter
13:13 < h0dgep0dge> seems like overkill, is there any reason i'd use that over the usg?
13:14 < h0dgep0dge> i don't even need gigabit, and i think the smallest edgerouter has 5?
13:15 < varesa> edgerouter lite has 3x interfaces
13:15 <+catphish> i use the edgerouter lite for most sites
13:16 <+catphish> 3 interfaces, only like $99
13:16 <+catphish> just because it *can* route at gigabit doesn't mean it's only suitable for when you have those speed requirements, most of my sites have 80Mbit DSL
13:17 <+catphish> there's also the edgerouter X, which i'd probably recommend over the lite for low speed applications
13:17 < bezaban> where low speed <1gb?
13:17 <+catphish> yes
13:17 < bezaban> mm +1
13:18 <+catphish> i don't actually know the throughput of the ER-X, but its got less advanced hardware acceleration
13:18 <+catphish> its plenty capable of 100Mbit though :)
13:18 < h0dgep0dge> yeah, the edgerouter x is only $49, i'd assumed it would cost more given that it looks like it has more to it than the usg
13:19 < h0dgep0dge> what's it missing that accounts for the lower price?
13:20 <+catphish> it has less hardware acceleration, may not do hardware ipsec, not sure
13:20 < bezaban> the erx has a switch iirc
13:21 < lupine> best avoided
13:21 < lupine> grab an APU2 or so instead
13:23 < h0dgep0dge> lupine: are they open source? i am a fan of that kind of design philosophy, but I have already bought into the ubiquiti ecosystem
13:24 < h0dgep0dge> catphish: so less performance, but not something i'd feel at 100mbit, correct?
13:24 < lupine> h0dgep0dge: far more so than ubnt are
13:24 < bezaban> I was a bit dissapointed by the ER, the cli was less streamlined than I expected and seeing the debian underneath it was a bit frustrating to get the config I wanted via custom parameters when I would much rather just tweak everything directly like I would on an apu
13:25 < lupine> the edgerouters are crap hardware, running locked-down, stale debian without any of the good bits of debian, with a hacked-up vyatta in the way of most things, and a crap web UI
13:25 < bezaban> web dashboard makes it a bit more available to others though
13:25 < Dalton> yeah but edgerouter vs apu price?
13:25 <+catphish> h0dgep0dge: i'd say that was correct, though if you are intending to do ipsec, i'd suggest the higher spec device
13:25 < lupine> apu2 is about twice the price, and about 10x the value
13:26 < varesa> I wonder if VyOS would run on an APU2
13:26 < lupine> when price-conscious, I buy some consumer hardware that runs openwrt and use that instead. various buffalo routers have been great for that
13:26 < varesa> can't really see a reason why it wouldn't
13:26 <+catphish> oh yeah, the erx has a switch if you need that, you probably don't
13:26 < lupine> (about 1/2 the price of an edgerouter, and about 3x the value)
13:27 <+catphish> the benefit of the edgerouter is the hardware acceleration, it can achieve high throughput, including ipsec, for a low cost
13:27 <+catphish> but there really aren't many other business products in that price range anyway, maybe mikrotik, but i personally don't like their proprietary interface
13:28 < h0dgep0dge> yeah, how do the APUs handle pppoe? Would I have to do it all in hardware?
13:28 < h0dgep0dge> all in software, sorry
13:28 <+catphish> a lot of it comes down to taste, in all honesty, you're not going to get anything better than residential quality at this price
13:28 < varesa> APUs are basically small x86 PCs
13:28 <+catphish> h0dgep0dge: by the way, pppoe is not expensive, if you just run linux and the standard client, it should work fine
13:28 <+catphish> no idea why you had such trouble before
13:29 < h0dgep0dge> hm. that's good to know
13:29 <+catphish> anyway, my recommendation is generally an edgerouter (or lite or x) as they are so featurefull and can scale for performance, they're still "cheap" hardware though, not enterprise quality
13:30 <+catphish> if you're into open source / linux / PC servers, you may want to just try building your own again with better software
13:32 < h0dgep0dge> i was also using vlans and a switch to bodge not having 2 NICs, perhaps that was causing issues
13:33 < h0dgep0dge> i'll do some experiementation, in typical nerd fashion i have linux boxes lying around, i'll have a go using one of those before buying anything
13:34 < h0dgep0dge> the APU do appeal to the networking nerd masochist in me, though
13:36 <+catphish> i like the edgerouter, but unfortunately because of the proprietary hardware forwarding they have to run a rather proprietary OS, however i like it, the CLI is nice, and you can access it's underlying linux pretty freely
13:39 < mjauschwitz> lupine: memes
13:41 < h0dgep0dge> thanks for the help y'all, i'm glad to be turned onto these pc engines people
13:41 < h0dgep0dge> i might be back if i need help when my fibre gets installed
13:59 < spaces> so the internet sucks, blockchain has no future and we are all gonna die()....
13:59 < brahmana> Hi all, is there a way for me to check how many connections are waiting to be accepted on a listening TCP socket? (i am on Ubuntu server 16.04)
14:00 < Apachez> netstat ?
14:02 <+catphish> netstat might help, can't think of any other way :(
14:03 < Roq> 'ss' works, but im not sure if that's just for established
14:03 <+catphish> i don't even know how netstat would class things in the backlog, linux actually pre-accepts them
14:04 <+catphish> since there's no api to reject them, linux just goes ahead and accepts them before you even call accept()
14:04 <+catphish> i always thought it would be cool if you could pre-screen connections and reject them, but you can't :(
14:04 < brahmana> Apachez: netstat shows info on connections awaiting to be accepted?
14:05 < mjauschwitz> X-Y problem and so on
14:05 < h0dgep0dge> according to the netstat manpage: " Recv-Q
14:05 < h0dgep0dge>        Established:  The  count  of  bytes not copied by the user program con‐
14:05 < h0dgep0dge>        nected to this socket.  Listening: Since Kernel 2.6.18 this column con‐
14:05 < h0dgep0dge>        tains the current syn backlog."
14:05 < moog> hi , "ss" does etstablished/wait/listen/close/Last-ack/ and probably others
14:05 <+catphish> netstat shows information about all network sockets
14:05 < balder>  ss -t state syn-recv
14:05 <+catphish> h0dgep0dge: handy
14:05 < h0dgep0dge> "the current syn backlog" sounds like what you want
14:05 <+catphish> indeed, though i'd test it to be wary of the pre-accept i mentioned
14:06 <+catphish> they may not be in a "syn backlog"
14:06 < h0dgep0dge> but you have to ask yourself one question, do you feel like writing a test program to determine if the number corresponds to backlogged connections that haven't been accepted yet? do ya, punk?
14:07 < brahmana> catphish: So there is no easy way for me to know how many connections are awaiting for my app server to be picked up and served?
14:07 < h0dgep0dge> it's only 00:07, i could write a quick c program
14:07 <+catphish> brahmana: i don't know, h0dgep0dge's suggestion might work
14:08 < h0dgep0dge> detective h0dgep0dge is on the case!
14:08 < brahmana> h0dgep0dge: I am would be more than happy to run the code or of be any such help.. !
14:08 < brahmana> s/am would/would
14:08 <+catphish> h0dgep0dge: how do you get that value from netstat?
14:08 < h0dgep0dge> haven't a clue, i'll burn that bridge when i get to it
14:08 <+catphish> oh, its one of the columns :)
14:09 < h0dgep0dge> i haven't written int main() in so long, feels like the touch of an old lover
14:09 <+catphish> i have an answer
14:10 < h0dgep0dge> let's see if i can finish my program, compile, and run it before you finish typing
14:10 < moog> If someone needs a netstat look for ss with many options, may i suggest you https://agmen.org/netsstat , a netstat for ss
14:10 <+catphish> https://i.imgur.com/BgPJERD.png
14:11 <+catphish> the answer is linux accepts them and they show up as ESTABLISHED
14:11 <+catphish> up to some limit anyway
14:12 < h0dgep0dge> i don't think that shows the column that i found
14:13 <+catphish> it does
14:13 < h0dgep0dge> because it should also have a column for the largest possible backlog
14:13 <+catphish> Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
14:13 <+catphish> those are the columns
14:13 < EdLin> hi. I'm having difficulty flashing my router in dd-wrt using a web-browser, it's over a NIC, but no matter what browser I use I get a reset connection and the flash fails early-on
14:14 < h0dgep0dge> what's the protocol here? take a number, wait your turn? lol
14:14 < lupine> catphish: the hardware acceleration in the edgerouter is pretty rubbish
14:14 < h0dgep0dge> sorry edlin, we're just sorting someone else out
14:14 < lupine> APU2 does well with encryption and *also* does well with rp-pppoe
14:14 <+catphish> brahmana: anyway, IMO the only way you can do this is to have a thread in your application that accepts all connections immediately and puts them in a queue, then worker threads that handle connections in the queue, then you can see the queue size yourself
14:14 < EdLin> no problem, mention my nic when you're ready.
14:15 < EdLin> my nick*
14:15 < h0dgep0dge> catphish: why is send-q 0? it should be the maximum size of the syn backlog
14:15 <+catphish> lupine: you'll have to define "pretty rubbish" because it does what it's supposed to do, forwards 1Mpps in a $99 device :)
14:16 <+catphish> lupine: it even supports ipsec, gre, vlans, pppoe, nat, iptables
14:16 <+catphish> so really, it's pretty impressive
14:16 <+catphish> h0dgep0dge: dunno! thats just what it is on my pc
14:17 <+catphish> lupine: there are reasons not to like it, but i certainly wouldn't call it rubbish
14:18 < h0dgep0dge> i forget who asked the question, but whoever you are, i'm going to continue investigating and see what i can find. maybe pm me so i can pm you back when i come to a conclusion
14:18 <+catphish> brahmana ^
14:18 < h0dgep0dge> okay, are we cool to open the floor to the next in line?
14:18 <+catphish> https://www.quora.com/How-can-I-check-TCP-backlog-queue-for-a-specific-process-on-Linux
14:18 <+catphish> that might help
14:18 < EdLin> hi :)
14:19 < brahmana> h0dgep0dge: That would be me
14:19 < EdLin> aww
14:19 <+catphish> EdLin: you could try a lower MTU in case it's that, but sounds like maybe just the software receiving the code is broken :(
14:19 < h0dgep0dge> ugh i'm going to be so upset if i'm proved wrong by a goddamn quora thread
14:20 <+catphish> brahmana: that link was for you by the way: https://www.quora.com/How-can-I-check-TCP-backlog-queue-for-a-specific-process-on-Linux
14:20 < brahmana> EdLin: I actually meant I am the guy whom h0dgep0dge is helping.. you are actually next in line... :)
14:20 < brahmana> yup.. checking..
14:20 < EdLin> catphish, does that mean I won't be able to flash via the web interface anymore?
14:21 < EdLin> is there another way to do it reliably? Maybe tftp or something?
14:21 <+catphish> EdLin: i'd try via a different mechanism if possible, once it's flashed once it'll probably be ok with the non broken new firmware
14:21 <+catphish> depends on the device, not sure
14:21 < EdLin> the problem is I'm flashing stock firmware, I'm not sure if that can be done via tftp on this
14:22 < EdLin> was switching to that, then to tomato for SIP ALG
14:22 < EdLin> because my SIP phone isn't working on outgoing calls with my voice
14:22 <+catphish> your stock formware doesn't allow you to disable SIP ALG? nasty :(
14:22 < EdLin> if I can solve that issue, maybe I don't need new firmware
14:23 < EdLin> catphish, no, I actually wanted SIP ALG, because I can't get my SIP phone to work otherwise.
14:23 <+catphish> you really don't want that
14:23 < EdLin> then what do I want to do?
14:23 <+catphish> well you should probably ask your SIP provider, but normal advice is to make sure SIP ALG is disabled
14:24 < EdLin> dd-wrt has no SIP ALG.
14:24 <+catphish> and if it definitely is, you should be fine
14:24 < EdLin> nope, it isn't working, when I call out, people can't hear anything I say
14:24 < lupine> catphish: it doesn't support openvpn, or didn't when I was using it
14:24 < EdLin> I can hear them, they can't hear me.
14:24 < lupine> the hardware crypto acceleration in the apu2 does
14:24 <+catphish> that's a very unusual problem, outbound audio shouldn't be affected by NAT :(
14:25 < ne2k> EdLin, did you accidentally leave headset mode on without a headset connected?
14:25 <+catphish> oh, i suppose the remote could be rejecting it
14:25 <+catphish> EdLin: who is the SIP provider? seems like they aren't supporting NAT properly :(
14:25 < ne2k> NAT = teh bad
14:26 < EdLin> ne2k, no way, because when it's enabled, an LED is lit
14:26 <+catphish> any good provider should accept your audio even if it's being NAT'd
14:26 < ne2k> EdLin, is the microphone broken
14:26 < EdLin> catphish, I am using anevo
14:26 < ne2k> or the cord
14:26 < EdLin> ne2k, could be, but then why does SIP ALG fix it?
14:26 < ne2k> lel
14:26 < EdLin> anveo*
14:26 <+catphish> any chance you could just try a different provider?
14:26 < ne2k> EdLin, sorry, I'm too used to providing support to idiots
14:26 < lupine> ISTR you're also bound to the ubnt-provided kernel by the hardware crypto module they provid
14:27 <+catphish> SIP ALG *may* actually fix this, they may rewrite your address in the SIP packets which would make the remote accept the audio
14:27 < EdLin> catphish, I'd really prefer not to. I have $30 in their account, and can't really afford to start all over payment-wise with someone else
14:27 <+catphish> but this isn't how SIP providers usually operate any more
14:28 <+catphish> EdLin: i see :( well i guess they're doing SIP in a NAT-unfriendly way, so i guess you *do* need SIP ALG
14:28 < EdLin> plus I'd need to transfer the number, and that takes over a week for a SIP line
14:28 <+catphish> i guess it's worth trying
14:28 <+catphish> but i can't provide much more assistance with the flashing
14:29 <+catphish> you could see if openwrt supports the device, they often have good instructios
14:29 <+catphish> *instructions
14:29 < EdLin> openwrt doesn't support the device, well, it supports the wired switch, but not the wifi
14:29 < EdLin> open source religion wrt the wifi chip
14:29 <+catphish> makes sense
14:30 < lupine> *sometimes* you can replace the wifi adapter in consumer routers. worth opening it up to have a look
14:30 < lupine> sometimes they're just plugged in via miniPCIe or so
14:30 < EdLin> lupine, is that the case for a netgear r6400?
14:31 <+catphish> EdLin: by the way, have you asked the SIP provider? they may be able to enable some kind of NAT mode for your line from their end
14:31 < EdLin> catphish, I'll talk to them.
14:32 <+catphish> it's worth asking, SIP providers deal with this problem constantly
14:32 < EdLin> yeah, I hear some horror stories about anveo's customer support tho, I wanted to go with them because they are both reliable server-wise and cheap
14:32 < EdLin> I'll try anyway.
14:33 < EdLin> thanks for your help
14:34 < lupine> EdLin: no idea. get a screwdriver
14:35 < lupine> kids these days :D
14:45 < zuthu> could sb maybe tell me if I did that right: https://img1.picload.org/image/dowarida/nw.jpg
14:45 < k_sze> I'm trying to setup docker-mailserver (https://github.com/tomav/docker-mailserver). Could somebody explain to me why I would want to enable SASLAUTHD?
14:46 < ne2k> whois zuthu
14:47 < zuthu> ./
14:47 < ne2k> :-D
14:47 < zuthu> ;)
14:47 < ne2k> zuthu, I've answer my question by loading your image
14:48 < zuthu> what do you mean?
14:48 < ne2k> zuthu, I was trying to establish whether you were a native speaker of German because of the way you worded something. it's something a lot of German's say. you used "that" instead of "this"
14:48 < ne2k> Germans*
14:48 < zuthu> haha
14:48 < zuthu> okay
14:48 < ne2k> zuthu, it's extremely minor and no-one would ever misunderstand what you meant, but it just sounds a little odd
14:49 < zuthu> I'm going to repeat THAT until everyone is using it
14:49 < zuthu> ne2k: thx for the advice :)
14:49 < ne2k> kp
14:50 < ne2k> is this homework, btw?
14:51 < zuthu> preparation for a course
14:52 < zuthu> I wanted to test it with cisco packet tracer (no way to get it for free) or GNS but it's way too complicated for a beginner
15:11 < h0dgep0dge> catphish: you were right about the backlogs
15:11 < h0dgep0dge> there are 2 queues, one for connections pending completion of the handshake, and one for connections pending being accepted
15:12 < h0dgep0dge> and it seems like if anyone, netstat gives information about the prior, and there's no good way to get to the latter
15:12 < h0dgep0dge> ^anyone^anythign
15:12 < h0dgep0dge> ^anythign^anything
15:15 <+catphish> h0dgep0dge: i'm always right
15:16 < h0dgep0dge> 01:16, time for bed
15:16 < h0dgep0dge> goodnight all
15:16 <+catphish> enjoy :)
15:20 < regdude> Has anyone used MAC address masks? If I wanted to match 01:80:C2:xx:xx:xx, then I would use /FF:FF:FF:00:00:00 ?
15:23 < ellyacht> regdude: what do you mean match?
15:24 < Apachez> match where?
15:25 < spaces> Apachez we match
15:25 < spaces> it's a perfect fit you know
15:25 < regdude> nvm figured it out, was like I said
15:26 < ellyacht> spaces: lol?
15:30 < Thanos> Q: I want to take my current background of bedside healthcare and move into healthcare IT. Anyone know of a reasonable in demand path for an RN in such a position?
15:30 < Apachez> woot?
15:30 < Apachez> Thanos: dont drink and irc
15:31 < Thanos> I don
15:31 < Thanos> er, don't drink
15:35 < djph> start.
15:42 < mjauschwitz> Thanos: healthcare IT is about the worst case of IT there is
15:43 < mjauschwitz> archaic, underbudgeted and there are regulations so deep up your arse they'd arrest your family if you so much as a twich
15:43 < mjauschwitz> if this sounds appealing to you it'd probably easier and at least as enjoyable to pay a fat woman to tie you up and whip you
15:44 < spaces> ellyacht always ufn
15:44 < spaces> fun
15:47 < djph> mjauschwitz: easier yes. but dealing with fatties is never enjoyable.
15:47 < mjauschwitz> try PCI DSS *and* HIPAA
15:47 < Thanos> It has to be healthcare IT. I'm not going to abandon my current career
15:48 < Thuryn> and PCI DSS was written by half-trained monkeys.
15:48 < djph> you're leaving "bedside healthcare"... and want to move into "IT".  Those are two entirely different career paths
15:48 < Thuryn> i think it would have been better if the monkeys had been completely untrained, because then everyone would KNOW they were full of shit
15:49 < Thuryn> but these monkeys knew just enough to sound as though they knew what they were talking about.
15:49 < djph> at least PCI has teeth for when you "accidentally(tm)" have a breach.
15:49 < djph> or did they take that out now too?
15:51 < Thanos> djph: not really. You can expand from bedside into any huge range of healthcare related fields and retain your healthcare status.
15:51 < Thanos> which is actually the ideal.
15:51 < djph> ... and yet another reason why healthcare is fucked.
15:52 < Thanos> yeah, cause why would you want the people who have worked on the floor to have any input into the system on which they depend, right?      /s
15:52 < djph> if you leave "nursing" to go to "IT" the time in "IT" should not count towards experience anywhere else.
15:53 < Thanos> I didn't say leave nursing. I said expand nursing into IT related field.
15:53 < djph> I mean, look, if you're just saying "experience in healthcare" with "healthcare" being an umbrella for all jobs that touch it ... meh fine. I mean, you can do that in most any industry.
15:53 < djph> oh, fuck no.
15:54 < RustyJ> IT RNs is the easiest RN
15:54 < Thanos> I'm sure there are medical records jobs or other IT related fields to explore. I was just trying to find a good baseline/someone knowledgeable.
15:55 < RustyJ> lol, I'm IT/BIS and my wife is a APRN... so i know a little bit
15:55 < djph> every org I've ever seen has been "nurses over here", "IT over there", "record entry monkeys over there"
15:56 < djph> and while they interact; the "nurses" aren't "IT" or "Record Monkeys" (or vice-versa)
15:56 < Thanos> to at least some degree they are. Not enough of one however. When they aren't you get horrible products like soarian.
15:57 < Thanos> RustyJ: what is a reasonable career path for an RN wanting to move into healthcare IT? any opinions?
15:58 < djph> can guarantee the people writing it probably hated the manglement decisions just as much as the people using it.
15:58 < RustyJ> EMRs typically aren't handled by RNs, and neither is coding (ICD10).... Thats the data entry folks
15:58 < node808> informatics
15:58 < node808> health information management
15:59 < RustyJ> But there is telemetry jobs that do require a clinical background
15:59 < Thanos> are HIM jobs in demand?
15:59 < node808> a friend of mine is an RN who recently completed a masters in informatics...I think thats as close as it gets for medical field/IT field
16:00 < node808> She's having trouble getting into an HIM position.
16:00 < Thanos> ah
16:00 < RustyJ> what kind of nurse are you? RN 2/4 or LPN?
16:00 < Thanos> RN2/years of medsurg
16:00 < RustyJ> typically they are NOT entry level jobs, and are lead positions
16:01 < Apachez> isnt lead forbidden nowadays?
16:01 < node808> I think the HIM stuff is better as an additional skillset for current IT people than it is for current medical people
16:02 < node808> gets IT pros into the medical IT field better than the other way around
16:02 < RustyJ> ^
16:02 < potatoe> are file handles and file descriptors effectively the same metric i should be chasing when debugging too many open files?
16:03 < potatoe> is checking /proc/sys/fs/file-nr enough for both?
16:03 < potatoe> on linuxi
16:03 < potatoe> linux*
16:04 < Thanos> I want to retain some bedside enough to do it and see it and stay *able* to do it, but an IT job would be fun and possibly less stress to boot.
16:04 < RustyJ> Honestly, your better path is RN 4 and a supervisory role.
16:06 < Thanos> bleh. supervisory never thrilled me.
16:15 < node808> what about going into PA or CRNA
16:33 < dnanib> potatoe: they are essentially the same. I think "handle" is a windows-side term
16:34 < dnanib> file-nr is the right place to look; the first number is the one you have currently open
17:28 < wind_swept> Tintri is about to go under
17:28 < wind_swept> good riddance i say
17:29 < wind_swept> when the storage admin told me he wanted to shoehorn storage traffic onto my existing network (isntead of the FC network) i was against it.
17:30 < wind_swept> now he gets his comuppance
17:34 < komanda3> 65
17:40 < djph> wind_swept: eh?
17:40 < wind_swept> https://www.theregister.co.uk/2018/06/19/tintri_ceo_quits/
17:41 < zenix_2k2> uhm one question, is there anyhow i can check my IP address beside going to an online site ? cause i tried https://whatismyipaddress.com and it gave me some really inaccurate details about my IP
17:41 < zenix_2k2> i think it has something to do with the modem or modem-router in my case, doesn't it ?
17:42 < djph> zenix_2k2: what'd it tell you your IP was?
17:42 < djph> zenix_2k2: and what do you think your IP is?
17:43 < djph> ... err, I suppose the better question is "what does the router say it's ISP-side interface's IP is"
17:43 < wind_swept> you can google "what's my ip" and it will return the ip the request came from
17:43 < djph> wind_swept: $5 says he's behind CGN
17:44 < zenix_2k2> actually i think my IP was what it told me, but the point is it gave me wrong info about my IP adress
17:44 < djph> what'd it tell you teh IP was?
17:45 < zenix_2k2> 42.113.189.247
17:45 < djph> wait ... the IP is what it told you, but the info was wrong?
17:45 < zenix_2k2> yea
17:45 < djph> what "info"?
17:45 < zenix_2k2> it told me that i am living in another city which i am not
17:45 < zenix_2k2> and state
17:45 < djph> oh, that's based off who owns the IP
17:45 < djph> not "you"
17:46 < zenix_2k2> wait wut... so i am not the one who owns it ?
17:46 < djph> nope, your ISP owns it.
17:46 < zenix_2k2> and is that also applicalbe to every country ? or only mine ?
17:47 < tds> I mean you could own it, but if you do you probably know about it
17:47 <+catphish> zenix_2k2: geographical info for an IP is only a guess, it's rarely exactly correct
17:47 < tds> oh, missed that you actually posted an ip, ignore me
17:47 < zenix_2k2> if that is the case then how can people like cops track who am i ?
17:47 < zenix_2k2> and where i am
17:48 < djph> zenix_2k2: 42.113.176.0 - 42.113.191.255 is owned by FPT Telecom Company
17:48 <+catphish> zenix_2k2: they ask your ISP who is using that IP
17:48 < zenix_2k2> yea, i do know that it was my ISP, but the city was wrong
17:48 < djph> ^
17:48 <+catphish> zenix_2k2: only the ISP has that information, nobody else
17:48 < djph> 2nd floor FPT Building, Pham Hung Road, Cau Giay District, Hanoi
17:48 < zenix_2k2> but a few days ago, the city info that that site gave was correct, and now it is wrong
17:49 <+catphish> zenix_2k2: again, that info is not accurate
17:49 < djph> it got updated. it happens
17:49 < zenix_2k2> and actually ... it was wrong in "2 ways", when i tried with local database using pygeoip ( python'
17:49 < zenix_2k2> s module )
17:49 < zenix_2k2> it was showing another city
17:49 < zenix_2k2> and now another
17:49 < djph> it doesn't matter
17:49 <+catphish> zenix_2k2: you really don't need to worry / care about that info, it's just a database someone made from guesswork
17:50 <+catphish> it doesn't mean anything
17:50 < djph> the closest accuracy that you can realistically expect is the region - e.g. NA or EU or Africa (etc.)
17:50 <+catphish> the only thing that actually matters is the country, sometimes content is restricted by country and they use that data
17:50 < zenix_2k2> but about the Latitude and Longitude ? will it also be rarely correct ?
17:50 <+catphish> zenix_2k2: it will almost always be way off, there's no way they could know your exact location
17:51 < djph> NOTHING beyond "x.x.x.x is assigned to a regional RIR" is ever 100% accurate.
17:51 < zenix_2k2> HHHmmm... but i still understand why lots of people on the internet still advises people to cover and do not expose their IP address when only the ISP knows
17:51 < zenix_2k2> don't understand*
17:52 < djph> they're fucking morons.
17:52 < zenix_2k2> well, ok then... what a relief
17:54 < djph> There are reasons to use VPNs, sure.  But all the nonsense about "it'll protect you from whatever government actor" ... if you're under investigation for breaking the law, the cops will do thier thing.
17:55 < zenix_2k2> so you mean that cops still know who i am behind the VPN's wall ?
17:55 < zenix_2k2> proxies,...
17:55 < djph> sure, do you really think those "free" VPNs aren't tracking you themselves?
17:56 < djph> or that if cops are digging into your financial records, they won't find you paying for one of the paid ones
17:56 < zenix_2k2> no no no i don't mean "free", i mean paid
17:56 < zenix_2k2> of cause "free VPNs" come with "free risks"
17:57 < zenix_2k2> actually, all risks are free
17:57 < djph> but realistically it comes around to "are you giving the cops a reason to dig into your activity".
17:57 < Thanos> a good vpn will protect you tho.
17:57 < Thanos> at least in court.
17:57 < Thanos> some already have
17:57 <+catphish> there are reasons to hide your IP, for example if you're breaking the law, authorities would be able to take your IP to your ISP and they'd then provide the physical address that IP was routed to
17:57 < djph> I mean, the internet isn't *private* space -- it's like walking around in a mall.
17:57 <+catphish> also, some people have a persistent IP and they just don't want their web usage to be linked together
17:58 < zenix_2k2> wait, so how about Tor's proxies ?
17:58 < djph> but they're *totally* okay logging into gmail / facebook anyway
17:58 <+catphish> like if you buy something from an online store, they now have your IP and your address, if their database got hacked, someone else could use that to track your IP to your location
17:58 < djph> well "location"
17:59 <+catphish> well, your delivery address you provided
17:59 < Thanos> then someone from outside can scream into the phone "they're in the house!"
17:59 < zenix_2k2> well but that is unlikely to be a normal scenario
17:59 <+catphish> so, it's not totally insane to want to change IP at regular intervals
18:00 < djph> yeah, but if you're talking about "oh they hacked the customer database" ... the IP address part is kinda the least important thing there...
18:00 <+catphish> also just general advertizing tracking
18:00 < zenix_2k2> also, Tor is pretty close to a "free VPN", is it risky ?
18:00 < m0dshalp> catphish, i'm reporting you to the feds
18:00 < zenix_2k2> Hm, more like Firefox with 3 proxies
18:00 <+catphish> tor is by far the best tech if you nee serious anonymity
18:01 < zenix_2k2> yea, i still don't understand how it works
18:01 < zenix_2k2> where are those proxies located at
18:01 <+catphish> it works like an onion :)
18:01 <+catphish> the proxies are all over the world, you route your connection through 3 or more of them
18:01 < zenix_2k2> i know but each "layer" of an onion still equal to a host right ?
18:01 < zenix_2k2> and if there is a host, there is a locatipon
18:01 < zenix_2k2> location*
18:02 < zenix_2k2> "all over world" sounds really magical in networking senses
18:02 <+catphish> no one host knows both the source and the destination of the connection
18:02 <+catphish> that's the key to tor
18:02 <+catphish> well, except the person using it
18:02 < rocketmagnet> hi everyone, short question: when using a vpn i can only choose between udp or tcp, how can i hidde my ip when it only works with one of those and not both ?
18:03 < rocketmagnet> or can i create a firwall rule to handle this kind of problem ?
18:03 <+catphish> ugh
18:04 < m0dshalp> catphish, don't worry - you'll be behind bars soon
18:04 <+catphish> rocketmagnet: that's the protocol it uses to carry the packets, what it actually carries inside is IP (includes both TCP and UDP)
18:04  * catphish reports m0dshalp to his mom
18:04 < zenix_2k2> someone is going to his room
18:05 < rocketmagnet> ah, so it doesn't reveal my ip, no matter if udp or tcp... why can i choose then ?
18:05 < zenix_2k2> :P
18:05 < m0dshalp> catphish: u think i'm fucking joking kid
18:05  * tds is disappointed at catphish's use of american english
18:05 <+catphish> rocketmagnet: because udp is better, but sometimes you can onlyuse tcp, so they support both
18:05 < zenix_2k2> i think both UDP and TCP reavel the IP ?
18:06 < zenix_2k2> reveal*
18:06 < rocketmagnet> so if i can choose it's better to use udp... can you explain in short why ?
18:06 <+catphish> tds: i choose not to believe in american english, i just use english and spell things how i like
18:06 < skyroveRR> catphish: :)
18:06 <+catphish> rocketmagnet: because if you put one TCP connection inside another TCP connection, it can cause problems with performance
18:07 < zenix_2k2> rocketmagnet: i believe there is no such protocol as the best, they all have their own set of needs
18:07 < skyroveRR> Like, recognise instead of "recognize", catphish ? ;D
18:07 <+catphish> skyroveRR: that's a different matter entirely, both of those are valid in traditional "British English"
18:07 < skyroveRR> Oh? Hmm.
18:08 <+catphish> -ise vs -ize is a decades old debate in British English
18:09 < Thanos> generally if the government wants to know what you're doing they will find out. it just depends on how hard they want to pursue it.
18:09 < Thanos> which would depend on what you're suspected of.
18:09 <+catphish> tor is pretty impressive, but it only takes one misake to get caught if people with enough resources are hunting you
18:10 < Thanos> if you're just downloading game of thrones just get a non-logging vpn and go merrily on your way.
18:10 < skyroveRR> catphish: yeah, like logging into facebook using that shit.
18:10 < m0dshalp> catphish: what kind of mistake?
18:10 < skyroveRR> m0dshalp: what I said.
18:10 <+catphish> like logging into facebook using that shit
18:11 < m0dshalp> you must have the iq of a goldfish to do that
18:11 <+catphish> or using a nick on a forum that you once used on another forum where you used a non-tor connection
18:11 <+catphish> (that's how DPR got caught)
18:11 < m0dshalp> wow lol
18:11 < m0dshalp> what a dumb cunt
18:11 < skyroveRR> DPR?
18:11 <+catphish> https://en.wikipedia.org/wiki/Ross_Ulbricht
18:11 < skyroveRR> Oh, that asshole.
18:11 <+catphish> lol
18:11 < skyroveRR> Dread Pirate Roberts.
18:11 < skyroveRR> And Sabu, too.
18:12 < Thanos> but but but ....facebook said they were going to be nice now!     /s
18:13 < zenix_2k2> wow... since when they weren't nice ?
18:14 <+catphish> rocketmagnet: you might want to learn a little about IP, TCP and UDP protocols, and how a tunnel encapsulates one protocol inside another, just an overview, so you understand what you're building
19:20 < Apachez> https://www.yahoo.com/news/obama-cyber-chief-confirms-stand-order-russian-cyberattacks-summer-2016-204935758.html
19:28 <+catphish> how are people mirroring thepiratebay?
19:30 < skyroveRR> MAGIC!
19:32 <+catphish> i'd quite like my own copy :)
19:33 < Thanos> torrents. yuck.
19:33 < skyroveRR> catphish: The CPS will be all over you in hours.
19:33 <+catphish> that seems unlikely
19:33 < skyroveRR> Why not?
19:34 <+catphish> well maybe if it was public, someone would probably complain, but it wouldn't be, and CPS?
19:34 < skyroveRR> Crown Prosecution stuff? Scot Yard?
19:34 <+catphish> they are prosecutors for criminal cases
19:35 <+catphish> they don't investigate things, or deal with civil matters
19:35 <+catphish> though i did wonder if that's who you meant
19:37 <+catphish> but anyway, i wasn't thinking to make it public, that *might* be illegal, don't totally understand the law on links, just for reasearch / personal use
19:38 < skyroveRR> They won't allow you to use google in custody now, will they? Except perhaps for a bottle of water and dinner.
19:38 < Maarten> most mirrors are on domains of countries that don't really cooperate well with western civil authorities. And the mirror itself might not even exist in the country the domain extension is supposed to represent, so it becomes a convoluted mess..... you could get a slovakia domain name, point it to an IP in peru, that proxies to a server in finland, which connects on the back-end to an actual database in russia, and..... well.... its messy. :D
19:39 < Maarten> If you think about saying: "hey I have a server with 10TB, and a domain name, can I has piratebay mirror please" and it can be traced to YOUR name.... expect trouble. :P
19:39 <+catphish> Maarten: my real question was: how do they get the data?
19:39 < Maarten> catphish, tcp/ip? ;)
19:39 <+catphish> private arrangement?
19:40 < djph> they don't have any of the data - torrent trackers never did.
19:40 < Jonta> They do. The data is the magnet-links etc.
19:41 < Maarten> they just have .torrent files and magnet links.... but those do NOT contain ANY copyrighted material at all.
19:41 <+catphish> there must be some data, name and hash at least
19:41 < Jonta> Pretty sure a mod on ##networking knows that
19:41 < Apachez> however they run trackers that technically is involved in this
19:41 < Maarten> name, maybe..... but so do movie review & ticket sites. And TV Guides.
19:42 < djph> the *torrent files are just "eh, here's some metadata"
19:42 <+catphish> anyway i was just curious, i originally assumed it was just one centralized site, but now i see there are mirrors, so i wondered how it worked
19:42 < Apachez> so are the chunks
19:42 < Apachez> "eh, here's some chunkdata"
19:43 < Jonta> catphish: https://proxybay.github.io/setup.html
19:43 < Maarten> A torrent file is nothing more than a TV guide, really..... it tells you: This here TV show can be found using this here information. It doesn't contain the actual TV show, not a single bit of it. Sueing someone for having a torrent file, would in a legal sense be the same as sueing a newspaper for showing what's on TV tonight.
19:43 <+catphish> Jonta: i found that, but it just describes setting up a proxy to https://thepiratebay.org/ which isn't much use if its down
19:43 < zumba_ad_> folks, it's been many years and I've forgotten subnets. What I wanted to know is how can I tell if a host in 172.20.0.0/18 will never be in 172.20.64.0/20  If let's say I connect 2 machines using back-to-back cable and I assigned them 172.20.64.1/18 and 172.20.64.2/20, will they be able to ping each other? My guess is not because of subnet mask. However, I am not sure
19:45 <+catphish> zumba_ad_: 172.20.64.2 is in 172.20.64.1/18 and 172.20.64.1 is in 172.20.64.2/20, so they will communicate fine
19:45 < zumba_ad_> got it. That's where I was confused
19:46 <+catphish> zumba_ad_: you should never configure a network like this, but those particular hosts will both see each other as local so it will work
19:46 < zumba_ad_> it's in our routes
19:46 < zumba_ad_> those are the cidr I saw in the internal chat right now
19:46 < Apachez> catphish: plz stop pasting my ip ranges in public mkey?
19:46 < Jonta> catphish: How about https://github.com/shaderzak/openbay-db-dump-master
19:47 <+catphish> Jonta: well thats cool, doesn't really answer the question, but cool source
19:48 < Jonta> catphish: How do we know there are mirrors, and not just proxies?
19:48 <+catphish> Jonta: if they were proxies, they wouldn't work when the main site was down
19:48 < Jonta> Ah
19:48 < Apachez> if the main is down and the others work then they are most likely mirrors
19:49 < Jonta> Main's been blocked here for quite a while now
19:49 <+catphish> unless the only reason it's down is local problems with cloudflare, but i doubt that
19:49 <+catphish> unless the main site is anycast and its only down in some places
19:49 <+catphish> that's plausible
19:50 < Apachez> great way for cloudflare to sell info of who is downloading what :)
19:51 <+catphish> they're definitely not allowed to do that
19:53 < Apachez> why not?
19:53 < Apachez> try read their EULA :)
19:53 < Apachez> oh wait there is none for clients using a server who is behind cloudflare :D
19:53 <+catphish> exactly
20:04 < Apachez> https://www.reddit.com/r/Steam/comments/8pud8b/psa_red_shell_spyware_holy_potatoes_were_in_space/
20:12 < d9867eb> hi mates
20:12 < d9867eb> n.la' has no address records (A or AAAA)". I am using Devuan ascii.
20:12 < d9867eb> 19:45 < d9867eb> my /etc/bind/zone/domain.db file https://pastebin.com/raw/2Z4Ss7fY
20:12 < d9867eb> 19:45 < d9867eb> my named-checkconf -zj output: https://pastebin.com/raw/qUfBjGaS
20:12 < d9867eb>  [19:45] [d9867eb(+Zi)] [5:Freenode/#devuan(+cnt)] [Act: 1,2]
20:12 < d9867eb> [#devuan] please ask for more information if you need to knon.la' has no address records (A or AAAA)". I am using Devuan ascii.
20:12 < d9867eb> 19:45 < d9867eb> my /etc/bind/zone/domain.db file https://pastebin.com/raw/2Z4Ss7fY
20:12 < d9867eb> 19:45 < d9867eb> my named-checkconf -zj output: https://pastebin.com/raw/qUfBjGaS
20:12 < d9867eb>  [19:45] [d9867eb(+Zi)] [5:Freenode/#devuan(+cnt)] [Act: 1,2]
20:16 < jason85> Is IP source routing actually being used today?
20:16 < lupine> yes. I use it
20:18 < jason85> But isn't it considered bad practice? An attacker could not only spoof the source IP of a packet but also MitM that ip address
20:18 < lupine> depends on how you set it up, and whether you use reverse path filtering and so on
20:19 < lupine> in my use case, it's for packets *originated* from a box
20:20 < lupine> if someone sends an ICMP echo request to my router's public IP, without source-based routing, the echo reply goes out via the default route, which is the vpn tunnel
20:20 < lupine> with source-based routing, the reply goes out on the same interface as the request came from
20:25 < detha> I suspect we are talking about two different concepts that both could be called 'source based routing'
20:28 <+catphish> lupine: i don't think you're describing source routing
20:28 < lupine> catphish: sure I am. the destination for the packet depends on the source address of the packet
20:28 <+catphish> jason85 is talking about "source routing", i believe you are referring to routing rules based on source IP
20:29 <+catphish> lupine: yeah, that's not source routing
20:29 < lupine> hmm, how does it differ then?
20:29 <+catphish> lupine: source routing is when the source host chooses the whole route
20:29 < lupine> oh my. that sounds insane
20:29 <+catphish> lupine: it is, nobody uses it :)
20:29 < lupine> :D
20:29 <+catphish> https://en.wikipedia.org/wiki/Source_routing
20:29 < lupine> I have definitely seen what I'm talking about described as source-based routing though.
20:30 <+catphish> in theory IP supports it, but i don't think anyone uses it
20:30 < lupine> ah, wiki calls mine policy-based routing
20:30 < lupine> I stand corrected!
20:30 <+catphish> i call it policy routing, yeah, and you can route based on almost anything in policy routing
20:37 < d9867eb> hi mates, I have a problem. I need to set up my own DNS server. I chose to use BIND9. However I get the error "ns1.domain.la' has no address records (A or AAAA)". I am using Devuan ascii.
20:37 < d9867eb> my /etc/bind/zone/domain.db file https://pastebin.com/raw/2Z4Ss7fY
20:37 < d9867eb> my named-checkconf -zj output: https://pastebin.com/raw/qUfBjGaS
20:37 < d9867eb> please ask for more information if you need to know more help me. thanks
20:43 < Poster|n> so there are no registered nameservers for domain.la, you would typically go to your registrar to do so
20:43 < Poster|n> the top level domain (.la) has to know where to send queries
20:47 < d9867eb> Poster|n: what do you mean?
20:48 < Poster|n> Contact the company you purchased the domain "domain.la" and ask how to register nameservers
20:48 < Poster|n> Until the nameservers are registered, the Internet does not know where to go to submit DNS queries
20:48 < d9867eb> I did register my nameserver as ns1.domain.la under their support page
20:49 <+catphish> d9867eb: what gives you this error?
20:49 < Sout> ahah. but how do they know where domain.la
20:50 <+catphish> works for me: ns1.domain.la.		60	IN	A	173.230.141.80
20:50 < d9867eb> catphish: named-checkconf -zj
20:50 < Poster|n> when I execute "host -t ns domain.la" I get nothing coming back, if the nameserver is registered, the domain must then be updated to use it
20:51 <+catphish> d9867eb: oh yeah, the error is accurate, there is no A record for ns1 in your zone file
20:51 < d9867eb> the domain isnt really domian.la but smth else because i wanted stay private
20:51 <+catphish> d9867eb: seems self explanatory and correct
20:51 < d9867eb> it is apelsin.la
20:51 <+catphish> add the NS records eg:     ns1 IN A x.x.x.x
20:52 <+catphish> and then it'll be happy :)
20:52 <+catphish> otherwise how's it supposed to know the IPs for those hosts!
20:54 < d9867eb> catphish: I have the records added already
20:54 <+catphish> no you don't
20:55 < d9867eb> ?
20:55 < d9867eb> where should i add them?
20:55 < E1ephant> you need it at TLD level
20:55 <+catphish> by the way, when you publish your IP addresses in DNS they won't be secret any more, don't see why you redacted them
20:55 < E1ephant> "DNS Glue"
20:55 < E1ephant> if the records are within that zone
20:56 < d9867eb> what do yo mean by TLD level?
20:56 < E1ephant> Top Level Domain
20:56 < E1ephant> so where your NS records are
20:56 <+catphish> https://paste.ubuntu.com/p/dNmJH2dZrj/
20:56 < E1ephant> you will need an A record for your ns1/ns2 in that server
20:57 <+catphish> needs to look like that, assuming the nameservers are inside that same domain name
20:57 <+catphish> and if that's the case, you will also need glue records as E1ephant says
20:57 < d9867eb> glue records?
20:57 < E1ephant> yes DNS Glue records
20:57 < E1ephant> Affermative
20:57 < E1ephant> positive response
20:57 < Apachez> glue records = A records stored in tld dns servers
20:57 < d9867eb> E1ephant: what?
20:58 <+catphish> d9867eb: yes, glue records, they allow things to find your nameservers without having to already know where they are to look them up  from themselves :)
20:58 < Apachez> they are used when you host your own dns servers
20:58 < E1ephant> d9867eb: it's pride week!
20:58 < Apachez> like ns1.example.co ns2.example.com for example.com
20:58 < E1ephant> woohoo party time
20:58 <+catphish> what are we proud of?
20:58 < Apachez> you cant resolve subdomain.example.com without accessing ns1 or ns2.example.com
20:58 < E1ephant> lbgtqdns
20:58 < Apachez> so you cant find out what the ip of ns1 and ns2.example.com is without getting to the ip of ns1 and ns2.example.com
20:58 <+catphish> E1ephant: i'm none of those :(
20:59 < Apachez> so the TLD stores this in their dns servers
20:59 < Apachez> aka glue records
20:59 < E1ephant> catphish: not a network nerd or dingo?
20:59 <+catphish> E1ephant: never thought my sexuality was really something to be proud of, just a genetic fluke
20:59 < E1ephant> I extended it for the channel with the dns part
20:59 < E1ephant> yeah I am pretty cis as they come
20:59 < E1ephant> but meh down to party and support :)
20:59 < d9867eb> catphish: :)
20:59 <+catphish> me too, i'm way boring
21:00 <+catphish> but i'll still party with the gay bros
21:00 < E1ephant> yes, they are professionals
21:00 < E1ephant> teaching me the ways of the wine day drinking
21:00 < d9867eb> ok so i should add those nameservers
21:00 <+catphish> i'm drinking merlot
21:00 < E1ephant> dang, two steps ahead of me :)
21:00 < E1ephant> still on nitro coffee, but it's noon now!
21:01  * E1ephant switches drugs
21:01 < d9867eb> for fag discussions I recommend the subreddit: /r/askgaybros
21:01 < d9867eb> very nice
21:01 < d9867eb> theu are very nice there i think
21:01 < E1ephant> brb though, lunchtiem!
21:02 <+catphish> https://i.imgur.com/KqLj4uW.jpg
21:02 < E1ephant> niiiice
21:03 < tds> I see you're having a good friday night :)
21:03 <+catphish> yar
21:07 < d9867eb> service still wont start
21:08 < tds> that's not a great deal of use, what's the error/output?
21:09 <+catphish> whats the error?
21:09 < d9867eb> zone localhost/IN: loaded serial 2
21:09 < d9867eb> zone 127.in-addr.arpa/IN: loaded serial 1
21:09 < d9867eb> zone 0.in-addr.arpa/IN: loaded serial 1
21:09 < d9867eb> zone 255.in-addr.arpa/IN: loaded serial 1
21:10 < d9867eb> zone apelsin.la/IN: loaded serial 2018062203zone localhost/IN: loaded serial 2
21:10 < d9867eb> zone 127.in-addr.arpa/IN: loaded serial 1
21:10 < d9867eb> zone 0.in-addr.arpa/IN: loaded serial 1
21:10 < d9867eb> zone 255.in-addr.arpa/IN: loaded serial 1
21:10 < d9867eb> oops using pastebin isntead
21:11 <+catphish> serial 1? that's a poor choice of serial number
21:11 < d9867eb> https://pastebin.com/raw/AtHteg6b
21:11 <+catphish> but technically valid
21:12 <+catphish> oh they're the built in zones, ok
21:12 <+catphish> well there's no errors there, they must be in the logs
21:12 <+catphish> oh wait
21:12 <+catphish> you tried to restart it
21:12 <+catphish> but its not running
21:12 <+catphish> try starting it!
21:15 < d9867eb> i did, I ran service bind9 start and it didnt start
21:15 < d9867eb> I got the error Starting domain name service...: bind9 failed!
21:15 < d9867eb> catphish:
21:16 <+catphish> find the logs then
21:16 < d9867eb> NOTHING THERE
21:16 < d9867eb> sorry caps lock by msitak
21:16 < d9867eb> mistake
21:17 <+catphish> maybe try to run bind in the foreground, see if it gives any good errors
21:17 <+catphish> dunno how
21:18 < d9867eb> could smth with serial be wrong?
21:18 < d9867eb> catphish:
21:19 < tds> there are a lot of things it could be, debugging with error messages from bind will be a lot easier than modifying the config and guessing
21:19 <+catphish> i don't think so
21:19 < d9867eb> ok
21:20 < d9867eb> i dont find anymore error messages
21:20 < tds> what os/version is this?
21:21 < tds> if it's systemd, you may be able to get logs with journalctl
21:21 < d9867eb> are there any more files than named.conf, named.conf.options and zone/apelsin.la.db to configure?
21:21 < d9867eb> i am using Devuan, a debian fork without systemd
21:22 < d9867eb> seems like I am 9.10.3
21:22 < d9867eb> I am on 9.10.3
21:23 < tds> running named with -g might help, since that should log to stderr?
21:24 < d9867eb> running named with in the init file?
21:24 < d9867eb> tds: ?
21:24 < d9867eb> with -g
21:25 < tds> no, just directly, look at the man page for named to see
21:25 < tds> though you'll probably want to pass it whatever options your init script gives it normally
21:26 < d9867eb> error permission denied for some stuff
21:26 < d9867eb> should I change permissions?
21:26 < tds> probably not, what user are you running it as?
21:27 < tds> I think named is normally started as root, binds to port 53 and stuff, then drops down to another user (set by -u)
21:30 < d9867eb> -u bind is in my config file
21:33 < d9867eb> in /etc/default/bind9
21:48 < tds> d9867eb: did you get it sorted in the end?
21:49 < d9867eb> tds: no i found some new errors
21:49 < d9867eb> https://pastebin.com/raw/hmFMfFAa
21:49 < tds> what user did you run bind as?
21:49 < tds> you should probably be running it as root, then with -u bind so it'll drop privileges
21:50 < d9867eb> tds: yes I think that is correct
21:50 < d9867eb> I do that
21:55 < d9867eb> tds I also made sure the key file and the log are readable and the log file writable
21:55 < tds> it looks a lot like those issues were with running it as non-root, not with permissions
21:56 < d9867eb> i tried running it as root too
21:56 < tds> if you've made keys world readable or configs world writable, you should probably revert that
21:58 < d9867eb> tds: ok i reverted that but I want a solution to this crap
21:58 < d9867eb> pls
21:59 < tds> what's the output if you run "named -g -u bind" or something like that as root?
22:00 < d9867eb> tds: the IP errors went away
22:00 < d9867eb> tds: it is the same as the output I sent you earlier but without the IP errors
22:03 < d9867eb> tds: https://pastebin.com/raw/1Wfmg4Cq
22:05 < thevishy> tcpip is not 100% reliable? like there is a small chance that the data that is transferred is not the same? similar to hash collision concept?
22:06 < thevishy> https://stackoverflow.com/questions/3830206/can-a-tcp-checksum-fail-to-detect-an-error-if-yes-how-is-this-dealt-with
22:09 < Apachez> well sure
22:09 < Apachez> you got 1522 bytes of data squeezed into a 32 bit crc32 checksum
22:12 < thevishy> so you mean it is not 100% reliable?
22:15 < adleff> thevishy, this is part of the reason why you see md5 or sha checksums posted next to a file download
22:15 < adleff> in the unlikely event that your transfer is corrupted
22:15 < thevishy> okay adleff, yes I was thinking that this is for interrupted downloads
22:16 < thevishy> and not something you would use otherwise
22:21 < thevishy> it is a bit of scary that means there is a likely hood of someone getting a million dollar in his bank however unlikely?
22:22 < thevishy> a 0 turning into 1 over a network is likely would mean something like this is theoretically possible no?
22:22 < thevishy> i know it is not specific to network, even in ram or hdd this could happen
22:24 < Poster|n> possible yes, but I would guess financial institutions have multiple layers of ensuring data integrity
22:24 < Poster|n> and you're looking at a single packet, not many transactions occur on just one
22:24 < thevishy> alright, *possible* is what I wanted to know. theoretically i couldn't think of a logic that would be 100% reliable
22:25 < thevishy> no matter what logic you can make, you can argue otherwise
22:25 < Poster|n> but as adleff mentioned, verifying integrity of the transfer after it has been transferred is relatively inexpensive insurance
22:26 < thevishy> right Poster|n
22:26 < Poster|n> past that you can have things like "man in the middle" or other manipulation happening
22:26 < d9867eb> Poster|n: hey
22:26 < Poster|n> which there are other encryption/authentications which help
22:26 < d9867eb> any idea about my dns problem?
22:28 < E1ephant> d9867eb: seems to be stuck trying to write to /var/log/bind9/ eh?
22:29 < thevishy> logically it seems impossible to construct a way to make a network transfer 100% reliable. for any mechanism you can come up there is this question what if that fails?
22:30 < thevishy> so yes got the points, quite intersting
22:31 < d9867eb> E1ephant: also, it cant load the key correctly. the log dir has 0751 as permissions
22:33 < E1ephant> and the process running the service is the owner?
22:33 < E1ephant> (of that dir and subs)
22:34 < d9867eb> E1ephant: yes
22:35 < d9867eb> ofc
22:35 < ellyacht> can someone tell me how to install an already downloaded driver? But without their suggestions and without their opinions please.
22:36 < Jonta> Yes
22:36 <+catphish> ellyacht: i suggest you figure it out yourself
22:36 <+catphish> ellyacht: my opinion is that you're rude
22:45 < comrumino> Does anyone know a list of protocols which have a sub-type? An example would be ICMP which has multiple message types.
22:47 < d9867eb> E1ephant: do you have any idea?
22:47 < Poster|n> IP has several, igmp is type 2, tcp is type 6, udp is type 17
22:51 <+catphish> comrumino: i don't think you could easily make a list, at higher layers it gets pretty complicated
22:52 < d9867eb> catphish: hey
22:52 < comrumino> catphish, makes sense. thanks!
22:52 < d9867eb> my issue still isnt solved
23:15 < AaronTTT> Hi All, I've recently bought a 12U server rack, I'm planning it out now before I go university, Can anyone provide criticism to my plan? Any is appreciated :) https://imgur.com/a/asTJr5K
23:18 < ryao> Ambient Noise level: -37dBm. -_-
23:19 < S_SubZero> AaronTTT: looks fine I guess?  What's it for
23:24 < AaronTTT> #S_SubZero Its for my workstation, and a virtualisation server (for development) and some networking equipment to link it up. (I'm going for a network course at university and like to tinker around with making software)
23:29 < S_SubZero> some serious stuff there, go for it
23:29 < S_SubZero> probably use more power than my whole house
23:30 < AaronTTT> S_SubZero: The accommodation has power included, and no policy against running servers :)
23:33 < adleff> AaronTTT, hi aaron. your rack sucks.  fuck your rack bro
23:33 < adleff> ;)
23:33 < AaronTTT> adleff: ruuuuudeeeeeeeeee xD
23:33 < adleff> is this a wall mount rack?
23:33 < adleff> where is it going
23:34 < AaronTTT> adleff: Under my desk, 12u is the perfect size, and nope its for le floor
23:37 < Ouroboros> just learned about 1.1.1.1, interesting
23:38 < drudge`> o.O
23:38 < adleff> he must mean the cloudflare service
23:38 < drudge`> oooh, right
23:39 < drudge`> did you leanr about 9.9.9.9 while you were at it?
23:40 < S_SubZero> 127.0.0.1 best IP
23:41 < Ouroboros> drudge`: yes, but meh
23:41 < Ouroboros> also looking at opennic
23:42 < ryao> This is just ridiculous: https://www.quora.com/Is-this-true-that-if-we-keep-a-fan-behind-a-Wi-Fi-router-the-signals-travel-faster-than-usual-because-of-air-pressure
23:42 < Ouroboros> hmm
23:43 < ryao> Ouroboros: Did you learn about 4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4 and 4.2.2.5 too? What about 8.8.8.8 and 8.8.4.4?
23:46 < Ouroboros> yeah, i know all kinds of ips, even some with colons
23:48 < Ouroboros> ryao: not clicking, but reminds me of that plane on a treadmill thing
23:49 < ryao> AaronTTT: Make storage ZFS and a 3U. :P
23:50 < Ouroboros> ryao: i am finally going to try ZoL shortly
23:50 < AaronTTT> ryao: What can i do to reduce on space to fit it? My main PC needs to be 4u as I just found out, the GPU doesnt fit in a 3u right :/
23:51 < AaronTTT> ryao: Cheers for the advice btw :)
23:52 < ryao> AaronTTT: Remove the storage 1U and storage 2U and use a 3U.
23:52 < ryao> Ouroboros: Cool.
23:53 < ryao> AaronTTT: Oh, I see how you did it now. Nevermind.
23:53 < AaronTTT> ryao: Ahhhh my bad, The colours refer to an individual box
23:53 < AaronTTT> ryao: yeh my bad, should have labeled it
23:53 < ryao> AaronTTT: Still use ZFS.
23:53 < ryao> AaronTTT: You did label it. That is why I was confused. :P
23:53 < ryao> AaronTTT: Line 8 says a 2U while line 7 looks like a 1U
23:54  * ryao regrets not counting them.
23:55 < AaronTTT> ryao: Ahh no worries :P, Thats why i tried to colour code it because it confused me too just reading the list
23:55 < ryao> AaronTTT: You can in theory virtualize your main PC. If you need to play games, there is VFIO. Unfortunately, I know from experience that it would be a headache. :/
23:55 < zOthix> i want to connect to google from my terminal, and enter something to search as well then extract data from the output using open ssl, is this possible? if so can anyone help me with this?
23:56 < zOthix> all this within a bash script
23:56 < Ouroboros> ryao: i will ping you when things go horribly wrong :P
23:56 < AaronTTT> ryao: Ah could do that, Hmm Maybe I could combine the virtualized server and the storage one together? is that a good practice thing to do?
23:57 < ryao> Ouroboros: We have #zfsonlinux. Ping me there.
23:57 < Ouroboros> best practice is one vm per service
23:57 < Ouroboros> ryao: i know
23:57 < ryao> AaronTTT: It can be done. I don't know if I'd call it good or bad practice though.
23:59 < kuahara> If I have multiple machines connecting via openvpn and all of them have 1Gbps interfaces on their nic, but the connection (as reported by Windows) is a 10Mbps connection, is Windows reporting the wrong connection speed or is there a 10Mbps bottleneck somewhere?
--- Log closed Sat Jun 23 00:00:09 2018