--- Log opened Sat Jun 30 00:00:19 2018 00:04 < spaces> linux_probe alive (and kicking) ? 00:35 < xrash> I'm building an application that will feature two-way communication between a server and multiple clients over websocket. I care about message ack and message order, thus I am building ack messages and message sequence in the protocol (my application layer protocol over websocket). Is this correct practice or am I reinventing the wheel? At first I thought this would be necessary since I can`t ever rely on the network, but I also feel like I might be 00:35 < xrash> building something that already exists. 00:35 < lupine> websockets will deliver your messages reliably and in order 00:36 < lupine> you might still want to know that they've been delivered at-all though 00:38 < spaces> it could be me but it seems to be a hobby to people to geotag breastfeed rooms for women and such things :P 00:40 < Wixy> Does anybody use nginx? I'm getting this error: nginx: [emerg] unknown directive "worker_processes" in /usr/local/nginx/conf/nginx.conf:1 00:40 < Wixy> worker_processes is a valid directive, what is going on? 00:44 < xamithan> Do you have any includes Wixy 00:44 < xamithan> You get that message sometimes if an include has an error 00:45 < xamithan> It also might be in the wrong block or outside of a { 00:53 < kerframil> scientes: which kernel version are you using? 01:13 < Wixy> never mind, I fixed it 01:13 < Wixy> however I've lost access to my AWS instance 01:13 < Wixy> I changed its elastic IP and now it doesn't have a "public dns" 01:13 < Wixy> Any idea? 01:19 < lupine> just connect to the new IP 01:24 < Wixy> lupine, that's what I tried but didn't work 01:24 < Wixy> don't know what that "public dns" is or how it works 01:25 < lupine> it just points at the ip, so doesn't matter 01:25 < Wixy> I'm trying to connect to the new public ip (elastic IP), no dns should be involved right? 01:25 < lupine> right 01:25 < lupine> perhaps contact amazon support if you're struggling 01:25 < Wixy> but it doesn't work unless you have a public dns in there 01:25 < lupine> jeff bezos can use some of his money to help you ourt 01:25 < Wixy> I just fixed it by associating the elastic ip to another interface 01:26 < Wixy> that instance has two itnerfaces, it probably got associated to eth1 instead of eth0 01:26 < Wixy> so somehow it wasn't getting a public dns 01:26 < Wixy> I know it SHOULDN'T matter, but I'm telling you what happened... 01:27 < Wixy> btw, do you happen to know any easier way to setup an elastic IP? I need to associate multiple to this instance, it's tedious, same for releasing the addresses 01:30 < luminos1ty> _0x1ce0x4 what encoding is this 01:30 < luminos1ty> found in JS 01:30 < luminos1ty> another sample or two _0x1ce0x7 _0x1ce0x8 01:38 < Fieldy> masked octal would be my guess but i'm dumb 02:01 < drac_boy> hi 02:01 < drac_boy> just had to ask for curiousity sake but is $140 for a digital modem not too unreasonable? 02:04 < qman__> a what? 02:07 < xamithan> Whats a digital modem 02:08 < qman__> modem stands for modulator/demodulator, as in modulating digital signals over an analog media, and demodulating analog signals into digital 02:08 < xamithan> I know this 02:08 < xamithan> But whats a digital modem 02:08 < qman__> right 02:08 < qman__> all modems are both digital and analog by defintition 02:09 < qman__> a "digital modem" is not a thing 02:09 < qman__> except perhaps a modem manufactured by digital equipment corporation 02:11 < qman__> I don't know if they ever made modems, though 02:17 < DoYouKnow> is SONET still used? 02:17 < xamithan> Sure 02:19 < xamithan> They slowly being replaced with WDM and other tech though. (Wavelength-divison multiplexing) 02:21 < Holo> Like how IPv4 is being replaced with IPv6 02:23 < h0dgep0dge> Like how Linux is being replaced by Hurd 02:23 < scientes> lol 02:24 < scientes> ipv6 is so slow to arrive 02:24 < scientes> such a nightmare 02:24 < scientes> meanwhile we get CGN madness 02:25 < mgolisch> its scary and new.. 02:25 < scientes> it is so sad how many isps doen't provide ipv6 02:25 < scientes> cause they are stupid 02:25 < h0dgep0dge> all i want is my own publicaly routable subnet, is that so hard? T_T 02:26 < drac_boy> scientes I'm still waiting on many everyday softwares to accept ipv6 fields .. till then have to use v4 connection to get them to function :s 02:26 < drac_boy> (as you obciously can't type a full v6 address in a numeric-only 12-digits field basically) 02:26 < h0dgep0dge> it's because consumers don't care. my isp offers gigabit, but not ipv6, because consumers like fast speeds, but don't care about the technology 02:26 < scientes> like my cell phone provider 02:26 < scientes> drac_boy, yeah but if you are an free software person like me that isn't a big hurdle 02:27 < xamithan> If you get something like gfiber they give you full routable ipv6 02:28 < mgolisch> iam sure most isps will give you ipv6 02:28 < h0dgep0dge> honestly though, ipv6 addresses scare me a little bit. right now i can easily memorize my lan addressing scheme, do you expect me to memorize my 64 bit (or more) prefix in order to talk to other machines on my lan? 02:28 < xamithan> Why would you memorize even ipv4 ? Thats what DNS is for 02:28 < scientes> h0dgep0dge, but you can't access those machines by the same addresses from the ourside 02:29 < xamithan> Besides, SLAAC solves that problem 02:29 < scientes> its stupid 02:29 < h0dgep0dge> i memorize for ipv4 because my home network doesn't warrant a dns setup, there's only like 4 machines i need to know the address for 02:29 < scientes> h0dgep0dge, dnsmasq isn't hard to setup 02:30 < h0dgep0dge> i know it isn't hard, but it seems like overkill 02:30 < scientes> and you could just use global dns 02:30 < scientes> with private addresses in it 02:30 < xamithan> Something that simple is never overkill 02:30 < xamithan> Hell, you could just use a hosts file on the router 02:31 < scientes> I like using real authoritative global dns 02:31 < scientes> then getting mad cause NAT stupidity 02:31 < h0dgep0dge> globally routable addresses are something i'm stoked for, it's just remembering addresses 02:31 < xamithan> But you don't need to remember them O.o 02:33 < h0dgep0dge> i'm not really hot on setting up a dns server for this problem anyway, but what about when i go to fix my parent's internet? 02:33 < h0dgep0dge> am i to set up a dns server there too? 02:33 < xamithan> Does your parents not just use dhcp for everything ? 02:34 < xamithan> I don't even need to open nat ports for mine 02:34 < h0dgep0dge> sure they use dhcp, i'm not really sure what you mean 02:34 < xamithan> I'm not sure why you would need a dns server for your parents so I'm confused what you mean 02:35 < xamithan> Unless they are technies and run servers in the home 02:35 < h0dgep0dge> because how else would i talk to the devices on their network? 02:36 < Holo> VPN? 02:36 < h0dgep0dge> i don't mean how would i connect to them, i mean how would i know their addresses? 02:36 < Holo> Bridge the two networks together with a tunnel 02:36 < h0dgep0dge> that's the issue i'm talking about 02:36 < xamithan> What you need to know their addresses for? 02:36 < mgolisch> use your dns? 02:36 < xamithan> Just to ping6 them ? 02:37 < h0dgep0dge> >_> when you're configuring a router you need to know it's address? 02:37 < xamithan> Not if its all SLAAC or DHCP 02:37 < Holo> You could use something like ZeroTier one and have 2 devices, one on each network. Just configure them to bridge and wala 02:37 < Holo> One massive lan across 2 physical locations but logically 1 lan 02:38 < h0dgep0dge> holo: you're missing my point 02:38 < Holo> You want to configure a router? 02:38 < xamithan> You mean like the initial setup of the router to say setup wifi ? 02:38 < xamithan> I'd just plug in a comp and grab the gateway address 02:38 < xamithan> No need to memorize stuff 02:39 < h0dgep0dge> right, i'm not saying there's no way to do it, i'm saying it's less convenient than ipv4 02:39 < Holo> You can talk to devices on a Network without DNS 02:39 < Holo> How is IPv6 not convenient? 02:39 < xamithan> Thats not a good reason to keep ipv4 around 02:39 < mgolisch> ipv4 only services is though, no? 02:39 < h0dgep0dge> xamithan: i fully agree, i don't want to keep ipv4 around, i'm just having a whine for the sake of it 02:39 < Holo> .... 02:40 < xamithan> I wonder though. Most ipv6 addresses I see are even shorter than IPv4 02:40 < Dagger> remembering v6 addresses isn't hard 02:40 < Holo> Fd80::1 02:40 < Dagger> 203.0.113.42+192.168.1.2, vs 2001:db8:42:1::2 02:40 < xamithan> fe80::001, boom 02:40 < Dagger> the v6 address is _shorter_ 02:40 < Holo> There is my router 02:40 < xamithan> er I didn't even need those leading zeroes 02:40 < Holo> Fd is like the 10.0.0.0 02:41 < Holo> Lol 02:41 < Dagger> it's true that you _can_ make the address longer and more impossible to remember, but if you do that _and_ refuse to use DNS for it then you only have yourself to blame 02:41 < Holo> Don’t use :p 02:41 < h0dgep0dge> okay that's an excelent point, i hadn't considered that ipv6 has link local addresses 02:41 < xamithan> It'd be cool to have DNS for just part of the address 02:42 < xamithan> First section: microsoft::25 02:42 < Holo> No 02:42 < xamithan> It'd be cool though, just confusing ;P 02:42 < h0dgep0dge> xamithan: i was thinking something similar to that. you could have some alias that resolves to whatever the prefix is on your current newtork. local::1 or something like that 02:42 < h0dgep0dge> but that's essentially what fe80 is 02:48 <+catphish> xamithan: dns is already hierarchical for that reason :) 02:50 < terrango> hi 02:57 < tds> I've seen some providers do automatically generated forward and reverse zones including part of the address, so I guess that's close to what you're thinking of 03:06 < JollyRgrs> i have an allied telesis GS950/24 (NOT the eco version). It is running AT-S79 software version and i can't for the life of me reset it to factory defaults (I don't remember user/pass) 03:14 < h0dgep0dge> heyyy, i have a bunch of allied telesis switches 03:14 < h0dgep0dge> i bought a lot of like 10 of them for like 70 bucks 03:15 < h0dgep0dge> i couldn't work out how to get into them, but if memory serves i was able to get in touch with allied telesis, gave them my mac address, and they gave me some kind of backdoor password or some-such 03:20 < h0dgep0dge> or some kind of cryptic obfuscated password, maybe it's just the default, who knows 03:20 < h0dgep0dge> but it was dependant on the mac address, so you might want to chat to them 03:22 < JollyRgrs> h0dgep0dge: thanks, i've already submitted a ticket with them 03:23 < JollyRgrs> defaults are user:manager pass:friend 03:23 < JollyRgrs> that didn't work 03:23 < JollyRgrs> i'll pray their chat will still support it for me 03:23 < JollyRgrs> only 11 yrs old 03:23 < JollyRgrs> but gigabit is gigabit, i finalyl tossed out a 5 port linksys 10/100 HUB the other day 03:23 < JollyRgrs> wasn't in use for a long time, just sitting at the bottom of a box of junk 03:31 < h0dgep0dge> should be fine, they helped me with mine and they're about that age 03:32 < h0dgep0dge> i have at least one that's badged allied telesyn, which must have been changed at least 15 years ago 03:32 < JollyRgrs> ooh, Ctrl+C got me to a menu 03:33 < JollyRgrs> i can change IP, software upgrade, or jump to runtime code 03:36 < JollyRgrs> h0dgep0dge: so uh... i hit Ctrl+D from that menu.... then B to hardware reset 03:36 < JollyRgrs> except hardware reset didn't change user/pass :( 03:39 < JollyRgrs> dangit.... D is just debug for i think reboot hardware 03:40 < JollyRgrs> Ctrl+O is OEM settings... reset there only resets OEM settings :( BLAST! 03:45 < h0dgep0dge> all the information i have is that the login info is manager:manager 03:49 < JollyRgrs> oh, not manager:friend? 03:49 < JollyRgrs> dang, that didn't work either 04:19 < h0dgep0dge> do you have a copy of the manual for your firmware? that's where i got manager:manager 04:19 < h0dgep0dge> if you don't, i would get one 04:23 < JollyRgrs> h0dgep0dge: yeah, book says it is manager:friend, but it isn't that 04:24 < JollyRgrs> so i need to find a way to reset it 04:45 < winsoff> Any ideas as to what "coloing" would be in the following sentence? "I'm p sure you could make money coloing residential lines" 04:50 < BenderRodriguez> co-locating 04:51 < koala_man> is it intended to mean providing colo on a residential line? 04:52 < BenderRodriguez> I guess so 04:52 < koala_man> I guess "legitimately" isn't implied 05:17 < JollyRgrs> yeah... either that, or hosting your neighbor's connection in a DC somewhere and say "hey, you may not have phys. connection to the network, but if you did, you can get 10Gbe!! 08:13 < azonenberg> If you have a 19" rack in a room that isn't a full datacenter 08:13 < azonenberg> how do you normally orient it? 08:14 < azonenberg> In the past i've had the front facing the room proper with the back against a wall, but that was hard to get access to for maintenance 08:14 < azonenberg> unless you moved it out 2-3 feet which left a lot of awkward space 08:15 < azonenberg> I'm planning a new install where i'm putting in two racks, one for servers and one for a large UPS 08:15 < azonenberg> Thinking about rotating the racks so that the sides are parallel to the wall, maybe 6" of clearance or so 08:16 < azonenberg> Basically a classic hot-aisle / cold-aisle setup, but with one rack in each row and 2 rows 08:33 < dnanib> I think the decision is pretty much dependent on airflow in the room. "Getting access for maintenance" is probably a once-in-a-month or rarer use-case? 08:34 < dnanib> Primary consideration has to be to clear hot air near mounted devices' exhaust fans quickly and efficiently. 09:38 < TandyUK> ^^ Front wants to have the air con pointing at it, back wants to be as close to extraction vents as possible. Personally id probably go side by side, but really depends on the room 09:47 < linux_probe> le-split 10:03 < azonenberg> dnanib: this is a 400 square foot lab space 10:03 < azonenberg> Due to other constraints, the HVAC is on the opposite wall but the area should be well cooled and the gear isn't running that hot in my experience 10:04 < azonenberg> the racks are far from full, and much of what's there is switching, patch panels, and other low-density / non-heat-producing stuff 10:04 < azonenberg> the UPS rack will be a 3U inverter/UPS module and the rest is external battery modules 10:05 < azonenberg> My plan is to run the two racks face to face (cold aisle) with the secondary breaker panel between them on the wall (so the 36" working space for both racks and the panel overlap, but nothing is in the space) 10:05 < azonenberg> Then have the back side of the UPS rack face the main breaker panel for the building 10:05 < azonenberg> and the back side of the data rack face the entry door for the lab 10:06 < linux_probe> the world is my lab =p 10:06 < dnanib> Sounds fine. Anyway if it is mostly patch panels UPS batteries etc there can't be many reasons to needing access. 10:08 < azonenberg> dnanib: well the non-ups rack is going to have a bunch of experimental FPGA hardware on it that may need more frequent access to swap in new PCB revisions etc 10:08 < azonenberg> My point is more, in the past (my current lab) i've had racks facing the room 10:08 < azonenberg> with the back a foot or so from the wall 10:08 < azonenberg> making access nearly impossibly 10:08 < azonenberg> by rotating so that the *side* is against the wall, now you have plenty of space 10:09 < azonenberg> Without blocking hallway space or access to lab benches across the aisle 10:09 < azonenberg> The lab as a whole is a 20x20 foot donut 10:09 < azonenberg> with an 8-foot wall down the middle 10:09 < azonenberg> and benches (or racks) around the perimeter and the central wall 10:09 < azonenberg> So you have 10 foot wall to wall on each side of the lab 10:10 < azonenberg> putting a 3 foot wide bench on one side and a rack on the other leaves barely enough space for a chair and space to walk between the work stations 10:15 < azonenberg> dnanib: The other thing i forgot to say before is, all of the servers are 2U 10:16 < azonenberg> This is a relatively small scale deployment and having quiet fans, using low-cost commodity parts, etc matters more than density 10:22 < theunix> autotune opiate 10:22 < theunix> zaziggyza 10:57 < theunix> where are you? 10:57 < theunix> pretty place where thw Flowers grow? 10:58 < theunix> you still go out to eat jnollette? 10:59 < theunix> get that ripoff price for some body to talkback to you? 10:59 < theunix> ready to go into the congo for xenogen 11:00 < theunix> tomacat send LTE codes 11:02 < tomacat> emmmm 11:23 < h0dgep0dge> ennnn 11:30 < skyroveRR> tnnnnnnn 11:43 <+catphish> morning 11:44 < skyroveRR> Aloha catphish 12:02 < wpwpwpwp> So when I get me a good VPN box service I can not only use it as VPN but also as a "relay" for getting through double-NAT? 12:03 < wpwpwpwp> or should I go for VPS (not VPN) right away 12:03 < wpwpwpwp> (where VPN is basically SaaS on VPS, right)?) 12:05 < h0dgep0dge> what do you mean by getting through double nat? 12:05 < ^7heo> not having to suffer the effects of double address masquerade. 12:05 < ^7heo> which WILL anyway happen since there is no way around it for egress. 12:06 < ^7heo> but with a VPN/VPS-running-a-VPN, you will not technically see it anymore. 12:06 < ^7heo> not on "your network" 12:06 < h0dgep0dge> yeah, i mean, presumably even when connecting through a vpn the packets are still going through the same path on your end 12:06 < ^7heo> yeah 12:06 < ^7heo> but the VPN will hide that from your perspective, once you're connected to your VPN and routing through it. 12:07 < h0dgep0dge> what's the benefit of that? 12:07 < wpwpwpwp> yes, this I want 12:07 < ^7heo> h0dgep0dge: bliss. 12:07 < wpwpwpwp> h0dgep0dge: that I can connect from the outside 12:07 < wpwpwpwp> and my ISP is torturing me :( 12:07 < wpwpwpwp> blocking random ip blocks (for da security) for some time 12:07 < wpwpwpwp> dns fails, issues with requesting 12:07 < h0dgep0dge> ah gotcha, you want a public address? 12:07 < wpwpwpwp> this ,too :D 12:07 < ^7heo> wpwpwpwp: what if they block your VPN IP 12:07 < wpwpwpwp> ^7heo: too obvious :D 12:07 < wpwpwpwp> hehe 12:07 < ^7heo> wpwpwpwp: then you can NOT connect at all, no matter whta IP you're behind. 12:08 < ^7heo> wpwpwpwp: what on earth do you mean, "too obvious"? 12:08 * skyroveRR pokes ^7heo 12:08 < h0dgep0dge> as an answer to your question, i would probably rent a vps and set it up myself, because that's the kind of masochist shit i get off on 12:08 < ^7heo> hey skyroveRR!! 12:08 < wpwpwpwp> ^7heo: oh, I mean stuff fails when going over ISP internet directly, they block sometimes some ip blocks for some time, then DNS is stale and even doesn't work - and is "transparently" enforced 12:09 < skyroveRR> ^7heo: yoohoo 12:09 < ^7heo> I would actually buy a simple cheap router 12:09 < wpwpwpwp> h0dgep0dge: tbh, they can see what I am watching :P I don't really care. at least they got some quality, lol 12:09 < ^7heo> like ubnt ER8pro 12:09 < wpwpwpwp> ^7heo: but will this solve the double nat issue? 12:09 < ^7heo> and plug that as my edge router on my LAN 12:09 < ^7heo> ah right you need a device OUTSIDE your LAN to do that 12:09 < ^7heo> my bad. 12:10 < ^7heo> wpwpwpwp: no matter how you go about it you will need to go through the NAT tho 12:10 < ^7heo> just change the ISP, really 12:10 < ^7heo> don't vote with your money for people who treat you that bad. 12:10 < ^7heo> THAT is the real masochist part 12:10 < wpwpwpwp> ^7heo: can't change it :( :( I would really love to. but there is no alternative for now. I have to use LTE, no fixed lines available for now. 12:11 < wpwpwpwp> ^7heo: a VPN box would offer me a way to get a permanent connection with public ip? 12:11 < wpwpwpwp> hmmm, there are VPN with public IP? 12:11 < ^7heo> all of them 12:11 < ^7heo> literally 12:11 < wpwpwpwp> ah cool 12:11 < ^7heo> I recommend ipredator 12:11 < ^7heo> because they're cool 12:11 < wpwpwpwp> so with a VPN I could already connect from the outside 12:11 < ^7heo> but any VPN will work 12:11 < ^7heo> however, it would also work to rent a U1 in some random DC, put a blade in there, and run shit there. 12:12 <+catphish> if you get your own VPS you can potentially use it to route a proper public IP right to your VPN client 12:12 < ^7heo> yeah 12:12 < ^7heo> that's what wpwpwpwp was asking among the first questions 12:12 < ^7heo> hi catphish btw. 12:12 <+catphish> hai 12:12 <+catphish> i pretty much only just got out of bed 12:12 < ^7heo> same 12:12 < ^7heo> just that I live right next to a deli 12:13 < ^7heo> so now I'm there with my laptop enjoying cake 12:13 < ^7heo> if you weren't overseas, I'd invite you :D 12:13 < h0dgep0dge> ^7heo: i think you may have misunderstood, are you saying that literally all vpn providers allow you to accept connections on a public ip address? i think that's what they were asking when they asked about having a public ips 12:14 < ^7heo> I never said anything about their ingress policies 12:14 < ^7heo> you asked if they had a public IP address, I said "yes" 12:14 < h0dgep0dge> right, but i think that's what they were asking about 12:14 < ^7heo> h0dgep0dge: then they should have phrased it that way :D 12:14 < ^7heo> I mean, asking if the VPN providers give a different public IP address may be for a dozen various reasons. 12:15 < wpwpwpwp> well, OK, my own VPN box is better then? 12:15 < ^7heo> it's always better to own your stuff. 12:15 < wpwpwpwp> can I get a VPN with shell integrated that is cheaper than a VPS where I put my own VPN on? 12:15 < ^7heo> the ONLY reason for renting stuff is lower costs. 12:15 < ^7heo> I don't know of any VPN provider that would throw a "shell" in. 12:16 < ^7heo> usually you run a box on your end 12:16 < ^7heo> that technically is routed "behind the VPN address" 12:16 < ^7heo> it's not really clear what you want. 12:16 < ^7heo> at least not to me ;] 12:16 < wpwpwpwp> ^7heo: alright, so I get me a very cheap disposable VPN and slab a nice VPN software onto it 12:16 < wpwpwpwp> over which I can connect 12:17 < ^7heo> I think you're confusing VPN and VPS 12:17 < ^7heo> at least in writing. 12:17 < ^7heo> or your sentence doesn't really make sense. 12:17 < h0dgep0dge> yeah, you don't put software on a vpn, vpn is the software 12:18 < skyroveRR> Think of a VPS as a computer outside your house that you have access to. A VPN is something that you use to gain access to a private network from elsewhere. 12:18 < ^7heo> a VPS is just a computer you rent on someone else's network. 12:18 < ^7heo> like anything "in the cloud" 12:19 < h0dgep0dge> and you can use a vps to implement vpn, but they're not really very closely related, despite them both starting with "virtual private" 12:20 < ^7heo> I'm pretty sure you can technically find a way to run a VPS on a VPN 12:20 < ^7heo> if you want to invest days of research on how to be pedantically right on some terms 12:20 < ^7heo> by exploiting some flaw in software somewhere 12:21 < ^7heo> and use some wrongfuly exposed state in the VPN software and some crypto logic to implement respectively your memory and computing 12:21 < ^7heo> but I'm not sure how efficient that would be. 12:24 < ^7heo> now I kinda feel compelled to use try to find a way to get the VPN server to compute arbitrary instructions 12:25 < ^7heo> I wonder if the server sends the checksum of incorrect packets back to the sender somehow 12:32 < wpwpwpwp> ^7heo: so it is better to use a VPN as service instead running an own one on VPN? 12:32 < wpwpwpwp> *VPS 12:33 < ^7heo> which one tho? :D 12:33 < ^7heo> (I know which one, but your logic is not deterministic) 12:33 < h0dgep0dge> it's not really a question of what's better 12:34 < ^7heo> well it's arguably better to run a bare machine in a DC 12:34 < ^7heo> than to run a cheap box on a LAN behind two NAT stacked on top of each other, routed through a VPN that is somehow hosted for cheap at a greedy provider that may or may not leak data to third parties for additional income... 12:35 < h0dgep0dge> okay, so you've pointed out something that actually confuses me. a lot of vpn people say use a vpn because you can't trust your isp or other infrastructure operators 12:35 < h0dgep0dge> but like, answer me this vpn man, why the heck do i trust you?! 12:36 < h0dgep0dge> why do i trust the people providing _your_ internet service? 12:36 < h0dgep0dge> you gotta draw the line somewhere, can't go through life with trust issues 12:38 < h0dgep0dge> and if you think about it, is there a better place to harvest private information than a vpn? the information you want to hide is the information i want to steal most 12:53 < rgrundstrom> Good day everyone, Im looking into learning how to design and implement a modern and redundant network solution. The one im familiar with is the use of a mix of OSPF (RFC 2328, for backbone) and LDAP (802.1ax, for end points.) But what are the options here, are there more secure and modern solutions? 12:54 < ^7heo> h0dgep0dge: trust is a complex thing. 12:54 < ^7heo> h0dgep0dge: it's everywhere and it's what our entire society runs on. 12:54 < ^7heo> and the important point about trust is: 12:55 < ^7heo> 1. it can scale 12:55 < ^7heo> 2. it can be defined (as in mathematically so) 12:55 < ^7heo> 3. we have the technology (computing) to automate it. 12:55 < ^7heo> so we no longer have to go by that rough logic you wrote above. 12:55 < Emperorpenguin> rgrundstrom: you mean LACP 12:56 < ^7heo> we still do, because nobody cares enough to implement what would be required for really defining and automating trust 12:56 < rgrundstrom> Emperorpenguin: yes... Brain had not got any coffe yet.. 12:56 < ^7heo> or let's say, to implement it better than the already existing broken attempts at it. 12:56 < ^7heo> and also because it's a hard problem. 12:56 < skyroveRR> ^7heo: pm? 12:56 < Emperorpenguin> ok rgrundstrom so what size network are we talking about 12:56 < ^7heo> skyroveRR: hit me :] 12:56 < Emperorpenguin> how does it look like now 12:56 < Emperorpenguin> data closet distribution 12:57 < Emperorpenguin> fibrer runs 12:57 < rgrundstrom> Emperorpenguin: small buisness 12:57 < Emperorpenguin> budget? 12:57 < Emperorpenguin> preferred vendor? 12:57 < Emperorpenguin> define small 12:58 < rgrundstrom> about 30 physical servers, 10 of them are VM-Ware ang baout 50 client stations. 12:58 < Emperorpenguin> 30 servers and 50 clients? 12:58 < rgrundstrom> y 12:58 < Emperorpenguin> y tho 12:59 < rgrundstrom> Emperorpenguin: sorry about my spelling... as i said no coffe 12:59 < Emperorpenguin> no I mean 12:59 < Emperorpenguin> why though? 12:59 < Emperorpenguin> 30 vmware hosts and 50 clients sounds like A LOT of servers 13:00 < h0dgep0dge> Is it just me, or is "looking to design and implement and modern and redundant networking solution" nearly meaningless marketing speak? 13:01 < station> I need POE af injector and splitter to send 35meter 12v but its seems to be a cheap cable and I can only measure 0.003v… is there a big difference between cable quality resistance or is it the length? 13:01 < Emperorpenguin> a bit 13:01 < Emperorpenguin> h0dgep0dge: can start to mean something with an at least 10-page document attached 13:01 < rgrundstrom> Emperorpenguin: 10x vm-ware hosts and 50 clients, problem is that a lot of other solutions are depending on this site beeing up and running. And the current network is absolutly crap at the moment, no redundance what so ever. 13:01 < h0dgep0dge> station: are you measuring under load? 13:02 < Emperorpenguin> rgrundstrom: I guess you should look into geographical redundancy too if it's so important 13:02 < Emperorpenguin> or 13:02 < Emperorpenguin> pardon me for what I'm about to say 13:02 < Emperorpenguin> cloud 13:02 * Emperorpenguin shivers 13:02 < station> h0dgep0dge : the led on spliter dosent pulse and the router dosent turn on 13:02 < h0dgep0dge> 0.003 volts sounds a lot like zero volts and a pretty average meter 13:02 < rgrundstrom> Emperorpenguin: We share the same opinion regarding cloud then.... 13:03 < h0dgep0dge> that is to say, the cable is damaged, high resistance doedn't do that 13:03 < h0dgep0dge> cloud! DUH duh DUUUHHHHH 13:03 < Emperorpenguin> though I admit that for a small business the cost of a secondary datacentre, geographically distributed, can be unbearable and cloud could help 13:04 < station> h0dgep0dge: well the multimeter detects something, the cable cant be dameged on all, maybe one led damaged its new and added carefully 13:04 <+StevenR> station: what's not working? 13:05 < rgrundstrom> Emperorpenguin: We have 2 sites so we have geographically distributed. But still a switch failure can bring down the site. Its not acceptable. So im looking in to how to resolve it. That is why. 13:05 <+StevenR> station: what sort of PoE standard does the injector conform to, if any? 13:05 < Emperorpenguin> sure 13:05 < station> StevenR: 13:05 < station> I need POE af injector and splitter to send 35meter 12v but its seems to be a cheap cable and I can only measure 0.003v… is there a big difference between cable quality resistance or is it the length? 13:05 < Emperorpenguin> the company I work for deals exclusively with Cisco so I can tell you about this one vendor, there are many others but this is mine. Without them, I'm useless. Without me, thay'll do just fone 13:05 < Emperorpenguin> *fine 13:06 < rgrundstrom> station: How old is the cable? 13:06 < h0dgep0dge> i can't get over that number, 0.003v, what are the error bars on that measurement? are you using some kind of temperature controlled lab multimeter? 13:06 < rgrundstrom> Emperorpenguin: Cisco or HP is fine 13:06 < station> rgrundstrom: new added jesturdaycarefully 13:06 < Emperorpenguin> rgrundstrom: have you considered calling someone for some consultancy? 13:06 <+StevenR> station: so the injector is compliant to 802.3af ? 13:07 < rgrundstrom> Emperorpenguin: yes, but its because I want to learn too :) 13:07 < h0dgep0dge> rgrundstrom: i agree, get a consultant, my number is 555-867-5309 13:07 < Emperorpenguin> as much as I'd love to help over IRC you could use some help from someone in person 13:07 < station> PoE TP-LINK TL-PoE10R splitter and Linksys, High Power, LACPI30-EU injector 13:08 < Emperorpenguin> so let me guess rgrundstrom, 10 servers, at least 6/8 uplinks each (one for data, one for vmotion, one for management, and one for storage unless you have FC amirite?) 13:08 < rgrundstrom> Emperorpenguin: 2x FC for each Vm-Ware host to SAN 13:09 < Emperorpenguin> so we're looking for 60 uplinks minimum, are we talking 10g or 1g? 13:09 < Emperorpenguin> maybe you don't need 10g for pure management 13:09 < Emperorpenguin> let's say 40x10g and 20x1g 13:10 < rgrundstrom> Emperorpenguin: Everything is 1G apart from the FC 13:10 < Emperorpenguin> are you hitting bandwidth bottlenecks? 13:10 < station> StevenR : both IEEE 802.3af and 802.3at PoE TP-LINK TL-PoE10R splitter and Linksys, High Power, LACPI30-EU injector 13:10 < rgrundstrom> Emperorpenguin: During backups yes 13:10 < Emperorpenguin> but you do them on separate uplinks from the VM data and storage right? 13:11 < rgrundstrom> Emperorpenguin: not today no. There is a plan to seperate it, waiting for purchase approval on that 13:11 < station> https://www.linksys.com/gb/p/P-LACPI30/ and https://www.tp-link.com/us/products/details/cat-43_TL-POE10R.html 13:11 <+StevenR> station: what other equipment do you have available to you ? Do you have a poe access point that you could prove the injector works using that cable, for example? 13:12 < Emperorpenguin> then you could really use some 10g... 13:12 <+StevenR> station: what are you trying to power using the splitter? 13:12 < rgrundstrom> Emperorpenguin: would prefer a 10G backbone, even if not using it fully, it would be future proof 13:12 < Emperorpenguin> anyway without knowing much more it's hard to help you properly, you could do with a pair of 24 port 10g 3850 but considering the datacentre environment I'd suggest to look into a nexus 5000 13:13 < rgrundstrom> Emperorpenguin: one moment 13:13 * Emperorpenguin mutes the mic, activates speakerphone, listens to music on hold 13:14 < Emperorpenguin> https://www.youtube.com/watch?v=6g4dkBF5anU 13:14 < station> StevenR so i made a test with a short cable and the splitter led blinks on the long cable test I connected a old linksys router burt there was no led to begin with on the splitter 13:14 < Emperorpenguin> tunzzztt takakaka tunztt takakaka 13:15 < rgrundstrom> Emperorpenguin: Yeah ive been looking into that solution as well (nexus 5000) with a couple of FEX for distribution. 13:15 < Emperorpenguin> yup 13:15 < Emperorpenguin> they're meant as top-of-rack switches 13:15 < Emperorpenguin> and have 40g uplinks 13:16 < rgrundstrom> Emperorpenguin: https://www.youtube.com/watch?v=0s6bv4yayOk 13:16 < superbia> good day, what range could i share wireless around my house (if the terrain is clear and then if there are trees) 13:17 < Emperorpenguin> no sorry rgrundstrom I do Cisco Call Manager so the One and Only Music On Hold is this one https://www.youtube.com/watch?v=w-SIManm_Qo 13:17 < Emperorpenguin> IN STEREO (where available) 13:19 < rgrundstrom> Emperorpenguin: Could you provide me with a more specific modell number on what you think would be a good TOR switch? 13:20 < Emperorpenguin> no 13:20 < Emperorpenguin> :D 13:20 < rgrundstrom> Emperorpenguin: Ok :p 13:20 < Emperorpenguin> it's saturday and it's lunchtime too 13:21 < rgrundstrom> That would be true 13:21 * rgrundstrom looking for pizza 13:21 * Emperorpenguin might go gorge himself on sushi 13:21 < rgrundstrom> Emperorpenguin: Not a bad choice 13:29 <+StevenR> station: ok, but what's your end goal? To power that old linksys router or something else? 13:37 < zamanf> how can I delete this route: default * 0.0.0.0 U 50 0 0 ppp0 ? 13:41 <+xand> zamanf: you sure you wanna do that? 13:42 < zamanf> xand, I have a default routes, this one is the VPN one 13:42 < zamanf> I want to use vpn only for 1 ip address 13:42 < zamanf> so I added a route for that but want to remove it for the rest 13:43 <+xand> configure the vpn client to not create default route 13:44 <+xand> you can use "ip route del" to get rid of it as a once-off thing 13:44 < zamanf> at first I tried to do this, but I can't find the setting for this 13:44 < zamanf> I am using PPTP for vpn though network manager in ubuntu 13:48 <+xand> Click NetworkManager applet icon > VPN Connections > Configure VPN... > select VPN network > Edit > IPv4 Settings > Routes... > Check 'Use this connection only for resources on its network' 13:48 <+xand> 13:49 < zamanf> tried it already 13:49 < zamanf> doesn't work 13:52 < skyroveRR> Then your NM is borked. 13:53 < skyroveRR> Launch your VPN manually instead. Don't rely on NM to keep your machine happy. 13:53 < Atro> just use ip route delete 13:53 < Atro> ez pz 14:02 < station> StevenR: yes router + 2 - 3 ip camera in the future 14:10 < station> StevenR: the cable might not be even cat 5 it looks cheep 14:15 < brentaarnold> Anyone here use the Juniper SRX line? 14:17 < Atro> brentaarnold: try #juniper 14:17 < brentaarnold> thanks! 15:18 < zenix_2k2> one question, does every device which has the ability to connect to a network needs to have a NIC built into it ? 15:19 < zenix_2k2> or it can have something else 15:19 < light> no 15:20 < zenix_2k2> no for something else or no for the NIC part ? 15:20 < Affliction> It has to have some hardware to connect to whatever the network is. 15:24 < zenix_2k2> but does that "hardware" need to be a network adapter ? 15:25 < Affliction> I guess it would be, by definition? 15:26 < Affliction> Even, for instance, the wifi radio. In many phones that's on the same chip as the main CPU 15:28 < Affliction> It'd still be an adaptor between the chip's internal peripheral bus, and the wifi network. 15:28 < zenix_2k2> HHHmmm... fair enough 15:28 < Affliction> Same holds for wired ethernet. 15:29 < zenix_2k2> and by "bus" you mean the thing inside the CPU ? 15:30 < Affliction> The connection between the CPU cores, peripherals, and memory. 15:30 < Affliction> Probably a gross oversimplification for modern chips, there's likely multiple busses. 15:31 < felix_vs> Hi, I am having issue with using OpenSSL tool to retrieve static web page content from a server using HTTPS GET method: I get 400 Bad Request response. is there anybody willing to help me troubleshoot it? not sure if this is the right place. 15:31 < Affliction> On x86 hardware, probably PCIe to a card 15:32 < light> felix_vs: don't ask to ask, just ask 15:32 < Affliction> felix_vs: If you're getting a 400, the TLS layer's probably fine, you're probably not sending a valid request at the HTTP level. 15:33 < light> Affliction: he means he's using the openssl s_client tool 15:33 < Peng_> felix_vs: Why not use a real client 15:33 < felix_vs> light: yes 15:33 < Peng_> felix_vs: openssl s_client doesn't even do TLS wellm, let alone HTTP 15:34 < felix_vs> light: I'm trying to retrieve web page content from URL that my browser renders as static text document. I'm trying to make a point of using a CLI tool for the job, in this case: OpenSSL version 1.0.2g, given that the site supports HTTPS connection. so I begin using the interface as a client, trying to connect to a server hosted with the domain name 'stallman.org' (WWW), over the HTTPS protocol on the usual port 443. i 15:34 < felix_vs> establish a connection to it with the command: 'openssl s_client -connect stallman.org:443'. then, within the OpenSSL interface, I am allowed to communicate with the server via CLI. so I use the HTTP's GET method to request a resource named '/discord.html'. I specify the HTTP version 1.1, and give the following command: 'GET /discord.html HTTP/1.1'. However, I receive an unexpected response: Status 400 Bad Request. Meanwhile 15:34 < felix_vs> my web browser is able to retrieve the content, while seemingly sending the same request, but receiving the response Status 200 OK. Anybody can help me troubleshoot the phenomena I encounter? all I could think of is that the web browser also sends additional information alongside the GET request. information like browser-specific identifying User-Agent. what do you think, could this be the reason? 15:34 < light> wall of text 15:34 < felix_vs> well, is there other way i should explain this? 15:34 < felix_vs> open to suggestion light 15:34 < Affliction> felix_vs: you'll probably need at least a Host: header 15:35 < Affliction> And maybe SNI, if that's possible through s_client 15:36 < felix_vs> Affliction: yes previously I would send the 'Host:' header alongside the GET method, but in this case I immediately got the 400 Bad Request response, without specifying header! 15:37 < light> felix_vs: nc -l 1234 then browse to 127.0.0.1:1234 15:37 < light> this will show you what properly formed headers look like 15:37 < Affliction> ^ 15:37 < Affliction> Check line ending too 15:38 < Peng_> felix_vs: There are CLI tools that are suited to the job. openssl isn't one of them. Use curl or wget. 15:40 < felix_vs> light: Affliction: ok I can see how the headers look like. trying to connect this with my attempt: could it be the case that i didn't send the rest of the headers fast enough to the server, and so the server acted immediately on it by sending a bad request response? 15:41 < light> cut and paste the headers into an s_client session and see what happens 15:41 < light> However, Peng_ is right, why aren't you using curl/wget? 15:41 < felix_vs> ahh ok i'll try this! light 15:41 < Peng_> You're also not sending the TLS SNI extension. 15:42 < felix_vs> Peng_: well I didn't know about curl/wget tools. only chose telnet first because i knew about it, but it couldn't handle SSL cryptography, so I used openSSL instead 15:42 < Peng_> TLS and HTTP are not simple 15:46 < felix_vs> light: ok I tried pasting what was an 8-line header that I received from nc -l 1234 command . the server again responded before i was able to paste everything (only got in 7 lines out of 8). again bad request 400 15:46 < felix_vs> light: Peng: i guess i should use curl/wget then instead, but does it matter for this specific test? 15:46 < Peng_> felix_vs: Yes 15:48 < Affliction> felix_vs: I'd suspect it's probably a line ending issue. Likely sending \n instead of \r\n 15:49 < felix_vs> Peng_: too bad i couldn't find curl/wget mentioned in the textbook by tanenbaum. do you have good resource to recommend for me that can help me get started for doing this specific test? are the official man pages enough for the job? 15:50 < felix_vs> Affliction: ooh interesting point 15:54 < felix_vs> Affliction: i'm not sure how to explicitly specify what the line ending would look like, when using OpenSSL. i guess there might be a flag i can set up when i launch the interface to indicate line ending. 15:57 < Affliction> s_client plausibly just treats stdin as a bytestream 15:58 < Affliction> in which case you could probably: echo -ne "GET /file HTTP/1.1\r\nHost domain\r\n\r\n" | openssl s_client ... 15:59 < Affliction> Even so, if your ultimate goal is to just pull URLs: curl 15:59 < Affliction> or curl -q 16:00 < station> how can i test a 35metercable 16:00 < station> my tester got 0 warking 16:02 <+StevenR> station: so, with a short cable, the router works when fed from the injector/splitter? 16:04 < brentaarnold> What UTM's do you guys prefer (specifically for SMB?) 16:09 < zenix_2k2> and also one nooby question, does "Ethernet" mean wired connections ? 16:09 < zenix_2k2> i just have 2 feelings that it maybe is and maybe not 16:16 <+catphish> zenix_2k2: ethernet is wired, yes 16:18 < zenix_2k2> but does that mean that ethernet only has 1 type ? 16:18 < zenix_2k2> cause a book of mine says that it has more 16:18 <+catphish> zenix_2k2: no, there are lots of ethernet standards 16:18 <+catphish> zenix_2k2: some are copper, some fiber, different speeds 16:18 <+catphish> but they're all wired 16:19 < zenix_2k2> well but what i mean is my book said something like "The IEEE defines different kinds of Ethernet, depending on the connection media and the speed of which Ethernet moves the network data" 16:19 < zenix_2k2> is that what you mean ? 16:19 <+catphish> yes 16:19 <+catphish> in fact, that's excatly what i said 16:20 < zenix_2k2> so "different kinds" in this case = "lots of ehternet standards" ? 16:20 < zenix_2k2> well i thought they were 2 different things :P 16:27 < felix_vs> Trying again: does anybody have educational resource to recommend for curl/wget? I understand these are for retrieving web content, however, I would like more overview understanding (and particularly from a single source, unlike Wikipedia entry). unfortunately couldn't find anything on tanenbaum's textbook. any ideas? 16:28 < detha> man curl, man wget ? 16:30 < felix_vs> detha: tried that, but both man pages are raw (as most man pages are). to me it looks like more of a reference resource, rather than an educational resource. for instance, i need to understand the reason to choose one tool over the other, what is the design goal , who is this meant for, etc. kinda high-level almost-non-technical 16:31 < detha> zenix_2k2: once upon a time there were two ethernet standards, xerox and 802.3. The only difference is that the one has a 'length' field, and the other a 'next header type' field at the same offset 16:33 < detha> felix_vs: don't think such a thing exists. Both tools do the same job, some things are easier using the one, some things are easier using the other. Use one, when you start fighting it see if the other one works better. 16:34 < felix_vs> detha: ahh the general "if it ain't broke don't fix it" 16:34 < felix_vs> alright thanks anyway 16:36 < detha> felix_vs: more like C-spanner or ring spanner. Both tighten/loosen nuts. Sometimes one is easier to work with, sometimes the other, and in some cases only one of them can do the job. 16:38 < felix_vs> detha: ahh i see what you mean now re: C-spanner and ring spanner (side note: had to look that up, since English is not my native language) 16:42 < station> this cable is ok for POE? 16:43 < station> http://www.pixelmag.ro/index.php?route=product/product&path=95&product_id=1466 16:48 < dogbert_22> any decent ethernet cable rated CAT 5/5e/6 should do PoE without issues 16:50 < mero> man i keep getting ping'd because of "cat" 16:50 < mero> it's for cat as in kitties 16:50 < mero> not cat 5s or 6s 16:50 < mero> lol 16:50 < bedbugs> k 16:57 < station> StevenR: yes tested with short cable plug and play all usual blinking leds on router and splitter I triple checkt wireing the connector but that shoudnt mean all are incorect so it only can be the cable 16:59 < bedbugs> hey can i ask a question 17:06 < jamesd__> bedbugs: you can type, you can ask... perhaps someone will answer it, but then you won't have that question anymore, but that is up to you. is it worth the risk btw ( you did ask a question) 17:08 < bedbugs> but its important 17:09 < jamesd__> then its best to keep it to your self, no need to lose an important question. 17:09 < bedbugs> i dont want to ask the important question and then it just gets ignored 17:09 < bedbugs> i need guaranteeds 17:10 < bedbugs> guarantees 17:10 < jamesd__> guarantees and opensoruce, requires an open wallet. that is they opensource works 17:11 < bedbugs> how many cores are in a quad core operating system 17:11 < bedbugs> i mean cpu's 17:13 < jamesd__> bedbugs: depends on the cpu, and what you consider a core. a quad core cpu could be an intel cpu with dual physical cores and 2 virtual cores aka hyperthreading(HT), or 4 cores no HT, or it could be considered a 4 cores cpu with HT that marketing fluff considers to be 8 cores... and don't get my started with RISC chips. 17:14 < bedbugs> but how many cpu's are in a quad core icore5 that is 2.5Ghz 17:15 < jamesd__> bedbugs: which model number.. it varies... google "cpu model number" ark for more details. 17:16 < bedbugs> jamesd__:how do i find out if it has hyperthreading or not 17:18 < jamesd__> https://ark.intel.com/products/97128/Intel-Core-i7-7700-Processor-8M-Cache-up-to-4_20-GHz is mine, and it is a 4 cores, that act like an 8 core cpu.. 8 threads 17:21 < jamesd__> if you happen to be running windows, you can install cpu-z for more details, on linux cat /proc/cpuinfo | less for cpu details 17:58 < zeldafan78> Is there some way to "test" whether an e-mail going from
to
will be encrypted and sent directly there? (Without actually sending an e-mail.) 18:02 < detha> no 18:06 <+catphish> zeldafan78: do you control one or both of the email servers? 18:07 <+catphish> zeldafan78: by the way, email is never encrypted in a secure way, so even if it is encrypted it shouldn't be considered secure 18:10 < SlowJimmy> catphish what about aes encryption though? 18:10 <+catphish> what about it? 18:11 < SlowJimmy> isnt it secure if oyu handle it properly? 18:11 < SlowJimmy> like an aes256? 18:11 <+catphish> aes is itself secure, yes, if you use keys properly 18:11 < SlowJimmy> or what about pretty good privacy? 18:11 < skyroveRR> Modern encryption is secure in theory, but flawed in design. 18:11 < SlowJimmy> i mean IF ( i know this is a big if) you handle it properly 18:11 < skyroveRR> AKA "implementation". 18:12 < skyroveRR> Implementations looked good on the outside, but suck in the inside. Like openssl or GPG. 18:12 <+catphish> SlowJimmy: you're muddling a few different layers here 18:12 < skyroveRR> catphish: not me, hopefully. 18:12 < jamesd__> bugs occur if you don't patch frequently you may not have any data security in a short time, if your attacker throws enough resources at the problem. 18:13 <+catphish> GPG is a tool that uses an underlying crypto algorithm like aes to encrypt data using public / private keys 18:13 < SlowJimmy> what if your system itself has gotten to can you still have private communique? 18:13 <+catphish> but the original question was about smtp, which is almost never secure 18:13 < SlowJimmy> communicée? not sure how to spell it 18:14 < skyroveRR> comm-you-nick-kae 18:15 < moonman_> any tips on how to learn physical layer programming? 18:15 < detha> read datasheets 18:15 < moonman_> in c or any other language (though probably it is only possible in c) 18:15 < moonman_> yea but datasheets for what 18:16 < moonman_> for the NIC? 18:16 <+catphish> moonman_: first you'd read the RFCs for the protocol you're interested in 18:16 < detha> for the NIC, and maybe for the chipset if it involves setting up DMA 18:16 <+catphish> i mean you very rarely "program" the physical layer, that would be considered electronics, not programming 18:17 <+catphish> unless you're doing FPGA 18:17 <+catphish> so the question doesn't really make sense 18:17 < detha> FPGAs, and windems in the day 18:17 < moonman_> i actually want to modify the interface between layer 1 and layer 2 18:18 < moonman_> thanks for the answers 18:18 <+catphish> the interface between layer1 and layer2 is likely somewhere inside the NIC, you'd want to read its datasheet 18:19 <+catphish> to some extent, you can customize the layer2 frames, though you wont be able to change much about the layer1 18:19 * jamesd__ wonder when FPGA's will get there own OS, they allready do so much. 18:19 < xingu> https://en.wikipedia.org/wiki/Physical_Medium_Dependent 18:19 <+catphish> and even then, a lot of layer2 framing is done in hardware 18:19 < detha> now that makes me wonder. How programmable are 'programmable' SFP modules? 18:20 <+catphish> jamesd__: you can implement a computer in an FPGA and run an OS on it 18:20 < xingu> detha: sfp, typically not very 18:20 <+catphish> i'd say "not very" 18:20 < xingu> detha: osfp / cfp, considerably. 18:20 < jamesd__> hell layer 3 is done in hardware, and they may even be doing layer 4-7 on firmware on high end devices.. its not easy to routing and firewall for multiple 100gigabit pipes 18:21 < xingu> detha: anything more than nrz typically involves a dsp. 18:21 <+catphish> yeah thats optional though 18:21 <+catphish> but physical layer has to be implemented in hardware by definition 18:21 <+catphish> layer2 is a bit more questionable 18:22 < detha> catphish: DSPs as xingu says, and in winmodems, 3/4 of the DSP got farmed out to the host 18:23 <+catphish> in theory you can implement almost anything with a DAC, ADC, and gnuradio :) 18:23 < jamesd__> we deploying these switches at work https://www.juniper.net/documentation/en_US/release-independent/junos/topics/reference/specifications/port-panel-qfx5110-48S.html 18:23 <+catphish> but you're just simulating hardware at that point 18:25 < SlowJimmy> catphish I got a book called tanenbaum - networking 18:25 < SlowJimmy> is it any good? 18:26 < detha> catphish: so is everything. I know someone who made a 1200bd modem using purely analog stuffs and an XR2206 PLL, no dsps whatsoever. It worked, sorta. 18:27 < jamesd__> sounds old... but the basics should be correct but may not apply todays networking 18:28 < detha> the point is, the border between 'implement it in hardware' and 'implement it in software' varies. Most things are easier in software. 18:28 < jamesd__> but if you need fast, do it in hardware. 18:29 < jamesd__> seen on the wall of a major electronics company in large letters "first make it work, then make it work right, then make it fast" 18:30 < detha> Exactly. That is a cycle, complexity goes up, things go software. Until the software gets too slow, so it is worth building custom hardware. Go back to 1. 18:31 < xingu> until you hit the shannon limit of substrate. 18:31 < xingu> then, broadly speaking, you're fucked. 18:32 < jamesd__> then you divide the work and use multiple chips/pathways to do the job, wash, rinse, repeat 18:32 < detha> Then make it broader (pardon the pun), and put many things in parallel 18:32 < xingu> it's the "gather" part of scatter/gather that gets tricky there. 18:32 < jamesd__> not enough blue light can go through a fiber, you red and green... lasers. 18:33 < jamesd__> er /you/use/ 18:33 < detha> Also a cycle. 'Too slow, go parallel' 'Oh shit, the timing gets too icky. Make something faster single-lane'. Repeat. 18:34 < xingu> I'm talking about hitting the limits of what you can signal between adjacent features on die 18:34 < jamesd__> life in the cloud, i have seen failure in things monthly, in ways that i had only seen once in my previous 20 years in IT 18:35 < detha> xingu: back to analog computers ;) If we can't send the bits faster, turn them into bytes 18:41 < xingu> all I'm saying is that there's a reason that dot3bs has a _25cm_ range spec. :) 18:47 < Apachez> are we measuring e-penis again? 18:48 < xingu> no, I lost my angstrom range measuring tape again. 19:42 < wtflux> hey guys im learning about different networking techniques and came upon the router-on-a-stick methodology, is this not necessary if you have a layer 3 switch? 19:43 < detha> no 19:45 < detha> router-on-stick is something you use to route between, say, two vlans on a L2 switch. If the switch does its own routing, no need for it 19:46 < wtflux> Ok thanks, and i have a quick question regarding packets and datagrams, i was under the impression that datagrams operated on layer 2, and if a layer 2 vlan switch is tagging its vlan is it doing the tagging on a datagram or a packet? 19:47 < JeffDev> Hi 19:49 < detha> wtflux: semantics. L2 tagging is around ethernet frames. Packet/datagram is more an L3 thing 19:49 < wtflux> ok 19:51 < wtflux> ok i get it now 19:51 < wtflux> thanks for that 19:58 < wtflux> detha: say i have 2 sites connected to the internet with 2 vlan's at each site 10,20 and i have vlan switches between the hosts and the gateway, would i need an additional "router-on-a-stick" between the switch and the gateway or could the ISP route to the other site and let the switches handle it? 20:00 < detha> wtflux: that needs a picture. VLANs don't travel over standard internet. VLANs also don't travel over L3 VPNs. You could create an L2 VPN between the sites, and run tagged ethernet through that. 20:00 < wtflux> ok 20:00 < JeffDev> can I ask a noob question? 20:00 < wtflux> i wasnt aware there were l2 and l3 vpns 20:01 < JeffDev> I got some problems with my home asa connection a my remote site 20:04 < Emperorpenguin> detha: I think he means he has two subnets at each site 20:05 < wtflux> detha ok here's my picture: https://pasteboard.co/Hsk2jue.png but i believe your answer still stands, no? 20:05 < wtflux> Er, i messed the picture up already. but i think you get the idea, i forgot to label the 2 subnets/vlans at each site 20:06 < wtflux> i was just wondering if i HAD to have a router to get the vlan's inter-routed but you answered that vlans dont travel over standard internet 20:06 < wtflux> so that basically sums it up 20:06 < detha> wtflux: the question here is, between where and where is the VPN? between the gateways ? 20:07 < wtflux> There is no vpn, i didnt know one was needed 20:08 < detha> your gateway won't understand vlans. so yeah, either the gateway will have to strip the vlan tags off, or you need some form of L2 VPN (L2TP, openvpn tap, ...) between the sites 20:09 < wtflux> Emperorpenguin does bring up a good point though, because after you said vlans arent carried over l3 vpn's i started to read about them and found that L3 VPN's each side of the connection is on a diff subnet, so that would make me wonder how if VLAN's cant travel over L3 vpns but L2 VPN's wont cross 20:09 < wtflux> subnets how do you get it there 20:09 < Emperorpenguin> Subnets how do they work 20:10 < wtflux> contain all traffic to a specific range of addresses 20:10 < Emperorpenguin> I know 20:10 < Emperorpenguin> I was making a reference to "magnets how do they work" meme 20:10 < wtflux> prevent broadcast storms 20:10 < wtflux> oh 20:11 < wtflux> Do you need like MPLS vpn? 20:11 < Emperorpenguin> Can't say I am a network genius but after 5 years in this field at least I know how subnets work 20:12 < Emperorpenguin> Mmm MPLS my favourite lab drug 20:12 < Emperorpenguin> I mean protocol 20:13 < detha> MPLS will work 20:13 < wtflux> detha: gotcha, i just re-read your statement, ANY l2 vpn 20:14 < Emperorpenguin> MPLS will also be more expensive 20:14 < wtflux> then the L3 vpn onsite can finish the rest of the routing to the destination VLAN or the L3 vpn not needed at that point once it arrives at it's dsetination gateway and the gateway passes all traffic to the switch? 20:14 < Emperorpenguin> But will have better performance guarantee 20:14 < detha> yup. vlan tags are an L2 thing. So you need L2 connectivity, be that some tunnel, MPLS, VXLAN, .... 20:43 < my_mind> How do I connect a ubiquity ap to the router? 20:44 < my_mind> I plugged it in to the router but it’s not showing up on the client list of the router 20:44 < buu> open the controler 20:44 < buu> adopt it 20:45 < my_mind> I installed the controller on windows 10 pro 20:45 < my_mind> It says no devices 20:45 < my_mind> How do I adopt it? 20:46 <+pppingme> wtflux you probably don't need l2 vpn or vlans, what are you really trying to do? get two sites to talk to each other? Just build a tunnel and do simple routing.. KISS principle.. 20:46 < wtflux> im doing a lab to learn VLAN's 20:46 < wtflux> so im setting up VLAN's then i want to route them 20:47 <+pppingme> by definition, vlans work at L2, and L2 isnt' routable, so the question is broken 20:47 < wtflux> with the same vlans at different sites, but detha answered my question already, and pointed me in the general direction to find out more info that has helped me understand what i need to know 20:48 <+pppingme> in that case, you're actuall bridging, and bridging is sloppy and shouldn't be done over a wide area 20:50 <+pppingme> if thats homework I can't believe schools are teaching such sloppy solutions 20:55 < jackbrown> Question: If I would go buying an OpenWRT compatible router, which one should I have to buy? 20:59 < my_mind> Please tell me how do I make the ap talk to the router? 20:59 < my_mind> The Ethernet cable will not turn on 20:59 < my_mind> I tried to reset the access point 20:59 < my_mind> No luck 21:00 < jackbrown> Question: If I would go buying an OpenWRT compatible router, which one should I have to buy? 21:03 < my_mind> I installed the discovery tool on chrome but the access point still is not showing up 21:04 < my_mind> How do I adopt it? 21:07 < my_mind> It says Poe on the back of the access point. Does it have to be plugged into a Poe switch? 21:08 <+pppingme> my_mind so you don't get link lights? 21:08 < my_mind> No lights 21:08 <+pppingme> does the AP have a source of power? 21:09 < my_mind> Only one Ethernet port. Nothing else 21:09 <+pppingme> its designed to do PoE? 21:09 < my_mind> Can’t it take power from the router? 21:09 <+pppingme> probably not 21:10 < my_mind> :( 21:10 <+pppingme> do the swithc ports on the router do PoE? 21:10 <+pppingme> what AP is this? 21:10 < my_mind> I don’t know. It’s an arris router 21:11 <+pppingme> you don't know what AP it is? 21:11 <+pppingme> there's dozens of ways of doing PoE.. only two are standardized.. you need to determine what this device needs 21:12 < my_mind> It’s the AP AC Lite Unify 21:12 < RearchSesults> do you really need to pay 39 USD to use rsync on windows? 21:13 <+pppingme> my_mind it should have come with a power injector 21:13 <+pppingme> RearchSesults no, find a diff version 21:14 < Fieldy> RearchSesults: no, why would you? 21:14 < Fieldy> i use deltacopy (client), it's clunky but works 21:16 <+pppingme> my_mind did it not come with one? 21:16 < my_mind> Power injector? Like a really small switch? 21:17 <+pppingme> its basically a "brick" with two ethernet ports and a power jack 21:17 < blackswan> i would like to generate some tls traffic and then decrypt it with wireshark. this means, i think, that i have to disable diffie-hellman key exchange. is this right? 21:17 <+pppingme> one ethernet port goes to switch, one to AP, and of course it needs power 21:17 < my_mind> pppingme: I hope i have it... 21:17 < blackswan> and is there a better channel for this question? 21:18 <+pppingme> blackswan this is an ok channel for that 21:18 < RearchSesults> can i keep update both sides of the file? 21:18 < blackswan> "networking" is pretty generic. it's like saying "i work for cisco." it doesn't tell you what i do... 21:19 < RearchSesults> like if the server side changes it changes the older client side file and if the client side file changes it also changes the server side older file? 21:19 < RearchSesults> can this be done with an rsync? 21:19 < my_mind> pppingme: you saved my life! I found it!!! 21:19 < RearchSesults> I know this could otherwise be achieved through git... 21:19 < buu> RearchSesults: only if you know which one is newer 21:19 <+pppingme> put that near switch, run a 1 meter cable between switch and that device, then plug your AP into it, then power it.. 21:20 < RearchSesults> shouldnt there be a date of change? 21:20 < RearchSesults> @buu 21:31 < my_mind> pppingme: I connected it, it’s showing up in the list 21:31 < my_mind> pppingme: trying to adopt it 21:33 < spaces> it's giving heads! I need ot be quick 21:47 < Soni> so uh 21:48 < Soni> ping -I sends the packets on the right interface 21:52 < Soni> but like, it doesn't uh 21:52 < Soni> how do I explain this 21:53 < Soni> wireshark shows ICMP echo replies 21:53 < Soni> but ping says 326 packets transmitted, 0 received, 100% packet loss, time 337994ms 21:54 < Soni> OTOH wget --bind-address doesn't seem to work *at all* 22:03 < purpleunicorn> What’s an efi boot 22:04 < tds> Soni: -I will set the source address afaik, it won't actually change which interface the packets get sent out 22:04 < tds> (unless you do policy routing) 22:08 < Soni> tds: it's sending out of the right interface, but it's not receiving from that interface 22:08 < tds> does the reply come back via another interface? 22:08 < abdulhakeem> What ports does RADIUS run on? I can't seem to find a clear answer. I at least got 1812/1813 but isn't there also a second pair of ports it runs on? 22:08 < tds> if so you probably want to disable rp_filter for ipv4 22:09 < Soni> no, it's coming back from the correct interface 22:10 < Soni> what's rp_filter? 22:10 < Soni> I've no idea how to do multi-NIC setup 22:11 < tds> is your request going out via a different interface to the one the reply is returned on? 22:11 < tds> if so, linux will filter that by default, you need to disable rp_filter 22:12 < Soni> no 22:13 < Soni> they're going through the same interface 22:14 < tds> oh, hmm, that's interesting 22:15 < tds> you mentioned looking at the replies in wireshark earlier, do all the details match up with the request? 22:15 < tds> I can't remember what the id field in icmp is called now 22:16 < tds> oh, it's just identifier I think 22:18 < Soni> tds: yes 22:19 < tds> do you have any firewall rules that might be dropping the relies? 22:19 < tds> the output of iptables-save would be useful 22:20 < tds> s/relies/replies/ 22:20 < Soni> https://bpaste.net/show/d4f05785608a 22:23 < Soni> tds: I don't see anything useful there 22:31 < tds> hmm, following through that, I don't think it should cause anyissues 22:31 < tds> if you don't rely on the docker stuff though (and you have a firewall upstream on this network), I'd be tempted to clear those chains and try --- Log closed Sun Jul 01 00:00:20 2018