--- Log opened Thu Jul 05 00:00:26 2018
00:00 < Johnjay> i assume you're talking about usb adapters
00:00 < Johnjay> yeah that's a good idea
00:03 < drathir> Johnjay: hc xc etc...
00:32 < purpleunicorn> is anyone using cygwin on their windows terminal? If they are, why doesn't it show the dependencies when installing the packages?
00:33 < Johnjay_> windows... terminal?
00:33 < Johnjay_> i think i have msys, not sure about cygwin
00:33 < purpleunicorn> yeah im using windows
00:35 < Johnjay_> i know msys always shows the dependencies, but it uses pacman
00:35 < Johnjay_> i dunno what cygwin uses
00:39 < purpleunicorn> Johnjay_, well i was following someone else's instructions on youtube and they had what i had but it was just a different version because it was a 4 year old video. So I'm guessing maybe they just updated it.
00:41 < Johnjay_> most linux package managers have a way to view dependencies
00:41 < Johnjay_> not sure if that's helpful to you or not. i'd check the arch wiki or askubuntu for specifics
00:45 < purpleunicorn> Johnjay_, thanks, will do
01:01 < spaces> ok I cannot put any sexyness into this channel anymore... my dogs needs it all :P
01:01 < spaces> I call her my hot dog
01:04 <+pppingme> spaces take it to another channel
01:07 < spaces> that I why won't put it in here anymore :)
02:00 < strive> Interesting issue: Win10 host + Win10 VM client on VMWare. Host is pingable, but VM client isn't. What's the deal?
02:01 < Stryyker> Different range? Checked the networking settings in the VMWare product? (they have many and you haven't told us which you're using - I'm guessing Workstation Player)
02:02 < strive> VMware Workstation 14 Player (non-commercial use only), network adapter is bridged.
02:03 < strive> Host IP = 192.168.1.17 :: Client (VM) IP = 192.168.1.20
02:15 < strive> Stryyker: *Update*: Allowed icmp echo request in firewall. All good now.
02:56 < strixdio> hmm, anyone know if a MX64 or MS 220-8 can be reflashed with custom firmware?
05:33 < purpleunicorn> hey anyone here to help me out
05:33 <+pppingme> strixdio I doubt it, in fact, I'd suspect the license agreement forbits you from doing so
05:33 <+pppingme> purpleunicorn just ask your question, don't ask for help
05:34 < purpleunicorn> sorry
05:34 < purpleunicorn> i need help creating my own certificate
05:34 < purpleunicorn> a self-signed certificate
05:35 < purpleunicorn> i downloaded cigwin and im trying to connect to freenode with the certificate but dont know how. I'm using this https://freenode.net/kb/answer/certfp
05:36 < purpleunicorn> I'm using hexchat so im supposed to create a certs directory and don't know how to do that
05:41 < ForexTraderNYC> hi
06:01 < purpleunicorn> pppingme, do you know the answer to my question?
06:02 < drathir> purpleunicorn: isnt their have how to for most clients commonly used?
06:04 < drathir> purpleunicorn: keep on mind to add cert You need first auth as good remember...
06:05 < purpleunicorn> drathir, i know
06:35 < abdulhakeem> I
06:36 < abdulhakeem> I have a home server that I'd like to primarily function as network storage, but also a print server for my USB-only printer and possibly more, different use cases in the future. Would the better choice be FreeNAS or Ubuntu Server?
06:39 < scientes> abdulhakeem, if you are familiar with ubuntu use ubuntu
06:39 < scientes> I use debian for all my servers
06:39 < scientes> you need cups for the printer
06:49 < sammm> hey guys, having a strange issue. a customer reported that a download using an in house method (http/xml to transport binary files) is taking x6 times as long  as it should. the issue seems to be related to a cisco netscaler which sits inbetween client/server
06:50 < sammm> the odd part is that lots of the HTTP messages are failing FCS becuase the trailer is being filled with either 0x55 or 0xAA
06:50 < sammm> i have NO idea what would be causing that
06:50 < sammm> has anyone seen something similar
06:50 < sammm> ?
06:54 < Wulf> sammm: "FCS"?
06:54 < grawity> the Ethernet thing, I assume
06:56 < sammm> frame checksum i think it stands for
07:02 < sparrowsword> how can i this kind of info? (latency) from a proxy server to a website/ip? example: Reply from 8.8.8.8: bytes=32 time=108ms TTL=57 (ping)
07:04 < linux_probe> think i;d dtart by looking for a duplex missmatch
07:04 <+pppingme> ping it from the proxy server
07:05 < linux_probe> if no duplex missmatch, suspect cabling, nic or major noise issue :)
07:06 < sparrowsword> +ppingme: how?
07:07 < sparrowsword> tried curling, but it didnt work
07:07 < sparrowsword> using socks5
07:08 < sparrowsword> doesnt ping use icmp and not ports?
07:08 < linux_probe> the above was at sammm
07:13 < sammm> thanks linux_probe
07:14 < sparrowsword> anyone?
07:54 < zeldafan78> I'm getting worried now. I thought that there would be numerous Mailgun alternatives, and I had envisioned making individual provider files for each of them, but now that I really look into it, all the supposed/listed alternatives (that is, a service which lets me send and receive e-mail by paying them and all I want them to do is handle the act of actually sending and receiving and not use any of their custom/vendor-lock-in bullshit) seem to
07:54 < zeldafan78> have even worse (if possible) API documentation, seemingly entirely ignoring the concept of "events" or "incoming e-mails". This is really weird.
08:19 < brahmana> Hi all..
08:20 < zeldafan78> No replies at all?
08:20 < brahmana> I am sending a HTTP POST request in my Ruby program. The Content-Length is : 12026283 bytes. On the client side I am getting an EPIPE error where as the server seems to have gotten the data.
08:21 < brahmana> This is on an Ubuntu server.
08:21 < brahmana> What could possibly cause the client to get an EPIPE while the server seems to have gotten all the data?
08:23 < brahmana> Correct me if Ia m wrong here, EPIPE would be raised in this case when the client is still trying to write the data while the server has already closed it.
08:26 < GodOfSea> hii
08:27 < GodOfSea> is there a way to run a service that takes a look at the logs and whenever there's a 500 Internal error it sends an email ?
08:29 < brahmana> GodOfSea: What language / framework is the server code in?
08:31 < brahmana> I believe there are several paid services available to do that kind of alerting. If you however want to roll out your own (which I would recommend against), you can definitely write a program to watch the log file and send an email when the contents match the pattern you are looking for.
08:32 < detha> GodOfSea: many ways. from tail -f $logfile | perl -ne 'if / 500 / { ...sendmail... }' to large rsyslog/ELK setups
08:32 < squ> a simple perl script would do
08:33 < brahmana> GodOfSea: Apart from paid services, there are libraries / tools which do the same. You can set them up. As detha mentioned, an  ELK setup will do this and a lot more also.
08:33 < squ> brahmana: go away
08:34 < brahmana> squ: ??
08:34 < GodOfSea> i am using apache as the web server and the application is flask
08:35 < GodOfSea> detha: brahmana squ .
08:35 < GodOfSea> brahmana: paid seriously ?
08:35 < squ> service
08:35 < squ> :)
08:36 < GodOfSea> :P
08:36 < squ> :)
08:36 < squ> :)
08:36 < sammm> set up nagios or something
08:36 < detha> GodOfSea: there are service that you send your logs to, define conditions in some control panel, and they will do the alerting/matching for you yes
08:36 < sammm> otherwise, just tail -f | awk
08:36 < sammm> and whack that into sendmail
08:36 < sammm> as detha said
08:37 < squ> there is a little problem
08:37 < GodOfSea> Thats doable
08:37 < squ> server restart :)
08:37 < sammm> why's that an issue?
08:37 < squ> has to relaunch script
08:38 < squ> and avoid repeated emails
08:38 < detha> squ: don't joke. we had '0 1 * * * root /sbin/service tomcat6 restart' for a long time, because the stupid jvm had memory leaks :p
08:38 < sammm> just never restart lol
08:38 < GodOfSea> I dont really like this idea of sending logs in mail but dev wants it
08:39 < squ> why not
08:39 < GodOfSea> too many emails
08:39 < GodOfSea> :P
08:40 < GodOfSea> I will setup nagios when I setup VPC
08:40 < detha> So don't spend too much effort/money on it, dev will get sick of it after a month and ask for it to be switched off
08:40 < kerframil> not if you use something that maintains a configurable message queue and supports message de-duplication ... such as tenshi
08:41 < GodOfSea> We are open source , so We dont have funds to pay for anything yet
08:41 < GodOfSea> And yeah We could use a sysadmin , right now I am the only one
08:41 < GodOfSea> Take a look openapprentice.org
08:42 < zeldafan78> I thought that there would be numerous Mailgun alternatives, and I had envisioned making individual provider files for each of them, but now that I really look into it, all the supposed/listed alternatives (that is, a service which lets me send and receive e-mail by paying them and all I want them to do is handle the act of actually sending and receiving and not use any of their custom/vendor-lock-in bullshit) seem to have even worse (if
08:42 < zeldafan78> possible) API documentation, seemingly entirely ignoring the concept of "events" or "incoming e-mails". What gives? Got some proper recommendations?
08:43 < squ> I think I've read it
08:43 < GodOfSea> squ: you talking to me ?
08:43 < squ> no
08:44 < GodOfSea> ok :)
09:13 < zeldafan78> Well? Help??
09:15 < squ> too much text
09:16 < squ> make it short, or ask in parts
09:38 < Atro> i need a stupid check
09:39 < Atro> in what circumstances does a source mac address change?
09:39 < Atro> src ip and dst ip never change
09:39 < Atro> but i know the mac does
09:39 < detha> when a packet goes through a router?
09:39 < ellyacht> tell me how I can setup a secure network when I'm being spied on for having literature and was just in a live session of tails on my laptop not connected to any sort of internet and yet my systems clock was synchronized
09:40 < Atro> detha: yes but i need more specific than that
09:40 < Atro> is it just switching?
09:41 < detha> if a packet is forwarded by a bridge, src mac stays the same. if it is forwarded by a router, src mac changes to the egress interface of the router
09:42 < Atro> forwarded by a router usually means beyond the l2 domain
09:42 < Atro> obviously
09:42 < Atro> thanks detha
10:03 < IamTrying> https://mxtoolbox.com/blacklists.aspx - I see my domain name is there blacklisted. Is there a way to resolve it?
10:09 < IamTrying> spamsources.fabel.dk dev.null.dk shows my ip is blacklisted. how do you un-blacklist?
10:10 < jacekowski> IamTrying: look for the blacklist owner and removal procedure
10:10 < IamTrying> OK thank you. jacekowski
10:11 < IamTrying> jacekowski: this is a ghost owner, now site showing but like ghost: dev.null.dk
10:11 < IamTrying> This is OK https://www.spamsources.fabel.dk/
10:13 < jacekowski> IamTrying: it's the same black list
10:13 < jacekowski> IamTrying: just different servers hosting it
10:14 < IamTrying> OK - i can request at https://www.spamsources.fabel.dk/ thank you jacekowski
10:14 < jacekowski> IamTrying: so if you get removed from the first one you should disappear from the other one as well
10:14 < IamTrying> OK
10:14 < Maarten> IamTrying, https://www.spamsources.fabel.dk/delist :) - note that this doesn't mean you are off of all blacklists, just that one....
10:16 < IamTrying> How do i get into a blacklist? We send email using Sendgrid or Mandrill always, where our reputation is high for 11 years
10:16 < Maarten> IamTrying, just in case, check here: https://mxtoolbox.com/blacklists.aspx - it checks against a 100 or so lists....
10:16 < IamTrying> https://mxtoolbox.com/blacklists.aspx - here i am blacklisted
10:17 < Maarten> IamTrying, could be something as simple as an infected laptop hiding behind the same IP that your mail flow goes through. (Typically, its not a good idea to have users internet traffic flow through the same IP as your SMTP server port, if you have multiple statics award one solely to mail)
10:19 < IamTrying> Maarten: My colleague from Greece does mailing of our company. My partner writers email to enterprises about business deal, I do technical support via email all of us we use Sendgrid/Mandrill SMTP to keep reputation high. Recently got blacklisted. So some of our computer might be infected you guess?
10:20 < jacekowski> sending mass mailings will get you on a blacklist sooner or later
10:21 < Maarten> Could be ONE possible cause, yes.... could also be that your partner's emails have been sent out to thousands and reported by too many people as "spam".
10:22 <+xand> IamTrying: or nobody wants your shit
10:22 <+xand> I mean
10:22 <+xand> your "business deal emails"
10:23 < jacekowski> there is plenty of spam trap emails around
10:23 < jacekowski> if you send even one email to one of those, you get blacklisted instantly
10:23 < jacekowski> no questions asked
10:26 < IamTrying> https://paste.ubuntu.com/p/zpXGtJnHXv/ - this is what i am suggesting to my team make sense? jacekowski, Maarten?
10:26 < IamTrying> xand: i agree. but we send only people who agree to receive we have GDRP law here.
10:29 < Maarten> IamTrying, most business have some form of anti-spam solution for their email..... there could be something in those "business deal" emails that triggers such an anti-spam solution, and depending on how strict it is configured, it may automatically report all incoming email that IS detected as spam.
10:32 < IamTrying> OK - it must be one of our team member who did not followed my instruction of using Mandrill/SMTP instead of local internet supplier. Making sense thanks Maarten
10:48 < Phil-Work> has anyone ever worked for/with SCC in the UK?
11:31 < regdude> anyone familiar with bridge fake routing table? Maybe someone can explain the actual need for it?
11:31 < regdude> fake_rtable
12:06 <+catphish> why would dig return an ip but host not?
12:06 <+catphish> go home linux, you're drunk: https://paste.ubuntu.com/p/8qBKKx2HGH/
12:06 < detha> broken nsswitch.conf?
12:07 <+catphish> it works now apart from that weird output from host, i guess a cache somewhere
12:08 < Hfuy> Hello.
12:09 < Hfuy> I've set up an auto-forward from a gmail account to a yahoo account, so I can get all my email in one place. Problem is, Yahoo are rejecting it as "Message not accepted for policy reasons," according to an error response I get back at gmail.
12:09 < Hfuy> Presumably they're assuming the auto forward is spam for some reason. Any idea how I could solve this?
12:10 <+catphish> Hfuy: basically you can't :(
12:10 < Hfuy> Pah. What a pain in the cornhole.
12:10 < Hfuy> I wonder if there's a way I can IMAP/POP for similar results.
12:11 < Hfuy> Even be able to send gmail from the yahoo UI.
12:11 <+catphish> email forwarding is permanently broken by things like dmarc, because google are essentially sending an email but pretending it's from someone else
12:11 < Hfuy> Yes I got that impression.
12:11 <+catphish> also, who would choose Yahoo! Mail as their main email account
12:11 < Hfuy> It's rather like the way that FTP is now basically unusable.
12:11 <+catphish> abuse has basically meant email forwarding is no longer viable
12:12 < Hfuy> It's even a pain to set up windows file and print sharing these days, everything's so locked down.
12:12 < Hfuy> Gah, computing was more fun in 1998.
12:12 <+catphish> nah, there was no reddit
12:13 < detha> you say that like it is a bad thing
12:13 <+catphish> it is
12:14 < Hfuy> Apparently I can POP in to gmail.
12:14 < detha> there was usenet. which was the same thing, without the annoying interface and ads
12:15 < Hfuy> But can I POP out of Yahoo...
12:15 < Hfuy> god this is a ridiculous pain
12:22 <+xand> lol yahoo
12:23 < Hfuy> I've been using it since they bought Rocketmail.
12:23 < Hfuy> Yes, that long.
12:23 < Hfuy> In fact I've been using it since before they bought Rocketmail, because I originally signed up to Rocketmail.
12:23 < squ> I couldn't login to gmail without my phone
12:24 < squ> thinking about switching to another service
12:24 <+xand> because of 2fa?
12:24 < squ> (gmail 2-step verification is off, and I never provided it with my phone number, registered when it was beta)
12:24 <+catphish> one of the rubber feet of my keyboard has melted onto my desk :(
12:25 < squ> now I have this situation when I can't sign in with password
12:27 < squ> imagine that
12:27 < squ> can't read your own mail
12:32 < Hfuy> I know what you mean
12:34 < detha> I thought that was yahoo. I had a yahoo email account once, now it won't let me log in any more unless I give it a phone number. No way, and no big loss.
12:35 <+xand> my email is self-hosted
12:35 < squ> xand: I think this is solution
12:35 < Hfuy> I travel quite a bit, so it's nice to have something I can log into from anywhere without going through the whole pop/imap nightmare each time.
12:35 < detha> so is mine. but for use on usenet, yahoo was fine
12:36 < detha> Hfuy: self-host, and set up squirrelmail or so for web access
12:36 < Hfuy> Or just keep using yahoo, which is... fine?
12:36 <+xand> or not
12:36 < Hfuy> there's no way I'm going to go to all that screwing around just to achieve exactly what I have now.
12:36 <+xand> I just IMAP from my phone or thunderbird
12:37 < squ> gandi.net 0.42€ / month for additional mailboxes, 5 by default
12:37 < squ> 50 gb mailbox €2.12 / month
12:37 < Hfuy> the only thing I wish yahoo had that I can't find is the ability to load pop/imap mail from gmail
12:37 < Hfuy> but today is the first time I've ever needed it
12:38 < Hfuy> And I don't really need it. I just have a client who wants people to think I'm their employee.
12:38 < Hfuy> Frankly, fuckem.
13:10 < rhineheart_m> Hello there. Is there a network tool that looks like a cellphone with lan port and wifi capable to check ip address?
13:10 < regdude> is there something that tells the upstream switch not to send traffic to a certain multicast group? Or is it simly IGMP Querier?
13:11 < rhineheart_m> With a diagnostics like ping...
13:11 < regdude> how about an Android with Ethernet adapter?
13:12 < rhineheart_m> I tried searching in the internet...but I only found softwares or apps.
13:12 < rhineheart_m> Oh, yes!
13:12 < rhineheart_m> Or perhaps.. .ethernet adapter for android?
13:12 < regdude> you can a terminal emulator, that  has ping
13:13 < regdude> nmap also seems to exist on Android
13:13 < Hfuy> Is it me or is IP networking basically a cluster!"$% that would never be designed the way it is, if we designed it now?
13:13 < regdude> there was this Kali Linux based Android for Nexus tablets, NetCat... something like that
13:13 < Hfuy> It was never designed to do what it's now being asked to do and as a result it's sort of grown and expanded into a horrifically complicated multilayer mess.
13:14 < regdude> its fine
13:14 < Kryczek> rhineheart_m: check IP address of what?
13:14 < regdude> probably if host is alive
13:14 < rhineheart_m> Yes
13:15 < rhineheart_m> Host is alive.
13:15 < Hfuy> Also - holy crap, there's a 32-inch 8K monitor on its way to me :D
13:15 < rhineheart_m> For field workd
13:15 < rhineheart_m> *works...
13:16 < rhineheart_m> Like checking of you are getting a dhcp lease from a particular lan segment.
13:16 < Kryczek> I was going to suggest a Raspberry Pi but in this case yeah smartphone is probably best
13:16 < rhineheart_m> Bringing a laptop is very hassle and takes time to use.
13:31 < _90> https://imgur.com/a/gqFExjM , what to do ?
13:33 < n3t> Read unread mails.
13:34 < Kryczek> _90: is that root shell really in a HTTP tab?
13:37 < Kryczek> I hope that address is really a host-only interface with a typo and not 172-0-101-1.lightspeed.stlsmo.sbcglobal.net.
13:40 < _90> its running inside docker-machine with container of tomcat and java applications
14:00 < maroloccio> Hi. Which book does this channel recommend on Linux networking, specifically routing, please?
14:02 < The_Shadows> book?
14:04 < djph> tanenbaum is the goto ... but "set up a linux router" is pretty much "two NICs, and enabling 'net.ipv4.ip_forward=1' in /etc/sysctl.conf"
14:05 < Dagger> that will only get you v4 :/
14:05 <+xand> crustyyyyyyy
14:06 < djph> Dagger: ... oops "... netipv4[...] and net.ipv6.conf.all.forwarding=1"
14:06 < djph> xand: #dealwithit :D
14:06 < maroloccio> djph: Tanenbaum's Computer Networks, 5th Edition?
14:07 < djph> think that's the one
14:07 < djph> but, that's the basic goto "networking book" recommended here - and it's not necessarily very specific on any one topic.
14:08 < maroloccio> Sounds good.
14:19 < maroloccio> djph: Thank you. Ordered.
14:44 < WebertRLZ> Hello, i'm looking for some direction on setting up a multi failover IP system
14:45 < WebertRLZ> I guess my best shot is to use keepalived, but I need it to work with 2 floating IP addresses, one on each node so both nodes will receive internet traffic (DNS round-robin)
14:46 < grawity> configure two VRRP instances with different VRIDs and opposite priorities?
14:47 < grawity> like host A has higher priority for instance 1 (address 1), but lower for address 2
14:48 < WebertRLZ> and the opposite on host B, right?
14:48 < grawity> yes
14:50 < WebertRLZ> Thanks grawity I'll try to follow that path :)
15:19 < ouemt> anyone ever played with one of the little TP Link smart switches?
15:20 < MikeSeth> by little do you mean 8 port ones?
15:20 < ouemt> MikeSeth: 5 in this case
15:21 < ouemt> it's a TL-SG105E
15:22 < MikeSeth> that's some unmanaged garbage
15:22 < MikeSeth> wait what
15:22 < ouemt> yeah, but it claims to have a web interface
15:22 < MikeSeth> > ntelligent management via a web user interface and downloadable utility
15:22 < ouemt> yeah
15:22 < MikeSeth> i dont even
15:23 < ouemt> and now you know why I'm here and very confused
15:23 < ouemt> lol
15:23 < MikeSeth> it has VLAN and LAG support it's clearly managed
15:23 < ouemt> it appears to be running a web server, but only serves a blank page
15:24 < ouemt> it won't pull an ip from my dhcp server, I had to hook up a laptop directly and manually set the ip/subnet on the laptop to match
15:24 < MikeSeth> > First of all, check the model of your switch to verify it is web-manageable. Until now, only TP-Link Easy Smart/Unmanaged Pro/Smart/Managed switches are web-manageable.
15:25 < MikeSeth> I always thought tplink was garbage but this really takes the cake
15:26 < ouemt> I'm actually just amused at this point
15:26 < ouemt> I've been using this thing forever as a dumb switch because I needed a few more ports and didn't care (it's at home)
15:27 < ouemt> working on upgrading my home network, updating my diagram and adding model numbers to things, and noticed "Smart" on the front and decided to investigate
15:32 < UncleDrax> Network hardware branding is the same as in many things.. (typical of personal ads for example).. if they have to tell you it's something on the front, it's not that thing at all.
15:32 < UncleDrax> ie: "Smart" switch
15:32 < tbcsj> What about smartphones?
15:32 < UncleDrax> not smart
15:32 < tbcsj> They're pretty smart
15:33 < tbcsj> Or is that the exception that proves the rule
15:33 <+xand> smart means they look nice innit
15:33 < UncleDrax> how are they smart?
15:34 < ouemt> ugghhh... They offer free "managment" software for the unmanaged switch, but it's windows only, and I'm a linux guy. Currently trying to figure out how to convince windows that it really does have only the static IP I'm telling it to have
15:35 <+xand> ewww
15:35 < tbcsj> The textbook answer would be: "using a built-in microprocessor for automatic operation, for processing of data, or for achieving greater versatility"
15:35 < regdude> a smart switch is simply a switch that forwards a packet only to the port where a learned MAC address is located at, does not have to be managed or any other mandatory feature
15:36 < tbcsj> But my answer would be: The current prices of smartphones, really smarts
15:36 < tbcsj> lol
15:36 <+xand> regdude: all switches do that.
15:36 < UncleDrax> nah, i'm using Smart as in the defination of 'intelligence/acumen'.
15:36 < tbcsj> I know
15:37 <+xand> that is what distinguishes them from hubs.
15:37 < tbcsj> I'm being obtuse
15:37 < regdude> of corse, a switch that does not have mac learning is a hub, but when  you start buying devices from unknown brands, you can see not only that
15:37 < UncleDrax> regdude: as xand said, that's the defination of a Switch. a Switch is a switch (an L2 forwarding device) a Hub is a hub (an L1 forwarding device)
15:38 < UncleDrax> in netwokring terms, 'smart' usually translates into 'managable'
15:38 < UncleDrax> and usually having featuresets beyond simple bridging
15:39 <+xand> there are some terrible managed ones though yes :(
15:39 < UncleDrax> but really my gripe with 'Smart Switches' is the ones I've encountered usually have some crap-ass WebUI built on top and rename simple things into weird obtuse naming.
15:40 < UncleDrax> like.. make me tick 10 boxes on 4 pages to accomplish the same work as 'switchport mode trunk' or something
15:40 < ouemt> ok, seriously, how do you get windows to not self assign a 169.254.x.x address?
15:40 < UncleDrax> ouemt: give it a real IP.. either statically or DHCP. or disable the NIC.
15:40 < ouemt> I manually set the ip/subnet and when I look at the IPs in powershell it has the one I set and the 169.254
15:40 < UncleDrax> or you want it to default to have no IP if it's can't DHCP?
15:41 < ouemt> UncleDrax: I'm trying to set a manual IP on the same subnet as this "smart" switch so I can try and talk to it's "management" interface
15:41 < ouemt> their software scans whatever subnet it thinks your computer has (no configuration settings available)
15:41 < UncleDrax> I suppose the 'Smart' in 'SmartSwitch' defers to the defination of 'Smart, noun. mental pain or suffering."
15:42 < ouemt> so I manually set 192.168.0.2/24
15:42 < ouemt> yeah, that
15:42 < ouemt> and that sticks, but windows then assigns a 169.254.x.x on top of it
15:43 < ouemt> so the software is scanning the 169.254.x.x subnet, but not 192.168.0.2/24
15:43 < UncleDrax> ya i got no idea.. fortunately never had to muck about in windows enough to force that.. I've never seen that personally.
15:43 < ouemt> I wish WSL had access to the network settings
15:44 < zotune_> netsh interface portproxy add v4tov4 listenport=80 listenaddress=127.0.0.50 connectport=8091 connectaddress=0.0.0.0 <--- listen address can only be on same subnet. is it possible to make it so that it can be anything?
15:45 < nostrora> Hi, what do you think about ipv6 for LAN ? (home network). this is useless ?
15:46 < Dagger> nostrora: is the LAN connected to the internet?
15:46 < Phil-Work> it's useless without an IPv6 WAN
15:46 <+xand> the current version of IP is not useless
15:46 < nostrora> i have ipv6 wan
15:46 < ouemt> my ISP doesn't support ipv6
15:46 < Phil-Work> nostrora, then it's a worthwhile exercise
15:47 < Dagger> if it's part of the internet then it needs v6, like all the other parts of the internet do
15:47 < Phil-Work> but you'll still need to dual stack
15:47 < compdoc> I just got ipv6 working perfectly for the first time
15:47 < nostrora> i mean, all my computer need an ipv6 address ? or only my router
15:47 < Phil-Work> nostrora, all your computers
15:47 < Dagger> all your computers
15:48 < nostrora> Alright, thanks all :)
15:48 < Phil-Work> with IPv6, each device (usually) has a public IP address
15:48 < nostrora> Phil-Work: like before ? without NAT ?
15:48 < Phil-Work> right, no NAT
15:48 < nostrora> it isn't stupid ? :o
15:48 < nostrora> even if there's a lot of ipv6...
15:49 < Dagger> why would it be stupid?
15:49 < Phil-Work> not at the moment
15:49 < Phil-Work> but they said that with IPv4
15:49 < Dagger> using NAT when you don't need to would be the stupid thing
15:49 < nostrora> because we repeat the same pattern of the time with ipv4 and we found ourselves out of address (so creation of NAT)
15:49 < nostrora> ok :)
15:49 < compdoc> exposing your network is stupid
15:50 < Dagger> if you think we're going to run out of v6 in the way we ran out of v4, then you haven't quite gotten your head around how big 2^128 is
15:50 < Dagger> it's not like it's 4x bigger than 2^32. it's rather a lot bigger than that
15:51 < Phil-Work> it does often feel like mistakes with ipv4 allocation weren't learned from
15:51 < nostrora> when ipv4 was created, we never thought we'd get past it.
15:51 < Dagger> they were
15:51 < Phil-Work> appreciate there's a lot of addresses, but they are massively over allocated
15:51 < Dagger> you don't see anybody getting 1/256th of the total v6 space, do you?
15:52 < Phil-Work> right
15:52 < Phil-Work> RIPE gave us a /29 without any justification
15:52 < nostrora> with virtualization of interfaces, micro-services etc.
15:52 < Phil-Work> barely need more than a couple of /48
15:52 < weq> 2^32 = 4,294,967,296 vs 2^128 = 340,282,366,920,938,463,463,374,607,431,768,211,456
15:52 < Dagger> compdoc: yes... but you don't need NAT to avoid that. a firewall does the job
15:52 < UncleDrax> Dagger: nah I think we will exhaust v6. will it be in MY lifetime? prob not. but it's a finite resource and should buy us decades of time to figure out a work around.
15:52 < nostrora> Anyway.. :p thank
15:52 < Dagger> compdoc: in fact you need the firewall even with NAT anyway, so NAT doesn't help on that front
15:53 < Dagger> Phil-Work: and now RIPE won't need to give you any more space for ages
15:53 < compdoc> Dagger, my problem is I understand how nat helps, but dont know everything about ipv6
15:53 < Phil-Work> I hope ages means ever
15:54 < nostrora> ok
15:54 < Phil-Work> I'll be surprised if we could use half a million /48s
15:55 < UncleDrax> I'm sure network admins in the 70s thought the same thing
15:55 < Phil-Work> UncleDrax, this is my point
15:55 < Dagger> compdoc: NAT doesn't really help though. any inbound connections which were possible before you started NATing your outbound connections will still be possible after you start NATing your outbound connections
15:55 < nostrora> exactly... and this is exactly what i mean before
15:56 < Phil-Work> it's like nobody learned the lessons
15:56 < Dagger> if you want to block all inbound connections, you need to use a firewall
15:56 < Dagger> we *did* learn the lessons
15:56 < UncleDrax> but ya.. IPv6 adoption will make people learn to use Firewalls more correctly ;]
15:56 < Dagger> in v4, we allocated /8s to companies. we're not allocating /8s in v6
15:56 < nostrora> UncleDrax: like what ?
15:57 < UncleDrax> ?
15:57 < nostrora> UncleDrax: use firewalls more correctly ?
15:57 < UncleDrax> yes
15:58 < nostrora> UncleDrax: i'm using opnsense
15:58 < UncleDrax> nah I just mean people will have to think about Firewalls to obscure thier LAN-segments.. vs 'trusting' NAT to do that
15:59 < UncleDrax> which requires a bit more thought
15:59 < Dagger> talking in v4-equivalent terms, the standard ISP allocation in v6 is equivlant to 1 v4 IP. the standard end customer allocation is like one *port* of an IP address
16:00 < Dagger> ISPs can expand up to 8 IPs without much justification, and can go up to about 1024 IPs if they're big (maybe 8192 or so for the truely huge ISPs)
16:01 < Dagger> those allocations are nowhere similiar in size to the ones we do in v4 currently
16:02 < Dagger> plus there's a backup plan (five unused /3s) even if we did somehow allocate the whole of the first /3
16:02 < Phil-Work> the problem with v4 allocation was that nobody expected there to be so many devices online
16:02 < Phil-Work> the number of devices we have online now is, I'm sure, tiny as compared to what will be online in 20 or 50 years time
16:03 < nostrora> Phil-Work: +1
16:03 < Dagger> yeah, note that the allocations I was talking about cover *huge* networks each
16:03 < UncleDrax> you really can't think of space usage the same in v4 & v6.. tbh it was hard for me to stop going 'but.. but.. wasted space!' in v6. you allocate by what is sane organizationally. Mom & Pop with 2 computers orders v6 service? they get a /48. Large local govt org orders v6? they get a /48.
16:04 < Phil-Work> I'd not be surprised if every electrical device in your house, every streetlamp across the world, even every wristwatch will have an IP
16:04 < Dagger> you could increase the number of active devices on every single network by a factor of a trillion and you wouldn't need to give anybody bigger allocations at all
16:04 < UncleDrax> i'm sad you limit it to every electrical device.
16:05 < UncleDrax> pretty sure people will at some point include little battery powered ipv6-capable tracking things.. like NFC-type things sooner or later
16:06 < UncleDrax> heck it wasn't that long ago a 2-device Point-to-Point in v6 was recommended to use a full /64 iirc
16:07 < UncleDrax> (thank fsck that went away)
16:07 < Dagger> v6 allocations are based on number of networks, not number of devices, so they scale better with increased numbers of devices
16:07 < Dagger> tl;dr no we're not going to run out of v6 in 50 years, for multiple reasons
16:07 < UncleDrax> ya it's not a thing anyone should be worried about now.. except maybe some IEEE types
16:07 < Phil-Work> I guess that depends what a network is, in 50 years time
16:08 < Phil-Work> I would anticipate there being vastly more smaller networks vs the few large ones that exist now
16:09 < UncleDrax> I would say I eagerly await a highly-fractured IPv6 routing table.. but I won't be working in this field by then so 'not my problem' :]
16:10 < ouemt> this is what I get for trying to teach myself a little more about networking... lol
16:11 < UncleDrax> don't do it! go do something real with your hands. be a baker. feed people. make them happy.
16:11 < ouemt> UncleDrax: I'm a scientist, so it's far too late for that
16:11 < UncleDrax> it's too late for many of us. save yourself
16:12 < bezaban> baking is part chemistry
16:12 < UncleDrax> "part"? pretty sure it's all
16:12 < UncleDrax> it's just practical
16:13 < Phil-Work> UncleDrax, you mean a large IPv6 DFZ?
16:14 < Phil-Work> I don't see that happening unless someone finds something better/more secure than BGP
16:14 < Phil-Work> it's a pain in the arse as it is, with only (relatively) few ASs
16:14 < UncleDrax> nah.. never underestimate the power of the 2 greatest words in the English language. 'De' and 'Fault'. (since it's what we're doing in v4 and it already work in v6)
16:15 < Phil-Work> you lost me
16:15 < UncleDrax> i'm just sorta rambling.. haven't had breakfest yet. soz
16:15 < Phil-Work> lol
16:17 < UncleDrax> I'm also a little confused about the way I'm doing a thing for work that was essentially deligated to me. but the guy that was working on it is out today
16:18 < UncleDrax> 'need more 10G in rack.. I was going to use this switch'.. (that has only 4x 10G ports... when I got some higher density 10G things in the closet)
16:21 < UncleDrax> ok mystery solved. needed MM.. blech
16:24 < iateadonut> i have a site hosted on an aws ec2 instance and i do an 'ab' test on it from the server itself, and that comes back with GREATER times than when i do an 'ab' test from another server.  what could cause that?
16:25 < Aeso> iateadonut, CPU load, probably
16:26 < fryguy> iateadonut: what is different with server metrics in each case (cpu/memory/disk)
16:44 < Barones> Hi, what would be signaling in the physical layer? I think I'm miss understanding coding and signaling
16:45 < tbcsj> Barones: NRZ, Manchester
16:45 < tbcsj> etc
16:45 < tbcsj> Coding is how the data is sent across the wire
16:45 < tbcsj> Signalling is "setup" or non-data data
16:46 < tbcsj> If that makes sense
16:46 < tbcsj> >Barones: NRZ, Manchester - sorry that's coding
16:48 < tbcsj> An example of signalling could be start/stop bits
16:48 < tbcsj> e.g. serial TTY can use stop bits
16:48 < ||cw> as simple signaling example would be the RTS and CTS lines on rs232
16:49 < ||cw> wouldn't stop bits be part of the coding?
16:49 < tbcsj> Yeah that's true
16:49 < Barones> hmm, signaling is the indication precedent an event
16:50 < Barones> is not related to convert digital data to digital signal or anything like that
16:57 < Barones> thanks, I think thats it, I was assuming signaling was coding
17:11 < LunaLovegood> How do I set a qdisc to run after another qdisc on the same interfece?  I want packets to pass through Codel first, and then TBF for rate limiting.
17:12 < LunaLovegood> Because if I use Codel alone, it will only see the GbE interface and not the 50mbps upload limit on my modem.
17:12 < screwsss> hey
17:13 < screwsss> hows everyone
17:13 < screwsss> i was wondering, can i call up my ISP and ask them to give me a new external IP addresS?
17:13 < LunaLovegood> Or if ther's another way to rate limit Codel that would work too.
17:14 < compdoc> screwsss, not likely, but try it. how about just turning off their modem a day or so?
17:27 < djph> why do you want a different IP?
17:44 < mcdnl> screwsss: your ip is dynamic. reboot your router and you  will probably get a new one
17:44 < mcdnl> or as you've been told, shut it down for some time to let the lease expire and try again later
17:44 < ouemt> ok, I'm just confused now... I can ping the switch, see that it's running a webserver, but it won't give me a login page and their utility won't find it
17:45 < djph> ouemt: what switch?
17:45 < ouemt> djph: shitty little tplink TL-SG105E
17:46 < djph> set it on fire and throw it out the window :)
17:46 < ouemt> lol
17:46 < ouemt> it was windows firewall
17:46 < djph> not that that invalidates my solution.
17:47 < ouemt> this entire experience has reaffirmed my feelings that "windows is only for gaming"
17:47 <+xand> ouemt: correct.
17:47 <+xand> and only for those games that people haven't compiled for linux :(
17:47 < superkuh> ouemt, ah, yes, those things.
17:47 < superkuh> You gotta send it some stupid udp stuff using their java program.
17:48 < superkuh> They intentionally borked and obfuscated the webserver.
17:48 < ouemt> yeah
17:48 < ouemt> also: why in the world would dhcp client be disabled by default?
17:48 < ouemt> I've had this thing for about a year and just noticed the word "smart" on the front of it and decided to investigate
17:48 < UncleDrax> signaling at Layer1 would be like Ethernet's Preamble or the Start Frame Delimiter signal
17:48 < UncleDrax> but i guess that convo closed
17:49 < superkuh> http://tplinuxer.blogspot.com/ http://www.file-upload.net/download-10844883/Easy-Smart-Configuration-Utility.tar.gz.html https://www.shredzone.de/cilla/page/383/setting-up-tp-link-tl-sg108e-with-linux.html
17:49 < ouemt> at a minimum I need to change the default password
17:49 < djph> UncleDrax: um, I think that's still L2
17:49 < ouemt> superkuh: yeah, I'm hooked up to it now
17:49 < superkuh> Yep, that's why ... ah okay.
17:49 < ouemt> I had all the pieces but didn't think to check windows firewall
17:50 < superkuh> I basically just set the default pass on my TL-SG108E then left it for dead. The VLAN support it "has" doesn't even block users from sending ARP from vlan to vlan.
17:51 < mcdnl> xand: right now opengl cant beat d3d and vulkan it's not that common
17:52 < ouemt> superkuh: lol
17:52 < ouemt> the point of this is to figure out what I should buy to replace some of this with
17:52 < mcdnl> what
17:52 < ouemt> I'm transition from pure consumer hardware to prosumer/enterprise slowly
17:52 < mcdnl> superkuh: explain "send arp from vlan to vlan"
17:54 < superkuh> I mean someone going through one VLAN with these things can send ARP packets to do poisoning attacks on clients on another VLAN.
17:54 < skyroveRR> Hiya superkuh
17:54 < mcdnl> they're different broadcast domains
17:54 < mcdnl> that makes no sense
17:54 < superkuh> TP-Link "We just don't make sense."
17:55 < skyroveRR> superkuh: so, does your "say" function in your web page invoke a CGI script of some sort?
17:56 < skyroveRR> superkuh: I like your "say" function, would like to know how you've implemented it.
17:56 < superkuh> I wrote a perl script to handle it. It is not a cgi script.
17:56 < skyroveRR> Oh
17:56 < skyroveRR> Can it be done in CGI?
17:56 < superkuh> I'd prefer not to.
17:56 < skyroveRR> Mkay.
17:57 < superkuh> I just have the perl script using POE::Wheel as an event handler for tailing the logs which I parse for comments.
17:58 < superkuh> The perl script then generates and edits the required html in the proper place.
17:58 < skyroveRR> Any "simpler" way, if at all?
17:58 < superkuh> This is the simplest way.
17:58 < skyroveRR> I hate perl.
17:58 < superkuh> CGI is bloat.
17:58 < superkuh> Perl is life.
17:58 < skyroveRR> Wanna recommend a "noob" guide to perl?
17:58 < superkuh> Modern Perl by Chromatic.
17:59 < skyroveRR> PDF or hardcover?
17:59 < superkuh> Yes.
17:59 < skyroveRR> Well?
17:59 < UncleDrax> I still endup looking at my Llama book
18:00 < superkuh> Yeah, I have a real old copy of "Learning Perl".
18:00 < superkuh> My llama book hasn't been cracked in ages though.
18:01 < superkuh> It (Learning Perl) and Modern Perl (by Chromatic) would be a good start.
18:01 < UncleDrax> ya. i go long stints without having to do any real perl, then something breaks and I gotta remember how to do perl-style hashs and stuff again.. so it comes in handy
18:01 < ouemt> oh my god... symantec's firewall is blocking traffic and not logging it
18:01 < UncleDrax> but that said, haveyou already looked at: https://learn.perl.org/ ?
18:02 < skyroveRR> Well I'm trying to figure out what's best first: perl or python?
18:02 < superkuh> I don't think anyone will tell you perl these days.
18:02 < UncleDrax> if you don't know either as of today, I'd probably recommend Python.
18:02 < mcdnl> same here
18:03 < skyroveRR> Should the python site's tutorials suffice?
18:03 < tda> python, just because it's python and everyone should know a little bit of it
18:03 < UncleDrax> it's the newer hotness and there's wide support for it. most ppl think Perl is archaic. I think those people are silly, but they want thier Whitespace to mean something.. so whatever. it's just a tool - why do I care what color plasti-dip the handle has?
18:04 < superkuh> It would not by hard to implement the comment system I use in python. Just watch the logs for new lines, check for a @say or whatever, pull out the path and text, run the text through a santizer that only allows chars matching a safe set, then generate the html at path.
18:04 < tda> the whitespacing is what i don't like about python, but at least it's not as insane as yaml
18:07 < E1ephant> fk yaml
18:07 < UncleDrax> my only 2 gripes about Python (I haven't done that much in it), is the whitespace thing (i like my semicolons tyvm!), and that it seems ppl don't want to migrate/port to py3 still (so sometimes you have to adapt scripts from 2.x -> 3.x ). All said and done those are very minor and don't stop me from the couple times I need to use it
18:09  * superkuh daydreams about a world where Perl 6 never stumbled into existence and perl dominance continued throughout the 2000s.
18:09 < E1ephant> gross
18:09  * E1ephant pukes uncontrollably
18:10 < superkuh> And yet here we are with something even worse: JS/ES.
18:10 < E1ephant> a good carpenter doesn't blame their tools
18:11 < ouemt> I cannot for the life of me figure out what this device on my network is. I'm just going to block all traffic to and from it and see what breaks
18:12 < UncleDrax> in the modern age, most people don't care about good carpentry.. they just want a house up and some IKEA cabinets bolted in. They will move on to a new house in 3-5 years anyway so why do they care if it's of good quality?
18:12 < UncleDrax> ouemt: 'turn it off and see who complains' is sometimes what is required.
18:13 < E1ephant> https://news.ycombinator.com/item?id=2380679
18:13 < UncleDrax> ahhh. valid. i fell into that trap.
18:14 < UncleDrax> but my point about disposible code is still valid in many cases
18:14 < E1ephant> I think it's the same thing with OSes
18:15 < E1ephant> if you have a favorite, you're probably doing it wrong :)
18:15 < E1ephant> know them all, know when to use which L:)
18:15 < UncleDrax> or lack experience.. or simply don't care.
18:16 < UncleDrax> I won't spend time telling a grandmother they must try every major OS so they can pick one that works.. they just want to see baby pictures on FriendFace.
18:16 < E1ephant> yeah grandma should outsource her IT work
18:16 < E1ephant> like most people
18:17 < UncleDrax> genius. think I could make money promising to look at baby pictures for people that are too busy to do it themselves? ;]
18:17 < UncleDrax> thatmight be my retirement gig
18:17 < E1ephant> idk end user work sounds horrid
18:17 < UncleDrax> pft.. i'd automate that
18:18 < drathir> UncleDrax: isnt their school for seniors which learn pc usage ?
18:18 < UncleDrax> anyway. i gotta rack & stack
18:18 < UncleDrax> probably
18:18 < UncleDrax> hf
18:18 < E1ephant> apple seems to have done pretty well in the arena
18:19 < drathir> UncleDrax: also throw linux at least would possible remote fix things ;p
18:19 < drathir>  or just android device if not whole pc ;p
19:52 < UncleDrax> well.. i was gonna rack & stack some HW.. but that delightful H2S smell has returned and no way I'm working in there while they work on that stuff
19:54 < devilspgd> Hopefully not too off-topic, but does anyone know of a program that will accept inbound SMTP mail and write to disk without modifying the content? Adding a single Received header could be useful, but I want to avoid modifying any other headers.
19:57 < UncleDrax> did you want to process the message, or just write it to disk?
19:58 < devilspgd> Just write it to disk.
19:59 < UncleDrax> Google spit back out a search result for a 147line python script. I cannot vouch for it, but use at your own risk: https://gist.github.com/maid450/1887132
20:04 < devilspgd> We (A colleague, I think) looked at that one a couple months ago and had some issue with it although he can't recall what the problem was... Naturally the project fell on the back burner and now a couple months later it's my problem.
20:04 < devilspgd> Might look at it again though.
20:05 < UncleDrax> well really you're just accepting a TCP session, complying to some protocol stuff, and taking anything the client sends you and write it to disk.
20:06 < devilspgd> Yeah. It's the complying-to-some-protocol-stuff that can be complicated for a service that is open to the internet. Port 25 gets a lot of scans and other garbage thrown at it.
20:08 < devilspgd> Oh hmm, talking internally, we might need STARTTLS. EU GDPR fallout or something.
20:09 < qman__> socat
20:09 < qman__> It does TLS and can do whatever you want with the payload
20:10 < qman__> Not sure if it has native smtp support but you can emulate the smtp responses in a script and have socat just hand it off
20:10 < devilspgd> qman__: Interesting idea. Looks like there's some SMTP configurations already written too.
20:11 < devilspgd> Yeah. Looks promising, thanks. Hadn't thought of that.
20:11 < devilspgd> I need to read up on dotstuffing and figure out if we need to handle that, but otherwise it might be workable.
20:12 < qman__> I've got a couple http servers that are actually socat and a shell script
20:13 < devilspgd> Appreciated UncleDrax and qman__... I'll figure out just how much we "need" STARTTLS (maybe we can shunt everything over :465 or a VPN) and probably get one or the other working.
20:13 < Sout> so random lurking / bored at work on python3 is the new an improved package http://aiosmtpd.readthedocs.io/ and it supports starttls
20:13 < qman__> Probably not the best solution, but it works and i didn't have to spend time learning a new language
20:14 < devilspgd> qman__: Sometimes "it works" is Good Enough. :)
20:16 < UncleDrax> and if you're honey-potting or something (which seems to be what you're doing) often you don't need too fancy
20:16 < devilspgd> Sout: Thanks. Added to the list to investigate.
20:19 < devilspgd> We're trying to debug an intermittent problem with a third party sender, the idea being we add ourselves to their outbound list. They're doing a few things wrong, at least one of which our regular SMTP server was simply fixing while others were (arguably correctly) rejecting.
20:19 < UncleDrax> ahh gotcha
20:21 < devilspgd> This came back up the priority list because longer term, data retention policies suggest we should retain copies of outbound content (and GDPR says we shouldn't retain it too long), this vendor offers a "Store everything forever" or "Don't keep records" and that's it. So maybe we'll end up re-using this same tool, or maybe we'll just have them send to a local mailbox and we'll archive it from there.
20:21 < devilspgd> Depends how well this project works out.
20:24 < devilspgd> The vendor likely doesn't know what a RFC is and just reverse engineered the SMTP protocol and message format (poorly). Sadly we're stuck with them and really they're "okay" except for their email sending capabilities.
20:24 < devilspgd> But right now I really just want to see exactly what they're sending out, byte for byte, archiving and managing the data is a pipe dream for later.
20:27 < UncleDrax> ya... I'm sure the whole 'using a vendor that doesn't know what an RFC is' thing doesn't escape you and the boat with the 'use a different vendor' option has sailed
20:30 < fly_agaric> hello i cant complete phase 1 vpn after i changed phase 1 lifetime and encryption
20:31 <+catphish_> if you do smtp wrong you get your mail rejected, if your smtp vendor does smtp wrong you gotta hassle them to fix it
20:31 <+catphish_> :(
20:31 <+catphish_> devilspgd: was there a specific problem, i didn't read the backlog
20:33 <+catphish_> devilspgd: oh, you want to capture an smtp message, have you considered just using a packet capture?
20:37 < devilspgd> UncleDrax: Use a different vendor would be great but we're stuck as email is a minor thing that they do and the rest of the capabilities meet the business needs.
20:37 < fly_agaric> i compared Encryption Algorithm, Key Length, Hash Algorithm, Authentication Method, Life Type and Life Duration and all parameters were equal on both sides. the only different parameter in ikev1 phase 1 is Group Description
20:37 < devilspgd> They're receptive to fixing things, but we need to point them out using very short sentences.
20:38 <+catphish_> devilspgd: makes sense, can you send an email to an external address? if so it would be easy to do it that way, else maybe use a packet capture
20:38 < devilspgd> catphish_: Thought about it, but that's hard since we need to decrypt, and nothing actually passes through our network to begin with, they're cloud hosting and we don't host our own email.
20:38 <+catphish_> smtp isn't encrypted, that's what makes it easy :)
20:39 <+catphish_> i suppose it might be using opportunistic encryption, that would make it a bit harder
20:39 < devilspgd> STARTTLS adds encryption and we're not supposed to disable it, legal's position is that if encryption is possible it must be enabled. Not to say that there isn't room for forgetting that for troubleshooting purposes or something, but it's all less than ideal.
20:40 <+catphish_> i'm confused
20:40 <+catphish_> aren't we talking about outbound mail here?
20:40 <+catphish_> but yes, outbound mail may use starttls for opportunistic encryption
20:41 < devilspgd> The vendor sends email, it goes to various recipients (local via our hosted email vendor and directly to customers). Sometimes it gets rejected, and they only log the 4xx or 5xx error code (no text, none of the extended error messages, etc)
20:42 <+catphish_> well the quickest solution i can think of is you could send a test email to me, and i can tell you
20:42 < devilspgd> But it isn't outbound through our network, so ultimately my goal is just to send copies to us (they'll BCC or just add a test address as a recipient) and to see the raw message without a helpful receiving server fixing/modifying headers.
20:43 <+catphish_> there are probably plenty of mail servers that will receive and save your email, but i only know about my own, which isn't trivial to install for a quick test like this
20:43 < devilspgd> Long term it might be nice to archive all of their outbound traffic properly as their existing record keeping isn't GDPR compliant anyway, so this might be a two-birds one-stone solution, but that's a longer term problem and I don't care as much about archiving.
20:44 < devilspgd> But our archiving solution can grab the raw email dumps and ingest them automatically too and it already supports our GDPR compliant retention and deletion schemes.
20:44 <+catphish_> the most gdpr complient option is don't keep anything :)
20:46 < devilspgd> Yeah that's usually our approach. But it is useful for customer service to be able to see what we sent, when, and to forward copies on demand. They can do this with most of our systems, anything at all that passes through our own mail sending infrastructure, so it does make sense to add external senders to this same pool.
20:46 < devilspgd> I'm all about collecting and keeping as little as can be justified though.
20:47 < devilspgd> I'd love to get EU citizenship just so that the GDPR would cover me personally :)
20:47 <+catphish_> i wasn't aware citizenship had any relenance
20:47 <+catphish_> *relevance
20:47 < devilspgd> It does.
20:48 < devilspgd> I'm in Canada, the GDPR doesn't cover me dealing with a US company.
20:48 < ||cw> isn't residency, not citizenship?
20:48 < devilspgd> But as I understand it if I were a EU citizen (or resided in EU somewhere) then my interactions would be covered.
20:49 <+catphish_> devilspgd: that seems wrong to me
20:49 <+catphish_> i'd expect it to apply to anyone who is physically inside the EU
20:49 < devilspgd> My loose understanding is that it covers all EU citizens and EU residents. But I could be wrong about the citizenship coverage (definitely it covers all cases where the person OR vendor is in the EU)
20:50 <+catphish_> that's correct
20:50 <+catphish_> although of course it's nonsense to enforce where the data processor is not in the EU IMO
20:50 < devilspgd> I'm definitely not an expert on the legal edgecases, but we're not really stressing about it, we expect to be GDPR compliant for all customers.
20:51 <+catphish_> well it makes sense to be compliant, and ultimately it's not that complicated, just just need to know exactly what data you hold, and why, and be able to retrieve / delete it
20:52 < devilspgd> catphish_: Exactly. It's mostly the "Delete it" that gets complicated.
20:52 <+catphish_> yep, that's where we had the most hassle
20:52 < devilspgd> But it's a good excuse to move a lot of legacy crud forward.
20:52 <+catphish_> becuse we tend to scatter user data across so many systems
20:52 < devilspgd> But we have no way to delete a customer record that has invoices attached, this orphans the invoices in a way that causes big issues.
20:53 < devilspgd> It'll all get solved. Eventually.
20:53 <+catphish_> yeah we had to fix things like that
20:53 <+catphish_> our invoices can now be orphaned :)
20:53 <+catphish_> so, back on the topic, you want to get a copy of a raw email sent by your system?
20:53 < devilspgd> That may not be enough though, our invoices contain customer names, addresses, etc (plus the link to the customer), so the data is still there.
20:53 < ||cw> devilspgd: you can keep the customer record, you just have the delete the identifiable data and replace it with a generic ID
20:54 <+catphish_> devilspgd: if it's on an invoice, you keep it, that's easy
20:54 <+catphish_> you don't delete data from invoices, that would be mad
20:54 < devilspgd> ||cw: Sure. But if the invoice includes a PDF and the PDF contains a customer's name, then we are retaining customer data.
20:54 <+catphish_> devilspgd: yeah you can do that
20:54 <+catphish_> and in fact you should, your country very likely has a legal obligation for you to retain invoices for a period of time
20:55 < devilspgd> We can only justify keeping invoices for a certain period of time (however long tax law requires), so eventually we will need to deal with deleting old invoices too.
20:55 < ||cw> ah, right, and there's were laws collide, but cause you have to keep that pdf
20:55 <+catphish_> the laws don't collide at all, GDPR is very clear that it's perfectly fine to retain that kind of data
20:55 < ||cw> will be fun to see GDPR actually challenged in court
20:55 < devilspgd> ||cw: No real conflict, as long as we have a business need to retain records, we can. Only once there is no longer a need do we need to be prepared to honour a deletion request. Plus it's a good excuse to delete old stuff that isn't really *needed* anymore.
20:56 <+catphish_> for as long as it's legally required, or you have a legitimate interest in doing so
20:56 <+catphish_> devilspgd: actually more than that, i believe you are required to delete data when you no longer need it, even without any request being made
20:57 <+catphish_> since your legal basis for retaining the data no longer applies
20:57 < devilspgd> catphish_: At some point, yes. But at least for now, we have a legitimate need to keep all customer records as future customers are eligible for discounts based on past history... Forever.
20:58 <+catphish_> devilspgd: seems like it's probably fine, so you just need to delete it on demand after the legal obligation to keep them expires
20:58 < devilspgd> Legal says it's probably maybe good enough to put off dealing with that problem for a little while longer.
20:58 <+catphish_> seems like you know what you're doing anyway :)
20:58 <+catphish_> more than most people i talk to about GDPR :)
20:58 < devilspgd> But we're definitely working toward ditching a lot of old data as soon as we possibly can without breaking all the things.
20:58 <+catphish_> we went through all this, threw away a lot of data we no longer needed, it was great really
20:59 <+catphish_> again, back on topic
20:59 <+catphish_> do you still need to get the content of this problematic email?
20:59 < devilspgd> It's just such a mess, customer data can be anywhere. Who knows who printed something they were working on, tucked it in a filing cabinet, quit, and the new employee at that desk has never even looked in their cabinet?
20:59 < devilspgd> catphish_: Maybe. I've got a couple things on the list of things to try now.
21:00 <+catphish_> ok :)
21:01 < devilspgd> A couple python scripts that have promise. Well one does since it supports STARTTLS. And socat, which is awesome but makes my brain hurt having to implement SMTP in general (not that we need to, we need just enough to work with this one system, but then I'm complaining about them only engineering "just enough to work" too, so...)
21:01 < devilspgd> But yeah, one of the two at least should be sufficient to solve the immediate "What is wrong with their email" problem :)
21:02 <+catphish_> devilspgd: you don't need STARTTLS
21:02 <+catphish_> devilspgd: if you are sending email out to customers, they may or may not support STARTTLS, so there's really no reason your test script should
21:04 <+catphish_> obviously, you benefit from (not very secure) encryption where the recipient does support it, but your mail server will happily send the email anyway if it doesn't
21:04 < devilspgd> One of those edicts from legal: Encryption must be enabled when available and optional encryption must not be disabled. I might be erring on the side of being overly cautious, but opportunistic email encryption is literally one of the examples of things that cannot be disabled.
21:05 < devilspgd> Either way, I have a couple options that do support it, so I'll start there.
21:05 <+catphish_> devilspgd: i think perhas you misunderstand... it's enabled on the sender, but if it's not supported on the recipient server it won't be used
21:05 < javi404> Anyone have uverse?
21:06 < javi404> is it like fios, can you use your own router directly connected to ONT?
21:06 <+catphish_> so if you don't support it on your test server, it simply won't be used, it's no different from sending to random customers' email servers
21:06 < devilspgd> No I totally understand that part. But if the sender and recipient both support it, then the data would have been encrypted in transit, so I can't go sending a plain-text copy across different networks just for me.
21:07 <+catphish_> devilspgd: sure, but i assume your test email won't contain anything secret
21:08 < devilspgd> I'm not confident we'll reproduce it with a test. I'm hoping so, but the delivery issues are intermittent and we don't get full SMTP errors back because why would a tool sending email log those?
21:08 <+catphish_> lol
21:09 < devilspgd> But we're moderately confident the emails are not being constructed properly and are rejected for those grounds based on the SMTP error numbers we do get.
21:09 <+catphish_> well you probably send unencrypted emails to customers, but that doesn't help
21:10 <+catphish_> so yeah, hopefully you can set up a test server and test properly, having to put tls on it seems mad, but hopefully you can do it
21:10 < devilspgd> So if we can't find any problems with test, we're going to just BCC the raw content to us and wait until an error happens, then work with the raw message body ourselves. Best of all we can test re-delivering at that point. (Different sender IP and such, but oh well).
21:11 < devilspgd> This vendor is "interesting", but actually decent to work with in the sense that if we find and explain a problem AND exactly what they need to fix, they do it promptly.
21:15 < longxia> devilspgd: is using postfix with smtpd_tls_loglevel=4 an option? See http://www.postfix.org/postconf.5.html
22:49 < ice9> Is there a way to give higher priority to Whatsapp calls through QoS in ADSL router?
22:58 < ||cw> ice9: if the router has QoS features you can configure, sure
23:00 < ice9> ||cw, how can i define specific traffic such as Whatsapp?
23:00 < ||cw> by port or destination ip address
23:00 < ||cw> same as anything else
23:01 < ice9> i don't have such choices but things like AF1x AF2x ,etc..
23:02 < ice9> BE best effor forwarding / EF expedite forwarding
23:02 < ice9> effort*
23:02 < ||cw> that's just the priority
23:03 < ice9> yes that's all what i can configure for Qos, i can only specify percentage for each priority
23:03 < ice9> so what do you suggest?
23:05 < ||cw> there should be somewhere else to set some traffic or port to one of those priorities
23:06 < ||cw> I'd suggest reading the owners manual
23:07 < ice9> it's an old router without much options so i can't do that
23:08 < ice9> ohh i found traffic mapping!
23:08 < UncleDrax> are you sure? many many many manuals get archived online. some even offically and on the vendors website
23:08 < ice9> i can define rules
23:14 < jana> Hi, I was wondering if someone would be kind enough to help me debug a networking issue I have. I purchased a pair of DIRECTV DECA Ethernet to Coax adapters in order to gain full duplex 100Mb/s Ethernet to a HTPC I have which to playback full Blu-ray (48 Mbit/s) backups I have on a server, unfortunately I am unable to stream without frames dropping and buffering.
23:14 < jana> I ran a iperf test from a laptop (server mode) - it returned 94.1 Mbits/sec
23:14 < Apachez> try iperf
23:14 < Apachez> verify phy settings
23:14 < fly_agaric> do I need to delete phase 1 and 2 SAs if  I make configuration changes in phase 1?
23:14 < Apachez> if 100Mbps then try to set static 100/F at both ends
23:14 < fly_agaric> its a site to site vpn
23:15 < fly_agaric> vpn phase 1 is not working and i only have control of my firewall
23:16 < UncleDrax> Apachez: ....
23:16 < Apachez> then remove the sa's and let it reneg?
23:16 < UncleDrax> jana: possible it's a issue with the encoding/decoding.. have you tried it back-to-back or something to eliminate that? if you're getting 94Mbit via iPerf, then you know the DECA stuff is working right
23:17 < UncleDrax> or it should be
23:17 < fly_agaric> Apachez: okay so i need to remove the sa on both sides right?
23:17 < Apachez> one end should be enough
23:17 < Apachez> to start reneg
23:18 < fly_agaric> okay then i dont understand why i cannot enter phase 2
23:18 < jana> Apachez>: What is "static 100/F", apologizes, somewhat of a layman when it comes to networking
23:18 < fly_agaric> all parameters in my vpn debug are equal like Encryption Algorithm, Key Length, Hash Algorithm, Authentication Method, Life Type,Group Description and Life Duration
23:19 < jana> <UncleDrax>: It's not an encoder/decoder issue as if I playback from the gig Ethernet they stream just fine
23:19 <+pppingme> jana most likely means 100mb/s at full duplex
23:21 < ||cw> jana: is the stream TCP or UDP?  did you perf test in UDP too?
23:21 < UncleDrax> is deca half?
23:22 < jana> <pppingme>: Oh yes, of course, I agree that's what Apachez meant
23:22 < UncleDrax> guess maybe it has to be since it's a coax plant..
23:22 < jana> This is the product - https://www.amazon.com/PACK-Broadband-Ethernet-Generation-Supplies/dp/B01AYMGPIO
23:23 < jana>  This unit can be used to run Ethernet over existing coax cable. The DECA network is a shared 200Mb/s, or the same speed as full duplex 100Mb/s Ethernet.
23:23 < Apachez> use iperf to verify performance
23:23 < Apachez> could also be that your coax only does half duplex
23:24 < Apachez> so you need to configure it into 100/H
23:24 < jana> <||cw>: It uses a Samba/CIFS share - so I think it uses a mix of TCP and UDP, the iperf test I ran was only TCP
23:25 < Apachez> well there ya go
23:25 < Apachez> sambo/cifs is usually shitty when it comes to performance
23:25 < Apachez> all sort of trouble to configure it properly
23:25 < Apachez> cant you use http or such instead?
23:25 < Apachez> since your mediabox will mostly download movies and not upload them?
23:26 < UncleDrax> well if it's for playing media...
23:26 < jana> The share works just fine over Ethernet?
23:27 < jana> Yes, it's only for streaming
23:28 < jana> iperf returned the following - [  4]  0.0-10.0 sec   113 MBytes  94.1 Mbits/sec
23:30 < UncleDrax> outa curiousity, if you let it run longer, does the performance tank? also can/have you run it bidir?
23:32 < jana> <UncleDrax>: Will try now and report back, I will set the time for 2 minutes?
23:34 < UncleDrax> i don't know enough about the particularities of traffic for SMB streaming for large content.. but i'd prob try like.. 5-10min. just to see what it does. should only cost you time
23:34 < UncleDrax> that said, I also don't know what kind of overhead using SMB causes.
23:35 < ||cw> smb causes a lot of overhead
23:35 < brentaarnold> Anyone got an opinion on the Brocade/Ruckus ICX switches?
23:35 < UncleDrax> tbh, if you can graph traffic on the devices (the DECAs or the ports you have attached to them) you should be able to tell if it's using your full 90+Mbit or not
23:35 < ||cw> my last cheapy nas would iperf at 800Mbps, and smb at 150
23:35 < UncleDrax> brentaarnold: i have some.. but never logged into them. so honestly couldn't tell you.
23:36 < brentaarnold> Haha, meaning they always work?
23:36 < UncleDrax> brentaarnold: no, I mean most are sittig in boxes waitint to be turned on for projects.
23:36 < brentaarnold> UncleDrax I see
23:36 < UncleDrax> ||cw: ya, every now and again I get a customer that wants to proof circuit CIRs by using windows file copy metrics.. yes.. it makes me want to become a hermit
23:37 < djph> UncleDrax: you mean I can't test my circuit with windows file copy?
23:37 < UncleDrax> djph: I will answer your question in approximately 10.. 5.. 25.. 10985....2 minutes.
23:38 < djph> bahhahahaha
23:40 < jana> [  4]  0.0-120.1 sec  1.32 GBytes  94.1 Mbits/sec
23:41 < jana> I can run a longer test, but that looks good
23:41 < UncleDrax> jana: ok that seems good. no wonky pattern? no packet loss?
23:41 < UncleDrax> oh right i'm thinking visuals ones
23:41 < UncleDrax> but that should be constant then for the CLI one right?
23:41 < jana> Nope, nothing else reported back, or do I have to turn on a verbose flag to see those?
23:42 < UncleDrax> I haven't used the CLI version that often.. i'll defer to someone else
23:42 < UncleDrax> 1800 almost.. so time for me to get going anyway. gluck
23:42 < jana> Which visual ones are those?
23:42 < jana> No worries, thanks for trying to help
23:43 < UncleDrax> i've used jPerf.. jsut a java GUI for iPerf.. only good thing is it has a pretty graph for people to look at
23:44 < jana> Oh I see, will take a look at that too
23:45 < UncleDrax> (these days I use test-sets for that sorta thing though)
23:57 < jana> Settings for enp2s0:
23:57 < jana> 	Supported ports: [ TP MII ]
23:57 < jana> 	Supported link modes:   10baseT/Half 10baseT/Full
23:57 < jana> 	                        100baseT/Half 100baseT/Full
23:57 < jana> 	                        1000baseT/Half 1000baseT/Full
23:57 < jana> 	Supported pause frame use: No
23:57 < jana> 	Supports auto-negotiation: Yes
23:57 < jana> 	Supported FEC modes: Not reported
23:57 < jana> 	Advertised link modes:  10baseT/Half 10baseT/Full
23:57 < jana> 	                        100baseT/Half 100baseT/Full
23:57 < jana> 	                        1000baseT/Full
23:57 < jana> 	Advertised pause frame use: Symmetric Receive-only
23:57 < jana> 	Advertised auto-negotiation: Yes
23:57 < jana> 	Advertised FEC modes: Not reported
23:57 < jana> 	Link partner advertised link modes:  10baseT/Half 10baseT/Full
23:58 < djph> ew, that's so slow.
--- Log closed Fri Jul 06 00:00:27 2018