[00:30] <brycec> You can set a name and still use an IP.  host=$IP and menu=$name 21:17:23               ⤷ | because often you want to use names rather than ip's.
[00:30] <brycec> eg: ++++HEtserv3fmt2v4
[00:30] <brycec> host = 72.52.104.74
[00:30] <brycec> menu = tserv3.fmt2
[00:30] <brycec> title = Fremont, CA, US (tserv3.fmt2 72.52.104.74)
[00:31] <brycec> And yes, I had those particular probes using DNS lookups, so if DNS wasn't even resolving, gaps.
[00:33] <brycec> Which is the definition for https://smokeping.cobryce.com/?target=Internet.HENet.NorthAmerica.HEtserv3fmt2v4
[00:46] *** cloudkitsch has joined #arpnetworks
[02:17] <mercutio> i'd like to reference by name
[02:18] <mercutio> and have it do a dns lookup on config load or something
[02:18] <mercutio> i dunno, for things like google it remaps things at diff times
[02:18] <mercutio> but async dns is kind of a pita
[02:18] <mercutio> i wonder what fping is doing
[02:20] <mercutio>  Do not retry twice DNS lookup on DNS lookup problem
[02:20] <mercutio> hmm i wonder if that would help
[02:20] <mercutio> that was changed in may last year
[02:20] <mercutio> version 3.10
[02:21] <mercutio> src/options.h:#define DNS_TIMEOUT 1000         /* time in micro_sec for dns retry */
[02:21] <mercutio> just reducing that could help too
[02:21] *** cloudkitsch has quit IRC (Remote host closed the connection)
[02:22] <mercutio> i wonder if youi can set from command line
[02:22] <mercutio> oh nothing seems to reference it :/
[02:28] <mercutio> yeah it's just doing gethostbyname
[02:28] <mercutio> so it's not even doing saync
[02:29] <mercutio> the easiest solution may be to run something else before it that does async lookup on all of the names
[02:39] <mercutio> what about adns/adnshost?
[02:55] <mercutio> think i got something
[03:01] <mercutio> http://weallsee.net/asyncdnsfping
[03:01] <mercutio> hackish, buut calls adnshost then fping
[03:06] *** RandalSchwartz has quit IRC (Ping timeout: 256 seconds)
[04:49] *** carvite has quit IRC (Ping timeout: 264 seconds)
[05:10] *** carvite has joined #arpnetworks
[06:46] *** dne has quit IRC (Ping timeout: 272 seconds)
[06:55] *** dne has joined #arpnetworks
[09:12] *** RandalSchwartz has joined #arpnetworks
[09:12] *** RandalSchwartz has quit IRC (Changing host)
[09:12] *** RandalSchwartz has joined #arpnetworks
[10:54] <grody> i have too much 2.4Ghz in my flat
[10:55] <grody> trying to have 2.4 wifi, bluetooth, coordless phones, wireless mice/keyboard all using the same spectrum, it gets messy
[10:55] <grody> have got 5GHz wifi, but only a few things use it
[10:55] *** hive-mind has quit IRC (Ping timeout: 265 seconds)
[10:56] <grody> looking at spectrum analysers, in combination from scatter noise from neighbouring wifi, there is absolutely no clear airspace in the 13 channel scope
[10:56] <grody> even cross-over channels are being used as some AP's primary
[10:57] <grody> soon as one or more statiosn start saturating 50mbps over 2.4GHz, it sends my bluetooth audio system awack
[10:57] *** hive-mind has joined #arpnetworks
[11:51] <m0unds> yeah, it isn't helpful that lots of ISPs' modems started including a wlan radio and most don't educate their customers about that
[11:52] <m0unds> so they go and buy another router, and have the secured (not in use) modem wlan network as well as their new router all crowding stuff up
[12:06] <grody> have hidden my 2.4GHz away in a cupboard so it doesn't see other wifi's as easy (perfectly located to cover the flat too) - but it still crosstalks a lot and can see differences in wifi to wifi transfers at different times
[12:06] <grody> would go ac, but only have a single device with capability
[12:06] <grody> 5Ghz has about 7 APs i can pick up
[12:07] <grody> 2.4 there are about 20
[14:02] <mercutio> the biggest problem with 2.4 is people using 40 mhz in built up areas.
[14:02] <mercutio> i think 2.4 shoudl shift to 10 mhz if everyone's gong to use it
[14:03] <mercutio> but who wants to buy a router with slower wifi by default?
[14:04] <staticsafe> no one
[14:04] <staticsafe> especially when 5Ghz is becoming the norm
[14:04] <mercutio> yeah i'm actually wondering about 5ghz+lte :/
[14:04] <mercutio> like the most annoying thing i find is when i go to the letterbox my wireless drops
[14:05] <mercutio> and it can't carry over to 3g when using skype
[14:05] <mercutio> but my cordless phone cuts outt too
[14:05] <mercutio> oh, maybe sticking wireles higher up would go down hill better, hmm..
[14:50] <mercutio> grody: cordless phones are 1.8 ghz here, are you sure yours are 2.4 ?
[14:56] <plett> It's likely that grody's phones are DECT, which has its own band at 1880-1900MHz. It would be unusual to have phones at 2.4
[14:57] <mercutio> plett there may be some that do 2.4?
[14:58] <staticsafe> cordless phones, microwaves
[14:59] <staticsafe> its a well known problem
[14:59] <plett> mercutio: 2.4 is an unlicenced ISM band, so it's possible that there are phones using it, but it would be very unlikely in the UK. I can't speak for the rest of the world though
[15:00] <plett> And I have used some quite horrible 802.11b SIP wifi phones in the past which would have been in 2.4
[15:04] <mercutio> my sip phones are dect
[15:04] <mercutio> and there are two, because otherwise i have battery issues
[15:05] <mercutio> i still wish they had bettery passive battery life, like when waiting for a call
[15:06] <mercutio> i also have sip on my cellphone, so i can voip from anywhere :)
[15:06] <mercutio> but lots of people i know are shifting off voip to just straight cellphone
[15:12] <plett> I also have SIP DECT phones here. The next step is to get people to call the SIP number rather than the actual landline
[15:13] <mercutio> can't you just put the landline nuumber on the voip?
[15:13] <plett> I have an ATA on the landline which does that. But porting the number out to a SIP provider would be problematic for the DSL that I have on the line
[15:14] <mercutio> oh
[15:14] <mercutio> here we have "naked" dsl which is dsl without landline
[15:14] <plett> The only people who ever call the landline are my mum and my wife's parents. It can't be too much work to get them to update their address books :)
[15:15] <mercutio> i don't have any landline anymore
[15:15] <mercutio> maybe unplug the phone and they'll get hte mesage?
[15:15] <mercutio> i assume you've given them the new number
[15:16] <plett> Not yet, they don't like change that much
[15:16] <mercutio> ahh
[15:17] <plett> Also it's not really a problem, the same set of handsets ring when either number is called
[15:17] <mercutio> i think it is kind of complicated here too
[15:17] <mercutio> ahh
[15:18] <mercutio> and you have to port landline numbers to get "non-weird" looking numbers.
[15:18] <mercutio> ie, i have one in a city where all the numbers are 3/9 and i have a 7
[15:18] <mercutio> err start with a 3 or 9
[15:19] <mercutio> the 9s were alternate providers, dunno where the 7 came from :)
[15:20] <plett> Kind of the same here too, but there are enough providers with allocations that people are used to numbers beginning with all sorts of digits
[15:20] <mercutio> ahh cool
[15:20] <mercutio> when i was a kid i kind of knew where all the different number blocks were location wise.
[15:21] <mercutio> and i thought it nifty that numbers would be in area/region so you could tell where somebody was generally
[15:22] <mercutio> but with voip you have no idea :)
[15:26] <plett> Only the area code has geographic significance here any more. I think numbers inside an area code used to be allocated to particular exchanges or subsection of the exchange, but that went away when exchanges went digital about 20 years ago
[15:26] <plett> After that it was just a single pool of numbers that could be routed anywhere
[15:27] <mercutio> oh ok they've been saying they'll go digital for 20+ years here
[15:27] <mercutio> but atm you can't actually port a landline between area codes.
[15:27] <mercutio> so you move from one house to another in a different suburb you hvae to change numbers.
[15:27] <BryceBot> That's what she said!!
[15:28] <mercutio> well unless you go voip
[15:28] <plett> You can't port between area codes here either. But these days you'd port it out to voip if you wanted to keep the old number
[15:28] <mercutio> like the exchanges themselves can't handle having foreign numbers, but the systems that route to the exchanges can.
[15:29] <mercutio> well voip is the future i suppose
[15:30] <plett> My view is that "telephone numbers" will be about as relevant in 5 years time as fax machines are now
[15:30] <mercutio> heh when i first got my phone connected i had to send them a fax
[15:30] <mercutio> i haven't sent a fax since
[15:31] <mercutio> that was like 15 years ago
[15:31] <plett> Yeah
[15:31] <mercutio> it's so much easier to get phone lines etc now
[15:31] <mercutio> but i was surpriseda bout how much of a pita it was back then, and it's not even that far back
[15:32] <plett> There is so much pointless red tape and regulation involved in calls to/from the PSTN here, it's pretty much impossible for a new company to enter the market and be competitive
[15:33] <mercutio> i think it's nifty on voip when it tells you who's ringing you
[15:33] <mercutio> i love that feature
[15:33] <mercutio> like not just caller id, but caller name
[15:33] <mercutio> and not just from a phone book, but passed through from the provider.
[15:33] <plett> So I am expecting people to just go around the regulators by not using phone numbers, SIP URIs instead, or facebook names, or whatever
[15:34] <mercutio> well i'm just as happy to use skype as voip
[15:34] <mercutio> and certain subsections of people skype is really taking off for
[15:34] <mercutio> like people with relatives in other countries it's huge with
[15:35] <plett> Yep
[15:35] <mercutio> actually i think most younger people have access to it esaily now, i was trying to think of older people because that's more difficult.
[16:05] <mnathani__> just got a new printer that has an ssl enabled web interface
[16:05] <mnathani__> trying to get my wildcard cert installed on there
[16:06] <mnathani__> it says it needs a pkcs #12 encoded file
[16:06] <mnathani__> all of my attempts to encode that file have failed
[16:08] <mercutio> it doesn't just use cloudprint?
[16:08] <mercutio> maybe try google
[16:08] <mnathani__> web interface for configuration
[16:09] <mnathani__> wondering how I can test my pfx bundle
[16:17] <mercutio> i got a cheap fancy printer, and i haven't used it in ages.
[16:18] <mercutio> but i was surprised how far they'd come with interfaces etc.  but the printer tray sucked :)
[16:18] <mercutio> and i managed to jam it with hardly using it.
[16:22] <mnathani__> my pfx loads fine into windows cert manager
[16:22] <mnathani__> but the printer won't accept it
[16:22] <mercutio> why do you need https to config it?
[16:22] <mnathani__> mismatch of accepted keysize or something
[16:23] <mnathani__> it switches to ssl when entering address book entries automatically
[16:23] <mnathani__> for the scan to email function
[16:23] <mercutio> oh
[16:23] <mnathani__> it still works with invalid ssl and all sorts of warnings
[16:23] <mercutio> i found scanning more of a pita than printing
[16:24] <mnathani__> I tried adding the cert it was using to my trusted certs, but it has a different common name on its cert so still invalid
[16:34] *** mnathani__ has quit IRC (Ping timeout: 264 seconds)
[16:34] *** mnathani_ has joined #arpnetworks
[17:41] <m0unds> updating firmware on my head unit and radio integration dingus is a little funny
[17:42] <mnathani_> got the printer ssl working. Ended up generating a self signed cert and encoding that to the pkcs #12 pfx
[20:18] *** mjp has quit IRC (Remote host closed the connection)
[20:22] *** mjp has joined #arpnetworks
[20:26] <mjp> no valid ssl cert for arpnetworks website?
[20:26] <mjp> https://www.ssllabs.com/ssltest/analyze.html?d=support.arpnetworks.com
[20:29] <mnathani_> dont think thats intended to be ssl
[20:29] <mnathani_> since its hosted at tenderapp
[20:30] <mnathani_> see https://www.ssllabs.com/ssltest/analyze.html?d=graphs.arpnetworks.com&latest
[20:31] <mjp> so were supposed to send/read our account creds & VNC/serial console creds in the clear ?
[20:31] <mjp> ssl is pretty much free these days
[20:31] <mnathani_> thats under portal
[20:31] <mnathani_> which is ssl
[20:32] <mjp> ah well there you go
[20:33] <mjp> i guess its only the cookie for support that get sent in the clear, once you have already authed with portal
[20:33] <mjp> (have not verified that, but i assume thats how it works)
[20:34] <mnathani_> appears that way
[20:55] <mercutio> you're safe accepting it, it's registered to tenderapp
[20:56] <mercutio> there really needs to be better stuff for deciding who to accept
[20:56] <mercutio> like spf records
[20:56] <mercutio> support is mostly about articles telling you how to do stuff
[21:01] <mjp> hey support's ssl is perfectly secure.. nothing to sory about heh
[21:01] <mjp> SSL 2, which is obsolete and insecure/insecure Diffie-Hellman (DH) key exchange parameters/supports 512-bit export suites and might be vulnerable to the FREAK attack/vulnerable to the POODLE attack/vulnerable to MITM attacks because it supports insecure renegotiation
[21:04] <mjp> LS_RSA_WITH_RC4_128_MD5 (0x4)   WEAK
[21:12] <mercutio> oh
[21:13] <mercutio> how common are mitm attacks really?
[21:13] <mercutio> you know the browser should just remember if a site has used more secure ssl before
[21:13] <mercutio> and if it downgrades in security alert the user
[21:16] <mjp> depends what network you are using at the time i guess :)
[21:17] <mercutio> i think there's moce chance of something like paypal being spoofed with a "valid" certificate
[21:17] <mercutio> if mitm attacks are done, i'm sure it'll be to try and make money
[21:18] <mercutio> or for political reasons
[21:19] <mercutio> it's not going to be to try and get the password of some vps
[21:20] <mjp> i imagine people doing this on public wifi etc would be oppotunistic and get whatever they can
[21:21] <mercutio> oh public wifi i didn't think of that
[21:21] <mercutio> i thought of dns injection attacks etc
[21:22] <mercutio> it's more that it's easier to bruteforce rather than trivial isn't it?
[21:27] <mjp> i dont bother to find out, i just fix my ssl certs so they get A+ rating
[21:28] <mercutio> i should use my secure cert
[21:28] <mercutio> i've been using cloudflare's one
[21:28] <mercutio> i don't even know how that works
[21:29] <mercutio> like how can they give away free ssl certs?
[21:29] <mjp> also restrict cipher suites available for use in apache
[21:29] <mercutio> maybe support.arpnetworks.com should be on cloudflare
[21:29] <mercutio> would make problem look like it's gone away :)
[21:29] <mnathani_> the link from the portal is still non ssl
[21:29] <mercutio> support doesn't support https
[21:29] <mercutio> because it's using tender
[21:30] <mercutio> mnathani_: the link to support?
[21:30] <mercutio> it'd still allow ntt to do something weird
[21:30] <mnathani_> yea
[21:30] <mercutio> but it would atke away wifi issues
[21:30] <mnathani_> link to support
[21:30] <mercutio> i actually kind of like cloudflare now
[21:30] <mercutio> i feel dirty saying that
[21:30] <mjp> where i work, everything is ssl by default
[21:31] <m0unds> mercutio: https://blog.cloudflare.com/universal-ssl-encryption-all-the-way-to-the-origin-for-free/
[21:31] <mercutio> i mean there are things that i don't agree wtih, like hosting both their nameservers in the same location
[21:31] <mercutio> but generally it seems to work well
[21:32] <mercutio> m0unds: that wouldn't work
[21:32] <mjp> you dont need cloudflare to fix an ssl problem
[21:32] <mercutio> as it's supplying tender's ssl cert
[21:32] <mercutio> actually
[21:33] <mercutio> yeah so it's not even on their netowrk
[21:33] <mercutio> network
[21:33] <m0unds> that was the wrong link, haha
[21:36] <m0unds> i'm too lazy to find it again
[21:36] <mercutio> heh
[21:36] <m0unds> there was a post from someone at cloudflare outlining the cost part of it
[21:36] <mercutio> anyway, the big question is: does it matter?
[21:36] <m0unds> doubt it
[21:37] <m0unds> i rarely use public wifi, and if i'm forced to for some reason, i use a vpn
[21:38] <mercutio> ok it takes a few hours to break
[21:38] <m0unds> doesn't mitigate weak cipher selection or whatever, but open public networks are cesspools anyway
[21:38] <mercutio> and the rsa cert stays the same until you restart apache
[21:38] <mercutio> it's worse than i thoguht it was
[21:40] <brycec> https://blog.cloudflare.com/introducing-universal-ssl/ is the link m0unds referred to, I believe
[21:42] <mjp> why wouldnt you just upgrade to a new/strong ssl cert and fix apache? heh
[21:43] <mjp> you dont know where customers will access your https site from
[21:45] <mercutio> mjp, arp doesn't host it i was saying
[21:45] <mercutio> so it's not possible for them to
[21:45] <mercutio> only to suggest it be done
[22:21] <m0unds__> started getting packet loss again
[22:27] <m0unds__> must have just been a blip, i'm able to connect again. bleck.
[22:30] <mercutio> weird
[22:30] <mercutio> i've never had any issues connecting
[22:31] <mercutio> i had a brief issue earlier today on smokeping, but it didn't look like it was related to arp
[22:31] <mercutio> as multiple sites had issues at once
[22:47] <brycec> Strangely enough, my ssh session dumped me out
[22:47] <brycec> (and I just noticed :p)
[22:48] <mercutio> my computer crashed this morning while i was asleep
[22:48] <mercutio> it's weird because it always crashes when i'm not around
[22:48] <mercutio> and X just shows the time it crashed (along with all the windows) with no kernel messsages :(
[22:48] <mercutio> but it also means i can't see if any of my ssh sessions died
[22:48] <brycec> lol
[22:49] <mercutio> it's happened like 3 times in the last week or something, and used to always be stable.
[22:50] <mercutio> i imagine it's zfs related
[22:51] <mercutio> because i have git zfs
[22:53] <mercutio> actually it looks like 5 times in 3 days
[23:28] <m0unds> brycec: yeah, mine dropped and kitty chimed at me while i was doing something else otherwise i wouldn't have noticed
[23:35] <mercutio> oh is this an "active" shell rather than an idle shell?
[23:36] <mercutio> ie following irc etc
[23:36] <mercutio> that can sometimes time out easier with loss
[23:36] <BryceBot> That's what she said!!
[23:36] <mercutio> whereas nat timeouts more affect idle clients
[23:43] <brycec> Yes, an active SSH session, at least as active as ServerAlive* and TCPKeepAlive, as well as frequently updating screen content. (It's an ssh session that never dies on its own). I have ServerAlive* set to 5*60, so that was 3 minutes without a server response to a keepalive message. :/
[23:43] <mercutio> i don't set any of that stuff and my ssh sessions don't die
[23:44] <mercutio> but yeah that means too many resends
[23:44] <mercutio> ie severe loss
[23:44] <mercutio> have you noticed when you have a lossy connection that sometimes pressing an extra key can speed it up and echo the earlier key?
[23:45] <mercutio> active can often speed up recovery
[23:46] <mercutio> brycec: did you see my fping script?  dunno what you think of it, kind of hackish :)
[23:47] * brycec did not
[23:48] <mercutio> http://weallsee.net/asyncdnsfping
[23:48] <mercutio> or https
[23:49] <mercutio> it can probably be done cleaner
[23:50] <mercutio> but that should prefeed dns cache