[00:01] <mercutio> genericweb
[00:11] <kellytk> Thank you mercutio.  Leveraging the reserved domain "example.com" was too attractive in the end and I went with that.  As you'll see, it worked out
[01:36] <kellytk> Is it a selling point for company websites running over HTTPS?  (this does not include signing in et. al naturally)
[03:09] <mike-burns> I block JS, images, and cookies from non-HTTPS Web sites.
[03:17] <mercutio> most sites are shifting towards https
[03:17] <mercutio> some quicker than others
[03:17] <mercutio> there's positives and negatives.
[04:27] *** SpaceDump has quit IRC (Ping timeout: 255 seconds)
[04:27] *** SpaceDump has joined #arpnetworks
[06:23] <grody> bespokeserver.com
[06:24] <grody> i think i call most of my servers AvinIT v.blah
[08:24] <m0unds> https://blog.shodan.io/its-the-data-stupid/
[13:02] <kellytk> mike-burns: May I ask why you block images from non-HTTPS websites?
[13:03] <kellytk> grody: That isn't a real site is it?  The menu links don't work
[13:10] <mike-burns> kellytk: images can be exploited at a surprising rate. My bias: I am (one of) security@ for my company. We make a bunch of open source products, including a file uploading library for Rails (we make Paperclip). I've dealt with multiple emails to security@ for vulns (all of which are fixed now so I can talk about them) around using image uploads to exploit Web browsers.
[13:11] <mike-burns> So I figure: if I'm going to be exploited, I want it to be by the Web site itself and not from some MITM.
[13:12] <mike-burns> Given how crazy font rendering is, I'd block custom fonts from non-HTTPS if I could figure out how.
[13:13] <kellytk> mike-burns: That makes sense, thank you
[14:18] *** solj has joined #arpnetworks
[14:51] *** dj_goku_ has joined #arpnetworks
[14:52] *** dj_goku has quit IRC (Read error: Connection reset by peer)
[14:53] *** solj has left 
[14:53] *** acf__ has quit IRC (Ping timeout: 240 seconds)
[14:54] *** acf_ has joined #arpnetworks
[14:55] <grody> kellytk, im not entirely sure.. the location is not far from me, but i have never heard of them
[14:56] <grody> it's been registered by what looks like an individual, no company name - but that doesn't mean they aren't a sole trader
[14:57] <grody> was just some random site i remember i helped a customer to use for their site (since it was an sitebuilder site)
[14:57] <grody> s/an/a/
[14:57] <BryceBot> <grody> was just some radom site i remember i helped a customer to use for their site (since it was a sitebuilder site)
[14:59] <grody> simple, clean, efficient, no hidden palava or mind numbing navigation
[14:59] <grody> i imagine the holder of example.com gets a lot of traffic if they were to run MTA/HTTP
[15:07] <staticsafe> example.com is run by IANA and is defined in RFC to be used for documentation etc.
[15:08] <m0unds> ^
[15:09] <grody> there ya go :)
[15:10] <grody> i noticed an odd thing with IANA assigned IPv6 for "special use" when i misconfigured an IP41 on a 3G connection with no actual support for it - was quite shocked as i never saw that before
[15:10] <grody> it ofc didn't work, but before it'd link local only
[15:17] <kellytk> staticsafe: That's why I went with it, and said last night "Leveraging the reserved domain "example.com""
[15:17] <kellytk> It's too convenient to pass up
[15:35] <mercutio> example.com has no MX record
[16:14] *** grody has quit IRC (Ping timeout: 246 seconds)
[16:26] *** grody has joined #arpnetworks
[16:29] <grody> :(
[16:29] <grody> &%"%! IPSec ^&"(!£ pfSense
[18:19] <grody> mercutio, 417mbps
[18:20] <mercutio> huh?
[18:20] <grody> NAT traffic this router will handle (software)
[18:20] <grody> was a simple port to port with masq
[18:21] <grody> claims 900 in hardware (original firmware) - it became unresponsive when i saw it hit 417mbps
[18:21] <grody> that meets the (if ever) 300mbps service i may one day dream of
[18:23] <m0unds> grody: what packet size were you testing with?
[18:24] <m0unds> i'd almost guarantee the claim is based on ~1500byte frame size
[18:25] <m0unds> testing with IMIX wouldn't look as good from a marketing standpoint
[18:25] <grody> yea 1500
[18:26] <grody> did read that 3000 should work (probably 9000) but meh
[18:26] <grody> technically that should reduce load
[18:27] <grody> i wonder...
[18:28] <grody> bit scared of tampering MTU actually on this switch.. had to fiddle it just to get 1508 MTU on PPPoE
[18:28] <m0unds> heh
[18:28] <grody> wasn't as straight forward as it should have been
[18:30] <grody> bizaare as hell though
[18:31] <grody> small PI space i manage, added a rule to allow a sort of spoofing from my @home IPs and routed them via it
[18:31] <grody> me > tunnel > server (No NAT) > | > server > me
[18:32] <grody> odd as hell
[18:34] <grody> trying to fix policy routing between ARP | ME | OVH to have a simple choice exit point based on dest IP w/o sending crap or bad traffic
[18:37] <mercutio> bgp!
[19:08] <grody> http://www.speedtest.net/my-result/4517203674
[19:08] <grody> thats interesting
[19:08] <grody> yea sadly i no longer own any PI space, i do manage a /22 mind
[19:09] <grody> didnt actually realise this host was on the west coast
[19:10] <mercutio> you didn't know arp was on west coast?
[19:10] <grody> lol no
[19:10] <grody> i did wonder why the ping was 70 odd ms higher than my NYC server
[19:11] <grody> might have to get some PI/PA on IPv6 - should be easy enough
[19:12] <grody> gonna have to poke around NZ, see what route it takes to ARP
[19:13] <mercutio> you don't necessarily need pi space for ipv6
[19:13] <mercutio> you just need permission to re-advertise the space.
[19:14] <grody> hmm
[19:14] <grody> then again.. most provision of IPv6 i have are /48's
[19:14] <grody> ARP, AA and even HE
[19:15] <grody> have the blocking weird with AA - routed as /52's
[19:17] <grody> ideally i want to mesh all my VPS into a single VBC of sorts, with Alias IPs on each IP allocation each provider offers
[19:18] <grody> that way they can all use their own IPs from their providers, but take alternate routes for other kinds of policy routing
[19:18] <grody> ie: now all my traffic from @home to ARP and OVH is OpenVPN first, if OVPN link down, over internet as-is
[19:20] <mercutio> sounds complicated
[19:20] <grody> i can divert one (or more) hosts or subnets via a designates gateway (US/FR/UK) as request, even if the IP sourcing is a public IP of another hoster, it gets NATd on the outbound of given exit
[19:20] <grody> im not allowed to do simple things
[19:20] <grody> been setting this up more precisely all weekend with lots of success.. i went to print a letter of resignation the other day and my wireless printer decided it wasn't going to work
[19:21] <grody> it took me ages to figure out CUPs on the laptop was using the old printer (static) location and not it's dynamic/discoverable
[19:24] <grody> gonna have to add the NYC into this now.. learning ARP is on west coat is just icing on the cake :D
[19:24] <grody> ideally i can send NZ via US to UK and not via it's stupid satelitel uplink over china/rus/eu
[19:25] <mercutio> satelite?
[19:25] <grody> im guessing.. the latency is about 300ms higher than it should be
[19:25] <mercutio> for nz?
[19:26] <mercutio> for new zealand?!
[19:26] <grody> sounds about right for 170 miles + 2000 mules + 170 mules
[19:26] <grody> yea
[19:26] <mercutio> there's no satelite here
[19:26] <grody> i get about 600 there, 600 back
[19:26] <mercutio> what
[19:26] <grody> really?
[19:26] <grody> where does it go?
[19:26] <mercutio> well not for normal people
[19:26] <mercutio> there's cables to australia that go to japan
[19:26] <grody> ahhh
[19:26] <mercutio> and cables from australia to singapore
[19:26] <grody> nothing to US?
[19:26] <mercutio> and there's cables direct to the US
[19:26] <mercutio> err via guam
[19:27] <grody> hmm
[19:27] <mercutio> umm
[19:27] <mercutio> what are your ping times to japan like?
[19:27] <mercutio> jp.meh.net.nz
[19:27] <mercutio> is easy site to test to
[19:28] <grody> from UK 290ms from ARP 100ms
[19:28] <grody> i wonder
[19:28] <mercutio> yeh so going via japan could give 500msec pings or something
[19:28] <grody> 260ms going via ARP from UK
[19:28] <mercutio> you know that your ping time to arp is less than 190 msec :)
[19:28] <grody> wait what
[19:28] <grody> how teh..
[19:28] <mercutio> it was 80msec from arp to jp.meh.net.nz
[19:29] <mercutio> it's 108 atm for me
[19:29] <mercutio> ok what about emerald.meh.net.nz
[19:29] <mercutio> what are your pings like to that?
[19:30] <grody> my routes are broken again :/
[19:30] <mercutio> oh
[19:30] <grody> oh wait.. pings are L2
[19:30] <grody> haha
[19:30] <grody> i was routing TCP/UDP
[19:30] <mercutio> ahh
[19:31] <grody> L3 sorry
[19:31] <mercutio> if it's 600 something is whack
[19:32] <grody> 300
[19:32] <mercutio> yeh
[19:32] <mercutio> that's more normal
[19:32] <mercutio> that's in new zealand
[19:32] <mercutio> what were you saying about weird routes?
[19:32] <grody> well, 294
[19:32] <mercutio> where to?
[19:32] <grody> thats gong via ARP over the OpenVPN
[19:32] <mercutio> oh
[19:32] <mercutio> what's it like native?
[19:32] <mercutio> i know the arp route is fine :)
[19:32] <grody> 260
[19:33] <grody> so not a massive loss
[19:33] <mercutio> 260 is damn good
[19:33] <grody> gameservers :)
[19:33] <mercutio> there's meant to be a new translantic cable sometime
[19:33] <grody> yea, my ISP has a pretty epic network
[19:33] <mercutio> which should bring down EU<->US ping
[19:33] <mercutio> gameservers is vultr
[19:33] <mercutio> jp.meh.net.nz is on vultr
[19:34] <mercutio> it's been having some network issues recently though
[19:34] <mercutio> i have a few vultr vm's i use for testing things
[19:34] <mercutio> and they all seem to have issues :/
[19:35] <grody> sounds like a phase heartinternet here went through
[19:35] <grody> no idea what it was.. had a few VPS and they went from great to ^&%£
[19:36] <grody> used to be a really good and cheap provider here years ago that were first to offer freebsd guests.. was brilliant until they sold their soulds
[19:37] <grody> i even gave up reselling VPS because the platforms broke more than they fixed
[19:37] <mercutio> heh
[19:37] <grody> i think a handful of my customers ended up using ARP
[19:37] <grody> since i diverted them here when i shut it down
[19:39] <grody> remember doing that, site was google adsensed and for the next 6 months i kept getting ARP ads
[19:39] <grody> oddly you said BGP as i was speed testing the UK > ARP routing and it was advertising BGP peers
[19:40] <grody> i swear browsers steal text from screen
[19:41] <grody> wow.. ARP to that host is 100ms
[19:41] <mercutio> to what host?
[19:41] <grody> that .nz host
[19:41] <mercutio> jp?
[19:42] <grody> ARP goes via CORESITE to asiannet then scnet and whatever
[19:42] <mercutio> jp is japan
[19:42] <grody> UK foes the same route from asiannet out
[19:42] <mercutio> emerald is nz though
[19:42] <grody> AA > LINX > AISANET
[19:43] <grody> ah, ARP > Phyber > Coresite > AsiaNet
[19:44] <grody> wonder what happens between Linx and asianet - it's a direct hop and goes from 10ms to 150ms
[19:45] <grody> http://pastebin.com/6Wp1gb1t
[19:46] <mercutio> yeah pacnet suck
[19:46] <grody> http://pastebin.com/7QUTMxnH
[19:46] <mercutio> i dunno 150 from uk to los angeles is normal
[19:46] <grody> similar with ARP
[19:46] <mercutio> hop 5 is los angles
[19:46] <mercutio> hop 6 is japan
[19:46] <grody> yea, lax
[19:46] <mercutio> i suspect
[19:47] <mercutio> aimless is a weird name for a router
[19:47] <grody> haha
[19:47] <grody> AA name all their stuff something"less"
[19:48] <grody> i should obtain a .net.uk for network naming
[19:48] <grody> but i like the comedial effect
[19:48] <grody> comical?
[20:26] <grody> interesting flaw in pfsense
[20:26] <grody> regardless of firewall rules, openvpn client in tap mode to server, server to client can talk to networks in reach via the openvpn
[22:38] *** dj_goku_ has quit IRC (Read error: Connection reset by peer)
[22:44] *** dj_goku has joined #arpnetworks
[23:41] <plett> grody: You would need to be an ISP to get a .net.uk