RandalSchwartz: shutdown -h now turns on "power off" processing
works better in virtualbox, anyway
***: nakano is now known as nakano_
smokey_ has joined #arpnetworks
smokey_ is now known as yekoms
schmir has joined #arpnetworks
LT has joined #arpnetworks
nakano_ is now known as nakano
schmir has quit IRC (Remote host closed the connection)
schmir has joined #arpnetworks
schmir has quit IRC (Remote host closed the connection)
schmir has joined #arpnetworks
ziyourenxiang has joined #arpnetworks
Lefty has quit IRC (Remote host closed the connection)
ziyourenxiang has quit IRC (Quit: ziyourenxiang)
shansa has joined #arpnetworks
shansa has quit IRC (Quit: leaving)
Ehtyar has quit IRC (Remote host closed the connection)
unenana has joined #arpnetworks
unenana has quit IRC (Client Quit)
schmir has quit IRC (Remote host closed the connection)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
schmir has joined #arpnetworks
LT has quit IRC (Quit: Leaving)
schmir has quit IRC (Remote host closed the connection)
schmir has joined #arpnetworks
schmir has quit IRC (Remote host closed the connection)
schmir has joined #arpnetworks
schmir has quit IRC (Remote host closed the connection)
wallshot has joined #arpnetworks
wallshot: seems after you hit "professional" level on the he.net ipv6 certs, godaddy dns no longer cuts it
they serve up AAAA records, but they aren't themselves on ipv6
***: nakano is now known as nakano_
RandalSchwartz: too bad
not ipv6 ready
lots of them aren't
hover.com for example
***: Lefty has joined #arpnetworks
wallshot: it's a shame, because it's SO easy to get on ipv6
and bind it to your ns
any company with half a budget shouldn't have a problem with it
RandalSchwartz: there's a lot of legacy code, and some people don't understand how close we are, or disagree with it
toddf: disagree. muhahahahaha. thats tame. I've had people shout at me that IPv6 is doomed to failure because of its academic qualities and ignorance of the past. (academic qualities = too many options, initially no PI space for companies, etc; ignorance of past = early v4 adopters got grandfathered clauses of royalty free IPv4 PI space; so `ancient' internet gurus have to suddenly fork over $2500 per year for similar in IPv6 land w/no option of multih
wallshot: boo hoo
toddf: note I'm not one of the early adopters (although had I been cluefull enough at the time I should have been *sigh*) and I ignore the academic fluff that makes life !fun; I get more IP's than I have systems with IPv6 and I can't fork over $1k/mo just to get `justifiable' IPv4 addresses that are not multihomed anyway, so IPv6 looks much better to me the way I run my home and office nets at this point in time ;-)
and $1k/mo would get me 1/4 the bandwidth I currently have .. yay
wallshot: well
the same people who horde diamonds and rubies would love to keep hoarding a decreasing supply of ipv4 in increasing demand environment
just keep raising the price
and making money off of not actually doing anything other than shouting "dibs!" first
like domain squatters
i don't see how "we want to control all the spice" is a valid jusitfication for preventing the release of spicev6
toddf: with the internet though it encourages more nat layers. sucks even more. mobile phone operators justify IPv6 with battery life and customer happiness due to no NAT on the firewall so persistent long lived tcp connections vs re-transmitting packets to twiddle the states in an agressively timing out nat firewall .. makes sense to me ;-)
wallshot: ooh didn't know the telco argument in favor of ipv6, that's neato
yeah nat is sorta an ugly hack
tho i do consider NAT a major part of my windows security precautions ;)
toddf: its not so much "we want to control" from their perspective as it is "if we are to make the transition and even play in the new stuff, how is $2.5k/yr for !equivalent anything but disinsentive?"
let me explain a myth away
NAT does not provide any security
if you have a properly setup firewall
wallshot: not "any" security?
toddf: which does not permit any packets in only outbound connections you get the same security as NAT with publically numbered windows systems
wallshot: you gonna be able to winnuke my 192.168 windows box from the internet?
yes you could do that too
toddf: NAT does not in itself provide any security
wallshot: though most home routers don't give you shit for control over the firewall
toddf: it is the firewall policy that does
wallshot: you just said it yourself
NAT has the same effect as certain firewall policy
toddf: correct
wallshot: obviously you could use firewall instead of nat
toddf: at least you acknowledge the two are equivalent
wallshot: but my home router doesn't offer me choices about what "firewall enabled" actually means
yes
toddf: I've had ``security experts'' literally kick me out of being service provider for $client because they said my plan to publically number windows sytems is stupid and a bad security decision because nat is security blah blah
wallshot: i aknowledge it only buys the "no random connections from public internet onto my tcp/139 open widnows machine
pffffff
nat's "security" is like a side effect of the hack to get more ip space
RandalSchwartz: apparently, ios v4 is ipv6-ready
v3 isn't though
and AT&T isn't ready everywhere yet
toddf: NAT's ``security'' is a side effect of the `optimize for the common scenario' when everyone is using it. there are so many NAT environments that the cookie cutter factories have found that firewalls w/out nat are so uncommon that they just optimize that option out of the equation and make boatloads due to their `simple' little devices ;-(
cisco ios has had IPv6 for a long time, some bigger routers don't do IPv6 in hardware like they do IPv4 hence some big players won't budget
budget
RandalSchwartz: you could get exactly what nat is doing for you with a stateful firewall
toddf: tmobile has a publically announced IPv6 trial going
comcast has a publically announced IPv6 trail going
I wish cox did, but 1 out of 2 in the US isn't bad .. now I justneed a N900 so I can talk IPv6 from OpenBSD over the tethered connection and I'd be right as rain
randalschwartz: see the top of the discussion, that's what I stated, in different words
wallshot: yeah i've used ipf happily for that. haven't dived into pf yet tho :/
toddf: wallshot: you'll be surprised how `simple' pf is ...
RandalSchwartz: yeah, I picked up pf in no time
just start simple.
***: shansa has joined #arpnetworks
wallshot: i found ipf to be simple after ipfw
no more rule numbers to organize was handy
tho obviously there were pros/cons with that change
jpalmer: wallshot: what is your username on he.net's cert thing?
wallshot: jprather
i bumped myself up a bit today :)
am on to the add-glue step
course i have no friggin clue wtf glue is so i'm googling a bunch :)
jpalmer: I saw, thought that was you.
in your registrar.. it's where you setup a new nameserver for like ns1.yourdomain.com the "glue" is the IP you associate with it. they're looking for an IPv6 record.
wallshot: oh
i already ... wait no i used hostnames
i had to use he.net's dns since godaddy's had no ipv6 of its own
jpalmer: if you used someone elses DNS servers, you didn't need glue records.
wallshot: ns2.he.net through ns5.he.net seem to all be dual stacked
jpalmer: yes, but there won't be any glue records for ns?.he.net for your domain. those glue records will only exist for the he.net domain
I guess we should start with a glue record actually does. ;)
wallshot: hah i'm sure there's a page that can save you some breath :)
jpalmer: lets say I own foo.com, and I want to run my own nameserver.. ns.foo.com
I go tell my registrar "use ns.foo.com"
wallshot: right
jpalmer: now, someone else comes along.. and they want to resolve "www.foo.com"
***: nakano_ is now known as nakano
wallshot: whois tells them it's ns.foo.com's call
jpalmer: the TLD nameservers will say "www.foo.com is run by ns.foo.com" but this is where you run into a problem.
if it's looking up the info for foo.com, and your info is HOSTED by the foo.com nameserver, there is nothing to look up, because the server it's tring to use, also houses the record for ns.foo.com
wallshot: yes, that's why i avoided going with ns1.mydomain
saw a chicken and egg issue
RandalSchwartz: but that's where *glue* comes in :)
wallshot: chose to let a turtle lay the chicken egg instead :)
jpalmer: the "glue record" is the IP you add to your registrar. it tells all the TLD nameserver "ns.foo.com is over there at 1.2.3.4"
RandalSchwartz: registrar provides not only the NS, but also the A/AAAA
wallshot: ooooooooh that's handy crap
jpalmer: so, to pass this stage, #1) understand the glue record. and #2, go to your registrar.. register a nameserver under your domain, and point it's A and AAAA record (at the registrar) to your nameserver (where you are running BIND or whatnot)
wallshot: apparently i cheated and got past it using he.net's nameservers :)
jpalmer: doh!
wallshot: i r teh sage of uberness
but
i must go look @ th is glue
cuz i don't want my arpnetworks vps to rely on he.net dns
jpalmer: well, ok. but, even though you passed it.. take a few minutes to learn and understand glue ;)
wallshot: exactly!
yeah this "certification"
isn't un-cheatable by a longshot
tho it's almost as easy to do it right as to cheat, plus those who bother to do it are nerdy enough to care to do it right if they can figure it out prolly :)
jpalmer: it's fun.. and it does help some people learn about a few things. which ultimately, is HE's goal. they want people to learn about IPv6.
but the term "certification" is used rather loosly there, IMO :P
so, you got your delegation all strightened out?
wallshot: aah host summary i'm guessing
set host and ip address
well
this morning i logged in, and i could resolve one of my ipv6's from my office
an hour later, i couldn't
jpalmer: not knowing who your registrar is.. I would say that *sounds* like it's the right ballpark, yes.
wallshot: but the guy had just made the change this morning from ip to hostname
jpalmer: whats your IPv6 addy again, I'll check
wallshot: so maybe crap's bouncing around funny
2607:f2f8:a460::2
dig with +trace was working today while normal resolution was giving "no servers could be reached"
but i haven't added my glue yet :)
i really have no idea if slow propagation, or arp's most recent changes or something else is mucking with me. but that's my fault for changing my mind and requesting ip's then hostnames and crap
actually, the dig with +trace seems to be timing out now, at what should probably be my own NS
jpalmer: I made the same mistake. don't fret it.
wallshot: arp has now delegated it to ns1.6-for.me
which is resolving for me to ::5
and which i can get nslookup resolutions out of
so i'm not sure why dig seems to timeout
tooth: only on +trace?
wallshot: on everything
as simple as this does too: host 2607:f2f8:a460::2
but the +trace makes it look like it's fine right up until it should be at my ns
tooth: if by chance, you're using djbdns, it doesn't respond well to +trace (took a while of searching to find that one)
wallshot: using bind that comes with 8.1
tooth: apparently mr djb thinks it
s some security thing or you shouldnt be doing that, so it's ignored
wallshot: nice
tooth: or some such
wallshot: yeh it seems to get right up to where it's supposed to ask my own nameserver for info and just times out
http://pastebin.ca/1949820
but then something like this works fine: host 2607:f2f8:a460::2 ns1.6-for.me
bloody weird
gonna run across street and grab some food
bbiab
jpalmer: wallshot: the +trace was working yesterday, but you didn't have delegation. I think there is a misconfiguration somewhere.
(and if the above is true about djbdns blocking +trace, he's more paranoid than I remember from my qmail days.
tooth: https://forum.bytemark.co.uk/comments.php?DiscussionID=1247
THERE it is.
(that was for my own edification as much as anyone else in here, as it's topical for the moment)
jpalmer: *nod*
interesting. so you can't use your own NS for troubleshooting. you have to use an outside NS. heh
I ran sendmail for years. then one day I tried qmail. and I was like "damn, this is great" and ran qmail for a few years. then I moved on, and realize how.. not-great it really was. I'm going to venture a guess and say.. djbdns is probably along the same lines.
tooth: it's slightly easier
since it's less invovled.
you just kinda set up dns and leave it alone (generally)
and it's tiny.
jpalmer: easier, at what cost though. thats my point. qmail was easier.. at (what I see now as) a fairly significant cost.
RandalSchwartz: I can't imagine anything being much easier than postfix now
especially if you have anything complex
wallshot: <3 postfix
it's what i setup for my ipv6 tests
tooth: yeah. also <3 postfix
the advanttages of qmail/djbdns aren't really valid as much anymore. They excell at tiny footprints and crazyparanoia implementations
-: RandalSchwartz wanders off for lunch
jpalmer: of course, to be fair.. back then.. a lot of the "at what cost" with qmail was in it's restrictive license. everytime I wanted to add some basic functionality, I had to patch and recompile. now with him having loosened it, a lot of things may be different. I'm happy enough with postfix, that I don't intend to find out ;)
tooth: i mean, djbdns was not affected by that dns thing the other year
mike-burns: DJB's software has the other cost where you have to install his rewrite of unix in order to use his stuff.
wallshot: wow it's changed?
tooth: yeah. that too. :-[12:43] <wallshot> i went to postfix years ago from qmail for my toaster needs -because- of all the bullshit patching required
wallshot: can't easily portupgrade crap when you have to manually patch crap left and right
tooth: also, something a little more contemporary than 1998?
wallshot: postfix always compiled in the support i needed with the port build
tooth: or whenver the last release of qmail is
wallshot: no hax necessary
jpalmer: yeah, without getting into the whole "$foo > djbware" thing.. I got burnt out on catering to djbware several years ago. no desire to revisit that period.
wallshot: i fewlt it was too much like teh linuxy hack-it method for upgrades
didn't wanna manually waste time on crap doing version bumps
toddf: are there TLD's today that permit IPv6 glue for ns records beyond .com and .net ?
jpalmer: toddf: according to he.net's widget, 242 of 294 TLD's allow IPv6 glue
toddf: jpalmer: oh wow, nice
jpalmer: mind you, thats the only place I looked and didn't verify. but, I'd tend to believe HE when it comes to IPv6 matters ;)
toddf: I've not interrogated godaddy.com lately
I was all setup to do .com .net and .org ns's for my company for redundancy and turns out I had to redo my zone files when I found out .org didn't work at the time
jpalmer: redundancy meaning, at the TLD level?
s/TLD/TLD NS/
***: Ehtyar has joined #arpnetworks
shansa: people use zfs here?
nesta: only noobs like RandalSchwartz
jokin :P
shansa: I'd like to try it for the sake of it, but not sure wether it's worth it.
and it seems like it's fairly ram consuming
and ufs works
.. but i'm bored, so... :-p
nesta: I say
do not
learn something else :)
wallshot: i love this ipv6 test
"in linux, what kernel module must be loaded in order to use ipv6 networking"
and i thought "in 2010, they need to load a module to enable ipv6? wow."
cuz i could swear it's been available forever and probably ought to be in most generics
tooth: well, itsthereby default i think
wallshot: oh. so then it's sorta a lame question
tooth: it's there by*
i think.
wallshot: yeah i would imagine it should be compiled in by default on most distros now
shansa: wallshot: it is. often as a module, sometimes not. Makes no difference. Linux loads modules automatically anyway.
jpalmer: well, it's not really a lame question, in the sense that if you want to disable ipv6, you'd also *unload* that module.
wallshot: there's nothing in the test about "what is included in GENERIC in freebsd but which you may want to disable to kill ipv6?"
it seems a rather obscure question and not nearly as relevant as "what is NOT in generic that you must load to use ipv6"
tho i suppose it is still knowledge, that, in the right situation, could prove useful
oooh misinformation from wikipedia
no surprise
tooth: correct it and cite? ;-)
wallshot: that would be responsible!
tooth: oh, you're right.
forgtive me
wallshot: have i mentioned how much i'm enjoying arpnetworks
i like the fbsd support, i like the prices, and i love the ipv6
mhoran: Loves it.
tooth: also the same reasons i signed up
jpalmer: I personally like the FreeBSD side. but, I'm currently running CentOS in it, evaluating for a client.
toddf: you can always use OpenBSD where you don't have to ask such silly questions as 'what to kill/load/disable/etc' and it just works. ;-)
shansa: arp is sweet indeed
nesta: OpenBSD is horrific
j/k
:P
RandalSchwartz: openbsd got me through some tough years. :)
and theo's paranoia helped me sleep at night
nesta: your sleep seems dependent on servers
hehe
:S
RandalSchwartz: on servers not being cracked while I was asleep, yes.
***: shansa has quit IRC (Quit: leaving)
nesta: cracked!
***: schmir has joined #arpnetworks
wallshot: dang trick questions
the ansewr isn't yes or no! it's "almost never"
***: mike-burns has quit IRC (*.net *.split)
toddf has quit IRC (*.net *.split)
schmir has quit IRC (Remote host closed the connection)
mike-burns has joined #arpnetworks
toddf has joined #arpnetworks
hubbard.freenode.net sets mode: +oo mike-burns toddf
schmir has joined #arpnetworks
wallshot: if you setup glue, is it wise to have redundant AAAA record for the ns in your domain's zone file, or just risking conflict?
***: sbp_ has joined #arpnetworks
sbp_ has quit IRC (Client Quit)
schmir has quit IRC (Remote host closed the connection)
jpalmer: what do you mean by redundant AAAA record?
wallshot: let's see... 5 daily tests * 1point each ... about 119 days to get the 595 points i'd need to hit 1500
i mean if the TLD has a AAAA record for my ns host
jpalmer: WRONG!
wallshot: you should still have the IN NS listed in your zonefile.
wallshot: right, as a IN NS
but not a IN AAAA ?
jpalmer: well, the IN NS is going to be a named server ns1.foo.com
wallshot: ns IN AAAA my-ns-ipv6-addr ... is redundant with the glue right?
so shouldn't be necessary
jpalmer: then, you'd create an A and AAAA record for the ns1
example: @ IN NS ns1.foo.com.
ns1 A 1.2.3.4
ns1 AAAA 2001::foo.blah
wallshot: so even though the glue was setup for TLD to point ns1.foo.com to 1.2.3.4, i should add A records in foo.com zonefile for it anyway
jpalmer: you always want everything referenced completely in your zonefile.
wallshot: this is probably good because it's what i'd done. was afraid i'd make some conflict
o excellent
jpalmer: btw: did you setup glue yet? did you test it with dig?
wallshot: i added a host
i think it's glued
but it said could take up to 48 hours for host changes
jpalmer: what is your domain name?
wallshot: and am not sure how to dig for the glue
6-for.me
it's not pointing at my glue yet
it's still using he.net nameservers, since the glue hadn't set yet...
but the nameserver resolves so perhaps i should just switch it now
oooh i totally jacked up the NS entries
didn't change my zone to match when i put he.net nameservers in there
i really am setting this domain up the slow way
jpalmer: I don't see glue records
dig NS 6-for.me @ns.nic.me
brb. 15 mins
wallshot: i suspect because i didn't stick my domain to the glue?
jdoe: er
you want glue records in your zone file
but glue records for the domain need to be set by your registrar.
wallshot: i created NS Host ns1.6-for.me -> 2607:f2f8:a460::5. but hadn't actually pointed my NS to ns1.6-for.me yet
jdoe: er
sorry, glue records at the tld's nameservers need to be set by your registrar.
wallshot: yeah, then make them match with AAAA records in my zonefile
and point my NS records at them :)
-: wallshot gets to updating
wallshot: i think i see how i typo broke my ipv4 A records
which mighta jacked up digs over ipv4 for ipv6 resolution
pointing ns1.foo.com at an ipv4 that named isn't listening to == good way to break stuff
guess i can bind to that ip until fix propagates
totally explains why it seemed to work when i got in this morning and how i had somehow broken it in minutes
fail on transcribe records from godaddy's dns to he.net's dns
***: shansa has joined #arpnetworks
wallshot: win, win, win, discovering ugly typo fixes everything!
jdoe: go team :P
jpalmer: back
wallshot: wb! as u can see from scrolling up, i found a typo that was killing my reverse resolution
specifically, if named is bound on .114 and .116, don't type .115 into the A record for ns1.foo.com in the zone file
i already had it as .116 on godaddy so i musta brainfarted or fingerfarted typing out the addresses on he.net
jpalmer: yeh, I mentioned earlier that I thought something else was wrong. good catch
so, I've been trying to get my HE.net tunnel to work correctly on dd-wrt. I get the tunnel up. radvd seems to advertise the space (clients get IPv6 IP's) but I can't ping6 anything beyond the client address of my router.
wallshot: possible that protocol41 isn't fully implemented across the router?
i failed miserably to get he.net tunnel working over my home router
i tried it on my arpnetworks vps, and it worked right away with the example configuration commands he.net provides for "Freebsd >= 4.4"
so i figured either my router's natting, or firewalling, or something, is jacking up he.net's tunneling. though weather it's a protocol41 incompatibility or something else i have no clue
jpalmer: well, I'd buy that *if* so many other people wren't having success, OR.. if the tunnel couldn't be brought up directly on my laptop ;)
wallshot: so i'm still using freenet6 for my laptop's ipv6 from the home network
i'd suspect i overlooked something (since i found no reported problems with using it over nat, except for old routers that don't do protocol41)
cept that it worked right off the bat on my non-nat vps
tho now i do suspect my router
oooh reverse is working gloriously!
jpalmer: nice, grats.
RandalSchwartz: I don't think he.net tunnels use 41
I think it's straight ipv4
it'd have to be, because I can bring up my he.net laptop tunnel pretty much anywhere that I can see the net
wallshot: orly. everything i could find suggested protocol41 would be major cause of failure, but that mighta been random comments about tunneling in general
RandalSchwartz: 41 is where you're using a "nearby" 6-to-4 gateway
and the routers have to cooperate
he.net is strictly "6 in 4"
so all your packets go inside a normal ipv4 tunnel
nobody between here and there is the wiser
usable just about everywhere
but less flexible, because the endpoint is fixed
wallshot: oooh i musta read some misinformation about tunnels failing due to protocol41 not being passed by routers
jpalmer: ok, now I goofed up something :P I can't even ping6 the router. heh
RandalSchwartz: as in, all my traffic goes to LA regardless of where it will eventually end up
wallshot: doh!
RandalSchwartz: whereas with proto41, it floods outward until it finds a willing 6-to-4 gateway
wallshot: oh god
that sounds ... messy
RandalSchwartz: no - it's just a normal set of routes
.. http://en.wikipedia.org/wiki/6in4
oops - not that... http://en.wikipedia.org/wiki/6to4
wallshot: yeah so close but nto quite
RandalSchwartz: the trick is that the gateways anycast 192.88.99.1
and the routers pick up whomever's closest
so your nearest router knows the route to the closest 192.88.99.1 ipv4
and then it turns into v6 for the rest of the way
I've been using miredo instead of that
provided I'm not deeply NATed, miredo works fine for casual v6 connectivity
although it's a different v6 each time
often, my miredo trafffic ends up on a nearby he.net gateway. :)
kinda cute
OSX snow leopard comes with miredo already installed too
just need to enable the launchd item
wallshot: dig NS 6-for.me @ns.nic.me <--- is that glue I see, the AAAA records?
RandalSchwartz: Yeah... "additional section"
almost always means "glue"
wallshot: that's excellent
jpalmer: yes. BUT.. one problem.
RandalSchwartz: so presuming ns.nic.me is v6 reachable, you should be good
jpalmer: yu *only* have AAAA glue. you probably want to also have A glue.
RandalSchwartz: oh yeah - you need A glue
wallshot: oooh. that -is- a good idea!
should not neglect ipv4
jpalmer: well, if you want to be reachable via ipv6 only, you're fine now :P
RandalSchwartz: one more round of support requests. :)
jpalmer: RandalSchwartz: ns.nic.me is a TLD for .me
RandalSchwartz: sure - but it might not support v6
some of the TLDs don't
although most of them are coming around
ns.nic.me has no AAAA record
as I'm saying :)
jpalmer: oh, I see what you're saying. I thuoght you figured ns.nic.me was one of his NS's. chances are good though, if that wasn't ipv6, one of the other ones would be.
yekoms: do you all know of the new local root exploit?
wallshot: c0.cctld.afilias-nst.info. has ipv6
and is on the IN NS for .me list
RandalSchwartz: is there a quick query like "dig ns me" that additionally dumps their A or AAAA?
wallshot: and b0.cctld.afilias-nst.org. and b2.me.afilias-nst.org. and ...
RandalSchwartz: oh - yeah, of course afilias is on the ball
one of the biggest users of postgresql in the world :)
I was setting up to do some consulting there for a bit
postgresql and perl
wallshot: dig NS me. <-- worked for me
RandalSchwartz: root exploit for which OS
wallshot: shows 3 AAAA's and 5 A's
RandalSchwartz: wallshot - that didn't show me the A or AAAA records
probably because you have them cached already or something
wallshot: http://pastebin.ca/1950053
doubt i had all of them cached
some, probably
RandalSchwartz: well - when I do that, I get 0 additional
yekoms: freebsd
RandalSchwartz: just the 8 NS records
yekoms: it works well on any 7.* and 8.*
wallshot: maybe my nameserver is being friendlier
yekoms: should h4x any freebsd 8.* and 7.* prior to 12Jul2010
RandalSchwartz: bzip2/bunzup2 ... /me sighs
yekoms: it works on a few of my servers..
wallshot: i assume you mean the mbuf advisory
yekoms: cept not my vps from here..
wallshot: http://security.freebsd.org/advisories/FreeBSD-SA-10:07.mbuf.asc
yekoms: i guess.
RandalSchwartz: darn it - I gottta get around to upgrading my 3 older boxes to 8.1 too
wallshot: went out july 13
jpalmer: when you said "new exploit" I thught you meant something newer than 6 weeks ago :P
RandalSchwartz: no - the bunzip was just a few days ago
... http://security.FreeBSD.org/advisories/FreeBSD-SA-10:08.bzip2.asc
wallshot: randalschwartz: if i dig NS me. @4.2.2.2, then i don't get extra
try it @208.79.88.7
RandalSchwartz: Ahh, I'm using comcast's nameservers. no wonder
wallshot: (that latter one is arpnet's that my vps defaults to use)
yekoms: well i just foind it..
RandalSchwartz: uh - 208.79.88.7 won't talk to me
jpalmer: damn, I dunno what I goofed up, but I still can't ping6 my router.
RandalSchwartz: no recursion
so I bet it's still cached somewhere for you
wallshot: maybe it only talks to me from my vps
was running the dig on there
RandalSchwartz: ahh!
@74.82.42.42
wallshot: 4.2.2.2 was what i used for +trace info to actually show up (my home router 192.168.1.1 wouldn't even do that much) but if 4.2.2.2 isn't dishing out the AAAA/A records, i'm not sure what other nameservers would have that option enabled
RandalSchwartz: that's he.net's open recursive server
wallshot: excellent!
RandalSchwartz: and it shows ipv6 for www.google.com
normally you don't get that
or at least, it did at one point. :)
wallshot: yeah i don't seem to be getting that
ipv6.google.com is the only way i know of to force google over ipv6
RandalSchwartz: so ns.nic.me and ns2.nic.me are v4 only
wallshot: yeah they're lagging back in the 90's
shansa: google enables ipv6 for a few networks it deems reliable enough
RandalSchwartz: ahh - if you ask for aaaa explicitly, it works
... www.l.google.com.168INAAAA2001:4860:8010::67
ugh
tabs :)
wallshot: my dns don't wanna give it to me even if i dig -t aaaa
jpalmer: oh, figured out the issue. I logged into the vps.. and can't ping the client side of my tunnel there either. appears the tunnel went down.
wallshot: good reason for it to not be available
-: wallshot validates address and selects tshirt size
***: shansa has quit IRC (Quit: leaving)
jpalmer: wallshot: whats your score? 1000?
wallshot: not even
i hit sage with a score of like 500
then i found all the extra tests
so i took them
then i did 1 each of the daily tasks
and am at 905 now
jpalmer: hmm. you're missing something then
wallshot: and i feel something's missing
cuz 5 daily tasks * 99 is 495 or so more points from those
that's 1400 points. 100 is missing :/
http://ipv6.he.net/certification/scoresheet.php?pass_name=jprather
RandalSchwartz: I stopped at 1024
wallshot: haha nice
RandalSchwartz: just because the rest is just busy works
wallshot: yeah the 1 a day thing
RandalSchwartz: I could script it, but who cares
wallshot: u do it for 2 days and u got the hang of it
RandalSchwartz: I did it for 5
then realized it's just a pain to keep finding new v6 domains
that also have to be on different subnets
-: wallshot compares 1500 score to his to see what's missing
wallshot: i'm missing nothing from this 1500 score
is it possible he.net math is jacked?
-: wallshot adds up this 1500's points
jpalmer: your score is 1005 right now.
wallshot: my page not refreshed?
that explains the missing 100 points!
jpalmer: RandalSchwartz: http://sixy.ch
wallshot: i'm all about missing what's right in front of my face today
RandalSchwartz: oh wonderful. updating ports today upgrades emac :)
emacs
wallshot: see i just don't install emacs, so i never have to update it
RandalSchwartz: that'll be a while :)
hey - go see my interview about emacs org-mode
wallshot: sometimes i feel i'm missing out, but mostly, i'm happy with it
RandalSchwartz: people are switching to emacs *just* for org-mode
wallshot: all editors need orgy mode
RandalSchwartz: twit.tv/floss136
wallshot: interesting
RandalSchwartz: or here's carsten at a google tech talk - http://www.youtube.com/watch?v=oJTwQvgfgMM
jpalmer: RandalSchwartz: I scripted it, I'll let crontab take me to 1500 :P
more correctly.. someone else scripted it. I just copied, pasted, and crontabbed.
wallshot: is that guy wearing his sunglasses indoors?
jpalmer: only two people wear sunglasses indoors. blind people and assholes.
wallshot: maybe they're corrective lenses that are just dark
haha
oh
wow i'm insensitive
as i see a kid lead him back to his seat
and realize he may actually be blind
google == lies!
"The only truly portable format, read and edit anywhere"
jpalmer: wallshot: one of the guys I work with was speacking at cluecon a year or two ago.. (thats actually his quote) he was drinking one night after his talk.. there was a guy in the bar with sunglasses on..
wallshot: rtf is damn close!
tho console won't show rtf nicely, i confess
it's a pretty accurate quote
jpalmer: he waled up to the guy, took his arm, and asid "I'll help you to your chair" the gey goes "get off me!" kris said "the only people that wear glasses indoors are blind people and assholes. I guess we know which one we;re dealing with here"
wallshot: hahahaha
jpalmer: holy crap, can't type on this MBP keyboard.
wallshot: that's great
i'm heading out for the night
thanks for all the tips!
jpalmer: night man
wallshot: and good luck with routing that he.net tunnel, jpalmer!
guessing less hassle once tunnel isn't down :)
jpalmer: I'm not sure why it's actually down yet. but I'm beat. I may let it go until tomorrow.
wallshot: that always helps. then u find a ipv4 typo somewhere and facepalm like i did today
cya guys!
***: wallshot has quit IRC (Quit: Leaving.)
yekoms has quit IRC (Ping timeout: 245 seconds)
awyeah has joined #arpnetworks
awyeah: RandalSchwartz - heh. emacs.
***: smokey_ has joined #arpnetworks
smokey_ has quit IRC (Quit: Leaving)