[01:16] *** awyeah_ has joined #arpnetworks [01:17] *** RandalSchwartz has quit IRC (Ping timeout: 248 seconds) [01:17] *** awyeah has quit IRC (Read error: Connection reset by peer) [01:29] Anybody have suggestions for how to get around a corporate firewall that will not let me SSH on 80 or 443? I tried running hts/htc on the same ports and that won't work either :( [01:59] raptelan: http://www.jedi.be/blog/2008/11/07/a-few-cases-of-tunnel-piercings-for-firewalls-for-ssh-access/ [02:17] DaCa: I've tried htc/hts already though...and even that is not working. [02:17] I know that i'm trying correctly, because using htc when not on their network works. [02:23] *** LT has joined #arpnetworks [02:31] raptelan: I don't have any more suggestions [02:32] * raptelan will try it all again when he's there again, thanks [02:36] *** Zuul has joined #arpnetworks [02:38] *** Zuul_ has quit IRC (Ping timeout: 240 seconds) [03:27] *** ivan-kanis has joined #arpnetworks [04:32] *** ivan-kanis has quit IRC (Remote host closed the connection) [05:42] raptelan: food for thought: if the corporate firewall is configured to block SSH, then SSH is probably against the company policy. Which begs the question: Is it really worth risking your job? [05:43] It raises the question. "Begging the question" means to have a circular argument. [05:43] ... and that's your pedanticism for the day. [05:47] in my experience, after having this conversation a thousand times, the whole "the company doesn't allow it but I'll do it anyway" conversation IS a circular argument. [05:47] Heh. [05:47] the user never seems to get the fact that it's not their network, and they aren't *entitled* to do whatever they want. and since they never really "get it" they keep up with circular logic to justify it. [05:48] of course, that same false sense of entitlement is prolific in our society, and is the root cause of a LOT of fights and arguments. [06:03] *** RandalSchwartz has joined #arpnetworks [06:03] *** RandalSchwartz has quit IRC (Changing host) [06:03] *** RandalSchwartz has joined #arpnetworks [07:08] jpalmer: I didn't sign any such policy, and if they want to fire me for it (I seriously doubt that would happen even if they knew what I was doing), there's plenty of other jobs in my field. :) [07:11] jpalmer: my network port was automatically shut down when I ran virtual machines as well, but they added an exception because it's to protect against something nasty going on - developers are allowed to do crap like that ;) [07:13] *** ivan-kanis has joined #arpnetworks [07:15] oh, and it's easier to ask for forgiveness than permission ;) [07:22] unless it involves felony charges. :) [07:22] * RandalSchwartz has history with taking that phrase a bit far [07:24] Hah. [07:35] anyone else seeing maybe 1-2% packet loss both into ARP and outbound to their ARP gateway (IPv4)? [07:43] *** rgouveia has quit IRC (Ping timeout: 264 seconds) [07:45] argh. must be my connection again [07:46] you are not allowed to complain until you reach the 75% packet loss mark. [07:47] * jpalmer ducks [07:47] lol [07:48] I lose 75% of my packets, but just not all in a row. :) [07:48] I actually showed about 20% after web pages took forever to load [07:48] :P [07:50] *** rgouveia has joined #arpnetworks [07:50] *** rgouveia has quit IRC (Changing host) [07:50] *** rgouveia has joined #arpnetworks [07:58] *** amdprophet has joined #arpnetworks [08:00] raptelan: You could install a web based SSH client on a server. There are a few open source ones. [08:13] *** shmget has quit IRC (Read error: Operation timed out) [08:14] *** rgouveia has quit IRC (Ping timeout: 276 seconds) [08:18] how do you find out about packet loss ? [08:19] ping! [08:19] DDevine: I thought the problem with that was that they were basically java apps that still needed the ability to ssh from the client computer to the server... [08:19] DDevine: I haven't looked into the possibility much, though. [08:22] *** rgouveia has joined #arpnetworks [08:25] *** rgouveia has quit IRC (Client Quit) [08:27] there might be some AJAX ones available [08:28] *** shmget has joined #arpnetworks [08:28] *** rgouveia has joined #arpnetworks [08:28] *** rgouveia has quit IRC (Changing host) [08:28] *** rgouveia has joined #arpnetworks [08:28] raptelan: you could also ask IT to make an exception in the policy, since you're a developer nd all [08:29] jpalmer: but then I might get told "no" - then I'd no longer be comfortable working around it ;) [08:29] I wouldn't be comfortable in the first place. [08:30] * raptelan shrugs - I don't have a problem doing things without explicit permission as long as I know that I am not doing anything nefarious, which I don't. [08:30] anyone else experiencing connectivity issues? like my connection here seems to go down and I cannot access my vps from .pt [08:32] rgouveia: I'm IRC'ing from my VPS...haven't seen any issues. [08:32] me too [08:32] then again, .pt is a long ways from LA [08:32] could be any number of things [08:32] where does the traceroute start to go whacky? [08:33] Hi RandalSchwartz, seems 67.199.135.102 [08:33] ahh. packetexchange [08:33] that's outside anything Garry can help with [08:33] I don't have any output after that although I am now connected [08:34] last time I had a connectivity issue it was packetexchange IIRC [08:34] raptelan: you're in the US too? [08:35] yeah - I come in via net2ez.com [08:35] 2.018 ms ping time [08:35] from my desk [08:35] and that's 9 hops [08:36] RandalSchwartz: I wish :-) [08:37] rgouveia: yes, I'm in New York right now. [08:37] raptelan: ok, so I'm the only one far away then [08:54] rgouveia: yeah, I'm close - only about 2500 miles ;) [08:54] rgouveia: but yes, you're farther. [08:55] and more water too :-) [09:09] *** luceroz has joined #arpnetworks [09:34] *** luceroz has quit IRC (Remote host closed the connection) [09:38] *** HighJinx has quit IRC (Quit: Leaving) [09:51] *** LT has quit IRC (Quit: Leaving) [09:53] *** ivan-kanis has quit IRC (Remote host closed the connection) [09:59] raptelan: get traceroutes, and send an email to support@ Garry can file a ticket with packetexchange, and have them look into it. [10:01] jpalmer: my traceroutes are fine, I think you meant that for rgouveia? [10:04] indeed, sorry [10:04] jpalmer: hi, thanks I'll do that :-) [10:18] *** cubelogic has joined #arpnetworks [10:32] which is worse: not having a reverse DNS entry for an address, or having an rDNS entry that does not itself resolve? [10:33] when you say 'having an rDNS entry that does not itself resolve' do you mean that the forward and reverse wouldn't match? [10:34] dig NAME returns NXDOMAIN for that address type [10:35] ssh gets picky about some of that [10:36] yeah, ssh is normally the most annoying with rnds [10:36] *rdns [10:36] good point [10:36] lots of things get picky about that. inredibly so if it's a mailserver. [10:36] yeah [10:36] in conclusion: have valid rdns ;) [10:36] google can deal with mail ;) [10:37] although i am very disappointed that google can't deliver mail to v6 MX [10:37] yeah, i've recently been getting angry about that [10:37] hope they have it ready in time for ipv6 day! [10:37] i suspect things will start to change after ipv6 day [10:38] i work for an isp; we've only just v6'd our core network [10:38] however it was *much* easier than we expected [10:38] xlhost delayed me on v6 address allocation for 2 months [10:38] now i have v6 everywhere :D [10:38] they finally did do it though [10:38] bob^^: me too! [10:38] :D [10:39] have you tried disabling your v4 stack? [10:39] bob^^: did you guys get your own v6 allocation, or are you getting it from your provider? [10:39] jpalmer: own alloc from RIPE [10:39] i ran one of my arpnetworks instances without v4 for a good while [10:39] it's amazing how few web sites are v6 ready :( [10:39] yeah [10:40] a vps with no v4 i going to be essentially useless :P [10:40] i have an apple airport dishing a hurricane electric tunnel to my home LAN as well. pretty idiot-proof [10:40] i'm just desperate to go all v6 now [10:40] nice :) [10:40] jpalmer: how's that? [10:40] i noticed those options on my airport too, very smart [10:40] i have a netscreen at home though so it's tunneling to HE too :) [10:40] bob^^: i was floored by how well it works [10:40] I did it as a test a while back, to see if FreeBSD and CentOS could get full updates, patches, ports and other administrative necessities.. and suprisingly, both worked well. [10:41] ubuntu updates over v6 fine too [10:41] it seems the more technical parts of the web are very much v6 ready [10:41] just the big sites that are trailing their heels [10:41] openbsd mirror at isc.org is v6 AND close to arpnetworks ;) [10:41] even the BBC over here don't have *any* v6 presence yet, which is pretty annoying :( [10:41] did you hear about microsoft buying nortel's v4 allocations? [10:42] yeah, i don't like that [10:42] that is nuts [10:42] i didn't think it was allowed tbh [10:42] i know over here with RIPE that's pretty much totally against the rules [10:42] right [10:42] getting IPs here is a nightmare anyway [10:42] i wonder if they pre-cleared it with them or something [10:42] we recently got a /16 [10:42] it was *not* easy to get [10:42] (a v4 /16) [10:43] wow. [10:43] as an ISP, did RIPE give you a /32 or a /48 [10:43] a /32 [10:43] cool [10:43] yeah :) [10:44] i was under the impression that that was nearly impossible outside the US nowadays [10:44] i still can't quite believe how big it is [10:44] you can ennumerate all the visible stars in the sky then :) [10:44] yeah, amazing unmber of addresses :) [10:44] I have 5 or 6 /48's already [10:44] it still feels quite wasteful though [10:44] pushing a /64 down to our office network for example [10:44] consider, a /32 is like *one* address from v4 [10:45] well back in the 90's when every community college was getting a v4 /16 i'm sure nob0ody thought about running out... [10:45] you use a /64 for each segment [10:45] yup [10:45] the autoconfig stuff is pretty smart i must say [10:45] i'm really liking some of the stuff about v6 [10:45] agreed. [10:45] yet to investigate the encryption stuff but that sounds handy [10:45] as i suspect we could start to do away with VPNs [10:46] * bob^^ needs to do a lot of reading up [10:46] *** HighJinx has joined #arpnetworks [10:46] me too [10:46] at least i get 10/10 on v6 and v4 tests from test-ipv6.com now anyway ;) [10:46] the stuff at ipv6.he.net is quite helpful [10:46] yeah [10:47] yeah, HE are fantastic [10:47] we actually use them as a primary transit provider here too [10:47] great network [10:47] (and exceptionally cheap for transit) [10:47] mind you we're getting bulk rates for buying 10gbit/s from them ;) [10:48] I got my T-shirt! Did you? [10:48] I got mine! actually, last month. [10:48] i need to finish off the tests on there :) [10:49] it wanted me to v6 enable my mailserver which is not particularly easy given i use google apps for my email :/ [10:49] going to create a test zone inside my domain and throw up exim over the weekend on v6 :) [10:49] bob^^: i was running a v6 MTA for about 10 minutes just for that test ;) [10:50] hehe, that's exactly what i intend to do :) [11:14] me too [11:14] actually - it was the webserver that I just tunnelled [11:14] using socat :) [11:14] I made it so port 80 on v6 resent to port 80 on v4 [11:17] bob^^: you can setup exim, and just set a temporary AAAA record for the test. set your DNS TTL's to like 60 seconds. do the test and remove the AAAA. the chances of you getting any mail other than the test delivered over it, almost non-existant. [11:18] the ipv4 mail will look up the A records for your MX. the test mail will lookup the AAAA records, which would be pointed to your exim install. no need for a subdomain ot whatever. [11:19] cheaters ;) [11:20] it's not cheating. you are legitimately accepting the mail over IPv6, which is the purpose of the test, to prove your knowledge. it doesn't say you have to KEEP accepting it. [11:21] cheating (to me, anyway) would be doing something like.. claiming you were the he.net domain, or arpnetworks.com domain, where all of this is already setup. and then just breezing through the tests without doing anything to demonstrate actual knowledge. [11:29] oooh - I never thought of that :) [11:29] except that you have to add something to a web page, I think [11:30] yeah, I think so. I was just using that as an example of what I'd consider cheating ;) [11:35] *** greenskeleton has quit IRC (Quit: WeeChat 0.3.4) [11:36] *** greenskeleton has joined #arpnetworks [11:43] *** mattx86 has quit IRC (Quit: bbl) [12:43] *** wallshot has joined #arpnetworks [13:58] *** zxvf has joined #arpnetworks [13:58] hi [13:58] is something broken? [14:00] *** zxvf has quit IRC (Client Quit) [14:01] LOL [14:01] he waited the allocated 75 seconds for a response and decided it must just be on his end i guess [14:05] haha [14:33] *** KyrosKoh has quit IRC (Ping timeout: 250 seconds) [14:37] *** KyrosKoh has joined #arpnetworks [14:53] pew pew. [15:26] bob^^: what's your v6 allocation? just curious from which prefix RIPE allocates [15:28] MS bought nortel's v4 allocations? wtf [16:11] *** wallshot has quit IRC (Remote host closed the connection) [16:53] *** phreak has joined #arpnetworks [16:55] *** |dream has quit IRC (Read error: Operation timed out) [17:05] *** phreak has quit IRC (Quit: quit) [17:05] *** |dream has joined #arpnetworks [18:43] *** cubelogic has quit IRC (Ping timeout: 276 seconds) [18:52] *** HighJinx has quit IRC (Ping timeout: 252 seconds) [18:57] *** Zuul has quit IRC (Ping timeout: 252 seconds) [18:59] *** Zuul has joined #arpnetworks [19:37] *** heavysixer has quit IRC (Quit: heavysixer) [20:18] *** HighJinx has joined #arpnetworks [20:37] *** heavysixer has joined #arpnetworks [20:37] *** ChanServ sets mode: +o heavysixer [20:45] *** heavysixer has quit IRC (Quit: BAMPF!)