***: RandalSchwartz has quit IRC (Ping timeout: 248 seconds)
awyeah has quit IRC (Read error: Connection reset by peer) raptelan: Anybody have suggestions for how to get around a corporate firewall that will not let me SSH on 80 or 443? I tried running hts/htc on the same ports and that won't work either :( DaCa: raptelan: http://www.jedi.be/blog/2008/11/07/a-few-cases-of-tunnel-piercings-for-firewalls-for-ssh-access/ raptelan: DaCa: I've tried htc/hts already though...and even that is not working.
I know that i'm trying correctly, because using htc when not on their network works. ***: LT has joined #arpnetworks DaCa: raptelan: I don't have any more suggestions -: raptelan will try it all again when he's there again, thanks ***: Zuul has joined #arpnetworks
Zuul_ has quit IRC (Ping timeout: 240 seconds)
ivan-kanis has joined #arpnetworks
ivan-kanis has quit IRC (Remote host closed the connection) jpalmer: raptelan: food for thought: if the corporate firewall is configured to block SSH, then SSH is probably against the company policy. Which begs the question: Is it really worth risking your job? mike-burns: It raises the question. "Begging the question" means to have a circular argument.
... and that's your pedanticism for the day. jpalmer: in my experience, after having this conversation a thousand times, the whole "the company doesn't allow it but I'll do it anyway" conversation IS a circular argument. mike-burns: Heh. jpalmer: the user never seems to get the fact that it's not their network, and they aren't *entitled* to do whatever they want. and since they never really "get it" they keep up with circular logic to justify it.
of course, that same false sense of entitlement is prolific in our society, and is the root cause of a LOT of fights and arguments. ***: RandalSchwartz has joined #arpnetworks
RandalSchwartz has quit IRC (Changing host)
RandalSchwartz has joined #arpnetworks raptelan: jpalmer: I didn't sign any such policy, and if they want to fire me for it (I seriously doubt that would happen even if they knew what I was doing), there's plenty of other jobs in my field. :)
jpalmer: my network port was automatically shut down when I ran virtual machines as well, but they added an exception because it's to protect against something nasty going on - developers are allowed to do crap like that ;) ***: ivan-kanis has joined #arpnetworks raptelan: oh, and it's easier to ask for forgiveness than permission ;) RandalSchwartz: unless it involves felony charges. :) -: RandalSchwartz has history with taking that phrase a bit far mike-burns: Hah. mattx86: anyone else seeing maybe 1-2% packet loss both into ARP and outbound to their ARP gateway (IPv4)? ***: rgouveia has quit IRC (Ping timeout: 264 seconds) mattx86: argh. must be my connection again jpalmer: you are not allowed to complain until you reach the 75% packet loss mark. -: jpalmer ducks mattx86: lol RandalSchwartz: I lose 75% of my packets, but just not all in a row. :) mattx86: I actually showed about 20% after web pages took forever to load
:P ***: rgouveia has joined #arpnetworks
rgouveia has quit IRC (Changing host)
rgouveia has joined #arpnetworks
amdprophet has joined #arpnetworks DDevine: raptelan: You could install a web based SSH client on a server. There are a few open source ones. ***: shmget has quit IRC (Read error: Operation timed out)
rgouveia has quit IRC (Ping timeout: 276 seconds) ivan-kanis: how do you find out about packet loss ? RandalSchwartz: ping! raptelan: DDevine: I thought the problem with that was that they were basically java apps that still needed the ability to ssh from the client computer to the server...
DDevine: I haven't looked into the possibility much, though. ***: rgouveia has joined #arpnetworks
rgouveia has quit IRC (Client Quit) mattx86: there might be some AJAX ones available ***: shmget has joined #arpnetworks
rgouveia has joined #arpnetworks
rgouveia has quit IRC (Changing host)
rgouveia has joined #arpnetworks jpalmer: raptelan: you could also ask IT to make an exception in the policy, since you're a developer nd all raptelan: jpalmer: but then I might get told "no" - then I'd no longer be comfortable working around it ;) jpalmer: I wouldn't be comfortable in the first place. -: raptelan shrugs - I don't have a problem doing things without explicit permission as long as I know that I am not doing anything nefarious, which I don't. rgouveia: anyone else experiencing connectivity issues? like my connection here seems to go down and I cannot access my vps from .pt raptelan: rgouveia: I'm IRC'ing from my VPS...haven't seen any issues. RandalSchwartz: me too
then again, .pt is a long ways from LA
could be any number of things
where does the traceroute start to go whacky? rgouveia: Hi RandalSchwartz, seems 67.199.135.102 RandalSchwartz: ahh. packetexchange
that's outside anything Garry can help with rgouveia: I don't have any output after that although I am now connected
last time I had a connectivity issue it was packetexchange IIRC
raptelan: you're in the US too? RandalSchwartz: yeah - I come in via net2ez.com
2.018 ms ping time
from my desk
and that's 9 hops rgouveia: RandalSchwartz: I wish :-) raptelan: rgouveia: yes, I'm in New York right now. rgouveia: raptelan: ok, so I'm the only one far away then raptelan: rgouveia: yeah, I'm close - only about 2500 miles ;)
rgouveia: but yes, you're farther. rgouveia: and more water too :-) ***: luceroz has joined #arpnetworks
luceroz has quit IRC (Remote host closed the connection)
HighJinx has quit IRC (Quit: Leaving)
LT has quit IRC (Quit: Leaving)
ivan-kanis has quit IRC (Remote host closed the connection) jpalmer: raptelan: get traceroutes, and send an email to support@ Garry can file a ticket with packetexchange, and have them look into it. raptelan: jpalmer: my traceroutes are fine, I think you meant that for rgouveia? jpalmer: indeed, sorry rgouveia: jpalmer: hi, thanks I'll do that :-) ***: cubelogic has joined #arpnetworks ix33: which is worse: not having a reverse DNS entry for an address, or having an rDNS entry that does not itself resolve? bob^^: when you say 'having an rDNS entry that does not itself resolve' do you mean that the forward and reverse wouldn't match? ix33: dig NAME returns NXDOMAIN for that address type RandalSchwartz: ssh gets picky about some of that bob^^: yeah, ssh is normally the most annoying with rnds
*rdns ix33: good point jpalmer: lots of things get picky about that. inredibly so if it's a mailserver. bob^^: yeah
in conclusion: have valid rdns ;) ix33: google can deal with mail ;)
although i am very disappointed that google can't deliver mail to v6 MX bob^^: yeah, i've recently been getting angry about that ix33: hope they have it ready in time for ipv6 day! bob^^: i suspect things will start to change after ipv6 day
i work for an isp; we've only just v6'd our core network
however it was *much* easier than we expected ix33: xlhost delayed me on v6 address allocation for 2 months bob^^: now i have v6 everywhere :D ix33: they finally did do it though
bob^^: me too! bob^^: :D
have you tried disabling your v4 stack? jpalmer: bob^^: did you guys get your own v6 allocation, or are you getting it from your provider? bob^^: jpalmer: own alloc from RIPE ix33: i ran one of my arpnetworks instances without v4 for a good while bob^^: it's amazing how few web sites are v6 ready :( ix33: yeah jpalmer: a vps with no v4 i going to be essentially useless :P ix33: i have an apple airport dishing a hurricane electric tunnel to my home LAN as well. pretty idiot-proof bob^^: i'm just desperate to go all v6 now
nice :) ix33: jpalmer: how's that? bob^^: i noticed those options on my airport too, very smart
i have a netscreen at home though so it's tunneling to HE too :) ix33: bob^^: i was floored by how well it works jpalmer: I did it as a test a while back, to see if FreeBSD and CentOS could get full updates, patches, ports and other administrative necessities.. and suprisingly, both worked well. bob^^: ubuntu updates over v6 fine too
it seems the more technical parts of the web are very much v6 ready
just the big sites that are trailing their heels ix33: openbsd mirror at isc.org is v6 AND close to arpnetworks ;) bob^^: even the BBC over here don't have *any* v6 presence yet, which is pretty annoying :( ix33: did you hear about microsoft buying nortel's v4 allocations? bob^^: yeah, i don't like that ix33: that is nuts bob^^: i didn't think it was allowed tbh
i know over here with RIPE that's pretty much totally against the rules ix33: right bob^^: getting IPs here is a nightmare anyway ix33: i wonder if they pre-cleared it with them or something bob^^: we recently got a /16
it was *not* easy to get
(a v4 /16) ix33: wow. RandalSchwartz: as an ISP, did RIPE give you a /32 or a /48 bob^^: a /32 RandalSchwartz: cool bob^^: yeah :) ix33: i was under the impression that that was nearly impossible outside the US nowadays bob^^: i still can't quite believe how big it is RandalSchwartz: you can ennumerate all the visible stars in the sky then :) bob^^: yeah, amazing unmber of addresses :) RandalSchwartz: I have 5 or 6 /48's already bob^^: it still feels quite wasteful though
pushing a /64 down to our office network for example RandalSchwartz: consider, a /32 is like *one* address from v4 ix33: well back in the 90's when every community college was getting a v4 /16 i'm sure nob0ody thought about running out... RandalSchwartz: you use a /64 for each segment bob^^: yup
the autoconfig stuff is pretty smart i must say
i'm really liking some of the stuff about v6 ix33: agreed. bob^^: yet to investigate the encryption stuff but that sounds handy
as i suspect we could start to do away with VPNs -: bob^^ needs to do a lot of reading up ***: HighJinx has joined #arpnetworks ix33: me too bob^^: at least i get 10/10 on v6 and v4 tests from test-ipv6.com now anyway ;) RandalSchwartz: the stuff at ipv6.he.net is quite helpful
yeah bob^^: yeah, HE are fantastic
we actually use them as a primary transit provider here too
great network
(and exceptionally cheap for transit)
mind you we're getting bulk rates for buying 10gbit/s from them ;) RandalSchwartz: I got my T-shirt! Did you? jpalmer: I got mine! actually, last month. bob^^: i need to finish off the tests on there :)
it wanted me to v6 enable my mailserver which is not particularly easy given i use google apps for my email :/
going to create a test zone inside my domain and throw up exim over the weekend on v6 :) ix33: bob^^: i was running a v6 MTA for about 10 minutes just for that test ;) bob^^: hehe, that's exactly what i intend to do :) RandalSchwartz: me too
actually - it was the webserver that I just tunnelled
using socat :)
I made it so port 80 on v6 resent to port 80 on v4 jpalmer: bob^^: you can setup exim, and just set a temporary AAAA record for the test. set your DNS TTL's to like 60 seconds. do the test and remove the AAAA. the chances of you getting any mail other than the test delivered over it, almost non-existant.
the ipv4 mail will look up the A records for your MX. the test mail will lookup the AAAA records, which would be pointed to your exim install. no need for a subdomain ot whatever. jdoe: cheaters ;) jpalmer: it's not cheating. you are legitimately accepting the mail over IPv6, which is the purpose of the test, to prove your knowledge. it doesn't say you have to KEEP accepting it.
cheating (to me, anyway) would be doing something like.. claiming you were the he.net domain, or arpnetworks.com domain, where all of this is already setup. and then just breezing through the tests without doing anything to demonstrate actual knowledge. RandalSchwartz: oooh - I never thought of that :)
except that you have to add something to a web page, I think jpalmer: yeah, I think so. I was just using that as an example of what I'd consider cheating ;) ***: greenskeleton has quit IRC (Quit: WeeChat 0.3.4)
greenskeleton has joined #arpnetworks
mattx86 has quit IRC (Quit: bbl)
wallshot has joined #arpnetworks
zxvf has joined #arpnetworks zxvf: hi
is something broken? ***: zxvf has quit IRC (Client Quit) up_the_irons: LOL wallshot: he waited the allocated 75 seconds for a response and decided it must just be on his end i guess up_the_irons: haha ***: KyrosKoh has quit IRC (Ping timeout: 250 seconds)
KyrosKoh has joined #arpnetworks jdoe: pew pew. up_the_irons: bob^^: what's your v6 allocation? just curious from which prefix RIPE allocates
MS bought nortel's v4 allocations? wtf ***: wallshot has quit IRC (Remote host closed the connection)
phreak has joined #arpnetworks
|dream has quit IRC (Read error: Operation timed out)
phreak has quit IRC (Quit: quit)
|dream has joined #arpnetworks
cubelogic has quit IRC (Ping timeout: 276 seconds)
HighJinx has quit IRC (Ping timeout: 252 seconds)
Zuul has quit IRC (Ping timeout: 252 seconds)
Zuul has joined #arpnetworks
heavysixer has quit IRC (Quit: heavysixer)
HighJinx has joined #arpnetworks
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
heavysixer has quit IRC (Quit: BAMPF!)