[00:00] but i have no idea which is better [00:00] i mean cogent sucks either way, but there have been heaps of peering disagreements with them [00:00] and yert they're one of the biggest providerss. [00:01] it was verizon being problematic before iirc though [00:03] verizon is out ntt still too [00:03] and some of comcast at least [00:04] oh weird i had notes of wo comcast addresses adn one is the hostname and one is ip of same host [00:09] *** mike-bur1 has quit IRC (Ping timeout: 260 seconds) [00:16] *** mike-bur1 has joined #arpnetworks [00:16] *** ChanServ sets mode: +o mike-bur1 [00:22] added reset the net banner to arpnetworks.com and portal [00:22] june 5 [00:22] do your part! [00:22] :) [00:22] reset the net? [00:22] https://www.resetthenet.org/ [00:23] ahh about network neutrality [00:23] is it? [00:23] no, about mass surveillance [00:23] oh it's the other problem [00:23] lol [00:24] i saw a cool video about net neutrality [00:24] https://t.co/wD3MiiXOSM [00:24] https://t.co/wD3MiiXOSM -> https://www.youtube.com/watch?v=fpbOEoRrHyU [00:24] my part: now arpnetworks.com forces SSL for everything, no more port 80 except for redir to 443 [00:24] it's uhh the way things are going [00:25] yeah [00:26] i'm kind of against https in general, but it's important for things that don't need it to use it too so that you're not guilty by using encryption or such [00:31] nz is one of the US"s guinea pig countries for network intrusion [00:31] recent laws mean all isp's have to be registered etc [00:32] and if bigger than a certain size you have to be interception ready [00:35] *** mike-bur1 is now known as mike-burns [02:01] good 'ol TICSA [02:01] you also need to get any major network changes/upgrades approved by the government... [02:01] yay New Zealand.. [04:27] i try to not see the badness [04:27] apparently it's ok now to meention the zeus botnet stuff [04:27] but them having contacts at isp's made it easier to block it [04:28] /but/ they blocked baidu.com too [04:28] (chinese google basically) [04:28] the list of domain names being blocked is huge [04:28] and baidu doesn't loko legit casually [04:54] *** tabthorpe has joined #arpnetworks [04:54] *** tabthorpe has quit IRC (Changing host) [04:54] *** tabthorpe has joined #arpnetworks [07:19] gizmoguy: it's funny, but reddit net neutrality "activists" are pushing for a US local gov equiv of that as a fix for the US [07:20] (title 2) [07:28] would require utility committee approval for network expansion, product rollout, speed increases, etc. but, you know, that'd fix the internet or whatever. [07:42] another month, another round of freebsd security updates involving openssl [07:43] yep [07:43] also sendmail [07:43] yes, but the sendmail vuln is two whole days old now [07:43] have had to execute freebsd-update more than i remember ever having to [07:43] a whopping 2 days old [07:43] and who uses sendmail anymore [07:43] * staticsafe runs [07:44] haha, i do because i don't run an mta [07:44] and need something to handle outbound messaging from the server [07:47] I wonder how many of these new openssl cves are coming from people running static code analyses on libressl [07:52] http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html [09:33] @youtube fpbOEoRrHyU [09:33] YouTube Entertainment: "Last Week Tonight with John Oliver (HBO): Net Neutrality" by LastWeekTonight (13m 18s), 2,075,997 views, 35,571 likes and 367 dislikes. Uploaded 2014-06-02T06:30:01.000Z. [09:33] Ah yes, <3 Last Week Tonight [09:33] It's nice when your hosting provider "catches up" to something you've been doing all along :P @up_the_irons | my part: now arpnetworks.com forces SSL for everything, no more port 80 except for redir to 443 [09:34] Sadly, I had to leave the auto-redirect off one domain because ifttt.com won't use https:// urls (for its wordpress plugin, anyways) [09:34] I should make that domain's stuff conditional though... [09:35] Speaking of Baidu, I've blocked them from every single website I administer since they don't EVEN FETCH robots.txt, let alone honour its contents. [09:36] heh sendmail... My FreeBSD servers run exim, because why run something that's nigh-impossible to configure, versus something I know how to configure. (and exim specifically because I was just migrating an old server and could copy the configs) [10:38] brycec: your robots.txt needs to be in cantonese [10:40] m0unds: I figured it was pretty easy to read... http://brycesawesomeapp.com/robots.txt [10:40] Especially for a bot [10:40] lol there are two people in here running IrssiUrlLog/0.2 [10:40] (of course, none of that matters if Baidu doesn't even make a request for the file) [10:41] request for 机器人.txt [10:41] that should say robot in cantonese, but my terminal has utf-8 disabled [10:41] haha [10:42] Definitely looks chinese to me [10:42] hahah, that robots.txt is awesome [10:42] oh, must just be putty then [10:44] weird, nanog message had a content policy violation rendering it undeliverable to me [10:48] haha - SSN pattern match on a url [10:49] lol I've hit roadblocks like that before. CC #s too on UUIDs (without dashes) [10:50] In the past, I end up disabling those... too many false positives. [10:50] And anyone dumb enough to email a CC# deserves what they get >.> [10:50] <.< [10:50] yeah, haha [10:50] this is the first fp i've seen w/ssns though [10:51] it was on this: %205-30-2014%20v004.pdf [10:51] A date? LOL [10:51] yep, because the mailer mangled the url [10:51] haha [10:52] turned it into plaintext [10:52] if i send an email with the url as a link, it doesn't trigger, but if i insert it as plaintext in the body of a message, it does [10:52] funny [10:53] i bought some aloe + fruit + vegetable drink before work, and it has chunks of aloe pulp in it [10:53] kinda weird [10:56] Weird. I've had aloe-based drinks, but none with chunks [10:56] yeah, same here [10:56] this one is alo "enliven" [10:56] http://alodrink.com/products/enliven/ [11:42] *** reardencode has quit IRC (Quit: leaving) [11:42] *** reardencode has joined #arpnetworks [13:48] m0unds: yeah see, we don't have a problem with net neutralitiy over here [13:48] and more regulation isn't what we need in the ISP sector [13:49] to give you an example of why we don't have a problem with net neutrality: [13:49] so over here we don't have netflix [13:49] but everyone uses a proxy or DNS service to get around that [13:50] i'd say it's arguable whether we have a problem here either, but meh [13:50] recently netflix changed some of their CDNs which broke access on some of our ISPs due to transparent caching [13:50] and some people complained that our ISPs were being unfair to netflix traffic [13:50] so the ISPs investigated and fixed it [13:50] despite netflix being illegal to watch in this country [13:50] haha [13:50] so even illegal services are net neutral here [13:50] lol [13:52] does nz do the whole national firewall thing that australia does? [13:53] nat'l content policy or whatever [13:53] "Can't risk them seeing sheep porn, might give them ideas." [13:54] http://www.aei.org/article/economics/innovation/the-real-slow-lane-threat-to-the-internet/ [13:57] no. [13:57] we have an opt in filter list [14:01] ah, gotcha [14:04] http://www.dia.govt.nz/censorship-dcefs [14:04] it's all fairly transparent apart from the actual list itself [14:07] brycec: i admit i was late to the game on that one [14:07] heh, just giving you shit :) [14:08] i can tell :) [14:10] btw: it seems to become hip to implement dane :) [14:11] at least in germany... [14:13] dane? [14:13] @wiki DANE [14:13] DNS-based Authentication of Named Entities :: DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates, commonly used for Transport Layer Security (TLS), to be bound to DNS names using Domain Name System Security Extensions (DNSSEC). It is proposed in RFC 6698 as a way to authenticate TLS client and server entities without a certificate... http://en.wikipedia.org/wiki/DNS-based%20Authentication%20of%20Named%20E [14:13] sweet [14:13] <3 BryceBot [14:28] trying to find a ball bearing 40mm fan as a service component for stupid environmentally rated outdoor cameras that overheat [14:30] m0unds: http://www.coolerguys.com has some unusual fan stuff, though it's probably mostly 12v [14:31] yea, that's fine - the fan is 12V [14:31] part of the problem is purchasing here is a pain in the ass [14:32] i found a similar part at digikey, but i can't buy from digikey [14:32] thx for the link [14:33] Sure. Some of these companies have amazon storefronts, if that makes your life any less painful. [14:33] nah, totally backwards tribal government purchasing dept [14:33] ah. bummer to run into purchasing difficulties for a <$15 part [14:33] i can only easily buy from local vendors, cdw, pcconnection or pueblo-licensed system integrators [14:33] yep [14:33] How about adobe? :P [14:34] just comes down to the person at the purchasing office not wanting to contact new vendors [14:34] trying to get provantage, myriad, vology and a few others added has been a nightmare [16:24] *** aboutGod has joined #arpnetworks [16:29] *** aboutGod has left [16:52] up_the_irons: any chance you could force Verizon routes through Level3 now that it's up? [16:52] http://kremvax.acfsys.net/smokeping.cgi?target=Remote.verizon-lsanca [16:52] same as always... [16:53] What are they taking now, NTT? [16:53] yep [16:53] Those are some impressive humps. [16:54] yes they are [16:54] http://paste.unixcube.org/k/bb55b1 [17:05] is it just wildly deprioritizing icmp or something? [17:10] definitely not. it happens to my machine routed over the link too [17:10] that paste is NTT confirming that the issue exists [17:10] oh, i missed the paste [17:11] *** jlgaddis has quit IRC (Ping timeout: 245 seconds) [17:22] *** novae has quit IRC (Ping timeout: 245 seconds) [17:27] m0unds: https://www.youtube.com/watch?v=HEx1WEOV2Zk [17:27] YouTube Games: "Planetside 2 - [∞] Recursion - Ambush" by Fatter Productions (1m 42s), 301 views, 88 likes and 2 dislikes. Uploaded 2014-06-05T21:04:12.000Z. [17:28] *** novae has joined #arpnetworks [17:29] that's funny [17:31] bet that took a lot of work [17:32] yeah [18:51] i'm still confused by bryce's smokeping [18:51] i was trying to figure out how things have changed since some outbound level3 [18:51] i haven't seen outbound l3 to anything except 4.2.2.2/4.2.2.4/etc [18:52] it happens to a few placesd [18:52] up_the_irons was saying 40% traffic [18:52] i guess i'm the 60% [18:52] haha [18:52] but verizon/comcast/cogent are all ntt [18:52] and prob lots of other things. [18:52] or nlayer [18:52] nlayer is ntt too [18:52] oh, are they part of ntt? [18:52] for outbound [18:52] nah there's just not full route table from ntt [18:52] err from mzima [18:53] and mzima/nlayer merged [18:53] so incoming is diff story, but ntt->nlayer is pretty good [18:53] nlayer in lax -> CL is still really congested [18:53] i think that's more on the CL side [18:53] tbh i think it probably makes sense to drop nlayer [18:54] what's CL? [18:54] centurylink [18:54] ahh [18:54] they're bad [18:54] yeh i thought they were [18:54] i think my connection to centurylink goes via verizon [18:55] they have a thing for unintentionally nuking MPLS [18:55] i duinno any ip to trace [18:55] they had a nationwide outage twice last year [18:55] heh [18:55] i used to see so many cogent issues [18:55] but they were all partial [18:56] like way more than two a year. [18:56] mercutio: confused by my smokeping? [18:56] brycec: yeh with all the liens at once [18:56] i wanted to see what various places are like since level3 introduction, from arp. [18:56] i couldn't remember your smokeping, but i googled it :) [18:57] and i couldn't remember who else had one [18:57] mercutio: @smokeping [18:57] haha [18:57] the fact you could google it bothers me slightly [18:57] this channel is logged remember [18:57] i googled bryce smokeping arp [18:57] from memory [18:58] mercutio: And got the irclogger? [18:58] yeh i think so [18:58] yea, that's what i got just now via ddg [18:58] I just don't want Google crawling my little smokeping CGI [18:58] i got the end result and didn't pay much attentino to the inbetween [18:58] heh [18:58] guuguhl wants all the rrds [18:58] baidu was doing that... asswipes. [18:58] haha [18:58] baidu got blocked by the fbi :/ [18:59] (and me) [19:00] Here's a good example of the Level3 switch https://smokeping.cobryce.com/?displaymode=n;start=2014-05-29%2018:59;end=now;target=Internet.Foonetic.vervet4 [19:00] downtime? [19:01] (not sure why I'm missing data... but it's across all my slaves for that host) [19:01] (so I assume my VPS may have been unreachable) [19:02] staticfree.foonetic.net is another host going over l3 now [19:02] reduction in packet loss is more important [19:02] some host going down in latency by 10 msec doesn't really matter [19:02] https://smokeping.cobryce.com/?displaymode=n;start=2014-05-29%2019:01;end=now;target=Internet.Foonetic.staticfree4 [19:02] ah [19:03] (oh vervet was down, that's why the gap in data) [19:03] it goes l3 over v4, but occaid via v6 [19:03] occaid route is 25-30ms lower [19:03] i saw that [19:03] Yeah, their b/w is provided by occaid, and I gather we're peered with occaid [19:03] i have no idea what occaid is [19:03] @wiki occaid [19:03] OCCAID :: The Open Contributors Corporation for Advanced Internet Development (OCCAID) is a non-profit consortium that operates one of the largest IPv6 research networks in the world. It maintains both resale and facilities-based networks spanning 15,000 miles, with a presence in over 52 cities across 6 countries. OCCAID facilitates collaboration between research communities and the... http://en.wikipedia.org/wiki/OCCAID [19:04] cool. [19:05] with verizon etc it's hard to know which directino loss is happening [19:06] i think i determined it was outbound from arp [19:24] ugh, really hate the congestion to this vm via work [19:24] verizon? [19:24] ntt [19:24] ntt<->ntt? [19:24] CL->NTT [19:25] port here isn't even remotely congested [19:25] connection to home is CL->comcast via denver [19:26] connection to arp is CL->NTT via LAX [19:26] connection to another vm is CL via telia, and it's fine [19:27] CL as in CraigsList? :P [19:27] why yes [19:27] speaking of.. [19:27] Same diff anyways [19:27] yeah, bargain basement [19:27] http://albuquerque.craigslist.org/clt/4494974647.html [19:28] m0unds: Is the actor a NM resident? [19:28] i couldn't tell you [19:28] Or is this just random for random's sake? [19:28] it'd be funny if he was and it was his collection [19:29] Couldn't tell if this was "hey, the Enzyte guy is from our town, yay" [19:29] as far as i know, he's not from here [19:30] just some dude trying to sell a "collection" of related merch for $1k [19:30] hahaha [19:30] oh right sorry i half asleep [19:30] no excuse :) [19:30] i want to see free internap like solutions myself :) [19:30] he's canadian [19:30] it's hard to make everything work well without tweaking [19:31] whew [19:31] but the tweaks don't remain the same [19:31] which is why automation is good :) [19:31] internap's route optimisdation doesn't actually work that well [19:31] but the idea is good [22:04] *** plett has quit IRC (Ping timeout: 240 seconds) [22:04] *** plett has joined #arpnetworks [22:15] *** up_the_irons has quit IRC (*.net *.split) [22:15] *** grepidemic has quit IRC (*.net *.split) [22:15] *** staticsafe_ has quit IRC (*.net *.split) [22:15] *** avj has quit IRC (*.net *.split) [22:15] *** carvite has quit IRC (*.net *.split) [22:15] *** m0unds_ has quit IRC (*.net *.split) [22:15] *** brycec has quit IRC (*.net *.split) [22:15] *** BryceBot has quit IRC (*.net *.split) [22:15] *** josephb has quit IRC (*.net *.split) [22:15] *** acf_ has quit IRC (*.net *.split) [22:15] *** jpalmer has quit IRC (*.net *.split) [22:15] *** eryc has quit IRC (*.net *.split) [22:15] *** raptelan has quit IRC (*.net *.split) [22:15] *** mike-burns has quit IRC (*.net *.split) [22:15] *** pcn has quit IRC (*.net *.split) [22:15] *** RandalSchwartz has quit IRC (*.net *.split) [22:15] *** meingtsla has quit IRC (*.net *.split) [22:15] *** kevr has quit IRC (*.net *.split) [22:15] *** KDE_Perry has quit IRC (*.net *.split) [22:15] *** mercutio has quit IRC (*.net *.split) [22:15] *** twobithacker has quit IRC (*.net *.split) [22:15] *** m0unds has quit IRC (*.net *.split) [22:15] *** tabthorpe has quit IRC (*.net *.split) [22:15] *** pjs has quit IRC (*.net *.split) [22:15] *** NiTeMaRe has quit IRC (*.net *.split) [22:21] *** tabthorpe has joined #arpnetworks [22:25] *** dj_goku has quit IRC (Read error: Connection reset by peer) [22:26] *** mike-burns has joined #arpnetworks [22:26] *** up_the_irons has joined #arpnetworks [22:26] *** KDE_Perry has joined #arpnetworks [22:26] *** mercutio has joined #arpnetworks [22:26] *** twobithacker has joined #arpnetworks [22:26] *** m0unds has joined #arpnetworks [22:26] *** jpalmer has joined #arpnetworks [22:26] *** eryc has joined #arpnetworks [22:26] *** raptelan has joined #arpnetworks [22:26] *** acf_ has joined #arpnetworks [22:26] *** josephb has joined #arpnetworks [22:26] *** BryceBot has joined #arpnetworks [22:26] *** brycec has joined #arpnetworks [22:26] *** m0unds_ has joined #arpnetworks [22:26] *** kevr has joined #arpnetworks [22:26] *** carvite has joined #arpnetworks [22:26] *** meingtsla has joined #arpnetworks [22:26] *** RandalSchwartz has joined #arpnetworks [22:26] *** pcn has joined #arpnetworks [22:26] *** NiTeMaRe has joined #arpnetworks [22:26] *** pjs has joined #arpnetworks [22:26] *** avj has joined #arpnetworks [22:26] *** staticsafe_ has joined #arpnetworks [22:26] *** grepidemic has joined #arpnetworks [22:26] *** verne.freenode.net sets mode: +oo mike-burns up_the_irons [22:28] *** up_the_irons has quit IRC (*.net *.split) [22:28] *** grepidemic has quit IRC (*.net *.split) [22:28] *** staticsafe_ has quit IRC (*.net *.split) [22:28] *** avj has quit IRC (*.net *.split) [22:29] *** carvite has quit IRC (*.net *.split) [22:29] *** m0unds_ has quit IRC (*.net *.split) [22:29] *** brycec has quit IRC (*.net *.split) [22:29] *** BryceBot has quit IRC (*.net *.split) [22:29] *** josephb has quit IRC (*.net *.split) [22:29] *** acf_ has quit IRC (*.net *.split) [22:29] *** jpalmer has quit IRC (*.net *.split) [22:29] *** eryc has quit IRC (*.net *.split) [22:29] *** raptelan has quit IRC (*.net *.split) [22:29] *** mike-burns has quit IRC (*.net *.split) [22:29] *** pcn has quit IRC (*.net *.split) [22:29] *** RandalSchwartz has quit IRC (*.net *.split) [22:29] *** meingtsla has quit IRC (*.net *.split) [22:29] *** kevr has quit IRC (*.net *.split) [22:29] *** KDE_Perry has quit IRC (*.net *.split) [22:29] *** mercutio has quit IRC (*.net *.split) [22:29] *** twobithacker has quit IRC (*.net *.split) [22:29] *** m0unds has quit IRC (*.net *.split) [22:29] *** pjs has quit IRC (*.net *.split) [22:29] *** NiTeMaRe has quit IRC (*.net *.split) [22:30] *** [FBI] starts logging #arpnetworks at Thu Jun 05 22:30:07 2014 [22:30] *** [FBI] has joined #arpnetworks [22:31] *** dj_goku has joined #arpnetworks [22:33] *** mike-burns has joined #arpnetworks [22:33] *** up_the_irons has joined #arpnetworks [22:33] *** grepidemic has joined #arpnetworks [22:33] *** staticsafe_ has joined #arpnetworks [22:33] *** avj has joined #arpnetworks [22:33] *** pjs has joined #arpnetworks [22:33] *** NiTeMaRe has joined #arpnetworks [22:33] *** pcn has joined #arpnetworks [22:33] *** RandalSchwartz has joined #arpnetworks [22:33] *** meingtsla has joined #arpnetworks [22:33] *** carvite has joined #arpnetworks [22:33] *** kevr has joined #arpnetworks [22:33] *** m0unds_ has joined #arpnetworks [22:33] *** brycec has joined #arpnetworks [22:33] *** BryceBot has joined #arpnetworks [22:33] *** josephb has joined #arpnetworks [22:33] *** acf_ has joined #arpnetworks [22:33] *** KDE_Perry has joined #arpnetworks [22:33] *** mercutio has joined #arpnetworks [22:33] *** twobithacker has joined #arpnetworks [22:33] *** m0unds has joined #arpnetworks [22:33] *** jpalmer has joined #arpnetworks [22:33] *** eryc has joined #arpnetworks [22:33] *** raptelan has joined #arpnetworks [22:33] *** barjavel.freenode.net sets mode: +oo mike-burns up_the_irons [22:35] not sure if you got this: [22:35] mercutio: the thing is, doing traffic engineering to route around problems just sets precedent that i'll tweak this / that / etc... and eventually end up with a mess of complicated rules. It is better treat the disease, not just alleviate symptom. need to get on NTT / Verizon's case about the loss. Email NOCs, show traceroutes, etc... [22:35] mercutio: ^^ [22:35] can anyone who is running KVM/QEMU and libvirt on Ubuntu 12.04 on some machine of theirs tell me if "aa-status" shows your VMs in "enforce" mode [22:36] On Lucid, this is the case, but not on 12.04 for me, for some reason...