#arpnetworks 2014-06-05,Thu

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
mercutiobut i have no idea which is better
i mean cogent sucks either way, but there have been heaps of peering disagreements with them
and yert they're one of the biggest providerss.
it was verizon being problematic before iirc though
verizon is out ntt still too
and some of comcast at least
oh weird i had notes of wo comcast addresses adn one is the hostname and one is ip of same host
[00:00]
***mike-bur1 has quit IRC (Ping timeout: 260 seconds) [00:09]
mike-bur1 has joined #arpnetworks
ChanServ sets mode: +o mike-bur1
[00:16]
up_the_ironsadded reset the net banner to arpnetworks.com and portal
june 5
do your part!
:)
[00:22]
mercutioreset the net? [00:22]
up_the_ironshttps://www.resetthenet.org/ [00:22]
mercutioahh about network neutrality
is it?
[00:23]
up_the_ironsno, about mass surveillance [00:23]
mercutiooh it's the other problem [00:23]
up_the_ironslol [00:23]
mercutioi saw a cool video about net neutrality
https://t.co/wD3MiiXOSM
[00:24]
BryceBothttps://t.co/wD3MiiXOSM -> https://www.youtube.com/watch?v=fpbOEoRrHyU [00:24]
up_the_ironsmy part: now arpnetworks.com forces SSL for everything, no more port 80 except for redir to 443 [00:24]
mercutioit's uhh the way things are going [00:24]
up_the_ironsyeah [00:25]
mercutioi'm kind of against https in general, but it's important for things that don't need it to use it too so that you're not guilty by using encryption or such [00:26]
nz is one of the US"s guinea pig countries for network intrusion
recent laws mean all isp's have to be registered etc
and if bigger than a certain size you have to be interception ready
[00:31]
***mike-bur1 is now known as mike-burns [00:35]
.................. (idle for 1h26mn)
gizmoguygood 'ol TICSA
you also need to get any major network changes/upgrades approved by the government...
yay New Zealand..
[02:01]
.............................. (idle for 2h26mn)
mercutioi try to not see the badness
apparently it's ok now to meention the zeus botnet stuff
but them having contacts at isp's made it easier to block it
/but/ they blocked baidu.com too
(chinese google basically)
the list of domain names being blocked is huge
and baidu doesn't loko legit casually
[04:27]
...... (idle for 26mn)
***tabthorpe has joined #arpnetworks
tabthorpe has quit IRC (Changing host)
tabthorpe has joined #arpnetworks
[04:54]
.............................. (idle for 2h25mn)
m0undsgizmoguy: it's funny, but reddit net neutrality "activists" are pushing for a US local gov equiv of that as a fix for the US
(title 2)
[07:19]
would require utility committee approval for network expansion, product rollout, speed increases, etc. but, you know, that'd fix the internet or whatever. [07:28]
sjacksoanother month, another round of freebsd security updates involving openssl [07:42]
m0undsyep
also sendmail
[07:43]
sjacksoyes, but the sendmail vuln is two whole days old now [07:43]
m0undshave had to execute freebsd-update more than i remember ever having to
a whopping 2 days old
[07:43]
staticsafeand who uses sendmail anymore
staticsafe runs
[07:43]
m0undshaha, i do because i don't run an mta
and need something to handle outbound messaging from the server
[07:44]
sjacksoI wonder how many of these new openssl cves are coming from people running static code analyses on libressl [07:47]
m0undshttp://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html [07:52]
..................... (idle for 1h41mn)
brycec@youtube fpbOEoRrHyU [09:33]
BryceBot<http://youtu.be/fpbOEoRrHyU> YouTube Entertainment: "Last Week Tonight with John Oliver (HBO): Net Neutrality" by LastWeekTonight (13m 18s), 2,075,997 views, 35,571 likes and 367 dislikes. Uploaded 2014-06-02T06:30:01.000Z. [09:33]
brycecAh yes, <3 Last Week Tonight
It's nice when your hosting provider "catches up" to something you've been doing all along :P @up_the_irons | my part: now arpnetworks.com forces SSL for everything, no more port 80 except for redir to 443
Sadly, I had to leave the auto-redirect off one domain because ifttt.com won't use https:// urls (for its wordpress plugin, anyways)
I should make that domain's stuff conditional though...
Speaking of Baidu, I've blocked them from every single website I administer since they don't EVEN FETCH robots.txt, let alone honour its contents.
heh sendmail... My FreeBSD servers run exim, because why run something that's nigh-impossible to configure, versus something I know how to configure. (and exim specifically because I was just migrating an old server and could copy the configs)
[09:33]
............. (idle for 1h2mn)
m0undsbrycec: your robots.txt needs to be in cantonese [10:38]
brycecm0unds: I figured it was pretty easy to read... http://brycesawesomeapp.com/robots.txt
Especially for a bot
lol there are two people in here running IrssiUrlLog/0.2
(of course, none of that matters if Baidu doesn't even make a request for the file)
[10:40]
m0undsrequest for 机器人.txt
that should say robot in cantonese, but my terminal has utf-8 disabled
haha
[10:41]
brycecDefinitely looks chinese to me [10:42]
m0undshahah, that robots.txt is awesome
oh, must just be putty then
weird, nanog message had a content policy violation rendering it undeliverable to me
haha - SSN pattern match on a url
[10:42]
bryceclol I've hit roadblocks like that before. CC #s too on UUIDs (without dashes)
In the past, I end up disabling those... too many false positives.
And anyone dumb enough to email a CC# deserves what they get >.>
<.<
[10:49]
m0undsyeah, haha
this is the first fp i've seen w/ssns though
it was on this: %205-30-2014%20v004.pdf
[10:50]
brycecA date? LOL [10:51]
m0undsyep, because the mailer mangled the url
haha
turned it into plaintext
if i send an email with the url as a link, it doesn't trigger, but if i insert it as plaintext in the body of a message, it does
funny
i bought some aloe + fruit + vegetable drink before work, and it has chunks of aloe pulp in it
kinda weird
[10:51]
brycecWeird. I've had aloe-based drinks, but none with chunks [10:56]
m0undsyeah, same here
this one is alo "enliven"
http://alodrink.com/products/enliven/
[10:56]
.......... (idle for 46mn)
***reardencode has quit IRC (Quit: leaving)
reardencode has joined #arpnetworks
[11:42]
.......................... (idle for 2h6mn)
gizmoguym0unds: yeah see, we don't have a problem with net neutralitiy over here
and more regulation isn't what we need in the ISP sector
to give you an example of why we don't have a problem with net neutrality:
so over here we don't have netflix
but everyone uses a proxy or DNS service to get around that
[13:48]
m0undsi'd say it's arguable whether we have a problem here either, but meh [13:50]
gizmoguyrecently netflix changed some of their CDNs which broke access on some of our ISPs due to transparent caching
and some people complained that our ISPs were being unfair to netflix traffic
so the ISPs investigated and fixed it
despite netflix being illegal to watch in this country
[13:50]
m0undshaha [13:50]
gizmoguyso even illegal services are net neutral here
lol
[13:50]
m0undsdoes nz do the whole national firewall thing that australia does?
nat'l content policy or whatever
[13:52]
brycec"Can't risk them seeing sheep porn, might give them ideas." [13:53]
m0undshttp://www.aei.org/article/economics/innovation/the-real-slow-lane-threat-to-the-internet/ [13:54]
gizmoguyno.
we have an opt in filter list
[13:57]
m0undsah, gotcha [14:01]
gizmoguyhttp://www.dia.govt.nz/censorship-dcefs
it's all fairly transparent apart from the actual list itself
[14:04]
up_the_ironsbrycec: i admit i was late to the game on that one [14:07]
brycecheh, just giving you shit :) [14:07]
up_the_ironsi can tell :) [14:08]
antbtw: it seems to become hip to implement dane :)
at least in germany...
[14:10]
up_the_ironsdane? [14:13]
ant@wiki DANE [14:13]
BryceBotDNS-based Authentication of Named Entities :: DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates, commonly used for Transport Layer Security (TLS), to be bound to DNS names using Domain Name System Security Extensions (DNSSEC). It is proposed in RFC 6698 as a way to authenticate TLS client and server entities without a certificate... http://en.wikipedia.org/wiki/DNS-based%20Authentication%20of%20Named%20E [14:13]
up_the_ironssweet
<3 BryceBot
[14:13]
.... (idle for 15mn)
m0undstrying to find a ball bearing 40mm fan as a service component for stupid environmentally rated outdoor cameras that overheat [14:28]
sjacksom0unds: http://www.coolerguys.com has some unusual fan stuff, though it's probably mostly 12v [14:30]
m0undsyea, that's fine - the fan is 12V
part of the problem is purchasing here is a pain in the ass
i found a similar part at digikey, but i can't buy from digikey
thx for the link
[14:31]
sjacksoSure. Some of these companies have amazon storefronts, if that makes your life any less painful. [14:33]
m0undsnah, totally backwards tribal government purchasing dept [14:33]
sjacksoah. bummer to run into purchasing difficulties for a <$15 part [14:33]
m0undsi can only easily buy from local vendors, cdw, pcconnection or pueblo-licensed system integrators
yep
[14:33]
CaZeHow about adobe? :P [14:33]
m0undsjust comes down to the person at the purchasing office not wanting to contact new vendors
trying to get provantage, myriad, vology and a few others added has been a nightmare
[14:34]
....................... (idle for 1h50mn)
***aboutGod has joined #arpnetworks [16:24]
aboutGod has left [16:29]
..... (idle for 23mn)
acf_up_the_irons: any chance you could force Verizon routes through Level3 now that it's up?
http://kremvax.acfsys.net/smokeping.cgi?target=Remote.verizon-lsanca
same as always...
[16:52]
brycecWhat are they taking now, NTT? [16:53]
acf_yep [16:53]
brycecThose are some impressive humps. [16:53]
acf_yes they are
http://paste.unixcube.org/k/bb55b1
[16:54]
m0undsis it just wildly deprioritizing icmp or something? [17:05]
acf_definitely not. it happens to my machine routed over the link too
that paste is NTT confirming that the issue exists
[17:10]
m0undsoh, i missed the paste [17:10]
***jlgaddis has quit IRC (Ping timeout: 245 seconds) [17:11]
novae has quit IRC (Ping timeout: 245 seconds) [17:22]
staticsafem0unds: https://www.youtube.com/watch?v=HEx1WEOV2Zk [17:27]
BryceBotYouTube Games: "Planetside 2 - [∞] Recursion - Ambush" by Fatter Productions (1m 42s), 301 views, 88 likes and 2 dislikes. Uploaded 2014-06-05T21:04:12.000Z. [17:27]
***novae has joined #arpnetworks [17:28]
m0undsthat's funny
bet that took a lot of work
[17:29]
staticsafeyeah [17:32]
................ (idle for 1h19mn)
mercutioi'm still confused by bryce's smokeping
i was trying to figure out how things have changed since some outbound level3
[18:51]
m0undsi haven't seen outbound l3 to anything except 4.2.2.2/4.2.2.4/etc [18:51]
mercutioit happens to a few placesd
up_the_irons was saying 40% traffic
[18:52]
m0undsi guess i'm the 60%
haha
[18:52]
mercutiobut verizon/comcast/cogent are all ntt
and prob lots of other things.
[18:52]
m0undsor nlayer [18:52]
mercutionlayer is ntt too [18:52]
m0undsoh, are they part of ntt? [18:52]
mercutiofor outbound
nah there's just not full route table from ntt
err from mzima
and mzima/nlayer merged
so incoming is diff story, but ntt->nlayer is pretty good
[18:52]
m0undsnlayer in lax -> CL is still really congested
i think that's more on the CL side
[18:53]
mercutiotbh i think it probably makes sense to drop nlayer
what's CL?
[18:53]
m0undscenturylink [18:54]
mercutioahh [18:54]
m0undsthey're bad [18:54]
mercutioyeh i thought they were
i think my connection to centurylink goes via verizon
[18:54]
m0undsthey have a thing for unintentionally nuking MPLS [18:55]
mercutioi duinno any ip to trace [18:55]
m0undsthey had a nationwide outage twice last year [18:55]
mercutioheh
i used to see so many cogent issues
but they were all partial
like way more than two a year.
[18:55]
brycecmercutio: confused by my smokeping? [18:56]
mercutiobrycec: yeh with all the liens at once
i wanted to see what various places are like since level3 introduction, from arp.
i couldn't remember your smokeping, but i googled it :)
and i couldn't remember who else had one
[18:56]
brycecmercutio: @smokeping [18:57]
m0undshaha [18:57]
brycecthe fact you could google it bothers me slightly [18:57]
mercutiothis channel is logged remember
i googled bryce smokeping arp
from memory
[18:57]
brycecmercutio: And got the irclogger? [18:58]
mercutioyeh i think so [18:58]
m0undsyea, that's what i got just now via ddg [18:58]
brycecI just don't want Google crawling my little smokeping CGI [18:58]
mercutioi got the end result and didn't pay much attentino to the inbetween
heh
[18:58]
m0undsguuguhl wants all the rrds [18:58]
brycecbaidu was doing that... asswipes. [18:58]
mercutiohaha
baidu got blocked by the fbi :/
[18:58]
brycec(and me)
Here's a good example of the Level3 switch https://smokeping.cobryce.com/?displaymode=n;start=2014-05-29%2018:59;end=now;target=Internet.Foonetic.vervet4
[18:59]
mercutiodowntime? [19:00]
brycec(not sure why I'm missing data... but it's across all my slaves for that host)
(so I assume my VPS may have been unreachable)
staticfree.foonetic.net is another host going over l3 now
[19:01]
mercutioreduction in packet loss is more important
some host going down in latency by 10 msec doesn't really matter
[19:02]
brycechttps://smokeping.cobryce.com/?displaymode=n;start=2014-05-29%2019:01;end=now;target=Internet.Foonetic.staticfree4 [19:02]
m0undsah [19:02]
brycec(oh vervet was down, that's why the gap in data) [19:03]
m0undsit goes l3 over v4, but occaid via v6
occaid route is 25-30ms lower
[19:03]
mercutioi saw that [19:03]
brycecYeah, their b/w is provided by occaid, and I gather we're peered with occaid [19:03]
mercutioi have no idea what occaid is [19:03]
brycec@wiki occaid [19:03]
BryceBotOCCAID :: The Open Contributors Corporation for Advanced Internet Development (OCCAID) is a non-profit consortium that operates one of the largest IPv6 research networks in the world. It maintains both resale and facilities-based networks spanning 15,000 miles, with a presence in over 52 cities across 6 countries. OCCAID facilitates collaboration between research communities and the... http://en.wikipedia.org/wiki/OCCAID [19:03]
mercutiocool.
with verizon etc it's hard to know which directino loss is happening
i think i determined it was outbound from arp
[19:04]
.... (idle for 18mn)
m0undsugh, really hate the congestion to this vm via work [19:24]
mercutioverizon? [19:24]
m0undsntt [19:24]
mercutiontt<->ntt? [19:24]
m0undsCL->NTT
port here isn't even remotely congested
connection to home is CL->comcast via denver
connection to arp is CL->NTT via LAX
connection to another vm is CL via telia, and it's fine
[19:24]
brycecCL as in CraigsList? :P [19:27]
m0undswhy yes
speaking of..
[19:27]
brycecSame diff anyways [19:27]
m0undsyeah, bargain basement
http://albuquerque.craigslist.org/clt/4494974647.html
[19:27]
brycecm0unds: Is the actor a NM resident? [19:28]
m0undsi couldn't tell you [19:28]
brycecOr is this just random for random's sake? [19:28]
m0undsit'd be funny if he was and it was his collection [19:28]
brycecCouldn't tell if this was "hey, the Enzyte guy is from our town, yay" [19:29]
m0undsas far as i know, he's not from here
just some dude trying to sell a "collection" of related merch for $1k
hahaha
[19:29]
mercutiooh right sorry i half asleep
no excuse :)
i want to see free internap like solutions myself :)
[19:30]
m0undshe's canadian [19:30]
mercutioit's hard to make everything work well without tweaking [19:30]
m0undswhew [19:31]
mercutiobut the tweaks don't remain the same
which is why automation is good :)
internap's route optimisdation doesn't actually work that well
but the idea is good
[19:31]
............................... (idle for 2h33mn)
***plett has quit IRC (Ping timeout: 240 seconds)
plett has joined #arpnetworks
[22:04]
up_the_irons has quit IRC (*.net *.split)
grepidemic has quit IRC (*.net *.split)
staticsafe_ has quit IRC (*.net *.split)
avj has quit IRC (*.net *.split)
carvite has quit IRC (*.net *.split)
m0unds_ has quit IRC (*.net *.split)
brycec has quit IRC (*.net *.split)
BryceBot has quit IRC (*.net *.split)
josephb has quit IRC (*.net *.split)
acf_ has quit IRC (*.net *.split)
jpalmer has quit IRC (*.net *.split)
eryc has quit IRC (*.net *.split)
raptelan has quit IRC (*.net *.split)
mike-burns has quit IRC (*.net *.split)
pcn has quit IRC (*.net *.split)
RandalSchwartz has quit IRC (*.net *.split)
meingtsla has quit IRC (*.net *.split)
kevr has quit IRC (*.net *.split)
KDE_Perry has quit IRC (*.net *.split)
mercutio has quit IRC (*.net *.split)
twobithacker has quit IRC (*.net *.split)
m0unds has quit IRC (*.net *.split)
tabthorpe has quit IRC (*.net *.split)
pjs has quit IRC (*.net *.split)
NiTeMaRe has quit IRC (*.net *.split)
[22:15]
tabthorpe has joined #arpnetworks
dj_goku has quit IRC (Read error: Connection reset by peer)
mike-burns has joined #arpnetworks
up_the_irons has joined #arpnetworks
KDE_Perry has joined #arpnetworks
mercutio has joined #arpnetworks
twobithacker has joined #arpnetworks
m0unds has joined #arpnetworks
jpalmer has joined #arpnetworks
eryc has joined #arpnetworks
raptelan has joined #arpnetworks
acf_ has joined #arpnetworks
josephb has joined #arpnetworks
BryceBot has joined #arpnetworks
brycec has joined #arpnetworks
m0unds_ has joined #arpnetworks
kevr has joined #arpnetworks
carvite has joined #arpnetworks
meingtsla has joined #arpnetworks
RandalSchwartz has joined #arpnetworks
pcn has joined #arpnetworks
NiTeMaRe has joined #arpnetworks
pjs has joined #arpnetworks
avj has joined #arpnetworks
staticsafe_ has joined #arpnetworks
grepidemic has joined #arpnetworks
verne.freenode.net sets mode: +oo mike-burns up_the_irons
up_the_irons has quit IRC (*.net *.split)
grepidemic has quit IRC (*.net *.split)
staticsafe_ has quit IRC (*.net *.split)
avj has quit IRC (*.net *.split)
carvite has quit IRC (*.net *.split)
m0unds_ has quit IRC (*.net *.split)
brycec has quit IRC (*.net *.split)
BryceBot has quit IRC (*.net *.split)
josephb has quit IRC (*.net *.split)
acf_ has quit IRC (*.net *.split)
jpalmer has quit IRC (*.net *.split)
eryc has quit IRC (*.net *.split)
raptelan has quit IRC (*.net *.split)
mike-burns has quit IRC (*.net *.split)
pcn has quit IRC (*.net *.split)
RandalSchwartz has quit IRC (*.net *.split)
meingtsla has quit IRC (*.net *.split)
kevr has quit IRC (*.net *.split)
KDE_Perry has quit IRC (*.net *.split)
mercutio has quit IRC (*.net *.split)
twobithacker has quit IRC (*.net *.split)
m0unds has quit IRC (*.net *.split)
pjs has quit IRC (*.net *.split)
NiTeMaRe has quit IRC (*.net *.split)
[FBI] starts logging #arpnetworks at Thu Jun 05 22:30:07 2014
[FBI] has joined #arpnetworks
dj_goku has joined #arpnetworks
mike-burns has joined #arpnetworks
up_the_irons has joined #arpnetworks
grepidemic has joined #arpnetworks
staticsafe_ has joined #arpnetworks
avj has joined #arpnetworks
pjs has joined #arpnetworks
NiTeMaRe has joined #arpnetworks
pcn has joined #arpnetworks
RandalSchwartz has joined #arpnetworks
meingtsla has joined #arpnetworks
carvite has joined #arpnetworks
kevr has joined #arpnetworks
m0unds_ has joined #arpnetworks
brycec has joined #arpnetworks
BryceBot has joined #arpnetworks
josephb has joined #arpnetworks
acf_ has joined #arpnetworks
KDE_Perry has joined #arpnetworks
mercutio has joined #arpnetworks
twobithacker has joined #arpnetworks
m0unds has joined #arpnetworks
jpalmer has joined #arpnetworks
eryc has joined #arpnetworks
raptelan has joined #arpnetworks
barjavel.freenode.net sets mode: +oo mike-burns up_the_irons
[22:21]
up_the_ironsnot sure if you got this:
mercutio: the thing is, doing traffic engineering to route around problems just sets precedent that i'll tweak this / that / etc... and eventually end up with a mess of complicated rules. It is better treat the disease, not just alleviate symptom. need to get on NTT / Verizon's case about the loss. Email NOCs, show traceroutes, etc...
mercutio: ^^
can anyone who is running KVM/QEMU and libvirt on Ubuntu 12.04 on some machine of theirs tell me if "aa-status" shows your VMs in "enforce" mode
On Lucid, this is the case, but not on 12.04 for me, for some reason...
[22:35]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)