but i have no idea which is better i mean cogent sucks either way, but there have been heaps of peering disagreements with them and yert they're one of the biggest providerss. it was verizon being problematic before iirc though verizon is out ntt still too and some of comcast at least oh weird i had notes of wo comcast addresses adn one is the hostname and one is ip of same host added reset the net banner to arpnetworks.com and portal june 5 do your part! :) reset the net? https://www.resetthenet.org/ ahh about network neutrality is it? no, about mass surveillance oh it's the other problem lol i saw a cool video about net neutrality https://t.co/wD3MiiXOSM https://t.co/wD3MiiXOSM -> https://www.youtube.com/watch?v=fpbOEoRrHyU my part: now arpnetworks.com forces SSL for everything, no more port 80 except for redir to 443 it's uhh the way things are going yeah i'm kind of against https in general, but it's important for things that don't need it to use it too so that you're not guilty by using encryption or such nz is one of the US"s guinea pig countries for network intrusion recent laws mean all isp's have to be registered etc and if bigger than a certain size you have to be interception ready good 'ol TICSA you also need to get any major network changes/upgrades approved by the government... yay New Zealand.. i try to not see the badness apparently it's ok now to meention the zeus botnet stuff but them having contacts at isp's made it easier to block it /but/ they blocked baidu.com too (chinese google basically) the list of domain names being blocked is huge and baidu doesn't loko legit casually gizmoguy: it's funny, but reddit net neutrality "activists" are pushing for a US local gov equiv of that as a fix for the US (title 2) would require utility committee approval for network expansion, product rollout, speed increases, etc. but, you know, that'd fix the internet or whatever. another month, another round of freebsd security updates involving openssl yep also sendmail yes, but the sendmail vuln is two whole days old now have had to execute freebsd-update more than i remember ever having to a whopping 2 days old and who uses sendmail anymore haha, i do because i don't run an mta and need something to handle outbound messaging from the server I wonder how many of these new openssl cves are coming from people running static code analyses on libressl http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html @youtube fpbOEoRrHyU YouTube Entertainment: "Last Week Tonight with John Oliver (HBO): Net Neutrality" by LastWeekTonight (13m 18s), 2,075,997 views, 35,571 likes and 367 dislikes. Uploaded 2014-06-02T06:30:01.000Z. Ah yes, <3 Last Week Tonight It's nice when your hosting provider "catches up" to something you've been doing all along :P @up_the_irons | my part: now arpnetworks.com forces SSL for everything, no more port 80 except for redir to 443 Sadly, I had to leave the auto-redirect off one domain because ifttt.com won't use https:// urls (for its wordpress plugin, anyways) I should make that domain's stuff conditional though... Speaking of Baidu, I've blocked them from every single website I administer since they don't EVEN FETCH robots.txt, let alone honour its contents. heh sendmail... My FreeBSD servers run exim, because why run something that's nigh-impossible to configure, versus something I know how to configure. (and exim specifically because I was just migrating an old server and could copy the configs) brycec: your robots.txt needs to be in cantonese m0unds: I figured it was pretty easy to read... http://brycesawesomeapp.com/robots.txt Especially for a bot lol there are two people in here running IrssiUrlLog/0.2 (of course, none of that matters if Baidu doesn't even make a request for the file) request for 机器人.txt that should say robot in cantonese, but my terminal has utf-8 disabled haha Definitely looks chinese to me hahah, that robots.txt is awesome oh, must just be putty then weird, nanog message had a content policy violation rendering it undeliverable to me haha - SSN pattern match on a url lol I've hit roadblocks like that before. CC #s too on UUIDs (without dashes) In the past, I end up disabling those... too many false positives. And anyone dumb enough to email a CC# deserves what they get >.> <.< yeah, haha this is the first fp i've seen w/ssns though it was on this: %205-30-2014%20v004.pdf A date? LOL yep, because the mailer mangled the url haha turned it into plaintext if i send an email with the url as a link, it doesn't trigger, but if i insert it as plaintext in the body of a message, it does funny i bought some aloe + fruit + vegetable drink before work, and it has chunks of aloe pulp in it kinda weird Weird. I've had aloe-based drinks, but none with chunks yeah, same here this one is alo "enliven" http://alodrink.com/products/enliven/ m0unds: yeah see, we don't have a problem with net neutralitiy over here and more regulation isn't what we need in the ISP sector to give you an example of why we don't have a problem with net neutrality: so over here we don't have netflix but everyone uses a proxy or DNS service to get around that i'd say it's arguable whether we have a problem here either, but meh recently netflix changed some of their CDNs which broke access on some of our ISPs due to transparent caching and some people complained that our ISPs were being unfair to netflix traffic so the ISPs investigated and fixed it despite netflix being illegal to watch in this country haha so even illegal services are net neutral here lol does nz do the whole national firewall thing that australia does? nat'l content policy or whatever "Can't risk them seeing sheep porn, might give them ideas." http://www.aei.org/article/economics/innovation/the-real-slow-lane-threat-to-the-internet/ no. we have an opt in filter list ah, gotcha http://www.dia.govt.nz/censorship-dcefs it's all fairly transparent apart from the actual list itself brycec: i admit i was late to the game on that one heh, just giving you shit :) i can tell :) btw: it seems to become hip to implement dane :) at least in germany... dane? @wiki DANE DNS-based Authentication of Named Entities :: DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates, commonly used for Transport Layer Security (TLS), to be bound to DNS names using Domain Name System Security Extensions (DNSSEC). It is proposed in RFC 6698 as a way to authenticate TLS client and server entities without a certificate... http://en.wikipedia.org/wiki/DNS-based%20Authentication%20of%20Named%20E sweet <3 BryceBot trying to find a ball bearing 40mm fan as a service component for stupid environmentally rated outdoor cameras that overheat m0unds: http://www.coolerguys.com has some unusual fan stuff, though it's probably mostly 12v yea, that's fine - the fan is 12V part of the problem is purchasing here is a pain in the ass i found a similar part at digikey, but i can't buy from digikey thx for the link Sure. Some of these companies have amazon storefronts, if that makes your life any less painful. nah, totally backwards tribal government purchasing dept ah. bummer to run into purchasing difficulties for a <$15 part i can only easily buy from local vendors, cdw, pcconnection or pueblo-licensed system integrators yep How about adobe? :P just comes down to the person at the purchasing office not wanting to contact new vendors trying to get provantage, myriad, vology and a few others added has been a nightmare up_the_irons: any chance you could force Verizon routes through Level3 now that it's up? http://kremvax.acfsys.net/smokeping.cgi?target=Remote.verizon-lsanca same as always... What are they taking now, NTT? yep Those are some impressive humps. yes they are http://paste.unixcube.org/k/bb55b1 is it just wildly deprioritizing icmp or something? definitely not. it happens to my machine routed over the link too that paste is NTT confirming that the issue exists oh, i missed the paste m0unds: https://www.youtube.com/watch?v=HEx1WEOV2Zk YouTube Games: "Planetside 2 - [∞] Recursion - Ambush" by Fatter Productions (1m 42s), 301 views, 88 likes and 2 dislikes. Uploaded 2014-06-05T21:04:12.000Z. that's funny bet that took a lot of work yeah i'm still confused by bryce's smokeping i was trying to figure out how things have changed since some outbound level3 i haven't seen outbound l3 to anything except 4.2.2.2/4.2.2.4/etc it happens to a few placesd up_the_irons was saying 40% traffic i guess i'm the 60% haha but verizon/comcast/cogent are all ntt and prob lots of other things. or nlayer nlayer is ntt too oh, are they part of ntt? for outbound nah there's just not full route table from ntt err from mzima and mzima/nlayer merged so incoming is diff story, but ntt->nlayer is pretty good nlayer in lax -> CL is still really congested i think that's more on the CL side tbh i think it probably makes sense to drop nlayer what's CL? centurylink ahh they're bad yeh i thought they were i think my connection to centurylink goes via verizon they have a thing for unintentionally nuking MPLS i duinno any ip to trace they had a nationwide outage twice last year heh i used to see so many cogent issues but they were all partial like way more than two a year. mercutio: confused by my smokeping? brycec: yeh with all the liens at once i wanted to see what various places are like since level3 introduction, from arp. i couldn't remember your smokeping, but i googled it :) and i couldn't remember who else had one mercutio: @smokeping haha the fact you could google it bothers me slightly this channel is logged remember i googled bryce smokeping arp from memory mercutio: And got the irclogger? yeh i think so yea, that's what i got just now via ddg I just don't want Google crawling my little smokeping CGI i got the end result and didn't pay much attentino to the inbetween heh guuguhl wants all the rrds baidu was doing that... asswipes. haha baidu got blocked by the fbi :/ (and me) Here's a good example of the Level3 switch https://smokeping.cobryce.com/?displaymode=n;start=2014-05-29%2018:59;end=now;target=Internet.Foonetic.vervet4 downtime? (not sure why I'm missing data... but it's across all my slaves for that host) (so I assume my VPS may have been unreachable) staticfree.foonetic.net is another host going over l3 now reduction in packet loss is more important some host going down in latency by 10 msec doesn't really matter https://smokeping.cobryce.com/?displaymode=n;start=2014-05-29%2019:01;end=now;target=Internet.Foonetic.staticfree4 ah (oh vervet was down, that's why the gap in data) it goes l3 over v4, but occaid via v6 occaid route is 25-30ms lower i saw that Yeah, their b/w is provided by occaid, and I gather we're peered with occaid i have no idea what occaid is @wiki occaid OCCAID :: The Open Contributors Corporation for Advanced Internet Development (OCCAID) is a non-profit consortium that operates one of the largest IPv6 research networks in the world. It maintains both resale and facilities-based networks spanning 15,000 miles, with a presence in over 52 cities across 6 countries. OCCAID facilitates collaboration between research communities and the... http://en.wikipedia.org/wiki/OCCAID cool. with verizon etc it's hard to know which directino loss is happening i think i determined it was outbound from arp ugh, really hate the congestion to this vm via work verizon? ntt ntt<->ntt? CL->NTT port here isn't even remotely congested connection to home is CL->comcast via denver connection to arp is CL->NTT via LAX connection to another vm is CL via telia, and it's fine CL as in CraigsList? :P why yes speaking of.. Same diff anyways yeah, bargain basement http://albuquerque.craigslist.org/clt/4494974647.html m0unds: Is the actor a NM resident? i couldn't tell you Or is this just random for random's sake? it'd be funny if he was and it was his collection Couldn't tell if this was "hey, the Enzyte guy is from our town, yay" as far as i know, he's not from here just some dude trying to sell a "collection" of related merch for $1k hahaha oh right sorry i half asleep no excuse :) i want to see free internap like solutions myself :) he's canadian it's hard to make everything work well without tweaking whew but the tweaks don't remain the same which is why automation is good :) internap's route optimisdation doesn't actually work that well but the idea is good not sure if you got this: mercutio: the thing is, doing traffic engineering to route around problems just sets precedent that i'll tweak this / that / etc... and eventually end up with a mess of complicated rules. It is better treat the disease, not just alleviate symptom. need to get on NTT / Verizon's case about the loss. Email NOCs, show traceroutes, etc... mercutio: ^^ can anyone who is running KVM/QEMU and libvirt on Ubuntu 12.04 on some machine of theirs tell me if "aa-status" shows your VMs in "enforce" mode On Lucid, this is the case, but not on 12.04 for me, for some reason...