mercutio: i mean cogent sucks either way, but there have been heaps of peering disagreements with them
and yert they're one of the biggest providerss.
it was verizon being problematic before iirc though
verizon is out ntt still too
and some of comcast at least
oh weird i had notes of wo comcast addresses adn one is the hostname and one is ip of same host ***: mike-bur1 has quit IRC (Ping timeout: 260 seconds)
mike-bur1 has joined #arpnetworks
ChanServ sets mode: +o mike-bur1 up_the_irons: added reset the net banner to arpnetworks.com and portal
june 5
do your part!
:) mercutio: reset the net? up_the_irons: https://www.resetthenet.org/ mercutio: ahh about network neutrality
is it? up_the_irons: no, about mass surveillance mercutio: oh it's the other problem up_the_irons: lol mercutio: i saw a cool video about net neutrality
https://t.co/wD3MiiXOSM BryceBot: https://t.co/wD3MiiXOSM -> https://www.youtube.com/watch?v=fpbOEoRrHyU up_the_irons: my part: now arpnetworks.com forces SSL for everything, no more port 80 except for redir to 443 mercutio: it's uhh the way things are going up_the_irons: yeah mercutio: i'm kind of against https in general, but it's important for things that don't need it to use it too so that you're not guilty by using encryption or such
nz is one of the US"s guinea pig countries for network intrusion
recent laws mean all isp's have to be registered etc
and if bigger than a certain size you have to be interception ready ***: mike-bur1 is now known as mike-burns gizmoguy: good 'ol TICSA
you also need to get any major network changes/upgrades approved by the government...
yay New Zealand.. mercutio: i try to not see the badness
apparently it's ok now to meention the zeus botnet stuff
but them having contacts at isp's made it easier to block it
/but/ they blocked baidu.com too
(chinese google basically)
the list of domain names being blocked is huge
and baidu doesn't loko legit casually ***: tabthorpe has joined #arpnetworks
tabthorpe has quit IRC (Changing host)
tabthorpe has joined #arpnetworks m0unds: gizmoguy: it's funny, but reddit net neutrality "activists" are pushing for a US local gov equiv of that as a fix for the US
(title 2)
would require utility committee approval for network expansion, product rollout, speed increases, etc. but, you know, that'd fix the internet or whatever. sjackso: another month, another round of freebsd security updates involving openssl m0unds: yep
also sendmail sjackso: yes, but the sendmail vuln is two whole days old now m0unds: have had to execute freebsd-update more than i remember ever having to
a whopping 2 days old staticsafe: and who uses sendmail anymore -: staticsafe runs m0unds: haha, i do because i don't run an mta
and need something to handle outbound messaging from the server sjackso: I wonder how many of these new openssl cves are coming from people running static code analyses on libressl m0unds: http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html brycec: @youtube fpbOEoRrHyU BryceBot: <http://youtu.be/fpbOEoRrHyU> YouTube Entertainment: "Last Week Tonight with John Oliver (HBO): Net Neutrality" by LastWeekTonight (13m 18s), 2,075,997 views, 35,571 likes and 367 dislikes. Uploaded 2014-06-02T06:30:01.000Z. brycec: Ah yes, <3 Last Week Tonight
It's nice when your hosting provider "catches up" to something you've been doing all along :P @up_the_irons | my part: now arpnetworks.com forces SSL for everything, no more port 80 except for redir to 443
Sadly, I had to leave the auto-redirect off one domain because ifttt.com won't use https:// urls (for its wordpress plugin, anyways)
I should make that domain's stuff conditional though...
Speaking of Baidu, I've blocked them from every single website I administer since they don't EVEN FETCH robots.txt, let alone honour its contents.
heh sendmail... My FreeBSD servers run exim, because why run something that's nigh-impossible to configure, versus something I know how to configure. (and exim specifically because I was just migrating an old server and could copy the configs) m0unds: brycec: your robots.txt needs to be in cantonese brycec: m0unds: I figured it was pretty easy to read... http://brycesawesomeapp.com/robots.txt
Especially for a bot
lol there are two people in here running IrssiUrlLog/0.2
(of course, none of that matters if Baidu doesn't even make a request for the file) m0unds: request for 机器人.txt
that should say robot in cantonese, but my terminal has utf-8 disabled
haha brycec: Definitely looks chinese to me m0unds: hahah, that robots.txt is awesome
oh, must just be putty then
weird, nanog message had a content policy violation rendering it undeliverable to me
haha - SSN pattern match on a url brycec: lol I've hit roadblocks like that before. CC #s too on UUIDs (without dashes)
In the past, I end up disabling those... too many false positives.
And anyone dumb enough to email a CC# deserves what they get >.>
<.< m0unds: yeah, haha
this is the first fp i've seen w/ssns though
it was on this: %205-30-2014%20v004.pdf brycec: A date? LOL m0unds: yep, because the mailer mangled the url
haha
turned it into plaintext
if i send an email with the url as a link, it doesn't trigger, but if i insert it as plaintext in the body of a message, it does
funny
i bought some aloe + fruit + vegetable drink before work, and it has chunks of aloe pulp in it
kinda weird brycec: Weird. I've had aloe-based drinks, but none with chunks m0unds: yeah, same here
this one is alo "enliven"
http://alodrink.com/products/enliven/ ***: reardencode has quit IRC (Quit: leaving)
reardencode has joined #arpnetworks gizmoguy: m0unds: yeah see, we don't have a problem with net neutralitiy over here
and more regulation isn't what we need in the ISP sector
to give you an example of why we don't have a problem with net neutrality:
so over here we don't have netflix
but everyone uses a proxy or DNS service to get around that m0unds: i'd say it's arguable whether we have a problem here either, but meh gizmoguy: recently netflix changed some of their CDNs which broke access on some of our ISPs due to transparent caching
and some people complained that our ISPs were being unfair to netflix traffic
so the ISPs investigated and fixed it
despite netflix being illegal to watch in this country m0unds: haha gizmoguy: so even illegal services are net neutral here
lol m0unds: does nz do the whole national firewall thing that australia does?
nat'l content policy or whatever brycec: "Can't risk them seeing sheep porn, might give them ideas." m0unds: http://www.aei.org/article/economics/innovation/the-real-slow-lane-threat-to-the-internet/ gizmoguy: no.
we have an opt in filter list m0unds: ah, gotcha gizmoguy: http://www.dia.govt.nz/censorship-dcefs
it's all fairly transparent apart from the actual list itself up_the_irons: brycec: i admit i was late to the game on that one brycec: heh, just giving you shit :) up_the_irons: i can tell :) ant: btw: it seems to become hip to implement dane :)
at least in germany... up_the_irons: dane? ant: @wiki DANE BryceBot: DNS-based Authentication of Named Entities :: DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates, commonly used for Transport Layer Security (TLS), to be bound to DNS names using Domain Name System Security Extensions (DNSSEC). It is proposed in RFC 6698 as a way to authenticate TLS client and server entities without a certificate... http://en.wikipedia.org/wiki/DNS-based%20Authentication%20of%20Named%20E up_the_irons: sweet
<3 BryceBot m0unds: trying to find a ball bearing 40mm fan as a service component for stupid environmentally rated outdoor cameras that overheat sjackso: m0unds: http://www.coolerguys.com has some unusual fan stuff, though it's probably mostly 12v m0unds: yea, that's fine - the fan is 12V
part of the problem is purchasing here is a pain in the ass
i found a similar part at digikey, but i can't buy from digikey
thx for the link sjackso: Sure. Some of these companies have amazon storefronts, if that makes your life any less painful. m0unds: nah, totally backwards tribal government purchasing dept sjackso: ah. bummer to run into purchasing difficulties for a <$15 part m0unds: i can only easily buy from local vendors, cdw, pcconnection or pueblo-licensed system integrators
yep CaZe: How about adobe? :P m0unds: just comes down to the person at the purchasing office not wanting to contact new vendors
trying to get provantage, myriad, vology and a few others added has been a nightmare ***: aboutGod has joined #arpnetworks
aboutGod has left acf_: up_the_irons: any chance you could force Verizon routes through Level3 now that it's up?
http://kremvax.acfsys.net/smokeping.cgi?target=Remote.verizon-lsanca
same as always... brycec: What are they taking now, NTT? acf_: yep brycec: Those are some impressive humps. acf_: yes they are
http://paste.unixcube.org/k/bb55b1 m0unds: is it just wildly deprioritizing icmp or something? acf_: definitely not. it happens to my machine routed over the link too
that paste is NTT confirming that the issue exists m0unds: oh, i missed the paste ***: jlgaddis has quit IRC (Ping timeout: 245 seconds)
novae has quit IRC (Ping timeout: 245 seconds) staticsafe: m0unds: https://www.youtube.com/watch?v=HEx1WEOV2Zk BryceBot: YouTube Games: "Planetside 2 - [∞] Recursion - Ambush" by Fatter Productions (1m 42s), 301 views, 88 likes and 2 dislikes. Uploaded 2014-06-05T21:04:12.000Z. ***: novae has joined #arpnetworks m0unds: that's funny
bet that took a lot of work staticsafe: yeah mercutio: i'm still confused by bryce's smokeping
i was trying to figure out how things have changed since some outbound level3 m0unds: i haven't seen outbound l3 to anything except 4.2.2.2/4.2.2.4/etc mercutio: it happens to a few placesd
up_the_irons was saying 40% traffic m0unds: i guess i'm the 60%
haha mercutio: but verizon/comcast/cogent are all ntt
and prob lots of other things. m0unds: or nlayer mercutio: nlayer is ntt too m0unds: oh, are they part of ntt? mercutio: for outbound
nah there's just not full route table from ntt
err from mzima
and mzima/nlayer merged
so incoming is diff story, but ntt->nlayer is pretty good m0unds: nlayer in lax -> CL is still really congested
i think that's more on the CL side mercutio: tbh i think it probably makes sense to drop nlayer
what's CL? m0unds: centurylink mercutio: ahh m0unds: they're bad mercutio: yeh i thought they were
i think my connection to centurylink goes via verizon m0unds: they have a thing for unintentionally nuking MPLS mercutio: i duinno any ip to trace m0unds: they had a nationwide outage twice last year mercutio: heh
i used to see so many cogent issues
but they were all partial
like way more than two a year. brycec: mercutio: confused by my smokeping? mercutio: brycec: yeh with all the liens at once
i wanted to see what various places are like since level3 introduction, from arp.
i couldn't remember your smokeping, but i googled it :)
and i couldn't remember who else had one brycec: mercutio: @smokeping m0unds: haha brycec: the fact you could google it bothers me slightly mercutio: this channel is logged remember
i googled bryce smokeping arp
from memory brycec: mercutio: And got the irclogger? mercutio: yeh i think so m0unds: yea, that's what i got just now via ddg brycec: I just don't want Google crawling my little smokeping CGI mercutio: i got the end result and didn't pay much attentino to the inbetween
heh m0unds: guuguhl wants all the rrds brycec: baidu was doing that... asswipes. mercutio: haha
baidu got blocked by the fbi :/ brycec: (and me)
Here's a good example of the Level3 switch https://smokeping.cobryce.com/?displaymode=n;start=2014-05-29%2018:59;end=now;target=Internet.Foonetic.vervet4 mercutio: downtime? brycec: (not sure why I'm missing data... but it's across all my slaves for that host)
(so I assume my VPS may have been unreachable)
staticfree.foonetic.net is another host going over l3 now mercutio: reduction in packet loss is more important
some host going down in latency by 10 msec doesn't really matter brycec: https://smokeping.cobryce.com/?displaymode=n;start=2014-05-29%2019:01;end=now;target=Internet.Foonetic.staticfree4 m0unds: ah brycec: (oh vervet was down, that's why the gap in data) m0unds: it goes l3 over v4, but occaid via v6
occaid route is 25-30ms lower mercutio: i saw that brycec: Yeah, their b/w is provided by occaid, and I gather we're peered with occaid mercutio: i have no idea what occaid is brycec: @wiki occaid BryceBot: OCCAID :: The Open Contributors Corporation for Advanced Internet Development (OCCAID) is a non-profit consortium that operates one of the largest IPv6 research networks in the world. It maintains both resale and facilities-based networks spanning 15,000 miles, with a presence in over 52 cities across 6 countries. OCCAID facilitates collaboration between research communities and the... http://en.wikipedia.org/wiki/OCCAID mercutio: cool.
with verizon etc it's hard to know which directino loss is happening
i think i determined it was outbound from arp m0unds: ugh, really hate the congestion to this vm via work mercutio: verizon? m0unds: ntt mercutio: ntt<->ntt? m0unds: CL->NTT
port here isn't even remotely congested
connection to home is CL->comcast via denver
connection to arp is CL->NTT via LAX
connection to another vm is CL via telia, and it's fine brycec: CL as in CraigsList? :P m0unds: why yes
speaking of.. brycec: Same diff anyways m0unds: yeah, bargain basement
http://albuquerque.craigslist.org/clt/4494974647.html brycec: m0unds: Is the actor a NM resident? m0unds: i couldn't tell you brycec: Or is this just random for random's sake? m0unds: it'd be funny if he was and it was his collection brycec: Couldn't tell if this was "hey, the Enzyte guy is from our town, yay" m0unds: as far as i know, he's not from here
just some dude trying to sell a "collection" of related merch for $1k
hahaha mercutio: oh right sorry i half asleep
no excuse :)
i want to see free internap like solutions myself :) m0unds: he's canadian mercutio: it's hard to make everything work well without tweaking m0unds: whew mercutio: but the tweaks don't remain the same
which is why automation is good :)
internap's route optimisdation doesn't actually work that well
but the idea is good ***: plett has quit IRC (Ping timeout: 240 seconds)
plett has joined #arpnetworks
up_the_irons has quit IRC (*.net *.split)
grepidemic has quit IRC (*.net *.split)
staticsafe_ has quit IRC (*.net *.split)
avj has quit IRC (*.net *.split)
carvite has quit IRC (*.net *.split)
m0unds_ has quit IRC (*.net *.split)
brycec has quit IRC (*.net *.split)
BryceBot has quit IRC (*.net *.split)
josephb has quit IRC (*.net *.split)
acf_ has quit IRC (*.net *.split)
jpalmer has quit IRC (*.net *.split)
eryc has quit IRC (*.net *.split)
raptelan has quit IRC (*.net *.split)
mike-burns has quit IRC (*.net *.split)
pcn has quit IRC (*.net *.split)
RandalSchwartz has quit IRC (*.net *.split)
meingtsla has quit IRC (*.net *.split)
kevr has quit IRC (*.net *.split)
KDE_Perry has quit IRC (*.net *.split)
mercutio has quit IRC (*.net *.split)
twobithacker has quit IRC (*.net *.split)
m0unds has quit IRC (*.net *.split)
tabthorpe has quit IRC (*.net *.split)
pjs has quit IRC (*.net *.split)
NiTeMaRe has quit IRC (*.net *.split)
tabthorpe has joined #arpnetworks
dj_goku has quit IRC (Read error: Connection reset by peer)
mike-burns has joined #arpnetworks
up_the_irons has joined #arpnetworks
KDE_Perry has joined #arpnetworks
mercutio has joined #arpnetworks
twobithacker has joined #arpnetworks
m0unds has joined #arpnetworks
jpalmer has joined #arpnetworks
eryc has joined #arpnetworks
raptelan has joined #arpnetworks
acf_ has joined #arpnetworks
josephb has joined #arpnetworks
BryceBot has joined #arpnetworks
brycec has joined #arpnetworks
m0unds_ has joined #arpnetworks
kevr has joined #arpnetworks
carvite has joined #arpnetworks
meingtsla has joined #arpnetworks
RandalSchwartz has joined #arpnetworks
pcn has joined #arpnetworks
NiTeMaRe has joined #arpnetworks
pjs has joined #arpnetworks
avj has joined #arpnetworks
staticsafe_ has joined #arpnetworks
grepidemic has joined #arpnetworks
verne.freenode.net sets mode: +oo mike-burns up_the_irons
up_the_irons has quit IRC (*.net *.split)
grepidemic has quit IRC (*.net *.split)
staticsafe_ has quit IRC (*.net *.split)
avj has quit IRC (*.net *.split)
carvite has quit IRC (*.net *.split)
m0unds_ has quit IRC (*.net *.split)
brycec has quit IRC (*.net *.split)
BryceBot has quit IRC (*.net *.split)
josephb has quit IRC (*.net *.split)
acf_ has quit IRC (*.net *.split)
jpalmer has quit IRC (*.net *.split)
eryc has quit IRC (*.net *.split)
raptelan has quit IRC (*.net *.split)
mike-burns has quit IRC (*.net *.split)
pcn has quit IRC (*.net *.split)
RandalSchwartz has quit IRC (*.net *.split)
meingtsla has quit IRC (*.net *.split)
kevr has quit IRC (*.net *.split)
KDE_Perry has quit IRC (*.net *.split)
mercutio has quit IRC (*.net *.split)
twobithacker has quit IRC (*.net *.split)
m0unds has quit IRC (*.net *.split)
pjs has quit IRC (*.net *.split)
NiTeMaRe has quit IRC (*.net *.split)
[FBI] starts logging #arpnetworks at Thu Jun 05 22:30:07 2014
[FBI] has joined #arpnetworks
dj_goku has joined #arpnetworks
mike-burns has joined #arpnetworks
up_the_irons has joined #arpnetworks
grepidemic has joined #arpnetworks
staticsafe_ has joined #arpnetworks
avj has joined #arpnetworks
pjs has joined #arpnetworks
NiTeMaRe has joined #arpnetworks
pcn has joined #arpnetworks
RandalSchwartz has joined #arpnetworks
meingtsla has joined #arpnetworks
carvite has joined #arpnetworks
kevr has joined #arpnetworks
m0unds_ has joined #arpnetworks
brycec has joined #arpnetworks
BryceBot has joined #arpnetworks
josephb has joined #arpnetworks
acf_ has joined #arpnetworks
KDE_Perry has joined #arpnetworks
mercutio has joined #arpnetworks
twobithacker has joined #arpnetworks
m0unds has joined #arpnetworks
jpalmer has joined #arpnetworks
eryc has joined #arpnetworks
raptelan has joined #arpnetworks
barjavel.freenode.net sets mode: +oo mike-burns up_the_irons up_the_irons: not sure if you got this:
mercutio: the thing is, doing traffic engineering to route around problems just sets precedent that i'll tweak this / that / etc... and eventually end up with a mess of complicated rules. It is better treat the disease, not just alleviate symptom. need to get on NTT / Verizon's case about the loss. Email NOCs, show traceroutes, etc...
mercutio: ^^
can anyone who is running KVM/QEMU and libvirt on Ubuntu 12.04 on some machine of theirs tell me if "aa-status" shows your VMs in "enforce" mode
On Lucid, this is the case, but not on 12.04 for me, for some reason...