up_the_irons: hola :) up_the_irons: ping :) pokes brycec Hien: Do you have a question specifically for up_the_irons? Or is it maybe something the knowledgeable people and bots of #arpnetworks could help with? brycec: Thank you. But I email'd up_the_irons Ah I wouldn't do that if I were you Why ? 0_o Just about new order, no urgent question or something xD I meant the poking of BryceBot. BryceBot is mean. Oh. @weather yyz Toronto-Pearson International, Ontario: Mostly Cloudy ☁ 68°F (20°C), Humidity: 56%, Wind: From the West at 15 MPH Gusting to 22 MPH -- For more details including the forecast and almanac, see http://www.wunderground.com/cgi-bin/findweather/getForecast?query=43.67722321,-79.63055420 or re-request this with: @weather -v yyz nice day today yesterday was a lot of rain followed by sunshine @weather CAZ096 Error, No cities match your search query @weather 90012 Los Angeles, CA: Partly Cloudy ☁ 76°F (24°C), Humidity: 71%, Wind: From the WNW at 1.0 MPH Gusting to 10.0 MPH -- For more details including the forecast and almanac, see http://www.wunderground.com/cgi-bin/findweather/getForecast?query=34.059711,-118.256401 or re-request this with: @weather -v 90012 @weather 91344 Granada Hills, CA: Clear 82°F (27°C), Humidity: 51%, Wind: From the SSE at 2.9 MPH Gusting to 4.9 MPH -- For more details including the forecast and almanac, see http://www.wunderground.com/cgi-bin/findweather/getForecast?query=34.287365,-118.484680 or re-request this with: @weather -v 91344 6°F cooler at the office up_the_irons: closer to the water too brycec: Feature request... noaa stations. :) dav: Take it up with wunderground.com brycec: Copy that. @weather San Joaquin Valley, CA Multiple locations matched your query: San Diego International-Lindbergh, CA (zmw:92140.5.99999), San, ML (zmw:00000.1.61277), Apparently wunderground hates the Sierra Nevada Mountains @weather Hanford, CA Hanford, CA: Clear 82°F (28°C), Humidity: 50%, Wind: From the West at 2.7 MPH Gusting to 3.7 MPH -- For more details including the forecast and almanac, see http://www.wunderground.com/cgi-bin/findweather/getForecast?query=36.355957,-119.656898 or re-request this with: @weather -v Hanford, CA Close enough (Actually wunderground redirects to Lakeshore, CA for the lat/lon of CAZ096 @weather 37.29833,-119.10333 Lakeshore, CA: Clear 77°F (25°C), Humidity: 17%, Wind: From the East at 5 MPH -- For more details including the forecast and almanac, see http://www.wunderground.com/cgi-bin/findweather/getForecast?query=37.62405777,-118.83875275 or re-request this with: @weather -v 37.29833,-119.10333 Oh! Coordinates work. Sweet. I love that http://forecast.weather.gov/MapClick.php?zoneid=CAZ096 says it's -18C there Busted sensor I guess? (coordinates need to be comma-separated, no spaces) (again, that's just how wunderground works) wow, I haven't seen that in forever. someone joined a channel and instantly start begging for ops. "Can I have ops, plz?" up_the_irons: I can haz ops?!?! I need it to hang out in this channel! it's sooper important!!!11!11oneeleven up_the_irons: CAN I OPS HAZ??????? Not that #arpnetworks needs more ops really But I'm sure I would make a good op :p bawwwww :( haha not just a k or g-line, an internet-line! up_the_irons: hey, if everyone else gets ops, I would like ops too +o for all. now we just need an eggdrop bot network! #arpnetworks could do something like #devious does, +V users that are smart, well established, good community members etc (and +o for admins) It's used as a means of saying "these people know what they're talking about, they aren't just random people spouting bad advice" I don't know that it'd be necessary here. I really was just making fun of the fact that I hadn't seen that behavior in several years.. Heh yeah #arpnetworks seems to work just fine. Since it's pretty quiet in here, there's very little need for the "endorsement" of +V halfops would work for me : % if only they existed on freenode ^ anybody else notice SIP brute forcing getting particularly bad? is that like ops for hobbits? it just crashed asterisk no idea, i don't run any sip boxes connected to the internet without firewall rules or nat in front of them probably wise http://unixcube.org/who/acf/tmp/sipgraph.png ^ mostly SIP traffic notice the outbound is significantly above the inbound in that last part maybe a SIP amplification attack of some sort? up_the_irons: are you around? m0unds: do you happen to have ARP metal? acf_: don't ask to ask, just ASK ;) can you sign a new ipmi vpn cert for me please? :/ I forgot the passphrase yeah, send the csr to support@ thanks acf_: nope up_the_irons: okay, I've sent it I've seen nasty SIP brute forcing too, at the firewall :P how do you firewall your sip? Sorry that it's chewing up so much of your bandwidth acf_ acf_: One of two approaches. 1) Only open ports for specific hosts, 2) Fail2Ban hm. I guess it's option 2 for me fail2booooooooooo acf_: why not #1? SIP clients on dynamic addresses unless there is some other way to restrict based on host? *how* dynamic? I have clients whose IPs only change once a blue moon. Others I have the client update a dyndns host and pf refreshes from that hourly. Comcast dynamic IP also cellular network that's what I'm most worried about Comcast - once a month at most Cellular... blech acf_: you could run SIP on a non-standard port too I was thinking about that vpn :D VPN is a perfect solution, if you have perfect users. VPN would be great, except for mobile devices [mobile devices do VPN...] have you had any experience with VPN on mobile devices? I haven't... Yes but it seems like it could be bad OpenVPN, l2tp, and ipsec it's fine i've used l2tp and ipsec oh and pptp ugh yuck I'll have to try that m0unds: PPTP still easiest for $users to setup and configure and comments on device support? For a simple voice VPN, I wasn't too worried Android, Symbian, iOS, etc... I can say for certain that Android and iOS do PPTP and L2TP+IPsec natively. Android has good OpenVPN client support (last I checked, iOS had to be jailbroken for opencpn) apparently Symbian supports PPTP also I might try that PPTP isn't the most secure, but it's simplest (username+password) and "good enough" for a simple voice vpn Plus with VPN, you don't have to deal with NAT issues have you any experience with voip handoff between wifi and 3g? ie, you go in range of wifi, phone connects, drops call If it's in a VPN, you're just waiting for the VPN tunnel to reesatablish but if that's quick, the call stays up and nobody notices. i typically just dump sip calls to my phone# directly if i don't answer my ext how about outbound calls? the cid gets all messed up... i just block my outbound cid and dial from my phone ah if the call recipient went through the trouble to block anonymous calls, they can wait til i get to the office haha m0unds++ on all points In theory you can setup a DISA, call the PBX and then route back out Or just *67 I've been looking for a way to do that cleanly for a long time ie, click on a contact, it dials the PBX, etc... There are craploads of click2call Many of them work well, even not for Symbian users :/ a buddy of mine did that to allow him to dial in to his PBX to have outbound calls routed via his toll-free whoa, symbian? acf_: if the Symbian user is just a cellphone, then what does it matter? ie you click the link on your computer, the PBX calls your phone (the Symbian or whatever) and when you pickup and confirm, then the PBX bridges that to an outbound call to $wherever A phone call is a phone call, regardless of the receiving device. ah yes I was hoping for some tighter integration so that you can initiate the call using the built in ui and it just works acf_: i seem to recall that Blackberry (because that's what I used at the time) had a means to program a prefix so you could dial through the office phone system To do just that No idea if Android etc can do that nowadays yeah. any idea what that's called? my google searches have yeilded nothing... In theory though, you can just prefix the destination with 1800mypbx{pauses}$disaextension{pause} prefix dialing i think ok cool or "dial via office" http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cumc/7_1/english/BlackBerry/installation_user_guide/install_user_guide/calls.pdf obviously that's the blackberry specific stuff :p[ yeah but you could google for $platform dial via office looks like Android uses a Cisco app for it Symbian seems to be left with click2call/"reverse callback" that's what I was afraid of I wonder if GSM/UMTS has any out-of-band signalling capabilities at call setup you could change the software stack to dial a fixed number, and signal the actual number to dial Besides the messaging layer that SMS is built atop? I guess that could work I don't know if it supports that function specifically though Maybe that's what this "fixed dialing numbers" stuff is about on second though, FDN wouldn't solve the problem I'm kind of surprised that the telecoms don't have services that allow easy integration into PBXes It's not the telecoms prerogative it seems like it would be a useful service for companies that use cell phones it's Android/WinMo/Symbian And companies that use cellphones also use Cisco (with their own Android app), or Blackberries (builtin) who uses Symbian anymore Europe (Lync might even have an 'app' hook to do it) really now Europe is a myth well, yeah people are moving away from it 4.4% global market share as of 2012 according to wookiepedia that's not too bad 4 out of every 100 cell phones are Symbian up_the_irons: still around? acf_: BTW the SIP brute forcing should be somewhat limited already http://support.arpnetworks.com/kb/main/is-there-a-firewall-filter-rate-limit-or-similar-device-applied-to-my-traffic Unless ^ doesn't apply to Metal customers I think I had that removed a while ago so I could run OpenVPN instances on non-standard ports btw acf_ I can't resolve your unixcube.org I know :/ bad things happened uh oh o_o so I can't even see that graph you linked :p I'm waiting for up_the_irons to sign me a VPN cert so I can get a console that's weird... ns[0123].unixcube.org should have entries in the DNS root to be proper "nameservers" they don't? hm don't seem to I'm only cursorily investigating brycec: you wouldn't happen to have arp metal would you? brycec: you mean glue? sorry acf_ aww they should just call them horse records acf_: scratch that, the records are there, but dig was being stupid ah, that's good staticsafe: I meant A records for the nameserver entries is there a way to do a broadcast ipv6 ping? ping6 ff02::1%$interfacename (not broadcast as that is not really a thing in IPv6) that is the All nodes on the local network segment address multicast all the things! hm so my ARP metal box lost network there's a moron who used to work here who couldn't grasp the word "multicast" he always used to refer to it as "multitask" drove me nuts o_o that's great sending multitask packets that's what happens when you bolt people with no networking experience (VCR + DVR + analog video) into an updated position where it's important to know it I have a VPS on the same logical network shouldn't I be able to ssh into it via its IPv6 link local address? "what do you mean by converged network?!" "voice, video and internets on the same network?!" Yes, acf_ or is there some case where the interface could lose its link local address no If it's down or unconfigured... well that so here's what happened: IPv4 things broke I ran /etc/init.d/networking restart in Debian ^ bad idea IPv6 things broke acf_: and you don't have IPMI console up yet? no I used to if I had an IPMI console, I could just reconfigure the interfaces staticsafe: he thought that i assigned ip addresses for devices purely based on the port on the switch that they're connected to acf_: I assume console.cust.arpnetworks.com doesn't tie in to any physical serial port or whatnot? like..with analog video, there's an electrical signal chain you have to follow or you won't get video on the far end. he htought that's how an ip network functions, haha heh When you put it that way, it's not illogical, just wrong. right brycec: unfortunately it doesn't appear so but he'd argue it as truth and would actively refuse or reject explanation to the contrary :) also, i think i'm giving him too much credit w/the signal thing. he didn't really understand how that worked either, just that if he put a camera on a cable, and plugged the cable in, it would show up this is why he's no longer here..that and he was offered an enormous $250 sign on bonus to work for a company that repairs automatic card shufflers Wow a whole $250? yup gave up ~$3800/yr in benefits, 10hrs/period of PTO and 4 day set schedule for $250 m0unds: is he doing the repairs? or he's doing IT for them? repairs so it's better for him Sounds like it i do X because Y is broken also, i rarely see him which is great for my mental health hahaha http://i.imgur.com/KAD0QvN.png this graph is depressing although, the one day where there was no real spike was the 4th of july yeah that's Comcast right? yep I think he was willing to try and reroute some Verizon routes don't think it's happened yet though up_the_irons that is http://i.imgur.com/nQdjKIp.png what's that? cut over to a different box running the same services ah i was kind of hoping that whatever party is causing congestion would lay off at some point nope i haven't been able to figure out what common svcs traverse ntt via comcast not too many from the looks of it netflix doesn't, hulu doesn't, amazon vod doesn't, xbox live/video doesn't, psn doesn't bigger providers likely have monitoring systems in place for all of the major ISPs and reroute traffic accordingly well, the ones i mentioned have peering arrangements w/comcast that's why Amazon has such great connectivity I think not Amazon (I think) oh maybe they do they don't with Verizon though the ELB addresses i've seen w/VOD do for sure and just checking an east coast AZ EC2 instance, it's comcast -> amazon directly yeah I see that here too Amazon appears to have direct peering with HE too it was a bit congested last time I checked my smokeping I was surprised does it seem like they use ntt to reach vz? I can't check atm ah but a while ago it seems they used NTT for the forward path (from me) I can't remember the reverse path, but I think it was via Telia or something NTT is their #2 v4 peer according to bgp.he.net (amzn) what AS are you looking at? 16509 I see Telia is #4 Level3 is #8 yea, -z flag on mtr is handy mtr -z4 somev4host.domain.tld ah, didn't think to try that m0unds: what does the -z flag do? And what version of mtr? mtr 0.82 (Debian Wheezy) only has -hvrwctglspniu46 oh -z does ASN lookups but it doesn't work with the GTK GUI i'm on .85 same here doesn't bother me, i just use mtr in a temrinal ... temrinal? really? for some reason it defaults to GTK for me unless I specify --curses http://pastebin.com/K35UgeWz brycec: ^ curses CURSES NCURSES actually anyone know about what time up_the irons gets back? Ah m0unds has a newer mtr I was hoping someone would port that from traceroute Nice to see that it has been yeah I think I looked for that option in the man page a while ago and didn't see it so I had to revert to traceroute if I needed AS lookups damn not in wheezy-backports m0unds: Out of curiosity, what OS is that on? Or did you compile from source? I use Debian jessie it's stable enough for me :D brycec: netbsd 6.1.4 same v on freebsd 10 so installed via pkgin or from ports respectively .85 on 14.04 LTS too (just looked) Cool thank you sho 'nuff so basically everything has mtr 0.85 except debian stable Which is typical I'm surprised at the lack of a backport for it though haha what version of nginx is debian stable on? Source Package: nginx (1.2.1-2.2+wheezy2) oh, that's not too bad better than i figured haha for jessie: Package: nginx (1.6.0-1) ^ and wheezy-backports nginx version: nginx/1.5.12 netbsd, and 1.6.0 for freebsd When is jessie going to be released as stable, anyone know? I guess they don't define a date I think at some point they freeze everything, so that only bugs can be patched (no package version upgrades) dates are for suckers maaaaaaaaaan and when everything passes QA, they release it if I set my distribution to "testing" in /etc/apt/sources.list every time they do a release, sid goes into testing and I end up upgrading to it :/ Freeze is Nov 5 https://release.debian.org/jessie/freeze_policy.html lol so..soon? haha m0unds: they're aiming for January or maybe Feb? I'm not too clear on their release policy either But I do know that it won't be this year i don't think i've ever actually used debian debian wait, i have i have raspbian on my raspi, hahaha nice, heavy isolated thunderstorm raspbian rocks so easy, so small yeah, works pretty well no shuttles running to get to the parking lot (.33 mi from the building) and it's pouring outside so i'm wearing a plastic bag it's stylish and practical as you're typing in an irc channel ;) meta-p /window scroll_previous_highlight erk m0unds: Why no shuttles? Seems odd. HELLO has freenode been acting up lately i'm getting messages in other channels in bursts every few seconds and a ton of latency concert tonight. EMPLOYEES BE DAMNED. hazardous: i have not noticed anything Ah, sucks m0unds hazardous: I'm never surprised to hear Freenode having problems it was alright, head and shoes got soaked, rest of me was fine stupid ringo starr hazardous: it may be teh server you're connected to. there hasn't been lots of splits