[01:00] <mnathani> I have some too
[01:00] <mnathani> 122.226.223.69 - - [17/Aug/2014:10:24:42 -0400] "GET http://www.k2proxy.com//hello.html HTTP/1.1" 404 2055
[01:02] <kevr> up_the_irons: are you around?
[01:10] <mnathani> kevr: probably best to just ask a question if you have one and he would respond when he is around
[01:11] <mnathani> or you could always email support@
[01:25] *** pyvpx_ is now known as pyvpx
[07:41] <brycec> mnathani: It's extremely common. Nothing to worry about if you're not an open proxy, just 2KB wasted.
[07:42] <brycec> Make note that many IRC networks, FreeNode included, also do a quick sweep for open proxies (to determine whether the connection is likely a spammer) and you'll see those in your logs for various services too, but they're better identified.
[08:33] *** pseudorandom has joined #arpnetworks
[09:23] <mus1cbox> every time that k2 site hits me i'm gonna hit them 10x
[09:23] <brycec> I don't think it's k2proxy.com's fault...
[09:24] <brycec> At least, no guaranteed
[09:24] <brycec> I often see other urls requested, like google and msft
[09:24] <brycec> And I'm pretty sure they're not the ones crawling ;P
[09:24] <BryceBot> That's what she said!!
[09:24] <staticsafe> BryceBot: u wot m8
[11:43] *** mus1cbox is now known as mus1cb0x
[12:29] * mnathani slaps BryceBot
[12:29] * mnathani slaps BryceBot around with a large trout
[12:44] *** mick_laptop has joined #arpnetworks
[12:46] <mick_laptop> is there a way to pass init=/bin/sh to the bootloader? I lost my password for my instance
[12:47] <mick_laptop> I'm logged in, just don't have root or sudo
[12:47] <BryceBot> That's what she said!!
[12:50] <ant> mick_laptop: you can connect to the vnc console and edit the boot command line in the bootloader when the system is booting
[12:52] <mick_laptop> thanks
[12:52] <mick_laptop> I'll try that tonight
[14:30] *** fink has joined #arpnetworks
[14:31] <RandalSchwartz> getting weird connectivity
[14:31] <RandalSchwartz> part of the weird might be I'm in ketchikan
[14:32] <RandalSchwartz> but some sites are just popping up quick, others slow
[14:32] <mus1cb0x> do you live there RandalSchwartz?
[14:32] <RandalSchwartz> no... just a visitor
[14:32] <mus1cb0x> ah
[14:32] <mus1cb0x> why are you there?
[14:32] <RandalSchwartz> but I'm openvpn to arp, and still getting weirdness
[14:33] <RandalSchwartz> www.insightcruises.com/events/sa22/
[14:34] <RandalSchwartz> even tried a few other vpn
[14:34] <BryceBot> That's what she said!!
[14:34] <brycec> BryceBot: no
[14:34] <BryceBot> Oh, okay... I'm sorry. 'even tried a few other vpn'
[14:35] <m0unds> hahaha
[14:35] <m0unds> s/vpn/potatoes
[14:35] <BryceBot> <RandalSchwartz> even tried a few other potatoes
[14:35] <brycec> (Wow, that "no" trained it from 97% to 11%)
[14:36] <RandalSchwartz> this is the first time that mtr showed the fifth or sixth hop going through a 10.x address
[14:36] <RandalSchwartz> I fear I'm TCP over TCP at the border of ketchikan
[14:38] <m0unds> oh, alaska, cool
[14:38] <m0unds> how's the weather up there?
[14:38] <RandalSchwartz> cool. :)
[14:38] <m0unds> awesome
[14:39] <m0unds> just saw 62F as the temp today - that sounds great
[14:39] <m0unds> haha
[14:39] * m0unds is sick of 90+F temps
[14:39] <RandalSchwartz> yeah - switched from summer coat to winter coat for today's shoreside
[14:39] <m0unds> neat
[14:40] <RandalSchwartz> I can't get to google.com from here.  but I can ssh to arp.  but I can't openvpn to my arp box, just a few others.
[14:40] <RandalSchwartz> I wonder if they have screwed up BGP
[14:40] <RandalSchwartz> but that should then still work if I openvpn to somewhere.
[14:40] <RandalSchwartz> I don't understand this failure
[14:41] <RandalSchwartz> I wonder if it's reverse DNS
[14:42] <RandalSchwartz> no... host 206.223.199.52 gives a fast rever
[14:42] <RandalSchwartz> revers
[14:43] <brycec> If you can't hit certain ports, then sounds like filtering. What's the ISP?
[14:44] <RandalSchwartz> I don't know that it's about certain ports
[14:44] <RandalSchwartz> many web sites come up instantly.  Many others don't.
[14:44] <RandalSchwartz> that'd all be 80 or 443
[14:45] <brycec> I was focussing on the OpenVPN, but I see where you said some work others don't
[14:45] <brycec> *focusing
[14:45] <RandalSchwartz> my openvpn is on udp 443
[14:45] <RandalSchwartz> but even once I'm on a vpn that *does* work, I still get weirdness
[14:46] <brycec> So seems like the ISP (and not the Internet or ARP) is screwy
[14:47] <RandalSchwartz> I don't see how you come to that conclusion
[14:47] <RandalSchwartz> if I can get *some* VPN, the local ISP can't tell what I'm doing
[14:47] <RandalSchwartz> and yet the behavior seems similar
[14:49] <brycec> Just because you got to those VPN doesn't mean your traffic isn't still traveling over that ISP
[14:49] <RandalSchwartz> but the packets are opaque
[14:49] <brycec> I'm suggesting that the ISP has broad problems, dropping packets probably
[14:49] <RandalSchwartz> no... also tested that with mtr
[14:49] <RandalSchwartz> under 2% loss
[14:50] <brycec> But >0? That sucks
[14:50] <RandalSchwartz> and this "curl -o /dev/null https://arpnetworks.com/100mb.bin" runs at 500kbps
[14:50] <RandalSchwartz> KBps
[14:50] <RandalSchwartz> well mostly 0
[14:50] <RandalSchwartz> but I saw a few when I went to larger packets
[14:50] <RandalSchwartz> the 10.x address in the mtr still scares me
[14:51] <brycec> Nothing out of the ordinary in my smokepings https://smokeping.cobryce.com/?target=ARP.ARPWebsite
[14:53] <m0unds> is it rural enough to be wireless or something?
[14:53] <RandalSchwartz> ahh... I had my openvpn listening on tcp not udp
[14:53] <RandalSchwartz> now I connect fine to arp
[14:53] <m0unds> oh, that'd do it
[14:54] <brycec> m0unds: Well there are no roads to Anchorage, does that count as rural? :P
[14:54] <RandalSchwartz> but STILL can't connect to $randomwebsite equally well
[14:54] <m0unds> haha, it's not rural if you're comparing anchorage to other places in AK
[14:54] <RandalSchwartz> ketchikan is a lot smaller
[14:54] <m0unds> yeah, i saw it on the map
[14:55] <brycec> I've been to both :)
[14:55] <BryceBot> That's what she said!!
[14:55] <brycec> BryceBot: no
[14:55] <BryceBot> Oh, okay... I'm sorry. 'I've been to both :)'
[14:55] <brycec> lol
[14:56] <m0unds> hah
[14:56] <RandalSchwartz> is that a new trigger?
[14:56] <RandalSchwartz> I think it needs to default to "no", and you can say "yes" :)
[14:56] <BryceBot> That's what she said!!
[14:56] <RandalSchwartz> heh!
[14:56] <brycec> RandalSchwartz: It's actually learned, not a "trigger"
[14:56] <m0unds> s/yes/potatoes
[14:56] <BryceBot> <RandalSchwartz> I think it needs to default to "no", and you can say "potatoes" :)
[14:56] <brycec> There's a bayesian net behind it
[14:57] <brycec> Like spamassasin, but for "that's what she said"
[14:57] <brycec> BryceBot: no
[14:57] <BryceBot> Oh, okay... I'm sorry. 'I think it needs to default to "no", and you can say "yes" :)'
[14:57] <brycec> I love hot dogs
[14:57] <RandalSchwartz> Yeah - I'm still just puzzled by this net issue
[14:57] <brycec> BryceBot: yes
[14:57] <BryceBot> Okay! twss! 'Yeah - I'm still just puzzled by this net issue'
[14:57] <brycec> BryceBot: no
[14:57] <BryceBot> Oh, okay... I'm sorry. 'Yeah - I'm still just puzzled by this net issue'
[14:57] <RandalSchwartz> heh
[14:57] <brycec> As you can see, there are both yes and no
[14:57] <RandalSchwartz> "that's what she said"
[14:57] <RandalSchwartz> this damn net issue
[14:58] <RandalSchwartz> my mtr to www.google.com hits my vpn, then arp, then essentially google
[14:58] <RandalSchwartz> and yet www.google.com doesn't load
[14:59] <RandalSchwartz> but feedly.com does essentially the same, but LOADS IMMEDIATELY.
[14:59] <RandalSchwartz> I do NOT understand this behavior
[15:00] <m0unds> are you routing everything over the vpn?
[15:00] <RandalSchwartz> yes
[15:00] <RandalSchwartz> even dns
[15:00] <m0unds> huh, funky
[15:00] <RandalSchwartz> you're telling me!
[15:01] <BryceBot> That's what she said!!
[15:01] <brycec> Can you curl/lynx/wget/whatever www.google.com on your vps?
[15:01] <RandalSchwartz> I think your bayes was a little loose
[15:01] <RandalSchwartz> you mean on my laptop?
[15:01] <brycec> RandalSchwartz: no I mean on the openvpn server
[15:01] <brycec> (I know, obvious things to check)
[15:02] <RandalSchwartz> Well, what's weird, is it works on my laptop
[15:02] <brycec> FWIW my bayes requires a 97% match
[15:02] <RandalSchwartz> it's just safari and chrome and firefox that can't get it
[15:03] <RandalSchwartz> chome says "establishing secure connection" then stops.
[15:03] <brycec> I wonder if your browsers are trying ipv6? And can you curl google from your laptop?
[15:04] <brycec> (because debugging connectivity in a browser is convoluted compared to "curl -v")
[15:04] <RandalSchwartz> hmm.  maybe v6 interesting.
[15:04] <RandalSchwartz> yes, google from laptop curl
[15:04] <RandalSchwartz> both http and https
[15:05] <brycec> And curl used v4?
[15:05] <RandalSchwartz> Presume so
[15:05] <RandalSchwartz> but I have no default v6 route
[15:05] <brycec> Would've been in the -v output. If curl can reach it but not browsers...
[15:05] <brycec> RandalSchwartz: did you curl https:// ?
[15:05] <RandalSchwartz> lemme try
[15:05] <brycec> Might be an MTU thing
[15:06] <RandalSchwartz> ... * Rebuilt URL to: https://www.google.com/
[15:06] <RandalSchwartz> * Hostname was NOT found in DNS cache
[15:06] <RandalSchwartz> *   Trying 74.125.25.99...
[15:06] <RandalSchwartz> ahh... so if I set my MTU lower somehow?
[15:07] <brycec> Assuming the issue is on your computer
[15:07] <brycec> More likely some naughty gear along the path
[15:08] <RandalSchwartz> that wouldn't explain why some sites and not others
[15:08] <RandalSchwartz> same opaque content either way
[15:09] <brycec> http works when https doesn't often means that the SSL cert being returned is hitting an MTU ceiling somewhere along the path
[15:09] <RandalSchwartz> reduced mtu from 1500 to 1400 for both wifi and tunnel
[15:09] <RandalSchwartz> no - http doesn't work
[15:09] <RandalSchwartz> google.com for either, no work.
[15:09] <RandalSchwartz> at least not in browser.  works in curl.
[15:10] <RandalSchwartz> what else is browser doing? :(
[15:10] <brycec> RandalSchwartz: browser is automatically switching to https because Google is on the HSTS list
[15:10] <brycec> (one more reason to use curl :P)
[15:11] <brycec> You could try http://74.125.25.99 in the browser to test, perhaps (if it doesn't provide the hsts header)
[15:11] <RandalSchwartz> browser still paused
[15:12] <RandalSchwartz> worked fine at command-line though
[15:12] <brycec> Did the browser pause saying "establishing secure connection"?
[15:12] <brycec> Perhaps your browsers are trying a proxy? (grasping at straws)
[15:12] <brycec>  Perhaps you should just reboot? :P
[15:13] <RandalSchwartz> Oooh... google main page came up, and still trying to "establish secure connection"
[15:14] <RandalSchwartz> hmm.  https://www.superfish.com/
[15:14] <RandalSchwartz> what the F is that
[15:14] <brycec> malware
[15:14] <brycec> http://malwaretips.com/blogs/superfish-window-shopper-adware/
[15:15] <RandalSchwartz> dammit.
[15:15] <RandalSchwartz> can't get taht page either
[15:15] <RandalSchwartz> what's the uninstall instructions
[15:15] <RandalSchwartz> I can't even hit sfari's extensions page
[15:16] <brycec> RandalSchwartz: can you access vps3.cobryce.com? I'll host a copy
[15:16] <brycec> (that vps is on ARP)
[15:16] <RandalSchwartz> no it's probably still gonna try to hit superfish
[15:17] <brycec> RandalSchwartz: curl http://sprunge.us/TXIK
[15:17] <brycec> just a copy/paste of the text on the page
[15:18] <brycec> (Apparently there about 5 different places to uninstall/remove it)
[15:18] <brycec> Relevant https://support.mozilla.org/en-US/questions/878411 :)
[15:18] <brycec> "How do remove www.superfish.com permanently - it interferes whenever I open my Firefox browser ... no matter which website I wish to visit ?"
[15:19] <brycec> Looks like a bunch of plugins/extensions use it for ad revenue
[15:19] <brycec> RandalSchwartz: try starting Firefox in safe mode (without loading any extensions)
[15:19] <brycec> https://support.mozilla.org/en-US/questions/830223 "How did Superfish get on my PC?"
[15:20] <RandalSchwartz> I can't see any of those
[15:20] <BryceBot> That's what she said!!
[15:21] <brycec> BryceBot: no
[15:21] <BryceBot> Oh, okay... I'm sorry. 'I can't see any of those'
[15:21] <brycec> Even after? â”‚15:18:55         brycec | RandalSchwartz: try starting Firefox in safe mode (without loading any extensions)
[15:21] *** sga0_ has joined #arpnetworks
[15:22] <RandalSchwartz> how do you do that?
[15:22] <brycec> Pretty sure there's a shortcut for it in the start menu
[15:22] *** pjs has quit IRC (Read error: Connection reset by peer)
[15:22] <brycec> (sounds like you're using Windows - please correct me if I'm wrong)
[15:22] <RandalSchwartz> "start menu"
[15:23] <RandalSchwartz> no - OSX
[15:23] <RandalSchwartz> wait - neil says he's better after reboot
[15:23] <RandalSchwartz> gonna
[15:23] <RandalSchwartz> try that
[15:23] <brycec> Either hold the Option key while starting, or /Applications/Firefox.app/Contents/MacOS/firefox-bin -safe-mode
[15:27] <RandalSchwartz> ok - rebooted
[15:27] <RandalSchwartz> let's see if this is still a problem
[15:28] <RandalSchwartz> google.com seems to come up ok
[15:29] <RandalSchwartz> in chrome.  not in safari
[15:37] *** sga0__ has joined #arpnetworks
[15:37] *** pseudodoge has joined #arpnetworks
[15:37] *** fink has quit IRC (Read error: Connection reset by peer)
[15:37] *** fink has joined #arpnetworks
[15:38] *** m0unds__ has joined #arpnetworks
[15:38] *** acf___ has joined #arpnetworks
[15:38] *** sga0 has quit IRC (*.net *.split)
[15:38] *** m0unds_ has quit IRC (*.net *.split)
[15:38] *** eryc has quit IRC (*.net *.split)
[15:38] *** eryc_ has joined #arpnetworks
[15:40] *** pseudorandom has quit IRC (Ping timeout: 246 seconds)
[15:41] *** sga0_ has quit IRC (Ping timeout: 329 seconds)
[15:41] *** fink has quit IRC (Read error: Connection reset by peer)
[15:42] *** fink has joined #arpnetworks
[15:42] *** acf___ has quit IRC (Ping timeout: 240 seconds)
[15:43] *** acf__ has quit IRC (*.net *.split)
[15:43] *** acf__ has joined #arpnetworks
[15:43] *** mus1cb0x has quit IRC (Ping timeout: 240 seconds)
[15:44] *** mus1cbox has joined #arpnetworks
[16:32] <jbergstroem> RandalSchwartz: dns issues? chrome disregards some stuff like hosts afaik
[16:32] *** sga0__ has quit IRC (Read error: Connection reset by peer)
[16:34] <jbergstroem> had "site" issues yesterday which worked just fine in chrome but bad everywhere else; turned out i had stuff laying around in hosts
[16:35] *** sga0 has joined #arpnetworks
[17:17] *** fink has quit IRC (Quit: fink)
[17:28] <RandalSchwartz> hard to tell.  But once I refreshed from this morning's backup, everything is good.
[17:32] <acf__> RandalSchwartz, brycec: fwiw, I was seeing similar issues with Google over an ARP IPv6 tunnel today
[17:33] <acf__> sometimes Google will load fast
[17:33] <acf__> sometimes it will just stop loading, and I have to refresh
[17:33] <acf__> then it loads immediately
[17:34] <acf__> it's still happening for me
[17:34] <acf__> I think pages are cached, so the problem appears to go away
[17:35] <RandalSchwartz> Back on ship, all pages equally slow. :)
[17:36] <RandalSchwartz> Something infected my machine earlier today
[17:36] <RandalSchwartz> to go off to SuperFish
[17:36] <RandalSchwartz> probably the first bar I was at
[17:37] <RandalSchwartz> Neil's machine was fixed by a reboot
[17:37] <RandalSchwartz> mine didn't get fixed until I restored from this morning's clone
[17:42] <RandalSchwartz> but thank goodness, it seems to be rid of whatever I picked up from that first wifi hotspot
[17:44] <acf__> hmm... Google IPv6 used to go over any2ix I thought
[17:45] <acf__> I know Google IPv4 did
[17:46] * RandalSchwartz wanders off
[18:19] *** sga0 has quit IRC (Read error: Connection reset by peer)
[18:22] *** sga0 has joined #arpnetworks
[19:07] *** acf__ is now known as acf_
[20:52] *** pseudodoge has quit IRC (Ping timeout: 240 seconds)
[20:54] *** novae has quit IRC (Ping timeout: 272 seconds)
[20:57] *** novae has joined #arpnetworks
[23:48] *** pseudorandom has joined #arpnetworks
[23:52] *** pseudorandom has quit IRC (Ping timeout: 240 seconds)