I have some too 122.226.223.69 - - [17/Aug/2014:10:24:42 -0400] "GET http://www.k2proxy.com//hello.html HTTP/1.1" 404 2055 up_the_irons: are you around? kevr: probably best to just ask a question if you have one and he would respond when he is around or you could always email support@ mnathani: It's extremely common. Nothing to worry about if you're not an open proxy, just 2KB wasted. Make note that many IRC networks, FreeNode included, also do a quick sweep for open proxies (to determine whether the connection is likely a spammer) and you'll see those in your logs for various services too, but they're better identified. every time that k2 site hits me i'm gonna hit them 10x I don't think it's k2proxy.com's fault... At least, no guaranteed I often see other urls requested, like google and msft And I'm pretty sure they're not the ones crawling ;P That's what she said!! BryceBot: u wot m8 is there a way to pass init=/bin/sh to the bootloader? I lost my password for my instance I'm logged in, just don't have root or sudo That's what she said!! mick_laptop: you can connect to the vnc console and edit the boot command line in the bootloader when the system is booting thanks I'll try that tonight getting weird connectivity part of the weird might be I'm in ketchikan but some sites are just popping up quick, others slow do you live there RandalSchwartz? no... just a visitor ah why are you there? but I'm openvpn to arp, and still getting weirdness www.insightcruises.com/events/sa22/ even tried a few other vpn That's what she said!! BryceBot: no Oh, okay... I'm sorry. 'even tried a few other vpn' hahaha s/vpn/potatoes even tried a few other potatoes (Wow, that "no" trained it from 97% to 11%) this is the first time that mtr showed the fifth or sixth hop going through a 10.x address I fear I'm TCP over TCP at the border of ketchikan oh, alaska, cool how's the weather up there? cool. :) awesome just saw 62F as the temp today - that sounds great haha yeah - switched from summer coat to winter coat for today's shoreside neat I can't get to google.com from here. but I can ssh to arp. but I can't openvpn to my arp box, just a few others. I wonder if they have screwed up BGP but that should then still work if I openvpn to somewhere. I don't understand this failure I wonder if it's reverse DNS no... host 206.223.199.52 gives a fast rever revers If you can't hit certain ports, then sounds like filtering. What's the ISP? I don't know that it's about certain ports many web sites come up instantly. Many others don't. that'd all be 80 or 443 I was focussing on the OpenVPN, but I see where you said some work others don't *focusing my openvpn is on udp 443 but even once I'm on a vpn that *does* work, I still get weirdness So seems like the ISP (and not the Internet or ARP) is screwy I don't see how you come to that conclusion if I can get *some* VPN, the local ISP can't tell what I'm doing and yet the behavior seems similar Just because you got to those VPN doesn't mean your traffic isn't still traveling over that ISP but the packets are opaque I'm suggesting that the ISP has broad problems, dropping packets probably no... also tested that with mtr under 2% loss But >0? That sucks and this "curl -o /dev/null https://arpnetworks.com/100mb.bin" runs at 500kbps KBps well mostly 0 but I saw a few when I went to larger packets the 10.x address in the mtr still scares me Nothing out of the ordinary in my smokepings https://smokeping.cobryce.com/?target=ARP.ARPWebsite is it rural enough to be wireless or something? ahh... I had my openvpn listening on tcp not udp now I connect fine to arp oh, that'd do it m0unds: Well there are no roads to Anchorage, does that count as rural? :P but STILL can't connect to $randomwebsite equally well haha, it's not rural if you're comparing anchorage to other places in AK ketchikan is a lot smaller yeah, i saw it on the map I've been to both :) That's what she said!! BryceBot: no Oh, okay... I'm sorry. 'I've been to both :)' lol hah is that a new trigger? I think it needs to default to "no", and you can say "yes" :) That's what she said!! heh! RandalSchwartz: It's actually learned, not a "trigger" s/yes/potatoes I think it needs to default to "no", and you can say "potatoes" :) There's a bayesian net behind it Like spamassasin, but for "that's what she said" BryceBot: no Oh, okay... I'm sorry. 'I think it needs to default to "no", and you can say "yes" :)' I love hot dogs Yeah - I'm still just puzzled by this net issue BryceBot: yes Okay! twss! 'Yeah - I'm still just puzzled by this net issue' BryceBot: no Oh, okay... I'm sorry. 'Yeah - I'm still just puzzled by this net issue' heh As you can see, there are both yes and no "that's what she said" this damn net issue my mtr to www.google.com hits my vpn, then arp, then essentially google and yet www.google.com doesn't load but feedly.com does essentially the same, but LOADS IMMEDIATELY. I do NOT understand this behavior are you routing everything over the vpn? yes even dns huh, funky you're telling me! That's what she said!! Can you curl/lynx/wget/whatever www.google.com on your vps? I think your bayes was a little loose you mean on my laptop? RandalSchwartz: no I mean on the openvpn server (I know, obvious things to check) Well, what's weird, is it works on my laptop FWIW my bayes requires a 97% match it's just safari and chrome and firefox that can't get it chome says "establishing secure connection" then stops. I wonder if your browsers are trying ipv6? And can you curl google from your laptop? (because debugging connectivity in a browser is convoluted compared to "curl -v") hmm. maybe v6 interesting. yes, google from laptop curl both http and https And curl used v4? Presume so but I have no default v6 route Would've been in the -v output. If curl can reach it but not browsers... RandalSchwartz: did you curl https:// ? lemme try Might be an MTU thing ... * Rebuilt URL to: https://www.google.com/ * Hostname was NOT found in DNS cache * Trying 74.125.25.99... ahh... so if I set my MTU lower somehow? Assuming the issue is on your computer More likely some naughty gear along the path that wouldn't explain why some sites and not others same opaque content either way http works when https doesn't often means that the SSL cert being returned is hitting an MTU ceiling somewhere along the path reduced mtu from 1500 to 1400 for both wifi and tunnel no - http doesn't work google.com for either, no work. at least not in browser. works in curl. what else is browser doing? :( RandalSchwartz: browser is automatically switching to https because Google is on the HSTS list (one more reason to use curl :P) You could try http://74.125.25.99 in the browser to test, perhaps (if it doesn't provide the hsts header) browser still paused worked fine at command-line though Did the browser pause saying "establishing secure connection"? Perhaps your browsers are trying a proxy? (grasping at straws) Perhaps you should just reboot? :P Oooh... google main page came up, and still trying to "establish secure connection" hmm. https://www.superfish.com/ what the F is that malware http://malwaretips.com/blogs/superfish-window-shopper-adware/ dammit. can't get taht page either what's the uninstall instructions I can't even hit sfari's extensions page RandalSchwartz: can you access vps3.cobryce.com? I'll host a copy (that vps is on ARP) no it's probably still gonna try to hit superfish RandalSchwartz: curl http://sprunge.us/TXIK just a copy/paste of the text on the page (Apparently there about 5 different places to uninstall/remove it) Relevant https://support.mozilla.org/en-US/questions/878411 :) "How do remove www.superfish.com permanently - it interferes whenever I open my Firefox browser ... no matter which website I wish to visit ?" Looks like a bunch of plugins/extensions use it for ad revenue RandalSchwartz: try starting Firefox in safe mode (without loading any extensions) https://support.mozilla.org/en-US/questions/830223 "How did Superfish get on my PC?" I can't see any of those That's what she said!! BryceBot: no Oh, okay... I'm sorry. 'I can't see any of those' Even after? │15:18:55 brycec | RandalSchwartz: try starting Firefox in safe mode (without loading any extensions) how do you do that? Pretty sure there's a shortcut for it in the start menu (sounds like you're using Windows - please correct me if I'm wrong) "start menu" no - OSX wait - neil says he's better after reboot gonna try that Either hold the Option key while starting, or /Applications/Firefox.app/Contents/MacOS/firefox-bin -safe-mode ok - rebooted let's see if this is still a problem google.com seems to come up ok in chrome. not in safari RandalSchwartz: dns issues? chrome disregards some stuff like hosts afaik had "site" issues yesterday which worked just fine in chrome but bad everywhere else; turned out i had stuff laying around in hosts hard to tell. But once I refreshed from this morning's backup, everything is good. RandalSchwartz, brycec: fwiw, I was seeing similar issues with Google over an ARP IPv6 tunnel today sometimes Google will load fast sometimes it will just stop loading, and I have to refresh then it loads immediately it's still happening for me I think pages are cached, so the problem appears to go away Back on ship, all pages equally slow. :) Something infected my machine earlier today to go off to SuperFish probably the first bar I was at Neil's machine was fixed by a reboot mine didn't get fixed until I restored from this morning's clone but thank goodness, it seems to be rid of whatever I picked up from that first wifi hotspot hmm... Google IPv6 used to go over any2ix I thought I know Google IPv4 did