brycec: (I haven't looked to see if the lg passes -n) pyvpx: isnt the skype infra still very separated from the rest of MSFT? brycec: To my knowledge, yes, but I doubt it will stay that way. Like most things, it will eventually get folded in, one way or another. ***: LT has joined #arpnetworks mercutio: mnathani: probably in theory if someone was to modify the code
mnathani: not sure of the best way to get a list of numbers to naem mappings - i usually use whois, but there may be limits to crawling that.
http://bgp.potaroo.net/cidr/autnums.html
ahh found this
flags destination gateway lpref med aspath origin
I 8.8.8.0/24 208.79.88.2 200 0 15169
[GOOGLE] g
so saying something like that would be fine?
like [GOOGLE] etc for the diff providers after the numbers.
i wonder if it's better to change the looking glass or bgp show rib ***: carvite has quit IRC (Ping timeout: 245 seconds)
carvite has joined #arpnetworks
neish_ has joined #arpnetworks
neish has quit IRC (Ping timeout: 256 seconds)
dj_goku_ has joined #arpnetworks
abthorpet has joined #arpnetworks
tabthorpe has quit IRC (Read error: Connection reset by peer)
dj_goku has quit IRC (Read error: Connection reset by peer)
Seji has quit IRC (Read error: Connection reset by peer)
Seji has joined #arpnetworks
LT has quit IRC (Quit: Leaving)
pjs_ has joined #arpnetworks
pjs has quit IRC (Read error: Connection reset by peer)
pjs_ is now known as pjs cpet: pjs ! ***: fink has joined #arpnetworks fink: yo RandalSchwartz
RandalSchwartz: do you happen to have your Virtualbox configs for your arpnetworks VPS's at hand? i'd like to compare notes mnathani: mercitio: yeah something like [GOOGLE]
or even hyperliks to bgp. he. net./as15169 etc for each AS in the path
mercutio ^ mercutio: well that file i found has names like that.
i think hacking in support to bgpctl show rib is probably best
but then people will want traceroute support :)
bgpctl show rib is show ip bgp
just more people understand it when it's said show ip bgp
my openbsd instance doesn't have a useful route table.
so i need to get that sorted, then i could try implementing it on there first.
but i'm pulled in a few directions atm staticsafe: I 192.67.222.0/24 208.79.88.135 100 51 2914 12179 62638 i
usually I don't see Internap in the best AS path ***: fink has quit IRC (Quit: fink) up_the_irons: to quickly find ASN info: https://raw.githubusercontent.com/up_the_irons/arpnet-toolbox/master/asn.sh
I just type "asn.sh <foo>" mercutio: up_the_irons: what do you think about me modifying traceroute / bgpctl to show from db the name?
i imagine it shouldn't be too difficult.
actually, as a first step, i suppose the footer could have something that does a javscript query to do a lookup
where you manually type in the ones you're curious about up_the_irons: not something i'm going to worry about, but feel free to take a stab at it if you like. keep in mind people are using the lg now, so treat it as such (e.g. no breaking it ;) mercutio: up_the_irons: yeah, i'd do it somewhere else first. up_the_irons: cool mercutio: on that note, can i get a copy of the routing table on my vps? up_the_irons: ? mercutio: just another peer up_the_irons: like, you want to peer with it? mercutio: i could get a peer from somewhere else to test.
yeah peer with it and get full table. up_the_irons: go ahead and peer with yourself mercutio: ok :) up_the_irons: that sounds kinda dirty. dunno why... mercutio: i probably can't look at this until weekend.
hahaha up_the_irons: no worries mercutio: i was also thinking that it'd be kind of useful to be able to do a few quick lookups
and traces.
like google, etc.
and back to yourself. BryceBot: That's what she said!! up_the_irons: BryceBot: no BryceBot: Oh, okay... I'm sorry. 'and back to yourself.' brycec: s/e.g./ie./ BryceBot: <mercutio> likie.ogle, etc. brycec: d'oh mercutio: like he.net's looking glass makes it quick/easy to traceroute back to yourself. up_the_irons: lol mercutio: but yeah the name thing actually kind of bugs me
i just do whois AS<as number>
and remember 2914, 174, etc.
like a few of them. up_the_irons: did u guys see that Level 3 bought TWTelecom? mercutio: yeah
i dunno what it means, other than way more data centres.
do twtelecom have a large network? brycec: I'd assume TWT is the backbone for Time Warner Cable... but that's an uninformed assumption.
[in which case, perhaps a better network experience for those customers] mercutio: when level3 got announced i got way more traffic on anycast for some reason.
it was surprising.
i added prepends. brycec: "tw telecom was originally founded as Time Warner Communications in 1993 as a joint venture between US West and Time Warner Cable. Time Warner Telecom rapidly evolved into a business provider specializing in fiber-based last mile solutions."
(So... separate) mercutio: i was reading something interesting about fiber providers in the US having huge costs to get government permission for laying cables.
doubling the cost etc.
and google somehow managed to bypass all of it. brycec: mercutio: Is that long-haul fibre? mercutio: but i'd hate to feel like i was forced onto google fiber myslef.
brycec: yeah i think so
we say fibre here, but i realise it's kind of us-centric here :) brycec: I was unaware that Google had long-haul fibre of their own
I say fibre too, because I can spell :P mercutio: well i imagine they need it to go between neighbourhoods.
and it looked like google may haev fiber from kanas to dallas, chicago, san jose
kansas sucks for transit from what i could tell. brycec: That would be news to me, since there's already fibre between everywhere mercutio: well yeah it's probably someone elses fiber. brycec: Lots of dark fibre around here -laid and unused, comparatively cheap to buy mercutio: yeah so it's probably lease.
i'm half interested in US net topography. brycec: I can see how laying new fibre across the country would be expensive and subject to US permits
But can't see how that would apply to existing fibre. mercutio: but it's hard when you're not in it i suppose.
some places seem extra bad.
like tampa, florida is pretty bad. brycec: Bad in what sense? mercutio: kansas, kc i s pretty bad
i dunno about states hah brycec: (Don't get me wrong, Tampa is bad in many ways :P) mercutio: well like tampa has internet going via miami often
even though tampa and miami are ages away brycec: Miami is a major transit point for the US to the carribean mercutio: but it goes the long way around georgia
and so on
yeah.
if you're near a major transit point you have quite direct routes. brycec: ... You might want to check a map. Tampa - Miami is only a couple of hours' drive. mercutio: but like kansas you're often stuck with chicago/dallas. brycec: (And Georgia is in the opposite direction) mercutio: it seems to increase latency
hmm
yeah but atlanta is out east. brycec: All three are "out East" :p mercutio: ok north east. brycec: Negatory mercutio: so you take a quite roundabout way to get there i meant brycec: see: Map mercutio: damp i need a site to test again
i suppose georgia doesn't look that bad brycec: http://upload.wikimedia.org/wikipedia/commons/f/f2/US_map-South_East.png Florida is the most south-easterly state (Miami, Tampa, Orlando, etc), with Georgia (Atlanta) bordering on the north.) mercutio: why is georgia to miami to tampa so high ping then. brycec: No idea
No logical reason
A little odd that you aren't seeing Atlanta - Orlando - Tampa though mercutio: orlando is uncoommon
jacksonville happens sometimes. brycec: I see ORL far more often mercutio: actually i know someone in spring hill which is near tampa brycec: Heck, HE has a POP in ORL mercutio: and their route is actually not terrible
like 215 msec from new zealand -: brycec knows someone in Tampa too mercutio: when arp is 140 msec. brycec: That's not unreasonable... mercutio: but it does varies.
err vary.
i was playing with this geoip stuff to route stuff to vps's and then go to web sites. brycec: considering west coast -> orlando is about 90-120ms for me, a 70ms difference is reasonable mercutio: the other thing i noticed is web sites aren't hosted in many places for common ones :)
90 to 120 hmm
they were on brighthouse networks.
which i'd never heard of before brycec: I've heard the name before. Definitely not Level3 scale mercutio: they use level3!
they're not like cox using cogent
i wonder what it's like from arp
it's 70 msec from arp
via level3
but yeah, most of my testing was with web sites and vps's and so on
it seems level3 just show los angeles to tampa jump so it's hard to know what it's like
except it's somehow only 55 msec. brycec: mercutio: This is from arp to a server in Orlando http://sprunge.us/XdOh mercutio: and that's reallyt relaly uncommon from my earlier looking brycec: mercutio: And this is from my office in the pacific nw http://sprunge.us/CJER mercutio: yeah it looks like level3 have sensible routes
i'm going to tryh e;)
i so prefer arp's looking glass brycec: https://smokeping.cobryce.com/?target=Internet.HENet.NorthAmerica :) mercutio: damn he.net is slow
damn no tampa
You have too many active queries. Please wait at least 60 seconds before submitting additional queries.
grr
it's cos i tried adding on la
This command is not available for core1.lax2.he.net at this time.
75.435 ms136.187 ms74.274 msv114-tpafl14-ear2.bhntampa.com (71.44.2.49)
that hop has terrible icmp deproropsoitaiton acutally
ahh but it's the same to the hop that doesn't.
so yeah it's 58 to 60 msec on arp, nad 74.3 to 75 msec on level3
err on he.net
so i suppose it's only 15 msec more, and that's fremont.
i think their traceroute is udp too meingtsla: Bright House? mercutio: yeh
oh you know what, he.net aren't even carrying the traffic.
damn arp for having good transit
oh cool cogent have a looking glass
even cogent is good weird
so yeah, maybe it's moot to there now.
i still wonder why slashdot.org has high pings from arp
but they're on savvis.
and i think savvis is probably just crap
it's like 160 msec ping to chicago. staticsafe: o_O mercutio: i dont' really care about slashdot, it'se just bene a reference site since the 90s mnathani: +1 on the asn.sh script, however I would probably like to modify it to allow searching with AS12345 as well as simply 12345
^ up_the_irons cpet: so fare ive been here for a fvew days all i see if mercutio bitching about pings brycec: cpet: it's a pretty quiet channel. And to be fair, that's about 50% of what we've seen from you :P
cpet: What would you like to see from this channel? :P cpet: se drugs and tool?
er sex BryceBot: That's what she said!! mnathani: lets give cpet a break, bitching about pings when all you got is satellite for connectivity seems fair to me cpet: now that is funny
you may continue mnathani: are you a customer yet, cpet? cpet: naw I just asked for a donation to port a filesystem to FreeBSD
but I think ill give up since its been 3 days
take care all ***: cpet has left "WeeChat 0.4.3" up_the_irons: mnathani: go ahead and modify, then send me a pull request ;) brycec: Huh. Slightly odd. up_the_irons: umm.. ask for a donation and then bitch when it takes too long.. guess who's not getting a donation now? brycec: I think his complaint was a lack of any reply -: brycec stabs his computer mnathani: up_the_irons: I have never sent a pull request before, do I first clone the repo, make the change and then send you a request?
I meant fork brycec: mnathani: Yes. If you're on Github, it makes it all pretty easy mnathani: s/clone/fork BryceBot: <mnathani> up_the_irons: I have never sent a pull request before, do I first fork the repo, make the change and then send you a request? brycec: mnathani: In fact
mnathani: In fact, you can do it all on the site itself, just open https://github.com/up_the_irons/arpnet-toolbox/blob/master/asn.sh click the edit "pencil", make your changes, commit, and submit the pull request
I'm honestly a bit surprised this isn't written in Ruby :p up_the_irons: no reason to use ruby
if shell is all i need, i use shell
wow i didn't know you could do a pull request like that... brycec: Makes simple fixes (like grammar, typos, etc) really easy :D Only downside is I don't get to name the branch. -: brycec clicks save, clicks "Create pull request" brycec: https://github.com/up_the_irons/arpnet-toolbox/pull/1 up_the_irons: what in the hell...
ASN=${1##AS}
that actually works? :) brycec: http://tldp.org/LDP/abs/html/string-manipulation.html
And in general, yes it does. up_the_irons: that's amazing
merged brycec: My favourite tricks are the default value assignments
Sweet - but, does the script actually work? :p up_the_irons: and yes, it does :) brycec: As expected? Excellent.
(more fun: http://tldp.org/LDP/abs/html/parameter-substitution.html)
(I use it for things like: SOMEVAR=${1:-BLAH} ; if [ "x$SOMEVAR" = "xBLAH" ] ; then echo YOU FAILED ; exit 1 ; fi) mercutio: i think i still prefer using a database
there's something ick about calling lynx brycec: Agreed about lynx, but at least it's caching
(I prefer curl, for starters) mercutio: heh
asn.sh: line 5: syntax error near unexpected token `newline'
oh that doesn't get raw does it
asn.sh: line 35: lynx: command not found
it's still not working brycec: Well lynx was removed from OpenBSD base :P mercutio: i'm using linux brycec: Apparently Linux without lynx mercutio: oh mhoran: Unheard of. mercutio: i need to prepend 0
this is bizzare brycec: for... "0lynx"? mercutio: oh it cached my lynx not found brycec: haha -: mhoran doesn't even understand what's going on. up_the_irons: LOL brycec: Very "dumb" caching is what's going on mercutio: ahh this is nicer
you can just change lynx to links
and it looks better
now i can uninstall lynx again :) brycec: Technically one could make a quick call to stat to check the datestamp of the file to introduce some expiry mercutio: it's too much information for me anyway
damn this file is 7mb
ok i have my own hack nearly ready
ok
working
this is messsy too i have http proxy that helps
http://pastebin.com/DLJ3D17q
% sh myasn.sh 17746
AS17746 ORCONINTERNET-NZ-AP Orcon Internet,NZ
% sh myasn.sh 9559
AS9559 PLAINCOM-NZ Plain Communications Ltd,NZ
that's what my version does
but it's not actually caching the huge file it's curling
which would be a more sensible place to cache. my web proxy does, so it doesn't matter for me.
if [ -n "$2" ]; then
rm $AS_FILE
fi
haha
brycec: i think you can do an if-modified somehow
curl -I --header 'If-Modified-Since: DATE-FORMAT-HERE'
i suppose you could have both modes with -v to show more information brycec: mercutio: Even then you're still "slow" because you're making a request to the backend *every time*
Also the backend webserver would need to properly support i-m-t mercutio: brycec: oh i'm goign to predownload i think
it probably does. brycec: Most do on static files, but dynamic stuff is up to the script mercutio: what do you think about my way of outputting versus the verbose way?
hmm
well you can cron it for once a month :/
this isn't dynamic anyway
Last-Modified: Thu, 06 Nov 2014 01:14:47 GMT
Age: 1642
you still may not want to update lal the time
AS393392 PNWUPRIMARYPUBLIC - Pacific Northwest University of Health Sciences,US brycec: 1642 seconds? that's about a half hour? mercutio: wow i've never seen ASN's that high before brycec: heh mercutio: yeah it seems that way
so yeah you may want to update less frequently
like once a month
if it hasn't been updated in over a month
i will have to look into that later. brycec: I like up_the_irons' approach, since the ASN-name pairings aren't going to change, just the addition of new ASNs. You only need to update when you hit an unknown ASN-name mapping. mercutio: for my modifcations
mine's doing that too
it's not caching the 7mb file :)
but they do change btw
when companys change ownership usually the name changes
it's just less to cat, and changing links to curl awk/sed/grep
but yeah i wonder if having on the footer of output some links would be handy too
it's all c though, so ... it's a bit messier :) mnathani: brycec: why does this not work: http://pastebin.com/x3gYP1WE
trying to match lowercase / uppercase as/ASN brycec: lol
For starters, I don't think ### is a thing (I could be wrong?)
But mainly because you keep overwriting $ASN with $1 (modified)
mnathani: you probably want to keep the first line, and make the following lines ASN=${ASN#...
(And I'm sure there's a simpler, cleaner solution too) mnathani: This was my first attempt: http://pastebin.com/0fnKARPZ
before I saw your one liner
unsuccessful too brycec: If you're getting that complicated, you might just consider using sed to extract a number from $1 mercutio: wow
it'll be AS<asn> or <asn>
just do a bloody s/^AS// brycec: s/$/i/ BryceBot: <mercutio> just do a bloody s/^AS//i mnathani: https://github.com/up_the_irons/arpnet-toolbox/pull/2
working using sed mercutio: nice mnathani: :-) mercutio: facebook has their own http server
i've only just started exploring nginx mnathani: did they get back to you regarding dns
and geolocation was it? ***: toeshred has quit IRC (Quit: WeeChat 1.0.1)
toeshred has joined #arpnetworks mnathani: ^mercutio mercutio: they got back to me asking for more information
a bit of to and fro
then nothing for a couple of days
so i emailed them again today.
i improved my facebook temporarily by using unbound's ability to send domains to different parent dns mnathani: does the issue impact many users? mercutio: but i hate doing that.
yeah, heaps from my research.
at least here.
they probably don't care much about new zealand though mnathani: is Australia in the same boat? mercutio: well australia has their own server
and there's a double hop peer with them there
and it still doesn't direct to it
ie one in betwen hop in AS PATH
it's doubled up too - there's two providers with one in between ASN mnathani: where does your facebook traffic end up presently with no DNS hacks? mercutio: i think their server selection needs an overhaul.
umm it varies between uhh
hangon
you to our Ashburn (ASH) and Forest City, NC (FRC) Data Centers.
forest city, and ashburn
so ages away
bu thtere's some stuff hitting prc too which is closer
and i'm not sure where it is but it seems west coastish mnathani: the other 2 seem halfway around the globe? mercutio: yeah
it comes into facebook's network in san jose.
running traceroute -A
http://pastebin.com/k7JU8WpE mnathani: have you tested other NZ networks that have public looking glasses mercutio: pastebin always has kaptcha
new zealand networks don't have looking glasses :/
i've tested other ones i ahve access too
to
weoll one other one i have access to, and got a couple of people to test themselves.
so there's at least 4 networks that have issues
http://pastebin.com/HVErFSga
that's sydney
weird, i dunno why it says AS1221 on hop 3
that's 9559 too mnathani: here is a trace from UK:
https://gist.github.com/anonymous/1917708951399df0f7f8 BryceBot: Gist: "https://gist.github.com/1917708951399df0f7f8" mercutio: you're going to the same dc as me :)
maybe frc is their default?
my uk vps goes there too
oh
except my one connectoins to facebook in the uk!
5 linx.br01.lhr1.tfbnw.net (195.66.225.69) [AS10026/AS4637] 4.896 ms 4.877 ms 4.859 ms mnathani: maybe facebook geolocates based on friends, and connections and news interests and likes. LOL :-) mercutio: i dobut it :)
i think their network is just non ideal
like they should terminate in london
if they're going to accept traffic in london
even if they just put the page together there and get the information from further away
at least that's what i'd do :) mnathani: maybe they havent figured out how to replicate everything everywhere? mercutio: they can still pull in stuff from remote
spdy really benefits from having close servers
that can pull stuff in from afar mnathani: cache it locally though? mercutio: and tehy're using spdy.
yeah cache locally is good
but even not caching you can still get some benefit
https has 5 rtt latency often mnathani: fewer roud trips? mercutio: yeah mnathani: utilize compression? mercutio: there's various ways to improve it
it gets really complicated.
old nginx has a bug, where if you have more than 4k of data it waits an extra rtt.
which means if you have large certificates it delays
normal ssl can't do quick start with some buggy implementations which means browsers require NPN and one other thing
enabled.
some secrecy thing
spdy improves things too
npn and forward secrecy
https://istlsfastyet.com/
it still makes sense to have close https servers though
with normal http you want to be < 20 msec ping
beyond that it starts mattering less. mnathani: are you active on nznog? mercutio: but 100 msec ping is definitely bad.
yeah.
sort of.
i occassionally rant
i'm a ranty kind of guy :/ BryceBot: That's what she said!! mnathani: I wonder if there were any facebook performance related discussions on here mercutio: nznog hardly has anything technical on it tobh
tbh
there was someone talking about akamai years ago
i've had a pet peeve against akamai for years.
i did this proxy mesh thing years ago, to try and get browsing faster
by bouncing to local hosts.
this was before linux had native 10 packets sending etc.
and i implemented the 10 packets thing early, and did shaping to limit max speed.
and i had it so i'd do persistent connections to the vairous proxies
and do a geoip lookup to know which to send to.
in the end i got web page load times down from about 1400 msec to about 1200 msec average.
but that doesn't show the whole picture - often there were quite noticable latency improvements to less popular more weird web sites.
and one of the slowest web sites was a local news site.
one of the fastest web sites was typekit.com
i tested on various isp's too. one isp was more like 1600, the other was more like 1800
typekit.com has changed since i tested.
but yeah typekit didn't have low ping or anything
they just were sensible
i think tehy've moved data centres too. i'm pretty sure they used to be at steadfast. hazardous: hi!!!!!!!1 mercutio: hey hazardous hazardous: sup mercutio: not much
i'm ranting again it seems. hazardous: nznog exists? mercutio: yeah. hazardous: the non-nanogs (and i guess eu) were almost barren the last time i clicked through a link and ended up there somehow mercutio: nanog -> ausnog -> nznog
now i'm feeling old, i've been on nznog since about 2001 i think. hazardous: going off on a random tangent i'm really surprised about chrome mercutio: recently people have been talking aabout the impact of 1 gigabit fibre connections.
that it's getting slower and slower? hazardous: i don't really look at naalytics but i was tracking down some attempted exploits in access.log and http://i.imgur.com/TBCMa6u.png
that's from the last 6h of one of my sites and it's just a giant mindfuck
i wasn't expecting it to be skewed that hard mercutio: wow i had to decrease my zoom :)
75% wow.
i'm getting so pissed off at chrome.
it keeps being slow hazardous: it's a gaming fansite; with adblock rates around 90%
i was expecting some chrome skew, but not that far mercutio: i use adblock
yeah i'd except 50 to 60%
when you say gaming web site
there's no competition anymore
even opera is using chrome hazardous: i mean video game graphs and analytics
nah, opera is still there (uses useragent, not rendering engine or whatever)
somewhere around 0.1%
lemme double check
opera is lumped in with "other"
and isn't at 0.1% mercutio: ahh ok
do you use chrome? hazardous: i use firefox day to day
i use chrome for testing sites
actually chromium nightly mercutio: ahh ok hazardous: i can't deal with chrome day to day because i actually want my tracking beacons blocked mercutio: i isntalled canary
it keeps crashing
i can't do anything hazardous: like chrome's plugin hook system is really really weird
everything is pretty much a basic userscript
you can see this with some extensions in devtools mercutio: oh woot canary is working again hazardous: there's like a .css file loaded in after domcontentloaded
that tries to css display:none!important hide things like share buttons
instead of actually blocking the content from loading in the first place mercutio: wow canary scrolls way faster than chrome
oh nah it's just this page hazardous: also blocking specific elements in chrome is akin to getting told to gfy mercutio: i hate it how variable chrome scroll speed is hazardous: firefox adblock has decent ruleset engine, i can tick things like third party and edit a regex mercutio: actually even facebook is scrolling fast now hazardous: chrome adblock is infuriating
and essentially stops at css rules mercutio: yeah hazardous: and trying to block things that are invisible, like if i wanted to block */analytics/beacon.aspx$
not happening, period mercutio: i want adblock on tablet
i wonder if anyone has forkced chromium yet. hazardous: adblock on tablet is pretty much like mercutio: and tried to make it nicer hazardous: hosts file at best
firefox has adblock addon on their mobile firefox mercutio: yeah that sucks hazardous: but it's useless at best mercutio: i might do a proxy for it
i dunno hazardous: i really wish mobile providers didn't utterly fuck any http connection
i should not have to be wasting battery life and data quota to have a usable internet
because vpn and crypto padding and whatever else mercutio: yeah hazardous: since i can't visit many sites on mobile mercutio: it's fine here hazardous: i'm on tmobile and they filter all "18+ content" automatically
and don't allow me to remove webguard mercutio: you were in australia right? hazardous: i'm in the states
(this literally includes reddit api calls, so i can't even browse askreddit) mercutio: oh
i got you confused with someone else
i think light vpns are needed hazardous: this also includes DPIing all http traffic for user agents too mercutio: that use fast light encyption BryceBot: That's what she said!! mercutio: for non critical things. hazardous: like
on my phone, the actual mobile device itself mercutio: so they stop casual snooping and interjection hazardous: if i spoof a firefox useragent
it will block all data
and upsell me a tethering package mercutio: why
oh hazardous: all http requests are hijacked to their page
all dns requests return nxdomain + A record pointing to them
they also hijack actual dns server traffic
if you use 8.8.8.8, they route that to their own systems mercutio: even if you change ports? hazardous: same with 4.2.2.1 and 4.2.2.2, etc
they hijack all dns traffic to/from those hosts
and redirect it to their own
that part is just completely bizarre
and ridiculous mercutio: this sounds ick
does your ip change much?
ideally speakign a light vpn that automagically worked when changing ip's woudl be great. hazardous: on mobile? yeah often
openvpn takes like.. a minute+ to establish link
and is completely impossible on low-signal areas mercutio: so it encodes everything relevant in udp packets.
or generic ip hazardous: http://esd.io/blog/t-mobile-dns-hijack.html has a writeup of it mercutio: depending on what is necessary
so that it doesn't need the ip
err for state hazardous: like.. they are actually abusing others' ip space
for their own ad pages mercutio: or at least can quickly reget it's state and work things out when ip changes hazardous: one could argue that changing your dns servers from the isp-provided ones is pretty much saying "fuck you i want to opt out of your spam"
but they are refusing to obey that
and they also don't obey opt out anyway
so lol mercutio: i think it's perfectly ok in corporate networks to not allow external dns. hazardous: yes, but this is a consumer connection mercutio: but on the internet at large i think not hazardous: and there's a difference between blocking external dns
and hijacking MITM external dns
with your own spoofed, invalid replies mercutio: yeah
so do you use openvpn atm? hazardous: ya
also, their idea of "opt out" of their NXDOMAIN search result page
wanna guess what it is? mercutio: how well does that work?
what is it? hazardous: it uses javascript and cookies, the actual page is served, the nx domain is still hijacked
javascript checks if you have a cookie set to opt out
and just does a window.location="/404.html"
after the adpage has fully loaded mercutio: oh what hazardous: llllol mercutio: do you have 4g? hazardous: yes mercutio: is it ok speed? hazardous: but i'm rate limited to about 1 KB/sec after 5GB per month
at 1000-5000ms latency mercutio: i talked to someone on skype who was driving on tmobile
and it broke up heaps hazardous: it's good only in super urban areas i'd say mercutio: but i've done the same thing when driving before and never had issues hazardous: i have no problem in sf
i lose data service very fast leaving sf
in between sf and la, verizon seems to be the only one with coverage (sanely)
tmobile is kind of really really urban i guess? i dunno how to describe it mercutio: wow
that's a huge area hazardous: the only time i get good, stable service is near or in a major metro area mercutio: but they're cheap :) hazardous: tbh the part that pisses me off the most is how they lie about unlimited too
yes, it's unlimited, but no, it's not actually USABLE once you hit your cap
loading a 16KB JSON response
takes around 48 seconds
a random imgur jpg takes 3-6 minutes mercutio: we used to have that on dsl here hazardous: even irc lags mercutio: we had 64kbit rate limits hazardous: yeah, it's like mercutio: where it's meant to go to "dialup" speed
after your cap hazardous: like a stable 64kbit is fine
i have no problem with a very stable and consistent 64kbit mercutio: but there was like no buffering hazardous: but this is some really really bad software artificial throttling or something mercutio: and it was insanely slow with insanely high packet loss
and it would always get overshot all the time hazardous: and i average out to be ~1KB/s with prboably 50%+ packetloss mercutio: dialup was much more usable.
that said, a few years back i tried using dialup
even logging into msn etc is slow hazardous: i've never used dialup before so i don't have anything to compare against mercutio: all these ssl certificates etc are huge.
the local news web site that was slow before
they had a 4 meagbyte image today hazardous: did you enable ssl
lol mercutio: resized to a small image hazardous: one of my friends kept bothering me about why their site was so slow mercutio: on the page itself
it's like a straight off camera pic hazardous: they had a gallery with 10mb jpg's resized to like 320x240
grid of about 50 of them mercutio: but like 500mb caps on internet are common here on cellphgones
and lots of people browse news on their mobile hazardous: the problem is whatever awful artificial throttling they use
i have no problem with a stable, steady 5 KB/s
i have a problem when it takes 15 minutes to load imgur.com/something mercutio: well that's what dialup gives you
yeah that's what rate limits / policers can often be like
esp at lower speeds.
like their 1kb/sec may actually be 64kbit
with like no queueing hazardous: it's r eally weird because on monitoring it looks like i burst up to 15KB/s for less than a second
and then drop to 9 bytes/second
for the next five minutes
openvpn is really unusable and annoying on high latency / random connectivity drop networks
several minutes to connect mercutio: mm
if you can tether hazardous: i'm trying to figure out what i can do mercutio: run a tpcdump and count how many packets it receives
if you're routing to it from a linux box you can change your route
like ip route change (your route) initcwnd 2 hazardous: i really don't get why every mobile provider here treats the internet as a molestation victim or something mercutio: and it'd probably go a little better
you used to be able to change window size too
ip route change 192.168.1.0/24 dev wlp3s0 proto kernel scope link src 192.168.1.9 initcwnd 2 window 8192
that still works hazardous: like http://www.extremetech.com/extreme/193625-verizons-latest-privacy-wrecking-ploy-an-unblockable-supercookie-that-lets-anyone-track-you-on-the-internet
opt out isn't allowed
it's the most hilarious thing mercutio: so yaeh you have a route pointing to it with a low initial window size, adn a low window size
i imagine 8k may still be too much :/ hazardous: i don't linuxes unfortunately mercutio: i screwed around with stuff heaps on dialup
like on dialup i userd to use 296 mtu hazardous: i just pretend to be a sysadmin and hope things work
:^) mercutio: and 2k window size
so irc etc wouldn't lag out when downloading
and i wouldn't get 4 second delays etc
but in dialup days there was header compresion
compression, so overhead was reduced for lots of small packets
header compression basically doesn't work well now days
you need to disable window scaling, tcp/ip timestamps, etc etc.
and even then it doesn't scale
and it really hates dropped packets hazardous: is that what those weird "dialup accelerator software" things were
i honestly have never used dialup before mercutio: nah those recompressed images etc. hazardous: i always thought dialup accelerator was a joke
like bluray rewinder mercutio: nah it was real
there's actually some stuff going around now that you can use on faster connections
you can compress images to jpeg2000 or webp
to reduce size quite a lot
hardly any sites use webp or jpeg2000 hazardous: i use webp mercutio: cool hazardous: but that's partially because i have a caching proxy in front of my site mercutio: hardly anyone does though hazardous: not really a caching proxy
i have mod_pagespeed or whatever mercutio: yeah hazardous: it just rewrites the page and replaces images mercutio: you can use mod_pagespeed on a fowrad proxy hazardous: i really like one thing it does, which is add width="" and height="" elements for unstyled things mercutio: you may want to try it :)
could speed up your mobile openvpn hazardous: it seems like it loads in in a container instantly
so everything else is in place
so elements don't randomly move after the image late loads in mercutio: i was playing with apache traffic server implemetnation of it
cos i wanted to use it everywhere hah hazardous: android has native support for it mercutio: i think it's easier with apache though hazardous: the mod_pagespeed forward proxy thing
bypasses provider censorship too mercutio: yeah hazardous: but all your pages get tracked by google
since they run the proxy mercutio: what
oh
right hazardous: there's a built in option mercutio: i mean you can run it locally hazardous: they re-serve you compressed http over udp+tls
and also run dns on the other end
it's much, much faster
but.. you know, that mercutio: well that with your own server would be cool
i was going to do something like that hah hazardous: i mean the piss annoying part is that mercutio: damnit i need to stop procrastinating hazardous: i need to toglge it on and off all the time
if i keep openvpn on to browse reddit
if i accidentally open paypal app mercutio: there's some mod page speed stuff to be more conservative hazardous: i get my paypal account blocked and suspended/frozen mercutio: why?
cos you're proxying? hazardous: ya
they will freeze the account automatically mercutio: how do they know? hazardous: ip change mercutio: i've used paypal iwith proxy? hazardous: i would assume they have much more fine-grained databases for US geoip
nonresidential providers etc
compared to every other country mercutio: hmm
i used to proxy to US vps though
i haven't done that in ages though
i still want to look at ways to speed things up, but i want transparent and less http centric
often what i care more about is things like smooth ssh
it used to work to browse hulu heh
i wonder if arp works for hulu
about 3 or 4 isp's in new zealand are doing "global mode" now
so people can use netflix hulu and other geo locked things
like even large isp's!
apparently australian government suggested people do it for buying games on steam too
because steam charges different rates based on your country
apparently it's really cheap in russia btw hazardous: hulu should block arp iirc
lemme check mercutio: in the end i couldn't stand hulu ads hazardous: hulu on arp just links to http://www.hulu.com/help/articles/243651
iirc they also check your PTR for things like 'pool' and 'dyn' mnathani: hmm hazardous: hulu works for me, (using ARP, I ssh, then use a SOCKS proxy) I am in Canada
nvm I get the anonymous proxy message now as well ***: fink has joined #arpnetworks
fink has quit IRC (Quit: fink)