#arpnetworks 2014-11-05,Wed

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)
WhoWhatWhen
brycecWell it's not trivial... And the name is typically already there, as the domain component of the hostname
(I haven't looked to see if the lg passes -n) 		[00:32]
..... (idle for 20mn)
pyvpxisnt the skype infra still very separated from the rest of MSFT? [00:52]
brycecTo my knowledge, yes, but I doubt it will stay that way. Like most things, it will eventually get folded in, one way or another. [00:53]
***LT has joined #arpnetworks [01:06]
.............. (idle for 1h9mn)
mercutiomnathani: probably in theory if someone was to modify the code
mnathani: not sure of the best way to get a list of numbers to naem mappings - i usually use whois, but there may be limits to crawling that.
http://bgp.potaroo.net/cidr/autnums.html
ahh found this
flags destination gateway lpref med aspath origin
I 8.8.8.0/24 208.79.88.2 200 0 15169
[GOOGLE] g
so saying something like that would be fine?
like [GOOGLE] etc for the diff providers after the numbers.
i wonder if it's better to change the looking glass or bgp show rib 		[02:15]
***carvite has quit IRC (Ping timeout: 245 seconds)
carvite has joined #arpnetworks 		[02:28]
.......................................................... (idle for 4h47mn)
neish_ has joined #arpnetworks
neish has quit IRC (Ping timeout: 256 seconds)
dj_goku_ has joined #arpnetworks
abthorpet has joined #arpnetworks
tabthorpe has quit IRC (Read error: Connection reset by peer)
dj_goku has quit IRC (Read error: Connection reset by peer)
Seji has quit IRC (Read error: Connection reset by peer)
Seji has joined #arpnetworks 		[07:19]
.......................... (idle for 2h8mn)
LT has quit IRC (Quit: Leaving) [09:33]
....... (idle for 30mn)
pjs_ has joined #arpnetworks
pjs has quit IRC (Read error: Connection reset by peer) 		[10:03]
pjs_ is now known as pjs [10:10]
........... (idle for 54mn)
cpetpjs ! [11:04]
***fink has joined #arpnetworks [11:09]
finkyo RandalSchwartz
RandalSchwartz: do you happen to have your Virtualbox configs for your arpnetworks VPS's at hand? i'd like to compare notes 		[11:09]
..................................................... (idle for 4h23mn)
mnathanimercitio: yeah something like [GOOGLE]
or even hyperliks to bgp. he. net./as15169 etc for each AS in the path
mercutio ^ 		[15:33]
mercutiowell that file i found has names like that.
i think hacking in support to bgpctl show rib is probably best
but then people will want traceroute support :)
bgpctl show rib is show ip bgp
just more people understand it when it's said show ip bgp
my openbsd instance doesn't have a useful route table.
so i need to get that sorted, then i could try implementing it on there first.
but i'm pulled in a few directions atm 		[15:35]
staticsafeI 192.67.222.0/24 208.79.88.135 100 51 2914 12179 62638 i
usually I don't see Internap in the best AS path 		[15:37]
***fink has quit IRC (Quit: fink) [15:46]
.... (idle for 18mn)
up_the_ironsto quickly find ASN info: https://raw.githubusercontent.com/up_the_irons/arpnet-toolbox/master/asn.sh
I just type "asn.sh <foo>" 		[16:04]
mercutioup_the_irons: what do you think about me modifying traceroute / bgpctl to show from db the name?
i imagine it shouldn't be too difficult.
actually, as a first step, i suppose the footer could have something that does a javscript query to do a lookup
where you manually type in the ones you're curious about 		[16:04]
up_the_ironsnot something i'm going to worry about, but feel free to take a stab at it if you like. keep in mind people are using the lg now, so treat it as such (e.g. no breaking it ;) [16:06]
mercutioup_the_irons: yeah, i'd do it somewhere else first. [16:06]
up_the_ironscool [16:06]
mercutioon that note, can i get a copy of the routing table on my vps? [16:06]
up_the_irons? [16:07]
mercutiojust another peer [16:07]
up_the_ironslike, you want to peer with it? [16:07]
mercutioi could get a peer from somewhere else to test.
yeah peer with it and get full table. 		[16:07]
up_the_ironsgo ahead and peer with yourself [16:07]
mercutiook :) [16:07]
up_the_ironsthat sounds kinda dirty. dunno why... [16:07]
mercutioi probably can't look at this until weekend.
hahaha 		[16:07]
up_the_ironsno worries [16:08]
mercutioi was also thinking that it'd be kind of useful to be able to do a few quick lookups
and traces.
like google, etc.
and back to yourself. 		[16:08]
BryceBotThat's what she said!! [16:08]
up_the_ironsBryceBot: no [16:08]
BryceBotOh, okay... I'm sorry. 'and back to yourself.' [16:08]
brycecs/e.g./ie./ [16:09]
BryceBot<mercutio> likie.ogle, etc. [16:09]
brycecd'oh [16:09]
mercutiolike he.net's looking glass makes it quick/easy to traceroute back to yourself. [16:09]
up_the_ironslol [16:09]
mercutiobut yeah the name thing actually kind of bugs me
i just do whois AS<as number>
and remember 2914, 174, etc.
like a few of them. 		[16:09]
up_the_ironsdid u guys see that Level 3 bought TWTelecom? [16:10]
mercutioyeah
i dunno what it means, other than way more data centres.
do twtelecom have a large network? 		[16:10]
brycecI'd assume TWT is the backbone for Time Warner Cable... but that's an uninformed assumption.
[in which case, perhaps a better network experience for those customers] 		[16:12]
mercutiowhen level3 got announced i got way more traffic on anycast for some reason.
it was surprising.
i added prepends. 		[16:13]
brycec"tw telecom was originally founded as Time Warner Communications in 1993 as a joint venture between US West and Time Warner Cable. Time Warner Telecom rapidly evolved into a business provider specializing in fiber-based last mile solutions."
(So... separate) 		[16:14]
mercutioi was reading something interesting about fiber providers in the US having huge costs to get government permission for laying cables.
doubling the cost etc.
and google somehow managed to bypass all of it. 		[16:15]
brycecmercutio: Is that long-haul fibre? [16:16]
mercutiobut i'd hate to feel like i was forced onto google fiber myslef.
brycec: yeah i think so
we say fibre here, but i realise it's kind of us-centric here :) 		[16:16]
brycecI was unaware that Google had long-haul fibre of their own
I say fibre too, because I can spell :P 		[16:16]
mercutiowell i imagine they need it to go between neighbourhoods.
and it looked like google may haev fiber from kanas to dallas, chicago, san jose
kansas sucks for transit from what i could tell. 		[16:17]
brycecThat would be news to me, since there's already fibre between everywhere [16:18]
mercutiowell yeah it's probably someone elses fiber. [16:18]
brycecLots of dark fibre around here -laid and unused, comparatively cheap to buy [16:18]
mercutioyeah so it's probably lease.
i'm half interested in US net topography. 		[16:18]
brycecI can see how laying new fibre across the country would be expensive and subject to US permits
But can't see how that would apply to existing fibre. 		[16:18]
mercutiobut it's hard when you're not in it i suppose.
some places seem extra bad.
like tampa, florida is pretty bad. 		[16:19]
brycecBad in what sense? [16:19]
mercutiokansas, kc i s pretty bad
i dunno about states hah 		[16:19]
brycec(Don't get me wrong, Tampa is bad in many ways :P) [16:19]
mercutiowell like tampa has internet going via miami often
even though tampa and miami are ages away 		[16:19]
brycecMiami is a major transit point for the US to the carribean [16:20]
mercutiobut it goes the long way around georgia
and so on
yeah.
if you're near a major transit point you have quite direct routes. 		[16:20]
brycec... You might want to check a map. Tampa - Miami is only a couple of hours' drive. [16:20]
mercutiobut like kansas you're often stuck with chicago/dallas. [16:20]
brycec(And Georgia is in the opposite direction) [16:21]
mercutioit seems to increase latency
hmm
yeah but atlanta is out east. 		[16:21]
brycecAll three are "out East" :p [16:21]
mercutiook north east. [16:21]
brycecNegatory [16:21]
mercutioso you take a quite roundabout way to get there i meant [16:21]
brycecsee: Map [16:21]
mercutiodamp i need a site to test again
i suppose georgia doesn't look that bad 		[16:22]
brycechttp://upload.wikimedia.org/wikipedia/commons/f/f2/US_map-South_East.png Florida is the most south-easterly state (Miami, Tampa, Orlando, etc), with Georgia (Atlanta) bordering on the north.) [16:22]
mercutiowhy is georgia to miami to tampa so high ping then. [16:23]
brycecNo idea
No logical reason
A little odd that you aren't seeing Atlanta - Orlando - Tampa though 		[16:23]
mercutioorlando is uncoommon
jacksonville happens sometimes. 		[16:23]
brycecI see ORL far more often [16:24]
mercutioactually i know someone in spring hill which is near tampa [16:24]
brycecHeck, HE has a POP in ORL [16:24]
mercutioand their route is actually not terrible
like 215 msec from new zealand 		[16:24]
brycecbrycec knows someone in Tampa too [16:24]
mercutiowhen arp is 140 msec. [16:24]
brycecThat's not unreasonable... [16:24]
mercutiobut it does varies.
err vary.
i was playing with this geoip stuff to route stuff to vps's and then go to web sites. 		[16:24]
brycecconsidering west coast -> orlando is about 90-120ms for me, a 70ms difference is reasonable [16:25]
mercutiothe other thing i noticed is web sites aren't hosted in many places for common ones :)
90 to 120 hmm
they were on brighthouse networks.
which i'd never heard of before 		[16:25]
brycecI've heard the name before. Definitely not Level3 scale [16:26]
mercutiothey use level3!
they're not like cox using cogent
i wonder what it's like from arp
it's 70 msec from arp
via level3
but yeah, most of my testing was with web sites and vps's and so on
it seems level3 just show los angeles to tampa jump so it's hard to know what it's like
except it's somehow only 55 msec. 		[16:26]
brycecmercutio: This is from arp to a server in Orlando http://sprunge.us/XdOh [16:28]
mercutioand that's reallyt relaly uncommon from my earlier looking [16:28]
brycecmercutio: And this is from my office in the pacific nw http://sprunge.us/CJER [16:28]
mercutioyeah it looks like level3 have sensible routes
i'm going to tryh e;)
i so prefer arp's looking glass 		[16:28]
brycechttps://smokeping.cobryce.com/?target=Internet.HENet.NorthAmerica :) [16:30]
mercutiodamn he.net is slow
damn no tampa
You have too many active queries. Please wait at least 60 seconds before submitting additional queries.
grr
it's cos i tried adding on la
This command is not available for core1.lax2.he.net at this time.
75.435 ms136.187 ms74.274 msv114-tpafl14-ear2.bhntampa.com (71.44.2.49)
that hop has terrible icmp deproropsoitaiton acutally
ahh but it's the same to the hop that doesn't.
so yeah it's 58 to 60 msec on arp, nad 74.3 to 75 msec on level3
err on he.net
so i suppose it's only 15 msec more, and that's fremont.
i think their traceroute is udp too 		[16:30]
meingtslaBright House? [16:34]
mercutioyeh
oh you know what, he.net aren't even carrying the traffic.
damn arp for having good transit
oh cool cogent have a looking glass
even cogent is good weird
so yeah, maybe it's moot to there now.
i still wonder why slashdot.org has high pings from arp
but they're on savvis.
and i think savvis is probably just crap
it's like 160 msec ping to chicago. 		[16:34]
staticsafeo_O [16:49]
mercutioi dont' really care about slashdot, it'se just bene a reference site since the 90s [16:56]
mnathani+1 on the asn.sh script, however I would probably like to modify it to allow searching with AS12345 as well as simply 12345
^ up_the_irons 		[17:00]
cpetso fare ive been here for a fvew days all i see if mercutio bitching about pings [17:10]
bryceccpet: it's a pretty quiet channel. And to be fair, that's about 50% of what we've seen from you :P
cpet: What would you like to see from this channel? :P 		[17:12]
cpetse drugs and tool?
er sex 		[17:16]
BryceBotThat's what she said!! [17:16]
mnathanilets give cpet a break, bitching about pings when all you got is satellite for connectivity seems fair to me [17:16]
cpetnow that is funny
you may continue 		[17:16]
mnathaniare you a customer yet, cpet? [17:17]
cpetnaw I just asked for a donation to port a filesystem to FreeBSD
but I think ill give up since its been 3 days
take care all 		[17:17]
***cpet has left "WeeChat 0.4.3" [17:18]
up_the_ironsmnathani: go ahead and modify, then send me a pull request ;) [17:18]
brycecHuh. Slightly odd. [17:18]
up_the_ironsumm.. ask for a donation and then bitch when it takes too long.. guess who's not getting a donation now? [17:19]
brycecI think his complaint was a lack of any reply
brycec stabs his computer 		[17:20]
mnathaniup_the_irons: I have never sent a pull request before, do I first clone the repo, make the change and then send you a request?
I meant fork 		[17:20]
brycecmnathani: Yes. If you're on Github, it makes it all pretty easy [17:21]
mnathanis/clone/fork [17:21]
BryceBot<mnathani> up_the_irons: I have never sent a pull request before, do I first fork the repo, make the change and then send you a request? [17:21]
brycecmnathani: In fact
mnathani: In fact, you can do it all on the site itself, just open https://github.com/up_the_irons/arpnet-toolbox/blob/master/asn.sh click the edit "pencil", make your changes, commit, and submit the pull request
I'm honestly a bit surprised this isn't written in Ruby :p 		[17:21]
up_the_ironsno reason to use ruby
if shell is all i need, i use shell
wow i didn't know you could do a pull request like that... 		[17:22]
brycecMakes simple fixes (like grammar, typos, etc) really easy :D Only downside is I don't get to name the branch.
brycec clicks save, clicks "Create pull request"
https://github.com/up_the_irons/arpnet-toolbox/pull/1 		[17:24]
up_the_ironswhat in the hell...
ASN=${1##AS}
that actually works? :) 		[17:29]
brycechttp://tldp.org/LDP/abs/html/string-manipulation.html
And in general, yes it does. 		[17:29]
up_the_ironsthat's amazing
merged 		[17:30]
brycecMy favourite tricks are the default value assignments
Sweet - but, does the script actually work? :p 		[17:30]
up_the_ironsand yes, it does :) [17:30]
brycecAs expected? Excellent.
(more fun: http://tldp.org/LDP/abs/html/parameter-substitution.html)
(I use it for things like: SOMEVAR=${1:-BLAH} ; if [ "x$SOMEVAR" = "xBLAH" ] ; then echo YOU FAILED ; exit 1 ; fi) 		[17:31]
mercutioi think i still prefer using a database
there's something ick about calling lynx 		[17:38]
brycecAgreed about lynx, but at least it's caching
(I prefer curl, for starters) 		[17:38]
mercutioheh
asn.sh: line 5: syntax error near unexpected token `newline'
oh that doesn't get raw does it
asn.sh: line 35: lynx: command not found
it's still not working 		[17:39]
brycecWell lynx was removed from OpenBSD base :P [17:41]
mercutioi'm using linux [17:41]
brycecApparently Linux without lynx [17:42]
mercutiooh [17:42]
mhoranUnheard of. [17:42]
mercutioi need to prepend 0
this is bizzare 		[17:42]
brycecfor... "0lynx"? [17:42]
mercutiooh it cached my lynx not found [17:42]
brycechaha [17:43]
mhoranmhoran doesn't even understand what's going on. [17:43]
up_the_ironsLOL [17:43]
brycecVery "dumb" caching is what's going on [17:43]
mercutioahh this is nicer
you can just change lynx to links
and it looks better
now i can uninstall lynx again :) 		[17:44]
brycecTechnically one could make a quick call to stat to check the datestamp of the file to introduce some expiry [17:44]
mercutioit's too much information for me anyway
damn this file is 7mb
ok i have my own hack nearly ready 		[17:44]
ok
working
this is messsy too i have http proxy that helps
http://pastebin.com/DLJ3D17q
% sh myasn.sh 17746
AS17746 ORCONINTERNET-NZ-AP Orcon Internet,NZ
% sh myasn.sh 9559
AS9559 PLAINCOM-NZ Plain Communications Ltd,NZ
that's what my version does
but it's not actually caching the huge file it's curling
which would be a more sensible place to cache. my web proxy does, so it doesn't matter for me.
if [ -n "$2" ]; then
rm $AS_FILE
fi
haha
brycec: i think you can do an if-modified somehow
curl -I --header 'If-Modified-Since: DATE-FORMAT-HERE' 		[17:59]
i suppose you could have both modes with -v to show more information [18:09]
brycecmercutio: Even then you're still "slow" because you're making a request to the backend *every time*
Also the backend webserver would need to properly support i-m-t 		[18:11]
mercutiobrycec: oh i'm goign to predownload i think
it probably does. 		[18:11]
brycecMost do on static files, but dynamic stuff is up to the script [18:11]
mercutiowhat do you think about my way of outputting versus the verbose way?
hmm
well you can cron it for once a month :/
this isn't dynamic anyway
Last-Modified: Thu, 06 Nov 2014 01:14:47 GMT
Age: 1642
you still may not want to update lal the time
AS393392 PNWUPRIMARYPUBLIC - Pacific Northwest University of Health Sciences,US 		[18:12]
brycec1642 seconds? that's about a half hour? [18:14]
mercutiowow i've never seen ASN's that high before [18:14]
brycecheh [18:14]
mercutioyeah it seems that way
so yeah you may want to update less frequently
like once a month
if it hasn't been updated in over a month
i will have to look into that later. 		[18:14]
brycecI like up_the_irons' approach, since the ASN-name pairings aren't going to change, just the addition of new ASNs. You only need to update when you hit an unknown ASN-name mapping. [18:15]
mercutiofor my modifcations
mine's doing that too
it's not caching the 7mb file :)
but they do change btw
when companys change ownership usually the name changes
it's just less to cat, and changing links to curl awk/sed/grep
but yeah i wonder if having on the footer of output some links would be handy too
it's all c though, so ... it's a bit messier :) 		[18:15]
......... (idle for 42mn)
mnathanibrycec: why does this not work: http://pastebin.com/x3gYP1WE
trying to match lowercase / uppercase as/ASN 		[19:02]
bryceclol
For starters, I don't think ### is a thing (I could be wrong?)
But mainly because you keep overwriting $ASN with $1 (modified)
mnathani: you probably want to keep the first line, and make the following lines ASN=${ASN#...
(And I'm sure there's a simpler, cleaner solution too) 		[19:02]
mnathaniThis was my first attempt: http://pastebin.com/0fnKARPZ
before I saw your one liner
unsuccessful too 		[19:05]
brycecIf you're getting that complicated, you might just consider using sed to extract a number from $1 [19:07]
mercutiowow
it'll be AS<asn> or <asn>
just do a bloody s/^AS// 		[19:08]
brycecs/$/i/ [19:08]
BryceBot<mercutio> just do a bloody s/^AS//i [19:08]
..... (idle for 20mn)
mnathanihttps://github.com/up_the_irons/arpnet-toolbox/pull/2
working using sed 		[19:28]
.... (idle for 18mn)
mercutionice [19:46]
mnathani:-) [19:48]
mercutiofacebook has their own http server
i've only just started exploring nginx 		[19:52]
....... (idle for 33mn)
mnathanidid they get back to you regarding dns
and geolocation was it? 		[20:26]
***toeshred has quit IRC (Quit: WeeChat 1.0.1)
toeshred has joined #arpnetworks 		[20:26]
mnathani^mercutio [20:35]
......... (idle for 40mn)
mercutiothey got back to me asking for more information
a bit of to and fro
then nothing for a couple of days
so i emailed them again today.
i improved my facebook temporarily by using unbound's ability to send domains to different parent dns 		[21:15]
mnathanidoes the issue impact many users? [21:15]
mercutiobut i hate doing that.
yeah, heaps from my research.
at least here.
they probably don't care much about new zealand though 		[21:16]
mnathaniis Australia in the same boat? [21:16]
mercutiowell australia has their own server
and there's a double hop peer with them there
and it still doesn't direct to it
ie one in betwen hop in AS PATH
it's doubled up too - there's two providers with one in between ASN 		[21:17]
mnathaniwhere does your facebook traffic end up presently with no DNS hacks? [21:17]
mercutioi think their server selection needs an overhaul.
umm it varies between uhh
hangon
you to our Ashburn (ASH) and Forest City, NC (FRC) Data Centers.
forest city, and ashburn
so ages away
bu thtere's some stuff hitting prc too which is closer
and i'm not sure where it is but it seems west coastish 		[21:18]
mnathanithe other 2 seem halfway around the globe? [21:19]
mercutioyeah
it comes into facebook's network in san jose.
running traceroute -A
http://pastebin.com/k7JU8WpE 		[21:19]
mnathanihave you tested other NZ networks that have public looking glasses [21:20]
mercutiopastebin always has kaptcha
new zealand networks don't have looking glasses :/
i've tested other ones i ahve access too
to
weoll one other one i have access to, and got a couple of people to test themselves.
so there's at least 4 networks that have issues
http://pastebin.com/HVErFSga
that's sydney
weird, i dunno why it says AS1221 on hop 3
that's 9559 too 		[21:20]
mnathanihere is a trace from UK:
https://gist.github.com/anonymous/1917708951399df0f7f8 		[21:24]
BryceBotGist: "https://gist.github.com/1917708951399df0f7f8" [21:24]
mercutioyou're going to the same dc as me :)
maybe frc is their default?
my uk vps goes there too
oh
except my one connectoins to facebook in the uk!
5 linx.br01.lhr1.tfbnw.net (195.66.225.69) [AS10026/AS4637] 4.896 ms 4.877 ms 4.859 ms 		[21:24]
mnathanimaybe facebook geolocates based on friends, and connections and news interests and likes. LOL :-) [21:27]
mercutioi dobut it :)
i think their network is just non ideal
like they should terminate in london
if they're going to accept traffic in london
even if they just put the page together there and get the information from further away
at least that's what i'd do :) 		[21:27]
mnathanimaybe they havent figured out how to replicate everything everywhere? [21:27]
mercutiothey can still pull in stuff from remote
spdy really benefits from having close servers
that can pull stuff in from afar 		[21:28]
mnathanicache it locally though? [21:28]
mercutioand tehy're using spdy.
yeah cache locally is good
but even not caching you can still get some benefit
https has 5 rtt latency often 		[21:28]
mnathanifewer roud trips? [21:28]
mercutioyeah [21:28]
mnathaniutilize compression? [21:29]
mercutiothere's various ways to improve it
it gets really complicated.
old nginx has a bug, where if you have more than 4k of data it waits an extra rtt.
which means if you have large certificates it delays
normal ssl can't do quick start with some buggy implementations which means browsers require NPN and one other thing
enabled.
some secrecy thing
spdy improves things too
npn and forward secrecy
https://istlsfastyet.com/
it still makes sense to have close https servers though
with normal http you want to be < 20 msec ping
beyond that it starts mattering less. 		[21:29]
mnathaniare you active on nznog? [21:33]
mercutiobut 100 msec ping is definitely bad.
yeah.
sort of.
i occassionally rant
i'm a ranty kind of guy :/ 		[21:33]
BryceBotThat's what she said!! [21:33]
mnathaniI wonder if there were any facebook performance related discussions on here [21:33]
mercutionznog hardly has anything technical on it tobh
tbh
there was someone talking about akamai years ago
i've had a pet peeve against akamai for years.
i did this proxy mesh thing years ago, to try and get browsing faster
by bouncing to local hosts.
this was before linux had native 10 packets sending etc.
and i implemented the 10 packets thing early, and did shaping to limit max speed.
and i had it so i'd do persistent connections to the vairous proxies
and do a geoip lookup to know which to send to.
in the end i got web page load times down from about 1400 msec to about 1200 msec average.
but that doesn't show the whole picture - often there were quite noticable latency improvements to less popular more weird web sites.
and one of the slowest web sites was a local news site.
one of the fastest web sites was typekit.com
i tested on various isp's too. one isp was more like 1600, the other was more like 1800
typekit.com has changed since i tested.
but yeah typekit didn't have low ping or anything
they just were sensible
i think tehy've moved data centres too. i'm pretty sure they used to be at steadfast. 		[21:34]
hazardoushi!!!!!!!1 [21:38]
mercutiohey hazardous [21:38]
hazardoussup [21:38]
mercutionot much
i'm ranting again it seems. 		[21:38]
hazardousnznog exists? [21:39]
mercutioyeah. [21:39]
hazardousthe non-nanogs (and i guess eu) were almost barren the last time i clicked through a link and ended up there somehow [21:39]
mercutionanog -> ausnog -> nznog
now i'm feeling old, i've been on nznog since about 2001 i think. 		[21:39]
hazardousgoing off on a random tangent i'm really surprised about chrome [21:40]
mercutiorecently people have been talking aabout the impact of 1 gigabit fibre connections.
that it's getting slower and slower? 		[21:40]
hazardousi don't really look at naalytics but i was tracking down some attempted exploits in access.log and http://i.imgur.com/TBCMa6u.png
that's from the last 6h of one of my sites and it's just a giant mindfuck
i wasn't expecting it to be skewed that hard 		[21:40]
mercutiowow i had to decrease my zoom :)
75% wow.
i'm getting so pissed off at chrome.
it keeps being slow 		[21:41]
hazardousit's a gaming fansite; with adblock rates around 90%
i was expecting some chrome skew, but not that far 		[21:41]
mercutioi use adblock
yeah i'd except 50 to 60%
when you say gaming web site
there's no competition anymore
even opera is using chrome 		[21:42]
hazardousi mean video game graphs and analytics
nah, opera is still there (uses useragent, not rendering engine or whatever)
somewhere around 0.1%
lemme double check
opera is lumped in with "other"
and isn't at 0.1% 		[21:42]
mercutioahh ok
do you use chrome? 		[21:43]
hazardousi use firefox day to day
i use chrome for testing sites
actually chromium nightly 		[21:43]
mercutioahh ok [21:44]
hazardousi can't deal with chrome day to day because i actually want my tracking beacons blocked [21:44]
mercutioi isntalled canary
it keeps crashing
i can't do anything 		[21:44]
hazardouslike chrome's plugin hook system is really really weird
everything is pretty much a basic userscript
you can see this with some extensions in devtools 		[21:44]
mercutiooh woot canary is working again [21:44]
hazardousthere's like a .css file loaded in after domcontentloaded
that tries to css display:none!important hide things like share buttons
instead of actually blocking the content from loading in the first place 		[21:44]
mercutiowow canary scrolls way faster than chrome
oh nah it's just this page 		[21:45]
hazardousalso blocking specific elements in chrome is akin to getting told to gfy [21:45]
mercutioi hate it how variable chrome scroll speed is [21:45]
hazardousfirefox adblock has decent ruleset engine, i can tick things like third party and edit a regex [21:45]
mercutioactually even facebook is scrolling fast now [21:45]
hazardouschrome adblock is infuriating
and essentially stops at css rules 		[21:46]
mercutioyeah [21:46]
hazardousand trying to block things that are invisible, like if i wanted to block */analytics/beacon.aspx$
not happening, period 		[21:46]
mercutioi want adblock on tablet
i wonder if anyone has forkced chromium yet. 		[21:48]
hazardousadblock on tablet is pretty much like [21:48]
mercutioand tried to make it nicer [21:48]
hazardoushosts file at best
firefox has adblock addon on their mobile firefox 		[21:48]
mercutioyeah that sucks [21:49]
hazardousbut it's useless at best [21:49]
mercutioi might do a proxy for it
i dunno 		[21:49]
hazardousi really wish mobile providers didn't utterly fuck any http connection
i should not have to be wasting battery life and data quota to have a usable internet
because vpn and crypto padding and whatever else 		[21:49]
mercutioyeah [21:50]
hazardoussince i can't visit many sites on mobile [21:50]
mercutioit's fine here [21:50]
hazardousi'm on tmobile and they filter all "18+ content" automatically
and don't allow me to remove webguard 		[21:50]
mercutioyou were in australia right? [21:50]
hazardousi'm in the states
(this literally includes reddit api calls, so i can't even browse askreddit) 		[21:51]
mercutiooh
i got you confused with someone else
i think light vpns are needed 		[21:51]
hazardousthis also includes DPIing all http traffic for user agents too [21:51]
mercutiothat use fast light encyption [21:51]
BryceBotThat's what she said!! [21:51]
mercutiofor non critical things. [21:51]
hazardouslike
on my phone, the actual mobile device itself 		[21:51]
mercutioso they stop casual snooping and interjection [21:52]
hazardousif i spoof a firefox useragent
it will block all data
and upsell me a tethering package 		[21:52]
mercutiowhy
oh 		[21:52]
hazardousall http requests are hijacked to their page
all dns requests return nxdomain + A record pointing to them
they also hijack actual dns server traffic
if you use 8.8.8.8, they route that to their own systems 		[21:52]
mercutioeven if you change ports? [21:52]
hazardoussame with 4.2.2.1 and 4.2.2.2, etc
they hijack all dns traffic to/from those hosts
and redirect it to their own
that part is just completely bizarre
and ridiculous 		[21:52]
mercutiothis sounds ick
does your ip change much?
ideally speakign a light vpn that automagically worked when changing ip's woudl be great. 		[21:53]
hazardouson mobile? yeah often
openvpn takes like.. a minute+ to establish link
and is completely impossible on low-signal areas 		[21:54]
mercutioso it encodes everything relevant in udp packets.
or generic ip 		[21:54]
hazardoushttp://esd.io/blog/t-mobile-dns-hijack.html has a writeup of it [21:54]
mercutiodepending on what is necessary
so that it doesn't need the ip
err for state 		[21:54]
hazardouslike.. they are actually abusing others' ip space
for their own ad pages 		[21:55]
mercutioor at least can quickly reget it's state and work things out when ip changes [21:55]
hazardousone could argue that changing your dns servers from the isp-provided ones is pretty much saying "fuck you i want to opt out of your spam"
but they are refusing to obey that
and they also don't obey opt out anyway
so lol 		[21:55]
mercutioi think it's perfectly ok in corporate networks to not allow external dns. [21:56]
hazardousyes, but this is a consumer connection [21:56]
mercutiobut on the internet at large i think not [21:56]
hazardousand there's a difference between blocking external dns
and hijacking MITM external dns
with your own spoofed, invalid replies 		[21:56]
mercutioyeah
so do you use openvpn atm? 		[21:56]
hazardousya
also, their idea of "opt out" of their NXDOMAIN search result page
wanna guess what it is? 		[21:56]
mercutiohow well does that work?
what is it? 		[21:56]
hazardousit uses javascript and cookies, the actual page is served, the nx domain is still hijacked
javascript checks if you have a cookie set to opt out
and just does a window.location="/404.html"
after the adpage has fully loaded 		[21:57]
mercutiooh what [21:57]
hazardousllllol [21:57]
mercutiodo you have 4g? [21:57]
hazardousyes [21:57]
mercutiois it ok speed? [21:57]
hazardousbut i'm rate limited to about 1 KB/sec after 5GB per month
at 1000-5000ms latency 		[21:57]
mercutioi talked to someone on skype who was driving on tmobile
and it broke up heaps 		[21:58]
hazardousit's good only in super urban areas i'd say [21:58]
mercutiobut i've done the same thing when driving before and never had issues [21:58]
hazardousi have no problem in sf
i lose data service very fast leaving sf
in between sf and la, verizon seems to be the only one with coverage (sanely)
tmobile is kind of really really urban i guess? i dunno how to describe it 		[21:58]
mercutiowow
that's a huge area 		[21:58]
hazardousthe only time i get good, stable service is near or in a major metro area [21:59]
mercutiobut they're cheap :) [21:59]
hazardoustbh the part that pisses me off the most is how they lie about unlimited too
yes, it's unlimited, but no, it's not actually USABLE once you hit your cap
loading a 16KB JSON response
takes around 48 seconds
a random imgur jpg takes 3-6 minutes 		[21:59]
mercutiowe used to have that on dsl here [21:59]
hazardouseven irc lags [21:59]
mercutiowe had 64kbit rate limits [22:00]
hazardousyeah, it's like [22:00]
mercutiowhere it's meant to go to "dialup" speed
after your cap 		[22:00]
hazardouslike a stable 64kbit is fine
i have no problem with a very stable and consistent 64kbit 		[22:00]
mercutiobut there was like no buffering [22:00]
hazardousbut this is some really really bad software artificial throttling or something [22:00]
mercutioand it was insanely slow with insanely high packet loss
and it would always get overshot all the time 		[22:00]
hazardousand i average out to be ~1KB/s with prboably 50%+ packetloss [22:00]
mercutiodialup was much more usable.
that said, a few years back i tried using dialup
even logging into msn etc is slow 		[22:00]
hazardousi've never used dialup before so i don't have anything to compare against [22:00]
mercutioall these ssl certificates etc are huge.
the local news web site that was slow before
they had a 4 meagbyte image today 		[22:00]
hazardousdid you enable ssl
lol 		[22:01]
mercutioresized to a small image [22:01]
hazardousone of my friends kept bothering me about why their site was so slow [22:01]
mercutioon the page itself
it's like a straight off camera pic 		[22:01]
hazardousthey had a gallery with 10mb jpg's resized to like 320x240
grid of about 50 of them 		[22:01]
mercutiobut like 500mb caps on internet are common here on cellphgones
and lots of people browse news on their mobile 		[22:02]
hazardousthe problem is whatever awful artificial throttling they use
i have no problem with a stable, steady 5 KB/s
i have a problem when it takes 15 minutes to load imgur.com/something 		[22:02]
mercutiowell that's what dialup gives you
yeah that's what rate limits / policers can often be like
esp at lower speeds.
like their 1kb/sec may actually be 64kbit
with like no queueing 		[22:02]
hazardousit's r eally weird because on monitoring it looks like i burst up to 15KB/s for less than a second
and then drop to 9 bytes/second
for the next five minutes
openvpn is really unusable and annoying on high latency / random connectivity drop networks
several minutes to connect 		[22:03]
mercutiomm
if you can tether 		[22:03]
hazardousi'm trying to figure out what i can do [22:03]
mercutiorun a tpcdump and count how many packets it receives
if you're routing to it from a linux box you can change your route
like ip route change (your route) initcwnd 2 		[22:04]
hazardousi really don't get why every mobile provider here treats the internet as a molestation victim or something [22:04]
mercutioand it'd probably go a little better
you used to be able to change window size too
ip route change 192.168.1.0/24 dev wlp3s0 proto kernel scope link src 192.168.1.9 initcwnd 2 window 8192
that still works 		[22:04]
hazardouslike http://www.extremetech.com/extreme/193625-verizons-latest-privacy-wrecking-ploy-an-unblockable-supercookie-that-lets-anyone-track-you-on-the-internet
opt out isn't allowed
it's the most hilarious thing 		[22:05]
mercutioso yaeh you have a route pointing to it with a low initial window size, adn a low window size
i imagine 8k may still be too much :/ 		[22:05]
hazardousi don't linuxes unfortunately [22:05]
mercutioi screwed around with stuff heaps on dialup
like on dialup i userd to use 296 mtu 		[22:05]
hazardousi just pretend to be a sysadmin and hope things work
:^) 		[22:06]
mercutioand 2k window size
so irc etc wouldn't lag out when downloading
and i wouldn't get 4 second delays etc
but in dialup days there was header compresion
compression, so overhead was reduced for lots of small packets
header compression basically doesn't work well now days
you need to disable window scaling, tcp/ip timestamps, etc etc.
and even then it doesn't scale
and it really hates dropped packets 		[22:06]
hazardousis that what those weird "dialup accelerator software" things were
i honestly have never used dialup before 		[22:07]
mercutionah those recompressed images etc. [22:08]
hazardousi always thought dialup accelerator was a joke
like bluray rewinder 		[22:08]
mercutionah it was real
there's actually some stuff going around now that you can use on faster connections
you can compress images to jpeg2000 or webp
to reduce size quite a lot
hardly any sites use webp or jpeg2000 		[22:08]
hazardousi use webp [22:09]
mercutiocool [22:09]
hazardousbut that's partially because i have a caching proxy in front of my site [22:09]
mercutiohardly anyone does though [22:09]
hazardousnot really a caching proxy
i have mod_pagespeed or whatever 		[22:09]
mercutioyeah [22:09]
hazardousit just rewrites the page and replaces images [22:09]
mercutioyou can use mod_pagespeed on a fowrad proxy [22:09]
hazardousi really like one thing it does, which is add width="" and height="" elements for unstyled things [22:09]
mercutioyou may want to try it :)
could speed up your mobile openvpn 		[22:09]
hazardousit seems like it loads in in a container instantly
so everything else is in place
so elements don't randomly move after the image late loads in 		[22:10]
mercutioi was playing with apache traffic server implemetnation of it
cos i wanted to use it everywhere hah 		[22:10]
hazardousandroid has native support for it [22:10]
mercutioi think it's easier with apache though [22:10]
hazardousthe mod_pagespeed forward proxy thing
bypasses provider censorship too 		[22:10]
mercutioyeah [22:10]
hazardousbut all your pages get tracked by google
since they run the proxy 		[22:10]
mercutiowhat
oh
right 		[22:10]
hazardousthere's a built in option [22:11]
mercutioi mean you can run it locally [22:11]
hazardousthey re-serve you compressed http over udp+tls
and also run dns on the other end
it's much, much faster
but.. you know, that 		[22:11]
mercutiowell that with your own server would be cool
i was going to do something like that hah 		[22:11]
hazardousi mean the piss annoying part is that [22:12]
mercutiodamnit i need to stop procrastinating [22:12]
hazardousi need to toglge it on and off all the time
if i keep openvpn on to browse reddit
if i accidentally open paypal app 		[22:12]
mercutiothere's some mod page speed stuff to be more conservative [22:12]
hazardousi get my paypal account blocked and suspended/frozen [22:12]
mercutiowhy?
cos you're proxying? 		[22:12]
hazardousya
they will freeze the account automatically 		[22:12]
mercutiohow do they know? [22:12]
hazardousip change [22:12]
mercutioi've used paypal iwith proxy? [22:12]
hazardousi would assume they have much more fine-grained databases for US geoip
nonresidential providers etc
compared to every other country 		[22:13]
mercutiohmm
i used to proxy to US vps though
i haven't done that in ages though
i still want to look at ways to speed things up, but i want transparent and less http centric
often what i care more about is things like smooth ssh
it used to work to browse hulu heh
i wonder if arp works for hulu
about 3 or 4 isp's in new zealand are doing "global mode" now
so people can use netflix hulu and other geo locked things
like even large isp's!
apparently australian government suggested people do it for buying games on steam too
because steam charges different rates based on your country
apparently it's really cheap in russia btw 		[22:16]
hazardoushulu should block arp iirc
lemme check 		[22:20]
mercutioin the end i couldn't stand hulu ads [22:21]
hazardoushulu on arp just links to http://www.hulu.com/help/articles/243651
iirc they also check your PTR for things like 'pool' and 'dyn' 		[22:21]
..... (idle for 22mn)
mnathanihmm hazardous: hulu works for me, (using ARP, I ssh, then use a SOCKS proxy) I am in Canada [22:44]
nvm I get the anonymous proxy message now as well [22:52]
....... (idle for 34mn)
***fink has joined #arpnetworks [23:26]
fink has quit IRC (Quit: fink) [23:38]
↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)