#arpnetworks 2014-12-29,Mon

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
***mike-burns has quit IRC (Ping timeout: 252 seconds)
jcv has quit IRC (Ping timeout: 252 seconds)
jlgaddis has quit IRC (Ping timeout: 252 seconds)
dwarren has quit IRC (Ping timeout: 252 seconds)
[00:00]
mercutioi reckon just ditch the phone, and use voip these days. [00:02]
***jlgaddis has joined #arpnetworks
jlgaddis has quit IRC (Changing host)
jlgaddis has joined #arpnetworks
[00:02]
mercutiomy voip provider lets me dual (triple) register on cellphone and normal internet.
so really it's more reliable.
whenever there are dsl outages here it tends to take hours for them to get fixed, whereas voip has much shorter outages.
err dsl/phone
[00:02]
mkbI don't know much about the DSL side either. once it gets to the modem my knowledge stops [00:06]
***dwarren has joined #arpnetworks [00:08]
dwarren has quit IRC (Ping timeout: 252 seconds)
jlgaddis has quit IRC (Ping timeout: 252 seconds)
[00:19]
............................................................. (idle for 5h0mn)
jcv_ has quit IRC (Quit: leaving)
jcv has joined #arpnetworks
[05:19]
............ (idle for 56mn)
jlgaddis has joined #arpnetworks
jlgaddis has quit IRC (Changing host)
jlgaddis has joined #arpnetworks
[06:15]
dwarren has joined #arpnetworks [06:20]
.................................... (idle for 2h56mn)
jpalmerup_the_irons: looks like I just got a spam/phishing email from your account.
for a miracle weight loss cure!
[09:16]
....... (idle for 31mn)
m0undsdelicious [09:47]
BryceBotThat's what she said!! [09:47]
***raptelan has joined #arpnetworks [09:48]
.... (idle for 19mn)
mike-bur1 is now known as mike-burns [10:07]
b^_^d has joined #arpnetworks [10:16]
pcn has quit IRC (*.net *.split)
d^_^b has quit IRC (*.net *.split)
[10:27]
pcn has joined #arpnetworks [10:32]
................................. (idle for 2h42mn)
staticsafereally need a service that monitors IPv6 endpoints [13:14]
..... (idle for 20mn)
mercutioi had an issue with my first nameserver being unreachable from some locations and seemed to get delayed mail
other nameservers sohuld have been reachable though. but everywhere i tested from was fine. it's hard to test from lots of places.
[13:34]
...... (idle for 29mn)
brycecstaticsafe: IIRC ARP uses pingmybox.com [14:03]
..... (idle for 24mn)
staticsafebrycec: thanks [14:27]
brycecbrycec <-- human irclogger.arpnetworks.com interface :P
np
(Really I just happen to recall the topic coming up before)
[14:29]
staticsafelol i even made an account on that side and added two checks
forgot about it completely
[14:34]
mercutioall the monitoring things i have seen have been pretty bad.
pingdom has a nicer ui now, but it still doesn't seem that good.
[14:46]
staticsafenodeping is decent but no v6 monitoring [14:52]
m0undspingdom is pretty nice, but i don't think it's worth what they charge for it
exactstate is a bit light on features and doesn't support ipv6, but it's pretty cheap
uptimerobot is ok for free, but again, no v6 support
[14:57]
staticsafeuptimerobot actually has v6 support but it is broken [15:00]
m0undsoh, it does? [15:00]
staticsafeyes [15:00]
m0undslast time i'd looked it wasn't supported [15:00]
staticsafei stopped using it because false positives [15:00]
m0undsah [15:00]
staticsafeit doesn't seem like pingdom supports v6 either [15:01]
mercutioi hate quagga argh [15:01]
m0undsstaticsafe: yeah, i just tried changing a host in pingdom to use an ipv6 address and it doesn't recognize input. tried to point it at a v6-only hostname and that failed too
womp womp
[15:02]
staticsafe*sigh* I guess pingmybox it is then [15:03]
BryceBotI, *sigh* [15:03]
m0undspingdom's pricing is a lot worse than it used to be [15:03]
staticsafeindeed, they changed it while back [15:03]
m0undsi paid like $35/yr for 5 hosts for a long time [15:03]
mercutiothey're all terrible, they're all using cheap vps's, and they all have terrible debugging of actual issues
i've been tempted to do my own monitoring system for a while :)
but it's a lot of work..
[15:03]
staticsafeyes, it is [15:04]
mercutiowhat i really want is a mesh/bittorrent like system
that does performance monitoring as well as connectivity from as many places as possible.
and looks for patterns.
so it's kind of like, you monitor me, i monitor you.
[15:04]
m0undsoh, pingdom was bought by solarwinds?
hah
[15:05]
staticsafethat explains the terrible pricing model [15:05]
m0undsyeah
hahahah
[15:05]
mercutiobecause the other thing i want to monitor is things like congestion on various paths, and you need lots of points for that. [15:05]
staticsafesolarwinds is notorious for the crazy pricing schemes [15:06]
mercutiolike people say that "ntt has issues" [15:06]
m0undsyeah, i used them at my old employer
$3200/yr
for 2000 nodes
or something like that
[15:06]
mercutioand then someone else is like "it's fine for me" ... and you need lots of points, to break down where there are issues. [15:06]
m0undsnode being any point of monitoring (could be as simple as a port on a switch) [15:06]
mercutiolike it may be broken in san jose but fine in los angeles, but the provider is sending via san jose to los angeles.
even los angeles -> san jose -> los angeles isn't uncommon.
[15:06]
staticsafetbh I just want to know if the host is up and responding to certain services [15:08]
mercutiostatic: what if there's 20%+ packet loss?
if you just want to do that, then there's things like spong, nagios etc.
[15:09]
staticsafei want something that I'm not hosting personally tbh [15:11]
mercutioyeah
most smaller users do.
i'm using nodeping and spong.
but nodeping seems to give spurious alerst sometimes.
[15:11]
staticsafeit doesn't for me, ime experience over several months [15:13]
mercutiohow many hosts are you monitoring?
i have 46 checks.
also i have been using it since 2012.
[15:14]
staticsafenodeping tells me I have 45 checks, which does not mean 45 hosts, some hosts are monitored for specific services [15:16]
mercutioah ok
yeah i'm measuring a few things.
it's actually been better than it was too
it doesn't take many alerts in the middle of the night to be annoying
[15:16]
staticsafemy phone is completely silent at night, idc about alerts [15:18]
mercutioahh ok. [15:18]
staticsafeits all personal stuff so if it is down in the middle of the night, its fine [15:19]
mercutioi care, unless i get too many false positives, and that's bad.
yeah my personal stuff is email only.
[15:19]
staticsafethough my stuff is fairly reliable, all good providers with good networks
so it is rare that i get any significant downtime
i need to write a script to monitor some hardware RAID hm
[15:21]
m0undson LSI stuff, i just had a status dump written to a file on the disk, then scripted something to parse the file [15:37]
staticsafeyeah its LSI [15:37]
m0undslemme see if i kept any of my documentation [15:38]
staticsafe04:00.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID SAS 2108 [Liberator] (rev 05) [15:38]
***novae has quit IRC (Ping timeout: 245 seconds) [15:50]
novae has joined #arpnetworks [16:00]
..... (idle for 22mn)
up_the_ironsjpalmer: so it wasn't just a spam report, but spam from me? [16:22]
jpalmerup_the_irons: correct, spam from you.
let me pull up the headers. I'll pastebin it
[16:22]
BryceBotThat's what she said!! [16:22]
up_the_ironsBryceBot: no [16:23]
BryceBotOh, okay... I'm sorry. 'let me pull up the headers. I'll pastebin it' [16:23]
jpalmerBryceBot: I'm going to figure out what triggers you. [16:23]
mercutiohmm someone is trying to smtp auth attack my mail server. i don't have smtp auth. [16:26]
mkbmercutio, that probably happens all day [16:27]
mercutionot when i check logs normally [16:27]
mkboh that's good of you then :)
I have a script which pulls from http://www.openbl.org/ and adds/removes -blackhole entries for it
in the routing table
[16:27]
mercutiohah my mail servers is returning Error: authentication not enabled [16:28]
mkbthey would see spamd first for my server anyway (and spamd doesn't log) [16:28]
mercutioi didn't have much logs, i am tcpdumping their ip
i'm not using fail2ban or anything
but yeah null routed them.
[16:28]
mkbright after that recent bash feature/bug I checked my HTTP logs and counted a lot of attacks [16:30]
mercutioi see wp-login attacks quite often [16:31]
mkbyeah and phpmysql. fortunately I don't even have cgi let alone any of that [16:31]
mercutioheh
so you're greylisting with spamd?
did you find it helped much?
a lot of the spam i get these days comes from gmail etc.
[16:31]
mkbvery much
from > 20 a day to < 10 a month
[16:37]
mercutioi like email being quick [16:38]
mkbI have gmail and amazon outbound whitelisted, mostly because they don't send retries from the same IP
once you run it for a while all your normal emails are fast
I should probably whitelist the other big providers but I don't get any email from them...
[16:39]
mercutioi got a spam today, but i'm struggling to find another one
actually woot seems to randomly have started emailing me, i suppose that's like spam
so 1 in 558 messages seems pretty low.
that's with just amavis/spamassassin/rbl
and dkim/spf/blah etc is on there too.
pyzor, razor, dcc i think
oh just pyzor/razor
[16:41]
mkbI have SPF but no DKIM [16:45]
mercutiodkim signing is recommended for sending mail to gmail these days
spf only really stops people pretending to be you
so it's only good with -all
[16:46]
..... (idle for 20mn)
brycecA bayesian score of >.96 is what triggers it... And since the net is frequently fed and tuned, exactly "what" triggers it is a moving target :P 16:22:30 jpalmer | BryceBot: I'm going to figure out what triggers you. [17:07]
jpalmeroh, so I just have to figure out it's input channel for the bayesian filtering, and influence it that way :P [17:08]
brycecjpalmer: its input are "twss" and "BryceBot: no"
to mark the prior line as ham/spam (so to speak)
[17:09]
mercutioit seems to trigger too often [17:11]
brycecAnd so yes, you could theoretically just feed it things like "ham ham ham ham ham ham" and followed by "twss" a lot. But I will catch you. And the nature of bayesian learning will thward that somewhat too.
I wouldn't say "too often" just "inappropriately"
[17:11]
mercutiowell if it happened less often then people would be somewhat more surprised by it [17:12]
brycecEither way, that's what "no" is for [17:12]
jpalmerMy last foray into bayesian filtering was running a pretty sizeable mail cluster with dspam. [17:12]
mercutiojpalmer: with mysql? [17:12]
jpalmermercutio: it's been a few years, but yea it woulda either been mysql or postgresql.
probably mysql, since I ran postgrey, too.
[17:13]
mercutioi used to use dspam and postgrey too
i was struggling with feeding it enough data into dspam though.
and then it'd go wonky, as it was expiring tokens. i tried amavis's autofeed into it, but it really didn't seem to help.
[17:13]
jpalmermine got good enough, that I actually got rid of the rbl's and just used dspam and greylisting. nowadays, ain't nobody got time for dat [17:15]
mercutiomost of the spam that gets through these days isn't very easily basyian'ed away. [17:15]
jpalmerright [17:15]
mercutiohmm, i find rbl's and no dspam/greylisting good enough :) [17:15]
jpalmerdoing email *right* is a full time job. and frankly, I'd rather just outsource it to google. [17:15]
mercutiobut razor does a kind of baysian stuff too i think [17:15]
BryceBotThat's what she said!! [17:15]
jpalmerBryceBot: no [17:16]
BryceBotOh, okay... I'm sorry. 'but razor does a kind of baysian stuff too i think' [17:16]
mercutiohttp://pastebin.com/jkJ1bKQJ
this is my most recent spam
i dunno if baysian would do much with that. it didn't have a photo attached.
[17:17]
....... (idle for 33mn)
***dne has quit IRC (Remote host closed the connection)
dne has joined #arpnetworks
[17:50]
................ (idle for 1h17mn)
plett has quit IRC (Ping timeout: 245 seconds)
plett has joined #arpnetworks
[19:09]
............................ (idle for 2h15mn)
JC_Dentonhave you guys seen a lot of people using @gmail on their resume? [21:28]
..... (idle for 21mn)
brycecCan't say as I see many resumes, but the last resume I saw was from a @gmail.com
And I can't say as I see anything wrong with it, in most circumstances.
People tend to have their personal address and their company address, and why would you put your company address on a resume?? And 99% of the world doesn't self-host their email, so they're using free providers like gmail.
[21:49]
JC_Dentoni think a domain adds a bit more to it, but maybe that's just me [21:51]
brycecNow what really gets my goat are companies, medical practices, etc that have a @aol.com (etc) address. There's no excuse there. (And it's 1000x worse when that address is sirfluffy@somemail.com)
Really depends on the job, JC_Denton
[21:52]
JC_Dentonlol, yeah [21:52]
brycecI wouldn't expect someone applying at the local taco shop to have their own domain [21:52]
JC_Dentontech jobs [21:52]
brycecEven in tech, there's a wide range. eg. Sysadmin? Definitely should have their own. Jr programmer? No reason to. [21:53]
JC_Dentoni need to setup my .ninja names :) [21:59]
mkband half the time having their own nowadays means they know how to register a domain, use web-dns, and type the name into Google Apps [22:01]
RandalSchwartzgot to hang out with a number of TWiT hosts and Leo himself tonight [22:02]
brycec(Note: Google Apps no longer offers a free tier to new users.) [22:02]
RandalSchwartzfree dinner is free. :) [22:02]
mkboh [22:02]
brycecmkb: you're essentially arguing the other side - "It's so easy to have your own domain so why doesn't everybody?"
Nothing wrong with that side, of course. But for the lowly jr. programmer, why should the waste $10/yr on a domain and whatever time/effort to run email?
*they
[22:02]
mkbtime/effort > $10 [22:03]
brycec(That would be time-slash-effort + $10/yr) [22:04]
mkbright
though even if Google Apps isn't free, I see these server-in-a-box tutorials on HN all the time
and poorly hosted is worse than anything else
[22:05]
JC_Dentonor just get mail hosting from your domain provider [22:05]
brycec^ just what I was writing
(the poorly hosted is worse comment)
[22:05]
............. (idle for 1h1mn)
mercutioTBH, I see nothing wrong with a sysadmin not having their own domain for mail. And I have my own domain.
I even use gmail on occassion, as it goes nicely to multiple devices. I just don't want to overuse it.
[23:07]
hazardousi really hate those "server in a box tutorials"
because inevitably it ends up resulting in unupdated crap two months later
and no failover/spof for email or something
[23:21]
mercutioyou think mail servers need failover? [23:22]
hazardousprobably, since i assume most people doing this will have a single mx record [23:23]
mercutioless to go wrong though
poorly implemented redundant solutions are less reliable than well implemented non-redundant.
and even if you lose mail for a couple of days, there shouldn't be any serious reprecusions.
[23:23]
hazardousi dunno i just assume the 'one click x in a box' things will just result in people picking the cheapest possible thing, running a script directly with wget piped into bash, and then never ssh again [23:24]
mercutioheh and being open spam relays? [23:24]
hazardousprobably. i don't have high expectaiotns for these [23:25]
mkbmail is pretty okay non-redundant since the remote server will queue and retry but I'd still be more comfortable with two MXs [23:25]
hazardoussame with shared hosting control panels that provide one click wordpress/etc
probably never going to get updated, and already vuln when installed
[23:25]
BryceBotget on up
and DANCE
BryceBot dances :D-<
BryceBot dances :D|-<
BryceBot dances :D/-<
[23:25]
mercutioit's no worse than running "redundant exchange configurations" [23:25]
hazardouswat
wtf is that bot
[23:25]
mkbbayesian filter; brycec was in here earlier explaining [23:25]
mercutiowhat i hate is things like gmail throwing normal mail into spam. [23:25]
mkbwhy it activated then I have no idea [23:26]
mercutioit's way too keen to prevent spam that it has a high amount of false positives.
enough so that people say "check your spam folder". i never have to check my spam folder. that's the way i like it.
[23:26]
mkbI don't have a spam "folder". it's rejected or inbox and I like it [23:27]
mercutioi see more issues with "normal mail delivery" than with down servers these days.
recently lots of problems seem to be related to things like people having misconfigured spf records.
[23:27]
mkbwho? server in a box people or big providers who should know better? [23:29]
mercutionah small businesses who have some external guy that helps them. [23:30]
hazardousthat's always fun [23:30]
mercutiospf is way past only medium to big providers having it. [23:30]
mkbso server in a box guys it sounds like [23:30]
hazardouswebsite maker, inhouse tech/helpdesk, underpaid, responsible for everything, all in one usually [23:30]
mercutionow places with 6 staff have it. [23:30]
mkbspf is easy enough now that there's not really an excuse [23:31]
mercutiooh i'm thinking similar to people who get paid big $ to install a "router"
which only supports mtu of 1492 because it might have to work with pppoe and doesn't support baby jumbo frames.
[23:31]
hazardouswhat is a jumbo frame [23:32]
mercutiowho then decide to run ipsec from some other little appliance thingy which expects 1500 mtu [23:32]
hazardous*plugs in dlink router from walmart* [23:32]
mercutiojumbo frame is > 1500 mtu
pppoe is ppp over ethernet which has 8 byte header encapsulation.
baby jumbo is like 1560 mtu etc, where it's enough to have some amount of tunneling, but not enough to have like 6000 bytes+
[23:32]
mkband if your remote is AT&T, no auth failure [23:33]
mercutiomkb: is at&t running 1492 mtu? [23:33]
mkbyes [23:33]
mercutiomkb: does it do mss clamping?
oh you might not know what that is hmm
[23:33]
mkbI do
idk on their end. path mtu discovery works
[23:33]
mercutiohalf the isp's here do mss clamping at their end. and 90% of modems do mss clamping by default.
so if you have some modem that doesn't do mss clamping, and use one of the isp's that hasn't done clamping due to avoiding user issues, then you'll find some web sites randomly won't work.
[23:34]
mkbthe ones who block ICMP so that pmtud doesn't work [23:35]
mercutionah it's external sites that block it normally
it used to be banks that were the worst here.
like the "biggest" bank in this country used to do it.
[23:35]
mkbyeah that's what I mean [23:36]
mercutiooh right, but it's not the isp that blocks icmp
it was more of an issue in dialup times.
i used to run 296/576 mtus.
and things broke pretty quickly if you didn't clamp.
[23:36]
mkb576 is IPv4 minimum right? [23:37]
mercutiobut adsl kind of made 1492 mtu common.
nah it's ipv6 minimum i think
[23:37]
mkbI thought ipv6 was 1280 and IPv4 was 5something [23:37]
mercutiothat's datagram.
well things worked ok with mtu of 296 at least.
with tcp window scaling off, tcp timestamps off, tcp window reduced,
vj header compression isn't compatible with window scaling etc. with vj header compression overhead for small packets is pretty low.
[23:38]
vj header compression really doesn't work well now days :) [23:49]
mkbAT&T must MSS clamp [23:50]
mercutiowouldn't surprise me.
if you stop 1% of support calls, it's significant revenue.
if you let people use their own modems and are of significant size, it's kind of a necessity.
it's easy on modern gear. with old dialup gear they didn't have those kinds of smarts.
[23:50]
mkbI'd much prefer to break broken sites and force them to fix their firewall [23:52]
mercutiogood luck :) [23:52]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)