***: jcv has quit IRC (Ping timeout: 252 seconds)
jlgaddis has quit IRC (Ping timeout: 252 seconds)
dwarren has quit IRC (Ping timeout: 252 seconds)
mercutio: i reckon just ditch the phone, and use voip these days.
***: jlgaddis has joined #arpnetworks
jlgaddis has quit IRC (Changing host)
jlgaddis has joined #arpnetworks
mercutio: my voip provider lets me dual (triple) register on cellphone and normal internet.
so really it's more reliable.
whenever there are dsl outages here it tends to take hours for them to get fixed, whereas voip has much shorter outages.
err dsl/phone
mkb: I don't know much about the DSL side either. once it gets to the modem my knowledge stops
***: dwarren has joined #arpnetworks
dwarren has quit IRC (Ping timeout: 252 seconds)
jlgaddis has quit IRC (Ping timeout: 252 seconds)
jcv_ has quit IRC (Quit: leaving)
jcv has joined #arpnetworks
jlgaddis has joined #arpnetworks
jlgaddis has quit IRC (Changing host)
jlgaddis has joined #arpnetworks
dwarren has joined #arpnetworks
jpalmer: up_the_irons: looks like I just got a spam/phishing email from your account.
for a miracle weight loss cure!
m0unds: delicious
BryceBot: That's what she said!!
***: raptelan has joined #arpnetworks
mike-bur1 is now known as mike-burns
b^_^d has joined #arpnetworks
pcn has quit IRC (*.net *.split)
d^_^b has quit IRC (*.net *.split)
pcn has joined #arpnetworks
staticsafe: really need a service that monitors IPv6 endpoints
mercutio: i had an issue with my first nameserver being unreachable from some locations and seemed to get delayed mail
other nameservers sohuld have been reachable though. but everywhere i tested from was fine. it's hard to test from lots of places.
brycec: staticsafe: IIRC ARP uses pingmybox.com
staticsafe: brycec: thanks
-: brycec <-- human irclogger.arpnetworks.com interface :P
brycec: np
(Really I just happen to recall the topic coming up before)
staticsafe: lol i even made an account on that side and added two checks
forgot about it completely
mercutio: all the monitoring things i have seen have been pretty bad.
pingdom has a nicer ui now, but it still doesn't seem that good.
staticsafe: nodeping is decent but no v6 monitoring
m0unds: pingdom is pretty nice, but i don't think it's worth what they charge for it
exactstate is a bit light on features and doesn't support ipv6, but it's pretty cheap
uptimerobot is ok for free, but again, no v6 support
staticsafe: uptimerobot actually has v6 support but it is broken
m0unds: oh, it does?
staticsafe: yes
m0unds: last time i'd looked it wasn't supported
staticsafe: i stopped using it because false positives
m0unds: ah
staticsafe: it doesn't seem like pingdom supports v6 either
mercutio: i hate quagga argh
m0unds: staticsafe: yeah, i just tried changing a host in pingdom to use an ipv6 address and it doesn't recognize input. tried to point it at a v6-only hostname and that failed too
womp womp
staticsafe: *sigh* I guess pingmybox it is then
BryceBot: I, *sigh*
m0unds: pingdom's pricing is a lot worse than it used to be
staticsafe: indeed, they changed it while back
m0unds: i paid like $35/yr for 5 hosts for a long time
mercutio: they're all terrible, they're all using cheap vps's, and they all have terrible debugging of actual issues
i've been tempted to do my own monitoring system for a while :)
but it's a lot of work..
staticsafe: yes, it is
mercutio: what i really want is a mesh/bittorrent like system
that does performance monitoring as well as connectivity from as many places as possible.
and looks for patterns.
so it's kind of like, you monitor me, i monitor you.
m0unds: oh, pingdom was bought by solarwinds?
hah
staticsafe: that explains the terrible pricing model
m0unds: yeah
hahahah
mercutio: because the other thing i want to monitor is things like congestion on various paths, and you need lots of points for that.
staticsafe: solarwinds is notorious for the crazy pricing schemes
mercutio: like people say that "ntt has issues"
m0unds: yeah, i used them at my old employer
$3200/yr
for 2000 nodes
or something like that
mercutio: and then someone else is like "it's fine for me" ... and you need lots of points, to break down where there are issues.
m0unds: node being any point of monitoring (could be as simple as a port on a switch)
mercutio: like it may be broken in san jose but fine in los angeles, but the provider is sending via san jose to los angeles.
even los angeles -> san jose -> los angeles isn't uncommon.
staticsafe: tbh I just want to know if the host is up and responding to certain services
mercutio: static: what if there's 20%+ packet loss?
if you just want to do that, then there's things like spong, nagios etc.
staticsafe: i want something that I'm not hosting personally tbh
mercutio: yeah
most smaller users do.
i'm using nodeping and spong.
but nodeping seems to give spurious alerst sometimes.
staticsafe: it doesn't for me, ime experience over several months
mercutio: how many hosts are you monitoring?
i have 46 checks.
also i have been using it since 2012.
staticsafe: nodeping tells me I have 45 checks, which does not mean 45 hosts, some hosts are monitored for specific services
mercutio: ah ok
yeah i'm measuring a few things.
it's actually been better than it was too
it doesn't take many alerts in the middle of the night to be annoying
staticsafe: my phone is completely silent at night, idc about alerts
mercutio: ahh ok.
staticsafe: its all personal stuff so if it is down in the middle of the night, its fine
mercutio: i care, unless i get too many false positives, and that's bad.
yeah my personal stuff is email only.
staticsafe: though my stuff is fairly reliable, all good providers with good networks
so it is rare that i get any significant downtime
i need to write a script to monitor some hardware RAID hm
m0unds: on LSI stuff, i just had a status dump written to a file on the disk, then scripted something to parse the file
staticsafe: yeah its LSI
m0unds: lemme see if i kept any of my documentation
staticsafe: 04:00.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID SAS 2108 [Liberator] (rev 05)
***: novae has quit IRC (Ping timeout: 245 seconds)
novae has joined #arpnetworks
up_the_irons: jpalmer: so it wasn't just a spam report, but spam from me?
jpalmer: up_the_irons: correct, spam from you.
let me pull up the headers. I'll pastebin it
BryceBot: That's what she said!!
up_the_irons: BryceBot: no
BryceBot: Oh, okay... I'm sorry. 'let me pull up the headers. I'll pastebin it'
jpalmer: BryceBot: I'm going to figure out what triggers you.
mercutio: hmm someone is trying to smtp auth attack my mail server. i don't have smtp auth.
mkb: mercutio, that probably happens all day
mercutio: not when i check logs normally
mkb: oh that's good of you then :)
I have a script which pulls from http://www.openbl.org/ and adds/removes -blackhole entries for it
in the routing table
mercutio: hah my mail servers is returning Error: authentication not enabled
mkb: they would see spamd first for my server anyway (and spamd doesn't log)
mercutio: i didn't have much logs, i am tcpdumping their ip
i'm not using fail2ban or anything
but yeah null routed them.
mkb: right after that recent bash feature/bug I checked my HTTP logs and counted a lot of attacks
mercutio: i see wp-login attacks quite often
mkb: yeah and phpmysql. fortunately I don't even have cgi let alone any of that
mercutio: heh
so you're greylisting with spamd?
did you find it helped much?
a lot of the spam i get these days comes from gmail etc.
mkb: very much
from > 20 a day to < 10 a month
mercutio: i like email being quick
mkb: I have gmail and amazon outbound whitelisted, mostly because they don't send retries from the same IP
once you run it for a while all your normal emails are fast
I should probably whitelist the other big providers but I don't get any email from them...
mercutio: i got a spam today, but i'm struggling to find another one
actually woot seems to randomly have started emailing me, i suppose that's like spam
so 1 in 558 messages seems pretty low.
that's with just amavis/spamassassin/rbl
and dkim/spf/blah etc is on there too.
pyzor, razor, dcc i think
oh just pyzor/razor
mkb: I have SPF but no DKIM
mercutio: dkim signing is recommended for sending mail to gmail these days
spf only really stops people pretending to be you
so it's only good with -all
brycec: A bayesian score of >.96 is what triggers it... And since the net is frequently fed and tuned, exactly "what" triggers it is a moving target :P 16:22:30 jpalmer | BryceBot: I'm going to figure out what triggers you.
jpalmer: oh, so I just have to figure out it's input channel for the bayesian filtering, and influence it that way :P
brycec: jpalmer: its input are "twss" and "BryceBot: no"
to mark the prior line as ham/spam (so to speak)
mercutio: it seems to trigger too often
brycec: And so yes, you could theoretically just feed it things like "ham ham ham ham ham ham" and followed by "twss" a lot. But I will catch you. And the nature of bayesian learning will thward that somewhat too.
I wouldn't say "too often" just "inappropriately"
mercutio: well if it happened less often then people would be somewhat more surprised by it
brycec: Either way, that's what "no" is for
jpalmer: My last foray into bayesian filtering was running a pretty sizeable mail cluster with dspam.
mercutio: jpalmer: with mysql?
jpalmer: mercutio: it's been a few years, but yea it woulda either been mysql or postgresql.
probably mysql, since I ran postgrey, too.
mercutio: i used to use dspam and postgrey too
i was struggling with feeding it enough data into dspam though.
and then it'd go wonky, as it was expiring tokens. i tried amavis's autofeed into it, but it really didn't seem to help.
jpalmer: mine got good enough, that I actually got rid of the rbl's and just used dspam and greylisting. nowadays, ain't nobody got time for dat
mercutio: most of the spam that gets through these days isn't very easily basyian'ed away.
jpalmer: right
mercutio: hmm, i find rbl's and no dspam/greylisting good enough :)
jpalmer: doing email *right* is a full time job. and frankly, I'd rather just outsource it to google.
mercutio: but razor does a kind of baysian stuff too i think
BryceBot: That's what she said!!
jpalmer: BryceBot: no
BryceBot: Oh, okay... I'm sorry. 'but razor does a kind of baysian stuff too i think'
mercutio: http://pastebin.com/jkJ1bKQJ
this is my most recent spam
i dunno if baysian would do much with that. it didn't have a photo attached.
***: dne has quit IRC (Remote host closed the connection)
dne has joined #arpnetworks
plett has quit IRC (Ping timeout: 245 seconds)
plett has joined #arpnetworks
JC_Denton: have you guys seen a lot of people using @gmail on their resume?
brycec: Can't say as I see many resumes, but the last resume I saw was from a @gmail.com
And I can't say as I see anything wrong with it, in most circumstances.
People tend to have their personal address and their company address, and why would you put your company address on a resume?? And 99% of the world doesn't self-host their email, so they're using free providers like gmail.
JC_Denton: i think a domain adds a bit more to it, but maybe that's just me
brycec: Now what really gets my goat are companies, medical practices, etc that have a @aol.com (etc) address. There's no excuse there. (And it's 1000x worse when that address is sirfluffy@somemail.com)
Really depends on the job, JC_Denton
JC_Denton: lol, yeah
brycec: I wouldn't expect someone applying at the local taco shop to have their own domain
JC_Denton: tech jobs
brycec: Even in tech, there's a wide range. eg. Sysadmin? Definitely should have their own. Jr programmer? No reason to.
JC_Denton: i need to setup my .ninja names :)
mkb: and half the time having their own nowadays means they know how to register a domain, use web-dns, and type the name into Google Apps
RandalSchwartz: got to hang out with a number of TWiT hosts and Leo himself tonight
brycec: (Note: Google Apps no longer offers a free tier to new users.)
RandalSchwartz: free dinner is free. :)
mkb: oh
brycec: mkb: you're essentially arguing the other side - "It's so easy to have your own domain so why doesn't everybody?"
Nothing wrong with that side, of course. But for the lowly jr. programmer, why should the waste $10/yr on a domain and whatever time/effort to run email?
*they
mkb: time/effort > $10
brycec: (That would be time-slash-effort + $10/yr)
mkb: right
though even if Google Apps isn't free, I see these server-in-a-box tutorials on HN all the time
and poorly hosted is worse than anything else
JC_Denton: or just get mail hosting from your domain provider
brycec: ^ just what I was writing
(the poorly hosted is worse comment)
mercutio: TBH, I see nothing wrong with a sysadmin not having their own domain for mail. And I have my own domain.
I even use gmail on occassion, as it goes nicely to multiple devices. I just don't want to overuse it.
hazardous: i really hate those "server in a box tutorials"
because inevitably it ends up resulting in unupdated crap two months later
and no failover/spof for email or something
mercutio: you think mail servers need failover?
hazardous: probably, since i assume most people doing this will have a single mx record
mercutio: less to go wrong though
poorly implemented redundant solutions are less reliable than well implemented non-redundant.
and even if you lose mail for a couple of days, there shouldn't be any serious reprecusions.
hazardous: i dunno i just assume the 'one click x in a box' things will just result in people picking the cheapest possible thing, running a script directly with wget piped into bash, and then never ssh again
mercutio: heh and being open spam relays?
hazardous: probably. i don't have high expectaiotns for these
mkb: mail is pretty okay non-redundant since the remote server will queue and retry but I'd still be more comfortable with two MXs
hazardous: same with shared hosting control panels that provide one click wordpress/etc
probably never going to get updated, and already vuln when installed
BryceBot: get on up
and DANCE
-: BryceBot dances :D-<
BryceBot dances :D|-<
BryceBot dances :D/-<
mercutio: it's no worse than running "redundant exchange configurations"
hazardous: wat
wtf is that bot
mkb: bayesian filter; brycec was in here earlier explaining
mercutio: what i hate is things like gmail throwing normal mail into spam.
mkb: why it activated then I have no idea
mercutio: it's way too keen to prevent spam that it has a high amount of false positives.
enough so that people say "check your spam folder". i never have to check my spam folder. that's the way i like it.
mkb: I don't have a spam "folder". it's rejected or inbox and I like it
mercutio: i see more issues with "normal mail delivery" than with down servers these days.
recently lots of problems seem to be related to things like people having misconfigured spf records.
mkb: who? server in a box people or big providers who should know better?
mercutio: nah small businesses who have some external guy that helps them.
hazardous: that's always fun
mercutio: spf is way past only medium to big providers having it.
mkb: so server in a box guys it sounds like
hazardous: website maker, inhouse tech/helpdesk, underpaid, responsible for everything, all in one usually
mercutio: now places with 6 staff have it.
mkb: spf is easy enough now that there's not really an excuse
mercutio: oh i'm thinking similar to people who get paid big $ to install a "router"
which only supports mtu of 1492 because it might have to work with pppoe and doesn't support baby jumbo frames.
hazardous: what is a jumbo frame
mercutio: who then decide to run ipsec from some other little appliance thingy which expects 1500 mtu
hazardous: *plugs in dlink router from walmart*
mercutio: jumbo frame is > 1500 mtu
pppoe is ppp over ethernet which has 8 byte header encapsulation.
baby jumbo is like 1560 mtu etc, where it's enough to have some amount of tunneling, but not enough to have like 6000 bytes+
mkb: and if your remote is AT&T, no auth failure
mercutio: mkb: is at&t running 1492 mtu?
mkb: yes
mercutio: mkb: does it do mss clamping?
oh you might not know what that is hmm
mkb: I do
idk on their end. path mtu discovery works
mercutio: half the isp's here do mss clamping at their end. and 90% of modems do mss clamping by default.
so if you have some modem that doesn't do mss clamping, and use one of the isp's that hasn't done clamping due to avoiding user issues, then you'll find some web sites randomly won't work.
mkb: the ones who block ICMP so that pmtud doesn't work
mercutio: nah it's external sites that block it normally
it used to be banks that were the worst here.
like the "biggest" bank in this country used to do it.
mkb: yeah that's what I mean
mercutio: oh right, but it's not the isp that blocks icmp
it was more of an issue in dialup times.
i used to run 296/576 mtus.
and things broke pretty quickly if you didn't clamp.
mkb: 576 is IPv4 minimum right?
mercutio: but adsl kind of made 1492 mtu common.
nah it's ipv6 minimum i think
mkb: I thought ipv6 was 1280 and IPv4 was 5something
mercutio: that's datagram.
well things worked ok with mtu of 296 at least.
with tcp window scaling off, tcp timestamps off, tcp window reduced,
vj header compression isn't compatible with window scaling etc. with vj header compression overhead for small packets is pretty low.
vj header compression really doesn't work well now days :)
mkb: AT&T must MSS clamp
mercutio: wouldn't surprise me.
if you stop 1% of support calls, it's significant revenue.
if you let people use their own modems and are of significant size, it's kind of a necessity.
it's easy on modern gear. with old dialup gear they didn't have those kinds of smarts.
mkb: I'd much prefer to break broken sites and force them to fix their firewall
mercutio: good luck :)