[00:00] *** mike-burns has quit IRC (Ping timeout: 252 seconds) [00:00] *** jcv has quit IRC (Ping timeout: 252 seconds) [00:00] *** jlgaddis has quit IRC (Ping timeout: 252 seconds) [00:01] *** dwarren has quit IRC (Ping timeout: 252 seconds) [00:02] i reckon just ditch the phone, and use voip these days. [00:02] *** jlgaddis has joined #arpnetworks [00:02] *** jlgaddis has quit IRC (Changing host) [00:02] *** jlgaddis has joined #arpnetworks [00:02] my voip provider lets me dual (triple) register on cellphone and normal internet. [00:03] so really it's more reliable. [00:04] whenever there are dsl outages here it tends to take hours for them to get fixed, whereas voip has much shorter outages. [00:04] err dsl/phone [00:06] I don't know much about the DSL side either. once it gets to the modem my knowledge stops [00:08] *** dwarren has joined #arpnetworks [00:19] *** dwarren has quit IRC (Ping timeout: 252 seconds) [00:19] *** jlgaddis has quit IRC (Ping timeout: 252 seconds) [05:19] *** jcv_ has quit IRC (Quit: leaving) [05:19] *** jcv has joined #arpnetworks [06:15] *** jlgaddis has joined #arpnetworks [06:15] *** jlgaddis has quit IRC (Changing host) [06:15] *** jlgaddis has joined #arpnetworks [06:20] *** dwarren has joined #arpnetworks [09:16] up_the_irons: looks like I just got a spam/phishing email from your account. [09:16] for a miracle weight loss cure! [09:47] delicious [09:47] That's what she said!! [09:48] *** raptelan has joined #arpnetworks [10:07] *** mike-bur1 is now known as mike-burns [10:16] *** b^_^d has joined #arpnetworks [10:27] *** pcn has quit IRC (*.net *.split) [10:27] *** d^_^b has quit IRC (*.net *.split) [10:32] *** pcn has joined #arpnetworks [13:14] really need a service that monitors IPv6 endpoints [13:34] i had an issue with my first nameserver being unreachable from some locations and seemed to get delayed mail [13:34] other nameservers sohuld have been reachable though. but everywhere i tested from was fine. it's hard to test from lots of places. [14:03] staticsafe: IIRC ARP uses pingmybox.com [14:27] brycec: thanks [14:29] * brycec <-- human irclogger.arpnetworks.com interface :P [14:29] np [14:29] (Really I just happen to recall the topic coming up before) [14:34] lol i even made an account on that side and added two checks [14:34] forgot about it completely [14:46] all the monitoring things i have seen have been pretty bad. [14:46] pingdom has a nicer ui now, but it still doesn't seem that good. [14:52] nodeping is decent but no v6 monitoring [14:57] pingdom is pretty nice, but i don't think it's worth what they charge for it [14:58] exactstate is a bit light on features and doesn't support ipv6, but it's pretty cheap [14:59] uptimerobot is ok for free, but again, no v6 support [15:00] uptimerobot actually has v6 support but it is broken [15:00] oh, it does? [15:00] yes [15:00] last time i'd looked it wasn't supported [15:00] i stopped using it because false positives [15:00] ah [15:01] it doesn't seem like pingdom supports v6 either [15:01] i hate quagga argh [15:02] staticsafe: yeah, i just tried changing a host in pingdom to use an ipv6 address and it doesn't recognize input. tried to point it at a v6-only hostname and that failed too [15:02] womp womp [15:03] *sigh* I guess pingmybox it is then [15:03] I, *sigh* [15:03] pingdom's pricing is a lot worse than it used to be [15:03] indeed, they changed it while back [15:03] i paid like $35/yr for 5 hosts for a long time [15:03] they're all terrible, they're all using cheap vps's, and they all have terrible debugging of actual issues [15:04] i've been tempted to do my own monitoring system for a while :) [15:04] but it's a lot of work.. [15:04] yes, it is [15:04] what i really want is a mesh/bittorrent like system [15:04] that does performance monitoring as well as connectivity from as many places as possible. [15:04] and looks for patterns. [15:05] so it's kind of like, you monitor me, i monitor you. [15:05] oh, pingdom was bought by solarwinds? [15:05] hah [15:05] that explains the terrible pricing model [15:05] yeah [15:05] hahahah [15:05] because the other thing i want to monitor is things like congestion on various paths, and you need lots of points for that. [15:06] solarwinds is notorious for the crazy pricing schemes [15:06] like people say that "ntt has issues" [15:06] yeah, i used them at my old employer [15:06] $3200/yr [15:06] for 2000 nodes [15:06] or something like that [15:06] and then someone else is like "it's fine for me" ... and you need lots of points, to break down where there are issues. [15:06] node being any point of monitoring (could be as simple as a port on a switch) [15:06] like it may be broken in san jose but fine in los angeles, but the provider is sending via san jose to los angeles. [15:07] even los angeles -> san jose -> los angeles isn't uncommon. [15:08] tbh I just want to know if the host is up and responding to certain services [15:09] static: what if there's 20%+ packet loss? [15:10] if you just want to do that, then there's things like spong, nagios etc. [15:11] i want something that I'm not hosting personally tbh [15:11] yeah [15:12] most smaller users do. [15:12] i'm using nodeping and spong. [15:12] but nodeping seems to give spurious alerst sometimes. [15:13] it doesn't for me, ime experience over several months [15:14] how many hosts are you monitoring? [15:14] i have 46 checks. [15:15] also i have been using it since 2012. [15:16] nodeping tells me I have 45 checks, which does not mean 45 hosts, some hosts are monitored for specific services [15:16] ah ok [15:17] yeah i'm measuring a few things. [15:17] it's actually been better than it was too [15:18] it doesn't take many alerts in the middle of the night to be annoying [15:18] my phone is completely silent at night, idc about alerts [15:18] ahh ok. [15:19] its all personal stuff so if it is down in the middle of the night, its fine [15:19] i care, unless i get too many false positives, and that's bad. [15:19] yeah my personal stuff is email only. [15:21] though my stuff is fairly reliable, all good providers with good networks [15:22] so it is rare that i get any significant downtime [15:23] i need to write a script to monitor some hardware RAID hm [15:37] on LSI stuff, i just had a status dump written to a file on the disk, then scripted something to parse the file [15:37] yeah its LSI [15:38] lemme see if i kept any of my documentation [15:38] 04:00.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID SAS 2108 [Liberator] (rev 05) [15:50] *** novae has quit IRC (Ping timeout: 245 seconds) [16:00] *** novae has joined #arpnetworks [16:22] jpalmer: so it wasn't just a spam report, but spam from me? [16:22] up_the_irons: correct, spam from you. [16:22] let me pull up the headers. I'll pastebin it [16:22] That's what she said!! [16:23] BryceBot: no [16:23] Oh, okay... I'm sorry. 'let me pull up the headers. I'll pastebin it' [16:23] BryceBot: I'm going to figure out what triggers you. [16:26] hmm someone is trying to smtp auth attack my mail server. i don't have smtp auth. [16:27] mercutio, that probably happens all day [16:27] not when i check logs normally [16:27] oh that's good of you then :) [16:27] I have a script which pulls from http://www.openbl.org/ and adds/removes -blackhole entries for it [16:28] in the routing table [16:28] hah my mail servers is returning Error: authentication not enabled [16:28] they would see spamd first for my server anyway (and spamd doesn't log) [16:28] i didn't have much logs, i am tcpdumping their ip [16:29] i'm not using fail2ban or anything [16:30] but yeah null routed them. [16:30] right after that recent bash feature/bug I checked my HTTP logs and counted a lot of attacks [16:31] i see wp-login attacks quite often [16:31] yeah and phpmysql. fortunately I don't even have cgi let alone any of that [16:31] heh [16:34] so you're greylisting with spamd? [16:34] did you find it helped much? [16:34] a lot of the spam i get these days comes from gmail etc. [16:37] very much [16:38] from > 20 a day to < 10 a month [16:38] i like email being quick [16:39] I have gmail and amazon outbound whitelisted, mostly because they don't send retries from the same IP [16:39] once you run it for a while all your normal emails are fast [16:40] I should probably whitelist the other big providers but I don't get any email from them... [16:41] i got a spam today, but i'm struggling to find another one [16:41] actually woot seems to randomly have started emailing me, i suppose that's like spam [16:42] so 1 in 558 messages seems pretty low. [16:43] that's with just amavis/spamassassin/rbl [16:43] and dkim/spf/blah etc is on there too. [16:43] pyzor, razor, dcc i think [16:44] oh just pyzor/razor [16:45] I have SPF but no DKIM [16:46] dkim signing is recommended for sending mail to gmail these days [16:47] spf only really stops people pretending to be you [16:47] so it's only good with -all [17:07] A bayesian score of >.96 is what triggers it... And since the net is frequently fed and tuned, exactly "what" triggers it is a moving target :P 16:22:30 jpalmer | BryceBot: I'm going to figure out what triggers you. [17:08] oh, so I just have to figure out it's input channel for the bayesian filtering, and influence it that way :P [17:09] jpalmer: its input are "twss" and "BryceBot: no" [17:09] to mark the prior line as ham/spam (so to speak) [17:11] it seems to trigger too often [17:11] And so yes, you could theoretically just feed it things like "ham ham ham ham ham ham" and followed by "twss" a lot. But I will catch you. And the nature of bayesian learning will thward that somewhat too. [17:11] I wouldn't say "too often" just "inappropriately" [17:12] well if it happened less often then people would be somewhat more surprised by it [17:12] Either way, that's what "no" is for [17:12] My last foray into bayesian filtering was running a pretty sizeable mail cluster with dspam. [17:12] jpalmer: with mysql? [17:13] mercutio: it's been a few years, but yea it woulda either been mysql or postgresql. [17:13] probably mysql, since I ran postgrey, too. [17:13] i used to use dspam and postgrey too [17:14] i was struggling with feeding it enough data into dspam though. [17:14] and then it'd go wonky, as it was expiring tokens. i tried amavis's autofeed into it, but it really didn't seem to help. [17:15] mine got good enough, that I actually got rid of the rbl's and just used dspam and greylisting. nowadays, ain't nobody got time for dat [17:15] most of the spam that gets through these days isn't very easily basyian'ed away. [17:15] right [17:15] hmm, i find rbl's and no dspam/greylisting good enough :) [17:15] doing email *right* is a full time job. and frankly, I'd rather just outsource it to google. [17:15] but razor does a kind of baysian stuff too i think [17:15] That's what she said!! [17:16] BryceBot: no [17:16] Oh, okay... I'm sorry. 'but razor does a kind of baysian stuff too i think' [17:17] http://pastebin.com/jkJ1bKQJ [17:17] this is my most recent spam [17:17] i dunno if baysian would do much with that. it didn't have a photo attached. [17:50] *** dne has quit IRC (Remote host closed the connection) [17:52] *** dne has joined #arpnetworks [19:09] *** plett has quit IRC (Ping timeout: 245 seconds) [19:13] *** plett has joined #arpnetworks [21:28] have you guys seen a lot of people using @gmail on their resume? [21:49] Can't say as I see many resumes, but the last resume I saw was from a @gmail.com [21:49] And I can't say as I see anything wrong with it, in most circumstances. [21:51] People tend to have their personal address and their company address, and why would you put your company address on a resume?? And 99% of the world doesn't self-host their email, so they're using free providers like gmail. [21:51] i think a domain adds a bit more to it, but maybe that's just me [21:52] Now what really gets my goat are companies, medical practices, etc that have a @aol.com (etc) address. There's no excuse there. (And it's 1000x worse when that address is sirfluffy@somemail.com) [21:52] Really depends on the job, JC_Denton [21:52] lol, yeah [21:52] I wouldn't expect someone applying at the local taco shop to have their own domain [21:52] tech jobs [21:53] Even in tech, there's a wide range. eg. Sysadmin? Definitely should have their own. Jr programmer? No reason to. [21:59] i need to setup my .ninja names :) [22:01] and half the time having their own nowadays means they know how to register a domain, use web-dns, and type the name into Google Apps [22:02] got to hang out with a number of TWiT hosts and Leo himself tonight [22:02] (Note: Google Apps no longer offers a free tier to new users.) [22:02] free dinner is free. :) [22:02] oh [22:02] mkb: you're essentially arguing the other side - "It's so easy to have your own domain so why doesn't everybody?" [22:03] Nothing wrong with that side, of course. But for the lowly jr. programmer, why should the waste $10/yr on a domain and whatever time/effort to run email? [22:03] *they [22:03] time/effort > $10 [22:04] (That would be time-slash-effort + $10/yr) [22:05] right [22:05] though even if Google Apps isn't free, I see these server-in-a-box tutorials on HN all the time [22:05] and poorly hosted is worse than anything else [22:05] or just get mail hosting from your domain provider [22:05] ^ just what I was writing [22:06] (the poorly hosted is worse comment) [23:07] TBH, I see nothing wrong with a sysadmin not having their own domain for mail. And I have my own domain. [23:08] I even use gmail on occassion, as it goes nicely to multiple devices. I just don't want to overuse it. [23:21] i really hate those "server in a box tutorials" [23:21] because inevitably it ends up resulting in unupdated crap two months later [23:21] and no failover/spof for email or something [23:22] you think mail servers need failover? [23:23] probably, since i assume most people doing this will have a single mx record [23:23] less to go wrong though [23:23] poorly implemented redundant solutions are less reliable than well implemented non-redundant. [23:24] and even if you lose mail for a couple of days, there shouldn't be any serious reprecusions. [23:24] i dunno i just assume the 'one click x in a box' things will just result in people picking the cheapest possible thing, running a script directly with wget piped into bash, and then never ssh again [23:24] heh and being open spam relays? [23:25] probably. i don't have high expectaiotns for these [23:25] mail is pretty okay non-redundant since the remote server will queue and retry but I'd still be more comfortable with two MXs [23:25] same with shared hosting control panels that provide one click wordpress/etc [23:25] probably never going to get updated, and already vuln when installed [23:25] get on up [23:25] and DANCE [23:25] * BryceBot dances :D-< [23:25] * BryceBot dances :D|-< [23:25] * BryceBot dances :D/-< [23:25] it's no worse than running "redundant exchange configurations" [23:25] wat [23:25] wtf is that bot [23:25] bayesian filter; brycec was in here earlier explaining [23:25] what i hate is things like gmail throwing normal mail into spam. [23:26] why it activated then I have no idea [23:26] it's way too keen to prevent spam that it has a high amount of false positives. [23:26] enough so that people say "check your spam folder". i never have to check my spam folder. that's the way i like it. [23:27] I don't have a spam "folder". it's rejected or inbox and I like it [23:27] i see more issues with "normal mail delivery" than with down servers these days. [23:29] recently lots of problems seem to be related to things like people having misconfigured spf records. [23:29] who? server in a box people or big providers who should know better? [23:30] nah small businesses who have some external guy that helps them. [23:30] that's always fun [23:30] spf is way past only medium to big providers having it. [23:30] so server in a box guys it sounds like [23:30] website maker, inhouse tech/helpdesk, underpaid, responsible for everything, all in one usually [23:30] now places with 6 staff have it. [23:31] spf is easy enough now that there's not really an excuse [23:31] oh i'm thinking similar to people who get paid big $ to install a "router" [23:31] which only supports mtu of 1492 because it might have to work with pppoe and doesn't support baby jumbo frames. [23:32] what is a jumbo frame [23:32] who then decide to run ipsec from some other little appliance thingy which expects 1500 mtu [23:32] *plugs in dlink router from walmart* [23:32] jumbo frame is > 1500 mtu [23:32] pppoe is ppp over ethernet which has 8 byte header encapsulation. [23:33] baby jumbo is like 1560 mtu etc, where it's enough to have some amount of tunneling, but not enough to have like 6000 bytes+ [23:33] and if your remote is AT&T, no auth failure [23:33] mkb: is at&t running 1492 mtu? [23:33] yes [23:33] mkb: does it do mss clamping? [23:33] oh you might not know what that is hmm [23:33] I do [23:34] idk on their end. path mtu discovery works [23:34] half the isp's here do mss clamping at their end. and 90% of modems do mss clamping by default. [23:34] so if you have some modem that doesn't do mss clamping, and use one of the isp's that hasn't done clamping due to avoiding user issues, then you'll find some web sites randomly won't work. [23:35] the ones who block ICMP so that pmtud doesn't work [23:35] nah it's external sites that block it normally [23:35] it used to be banks that were the worst here. [23:35] like the "biggest" bank in this country used to do it. [23:36] yeah that's what I mean [23:36] oh right, but it's not the isp that blocks icmp [23:36] it was more of an issue in dialup times. [23:36] i used to run 296/576 mtus. [23:37] and things broke pretty quickly if you didn't clamp. [23:37] 576 is IPv4 minimum right? [23:37] but adsl kind of made 1492 mtu common. [23:37] nah it's ipv6 minimum i think [23:37] I thought ipv6 was 1280 and IPv4 was 5something [23:38] that's datagram. [23:38] well things worked ok with mtu of 296 at least. [23:39] with tcp window scaling off, tcp timestamps off, tcp window reduced, [23:39] vj header compression isn't compatible with window scaling etc. with vj header compression overhead for small packets is pretty low. [23:49] vj header compression really doesn't work well now days :) [23:50] AT&T must MSS clamp [23:50] wouldn't surprise me. [23:51] if you stop 1% of support calls, it's significant revenue. [23:51] if you let people use their own modems and are of significant size, it's kind of a necessity. [23:52] it's easy on modern gear. with old dialup gear they didn't have those kinds of smarts. [23:52] I'd much prefer to break broken sites and force them to fix their firewall [23:52] good luck :)