↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
Who | What | When | |
---|---|---|---|
*** | jcv has joined #arpnetworks | [00:03] | |
.......... (idle for 45mn) | |||
kevr_ has quit IRC (Changing host)
kevr_ has joined #arpnetworks kevr_ is now known as kevr | [00:48] | ||
.......................................................... (idle for 4h49mn) | |||
mnathani | ] | [05:37] | |
.... (idle for 16mn) | |||
*** | tabthorpe has quit IRC (Quit: leaving)
tabthorpe has joined #arpnetworks tabthorpe has quit IRC (Changing host) tabthorpe has joined #arpnetworks | [05:53] | |
..................... (idle for 1h44mn) | |||
mike-burns has quit IRC (Quit: WeeChat 1.0.1) | [07:39] | ||
..... (idle for 20mn) | |||
mike-burns has joined #arpnetworks
ChanServ sets mode: +o mike-burns | [07:59] | ||
...................................... (idle for 3h7mn) | |||
mus1cbox | ya im not looking forward to using ipv6. so fucking long | [11:06] | |
staticsafe | just use DNS | [11:11] | |
brycec | ^ | [11:13] | |
mus1cbox | how would you assign an ipv6 ip to a new machine, before it's even up and has a chance to be configured with dns?
or maybe it is the dns server | [11:14] | |
brycec | Plus if you have a brain like mine, it's easy to remember /64 portion | [11:14] | |
plett | mus1cbox: SLAAC | [11:14] | |
brycec | dhcpv6 can register with dns
or use mdns or just stop caring about addresses... (i.e. slaac) | [11:14] | |
mus1cbox | oh
so you guys are having a fine experience running ipv6? | [11:19] | |
mercutio | static: no-one uses dns on ipv6 | [11:20] | |
brycec | Huh ^? | [11:20] | |
mercutio | dns reverse lookups bascially don't exist. | [11:21] | |
mus1cbox | wtf why not | [11:21] | |
brycec | uh... what? ^?
mercutio: you trolling? | [11:21] | |
mercutio | because providers never seem to configure it? | [11:21] | |
brycec | Because... DNS still a thing, including PTR. | [11:21] | |
mercutio | brycec: do some traceroutes over ipv6...
you'll quickly see 8/10 or more ipv6 addresses have no reverse dns | [11:21] | |
brycec | lazy providers... Half my v4 hops across comcast don't have ptr's. Doesn't mean nobody DNS' on IPv4 though. | [11:22] | |
mercutio | like tracing www.google.com from arp has 0 dns reverse lookups. | [11:22] | |
brycec | Nah, it has 1 - google's | [11:22] | |
mercutio | not here | [11:22] | |
mus1cbox | seems ipv6 is reducing network accessibility for admins | [11:23] | |
brycec | 11. iad23s23-in-x03.1e100.net 0.0% 6 68.4 68.5 68.4 68.7 0.2 | [11:23] | |
mercutio | http://pastebin.com/raw.php?i=kFTYJ0W6 | [11:23] | |
plett | mercutio: That's not a v6 thing, Google suck at adding v4 PTR records as well as v6 | [11:23] | |
mercutio | weird traceroute isn't working with udp or icmp wioth ipv4
oh just timing oitu hop 10 pa-in-f106.1e100.net (74.125.25.106) 30.763 ms 30.771 ms 30.612 ms i got one google lookup | [11:25] | |
mus1cbox | is it true ipv6 is less secure? | [11:25] | |
brycec | No
It's as-secure as v4 generally | [11:26] | |
mercutio | mus1cbox: lots of users don't do firewalls on ipv6.
and were relying on nat for "firewall" on ipv4. | [11:26] | |
brycec | there are some security/privacy extensions available to v6 too
As a technology, it's as-secure | [11:26] | |
mercutio | so you may find suddenly you can accept incoming connections when you coiuldn't before. | [11:26] | |
brycec | It's just the same as before "everybody" was NAT'ing | [11:26] | |
mercutio | there are some neighour exhaustion issues too. | [11:27] | |
mus1cbox | ah | [11:27] | |
brycec | (and "everybody" used global v4 addresses) | [11:27] | |
mus1cbox | what's neighbor exhaustion? | [11:27] | |
mercutio | brycec: yes, but now people have the internet that used to not.
mus1cbox: it's when your subnet gets scanned and your router struggles to deal with checking out who is there. it's kind of like the "too large bridge domain" issue with ipv4.
| [11:27] | |
mus1cbox | oh
ty does ipv6 improve susceptibility to ddos? | [11:28] | |
mercutio | uhh
ddos is a complex issue. you can trivially overload switches etc. it should be fixed sometime. | [11:29] | |
m0unds | the only improvement to ddos susceptibility is that lots of zombie boxes used to attack stuff don't have ipv6 connectivity yet | [11:30] | |
mus1cbox | hahha
security through lack of connectivity :P | [11:31] | |
mercutio | m0unds: i thought hetzner etc had ipv6 now? | [11:31] | |
m0unds | mercutio: could be, i have no idea
but there are still tons of compromised residential machines being used as attack sources | [11:32] | |
mercutio | oh wtf
this is worse on that gear than i thought 1 pps of traffic with random ipv6 source address can full ndp table. | [11:32] | |
mus1cbox | pps? | [11:32] | |
mercutio | oh that's coming forom inside the network
packet per second | [11:32] | |
mus1cbox | you don't mean petabyte do you?
oh phew | [11:33] | |
mercutio | this is sounding worse and worse :)
that's on nexus 5500 with juniper it's slightly better apparently. | [11:33] | |
m0unds | yes, faster cpu, more ram | [11:34] | |
mus1cbox | death by 1pbs
pps* yea i think next time i buy networking gear i'll replace cisco with juniper | [11:34] | |
mercutio | so yeah don't use l3 switches for ipv6? | [11:34] | |
m0unds | there are pitfalls with either
mercutio: yeah, haha | [11:34] | |
mercutio | i hate dhcp
i hate arp not arp networks arp the protocol | [11:35] | |
m0unds | YOU BASTARD
GET OUT | [11:36] | |
mercutio | i hate neighbour discovery | [11:36] | |
m0unds | i hate my neighbors | [11:36] | |
mus1cbox | m0unds: choosing a name like arp networks, you have to expect some confusion | [11:36] | |
mercutio | heh | [11:36] | |
m0unds | mus1cbox: i know it | [11:36] | |
mercutio | i actually kind of think there should just be a secure key between ethernet devices
with maximum advertised ip's etc./ and dynamic routing type stuff with filters. and cut out bridging type systems but if using neighbour discovery you could still limit individual users to using too many addresses etc there's a discussion on nznog about ipv6 prefix size to allocate to end users. | [11:36] | |
............ (idle for 55mn) | |||
mus1cbox | what's the thinking? | [12:37] | |
........ (idle for 39mn) | |||
mercutio | not much currently.
not the best time of year to get responses :) whenever i see an interesting post i hope people have interesting replys. but often the good posts don't get many answers. i'm about to redo my raid... fun times. going from 3 to 4 drives and new raid array is going to be slightly annoying as don't have enough sata ports :( | [13:16] | |
*** | novae_ has quit IRC (Ping timeout: 265 seconds) | [13:35] | |
novae has joined #arpnetworks | [13:40] | ||
mus1cbox | do you use zfs? | [13:46] | |
mercutio | yes
and mdadm i'm using mdadm in raid 10, and zfs in raid-z but going to do raid 10 for both i think but raid 0 for bulk storage. and just backup over network to hard-disk system this is ssd only :) only got 3x120gb atm though and upgrading to 2x250 and 2x480 trying to decide on layout.. i'm thinking like 32gb for mdadm per disk, 4gb for swap, 16gb for proxy, 200gb for zfs maybe 192gb for zfs, i have to short stroke a bit more the 250s i think. then like 220x2 extra for zfs raid 0 fuck it i'll just do the root first :) | [13:46] | |
........................................... (idle for 3h32mn) | |||
i hate grub | [17:22] | ||
up_the_irons | +1 | [17:29] | |
JC_Denton | lilo felt so much easier | [17:37] | |
mercutio | JC_Denton: does lilo support uefi?
i probably should research other boot loaders. | [17:45] | |
staticsafe | no it doesn't | [17:49] | |
.... (idle for 18mn) | |||
brycec | elilo does
@wiki elilo | [18:07] | |
BryceBot | LILO (boot loader) :: LILO (LInux LOader) is a boot loader for Linux and was the default boot loader for most Linux distributions in the years after the popularity of loadlin. Today, most distributions use GRUB as the default boot loader. Overview LILO does not depend on a specific file system, and can boot an operating system (e.g., Linux kernel images) from floppy disks... http://en.wikipedia.org/wiki/LILO%20%28boot%20loader%29 | [18:07] | |
....... (idle for 30mn) | |||
dne | dne prefers syslinux - recent versions have EFI support | [18:37] | |
........ (idle for 35mn) | |||
mercutio | interesting.
i really just want to be able to select a few different kernels to boot | [19:12] | |
......................... (idle for 2h2mn) | |||
jpalmer | how many people will stop following me on twitter, if I tweet about a powershell post? :P | [21:14] | |
........ (idle for 37mn) | |||
mercutio | heh
only one way to find out :) Timing buffered disk reads: 4660 MB in 3.00 seconds = 1552.74 MB/sec nice and fast raid :) | [21:51] | |
*** | SpeedBus has quit IRC (Quit: SpeedBus@CrownCloud.net) | [22:01] | |
mus1cbox | https://www.youtube.com/watch?v=sV_bDXgeg7Q | [22:13] | |
BryceBot | YouTube People: "Counterfeiting : Documentary on the Business of Counterfeits and Knock-Offs" by The New School (1h 35m 17s), 892,712 views, 2,727 likes and 256 dislikes. Uploaded 2013-10-01T03:56:12.000Z. | [22:13] | |
mus1cbox | interesting watch, esp for anyone who takes pharmaceutical drugs | [22:14] | |
m0unds | hahaha, i got a ps3 eye camera for doing head tracking in ARMA and flight sims
my wife was freaked out moving her head and having it pan the view around | [22:25] | |
mus1cbox | step 1. step 2, Fabio.
(http://www.fabioifc.com/) | [22:31] | |
.......... (idle for 49mn) | |||
mercutio | that does sound a little disorientating | [23:20] | |
..... (idle for 20mn) | |||
uh oh i'm reading slashdot again. bots are scanning github to steal amazon ec2 keys. | [23:40] | ||
mus1cbox | how could that be, git users are soooo smart | [23:41] | |
mercutio | heh | [23:41] |
↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |