[00:30] You can set a name and still use an IP. host=$IP and menu=$name 21:17:23 ⤷ | because often you want to use names rather than ip's. [00:30] eg: ++++HEtserv3fmt2v4 [00:30] host = 72.52.104.74 [00:30] menu = tserv3.fmt2 [00:30] title = Fremont, CA, US (tserv3.fmt2 72.52.104.74) [00:31] And yes, I had those particular probes using DNS lookups, so if DNS wasn't even resolving, gaps. [00:33] Which is the definition for https://smokeping.cobryce.com/?target=Internet.HENet.NorthAmerica.HEtserv3fmt2v4 [00:46] *** cloudkitsch has joined #arpnetworks [02:17] i'd like to reference by name [02:18] and have it do a dns lookup on config load or something [02:18] i dunno, for things like google it remaps things at diff times [02:18] but async dns is kind of a pita [02:18] i wonder what fping is doing [02:20] Do not retry twice DNS lookup on DNS lookup problem [02:20] hmm i wonder if that would help [02:20] that was changed in may last year [02:20] version 3.10 [02:21] src/options.h:#define DNS_TIMEOUT 1000 /* time in micro_sec for dns retry */ [02:21] just reducing that could help too [02:21] *** cloudkitsch has quit IRC (Remote host closed the connection) [02:22] i wonder if youi can set from command line [02:22] oh nothing seems to reference it :/ [02:28] yeah it's just doing gethostbyname [02:28] so it's not even doing saync [02:29] the easiest solution may be to run something else before it that does async lookup on all of the names [02:39] what about adns/adnshost? [02:55] think i got something [03:01] http://weallsee.net/asyncdnsfping [03:01] hackish, buut calls adnshost then fping [03:06] *** RandalSchwartz has quit IRC (Ping timeout: 256 seconds) [04:49] *** carvite has quit IRC (Ping timeout: 264 seconds) [05:10] *** carvite has joined #arpnetworks [06:46] *** dne has quit IRC (Ping timeout: 272 seconds) [06:55] *** dne has joined #arpnetworks [09:12] *** RandalSchwartz has joined #arpnetworks [09:12] *** RandalSchwartz has quit IRC (Changing host) [09:12] *** RandalSchwartz has joined #arpnetworks [10:54] i have too much 2.4Ghz in my flat [10:55] trying to have 2.4 wifi, bluetooth, coordless phones, wireless mice/keyboard all using the same spectrum, it gets messy [10:55] have got 5GHz wifi, but only a few things use it [10:55] *** hive-mind has quit IRC (Ping timeout: 265 seconds) [10:56] looking at spectrum analysers, in combination from scatter noise from neighbouring wifi, there is absolutely no clear airspace in the 13 channel scope [10:56] even cross-over channels are being used as some AP's primary [10:57] soon as one or more statiosn start saturating 50mbps over 2.4GHz, it sends my bluetooth audio system awack [10:57] *** hive-mind has joined #arpnetworks [11:51] yeah, it isn't helpful that lots of ISPs' modems started including a wlan radio and most don't educate their customers about that [11:52] so they go and buy another router, and have the secured (not in use) modem wlan network as well as their new router all crowding stuff up [12:06] have hidden my 2.4GHz away in a cupboard so it doesn't see other wifi's as easy (perfectly located to cover the flat too) - but it still crosstalks a lot and can see differences in wifi to wifi transfers at different times [12:06] would go ac, but only have a single device with capability [12:06] 5Ghz has about 7 APs i can pick up [12:07] 2.4 there are about 20 [14:02] the biggest problem with 2.4 is people using 40 mhz in built up areas. [14:02] i think 2.4 shoudl shift to 10 mhz if everyone's gong to use it [14:03] but who wants to buy a router with slower wifi by default? [14:04] no one [14:04] especially when 5Ghz is becoming the norm [14:04] yeah i'm actually wondering about 5ghz+lte :/ [14:04] like the most annoying thing i find is when i go to the letterbox my wireless drops [14:05] and it can't carry over to 3g when using skype [14:05] but my cordless phone cuts outt too [14:05] oh, maybe sticking wireles higher up would go down hill better, hmm.. [14:50] grody: cordless phones are 1.8 ghz here, are you sure yours are 2.4 ? [14:56] It's likely that grody's phones are DECT, which has its own band at 1880-1900MHz. It would be unusual to have phones at 2.4 [14:57] plett there may be some that do 2.4? [14:58] cordless phones, microwaves [14:59] its a well known problem [14:59] mercutio: 2.4 is an unlicenced ISM band, so it's possible that there are phones using it, but it would be very unlikely in the UK. I can't speak for the rest of the world though [15:00] And I have used some quite horrible 802.11b SIP wifi phones in the past which would have been in 2.4 [15:04] my sip phones are dect [15:04] and there are two, because otherwise i have battery issues [15:05] i still wish they had bettery passive battery life, like when waiting for a call [15:06] i also have sip on my cellphone, so i can voip from anywhere :) [15:06] but lots of people i know are shifting off voip to just straight cellphone [15:12] I also have SIP DECT phones here. The next step is to get people to call the SIP number rather than the actual landline [15:13] can't you just put the landline nuumber on the voip? [15:13] I have an ATA on the landline which does that. But porting the number out to a SIP provider would be problematic for the DSL that I have on the line [15:14] oh [15:14] here we have "naked" dsl which is dsl without landline [15:14] The only people who ever call the landline are my mum and my wife's parents. It can't be too much work to get them to update their address books :) [15:15] i don't have any landline anymore [15:15] maybe unplug the phone and they'll get hte mesage? [15:15] i assume you've given them the new number [15:16] Not yet, they don't like change that much [15:16] ahh [15:17] Also it's not really a problem, the same set of handsets ring when either number is called [15:17] i think it is kind of complicated here too [15:17] ahh [15:18] and you have to port landline numbers to get "non-weird" looking numbers. [15:18] ie, i have one in a city where all the numbers are 3/9 and i have a 7 [15:18] err start with a 3 or 9 [15:19] the 9s were alternate providers, dunno where the 7 came from :) [15:20] Kind of the same here too, but there are enough providers with allocations that people are used to numbers beginning with all sorts of digits [15:20] ahh cool [15:20] when i was a kid i kind of knew where all the different number blocks were location wise. [15:21] and i thought it nifty that numbers would be in area/region so you could tell where somebody was generally [15:22] but with voip you have no idea :) [15:26] Only the area code has geographic significance here any more. I think numbers inside an area code used to be allocated to particular exchanges or subsection of the exchange, but that went away when exchanges went digital about 20 years ago [15:26] After that it was just a single pool of numbers that could be routed anywhere [15:27] oh ok they've been saying they'll go digital for 20+ years here [15:27] but atm you can't actually port a landline between area codes. [15:27] so you move from one house to another in a different suburb you hvae to change numbers. [15:27] That's what she said!! [15:28] well unless you go voip [15:28] You can't port between area codes here either. But these days you'd port it out to voip if you wanted to keep the old number [15:28] like the exchanges themselves can't handle having foreign numbers, but the systems that route to the exchanges can. [15:29] well voip is the future i suppose [15:30] My view is that "telephone numbers" will be about as relevant in 5 years time as fax machines are now [15:30] heh when i first got my phone connected i had to send them a fax [15:30] i haven't sent a fax since [15:31] that was like 15 years ago [15:31] Yeah [15:31] it's so much easier to get phone lines etc now [15:31] but i was surpriseda bout how much of a pita it was back then, and it's not even that far back [15:32] There is so much pointless red tape and regulation involved in calls to/from the PSTN here, it's pretty much impossible for a new company to enter the market and be competitive [15:33] i think it's nifty on voip when it tells you who's ringing you [15:33] i love that feature [15:33] like not just caller id, but caller name [15:33] and not just from a phone book, but passed through from the provider. [15:33] So I am expecting people to just go around the regulators by not using phone numbers, SIP URIs instead, or facebook names, or whatever [15:34] well i'm just as happy to use skype as voip [15:34] and certain subsections of people skype is really taking off for [15:34] like people with relatives in other countries it's huge with [15:35] Yep [15:35] actually i think most younger people have access to it esaily now, i was trying to think of older people because that's more difficult. [16:05] just got a new printer that has an ssl enabled web interface [16:05] trying to get my wildcard cert installed on there [16:06] it says it needs a pkcs #12 encoded file [16:06] all of my attempts to encode that file have failed [16:08] it doesn't just use cloudprint? [16:08] maybe try google [16:08] web interface for configuration [16:09] wondering how I can test my pfx bundle [16:17] i got a cheap fancy printer, and i haven't used it in ages. [16:18] but i was surprised how far they'd come with interfaces etc. but the printer tray sucked :) [16:18] and i managed to jam it with hardly using it. [16:22] my pfx loads fine into windows cert manager [16:22] but the printer won't accept it [16:22] why do you need https to config it? [16:22] mismatch of accepted keysize or something [16:23] it switches to ssl when entering address book entries automatically [16:23] for the scan to email function [16:23] oh [16:23] it still works with invalid ssl and all sorts of warnings [16:23] i found scanning more of a pita than printing [16:24] I tried adding the cert it was using to my trusted certs, but it has a different common name on its cert so still invalid [16:34] *** mnathani__ has quit IRC (Ping timeout: 264 seconds) [16:34] *** mnathani_ has joined #arpnetworks [17:41] updating firmware on my head unit and radio integration dingus is a little funny [17:42] got the printer ssl working. Ended up generating a self signed cert and encoding that to the pkcs #12 pfx [20:18] *** mjp has quit IRC (Remote host closed the connection) [20:22] *** mjp has joined #arpnetworks [20:26] no valid ssl cert for arpnetworks website? [20:26] https://www.ssllabs.com/ssltest/analyze.html?d=support.arpnetworks.com [20:29] dont think thats intended to be ssl [20:29] since its hosted at tenderapp [20:30] see https://www.ssllabs.com/ssltest/analyze.html?d=graphs.arpnetworks.com&latest [20:31] so were supposed to send/read our account creds & VNC/serial console creds in the clear ? [20:31] ssl is pretty much free these days [20:31] thats under portal [20:31] which is ssl [20:32] ah well there you go [20:33] i guess its only the cookie for support that get sent in the clear, once you have already authed with portal [20:33] (have not verified that, but i assume thats how it works) [20:34] appears that way [20:55] you're safe accepting it, it's registered to tenderapp [20:56] there really needs to be better stuff for deciding who to accept [20:56] like spf records [20:56] support is mostly about articles telling you how to do stuff [21:01] hey support's ssl is perfectly secure.. nothing to sory about heh [21:01] SSL 2, which is obsolete and insecure/insecure Diffie-Hellman (DH) key exchange parameters/supports 512-bit export suites and might be vulnerable to the FREAK attack/vulnerable to the POODLE attack/vulnerable to MITM attacks because it supports insecure renegotiation [21:04] LS_RSA_WITH_RC4_128_MD5 (0x4) WEAK [21:12] oh [21:13] how common are mitm attacks really? [21:13] you know the browser should just remember if a site has used more secure ssl before [21:13] and if it downgrades in security alert the user [21:16] depends what network you are using at the time i guess :) [21:17] i think there's moce chance of something like paypal being spoofed with a "valid" certificate [21:17] if mitm attacks are done, i'm sure it'll be to try and make money [21:18] or for political reasons [21:19] it's not going to be to try and get the password of some vps [21:20] i imagine people doing this on public wifi etc would be oppotunistic and get whatever they can [21:21] oh public wifi i didn't think of that [21:21] i thought of dns injection attacks etc [21:22] it's more that it's easier to bruteforce rather than trivial isn't it? [21:27] i dont bother to find out, i just fix my ssl certs so they get A+ rating [21:28] i should use my secure cert [21:28] i've been using cloudflare's one [21:28] i don't even know how that works [21:29] like how can they give away free ssl certs? [21:29] also restrict cipher suites available for use in apache [21:29] maybe support.arpnetworks.com should be on cloudflare [21:29] would make problem look like it's gone away :) [21:29] the link from the portal is still non ssl [21:29] support doesn't support https [21:29] because it's using tender [21:30] mnathani_: the link to support? [21:30] it'd still allow ntt to do something weird [21:30] yea [21:30] but it would atke away wifi issues [21:30] link to support [21:30] i actually kind of like cloudflare now [21:30] i feel dirty saying that [21:30] where i work, everything is ssl by default [21:31] mercutio: https://blog.cloudflare.com/universal-ssl-encryption-all-the-way-to-the-origin-for-free/ [21:31] i mean there are things that i don't agree wtih, like hosting both their nameservers in the same location [21:31] but generally it seems to work well [21:32] m0unds: that wouldn't work [21:32] you dont need cloudflare to fix an ssl problem [21:32] as it's supplying tender's ssl cert [21:32] actually [21:33] yeah so it's not even on their netowrk [21:33] network [21:33] that was the wrong link, haha [21:36] i'm too lazy to find it again [21:36] heh [21:36] there was a post from someone at cloudflare outlining the cost part of it [21:36] anyway, the big question is: does it matter? [21:36] doubt it [21:37] i rarely use public wifi, and if i'm forced to for some reason, i use a vpn [21:38] ok it takes a few hours to break [21:38] doesn't mitigate weak cipher selection or whatever, but open public networks are cesspools anyway [21:38] and the rsa cert stays the same until you restart apache [21:38] it's worse than i thoguht it was [21:40] https://blog.cloudflare.com/introducing-universal-ssl/ is the link m0unds referred to, I believe [21:42] why wouldnt you just upgrade to a new/strong ssl cert and fix apache? heh [21:43] you dont know where customers will access your https site from [21:45] mjp, arp doesn't host it i was saying [21:45] so it's not possible for them to [21:45] only to suggest it be done [22:21] started getting packet loss again [22:27] must have just been a blip, i'm able to connect again. bleck. [22:30] weird [22:30] i've never had any issues connecting [22:31] i had a brief issue earlier today on smokeping, but it didn't look like it was related to arp [22:31] as multiple sites had issues at once [22:47] Strangely enough, my ssh session dumped me out [22:47] (and I just noticed :p) [22:48] my computer crashed this morning while i was asleep [22:48] it's weird because it always crashes when i'm not around [22:48] and X just shows the time it crashed (along with all the windows) with no kernel messsages :( [22:48] but it also means i can't see if any of my ssh sessions died [22:48] lol [22:49] it's happened like 3 times in the last week or something, and used to always be stable. [22:50] i imagine it's zfs related [22:51] because i have git zfs [22:53] actually it looks like 5 times in 3 days [23:28] brycec: yeah, mine dropped and kitty chimed at me while i was doing something else otherwise i wouldn't have noticed [23:35] oh is this an "active" shell rather than an idle shell? [23:36] ie following irc etc [23:36] that can sometimes time out easier with loss [23:36] That's what she said!! [23:36] whereas nat timeouts more affect idle clients [23:43] Yes, an active SSH session, at least as active as ServerAlive* and TCPKeepAlive, as well as frequently updating screen content. (It's an ssh session that never dies on its own). I have ServerAlive* set to 5*60, so that was 3 minutes without a server response to a keepalive message. :/ [23:43] i don't set any of that stuff and my ssh sessions don't die [23:44] but yeah that means too many resends [23:44] ie severe loss [23:44] have you noticed when you have a lossy connection that sometimes pressing an extra key can speed it up and echo the earlier key? [23:45] active can often speed up recovery [23:46] brycec: did you see my fping script? dunno what you think of it, kind of hackish :) [23:47] * brycec did not [23:48] http://weallsee.net/asyncdnsfping [23:48] or https [23:49] it can probably be done cleaner [23:50] but that should prefeed dns cache