brycec: eg: ++++HEtserv3fmt2v4
host = 72.52.104.74
menu = tserv3.fmt2
title = Fremont, CA, US (tserv3.fmt2 72.52.104.74)
And yes, I had those particular probes using DNS lookups, so if DNS wasn't even resolving, gaps.
Which is the definition for https://smokeping.cobryce.com/?target=Internet.HENet.NorthAmerica.HEtserv3fmt2v4
***: cloudkitsch has joined #arpnetworks
mercutio: i'd like to reference by name
and have it do a dns lookup on config load or something
i dunno, for things like google it remaps things at diff times
but async dns is kind of a pita
i wonder what fping is doing
Do not retry twice DNS lookup on DNS lookup problem
hmm i wonder if that would help
that was changed in may last year
version 3.10
src/options.h:#define DNS_TIMEOUT 1000 /* time in micro_sec for dns retry */
just reducing that could help too
***: cloudkitsch has quit IRC (Remote host closed the connection)
mercutio: i wonder if youi can set from command line
oh nothing seems to reference it :/
yeah it's just doing gethostbyname
so it's not even doing saync
the easiest solution may be to run something else before it that does async lookup on all of the names
what about adns/adnshost?
think i got something
http://weallsee.net/asyncdnsfping
hackish, buut calls adnshost then fping
***: RandalSchwartz has quit IRC (Ping timeout: 256 seconds)
carvite has quit IRC (Ping timeout: 264 seconds)
carvite has joined #arpnetworks
dne has quit IRC (Ping timeout: 272 seconds)
dne has joined #arpnetworks
RandalSchwartz has joined #arpnetworks
RandalSchwartz has quit IRC (Changing host)
RandalSchwartz has joined #arpnetworks
grody: i have too much 2.4Ghz in my flat
trying to have 2.4 wifi, bluetooth, coordless phones, wireless mice/keyboard all using the same spectrum, it gets messy
have got 5GHz wifi, but only a few things use it
***: hive-mind has quit IRC (Ping timeout: 265 seconds)
grody: looking at spectrum analysers, in combination from scatter noise from neighbouring wifi, there is absolutely no clear airspace in the 13 channel scope
even cross-over channels are being used as some AP's primary
soon as one or more statiosn start saturating 50mbps over 2.4GHz, it sends my bluetooth audio system awack
***: hive-mind has joined #arpnetworks
m0unds: yeah, it isn't helpful that lots of ISPs' modems started including a wlan radio and most don't educate their customers about that
so they go and buy another router, and have the secured (not in use) modem wlan network as well as their new router all crowding stuff up
grody: have hidden my 2.4GHz away in a cupboard so it doesn't see other wifi's as easy (perfectly located to cover the flat too) - but it still crosstalks a lot and can see differences in wifi to wifi transfers at different times
would go ac, but only have a single device with capability
5Ghz has about 7 APs i can pick up
2.4 there are about 20
mercutio: the biggest problem with 2.4 is people using 40 mhz in built up areas.
i think 2.4 shoudl shift to 10 mhz if everyone's gong to use it
but who wants to buy a router with slower wifi by default?
staticsafe: no one
especially when 5Ghz is becoming the norm
mercutio: yeah i'm actually wondering about 5ghz+lte :/
like the most annoying thing i find is when i go to the letterbox my wireless drops
and it can't carry over to 3g when using skype
but my cordless phone cuts outt too
oh, maybe sticking wireles higher up would go down hill better, hmm..
grody: cordless phones are 1.8 ghz here, are you sure yours are 2.4 ?
plett: It's likely that grody's phones are DECT, which has its own band at 1880-1900MHz. It would be unusual to have phones at 2.4
mercutio: plett there may be some that do 2.4?
staticsafe: cordless phones, microwaves
its a well known problem
plett: mercutio: 2.4 is an unlicenced ISM band, so it's possible that there are phones using it, but it would be very unlikely in the UK. I can't speak for the rest of the world though
And I have used some quite horrible 802.11b SIP wifi phones in the past which would have been in 2.4
mercutio: my sip phones are dect
and there are two, because otherwise i have battery issues
i still wish they had bettery passive battery life, like when waiting for a call
i also have sip on my cellphone, so i can voip from anywhere :)
but lots of people i know are shifting off voip to just straight cellphone
plett: I also have SIP DECT phones here. The next step is to get people to call the SIP number rather than the actual landline
mercutio: can't you just put the landline nuumber on the voip?
plett: I have an ATA on the landline which does that. But porting the number out to a SIP provider would be problematic for the DSL that I have on the line
mercutio: oh
here we have "naked" dsl which is dsl without landline
plett: The only people who ever call the landline are my mum and my wife's parents. It can't be too much work to get them to update their address books :)
mercutio: i don't have any landline anymore
maybe unplug the phone and they'll get hte mesage?
i assume you've given them the new number
plett: Not yet, they don't like change that much
mercutio: ahh
plett: Also it's not really a problem, the same set of handsets ring when either number is called
mercutio: i think it is kind of complicated here too
ahh
and you have to port landline numbers to get "non-weird" looking numbers.
ie, i have one in a city where all the numbers are 3/9 and i have a 7
err start with a 3 or 9
the 9s were alternate providers, dunno where the 7 came from :)
plett: Kind of the same here too, but there are enough providers with allocations that people are used to numbers beginning with all sorts of digits
mercutio: ahh cool
when i was a kid i kind of knew where all the different number blocks were location wise.
and i thought it nifty that numbers would be in area/region so you could tell where somebody was generally
but with voip you have no idea :)
plett: Only the area code has geographic significance here any more. I think numbers inside an area code used to be allocated to particular exchanges or subsection of the exchange, but that went away when exchanges went digital about 20 years ago
After that it was just a single pool of numbers that could be routed anywhere
mercutio: oh ok they've been saying they'll go digital for 20+ years here
but atm you can't actually port a landline between area codes.
so you move from one house to another in a different suburb you hvae to change numbers.
BryceBot: That's what she said!!
mercutio: well unless you go voip
plett: You can't port between area codes here either. But these days you'd port it out to voip if you wanted to keep the old number
mercutio: like the exchanges themselves can't handle having foreign numbers, but the systems that route to the exchanges can.
well voip is the future i suppose
plett: My view is that "telephone numbers" will be about as relevant in 5 years time as fax machines are now
mercutio: heh when i first got my phone connected i had to send them a fax
i haven't sent a fax since
that was like 15 years ago
plett: Yeah
mercutio: it's so much easier to get phone lines etc now
but i was surpriseda bout how much of a pita it was back then, and it's not even that far back
plett: There is so much pointless red tape and regulation involved in calls to/from the PSTN here, it's pretty much impossible for a new company to enter the market and be competitive
mercutio: i think it's nifty on voip when it tells you who's ringing you
i love that feature
like not just caller id, but caller name
and not just from a phone book, but passed through from the provider.
plett: So I am expecting people to just go around the regulators by not using phone numbers, SIP URIs instead, or facebook names, or whatever
mercutio: well i'm just as happy to use skype as voip
and certain subsections of people skype is really taking off for
like people with relatives in other countries it's huge with
plett: Yep
mercutio: actually i think most younger people have access to it esaily now, i was trying to think of older people because that's more difficult.
mnathani__: just got a new printer that has an ssl enabled web interface
trying to get my wildcard cert installed on there
it says it needs a pkcs #12 encoded file
all of my attempts to encode that file have failed
mercutio: it doesn't just use cloudprint?
maybe try google
mnathani__: web interface for configuration
wondering how I can test my pfx bundle
mercutio: i got a cheap fancy printer, and i haven't used it in ages.
but i was surprised how far they'd come with interfaces etc. but the printer tray sucked :)
and i managed to jam it with hardly using it.
mnathani__: my pfx loads fine into windows cert manager
but the printer won't accept it
mercutio: why do you need https to config it?
mnathani__: mismatch of accepted keysize or something
it switches to ssl when entering address book entries automatically
for the scan to email function
mercutio: oh
mnathani__: it still works with invalid ssl and all sorts of warnings
mercutio: i found scanning more of a pita than printing
mnathani__: I tried adding the cert it was using to my trusted certs, but it has a different common name on its cert so still invalid
***: mnathani__ has quit IRC (Ping timeout: 264 seconds)
mnathani_ has joined #arpnetworks
m0unds: updating firmware on my head unit and radio integration dingus is a little funny
mnathani_: got the printer ssl working. Ended up generating a self signed cert and encoding that to the pkcs #12 pfx
***: mjp has quit IRC (Remote host closed the connection)
mjp has joined #arpnetworks
mjp: no valid ssl cert for arpnetworks website?
https://www.ssllabs.com/ssltest/analyze.html?d=support.arpnetworks.com
mnathani_: dont think thats intended to be ssl
since its hosted at tenderapp
see https://www.ssllabs.com/ssltest/analyze.html?d=graphs.arpnetworks.com&latest
mjp: so were supposed to send/read our account creds & VNC/serial console creds in the clear ?
ssl is pretty much free these days
mnathani_: thats under portal
which is ssl
mjp: ah well there you go
i guess its only the cookie for support that get sent in the clear, once you have already authed with portal
(have not verified that, but i assume thats how it works)
mnathani_: appears that way
mercutio: you're safe accepting it, it's registered to tenderapp
there really needs to be better stuff for deciding who to accept
like spf records
support is mostly about articles telling you how to do stuff
mjp: hey support's ssl is perfectly secure.. nothing to sory about heh
SSL 2, which is obsolete and insecure/insecure Diffie-Hellman (DH) key exchange parameters/supports 512-bit export suites and might be vulnerable to the FREAK attack/vulnerable to the POODLE attack/vulnerable to MITM attacks because it supports insecure renegotiation
LS_RSA_WITH_RC4_128_MD5 (0x4) WEAK
mercutio: oh
how common are mitm attacks really?
you know the browser should just remember if a site has used more secure ssl before
and if it downgrades in security alert the user
mjp: depends what network you are using at the time i guess :)
mercutio: i think there's moce chance of something like paypal being spoofed with a "valid" certificate
if mitm attacks are done, i'm sure it'll be to try and make money
or for political reasons
it's not going to be to try and get the password of some vps
mjp: i imagine people doing this on public wifi etc would be oppotunistic and get whatever they can
mercutio: oh public wifi i didn't think of that
i thought of dns injection attacks etc
it's more that it's easier to bruteforce rather than trivial isn't it?
mjp: i dont bother to find out, i just fix my ssl certs so they get A+ rating
mercutio: i should use my secure cert
i've been using cloudflare's one
i don't even know how that works
like how can they give away free ssl certs?
mjp: also restrict cipher suites available for use in apache
mercutio: maybe support.arpnetworks.com should be on cloudflare
would make problem look like it's gone away :)
mnathani_: the link from the portal is still non ssl
mercutio: support doesn't support https
because it's using tender
mnathani_: the link to support?
it'd still allow ntt to do something weird
mnathani_: yea
mercutio: but it would atke away wifi issues
mnathani_: link to support
mercutio: i actually kind of like cloudflare now
i feel dirty saying that
mjp: where i work, everything is ssl by default
m0unds: mercutio: https://blog.cloudflare.com/universal-ssl-encryption-all-the-way-to-the-origin-for-free/
mercutio: i mean there are things that i don't agree wtih, like hosting both their nameservers in the same location
but generally it seems to work well
m0unds: that wouldn't work
mjp: you dont need cloudflare to fix an ssl problem
mercutio: as it's supplying tender's ssl cert
actually
yeah so it's not even on their netowrk
network
m0unds: that was the wrong link, haha
i'm too lazy to find it again
mercutio: heh
m0unds: there was a post from someone at cloudflare outlining the cost part of it
mercutio: anyway, the big question is: does it matter?
m0unds: doubt it
i rarely use public wifi, and if i'm forced to for some reason, i use a vpn
mercutio: ok it takes a few hours to break
m0unds: doesn't mitigate weak cipher selection or whatever, but open public networks are cesspools anyway
mercutio: and the rsa cert stays the same until you restart apache
it's worse than i thoguht it was
brycec: https://blog.cloudflare.com/introducing-universal-ssl/ is the link m0unds referred to, I believe
mjp: why wouldnt you just upgrade to a new/strong ssl cert and fix apache? heh
you dont know where customers will access your https site from
mercutio: mjp, arp doesn't host it i was saying
so it's not possible for them to
only to suggest it be done
m0unds__: started getting packet loss again
must have just been a blip, i'm able to connect again. bleck.
mercutio: weird
i've never had any issues connecting
i had a brief issue earlier today on smokeping, but it didn't look like it was related to arp
as multiple sites had issues at once
brycec: Strangely enough, my ssh session dumped me out
(and I just noticed :p)
mercutio: my computer crashed this morning while i was asleep
it's weird because it always crashes when i'm not around
and X just shows the time it crashed (along with all the windows) with no kernel messsages :(
but it also means i can't see if any of my ssh sessions died
brycec: lol
mercutio: it's happened like 3 times in the last week or something, and used to always be stable.
i imagine it's zfs related
because i have git zfs
actually it looks like 5 times in 3 days
m0unds: brycec: yeah, mine dropped and kitty chimed at me while i was doing something else otherwise i wouldn't have noticed
mercutio: oh is this an "active" shell rather than an idle shell?
ie following irc etc
that can sometimes time out easier with loss
BryceBot: That's what she said!!
mercutio: whereas nat timeouts more affect idle clients
brycec: Yes, an active SSH session, at least as active as ServerAlive* and TCPKeepAlive, as well as frequently updating screen content. (It's an ssh session that never dies on its own). I have ServerAlive* set to 5*60, so that was 3 minutes without a server response to a keepalive message. :/
mercutio: i don't set any of that stuff and my ssh sessions don't die
but yeah that means too many resends
ie severe loss
have you noticed when you have a lossy connection that sometimes pressing an extra key can speed it up and echo the earlier key?
active can often speed up recovery
brycec: did you see my fping script? dunno what you think of it, kind of hackish :)
-: brycec did not
mercutio: http://weallsee.net/asyncdnsfping
or https
it can probably be done cleaner
but that should prefeed dns cache