#arpnetworks 2015-03-29,Sun

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
brycecYou can set a name and still use an IP. host=$IP and menu=$name 21:17:23 ⤷ | because often you want to use names rather than ip's.
eg: ++++HEtserv3fmt2v4
host = 72.52.104.74
menu = tserv3.fmt2
title = Fremont, CA, US (tserv3.fmt2 72.52.104.74)
And yes, I had those particular probes using DNS lookups, so if DNS wasn't even resolving, gaps.
Which is the definition for https://smokeping.cobryce.com/?target=Internet.HENet.NorthAmerica.HEtserv3fmt2v4
[00:30]
***cloudkitsch has joined #arpnetworks [00:46]
................... (idle for 1h31mn)
mercutioi'd like to reference by name
and have it do a dns lookup on config load or something
i dunno, for things like google it remaps things at diff times
but async dns is kind of a pita
i wonder what fping is doing
Do not retry twice DNS lookup on DNS lookup problem
hmm i wonder if that would help
that was changed in may last year
version 3.10
src/options.h:#define DNS_TIMEOUT 1000 /* time in micro_sec for dns retry */
just reducing that could help too
[02:17]
***cloudkitsch has quit IRC (Remote host closed the connection) [02:21]
mercutioi wonder if youi can set from command line
oh nothing seems to reference it :/
[02:22]
yeah it's just doing gethostbyname
so it's not even doing saync
the easiest solution may be to run something else before it that does async lookup on all of the names
[02:28]
what about adns/adnshost? [02:39]
.... (idle for 16mn)
think i got something [02:55]
http://weallsee.net/asyncdnsfping
hackish, buut calls adnshost then fping
[03:01]
***RandalSchwartz has quit IRC (Ping timeout: 256 seconds) [03:06]
..................... (idle for 1h43mn)
carvite has quit IRC (Ping timeout: 264 seconds) [04:49]
..... (idle for 21mn)
carvite has joined #arpnetworks [05:10]
.................... (idle for 1h36mn)
dne has quit IRC (Ping timeout: 272 seconds) [06:46]
dne has joined #arpnetworks [06:55]
............................ (idle for 2h17mn)
RandalSchwartz has joined #arpnetworks
RandalSchwartz has quit IRC (Changing host)
RandalSchwartz has joined #arpnetworks
[09:12]
..................... (idle for 1h42mn)
grodyi have too much 2.4Ghz in my flat
trying to have 2.4 wifi, bluetooth, coordless phones, wireless mice/keyboard all using the same spectrum, it gets messy
have got 5GHz wifi, but only a few things use it
[10:54]
***hive-mind has quit IRC (Ping timeout: 265 seconds) [10:55]
grodylooking at spectrum analysers, in combination from scatter noise from neighbouring wifi, there is absolutely no clear airspace in the 13 channel scope
even cross-over channels are being used as some AP's primary
soon as one or more statiosn start saturating 50mbps over 2.4GHz, it sends my bluetooth audio system awack
[10:56]
***hive-mind has joined #arpnetworks [10:57]
........... (idle for 54mn)
m0undsyeah, it isn't helpful that lots of ISPs' modems started including a wlan radio and most don't educate their customers about that
so they go and buy another router, and have the secured (not in use) modem wlan network as well as their new router all crowding stuff up
[11:51]
grodyhave hidden my 2.4GHz away in a cupboard so it doesn't see other wifi's as easy (perfectly located to cover the flat too) - but it still crosstalks a lot and can see differences in wifi to wifi transfers at different times
would go ac, but only have a single device with capability
5Ghz has about 7 APs i can pick up
2.4 there are about 20
[12:06]
........................ (idle for 1h55mn)
mercutiothe biggest problem with 2.4 is people using 40 mhz in built up areas.
i think 2.4 shoudl shift to 10 mhz if everyone's gong to use it
but who wants to buy a router with slower wifi by default?
[14:02]
staticsafeno one
especially when 5Ghz is becoming the norm
[14:04]
mercutioyeah i'm actually wondering about 5ghz+lte :/
like the most annoying thing i find is when i go to the letterbox my wireless drops
and it can't carry over to 3g when using skype
but my cordless phone cuts outt too
oh, maybe sticking wireles higher up would go down hill better, hmm..
[14:04]
.......... (idle for 45mn)
grody: cordless phones are 1.8 ghz here, are you sure yours are 2.4 ? [14:50]
plettIt's likely that grody's phones are DECT, which has its own band at 1880-1900MHz. It would be unusual to have phones at 2.4 [14:56]
mercutioplett there may be some that do 2.4? [14:57]
staticsafecordless phones, microwaves
its a well known problem
[14:58]
plettmercutio: 2.4 is an unlicenced ISM band, so it's possible that there are phones using it, but it would be very unlikely in the UK. I can't speak for the rest of the world though
And I have used some quite horrible 802.11b SIP wifi phones in the past which would have been in 2.4
[14:59]
mercutiomy sip phones are dect
and there are two, because otherwise i have battery issues
i still wish they had bettery passive battery life, like when waiting for a call
i also have sip on my cellphone, so i can voip from anywhere :)
but lots of people i know are shifting off voip to just straight cellphone
[15:04]
plettI also have SIP DECT phones here. The next step is to get people to call the SIP number rather than the actual landline [15:12]
mercutiocan't you just put the landline nuumber on the voip? [15:13]
plettI have an ATA on the landline which does that. But porting the number out to a SIP provider would be problematic for the DSL that I have on the line [15:13]
mercutiooh
here we have "naked" dsl which is dsl without landline
[15:14]
plettThe only people who ever call the landline are my mum and my wife's parents. It can't be too much work to get them to update their address books :) [15:14]
mercutioi don't have any landline anymore
maybe unplug the phone and they'll get hte mesage?
i assume you've given them the new number
[15:15]
plettNot yet, they don't like change that much [15:16]
mercutioahh [15:16]
plettAlso it's not really a problem, the same set of handsets ring when either number is called [15:17]
mercutioi think it is kind of complicated here too
ahh
and you have to port landline numbers to get "non-weird" looking numbers.
ie, i have one in a city where all the numbers are 3/9 and i have a 7
err start with a 3 or 9
the 9s were alternate providers, dunno where the 7 came from :)
[15:17]
plettKind of the same here too, but there are enough providers with allocations that people are used to numbers beginning with all sorts of digits [15:20]
mercutioahh cool
when i was a kid i kind of knew where all the different number blocks were location wise.
and i thought it nifty that numbers would be in area/region so you could tell where somebody was generally
but with voip you have no idea :)
[15:20]
plettOnly the area code has geographic significance here any more. I think numbers inside an area code used to be allocated to particular exchanges or subsection of the exchange, but that went away when exchanges went digital about 20 years ago
After that it was just a single pool of numbers that could be routed anywhere
[15:26]
mercutiooh ok they've been saying they'll go digital for 20+ years here
but atm you can't actually port a landline between area codes.
so you move from one house to another in a different suburb you hvae to change numbers.
[15:27]
BryceBotThat's what she said!! [15:27]
mercutiowell unless you go voip [15:28]
plettYou can't port between area codes here either. But these days you'd port it out to voip if you wanted to keep the old number [15:28]
mercutiolike the exchanges themselves can't handle having foreign numbers, but the systems that route to the exchanges can.
well voip is the future i suppose
[15:28]
plettMy view is that "telephone numbers" will be about as relevant in 5 years time as fax machines are now [15:30]
mercutioheh when i first got my phone connected i had to send them a fax
i haven't sent a fax since
that was like 15 years ago
[15:30]
plettYeah [15:31]
mercutioit's so much easier to get phone lines etc now
but i was surpriseda bout how much of a pita it was back then, and it's not even that far back
[15:31]
plettThere is so much pointless red tape and regulation involved in calls to/from the PSTN here, it's pretty much impossible for a new company to enter the market and be competitive [15:32]
mercutioi think it's nifty on voip when it tells you who's ringing you
i love that feature
like not just caller id, but caller name
and not just from a phone book, but passed through from the provider.
[15:33]
plettSo I am expecting people to just go around the regulators by not using phone numbers, SIP URIs instead, or facebook names, or whatever [15:33]
mercutiowell i'm just as happy to use skype as voip
and certain subsections of people skype is really taking off for
like people with relatives in other countries it's huge with
[15:34]
plettYep [15:35]
mercutioactually i think most younger people have access to it esaily now, i was trying to think of older people because that's more difficult. [15:35]
....... (idle for 30mn)
mnathani__just got a new printer that has an ssl enabled web interface
trying to get my wildcard cert installed on there
it says it needs a pkcs #12 encoded file
all of my attempts to encode that file have failed
[16:05]
mercutioit doesn't just use cloudprint?
maybe try google
[16:08]
mnathani__web interface for configuration
wondering how I can test my pfx bundle
[16:08]
mercutioi got a cheap fancy printer, and i haven't used it in ages.
but i was surprised how far they'd come with interfaces etc. but the printer tray sucked :)
and i managed to jam it with hardly using it.
[16:17]
mnathani__my pfx loads fine into windows cert manager
but the printer won't accept it
[16:22]
mercutiowhy do you need https to config it? [16:22]
mnathani__mismatch of accepted keysize or something
it switches to ssl when entering address book entries automatically
for the scan to email function
[16:22]
mercutiooh [16:23]
mnathani__it still works with invalid ssl and all sorts of warnings [16:23]
mercutioi found scanning more of a pita than printing [16:23]
mnathani__I tried adding the cert it was using to my trusted certs, but it has a different common name on its cert so still invalid [16:24]
***mnathani__ has quit IRC (Ping timeout: 264 seconds)
mnathani_ has joined #arpnetworks
[16:34]
.............. (idle for 1h7mn)
m0undsupdating firmware on my head unit and radio integration dingus is a little funny [17:41]
mnathani_got the printer ssl working. Ended up generating a self signed cert and encoding that to the pkcs #12 pfx [17:42]
................................ (idle for 2h36mn)
***mjp has quit IRC (Remote host closed the connection)
mjp has joined #arpnetworks
[20:18]
mjpno valid ssl cert for arpnetworks website?
https://www.ssllabs.com/ssltest/analyze.html?d=support.arpnetworks.com
[20:26]
mnathani_dont think thats intended to be ssl
since its hosted at tenderapp
see https://www.ssllabs.com/ssltest/analyze.html?d=graphs.arpnetworks.com&latest
[20:29]
mjpso were supposed to send/read our account creds & VNC/serial console creds in the clear ?
ssl is pretty much free these days
[20:31]
mnathani_thats under portal
which is ssl
[20:31]
mjpah well there you go
i guess its only the cookie for support that get sent in the clear, once you have already authed with portal
(have not verified that, but i assume thats how it works)
[20:32]
mnathani_appears that way [20:34]
..... (idle for 21mn)
mercutioyou're safe accepting it, it's registered to tenderapp
there really needs to be better stuff for deciding who to accept
like spf records
support is mostly about articles telling you how to do stuff
[20:55]
mjphey support's ssl is perfectly secure.. nothing to sory about heh
SSL 2, which is obsolete and insecure/insecure Diffie-Hellman (DH) key exchange parameters/supports 512-bit export suites and might be vulnerable to the FREAK attack/vulnerable to the POODLE attack/vulnerable to MITM attacks because it supports insecure renegotiation
LS_RSA_WITH_RC4_128_MD5 (0x4) WEAK
[21:01]
mercutiooh
how common are mitm attacks really?
you know the browser should just remember if a site has used more secure ssl before
and if it downgrades in security alert the user
[21:12]
mjpdepends what network you are using at the time i guess :) [21:16]
mercutioi think there's moce chance of something like paypal being spoofed with a "valid" certificate
if mitm attacks are done, i'm sure it'll be to try and make money
or for political reasons
it's not going to be to try and get the password of some vps
[21:17]
mjpi imagine people doing this on public wifi etc would be oppotunistic and get whatever they can [21:20]
mercutiooh public wifi i didn't think of that
i thought of dns injection attacks etc
it's more that it's easier to bruteforce rather than trivial isn't it?
[21:21]
mjpi dont bother to find out, i just fix my ssl certs so they get A+ rating [21:27]
mercutioi should use my secure cert
i've been using cloudflare's one
i don't even know how that works
like how can they give away free ssl certs?
[21:28]
mjpalso restrict cipher suites available for use in apache [21:29]
mercutiomaybe support.arpnetworks.com should be on cloudflare
would make problem look like it's gone away :)
[21:29]
mnathani_the link from the portal is still non ssl [21:29]
mercutiosupport doesn't support https
because it's using tender
mnathani_: the link to support?
it'd still allow ntt to do something weird
[21:29]
mnathani_yea [21:30]
mercutiobut it would atke away wifi issues [21:30]
mnathani_link to support [21:30]
mercutioi actually kind of like cloudflare now
i feel dirty saying that
[21:30]
mjpwhere i work, everything is ssl by default [21:30]
m0undsmercutio: https://blog.cloudflare.com/universal-ssl-encryption-all-the-way-to-the-origin-for-free/ [21:31]
mercutioi mean there are things that i don't agree wtih, like hosting both their nameservers in the same location
but generally it seems to work well
m0unds: that wouldn't work
[21:31]
mjpyou dont need cloudflare to fix an ssl problem [21:32]
mercutioas it's supplying tender's ssl cert
actually
yeah so it's not even on their netowrk
network
[21:32]
m0undsthat was the wrong link, haha
i'm too lazy to find it again
[21:33]
mercutioheh [21:36]
m0undsthere was a post from someone at cloudflare outlining the cost part of it [21:36]
mercutioanyway, the big question is: does it matter? [21:36]
m0undsdoubt it
i rarely use public wifi, and if i'm forced to for some reason, i use a vpn
[21:36]
mercutiook it takes a few hours to break [21:38]
m0undsdoesn't mitigate weak cipher selection or whatever, but open public networks are cesspools anyway [21:38]
mercutioand the rsa cert stays the same until you restart apache
it's worse than i thoguht it was
[21:38]
brycechttps://blog.cloudflare.com/introducing-universal-ssl/ is the link m0unds referred to, I believe [21:40]
mjpwhy wouldnt you just upgrade to a new/strong ssl cert and fix apache? heh
you dont know where customers will access your https site from
[21:42]
mercutiomjp, arp doesn't host it i was saying
so it's not possible for them to
only to suggest it be done
[21:45]
........ (idle for 36mn)
m0unds__started getting packet loss again [22:21]
must have just been a blip, i'm able to connect again. bleck. [22:27]
mercutioweird
i've never had any issues connecting
i had a brief issue earlier today on smokeping, but it didn't look like it was related to arp
as multiple sites had issues at once
[22:30]
.... (idle for 16mn)
brycecStrangely enough, my ssh session dumped me out
(and I just noticed :p)
[22:47]
mercutiomy computer crashed this morning while i was asleep
it's weird because it always crashes when i'm not around
and X just shows the time it crashed (along with all the windows) with no kernel messsages :(
but it also means i can't see if any of my ssh sessions died
[22:48]
bryceclol [22:48]
mercutioit's happened like 3 times in the last week or something, and used to always be stable.
i imagine it's zfs related
because i have git zfs
actually it looks like 5 times in 3 days
[22:49]
........ (idle for 35mn)
m0undsbrycec: yeah, mine dropped and kitty chimed at me while i was doing something else otherwise i wouldn't have noticed [23:28]
mercutiooh is this an "active" shell rather than an idle shell?
ie following irc etc
that can sometimes time out easier with loss
[23:35]
BryceBotThat's what she said!! [23:36]
mercutiowhereas nat timeouts more affect idle clients [23:36]
brycecYes, an active SSH session, at least as active as ServerAlive* and TCPKeepAlive, as well as frequently updating screen content. (It's an ssh session that never dies on its own). I have ServerAlive* set to 5*60, so that was 3 minutes without a server response to a keepalive message. :/ [23:43]
mercutioi don't set any of that stuff and my ssh sessions don't die
but yeah that means too many resends
ie severe loss
have you noticed when you have a lossy connection that sometimes pressing an extra key can speed it up and echo the earlier key?
active can often speed up recovery
brycec: did you see my fping script? dunno what you think of it, kind of hackish :)
[23:43]
brycecbrycec did not [23:47]
mercutiohttp://weallsee.net/asyncdnsfping
or https
it can probably be done cleaner
but that should prefeed dns cache
[23:48]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)