brycec: eg: ++++HEtserv3fmt2v4
host = 72.52.104.74
menu = tserv3.fmt2
title = Fremont, CA, US (tserv3.fmt2 72.52.104.74)
And yes, I had those particular probes using DNS lookups, so if DNS wasn't even resolving, gaps.
Which is the definition for https://smokeping.cobryce.com/?target=Internet.HENet.NorthAmerica.HEtserv3fmt2v4 ***: cloudkitsch has joined #arpnetworks mercutio: i'd like to reference by name
and have it do a dns lookup on config load or something
i dunno, for things like google it remaps things at diff times
but async dns is kind of a pita
i wonder what fping is doing
Do not retry twice DNS lookup on DNS lookup problem
hmm i wonder if that would help
that was changed in may last year
version 3.10
src/options.h:#define DNS_TIMEOUT 1000 /* time in micro_sec for dns retry */
just reducing that could help too ***: cloudkitsch has quit IRC (Remote host closed the connection) mercutio: i wonder if youi can set from command line
oh nothing seems to reference it :/
yeah it's just doing gethostbyname
so it's not even doing saync
the easiest solution may be to run something else before it that does async lookup on all of the names
what about adns/adnshost?
think i got something
http://weallsee.net/asyncdnsfping
hackish, buut calls adnshost then fping ***: RandalSchwartz has quit IRC (Ping timeout: 256 seconds)
carvite has quit IRC (Ping timeout: 264 seconds)
carvite has joined #arpnetworks
dne has quit IRC (Ping timeout: 272 seconds)
dne has joined #arpnetworks
RandalSchwartz has joined #arpnetworks
RandalSchwartz has quit IRC (Changing host)
RandalSchwartz has joined #arpnetworks grody: i have too much 2.4Ghz in my flat
trying to have 2.4 wifi, bluetooth, coordless phones, wireless mice/keyboard all using the same spectrum, it gets messy
have got 5GHz wifi, but only a few things use it ***: hive-mind has quit IRC (Ping timeout: 265 seconds) grody: looking at spectrum analysers, in combination from scatter noise from neighbouring wifi, there is absolutely no clear airspace in the 13 channel scope
even cross-over channels are being used as some AP's primary
soon as one or more statiosn start saturating 50mbps over 2.4GHz, it sends my bluetooth audio system awack ***: hive-mind has joined #arpnetworks m0unds: yeah, it isn't helpful that lots of ISPs' modems started including a wlan radio and most don't educate their customers about that
so they go and buy another router, and have the secured (not in use) modem wlan network as well as their new router all crowding stuff up grody: have hidden my 2.4GHz away in a cupboard so it doesn't see other wifi's as easy (perfectly located to cover the flat too) - but it still crosstalks a lot and can see differences in wifi to wifi transfers at different times
would go ac, but only have a single device with capability
5Ghz has about 7 APs i can pick up
2.4 there are about 20 mercutio: the biggest problem with 2.4 is people using 40 mhz in built up areas.
i think 2.4 shoudl shift to 10 mhz if everyone's gong to use it
but who wants to buy a router with slower wifi by default? staticsafe: no one
especially when 5Ghz is becoming the norm mercutio: yeah i'm actually wondering about 5ghz+lte :/
like the most annoying thing i find is when i go to the letterbox my wireless drops
and it can't carry over to 3g when using skype
but my cordless phone cuts outt too
oh, maybe sticking wireles higher up would go down hill better, hmm..
grody: cordless phones are 1.8 ghz here, are you sure yours are 2.4 ? plett: It's likely that grody's phones are DECT, which has its own band at 1880-1900MHz. It would be unusual to have phones at 2.4 mercutio: plett there may be some that do 2.4? staticsafe: cordless phones, microwaves
its a well known problem plett: mercutio: 2.4 is an unlicenced ISM band, so it's possible that there are phones using it, but it would be very unlikely in the UK. I can't speak for the rest of the world though
And I have used some quite horrible 802.11b SIP wifi phones in the past which would have been in 2.4 mercutio: my sip phones are dect
and there are two, because otherwise i have battery issues
i still wish they had bettery passive battery life, like when waiting for a call
i also have sip on my cellphone, so i can voip from anywhere :)
but lots of people i know are shifting off voip to just straight cellphone plett: I also have SIP DECT phones here. The next step is to get people to call the SIP number rather than the actual landline mercutio: can't you just put the landline nuumber on the voip? plett: I have an ATA on the landline which does that. But porting the number out to a SIP provider would be problematic for the DSL that I have on the line mercutio: oh
here we have "naked" dsl which is dsl without landline plett: The only people who ever call the landline are my mum and my wife's parents. It can't be too much work to get them to update their address books :) mercutio: i don't have any landline anymore
maybe unplug the phone and they'll get hte mesage?
i assume you've given them the new number plett: Not yet, they don't like change that much mercutio: ahh plett: Also it's not really a problem, the same set of handsets ring when either number is called mercutio: i think it is kind of complicated here too
ahh
and you have to port landline numbers to get "non-weird" looking numbers.
ie, i have one in a city where all the numbers are 3/9 and i have a 7
err start with a 3 or 9
the 9s were alternate providers, dunno where the 7 came from :) plett: Kind of the same here too, but there are enough providers with allocations that people are used to numbers beginning with all sorts of digits mercutio: ahh cool
when i was a kid i kind of knew where all the different number blocks were location wise.
and i thought it nifty that numbers would be in area/region so you could tell where somebody was generally
but with voip you have no idea :) plett: Only the area code has geographic significance here any more. I think numbers inside an area code used to be allocated to particular exchanges or subsection of the exchange, but that went away when exchanges went digital about 20 years ago
After that it was just a single pool of numbers that could be routed anywhere mercutio: oh ok they've been saying they'll go digital for 20+ years here
but atm you can't actually port a landline between area codes.
so you move from one house to another in a different suburb you hvae to change numbers. BryceBot: That's what she said!! mercutio: well unless you go voip plett: You can't port between area codes here either. But these days you'd port it out to voip if you wanted to keep the old number mercutio: like the exchanges themselves can't handle having foreign numbers, but the systems that route to the exchanges can.
well voip is the future i suppose plett: My view is that "telephone numbers" will be about as relevant in 5 years time as fax machines are now mercutio: heh when i first got my phone connected i had to send them a fax
i haven't sent a fax since
that was like 15 years ago plett: Yeah mercutio: it's so much easier to get phone lines etc now
but i was surpriseda bout how much of a pita it was back then, and it's not even that far back plett: There is so much pointless red tape and regulation involved in calls to/from the PSTN here, it's pretty much impossible for a new company to enter the market and be competitive mercutio: i think it's nifty on voip when it tells you who's ringing you
i love that feature
like not just caller id, but caller name
and not just from a phone book, but passed through from the provider. plett: So I am expecting people to just go around the regulators by not using phone numbers, SIP URIs instead, or facebook names, or whatever mercutio: well i'm just as happy to use skype as voip
and certain subsections of people skype is really taking off for
like people with relatives in other countries it's huge with plett: Yep mercutio: actually i think most younger people have access to it esaily now, i was trying to think of older people because that's more difficult. mnathani__: just got a new printer that has an ssl enabled web interface
trying to get my wildcard cert installed on there
it says it needs a pkcs #12 encoded file
all of my attempts to encode that file have failed mercutio: it doesn't just use cloudprint?
maybe try google mnathani__: web interface for configuration
wondering how I can test my pfx bundle mercutio: i got a cheap fancy printer, and i haven't used it in ages.
but i was surprised how far they'd come with interfaces etc. but the printer tray sucked :)
and i managed to jam it with hardly using it. mnathani__: my pfx loads fine into windows cert manager
but the printer won't accept it mercutio: why do you need https to config it? mnathani__: mismatch of accepted keysize or something
it switches to ssl when entering address book entries automatically
for the scan to email function mercutio: oh mnathani__: it still works with invalid ssl and all sorts of warnings mercutio: i found scanning more of a pita than printing mnathani__: I tried adding the cert it was using to my trusted certs, but it has a different common name on its cert so still invalid ***: mnathani__ has quit IRC (Ping timeout: 264 seconds)
mnathani_ has joined #arpnetworks m0unds: updating firmware on my head unit and radio integration dingus is a little funny mnathani_: got the printer ssl working. Ended up generating a self signed cert and encoding that to the pkcs #12 pfx ***: mjp has quit IRC (Remote host closed the connection)
mjp has joined #arpnetworks mjp: no valid ssl cert for arpnetworks website?
https://www.ssllabs.com/ssltest/analyze.html?d=support.arpnetworks.com mnathani_: dont think thats intended to be ssl
since its hosted at tenderapp
see https://www.ssllabs.com/ssltest/analyze.html?d=graphs.arpnetworks.com&latest mjp: so were supposed to send/read our account creds & VNC/serial console creds in the clear ?
ssl is pretty much free these days mnathani_: thats under portal
which is ssl mjp: ah well there you go
i guess its only the cookie for support that get sent in the clear, once you have already authed with portal
(have not verified that, but i assume thats how it works) mnathani_: appears that way mercutio: you're safe accepting it, it's registered to tenderapp
there really needs to be better stuff for deciding who to accept
like spf records
support is mostly about articles telling you how to do stuff mjp: hey support's ssl is perfectly secure.. nothing to sory about heh
SSL 2, which is obsolete and insecure/insecure Diffie-Hellman (DH) key exchange parameters/supports 512-bit export suites and might be vulnerable to the FREAK attack/vulnerable to the POODLE attack/vulnerable to MITM attacks because it supports insecure renegotiation
LS_RSA_WITH_RC4_128_MD5 (0x4) WEAK mercutio: oh
how common are mitm attacks really?
you know the browser should just remember if a site has used more secure ssl before
and if it downgrades in security alert the user mjp: depends what network you are using at the time i guess :) mercutio: i think there's moce chance of something like paypal being spoofed with a "valid" certificate
if mitm attacks are done, i'm sure it'll be to try and make money
or for political reasons
it's not going to be to try and get the password of some vps mjp: i imagine people doing this on public wifi etc would be oppotunistic and get whatever they can mercutio: oh public wifi i didn't think of that
i thought of dns injection attacks etc
it's more that it's easier to bruteforce rather than trivial isn't it? mjp: i dont bother to find out, i just fix my ssl certs so they get A+ rating mercutio: i should use my secure cert
i've been using cloudflare's one
i don't even know how that works
like how can they give away free ssl certs? mjp: also restrict cipher suites available for use in apache mercutio: maybe support.arpnetworks.com should be on cloudflare
would make problem look like it's gone away :) mnathani_: the link from the portal is still non ssl mercutio: support doesn't support https
because it's using tender
mnathani_: the link to support?
it'd still allow ntt to do something weird mnathani_: yea mercutio: but it would atke away wifi issues mnathani_: link to support mercutio: i actually kind of like cloudflare now
i feel dirty saying that mjp: where i work, everything is ssl by default m0unds: mercutio: https://blog.cloudflare.com/universal-ssl-encryption-all-the-way-to-the-origin-for-free/ mercutio: i mean there are things that i don't agree wtih, like hosting both their nameservers in the same location
but generally it seems to work well
m0unds: that wouldn't work mjp: you dont need cloudflare to fix an ssl problem mercutio: as it's supplying tender's ssl cert
actually
yeah so it's not even on their netowrk
network m0unds: that was the wrong link, haha
i'm too lazy to find it again mercutio: heh m0unds: there was a post from someone at cloudflare outlining the cost part of it mercutio: anyway, the big question is: does it matter? m0unds: doubt it
i rarely use public wifi, and if i'm forced to for some reason, i use a vpn mercutio: ok it takes a few hours to break m0unds: doesn't mitigate weak cipher selection or whatever, but open public networks are cesspools anyway mercutio: and the rsa cert stays the same until you restart apache
it's worse than i thoguht it was brycec: https://blog.cloudflare.com/introducing-universal-ssl/ is the link m0unds referred to, I believe mjp: why wouldnt you just upgrade to a new/strong ssl cert and fix apache? heh
you dont know where customers will access your https site from mercutio: mjp, arp doesn't host it i was saying
so it's not possible for them to
only to suggest it be done m0unds__: started getting packet loss again
must have just been a blip, i'm able to connect again. bleck. mercutio: weird
i've never had any issues connecting
i had a brief issue earlier today on smokeping, but it didn't look like it was related to arp
as multiple sites had issues at once brycec: Strangely enough, my ssh session dumped me out
(and I just noticed :p) mercutio: my computer crashed this morning while i was asleep
it's weird because it always crashes when i'm not around
and X just shows the time it crashed (along with all the windows) with no kernel messsages :(
but it also means i can't see if any of my ssh sessions died brycec: lol mercutio: it's happened like 3 times in the last week or something, and used to always be stable.
i imagine it's zfs related
because i have git zfs
actually it looks like 5 times in 3 days m0unds: brycec: yeah, mine dropped and kitty chimed at me while i was doing something else otherwise i wouldn't have noticed mercutio: oh is this an "active" shell rather than an idle shell?
ie following irc etc
that can sometimes time out easier with loss BryceBot: That's what she said!! mercutio: whereas nat timeouts more affect idle clients brycec: Yes, an active SSH session, at least as active as ServerAlive* and TCPKeepAlive, as well as frequently updating screen content. (It's an ssh session that never dies on its own). I have ServerAlive* set to 5*60, so that was 3 minutes without a server response to a keepalive message. :/ mercutio: i don't set any of that stuff and my ssh sessions don't die
but yeah that means too many resends
ie severe loss
have you noticed when you have a lossy connection that sometimes pressing an extra key can speed it up and echo the earlier key?
active can often speed up recovery
brycec: did you see my fping script? dunno what you think of it, kind of hackish :) -: brycec did not mercutio: http://weallsee.net/asyncdnsfping
or https
it can probably be done cleaner
but that should prefeed dns cache