#arpnetworks 2015-04-16,Thu

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
***RandalSchwartz has quit IRC (Ping timeout: 245 seconds) [00:05]
brycecbrycec has just blocked China. Nothing good comes from China, at least not over the Internet. [00:08]
mercutioi hope that doesnt' mean apnic in general :)
mercutio has been hit by that before
[00:08]
brycecmercutio: As long as you're not on http://www.ipdeny.com/ipblocks/data/aggregated/cn-aggregated.zone, we're good :) [00:10]
mercutiomercutio checks just in case
nah i'm not
[00:10]
brycecheh. ipdeny.com is reasonably well respected. And I compared lists from a couple of sources and they matched. [00:10]
mercutioyeah
as long as it's not blanket block it's fine
i suppose that's less common now
but you see how many 202. address ranges there are?
and i'm on an ip address beginning with 202
[00:11]
brycecI just got sick and tired of individual IP's triggering my filters here and there only to be followed by another IP in the same block. So then I started manually blocking the whole IP's subnet, but that's time-consuming for me to look up. So I just fed that into pf and life should be great. [00:12]
mercutioi seem to get hacking atteampts from leaseweb myself
and spam from gmail
[00:12]
brycecIt's mostly ssh brute-force attempts. [00:12]
mercutiogo figure [00:12]
brycec(for me) [00:12]
mercutioahh
yeh they may come from china
lots of the hacking type stuff seems to come from the US, Germany, etcf.
etc.
[00:12]
brycecSpam is taken care-of in other ways for me, and doesn't usually go so far as to trigger a pf block. [00:13]
mercutioprobably because someone is using an interactive shell
whereas the ssh bruteforce is just a worm
[00:13]
brycecbut ssh... I get brute-force attempts every few minutes when it's "quiet" [00:13]
mercutiosomeone's probably got numbers somewhere. [00:13]
brycec(It doesn't help that I run an shell provider, so running on 22/tcp is sorta "required") [00:13]
mercutioyeah that's been around for years
you run a shell provider?
[00:13]
brycecNot on ARP, mind you. But yes, I (along with some friends) run http://devio.us [00:14]
mercutioi thought that'd be nifty oonce upon a time.
oh i think i have a shell on ther
[00:14]
bryceclol [00:15]
mercutioor had
it still looks like it works
[00:15]
brycecI don't necessarily suggest starting one up. But I signed up once upon a time, and then ended up befriending the right people and ended up an admin, volunteering my tiome. [00:15]
mercutioLast login: Fri Feb 18 22:03:45 2011 from meh-2-pt.tunnel.tserv15.lax1.ipv6.he.net
haha
so not only was it 4 years ago
but it was on he.net ipv6 tunnel
oh you're even on the same host as me
[00:15]
brycecThere's just the one host :p [00:16]
mercutioh
oh
oh i see you're usueing arp ipv6
[00:16]
brycecwrite+tmux does not work well [00:17]
mercutioi'm such a geek that i notice the ip address block :) [00:17]
brycecIt's very noticeable [00:17]
mercutiook i can notice the ipv4 too
why is reverse lookup not working on ipv4 for the arp address?
[00:17]
brycecBecause those are connections on a separate sshd that has NoDNS enabled [00:18]
mercutioahh [00:18]
brycec(Admins have our own sshd) [00:18]
mercutiothat's the new default btwr [00:18]
brycecYep, so I hear.
I kindof want to block North Korea just for the heck of it... Whole country under a single /22 block.
[00:18]
mercutiois that orlando?
it feels laggy
oh i can test my script
[00:18]
brycecThe host is located just outside Orlando, FL, yes [00:19]
mercutioyip as i suspected a little variable
actually not that bad
but it's higher than the ping
is it going to get upgraded to openbsd 5.6?
[00:20]
brycecProbably not any time soon.
Too many big things break between 5.4 and 5.5 and we just don't have the time to deal with that.
[00:21]
mercutiodebian, openbsd, ubuntu are all coming out with new versions at once. [00:22]
brycec(uninstall/reinstall all packages, php changes versions and package names, etc) [00:22]
mercutiophp is the big one
this is really old server isn't it
[00:23]
brycecI mean, it's definitely not impossible to upgrade. But it's risky enough as it is (we have no remote console/kvm, all upgrades are 100% headless in the running/old kernel) [00:24]
mercutiolike dual dual core pentium4 [00:24]
brycechw.model=Intel(R) Xeon(TM) CPU 2.80GHz ("GenuineIntel" 686-class)
quad-core
[00:24]
mercutioyou sure? [00:24]
brycecI'm just relaying what sysctl hw shows :p
hw.product=X5DPA-TGM+
[00:24]
mercutioas opposed to dual dual cores [00:25]
brycecAh on that front, I have no idea
just going by hw.ncpu
[00:25]
mercutioddr1 :) [00:25]
brycecjust "ddr" :p [00:25]
mercutioyeah [00:26]
brycec(it was never called "ddr1") [00:26]
mercutioit'll be slower than xeon 5060 probably
it is like sata1 is sata 1 :/
i wonder if people will start saying http1
to mean http/1.0 or /1.1
there was a 0.9..
1.0 is much simpler[00:27] <mercutio> so sometimes it's used on purpose
[00:26]
brycecTrue
(looking at dmesg suggests that yes it is 2x dual-core Xeons)
[00:28]
mercutioit's amazing how much faster openbsd feels on old harwdare compared to linux
arch linux is better than most distributions.
but even that computer if lightly loaded would seem like a "fast" server probably.
dns resoluution doesn't work in mtr?
[00:30]
brycecNot on OpenBSD [00:35]
mercutioweird
it works on my openbsd box
[00:35]
brycechttp://comments.gmane.org/gmane.os.openbsd.ports/64403
You're not running 5.4 are you?
[00:35]
mercutiooh just broken in 5.4
nah i'm current 5.7-current apparently
[00:36]
brycecAnd possibly earlier
But it was fixed after 5.4
[00:36]
mercutiocool project though [00:39]
***Guest6327 is now known as easymac
easymac is now known as Guest57394
[00:45]
.... (idle for 19mn)
mercutiohmm there's packet loss on mtr from arp to devio.us on ipv6 [01:04]
brycecOh? My mtr has been running for 14,600 packets and dropped just 62. [01:07]
mercutiomaybe just my luck [01:07]
brycec(and none of those in the last 10 seconds) [01:07]
mercutiomine was 1600 with 2 dropped
but it shows as 0.1%
and the best to average is kind of high
even for first hop
i don't think ipv6 has deprioristiation
yeah throughput is shot too
hmm it's on/off
curl -6O https://weallsee.net/10m
[01:08]
brycec130 packets, no loss anywhere [01:10]
mercutiothe current one is stalled
it seems to be every 2nd connection is slow
but maybe juust luck
[01:10]
brycecI've run it twice in a row now, never stuck. [01:11]
mercutiothere's two ip's
2400:cb00:2048:1::681c:67e...
i think that's the slow one
i don't know how to makoe curl pick one address
my usual trick of -x doesn't work with cloudflare
yeah it's not based on ip anyway it looks liek
and now it's going fine
it was < 10k/sec before
now it's over 600k/sec
[01:11]
....... (idle for 31mn)
***Guest57394 is now known as easymac
easymac is now known as Guest93
[01:46]
....... (idle for 31mn)
up_the_ironswhat the hell level3... [02:17]
mercutiowhat's level3 doing? [02:27]
..... (idle for 20mn)
***Guest93 is now known as easymac
easymac is now known as Guest31109
[02:47]
.......... (idle for 45mn)
ziyourenxiang has joined #arpnetworks [03:32]
.... (idle for 15mn)
Guest31109 is now known as easymac
easymac is now known as Guest4079
[03:47]
ziyourenxiang has quit IRC (Quit: ziyourenxiang)
ziyourenxiang has joined #arpnetworks
[03:55]
ziyourenxiang has quit IRC (Quit: ziyourenxiang) [04:09]
........ (idle for 39mn)
Guest4079 is now known as easymac
easymac has quit IRC (Quit: leaving)
[04:48]
........ (idle for 39mn)
mike-bur1 is now known as mike-burns [05:27]
temporary4242 has joined #arpnetworks [05:41]
temporary4242hi, do you guys get a certificate error when you go to https://portal.arpnetworks.com ? [05:42]
mercutioi don't.
it's not even yellow in chrome like some web sites have been recently
what date does your computer say it is?
[05:42]
temporary4242okay thanks meructio. think it must be me then. the date on my computer is current. my cellphone browser gives me a certificate error as well. [05:44]
mercutiobecause the certificate is only valid from one month ago, so if your date is off by a month it could be reason? [05:44]
temporary4242maybe it's a problem with my cache. [05:45]
mercutiothat's strange.
cert info isn't usually cached afaik
it's a rapidssl cert.
they're pretty common.
my friend had cert issues with a few sites recently, and he found that os x had somehow got some weird verisign certificate installed.
which was in a chain
which made like no sense to me, but apparently you can click and it can replace certs.
but when it's happening on two devices that kind of thing seems unlikely.
i duunno if it's chained
[05:45]
.......... (idle for 47mn)
anttemporary4242: i get an error, too
running ssltest now
looks like an intermediate cert is missing
yup
https://www.ssllabs.com/ssltest/analyze.html?d=portal.arpnetworks.com&hideResults=on
[06:33]
temporary4242yes. i think so too. [06:34]
antup_the_irons: portal.arpnetworks.com is missing the intermediate cert: https://www.ssllabs.com/ssltest/analyze.html?d=portal.arpnetworks.com&hideResults=on [06:34]
***poulsen has joined #arpnetworks [06:36]
.... (idle for 15mn)
temporary4242 has quit IRC (Quit: http://www.kiwiirc.com/ - A hand crafted IRC client) [06:51]
................... (idle for 1h33mn)
RandalSchwartz has joined #arpnetworks
RandalSchwartz has quit IRC (Changing host)
RandalSchwartz has joined #arpnetworks
[08:24]
brycecup_the_irons: Also, what gives with the lack of TLSv1.2?
or v1.1 for that matter
And all these old, insecure cipher suites that are supported still...
My ssl test gives a pretty simple error: "Provided certificate issuer does not match issuer in certificate. Sent chain order wrong."
[08:25]
.............. (idle for 1h6mn)
***poulsen has quit IRC (Ping timeout: 248 seconds) [09:32]
....... (idle for 30mn)
RandalSchwartzI got a PCI compliance alert... had to disable all SSL versions
so its only TLS here out
[10:02]
brycecMany PCI scans flag TLS1.0 usage too
We had to add a checkbox to our firewall product to allow customers to disable TLSv1.0 in order to pass their PCI scans (at the expense of breaking slightly-old browsers)
[10:05]
mercutioshouldn't the intermediate cert be pulled in automatically?
is the reason it's working for me because i've visited non portal sites first?
[10:14]
brycecmercutio: Welcome to certificate chains! It is also downloaded, but a proper chain means that the client has the root cert and your server provides the rest of the links in the chain including its own cert (of course). Otherwise, the intermediate certs could be MITM'd.
It's a soft-error, generally.
And certificates are not [supposed to be] cached, so no that wouldn't explain it.
[10:16]
mercutiohmm
why's chrome accepting it for me?
is it because the intermediate is stored locally or something?
[10:17]
brycecCould be. (Why Chrome does anything wrt SSL is often a mystery :p) [10:18]
mercutioweird
it says geotrust on firefox, and rapidssl on chrome
but both look normal to me
[10:22]
brycecssllabs shows two paths, one with GeoTrust being the CA in the trust store. (aka cacert.pem) and the other path shows the GeoTrust CA (with a different fingerprint) as being sent from ARP, and rooted with Equifax
it's definitely a bit screwy ;p
RapidSSL is still the intermediate either way
[10:24]
mercutiook [10:25]
brycecI'd assume that Chrome opts to show the intermedia as that's most likely the reseller used [10:25]
mercutioyeah i must admit i'm not that clued up on ssl [10:25]
brycec*intermediate [10:25]
mercutioi still don't see how a certificate being signed by any of a nuumber of signers really does anything
you just trust to some random company
adn they don't make sure you're who you say you are?
[10:26]
brycecExactly. SSL is effectively broken.
Well they're supposed to, to varying degrees
[10:26]
mercutiofreak attack sounds like a real issue because you can decrypt [10:27]
brycecFor instance websites with "the big green bar" (eg. github.com) have an "extended validation" cert, where they pay gobs of money and go through extensive background checks. [10:27]
mercutiobut as far as validating domains shouuldn't there just be a key in dns or something?
lots of sites are yellow for me in chrome recently
[10:27]
brycecThe most basic certificates are issued with just domain-ownership verification (eg. startssl's free certs) wherein they verify that you receive an email sent to one of the addresses on the domain registration. [10:28]
mercutioyeah that sounds dodgy
so you could register gmail.com by having an email address @ gmail.com?
[10:28]
brycecBut there's nothing really stopping a rogue CA from just blindly giving out certificates, which has happened... and then that CA's cert is revoked. But if your client machines don't get the memo (eg. Windows Update) then they're still susceptible. [10:29]
mercutiooh
one of the ones on whois
[10:29]
brycecmercutio: has to be in the domain's registration, eg whois [10:29]
mercutioi'm surprised i don't get more spam with my normal email address being in my whois for my domain names :) [10:29]
brycecSo I have proven to a company that I own (who really owns domains??) brycec.ninja so they will give me certificates that say they've verified that much.
I'm surprised too.
[10:29]
mercutioewll it's only nz ones
i think they're blocked from international actually
[10:30]
brycecNope, not blocked. [10:30]
mercutiohmm [10:30]
brycec(which you could test from your devio.us shell too :P) [10:31]
mercutioheh
devio.us has level3 back to arp
you know how i was searching for level3 test sites? :)
[10:31]
bryceclol [10:31]
mercutiohmm i could smokeping it?
it was showing loss before starting at a hop that said cogent xe or something
[10:32]
brycecYou could smokeping at it. I'm already running a smokeping slave on it.
(we don't have a great connection, mind you.)
[10:32]
mercutiobut seemed to be the entry point to their provider
and so it was uusing their forward path
which is level3
well yeh the provider has cogent :/
[10:32]
brycecI meant internally. For the longest time, the our link to the switch was 10baseT/half-duplex :P [10:33]
mercutiooh
ouch
what is it now?
[10:33]
brycec(And then one day it magically fixed itself, 100/FD, yay) [10:34]
mercutioheh [10:34]
brycechttps://smokeping.cobryce.com/?target=Slaves.wolfman when it works... Often the log-rotate ends up killing smokeping entirely and I just don't notice. [10:34]
mercutioyeah 10 megabit kind of sucks now adys
even if it's full duplex
but for a shell it really shouldn't matter most of the time
[10:34]
brycechalf-duplex limited us to about 250kB/s effectively :( [10:35]
mercutioit's still slow network wise it seemed [10:35]
brycecwhich meant offsite backups were horrriible
Yep
[10:35]
mercutiobut i wonder if that's partially to do with old cpus and the system cpu usage being high :/ [10:35]
brycecloadav 1.68 and all 4 cores about 90% idle? I don't consider that high. [10:36]
mercutiobeing that vintage it's likely to be scsi disks though
so it's not so easy to upgrade cpu
[10:36]
brycecSATA in BIOS IDE mode actually [10:37]
mercutioweird i saw high cpu suage on top when i checked
and commands seemed to pause part way through
oh
woah
it's way faster than it was last time
[10:37]
brycec^ that just sounds like network "pause" not execution pause. [10:37]
mercutionah multiple little times
like top and w and so on were slow
so was logging in
and there was a delay before showiong shell etc
[10:38]
brycecwell sure, both dump a ton of text to the screen [10:38]
mercutioit's /way/ faster now [10:38]
brycecI get about 60ms from ARP to devio.us, worst was 244ms according to mtr [10:38]
mercutioi have my cl command on there :)
it's about 6 msec higher than ping for ssh latency
but it's reasonably stable
so i don't think it's network
cur: 213.824msec, min: 213.562msec, max: 217.260msec, avg: 214.050msec
it was slightly quicker bouncing via arp
but more spikes
[10:38]
brycec2 minutes of mtr - 60.0 +- .2ms
from my ARP VPS to devio.us, ipv4
240 60.2ms +- 1.66
300: 60.1 +- 1.4ms
(And https://smokeping.cobryce.com/?target=Slaves.wolfman is repoting once again)
*reporting
[10:40]
mercutioi probably logged in when it was doing backup or something
and i dunno why i thought about moving drives. you ucan just copy something onto new drives
[10:46]
brycec(nope, no system backups. Next backup runs in 1h15) [10:47]
mercutiooh weird [10:47]
brycec(570: 60.0 +- 1.1ms)
That's not to say a user wasn't copying files or the like...
[10:47]
mercutioi often seem to be around US 1 am etc :) [10:48]
brycecWell it's 10.46-13.46 in the mainland US now :p [10:48]
mercutioyaeh, weird time for a backup
i shouldn't be up
i went to bed but got up again heh
[10:48]
bryceclol
You do seem to always be on IRC :p
[10:49]
mercutioyeah i've been bad recently [10:49]
brycectwss [10:49]
BryceBotOkay! twss! 'yeah i've been bad recently' [10:49]
mercutioservers aren't as cheap on ebay as i thought they were
http://www.ebay.com/itm/HP-ProLiant-DL360-G6-Server-w-Quad-Core-2-67GHz-Intel-Xeon-X5550-2GB-RAM-/251918227028?pt=LH_DefaultDomain_0&hash=item3aa77f1654
$200 for dl360 g6
with shit all ram
most are more than that though
[10:51]
.......................... (idle for 2h6mn)
mnathanibrycec: Thanks for that Amazon suggestion http://www.amazon.com/WeMo-Electronics-Anywhere-Automation-Smartphones/dp/B00BB2MMNE WeMo switch. I set it up and it works great [13:00]
BryceBotAmazon: "Belkin WeMo Switch, Control Your Electronics From Anywhere with the Home Automation App for Smartphones and Tablets, Wi-Fi Enabled" [13:00]
brycecSuper, glad to hear that, mnathani [13:01]
***mnathani_ has joined #arpnetworks [13:03]
................ (idle for 1h17mn)
mnathani__ has joined #arpnetworks
mnathani_ has quit IRC (Ping timeout: 246 seconds)
[14:20]
............ (idle for 55mn)
poulsen has joined #arpnetworks [15:17]
................. (idle for 1h20mn)
poulsen has quit IRC (Remote host closed the connection) [16:37]
..... (idle for 20mn)
up_the_ironsant: hmm seltsam [16:57]
.... (idle for 18mn)
***qbit has quit IRC (Quit: leaving) [17:15]
up_the_ironsant: brycec : OK cert chain order should be fixed [17:19]
***qbit has joined #arpnetworks
qbit is now known as Guest81417
Guest81417 is now known as qbitr
qbitr is now known as qbit
[17:32]
qbit has quit IRC (Quit: leaving)
qbit has joined #arpnetworks
[17:41]
...... (idle for 27mn)
brycecConfirmed, cert order is correct.
Still can't imagine why you wouldn't enable TLSv1.1 and 1.2.
But that's a "fight" for another day I suppose :p
Server: Apache/2.2.14 (Ubuntu) mod_fastcgi/2.4.6 Phusion_Passenger/3.0.11 PHP/5.3.2-1ubuntu4.27 with Suhosin-Patch mod_ssl/2.2.14 OpenSSL/0.9.8k mod_wsgi/2.8 Python/2.6.5
wow, that's an ancient server to have OpenSSL/0.9.8k and Python/2.6.5
[18:08]
mercutiopre exploit
is it lucid?
[18:11]
up_the_ironslucid, yeah [18:20]
mercutioprecise is still php 5.3 [18:23]
mnathaniis there a way to install Archlinux without having to manually create partitions and install a bootloader and get into internal details of the system? [18:28]
mercutiomnathani: that's actually pretty easy
i mean to install
i mean manually creating a partition or two isn't very complicated.
it's slightly more complicated with uefi
it was much easier than ubuntu for raid setup for me
if you have a reasonable knowledge of linux i wouldn't say it's any more time consuming than ubuntu install
(which has questions.. then does stuff... then questions etc)
[18:28]
mnathaniubuntu install is pretty straightforward [18:32]
mercutioso is arch [18:32]
mnathanidont have to manually setup a bootloader [18:32]
mercutiojust follow the install guide [18:32]
brycecGentoo was the same way... though I think there are a couple of derivatives that have sprung up since I last used it that made the install process "user-friendly" [18:32]
mnathanifrom the last time I tried [18:32]
mercutiohttps://wiki.archlinux.org/index.php/Installation_guide
if things like "grub-mkconfig -o /boot/grub.cfg" are easy for you it's easy.
the network configuration is the hardest part imo
[18:32]
brycecHas Arch settled on a singular way to configure networking yet? [18:37]
mercutionope [18:37]
brycecWell sorta hard to wrap a simple installer around that :p [18:37]
mercutiogrub etc is the same amongst all the linux
network config in general is different betwen them
like centos, arch, openbsd, ubuntu/debian are totally different
also arch doesn't have ifconfig by default
so you need net-tools package if you want ifconfig
[18:38]
mnathanido you guys know how to use iptables to do load balancing and other advanced networking? [18:41]
mercutioi wouldn't use iptables for load balancing
i know how to do redirect :/
if you mean load balancing for web servers or something, then i'd go for layer 7 load balancing
if you mean for adsl connections or the like there are huge caveats like having different ipa ddreses normally
[18:41]
mnathaniyea, web server load balancing [18:43]
mercutioyeah go layer 7
use linux virtual server or the like
i just use relayd fwiw
but that's bsd
[18:43]
mnathaniwhat software do you use for the transparent proxy? [18:44]
mercutiotrafficserver
i used to use squid
but i have relayd going to trafficserver
in layer 7 mode
and passing through the original ip
layer 7 makes things a lot simpler
the only caveat is you don't get the users original ip address.
but you can get it to just add it
if you have more than one "entry point" it just makes sense a lot easier with layer 7
you don't have to share state etc
but it does still mean that things can get screwy if it changes entry point
but yeah i'm sure you can find lots of information about linux virtual server if you want to go down that path
it suupports fancy modes like being able to act only on the forward path and return bypassing the load balancer, but i wouldn't recommend for complexity reasons
but they're definitely aiming for high performance, and to be able to have a lot of ways of doing things
http://www.linuxvirtualserver.org/VS-DRouting.html
ahh this is what i was thinking of
like that's the highest performance way, but complexity raises
http://www.linuxvirtualserver.org/software/ktcpvs/ktcpvs.html
looks like this is one layer 7 way
hmm last released 2004
relayed is a lot simpler :)
haproxy looks like another alternative
[18:44]
brycecYou're not supposed to want deprecated programs. That's like choosing to run ssh1 :p 18:38:34 ⤷ | so you need net-tools package if you want ifconfig [18:55]
mercutiobrycec: heh
brycec: a lot of people still expect it
just like lots of people still use bash :/
even though zsh is out and way better
[18:55]
brycec(or ksh...) [18:56]
mercutiobtw, you know fdisk is deprecated? [18:56]
brycec(though I personally use zsh) [18:56]
mercutiofdisk is still usued a lot too [18:56]
brycecNot as much as disklabel where I work :P [18:57]
mercutioheh
i hate dladm
why does everything have to be different
[18:58]
..... (idle for 21mn)
when ubuntuu etc maintain php 5.3, how well do they maintain it?
considering it's eol upstream
[19:19]
m0undsseems they do ok with it, but i never ran super intensive php tasks, just webapps [19:20]
mercutioit's only been eol for 8 months [19:20]
m0undsoh, missed the 5.3 part [19:21]
mercutioi'm a bit uuncomfortable with long term support type things by vendors over large amounts of packages [19:21]
m0undscompletely unrelated, we've been feeding our cats w/food made by some company in new zealand [19:21]
mercutioheh. [19:22]
m0undskangaroo and brushtail, haha [19:22]
mercutiowe don't have kangaroos here. [19:22]
m0undscompany is in NZ
so apparently, they import them
[19:22]
mercutiohaha
i wonder if they sell it locally
[19:22]
m0undsdunno [19:23]
mercutioAddiction Foods is the only worldwide pet food manufacturer to use the NZ Brushtail / Possum and Australian kangaroo [19:23]
m0undsyea, that's one [19:23]
mercutioi can't say i've heard of it :)
oh the idea if they're pests :/
i didn't know kangaroos were pests.
[19:23]
m0undswe've fed our cats addiction stuff and mauri is the other [19:24]
mercutioi wonder what it tastes like [19:24]
m0undsdunno, doesn't smell horrible though [19:25]
mercutiohttp://www.quora.com/What-does-kangaroo-meat-taste-like [19:25]
m0undsin pet food
haha
[19:25]
mercutioyeh i've never eaten it [19:25]
m0undscats like it though [19:25]
mercutioi hate the smell of catfood normally [19:26]
m0undsyep, me too. i don't really like the smell of meat in general (not a meat eater) but this stuff isn't awful
smell-wise
[19:26]
mercutiocool.
do you get nz meat there?
[19:26]
m0undsdon't think so, but i haven't bought meat in years
never remembered seeing it
[19:27]
mercutioi remember reading somewhwere that some places sell lots of tongues, brains, etc. .
we don't really sell that stuff much here.
[19:27]
m0undsthey sell tongue here, it's used in some mexican cuisine [19:28]
mercutioi've never had tongueu [19:28]
BryceBotThat's what she said!! [19:28]
m0undstripe too, and intestine
used in a thing called menudo
http://en.wikipedia.org/wiki/Menudo_(soup)
[19:28]
BryceBotMenudo (soup) :: Menudo is a traditional Mexican soup (also known as pancita) made with beef stomach (tripe) in broth with a red chili pepper base. Usually, lime, chopped onions, and chopped cilantro are added, as well as crushed oregano and crushed red chili peppers. Menudo is usually eaten with tortillas or other breads, such as bolillo. It is often chilled and reheated, which results in a more concentrated flavor. The popularity of... [19:29]
mercutioi've had tortillas :/ [19:29]
BryceBotThat's what she said!! [19:29]
mercutiobut yeah i've never heard of that [19:29]
m0undsBryceBot: no [19:29]
BryceBotOh, okay... I'm sorry. 'i've had tortillas :/' [19:29]
m0undswtf, lol [19:29]
mercutioi think the only mexican places i've been to aren't that authentic. [19:30]
BryceBotThat's what she said!! [19:30]
m0undsBryceBot: no [19:30]
BryceBotOh, okay... I'm sorry. 'i think the only mexican places i've been to aren't that authentic.' [19:30]
mercutioi heard that indian food is totally different to what people in india eat. [19:30]
m0undsyeah, it's odd to find absolutely authentic anything outside of the place where you find it normally
s/odd/hard
[19:30]
BryceBot<m0unds> yeah, it's hard to find absolutely authentic anything outside of the place where you find it normally [19:31]
***NiTeMaRe is now known as NiTe [19:31]
mercutioyeah
indian is my favourite ethnic food.
[19:31]
m0undsyea, one of mine for sure
i like indian and thai a lot
[19:31]
mercutioand it's become really popular here.
i like thai too, but there's no good thai places i can find around here
and heaps of good indian.
it's really weird.
[19:31]
m0undshttp://www.chaishoppe.com/ i like this place [19:32]
mercutiothis reminds me of hare krishna's :)
looks interersting
butu expensive looking too :)
[19:33]
m0undsyeah, a bit [19:34]
mercutioby presentation rather than price :) [19:34]
m0undsgotcha [19:34]
mercutioit's hard to tell portion size . [19:34]
m0undsamerican portions are stupid usually, haha [19:35]
***NiTe is now known as NiTeMare
NiTeMare is now known as NiTeMaRe
NiTe has joined #arpnetworks
[19:40]
.......................... (idle for 2h5mn)
gizmoguy has quit IRC (Ping timeout: 272 seconds) [21:48]
................ (idle for 1h17mn)
himuraken has quit IRC (Quit: No Ping reply in 180 seconds.) [23:05]
himuraken has joined #arpnetworks [23:18]
poulsen has joined #arpnetworks [23:28]
..... (idle for 24mn)
poulsen has quit IRC (Read error: Connection reset by peer)
poulsen has joined #arpnetworks
[23:52]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)