↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
Who | What | When | |
---|---|---|---|
mercutio | genericweb | [00:01] | |
kellytk | Thank you mercutio. Leveraging the reserved domain "example.com" was too attractive in the end and I went with that. As you'll see, it worked out | [00:11] | |
.................. (idle for 1h25mn) | |||
Is it a selling point for company websites running over HTTPS? (this does not include signing in et. al naturally) | [01:36] | ||
................... (idle for 1h33mn) | |||
mike-burns | I block JS, images, and cookies from non-HTTPS Web sites. | [03:09] | |
mercutio | most sites are shifting towards https
some quicker than others there's positives and negatives. | [03:17] | |
............... (idle for 1h10mn) | |||
*** | SpaceDump has quit IRC (Ping timeout: 255 seconds)
SpaceDump has joined #arpnetworks | [04:27] | |
........................ (idle for 1h56mn) | |||
grody | bespokeserver.com
i think i call most of my servers AvinIT v.blah | [06:23] | |
......................... (idle for 2h0mn) | |||
m0unds | https://blog.shodan.io/its-the-data-stupid/ | [08:24] | |
........................................................ (idle for 4h38mn) | |||
kellytk | mike-burns: May I ask why you block images from non-HTTPS websites?
grody: That isn't a real site is it? The menu links don't work | [13:02] | |
mike-burns | kellytk: images can be exploited at a surprising rate. My bias: I am (one of) security@ for my company. We make a bunch of open source products, including a file uploading library for Rails (we make Paperclip). I've dealt with multiple emails to security@ for vulns (all of which are fixed now so I can talk about them) around using image uploads to exploit Web browsers.
So I figure: if I'm going to be exploited, I want it to be by the Web site itself and not from some MITM. Given how crazy font rendering is, I'd block custom fonts from non-HTTPS if I could figure out how. | [13:10] | |
kellytk | mike-burns: That makes sense, thank you | [13:13] | |
.............. (idle for 1h5mn) | |||
*** | solj has joined #arpnetworks | [14:18] | |
....... (idle for 33mn) | |||
dj_goku_ has joined #arpnetworks
dj_goku has quit IRC (Read error: Connection reset by peer) solj has left acf__ has quit IRC (Ping timeout: 240 seconds) acf_ has joined #arpnetworks | [14:51] | ||
grody | kellytk, im not entirely sure.. the location is not far from me, but i have never heard of them
it's been registered by what looks like an individual, no company name - but that doesn't mean they aren't a sole trader was just some random site i remember i helped a customer to use for their site (since it was an sitebuilder site) s/an/a/ | [14:55] | |
BryceBot | <grody> was just some radom site i remember i helped a customer to use for their site (since it was a sitebuilder site) | [14:57] | |
grody | simple, clean, efficient, no hidden palava or mind numbing navigation
i imagine the holder of example.com gets a lot of traffic if they were to run MTA/HTTP | [14:59] | |
staticsafe | example.com is run by IANA and is defined in RFC to be used for documentation etc. | [15:07] | |
m0unds | ^ | [15:08] | |
grody | there ya go :)
i noticed an odd thing with IANA assigned IPv6 for "special use" when i misconfigured an IP41 on a 3G connection with no actual support for it - was quite shocked as i never saw that before it ofc didn't work, but before it'd link local only | [15:09] | |
kellytk | staticsafe: That's why I went with it, and said last night "Leveraging the reserved domain "example.com""
It's too convenient to pass up | [15:17] | |
.... (idle for 18mn) | |||
mercutio | example.com has no MX record | [15:35] | |
........ (idle for 39mn) | |||
*** | grody has quit IRC (Ping timeout: 246 seconds) | [16:14] | |
grody has joined #arpnetworks | [16:26] | ||
grody | :(
&%"%! IPSec ^&"(!£ pfSense | [16:29] | |
....................... (idle for 1h50mn) | |||
mercutio, 417mbps | [18:19] | ||
mercutio | huh? | [18:20] | |
grody | NAT traffic this router will handle (software)
was a simple port to port with masq claims 900 in hardware (original firmware) - it became unresponsive when i saw it hit 417mbps that meets the (if ever) 300mbps service i may one day dream of | [18:20] | |
m0unds | grody: what packet size were you testing with?
i'd almost guarantee the claim is based on ~1500byte frame size testing with IMIX wouldn't look as good from a marketing standpoint | [18:23] | |
grody | yea 1500
did read that 3000 should work (probably 9000) but meh technically that should reduce load i wonder... bit scared of tampering MTU actually on this switch.. had to fiddle it just to get 1508 MTU on PPPoE | [18:25] | |
m0unds | heh | [18:28] | |
grody | wasn't as straight forward as it should have been
bizaare as hell though small PI space i manage, added a rule to allow a sort of spoofing from my @home IPs and routed them via it me > tunnel > server (No NAT) > | > server > me odd as hell trying to fix policy routing between ARP | ME | OVH to have a simple choice exit point based on dest IP w/o sending crap or bad traffic | [18:28] | |
mercutio | bgp! | [18:37] | |
....... (idle for 31mn) | |||
grody | http://www.speedtest.net/my-result/4517203674
thats interesting yea sadly i no longer own any PI space, i do manage a /22 mind didnt actually realise this host was on the west coast | [19:08] | |
mercutio | you didn't know arp was on west coast? | [19:10] | |
grody | lol no
i did wonder why the ping was 70 odd ms higher than my NYC server might have to get some PI/PA on IPv6 - should be easy enough gonna have to poke around NZ, see what route it takes to ARP | [19:10] | |
mercutio | you don't necessarily need pi space for ipv6
you just need permission to re-advertise the space. | [19:13] | |
grody | hmm
then again.. most provision of IPv6 i have are /48's ARP, AA and even HE have the blocking weird with AA - routed as /52's ideally i want to mesh all my VPS into a single VBC of sorts, with Alias IPs on each IP allocation each provider offers that way they can all use their own IPs from their providers, but take alternate routes for other kinds of policy routing ie: now all my traffic from @home to ARP and OVH is OpenVPN first, if OVPN link down, over internet as-is | [19:14] | |
mercutio | sounds complicated | [19:20] | |
grody | i can divert one (or more) hosts or subnets via a designates gateway (US/FR/UK) as request, even if the IP sourcing is a public IP of another hoster, it gets NATd on the outbound of given exit
im not allowed to do simple things been setting this up more precisely all weekend with lots of success.. i went to print a letter of resignation the other day and my wireless printer decided it wasn't going to work it took me ages to figure out CUPs on the laptop was using the old printer (static) location and not it's dynamic/discoverable gonna have to add the NYC into this now.. learning ARP is on west coat is just icing on the cake :D ideally i can send NZ via US to UK and not via it's stupid satelitel uplink over china/rus/eu | [19:20] | |
mercutio | satelite? | [19:25] | |
grody | im guessing.. the latency is about 300ms higher than it should be | [19:25] | |
mercutio | for nz?
for new zealand?! | [19:25] | |
grody | sounds about right for 170 miles + 2000 mules + 170 mules
yea | [19:26] | |
mercutio | there's no satelite here | [19:26] | |
grody | i get about 600 there, 600 back | [19:26] | |
mercutio | what | [19:26] | |
grody | really?
where does it go? | [19:26] | |
mercutio | well not for normal people
there's cables to australia that go to japan | [19:26] | |
grody | ahhh | [19:26] | |
mercutio | and cables from australia to singapore | [19:26] | |
grody | nothing to US? | [19:26] | |
mercutio | and there's cables direct to the US
err via guam | [19:26] | |
grody | hmm | [19:27] | |
mercutio | umm
what are your ping times to japan like? jp.meh.net.nz is easy site to test to | [19:27] | |
grody | from UK 290ms from ARP 100ms
i wonder | [19:28] | |
mercutio | yeh so going via japan could give 500msec pings or something | [19:28] | |
grody | 260ms going via ARP from UK | [19:28] | |
mercutio | you know that your ping time to arp is less than 190 msec :) | [19:28] | |
grody | wait what
how teh.. | [19:28] | |
mercutio | it was 80msec from arp to jp.meh.net.nz
it's 108 atm for me ok what about emerald.meh.net.nz what are your pings like to that? | [19:28] | |
grody | my routes are broken again :/ | [19:30] | |
mercutio | oh | [19:30] | |
grody | oh wait.. pings are L2
haha i was routing TCP/UDP | [19:30] | |
mercutio | ahh | [19:30] | |
grody | L3 sorry | [19:31] | |
mercutio | if it's 600 something is whack | [19:31] | |
grody | 300 | [19:32] | |
mercutio | yeh
that's more normal that's in new zealand what were you saying about weird routes? | [19:32] | |
grody | well, 294 | [19:32] | |
mercutio | where to? | [19:32] | |
grody | thats gong via ARP over the OpenVPN | [19:32] | |
mercutio | oh
what's it like native? i know the arp route is fine :) | [19:32] | |
grody | 260
so not a massive loss | [19:32] | |
mercutio | 260 is damn good | [19:33] | |
grody | gameservers :) | [19:33] | |
mercutio | there's meant to be a new translantic cable sometime | [19:33] | |
grody | yea, my ISP has a pretty epic network | [19:33] | |
mercutio | which should bring down EU<->US ping
gameservers is vultr jp.meh.net.nz is on vultr it's been having some network issues recently though i have a few vultr vm's i use for testing things and they all seem to have issues :/ | [19:33] | |
grody | sounds like a phase heartinternet here went through
no idea what it was.. had a few VPS and they went from great to ^&%£ used to be a really good and cheap provider here years ago that were first to offer freebsd guests.. was brilliant until they sold their soulds i even gave up reselling VPS because the platforms broke more than they fixed | [19:35] | |
mercutio | heh | [19:37] | |
grody | i think a handful of my customers ended up using ARP
since i diverted them here when i shut it down remember doing that, site was google adsensed and for the next 6 months i kept getting ARP ads oddly you said BGP as i was speed testing the UK > ARP routing and it was advertising BGP peers i swear browsers steal text from screen wow.. ARP to that host is 100ms | [19:37] | |
mercutio | to what host? | [19:41] | |
grody | that .nz host | [19:41] | |
mercutio | jp? | [19:41] | |
grody | ARP goes via CORESITE to asiannet then scnet and whatever | [19:42] | |
mercutio | jp is japan | [19:42] | |
grody | UK foes the same route from asiannet out | [19:42] | |
mercutio | emerald is nz though | [19:42] | |
grody | AA > LINX > AISANET
ah, ARP > Phyber > Coresite > AsiaNet wonder what happens between Linx and asianet - it's a direct hop and goes from 10ms to 150ms
| [19:42] | |
mercutio | yeah pacnet suck | [19:46] | |
grody | http://pastebin.com/7QUTMxnH | [19:46] | |
mercutio | i dunno 150 from uk to los angeles is normal | [19:46] | |
grody | similar with ARP | [19:46] | |
mercutio | hop 5 is los angles
hop 6 is japan | [19:46] | |
grody | yea, lax | [19:46] | |
mercutio | i suspect
aimless is a weird name for a router | [19:46] | |
grody | haha
AA name all their stuff something"less" i should obtain a .net.uk for network naming but i like the comedial effect comical? | [19:47] | |
........ (idle for 38mn) | |||
interesting flaw in pfsense
regardless of firewall rules, openvpn client in tap mode to server, server to client can talk to networks in reach via the openvpn | [20:26] | ||
........................... (idle for 2h12mn) | |||
*** | dj_goku_ has quit IRC (Read error: Connection reset by peer) | [22:38] | |
dj_goku has joined #arpnetworks | [22:44] | ||
............ (idle for 57mn) | |||
plett | grody: You would need to be an ISP to get a .net.uk | [23:41] |
↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |