***: ben2 has joined #arpnetworks
mercutio has quit IRC (Ping timeout: 250 seconds) brycec: kellytk: Normally what you've described is resolved by set keep-state
(I tried looking at your pf.conf but it's been removed already)
*set keep state
i think
oh my bad, it's this:
block return
pass
That establishes the "keep state" for connections
(Overall my point is that the default pf.conf, at least in OpenBSD, has no problems) grody: fsck my cc company, gonna have to use bloody paypal mc instead
they got real assy after i bought things on play m0unds: bummer ***: hive-mind has quit IRC (Ping timeout: 260 seconds)
ben2 is now known as mercutio kellytk: brycec: http://pastebin.com/6uGA28JM is my ruleset
FYI, it's for FBSD's port of pf ***: hive-mind has joined #arpnetworks brycec: Well assuming it's similar enough to OpenBSD's, then yeah your block by default isn't helping ;P
(it's blocking everything including the return acks) m0unds: ime it's nearly the same as openbsd's pf brycec: (same) m0unds: i love pf brycec: Differs when it comes to specifics like queueing m0unds: yeah brycec: but its common features are the same m0unds: yup brycec: like most languages with regional dialects :p kellytk: bryce, which line?
"block log all"?
Is the traffic being blocked in http://pastebin.com/kzSv01i5 important? It looks like it's related to DNSSEC resolution but I'm not positive brycec: You blocked the response from a DNS server. It happens to be a request for a DNSKEY record, but I don't think that's why it was blocked. It was blocked by rule 1, "block log all" mercutio: heh brycec: (you can confirm which active with "pfctl -sr" of course) kellytk: brycec: What I would like to do is block all, and selectively pass mercutio: udp is nasty BryceBot: That's what she said!! mercutio: well at least if you want to send out udp packets and get them back brycec: Yeah, states and UDP... kellytk: http://pastebin.com/afQv0gj5 is the output of pfctl -sr mercutio: if you allow all responses from port 53, then people can taget any udp ports on your host just by using a source port of 53
there's no direction with udp, ...
there are helpers, but they can have issues too
and i don't think pf supports any of those fancy helper things. brycec: (tftp-proxy...)
(siproxd...) mercutio: tftp-proxy is transparent isn't it? ***: carvite has quit IRC (Ping timeout: 240 seconds) mercutio: err i mean, you redirect the port to a local host
rather than inline
i suppose it makes no diff
anyway, if you use the same external recursive dns you can allow source/destination ip with all ports for udp kellytk: I'm not finding a way to flush Unbound's cache totally (http://unbound.net/documentation/unbound-control.html) Am I missing something? ***: carvite has joined #arpnetworks m0unds: reload Reload the server. This flushes the cache and reads the config
file fresh.
^ kellytk: I just found that, thank you :-)
While running `host update.freebsd.org` the states are http://pastebin.com/bHVa3GDL staticsafe: unbound-control flush * m0unds: or that
hahaha kellytk: staticsafe: Are you sure?
That gave odd output when I tried it staticsafe: root@lasciel:~# unbound-control flush *
ok kellytk: staticsafe: http://pastebin.com/BKvQCAMc staticsafe: thats a shell interpretation problem kellytk: I use tcsh staticsafe: try quoting the whole thing kellytk: What do you mean by whole thing? staticsafe: "/usr/local/sbin/unbound-control flush *" kellytk: /usr/local/sbin/unbound-control flush "*" worked staticsafe: or that kellytk: Thanks for the tip staticsafe staticsafe: np kellytk: So I'm back to the firewall not allowing name resolution mercutio: i didn't realise reload flushes the cache on unbound
that's kind of sub-optimal brycec: that would not be valid :P staticsafe | "/usr/local/sbin/unbound-control flush *" mercutio: i have found that reload tends to crash out though, so i've been doing restarts... brycec: (Unless you have an executable named "unbound-control flush *" of course) staticsafe: ah true mercutio: which is also sub-optimal
that's with ubuntu trusty, i haven't checked to see if it's got better since then. kellytk: http://pastebin.com/1kZ66MPk is a summary of the ruleset problem I'm having
I'm getting the impression /usr/local/sbin/unbound-control flush "*" doesn't actually flush. Results return immediately, whereas after a `service unbound restart` results take a moment
Something else interesting is `host google.com` returns with the firewall up, however `host update.freebsd.org` does not ***: carvite has quit IRC (Ping timeout: 246 seconds)
carvite has joined #arpnetworks staticsafe: possible you are dropping EDNS queries at the firewall
i would suggest adjusting your DNS rules
flush the cache, do queries for google.com and freebsd.org and check firewall log kellytk: staticsafe: Is http://pastebin.com/J3x6PgQA what you mean?
I recall having to add the last line in the past, but when I've looked for recent info on it I only found mailing lists, no docs staticsafe: edns0 (since glibc 2.6)
sets RES_USE_EDNSO in _res.options. This enables support for the DNS extensions described in RFC 2671.
that is on linux kellytk: Which man page? staticsafe: man resolv.conf kellytk: FreeBSD's resolve.conf man page doesn't include an explanation of the option unfortunately staticsafe: its probably not a valid option then
the difference between google.com and freebsd.org is that freebsd.org is DNSSEC signed which requires EDNS queries to validate kellytk: Ok that's what I suspected. So is it likely that the pf ruleset is blocking DNSSEC, but not regular DNS? staticsafe: its breaking EDNS in some way yes BryceBot: That's what she said!! staticsafe: kellytk: http://lists.freebsd.org/pipermail/freebsd-net/2007-May/014190.html brycec: BryceBot: no BryceBot: Oh, okay... I'm sorry. 'its breaking EDNS in some way yes' kellytk: staticsafe: IPv6 isn't necessary for this, correct? staticsafe: no
pf is dropping the fragments kellytk: pass out quick on $pub_if inet proto udp from $pub_if to any port $out_udp_services keep state > pass out quick on $pub_if inet proto udp from $pub_if to any port $out_udp_services keep state keep frag?
staticsafe: What are fragments?
http://www.dnssec-deployment.org/tag/udp-fragments/
Unbound has a edns-buffer-size configuration option to help, however is it correct to think that the better solution is to modify the pf ruleset to allow fragments?
staticsafe: Thoughts on using scrub fragment reassemble?
This is strange. Two identically configured FreeBSD boxes on my LAN, each having "scrub fragment reassemble" added to pf.conf, one can resolve update.freebsd.org and the other cannot staticsafe: i do not know, i don't have experience with pf kellytk: Which firewall do you use?
Two identically configured boxes on the LAN (except for differing pf.conf), working pf.conf http://pastie.org/private/o6exhdd0wgyofhf0htcq and the broken pf.conf http://pastie.org/private/paf0wnaik0i49l2q0cxyyq
Ok this is odd, when I drop the firewall on the broken box and rerun `host update.freebsd.org`, it still returns "Host update.freebsd.org not found: 3(NXDOMAIN)" mnathani_: up_the_irons brycec mercutio : I emailed softlayer yesterday about the domain they hadn't registered. No response and it is still not registered. mercutio: mnathani_: hahahaha kellytk: Register it and redirect to a lolcats? mercutio: well you've given them fair warning -: brycec owns too many domains as is, and isn't feeling overly dickish today. mercutio: direct it to ovh brycec: lolol mercutio: would be embarassing for them brycec: or worse, GoDaddy mercutio: set the nameserver expiry times insanely long
and direct to goatse
i dunno it depends how much you want to stir :) mnathani_: I would rather they fix it mercutio: yeah :) mnathani_: as one of my clients is about to become a customer of theirs BryceBot: That's what she said!! mnathani_: BryceBot: nbo
BryceBot: no BryceBot: Oh, okay... I'm sorry. 'as one of my clients is about to become a customer of theirs' mercutio: you could just register it and set the name registration to their name servers
you could register it, and say that you got no response and go public
and say you're willing to give it to them at cost mnathani_: I wouldnt want to risk a lawsuit mercutio: but going public without registering it first would be irresponsible
i thought you were in canada for some reaosn mnathani_: I am in Canada
they have a datacenter here also mercutio: oh, i thought that protected you from US lawsuits for the most part.
at least frivilous ones.
apparently there's a big el nino thing happening soon mnathani_: close to Mexico? mercutio: and july was the hottest recorded month on average around the world.
across huge areas afaik
across pacific ocean it seems
i'm trying to find something more moderate and balanced rather than alarming
not to much avail
http://www.thedailybeast.com/articles/2015/09/01/we-re-worse-off-than-ever-for-el-ni-o.html
this seems better than most
it's still a bit alarming though. staticsafe: kellytk: i use iptables for the most part m0unds: i'd love to see some fear mongering about when we don't have el nino patterns mercutio: there's the non el nino pattern too m0unds: i know
but no fear mongering mercutio: hmm, apparently el nino may bring rain to california m0unds: SW US enjoys el nino because it means we get rain
and it means we have fewer forest fires mercutio: heh
winter here hasn't been neraly as wet or stormy as last year. staticsafe: .w m0unds: i wonder what would happen if someone registered that softlayer domain staticsafe: hm what was the trigger mercutio: @weather BryceBot: mercutio: Fetching weather for your previous query (akl). kellytk: staticsafe: A greater oddity has arisen. With firewalls disabled, one server correctly resolves `host update.freebsd.org` whereas the other server returns ";; connection timed out; no servers could be reached" BryceBot: Auckland International, New Zealand: Mostly Cloudy ☁ 57°F (14°C), Humidity: 82%, Wind: From the West at 28 MPH -- For more details including the forecast and almanac, see http://www.wunderground.com/cgi-bin/findweather/getForecast?query=-37.00805664,174.79167175 or re-request this with: @weather -v staticsafe: m0unds: i don't want to know enough to risk a lawsuit
well m0unds: staticsafe: lol staticsafe: UDRP process maybe mercutio: maybe brycebot can register it m0unds: be a sport staticsafe: eh even if somebody did, Softlayer has certainly enough money and lawyers to file a UDRP
which would be decided in their favour mercutio: "The selection and placement of stories on this page were determined automatically by a computer programme. "
does google news spell program as programme for other people too? m0unds: probably localization mercutio: or is it trying to use US vs UK spelling. m0unds: e.g. you're in a place where that might be normal mercutio: here it's normal to call computer programs, programs.
but if you have an event or something you may have a programme m0unds: would you otherwise say UK english is pretty typical? mercutio: yeah. m0unds: ok brycec: What's sorta weird is news.google.com shows "program" even though my language is en-UK
Perhaps because this is the "U.S. edition" mercutio: i don't even remember seeing that statement before. m0unds: it says programme on news.google.co.uk
it says program on news.google.com w/en_us brycec: It has said it for a long time staticsafe: brycec: maybe it is IP geo-locating you
:P ***: kellytk has left "WeeChat 1.0.1" mercutio: i'm on www.google.co.nz with news tab m0unds: it says program on co.nz
for me brycec: lol I switched edition to UK and now it's programme https://news.google.com/?edchanged=1&ned=uk&authuser=0 m0unds: google is mysterious mercutio: brycec: probably just didn't notice m0unds: hahaha mercutio: i don't usually scroll down all the way brycec: And when I switch it to France edition, it's all in french, including programmae
*programme -: m0unds waits for google to tell brycec to make up his mind m0unds: we can't profile you if we don't know where you are and what language you want mercutio: how do you switch editions
i tried appending &ned=us and it's still programme brycec: "But Google, I care about the world and speak multiple languages!"
mercutio: there's a drop-down for me m0unds: based on your search history, we can confirm you're a liar brycec: https://dl.dropboxusercontent.com/u/3167967/screenshot_2015-09-02_16-23-29.png m0unds: redirecting to pig latin edition mercutio: oh that looks totally different
i don't even have the top stories on the left
ahh goign to news.google.com is different brycec: And just for completeness https://dl.dropboxusercontent.com/u/3167967/screenshot_2015-09-02_16-24-39.png ***: carvite has quit IRC (Ping timeout: 252 seconds) mercutio: the american news is more disturbing
for some strange reason australia tells me about another china chemical explosion. ***: carvite has joined #arpnetworks mercutio: i wonder how they decide what's important for different regions. brycec: Australia? like the whole entire country at once, shouting it across the sea? :D mercutio: australia google news dition
there's actually no china english edition brycec: Whatever, I liked my mental image better. m0unds: australia just shouting about a chemical explosion
what would australia sound like? mercutio: not sure brycec: @google site:youtube.com Australians shouting BryceBot: 2,490 total results returned for 'site:youtube.com Australians shouting', here's 3
A century worth shouting about. 100 years of the Royal Australian ... (http://www.youtube.com/redirect?event=stream_redirect&q=http%3A%2F%2Fwww.insidehistory.com.au%2F2013%2F10%2Fa-century-worth-shouting-about%2F&usg=VVFYdiLaFnMweikWVjKABUmaEh4=) Oct 3, 2013 ... Lindsey Shaw, formerly a Senior Curator at the Australian National Maritime Museum, starts a series of four articles on the history of the Royal ...
Are you God? Crazy guy shouting on Australian Train - YouTube (http://www.youtube.com/watch?v=uq5DzvqJma0) Dec 19, 2013 ... Are you God? Crazy guy shouting on Australian Train. ... Are you God? Crazy guy shouting on Australian Train. MCARDLEPRODUCTIONS.
Construction Workers Shouting Catcalls Women Can Appreciate ... (http://www.youtube.com/redirect?event=stream_redirect&q=http%3A%2F%2Fwallstreetinsanity.com%2Fconstruction-workers-shouting-catcalls-women-can-appreciate-video%2F&usg=4V43l-ajdmbsmA1yXc9ZQTPShKc=) Mar 27, 2014 ... Snickers has released a new ad in Australia that has good intentions, ... The builders then shouted loud, empowering statements at the women ... m0unds: are you god video sounds like it might be a winner -: m0unds loads staticsafe: well then brycec: I am suitably amused.
Especially the part where they try and push him off/down m0unds: yeah
imagining him screaming about chemical explosions brycec: Needs more female voices shouting too though mercutio: haha staticsafe: Java based IPMIs make me sad mercutio: the ipmi isn't java based
it's the kvm that is java staticsafe: yeah thats what I meant mercutio: you can use ipmitool and serial console to get around it
and you can reboot etc with ipmitool too
but yeah java isn't even supported in chrome anymore :(
and it never really seemed that great. ***: mnathani_ has quit IRC (Read error: No route to host)
mnathani_ has joined #arpnetworks mercutio: https://www.snellman.net/blog/archive/2015-09-01-the-most-obsolete-infrastructure-money-could-buy/ ***: kellytk has joined #arpnetworks kellytk: I figured out the Unbound resolution issue. After removing the search domain, all became well. It's an imperfect solution as I made use of the search domain feature however
Has anyone seen "Could not establish a chain of trust to keys for ntp.org. DNSKEY IN" in unbound.log? In the course of research it seems to be possibly related to pf ruleset + UDP fragmentation, however my pf ruleset should handle frags with its `scrub fragment reassemble` option, so I'm confused gizmoguy: dnssec is probably going to occur over TCP
do you handle tcp fragmentation? BryceBot: That's what she said!! kellytk: gizmoguy: http://pastie.org/private/imat8lhakzvxkt0fbytmla is my entire pf.conf
I don't believe I do
FWIW I'm using the FreeBSD pf port. Can you suggest any improvements to my ruleset? gizmoguy: you shouldn't really have to handle fragmentation differently BryceBot: That's what she said!! gizmoguy: also I can't say I've used pf before..
hold up
is ntp.org even signed?
no it's not kellytk: I don't know gizmoguy: I would suspect that's why DNSSEC to ntp.org fails kellytk: So that failure is normal? gizmoguy: maybe? ***: milki has quit IRC (Ping timeout: 256 seconds)
grody has quit IRC (Remote host closed the connection)
milki has joined #arpnetworks
grody has joined #arpnetworks m0unds: BryceBot: no BryceBot: Oh, okay... I'm sorry. 'you shouldn't really have to handle fragmentation differently' kellytk: What is the purpose of that bot BTW? m0unds_: gross packet loss gizmoguy: @last m0unds_ BryceBot: gizmoguy, I last saw m0unds_ 4 sec ago saying in a channel: gross packet loss. m0unds_: can't even stay connected to my VM via ipv6 kellytk: Oh gizmoguy: ipv6 is for losers mike-burns: I've switched to IPv9. kellytk: block log quick inet6 all m0unds_: mike-burns: how is v9? do your pakkitz travel at least 15% faster than the speed of light? gizmoguy: i run chimiak-enhanced-ipv4 m0unds_: they arrive before they were transmitted mike-burns: Yes but that makes them very loud. gizmoguy: best ipv4
https://tools.ietf.org/html/draft-chimiak-enhanced-ipv4-00 m0unds_: hahaha gizmoguy: basically he removes some cruft from the ipv4 header and lets you use 64bit ipv4 addresses
for some reason it didn't take off m0unds_: funny
ah yes, NTT return path shittiness
just saw 50% packet loss at s3, then my session died
sweet mercutio: gizmoguy: that sounds like a good idea m0unds_: mercutio: anything going on w/ipv6? mercutio: m0unds: nothing diff from usual that i know about m0unds_: i thought it was ntt being stupid, but i keep seeing packet loss at s3 incrementing, then my ssh session drops when it hits 50% mercutio: wow
i'm seeing something funky
with ntt too hah
wtf
it's not even all ntt, ..
hmm and i trace again and it's fine m0unds_: yeah, it's fine right now mercutio: yeah i was tracing to www.kame.net m0unds_: give it a minute, it'll get weird again
it's getting worse now mercutio: oh it's going funky again m0unds_: yeah
haha mercutio: and it hits japan ok
then it hits another router in japan and starts dropping m0unds_: me -> arp via ipv6 goes comcast -> he -> arp mercutio: in both directions? m0unds_: nah, outbound to arp only
return is ntt
outbound to arp is worse
ntt is just regular old flaky ntt mercutio: i'm not well situated for ipv6 test sites atm m0unds_: it seems like it's just v6 that's acting up though, for sure mercutio: vultr in sydney seems fine atm m0unds_: because i'm still connected via v4 mercutio: but i'll keep it going m0unds_: and that goes level3, not ntt mercutio: bah late hops on vult just screwed up
and of course there's no reverse lookups and 12 hops... m0unds_: hahaha ***: grody has quit IRC (Remote host closed the connection) m0unds_: just hit...75% loss and dropped ***: grody has joined #arpnetworks mercutio: toggling asn info isn't working
if you press z does it tell you asn's in mtr? m0unds_: negative, it's not doing it
used to mercutio: damnit m0unds_: it's working on my vm mercutio: maybe it only ever worked with ipv4 m0unds_: what version of mtr are you? mercutio: 0.86 m0unds_: i have .86 on fbsd and .82 on deb
oh mercutio: on openbsd m0unds_: hm mercutio: and 0.85 on linux
neither are working m0unds_: it's working on freebsd but not debian on an rpi
weird
hahaha mercutio: it's showing loss from vultr in the same way
vultr mostly use ntt afaik m0unds_: oh, -z isn't a flag on .82 that's why mercutio: 2402:7800
i'm pressing inside the app
hmm 2402:7800 is vocus
so vultr's screwing up on vocus
before hitting arp even
vultr is vocus in both directions
not ntt
although i'm not sure what 2001:504:13::210:136 is
it's probably coresite though m0unds_: coresite
yea mercutio: this is whack though
i'm mtr'ing in both directions, and one way is showing much more loss than the other
and my smokeping has been broken for 40 minutes too
wtf
40 minutes ago it got TERM signals
so i have no ipv4 smokepings to look at
but if i look at sydney's smokeping stuff to arp there was some loss a couple of hours ago
so there may be concurrent vocus and ntt issues ***: mhoran has quit IRC (Ping timeout: 256 seconds)
mhoran has joined #arpnetworks
ChanServ sets mode: +o mhoran mercutio: i'm struggling to determine any consistent patterns ***: KDE_Perry has quit IRC (Read error: Connection reset by peer)
KDE_Perry has joined #arpnetworks mercutio: it's only www.kame.net i saw the severe loss pattern too
oh another bind crash vulnerability m0unds_: yup
did coresite die?
looks like the route changed, outbound from me to arp changed from he to ntt, and return path is still ntt
lol, he's lg at one wilshire looks awful mercutio: awful to arp or awful in general? m0unds_: awful in general mercutio: hmm
yeah not sure what's happening tbh m0unds_: 800ms to me from lax @ coresite
hahaha mercutio: ouch m0unds_: vs 35ms to me from equinix
pinging arpnetworks.com via coresite lg = 750ms mercutio: it seems a lot of disparate failures at once m0unds_: yeah mercutio: so i'm wondering what the connection is
it may fibre cut
there was fibre cut in san francisco the other day
maybe there were more
i think it's up to like 13 in the last year?
of reported cuts around there m0unds_: yea mercutio: but they seem to cluster a bit m0unds_: oh well, weird as hell
time for planetside mercutio: it does make me think i should setup better ipv6 monitoring though :) m0unds_: yea, i have just long interval ping monitoring via uptimerobot ***: brycec has quit IRC (Ping timeout: 244 seconds)
brycec has joined #arpnetworks
milki has quit IRC (Ping timeout: 256 seconds)
milki has joined #arpnetworks brycec: Am I the only one getting horribly network activity?
i worded that badly
oh a quick skim of the backlog is ffffffasfl;jksadjkladljkasdjkl;sdjkl;asjkl;asjkl;asasdfjkasdfjkasdf[
it hung again ^
I'll have to get more info, but looks like I haven't been alone up_the_irons: brycec: i liked your mental image better too brycec: Thanks. When a country can work together as one voice, it's always great.
Now, wtf is up with my connection???. I have too much shit to get done to debug this stuff.
https://smokeping.cobryce.com/?target=ARP shows some nasty IPv6 latency and spikes since 5pm
(inside ARP)
And it's really fucking with my SSH session.
I feel so dirty, connected to my VPS over IPv4
but hopefully it's smoother
(Hm an mtr I've left running for awhile from my VPS to an ipv6 host shows 3% packet loss starting at the second hop 2001:504:13::1a, that would be the first hop beyond ARP.
Aw I had 30 days connected to this Freenode server too, lost due to the network issues I was seeing. milki: aha up_the_irons: 2001:504:13::1a is an Any2 IX peer brycec: At this very second, it's dropping packets for me
Just started flowing
dropping
flowing
(that was 45 seconds dropping)
dropping
flowing after 36 seconds
dropping m0unds_: brycec: mine was working via v4
v6 was terribad for a long while brycec: flowing
(I also dropped 2 packets to ARP's router :O) m0unds_: that's what it was doing for me too - it was bad when my v6 route was via he brycec: (that was another 42 seconds of dropped packets) m0unds_: but it seemed to change the last time i tracerouted and it was using ntt instead brycec: dropping...
Wow m0unds_: the coresite he lg was hosed - 900ms to itself, 900ms to arp, 900ms to other stuff brycec: This is... BryceBot: That's what she said!! brycec: flowing m0unds_: hahaha brycec: 52 seconds, and again 2 dropped @ ARP
dropping...
flowing, 52 seconds agin
this is cray cray
looks like it drops every 90 seconds or so for about 52 seconds
(I should point out that HE is involved in all directions and destinations to which I have access - I can't mtr from a non-HE address besides ARP)
Well it's not the cleanest way to share two mtr's but it works :P Issue is that he.net->ntt.net handoff it looks like https://dl.dropboxusercontent.com/u/3167967/screenshot_2015-09-02_21-35-05.png
Dear up_the_irons please to be fixing upstream's issue, kthx mercutio: brycec: there were issues with just ntt in both directions too
and there were issues with vocus/any2ix
brycec: did it come right? brycec: Still craptastic
Dropped up to a few seconds even
*a few seconds ago
And there it goes dropping again
flowing again
(but it's not worth flooding the channel, and I have better things to do.) mercutio: got an ip address can trace to to reproduce? brycec: 2607:f2f8:a650::3 mercutio: from arp i mean :) brycec: 2001:470:4:2a5::feed:dead mercutio: cool
that coresite hop having high pings suggests the router is under heavy cpu load brycec: I'm happy to say in the last 60 seconds, I've only dropped 1 packet in mtr.
Agreed.
(I figure it will sort itself out soon enough)
aka "eventually" mercutio: yeah i was thinking that a couple of hours ago
even across any2ix direct it does that brycec: knock on wood but it's looking more stable right now. mercutio: i'm seeing around 0.7% loss brycec: 11/500 packets dropped mercutio: that's like 2% loss
i have 3 out of 519 dropped brycec: (% without context can be a bit hard to grasp. 50% of 2 packets vs 500 can indicate very different things :P) mercutio: yeah
can be different if they're all dropped in a row etc too m0unds: sounds better kellytk: Running Unbound, is there a reason why a fresh start up is often met with a random number of failures (0-~5) to resolve update.freebsd.org, but not google.com? I suspect the former being signed and the latter not has something to do with it ***: hive-mind has quit IRC (Ping timeout: 246 seconds)