[03:48] <mappps> hi all
[04:27] <diddledan> morning mappps
[04:28] <mappps> morning..still up or just got up?
[04:28] <diddledan> still up :-p
[04:30] <mappps> ;D
[06:57] <MooDoo> hello all
=== Kris_Douglas is now known as KrisDouglas
[08:11] <knightwork> Morning
[08:12] <czajkowski> aloha
[08:17] <davmor2> Morning all
[08:18] <davmor2> I miss JamesTait's morning greetings he so has to have a bot in place for next year
[08:18] <brobostigon> morning boys and girls.
[08:18] <knightwork> ehlo brobostigon , czajkowski
[08:18] <brobostigon> hello knightwork
[08:20] <knightwork> Watching a youtube video on how to get my simcard out of my Oneplus one.
[08:20] <knightwork> it slid off the simcard cassette and is now stuck inside the device
[08:21] <brobostigon> eeeek,
[08:22] <knightwork> yep , the thing needs surgery now.
[08:22] <brobostigon> oh dear, good luck.
[08:23] <knightwork> brobostigon: should work if I slide a plastic card into it to "guide it out".
[08:23] <knightwork> after that i'm kinda done with the oneplus i think.
[08:24] <knightwork> next phone will probaly be a huawei or something.
[08:37] <nucc1> when i see stories like this, i kinda feel glad i stick to the well-known brands :p
[08:37] <nucc1> although my sony xperia z3 was a crappy build too — screen fell right off after about 3 months — poor glue job
[08:40] <nucc1> and sony support is practically non-existent.
[08:50] <diplo> Morning all
[08:51] <diplo> Anyone fancy helping with a mail issue I'm having, "timed out while send Mail From" 442 error, it was just just one domian recieinb email from
[08:51] <diplo> now 2-3
[08:51] <diplo> Anything to look out for ?
[08:59] <nucc1> port 25 working?
[08:59] <nucc1> or is the mail client configured with the correct port?
[08:59] <nucc1> and TLS or Starttls ?
[09:05] <diplo> From what I can see it can be related to the sending server thinking you're spam but we're not in any blacklists
[09:07] <nucc1> timed out suggests a network issue
[09:08] <diplo> Yeah I thought the same ( Sorry issues with line herre, keep getting disconnected )
[09:08] <diplo> Yeah receive 100's of other mails, just ttwo domains so far that are an issue
[09:09] <diplo> Another thing I've just read is about MTU's being different on router / mail server
[09:09] <nucc1> that shouldn't matter
[09:09] <nucc1> TCP has a way of dealing with that.
[09:09] <nucc1> if your internet is ADSL, you almost always have a lower MTU than the typical
[09:10] <nucc1> there's only a problem with MTU if your MTU is bigger and there is a misconfigured router in the way that is not sending ICMP messages informing your router
[09:11] <nucc1> diplo: try sending a small test email with no attachments. see if that goes through.
[09:11] <diplo> yeah it's from remote mail to my clients, my emails go to them fine, it's just from two domains
[09:13] <diplo> But those 2 customers are huge and want top make sure I've checked everything my end first before approaching them
[09:15] <nucc1> you can't receive emails from 2 domains, or you can't send emails to those two domains?
[09:15] <diplo> Receive
[09:15] <nucc1> if the problem is receive, then the problem is at your end.
[09:16] <diplo> And I can receive, it's sporadic 4.4.2 messages they get, some emails come through others don't
[09:16] <nucc1> take some network captures on your mail server and see what's happening
[09:16] <diplo> 100's of other emails come through fine each day
[09:16] <diplo> hehe, just reading a post about that right now
[09:16] <diplo> Rebooting my router brb can't deal with this lag
[09:16] <nucc1> tcpdump -i any -s0 -w /var/tmp/smtp.cap host <mail-server-ip> and port <mail-port>
[09:18] <diplo> k thanks
[09:18] <nucc1> that will generate a file in /var/tmp/smtp.cap which you can view in wireshark
[09:19] <nucc1> you run that capture, and send a test email (it's easier to see what's happening if there's no tls)
[09:19]  * bashrc_ also has a mesh icmp issue, which is probably firewall related
[09:19] <nucc1> if you know the source IP of the smtp client from which the email will arrive, it's also easier to follow the relevant tcp stream
[09:19] <nucc1> bashrc_: what issue?
[09:20] <bashrc_> at the weekend I was trying to set up batman adv. I could see the test peer via avahi, but couldn't ping it
[09:21] <nucc1> likely firewall doesn't allow icmp yes — which is a bit of a silly thing to do anyway
[09:22] <bashrc_> indeed the default firewall is pretty strict. Is there a port for icmp?
[09:24] <diplo> k thanks
[09:25] <nucc1> bashrc_: icmp is a layer 3 protocol. no ports.
[09:26] <bashrc_> ah. So can it be blocked via firewall?
[09:26] <nucc1> yes, a sensible firewall should have a checkmark that says "allow icmp"
[09:26] <nucc1> Windows Firwall blocks icmp by default too
[09:26] <bashrc_> almost certainly I don't have that, so will need to check
[09:26]  * bashrc_ is using iptables
[09:26] <nucc1> i never figured out how to allow icmp except by disabling the damn thing
[09:27] <bashrc_> I have an ultra strict firewall which blocks all the things, and then I selectively open only the needed ports
[09:28] <nucc1> ping is icmp-type echo-request and echo-reply
[09:28] <nucc1> probably wiser to allow all icmp
[09:28] <bashrc_> yes
[09:28] <nucc1> some people think that disabling icmp improves security, but it doesnt.
[09:28] <nucc1> disabling icmp is like shooting the internet in the foot
[09:29] <nucc1> people can still detect that your server is live by opening a connection to port 80, 443, 25, etc
[09:29] <bashrc_> for the regular internet server I do disable icmp (I don't need it), but for mesh being able to ping is useful
[09:29] <nucc1> especially for the internet server, you shoudl enable icmp
[09:29] <nucc1> icmp is the mechanism via which clients detect mismatch on MTU and workaround it
[09:30] <nucc1> when a client sends a packet that is too big, the router is supposed to send an ICMP Fragmentation-Needed packet
[09:30] <nucc1> the receiving client then knows to use smaller packets.
[09:30] <nucc1> If firewalls drop this icmp, the connection will eventually fail, because the packets aren't making it through, and the client is not being told
[09:31] <nucc1> and like i said, disabling icmp does not make you "invisible" on the internet.
[09:32] <bashrc_> in my case disabling icmp on the internet server doesn't have any deleterious effects. It's been running for years that way
[09:33] <nucc1> you might not realise it
[09:34] <nucc1> if your server is not critical, people would just ignore any issues they have with it
[09:34] <nucc1> you're not less safe if you enable it
[09:35] <nucc1> personally, i use 2-Fa auth, and fail2ban
[09:35] <bashrc_> http://www.cyberciti.biz/tips/linux-iptables-9-allow-icmp-ping.html
[09:35] <nucc1> i only use iptables to block outright abusers.
[09:36] <nucc1> bashrc_: ping is not important. it's the other icmp types that are important.
[09:37] <bashrc_> in my case I'd just like to test mesh peers with ping
[09:37] <bashrc_> I can use batctl ping, but I also want to test layer 3
=== Kris_Douglas is now known as KrisDouglas
[10:22] <bigcalm> Good morning peeps :)
[10:23] <davmor2> Morning bigcalm
[10:23] <popey> afternoon
[10:25] <bigcalm> So, back to trying to upgrade these client servers
[10:25] <bigcalm> Being ill last week got in the way a little
[10:25] <popey> clients or servers?
[10:25] <bigcalm> Servers owned by a client
[10:25] <davmor2> popey: their clients, servers
[10:26] <bigcalm> Client's servers
[10:26] <bigcalm> <jpds> bigcalm: It's more likely that they block port 11371
[10:26] <bigcalm> <jpds> bigcalm: Try: hkp://keyserver.ubuntu.com:80
[10:26] <bigcalm> So I tried this: http://paste.ubuntu.com/12106844/ & http://paste.ubuntu.com/12106850/
[10:26] <davmor2> popey: keep up it's only been a fortnight since he spoke about it last what's wrong with you ;)
[10:27] <bigcalm> It was last Tuesday
[10:28] <bigcalm> apt-get update still fails: http://paste.ubuntu.com/12106878/
[10:28] <davmor2> bigcalm: that's like a month in canonical time ;)
[10:28] <bigcalm> Heh
[10:29] <davmor2> bigcalm: sounds like the system they use is using a bastardised version of ubuntu possibly
[10:29] <popey> well, again, you need the key :)
[10:29] <bigcalm> 5 weeks to beer train :)
[10:30] <bigcalm> popey: but the import with apt-key didn't work I take it
[10:30] <popey> i just tested that command and it worked perfectly from my machine here
[10:30] <popey> (the sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 40976EAF437D05B5 )
[10:31] <bigcalm> Okay, so I did get the correct format
[10:31] <popey> yes
[10:31] <bigcalm> The client's hosting company is getting in the way with their firewall I guess
[10:31] <popey> http://paste.ubuntu.com/12106897/
[10:31] <popey> you can test that with telnet surely?
[10:32] <popey> telnet keyserver.ubuntu.com 80
[10:32] <awilkins> At the worst you could get the key manually and paste it into the terminal?
[10:32] <popey> then "GET /" and see what happens
[10:32] <popey> you should get a bunch of html from cassava.canonical.com
[10:32] <popey> if you don't then probably a firewall or some other nonsense in the way
[10:33] <bigcalm> http://paste.ubuntu.com/12106909/
[10:34] <bigcalm> It returned HTML, but with a status 400
[10:34] <popey> ok, good, so not a firewall issue
[10:35] <bigcalm> I get the same response from my machine here
[10:35] <awilkins> Response is from a squid proxy
[10:36] <popey> there are lots of results on google for "gpg: [don't know]: invalid packet (ctb=2d)"
[10:36] <popey> like you're receiving a corrupt key
[10:36] <jpds> bigcalm: Can't you just put the key into a text file and copy and paste it into the server?
[10:37] <popey> bigcalm: what happens if you just "gpg --recv-key 1054b7a24bd6ec30" ?
[10:37] <bigcalm> jpds: it may come to that
[10:37] <popey> yeah, you could just get it from http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x1054B7A24BD6EC30
[10:37] <jpds> bigcalm: Seems like it'll make your life easier
[10:37] <popey> doesn't explain why it fails to get it though
[10:38] <bigcalm> guruuser@GRU01DBS01TEST:~$ gpg --recv-key 1054b7a24bd6ec30
[10:38] <bigcalm> gpg: requesting key 4BD6EC30 from hkp server keys.gnupg.net
[10:38] <bigcalm> It's sitting there, doing nothing
[10:38] <bigcalm> I guess it'll timeout
[10:38] <jpds> bigcalm: Nice hostname
[10:38] <bigcalm> :D
[10:39] <nucc1> usually those hostnames are derived from a pattern
[10:39] <nucc1> sometimes, organisation, department, location, and a serial
[10:39] <bigcalm> Which would make sense for a hosting company
[10:39] <nucc1> yea
[10:42] <awilkins> Ugh, I hate those hostnames
[10:42] <awilkins> And I know they have a purpose
[10:42] <nucc1> they are easy to work with once you know the pattern
[10:43] <nucc1> it's better than "fancy" names which you have to remember
[10:43] <nucc1> somebody tells you we have a problem with the accounting server 03, and you can workout the hostname
[10:43] <nucc1> if they all have star names or movie character names etc, then you need a lookup to determine which accounting server is being referred to
[10:43] <awilkins> I say have both... a scheme of boring names for that reason, and memorable names for other reasons
[10:44] <awilkins> I tend to select names that have *some* correlation with the server purpose
[10:44] <awilkins> Gods from old pantheons are good :-)
[10:44] <awilkins> Like haephestus for a build server
[10:45] <nucc1> memorable names tend not to work
[10:45]  * bashrc_ named one server "Zardos"
[10:49]  * jpds always names his stuff after a theme
[10:49] <jpds> Plenty of "List of" wikipedia pages
[10:50] <popey> we used to use themes
[10:50] <popey> we don't seem to anymore
[10:50] <popey> i blame jpds
[10:50] <jpds> popey: I blame cloud
[10:51] <awilkins> I started using Wikipedia lists of things to name releases in the Ubuntu manner ( Apple, Banana, Clementine )
[10:52] <awilkins> Themed, where possible (for software designed to do things for a surgical classification, particular operations)
[10:52] <awilkins> (the one for diseases was great fun)
[10:52] <awilkins> opening with your "Anthrax" release :-)
[10:53] <popey> we used to use herbs, birds
[10:53] <popey> elements, rocks?
[10:53] <popey> painters...
[10:53] <popey> https://launchpad.net/builders
[10:54] <jpds> popey: So you don't like Gatwick?
[10:54] <popey> haha
[10:54] <awilkins> Ah, good old lgw-01-22
[10:54] <jpds> lcy01-13 was always my favourite
[10:55] <popey> I had a build fail on lgw01-12 yesterday :(
[10:55] <popey> knew he was no good
[10:56] <popey> https://launchpad.net/~ubuntu-touch-coreapps-drivers/+archive/ubuntu/daily/+build/7805065 :(
[10:56] <jpds> Well, can't really blame him given it's libreoffiec
[10:57] <popey> it builds locally
[11:00] <awilkins> That's always a problem with people not checking in local resources though :-P
=== rich is now known as trickyBytes
[11:04] <bigcalm> I've gone with the installing keys from files, but apt-get update is still unhappy: http://paste.ubuntu.com/12107046/
[11:05] <bigcalm> I then wondered what sudo apt-key list would give: http://paste.ubuntu.com/12107047/
[11:07] <bigcalm> Not sure where to go from here
[11:07] <popey> file a support ticket with provider?
[11:09] <bigcalm> Already did so with the client who then talks to the provider. Client has gone on holiday for 2 weeks
[11:09] <bigcalm> If there is nothing else I can do, I'll move on to other things I guess
=== alan_g is now known as alan_g|lunch
[12:46] <davmor2> popey: this will make you smile I just had an insurance quote at £722 :D  When I said ouch I think she knew they had not got the sale :)
[12:48] <popey> hah
[12:48] <popey> why so high?
[12:49] <davmor2> popey: my average is around £360
[12:49] <popey> our babysitter just got a brand new Audi on lease, for insurance she has to have a black box tracking her speed etc
[12:49] <popey> mine's about 270 iirc
[12:49] <directhex> i have no idea what i'm paying for insurance
[12:49] <directhex> i had to fork over a few quid extra vs. the prius, mid-policy
[12:51] <davmor2> popey: Our issue is that our address is on one of the busiest roads in wolverhampton it also how like 8 sets of traffic lights that people refuse to stop for if they can avoid it so there are plenty of accidents so mine goes rocketing
[12:51] <directhex> renewal is october
[12:52] <davmor2> popey: our old address the other side of the carpark the same carpark the car is still parked on was £160 cheaper
[12:52] <davmor2> sorry £120
[12:55] <popey> blimey
[13:02] <zmoylan-pi> your baby sitter drives an audi...
[13:02] <popey> yes.
[13:03]  * bigcalm drums his fingers waiting for the Talos Principle to download on the office computer
[13:03] <bigcalm> Office broadband sucjs
[13:03] <bigcalm> and sucks
[13:03] <zmoylan-pi> or more accurately lacks suckage :-)
=== alan_g|lunch is now known as alan_g
[13:04] <bigcalm> directhex: I have screen shots of you getting out of a coffin. It's most disturbing
[13:04] <directhex> bigcalm: sounds like a friday night to me
[13:05] <bigcalm> I guess you are the only person I know on Steam who has played the game, so your name keeps popping up
[13:05] <bigcalm> Would see other names if other people played it
[13:07] <bigcalm> Or are you Elohim?
[16:13] <bigcalm> Is there a way to get a process back after it has been started with a trailing &
[16:13] <bigcalm> ?
[16:15] <popey> reptyr can do that
[16:15] <daftykins> hmm there's something about foregrounding
[16:15] <popey> https://github.com/nelhage/reptyr
[16:15] <popey> not tried it for a while tho
[16:17] <bigcalm> iain@dumbo:~$ reptyr 26080
[16:17] <bigcalm> Unable to attach to pid 26080: Operation not permitted
[16:17] <bigcalm> It's a cp that I should have started behind a screen
[16:17] <zleap> 20,000 that is a lot of processes if you have nearly 20,000
[16:18] <bigcalm> Was trying to move it over, but did an incorrect step
[16:18] <bigcalm> iain@dumbo:~$ ps aux | wc
[16:18] <bigcalm>     130    1518   10642
[16:18] <bigcalm> There isn't 20k of processes running
[16:19] <shauno> more likely just a lot of uptime.  pids aren't recycled until they need to be
[16:19] <bigcalm> 192 days
[16:20] <popey> does reptyr need root/sudo?
[16:20] <zleap> nice
[16:24] <bigcalm> iain@dumbo:~$ sudo reptyr 26080
[16:24] <bigcalm> [-] Unable to open the tty in the child.
[16:24] <bigcalm> Unable to attach to pid 26080: Permission denied
[16:36] <popey> bigcalm: there's some notes on the github page
[16:36] <popey> [M#bIptrace_scope on Ubuntu Maverick and up
[16:36] <bigcalm> Only 200GB left in the copy
[16:36] <popey> that bit
[16:37] <bigcalm> Aha
[16:37] <bigcalm> popey: thanks :)
[16:37] <daftykins> bigcalm: does "jobs" list the copy that's running out of interest?
[16:38] <bigcalm> daftykins: no
[16:38] <daftykins> probably irrelevant but happened to see it in a google result
[16:38] <daftykins> ah ok
[16:38] <bigcalm> Because it's been placed into the background
[16:39] <bigcalm> Woot, reptyr 26080 worked that time
[16:40] <popey> yay
=== alan_g is now known as alan_g|EOD