/srv/irclogs.ubuntu.com/2016/08/05/#ubuntu-za.txt

magespawn	good morning	05:02
superfly	good morning magespawn	05:34
superfly	wow, chesedo, your IRC client is having fun	05:34
paddatrapper	Morning magespawn, superfly	06:00
superfly	hey paddatrapper	06:00
paddatrapper	How goes it superfly?	06:01
superfly	paddatrapper: full of hate right now, to be honest. too many things that don't work and cost me money that I don't have.	06:02
superfly	and I can rant and rage, but it's not going to change anything.	06:02
superfly	Department of Home Affairs. Need I say more?	06:02
paddatrapper	Say no more. I perfectly understand your rage...	06:05
andrewlsd	superfly: "despite all my rage, Home Affairs is still taking and age" [rat in a cage]	06:21
superfly	andrewlsd: no, they're nopt taking an age, they're outsourcing their visa stuff to a company that has no clue on the requirements for visas, so that I get a rejection 2 years later because of said company's incompetence	06:22
andrewlsd	yip. ... and at your expense.	06:56
ra1v3n	Good morning	07:14
andrewlsd	hi ra1v3n	07:16
ra1v3n	Hello andrewlsd	07:17
Sicelo	superfly: you need visa to be in SA?	07:30
ra1v3n	Depends on your country of origin	07:31
Sicelo	of course .. that's why i'm asking	07:32
* Sicelo thought superfly was SA citizen		07:32
superfly	Sicelo: I am, but my wife isn't	07:32
Sicelo	ah .. i'm also non-South African, and completely agree that the VFS system is just a mess :(	07:34
Sicelo	and the hectic fees they have, omg!	07:35
superfly	Sicelo: exactly. and because my wife is married to a South African, we don't have to pay Home Affairs' fees. Now we're getting slapped with VFS's fees when we would not normally pay, and we never asked for VFS in the first palce	07:42
superfly	*place	07:42
=== MaNL is now known as MaNI
Kilos	hi superfly inetpro paddatrapper magespawn Langjan MaNI and all others	08:16
Kilos	what happened Langjan	08:16
superfly	evening Kilos	08:16
Kilos	you broke it	08:17
paddatrapper	Hey Kilos	08:18
Langjan	Hi Kilos het jy lekker gerus?	08:46
Kilos	ai!	08:57
Langjan	Chasing sheep Kilos?	09:11
Kilos	i was	09:15
Kilos	hehe	09:15
Kilos	actually moving hay / lucerne mix where they can get to it	09:16
Kilos	Langjan so tell what you broke man	09:16
Langjan	Hi Kilos vertel my eers of je lekker geslaap het en uitgerus is vir die nuwe uitdagings wat my brekasies bied?	09:19
Langjan	jy	09:19
Kilos	man ek het geslaap	09:20
Langjan	Uitgerus?	09:20
Kilos	lekker warm in die bed , wou nie opstaan nie	09:20
Langjan	Ek het so gesien...lmga!	09:20
Kilos	haha	09:20
Kilos	was 7 uur wakker maar was te koud om op te sit of staan	09:21
Langjan	ai, was net onder 7° hier, nie te sleg nie	09:21
Kilos	now tell me what i need to start thinking about	09:21
Kilos	ryp hier weer	09:22
Langjan	Ok, I decided to use the other HDD with Zorin installed because its IDE and I want to get it to a stgae where I can get my onconverted friend to sit down and do everything that he does on windopz	09:23
Langjan	stage	09:23
Kilos	ok	09:23
Langjan	Its running nicely, just had to sort the jumpers out first	09:24
Langjan	so have a spare 160 GB HDD	09:24
Langjan	I upgraded his ram from 1,5 to 2 GB in trade for the HDD	09:25
Kilos	ok	09:25
Langjan	Another Q	09:25
Kilos	?	09:26
Langjan	I have a 5,7 GB folder named Systemback, dunno where it came from, want to delete it	09:26
Kilos	systemback is that tool for making an iso of your running system	09:26
Langjan	Its not a tool, its a folder	09:27
Kilos	yes man but the tool makes folders when you run it so it knows what you have going there	09:27
Langjan	Contents look the same as /home except my documents and pics are not there	09:28
Kilos	you ran system back before right?	09:28
ra1v3n	make it into an Iso burn to dvd ... then clear the backup	09:28
ra1v3n	simples	09:28
ra1v3n	^^	09:28
Langjan	Cant remember if I did	09:29
Kilos	too big for dvd	09:29
Langjan	thks ra1v3n	09:29
Kilos	you cant have a systemback folder unless you ran it	09:29
Langjan	ok then I ran it, do I need it?	09:30
Kilos	well	09:30
Kilos	debatable	09:30
Langjan	well	09:30
Langjan	lets debate	09:30
Kilos	did you make a stick with the iso on	09:30
ra1v3n	Langjan, you can clear the system back folder from within system back	09:30
ra1v3n	I never include playonlinux etc. you can exclude certain folders	09:31
Langjan	Kilos, you mean an iso of the systemback? No	09:31
ra1v3n	back those up separately	09:32
Kilos	that was the whole idea of running it Langjan	09:32
Langjan	I always back up my file and pic and email folders separately	09:32
Kilos	if you feel you dont need it you can aptitude purge systemback	09:32
ra1v3n	if your system is running perfectly and you want a backup .... clear the systemback and create a new one	09:32
Langjan	OK that makes sense thks ra1v3n	09:33
Kilos	listen to ra1v3n	09:33
ra1v3n	what I do Is I create a new user with full priveledges (so that I get a clean homefolder)	09:33
ra1v3n	then run systemback from inside that user	09:33
ra1v3n	then once done I write to dvd	09:33
ra1v3n	destroy the temporary user	09:34
ra1v3n	clear the systemback folder	09:34
ra1v3n	back up all your aps with aptoncd	09:34
Langjan	sounds complicated but worth doing	09:35
Langjan	what about vbox?	09:35
ra1v3n	then write that to a dvd aswell (make sure you select dvd image NOT cd)	09:35
ra1v3n	then back up the excluded folder like your WINE and Playonlinux and all your doccies and pics	09:36
ra1v3n	then if the shite does hit the fan you can recover quickly	09:36
Langjan	will vbox also run after backup	09:36
ra1v3n	yes its complicated but it makes life easier after a crash	09:36
ra1v3n	virtualbox?	09:36
Langjan	dont use wine and playonlinux	09:36
ra1v3n	In what way?	09:37
Langjan	yes	09:37
ra1v3n	the virtualbox app itself will be backed up	09:37
ra1v3n	but I suggest you backup your vbox appliances seperately	09:37
ra1v3n	this is why I create a dummy user .... clean homefolder no fluff like masive vbox appliances	09:38
Langjan	By appliances do you mean the Win xp os running there?	09:38
ra1v3n	yes	09:38
Kilos	and so the truth comes out	09:39
ra1v3n	on the HDD the will be a folder called Win Xp etc ... it will contain the virtual HDD and associated files	09:39
Kilos	hidden xp	09:39
ra1v3n	LOL Kilos	09:39
Kilos	sigh	09:39
ra1v3n	Within the menu tab of Vbox you can select to backup this applaiance and vbox will create a single compressed bundled file similar to a tarball	09:40
Langjan	OK I will give it a go and see how far I can get before knocking on your door	09:40
ra1v3n	take that and write it to a backup dvd or place it on another HDD	09:41
ra1v3n	google if you get stuck .... tons of tutorials on all of these online	09:41
Langjan	OK many thks	09:41
ra1v3n	I normally do this all as soon as I have my setup installed and everything is working	09:41
Kilos	i made a systemback flash disk and installed from it and asll pics and everything same on desktop as on lappy	09:42
ra1v3n	'm here often aswell if you need help	09:42
ra1v3n	yeah systemback is awesome especially if you need to clone a system in a hurry	09:42
Langjan	Many thanks ra1v3n, will do	09:43
Kilos	hidden xp	09:43
Kilos	now youve ruined a friendship	09:43
ra1v3n	I make the Dummy User so that I'm working from a clean homefolder	09:43
Kilos	think up an excuse quickly	09:43
ra1v3n	because after a few weeks of working your homefolder will never fit on a dvd	09:44
Kilos	hi exupboy welcome to ubuntu-za	09:44
Kilos	dvds are old fashioned things	09:45
Kilos	flash sicks come in many sizes	09:45
Langjan	So thats my story for the day Kilos - nothing broke. Fortunately I'm not using kde, lmga!	09:45
Kilos	sticks/disks	09:46
Langjan	drives?	09:46
Kilos	haha so cheeky this bally	09:46
Kilos	ja man memory sticks	09:46
Kilos	flash disks	09:46
Langjan	'cause I know I can outrun you	09:46
Kilos	flash drives	09:46
Kilos	usb memory modules	09:47
Langjan	flash drives, usb sticks, stiffies, whatchamacallits	09:47
Kilos	and you must remember the turmeric stuff Langjan the you wont find things you have no idea how or where they came from	09:48
Langjan	katottertjies	09:48
exupboy	Hi There, thanks	09:48
Langjan	We chat again when youre pushing 74 Kilos	09:48
Kilos	nono you wont be around	09:49
Langjan	I will, dunno about you	09:49
Kilos	chat now before you forget who i am	09:49
Langjan	lmga1	09:49
Kilos	hee hee	09:49
Langjan	!	09:49
Langjan	Ok im gonna log off and practice some systemrestore	09:50
Kilos	enjoy	09:50
Langjan	where do I find the dam thing?	09:50
Kilos	what	09:50
Kilos	luckily you head is glued on	09:51
Langjan	system restore - and my computer!	09:51
magespawn	in the dam things place, where else	09:51
Kilos	lol	09:51
Langjan	if its in the dam its broken, not waterproof. Hi magespawn how are you keeping?	09:51
magespawn	good and you Langjan ?	09:52
Langjan	fine thks	09:53
Langjan	just battling a bit with the laatslapers	09:53
Kilos	hahaha	09:53
Langjan	see the guilty conscience?	09:53
Kilos	hehehehe	09:53
Langjan	lmga	09:53
Langjan	glad youre honest my friend, thats why I like you so much	09:54
Kilos	oh only because of my honestly	09:54
Langjan	even if you keep nagging	09:54
Kilos	honesty	09:54
Kilos	haha	09:54
Kilos	those with blocked ears need nagging	09:55
Langjan	now youre fishing for compliments...	09:55
Kilos	oh	09:55
Langjan	how many you want?	09:55
Kilos	and those with bad memories	09:55
Kilos	i dont need compliments ty sir	09:55
Langjan	I have 8 Gb	09:55
Langjan	Arrogant young man!	09:56
Kilos	that will make a good backup iso	09:56
Langjan	on my RAM?	09:56
Kilos	i have systemback iso on an 8g stick as well	09:56
Langjan	Can see you chase too many rams and ewes around	09:57
Kilos	what are you talking about	09:57
Kilos	you have 8g ram	09:57
Langjan	maybe its 4, I forgot	09:58
Langjan	lmga	09:58
Kilos	hahaha	09:58
Langjan	jy moet mooi bly en die dag geniet	09:58
Kilos	i have found the best time to help peeps that need nagging is when they are in the bath	09:59
Kilos	make them wash their ears well so they can hear properly	09:59
Langjan	good idea, will tell my caregiver	09:59
Kilos	lol	10:00
Langjan	bye for now	10:00
Kilos	cheers Langjan have a good day sir	10:00
Langjan	You too thks Kilos	10:01
chesedo	superfly: i'm suspecting bad internet	10:01
chesedo	afternoon all btw...	10:01
Kilos	hi chesedo	10:01
andrewlsd	Fun reading: http://www.eweek.com/security/black-hat-do-usb-keys-left-in-parking-lots-get-picked-up.html	10:02
ra1v3n	Never under any circumstances insert a USB key that you don't own or haven't just removed from its packaging after purchase	10:10
andrewlsd	^ yip	10:30
magespawn	but why, could be so much of fun	10:50
Kilos	whats a usb key? a thing you open car doors with?	11:17
ra1v3n	Im back	11:17
ra1v3n	usb key, stick, drive flashdrive	11:18
ra1v3n	same thing	11:18
Kilos	why would they be left lying around in parking lots	11:19
Kilos	i go read that link	11:19
ra1v3n	lol	11:19
Kilos	too much to read	11:22
ra1v3n	lol	11:25
andrewlsd	Kilos: TL;DR : make USB with malicious software / firmware. "lose" them at strategic points. Wait for users to insert USB dongles into their computers. Profit from the pwnage.	11:28
Kilos	ah	11:34
Kilos	even linux pcs?	11:35
ra1v3n	yes	11:35
Kilos	oh my	11:35
ra1v3n	there are some rootkits that can easily infect a linux box	11:35
ra1v3n	and there are certain virii that are at the firmware level	11:36
andrewlsd	+1 ra1v3n	11:40
andrewlsd	nothing like physical access to bypass many layers of security	11:40
ra1v3n	oh yeah	11:41
ra1v3n	bare metal access	11:41
ra1v3n	later all	11:51
ra1v3n	ciao 4 now	11:51
andrewlsd	ciao	11:51
andrewlsd	Have a good afternoon everyone :-)	12:32
Kilos	hehe	12:34
Kilos	you too andrewlsd	12:34
Kilos	dunno how you did that	12:35
magespawn	go to go out chat later	12:35
Kilos	Have a good afternoon everyone	12:35
Kilos	go well magespawn	12:35
andrewlsd	enjoy the weekend everyone	13:02
ra1v3n	Hello again all	14:01
Kilos	hi ra1v3n	14:02
ra1v3n	Hello kilos	14:04
pavlushka	can anyone tell me which part is the driver code here, https://github.com/lwfinger/rtlwifi_new/pull/74/files ?	15:07
pavlushka	and Greetings ZA!	15:07
ra1v3n	I'm Back!	15:54
kulelu88	theblazehen: you around?	16:02
pavlushka	can anyone tell me which part is the driver code here, https://github.com/lwfinger/rtlwifi_new/pull/74/files ?	16:54
Kilos	pavlushka ask that at #ubuntu as well	16:55
pavlushka	Kilos: copy	16:55
Kilos	no one knows who is doing what here on friday evening	16:56
ra1v3n	pavlushka, there is no driver code there	16:56
pavlushka	ra1v3n: in the result of "lspci \| grep Wireless"	16:58
ra1v3n	the code is at the beginning of the output	16:59
ra1v3n	then just follow the instructions	17:00
ra1v3n	should be in this format: 00.00.0 (Unless I'm mistaken)	17:01
pavlushka	ra1v3n: you mean something like "01:00.0" ?	17:01
ra1v3n	yep	17:01
pavlushka	ra1v3n: thanks :)	17:01
ra1v3n	give it a go	17:02
ra1v3n	your'e welcome ^^	17:02
ra1v3n	let me know how you do	17:04
theblazehen	kulelu88: what's up?	17:26
ra1v3n	Hello pavlushka did you win?	18:03
pavlushka	ra1v3n: its on someone else's pc, will confirm you after getting the result, :)	18:09
ra1v3n	kewl	18:10
ra1v3n	kewl	18:10
ra1v3n	Goodnight guys have a good one	18:17
magespawn	chat later all	18:20
Kilos	hi SEptic inetpro superfly	18:41
SEptic	evening ... tips hat	18:41
Symmetria	mmmmm	19:07
Symmetria	anyone here run their own DNS recusors?	19:07
SEptic	pft, silly kdewallt	19:10
SEptic	kdewallet	19:10
Kilos	lol	19:10
SEptic	beautifully engineered concept of software... it's finding the start button thats the problem :P	19:11
SEptic	i think it's just being a bit of a woman with 16.04, but sure it'll get fixed up as we go	19:12
SEptic	got my office colleagues to wipe windows and come over to the dark-side	19:13
Kilos	cool	19:13
superfly	SEptic: there's a cunning trick with KWallet, if you don't mind the security aspects of it too much. Just set your password to be blank, and it no longer prompts for your password.	19:14
SEptic	i did try that cunning plan me Lord, it did work for a couple reboots	19:15
SEptic	i'm having issues with it not opening wallets, not even prompting to open them	19:16
SEptic	if i create a new wallet and do things then its 100%	19:16
SEptic	but after a couple boots it just doesn't prompt to open the wallet at all	19:17
SEptic	if i gooi the wallet manager and click "open", then my laptop just sits and stares blankly at me	19:17
SEptic	i am new to the wallet-y thing though	19:18
superfly	I last saw KWallet ages ago. if it is in use, I am not seeing it.	19:18
superfly	I no longer use KMail for my e-mail, so that's probably also why.	19:19
SEptic	haha, yea, i tried disabling completely, but then have to enter wifi passwords everytime i connect	19:19
pavlushka__	hehe, theblazehen ping	19:30
pavlushka__	now I am a quassel dude, yo	19:30
theblazehen	pavlushka__: nice :)	19:31
Kilos	haha	19:31
Symmetria	dammit, this is driving me nuts, I have two identical servers	19:31
Symmetria	if I direct ALL dns queries to one of them, it seems to peak out at 4k queries/second	19:31
Symmetria	if I direct them all to the other it does 800 / second	19:32
Symmetria	configs are identical	19:32
theblazehen	Symmetria: Would you be fine with sharing the IPs?	19:32
Symmetria	theblazehen yeah try and do recursive queries against 41.216.125.179	19:34
Symmetria	thats the problem server	19:34
theblazehen	Symmetria: All configs, or just the dns server?	19:37
Symmetria	theblaze will send you configs in a second	19:39
Symmetria	just waiting to see something first (I just modified something on one of the servers)	19:39
theblazehen	sure	19:39
theblazehen	Symmetria: What's the other server?	19:44
Symmetria	try recurse3-zw-anycast.liquidtelecom.net	19:46
Symmetria	recurse1 is the problem one	19:46
Symmetria	3 is ok	19:46
Symmetria	recurse1-za-anycast quite happily handles SHITLOADS of queries per second	19:47
Symmetria	am waiting for the cacti polling to show me latest stats	19:47
theblazehen	Where are you testing from?	19:48
Symmetria	heh, both local to the servers and outside, but what I'm really looking at is the queries per second before I start seeing them top out where i'm cacti graphing	19:49
theblazehen	Symmetria: Could it be a network issue? They go through different routes	19:50
Symmetria	no, they are both ESXI servers, on the same ESXI platform, just different (yet identical) blades, so same network interface	19:50
Symmetria	Im wondering if its not some operating system setting with regards to buffers or something	19:52
theblazehen	And this is from a fresh deployment? As in wipe both, and let confg management do its thing?	19:52
theblazehen	What does sysctl -a say?	19:52
theblazehen	Maybe diff those	19:53
Symmetria	just did, and sysctl's are now identical, still doeesnt seem to have helped ponders	19:54
Symmetria	(btw, just as a note, these servers form a part of the largest african recursive anycast in existence)	19:55
Symmetria	basically, they are the zimbabwe nodes of 5.11.11.5 and 5.11.11.11 (africas equiv. of 8.8.8.8 / 4.2.2.2)	19:55
theblazehen	Nice. And running bind from what I can see?	19:55
theblazehen	awesome	19:55
Symmetria	yeah they are running bind	19:56
theblazehen	And all the others seem to run around 4k/s as well?	19:57
Symmetria	yeah, something aint right on the linux box though, looking at the packets per second through the interface, the RX PPS is about half (which I expect if I'm handling a lot less queries), but the TX is a fraction, like, 10% of the other	19:59
Symmetria	so something is bottlenecking the UDP outbound	19:59
theblazehen	Hmm	19:59
theblazehen	I wonder, try iperf maybe?	20:00
theblazehen	See if it's a PPS or bandwidth issue	20:00
Kilos	night all. sleep tight	20:00
theblazehen	cheers Kilos	20:00
theblazehen	Updating network configuration over ssh is always fun	20:01
theblazehen	More so if the remote management tool sometimes (for large values of sometimes) drops keystrokes	20:02
Symmetria	LOL, I generally write a new network config file on a third party platform and then copy it onto the system and either reboot or go in via console to apply it	20:04
theblazehen	Yeah, well, console is kind of not a possibility here..	20:05
theblazehen	Hosting company got bought out, and can't log in at new company	20:06
theblazehen	But I had old link to customer portal that didn't redirect me to new company	20:06
theblazehen	So I can turn it off and on again remotely	20:06
theblazehen	That's about it	20:07
Symmetria	heh buyouts are always interesting	20:10
Symmetria	though in my case I'm generally the guy that goes into the companies we just bought and integrate/change/restructure etc on the networking side	20:11
theblazehen	Cool	20:11
Symmetria	lol our next project is going to be very very interesting	20:11
Symmetria	heh next project - neotel ;p	20:12
theblazehen	fun	20:12
theblazehen	Looks like it's all going in a bash script then..	20:15
theblazehen	Well. It looks like I'm the type of guy that uses uses regex to extract info from anything (Seriously. I'm writing a smtp relay (not esmtp), using sed. And parsing notification emails with a regex and python), uses chattr +i when I don't want the file to be modified the right way, and uses bash scripts when there isn't a nice way to do something the right way	20:20
Symmetria	LOL	20:21
Symmetria	I do a lot of bash scripting shit as well	20:21
theblazehen	Unless someone knows how to bring up an openvpn bridge in /etc/network/interfaces, and then have a bridge to that defined?	20:21
theblazehen	Or can I use the openvpn tap device as a bridge directly? I don't think so	20:22
Symmetria	ARGHHHHH I think I found the problem and if I'm right Im gonna shoot myself in the head for being an idiot	20:23
Symmetria	heh, I don't know openvpn sadly, so can't comment	20:24
theblazehen	Symmetria: Don't worry. I spent around 10 hours easy this weak to track down a single line of code in a module that I wasn't even looking in even though I should have..	20:24
theblazehen	week*	20:24
Symmetria	haha holy shit, that made a difference ;p	20:25
Symmetria	I had fucked up something on the DNS rate limiting on recurse1	20:25
theblazehen	Ah..	20:25
theblazehen	Why are you rate limiting?	20:26
theblazehen	Also, I'm sure you have, but if not, the cloudflare blog has some really interesting stuff on dns	20:26
theblazehen	have read it*	20:27
Symmetria	heh, we exempt all on net	20:27
Symmetria	and rate limit off net to a specific number of queries per second	20:28
theblazehen	Ah. Yeah, makes sense	20:28
Symmetria	to avoid people using the servers for recursion attacks	20:28
theblazehen	_all_ on net?	20:28
Symmetria	basically, we limit to 255 queries a second for offnet stuff - which is still pretty bloody high	20:28
theblazehen	So say, if a customer hasn't paid for their account	20:29
theblazehen	sometimes the isp will redirect to a landing page etc	20:29
theblazehen	Can they still query dns?	20:29
Symmetria	doesnt matter, rate limits on the DNS on these recursors are PURELY based on ip subnets	20:29
Symmetria	its basically an ip tables list of aggregated subnets that are a straight pass through, and then a connection tracking rule to limit everything else	20:29
theblazehen	sure. I'm just thinking if people on the inside can run dns tunneling?	20:30
theblazehen	eg. iodine	20:30
Symmetria	lol, they probably could but if they are that desperate shrug	20:30
theblazehen	It's faster than you'd think actually	20:31
theblazehen	And might be faster if you use a kind of parallel implementation	20:31
theblazehen	Or use a closer host	20:32
theblazehen	Or increase the window size I guess	20:32
Symmetria	heh yeah but we would see it, very fast	20:32
Symmetria	iodine uses specific query types	20:32
Symmetria	and we graph every server in terms of queries per second and in terms of number of queries per second of each TYPE of query	20:33
theblazehen	Yeah, but you can tell it to use A, AAAA etc too. But, by numbers, sure	20:33
Symmetria	yeah, but to get DECENT throughput, you'd still need to be doing thousands of queries a second	20:33
Symmetria	and thats gonna show up	20:34
Symmetria	and the other thing that would break it - and this is interesting, is the anycast	20:34
Symmetria	because when you send the queries to the normal anycast addresses	20:34
Symmetria	you can't guarantee WHICH server the query will end up as	20:34
theblazehen	yeah. Just saying that it might not be the query type that's gonna tip you off, but it'll definitely throw up red flags	20:34
Symmetria	that will break state tracking which is a requirement for TCP	20:34
Symmetria	heh, the whole DNS cluster, is made up of 14 seperate servers at the moment	20:35
Symmetria	and its about to go to 18	20:35
theblazehen	Would it break it? Iodine supports tracking connections on an identifier, and has sequence numbers etc	20:36
theblazehen	Cool	20:36
Symmetria	theblazehen, keep in mind, if you're doing TCP	20:36
theblazehen	I mean, with a single dns server there isn't any connection either if you're tunneling	20:36
Symmetria	you need to keep the connection properly orientated to a specific server	20:36
Symmetria	because TCP has to be able to syn/ack to specific addresses	20:36
theblazehen	Yeah, but this isn't running TCP itself	20:37
Symmetria	and here is the other trick involved, if you hit server 1	20:37
Symmetria	yeah but hold on	20:37
theblazehen	It's just doing dns queries to NS you specify	20:37
Symmetria	if you hit server 1 server 1's QUERY address	20:37
theblazehen	Which is then running the vpn	20:37
Symmetria	is NOT the address it goes and establishes connections from	20:37
theblazehen	Ah wait	20:37
Symmetria	and server 2 has a different query address	20:37
Symmetria	etc	20:37
theblazehen	You're No nevermind	20:37
Symmetria	and the server will have to maintain TCP state for a TCP connection to work	20:37
Symmetria	so this breaks that :)	20:37
theblazehen	Yeah, but the tcp doesn't have anything to do with the dns	20:38
theblazehen	Since you connect to the vpn server over dns, which then does the actual connections	20:38
Symmetria	yeah but the backend does, because you query the DNS, it sends packets and effectively "tunnnels" tcp	20:38
Symmetria	and if all the syn/ack packets are coming from different servers and different ips	20:38
Symmetria	it will break	20:38
Symmetria	mmmm	20:39
Symmetria	I'd need to test it	20:39
theblazehen	But all the syn/acks will be going to your vpn	20:39
Symmetria	heh, I'll do a throughput test and see what happens on it	20:39
theblazehen	Well, even if it works at all..	20:39
Symmetria	if I can get 10mbit through it, I'd be suprised :)	20:39
theblazehen	Do you restrict query sizes?	20:39
Symmetria	and if I can't get more than 10mbit lol, I wouldnt really care :)	20:39
theblazehen	for outside networks I mean	20:39
Symmetria	yes there are limits, would need to check what I set them to	20:40
theblazehen	well, I got 500 kbit, with unmodified iodine client, to a server in USA (270ms)	20:40
theblazehen	That's going through a proper dns server, not going direct	20:40
Symmetria	heheh 500kbit wouldnt really register in our traffic terms	20:40
theblazehen	And it wasn't optimal because of the small window size (of iodine, NOT TCP). COuld go faster with that increased probably	20:41
Symmetria	I start worrying about people abusing bandwidth when they start hitting 100mbit+	20:41
Symmetria	(and thats on a per client basis)	20:41
theblazehen	heh	20:42
Symmetria	LOL, lemme show you something quick	20:42
theblazehen	I can do up to 993 byte dns requests on cell c dns servers	20:42
theblazehen	which then gets base64'd, reducing that a bit	20:43
SEptic	sheesh, you guys are in to some pretty serious stuff :)	20:43
Symmetria	so, coupla notes about this	20:43
Symmetria	firstly, my upload speed is FAR better than this will show, but the window sizes on the wmem aren't optimised	20:44
Symmetria	for the latency	20:44
Symmetria	secondly, on the download speed, whats limiting me here is the interface on the mweb speed test server	20:44
Symmetria	iptables -A INPUT -p udp --dport 53 -m state --state NEW -m recent --set --name DNSQF --rsource	20:44
Symmetria	iptables -A INPUT -p udp --dport 53 -m state --state NEW -m recent --update --seconds 1 --hitcount 255 --name DNSQF --rsource -j DROP	20:44
Symmetria	ooops	20:44
Symmetria	http://www.speedtest.net/result/5531549486.png	20:44
Symmetria	there	20:44
Symmetria	;p	20:44
Symmetria	thats me testing from my house in Nairobi to mweb in South Africa	20:45
Symmetria	:P and doing that, is still only using 5% of the bandwidth into my house	20:45
Symmetria	now you know why I aint worried about 500kbit :)	20:46
theblazehen	nice..	20:46
Symmetria	heh, basically, my house has 2 x 10G links into it	20:46
theblazehen	And here I am about to pay R600 or so extra per month to increase my upload from 1 mbit to 2 mbit..	20:46
Symmetria	and my desktop and server both have 10G links into them	20:46
theblazehen	Nice	20:46
theblazehen	Ethernet?	20:46
Symmetria	Fiber	20:47
Symmetria	but yeah Ethernet encap	20:47
theblazehen	Cool. Yeah, heard FC is cheaper	20:47
Symmetria	heh, and I have the advantage of the fact that unlike normal clients, who go through normal client infrastructure	20:47
Symmetria	I dont, I plug straight into the backbone routers	20:47
theblazehen	Awesome	20:48
Symmetria	heh, Im dying to get my hands into Neotel's network though and see how I can optimize it	20:48
Symmetria	few months away :)	20:48
theblazehen	Nice.	20:48
Symmetria	we've completed the purchase (you might have seen the media announcing we bought em)	20:49
* theblazehen always tries to optimize stuff too..		20:49
theblazehen	Hmm, didn't really look at news much	20:49
Symmetria	heh vodacom tried to buy em, they failed	20:49
Symmetria	Liquid succeeded :)	20:49
theblazehen	Cool	20:49
Symmetria	(I head up network strategy for Liquid Telecommunications at group level)	20:50
theblazehen	cool	20:50
Symmetria	heh we're involved in some fun stuff at the moment though, wheeeee we're building our own submarine cable	20:51
Symmetria	and capacity wise, lol, it makes seacom look tiny	20:51
theblazehen	Must be fun..	20:52
=== pavlushka_ is now known as Guest47235
Symmetria	lol yeah, but stressful and complicated :)	20:53
theblazehen	Ever break something big?	20:53
Symmetria	LOL, it happens occasioally :P	20:54
Symmetria	its not often, but like anyone who works at the level I do, we've all made our mistakes	20:54
Symmetria	most of them BGP based ;p	20:54
=== Guest47235 is now known as pavlushka
theblazehen	yeah	20:55
Symmetria	lol, though one of my team made a chronic fuckup at 4am this morning that resulted in me getting very panicky phone calls a few minutes later	20:55
theblazehen	Ouch :/	20:55
Symmetria	:P he accidently nuked the wrong config and took out enough customers to wipe out 7gigs of bandwidth usage	20:56
Symmetria	I had it back online 10 minutes later but haha man, what a fuckup	20:56
theblazehen	My funnest time I ended up sleeping around 6 hours spread over 4-5 days :(	20:56
theblazehen	wow	20:56
Symmetria	thats the biggest problem working with huge networks and massive routers, type the wrong thing, and you can do SERIOUS damage with a single command	20:56
theblazehen	Yeah. Or config management stuff too	20:57
theblazehen	You saw that stackoverflow post, that ended up being an advertisement?	20:57
Symmetria	lol I mean, on certain routers, a single command can take out 6 MILLION peoples net access via their phones	20:57
Symmetria	kinda scary :p	20:57
Symmetria	heh, nah?	20:57
kulelu88	did Symmetria just say he is donating the Zim DNS servers for me to build my botnet?	20:58
theblazehen	http://meta.serverfault.com/questions/8696/what-to-do-with-the-rm-rf-hoax-question	20:58
Symmetria	heh kule I wouldnt suggest you trying something like that :)	20:59
Symmetria	if you know a bit about me, lol, I play nasty with people who try that haha	20:59
Symmetria	haha oh I saw that a while back theblaze	21:00
Symmetria	btw, theblaze, with regards to 10G stuff and ethernet vs FC	21:02
Symmetria	FC only really works for storage stuff	21:02
Symmetria	the other thing about 10G, copper 10G on CAT6 is relatively cheap	21:02
Symmetria	its when you go fiber that the price starts climbing, and particularly if you go from multi-mode to single-mode	21:02
kulelu88	Symmetria: you won't find me, I am running my Tor network via Peru via Ethiopia :D	21:03
Symmetria	because the cost of the optic is where the money is at :)	21:03
kulelu88	Symmetria: how much will it cost for FTTH if you don't live far from wholesale fibre?	21:03
Symmetria	kule in ZA?	21:04
theblazehen	Symmetria: ah	21:04
kulelu88	yeah	21:04
Symmetria	not sure yet :) ask me in 6 or 8 months once we complete the Neotel stuff	21:04
Symmetria	I can tell you what we're selling in KE at :P	21:04
theblazehen	kulelu88: Well, kinda useless to mention those locations. That's kinda the point of an onion network, no?	21:04
Symmetria	100mbit uncapped with 4:1 contention is selling for around R2k a month	21:04
kulelu88	theblazehen: what if that was a doozi?	21:05
kulelu88	uncapped is a word that needs to die	21:05
Symmetria	lol kule, question, how long you need in the hacking scene in ZA?	21:05
kulelu88	I'm not a hacker, i'm a skript kittie ;P	21:05
Symmetria	lol for how long :)	21:05
Symmetria	the reason Im asking is because haha I wanna see if you may recognise something	21:06
=== Symmetria is now known as Vortexia
* Vortexia eyes you		21:06
Vortexia	lol, god its been more than a decade since I last used this nic ;p	21:06
=== Vortexia is now known as Symmetria
kulelu88	if you can find my IP via IRC then u haz haxxed me	21:06
theblazehen	kulelu88: Is that a challenge?	21:07
kulelu88	;'D	21:07
Symmetria	:P dammit	21:09
Symmetria	stupid irc client died	21:09
kulelu88	I sent you my USERINFO :D	21:10
=== Symmetria is now known as SymmTest
Symmetria	kule, grab that quick, I wanna test speed to you	21:11
kulelu88	you wanna traceroute me <3	21:12
SymmTest	errr	21:12
SymmTest	no, I wanna test a file transfer speed	21:12
SymmTest	;p	21:12
kulelu88	so you work for liquid telecom :D	21:14
theblazehen	SymmTest: dcc? ;)	21:14
SymmTest	heh kule I head up network strategy for them	21:14
SymmTest	globally	21:14
SymmTest	theblaze yes grin	21:14
kulelu88	Liquid telecom were looking for a data scientist / corporate-jockey to crunch their data	21:15
SymmTest	what data?	21:15
kulelu88	I saw the link pointing at pnet or some other shitty job portal and sighed	21:15
SymmTest	mmmm got a link?	21:16
kulelu88	must be another case of "we have data, lets do data analysis on it"	21:16
kulelu88	how many CTCPs are you guys going to send me? :D	21:16
SymmTest	heh kule would need a lot more details to figure out what they were actually looking for	21:17
SymmTest	we do some... rather interesting things :)	21:17
kulelu88	are you guys wholesale?	21:17
SymmTest	kule LOL, we're... a bit of everything	21:17
SymmTest	we own the largest fiber network on the african continent	21:17
kulelu88	wait wait... I know the answer to this	21:17
kulelu88	"corporate IT solutions, telecoms and services provider"	21:18
SymmTest	we do everything from wholesale to retail to voice switching to transaction processing	21:18
SymmTest	nah, wrong answer :P	21:18
kulelu88	theblazehen: are you still sending me CTCPs?	21:18
SymmTest	do don't go near corporate IT solutions as such	21:18
SymmTest	heh kule Liquid is part Telco, part ISP in reality	21:19
theblazehen	kulelu88: Yup. So, you're exiting through a bot in your botnet then?	21:19
theblazehen	Sure	21:19
theblazehen	looks like it	21:19
theblazehen	high latency	21:19
theblazehen	Node in france	21:20
kulelu88	theblazehen: how do I request your CTCP?	21:20
theblazehen	kulelu88: What you don't know wont hurt you :)	21:21
SymmTest	heh, I kinda miss my days on the darkside	21:21
SymmTest	its been far 2 long since I had the time or motivation to sit and write exploits	21:22
* theblazehen wishes that I had continued with that a bit		21:22
theblazehen	Was never more than a skiddie myself	21:22
theblazehen	But still	21:22
SymmTest	lol, I wrote the first ever exploit against the cisco pix firewalls back in the 90s	21:22
SymmTest	that was fun	21:22
theblazehen	Well, I found something decent recently	21:22
SymmTest	it reset all the state tables	21:22
theblazehen	But I did the whole "responsible disclosure" thing...	21:22
SymmTest	we used to sit on irc and kick everyone off who was behind pix firewalls for amusement ;p	21:22
theblazehen	nice	21:22
SymmTest	by resetting their state tables and killing all their tcp connections	21:23
SymmTest	heh, was actually a really simple exploit, their checking of source and destination and sequencing on RST packets was chronic	21:23
kulelu88	corporate corner-cutting	21:23
SymmTest	so the right spoofed RST packets and you could nuke state entries, cycle through port numbers and you could kill anything	21:23
theblazehen	Cool	21:24
SymmTest	(that stil works against severael state based firewalls out there)	21:24
SymmTest	heh, almost all the exploits and stuff I wrote though were network based - attacking the network stack was always more interesting than attacking systems for me	21:25
kulelu88	why you 2 hour behind? theblazehen	21:25
SymmTest	because there is sooooo much you can do and its actually relatively unexplored territory	21:25
kulelu88	layer3? SymmTest	21:25
theblazehen	kulelu88: C'mon, you can't figure it out? :)	21:25
SymmTest	LOL, I've written some pretty fucking nasty code to test ipv6 problems	21:25
SymmTest	kule heh, I've done attacks at layer 3, layer 4 and even layer 2	21:26
theblazehen	Layer 8?	21:26
SymmTest	layer 3 tends to have more attack vectors	21:26
SymmTest	LOL, theblaze I'm pretty good at layer 9 attacks ;p	21:26
SymmTest	politics is fun ;p	21:26
kulelu88	I only do layer1 attacks	21:27
theblazehen	kulelu88: Really? ...	21:27
SymmTest	lol, so you go vandalize physical infrastructure?	21:27
SymmTest	are you by any chance an EFF member?	21:28
SymmTest	;p	21:28
* SymmTest snickers		21:28
=== SymmTest is now known as Symmetria
kulelu88	when I protest and kick a dustbin down, layer1 attack ;P	21:28
kulelu88	Symmetria: what layer does attacking actual PC-hardware fall under? layer1 also?	21:30
Symmetria	heh, its not part of the network stack so it doesnt have a classification	21:30
Symmetria	;p	21:30
theblazehen	Yeah, you said it in better words Symmetria	21:30
kulelu88	oh so that doesn't fall within the network. noted	21:31
Symmetria	heh Layer 1 = Physical (Fiber Cables, Network Cards, CAT5/6 etc)	21:32
Symmetria	Layer 2 = the network layer (vlan related shit, arp, etc)	21:32
Symmetria	Layer 2.5 = MPLS	21:32
Symmetria	Layer 3 = IP layer	21:32
Symmetria	Layer 4 = now you're into shit like TCP/UDP etc	21:33
Symmetria	and so it goes until you hit Layer 7 which is basically applications	21:33
Symmetria	(this isn't technically the OSI model which is slightly more extensive)	21:33
kulelu88	layer5 and 6 get no love	21:34
paddatrapper	Maaz: Tell Kilos I've forked Ibid to IbidNext on Launchpad: https://code.launchpad.net/~krobbertze/ibidnext/+git/ibidnext	21:38
Maaz	paddatrapper: Got it, I'll tell Kilos on freenode	21:38
paddatrapper	Maaz: tell Kilos Overview: https://launchpad.net/ibidnext	21:39
Maaz	paddatrapper: Okay, I'll tell Kilos on freenode	21:39
superfly	Ugh git	21:42
theblazehen	kulelu88: https://linx.home.theblazehen.com/kulelu.pcap boom	21:47
kulelu88	that's a link to trap me :D clever	21:48
theblazehen	What? Me? Never...	21:48
paddatrapper	superfly: Mainly because I still need to learn bzr :) And I am not doing that tonight. Though with the pain that is launchpad's git I think I may have to learn it quickly before anyone actually looks at the repo :)	21:50
kulelu88	somebody visit theblazehen link for me :D	21:52
pavlushka	kulelu88: the pcap size is only 524 kB, :)	21:56
kulelu88	what's the contents? pavlushka	21:57
pavlushka	kulelu88: I may have to run wireshark for that which I will not, :p	21:58
superfly	paddatrapper: I've never used git with Launchpad, and I know Launchpad was written for bzr	22:00
theblazehen	Ah what the hell. Off to bed, kulelu88: 196.210.166.192 do your worst	22:02
kulelu88	:D	22:03
kulelu88	theblazehen: I'm looking at you right now through your webcam :O	22:03
theblazehen	You got the wrong person.	22:04
theblazehen	I don't have a webcam	22:04
kulelu88	it's your CCTV :D	22:04
theblazehen	Don't have that either	22:04
kulelu88	i thought you going to bed :D	22:08
theblazehen	Right. Wanna continue tomorrow?	22:08
Symmetria	heh	22:12
Symmetria	I'm throwing a HUGE load test	22:12
Symmetria	at my DNS servers now	22:12
Symmetria	for the next 10 minutes	22:12
paddatrapper	superfly: Well it is now bzr based. Easier than I thought to transition	22:31
qwebirc47668	Morning	23:54

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!