[05:02] <magespawn> good morning
[05:34] <superfly> good morning magespawn
[05:34] <superfly> wow, chesedo, your IRC client is having fun
[06:00] <paddatrapper> Morning magespawn, superfly
[06:00] <superfly> hey paddatrapper
[06:01] <paddatrapper> How goes it superfly? 
[06:02] <superfly> paddatrapper: full of hate right now, to be honest. too many things that don't work and cost me money that I don't have.
[06:02] <superfly> and I can rant and rage, but it's not going to change anything.
[06:02] <superfly> Department of Home Affairs. Need I say more?
[06:05] <paddatrapper> Say no more. I perfectly understand your rage... 
[06:21] <andrewlsd> superfly: "despite all my rage, Home Affairs is still taking and age"  [rat in a cage]
[06:22] <superfly> andrewlsd: no, they're nopt taking an age, they're outsourcing their visa stuff to a company that has no clue on the requirements for visas, so that I get a rejection 2 years later because of said company's incompetence
[06:56] <andrewlsd> yip. ... and at your expense.
[07:14] <ra1v3n> Good morning
[07:16] <andrewlsd> hi ra1v3n
[07:17] <ra1v3n> Hello andrewlsd 
[07:30] <Sicelo> superfly: you need visa to be in SA?
[07:31] <ra1v3n> Depends on your country of origin
[07:32] <Sicelo> of course .. that's why i'm asking
[07:32]  * Sicelo thought superfly was SA citizen
[07:32] <superfly> Sicelo: I am, but my wife isn't
[07:34] <Sicelo> ah .. i'm also non-South African, and  completely agree that the VFS system is just a mess :(
[07:35] <Sicelo> and the hectic fees they have, omg!
[07:42] <superfly> Sicelo: exactly. and because my wife is married to a South African, we don't have to pay Home Affairs' fees. Now we're getting slapped with VFS's fees when we would not normally pay, and we never asked for VFS in the first palce
[07:42] <superfly> *place
[08:16] <Kilos> hi superfly inetpro paddatrapper magespawn Langjan MaNI and all others
[08:16] <Kilos> what happened Langjan 
[08:16] <superfly> evening Kilos
[08:17] <Kilos> you broke it
[08:18] <paddatrapper> Hey Kilos
[08:46] <Langjan> Hi Kilos het jy lekker gerus?
[08:57] <Kilos> ai!
[09:11] <Langjan> Chasing sheep Kilos? 
[09:15] <Kilos> i was
[09:15] <Kilos> hehe
[09:16] <Kilos> actually moving hay / lucerne mix where they can get to it
[09:16] <Kilos> Langjan so tell what you broke man
[09:19] <Langjan> Hi Kilos vertel my eers of je lekker geslaap het en uitgerus is vir die nuwe uitdagings wat my brekasies bied?
[09:19] <Langjan> jy
[09:20] <Kilos> man ek het geslaap
[09:20] <Langjan> Uitgerus?
[09:20] <Kilos> lekker warm in die bed , wou nie opstaan nie
[09:20] <Langjan> Ek het so gesien...lmga!
[09:20] <Kilos> haha
[09:21] <Kilos> was 7 uur wakker maar was te koud om op te sit of staan
[09:21] <Langjan> ai, was net onder 7° hier, nie te sleg nie
[09:21] <Kilos> now tell me what i need to start thinking about
[09:22] <Kilos> ryp hier weer
[09:23] <Langjan> Ok, I decided to use the other HDD with Zorin installed because its IDE and I want to get it to a stgae where I can get my onconverted friend to sit down and do everything that he does on windopz 
[09:23] <Langjan> stage
[09:23] <Kilos> ok
[09:24] <Langjan> Its running nicely, just had to sort the jumpers out first
[09:24] <Langjan> so have a spare 160 GB HDD
[09:25] <Langjan> I upgraded his ram from 1,5 to 2 GB in trade for the HDD
[09:25] <Kilos> ok
[09:25] <Langjan> Another Q
[09:26] <Kilos> ?
[09:26] <Langjan> I have a 5,7 GB folder named Systemback, dunno where it came from, want to delete it
[09:26] <Kilos> systemback is that tool for making an iso of your running system
[09:27] <Langjan> Its not a tool, its a folder
[09:27] <Kilos> yes man but the tool makes folders when you run it so it knows what you have going there
[09:28] <Langjan> Contents look the same as /home except my documents and pics are not there
[09:28] <Kilos> you ran system back before right?
[09:28] <ra1v3n> make it into an Iso burn to dvd ... then clear the backup
[09:28] <ra1v3n> simples
[09:28] <ra1v3n> ^^
[09:29] <Langjan> Cant remember if I did
[09:29] <Kilos> too big for dvd
[09:29] <Langjan> thks ra1v3n 
[09:29] <Kilos> you cant have a systemback folder unless you ran it
[09:30] <Langjan> ok then I ran it, do I need it?
[09:30] <Kilos> well
[09:30] <Kilos> debatable
[09:30] <Langjan> well 
[09:30] <Langjan> lets debate
[09:30] <Kilos> did you make a stick with the iso on
[09:30] <ra1v3n> Langjan, you can clear the system back folder from within system back
[09:31] <ra1v3n> I never include playonlinux etc. you can exclude certain folders
[09:31] <Langjan> Kilos, you mean an iso of the systemback? No
[09:32] <ra1v3n> back those up separately 
[09:32] <Kilos> that was the whole idea of running it Langjan 
[09:32] <Langjan> I always back up my file and pic and email folders separately 
[09:32] <Kilos> if you feel you dont need it you can aptitude purge systemback
[09:32] <ra1v3n> if your system is running perfectly and you want a backup .... clear the systemback and create a new one 
[09:33] <Langjan> OK that makes sense thks ra1v3n 
[09:33] <Kilos> listen to ra1v3n 
[09:33] <ra1v3n> what I do Is I create a new user with full priveledges (so that I get a clean homefolder)
[09:33] <ra1v3n> then run systemback from inside that user 
[09:33] <ra1v3n> then once done I write to dvd
[09:34] <ra1v3n> destroy the temporary user
[09:34] <ra1v3n> clear the systemback folder
[09:34] <ra1v3n> back up all your aps with aptoncd
[09:35] <Langjan> sounds complicated but worth doing 
[09:35] <Langjan> what about vbox?
[09:35] <ra1v3n> then write that to a dvd aswell (make sure you select dvd image NOT cd)
[09:36] <ra1v3n> then back up the excluded folder like your WINE and Playonlinux and all your doccies and pics
[09:36] <ra1v3n> then if the shite does hit the fan you can recover quickly
[09:36] <Langjan> will vbox also run after backup
[09:36] <ra1v3n> yes its complicated but it makes life easier after a crash
[09:36] <ra1v3n> virtualbox?
[09:36] <Langjan> dont use wine and playonlinux
[09:37] <ra1v3n> In what way?
[09:37] <Langjan> yes
[09:37] <ra1v3n> the virtualbox app itself will be backed up
[09:37] <ra1v3n> but I suggest you backup your vbox appliances seperately
[09:38] <ra1v3n> this is why I create a dummy user .... clean homefolder no fluff like masive vbox appliances
[09:38] <Langjan> By appliances do you mean the Win xp os running there?
[09:38] <ra1v3n> yes
[09:39] <Kilos> and so the truth comes out
[09:39] <ra1v3n> on the HDD the will be a folder called Win Xp etc ... it will contain the virtual HDD and associated files
[09:39] <Kilos> hidden xp 
[09:39] <ra1v3n> LOL Kilos
[09:39] <Kilos> sigh
[09:40] <ra1v3n> Within the menu tab of Vbox you can select to backup this applaiance and vbox will create a single compressed bundled file similar to a tarball  
[09:40] <Langjan> OK I will give it a go and see how far I can get before knocking on your door  
[09:41] <ra1v3n> take that and write it to a backup dvd or place it on another HDD 
[09:41] <ra1v3n> google if you get stuck .... tons of tutorials on all of these online
[09:41] <Langjan> OK many thks
[09:41] <ra1v3n> I normally do this all as soon as I have my setup installed and everything is working
[09:42] <Kilos> i made a systemback flash disk and installed from it and asll pics and everything same on desktop as on lappy
[09:42] <ra1v3n> 'm here often aswell if you need help
[09:42] <ra1v3n> yeah systemback is awesome especially if you need to clone a system in a hurry
[09:43] <Langjan> Many thanks ra1v3n, will do 
[09:43] <Kilos> hidden xp
[09:43] <Kilos> now youve ruined a friendship
[09:43] <ra1v3n> I make the Dummy User so that I'm working from a clean homefolder 
[09:43] <Kilos> think up an excuse quickly
[09:44] <ra1v3n> because after a few weeks of working your homefolder will never fit on a dvd
[09:44] <Kilos> hi exupboy welcome to ubuntu-za
[09:45] <Kilos> dvds are old fashioned things
[09:45] <Kilos> flash sicks come in many sizes
[09:45] <Langjan> So thats my story for the day Kilos  - nothing broke. Fortunately I'm not using kde, lmga!
[09:46] <Kilos> sticks/disks
[09:46] <Langjan> drives?
[09:46] <Kilos> haha so cheeky this bally
[09:46] <Kilos> ja man memory sticks
[09:46] <Kilos> flash disks
[09:46] <Langjan> 'cause I know I can outrun you
[09:46] <Kilos> flash drives 
[09:47] <Kilos> usb memory modules
[09:47] <Langjan> flash drives, usb sticks, stiffies, whatchamacallits
[09:48] <Kilos> and you must remember the turmeric stuff Langjan the you wont find things you have no idea how or where they came from
[09:48] <Langjan> katottertjies
[09:48] <exupboy> Hi There, thanks
[09:48] <Langjan> We chat again when youre pushing 74 Kilos 
[09:49] <Kilos> nono you wont be around
[09:49] <Langjan> I will, dunno about you
[09:49] <Kilos> chat now before you forget who i am
[09:49] <Langjan> lmga1
[09:49] <Kilos> hee hee
[09:49] <Langjan> !
[09:50] <Langjan> Ok im gonna log off and practice some systemrestore
[09:50] <Kilos> enjoy
[09:50] <Langjan> where do I find the dam thing?
[09:50] <Kilos> what
[09:51] <Kilos> luckily you head is glued on
[09:51] <Langjan> system restore - and my computer!
[09:51] <magespawn> in the dam things place, where else
[09:51] <Kilos> lol
[09:51] <Langjan> if its in the dam its broken, not waterproof. Hi magespawn how are you keeping?
[09:52] <magespawn> good and you Langjan ?
[09:53] <Langjan> fine thks
[09:53] <Langjan> just battling a bit with the laatslapers
[09:53] <Kilos> hahaha
[09:53] <Langjan> see the guilty conscience?
[09:53] <Kilos> hehehehe
[09:53] <Langjan> lmga
[09:54] <Langjan> glad youre honest my friend, thats why I like you so much
[09:54] <Kilos> oh only because of my honestly
[09:54] <Langjan> even if you keep nagging 
[09:54] <Kilos> honesty
[09:54] <Kilos> haha
[09:55] <Kilos> those with blocked ears need nagging
[09:55] <Langjan> now youre fishing for compliments...
[09:55] <Kilos> oh
[09:55] <Langjan> how many you want?
[09:55] <Kilos> and those with bad memories
[09:55] <Kilos> i dont need compliments ty sir
[09:55] <Langjan> I have 8 Gb 
[09:56] <Langjan> Arrogant young man!
[09:56] <Kilos> that will make a good backup iso
[09:56] <Langjan> on my RAM?
[09:56] <Kilos> i have systemback iso on an 8g stick as well
[09:57] <Langjan> Can see you chase too many rams and ewes around
[09:57] <Kilos> what are you talking about
[09:57] <Kilos> you have 8g ram
[09:58] <Langjan> maybe its 4, I forgot
[09:58] <Langjan> lmga
[09:58] <Kilos> hahaha
[09:58] <Langjan> jy moet mooi bly en die dag geniet
[09:59] <Kilos> i have found the best time to help peeps that need nagging is when they are in the bath
[09:59] <Kilos> make them wash their ears well so they can hear properly
[09:59] <Langjan> good idea, will tell my caregiver
[10:00] <Kilos> lol
[10:00] <Langjan> bye for now
[10:00] <Kilos> cheers Langjan have a good day sir
[10:01] <Langjan> You too thks Kilos 
[10:01] <chesedo> superfly: i'm suspecting bad internet
[10:01] <chesedo> afternoon all btw...
[10:01] <Kilos> hi chesedo 
[10:02] <andrewlsd> Fun reading: http://www.eweek.com/security/black-hat-do-usb-keys-left-in-parking-lots-get-picked-up.html
[10:10] <ra1v3n> Never under any circumstances insert a USB key that you don't own or haven't just removed from its packaging after purchase
[10:30] <andrewlsd> ^ yip
[10:50] <magespawn> but why, could be so much of fun
[11:17] <Kilos> whats a usb key? a thing you open car doors with?
[11:17] <ra1v3n> Im back
[11:18] <ra1v3n> usb key, stick, drive flashdrive
[11:18] <ra1v3n> same thing
[11:19] <Kilos> why would they be left lying around in parking lots
[11:19] <Kilos> i go read that link
[11:19] <ra1v3n> lol
[11:22] <Kilos> too much to read
[11:25] <ra1v3n> lol
[11:28] <andrewlsd> Kilos: TL;DR : make USB with malicious software / firmware.  "lose" them at strategic points. Wait for users to insert USB dongles into their computers. Profit from the pwnage.
[11:34] <Kilos> ah
[11:35] <Kilos> even linux pcs?
[11:35] <ra1v3n> yes
[11:35] <Kilos> oh my
[11:35] <ra1v3n> there are some rootkits that can easily infect a linux box
[11:36] <ra1v3n> and there are certain virii that are at the firmware level 
[11:40] <andrewlsd> +1 ra1v3n
[11:40] <andrewlsd> nothing like physical access to bypass many layers of security
[11:41] <ra1v3n> oh yeah 
[11:41] <ra1v3n> bare metal access
[11:51] <ra1v3n> later all 
[11:51] <ra1v3n> ciao 4 now 
[11:51] <andrewlsd> ciao
[12:32] <andrewlsd> Have a good afternoon everyone :-)
[12:34] <Kilos> hehe
[12:34] <Kilos> you too andrewlsd 
[12:35] <Kilos> dunno how you did that
[12:35] <magespawn> go to go out chat later
[12:35] <Kilos> Have a good afternoon everyone 
[12:35] <Kilos> go well magespawn 
[13:02] <andrewlsd> enjoy the weekend everyone
[14:01] <ra1v3n> Hello again all
[14:02] <Kilos> hi ra1v3n 
[14:04] <ra1v3n> Hello kilos
[15:07] <pavlushka> can anyone tell me which part is the driver code here, https://github.com/lwfinger/rtlwifi_new/pull/74/files ?
[15:07] <pavlushka> and Greetings ZA!
[15:54] <ra1v3n> I'm Back!
[16:02] <kulelu88> theblazehen: you around?
[16:54] <pavlushka> can anyone tell me which part is the driver code here, https://github.com/lwfinger/rtlwifi_new/pull/74/files ?
[16:55] <Kilos> pavlushka ask that at #ubuntu as well
[16:55] <pavlushka> Kilos: copy
[16:56] <Kilos> no one knows who is doing what here on friday evening
[16:56] <ra1v3n> pavlushka, there is no driver code there
[16:58] <pavlushka> ra1v3n: in the result of "lspci | grep Wireless"
[16:59] <ra1v3n> the code is at the beginning of the output
[17:00] <ra1v3n> then just follow the instructions
[17:01] <ra1v3n> should be in this format: 00.00.0 (Unless I'm mistaken)
[17:01] <pavlushka> ra1v3n: you mean something like "01:00.0" ?
[17:01] <ra1v3n> yep
[17:01] <pavlushka> ra1v3n: thanks :)
[17:02] <ra1v3n> give it a go 
[17:02] <ra1v3n> your'e welcome ^^
[17:04] <ra1v3n> let me know how you do
[17:26] <theblazehen> kulelu88: what's up?
[18:03] <ra1v3n> Hello pavlushka did you win?
[18:09] <pavlushka> ra1v3n: its on someone else's pc, will confirm you after getting the result, :)
[18:10] <ra1v3n> kewl
[18:10] <ra1v3n> kewl
[18:17] <ra1v3n> Goodnight guys have a good one
[18:20] <magespawn> chat later all
[18:41] <Kilos> hi SEptic inetpro superfly 
[18:41] <SEptic> evening ... *tips hat*
[19:07] <Symmetria> mmmmm
[19:07] <Symmetria> anyone here run their own DNS recusors?
[19:10] <SEptic> pft, silly kdewallt
[19:10] <SEptic> kdewallet
[19:10] <Kilos> lol
[19:11] <SEptic> beautifully engineered concept of software... it's finding the start button thats the problem :P
[19:12] <SEptic> i think it's just being a bit of a woman with 16.04, but sure it'll get fixed up as we go
[19:13] <SEptic> got my office colleagues to wipe windows and come over to the dark-side
[19:13] <Kilos> cool
[19:14] <superfly> SEptic: there's a cunning trick with KWallet, if you don't mind the security aspects of it too much. Just set your password to be blank, and it no longer prompts for your password.
[19:15] <SEptic> i did try that cunning plan me Lord, it did work for a couple reboots
[19:16] <SEptic> i'm having issues with it not opening wallets, not even prompting to open them
[19:16] <SEptic> if i create a new wallet and do things then its 100%
[19:17] <SEptic> but after a couple boots it just doesn't prompt to open the wallet at all
[19:17] <SEptic> if i gooi the wallet manager and click "open", then my laptop just sits and stares blankly at me
[19:18] <SEptic> i am new to the wallet-y thing though
[19:18] <superfly> I last saw KWallet ages ago. if it is in use, I am not seeing it.
[19:19] <superfly> I no longer use KMail for my e-mail, so that's probably also why.
[19:19] <SEptic> haha, yea, i tried disabling completely, but then have to enter wifi passwords everytime i connect
[19:30] <pavlushka__> hehe, theblazehen ping
[19:30] <pavlushka__> now I am a quassel dude, yo
[19:31] <theblazehen> pavlushka__:  nice :)
[19:31] <Kilos> haha
[19:31] <Symmetria> dammit, this is driving me nuts, I have two identical servers
[19:31] <Symmetria> if I direct ALL dns queries to one of them, it seems to peak out at 4k queries/second
[19:32] <Symmetria> if I direct them all to the other it does 800 / second
[19:32] <Symmetria> configs are identical
[19:32] <theblazehen> Symmetria: Would you be fine with sharing the IPs?
[19:34] <Symmetria> theblazehen yeah try and do recursive queries against 41.216.125.179
[19:34] <Symmetria> thats the problem server
[19:37] <theblazehen> Symmetria: All configs, or just the dns server?
[19:39] <Symmetria> theblaze will send you configs in a second
[19:39] <Symmetria> just waiting to see something first (I just modified something on one of the servers)
[19:39] <theblazehen> sure
[19:44] <theblazehen> Symmetria: What's the other server?
[19:46] <Symmetria> try recurse3-zw-anycast.liquidtelecom.net 
[19:46] <Symmetria> recurse1 is the problem one
[19:46] <Symmetria> 3 is ok 
[19:47] <Symmetria> recurse1-za-anycast quite happily handles *SHITLOADS* of queries per second
[19:47] <Symmetria> am waiting for the cacti polling to show me latest stats
[19:48] <theblazehen> Where are you testing from?
[19:49] <Symmetria> heh, both local to the servers and outside, but what I'm really looking at is the queries per second before I start seeing them top out where i'm cacti graphing
[19:50] <theblazehen> Symmetria: Could it be a network issue? They go through different routes
[19:50] <Symmetria> no, they are both ESXI servers, on the same ESXI platform, just different (yet identical) blades, so same network interface 
[19:52] <Symmetria> Im wondering if its not some operating system setting with regards to buffers or something
[19:52] <theblazehen> And this is from a fresh deployment? As in wipe both, and let confg management do its thing?
[19:52] <theblazehen> What does sysctl -a say?
[19:53] <theblazehen> Maybe diff those
[19:54] <Symmetria> just did, and sysctl's are now identical, still doeesnt seem to have helped *ponders*
[19:55] <Symmetria> (btw, just as a note, these servers form a part of the largest african recursive anycast in existence)
[19:55] <Symmetria> basically, they are the zimbabwe nodes of 5.11.11.5 and 5.11.11.11 (africas equiv. of 8.8.8.8 / 4.2.2.2)
[19:55] <theblazehen> Nice. And running bind from what I can see?
[19:55] <theblazehen> awesome
[19:56] <Symmetria> yeah they are running bind 
[19:57] <theblazehen> And all the others seem to run around 4k/s as well?
[19:59] <Symmetria> yeah, something aint right on the linux box though, looking at the packets per second through the interface, the RX PPS is about half (which I expect if I'm handling a lot less queries), but the TX is a fraction, like, 10% of the other
[19:59] <Symmetria> so something is bottlenecking the UDP outbound
[19:59] <theblazehen> Hmm
[20:00] <theblazehen> I wonder, try iperf maybe?
[20:00] <theblazehen> See if it's a PPS or bandwidth issue
[20:00] <Kilos> night all. sleep tight
[20:00] <theblazehen> cheers Kilos
[20:01] <theblazehen> Updating network configuration over ssh is always fun
[20:02] <theblazehen> More so if the remote management tool sometimes (for large values of sometimes) drops keystrokes
[20:04] <Symmetria> LOL, I generally write a new network config file on a third party platform and then copy it onto the system and either reboot or go in via console to apply it
[20:05] <theblazehen> Yeah, well, console is kind of not a possibility here..
[20:06] <theblazehen> Hosting company got bought out, and can't log in at new company
[20:06] <theblazehen> But I had old link to customer portal that didn't redirect me to new company
[20:06] <theblazehen> So I can turn it off and on again remotely
[20:07] <theblazehen> That's about it
[20:10] <Symmetria> heh buyouts are always interesting
[20:11] <Symmetria> though in my case I'm generally the guy that goes into the companies we just bought and integrate/change/restructure etc on the networking side
[20:11] <theblazehen> Cool
[20:11] <Symmetria> lol our next project is going to be very very interesting 
[20:12] <Symmetria> heh next project - neotel ;p
[20:12] <theblazehen> fun
[20:15] <theblazehen> Looks like it's all going in a bash script then..
[20:20] <theblazehen> Well. It looks like I'm the type of guy that uses uses regex to extract info from anything (Seriously. I'm writing a smtp relay (*not* esmtp), using sed. And parsing notification emails with a regex and python), uses chattr +i when I don't want the file to be modified the right way, and uses bash scripts when there isn't a nice way to do something the right way
[20:21] <Symmetria> LOL
[20:21] <Symmetria> I do a lot of bash scripting shit as well
[20:21] <theblazehen> Unless someone knows how to bring up an openvpn bridge in /etc/network/interfaces, and then have a bridge to that defined?
[20:22] <theblazehen> Or can I use the openvpn tap device as a bridge directly? I don't *think* so
[20:23] <Symmetria> ARGHHHHH I think I found the problem and if I'm right Im gonna shoot myself in the head for being an idiot
[20:24] <Symmetria> heh, I don't know openvpn sadly, so can't comment
[20:24] <theblazehen> Symmetria: Don't worry. I spent around 10 hours easy this weak to track down a single line of code in a module that I wasn't even looking in even though I should have..
[20:24] <theblazehen> week*
[20:25] <Symmetria> haha holy shit, that made a difference ;p
[20:25] <Symmetria> I had fucked up something on the DNS rate limiting on recurse1
[20:25] <theblazehen> Ah..
[20:26] <theblazehen> Why are you rate limiting?
[20:26] <theblazehen> Also, I'm sure you have, but if not, the cloudflare blog has some really interesting stuff on dns
[20:27] <theblazehen> have read it*
[20:27] <Symmetria> heh, we exempt all on net
[20:28] <Symmetria> and rate limit off net to a specific number of queries per second
[20:28] <theblazehen> Ah. Yeah, makes sense
[20:28] <Symmetria> to avoid people using the servers for recursion attacks
[20:28] <theblazehen> _all_ on net?
[20:28] <Symmetria> basically, we limit to 255 queries a second for offnet stuff - which is still pretty bloody high
[20:29] <theblazehen> So say, if a customer hasn't paid for their account
[20:29] <theblazehen> sometimes the isp will redirect to a landing page etc
[20:29] <theblazehen> Can they still query dns?
[20:29] <Symmetria> doesnt matter, rate limits on the DNS on these recursors are PURELY based on ip subnets
[20:29] <Symmetria> its basically an ip tables list of aggregated subnets that are a straight pass through, and then a connection tracking rule to limit everything else
[20:30] <theblazehen> sure. I'm just thinking if people on the inside can run dns tunneling?
[20:30] <theblazehen> eg. iodine 
[20:30] <Symmetria> lol, they probably could but if they are that desperate *shrug* 
[20:31] <theblazehen> It's faster than you'd think actually
[20:31] <theblazehen> And might be faster if you use a kind of parallel implementation
[20:32] <theblazehen> Or use a closer host
[20:32] <theblazehen> Or increase the window size I guess
[20:32] <Symmetria> heh yeah but we would see it, very fast
[20:32] <Symmetria> iodine uses specific query types 
[20:33] <Symmetria> and we graph every server in terms of queries per second and in terms of number of queries per second of each TYPE of query
[20:33] <theblazehen> Yeah, but you can tell it to use A, AAAA etc too. But, by numbers, sure
[20:33] <Symmetria> yeah, but to get DECENT throughput, you'd still need to be doing thousands of queries a second 
[20:34] <Symmetria> and thats gonna show up
[20:34] <Symmetria> and the other thing that would break it - and this is interesting, is the anycast 
[20:34] <Symmetria> because when you send the queries to the normal anycast addresses
[20:34] <Symmetria> you can't guarantee WHICH server the query will end up as
[20:34] <theblazehen> yeah. Just saying that it might not be the query *type* that's gonna tip you off, but it'll definitely throw up red flags
[20:34] <Symmetria> that will break state tracking which is a requirement for TCP
[20:35] <Symmetria> heh, the whole DNS cluster, is made up of 14 seperate servers at the moment
[20:35] <Symmetria> and its about to go to 18 
[20:36] <theblazehen> Would it break it? Iodine supports tracking connections on an identifier, and has sequence numbers etc
[20:36] <theblazehen> Cool
[20:36] <Symmetria> theblazehen, keep in mind, if you're doing TCP
[20:36] <theblazehen> I mean, with a single dns server there isn't any connection either if you're tunneling
[20:36] <Symmetria> you need to keep the connection properly orientated to a specific server
[20:36] <Symmetria> because TCP has to be able to syn/ack to specific addresses
[20:37] <theblazehen> Yeah, but this isn't running TCP itself
[20:37] <Symmetria> and here is the other trick involved, if you hit server 1
[20:37] <Symmetria> yeah but hold on
[20:37] <theblazehen> It's just doing dns queries to NS you specify
[20:37] <Symmetria> if you hit server 1 server 1's QUERY address
[20:37] <theblazehen> Which is then running the vpn
[20:37] <Symmetria> is NOT the address it goes and establishes connections from
[20:37] <theblazehen> Ah wait
[20:37] <Symmetria> and server 2 has a different query address
[20:37] <Symmetria> etc
[20:37] <theblazehen> You're No nevermind
[20:37] <Symmetria> and the server will have to maintain TCP state for a TCP connection to work
[20:37] <Symmetria> so this breaks that :)
[20:38] <theblazehen> Yeah, but the tcp doesn't have anything to do with the dns
[20:38] <theblazehen> Since you connect to the vpn server over dns, which then does the actual connections
[20:38] <Symmetria> yeah but the backend does, because you query the DNS, it sends packets and effectively "tunnnels" tcp
[20:38] <Symmetria> and if all the syn/ack packets are coming from different servers and different ips
[20:38] <Symmetria> it will break 
[20:39] <Symmetria> mmmm
[20:39] <Symmetria> I'd need to test it
[20:39] <theblazehen> But all the syn/acks will be going to your vpn
[20:39] <Symmetria> heh, I'll do a throughput test and see what happens on it
[20:39] <theblazehen> Well, even if it works at all..
[20:39] <Symmetria> if I can get 10mbit through it, I'd be suprised :) 
[20:39] <theblazehen> Do you restrict query sizes?
[20:39] <Symmetria> and if I can't get more than 10mbit lol, I wouldnt really care :)
[20:39] <theblazehen> for outside networks I mean
[20:40] <Symmetria> yes there are limits, would need to check what I set them to
[20:40] <theblazehen> well, I got 500 kbit, with unmodified iodine client, to a server in USA (270ms)
[20:40] <theblazehen> That's going through a proper dns server, not going direct
[20:40] <Symmetria> heheh 500kbit wouldnt really register in our traffic terms
[20:41] <theblazehen> And it wasn't optimal because of the small window size (of iodine, NOT TCP). COuld go faster with that increased probably
[20:41] <Symmetria> I start worrying about people abusing bandwidth when they start hitting 100mbit+ 
[20:41] <Symmetria> (and thats on a per client basis)
[20:42] <theblazehen> heh
[20:42] <Symmetria> LOL, lemme show you something quick
[20:42] <theblazehen> I can do up to 993 byte dns requests on cell c dns servers
[20:43] <theblazehen> which then gets base64'd, reducing that a bit
[20:43] <SEptic> sheesh, you guys are in to some pretty serious stuff :)
[20:43] <Symmetria> so, coupla notes about this
[20:44] <Symmetria> firstly, my upload speed is FAR better than this will show, but the window sizes on the wmem aren't optimised
[20:44] <Symmetria> for the latency
[20:44] <Symmetria> secondly, on the download speed, whats limiting me here is the interface on the mweb speed test server
[20:44] <Symmetria> iptables -A INPUT -p udp --dport 53 -m state --state NEW -m recent --set --name DNSQF --rsource
[20:44] <Symmetria> iptables -A INPUT -p udp --dport 53 -m state --state NEW -m recent --update --seconds 1 --hitcount 255 --name DNSQF --rsource -j DROP
[20:44] <Symmetria> ooops
[20:44] <Symmetria> http://www.speedtest.net/result/5531549486.png
[20:44] <Symmetria> there 
[20:44] <Symmetria> ;p
[20:45] <Symmetria> thats me testing from my house in Nairobi to mweb in South Africa 
[20:45] <Symmetria> :P and doing that, is still only using 5% of the bandwidth into my house 
[20:46] <Symmetria> now you know why I aint worried about 500kbit :)
[20:46] <theblazehen> nice..
[20:46] <Symmetria> heh, basically, my house has 2 x 10G links into it
[20:46] <theblazehen> And here I am about to pay R600 or so extra per month to increase my upload from 1 mbit to 2 mbit..
[20:46] <Symmetria> and my desktop and server both have 10G links into them
[20:46] <theblazehen> Nice
[20:46] <theblazehen> Ethernet?
[20:47] <Symmetria> Fiber 
[20:47] <Symmetria> but yeah Ethernet encap
[20:47] <theblazehen> Cool. Yeah, heard FC is cheaper
[20:47] <Symmetria> heh, and I have the advantage of the fact that unlike normal clients, who go through normal client infrastructure
[20:47] <Symmetria> I dont, I plug straight into the backbone routers
[20:48] <theblazehen> Awesome
[20:48] <Symmetria> heh, Im dying to get my hands into Neotel's network though and see how I can optimize it 
[20:48] <Symmetria> few months away :)
[20:48] <theblazehen> Nice. 
[20:49] <Symmetria> we've completed the purchase (you might have seen the media announcing we bought em)
[20:49]  * theblazehen always tries to optimize stuff too..
[20:49] <theblazehen> Hmm, didn't really look at news much
[20:49] <Symmetria> heh vodacom tried to buy em, they failed 
[20:49] <Symmetria> Liquid succeeded :)
[20:49] <theblazehen> Cool
[20:50] <Symmetria> (I head up network strategy for Liquid Telecommunications at group level)
[20:50] <theblazehen> cool
[20:51] <Symmetria> heh we're involved in some fun stuff at the moment though, wheeeee we're building our own submarine cable 
[20:51] <Symmetria> and capacity wise, lol, it makes seacom look *tiny*
[20:52] <theblazehen> Must be fun..
[20:53] <Symmetria> lol yeah, but stressful and complicated :)
[20:53] <theblazehen> Ever break something big?
[20:54] <Symmetria> LOL, it happens occasioally :P
[20:54] <Symmetria> its not often, but like anyone who works at the level I do, we've all made our mistakes
[20:54] <Symmetria> most of them BGP based ;p
[20:55] <theblazehen> yeah
[20:55] <Symmetria> lol, though one of my team made a chronic fuckup at 4am this morning that resulted in me getting very panicky phone calls a few minutes later 
[20:55] <theblazehen> Ouch :/
[20:56] <Symmetria> :P he accidently nuked the wrong config and took out enough customers to wipe out 7gigs of bandwidth usage 
[20:56] <Symmetria> I had it back online 10 minutes later but haha man, what a fuckup
[20:56] <theblazehen> My funnest time I ended up sleeping around 6 hours spread over 4-5 days :(
[20:56] <theblazehen> wow
[20:56] <Symmetria> thats the biggest problem working with huge networks and massive routers, type the wrong thing, and you can do *SERIOUS* damage with a single command
[20:57] <theblazehen> Yeah. Or config management stuff too
[20:57] <theblazehen> You saw that stackoverflow post, that ended up being an advertisement?
[20:57] <Symmetria> lol I mean, on certain routers, a single command can take out *6 MILLION* peoples net access via their phones
[20:57] <Symmetria> kinda scary :p
[20:57] <Symmetria> heh, nah?
[20:58] <kulelu88> did Symmetria just say he is donating the Zim DNS servers for me to build my botnet?
[20:58] <theblazehen> http://meta.serverfault.com/questions/8696/what-to-do-with-the-rm-rf-hoax-question
[20:59] <Symmetria> heh kule I wouldnt suggest you trying something like that :)
[20:59] <Symmetria> if you know a bit about me, lol, I play nasty with people who try that haha
[21:00] <Symmetria> haha oh I saw that a while back theblaze
[21:02] <Symmetria> btw, theblaze, with regards to 10G stuff and ethernet vs FC
[21:02] <Symmetria> FC only really works for storage stuff
[21:02] <Symmetria> the other thing about 10G, copper 10G on CAT6 is relatively cheap 
[21:02] <Symmetria> its when you go fiber that the price starts climbing, and particularly if you go from multi-mode to single-mode
[21:03] <kulelu88> Symmetria: you won't find me, I am running my Tor network via Peru via Ethiopia :D
[21:03] <Symmetria> because the cost of the optic is where the money is at :)
[21:03] <kulelu88> Symmetria: how much will it cost for FTTH if you don't live far from wholesale fibre?
[21:04] <Symmetria> kule in ZA?
[21:04] <theblazehen> Symmetria: ah
[21:04] <kulelu88> yeah
[21:04] <Symmetria> not sure yet :) ask me in 6 or 8 months once we complete the Neotel stuff 
[21:04] <Symmetria> I can tell you what we're selling in KE at :P 
[21:04] <theblazehen> kulelu88: Well, kinda useless to mention those locations. That's kinda the point of an onion network, no?
[21:04] <Symmetria> 100mbit uncapped with 4:1 contention is selling for around R2k a month 
[21:05] <kulelu88> theblazehen: what if that was a doozi?
[21:05] <kulelu88> uncapped is a word that needs to die
[21:05] <Symmetria> lol kule, question, how long you need in the hacking scene in ZA?
[21:05] <kulelu88> I'm not a hacker, i'm a skript kittie ;P
[21:05] <Symmetria> lol for how long :)
[21:06] <Symmetria> the reason Im asking is because haha I wanna see if you may recognise something 
[21:06]  * Vortexia eyes you 
[21:06] <Vortexia> lol, god its been more than a decade since I last used this nic ;p
[21:06] <kulelu88> if you can find my IP via IRC then u haz haxxed me
[21:07] <theblazehen> kulelu88: Is that a challenge?
[21:07] <kulelu88> ;'D
[21:09] <Symmetria> :P dammit
[21:09] <Symmetria> stupid irc client died
[21:10] <kulelu88> I sent you my USERINFO :D
[21:11] <Symmetria> kule, grab that quick, I wanna test speed to you
[21:12] <kulelu88> you wanna traceroute me <3
[21:12] <SymmTest> errr 
[21:12] <SymmTest> no, I wanna test a file transfer speed
[21:12] <SymmTest> ;p
[21:14] <kulelu88> so you work for liquid telecom :D
[21:14] <theblazehen> SymmTest: dcc? ;)
[21:14] <SymmTest> heh kule I head up network strategy for them
[21:14] <SymmTest> globally
[21:14] <SymmTest> theblaze yes *grin*
[21:15] <kulelu88> Liquid telecom were looking for a data scientist / corporate-jockey to crunch their data
[21:15] <SymmTest> what data? 
[21:15] <kulelu88> I saw the link pointing at pnet or some other shitty job portal and sighed 
[21:16] <SymmTest> mmmm got a link?
[21:16] <kulelu88> must be another case of "we have data, lets do data analysis on it"
[21:16] <kulelu88> how many CTCPs are you guys going to send me? :D
[21:17] <SymmTest> heh kule would need a lot more details to figure out what they were actually looking for
[21:17] <SymmTest> we do some... rather interesting things :)
[21:17] <kulelu88> are you guys wholesale?
[21:17] <SymmTest> kule LOL, we're... a bit of everything
[21:17] <SymmTest> we own the largest fiber network on the african continent
[21:17] <kulelu88> wait wait... I know the answer to this
[21:18] <kulelu88> "corporate IT solutions, telecoms and services provider"
[21:18] <SymmTest> we do everything from wholesale to retail to voice switching to transaction processing
[21:18] <SymmTest> nah, wrong answer :P
[21:18] <kulelu88> theblazehen: are you still sending me CTCPs?
[21:18] <SymmTest> do don't go near corporate IT solutions as such
[21:19] <SymmTest> heh kule Liquid is part Telco, part ISP in reality
[21:19] <theblazehen> kulelu88: Yup. So, you're exiting through a bot in your botnet then?
[21:19] <theblazehen> Sure
[21:19] <theblazehen> looks like it
[21:19] <theblazehen> high latency
[21:20] <theblazehen> Node in france
[21:20] <kulelu88> theblazehen: how do I request your CTCP?
[21:21] <theblazehen> kulelu88: What you don't know wont hurt you :)
[21:21] <SymmTest> heh, I kinda miss my days on the darkside
[21:22] <SymmTest> its been far 2 long since I had the time or motivation to sit and write exploits 
[21:22]  * theblazehen wishes that I had continued with that a bit
[21:22] <theblazehen> Was never more than a skiddie myself
[21:22] <theblazehen> But still
[21:22] <SymmTest> lol, I wrote the first ever exploit against the cisco pix firewalls back in the 90s
[21:22] <SymmTest> that was fun 
[21:22] <theblazehen> Well, I found something decent recently
[21:22] <SymmTest> it reset all the state tables 
[21:22] <theblazehen> But I did the whole "responsible disclosure" thing...
[21:22] <SymmTest> we used to sit on irc and kick everyone off who was behind pix firewalls for amusement ;p
[21:22] <theblazehen> nice
[21:23] <SymmTest> by resetting their state tables and killing all their tcp connections
[21:23] <SymmTest> heh, was actually a really simple exploit, their checking of source and destination and sequencing on RST packets was chronic
[21:23] <kulelu88> corporate corner-cutting 
[21:23] <SymmTest> so the right spoofed RST packets and you could nuke state entries, cycle through port numbers and you could kill anything
[21:24] <theblazehen> Cool
[21:24] <SymmTest> (that stil works against severael state based firewalls out there)
[21:25] <SymmTest> heh, almost all the exploits and stuff I wrote though were network based - attacking the network stack was always more interesting than attacking systems for me
[21:25] <kulelu88> why you 2 hour behind? theblazehen 
[21:25] <SymmTest> because there is sooooo much you can do and its actually relatively unexplored territory
[21:25] <kulelu88> layer3? SymmTest 
[21:25] <theblazehen> kulelu88: C'mon, you can't figure it out? :)
[21:25] <SymmTest> LOL, I've written some pretty fucking nasty code to test ipv6 problems
[21:26] <SymmTest> kule heh, I've done attacks at layer 3, layer 4 and even layer 2 
[21:26] <theblazehen> Layer 8?
[21:26] <SymmTest> layer 3 tends to have more attack vectors 
[21:26] <SymmTest> LOL, theblaze I'm pretty good at layer 9 attacks ;p
[21:26] <SymmTest> politics is fun ;p
[21:27] <kulelu88> I only do layer1 attacks
[21:27] <theblazehen> kulelu88: Really? ...
[21:27] <SymmTest> lol, so you go vandalize physical infrastructure? 
[21:28] <SymmTest> are you by any chance an EFF member? 
[21:28] <SymmTest> ;p
[21:28]  * SymmTest snickers
[21:28] <kulelu88> when I protest and kick a dustbin down, layer1 attack ;P
[21:30] <kulelu88> Symmetria: what layer does attacking actual PC-hardware fall under? layer1 also?
[21:30] <Symmetria> heh, its not part of the network stack so it doesnt have a classification
[21:30] <Symmetria> ;p
[21:30] <theblazehen> Yeah, you said it in better words Symmetria
[21:31] <kulelu88> oh so that doesn't fall within the network. noted
[21:32] <Symmetria> heh Layer 1 = Physical (Fiber Cables, Network Cards, CAT5/6 etc)
[21:32] <Symmetria> Layer 2 = the network layer (vlan related shit, arp, etc)
[21:32] <Symmetria> Layer 2.5 = MPLS 
[21:32] <Symmetria> Layer 3 = IP layer 
[21:33] <Symmetria> Layer 4 = now you're into shit like TCP/UDP etc 
[21:33] <Symmetria> and so it goes until you hit Layer 7 which is basically applications
[21:33] <Symmetria> (this isn't technically the OSI model which is slightly more extensive)
[21:34] <kulelu88> layer5 and 6 get no love
[21:38] <paddatrapper> Maaz: Tell Kilos I've forked Ibid to IbidNext on Launchpad: https://code.launchpad.net/~krobbertze/ibidnext/+git/ibidnext
[21:38] <Maaz> paddatrapper: Got it, I'll tell Kilos on freenode
[21:39] <paddatrapper> Maaz: tell Kilos Overview: https://launchpad.net/ibidnext
[21:39] <Maaz> paddatrapper: Okay, I'll tell Kilos on freenode
[21:42] <superfly> Ugh git
[21:47] <theblazehen> kulelu88: https://linx.home.theblazehen.com/kulelu.pcap boom
[21:48] <kulelu88> that's a link to trap me :D clever
[21:48] <theblazehen> What? Me? Never...
[21:50] <paddatrapper> superfly: Mainly because I still need to learn bzr :) And I am not doing that tonight. Though with the pain that is launchpad's git I think I may have to learn it quickly before anyone actually looks at the repo :)
[21:52] <kulelu88> somebody visit theblazehen link for me :D
[21:56] <pavlushka> kulelu88: the pcap size is only 524 kB, :)
[21:57] <kulelu88> what's the contents? pavlushka 
[21:58] <pavlushka> kulelu88: I may have to run wireshark for that which I will not, :p
[22:00] <superfly> paddatrapper: I've never used git with Launchpad, and I know Launchpad was written for bzr
[22:02] <theblazehen> Ah what the hell. Off to bed, kulelu88: 196.210.166.192 do your worst
[22:03] <kulelu88> :D
[22:03] <kulelu88> theblazehen: I'm looking at you right now through your webcam :O
[22:04] <theblazehen> You got the wrong person.
[22:04] <theblazehen> I don't have a webcam
[22:04] <kulelu88> it's your CCTV :D
[22:04] <theblazehen> Don't have that either
[22:08] <kulelu88> i thought you going to bed :D
[22:08] <theblazehen> Right. Wanna continue tomorrow?
[22:12] <Symmetria> heh
[22:12] <Symmetria> I'm throwing a HUGE load test 
[22:12] <Symmetria> at my DNS servers now
[22:12] <Symmetria> for the next 10 minutes
[22:31] <paddatrapper> superfly: Well it is now bzr based. Easier than I thought to transition
[23:54] <qwebirc47668> Morning